closed NSPR descriptor. The issue was hard to find, reported several times
  before and always closed unresolved. More info at the RH bug:
  https://bugzilla.redhat.com/534176

  and GNU GSS installed due to a missing mutual exclusion of header files in
  the Kerberos 5 code path. He also verified that my patch worked for him.

  (http://curl.haxx.se/bug/view.cgi?id=2891595) which identified how an entry
  in the DNS cache would linger too long if the request that added it was in
  use that long. He also provided the patch that now makes libcurl capable of
  still doing a request while the DNS hash entry may get timed out.

  used during the FTP connection phase (after the actual TCP connect), while
  it of course should be. I also made the speed check get called correctly so
  that really slow servers will trigger that properly too.

  in non-blocking mode.

curl.h, adjusting auto-makefiles include path, to enhance portability to
OS's without an orthogonal directory tree structure such as OS/400.

  wrong percentage for small files, most notable for <1000 bytes and could
  easily end up showing more than 100% at the end. It also didn't show any
  percentage, transfer size or estimated transfer times when transferring
  less than 100 bytes.

  CURLINFO_SIZE_DOWNLOAD (the -w variable size_download) didn't work when
  getting data from ldap!

  download was 0 bytes, as libcurl would then return the size as unknown (-1)
  and not 0. I wrote a fix and test case 566 to verify it.

  auth is used, as it caused a crash. I failed to repeat the issue, but still
  made a change that now forces the TCP connection used for a freed SCP
  session to get closed and not be re-used.

  POST using a read callback, with Digest authentication and
  "Transfer-Encoding: chunked" enforced.  I would then cause the first request
  to be wrongly sent and then basically hang until the server closed the
  connection. I fixed the problem and added test case 565 to verify it.

for Win32 and Symbian unless CARES_STATICLIB is defined to use static
library linkage.

false positive on a leaked socket, so this introduces a way to tell the system
that the socket is indeed closed without explicitly closing it!

  unparsable expiry dates and then treat them as session cookies - previously
  libcurl would reject cookies with a date format it couldn't parse. Research
  shows that the major browser treat such cookies as session cookies. I
  modified test 8 and 31 to verify this.

fail to build when this happens, and show an appropriate error.

The brave of heart can circumvect this. Defining ALLOW_MSVC6_WITHOUT_PSDK
in lib/config-win32.h, although absolutely discouraged and unsupported,
this will allow the die hard MSVC hacker to build in such a discouraged
environment.

The actually supported 'fix' is to install 'February 2003 Platform SDK'
a.k.a. 'Windows Server 2003 PSDK' which can be freely downloaded from
http://www.microsoft.com/msdownload/platformsdk/sdkupdate/psdk-full.htm

  that now makes curl_getdate(3) actually handles RFC 822 formatted dates that
  use the "single letter military timezones".
  http://www.rfc-ref.org/RFC-TEXTS/822/chapter5.html has the details.

Check for basename() is now done the same as other function checks

  data!

(http://curl.haxx.se/bug/view.cgi?id=2873666) which identified a problem which
made libcurl loop infinitely when given incorrect credentials when using HTTP
GSS negotiate authentication.

  libcurl called NSS to close the SSL "session" it also closed the actual
  socket.

else ASN1_STRING_to_UTF8() returns the string length.

  (http://curl.haxx.se/bug/view.cgi?id=2870221) that libcurl returned an
  incorrect return code from the internal trynextip() function which caused
  him grief. This is a regression that was introduced in 7.19.1 and I find it
  strange it hasn't hit us harder, but I won't persue into figuring out
  exactly why.