CHANGES

                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Daniel (24 June 2004)
- The standard curl_version() string now only includes version info about
  involved libraries and not about particular features. Thus it will no longer
  include info about ipv6 nor GSS. That info is of course still available in
  the feature bitmask curl_version_info() offers.

- Replaced all occurances of sprintf() with snprintf(). This is mostly because
  it is "A Good Thing" rather than actually fixing any known problem. This
  will help preventing future possible mistakes to cause buffer overflows.

- Major reorganization in the host resolve code (again). This time, I've
  modified the code to now always use a linked list of Curl_addrinfo structs
  to return resolved info in, no matter what resolver method or support that
  is available on the platform. It makes it a lot easier to write code that
  uses or depends on resolved data.

  Internally, this means amongst other things that we can stop doing the weird
  "increase buffer size until it works" trick when resolving hosts on
  ipv4-only with gethostbyname_r(), we support socks even on libcurls built
  with ipv6 enabled (but only to socks servers that resolve to an ipv4
  address) and we no longer deep-copy or relocate hostent structs (we create
  Curl_addrinfo chains instead).

  The new "hostent to Curl_addrinfo" converter function is named Curl_he2ai()
  and is slightly naive and simple, yet I believe it is functional enough to
  work for libcurl.

Daniel (22 June 2004)
- David Cohen pointed out that RFC2109 says clients should allow cookies to
  contain least 4096 bytes while libcurl only allowed 2047. I raised the limit
  to 4999 now and made the used buffer get malloc()ed instead of simply
  allocated on stack as before. Extended test case 46 to include a cookie with
  very huge content to verify the fix.

- Günter Knauf fixed getdate.y to remove a few warnings. I removed the
  ifdef'ed test we never ever use anyway.

- Gisle Vanem fixed the certificate wildcard checks to support a '*'-letter
  anywhere in the wildcard string, support multiple '*'-letters in the
  wildcard and to allow the '*'-letter to match a string that includes a dot.

Daniel (21 June 2004)
- testcurl.sh is now removed completely, tests/testcurl.pl is the script to
  use when autobuilding curl!

- Kjetil Jacobsen brought my attention to the fact that you cannot properly
  abort an upload with the readfunction callback, since returning 0 or -1 only
  stops the upload and libcurl will continue waiting for downloaded data and
  the server often waits for the rest of the upload data to arrive.

  Thus, I've now added the ability for read callbacks to return
  CURL_READFUNC_ABORT to abort an upload from a read callback. This will stop
  the transfer immediately with a CURLE_ABORTED_BY_CALLBACK return code.

  Test case 513 was added to verify that it works. I had to improve the test
  HTTP server too to dump the request to a file even when the client
  disconnects prematurely.
  
Daniel (19 June 2004)
- Luca Alteas provided a test case with a failing curl operation: when we POST
  to a site with --digest (or similar) set, and the server responded with a 302
  Location: to the "authprobe" request, it was not treated correctly. We still
  will behave badly if FOLLOWLOCATION is enabled for this case, but I'm not
  in the mood to dive into this right now and will leave it as-is for now.
  Verified my fix with test case 177.

Daniel (18 June 2004)
- Gisle Vanem's patch that provides more details from the SSL layers (if you
  use an OpenSSL version that supports it). It also introduces two new types
  of data that can be sent to the debug callback: CURLINFO_SSL_DATA_IN and
  CURLINFO_SSL_DATA_OUT.

- With David Byron's test server I could repeat his problem and make sure that
  POSTing over HTTPS:// with NTLM works fine now. There was a general problem
  with multi-pass authentication with non-GET operations with CONNECT.

Daniel (16 June 2004)
- Modified to keep the upload byte counter in an curl_off_t, not an int as
  before. 32bits is not enough. This is most likely the bug Jean-Louis Lemaire
  reported that makes 2GB FTP uploads to report error ("unaligned file sizes")
  when completed.

Daniel (15 June 2004)
- Luca Alteas reported a problem that I fixed: if you did a POST with
  CURLAUTH_DIGEST set but the server didn't require any authentication,
  libcurl would repeatedly send HEAD lots of times until it gives up. This was
  actually the case for all multi-pass authentications. Added test case 174,
  175 and 176 to verify this.

Daniel (14 June 2004)
- Multipart formposts uploading files no longer inserts the files themselves
  into the huge prebuilt chunk. This enables libcurl to formpost files that is
  larger than the amount of system memory. When the file given is passed on
  stdin, libcurl still uses the old method of reading the full fill before the
  upload takes place. This approach was selected in order to not alter the
  behavior for existing applications, as when using stdin libcurl can't know
  the size of the upload and chunked transfer-encoding can only be used on
  HTTP 1.1 servers.

Daniel (13 June 2004)
- Gisle found out that we did wildcard cert name checks wrong, so that parts
  of the check wrongly was case sensitive.

Daniel (11 June 2004)
- Tim Sneddon brought a minor VMS fix to make curl build properly on his VMS
  machine. He also had some interesting libcurl patches... they might be able
  to do in a slightly nicer way. Discussions are in progress.

Daniel (10 June 2004)
- Gisle Vanem brought code cleanupsm better verbose output and better connect
  timeout handling when attempting to connect to a host that resolves to
  multiple IP addresses.

- Steven Bazyl and Seshubabu Pasam pointed out a bug on win32 when freeing the
  path after a file:// transfer.

Daniel (9 June 2004)
- Alexander Krasnostavsky made 'configure --disable-http' work to build libcurl
  without HTTP support. I added a new return code for curl_formadd() in case
  libcurl is built with HTTP disable: CURL_FORMADD_DISABLED.

- Alexander Krasnostavsky pointed out a missing file in the generated
  curllib.dsp file, and now people building with this should get a libcurl.lib
  file generated as it used to do before we generated this file.

Daniel (8 June 2004)
- Marty Kuhrt fixed a minor build problem for VMS.

Daniel (7 June 2004)
- Reverted the configure check from the 4th since it obviously didn't work.
  Remade it in a different manner that hopefully works better.

Daniel (4 June 2004)
- Günter Knauf brought patches to make curl build fine on NetWare again.

- Made the configure checks for strerror_r() not exit the configure script
  when built for cross-compiling.

Daniel (3 June 2004)
- Chris Gaukroger pointed out that 'make test' attempts to run the tests even
  if curl is built cross-compiled. I've now made it output a short message
  instead, saying it isn't possible to do.
  
- Alexander Krasnostavsky brought FTP 3rd party transfer support to libcurl.
  You can now use libcurl to transfer files between two remote hosts using
  FTP. There are a bunch of new options to control this with:
   CURLOPT_SOURCE_HOST
   CURLOPT_SOURCE_USERPWD
   CURLOPT_SOURCE_PATH
   CURLOPT_SOURCE_PORT
   CURLOPT_PASV_HOST
   CURLOPT_SOURCE_PREQUOTE
   CURLOPT_SOURCE_POSTQUOTE

  (They still remain to be documented properly in the curl_easy_setopt man
  page.)

  When using this, the ordinary CURLOPT_URL specifies the target URL, and you
  specify the source data with these additional options. ftp3rdparty.c is a
  new example source code showing how to use this.

- Vincent Bronner fixed the HTTP Digest code to use the proxy user name and
  password when doing proxy authentication, it previously always used the host
  user name and password!

Daniel (2 June 2004)
- CURLOPT_UPLOAD and CURLOPT_PUT now do the exact same thing internally, which
  fixes some old confusions on when which of these should be used and what the
  differences are.

- Applied Gisle's fixes to make curl build fine with lcc-win32

Version 7.12.0 (2 June 2004)

Daniel (1 June 2004)
- I clarified the --create-dirs option somewhat in the curl man page.

- Renaud Duhaut corrected the curl_unescape man page.

- David Byron modified one of Massimiliano Ziccardi's recent MSVC makefile
  changes to now again use the mm lib by default.

Daniel (26 May 2004)
- Mohun Biswas added release-zlib and debug-zlib targets to the MSVC libcurl
  Makefile

- David Byron reported a problem with proxy authentication when doing CONNECT,
  like when accessing HTTPS sites wiht a proxy. This probably broke when I
  rewrote the auth stuff recently.

- I added fileupload.c in the examples directory, showing how an upload to a
  file:// URL is made.