strdup() call failed.

functions if the easy handles are used in multiple threads

  NSS is used. These ciphers were added in NSS 3.4 and require to be enabled
  explicitly.

If CURL_DISABLE_PROXY is defined, we must allow socks_sspi.c to call
Curl_blockread_all(). It is needed in code inside USE_WINDOWS_SSPI.

  library is found to support it.

catch them all. The memory debug stuff is not in the public API anyway.

  other libcurl function.

shipped in release archives but is only in CVS)

  curl_easy_duphandle did not necessarily duplicate the CURLOPT_COOKIEFILE
  option. It only enabled the cookie engine in the destination handle if
  data->cookies is not NULL (where data is the source handle). In case of a
  newly initialized handle which just had the cookie support enabled by a
  curl_easy_setopt(handle, CURL_COOKIEFILE, "")-call, handle->cookies was
  still NULL because the setopt-call only appends the value to
  data->change.cookielist, hence duplicating this handle would not have the
  cookie engine switched on.

  We also concluded that the slist-functionality would be suitable for being
  put in its own module rather than simply hanging out in lib/sendf.c so I
  created lib/slist.[ch] for them.

  scripts to make it detect a bad checkout earlier. People with older
  checkouts who don't do cvs update with the -d option won't get the new dirs
  and then will get funny outputs that can be a bit hard to understand and
  fix.

  allocation of the memory BIO was not being properly checked.

  in the gnutls code where we were checking for negative values for errors,
  when the man pages state that GNUTLS_E_SUCCESS is returned on success and
  other values indicate error conditions.

  curl didn't use sprintf() in a way that is documented to work in POSIX but
  since we use our own printf() code (from libcurl) that shouldn't be a
  problem. Nonetheless I modified the code to not rely on such particular
  features and to not cause further raised eyebrowse with no good reason.

more issues for authors to consider when writing robust libcurl-using
applications.

by Daniel Johnson.

on curl-users, it is also added to DISABLED since I don't have time to work
on it further right now.

  whenever you attempt to open a new connection.

binary it also removes the include/curl subdir!

Options CURLOPT_REDIR_PROTOCOLS and CURLOPT_PROTOCOLS, and associated definitions added to RPG binding

  (http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in
  which previous libcurl versions (by design) can be tricked to access an
  arbitrary local/different file instead of a remote one when
  CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release
  together this the addition of two new setopt options for controlling this
  new behavior:

  o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to
  follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option
  excludes the FILE and SCP protocols and thus you nee to explicitly allow
  them in your app if you really want that behavior.

  o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch
  using the primary URL option. This is useful if you want to allow a user or
  other outsiders control what URL to pass to libcurl and yet not allow all
  protocols libcurl may have been built to support.

too close to release now