CHANGES

                                  _   _ ____  _     
                              ___| | | |  _ \| |    
                             / __| | | | |_) | |    
                            | (__| |_| |  _ <| |___ 
                             \___|\___/|_| \_\_____|

                               History of Changes

Daniel (15 November 2000)
- Using certain characters in usernames or passwords for HTTP authentication
  failed. This was due to the mprintf() that had a silly check for letters,
  and if they weren't isprint() they weren't outputed "as-is". This caused
  passwords and usernames using '§' (for example) to fail.

Version 7.4.2

Daniel (15 November 2000)
- 'tests/runtests.pl' now sorts the test cases properly when 'all' is used.

Daniel (14 November 2000)
- I fell over the draft-ietf-ftpext-mlst-12.txt Internet Draft titled
  "Extensions to FTP" that contains a defined way how the ftp command SIZE
  could be assumed to work.

- Laurent Papier posted a bug report about using "-C -" and FTP uploading a
  file that isn't prsent on the server. The server might then return a 550 and
  curl will fail. Should it instead as Laurent Papier suggests, start
  uploading from the beginning as a normal upload?

Daniel (13 November 2000)
- Fixed a crash with the followlocation counter.

- While writing test cases for the test suite, I discovered an old limitation
  that prevented -o and -T to be used at the same time. I removed this
  immediately as this has no relevance in the current libcurl.
  
- Chris Faherty fixed a free-twice problem in lib/file.c

- I fixed the perl http server problem in the test suite.

Version 7.4.2 pre4

Daniel (10 November 2000)
- I've (finally) started working on the curl test suite. It is in the new
  tests/ directory. It requires sh and perl. There's a TCP server in perl and
  most of the other stuff running a pretty simple shell script.

  I've only made four test cases so far, but it proves the system can work.

- Laurent Papier noticed that curl didn't set TYPE when doing --head checks
  for sizes on FTP servers. Some servers seem to return different sizes
  depending on whether ASCII or BINARY is used!

- Laurent Papier detected that if you appended a FTP upload and everything was
  already uploaded, curl would hang.

- Angus Mackay's getpass_r() in lib/getpass.c is now compliant with the
  getpass_r() function it seems some systems actually have.
  
- Venkataramana Mokkapati detected a bug in the cookie parser and corrected
  it.  If the cookie was set for the full host name (domain=full.host.com),
  the cookie was never sent back because of a faulty length comparison between
  the set domain length and the current host name.

Daniel (9 November 2000)
- Added a configure check for gethostbyname in -lsocket (OS/2 seems to need
  it). Added a check for RSAglue/rsaref for the cases where libcrypto is found
  but libssl isn't. I haven't verified this fix yet though, as I have no
  system that requires those libs to build.
  
Version 7.4.2 pre3

Daniel (7 November 2000)
- Removed perror() outputs from getpass.c. Angus Mackay also agreed to a
  slightly modified license of the getpass.c file as the prototype was changed.

Daniel (6 November 2000)
- Added possibility to set a password callback to use instead of the built-in.
  They're controled with curl_easy_setopt() of course, the tags are
  CURLOPT_PASSWDFUNCTION and CURLOPT_PASSWDDATA.

- Used T. Bharath's thinking and fixed the timers that showed terribly wrong
  times when location: headers were followed.

- Emmanuel Tychon discovered that curl didn't really like user names only in
  the URL. I corrected this and I also fixed the since long living problem
  with URL encoded user names and passwords in the URLs. They should work now.
  
Daniel (2 November 2000)
- When I added --interface, the new error code that was added with it was
  inserted in the wrong place and thus all error codes from 35 and upwards got
  increased one step. This is now corrected, we're back at the previous
  numbers. All new exit codes should be added at the end.

Daniel (1 November 2000)
- Added a check for signal() in the configure script so that if sigaction()
  isn't present, we can use signal() instead.

- I'm having a license discussion going on privately. The issue is yet again
  GPL-licensed programs that have problems with MPL. I am leaning towards
  making a kind of dual-license that will solve this once and for all...

Daniel (31 October 2000)
- Added the packages/ directory. I intend to let this contain some docs and
  templates on how to generate custom-format packages for various platforms.
  I've now removed the RPM related curl.spec files from the archive root.

Daniel (30 October 2000)
- T. Bharath brought a set of patches that bring new functionality to
  curl_easy_getinfo() and curl_easy_setopt(). Now you can request peer
  certificate verification with the *setopt() CURLOPT_SSL_VERIFYPEER option
  and then use the CURLOPT_CAINFO to set the certificate to verify the remote
  peer against. After an such an operation with a verification request, the
  *_getinfo() option CURLINFO_SSL_VERIFYRESULT will return information about
  whether the verification succeeded or not.  

Daniel (27 October 2000)
- Georg Horn brought us a splendid patch that solves the long-standing
  annoying problem with timeouts that made curl exit with silly exit codes
  (which as been commented out lately). This solution is sigaction() based and
  of course then only works for unixes (and only those unixes that actually
  have the sigaction() function).

Daniel (26 October 2000)
- Björn Stenberg supplied a patch that fixed the flaw mentioned by Kevin Roth
  that made the password get echoed when prompted for interactively. The
  getpass() function (now known as my_getpass()) was also fixed to not use any
  static buffers. This also means we cannot use the "standard" getpass()
  function even for those systems that have it, since it isn't thread-safe.
  
- Kevin Roth found out that if you'd write a config file with '-v url', the
  url would not be used as "default URL" as documented, although if you wrote
  it 'url -v' it worked! This has been corrected now.

- Kevin Roth's idea of using multiple -d options on the same command line was
  just brilliant, and I couldn't really think of any reason why we shouldn't
  support it! The append function always append '&' and then the new -d
  chunk. This enables constructs like the following:

        curl -d name=daniel -d age=unknown foobarsite.com

Daniel (24 October 2000)
- I fixed the lib/memdebug.c source so that it compiles on Linux and other
  systems. It will be useful one day when someone else but me wants to run the
  memory debugging system.

Daniel (23 October 2000)
- I modified the maketgz and configure scripts, so that the configure script
  will fetch the version number from the include/curl/curl.h header files, and
  then the maketgz doesn't have to rebuild the configure script when I build
  release-archives.

- Björn Stenberg and Linus Nielsen correctly pointed out that curl was silly
  enough to not allow @-letters in passwords when they were specified with the
  -u or -U flags (CURLOPT_USERPWD and CURLOPT_PROXYUSERPWD). This also
  suggests that curl probably should url-decode the password piece of an URL
  so that you could pass an encoded @-letter there...
  
Daniel (20 October 2000)
- Yet another http server barfed on curl's request that include the port
  number in the Host: header always. I now only include the port number if it
  isn't the default (80 for HTTP, 443 for HTTPS). www.perl.com turned out to
  run one of those nasty servers.

- The PHP4 module for curl had problems with referer that seems to have been
  corrected just yesterday. (Sterling Hughes of the PHP team confirmed this)

Daniel (17 October 2000)
- Vladimir Oblomov reported that the -Y and -y options didn't work. They
  didn't work for me either. This once again proves we should have that test
  suite...
  
- I finally changed the error message libcurl returns if you try a https://
  URL when the library wasn't build with SSL enabled. It will now return this
  error:
        "libcurl was built with SSL disabled, https: not supported!"

  I really hope it will make it a bit clearer to users where the actual
  problem lies.

Version 7.4.1

Daniel (16 October 2000)
- I forgot to remove some of the malloc debug defines from the makefiles in
  the release archive (of course).

Version 7.4

Daniel (16 October 2000)
- The buffer overflow mentioned below was posted to bugtraq on Friday 13th.

Daniel (12 October 2000)
- Colin Robert Phipps elegantly corrected a buffer overflow. It could be used
  by an evil ftp server to crash curl. I took the opportunity of replacing a
  few other sprintf()s into snprintf()s as well.

Daniel (11 October 2000)
- Found some more memory leaks. This new simple memory debugger has turned out
  really useful!