CHANGES

                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Daniel (29 January 2005)
- multi interface: when a request is denied due to "Maximum redirects
  followed" libcurl leaked the last Location: URL.

- Connect failures with the multi interface was often returned as "connect()
  timed out" even though the reason was different.

Daniel (28 January 2005)
- KNOWN_BUGS #17 fixed. A DNS cache entry may not remain locked between two
  curl_easy_perform() invokes. It was previously unlocked at disconnect, which
  could mean that it remained locked between multiple transfers. The DNS cache
  may not live as long as the connection cache does, as they are separate.

  To deal with the lack of DNS (host address) data availability in re-used
  connections, libcurl now keeps a copy of the IP adress as a string, to be
  able to show it even on subsequent requests on the same connection.

  The problem could be made to appear with this stunt:

  1. create a multi handle
  2. add an easy handle
  3. fetch a URL that is persistent (leaves the connection alive)
  4. remove the easy handle from the multi
  5. kill the multi handle
  6. create a multi handle
  7. add the same easy handle to the new multi handle
  8. fetch a URL from the same server as before (re-using the connection)

- Stephen More pointed out that CURLOPT_FTPPORT and the -P option didn't work
  when built ipv6-enabled. I've now made a fix for it. Writing test cases for
  custom port hosts turned too tricky so unfortunately there's none.

Daniel (25 January 2005)
- Ian Ford asked about support for the FTP command ACCT, and I discovered it
  is present in RFC959... so now (lib)curl supports it as well. --ftp-account
  and CURLOPT_FTP_ACCOUNT set the account string. (The server may ask for an
  account string after PASS have been sent away. The client responds
  with "ACCT [account string]".) Added test case 228 and 229 to verify the
  functionality. Updated the test FTP server to support ACCT somewhat.

- David Shaw contributed a fairly complete and detailed autoconf test you can
  use to detect libcurl and setup variables for the protocols the installed
  libcurl supports: docs/libcurl/libcurl.m4

Daniel (21 January 2005)
- Major FTP third party transfer overhaul.

  These four options are now obsolete: CURLOPT_SOURCE_HOST,
  CURLOPT_SOURCE_PATH, CURLOPT_SOURCE_PORT (this option didn't work before)
  and CURLOPT_PASV_HOST.

  These two options are added: CURLOPT_SOURCE_URL and CURLOPT_SOURCE_QUOTE.

  The target-side didn't use the proper path with RETR, and thus this only
  worked correctly in the login path (i.e without doing any CWD). The source-
  side still uses a wrong path, but the fix for this will need to wait. Verify
  the flaw by using a source URL with included %XX-codes.

  Made CURLOPT_FTPPORT control weather the target operation should use PORT
  (or not). The other side thus uses passive (PASV) mode.

  Updated the ftp3rdparty.c example source to use the updated options.

  Added support for a second FTP server in the test suite. Named... ftp2.
  Added test cases 230, 231 and 232 as a few first basic tests of very simple
  3rd party transfers.

  Changed the debug output to include 'target' and 'source' when a 3rd party
  is being made, to make it clearer what commands/responses came on what
  connection.

  Added three new command line options: --3p-url, --3p-user and --3p-quote.

  Documented the command line options and the curl_easy_setopt options related
  to third party transfers.

  (Temporarily) disabled the ability to re-use an existing connection for the
  source connection. This is because it needs to force a new in case the
  source and target is the same host, and the host name check is trickier now
  when the source is identified with a full URL instead of a plain host name
  like before.

  TODO (short-term) for 3rd party transfers: quote support. The options are
  there, we need to add test cases to verify their functionality.

  TODO (long-term) for 3rd party transfers: IPv6 support (EPRT and EPSV etc)
  and SSL/TSL support.

Daniel (20 January 2005)
- Philippe Hameau found out that -Q "+[command]" didn't work, although some
  code was written for it. I fixed and added test case 227 to verify it.
  The curl.1 man page didn't mention the '+' so I added it.

Daniel (19 January 2005)
- Stephan Bergmann made libcurl return CURLE_URL_MALFORMAT if an FTP URL
  contains %0a or %0d in the user, password or CWD parts. (A future fix would
  include doing it for %00 as well - see KNOWN_BUGS for details.) Test case
  225 and 226 were added to verify this

- Stephan Bergmann pointed out two flaws in libcurl built with HTTP disabled:

  1) the proxy environment variables are still read and used to set HTTP proxy

  2) you couldn't disable http proxy with CURLOPT_PROXY (since the option was
     disabled). This is important since apps may want to disable HTTP proxy
     without actually knowing if libcurl was built to disable HTTP or not.

  Based on Stephan's patch, both these issues should now be fixed.

Daniel (18 January 2005)
- Cody Jones' enhanced version of Samuel Díaz García's MSVC makefile patch was
  applied.

Daniel (16 January 2005)
- Alex aka WindEagle pointed out that when doing "curl -v dictionary.com", curl
  assumed this used the DICT protocol. While guessing protocols will remain
  fuzzy, I've now made sure that the host names must start with "[protocol]."
  for them to be a valid guessable name. I also removed "https" as a prefix
  that indicates HTTPS, since we hardly ever see any host names using that.

Daniel (13 January 2005)
- Inspired by Martijn Koster's patch and example source at
  http://www.greenhills.co.uk/mak/gentoo/curl-eintr-bug.c, I now made the
  select() and poll() calls properly loop if they return -1 and errno is
  EINTR. glibc docs for this is found here:
  http://www.gnu.org/software/libc/manual/html_node/Interrupted-Primitives.html

  This last link says BSD doesn't have this "effect". Will there be a problem
  if we do this unconditionally?

Daniel (11 January 2005)
- Dan Torop cleaned up a few no longer used variables from David Phillips'
  select() overhaul fix.

- Cyrill Osterwalder posted a detailed analysis about a bug that occurs when
  using a custom Host: header and curl fails to send a request on a re-used
  persistent connection and thus creates a new connection and resends it. It
  then sent two Host: headers. Cyrill's analysis was posted here:
  http://curl.haxx.se/mail/archive-2005-01/0022.html

- Bruce Mitchener identified (bug report #1099640) the never-ending SOCKS5
  problem with the version byte and the check for bad versions. Bruce has lots
  of clues on this, and based on his suggestion I've now removed the check of
  that byte since it seems to be able to contain 1 or 5.

Daniel (10 January 2005)
- Pavel Orehov reported memory problems with the multi interface in bug report
  #1098843. In short, a shared DNS cache was setup for a multi handle and when
  the shared cache was deleted before the individual easy handles, the latter
  cleanups caused read/writes to already freed memory.

- Hzhijun reported a memory leak in the SSL certificate code, that leaked the
  remote certificate name when it didn't match the used host name.

Gisle (8 January 2005)
- Added Makefile.Watcom files (src/lib). Updated Makefile.dist.

Daniel (7 January 2005)
- Improved the test script's valgrind log parser to actually work! Also added
  the ability to disable the log scanner for specific test cases. Test case
  509 results in numerous problems and leaks in OpenSSL and has to get it
  disabled.

Daniel (6 January 2005)
- Fixed a single-byte read out of bounds in test case 39 in the curl tool code
  (i.e not in the library).

- Bug report #1097019 identified a problem when doing -d "data" with -G and
  sending it to two URLs with {}. Added test 199 to verify the fix.

Daniel (4 January 2005)
- Marty Kuhrt adjusted a VMS build script slightly

- Kai Sommerfeld and Gisle Vanem fixed libcurl to build with IPv6 support on
  Win2000.

Daniel (2 January 2005)
- Alex Neblett updated the MSVC makefiles slightly.

Daniel (25 December 2004)
- Removed src/config.h.in from CVS, it is now copied from the (generated)
  lib/config.h.in instead, as they can very well be the same. This removes a
  "manual hassle". You may want to re-run buildconf now.

- Werner Koch filed Debian bug report #286794, mentioning that curl contained
  non-free (by Debian's view) source code. This was Angus Mackay's
  src/getpass.c source code. I tried to contact him about it to quickly solve
  this issue, but his email addresses bounce and I got some time "over" and
  reimplemented the functionality once brought by Angus. We no longer use any
  of Angus' original code and the new function is much simpler (IMO). Issue
  solved.