                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Version 7.22.0 (13 Sep 2011)

Daniel Stenberg (13 Sep 2011)
- RELEASE-NOTES: ready for 7.22.0

- codestyle: minor whitespace fix

- [Jeff Pohlmeyer brought this change]

  polarssl: build with PolarSSL-1.0.0
  
  With this fix, it should work for PolarSSL-1.0.0 (and SVN-1091 trunk)
  and retain compatibility with earlier versions. (Tested with 0.14.1)
  
  PolarSSL still doesn't play nicely with curl's CA bundle (we discussed
  this before) but I was at least able to retrieve the
  https://www.gmail.com/ login page using a modified ca-certificates.crt
  file with all 3 versions of PolarSSL.

- BUGS: spellfixed, slightly reformatted for web looks
  
  Reported by: Jeff Pohlmeyer

Dan Fandrich (12 Sep 2011)
- Document NTLM winbind options (and caveats)

Daniel Stenberg (12 Sep 2011)
- BUGS: renumbered to look better in the web version

- BUGS: revamped bug report documentation

Yang Tse (12 Sep 2011)
- Mention that BSD-style lwIP TCP/IP stack support on Windows is experimental.

- ftp.c: fix socket leak torture tests detected 2011-08-30
  
  Also fix inappropriate error handling when sending ftp EPRT or PORT commands.

Daniel Stenberg (11 Sep 2011)
- TODO: remove 4 entries, add one new
  
  Zero-copy and "Avoid having to remove/readd handles" are not really
  features we think are worthwhile to add. Removed.
  
  SRP features have been added already, removed.
  
  11.9 IPv6 addresses with globbing added

- spell-checked comments

- TODO-RELEASE: postpone the remainders
  
  There's three pending bug fixes but there's no time left so let's
  try to get them fixed for next release...

Guenter Knauf (11 Sep 2011)
- Updated makefiles to latest libssh2.

Yang Tse (10 Sep 2011)
- urlglob.c: fix OOM handling

- ftp.c: fix ftp active connects which got broken with commit fdf157abdf

- runtests.pl: replace TAB with spaces

- test harness: revert needless commit 0a5bbb2ac1
  
  https, ftps and ssh servers allowed start up time back to previous values

- ssh.c: revert needless commit 7b7c45879e

Daniel Stenberg (9 Sep 2011)
- RELEASE-NOTES: synced with 303c90074d4c
  
  Five more bugfixes, one more contributor

- tcpnodelay: rename variable
  
  Renamed the variable from 'proto' to 'level' simply because it is not
  protocol you set but level and that is the name of the argument used in
  man pages and the POSIX documentation of the setsockopt function.

Guenter Knauf (8 Sep 2011)
- Avoid ftruncate() static define with MinGW64.

Yang Tse (8 Sep 2011)
- libssh2: use calloc as alloc function for libssh2 versions older than 1.3
  
  This workarounds old libssh2 versions not properly initializing
  some ssh session variables, which would trigger memory debuggers
  warnings on memory being used without having been initialized.

Daniel Stenberg (8 Sep 2011)
- [Adriano Meirelles brought this change]

  Curl_speedcheck: don't mistakenly clear Curl_expire()
  
  The current version of speedcheck.c may disable timeout by setting zero
  to Curl_expire. Which is fine using the curl_multi_perform, because it
  recheck all timeout internals, but when using custom event poller (like
  hiperfifo.c) it may keep stalle connection forever.

Yang Tse (8 Sep 2011)
- lib582.c: fix segfault triggered when torture testing test case 582

Daniel Stenberg (7 Sep 2011)
- ftp_state_use_port: minor code indent fix

- checksrc: detect "}else" uses as well

- getinmemory.c: use better argument names for write callback

Yang Tse (7 Sep 2011)
- ssh.c: fix memory leaks triggered upon OOM or other failures

- test case 583: ensure that test failures don't go unnoticed - follow-up

- test suite: libtest header inclusion cleanup - follow-up
  
  Adjust tests/libtest/Makefile.inc and remove a couple of unused headers from
  tests/libtest/lib583.c

- test case 583: ensure that test failures don't go unnoticed

- test suite: libtest header inclusion cleanup
  
  Added missing memoryTracking to test cases 560 and 583. If this triggers
  leak detection on these, it only means that previously it was going unnoticed.

- fix bool variables checking and assignment

- pingpong.c: avoid a memmove call in function Curl_pp_vsendf

- fix bool variables checking and assignment

- test suite: use test case specific netrc file names

Guenter Knauf (4 Sep 2011)
- Fixed final message output.

Daniel Stenberg (4 Sep 2011)
- TODO-RELEASE: deleteing five issues due to no response
  
  No feedback and no updates, removing these issues

Yang Tse (4 Sep 2011)
- setup_once.h cleanup and sync

Guenter Knauf (4 Sep 2011)
- Fix to skip untrusted certs.

- Added SPNEGO to MinGW makefiles.

Yang Tse (4 Sep 2011)
- NTLM WB: fix file descriptor leak upon OOM condition

- revert changes not intended to be pushed with commit 6b75d2c2

- fix a bunch of MSVC compiler warnings

Guenter Knauf (3 Sep 2011)
- Updated dependecies versions.

- Some MinGW makefile tweaks for MinGW64.

- Changed MinGW to use own winidn prototypes.

Dan Fandrich (2 Sep 2011)
- Fix NTLM winbind support to pass the torture tests
  
  Calling sclose() both in the child and the parent fools the
  socket leak detector into thinking it's been closed twice.
  Calling close() in the child instead overcomes this problem. It's
  not as portable as the sclose() macro, but this code is highly
  POSIX-specific, anyway.

Yang Tse (2 Sep 2011)
- MemoryTracking: fix logging of free() calls done where Curl_safefree is called
  
  Just internal stuff...
  
  Curl_safefree is now a macro defined in memdebug.h instead of a function
  prototyped in url.h and implemented in url.c, so inclusion of url.h is no
  longer required in order to simply use Curl_safefree.
  
  Provide definition of macro WHILE_FALSE in setup_once.h in order to allow
  other macros such as DEBUGF and DEBUGASSERT, and code using it, to compile
  without 'conditional expression is constant' warnings.
  
  The WHILE_FALSE stuff fixes 150+ MSVC compiler warnings.

- transfer.c: fix parentheses/braces placement for vi/emacs delimiter matching

- transfer.c: fix loadhostpairs() OOM handling

- test harness: https, ftps and ssh servers allowed start up time increased 33%

- hostip.c: return immediately from Curl_resolv_timeout() upon expired timeout.
  
  Ensure existing logic in Curl_resolv_timeout() is not subverted upon getting a
  negative timeout from resolve_server(). The timeout in resolve_server() could
  be checked to avoid calling Curl_resolv_timeout() with an expired timeout, but
  fixing this in this way allows existing logic in resolve_server() to be kept
  unchanged.

- ftp.c: fix some leaks torture tests detected 2011-08-30 - follow-up
  
  follow-up for commit d20408e8

- test harness: fix detection of test harness client knownhosts file
  
  Regenerate curl's tests client knownhosts file also when, somehow,
  this file is empty.

- test harness: fix detection of test harness host and client key files
  
  Regenerate curl's tests host and client key files also when, somehow,
  any of these files are empty.

- ssh.c: fix realloc() OOM handling

- ftp.c: fix some leaks torture tests detected 2011-08-30 - follow-up
  
  follow-up for commit c06de200

- fix some leaks torture tests detected 2011-08-30

- fix some leaks torture tests detected 2011-08-30

Daniel Stenberg (29 Aug 2011)
- RELEASE-NOTES: synced with 3445fa2e3f

Kamil Dudka (29 Aug 2011)
- tests: break busy loops in tests 502, 555, and 573

Yang Tse (29 Aug 2011)
- pingpong.c: fix Curl_pp_vsendf() arbitrary restrictions on command length
  
  This removes command length restrictions on calling functions.

- NTLM: header inclusion cleanup follow-up

- NTLM: header inclusion cleanup

- NTLM: END of refactoring/splitting/moving
  
  First:
  
  File curl_ntlm.h renamed curl_ntlm_msgs.h
  File curl_ntlm.c renamed curl_ntlm_msgs.c
  
  Afterwards:
  
  File http_ntlm.c renamed curl_ntlm.c
  File http_ntlm.h renamed curl_ntlm.h

- NTLM: move NTLM core specifics into curl_ntlm_core.[ch]

- NTLM_WB: move NTLM_WB specifics into curl_ntlm_wb.[ch]

- NTLM_WB: final congruency naming adjustments
  
  Configure script option --enable-wb-ntlm-auth renamed to --enable-ntlm-wb
  Configure script option --disable-wb-ntlm-auth renamed to --disable-ntlm-wb
  
  Preprocessor symbol WINBIND_NTLM_AUTH_ENABLED renamed to NTLM_WB_ENABLED
  Preprocessor symbol WINBIND_NTLM_AUTH_FILE renamed to NTLM_WB_FILE
  
  Test harness env var CURL_NTLM_AUTH renamed to CURL_NTLM_WB_FILE
  
  Static function wb_ntlm_close renamed to ntlm_wb_cleanup
  Static function wb_ntlm_initiate renamed to ntlm_wb_init
  Static function wb_ntlm_response renamed to ntlm_wb_response

- NTLM single-sign on adjustments (XI)
  
  Feature string literal NTLM_SSO renamed to NTLM_WB.
  Preprocessor symbol USE_NTLM_SSO renamed to WINBIND_NTLM_AUTH_ENABLED.
  curl's 'long' option 'ntlm-sso' renamed to 'ntlm-wb'.
  Fix some comments to make clear that this is actually a NTLM delegation.

Daniel Stenberg (26 Aug 2011)
- --cookie-jar: activates the cookie engine

- Curl_read_plain: indent code

Yang Tse (26 Aug 2011)
- NTLM single-sign on adjustments (X)
  
  Functions renamed:
  
  Curl_output_ntlm_sso -> Curl_output_ntlm_wb
  sso_ntlm_close -> wb_ntlm_close
  sso_ntlm_response -> wb_ntlm_response
  sso_ntlm_initiate -> wb_ntlm_initiate
  
  Preprocessor symbols renamed:
  
  CURLAUTH_NTLM_SSO -> CURLAUTH_NTLM_WB
  CURL_VERSION_NTLM_SSO -> CURL_VERSION_NTLM_WB

Daniel Stenberg (25 Aug 2011)
- TODO: progress callback without doubles

Yang Tse (25 Aug 2011)
- [Steve Holme brought this change]

  http NTLM: refactoring followup
  
  Output of Curl_ntlm_create_type1_message() and Curl_ntlm_create_type3_message()
  functions is now already base64 encoded.

Kamil Dudka (24 Aug 2011)
- docs: the next release is going to be 7.22.0

Yang Tse (24 Aug 2011)
- include limits.h for INT_MAX

- add missing semicolons

Daniel Stenberg (24 Aug 2011)
- add missing semicolons

- safefree use: fix compiler warning
  
  include the prototype header

Yang Tse (24 Aug 2011)
- [Steve Holme brought this change]

  SMTP authentication: fix ordering of preferred authentication method
  
  Fixed the order of the preferred SMTP authentication method to:
  AUTH CRAM-MD5, AUTH LOGIN then AUTH PLAIN.
  
  AUTH PLAIN should be the last as it slightly more insecure than AUTH LOGIN
  as the username and password are sent together - there is no handshaking
  between the client and server like there is with AUTH LOGIN.

- base64: fix Curl_base64_encode and Curl_base64_decode interfaces
  
  Previous interfaces for these libcurl internal functions did not allow to tell
  apart a legitimate zero size result from an error condition. These functions
  now return a CURLcode indicating function success or otherwise specific error.
  Output size is returned using a pointer argument.
  
  All usage of these two functions, and others closely related, has been adapted
  to the new interfaces. Relative error and OOM handling adapted or added where
  missing. Unit test 1302 also adapted.

Daniel Stenberg (23 Aug 2011)
- resolve.c: new example showing off CURLOPT_RESOLVE

- externalsocket.c: new example

Yang Tse (22 Aug 2011)
- [Steve Holme brought this change]

  http NTLM: remaining bits from 0001-Moved-ntlm-[...]-curl_ntlm-mod_3.patch
  
  * Added function comments:
      - Curl_ntlm_decode_type2_message
      - Curl_ntlm_create_type1_message
      - Curl_ntlm_create_type3_message
  
  * Modification of ntlm processing state to NTLMSTATE_TYPE2 is now done
    only when Curl_ntlm_decode_type2_message() has fully succeeded.

- runtests.pl: option -gw for single test windowed debugging (where possible)

- zlib: ensure user provided memory functions are used by zlib, when given
  
  As a bonus, this lets our MemoryTracking subsystem track zlib operations.
  And also fixes a shortcut some zlib 1.2.x versions took using malloc()
  instead of calloc(), which would trigger memory debuggers warnings on
  memory being used without having been initialized.

Daniel Stenberg (21 Aug 2011)
- main: fix segfault
  
  Follow-up to commit 5eb2396cd as that wasn't complete.
  
  At times HEADERFUNCTION+HEADERDATA was set only to have only HEADERDATA
  set in the subsequent loop which could cause a NULL to get sent as
  userdata to 'header_callback' which wasn't made to handle that.
  
  Now HEADERFUNCTION is explicitly set to NULL if it isn't set to the
  callback.

Yang Tse (21 Aug 2011)
- MemoryTracking: adjust initialization calling - followup
  
  Fix macro definition

- MemoryTracking: adjust initialization calling
  
  Calling of curl_memdebug() was still done with a pending free()

Daniel Stenberg (19 Aug 2011)
- tcpconnect: follow-up commit after b998d95b
  
  As I modified conn->bits.tcpconnect to become an array that holds one
  bool for each potential connection all uses of that struct field must
  index it correctly.

Yang Tse (19 Aug 2011)
- ssh.c: add PATH_MAX definition for WIN32

Daniel Stenberg (19 Aug 2011)
- connect: set TIMER_CONNECT
  
  When connecting, make sure TIMER_CONNECT is set.

- test573: fix the keywords

- FTP: fix proxy connect race condition
  
  When using the multi interface, a SOCKS proxy, and a connection that
  wouldn't immediately consider itself connected (which my Linux tests do
  by default), libcurl would be tricked into doing _two_ connects to the
  SOCKS proxy when it setup the data connection and then of course the
  second attempt would fail miserably and cause error.
  
  This problem is a regression that was introduced by commit
  4a42e5cdaa344755 that was introduced in the 7.21.7 release.
  
  Bug: http://curl.haxx.se/mail/lib-2011-08/0199.html
  Reported by: Fabian Keil

- Curl_SOCKS4: minor code compression

Yang Tse (18 Aug 2011)
- zlib: enforce full initialization of our data space z_stream structs

Daniel Stenberg (17 Aug 2011)
- VC makefiles: fixed variable name mistake

Yang Tse (17 Aug 2011)
- MemoryTracking: adjust curl_domalloc() and curl_dofree() memory filling
  
  Until 2011-08-17 libcurl's Memory Tracking feature also performed
  automatic malloc and free filling operations using 0xA5 and 0x13
  values. Our own preinitialization of dynamically allocated memory
  might be useful when not using third party memory debuggers, but
  on the other hand this would fool memory debuggers into thinking
  that all dynamically allocated memory is properly initialized.
  
  As a default setting, libcurl's Memory Tracking feature no longer
  performs preinitialization of dynamically allocated memory on its
  own. If you know what you are doing, and really want to retain old
  behavior, you can achieve this compiling with preprocessor symbols
  CURL_MT_MALLOC_FILL and CURL_MT_FREE_FILL defined with appropriate
  values.

- MemoryTracking: make curl_docalloc() call calloc() avoiding our zero fill

Daniel Stenberg (15 Aug 2011)
- MSVC makefiles: provide SSH build targets
  
  "release-ssl-ssh2-zlib" and "debug-ssl-ssh2-zlib" are two new makefile
  targets that build libcurl with MSVC and link with libssh2
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3388920
  Reported by: "kdekker"

- test572: fixed
  
  Two problems were fixed:
  
  GET_PARAMETER responses that have no body must be 204 response or
  properly set length to 0.
  
  One of the <data> sections had the wrong content-length for its
  GET_PARAMETER response.
  
  Enabled test 572 again.

- Curl_pgrsStartNow: clear all flags but HIDE
  
  As bug 3385258 pointed out but I missed up the fix for. This is another
  take at a fix.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3392101
  Reported by: Wu Yongzheng

Yang Tse (15 Aug 2011)
- unittests: disable unit tests for some autobuild configurations
  
  IRIX 6.5.24 gcc 3.3 autobuilds fail unittests library compilation due to a
  problem related with OpenSSL headers and library versions not matching.
  
  All AIX autobuilds fails unit tests linking against unittests library due to
  unittests library being built with no symbols or members. Libtool ?

Kamil Dudka (15 Aug 2011)
- nss: start with no database if the selected database is broken
  
  Bug: https://bugzilla.redhat.com/728562

Yang Tse (15 Aug 2011)
- http NTLM: reinstate "nssg.h" "curl_sspi.h" header inclusions

- tests: disable #572

Daniel Stenberg (14 Aug 2011)
- TODO-RELEASE: synced
  
  Added comments to some remaining issues

- telnet: allow programatic use on Windows
  
  Summary of the issue can be found at:
  http://curl.haxx.se/mail/lib-2010-04/0367.html
  
  That patch only updated the unix sockets code - the winsock code was not
  updated and no longer works the same was as the unix code. This change
  updates the windows code accordingly.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3163118

- TODO-RELEASE: fixed issue #291
  
  291 - bug 3383692 "GET PARAMETER request and body in response"

Yang Tse (14 Aug 2011)
- http NTLM: reinstate "memdebug.h" header inclusion
  
  Inclusion of header "memdebug.h" in http_ntlm.c got lost in commit 98fb0ef7.

Daniel Stenberg (14 Aug 2011)
- RTSP: GET_PARAMETER requests have a body
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3383692

- Curl_output_ntlm: remove unused variable

Yang Tse (14 Aug 2011)
- http NTLM: add curl_ntlm.c to Symbian's libcurl.mmp

- http NTLM: fix 8 compiler warnings
  
  Strict splitting of http_ntlm.[ch] may trigger 8 compiler warnings when
  building with some compilers and strict compiler warnings enabled, depending
  on other specific configuration options some could get triggered or not.
  
  Seven are related with 'unused function parameters' and another one with
  'var may be used before its value is set'.

- http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch]
  
  For modularity purposes, huge chunks of NTLM existing code is transformed into
  functions to allow future internal code reuse.
  
  Resulting three new libcurl private functions:
  
   - Curl_ntlm_create_type1_message()
   - Curl_ntlm_create_type3_message()
   - Curl_ntlm_decode_type2_message()
  
  Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup()
  
  This 'refactoring' has been prepared by previous commits to allow that this
  specific one does not introduce any change to existing code. All existing
  goodness and badness previous to this commit should remain the same once it is
  applied, the only difference should be that existing code is moved into
  functions.
  
  Given the quite big portions of code being moved around, and the importance of
  change traceability, this commit has been done in such a way that it is
  possible to perform a three-way diff from initial http_ntlm.[ch] to resulting
  http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change
  is introduced here.
  
  Notice that Steve Holme has provided several patches, but these included this
  refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring
  done first, in order to allow discussion or committing of 'extra' fixes on a
  case by case basis, so, I had to bite the bullet ;-)
  
  Comments, line adjustments, compiler warning fixes, whatever, may follow
  afterwards.

- http_negotiate_sspi.c: fix compiler warning
  
  warning C4706: assignment within conditional expression

- http NTLM: change return type of Curl_input_ntlm() to CURLcode
  
  Remove CURLntlm enum, no longer required.

Daniel Stenberg (13 Aug 2011)
- RELEASE-NOTES: synced with a30ede868ab64
  
  Three more bugs fixed, three more contributors mentioned

- VC6 makefiles: added embedded documentation
  
  Just a note about the fact that all VC[6/8/9/10] makefiles are generated
  from the VC6 one as source.

- cmake: find winsock when building on windows
  
  When building on Windows, with CMake and mingw, curl fails to compile
  because the CMake build system is not properly looking for the Winsock
  libraries
  
  Patch by: Pau Garcia i Quiles
  Bug: http://curl.haxx.se/bug/view.cgi?id=3389231

- Curl_retry_request: check return code!
  
  Curl_readrewind() was called without checking its return code, which
  could lead to badness.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3349227

- ignore rtsp

Yang Tse (13 Aug 2011)
- http NTLM: update NTLM type-* message structure descriptions - followup

Daniel Stenberg (12 Aug 2011)
- docs: --delegation

- added --delegation
  
  Using this option with an argument being set to one of
  none/policy/always instructs libcurl how to deal with GSS
  credentials. Or rather how it tells the server that delegation is fine
  or not.

Yang Tse (12 Aug 2011)
- http NTLM: fix inclusion of curl_ntlm.h

- http NTLM: update NTLM message structure notes

- [Steve Holme brought this change]

  http NTLM: move portions of http_ntlm.h into new curl_ntlm.h

- http NTLM: more adjustments in preparation of code refactoring
  
  Use preprocessor symbol NTLM_BUFSIZE to define private NTLM buffer fixed size.
  
  Use a SessionHandle 'data' pointer variable to ease refactoring.
  
  Update NTLM type-* message structure descriptions.
  
  Fix some more spacing and typos (Steve Holme).

Daniel Stenberg (11 Aug 2011)
- curl_easy_cleanup: clarify the callback situation

Yang Tse (11 Aug 2011)
- http NTLM: fix compiler warning

- [Steve Holme brought this change]

  http NTLM: Tidied up more inconsistent spacing.
  
  Moved NTLMSSP_SIGNATURE, HOSTNAME_MAX, SHORTPAIR and LONGQUARTET definitions in ready for move to curl_ntlm.c.
  
  Used separate variables for Windows SSPI and native code to ease moving of code to curl_ntlm.c.
  
  Fixed typographical erros where SPPI should be SSPI.
  
  Fixed compilation warnings on 64-bit builds when calling Windows SSPI functions.

Daniel Stenberg (10 Aug 2011)
- rtsp.c: converted to C
  
  Trimmed the newlines to be LF-only. Converted the source to plain C, to
  use curl style indents, to compile warning-free with picky options and
  fixed the minor fprintf() bug on line 245. Added to makefile.

- [Jim Hollinger brought this change]

  rtsp.c: new example
  
  Code from
  http://code.google.com/p/rtsprequest/source/browse/trunk/rtsprequest.cpp

- TODO: remove curl_formpost in a future version
  
  15.8 remove 'curl_httppost' from public

Yang Tse (9 Aug 2011)
- http NTLM: Further tiding up to libcurl standards

- [Steve Holme brought this change]

  http NTLM: Tidied up http_ntlm prior to splitting the ntlm specific code

Daniel Stenberg (9 Aug 2011)
- TODO-RELEASE: issue #289 is fixed
  
  289 - bug 3349227 "secure attribute in cookie does not work with equals sign"

- cookie parser: handle 'secure='
  
  There are two keywords in cookie headers that don't follow the regular
  name=value style: secure and httponly. Still we must support that they
  are written like 'secure=' and then treat them as if they were written
  'secure'. Test case 31 was much extended by Rob Ward to test this.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3349227
  Reported by: "gnombat"

- curl.h: mark deprecated CURLOPT_ options on same line
  
  This is to aid easier machine parsing and to make sure nobody who reads
  these header lines can miss the info.

- RELEASE-NOTES: recounted and updated some numbers

- proxy protocol docs: rephrased and updated

- RELEASE-NOTES: synced with 45d883d88df7
  
  Mention 5 bugixes and 1 change more

- CURLFORM_BUFFER: insert filename as documented
  
  A regression where CURLFORM_BUFFER stopped to properly insert the file
  name part in the formpart. Bug introduced in commit f851f768578dc096.
  
  Added CURLFORM_BUFFER use to test 554 to verify this.
  
  Bug: http://curl.haxx.se/mail/lib-2011-07/0176.html
  Reported by: Henry Ludemann

Yang Tse (8 Aug 2011)
- curl-compilers.m4: serial number bump

- curl-compilers.m4: CURL_CONVERT_INCLUDE_TO_ISYSTEM adjustments:
  
  Add CURL_CHECK_COMPILER as a requirement.
  
  Ensure macro does nothing unless GNU_C or CLANG compiler is used.
  
  This should allow usage of this macro in unforeseen placements.

Daniel Stenberg (8 Aug 2011)
- SOCKS: fix the connect timeout
  
  The connect timeout logic when using SOCKS was done wrong
  
  Bug: http://curl.haxx.se/mail/lib-2011-07/0177.html
  Reported by: "Spoon Man"

- ftp_doing: bail out on error properly
  
  When a failure has been detected we must abort immdiately.
  
  Bug: http://curl.haxx.se/mail/lib-2011-07/0177.html
  Reported by: "Spoon Man"

- s/7.21.8/7.22.0

- version bump: next release is 7.22.0

- VERSIONS: clarify our versioning concept
  
  Drop the pre-release part from this text as we don't use that in
  practise since many years.
  
  Update the phrasing to reflect our more strict interpretation:
  http://curl.haxx.se/mail/lib-2011-08/0064.html

- [Cristian Rodríguez brought this change]

  OpenSSL: Use SSL_MODE_RELEASE_BUFFERS if available, reduces memory use
  
  See also :
  http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html
  http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html
  
  Signed-off-by: Cristian Rodríguez <crrodriguez@opensuse.org>

- TODO-RELEASE: close issue #292
  
  Fixed:
  292 - bug 3385258 "Addendum to 3370895"
  
  Basically brushing up commit 27b8814017a19

- Curl_pgrsStartNow: clear all bits except HIDE
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3385258
  Reported by: Ben Winslow

- readwrite_data: improved C-E decoding error message

Yang Tse (7 Aug 2011)
- BSD-style lwIP TCP/IP stack support - followup
  
  lwIP library initialization.

- NTLM single-sign on adjustments (IX)
  
  Use swrite/sread instead of write/read to avoid SIGPIPE

- config-win32.h: comments adjustments

Daniel Stenberg (6 Aug 2011)
- TODO-RELEASE: committed issue #304
  
  304 - "Async-DNS-resolve-thread gets started even when a dotted IP is
        provided" by Christian H<E4>gele
        http://curl.haxx.se/mail/lib-2011-08/0009.html

- [Christian Hägele brought this change]

  asyn-thread: check for dotted addresses before thread starts

- TODO-RELEASE: Add #307 two issues by "Spoon Man"

Yang Tse (5 Aug 2011)
- checksrc.pl: add quotes to var

- keep a single copy of config-win32.h in version control repository - followup
  
  Allow configure builds to generate src/config-win32.h
  
  Skip checksrc on src/config-win32.h contents already checked at lib/config-win32.h
  
  Allow multiple -W in checksrc.pl

- BSD-style lwIP TCP/IP stack support - docs/INSTALL blurb

- BSD-style lwIP TCP/IP stack support - followup

- git ignore src/config-win32.h

- keep a single copy of config-win32.h in version control repository.
  
  maketgz and buildconf.bat updated to reflect this.

Daniel Stenberg (5 Aug 2011)
- RELEASE-NOTES: synced with afe88d85f40e1

- test710: verify that --proxy socks5://hostname works

- create_conn: mark non-HTTP proxies accordingly
  
  A proxy could be marked 'httpproxy' wrongly before if set with an
  environment variable or with the CURLOPT_PROXY option with a socks*://
  prefix or similar.
  
  Added test 710 to verify
  
  Bug: http://curl.haxx.se/mail/lib-2011-07/0194.html

- test709: HTTP GET via SOCKS5 set in environment

- TODO-RELEASE: issue #293 is done
  
  Fixed:
  293 - from http://bugzilla.redhat.com/723075 "curl segfaults"

- segfault fixed
  
  When using both -J and a single -O with multiple URLs, a missing init
  could cause badness.
  
  Bug: http://curl.haxx.se/mail/lib-2011-07/0126.html and
       http://bugzilla.redhat.com/723075
  Reported by: Paul Howarth and Garrett Holmstrom

- test1313: test content-disposition with uneven quotes

- parse_filename: deal with escaped quotes

Yang Tse (4 Aug 2011)
- BSD-style lwIP TCP/IP stack support:
  
  Allow compilation of libcurl and curl using BSD-style lwIP on Win32.
  
  In order to compile libcurl and curl with this support it is necessary
  to edit files lib/config-win32.h and src/config-win32.h and uncomment
  a line to make definition of preprocessor symbol USE_LWIPSOCK visible.
  
  Afterwards you can compile as usual.
  
  In order to use compiled library with BSD-style lwIP TCP/IP stack in
  your program it is mandatory that you include lwIP header file <lwip/opt.h>
  before including <curl/curl.h> or <curl/multi.h>
  
  Compilation has been verified with lwIP 1.4.0 and contrib-1.4.0 from:
  
  http://download.savannah.gnu.org/releases/lwip/lwip-1.4.0.zip
  http://download.savannah.gnu.org/releases/lwip/contrib-1.4.0.zip
  
  Have fun!

- curl.h: untangle a preprocessor block, removing duplicate sys/types.h inclusion

Daniel Stenberg (4 Aug 2011)
- TODO-RELEASE: issue #290 fixed
  
  Closed this entry:
  290 - bug 3375603 "curl has problem with remote names containing ';'"

- -J: support ';' in quoted file names
  
  Content-disposition headers can provide file names with semicolons which
  previously would be cut off at that point.
  
  Added test case 1311 and 1312 to verify -J.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3375603
  Reported by: Peter Hjalmarsson

- getpart.pm: when no part match, return blank when section ends

- runtests.pl: support option=no-include

- TODO-RELESE: #306 - SSL Sessions shared

- TODO-RELEASE: updated with current issues

Kamil Dudka (3 Aug 2011)
- curl_gssapi: add a missing include of sendf.h
  
  ... to avoid build failure when GSS_C_DELEG_POLICY_FLAG is not defined.
  
  Reported by: Paul Howarth

- curl_gssapi: refine the handling of CURLOPT_GSSAPI_DELEGATION
  
  Suggested by Richard Silverman.

- [Adam Tkac brought this change]

  Add new CURLOPT_GSSAPI_DELEGATION option.
  
  Curl_gss_init_sec_context got new parameter - SessionHandle.
  
  Signed-off-by: Adam Tkac <atkac@redhat.com>

Yang Tse (31 Jul 2011)
- configure: add check for <sys/wait.h>

- NTLM single-sign on adjustments (VIII)
  
  Use preprocessor symbols WINBIND_NTLM_AUTH_ENABLED and WINBIND_NTLM_AUTH_FILE
  for Samba's winbind daemon ntlm_auth helper code implementation and filename.
  
  Retain preprocessor symbol USE_NTLM_SSO for NTLM single-sign-on feature
  availability implementation independent.
  
  For test harness, prefix NTLM_AUTH environment vars with CURL_
  
  Refactor and rename configure option --with-ntlm-auth to --enable-wb-ntlm-auth[=FILE]

Dan Fandrich (29 Jul 2011)
- Renumbered test2005 to test1310
  
  The 20xx range is for multiple sequential tests.

Yang Tse (29 Jul 2011)
- curl-functions.m4 serial # bump

- Revert "configure: additional flag checks for fcntl() socket() and socketpair()"
  
  This reverts commit bc6e6a465ad0b9f9757c4385698fe5f255dd125b.

- configure: additional flag checks for fcntl() socket() and socketpair()

- NTLM single-sign on adjustments (VII)
  
  Initialize variables when connectdata object is created.

- socketpair() usage tracking to allow fd leak detection

- fix compiler warning

Dan Fandrich (28 Jul 2011)
- Avoid a "shadows global declaration" warning on old MIT Kerberos
  
  Defining NCOMPAT eliminates the backwards-compatibility macros
  that are the source of the problem and which we don't need,
  anyway.

Yang Tse (28 Jul 2011)
- NTLM single-sign on adjustments (VI)
  
  Fix compiler warning

Dan Fandrich (28 Jul 2011)
- Give the NTLM SSO helper a moment to cleanly shut down if needed

- Removed an extraneous \n that violated the SSO daemon protocol
  
  This caused fake_ntlm to abort due to an invalid command
  causing sporadic test 2005 failures.

Yang Tse (28 Jul 2011)
- NTLM single-sign on adjustments (V)
  
  Enhance test harness fake_ntlm logging upon invalid input.

Dan Fandrich (27 Jul 2011)
- Fixed a couple of memory leaks in NTLM SSO support

Yang Tse (27 Jul 2011)
- NTLM single-sign on adjustments (IV)
  
  Fix compiler warning

- NTLM single-sign on adjustments (III)
  
  Provide some error tracing and fix execl() calling.

- NTLM single-sign on adjustments (II)
  
  Ensure test harness fake_ntlm main function can properly handle arguments.

- NTLM single-sign on adjustments (I)
  
  Use fake_ntlm absolute filename in NTLM_AUTH environment variable for test
  2005 definition.

Dan Fandrich (26 Jul 2011)
- Fixed test 2005 to work in out-of-tree builds
  
  Also, set the test number in the test data file so fake_ntlm can
  be reused in future tests.

Yang Tse (26 Jul 2011)
- fix compiler warning

- fix compiler warning

- stdio.h, stdlib.h, string.h, stdarg.h and ctype.h inclusion done in setup_once.h

- WIN32 io.h and fcntl.h inclusion done in setup_once.h

- time.h and sys/time.h inclusion conditionally done in setup_once.h

- errno.h inclusion conditionally done in setup_once.h - followup

- errno.h inclusion conditionally done in setup_once.h

Daniel Stenberg (22 Jul 2011)
- [Ben Winslow brought this change]

  progress: reset flags at transfer start
  
  When an easy handle is used to download an URI which has no
  Content-Length header (or equivalent) after downloading an URI which
  does, the value from the previous transfer is reused and returned by
  CURLINFO_CONTENT_LENGTH_DOWNLOAD. This is because the progress flags
  (used to determine whether such a header was received) are not reset
  between transfers.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3370895

- RELEASE-NOTES: HTTP error handling on request body send

- http error response: stop sending when error is received
  
  When libcurl has said to the server that there's a POST or PUT coming
  (with a content-length and all) it has to either deliver that amount of
  data or it needs to close the connection before trying a second request.
  
  Adds test case 1129, 1130 and 1131
  
  The bug report is about when used with 100-continue, but the change is
  more generic.
  
  Bug: http://curl.haxx.se/mail/lib-2011-06/0191.html
  Reported by: Steven Parkes

- [Michael Mueller brought this change]

  sso_ntlm_initiate: unassigned variable
  
  Bug: http://curl.haxx.se/mail/lib-2011-07/0109.html

- test2005: require a debug build

- runtests: add 'debug' as a feature a test can require

- configure: avoid "test -e"
  
  "test -e" is POSIX but clearly was not supported by the SunOS sh
  version, -f is supported and should be a decent equivalent
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3371574

- symbols-in-versions: add NTLM_SSO symbols

- gitignore: ignore fake_ntlm

- [Mandy Wu brought this change]

  test2005: verify ntlm single-signon

- [Mandy Wu brought this change]

  NTLM single-sign on supported
  
  With the use of the 'ntlm_auth' tool from the Samba project

- sws: don't enable pipelining for requests with content-length
  
  Log texts also modified and some white space edits

Patrick Monnerat (14 Jul 2011)
- Fix OS400 scripts to make it compilable again.
  Upgrade ILE/RPG binding to 7.21.7.
  Update OS400 documentation accordingly.

Daniel Stenberg (14 Jul 2011)
- runtests: ignore the 'all_proxy' environment variable as well
  
  We should probably also make sure that [protocol]_proxy for all possible
  protocols libcurl supports are unset.

Julien Chaffraix (13 Jul 2011)
- curl_gssapi: Guard files with HAVE_GSSAPI.
  
  Bug: http://curl.haxx.se/mail/lib-2011-07/0074.html
  Reported and fix suggested by: Ben Greear

Daniel Stenberg (13 Jul 2011)
- gssapi: rename our files to avoid conflicts
  
  gssapi.h is used as a header name by Heimdal-style GSSAPI so it would
  conflict with a private header using that name, and while renaming the
  header I figured we should name the .c file accordingly as well.
  
  Bug: http://curl.haxx.se/mail/lib-2011-07/0071.html
  Reported by: Ben Greear

- silence picky compilers: mark unused parameters
  
  Modern gcc versions (4.6.X) get more picky by default and have started
  to warn for unused parameters, but luckily gcc also allows us to mark
  them as unused so that we can avoid the warnings.

Julien Chaffraix (12 Jul 2011)
- gssapi.c: Simplified the function.
  
  Removed the parameters that were common to all our invocation.

- Added Curl_gss_init_sec_context.
  
  This function wraps our calls to gss_init_sec_context so that we
  have a unified way to talk to GSSAPI.

- http_negociate: Be consistent in gss_init_sec_context attributes.
  
  This change makes this callsite match the rest of the code.

Daniel Stenberg (4 Jul 2011)
- code style: space between close paren and open brace

- checksrc: detect open brace without space
  
  We use "if(condition) {" with a space between the close paren and the
  open brace.

- polarssl.h: remove CVS leftover

- help output: more gnu like output
  
  First, the -J/--remote-header-name was wrongly sorted in the --help
  output as pointed out in bug report #3349271.
  
  Then, I changed the format of the texts to follow the man page better in
  that it now uses "-A, --long" intead of "-A/--long". I also made all
  additional arguments get written as in "-A, --long FILENAME" instead of
  the previous "<filename>" style.
  
  Reported by: Herve Amblard
  Bug: http://curl.haxx.se/bug/view.cgi?id=3349271

- sws: allow multiple commands in <servercmd>

- Curl_http_readwrite_headers: minor indent fix

- gitignore: config.cache

- docs: FTP quotes support '*' prefix to ignore errors
  
  By default libcurl stops processing quote commands on failures.

- THANKS: new contributors from 7.21.7

- get_gss_name: proxy auth without proxy set equals error
  
  Previously it would access a NULL pointer and die.
  
  Bug: http://curl.haxx.se/mail/lib-2011-06/0170.html
  Reported by: Christian Hagele

- examples: cleanup curl includes
  
  Only <curl/curl.h> is needed typically and curl/types.h has been removed

- libtests: stop checking for CURLM_CALL_MULTI_PERFORM
  
  CURLM_CALL_MULTI_PERFORM stopped being a valid return code from
  curl_multi_perform back in 7.20.0. All the libcurl tests are ajusted to
  this and no longer check for this return code. Makes them simpler.

Dan Fandrich (24 Jun 2011)
- Fixed test 1300 to pass the memory torture test

- Display notes from setup file in testcurl.pl
  
  Autobuild submitters can use this to add some text to their
  setup files to describe issues they've found with the build
  or tests. This could include laying blame on test failures on
  network issues or dependent libraries, explaining away compiler
  warnings or providing any additional information that could be
  useful to people reviewing and investigating problems with the
  publicly available autobuild logs.  Note that persistent test
  failures that are not issues with curl itself should normally be
  fixed by excluding them from the test run instead.
  
  This is an entirely optional field that is not entered by the
  user the first time a new build is created.

- Added a leap second test to test517

Daniel Stenberg (23 Jun 2011)
- runtests.pl: warn if a test is explicitly disabled
  
  Just to make sure a user is aware of it.

- bump release: start working towards 7.21.8

- parsedate: detect more invalid dates better

Version 7.21.7 (23 Jun 2011)

Daniel Stenberg (23 Jun 2011)
- curl_formfree: clarify which pointer to free

- RELEASE-NOTES: mention security issue 20110623
  
  libcurl inappropriate GSSAPI delegation. Full details at
  http://curl.haxx.se/docs/adv_20110623.html

- RELEASE-NOTES: synced with 9016958aa8989

- Curl_input_negotiate: do not delegate GSSAPI credentials
  
  This is a security flaw. See curl advisory 20110623 for details.
  
  Reported by: Richard Silverman

- [Josue Andrade Gomes brought this change]

  windows build: use correct MS CRT

- Merge pull request #23 from salty-horse/pop3_list_space
  
  [pop3] remove extra space in LIST command

Ori Avtalion (21 Jun 2011)
- [pop3] remove extra space in LIST command
  
  Some servers, e.g. mail.bezeqint.net:110, consider it a syntax error

Yang Tse (21 Jun 2011)
- http: fix compiler warning
  
  compiler warning: conditional expression is constant

- asyn-thread: fix compiler warning
  
  compiler warning: variable is initialized but not referenced

- cmake: remove spurious definition

Daniel Stenberg (21 Jun 2011)
- FAQ: more blurb on persistent connections

Yang Tse (21 Jun 2011)
- xc-translit.m4 fix quoting

Daniel Stenberg (20 Jun 2011)
- INSTALL: mention the GIT-INFO file

Dan Fandrich (20 Jun 2011)
- Added LOCAL_MODULE_TAGS to support Android gingerbread

Daniel Stenberg (19 Jun 2011)
- [Amr Shahin brought this change]

  unitteset: Curl_llist_move
  
  adding unit test for Curl_llist_move, documenting unit-tested functions
  in llist.c, changing unit-test to unittest, replacing assert calls with
  abort_unless calls

- CURLFORM_STREAM: acknowledge CURLFORM_FILENAME
  
  The CURLFORM_STREAM is documented to only insert a file name (and thus
  look like a file upload) in the part if CURLFORM_FILENAME is set, but in
  reality it always inserted a filename="" and if CURLFORM_FILENAME wasn't
  set, it would insert insert rubbish (or possibly crash).
  
  This is now fixed to work as documented, and test 554 has been extended
  to verify this.
  
  Reported by: Sascha Swiercy
  Bug: http://curl.haxx.se/mail/lib-2011-06/0070.html

Yang Tse (17 Jun 2011)
- configure: avoid direct usage of AS_TR_* macros

- xc-translit.m4 provides transliteration macros with well defined behavior.

Daniel Stenberg (14 Jun 2011)
- RELEASE-NOTES: add more contributors for this release

- RELEASE-NOTES: synced with 0aedccc18a33a778535

- curl_formget: fix FILE * leak
  
  Properly deal with the fact that the last fread() call most probably is
  a short read, and when using callbacks in fact all calls can be short
  reads. No longer consider a file read done until it returns a 0 from the
  read function.
  
  Reported by: Aaron Orenstein
  Bug: http://curl.haxx.se/mail/lib-2011-06/0048.html

- curl_formget: treat CURLFORM_STREAM better
  
  If a piece is set to use a callback to get the data, it should not be
  treated as data. It unfortunately also requires that curl_easy_perform()
  or similar has been used as otherwise the callback function hasn't been
  figured out and curl_formget won't know how to get the content.

- curl_formget.3: CURLFORM_STREAM has its drawbacks
  
  Due to a design flaw, the CURLFORM_STREAM option doesn't really work
  with curl_formget until after curl_easy_perform (or similar).

- FAQ: binding clarification
  
  We don't author the bindings, they are created outside the main project.

Dan Fandrich (11 Jun 2011)
- Added http as a dependency of test 1308

Daniel Stenberg (12 Jun 2011)
- test1309: added to the dist

- write: add return code checks when used
  
  These were just warnings in test code but it still makes it nicer to not
  generate them.

- long/int mess
  
  Typecast when converting to int from long to avoid some compiler warnings

Yang Tse (11 Jun 2011)
- configure: OpenSSL API detection cleanup

Dan Fandrich (11 Jun 2011)
- Fixed test 1309 to pass the torture test
  
  Removing dynamic allocations also simplifies the test.

Daniel Stenberg (10 Jun 2011)
- splay: add unit tests
  
  The test code that was #ifdef'ed in the code was converted into unit
  tests in test case 1309. I also removed the #if 0'ed code from splay.c

- unittest: mark all unit tested functions
  
  With "@unittest: [num]" in the header comment for each tested function.
  Shows we have a log way to go still...

- CURLOPT_WRITEHEADER: clarify the docs

- unit test formpost: added test case 1308
  
  This is a few first rather basic tests of curl_formadd() and
  curl_formget(). Should serve as building blocks to add more variations
  to the test.

Yang Tse (9 Jun 2011)
- configure: warn if OpenSSL headers and library versions don't match

- configure: get API info for a couple of OpenSSL functions (followup 2)

- configure: get API info for a couple of OpenSSL functions (followup 1)

- configure: fix recvfrom 5th arg type qualifier detection (followup)

- configure: fix recvfrom 5th arg type qualifier detection

Kamil Dudka (8 Jun 2011)
- disconnect: wipe out the keeps_speed time stamp
  
  When closing a connection, the speedchecker's timestamp is now deleted
  so that it cannot accidentally be used by a fresh connection on the same
  handle when examining the transfer speed.
  
  Bug: https://bugzilla.redhat.com/679709

Yang Tse (7 Jun 2011)
- urldata: use uniform inclusion style for OpenSSL headers

Daniel Stenberg (7 Jun 2011)
- HTTP time condition: force closure for 200 OK
  
  When a time condition isn't met, so that no body is delivered to the
  application even though a 2xx response is being read from the server, we
  must close the connection to avoid a re-use of the connection to be
  completely tricked.
  
  Added test 1128 to verify.

- RELEASE-NOTES: synced with b772f3a32146d7d

Yang Tse (6 Jun 2011)
- configure: get API info for a couple of OpenSSL functions

Daniel Stenberg (5 Jun 2011)
- wait_ms: takes an int argument
  
  Typecasts added since I changed more code to use long for timeouts

- Curl_socket_ready: make timeout a 'long'
  
  It was mostly typecasted to int all over the code so switching to long
  instead all over should be a net gain.

Yang Tse (4 Jun 2011)
- xlc: avoid preprocessor definition usage when linking

- unit tests: disable unit tests for a given cross-compilation configuration.
  
  cross-compilation of unit tests static library/programs fails when
  libcurl shared library is also built. This might be due to a libtool or
  automake issue. In this case we disable unit tests.

Daniel Stenberg (3 Jun 2011)
- cookie_output: made private

- digest_cleanup_one: made private

- privatise: make private functions static

- Curl_fileinfo_dup: removed, not used

- parsedate: turn private and static
  
  I removed the prefix as well accordingly.

Dan Fandrich (2 Jun 2011)
- curl hasn't sent a Pragma: header by default for a while

Yang Tse (2 Jun 2011)
- unit tests: attempt to fix linkage issue

- urlglob: fix zero size malloc

- Remove unnecessary typecast

- compiler warning: fix
  
  Fix compiler warning: cast increases required alignment

- unit tests: make unit tests building actually depend on --enable-debug option.

- OpenSSL enabled: require OPENSSL_VERSION_NUMBER definition before usage.

- unit tests: more build adjustments

Daniel Stenberg (1 Jun 2011)
- CURLOPT_WILDCARDMATCH: minor style edit
  
  Due to some flaw in roffit I removed some style changes to make the web
  page look better.

Yang Tse (1 Jun 2011)
- makefile: avoid preprocessor definition usage when linking

- warnless: icc 9.1 workaround

Daniel Stenberg (31 May 2011)
- testcurl.pl: allow configure args to use '='

Yang Tse (30 May 2011)
- Makefile.am: fix spurious CFLAGS duplication

Dan Fandrich (30 May 2011)
- Removed types.h from Android makefile

Daniel Stenberg (30 May 2011)
- configure.ac: skip /dev/urandom check when cross-compiling
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3307835

Yang Tse (29 May 2011)
- main: fix header inclusion order
  
  Currently, Windows cross-compiled autobuilds require inclusion of setup.h
  before curl.h to get definitions of CURL_STATICLIB and BUILDING_LIBCURL.

- main: fix header inclusion order

- distribution: Fix EXTRA_DIST letter case

Daniel Stenberg (27 May 2011)
- curl_easy_setopt.3: NOPROGRESS also affects the callback

Yang Tse (27 May 2011)
- warnless: header inclusion fix

- Make checksrc.pl work on more out-of-tree builds
  
  Source files given with relative paths do not have the
  -D directory specifier prepended.

- compiler warning: fix
  
  Fix compiler warning: conversion may lose significant bits

- socks: fix unaligned memory access

- compiler warning: fix
  
  Fix compiler warning: variable was set but never used
  
  Fix compiler warning: clobber ignored

- unit tests: build adjustment
  
  Also define UNITTESTS macro when building unit test sources.
  
  Fixing compiler warning: external definition with no prior declaration

Daniel Stenberg (25 May 2011)
- create_conn: only switch protocol handler if necessary
  
  When switching to HTTP because a HTTP proxy is being used, the existing
  handler is now checked if it already is "compatible". This allows the https
  handler remain while other non-http handlers will be redirected.
  
  Bug: http://curl.haxx.se/mail/lib-2011-05/0214.html
  Reported by: Jerome Robert

- setopt.3: remove leftover style change

- setopt.3: CURLOPT_WRITEFUNCTION had wrong function proto

Yang Tse (25 May 2011)
- compiler warning: fix followup
  
  Fix compiler warning: variable was set but never used
  
  Fix compiler warning: clobber ignored

- unit tests: README, adjust header inclusion order

- compiler warning: fix
  
  Fix compiler warning: variable was set but never used
  
  Fix compiler warning: clobber ignored

- compiler warning: fix
  
  Fix compiler warning: external definition with no prior declaration

- compiler warning: fix
  
  Fix compiler warning: external definition with no prior declaration

- compiler warning: fix
  
  Fix compiler warning: argument is incompatible with corresponding format
  string conversion

- build: inclusion guard
  
  Enclose header file in an inclusion guard

- compiler warning: fix
  
  Fix compiler warning: expression has no effect

- compiler warning: fix
  
  Fix compiler warning: `keycheck' might be used uninitialized in this function.
  Fix compiler warning: `keybit' might be used uninitialized in this function.

- compiler warning: fix
  
  Fix variable declaration placement

- compiler warning: fix
  
  Fix missing semicolon

- compiler warning: fix
  
  Fix compiler warning: expression has no effect
  
  Fix OOM handling

- compiler warning: fix
  
  Fix compiler warning: expression has no effect

- compiler warning: fix
  
  Fix compiler warning: unused variable 'data'

- compiler warning: fix
  
  Fix compiler warning: enumerated type mixed with another type

- compiler warning: fix
  
  Fix compiler warning: enumerated type mixed with another type

- compiler warning: fix
  
  Fix compiler warning: enumerated type mixed with another type

- compiler warning: fix
  
  Fix compiler warning: enumerated type mixed with another type

- compiler warning: fix
  
  Fix compiler warning: enumerated type mixed with another type

- compiler warning: fix
  
  Fix compiler warning: empty body in an if-statement

- unit tests: adjust header inclusion order
  
  Additionally, prevent multiple inclusions of curl_config.h

Daniel Stenberg (20 May 2011)
- Merge pull request #19 from pierrejoye/master
  
  winbuild: typo in docs

- [Ola Mork brought this change]

  cyassl: build without filesystem
  
  Get cyassl's NO_FILESYSTEM to work with libcurl. Otherwise I'd get linker
  errors for the missing "SSL_CTX_load_verify_locations" functions.

Pierre Joye (20 May 2011)
- - typo

Daniel Stenberg (19 May 2011)
- typo: close is in man page section 3

Yang Tse (19 May 2011)
- tests: verify OPEN/CLOSESOCKETFUNCTION
  
  Test 585: Fix opensocket return type, and avoid function name clash.

- version: linkage fix
  
  Fix linkage on c-ares enabled Windows static builds

Daniel Stenberg (18 May 2011)
- curl_easy_setopt.3: document CLOSESOCKET* options

- tests: verify OPEN/CLOSESOCKETFUNCTION
  
  Test 585 and 586 were added. Using a modified lib500.c

- symbols-in-versions: add CLOSESOCKET*

- CLOSESOCKETFUNCTION: use the callback
  
  Fix the return type of the callback to match close() and make use of it.

- CLOSESOCKETFUNCTION: added
  
  Introduced the initial setup to allow closesocket callbacks by making
  sure sclose() is only ever called from one place in the libcurl source
  and still run all test cases fine.

- GnuTLS handshake: fix timeout
  
  Commit cbf4961bf3e garbled the timeout handling while doing SSL
  handshaking (in an attempt at fixing another bug). This puts sanity
  back.
  
  Bug: http://curl.haxx.se/mail/lib-2011-05/0167.html
  Reported by: Ethan Glasser Camp

- checksrc: trailing whitespace detection fix

- [Marcel Roelofs brought this change]

  negotiate sspi: fix sequential requests

- tests: added HTTP If-Modified-Since tests
  
  Added test 1126 and 1127 to verify curl's behaviour when If-Modified-Since
  is used and a 200 is returned.
  
  The list of test cases in Makefile.am is now sorted numerically.

- include: cleanup
  
  Made the public headers checksrc compliant
  
  Removed types.h (it's been unused since April 2004)
  
  Made the root makefile do make in include by default as well, so that
  TAGS and the checksrc will work better.

Dan Fandrich (6 May 2011)
- Fixed compilation when RTSP is disabled

- Fixed LDAP after RTSP readwrite change

Daniel Stenberg (6 May 2011)
- RELEASE-NOTES: synced with 32001ac4149b206

- set_userpass: convert from protocol-specific to generic
  
  The protocol handler's flags field now can set that the protocol
  requires a password, so that the set_userpass function doesn't have to
  have the specific knowledge of which protocols that do.

- RTSP: cleanups
  
  Made several functions static
  
  Made one function defined to nothing when RTSP is disabled to avoid
  the #ifdefs in code.
  
  Removed explicit rtsp.h includes

- RTSP: convert protocol-specific checks to generic
  
  Add a 'readwrite' function to the protocol handler struct and use that
  for the extra readwrite functionality RTSP needs.

- SSL: check for SSL, not specific protocols
  
  Code cleanup to check less for protocols and more for the specific
  relevant feature. Like if SSL is required.

- http_perhapsrewind: remove HTTP check
  
  No need to check for HTTP as this is now a HTTP-specific function

- http_perhapsrewind:
  
  make it static, remove Curl_ prefix

- remove FILE protocol-specific checks
  
  Also, convert the BANPROXY flag into NONETWORK for the protocols
  (file:// only atm) that don't work over networks.

- curl.1: --socks* options no longer needed
  
  As we now can specify all the socks proxy types with the regular --proxy
  option using protocol prefix.

- socks proxy: allow socks5h:// prefix too
  
  Using 'socks5h' as proxy protocol will make it a
  CURLPROXY_SOCKS5_HOSTNAME proxy which is SOCKS5 and asking the proxy to
  resolve host names. I found no "standard" protocol name for this.

- curl.1: minor edit of --ftp-ssl*

- [Jari Aalto brought this change]

  curl.1: use GNU style and sort options
  
  Follow style of GNU layout (cp, mv ...) where options are separated with
  comma: -o, --option
  
  Order item alphabetically (by length also): -o, -O, --option
  
  Follow style of GNU layout by moving help related options to the end:
  --help, -M, --version

- Corrected comments
  
  closepolicy has been deprecated and unused for years

- ConnectionStore: remove unused return code

- indent correctly

- curl_easy_getinfo.3: clarify some timing info

- curl_easy_setopt.3: clarify the SSH KEYFILE options usage
  
  The internal defaults are important info

- docs: mention the protocol:// support in proxy strings

- --data-ascii: add mention
  
  As it is a separate option it should have a .IP title

- url encode docs: mention '-', '.', '_' and '~'
  
  Clarify that the '-', '.', '_' or '~' letters are also not escaped since
  they shouldn't according to RFC3986 section 2.3.
  
  This is how this function has behaved since sep 2010, commit
  5df13c31735fa0.

- SSH: set non-blocking earlier
  
  Introduce an INIT state for the SSH state machine and set libssh2
  non-blocking in that so that it is set properly before
  libssh2_session_startup() is called.
  
  Bug: http://curl.haxx.se/mail/archive-2011-05/0001.html

- curl_formfree.3: mention argument may be NULL
  
  As the code already checks for it we can just as well make it official!

- ConnectionExists: avoid NULL dereference
  
  When checking for connections that are bound to a particular device we
  must make sure we don't compare with a NULL pointer.

- resolver_error: remove bad semicolon

- RELEASE-NOTES: synced with c4bc1d473f324

- anyauthput.c: stdint.h must not be included unconditionally
  
  As it is already included by curlbuild.h if it exists on the platform it
  was included here superfluously anyway.
  
  Reported by: Dagobert Michelsen
  Bug: http://curl.haxx.se/bug/view.cgi?id=3294509

- gai_strerror: provide private implementation
  
  There are systems (like NetWare) without its own gai_strerror()
  function.

- treaded-resolver: better error messages
  
  Now use gai_strerror() to get proper error messages when getaddrinfo()
  has failed. Detect the function in configure.
  
  Code based on work and suggestions by Jeff Pohlmeyer and Guenter Knauf

- proxy: allow socks:// prefix in proxy string
  
  Inspired by a patch from OB.Conseil. Added test case 708 to verify.

- [Zmey Petroff brought this change]

  CMake: improve library search, implement install.
  
  Improved library search by check_function_exists_concat() macro:
  it does not revert the list of libraries any more.
  
  Improved OpenSSL library search: first find zlib, then search for
  openssl libraries that may depend on zlib.
  
  For Unix: openssl libraries can now be detected in nonstandard
  locations. Supply CMAKE_LIBRARY_PATH to CMake on command line.
  
  Added installation capability (very basic one yet).

- multi-socks: fix connect to proxy
  
  When connecting to a socks or similar proxy we do the proxy handshake at
  once when we know the TCP connect is completed and we only consider the
  "connection" complete after the proxy handshake. This fixes test 564
  which is now no longer considered disabled.
  
  Reported by: Dmitri Shubin
  Bug: http://curl.haxx.se/mail/lib-2011-04/0127.html

- cleanup: remove old unused debug code

Dan Fandrich (27 Apr 2011)
- Make checksrc.pl work on out-of-tree builds
  
  Source files given with absolute paths do not have the
  -D directory specifier prepended.

Daniel Stenberg (27 Apr 2011)
- make: add checksrc.pl to dist

- make: add 'checksrc' as target to check code style
  
  The make target checksrc now works in the root makefile and in both the
  src and lib directories.
  
  It is also run automatically on "all" if configure --enable-debug was
  used.

- checksrc: whitespace and code style cleanup
  
  Make everything adhere to the standards upheld by checksrc.pl and now
  run checksrc from the makefile on debug builds.

- checksrc: add -W to allow a file to be whitelisted
  
  Useful when a known file just doesn't comply and there's no intention to
  make it do so.

- whitespace cleanup: no space first in conditionals
  
  "if(a)" is our style, not "if( a )"

- lib/make: run checksrc.pl once for all files
  
  Since it now supports multiple files this will be faster and will show
  problems for more file than one at a time - more convenient.

- checksrc: scan many files, more checks
  
  It now scans multiple files and outputs an error+warning count summary
  at the end in case at least one was detected.
  
  -D can be used to specify in which dir the files are located
  
  The script now scans for conditions that starts with a space for
  if/while/for lines.

- Makefile: run checksrc if debug enabled
  
  And make the build fail if a warning or error was detected

- checksrc: exit error code if warnings or errors

- SSH: move knownhost logic to separate function

- source cleanup: unify look, style and indent levels
  
  By the use of a the new lib/checksrc.pl script that checks that our
  basic source style rules are followed.

Guenter Knauf (27 Apr 2011)
- Windows native IDN fixes.
  
  For now provide prototypes instead of including the
  non-standard normalisation.h which is only available in the
  "Internationalized Domain Names Mitigation APIs" download.

Dan Fandrich (25 Apr 2011)
- Fixed compiler warning in Windows SSPI case

- Fixed compilation when the synchronous resolver is used

- Added new resolver sources to Symbian and VC6 build files

Daniel Stenberg (25 Apr 2011)
- hostip: comment fixed to state current situation

- async resolvers: further cleanups
  
  asyn-ares.c and asyn-thread.c are two separate backends that implement
  the same (internal) async resolver API for libcurl to use. Backend is
  specified at build time.
  
  The internal resolver API is defined in asyn.h for asynch resolvers.

- asynch resolvers: cleanup
  
  Fixed indents, coding conventions and white space edits.
  
  Modified the c-ares completion callback function to again NOT read the
  conn data when the ares handle is being taken down as then it may have
  been freed already.

- [Vsevolod Novikov brought this change]

  asynch resolvers: unified
  
  Introducing an internal API for handling of different async resolver
  backends.

Guenter Knauf (24 Apr 2011)
- Enabled OpenWatcom native Windows IDN build.
  
  For now we directly import the Idn* symbols with the linker;
  an upcoming release of OWC will have these added to the import
  lib normaliz.lib, and prototypes are added to winnnls.h.

Daniel Stenberg (22 Apr 2011)
- NTLM: work with unicode
  
  Rewritten code from a patch brought by Matteo Rocco.

- bump version: work towards 7.21.7

- THANKS: contributors from 7.21.6

Version 7.21.6 (22 Apr 2011)

Daniel Stenberg (22 Apr 2011)
- RELEASE-NOTES: two more contributors

Dan Fandrich (21 Apr 2011)
- Fixed test 1023 when using daily snapshots

- Include unistd.h to declare close()

Julien Chaffraix (21 Apr 2011)
- [Fabian Keil brought this change]

  In lib/, change 'wanna' to 'want to'.
  
  Found with codespell.

- [Fabian Keil brought this change]

  Fix spelling errors in buildconf
  
  Found with codespell.

- [Fabian Keil brought this change]

  Fix spelling errors in src/
  
  Found with codespell.

- [Fabian Keil brought this change]

  Fix spelling errors in include/

- [Fabian Keil brought this change]

  Fix a couple of spelling errors in lib/
  
  Found with codespell.

- transfer.c: Fixed indentation in readwrite_data.

Dan Fandrich (20 Apr 2011)
- Fixed closing test tag

Daniel Stenberg (20 Apr 2011)
- RELEASE-NOTES: synced with 3242abd87a1262

- SFTP: close file before postquote
  
  Make sure that files are closed before the post quote commands run as if
  they operate on the just transferred file they could otherwise easily
  fail.
  
  Patch by: Rajesh Naganathan (edited)

Dan Fandrich (20 Apr 2011)
- Fixed test 1022 when using daily snapshots

Daniel Stenberg (20 Apr 2011)
- Curl_http_connect: detect HTTPS properly after CONNECT
  
  libcurl failed to check the correct struct for HTTPS after CONNECT was
  issued to the proxy, so it didn't do the TLS handshake and subsequently
  failed the connection. A regression released in 7.21.5 (introduced
  around commit 8831000bc07de).
  
  Bug: http://curl.haxx.se/mail/lib-2011-04/0134.html
  Reported by: Josue Andrade Gomes

- curl_easy_setopt.3: CURLOPT_PROXYTYPE clarification
  
  When set to a HTTP 1.0 proxy, that only affects the CONNECT request and
  not the regular HTTP request.

- [Gisle Vanem brought this change]

  CURL_DOES_CONVERSIONS: fixes
  
  Made it compile and work again after the code move.

- CURL_DOES_CONVERSIONS: cleanup
  
  Massively reduce #ifdefs all over (23 #ifdef lines less so far)
  Moved conversion-specific code to non-ascii.c

Guenter Knauf (19 Apr 2011)
- Improve MinGW static makefile builds.
  
  It is now possible to use any combination of features without
  having to 1st add makefile targets to the main makefile. The
  main makefile now passes the 'mingw32-feat1-feat2' as var CFG,
  and the ./[lib|src]/Makefile.m32 parses the CFG var to determine
  the features to be enabled.

- Enabled MinGW native Windows IDN build.

- Windows native IDN fixes.
  
  changed windows.h include to system header;
  changed obsolete 2nd check for str_w to str_utf8 in order to catch
  malloc() failure and avoid a free(NULL);
  changed calls to GetLastError() to void to kill unsused var compiler
  warnings;
  moved one call to GetLastError() into else case so that its only
  called when WideCharToMultiByte() really fails.

- Windows native IDN fixes.
  
  Provide prototype for curl_win32_idn_to_ascii();
  remove wrong 3rd parameter from curl_win32_idn_to_ascii() call.

Daniel Stenberg (19 Apr 2011)
- curl-config: fix version output
  
  do the s/VERSION/CURLVERSION replacement for the human redable output
  for --checkfor
  
  Reported by: Ryan Schmidt

- RELEASE-NOTES: synced with 5aae3c13e2

Guenter Knauf (19 Apr 2011)
- Updated default (recommended) dependency versions.

- Updated default (recommended) dependency versions.

Daniel Stenberg (18 Apr 2011)
- transfer-encoding: document the options
  
  The new libcurl and command line options are now described.

- transfer-encoding: added new option and cmdline
  
  Added CURLOPT_TRANSFER_ENCODING as the option to set to request Transfer
  Encoding in HTTP requests (if built zlib enabled). I also renamed
  CURLOPT_ENCODING to CURLOPT_ACCEPT_ENCODING (while keeping the old name
  around) to reduce the confusion when we have to encoding options for
  HTTP.
  
  --tr-encoding is now the new command line option for curl to request
  this, and thus I updated the test cases accordingly.

- CURLE_BAD_CONTENT_ENCODING: now used for transfer encoding too

- TE: do the Connection: header
  
  When TE: is inserted in the request, we must add a "Connection: TE" as
  well to be HTTP 1.1 compliant. If a custom Connection: header is passed
  in, we must use that and only append TE to it. Test case 1125 verifies
  TE: + custom Connection:.

- test1124: verify gzip AND chunked transfer-encoding

- TE: rename struct field content_encoding
  
  Since this struct member is used in the code to determine what and how
  to decode automatically and since it is now also used for compressed
  Transfer-Encodings, I renamed it to the more suitable 'auto_decoding'

- HTTP: add support for gzip and deflate Transfer-Encoding
  
  Transfer-Encoding differs from Content-Encoding in a few subtle ways,
  but primarily it concerns the transfer only and not the content so when
  discovered to be compressed we know we have to uncompress it. There will
  only arrive compressed transfers in a response after we have requested
  them with the appropriate TE: header.
  
  Test case 1122 and 1123 verify.

Patrick Monnerat (18 Apr 2011)
- OS400 pragma comment: replace (date) by (user, __DATE__) to include year.

- Augment RPG binding with "OLDIES" definitions.
  Fix OS400 LDAP wrappers: strings were non null-terminated.

Daniel Stenberg (18 Apr 2011)
- curl-config: fix --version
  
  curl-config --version didn't output the correct version string (bug
  introduced in commit 0355e33b5f7b234cf3), and unfortunately the test
  case 1022 that was supposed to check for this was broken.
  
  This change fixes the test to detect this problem and it fixes the
  output.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3288727

- RELEASE-NOTES: updated contributor amount

- THANKS: 11 new contributors from 7.21.5

- 7.21.6: next planned release number

Version 7.21.5 (17 Apr 2011)

Daniel Stenberg (17 Apr 2011)
- base64.c: removed wrong comment

- INTERNALS: clean up
  
  Clarified the release procedure

- TODO-RELEASE: push the remaining ones to next release
  
  As we're closing in on the release, I give up on the remaining ones but
  I leave them in here for now to try to fix for next release.
  
  I removed the 281 issue about warnings from the statical analyzer scans,
  as they seem to be mostly false positives at this point.

- RELEASE-NOTES: synced with c246f63a71

- Curl_ssl_shutdown: restore send/recv pointers
  
  When going back from SSL, put the send/recv function pointers back to
  the plain versions.
  
  Bug: http://curl.haxx.se/mail/lib-2011-04/0070.html
  Reported by: Mehmet Bozkurt

Guenter Knauf (16 Apr 2011)
- Changed email per Gisle's request.

Daniel Stenberg (14 Apr 2011)
- curl.1: error code update
  
  Error 4 has got a meaning
  
  Error 48 has got a slightly different meaning now

- FAQ: c-ares does ipv6 pretty well now

- [Andrei Benea brought this change]

  Fix a buffer overflow in pubkey_show().

Guenter Knauf (14 Apr 2011)
- Replaced var manipulations with perlish hacks.

Dan Fandrich (12 Apr 2011)
- Updated minimum binary sizes

Daniel Stenberg (12 Apr 2011)
- configure: libssh2 link fix without pkg-config
  
  The script didn't properly add the -lssh2 link option when it enabled
  libssh2 linking where pkg-config isn't found.
  
  Reported by: Saqib Ali
  Bug: http://curl.haxx.se/mail/lib-2011-04/0054.html

- RELEASE-NOTES: synced with f01df197981

- checkconnection: don't call with NULL pointer
  
  When checking if an existing RTSP connection is alive or not, the
  checkconnection function might be called with a SessionHandle pointer
  being NULL and then referenced causing a crash. This happened only using
  the multi interface.
  
  Reported by: Tinus van den Berg
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3280739

- curl.1: spell out the -O target directory
  
  When using -O the file will be saved in the current directory, and this
  is now spelled out clearly.

- OpenSSL: no-sslv2 aware
  
  Allow openSSL without SSL2 to be used. This fix is inspired by the fix
  provided by Cristian Rodrguez.
  
  Reported by: Cristian Rodrguez

- curl_easy_setopt.3: CURLOPT_RESOLVE typo version
  
  Reported by: Hongli Lai

Kamil Dudka (8 Apr 2011)
- nss: allow to use multiple client certificates for a single host
  
  In case a client certificate is used, invalidate SSL session cache
  at the end of a session.  This forces NSS to ask for a new client
  certificate when connecting second time to the same host.
  
  Bug: https://bugzilla.redhat.com/689031

Daniel Stenberg (7 Apr 2011)
- mk-ca-bundle.pl: show full URL in output
  
  When I decided to search for a potential error with the cacert bundle it
  struck me I wanted to see the full source URL in the output...

Dan Fandrich (7 Apr 2011)
- Added mention of FTP proxies

Daniel Stenberg (7 Apr 2011)
- [Gisle Vanem brought this change]

  src/Makefile.b32: updates
  
  * Rename the object object directory from 'objs' to 'BCC_obj' to be in
   sync with my previous patch for lib/Makefile.b32.
  
  * Turn off these warnings to keep the build totally silent (with CBuilder-6
   that is).
    -w-inl    8026 Functions X are not expanded inline.
    -w-pia   8060 Possibly incorrect assignment
    -w-pin  8061 Initialization is only partially bracketed
   (same added in src/Makefile.b32)
  
  * $(MKDIR) and $(RMDIR) have been replaced with the shell-commands 'md'
   and 'rd'. When having MingW/Msys programs 'mkdir.exe' and 'rmdir.exe' in
  $PATH, this confuses Borland's make and the result (the cleaning etc.) would
   not be as expected.
  
  * Removed the preprocessing step; no need for PP_CMD and the .int files.
   curl.exe builds fine w/o and the makefile gets simpler.
  
  * Added a target for creating a compressed hugehelp.c if WITH_ZLIB is  defined.
  It assumes groff, gzip and perl is available if such an "advanced"  users
  requests it. Okay? BTW. My groff and Perl needs unix-slashes ('/').
   Other perls should handle both forms ('/' and '\').

- [Gisle Vanem brought this change]

  lib/Makefile.b32: updates
  
  * Rename the object object directory from 'objs' to 'BCC_obj'. I feel
   it should be named properly. Ref. Makefile.Watcom where it's called
   'WC_Win32.obj'.
  
  * Turn off these warnings to keep the build totally silent (with CBuilder-6
   that is).
    -w-inl    8026 Functions X are not expanded inline.
    -w-pia   8060 Possibly incorrect assignment
    -w-pin  8061 Initialization is only partially bracketed
  
  I'm sure the warnings could be fixed the "proper" way or with some added
  "#pragma" statements. But that just clutters the sources IMHO.
  
  * $(MKDIR) and $(RMDIR) have been replaced with the shell-commands 'md'
   and 'rd'. When having MingW/Msys programs 'mkdir.exe' and 'rmdir.exe' in
  $PATH, this confuses Borland's make and the result (the cleaning etc.) would
   not be as expected.
  
  * Added a ".path.int = $(OBJDIR)" to tell make where the $(PREPROCESSED)
   files are. Why we need the preprocess step in the fist place is beyond me
  (Yang?). But I'll leave that for now.

- [Gisle Vanem brought this change]

  examples/makefile.dj: update email

- TODO-RELEASE: deleted 4 issues
  
  These problems have gotten no interest/feedback from users:
  
  -275 - Introduce a way to avoid sending USER for FTP connections
  -288 - bug 3219997 curl rtmp request curl: (55) select/poll returned error
  
  This problem is rather an autoconf bug with little user interest and it
  can be worked around with an older autoconf:
  
  -278 - "Configure  $as_echo does not work"
  
  This problem is not fixed:
  
  -286 - bug 3214223 Pipelined HTTP requests with a zero-length body broken

- [Chris Smowton brought this change]

  HTTP pipelining: Fix handling of zero-length responses
  
  Also add test case 584 for the same
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3214223

- libcurl.pc: version number fix
  
  This hasn't show the version number correctly since the $VERSION change
  in the configure, and now it works again.

Dan Fandrich (5 Apr 2011)
- Changed some nonportable types

- Don't list NTLM in curl-config when HTTP is disabled
  
  Also, fixed Curl_proxyCONNECT() stub with HTTP disabled.

- Fixed compatibility macro CURLE_URL_MALFORMAT_USER

Daniel Stenberg (5 Apr 2011)
- return code cleanup: build, init and run-time errors
  
  Stop the abuse of CURLE_FAILED_INIT as return code for things not being
  init related by introducing two new return codes:
  
  CURLE_NOT_BUILT_IN and CURLE_UNKNOWN_OPTION
  
  CURLE_NOT_BUILT_IN replaces return code 4 that has been obsoleted for
  several years. It is used for returning error when something is
  attempted to be used but the feature/option was not enabled or
  explictitly disabled at build-time. Getting this error mostly means that
  libcurl needs to be rebuilt.
  
  CURLE_FAILED_INIT is now saved and used strictly for init
  failures. Getting this problem means something went seriously wrong,
  like a resource shortage or similar.
  
  CURLE_UNKNOWN_OPTION is the option formerly known as
  CURLE_UNKNOWN_TELNET_OPTION (and the old name is still present,
  separately defined to be removed in a very distant future). This error
  code is meant to be used to return when an option is given to libcurl
  that isn't known. This problem would mostly indicate a problem in the
  program that uses libcurl.

- FTP+proxy: macrofied functions when proxy disabled
  
  In my attempts to reduce #ifdefs in code, the SOCKS functions are now
  macros when libcurl is built without proxy support and therefore the FTP
  code could avoid some #ifs.

- RELEASE-NOTES: synced with db59b6202d8

- [Ben Noordhuis brought this change]

  [pop3 starttls] PASS command was not sent after upgrade to TLS.

- [Ben Noordhuis brought this change]

  [pop3 starttls] the command to send is STLS, not STARTTLS.

Dan Fandrich (4 Apr 2011)
- Added http_proxy.c to the Symbian build files

Daniel Stenberg (4 Apr 2011)
- http-proxy: move proxy code to http_proxy.c
  
  The new http_proxy.* files now host HTTP proxy specific code (500+ lines
  moved out from http.c), and as a consequence there is a macro introduced
  for the Curl_proxyCONNECT() function so that code can use it without
  actually supporting proxy (or HTTP) in builds.

- disable cookies: remove ifdefs, move code
  
  1 - make sure to #define macros for cookie functions in the cookie
  header when cookies are disabled to avoid having to use #ifdefs in code
  using those functions.
  
  2 - move cookie-specific code to cookie.c and use the functio
  conditionally as mentioned in (1).
  
  net result: 6 #if lines removed, and 9 lines of code less

Kamil Dudka (4 Apr 2011)
- nss: fix a crash within SSL_AuthCertificate()
  
  The bug was introduced in 806dbb0 (a wrong value was passed in as the
  first argument to the default callback in our wrapper).

Daniel Stenberg (3 Apr 2011)
- multi: shorten lines
  
  We keep them less than 80 columns

- multi: conn goes bad when data change
  
  Within multi_socket when conn is used as a shorthand, data could be
  changed and multi_runsingle could modify the connectdata struct to deal
  with. This bug has not been included in a public release.
  
  Using 'conn' like that turned out to be ugly. This change is a partial
  revert of commit f1c6cd42f474df59.
  
  Reported by: Miroslav Spousta
  Bug: http://curl.haxx.se/bug/view.cgi?id=3265485

Guenter Knauf (1 Apr 2011)
- Increased script version.

- Make use of proxy vars if set.
  
  Posted to the list by Quanah Gibson-Mount [quanah zimbra.com].

- Use var again instead of hard-coded filename.

Daniel Stenberg (29 Mar 2011)
- [Gisle Vanem brought this change]

  typo fix

- curl_easy_setopt.3: mention TFTP read callback flaw
  
  The read callback must return the exact requested amount of data when it
  is used for doing TFTP uploads. This is due to how it deals with data
  internally. This could/should be fixed but for now we document the
  existing behavior.
  
  Reported by: Colin Blair
  Bug: http://curl.haxx.se/mail/lib-2011-03/0319.html

Yang Tse (27 Mar 2011)
- configure: fix libtool warning

Daniel Stenberg (25 Mar 2011)
- [Peter Sylvester brought this change]

  TSL-SRP: enabled with OpenSSL
  
  If a new enough OpenSSL version is used, configure detects the TLS-SRP
  support and enables it.

- RELEASE-NOTES: synced with 11c2db2aa2a

- fix: re-use of bound connections
  
  When asked to bind the local end of a connection when doing a request,
  the code will now disqualify other existing connections from re-use even
  if they are connected to the correct remote host.
  
  This will also affect which connections that can be used for pipelining,
  so that only connections that aren't bound or bound to the same
  device/port you're asking for will be considered.

- symbols-in-versions: make test 1119 happy

- rtsp: move protocol code to dedicated file
  
  The RTSP-specific function for checking for "dead" connection is better
  located in rtsp.c. The code using this is now written without #ifdefs as
  the function call is instead turned into a macro (in rtsp.h) when RTSP
  is disabled.

- MAIL-ETIQUETTE: intro and spam
  
  Added a little generic info section about the lists and a section about
  how to deal with trolls and spam on the lists.

- TODO-RELEASE: 1 fixed, 1 notabug
  
  Fixed:
  
  271 - fix the IPv6-working probing to only exist at one place in the code and
        only get done once
  
  A problem not repeatable and no proper recipe given and therefore simply
  removed for now until we hear something else:
  
  282 - 100 Continue responses should return the "final" HTTP response code:
        "Getting the HTTP response code following a 100 Continue"

- ipv6: only probe once
  
  Move ipv6-functional-probe into a single function that is used from all
  places that need to know.
  
  Make the probe function store the result in a static variable so that
  subsequent invokes just returns the previous result and won't have to
  probe again.

- headers: more copyright headers added

- MAIL-ETIQUETTE: how to behave
  
  This is a new documentation for the source tree. This information has
  been present since a long time at
  http://curl.haxx.se/mail/etiquette.html but now it is put into a plain
  text version too for wider distribution. The web version will be
  automatically generated from this source document.

Julien Chaffraix (21 Mar 2011)
- progress: don't print the last update on a separate line.
  
  Curl_posttransfer is called too soon to add the final new line.
  Moved the new line logic to pgrsDone as there is no more call to
  update the progress status after this call.
  
  Reported by: Dmitri Shubin <sbn_at_tbricks.com>
  http://curl.haxx.se/mail/lib-2010-12/0162.html

Daniel Stenberg (21 Mar 2011)
- TODO-RELEASE: fixed 2, got 3 new!

- [Dave Reisner brought this change]

  libcurl.m4: Add missing quotes in AC_LINK_IFELSE
  
  This avoids warnings generated by autoconf 2.68.
  
  Signed-off-by: Dave Reisner <d@falconindy.com>

- retry-request: rewind if data was sent
  
  When libcurl sends a HTTP request on a re-used connection and detects it
  being closed (ie no data at all was read from it), it is important to
  rewind if any data in the request was sent using the read callback or
  was read from file, as otherwise the retried request will be broken.
  
  Reported by: Chris Smowton
  Bug: http://curl.haxx.se/bug/view.cgi?id=3195205

- configure: avoid $VERSION
  
  To reduce the risk of variable name conflicts, use CURLVERSION instead
  of VERSION.

- symbols-in-versions: many corrections
  
  Scanned with a tool that checked for mistakes and this is the subsequent
  cleanup.

Julien Chaffraix (20 Mar 2011)
- unit1305: Fixed the test to match our coding style.

- url: 0 is PROTOPT_NONE.
  
  Tiny tweak after Daniel's refactoring of the protocol handlers.

Daniel Stenberg (19 Mar 2011)
- pop3: add state name in debug array
  
  We have an array with the state names only built and used when built
  debug enabled and this need to list all the states from the .h

Dan Fandrich (18 Mar 2011)
- Added two more POP3 tests

- pop3: use Curl_safefree() to allow torture tests to succeed

Daniel Stenberg (18 Mar 2011)
- symbol-scan.pl: detect duplicates
  
  Test 1119 now also makes sure that symbols-in-versions doesn't contain
  any duplicates

- CONTRIBUTE: minor edits
  
  Slightly modified to become a nicer web page when converted for the site

- RELEASE-NOTES: synced with 0c05ee3a33d4d7

- pop3: remove unused variable

Dan Fandrich (17 Mar 2011)
- Added support for LISTing a single POP3 message
  
  Added tests for a number of POP3 LIST operations, including one
  that shows a curl problem when listing no messages, so is
  disabled.

- pop3: fixed memory leak in an error retrieval case

Daniel Stenberg (17 Mar 2011)
- symbols-in-versions: remove duplicates

- symbols-in-versions: 2 corrections
  
  CURLE_CHUNK_FAILED and CURLE_FTP_BAD_FILE_LIST were introduced in
  7.21.0, not 7.20.1

- connection setup: if HTTP is disabled asking for HTTP proxy is bad

- FAQ: better english
  
  Reported by: Andre Guibert de Bruet

- scan-build warning
  
  Value stored to 'len' is never read

- ldap_recv: check return code from ldap_get_dn_ber

- compiler warnings fixed
  
  Use (void)[variable] to inhibit unused argument/variables warnings.

- [Ben Noordhuis brought this change]

  SMTP-multi: non-blocking connect
  
  Use Curl_ssl_connect_nonblocking() when upgrading the connection to
  TLS/SSL while using the multi interface.

- [Ben Noordhuis brought this change]

  SMTP in multi mode: use Curl_ssl_connect_nonblocking() when connecting.

- lib582: use curl_socket_t for portability

- buildfix: spell define correctly

Kamil Dudka (15 Mar 2011)
- nss: do not ignore value of CURLOPT_SSL_VERIFYPEER
  
  When NSS-powered libcurl connected to a SSL server with
  CURLOPT_SSL_VERIFYPEER equal to zero, NSS remembered that the peer
  certificate was accepted by libcurl and did not ask the second time when
  connecting to the same server with CURLOPT_SSL_VERIFYPEER equal to one.
  
  This patch turns off the SSL session cache for the particular SSL socket
  if peer verification is disabled.  In order to avoid any performance
  impact, the peer verification is completely skipped in that case, which
  makes it even faster than before.
  
  Bug: https://bugzilla.redhat.com/678580

Guenter Knauf (15 Mar 2011)
- Removed unused var.

Daniel Stenberg (15 Mar 2011)
- configure: stop using the deprecated AM_INIT_AUTOMAKE syntax

- protocol handler cleanup: SSL awareness
  
  As a follow-up to commit 8831000bc0: don't assume that the SSL powered
  protocol alternatives are available.

- ldap: use the new protocol handler setup
  
  Use the new flags field and stop using the old protocol defines.

- TODO-RELEASE: add and remove issues
  
  Removed a fixed issue, added five new existing ones and clarified one of
  the previous ones.

- protocols: use CURLPROTO_ internally
  
  The PROT_* set of internal defines for the protocols is no longer
  used. We now use the same bits internally as we have defined in the
  public header using the CURLPROTO_ prefix. This is for simplicity and
  because the PROT_* prefix was already used duplicated internally for a
  set of KRB4 values.
  
  The PROTOPT_* defines were moved up to just below the struct definition
  within which they are used.

- protocol handler: added flags field
  
  The protocol handler struct got a 'flags' field for special information
  and characteristics of the given protocol.
  
  This now enables us to move away central protocol information such as
  CLOSEACTION and DUALCHANNEL from single defines in a central place, out
  to each protocol's definition. It also made us stop abusing the protocol
  field for other info than the protocol, and we could start cleaning up
  other protocol-specific things by adding flags bits to set in the
  handler struct.
  
  The "protocol" field connectdata struct was removed as well and the code
  now refers directly to the conn->handler->protocol field instead. To
  make things work properly, the code now always store a conn->given
  pointer that points out the original handler struct so that the code can
  learn details from the original protocol even if conn->handler is
  modified along the way - for example when switching to go over a HTTP
  proxy.

Patrick Monnerat (14 Mar 2011)
- - Take new char * options into account in OS400 curl_easy_setopt_ccsid().
  - Keep RPG binding, STRING_* table end check and OS400 README up to date.

Daniel Stenberg (14 Mar 2011)
- FAQ: indent tables
  
  Lines that are indented with at least 5 spaces get special treatment by
  the script that converts it to HTML on the site.

- sslgen: define Curl_ssl_connect_nonblocking for non-SSL
  
  The non-blocking connect improvement for IMAP showed that we didn't
  properly define the Curl_ssl_connect_nonblocking function for non-SSL
  builds.
  
  Reported by: Tor Arntsen

- configure: removed wrongly claimed default paths
  
  Several --with-XXX options claimed the wrong default path in their help
  outputs.
  
  Reported by: Vincent Torri

- [Ask Bjørn Hansen brought this change]

  mk-ca-bundle.pl: Only download if modified
  
  Only download and convert the certdata to the ca-bundle.crt if Mozilla
  changed the data
  
  The Perl LWP module (which in a bit of a circular reference is used by
  mk-ca-bundle.pl) is now indirectly using this script. I made this small
  tweak to make it easier to automatically maintain the generated
  ca-bundle.crt file in version control.

- SSH: add protocol lock direction
  
  Some protocols have to call the underlying functions without regard to
  what exact state the socket signals. For example even if the socket says
  "readable", the send function might need to be called while uploading,
  or vice versa. This is the case for libssh2 based protocols: SCP and
  SFTP and we now introduce a define to set those protocols and we make
  the multi interface code aware of this concept.
  
  This is another fix to make test 582 run properly.

- state: add missing state to debug table
  
  As a new state recently was added to the IMAP state machine it has to be
  in the array of names as well as otherwise libcurl crashes when a debug
  version runs...

- test 582: enabled again
  
  Commit ca37692bf43b5ef should now hopefully make it run

- ssh_statemach_act: set cselect for sftp upload
  
  For uploads we want to use the _sending_ function even when the socket
  turns out readable as the underlying libssh2 sftp send function will
  deal with both accordingly. This is what the cselect_bits magic is for.
  
  Fixes test 582.

- RELEASE-NOTES: synced with e649a7baae2

- Revert "test582: enabled"
  
  This reverts commit b8478187406cf625c9d0f10b45a082221130cc92.

- Merge branch 'imap' of https://github.com/bnoordhuis/curl into bnoordhuis-imap

- TODO-RELEASE: fixed four isues
  
  These issues are now addressed:
  
  276 - Karl M's vc makefile patch
  277 - The "Stall when uploading to sftp using multi interface"  bug
  279 - curl_multi_remove_handle() crashes
  280 - Marcus Sundberg's gss patch

- [Karl M brought this change]

  VC: add missing file
  
  http_negotiate_sspi.c was added to the source tree recently

- [Marcus Sundberg brought this change]

  GSS: handle reuse fix
  
  Make GSS authentication work when a curl handle is reused for multiple
  authenticated requests, by always setting negdata->state in
  output_auth_headers().
  
  Signed-off-by: Marcus Sundberg <marcus.sundberg@aptilo.com>

- test583: verify early SSH multi remove handle
  
  This test case is meant to verify that the logic in commit
  60172a0446bbe3f8b actually works. This test failed for me before that
  change and it works after it.

- SFTP: gracefully handle shutdown early
  
  When using the multi interface and a handle using SFTP was removed very
  early on, we would get a segfault due to the code assumed data was there
  that hadn't yet been setup.
  
  Bug: http://curl.haxx.se/mail/lib-2011-03/0066.html
  Reported by: Saqib Ali

- [Manuel Massing brought this change]

  CURL_CHECK_FUNC_RECVFROM: android/bionic fix
  
  recvfrom in bionic (the android libc) deviates from POSIX and uses a
  const in the 5th argument ("const struct sockaddr *") so the check now
  tests for that as well.

- test582: enabled

- PROT_CLOSEACTION: added SFTP and SCP
  
  Both SFTP and SCP are protocols that need to shut down stuff properly
  when the connection is about to get torned down. The primary effect of
  not doing this shows up as memory leaks (when using SCP or SFTP with the
  multi interface).
  
  This is one of the problems detected by test 582.

- readwrite_upload: stop upload at file size
  
  As we know how much to send, we can and should stop once we've sent that
  much data as it avoids having to rely on other mechanisms to detect the
  end.
  
  This is one of the problems detected by test 582.
  
  Reported by: Henry Ludemann <misc@hl.id.au>

- sftp upload: expire to advance state machine
  
  When using the multi_socket API to do SFTP upload, it is important that
  we set a quick expire when leaving the SSH_SFTP_UPLOAD_INIT state as
  there's nothing happening on the socket so there's no read or write to
  wait for, but the next libssh2 API function needs to be called to get
  the ball rolling.
  
  This is one of the problems detected by test 582.
  
  Reported by: Henry Ludemann <misc@hl.id.au>

- test582: improved info messages

- source header: added to more files

- sources: update source headers
  
  All C and H files now (should) feature the proper project curl source
  code header, which includes basic info, a copyright statement and some
  basic disclaimers.

- TODO-RELEASE: add 10 pending issues

- TODO-RELEASE: fix the IPv6-working probing

- tests: phase out haxx.se
  
  Instead of using haxx.se as a fixed magic host name in lots of tests,
  this is a first step to move toward the generic example.com host
  instead.

- test523: avoid using haxx.se
  
  ... since search engines find what they think is a URL in this, they
  hammer www.haxx.se on this port!

- configure: update the copyright year in the output

Dan Fandrich (9 Mar 2011)
- Force setopt constants written by --libcurl to be long

Daniel Stenberg (8 Mar 2011)
- cyassl: fix compiler warnings

- [Todd A Ouska brought this change]

  SSL: (part 2) Added CyaSSL to SSL abstraction layer
  
  This is the modified existing files commit.

- [Todd A Ouska brought this change]

  SSL: Added CyaSSL to SSL abstraction layer
  
  CyaSSL (available from git@github.com:cyassl/cyassl.git) has been
  added to the SSL abstraction layer.
  
  To test:
  1) git CyaSSL sources
  2) autoreconf -i
  3) ./configure --disable-static
  4) make
  5) sudo make install
  6) autoreconf -i
  7) git curl sources (and this patch)
  8) ./configure --disable-shared --with-cyassl --without-ssl --enable-debug
  9) make
  10) normal testing
  
  Please send questions or comments to todd@yassl.com .

- curl.1: clarify -E
  
  Stress that it is for client certificates and then mention that it also
  works for all other SSL-based protocols apart from HTTPS and
  FTPS. Namely POP3S, IMAPS and SMTPS for now.

- FAQ: Protocol xxx not supported or disabled in libcurl

- lib582: used for test 582
  
  Accidentally not included in commit 0e74e1d8d83

Dan Fandrich (7 Mar 2011)
- Fixed libcurl to honour the --disable-ldaps configure option

Daniel Stenberg (8 Mar 2011)
- [Henry Ludemann brought this change]

  sftp-multi: test 582 added
  
  Add test 582 for uploading a file using sftp and the multi interface.
  
  (Patch and test slightly tweaked by Daniel Stenberg)
  
  Initially marked as disabled until it is fixed in the source.

- FAQ: How to SFTP from my user's home directory?

- cpp: correct #endif placement
  
  The end-of-file #endif in rawstr.h was not correcly positioned after all
  prototypes.
  
  Reported by: Boris
  Bug: http://curl.haxx.se/bug/view.cgi?id=3195205

Dan Fandrich (4 Mar 2011)
- Moved test 577 into the unit test framework as test 1307

- Added unit test 1306 so tests 558 & 559 are now fully replaced

- The unit test argument is allowed to be used

- Converted tests 558 & 559 to use the unit test framework as 1305
  
  Test 558 was just a subset of 559 which is something that can be
  easily added later.

- Fixed test 1300 to pass the torture test

- Added abort_* unit test macros
  
  These are for when a test failure makes it impossible to continue
  running further tests.

Kamil Dudka (4 Mar 2011)
- [Stefan Krause brought this change]

  transfer: avoid insane conversion of time_t

Daniel Stenberg (26 Feb 2011)
- ssh_connect: treat libssh2 return code better
  
  libssh2_knownhost_readfile() returns a negative value on error or
  otherwise number of parsed known hosts - this was previously not
  documented correctly in the libssh2 man page for the function.
  
  Bug: http://curl.haxx.se/mail/lib-2011-02/0327.html
  Reported by: murat

Julien Chaffraix (25 Feb 2011)
- http: removed wrong unused comment.
  
  |premature| is used in Curl_http_done.

- http: removed code duplication for stubbed https_getsock function.

Daniel Stenberg (23 Feb 2011)
- RELEASE-NOTES: synced with 2345c1dd661c

- runtests.pl/stopserver: space separate pids
  
  The stopserver function would append pids to kill and could append them
  without separating them with space properly. The result would be a very
  large number that by (some implementations of) kill would be interpreted
  as a negative number and that process group would be wiped...
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3188836
  Reported by: Greg Pratt

Kamil Dudka (22 Feb 2011)
- nss: do not ignore failure of SSL handshake
  
  Flaw introduced in fc77790 and present in curl-7.21.4.
  Bug: https://bugzilla.redhat.com/669702#c16

Daniel Stenberg (21 Feb 2011)
- CURLOPT_SSH_KEYFUNCTION: requires *SSH_KNOWNHOSTS
  
  Extend the docs to clarify that CURLOPT_SSH_KEYFUNCTION is only called
  if the known hosts option is also correctly set!

Julien Chaffraix (20 Feb 2011)
- curl_easy_setopt.3: Removed wrong reference to CURLOPT_USERPASSWORD.
  
  CURLOPT_HTTPAUTH was mentioning CURLOPT_USERPASSWORD instead of
  CURLOPT_PASSWORD.
  
  Reported by: Mike Henshaw

- netrc: Removed _NETRC_DEBUG code.
  
  This is not needed anymore as we have unit testing running on it.

- tests: Cleaned up netrc testing.
  
  Removed the "netrc_debug" keyword replaced with --netrc-file additions.
  Removed the debug code from Curl_parsenetrc as it is superseeded by
  --netrc-file.

- curl: Added --netrc-file.
  
  This enables people to specify a path to the netrc file to use.
  The new option override --netrc if both are present. However it
  does follow --netrc-optional if specified.

Ben Noordhuis (20 Feb 2011)
- IMAP in multi mode: use Curl_ssl_connect_nonblocking() when upgrading the connection to TLS/SSL.

- IMAP in multi mode: use Curl_ssl_connect_nonblocking() when connecting.

Daniel Stenberg (18 Feb 2011)
- [Mike Crowe brought this change]

  multi: close connection on timeout
  
  After a request times out, the connection wasn't properly closed and
  prevented to get re-used, so subsequent transfers could still mistakenly
  get to use the previously aborted connection.

- multi: better failed connect treatment
  
  When failing to connect the protocol during the CURLM_STATE_PROTOCONNECT
  state, Curl_done() has to be called with the premature flag set TRUE as
  for the pingpong protocols this can be important.
  
  When Curl_done() is called with premature == TRUE, it needs to call
  Curl_disconnect() with its 'dead_connection' argument set to TRUE as
  well so that any protocol handler's disconnect function won't attempt to
  use the (control) connection for anything.
  
  This problem caused the pingpong protocols to fail to disconnect when
  STARTTLS failed.
  
  Reported by: Alona Rossen
  Bug: http://curl.haxx.se/mail/lib-2011-02/0195.html

- [Hoi-Ho Chan brought this change]

  PolarSSL: Return 0 on receiving TLS CLOSE_NOTIFY alert
  
  Signed-off-by: Hoi-Ho Chan <hoiho.chan@gmail.com>

- symbols-in-versions: sorted
  
  I forgot to sort it when I added the CURL_SOCKOPT_* symbols

- TODO-RELEASE: refresh

- SOCKOPTFUNCTION: documented new return codes

- SOCKOPTFUNCTION: callback can say already-connected
  
  Introducing a few CURL_SOCKOPT* defines for conveniance. The new
  CURL_SOCKOPT_ALREADY_CONNECTED signals to libcurl that the socket is to
  be treated as already connected and thus it will skip the connect()
  call.

Kamil Dudka (17 Feb 2011)
- nss: avoid memory leak on SSL connection failure

Daniel Stenberg (17 Feb 2011)
- RELEASE-NOTES: fresh start towards 7.21.5

- curlver.h: bump to 7.21.5

- THANKS: add contributors from 7.21.4

Version 7.21.4 (17 Feb 2011)

Guenter Knauf (17 Feb 2011)
- Set -fpcc-struct-return only for gcc compiler.

Daniel Stenberg (17 Feb 2011)
- RELEASE-NOTES: credits since 7.21.3
  
  I went through all the names mentioned as authors and in commit messages
  since 7.21.3, and this list inserted now is sorted on first name.

- nss_load_key: fix unused variable warning

- gmtime: remove define
  
  It turns out some systems rely on the gmtime or gmtime_r to be defined
  already in the system headers and thus my "precaution" redefining of
  them only caused trouble. They are now removed.

Guenter Knauf (13 Feb 2011)
- Added -m32 to CFLAGS to compile with x86_64 gcc.

- Updated OpenSSL version, added links to docu.

Daniel Stenberg (10 Feb 2011)
- RELEASE-NOTES: synced with 3bb1291fbd4

- --keepalive-time: warn if not supported properly
  
  Since the feature requires support for TCP_KEEPIDLE and TCP_KEEPINTVL to
  function as documented, it now warns if that support is missing when the
  option is used.

Dan Fandrich (10 Feb 2011)
- Call ERR_peek_error instead of ERR_peek_last_error
  
  The latter isn't available in older OpenSSL versions, and is
  less useful since it returns the most recent error instead of
  the first one encountered.

Julien Chaffraix (10 Feb 2011)
- netrc: Enable setting up the filename in unit tests.
  
  Unset the environment variable so that we can specify different
  filenames in the unit test.

- test1304: Added some unit tests for Curl_parsenetrc.
  
  Moved some definitons into the header file so that we can reuse them.

Daniel Stenberg (9 Feb 2011)
- [Quinn Slack brought this change]

  CURLE_TLSAUTH_FAILED: removed
  
  On second thought, I think CURLE_TLSAUTH_FAILED should be eliminated. It
  was only being raised when an internal error occurred while allocating
  or setting the GnuTLS SRP client credentials struct. For TLS
  authentication failures, the general CURLE_SSL_CONNECT_ERROR seems
  appropriate; its error string already includes "passwords" as a possible
  cause. Having a separate TLS auth error code might also cause people to
  think that a TLS auth failure means the wrong username or password was
  entered, when it could also be a sign of a man-in-the-middle attack.

- [Quinn Slack brought this change]

  TLS-SRP: new options documented

- CURLOPT_SOCKOPTFUNCTION: return proper error code
  
  When the callback returns an error, this function must make sure to return
  CURLE_ABORTED_BY_CALLBACK properly and not CURLE_OK as before to allow the
  callback to properly abort the operation.

- curl.1: typo in -v description
  
  Reported by: Ian D Allen
  Bug: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/714895
  
  Forwarded to us by:
  
  Reported by: Andreas Olsson
  Bug: http://curl.haxx.se/bug/view.cgi?id=3175422

Julien Chaffraix (7 Feb 2011)
- netrc: Removed dead code.
  
  The main has not been updated from some time and is out of sync with
  the code. The code is now tested by several test cases so no need for
  a seperate code path.

- netrc: Tightened up the type checks.
  
  The state should not be anonymous so that we can check if the values
  are fine. Added 2 unreachables states to the switch as a result of this
  change.

- imap: Fixed typo in a comment.

Daniel Stenberg (7 Feb 2011)
- Curl_gmtime: avoid future mistakes
  
  Document Curl_gmtime() and define away the old functions so that they
  won't be used internally again by mistake.

- Curl_gmtime: added a portable gmtime
  
  Instead of polluting many places with #ifdefs, we create a single place
  for this function, and also check return code properly so that a NULL
  pointer returned won't cause problems.

Guenter Knauf (3 Feb 2011)
- mk-ca-bundle.vbs: use new cacert url
  
  The official Mozilla page at http://www.mozilla.org/projects/security/certs/
  points out a new place as the "proper" place to get Mozilla's CA certs from
  so this script is now updated to use that instead.
  
  Reported by: Daniel Mentz

Daniel Stenberg (2 Feb 2011)
- mk-ca-bundle.pl: use new cacert url
  
  The official Mozilla page at
  http://www.mozilla.org/projects/security/certs/ points out a new place
  as the "proper" place to get Mozilla's CA certs from so this script is
  now updated to use that instead.
  
  Reported by: Daniel Mentz

- [Bjoern Sikora brought this change]

  ssluse: improved error message on SSL_CTX_new failures
  
  "SSL: couldn't create a context" really isn't that helpful, now it'll
  also extract an explanation from OpenSSL and append to the right.

- [Nicholas Maniscalco brought this change]

  multi: fix CURLM_STATE_TOOFAST for multi_socket
  
  The code in the toofast state needs to first recalculate the values
  before it uses them again since it may have been a while since it last
  did it when it reaches this point.

- unit1300: code style cleanup

- [Amr Shahin brought this change]

  adding unit tests for Curl_llist_remove

Patrick Monnerat (31 Jan 2011)
- Include TLSAUTH options in ILE/RPG binding.

Kamil Dudka (31 Jan 2011)
- [Dave Reisner brought this change]

  file: add support for CURLOPT_TIMECONDITION

- [Dave Reisner brought this change]

  transfer: add Curl_meets_timecondition()
  
  This will be used by file_do() and Curl_readwrite() as a unified method
  of checking to see if a remote document meets the supplied
  CURLOPT_TIMEVAL and CURLOPT_TIMECONDITION.
  
  Signed-off-by: Dave Reisner <d@falconindy.com>

Daniel Stenberg (29 Jan 2011)
- FAQ: clarified/expanded 6.7 a bit
  
  "6.7 What are my obligations when using libcurl in my commercial apps?"
  got the piece about what exactly "in all copies" mean to a user of the
  code.
  
  This interpretation is based on what other MIT-like licenses have made
  more explicit.

- COPYING: update the year to 2011
  
  The generic copyright year range now includes 2011

- [Pierre Joye brought this change]

  Windows build: alternative makefile
  
  This is a separate makefile for MSVC builds. It is deliberately put in
  another dir than src/ and lib/ to allow a different build experience
  than the previous - at least during a period. Eventually we should
  unify.

- test: add test 580 to the dist

Dan Fandrich (27 Jan 2011)
- Some minor edits including updates to function names

Daniel Stenberg (27 Jan 2011)
- ares: memory leak fix
  
  The double name resolve trick used with c-ares could leave allocated
  memory in 'temp_ai' if the operation was aborted in the middle.

- ares_query_completed_cb: don't touch invalid data
  
  When this callback is called due to the destruction of the ares handle,
  the connection pointer passed in as an argument may no longer pointing
  to valid data and this function doesn't need to do anything with it
  anyway so we make sure it doesn't.
  
  Bug: http://curl.haxx.se/mail/lib-2011-01/0333.html
  Reported by: Vsevolod Novikov

Kamil Dudka (27 Jan 2011)
- nss: avoid memory leaks and failure of NSS shutdown
  
  ... in case more than one CA is loaded.
  
  Bug: https://bugzilla.redhat.com/670802

Dan Fandrich (26 Jan 2011)
- Mention that sftp quote commands can be quoted

Daniel Stenberg (25 Jan 2011)
- tests: more multiple headers checks

- HTTP: memory leak on multiple Location:
  
  The HTTP parser allocated memory on each received Location: header
  without properly freeing old data. Starting now, the code only considers
  the first Location: header and will blissfully ignore subsequent ones.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3165129
  Reported by: Martin Lemke

- FAQ: clarify 5.13 how to stop a transfer

Guenter Knauf (22 Jan 2011)
- Fixed C++ style comment not allowed in ISO C90.

Dan Fandrich (21 Jan 2011)
- Mention axTLS in some more documentation

Daniel Stenberg (20 Jan 2011)
- runtests.pl: make -s not show skipped tests

- [Amr Shahin brought this change]

  unittest: add 3 tests to test1300
  
  Testing Curl_llist_insert_next

Dan Fandrich (20 Jan 2011)
- [Darshan Mody brought this change]

  Fixed compile using OpenSSL versions < 0.9.4a

Daniel Stenberg (19 Jan 2011)
- main: make the tlsauth options always present
  
  ... to not make the connection between the tool and the libcurl used
  tighter than necessary, the tlsauth options are now always present but
  if the used libcurl doesn't have TLSAUTH support it will return failure.
  
  Also, replaced strncmp() with strequal to get case insensitive matching.

- symbols-in-versions: add the new TLSAUTH-SRP symbols

- configure: TLS-SRP wasn't added as a feature
  
  Test case 1014 failed since TLS-SRP was correctly set to the features
  variable so curl-config --features didn't output it.

- dist: add new certs to tarball

- [Quinn Slack brought this change]

  TLS-SRP: support added when using GnuTLS

- CURLOPT_SSL_VERIFYPEER: more clarifications
  
  The default value is 1.
  
  curl _uses_ a default CA bundle, it doesn't install one.
  
  Drop the references to 7.10 as that is now >8 years old!

- TheArtOfHttpScripting: extended
  
  Extended the intial HTTP protcol part and added a mention of --trace and
  --trace-ascii.
  
  Replaced most URLs in the text to use example.com instead of all the
  made up strange names.
  
  Shortened a bunch of lines.

- curl_easy_setopt.3: clarify VERIFYHOST/PEER
  
  Extended the descriptions somewhat and made the options get listed next
  to each other.

- RELEASE-NOTES: mention contributors

- RELEASE-NOTES: synced with 7fcbdd68b9e

Guenter Knauf (18 Jan 2011)
- Fixed configure define for Win32.
  
  Submitted by Vincent Torri.

Kamil Dudka (18 Jan 2011)
- nss: fix a bug in handling of CURLOPT_CAPATH
  
  ... and update the curl.1 and curl_easy_setopt.3 man pages such that
  they do not suggest to use an OpenSSL utility if curl is not built
  against OpenSSL.
  
  Bug: https://bugzilla.redhat.com/669702

Guenter Knauf (17 Jan 2011)
- Avoid redefines.

Daniel Stenberg (15 Jan 2011)
- curl.1: fix spelling
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3157232
  Reported by: John Bradshaw

Guenter Knauf (14 Jan 2011)
- Added casts to silent gcc warnings.

Yang Tse (13 Jan 2011)
- build: BCC - makefile.b32 tweak
  
  Get rid of stdout redirection to NUL and move stderr redirection
  into RM and RMDIR macros.

- build: BCC - makefile.b32 tweak
  
  Check for BCCDIR environment var done now as other checks.

Guenter Knauf (13 Jan 2011)
- Use env var for PSDK instead of hardcoded path.

- Enabled SSPI support by default.

- Use MAKE macro with BCC targets.

Yang Tse (12 Jan 2011)
- docs - update BCC INSTALL section

- build: BCC - require Borlands's MAKE for Makefile.b32 processing.

- build: BCC - recover lost functionality from commit 3d813204260b37289411
  
  Borland's $(MAKEDIR) expands to the path where make.exe is located,
  use this feature to define BCCDIR when user has not defined BCCDIR.

- build: use external preprocessor cpp32 when building with Borland C

- build: allow usage of Borland 5.5.1 external preprocessor cpp32

Guenter Knauf (11 Jan 2011)
- Disable LDAP support since BCC headers are insufficient.

- Instead of exiting with error lets set BCCDIR self.

- Some Borland C++ makefile tweaks.

- Borland C++ doesnt have struct sockaddr_storage.

Daniel Stenberg (11 Jan 2011)
- connect: use UDP correctly
  
  The idea that the protocol and socktype is part of name resolving in the
  libc functions is nuts. We keep the name resolver functions assume
  TCP/STREAM and we make sure that when we want to connect to a UDP
  service we use the correct UDP/DGRAM set instead. This bug was because
  the ->protocol field was not always set correctly.
  
  This bug was only affecting ipv6-disabled non-cares non-threaded builds.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3154436
  Reported by: "dperham"

- [Quinn Slack brought this change]

  SSL: fix memory leak
  
  In OOM situation. Follow-up fix to commit a9cd4f4ed49e1a0.

- gtls: fix memory leak
  
  Bug: http://curl.haxx.se/mail/lib-2011-01/0079.html
  Reported by: Quinn Slack

- [Marcel Roelofs brought this change]

  HTTP: HTTP Negotiate authentication using SSPI
  
  Only under Windows

- cmake: removed two files
  
  CMake/CheckTypeSize.c.in and CMake/CheckTypeSize.cmake were removed in
  the previous cmake commit

Dan Fandrich (5 Jan 2011)
- Made unit_setup() return an error code to abort the test early
  
  This makes it possible to skip the call to unit_stop() in such
  cases.  Also use Curl_safefree() in unit test 1302 so it will
  pass the memory torture test.

Daniel Stenberg (6 Jan 2011)
- SSH: speedcheck clobbered existing error
  
  The just added speedcheck must not ruin the error code if already set
  due to a problem.

- [Brad King brought this change]

  CMake: Use upstream CheckTypeSize module
  
  The CheckTypeSize module that comes with CMake 2.6.2 and above does
  everything we need and also supports cross-compiling.  Avoid duplicating
  an older version of it here.  This also fixes a cross-compiling error
  because the old line
  
    include ("${CMAKE_MODULE_PATH}/CheckTypeSize.cmake")
  
  failed because CMAKE_MODULE_PATH is a search path and not a directory.
  
  Signed-off-by: Brad King <brad.king@kitware.com>

- SSH: acknowledge speedcheck
  
  Check for speedcheck limits during the state machine traversals

- tests: <info> tag corrections

- unittest: 1303 tests Curl_timeleft
  
  I came up with 33 different ways to call it and verify that it returns the
  correct return code.

- curlcheck.h: add fail()
  
  fail is a new function/macro that a test case can use to indicate a test
  failure for cases when the standard macros are not sufficient.

- Curl_timeleft: s/conn/data in first argument
  
  As the function doesn't really use the connectdata struct but only the
  SessionHanadle struct I modified what argument it wants.

Dan Fandrich (4 Jan 2011)
- Fixed path to allow out-of-tree builds

Kamil Dudka (4 Jan 2011)
- nss: avoid CURLE_OUT_OF_MEMORY given a file name without any slash
  
  Bug: https://bugzilla.redhat.com/623663

Daniel Stenberg (4 Jan 2011)
- ignore: all executable unit test cases

- tests: add 1302 to the package

- unittest: test base64 encode/decode

- curlcheck.h: avoid using NULL pointers

- curlcheck.h: add verify_memory
  
  This check verifies that a pointer contains the correct data.

- curlcheck.h: add newlines in error messages

- unittest: verify curl_strequal

- get_cert_chain: support larger data sets
  
  512 bytes turned out too short for some data, so now we allocate a
  larger buffer instead
  
  Bug: http://curl.haxx.se/mail/archive-2011-01/0002.html

- RELEASE-NOTES: synced with 83e9fb21aabbec2

- curlcheck.h: add fail_if() fix code
  
  The UNITTEST_START and UNITTEST_STOP defines needed to do a new brace
  level so that test cases can declare variables fine and still remain
  fine C89 code.

- unittests: basic docs

- ignore: unit test files

- unittests: a dedicated feature in tests
  
  The test runner script now knows if unittests can run and the unit test
  setup file says it is one. I also made runtests.pl deal with no
  <command> tag set, so that the description file can get even simpler.

- unittesting: build a separate static lib
  
  When configure --enable-debug has been used, all files in lib/ are now
  built twice and a separate static library crafted for unit-testing will
  be linked. The unit tests in the tests/unit subdir will use that
  library.

- unittest: framework for unit-testing
  
  This is the first approach at doing fairly clean and easy to write and
  debug unit tests.

- SSH: avoid PATH_MAX with alloc
  
  We cannot assume that PATH_MAX will be enough for the remote path name
  so allocating room for it is the only sensible approach.

- TODO: get rid of PATH_MAX

- Curl_nss_connect: avoid PATH_MAX
  
  Since some systems don't have PATH_MAX and it isn't that clever to
  assume a fixed maximum path length, the code now allocates buffer space
  instead of using stack.
  
  Reported by: Samuel Thibault
  Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608521

- SFTP: make pwd output result to header callback
  
  Sending "pwd" as a QUOTE command only sent the reply to the
  DEBUGFUNCTION. Now it also sends an FTP-like header to the header
  callback to allow similar operations as with FTP, and apps can re-use
  the same parser.

- pubkey_show: allocate buffer to fit any-size result
  
  The loop condition was wrong so keys larger than 340 bits would overflow
  the local stack-based buffer.

- CURLINFO_FTP_ENTRY_PATH: sftp support

- [Luke Amery brought this change]

  ssh: honour the CURLINFO_FTP_ENTRY_PATH curl_getinfo option

- [Pierre Joye brought this change]

  IDN: use win32 API if told to
  
  The functionality is provided in a new source file: lib/idn_win32.c

Yang Tse (28 Dec 2010)
- test harness: take in account that Windows does not support LD_PRELOAD
  
  configure.ac: Test harness libhostname library will not be built for Windows.
  
  runtests.pl: LD_PRELOAD mechanism will not be used to load libhostname
  library on operating systems which lack LD_PRELOAD support.

Daniel Stenberg (27 Dec 2010)
- c-ares: fix cancelled resolves
  
  When built IPv6-enabled, we could do Curl_done() with one of the two
  resolves having returned already, so when ares_cancel() is called the
  resolve callback ends up doing funny things (sometimes resulting in a
  segfault) since it would try to actually store the previous resolve even
  though we're shutting down the resolve.
  
  This bug was introduced in commit 8ab137b2bc9630ce so it hasn't been
  included in any public release.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3145445
  Reported by: Pedro Larroy

- [Brad Hards brought this change]

  Typo / spelling fixes.

- [Brad Hards brought this change]

  Use angle address, as for the rest of the example.
  
  Also spelling fix for RECIPIENT #define.

- [Brad Hards brought this change]

  Add angle brackets to addresses in easy SMTP examples, as for smtp-multi example.

- cookies: tricked dotcounter fixed
  
  Providing multiple dots in a series in the domain field (domain=..com) could
  trick the cookie engine to wrongly accept the cookie believing it to be
  fine. Since the tailmatching would then match all .com sites, the cookie would
  then be sent to all of them.
  
  The code now requires at least one letter between each dot for them to be
  counted. Edited test case 61 to verify this.

- multi: connect fail => use next IP address
  
  When using the multi interface and connecting to a host name that
  resolves to multiple IP addresses, there was no logic that made it
  continue to the next IP if connecting to the first address times
  out. This is now corrected.

- smtp-multi: put recipient within <brackets>
  
  Even if libcurl might to do it for us, it is more correct.

- ossl_seed: no more RAND_screen
  
  RAND_screen() is slow, not thread-safe and not needed anymore since OpenSSL
  uses the thread-safe win32 CryptoAPI nowadays.

- multi: inhibit some verbose outputs
  
  The info about pipe status and expire cleared are clearly debug-related
  and not anything mere mortals will or should care about so they are now
  ifdef'ed DEBUGBUILD

- SMTP tests: updated MAIL FROM use
  
  They were all wrong previously since none used the <brackets> they
  should for MAIL FROM. Now libcurl adds them itself if the app doesn't so
  they end up wrong less easy.

- CURLOPT_MAIL_FROM: document the bracket situation

- [Brad Hards brought this change]

  SMTP: add brackets for MAIL FROM
  
  Similar to what is done already for RCPT TO, the code now checks for and
  adds angle brackets (<>) around the email address that is provided for
  CURLOPT_MAIL_RCPT unless the app has done so itself.

Guenter Knauf (22 Dec 2010)
- Added support for axTLS to NetWare build.

- Fixed include: memory.h -> curl_memory.h.

Kamil Dudka (22 Dec 2010)
- [Brad Hards brought this change]

  smtp-tls: add a missing newline
  
  Without this you won't get the next (Subject) line.

Daniel Stenberg (21 Dec 2010)
- [Brad Hards brought this change]

  Typo fixes.

Patrick Monnerat (21 Dec 2010)
- New curl/curl.h definitions added to ILE/RPG binding.

Yang Tse (21 Dec 2010)
- build: sort configuration hunks in lib/Makefile.vc6
  
  sorted to reflect same internal order as the one shown
  in the usage message.

Daniel Stenberg (20 Dec 2010)
- getparameter: add error check
  
  if add2list() returns an error, bail out!

- loadhostpairs: return errorcode
  
  Make sure that Curl_cache_addr() errors are propagated to callers of
  loadhostpairs().
  
  (this loadhostpairs function caused a scan-build warning due to the
  'dns' variable getting assigned but never used)

Yang Tse (20 Dec 2010)
- distrib: add new file to EXTRA_DIST

- build: refactoring of msvc makefiles to allow overriding of library filenames.
  
  Default libcurl's file names are kept equal to those used since Y2K.

Daniel Stenberg (19 Dec 2010)
- ftp_parselist: fix compiler warning
  
  Doing curlx_strtoofft() on the size just to figure out the end of it
  causes a compiler warning since the result wasn't used, but is also a
  bit of a waste.

- [Pasha Kuznetsov brought this change]

  Curl_do: avoid using stale conn pointer
  
  Since the original `conn' pointer was used after the `connectdata' it
  points to has been closed/cleaned up by Curl_reconnect_request it caused
  a crash. We must make sure to use the newly created connection instead!
  
  URL: http://curl.haxx.se/mail/lib-2010-12/0202.html

- [Tommie Gannert brought this change]

  ares: ask for both IPv4 and IPv6 addresses
  
  Make the c-ares resolver code ask for both IPv4 and IPv6 addresses when
  IPv6 is enabled.
  
  This is a workaround for the missing ares_getaddrinfo() and is a lot
  easier to implement.
  
  Note that as long as c-ares returns IPv4 addresses when IPv6 addresses
  were requested but missing, this will cause a host's IPv4 addresses to
  occur twice in the DNS cache.
  
  URL: http://curl.haxx.se/mail/lib-2010-12/0041.html

- examples: socket type cleanup

- [Brad Hards brought this change]

  Trival comment fix.

- [Brad Hards brought this change]

  smtp-tls: add Message-ID: header

- gitignore: ignore the new example execs

- examples: fix compiler warnings

- examples: build all examples easier

- [Brad Hards brought this change]

  smtp-tls: new example
  
  This example shows how to send SMTP with TLS

- [Brad Hards brought this change]

  Docs: add simple SMTP example
  
  Add a simple SMTP example program, patterned after some of the existing
  examples, and the curl application.
  
  This version addresses issues raised by David Woodhouse on comments in
  the simplesmtp.c example.

Kamil Dudka (17 Dec 2010)
- [Paul Howarth brought this change]

  tftpd: avoid buffer overflow report from glibc

Daniel Stenberg (17 Dec 2010)
- example: fix compiler warnings in fopen.c

- [Brad Hards brought this change]

  chkspeed: bad strtol() call for -M option
  
  Bug: http://curl.haxx.se/mail/lib-2010-12/0192.html

Yang Tse (16 Dec 2010)
- axTLS integration: silence runtests.pl perl warning

Daniel Stenberg (15 Dec 2010)
- axTLS: mention it among the other SSL libs

- 7.21.4: version bump

- axtls_connect: allow connect without peer verification
  
  The SSL_SERVER_VERIFY_LATER bit in the ssl_ctx_new() call allows the
  code to verify the peer certificate explicitly after the handshake and
  then the "data->set.ssl.verifypeer" option works.

- axTLS: allow "default" SSL version as well
  
  When no explicit version is selected we should try to use whatever is
  best for us, and in the axTLS case that means TLSv1.

- axtls.c: cleanup
  
  Removed trailing whitespace
  Removed several compiler warnings
  Removed odd backslashes at some line endings

- urldate: undef hideous memory defines
  
  The public axTLS header (at least as of 1.2.7) redefines the memory
  functions. We #undef those again immediately after the public header to
  limit the damage. This should be fixed in axTLS.

- configure: make --with-axtls set prefix
  
  In tradition with other options, have this point to the directory prefix
  and not the lib directory. Otherwise we can't set the include path
  reliably.

- [Eric Hu brought this change]

  Minor fixes to pass tests 301 and 306 with a patched axTLS.

- [Eric Hu brought this change]

  Initial axTLS integration. Connections can be made and some tests pass.
  
  Failed HTTPS tests: 301, 306, 311, 312, 313, 560
  311, 312 need more detailed error reporting from axTLS.
  313 relates to CRL, which hasn't been implemented yet.

- [Eric Hu brought this change]

  Simple update to configure script to notify user of --with-axtls switch.

- [Eric Hu brought this change]

  Preparing for axTLS. Actual SSL API functions are only stubbed.
  
  Added axTLS to autotool files and glue code to misc other files.
  axtls.h maps SSL API functions, but may change.
  axtls.c is just a stub file and will definitely change.

- THANKS: added contributors from 7.21.3

Version 7.21.3 (15 Dec 2010)

Daniel Stenberg (15 Dec 2010)
- RELEASE-NOTES: synced with a865bd9fbaaa43e5c

- IsPipeliningPossible: only for HTTP
  
  The function that checks if pipelining is possible now requires the HTTP
  bit to be set so that it doesn't mistakenly tries to do it for other
  protocols.
  
  Bug: http://curl.haxx.se/mail/lib-2010-12/0152.html
  Reported by: Dmitri Shubin

- multi_runsingle: don't timeout completed handles
  
  The generic timeout code must not check easy handles that are already
  completed. Going to completed (again) within there risked decreasing the
  number of alive handles again and thus it could go negative.
  
  This regression bug was added in 7.21.2 in commit ca10e28f06f1

- symbols-in-versions: CURLOPT_KEYPASSWD fixed
  
  It was added in 7.17.0 and is not deprecated

- RELEASE-NOTES: synced with c28443c551825

Dan Fandrich (8 Dec 2010)
- Mention that using other libraries can affect app licensing

Yang Tse (7 Dec 2010)
- easy: fix compiler warning: end-of-loop code not reached

Daniel Stenberg (6 Dec 2010)
- disconnect: pass on the dead_connection argument
  
  Cleanup fix after Kamil's commit 5c7c9a768d0093

Yang Tse (6 Dec 2010)
- sws: fix compier warning: external definition with no prior declaration

Daniel Stenberg (6 Dec 2010)
- [Heinrich Ko brought this change]

  ossl_connect_common: detect connection re-use
  
  ossl_connect_common() now checks whether or not 'struct
  connectdata->state' is equal 'ssl_connection_complete' and if so, will
  return CURLE_OK with 'done' set to 'TRUE'. This check prevents
  ossl_connect_common() from creating a new ssl connection on an existing
  ssl session which causes openssl to fail when it tries to parse an
  encrypted TLS packet since the cipher data was effectively thrown away
  when the new ssl connection was created.
  
  Bug: http://curl.haxx.se/mail/lib-2010-11/0169.html

Kamil Dudka (6 Dec 2010)
- url: provide dead_connection flag in Curl_handler::disconnect
  
  It helps to prevent a hangup with some FTP servers in case idle session
  timeout has exceeded.  But it may be useful also for other protocols
  that send any quit message on disconnect.  Currently used by FTP, POP3,
  IMAP and SMTP.

Yang Tse (6 Dec 2010)
- ssh: fix a download resume point calculation

Daniel Stenberg (5 Dec 2010)
- Curl_wait_for_resolv: correct timeout
  
  When looping in this function and checking for the timeout being
  expired, it was not updating the reference time when calculating the
  timediff since previous round which made it think each subsequent loop
  to have taken longer than it actually did.
  
  I also modified the function to use the generic Curl_timeleft() function
  instead of the custom logic.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3112579

- Curl_send/recv_plain: return errno on failure
  
  When send() and recv() fail, we now store the errno value to allow the
  app to access it.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3128121
  Reported by: Yuri

Guenter Knauf (5 Dec 2010)
- Updated OpenSSL version.

Yang Tse (4 Dec 2010)
- fix compiler warning: conversion may lose significant bits

- fix compiler warning: assignment within conditional expression

- fix getinfo CURLINFO_LOCAL* for reused connections (take 2) follow-up
  
  - Show address string from proper buffer in case of connection failure.
  
  - Try next address when inet_ntop() fails.

Daniel Stenberg (3 Dec 2010)
- version-check: added brief documentation
  
  and the traditional source header

Yang Tse (3 Dec 2010)
- build: provide SIZEOF_SIZE_T DOS definition

- build: lib/config.dos renamed to lib/config-dos.h

- build: provide SIZEOF_SIZE_T VMS definition

- build: move config-vms.h from subdir 'packages/vms' into 'lib'

- build: provide SIZEOF_SIZE_T definition for non-configure builds

- build: provide SIZEOF_SIZE_T netware definition

- configure: undo using autobuilds to temporarily verify strict aliasing warnings.

- fix compiler warning: rounding, sign extension, or loss of accuracy may result

- fix compiler warning: statement is not reachable

- fix compiler warning: conversion may lose significant bits

- connect: fix compiler warning: unused variable

- fix getinfo CURLINFO_LOCAL* for reused connections (take 2)

- fix getinfo CURLINFO_LOCAL* for reused connections follow-up
  
  Reinstate IPV6 build variable that got removed.

- fix getinfo CURLINFO_LOCAL* for reused connections
  
  Failed to commit this file changes along with the others.

- fix getinfo CURLINFO_LOCAL* for reused connections

- atoi: remove atoi usage

- multi: fix compiler warning: conversion may lose significant bits follow-up

- ftp: fix 'bool' data type implementation dependant usage

- multi: fix compiler warning: conversion may lose significant bits

- multi: fix compiler warning: enumerated type mixed with another type

- hostip: edit comment

- xattr: fix compiler warning: enumerated type mixed with another type

- s/isspace/ISSPACE

- symbol-scan: use configure script knowledge about how to run the C preprocessor

- ignore file generated by configure

- curl_multi_info_read: fix compiler warning: conversion may lose significant bits

- inet_pton: fix compiler warning
  
  warning C4146: unary minus operator applied to unsigned type, result still unsigned

- Curl_getaddrinfo_ex: sanitize function results follow-up.

- Curl_getaddrinfo_ex: sanitize function results.
  
  Ensure that spurious results from system's getaddrinfo() ares not propagated
  by Curl_getaddrinfo_ex() into the library.
  
  Also ensure that the ai_addrlen member of Curl_getaddrinfo_ex()'s output linked
  list of Curl_addrinfo structures has appropriate family-specific address size.

Kamil Dudka (22 Nov 2010)
- openldap: use remote port in URL passed to ldap_init_fd()
  
  ... not the proxy port.  It makes no difference unless a proxy is used.

Yang Tse (20 Nov 2010)
- gtls: define and use gtls_EAGAIN, gtls_EINTR and gtls_EIO.
  
  Winsock builds clobber some errno.h defines in setup_once.

Dan Fandrich (19 Nov 2010)
- Added a couple examples that were missing from the tar ball

- Check for errors while preprocessing curl.h in test 1119
  
  This showed a problem when running the test out-of-tree, so
  an include path is now being added to pick up the generated
  curlbuild.h file.

- Use the 3-argument open for compatibility with older perls

- [Matthias Bolte brought this change]

  Detect socket errors in GnuTLS on Windows
  
  On Windows, translate WSAGetLastError() to errno values as GNU
  TLS does it internally, too. This is necessary because send() and
  recv() on Windows don't set errno when they fail but GNU TLS
  expects a proper errno value.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3110991

Yang Tse (19 Nov 2010)
- test servers: fix strict aliasing compiler warnings

- configure: use autobuilds to temporarily verify strict aliasing warnings.
  
  Temporarily, When cross-compiling with gcc 3.0 or later, enable strict aliasing
  rules and warnings. Given that cross-compiled targets autobuilds do not run the

Julien Chaffraix (17 Nov 2010)
- configure: Prevent link errors with --librtmp.
  
  If --librtmp was specified but pkg-config could not find the librtmp
  file, we would have undefined symbols when linking curl.
  
  We prevent this error by disabling this case as suggested on the mailing
  list.

Daniel Stenberg (15 Nov 2010)
- RELEASE-NOTES: synced with cbf4961bf3e4

- gnutls->handshake: improved timeout handling
  
  When no timeout is set, we call the socket_ready function with a timeout
  value of 0 during handshake, which makes it loop too much/fast in this
  function. It also made this function return CURLE_OPERATION_TIMEDOUT
  wrongly on a slow handshake.
  
  However, the particular bug report that highlighted this problem is not
  solved by this fix, as this fix only makes the more proper error get
  reported instead.
  
  Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594150
  Reported by: Johannes Ernst

Julien Chaffraix (13 Nov 2010)
- urldata: Capitalize enum protect_level values.
  
  This makes it easier to spot the enum values from the variables.
  Removed some unneeded DEBUGASSERT added in the previous commit.

- security: tighten enum protection_level usage.
  
  While changing Curl_sec_read_msg to accept an enum protection_level
  instead of an int, I went ahead and fixed the usage of the associated
  fields.
  
  Some code was assuming that prot_clear == 0. Fixed those to use the
  proper value. Added assertions prior to any code that would set the
  protection level.

Yang Tse (13 Nov 2010)
- configure: fix autoconf 2.68 warning: no AC_LANG_SOURCE call detected in body

Daniel Stenberg (12 Nov 2010)
- curl.1: "a file", not an

- version-check.pl: display version number for symbols
  
  This script is the start of a helper tool that scans a source code and
  outputs the most recent libcurl version it finds symbols for. Meaning
  that if there's no conditions in the code, that's the earliest libcurl
  version the scanned code requires.
  
  It is not added to the Makefile.am yet as it is still a bit crude, but
  I'm committing it to keep it and allow us to work on it.

- [Adam Light brought this change]

  Makefile.vc6: fixed the xattr.c compile

Julien Chaffraix (12 Nov 2010)
- krb5: Use GSS_ERROR to check for error.
  
  This is the advised way of checking for errors in the GSS-API RFC.
  Also added some '\n' to the error message so that they are not mixed
  with other outputs.

- security: Pass the right parameter to init.
  
  init is expecting app_data. Passing it the struct connecdata would make
  us crash later.

Daniel Stenberg (11 Nov 2010)
- HTTP Auth: Add CURLAUTH_ONLY
  
  This is a meta symbol. OR this value together with a single specific
  auth value to force libcurl to probe for un-restricted auth and if not,
  only that single auth algorithm is acceptable.
  
  For example you can use CURLAUTH_DIGEST|CURLAUTH_ONLY to make libcurl
  first probe for what method to use, but yet only consider Digest to be
  acceptable.
  
  Using _only_ CURLAUTH_DIGEST without the CURLAUTH_ONLY field, will make
  libcurl explicitly use Digest right away and not do any probing.

- ip_version: moved to connection struct
  
  The IP version choice was previously only in the UserDefined struct
  within the SessionHandle, but since we sometimes alter that option
  during a request we need to have it on a per-connection basis.
  
  I also moved more "init conn" code into the allocate_conn() function
  which is designed for that purpose more or less.

Yang Tse (11 Nov 2010)
- buildconf: MAC OS X requires libtool version 1.5.26 or newer
  
  MAC OS X requires libtool version 1.5.26 or newer, otherwise
  configure will mishandle *.dSYM directories when it runs.

- configure: remove temporary autobuilds exercising of xattr function tests

- configure: use autobuilds to temporarily exercise xattr function tests

- xattr: portability fix

- curl-functions: provide xattr function tests that also check number of arguments

Daniel Stenberg (10 Nov 2010)
- test1120: verify FTP response 421
  
  curl mustn't try to use the control connection after the 421 is received

- ftpserver.pl: spellfix comment

- [Rutger Hofman brought this change]

  TFTP: resend the correct data
  
  I found a bug in tftp_tx() in tftp.c. If a data resend is done after
  reception of an ACK/OACK, the call to sendto is wrong.

- [Stefan Tomanek brought this change]

  write extended attributes by using fsetxattr
  
  Instead of reopening the downloaded file, fsetxattr uses the (already
  open) file descriptor to attach extended attributes. This makes the
  procedure more robust against errors caused by moved or deleted files.

Dan Fandrich (9 Nov 2010)
- Check for getinfo errors before setting attributes

Kamil Dudka (9 Nov 2010)
- ftp: treat server's response 421 as CURLE_OPERATION_TIMEDOUT
  
  Bug: https://bugzilla.redhat.com/650255
  Reported by: Simon H.

Daniel Stenberg (9 Nov 2010)
- symbols-in-version: add CURL_SOCKET_BAD
  
  I also documented the filtering logic in the symbol-scan.pl function to
  clarify why not all CURL_* symbols are included.

Yang Tse (9 Nov 2010)
- serial number bump

Kamil Dudka (8 Nov 2010)
- ftp: close connection as soon as ABOR has been sent
  
  ... and do not send ABOR unless really necessary.
  
  Bug: https://bugzilla.redhat.com/649347
  Reported by: Simon H.

Daniel Stenberg (8 Nov 2010)
- RELEASE-NOTES: synced with fc6c4c10f9faab08
  
  I also recounted and updated the command line and libcurl options.

- help: indent the --xattr option like the others

- curl.1: --resolve documented

- CURLOPT_RESOLVE: documented

- CURLOPT_USE_SSL: move from FTP options to connection options

- xattr-check: correct the comment as well

- xattr: use const char * for const strings

- setxattr: fix the checks
  
  My copy and paste job was a little too much copy and I missed to adjust
  it properly to sys/xattr.h all over and this is a fix to cure that.

- CURLOPT_RESOLVE: added
  
  CURLOPT_RESOLVE is a new option that sends along a curl_slist with
  name:port:address sets that will populate the DNS cache with entries so
  that request can be "fooled" to use another host than what otherwise
  would've been used. Previously we've encouraged the use of Host: for
  that when dealing with HTTP, but this new feature has the added bonus
  that it allows the name from the URL to be used for TLS SNI and server
  certificate name checks as well.
  
  This is a first change. Surely more will follow to make it decent.

Yang Tse (8 Nov 2010)
- fix compiler warning

Dan Fandrich (7 Nov 2010)
- Added os-specific.c and xattr.c to the Symbian build files

Yang Tse (7 Nov 2010)
- xattr: fix VisualStudio builds

- fix snapshot generation

Daniel Stenberg (5 Nov 2010)
- --libcurl: simplify output
  
  Removed the code that was needed for libcurl before 7.19.0 which now is
  more than two years old.
  
  Simplified the top comment and corrected the URL.

- [Alfred Gebert brought this change]

  LDAP: detect non-binary attributes properly
  
  If the query result has a binary attribute, the binary attribute is
  base64 encoded. But all following non binary attributes are also base64
  encoded which is wrong.
  
  This is a test (LDAP server is public).
  
  curl
  ldap://x500.bund.de:389/o=Bund,c=DE?userCertificate,certificateSerialNumber?sub
  ?cn=*Woehleke*

- xattr: add configure check and #ifdefs
  
  setxattr is a glibc call to set extended attributes, so configure now
  checks for it and the code is adapted to only build when the
  functionality is present.

- [Stefan Tomanek brought this change]

  save metadata to extended file attributes
  
  It is often convinient to track back the source of a once downloaded
  file; this patch makes curl store the source URL and other metadata
  alongside the retrieved file by using the extended attributes (if
  supported by the file system and enabled by --xattr).

- test: remove test 580
  
  Test 580 is removed again for two reasons:
  
  1) Some compilers aren't satisfied by just a data variable called 'test'
  when first.o wants a function called 'test'. The Solaris compiler says
  "ld: warning: symbol `test' has differing types:" while the AIX compiler
  downright rejects it.
  
  2) Test case 1119 that was added after this test is way more complete
  and cover everything test 580 does and more without introducing the same
  problems.

- Revert: use Host: name for SNI and cert name checks
  
  This reverts commit b0fd03f5b8d4520dd232a9d13567d16bd0ad8951,
  4b2fbe1e97891f, afecd1aa13b4f, 68cde058f66b3

- TODO-RELEASE: "TLS SNI use Host:" is done
  
  262 - Manual setting of TLS Server Name Indication - use Host:

- RELEASE-NOTES: synced with 7b823badbcab9d330

- curl.1: added a few missing exit codes

- certcheck: use the custom Host: name for checks
  
  If you use a custom Host: name in a request to a SSL server, libcurl
  will now use that given name when it verifies the server certificate to
  be correct rather than using the host name used in the actual URL.

- SNI: simplify the custom host name use
  
  The redirect check is already done at the position where the customhost
  field is assigned so there's no point in doing that a second time.

- host: get the custom Host: name more genericly
  
  When given a custom host name in a Host: header, we can use it for
  several different purposes other than just cookies, so we rename it and
  use it for SSL SNI etc.

- [Hongli Lai (Phusion) brought this change]

  SNI: set name to custom Host header
  
  OpenSSL SNI host name should be set to the custom Host header, if the
  user provided one.

- fopen.c: re-indented, fixed previous mistake
  
  I've made the code intended using curl-style now to look more like other
  examples.
  
  My previous "fix" was a bit too invasive but is now fixed again.

- multi use: call multi_perform even on select() timeouts

- example: add smtp-multi.c
  
  An example application source code sending SMTP mail with the multi
  interface. It is based on the code Alona Rossen provided, which in turn
  is based on existing example/test code, and I converted it even more
  into a decent example with a fair multi API use, put the info required
  to edit at the top and I added some comments.

- CURLOPT_NOSIGNAL: add blurb about SIGPIPE

Dan Fandrich (3 Nov 2010)
- Allow building test 580 out of tree

Daniel Stenberg (3 Nov 2010)
- dist: add symbol-scan.pl to the tarball

- test1119: verify symbols-in-versions

- runtests: allow tests written as perl scripts
  
  If a command is set type="perl", it can now specify a perl program that will
  be run instead of an ordinary curl or built tool.
  
  A perl test automatically disables memory and valgrind debugging.

- symbol-scan: verifies symbols-in-versions
  
  This new script scans for all enums and #defines used by the curl/curl.h
  and curl/multi.h headers. Then it reads all symbols mentioned in
  symbols-in-vesions and make sure that there's no entries missing in
  there. It then proceeds to verify that the entries that
  symbols-in-vesions mentions but aren't found in the sources are truly
  documented as removed.
  
  This script is used in the new test case 1119

- symbols-in-versions: added 119 missing symbols
  
  I've developed a script I call symbol-scan.pl that scans the curl.h and
  multi.h header files and compare the symbols it finds in there with the
  symbols symbols-in-versions documents and outputs a report on the
  differences.  Using this I've dug through the history to fill up
  symbols-in-versions with all the symbols my script found mismatches for.
  
  I will commit symbol-scan.pl separatly and think of a way to put it to
  use in the build/tests so that we from now on will get this in-sync
  check automatically.

Dan Fandrich (2 Nov 2010)
- Added mk580.pl to the tar ball

Daniel Stenberg (2 Nov 2010)
- symbols-in-versions: added missing symbols

- ignore: lib580.c is generated by mk580.pl

- test: added test 580 - verifies symbols-in-versions
  
  The new perl script mk580.pl generates a C table in a fresh source file
  named lib580.c and if that compiles fine we know that the file
  docs/libcurl/symbols-in-versions at least doesn't include any symbols
  that are misspelled.
  
  An additional feature would be to somehow scan curl/curl.h and compare
  with symbols-in-versions to see if there are symbols missing.

- spellfix: CURLOPT_TFTP_BLKSIZE it is

Kamil Dudka (29 Oct 2010)
- ftp: prevent server from hanging on closed data connection
  
  Some FTP servers (e.g. Pure-ftpd) end up hanging if we close the data
  connection before transferring all the requested data.  If we send ABOR
  in that case, it prevents the server from hanging.
  
  Bug: https://bugzilla.redhat.com/643656
  Reported by: Pasi Karkkainen, Patrick Monnerat

Dan Fandrich (28 Oct 2010)
- Removed a leftover mention of FTP in an error message

- Removed the native Makefile.riscos files
  
  These haven't worked in at least 8 years due to missing source
  files, and most active RiscOS developers these days apparently
  cross-compile anyway.
  
  Signed-off-by: James Bursa <james@zamez.org>

- Lightened the stack in wc_statemach to permit deeper recursion
  
  Also, added a few hints to help compilers to perform tail call
  recursion optimization.

Daniel Stenberg (20 Oct 2010)
- SSH: use libssh2_session_handshake()
  
  In libssh2 1.2.8, libssh2_session_handshake() replaces
  libssh2_session_startup() to fix the previous portability problem with
  the socket type that was too small for win64 and thus easily could cause
  crashes and more.

- SSH: avoid using the libssh2_ prefix
  
  It is a bad idea to use the public prefix used by another library and
  now we realize that libssh2 introduces a symbol in the upcoming version
  1.2.8 that conflicts with our static function named libssh2_free.

- formdata: provide error message
  
  When failing to build form post due to an error, the code now does a
  proper failf(). Previously libcurl would report an error like "failed
  creating formpost data" when a file wasn't possible to open which was
  not easy for users to figure out.
  
  I also lower cased a function name to be named more curl-style and
  removed some unnecessary code.

- URL-parsing: consider ? a divider
  
  The URL parser got a little stricter as it now considers a ? to be a
  host name divider so that the slightly sloppier URLs work too. The
  problem that made me do this change was the reported problem with an URL
  like: www.example.com?email=name@example.com This form of URL is not
  really a legal URL (due to the missing slash after the host name) but is
  widely accepted by all major browsers and libcurl also already accepted
  it, it was just the '@' letter that triggered the problem now.
  
  The side-effect of this change is that now libcurl no longer accepts the
  ?  letter as part of user-name or password when given in the URL, which
  it used to accept (and is tested in test 191). That letter is however
  mentioned in RFC3986 to be required to be percent encoded since it is
  used as a divider.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3090268

- curl_easy_setopt.3: spellfix

- curl_easy_setopt.3: CURLOPT_USE_SSL is not just for FTP
  
  It is for FTP, SMTP, POP3, IMAP at least.

- krb4.h: removed unused prototypes

- krb4: make a few functions static

- TODO-RELEASE: cleanup for 7.21.3 works
  
  "SFTP resume with 4GB file does not work" is now removed as I'm sure
  this is really a libssh2 bug and not a libcurl bug.
  
  7.21.2 is released already

- RELEASE-NOTES: sync with 09a2d93a0f17ca

- http_chunks: remove debug output
  
  Accidentally left in there during my previous debugging of this

- Curl_setopt: disallow CURLOPT_USE_SSL without SSL support
  
  In order to avoid for example the pingpong protocols to issue STARTTLS
  (or equivalent) even though there's no SSL support built-in.
  
  Reported by: Sune Ahlgren
  Bug: http://curl.haxx.se/mail/archive-2010-10/0045.html

- options: check for features for some options
  
  Some options, such as the automatic decompression and some SSL related
  ones now will bail out if the underlying libcurl doesn't have support
  for the particular feature needed.

Dan Fandrich (14 Oct 2010)
- Fixed the IPv6 host address in test1203
  
  Reported by: Christian Weisgerber
  Bug: http://curl.haxx.se/bug/view.cgi?id=3087479

Daniel Stenberg (14 Oct 2010)
- curl_easy_setopt.3: clarify CURLOPT_CRLF
  
  The option takes a parameter that should be 1 or 0 to enable or disable
  the feature.
  
  URL: http://curl.haxx.se/bug/view.cgi?id=3086428

Guenter Knauf (14 Oct 2010)
- Some more small Watcom makefile fixes.

- Added --noconfigure switch to testcurl.pl.

- Modified Watcom makefiles to work on Linux too.

- Added MingW32 rtmp target; changed Watcom targets.
  
  Modified Watcom targets to avoid backslashs so that they can
  work on Linux too.

Daniel Stenberg (13 Oct 2010)
- gitignore: ignore Makefile.vc10.dist made by maketgz

- curlver.h: start over at 7.21.3

- RELEASE-NOTES: start over towards 7.21.3

- THANKS: added contributors from 7.21.2

Version 7.21.2 (12 Oct 2010)

Daniel Stenberg (12 Oct 2010)
- RELEASE-NOTES: synced with ecd624b8e774a85

- [Julien Chaffraix brought this change]

  CMake: Build fix.
  
  Do not match the trailing '\n' in the regular expression as this would
  make us dump a ) parenthesis on a new line.
  
  This fixes the following error:
  
  would get transformed into:
  
  )
  
  Bug: http://curl.haxx.se/mail/lib-2010-10/0065.html
  Reported by: Dimitre Dimitrov

- header_callback: strip off file path separated with backslashes
  
  If the filename contains a backslash, only use filename portion. The
  idea is that even systems that don't handle backslashes as path
  separators probably want that path removed for convenience.
  
  This flaw is considered a security problem, see the curl security
  vulnerability http://curl.haxx.se/docs/adv_20101013.html

Dan Fandrich (12 Oct 2010)
- Get the curl source files for Amiga from Makefile.inc
  
  This is similar to how it's done in the lib directory.
  The Amiga build appears to have been broken for a year because
  of a missing homedir.c

- Added section on server-supplied names to security considerations

Guenter Knauf (12 Oct 2010)
- Fixed Watcom makefile.

- Added build bits for librtmp / libssh2 to Watcom makefiles.

- Added build bits for librtmp to NetWare makefiles.

Daniel Stenberg (12 Oct 2010)
- SFTP: more ignoring negative file sizes
  
  As the change in 5f0ae7a0626cbe709 added a precaution against negative
  file sizes that for some reason managed to get returned, this change now
  introduces the same check at the second place in the code where the file
  size from the libssh2 stat call is used.
  
  This check might not be suitable for a 32 bit curl_off_t, but libssh2.h
  assumes long long to work and to be 64 bit so I believe such a small
  curl_off_t will be very unlikely to occur in the wild.

- SMTP: debug output for no known auth mechanisms supported
  
  ... and some minor source code whitespace edits

- test: urlglob error messages have no extra newline anymore

Guenter Knauf (11 Oct 2010)
- Added build bits for librtmp to MingW32 makefiles.

Daniel Stenberg (8 Oct 2010)
- RELEASE-NOTES: synced with 61f4cdb73ae4

- globbing: fix crash on unballanced open brace
  
  Having an open brace without a closing brace caused a segfault.
  
  Having a closing brace too many caused a silent error to occur, which
  caused curl to bail out and return an error code but no error message
  was shown. It does now!
  
  All error message outputs no longer wrongly get _two_ newlines written
  after the error message.
  
  Reported by: Vlad Ureche
  Bug: http://curl.haxx.se/bug/view.cgi?id=3083942

- [Dan Locks brought this change]

  libcurl.m4: AC_PATH_PROG fixes
  
  The invocation of autoconf's AC_PATH_PROG( ) is not quite right for
  finding curl-config. This fix corrects the negative case (where
  curl-config is not found).

- FAQ: added "How do I submit my patch?"

- examples: use example.com in example URLs

- TODO-RELEASE: libidn problem not repeatable
  
  "261 - configure and libidn" is removed from the list since Julien
  Chaffraix tried to repeat it but failed and the reporter did not return
  to provide further details.
  
  Reported by: Lyndon Hill
  Bug: http://curl.haxx.se/mail/lib-2010-07/0029.html

- libcurl.m4: mention argument is PREFIX
  
  The macro provides a --with-libcurl option that expects a PREFIX to be
  specified and not actually a "directory" in which libcurl will be found.
  This now spells that out more clearly.
  
  Reported by: Dan Locks
  Bug: http://curl.haxx.se/bug/view.cgi?id=3079891

Guenter Knauf (3 Oct 2010)
- Some NetWare makefile tweaks.
  
  Renamed SDK_* to NDK_*; made NDK_* defines overwriteable from
  environment; removed now obsolete YACC macro;
  moved some curl_config.h defines to IPv6 section since they
  are only needed when IPv6 is enabled - this makes libcurl compile
  with older NDKs too which were not IPv6-aware.

Daniel Stenberg (2 Oct 2010)
- TODO-RELEASE: 416 error fixed
  
  "3076808 Requests fail silently following a 416 error" done

Julien Chaffraix (2 Oct 2010)
- krb5-gssapi: Removed a memory leak in krb5_auth.
  
  We forgot to release the buffer passed to gss_init_sec_context.
  
  The previous logic was difficult to read as we were reusing the same
  variable (gssbuf) for both input buffer and output buffer. Splitted the
  logic in 2 variables to better underline who needs to be released.
  Also made the code break at 80 lines.

- krb5-gssapi: Made the function always return a value.
  
  kr5_auth missed a final 'return' statement. This is not an error in
  gcc but can lead to potential bugs.

- krb5-gssapi: Delete the GSS-API context.
  
  This fixes a memory leak related to the GSS-API code.
  
  Added a krb5_init and krb5_end functions. Also removed a work-around
  the lack of proper initialization of the GSS-API context.

Daniel Stenberg (2 Oct 2010)
- HTTP: remove special case for 416
  
  It was pointed out that the special case libcurl did for 416 was
  incorrect and wrong. 416 is not really different to other errors so the
  response body must be handled like for other errors/http responses.
  
  Reported by: Chris Smowton
  Bug: http://curl.haxx.se/bug/view.cgi?id=3076808

- [Dan Fandrich brought this change]

  sws: Added writedelay HTTP server command
  
  This delays between write operations, hopefully making it easier
  to spot problems where libcurl doesn't flush the socket properly
  before waiting for the next response.

- TODO-RELEASE: no bug in ftp_nextconnect
  
  The issue named "266 - Bug in ftp_nextconnect?" was deemed to not be a
  bug and instead resulted in clarified docs.

- curl_easy_setopt.3: CURLOPT_DIRLISTONLY implies dir list
  
  Make it explicit that setting CURLOPT_DIRLISTONLY to 1 will make libcurl
  to list the directory.

- RELEASE-NOTES: synced up to 588402585bae

- TODO-RELEASE: move new features to next release

- README.ares: we know require c-ares 1.6.0

- SFTP: avoid downloading negative sizes!
  
  It is still not clarified exactly why this happens, but libssh2
  sometimes report a negative file size for the remote SFTP file and that
  deeply confuses libcurl (or crashes it) so this precaution is added to
  avoid badness.
  
  Reported by: Ernest Beinrohr
  Bug: http://curl.haxx.se/bug/view.cgi?id=3076430

- TODO-RELEASE: drop curl_easy_setoptv
  
  I haven't read any really convincing arguments for adding it

- [Dirk Manske brought this change]

  multi & hiper examples: updates and cleanups
  
  all multi and hiper examples:
  
  * don't loop curl_multi_perform calls, that was <7.20.0 style, currently
    the exported multi functions will not return CURLM_CALL_MULTI_PERFORM
  
  all hiper examples:
  * renamed check_run_count to check_multi_info
  * don't  compare current running handle count with previous value, this
    was the wrong way to check for finished requests, simply call
    curl_multi_info_read
  * it's also safe to call curl_multi_remove_handle inside the
    curl_multi_info_read loop.
  
  ghiper.c:
  * replaced curl_multi_socket (that function is marked as obsolete) calls
    with curl_multi_socket_action calls (as in hiperfifo.c and
    evhiperfifo.c)
  
  ghiper.c and evhiperfifo.c:
  * be smart as hiperfifo.c, don't do uncessary curl_multi_* calls in
    new_conn and main

- TODO-RELEASE: one fixed, one postponed, one added
  
  As we're already in feature freeze, I pushed the feature onwards.

Dan Fandrich (29 Sep 2010)
- Renamed test1204 to test1117 to move it into the normal range

Patrick Monnerat (29 Sep 2010)
- Add gopher protocol definition to ILE/RPG binding.
  OS400 compile script in test dir updated for chkhostname.

Julien Chaffraix (28 Sep 2010)
- krb5-gssapi: Remove several memory leaks.
  
  Remove a leak seen on Kerberos/MIT (gss_OID is copied internally and
  we were leaking it). Now we just pass NULL as advised in RFC2744.
  
  |tmp| was never set back to buf->data.
  
  Cleaned up Curl_sec_end to take into account failure in Curl_sec_login
  (where conn->mech would be NULL but not conn->app_data or
  conn->in_buffer->data).

- security.c: Remove Curl_sec_fflush_fd.
  
  The current implementation would make us send wrong data on a closed
  socket. We don't buffer our data so the method can be safely removed.

- security.c: We should always register the socket handler.
  
  Following a change in the way socket handler are registered, the custom
  recv and send method were conditionaly registered.
  We need to register them everytime to handle the ftp security
  extensions.
  
  Re-added the clear text handling in sec_recv.

- security.c: Fix Curl_sec_login after rewrite.
  
  Curl_sec_login was returning the opposite result that the code in ftp.c
  was expecting. Simplified the return code (using a CURLcode) so to see
  more clearly what is going on.

- security.c: Readd the '\n' to the infof() calls.
  
  They are not automatically added and make the output of the verbose
  mode a lot more readable.

- security.c: Fix typo (PSBZ -> PBSZ)

- security.c: Fix ftp_send_command.
  
  My use of va_args was completely wrong. Fixed the usage so that
  we send the right commands!

Daniel Stenberg (28 Sep 2010)
- curl_easy_escape: don't escape "unreserved" characters
  
  According to RFC3986 section 2.3 the letters -, ., _ and ~ should not be
  percent-encoded.
  
  Reported by: Miguel Diaz
  Bug: http://curl.haxx.se/mail/lib-2010-09/0227.html

- multi: don't expire timeouts at disonnect or done
  
  The functions Curl_disconnect() and Curl_done() are both used within the
  scope of a single request so they cannot be allowed to use
  Curl_expire(... 0) to kill all timeouts as there are some timeouts that
  are set before a request that are supposed to remain until the request
  is done.
  
  The timeouts are now instead cleared at curl_easy_cleanup() and when the
  multi state machine changes a handle to the complete state.

Dan Fandrich (27 Sep 2010)
- Changed the TPF make file to get source files from Makefile.inc
  
  Patch was fixed and validated by David McCreedy.

- Added test case 1204 to test HTTP range failure
  
  This is an attempt to reproduce bug #3076808

Daniel Stenberg (27 Sep 2010)
- [Dirk Manske brought this change]

  multi_runsingle: set timeout error messages
  
  With the latest changes to fix the timeout handling with multi interface
  we lost the timeout error messages. This patch brings them back.

- TODO-RELEASE: updated list of issues to work on

- parsedate: allow time specified without seconds
  
  The date format in RFC822 allows that the seconds part of HH:MM:SS is
  left out, but this function didn't allow it. This change also includes a
  modified test case that makes sure that this now works.
  
  Reported by: Matt Ford
  Bug: http://curl.haxx.se/bug/view.cgi?id=3076529

- TFTP: re-indented the source code
  
  Just made sure that the good old curl indentation style is used all over
  this file.

- [Tim Newsome brought this change]

  TFTP: Work around tftpd-hpa upload bug
  
  tftpd-hpa has a bug where it will send an incorrect ack when the block
  counter wraps and tftp options have been sent. Work around that by
  accepting an ack for 65535 when we're expecting one for 0.

- Revert "security.c: buffer_read various fixes."
  
  This reverts commit fbb38de415b7bb7d743e53a7b4b887ffb12b3e5b.

- security.c: removed superfluous parentheses
  
  And also removed the FIXME where memory was zeroed just before freed,
  and some other minor whitespace changes.

- [Julien Chaffraix brought this change]

  security.c: Update the #include statements after the rewrite.
