1 step: libcurl static link

git-svn-id: http://svn.miranda-ng.org/main/trunk@3763 1316c22d-e87f-b044-9b9b-93d7a3e3ba9c

1 files changed, 5751 insertions, 0 deletions

diff --git a/plugins/FTPFileYM/curl-7.29.0/CHANGES b/plugins/FTPFileYM/curl-7.29.0/CHANGES
new file mode 100644
index 0000000000..08f0a8f60d
--- /dev/null
+++ b/plugins/FTPFileYM/curl-7.29.0/CHANGES
@@ -0,0 +1,5751 @@
+                                  _   _ ____  _
+                              ___| | | |  _ \| |
+                             / __| | | | |_) | |
+                            | (__| |_| |  _ <| |___
+                             \___|\___/|_| \_\_____|
+
+                                  Changelog
+
+Version 7.29.0 (6 Feb 2013)
+
+Daniel Stenberg (6 Feb 2013)
+- vms: config-vms.h is removed, no use trying to distribute it
+
+- RELEASE-NOTES: mention the SASL buffer overflow
+
+- [Eldar Zaitov brought this change]
+
+  Curl_sasl_create_digest_md5_message: fix buffer overflow
+  
+  When negotiating SASL DIGEST-MD5 authentication, the function
+  Curl_sasl_create_digest_md5_message() uses the data provided from the
+  server without doing the proper length checks and that data is then
+  appended to a local fixed-size buffer on the stack.
+  
+  This vulnerability can be exploited by someone who is in control of a
+  server that a libcurl based program is accessing with POP3, SMTP or
+  IMAP. For applications that accept user provided URLs, it is also
+  thinkable that a malicious user would feed an application with a URL to
+  a server hosting code targetting this flaw.
+  
+  Bug: http://curl.haxx.se/docs/adv_20130206.html
+
+Steve Holme (6 Feb 2013)
+- FEATURES: Removed erroneous whitespace
+  
+  Removed whitespace introduced in commit 5f8f20f5e65b that caused
+  formatting issues when generating the website docs.
+
+Yang Tse (6 Feb 2013)
+- setup-vms.h: post VMS patch cleanup - III
+  
+  - rename post-config-vms.h to setup-vms.h
+  - move its inclusion into proper location in curl_setup.h
+
+- vms_show: post VMS patch cleanup - II
+  
+  - remove multiple declarations of vms_show and add comments
+
+- tool_main.c: post VMS patch cleanup - I
+  
+  - remove header inclusion already done in curl_setup_once.h
+
+Steve Holme (6 Feb 2013)
+- FEATURES: Added SSPI to list of NTLM libraries
+
+- FEATURES: Added Secure Transport and qssl to list of SSL libraries
+
+- FEATURES: Added email feature set
+  
+  Added SMTP, SMTPS, POP3, POP3S, IMAP and IMAPS features.
+
+- imap.h: Corrected incorrect comment clarification
+  
+  Corrected comment clarification made in commit 167717b8069a.
+
+- COPYING: Updated copyright year to include 2013
+
+Daniel Stenberg (5 Feb 2013)
+- RELEASE-NOTES: synced with 25f351424b3538
+  
+  8 more bug fixes mentioned
+
+- [John E. Malmberg brought this change]
+
+  VMS: fix and generate the VMS build config
+  
+  config_h.com is a new file that generates a config.h file based on the
+  curl_config.h.in file and a quick scan of the configure script.  This is
+  actually a generic procedure that is shared with other VMS packages.
+  
+  The existing pre-built config-vms.h had over 100 entries that were not
+  correct and in some cases conflicted with the build options available in
+  the build_vms.com.
+  
+  generate_config_vms_h_curl.com is a helper procedure to the
+  config_h.com.  It covers the cases that the generic config_h.com is not
+  able to figure out, and accepts input from the build_vms.com procedure.
+  
+  build_curlbuild_h.com is a new file to generate the curlbuild.h file
+  that Curl is now using when it is using a curl_config.h file.
+  
+  post-config-vms.h is a new file that is needed to provide VMS specific
+  definitions, and most of them need to be set before the system header
+  files are included.
+  
+  The VMS build procedure is fixed:
+  
+     1. Fixed to link in the correct HP ssl library.
+     2. Fixed to detect if HP Kerberos is installed.
+     3. Fixed to detect if HP LDAP is installed.
+     4. Fixed to detect if gnv$libzshr is installed.
+     5. Simplified the input parameter parsing to not use a loop.
+     6. Warn that 64 bit pointer option support is not complete
+        in comments.
+     7. Default to IEEE floating if platform supports it so
+        resulting libcurl will be compatible with other
+        open source projects on VMS.
+     8. Default to LARGEFILE if platform supports it.
+     9. Default to enable SSL, LDAP, Kerberos, libz
+        if the libraries are present.
+     10. Build with exact case global symbols for libcurl.
+     11. Generate linker option file needed.
+     12. Compiler list option only commonly needed items.
+     13. fulllist option for those who really want it.
+     14. Create debug symbol file on Alpha, IA64.
+
+- Curl_proxyCONNECT: return once CONNECT is sent
+  
+  By doing this unconditionally, we infer a simpler and more defined
+  behavior. This also has the upside that test 1021 no longer fails for me
+  even if I run with valgrind.
+  
+  Also fixed some wrong comments.
+
+Steve Holme (5 Feb 2013)
+- email: Reworked comments in the endofresp() functions
+  
+  Tidied up the comments in the endofresp() functions to be more
+  meaningful prior to release.
+
+Marc Hoersken (5 Feb 2013)
+- schannel: Removed extended error connection setup flag
+  
+  According KB975858 this flag may cause problems on Windows 7 and
+  Windows Server 2008 R2 systems. Extended error information is not
+  currently used by libcurl and therefore not a requirement.
+  
+  The flag may improve the SSL-connection shutdown in case of an
+  error. This means it might be a good improvement in the future.
+  
+  Fixes bug/issue #1187 - thanks for the report
+
+Daniel Stenberg (5 Feb 2013)
+- [Tor Arntsen brought this change]
+
+  singleipconnect: Update *sockp for all CURLE_OK
+  
+  The 56b7c87c7 change left a case where a good sockfd was not copied to
+  *sockp before returning with CURLE_OK
+
+- curl_easy_perform: Value stored to 'mcode' is never read
+  
+  pointed out by clang-analyzer
+
+- singleipconnect: remove dead assignment
+  
+  pointed out by clang-analyzer
+
+Linus Nielsen Feltzing (5 Feb 2013)
+- CURLMOPT_MAXCONNECTS: restore functionality
+  
+  When a connection is no longer used, it is kept in the cache. If the
+  cache is full, the oldest idle connection is closed. If no connection is
+  idle, the current one is closed instead.
+
+Steve Holme (5 Feb 2013)
+- RELEASE-NOTES: Updated following recent changes to the email protocols
+  
+  Added recent additions and fixes following the changes to imap, pop3
+  and smtp. Additionally added another contributor that helped to test
+  the imap sasl changes.
+
+- email: Provided extra comments following recent pop3/imap fixes
+  
+  Provided additional clarification about the logic of the authenticate()
+  functions following commit 6b6bdc83bd36 and b4270a9af1d0.
+
+Daniel Stenberg (5 Feb 2013)
+- [Andrei Kurushin brought this change]
+
+  winbuild: include version info for .dll .exe
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1186
+
+- FAQ: clarify 5.13 How do I stop an ongoing transfer
+  
+  Rich Gray provided good feedback and we now clarify that you can in fact
+  stop a multi transfer at any point you like by removing the easy handle.
+
+- [Matt Arsenault brought this change]
+
+  cmake: Fix mingw build
+
+- [Sergei Nikulov brought this change]
+
+  cmake: updated OpenSSL build
+
+Steve Holme (4 Feb 2013)
+- pop3.c: Updated variable names to use shorter / more readable variant
+  
+  Tidied up code from commit 6b6bdc83bdUpdated where a few instances of
+  the pop3c struct variable used the longer conndata struct rather than
+  matching what other code in pop3_authenticate() used.
+
+Guenter Knauf (4 Feb 2013)
+- updated copyright years.
+
+- configure: update the copyright years for the output.
+
+Steve Holme (3 Feb 2013)
+- imap: Fixed no known authentication mechanism when fallback is required
+  
+  Fixed an issue where (lib)curl is compiled without support for a
+  supported challenge-response based SASL authentication mechanism, such
+  as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
+  mechanisms and (lib)curl doesn't fallback to Clear Text authentication.
+  
+  Note: In order to fallback to Clear Text authentication properly this
+  fix adds support for the LOGINDISABLED server capability.
+  imap: Fixed no known authentication mechanism when fallback is required
+  
+  Fixed an issue where (lib)curl is compiled without support for a
+  supported challenge-response based SASL authentication mechanism, such
+  as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
+  mechanisms and (lib)curl doesn't fallback to Clear Text authentication.
+  
+  Note: In order to fallback to Clear Text authentication properly this
+  fix adds support for the LOGINDISABLED server capability.
+  
+  Related bug: http://curl.haxx.se/mail/lib-2013-02/0004.html
+  Reported by: Stanislav Ivochkin
+
+- pop3: Fixed no known authentication mechanism when fallback is required
+  
+  Fixed an issue where (lib)curl is compiled without support for a
+  supported challenge-response based SASL authentication mechanism, such
+  as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
+  mechanisms and (lib)curl doesn't fallback to APOP or Clear Text
+  authentication.
+  
+  Bug: http://curl.haxx.se/mail/lib-2013-02/0004.html
+  Reported by: Stanislav Ivochkin
+
+Daniel Stenberg (1 Feb 2013)
+- singleipconnect: simplify and clean up
+  
+  Remove timeout argument that's never used.
+  
+  Make the actual connection get detected on a single spot to reduce code
+  duplication.
+  
+  Store the IPv6 state already when the connection is attempted.
+
+- Curl_perfom: removed
+  
+  Curl_perfom is no longer used anywhere since the always-multi commit
+  c43127414d89ccb9, and some related functions were used only from within
+  Curl_perfom.
+
+Guenter Knauf (30 Jan 2013)
+- Updated date.
+
+Yang Tse (30 Jan 2013)
+- zz40-xc-ovr.m4: fix 'wc' detection - follow-up 2
+  
+  - Fix a pair of single quotes to double quotes.
+  
+  URL: http://curl.haxx.se/mail/lib-2013-01/0355.html
+  Reported by: Tor Arntsen
+
+- zz40-xc-ovr.m4: fix 'wc' detection - follow-up
+  
+  - Take into account that 'wc' may return leading spaces and/or tabs.
+  
+  - Set initial IFS to space, tab and newline.
+
+- zz40-xc-ovr.m4: fix 'wc' detection
+  
+  - Take into account that 'wc' may return leading spaces.
+  
+  - Set internationalization behavior variables.
+  
+  Tor Arntsen analyzed and reported the issue.
+  
+  URL: http://curl.haxx.se/mail/lib-2013-01/0351.html
+
+- zz40-xc-ovr.m4: check another three basic utilities
+
+Guenter Knauf (29 Jan 2013)
+- Fixed debug.c to work again unchanged.
+  
+  Added CURLOPT_FOLLOWLOCATION since example.com is now redirected.
+
+Daniel Stenberg (29 Jan 2013)
+- [Nick Zitzmann brought this change]
+
+  darwinssl: Fix bug where packets were sometimes transmitted twice
+  
+  There was a bug where, if SSLWrite() returned errSSLWouldBlock but did
+  succeed in transmitting at least something, then we'd incorrectly
+  resend the packet. Now we never take errSSLWouldBlock as a sign that
+  nothing was transferred to/from the server.
+  
+  Bug: http://curl.haxx.se/mail/lib-2013-01/0295.html
+  Reported by: Bruno de Carvalho
+
+- [Nick Zitzmann brought this change]
+
+  FAQ: "Darwinssl" is AKA "Secure Transport" and supports NTLM
+
+- RELEASE-NOTES: only list Nick once
+  
+  Even though he's a fine dude, once is enough for this time!
+
+Yang Tse (28 Jan 2013)
+- zz40-xc-ovr.m4: 1.0 interface stabilization
+  
+  - Stabilization results in 4 public interface m4 macros:
+    XC_CONFIGURE_PREAMBLE
+    XC_CONFIGURE_PREAMBLE_VER_MAJOR
+    XC_CONFIGURE_PREAMBLE_VER_MINOR
+    XC_CHECK_PATH_SEPARATOR
+  - Avoid one level of internal indirection
+  - Update comments
+  - Drop XC_OVR_ZZ40 macro
+
+Kamil Dudka (28 Jan 2013)
+- docs: fix typos in man pages
+  
+  Reported by: Jiri Jaburek
+  Bug: https://bugzilla.redhat.com/896544
+
+- docs: update the comments about loading CA certs with NSS
+  
+  Bug: https://bugzilla.redhat.com/696783
+
+Guenter Knauf (28 Jan 2013)
+- Updated dependency libs.
+
+- Fixed simple.c to work again unchanged.
+  
+  Added CURLOPT_FOLLOWLOCATION since example.com is now redirected.
+
+Steve Holme (27 Jan 2013)
+- smtp.c: Fixed unnecessary state change if starttls fails
+  
+  The state machine should only be changed to SMTP_STARTTLS when the
+  STARTTLS command has been successfully sent to the server.
+
+- pop3.c: Fixed unnecessary state change if starttls fails
+  
+  The state machine should only be changed to POP3_STARTTLS when the
+  STLS command has been successfully sent to the server.
+
+- imap.c: Fixed unnecessary state change if starttls fails
+  
+  The state machine should only be changed to IMAP_STARTTLS when the
+  STARTTLS command has been successfully sent to the server.
+
+- email: Updated comment regarding ssldone usage
+  
+  Updated the ssldone comment as multi mode is always used internally now.
+
+Yang Tse (26 Jan 2013)
+- zz40-xc-ovr.m4: emit witness message in configure BODY
+  
+  This avoids witness message in output when running configure --help,
+  while sending the message to config.log for other configure runs.
+
+Steve Holme (25 Jan 2013)
+- smtp.c: Added comments to smtp_endofresp()
+  
+  Minor code tidy up to add comments similar to those used in the pop3
+  and imap end of resp functions, in order to assist anyone reading the
+  code and highlight the similarities between each of these protocols.
+
+Yang Tse (25 Jan 2013)
+- zz40-xc-ovr.m4: truly do version conditional overriding
+  
+  - version conditional overriding
+  - catch unexpanded XC macros
+  - fix double words in comments
+
+- zz40-xc-ovr.m4: fix variable assignment of subshell output bashism
+  
+  Tor Arntsen analyzed and reported the issue.
+  
+  URL: http://curl.haxx.se/mail/lib-2013-01/0306.html
+
+- zz40-xc-ovr.m4: reinstate strict AC_REQUIRE macro dependencies
+
+- zz40-xc-ovr.m4: avoid double single-quote usage
+
+- zz40-xc-ovr.m4: parentheses balancing of 'case' statements
+  
+  m4 quadrigraph shell comment technique allows proper autoconf
+  parentheses balancing in shell 'case' statements. The presence
+  of unbalanced parentheses may otherwise trigger expansion bugs.
+
+Steve Holme (24 Jan 2013)
+- smtp.c: Corrected RFC references
+  
+  The most recent version of the SMTP RFC is RFC5321 and not RFC2821 as
+  previously documented.
+  
+  Added RFC1870 and re-ordered list numerically.
+
+- smtp.c: Fixed failure detection during TLS upgrade
+  
+  smtp_state_upgrade_tls() would attempt to incorrectly complete the
+  upgrade to smtps and start the EHLO command if
+  Curl_ssl_connect_nonblocking() returned a failure code and if ssldone
+  was set to TRUE. This would only happen when a non-blocking API hadn't
+  been provided by the SSL implementation and curlssl_connect() was
+  called underneath.
+
+- pop3.c: Fixed failure detection during TLS upgrade
+  
+  pop3_state_upgrade_tls() would attempt to incorrectly complete the
+  upgrade to pop3s and start the CAPA command if
+  Curl_ssl_connect_nonblocking() returned a failure code and if ssldone
+  was set to TRUE. This would only happen when a non-blocking API hadn't
+  been provided by the SSL implementation and curlssl_connect() was
+  called underneath.
+
+- imap.c: Fixed failure detection during TLS upgrade
+  
+  imap_state_upgrade_tls() would attempt to incorrectly complete the
+  upgrade to imaps and start the CAPABILITY command if
+  Curl_ssl_connect_nonblocking() returned a failure code and if ssldone
+  was set to TRUE. This would only happen when a non-blocking API hadn't
+  been provided by the SSL implementation and curlssl_connect() was
+  called underneath.
+
+Yang Tse (24 Jan 2013)
+- zz40-xc-ovr.m4: internals overhauling
+  
+  - Update comments
+  - Execute commands in subshells
+  - Faster path separator check
+  - Fix missing 'test' command
+  - Rename private macros
+  - Minimize AC_REQUIRE usage
+
+Steve Holme (23 Jan 2013)
+- email: Removed unnecessary return statements
+  
+  Small tidy up to remove unnecessary return statements prior to the next
+  fix.
+
+Yang Tse (23 Jan 2013)
+- zz40-xc-ovr.m4: redirect errors and warnings to stderr
+
+- zz40-xc-ovr.m4: AC_REQUIRE also XC_CONFIGURE_PREAMBLE success message
+
+- zz60-xc-ovr.m4: tighten XC_OVR_ZZ60 macro placement requirements
+
+- configure: use XC_CONFIGURE_PREAMBLE early checks
+  
+  Some basic checks we make were placed early enough in generated
+  configure script when using autoconf 2.5X versions. Newer autoconf
+  versions expand these checks much further into the configure script,
+  rendering them useless. Using XC_CONFIGURE_PREAMBLE fixes placement
+  of early intended checks across all our autoconf supported versions.
+
+- zz40-xc-ovr.m4: provide XC_CONFIGURE_PREAMBLE macro
+
+Daniel Stenberg (23 Jan 2013)
+- FAQ: update the SSL lib list and wording in question 2.2
+
+Steve Holme (22 Jan 2013)
+- curl_sasl.c: Corrected references to RFC
+  
+  The most recent version of the RFC is RFC4422 and not RFC2222 as
+  previously documented.
+
+- email: Corrected references to SASL RFC
+  
+  The most recent version of the SASL RFC is RFC4422 and not RFC2222 as
+  previously documented.
+
+Daniel Stenberg (22 Jan 2013)
+- [Ulion brought this change]
+
+  formpost: support quotes, commas and semicolon in file names
+  
+  - document the double-quote and backslash need be escaped if quoting.
+  - libcurl formdata escape double-quote in filename by backslash.
+  - curl formparse can parse filename both contains '"' and ',' or ';'.
+  - curl now can uploading file with ',' or ';' in filename.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1171
+
+- memanalyze.pl: handle fopen() of file names with quotes
+
+Yang Tse (21 Jan 2013)
+- xc-cc-check.m4: re-evaluate exporting and AC_SUBST'ing vars
+  
+  Notes:
+  
+  When running a configure script that has nested packages (for example
+  libcurl's configure with --enable-ares and c-ares sources embedded in
+  curl tree) and AC_CONFIG_SUBDIRS([nested-subdir]) machinery is used to
+  automatically run the nested configure script from within the parent
+  configure script, it happens that the nested _shell_ script will
+  inherit shell variables exported from the parent _shell_ script.
+  
+  If for example parent configure script sets and exports LDFLAGS and LIBS
+  variables with proper values in order to link either a parent library or
+  program with a library which will be configured and built by a nested
+  package; It will happen that when the nested configure script runs, the
+  nested library does not exist yet and _any_ link-test done in the nested
+  configure will fail, such as those that autoconf macros perform in order
+  to detect existing compiler and its characteristics, the result is that
+  the nested configure script will fail with errors such as:
+  
+  configure: error: C compiler cannot create executables
+  
+  For now, we no longer export variables previously exported here.
+  
+  On the other hand, AC_SUBST'ing them is appropriate and even with nested
+  packages each package's config.status gets its own package values.
+  
+  So we reinstate AC_SUBST'ing previously AC_SUBST'ed variables.
+
+Daniel Stenberg (21 Jan 2013)
+- FAQ: 3.22 curl -X gives me HTTP problems
+
+Yang Tse (21 Jan 2013)
+- xc-cc-check.m4: avoid recursive package automake'ing breakage
+
+- xc-cc-check.m4: mark earlier variables that are to be exported
+
+- configure: autotools compatibility fixes - step I
+  
+  Fix proper macro expansion order across autotools versions for
+  C compiler and preprocessor program checks.
+
+Steve Holme (20 Jan 2013)
+- pop3.c: Fixed conditional compilation of the apop response function
+  
+  Extended the fix from commit 8b15c84ea91e to additionally exclude
+  pop3_state_apop_resp() if the CURL_DISABLE_CRYPTO_AUTH flag is
+  defined.
+
+Yang Tse (20 Jan 2013)
+- Makefile.inc: fix $(top_srcdir) not allowed in _SOURCES variables
+
+Daniel Stenberg (19 Jan 2013)
+- formadd: reject trying to read a directory where a file is expected
+  
+  Bug: http://curl.haxx.se/mail/archive-2013-01/0017.html
+  Reported by: Ulrich Doehner
+
+- curl_easy_send.3: document return codes
+  
+  Reported by: Craig Davison
+  Bug: http://curl.haxx.se/mail/lib-2013-01/0234.html
+
+- curl_easy_recv.3: document return codes
+  
+  Reported by: Craig Davison
+  Bug: http://curl.haxx.se/mail/lib-2013-01/0234.html
+
+Steve Holme (19 Jan 2013)
+- email: General code tidy up
+  
+  Corrected some function argument definitions to maximize the 80
+  character line length limit and be in keeping with the curl
+  coding style.
+
+- pop3.c: Fixed a problem with pop3s connections not connecting properly
+  
+  Fixed an issue where Curl_ssl_connect_nonblocking() wouldn't complete
+  correctly and the ssldone flag wouldn't be set to true for pop3s based
+  connections.
+  
+  Bug introduced in commit: 4ffb8a6398ed.
+
+Daniel Stenberg (18 Jan 2013)
+- RELEASE-NOTES: add references to several bugfixes+changes
+
+Steve Holme (18 Jan 2013)
+- RELEASE-NOTES: Added missing imap fix
+  
+  Added missing imap fix as per commit 709b3506cd9b.
+
+Yang Tse (18 Jan 2013)
+- runtests.pl: make VPATH builds find valgrind.supp
+
+Daniel Stenberg (18 Jan 2013)
+- RELEASE-NOTES: synced with c43127414d89
+
+- always-multi: always use non-blocking internals
+  
+  Remove internal separated behavior of the easy vs multi intercace.
+  curl_easy_perform() is now using the multi interface itself.
+  
+  Several minor multi interface quirks and bugs have been fixed in the
+  process.
+  
+  Much help with debugging this has been provided by: Yang Tse
+
+Yang Tse (17 Jan 2013)
+- url.c: fix HTTP CONNECT tunnel establishment upon delayed response
+  
+  Fixes initial proxy response being processed by the tunneled protocol
+  handler instead of the HTTP wrapper handler. This issue would trigger
+  upon delayed CONNECT response from the proxy.
+  
+  Additionally fixes a multi interface code-path in which connections
+  would not time out properly.
+  
+  This does not fix known bug #39.
+  
+  URL: http://curl.haxx.se/mail/lib-2013-01/0191.html
+
+Daniel Stenberg (16 Jan 2013)
+- [Yves Arrouye brought this change]
+
+  --libcurl: fix for non-zero default options
+  
+  If the default value for an option taking a long as its value is non
+  zero, and it is set by zero by a command line option, then that command
+  line option is not reflected in --libcurl's output. This is because line
+  520-521 of tool_setopt.c look like:
+  
+  if(!lval)
+      skip = TRUE;
+  
+  An example of a command-line option doing so is the -k option that sets
+  CURLOPT_SLL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST to 0L, when the
+  defaults are non-zero.
+
+- FTP: reject illegal port numbers in EPSV 229 responses
+
+Yang Tse (15 Jan 2013)
+- commit bc682cbd follow-up
+
+- build: use per-target '_CPPFLAGS' for those currently using default
+  
+  Automake documents that doing this will make it choose a different name
+  for intermediate object files even when sharing source files across
+  targets of same Makefile.am.
+  
+  Up to automake 1.13.1 target's intermediate object files were placed
+  in the build subdirectory of the target. We depended on this, probably
+  undocumented behavior, to achieve same behavior as if a per-target flag
+  had been specified when building targets that actually belong to
+  different Makefile.am files.
+  
+  It seems automake 1.13.2 is going to break behavior mentioned above.
+  
+  So, lets use a documented behavior in order to achieve same purpose,
+  across automake versions, no matter where automake wishes to place
+  intermediate object files.
+  
+  Our build targets that already were using a per-target '_CFLAGS' or
+  '_CPPFLAGS' need no 'fixing', these were already 'fixed'. The only
+  Makefile.am or Makefile.in files in libcurl's source tree touched by
+  this 'fix' are tests/libtest/Makefile.inc and tests/unit/Makefile.inc.
+
+- tests/libtest/Makefile.inc: sort build targets
+
+- tests/Makefile.am: remove wildcard usage in EXTRA_DIST
+
+Kamil Dudka (15 Jan 2013)
+- nss: fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
+  
+  Do not use the error messages from NSS for errors not occurring in NSS.
+
+Steve Holme (14 Jan 2013)
+- TODO: Updated following IMAP SASL additions
+
+Yang Tse (14 Jan 2013)
+- configure: fix automake 1.13 compatibility
+  
+  Tested with:
+  
+  buildconf: autoconf version 2.69
+  buildconf: autom4te version 2.69
+  buildconf: autoheader version 2.69
+  buildconf: automake version 1.13.1
+  buildconf: aclocal version 1.13.1
+  buildconf: libtool version 2.4
+  buildconf: GNU m4 version 1.4.16
+
+Daniel Stenberg (13 Jan 2013)
+- BUGS: update bug tracker URL
+  
+  ... and refresh number of lines of code
+
+- Curl_resolver_getsock: fix the function description comment
+  
+  It referred to it by the wrong name and said it returned the wrong value.
+  
+  Reported by: Gisle Vanem
+
+Kamil Dudka (11 Jan 2013)
+- nss: clear session cache if a client cert from file is used
+  
+  This commit fixes a regression introduced in 052a08ff.
+  
+  NSS caches certs/keys returned by the SSL_GetClientAuthDataHook callback
+  and if we connect second time to the same server, the cached cert/key
+  pair is used.  If we use multiple client certificates for different
+  paths on the same server, we need to clear the session cache to force
+  NSS to call the hook again.  The commit 052a08ff prevented the session
+  cache from being cleared if a client certificate from file was used.
+  
+  The condition is now fixed to cover both cases: consssl->client_nickname
+  is not NULL if a client certificate from the NSS database is used and
+  connssl->obj_clicert is not NULL if a client certificate from file is
+  used.
+  
+  Review by: Kai Engert
+
+Yang Tse (11 Jan 2013)
+- sockfilt.c: log file descriptor number on read/write error
+
+- [Gisle Vanem brought this change]
+
+  packages/DOS/common.dj: remove COFF debug info generation
+  
+  gcc on DOS hasn't really supported COFF-debug (-gcoff) on djgpp for a
+  long time.
+  
+  "Sounds like the COFF debug info generation has bit-rotted in GCC.
+   Nothing new here, no other platform uses COFF AFAIK."
+  
+  So lets drop it too.
+  
+  URL: http://curl.haxx.se/mail/lib-2013-01/0130.html
+
+- curl: ignore SIGPIPE - compilation fix - follow-up
+
+- test servers: handle W32/W64 SIGBREAK with exit_signal_handler
+
+- test servers: fix errno, ERRNO and SOCKERRNO usage for W32/W64
+
+- sockfilt.c: fix some W64 compiler warnings
+
+Daniel Stenberg (9 Jan 2013)
+- [Nick Zitzmann brought this change]
+
+  docs: the --with-darwinssl option is available on Apple OSes
+
+Yang Tse (9 Jan 2013)
+- curl: ignore SIGPIPE - compilation fix
+
+- build: fix circular header inclusion with other packages
+  
+  This commit renames lib/setup.h to lib/curl_setup.h and
+  renames lib/setup_once.h to lib/curl_setup_once.h.
+  
+  Removes the need and usage of a header inclusion guard foreign
+  to libcurl. [1]
+  
+  Removes the need and presence of an alarming notice we carried
+  in old setup_once.h [2]
+  
+  ----------------------------------------
+  
+  1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard
+      up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H,
+      this single inclusion guard is enough to ensure that inclusion of
+      lib/setup_once.h done from lib/setup.h is only done once.
+  
+      Additionally lib/setup.h has always used __SETUP_ONCE_H macro to
+      protect inclusion of setup_once.h even after commit ec691ca3, this
+      was to avoid a circular header inclusion triggered when building a
+      c-ares enabled version with c-ares sources available which also has
+      a setup_once.h header. Commit ec691ca3 exposes the real nature of
+      __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard
+      foreign to libcurl belonging to c-ares's setup_once.h
+  
+      The renaming this commit does, fixes the circular header inclusion,
+      and as such removes the need and usage of a header inclusion guard
+      foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl.
+  
+  2 - Due to the circular interdependency of old lib/setup_once.h and the
+      c-ares setup_once.h header, old file lib/setup_once.h has carried
+      back from 2006 up to now days an alarming and prominent notice about
+      the need of keeping libcurl's and c-ares's setup_once.h in sync.
+  
+      Given that this commit fixes the circular interdependency, the need
+      and presence of mentioned notice is removed.
+  
+      All mentioned interdependencies come back from now old days when
+      the c-ares project lived inside a curl subdirectory. This commit
+      removes last traces of such fact.
+
+Daniel Stenberg (8 Jan 2013)
+- curl: ignore SIGPIPE
+  
+  This is a work-around for bug #1180 which is really libcurl's inability
+  to ignore SIGPIPE in a few cases. With this work-around at least curl
+  won't suffer from it!
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1180
+  Reported by: Lluís Batlle i Rossell
+
+Yang Tse (8 Jan 2013)
+- sockfilt.c: fix some compiler warnings
+
+Daniel Stenberg (8 Jan 2013)
+- Revert "configure: update req to 2.59"
+  
+  This reverts commit 7a6d8b1b1a8fcc184c36d6b6e741e32250b4bacb.
+  
+  URL: http://curl.haxx.se/mail/lib-2013-01/0103.html
+
+Steve Holme (8 Jan 2013)
+- pop3: Added support for non-blocking SSL upgrade
+  
+  Added support for asynchronous SSL upgrade when using the
+  multi-interface.
+
+Daniel Stenberg (8 Jan 2013)
+- configure: update req to 2.59
+  
+  I ran the 2.59 version of autoupdate that updates obsoleted configure.ac
+  constructs to the 2.59 standard. With a little hands-on fiddling I
+  prevented it from ruining the quoting in AS_HELP_STRING() uses.
+  
+  I subsequently also bumped the required autoconf version to 2.59
+  (released in December 2003) as I don't have an older autoconf version
+  around to test with and I can't be bothered to install one either...
+  
+  Inspired by: Björn Stenberg
+  Related blog post: http://cazfi.livejournal.com/195108.html
+
+Steve Holme (7 Jan 2013)
+- imap.c: Small tidy up to add missing comment
+
+- imap: Added support for sasl digest-md5 authentication
+
+- imap: Added support for sasl cram-md5 authentication
+
+Marc Hoersken (7 Jan 2013)
+- tests/server/sockfilt.c: Fixed integer comparison warning
+
+- tests/server/sockfilt.c: Include required Win32 headers
+
+Steve Holme (7 Jan 2013)
+- imap: Added support for sasl ntlm authentication
+
+- imap: Added support for sasl login authentication
+
+- pop3.c: Fixed default authentication detection
+  
+  Fixed an issue where a server may positively respond to the CAPA command
+  but not list clear text as a valid authentication type.
+
+- curl_sasl.c: Small code tidy up following imap changes
+
+- smtp.c: Small code tidy up following imap changes
+
+- pop3.c: Small code tidy up following imap changes
+
+- imap: Added support for sasl plain text authentication
+
+Marc Hoersken (6 Jan 2013)
+- tests/server/sockfilt.c: Fixed support for listening sockets
+  
+  This commit fixes support for sockets that are ready to accept
+  a new connection and have previously been put into listening mode.
+  
+  It also includes changes which are the result of investigation
+  regarding Windows STDIN. These changes are the preparation for further
+  improvements regarding support for reading data from STDIN on Windows.
+  
+  Open issue: WaitForMultipleObjectsEx does not support PIPE handles
+  which are returned by GetStdHandle while running without a GUI.
+
+- tests/server/sockfilt.c: Set Windows Console to binary mode
+
+- tests/server/sockfilt.c: Improved log error messages
+  
+  Include error code and parameters in error messages.
+
+Steve Holme (6 Jan 2013)
+- imap: Introduced the continue response in imap_endofresp()
+
+- imap: Added support for SASL based authentication mechanism detection
+  
+  Added support for detecting the supported SASL authentication mechanisms
+  via the CAPABILITY command.
+
+Yang Tse (6 Jan 2013)
+- Revert changes relative to lib/*.[ch] recent renaming
+  
+  This reverts renaming and usage of lib/*.h header files done
+  28-12-2012, reverting 2 commits:
+  
+    f871de0... build: make use of 76 lib/*.h renamed files
+    ffd8e12... build: rename 76 lib/*.h files
+  
+  This also reverts removal of redundant include guard (redundant thanks
+  to changes in above commits) done 2-12-2013, reverting 1 commit:
+  
+    c087374... curl_setup.h: remove redundant include guard
+  
+  This also reverts renaming and usage of lib/*.c source files done
+  3-12-2013, reverting 3 commits:
+  
+    13606bb... build: make use of 93 lib/*.c renamed files
+    5b6e792... build: rename 93 lib/*.c files
+    7d83dff... build: commit 13606bbfde follow-up 1
+  
+  Start of related discussion thread:
+  
+    http://curl.haxx.se/mail/lib-2013-01/0012.html
+  
+  Asking for confirmation on pushing this revertion commit:
+  
+    http://curl.haxx.se/mail/lib-2013-01/0048.html
+  
+  Confirmation summary:
+  
+    http://curl.haxx.se/mail/lib-2013-01/0079.html
+  
+  NOTICE: The list of 2 files that have been modified by other
+  intermixed commits, while renamed, and also by at least one
+  of the 6 commits this one reverts follows below. These 2 files
+  will exhibit a hole in history unless git's '--follow' option
+  is used when viewing logs.
+  
+    lib/curl_imap.h
+    lib/curl_smtp.h
+
+Daniel Stenberg (6 Jan 2013)
+- mk-ca-bundle.1: convert syntax to what's used elsewhere
+  
+  ... mostly to make sure roffit works better on it, but also to make our
+  man pages use a more unified style.
+
+- mk-ca-bundle.1: mention new -f, fix outputfile output
+  
+  also edited a few sentences to become more verbose
+
+- mk-ca-bundle: add -f, support passing to stdout and more
+  
+  1. When the downloaded data file from Mozilla is current, but the output
+  bundle does not exist: continue processing to create the bundle.  The
+  goal is to have the output file - not just download the latest input.
+  
+  2. added -f option to force re-processing the file.  Useful for
+  debugging/testing the process.
+  
+  3. added support for output to '-' (stdout), allowing the output to be
+  piped.
+  
+  4. All progress and error messages go to STDERR rather than STDOUT (3)
+  
+  5. The script opened and closed the output file many times
+  unnecessarily.  It now opens it once, does the output and closes it.
+  
+  6. Backup of the input files happens after successful processing, not
+  before.
+  
+  7. The output is written to a temporary file, and renamed to the
+  requested name after backup - this greatly reduces the window where the
+  file can be seen partially written.
+  
+  8. all die calls have a \n at the end to suppress perl's traceback - the
+  traceback isn't useful to end users.
+  
+  Patch: http://curl.haxx.se/mail/lib-2013-01/0045.html
+
+Yang Tse (5 Jan 2013)
+- imap test server: fix typo in name of SELECT_imap() sub definition
+  
+  IMAP test server breaking typo introduced with commit b708a522a1
+
+Steve Holme (4 Jan 2013)
+- imap test server: Added support for the CAPABILITY command
+  
+  Added support for the CAPABILITY command in preparation of upcoming
+  changes.
+
+Daniel Stenberg (3 Jan 2013)
+- writeout: -w now supports remote_ip/port and local_ip/port
+  
+  Added mention to the curl.1 man page.
+  
+  Test case 1223 verifies remote_ip/port.
+
+Yang Tse (3 Jan 2013)
+- test 1222: 8 chars object name generation  &&  test 1221: adjustments
+
+Daniel Stenberg (3 Jan 2013)
+- INTERNALS: remove "footnote" never used
+
+Yang Tse (3 Jan 2013)
+- build: commit 13606bbfde follow-up 1
+
+Daniel Stenberg (3 Jan 2013)
+- FAQ: Can I write a server with libcurl?
+
+Yang Tse (3 Jan 2013)
+- build: rename 93 lib/*.c files
+  
+  93 lib/*.c source files renamed to use our standard naming scheme.
+  
+  This commit only does the file renaming.
+  
+  ----------------------------------------
+  
+    renamed:    lib/amigaos.c -> lib/curl_amigaos.c
+    renamed:    lib/asyn-ares.c -> lib/curl_asyn_ares.c
+    renamed:    lib/asyn-thread.c -> lib/curl_asyn_thread.c
+    renamed:    lib/axtls.c -> lib/curl_axtls.c
+    renamed:    lib/base64.c -> lib/curl_base64.c
+    renamed:    lib/bundles.c -> lib/curl_bundles.c
+    renamed:    lib/conncache.c -> lib/curl_conncache.c
+    renamed:    lib/connect.c -> lib/curl_connect.c
+    renamed:    lib/content_encoding.c -> lib/curl_content_encoding.c
+    renamed:    lib/cookie.c -> lib/curl_cookie.c
+    renamed:    lib/cyassl.c -> lib/curl_cyassl.c
+    renamed:    lib/dict.c -> lib/curl_dict.c
+    renamed:    lib/easy.c -> lib/curl_easy.c
+    renamed:    lib/escape.c -> lib/curl_escape.c
+    renamed:    lib/file.c -> lib/curl_file.c
+    renamed:    lib/fileinfo.c -> lib/curl_fileinfo.c
+    renamed:    lib/formdata.c -> lib/curl_formdata.c
+    renamed:    lib/ftp.c -> lib/curl_ftp.c
+    renamed:    lib/ftplistparser.c -> lib/curl_ftplistparser.c
+    renamed:    lib/getenv.c -> lib/curl_getenv.c
+    renamed:    lib/getinfo.c -> lib/curl_getinfo.c
+    renamed:    lib/gopher.c -> lib/curl_gopher.c
+    renamed:    lib/gtls.c -> lib/curl_gtls.c
+    renamed:    lib/hash.c -> lib/curl_hash.c
+    renamed:    lib/hmac.c -> lib/curl_hmac.c
+    renamed:    lib/hostasyn.c -> lib/curl_hostasyn.c
+    renamed:    lib/hostcheck.c -> lib/curl_hostcheck.c
+    renamed:    lib/hostip.c -> lib/curl_hostip.c
+    renamed:    lib/hostip4.c -> lib/curl_hostip4.c
+    renamed:    lib/hostip6.c -> lib/curl_hostip6.c
+    renamed:    lib/hostsyn.c -> lib/curl_hostsyn.c
+    renamed:    lib/http.c -> lib/curl_http.c
+    renamed:    lib/http_chunks.c -> lib/curl_http_chunks.c
+    renamed:    lib/http_digest.c -> lib/curl_http_digest.c
+    renamed:    lib/http_negotiate.c -> lib/curl_http_negotiate.c
+    renamed:    lib/http_negotiate_sspi.c -> lib/curl_http_negotiate_sspi.c
+    renamed:    lib/http_proxy.c -> lib/curl_http_proxy.c
+    renamed:    lib/idn_win32.c -> lib/curl_idn_win32.c
+    renamed:    lib/if2ip.c -> lib/curl_if2ip.c
+    renamed:    lib/imap.c -> lib/curl_imap.c
+    renamed:    lib/inet_ntop.c -> lib/curl_inet_ntop.c
+    renamed:    lib/inet_pton.c -> lib/curl_inet_pton.c
+    renamed:    lib/krb4.c -> lib/curl_krb4.c
+    renamed:    lib/krb5.c -> lib/curl_krb5.c
+    renamed:    lib/ldap.c -> lib/curl_ldap.c
+    renamed:    lib/llist.c -> lib/curl_llist.c
+    renamed:    lib/md4.c -> lib/curl_md4.c
+    renamed:    lib/md5.c -> lib/curl_md5.c
+    renamed:    lib/memdebug.c -> lib/curl_memdebug.c
+    renamed:    lib/mprintf.c -> lib/curl_mprintf.c
+    renamed:    lib/multi.c -> lib/curl_multi.c
+    renamed:    lib/netrc.c -> lib/curl_netrc.c
+    renamed:    lib/non-ascii.c -> lib/curl_non_ascii.c
+    renamed:    lib/curl_non-ascii.h -> lib/curl_non_ascii.h
+    renamed:    lib/nonblock.c -> lib/curl_nonblock.c
+    renamed:    lib/nss.c -> lib/curl_nss.c
+    renamed:    lib/nwlib.c -> lib/curl_nwlib.c
+    renamed:    lib/nwos.c -> lib/curl_nwos.c
+    renamed:    lib/openldap.c -> lib/curl_openldap.c
+    renamed:    lib/parsedate.c -> lib/curl_parsedate.c
+    renamed:    lib/pingpong.c -> lib/curl_pingpong.c
+    renamed:    lib/polarssl.c -> lib/curl_polarssl.c
+    renamed:    lib/pop3.c -> lib/curl_pop3.c
+    renamed:    lib/progress.c -> lib/curl_progress.c
+    renamed:    lib/qssl.c -> lib/curl_qssl.c
+    renamed:    lib/rawstr.c -> lib/curl_rawstr.c
+    renamed:    lib/rtsp.c -> lib/curl_rtsp.c
+    renamed:    lib/security.c -> lib/curl_security.c
+    renamed:    lib/select.c -> lib/curl_select.c
+    renamed:    lib/sendf.c -> lib/curl_sendf.c
+    renamed:    lib/share.c -> lib/curl_share.c
+    renamed:    lib/slist.c -> lib/curl_slist.c
+    renamed:    lib/smtp.c -> lib/curl_smtp.c
+    renamed:    lib/socks.c -> lib/curl_socks.c
+    renamed:    lib/socks_gssapi.c -> lib/curl_socks_gssapi.c
+    renamed:    lib/socks_sspi.c -> lib/curl_socks_sspi.c
+    renamed:    lib/speedcheck.c -> lib/curl_speedcheck.c
+    renamed:    lib/splay.c -> lib/curl_splay.c
+    renamed:    lib/ssh.c -> lib/curl_ssh.c
+    renamed:    lib/sslgen.c -> lib/curl_sslgen.c
+    renamed:    lib/ssluse.c -> lib/curl_ssluse.c
+    renamed:    lib/strdup.c -> lib/curl_strdup.c
+    renamed:    lib/strequal.c -> lib/curl_strequal.c
+    renamed:    lib/strerror.c -> lib/curl_strerror.c
+    renamed:    lib/strtok.c -> lib/curl_strtok.c
+    renamed:    lib/strtoofft.c -> lib/curl_strtoofft.c
+    renamed:    lib/telnet.c -> lib/curl_telnet.c
+    renamed:    lib/tftp.c -> lib/curl_tftp.c
+    renamed:    lib/timeval.c -> lib/curl_timeval.c
+    renamed:    lib/transfer.c -> lib/curl_transfer.c
+    renamed:    lib/url.c -> lib/curl_url.c
+    renamed:    lib/version.c -> lib/curl_version.c
+    renamed:    lib/warnless.c -> lib/curl_warnless.c
+    renamed:    lib/wildcard.c -> lib/curl_wildcard.c
+  
+  ----------------------------------------
+
+- build: make use of 93 lib/*.c renamed files
+  
+  93 *.c source files renamed to use our standard naming scheme.
+  
+  This change affects 77 files in libcurl's source tree.
+
+Daniel Stenberg (3 Jan 2013)
+- INSTALL: unify the SSL library texts
+  
+  Make them smaller and more similar for each separate SSL library
+  supported by the configure build
+
+Yang Tse (2 Jan 2013)
+- curl_setup.h: remove redundant include guard
+
+- build and tests: curl_10char_object_name() shell function
+  
+  lib/objnames.inc provides definition of curl_10char_object_name() shell
+  function. The intended purpose of this function is to transliterate a
+  (*.c) source file name that may be longer than 10 characters, or not,
+  into a string with at most 10 characters which may be used as an OS/400
+  object name.
+  
+  Test case 1221 does unit testng of this function and also verifies
+  that it is possible to generate distinct short object names for all
+  curl and libcurl *.c source file names.
+  
+  lib/objnames-test.sh is the shell script used for test case 1221.
+  
+  tests/runtests.pl modified to accept shell script test cases.
+  
+  More details inside lib/objnames.inc and lib/objnames-test.sh
+
+- configure.ac: replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS
+  
+  automake 1.13 errors if AM_CONFIG_HEADER is used in configure script.
+  automake 1.13 no longer autoupdates AM_CONFIG_HEADER to
+  AC_CONFIG_HEADERS, thing which automake has been doing since automake
+  version 1.7
+  
+  Given that our first automake supported version is automake 1.7,
+  simply replacing AM_CONFIG_HEADER usage with AC_CONFIG_HEADERS seems
+  enough to yet support same automake versions.
+  
+  Dave Reisner reported issue with 1.13 and provided patch.
+  
+  http://curl.haxx.se/mail/lib-2012-12/0246.html
+
+- curl-override.m4: provide AC_CONFIG_MACRO_DIR definition conditionally
+  
+  Provide a 'traceable' AC_CONFIG_MACRO_DIR definition only when using
+  an autoconf version that does not provide it, instead of what we were
+  doing up to now of providing and overriding AC_CONFIG_MACRO_DIR for
+  all autoconf versions.
+
+Steve Holme (30 Dec 2012)
+- imap.c: Minor follow up tidy up
+
+- imap: Code tidy up prior to adding support for the CAPABILITY command
+  
+  * Changing the order of the state machine to represent the order in
+    which commands are sent to the server.
+  
+  * Reworking the imap_endofresp() function as the FETCH response doesn't
+    include the command id and shouldn't be part of the length comparison
+    that takes into account the id string.
+
+- pop3_doing: Applied debug info message when function fails
+  
+  Applied the same debug message as used in smtp_doing() and imap_doing()
+  when pop3_multi_statemach() fails.
+
+- imap_doing: don't call imap_dophase_done() if already failed
+  
+  Applied the POP3 fix from commit 2897ce7dc2e1 so imap_dophase_done()
+  isn't called if imap_multi_statemach() fails.
+
+- smtp_doing: don't call smtp_dophase_done() if already failed
+  
+  Applied the POP3 fix from commit 2897ce7dc2e1 so smtp_dophase_done()
+  isn't called if smtp_multi_statemach() fails.
+
+Yang Tse (29 Dec 2012)
+- examples/certinfo.c: fix compiler warning
+
+Steve Holme (29 Dec 2012)
+- pop3.c: Removed unnecessary POP3_STOP state changes
+  
+  Removed unnecessary state changes in pop3_state_starttls_resp()
+  following previous fix in IMAP module.
+
+- smtp.c: Added extra comments around SMTP_STOP state change
+  
+  Provided extra comments in the SMTP module following previous IMAP fix.
+
+- imap.c: Fixed bad state error when logging in with invalid credentials
+  
+  Fixed a problem with the state machine when attempting to log in with
+  invalid credentials. The server would report login failure but libcurl
+  would not read the response due to inappropriate IMAP_STOP states being
+  set after the login was sent.
+
+Yang Tse (29 Dec 2012)
+- imap.c: remove trailing whitespace
+
+Steve Holme (28 Dec 2012)
+- imap.c: Code tidy up - Part 2
+
+- imap.c: Code tidy up - Part 1
+  
+  Applied some of the comment and layout changes that had already been
+  applied to the pop3 and smtp code over the last 6 to 9 months.
+  
+  This is in preparation of adding SASL based authentication.
+
+- pop3.c: Minor code tidy up
+  
+  Minor tidy up of comments and layout prior to next part of imap work.
+
+- smtp: Minor code tidy up
+  
+  Minor tidy up of comments and layout prior to next part of imap work.
+
+- curl_imap.h: Tidy up of comments to be more readable
+
+- imap.c: Code tidy up renaming imapsendf() to imap_sendf()
+  
+  Renamed imapsendf() to imap_sendf() to be more in keeping with the
+  other imap functions as well as Curl_pp_sendf() that it replaces.
+
+Yang Tse (28 Dec 2012)
+- build: rename 76 lib/*.h files
+  
+  76 private header files renamed to use our standard naming scheme.
+  
+  This commit only does the file renaming.
+  
+  ----------------------------------------
+  
+    renamed:    amigaos.h -> curl_amigaos.h
+    renamed:    arpa_telnet.h -> curl_arpa_telnet.h
+    renamed:    asyn.h -> curl_asyn.h
+    renamed:    axtls.h -> curl_axtls.h
+    renamed:    bundles.h -> curl_bundles.h
+    renamed:    conncache.h -> curl_conncache.h
+    renamed:    connect.h -> curl_connect.h
+    renamed:    content_encoding.h -> curl_content_encoding.h
+    renamed:    cookie.h -> curl_cookie.h
+    renamed:    cyassl.h -> curl_cyassl.h
+    renamed:    dict.h -> curl_dict.h
+    renamed:    easyif.h -> curl_easyif.h
+    renamed:    escape.h -> curl_escape.h
+    renamed:    file.h -> curl_file.h
+    renamed:    fileinfo.h -> curl_fileinfo.h
+    renamed:    formdata.h -> curl_formdata.h
+    renamed:    ftp.h -> curl_ftp.h
+    renamed:    ftplistparser.h -> curl_ftplistparser.h
+    renamed:    getinfo.h -> curl_getinfo.h
+    renamed:    gopher.h -> curl_gopher.h
+    renamed:    gtls.h -> curl_gtls.h
+    renamed:    hash.h -> curl_hash.h
+    renamed:    hostcheck.h -> curl_hostcheck.h
+    renamed:    hostip.h -> curl_hostip.h
+    renamed:    http.h -> curl_http.h
+    renamed:    http_chunks.h -> curl_http_chunks.h
+    renamed:    http_digest.h -> curl_http_digest.h
+    renamed:    http_negotiate.h -> curl_http_negotiate.h
+    renamed:    http_proxy.h -> curl_http_proxy.h
+    renamed:    if2ip.h -> curl_if2ip.h
+    renamed:    imap.h -> curl_imap.h
+    renamed:    inet_ntop.h -> curl_inet_ntop.h
+    renamed:    inet_pton.h -> curl_inet_pton.h
+    renamed:    krb4.h -> curl_krb4.h
+    renamed:    llist.h -> curl_llist.h
+    renamed:    memdebug.h -> curl_memdebug.h
+    renamed:    multiif.h -> curl_multiif.h
+    renamed:    netrc.h -> curl_netrc.h
+    renamed:    non-ascii.h -> curl_non-ascii.h
+    renamed:    nonblock.h -> curl_nonblock.h
+    renamed:    nssg.h -> curl_nssg.h
+    renamed:    parsedate.h -> curl_parsedate.h
+    renamed:    pingpong.h -> curl_pingpong.h
+    renamed:    polarssl.h -> curl_polarssl.h
+    renamed:    pop3.h -> curl_pop3.h
+    renamed:    progress.h -> curl_progress.h
+    renamed:    qssl.h -> curl_qssl.h
+    renamed:    rawstr.h -> curl_rawstr.h
+    renamed:    rtsp.h -> curl_rtsp.h
+    renamed:    select.h -> curl_select.h
+    renamed:    sendf.h -> curl_sendf.h
+    renamed:    setup.h -> curl_setup.h
+    renamed:    setup_once.h -> curl_setup_once.h
+    renamed:    share.h -> curl_share.h
+    renamed:    slist.h -> curl_slist.h
+    renamed:    smtp.h -> curl_smtp.h
+    renamed:    sockaddr.h -> curl_sockaddr.h
+    renamed:    socks.h -> curl_socks.h
+    renamed:    speedcheck.h -> curl_speedcheck.h
+    renamed:    splay.h -> curl_splay.h
+    renamed:    ssh.h -> curl_ssh.h
+    renamed:    sslgen.h -> curl_sslgen.h
+    renamed:    ssluse.h -> curl_ssluse.h
+    renamed:    strdup.h -> curl_strdup.h
+    renamed:    strequal.h -> curl_strequal.h
+    renamed:    strerror.h -> curl_strerror.h
+    renamed:    strtok.h -> curl_strtok.h
+    renamed:    strtoofft.h -> curl_strtoofft.h
+    renamed:    telnet.h -> curl_telnet.h
+    renamed:    tftp.h -> curl_tftp.h
+    renamed:    timeval.h -> curl_timeval.h
+    renamed:    transfer.h -> curl_transfer.h
+    renamed:    url.h -> curl_url.h
+    renamed:    urldata.h -> curl_urldata.h
+    renamed:    warnless.h -> curl_warnless.h
+    renamed:    wildcard.h -> curl_wildcard.h
+  
+  ----------------------------------------
+
+- build: make use of 76 lib/*.h renamed files
+  
+  76 private header files renamed to use our standard naming scheme.
+  
+  This change affects 322 files in libcurl's source tree.
+
+- lib/*.h: use our standard naming scheme for header inclusion guards
+
+Steve Holme (28 Dec 2012)
+- imsp.c: Fixed usernames and passwords that contain escape characters
+  
+  Fixed a problem with sending usernames and passwords that contain
+  backslash, quotation mark and space characters.
+
+Daniel Stenberg (27 Dec 2012)
+- curl.1: extend the -X, --request description
+
+- RELEASE-NOTES: synced with e3ed2b82e6
+
+- [Nick Zitzmann brought this change]
+
+  darwinssl: Fixed inability to disable peer verification
+  
+  ... on Snow Leopard and Lion
+  
+  Snow Leopard introduced the SSLSetSessionOption() function, but it
+  doesn't disable peer verification as expected on Snow Leopard or
+  Lion (it works as expected in Mountain Lion). So we now use sysctl()
+  to detect whether or not the user is using Snow Leopard or Lion,
+  and if that's the case, then we now use the deprecated
+  SSLSetEnableCertVerify() function instead to disable peer verification.
+
+Yang Tse (26 Dec 2012)
+- curl tool: rename hugehelp files to tool_hugehelp
+
+- curl tool: renaming hugehelp files to tool_hugehelp
+
+- sockfilt.c: commit b44da5a82a follow-up 2
+
+- sockfilt.c: commit b44da5a82a follow-up
+
+- sockfilt.c: fix some compiler warnings
+
+- curl_multi_remove_handle: commit 0aabfd9963 follow-up
+
+Daniel Stenberg (25 Dec 2012)
+- lib556: enable VERBOSE to ease debugging on failures
+
+Marc Hoersken (25 Dec 2012)
+- socklift.c: Quick fix to re-add missing code
+
+- socklift.c: Added select_ws function to support Windows
+  
+  WinSock select() does not support standard file descriptors,
+  it can only check SOCKETs. The following function is an attempt
+  to create a select() function with support for other handles.
+
+Yang Tse (25 Dec 2012)
+- Enable tests 1503, 1504 and 1505
+
+- curl_multi_remove_handle: fix memory leak triggered with CURLOPT_RESOLVE
+
+- Curl_hash_clean: OOM handling fix
+
+- test 1504 and 1505: same as 1502 but with different cleanup sequences
+
+Daniel Stenberg (24 Dec 2012)
+- Curl_conncache_foreach: allow callback to break loop
+  
+  ... and have it take a proper 'struct connectdata *' as first argument
+
+- pop3_doing: don't call pop3_dophase_done() if already failed
+  
+  ... it also clobbered the 'result' return value so that it wouldn't
+  return the error back to the parent function properly, which broke test
+  809 when run with 'multi-always'.
+
+Yang Tse (23 Dec 2012)
+- test 1503: same as 1502 but with a different cleanup sequence
+
+- test 1502: OOM handling fixes
+
+- curl_multi_wait: OOM handling fix
+
+- [Daniel Stenberg brought this change]
+
+  curl_multi_wait: avoid an unnecessary memory allocation
+
+- runtests.pl: prepend $srcdir to HTTPTLS server config files path
+
+- multi.c: OOM handling fix
+
+- lib543.c: OOM handling fixes
+
+- configure: add internal sanity check (warn only) on vars for makefiles
+
+Daniel Stenberg (21 Dec 2012)
+- SCP: relative path didn't work
+  
+  When prefixing a path with /~/ it is supposed to be used relative to the
+  user's home directory but it didn't work. Now we cut off the entire
+  three byte sequenct "/~/" which seems to be how OpenSSH does it.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=1173
+  Reported by: Balaji Parasuram
+
+Yang Tse (21 Dec 2012)
+- configure: LIBMETALINK_CFLAGS actually is LIBMETALINK_CPPFLAGS
+
+- configure: add minimal sanity check on user provided CFLAGS and CPPFLAGS
+
+- bundles connection caching: some out of memory handling fixes
+
+- libntlmconnect.c: fix compiler warnings and OOM handling
+
+- configure.ac: clear local test intended variables before use
+
+- VC6 IDE: link with advapi32.lib when using WIN32 crypto API (md5.c)
+
+- curl-functions.m4: improve gethostname arg 2 data type check
+
+- setup_once.h: HP-UX specific 'bool', 'false' and 'true' definitions.
+  
+  Also reverts commit f254c59dc7
+
+- configure: check if compiler halts on function prototype mismatch
+
+- warnless.c: fix compiler warnings
+
+- curl-functions.m4: add gethostname arg 2 data type check and definition
+
+Daniel Stenberg (14 Dec 2012)
+- [Nick Zitzmann brought this change]
+
+  darwinssl: Fix implicit conversion compiler warnings
+  
+  The Clang compiler found a few implicit conversion problems that have
+  now been fixed.
+
+Yang Tse (14 Dec 2012)
+- setup_once.h: HP-UX <sys/socket.h> issue workaround
+  
+  Issue: When building a 32bit target with large file support HP-UX
+  <sys/socket.h> header file may simultaneously provide two different
+  sets of declarations for sendfile and sendpath functions, one with
+  static and another with external linkage. Given that we do not use
+  mentioned functions we really don't care which linkage is the
+  appropriate one, but on the other hand, the double declaration emmits
+  warnings when using the HP-UX compiler and errors when using modern
+  gcc versions resulting in fatal compilation errors.
+  
+  Mentioned issue is now fixed as long as we don't use sendfile nor
+  sendpath functions.
+
+- setup_once.h: refactor inclusion of <unistd.h> and <sys/socket.h>
+  
+  Inclusion of top two most included header files now done in setup_once.h
+
+- setup_once.h: HP-UX specific TRUE and FALSE definitions
+  
+  Some HP-UX system headers require TRUE defined to 1 and FALSE to 0.
+
+Daniel Stenberg (12 Dec 2012)
+- gopher: #include cleanup
+  
+  Remove all system file includes from this file as they're not needed
+  
+  Reported by: Dan Fandrich
+
+Yang Tse (11 Dec 2012)
+- examples/simplessl.c: fix compiler warning
+
+- examples/externalsocket.c: fix SunPro compilation issue
+
+- examples/simplessl.c: fix compiler warning
+
+- build: add bundles and conncache files to other build systems
+
+- conncache: fix enumerated type mixed with another type
+
+- examples/anyauthput.c: fix Tru64 compilation issue
+
+Daniel Stenberg (8 Dec 2012)
+- [Colin Watson brought this change]
+
+  configure: fix cross pkg-config detection
+  
+  When cross-compiling, CURL_CHECK_PKGCONFIG was checking for the cross
+  pkg-config using ${host}-pkg-config.
+  
+  The gold standard for doing this correctly is pkg-config's own macro,
+  PKG_PROG_PKG_CONFIG.  However, on the assumption that you have a good
+  reason not to use that directly (reduced dependencies for maintainer
+  builds?), the behaviour of cURL's version should at least match.
+  PKG_PROG_PKG_CONFIG uses AC_PATH_TOOL, which ultimately ends up trying
+  ${host_alias}-pkg-config; this is not quite the same as what cURL does,
+  and may differ because ${host} has been run through config.sub.  For
+  instance, when cross-building to the armhf architecture on Ubuntu,
+  ${host_alias} is arm-linux-gnueabihf while ${host} is
+  arm-unknown-linux-gnueabihf.  This may also have been the cause of the
+  problem reported at http://curl.haxx.se/mail/lib-2012-04/0224.html.
+  
+  AC_PATH_TOOL is significantly simpler than cURL's current code, and
+  dates back to well before the current minimum of Autoconf 2.57, so let's
+  use it instead.
+
+- [Linus Nielsen Feltzing brought this change]
+
+  Introducing a new persistent connection caching system using "bundles".
+  
+  A bundle is a list of all persistent connections to the same host.
+  The connection cache consists of a hash of bundles, with the
+  hostname as the key.
+  The benefits may not be obvious, but they are two:
+  
+  1) Faster search for connections to reuse, since the hash
+     lookup only finds connections to the host in question.
+  2) It lays out the groundworks for an upcoming patch,
+     which will introduce multiple HTTP pipelines.
+  
+  This patch also removes the awkward list of "closure handles",
+  which were needed to send QUIT commands to the FTP server
+  when closing a connection.
+  Now we allocate a separate closure handle and use that
+  one to close all connections.
+  
+  This has been tested in a live system for a few weeks, and of
+  course passes the test suite.
+
+- [Fabian Keil brought this change]
+
+  runtests and friends: Do not add undefined values to @INC
+  
+  On FreeBSD this fixes the warning:
+  Use of uninitialized value $p in string eq at /usr/local/lib/perl5/5.14.2/BSDPAN/BSDPAN.pm line 36.
+
+Steve Holme (5 Dec 2012)
+- Merge pull request #52 from isn-/master
+  
+  small compilation fix
+
+Stanislav Ivochkin (5 Dec 2012)
+- build: fix compilation with CURL_DISABLE_CRYPTO_AUTH flag
+
+Yang Tse (5 Dec 2012)
+- libtest: fix some compiler warnings
+
+- examples: fix compilation issues - commit 7332a7cafb follow-up
+
+- examples: fix compilation issues - commit 23f8dca6fb follow-up
+
+- examples: fix compilation issues
+
+- build: explain current role of LIBS in our Makefile.am files
+  
+  BLANK_AT_MAKETIME may be used in our Makefile.am files to blank
+  LIBS variable used in generated makefile at makefile processing
+  time. Doing this functionally prevents LIBS from being used for
+  all link targets in given makefile.
+
+Daniel Stenberg (4 Dec 2012)
+- multi: fix re-sending request on early connection close
+  
+  This handling already works with the easy-interface code. When a request
+  is sent on a re-used connection that gets closed by the server at the
+  same time as the request is sent, the situation may occur so that we can
+  send the request and we discover the broken connection as a RECV_ERROR
+  in the PERFORM state and then the request needs to be retried on a fresh
+  connection. Test 64 broke with 'multi-always-internally'.
+
+Yang Tse (4 Dec 2012)
+- configure: add minimal sanity check on user provided LIBS and LDFLAGS
+
+- build: prevent global LIBS from influencing src and lib build targets
+  
+  Currently, LIBS is already used through other macros.
+
+Kamil Dudka (3 Dec 2012)
+- nss: prevent NSS from crashing on client auth hook failure
+  
+  Although it is not explicitly stated in the documentation, NSS uses
+  *pRetCert and *pRetKey even if the client authentication hook returns
+  a failure.  Namely, if we destroy *pRetCert without clearing *pRetCert
+  afterwards, NSS destroys the certificate once again, which causes a
+  double free.
+  
+  Reported by: Bob Relyea
+
+Yang Tse (30 Nov 2012)
+- testcurl.pl: build example programs for several autobuilds
+  
+  Affected autobuilds: IRIX, AIX, Tru64 and AIX.
+
+- build: prevent global LIBS from influencing examples build targets
+
+- build: prevent global LIBS from influencing libtest build targets
+
+- build: prevent global LIBS from influencing test server build targets
+
+- build: fix Windows build targets damaged since commit 550e403f00
+
+- build: avoid linkage of directly unused libraries
+
+- dd missing NTLM feature for tests 2025, and 2028 to 2032
+
+- avoid mixing of enumerated type with another type
+
+- multi.c: disambiguate precedence of bitwise and relational operation
+
+Daniel Stenberg (26 Nov 2012)
+- [Fabian Keil brought this change]
+
+  Remove stray CRLF in chunk-encoded content-free request bodies
+  
+  .. that are sent when auth-negotiating before a chunked
+  upload or when setting the 'Transfer-Encoding: chunked'
+  header and intentionally sending no content.
+  
+  Adjust test565 and test1333 accordingly.
+
+- FAQ: clarify the 3.4 section
+  
+  You can do custom commands to FTP without sending anything by using the
+  CURLOPT_NOBODY, which -I sets.
+
+- [Lijo Antony brought this change]
+
+  examples: Updated asiohiper.cpp to remove connect from opensocket
+  
+  Blocking connect on the socket has been removed from opensocket
+  callback. opensocket just opens a new socket and gives it back to
+  libcurl and libcurl will take care of the connect. sockopt_callback has
+  also been removed, as it is no longer required.
+
+Yang Tse (23 Nov 2012)
+- build: fix AIX compilation and usage
+  
+  AIX sys/poll.h header file defines 'events' and 'revents' as C
+  preprocessor macros. Usage of these literals in libcurl's external
+  API was introduced in commit de24d7bd4c causing AIX build failures.
+  Appropriate inclusion of sys/poll.h by libcurl's external interface
+  fixes AIX build and usage issues while avoiding a SONAME bump.
+
+Steve Holme (23 Nov 2012)
+- DOCS: Updated CURLOPT_CONNECT_ONLY to reflect usage in other protocols
+
+Daniel Stenberg (23 Nov 2012)
+- test: offer "automake" output and check for perl better
+  
+  runtests.pl -am now uses the "PASS/FAIL: [desc]" output for each
+  executed test. You can run 'make test-am' in the root build directory to
+  invoke that. The reason for this output style is to better allow generic
+  test suite parsers to also grok our test output.
+  
+  The test Makefile now also tests that perl was indeed found and that the
+  PERL variable points to an executable before it tries to run the main
+  test perl script runtests.pl,
+
+- [Fabian Keil brought this change]
+
+  Test 206: Use a Content-Length header for the 407 response
+  
+  Otherwise curl would have to guess where the body ends.
+
+- [Fabian Keil brought this change]
+
+  Test 206: Don't respond to a succesful CONNECT request with a body
+  
+  It's against the spec and caused test failures when header
+  and response were read from the network separately in which
+  case bug #39 wasn't triggered.
+
+- htmltitle: use .cpp extension for C++ examples
+
+- [Lijo Antony brought this change]
+
+  examples: Added a c++ example of using multi with boost::asio
+  
+  Added an example for demonstrating the usage of curl multi interface
+  with boost::asio in c++
+
+- VC Makefiles: add missing hostcheck
+  
+  the newly introduced hostcheck.h/c is missing in the Visual Studio
+  Makefiles as obj file.
+  
+  Bug: http://curl.haxx.se/mail/lib-2012-11/0176.html
+
+- compiler warning fixes
+  
+  The conversions from ssize_t to int need to be typecasted.
+
+- bump: start working on 7.28.2
+
+- THANKS: added 14 contributors from the 7.28.1 release
+
+Version 7.28.1 (20 Nov 2012)
+
+Daniel Stenberg (20 Nov 2012)
+- RELEASE-NOTES: synced with 52af6e69f079 / 7.28.1
+
+Kamil Dudka (20 Nov 2012)
+- [Anthony Bryan brought this change]
+
+  RELEASE-NOTES: NSS can be used for metalink hashing
+
+- [Fabian Keil brought this change]
+
+  Get test 2032 working when using valgrind
+  
+  If curl_multi_fdset() sets maxfd to -1, the socket detection
+  loop is skipped and thus !found_new_socket is no cause for alarm.
+
+- test2032: spurious failure caused by premature termination
+  
+  Bug: http://curl.haxx.se/mail/lib-2012-11/0095.html
+
+Daniel Stenberg (19 Nov 2012)
+- [Fabian Keil brought this change]
+
+  Fix comment typos in test 517
+
+- [Fabian Keil brought this change]
+
+  Test 92 and 194: normalize spaces in the Server headers
+  
+  It makes no difference from curl's point of view but
+  makes it more convenient to use the tests with a
+  lws-normalizing proxy between curl and the test server.
+
+- [Fabian Keil brought this change]
+
+  Add a HOSTIP precheck for tests 31 and 1105
+  
+  They currently only work for 127.0.0.1 which
+  is hardcoded and can't be easily changed.
+
+- [Fabian Keil brought this change]
+
+  Let test 8 work as long as %HOSTIP ends with ".0.0.1"
+  
+  .. and add a precheck to skip the test otherwise.
+
+- [Fabian Keil brought this change]
+
+  Add --resolve to the keywords and name of test 1318
+  
+  This makes it easier to skip it automatically when
+  the test suite is used with external proxies.
+
+- [Fabian Keil brought this change]
+
+  Add FTP keywords for a couple of currently keyword-less FTP tests
+
+- [Fabian Keil brought this change]
+
+  Add keywords for a couple of currently keyword-less HTTP tests
+
+- [Fabian Keil brought this change]
+
+  Use carriage returns in all headers in test 31
+  
+  Trailing spaces were left unmodifed, assuming they were intentional.
+
+- [Fabian Keil brought this change]
+
+  Do not mix CRLF and LF header endings in a couple of HTTP tests
+  
+  Consistently use CRLF instead. The mixed endings weren't
+  documented so I assume they were unintentional.
+  
+  This change doesn't matter for curl itself but makes using
+  the tests with a proxy between curl and the test server
+  more convenient.
+  
+  Tests that consistently use no carriage returns were
+  left unmodified as one can easily work around this.
+
+- fixed memory leak: CURLOPT_RESOLVE with multi interface
+  
+  DNS cache entries populated with CURLOPT_RESOLVE were not properly freed
+  again when done using the multi interface.
+  
+  Test case 1502 added to verify.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3575448
+  Reported by: Alex Gruz
+
+- RELEASE-NOTES: synced with ee588fe08807778
+  
+  4 more bug fixes and 4 more contributors
+
+- mem-include-scan: verify memory #includes
+  
+  If we use memory functions (malloc, free, strdup etc) in C sources in
+  libcurl and we fail to include curl_memory.h or memdebug.h we either
+  fail to properly support user-provided memory callbacks or the memory
+  leak system of the test suite fails.
+  
+  After Ajit's report of a failure in the first category in http_proxy.c,
+  I spotted a few in the second category as well. These problems are now
+  tested for by test 1132 which runs a perl program that scans for and
+  attempts to check that we use the correct include files if a memory
+  related function is used in the source code.
+  
+  Reported by: Ajit Dhumale
+  Bug: http://curl.haxx.se/mail/lib-2012-11/0125.html
+
+- tftp_rx: code style cleanup
+  
+  Fixed checksrc warnings
+
+- [Fabian Keil brought this change]
+
+  Fix the libauthretry changes from 7c0cbcf2f61
+  
+  They broke the NTLM tests from 2023 to 2031.
+
+- [Christian Vogt brought this change]
+
+  tftp_rx: handle resends
+  
+  Re-send ACK for block X in case we receive block X data again while
+  waiting for block X+1.
+  
+  Based on an earlier patch by Marcin Adamski.
+
+- autoconf: don't force-disable compiler debug option
+  
+  When nothing is told to configure, we should not enforce switching off
+  debug options with -g0 (or similar). We instead don't use -g at all in
+  that situaion and therefore allow the user's CFLAGS settings possibly
+  dictate what to do.
+
+- [Mark Snelling brought this change]
+
+  winbuild: Fix PDB file output
+  
+  And fix some newlines to be proper CRLF
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3586741
+
+- RELEASE-NOTES: synced with fa1ae0abcde
+
+- [Cristian Rodríguez brought this change]
+
+  OpenSSL: Disable SSL/TLS compression
+  
+  It either causes increased memory usage or exposes users
+  to the "CRIME attack" (CVE-2012-4929)
+
+- [Sebastian Rasmussen brought this change]
+
+  FILE: Make upload-writes unbuffered by not using FILE streams
+
+Kamil Dudka (13 Nov 2012)
+- tool_metalink: fix error detection of hash alg initialization
+  
+  The {MD5,SHA1,SHA256}_Init functions from OpenSSL are called directly
+  without any wrappers and they return 1 for success, 0 otherwise.  Hence,
+  we have to use the same approach in all the wrapper functions that are
+  used for the other crypto libraries.
+  
+  This commit fixes a regression introduced in commit dca8ae5f.
+
+Daniel Stenberg (13 Nov 2012)
+- RELEASE-NOTES: synced with 7c0cbcf2f617b
+
+- [Sergei Nikulov brought this change]
+
+  fixed Visual Studio 2010 compilation
+
+- [Anton Malov brought this change]
+
+  ftp: EPSV-disable fix over SOCKS
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3586338
+
+Patrick Monnerat (12 Nov 2012)
+- Merge branch 'master' of github.com:bagder/curl
+
+- OS400: upgrade wrappers for the 7.28.1 release.
+
+Daniel Stenberg (12 Nov 2012)
+- runtests: limit execessive logging/output
+
+- [Gabriel Sjoberg brought this change]
+
+  Digst: Add microseconds into nounce calculation
+  
+  When using only 1 second precision, curl doesn't create new cnonce
+  values quickly enough for all uses.
+  
+  For example, issuing the following command multiple times to a recent
+  Tomcat causes authentication failures:
+  
+  curl --digest -utest:test http://tomcat.test.com:8080/manager/list
+  
+  This is because curl uses the same cnonce for several seconds, but
+  doesn't increment the nonce counter.  Tomcat correctly interprets
+  this as a replay attack and rejects the request.
+  
+  When microsecond-precision is available, this commit causes curl to
+  change cnonce values much more frequently.
+  
+  With microsecond resolution, increasing the nounce length used in the
+  headers to 32 was made to further reduce the risk of duplication.
+
+- SCP/SFTP: improve error code used for send failures
+  
+  Instead of relying on the generic CURLE error for SCP or SFTP send
+  failures, try passing back a more suitable error if possible.
+
+- Curl_write: remove unneeded typecast
+
+Kamil Dudka (9 Nov 2012)
+- tool_metalink: allow to use hash algorithms provided by NSS
+  
+  Fixes bug #3578163:
+  http://sourceforge.net/tracker/?func=detail&atid=100976&aid=3578163&group_id=976
+
+- tool_metalink: allow to handle failure of hash alg initialization
+
+- tool_metalink: introduce metalink_cleanup() in the internal API
+  
+  ... to release resources allocated at global scope
+
+Daniel Stenberg (8 Nov 2012)
+- hostcheck: only build for the actual users
+  
+  and make local function static
+
+- [Oscar Koeroo brought this change]
+
+  SSL: Several SSL-backend related fixes
+  
+  axTLS:
+  
+  This will make the axTLS backend perform the RFC2818 checks, honoring
+  the VERIFYHOST setting similar to the OpenSSL backend.
+  
+  Generic for OpenSSL and axTLS:
+  
+  Move the hostcheck and cert_hostcheck functions from the lib/ssluse.c
+  files to make them genericly available for both the OpenSSL, axTLS and
+  other SSL backends. They are now in the new lib/hostcheck.c file.
+  
+  CyaSSL:
+  
+  CyaSSL now also has the RFC2818 checks enabled by default. There is a
+  limitation that the verifyhost can not be enabled exclusively on the
+  Subject CN field comparison. This SSL backend will thus behave like the
+  NSS and the GnuTLS (meaning: RFC2818 ok, or bust). In other words:
+  setting verifyhost to 0 or 1 will disable the Subject Alt Names checks
+  too.
+  
+  Schannel:
+  
+  Updated the schannel information messages: Split the IP address usage
+  message from the verifyhost setting and changed the message about
+  disabling SNI (Server Name Indication, used in HTTP virtual hosting)
+  into a message stating that the Subject Alternative Names checks are
+  being disabled when verifyhost is set to 0 or 1. As a side effect of
+  switching off the RFC2818 related servername checks with
+  SCH_CRED_NO_SERVERNAME_CHECK
+  (http://msdn.microsoft.com/en-us/library/aa923430.aspx) the SNI feature
+  is being disabled. This effect is not documented in MSDN, but Wireshark
+  output clearly shows the effect (details on the libcurl maillist).
+  
+  PolarSSL:
+  
+  Fix the prototype change in PolarSSL of ssl_set_session() and the move
+  of the peer_cert from the ssl_context to the ssl_session. Found this
+  change in the PolarSSL SVN between r1316 and r1317 where the
+  POLARSSL_VERSION_NUMBER was at 0x01010100. But to accommodate the Ubuntu
+  PolarSSL version 1.1.4 the check is to discriminate between lower then
+  PolarSSL version 1.2.0 and 1.2.0 and higher. Note: The PolarSSL SVN
+  trunk jumped from version 1.1.1 to 1.2.0.
+  
+  Generic:
+  
+  All the SSL backends are fixed and checked to work with the
+  ssl.verifyhost as a boolean, which is an internal API change.
+
+- libcurl: VERSIONINFO update
+  
+  Since we added the curl_multi_wait function, the VERSIONINFO needed
+  updating.
+  
+  Reported by: Patrick Monnerat
+
+Guenter Knauf (8 Nov 2012)
+- Added .def file to output.
+  
+  Requested by Johnny Luong on the libcurl list.
+
+- Added deps for static metalink-aware MinGW builds.
+
+Daniel Stenberg (8 Nov 2012)
+- [Fabian Keil brought this change]
+
+  Fix compilation of lib1501
+
+- Curl_readwrite: remove debug output
+  
+  The text "additional stuff not fine" text was added for debug purposes a
+  while ago, but it isn't really helping anyone and for some reason some
+  Linux distributions provide their libcurls built with debug info still
+  present and thus (far too many) users get to read this info.
+
+- RELEASE-NOTES: synced with 487538e87a3d5e
+  
+  6 new bugfixes and 3 more contributors...
+
+- http_perhapsrewind: consider NTLM over proxy too
+  
+  The logic previously checked for a started NTLM negotiation only for
+  host and not also with proxy, leading to problems doing POSTs over a
+  proxy NTLM that are larger than 2000 bytes. Now it includes proxy in the
+  check.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3582321
+  Reported by: John Suprock
+
+- [Lars Buitinck brought this change]
+
+  Curl_connecthost: friendlier "couldn't connect" message
+
+- test1413: verify redirects to URLs with fragments
+  
+  The bug report claimed it didn't work. This problem was probably fixed
+  in 473003fbdf.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3581898
+
+- URL parser: cut off '#' fragments from URLs (better)
+  
+  The existing logic only cut off the fragment from the separate 'path'
+  buffer which is used when sending HTTP to hosts. The buffer that held
+  the full URL used for proxies were not dealt with. It is now.
+  
+  Test case 5 was updated to use a fragment on a URL over a proxy.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3579813
+
+- OpenSSL/servercert: use correct buffer size, not size of pointer
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3579286
+
+- curl: set CURLOPT_SSL_VERIFYHOST to 0 to disable
+
+- test 2027/2030: take duplicate Digest requests into account
+  
+  With the reversion of ce8311c7e49eca and the new clear logic, this flaw
+  is present and we allow it.
+
+- Curl_pretransfer: clear out unwanted auth methods
+  
+  As a handle can be re-used after having done HTTP auth in a previous
+  request, it must make sure to clear out the HTTP types that aren't
+  wanted in this new request.
+
+- test1412: verify Digest with repeated URLs
+  
+  This test case verifies that bug 3582718 is fixed.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3582718
+  Reported by: Nick Zitzmann (originally)
+
+- Revert "Zero out auth structs before transfer"
+  
+  This reverts commit ce8311c7e49eca93c136b58efa6763853541ec97.
+  
+  The commit made test 2024 work but caused a regression with repeated
+  Digest authentication. We need to fix this differently.
+
+- CURLOPT_SSL_VERIFYHOST: stop supporting the 1 value
+  
+  After a research team wrote a document[1] that found several live source
+  codes out there in the wild that misused the CURLOPT_SSL_VERIFYHOST
+  option thinking it was a boolean, this change now bans 1 as a value and
+  will make libcurl return error for it.
+  
+  1 was never a sensible value to use in production but was introduced
+  back in the days to help debugging. It was always documented clearly
+  this way.
+  
+  1 was never supported by all SSL backends in libcurl, so this cleanup
+  makes the treatment of it unified.
+  
+  The report's list of mistakes for this option were all PHP code and
+  while there's a binding layer between libcurl and PHP, the PHP team has
+  decided that they have an as thin layer as possible on top of libcurl so
+  they will not alter or specifically filter a 'TRUE' value for this
+  particular option. I sympathize with that position.
+  
+  [1] = http://daniel.haxx.se/blog/2012/10/25/libcurl-claimed-to-be-dangerous/
+
+- gnutls: fix compiler warnings
+
+- [Alessandro Ghedini brought this change]
+
+  gnutls: print alerts during handshake
+
+- [Alessandro Ghedini brought this change]
+
+  gnutls: fix the error_is_fatal logic
+
+- RELEASE-NOTES: synced with fa6d78829fd30ad
+
+- httpcustomheader.c: free the headers after use
+
+- [Dave Reisner brought this change]
+
+  uniformly use AM_CPPFLAGS, avoid deprecated INCLUDES
+  
+  Since automake 1.12.4, the warnings are issued on running automake:
+  
+    warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
+  
+  Avoid INCLUDES and roll these flags into AM_CPPFLAGS.
+  
+  Compile tested on:
+    Ubuntu 10.04 (automake 1:1.11.1-1)
+    Ubuntu 12.04 (automake 1:1.11.3-1ubuntu2)
+    Arch Linux (automake 1.12.4)
+
+- libauthretry.c: shorten lines to fit within 80 cols
+
+- ftp_readresp: fix build without krb4 support
+  
+  Oops, my previous commit broke builds with krb support.
+
+- test/README: mention the 1500 test number range
+
+- FTP: prevent the multi interface from blocking
+  
+  As pointed out in Bug report #3579064, curl_multi_perform() would
+  wrongly use a blocking mechanism internally for some commands which
+  could lead to for example a very long block if the LIST response never
+  showed.
+  
+  The solution was to make sure to properly continue to use the multi
+  interface non-blocking state machine.
+  
+  The new test 1501 verifies the fix.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3579064
+  Reported by: Guido Berhoerster
+
+Marc Hoersken (1 Nov 2012)
+- winbuild: Use machine type of development environment
+  
+  This patch restores the original behavior instead of always
+  falling back to x86 if no MACHINE-type was specified.
+
+- winbuild: Additional clean up
+
+- [Sapien2 brought this change]
+
+  Even more winbuild refactoring
+
+- [Sapien2 brought this change]
+
+  Minor winbuild refactoring
+
+- [Sapien2 brought this change]
+
+  Architecture selection for winbuild and minor makefiles refactoring
+
+Daniel Stenberg (1 Nov 2012)
+- BUGS: fix the bug tracker URL
+  
+  The URL we used before is the one that goes directly to 'add' a bug
+  report, but since you can only do that after first having logged in to
+  sourceforge, the link often doesn't work for visitors.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3582408
+  Reported by: Oscar Norlander
+
+- evhiperfifo: fix the pointer passed to WRITEDATA
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3582407
+  Reported by: Oscar Norlander
+
+Guenter Knauf (1 Nov 2012)
+- Fixed MSVC libssh2 static build.
+  
+  Since libssh2 supports now agent stuff it also depends on user32.lib.
+  Posted to the list by Jan Ehrhardt.
+
+Daniel Stenberg (23 Oct 2012)
+- tlsauthtype: deal with the string case insensitively
+  
+  When given a string as 'srp' it didn't work, but required 'SRP'.
+  Starting now, the check disregards casing.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3578418
+  Reported by: Jeff Connelly
+
+- asyn-ares: restore working with c-ares < 1.6.1
+  
+  Back in those days the public ares.h header didn't include the
+  ares_version.h header so it needs to be included here.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3577710
+
+- [Nick Zitzmann brought this change]
+
+  metalink/md5: Use CommonCrypto on Apple operating systems
+  
+  Previously the Metalink code used Apple's CommonCrypto library only if
+  curl was built using the --with-darwinssl option. Now we use CommonCrypto
+  on all Apple operating systems including Tiger or later, or iOS 5 or
+  later, so you don't need to build --with-darwinssl anymore. Also rolled
+  out this change to libcurl's md5 code.
+
+- href_extractor.c: fix the URL
+
+- [Michał Kowalczyk brought this change]
+
+  href_extractor: example code extracting href elements
+  
+  It does so in a streaming manner using the "Streaming HTML parser".
+
+- [Nick Zitzmann brought this change]
+
+  darwinssl: un-broke iOS build, fix error on server disconnect
+  
+  The iOS build was broken by a reference to a function that only existed
+  under OS X; fixed. Also fixed a hard-to-reproduce problem where, if the
+  server disconnected before libcurl got the chance to hang up first and
+  SecureTransport was in use, then we'd raise an error instead of failing
+  gracefully.
+
+- [Alessandro Ghedini brought this change]
+
+  gnutls: put reset code into else block
+  
+  Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690551
+
+Guenter Knauf (13 Oct 2012)
+- Fix now broken libmetalink-aware OpenSSL build.
+
+- Revert c44e674; add OpenSSL includes/defines.
+  
+  The makefile is designed to build against a libmetalink devel package;
+  therefore is does not matter what will change inside libmetalink.
+  Add OpenSSL includes and defines for libmetalink-aware OpenSSL builds.
+
+Daniel Stenberg (10 Oct 2012)
+- version-bump: towards 7.28.1!
+
+- THANKS: 14 new contributors from 7.28.0
+
+Version 7.28.0 (10 Oct 2012)
+
+Daniel Stenberg (10 Oct 2012)
+- RELEASE-NOTES: synced with 8373ca3641
+  
+  One bug, one contributor. Getting ready for release.
+
+- curl_multi_wait: no wait if no descriptors to wait for
+  
+  This is a minor change in behavior after having been pointed out by Mark
+  Tully and discussed on the list. Initially this case would internally
+  call poll() with no sockets and a timeout which would equal a sleep for
+  that specified time.
+  
+  Bug: http://curl.haxx.se/mail/lib-2012-10/0076.html
+  Reported by: Mark Tully
+
+- TODO-RELEASE: cleanup for 7.28.0
+  
+  one issue is now KNOWN_BUG #79
+  
+  the other we just skip since nobody is working on it or is planning to
+  start working on it anytime soon
+
+- curl_multi_wait.3: style formatting mistake
+
+Marc Hoersken (8 Oct 2012)
+- ssluse.c: md5.h is required for Curl_ossl_md5sum
+
+Daniel Stenberg (8 Oct 2012)
+- curl_multi_wait.3: fix the name of the man page
+
+- curl_multi_wait.3: renamed the last argument variable for clarity
+
+Marc Hoersken (6 Oct 2012)
+- curl_schannel.c: Fixed caching more data than required
+  
+  Do not fill the decrypted data buffer with more data unless
+  required in order to return the requested amount of data.
+
+- curl_schannel: Removed buffer limit and optimized buffer strategy
+  
+  Since there are servers that seem to return very big encrypted
+  data packages, we need to be able to handle those without having
+  an internal size limit. To avoid the buffer growing to fast to
+  early the initial size was decreased and the minimum free space
+  in the buffer was decreased as well.
+
+- lib/socks.c: Merged two size variables into one
+
+- lib/socks.c: Avoid type conversions where possible
+  
+  Streamlined variable names and types to avoid type conversions that
+  may result in data being lost on non 32-bit systems.
+
+- lib/curl_schannel.c: Hide size_t conversion warning
+
+- krb5/curl_rtmp.c: Hide size_t to int type conversion warning
+
+- security.c: Aligned internal type to return type
+  
+  Use ssize_t instead of int to avoid conversion problems on 64-bit
+  systems. Also added curlx_sztosi where necessary.
+
+- lib/curl_schannel: Increased maximum buffer size to factor 128
+
+- winbuild/MakefileBuild.vc: Follow up on 0c8ccf7
+
+Daniel Stenberg (2 Oct 2012)
+- RELEASE-NOTES: synced with 971f5bcedd418
+  
+  9 new bug fixes, 5 changes, 6 more contributors
+
+- multi_runsingle: CURLOPT_LOW_SPEED_* fix for rate limitation
+  
+  During the periods of rate limitation, the speedcheck function wasn't
+  called and thus the values weren't updated accordingly and it would then
+  easily trigger wrongly once data got transferred again.
+  
+  Also, the progress callback's return code was not acknowledged in this
+  state so it could make an "abort" return code to get ignored and not
+  have the documented effect of aborting an ongoing transfer.
+  
+  Bug: http://curl.haxx.se/mail/lib-2012-09/0081.html
+  Reported by: Jie He
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  tool_metalink.c: Filtered resource URLs by type
+  
+  In Metalink v3, the type attribute of url element indicates the
+  type of the resource the URL points to. It can include URL to the
+  meta data, such as BitTorrent metainfo file.  In Curl, we are not
+  interested in these meta data URLs. Instead, we are only
+  interested in the HTTP and FTP URLs. This change filters out
+  non-HTTP and FTP URLs. If we don't filter out them, it will be
+  downloaded by curl and hash check will fail if hash is provided
+  and next URL will be tried. This change will cut this useless
+  network transfer.
+
+Kamil Dudka (1 Oct 2012)
+- https.c example: remember to call curl_global_init()
+  
+  ... in order not to leak memory on initializing an SSL library.
+  
+  Reported by: Tomas Mlcoch
+
+Daniel Stenberg (28 Sep 2012)
+- FAQ: remove the date from the topmost line
+
+- FAQ: 5.16 I want a different time-out!
+
+- Curl_reconnect_request: clear pointer on failure
+  
+  The Curl_reconnect_request() function could end up returning a pointer
+  to a free()d struct when Curl_done() failed inside. Clearing the pointer
+  unconditionally after Curl_done() avoids this risk.
+  
+  Reported by: Ho-chi Chen
+  Bug: http://curl.haxx.se/mail/lib-2012-09/0188.html
+
+- CURLOPT_CONNECTTIMEOUT: works without signals or posix too!
+
+Marc Hoersken (24 Sep 2012)
+- Makefile.vc6: Follow up on 0c8ccf7
+
+- Makefile.vc6: Added missing default library advapi32.lib
+
+Daniel Stenberg (19 Sep 2012)
+- HTTP_ONLY: disable more protocols
+
+- test2006: Updated expected output to include hash name
+  
+  Output changed in commit a34197ef77cb
+
+- [Sergei Nikulov brought this change]
+
+  cmake: use standard findxxx modules for cmake v2.8+
+
+- [Sergei Nikulov brought this change]
+
+  setup.h: fixed for MS VC10 build
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3568327
+
+- TODO-RELEASE: push new features to 7.29
+  
+  Leave two bug fixes as possibly fixed for 7.28 but as nobody seems to be
+  working on them I have little hope...
+
+Marc Hoersken (17 Sep 2012)
+- metalink tests: Updated expected output to include hash name
+
+Daniel Stenberg (16 Sep 2012)
+- [Sara Golemon brought this change]
+
+  curl_multi_wait: Add parameter to return number of active sockets
+  
+  Minor change to recently introduced function.  BC breaking, but since
+  curl_multi_wait() doesn't exist in any releases that should be fine.
+
+Marc Hoersken (14 Sep 2012)
+- socks.c: Fixed warning: conversion to 'int' from 'long unsigned int'
+
+- http_negotiate.c: Fxied warning: unused variable 'rc'
+
+- ssh.c: Fixed warning: implicit conversion from enumeration type
+
+- socks.c: Check that IPv6 is enabled before using it's features
+
+- checksrc: Fixed line length and comment indentation
+
+- socks.c: Updated error messages to handle hostname and IPv6
+
+- socks.c: Added support for IPv6 connections through SOCKSv5 proxy
+
+Daniel Stenberg (13 Sep 2012)
+- parse_proxy: treat "socks://x" as a socks4 proxy
+  
+  Selected socks proxy in Google's Chrome browser. Resulting in the
+  following environment variables:
+  
+  NO_PROXY=localhost,127.0.0.0/8
+  ALL_PROXY=socks://localhost:1080/
+  all_proxy=socks://localhost:1080/
+  no_proxy=localhost,127.0.0.0/8
+  
+  ... and libcurl didn't treat 'socks://' as socks but instead picked HTTP
+  proxy.
+  
+  Reported by: Scott Bailey
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3566860
+
+Kamil Dudka (12 Sep 2012)
+- ssh: do not crash if MD5 fingerprint is not provided by libssh2
+  
+  The MD5 fingerprint cannot be computed when running in FIPS mode.
+
+- ssh: move the fingerprint checking code to a separate fnc
+
+Marc Hoersken (12 Sep 2012)
+- tool_metalink.c: Added name of validation hash to messages
+  
+  This makes it easier to debug broken hashes or hash functions.
+
+- wincrypt: Fixed cross-compilation issues caused by include name
+  
+  For some reason WinCrypt.h is named wincrypt.h under MinGW.
+
+- md5.c: Added support for Microsoft Windows CryptoAPI
+
+- Makefile.m32: Updated to build against libmetalink 0.1.2
+  
+  The include and library path were moved within libmetalink, this
+  patch adjusts the defaults provided within the curl MinGW makefile.
+
+- tool_metalink.c: Added support for Microsoft Windows CryptoAPI
+  
+  Since Metalink support requires a crypto library for hash functions
+  and Windows comes with the builtin CryptoAPI, this patch adds that
+  API as a fallback to the supported crypto libraries.
+  It is automatically used on Windows if no other library is provided.
+
+- libntlmconnect.c: Fixed typo and conversion
+
+- libntlmconnect.c: Fixed warning: curl_easy_getinfo expects long pointer
+  
+  Fixed tests/libtest/libntlmconnect.c:52: warning: call to
+  '_curl_easy_getinfo_err_long' declared with attribute warning:
+  curl_easy_getinfo expects a pointer to long for this info
+
+- sws.c: Fixed warning: 'err' may be used uninitialized in this function
+
+- libntlmconnect.c: Fixed warning: comparison of signed/unsigned integer
+  
+  Windows does not use -1 to represent invalid sockets and the
+  SOCKET type is unsigned.
+
+- nss.c: Fixed warning: 'err' may be used uninitialized in this function
+
+- tool_metalink.c: Fixed error: 'O_BINARY' undeclared
+  
+  Check for O_BINARY which is not available on every system.
+
+- tool_metalink.c: Fixed validation of binary files containing EOF
+  
+  Since Windows/MinGW threat 0x1A as the EOF character, reading binary
+  files which contain that byte does not work using text mode.
+  The read function will only read until the first 0x1A byte. This
+  means that the hash is not computed from the whole file and the
+  final validation check using hash comparision fails.
+
+- winbuild: Added support for building with SPNEGO enabled
+  
+  Since Simple and Protected GSSAPI Negotiation Mechanism
+  is already implemented in curl and supported by the MinGW
+  builds, this change adds build support to winbuild makefiles.
+
+- winbuild: Adjusted order of options to generated config name
+  
+  Cleaned up order of handled build options by ordering them
+  nearly alphabetically by using the order of the generated
+  config name. Preparation for future/more build options.
+
+Daniel Stenberg (9 Sep 2012)
+- [Anthony Bryan brought this change]
+
+  MANUAL: clarified user+password in HTTP URLs
+
+- RELEASE-NOTES: synced with 6c6f1f64c2
+  
+  6 bug fixes to mention, 5 contributors
+
+- TODO-RELEASE: CURLSSH_AUTH_AGENT and curl_multi_wait() are done
+  
+  -321 - CURLSSH_AUTH_AGENT patch by Armel Asselin
+  
+  -324 - curl_multi_select() vs curl_multi_fdvec() etc
+
+Marc Hoersken (9 Sep 2012)
+- curl_schannel.c: Reference count the credential/session handle
+  
+  Reference counting the credential handle should avoid that such a
+  handle is freed while it is still required for connection shutdown
+
+Daniel Stenberg (8 Sep 2012)
+- [Nick Zitzmann brought this change]
+
+  darwinssl: fixed for older Mac OS X versions
+  
+  SSL didn't work on older cats if built on a newer cat with weak-linking
+  turned on to support the older cat
+
+- [David Blaikie brought this change]
+
+  tool_easysrc.c: Test pointers against NULL
+  
+  While validating a new Clang diagnostic (-Wnon-literal-null-conversion -
+  yes, the name isn't quite correct in this case, but it suffices) I found
+  a few violations of it in Curl.
+
+- SOCKS: truly disable it if CURL_DISABLE_PROXY is defined
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3561305
+  
+  Patch by: Marcel Raad
+
+- mk-ca-bundle: detect start of trust section better
+  
+  Each certificate section of the input certdata.txt file has a trust
+  section following it with details.
+  
+  This script failed to detect the start of the trust for at least one
+  cert[*], which made the script continue pass that section into the next
+  one where it found an 'untrusted' marker and as a result that certficate
+  was not included in the output.
+  
+  [*] = "Hellenic Academic and Research Institutions RootCA 2011"
+  
+  Bug: http://curl.haxx.se/mail/lib-2012-09/0019.html
+
+- [Alessandro Ghedini brought this change]
+
+  gnutls: do not fail on non-fatal handshake errors
+  
+  Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685402
+
+- FILEFORMAT: the FTP commands work for more protocols
+
+- test1411: verify SMTP without SIZE support
+
+- [František Kučera brought this change]
+
+  SMTP: only send SIZE if supported
+  
+  SMTP client will send SIZE parameter in MAIL FROM command only if server
+  supports it. Without this patch server might say "504 Command parameter
+  not implemented" and reject the message.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3564114
+
+- ftpserver: respond with a 250 to SMTP EHLO
+  
+  ... and specify that SIZE is supported. 250 is the "correct" response
+  code according to RFC 2821
+
+- RELEASE-NOTES: synced with abb0da919300e
+
+Dan Fandrich (3 Sep 2012)
+- Updated Symbian build files
+  
+  This is untested, but at least Symbian still has a chance of
+  still working now.
+
+- Updated build docs w.r.t. Android and binary sizes
+
+Daniel Stenberg (1 Sep 2012)
+- symbols-in-versions: new CURL_WAIT_* symbols
+
+- [Sara Golemon brought this change]
+
+  Unit test for curl_multi_wait()
+
+- [Sara Golemon brought this change]
+
+  Manpage for curl_multi_wait().
+
+- [Sara Golemon brought this change]
+
+  multi: add curl_multi_wait()
+  
+  /*
+   * Name:     curl_multi_wait()
+   *
+   * Desc:     Poll on all fds within a CURLM set as well as any
+   *           additional fds passed to the function.
+   *
+   * Returns:  CURLMcode type, general multi error code.
+   */
+  CURL_EXTERN CURLMcode curl_multi_wait(CURLM *multi_handle,
+                                        struct curl_waitfd extra_fds[],
+                                        unsigned int extra_nfds,
+                                        int timeout_ms);
+
+- [Nick Zitzmann brought this change]
+
+  darwinssl: Bugfix for previous commit for older cats
+  
+  I accidentally broke functionality for versions of OS X prior to Mountain
+  Lion in the previous commit. This commit fixes the problems.
+
+- [Joe Mason brought this change]
+
+  Use MAX_EASY_HANDLES instead of hardcoding the number of handles twice
+
+- test2032: bail out after last transfer
+  
+  The test would hang and get aborted with a "ABORTING TEST, since it
+  seems that it would have run forever." until I prevented that from
+  happening.
+  
+  I also fixed the data file which got broken CRLF line endings when I
+  sucked down the path from Joe's repo == my fault.
+  
+  Removed #37 from KNOWN_BUGS as this fix and test case verifies exactly
+  this.
+
+- [Joe Mason brought this change]
+
+  NTLM: re-use existing connection better
+  
+  If we need an NTLM connection and one already exists, always choose that
+  one.
+
+- [Joe Mason brought this change]
+
+  NTLM: verify multiple connections work
+  
+  Add test2032 to test that NTLM does not switch connections in the middle
+  of the handshake
+
+- curl.1: list the -w variables sorted alphabetically
+
+- libcurl-share.3: remove wrong info of what can be shared
+  
+  "Currently you can only share DNS and/or COOKIE data" is incorrect since
+  also SSL sessions can be shared.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3562261
+  Reported by: Joe Mason
+
+- [Dave Reisner brought this change]
+
+  examples: use do/while loop for multi examples
+  
+  It's conceivable that after the first time curl_multi_perform returns,
+  the outvalue still_running will be 0, but work will have been done. This
+  is shown by a workload of small, purely file:// based URLs. Ensure that
+  we always read pending messages off the multi handle by forcing the
+  while loop to run at least once.
+
+- curl.h: fix comment to refer to current names
+  
+  CURLOPT_USE_SSL should be set to CURLUSESSL_* and nothing else in modern
+  libcurl versions.
+
+- ftpsget: simple example showing a FTPS fetch
+
+- sftpget: SFTP is not "SSH FTP"
+
+- [Armel Asselin brought this change]
+
+  sftpget: example showing a simple SFTP download
+  
+  ... using SSH-agent
+
+- curl_multi_perform.3: extended/clarified
+
+- INSTALL.cmake: clarify some flaws/limits in the cmake build
+
+- https.c example: spell check used define
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3559845
+  Reported by: Olivier Berger
+
+- configure: update the copyright years for the output
+
+- [Nick Zitzmann brought this change]
+
+  darwinssl: add TLS 1.1 and 1.2 support, replace deprecated functions
+  
+  In Mountain Lion, Apple added TLS 1.1 and 1.2, and deprecated a number
+  of SecureTransport functions, some of which we were using. We now check
+  to see if the replacement functions are present, and if so, we use them
+  instead.  The old functions are still present for users of older
+  cats. Also fixed a build warning that started to appear under Mountain
+  Lion
+
+- curl_easy_setopt: documented CURLSOCKTYPE_ACCEPT for SOCKOPTFUNCTION
+
+- [Gokhan Sengun brought this change]
+
+  ftp: active conn, place calling sockopt callback at the end of function
+  
+  Commit b91d29a28e170c16d65d956db79f2cd3a82372d2 introduces a bug and breaks Curl_closesocket function. sock_accepted flag for the second socket should be tagged as TRUE before the sockopt callback is called because in case the callback returns an error, Curl_closesocket function is going to call the - fclosesocket - callback for the accept()ed socket
+
+- [Gokhan Sengun brought this change]
+
+  ftp: active conn, allow application to set sockopt after accept() call
+  
+  For active FTP connections, applications may need setting the sockopt after accept() call returns successful. This fix gives a call to the callback registered with CURL_SOCKOPTFUNCTION option. Also a new sock type - CURLSOCKTYPE_ACCEPT - is added. This type is to be passed to application callbacks with - purpose - parameter. Applications may use this parameter to distinguish between socket types.
+
+- configure: remove the --enable/disable-nonblocking options
+  
+  Removing this option as it currently only functions to lure people into
+  wrongly using it and falsely believing that libcurl will work fine
+  without using nonblocking sockets internally - which leads to hard to
+  track or understand errors.
+
+- [Ant Bryan brought this change]
+
+  MANUAL review
+
+- curl.1: shorten lines, avoid referring to libcurl instead of curl
+
+- [Ant Bryan brought this change]
+
+  curl.1: fix more consistent wording
+  
+  "If this option is used several times, the last one will be used."
+  uniformity
+
+- ssh: use the libssh2 agent API conditionally
+  
+  Commit e351972bc89aa4c brought in the ssh agent support but some uses of
+  the libssh2 agent API was done unconditionally which wasn't good enough
+  since that API hasn't always been present.
+
+- white space fix: shorten long line
+  
+  ... to please checksrc.pl
+
+Kamil Dudka (9 Aug 2012)
+- docs: update the links to cipher-suites supported by NSS
+  
+  ... and make the list of cipher-suites in nss.c readable by humans.
+  
+  Bug: http://curl.haxx.se/mail/archive-2012-08/0016.html
+
+- nss: do not print misleading NSS error codes
+
+Daniel Stenberg (8 Aug 2012)
+- RELEASE-NOTES: synced with 0774386b23
+  
+  5 more bug fixes, one change, 6 contributors
+
+- [Armel Asselin brought this change]
+
+  docs: mention CURLSSH_AUTH_AGENT
+
+- [Armel Asselin brought this change]
+
+  SSH: added agent based authentication
+  
+  CURLSSH_AUTH_AGENT is a new auth type for SSH
+
+- bump version to 7.28.0
+  
+  I am about to merge the first patch that adds changes into the pending
+  release, and thus we bump the minor number.
+
+- RELEASE-NOTES: added missing link
+
+- curl_version: fixed Value stored to 'len' is never read
+  
+  Fixed this (harmless) clang-analyzer warning. Also fixed the source
+  indentation level.
+
+- TODO-RELEASE: the (nil) bug is fixed
+
+- add_next_timeout: minor restructure of code
+  
+  By reading the ->head pointer and using that instead of the ->size
+  number to figure out if there's a list remaining we avoid the (false
+  positive) clang-analyzer warning that we might dereference of a null
+  pointer.
+
+- verbose messages: fixed output of hostnames in re-used connections
+  
+  I suspect this is a regression introduced in commit 207cf150, included
+  since 7.24.0.
+  
+  Avoid showing '(nil)' as hostname in verbose output by making sure the
+  hostname fixup function is called early enough to set the pointers that
+  are used for this. The name data is set again for each request even for
+  re-used connections to handle multiple hostnames over the same
+  connection (like with proxy) or that the casing etc of the host name is
+  changed between requests (which has proven to be important at least once
+  in the past).
+  
+  Test1011 was modified to use a redirect with a re-used a connection
+  since it then showed the bug and now lo longer does. There's currently
+  no easy way to have the test suite detect 'nil' texts in verbose ouputs
+  so no tests will detect if this problem gets reintroduced.
+  
+  Bug: http://curl.haxx.se/mail/lib-2012-07/0111.html
+  Reported by: Gisle Vanem
+
+- [Nick Zitzmann brought this change]
+
+  metalink: Un-broke the build when building --with-darwinssl
+
+Guenter Knauf (8 Aug 2012)
+- Fix some compiler warnings.
+
+Daniel Stenberg (8 Aug 2012)
+- TODO-RELEASE: two bugs fixed
+  
+  These are now addressed:
+  
+  323 - patch - select.c / Curl_socket_check() interrupted
+  
+  325 - Avoid leak of local device string when reusing connection
+
+- curl.1: minor format fix for --data-ascii
+  
+  ... and removal of trailing whitespace on a single line
+
+- [Ant Bryan brought this change]
+
+  curl man page cleanup
+
+- [Mike Crowe brought this change]
+
+  Avoid leak of local device string when reusing connection
+  
+  Ensure that the copy of the CURLOPT_INTERFACE string is freed if we
+  decide we can reuse an existing connection.
+
+- Curl_socket_check: fix timeout return value for select users
+  
+  This is the same fix applied for the conditional code that uses select()
+  that was already done for the poll specific code in commit
+  b61e8b81f5038.
+
+- [Maxime Larocque brought this change]
+
+  Curl_socket_check: fix return code for timeout
+  
+  We found a problem with ftp transfer using libcurl (7.23 and 7.25)
+  inside an application which is receiving unix signals (SIGUSR1,
+  SIGUSR2...) almost continuously. (Linux 2.4, PowerPC, HAVE_POLL_FINE
+  defined).
+  
+  Curl_socket_check() uses poll() to wait for the socket, and retries it
+  when a signal is received (EINTR). However, if a signal is received and
+  it also happens that the timeout has been reached, Curl_socket_check()
+  returns -1 instead of 0 (indicating an error instead of a timeout).
+  
+  In our case, the result is an aborted connection even before the ftp
+  banner is received from the server, and a return value of
+  CURLE_OUT_OF_MEMORY from curl_easy_perform() (Curl_pp_multi_statemach(),
+  in pingpong.c, actually returns OOM if Curl_socket_check() fails :-)
+  Funny to debug on a system on which OOM is a possible cause).
+  
+  Bug: http://curl.haxx.se/mail/lib-2012-07/0122.html
+
+- RELEASE-NOTES: synced with b4a558041fdf65c0
+
+- TODO-RELEASE: fixed another bug
+  
+  bug #3544688 "crash during retry with libcurl and SFTP"
+
+- WSAPoll: disabled on all windows builds
+  
+  Due to WSAPoll bugs, libcurl does not work as intended. When the cURL
+  library is used to setup a connection to an incorrect port, normally the
+  result is CURLE_COULDNT_CONNECT, /* 7 */, but due to the bug in WSAPoll,
+  the result now is CURLE_OPERATION_TIMEDOUT, /* 28 - the timeout time was
+  reached */.
+  
+  On August 1, Jan Koen Annot opened a case for this to Microsoft Premier
+  Online (https://premier.microsoft.com/).  The support engineer handling
+  the case wrote that the case description is quite clear.  He will try to
+  reproduce the issue and then proceed with troubleshooting it.
+  
+  Reported by: Jan Koen Annot
+  Bug: http://curl.haxx.se/mail/lib-2012-07/0310.html
+
+- retry request: only access the HTTP data if in fact HTTP
+  
+  When figuring out if the data stream needs to be rewound when the
+  request is to be resent, we must not access the HTTP struct unless the
+  protocol used is indeed HTTP...
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3544688
+
+- TODO: support DANE, we already support gnutls without gcrypt
+
+- curl-config: parentheses fix
+  
+  Braces, not parentheses, should be used for shell variable names.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3551460
+  Reported by: Edward Sheldrake
+
+- VC build: add define for openssl
+  
+  This fixes a build failure of lib/ssluse.c.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3552997
+
+- TODO-RELEASE: two bugs fixed!
+
+- globbing: fix segfault when >9 globs were used
+  
+  Stupid lack of range checks caused the code to overwrite local variables
+  after glob number nine. Added checks now.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3546353
+
+- [Joe Mason brought this change]
+
+  sws: close sockets properly
+  
+  Fix a bug where closed sockets (fd -1) were left in the all_sockets
+  list, because of missing parens in a pointer arithmetic expression
+  
+  Reenable the tests that were locking up due to this bug.
+
+- [Joe Mason brought this change]
+
+  Remove debug logs that were accidentally checked in
+
+- [Joe Mason brought this change]
+
+  Use select in sws, which has better cross-platform support than poll
+
+- [Joe Mason brought this change]
+
+  Use cross-platform curlx_nonblock instead of fcntl in sws
+
+- operate: fix clang-analyzer warnings for never read variables
+  
+  Two separate "Value stored to 'XXX' is never read" warnings
+
+- operate: fix clang-analyzer warning
+  
+  Value stored to 'separator' is never read
+
+- metalink: change code order to build with gnutls-nettle
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3554668
+  Reported by: Anthony G. Basile
+
+- gtls: fix build failure by including nettle-specific headers
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3554668
+  Reported by: Anthony G. Basile
+
+Guenter Knauf (6 Aug 2012)
+- Fixed compiler warning - argument is type long.
+
+Daniel Stenberg (6 Aug 2012)
+- DISABLED: disable the new tests that do NTLM
+  
+  The tests 2025, 2028 and 2031 don't work for me so I'll have them
+  disabled for now until we solve the problem.
+
+Joe Mason (3 Aug 2012)
+- Add tests of auth retries
+
+- Cleanup handshake after clean NTLM failure
+
+- Zero out auth structs before transfer
+
+- Add a polling loop in main to read from more than one socket at once. Add the O_NONBLOCK and
+  SO_KEEPALIVE flag to all sockets. Note that several loops which used to continue on a return value
+  of 0 (theoretical since 0 would never be returned without O_NONBLOCK) now break on 0 so that they
+  won't continue reading until after poll is called again.
+
+- Change return values of get_request, accept_connection and service_connection to add a return code
+  for non-blocking sockets: now -1 means error or connection finished, 1 means data was read, and 0
+  means there is no data available now so need to wait for poll (new return value)
+
+- Hoist the loop out of get_request, and make sure that it can be reentered when a request is
+  half-finished.
+  
+  Note the the req struct used to be re-initialized AFTER reading pipeline data, so now that we
+  initialize it from the caller we must be careful not to overwrite the pipeline data.
+  
+  Also we now need to handle the case where the buffer is already full when get_request is called -
+  previously this never happened as it was always called with an empty buffer and looped until done.
+  
+  Now get_request is called in a loop, so the next step is to run the loop on a socket only when poll
+  signals it is readable.
+
+- Move blocks of code from the sws main loop into their own functions for easier refactoring later.
+  The next step will be to call the correct function after a poll, rather than looping unconditionally
+
+- Remove the --fork option of sws, since it makes refactoring to use poll more complicated and should
+  be redundant once we poll
+
+Kamil Dudka (30 Jul 2012)
+- file: use fdopen() for uploaded files if available
+  
+  It eliminates noisy events when using inotify and fixes a TOCTOU issue.
+  
+  Bug: https://bugzilla.redhat.com/844385
+
+Guenter Knauf (29 Jul 2012)
+- Added DWANT_IDN_PROTOTYPES define for MSVC too.
+  
+  Discussion on the list: http://curl.haxx.se/mail/lib-2012-07/0271.html
+
+- Added Win32 problems.
+
+- Added hint to read docs/INSTALL too.
+
+- Added new file to distro.
+
+Steve Holme (28 Jul 2012)
+- TODO: Updated after 7.27.0 release
+  
+  Removed APOP and SASL authentication from the POP3 section and metalink
+  support from the client section as these features were implemented in
+  this release.
+  
+  Moved adding gssapi to SASL into it's own section rather than repeat it
+  for each protocol.
+
+Daniel Stenberg (28 Jul 2012)
+- TODO-RELEASE: updated after 7.27.0 release
+
+- THANKS: 12 new contributors from the 7.27.0 release
+
+- version bump: start towards next release
+  
+  Let's call it 7.27.1 for now, but it it probably going to become 7.28.0
+  when released.
+
+Version 7.27.0 (27 Jul 2012)
+
+Guenter Knauf (27 Jul 2012)
+- Fixed compiler warning 'unused parameter'.
+
+- Added prototypes to kill compiler warning.
+
+- Added --with-winidn to configure.
+  
+  This needs another look from the configure experts. I tested that
+  it works so far with MinGW64 cross-compiler; libcurl builds and
+  links fine, but curl not yet ...
+
+Daniel Stenberg (27 Jul 2012)
+- [Ant Bryan brought this change]
+
+  Update man page info on --metalink and typo.
+
+- RELEASE-NOTES: remove mentioned of bug never in a release
+  
+  The --silent bug came with 7561a0fc834c435 which was never in a release.
+  Pointed out by Kamil Dudka
+
+- RELEASE-NOTES: synced with 33b815e894fb
+  
+  4 more bugfixes, 3 more contributors
+
+Guenter Knauf (26 Jul 2012)
+- Changed Windows IDN text to 'WinIDN'.
+  
+  Synced the output to the same short form as we now use for
+  Windows SSL (WinSSL).
+
+Daniel Stenberg (25 Jul 2012)
+- [Nick Zitzmann brought this change]
+
+  darwinssl: fixed freeze involving the multi interface
+  
+  Previously the curl_multi interface would freeze if darwinssl was
+  enabled and at least one of the handles tried to connect to a Web site
+  using HTTPS. Removed the "wouldblock" state darwinssl was using because
+  I figured out a solution for our "would block but in which direction?"
+  dilemma.
+
+Guenter Knauf (25 Jul 2012)
+- Added support for tls-srp to MinGW builds.
+
+Daniel Stenberg (24 Jul 2012)
+- curl_easy_setopt: fix typo
+  
+  Reported by: Santhana Todatry
+
+- keepalive: multiply value for OS-specific units
+  
+  DragonFly uses milliseconds, while our API and Linux use full seconds.
+  
+  Reported by: John Marino
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3546257
+
+Kamil Dudka (22 Jul 2012)
+- http: print reason phrase from HTTP status line on error
+  
+  Bug: https://bugzilla.redhat.com/676596
+
+- tool_operate: fix misplaced initialization of orig_noprogress
+  
+  ... and orig_isatty which caused --silent to be entirely ignored in case
+  the standard output was redirected to a file!
+
+Daniel Stenberg (21 Jul 2012)
+- [Anton Yabchinskiy brought this change]
+
+  Client's "qop" value should not be quoted (RFC2617, section 3.2.2).
+
+Guenter Knauf (21 Jul 2012)
+- Fixed typo.
+
+Daniel Stenberg (20 Jul 2012)
+- make: make distclean work again
+  
+  The clean-local hook needed some polish to make sure make distclean
+  works. Added comment describing why.
+
+- test Makefile: only feature 'unit' once in the list of dirs
+
+Dan Fandrich (20 Jul 2012)
+- Fixed some typos in documentation
+
+Guenter Knauf (20 Jul 2012)
+- Fixed CR issue with Win32 version on MSYS.
+  
+  Previous fix didnt work on Linux ...
+
+- Fixed CR issue with Win32 version on MSYS.
+
+- Fixed MSYS <-> Windows path convertion.
+  
+  Replaced the Windows real path from mount hack with a more
+  reliable and simpler hack: the MSYS shell has a builtin pwd
+  which understands a -W option which does convertion to Windows
+  paths. Tested and confirmed that this works on all MSYS versions
+  I have back to a 3 year old one.
+
+- Follow-up fix to detect SSL libs with MinGW.
+  
+  1) the check for winssl needs to come before nss check
+  2) the SSL checks must begin with a new if or else we will
+  never find any SSL lib with MinGW.
+
+- Tell git to not convert configure-related files.
+
+- Trial to teach runtests.pl about WinSSL.
+
+- Fixed warning 'uninitialized value in numeric gt'.
+  
+  This is a MSYS/MinGW-only warning; full warning text is:
+  Use of uninitialized value in numeric gt (>) at ../../curl/tests/runtests.pl line 2227.
+
+Daniel Stenberg (15 Jul 2012)
+- RELEASE-NOTES: synced with 9d11716933616
+  
+  Fixed 6 bugs, added 3 contributors
+
+- multi_runsingle: added precaution against easy_conn NULL pointer
+  
+  In many states the easy_conn pointer is referenced and just assumed to
+  be working. This is an added extra check since analyzing indicates
+  there's a risk we can end up in these states with a NULL pointer there.
+
+- getparam: fix the GetStr() macro
+  
+  It should return PARAM_NO_MEM if the strdup fails. Spotted by
+  clang-analyzer
+
+Guenter Knauf (15 Jul 2012)
+- Tell git to not convert configure-related files.
+
+Daniel Stenberg (13 Jul 2012)
+- parse_proxy: remove dead assignment
+  
+  Spotted by clang-analyzer
+
+- ftp_do_more: add missing check of return code
+  
+  Spotted by clang-analyzer. The return code was never checked, just
+  stored.
+
+- getinfo: use va_end and cut off Curl_ from static funcs
+  
+  va_end() needs to be used after va_start() and we don't normally use
+  Curl_ prefixes for purely static functions.
+
+- [Philip Craig brought this change]
+
+  Split up Curl_getinfo
+  
+  This avoids false positives from clang's scan-build.
+
+Guenter Knauf (12 Jul 2012)
+- Added error checking for curl_global_init().
+
+- Added curl_global_* functions.
+
+- Minor fixes to MinGW makefiles.
+
+Daniel Stenberg (12 Jul 2012)
+- docs: mention CURL_GLOBAL_DEFAULT
+
+Guenter Knauf (12 Jul 2012)
+- Added curl_global_* functions.
+
+Daniel Stenberg (12 Jul 2012)
+- tests: verify the stricter numeric option parser
+  
+  Test 1409 and 1410 verifies the stricter numeric option parser
+  introduced the other day in commit f2b6ebed7b.
+
+- SWS: use of uninitialized memory fix
+  
+  I made "connmon" not get initialized properly before use, and I use the
+  big hammer and make sure we always clear the entire struct to avoid any
+  problem like this in the future.
+
+- test48: verify that HEAD doesn't close extra
+  
+  Two commits ago, we fixed a bug where the connction would be closed
+  prematurely after a HEAD. Now I added connection-monitor to test 48 and
+  added a second HEAD and make sure that both are sent over the same
+  connection.
+  
+  This triggered a failure before the bug fix and now works. Will help us
+  avoid a future regression of this kind.
+
+- connection-monitor: always log disconnect when enabled
+  
+  This makes verifying easier and makes us more sure curl closes the
+  connection only at the correct point in time. Adjusted test 206 and 1008
+  accordingly and updated the docs for it.
+
+- HEAD: don't force-close after response-headers
+  
+  A HEAD response has no body length and gets the headers like the
+  corresponding GET would so it should not get closed after the response
+  based on the same rules. This mistake caused connections that did HEAD
+  to get closed too often without a valid reason.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3542731
+  Reported by: Eelco Dolstra
+
+Guenter Knauf (12 Jul 2012)
+- Removed trailing empty strings from awk script.
+
+- Cleaned up version awk script.
+
+- Added project copyright header.
+
+- Removed libcurl.imp from Makefile.am.
+  
+  Updated .gitignore for NetWare created files.
+
+- Added missing dependency to export list.
+
+- Fixed export list path.
+
+- Changed NetWare build to generate export list.
+
+- Added pointer to FAQ for linkage errors.
+
+- Small NetWare makefile tweak.
+
+- Changed MinGW makefiles to use WINSSL now.
+
+Daniel Stenberg (10 Jul 2012)
+- test231: fix wrong -C use!
+
+- cmdline: parse numerical options stricter
+  
+  1 - str2offset() no longer accepts negative numbers since offsets are by
+  nature positive.
+  
+  2 - introduced str2unum() for the command line parser that accepts
+  numericals which are not supposed to be negative, so that it will
+  properly complain on apparent bad uses and mistakes.
+  
+  Bug: http://curl.haxx.se/mail/archive-2012-07/0013.html
+
+- docs: switch to proper UTF-8 for text file encoding
+
+Yang Tse (9 Jul 2012)
+- Make Curl_schannel_version() return "WinSSL"
+  
+  Modification based on voting result:
+  
+  http://curl.haxx.se/mail/lib-2012-07/0104.html
+
+Daniel Stenberg (9 Jul 2012)
+- test 46: use different path lengths to get reliable sort order
+  
+  Since the order of the cookies is sorted by the length of the paths,
+  having them on the same path length will make the test depend on what
+  order the qsort() implementation will put them. As seen in the
+  windows/msys output posted by Guenter in this posting:
+  http://curl.haxx.se/mail/lib-2012-07/0105.html
+
+- cookie: fixed typo in comment
+
+- [Christian Hägele brought this change]
+
+  https_getsock: provided for schannel backend as well
+  
+  The function https_getsock was only implemented properly when USE_SSLEAY
+  or USE_GNUTLS is defined, but it is also necessary for USE_SCHANNEL.
+  
+  The problem occurs when Curl_read_plain or Curl_write_plain returns
+  CURLE_AGAIN. In that case CURL_OK is returned to the multi-interface an
+  the used socket is set to state CURL_POLL_REMOVE and the easy-state is
+  set to CURLM_STATE_PROTOCONNECT. This is fine, because later the socket
+  should be set to CURL_POLL_IN or CURL_POLL_OUT via multi_getsock. That's
+  where https_getsock is called and doesn't return any sockets.
+
+- RELEASE-NOTES: added a URL reference to cookie docs
+
+Guenter Knauf (8 Jul 2012)
+- Removed obsolete include path to project root.
+
+Daniel Stenberg (8 Jul 2012)
+- TODO-RELEASE: issue 316 NTLM over proxy is fixed
+
+- [Nick Zitzmann brought this change]
+
+  darwinssl: don't use arc4random_buf
+  
+  Re-wrote Curl_darwinssl_random() to not use arc4random_buf() because the
+  function is not available prior to iOS 4.3 and OS X 10.7.
+
+- KNOWN_BUGS: #80 Curl doesn't recognize certs in DER format
+
+- KNOWN_BUGS: #79 - any RCPT TO failure makes and error
+
+Marc Hoersken (8 Jul 2012)
+- winbuild: Aligned BUILD.WINDOWS.txt and Makefile.vc usage help
+
+- winbuild: Make USE_WINSSL depend on USE_SSPI
+  
+  Since WinSSL cannot be build without SSPI being enabled,
+  USE_WINSSL now defaults to the value of USE_SSPI.
+  
+  The makefile does now raise an error if WinSSL is enabled
+  while SSPI is disabled.
+
+- winbuild: Aligned USE_SSPI with other USE_x defines
+  
+  Renamed external parameter USE_SSPI = yes/no to ENABLE_SSPI = yes/no.
+  Backwards compatible change: USE_SSPI can still be passed as external
+  parameter with yes/no value as long as ENABLE_SSPI is not given.
+  
+  USE_x defines are passed around with true/false values internally,
+  USE_SSPI is now aligned to this approach, but still accepts external
+  values yes/no being passed, just like the other defines.
+
+- winbuild: Clean up formatting and variable naming
+  
+  - Changed space usage to line up with the whole file
+  - Renamed CFLAGS_SSPI/IPV6 to SSPI/IPV6_CFLAGS to be
+    consistent with the other CFLAGS_x variables
+  - Make use of existing CFLAGS_IPV6 (previously IPV6_CFLAGS)
+    instead of appending directly to CFLAGS
+
+Daniel Stenberg (7 Jul 2012)
+- [Nick Zitzmann brought this change]
+
+  darwinssl: output cipher with text, remove SNI warning
+  
+  The code was printing a warning when SNI was set up successfully. Oops.
+  
+  Printing the cipher number in verbose mode was something only TLS/SSL
+  programmers might understand, so I had it print the name of the cipher,
+  just like in the OpenSSL code. That'll be at least a little bit easier
+  to understand. The SecureTransport API doesn't have a method of getting
+  a string from a cipher like OpenSSL does, so I had to generate the
+  strings manually.
+
+- RELEASE-NOTES: synced with 5a99bce07d
+
+- KNOWN_BUGS: NTLM with unicode works with schannel/winssl!
+  
+  Bug #75 updated with additional info, still remains for builds with
+  other backends.
+
+- code police: narrow source to < 80 columns
+
+Yang Tse (5 Jul 2012)
+- unicode NTLM SSPI: cleanup follow-up
+
+- unicode NTLM SSPI: cleanup
+  
+  Reduce the number of #ifdef UNICODE directives used in source files.
+
+Daniel Stenberg (5 Jul 2012)
+- tests: use connection-monitor and verify results
+  
+  Test 1008 and 206 don't show the disconnect since it happens when SWS
+  awaits a new request, but 503 does and so the verify section needs that
+  string added.
+
+- http-proxy: keep CONNECT connections alive (for NTLM)
+  
+  When doing CONNECT requests, libcurl must make sure the connection is
+  alive as much as possible. NTLM requires it and it is generally good for
+  other cases as well.
+  
+  NTLM over CONNECT requests has been broken since this regression I
+  introduced in my CONNECT cleanup commits that started with 41b02378342,
+  included since 7.25.0.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3538625
+  Reported by: Marcel Raad
+
+- sws: support <servercmd> for CONNECT requests
+  
+  I moved out the servercmd parsing into a its own function called
+  parse_servercmd() and made sure it gets used also when the test number
+  is extracted from CONNECT requests. It turned out sws didn't do that
+  previously!
+
+- FILEFORMAT: provided a full description of connection-monitor
+
+- lib503: enable verbose to ease debugging this
+
+- sws: add 'connection-monitor' command support
+  
+  Using this, the server will output in the protocol log when the
+  connection gets disconnected and thus we will verify correctly in the
+  test cases that the connection doesn't get closed prematurely. This is
+  important for example NTLM to work.
+  
+  Documentation added to FILEFORMAT, test 503 updated to use this.
+
+Guenter Knauf (4 Jul 2012)
+- Removed non-used variable.
+
+- Added error checking for samples.
+
+- Renamed vars to avoid shadow global declaration.
+
+Daniel Stenberg (3 Jul 2012)
+- docs: clarify how to start with curl_multi_socket_action
+  
+  Mention the CURL_SOCKET_TIMEOUT argument in step 6 of the typical
+  application.
+
+Guenter Knauf (3 Jul 2012)
+- Moved some patterns to subfolder's .gitignore.
+
+- Merge branch 'master' of ssh://github.com/bagder/curl
+
+- MinGW makefile tweaks for running from sh.
+  
+  Added function macros to make path converting easier.
+  Added CROSSPREFIX to all compile tools.
+
+Yang Tse (3 Jul 2012)
+- [Marc Hoersken brought this change]
+
+  curl_ntlm_msgs.c: Removed unused variable passwd
+
+Guenter Knauf (3 Jul 2012)
+- Added files generated by mingw32, eclipse and VC.
+  
+  Posted by Marc Hoersken.
+
+Daniel Stenberg (3 Jul 2012)
+- cookies: change the URL in the cookie jar file header
+
+- HTTP-COOKIES: clarified and modified layout
+
+- HTTP-COOKIES: use the FAQ document layout
+
+- HTTP-COOKIES: added cookie documentation
+
+Yang Tse (3 Jul 2012)
+- curl_ntlm_msgs.c: include <tchar.h> for prototypes
+
+- [Neil Bowers brought this change]
+
+  testcurl.pl: fix missing semicolon
+
+Daniel Stenberg (2 Jul 2012)
+- [Christian Hägele brought this change]
+
+  unicode NTLM SSPI: heap corruption fixed
+  
+  When compiling libcurl with UNICODE defined and using unicode characters
+  in username.
+
+Yang Tse (2 Jul 2012)
+- testcurl.pl: allow non in-tree c-ares enabled autobuild
+
+- configure.ac: verify that libmetalink is new enough
+  
+  Enabling test2017 to test2022.
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  curl: Added runtime version check for libmetalink
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  Include metalink/metalink.h for libmetalink functions
+
+Daniel Stenberg (2 Jul 2012)
+- errors: CURLM_CALL_MULTI_PERFORM is not returned anymore
+
+- release: cleaned up plans for this and coming release
+
+Yang Tse (29 Jun 2012)
+- curl-compilers.m4: remove -Wstrict-aliasing=3 from clang
+  
+  Currently it is unknown if there is any version of clang that
+  actually supports -Wstrict-aliasing. What is known is that there
+  are several that don't support it.
+
+- test2017 to test2022: more metalink tests
+  
+  With this commit, checks done in previous test2017 are now done in test2018.
+  
+  Whole range test2017 to test2022 DISABLED until configure is capable of
+  requiring a new-enough metalink library.
+  
+  Don't try these without mentioned check in place!
+
+- test2005 to test2016: improve failure detection
+
+- lib582.c: fix conversion warning
+
+- nss.c: #include warnless.h for curlx_uztosi and curlx_uztoui prototypes
+
+- [Marc Hoersken brought this change]
+
+  nss.c: Fixed size_t conversion warnings
+
+- sslgen.c: cleanup temporary compile-time SSL-backend check
+
+Daniel Stenberg (28 Jun 2012)
+- schannel: provide two additional (dummy) API defines
+
+Yang Tse (28 Jun 2012)
+- [Tatsuhiro Tsujikawa brought this change]
+
+  Metalink: message updates
+  
+  Print "parsing (...) OK" only when no warnings are generated.  If
+  no file is found in Metalink, treat it FAILED.
+  
+  If no digest is provided, print WARNING in parse_metalink().
+  Also print validating FAILED after download.
+  
+  These changes make tests 2012 to 2016 pass.
+
+Daniel Stenberg (27 Jun 2012)
+- sslgen: avoid compiler error in SSPI builds
+
+Yang Tse (27 Jun 2012)
+- ssluse.c: fix compiler warning: conversion to 'int' from 'size_t'
+  
+  Reported by Tatsuhiro Tsujikawa
+  
+  http://curl.haxx.se/mail/lib-2012-06/0371.html
+
+- sslgen.c: add compile-time check for SSL-backend completeness
+
+- build: add our standard includes to curl_darwinssl.c and curl_multibyte.c
+
+- build: add curl_schannel and curl_darwinssl files to other build systems
+
+- tests: add five more Metalink test cases
+
+- tests: update Metalink message format
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  Metalink: updated message format
+
+- [Nick Zitzmann brought this change]
+
+  DarwinSSL: allow using NTLM authentication
+  
+  Allow NTLM authentication when building using SecureTransport (Darwin) for SSL.
+  
+  This uses CommonCrypto, a cryptography library that ships with all versions of
+  iOS and Mac OS X. It's like OpenSSL's libcrypto, except that it's missing a few
+  less-common cyphers and doesn't have a big number data structure.
+
+- curl_darwinssl.h: add newline at end of file
+
+Daniel Stenberg (26 Jun 2012)
+- ossl_seed: remove leftover RAND_screen check
+  
+  Before commit 2dded8fedba (dec 2010) there was logic that used
+  RAND_screen() at times and now I remove the leftover #ifdef check for
+  it.
+  
+  The seeding code that uses Curl_FormBoundary() in ossl_seed() is dubious
+  to keep since it hardly increases randomness but I fear I'll break
+  something if I remove it now...
+
+Yang Tse (26 Jun 2012)
+- [Nick Zitzmann brought this change]
+
+  DarwinSSL: several adjustments
+  
+  - Renamed st_ function prefix to darwinssl_
+  - Renamed Curl_st_ function prefix to Curl_darwinssl_
+  - Moved the duplicated ssl_connect_done out of the #ifdef in lib/urldata.h
+  - Fixed a teensy little bug that made non-blocking connection attempts block
+  - Made it so that it builds cleanly against the iOS 5.1 SDK
+
+- curl-compilers.m4: -Wstrict-aliasing=3 for warning enabled gcc and clang builds
+
+- [Marc Hoersken brought this change]
+
+  sockaddr.h: Fixed dereferencing pointer breakin strict-aliasing
+  
+  Fixed warning: dereferencing pointer does break strict-aliasing rules
+  by using a union inside the struct Curl_sockaddr_storage declaration.
+
+Daniel Stenberg (26 Jun 2012)
+- SSL cleanup: use crypto functions through the sslgen layer
+  
+  curl_ntlm_msgs.c would previously use an #ifdef maze and direct
+  SSL-library calls instead of using the SSL layer we have for this
+  purpose.
+
+- [Nick Zitzmann brought this change]
+
+  darwinssl: add support for native Mac OS X/iOS SSL
+
+- RELEASE-NOTES: link to more metalink info
+
+- RELEASE-NOTES: synced with d025af9bb576
+
+Yang Tse (25 Jun 2012)
+- curl_schannel.c: Remove redundant NULL assignments following Curl_safefree()
+
+- [Marc Hoersken brought this change]
+
+  curl_schannel.c: Replace free() with Curl_safefree()
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  curl.1: Updated Metalink description in man page
+  
+  Documented that --include will be ignored if both --metalink
+  and --include are specified.
+  Also documented that a Metalink file in the local file system
+  cannot be used if FILE protocol is disabled.
+
+Steve Holme (24 Jun 2012)
+- DOCS: Added clarification to CURLOPT_CUSTOMREQUEST for the POP3 protocol
+  
+  Bug: http://curl.haxx.se/mail/lib-2012-06/0302.html
+  Reported by: Nagai H
+
+- smtp: Corrected result code for MAIL, RCPT and DATA commands
+  
+  Bug: http://curl.haxx.se/mail/lib-2012-06/0094.html
+  Reported by: Dan
+
+Daniel Stenberg (24 Jun 2012)
+- [Ghennadi Procopciuc brought this change]
+
+  test: Added test HTTP receive cookies over IPv6
+
+Yang Tse (22 Jun 2012)
+- tests: add another Metalink test case
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  tests: Enable test2010 and fixed hash value
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  Metalink: ignore --include if --metalink is used.
+  
+  Including headers in response body will break Metalink XML parser.
+  If it is included in the file described in Metalink XML, hash check
+  will fail. Therefore, --include should be ignored if --metalink is
+  used.
+
+- tests: add six Metalink test cases
+
+- test 2005: add verification of hash checking outcome
+
+- getpart.pm: remove misleading comment
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  curl: Prefixed all Metalink related messages with "Metalink: "
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  tests: Added Metalink test case # 2005
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  curl: Restore noprogress and isatty config values.
+  
+  The noprogress and isatty in Configurable are global, in a sense
+  that they persist in one curl invocation. Currently once one
+  download writes its response data to tty, they are set to FALSE
+  and they are not restored on successive downloads.  This change
+  first backups the current noprogress and isatty, and restores
+  them when download does not write its data to tty.
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  curl: Made --metalink option toggle Metalink functionality
+  
+  In this change, --metalink option no longer takes argument.  If
+  it is specified, given URIs are processed as Metalink XML file.
+  If given URIs are remote (e.g., http URI), curl downloads it
+  first. Regardless URI is local file (e.g., file URI scheme) or
+  remote, Metalink XML file is not written to local file system and
+  the received data is fed into Metalink XML parser directly.  This
+  means with --metalink option, filename related options like -O
+  and -o are ignored.
+  
+  Usage examples:
+  
+  $ curl --metalink http://example.org/foo.metalink
+  
+  This will download foo.metalink and parse it and then download
+  the URI described there.
+  
+  $ curl --metalink file://foo.metalink
+  
+  This will parse local file foo.metalink and then download the URI
+  described there.
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  curl: Refactored metalink_checksum
+  
+  When creating metalink_checksum from metalink_checksum_t, first
+  check hex digest is valid for the given hash function.  We do
+  this check in the order of digest_aliases so that first good
+  match will be chosen (strongest hash function available).  As a
+  result, the metalinkfile now only contains at most one
+  metalink_checksum because other entries are just redundant.
+
+- [Gisle Vanem brought this change]
+
+  tool_doswin.c: fix djgpp function _use_lfn() used without a prototype
+  
+  http://curl.haxx.se/mail/archive-2012-06/0028.html
+
+- build: fix RESOURCE bug in lib/Makefile.vc*
+  
+  Removed two, not intended to exist, RESOURCE declarations.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3535977
+  
+  And sorted configuration hunks to reflect same internal order
+  as the one shown in the usage message.
+
+Daniel Stenberg (20 Jun 2012)
+- [Marc Hoersken brought this change]
+
+  schannel: Implement new buffer size strategy
+  
+  Increase decrypted and encrypted cache buffers using limitted
+  doubling strategy. More information on the mailinglist:
+  http://curl.haxx.se/mail/lib-2012-06/0255.html
+  
+  It updates the two remaining reallocations that have already been there
+  and fixes the other one to use the same "do we need to increase the
+  buffer"-condition as the other two.  CURL_SCHANNEL_BUFFER_STEP_SIZE was
+  renamed to CURL_SCHANNEL_BUFFER_FREE_SIZE since that is actually what it
+  is now.  Since we don't know how much more data we are going to read
+  during the handshake, CURL_SCHANNEL_BUFFER_FREE_SIZE is used as the
+  minimum free space required in the buffer for the next operation.
+  CURL_SCHANNEL_BUFFER_STEP_SIZE was used for that before, too, but since
+  we don't have a step size now, the define was renamed.
+
+Yang Tse (20 Jun 2012)
+- schannel SSL: fix compiler warning
+
+- [Mark Salisbury brought this change]
+
+  schannel SSL: fix for renegotiate problem
+  
+  In schannel_connect_step2() doread should be initialized based
+  on connssl->connecting_state.
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  runtests.pl: make it support metalink feature
+
+- getpart.pm: make test definition section/part parser more robust
+  
+  Test definition section parts which needed to include xml-lingo as contents
+  of that part required that the xml-blurb was written as a single line. Now the
+  xml-data inside the part can be written multiline making it more readable.
+  
+  Tested with <client><file> part which is written to disk before <command> runs.
+
+Daniel Stenberg (20 Jun 2012)
+- schannel_connect_step2: checksrc whitespace fix
+
+Yang Tse (20 Jun 2012)
+- [Mark Salisbury brought this change]
+
+  schannel SSL: changes in schannel_connect_step2
+  
+  Process extra data buffer before returning from schannel_connect_step2.
+  Without this change I've seen WinCE hang when schannel_connect_step2
+  returns and calls Curl_socket_ready.
+  
+  If the encrypted handshake does not fit in the intial buffer (seen with
+  large certificate chain), increasing the encrypted data buffer is necessary.
+  
+  Fixed warning in curl_schannel.c line 1215.
+
+- [Mark Salisbury brought this change]
+
+  config-win32ce.h: WinCE config adjustment
+  
+  process.h is not present on WinCE
+
+- [Mark Salisbury brought this change]
+
+  schannel SSL: Made send method handle unexpected cases better
+  
+  Implemented timeout loop in schannel_send while sending data.  This
+  is as close as I think we can get to write buffering; I put a big
+  comment in to explain my thinking.
+  
+  With some committer adjustments
+
+Daniel Stenberg (19 Jun 2012)
+- [Marc Hoersken brought this change]
+
+  curl_schannel.c: Avoid unnecessary realloc calls to reduce buffer size
+
+Yang Tse (19 Jun 2012)
+- [Mark Salisbury brought this change]
+
+  schannel SSL: Use standard Curl read/write methods
+  
+  Replaced calls to swrite with Curl_write_plain and calls to sread
+  with Curl_read_plain.
+  
+  With some committer adjustments
+
+- schannel SSL: make wording of some trace messages better reflect reality
+
+Daniel Stenberg (19 Jun 2012)
+- [Marc Hoersken brought this change]
+
+  curl_schannel.h: Use BUFSIZE as the initial buffer size if available
+  
+  Make the Schannel implementation use libcurl's default buffer size
+  for the initial received encrypted and decrypted data cache buffers.
+  The implementation still needs to handle more data since more data
+  might have already been received or decrypted during the handshake
+  or a read operation which needs to be cached for the next read.
+
+Guenter Knauf (19 Jun 2012)
+- Fixed NetWare makefile broken from last commit.
+
+Yang Tse (19 Jun 2012)
+- [Mark Salisbury brought this change]
+
+  schannel SSL: Implemented SSL shutdown
+  
+  curl_schannel.c - implemented graceful SSL shutdown.  If we fail to
+  shutdown the connection gracefully, I've seen schannel try to use a
+  session ID for future connects and the server aborts the connection
+  during the handshake.
+
+- [Mark Salisbury brought this change]
+
+  schannel SSL: certificate validation on WinCE
+  
+  curl_schannel.c - auto certificate validation doesn't seem to work
+  right on CE.  I added a method to perform the certificate validation
+  which uses CertGetCertificateChain and manually handles the result.
+
+- [Mark Salisbury brought this change]
+
+  schannel SSL: Added helper methods to simplify code
+  
+  Added helper methods InitSecBuffer() and InitSecBufferDesc() to make it
+  easier to set up SecBuffer & SecBufferDesc structs.
+
+Guenter Knauf (18 Jun 2012)
+- Some more NetWare makefile tweaks for metalink.
+
+Yang Tse (18 Jun 2012)
+- tool_cb_see.c: WinCE build adjustment
+
+- [Mark Salisbury brought this change]
+
+  setup.h: WinCE build adjustment
+
+- [Mark Salisbury brought this change]
+
+  ftplistparser.c: do not compile if FTP protocol is not enabled
+
+- Win32: downplay MS bazillion type synonyms game
+  
+  Avoid usage of some MS type synonyms to allow compilation with
+  compiler headers that don't define these, using simpler synonyms.
+
+Daniel Stenberg (15 Jun 2012)
+- Curl_rtsp_parseheader: avoid useless malloc/free
+  
+  Coverity actually pointed out flawed logic in the previous call to
+  Curl_strntoupper() where the code used sizeof() of a pointer to pass in
+  a size argument. That code still worked since it only needed to
+  uppercase 4 letters. Still, the entire malloc/uppercase/free sequence
+  was pointless since the code has already matched the string once in the
+  condition that starts the block of code.
+
+- curl_share_setopt: use va_end()
+  
+  As spotted by Coverity, va_end() was not used previously. To make it
+  used I took away a bunch of return statements and made them into
+  assignments instead.
+
+Yang Tse (15 Jun 2012)
+- SSPI related code: Unicode support for WinCE - kill compiler warnings
+
+- [Mark Salisbury brought this change]
+
+  SSPI related code: Unicode support for WinCE - commit 46480bb9 follow-up
+
+- build: add curl_multibyte files to build systems
+
+- [Mark Salisbury brought this change]
+
+  SSPI related code: Unicode support for WinCE
+  
+  SSPI related code now compiles with ANSI and WCHAR versions of security
+  methods (WinCE requires WCHAR versions of methods).
+  
+  Pulled UTF8 to WCHAR conversion methods out of idn_win32.c into their own file.
+  
+  curl_sasl.c - include curl_memory.h to use correct memory functions.
+  
+  getenv.c and telnet.c - WinCE compatibility fix
+  
+  With some committer adjustments
+
+Guenter Knauf (15 Jun 2012)
+- Fixed typo.
+
+Yang Tse (14 Jun 2012)
+- winbuild/MakefileBuild.vc: convert line endings to DOS style
+  
+  As per request on mailing list: http://curl.haxx.se/mail/lib-2012-06/0222.html
+
+- [Marc Hoersken brought this change]
+
+  winbuild: Allow SSPI build with or without Schannel
+  
+  The changes introduced in commit 2bfa57bc32 are not enough
+  to make it actually possible to use the USE_WINSSL option.
+  Makefile.vc was not updated and the configuration name which is
+  used in the build path did not match between both build files.
+  
+  This patch fixes those issues and introduces the following changes:
+  
+  - Replaced the -schannel name with -winssl in order to be consistent
+  with the other options
+  - Added ENABLE_WINSSL option to winbuild/Makefile.vc (default yes)
+  - Changed winbuild/MakefileBuild.vc to set USE_WINSSL to true if
+  USE_SSL is false and USE_WINSSL was not specified as a parameter
+  - Separated WINSSL handling from SSPI handling to be consistent with
+  the other options and their corresponding code path
+
+- curl.1: 7.27.0 seems next release
+
+- schannel: fix printf-style format strings
+
+- Fix bad failf() and info() usage
+  
+  Calls to failf() are not supposed to provide trailing newline.
+  Calls to infof() must provide trailing newline.
+  
+  Fixed 30 or so strings.
+
+- schannel: fix unused parameter warnings
+
+- schannel: fix comparisons between signed and unsigned
+
+- schannel: fix discarding qualifier from pointer type
+
+- schannel: fix shadowing of global declarations
+
+- schannel: fix Curl_schannel_init() and Curl_schannel_cleanup() declarations
+
+- [Gisle Vanem brought this change]
+
+  urldata.h: fix cyassl/openssl/ssl.h build clash with wincrypt.h
+  
+  Building with CyaSSL failed compilation. Reason being that OCSP_REQUEST and
+  OCSP_RESPONSE are enum values in CyaSSL and defines in <wincrypt.h> included
+  via <winldap.h> in ldap.c.
+  
+  http://curl.haxx.se/mail/lib-2012-06/0196.html
+
+- MakefileBuild.vc: Allow building without SSL
+  
+  In order to use Windows native SSL support define 'USE_WINSSL'
+
+- configure: new option --with-winssl
+  
+  This option may be used to build curl/libcurl using SSL/TLS support provided
+  by MS windows system libraries. Option is mutually exclusive with any other
+  SSL library. Default value is --without-winssl.
+  
+  --with-winssl option implies --with-sspi option.
+  
+  Option meaningful only for Windows builds.
+
+Guenter Knauf (13 Jun 2012)
+- Changed Schannel string to SSL-Windows-native.
+  
+  This is more descriptive for the user who might
+  not even know what schannnel is at all.
+
+Yang Tse (13 Jun 2012)
+- schannel: remove version number and identify its use with 'schannel' literal
+  
+  Version number is removed in order to make this info consistent with
+  how we do it with other MS and Linux system libraries for which we don't
+  provide this info.
+  
+  Identifier changed from 'WinSSPI' to 'schannel' given that this is the
+  actual provider of the SSL/TLS support. libcurl can still be built with
+  SSPI and without SCHANNEL support.
+
+Daniel Stenberg (12 Jun 2012)
+- singlesocket: remove dead code
+  
+  No need to check if 'entry' is non-NULL in a spot where it is already checked
+  and guaranteed to be non-NULL.
+  
+  (Spotted by a Coverity scan)
+
+- netrc: remove dead code
+  
+  Remove two states from the enum and the corresponding code for them as
+  these states were never reached or used.
+  
+  (Spotted by a Coverity scan)
+
+Yang Tse (12 Jun 2012)
+- Revert "connect.c/ftp.c: Fixed dereferencing pointer breakin strict-aliasing"
+  
+  This reverts commit 9c94236e6cc078a0dc5a78b6e2fefc1403e5375e.
+  
+  It didn't server its purpose, so lets go back to long-time working code.
+
+- socks_sspi.c: further cleanup
+
+- [Marc Hoersken brought this change]
+
+  socks_sspi.c: Clean up and removal of obsolete minor status
+  
+  Removed obsolete minor status variable and parameter of status function
+  which was never used or set at all. Also Curl_sspi_strerror does support
+  only one status and there is no need for a second sub status.
+
+Guenter Knauf (12 Jun 2012)
+- Removed trailing whitespaces.
+
+Yang Tse (12 Jun 2012)
+- strerror.c: make Curl_sspi_strerror() always return code for errors
+
+- curl_sspi.h: provide sspi status definitions missing in old headers
+
+- sspi: make Curl_sspi_strerror() libcurl's sspi status code string function
+
+- sspi: make Curl_sspi_strerror() libcurl's sspi status code string function
+
+Daniel Stenberg (11 Jun 2012)
+- Revert: 634f7cfee40d4658 partially
+  
+  Make sure CURL_VERSION_SSPI is present and works as in previous releases
+  for ABI and API compatibility reasons.
+
+- checksrc: shorten a few lines to comply
+
+- cleanup: remove trailing whitespace
+
+- [Marc Hoersken brought this change]
+
+  winbuild: Removed WITH_SSL=schannel and tie schannel to SSPI
+  
+  Removed specific WITH_SSL=schannel paramter that did not fit the general
+  schema and complicated the parameters. For now Schannel will be enabled
+  if SSPI is enabled and OpenSSL is disabled.
+
+- [Steve Holme brought this change]
+
+  Makefile.vc6: Added version.lib if built with SSPI
+
+- [Marc Hoersken brought this change]
+
+  winbuild: Updated winbuild scripts to add schannel
+
+- [Marc Hoersken brought this change]
+
+  mingw32: Fixed warning of USE_SSL being redefined
+
+- [Marc Hoersken brought this change]
+
+  sspi: Fixed incompatible parameter pointer type in Curl_sspi_version
+
+- [Marc Hoersken brought this change]
+
+  sspi: Updated RELEASE-NOTES, FEATURES and THANKS
+
+- [Marc Hoersken brought this change]
+
+  setup.h: Automatically define USE_SSL if USE_SCHANNEL is defined
+
+- [Marc Hoersken brought this change]
+
+  version: Replaced SSPI feature information with version string details
+  
+  Added Windows SSPI version information to the curl version string when
+  SCHANNEL SSL is not enabled, as the version of the library should also
+  be included when SSPI is used to generate security contexts.
+  
+  Removed SSPI from the feature list as the features are GSS-Negotiate,
+  NTLM and SSL depending on the usage of the SSPI library.
+
+- [Steve Holme brought this change]
+
+  sspi.c: Post Curl_sspi_version() rework code tidy up
+  
+  Removed duplicate blank lines.
+  Removed spaces between the not and test in various if statements.
+  Removed explicit test of NULL in an if statement.
+  Placed function returns on same line as function declarations.
+  Replaced the use of curl_maprintf() with aprintf() as it is the
+  preprocessor job to do this substitution if ENABLE_CURLX_PRINTF
+  is set.
+
+- [Steve Holme brought this change]
+
+  sspi: Reworked Curl_sspi_version() to return version components
+  
+  Reworked the version function to return four version components rather
+  than a string that has to be freed by the caller.
+
+- [Guenter Knauf brought this change]
+
+  configure.ac: Added -lversion if built with SSPI
+
+- [Marc Hoersken brought this change]
+
+  schannel: Code cleanup and bug fixes
+  
+  curl_sspi.c: Fixed mingw32-gcc compiler warnings
+  curl_sspi.c: Fixed length of error code hex output
+  
+  The hex value was printed as signed 64-bit value on 64-bit systems:
+  SEC_E_WRONG_PRINCIPAL (0xFFFFFFFF80090322)
+  
+  It is now correctly printed as the following:
+  SEC_E_WRONG_PRINCIPAL (0x80090322)
+  
+  curl_sspi.c: Fallback to security function table version number
+  Instead of reporting an unknown version, the interface version is used.
+  
+  curl_sspi.c: Removed SSPI/ version prefix from Curl_sspi_version
+  curl_schannel: Replaced static buffer sizes with defined names
+  curl_schannel.c: First brace when declaring functions on column 0
+  curl_schannel.c: Put the pointer sign directly at variable name
+  curl_schannel.c: Use structs directly instead of typedef'ed structs
+  curl_schannel.c: Removed space before opening brace
+  curl_schannel.c: Fixed lines being longer than 80 chars
+
+- [Marc Hoersken brought this change]
+
+  curl_sspi: Added Curl_sspi_version function
+  
+  Added new function to get SSPI version as string.
+  Added required library version.lib to makefiles.
+  Changed curl_schannel.c to use Curl_sspi_version.
+
+- [Guenter Knauf brought this change]
+
+  schannel: Updated mingw32 makefiles
+
+- [Marc Hoersken brought this change]
+
+  schannel: Replace ASCII specific code with general defines
+
+- [Marc Hoersken brought this change]
+
+  schannel: Added definitions which are missing in mingw32
+
+- [Marc Hoersken brought this change]
+
+  schannel: Moved interal struct types to urldata.h
+  
+  Moved type definitions in order to avoid inclusion loop
+
+- [Marc Hoersken brought this change]
+
+  schannel: Fixed compiler warnings about pointer type assignments
+
+- [Marc Hoersken brought this change]
+
+  schannel: Fixed critical typo in conditions and added buffer length checks
+
+- [Marc Hoersken brought this change]
+
+  sspi: Refactored socks_sspi and schannel to use same error message functions
+  
+  Moved the error constant switch to curl_sspi.c and added two new helper
+  functions to curl_sspi.[ch] which either return the constant or a fully
+  translated message representing the SSPI security status.
+  Updated socks_sspi.c and curl_schannel.c to use the new functions.
+
+- [Marc Hoersken brought this change]
+
+  schannel: Added special shutdown check for Windows 2000 Professional
+  
+  Windows 2000 Professional:  Schannel returns SEC_E_OK instead
+  of SEC_I_CONTEXT_EXPIRED. If the length of the output buffer
+  is zero and the first byte of the encrypted packet is 0x15,
+  the application can safely assume that the message was a
+  close_notify message and change the return value to
+  SEC_I_CONTEXT_EXPIRED.
+  
+  Connection shutdown does not mean that there is no data to read
+  Correctly handle incomplete message and ask curl to re-read
+  Fixed buffer for decrypted being to small
+  Re-structured read condition to be more effective
+  Removed obsolete verbose messages
+  Changed memory reduction method to keep a minimum buffer of size 4096
+
+- [Marc Hoersken brought this change]
+
+  schannel: Implemented SSL/TLS renegotiation
+  
+  Updated TODO information and added related MSDN articles
+
+- [Marc Hoersken brought this change]
+
+  schannel: Save session credential handles in session cache
+
+- [Marc Hoersken brought this change]
+
+  schannel: Code cleanup
+
+- [Marc Hoersken brought this change]
+
+  schannel: Check for required context attributes
+
+- [Marc Hoersken brought this change]
+
+  schannel: Allow certificate and revocation checks being deactivated
+
+- [Marc Hoersken brought this change]
+
+  schannel: Added SSL/TLS support with Microsoft Windows Schannel SSPI
+
+- [Marc Hoersken brought this change]
+
+  http: Replaced specific SSL libraries list in https_getsock fallback
+
+- [Marc Hoersken brought this change]
+
+  connect.c/ftp.c: Fixed dereferencing pointer breakin strict-aliasing
+  
+  Fixed warning: dereferencing pointer does break strict-aliasing rules
+  by using a union instead of separate pointer variables.
+  Internal union sockaddr_u could probably be moved to generic header.
+  Thanks to Paul Howarth for the hint about using unions for this.
+  
+  Important for winbuild: Separate declaration of sockaddr_u pointer.
+  The pointer variable *sock cannot be declared and initialized right
+  after the union declaration. Therefore it has to be a separate statement.
+
+- [Marc Hoersken brought this change]
+
+  curl_ntlm_msgs.c: Fixed passwdlen not being used and recalculated
+
+Yang Tse (11 Jun 2012)
+- tests: fix test definitions # 1355, 1363, 1385 and 1393
+  
+  -i without HTTP protocol shall not include headers in the output
+
+Daniel Stenberg (10 Jun 2012)
+- Curl_pgrsDone: return int and acknowledge return code
+  
+  Since Curl_pgrsDone() itself calls Curl_pgrsUpdate() which may return an
+  abort instruction or similar we need to return that info back and
+  subsequently properly handle return codes from Curl_pgrsDone() where
+  used.
+  
+  (Spotted by a Coverity scan)
+
+Steve Holme (10 Jun 2012)
+- [Marc Hoersken brought this change]
+
+  winbuild: Fixed environment variables being lost
+  
+  Fixed USE_IPV6 and USE_IDN not being passed
+  from Makefile.vc to MakefileBuild.vc
+  Fixed whitespace and formatting issues
+  Fixed typo and format in help message
+
+Guenter Knauf (9 Jun 2012)
+- Added metalink support to NetWare builds.
+
+Steve Holme (9 Jun 2012)
+- smtp.c: Removed unused variable
+
+- smtp: Post apop feature code tidy up
+
+- pop3: Post apop feature code tidy up
+
+- pop3: Added support for apop authentication
+
+- pop3: Enhanced the extended authentication mechanism detection
+  
+  Enhanced the authentication type / mechanism detection in preparation
+  for the introduction of APOP support.
+
+- pop3.c: Fixed length of SASL check
+
+Yang Tse (9 Jun 2012)
+- Fixes allowing 26 more test cases in 1334 to 1393 range to succeed
+
+- tests: fix test definitions # 1370 and 1371
+  
+  -J without -O shall not honor C-D filename
+
+Daniel Stenberg (9 Jun 2012)
+- OpenSSL: support longer certificate subject names
+  
+  Previously it would use a 256 byte buffer and thus cut off very long
+  subject names. The limit is now upped to the receive buffer size, 16K.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3533045
+  Reported by: Anthony G. Basile
+
+Kamil Dudka (8 Jun 2012)
+- ssl: fix duplicated SSL handshake with multi interface and proxy
+  
+  Bug: https://bugzilla.redhat.com/788526
+  Reported by: Enrico Scholz
+
+Daniel Stenberg (8 Jun 2012)
+- tool_getparam.h: fix compiler error
+  
+  forward declare the Configurable struct
+
+- metalink: restore some includes
+  
+  Commit eeeba1496cbca removed them and thus broke my Linux build
+
+- openldap: OOM fixes
+  
+  when calloc fails, return error! (Detected by Fortify)
+  
+  Reported by: Robert B. Harris
+
+Steve Holme (8 Jun 2012)
+- sasl: Re-factored mechanism constants in preparation for APOP work
+
+Yang Tse (8 Jun 2012)
+- metalink: build fixes and adjustments II
+  
+  Additionally, make hash checking ability mandatory in order to allow metalink
+  support in curl.
+  
+  A command line option could be introduced to skip hash checking at runtime,
+  but the ability to check hashes should always be built-in when providing
+  metalink support.
+
+Guenter Knauf (8 Jun 2012)
+- Added metalink support to MinGW builds.
+
+Daniel Stenberg (7 Jun 2012)
+- log2changes.pl: fix the Version output
+  
+  Previously it could easily wrongly get repeated
+
+Yang Tse (7 Jun 2012)
+- metalink: build fixes and adjustments I
+
+Daniel Stenberg (7 Jun 2012)
+- lib554.c: use curl_formadd() properly
+  
+  The length/size options take longs so make sure to pass on such types.
+  
+  Reported by: Neil Bowers
+  Bug: http://curl.haxx.se/mail/lib-2012-06/0001.html
+
+Steve Holme (7 Jun 2012)
+- smtp.c: Re-factored the smtp_state_*_resp() functions
+  
+  Re-factored the smtp_state_*_resp() functions to 1) Match the constants
+  that were refactored in commit 00fddba6727c, 2) To be more readable and
+  3) To match their counterparties in pop3.c.
+
+Yang Tse (7 Jun 2012)
+- Fixes allowing HTTP test cases 1338, 1339, 1368 and 1369 to succeed
+
+- tests 1364 to 1393: several -o filename -J -i -D combinations for HTTP and FTP
+
+- tests 1348 to 1363: test definition polishing
+  
+  Verify that the "Saved to filename 'blabla'" message is only displayed when
+  the 'blabla' filename being used _actually_ has been specified by the server
+  in the Content-Disposition header.
+  
+  Use relative path for unintended file creation postcheck.
+
+Steve Holme (6 Jun 2012)
+- smtp: Re-factored the SMTP_AUTH* state machine constants
+  
+  Re-factored the SMTP_AUTH* constants, that are used by the state
+  machine, to be clearer to read.
+
+Guenter Knauf (6 Jun 2012)
+- Added hint for pkg-config wrapper script.
+
+- Updated Android section with recent NDK.
+  
+  The r7b had some bugs, and shouldnt be used.
+
+Yang Tse (6 Jun 2012)
+- Disable non-HTTP header related tests
+  
+  These now detect incompleate header data and fail
+
+- tests 1348 to 1363: compleate header data part of test definition
+
+- tests 1334 to 1363 revisited.
+  
+  Add a postcheck section to verify unintended file creation.
+  
+  Remove needless <file> checks in verify section. Renumbering where appropriate.
+
+- tests: adjust file part behavior in test verify section.
+  
+  When a <file> part is now specified with no contents at all, this
+  will actually verify that the specified file has no contents at all.
+  Previously file contents would be ignored.
+
+Steve Holme (5 Jun 2012)
+- smtp.c: Removed whitespace
+
+- pop3: Another small code tidy up
+  
+  Missed some comments that we identified during the SMTP tidy up earlier.
+
+- smtp: Post authentication code tidy up
+  
+  Corrected lines longer than 78 characters.
+  
+  Removed unnecessary braces in smtp_state_helo_resp().
+  
+  Introduced some comments in data sending functions.
+  
+  Tidied up comments to match changes made in pop3.c.
+
+Yang Tse (5 Jun 2012)
+- tests 1348 to 1363: add a comma in test description
+
+Steve Holme (5 Jun 2012)
+- email: Removed duplicated header file
+
+- sasl: Renamed Curl_sasl_decode_ntlm_type2_message()
+  
+  For consistency with other SASL based functions renamed this function
+  to Curl_sasl_create_ntlm_type3_message() which better describes its
+  usage.
+
+- pop3: Post authentication code tidy up
+  
+  Corrected lines longer than 78 characters.
+  
+  Changed POP3_AUTH_FINAL to POP3_AUTH to match SMTP code now that the
+  AUTH command is no longer sent on its own.
+  
+  Introduced some comments in data sending functions.
+  
+  Another attempt at trying to rational code and comment style.
+
+- pop3: Added support for sasl digest-md5 authentication
+
+Yang Tse (4 Jun 2012)
+- sasl: add reference for curl_sasl
+
+- Makefile.inc: tab adjustment
+
+Daniel Stenberg (4 Jun 2012)
+- pop3 tests: CAPA instead of AUTH
+  
+  After Steve's commit e336bc7c42c7340 test 1319 and 1407 need to check
+  for CAPA instead of AUTH.
+
+Steve Holme (4 Jun 2012)
+- sasl: Added service parameter to Curl_sasl_create_digest_md5_message()
+  
+  Added a service type parameter to Curl_sasl_create_digest_md5_message()
+  to allow the function to be used by different services rather than being
+  hard coded to "smtp".
+
+Yang Tse (4 Jun 2012)
+- tests 1356 to 1363: several -O -J -i -D combinations with FTP protocol
+  
+  Currently 1356 to 1362 succeed but a write failure is logged in traceNNNN.
+  
+  Currently 1363 fails, so disabled for now.
+
+Steve Holme (4 Jun 2012)
+- tests: Updated pop3 tests for change in auth mechanism detection
+
+- pop3: Changed the sasl mechanism detection from auth to capa
+  
+  Not all SASL enabled POP3 servers support the AUTH command on its own
+  when trying to detect the supported mechanisms. As such changed the
+  mechanism detection to use the CAPA command instead.
+
+Daniel Stenberg (4 Jun 2012)
+- curl_easy_setopt.3: proto updates + cleanups
+  
+  - For all *FUNCTION options, they now all show the complete prototype in
+    the description. Previously some of them would just refer to a
+    typedef'ed function pointer in the curl.h header.
+  
+  - I made the phrasing of that "Pass a pointer to a function that matches
+    the following prototype" the same for all *FUNCTION option descriptions.
+  
+  - I removed some uses of 'should'. I think I sometimes over-use this
+    word as in many places I actually mean MUST or otherwise more specific
+    and not-so-optional synonyms.
+
+Yang Tse (4 Jun 2012)
+- tests 1348 to 1355: several -O -J -i -D combinations with FTP protocol
+  
+  Currently 1348 to 1354 succeed but a write failure is logged in traceNNNN.
+  
+  Currently 1355 fails, so disabled for now.
+
+- tests 1346 to 1347: several -O -J -i -D combinations with HTTP protocol
+
+Steve Holme (4 Jun 2012)
+- sasl: Small code tidy up
+  
+  Reworked variable names in Curl_sasl_create_cram_md5_message() to match
+  those in Curl_sasl_create_digest_md5_message() as they are more
+  appropriate.
+
+- sasl: Moved digest-md5 authentication message creation from smtp.c
+  
+  Moved the digest-md5 message creation from smtp.c into the sasl module
+  to allow for use by other modules such as pop3.
+
+- sasl: Small code tidy up before moving digest-md5 over
+  
+  Correction of comments and variable names.
+
+- RELEASE-NOTES: Added missing addition of sasl login support
+
+- pop3: Added support for sasl cram-md5 authentication
+
+Daniel Stenberg (3 Jun 2012)
+- Curl_sasl_create_plain_message: remove TAB
+
+Steve Holme (3 Jun 2012)
+- sasl: Small code tidy up
+  
+  Added some comments and removed an unreferenced variable.
+
+- pop3.c: Added conditional compilation for NTLM function calls
+  
+  Added USE_NTLM condition compilation around the NTLM functions called
+  from pop3_statemach_act() introduced in commit 69f7156ad96877.
+
+- sasl: Moved cram-md5 authentication message creation from smtp.c
+  
+  Moved the cram-md5 message creation from smtp.c into the sasl module
+  to allow for use by other modules such as pop3.
+
+- pop3: Fixed an issue with changes introduced in commit c267c53017bc
+  
+  Because pop3_endofresp() is called for each line of data yet is not
+  passed the line and line length, so we have to use the data pointed to
+  by pp->linestart_resp which contains the whole packet, the mechanisms
+  were being detected in one call yet the function would be called for
+  each line of data.
+  
+  Using curl with verbose mode enabled would show that one line of data
+  would be received in response to the AUTH command, before the AUTH
+  <mechanism> command was sent to the server and then the next few lines
+  of the original AUTH command would be displayed before the response from
+  the AUTH <mechanism> command. This would then cause problems when
+  parsing the CRAM-MD5 challenge data as extra data was contained in the
+  buffer.
+  
+  Changed the parsing so that each line is checked for the mechanisms
+  and the function returns FALSE until the whole of the AUTH response has
+  been processed.
+
+Daniel Stenberg (3 Jun 2012)
+- version: bump to 7.27.0 for next release
+  
+  Due to new features
+
+- RELEASE-NOTES: synced with c4e3578e4bf
+  
+  Also bumped the contributor number and next release is to become 7.27.0
+
+- THANKS: 16 new contributors from the 7.26.0 release
+
+Steve Holme (3 Jun 2012)
+- DOCS: Fixed list in Section 18.2 not displaying correctly on web site
+
+- DOCS: Corrected missed heading renumbering from commit 530675a1ad7
+
+- DOCS: Added IMAP and LDAP sections
+  
+  Added new sections 11. IMAP and 12. LDAP to document adding SASL based
+  authentication.
+  
+  Renumbered current sections 11 to 17 as 13 to 19.
+  
+  Additionally added 19.10 Add CURLOPT_MAIL_CLIENT option.
+
+- sasl.c: Fix to avoid warnings introduced in commit d9ca9e9869e8
+  
+  Applied a fix to avoid warnings on systems where Curl_ntlm_sspi_cleanup()
+  is just a nop.
+
+- pop3.c:Corrected typo in commit 69ba0da8272d
+
+- pop3: Fixed the issue of having to supply the user name for all requests
+  
+  Previously it wasn't possible to connect to POP3 and not specify the
+  user name as a CURLE_ACCESS_DENIED error would be returned. This error
+  occurred because USER would be sent to the server with a blank user name
+  if no mailbox user was specified as the server would reply with -ERR.
+  
+  This wasn't a problem prior to the 7.26.0 release but with the
+  introduction of custom commands the user and/or application developer
+  might want to issue a CAPA command without having to log in as a
+  specific mailbox user.
+  
+  Additionally this fix won't send the newly introduced AUTH command if no
+  user name is specified.
+
+- pop3.c: Small code tidy up
+  
+  Corrected lines exceeding 78 characters.
+  
+  Repositioned some comments and added extra clarity.
+
+- sasl: Corrected variable names in comments and parameters
+
+- pop3: Added support for sasl ntlm authentication
+
+- sasl: Small comment style tidy up following ntlm commit
+
+- sasl: Moved ntlm authentication message handling from smtp.c
+  
+  Moved the ntlm message creation and decoding from smtp.c into the sasl
+  module to allow for use by other modules such as pop3.
+
+- pop3: Added support for sasl login authentication
+
+Yang Tse (1 Jun 2012)
+- tests 1334 to 1345: several -O -J -i -D combinations with HTTP protocol
+
+- tests: support test definitions with up to 5 file checks in <verify> section
+  
+  This is done introducing tags <file1> to <file4> besides existing <file> one,
+  as well as corresponding <stripfile1> to <stripfile4> ones, that can be used
+  in the <verify> section in the same way as the non-numbered ones.
+
+Steve Holme (31 May 2012)
+- sasl: Moved login authentication message creation from smtp.c
+  
+  Moved the login message creation from smtp.c into the sasl module
+  to allow for use by other modules such as pop3.
+
+- smtp.c: Reworked message encoding in smtp_state_authpasswd_resp()
+  
+  Rather than encoding the password message itself the
+  smtp_state_authpasswd_resp() function now delegates the work to the same
+  function that smtp_state_authlogin_resp() and smtp_authenticate() use
+  when constructing the encoded user name.
+
+- smtp.c: Re-factored smtp_auth_login_user() for use with passwords
+  
+  In preparation for moving to the SASL module re-factored the
+  smtp_auth_login_user() function to smtp_auth_login() so that it can be
+  used for both user names and passwords as sending both of these under
+  the login authentication mechanism is the same.
+
+- pop3: Added support for sasl plain text authentication
+
+- curl_ntlm_msgs.c: Corrected small spelling mistake in comments
+
+- sasl: Moved plain text authentication message creation from smtp.c
+  
+  Moved the plain text message creation from smtp.c into the sasl module
+  to allow for use by other modules such as pop3.
+
+Yang Tse (30 May 2012)
+- configure: fix LDAPS disabling related misplaced closing parenthesis
+
+- pop3 test server: allow pop3 test server verification to succeed again
+  
+  Introduce SUPPORTCAPA and SUPPORTAUTH config commands to allow further
+  pop3 test server expansion for tests that require CAPA or AUTH support,
+  although this will need some extra work to make it fully functional.
+
+Steve Holme (28 May 2012)
+- pop3: Introduced the continue response in pop3_endofresp()
+
+- pop3: Changed response code from O and E to + and -
+  
+  The POP3 protocol doesn't really have the concept of error codes and
+  uses +, +OK and -ERR in response to commands to indicate continue,
+  success and error.
+  
+  The AUTH command is one of those commands that requires multiple pieces
+  of data to be sent to the server where the server will respond with + as
+  part of the handshaking. This meant changing the values before
+  continuing with the next stage of adding authentication support.
+
+- pop3: Small code tidy up following authentication work so far
+  
+  Changed the order of the state machine to match the order of actual
+  events.
+  
+  Reworked some comments and function parameter positioning that I missed
+  the other day.
+
+Kamil Dudka (28 May 2012)
+- nss: use human-readable error messages provided by NSS
+  
+  Bug: http://lists.baseurl.org/pipermail/yum-devel/2012-January/009002.html
+
+Daniel Stenberg (27 May 2012)
+- test1013.pl: filter out Metalink
+  
+  Since it isn't a feature supported by curl-config we can't compare that
+  with the --version output
+
+- pop3: remove variable-not-used warnings
+
+Steve Holme (27 May 2012)
+- DOCS: Corrected the "Added in" version number for CURLOPT_MAIL_AUTH
+  
+  Additionally corrected another RFC link that I missed yesterday.
+
+- pop3: Added support for SASL based authentication mechanism detection
+  
+  Added support for detecting the supported SASL authentication mechanisms
+  via the AUTH command. There are two ways of detecting them, either by
+  using the AUTH command, that will return -ERR if not supported or by
+  using the CAPA command which will return SASL and the list of mechanisms
+  if supported, not include SASL if SASL authentication is not supported
+  or -ERR if the CAPA command is not supported. As such it seems simpler
+  to use the AUTH command and fallback to normal clear text authentication
+  if the the command is not supported.
+  
+  Additionally updated the test cases to return -ERR when the AUTH command
+  is encountered. Additional test cases will be added when support for the
+  individual authentication mechanisms is added.
+
+Daniel Stenberg (27 May 2012)
+- pop3: remove trailing whitespace
+
+Steve Holme (27 May 2012)
+- pop3: Code tidy up before the introduction of authentication code
+  
+  Moved EOB definition into header file.
+  
+  Switched the logic around in pop3_endofresp() to allow for the
+  introduction of auth-mechanism detection.
+  
+  Repositioned second and third function variables where they will fit
+  within the 78 character line limit.
+  
+  Tidied up some comments.
+
+Guenter Knauf (27 May 2012)
+- Enabled OpenSSL static linkage.
+
+- Enabled OpenSSL static linkage.
+
+- Try to detect OpenSSL build type automatically.
+
+Daniel Stenberg (26 May 2012)
+- metalink: fix build errors when disabled
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  Reduced #ifdef HAVE_METALINK
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  Disable hash check if neither OpenSSL nor GNUTLS is installed.
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  Format GETOUT_METALINK nicely
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  Minimize usage of structs from libmetalink
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  Check checksum of downloaded file if checksum is available
+  
+  Metalink file contains several hash types of checksums, such as
+  md5, sha-1, sha-256, etc. To deal with these checksums, I created
+  abstraction layer based on lib/curl_md5.h and
+  lib/md5.c. Basically, they are almost the same but I changed the
+  code so that it is not hash type dependent. Currently,
+  GNUTLS(nettle or gcrypt) and OpenSSL functions are supported.
+  
+  Checksum checking is done by reopening download file.  If there
+  is an I/O error, the current implementation just prints error
+  message and does not try next resource.
+  
+  In this patch, the supported hash types are: md5, sha-1 and sha-256.
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  Always create directory hierarchy for Metalink.
+  
+  Filenames contained in Metalink file can include directory information.
+  Filenames are unique in Metalink file, taking into account the directory
+  information. So we need to create the directory hierarchy.
+  
+  Curl has --create-dirs option, but we create directory hierarchy for
+  Metalink downloads regardless of the option value.
+  
+  This patch also put metalink int variable outside of HAVE_LIBMETALINK
+  guard. This reduces the number of #ifdefs.
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  Fixed segmentation fault when Metalink has no valid file or no resource.
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  Support media-type parameter in Content-Type
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  Print "Metalink" in Features if Metalink support is enabled.
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  Removed trailing space
+
+- [ant brought this change]
+
+  Add --metalink to --help
+
+- [ant brought this change]
+
+  Add Metalink information and --metalink option to man page
+
+- [ant brought this change]
+
+  Add Metalink information and --metalink option to man page
+
+- [ant brought this change]
+
+  Adds Metalink information to INSTALL
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  --metalink option is available regardless of Metalink support.
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  metalink: parse downloaded Metalink file
+  
+  Parse downloaded Metalink file and add downloads described there. Fixed
+  compile error without metalink support.
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  Fixed HAVE_LIBMETALINK conditional is always true
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  metalink: minor metalinkfile fix
+  
+  Don't update config->metalinkfile_last in operate(). Use local variable
+  to point to the current metalinkfile.
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  metalink: show help message even if disabled
+  
+  Print message if --metalink is used while metalink support is not
+  enabled. Migrated Metalink support in tool_operate.c and removed
+  operatemetalink().
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  Applied patches from Daniel
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  Support Metalink.
+  
+  This change adds experimental Metalink support to curl.
+  To enable Metalink support, run configure with --with-libmetalink.
+  To feed Metalink file to curl, use --metalink option like this:
+  
+    $ curl -O --metalink foo.metalink
+  
+  We use libmetalink to parse Metalink files.
+
+Steve Holme (26 May 2012)
+- DOCS: Fixed line spacing of authentication examples in CURLOPT_URL
+
+- DOCS: Changed domain names in various examples to example.com
+  
+  Updated various references of real domain names to example.com as per
+  RFC-2606.
+
+- DOCS: Fixed meaning of bit 2 in CURLOPT_POSTREDIR
+  
+  Setting bit 2 for this value was documented as having a constant value
+  defined as CURL_REDIR_POST_303 yet referenced a 302 request.
+  
+  Additionally corrected the meaning of CURL_REDIR_POST_ALL for all three
+  bits and fixed problems with the bolding of keywords in this section.
+
+- DOCS: Standardised how RFCs are referenced.
+  
+  Standardised how RFCs are referenced so that the website may autolink to
+  the correct documentation on ietf.org. Additionally removed the one link
+  to RFC3986 on curl.haxx.se.
+
+Yang Tse (26 May 2012)
+- Fix libcurl.pc and curl-config generation for static MingW* cross builds
+
+Daniel Stenberg (25 May 2012)
+- [Tatsuhiro Tsujikawa brought this change]
+
+  Made -D option work with -O and -J.
+  
+  To achieve this, first new structure HeaderData is defined to hold
+  necessary data to perform header-related work.  Then tool_header_cb now
+  receives HeaderData pointer as userdata.  All header-related work
+  (currently, dumping header and Content-Disposition inspection) are done
+  in this callback function.  HeaderData.outs->config is used to determine
+  whether each work is done.
+  
+  Unit tests were also updated because after this change, curl code always
+  sets CURLOPT_HEADERFUNCTION and CURLOPT_HEADERDATA.
+  
+  Tested with -O -J -D, -O -J -i and -O -J -D -i and all worked fine.
+
+Steve Holme (25 May 2012)
+- sasl: Re-factored auth-mechanism constants to be more generic
+
+- smtp: Moved auth-mechanism constants into a separate header file
+  
+  Move the SMTP_AUTH constants into a separate header file in
+  preparation for adding SASL based authentication to POP3 as the two
+  protocols will need to share them.
+
+Kamil Dudka (25 May 2012)
+- nss: avoid using explicit casts of code pointers
+
+Steve Holme (24 May 2012)
+- DOCS: Added LDAP to the CURLOPT_URL section
+
+- TODO: Removed DIGEST-MD5 authentication from SMTP to do list
+  
+  Removed DIGEST-MD5 from Section 9.1 Other authentication mechanisms as
+  the feature was added to SMTP in 7.26.0.
+  
+  Also corrected small spelling mistake.
+
+Daniel Stenberg (24 May 2012)
+- bump to 7.26.1: start working towards next release
+
+Version 7.26.0 (24 May 2012)
+
+Daniel Stenberg (24 May 2012)
+- RELEASE-NOTES: synced with ef60fdbd73
+  
+  Just before 7.26.0 is about to ship
+
+Steve Holme (22 May 2012)
+- smtp: Fixed an issue with the multi-interface always sending postdata
+  
+  Due to the result code being reset to CURLE_OK when smtp_dophase_done()
+  was called, postdata would incorrectly be sent to the server when the
+  MAIL FROM or RCPT command was rejected.
+  
+  As such, libcurl would return the wrong result code from performing the
+  operation and additionally set CURLINFO_RESPONSE_CODE to be that
+  returned by the postdata command.
+  
+  Bug: http://curl.haxx.se/mail/lib-2012-05/0108.html
+  Reported by: Gokhan Sengun
+
+- DOCS: Updated version number for features added in the pending release
+
+Daniel Stenberg (22 May 2012)
+- [Tatsuhiro Tsujikawa brought this change]
+
+  Fixed compile error with GNUTLS+NETTLE
+  
+  In nettle/md5.h, md5_init and md5_update are defined as macros to
+  nettle_md5_init and nettle_md5_update respectively.  This causes
+  error when using MD5_params.md5_init and md5_update.  This patch
+  renames these members as md5_init_func and md5_update_func to
+  avoid name conflict. For completeness, MD5_params.md5_final was
+  also renamed as md5_final_func.
+  
+  The changes in curl_ntlm_core.c is conversion error and fixed by
+  casting to proper type.
+
+- TODO-RELEASE: mention the pending biggies for 7.27.0
+
+- [Jan Ehrhardt brought this change]
+
+  winbuild: fix IPv6 enabled build
+  
+  The existing check was wrong so IPv6 support would never be enabled
+
+- 7.26.0: will be the next release version
+
+- RELEASE-NOTES: synced with 8ae1e657e82a
+  
+  And mention that this will become 7.26.0
+
+Guenter Knauf (22 May 2012)
+- Updated dependency libary versions.
+
+Daniel Stenberg (20 May 2012)
+- curl-config.1: fix curl-config usage in example
+  
+  The curl-config command must be used twice in the single command line to
+  work properly in some environments.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3528241
+  Reported by: Julian Taylor
+
+Steve Holme (17 May 2012)
+- smtp: Fixed non-escaping of dot character at beginning of line
+  
+  A dot character at the beginning of a line would not be escaped to a
+  double dot as required by RFC-2821, instead it would be deleted by the
+  mail server. Please see section 4.5.2 of the RFC for more information.
+  
+  Note: This fix also simplifies the detection of repeated CRLF.CRLF
+  combinations, such as CRLF.CRLF.CRLF, a little rather than having to
+  advance the eob counter to 2.
+
+Daniel Stenberg (16 May 2012)
+- FAQ: updated 1.10 How many are using curl?
+  
+  Now linking to http://daniel.haxx.se/blog/2012/05/16/300m-users/
+
+- disable-versioned-symbols: removed superfluous 'fi'
+  
+  The commit e315927a1a left this in
+
+- MakefileBuild.vc: use the correct IDN variable
+  
+  The variable that control IDN enablement is called USE_IDN within these
+  Makefiles
+
+- [Pierre Chapuis brought this change]
+
+  autoconf: improve handling of versioned symbols
+  
+  It checks whether versioned symbols should be enabled before checking
+  whether it is possible (i.e. the linker supports --version-script) or
+  not. This avoids a useless warning when building cURL on a platform that
+  does not use GNU ld.
+  
+  Moreover, it fixes broken indentation of this chunk of code.
+
+- curl.1: clarify -x usage
+  
+  1 - fix the syntax in the .IP line
+  
+  2 - Provided user names and passwords are URL decoded by libcurl
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3525935
+
+- NTLM: is supported in GnuTLS builds too
+  
+  ... since commit 9a4c887c4a7 introduced in libcurl 7.19.4
+
+- TODO: happy eyeballs is now RFC6555
+
+- my_useragent: shorten user-agent
+  
+  The built-in user-agent will now only say curl/[version] and nothing
+  else in an attempt to decrease overhead in HTTP requests.
+
+- CURLOPT_HEADERFUNCTION: works for non-HTTP protocols too
+
+Claes Jakobsson (3 May 2012)
+- Add note about default timeout in CURLOPT_TIMEOUT
+
+Daniel Stenberg (2 May 2012)
+- [Gokhan Sengun brought this change]
+
+  MD5: OOM fix
+  
+  check whether md5 initialization succeeded before updating digest of
+  buffers onto it
+
+- REALEASE-NOTES: synced with 64f48e884e3c1
+
+- [Jan Schaumann brought this change]
+
+  add newly created manual page
+
+- [Jan Schaumann brought this change]
+
+  add a manual page for mk-ca-bundle
+
+Guenter Knauf (26 Apr 2012)
+- Updated dependency lib versions.
+
+Daniel Stenberg (23 Apr 2012)
+- URL parse: reject numerical IPv6 addresses outside brackets
+  
+  Roman Mamedov spotted (in
+  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670126) that curl would
+  not complain when given a URL with an IPv6 numerical address without
+  brackets. It would simply cut off the last ":[hex]" part and thus not
+  work correctly.
+  
+  That's a URL using an illegal syntax and now libcurl will instead return
+  a clear error code and error message detailing the error.
+  
+  The above mentioned bug report claims this to be a regression but
+  libcurl does not guarantee functionality when given URLs that aren't
+  following the URL spec (RFC3986 mostly). I consider the fact that it
+  used to handle this differently a mere coincidence.
+
+- Curl_MD5_init: fix OOM memory leak
+  
+  Bug: http://curl.haxx.se/mail/lib-2012-04/0246.html
+  Reported by: Michael Mueller
+
+- [Gokhan Sengun brought this change]
+
+  OpenSSL cert: provide more details when cert check fails
+  
+  curl needs to be more chatty regarding certificate verification failure
+  during SSL handshake
+
+Yang Tse (23 Apr 2012)
+- Revert "sspi: Added version information"
+  
+  This reverts commit 2976de480808119dae08fc6f52c8d75ba1aedb1a.
+
+- Revert "sspi - Small code tidy up"
+  
+  This reverts commit 46cd5f1daddad3b3e542e6d93eee52e8bb9a8687.
+
+- Revert "Fixed 'extra tokens at end of #endif directive'."
+  
+  This reverts commit 77172a242fc0c820f97eae39d0e3e0f265222fe6.
+
+- Revert "Fixed 'Trailing whitespace' found by checksrc."
+  
+  This reverts commit 683bfa60ad0b52505947e59b03515e5f44378523.
+
+- Revert "sspi: Code tidy up to remove unused variable."
+  
+  This reverts commit 412510f97407d617426d93b80e6b6bf0a8ff11ac.
+
+- Revert "Add -lversion if build with SSPI."
+  
+  This reverts commit 9ec0b7e0c44d29eca6f45916fe5af3501168fe85.
+
+Guenter Knauf (23 Apr 2012)
+- Add -lversion if build with SSPI.
+
+Steve Holme (22 Apr 2012)
+- sspi: Code tidy up to remove unused variable.
+
+Guenter Knauf (22 Apr 2012)
+- Fixed 'Trailing whitespace' found by checksrc.
+
+- Fixed 'extra tokens at end of #endif directive'.
+
+Steve Holme (22 Apr 2012)
+- sspi - Small code tidy up
+
+- sspi: Added version information
+  
+  Added version information for Windows SSPI to curl's main version
+  string and removed SSPI from the features string.
+
+Daniel Stenberg (20 Apr 2012)
+- HTTP: empty chunked POST ended up in two zero size chunks
+  
+  When doing a chunked-encoded POST with -d (CURLOPT_POSTFIELDS) and the
+  size of the POST was zero length, it made libcurl first send a zero
+  chunk and then the terminating one. This could confuse a receiver and it
+  should rather just send the terminating chunk as it does with this fix.
+  
+  Test case 1333 is added to verify.
+  
+  Bug: http://curl.haxx.se/mail/archive-2012-04/0060.html
+  Reported by: Arnaud Compan
+
+Guenter Knauf (20 Apr 2012)
+- Updated dependency lib versions.
+
+Daniel Stenberg (19 Apr 2012)
+- singleipconnect: return OK even when Curl_socket() fails
+  
+  Commit 9109cdec11ee5a brought this regression (shipped since 7.24.0).
+  
+  The singleipconnect() function must not return an error if Curl_socket()
+  returns an error. It should then simply return OK and pass a SOCKET_BAD
+  back simply because that is how the user of this function expects it to
+  work and something else is not fine.
+  
+  Reported by: Blaise Potard
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3516508
+
+Yang Tse (19 Apr 2012)
+- Take in account that CURLAUTH_* bitmasks are now 'unsigned long' - follow-up
+  
+  MIPSPro compiler detected curl_easy_getinfo() related missing adjustments.
+  SunPro compiler detected curl tool --libcurl option related missing adjustments.
+
+- url.c: CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH fixes
+  
+  Fail with CURLE_NOT_BUILT_IN when none of requested auth methods is supported.
+  
+  Reject CURLAUTH_ONLY bit when given alone or with CURLAUTH_NONE.
+
+- Take in account that CURLAUTH_* bitmasks are now 'unsigned long'
+  
+  Data type of internal vars holding CURLAUTH_* bitmasks changed from 'long' to
+  'unsigned long' for proper handling and operating.
+
+- curl.h: CURLAUTH_* bitmasks adjusted to become 'unsigned long' typed
+  
+  Info: http://curl.haxx.se/mail/lib-2012-04/0170.html
+
+- Some explicit conversion to 'long' of curl_easy_setopt() third argument
+  
+  Explicit conversion to 'long' of curl_easy_setopt() third argument for options
+  CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH given that this is how its bitmasks are
+  docummented to be used.
+
+- build adjustments: commit 9e24b9c7 follow-up
+
+Daniel Stenberg (17 Apr 2012)
+- -# progress meter: avoid superfluous updates and duplicate lines
+  
+  By comparing if a different "progress point" is reached or not since the
+  previous update, the progress function callback for this now avoids many
+  superfluous screen updates. This has the nice side-effect that it fixes
+  a problem that causes a second progress meter line.
+  
+  The second line output happened because when we use the -# progress
+  meter, we force a newline output after the transfer in the main loop in
+  curl, but when libcurl calls the progress callback from
+  curl_easy_cleanup() it would then output the progress display
+  again. Possibly the naive newline output is wrong but this optimization
+  was suitable anyway...
+  
+  Reported by: Daniel Theron
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3517418
+
+Yang Tse (16 Apr 2012)
+- nss.c: fix compiler warning
+
+- curl-compilers.m4: -Wno-pedantic-ms-format for Windows gcc 4.5 builds
+  
+  When building a Windows target with gcc 4.5 or newer and strict compiler
+  warnings enabled use -Wno-pedantic-ms-format in addition to other flags.
+
+Kamil Dudka (16 Apr 2012)
+- tests/valgrind.pm: suppress memleaks of NSS_InitContext()
+  
+  Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=745224
+
+Yang Tse (14 Apr 2012)
+- setup_once.h: tighten requirements for stdbool.h header inclusion
+  
+  Include stdbool.h only when it is available and configure is capable of
+  detecting a proper 'bool' data type when the header is included.
+  
+  Compilation fix for old or unpatched versions of XL C compiler.
+  
+  Report: http://curl.haxx.se/mail/archive-2012-04/0022.html
+
+- headers: require GCC 2.7 or newer in order to allow attribute GCC'isms usage
+  
+  Usage in other code paths already protected and requiring even newer versions.
+
+- [Jonathan Nieder brought this change]
+
+  headers: surround GCC attribute names with double underscores
+  
+  This protects from attribute names being defined by third party's code.
+  
+  Improvement: http://curl.haxx.se/mail/lib-2012-04/0127.html
+
+Guenter Knauf (13 Apr 2012)
+- Updated copyright year.
+
+Yang Tse (13 Apr 2012)
+- testcurl.pl: build example programs for Android cross-compiles
+
+- nss.c: fix compiler warning
+
+- examples: fix compiler warnings
+
+Kamil Dudka (13 Apr 2012)
+- nss: provide human-readable names for NSS errors
+
+- nss: use NSS_InitContext() to initialize NSS if available
+  
+  NSS_InitContext() was introduced in NSS 3.12.5 and helps to prevent
+  collisions on NSS initialization/shutdown with other libraries.
+  
+  Bug: https://bugzilla.redhat.com/738456
+
+- nss: unconditionally require PK11_CreateGenericObject()
+  
+  This bumps the minimal supported version of NSS to 3.12.x.
+
+Guenter Knauf (13 Apr 2012)
+- Set batch mode to 755 to make Cygwin git pulls work.
+
+- Added section for Android configure cross-compile.
+
+- Added NetWare export.
+
+Yang Tse (12 Apr 2012)
+- testcurl.pl: build example programs for MinGW cross-compiles
+
+- tool_operate.c: fix compiler warning
+
+- url.c: fix compiler warning
+
+Guenter Knauf (12 Apr 2012)
+- Updated dependency lib versions (2nd try).
+
+- Updated dependency lib versions.
+
+Yang Tse (12 Apr 2012)
+- tool_formparse.c: rename a couple of vars to avoid declaration shadowing
+
+- OS400/initscript.sh: fix db2_name() module name generation
+  
+  Allow repeatable file name length reduction on file names with underscore or
+  dash characters. This is done in order to better support libcurl's existing
+  source file names and allow OS/400 package to build out of the box again.
+
+- testcurl.pl: log more environment vars that modify configure and build behavior
+
+- configure: NATIVE_WINDOWS no longer defined in config files
+
+- build adjustments: CURL_HIDDEN_SYMBOLS no longer defined in config files
+  
+  configure script now provides conditional definitions for Makefile.am
+  that result in CURL_HIDDEN_SYMBOLS being defined by resulting makefiles
+  when appropriate.
+  
+  Additionally, configure script option for symbol hiding control is now
+  named --enable-symbol-hiding --disable-symbol-hiding. While still valid,
+  old option name --enable-hidden-symbols --disable-hidden-symbols will
+  be deprecated in some future release.
+
+- build adjustments: functionally revert commits 4d3fb91f and bbfe1182
+  
+  Undefining CURL_HIDDEN_SYMBOLS in source files isn't the proper fix.
+
+- test servers: build adjustment
+  
+  Undefine CURL_HIDDEN_SYMBOLS libcurl private preprocessor macro that might
+  leak from lib/setup.h into source files where this should not be defined.
+
+- libtests: build adjustment
+  
+  Undefine CURL_HIDDEN_SYMBOLS libcurl private preprocessor macro that might
+  leak from lib/setup.h into source files where this should not be defined.
+
+- curl tool: make setup.h first header included in tool_setup.h again
+
+- curl tool: use configuration files from lib directory - follow-up II
+  
+  lib/config-win32.h no longer copied to src/config-win32.h
+
+- configure: Windows cross-compilation fixes
+  
+  BUILDING_LIBCURL and CURL_STATICLIB are no longer defined in curl_config.h,
+  configure will generate appropriate conditionals so that mentioned symbols
+  get defined and used in Makefiles at compilation time
+
+- curl tool: make curl.h first header included in tool_setup.h
+
+- curl tool: use configuration files from lib directory - follow-up I
+  
+  amigaos.[ch] now integrates nicely with any libcurl build
+
+- curl tool: use configuration files from lib directory
+  
+  Configuration files such as curl_config.h and all config-*.h no longer exist
+  nor are generated/copied into 'src' directory, now these only exist in 'lib'
+  directory from where curl tool sources uses them.
+  
+  Additionally old src/setup.h has been refactored into src/tool_setup.h which
+  now pulls lib/setup.h
+  
+  The possibility of a makefile needing an include path adjustment exists.
+
+Daniel Stenberg (6 Apr 2012)
+- PolarSSL: correct return code for CRL matches
+  
+  When a server certificate matches one in the given CRL file, the code
+  now returns CURLE_SSL_CACERT as test case 313 expects and verifies.
+
+- PolarSSL: include version number in version string
+  
+  Previously it would say PolarSSL only, now it says PolarSSL/1.1.0 in the
+  same style other libs and components do.
+
+- test: added test 1332 that tests --post303
+
+- curl: add --post303 to set the CURL_REDIR_POST_303 option
+
+- [Andrei Cipu brought this change]
+
+  CURLOPT_POSTREDIR: also allow 303 to do POST on the redirected URL
+  
+  As it turns out, some people do want that after all.
+
+- test1331: cookies on a 407 response
+  
+  Verify that cookies are sent back even after a 407 response has been
+  received
+
+- [Dag Ekengren brought this change]
+
+  PolarSSL: add support for asynchronous connect
+
+- [Tim Heckman brought this change]
+
+  Revert "access the CA source file using HTTPS"
+  
+  This reverts commit f7e2ab6.
+  
+  This change caused fetching of the certificates to become unreliable.
+  
+  Bug: http://curl.haxx.se/mail/lib-2012-03/0238.html
+  Reported by: Tim Heckman
+
+- [Andrei Cipu brought this change]
+
+  IPv6 cookie domain: get rid of the first bracket before the second.
+  
+  Commit 97b66ebe was copying a smaller buffer, thus duplicating the last
+  character.
+
+- MAIL-ETIQUETTE: Added "How to unsubscribe"
+  
+  ... as it seems to hard for some people
+
+Yang Tse (4 Apr 2012)
+- ftp.c: ftplistparser related OOM handling fix
+
+- smtp.c: fix compiler warnings
+
+- lib599.c: fix compiler warning
+
+Daniel Stenberg (4 Apr 2012)
+- runtests: yassl and polarssl are not openssl
+  
+  Don't set the "has_openssl" variable if yassl or polarssl is found as
+  they will simply not work as 100% drop-in replacements for some of the
+  stuff the "OpenSSL" feature is used for.
+  
+  I spotted this problem when doing test runs with PolarSSL builds.
+
+- [Lijo Antony brought this change]
+
+  connect.c: return changed to CURLE_COULDNT_CONNECT when opensocket fails
+  
+  Curl_socket returns CURLE_COULDNT_CONNECT when the opensocket callback
+  returns CURL_SOCKET_BAD. Previous return value CURLE_FAILED_INIT
+  conveys incorrect information to the user.
+
+Steve Holme (2 Apr 2012)
+- pop3: Reworked the command sending and handling
+  
+  Reworked the command sending from two specific LIST and RETR command
+  functions into a single command based function as well as the two
+  associated response handlers into a generic command handler.
+
+Daniel Stenberg (1 Apr 2012)
+- [Dave Reisner brought this change]
+
+  curl tool: add filename_effective token for --write-out
+  
+  By modifying the parameter list for ourWriteOut() and passing the
+  OutStruct that collects data in tool_operate, we get access to the
+  remote name that we're writing to. Shell scripters should find this
+  useful when used in conjuntion with the --remote-header-name option.
+
+Steve Holme (1 Apr 2012)
+- smtp.c: Code policing and tidy up
+
+Daniel Stenberg (1 Apr 2012)
+- [Armel Asselin brought this change]
+
+  SSH: public key can now be an empty string
+  
+  If an empty string is passed to CURLOPT_SSH_PUBLIC_KEYFILE, libcurl will
+  pass no public key to libssh2 which then tries to compute it from the
+  private key. This is known to work when libssh2 1.4.0+ is linked against
+  OpenSSL.
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  OpenSSL: Made cert hostname check conform to RFC 6125
+  
+  This change replaces RFC 2818 based hostname check in OpenSSL build with
+  RFC 6125 [1] based one.
+  
+  The hostname check in RFC 2818 is ambiguous and each project implements
+  it in the their own way and they are slightly different. I check curl,
+  gnutls, Firefox and Chrome and they are all different.
+  
+  I don't think there is a bug in current implementation of hostname
+  check. But it is not as strict as the modern browsers do. Currently,
+  curl allows multiple wildcard character '*' and it matches '.'. (as
+  described in the comment in ssluse.c).
+  
+  Firefox implementation is also based on RFC 2818 but it only allows at
+  most one wildcard character and it must be in the left-most label in the
+  pattern and the wildcard must not be followed by any character in the
+  label.[2] Chromium implementation is based on RFC 6125 as my patch does.
+  Firefox and Chromium both require wildcard in the left-most label in the
+  presented identifier.
+  
+  This patch is more strict than the current implementation, so there may
+  be some cases where old curl works but new one does not. But at the same
+  time I think it is good practice to follow the modern browsers do and
+  follow the newer RFC.
+  
+  [1] http://tools.ietf.org/html/rfc6125#section-6.4.3
+  [2] https://bugzilla.mozilla.org/show_bug.cgi?id=159483
+
+- HTTP: reset expected DL/UL sizes on redirects
+  
+  With FOLLOWLOCATION enabled. When a 3xx page is downloaded and the
+  download size was known (like with a Content-Length header), but the
+  subsequent URL (transfered after the 3xx page) was chunked encoded, then
+  the previous "known download size" would linger and cause the progress
+  meter to get incorrect information, ie the former value would remain
+  being sent in. This could easily result in downloads that were WAY
+  larger than "expected" and would cause >100% outputs with the curl
+  command line tool.
+  
+  Test case 599 was created and it was used to repeat the bug and then
+  verify the fix.
+  
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3510057
+  Reported by: Michael Wallner
+
+Steve Holme (31 Mar 2012)
+- [Gökhan Şengün brought this change]
+
+  smtp: Add support for DIGEST-MD5 authentication
+
+- [Gökhan Şengün brought this change]
+
+  smtp: Cody tidy up of md5 digest length
+  
+  Replaced the hard coded md5 digest length (16) with a preprocessor
+  constant
+
+- [Gökhan Şengün brought this change]
+
+  md5: Add support for calculating the md5 sum of buffers incrementally
+  
+  It is now possible to calculate the md5 sum as the stream of buffers
+  becomes known where as previously it was only possible to calculate the
+  md5 sum of a pre-prepared buffer.
+
+Daniel Stenberg (31 Mar 2012)
+- Revert "mk-ca-bundle.pl: use LWP::UserAgent for https"
+  
+  This reverts commit 9f0e1689f169b83b8fbdae23e0024cc57dcbc770.
+  
+  It turned out that "improvement" instead made the fetching of the
+  certificates unreliable
+  
+  Bug: http://curl.haxx.se/mail/lib-2012-03/0238.html
+  Reported by: Tim Heckman
+
+Steve Holme (31 Mar 2012)
+- DOCS: Added information regarding POP3 commands to CURLOPT_CUSTOMREQUEST
+
+- pop3: Added support for additional pop3 commands
+  
+  This feature allows the user to specify and use additional POP3
+  commands such as UIDL and DELE via libcurl's CURLOPT_CUSTOMREQUEST or
+  curl's -X command line option.
+
+Yang Tse (30 Mar 2012)
+- [tetetest tetetest brought this change]
+
+  CMakeLists.txt: fix Windows LDAP/LDAPS option handling
+  
+  bug: http://curl.haxx.se/mail/lib-2012-03/0278.html
+
+- [tetetest tetetest brought this change]
+
+  CMakeLists.txt: fix MS Visual Studio x64 unsigned long long literal suffix
+  
+  bug: http://curl.haxx.se/mail/lib-2012-03/0255.html
+
+Steve Holme (28 Mar 2012)
+- TODO: Corrected POP3 section heading
+
+Yang Tse (28 Mar 2012)
+- curl-functions.m4: update detection logic of getaddrinfo() thread-safeness
+  
+  Take in account that h_errno might be a modifiable lvalue not defined as
+  a C preprocessor macro
+
+Steve Holme (27 Mar 2012)
+- TODO: Added SMTP and POP3 specific features
+
+Yang Tse (27 Mar 2012)
+- [Olaf Flebbe brought this change]
+
+  tool_cb_dbg.c: fix tool_cb_dbg() to behave properly even for size 0
+  
+  curl segfault in debug callback triggered with CURLINFO_HEADER_OUT and size 0
+  
+  bug: http://curl.haxx.se/bug/view.cgi?id=3511794
+
+- test #1405: support HTTP disabled builds
+
+Steve Holme (26 Mar 2012)
+- test #809: Updated error code to match recent pop3 changes
+
+Yang Tse (25 Mar 2012)
+- ssh.c: code cleanup, Curl_safefree() already nullifies pointer
+
+- fix some compiler warnings
+
+Steve Holme (25 Mar 2012)
+- pop3.c: Corrected problem with state() introduced in 01690ed2bce5
+
+- pop.c: Small code tidy up
+
+- pop3: Removed the need for the single message LIST command handler
+  
+  Simplified the code to remove the need for a separate "LIST <msg id>"
+  command handler and state machine and instead use the LIST command
+  handler for both operations.