CHANGES.0

  it wasn't properly reset between transfers!

- Discussions with Cris Bailiff who writes a Perl interface to libcurl, made
  me add CURLOPT_HEADERFUNCTION. It can be used to set a separate callback
  function for writing headers. Previously you could only set a different FILE
  * when headers are written from within libcurl.

Daniel (7 April 2001)
- Andrés García fixed a problem in curl_escape() and pointed out a flaw in
  the curl_easy_setopt man page.

Daniel (6 April 2001)
- Adjusted the version code to properly display OpenSSL 0.9.6a. They sure
  change their version define format often...

- curl_formfree() now accepts a NULL pointer without crashing!

Version 7.7.1

Daniel (3 April 2001)
- Puneet Pawaia pointed out two serious problems. Libcurl would attempt to
  read bad memory during situations when an (ftp) connection attempt failed.
  Also, the lib/Makefile.vc6 was corrected.

- More investigations in the Location: following code made me realize that
  it was not clean enough to work transparantly with persistent and non-
  persistent connections. I think I've fixed it now.

Daniel (29 March 2001)
- Georg Horn mailed me some corrections for the Curl::easy perl interface.

- Experimental ftps:// support added. It is basically FTP over SSL for the
  control connection. It still makes all data transfers going over unencrypted
  connections. Rainer Weikusat's ftpd-ssl server hack supports this and I used
  that to verify the functionality.

Daniel (27 March 2001)
- Guenole Bescon discovered that if you set a CURLOPT_TIMEOUT and then tried
  to get a file from a site and it fails, the SIGALRM would still be sent
  after the timeout-time, quite inexpectedly!

- I added an ftp transfer example to docs/examples/ and I also wrote a tiny
  example makefile that can be used as a start when building one of the
  examples.

Version 7.7.1-beta1

Daniel (26 March 2001)
- Mohamed Lrhazi reported problems with 7.6.1 and persistent HTTP/1.0
  connections (when the server replied a Connection: Keep-Alive) and this
  problem was not properly dealt with in 7.7 either. A patch was posted to the
  curl-and-php mailing list.

Daniel (24 March 2001)
- Colin Watson reported about a problem and brought a patch that corrected it,
  which was about the man page and lines starting with a single quote (') in a
  way that gnroff doesn't like.

Daniel (23 March 2001)
- Peter Bray reported correctly that the root makefile used make instead of
  $(MAKE) for the test target.

- Corrected the Curl::easy perl interface to use curl_easy_setopt() and not
  curl_setopt() which was removed in 7.7!

- S. Moonesamy provided updates on three documents (MANUAL, INSTALL and FAQ).

- When following a Location:, libcurl would sometimes write to the URL string
  in a way it shouldn't. As the pointer is passed-in to libcurl from an
  application, we can't be allowed to write to it. The particular bug report
  from 'nk' that brought this up was because he had a read-only URL that then
  caused a libcurl crash!

- No longer reads HEAD responses longer than to the last header. Previously,
  curl would read the full reply if the connection was a "close" one.

- libcurl did re-use connections way too much. Doing "curl
  http://www.{microsoft,ibm}.com" would make it re-use the connection which
  made the second request return very odd results.

Daniel (22 March 2001)
- Edin Kadribasic made me aware that curl should not re-send POST requests
  when following 302-redirects. I made 302 work like 303 which means curl uses
  GET in the following request(s).

- libcurl now reset the "followed-location" counter on each invoke of
  curl_easy_perform() as it otherwise would sum up all redirects on the same
  connection and thus could reach the maxredirs counter wrongly.

- Jim Drash suggested curl_escape() should not re-encode what already looks
  like an encoded sequence and I think that's a fair suggestion.

Version 7.7

Daniel (22 March 2001)
- The configure script now fails with an error message if gethostbyname_r() is
  detected but it couldn't figure out how to invoke it (what amount of
  arguments it is supposed to get). Reports from Andrés García made me aware
  of this need.

- Talking with Jim Drash made me finally put the curl_escape and curl_unescape
  functions in the curl.h include file and write man pages for them. The
  escape function was modified to use the same interface as the unescape one
  had.

- No bug reports at all on the latest betas. Release time coming up.

Version 7.7-beta5

Daniel (19 March 2001)
- Georg Ottinger reported problems with using -C together with -L in the sense
  that the -C info got lost when it was redirected. I could not repeat this
  problem on the 7.7 branch why I leave this for the moment. Test case 39 was
  added to do exactly this, and it seems to do right.

- Christian Robottom Reis reported how his 7.7 beta didn't successfully do
  form posts as elegantly as 7.6.1 did. Indeed, this was a flaw in the header
  engine, as HTTP 1.1 has introduced a new 100 "transient" return code for PUT
  and POST operations that I need to add support for. Section 8.2.3 in RFC2616
  has all the details. Seems to work now!

Daniel (16 March 2001)
- After having experienced another machine break-down, we're back.

- Georg Horn's perl interface Curl::easy is now included in the curl release
  archive. The perl/ directory is now present. Please help me with docs,
  examples and updates you think fit.

- Made a new php/ directory in the release archive and moved the PHP examples
  into a subdirectory in there. Not much PHP info yet, but I plan to. Please
  help me here as well!

- Made libcurl return error if a transfer is aborted in the middle of a
  "chunk". It actually enables libcurl to discover premature transfer aborts
  even if the Content-Length: size is unknown.

Daniel (15 March 2001)
- Added --connect-timeout to curl, which sets the new CURLOPT_CONNECTTIMEOUT
  option in libcurl. It limits the time curl is allowed to spend in the
  connection phase. This differs from -m/--max-time that limits the entire
  file transfer operation. Requested by Larry Fahnoe and others.

  I also updated the curl.1 and curl_easy_setopt.3 man pages and removed the
  item from the TODO.

Version 7.7-beta4

Daniel (14 March 2001)
- Made curl grok IPv6 with HTTP proxies and got everything to compile nicely
  again when ENABLE_IPV6 is set.

  I need to remake things in the test suite. I can't test the FTP parts with
  curl built for IPv6 as it uses a different set of FTP commands then!

- I fell onto a bug report on php.net (posted by Lars Torben Wilson) that was
  a report meant for our project. Anyway, it said the .netrc parsing didn't
  work as supposed, and as I agreed with Lars, I made the netrc parser use
  getpwuid() to figure out the home directory of the effective user and try
  that netrc. It still uses the environment variable HOME for those that don't
  have that function or if the user doesn't return valid pwd info.

- Edin Kadribaic posted a bug report where he got a crash when a fetch with
  user+password in the URL followed a Location: to a second URL (absolute,
  without name+password). This bug has been around for a long while and
  crashes due to a read at address zero. Fixed now. Wrote test case 38, that
  tests this.

- Modified the test suite's httpserver slightly to append all client request
  data to its log file so that the test script now better can verify a range
  of requests and not only the last one, as it did previously.

- Updated the curl man page with --random-file and --egd-file details.

Version 7.7-beta3

Daniel (14 March 2001)
- Björn Stenberg provided similar fixes as Jörn did and some additional patches
  for non-SSL compiles.

- I increased the interface number for libcurl as I've removed the low level
  functions from the interface. I also took this opportunity to rename the
  Curl_strequal function to curl_strequal and Curl_strnequal to
  curl_strnequal, as they're public libcurl functions (even if they're still
  undocumented).

  This will make older programs not capable of using the new libcurl with
  just a drop-in replacement.

- Jörn Hartroth updated stuff for win32 compiles:
  o config-win32.h was fixed for socklen_t
  o lib/ssluse.c had a bad #endif placement
  o lib/file.c was made to compile on win32 again
  o lib/Makefile.m32 was updated with the new files
  o lib/libcurl.def matches the current interface state

Daniel (13 March 2001)
- It only took an hour or so before Jörn Hartroth found a problem in the
  chunked transfer-encoding. Given his fine example-site, I could easily spot
  the problem and when I re-read the spec (the part I have pasted in the top
  of the http_chunks.h file), I realized I had made my state-machine slightly
  wrong and didn't expect/handle the trailing CRLF that comes after the data
  in each chunk (and those extra two bytes sure feel wasted).

  Had to modify test case 34 to match this as well.

Version 7.7-beta2

Daniel (13 March 2001)
- Added the policy stuff to the curl_easy_setopt man page for the two supported
  policies.

- Implemented some support for the CURLOPT_CLOSEPOLICY option. The policies
  CURLCLOSEPOLICY_LEAST_RECENTLY_USED and CURLCLOSEPOLICY_OLDEST are now
  supported, and the "least recently used" is used as default if no policy
  is chosen.

Daniel (12 March 2001)
- Added CURLOPT_RANDOM_FILE and CURLOPT_EGDSOCKET to libcurl for seeding the
  SSL random engine. The random seeding support was also brought to the curl
  client with the new options --random-file <file> and --egd-file <file>. I
  need some people to really test this to know they work as supposed. Remember
  that libcurl now informs (if verbose is on) if the random seed is considered
  weak (HTTPS connections).

- Made the chunked transfer-encoding engine detected bad formatted data length
  and return error if so (we can't possibly extract sensible data if this is
  the case). Added a test case that detects this. Number 36. Now there are 60
  test cases.

- Added 5 new libcurl options to curl/curl.h that can be used to control the
  persistent connection support in libcurl. They're also documented (fairly
  thoroughly) in the curl_easy_setopt.3 man page. Three of them are now
  implemented, although not really tested at this point... Anyway, the new
  implemented options are named CURLOPT_MAXCONNECTS, CURLOPT_FRESH_CONNECT,
  CURLOPT_FORBID_REUSE. The ones still left to write code for are:
  CURLOPT_CLOSEPOLICY and its related option CURLOPT_CLOSEFUNCTION.

- Made curl (the actual command line tool) use the new libcurl 7.7 persistent
  connection support by re-using the same curl handle for every specified file
  transfer and after some more test case tweaking we have 100% test case OK.
  I made some test cases return HTTP/1.0 now to make sure that works as well.

- Had to add 'Connection: close' to the headers of a bunch of test cases so
  that curl behaves "old-style" since the test http server doesn't do multiple
  connections... Now I get 100% test case OK.

- The curl.haxx.se site, the main curl mailing list and my personal email are
  all dead today due to power blackout in the area where the main servers are
  located. Horrible.

- I've made persistance work over a squid HTTP proxy. I find it disturbing
  that it uses headers that aren't present in any HTTP standard though
  (Proxy-Connection:) and that makes me feel that I'm now on the edge of what
  the standard actually defines. I need to get this code excercised on a lot
  of different HTTP proxies before I feel safe.

  Now I'm facing the problem with my test suite servers (both FTP and HTTP)
  not supporting persistent connections and libcurl is doing them now. I have
  to fix the test servers to get all the test cases do OK.

Daniel (8 March 2001)
- Guenole Bescon reported that libcurl did output errors to stderr even if
  MUTE and NOPROGRESS was set. It turned out to be a bug and happens if
  there's an error and no ERRORBUFFER is set. This is now corrected.

Version 7.7-beta1

Daniel (8 March 2001)
- "Transfer-Encoding: chunked" is no longer any trouble for libcurl. I've
  added two source files and I've run some test downloads that look fine.

- HTTP HEAD works too, even on 1.1 servers.

Daniel (5 March 2001)
- The current 57 test cases now pass OK. It would suggest that libcurl works
  using the old-style with one connection per handle. The test suite doesn't
  handle multiple connections yet so there are no test cases for this.

- I patched the telnet.c heavily to not use any global variables anymore. It
  should make it a lot nicer library-wise.

- The file:// support was modified slightly to use the internal connect-first-
  then-do approach.

Daniel (4 March 2001)
- More bugs erased.

Version 7.7-alpha2

Daniel (4 March 2001)
- Now, there's even a basic check that a re-used connection is still alive
  before it is assumed so. A few first tests have proven that libcurl will
  then re-connect instead of re-use the dead connection!

Daniel (2 March 2001)
- Now they work intermixed as well. Major coolness!

- More fiddling around, my 'tiny' client I have for testing purposes now has
  proved to download both FTP and HTTP with persistent connections. They do
  not work intermixed yet though.

Daniel (1 March 2001)
- Wilfredo Sanchez pointed out a minor spelling mistake in a man page and that
  curl_slist_append() should take a const char * as second argument. It does
  now.

Daniel (22 February 2001)
- The persistent connections start to look good for HTTP. On a subsequent
  request, it seems that libcurl now can pick an already existing connection
  if a suitable one exists, or it opens a new one.

- Douglas R. Horner mailed me corrections to the curl_formparse() man page
  that I applied.

Daniel (20 February 2001)
- Added the docs/examples/win32sockets.c file for our windows friends.

- Linus Nielsen Feltzing provided brand new TELNET functionality and
  improvements:

  * Negotiation is now passive. Curl does not negotiate until the peer does.
  * Possibility to set negotiation options on the command line, currently only
    XDISPLOC, TTYPE and NEW_ENVIRON (called NEW_ENV).
  * Now sends the USER environment variable if the -u switch is used.
  * Use -t to set telnet options (Linus even updated the man page, awesome!)

- Haven't done this big changes to curl for a while. Moved around a lot of
  struct fields and stuff to make multiple connections get connection specific
  data in separate structs so that they can co-exist in a nice way. See the
  mailing lists for discussions around how this is gonna be implemented. Docs
  and more will follow.

  Studied the HTTP RFC to find out better how persistent connections should
  work. Seems cool enough.

Daniel (19 February 2001)
- Bob Schader brought me two files that help set up a MS VC++ libcurl project
  easier. He also provided me with an up-to-date libcurl.def file.

- I moved a bunch of prototypes from the public <curl/curl.h> file to the
  library private urldata.h. This is because of the upcoming changes. The
  low level interface is no longer being planned to become reality.

Daniel (15 February 2001)
- CURLOPT_POST is not required anymore. Just setting the POST string with
  CURLOPT_POSTFIELDS will switch on the HTTP POST. Most other things in
  libcurl already works this way, i.e they require only the parameter to
  switch on a feature so I think this works well with the rest. Setting a NULL
  string switches off the POST again.

- Excellent suggestions from Rich Gray, Rick Jones, Johan Nilsson and Bjorn
  Reese helped me define a way how to incorporate persistent connections into
  libcurl in a very smooth way. If done right, no change may have to be made
  to older programs and they will just start using persistent connections when
  applicable!

Daniel (13 February 2001)
- Changed the word 'timeouted' to 'timed out' in two different error messages.
  Suggested by Larry Fahnoe.

Version 7.6.1

Daniel (9 February 2001)
- Frank Reid and Cain Hopwood provided information and research around a HTTPS
  PUT/upload problem we seem to have. No solution found yet.

Daniel (8 February 2001)
- An interesting discussion is how to specify an empty password without having
  curl ask for it interactively? The current implmentation takes an empty
  password as a request for a password prompt. However, I still want to
  support a blank user field. Thus, today if you enter "-u :" (without user
  and password) curl will prompt for the password. Tricky. How would you
  specify you want the prompt otherwise?

- Made the netrc parse result possible to use for other protocols than FTP and
  HTTP (such as the upcoming TELNET fixes).

- The previously mentioned "MSVC++ problems" turned out to be a non-issue.

- Added a HTTP file upload code example in the docs/examples/ section on
  request.

- Adjusted the FTP response fix slightly.

Version 7.6.1-pre3

Daniel (7 February 2001)
- S. Moonesamy found a flaw in the response reading function for FTP that
  could make libcurl not get out of the loop properly when it should, if
  libcurl got -1 returned when reading the socket.

- I found a similar mistake in http.c when using a proxy and reading the
  results from the proxy connection.

Daniel (6 February 2001)
- S. Moonesamy pointed out that the VC makefile in src/ needed the libpath set
  for the debug build to work.

- Daniel Gehriger stepped in to assist with the VC++ stuff Robert Weaver
  brought up yesterday.

Daniel (5 February 2001)
- Jun-ichiro itojun Hagino brought a big patch that brings IPv6-awareness to
  a bunch of different areas within libcurl.

- Robert Weaver told me about the problems the MS VC++ 6.0 compiler has with
  the 'static' keyword on a number of libcurl functions. I might need to add a
  patch that redefines static when libcurl is compiled with that compiler.
  How do I know when VC++ compiles, anyone?

Daniel (4 February 2001)
- curl_getinfo() was extended with two new options:
  CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD. They
  return the full assumed content length of the transfer in the given
  direction. The CURLINFO_CONTENT_LENGTH_DOWNLOAD will be the Content-Length:
  size of a HTTP download. Added descriptions to the man page as well. This
  was done after discussions with Bob Schader.

Daniel (3 February 2001)
- Ingo Ralf Blum provided another fix that makes curl build under the more
  recent cygwin installations. It seems they've changed the preset defines to
  not include WIN32 anymore.

Version 7.6.1-pre2

Daniel (31 January 2001)
- Curl_read() and curl_read() now return a ssize_t for the size, as it had to
  be able to return -1. The telnet support crashed due to this and there was a
  possibility to weird behavior all over. Linus Nielsen Feltzing helped me
  find this.

- Added a configure.in check for a working getaddrinfo() if IPv6 is requested.
  I also made the configure script feature --enable-debug which sets a couple
  of compiler options when used. It assumes gcc.

Daniel (30 January 2001)
- I finally took a stab at the long-term FIXME item I've had on myself, and
  now libcurl will properly work when doing a HTTP range-request that follows
  a Location:. Previously that would make libcurl fail saying that the server
  doesn't seem to support range requests.

Daniel (29 January 2001)
- I added a test case for the HTTP PUT resume thing (test case 33).

Version 7.6.1-pre1

Daniel (29 January 2001)
- Yet another Content-Range change. Ok now? Bob Schader checks from his end 
  and it works for him.

Daniel (27 January 2001)
- So the HTTP PUT resume fix wasn't good. There should appearantly be a
  Content-Range header when resuming a PUT.

- I noticed I broke the download-check that verifies that a resumed HTTP
  download is actually resumed. It got broke because my new 'httpreq' field
  in the main curl struct. I should get slapped. I added a test case for
  this now, so I won't be able to ruin this again without noticing.

- Added a test case for content-length verifying when downloading HTTP.

- Made the progress meter title say if the transfer is being transfered. It
  makes the output slightly better for resumes.

- When dealing with Location: and HTTP return codes, libcurl will not attempt
  to follow the spirit of RFC2616 better. It means that when POSTing to a
  URL that is being following to a second place, the standard will judge on
  what to do. All HTTP codes except 303 and 305 will cause curl to make a
  second POST operation. 303 will make a GET and 305 is not yet supported.

  I also wrote two test cases for this POST/GET/Location stuff.

Version 7.6

Daniel (26 January 2001)
- Lots of mails back and forth with Bob Schader finally made me add a small
  piece of code in the HTTP engine so that HTTP upload resume works. You can
  now do an operation like 'curl -T file -C <offset> <URL>' and curl will PUT
  the ending part of the file starting at given offet to the specified URL.

Version 7.6-pre4

Daniel (25 January 2001)
- I took hold of Rick Jones' question why we don't use recv() and send() for
  reading/writing to the sockets and I've now modified the sread() and
  swrite() macros to use them instead. If nothing else, they could be tested
  in the next beta-round coming right up.

- Jeff Morrow found a problem with libcurl's usage of SSL_read() and supplied
  his research results in how to fix this. It turns out we have to invoke the
  function several times in some cases. The same goes for the SSL_write().

  I made some rather drastic changes all over libcurl to make all writes and
  reads get done on one single place so that this repeated-attempts thing
  would only have to be implemented at one point.

- Rick Jones spotted that the 'total time' counter really didn't measure the
  total time very accurate on subsecond levels.

- Johan Nilsson pointed out the need to more clearly specify that the timeout
  value you set for a download is for the *entire* download. There's currently
  no option available that sets a timeout for the connection phase only.

Daniel (24 January 2001)
- Ingo Ralf Blum submitted a series of patches required to get curl to compile
  properly with cygwin.

- Robert Weaver posted a fix for the win32 section of the curl_getenv() code
  that corrected a potential memory leak.

- Added comments in a few files in a sudden attempt to make the sources more
  easy to read and understand!

Daniel (23 January 2001)
- Added simple IPv6 detection in the configure script and made the version
  string add 'ipv6' to the enable section in that case. ENABLE_IPV6 will be
  set if curl is compiled with IPv6 support enabled.

- Added a parser for IPv6-style specified IP-addresses in a URL. Thus, when
  IPv6 gets enabled soon, we can use URLs like '[0::1]:80'...

- Made the URL globbing in the client possible to fail silently if there's an
  error in the globbing. It makes it almost intuitive, so when you don't
  follow the syntax rules, globbing is simply switched off and the raw string
  is used instead.

  I still think we'll get problems with IPv6-style IP-addresses when we *want*
  globbing on parts of the URL as the initial part of the URL will for sure
  seriously confuse the globber.

Daniel (22 January 2001)
- Björn Stenberg supplied a progress meter patch that makes it look better even
  during slow starts. Previously it made some silly assumptions...

- Added two FTP tests for -Q and -Q - stuff since it was being discussed on
  the mailing list. Had to correct the ftpserver.pl too as it bugged slightly.

Daniel (19 January 2001)
- Made the Location: parsers deal with any-length URLs. Thus I removed the last
  code that restricts the length of URLs that curl supports.

- Added a --globoff test case (#28) and it quickly identified a memory problem
  in src/main.c that I took care of.

Version 7.6-pre3

Daniel (17 January 2001)
- Made the two former files lib/download.c and lib/highlevel.c become the new
  lib/transfer.c which makes more sense. I also did the rename from Transfer()
  to Curl_Transfer() in the other source files that use the transfer function
  in the spirit of using Curl_ prefix for library-scoped global symbols.

Daniel (11 January 2001)
- Added -g/--globoff that switches OFF the URL globbing and thus enables {}[]
  letters to be part of the URL. Do note that RFC2396 section 2.4.3 explicitly
  mention these letters to be escaped. This was posted as a feature request by
  Jorge Gutierrez and as a bug by Terry.

- Short options to curl that requires parameters can now be specified without
  having the option and its parameter space separated. -ofile works as good as
  -o file. -m20 is equal to -m 20. Do note that this goes for single-letter
  options only, verbose --long-style options still must be separated with
  space from their parameters.

Daniel (8 January 2001)
- Francis Dagenais reported that the SCO compiler still fails when compiling
  curl due to that getpass_r() prototype. I've now put it around #ifndef
  HAVE_GETPASS_R in an attempt to please the SCO systems.

- Made some minor corrections to get the client to cleanup properly and I made
  the separator work again when getting multiple globbed URLs to stdout.

- Worked with Loic Dachary to get the make dist and make distcheck work
  correctly. The 'maketgz' script is now using the automake generated 'make
  dist' when creating release archives. Loic successfully made 'make rpms'
  automatically build RPMs!

Loic Dachary (6 January 2001)
- Automated generation of rpm packages, no need to be root.

- make distcheck generates a proper distribution (EXTRA_DIST
  in all Makefile.am modified to match FILES).

Daniel (5 January 2001)
- Huge client-side hack: now multiple URLs are supported. Any number of URLs
  can be specified on the command line, and they'll all be downloaded. There
  must be a corresponding -o or -O for each URL or the data will be written to
  stdout. This needs more testing, time to release a 7.6-pre package.

- The krb4 support was broken in the release. Fixed now.

- Huge internal symbol rename operation. All non-static but still lib-internal
  symbols should now be prefixed with 'Curl_' to prevent collisions with other
  libs. All public symbols should be prefixed with 'curl_' and the rest should
  be static and thus invisible to the outside world. I updated the INTERNALS
  document to say this as well.

Version 7.5.2

Daniel (4 January 2001)
- As Kevin P Roth suggested, I've added text to the man page for every command
  line option and what happens when you specify that option more than
  once. That hasn't been exactly crystal clear before.

- Made the configure script possible to run from outside the source-tree. For
  odd reasons I can't build curl properly outside though. It has to do with
  curl's dependencies on libcurl...

- Cut off all older (dated 1999 and earlier) CHANGES entries from this file.
  The older piece is named CHANGES.0 and is added to the CVS repository in
  case anyone would need it.

- I added another file 'CVS-INFO' to the CVS. It contains information about
  files in the CVS that aren't included in release archives and how to build
  curl when you get the sources off CVS.

- Updated CONTRIBUTE and FAQ due to the new license.

Daniel (3 January 2001)
- Renamed README.libcurl to LIBCURL

- Changed headers in all sources files to the new dual license concept of
  curl: use the MIT/X derivate license *or* MPL. The LEGAL file was updated
  accordingly and the MPL 1.1 and MIT/X derivate licenses are now part of the
  release archive.
Daniel (30 December 2000)
- Made all FTP commands get sent with the trailing CRLF in one single write()
  as splitting them up seems to confuse at least some firewalls (FW-1 being
  one major).

Daniel (19 December 2000)
- Added file desrciptor and FILE handle leak detection to the memdebug system
  and thus I found and removed a file descriptor leakage in the ftp parts
  that happened when you did PORTed downloads.

- Added an include <stdio.h> in <curl/curl.h> since it uses FILE *.

Daniel (12 December 2000)
- Multiple URL downloads with -O was still bugging. Not anymore I think or
  hope, or at least I've tried... :-O

- Francois Petitjean fixed another -O problem

Version 7.5.1

Daniel (11 December 2000)
- Cleaned up a few of the makefiles to use unix-style newlines only. As Kevin
  P Roth found out, at least one CVS client behaved wrongly when it found
  different newline conventions within the same file.

- Albert Chin-A-Young corrected the LDFLAGS use in the configure script for
  the SSL stuff.

Daniel (6 December 2000)
- Massimo Squillace correctly described how libcurl could use session ids when
  doing SSL connections.

- James Griffiths found out that curl would crash if the file you specify with
  -o is shorter than the URL! This took some hours to fully hunt down, but it
  is fixed now.

Daniel (5 December 2000)
- Jaepil Kim sent us makefiles that build curl using the free windows borland
  compiler. The root makefile now accepts 'make borland' to build curl with
  that compiler.

- Stefan Radman pointed out that the test makefiles didn't use the PERL
  variable that the configure scripts figure out. Actually, you still need
  perl in the path for the test suite to run ok.

- Rich Gray found numerous portability problems:
  * The SCO compiler got an error on the getpass_r() prototype in getpass.h
    since the curl one differed from the SCO one
  * The HPUX compiler got an error because of how curl did the sigaction
    stuff and used a define HPUX doesn't have (or need).
  * A few more problems remain to be researched.

- Paul Harrington experienced a core dump using https. Not much details yet.

Daniel (4 December 2000)
- Jörn Hartroth fixed a problem with multiple URLs and -o/-O.

Version 7.5

Daniel (1 December 2000)
- Craig Davison gave us his updates on the VC++ makefiles, so now curl should
  build fine with the Microsoft compiler on windows too.

- Fixed the libcurl versioning so that we don't ruin old programs when
  releasing new shared library interfaces.

Daniel (30 November 2000)
- Renamed docs/README.curl to docs/MANUAL to better reflect what the document
  actually contains.

Daniel (29 November 2000)
- I removed a bunch of '#if 0' sections from the code. They only make things
  harder to follow. After all, we do have all older versions in the CVS.

Version 7.5-pre5

Daniel (28 November 2000)
- I filled in more error codes in the man page error code list that had been
  lagging.

- James Griffiths mailed me a fine patch that introduces the CURLOPT_MAXREDIRS
  libcurl option. When used, it'll prevent location following more than the
  set number of times. It is useful to break out of endless redirect-loops.

Daniel (27 November 2000)
- Added two test cases for file://.

Daniel (22 November 2000)
- Added the libcurl CURLOPT_FILETIME setopt, when set it tries to get the
  modified time of the remote document. This is a special option since it
  involves an extra set of commands on FTP servers. (Using the MDTM command
  which is not in the RFC959)

  curl_easy_getinfo() got a corresponding CURLINFO_FILETIME to get the time
  after a transfer. It'll return a zero if CURLOPT_FILETIME wasn't used or if
  the time wasn't possible to get.

  --head/-I used on a FTP server will now present a 'Last-Modified:' header
  if curl could get the time of the specified file.

- Added the option '--cacert [file]' to curl, which allows a specified PEM
  file to be used to verify the peer's certificate when doing HTTPS
  connections. This has been requested, rather recently by Hulka Bohuslav but
  others have asked for it before as well.

Daniel (21 November 2000)
- Numerous fixes the test suite has brought into the daylight:

   * curl_unescape() could return a too long string
   * on ftp transfer failures, there could be memory leaks
   * ftp CWD could use bad directory names
   * memdebug now uses the mprintf() routines for better portability
   * free(NULL) removed when doing resumed transfers

- Added a bunch of test cases for FTP.

- General cleanups to make less warnings with gcc -Wall -pedantic.

- I made the tests/ftpserver.pl work with the most commonly used ftp
  operations. PORT, PASV, RETR, STOR, LIST, SIZE, USER, PASS all work now. Now
  all I have to do is integrate the ftp server doings in the runtests.pl
  script so that ftp tests can be run the same way http tests already run.

Daniel (20 November 2000)
- Made libcurl capable of dealing with any-length URLs. The former limit of
  4096 bytes was a bit annoying when people wanted to use curl to really make
  life tough on a web server. Now, the command line limit is the most annoying
  but that can be circumvented by using a config file.

  NOTE: there is still a 4096-byte limit on URLs extracted from Location:
  headers.

- Corrected the spelling of 'resolve' in two error messages.

- Alexander Kourakos posted a bug report and a patch that corrected it! It
  turned out that lynx and wget support lowercase environment variable names
  where curl only looked for the uppercase versions. Now curl will use the
  lowercase versions if they exist, but if they don't, it'll use the uppercase
  versions.

Daniel (17 November 2000)
- curl_formfree() was added. How come no one missed that one before? I ran the
  test suite with the malloc debug enabled and got lots of "nice" warnings on
  memory leaks. The most serious one was this. There were also leaks in the
  cookie handling, and a few errors when curl failed to connect and similar
  things. More tests cases were added to cover up and to verify that these
  problems have been removed.

- Mucho updated config file parser (I'm dead tired of all the bug reports and
  weird behaviour I get on the former one). It works slightly differently now,
  although I doubt many people will notice the differences. The main
  difference being that if you use options that require parameters, they must
  both be specified on the same line. With this new parser, you can also
  specify long options without '--' and you may separate options and
  parameters with : or =. It makes a config file line could look like:

        user-agent = "foobar and something"

  Parameters within quotes may contain spaces. Without quotes, they're
  expected to be a single non-space word.

  Had to patch the command line argument parser a little to make this work.

- Added --url as an option to allow the URL to be specified this way. It makes
  way nicer config files. The previous way of specifying URLs in the config
  file doesn't work anymore.

Daniel (15 November 2000)
- Using certain characters in usernames or passwords for HTTP authentication
  failed. This was due to the mprintf() that had a silly check for letters,
  and if they weren't isprint() they weren't outputed "as-is". This caused
  passwords and usernames using '§' (for example) to fail.

Version 7.4.2

Daniel (15 November 2000)
- 'tests/runtests.pl' now sorts the test cases properly when 'all' is used.

Daniel (14 November 2000)
- I fell over the draft-ietf-ftpext-mlst-12.txt Internet Draft titled
  "Extensions to FTP" that contains a defined way how the ftp command SIZE
  could be assumed to work.

- Laurent Papier posted a bug report about using "-C -" and FTP uploading a
  file that isn't prsent on the server. The server might then return a 550 and
  curl will fail. Should it instead as Laurent Papier suggests, start
  uploading from the beginning as a normal upload?

Daniel (13 November 2000)
- Fixed a crash with the followlocation counter.

- While writing test cases for the test suite, I discovered an old limitation
  that prevented -o and -T to be used at the same time. I removed this
  immediately as this has no relevance in the current libcurl.
  
- Chris Faherty fixed a free-twice problem in lib/file.c

- I fixed the perl http server problem in the test suite.

Version 7.4.2 pre4

Daniel (10 November 2000)
- I've (finally) started working on the curl test suite. It is in the new
  tests/ directory. It requires sh and perl. There's a TCP server in perl and
  most of the other stuff running a pretty simple shell script.

  I've only made four test cases so far, but it proves the system can work.

- Laurent Papier noticed that curl didn't set TYPE when doing --head checks
  for sizes on FTP servers. Some servers seem to return different sizes
  depending on whether ASCII or BINARY is used!

- Laurent Papier detected that if you appended a FTP upload and everything was
  already uploaded, curl would hang.

- Angus Mackay's getpass_r() in lib/getpass.c is now compliant with the
  getpass_r() function it seems some systems actually have.
  
- Venkataramana Mokkapati detected a bug in the cookie parser and corrected
  it.  If the cookie was set for the full host name (domain=full.host.com),
  the cookie was never sent back because of a faulty length comparison between
  the set domain length and the current host name.

Daniel (9 November 2000)
- Added a configure check for gethostbyname in -lsocket (OS/2 seems to need
  it). Added a check for RSAglue/rsaref for the cases where libcrypto is found
  but libssl isn't. I haven't verified this fix yet though, as I have no
  system that requires those libs to build.
  
Version 7.4.2 pre3

Daniel (7 November 2000)
- Removed perror() outputs from getpass.c. Angus Mackay also agreed to a
  slightly modified license of the getpass.c file as the prototype was changed.

Daniel (6 November 2000)
- Added possibility to set a password callback to use instead of the built-in.
  They're controled with curl_easy_setopt() of course, the tags are
  CURLOPT_PASSWDFUNCTION and CURLOPT_PASSWDDATA.

- Used T. Bharath's thinking and fixed the timers that showed terribly wrong
  times when location: headers were followed.

- Emmanuel Tychon discovered that curl didn't really like user names only in
  the URL. I corrected this and I also fixed the since long living problem
  with URL encoded user names and passwords in the URLs. They should work now.
  
Daniel (2 November 2000)
- When I added --interface, the new error code that was added with it was
  inserted in the wrong place and thus all error codes from 35 and upwards got
  increased one step. This is now corrected, we're back at the previous
  numbers. All new exit codes should be added at the end.

Daniel (1 November 2000)
- Added a check for signal() in the configure script so that if sigaction()
  isn't present, we can use signal() instead.

- I'm having a license discussion going on privately. The issue is yet again
  GPL-licensed programs that have problems with MPL. I am leaning towards
  making a kind of dual-license that will solve this once and for all...

Daniel (31 October 2000)
- Added the packages/ directory. I intend to let this contain some docs and
  templates on how to generate custom-format packages for various platforms.
  I've now removed the RPM related curl.spec files from the archive root.

Daniel (30 October 2000)
- T. Bharath brought a set of patches that bring new functionality to
  curl_easy_getinfo() and curl_easy_setopt(). Now you can request peer
  certificate verification with the *setopt() CURLOPT_SSL_VERIFYPEER option
  and then use the CURLOPT_CAINFO to set the certificate to verify the remote
  peer against. After an such an operation with a verification request, the
  *_getinfo() option CURLINFO_SSL_VERIFYRESULT will return information about
  whether the verification succeeded or not.  

Daniel (27 October 2000)
- Georg Horn brought us a splendid patch that solves the long-standing
  annoying problem with timeouts that made curl exit with silly exit codes
  (which as been commented out lately). This solution is sigaction() based and
  of course then only works for unixes (and only those unixes that actually
  have the sigaction() function).

Daniel (26 October 2000)
- Björn Stenberg supplied a patch that fixed the flaw mentioned by Kevin Roth
  that made the password get echoed when prompted for interactively. The
  getpass() function (now known as my_getpass()) was also fixed to not use any
  static buffers. This also means we cannot use the "standard" getpass()
  function even for those systems that have it, since it isn't thread-safe.
  
- Kevin Roth found out that if you'd write a config file with '-v url', the
  url would not be used as "default URL" as documented, although if you wrote
  it 'url -v' it worked! This has been corrected now.

- Kevin Roth's idea of using multiple -d options on the same command line was
  just brilliant, and I couldn't really think of any reason why we shouldn't
  support it! The append function always append '&' and then the new -d
  chunk. This enables constructs like the following:

        curl -d name=daniel -d age=unknown foobarsite.com

Daniel (24 October 2000)
- I fixed the lib/memdebug.c source so that it compiles on Linux and other
  systems. It will be useful one day when someone else but me wants to run the
  memory debugging system.

Daniel (23 October 2000)
- I modified the maketgz and configure scripts, so that the configure script
  will fetch the version number from the include/curl/curl.h header files, and
  then the maketgz doesn't have to rebuild the configure script when I build
  release-archives.

- Björn Stenberg and Linus Nielsen correctly pointed out that curl was silly
  enough to not allow @-letters in passwords when they were specified with the
  -u or -U flags (CURLOPT_USERPWD and CURLOPT_PROXYUSERPWD). This also
  suggests that curl probably should url-decode the password piece of an URL
  so that you could pass an encoded @-letter there...
  
Daniel (20 October 2000)
- Yet another http server barfed on curl's request that include the port
  number in the Host: header always. I now only include the port number if it
  isn't the default (80 for HTTP, 443 for HTTPS). www.perl.com turned out to
  run one of those nasty servers.

- The PHP4 module for curl had problems with referer that seems to have been
  corrected just yesterday. (Sterling Hughes of the PHP team confirmed this)

Daniel (17 October 2000)
- Vladimir Oblomov reported that the -Y and -y options didn't work. They
  didn't work for me either. This once again proves we should have that test
  suite...
  
- I finally changed the error message libcurl returns if you try a https://
  URL when the library wasn't build with SSL enabled. It will now return this
  error:
        "libcurl was built with SSL disabled, https: not supported!"

  I really hope it will make it a bit clearer to users where the actual
  problem lies.

Version 7.4.1

Daniel (16 October 2000)
- I forgot to remove some of the malloc debug defines from the makefiles in
  the release archive (of course).

Version 7.4

Daniel (16 October 2000)
- The buffer overflow mentioned below was posted to bugtraq on Friday 13th.

Daniel (12 October 2000)
- Colin Robert Phipps elegantly corrected a buffer overflow. It could be used
  by an evil ftp server to crash curl. I took the opportunity of replacing a
  few other sprintf()s into snprintf()s as well.

Daniel (11 October 2000)
- Found some more memory leaks. This new simple memory debugger has turned out
  really useful!

Version 7.4 pre6

Daniel (9 October 2000)
- Florian Koenig pointed out that the bool typedef in the curl/curl.h include
  file was breaking PHP 4.0.3 compiling. The bool typedef is not used in the
  public interface and was wrongly inserted in that header file.

- Jörg Hartroth corrected a minor memory leak in the src/urlglob.c stuff. It
  didn't harm anyone since the memory is free()ed on exit anyway.

- Corrected the src/main.c. We use the _MPRINTF_REPLACE #define to use our
  libcurl-printf() functions. This gives us snprintf() et al on all
  platforms. I converted the allocated useragent string to one that uses a
  local buffer.

- I've set an #if 0 section around the Content-Transfer-Encoding header