CHANGES

                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Yang Tse (20 Apr 2010)
- Ruslan Gazizov detected that MSVC makefiles were using wsock32.lib instead
  of ws2_32.lib, this generated linking issues on MSVC IPv6 enabled builds
  that were done using those makefiles.

Daniel Stenberg (19 Apr 2010)
- -J/--remote-header-name didn't strip trailing carriage returns or linefeeds
  properly, so they could be used in the file name.

Daniel Stenberg (16 Apr 2010)
- Jerome Vouillon made the GnuTLS SSL handshake phase non-blocking.

- The recent overhaul of the SSL recv function made the GnuTLS specific code
  treat a zero returned from gnutls_record_recv() as an error, and this caused
  our HTTPS test cases to fail. We leave it to upper layer code to detect if
  an EOF is a problem or not.

- I reverted the resolver fix from yesterday and instead removed all uses of
  AI_CANONNAME all over libcurl and made the only user of that info (krb5.c)
  use the host name from the URL instead. No reverse resolving is a good
  thing.

- Paul Howarth made configure properly detect GSS "on ancient Linux distros"
  by editing in which order we use headers to detect GSS.

Daniel Stenberg (15 Apr 2010)
- Rainer Canavan filed bug report #2987196 that identified libcurl doing
  unnecesary reverse name lookups in many cases when built to use IPv4 and
  getaddrinfo(). The logic for ipv6 is now used for ipv4 too.

  (http://curl.haxx.se/bug/view.cgi?id=2963679)

Version 7.20.1 (14 April 2010)

Daniel Stenberg (9 Apr 2010)
- Prefixing the FTP quote commands with an asterisk really only worked for the
  postquote actions. This is now fixed and test case 227 has been extended to
  verify.

Kamil Dudka (4 Apr 2010)
- Eliminated a race condition in Curl_resolv_timeout().

- Refactorized interface of Curl_ssl_recv()/Curl_ssl_send().

- libcurl-NSS now provides more accurate messages and error codes in case of
  client certificate problem.  Either during connection, or transfer phase.

Daniel Stenberg (1 Apr 2010)
- Matt Wixson found and fixed a bug in the SCP/SFTP area where the code
  treated a 0 return code from libssh2 to be the same as EAGAIN while in
  reality it isn't. The problem caused a hang in SFTP transfers from a
  MessageWay server.

Daniel Stenberg (28 Mar 2010)
- Ben Greear: If you pass a URL to pop3 that does not contain a message ID as
  part of the URL, it would previously ask for 'INBOX' which just causes the
  pop3 server to return an error.
    
  Now libcurl treats en empty message ID as a request for LIST (list of pop3
  message IDs).  User's code could then parse this and download individual
  messages as desired.

Daniel Stenberg (27 Mar 2010)
- Ben Greear brought a patch that from now on allows all protocols to specify
  name and user within the URL, in the same manner HTTP and FTP have been
  allowed to in the past - although far from all of the libcurl supported
  protocls actually have that feature in their URL definition spec.

Daniel Stenberg (26 Mar 2010)
- Ben Greear brought code that makes the rate limiting code for the easy
  interface a bit smoother as it introduces sub-second sleeps during it and it
  also takes the buffer sizes into account.

Daniel Stenberg (24 Mar 2010)
- Bob Richmond: There's an annoying situation where libcurl will read new HTTP
  response data from a socket, then check if it's a timeout if one is set. If
  the last packet received constitutes the end of the response body, libcurl
  still treats it as a timeout condition and reports a message like:

  "Operation timed out after 3000 milliseconds with 876 out of 876 bytes 
  received"

  It should only a timeout if the timer lapsed and we DIDN'T receive the end
  of the response body yet.

- Christopher Conroy fixed a problem with RTSP and GET_PARAMETER reported
  to us by Massimo Callegari. There's a new test case 572 that verifies this
  now.

- The 'ares' subtree has been removed from the source repository. It was
  always a separate project that sort of piggybacked on the curl project since
  the dawn of times and now the time has come for it to go stand on its own
  legs and continue living its own life. All details on c-ares and its new
  source code repository is found at http://c-ares.haxx.se/

Daniel Stenberg (23 Mar 2010)
- Kenny To filed the bug report #2963679 with patch to fix a problem he
  experienced with doing multi interface HTTP POST over a proxy using
  PROXYTUNNEL. He found a case where it would connect fine but bits.tcpconnect
  was not set correct so libcurl didn't work properly.

  (http://curl.haxx.se/bug/view.cgi?id=2963679)

- Akos Pasztory filed debian bug report #572276
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572276 mentioning a problem
  with a resource that returns chunked-encoded _and_ with a Content-Length
  and libcurl failed to properly ignore the latter information.

- Hauke Duden provided an example program that made the multi interface crash.
  His example simply used the multi interface and did first one FTP transfer
  and after completion it used a second easy handle and did another FTP
  transfer on the same FTP server.

  This triggered a bug in the "delayed easy handle kill" system that curl
  uses: when an FTP connection is left alive it must keep an easy handle
  around internally - only for the purpose of having an easy handle when it
  later disconnects it. The code assumed that when the easy handle was removed
  and an internal reference was made, that version could be killed later on
  when a new easy handle came using the same connection. This was wrong as
  Hauke's example showed that the removed handle wasn't killed for real until
  later. This caused a double close attempt => segfault.

Daniel Stenberg (22 Mar 2010)
- Thomas Lopatic fixed the alarm()-based DNS timeout:

  Looking at the code of Curl_resolv_timeout() in hostip.c, I think that in
  case of a timeout, the signal handler for SIGALRM never gets removed. I
  think that in my case it gets executed at some point later on when execution
  has long left Curl_resolv_timeout() or even the cURL library.
  
  The code that is jumped to with siglongjmp() simply sets the error message
  to "name lookup timed out" and then returns with CURLRESOLV_ERROR. I guess
  that instead of simply returning without cleaning up, the code should have a
  goto that jumps to the spot right after the call to Curl_resolv().

Kamil Dudka (22 Mar 2010)
- Douglas Steinwand contributed a patch fixing insufficient initialization in
  Curl_clone_ssl_config()

Daniel Stenberg (21 Mar 2010)
- Ben Greear improved TFTP: the error code returning and the treatment
  of TSIZE == 0 when uploading.

- We've switched from CVS to git. See http://curl.haxx.se/source.html

Kamil Dudka (19 Mar 2010)
- Improved Curl_read() to not ignore the error returned from Curl_ssl_recv().

Daniel Stenberg (15 Mar 2010)
- Constantine Sapuntzakis brought a patch:

  The problem mentioned on Dec 10 2009
  (http://curl.haxx.se/bug/view.cgi?id=2905220) was only partially fixed.
  Partially because an easy handle can be associated with many connections in
  the cache (e.g. if there is a redirect during the lifetime of the easy
  handle).  The previous patch only cleaned up the first one. The new fix now
  removes the easy handle from all connections, not just the first one.

Daniel Stenberg (6 Mar 2010)
- Ben Greear brought a patch that fixed the rate limiting logic for TFTP when
  the easy interface was used.

Daniel Stenberg (5 Mar 2010)
- Daniel Johnson provided fixes for building curl with the clang compiler.

Yang Tse (5 Mar 2010)
- Constantine Sapuntzakis detected and fixed a double free in builds done
  with threaded resolver enabled (Windows default configuration) that would
  get triggered when a curl handle is closed while doing DNS resolution.

Daniel Stenberg (2 Mar 2010)
- [Daniel Johnson] I've been trying to build libcurl with clang on Darwin and
  ran into some issues with the GSSAPI tests in configure.ac. The tests first
  try to determine the include dirs and libs and set CPPFLAGS and LIBS
  accordingly. It then checks for the headers and finally sets LIBS a second
  time, causing the libs to be included twice. The first setting of LIBS seems
  redundant and should be left out, since the first part is otherwise just
  about finding headers.

  My second issue is that 'krb5-config --libs gssapi' on Darwin is less than
  useless and returns junk that, while it happens to work with gcc, causes
  clang to choke. For example, --libs returns $CFLAGS along with the libs,
  which is really retarded. Simply setting 'LIBS="$LIBS -lgssapi_krb5
  -lresolv"' on Darwin is sufficient.

- Based on patch provided by Jacob Moshenko, the transfer logic now properly
  makes sure that when using sub-second timeouts, there's no final bad 1000ms
  wait. Previously, a sub-second timeout would often make the elapsed time end
  up the time rounded up to the nearest second (e.g. 1s for 200ms timeout)

- Andrei Benea filed bug report #2956698 and pointed out that the
  CURLOPT_CERTINFO feature leaked memory due to a missing OpenSSL function