libcurl did a superfluous 1000ms wait when doing SFTP downloads!

  We read data with libssh2 while doing the "DO" operation for SFTP and then
  when we were about to start getting data for the actual file part, the
  "TRANSFER" part, we waited for socket action (in 1000ms) before doing a
  libssh2-read. But in this case libssh2 had already read and buffered the
  data so we ended up always just waiting 1000ms before we get working on the
  data!

FTP downloads (i.e.: RETR) ending with code 550 now return error CURLE_REMOTE_FILE_NOT_FOUND instead of CURLE_FTP_COULDNT_RETR_FILE.

  leak like that fixed on the 14th. When zlib returns failure, we need to
  cleanup properly before returning error.

  plain FTP connections, and it will then allow MKD to fail once and retry the
  CWD afterwards. This is especially useful if you're doing many simultanoes
  connections against the same server and they all have this option enabled,
  as then CWD may first fail but then another connection does MKD before this
  connection and thus MKD fails but trying CWD works! The numbers can
  (should?) now be set with the convenience enums now called
  CURLFTP_CREATE_DIR and CURLFTP_CREATE_DIR_RETRY.

  Tests has proven that if you're making an application that uploads a set of
  files to an ftp server, you will get a noticable gain in speed if you're
  using multiple connections and this option will be then be very useful.

  code, which could happen on libz errors.

  the condition in the previous request was unmet. This is typically a time
  condition set with CURLOPT_TIMECONDITION and was previously not possible to
  reliably figure out. From bug report #2565128
  (http://curl.haxx.se/bug/view.cgi?id=2565128)

This couldn't ever overflow in curl, but might if the code were used
elsewhere or under different conditions.

(respectively) when --with-ssl=/usr is used (patch based on FreeBSD).

  CURLINFO_CONTENT_LENGTH_DOWNLOAD size from file:// "transfers" with
  CURLOPT_NOBODY set true.

  interface and setting CURLMOPT_MAXCONNECTS to something less than the number
  of handles you add to the multi handle. All the connections that didn't fit
  in the cache would not be properly disconnected nor freed!

  version 1.1 instead of 1.0 like before. This change also introduces the new
  proxy type for libcurl called 'CURLPROXY_HTTP_1_0' that then allows apps to
  switch (back) to CONNECT 1.0 requests. The curl tool also got a --proxy1.0
  option that works exactly like --proxy but sets CURLPROXY_HTTP_1_0.

  I updated all test cases cases that use CONNECT and I tried to do some using
  --proxy1.0 and some updated to do CONNECT 1.1 to get both versions run.

  enabled, we can now take advantage of its brand new AF_UNSPEC support in
  ares_gethostbyname(). This makes test case 241 finally run fine for me wtih
  this setup since it now parses the "::1 ip6-localhost" line fine in my
  /etc/hosts file!

  (http://curl.haxx.se/bug/view.cgi?id=2550061) mentioning that I failed to
  properly make sure that the VC9 makefiles got included in the latest
  release. I've now fixed the release script and verified it so next release
  will hopefully include them properly!

the problem.

Curl_sspi_global_init() and Curl_sspi_global_cleanup() which previously were
named Curl_ntlm_global_init() and Curl_ntlm_global_cleanup() in http_ntlm.c
Also adjusted socks_sspi.c to remove the link-time dependency on the Windows
SSPI library using it now in the same way as it was done in http_ntlm.c.

  CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl
  to do GSS-style authentication with SOCKS5 proxies. The curl tool got the
  options called --socks5-gssapi-service and --socks5-gssapi-nec to enable
  these.

  to set desired block size to use for TFTP transfers instead of the default
  512 bytes.

  disable "rfc4507bis session ticket support".  rfc4507bis was later turned
  into the proper RFC5077 it seems: http://tools.ietf.org/html/rfc5077

  The enabled extension concerns the session management. I wonder how often
  libcurl stops a connection and then resumes a TLS session. also, sending the
  session data is some overhead. .I suggest that you just use your proposed
  patch (which explicitly disables TICKET).

  If someone writes an application with libcurl and openssl who wants to
  enable the feature, one can do this in the SSL callback.

  Sharad Gupta brought this to my attention. Peter Sylvester helped me decide
  on the proper action.

  (http://curl.haxx.se/bug/view.cgi?id=2535504) pointing out that realms with
  quoted quotation marks in HTTP Digest headers didn't work. I've now added
  test case 1095 that verifies my fix.

  They basically offer the same thing the NO_PROXY environment variable only
  offered previously: list a set of host names that shall not use the proxy
  even if one is specified.

clarity.  This does fix one problem that causes ;type=i FTP URLs
to fail in the Turkish locale when CURLOPT_PROXY_TRANSFER_MODE is
used (test case 561)

Added tests 561 and 1092 through 1094 to test various combinations
of ;type= and ;mode= URLs that could potentially fail in the Turkish
locale.

  file (and thus from the vc8 and vc9 ones too).

  32 bit and 64 bit.

  curl_easy_setup(curl, CURLOPT_COOKIELIST, "SESS") on a CURL handle with no
  cookies data.

  SunPro compilers.

  by Daniel Black, I've now added magic to the configure script that makes it
  use pkg-config to detect gnutls details as well if the existing method
  (using libgnutls-config) fails. While doing this, I cleaned up and unified
  the pkg-config usage when detecting openssl and nss as well.

  now use the actual makefile targets to do the VC8 and VC9 makefiles.

  When using the multi interface over HTTP and the server returns a Location
  header, the running easy handle will get stuck in the CURLM_STATE_PERFORM
  state, leaving the external event loop stuck waiting for data from the
  ingoing socket (when using the curl_multi_socket_action stuff). While this
  bug was pretty hard to find, it seems to require only a one-line fix. The
  break statement on line 1374 in multi.c caused the function to skip the call
  to multistate().

  How to reproduce this bug? Well, that's another question.  evhiperfifo.c in
  the examples directory chokes on this bug only _sometimes_, probably
  depending on how fast the URLs are added. One way of testing the bug out is
  writing to hiper.fifo from more than one source at the same time.

curl_easy_reset() by creating Curl_init_userdefined(). This had the side effect
of fixing curl_easy_reset() so it now also resets CURLOPT_FTP_FILEMETHOD and
CURLOPT_SSL_SESSIONID_CACHE

  I have to jump through a few hoops now with the NSS library initialization
  since another part of an application may have already initialized NSS by the
  time Curl gets invoked. This patch is more careful to only shutdown the NSS
  library if Curl did the initialization.

  It also adds in a bit of code to set the default ciphers if the app that
  call NSS_Init* did not call NSS_SetDomesticPolicy() or set specific
  ciphers. One might argue that this lets other application developers get
  lazy and/or they aren't using the NSS API correctly, and you'd be right.
  But still, this will avoid terribly difficult-to-trace crashes and is
  generally helpful.

  out that 'reconf' didn't properly point out the m4 subdirectory when running
  aclocal.

  (http://curl.haxx.se/bug/view.cgi?id=2413067) that identified a problem that
  would cause libcurl to mark a DNS cache entry "in use" eternally if the
  subsequence TCP connect failed. It would thus never get pruned and refreshed
  as it should've been.