curl_multi perform has two phases: run through every easy handle calling
multi_runsingle and remove expired timers (timer removal).

If a small timer (e.g. 1-10ms) is set during multi_runsingle, then it's
possible that the timer has passed by when the timer removal runs. The
timer which was just added is then removed. This will potentially cause
the timer list to be empty and cause the next call to curl_multi_timeout
to return -1. Ideally, curl_multi_timeout should return 0 in this case.

One way to fix this is to move the struct timeval now = Curl_tvnow(); to
the top of curl_multi_perform. The change does that.

Reset old timer first so we can set a new one further in the future.

configure checks for grep, egrep, sed and ar and set the variables GREP,
EGREP, SED and AR accordingly. We now let already set variables override
the internal choices to let users make decisions when they know the
right choice already. This is a regression as our configure script used
to allow this back before commit 0b57c475 (up to 7.18.2).

Reported by: "kdekker"
Bug: http://curl.haxx.se/bug/view.cgi?id=3028318

The test would loop forever if authtype bit 0 wasn't set.

Since uploading from stdin is very likely to not work with anyauth and
its multi-phase probing for what authentication to actually use, alert
the user about it. Multi-phase negotiate almost certainly will involve
sending data and thus libcurl will need to rewind the stream to send
again, and it cannot do that with stdin.

As mentioned in bug report #2956968, the HTTP code wouldn't send the
first empty chunk during the auth negotiation phase of the HTTP request
sending, so the server would wait for data to come and libcurl would
wait for data to arrive... I've made the code not enable chunked
encoding until the auth negotiation is done and thus this scenario
doesn't occur anymore.

Reported by: Sidney San Martín
Bug: http://curl.haxx.se/bug/view.cgi?id=2956968

I think the [REMARK] and commented function calls cluttered the code a
bit too much and made the generated code ugly to read. Now we instead
track the remarks one specially and just lists them at the end of the
generated code more as additional information.

it makes the --libcurl output easier to follow.

And additionally, don't show function or object pointers actual value
since they make no sense to anyone. Show 'functionpointer' and
'objectpointer' instead.

In the generated code --libcurl makes, all calls to curl_easy_setopt()
that use *_LARGE options now have the value typecasted to curl_off_t, so
that it works correctly for 32bit systems with 64bit curl_off_t type.

When curl_multi_remove_handle() is called and an easy handle is returned
to the connection cache held in the multi handle, then we cannot allow
CURLINFO_LASTSOCKET to extract it since that will more or less encourage
that the user uses the socket while it can get used by libcurl again.

Without this fix, we'd get a segfault in Curl_getconnectinfo() trying to
dereference the NULL pointer in 'data->state.connc'.

Bug: http://curl.haxx.se/bug/view.cgi?id=3023840

When configured with '--without-ssl --with-nss', NTLM authentication
now uses NSS crypto library for MD5 and DES.  For MD4 we have a local
implementation in that case.  More details are available at
https://bugzilla.redhat.com/603783

In order to get it working, curl_global_init() must be called with
CURL_GLOBAL_SSL or CURL_GLOBAL_ALL.  That's necessary because NSS needs
to be initialized globally and we do so only when the NSS library is
actually required by protocol.  The mentioned call of curl_global_init()
is responsible for creating of the initialization mutex.

There was also slightly changed the NSS initialization scenario, in
particular, loading of the NSS PEM module.  It used to be loaded always
right after the NSS library was initialized.  Now the library is
initialized as soon as any SSL or NTLM is required, while the PEM module
is prevented from being loaded until the SSL is actually required.

curl didn't properly handle escaping characters in a URL with the use of
backslash. It did an attempt, but that failed as reported in bug
3022551. The described example was using the URL
"http://example.com?{AB,C\,D}".

I've now removed the special-handling of letters following the backslash
and I also removed the bad extra check that triggered this particular
bug.

Bug: http://curl.haxx.se/bug/view.cgi?id=3022551
Reported by: Jon Sargeant

There was a problem when a UNIX-like server returned information
about directory size (total NNNNNN) at the first line of
response.

When a hostname resolves to multiple IP addresses and the first one
tried doesn't work, the socket for the second attempt may get dropped on
the floor, causing the request to eventually time out. The issue is that
when using kqueue (as on mac and bsd platforms) instead of select, the
kernel removes the first fd from kqueue when it is closed (in trynextip,
connect.c:503). Trynextip() then goes on to open a new socket, which
gets assigned the same number as the one it just closed. Later in
multi.c, socket_cb is not called because the fd is already in
multi->sockhash, so the new socket is never added to kqueue.

The correct fix is to ensure that socket_cb is called to remove the fd
when trynextip() closes the socket, and again to re-add it after
singleipsocket(). I'm not sure how to cleanly do that, but the attached
patch works around the problem in an admittedly kludgy way by delaying
the close to ensure that the newly-opened socket gets a different fd.

Daniel's added comment: I didn't spot a way to easily do a nicer fix so
I've proceeded with Ben's patch.

Bug: http://curl.haxx.se/bug/view.cgi?id=3017819
Patch by: Ben Darnell

It was broken for URLs like "ftp://example.com/".

It passes the git log output through 'log2changes.pl' to produce
the lot.

CHANGES is no longer used for manually edited content. It is to
be generated automatically by maketgz when we make release
tarballs.

--decorate=full is needed with my git 1.7.1 to get the necessary
output so that the previous edit would work to extract the
Version stuff.

... but I had to edit how the refs/tags was extracted since it
had a little flaw that made it miss the 7.20.1 output.

Finally, I changed so that Version is outputted even more similar
to how CHANGES does it.

Add the ASCII art header, and list version commits by decoding
the ref tag names, when available (using the git log --decorate
option).

$ git log --pretty=fuller --no-color --date=short | ./log2changes.pl

Of course, limiting the log output with a range like with
"[tag]..HEAD" appended can be very useful too.

For example the libssh2 based functions return other negative
values than -1 to signal errors and it is important that we catch
them properly. Right before this, various failures from libssh2
were treated as negative download amounts which caused havoc.

My additional call to Curl_pgrsUpdate() would sometimes get
called even though there's no connection (left) so a NULL pointer
would get passed, causing a segfault.

Reported-by: Steven M. Schweda

1) no need to call the progress function twice when in the
CURLM_STATE_TOOFAST state.

2) Make sure that the progress callback's return code is
acknowledged when used

As long as no error is reported, the progress function can get
called. This may be a little TOO often so we should keep an eye
on this and possibly make this conditional somehow.

Previously we only accepted the option when named
--disable-threaded-resover, which wasn't quite intended.

Reported by: Helwing Lutz