CHANGES

  segfault. While fixing this, I also introduced better error reporting in the
  globbing code. (All this is application code outside libcurl.)

Daniel (6 June)
- David Orrell found out that sending a huge GET request over HTTPS could
  make libcurl fail and return an error code.

Daniel (2 June)
- Richard Bramante found out that "Content-Length: 0" was not properly used by
  libcurl if the response-headers indicated that the connection would be
  closed.

- David Byron's patch was applied, that makes the --progress-bar take the
  local size into account when doing resumed downloads.

- Feedback from Serge Semashko made me change the error message returned when
  CURLE_HTTP_RETURNED_ERROR is returned.

- Anonymous in bug report #745122 pointed out that we should really be using
  SSL_CTX_set_options(... SSL_OP_ALL) to work around flaws in existing SSL
  implementations.

Daniel (27 May)
- Andreas Ley and Rich Gray helped me point out that no version of HP-UX has
  the sys/select.h header file so including it unconditionally in curl/multi.h
  is not a good thing. Now we check for HPUX and avoid using that header on
  such systems.

- Rudy Koento experienced problems with curl's recent habit of POSTing data in
  two separate send() calls, first the headers and then the data. I've now
  made a fix that for static and known content that is less than 100K in size,
  everything is now sent in one single system call again. This is also better
  for network performance reasons.

- I modified the main makefile to not build the test suite and a few other
  unnecessary things by default. Now, the test suite is built when 'make test'
  is run.  This reduces build time for those who don't care for the test
  suite, and it also reduces confusion for people using platforms where the
  test suite build fails!

Daniel (26 May)
- Chris Lewis pointed out a flaw in the #ifdefs in curl/multi.h for Windows,
  which is now corrected.

- Jis Joy found another flaw in the SOCK5 code, as libcurl treated the socks5
  proxy a little too much like as if it was a http proxy.

Daniel (23 May)
- Ricardo Cadime found a socket leak when listing directories without
  contents. Test cases 144 and 145 were added to verify the fix.

- Rudy Koento found yet another problem when a HTTP server returns only a
  single-line of contents without any headers at all. libcurl then failed to
  count the data, thus returning error 52 "no contents". Test case 66 was
  added to verify that we now do right.

Version 7.10.6-pre1 (23 May 2003)

Daniel (23 May)
- Jis in bug report #741841, fixed a bug in the SOCKS5 proxy-using code.

Daniel (22 May)
- David Remahl set up a test-server for me providing Digest authentication,
  and I wrote the first working code that support it. The test suite was
  modified slightly as well to work better for it and --digest was added to
  the command line options (and CURLOPT_HTTPDIGEST to the library)...  RFC2617
  has all the gory details.

Daniel (21 May)
- David Balazic pointed out that curl_unescape() didn't check that %-codes
  were correctly followed by two hexadecimal digits when it unescape strings.
  Now, we do the check and only %XX codes are unescaped if the X letters are
  hexadecimals.

- Gisle Vanem made curl build with djgpp on DOS.

- Gisle Vanem improved the mkhelp.pl script to make a nicer manual that is
  shown with curl -M.

Daniel (20 May)
- Gisle Vanem provided a fix that makes libcurl more conservative, not
  expecting h_aliases of the hostent struct to always be non-NULL.

Daniel (19 May)
- As requested by Martin Michlmayr in Debian bug report #193630, libcurl now
  supports user name and password in the proxy environment variables. Added
  test case 63 to verify this.

Version 7.10.5 (19 May 2003)

Daniel (15 May)
- Changed the order for the in_addr_t testing, as 'unsigned long' seems to be
  a very common type inet_addr() returns.

Daniel (14 May)
- George Comninos provided a fix that calls the progress meter when waiting
  for FTP command responses take >1 second. It'll make applications more
  "responsive" even when dealing with very slow ftp servers.

Daniel (12 May)
- George Comninos pointed out that libcurl uploads had two quirks:
   o when using FTP PORT command, it used blocking sockets!
   o it could loop a long time without doing progress meter updates
  Both items are fixed now.

Daniel (9 May)
- Dan Fandrich changed CURLOPT_ENCODING to select all supported encodings if
  set to "".  This frees the application from having to know which encodings
  the library supports.

- Dan Fandrich pointed out we had three unnecessary files in CVS that is
  generated with libtoolize, so they're now removed and libtoolize is invoked
  accordingly in the buildconf script.

- Avery Fay found out that the CURLOPT_INTERFACE way of first checking if the
  given name is a network interface gave a real performance penalty on Linux,
  so now we more appropriately first check if it is an IP number and if so
  we don't check for a network interface with that name.

- CURLOPT_FTP_USE_EPRT added. Set this to FALSE to disable libcurl's attempts
  to use EPRT and LPRT before the traditional PORT command. The command line
  tool sets this option with '--disable-eprt'.

Version 7.10.5-pre2 (6 May 2003)

Daniel (6 May)
- Kevin Delafield reported another case where we didn't correctly check for
  EAGAIN but only EWOULDBLOCK, which caused badness on HPUX.

Daniel (4 May)
- Ben Greear noticed that the check for 'writable argv' exited the configure
  script when run for cross-compiling, which wasn't nice. Now it'll default to
  no and output a warning about the fact that it was not checked for.

Daniel (2 May)
- Added test case 62 and fixed some more on the cookie sending with a custom
  Host: header set.

Daniel (1 May)
- Andy Cedilnik fixed a few compiler warnings.

- Made the "SSL read error: 5" error message more verbose, by adding code that
  queries the OpenSSL library to fill in the error buffer.

Daniel (30 Apr)
- Added sys/select.h include in the curl/multi.h file, after having been
  reminded about this by Rich Gray.

- I made each test set its own server requirements, thus abandoning the
  previous system where the test number implied what server(s) to use for a
  specific test.

- David Balazic made curl more RFC1738-compliant for FTP URLs, by fixing so
  that libcurl now uses one CWD command for each path part. A bunch of test
  cases were fixed to work accordingly.

- Cookie fixes:

  A. Save domains in jars like Mozilla does. It means all domains set in
     Set-Cookie: headers are dot-prefixed.
  B. Save and use the 'tailmatch' field in the Mozilla/Netscape cookie jars
     (the second column).
  C. Reject cookies using illegal domains in the Set-Cookie: line. Concerns
     both domains with too few dots or domains that are outside the currently
     operating server host's domain.
  D. Set the path part by default to the one used in the request, if none was
     set in the Set-Cookie line.

  To make item C really good, I also made libcurl notice custom Host: headers
  and extract the host name set in there and use that as the host name for the
  site we're getting the cookies from. This allows user to specify a site's
  IP-address, but still be able to receive and send its cookies properly if
  you provide a valid Host: name for the site.

Daniel (29 Apr)
- Peter Kovacs provided a patch that makes the CURLINFO_CONNECT_TIME work fine
  when using the multi interface (too).

Version 7.10.5-pre1 (23 Apr 2003)

Daniel (23 Apr)
- Upgraded to libtool 1.5.

Daniel (22 Apr)
- Peter Sylvester pointed out that curl_easy_setopt() will always (wrongly)
  return CURLE_OK no matter what happens.

- Dan Fandrich fixed some gzip decompression bugs and flaws.

Daniel (16 Apr)
- Fixed minor typo in man page, reported in the Debian bug tracker.

Daniel (15 Apr)
- Fixed some FTP tests in the test suite that failed on my Solaris host, due
  to the config.h not being included before the system headers. When done that
  way, it did get a mixed sense of if big files are supported or not and then
  stat() and fstat() (as used in test case 505) got confused and failed to
  return a proper file size.

- Formposting a file using a .html suffix is now properly set to Content-Type:    text/html.

Daniel (14 Apr)
- Fixed the SSL error handling to return proper SSL error messages again, they
  broke in 7.10.4. I also attempt to track down CA cert problems and then
  return the CURLE_SSL_CACERT error code.

- The curl tool now intercepts the CURLE_SSL_CACERT error code and displays
  a fairly big and explanatory error message. Kevin Roth helped me out with
  the wording.

Daniel (11 Apr)
- Nic Hines provided a second patch for gzip decompression, and fixed a bug
  when deflate or gzip contents were downloaded using chunked encoding.

- Dan Fandrich made libcurl support automatic decompression of gzip contents
  (as an addition to the previous deflate support).

- I made the CWD command during FTP session consider all 2xy codes to be OK
  responses.

Daniel (10 Apr)
- Vlad Krupin fixed a URL parsing issue. URLs that were not using a slash
  after the host name, but still had "?" and parameters appended, as in
  "http://hostname.com?foobar=moo", were not properly parsed by libcurl.

Daniel (9 Apr)
- Made CURLOPT_TIMECONDITION work for FTP transfers, using the same syntax as
  for HTTP. This then made -z work for ftp transfers too. Added test case 139
  and 140 for verifying this.

- Getting the file date of an ftp file used the wrong time zone when
  displayed. It is supposedly always GMT. Added test case 141 for this.

- Made the test suite's FTP server support MDTM.

- The default DEBUGFUNCTION, as enabled with CURLOPT_VERBOSE now outputs
  CURLINFO_HEADER_IN data as well. The most notable effect from this is that
  using curl -v, you get to see the incoming "headers" as well. This is
  perhaps most useful when doing ftp.

Daniel (8 Apr)
- James Bursa fixed a flaw in the Content-Type extraction code, which missed
  the first letter if no space followed the colon.

- Magnus Nilsson pointed out that share.c was missing in the MSVC project
  file.

Daniel (6 Apr)
- Ryan Weaver provided a patch that makes the CA cert bundle not get installed
  anymore when 'configure --without-ssl' has been used.

Daniel (4 Apr)
- Martijn Broenland found another cases where a server application didn't
  like the boundary string used by curl when foing a multi-part/formpost. We
  modified the boundary string to look like the one IE uses, as this is
  probably gonna make curl work with more applications.

Daniel (3 Apr)
- Kevin Roth reported that a bunch of tests fails on cygwin. One set fails
  when using perl 5.8 (and they run fine with perl 5.6), and another set
  failed because of an artifact in the test suite's FTP server that I
  corrected. It turned out the FTP server code was still having a file opened
  while the main test script removed it and invoked the HTTP server that
  attempted to create the same file name of the file the FTP server kept open.
  This operation works fine on unix, but not on cygwin.

Version 7.10.4 (2 Apr 2003)

Daniel (1 Apr)
- Added test case 505 to exercise FTP upload with rename done with libcurl,
  and for that I had to extend the test suite's FTP server to deal with the
  RNFR and RNTO commands.

Daniel (31 Mar)
- Even more SSL config check modifications after Richard's testing.

Version 7.10.4-pre6 (31 Mar 2003)

Daniel (31 Mar)
- More fixes for the SSL session ID cache checks when SSL configs are changed
  between connections. Based on tests and talks with Richard Bramante.

- Guillaume Cottenceau provided a patch that added CURLOPT_UNRESTRICTED_AUTH.
  When enabled, it will prevent libcurl from limiting to which host it sends
  user+password to when following locations. By default, libcurl only sends
  name and password to the original host used in the first URL, but with this
  option set it will send the auth info to all hosts it follows location
  headers to. The new tool command line option for this is named
  "--location-trusted".

- Frankie Fong reported a problem with libcurl if you re-used an easy handle
  with a proxy, and you first made a https:// connction to a host and then
  switched to a http:// one to the same host. libcurl would then wrongly re-use
  the same connection for it and fail to get the second URL properly

Daniel (29 Mar)
- Dan Shearer's fix that makes curl complain if invoked with nothing but "curl
  -O" was applied.

Daniel (26 Mar)
- Bryan Kemp was friendly enough to lend me an account on his Redhat 9 box and
  I could fix the configure problems on redhat 8.1 and 9 in no time thanks to
  this. Thanks a bunch Bryan!

Daniel (25 Mar)
- Renamed configure.in to configure.ac

Version 7.10.4-pre5 (25 Mar 2003)

Daniel (25 Mar)
- Richard Bramante provided a fix for a handle re-use problem seen when you
  change options on an SSL-enabled connection between requests. Previously,
  changing peer verification or host verification and similar things was not
  taken into account when a connection were checked for re-use and thus
  enabling stricter check between requests on a re-used connection made no
  difference and the connection would thus be used erroneously.

Daniel (24 Mar)
- Götz Babin-Ebell pointed out that the ca-bundle.crt file contained a
  certificate from Trustcenter that was a demo certificate only that was never
  indended to be part of a CA bundle.

Daniel (21 Mar)
- Life is a mystery. Within a time period of 17 hours, Tim Pope and Michael
  Churchill filed one bug report each, both identifying problems with a second
  transfer when doing persistant transfers re-using a connection. Tim's one is
  #706624, labeled "Multiple uploads per handle fail" and Michael's #707003
  "Does not send Authorization: header when reusing connection". I could track
  both down to the same piece of logic and it turned out libcurl was not using
  new settings properly when re-using an existing connection. This concerned
  both uploading and downloading and involved exactly those pieces these two
  reports identified. This code has been this faulty since the day I
  introduced persistant connection support in libcurl, more than 2 years ago.

Daniel (20 Mar 2003)
- Five year anniversary. Today five years ago, the first ever curl release saw
  the light of day.

Daniel (17 Mar)
- Andy Cedilnik corrected flaws in some libcurl example-usage sources.

Daniel (16 Mar)
- Juan F. Codagnone reported that the fix from March 2nd was incomplete.

- Added code to the configure.in to check for select() argument types. I've
  not made any code use the results just yet though.

Daniel (15 Mar)
- Gisle Vanem provided two patches to build better on Windows.

- Adjusted the test suite code to better make sure that the server(s) required
  for a specific test is properly started before the test case is attempted.
  Many tests now run a lot faster than before.

Daniel (14 Mar)
- Another configure.in adjustment made the configure detect functions properly
  on HPUX now.

Daniel (13 Mar)
- Philippe Raoult fixed pre4-compile quirks for FreeBSD.

Version 7.10.4-pre4 (13 Mar 2003)

Daniel (13 Mar)
- Added a backup-check for functions that aren't found by AC_CHECK_FUNCS()
  as I believe some checks on HPUX need this. At least some of the info given
  to us by Rick Jones seemed to indicate this.

Daniel (12 Mar)
- Thomas Tonino found out that if you used the curl tool to do PUT operations
  as in 'curl www.foo.com/dir/ -T file' and the file name included for example
  space or other characters that don't belong in URLs, curl did not properly
  URL encode them before using them in the URL.

- Added an option to configure called --enable-libgcc that simply adds -lgcc
  to the LIBS variable, as this seems to be a common problem.

- I modified the configure.in file, so that the headers are now checked in an
  order of "viality". We must also make sure to use the "default headers"
  parameter to AC_CHECK_HEADERS() so that headers are checked with the proper
  prerequisites included (i.e all the major and generally important header
  files are included there by default). This might be what we need for various
  Sun, HP, AIX and Tru64 systems to behave good again on the header check
  front.

- Rick Jones pointed out a few compiler warnings on HP-UX that I addressed.

- I made the configure --help output nicer by using AC_HELP_STRING() a lot
  more.

Daniel (11 Mar)
- Christophe Demory fixed the socket sending code to work better on HP-UX
  when sending data to a socket that would block. It then returns EAGAIN, not
  EWOULDBLOCK.

- Richard Gorton improved the seeding function for systems without a good
  and reliable random source.

- Richard Gorton fixed a few warnings that popped up when you built curl
  using the Sun compiler on a 64bit SPARC platform.

- Martin C. Martin fixed a case where a connect failure using the multi
  interface didn't produce a human readable error string.

Daniel (10 Mar)
- Reverted ltmain.sh back to libtool 1.4.2 status again, as the 1.4.3 version
  broke the build on numerous platforms. It seems that libtool 1.4.3 puts some
  requirements on what versions of the other tools (autoconf + automake) that
  I am not familiar with and thus I couldn't fulfill at this point.

  Yes, this is more than mildly frustrating.

Daniel (7 Mar)
- Run libtoolize version 1.4.3.

Version 7.10.4-pre3 (4 Mar 2003)

Daniel (3 Mar)
- Added share.obj to the VC6 and Borland libcurl makefiles.

- Troels Walsted Hansen found and investigated a problem with libcurl on AIX,
  presumably only on 4.3 or later. gethostbyname_r() is not returning data
  that is possible to "keep" and cache the way libcurl does. But instead these
  versions of AIX uses a gethostbyname() that works thread-safely we can
  instead use the ordinary gethostbyname() and our pack_hostent() approach to
  achieve what we want. The configure script now attempts to detect AIX 4.3 or
  later to adjust for this.

Daniel (2 Mar)
- Juan F. Codagnone found a problem introduced in 7.10.3 when you first did a
  POST and then back to a GET using the same easy handle.

Daniel (28 Feb)
- Removed the strequal and strnequal defines from curl/curl.h header. They
  were never meant for the public header anyway. Philippe Raoult brought it
  up.

- James Bursa fixed the RISC OS build.

Daniel (27 Feb)
- Avery Fay pointed out the very misleading curl_multi_info_read man page, and
  I updated it to become more accurate.

- Salvatore Sorrentino found a problem with FTP downloading that turned out to
  be his FTP server returning size zero (0 bytes) when SIZE was used on a file
  while being in BINARY mode. We now make a second check for the actual size
  by scanning the RETR reply anyway, even if the SIZE command returned 0.

Daniel (26 Feb)
- Kyle Sallee reported a case where he would do a transfer that didn't update
  the progress meter properly. It turned out to be a case where libcurl would
  loop a little too eagerly in the tranfer loop, which isn't really good for
  the APIs, especially not the multi API.

Version 7.10.4-pre2 (24 Feb 2003)

Daniel (24 Feb)
- Kjetil Jacobsen found out that setting CURLOPT_MAXCONNECTS to a value higher
  than 5 could cause a segfault.

- I believe I fixed the 'Expect: 100-continue' behavior that has been broken
  for a while (I think since my change dated Dec 10 2002). When this header is
  used, libcurl should wait for a HTTP 100 (or timeout) before sending the
  post/put data.

Daniel (14 Feb)
- Matthew Clarke provided some info what to modify to make curl build
  flawlessly on AIX 3.2.5.

- Martin C. Martin found and fixed a problem in the multi interface when
  running on Windows and trying to connect to a port without a listener.

Daniel (13 Feb)
- Christopher R. Palmer fixed Curl_base64_encode() to deal with zeroes in the
  data to encode.

Daniel (4 Feb)
- Jean-Philippe added the first code that enables the 'share' system. This
  should now enable sharing of DNS data between two curl easy handles.

- Incorporated Nico Baggus' fixes to again compile flawlessly on VMS.

- James Bursa corrected a bad comment in the public include file curl/multi.h

- Peter Forret reported one of those error:00000000 cases in libcurl again
  when connecting to a HTTPS site, and this time I did discover some oddities
  in how curl reports SSL errors back. It could miss showing the actual error.

Version 7.10.4-pre1 (3 Feb 2003)

Daniel (3 Feb)
- Removed things in the docs saying capath doesn't work on Windows, as Julian
  Noble told us it works fine.

Daniel (31 Jan)
- Kevin Roth fixed the zlib build stuff in the Mingw32 makefile.

Daniel (30 Jan)
- Kevin Roth found out that curl on Windows always checked for the CA cert
  bundle using the environment variable and the path scan, even though
  -k/--insecure was used.

- Hamish Mackenzie pointed out that curl only did strict host name verifying
  if capath or cainfo was used. Now it'll always do it unless -k / --insecure
  is used!

- Pavel Cenek pointed out that the Content-Type extraction was done wrongly
  as the full string was not fetched. Added test case 57 to verify that curl
  does it right now.

Daniel (29 Jan)
- Jamie Wilkinson provided a patch that now makes curl attempt to clear out
  "sensitive" command line arguments so that they don't appear in ps outputs
  (only on platforms that allow writing to argv[]).

- John McGowan found out that the DEBUGFUNCTION could be called with bad
  arguments and thus cause the --trace outputs to go wrong.

- Removed all the emacs local variables from all files. Mats Lidell provided
  the new sample.emacs file (for a sample of what to include in your .emacs)
  and the curl-style.el that sets a better c-style for editing curl sources.

- Dave Halbakken found a problem with FTP downloads that could accidently
  return CURLE_PARTIAL_FILE when curl_easy_perform() was called with NOBODY
  set TRUE.

Daniel (27 Jan)
- The fopen.c example was flawed as Nick Humfrey noticed, and I fixed it to
  work again.

Daniel (24 Jan)
- Bertrand Demiddelaer found and fixed a memory leak (the content-type string)
  when following locations.

Daniel (22 Jan 2003)
- Ian Wilkes and Legoff Vincent both independently provided fixes for making
  curl/multi.h work properly when compiled with a C++ compiler.

Daniel (20 Jan 2003)
- Fixed 'buildconf' to check version number of the required tools before
  they're actually used.

- Wrote 'testcurl.sh', a script targeted for automatic and distributed curl
  tests on various platforms.

- David Thiel pointed out that the .netrc file was not being dealt with
  properly anymore. I broke this in the password prompting "fix".

- Markus F.X.J. Oberhumer patched libcurl to allocate the scratch buffer only
  on demand and thus we save 32KB in each curl handle that don't use that
  buffer. This need appeared when some people started using thousands of
  simultaneous curl handles... :-)

Daniel (16 Jan 2003)
- Markus Oberhumer fixed curl-config --cflags when the includedir was not
  /usr/include.

- Markus Oberhumer fixed CURLINFO_PRIVATE to properly return NULL if it was
  set to NULL!

Version 7.10.3 (14 Jan 2003)

Daniel (10 Jan 2003)
- Steve Oliphant pointed out that test case 105 did not work anymore and this
  was due to a missing fix for the password prompting.

Version 7.10.3-pre6 (10 Jan 2003)

Daniel (9 Jan 2003)
- Bryan Kemp pointed out that curl -u could not provide a blank password
  without prompting the user. It can now. -u username: makes the password
  empty, while -u username makes curl prompt the user for a password.

- Kjetil Jacobsen found a remaining connect problem in the multi interface on
  ipv4 systems (Linux only?), that I fixed and Kjetil verified that it fixed
  his problems.

- memanalyze.pl now reads a file name from the command line, and no longer
  takes the data on stdin as before.

Version 7.10.3-pre5 (9 Jan 2003)

Daniel (9 Jan 2003)
- Fixed tests/memanalyze.pl to work with file names that contain colons (as on
  Windows).
  
- Kjetil Jacobsen quickly pointed out that lib/share.h was missing...

Version 7.10.3-pre4 (9 Jan 2003)

Daniel (9 Jan 2003)
- Updated lib/share.c quite a bit to match the design document at
  http://curl.haxx.se/dev/sharing.txt a lot more.

  I'll try to update the document soonish. share.c is still not actually used
  by libcurl, but the API is slowly getting there and we can start
  implementing code that takes advantage of this system.

Daniel (8 Jan 2003)
- Updated share stuff in curl/curl.h, including data types, structs and
  function prototypes. The corresponding files in lib/ were also modified
  of course to remain compilable. Based on input from Jean-Philippe and also
  to make it more in line with the design document.

- Jean-Philippe Barrette-LaPierre patched a very trivial memory leak in
  curl_escape() that would happen when realloc() returns NULL...

- Matthew Blain provided feedback to make the --create-dirs stuff build
  properly on Windows.

- Fixed the #include in tests/libtest/first.c as Legoff Vincent pointed out.

Daniel (7 Jan 2003)
- Philippe Raoult provided a patch that now makes libcurl properly support
  wildcard checks for certificate names.

- Simon Liu added CURLOPT_HTTP200ALIASES, to let an application set other
  strings recognized as "HTTP 200" to allow http-like protocols to get
  downloaded fine by curl.

- Now using autoconf 2.57 and automake 1.7.2

- Doing "curl -I ftp://domain/non-existing-file" still outputed a date!
  Wayne Haigh reported.

- The error message is now written properly with a newline in the --trace
  file.

Daniel (6 Jan 2003)
- Sterling Hughes fixed a possible bug: previously, if you called
  curl_easy_perform and then set the global dns cache, the global cache
  wouldn't be used. Pointed out by Jean-Philippe Barrette-LaPierre.

- Matthew Blain's fixed the VC6 libcurl makefile to include better debug data
  on debug builds.