incorrectly--the host name is treated as part of the user name and the
port number becomes the password.  This can be observed in test 279
(was KNOWN_ISSUE #54).

being mangled when passed to proxies when CURLOPT_PORT is also set
(reported by Pramod Sharma).

  parser to allow numerical IPv6-addresses to be specified with the scope
  given, as per RFC4007 - with a percent letter that itself needs to be URL
  escaped. For example, for an address of fe80::1234%1 the HTTP URL is:
  "http://[fe80::1234%251]/"

  true bug in libcurl built with OpenSSL. It made curl_easy_getinfo() more or
  less always return 0 for CURLINFO_SSL_VERIFYRESULT because the function that
  would set it to something non-zero would return before the assign in almost
  all error cases. The internal variable is now set to non-zero from the start
  of the function only to get cleared later on if things work out fine.

and OS/2.

  overrun" (http://curl.haxx.se/bug/view.cgi?id=2026240) identifying two
  problems, and providing the fix for them:

  - CURL_READFUNC_PAUSE did in fact not pause the _sending_ of data that it is
    designed for but paused _receiving_ of data!

  - libcurl didn't internally set the read counter to zero when this return
    code was detected, which would potentially lead to junk getting sent to
    the server.

  doing "proxy-tunnels" with non-HTTP prototols and that was simply because
  the code assumed the user-agent was only needed for HTTP.

is set in fdset.events" (http://curl.haxx.se/bug/view.cgi?id=2015126) which
exactly pinpointed the problem only triggered on Windows Vista, provided
reference to docs and also a fix. There is much work behind Peter Lamberg's
excellent bug report. Thank You!

  edited it slightly. Now you should be able to use IPv6 addresses fine even
  with libcurl built to use c-ares.

  fix for it. It occured when you did a FTP transfer using
  CURLFTPMETHOD_SINGLECWD and then did another one on the same easy handle but
  switched to CURLFTPMETHOD_NOCWD. Due to the "dir depth" variable not being
  cleared properly.  Scott's test case is now known as test 539 and it
  verifies the fix.

response codes. Previously libcurl would hang on such occurances. I added
test case 1033 to verify.

CURLINFO_APPCONNECT_TIME. This is set with the "application layer"
handshake/connection is completed (typically SSL, TLS or SSH). By using this
you can figure out the application layer's own connect time. You can extract
the time stamp using curl's -w option and the new variable named
'time_appconnect'. This feature was sponsored by Lenny Rachitsky at NeuStar.

  operating system.

  which output the range using a signed variable where it should rather use
  unsigned.

some systems" (http://curl.haxx.se/bug/view.cgi?id=1999181). The problem was
that the configure script did not use the _POSIX_MONOTONIC_CLOCK feature test
macro when checking monotonic clock availability. This is now fixed and the
monotonic clock will not be used unless the feature test macro is defined
with a value greater than zero indicating always supported.

  (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487567) pointing out that
  libcurl used Content-Range: instead of Range when doing a range request with
  --head (CURLOPT_NOBODY). This is now fixed and test case 1032 was added to
  verify.

  handshake with a SSLv2 server, and it turned out to be because it didn't
  recognize the cipher named "rc4-md5". In our list that cipher was named
  plainly "rc4". I've now added rc4-md5 to work as an alias as Phil reported
  that it made things work for him again.

  crashed libcurl. This is now addressed by making sure we use "plain send"
  internally when doing the socks handshake instead of the Curl_write()
  function which is designed to use the "target" protocol. That's then SCP or
  SFTP in this case. I also took the opportunity and cleaned up some ssh-
  related #ifdefs in the code for readability.

  libcurl to not tell the app properly when a socket was closed (when the name
  resolve done by c-ares is done) and then immediately re-created and put to
  use again (for the actual connection). Since the closure will make the
  "watch status" get lost in several event-based systems libcurl will need to
  tell the app about this close/re-create case.

  multi interface with pipelining enabled as it would wrongly check for,
  detect and close "dead connections" even though that connection was already
  in use!

  always fire up a new connection rather than using the existing one when the
  multi interface is used. Original bug report:
  https://bugzilla.redhat.com/show_bug.cgi?id=450140

  All boolean options (such as -O, -I, -v etc), both short and long versions,
  now always switch on/enable the option named. Using the same option multiple
  times thus make no difference. To switch off one of those options, you need
  to use the long version of the option and type --no-OPTION. Like to disable
  verbose mode you use --no-verbose!

- Added --remote-name-all to curl, which if used changes the default for all
  given URLs to be dealt with as if -O is used. So if you want to disable that
  for a specific URL after --remote-name-all has been used, you muse use -o -
  or --no-remote-name.

  OpenSSL, NSS and GnuTLS-built libcurls.

  OpenSSL, NSS and GnuTLS-built libcurls.

  curl_easy_getinfo. It returns a pointer to a string with the most recently
  used IP address. Modified test case 500 to also verify this feature. The
  implementing of this feature was sponsored by Lenny Rachitsky at NeuStar.

condition were encountered.

  the curl_multi_socket() API with HTTP pipelining enabled and could lead to
  the pipeline basically stalling for a very long period of time until it took
  off again.

  provided excellent repeat recipes. I fixed the cases I managed to reproduce
  but Jeff still got some (SCP) problems even after these fixes:
  http://curl.haxx.se/mail/lib-2008-05/0342.html

  how the HTTP redirect following code didn't properly follow to a new URL if
  the new url was but a query string such as "Location: ?moo=foo". Test case
  1031 was added to verify this fix.

openssl/objects.h were needed to compile SPNEGO support.

  interface problems:

  o with pipelining disabled, the state should never be set to WAITDO but
    rather go straight to DO

  o we had multiple states for which the internal function returned no socket
    at all to wait for, with the effect that libcurl calls the socket callback
    (when curl_multi_socket() is used) with REMOVE prematurely (as it would be
    added again within very shortly)

  o when in DO and DOING states, the HTTP and HTTPS protocol handler functions
    didn't return that the socket should be waited for writing, but instead it
    was treated as if no socket was needing monitoring so again REMOVE was
    called prematurely.