CHANGES

                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog


Daniel Stenberg (10 Jan 2009)
- Emil Romanus fixed:

  When using the multi interface over HTTP and the server returns a Location
  header, the running easy handle will get stuck in the CURLM_STATE_PERFORM
  state, leaving the external event loop stuck waiting for data from the
  ingoing socket (when using the curl_multi_socket_action stuff). While this
  bug was pretty hard to find, it seems to require only a one-line fix. The
  break statement on line 1374 in multi.c caused the function to skip the call
  to multistate().

  How to reproduce this bug? Well, that's another question.  evhiperfifo.c in
  the examples directory chokes on this bug only _sometimes_, probably
  depending on how fast the URLs are added. One way of testing the bug out is
  writing to hiper.fifo from more than one source at the same time.

Daniel Fandrich (7 Jan 2009)
- Unified much of the SessionHandle initialization done in Curl_open() and
  curl_easy_reset() by creating Curl_init_userdefined(). This had the side
  effect of fixing curl_easy_reset() so it now also resets
  CURLOPT_FTP_FILEMETHOD and CURLOPT_SSL_SESSIONID_CACHE

Daniel Stenberg (7 Jan 2009)
- Rob Crittenden did once again provide an NSS update:

  I have to jump through a few hoops now with the NSS library initialization
  since another part of an application may have already initialized NSS by the
  time Curl gets invoked. This patch is more careful to only shutdown the NSS
  library if Curl did the initialization.

  It also adds in a bit of code to set the default ciphers if the app that
  call NSS_Init* did not call NSS_SetDomesticPolicy() or set specific
  ciphers. One might argue that this lets other application developers get
  lazy and/or they aren't using the NSS API correctly, and you'd be right.
  But still, this will avoid terribly difficult-to-trace crashes and is
  generally helpful.

Daniel Stenberg (1 Jan 2009)
- 'reconf' is removed since we rather have users use 'buildconf'

Daniel Stenberg (31 Dec 2008)
- Bas Mevissen reported http://curl.haxx.se/bug/view.cgi?id=2479030 pointing
  out that 'reconf' didn't properly point out the m4 subdirectory when running
  aclocal.

Daniel Stenberg (29 Dec 2008)
 - Phil Lisiecki filed bug report #2413067
  (http://curl.haxx.se/bug/view.cgi?id=2413067) that identified a problem that
  would cause libcurl to mark a DNS cache entry "in use" eternally if the
  subsequence TCP connect failed. It would thus never get pruned and refreshed
  as it should've been.

  Phil provided his own patch to this problem that while it seemed to work
  wasn't complete and thus I wrote my own fix to the problem.

Daniel Stenberg (28 Dec 2008)
- Peter Korsgaard fixed building libcurl with "configure --with-ssl
  --disable-verbose".
  
- Anthony Bryan fixed more language and spelling flaws in man pages.

Daniel Stenberg (22 Dec 2008)
- Given a recent enough libssh2, libcurl can now seek/resume with SFTP even
  on file indexes beyond 2 or 4GB.

- Anthony Bryan provided a set of patches that cleaned up manual language,
  corrected spellings and more.

Daniel Stenberg (20 Dec 2008)
- Igor Novoseltsev fixed a bad situation for the multi_socket() API when doing
  pipelining, as libcurl could then easily get confused and A) work on the
  handle that was not "first in queue" on a pipeline, or even B) tell the app
  to REMOVE a socket while it was in use by a second handle in a pipeline. Both
  errors caused hanging or stalling applications.

Daniel Stenberg (19 Dec 2008)
- curl_multi_timeout() could return a timeout value of 0 even though nothing
  was actually ready to get done, as the internal time resolution is higher
  than the returned millisecond timer. Therefore it could cause applications
  running on fast processors to do short bursts of busy-loops.
  curl_multi_timeout() will now only return 0 if the timeout is actually
  alreay triggered.

- Using the libssh2 0.19 function libssh2_session_block_directions(), libcurl
  now has an improved ability to do right when the multi interface (both
  "regular" and multi_socket) is used for SCP and SFTP transfers. This should
  result in (much) less busy-loop situations and thus less CPU usage with no
  speed loss.

Daniel Stenberg (17 Dec 2008)
- SCP and SFTP with the multi interface had the same flaw: the 'DONE'
  operation didn't complete properly if the EAGAIN equivalent was returned but
  libcurl would simply continue with a half-completed close operation
  performed. This ruined persistent connection re-use and cause some
  SSH-protocol errors in general. The correction is unfortunately adding a
  blocking function - doing it entirely non-blocking should be considered for
  a better fix.

Gisle Vanem (16 Dec 2008)
- Added the possibility to use the Watt-32 tcp/ip stack under Windows.
  The change simply involved adding a USE_WATT32 section in the
  config-win32.h files (under ./lib and ./src). This section disables
  the use of any Winsock headers.

Daniel Stenberg (16 Dec 2008)
- libssh2_sftp_last_error() was wrongly used at some places in libcurl which
  made libcurl sometimes not properly abort problematic SFTP transfers.

Daniel Stenberg (12 Dec 2008)
- More work with Igor Novoseltsev to first fix the remaining stuff for
  removing easy handles from multi handles when the easy handle is/was within
  a HTTP pipeline. His bug report #2351653
  (http://curl.haxx.se/bug/view.cgi?id=2351653) was also related and was
  eventually fixed by a patch by Igor himself.

Yang Tse (12 Dec 2008)
- Patrick Monnerat fixed a build regression, introduced in 7.19.2, affecting
  OS/400 compilations with IPv6 enabled.

Daniel Stenberg (12 Dec 2008)
- Mark Karpeles filed bug report #2416182 titled "crash in ConnectionExists
  when using duphandle+curl_mutli"
  (http://curl.haxx.se/bug/view.cgi?id=2416182) which showed that
  curl_easy_duphandle() wrongly also copied the pointer to the connection
  cache, which was plain wrong and caused a segfault if the handle would be
  used in a different multi handle than the handle it was duplicated from.

Daniel Stenberg (11 Dec 2008)
- Keshav Krity found out that libcurl failed to deal with dotted IPv6
  addresses if they were very long (>39 letters) due to a too strict address
  validity parser. It now accepts addresses up to 45 bytes long.

Daniel Stenberg (11 Dec 2008)
- Internet Explorer had a broken HTTP digest authentication before v7 and
  there are servers "out there" that relies on the client doing this broken
  Digest authentication. Apache even comes with an option to work with such
  broken clients.

  The difference is only for URLs that contain a query-part (a '?'-letter and
  text to the right of it).

  libcurl now supports this quirk, and you enable it by setting the
  CURLAUTH_DIGEST_IE bit in the bitmask you pass to the CURLOPT_HTTPAUTH or
  CURLOPT_PROXYAUTH options. They are thus individually controlled to server
  and proxy.

  (note that there's no way to activate this with the curl tool yet)

Daniel Fandrich (9 Dec 2008)
- Added test cases 1089 and 1090 to test --write-out after a redirect to
  test a report that the size didn't work, but these test cases pass.

- Documented CURLOPT_CONNECT_ONLY as being useful only on HTTP URLs.

Daniel Stenberg (9 Dec 2008)
- Ken Hirsch simplified how libcurl does FTPS: now it doesn't assume any
  particular state for the control connection like it did before for implicit
  FTPS (libcurl assumed such control connections to be encrypted while some
  FTPS servers such as FileZilla assumes such connections to be clear
  mode). Use the CURLOPT_USE_SSL option to set your desired level.

Daniel Stenberg (8 Dec 2008)
- Fred Machado posted about a weird FTP problem on the curl-users list and when
  researching it, it turned out he got a 550 response back from a SIZE command
  and then I fell over the text in RFC3659 that says:

   The presence of the 550 error response to a SIZE command MUST NOT be taken
   by the client as an indication that the file cannot be transferred in the
   current MODE and TYPE.

  In other words: the change I did on September 30th 2008 and that has been
  included in the last two releases were a regression and a bad idea. We MUST
  NOT take a 550 response from SIZE as a hint that the file doesn't exist.

- Christian Krause filed bug #2221237
  (http://curl.haxx.se/bug/view.cgi?id=2221237) that identified an infinite
  loop during GSS authentication given some specific conditions. With his
  patience and great feedback I managed to narrow down the problem and
  eventually fix it although I can't test any of this myself!

Daniel Fandrich (3 Dec 2008)
- Fixed the getifaddrs version of Curl_if2ip to work on systems without IPv6
  support (e.g. Minix)

Daniel Stenberg (3 Dec 2008)
- Igor Novoseltsev filed bug #2351645
  (http://curl.haxx.se/bug/view.cgi?id=2351645) that identified a problem with
  the multi interface that occured if you removed an easy handle while in
  progress and the handle was used in a HTTP pipeline.

- Pawel Kierski pointed out a mistake in the cookie code that could lead to a