CHANGES

                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Daniel Stenberg (23 Sep 2008)
- Rob Crittenden brought a patch to "add some locking for thread-safety to NSS
  implementation".

Daniel Stenberg (22 Sep 2008)
- Made the SOCKS code use the new Curl_read_plain() function to fix the bug
  Markus Moeller reported: http://curl.haxx.se/mail/archive-2008-09/0016.html

- recv() errors other than those equal to EAGAIN now cause proper
  CURLE_RECV_ERROR to get returned. This made test case 160 fail so I've now
  disabled it until we can figure out another way to exercise that logic.

- Michael Goffioul filed bug report #2107377 "Problem with mutli + GnuTLS +
  proxy" (http://curl.haxx.se/bug/view.cgi?id=2107377) that showed how a multi
  interface using program didn't work when built with GnuTLS and a CONNECT
  request was done over a proxy (basically test 502 over a proxy to a HTTPS
  site). It turned out the ssl connect function would get called twice which
  caused the second call to fail.

Daniel Fandrich (22 Sep 2008)
- Fixed test 539 to handle an out of memory condition that shows up now
  that memdebug.h is included in the test programs.

Yang Tse (20 Sep 2008)
- Fix regression in configure script which affected OpenSSL builds on MSYS.

Yang Tse (19 Sep 2008)
- configure script now checks availability of the alarm() function.

Daniel Fandrich (18 Sep 2008)
- Don't bother to install a SIGALRM handler unless alarm() is available.
  Also, leave the existing SIGALRM handler alone if the timeout is too small
  to handle.

Daniel Fandrich (17 Sep 2008)
- Removed reference to curl-ca-bundle.crt in the host verification failure
  error message.

Yang Tse (17 Sep 2008)
- Improve configure detection of gethostname(), localtime_r(), strstr(),
  getservbyport_r(), gethostbyaddr_r() and gethostbyname_r().

Yang Tse (14 Sep 2008)
- Improve configure detection of strcasecmp(), strcasestr(), strcmpi(),
  stricmp(), strlcat(), strncasecmp(), strncmpi() and strnicmp().

Yang Tse (13 Sep 2008)
- Disable tracking of fdopen() calls in the low-level memory leak tracking
  code when fdopen() is not available, to avoid compiler error.

Yang Tse (12 Sep 2008)
- Further adjust detection of strerror_r() in the configure process, and
  ensure that errno is not modified inside Curl_strerror().

Yang Tse (10 Sep 2008)
- Improve detection of gmtime_r(), strtoll(), sigaction(), strtok_r(),
  strdup() and ftruncate() in the configure process.

Daniel Fandrich (9 Sep 2008)
- Mike Revi discovered some swapped speed switches documented in the curl man
  page.

- Checked in some documentation and code improvements and fixes that I
  discovered in the FreeBSD ports system.

Daniel Stenberg (8 Sep 2008)
- Dmitry Kurochkin patched a problem: I have found bug in pipelining through
  proxy. I have a transparent proxy. When running with http_proxy environment
  variable not set my test completes fine (it goes through transparent
  proxy). When I set http_proxy variable my test hangs after the first
  downloaded is complete. Looks like the second handle never gets out from
  WAITDO state.

  The fix: It makes checkPendPipeline move 1 handler from pend pipe to send
  pipe if pipelining is not supported by server but there are no handles in
  send and recv pipes.

- Stefan Krause pointed out that libcurl would wrongly send away cookies to
  sites in cases where the cookie clearly has a very old expiry date. The
  condition was simply that libcurl's date parser would fail to convert the
  date and it would then count as a (timed-based) match. Starting now, a
  missed date due to an unsupported date format or date range will now cause
  the cookie to not match.

Daniel Fandrich (5 Sep 2008)
- Improved the logic that decides whether to use HTTP 1.1 features or not in a
  request.  Setting a specific version with CURLOPT_HTTP_VERSION overrides
  all other checks, but otherwise, a 1.0 request will be made if the server
  is known to support only 1.0 because it previously responded so and the
  connection was kept alive, or a response to a previous request on this handle
  came back as 1.0. The latter could take place in cases like redirection or
  authentication where several requests have to be made before the operation
  is complete.  If any one of the servers in a redirection chain supports only
  1.0, then remaining requests will be sent in 1.0 mode.

- Detect cases where an upload must be sent chunked and the server supports
  only HTTP 1.0 and return CURLE_UPLOAD_FAILED.

Daniel Stenberg (5 Sep 2008)
- Martin Drasar provided the CURLOPT_POSTREDIR patch. It renames
  CURLOPT_POST301 (but adds a define for backwards compatibility for you who
  don't define CURL_NO_OLDIES). This option allows you to now also change the
  libcurl behavior for a HTTP response 302 after a POST to not use GET in the
  subsequent request (when CURLOPT_FOLLOWLOCATION is enabled). I edited the
  patch somewhat before commit. The curl tool got a matching --post302
  option. Test case 1076 was added to verify this.

- Introducing CURLOPT_CERTINFO and the corresponding CURLINFO_CERTINFO. By
  enabling this feature with CURLOPT_CERTINFO for a request using SSL (HTTPS
  or FTPS), libcurl will gather lots of server certificate info and that info
  can then get extracted by a client after the request has completed with
  curl_easy_getinfo()'s CURLINFO_CERTINFO option. Linus Nielsen Feltzing
  helped me test and smoothen out this feature.

  Unfortunately, this feature currently only works with libcurl built to use
  OpenSSL.

  This feature was sponsored by networking4all.com - thanks!

- Dmitriy Sergeyev pointed out that curl_easy_pause() didn't unpause properly
  during certain conditions. I also changed this code to use realloc() based
  on Daniel Fandrich's suggestion.

Guenter Knauf (4 Sep 2008)
- MingW32 non-configure builds are now largefile feature enabled by default.
  NetWare LIBC builds are also now largefile feature enabled by default.

Yang Tse (4 Sep 2008)
- Several fixes related with print formatting string directives.

Daniel Fandrich (3 Sep 2008)
- Search for the FreeBSD CA cert file /usr/local/share/certs/ca-root.crt

Daniel Fandrich (2 Sep 2008)
- Fixed an out of memory problem that caused torture test failures in tests
  706 and 707.

Daniel Stenberg (2 Sep 2008)
- Keith Mok added supported_protocols and supported_features to the pkg-config
  file for libcurl, and while doing that fix he unified with curl-config.in
  how the supported protocols and features are extracted and used, so both those
  tools should now always be synced.

Version 7.19.0 (1 September 2008)

Daniel Fandrich (29 Aug 2008)
- Added tests 1071 through 1074 to test automatic downgrading from HTTP 1.1
  to HTTP 1.0 upon receiving a response from the HTTP server.  Tests 1072
  and 1073 are similar to test 1069 in that they involve the impossible
  scenario of sending chunked data to a HTTP 1.0 server.  All these fail
  and are added to DISABLED.

- Added test 1075 to test --anyauth with Basic authentication.

Daniel Stenberg (29 Aug 2008)
- When libcurl was doing a HTTP POST and the server would respond with
  "Connection: close" and actually close the connection after the
  response-body, libcurl could still have outstanding data to send and it
  would not properly notice this and stop sending. This caused weirdness and
  sad faces. http://curl.haxx.se/bug/view.cgi?id=2080222

  Note that there are still reasons to consider libcurl's behavior when
  getting a >= 400 response code while sending data, as Craig Perras' note
  "http upload: how to stop on error" specifies:
  http://curl.haxx.se/mail/archive-2008-08/0138.html

Daniel Stenberg (28 Aug 2008)
- Dengminwen reported that libcurl would lock a (cookie) share twice (without
  an unlock in between) for a certain case and that in fact works when using
  regular windows mutexes but not with pthreads'! Locks should of course not
  get locked again so this is now fixed.
  http://curl.haxx.se/mail/lib-2008-08/0422.html

- I'm abandoning the system with the web site mirrors (but keeping download
  files bing mirrored) and thus I've changed the URL in the cookiejar header
  to no longer use curlm.haxx.se but instead use the main site curl.haxx.se

Daniel Fandrich (27 Aug 2008)
- Fixed test case 1065 by changing the handling of CURLOPT_UPLOAD to set
  the HTTP method to GET (or HEAD) when given a value of 0.

- Added test cases 1068 and 1069 to test a simple HTTP PUT from stdin.  Test
  case 1069 fails in a similar manner to test 1065 so is added to DISABLED.

Yang Tse (27 Aug 2008)
- Fix generation of MS VC6 .dsp file to make it support compilation of either
  dynamic (DLL) or static (LIB) libcurl libraries in debug and release modes.

Daniel Fandrich (26 Aug 2008)
- Fixed out of memory problems that caused torture test failures in tests
  1021 and 1067.