CHANGES

                                  _   _ ____  _     
                              ___| | | |  _ \| |    
                             / __| | | | |_) | |    
                            | (__| |_| |  _ <| |___ 
                             \___|\___/|_| \_\_____|

                               History of Changes

Version 7.4.1
Daniel (16 October 2000)
- I forgot to remove some of the malloc debug defines from the makefiles in
  the release archive (of course).

Version 7.4

Daniel (16 October 2000)
- The buffer overflow mentioned below was posted to bugtraq on Friday 13th.

Daniel (12 October 2000)
- Colin Robert Phipps elegantly corrected a buffer overflow. It could be used
  by an evil ftp server to crash curl. I took the opportunity of replacing a
  few other sprintf()s into snprintf()s as well.

Daniel (11 October 2000)
- Found some more memory leaks. This new simple memory debugger has turned out
  really useful!

Version 7.4 pre6

Daniel (9 October 2000)
- Florian Koenig pointed out that the bool typedef in the curl/curl.h include
  file was breaking PHP 4.0.3 compiling. The bool typedef is not used in the
  public interface and was wrongly inserted in that header file.

- Jörg Hartroth corrected a minor memory leak in the src/urlglob.c stuff. It
  didn't harm anyone since the memory is free()ed on exit anyway.

- Corrected the src/main.c. We use the _MPRINTF_REPLACE #define to use our
  libcurl-printf() functions. This gives us snprintf() et al on all
  platforms. I converted the allocated useragent string to one that uses a
  local buffer.

- I've set an #if 0 section around the Content-Transfer-Encoding header
  generated in lib/formdata.c. This will hopefully make curl do more
  PHP-friendly multi-part posts.

Version 7.4 pre5

Daniel (9 October 2000)
- Nico Baggus found out that curl's ability to force a ASCII download when
  using FTP was no longer working! I corrected this. This problem was probably
  introduced when I redesigned libcurl for version 7.

- Georg Horn provided a source example that proved a memory leak in libcurl.
  I added simple memory debugging facilities and now we can make libcurl log
  all memory fiddling functions. An additional perl script is used to analyze
  the output logfile and to match malloc()s with free()s etc. The memory leak
  Georg found turned out to be the main cookie struct that cookie_cleanup()
  didn't free! The perl script is named memanalyze.pl and it is available in
  the CVS respository, not in the release archive.

Daniel (8 October 2000)
- Georg Horn found a GetHost() problem. It turned out it never assigned the
  pointer in the third argument properly! This could make a crash, or at best
  a memory leak!

Version 7.4 pre4

Daniel (6 October 2000)
- Is the -F post following the RFC 1867 spec? We had this dicussion on the
  mailing list since it appears curl can't post -F form posts to a PHP
  receiver... I've been in touch with the PHP developers about this.

- Domenico Andreoli found out that the long option '--proxy' wasn't working
  anymore! The option parser got confused when I added the --proxytunnel for
  7.3. This was indeed a very old flaw that hasn't turned up until now...

- Jörn Hartroth provided patches, updated makefiles and two new files for DLL
  stuff on win32. He also pointed out that lib source files were compiled with
  -I../src which isn't only wrong but plain stupid!

- Troels Walsted Hansen fixed a problem with HTTP resume. Curl previously used
  a local variable badly, that could lead to crashes.

Version 7.4 pre3

Daniel (4 October 2000)
- More docs written. The curl_easy_getinfo.3 man page is now pretty accurate,
  as is the -w section in curl.1. I added two options to enable the user to
  get information about the received headers' size and the size of the HTTP
  request. T. Bharath requested them.
  
Daniel (3 October 2000)
- Corrected a sever free() before use in the new add_buffer_send()! ;-)

Version 7.4 pre2

Daniel (3 October 2000)
- Jason S. Priebe sent me patches that changed the way curl issues HTTP
  requests. The entire request is now issued in one single shot. It didn't do
  this previously, and it has turned out that since the common browsers do it
  this way, some sites have turned out to work with browsers but not with
  curl! Although this is not a client-side problem, we want to be able to
  fully emulate browsers, and thus we have now adjusted the networking layer
  to slightly more appear as a browser. I adjusted Jason's patch, the faults
  are probably mine.

Daniel (2 October 2000)
- Anyone who ever uploaded data with curl on a slow link has noticed that the
  progess meter is updated very infrequently. That is due to the large buffer
  size curl is using. It reads 50Kb and sends it, updates the progress meter
  and loops. 50Kb is very much on a slow link, although it is pretty neat to
  use on a fast one.

  I've now made an adjustment that makes curl use a 2Kb buffer for uploads to
  start with. If curl's average upload speed is faster than buffer size bytes
  per second, curl will increase the used buffer size up to max 50Kb. It
  should make the progress meter work better.
  
Version 7.4 pre1

Daniel (29 September 2000)
- Ripped out the -w stuff from the library and put in the curl tool. It gets
  all the relevant info from the library using the new curl_easy_getinfo()
  function.

- brad at openbsd.org mailed me a patch that corrected my kerberos mistake and
  removed a compiler warning from hostip.c that OpenBSD people get.

Daniel (28 September 2000)
- Of course (I should probably get punished somehow) I didn't properly correct
  the #include lines for the base64 stuff in the kerberos sources in the just
  released 7.3 package. They still include the *_krb.h files! Now, the error
  is sooo very easy to spot and fix so I won't bother with a quick bug fix
  release. I'll post a patch whenever one is needed instead. It'll be
  available in the CVS in a few minutes anyway.

Version 7.3

Daniel (28 September 2000)
- Removed the base64_krb.[ch] files. They've now replaced the former
  base64.[ch] files.

Daniel (26 September 2000)
- Updated some docs.

- I changed the OpenSSL fix to work with older versions as well. The posted
  patch was only working with 0.9.6 and no older ones.
  
Version 7.3-pre8

Daniel (25 September 2000)
- Erdmut Pfeifer informed us that curl didn't build with OpenSSL 0.9.6 and
  showed us what needed to get patched in order to make it build properly
  again.

- Dirk Kruschewski found a bug in the cookie parser. I made an alternative
  approach to the solution Dirk himself suggested. The bug made a cookie
  header that didn't end with a trailing semicolon to not get parsed.

- I've marked -c and -t deprecated now. If you use any of them, curl will tell
  you to use "-C -" or "-T -" instead. I don't think occupying two letters for
  nearly identical functions is good use. Also, -T - kind of follows the curl
  tradition of using - for stdin where a file name is expected.

Daniel (23 September 2000)
- Martin Hedenfalk provided the patch that finally made the krb4 ftp upload
  work!

Daniel (21 September 2000)
- The kerberos code is not quite thread-safe yet. There are a few more globals
  that need to be take care of. Let's get the upload working first!

Daniel (20 September 2000)
- Richard Prescott solved another name lookup buffer size problem. I took this
  opportunity to rewrite the GetHost() function. With these large buffer
  sizes, I think keeping them as local arrays quickly turn ugly. I now use
  malloc() to get the buffer memory. Thanks to this, I now can realloc() to a
  large buffer in case of demand (errno == ERANGE) in case a solution like
  that would become necessary. I still want to avoid that kind of nastiness.

- Tried to compile and run curl on Linux for alpha and FreeBSD for alpha. Went
  as smooth as it could.

- Added a docs/examples directory with two tiny example sources that show how
  to use libcurl. I hope users will supply me with more useful examples
  further on.

- Applied a patch by Jörn Hartroth to no longer use the word 'inteface' in the
  config struct in the src/main.c file since certain compilers have that word
  "reservered".  I figure that is some kind of C++ decease.

- Updated the curl.1 man page with --interface and --krb4.

- Modified the base64Encode() function to work like the kerberos one, so that
  I could remove the use of that. There is no need for *two* base64 encoding
  functions! ;-)

Version 7.3pre5