libcurl extracted to the separate lib

git-svn-id: http://svn.miranda-ng.org/main/trunk@14683 1316c22d-e87f-b044-9b9b-93d7a3e3ba9c

1 files changed, 5575 insertions, 0 deletions

diff --git a/libs/libcurl/docs/CHANGES b/libs/libcurl/docs/CHANGES
new file mode 100644
index 0000000000..a384fadba8
--- /dev/null
+++ b/libs/libcurl/docs/CHANGES
@@ -0,0 +1,5575 @@
+                                  _   _ ____  _
+                              ___| | | |  _ \| |
+                             / __| | | | |_) | |
+                            | (__| |_| |  _ <| |___
+                             \___|\___/|_| \_\_____|
+
+                                  Changelog
+
+Version 7.33.0 (13 Oct 2013)
+
+Daniel Stenberg (13 Oct 2013)
+- RELEASE-NOTES: synced with 92cf6141ed0de
+
+- curl: fix --oauth2-bearer in the --help output
+  
+  After the option rename in 5df04bfafd1
+
+- OpenSSL: improve the grammar of the language in 39beaa5ffbcc
+  
+  Reported-by: Petr Pisar
+
+- [Andrej E Baranov brought this change]
+
+  OpenSSL: use failf() when subjectAltName mismatches
+  
+  Write to CURLOPT_ERRORBUFFER information about mismatch alternative
+  certificate subject names.
+  
+  Signed-off-by: Andrej E Baranov <admin@andrej-andb.ru>
+
+- curl: rename --bearer to --oauth2-bearer
+  
+  The option '--bearer' might be slightly ambiguous in name. It doesn't
+  create any conflict that I am aware of at the moment, however, OAUTH v2
+  is not the only authentication mechanism which uses "bearer" tokens.
+  
+  Reported-by: Kyle L. Huff
+  URL: http://curl.haxx.se/mail/lib-2013-10/0064.html
+
+- [Kamil Dudka brought this change]
+
+  ssh: improve the logic for detecting blocking direction
+  
+  This fixes a regression introduced by commit 0feeab78 limiting the speed
+  of SCP upload to 16384 B/s on a fast connection (such as localhost).
+
+Dan Fandrich (12 Oct 2013)
+- Fixed typo in Makefile.inc that left http2.h out of the tar ball
+
+Daniel Stenberg (11 Oct 2013)
+- [Heinrich Schaefer brought this change]
+
+  minor fix in doc
+
+- [Gisle Vanem brought this change]
+
+  curl_setup_once: fix errno access for lwip on Windows
+  
+  lib/curl_setup_once.h assumed lwIP on Windows uses 'SetLastError()' to
+  set network errors. It doesn't; it uses 'errno'.
+
+- test1239: verify 4cd444e01ad and the simulated 304 response
+
+- [Derek Higgins brought this change]
+
+  HTTP: Output http response 304 when modified time is too old
+  
+  When using the -w '%{http_code}' flag and simulating a Not Modified then
+  304 should be output.
+
+- contributors: helper script to dig out contributors from git
+
+- RELEASE-NOTES: add twos refs to bug reports
+
+- RELEASE-NOTES: synced with 173160c0d068
+
+Nick Zitzmann (2 Oct 2013)
+- darwinssl: block TLS_RSA_WITH_NULL_SHA256 cipher
+  
+  Credit (for catching a cipher I forgot to add to the blocked ciphers list):
+  https://www.ssllabs.com/ssltest/viewMyClient.html
+
+Daniel Stenberg (2 Oct 2013)
+- OpenSSL: acknowledge CURLOPT_SSL_VERIFYHOST without VERIFYPEER
+  
+  Setting only CURLOPT_SSL_VERIFYHOST without CURLOPT_SSL_VERIFYPEER set
+  should still verify that the host name fields in the server certificate
+  is fine or return failure.
+  
+  Bug: http://curl.haxx.se/mail/lib-2013-10/0002.html
+  Reported-by: Ishan SinghLevett
+
+- KNOWN_BUGS: #84: CURLINFO_SSL_VERIFYRESULT
+  
+  CURLINFO_SSL_VERIFYRESULT is only implemented for the OpenSSL and NSS
+  backends and not for any other!
+
+- [François Charlier brought this change]
+
+  xattr: add support for FreeBSD xattr API
+
+- curl_easy_setopt.3: slight clarification of SEEKFUNCTION
+
+Steve Holme (29 Sep 2013)
+- tests: Fixed typos from commit 25a0c96a494297
+
+- tests: Updated email addresses in SMTP tests following recent changes
+
+- test909: Removed custom EHLO response after recent changes
+  
+  ...as it is no longer required following capability and authentication
+  changes and is now causing problems following commit 49341628b50007 as
+  the test number is obtained from the client address in the EHLO.
+
+- ftpserver.pl: Fixed compilation error from commit 49341628b50007
+
+- ftpserver.pl: Moved specifying the test number from the RCPT address
+  
+  ...to the client address as this frees the RCPT strings to contain
+  just an email address and by passing the test number into curl as the
+  client address remains consistent with POP3 and IMAP tests as they are
+  specified in the URL.
+
+- ftpserver.pl: Added unwanted argument check to SMTP DATA command handler
+
+Daniel Stenberg (29 Sep 2013)
+- getinmemory: remove a comment
+  
+  The comment mentioned the need to free the data, but the example already
+  does that free
+
+- postinmemory: new example
+  
+  This is similar to getinmemory.c but with an initial POST.
+  
+  Combined-by: Ulf Samuelsson
+
+- win32: fix Visual Studio 2010 build with WINVER >= 0x600
+  
+  If no WINVER and/or _WIN32_IWNNT define was set, the Windows platform
+  SDK often defaults to high value, e.g. 0x601 (whoch may probably depend
+  on the Windows version being used, in my case Windows 7).
+  
+  If WINVER >= 0x600 then winsock2.h includes some defines for WSAPoll(),
+  e.g. POLLIN, POLLPRI, POLLOUT etc. These defines clash with cURL's
+  lib/select.h.
+  
+  Make sure HAVE_STRUCT_POLLFD is defined then.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1282
+  Reported-by: "kdekker"
+  Patch-by: Marcel Raad
+
+Steve Holme (28 Sep 2013)
+- ssluse.c: Fixed compilation warnings when ENGINE not supported
+  
+  The function "ssl_ui_reader" was declared but never referenced
+  The function "ssl_ui_writer" was declared but never referenced
+
+Daniel Stenberg (27 Sep 2013)
+- configure: use icc options without space
+  
+  The latest version(s) of the icc compiler no longer accept the extra
+  space in the -we (warning enable), -wd (warning disable), etc.
+  
+  Reported-by: Elmira A Semenova
+  Bug: http://curl.haxx.se/mail/lib-2013-09/0182.html
+
+Steve Holme (25 Sep 2013)
+- imap: Added clarification to the code about odd continuation responses
+
+- ftp.c: Fixed compilation warning
+  
+  There is an implicit conversion from "unsigned long" to "long"
+
+- sasl: Centralised the authentication mechanism strings
+  
+  Moved the standard SASL mechanism strings into curl_sasl.h rather than
+  hard coding the same values over and over again in the protocols that
+  use SASL authentication.
+  
+  For more information about the mechanism strings see:
+  
+  http://www.iana.org/assignments/sasl-mechanisms
+
+Daniel Stenberg (23 Sep 2013)
+- RELEASE-NOTES: added recent contributors missing
+
+Steve Holme (23 Sep 2013)
+- test906: Fixed type-2 response
+
+- test915: Corrected test number from commit 22bccb0edaf041
+
+- test906: Fixed type-1 message not handled error
+  
+  ...from commit f81d1e16664976 due to copy paste error.
+
+- tests: Added SMTP AUTH NTLM test
+
+- tests: Added SMTP multiple and invalid --mail-rcpt test
+
+- tests: Added SMTP multiple --mail-rcpt test
+
+- tests: Added SMTP invalid --mail-rcpt test
+
+- tests: Regrouping of SMTP tests
+
+Daniel Stenberg (22 Sep 2013)
+- [Benoit Sigoure brought this change]
+
+  test1112: Increase the timeout from 7s to 16s
+  
+  As someone reported on the mailing list a while back, the hard-coded
+  arbitrary timeout of 7s in test 1112 is not sufficient in some build
+  environments. At Arista Networks we build and test curl as part of our
+  automated build system, and we've run into this timeout 170 times so
+  far. Our build servers are typically quite busy building and testing a
+  lot of code in parallel, so despite being beefy machines with 32 cores
+  and 128GB of RAM we still hit this 7s timeout regularly.
+  
+  URL: http://curl.haxx.se/mail/lib-2010-02/0200.html
+
+Steve Holme (22 Sep 2013)
+- tests: Fixed smtp rcpt to addresses
+
+- ftpserver.pl: Expanded the SMTP RCPT handler to validate TO addresses
+  
+  RCPT_smtp() will now check for a correctly formatted TO address which
+  allows for invalid recipient addresses to be added.
+
+- ftpserver.pl: Added cURL SMTP server detection to HELO command handler
+  
+  As curl will send a HELO command after an negative EHLO response, added
+  the same detection from commit b07709f7417c3e to the HELO handler to
+  ensure the test server is identified correctly and an upload isn't
+  performed.
+
+- ftpserver.pl: Corrected response code for successful RCPT command
+
+- ftpserver.pl: Moved invalid RCPT TO: address detection to RCPT handler
+  
+  Rather than detecting the TO address as missing in the DATA handler,
+  moved the detection to the RCPT command handler where an error response
+  can be generated.
+
+- RELEASE-NOTES: Corrected missed addition
+  
+  Somehow commit 60a20461629fda missed the last item in the sync list
+  even though I'm sure I added it during editing.
+
+- RELEASE-NOTES: Synced with 6dd8bd8d2f9729
+
+- curl.1: Added information about optional login options to --user in manpage
+  
+  Added missing information, from curl 7.31.0, regarding the use of the
+  optional login options that may be specified as part of --user.
+  
+  For example:
+  
+  --user 'user:password;auth=NTLM' in IMAP, POP3 and SMTP protocols.
+
+- ftpserver.pl: Moved cURL SMTP server detection into EHLO command handler
+  
+  Moved the special SMTP server detection code from the DATA command
+  handler, which happens further down the operation chain after EHLO,
+  MAIL and RCPT commands, to the EHLO command as it is the first command
+  to be generated by a SMTP operation as well as containing the special
+  "verifiedserver" string from the URL.
+  
+  This not only makes it easier and quicker to detect but also means that
+  cURL doesn't need to specify "verifiedserver" as --mail-from and
+  --mail-rcpt arguments.
+  
+  More importantly, this also makes the upcoming verification changes to
+  the RCPT handler easier to implement.
+
+Daniel Stenberg (21 Sep 2013)
+- openssl: use correct port number in error message
+  
+  In ossl_connect_step2() when the "Unknown SSL protocol error" occurs, it
+  would output the local port number instead of the remote one which
+  showed when doing SSL over a proxy (but with the correct remote host
+  name). As libcurl only speaks SSL to the remote we know it is the remote
+  port.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1281
+  Reported-by: Gordon Marler
+
+- test1415: adjusted to work for 32bit time_t
+  
+  The libcurl date parser returns INT_MAX for all dates > 2037 so this
+  test is now made to use 2037 instead of 2038 to work the same for both
+  32bit and 64bit time_t systems.
+
+Steve Holme (21 Sep 2013)
+- tests: Reworked existing SMTP tests to be single recipient based
+  
+  ...in preparation of upcoming multiple recipient tests.
+
+- ftpserver.pl: Corrected SMTP QUIT response to be more realistic
+
+Daniel Stenberg (20 Sep 2013)
+- curl_easy_setopt.3: clarify that TIMEOUT and TIMEOUT_MS set the same value
+
+- [Kim Vandry brought this change]
+
+  Documented --dns-* options in curl manpage
+
+Steve Holme (20 Sep 2013)
+- pop3: Added basic SASL XOAUTH2 support
+  
+  Added the ability to use an XOAUTH2 bearer token [RFC6750] with POP3 for
+  authentication using RFC6749 "OAuth 2.0 Authorization Framework".
+  
+  The bearer token is expected to be valid for the user specified in
+  conn->user. If CURLOPT_XOAUTH2_BEARER is defined and the connection has
+  an advertised auth mechanism of "XOAUTH2", the user and access token are
+  formatted as a base64 encoded string and sent to the server as
+  "AUTH XOAUTH2 <bearer token>".
+
+- curl: Added clarification to the --mail options in the --help output
+  
+  ... that these options apply to SMTP only.
+
+- ftpserver.pl: Moved SMTP RCPT response text into command handler
+
+- tests: Added SMTP invalid --mail-from test
+
+Nick Zitzmann (19 Sep 2013)
+- darwinssl: enable BEAST workaround on iOS 7 & later
+  
+  iOS 7 finally added the option to enable 1/n-1 when using TLS 1.0
+  and a CBC cipher, so we now always turn that on unless the user
+  manually turns it off using CURLSSLOPT_ALLOW_BEAST.
+  
+  It appears Apple also added some new PSK ciphers, but no interface to
+  use them yet, so we at least support printing them if we find them.
+
+Steve Holme (19 Sep 2013)
+- tests: Updated SMTP AUTH tests to use the new AUTH directive
+  
+  ...rather than specify a customised EHLO response.
+
+- tests: Corrected test913 as the QUIT response is received
+
+- tests: Added SMTP large message SIZE test
+
+- ftpserver.pl: Updated email regex from commit 98f7ca7e971006
+  
+  ...to not be as strict as it was rejecting valid numeric email
+  addresses.
+
+- tests: Fixed smtp mail from addresses
+
+- ftpserver.pl: Standardised CAPA and AUTH responses
+
+- ftpserver.pl: Corrected POP3 QUIT reply to be more realistic
+
+- runtests.pl: Fixed syntax error in commit c873375123343e
+  
+  Possible unintended interpolation in string at line 796
+
+- runtests.pl: Fixed smtp mail from address
+  
+  Following changes to ftpserver.pl fixed the mail from address to be a
+  correctly formatted address otherwise the server response will be 501
+  Invalid address.
+
+- ftpserver.pl: Fixed syntax error in commit 98f7ca7e971006
+  
+  Can't modify constant item in scalar assignment line 779, near "0;"
+
+- ftpserver.pl: Expanded the SMTP MAIL handler to validate messages
+  
+  MAIl_smtp() will now check for a correctly formatted FROM address as
+  well as the optional SIZE parameter comparing it against the server
+  capability when specified.
+
+Daniel Stenberg (17 Sep 2013)
+- [YAMADA Yasuharu brought this change]
+
+  cookies: add expiration
+  
+  Implement: Expired Cookies These following situation, curl removes
+  cookie(s) from struct CookieInfo if the cookie expired.
+   - Curl_cookie_add()
+   - Curl_cookie_getlist()
+   - cookie_output()
+
+Steve Holme (17 Sep 2013)
+- ftpserver.pl: Corrected response code for successful MAIL command
+
+- ftpserver.pl: Moved SMTP MAIL handler into own function
+
+- dns: fix compilation with MinGW from commit df69440d05f113
+  
+  Avoid 'interface' literal that some MinGW versions define as a macro
+  
+  Additionally, corrected some very, very minor coding style errors.
+
+- tests: Fixed test 1406 following recent changes in ftpserver.pl
+  
+  By default the mail server doesn't send the SIZE capability but instead
+  it has to be specified as a supported capability.
+
+- tests: Added test for SMTP SIZE capability
+
+- ftpserver.pl: Added the ability to include spaces in capabilities
+  
+  For example:
+  
+  CAPA "SIZE 1048576" 8BITMIME BINARYMIME
+  
+  will populate the capabilities list with the following in:
+  
+  SIZE 1048576
+  8BITMIME
+  BINARYMIME
+
+- ftpserver.pl: Corrected response code for successful SMTP QUIT command
+
+- ftpserver.pl: Fixed syntax error in commit 33c1f2876b9029
+  
+  Can't modify constant item in postincrement line 727, near "i++"
+
+- ftpserver.pl: Added CAPA & AUTH directive support to the SMTP EHLO handler
+
+- ftpserver.pl: Fixed SMTP QUIT handler from dadc495540946e
+
+- ftpserver.pl: Moved SMTP EHLO and QUIT handlers in own functions
+
+- ftpserver.pl: Added support for SMTP HELO command
+  
+  ...and updated test902 as explicit HELO response is no longer required.
+
+- ftpserver.pl: Added mailbox check to IMAP SELECT handler
+
+- ftpserver.pl: Corrected invalid user details check
+  
+  ...in both the IMAP LOGIN and POP3 PASS handlers introduced in commit
+  187ac693744949 and 84ad1569e5fc93 respectively.
+
+- ftpserver.pl: Moved IMAP LOGIN handler into own function
+
+- ftpserver.pl: Moved POP3 USER and PASS handlers into own functions
+
+- ftpserver.pl: Corrected invalid argument check in POP3 TOP handler
+  
+  ...which was accidentally introduced in commit 4d6ef6297ae9b6.
+
+- ftpserver.pl: Added capability prerequisite for extended POP3 commands
+
+- tests: Updated descriptions to be more meaningful
+
+- ftpserver.pl: Added support for IMAP NOOP command
+
+- imap: Fixed response check for NOOP command
+
+- tests: Updated descriptions to be more meaningful
+
+Daniel Stenberg (13 Sep 2013)
+- curl.1: detail how short/long options work
+  
+  URL: http://curl.haxx.se/bug/view.cgi?id=1279
+  Suggested-by: Jerry Krinock
+
+Steve Holme (13 Sep 2013)
+- curl: Fixed usage of DNS options when not using c-ares resolver
+  
+  Commit 32352ed6adddcb introduced various DNS options, however, these
+  would cause curl to exit with CURLE_NOT_BUILT_IN when c-ares wasn't
+  being used as the backend resolver even if the options weren't set
+  by the user.
+  
+  Additionally corrected some minor coding style errors from the same
+  commit.
+
+Daniel Stenberg (13 Sep 2013)
+- curl_easy_setopt.3: mention RTMP URL quirks
+  
+  URL: http://curl.haxx.se/bug/view.cgi?id=1278
+  Reported-by: Gorilla Maguila
+
+- [Ben Greear brought this change]
+
+  curl: Add support for various DNS binding options.
+  
+  (Passed on to c-ares.)
+  
+  Allows something like this:
+  
+  curl --dns-interface sta8 --dns-ipv4-addr 8.8.1.111 --interface sta8 \
+  --localaddr 8.8.1.111 --dns-servers 8.8.8.1 www.google.com
+  
+  Signed-off-by: Ben Greear <greearb@candelatech.com>
+
+- [Kim Vandry brought this change]
+
+  libcurl: New options to bind DNS to local interfaces or IP addresses
+
+- libcurl.3: for multi interface connections are held in the multi handle
+  
+  ... and a few more cleanups/clarifications
+
+Steve Holme (12 Sep 2013)
+- ftpserver.pl: Fixed missing comma from 7fd84b14d219b1
+
+- ftpserver.pl: Fixed variable error introduced in 7fd84b14d219b1
+  
+  Global symbol "$mailbox" requires explicit package name
+
+- ftpserver.pl: Added support for UID command
+
+- ftpserver.pl: Added support for LSUB command
+
+- imap: Fixed response check for LSUB and UID commands
+
+- ftpserver.pl: Added support for IMAP COPY command
+
+- ftpserver.pl: Added support for IMAP CLOSE and EXPUNGE commands
+
+- ftpserver.pl: Added support for POP3 RSET command
+
+- ftpserver.pl: Added the ability to remember what messages are deleted
+  
+  ...as this will be required for IMAP CLOSE and EXPUNGE commands as well
+  as the POP3 RSET command.
+
+Daniel Stenberg (10 Sep 2013)
+- NI_MAXSERV: remove all use of it
+  
+  Solaris with the SunStudio Compiler is reportedly missing this define,
+  but as we're using it without any good reason on all the places it was
+  used I've now instead switched to just use sensible buffer sizes that
+  fit a 32 bit decimal number. Which also happens to be smaller than the
+  common NI_MAXSERV value which is 32 on most machines.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1277
+  Reported-by: D.Flinkmann
+
+- http2: use the support HTTP2 draft version in the upgrade header
+  
+  ... instead of HTTP/2.0 to work fine with the nghttpx proxy/server.
+
+Steve Holme (10 Sep 2013)
+- ldap.c: Fix compilation warning
+  
+  warning: comparison between signed and unsigned integer expressions
+
+- [Jiri Hruska brought this change]
+
+  imap/pop3/smtp: Speed up SSL connection initialization
+  
+  Don't wait for the next callback call (usually 1 second) before
+  continuing with protocol specific connection initialization.
+
+- ldap.c: Corrected build error from commit 857f999353f333
+
+- RELEASE-NOTES: Corrected duplicate in bfefe2400a16b8
+
+- RELEASE-NOTES: Corrected typo from bfefe2400a16b8
+
+- RELEASE-NOTES: synced with 25c68903756d6b
+
+Daniel Stenberg (10 Sep 2013)
+- README.http2: explain nghttp2 a little
+
+Steve Holme (9 Sep 2013)
+- tests: Added test for POP3 TOP command
+
+- ftpserver.pl: Added support for POP3 TOP command
+
+- tests: Added test for POP3 UIDL command
+
+- ftpserver.pl: Added support for POP3 UIDL command
+
+Daniel Stenberg (9 Sep 2013)
+- http2: adjust to new nghttp2_pack_settings_payload proto
+  
+  This function was modified in nghttp2 git commit a1c3f89c72e51
+
+Kamil Dudka (9 Sep 2013)
+- url: handle abortion by read/write callbacks, too
+  
+  Otherwise, the FTP protocol would unnecessarily hang 60 seconds if
+  aborted in the CURLOPT_HEADERFUNCTION callback.
+  
+  Reported by: Tomas Mlcoch
+  Bug: https://bugzilla.redhat.com/1005686
+
+Daniel Stenberg (9 Sep 2013)
+- ldap: fix the build for systems with ldap_url_parse()
+  
+  Make sure that the custom struct fields are only used by code that
+  doesn't use a struct defintion from the outside.
+  
+  Attempts to fix the problem introduced in 3dc6fc42bfc61b
+
+Steve Holme (9 Sep 2013)
+- [Jiri Hruska brought this change]
+
+  pingpong: Check SSL library buffers for already read data
+  
+  Otherwise the connection can get stuck during various phases, waiting
+  for new data on the socket using select() etc., but it will never be
+  received as the data has already been read into SSL library.
+
+- imap: Fixed calculation of transfer when partial FETCH received
+  
+  The transfer size would be calculated incorrectly if the email contained
+  within the FETCH response, had been partially received by the pingpong
+  layer. As such the following, example output, would be seen if the
+  amount remaining was smaller than the amount received:
+  
+  * Excess found in a non pipelined read: excess = 1394, size = 262,
+    maxdownload = 262, bytecount = 1374
+  * transfer closed with -1112 bytes remaining to read
+  
+  Bug: http://curl.haxx.se/mail/lib-2013-08/0170.html
+  Reported-by: John Dunn
+
+- ftpserver.pl: Fixed empty array checks
+  
+  ...from commits 28427b408326a1 and e8313697b6554b.
+
+- ftpserver: Reworked AUTH support to allow for specifying the mechanisms
+  
+  Renamed SUPPORTAUTH to AUTH and added support for specifying a list of
+  supported SASL mechanisms to return to the client.
+  
+  Additionally added the directive to the FILEFORMAT document.
+
+- ftpserver: Reworked CAPA support to allow for specifying the capabilities
+  
+  Renamed SUPPORTCAPA to CAPA and added support for specifying a list of
+  supported capabilities to return to the client.
+  
+  Additionally added the directive to the FILEFORMAT document.
+
+- ftpserver.pl: Corrected POP3 LIST as message numbers should be contiguous
+  
+  The message numbers given in the LIST response are an index into the
+  list, which are only valid for the current session, rather than being a
+  unique message identifier. An index would only be missing from the LIST
+  response if a DELE command had been issued within the same session and
+  had not been committed by the end of session QUIT command. Once
+  committed the POP3 server will regenerate the message numbers in the
+  next session to be contiguous again. As such our LIST response should
+  list message numbers contiguously until we support a DELE command in the
+  same session.
+  
+  Should a POP3 user require the unique message ID for any or all
+  messages then they should use the extended UIDL command. This command
+  will be supported by the test ftpserver in an upcoming commit.
+
+Daniel Stenberg (8 Sep 2013)
+- [Clemens Gruber brought this change]
+
+  curl_easy_pause: suggest one way to unpause
+
+Steve Holme (8 Sep 2013)
+- tests: Updated descriptions to be more meaningful
+
+- tests: Added test for POP3 NOOP command
+
+- ftpserver.pl: Added support for POP3 NOOP command
+
+- ftpserver.pl: Fixed 'Use of uninitialized value $args in string ne'
+
+- tests: Added test for POP3 STAT command
+
+- ftpserver.pl: Added support for POP STAT command
+
+- ftpserver.pl: Moved POP3 QUIT handler into own function
+
+- ftpserver.pl: Reordered the POP3 handlers to be alphabetical
+  
+  In preparation for additional POP3 tests, re-ordered the command
+  function defintions to be sorted alphabetically.
+
+- ftpserver.pl: Corrected misaligned indentation in POP3 handlers
+  
+  Fixed incorrect indentation used in both the RETR_pop3 and LIST_pop3
+  functions which was 5 and 9 characters rather than 4 and 8.
+
+- tests: Added test for POP3 DELE command
+
+unknown (7 Sep 2013)
+- [Steve Holme brought this change]
+
+  ftpserver.pl: Added support for POP3 DELE command
+
+Daniel Stenberg (7 Sep 2013)
+- http2: include curl_memory.h
+  
+  Detected by test 1132
+
+Nick Zitzmann (7 Sep 2013)
+- http: fix build warning under LLVM
+  
+  When building the code using LLVM Clang without NGHTTP2, I was getting
+  this warning:
+  ../lib/http.h:155:1: warning: empty struct is a GNU extension [-Wgnu]
+  Placing a dummy variable into the data structure silenced the warning.
+
+Daniel Stenberg (7 Sep 2013)
+- http2: actually init nghttp2 and send HTTP2-Settings properly
+
+- README.http2: how to use it best with the multi API?
+
+- http2: first embryo toward Upgrade:
+
+- http: rename use_http_1_1 to use_http_1_1plus
+  
+  Since it now actually says if 1.1 or a later version should be used.
+
+- configure: improve CURL_CHECK_COMPILER_PROTOTYPE_MISMATCH
+  
+  The compiler test used a variable before it was assigned when it tried
+  to see how it acts on a mismatching prototype, which could cause a false
+  positive.
+
+- [Petr Písař brought this change]
+
+  Pass password to OpenSSL engine by user interface
+  
+  Recent OpenSSL uses user interface abstraction to negotiate access to
+  private keys in the cryprographical engines. An OpenSSL application is
+  expected to implement the user interface. Otherwise a default one
+  provided by OpenSSL (interactive standard I/O) will be used and the
+  aplication will have no way how to pass a password to the engine.
+  
+  Longer-desc: http://curl.haxx.se/mail/lib-2013-08/0265.html
+
+- urlglob: improved error messages and column number on bad use
+  
+  Introduce a convenience macro and keep of the column better so that it
+  can point out the offending column better.
+  
+  Updated test 75 accordingly.
+
+- urlglob: avoid error code translation
+  
+  By using the correct values from the start we don't have to translate
+  them!
+
+- urlglob: avoid NULL pointer dereference
+  
+  Thanks to clang-analyzer
+
+- [Gisle Vanem brought this change]
+
+  http2: use correct include for snprintf
+  
+  Using the first little merge of nghttp2 into libcurl, I stumbeled on the
+  missing 'snprintf' in MSVCRT. Isn't this how we do it for other libcurl
+  files?  I.e. use 'curl_msnprintf' and not 'snprintf' directly:
+
+- --data: mention CRLF treatment when reading from file
+
+- [Geoff Beier brought this change]
+
+  LDAP: fix bad free() when URL parsing failed
+  
+  When an error occurs parsing an LDAP URL, The ludp->lud_attrs[i] entries
+  could be freed even though they sometimes point to data within an
+  allocated area.
+  
+  This change introduces a lud_attrs_dup[] array for the duplicated string
+  pointers, and it removes the unused lud_exts array.
+  
+  Bug: http://curl.haxx.se/mail/lib-2013-08/0209.html
+
+Nick Zitzmann (5 Sep 2013)
+- darwinssl: add support for PKCS#12 files for client authentication
+  
+  I also documented the fact that the OpenSSL engine also supports them.
+
+Daniel Stenberg (5 Sep 2013)
+- symbols: added HTTP2 symbols and sorted list
+  
+  CURL_HTTP_VERSION_2_0 and CURL_VERSION_HTTP2 are new
+
+- configure: add HTTP2 as a curl-config --feature output
+  
+  Fixes the test 1014 failure
+
+- curl: unbreak --http1.0 again
+  
+  I broke it in 2eabb7d590
+
+- SASL: fix compiler warnings
+  
+  comparison between signed and unsigned integer expressions
+  
+  suggest parentheses around '&&' within '||' (twice)
+
+- curl: add --http1.1 and --http2.0 options
+
+- Curl_setopt: refuse CURL_HTTP_VERSION_2_0 if built without support
+
+- http2: add http2.[ch] and add nghttp2 version output
+
+- curl -V: output HTTP2 as a feature if present
+
+- curl.h: add CURL_VERSION_HTTP2 as a feature
+  
+  It isn't added as a separate protocol as HTTP2 will be done over HTTP://
+  URLs that can be upgraded to HTTP2 if the server supports it as well.
+
+Steve Holme (4 Sep 2013)
+- imap/smtp: Fixed incorrect SASL mechanism selection with XOAUTH2 servers
+  
+  XOAUTH2 would be selected in preference to LOGIN and PLAIN if the IMAP
+  or SMTP server advertised support for it even though a user's password
+  was supplied but bearer token wasn't.
+  
+  Modified the selection logic so that XOAUTH2 will only be selected if
+  the server supports it and A) The curl user/libcurl programmer has
+  specifically asked for XOAUTH via the ;AUTH=XOAUTH login option or 2)
+  The bearer token is specified. Obviously if XOAUTH is asked for via
+  the login option but no token is specified the user will receive a
+  authentication failure which makes more sense than no known
+  authentication mechanisms supported!
+
+Daniel Stenberg (4 Sep 2013)
+- curl.h: added CURL_HTTP_VERSION_2_0
+  
+  Initial library considerations documented in lib/README.http2
+
+- configure: added --with-nghttp2
+
+- acinclude: fix --without-ca-path when cross-compiling
+  
+  The commit 7b074a460b64811 to CURL_CHECK_CA_BUNDLE in 7.31 (don't check
+  for paths when cross-compiling) causes --without-ca-path to no longer
+  works when cross-compiling, since ca and capath only ever get set to
+  "no" when not cross-compiling, I attach a patch that works for me. Also
+  in the cross-compilation case, no ca-path seems to be a better default
+  (IMVHO) than empty ca-path.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1273
+  Patch-by: Stefan Neis
+
+Steve Holme (2 Sep 2013)
+- lib1512.c: Fixed compilation warning
+  
+  An enumerated type is mixed with another type.
+  
+  ...as well as a small coding style error.
+
+Guenter Knauf (1 Sep 2013)
+- Killed warning 'res' might be used uninitialized.
+
+Steve Holme (1 Sep 2013)
+- url.c: Fixed compilation warning
+  
+  An enumerated type is mixed with another type
+
+- easy.c: Fixed compilation warning
+  
+  warning: `code' might be used uninitialized in this function
+
+Daniel Stenberg (31 Aug 2013)
+- -x: rephrased the --proxy section somewhat
+
+Steve Holme (31 Aug 2013)
+- tests: Added test for IMAP CHECK command
+
+- ftpserver.pl: Added support for the IMAP CHECK command
+
+Guenter Knauf (31 Aug 2013)
+- Removed reference to krb4.c.
+
+Steve Holme (31 Aug 2013)
+- ftpserver.pl: Corrected flawed logic in commit 1ca6ed7b75cad0
+
+- imap: Fixed response check for EXPUNGE command
+
+- ftpserver.pl: Added argument check to IMAP command handlers
+  
+  Added BAD argument check to the following IMAP command handlers:
+  
+  APPEND, STORE, LIST, EXAMINE, STATUS and SEARCH
+
+- ftpserver.pl: More whitespace corrections
+  
+  LIST_imap() had a second level of indentation at 9 characters and not 8.
+
+- ftpserver.pl: Small correction tidy up
+  
+  Corrected some IMAP variable names and whitespace issues.
+
+- [Kyle L. Huff brought this change]
+
+  docs: Added documentation for CURLOPT_BEARER
+
+- [Kyle L. Huff brought this change]
+
+  curl.1: Add usage of '--bearer' option
+
+- tests: Added tests for IMAP CREATE, DELETE and RENAME commands
+
+Daniel Stenberg (30 Aug 2013)
+- ftpserver: Bareword "to_mailbox" not allowed
+  
+  Added missing $
+
+Steve Holme (30 Aug 2013)
+- ftpserver.pl: Added support for IMAP CREATE, DELETE and RENAME commands
+
+Daniel Stenberg (29 Aug 2013)
+- FTP: fix getsock during DO_MORE state
+  
+  ... when doing upload it would return the wrong values at times. This
+  commit attempts to cleanup the mess.
+  
+  Bug: http://curl.haxx.se/mail/lib-2013-08/0109.html
+  Reported-by: Mike Mio
+
+- curl_multi_remove_handle: allow multiple removes
+  
+  When removing an already removed handle, avoid that to ruin the
+  internals and just return OK instead.
+
+Steve Holme (29 Aug 2013)
+- ftpserver.pl: Updated IMAP EXAMINE handler to use dynamic test data
+
+Daniel Stenberg (29 Aug 2013)
+- unit1304: include memdebug and free everything correctly
+
+- Curl_parsenetrc: document that the arguments must be allocated
+
+- easy: rename struct monitor to socketmonitor
+  
+  'struct monitor', introduced in 6cf8413e, already exists in an IRIX
+  header file (sys/mon.h) which gets included via various standard headers
+  by lib/easy.c
+  
+  cc-1101 cc: ERROR File = ../../curl/lib/easy.c, Line = 458
+  "monitor" has already been declared in the current scope.
+  
+  Reported-by: Tor Arntsen
+
+Steve Holme (29 Aug 2013)
+- ftpserver.pl: Added SELECT check to IMAP FETCH and STORE handlers
+
+- ftpserver.pl: Corrected accidental move of logmsg() call
+  
+  Corrected the call to logmsg() in the IMAP SEARCH handler from commit
+  4ae7b7ea691497 as it should have been outputting the what argument and
+  not the test number.
+
+Daniel Stenberg (28 Aug 2013)
+- ftpserver: add missing '}' from 4ae7b7ea69149
+
+Steve Holme (28 Aug 2013)
+- ftpserver.pl: Added SELECT check to IMAP SEARCH command
+
+- ftpserver.pl: Fixed IMAP SEARCH command
+
+Daniel Stenberg (28 Aug 2013)
+- bump: next release is 7.33.0 due to added features
+
+- symbols-in-versions: add CURLOPT_XOAUTH2_BEARER
+
+Steve Holme (28 Aug 2013)
+- tests: Added test for IMAP SEARCH command
+
+Daniel Stenberg (28 Aug 2013)
+- valgrind.supp: fix for regular curl_easy_perform too
+  
+  When we introduced curl_easy_perform_ev, this got a slightly modified
+  call trace. Without this, test 165 causes a false positive valgrind
+  error.
+
+- valgrind.supp: add the event-based call stack-trace too
+  
+  Without this, test 165 triggers a valgrind error when ran with
+  curl_easy_perform_ev
+
+- multi_socket: improved 100-continue timeout handling
+  
+  When waiting for a 100-continue response from the server, the
+  Curl_readwrite() will refuse to run if called until the timeout has been
+  reached.
+  
+  We timeout code in multi_socket() allows code to run slightly before the
+  actual timeout time, so for test 154 it could lead to the function being
+  executed but refused in Curl_readwrite() and then the application would
+  just sit idling forever.
+  
+  This was detected with runtests.pl -e on test 154.
+
+Steve Holme (27 Aug 2013)
+- ftpserver.pl: Added support for IMAP SEARCH command
+
+- tool_operate.c: Fixed compilation warning
+  
+  warning: implicit declaration of function 'checkpasswd'
+
+- curl: Moved check for password out of get parameter loop
+  
+  Moved the calls to checkpasswd() out of the getparameter() function
+  which allows for any related arguments to be specified on the command
+  line before or after --user (and --proxy-user).
+  
+  For example: --bearer doesn't need to be specified before --user to
+  prevent curl from asking for an unnecessary password as is the case
+  with commit e7dcc454c67a2f.
+
+- RELEASE-NOTES: synced with acf59be7f09a7
+
+- [Kyle L. Huff brought this change]
+
+  curl: added --bearer option to help
+  
+  Added the --bearer option to the help output
+
+- [Kyle L. Huff brought this change]
+
+  curl: added basic SASL XOAUTH2 support
+  
+  Added the ability to specify an XOAUTH2 bearer token [RFC6750] via the
+  --bearer option.
+  
+  Example usage:
+    curl --url "imaps://imap.gmail.com:993/INBOX/;UID=1" --ssl-reqd
+    --bearer ya29.AHES6Z...OMfsHYI --user username@example.com
+
+- tool_urlglob.c: Fixed compiler warnings
+  
+  warning: 'variable' may be used uninitialized in this function
+
+Daniel Stenberg (26 Aug 2013)
+- security.h: rename to curl_sec.h to avoid name collision
+  
+  I brought back security.h in commit bb5529331334e. As we actually
+  already found out back in 2005 in commit 62970da675249, the file name
+  security.h causes problems so I renamed it curl_sec.h instead.
+
+- runtests.pl: allow -vc point to a separate curl binary to verify with
+  
+  The specified curl binary will then be used to verify the running
+  server(s) instead of the development version. This is very useful in
+  some cases when the development version fails to verify correctly as
+  then the test case may not run at all.
+  
+  The actual test will still be run with the "normal" curl executable
+  (unless the test case specifies something differently).
+
+Steve Holme (26 Aug 2013)
+- [Kyle L. Huff brought this change]
+
+  smtp: added basic SASL XOAUTH2 support
+  
+  Added the ability to use an XOAUTH2 bearer token [RFC6750] with SMTP for
+  authentication using RFC6749 "OAuth 2.0 Authorization Framework".
+  
+  The bearer token is expected to be valid for the user specified in
+  conn->user. If CURLOPT_XOAUTH2_BEARER is defined and the connection has
+  an advertised auth mechanism of "XOAUTH2", the user and access token are
+  formatted as a base64 encoded string and sent to the server as
+  "AUTH XOAUTH2 <bearer token>".
+
+- [Kyle L. Huff brought this change]
+
+  imap: added basic SASL XOAUTH2 support
+  
+  Added the ability to use an XOAUTH2 bearer token [RFC6750] with IMAP for
+  authentication using RFC6749 "OAuth 2.0 Authorization Framework".
+  
+  The bearer token is expected to be valid for the user specified in
+  conn->user. If CURLOPT_XOAUTH2_BEARER is defined and the connection has
+  an advertised auth mechanism of "XOAUTH2", the user and access token are
+  formatted as a base64 encoded string and sent to the server as
+  "A001 AUTHENTICATE XOAUTH2 <bearer token>".
+
+- security.h: Fixed compilation warning
+  
+  ISO C forbids forward references to 'enum' types
+
+Daniel Stenberg (26 Aug 2013)
+- KNOWN_BUGS: refer to bug numbers with the existing number series
+  
+  The old numbers would still redirect but who knows for how long...
+
+Steve Holme (25 Aug 2013)
+- [Kyle L. Huff brought this change]
+
+  options: added basic SASL XOAUTH2 support
+  
+  Added the ability to specify an XOAUTH2 bearer token [RFC6750] via the
+  option CURLOPT_XOAUTH2_BEARER for authentication using RFC6749 "OAuth
+  2.0 Authorization Framework".
+
+- [Kyle L. Huff brought this change]
+
+  sasl: added basic SASL XOAUTH2 support
+  
+  Added the ability to generated a base64 encoded XOAUTH2 token
+  containing: "user=<username>^Aauth=Bearer <bearer token>^A^A"
+  as per RFC6749 "OAuth 2.0 Authorization Framework".
+
+Daniel Stenberg (25 Aug 2013)
+- FTP: remove krb4 support
+  
+  We've announced this pending removal for a long time and we've
+  repeatedly asked if anyone would care or if anyone objects. Nobody has
+  objected. It has probably not even been working for a good while since
+  nobody has tested/used this code recently.
+  
+  The stuff in krb4.h that was generic enough to be used by other sources
+  is now present in security.h
+
+- easy: define away easy_events() for non-debug builds
+
+- FAQ: editorial updates
+  
+  Several language fixes. Several reformats that should make the HTML
+  generation of this document look better.
+  
+  Reported-by: Dave Thompson
+
+- RELEASE-NOTES: synced with 22adb46a32bee
+
+- multi: move on from STATE_DONE faster
+  
+  Make sure we always return CURLM_CALL_MULTI_PERFORM when we reach
+  CURLM_STATE_DONE since the state is transient and it can very well
+  continue executing as there is nothing to wait for.
+  
+  Bug: http://curl.haxx.se/mail/lib-2013-08/0211.html
+  Reported-by: Yi Huang
+
+- curl.h: name space pollution by "enum type"
+  
+  Renamed to "enum curl_khtype" now. Will break compilation for programs
+  that rely on the enum name.
+  
+  Bug: https://github.com/bagder/curl/pull/76
+  Reported-by: Shawn Landden
+
+- TFTP: make the CURLOPT_LOW_SPEED* options work
+  
+  ... this also makes sure that the progess callback gets called more
+  often during TFTP transfers.
+  
+  Added test 1238 to verify.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1269
+  Reported-by: Jo3
+
+- tftpd: support "writedelay" within <servercmd>
+
+- tftpd: convert 6 global variables into local ones
+
+- [Gisle Vanem brought this change]
+
+  curl_easy_perform_ev: make it CURL_EXTERN
+  
+  I build curl.exe (using MingW) with '-DCURLDEBUG' and by importing from
+  libcurl.dll.  Which means the new curl_easy_perform_ev() must be
+  exported from libcurl.dll.
+
+- CURLM_ADDED_ALREADY: new error code
+  
+  Doing curl_multi_add_handle() on an easy handle that is already added to
+  a multi handle now returns this error code. It previously returned
+  CURLM_BAD_EASY_HANDLE for this condition.
+
+- multi_init: moved init code here from add_handle
+  
+  The closure_handle is "owned" by the multi handle and it is
+  unconditional so the setting up of it should be in the Curl_multi_handle
+  function rather than curl_multi_add_handle.
+
+- multi: remove dns cache creation code from *add_handle
+  
+  As it is done unconditionally in multi_init() this code will never run!
+
+- curl_easy_perform_ev: debug/test function
+  
+  This function is meant to work *exactly* as curl_easy_perform() but will
+  use the event-based libcurl API internally instead of
+  curl_multi_perform(). To avoid relying on an actual event-based library
+  and to not use non-portable functions (like epoll or similar), there's a
+  rather inefficient emulation layer implemented on top of Curl_poll()
+  instead.
+  
+  There's currently some convenience logging done in curl_easy_perform_ev
+  which helps when tracking down problems. They may be suitable to remove
+  or change once things seem to be fine enough.
+  
+  curl has a new --test-event option when built with debug enabled that
+  then uses curl_easy_perform_ev() instead of curl_easy_perform(). If
+  built without debug, using --test-event will only output a warning
+  message.
+  
+  NOTE: curl_easy_perform_ev() is not part if the public API on purpose.
+  It is only present in debug builds of libcurl and MUST NOT be considered
+  stable even then. Use it for libcurl-testing purposes only.
+  
+  runtests.pl now features an -e command line option that makes it use
+  --test-event for all curl command line tests. The man page is updated.
+
+- [Gisle Vanem brought this change]
+
+  transfer: the recent sessionhandle change broke CURL_DOES_CONVERSIONS
+
+- test1237: verify 1000+ letter user name + passwords
+
+- [Jonathan Nieder brought this change]
+
+  url: handle arbitrary-length username and password before '@'
+  
+  libcurl quietly truncates usernames, passwords, and options from
+  before an '@' sign in a URL to 255 (= MAX_CURL_PASSWORD_LENGTH - 1)
+  characters to fit in fixed-size buffers on the stack.  Allocate a
+  buffer large enough to fit the parsed fields on the fly instead to
+  support longer passwords.
+  
+  After this change, there are no more uses of MAX_CURL_OPTIONS_LENGTH
+  left, so stop defining that constant while at it.  The hardcoded max
+  username and password length constants, on the other hand, are still
+  used in HTTP proxy credential handling (which this patch doesn't
+  touch).
+  
+  Reported-by: Colby Ranger
+
+- [Jonathan Nieder brought this change]
+
+  url: handle exceptional cases first in parse_url_login()
+  
+  Instead of nesting "if(success)" blocks and leaving the reader in
+  suspense about what happens in the !success case, deal with failure
+  cases early, usually with a simple goto to clean up and return from
+  the function.
+  
+  No functional change intended.  The main effect is to decrease the
+  indentation of this function slightly.
+
+- [Jonathan Nieder brought this change]
+
+  Curl_setopt: handle arbitrary-length username and password
+  
+  libcurl truncates usernames, passwords, and options set with
+  curl_easy_setopt to 255 (= MAX_CURL_PASSWORD_LENGTH - 1) characters.
+  This doesn't affect the return value from curl_easy_setopt(), so from
+  the caller's point of view, there is no sign anything strange has
+  happened, except that authentication fails.
+  
+  For example:
+  
+    # Prepare a long (300-char) password.
+    s=0123456789; s=$s$s$s$s$s$s$s$s$s$s; s=$s$s$s;
+    # Start a server.
+    nc -l -p 8888 | tee out & pid=$!
+    # Tell curl to pass the password to the server.
+    curl --user me:$s http://localhost:8888 & sleep 1; kill $pid
+    # Extract the password.
+    userpass=$(
+  	awk '/Authorization: Basic/ {print $3}' <out |
+  	tr -d '\r' |
+  	base64 -d
+    )
+    password=${userpass#me:}
+    echo ${#password}
+  
+  Expected result: 300
+  Actual result: 255
+  
+  The fix is simple: allocate appropriately sized buffers on the heap
+  instead of trying to squeeze the provided values into fixed-size
+  on-stack buffers.
+  
+  Bug: http://bugs.debian.org/719856
+  Reported-by: Colby Ranger
+
+- [Jonathan Nieder brought this change]
+
+  netrc: handle longer username and password
+  
+  libcurl truncates usernames and passwords it reads from .netrc to
+  LOGINSIZE and PASSWORDSIZE (64) characters without any indication to
+  the user, to ensure the values returned from Curl_parsenetrc fit in a
+  caller-provided buffer.
+  
+  Fix the interface by passing back dynamically allocated buffers
+  allocated to fit the user's input.  The parser still relies on a
+  256-character buffer to read each line, though.
+  
+  So now you can include an ~246-character password in your .netrc,
+  instead of the previous limit of 63 characters.
+  
+  Reported-by: Colby Ranger
+
+- [Jonathan Nieder brought this change]
+
+  url: allocate username, password, and options on the heap
+  
+  This makes it possible to increase the size of the buffers when needed
+  in later patches.  No functional change yet.
+
+- [Jonathan Nieder brought this change]
+
+  url: use goto in create_conn() for exception handling
+  
+  Instead of remembering before each "return" statement which temporary
+  allocations, if any, need to be freed, take care to set pointers to
+  NULL when no longer needed and use a goto to a common block to exit
+  the function and free all temporaries.
+  
+  No functional change intended.  Currently the only temporary buffer in
+  this function is "proxy" which is already correctly freed when
+  appropriate, but there will be more soon.
+
+- [Jonathan Nieder brought this change]
+
+  sasl: allow arbitrarily long username and password
+  
+  Use appropriately sized buffers on the heap instead of fixed-size
+  buffers on the stack, to allow for longer usernames and passwords.
+  
+  Callers never pass anything longer than MAX_CURL_USER_LENGTH (resp.
+  MAX_CURL_PASSWORD_LENGTH), so no functional change inteded yet.
+
+Steve Holme (19 Aug 2013)
+- [Alex McLellan brought this change]
+
+  imap: Fixed response check for SEARCH command
+  
+  Adding this line allows libcurl to return the server response when
+  performing a search command via a custom request.
+
+Daniel Stenberg (16 Aug 2013)
+- glob: error out on range overflow
+  
+  The new multiply() function detects range value overflows. 32bit
+  machines will overflow on a 32bit boundary while 64bit hosts support
+  ranges up to the full 64 bit range.
+  
+  Added test 1236 to verify.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1267
+  Reported-by: Will Dietz
+
+- urlglob: better detect unclosed braces, empty lists and overflows
+  
+  A rather big overhaul and cleanup.
+  
+  1 - curl wouldn't properly detect and reject globbing that ended with an
+  open brace if there were brackets or braces before it. Like "{}{" or
+  "[0-1]{"
+  
+  2 - curl wouldn't properly reject empty lists so that "{}{}" would
+  result in curl getting (nil) strings in the output.
+  
+  3 - By using strtoul() instead of sscanf() the code will now detected
+  over and underflows. It now also better parses the step argument to only
+  accept positive numbers and only step counters that is smaller than the
+  delta between the maximum and minimum numbers.
+  
+  4 - By switching to unsigned longs instead of signed ints for the
+  counters, the max values for []-ranges are now very large (on 64bit
+  machines).
+  
+  5 - Bumped the maximum number of globs in a single URL to 100 (from 10)
+  
+  6 - Simplified the code somewhat and now it stores fixed strings as
+  single- entry lists. That's also one of the reasons why I did (5) as now
+  all strings between "globs" will take a slot in the array.
+  
+  Added test 1234 and 1235 to verify. Updated test 87.
+  
+  This commit fixes three separate bug reports.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1264
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1265
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1266
+  Reported-by: Will Dietz
+
+- [John Malmberg brought this change]
+
+  VMS: Add RELEASE-NOTES to vms document
+  
+  Add the curl release notes to the release note document generated for
+  VMS packages.
+  
+  Add the different filenames generated by a daily build to the
+  cleanup procedures.
+
+- [Tor Arntsen brought this change]
+
+  tests 2032, 2033: Don't hardcode port in expected output
+
+- ftp: convert state names to a global array
+  
+  ... just to make them easier to print in debug ouputs while debugging.
+  They are still within #ifdef [debugbuild].
+
+- --help: fix the --sasl-ir in the help output
+
+- ftp_domore_getsock: when passive mode, the second conn is already there
+  
+  This makes the socket callback get called with the proper bitmask as
+  otherwise the application could be left hanging waiting for reading on
+  an upload connection!
+  
+  Bug: http://curl.haxx.se/mail/lib-2013-08/0043.html
+  Reported-by: Bill Doyle
+
+- curl: make --no-[option] work properly for several options
+  
+  --create-dirs, --crlf, --socks5-gssapi-nec and --sasl-ir
+
+Kamil Dudka (12 Aug 2013)
+- nss: make sure that NSS is initialized
+  
+  ... prior to calling PK11_GenerateRandom()
+
+Daniel Stenberg (12 Aug 2013)
+- multi: s/easy/data
+  
+  With everything being struct SessionHandle pointers now, this rename
+  makes multi.c use the library-wide practise of calling that pointer
+  'data' instead of the previously used 'easy'.
+
+- cleanup: removed one function, made one static
+  
+  Moved Curl_easy_addmulti() from easy.c to multi.c, renamed it to
+  easy_addmulti and made it static.
+  
+  Removed Curl_easy_initHandleData() and uses of it since it was emptied
+  in commit cdda92ab67b47d74a.
+
+- SessionHandle: the protocol specific pointer is now a void *
+  
+  All protocol handler structs are now opaque (void *) in the
+  SessionHandle struct and moved in the request-specific sub-struct
+  'SingleRequest'. The intension is to keep the protocol specific
+  knowledge in their own dedicated source files [protocol].c etc.
+  
+  There's some "leakage" where this policy is violated, to be addressed at
+  a later point in time.
+
+- urldata: clean up the use of the protocol specific structs
+  
+  1 - always allocate the struct in protocol->setup_connection. Some
+  protocol handlers had to get this function added.
+  
+  2 - always free at the end of a request. This is also an attempt to keep
+  less memory in the handle after it is completed.
+
+- version number: bump to 7.32.1 for now
+  
+  Start working on the next version and up some counters.
+
+Version 7.32.0 (11 Aug 2013)
+
+Daniel Stenberg (11 Aug 2013)
+- THANKS: added contributors from the 7.32.0 release notes
+
+- [Fabian Keil brought this change]
+
+  test1228: add 'HTTP proxy' to the keywords
+
+- [Fabian Keil brought this change]
+
+  tests: add keywords for a couple of FILE tests
+
+- [Fabian Keil brought this change]
+
+  tests: add 'FAILURE' keywords to tests 1409 and 1410
+
+- [Fabian Keil brought this change]
+
+  tests: add keywords for a couple of HTTP tests
+
+- [Fabian Keil brought this change]
+
+  tests: add keywords for a couple of FTP tests
+
+- [Fabian Keil brought this change]
+
+  test1511: consistently terminate headers with CRLF
+
+- DISABLED: shut of test 1512 for now
+  
+  It shows intermittent failures and I haven't been able to track them
+  down yet. Disable this test for now.
+
+- curl_multi_add_handle.3: ... that timer callback is for event-based
+
+- comments: remove old and wrong multi/easy interface statements
+
+- curl_multi_add_handle.3: mention the CURLMOPT_TIMERFUNCTION use
+
+- [John E. Malmberg brought this change]
+
+  KNOWN_BUGS: 22 and 57 have been fixed and committed
+
+- RELEASE-NOTES: synced with d20def20462e7
+
+- global dns cache: fix memory leak
+  
+  The take down of the global dns cache didn't take CURLOPT_RESOLVE names
+  into account.
+
+- global dns cache: didn't work [regression]
+  
+  CURLOPT_DNS_USE_GLOBAL_CACHE broke in commit c43127414d89ccb (been
+  broken since the libcurl 7.29.0 release). While this option has been
+  documented as deprecated for almost a decade and nobody even reported
+  this bug, it should remain functional.
+  
+  Added test case 1512 to verify
+
+Yang Tse (8 Aug 2013)
+- [John Malmberg brought this change]
+
+  packages/vms: update VMS build files
+  
+  VMS modified files either missing from a previous commit and changes
+  to remove references to CVS repositories.
+
+Daniel Stenberg (8 Aug 2013)
+- FTP: renamed several local functions
+  
+  The previous naming scheme ftp_state_post_XXXX() wasn't really helpful
+  as it wasn't always immediately after 'xxxx' and it wasn't easy to
+  understand what it does based on such a name.
+  
+  This new one is instead ftp_state_yyyy() where yyyy describes what it
+  does or sends.
+
+- mk-ca-bundle.1: don't install on make install
+  
+  Since the mk-ca-bundle tool itself isn't installed with make install,
+  there's no point in installing its documentation.
+  
+  Bug: http://curl.haxx.se/mail/lib-2013-08/0057.html
+  Reported-by: Guenter Knauf
+
+Yang Tse (7 Aug 2013)
+- packages/vms/Makefile.am: add latest file additions to EXTRA_DIST
+
+- [John Malmberg brought this change]
+
+  Building_vms_pcsi_kit
+  
+  These are the files needed to build VMS distribution packages known as
+  PCSI kits.
+  
+  Also minor update to the existing files, mainly to the documentation and
+  file clean up code.
+
+Daniel Stenberg (6 Aug 2013)
+- LIBCURL-STRUCTS: new document
+  
+  This is the first version of this new document, detailing the seven
+  perhaps most important internal structs in libcurl source code:
+  
+    1.1 SessionHandle
+    1.2 connectdata
+    1.3 Curl_multi
+    1.4 Curl_handler
+    1.5 conncache
+    1.6 Curl_share
+    1.7 CookieInfo
+
+- CONTRIBUTE: minor language polish
+
+- FTP: when EPSV gets a 229 but fails to connect, retry with PASV
+  
+  This is a regression as this logic used to work. It isn't clear when it
+  broke, but I'm assuming in 7.28.0 when we went all-multi internally.
+  
+  This likely never worked with the multi interface. As the failed
+  connection is detected once the multi state has reached DO_MORE, the
+  Curl_do_more() function was now expanded somewhat so that the
+  ftp_do_more() function can request to go "back" to the previous state
+  when it makes another attempt - using PASV.
+  
+  Added test case 1233 to verify this fix. It has the little issue that it
+  assumes no service is listening/accepting connections on port 1...
+  
+  Reported-by: byte_bucket in the #curl IRC channel
+
+Nick Zitzmann (5 Aug 2013)
+- md5: remove use of CommonCrypto-to-OpenSSL macros for the benefit of Leopard
+  
+  For some reason, OS X 10.5's GCC suddenly stopped working correctly with
+  macros that change MD5_Init etc. in the code to CC_MD5_Init etc., so I
+  worked around this by removing use of the macros and inserting static
+  functions that just call CommonCrypto's implementations of the functions
+  instead.
+
+Guenter Knauf (5 Aug 2013)
+- Simplify check for trusted certificates.
+  
+  This changes the previous check for untrusted certs to a check for
+  certs explicitely marked as trusted.
+  The change is backward-compatible (tested with certdata.txt v1.80).
+
+Daniel Stenberg (5 Aug 2013)
+- configure: warn on bad env variable use, don't error
+  
+  Use XC_CHECK_BUILD_FLAGS instead XC_CHECK_USER_FLAGS.
+
+- Revert "configure: don't error out on variable confusions, just warn"
+  
+  This reverts commit 6b27703b5f525eccdc0a8409f51de8595c75132a.
+
+- formadd: wrong pointer for file name when CURLFORM_BUFFERPTR used
+  
+  The internal function that's used to detect known file extensions for
+  the default Content-Type got the the wrong pointer passed in when
+  CURLFORM_BUFFER + CURLFORM_BUFFERPTR were used. This had the effect that
+  strlen() would be used which could lead to an out-of-bounds read (and
+  thus segfault). In most cases it would only lead to it not finding or
+  using the correct default content-type.
+  
+  It also showed that test 554 and test 587 were testing for the
+  previous/wrong behavior and now they're updated as well.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1262
+  Reported-by: Konstantin Isakov
+
+Guenter Knauf (4 Aug 2013)
+- Skip more untrusted certificates.
+  
+  Christian Heimes brought to our attention that the certdata.txt
+  format has recently changed [1], causing ca-bundle.crt created
+  with mk-ca-bundle.[pl|vbs] to include untrusted certs.
+  
+  [1] http://lists.debian.org/debian-release/2012/11/msg00411.html
+
+Daniel Stenberg (4 Aug 2013)
+- configure: don't error out on variable confusions, just warn
+
+- configure: rephrase the notice in _XC_CHECK_VAR_*
+  
+  Instead of claiming it is an error, we call it a "note" to reduce the
+  severity level. But the following text now says the [variable] "*should*
+  only be used to specify"... instead of previously having said "may".
+
+- multi: remove data->state.current_conn struct field
+  
+  Not needed
+
+- multi: remove the one_easy struct field
+  
+  Since the merge of SessionHandle with Curl_one_easy, this indirection
+  isn't used anymore.
+
+- multi: rename all Curl_one_easy to SessionHandle
+
+- multi: remove the multi_pos struct field
+  
+  Since Curl_one_easy is really a SessionHandle now, this indirection
+  doesn't exist anymore.
+
+- multi: remove easy_handle struct field
+  
+  It isn't needed anymore
+
+- multi: remove 'Curl_one_easy' struct, phase 1
+  
+  The motivation for having a separate struct that keep track of an easy
+  handle when using the multi handle was removed when we switched to
+  always using the multi interface internally. Now they were just two
+  separate struct that was always allocated for each easy handle.
+  
+  This first step just moves the Curl_one_easy struct members into the
+  SessionHandle struct and hides this somehow (== keeps the source code
+  changes to a minimum) by defining Curl_one_easy to SessionHandle
+  
+  The biggest changes in this commit are:
+  
+   1 - the linked list of easy handles had to be changed somewhat due
+       to the new struct layout. This made the main linked list pointer
+       get renamed to 'easyp' and there's also a new pointer to the last
+       node, called easylp. It is no longer circular but ends with ->next
+       pointing to NULL. New nodes are still added last.
+  
+   2 - easy->state is now called easy->mstate to avoid name collision
+
+Steve Holme (2 Aug 2013)
+- Revert "DOCS: Added IMAP URL example for listing new messages"
+  
+  This reverts commit 82ab5f1b0c7c3f as this was the wrong place to
+  document the complexity of IMAP URLs and Custom Requests.
+
+- DOCS: Added IMAP URL example for listing new messages
+  
+  In addition to listing the folder contents, in the URL examples, added
+  an example to list the new messages waiting in the user's inbox.
+
+Yang Tse (1 Aug 2013)
+- packages/vms/Makefile.am: add latest file additions to EXTRA_DIST
+
+- [John Malmberg brought this change]
+
+  Add in the files needed to build libcurl shared images on VMS.
+  
+  Update the packages/vms/readme file to be current.
+  
+  Also some files for the GNV based build were either missing or needed an
+  update.
+  
+  curl_crtl_init.c is a special file that is run before main() to
+  set up the proper C runtime behavior.
+  
+  generate_vax_transfer.com generates the VAX transfer vector modules from
+  the gnv_libcurl_symbols.opt file.
+  
+  gnv_conftest.c_first is a helper file needed for configure scripts to
+  come up with the expected answers on VMS.
+  
+  gnv_libcurl_symbols.opt is the public symbols for the libcurl shared
+  image.
+  
+  gnv_link_curl.com builds the shared libcurl image and rebuilds other
+  programs to use it.
+  
+  macro32_exactcase.patch is a hack to make a local copy of the VMS Macro32
+  assembler case sensitive, which is needed to build the VAX transfer modules.
+  
+  report_openssl_version.c is a tool for help verify that the libcurl
+  shared image is being built for a minium version of openssl.
+
+- curl: second follow-up for commit 5af2bfb9
+  
+  Display progress-bar unconditionally on first call
+
+- curl: follow-up for commit 5af2bfb9
+  
+  Use tvnow() and tvdiff() to avoid introducing new linkage issues
+
+Daniel Stenberg (31 Jul 2013)
+- curl: --progress-bar max update frequency now at 5Hz
+
+- curl: make --progress-bar update the line less frequently
+  
+  Also, use memset() instead of a lame loop.
+  
+  The previous logic that tried to avoid too many updates were very
+  ineffective for really fast transfers, as then it could easily end up
+  doing hundreds of updates per second that would make a significant
+  impact in transfer performance!
+  
+  Bug: http://curl.haxx.se/mail/archive-2013-07/0031.html
+  Reported-by: Marc Doughty
+
+Nick Zitzmann (30 Jul 2013)
+- darwinssl: added LFs to some strings passed into infof()
+  
+  (This doesn't need to appear in the release notes.) I noticed a few places
+  where infof() was called, and there should've been an LF at the end of the
+  string, but there wasn't.
+
+- darwinssl: fix build error in crypto authentication under Snow Leopard
+  
+  It turns out Snow Leopard not only has SecItemCopyMatching() defined in
+  a header not included by the omnibus header, but it won't work for our
+  purposes, because searching for SecIdentityRef objects wasn't added
+  to that API until Lion. So we now use the old SecKeychainSearch API
+  instead if the user is building under, or running under, Snow Leopard.
+  
+  Bug: http://sourceforge.net/p/curl/bugs/1255/
+  Reported by: Edward Rudd
+
+- md5 & metalink: use better build macros on Apple operating systems
+  
+  Previously we used __MAC_10_X and __IPHONE_X to mark digest-generating
+  code that was specific to OS X and iOS. Now we use
+  __MAC_OS_X_VERSION_MAX_ALLOWED and __IPHONE_OS_VERSION_MAX_ALLOWED
+  instead of those macros.
+  
+  Bug: http://sourceforge.net/p/curl/bugs/1255/
+  Reported by: Edward Rudd
+
+Yang Tse (29 Jul 2013)
+- tool_operhlp.c: fix add_file_name_to_url() OOM handling
+
+- tool_operate.c: fix brace placement for vi/emacs delimiter matching
+
+- tool_operate.c: move <fabdef.h> header inclusion location
+
+Daniel Stenberg (29 Jul 2013)
+- RELEASE-NOTES: synced with b5478a0e033e7
+
+- curl_easy_pause: on unpause, trigger mulit-socket handling
+  
+  When the multi-socket API is used, we need the handle to be checked
+  again when it gets unpaused.
+  
+  Bug: http://curl.haxx.se/mail/lib-2013-07/0239.html
+  Reported-by: Justin Karneges
+
+- [John E. Malmberg brought this change]
+
+  curl_formadd: fix file upload on VMS
+  
+  For the standard VMS text file formats, VMS needs to read the file to
+  get the actual file size.
+  
+  For the standard VMS binary file formats, VMS needs a special format of
+  fopen() call so that it stops reading at the logical end of file instead
+  of at the end of the blocks allocated to the file.
+  
+  I structured the patch this way as I was not sure about changing the
+  structures or parameters to the routines, but would prefer to only call
+  the stat() function once and pass the information to where the fopen()
+  call is made.
+  
+  Bug: https://sourceforge.net/p/curl/bugs/758/
+
+- formadd: CURLFORM_FILECONTENT wrongly rejected some option combos
+  
+  The code for CURLFORM_FILECONTENT had its check for duplicate options
+  wrong so that it would reject CURLFORM_PTRNAME if used in combination
+  with it (but not CURLFORM_COPYNAME)! The flags field used for this
+  purpose cannot be interpreted that broadly.
+  
+  Bug: http://curl.haxx.se/mail/lib-2013-07/0258.html
+  Reported-by: Byrial Jensen
+
+Yang Tse (25 Jul 2013)
+- packages/vms/Makefile.am: add latest file additions to EXTRA_DIST
+
+- [John E. Malmberg brought this change]
+
+  VMS: intial set of files to allow building using GNV toolkit.
+
+- string formatting: fix too many arguments for format
+
+- string formatting: fix zero-length printf format string
+
+- easy.c: curl_easy_getinfo() fix va_start/va_end matching
+
+- imap.c: imap_sendf() fix va_start/va_end matching
+
+- string formatting: fix 15+ printf-style format strings
+
+Patrick Monnerat (24 Jul 2013)
+- OS400: sync ILE/RPG binding with current curl.h
+
+Yang Tse (24 Jul 2013)
+- string formatting: fix 25+ printf-style format strings
+
+Daniel Stenberg (23 Jul 2013)
+- Makefile.am: use LDFLAGS as well when linking libcurl
+  
+  Linking on Solaris 10 x86 with Sun Studio 12 failed when we upgraded
+  automake for the release builds.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1217
+  Reported-by: Dagobert Michelsen
+
+- [Fabian Keil brought this change]
+
+  url.c: Fix dot file path cleanup when using an HTTP proxy
+  
+  Previously the path was cleaned, but the URL wasn't properly updated.
+
+- [Fabian Keil brought this change]
+
+  tests: test1232 verifies dotdot removal from path with proxy
+
+- [Fabian Keil brought this change]
+
+  dotdot.c: Fix a RFC section number in a comment for Curl_dedotdotify()
+
+- [John E. Malmberg brought this change]
+
+  build_vms.com: fix debug and float options
+  
+  In the reorganization of the build_vms.com the debug and float options
+  were not fixed up correctly.
+
+- [John E. Malmberg brought this change]
+
+  curl: fix upload of a zip file in OpenVMS
+  
+  Two fixes:
+  
+  1. Force output file format to be stream-lf so that partial downloads
+  can be continued.
+  
+  This should have minor impact as if the file does not exist, it was
+  created with stream-lf format.  The only time this was an issue is if
+  there was already an existing file with a different format.
+  
+  2. Fix file uploads are now fixed.
+  
+     a. VMS binary files such as ZIP archives are now uploaded
+        correctly.
+  
+     b. VMS text files are read once to get the correct size
+        and then converted to line-feed terminated records as
+        they are read into curl.
+  
+  The default VMS text formats do not contain either line-feed or
+  carriage-return terminated records.  Those delimiters are added by the
+  operating system file read calls if the application requests them.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=496
+
+Yang Tse (22 Jul 2013)
+- libtest: fix data type of some *_setopt() 'long' arguments
+
+- curl: fix symbolic names for CURL_NETRC_* enum in --libcurl output
+
+- curl: fix symbolic names for CURLUSESSL_* enum in --libcurl output
+
+- tool_operate.c: fix passing curl_easy_setopt long arg on some x64 ABIs
+  
+  We no longer pass our 'bool' data type variables nor constants as
+  an argument to my_setopt(), instead we use proper 1L or 0L values.
+  
+  This also fixes macro used to pass string argument for CURLOPT_SSLCERT,
+  CURLOPT_SSLKEY and CURLOPT_EGDSOCKET using my_setopt_str() instead of
+  my_setopt().
+  
+  This also casts enum or int argument data types to long when passed to
+  my_setopt_enum().
+
+Daniel Stenberg (21 Jul 2013)
+- curl_multi_wait: fix revents
+  
+  Commit 6d30f8ebed34e7276 didn't work properly. First, it used the wrong
+  array index, but this fix also:
+  
+  1 - only does the copying if indeed there was any activity
+  
+  2 - makes sure to properly translate between internal and external
+  bitfields, which are not guaranteed to match
+  
+  Reported-by: Evgeny Turnaev
+
+- RELEASE-NOTES: synced with d529f3882b9bca
+
+- curl_easy_perform: gradually increase the delay time
+  
+  Instead of going 50,100,150 etc millisecond delay time when nothing has
+  been found to do or wait for, we now start lower and double each loop as
+  in 4,8,16,32 etc.
+  
+  This lowers the minimum wait without sacrifizing the longer wait too
+  much with unnecessary CPU cycles burnt.
+  
+  Bug: http://curl.haxx.se/mail/lib-2013-07/0103.html
+  Reported-by: Andreas Malzahn
+
+- ftp_do_more: consider DO_MORE complete when server connects back
+  
+  In the case of an active connection when ftp_do_more() detects that the
+  server has connected back, it must make sure to mark it as complete so
+  that the multi_runsingle() function will detect this and move on to the
+  next state.
+  
+  Bug: http://curl.haxx.se/mail/lib-2013-07/0115.html
+  Reported-by: Clemens Gruber
+
+Yang Tse (19 Jul 2013)
+- Makefile.b32: Borland makefile adjustments. Tested with BCC 5.5.1
+
+- WIN32 MemoryTracking: require UNICODE for wide strdup code support
+
+Daniel Stenberg (18 Jul 2013)
+- CURLOPT_XFERINFOFUNCTION: introducing a new progress callback
+  
+  CURLOPT_XFERINFOFUNCTION is now the preferred progress callback function
+  and CURLOPT_PROGRESSFUNCTION is considered deprecated.
+  
+  This new callback uses pure 'curl_off_t' arguments to pass on full
+  resolution sizes. It otherwise retains the same characteristics: the
+  same call rate, the same meanings for the arguments and the return code
+  is used the same way.
+  
+  The progressfunc.c example is updated to show how to use the new
+  callback for newer libcurls while supporting the older one if built with
+  an older libcurl or even built with a newer libcurl while running with
+  an older.
+
+Yang Tse (18 Jul 2013)
+- Reinstate "WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() usage".
+  
+  This reverts commit 7ed25cc, reinstating commit 8ec2cb5.
+  
+  As of 18-jul-2013 we still do have code in libcurl that makes use of these
+  memory functions. Commit 8ec2cb5 comment still applies and is yet valid.
+  
+  These memory functions are solely used in Windows builds, so all related
+  code is protected with '#ifdef WIN32' preprocessor conditional compilation
+  directives.
+  
+  Specifically, wcsdup() _wcsdup() are used when building a Windows target with
+  UNICODE and USE_WINDOWS_SSPI preprocessor symbols defined. This is the case
+  when building a Windows UNICODE target with Windows native SSL/TLS support
+  enabled.
+  
+  Realizing that wcsdup() _wcsdup() are used is a bit tricky given that usage
+  of these is hidden behind _tcsdup() which is MS way of dealing with code
+  that must tolerate UNICODE and non-UNICODE compilation. Additionally, MS
+  header files and those compatible from other compilers use this preprocessor
+  conditional compilation directive in order to select at compilation time
+  whether 'wide' or 'ansi' MS API functions are used.
+  
+  Without this code, Windows build targets with Windows native SSL/TLS support
+  enabled and MemoryTracking support enabled misbehave in tracking memory usage,
+  regardless of being a UNICODE enabled build or not.
+
+- xc-am-iface.m4: comments refinement
+
+- configure: fix 'subdir-objects' distclean related issue
+  
+  See XC_AMEND_DISTCLEAN comments for details.
+
+Daniel Stenberg (18 Jul 2013)
+- [Evgeny Turnaev brought this change]
+
+  curl_multi_wait: set revents for extra fds
+  
+  Pass back the revents that happened for the user-provided file
+  descriptors.
+
+- [Ben Greear brought this change]
+
+  asyn-ares: Don't blank ares servers if none configured.
+  
+  Best to just let c-ares use it's defaults if none are configured
+  in (lib)curl.
+  
+  Signed-off-by: Ben Greear <greearb@candelatech.com>
+
+- [Sergei Nikulov brought this change]
+
+  cmake: Fix for MSVC2010 project generation
+  
+  Fixed issue with static build for MSVC2010.
+  
+  After some investigation I've discovered known issue
+  http://public.kitware.com/Bug/view.php?id=11240 When .rc file is linked
+  to static lib it fails with following linker error
+  
+  LINK : warning LNK4068: /MACHINE not specified; defaulting to X86
+  file.obj : fatal error LNK1112: module machine type 'x64' conflicts with
+  target machine type 'X86'
+  
+  Fix add target property /MACHINE: for MSVC generation.
+  
+  Also removed old workarounds - it caused errors during msvc build.
+  
+  Bug: http://curl.haxx.se/mail/lib-2013-07/0046.html
+
+- mk-ca-bundle.1: point out certdata.txt format docs
+
+Yang Tse (16 Jul 2013)
+- slist.c: Curl_slist_append_nodup() OOM handling fix
+
+Daniel Stenberg (16 Jul 2013)
+- test1414: FTP PORT download without SIZE support
+
+Yang Tse (16 Jul 2013)
+- tests/Makefile.am: add configurehelp.pm to DISTCLEANFILES
+
+Patrick Monnerat (15 Jul 2013)
+- curl_slist_append(): fix error detection
+
+- slist.c: fix indentation
+
+- OS400: new SSL backend GSKit
+
+- OS400: add slist and certinfo EBCDIC support
+
+- config-os400.h: enable system strdup(), strcmpi(), etc.
+
+- x509asn1.c,x509asn1.h: new module to support ASN.1/X509 parsing & info extract
+  Use from qssl backend
+
+- ssluse.c,sslgen.c,sslgen.h: move certinfo support to generic SSL
+
+- Merge branch 'master' of github.com:bagder/curl
+  
+  Merge for resync
+
+- slist.c, slist.h, cookie.c: new internal procedure Curl_slist_append_nodup()
+
+Yang Tse (15 Jul 2013)
+- sslgen.c: fix Curl_rand() compiler warning
+  
+  Use simple seeding method upon RANDOM_FILE seeding method failure.
+
+- sslgen.c: fix unreleased Curl_rand() infinite recursion
+
+Daniel Stenberg (14 Jul 2013)
+- [Dave Reisner brought this change]
+
+  src/tool: allow timeouts to accept decimal values
+  
+  Implement wrappers around strtod to convert the user argument to a
+  double with sane error checking. Use this to allow --max-time and
+  --connect-timeout to accept decimal values instead of strictly integers.
+  
+  The manpage is updated to make mention of this feature and,
+  additionally, forewarn that the actual timeout of the operation can
+  vary in its precision (particularly as the value increases in its
+  decimal precision).
+
+- [Dave Reisner brought this change]
+
+  curl.1: fix long line, found by checksrc.pl
+
+- [Dave Reisner brought this change]
+
+  src/tool_paramhlp: try harder to catch negatives
+  
+  strto* functions happily chomp off leading whitespace, so simply
+  checking for str[0] can lead to false negatives. Do the full parse and
+  check the out value instead.
+
+- [John E. Malmberg brought this change]
+
+  build_vms.com: detect and use zlib shared image
+  
+  Update the build_vms.com to detect and use zlib shared image installed
+  by the ZLIB kit produced by Jean-Francois Pieronne, and the also the
+  future ZLIB 1.2.8 kit in addition to the older ZLIB kits.
+  
+  Also fix the indentation to match one of the common standards used for
+  VMS DCL command files and removed the hard tab characters.
+  
+  Tested on OpenVMS 8.4 Alpha and IA64, and OpenVMS 7.3 VAX.
+
+Yang Tse (14 Jul 2013)
+- url.c: fix parse_url_login() OOM handling
+
+- http_digest.c: SIGSEGV and OOM handling fixes
+
+- url.c: fix parse_login_details() OOM handling
+
+- [John E. Malmberg brought this change]
+
+  setup-vms.h: sk_pop symbol tweak
+  
+  Newer versions of curl are referencing a sk_pop symbol while the HP
+  OpenSSL library has the symbol in uppercase only.
+
+- getinfo.c: fix enumerated type mixed with another type
+
+- test 1511: fix enumerated type mixed with another type
+
+- url.c: fix SIGSEGV
+
+- dotdot.c: fix global declaration shadowing
+
+- easy.c: fix global declaration shadowing
+
+Kamil Dudka (9 Jul 2013)
+- Revert "curl.1: document the --time-cond option in the man page"
+  
+  This reverts commit 3a0e931fc715a80004958794a96b12cf90503f99 because
+  the documentation of --time-cond was duplicated by mistake.
+  
+  Reported by: Dave Reisner
+
+- curl.1: document the --sasl-ir option in the man page
+
+- curl.1: document the --post303 option in the man page
+
+- curl.1: document the --time-cond option in the man page
+
+Yang Tse (9 Jul 2013)
+- configure: automake 1.14 compatibility tweak (use XC_AUTOMAKE)
+
+- xc-am-iface.m4: provide XC_AUTOMAKE macro
+
+Guenter Knauf (8 Jul 2013)
+- Added winssl-zlib target to VC builds.
+
+- Synced Makefile.vc6 with recent changes.
+  
+  Issue posted to the list by malinowsky AT FTW DOT at.
+
+- Added libmetalink URL; added Android versions.
+
+Dan Fandrich (3 Jul 2013)
+- examples: Moved usercertinmem.c to COMPLICATED_EXAMPLES
+  
+  This prevents it from being built during a "make check" since it
+  depends on OpenSSL.
+
+Nick Zitzmann (2 Jul 2013)
+- Merge branch 'master' of https://github.com/bagder/curl
+
+- darwinssl: SSLv2 connections are aborted if unsupported by the OS
+  
+  I just noticed that OS X no longer supports SSLv2. Other TLS engines return
+  an error if the requested protocol isn't supported by the underlying
+  engine, so we do that now for SSLv2 if the framework returns an error
+  when trying to turn on SSLv2 support. (Note: As always, SSLv2 support is
+  only enabled in curl when starting the app with the -2 argument; it's off
+  by default. SSLv2 is really old and insecure.)
+
+Marc Hoersken (1 Jul 2013)
+- lib506.c: Fixed possible use of uninitialized variables
+
+Kamil Dudka (30 Jun 2013)
+- url: restore the functionality of 'curl -u :'
+  
+  This commit fixes a regression introduced in
+  fddb7b44a79d78e05043e1c97e069308b6b85f79.
+  
+  Reported by: Markus Moeller
+  Bug: http://curl.haxx.se/mail/archive-2013-06/0052.html
+
+Daniel Stenberg (25 Jun 2013)
+- digest: append the timer to the random for the nonce
+
+- digest: improve nonce generation
+  
+  Use the new improved Curl_rand() to generate better random nonce for
+  Digest auth.
+
+- curl.1: fix typo in --xattr description
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1252
+  Reported-by: Jean-Noël Rouvignac
+
+- RELEASE-NOTES: synced with 365c5ba39591
+  
+  The 10 first bug fixes for the pending release...
+
+- formpost: better random boundaries
+  
+  When doing multi-part formposts, libcurl used a pseudo-random value that
+  was seeded with time(). This turns out to be bad for users who formpost
+  data that is provided with users who then can guess how the boundary
+  string will look like and then they can forge a different formpost part
+  and trick the receiver.
+  
+  My advice to such implementors is (still even after this change) to not
+  rely on the boundary strings being cryptographically strong. Fix your
+  code and logic to not depend on them that much!
+  
+  I moved the Curl_rand() function into the sslgen.c source file now to be
+  able to take advantage of the SSL library's random function if it
+  provides one. If not, try to use the RANDOM_FILE for seeding and as a
+  last resort keep the old logic, just modified to also add microseconds
+  which makes it harder to properly guess the exact seed.
+  
+  The formboundary() function in formdata.c is now using 64 bit entropy
+  for the boundary and therefore the string of dashes was reduced by 4
+  letters and there are 16 hex digits following it. The total length is
+  thus still the same.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1251
+  Reported-by: "Floris"
+
+- printf: make sure %x are treated unsigned
+  
+  When using %x, the number must be treated as unsigned as otherwise it
+  would get sign-extended on for example 64bit machines and do wrong
+  output. This problem showed when doing printf("%08x", 0xffeeddcc) on a
+  64bit host.
+
+- tests: add test1395 to the tarball
+
+- SIGPIPE: don't use 'data' in sigpipe restore
+  
+  Follow-up fix from 7d80ed64e43515.
+  
+  The SessionHandle may not be around to use when we restore the sigpipe
+  sighandler so we store the no_signal boolean in the local struct to know
+  if/how to restore.
+
+- TODO: 1.8 Modified buffer size approach
+  
+  Thoughts around buffer sizes and what might be possible to do...
+
+- c-ares: improve error message on failed resolve
+  
+  When the c-ares based resolver backend failed to resolve a name, it
+  tried to show the name that failed from existing structs. This caused
+  the wrong output and shown hostname when for example --interface
+  [hostname] was used and that name resolving failed.
+  
+  Now we use the hostname used in the actual resolve attempt in the error
+  message as well.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1191
+  Reported-by: Kim Vandry
+
+- ossl_recv: check for an OpenSSL error, don't assume
+  
+  When we recently started to treat a zero return code from SSL_read() as
+  an error we also got false positives - which primarily looks to be
+  because the OpenSSL documentation is wrong and a zero return code is not
+  at all an error case in many situations.
+  
+  Now ossl_recv() will check with ERR_get_error() to see if there is a
+  stored error and only then consider it to be a true error if SSL_read()
+  returned zero.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1249
+  Reported-by: Nach M. S.
+  Patch-by: Nach M. S.
+
+Nick Zitzmann (22 Jun 2013)
+- Merge branch 'master' of https://github.com/bagder/curl
+
+- darwinssl: fix crash that started happening in Lion
+  
+  Something (a recent security update maybe?) changed in Lion, and now it
+  has changed SSLCopyPeerTrust such that it may return noErr but also give
+  us a null trust, which caught us off guard and caused an eventual crash.
+
+Daniel Stenberg (22 Jun 2013)
+- SIGPIPE: ignored while inside the library
+  
+  ... and restore the ordinary handling again when it returns. This is
+  done for curl_easy_perform() and curl_easy_cleanup() only for now - and
+  only when built to use OpenSSL as backend as this is the known culprit
+  for the spurious SIGPIPEs people have received.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1180
+  Reported by: Lluís Batlle i Rossell
+
+- KNOWN_BUGS: #83 unable to load non-default openssl engines
+
+- test1396: invoke the correct test tool!
+  
+  This erroneously run unit test 1310 instead of 1396!
+
+Kamil Dudka (22 Jun 2013)
+- test1230: avoid using hard-wired port number
+  
+  ... to prevent failure when a non-default -b option is given
+
+- curl-config.in: replace tabs by spaces
+
+Nick Zitzmann (22 Jun 2013)
+- darwinssl: reform OS-specific #defines
+  
+  This doesn't need to be in the release notes. I cleaned up a lot of the #if
+  lines in the code to use MAC_OS_X_VERSION_MIN_REQUIRED and
+  MAC_OS_X_VERSION_MAX_ALLOWED instead of checking for whether things like
+  __MAC_10_6 or whatever were defined, because for some SDKs Apple has released
+  they were defined out of place.
+
+Daniel Stenberg (22 Jun 2013)
+- [Alessandro Ghedini brought this change]
+
+  docs: fix typo in curl_easy_getinfo manpage
+
+- dotdot: introducing dot file path cleanup
+  
+  RFC3986 details how a path part passed in as part of a URI should be
+  "cleaned" from dot sequences before getting used. The described
+  algorithm is now implemented in lib/dotdot.c with the accompanied test
+  case in test 1395.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1200
+  Reported-by: Alex Vinnik
+
+- bump: start working towards what most likely will become 7.32.0
+
+- THANKS: added 24 new contributors from the 7.31.0 release
+
+Version 7.31.0 (22 Jun 2013)
+
+Daniel Stenberg (22 Jun 2013)
+- RELEASE-NOTES: synced with 0de7249bb39a2 - 7.31.0
+
+- unit1396: unit tests to verify curl_easy_(un)escape
+
+- Curl_urldecode: no peeking beyond end of input buffer
+  
+  Security problem: CVE-2013-2174
+  
+  If a program would give a string like "%FF" to curl_easy_unescape() but
+  ask for it to decode only the first byte, it would still parse and
+  decode the full hex sequence. The function then not only read beyond the
+  allowed buffer but it would also deduct the *unsigned* counter variable
+  for how many more bytes there's left to read in the buffer by two,
+  making the counter wrap. Continuing this, the function would go on
+  reading beyond the buffer and soon writing beyond the allocated target
+  buffer...
+  
+  Bug: http://curl.haxx.se/docs/adv_20130622.html
+  Reported-by: Timo Sirainen
+
+Guenter Knauf (20 Jun 2013)
+- Use opened body.out file and write content to it.
+
+Daniel Stenberg (20 Jun 2013)
+- multi_socket: react on socket close immediately
+  
+  As a remedy to the problem when a socket gets closed and a new one is
+  opened with the same file descriptor number and as a result
+  multi.c:singlesocket() doesn't detect the difference, the new function
+  Curl_multi_closed() gets told when a socket is closed so that it can be
+  removed from the socket hash. When the old one has been removed, a new
+  socket should be detected fine by the singlesocket() on next invoke.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1248
+  Reported-by: Erik Johansson
+
+- RELEASE-NOTES: synced with e305f5ec715f
+
+- TODO: mention the DANE patch from March
+
+- CURLOPT_COOKIELIST: take cookie share lock
+  
+  When performing COOKIELIST operations the cookie lock needs to be taken
+  for the cases where the cookies are shared among multiple handles!
+  
+  Verified by Benjamin Gilbert's updated test 506
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1215
+  Reported-by: Benjamin Gilbert
+
+- [Benjamin Gilbert brought this change]
+
+  test506: verify that CURLOPT_COOKIELIST takes share lock
+  
+  It doesn't right now: http://curl.haxx.se/bug/view.cgi?id=1215
+
+- TODO: HTTP2/SPDY support
+
+- curl_easy_setopt.3: clarify CURLOPT_PROGRESSFUNCTION frequency
+  
+  Make it clearer that the CURLOPT_PROGRESSFUNCTION callback will be
+  called more frequently than once per second when things are happening.
+
+- RELEASE-NOTES: synced with 9c3e098259b82
+  
+  Mention 7 recent bug fixes and their associated contributors
+
+- curl_multi_wait.3: clarify the numfds counter
+
+- curl_easy_perform: avoid busy-looping
+  
+  When curl_multi_wait() finds no file descriptor to wait for, it returns
+  instantly and this must be handled gracefully within curl_easy_perform()
+  or cause a busy-loop. Starting now, repeated fast returns without any
+  file descriptors is detected and a gradually increasing sleep will be
+  used (up to a max of 1000 milliseconds) before continuing the loop.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1238
+  Reported-by: Miguel Angel
+
+- [YAMADA Yasuharu brought this change]
+
+  cookies: follow-up fix for path checking
+  
+  The initial fix to only compare full path names were done in commit
+  04f52e9b4db0 but found out to be incomplete. This takes should make the
+  change more complete and there's now two additional tests to verify
+  (test 31 and 62).
+
+- [Sergei Nikulov brought this change]
+
+  lib1900: use tutil_tvnow instead of gettimeofday
+  
+  Makes it build on windows
+
+- [Eric Hu brought this change]
+
+  axtls: now done non-blocking
+
+- [Eric Hu brought this change]
+
+  test2033: requires NTLM support
+
+- KNOWN_BUGS: #82 failed build with Borland compiler
+
+- Curl_output_digest: support auth-int for empty entity body
+  
+  By always returning the md5 for an empty body when auth-int is asked
+  for, libcurl now at least sometimes does the right thing.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1235
+  Patched-by: Nach M. S.
+
+- multi_socket: reduce timeout inaccuracy margin
+  
+  Allow less room for "triggered too early" mistakes by applications /
+  timers on non-windows platforms. Starting now, we assume that a timeout
+  call is never made earlier than 3 milliseconds before the actual
+  timeout. This greatly improves timeout accuracy on Linux.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1228
+  Reported-by: Hang Su
+
+- cert_stuff: avoid double free in the PKCS12 code
+  
+  In the pkcs12 code, we get a list of x509 records returned from
+  PKCS12_parse but when iterating over the list and passing each to
+  SSL_CTX_add_extra_chain_cert() we didn't also properly remove them from
+  the "stack", which made them get freed twice (both in sk_X509_pop_free()
+  and then later in SSL_CTX_free).
+  
+  This isn't really documented anywhere...
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1236
+  Reported-by: Nikaiw
+
+- cert_stuff: remove code duplication in the pkcs12 logic
+
+- [Aleksey Tulinov brought this change]
+
+  axtls: honor disabled VERIFYHOST
+  
+  When VERIFYHOST == 0, libcurl should let invalid certificates to pass.
+
+- [Peter Gal brought this change]
+
+  curl_easy_setopt.3: HTTP header with no content
+  
+  Update the documentation on how to specify a HTTP header with no
+  content.
+
+- RELEASE-NOTES: synced with 87cf677eca55
+  
+  Added 11 bugs and 7 contributors
+
+- lib1500: remove bad check
+  
+  After curl_multi_wait() returns, this test checked that we got exactly
+  one file descriptor told to read from, but we cannot be sure that is
+  true. curl_multi_wait() will sometimes return earlier without any file
+  descriptor to handle, just just because it is a suitable time to call
+  *perform().
+  
+  This problem showed up with commit 29bf0598.
+  
+  Bug: http://curl.haxx.se/mail/lib-2013-06/0029.html
+  Reported-by: Fabian Keil
+
+- tests/Makefile: typo in the perlcheck target
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1239
+  Reported-by: Christian Weisgerber
+
+- test1230: verify CONNECT to a numerical ipv6-address
+
+- sws: support extracting test number from CONNECT ipv6-address!
+  
+  If an ipv6-address is provided to CONNECT, the last hexadecimal group in
+  the address will be used as the test number! For example the address
+  "[1234::ff]" would be treated as test case 255.
+
+- curl_multi_wait: only use internal timer if not -1
+  
+  commit 29bf0598aad5 introduced a problem when the "internal" timeout is
+  prefered to the given if shorter, as it didn't consider the case where
+  -1 was returned. Now the internal timeout is only considered if not -1.
+  
+  Reported-by: Tor Arntsen
+  Bug: http://curl.haxx.se/mail/lib-2013-06/0015.html
+
+Dan Fandrich (3 Jun 2013)
+- libcurl-tutorial.3: added a section on IPv6
+  
+  Also added a (correctly-escaped) backslash to the autoexec.bat
+  example file and a new Windows character device name with
+  a colon as examples of other characters that are special
+  and potentially dangerous (this reverts and reworks commit
+  7d8d2a54).
+
+Daniel Stenberg (3 Jun 2013)
+- curl_multi_wait: reduce timeout if the multi handle wants to
+  
+  If the multi handle's pending timeout is less than what is passed into
+  this function, it will now opt to use the shorter time anyway since it
+  is a very good hint that the handle wants to process something in a
+  shorter time than what otherwise would happen.
+  
+  curl_multi_wait.3 was updated accordingly to clarify
+  
+  This is the reason for bug #1224
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1224
+  Reported-by: Andrii Moiseiev
+
+- multi_runsingle: switch an if() condition for readability
+  
+  ... because there's an identical check right next to it so using the
+  operators in the check in the same order increases readability.
+
+Marc Hoersken (2 Jun 2013)
+- curl_schannel.c: Removed variable unused since 35874298e4
+
+- curl_setup.h: Fixed redefinition warning using mingw-w64
+
+Daniel Stenberg (30 May 2013)
+- multi_runsingle: add braces to clarify the code
+
+- libcurl-tutorial.3: remove incorrect backslash
+  
+  A single backslash in the content is not legal nroff syntax.
+  
+  Reported and fixed by: Eric S. Raymond
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1234
+
+- curl_formadd.3: fixed wrong "end-marker" syntax
+  
+  Reported and fixed by: Eric S. Raymond
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1233
+
+- curl.1: clarify that --silent still outputs data
+
+- Digest auth: escape user names with \ or " in them
+  
+  When sending the HTTP Authorization: header for digest, the user name
+  needs to be escaped if it contains a double-quote or backslash.
+  
+  Test 1229 was added to verify
+  
+  Reported and fixed by: Nach M. S
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1230
+
+- [Mike Giancola brought this change]
+
+  ossl_recv: SSL_read() returning 0 is an error too
+  
+  SSL_read can return 0 for "not successful", according to the open SSL
+  documentation: http://www.openssl.org/docs/ssl/SSL_read.html
+
+- [Mike Giancola brought this change]
+
+  ossl_send: SSL_write() returning 0 is an error too
+  
+  We found that in specific cases if the connection is abruptly closed,
+  the underlying socket is listed in a close_wait state. We continue to
+  call the curl_multi_perform, curl_mutli_fdset etc. None of these APIs
+  report the socket closed / connection finished.  Since we have cases
+  where the multi connection is only used once, this can pose a problem
+  for us. I've read that if another connection was to come in, curl would
+  see the socket as bad and attempt to close it at that time -
+  unfortunately, this does not work for us.
+  
+  I found that in specific situations, if SSL_write returns 0, curl did
+  not recognize the socket as closed (or errored out) and did not report
+  it to the application. I believe we need to change the code slightly, to
+  check if ssl_write returns 0. If so, treat it as an error - the same as
+  a negative return code.
+  
+  For OpenSSL - the ssl_write documentation is here:
+  http://www.openssl.org/docs/ssl/SSL_write.html
+
+- KNOWN_BUGS: curl -OJC- fails to resume
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1169
+
+- Curl_cookie_add: handle IPv6 hosts
+  
+  1 - don't skip host names with a colon in them in an attempt to bail out
+  on HTTP headers in the cookie file parser. It was only a shortcut anyway
+  and trying to parse a file with HTTP headers will still be handled, only
+  slightly slower.
+  
+  2 - don't skip domain names based on number of dots. The original
+  netscape cookie spec had this oddity mentioned and while our code
+  decreased the check to only check for two, the existing cookie spec has
+  no such dot counting required.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1221
+  Reported-by: Stefan Neis
+
+- curl_easy_setopt.3: expand the PROGRESSFUNCTION section
+  
+  Explain the callback and its arguments better and with more descriptive
+  text.
+
+- tests: add test1394 file to the tarball
+
+- tarball: include the xmlstream example
+
+- [David Strauss brought this change]
+
+  xmlstream: XML stream parsing example source code
+  
+  Add an XML stream parsing example using Expat. Add missing ignore for
+  the binary from an unrelated example.
+
+- [YAMADA Yasuharu brought this change]
+
+  cookies: only consider full path matches
+  
+  I found a bug which cURL sends cookies to the path not to aim at.
+  For example:
+  - cURL sends a request to http://example.fake/hoge/
+  - server returns cookie which with path=/hoge;
+    the point is there is NOT the '/' end of path string.
+  - cURL sends a request to http://example.fake/hogege/ with the cookie.
+  
+  The reason for this old "feature" is because that behavior is what is
+  described in the original netscape cookie spec:
+  http://curl.haxx.se/rfc/cookie_spec.html
+  
+  The current cookie spec (RFC6265) clarifies the situation:
+  http://tools.ietf.org/html/rfc6265#section-5.2.4
+
+- [Eric Hu brought this change]
+
+  axtls: prevent memleaks on SSL handshake failures
+
+- Revert "WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() usage"
+  
+  This reverts commit 8ec2cb5544b86306b702484ea785b6b9596562ab.
+  
+  We don't have any code anywhere in libcurl (or the curl tool) that use
+  wcsdup so there's no such memory use to track. It seems to cause mild
+  problems with the Borland compiler though that we may avoid by reverting
+  this change again.
+  
+  Bug: http://curl.haxx.se/mail/lib-2013-05/0070.html
+
+- RELEASE-NOTES: synced with ae26ee3489588f0
+
+Guenter Knauf (11 May 2013)
+- Updated zlib version in build files.
+
+Daniel Stenberg (9 May 2013)
+- [Renaud Guillard brought this change]
+
+  OS X framework: fix invalid symbolic link
+
+Kamil Dudka (9 May 2013)
+- [Daniel Stenberg brought this change]
+
+  nss: give PR_INTERVAL_NO_WAIT instead of -1 to PR_Recv/PR_Send
+  
+  Reported by: David Strauss
+  Bug: http://curl.haxx.se/mail/lib-2013-05/0088.html
+
+Daniel Stenberg (8 May 2013)
+- libtest: gitignore more binary files
+
+- servercert: allow empty subject
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1220
+  Patch by: John Gardiner Myers
+
+- [Steve Holme brought this change]
+
+  tests: Added new SMTP tests to verify commit 99b40451836d
+
+- runtests.pl: support nonewline="yes" in client/stdin sections
+
+- build: fixed unit1394 for debug and metlink builds
+
+Kamil Dudka (6 May 2013)
+- unit1394.c: plug the curl tool unit test in
+
+- [Jared Jennings brought this change]
+
+  unit1394.c: basis of a unit test for parse_cert_parameter()
+
+- src/Makefile.am: build static lib for unit tests if enabled
+
+- tool_getparam: ensure string termination in parse_cert_parameter()
+
+- tool_getparam: fix memleak in handling the -E option
+
+- tool_getparam: describe what parse_cert_parameter() does
+  
+  ... and de-duplicate the code initializing *passphrase
+
+- curl.1: document escape sequences recognized by -E
+
+- [Jared Jennings brought this change]
+
+  curl -E: allow to escape ':' in cert nickname
+
+Marc Hoersken (5 May 2013)
+- curl_schannel.c: Fixed invalid memory access during SSL shutdown
+
+Steve Holme (4 May 2013)
+- smtp: Fix trailing whitespace warning
+
+- smtp: Fix compilation warning
+  
+  comparison between signed and unsigned integer expressions
+
+- RELEASE-NOTES: synced with 92ef5f19c801
+
+- smtp: Updated RFC-2821 references to RFC-5321
+
+- smtp: Fixed sending of double CRLF caused by first in EOB
+  
+  If the mail sent during the transfer contains a terminating <CRLF> then
+  we should not send the first <CRLF> of the EOB as specified in RFC-5321.
+  
+  Additionally don't send the <CRLF> if there is "no mail data" as the
+  DATA command already includes it.
+
+- tests: Corrected MAIL SIZE for CRLF line endings
+  
+  ... which was missed in commit: f5c3d9538452
+
+- tests: Corrected infilesize for CRLF line endings
+  
+  ... which was missed in commit: f5c3d9538452
+
+- tests: Corrected test1406 to be RFC2821 compliant
+
+- tests: Corrected test1320 to be RFC2821 compliant
+
+- tests: Corrected typo in test909
+  
+  Introduced in commit: 514817669e9e
+
+- tests: Corrected test909 to be RFC2821 compliant
+
+- tests: Updated test references to 909 from 1411
+  
+  ...and removed references to libcurl and test1406.
+
+- tests: Renamed test1411 to test909 as this is a main SMTP test
+
+Daniel Stenberg (1 May 2013)
+- [Lars Johannesen brought this change]
+
+  bindlocal: move brace out of #ifdef
+  
+  The code within #ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID wrongly had two
+  closing braces when it should only have one, so builds without that
+  define would fail.
+  
+  Bug: http://curl.haxx.se/mail/lib-2013-05/0000.html
+
+Steve Holme (30 Apr 2013)
+- smtp: Tidy up to move the eob counter to the per-request structure
+  
+  Move the eob counter from the smtp_conn structure to the SMTP structure
+  as it is associated with a SMTP payload on a per-request basis.
+
+- TODO: Updated following the addition of CURLOPT_SASL_IR
+
+- smtp: Fixed unknown percentage complete in progress bar
+  
+  The curl command line utility would display the the completed progress
+  bar with a percentage of zero as the progress routines didn't know the
+  size of the transfer.
+
+Daniel Stenberg (29 Apr 2013)
+- ftpserver: silence warnings
+  
+  Fix regressions in commit b56e3d43e5d. Make @data local and filter off
+  non-numerical digits from $testno in STATUS_imap.
+
+Steve Holme (29 Apr 2013)
+- ftpserver.pl: Corrected the imap LOGIN response
+  
+  ...to be more realistic and consistent with the other imap responses.
+
+- tests: Added imap STATUS command test
+
+- tests: Corrected the SMTP tests to be RFC2821 compliant
+  
+  The emails that are sent to the server during these tests were
+  incorrectly formatted as they contained one or more LF terminated lines
+  rather than being CRLF terminated as per Section 2.3.7 of RFC-2821.
+  
+  This wasn't a problem for the test suite as the <stdin> data matched the
+  <upload> data but anyone using these tests as reference would be sending
+  incorrect data to a server.
+
+- email: Tidy up of *_perform_authenticate()
+  
+  Removed the hard returns from imap and pop3 by using the same style for
+  sending the authentication string as smtp. Moved the "Other mechanisms
+  not supported" check in smtp to match that of imap and pop3 to provide
+  consistency between the three email protocols.
+
+- smtp: Updated limit check to be more readable like the check in pop3
+
+- pop3: Added 255 octet limit check when sending initial response
+  
+  Added 255 octet limit check as per Section 4. Paragraph 8 of RFC-5034.
+
+- DOCS: Corrected line length of recent Secure Transport changes
+
+Nick Zitzmann (27 Apr 2013)
+- darwinssl: add TLS crypto authentication
+  
+  Users using the Secure Transport (darwinssl) back-end can now use a
+  certificate and private key to authenticate with a site using TLS. Because
+  Apple's security system is based around the keychain and does not have any
+  non-public function to create a SecIdentityRef data structure from data
+  loaded outside of the Keychain, the certificate and private key have to be
+  loaded into the Keychain first (using the certtool command line tool or
+  the Security framework's C API) before we can find it and use it.
+
+Steve Holme (27 Apr 2013)
+- Corrected version numbers after bump
+
+Daniel Stenberg (27 Apr 2013)
+- bump version
+  
+  Since we're adding new stuff, the next release will bump the minor
+  version and we're looking forward to 7.31.0
+
+Steve Holme (27 Apr 2013)
+- RELEASE-NOTES: synced with f4e6e201b146
+
+- DOCS: Updated following the addition of CURLOPT_SASL_IR
+  
+  Documented the the option in curl_easy_setopt() and added it to
+  symbols-in-versions.
+
+- tests: Corrected command line arguments in test907 and test908
+
+- tests: Added SMTP AUTH with initial response tests
+
+- tests: Updated SMTP tests to decouple client initial response
+  
+  Updated test903 and test904 following the addition of CURLOPT_SASL_IR
+  as the default behaviour of SMTP AUTH responses is now to not include
+  the initial response. New tests with --sasl-ir support to follow.
+
+- imap: Added support for overriding the SASL initial response
+  
+  In addition to checking for the SASL-IR capability the user can override
+  the sending of the client's initial response in the AUTHENTICATION
+  command with the use of CURLOPT_SASL_IR should the server erroneously
+  not report SASL-IR when it does support it.
+
+- smtp: Added support for disabling the SASL initial response
+  
+  Updated the default behaviour of sending the client's initial response in the AUTH
+  command to not send it and added support for CURLOPT_SASL_IR to allow the user to
+  specify including the response.
+  
+  Related Bug: http://curl.haxx.se/mail/lib-2012-03/0114.html
+  Reported-by: Gokhan Sengun
+
+- pop3: Added support for enabling the SASL initial response
+  
+  Allowed the user to specify whether to send the client's intial response
+  in the AUTH command via CURLOPT_SASL_IR.
+
+- sasl-ir: Added --sasl-ir option to curl command line tool
+
+- sasl-ir: Added CURLOPT_SASL_IR to enable/disable the SASL initial response
+
+Daniel Stenberg (26 Apr 2013)
+- curl_easy_init: use less mallocs
+  
+  By introducing an internal alternative to curl_multi_init() that accepts
+  parameters to set the hash sizes, easy handles will now use tiny socket
+  and connection hash tables since it will only ever add a single easy
+  handle to that multi handle.
+  
+  This decreased the number mallocs in test 40 (which is a rather simple
+  and typical easy interface use case) from 1142 to 138. The maximum
+  amount of memory allocated used went down from 118969 to 78805.
+
+Steve Holme (26 Apr 2013)
+- ftpserver.pl: Fixed imap logout confirmation data
+  
+  An IMAP server should response with the BYE continuation response before
+  confirming the LOGOUT command was successful.
+
+Daniel Stenberg (26 Apr 2013)
+- ftp_state_pasv_resp: connect through proxy also when set by env
+  
+  When connecting back to an FTP server after having sent PASV/EPSV,
+  libcurl sometimes didn't use the proxy properly even though the proxy
+  was used for the initial connect.
+  
+  The function wrongly checked for the CURLOPT_PROXY variable to be set,
+  which made it act wrongly if the proxy information was set with an
+  environment variable.
+  
+  Added test case 711 to verify (based on 707 which uses --socks5). Also
+  added test712 to verify another variation of setting the proxy: with
+  --proxy socks5://
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1218
+  Reported-by: Zekun Ni
+
+Kamil Dudka (26 Apr 2013)
+- [Zdenek Pavlas brought this change]
+
+  url: initialize speed-check data for file:// protocol
+  
+  ... in order to prevent an artificial timeout event based on stale
+  speed-check data from a previous network transfer.  This commit fixes
+  a regression caused by 9dd85bced56f6951107f69e581c872c1e7e3e58e.
+  
+  Bug: https://bugzilla.redhat.com/906031
+
+Daniel Stenberg (25 Apr 2013)
+- test709: clarify the test in the name
+
+- sshserver: disable StrictHostKeyChecking
+  
+  I couldn't figure out why the host key logic isn't working, but having
+  it set to yes prevents my SSH-based test cases to run. I also don't see
+  a strong need to use strict host key checking on this test server.
+  
+  So I disabled it.
+
+- runtests: log more commands in verbose mode
+  
+  ... to aid tracking down failures
+
+Steve Holme (25 Apr 2013)
+- TODO: Corrected copy/paste typo
+
+- TODO: Added new ideas for future SMTP, POP3 and IMAP features
+
+- TODO: Updated following the addition of ;auth=<MECH> support
+
+- DOCS: Minor rewording / clarification of host name protocol detection
+
+- RELEASE-NOTES: synced with a8c92cb60890
+
+- DOCS: Added reference to IETF draft for SMTP URL Interface
+  
+  ...when mentioning login options. Additional minor clarification of
+  "Windows builds" to be "Windows builds with SSPI"as a way of enabling
+  NTLM as Windows builds may be built with OpenSSL to enable NTLM or
+  without NTLM support altogether.
+
+Linus Nielsen Feltzing (23 Apr 2013)
+- HISTORY: Fix spelling error.
+
+Steve Holme (23 Apr 2013)
+- DOCS: Reworked the scheme calculation explanation under CURLOPT_URL
+
+- url: Added smtp and pop3 hostnames to the protocol detection list
+
+Daniel Stenberg (23 Apr 2013)
+- HISTORY: correct some years/dates
+  
+  Thanks to archive.org's wayback machine I updated this document with
+  some facts from the early httpget/urlget web page:
+  
+  http://web.archive.org/web/19980216125115/http://www.inf.ufrgs.br/~sagula/urlget.html
+
+- [Alessandro Ghedini brought this change]
+
+  tests: add test1511 to check timecond clean-up
+  
+  Verifies the timecond fix in commit c49ed0b6c0f
+
+- [Alessandro Ghedini brought this change]
+
+  getinfo.c: reset timecond when clearing session-info variables
+  
+  Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705783
+  Reported-by: Ludovico Cavedon <cavedon@debian.org>
+
+Steve Holme (22 Apr 2013)
+- DOCS: Added information about login options to CURLOPT_USERPWD
+
+- DOCS: Added information about login options in the URL
+
+- url: Fixed missing length check in parse_proxy()
+  
+  Commit 11332577b3cb removed the length check that was performed by the
+  old scanf() code.
+
+- url: Fixed crash when no username or password supplied for proxy
+  
+  Fixed an issue in parse_proxy(), introduced in commit 11332577b3cb,
+  where an empty username or password (For example: http://:@example.com)
+  would cause a crash.
+
+- url: Removed unused text length constants
+
+- url: Updated proxy URL parsing to use parse_login_details()
+
+- url: Tidy up of setstropt_userpwd() parameters
+  
+  Updated the naming convention of the login parameters to match those of
+  other functions.
+
+- url: Tidy up of code and comments following recent changes
+  
+  Tidy up of variable names and comments in setstropt_userpwd() and
+  parse_login_details().
+
+- url: Simplified setstropt_userpwd() following recent changes
+  
+  There is no need to perform separate clearing of data if a NULL option
+  pointer is passed in. Instead this operation can be performed by simply
+  not calling parse_login_details() and letting the rest of the code do
+  the work.
+
+- url: Correction to scope of if statements when setting data
+
+- url: Fixed memory leak in setstropt_userpwd()
+  
+  setstropt_userpwd() was calling setstropt() in commit fddb7b44a79d to
+  set each of the login details which would duplicate the strings and
+  subsequently cause a memory leak.
+
+- RELEASE-NOTES: synced with d535c4a2e1f7
+
+- url: Added overriding of URL login options from CURLOPT_USERPWD
+
+- tool_paramhlp: Fixed options being included in username
+  
+  Fix to prevent the options from being displayed when curl requests the
+  user's password if the following command line is specified:
+  
+  --user username;options
+
+- url: Added support for parsing login options from the CURLOPT_USERPWD
+  
+  In addition to parsing the optional login options from the URL, added
+  support for parsing them from CURLOPT_USERPWD, to allow the following
+  supported command line:
+  
+  --user username:password;options
+
+- url: Added bounds checking to parse_login_details()
+  
+  Added bounds checking when searching for the separator characters within
+  the login string as this string may not be NULL terminated (For example
+  it is the login part of a URL). We do this in preference to allocating a
+  new string to copy the login details into which could then be passed to
+  parse_login_details() for performance reasons.
+
+- url: Added size_t cast to pointer based length calculations
+
+- url: Corrected minor typo in comment
+
+Daniel Stenberg (18 Apr 2013)
+- CURL_CHECK_CA_BUNDLE: don't check for paths when cross-compiling
+  
+  When cross-compiling we can't scan and detect existing files or paths.
+  
+  Bug: http://curl.haxx.se/mail/lib-2013-04/0294.html
+
+- [Ishan SinghLevett brought this change]
+
+  usercertinmem.c: add example showing user cert in memory
+  
+  Relies on CURLOPT_SSL_CTX_FUNCTION, which is OpenSSL specific
+
+Steve Holme (18 Apr 2013)
+- url: Fix chksrc longer than 79 columns warning
+
+- url: Fix incorrect variable type for result code
+
+- url: Fix compiler warning
+  
+  signed and unsigned type in conditional expression
+
+- url: Moved parsing of login details out of parse_url_login()
+  
+  Separated the parsing of login details from the processing of them in
+  parse_url_login() ready for use by setstropt_userpwd().
+
+- url: Re-factored set_userpass() and parse_url_userpass()
+  
+  Re-factored these functions to reflect their new behaviour following the
+  addition of login options.
+
+- url: Reworked URL parsing to allow overriding by CURLOPT_USERPWD
+
+Daniel Stenberg (18 Apr 2013)
+- maketgz: make bzip2 creation work with Parallel BZIP2 too
+  
+  Apparently the previous usage didn't work with that implementation,
+  while this updated version works with at least both Parallel BZIP2
+  v1.1.8 and regular bzip "Version 1.0.6, 6-Sept-2010".
+
+Linus Nielsen Feltzing (18 Apr 2013)
+- Add tests/http_pipe.py to the tarball build
+
+Steve Holme (16 Apr 2013)
+- smtp: Re-factored all perform based functions
+  
+  Standardised the naming of all perform based functions to be in the form
+  smtp_perform_something().
+
+- smtp: Added description comments to all perform based functions
+
+- smtp: Moved smtp_quit() to be with the other perform functions
+
+- smtp: Moved smtp_rcpt_to() to be with the other perform functions
+
+- smtp: Moved smtp_mail() to be with the other perform functions
+
+Daniel Stenberg (16 Apr 2013)
+- [Wouter Van Rooy brought this change]
+
+  curl-config: don't output static libs when they are disabled
+  
+  Curl-config outputs static libraries even when they are disabled in
+  configure.
+  
+  This causes problems with the build of pycurl.
+
+- [Dave Reisner brought this change]
+
+  docs/libcurl: fix formatting in manpage
+  
+  Commit c3ea3eb6 introduced some minor cosmetic errors in
+  curl_mutli_socket_action(3).
+
+- [Paul Howarth brought this change]
+
+  Add extra libs for lib1900 and lib2033 test programs
+  
+  These are needed in cases where clock_gettime is used, from librt.
+
+Dan Fandrich (15 Apr 2013)
+- FAQ: mention that the network connection can be monitored
+  
+  Also note the prohibition on sharing handles across threads.
+
+Steve Holme (15 Apr 2013)
+- pop3: Added missing comment for pop3_state_apop_resp()
+
+- smtp: Updated the coding style of smtp_state_servergreet_resp()
+  
+  Updated the coding style, in this function, to be consistant with other
+  response functions rather then performing a hard return on failure.
+
+- pop3: Updated the coding style of pop3_state_servergreet_resp()
+  
+  Updated the coding style, in this function, to be consistent with other
+  response functions rather then performing a hard return on failure.
+
+- pop3: Re-factored all perform based functions
+  
+  Standardised the naming of all perform based functions to be in the form
+  pop3_perform_something() following the changes made to IMAP.
+
+- pop3: Added description comments to all perform based functions
+
+- pop3: Moved pop3_quit() to be with the other perform functions
+
+- pop3: Moved pop3_command() to be with the other perform functions
+  
+  Started to apply the same tidy up to the POP3 code as applied to the
+  IMAP code in the 7.30.0 release.
+
+- RELEASE-NOTES: Removed erroneous spaces
+
+- RELEASE-NOTES: synced with 8723cade21fb
+
+- smtp: Added support for ;auth=<mech> in the URL
+  
+  Added support for specifying the preferred authentication mechanism in
+  the URL as per Internet-Draft 'draft-earhart-url-smtp-00'.
+
+- pop3: Reworked authentication type constants
+  
+  ... to use left-shifted values, like those defined in curl.h, rather
+  than 16-bit hexadecimal values.
+
+- pop3: Small consistency tidy up
+
+- pop3: Added support for ;auth=<mech> in the URL
+  
+  Added support for specifying the preferred authentication type and SASL
+  mechanism in the URL as per RFC-2384.
+
+- imap: Added support for ;auth=<mech> in the URL
+  
+  Added support for specifying the preferred authentication mechanism in
+  the URL as per RFC-5092.
+
+- sasl: Reworked SASL mechanism constants
+  
+  ... to use left-shifted values, like those defined in curl.h, rather
+  than 16-bit hexadecimal values.
+
+- sasl: Added predefined preferred mechanism values
+  
+  In preparation for the upcoming changes to IMAP, POP3 and SMTP added
+  preferred mechanism values.
+
+- url: Added support for parsing login options from the URL
+  
+  As well as parsing the username and password from the URL, added support
+  for parsing the optional options part from the login details, to allow
+  the following supported URL format:
+  
+  schema://username:password;options@example.com/path?q=foobar
+  
+  This will only be used by IMAP, POP3 and SMTP at present but any
+  protocol that may be given login options in the URL will be able to
+  add support for them.
+
+- smtp: Fix compiler warning
+  
+  warning: unused variable 'smtp' introduced in commit 73cbd21b5ee6.
+
+- smtp: Moved parsing of url path into separate function
+
+Daniel Stenberg (12 Apr 2013)
+- FTP: handle a 230 welcome response
+  
+  ...instead of the 220 we otherwise expect.
+  
+  Made the ftpserver.pl support sending a custom "welcome" and then
+  created test 1219 to verify this fix with such a 230 welcome.
+  
+  Bug: http://curl.haxx.se/mail/lib-2013-02/0102.html
+  Reported by: Anders Havn
+
+- configure: try pthread_create without -lpthread
+  
+  For libc variants without a spearate pthread lib (like bionic), try
+  using pthreads without the pthreads lib first and only if that fails try
+  the -lpthread linker flag.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1216
+  Reported by: Duncan
+
+- FTP: access files in root dir correctly
+  
+  Accessing a file with an absolute path in the root dir but with no
+  directory specified was not handled correctly. This fix comes with four
+  new test cases that verify it.
+  
+  Bug: http://curl.haxx.se/mail/lib-2013-04/0142.html
+  Reported by: Sam Deane
+
+Steve Holme (12 Apr 2013)
+- pop3: Reworked the function description for Curl_pop3_write()
+
+- pop3: Added function description to pop3_parse_custom_request()
+
+- pop3: Moved utility functions to end of pop3.c
+
+Nick Zitzmann (12 Apr 2013)
+- darwinssl: add TLS session resumption
+  
+  This ought to speed up additional TLS handshakes, at least in theory.
+
+Steve Holme (12 Apr 2013)
+- imap: Added function description to imap_parse_custom_request()
+
+- imap: Moved utility functions to end of imap.c (Part 3/3)
+  
+  Moved imap_is_bchar() be with the other utility based functions.
+
+- imap: Moved utility functions to end of imap.c (Part 2/3)
+  
+  Moved imap_parse_url_path() and imap_parse_custom_request() to the end of the
+  file allowing all utility functions to be grouped together.
+
+- imap: Moved utility functions to end of imap.c (Part 1/3)
+  
+  Moved imap_atom() and imap_sendf() to the end of the file allowing all
+  utility functions to be grouped together.
+
+- imap: Corrected function description for imap_connect()
+
+Kamil Dudka (12 Apr 2013)
+- tests: prevent test206, test1060, and test1061 from failing
+  
+  ... in case runtests.pl is invoked with non-default -b option
+  
+  Fixes a regression caused by 1e29d275c643ef6aab7948f0f55a7a9397e56b42.
+
+Daniel Stenberg (12 Apr 2013)
+- [David Strauss brought this change]
+
+  libcurl-share.3: update what it does and does not share.
+  
+  Update sharing interface documentation to provide exhaustive list of
+  what it does and does not share.
+
+- THANKS: remove duplicated names
+
+- bump: start working towards next release
+
+- THANKS: added people from the 7.30.0 RELEASE-NOTES
+
+Version 7.30.0 (12 Apr 2013)
+
+Daniel Stenberg (12 Apr 2013)
+- RELEASE-NOTES: cleaned up for 7.30 (synced with 5c5e1a1cd20)
+  
+  Most notable the security advisory:
+  http://curl.haxx.se/docs/adv_20130412.html
+
+- test1218: another cookie tailmatch test
+  
+  ... and make 1216 also verify it with a file input
+  
+  These tests verify commit 3604fde3d3c9b0d, the fix for the "cookie
+  domain tailmatch" vulnerability. See
+  http://curl.haxx.se/docs/adv_20130412.html
+
+- [YAMADA Yasuharu brought this change]
+
+  cookie: fix tailmatching to prevent cross-domain leakage
+  
+  Cookies set for 'example.com' could accidentaly also be sent by libcurl
+  to the 'bexample.com' (ie with a prefix to the first domain name).
+  
+  This is a security vulnerabilty, CVE-2013-1944.
+  
+  Bug: http://curl.haxx.se/docs/adv_20130412.html
+
+Guenter Knauf (11 Apr 2013)
+- Enabled MinGW sync resolver builds.
+
+Yang Tse (10 Apr 2013)
+- if2ip.c: fix compiler warning
+
+Guenter Knauf (10 Apr 2013)
+- Fixed lost OpenSSL output with "-t" - followup.
+  
+  The previously applied patch didnt work on Windows; we cant rely
+  on shell commands like 'echo' since they act diffently on each
+  platform and each shell.
+  In order to keep this script platform-independent the code must
+  only use pure Perl.
+
+Daniel Stenberg (9 Apr 2013)
+- test1217: verify parsing 257 responses with "rubbish" before path
+  
+  Test 1217 verifies commit e0fb2d86c9f78, and without that change this
+  test fails.
+
+- [Bill Middlecamp brought this change]
+
+  FTP: handle "rubbish" in front of directory name in 257 responses
+  
+  When doing PWD, there's a 257 response which apparently some servers
+  prefix with a comment before the path instead of after it as is
+  otherwise the norm.
+  
+  Failing to parse this, several otherwise legitimate use cases break.
+  
+  Bug: http://curl.haxx.se/mail/lib-2013-04/0113.html
+
+Guenter Knauf (9 Apr 2013)
+- Fixed ares-enabled builds with static makefiles.
+
+- Fixed lost OpenSSL output with "-t".
+  
+  The OpenSSL pipe wrote to the final CA bundle file, but the encoded PEM
+  output wrote to a temporary file.  Consequently, the OpenSSL output was
+  lost when the temp file was renamed to the final file at script finish
+  (overwriting the final file written earlier by openssl).
+  Patch posted to the list by Richard Michael (rmichael edgeofthenet org).
+
+Daniel Stenberg (9 Apr 2013)
+- test1216: test tailmatching cookie domains
+  
+  This test is an attempt to repeat the problem YAMADA Yasuharu reported
+  at http://curl.haxx.se/mail/lib-2013-04/0108.html
+
+- RELEASe-NOTES: synced with 29fdb2700f797
+  
+  added "tcpkeepalive on Mac OS X"
+
+Nick Zitzmann (8 Apr 2013)
+- darwinssl: disable insecure ciphers by default
+  
+  I noticed that aria2's SecureTransport code disables insecure ciphers such
+  as NULL, anonymous, IDEA, and weak-key ciphers used by SSLv3 and later.
+  That's a good idea, and now we do the same thing in order to prevent curl
+  from accessing a "secure" site that only negotiates insecure ciphersuites.
+
+Daniel Stenberg (8 Apr 2013)
+- [Robert Wruck brought this change]
+
+  tcpkeepalive: Support CURLOPT_TCP_KEEPIDLE on OSX
+  
+  MacOS X doesn't have TCP_KEEPIDLE/TCP_KEEPINTVL but only a single
+  TCP_KEEPALIVE (see
+  http://developer.apple.com/library/mac/#DOCUMENTATION/Darwin/Reference/ManPages/man4/tcp.4.html).
+  Here is a patch for CURLOPT_TCP_KEEPIDLE on OSX platforms.
+
+- configure: remove CURL_CHECK_FUNC_RECVFROM
+  
+  1 - We don't use the results from the test and we never did. recvfrom()
+  is only used by the TFTP code and it has not caused any problems.
+  
+  2 - the CURL_CHECK_FUNC_RECVFROM function is extremely slow
+
+Steve Holme (8 Apr 2013)
+- RELEASE-NOTES: Corrected duplicate NTLM memory leaks
+
+- RELEASE-NOTES: Removed trailing full stop
+
+Daniel Stenberg (8 Apr 2013)
+- [Fabian Keil brought this change]
+
+  proxy: make ConnectionExists() check credential of proxyconnections too
+  
+  Previously it only compared credentials if the requested needle
+  connection wasn't using a proxy. This caused NTLM authentication
+  failures when using proxies as the authentication code wasn't send on
+  the connection where the challenge arrived.
+  
+  Added test 1215 to verify: NTLM server authentication through a proxy
+  (This is a modified copy of test 67)
+
+- RELEASE-NOTES: sync with 704a5dfca9
+
+- TODO-RELEASE: cleaned up, not really maintained lately
+
+Marc Hoersken (7 Apr 2013)
+- if2ip.c: Fixed another warning: unused parameter 'remote_scope'
+
+Daniel Stenberg (7 Apr 2013)
+- [Marc Hoersken brought this change]
+
+  cookie.c: Made cookie sort function more deterministic
+  
+  Since qsort implementations vary with regards to handling the order
+  of similiar elements, this change makes the internal sort function
+  more deterministic by comparing path length first, then domain length
+  and finally the cookie name. Spotted with testcase 62 on Windows.
+
+Marc Hoersken (7 Apr 2013)
+- curl_schannel.c: Follow up on memory leak fix ae4558d
+
+- Revert "getpart.pm: Strip carriage returns to fix Windows support"
+  
+  This reverts commit e51b23c925a2721cf7c29b2b376d3d8903cfb067.
+  As discussed on the mailinglist, this was not the correct approach.
+
+- http_negotiate.c: Fixed passing argument from incompatible pointer type
+
+- ftp.c: Added missing brackets around ABOR command logic
+
+- sockfilt.c: Fixed detection of client-side connection close
+  
+  WINSOCK only:
+  Since FD_CLOSE is only signaled once, it may trigger at the same
+  time as FD_READ. Data actually being available makes it impossible
+  to detect that the connection was closed by checking that recv returns
+  zero. Another recv attempt could block the connection if it was
+  not closed. This workaround abuses exceptfds in conjunction with
+  readfds to signal that the connection has actually closed.
+
+- curl_schannel.c: Fixed memory leak if connection was not successful
+
+- if2ip.c: Fixed warning: unused parameter 'remote_scope'
+
+- runtests.pl: Fixed --verbose parameter passed to http_pipe.py
+
+- sockfilt.c: Reduce CPU load while running under a Windows PIPE
+
+- tftpd.c: Apply sread timeout to the whole data transfer session
+
+- getpart.pm: Strip carriage returns to fix Windows support
+
+Daniel Stenberg (6 Apr 2013)
+- ftp tests: libcurl returns CURLE_FTP_ACCEPT_FAILED better now
+  
+  Since commit 57aeabcc1a20f, it handles errors on the control connection
+  while waiting for the data connection better.
+  
+  Test 591 and 592 are updated accordingly.
+
+- FTP: wait on both connections during active STOR state
+  
+  When doing PORT and upload (STOR), this function needs to extract the
+  file descriptor for both connections so that it will respond immediately
+  when the server eventually connects back.
+  
+  This flaw caused active connections to become unnecessary slow but they
+  would still often work due to the normal polling on a timeout. The bug
+  also would not occur if the server connected back very fast, like when
+  testing on local networks.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1183
+  Reported by: Daniel Theron
+
+Marc Hoersken (6 Apr 2013)
+- tftpd.c: Follow up cleanup and restore of previous sockopt
+
+Daniel Stenberg (6 Apr 2013)
+- [Kim Vandry brought this change]
+
+  connect: treat an interface bindlocal() problem as a non-fatal error
+  
+  I am using curl_easy_setopt(CURLOPT_INTERFACE, "if!something") to force
+  transfers to use a particular interface but the transfer fails with
+  CURLE_INTERFACE_FAILED, "Failed binding local connection end" if the
+  interface I specify has no IPv6 address. The cause is as follows:
+  
+  The remote hostname resolves successfully and has an IPv6 address and an
+  IPv4 address.
+  
+  cURL attempts to connect to the IPv6 address first.
+  
+  bindlocal (in lib/connect.c) fails because Curl_if2ip cannot find an
+  IPv6 address on the interface.
+  
+  This is a fatal error in singleipconnect()
+  
+  This change will make cURL try the next IP address in the list.
+  
+  Also included are two changes related to IPv6 address scope:
+  
+  - Filter the choice of address in Curl_if2ip to only consider addresses
+  with the same scope ID as the connection address (mismatched scope for
+  local and remote address does not result in a working connection).
+  
+  - bindlocal was ignoring the scope ID of addresses returned by
+  Curl_if2ip . Now it uses them.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1189
+
+Marc Hoersken (6 Apr 2013)
+- tftpd.c: Fixed sread timeout on Windows by setting it manually
+
+- ftp.pm: Added tskill to support Windows XP Home
+
+- runtests.pl: Modularization of MinGW/Msys compatibility functions
+
+- ftp.pm: Made Perl testsuite able to handle Windows processes
+
+- util.c: Revert workaround eeefcdf, 6eb56e7 and e3787e8
+
+- ftp.pm: Made Perl testsuite able to kill Windows processes
+
+- util.c: Follow up cleanup on eeefcdf
+
+Daniel Stenberg (6 Apr 2013)
+- cpp: use #ifdef __MINGW32__ to avoid compiler complaints
+  
+  ... instead of just #if
+
+Marc Hoersken (6 Apr 2013)
+- util.c: Made write_pidfile write the correct PID on MinGW/Msys
+  
+  This workaround fixes an issue on MinGW/Msys regarding the Perl
+  testsuite scripts not being able to signal or control the server
+  processes. The MinGW Perl runtime only sees the Msys processes and
+  their corresponding PIDs, but sockfilt (and other servers) wrote the
+  Windows PID into their PID-files. Since this PID is useless to the
+  testsuite, the write_pidfile function was changed to search for the
+  Msys PID and write that into the PID-file.
+
+Daniel Stenberg (5 Apr 2013)
+- RELEASE-NOTES: synced with 5e722b2d09087
+  
+  3 more bug fixes, 6 more contributors
+
+Marc Hoersken (5 Apr 2013)
+- sockfilt.c: Fixed handling of multiple fds being signaled
+
+Kamil Dudka (5 Apr 2013)
+- curl_global_init.3: improve description of CURL_GLOBAL_ALL
+  
+  Reported by: Tomas Mlcoch
+
+- examples/multi-single.c: fix the order of destructions
+  
+  ... so that it adheres to the API documentation.
+  
+  Reported by: Tomas Mlcoch
+
+Daniel Stenberg (5 Apr 2013)
+- Curl_open: restore default MAXCONNECTS to 5
+  
+  At some point recently we lost the default value for the easy handle's
+  connection cache, and this change puts it back to 5 - which is the
+  former default value and it is documented in the curl_easy_setopt.3 man
+  page.
+
+Marc Hoersken (4 Apr 2013)
+- sockfilt.c: Added wrapper functions to fix Windows console issues
+  
+  The new read and write wrapper functions support reading from stdin
+  and writing to stdout/stderr on Windows by using the appropriate
+  Windows API functions and data types.
+
+Yang Tse (4 Apr 2013)
+- lib1509.c: fix compiler warnings
+
+- easy.c: fix compiler warning
+
+Daniel Stenberg (4 Apr 2013)
+- --engine: spellfix the help message
+  
+  Reported by: Fredrik Thulin
+
+Yang Tse (4 Apr 2013)
+- http_negotiate.c: follow-up for commit 3dcc1a9c
+
+Linus Nielsen Feltzing (4 Apr 2013)
+- easy: Fix the broken CURLOPT_MAXCONNECTS option
+  
+  Copy the CURLOPT_MAXCONNECTS option to CURLMOPT_MAXCONNECTS in
+  curl_easy_perform().
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1212
+  Reported-by: Steven Gu
+
+Guenter Knauf (4 Apr 2013)
+- Updated copyright date.
+
+- Another small output fix for --help and --version.
+
+Yang Tse (4 Apr 2013)
+- http_negotiate.c: fix several SPNEGO memory handling issues
+
+Guenter Knauf (4 Apr 2013)
+- Added a cont to specify base64 line wrap.
+
+- Fixed version output.
+
+- Added support for --help and --version options.
+
+- Added option to specify length of base64 output.
+  
+  Based on a patch posted to the list by Richard Michael.
+
+Daniel Stenberg (3 Apr 2013)
+- curl_easy_setopt.3: CURLOPT_HTTPGET disables CURLOPT_UPLOAD
+
+- [Yasuharu Yamada brought this change]
+
+  Curl_cookie_add: only increase numcookies for new cookies
+  
+  Count up numcookies in Curl_cookie_add() only when cookie is new one
+
+- SO_SNDBUF: don't set SNDBUF for win32 versions vista or later
+  
+  The Microsoft knowledge-base article
+  http://support.microsoft.com/kb/823764 describes how to use SNDBUF to
+  overcome a performance shortcoming in winsock, but it doesn't apply to
+  Windows Vista and later versions. If the described SNDBUF magic is
+  applied when running on those more recent Windows versions, it seems to
+  instead have the reversed effect in many cases and thus make libcurl
+  perform less good on those systems.
+  
+  This fix thus adds a run-time version-check that does the SNDBUF magic
+  conditionally depending if it is deemed necessary or not.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1188
+  Reported by: Andrew Kurushin
+  Tested by: Christian Hägele
+
+Nick Zitzmann (1 Apr 2013)
+- darwinssl: additional descriptive messages of SSL handshake errors
+  
+  (This doesn't need to appear in the release notes.)
+
+Guenter Knauf (1 Apr 2013)
+- Added dns and connect time to output.
+
+Daniel Stenberg (1 Apr 2013)
+- RELEASE-NOTES: synced with 0614b902136
+
+- code-policed
+
+- tcpkeepalive: support TCP_KEEPIDLE/TCP_KEEPINTVL on win32
+  
+  Patch by: Robert Wruck
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1209
+
+- BINDINGS: BBHTTP is a cocoa binding, Julia has a binding
+
+- ftp_sendquote: use PPSENDF, not FTPSENDF
+  
+  The last remaining code piece that still used FTPSENDF now uses PPSENDF.
+  In the problematic case, a PREQUOTE series was done on a re-used
+  connection when Curl_pp_init() hadn't been called so it had messed up
+  pointers. The init call is done properly from Curl_pp_sendf() so this
+  change fixes this particular crash.
+  
+  Bug: http://curl.haxx.se/mail/lib-2013-03/0319.html
+  Reported by: Sam Deane
+
+Steve Holme (27 Mar 2013)
+- RELEASE-NOTES: Corrected typo
+
+Daniel Stenberg (27 Mar 2013)
+- [Clemens Gruber brought this change]
+
+  multi-uv.c: remove unused variable
+
+- RELEASE-NOTES: add two references
+
+- test1509: verify proxy header response headers count
+  
+  Modified sws to support and use custom CONNECT responses instead of the
+  previously naive hard-coded version. Made the HTTP test server able to
+  extract test case number from the host name in a CONNECT request by
+  finding the number after the last dot. It makes 'machine.moo.123' use
+  test case 123.
+  
+  Adapted a larger amount of tests to the new <connect> style.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1204
+  Reported by: Martin Jansen
+
+- [Clemens Gruber brought this change]
+
+  Added libuv example multi-uv.c
+
+Yang Tse (25 Mar 2013)
+- NTLM: fix several NTLM code paths memory leaks
+
+- WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() usage
+  
+  As of 25-mar-2013 wcsdup() _wcsdup() and _tcsdup() are only used in
+  WIN32 specific code, so tracking of these has not been extended for
+  other build targets. Without this fix, memory tracking system on
+  WIN32 builds, when using these functions, would provide misleading
+  results.
+  
+  In order to properly extend this support for all targets curl.h
+  would have to define curl_wcsdup_callback prototype and consequently
+  wchar_t should be visible before that in curl.h.  IOW curl_wchar_t
+  defined in curlbuild.h and this pulling whatever system header is
+  required to get wchar_t definition.
+  
+  Additionally a new curl_global_init_mem() function that also receives
+  user defined wcsdup() callback would be required.
+
+- curl_ntlm_msgs.c: revert commit 463082bea4
+  
+  reverts unreleased invalid memory leak fix
+
+Daniel Stenberg (23 Mar 2013)
+- RELEASE-NOTES: synced with bc6037ed3ec02
+  
+  More changes, bugfixes and contributors!
+
+- [Martin Jansen brought this change]
+
+  Curl_proxyCONNECT: count received headers
+  
+  Proxy servers tend to add their own headers at the beginning of
+  responses. The size of these headers was not taken into account by
+  CURLINFO_HEADER_SIZE before this change.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1204
+
+Steve Holme (21 Mar 2013)
+- sasl: Corrected a few violations of the curl coding standards
+  
+  Corrected some incorrectly positioned pointer variable declarations to
+  be "char *" rather than "char* ".
+
+- multi.c: Corrected a couple of violations of the curl coding standards
+  
+  Corrected some incorrectly positioned pointer variable declarations to
+  be "type *" rather than "type* ".
+
+- imap-tests: Added CRLF to reply data to be compliant with RFC-822
+  
+  Updated the reply data in tests: 800, 801, 802, 804 and 1321 to possess
+  the CRLF as per RFC-822.
+
+- multi.c: Fix compilation warning
+  
+  warning: an enumerated type is mixed with another type
+
+- multi.c: fix compilation error
+  
+  warning: conversion from enumeration type to different enumeration type
+
+- lib1900.c: fix compilation warning
+  
+  warning: declaration of 'time' shadows a global declaration
+
+Yang Tse (20 Mar 2013)
+- [John E. Malmberg brought this change]
+
+  build_vms.com: use existing curlbuild.h and parsing fix
+  
+  This patch removes building curlbuild.h from the build_vms.com procedure
+  and uses the one in the daily or release tarball instead.
+  
+  packages/vms/build_curlbuild_h.com is obsolete with this change.
+  
+  Accessing the library module name "tool_main" needs different handling
+  when the optional extended parsing is enabled.
+  
+  Tested on IA64/VMS 8.4 and VAX/VMS 7.3
+
+Nick Zitzmann (19 Mar 2013)
+- darwinssl: disable ECC ciphers under Mountain Lion by default
+  
+  I found out that ECC doesn't work as of OS X 10.8.3, so those ciphers are
+  turned off until the next point release of OS X.
+
+Steve Holme (18 Mar 2013)
+- FEATURES: Small tidy up for constancy and grammar
+
+Daniel Stenberg (18 Mar 2013)
+- [Oliver Schindler brought this change]
+
+  Curl_proxyCONNECT: clear 'rewindaftersend' on success
+  
+  After having done a POST over a CONNECT request, the 'rewindaftersend'
+  boolean could be holding the previous value which could lead to badness.
+  
+  This should be tested for in a new test case!
+  
+  Bug: https://groups.google.com/d/msg/msysgit/B31LNftR4BI/KhRTz0iuGmUJ
+
+Steve Holme (18 Mar 2013)
+- TODO: Reordered the protocol and security sections
+  
+  Moved SMTP, POP3, IMAP and New Protocol sections to be listed after the
+  other protocols (FTP, HTTP and TELNET) and SASL to be after SSL and
+  GnuTLS as these are all security related.
+  
+  Additionally fixed numbering of the SSL and GnuTLS sections as they
+  weren't consecutive.
+
+Yang Tse (18 Mar 2013)
+- tests: specify 'text' mode for some output files in verify section
+
+Steve Holme (17 Mar 2013)
+- imap: Fixed incorrect initial response generation for SASL AUTHENTICATE
+  
+  Fixed incorrect initial response generation for the NTLM and LOGIN SASL
+  authentication mechanisms when the SASL-IR was detected.
+  
+  Introduced in commit: 6da7dc026c14.
+
+- FEATURES: Expanded the supported enhanced IMAP command list
+
+- TODO: Corrected typo in TOC
+
+- TODO: Added IMAP section and removed unused Other protocols section
+
+- TODO: Added graceful base64 decoding failure to SMTP and POP3
+
+- TODO: Corrected typo on section 10.2 heading
+
+Yang Tse (16 Mar 2013)
+- tests: 96, 558, 1330: strip build subdirectory dependent leading path
+
+Steve Holme (15 Mar 2013)
+- TODO: Added section 10.2 Initial response to POP3 to do list
+
+- imap-tests: Corrected copy/paste error in test808 reply data
+
+Yang Tse (15 Mar 2013)
+- unit1330.c: fix date
+
+- tests: add #96 #558 and #1330
+  
+  These verfy that the 'memory tracking' subsystem is actually doing its
+  job when using curl tool (#96), a test in libtest (#558) and also a unit
+  test (#1330), in order to prevent regressions in this functionallity.
+
+Steve Holme (15 Mar 2013)
+- imap-tests: Added test808 for custom EXAMINE command
+
+Daniel Stenberg (15 Mar 2013)
+- HTTP proxy: insert slash in URL if missing
+  
+  curl has been accepting URLs using slightly wrong syntax for a long
+  time, such as when completely missing as slash "http://example.org" or
+  missing a slash when a query part is given
+  "http://example.org?q=foobar".
+  
+  curl would translate these into a legitimate HTTP request to servers,
+  although as was shown in bug #1206 it was not adjusted properly in the
+  cases where a HTTP proxy was used.
+  
+  Test 1213 and 1214 were added to the test suite to verify this fix.
+  
+  The test HTTP server was adjusted to allow us to specify test number in
+  the host name only without using any slashes in a given URL.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1206
+  Reported by: ScottJi
+
+Steve Holme (14 Mar 2013)
+- ftpserver.pl: Added EXAMINE_imap() for IMAP EXAMINE commands
+  
+  Used hard coded data from RFC-3501 section 6.3.2.
+
+Yang Tse (14 Mar 2013)
+- curl_memory.h: introduce CURLX_NO_MEMORY_CALLBACKS usage possibility
+  
+  This commit alone does not fix anything nor modifies existing
+  interfaces or behaviors, although it is a prerequisite for other
+  fixes.
+
+- Makefile.vc6: add missing files
+
+Linus Nielsen Feltzing (14 Mar 2013)
+- pipelining: Remove dead code.
+
+- Multiple pipelines and limiting the number of connections.
+  
+  Introducing a number of options to the multi interface that
+  allows for multiple pipelines to the same host, in order to
+  optimize the balance between the penalty for opening new
+  connections and the potential pipelining latency.
+  
+  Two new options for limiting the number of connections:
+  
+  CURLMOPT_MAX_HOST_CONNECTIONS - Limits the number of running connections
+  to the same host. When adding a handle that exceeds this limit,
+  that handle will be put in a pending state until another handle is
+  finished, so we can reuse the connection.
+  
+  CURLMOPT_MAX_TOTAL_CONNECTIONS - Limits the number of connections in total.
+  When adding a handle that exceeds this limit,
+  that handle will be put in a pending state until another handle is
+  finished. The free connection will then be reused, if possible, or
+  closed if the pending handle can't reuse it.
+  
+  Several new options for pipelining:
+  
+  CURLMOPT_MAX_PIPELINE_LENGTH - Limits the pipeling length. If a
+  pipeline is "full" when a connection is to be reused, a new connection
+  will be opened if the CURLMOPT_MAX_xxx_CONNECTIONS limits allow it.
+  If not, the handle will be put in a pending state until a connection is
+  ready (either free or a pipe got shorter).
+  
+  CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE - A pipelined connection will not
+  be reused if it is currently processing a transfer with a content
+  length that is larger than this.
+  
+  CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE - A pipelined connection will not
+  be reused if it is currently processing a chunk larger than this.
+  
+  CURLMOPT_PIPELINING_SITE_BL - A blacklist of hosts that don't allow
+  pipelining.
+  
+  CURLMOPT_PIPELINING_SERVER_BL - A blacklist of server types that don't allow
+  pipelining.
+  
+  See the curl_multi_setopt() man page for details.
+
+Yang Tse (13 Mar 2013)
+- tool_main.c: remove redundant vms_show storage-class specifier
+  
+  vms_show 'extern' storage-class specifier removed from tool_main.c due to...
+  
+  - Advice from Tor Arntsen: http://curl.haxx.se/mail/lib-2013-03/0164.html
+  
+  - HP OpenVMS docs stating that 'Extern is the default storage class for
+    variables declared outside a function.'
+    http://h71000.www7.hp.com/commercial/c/docs/dec_c_help_5.html
+    (Storage_Classes section)
+
+- test509: libcurl initialization with memory callbacks and actual usage
+
+Steve Holme (13 Mar 2013)
+- pop3: Removed unnecessary transfer cancellation
+  
+  Following commit e450f66a02d8 and the changes in the multi interface
+  being used internally, from 7.29.0, the transfer cancellation in
+  pop3_dophase_done() is no longer required.
+
+Yang Tse (13 Mar 2013)
+- Makefile.am: add VMS files not being included in tarball
+
+- [Tom Grace brought this change]
+
+  build_vms.com: VMS build fixes
+  
+  Added missing slash in cc_full_list.
+  Removed unwanted extra quotes inside symbol tool_main
+  for non-VAX architectures that triggered link failure.
+  Replaced curl_sys_inc with sys_inc.
+
+- [Tom Grace brought this change]
+
+  tool_main.c: fix VMS global variable storage-class specifier
+  
+  An extern submits a psect and a global reference to the linker to point
+  to it. Using "extern int vms_show = 0" also creates a globaldef.
+  
+  The use of the extern by itself does declare a psect but does not declare
+  a globalsymbol. It does declare a globalref. But the linker needs one and
+  only one globaldef or there is an error.
+
+Patrick Monnerat (12 Mar 2013)
+- OS400: synchronize RPG binding
+
+Steve Holme (12 Mar 2013)
+- pop3: Fixed continuous wait when using --ftp-list
+  
+  Don't initiate a transfer when using --ftp-list.
+
+Kamil Dudka (12 Mar 2013)
+- [Zdenek Pavlas brought this change]
+
+  curl_global_init: accept the CURL_GLOBAL_ACK_EINTR flag
+  
+  The flag can be used in pycurl-based applications where using the multi
+  interface would not be acceptable because of the performance lost caused
+  by implementing the select() loop in python.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1168
+  Downstream Bug: https://bugzilla.redhat.com/919127
+
+- easy: do not ignore poll() failures other than EINTR
+
+Yang Tse (12 Mar 2013)
+- curl.h: stricter CURL_EXTERN linkage decorations logic
+  
+  No API change involved.
+  
+  Info: http://curl.haxx.se/mail/lib-2013-02/0234.html
+
+Daniel Stenberg (11 Mar 2013)
+- THANKS: Latin-1'ified Jiri's name
+
+Steve Holme (11 Mar 2013)
+- test806: Added CRLF to reply data to be compliant with RFC-822
+
+Daniel Stenberg (11 Mar 2013)
+- test805: added crlf newlines to make data size match
+  
+  since mails sent are supposed to have CRLF line endings I added them and
+  now the data size after (\Seen) matches again properly
+
+- test: fix newline for the data check of 807
+
+Yang Tse (11 Mar 2013)
+- test801 to test807: fix protocol section line endings
+
+Steve Holme (10 Mar 2013)
+- Makefile.am: Corrected a couple of spurious tab characters
+  
+  Corrected a couple of tab characters between test702 and test703, and
+  between test900 and test901 which should be spaces.
+
+- [Jiri Hruska brought this change]
+
+  imap: Added test807 for custom request functionality (STORE)
+
+- [Jiri Hruska brought this change]
+
+  imap: Added test806 for IMAP (folder) LIST command
+
+- [Jiri Hruska brought this change]
+
+  imap: Added test805 for APPEND functionality
+
+- [Jiri Hruska brought this change]
+
+  imap: Added test804 for skipping SELECT if in the same mailbox
+
+- [Jiri Hruska brought this change]
+
+  imap: Added test802 and test803 for UIDVALIDITY verification
+  
+  Added one test for a request with matching UIDVALIDITY and one which is
+  a mismatched request that will fail.
+
+- [Jiri Hruska brought this change]
+
+  imap: Added test801 for UID and SECTION URL parameters
+
+- [Jiri Hruska brought this change]
+
+  imap-tests: Accept quoted parameters in ftpserver.pl
+  
+  Any IMAP parameter can come in escaped and in double quotes. Added a
+  simple function to unquote the command parameters and applied it to
+  the IMAP command handlers.
+
+- [Jiri Hruska brought this change]
+
+  tests: Fix ftpserver.pl indentation
+  
+  The whole of FETCH_imap() had one extra space of indentation, whilst
+  APPEND_imap() used indentation of 2 instead of 4 in places.
+
+- Makefile.am: Corrected end of line filler character
+  
+  The majority of lines, that specify a test file for inclusion, end with
+  a tab character before the slash whilst some end with a space. Corrected
+  those that end with a space to end with a tab character as well.
+
+- email-tests: Updated the test data that corresponds to the test number
+  
+  Finished segregating the email protocol tests, into their own protocol
+  based ranges, in preparation of adding more e-mail related tests to the
+  test suite.
+
+- email-tests: Renamed the IMAP test to be 800
+  
+  Continued segregating the email protocol tests, into their own protocol
+  based ranges, in preparation of adding more e-mail related tests to the
+  test suite.
+
+- email-tests: Renamed the SMTP tests to be in the range 900-906
+  
+  Continued segregating the email protocol tests, into their own protocol
+  based ranges, in preparation of adding more e-mail related tests to the
+  test suite.
+
+- email-tests: Renamed the POP3 tests to be in the range 850-857
+  
+  Started segregating the email protocol tests, into their own protocol
+  based ranges, in preparation of adding more e-mail related tests to the
+  test suite.
+
+Daniel Stenberg (10 Mar 2013)
+- hiperfifo: updated to use current libevent API
+  
+  Patch by: Myk Taylor
+
+Steve Holme (10 Mar 2013)
+- imap: Reworked some function descriptions
+
+- imap: Added some missing comments to imap_sendf()
+
+- email: Removed hard returns from init functions
+
+Daniel Stenberg (9 Mar 2013)
+- curl_multi_wait: avoid second loop if nothing to do
+  
+  ... hopefully this will also make clang-analyzer stop warning on
+  potentional NULL dereferences (which were false positives anyway).
+
+- multi_runsingle: avoid NULL dereference
+  
+  When Curl_do() returns failure, the connection pointer could be NULL so
+  the code path following needs to that that into account.
+  
+  Bug: http://curl.haxx.se/mail/lib-2013-03/0062.html
+  Reported by: Eric Hu
+
+Steve Holme (9 Mar 2013)
+- imap: Re-factored all perform based functions
+  
+  Standardised the naming of all perform based functions to be in the form
+  imap_perform_something().
+
+Daniel Stenberg (9 Mar 2013)
+- [Cédric Deltheil brought this change]
+
+  examples/getinmemory.c: abort the transfer if not enough memory
+  
+  No more use exit(3) but instead tell libcurl that no byte has been
+  written to let it return a `CURLE_WRITE_ERROR`. In addition, check
+  curl easy handle return code.
+
+- RELEASE-NOTES: synced with ca3c0ed3a9c
+  
+  8 more bugfixes, one change and a bunch of contributors
+
+Yang Tse (9 Mar 2013)
+- Makefile.am: empty AM_LDFLAGS definition for automake 1.7 compatibility
+
+Steve Holme (9 Mar 2013)
+- imap: Added description comments to all perform based functions
+
+- imap: Removed the need for separate custom request functions
+  
+  Moved the custom request processing into the LIST command as the logic
+  is the same.
+
+- imap: Corrected typo in comment
+
+Yang Tse (9 Mar 2013)
+- Makefile.am: empty AM_LDFLAGS definition for automake 1.7 compatibility
+
+Steve Holme (9 Mar 2013)
+- imap: Moved imap_logout() to be grouped with the other perform functions
+
+- email: Updated the function descriptions for the logout / quit functions
+  
+  Updated the function description comments following commit 4838d196fdbf.
+
+- email: Simplified the logout / quit functions
+  
+  Moved the blocking state machine to the disconnect functions so that the
+  logout / quit functions are only responsible for sending the actual
+  command needed to logout or quit.
+  
+  Additionally removed the hard return on failure.
+
+- email: Tidied up the *_regular_transfer() functions
+  
+  Added comments and simplified convoluted dophase_done comparison.
+
+- email: Simplified nesting of if statements in *_doing() functions
+
+Daniel Stenberg (8 Mar 2013)
+- RELEASE-NOTES: mention that krb4 is up for consideration
+
+Steve Holme (8 Mar 2013)
+- imap: Fixed handling of untagged responses for the STORE custom command
+  
+  Added an exception, for the STORE command, to the untagged response
+  processor in imap_endofresp() as servers will back respones containing
+  the FETCH keyword instead.
+
+Yang Tse (8 Mar 2013)
+- curlbuild.h.dist: enhance non-configure GCC ABI detection logic
+  
+  GCC specific adjustments:
+  
+  - check __ILP32__ before 32 and 64bit processor architectures in
+    order to detect ILP32 programming model on 64 bit processors
+    which, of course, also support LP64 programming model, when using
+    gcc 4.7 or newer.
+  
+  - keep 32bit processor architecture checks in order to support gcc
+    versions older than 4.7 which don't define __ILP32__
+  
+  - check __LP64__ for gcc 3.3 and newer, while keeping 64bit processor
+    architecture checks for older versions which don't define __LP64__
+
+- curlbuild.h.dist: fix GCC build on ARM systems without configure script
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1205
+  Reported by: technion
+
+- [Gisle Vanem brought this change]
+
+  polarssl.c: fix header filename typo
+
+- configure: use XC_LIBTOOL for portability across libtool versions
+
+- xc-lt-iface.m4: provide XC_LIBTOOL macro
+
+Steve Holme (7 Mar 2013)
+- imap: Fixed SELECT not being performed for custom requests
+
+- email: Minor code tidy up following recent changes
+  
+  Removed unwanted braces and added variable initialisation.
+
+- DOCS: Corrected the IMAP URL grammar of the UIDVALIDITY parameter
+
+- FEATURES: Provided a little clarity in some IMAP features
+
+- email: Optimised block_statemach() functions
+  
+  Optimised the result test in each of the block_statemach() functions.
+
+- DOCS: Added the list command to the IMAP URL section
+  
+  Added examples of the list command and clarified existing example URLs
+  following recent changes.
+
+- FEATURES: Updated for recent imap additions
+  
+  Updated the imap features list, corrected a typo in the smtp features
+  and clarified a pop3 feature.
+
+Daniel Stenberg (7 Mar 2013)
+- version bump: the next release will be 7.30.0
+
+- checksrc: ban unsafe functions
+  
+  The list of unsafe functions currently consists of sprintf, vsprintf,
+  strcat, strncat and gets.
+  
+  Subsequently, some existing code needed updating to avoid warnings on
+  this.
+
+Steve Holme (7 Mar 2013)
+- RELEASE-NOTES: Added missing imap fixes and additions
+  
+  With all the recent imap changes it wasn't clear what new features and
+  fixes should be included in the release notes.
+
+Nick Zitzmann (6 Mar 2013)
+- RELEASE-NOTES: brought this up-to-date with the latest changes
+
+Steve Holme (6 Mar 2013)
+- [Jiri Hruska brought this change]
+
+  imap: Fixed test801 and test1321 to specify a message UID
+  
+  Just a folder list would be retrieved if UID was not specified now.
+
+- [Jiri Hruska brought this change]
+
+  imap: Fixed ftpserver.pl to allow verification even through LIST command
+  
+  Commit 198012ee inadvertently broke LIST_imap().
+
+- imap: Tidied up the APPEND and final APPEND response functions
+  
+  Removed unnecessary state changes on failure and setting of result codes
+  on success.
+
+- imap: Tidied up the final FETCH response function
+  
+  Removed unnecessary state change on failure and setting of result code on
+  success.
+
+- imap: Tidied up the LIST response function
+  
+  Reworked comments as they referenced custom commands, removed
+  unnecessary state change on failure and setting of result code on
+  success.
+
+- imap: Removed the custom request response function
+  
+  Removed imap_state_custom_resp() as imap_state_list_resp() provides the
+  same functionality.
+
+- [Jiri Hruska brought this change]
+
+  imap: Updated ftpserver.pl to be more compliant, added new commands
+  
+  Enriched IMAP capabilities of ftpserver.pl in order to be able to
+  add tests for the new IMAP features.
+  
+  * Added support for APPEND - Saves uploaded data to log/upload.$testno
+  * Added support for LIST - Returns the contents of <reply/> section in
+    the current test, like e.g FETCH.
+  * Added support for STORE - Returns hardcoded updated flags
+  * Changed handling of SELECT - Returns much more information in the
+    usual set of untagged responses; uses hardcoded data from an example
+    in the IMAP RFC
+  * Changed handling of FETCH - Fixed response format
+
+- imap: Added check for empty UID in FETCH command
+  
+  As the UID has to be specified by the user for the FETCH command to work
+  correctly, added a check to imap_fetch(), although strictly speaking it
+  is protected by the call from imap_perform().
+
+Kamil Dudka (6 Mar 2013)
+- nss: fix misplaced code enabling non-blocking socket mode
+  
+  The option needs to be set on the SSL socket.  Setting it on the model
+  takes no effect.  Note that the non-blocking mode is still not enabled
+  for the handshake because the code is not yet ready for that.
+
+Daniel Stenberg (6 Mar 2013)
+- imap: fix compiler warning
+  
+  imap.c:694:21: error: unused variable 'imapc' [-Werror=unused-variable]
+
+Steve Holme (5 Mar 2013)
+- imap: Added support for list command
+
+- imap: Added list perform and response handler functions
+
+- imap: Introduced IMAP_LIST state
+
+- imap: Small tidy up of imap_select() to match imap_append()
+  
+  Updated the style of imap_select() before adding the LIST command.
+
+- imap: Moved mailbox check from the imap_do() function
+  
+  In preparation for the addition of the LIST command, moved the mailbox
+  check from imap_do() to imap_select() and imap_append().
+
+- curl_setup.h: Added S_IRDIR() macro for compilers that don't support it
+  
+  Commit 26eaa8383001 introduces the use of S_ISDIR() yet some compilers,
+  such as MSVC don't support it, so we must define a substitute using
+  file flags and mask.
+
+Daniel Stenberg (4 Mar 2013)
+- AddFormData: prevent only directories from being posted
+  
+  Commit f4cc54cb4746ae5a6d (shipped as part of the 7.29.0 release) was a
+  bug fix that introduced a regression in that while trying to avoid
+  allowing directory names, it also forbade "special" files like character
+  devices and more. like "/dev/null" as was used by Oliver who reported
+  this regression.
+  
+  Reported by: Oliver Gondža
+  Bug: http://curl.haxx.se/mail/archive-2013-02/0040.html
+
+Nick Zitzmann (3 Mar 2013)
+- darwinssl: fix infinite loop if server disconnected abruptly
+  
+  If the server hung up the connection without sending a closure alert,
+  then we'd keep probing the socket for data even though it's dead. Now
+  we're ready for this situation.
+  
+  Bug: http://curl.haxx.se/mail/lib-2013-03/0014.html
+  Reported by: Aki Koskinen
+
+Steve Holme (3 Mar 2013)
+- imap: Added comments to imap_append()
+
+- [Jiri Hruska brought this change]
+
+  imap: Added required mailbox check for FETCH and APPEND commands
+
+- pingpong.c: Fix enumerated type mixed with another type
+
+- smtp: Updated the coding style for state changes after a send operation
+  
+  Some state changes would be performed after a failure test that
+  performed a hard return, whilst others would be performed within a test
+  for success. Updated the code, for consistency, so all instances are
+  performed within a success test.
+
+- pop3: Updated the coding style for state changes after a send operation
+  
+  Some state changes would be performed after a failure test that
+  performed a hard return, whilst others would be performed within a test
+  for success. Updated the code, for consistency, so all instances are
+  performed within a success test.
+
+- imap: Fixed typo in variable assignment
+
+- [Jiri Hruska brought this change]
+
+  imap: Fixed custom request handling in imap_done()
+  
+  Fixed imap_done() so that neither the FINAL states are not entered when
+  a custom command has been performed.
+
+- [Jiri Hruska brought this change]
+
+  imap: Enabled custom requests in imap_select_resp()
+  
+  Changed imap_select_resp() to invoke imap_custom() instead of
+  imap_fetch() after the mailbox has been selected if a custom
+  command has been set.
+
+- [Jiri Hruska brought this change]
+
+  imap: Enabled custom requests in imap_perform()
+  
+  Modified imap_perform() to start with the custom command instead of
+  SELECT when a custom command is to be performed and no mailbox has
+  been given.
+
+- [Jiri Hruska brought this change]
+
+  imap: Added custom request perform and response handler functions
+  
+  Added imap_custom(), which initiates the custom command processing,
+  and an associated response handler imap_state_custom_resp(), which
+  handles any responses by sending them to the client as body data.
+  
+  All untagged responses with the same name as the first word of the
+  custom request string are accepted, with the exception of SELECT and
+  EXAMINE which have responses that cannot be easily identified. An
+  extra check has been provided for them so that any untagged responses
+  are accepted for them.
+
+- pop3: Fixed unnecessary parent structure reference
+  
+  Updated pop3 code following recent imap changes.
+
+- [Jiri Hruska brought this change]
+
+  imap: Added custom request parsing
+  
+  Added imap_parse_custom_request() for parsing the CURLOPT_CUSTOMREQUEST
+  parameter which URL decodes the value and separates the request from
+  any parameters - This makes it easier to filter untagged responses
+  by the request command.
+
+- [Jiri Hruska brought this change]
+
+  imap: Introduced custom request parameters
+  
+  Added custom request parameters to the per-request structure.
+
+- [Jiri Hruska brought this change]
+
+  imap: Introduced IMAP_CUSTOM state
+
+- imap: Minor code tidy up
+  
+  Minor tidy up of code layout and comments following recent changes.
+
+- imap: Simplified the imap_state_append_resp() function
+  
+  Introduced the result code variable to simplify the state changes and
+  remove the hard returns.
+
+- imap: Changed successful response logic in imap_state_append_resp()
+  
+  For consistency changed the logic of the imap_state_append_resp()
+  function to test for an unsucessful continuation response rather than a
+  succesful one.
+
+- imap: Standardised imapcode condition tests
+  
+  For consistency changed two if(constant != imapcode) tests to be
+  if(imapcode != constant).
+
+- imap: Moved imap_append() to be with the other perform functions
+
+- [Jiri Hruska brought this change]
+
+  imap: Enabled APPEND support in imap_perform()
+  
+  Added logic in imap_perform() to perform an APPEND rather than SELECT
+  and FETCH if an upload has been specified.
+
+- [Jiri Hruska brought this change]
+
+  imap: Implemented APPEND final processing
+  
+  The APPEND operation needs to be performed in several steps:
+    1) We send "<tag> APPEND <mailbox> <flags> {<size>}\r\n"
+    2) Server responds with continuation respose "+ ...\r\n"
+    3) We start the transfer and send <size> bytes of data
+    4) Only now we end the request command line by sending "\r\n"
+    5) Server responds with "<tag> OK ...\r\n"
+  
+  This commit performs steps 4 and 5, in the DONE phase, as more
+  processing is required after the transfer.
+
+- [Jiri Hruska brought this change]
+
+  imap: Added APPEND perform and response handler functions
+  
+  Added imap_append() function to initiate upload and imap_append_resp()
+  to handle the continuation response and start the transfer.
+
+- [Jiri Hruska brought this change]
+
+  imap: Introduced IMAP_APPEND and IMAP_APPEND_FINAL states
+
+- [Jiri Hruska brought this change]
+
+  imap: Updated setting of transfer variables in imap_state_fetch_resp()
+  
+  Add number of bytes retrieved from the PP cache to req.bytecount and set
+  req.maxdownload only when starting a proper download.
+
+- [Jiri Hruska brought this change]
+
+  imap: Improved FETCH response parsing
+  
+  Added safer parsing of the untagged FETCH response line and the size of
+  continuation data.
+
+- imap: Fixed accidentally lossing the result code
+  
+  Accidentally lost the result code in imap_state_capability() and
+  imap_state_login() with commit b06a78622609.
+
+- imap: Another minor comment addition / tidy up
+
+- imap: Updated the coding style for state changes after a send operation
+  
+  Some state changes would be performed after a failure test that
+  performed a hard return, whilst others would be performed within a test
+  for success. Updated the code, for consistency, so all instances are
+  performed within a success test.
+
+- pop3 / smtp: Small comment tidy up
+  
+  Small tidy up to keep some comments consistant across each of the email
+  protocols.
+
+- [Jiri Hruska brought this change]
+
+  imap: FETCH response handler cleanup before further changes
+  
+  Removed superfluous NULL assignment after Curl_safefree() and rewrote
+  some comments and logging messages.
+
+- pop3: Small tidy up of function arguments
+
+- imap: Small tidy up of function arguments
+
+- smtp: Corrected debug message for POP3_AUTH_FINAL constant
+  
+  Following commit ad3177da24b8 corrected the debug message in state()
+  from AUTH to AUTH_FINAL.
+
+- pop3: Corrected debug message for POP3_AUTH_FINAL constant
+  
+  Following commit afad1ce753a1 corrected the debug message in state()
+  from AUTH to AUTH_FINAL.
+
+- imap: Corrected debug message for IMAP_AUTHENTICATE_FINAL constant
+  
+  Following commit 13006f3de9ec corrected the debug message in state()
+  from AUTHENTICATE to AUTHENTICATE_FINAL.
+
+- [Jiri Hruska brought this change]
+
+  imap: Fixed error code returned for invalid FETCH response
+  
+  If the FETCH command does not result in an untagged response the the
+  UID is probably invalid. As such do not return CURLE_OK.
+
+- [Jiri Hruska brought this change]
+
+  imap: Added processing of the final FETCH responses
+  
+  Not processing the final FETCH responses was not optimal, not only
+  because the response code would be ignored but it would also leave data
+  unread on the socket which would prohibit connection reuse.
+
+- [Jiri Hruska brought this change]
+
+  imap: Introduced FETCH_FINAL state for processing final fetch responses
+  
+  A typical FETCH response can be broken down into four parts:
+  
+    1) "* <uid> FETCH (<what> {<size>}\r\n", using continuation syntax
+    2) <size> bytes of the actual message
+    3) ")\r\n", finishing the untagged response
+    4) "<tag> OK ...", finishing the command
+  
+  Part 1 is read in imap_fetch_resp(), part 2 is consumed in the PERFORM
+  phase by the transfer subsystem, parts 3 and 4 are currently ignored.
+
+- imap: fix autobuild warning
+  
+  Removed whitespace from imap_perform()
+
+- imap: fix compiler warning
+  
+  error: declaration of 'imap' shadows a previous local
+
+- smtp: Re-factored the final SMTP_AUTH constant
+  
+  Changed the final SMTP_AUTH constant to SMTP_AUTH_FINAL for consistency
+  with the response function.
+
+- pop3: Re-factored the final POP3_AUTH constant
+  
+  Changed the final POP3_AUTH constant to POP3_AUTH_FINAL for consistency
+  with the response function.
+
+- imap: Re-factored final IMAP_AUTHENTICATE constant
+  
+  Changed the final IMAP_AUTHENTICATE constant to IMAP_AUTHENTICATE_FINAL
+  for consistency with the response function.
+
+- imap: Updated the coding style of imap_state_servergreet_resp()
+  
+  Updated the coding style, in this function, to be consistant with other
+  response functions rather then performing a hard return on failure.
+
+- imap: Reversed the logic of the (un)successful tagged SELECT response
+  
+  Reversed the logic of the unsuccessful vs successful tagged SELECT
+  response in imap_state_select_resp() to be more logical to read.
+
+- imap: Reversed the logic of the (un)successful tagged CAPABILITY response
+  
+  Reversed the logic of the unsuccessful vs successful tagged CAPABILITY
+  response in imap_state_capability_resp() to be more logical to read.
+
+- imap: Corrected char* references with char *
+  
+  Corrected char* references made in commit: 709b3506cd9b.
+
+- [Jiri Hruska brought this change]
+
+  imap: Added processing of more than one response when sent in same packet
+  
+  Added a loop to imap_statemach_act() in which Curl_pp_readresp() is
+  called until the cache is drained. Without this multiple responses
+  received in a single packet could result in a hang or delay.
+
+- [Jiri Hruska brought this change]
+
+  imap: Added skipping of SELECT command if already in the same mailbox
+  
+  Added storage and checking of the last mailbox userd to prevent
+  unnecessary switching.
+
+- [Jiri Hruska brought this change]
+
+  imap: Introduced the mailbox variable
+  
+  Added the mailbox variable to the per-connection structure in
+  preparation for checking for an already selected mailbox.
+
+- email: Slight reordering of connection based variables
+  
+  Reordered the state and ssl_done variables in order to provide more
+  consistency between the email protocols as well as for for an upcoming
+  change.
+
+- imap: Tidied up comments for connection based variables
+
+- DOCS: Added the IMAP UIDVALIDITY property to the CURLOPT_URL section
+
+- [Jiri Hruska brought this change]
+
+  imap: Added verification of UIDVALIDITY mailbox attribute
+  
+  Added support for checking the UIDVALIDITY, and aborting the request, if
+  it has been specified in the URL and the server response is different.
+
+- [Jiri Hruska brought this change]
+
+  imap: Added support for parsing the UIDVALIDITY property
+  
+  Added support for parsing the UIDVALIDITY property from the SELECT
+  response and storing it in the per-connection structure.
+
+- [Jiri Hruska brought this change]
+
+  imap: Introduced the mailbox_uidvalidity variable
+  
+  Added the mailbox_uidvalidity variable to the per-connection structure
+  in preparation for checking the UIDVALIDITY mailbox attribute.
+
+- imap: Corrected comment in imap_endofresp()
+
+- imap: Corrected whitespace
+
+- [Jiri Hruska brought this change]
+
+  imap: Added filtering of CAPABILITY and FETCH untagged responses
+  
+  Only responses that contain "CAPABILITY" and "FETCH", respectively,
+  will be sent to their response handler.
+
+- [Jiri Hruska brought this change]
+
+  imap: Added a helper function for upcoming untagged response filtering
+  
+  RFC 3501 states that "the client MUST be prepared to accept any response
+  at all times" yet we assume anything received with "* " at the beginning
+  is the untagged response we want.
+  
+  Introduced a helper function that checks whether the input looks like a
+  response to specified command, so that we may filter the ones we are
+  interested in according to the current state.
+
+- [Jiri Hruska brought this change]
+
+  imap: Moved CAPABILITY response handling to imap_state_capability_resp()
+  
+  Introduced similar handling to the FETCH responses, where even the
+  untagged data responses are handled by the response handler of the
+  individual state.
+
+Linus Nielsen Feltzing (26 Feb 2013)
+- Remove unused variable in smtp_state_data_resp()
+
+Steve Holme (25 Feb 2013)
+- email: Small tidy up following recent changes
+
+- smtp: Removed bytecountp from the per-request structure
+  
+  Removed this pointer to a downloaded bytes counter because it was set in
+  smtp_init() to point to the same variable the transfer functions keep
+  the count in (k->bytecount), effectively making the code in transfer.c
+  "*k->bytecountp = k->bytecount" a no-op.
+
+- pop3: Removed bytecountp from the per-request structure
+  
+  Removed this pointer to a downloaded bytes counter because it was set in
+  pop3_init() to point to the same variable the transfer functions keep
+  the count in (k->bytecount), effectively making the code in transfer.c
+  "*k->bytecountp = k->bytecount" a no-op.
+
+- [Jiri Hruska brought this change]
+
+  imap: Removed bytecountp from the per-request structure
+  
+  Removed this pointer to a downloaded bytes counter because it was set in
+  imap_init() to point to the same variable the transfer functions keep
+  the count in (k->bytecount), effectively making the code in transfer.c
+  "*k->bytecountp = k->bytecount" a no-op.
+
+- [Jiri Hruska brought this change]
+
+  imap: Adjusted SELECT and FETCH function order
+  
+  Moved imap_select() and imap_fetch() to be grouped with the other
+  perform functions.
+
+- [Jiri Hruska brought this change]
+
+  imap: Adjusted SELECT and FETCH state order in imap_statemach_act()
+  
+  Exchanged the position of these states in the switch statements to
+  match the state enum, execution and function order.
+
+- imap: Minor tidy up of comments in imap_parse_url_path()
+  
+  Tidy up of comments before next round of imap changes.
+
+- imap: Fixed incorrect comparison for STARTTLS in imap_endofresp()
+  
+  Corrected the comparison type in addition to commit 1dac29fa83a9.
+
+- DOCS: Corrected IMAP URL examples according to RFC5092
+  
+  URL examples that included the UID weren't technically correct although
+  would pass the curl parser.
+
+Nick Zitzmann (24 Feb 2013)
+- darwinssl: fix undefined $ssllib warning in runtests.pl
+  
+  I also added --with-darwinssl to the list of SSL options in configure.
+
+Steve Holme (24 Feb 2013)
+- imap: Added check for new internal imap response code
+
+- imap: Changed the order of the response types in imap_endofresp()
+  
+  From a maintenance point of view the code reads better to view tagged
+  responses, then untagged followed by continuation responses.
+  
+  Additionally, this matches the order of responses in POP3.
+
+- [Jiri Hruska brought this change]
+
+  imap: Added stricter parsing of continuation responses
+  
+  Enhanced the parsing to only allow continuation responses in some
+  states.
+
+- imap: Simplified memcmp() in tagged response parsing
+
+- [Jiri Hruska brought this change]
+
+  imap: Reworked the logic of untagged command responses
+
+- imap: Corrected spacing of trailing brace
+
+- [Jiri Hruska brought this change]
+
+  imap: Added stricter parsing of tagged command responses
+  
+  Enhanced the parsing of tagged responses which must start with "OK",
+  "NO" or "BAD"
+
+- [Jiri Hruska brought this change]
+
+  imap: Simplified command response test in imap_endofresp()
+
+- [Jiri Hruska brought this change]
+
+  imap: Corrected comment in imap_endofresp()
+
+- DOCS: Corrected layout of POP3 and IMAP URL examples
+  
+  Corrected layout issues with the POP3 and IMAP URL examples introduced
+  in commit cb3ae6894fb2.
+
+- DOCS: Updated CURLOPT_URL section following recent POP3 and IMAP changes
+  
+  Updated the POP3 sub-section to refer to message ID rather than mailbox.
+  
+  Added an IMAP sub-section with example URLs depicting the specification
+  of mailbox, uid and section.
+
+- pop3: Refactored the mailbox variable as it didn't reflect it's purpose
+  
+  Updated the mailbox variable to correctly reflect it's purpose. The
+  name mailbox was a leftover from when IMAP and POP3 support was
+  initially added to curl.
+
+- FEATURES: Updated following recent IMAP changes
+
+- [Jiri Hruska brought this change]
+
+  imap: Added the ability to FETCH a specific UID and SECTION
+  
+  Updated the FETCH command to send the UID and SECTION parsed from the
+  URL. By default the BODY specifier doesn't include a section, BODY[] is
+  now sent whereas BODY[TEXT] was previously sent. In my opinion
+  retrieving just the message text is rarely useful when dealing with
+  emails, as the headers are required for example, so that functionality
+  is not retained. In can however be simulated by adding SECTION=TEXT to
+  the URL.
+  
+  Also updated test801 and test1321 due to the BODY change.
+
+- email: Additional tidy up of comments following recent changes
+
+- smtp: Removed some FTP heritage leftovers
+  
+  Removed user and passwd from the SMTP struct as these cannot be set on
+  a per-request basis and are leftover from legacy FTP code.
+  
+  Changed some comments still using FTP terminology.
+
+- smtp: Moved the per-request variables to the per-request data structure
+  
+  Moved the rcpt variable from the per-connection struct smtp_conn to the
+  new per-request struct and fixed references accordingly.
+
+- pop3: Introduced a custom SMTP structure for per-request data
+  
+  Created a new SMTP structure and changed the type of the smtp proto
+  variable in connectdata from FTP* to SMTP*.
+
+unknown (23 Feb 2013)
+- [Steve Holme brought this change]
+
+  imap: Minor correction of comments for max line length
+
+Daniel Stenberg (23 Feb 2013)
+- strcasestr: remove check for this unused function
+
+- pop3: fix compiler warning
+  
+  error: declaration of 'pop3' shadows a previous local
+
+Steve Holme (23 Feb 2013)
+- [Jiri Hruska brought this change]
+
+  imap: Added URL parsing of new variables
+  
+  Updated the imap_parse_url_path() function to parse uidvalidity, uid and
+  section parameters based on RFC-5092.
+
+- [Jiri Hruska brought this change]
+
+  imap: Introduced imap_is_bchar() function
+  
+  Added imap_is_bchar() for testing if a given character is a valid bchar
+  or not.
+
+- [Jiri Hruska brought this change]
+
+  imap: Introduced new per-request veriables
+  
+  Added uidvalidity, uid and section variables to the per-request IMAP
+  structure in preparation for upcoming URL parsing.
+
+- pingpong: Renamed curl_ftptransfer to curl_pp_transfer
+
+- pop3: Removed some FTP heritage leftovers
+  
+  Removed user and passwd from the POP3 struct as these cannot be set on
+  a per-request basis and are leftover from legacy FTP code.
+  
+  Changed some comments still using FTP terminology.
+
+- pop3: Moved the per-request variables to the per-request data structure
+  
+  Moved the mailbox and custom request variables from the per-connection
+  struct pop3_conn to the new per-request struct and fixed references
+  accordingly.
+
+- pop3: Introduced a custom POP3 structure for per-request data
+  
+  Created a new POP3 structure and changed the type of the pop3 proto
+  variable in connectdata from FTP* to POP*.
+
+- [Jiri Hruska brought this change]
+
+  imap: Fixed escaping of mailbox names
+  
+  Used imap_atom() to escape mailbox names in imap_select().
+
+- pingpong: Moved curl_ftptransfer definition to pingpong.h
+  
+  Moved the ftp transfer structure into pingpong.h so other protocols that
+  require it don't have to include ftp.h.
+
+- urldata.h: Fixed comment for opt_no_body variable
+  
+  Corrected comment for opt_no_body variable to CURLOPT_NOBODY.
+
+- email: Minor tidy up following IMAP changes
+
+- [Jiri Hruska brought this change]
+
+  imap: Removed more FTP leftovers
+  
+  Changed some variables and comments still using FTP terminology.
+
+- [Jiri Hruska brought this change]
+
+  imap: Removed some FTP heritage leftovers
+  
+  Removed user and passwd from the IMAP struct as these cannot be set on
+  a per-request basis and are leftover from legacy FTP code.
+
+- [Jiri Hruska brought this change]
+
+  imap: Introduced a custom IMAP structure for per-request data
+  
+  Created a new IMAP structure and changed the type of the imap proto
+  variable in connectdata from FTP* to the new IMAP*.
+  
+  Moved the mailbox variable from the per-connection struct imap_conn to
+  the new per-request struct and fixed references accordingly.
+
+- pop3: Updated do phrase clean-up comment
+  
+  Following commit 65644b833532 for the IMAP module updated the clean-up
+  comment in POP3.
+
+- imap: Fixed memory leak when performing multiple selects
+  
+  Moved the clean-up of the mailbox variable from imap_disconnect() to
+  imap_done() as this variable is allocated in the do phase, yet would
+  have only been freed only once if multiple selects where preformed
+  on a single connection.
+
+Daniel Stenberg (22 Feb 2013)
+- [Alexander Klauer brought this change]
+
+  Documentation: Typo in docs/CONTRIBUTE
+  
+  Fixes a typo get → git in docs/CONTRIBUTE.
+
+- [Alexander Klauer brought this change]
+
+  repository: ignore patch files generated by git
+  
+  Ignores the patch files generated by the 'git format-patch' command.
+
+- [Alexander Klauer brought this change]
+
+  libcurl documentation: clarifications and typos
+  
+  * Elaborates on default values of some curl_easy_setopt() options.
+  * Reminds the user to cast variadic arguments to curl_easy_setopt() to
+    'void *' where curl internally interprets them as such.
+  * Clarifies the working of the CURLOPT_SEEKFUNCTION option for
+    curl_easy_setopt().
+  * Fixes typo 'forth' → 'fourth'.
+  * Elaborates on CURL_SOCKET_TIMEOUT.
+  * Adds some missing periods.
+  * Notes that the return value of curl_version() must not be passed to
+    free().
+
+- [Alexander Klauer brought this change]
+
+  lib/url.c: Generic read/write data pointers
+  
+  Always interprets the pointer passed with the CURLOPT_WRITEDATA or
+  CURLOPT_READDATA options of curl_easy_setopt() as a void pointer in
+  order to avoid problems in environments where FILE and void pointers
+  have non-trivial conversion.
+
+- [Alexander Klauer brought this change]
+
+  libcurl documentation: updates HTML index
+  
+  * Adds several links to documentation of library functions which were
+    missing.
+  * Marks documentation of deprecated library functions "(deprecated)".
+  * Removes spurious .html suffixes.
+
+- ossl_seed: avoid recursive seeding!
+
+Steve Holme (22 Feb 2013)
+- [Jiri Hruska brought this change]
+
+  Fixed checking the socket if there is data waiting in the cache
+  
+  Use Curl_pp_moredata() in Curl_pp_multi_statemach() to check if there is
+  more data to be received, rather than the socket state, as a task could
+  hang waiting for more data from the socket itself.
+
+- imap.c: Fixed an incorrect variable reference
+  
+  Fixed an incorrect variable reference which was introduced in commit
+  a1701eea289f as a result of a copy and paste from SMTP/POP3.
+
+- [Jiri Hruska brought this change]
+
+  pingpong: Introduce Curl_pp_moredata()
+  
+  A simple function to test whether the PP is not sending and there are
+  still more data in its receiver cache. This will be later utilized to:
+  
+  1) Change Curl_pp_multi_statemach() and Curl_pp_easy_statemach() to
+     not test socket state and just call user's statemach_act() function
+     when there are more data to process, because otherwise the task would
+     just hang, waiting for more data from the socket.
+  
+  2) Allow PP users to read multiple responses by looping as long as there
+     are more data available and current phase is not finished.
+     (Currently needed for correct processing of IMAP SELECT responses.)
+
+Nick Zitzmann (19 Feb 2013)
+- FEATURES: why yes, we do support metalink
+  
+  I just noticed Metalink support wasn't listed as a feature of the tool.
+
+- metalink: fix improbable crash parsing metalink filename
+  
+  The this_url pointer wasn't being initialized, so if strdup() would return
+  null when copying the filename in a metalink file, then hilarity would
+  ensue during the cleanup phase. This change was brought to you by clang,
+  which noticed this and raised a warning.
+
+Yang Tse (19 Feb 2013)
+- smtp.c: fix enumerated type mixed with another type
+
+- polarssl threadlock cleanup
+
+Nick Zitzmann (18 Feb 2013)
+- docs: schannel and darwinssl documentation improvements
+  
+  Schannel and darwinssl use the certificates built into the
+  OS to do vert verification instead of bundles. darwinssl
+  is thread-safe. Corrected typos in the NSS docs.
+
+Daniel Stenberg (18 Feb 2013)
+- resolver_error: remove wrong error message output
+  
+  The attempt to use gai_strerror() or alternative function didn't work as
+  the 'sock_error' field didn't contain the proper error code. But since
+  this hasn't been reported and thus isn't really a big deal I decided to
+  just scrap the whole attempt to output the detailed resolver error and
+  instead remain with just stating that the resolving of the name failed.
+
+- [Kim Vandry brought this change]
+
+  Curl_resolver_is_resolved: show proper host name on failed resolve
+
+- Curl_resolver_is_resolved: fix compiler warning
+  
+  conversion to 'int' from 'long int' may alter its value
+
+- compiler warning fix
+  
+  follow-up to commit ed7174c6f66, rename 'wait' to 'block'
+
+- compiler warning fix: declaration of 'wait' shadows a global declaration
+  
+  It seems older gcc installations (at least) will cause warnings if we
+  name a variable 'wait'. Now changed to 'block' instead.
+  
+  Reported by: Jiří Hruška
+  Bug: http://curl.haxx.se/mail/lib-2013-02/0247.html
+
+Nick Zitzmann (17 Feb 2013)
+- MacOSX-Framework: Make script work in Xcode 4.0 and later
+  
+  Apple made a number of changes to Xcode 4. The SDKs were moved, the entire
+  Developer folder was moved, and PowerPC support was removed. The script
+  will now adapt to those changes and should be future-proofed against
+  additional changes in case Apple moves the Developer folder ever again.
+  Also, the minimum OS X version compiler option was removed, so that the
+  framework can be built against the latest SDK but still run in older cats.
+
+Daniel Stenberg (17 Feb 2013)
+- docs: refer to CURLOPT_ACCEPT_ENCODING instead of the old name
+
+Steve Holme (16 Feb 2013)
+- email: Tidied up result code variables
+  
+  Tidied up result variables to be consistent in name, declaration order
+  and default values.
+
+Nick Zitzmann (16 Feb 2013)
+- ntlm_core: fix compiler warning when building with clang
+  
+  Fixed a 64-to-32 compiler warning raised when building with
+  clang and the --with-darwinssl option.
+
+Daniel Stenberg (16 Feb 2013)
+- Guile-curl: a new libcurl binding
+
+- polarsslthreadlock: #include the proper memory and debug includes
+  
+  Pointed out by Steve Holme
+
+Steve Holme (16 Feb 2013)
+- email: Removed unnecessary forward declaration
+  
+  Due to the reordering of functions in commit 586f5d361474 the forward
+  declaration to state_upgrade_tls() are no longer required.
+
+- pop3.c: Added reference to RFC-5034
+
+Daniel Stenberg (15 Feb 2013)
+- [Willem Sparreboom brought this change]
+
+  PolarSSL: Change to cURL coding style
+  
+  Repaired all curl/lib/checksrc.pl warnings in the previous four patches
+
+- [Willem Sparreboom brought this change]
+
+  PolarSSL: WIN32 threading support for entropy
+  
+  Added WIN32 threading support for PolarSSL entropy if
+  --enable-threaded-resolver config flag is set and process.h can be found.
+
+- [Willem Sparreboom brought this change]
+
+  PolarSSL: pthread support for entropy
+  
+  Added pthread support for polarssl entropy if --enable-threaded-resolver
+  config flag is set and pthread.h can be found.
+
+- [Willem Sparreboom brought this change]
+
+  PolarSSL: changes to entropy/ctr_drbg/HAVEGE_RANDOM
+  
+  Add non-threaded entropy and ctr_drbg and removed HAVEGE_RANDOM define
+
+- [Willem Sparreboom brought this change]
+
+  PolarSSL: added human readable error strings
+  
+  Print out human readable error strings for PolarSSL related errors
+
+Steve Holme (15 Feb 2013)
+- pop3: Removed unnecessary state changes on failure
+
+- imap: Removed unnecessary state change on failure
+
+Daniel Stenberg (15 Feb 2013)
+- metalink_cleanup: yet another follow-up fix
+
+- metalink_cleanup: define it without argument
+  
+  Since the function takes no argument, the macro shouldn't take one as
+  some compilers will error out on that.
+
+- rename "easy" statemachines: call them block instead
+  
+  ... since they're not used by the easy interface really, I wanted to
+  remove the association. Also, I unified the pingpong statemachine driver
+  into a single function with a 'wait' argument: Curl_pp_statemach.
+
+Yang Tse (15 Feb 2013)
+- [Gisle Vanem brought this change]
+
+  curl_setup_once.h: definition of HAVE_CLOSE_S defines sclose() to close_s()
+
+- [Gisle Vanem brought this change]
+
+  config-dos.h: define HAVE_CLOSE_S for MSDOS/Watt-32
+
+- [Gisle Vanem brought this change]
+
+  config-dos.h: define strerror() to strerror_s_() for High-C
+
+- [Gisle Vanem brought this change]
+
+  config-dos.h: define HAVE_TERMIOS_H only for djgpp
+
+Steve Holme (14 Feb 2013)
+- smtp.c: Fixed a trailing whitespace
+  
+  Remove tailing whitespace introduced in commit 7ed689d24a4e.
+
+- pop3: Fixed blocking SSL connect when connecting via POP3S
+  
+  A call to Curl_ssl_connect() was accidentally left in when the SSL/TLS
+  connection layer was reworked in 7.29. Not only would this cause the
+  connection to block but had the additional overhead of calling the
+  non-blocking connect a little bit later.
+
+- smtp: Refactored the smtp_state_auth_resp() function
+  
+  Renamed smtp_state_auth_resp() function to match the implementations in
+  IMAP and POP3.
+
+Daniel Stenberg (14 Feb 2013)
+- remove ifdefs
+  
+  Clarify the code by reducing ifdefs
+
+- strlcat: remove function
+  
+  This function was only used twice, both in places where performance
+  isn't crucial (socks + if2ip). Removing the use of this function removes
+  the need to have our private version for systems without it == reduced
+  amount of code.
+  
+  Also, in the SOCKS case it is clearly better to fail gracefully rather
+  than to truncate the results.
+  
+  This work was triggered by a bug report on the strcal prototype in
+  strequal.h.
+  
+  strlcat was added in commit db70cd28 in February 2001!
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1192
+  Reported by: Jeremy Huddleston
+
+- Curl_FormBoundary: made static
+  
+  As Curl_FormBoundary() is no longer used outside of this file (since
+  commit ad7291c1a9d), it is now renamed to formboundary() and is made
+  static.
+
+- ossl_seed: fix the last resort PRNG seeding
+  
+  Instead of just abusing the pseudo-randomizer from Curl_FormBoundary(),
+  this now uses Curl_ossl_random() to get entropy.
+
+Steve Holme (13 Feb 2013)
+- email: Tidy up before additional IMAP work
+  
+  Replaced two explicit comparisons of CURLE_OK with boolean alternatives.
+  
+  General tidy up of comments.
+
+- smtp: Removed duplicate pingpong structure initialisation
+  
+  The smtp_connect() function was setting the member variables of the
+  pingpong structure twice, once before calling Curl_pp_init() and once
+  after!
+
+Yang Tse (13 Feb 2013)
+- move msvc IDE related files to 'vs' directory tree
+  
+  Use 'vs' directory tree given that 'vc' intended one clashes
+  with an already existing build target in file Makefile.dist.
+
+Daniel Stenberg (13 Feb 2013)
+- install-sh: updated to support multiple source files as arguments
+  
+  Version 7.29.0 uses Makefiles generated with a newer version of the
+  autotools than the previous 7.28.1. These Makefiles try to install
+  e.g. header files by calling install-sh with multiple source files as
+  arguments. The bundled install-sh is to old and does not support this.
+  
+  The problem only occurs, if install-sh is actually being used, ie. the
+  platform install executable is to old or not usable. Example: Solaris
+  10.
+  
+  The files install-sh and mkinstalldirs are now updated with the automake
+  1.11.3 versions. A better fix might be to completely remove them from
+  git and force the files to be added/created during buildconf.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1195
+  Reported by: Rainer Jung
+
+Yang Tse (13 Feb 2013)
+- move msvc IDE related files to 'vc' directory tree
+
+- msvc IDE 'vc' directory tree preparation
+
+Steve Holme (12 Feb 2013)
+- imap: Corrected a whitespace issue from previous commit
+  
+  Fixed a small whitespace issue that crept in there in commit
+  508cdf4da4d7.
+
+- email: Another post optimisation of endofresp() tidy up
+
+- sasl: Fixed null pointer reference when decoding empty digest challenge
+  
+  Fixed a null pointer reference when an empty challenge is passed to the
+  Curl_sasl_create_digest_md5_message() function.
+  
+  Bug: http://sourceforge.net/p/curl/bugs/1193/
+  Reported by: Saran Neti
+
+- email: Post optimisation of endofresp() tidy up
+  
+  Removed unnecessary end of line check and return.
+
+Nick Zitzmann (12 Feb 2013)
+- darwinssl: Fix send glitchiness with data > 32 or so KB
+  
+  An ambiguity in the SSLWrite() documentation lead to a bad inference in the
+  code where we assumed SSLWrite() returned the amount of bytes written to
+  the socket, when that is not actually true; it returns the amount of data
+  that is buffered for writing to the socket if it returns errSSLWouldBlock.
+  Now darwinssl_send() returns CURLE_AGAIN if data is buffered but not written.
+  
+  Reference URL: http://curl.haxx.se/mail/lib-2013-02/0145.html
+
+Steve Holme (12 Feb 2013)
+- pingpong.h: Fixed line length over 78 characters from b56c9eb48e3c
+
+- pingpong: Optimised the endofresp() function
+  
+  Reworked the pp->endofresp() function so that the conndata, line and
+  line length are passed down to it just as with Curl_client_write()
+  rather than each implementation of the function having to query
+  these values.
+  
+  Additionally changed the int return type to bool as this is more
+  representative of the function's usage.
+
+- email: Post STARTLS capability code tidy up (Part Three)
+  
+  Corrected the order of the upgrade_tls() functions and moved the handler
+  upgrade and getsock() functions out from the middle of the state related
+  functions.
+
+- email: Post STARTLS capability code tidy up (Part Two)
+  
+  Corrected the order of the pop3_state_capa() / imap_state_capability()
+  and the pop3_state_capa_resp() / imap_state_capability_resp() functions
+  to match the execution order.
+
+Daniel Stenberg (11 Feb 2013)
+- [ulion brought this change]
+
+  SOCKS: fix socks proxy when noproxy matched
+  
+  Test 1212 added to verify
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1190
+
+Steve Holme (11 Feb 2013)
+- ntlm: Updated comments for the addition of SASL support to IMAP in v7.29
+
+- RELEASE-NOTES: Updated following the recent imap/pop3/smtp changes
+
+Linus Nielsen Feltzing (10 Feb 2013)
+- Fix NULL pointer reference when closing an unused multi handle.
+
+Steve Holme (10 Feb 2013)
+- email: Post STARTLS capability code tidy up (Part One)
+  
+  Corrected the order of the CAPA / CAPABILITY state machine constants to
+  match the execution order.
+
+- imap: Fixed memory leak following commit f6010d9a0359
+
+- smtp: Added support for the STARTTLS capability (Part Two)
+  
+  Added honoring of the tls_supported flag when starting a TLS upgrade
+  rather than unconditionally attempting it. If the use_ssl flag is set
+  to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the
+  connection will continue to authenticate. If this flag is set to
+  CURLUSESSL_ALL then the connection will complete with a failure as it
+  did previously.
+
+- pop3: Added support for the STLS capability (Part Three)
+  
+  Added honoring of the tls_supported flag when starting a TLS upgrade
+  rather than unconditionally attempting it. If the use_ssl flag is set
+  to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the
+  connection will continue to authenticate. If this flag is set to
+  CURLUSESSL_ALL then the connection will complete with a failure as it
+  did previously.
+
+- imap: Added support for the STARTTLS capability (Part Three)
+  
+  Added honoring of the tls_supported flag when starting a TLS upgrade
+  rather than unconditionally attempting it. If the use_ssl flag is set
+  to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the
+  connection will continue to authenticate. If this flag is set to
+  CURLUSESSL_ALL then the connection will complete with a failure as it
+  did previously.
+
+Daniel Stenberg (10 Feb 2013)
+- [Alessandro Ghedini brought this change]
+
+  htmltitle: fix suggested build command
+
+Steve Holme (10 Feb 2013)
+- pop3: Added support for the STLS capability (Part Two)
+  
+  Added sending of initial CAPA command before STLS is sent. This allows
+  for the detection of the capability before trying to upgrade the
+  connection.
+
+- imap: Added support for the STARTTLS capability (Part Two)
+  
+  Added sending of initial CAPABILITY command before STARTTLS is sent.
+  This allows for the detection of the capability before trying to
+  upgrade the connection.
+
+- smtp: Added support for the STLS capability (Part One)
+  
+  Introduced detection of the STARTTLS capability, in order to add support
+  for TLS upgrades without unconditionally sending the STARTTLS command.
+
+- pop3: Added support for the STLS capability (Part One)
+  
+  Introduced detection of the STLS capability, in order to add support
+  for TLS upgrades without unconditionally sending the STLS command.
+
+- imap: Added support for the STARTTLS capability (Part One)
+  
+  Introduced detection of the STARTTLS capability, in order to add support
+  for TLS upgrades without unconditionally sending the STARTTLS command.