CHANGES

                                  _   _ ____  _     
                              ___| | | |  _ \| |    
                             / __| | | | |_) | |    
                            | (__| |_| |  _ <| |___ 
                             \___|\___/|_| \_\_____|

                               History of Changes


Daniel (15 August 2000)
- Mathieu Legare compiled and build 7.1 without errors on both AIX 4.2 as well
  as AIX 4.3. Now why did problems occur before?

- Fred Noz reported a -w/--write-out bug that caused it to malfunction when
  used combined with multiple URL retrievales. All but the first display got
  screwed up!

Daniel (11 August 2000)
- Jason Priebe and an anynomous friend found some host names the Linux version
  of curl could not resolve. It turned out the buffer used to retrieve that
  information was too small. Fixed. One could argue about the usefulness of
  not having the slightest trace of a man page for gethostbyname_r() on my
  Linux Redhat installation...

Daniel (10 August 2000)
- Balaji S Rao missed the possibility of replacing the Content-Type: and
  Content-Length: headers when doing -d posts. I added the possibility just now

Daniel (8 August 2000)
- Mike Dowell correctly discovered that curl did not approve URLs with no user
  name but password. As in 'http://:foo@haxx.se'. I corrected this.

Version 7.1

Daniel (7 August 2000)
- My AIX 4 fix does not work. I need help from a AIX 4 hacker.

- I added my new document in the docs directory. It is aimed to become a sort
  of tutorial on how to do HTTP scripting with curl.

Daniel (4 August 2000)
- Working with Rich Gray on compiling curl for lots of different platforms.
  My fix for AIX 3.2 was not good enough and was slightly changed, I had to
  move an include file before another, as is now described in the source.

  AIX 4.2 (4.X?) has different gethostbyname_r() and gethostbyaddr_r()
  functions that the configure script didn't check for and thus the compile
  broke with an error. I have now changed the gethostbyname_r() check in the
  configure file to support all three versions of both these functions. My
  implementation that uses the AIX-style is though not yet verified and I may
  get problems to fix it if it turns out to bug since I don't have access to
  any system using that.

  For problems like that, I made the configure script allow --disable-thread
  to completely switch off the check for threadsafe versions of a few
  functions and thus go with the "good old versions" that tend to work
  although will break thread-safeness for libcurl. Most people won't use
  libcurl for other things than curl though, and curl doesn't need a
  thread-safe lib.

- Working on my big tutorial about HTTP scripting with curl.

Daniel (1 August 2000)
- Rich Gray spotted a problem in src/setup.h caused by a #define strequal()
  that was just a left-over from passed times. The strequal() is now a true
  function supplied by libcurl for a portable case insensitive string
  comparison. I added the prototypes in include/curl.h and removed the
  now obsolete #define.

- Igor Khristophorov made a fix to allow resumed download from Sun's
  JavaWebServer/1.1.1. It seems that their server sends bad Content-Range
  headers.

- The makefiles forced a static library build, which is bad since we now use
  libtool and thus have excellent shared library support! Albert Chin-A-Young
  found out.

Version 7.0.11beta

Daniel (1 August 2000)
- Albert Chin-A-Young pointed out that 'make install' did not properly create
  the header include directory, why it failed to install the header files as
  it should. Automake isn't really equipped to deal with subdirectories
  without Makefiles in any nice way. I had to run ahead and add Makefiles in
  both include and include/curl before I managed to create a top-level
  makefile that succeeds in install everything properly!

- Ok, no more "features" added now. Let's just verify that there's no major
  flaws added now.

Daniel (31 July 2000)
- Both Jeff Schasny and Ketil Froyn asked me how to tell curl not to send one
  of those internally generated headers. They didn't settle with the blank
  ones you could tell curl to use. I rewrote the header-replace stuff a
  little. Now, if you replace an internal header with your own and that new
  one is a blank header you will only remove the internal one and not get any
  blank. I couldn't figure out any case when you want that blank header.

Daniel (29 July 2000)
- It struck me that the lib used localtime() which is not thread-safe, so now
  I use localtime_r() in the systems that has it.

- I went through this entire document and removed all email addresses and left
  names only. I've really made an effort to always note who brought be bug
  reports or fixes, but more and more people ask me to remove the email
  addresses since they become victims for spams this way. Gordon Beaton got me
  working on this.

Daniel (27 July 2000)
- Jörn Hartroth found out that when you specified a HTTP proxy in an
  environment variable and used -L, curl failed in the second fetch. I
  corrected this problem and posted a patch to the list. No need for an extra
  beta release just for this.

Version 7.0.10beta

Daniel (27 July 2000)
- So, libtool replaced two of my files with symbolic links and I forgot to add
  the two new libtool files to the release archive (and they were added as
  symlinks as well!) This of course lead to that the configure script failed
  on 7.0.9...

Version 7.0.9beta

Daniel (25 July 2000)
- Kristian Köhntopp <kris at koehntopp.de> brought a fix that makes libcurl
  libtoolified, just as we've wanted for a while now. He also made the
  recently added man pages get installed properly on 'make install' and some
  other nice cleanups.

- In a discussion with Eetu Ojanen it struck me that if we use curl to get a
  page using a password, and that page then sends a Location: to another
  server that curl follows, curl will send the user name and password to that
  server as well.

  Now, I'll never be able to make curl do Location: following all that perfect
  and you're all sooner or later required to write a script to do several
  fetches when you're doing advanced stuff, but now I've modified curl to at
  least *only* send the user name and password to the original server. Which
  means that if get a page from server A with a password, that forwards curl
  to server B, curl won't use the password there. If server B then forwards
  curl back to server A again, the password will be used again.

  This is not a perfect implementation, as in a browser case it would only use
  the password if the left-prefix of the first path is the same. I just think
  that this fix prevents a somewhat lurky "security hole".

  As a side-note in this subject: HTTP passwords are sent in cleartext and
  will never be considered to be safe or secure. Use HTTPS for that.

- As discussed on the mailing list, I converted the FTP response reading
  function into using select() which then allows timeouts (even under win32!)
  if the command-reply session gets too slow or dies completely. I made a
  default timeout on 3600 seconds unless anything else is specified, since I
  don't think anyone wants to wait more than that for a single character to
  get received...

- Torsten Foertsch <torsten.foertsch at gmx.net> brought a set of fixes for
  the rfc1867 form posts. He introduced 'name=<file' which brings a means to
  suuply very large text chunks read from the given file name. It differs from
  'name=@file' in the way that this latter thing is marked in the uploaded
  contents as a file upload, while the first is just text (as in a input or
  textarea field). Torsten also corrected a bug that would happen if you used
  %s or similar in a -F file name.

- As discovered by Nico Baggus <Nico.Baggus at mail.ing.nl>, when transferring
  files to/from FTP using type ASCII curl should not expect the transfer to be
  the exact size reported by the server as the file size. Since ASCII may very
  well mean that the content is translated while transfered, the final size
  may very well differ. Therefor, curl now ignores the file size when doing
  ASCII transfers in FTP.

Daniel (24 July 2000)
- Added CURLOPT_PROXYPORT to the curl_easy_setopt() call to allow the proxy
  port number to be set separately from the proxy host name.

- Andrew <andrew at ugh.net.au> pointed out a netrc manual bug.

- The FTP transfer code now accepts a 250-code as well as the previously
  accepted 226, after a successful file transfer. Mohan <mnair at
  evergreen-funds.com> pointed this out.

- The check for *both* nsl and socket was never added in the v7 configure.in
  when I moved the main branch. I re-added that check to configure.in. This was
  discovered by Rich Gray.

- Howard, Blaise <Blaise.Howard at factiva.com> pointed out a missing free() in
  curl_disconnect() which of course meant libcurl ate memory.

- Brian E. Gallew noted that the HTTP 'Host:' header curl sent did not
  properly include the port number if non-default ports were used. This should
  now have been fixed.

- HTTP connect errors now return errors earlier. This was most notably causing
  problems when the HTTPS certificate had problems and later caused a crash.
  Many thanks to Gregory Nicholls <gnicholls at level8.com> for discovering
  and suggesting a fix...

Daniel (21 June 2000)
- After a "bug report" I received where the user was using both -F and -I in a