CHANGES

                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Daniel Stenberg (2 Mar 2010)
- Made the pingpong timeout code properly deal with the response timeout AND
  the global timeout if set. Also, as was reported in the bug report #2956437
  by Ryan Chan, the time stamp to use as basis for the per command timeout was
  not set properly in the DONE phase for FTP (and not for SMTP) so I fixed
  that just now. This was a regression compared to 7.19.7 due to the
  conversion of FTP code over to the generic pingpong concepts.

  http://curl.haxx.se/bug/view.cgi?id=2956437

Daniel Stenberg (1 Mar 2010)
- Ben Greear provided an update for TFTP that fixes upload.

- Wesley Miaw reported bug #2958179 which identified a case of looping during
  OpenSSL based SSL handshaking even though the multi interface was used and
  there was no good reason for it.

  http://curl.haxx.se/bug/view.cgi?id=2958179

Daniel Stenberg (26 Feb 2010)
- Pat Ray in bug #2958474 pointed out an off-by-one case when receiving a
  chunked-encoding trailer.

  http://curl.haxx.se/bug/view.cgi?id=2958474

Daniel Fandrich (25 Feb 2010)
- Fixed a couple of out of memory leaks and a segfault in the SMTP & IMAP code.

Yang Tse (25 Feb 2010)
- I fixed bug report #2958074 indicating
  (http://curl.haxx.se/bug/view.cgi?id=2958074) that curl on Windows with
  option --trace-time did not use local time when timestamping trace lines.
  This could also happen on other systems depending on time souurce.

Patrick Monnerat (22 Feb 2010)
- Proper handling of STARTTLS on SMTP, taking CURLUSESSL_TRY into account.
- SMTP falls back to RFC821 HELO when EHLO fails (and SSL is not required).
- Use of true local host name (i.e.: via gethostname()) when available, as
  default argument to SMTP HELO/EHLO.
- Test case 804 for HELO fallback.

Daniel Stenberg (20 Feb 2010)
- Fixed the SMTP compliance by making sure RCPT TO addresses are specified
  properly in angle brackets. Recipients provided with CURLOPT_MAIL_RCPT now
  get angle bracket wrapping automatically by libcurl unless the recipient
  starts with an angle bracket as then the app is assumed to deal with that
  properly on its own.

- I made the SMTP code expect a 250 response back from the server after the
  full DATA has been sent, and I modified the test SMTP server to also send
  that response. As usual, the DONE operation that is made after a completed
  transfer is still not doable in a non-blocking way so this waiting for 250
  is unfortunately made blockingly.

Yang Tse (14 Feb 2010)
- Overhauled test suite getpart() function. Fixing potential out of bounds
  stack and memory overwrites triggered with huge test case definitions.

Daniel Stenberg (13 Feb 2010)
- Martin Hager reported and fixed a problem with a missing quote in libcurl.m4

  (http://curl.haxx.se/bug/view.cgi?id=2951319)

- Tom Donovan fixed the CURL_FORMAT_* defines when building with cmake.

  (http://curl.haxx.se/bug/view.cgi?id=2951269)

Daniel Stenberg (12 Feb 2010)
- Jack Zhang reported a problem with SMTP: we wrongly used multiple addresses
  in the same RCPT TO line, when they should be sent in separate single
  commands. I updated test case 802 to verify this.

- I also fixed a bad use of my_setopt_str() of CURLOPT_MAIL_RCPT in the curl
  tool which made it try to output it as string for the --libcurl feature
  which could lead to crashes.

Yang Tse (11 Feb 2010)
- Steven M. Schweda fixed VMS builder bad behavior when used in a batch job,
  removed obsolete batch_compile.com and defines.com and updated VMS readme.

Version 7.20.0 (9 February 2010)

Daniel Stenberg (9 Feb 2010)
- When downloading compressed content over HTTP and the app asked libcurl to
  automatically uncompress it with the CURLOPT_ENCODING option, libcurl could
  wrongly provide the callback with more data than the maximum documented
  amount. An application could thus get tricked into badness if the maximum
  limit was trusted to be enforced by libcurl itself (as it is documented).

  This is further detailed and explained in the libcurl security advisory
  20100209 at

    http://curl.haxx.se/docs/adv_20100209.html

Daniel Fandrich (3 Feb 2010)
- Changed the Watcom makefiles to make them easier to keep in sync with
  Makefile.inc since that can't be included directly.

Yang Tse (2 Feb 2010)
- Symbol CURL_FORMAT_OFF_T now obsoleted, will be removed in a future release,
  symbol will not be available when building with CURL_NO_OLDIES defined. Use
  of CURL_FORMAT_CURL_OFF_T is preferred since 7.19.0

Daniel Stenberg (1 Feb 2010)
- Using the multi_socket API, it turns out at times it seemed to "forget"
  connections (which caused a hang). It turned out to be an existing (7.19.7)
  bug in libcurl (that's been around for a long time) and it happened like
  this:

  The app calls curl_multi_add_handle() to add a new easy handle, libcurl will
  then set it to timeout in 1 millisecond so libcurl will tell the app about
  it.

  The app's timeout fires off that there's a timeout, the app calls libcurl as
  we so often document it:

  do {
   res = curl_multi_socket_action(... TIMEOUT ...);
  } while(CURLM_CALL_MULTI_PERFORM == res);

  And this is the problem number one:

  When curl_multi_socket_action() is called with no specific handle, but only
  a timeout-action, it will *only* perform actions within libcurl that are
  marked to run at this time. In this case, the request would go from INIT to
  CONNECT and return CURLM_CALL_MULTI_PERFORM. When the app then calls libcurl
  again, there's no timer set for this handle so it remains in the CONNECT
  state. The CONNECT state is a transitional state in libcurl so it reports no
  sockets there, and thus libcurl never tells the app anything more about that
  easy handle/connection.

  libcurl _does_ set a 1ms timeout for the handle at the end of
  multi_runsingle() if it returns CURLM_CALL_MULTI_PERFORM, but since the loop
  is instant the new job is not ready to run at that point (and there's no
  code that makes libcurl call the app to update the timout for this new
  timeout). It will simply rely on that some other timeout will trigger later
  on or that something else will update the timeout callback. This makes the
  bug fairly hard to repeat.

  The fix made to adress this issue:

  We introduce a loop in lib/multi.c around all calls to multi_runsingle() and
  simply check for CURLM_CALL_MULTI_PERFORM internally. This has the added
  benefit that this goes in line with my long-term wishes to get rid of the
  CURLM_CALL_MULTI_PERFORM all together from the public API.

  The downside of this fix, is that the counter we return in 'running_handles'
  in several of our public functions then gets a slightly new and possibly
  confusing behavior during times:

  If an app adds a handle that fails to connect (very quickly) it may just
  as well never appear as a 'running_handle' with this fix. Previously it
  would first bump the counter only to get it decreased again at next call.
  Even I have used that change in handle counter to signal "end of a
  transfer". The only *good* way to find the end of a individual transfer
  is calling curl_multi_info_read() to see if it returns one.

  Of course, if the app previously did the looping before it checked the
  counter, it really shouldn't be any new effect.

Yang Tse (26 Jan 2010)
- Constantine Sapuntzakis' and Joshua Kwan's work done in the last four months
  relative to the asynchronous DNS lookups, along with with some integration
  adjustments I have done are finally committed to CVS.

  Currently these enhancements will benefit builds done using c-ares on any
  platform as well as Windows builds using the default threaded resolver.

  This release does not make generally available POSIX threaded DNS lookups
  yet. There is no configure option to enable this feature yet. It is possible
  to experimantally try this feature running configure with compiler flags that
  make simultaneous definition of preprocessor symbols USE_THREADS_POSIX and
  HAVE_PTHREAD_H, as well as whatever reentrancy compiler flags and linker ones
  are required to link and properly use pthread_* functions on each platform.

Daniel Stenberg (26 Jan 2010)
- Mike Crowe made libcurl return CURLE_COULDNT_RESOLVE_PROXY when it is the
  proxy that cannot be resolved when using c-ares. This matches the behaviour
  when not using c-ares.

Björn Stenberg (23 Jan 2010)
- Added a new flag: -J/--remote-header-name. This option tells the
  -O/--remote-name option to use the server-specified Content-Disposition
  filename instead of extracting a filename from the URL.

Daniel Stenberg (21 Jan 2010)
- Chris Conroy brought support for RTSP transfers, and with it comes 8(!) new
  libcurl options for controlling what to get and how to receive posssibly
  interleaved RTP data.

Daniel Stenberg (20 Jan 2010)
- As was pointed out on the http-state mailing list, the order of cookies in a