CHANGES

                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Daniel Fandrich (4 Feb 2009)
- Don't add the standard /usr/lib or /usr/include paths to LDFLAGS and CPPFLAGS
  (respectively) when --with-ssl=/usr is used (patch based on FreeBSD).

- Added an explicit buffer limit check in msdosify() (patch based on FreeBSD).
  This couldn't ever overflow in curl, but might if the code were used
  elsewhere or under different conditions.

Daniel Stenberg (3 Feb 2009)
- Hidemoto Nakada provided a small fix that makes it possible to get the
  CURLINFO_CONTENT_LENGTH_DOWNLOAD size from file:// "transfers" with
  CURLOPT_NOBODY set true.

Daniel Stenberg (2 Feb 2009)
- Patrick Scott found a rather large memory leak when using the multi
  interface and setting CURLMOPT_MAXCONNECTS to something less than the number
  of handles you add to the multi handle. All the connections that didn't fit
  in the cache would not be properly disconnected nor freed!

- Craig A West brought us: libcurl now defaults to do CONNECT with HTTP
  version 1.1 instead of 1.0 like before. This change also introduces the new
  proxy type for libcurl called 'CURLPROXY_HTTP_1_0' that then allows apps to
  switch (back) to CONNECT 1.0 requests. The curl tool also got a --proxy1.0
  option that works exactly like --proxy but sets CURLPROXY_HTTP_1_0.

  I updated all test cases cases that use CONNECT and I tried to do some using
  --proxy1.0 and some updated to do CONNECT 1.1 to get both versions run.

Daniel Stenberg (31 Jan 2009)
- When building with c-ares 1.6.1 (not yet released) or later and IPv6 support
  enabled, we can now take advantage of its brand new AF_UNSPEC support in
  ares_gethostbyname(). This makes test case 241 finally run fine for me with
  this setup since it now parses the "::1 ip6-localhost" line fine in my
  /etc/hosts file!

Daniel Stenberg (30 Jan 2009)
- Scott Cantor filed bug report #2550061
  (http://curl.haxx.se/bug/view.cgi?id=2550061) mentioning that I failed to
  properly make sure that the VC9 makefiles got included in the latest
  release. I've now fixed the release script and verified it so next release
  will hopefully include them properly!

Daniel Fandrich (30 Jan 2009)
- Fixed --disable-proxy for FTP and SOCKS. Thanks to Daniel Egger for
  reporting.

Yang Tse (29 Jan 2009)
- Introduced curl_sspi.c and curl_sspi.h for the implementation of functions
  Curl_sspi_global_init() and Curl_sspi_global_cleanup() which previously were
  named Curl_ntlm_global_init() and Curl_ntlm_global_cleanup() in http_ntlm.c
  Also adjusted socks_sspi.c to remove the link-time dependency on the Windows
  SSPI library using it now in the same way as it was done in http_ntlm.c.

Daniel Stenberg (28 Jan 2009)
- Markus Moeller introduced two new options to libcurl:
  CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl
  to do GSS-style authentication with SOCKS5 proxies. The curl tool got the
  options called --socks5-gssapi-service and --socks5-gssapi-nec to enable
  these.

Daniel Stenberg (26 Jan 2009)
- Chad Monroe provided the new CURLOPT_TFTP_BLKSIZE option that allows an app
  to set desired block size to use for TFTP transfers instead of the default
  512 bytes.

- The "-no_ticket" option was introduced in Openssl0.9.8j. It's a flag to
  disable "rfc4507bis session ticket support".  rfc4507bis was later turned
  into the proper RFC5077 it seems: http://tools.ietf.org/html/rfc5077

  The enabled extension concerns the session management. I wonder how often
  libcurl stops a connection and then resumes a TLS session. also, sending the
  session data is some overhead. .I suggest that you just use your proposed
  patch (which explicitly disables TICKET).

  If someone writes an application with libcurl and openssl who wants to
  enable the feature, one can do this in the SSL callback.

  Sharad Gupta brought this to my attention. Peter Sylvester helped me decide
  on the proper action.

- Alexey Borzov filed bug report #2535504
  (http://curl.haxx.se/bug/view.cgi?id=2535504) pointing out that realms with
  quoted quotation marks in HTTP Digest headers didn't work. I've now added 
  test case 1095 that verifies my fix.

- Craig A West brought CURLOPT_NOPROXY and the corresponding --noproxy option.
  They basically offer the same thing the NO_PROXY environment variable only
  offered previously: list a set of host names that shall not use the proxy
  even if one is specified.

Daniel Fandrich (20 Jan 2009)
- Call setlocale() for libtest tests to test the effects of locale-induced
  libc changes on libcurl.

- Fixed a couple more locale-dependent toupper conversions, mainly for
  clarity.  This does fix one problem that causes ;type=i FTP URLs
  to fail in the Turkish locale when CURLOPT_PROXY_TRANSFER_MODE is
  used (test case 561)

- Added tests 561 and 1091 through 1094 to test various combinations
  of ;type= and ;mode= URLs that could potentially fail in the Turkish
  locale.

Daniel Stenberg (20 Jan 2009)
- Lisa Xu pointed out that the ssh.obj file was missing from the
  lib/Makefile.vc6 file (and thus from the vc8 and vc9 ones too).

Version 7.19.3 (19 January 2009)

Daniel Stenberg (16 Jan 2009)
- Andrew de los Reyes fixed curlbuild.h for "generic" gcc builds on PPC, both
  32 bit and 64 bit.

Daniel Stenberg (15 Jan 2009)
- Tim Ansell fixed a compiler warning in lib/cookie.c

Daniel Stenberg (14 Jan 2009)
- Grant Erickson fixed timeouts for TFTP such that specifying a
  connect-timeout, a max-time or both options work correctly and as expected
  by passing the correct boolean value to Curl_timeleft via the
  'duringconnect' parameter.

  With this small change, curl TFTP now behaves as expected (and likely as
  originally-designed):

  1) For non-existent or unreachable dotted IP addresses:

   a) With no options, follows the default curl 300s timeout...
   b) With --connect-timeout only, follows that value...
   c) With --max-time only, follows that value...
   d) With both --connect-timeout and --max-time, follows the smaller value...

   and times out with a "curl: (7) Couldn't connect to server" error.

  2) For transfers to/from a valid host:

   a) With no options, follows default curl 300s timeout for the
      first XRQ/DATA/ACK transaction and the default TFTP 3600s
      timeout for the remainder of the transfer...

   b) With --connect-time only, follows that value for the
      first XRQ/DATA/ACK transaction and the default TFTP 3600s
      timeout for the remainder of the transfer...

   c) With --max-time only, follows that value for the first
      XRQ/DATA/ACK transaction and for the remainder of the
      transfer...

   d) With both --connect-timeout and --max-time, follows the former
      for the first XRQ/DATA/ACK transaction and the latter for the
      remainder of the transfer...

   and times out with a "curl: (28) Timeout was reached" error as
   appropriate.

Daniel Stenberg (13 Jan 2009)
- Michael Wallner fixed a NULL pointer deref when calling
  curl_easy_setup(curl, CURLOPT_COOKIELIST, "SESS") on a CURL handle with no
  cookies data.

- Stefan Teleman brought a patch to fix the default curlbuild.h file for the
  SunPro compilers.

Daniel Stenberg (12 Jan 2009)
- Based on bug report #2498665 (http://curl.haxx.se/bug/view.cgi?id=2498665)
  by Daniel Black, I've now added magic to the configure script that makes it
  use pkg-config to detect gnutls details as well if the existing method
  (using libgnutls-config) fails. While doing this, I cleaned up and unified
  the pkg-config usage when detecting openssl and nss as well.

Daniel Stenberg (11 Jan 2009)
- Karl Moerder brought the patch that creates vc9 Makefiles, and I made
  'maketgz' now use the actual makefile targets to do the VC8 and VC9
  makefiles.

Daniel Stenberg (10 Jan 2009)
- Emil Romanus fixed:

  When using the multi interface over HTTP and the server returns a Location
  header, the running easy handle will get stuck in the CURLM_STATE_PERFORM
  state, leaving the external event loop stuck waiting for data from the
  ingoing socket (when using the curl_multi_socket_action stuff). While this
  bug was pretty hard to find, it seems to require only a one-line fix. The
  break statement on line 1374 in multi.c caused the function to skip the call
  to multistate().

  How to reproduce this bug? Well, that's another question.  evhiperfifo.c in
  the examples directory chokes on this bug only _sometimes_, probably
  depending on how fast the URLs are added. One way of testing the bug out is
  writing to hiper.fifo from more than one source at the same time.

Daniel Fandrich (7 Jan 2009)