CHANGES

                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Daniel S (18 August 2007)
- Robson Braga Araujo filed bug report #1776235
  (http://curl.haxx.se/bug/view.cgi?id=1776235) about ftp requests with NOBODY
  on a directory would do a "SIZE (null)" request. This is now fixed and test
  case 1000 was added to verify.

Daniel S (17 August 2007)
- Song Ma provided a patch that cures a problem libcurl has when doing resume
  HTTP PUT using Digest authentication. Test case 5320 and 5322 were also
  added to verify the functionality.

Daniel S (14 August 2007)
- Andrew Wansink provided an NTLM bugfix: in the case the server sets the flag
  NTLMFLAG_NEGOTIATE_UNICODE, we need to filter it off because libcurl doesn't
  UNICODE encode the strings it packs into the NTLM authenticate packet.

Daniel S (11 August 2007)
- Allen Pulsifer provided a patch that makes libcurl set the expected download
  size earlier when doing HTTP downloads, so that applications and the
  progress meter etc know get the info earlier in the flow than before.

- Patrick Monnerat modified the LDAP code and approach in curl. Starting now,
  the configure script checks for openldap and friends and we link with those
  libs just like we link all other third party libraries, and we no longer
  dlopen() those libraries. Our private header file lib/ldap.h was renamed to
  lib/curl_ldap.h due to this. I set a tag in CVS (curl-7_17_0-preldapfix)
  just before this commit, just in case.

Dan F (8 August 2007)
- Song Ma noted a zlib memory leak in the illegal compressed header
  countermeasures code path.

Daniel S (4 August 2007)
- Patrick Monnerat fixed curl_easy_escape() and curlx_strtoll() to work on
  non-ASCII systems.

Daniel S (3 August 2007)
- I cut out support for libssh2 versions older than 0.16 to make our code a
  lot simpler, and to avoid getting trouble with the LIBSSH2_APINO define
  that 1) didn't work properly since it was >32 bits and 2) is removed in
  libssh2 0.16...

Daniel S (2 August 2007)
- Scott Cantor filed bug report #1766320
  (http://curl.haxx.se/bug/view.cgi?id=1766320) pointing out that the libcurl
  code accessed two curl_easy_setopt() options (CURLOPT_DNS_CACHE_TIMEOUT and
  CURLOPT_DNS_USE_GLOBAL_CACHE) as ints even though they're documented to be
  passed in as longs, and that makes a difference on 64 bit architectures.

- Dmitriy Sergeyev reported a regression: resumed file:// transfers broke
  after 7.16.2. This is much due to the different treatment file:// gets
  internally, but now I added test 231 to make it less likely to happen again
  without us noticing!

Daniel S (1 August 2007)
- Patrick Monnerat and I modified libcurl so that now it *copies* all strings
  passed to it with curl_easy_setopt()! Previously it has always just refered
  to the data, forcing the user to keep the data around until libcurl is done
  with it. That is now history and libcurl will instead clone the given
  strings and keep private copies. This is also part of Patrick Monnerat's
  OS/400 port.

  Due to this being a somewhat interesting change API wise, I've decided to
  bump the version of the upcoming release to 7.17.0. Older applications will
  of course not notice this change nor do they have to care, but new
  applications can be written to take advantage of this.

- Greg Morse reported a problem with POSTing using ANYAUTH to a server
  requiring NTLM, and he provided test code and a test server and we worked
  out a bug fix. We failed to count sent body data at times, which then caused
  internal confusions when libcurl tried to send the rest of the data in order
  to maintain the same connection alive.

Daniel S (31 July 2007)
- Peter O'Gorman pointed out (and fixed) that the non-blocking check in
  configure made libcurl use blocking sockets on AIX 4 and 5, while that
  wasn't the intention.

Daniel S (29 July 2007)
- Jayesh A Shah filed bug report #1759542
  (http://curl.haxx.se/bug/view.cgi?id=1759542) identifying a rather serious
  problem with FTPS: libcurl closed the data connection socket and then later
  in the flow it would call the SSL layer to do SSL shutdown which then would
  use a socket that had already been closed - so if the application had opened
  a new one in the mean time, libcurl could send gibberish that way! I worked
  with Greg Zavertnik to properly diagnose and fix this. The fix affects code
  for all SSL libraries we support, but it has only been truly verified to
  work fine for the OpenSSL version. The others have only been code reviewed.

Daniel S (23 July 2007)
- Implemented the parts of Patrick Monnerat's OS/400 patch that introduces
  support for the OS/400 Secure Sockets Layer library.

Dan F (23 July 2007)
- Implemented only the parts of Patrick Monnerat's OS/400 patch that renamed
  some few internal identifiers to avoid conflicts, which could be useful on
  other platforms.

Daniel S (22 July 2007)
- HTTP Digest bug fix by Chris Flerackers:

  Scenario

  - Perfoming a POST request with body
  - With authentication (only Digest)
  - Re-using a connection

  libcurl would send a HTTP POST with an Authorization header but without
  body. Our server would return 400 Bad Request in that case (because
  authentication passed, but the body was empty).

  Cause

  1) http_digest.c -> Curl_output_digest
  - Updates allocptr.userpwd/allocptr.proxyuserpwd *only* if d->nonce is
  filled in (and no errors)
  - authp->done = TRUE if d->nonce is filled in
  2) http.c -> Curl_http
  - *Always* uses allocptr.userpwd/allocptr.proxyuserpwd if not NULL
  3) http.c -> Curl_http, Curl_http_output_auth

  So what happens is that Curl_output_digest cannot yet update the
  Authorization header (allocptr.userpwd) which results in authhost->done=0 ->
  authhost->multi=1 -> conn->bits.authneg = TRUE.  The body is not
  added. *However*, allocptr.userpwd is still used when building the request

- Added test case 354 that makes a simple FTP retrieval without password, which
  verifies the bug fix in #1757328.

Daniel S (21 July 2007)
- To allow more flexibility in FTP test cases, I've removed the enforced states
  from the test server code as they served no real purpose. The test server
  is here to serve for the test cases, not to attempt to function as a real
  server! While at it, I modified test case 141 to better test and verify
  curl -I on a single FTP file.

Daniel S (20 July 2007)
- James Housley fixed the SFTP PWD command to work.

- Ralf S. Engelschall filed bug report #1757328
  (http://curl.haxx.se/bug/view.cgi?id=1757328) and submitted a patch. It
  turns out we broke login to FTP servers that don't require (nor understand)
  PASS after the USER command. The breakage was done as part of the krb5
  commit so a krb-using person needs to verify that the current version now
  works or if we need to fix it (in a different way of course).

Dan F (17 July 2007)
- Fixed test cases 613 and 614 by improving the log postprocessor to handle
  a new directory listing format that newer libssh2's can provide.  This
  is probably NOT sufficient to handle all directory listing formats that
  server's can provide, and should be revisited.

Daniel S (17 July 2007)
- Daniel Johnson fixed a bug in how libssh2_session_last_error() was used, in
  two places.

- Jofell Gallardo posted a libcurl log using FTP that exposed a bug which made
  a control connection that was deemed "dead" to yet be re-used in a following
  request.

Daniel S (13 July 2007)
- Colin Hogben filed bug report #1750274
  (http://curl.haxx.se/bug/view.cgi?id=1750274) and submitted a patch for the
  case where libcurl did a connect attempt to a non-listening port and didn't
  provide a human readable error string back.

- Daniel Cater fixes:
  1 - made 'make vc8' work on windows.
  2 - made libcurl itself built with CURL_NO_OLDIES defined (which doesn't
      define the symbols for backwards source compatibility)
  3 - updated libcurl-errors.3
  4 - added CURL_DISABLE_TFTP to docs/INSTALL

Daniel S (12 July 2007)
- Made the krb5 code build with Heimdal's GSSAPI lib.

Dan F (12 July 2007)
- Compile most of the example apps in docs/examples when doing a 'make check'.
  Fixed some compile warnings and errors in those examples.

- Removed the example program ftp3rdparty.c since libcurl doesn't support
  3rd party FTP transfers any longer.

Daniel S (12 July 2007)
- Shmulik Regev found an (albeit rare) case where the proxy CONNECT operation
  could in fact get stuck in an endless loop.

- Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation:
  fail to connect if there is no Common Name field found in the remote cert.
  We should deprecate the support for this set to 1 anyway soon, since the
  feature is pointless and most likely never really used by anyone.