the define CURL_MAX_HTTP_HEADER which is even exposed in the public header
  file to allow for users to fairly easy rebuild libcurl with a modified
  limit. The rationale for a fixed limit is that libcurl is realloc()ing a
  buffer to be able to put a full header into it, so that it can call the
  header callback with the entire header, but that also risk getting it into
  trouble if a server by mistake or willingly sends a header that is more or
  less without an end. The limit is set to 100K.

  saving received cookies with no given path, if the path in the request had a
  query part. That is means a question mark (?) and characters on the right
  side of that. I wrote test case 1105 and fixed this problem.

  transfer.c for blocking. It is currently used only by SCP and SFTP protocols.
  This enhancement resolves an issue with 100% CPU usage during SFTP upload,
  reported by Vourhey.

  (http://curl.haxx.se/bug/view.cgi?id=2861587) identifying that libcurl used
  the OpenSSL function X509_load_crl_file() wrongly and failed if it would
  load a CRL file with more than one certificate within. This is now fixed.

added support for new SQLite cert database format: added a runtime check for version 3.12.0, and depending on the result add 'sql:' prefix to cert database directory so that newer SQLIte database format works.

added aditional check for the directory specified with SSL_DIR, and fall back to hardcoded directory if not a valid directory.

fix compiler warning: comparison between signed and unsigned

into curl_rand.c and curl_rand.h

  powered libcurl in 7.19.6. If there was a X509v3 Subject Alternative Name
  field in the certficate it had to match and so even if non-DNS and non-IP
  entry was present it caused the verification to fail.

Attempt to silence bogus compiler warning: "Potential null pointer dereference through ptr is detected"

Attempt to silence bogus compiler warning: "Potential null pointer dereference through ptr is detected"

statically linking since libssh2 needs the SSL library link flags to be
set up already to satisfy its dependencies. This wouldn't be necessary
if the libssh2 configure check was changed to use pkg-config since the
--static flag would add the dependencies automatically.

POLLIN, and sets POLLERR without setting POLLIN and POLLOUT. In some
libcurl code execution paths this could trigger busy wait loops with
high CPU usage until a timeout condition aborted the loop.

This fix for Curl_poll adresses the above in a libcurl-wide mode.

Some systems poll function sets POLLHUP in revents without setting
POLLIN, and sets POLLERR without setting POLLIN and POLLOUT. In some
libcurl code execution paths this could trigger busy wait loops with
high CPU usage until a timeout condition aborted the loop.

The reverted patch addressed the above issue for a very specific case,
when awaiting c-ares to resolve. A libcurl-wide fix superceeds this one.

http://cool.haxx.se/cvs.cgi/curl/lib/select.c.diff?r1=1.52&r2=1.53

libcurl tests.