path: root/plugins/FTPFileYM/curl/CHANGES

                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Version 7.29.0 (6 Feb 2013)

Daniel Stenberg (6 Feb 2013)
- vms: config-vms.h is removed, no use trying to distribute it

- RELEASE-NOTES: mention the SASL buffer overflow

- [Eldar Zaitov brought this change]

  Curl_sasl_create_digest_md5_message: fix buffer overflow
  
  When negotiating SASL DIGEST-MD5 authentication, the function
  Curl_sasl_create_digest_md5_message() uses the data provided from the
  server without doing the proper length checks and that data is then
  appended to a local fixed-size buffer on the stack.
  
  This vulnerability can be exploited by someone who is in control of a
  server that a libcurl based program is accessing with POP3, SMTP or
  IMAP. For applications that accept user provided URLs, it is also
  thinkable that a malicious user would feed an application with a URL to
  a server hosting code targetting this flaw.
  
  Bug: http://curl.haxx.se/docs/adv_20130206.html

Steve Holme (6 Feb 2013)
- FEATURES: Removed erroneous whitespace
  
  Removed whitespace introduced in commit 5f8f20f5e65b that caused
  formatting issues when generating the website docs.

Yang Tse (6 Feb 2013)
- setup-vms.h: post VMS patch cleanup - III
  
  - rename post-config-vms.h to setup-vms.h
  - move its inclusion into proper location in curl_setup.h

- vms_show: post VMS patch cleanup - II
  
  - remove multiple declarations of vms_show and add comments

- tool_main.c: post VMS patch cleanup - I
  
  - remove header inclusion already done in curl_setup_once.h

Steve Holme (6 Feb 2013)
- FEATURES: Added SSPI to list of NTLM libraries

- FEATURES: Added Secure Transport and qssl to list of SSL libraries

- FEATURES: Added email feature set
  
  Added SMTP, SMTPS, POP3, POP3S, IMAP and IMAPS features.

- imap.h: Corrected incorrect comment clarification
  
  Corrected comment clarification made in commit 167717b8069a.

- COPYING: Updated copyright year to include 2013

Daniel Stenberg (5 Feb 2013)
- RELEASE-NOTES: synced with 25f351424b3538
  
  8 more bug fixes mentioned

- [John E. Malmberg brought this change]

  VMS: fix and generate the VMS build config
  
  config_h.com is a new file that generates a config.h file based on the
  curl_config.h.in file and a quick scan of the configure script.  This is
  actually a generic procedure that is shared with other VMS packages.
  
  The existing pre-built config-vms.h had over 100 entries that were not
  correct and in some cases conflicted with the build options available in
  the build_vms.com.
  
  generate_config_vms_h_curl.com is a helper procedure to the
  config_h.com.  It covers the cases that the generic config_h.com is not
  able to figure out, and accepts input from the build_vms.com procedure.
  
  build_curlbuild_h.com is a new file to generate the curlbuild.h file
  that Curl is now using when it is using a curl_config.h file.
  
  post-config-vms.h is a new file that is needed to provide VMS specific
  definitions, and most of them need to be set before the system header
  files are included.
  
  The VMS build procedure is fixed:
  
     1. Fixed to link in the correct HP ssl library.
     2. Fixed to detect if HP Kerberos is installed.
     3. Fixed to detect if HP LDAP is installed.
     4. Fixed to detect if gnv$libzshr is installed.
     5. Simplified the input parameter parsing to not use a loop.
     6. Warn that 64 bit pointer option support is not complete
        in comments.
     7. Default to IEEE floating if platform supports it so
        resulting libcurl will be compatible with other
        open source projects on VMS.
     8. Default to LARGEFILE if platform supports it.
     9. Default to enable SSL, LDAP, Kerberos, libz
        if the libraries are present.
     10. Build with exact case global symbols for libcurl.
     11. Generate linker option file needed.
     12. Compiler list option only commonly needed items.
     13. fulllist option for those who really want it.
     14. Create debug symbol file on Alpha, IA64.

- Curl_proxyCONNECT: return once CONNECT is sent
  
  By doing this unconditionally, we infer a simpler and more defined
  behavior. This also has the upside that test 1021 no longer fails for me
  even if I run with valgrind.
  
  Also fixed some wrong comments.

Steve Holme (5 Feb 2013)
- email: Reworked comments in the endofresp() functions
  
  Tidied up the comments in the endofresp() functions to be more
  meaningful prior to release.

Marc Hoersken (5 Feb 2013)
- schannel: Removed extended error connection setup flag
  
  According KB975858 this flag may cause problems on Windows 7 and
  Windows Server 2008 R2 systems. Extended error information is not
  currently used by libcurl and therefore not a requirement.
  
  The flag may improve the SSL-connection shutdown in case of an
  error. This means it might be a good improvement in the future.
  
  Fixes bug/issue #1187 - thanks for the report

Daniel Stenberg (5 Feb 2013)
- [Tor Arntsen brought this change]

  singleipconnect: Update *sockp for all CURLE_OK
  
  The 56b7c87c7 change left a case where a good sockfd was not copied to
  *sockp before returning with CURLE_OK

- curl_easy_perform: Value stored to 'mcode' is never read
  
  pointed out by clang-analyzer

- singleipconnect: remove dead assignment
  
  pointed out by clang-analyzer

Linus Nielsen Feltzing (5 Feb 2013)
- CURLMOPT_MAXCONNECTS: restore functionality
  
  When a connection is no longer used, it is kept in the cache. If the
  cache is full, the oldest idle connection is closed. If no connection is
  idle, the current one is closed instead.

Steve Holme (5 Feb 2013)
- RELEASE-NOTES: Updated following recent changes to the email protocols
  
  Added recent additions and fixes following the changes to imap, pop3
  and smtp. Additionally added another contributor that helped to test
  the imap sasl changes.

- email: Provided extra comments following recent pop3/imap fixes
  
  Provided additional clarification about the logic of the authenticate()
  functions following commit 6b6bdc83bd36 and b4270a9af1d0.

Daniel Stenberg (5 Feb 2013)
- [Andrei Kurushin brought this change]

  winbuild: include version info for .dll .exe
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1186

- FAQ: clarify 5.13 How do I stop an ongoing transfer
  
  Rich Gray provided good feedback and we now clarify that you can in fact
  stop a multi transfer at any point you like by removing the easy handle.

- [Matt Arsenault brought this change]

  cmake: Fix mingw build

- [Sergei Nikulov brought this change]

  cmake: updated OpenSSL build

Steve Holme (4 Feb 2013)
- pop3.c: Updated variable names to use shorter / more readable variant
  
  Tidied up code from commit 6b6bdc83bdUpdated where a few instances of
  the pop3c struct variable used the longer conndata struct rather than
  matching what other code in pop3_authenticate() used.

Guenter Knauf (4 Feb 2013)
- updated copyright years.

- configure: update the copyright years for the output.

Steve Holme (3 Feb 2013)
- imap: Fixed no known authentication mechanism when fallback is required
  
  Fixed an issue where (lib)curl is compiled without support for a
  supported challenge-response based SASL authentication mechanism, such
  as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
  mechanisms and (lib)curl doesn't fallback to Clear Text authentication.
  
  Note: In order to fallback to Clear Text authentication properly this
  fix adds support for the LOGINDISABLED server capability.
  imap: Fixed no known authentication mechanism when fallback is required
  
  Fixed an issue where (lib)curl is compiled without support for a
  supported challenge-response based SASL authentication mechanism, such
  as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
  mechanisms and (lib)curl doesn't fallback to Clear Text authentication.
  
  Note: In order to fallback to Clear Text authentication properly this
  fix adds support for the LOGINDISABLED server capability.
  
  Related bug: http://curl.haxx.se/mail/lib-2013-02/0004.html
  Reported by: Stanislav Ivochkin

- pop3: Fixed no known authentication mechanism when fallback is required
  
  Fixed an issue where (lib)curl is compiled without support for a
  supported challenge-response based SASL authentication mechanism, such
  as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
  mechanisms and (lib)curl doesn't fallback to APOP or Clear Text
  authentication.
  
  Bug: http://curl.haxx.se/mail/lib-2013-02/0004.html
  Reported by: Stanislav Ivochkin

Daniel Stenberg (1 Feb 2013)
- singleipconnect: simplify and clean up
  
  Remove timeout argument that's never used.
  
  Make the actual connection get detected on a single spot to reduce code
  duplication.
  
  Store the IPv6 state already when the connection is attempted.

- Curl_perfom: removed
  
  Curl_perfom is no longer used anywhere since the always-multi commit
  c43127414d89ccb9, and some related functions were used only from within
  Curl_perfom.

Guenter Knauf (30 Jan 2013)
- Updated date.

Yang Tse (30 Jan 2013)
- zz40-xc-ovr.m4: fix 'wc' detection - follow-up 2
  
  - Fix a pair of single quotes to double quotes.
  
  URL: http://curl.haxx.se/mail/lib-2013-01/0355.html
  Reported by: Tor Arntsen

- zz40-xc-ovr.m4: fix 'wc' detection - follow-up
  
  - Take into account that 'wc' may return leading spaces and/or tabs.
  
  - Set initial IFS to space, tab and newline.

- zz40-xc-ovr.m4: fix 'wc' detection
  
  - Take into account that 'wc' may return leading spaces.
  
  - Set internationalization behavior variables.
  
  Tor Arntsen analyzed and reported the issue.
  
  URL: http://curl.haxx.se/mail/lib-2013-01/0351.html

- zz40-xc-ovr.m4: check another three basic utilities

Guenter Knauf (29 Jan 2013)
- Fixed debug.c to work again unchanged.
  
  Added CURLOPT_FOLLOWLOCATION since example.com is now redirected.

Daniel Stenberg (29 Jan 2013)
- [Nick Zitzmann brought this change]

  darwinssl: Fix bug where packets were sometimes transmitted twice
  
  There was a bug where, if SSLWrite() returned errSSLWouldBlock but did
  succeed in transmitting at least something, then we'd incorrectly
  resend the packet. Now we never take errSSLWouldBlock as a sign that
  nothing was transferred to/from the server.
  
  Bug: http://curl.haxx.se/mail/lib-2013-01/0295.html
  Reported by: Bruno de Carvalho

- [Nick Zitzmann brought this change]

  FAQ: "Darwinssl" is AKA "Secure Transport" and supports NTLM

- RELEASE-NOTES: only list Nick once
  
  Even though he's a fine dude, once is enough for this time!

Yang Tse (28 Jan 2013)
- zz40-xc-ovr.m4: 1.0 interface stabilization
  
  - Stabilization results in 4 public interface m4 macros:
    XC_CONFIGURE_PREAMBLE
    XC_CONFIGURE_PREAMBLE_VER_MAJOR
    XC_CONFIGURE_PREAMBLE_VER_MINOR
    XC_CHECK_PATH_SEPARATOR
  - Avoid one level of internal indirection
  - Update comments
  - Drop XC_OVR_ZZ40 macro

Kamil Dudka (28 Jan 2013)
- docs: fix typos in man pages
  
  Reported by: Jiri Jaburek
  Bug: https://bugzilla.redhat.com/896544

- docs: update the comments about loading CA certs with NSS
  
  Bug: https://bugzilla.redhat.com/696783

Guenter Knauf (28 Jan 2013)
- Updated dependency libs.

- Fixed simple.c to work again unchanged.
  
  Added CURLOPT_FOLLOWLOCATION since example.com is now redirected.

Steve Holme (27 Jan 2013)
- smtp.c: Fixed unnecessary state change if starttls fails
  
  The state machine should only be changed to SMTP_STARTTLS when the
  STARTTLS command has been successfully sent to the server.

- pop3.c: Fixed unnecessary state change if starttls fails
  
  The state machine should only be changed to POP3_STARTTLS when the
  STLS command has been successfully sent to the server.

- imap.c: Fixed unnecessary state change if starttls fails
  
  The state machine should only be changed to IMAP_STARTTLS when the
  STARTTLS command has been successfully sent to the server.

- email: Updated comment regarding ssldone usage
  
  Updated the ssldone comment as multi mode is always used internally now.

Yang Tse (26 Jan 2013)
- zz40-xc-ovr.m4: emit witness message in configure BODY
  
  This avoids witness message in output when running configure --help,
  while sending the message to config.log for other configure runs.

Steve Holme (25 Jan 2013)
- smtp.c: Added comments to smtp_endofresp()
  
  Minor code tidy up to add comments similar to those used in the pop3
  and imap end of resp functions, in order to assist anyone reading the
  code and highlight the similarities between each of these protocols.

Yang Tse (25 Jan 2013)
- zz40-xc-ovr.m4: truly do version conditional overriding
  
  - version conditional overriding
  - catch unexpanded XC macros
  - fix double words in comments

- zz40-xc-ovr.m4: fix variable assignment of subshell output bashism
  
  Tor Arntsen analyzed and reported the issue.
  
  URL: http://curl.haxx.se/mail/lib-2013-01/0306.html

- zz40-xc-ovr.m4: reinstate strict AC_REQUIRE macro dependencies

- zz40-xc-ovr.m4: avoid double single-quote usage

- zz40-xc-ovr.m4: parentheses balancing of 'case' statements
  
  m4 quadrigraph shell comment technique allows proper autoconf
  parentheses balancing in shell 'case' statements. The presence
  of unbalanced parentheses may otherwise trigger expansion bugs.

Steve Holme (24 Jan 2013)
- smtp.c: Corrected RFC references
  
  The most recent version of the SMTP RFC is RFC5321 and not RFC2821 as
  previously documented.
  
  Added RFC1870 and re-ordered list numerically.

- smtp.c: Fixed failure detection during TLS upgrade
  
  smtp_state_upgrade_tls() would attempt to incorrectly complete the
  upgrade to smtps and start the EHLO command if
  Curl_ssl_connect_nonblocking() returned a failure code and if ssldone
  was set to TRUE. This would only happen when a non-blocking API hadn't
  been provided by the SSL implementation and curlssl_connect() was
  called underneath.

- pop3.c: Fixed failure detection during TLS upgrade
  
  pop3_state_upgrade_tls() would attempt to incorrectly complete the
  upgrade to pop3s and start the CAPA command if
  Curl_ssl_connect_nonblocking() returned a failure code and if ssldone
  was set to TRUE. This would only happen when a non-blocking API hadn't
  been provided by the SSL implementation and curlssl_connect() was
  called underneath.

- imap.c: Fixed failure detection during TLS upgrade
  
  imap_state_upgrade_tls() would attempt to incorrectly complete the
  upgrade to imaps and start the CAPABILITY command if
  Curl_ssl_connect_nonblocking() returned a failure code and if ssldone
  was set to TRUE. This would only happen when a non-blocking API hadn't
  been provided by the SSL implementation and curlssl_connect() was
  called underneath.

Yang Tse (24 Jan 2013)
- zz40-xc-ovr.m4: internals overhauling
  
  - Update comments
  - Execute commands in subshells
  - Faster path separator check
  - Fix missing 'test' command
  - Rename private macros
  - Minimize AC_REQUIRE usage

Steve Holme (23 Jan 2013)
- email: Removed unnecessary return statements
  
  Small tidy up to remove unnecessary return statements prior to the next
  fix.

Yang Tse (23 Jan 2013)
- zz40-xc-ovr.m4: redirect errors and warnings to stderr

- zz40-xc-ovr.m4: AC_REQUIRE also XC_CONFIGURE_PREAMBLE success message

- zz60-xc-ovr.m4: tighten XC_OVR_ZZ60 macro placement requirements

- configure: use XC_CONFIGURE_PREAMBLE early checks
  
  Some basic checks we make were placed early enough in generated
  configure script when using autoconf 2.5X versions. Newer autoconf
  versions expand these checks much further into the configure script,
  rendering them useless. Using XC_CONFIGURE_PREAMBLE fixes placement
  of early intended checks across all our autoconf supported versions.

- zz40-xc-ovr.m4: provide XC_CONFIGURE_PREAMBLE macro

Daniel Stenberg (23 Jan 2013)
- FAQ: update the SSL lib list and wording in question 2.2

Steve Holme (22 Jan 2013)
- curl_sasl.c: Corrected references to RFC
  
  The most recent version of the RFC is RFC4422 and not RFC2222 as
  previously documented.

- email: Corrected references to SASL RFC
  
  The most recent version of the SASL RFC is RFC4422 and not RFC2222 as
  previously documented.

Daniel Stenberg (22 Jan 2013)
- [Ulion brought this change]

  formpost: support quotes, commas and semicolon in file names
  
  - document the double-quote and backslash need be escaped if quoting.
  - libcurl formdata escape double-quote in filename by backslash.
  - curl formparse can parse filename both contains '"' and ',' or ';'.
  - curl now can uploading file with ',' or ';' in filename.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1171

- memanalyze.pl: handle fopen() of file names with quotes

Yang Tse (21 Jan 2013)
- xc-cc-check.m4: re-evaluate exporting and AC_SUBST'ing vars
  
  Notes:
  
  When running a configure script that has nested packages (for example
  libcurl's configure with --enable-ares and c-ares sources embedded in
  curl tree) and AC_CONFIG_SUBDIRS([nested-subdir]) machinery is used to
  automatically run the nested configure script from within the parent
  configure script, it happens that the nested _shell_ script will
  inherit shell variables exported from the parent _shell_ script.
  
  If for example parent configure script sets and exports LDFLAGS and LIBS
  variables with proper values in order to link either a parent library or
  program with a library which will be configured and built by a nested
  package; It will happen that when the nested configure script runs, the
  nested library does not exist yet and _any_ link-test done in the nested
  configure will fail, such as those that autoconf macros perform in order
  to detect existing compiler and its characteristics, the result is that
  the nested configure script will fail with errors such as:
  
  configure: error: C compiler cannot create executables
  
  For now, we no longer export variables previously exported here.
  
  On the other hand, AC_SUBST'ing them is appropriate and even with nested
  packages each package's config.status gets its own package values.
  
  So we reinstate AC_SUBST'ing previously AC_SUBST'ed variables.

Daniel Stenberg (21 Jan 2013)
- FAQ: 3.22 curl -X gives me HTTP problems

Yang Tse (21 Jan 2013)
- xc-cc-check.m4: avoid recursive package automake'ing breakage

- xc-cc-check.m4: mark earlier variables that are to be exported

- configure: autotools compatibility fixes - step I
  
  Fix proper macro expansion order across autotools versions for
  C compiler and preprocessor program checks.

Steve Holme (20 Jan 2013)
- pop3.c: Fixed conditional compilation of the apop response function
  
  Extended the fix from commit 8b15c84ea91e to additionally exclude
  pop3_state_apop_resp() if the CURL_DISABLE_CRYPTO_AUTH flag is
  defined.

Yang Tse (20 Jan 2013)
- Makefile.inc: fix $(top_srcdir) not allowed in _SOURCES variables

Daniel Stenberg (19 Jan 2013)
- formadd: reject trying to read a directory where a file is expected
  
  Bug: http://curl.haxx.se/mail/archive-2013-01/0017.html
  Reported by: Ulrich Doehner

- curl_easy_send.3: document return codes
  
  Reported by: Craig Davison
  Bug: http://curl.haxx.se/mail/lib-2013-01/0234.html

- curl_easy_recv.3: document return codes
  
  Reported by: Craig Davison
  Bug: http://curl.haxx.se/mail/lib-2013-01/0234.html

Steve Holme (19 Jan 2013)
- email: General code tidy up
  
  Corrected some function argument definitions to maximize the 80
  character line length limit and be in keeping with the curl
  coding style.

- pop3.c: Fixed a problem with pop3s connections not connecting properly
  
  Fixed an issue where Curl_ssl_connect_nonblocking() wouldn't complete
  correctly and the ssldone flag wouldn't be set to true for pop3s based
  connections.
  
  Bug introduced in commit: 4ffb8a6398ed.

Daniel Stenberg (18 Jan 2013)
- RELEASE-NOTES: add references to several bugfixes+changes

Steve Holme (18 Jan 2013)
- RELEASE-NOTES: Added missing imap fix
  
  Added missing imap fix as per commit 709b3506cd9b.

Yang Tse (18 Jan 2013)
- runtests.pl: make VPATH builds find valgrind.supp

Daniel Stenberg (18 Jan 2013)
- RELEASE-NOTES: synced with c43127414d89

- always-multi: always use non-blocking internals
  
  Remove internal separated behavior of the easy vs multi intercace.
  curl_easy_perform() is now using the multi interface itself.
  
  Several minor multi interface quirks and bugs have been fixed in the
  process.
  
  Much help with debugging this has been provided by: Yang Tse

Yang Tse (17 Jan 2013)
- url.c: fix HTTP CONNECT tunnel establishment upon delayed response
  
  Fixes initial proxy response being processed by the tunneled protocol
  handler instead of the HTTP wrapper handler. This issue would trigger
  upon delayed CONNECT response from the proxy.
  
  Additionally fixes a multi interface code-path in which connections
  would not time out properly.
  
  This does not fix known bug #39.
  
  URL: http://curl.haxx.se/mail/lib-2013-01/0191.html

Daniel Stenberg (16 Jan 2013)
- [Yves Arrouye brought this change]

  --libcurl: fix for non-zero default options
  
  If the default value for an option taking a long as its value is non
  zero, and it is set by zero by a command line option, then that command
  line option is not reflected in --libcurl's output. This is because line
  520-521 of tool_setopt.c look like:
  
  if(!lval)
      skip = TRUE;
  
  An example of a command-line option doing so is the -k option that sets
  CURLOPT_SLL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST to 0L, when the
  defaults are non-zero.

- FTP: reject illegal port numbers in EPSV 229 responses

Yang Tse (15 Jan 2013)
- commit bc682cbd follow-up

- build: use per-target '_CPPFLAGS' for those currently using default
  
  Automake documents that doing this will make it choose a different name
  for intermediate object files even when sharing source files across
  targets of same Makefile.am.
  
  Up to automake 1.13.1 target's intermediate object files were placed
  in the build subdirectory of the target. We depended on this, probably
  undocumented behavior, to achieve same behavior as if a per-target flag
  had been specified when building targets that actually belong to
  different Makefile.am files.
  
  It seems automake 1.13.2 is going to break behavior mentioned above.
  
  So, lets use a documented behavior in order to achieve same purpose,
  across automake versions, no matter where automake wishes to place
  intermediate object files.
  
  Our build targets that already were using a per-target '_CFLAGS' or
  '_CPPFLAGS' need no 'fixing', these were already 'fixed'. The only
  Makefile.am or Makefile.in files in libcurl's source tree touched by
  this 'fix' are tests/libtest/Makefile.inc and tests/unit/Makefile.inc.

- tests/libtest/Makefile.inc: sort build targets

- tests/Makefile.am: remove wildcard usage in EXTRA_DIST

Kamil Dudka (15 Jan 2013)
- nss: fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
  
  Do not use the error messages from NSS for errors not occurring in NSS.

Steve Holme (14 Jan 2013)
- TODO: Updated following IMAP SASL additions

Yang Tse (14 Jan 2013)
- configure: fix automake 1.13 compatibility
  
  Tested with:
  
  buildconf: autoconf version 2.69
  buildconf: autom4te version 2.69
  buildconf: autoheader version 2.69
  buildconf: automake version 1.13.1
  buildconf: aclocal version 1.13.1
  buildconf: libtool version 2.4
  buildconf: GNU m4 version 1.4.16

Daniel Stenberg (13 Jan 2013)
- BUGS: update bug tracker URL
  
  ... and refresh number of lines of code

- Curl_resolver_getsock: fix the function description comment
  
  It referred to it by the wrong name and said it returned the wrong value.
  
  Reported by: Gisle Vanem

Kamil Dudka (11 Jan 2013)
- nss: clear session cache if a client cert from file is used
  
  This commit fixes a regression introduced in 052a08ff.
  
  NSS caches certs/keys returned by the SSL_GetClientAuthDataHook callback
  and if we connect second time to the same server, the cached cert/key
  pair is used.  If we use multiple client certificates for different
  paths on the same server, we need to clear the session cache to force
  NSS to call the hook again.  The commit 052a08ff prevented the session
  cache from being cleared if a client certificate from file was used.
  
  The condition is now fixed to cover both cases: consssl->client_nickname
  is not NULL if a client certificate from the NSS database is used and
  connssl->obj_clicert is not NULL if a client certificate from file is
  used.
  
  Review by: Kai Engert

Yang Tse (11 Jan 2013)
- sockfilt.c: log file descriptor number on read/write error

- [Gisle Vanem brought this change]

  packages/DOS/common.dj: remove COFF debug info generation
  
  gcc on DOS hasn't really supported COFF-debug (-gcoff) on djgpp for a
  long time.
  
  "Sounds like the COFF debug info generation has bit-rotted in GCC.
   Nothing new here, no other platform uses COFF AFAIK."
  
  So lets drop it too.
  
  URL: http://curl.haxx.se/mail/lib-2013-01/0130.html

- curl: ignore SIGPIPE - compilation fix - follow-up

- test servers: handle W32/W64 SIGBREAK with exit_signal_handler

- test servers: fix errno, ERRNO and SOCKERRNO usage for W32/W64

- sockfilt.c: fix some W64 compiler warnings

Daniel Stenberg (9 Jan 2013)
- [Nick Zitzmann brought this change]

  docs: the --with-darwinssl option is available on Apple OSes

Yang Tse (9 Jan 2013)
- curl: ignore SIGPIPE - compilation fix

- build: fix circular header inclusion with other packages
  
  This commit renames lib/setup.h to lib/curl_setup.h and
  renames lib/setup_once.h to lib/curl_setup_once.h.
  
  Removes the need and usage of a header inclusion guard foreign
  to libcurl. [1]
  
  Removes the need and presence of an alarming notice we carried
  in old setup_once.h [2]
  
  ----------------------------------------
  
  1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard
      up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H,
      this single inclusion guard is enough to ensure that inclusion of
      lib/setup_once.h done from lib/setup.h is only done once.
  
      Additionally lib/setup.h has always used __SETUP_ONCE_H macro to
      protect inclusion of setup_once.h even after commit ec691ca3, this
      was to avoid a circular header inclusion triggered when building a
      c-ares enabled version with c-ares sources available which also has
      a setup_once.h header. Commit ec691ca3 exposes the real nature of
      __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard
      foreign to libcurl belonging to c-ares's setup_once.h
  
      The renaming this commit does, fixes the circular header inclusion,
      and as such removes the need and usage of a header inclusion guard
      foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl.
  
  2 - Due to the circular interdependency of old lib/setup_once.h and the
      c-ares setup_once.h header, old file lib/setup_once.h has carried
      back from 2006 up to now days an alarming and prominent notice about
      the need of keeping libcurl's and c-ares's setup_once.h in sync.
  
      Given that this commit fixes the circular interdependency, the need
      and presence of mentioned notice is removed.
  
      All mentioned interdependencies come back from now old days when
      the c-ares project lived inside a curl subdirectory. This commit
      removes last traces of such fact.

Daniel Stenberg (8 Jan 2013)
- curl: ignore SIGPIPE
  
  This is a work-around for bug #1180 which is really libcurl's inability
  to ignore SIGPIPE in a few cases. With this work-around at least curl
  won't suffer from it!
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1180
  Reported by: Lluís Batlle i Rossell

Yang Tse (8 Jan 2013)
- sockfilt.c: fix some compiler warnings

Daniel Stenberg (8 Jan 2013)
- Revert "configure: update req to 2.59"
  
  This reverts commit 7a6d8b1b1a8fcc184c36d6b6e741e32250b4bacb.
  
  URL: http://curl.haxx.se/mail/lib-2013-01/0103.html

Steve Holme (8 Jan 2013)
- pop3: Added support for non-blocking SSL upgrade
  
  Added support for asynchronous SSL upgrade when using the
  multi-interface.

Daniel Stenberg (8 Jan 2013)
- configure: update req to 2.59
  
  I ran the 2.59 version of autoupdate that updates obsoleted configure.ac
  constructs to the 2.59 standard. With a little hands-on fiddling I
  prevented it from ruining the quoting in AS_HELP_STRING() uses.
  
  I subsequently also bumped the required autoconf version to 2.59
  (released in December 2003) as I don't have an older autoconf version
  around to test with and I can't be bothered to install one either...
  
  Inspired by: Björn Stenberg
  Related blog post: http://cazfi.livejournal.com/195108.html

Steve Holme (7 Jan 2013)
- imap.c: Small tidy up to add missing comment

- imap: Added support for sasl digest-md5 authentication

- imap: Added support for sasl cram-md5 authentication

Marc Hoersken (7 Jan 2013)
- tests/server/sockfilt.c: Fixed integer comparison warning

- tests/server/sockfilt.c: Include required Win32 headers

Steve Holme (7 Jan 2013)
- imap: Added support for sasl ntlm authentication

- imap: Added support for sasl login authentication

- pop3.c: Fixed default authentication detection
  
  Fixed an issue where a server may positively respond to the CAPA command
  but not list clear text as a valid authentication type.

- curl_sasl.c: Small code tidy up following imap changes

- smtp.c: Small code tidy up following imap changes

- pop3.c: Small code tidy up following imap changes

- imap: Added support for sasl plain text authentication

Marc Hoersken (6 Jan 2013)
- tests/server/sockfilt.c: Fixed support for listening sockets
  
  This commit fixes support for sockets that are ready to accept
  a new connection and have previously been put into listening mode.
  
  It also includes changes which are the result of investigation
  regarding Windows STDIN. These changes are the preparation for further
  improvements regarding support for reading data from STDIN on Windows.
  
  Open issue: WaitForMultipleObjectsEx does not support PIPE handles
  which are returned by GetStdHandle while running without a GUI.

- tests/server/sockfilt.c: Set Windows Console to binary mode

- tests/server/sockfilt.c: Improved log error messages
  
  Include error code and parameters in error messages.

Steve Holme (6 Jan 2013)
- imap: Introduced the continue response in imap_endofresp()

- imap: Added support for SASL based authentication mechanism detection
  
  Added support for detecting the supported SASL authentication mechanisms
  via the CAPABILITY command.

Yang Tse (6 Jan 2013)
- Revert changes relative to lib/*.[ch] recent renaming
  
  This reverts renaming and usage of lib/*.h header files done
  28-12-2012, reverting 2 commits:
  
    f871de0... build: make use of 76 lib/*.h renamed files
    ffd8e12... build: rename 76 lib/*.h files
  
  This also reverts removal of redundant include guard (redundant thanks
  to changes in above commits) done 2-12-2013, reverting 1 commit:
  
    c087374... curl_setup.h: remove redundant include guard
  
  This also reverts renaming and usage of lib/*.c source files done
  3-12-2013, reverting 3 commits:
  
    13606bb... build: make use of 93 lib/*.c renamed files
    5b6e792... build: rename 93 lib/*.c files
    7d83dff... build: commit 13606bbfde follow-up 1
  
  Start of related discussion thread:
  
    http://curl.haxx.se/mail/lib-2013-01/0012.html
  
  Asking for confirmation on pushing this revertion commit:
  
    http://curl.haxx.se/mail/lib-2013-01/0048.html
  
  Confirmation summary:
  
    http://curl.haxx.se/mail/lib-2013-01/0079.html
  
  NOTICE: The list of 2 files that have been modified by other
  intermixed commits, while renamed, and also by at least one
  of the 6 commits this one reverts follows below. These 2 files
  will exhibit a hole in history unless git's '--follow' option
  is used when viewing logs.
  
    lib/curl_imap.h
    lib/curl_smtp.h

Daniel Stenberg (6 Jan 2013)
- mk-ca-bundle.1: convert syntax to what's used elsewhere
  
  ... mostly to make sure roffit works better on it, but also to make our
  man pages use a more unified style.

- mk-ca-bundle.1: mention new -f, fix outputfile output
  
  also edited a few sentences to become more verbose

- mk-ca-bundle: add -f, support passing to stdout and more
  
  1. When the downloaded data file from Mozilla is current, but the output
  bundle does not exist: continue processing to create the bundle.  The
  goal is to have the output file - not just download the latest input.
  
  2. added -f option to force re-processing the file.  Useful for
  debugging/testing the process.
  
  3. added support for output to '-' (stdout), allowing the output to be
  piped.
  
  4. All progress and error messages go to STDERR rather than STDOUT (3)
  
  5. The script opened and closed the output file many times
  unnecessarily.  It now opens it once, does the output and closes it.
  
  6. Backup of the input files happens after successful processing, not
  before.
  
  7. The output is written to a temporary file, and renamed to the
  requested name after backup - this greatly reduces the window where the
  file can be seen partially written.
  
  8. all die calls have a \n at the end to suppress perl's traceback - the
  traceback isn't useful to end users.
  
  Patch: http://curl.haxx.se/mail/lib-2013-01/0045.html

Yang Tse (5 Jan 2013)
- imap test server: fix typo in name of SELECT_imap() sub definition
  
  IMAP test server breaking typo introduced with commit b708a522a1

Steve Holme (4 Jan 2013)
- imap test server: Added support for the CAPABILITY command
  
  Added support for the CAPABILITY command in preparation of upcoming
  changes.

Daniel Stenberg (3 Jan 2013)
- writeout: -w now supports remote_ip/port and local_ip/port
  
  Added mention to the curl.1 man page.
  
  Test case 1223 verifies remote_ip/port.

Yang Tse (3 Jan 2013)
- test 1222: 8 chars object name generation  &&  test 1221: adjustments

Daniel Stenberg (3 Jan 2013)
- INTERNALS: remove "footnote" never used

Yang Tse (3 Jan 2013)
- build: commit 13606bbfde follow-up 1

Daniel Stenberg (3 Jan 2013)
- FAQ: Can I write a server with libcurl?

Yang Tse (3 Jan 2013)
- build: rename 93 lib/*.c files
  
  93 lib/*.c source files renamed to use our standard naming scheme.
  
  This commit only does the file renaming.
  
  ----------------------------------------
  
    renamed:    lib/amigaos.c -> lib/curl_amigaos.c
    renamed:    lib/asyn-ares.c -> lib/curl_asyn_ares.c
    renamed:    lib/asyn-thread.c -> lib/curl_asyn_thread.c
    renamed:    lib/axtls.c -> lib/curl_axtls.c
    renamed:    lib/base64.c -> lib/curl_base64.c
    renamed:    lib/bundles.c -> lib/curl_bundles.c
    renamed:    lib/conncache.c -> lib/curl_conncache.c
    renamed:    lib/connect.c -> lib/curl_connect.c
    renamed:    lib/content_encoding.c -> lib/curl_content_encoding.c
    renamed:    lib/cookie.c -> lib/curl_cookie.c
    renamed:    lib/cyassl.c -> lib/curl_cyassl.c
    renamed:    lib/dict.c -> lib/curl_dict.c
    renamed:    lib/easy.c -> lib/curl_easy.c
    renamed:    lib/escape.c -> lib/curl_escape.c
    renamed:    lib/file.c -> lib/curl_file.c
    renamed:    lib/fileinfo.c -> lib/curl_fileinfo.c
    renamed:    lib/formdata.c -> lib/curl_formdata.c
    renamed:    lib/ftp.c -> lib/curl_ftp.c
    renamed:    lib/ftplistparser.c -> lib/curl_ftplistparser.c
    renamed:    lib/getenv.c -> lib/curl_getenv.c
    renamed:    lib/getinfo.c -> lib/curl_getinfo.c
    renamed:    lib/gopher.c -> lib/curl_gopher.c
    renamed:    lib/gtls.c -> lib/curl_gtls.c
    renamed:    lib/hash.c -> lib/curl_hash.c
    renamed:    lib/hmac.c -> lib/curl_hmac.c
    renamed:    lib/hostasyn.c -> lib/curl_hostasyn.c
    renamed:    lib/hostcheck.c -> lib/curl_hostcheck.c
    renamed:    lib/hostip.c -> lib/curl_hostip.c
    renamed:    lib/hostip4.c -> lib/curl_hostip4.c
    renamed:    lib/hostip6.c -> lib/curl_hostip6.c
    renamed:    lib/hostsyn.c -> lib/curl_hostsyn.c
    renamed:    lib/http.c -> lib/curl_http.c
    renamed:    lib/http_chunks.c -> lib/curl_http_chunks.c
    renamed:    lib/http_digest.c -> lib/curl_http_digest.c
    renamed:    lib/http_negotiate.c -> lib/curl_http_negotiate.c
    renamed:    lib/http_negotiate_sspi.c -> lib/curl_http_negotiate_sspi.c
    renamed:    lib/http_proxy.c -> lib/curl_http_proxy.c
    renamed:    lib/idn_win32.c -> lib/curl_idn_win32.c
    renamed:    lib/if2ip.c -> lib/curl_if2ip.c
    renamed:    lib/imap.c -> lib/curl_imap.c
    renamed:    lib/inet_ntop.c -> lib/curl_inet_ntop.c
    renamed:    lib/inet_pton.c -> lib/curl_inet_pton.c
    renamed:    lib/krb4.c -> lib/curl_krb4.c
    renamed:    lib/krb5.c -> lib/curl_krb5.c
    renamed:    lib/ldap.c -> lib/curl_ldap.c
    renamed:    lib/llist.c -> lib/curl_llist.c
    renamed:    lib/md4.c -> lib/curl_md4.c
    renamed:    lib/md5.c -> lib/curl_md5.c
    renamed:    lib/memdebug.c -> lib/curl_memdebug.c
    renamed:    lib/mprintf.c -> lib/curl_mprintf.c
    renamed:    lib/multi.c -> lib/curl_multi.c
    renamed:    lib/netrc.c -> lib/curl_netrc.c
    renamed:    lib/non-ascii.c -> lib/curl_non_ascii.c
    renamed:    lib/curl_non-ascii.h -> lib/curl_non_ascii.h
    renamed:    lib/nonblock.c -> lib/curl_nonblock.c
    renamed:    lib/nss.c -> lib/curl_nss.c
    renamed:    lib/nwlib.c -> lib/curl_nwlib.c
    renamed:    lib/nwos.c -> lib/curl_nwos.c
    renamed:    lib/openldap.c -> lib/curl_openldap.c
    renamed:    lib/parsedate.c -> lib/curl_parsedate.c
    renamed:    lib/pingpong.c -> lib/curl_pingpong.c
    renamed:    lib/polarssl.c -> lib/curl_polarssl.c
    renamed:    lib/pop3.c -> lib/curl_pop3.c
    renamed:    lib/progress.c -> lib/curl_progress.c
    renamed:    lib/qssl.c -> lib/curl_qssl.c
    renamed:    lib/rawstr.c -> lib/curl_rawstr.c
    renamed:    lib/rtsp.c -> lib/curl_rtsp.c
    renamed:    lib/security.c -> lib/curl_security.c
    renamed:    lib/select.c -> lib/curl_select.c
    renamed:    lib/sendf.c -> lib/curl_sendf.c
    renamed:    lib/share.c -> lib/curl_share.c
    renamed:    lib/slist.c -> lib/curl_slist.c
    renamed:    lib/smtp.c -> lib/curl_smtp.c
    renamed:    lib/socks.c -> lib/curl_socks.c
    renamed:    lib/socks_gssapi.c -> lib/curl_socks_gssapi.c
    renamed:    lib/socks_sspi.c -> lib/curl_socks_sspi.c
    renamed:    lib/speedcheck.c -> lib/curl_speedcheck.c
    renamed:    lib/splay.c -> lib/curl_splay.c
    renamed:    lib/ssh.c -> lib/curl_ssh.c
    renamed:    lib/sslgen.c -> lib/curl_sslgen.c
    renamed:    lib/ssluse.c -> lib/curl_ssluse.c
    renamed:    lib/strdup.c -> lib/curl_strdup.c
    renamed:    lib/strequal.c -> lib/curl_strequal.c
    renamed:    lib/strerror.c -> lib/curl_strerror.c
    renamed:    lib/strtok.c -> lib/curl_strtok.c
    renamed:    lib/strtoofft.c -> lib/curl_strtoofft.c
    renamed:    lib/telnet.c -> lib/curl_telnet.c
    renamed:    lib/tftp.c -> lib/curl_tftp.c
    renamed:    lib/timeval.c -> lib/curl_timeval.c
    renamed:    lib/transfer.c -> lib/curl_transfer.c
    renamed:    lib/url.c -> lib/curl_url.c
    renamed:    lib/version.c -> lib/curl_version.c
    renamed:    lib/warnless.c -> lib/curl_warnless.c
    renamed:    lib/wildcard.c -> lib/curl_wildcard.c
  
  ----------------------------------------

- build: make use of 93 lib/*.c renamed files
  
  93 *.c source files renamed to use our standard naming scheme.
  
  This change affects 77 files in libcurl's source tree.

Daniel Stenberg (3 Jan 2013)
- INSTALL: unify the SSL library texts
  
  Make them smaller and more similar for each separate SSL library
  supported by the configure build

Yang Tse (2 Jan 2013)
- curl_setup.h: remove redundant include guard

- build and tests: curl_10char_object_name() shell function
  
  lib/objnames.inc provides definition of curl_10char_object_name() shell
  function. The intended purpose of this function is to transliterate a
  (*.c) source file name that may be longer than 10 characters, or not,
  into a string with at most 10 characters which may be used as an OS/400
  object name.
  
  Test case 1221 does unit testng of this function and also verifies
  that it is possible to generate distinct short object names for all
  curl and libcurl *.c source file names.
  
  lib/objnames-test.sh is the shell script used for test case 1221.
  
  tests/runtests.pl modified to accept shell script test cases.
  
  More details inside lib/objnames.inc and lib/objnames-test.sh

- configure.ac: replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS
  
  automake 1.13 errors if AM_CONFIG_HEADER is used in configure script.
  automake 1.13 no longer autoupdates AM_CONFIG_HEADER to
  AC_CONFIG_HEADERS, thing which automake has been doing since automake
  version 1.7
  
  Given that our first automake supported version is automake 1.7,
  simply replacing AM_CONFIG_HEADER usage with AC_CONFIG_HEADERS seems
  enough to yet support same automake versions.
  
  Dave Reisner reported issue with 1.13 and provided patch.
  
  http://curl.haxx.se/mail/lib-2012-12/0246.html

- curl-override.m4: provide AC_CONFIG_MACRO_DIR definition conditionally
  
  Provide a 'traceable' AC_CONFIG_MACRO_DIR definition only when using
  an autoconf version that does not provide it, instead of what we were
  doing up to now of providing and overriding AC_CONFIG_MACRO_DIR for
  all autoconf versions.

Steve Holme (30 Dec 2012)
- imap.c: Minor follow up tidy up

- imap: Code tidy up prior to adding support for the CAPABILITY command
  
  * Changing the order of the state machine to represent the order in
    which commands are sent to the server.
  
  * Reworking the imap_endofresp() function as the FETCH response doesn't
    include the command id and shouldn't be part of the length comparison
    that takes into account the id string.

- pop3_doing: Applied debug info message when function fails
  
  Applied the same debug message as used in smtp_doing() and imap_doing()
  when pop3_multi_statemach() fails.

- imap_doing: don't call imap_dophase_done() if already failed
  
  Applied the POP3 fix from commit 2897ce7dc2e1 so imap_dophase_done()
  isn't called if imap_multi_statemach() fails.

- smtp_doing: don't call smtp_dophase_done() if already failed
  
  Applied the POP3 fix from commit 2897ce7dc2e1 so smtp_dophase_done()
  isn't called if smtp_multi_statemach() fails.

Yang Tse (29 Dec 2012)
- examples/certinfo.c: fix compiler warning

Steve Holme (29 Dec 2012)
- pop3.c: Removed unnecessary POP3_STOP state changes
  
  Removed unnecessary state changes in pop3_state_starttls_resp()
  following previous fix in IMAP module.

- smtp.c: Added extra comments around SMTP_STOP state change
  
  Provided extra comments in the SMTP module following previous IMAP fix.

- imap.c: Fixed bad state error when logging in with invalid credentials
  
  Fixed a problem with the state machine when attempting to log in with
  invalid credentials. The server would report login failure but libcurl
  would not read the response due to inappropriate IMAP_STOP states being
  set after the login was sent.

Yang Tse (29 Dec 2012)
- imap.c: remove trailing whitespace

Steve Holme (28 Dec 2012)
- imap.c: Code tidy up - Part 2

- imap.c: Code tidy up - Part 1
  
  Applied some of the comment and layout changes that had already been
  applied to the pop3 and smtp code over the last 6 to 9 months.
  
  This is in preparation of adding SASL based authentication.

- pop3.c: Minor code tidy up
  
  Minor tidy up of comments and layout prior to next part of imap work.

- smtp: Minor code tidy up
  
  Minor tidy up of comments and layout prior to next part of imap work.

- curl_imap.h: Tidy up of comments to be more readable

- imap.c: Code tidy up renaming imapsendf() to imap_sendf()
  
  Renamed imapsendf() to imap_sendf() to be more in keeping with the
  other imap functions as well as Curl_pp_sendf() that it replaces.

Yang Tse (28 Dec 2012)
- build: rename 76 lib/*.h files
  
  76 private header files renamed to use our standard naming scheme.
  
  This commit only does the file renaming.
  
  ----------------------------------------
  
    renamed:    amigaos.h -> curl_amigaos.h
    renamed:    arpa_telnet.h -> curl_arpa_telnet.h
    renamed:    asyn.h -> curl_asyn.h
    renamed:    axtls.h -> curl_axtls.h
    renamed:    bundles.h -> curl_bundles.h
    renamed:    conncache.h -> curl_conncache.h
    renamed:    connect.h -> curl_connect.h
    renamed:    content_encoding.h -> curl_content_encoding.h
    renamed:    cookie.h -> curl_cookie.h
    renamed:    cyassl.h -> curl_cyassl.h
    renamed:    dict.h -> curl_dict.h
    renamed:    easyif.h -> curl_easyif.h
    renamed:    escape.h -> curl_escape.h
    renamed:    file.h -> curl_file.h
    renamed:    fileinfo.h -> curl_fileinfo.h
    renamed:    formdata.h -> curl_formdata.h
    renamed:    ftp.h -> curl_ftp.h
    renamed:    ftplistparser.h -> curl_ftplistparser.h
    renamed:    getinfo.h -> curl_getinfo.h
    renamed:    gopher.h -> curl_gopher.h
    renamed:    gtls.h -> curl_gtls.h
    renamed:    hash.h -> curl_hash.h
    renamed:    hostcheck.h -> curl_hostcheck.h
    renamed:    hostip.h -> curl_hostip.h
    renamed:    http.h -> curl_http.h
    renamed:    http_chunks.h -> curl_http_chunks.h
    renamed:    http_digest.h -> curl_http_digest.h
    renamed:    http_negotiate.h -> curl_http_negotiate.h
    renamed:    http_proxy.h -> curl_http_proxy.h
    renamed:    if2ip.h -> curl_if2ip.h
    renamed:    imap.h -> curl_imap.h
    renamed:    inet_ntop.h -> curl_inet_ntop.h
    renamed:    inet_pton.h -> curl_inet_pton.h
    renamed:    krb4.h -> curl_krb4.h
    renamed:    llist.h -> curl_llist.h
    renamed:    memdebug.h -> curl_memdebug.h
    renamed:    multiif.h -> curl_multiif.h
    renamed:    netrc.h -> curl_netrc.h
    renamed:    non-ascii.h -> curl_non-ascii.h
    renamed:    nonblock.h -> curl_nonblock.h
    renamed:    nssg.h -> curl_nssg.h
    renamed:    parsedate.h -> curl_parsedate.h
    renamed:    pingpong.h -> curl_pingpong.h
    renamed:    polarssl.h -> curl_polarssl.h
    renamed:    pop3.h -> curl_pop3.h
    renamed:    progress.h -> curl_progress.h
    renamed:    qssl.h -> curl_qssl.h
    renamed:    rawstr.h -> curl_rawstr.h
    renamed:    rtsp.h -> curl_rtsp.h
    renamed:    select.h -> curl_select.h
    renamed:    sendf.h -> curl_sendf.h
    renamed:    setup.h -> curl_setup.h
    renamed:    setup_once.h -> curl_setup_once.h
    renamed:    share.h -> curl_share.h
    renamed:    slist.h -> curl_slist.h
    renamed:    smtp.h -> curl_smtp.h
    renamed:    sockaddr.h -> curl_sockaddr.h
    renamed:    socks.h -> curl_socks.h
    renamed:    speedcheck.h -> curl_speedcheck.h
    renamed:    splay.h -> curl_splay.h
    renamed:    ssh.h -> curl_ssh.h
    renamed:    sslgen.h -> curl_sslgen.h
    renamed:    ssluse.h -> curl_ssluse.h
    renamed:    strdup.h -> curl_strdup.h
    renamed:    strequal.h -> curl_strequal.h
    renamed:    strerror.h -> curl_strerror.h
    renamed:    strtok.h -> curl_strtok.h
    renamed:    strtoofft.h -> curl_strtoofft.h
    renamed:    telnet.h -> curl_telnet.h
    renamed:    tftp.h -> curl_tftp.h
    renamed:    timeval.h -> curl_timeval.h
    renamed:    transfer.h -> curl_transfer.h
    renamed:    url.h -> curl_url.h
    renamed:    urldata.h -> curl_urldata.h
    renamed:    warnless.h -> curl_warnless.h
    renamed:    wildcard.h -> curl_wildcard.h
  
  ----------------------------------------

- build: make use of 76 lib/*.h renamed files
  
  76 private header files renamed to use our standard naming scheme.
  
  This change affects 322 files in libcurl's source tree.

- lib/*.h: use our standard naming scheme for header inclusion guards

Steve Holme (28 Dec 2012)
- imsp.c: Fixed usernames and passwords that contain escape characters
  
  Fixed a problem with sending usernames and passwords that contain
  backslash, quotation mark and space characters.

Daniel Stenberg (27 Dec 2012)
- curl.1: extend the -X, --request description

- RELEASE-NOTES: synced with e3ed2b82e6

- [Nick Zitzmann brought this change]

  darwinssl: Fixed inability to disable peer verification
  
  ... on Snow Leopard and Lion
  
  Snow Leopard introduced the SSLSetSessionOption() function, but it
  doesn't disable peer verification as expected on Snow Leopard or
  Lion (it works as expected in Mountain Lion). So we now use sysctl()
  to detect whether or not the user is using Snow Leopard or Lion,
  and if that's the case, then we now use the deprecated
  SSLSetEnableCertVerify() function instead to disable peer verification.

Yang Tse (26 Dec 2012)
- curl tool: rename hugehelp files to tool_hugehelp

- curl tool: renaming hugehelp files to tool_hugehelp

- sockfilt.c: commit b44da5a82a follow-up 2

- sockfilt.c: commit b44da5a82a follow-up

- sockfilt.c: fix some compiler warnings

- curl_multi_remove_handle: commit 0aabfd9963 follow-up

Daniel Stenberg (25 Dec 2012)
- lib556: enable VERBOSE to ease debugging on failures

Marc Hoersken (25 Dec 2012)
- socklift.c: Quick fix to re-add missing code

- socklift.c: Added select_ws function to support Windows
  
  WinSock select() does not support standard file descriptors,
  it can only check SOCKETs. The following function is an attempt
  to create a select() function with support for other handles.

Yang Tse (25 Dec 2012)
- Enable tests 1503, 1504 and 1505

- curl_multi_remove_handle: fix memory leak triggered with CURLOPT_RESOLVE

- Curl_hash_clean: OOM handling fix

- test 1504 and 1505: same as 1502 but with different cleanup sequences

Daniel Stenberg (24 Dec 2012)
- Curl_conncache_foreach: allow callback to break loop
  
  ... and have it take a proper 'struct connectdata *' as first argument

- pop3_doing: don't call pop3_dophase_done() if already failed
  
  ... it also clobbered the 'result' return value so that it wouldn't
  return the error back to the parent function properly, which broke test
  809 when run with 'multi-always'.

Yang Tse (23 Dec 2012)
- test 1503: same as 1502 but with a different cleanup sequence

- test 1502: OOM handling fixes

- curl_multi_wait: OOM handling fix

- [Daniel Stenberg brought this change]

  curl_multi_wait: avoid an unnecessary memory allocation

- runtests.pl: prepend $srcdir to HTTPTLS server config files path

- multi.c: OOM handling fix

- lib543.c: OOM handling fixes

- configure: add internal sanity check (warn only) on vars for makefiles

Daniel Stenberg (21 Dec 2012)
- SCP: relative path didn't work
  
  When prefixing a path with /~/ it is supposed to be used relative to the
  user's home directory but it didn't work. Now we cut off the entire
  three byte sequenct "/~/" which seems to be how OpenSSH does it.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1173
  Reported by: Balaji Parasuram

Yang Tse (21 Dec 2012)
- configure: LIBMETALINK_CFLAGS actually is LIBMETALINK_CPPFLAGS

- configure: add minimal sanity check on user provided CFLAGS and CPPFLAGS

- bundles connection caching: some out of memory handling fixes

- libntlmconnect.c: fix compiler warnings and OOM handling

- configure.ac: clear local test intended variables before use

- VC6 IDE: link with advapi32.lib when using WIN32 crypto API (md5.c)

- curl-functions.m4: improve gethostname arg 2 data type check

- setup_once.h: HP-UX specific 'bool', 'false' and 'true' definitions.
  
  Also reverts commit f254c59dc7

- configure: check if compiler halts on function prototype mismatch

- warnless.c: fix compiler warnings

- curl-functions.m4: add gethostname arg 2 data type check and definition

Daniel Stenberg (14 Dec 2012)
- [Nick Zitzmann brought this change]

  darwinssl: Fix implicit conversion compiler warnings
  
  The Clang compiler found a few implicit conversion problems that have
  now been fixed.

Yang Tse (14 Dec 2012)
- setup_once.h: HP-UX <sys/socket.h> issue workaround
  
  Issue: When building a 32bit target with large file support HP-UX
  <sys/socket.h> header file may simultaneously provide two different
  sets of declarations for sendfile and sendpath functions, one with
  static and another with external linkage. Given that we do not use
  mentioned functions we really don't care which linkage is the
  appropriate one, but on the other hand, the double declaration emmits
  warnings when using the HP-UX compiler and errors when using modern
  gcc versions resulting in fatal compilation errors.
  
  Mentioned issue is now fixed as long as we don't use sendfile nor
  sendpath functions.

- setup_once.h: refactor inclusion of <unistd.h> and <sys/socket.h>
  
  Inclusion of top two most included header files now done in setup_once.h

- setup_once.h: HP-UX specific TRUE and FALSE definitions
  
  Some HP-UX system headers require TRUE defined to 1 and FALSE to 0.

Daniel Stenberg (12 Dec 2012)
- gopher: #include cleanup
  
  Remove all system file includes from this file as they're not needed
  
  Reported by: Dan Fandrich

Yang Tse (11 Dec 2012)
- examples/simplessl.c: fix compiler warning

- examples/externalsocket.c: fix SunPro compilation issue

- examples/simplessl.c: fix compiler warning

- build: add bundles and conncache files to other build systems

- conncache: fix enumerated type mixed with another type

- examples/anyauthput.c: fix Tru64 compilation issue

Daniel Stenberg (8 Dec 2012)
- [Colin Watson brought this change]

  configure: fix cross pkg-config detection
  
  When cross-compiling, CURL_CHECK_PKGCONFIG was checking for the cross
  pkg-config using ${host}-pkg-config.
  
  The gold standard for doing this correctly is pkg-config's own macro,
  PKG_PROG_PKG_CONFIG.  However, on the assumption that you have a good
  reason not to use that directly (reduced dependencies for maintainer
  builds?), the behaviour of cURL's version should at least match.
  PKG_PROG_PKG_CONFIG uses AC_PATH_TOOL, which ultimately ends up trying
  ${host_alias}-pkg-config; this is not quite the same as what cURL does,
  and may differ because ${host} has been run through config.sub.  For
  instance, when cross-building to the armhf architecture on Ubuntu,
  ${host_alias} is arm-linux-gnueabihf while ${host} is
  arm-unknown-linux-gnueabihf.  This may also have been the cause of the
  problem reported at http://curl.haxx.se/mail/lib-2012-04/0224.html.
  
  AC_PATH_TOOL is significantly simpler than cURL's current code, and
  dates back to well before the current minimum of Autoconf 2.57, so let's
  use it instead.

- [Linus Nielsen Feltzing brought this change]

  Introducing a new persistent connection caching system using "bundles".
  
  A bundle is a list of all persistent connections to the same host.
  The connection cache consists of a hash of bundles, with the
  hostname as the key.
  The benefits may not be obvious, but they are two:
  
  1) Faster search for connections to reuse, since the hash
     lookup only finds connections to the host in question.
  2) It lays out the groundworks for an upcoming patch,
     which will introduce multiple HTTP pipelines.
  
  This patch also removes the awkward list of "closure handles",
  which were needed to send QUIT commands to the FTP server
  when closing a connection.
  Now we allocate a separate closure handle and use that
  one to close all connections.
  
  This has been tested in a live system for a few weeks, and of
  course passes the test suite.

- [Fabian Keil brought this change]

  runtests and friends: Do not add undefined values to @INC
  
  On FreeBSD this fixes the warning:
  Use of uninitialized value $p in string eq at /usr/local/lib/perl5/5.14.2/BSDPAN/BSDPAN.pm line 36.

Steve Holme (5 Dec 2012)
- Merge pull request #52 from isn-/master
  
  small compilation fix

Stanislav Ivochkin (5 Dec 2012)
- build: fix compilation with CURL_DISABLE_CRYPTO_AUTH flag

Yang Tse (5 Dec 2012)
- libtest: fix some compiler warnings

- examples: fix compilation issues - commit 7332a7cafb follow-up

- examples: fix compilation issues - commit 23f8dca6fb follow-up

- examples: fix compilation issues

- build: explain current role of LIBS in our Makefile.am files
  
  BLANK_AT_MAKETIME may be used in our Makefile.am files to blank
  LIBS variable used in generated makefile at makefile processing
  time. Doing this functionally prevents LIBS from being used for
  all link targets in given makefile.

Daniel Stenberg (4 Dec 2012)
- multi: fix re-sending request on early connection close
  
  This handling already works with the easy-interface code. When a request
  is sent on a re-used connection that gets closed by the server at the
  same time as the request is sent, the situation may occur so that we can
  send the request and we discover the broken connection as a RECV_ERROR
  in the PERFORM state and then the request needs to be retried on a fresh
  connection. Test 64 broke with 'multi-always-internally'.

Yang Tse (4 Dec 2012)
- configure: add minimal sanity check on user provided LIBS and LDFLAGS

- build: prevent global LIBS from influencing src and lib build targets
  
  Currently, LIBS is already used through other macros.

Kamil Dudka (3 Dec 2012)
- nss: prevent NSS from crashing on client auth hook failure
  
  Although it is not explicitly stated in the documentation, NSS uses
  *pRetCert and *pRetKey even if the client authentication hook returns
  a failure.  Namely, if we destroy *pRetCert without clearing *pRetCert
  afterwards, NSS destroys the certificate once again, which causes a
  double free.
  
  Reported by: Bob Relyea

Yang Tse (30 Nov 2012)
- testcurl.pl: build example programs for several autobuilds
  
  Affected autobuilds: IRIX, AIX, Tru64 and AIX.

- build: prevent global LIBS from influencing examples build targets

- build: prevent global LIBS from influencing libtest build targets

- build: prevent global LIBS from influencing test server build targets

- build: fix Windows build targets damaged since commit 550e403f00

- build: avoid linkage of directly unused libraries

- dd missing NTLM feature for tests 2025, and 2028 to 2032

- avoid mixing of enumerated type with another type

- multi.c: disambiguate precedence of bitwise and relational operation

Daniel Stenberg (26 Nov 2012)
- [Fabian Keil brought this change]

  Remove stray CRLF in chunk-encoded content-free request bodies
  
  .. that are sent when auth-negotiating before a chunked
  upload or when setting the 'Transfer-Encoding: chunked'
  header and intentionally sending no content.
  
  Adjust test565 and test1333 accordingly.

- FAQ: clarify the 3.4 section
  
  You can do custom commands to FTP without sending anything by using the
  CURLOPT_NOBODY, which -I sets.

- [Lijo Antony brought this change]

  examples: Updated asiohiper.cpp to remove connect from opensocket
  
  Blocking connect on the socket has been removed from opensocket
  callback. opensocket just opens a new socket and gives it back to
  libcurl and libcurl will take care of the connect. sockopt_callback has
  also been removed, as it is no longer required.

Yang Tse (23 Nov 2012)
- build: fix AIX compilation and usage
  
  AIX sys/poll.h header file defines 'events' and 'revents' as C
  preprocessor macros. Usage of these literals in libcurl's external
  API was introduced in commit de24d7bd4c causing AIX build failures.
  Appropriate inclusion of sys/poll.h by libcurl's external interface
  fixes AIX build and usage issues while avoiding a SONAME bump.

Steve Holme (23 Nov 2012)
- DOCS: Updated CURLOPT_CONNECT_ONLY to reflect usage in other protocols

Daniel Stenberg (23 Nov 2012)
- test: offer "automake" output and check for perl better
  
  runtests.pl -am now uses the "PASS/FAIL: [desc]" output for each
  executed test. You can run 'make test-am' in the root build directory to
  invoke that. The reason for this output style is to better allow generic
  test suite parsers to also grok our test output.
  
  The test Makefile now also tests that perl was indeed found and that the
  PERL variable points to an executable before it tries to run the main
  test perl script runtests.pl,

- [Fabian Keil brought this change]

  Test 206: Use a Content-Length header for the 407 response
  
  Otherwise curl would have to guess where the body ends.

- [Fabian Keil brought this change]

  Test 206: Don't respond to a succesful CONNECT request with a body
  
  It's against the spec and caused test failures when header
  and response were read from the network separately in which
  case bug #39 wasn't triggered.

- htmltitle: use .cpp extension for C++ examples

- [Lijo Antony brought this change]

  examples: Added a c++ example of using multi with boost::asio
  
  Added an example for demonstrating the usage of curl multi interface
  with boost::asio in c++

- VC Makefiles: add missing hostcheck
  
  the newly introduced hostcheck.h/c is missing in the Visual Studio
  Makefiles as obj file.
  
  Bug: http://curl.haxx.se/mail/lib-2012-11/0176.html

- compiler warning fixes
  
  The conversions from ssize_t to int need to be typecasted.

- bump: start working on 7.28.2

- THANKS: added 14 contributors from the 7.28.1 release

Version 7.28.1 (20 Nov 2012)

Daniel Stenberg (20 Nov 2012)
- RELEASE-NOTES: synced with 52af6e69f079 / 7.28.1

Kamil Dudka (20 Nov 2012)
- [Anthony Bryan brought this change]

  RELEASE-NOTES: NSS can be used for metalink hashing

- [Fabian Keil brought this change]

  Get test 2032 working when using valgrind
  
  If curl_multi_fdset() sets maxfd to -1, the socket detection
  loop is skipped and thus !found_new_socket is no cause for alarm.

- test2032: spurious failure caused by premature termination
  
  Bug: http://curl.haxx.se/mail/lib-2012-11/0095.html

Daniel Stenberg (19 Nov 2012)
- [Fabian Keil brought this change]

  Fix comment typos in test 517

- [Fabian Keil brought this change]

  Test 92 and 194: normalize spaces in the Server headers
  
  It makes no difference from curl's point of view but
  makes it more convenient to use the tests with a
  lws-normalizing proxy between curl and the test server.

- [Fabian Keil brought this change]

  Add a HOSTIP precheck for tests 31 and 1105
  
  They currently only work for 127.0.0.1 which
  is hardcoded and can't be easily changed.

- [Fabian Keil brought this change]

  Let test 8 work as long as %HOSTIP ends with ".0.0.1"
  
  .. and add a precheck to skip the test otherwise.

- [Fabian Keil brought this change]

  Add --resolve to the keywords and name of test 1318
  
  This makes it easier to skip it automatically when
  the test suite is used with external proxies.

- [Fabian Keil brought this change]

  Add FTP keywords for a couple of currently keyword-less FTP tests

- [Fabian Keil brought this change]

  Add keywords for a couple of currently keyword-less HTTP tests

- [Fabian Keil brought this change]

  Use carriage returns in all headers in test 31
  
  Trailing spaces were left unmodifed, assuming they were intentional.

- [Fabian Keil brought this change]

  Do not mix CRLF and LF header endings in a couple of HTTP tests
  
  Consistently use CRLF instead. The mixed endings weren't
  documented so I assume they were unintentional.
  
  This change doesn't matter for curl itself but makes using
  the tests with a proxy between curl and the test server
  more convenient.
  
  Tests that consistently use no carriage returns were
  left unmodified as one can easily work around this.

- fixed memory leak: CURLOPT_RESOLVE with multi interface
  
  DNS cache entries populated with CURLOPT_RESOLVE were not properly freed
  again when done using the multi interface.
  
  Test case 1502 added to verify.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3575448
  Reported by: Alex Gruz

- RELEASE-NOTES: synced with ee588fe08807778
  
  4 more bug fixes and 4 more contributors

- mem-include-scan: verify memory #includes
  
  If we use memory functions (malloc, free, strdup etc) in C sources in
  libcurl and we fail to include curl_memory.h or memdebug.h we either
  fail to properly support user-provided memory callbacks or the memory
  leak system of the test suite fails.
  
  After Ajit's report of a failure in the first category in http_proxy.c,
  I spotted a few in the second category as well. These problems are now
  tested for by test 1132 which runs a perl program that scans for and
  attempts to check that we use the correct include files if a memory
  related function is used in the source code.
  
  Reported by: Ajit Dhumale
  Bug: http://curl.haxx.se/mail/lib-2012-11/0125.html

- tftp_rx: code style cleanup
  
  Fixed checksrc warnings

- [Fabian Keil brought this change]

  Fix the libauthretry changes from 7c0cbcf2f61
  
  They broke the NTLM tests from 2023 to 2031.

- [Christian Vogt brought this change]

  tftp_rx: handle resends
  
  Re-send ACK for block X in case we receive block X data again while
  waiting for block X+1.
  
  Based on an earlier patch by Marcin Adamski.

- autoconf: don't force-disable compiler debug option
  
  When nothing is told to configure, we should not enforce switching off
  debug options with -g0 (or similar). We instead don't use -g at all in
  that situaion and therefore allow the user's CFLAGS settings possibly
  dictate what to do.

- [Mark Snelling brought this change]

  winbuild: Fix PDB file output
  
  And fix some newlines to be proper CRLF
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3586741

- RELEASE-NOTES: synced with fa1ae0abcde

- [Cristian Rodríguez brought this change]

  OpenSSL: Disable SSL/TLS compression
  
  It either causes increased memory usage or exposes users
  to the "CRIME attack" (CVE-2012-4929)

- [Sebastian Rasmussen brought this change]

  FILE: Make upload-writes unbuffered by not using FILE streams

Kamil Dudka (13 Nov 2012)
- tool_metalink: fix error detection of hash alg initialization
  
  The {MD5,SHA1,SHA256}_Init functions from OpenSSL are called directly
  without any wrappers and they return 1 for success, 0 otherwise.  Hence,
  we have to use the same approach in all the wrapper functions that are
  used for the other crypto libraries.
  
  This commit fixes a regression introduced in commit dca8ae5f.

Daniel Stenberg (13 Nov 2012)
- RELEASE-NOTES: synced with 7c0cbcf2f617b

- [Sergei Nikulov brought this change]

  fixed Visual Studio 2010 compilation

- [Anton Malov brought this change]

  ftp: EPSV-disable fix over SOCKS
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3586338

Patrick Monnerat (12 Nov 2012)
- Merge branch 'master' of github.com:bagder/curl

- OS400: upgrade wrappers for the 7.28.1 release.

Daniel Stenberg (12 Nov 2012)
- runtests: limit execessive logging/output

- [Gabriel Sjoberg brought this change]

  Digst: Add microseconds into nounce calculation
  
  When using only 1 second precision, curl doesn't create new cnonce
  values quickly enough for all uses.
  
  For example, issuing the following command multiple times to a recent
  Tomcat causes authentication failures:
  
  curl --digest -utest:test http://tomcat.test.com:8080/manager/list
  
  This is because curl uses the same cnonce for several seconds, but
  doesn't increment the nonce counter.  Tomcat correctly interprets
  this as a replay attack and rejects the request.
  
  When microsecond-precision is available, this commit causes curl to
  change cnonce values much more frequently.
  
  With microsecond resolution, increasing the nounce length used in the
  headers to 32 was made to further reduce the risk of duplication.

- SCP/SFTP: improve error code used for send failures
  
  Instead of relying on the generic CURLE error for SCP or SFTP send
  failures, try passing back a more suitable error if possible.

- Curl_write: remove unneeded typecast

Kamil Dudka (9 Nov 2012)
- tool_metalink: allow to use hash algorithms provided by NSS
  
  Fixes bug #3578163:
  http://sourceforge.net/tracker/?func=detail&atid=100976&aid=3578163&group_id=976

- tool_metalink: allow to handle failure of hash alg initialization

- tool_metalink: introduce metalink_cleanup() in the internal API
  
  ... to release resources allocated at global scope

Daniel Stenberg (8 Nov 2012)
- hostcheck: only build for the actual users
  
  and make local function static

- [Oscar Koeroo brought this change]

  SSL: Several SSL-backend related fixes
  
  axTLS:
  
  This will make the axTLS backend perform the RFC2818 checks, honoring
  the VERIFYHOST setting similar to the OpenSSL backend.
  
  Generic for OpenSSL and axTLS:
  
  Move the hostcheck and cert_hostcheck functions from the lib/ssluse.c
  files to make them genericly available for both the OpenSSL, axTLS and
  other SSL backends. They are now in the new lib/hostcheck.c file.
  
  CyaSSL:
  
  CyaSSL now also has the RFC2818 checks enabled by default. There is a
  limitation that the verifyhost can not be enabled exclusively on the
  Subject CN field comparison. This SSL backend will thus behave like the
  NSS and the GnuTLS (meaning: RFC2818 ok, or bust). In other words:
  setting verifyhost to 0 or 1 will disable the Subject Alt Names checks
  too.
  
  Schannel:
  
  Updated the schannel information messages: Split the IP address usage
  message from the verifyhost setting and changed the message about
  disabling SNI (Server Name Indication, used in HTTP virtual hosting)
  into a message stating that the Subject Alternative Names checks are
  being disabled when verifyhost is set to 0 or 1. As a side effect of
  switching off the RFC2818 related servername checks with
  SCH_CRED_NO_SERVERNAME_CHECK
  (http://msdn.microsoft.com/en-us/library/aa923430.aspx) the SNI feature
  is being disabled. This effect is not documented in MSDN, but Wireshark
  output clearly shows the effect (details on the libcurl maillist).
  
  PolarSSL:
  
  Fix the prototype change in PolarSSL of ssl_set_session() and the move
  of the peer_cert from the ssl_context to the ssl_session. Found this
  change in the PolarSSL SVN between r1316 and r1317 where the
  POLARSSL_VERSION_NUMBER was at 0x01010100. But to accommodate the Ubuntu
  PolarSSL version 1.1.4 the check is to discriminate between lower then
  PolarSSL version 1.2.0 and 1.2.0 and higher. Note: The PolarSSL SVN
  trunk jumped from version 1.1.1 to 1.2.0.
  
  Generic:
  
  All the SSL backends are fixed and checked to work with the
  ssl.verifyhost as a boolean, which is an internal API change.

- libcurl: VERSIONINFO update
  
  Since we added the curl_multi_wait function, the VERSIONINFO needed
  updating.
  
  Reported by: Patrick Monnerat

Guenter Knauf (8 Nov 2012)
- Added .def file to output.
  
  Requested by Johnny Luong on the libcurl list.

- Added deps for static metalink-aware MinGW builds.

Daniel Stenberg (8 Nov 2012)
- [Fabian Keil brought this change]

  Fix compilation of lib1501

- Curl_readwrite: remove debug output
  
  The text "additional stuff not fine" text was added for debug purposes a
  while ago, but it isn't really helping anyone and for some reason some
  Linux distributions provide their libcurls built with debug info still
  present and thus (far too many) users get to read this info.

- RELEASE-NOTES: synced with 487538e87a3d5e
  
  6 new bugfixes and 3 more contributors...

- http_perhapsrewind: consider NTLM over proxy too
  
  The logic previously checked for a started NTLM negotiation only for
  host and not also with proxy, leading to problems doing POSTs over a
  proxy NTLM that are larger than 2000 bytes. Now it includes proxy in the
  check.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3582321
  Reported by: John Suprock

- [Lars Buitinck brought this change]

  Curl_connecthost: friendlier "couldn't connect" message

- test1413: verify redirects to URLs with fragments
  
  The bug report claimed it didn't work. This problem was probably fixed
  in 473003fbdf.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3581898

- URL parser: cut off '#' fragments from URLs (better)
  
  The existing logic only cut off the fragment from the separate 'path'
  buffer which is used when sending HTTP to hosts. The buffer that held
  the full URL used for proxies were not dealt with. It is now.
  
  Test case 5 was updated to use a fragment on a URL over a proxy.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3579813

- OpenSSL/servercert: use correct buffer size, not size of pointer
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3579286

- curl: set CURLOPT_SSL_VERIFYHOST to 0 to disable

- test 2027/2030: take duplicate Digest requests into account
  
  With the reversion of ce8311c7e49eca and the new clear logic, this flaw
  is present and we allow it.

- Curl_pretransfer: clear out unwanted auth methods
  
  As a handle can be re-used after having done HTTP auth in a previous
  request, it must make sure to clear out the HTTP types that aren't
  wanted in this new request.

- test1412: verify Digest with repeated URLs
  
  This test case verifies that bug 3582718 is fixed.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3582718
  Reported by: Nick Zitzmann (originally)

- Revert "Zero out auth structs before transfer"
  
  This reverts commit ce8311c7e49eca93c136b58efa6763853541ec97.
  
  The commit made test 2024 work but caused a regression with repeated
  Digest authentication. We need to fix this differently.

- CURLOPT_SSL_VERIFYHOST: stop supporting the 1 value
  
  After a research team wrote a document[1] that found several live source
  codes out there in the wild that misused the CURLOPT_SSL_VERIFYHOST
  option thinking it was a boolean, this change now bans 1 as a value and
  will make libcurl return error for it.
  
  1 was never a sensible value to use in production but was introduced
  back in the days to help debugging. It was always documented clearly
  this way.
  
  1 was never supported by all SSL backends in libcurl, so this cleanup
  makes the treatment of it unified.
  
  The report's list of mistakes for this option were all PHP code and
  while there's a binding layer between libcurl and PHP, the PHP team has
  decided that they have an as thin layer as possible on top of libcurl so
  they will not alter or specifically filter a 'TRUE' value for this
  particular option. I sympathize with that position.
  
  [1] = http://daniel.haxx.se/blog/2012/10/25/libcurl-claimed-to-be-dangerous/

- gnutls: fix compiler warnings

- [Alessandro Ghedini brought this change]

  gnutls: print alerts during handshake

- [Alessandro Ghedini brought this change]

  gnutls: fix the error_is_fatal logic

- RELEASE-NOTES: synced with fa6d78829fd30ad

- httpcustomheader.c: free the headers after use

- [Dave Reisner brought this change]

  uniformly use AM_CPPFLAGS, avoid deprecated INCLUDES
  
  Since automake 1.12.4, the warnings are issued on running automake:
  
    warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
  
  Avoid INCLUDES and roll these flags into AM_CPPFLAGS.
  
  Compile tested on:
    Ubuntu 10.04 (automake 1:1.11.1-1)
    Ubuntu 12.04 (automake 1:1.11.3-1ubuntu2)
    Arch Linux (automake 1.12.4)

- libauthretry.c: shorten lines to fit within 80 cols

- ftp_readresp: fix build without krb4 support
  
  Oops, my previous commit broke builds with krb support.

- test/README: mention the 1500 test number range

- FTP: prevent the multi interface from blocking
  
  As pointed out in Bug report #3579064, curl_multi_perform() would
  wrongly use a blocking mechanism internally for some commands which
  could lead to for example a very long block if the LIST response never
  showed.
  
  The solution was to make sure to properly continue to use the multi
  interface non-blocking state machine.
  
  The new test 1501 verifies the fix.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3579064
  Reported by: Guido Berhoerster

Marc Hoersken (1 Nov 2012)
- winbuild: Use machine type of development environment
  
  This patch restores the original behavior instead of always
  falling back to x86 if no MACHINE-type was specified.

- winbuild: Additional clean up

- [Sapien2 brought this change]

  Even more winbuild refactoring

- [Sapien2 brought this change]

  Minor winbuild refactoring

- [Sapien2 brought this change]

  Architecture selection for winbuild and minor makefiles refactoring

Daniel Stenberg (1 Nov 2012)
- BUGS: fix the bug tracker URL
  
  The URL we used before is the one that goes directly to 'add' a bug
  report, but since you can only do that after first having logged in to
  sourceforge, the link often doesn't work for visitors.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3582408
  Reported by: Oscar Norlander

- evhiperfifo: fix the pointer passed to WRITEDATA
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3582407
  Reported by: Oscar Norlander

Guenter Knauf (1 Nov 2012)
- Fixed MSVC libssh2 static build.
  
  Since libssh2 supports now agent stuff it also depends on user32.lib.
  Posted to the list by Jan Ehrhardt.

Daniel Stenberg (23 Oct 2012)
- tlsauthtype: deal with the string case insensitively
  
  When given a string as 'srp' it didn't work, but required 'SRP'.
  Starting now, the check disregards casing.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3578418
  Reported by: Jeff Connelly

- asyn-ares: restore working with c-ares < 1.6.1
  
  Back in those days the public ares.h header didn't include the
  ares_version.h header so it needs to be included here.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3577710

- [Nick Zitzmann brought this change]

  metalink/md5: Use CommonCrypto on Apple operating systems
  
  Previously the Metalink code used Apple's CommonCrypto library only if
  curl was built using the --with-darwinssl option. Now we use CommonCrypto
  on all Apple operating systems including Tiger or later, or iOS 5 or
  later, so you don't need to build --with-darwinssl anymore. Also rolled
  out this change to libcurl's md5 code.

- href_extractor.c: fix the URL

- [Michał Kowalczyk brought this change]

  href_extractor: example code extracting href elements
  
  It does so in a streaming manner using the "Streaming HTML parser".

- [Nick Zitzmann brought this change]

  darwinssl: un-broke iOS build, fix error on server disconnect
  
  The iOS build was broken by a reference to a function that only existed
  under OS X; fixed. Also fixed a hard-to-reproduce problem where, if the
  server disconnected before libcurl got the chance to hang up first and
  SecureTransport was in use, then we'd raise an error instead of failing
  gracefully.

- [Alessandro Ghedini brought this change]

  gnutls: put reset code into else block
  
  Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690551

Guenter Knauf (13 Oct 2012)
- Fix now broken libmetalink-aware OpenSSL build.

- Revert c44e674; add OpenSSL includes/defines.
  
  The makefile is designed to build against a libmetalink devel package;
  therefore is does not matter what will change inside libmetalink.
  Add OpenSSL includes and defines for libmetalink-aware OpenSSL builds.

Daniel Stenberg (10 Oct 2012)
- version-bump: towards 7.28.1!

- THANKS: 14 new contributors from 7.28.0

Version 7.28.0 (10 Oct 2012)

Daniel Stenberg (10 Oct 2012)
- RELEASE-NOTES: synced with 8373ca3641
  
  One bug, one contributor. Getting ready for release.

- curl_multi_wait: no wait if no descriptors to wait for
  
  This is a minor change in behavior after having been pointed out by Mark
  Tully and discussed on the list. Initially this case would internally
  call poll() with no sockets and a timeout which would equal a sleep for
  that specified time.
  
  Bug: http://curl.haxx.se/mail/lib-2012-10/0076.html
  Reported by: Mark Tully

- TODO-RELEASE: cleanup for 7.28.0
  
  one issue is now KNOWN_BUG #79
  
  the other we just skip since nobody is working on it or is planning to
  start working on it anytime soon

- curl_multi_wait.3: style formatting mistake

Marc Hoersken (8 Oct 2012)
- ssluse.c: md5.h is required for Curl_ossl_md5sum

Daniel Stenberg (8 Oct 2012)
- curl_multi_wait.3: fix the name of the man page

- curl_multi_wait.3: renamed the last argument variable for clarity

Marc Hoersken (6 Oct 2012)
- curl_schannel.c: Fixed caching more data than required
  
  Do not fill the decrypted data buffer with more data unless
  required in order to return the requested amount of data.

- curl_schannel: Removed buffer limit and optimized buffer strategy
  
  Since there are servers that seem to return very big encrypted
  data packages, we need to be able to handle those without having
  an internal size limit. To avoid the buffer growing to fast to
  early the initial size was decreased and the minimum free space
  in the buffer was decreased as well.

- lib/socks.c: Merged two size variables into one

- lib/socks.c: Avoid type conversions where possible
  
  Streamlined variable names and types to avoid type conversions that
  may result in data being lost on non 32-bit systems.

- lib/curl_schannel.c: Hide size_t conversion warning

- krb5/curl_rtmp.c: Hide size_t to int type conversion warning

- security.c: Aligned internal type to return type
  
  Use ssize_t instead of int to avoid conversion problems on 64-bit
  systems. Also added curlx_sztosi where necessary.

- lib/curl_schannel: Increased maximum buffer size to factor 128

- winbuild/MakefileBuild.vc: Follow up on 0c8ccf7

Daniel Stenberg (2 Oct 2012)
- RELEASE-NOTES: synced with 971f5bcedd418
  
  9 new bug fixes, 5 changes, 6 more contributors

- multi_runsingle: CURLOPT_LOW_SPEED_* fix for rate limitation
  
  During the periods of rate limitation, the speedcheck function wasn't
  called and thus the values weren't updated accordingly and it would then
  easily trigger wrongly once data got transferred again.
  
  Also, the progress callback's return code was not acknowledged in this
  state so it could make an "abort" return code to get ignored and not
  have the documented effect of aborting an ongoing transfer.
  
  Bug: http://curl.haxx.se/mail/lib-2012-09/0081.html
  Reported by: Jie He

- [Tatsuhiro Tsujikawa brought this change]

  tool_metalink.c: Filtered resource URLs by type
  
  In Metalink v3, the type attribute of url element indicates the
  type of the resource the URL points to. It can include URL to the
  meta data, such as BitTorrent metainfo file.  In Curl, we are not
  interested in these meta data URLs. Instead, we are only
  interested in the HTTP and FTP URLs. This change filters out
  non-HTTP and FTP URLs. If we don't filter out them, it will be
  downloaded by curl and hash check will fail if hash is provided
  and next URL will be tried. This change will cut this useless
  network transfer.

Kamil Dudka (1 Oct 2012)
- https.c example: remember to call curl_global_init()
  
  ... in order not to leak memory on initializing an SSL library.
  
  Reported by: Tomas Mlcoch

Daniel Stenberg (28 Sep 2012)
- FAQ: remove the date from the topmost line

- FAQ: 5.16 I want a different time-out!

- Curl_reconnect_request: clear pointer on failure
  
  The Curl_reconnect_request() function could end up returning a pointer
  to a free()d struct when Curl_done() failed inside. Clearing the pointer
  unconditionally after Curl_done() avoids this risk.
  
  Reported by: Ho-chi Chen
  Bug: http://curl.haxx.se/mail/lib-2012-09/0188.html

- CURLOPT_CONNECTTIMEOUT: works without signals or posix too!

Marc Hoersken (24 Sep 2012)
- Makefile.vc6: Follow up on 0c8ccf7

- Makefile.vc6: Added missing default library advapi32.lib

Daniel Stenberg (19 Sep 2012)
- HTTP_ONLY: disable more protocols

- test2006: Updated expected output to include hash name
  
  Output changed in commit a34197ef77cb

- [Sergei Nikulov brought this change]

  cmake: use standard findxxx modules for cmake v2.8+

- [Sergei Nikulov brought this change]

  setup.h: fixed for MS VC10 build
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3568327

- TODO-RELEASE: push new features to 7.29
  
  Leave two bug fixes as possibly fixed for 7.28 but as nobody seems to be
  working on them I have little hope...

Marc Hoersken (17 Sep 2012)
- metalink tests: Updated expected output to include hash name

Daniel Stenberg (16 Sep 2012)
- [Sara Golemon brought this change]

  curl_multi_wait: Add parameter to return number of active sockets
  
  Minor change to recently introduced function.  BC breaking, but since
  curl_multi_wait() doesn't exist in any releases that should be fine.

Marc Hoersken (14 Sep 2012)
- socks.c: Fixed warning: conversion to 'int' from 'long unsigned int'

- http_negotiate.c: Fxied warning: unused variable 'rc'

- ssh.c: Fixed warning: implicit conversion from enumeration type

- socks.c: Check that IPv6 is enabled before using it's features

- checksrc: Fixed line length and comment indentation

- socks.c: Updated error messages to handle hostname and IPv6

- socks.c: Added support for IPv6 connections through SOCKSv5 proxy

Daniel Stenberg (13 Sep 2012)
- parse_proxy: treat "socks://x" as a socks4 proxy
  
  Selected socks proxy in Google's Chrome browser. Resulting in the
  following environment variables:
  
  NO_PROXY=localhost,127.0.0.0/8
  ALL_PROXY=socks://localhost:1080/
  all_proxy=socks://localhost:1080/
  no_proxy=localhost,127.0.0.0/8
  
  ... and libcurl didn't treat 'socks://' as socks but instead picked HTTP
  proxy.
  
  Reported by: Scott Bailey
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3566860

Kamil Dudka (12 Sep 2012)
- ssh: do not crash if MD5 fingerprint is not provided by libssh2
  
  The MD5 fingerprint cannot be computed when running in FIPS mode.

- ssh: move the fingerprint checking code to a separate fnc

Marc Hoersken (12 Sep 2012)
- tool_metalink.c: Added name of validation hash to messages
  
  This makes it easier to debug broken hashes or hash functions.

- wincrypt: Fixed cross-compilation issues caused by include name
  
  For some reason WinCrypt.h is named wincrypt.h under MinGW.

- md5.c: Added support for Microsoft Windows CryptoAPI

- Makefile.m32: Updated to build against libmetalink 0.1.2
  
  The include and library path were moved within libmetalink, this
  patch adjusts the defaults provided within the curl MinGW makefile.

- tool_metalink.c: Added support for Microsoft Windows CryptoAPI
  
  Since Metalink support requires a crypto library for hash functions
  and Windows comes with the builtin CryptoAPI, this patch adds that
  API as a fallback to the supported crypto libraries.
  It is automatically used on Windows if no other library is provided.

- libntlmconnect.c: Fixed typo and conversion

- libntlmconnect.c: Fixed warning: curl_easy_getinfo expects long pointer
  
  Fixed tests/libtest/libntlmconnect.c:52: warning: call to
  '_curl_easy_getinfo_err_long' declared with attribute warning:
  curl_easy_getinfo expects a pointer to long for this info

- sws.c: Fixed warning: 'err' may be used uninitialized in this function

- libntlmconnect.c: Fixed warning: comparison of signed/unsigned integer
  
  Windows does not use -1 to represent invalid sockets and the
  SOCKET type is unsigned.

- nss.c: Fixed warning: 'err' may be used uninitialized in this function

- tool_metalink.c: Fixed error: 'O_BINARY' undeclared
  
  Check for O_BINARY which is not available on every system.

- tool_metalink.c: Fixed validation of binary files containing EOF
  
  Since Windows/MinGW threat 0x1A as the EOF character, reading binary
  files which contain that byte does not work using text mode.
  The read function will only read until the first 0x1A byte. This
  means that the hash is not computed from the whole file and the
  final validation check using hash comparision fails.

- winbuild: Added support for building with SPNEGO enabled
  
  Since Simple and Protected GSSAPI Negotiation Mechanism
  is already implemented in curl and supported by the MinGW
  builds, this change adds build support to winbuild makefiles.

- winbuild: Adjusted order of options to generated config name
  
  Cleaned up order of handled build options by ordering them
  nearly alphabetically by using the order of the generated
  config name. Preparation for future/more build options.

Daniel Stenberg (9 Sep 2012)
- [Anthony Bryan brought this change]

  MANUAL: clarified user+password in HTTP URLs

- RELEASE-NOTES: synced with 6c6f1f64c2
  
  6 bug fixes to mention, 5 contributors

- TODO-RELEASE: CURLSSH_AUTH_AGENT and curl_multi_wait() are done
  
  -321 - CURLSSH_AUTH_AGENT patch by Armel Asselin
  
  -324 - curl_multi_select() vs curl_multi_fdvec() etc

Marc Hoersken (9 Sep 2012)
- curl_schannel.c: Reference count the credential/session handle
  
  Reference counting the credential handle should avoid that such a
  handle is freed while it is still required for connection shutdown

Daniel Stenberg (8 Sep 2012)
- [Nick Zitzmann brought this change]

  darwinssl: fixed for older Mac OS X versions
  
  SSL didn't work on older cats if built on a newer cat with weak-linking
  turned on to support the older cat

- [David Blaikie brought this change]

  tool_easysrc.c: Test pointers against NULL
  
  While validating a new Clang diagnostic (-Wnon-literal-null-conversion -
  yes, the name isn't quite correct in this case, but it suffices) I found
  a few violations of it in Curl.

- SOCKS: truly disable it if CURL_DISABLE_PROXY is defined
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3561305
  
  Patch by: Marcel Raad

- mk-ca-bundle: detect start of trust section better
  
  Each certificate section of the input certdata.txt file has a trust
  section following it with details.
  
  This script failed to detect the start of the trust for at least one
  cert[*], which made the script continue pass that section into the next
  one where it found an 'untrusted' marker and as a result that certficate
  was not included in the output.
  
  [*] = "Hellenic Academic and Research Institutions RootCA 2011"
  
  Bug: http://curl.haxx.se/mail/lib-2012-09/0019.html

- [Alessandro Ghedini brought this change]

  gnutls: do not fail on non-fatal handshake errors
  
  Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685402

- FILEFORMAT: the FTP commands work for more protocols

- test1411: verify SMTP without SIZE support

- [František Kučera brought this change]

  SMTP: only send SIZE if supported
  
  SMTP client will send SIZE parameter in MAIL FROM command only if server
  supports it. Without this patch server might say "504 Command parameter
  not implemented" and reject the message.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3564114

- ftpserver: respond with a 250 to SMTP EHLO
  
  ... and specify that SIZE is supported. 250 is the "correct" response
  code according to RFC 2821

- RELEASE-NOTES: synced with abb0da919300e

Dan Fandrich (3 Sep 2012)
- Updated Symbian build files
  
  This is untested, but at least Symbian still has a chance of
  still working now.

- Updated build docs w.r.t. Android and binary sizes

Daniel Stenberg (1 Sep 2012)
- symbols-in-versions: new CURL_WAIT_* symbols

- [Sara Golemon brought this change]

  Unit test for curl_multi_wait()

- [Sara Golemon brought this change]

  Manpage for curl_multi_wait().

- [Sara Golemon brought this change]

  multi: add curl_multi_wait()
  
  /*
   * Name:     curl_multi_wait()
   *
   * Desc:     Poll on all fds within a CURLM set as well as any
   *           additional fds passed to the function.
   *
   * Returns:  CURLMcode type, general multi error code.
   */
  CURL_EXTERN CURLMcode curl_multi_wait(CURLM *multi_handle,
                                        struct curl_waitfd extra_fds[],
                                        unsigned int extra_nfds,
                                        int timeout_ms);

- [Nick Zitzmann brought this change]

  darwinssl: Bugfix for previous commit for older cats
  
  I accidentally broke functionality for versions of OS X prior to Mountain
  Lion in the previous commit. This commit fixes the problems.

- [Joe Mason brought this change]

  Use MAX_EASY_HANDLES instead of hardcoding the number of handles twice

- test2032: bail out after last transfer
  
  The test would hang and get aborted with a "ABORTING TEST, since it
  seems that it would have run forever." until I prevented that from
  happening.
  
  I also fixed the data file which got broken CRLF line endings when I
  sucked down the path from Joe's repo == my fault.
  
  Removed #37 from KNOWN_BUGS as this fix and test case verifies exactly
  this.

- [Joe Mason brought this change]

  NTLM: re-use existing connection better
  
  If we need an NTLM connection and one already exists, always choose that
  one.

- [Joe Mason brought this change]

  NTLM: verify multiple connections work
  
  Add test2032 to test that NTLM does not switch connections in the middle
  of the handshake

- curl.1: list the -w variables sorted alphabetically

- libcurl-share.3: remove wrong info of what can be shared
  
  "Currently you can only share DNS and/or COOKIE data" is incorrect since
  also SSL sessions can be shared.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3562261
  Reported by: Joe Mason

- [Dave Reisner brought this change]

  examples: use do/while loop for multi examples
  
  It's conceivable that after the first time curl_multi_perform returns,
  the outvalue still_running will be 0, but work will have been done. This
  is shown by a workload of small, purely file:// based URLs. Ensure that
  we always read pending messages off the multi handle by forcing the
  while loop to run at least once.

- curl.h: fix comment to refer to current names
  
  CURLOPT_USE_SSL should be set to CURLUSESSL_* and nothing else in modern
  libcurl versions.

- ftpsget: simple example showing a FTPS fetch

- sftpget: SFTP is not "SSH FTP"

- [Armel Asselin brought this change]

  sftpget: example showing a simple SFTP download
  
  ... using SSH-agent

- curl_multi_perform.3: extended/clarified

- INSTALL.cmake: clarify some flaws/limits in the cmake build

- https.c example: spell check used define
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3559845
  Reported by: Olivier Berger

- configure: update the copyright years for the output

- [Nick Zitzmann brought this change]

  darwinssl: add TLS 1.1 and 1.2 support, replace deprecated functions
  
  In Mountain Lion, Apple added TLS 1.1 and 1.2, and deprecated a number
  of SecureTransport functions, some of which we were using. We now check
  to see if the replacement functions are present, and if so, we use them
  instead.  The old functions are still present for users of older
  cats. Also fixed a build warning that started to appear under Mountain
  Lion

- curl_easy_setopt: documented CURLSOCKTYPE_ACCEPT for SOCKOPTFUNCTION

- [Gokhan Sengun brought this change]

  ftp: active conn, place calling sockopt callback at the end of function
  
  Commit b91d29a28e170c16d65d956db79f2cd3a82372d2 introduces a bug and breaks Curl_closesocket function. sock_accepted flag for the second socket should be tagged as TRUE before the sockopt callback is called because in case the callback returns an error, Curl_closesocket function is going to call the - fclosesocket - callback for the accept()ed socket

- [Gokhan Sengun brought this change]

  ftp: active conn, allow application to set sockopt after accept() call
  
  For active FTP connections, applications may need setting the sockopt after accept() call returns successful. This fix gives a call to the callback registered with CURL_SOCKOPTFUNCTION option. Also a new sock type - CURLSOCKTYPE_ACCEPT - is added. This type is to be passed to application callbacks with - purpose - parameter. Applications may use this parameter to distinguish between socket types.

- configure: remove the --enable/disable-nonblocking options
  
  Removing this option as it currently only functions to lure people into
  wrongly using it and falsely believing that libcurl will work fine
  without using nonblocking sockets internally - which leads to hard to
  track or understand errors.

- [Ant Bryan brought this change]

  MANUAL review

- curl.1: shorten lines, avoid referring to libcurl instead of curl

- [Ant Bryan brought this change]

  curl.1: fix more consistent wording
  
  "If this option is used several times, the last one will be used."
  uniformity

- ssh: use the libssh2 agent API conditionally
  
  Commit e351972bc89aa4c brought in the ssh agent support but some uses of
  the libssh2 agent API was done unconditionally which wasn't good enough
  since that API hasn't always been present.

- white space fix: shorten long line
  
  ... to please checksrc.pl

Kamil Dudka (9 Aug 2012)
- docs: update the links to cipher-suites supported by NSS
  
  ... and make the list of cipher-suites in nss.c readable by humans.
  
  Bug: http://curl.haxx.se/mail/archive-2012-08/0016.html

- nss: do not print misleading NSS error codes

Daniel Stenberg (8 Aug 2012)
- RELEASE-NOTES: synced with 0774386b23
  
  5 more bug fixes, one change, 6 contributors

- [Armel Asselin brought this change]

  docs: mention CURLSSH_AUTH_AGENT

- [Armel Asselin brought this change]

  SSH: added agent based authentication
  
  CURLSSH_AUTH_AGENT is a new auth type for SSH

- bump version to 7.28.0
  
  I am about to merge the first patch that adds changes into the pending
  release, and thus we bump the minor number.

- RELEASE-NOTES: added missing link

- curl_version: fixed Value stored to 'len' is never read
  
  Fixed this (harmless) clang-analyzer warning. Also fixed the source
  indentation level.

- TODO-RELEASE: the (nil) bug is fixed

- add_next_timeout: minor restructure of code
  
  By reading the ->head pointer and using that instead of the ->size
  number to figure out if there's a list remaining we avoid the (false
  positive) clang-analyzer warning that we might dereference of a null
  pointer.

- verbose messages: fixed output of hostnames in re-used connections
  
  I suspect this is a regression introduced in commit 207cf150, included
  since 7.24.0.
  
  Avoid showing '(nil)' as hostname in verbose output by making sure the
  hostname fixup function is called early enough to set the pointers that
  are used for this. The name data is set again for each request even for
  re-used connections to handle multiple hostnames over the same
  connection (like with proxy) or that the casing etc of the host name is
  changed between requests (which has proven to be important at least once
  in the past).
  
  Test1011 was modified to use a redirect with a re-used a connection
  since it then showed the bug and now lo longer does. There's currently
  no easy way to have the test suite detect 'nil' texts in verbose ouputs
  so no tests will detect if this problem gets reintroduced.
  
  Bug: http://curl.haxx.se/mail/lib-2012-07/0111.html
  Reported by: Gisle Vanem

- [Nick Zitzmann brought this change]

  metalink: Un-broke the build when building --with-darwinssl

Guenter Knauf (8 Aug 2012)
- Fix some compiler warnings.

Daniel Stenberg (8 Aug 2012)
- TODO-RELEASE: two bugs fixed
  
  These are now addressed:
  
  323 - patch - select.c / Curl_socket_check() interrupted
  
  325 - Avoid leak of local device string when reusing connection

- curl.1: minor format fix for --data-ascii
  
  ... and removal of trailing whitespace on a single line

- [Ant Bryan brought this change]

  curl man page cleanup

- [Mike Crowe brought this change]

  Avoid leak of local device string when reusing connection
  
  Ensure that the copy of the CURLOPT_INTERFACE string is freed if we
  decide we can reuse an existing connection.

- Curl_socket_check: fix timeout return value for select users
  
  This is the same fix applied for the conditional code that uses select()
  that was already done for the poll specific code in commit
  b61e8b81f5038.

- [Maxime Larocque brought this change]

  Curl_socket_check: fix return code for timeout
  
  We found a problem with ftp transfer using libcurl (7.23 and 7.25)
  inside an application which is receiving unix signals (SIGUSR1,
  SIGUSR2...) almost continuously. (Linux 2.4, PowerPC, HAVE_POLL_FINE
  defined).
  
  Curl_socket_check() uses poll() to wait for the socket, and retries it
  when a signal is received (EINTR). However, if a signal is received and
  it also happens that the timeout has been reached, Curl_socket_check()
  returns -1 instead of 0 (indicating an error instead of a timeout).
  
  In our case, the result is an aborted connection even before the ftp
  banner is received from the server, and a return value of
  CURLE_OUT_OF_MEMORY from curl_easy_perform() (Curl_pp_multi_statemach(),
  in pingpong.c, actually returns OOM if Curl_socket_check() fails :-)
  Funny to debug on a system on which OOM is a possible cause).
  
  Bug: http://curl.haxx.se/mail/lib-2012-07/0122.html

- RELEASE-NOTES: synced with b4a558041fdf65c0

- TODO-RELEASE: fixed another bug
  
  bug #3544688 "crash during retry with libcurl and SFTP"

- WSAPoll: disabled on all windows builds
  
  Due to WSAPoll bugs, libcurl does not work as intended. When the cURL
  library is used to setup a connection to an incorrect port, normally the
  result is CURLE_COULDNT_CONNECT, /* 7 */, but due to the bug in WSAPoll,
  the result now is CURLE_OPERATION_TIMEDOUT, /* 28 - the timeout time was
  reached */.
  
  On August 1, Jan Koen Annot opened a case for this to Microsoft Premier
  Online (https://premier.microsoft.com/).  The support engineer handling
  the case wrote that the case description is quite clear.  He will try to
  reproduce the issue and then proceed with troubleshooting it.
  
  Reported by: Jan Koen Annot
  Bug: http://curl.haxx.se/mail/lib-2012-07/0310.html

- retry request: only access the HTTP data if in fact HTTP
  
  When figuring out if the data stream needs to be rewound when the
  request is to be resent, we must not access the HTTP struct unless the
  protocol used is indeed HTTP...
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3544688

- TODO: support DANE, we already support gnutls without gcrypt

- curl-config: parentheses fix
  
  Braces, not parentheses, should be used for shell variable names.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3551460
  Reported by: Edward Sheldrake

- VC build: add define for openssl
  
  This fixes a build failure of lib/ssluse.c.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3552997

- TODO-RELEASE: two bugs fixed!

- globbing: fix segfault when >9 globs were used
  
  Stupid lack of range checks caused the code to overwrite local variables
  after glob number nine. Added checks now.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3546353

- [Joe Mason brought this change]

  sws: close sockets properly
  
  Fix a bug where closed sockets (fd -1) were left in the all_sockets
  list, because of missing parens in a pointer arithmetic expression
  
  Reenable the tests that were locking up due to this bug.

- [Joe Mason brought this change]

  Remove debug logs that were accidentally checked in

- [Joe Mason brought this change]

  Use select in sws, which has better cross-platform support than poll

- [Joe Mason brought this change]

  Use cross-platform curlx_nonblock instead of fcntl in sws

- operate: fix clang-analyzer warnings for never read variables
  
  Two separate "Value stored to 'XXX' is never read" warnings

- operate: fix clang-analyzer warning
  
  Value stored to 'separator' is never read

- metalink: change code order to build with gnutls-nettle
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3554668
  Reported by: Anthony G. Basile

- gtls: fix build failure by including nettle-specific headers
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3554668
  Reported by: Anthony G. Basile

Guenter Knauf (6 Aug 2012)
- Fixed compiler warning - argument is type long.

Daniel Stenberg (6 Aug 2012)
- DISABLED: disable the new tests that do NTLM
  
  The tests 2025, 2028 and 2031 don't work for me so I'll have them
  disabled for now until we solve the problem.

Joe Mason (3 Aug 2012)
- Add tests of auth retries

- Cleanup handshake after clean NTLM failure

- Zero out auth structs before transfer

- Add a polling loop in main to read from more than one socket at once. Add the O_NONBLOCK and
  SO_KEEPALIVE flag to all sockets. Note that several loops which used to continue on a return value
  of 0 (theoretical since 0 would never be returned without O_NONBLOCK) now break on 0 so that they
  won't continue reading until after poll is called again.

- Change return values of get_request, accept_connection and service_connection to add a return code
  for non-blocking sockets: now -1 means error or connection finished, 1 means data was read, and 0
  means there is no data available now so need to wait for poll (new return value)

- Hoist the loop out of get_request, and make sure that it can be reentered when a request is
  half-finished.
  
  Note the the req struct used to be re-initialized AFTER reading pipeline data, so now that we
  initialize it from the caller we must be careful not to overwrite the pipeline data.
  
  Also we now need to handle the case where the buffer is already full when get_request is called -
  previously this never happened as it was always called with an empty buffer and looped until done.
  
  Now get_request is called in a loop, so the next step is to run the loop on a socket only when poll
  signals it is readable.

- Move blocks of code from the sws main loop into their own functions for easier refactoring later.
  The next step will be to call the correct function after a poll, rather than looping unconditionally

- Remove the --fork option of sws, since it makes refactoring to use poll more complicated and should
  be redundant once we poll

Kamil Dudka (30 Jul 2012)
- file: use fdopen() for uploaded files if available
  
  It eliminates noisy events when using inotify and fixes a TOCTOU issue.
  
  Bug: https://bugzilla.redhat.com/844385

Guenter Knauf (29 Jul 2012)
- Added DWANT_IDN_PROTOTYPES define for MSVC too.
  
  Discussion on the list: http://curl.haxx.se/mail/lib-2012-07/0271.html

- Added Win32 problems.

- Added hint to read docs/INSTALL too.

- Added new file to distro.

Steve Holme (28 Jul 2012)
- TODO: Updated after 7.27.0 release
  
  Removed APOP and SASL authentication from the POP3 section and metalink
  support from the client section as these features were implemented in
  this release.
  
  Moved adding gssapi to SASL into it's own section rather than repeat it
  for each protocol.

Daniel Stenberg (28 Jul 2012)
- TODO-RELEASE: updated after 7.27.0 release

- THANKS: 12 new contributors from the 7.27.0 release

- version bump: start towards next release
  
  Let's call it 7.27.1 for now, but it it probably going to become 7.28.0
  when released.

Version 7.27.0 (27 Jul 2012)

Guenter Knauf (27 Jul 2012)
- Fixed compiler warning 'unused parameter'.

- Added prototypes to kill compiler warning.

- Added --with-winidn to configure.
  
  This needs another look from the configure experts. I tested that
  it works so far with MinGW64 cross-compiler; libcurl builds and
  links fine, but curl not yet ...

Daniel Stenberg (27 Jul 2012)
- [Ant Bryan brought this change]

  Update man page info on --metalink and typo.

- RELEASE-NOTES: remove mentioned of bug never in a release
  
  The --silent bug came with 7561a0fc834c435 which was never in a release.
  Pointed out by Kamil Dudka

- RELEASE-NOTES: synced with 33b815e894fb
  
  4 more bugfixes, 3 more contributors

Guenter Knauf (26 Jul 2012)
- Changed Windows IDN text to 'WinIDN'.
  
  Synced the output to the same short form as we now use for
  Windows SSL (WinSSL).

Daniel Stenberg (25 Jul 2012)
- [Nick Zitzmann brought this change]

  darwinssl: fixed freeze involving the multi interface
  
  Previously the curl_multi interface would freeze if darwinssl was
  enabled and at least one of the handles tried to connect to a Web site
  using HTTPS. Removed the "wouldblock" state darwinssl was using because
  I figured out a solution for our "would block but in which direction?"
  dilemma.

Guenter Knauf (25 Jul 2012)
- Added support for tls-srp to MinGW builds.

Daniel Stenberg (24 Jul 2012)
- curl_easy_setopt: fix typo
  
  Reported by: Santhana Todatry

- keepalive: multiply value for OS-specific units
  
  DragonFly uses milliseconds, while our API and Linux use full seconds.
  
  Reported by: John Marino
  Bug: http://curl.haxx.se/bug/view.cgi?id=3546257

Kamil Dudka (22 Jul 2012)
- http: print reason phrase from HTTP status line on error
  
  Bug: https://bugzilla.redhat.com/676596

- tool_operate: fix misplaced initialization of orig_noprogress
  
  ... and orig_isatty which caused --silent to be entirely ignored in case
  the standard output was redirected to a file!

Daniel Stenberg (21 Jul 2012)
- [Anton Yabchinskiy brought this change]

  Client's "qop" value should not be quoted (RFC2617, section 3.2.2).

Guenter Knauf (21 Jul 2012)
- Fixed typo.

Daniel Stenberg (20 Jul 2012)
- make: make distclean work again
  
  The clean-local hook needed some polish to make sure make distclean
  works. Added comment describing why.

- test Makefile: only feature 'unit' once in the list of dirs

Dan Fandrich (20 Jul 2012)
- Fixed some typos in documentation

Guenter Knauf (20 Jul 2012)
- Fixed CR issue with Win32 version on MSYS.
  
  Previous fix didnt work on Linux ...

- Fixed CR issue with Win32 version on MSYS.

- Fixed MSYS <-> Windows path convertion.
  
  Replaced the Windows real path from mount hack with a more
  reliable and simpler hack: the MSYS shell has a builtin pwd
  which understands a -W option which does convertion to Windows
  paths. Tested and confirmed that this works on all MSYS versions
  I have back to a 3 year old one.

- Follow-up fix to detect SSL libs with MinGW.
  
  1) the check for winssl needs to come before nss check
  2) the SSL checks must begin with a new if or else we will
  never find any SSL lib with MinGW.

- Tell git to not convert configure-related files.

- Trial to teach runtests.pl about WinSSL.

- Fixed warning 'uninitialized value in numeric gt'.
  
  This is a MSYS/MinGW-only warning; full warning text is:
  Use of uninitialized value in numeric gt (>) at ../../curl/tests/runtests.pl line 2227.

Daniel Stenberg (15 Jul 2012)
- RELEASE-NOTES: synced with 9d11716933616
  
  Fixed 6 bugs, added 3 contributors

- multi_runsingle: added precaution against easy_conn NULL pointer
  
  In many states the easy_conn pointer is referenced and just assumed to
  be working. This is an added extra check since analyzing indicates
  there's a risk we can end up in these states with a NULL pointer there.

- getparam: fix the GetStr() macro
  
  It should return PARAM_NO_MEM if the strdup fails. Spotted by
  clang-analyzer

Guenter Knauf (15 Jul 2012)
- Tell git to not convert configure-related files.

Daniel Stenberg (13 Jul 2012)
- parse_proxy: remove dead assignment
  
  Spotted by clang-analyzer

- ftp_do_more: add missing check of return code
  
  Spotted by clang-analyzer. The return code was never checked, just
  stored.

- getinfo: use va_end and cut off Curl_ from static funcs
  
  va_end() needs to be used after va_start() and we don't normally use
  Curl_ prefixes for purely static functions.

- [Philip Craig brought this change]

  Split up Curl_getinfo
  
  This avoids false positives from clang's scan-build.

Guenter Knauf (12 Jul 2012)
- Added error checking for curl_global_init().

- Added curl_global_* functions.

- Minor fixes to MinGW makefiles.

Daniel Stenberg (12 Jul 2012)
- docs: mention CURL_GLOBAL_DEFAULT

Guenter Knauf (12 Jul 2012)
- Added curl_global_* functions.

Daniel Stenberg (12 Jul 2012)
- tests: verify the stricter numeric option parser
  
  Test 1409 and 1410 verifies the stricter numeric option parser
  introduced the other day in commit f2b6ebed7b.

- SWS: use of uninitialized memory fix
  
  I made "connmon" not get initialized properly before use, and I use the
  big hammer and make sure we always clear the entire struct to avoid any
  problem like this in the future.

- test48: verify that HEAD doesn't close extra
  
  Two commits ago, we fixed a bug where the connction would be closed
  prematurely after a HEAD. Now I added connection-monitor to test 48 and
  added a second HEAD and make sure that both are sent over the same
  connection.
  
  This triggered a failure before the bug fix and now works. Will help us
  avoid a future regression of this kind.

- connection-monitor: always log disconnect when enabled
  
  This makes verifying easier and makes us more sure curl closes the
  connection only at the correct point in time. Adjusted test 206 and 1008
  accordingly and updated the docs for it.

- HEAD: don't force-close after response-headers
  
  A HEAD response has no body length and gets the headers like the
  corresponding GET would so it should not get closed after the response
  based on the same rules. This mistake caused connections that did HEAD
  to get closed too often without a valid reason.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3542731
  Reported by: Eelco Dolstra

Guenter Knauf (12 Jul 2012)
- Removed trailing empty strings from awk script.

- Cleaned up version awk script.

- Added project copyright header.

- Removed libcurl.imp from Makefile.am.
  
  Updated .gitignore for NetWare created files.

- Added missing dependency to export list.

- Fixed export list path.

- Changed NetWare build to generate export list.

- Added pointer to FAQ for linkage errors.

- Small NetWare makefile tweak.

- Changed MinGW makefiles to use WINSSL now.

Daniel Stenberg (10 Jul 2012)
- test231: fix wrong -C use!

- cmdline: parse numerical options stricter
  
  1 - str2offset() no longer accepts negative numbers since offsets are by
  nature positive.
  
  2 - introduced str2unum() for the command line parser that accepts
  numericals which are not supposed to be negative, so that it will
  properly complain on apparent bad uses and mistakes.
  
  Bug: http://curl.haxx.se/mail/archive-2012-07/0013.html

- docs: switch to proper UTF-8 for text file encoding

Yang Tse (9 Jul 2012)
- Make Curl_schannel_version() return "WinSSL"
  
  Modification based on voting result:
  
  http://curl.haxx.se/mail/lib-2012-07/0104.html

Daniel Stenberg (9 Jul 2012)
- test 46: use different path lengths to get reliable sort order
  
  Since the order of the cookies is sorted by the length of the paths,
  having them on the same path length will make the test depend on what
  order the qsort() implementation will put them. As seen in the
  windows/msys output posted by Guenter in this posting:
  http://curl.haxx.se/mail/lib-2012-07/0105.html

- cookie: fixed typo in comment

- [Christian Hägele brought this change]

  https_getsock: provided for schannel backend as well
  
  The function https_getsock was only implemented properly when USE_SSLEAY
  or USE_GNUTLS is defined, but it is also necessary for USE_SCHANNEL.
  
  The problem occurs when Curl_read_plain or Curl_write_plain returns
  CURLE_AGAIN. In that case CURL_OK is returned to the multi-interface an
  the used socket is set to state CURL_POLL_REMOVE and the easy-state is
  set to CURLM_STATE_PROTOCONNECT. This is fine, because later the socket
  should be set to CURL_POLL_IN or CURL_POLL_OUT via multi_getsock. That's
  where https_getsock is called and doesn't return any sockets.

- RELEASE-NOTES: added a URL reference to cookie docs

Guenter Knauf (8 Jul 2012)
- Removed obsolete include path to project root.

Daniel Stenberg (8 Jul 2012)
- TODO-RELEASE: issue 316 NTLM over proxy is fixed

- [Nick Zitzmann brought this change]

  darwinssl: don't use arc4random_buf
  
  Re-wrote Curl_darwinssl_random() to not use arc4random_buf() because the
  function is not available prior to iOS 4.3 and OS X 10.7.

- KNOWN_BUGS: #80 Curl doesn't recognize certs in DER format

- KNOWN_BUGS: #79 - any RCPT TO failure makes and error

Marc Hoersken (8 Jul 2012)
- winbuild: Aligned BUILD.WINDOWS.txt and Makefile.vc usage help

- winbuild: Make USE_WINSSL depend on USE_SSPI
  
  Since WinSSL cannot be build without SSPI being enabled,
  USE_WINSSL now defaults to the value of USE_SSPI.
  
  The makefile does now raise an error if WinSSL is enabled
  while SSPI is disabled.

- winbuild: Aligned USE_SSPI with other USE_x defines
  
  Renamed external parameter USE_SSPI = yes/no to ENABLE_SSPI = yes/no.
  Backwards compatible change: USE_SSPI can still be passed as external
  parameter with yes/no value as long as ENABLE_SSPI is not given.
  
  USE_x defines are passed around with true/false values internally,
  USE_SSPI is now aligned to this approach, but still accepts external
  values yes/no being passed, just like the other defines.

- winbuild: Clean up formatting and variable naming
  
  - Changed space usage to line up with the whole file
  - Renamed CFLAGS_SSPI/IPV6 to SSPI/IPV6_CFLAGS to be
    consistent with the other CFLAGS_x variables
  - Make use of existing CFLAGS_IPV6 (previously IPV6_CFLAGS)
    instead of appending directly to CFLAGS

Daniel Stenberg (7 Jul 2012)
- [Nick Zitzmann brought this change]

  darwinssl: output cipher with text, remove SNI warning
  
  The code was printing a warning when SNI was set up successfully. Oops.
  
  Printing the cipher number in verbose mode was something only TLS/SSL
  programmers might understand, so I had it print the name of the cipher,
  just like in the OpenSSL code. That'll be at least a little bit easier
  to understand. The SecureTransport API doesn't have a method of getting
  a string from a cipher like OpenSSL does, so I had to generate the
  strings manually.

- RELEASE-NOTES: synced with 5a99bce07d

- KNOWN_BUGS: NTLM with unicode works with schannel/winssl!
  
  Bug #75 updated with additional info, still remains for builds with
  other backends.

- code police: narrow source to < 80 columns

Yang Tse (5 Jul 2012)
- unicode NTLM SSPI: cleanup follow-up

- unicode NTLM SSPI: cleanup
  
  Reduce the number of #ifdef UNICODE directives used in source files.

Daniel Stenberg (5 Jul 2012)
- tests: use connection-monitor and verify results
  
  Test 1008 and 206 don't show the disconnect since it happens when SWS
  awaits a new request, but 503 does and so the verify section needs that
  string added.

- http-proxy: keep CONNECT connections alive (for NTLM)
  
  When doing CONNECT requests, libcurl must make sure the connection is
  alive as much as possible. NTLM requires it and it is generally good for
  other cases as well.
  
  NTLM over CONNECT requests has been broken since this regression I
  introduced in my CONNECT cleanup commits that started with 41b02378342,
  included since 7.25.0.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3538625
  Reported by: Marcel Raad

- sws: support <servercmd> for CONNECT requests
  
  I moved out the servercmd parsing into a its own function called
  parse_servercmd() and made sure it gets used also when the test number
  is extracted from CONNECT requests. It turned out sws didn't do that
  previously!

- FILEFORMAT: provided a full description of connection-monitor

- lib503: enable verbose to ease debugging this

- sws: add 'connection-monitor' command support
  
  Using this, the server will output in the protocol log when the
  connection gets disconnected and thus we will verify correctly in the
  test cases that the connection doesn't get closed prematurely. This is
  important for example NTLM to work.
  
  Documentation added to FILEFORMAT, test 503 updated to use this.

Guenter Knauf (4 Jul 2012)
- Removed non-used variable.

- Added error checking for samples.

- Renamed vars to avoid shadow global declaration.

Daniel Stenberg (3 Jul 2012)
- docs: clarify how to start with curl_multi_socket_action
  
  Mention the CURL_SOCKET_TIMEOUT argument in step 6 of the typical
  application.

Guenter Knauf (3 Jul 2012)
- Moved some patterns to subfolder's .gitignore.

- Merge branch 'master' of ssh://github.com/bagder/curl

- MinGW makefile tweaks for running from sh.
  
  Added function macros to make path converting easier.
  Added CROSSPREFIX to all compile tools.

Yang Tse (3 Jul 2012)
- [Marc Hoersken brought this change]

  curl_ntlm_msgs.c: Removed unused variable passwd

Guenter Knauf (3 Jul 2012)
- Added files generated by mingw32, eclipse and VC.
  
  Posted by Marc Hoersken.

Daniel Stenberg (3 Jul 2012)
- cookies: change the URL in the cookie jar file header

- HTTP-COOKIES: clarified and modified layout

- HTTP-COOKIES: use the FAQ document layout

- HTTP-COOKIES: added cookie documentation

Yang Tse (3 Jul 2012)
- curl_ntlm_msgs.c: include <tchar.h> for prototypes

- [Neil Bowers brought this change]

  testcurl.pl: fix missing semicolon

Daniel Stenberg (2 Jul 2012)
- [Christian Hägele brought this change]

  unicode NTLM SSPI: heap corruption fixed
  
  When compiling libcurl with UNICODE defined and using unicode characters
  in username.

Yang Tse (2 Jul 2012)
- testcurl.pl: allow non in-tree c-ares enabled autobuild

- configure.ac: verify that libmetalink is new enough
  
  Enabling test2017 to test2022.

- [Tatsuhiro Tsujikawa brought this change]

  curl: Added runtime version check for libmetalink

- [Tatsuhiro Tsujikawa brought this change]

  Include metalink/metalink.h for libmetalink functions

Daniel Stenberg (2 Jul 2012)
- errors: CURLM_CALL_MULTI_PERFORM is not returned anymore

- release: cleaned up plans for this and coming release

Yang Tse (29 Jun 2012)
- curl-compilers.m4: remove -Wstrict-aliasing=3 from clang
  
  Currently it is unknown if there is any version of clang that
  actually supports -Wstrict-aliasing. What is known is that there
  are several that don't support it.

- test2017 to test2022: more metalink tests
  
  With this commit, checks done in previous test2017 are now done in test2018.
  
  Whole range test2017 to test2022 DISABLED until configure is capable of
  requiring a new-enough metalink library.
  
  Don't try these without mentioned check in place!

- test2005 to test2016: improve failure detection

- lib582.c: fix conversion warning

- nss.c: #include warnless.h for curlx_uztosi and curlx_uztoui prototypes

- [Marc Hoersken brought this change]

  nss.c: Fixed size_t conversion warnings

- sslgen.c: cleanup temporary compile-time SSL-backend check

Daniel Stenberg (28 Jun 2012)
- schannel: provide two additional (dummy) API defines

Yang Tse (28 Jun 2012)
- [Tatsuhiro Tsujikawa brought this change]

  Metalink: message updates
  
  Print "parsing (...) OK" only when no warnings are generated.  If
  no file is found in Metalink, treat it FAILED.
  
  If no digest is provided, print WARNING in parse_metalink().
  Also print validating FAILED after download.
  
  These changes make tests 2012 to 2016 pass.

Daniel Stenberg (27 Jun 2012)
- sslgen: avoid compiler error in SSPI builds

Yang Tse (27 Jun 2012)
- ssluse.c: fix compiler warning: conversion to 'int' from 'size_t'
  
  Reported by Tatsuhiro Tsujikawa
  
  http://curl.haxx.se/mail/lib-2012-06/0371.html

- sslgen.c: add compile-time check for SSL-backend completeness

- build: add our standard includes to curl_darwinssl.c and curl_multibyte.c

- build: add curl_schannel and curl_darwinssl files to other build systems

- tests: add five more Metalink test cases

- tests: update Metalink message format

- [Tatsuhiro Tsujikawa brought this change]

  Metalink: updated message format

- [Nick Zitzmann brought this change]

  DarwinSSL: allow using NTLM authentication
  
  Allow NTLM authentication when building using SecureTransport (Darwin) for SSL.
  
  This uses CommonCrypto, a cryptography library that ships with all versions of
  iOS and Mac OS X. It's like OpenSSL's libcrypto, except that it's missing a few
  less-common cyphers and doesn't have a big number data structure.

- curl_darwinssl.h: add newline at end of file

Daniel Stenberg (26 Jun 2012)
- ossl_seed: remove leftover RAND_screen check
  
  Before commit 2dded8fedba (dec 2010) there was logic that used
  RAND_screen() at times and now I remove the leftover #ifdef check for
  it.
  
  The seeding code that uses Curl_FormBoundary() in ossl_seed() is dubious
  to keep since it hardly increases randomness but I fear I'll break
  something if I remove it now...

Yang Tse (26 Jun 2012)
- [Nick Zitzmann brought this change]

  DarwinSSL: several adjustments
  
  - Renamed st_ function prefix to darwinssl_
  - Renamed Curl_st_ function prefix to Curl_darwinssl_
  - Moved the duplicated ssl_connect_done out of the #ifdef in lib/urldata.h
  - Fixed a teensy little bug that made non-blocking connection attempts block
  - Made it so that it builds cleanly against the iOS 5.1 SDK

- curl-compilers.m4: -Wstrict-aliasing=3 for warning enabled gcc and clang builds

- [Marc Hoersken brought this change]

  sockaddr.h: Fixed dereferencing pointer breakin strict-aliasing
  
  Fixed warning: dereferencing pointer does break strict-aliasing rules
  by using a union inside the struct Curl_sockaddr_storage declaration.

Daniel Stenberg (26 Jun 2012)
- SSL cleanup: use crypto functions through the sslgen layer
  
  curl_ntlm_msgs.c would previously use an #ifdef maze and direct
  SSL-library calls instead of using the SSL layer we have for this
  purpose.

- [Nick Zitzmann brought this change]

  darwinssl: add support for native Mac OS X/iOS SSL

- RELEASE-NOTES: link to more metalink info

- RELEASE-NOTES: synced with d025af9bb576

Yang Tse (25 Jun 2012)
- curl_schannel.c: Remove redundant NULL assignments following Curl_safefree()

- [Marc Hoersken brought this change]

  curl_schannel.c: Replace free() with Curl_safefree()

- [Tatsuhiro Tsujikawa brought this change]

  curl.1: Updated Metalink description in man page
  
  Documented that --include will be ignored if both --metalink
  and --include are specified.
  Also documented that a Metalink file in the local file system
  cannot be used if FILE protocol is disabled.

Steve Holme (24 Jun 2012)
- DOCS: Added clarification to CURLOPT_CUSTOMREQUEST for the POP3 protocol
  
  Bug: http://curl.haxx.se/mail/lib-2012-06/0302.html
  Reported by: Nagai H

- smtp: Corrected result code for MAIL, RCPT and DATA commands
  
  Bug: http://curl.haxx.se/mail/lib-2012-06/0094.html
  Reported by: Dan

Daniel Stenberg (24 Jun 2012)
- [Ghennadi Procopciuc brought this change]

  test: Added test HTTP receive cookies over IPv6

Yang Tse (22 Jun 2012)
- tests: add another Metalink test case

- [Tatsuhiro Tsujikawa brought this change]

  tests: Enable test2010 and fixed hash value

- [Tatsuhiro Tsujikawa brought this change]

  Metalink: ignore --include if --metalink is used.
  
  Including headers in response body will break Metalink XML parser.
  If it is included in the file described in Metalink XML, hash check
  will fail. Therefore, --include should be ignored if --metalink is
  used.

- tests: add six Metalink test cases

- test 2005: add verification of hash checking outcome

- getpart.pm: remove misleading comment

- [Tatsuhiro Tsujikawa brought this change]

  curl: Prefixed all Metalink related messages with "Metalink: "

- [Tatsuhiro Tsujikawa brought this change]

  tests: Added Metalink test case # 2005

- [Tatsuhiro Tsujikawa brought this change]

  curl: Restore noprogress and isatty config values.
  
  The noprogress and isatty in Configurable are global, in a sense
  that they persist in one curl invocation. Currently once one
  download writes its response data to tty, they are set to FALSE
  and they are not restored on successive downloads.  This change
  first backups the current noprogress and isatty, and restores
  them when download does not write its data to tty.

- [Tatsuhiro Tsujikawa brought this change]

  curl: Made --metalink option toggle Metalink functionality
  
  In this change, --metalink option no longer takes argument.  If
  it is specified, given URIs are processed as Metalink XML file.
  If given URIs are remote (e.g., http URI), curl downloads it
  first. Regardless URI is local file (e.g., file URI scheme) or
  remote, Metalink XML file is not written to local file system and
  the received data is fed into Metalink XML parser directly.  This
  means with --metalink option, filename related options like -O
  and -o are ignored.
  
  Usage examples:
  
  $ curl --metalink http://example.org/foo.metalink
  
  This will download foo.metalink and parse it and then download
  the URI described there.
  
  $ curl --metalink file://foo.metalink
  
  This will parse local file foo.metalink and then download the URI
  described there.

- [Tatsuhiro Tsujikawa brought this change]

  curl: Refactored metalink_checksum
  
  When creating metalink_checksum from metalink_checksum_t, first
  check hex digest is valid for the given hash function.  We do
  this check in the order of digest_aliases so that first good
  match will be chosen (strongest hash function available).  As a
  result, the metalinkfile now only contains at most one
  metalink_checksum because other entries are just redundant.

- [Gisle Vanem brought this change]

  tool_doswin.c: fix djgpp function _use_lfn() used without a prototype
  
  http://curl.haxx.se/mail/archive-2012-06/0028.html

- build: fix RESOURCE bug in lib/Makefile.vc*
  
  Removed two, not intended to exist, RESOURCE declarations.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3535977
  
  And sorted configuration hunks to reflect same internal order
  as the one shown in the usage message.

Daniel Stenberg (20 Jun 2012)
- [Marc Hoersken brought this change]

  schannel: Implement new buffer size strategy
  
  Increase decrypted and encrypted cache buffers using limitted
  doubling strategy. More information on the mailinglist:
  http://curl.haxx.se/mail/lib-2012-06/0255.html
  
  It updates the two remaining reallocations that have already been there
  and fixes the other one to use the same "do we need to increase the
  buffer"-condition as the other two.  CURL_SCHANNEL_BUFFER_STEP_SIZE was
  renamed to CURL_SCHANNEL_BUFFER_FREE_SIZE since that is actually what it
  is now.  Since we don't know how much more data we are going to read
  during the handshake, CURL_SCHANNEL_BUFFER_FREE_SIZE is used as the
  minimum free space required in the buffer for the next operation.
  CURL_SCHANNEL_BUFFER_STEP_SIZE was used for that before, too, but since
  we don't have a step size now, the define was renamed.

Yang Tse (20 Jun 2012)
- schannel SSL: fix compiler warning

- [Mark Salisbury brought this change]

  schannel SSL: fix for renegotiate problem
  
  In schannel_connect_step2() doread should be initialized based
  on connssl->connecting_state.

- [Tatsuhiro Tsujikawa brought this change]

  runtests.pl: make it support metalink feature

- getpart.pm: make test definition section/part parser more robust
  
  Test definition section parts which needed to include xml-lingo as contents
  of that part required that the xml-blurb was written as a single line. Now the
  xml-data inside the part can be written multiline making it more readable.
  
  Tested with <client><file> part which is written to disk before <command> runs.

Daniel Stenberg (20 Jun 2012)
- schannel_connect_step2: checksrc whitespace fix

Yang Tse (20 Jun 2012)
- [Mark Salisbury brought this change]

  schannel SSL: changes in schannel_connect_step2
  
  Process extra data buffer before returning from schannel_connect_step2.
  Without this change I've seen WinCE hang when schannel_connect_step2
  returns and calls Curl_socket_ready.
  
  If the encrypted handshake does not fit in the intial buffer (seen with
  large certificate chain), increasing the encrypted data buffer is necessary.
  
  Fixed warning in curl_schannel.c line 1215.

- [Mark Salisbury brought this change]

  config-win32ce.h: WinCE config adjustment
  
  process.h is not present on WinCE

- [Mark Salisbury brought this change]

  schannel SSL: Made send method handle unexpected cases better
  
  Implemented timeout loop in schannel_send while sending data.  This
  is as close as I think we can get to write buffering; I put a big
  comment in to explain my thinking.
  
  With some committer adjustments

Daniel Stenberg (19 Jun 2012)
- [Marc Hoersken brought this change]

  curl_schannel.c: Avoid unnecessary realloc calls to reduce buffer size

Yang Tse (19 Jun 2012)
- [Mark Salisbury brought this change]

  schannel SSL: Use standard Curl read/write methods
  
  Replaced calls to swrite with Curl_write_plain and calls to sread
  with Curl_read_plain.
  
  With some committer adjustments

- schannel SSL: make wording of some trace messages better reflect reality

Daniel Stenberg (19 Jun 2012)
- [Marc Hoersken brought this change]

  curl_schannel.h: Use BUFSIZE as the initial buffer size if available
  
  Make the Schannel implementation use libcurl's default buffer size
  for the initial received encrypted and decrypted data cache buffers.
  The implementation still needs to handle more data since more data
  might have already been received or decrypted during the handshake
  or a read operation which needs to be cached for the next read.

Guenter Knauf (19 Jun 2012)
- Fixed NetWare makefile broken from last commit.

Yang Tse (19 Jun 2012)
- [Mark Salisbury brought this change]

  schannel SSL: Implemented SSL shutdown
  
  curl_schannel.c - implemented graceful SSL shutdown.  If we fail to
  shutdown the connection gracefully, I've seen schannel try to use a
  session ID for future connects and the server aborts the connection
  during the handshake.

- [Mark Salisbury brought this change]

  schannel SSL: certificate validation on WinCE
  
  curl_schannel.c - auto certificate validation doesn't seem to work
  right on CE.  I added a method to perform the certificate validation
  which uses CertGetCertificateChain and manually handles the result.

- [Mark Salisbury brought this change]

  schannel SSL: Added helper methods to simplify code
  
  Added helper methods InitSecBuffer() and InitSecBufferDesc() to make it
  easier to set up SecBuffer & SecBufferDesc structs.

Guenter Knauf (18 Jun 2012)
- Some more NetWare makefile tweaks for metalink.

Yang Tse (18 Jun 2012)
- tool_cb_see.c: WinCE build adjustment

- [Mark Salisbury brought this change]

  setup.h: WinCE build adjustment

- [Mark Salisbury brought this change]

  ftplistparser.c: do not compile if FTP protocol is not enabled

- Win32: downplay MS bazillion type synonyms game
  
  Avoid usage of some MS type synonyms to allow compilation with
  compiler headers that don't define these, using simpler synonyms.

Daniel Stenberg (15 Jun 2012)
- Curl_rtsp_parseheader: avoid useless malloc/free
  
  Coverity actually pointed out flawed logic in the previous call to
  Curl_strntoupper() where the code used sizeof() of a pointer to pass in
  a size argument. That code still worked since it only needed to
  uppercase 4 letters. Still, the entire malloc/uppercase/free sequence
  was pointless since the code has already matched the string once in the
  condition that starts the block of code.

- curl_share_setopt: use va_end()
  
  As spotted by Coverity, va_end() was not used previously. To make it
  used I took away a bunch of return statements and made them into
  assignments instead.

Yang Tse (15 Jun 2012)
- SSPI related code: Unicode support for WinCE - kill compiler warnings

- [Mark Salisbury brought this change]

  SSPI related code: Unicode support for WinCE - commit 46480bb9 follow-up

- build: add curl_multibyte files to build systems

- [Mark Salisbury brought this change]

  SSPI related code: Unicode support for WinCE
  
  SSPI related code now compiles with ANSI and WCHAR versions of security
  methods (WinCE requires WCHAR versions of methods).
  
  Pulled UTF8 to WCHAR conversion methods out of idn_win32.c into their own file.
  
  curl_sasl.c - include curl_memory.h to use correct memory functions.
  
  getenv.c and telnet.c - WinCE compatibility fix
  
  With some committer adjustments

Guenter Knauf (15 Jun 2012)
- Fixed typo.

Yang Tse (14 Jun 2012)
- winbuild/MakefileBuild.vc: convert line endings to DOS style
  
  As per request on mailing list: http://curl.haxx.se/mail/lib-2012-06/0222.html

- [Marc Hoersken brought this change]

  winbuild: Allow SSPI build with or without Schannel
  
  The changes introduced in commit 2bfa57bc32 are not enough
  to make it actually possible to use the USE_WINSSL option.
  Makefile.vc was not updated and the configuration name which is
  used in the build path did not match between both build files.
  
  This patch fixes those issues and introduces the following changes:
  
  - Replaced the -schannel name with -winssl in order to be consistent
  with the other options
  - Added ENABLE_WINSSL option to winbuild/Makefile.vc (default yes)
  - Changed winbuild/MakefileBuild.vc to set USE_WINSSL to true if
  USE_SSL is false and USE_WINSSL was not specified as a parameter
  - Separated WINSSL handling from SSPI handling to be consistent with
  the other options and their corresponding code path

- curl.1: 7.27.0 seems next release

- schannel: fix printf-style format strings

- Fix bad failf() and info() usage
  
  Calls to failf() are not supposed to provide trailing newline.
  Calls to infof() must provide trailing newline.
  
  Fixed 30 or so strings.

- schannel: fix unused parameter warnings

- schannel: fix comparisons between signed and unsigned

- schannel: fix discarding qualifier from pointer type

- schannel: fix shadowing of global declarations

- schannel: fix Curl_schannel_init() and Curl_schannel_cleanup() declarations

- [Gisle Vanem brought this change]

  urldata.h: fix cyassl/openssl/ssl.h build clash with wincrypt.h
  
  Building with CyaSSL failed compilation. Reason being that OCSP_REQUEST and
  OCSP_RESPONSE are enum values in CyaSSL and defines in <wincrypt.h> included
  via <winldap.h> in ldap.c.
  
  http://curl.haxx.se/mail/lib-2012-06/0196.html

- MakefileBuild.vc: Allow building without SSL
  
  In order to use Windows native SSL support define 'USE_WINSSL'

- configure: new option --with-winssl
  
  This option may be used to build curl/libcurl using SSL/TLS support provided
  by MS windows system libraries. Option is mutually exclusive with any other
  SSL library. Default value is --without-winssl.
  
  --with-winssl option implies --with-sspi option.
  
  Option meaningful only for Windows builds.

Guenter Knauf (13 Jun 2012)
- Changed Schannel string to SSL-Windows-native.
  
  This is more descriptive for the user who might
  not even know what schannnel is at all.

Yang Tse (13 Jun 2012)
- schannel: remove version number and identify its use with 'schannel' literal
  
  Version number is removed in order to make this info consistent with
  how we do it with other MS and Linux system libraries for which we don't
  provide this info.
  
  Identifier changed from 'WinSSPI' to 'schannel' given that this is the
  actual provider of the SSL/TLS support. libcurl can still be built with
  SSPI and without SCHANNEL support.

Daniel Stenberg (12 Jun 2012)
- singlesocket: remove dead code
  
  No need to check if 'entry' is non-NULL in a spot where it is already checked
  and guaranteed to be non-NULL.
  
  (Spotted by a Coverity scan)

- netrc: remove dead code
  
  Remove two states from the enum and the corresponding code for them as
  these states were never reached or used.
  
  (Spotted by a Coverity scan)

Yang Tse (12 Jun 2012)
- Revert "connect.c/ftp.c: Fixed dereferencing pointer breakin strict-aliasing"
  
  This reverts commit 9c94236e6cc078a0dc5a78b6e2fefc1403e5375e.
  
  It didn't server its purpose, so lets go back to long-time working code.

- socks_sspi.c: further cleanup

- [Marc Hoersken brought this change]

  socks_sspi.c: Clean up and removal of obsolete minor status
  
  Removed obsolete minor status variable and parameter of status function
  which was never used or set at all. Also Curl_sspi_strerror does support
  only one status and there is no need for a second sub status.

Guenter Knauf (12 Jun 2012)
- Removed trailing whitespaces.

Yang Tse (12 Jun 2012)
- strerror.c: make Curl_sspi_strerror() always return code for errors

- curl_sspi.h: provide sspi status definitions missing in old headers

- sspi: make Curl_sspi_strerror() libcurl's sspi status code string function

- sspi: make Curl_sspi_strerror() libcurl's sspi status code string function

Daniel Stenberg (11 Jun 2012)
- Revert: 634f7cfee40d4658 partially
  
  Make sure CURL_VERSION_SSPI is present and works as in previous releases
  for ABI and API compatibility reasons.

- checksrc: shorten a few lines to comply

- cleanup: remove trailing whitespace

- [Marc Hoersken brought this change]

  winbuild: Removed WITH_SSL=schannel and tie schannel to SSPI
  
  Removed specific WITH_SSL=schannel paramter that did not fit the general
  schema and complicated the parameters. For now Schannel will be enabled
  if SSPI is enabled and OpenSSL is disabled.

- [Steve Holme brought this change]

  Makefile.vc6: Added version.lib if built with SSPI

- [Marc Hoersken brought this change]

  winbuild: Updated winbuild scripts to add schannel

- [Marc Hoersken brought this change]

  mingw32: Fixed warning of USE_SSL being redefined

- [Marc Hoersken brought this change]

  sspi: Fixed incompatible parameter pointer type in Curl_sspi_version

- [Marc Hoersken brought this change]

  sspi: Updated RELEASE-NOTES, FEATURES and THANKS

- [Marc Hoersken brought this change]

  setup.h: Automatically define USE_SSL if USE_SCHANNEL is defined

- [Marc Hoersken brought this change]

  version: Replaced SSPI feature information with version string details
  
  Added Windows SSPI version information to the curl version string when
  SCHANNEL SSL is not enabled, as the version of the library should also
  be included when SSPI is used to generate security contexts.
  
  Removed SSPI from the feature list as the features are GSS-Negotiate,
  NTLM and SSL depending on the usage of the SSPI library.

- [Steve Holme brought this change]

  sspi.c: Post Curl_sspi_version() rework code tidy up
  
  Removed duplicate blank lines.
  Removed spaces between the not and test in various if statements.
  Removed explicit test of NULL in an if statement.
  Placed function returns on same line as function declarations.
  Replaced the use of curl_maprintf() with aprintf() as it is the
  preprocessor job to do this substitution if ENABLE_CURLX_PRINTF
  is set.

- [Steve Holme brought this change]

  sspi: Reworked Curl_sspi_version() to return version components
  
  Reworked the version function to return four version components rather
  than a string that has to be freed by the caller.

- [Guenter Knauf brought this change]

  configure.ac: Added -lversion if built with SSPI

- [Marc Hoersken brought this change]

  schannel: Code cleanup and bug fixes
  
  curl_sspi.c: Fixed mingw32-gcc compiler warnings
  curl_sspi.c: Fixed length of error code hex output
  
  The hex value was printed as signed 64-bit value on 64-bit systems:
  SEC_E_WRONG_PRINCIPAL (0xFFFFFFFF80090322)
  
  It is now correctly printed as the following:
  SEC_E_WRONG_PRINCIPAL (0x80090322)
  
  curl_sspi.c: Fallback to security function table version number
  Instead of reporting an unknown version, the interface version is used.
  
  curl_sspi.c: Removed SSPI/ version prefix from Curl_sspi_version
  curl_schannel: Replaced static buffer sizes with defined names
  curl_schannel.c: First brace when declaring functions on column 0
  curl_schannel.c: Put the pointer sign directly at variable name
  curl_schannel.c: Use structs directly instead of typedef'ed structs
  curl_schannel.c: Removed space before opening brace
  curl_schannel.c: Fixed lines being longer than 80 chars

- [Marc Hoersken brought this change]

  curl_sspi: Added Curl_sspi_version function
  
  Added new function to get SSPI version as string.
  Added required library version.lib to makefiles.
  Changed curl_schannel.c to use Curl_sspi_version.

- [Guenter Knauf brought this change]

  schannel: Updated mingw32 makefiles

- [Marc Hoersken brought this change]

  schannel: Replace ASCII specific code with general defines

- [Marc Hoersken brought this change]

  schannel: Added definitions which are missing in mingw32

- [Marc Hoersken brought this change]

  schannel: Moved interal struct types to urldata.h
  
  Moved type definitions in order to avoid inclusion loop

- [Marc Hoersken brought this change]

  schannel: Fixed compiler warnings about pointer type assignments

- [Marc Hoersken brought this change]

  schannel: Fixed critical typo in conditions and added buffer length checks

- [Marc Hoersken brought this change]

  sspi: Refactored socks_sspi and schannel to use same error message functions
  
  Moved the error constant switch to curl_sspi.c and added two new helper
  functions to curl_sspi.[ch] which either return the constant or a fully
  translated message representing the SSPI security status.
  Updated socks_sspi.c and curl_schannel.c to use the new functions.

- [Marc Hoersken brought this change]

  schannel: Added special shutdown check for Windows 2000 Professional
  
  Windows 2000 Professional:  Schannel returns SEC_E_OK instead
  of SEC_I_CONTEXT_EXPIRED. If the length of the output buffer
  is zero and the first byte of the encrypted packet is 0x15,
  the application can safely assume that the message was a
  close_notify message and change the return value to
  SEC_I_CONTEXT_EXPIRED.
  
  Connection shutdown does not mean that there is no data to read
  Correctly handle incomplete message and ask curl to re-read
  Fixed buffer for decrypted being to small
  Re-structured read condition to be more effective
  Removed obsolete verbose messages
  Changed memory reduction method to keep a minimum buffer of size 4096

- [Marc Hoersken brought this change]

  schannel: Implemented SSL/TLS renegotiation
  
  Updated TODO information and added related MSDN articles

- [Marc Hoersken brought this change]

  schannel: Save session credential handles in session cache

- [Marc Hoersken brought this change]

  schannel: Code cleanup

- [Marc Hoersken brought this change]

  schannel: Check for required context attributes

- [Marc Hoersken brought this change]

  schannel: Allow certificate and revocation checks being deactivated

- [Marc Hoersken brought this change]

  schannel: Added SSL/TLS support with Microsoft Windows Schannel SSPI

- [Marc Hoersken brought this change]

  http: Replaced specific SSL libraries list in https_getsock fallback

- [Marc Hoersken brought this change]

  connect.c/ftp.c: Fixed dereferencing pointer breakin strict-aliasing
  
  Fixed warning: dereferencing pointer does break strict-aliasing rules
  by using a union instead of separate pointer variables.
  Internal union sockaddr_u could probably be moved to generic header.
  Thanks to Paul Howarth for the hint about using unions for this.
  
  Important for winbuild: Separate declaration of sockaddr_u pointer.
  The pointer variable *sock cannot be declared and initialized right
  after the union declaration. Therefore it has to be a separate statement.

- [Marc Hoersken brought this change]

  curl_ntlm_msgs.c: Fixed passwdlen not being used and recalculated

Yang Tse (11 Jun 2012)
- tests: fix test definitions # 1355, 1363, 1385 and 1393
  
  -i without HTTP protocol shall not include headers in the output

Daniel Stenberg (10 Jun 2012)
- Curl_pgrsDone: return int and acknowledge return code
  
  Since Curl_pgrsDone() itself calls Curl_pgrsUpdate() which may return an
  abort instruction or similar we need to return that info back and
  subsequently properly handle return codes from Curl_pgrsDone() where
  used.
  
  (Spotted by a Coverity scan)

Steve Holme (10 Jun 2012)
- [Marc Hoersken brought this change]

  winbuild: Fixed environment variables being lost
  
  Fixed USE_IPV6 and USE_IDN not being passed
  from Makefile.vc to MakefileBuild.vc
  Fixed whitespace and formatting issues
  Fixed typo and format in help message

Guenter Knauf (9 Jun 2012)
- Added metalink support to NetWare builds.

Steve Holme (9 Jun 2012)
- smtp.c: Removed unused variable

- smtp: Post apop feature code tidy up

- pop3: Post apop feature code tidy up

- pop3: Added support for apop authentication

- pop3: Enhanced the extended authentication mechanism detection
  
  Enhanced the authentication type / mechanism detection in preparation
  for the introduction of APOP support.

- pop3.c: Fixed length of SASL check

Yang Tse (9 Jun 2012)
- Fixes allowing 26 more test cases in 1334 to 1393 range to succeed

- tests: fix test definitions # 1370 and 1371
  
  -J without -O shall not honor C-D filename

Daniel Stenberg (9 Jun 2012)
- OpenSSL: support longer certificate subject names
  
  Previously it would use a 256 byte buffer and thus cut off very long
  subject names. The limit is now upped to the receive buffer size, 16K.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3533045
  Reported by: Anthony G. Basile

Kamil Dudka (8 Jun 2012)
- ssl: fix duplicated SSL handshake with multi interface and proxy
  
  Bug: https://bugzilla.redhat.com/788526
  Reported by: Enrico Scholz

Daniel Stenberg (8 Jun 2012)
- tool_getparam.h: fix compiler error
  
  forward declare the Configurable struct

- metalink: restore some includes
  
  Commit eeeba1496cbca removed them and thus broke my Linux build

- openldap: OOM fixes
  
  when calloc fails, return error! (Detected by Fortify)
  
  Reported by: Robert B. Harris

Steve Holme (8 Jun 2012)
- sasl: Re-factored mechanism constants in preparation for APOP work

Yang Tse (8 Jun 2012)
- metalink: build fixes and adjustments II
  
  Additionally, make hash checking ability mandatory in order to allow metalink
  support in curl.
  
  A command line option could be introduced to skip hash checking at runtime,
  but the ability to check hashes should always be built-in when providing
  metalink support.

Guenter Knauf (8 Jun 2012)
- Added metalink support to MinGW builds.

Daniel Stenberg (7 Jun 2012)
- log2changes.pl: fix the Version output
  
  Previously it could easily wrongly get repeated

Yang Tse (7 Jun 2012)
- metalink: build fixes and adjustments I

Daniel Stenberg (7 Jun 2012)
- lib554.c: use curl_formadd() properly
  
  The length/size options take longs so make sure to pass on such types.
  
  Reported by: Neil Bowers
  Bug: http://curl.haxx.se/mail/lib-2012-06/0001.html

Steve Holme (7 Jun 2012)
- smtp.c: Re-factored the smtp_state_*_resp() functions
  
  Re-factored the smtp_state_*_resp() functions to 1) Match the constants
  that were refactored in commit 00fddba6727c, 2) To be more readable and
  3) To match their counterparties in pop3.c.

Yang Tse (7 Jun 2012)
- Fixes allowing HTTP test cases 1338, 1339, 1368 and 1369 to succeed

- tests 1364 to 1393: several -o filename -J -i -D combinations for HTTP and FTP

- tests 1348 to 1363: test definition polishing
  
  Verify that the "Saved to filename 'blabla'" message is only displayed when
  the 'blabla' filename being used _actually_ has been specified by the server
  in the Content-Disposition header.
  
  Use relative path for unintended file creation postcheck.

Steve Holme (6 Jun 2012)
- smtp: Re-factored the SMTP_AUTH* state machine constants
  
  Re-factored the SMTP_AUTH* constants, that are used by the state
  machine, to be clearer to read.

Guenter Knauf (6 Jun 2012)
- Added hint for pkg-config wrapper script.

- Updated Android section with recent NDK.
  
  The r7b had some bugs, and shouldnt be used.

Yang Tse (6 Jun 2012)
- Disable non-HTTP header related tests
  
  These now detect incompleate header data and fail

- tests 1348 to 1363: compleate header data part of test definition

- tests 1334 to 1363 revisited.
  
  Add a postcheck section to verify unintended file creation.
  
  Remove needless <file> checks in verify section. Renumbering where appropriate.

- tests: adjust file part behavior in test verify section.
  
  When a <file> part is now specified with no contents at all, this
  will actually verify that the specified file has no contents at all.
  Previously file contents would be ignored.

Steve Holme (5 Jun 2012)
- smtp.c: Removed whitespace

- pop3: Another small code tidy up
  
  Missed some comments that we identified during the SMTP tidy up earlier.

- smtp: Post authentication code tidy up
  
  Corrected lines longer than 78 characters.
  
  Removed unnecessary braces in smtp_state_helo_resp().
  
  Introduced some comments in data sending functions.
  
  Tidied up comments to match changes made in pop3.c.

Yang Tse (5 Jun 2012)
- tests 1348 to 1363: add a comma in test description

Steve Holme (5 Jun 2012)
- email: Removed duplicated header file

- sasl: Renamed Curl_sasl_decode_ntlm_type2_message()
  
  For consistency with other SASL based functions renamed this function
  to Curl_sasl_create_ntlm_type3_message() which better describes its
  usage.

- pop3: Post authentication code tidy up
  
  Corrected lines longer than 78 characters.
  
  Changed POP3_AUTH_FINAL to POP3_AUTH to match SMTP code now that the
  AUTH command is no longer sent on its own.
  
  Introduced some comments in data sending functions.
  
  Another attempt at trying to rational code and comment style.

- pop3: Added support for sasl digest-md5 authentication

Yang Tse (4 Jun 2012)
- sasl: add reference for curl_sasl

- Makefile.inc: tab adjustment

Daniel Stenberg (4 Jun 2012)
- pop3 tests: CAPA instead of AUTH
  
  After Steve's commit e336bc7c42c7340 test 1319 and 1407 need to check
  for CAPA instead of AUTH.

Steve Holme (4 Jun 2012)
- sasl: Added service parameter to Curl_sasl_create_digest_md5_message()
  
  Added a service type parameter to Curl_sasl_create_digest_md5_message()
  to allow the function to be used by different services rather than being
  hard coded to "smtp".

Yang Tse (4 Jun 2012)
- tests 1356 to 1363: several -O -J -i -D combinations with FTP protocol
  
  Currently 1356 to 1362 succeed but a write failure is logged in traceNNNN.
  
  Currently 1363 fails, so disabled for now.

Steve Holme (4 Jun 2012)
- tests: Updated pop3 tests for change in auth mechanism detection

- pop3: Changed the sasl mechanism detection from auth to capa
  
  Not all SASL enabled POP3 servers support the AUTH command on its own
  when trying to detect the supported mechanisms. As such changed the
  mechanism detection to use the CAPA command instead.

Daniel Stenberg (4 Jun 2012)
- curl_easy_setopt.3: proto updates + cleanups
  
  - For all *FUNCTION options, they now all show the complete prototype in
    the description. Previously some of them would just refer to a
    typedef'ed function pointer in the curl.h header.
  
  - I made the phrasing of that "Pass a pointer to a function that matches
    the following prototype" the same for all *FUNCTION option descriptions.
  
  - I removed some uses of 'should'. I think I sometimes over-use this
    word as in many places I actually mean MUST or otherwise more specific
    and not-so-optional synonyms.

Yang Tse (4 Jun 2012)
- tests 1348 to 1355: several -O -J -i -D combinations with FTP protocol
  
  Currently 1348 to 1354 succeed but a write failure is logged in traceNNNN.
  
  Currently 1355 fails, so disabled for now.

- tests 1346 to 1347: several -O -J -i -D combinations with HTTP protocol

Steve Holme (4 Jun 2012)
- sasl: Small code tidy up
  
  Reworked variable names in Curl_sasl_create_cram_md5_message() to match
  those in Curl_sasl_create_digest_md5_message() as they are more
  appropriate.

- sasl: Moved digest-md5 authentication message creation from smtp.c
  
  Moved the digest-md5 message creation from smtp.c into the sasl module
  to allow for use by other modules such as pop3.

- sasl: Small code tidy up before moving digest-md5 over
  
  Correction of comments and variable names.

- RELEASE-NOTES: Added missing addition of sasl login support

- pop3: Added support for sasl cram-md5 authentication

Daniel Stenberg (3 Jun 2012)
- Curl_sasl_create_plain_message: remove TAB

Steve Holme (3 Jun 2012)
- sasl: Small code tidy up
  
  Added some comments and removed an unreferenced variable.

- pop3.c: Added conditional compilation for NTLM function calls
  
  Added USE_NTLM condition compilation around the NTLM functions called
  from pop3_statemach_act() introduced in commit 69f7156ad96877.

- sasl: Moved cram-md5 authentication message creation from smtp.c
  
  Moved the cram-md5 message creation from smtp.c into the sasl module
  to allow for use by other modules such as pop3.

- pop3: Fixed an issue with changes introduced in commit c267c53017bc
  
  Because pop3_endofresp() is called for each line of data yet is not
  passed the line and line length, so we have to use the data pointed to
  by pp->linestart_resp which contains the whole packet, the mechanisms
  were being detected in one call yet the function would be called for
  each line of data.
  
  Using curl with verbose mode enabled would show that one line of data
  would be received in response to the AUTH command, before the AUTH
  <mechanism> command was sent to the server and then the next few lines
  of the original AUTH command would be displayed before the response from
  the AUTH <mechanism> command. This would then cause problems when
  parsing the CRAM-MD5 challenge data as extra data was contained in the
  buffer.
  
  Changed the parsing so that each line is checked for the mechanisms
  and the function returns FALSE until the whole of the AUTH response has
  been processed.

Daniel Stenberg (3 Jun 2012)
- version: bump to 7.27.0 for next release
  
  Due to new features

- RELEASE-NOTES: synced with c4e3578e4bf
  
  Also bumped the contributor number and next release is to become 7.27.0

- THANKS: 16 new contributors from the 7.26.0 release

Steve Holme (3 Jun 2012)
- DOCS: Fixed list in Section 18.2 not displaying correctly on web site

- DOCS: Corrected missed heading renumbering from commit 530675a1ad7

- DOCS: Added IMAP and LDAP sections
  
  Added new sections 11. IMAP and 12. LDAP to document adding SASL based
  authentication.
  
  Renumbered current sections 11 to 17 as 13 to 19.
  
  Additionally added 19.10 Add CURLOPT_MAIL_CLIENT option.

- sasl.c: Fix to avoid warnings introduced in commit d9ca9e9869e8
  
  Applied a fix to avoid warnings on systems where Curl_ntlm_sspi_cleanup()
  is just a nop.

- pop3.c:Corrected typo in commit 69ba0da8272d

- pop3: Fixed the issue of having to supply the user name for all requests
  
  Previously it wasn't possible to connect to POP3 and not specify the
  user name as a CURLE_ACCESS_DENIED error would be returned. This error
  occurred because USER would be sent to the server with a blank user name
  if no mailbox user was specified as the server would reply with -ERR.
  
  This wasn't a problem prior to the 7.26.0 release but with the
  introduction of custom commands the user and/or application developer
  might want to issue a CAPA command without having to log in as a
  specific mailbox user.
  
  Additionally this fix won't send the newly introduced AUTH command if no
  user name is specified.

- pop3.c: Small code tidy up
  
  Corrected lines exceeding 78 characters.
  
  Repositioned some comments and added extra clarity.

- sasl: Corrected variable names in comments and parameters

- pop3: Added support for sasl ntlm authentication

- sasl: Small comment style tidy up following ntlm commit

- sasl: Moved ntlm authentication message handling from smtp.c
  
  Moved the ntlm message creation and decoding from smtp.c into the sasl
  module to allow for use by other modules such as pop3.

- pop3: Added support for sasl login authentication

Yang Tse (1 Jun 2012)
- tests 1334 to 1345: several -O -J -i -D combinations with HTTP protocol

- tests: support test definitions with up to 5 file checks in <verify> section
  
  This is done introducing tags <file1> to <file4> besides existing <file> one,
  as well as corresponding <stripfile1> to <stripfile4> ones, that can be used
  in the <verify> section in the same way as the non-numbered ones.

Steve Holme (31 May 2012)
- sasl: Moved login authentication message creation from smtp.c
  
  Moved the login message creation from smtp.c into the sasl module
  to allow for use by other modules such as pop3.

- smtp.c: Reworked message encoding in smtp_state_authpasswd_resp()
  
  Rather than encoding the password message itself the
  smtp_state_authpasswd_resp() function now delegates the work to the same
  function that smtp_state_authlogin_resp() and smtp_authenticate() use
  when constructing the encoded user name.

- smtp.c: Re-factored smtp_auth_login_user() for use with passwords
  
  In preparation for moving to the SASL module re-factored the
  smtp_auth_login_user() function to smtp_auth_login() so that it can be
  used for both user names and passwords as sending both of these under
  the login authentication mechanism is the same.

- pop3: Added support for sasl plain text authentication

- curl_ntlm_msgs.c: Corrected small spelling mistake in comments

- sasl: Moved plain text authentication message creation from smtp.c
  
  Moved the plain text message creation from smtp.c into the sasl module
  to allow for use by other modules such as pop3.

Yang Tse (30 May 2012)
- configure: fix LDAPS disabling related misplaced closing parenthesis

- pop3 test server: allow pop3 test server verification to succeed again
  
  Introduce SUPPORTCAPA and SUPPORTAUTH config commands to allow further
  pop3 test server expansion for tests that require CAPA or AUTH support,
  although this will need some extra work to make it fully functional.

Steve Holme (28 May 2012)
- pop3: Introduced the continue response in pop3_endofresp()

- pop3: Changed response code from O and E to + and -
  
  The POP3 protocol doesn't really have the concept of error codes and
  uses +, +OK and -ERR in response to commands to indicate continue,
  success and error.
  
  The AUTH command is one of those commands that requires multiple pieces
  of data to be sent to the server where the server will respond with + as
  part of the handshaking. This meant changing the values before
  continuing with the next stage of adding authentication support.

- pop3: Small code tidy up following authentication work so far
  
  Changed the order of the state machine to match the order of actual
  events.
  
  Reworked some comments and function parameter positioning that I missed
  the other day.

Kamil Dudka (28 May 2012)
- nss: use human-readable error messages provided by NSS
  
  Bug: http://lists.baseurl.org/pipermail/yum-devel/2012-January/009002.html

Daniel Stenberg (27 May 2012)
- test1013.pl: filter out Metalink
  
  Since it isn't a feature supported by curl-config we can't compare that
  with the --version output

- pop3: remove variable-not-used warnings

Steve Holme (27 May 2012)
- DOCS: Corrected the "Added in" version number for CURLOPT_MAIL_AUTH
  
  Additionally corrected another RFC link that I missed yesterday.

- pop3: Added support for SASL based authentication mechanism detection
  
  Added support for detecting the supported SASL authentication mechanisms
  via the AUTH command. There are two ways of detecting them, either by
  using the AUTH command, that will return -ERR if not supported or by
  using the CAPA command which will return SASL and the list of mechanisms
  if supported, not include SASL if SASL authentication is not supported
  or -ERR if the CAPA command is not supported. As such it seems simpler
  to use the AUTH command and fallback to normal clear text authentication
  if the the command is not supported.
  
  Additionally updated the test cases to return -ERR when the AUTH command
  is encountered. Additional test cases will be added when support for the
  individual authentication mechanisms is added.

Daniel Stenberg (27 May 2012)
- pop3: remove trailing whitespace

Steve Holme (27 May 2012)
- pop3: Code tidy up before the introduction of authentication code
  
  Moved EOB definition into header file.
  
  Switched the logic around in pop3_endofresp() to allow for the
  introduction of auth-mechanism detection.
  
  Repositioned second and third function variables where they will fit
  within the 78 character line limit.
  
  Tidied up some comments.

Guenter Knauf (27 May 2012)
- Enabled OpenSSL static linkage.

- Enabled OpenSSL static linkage.

- Try to detect OpenSSL build type automatically.

Daniel Stenberg (26 May 2012)
- metalink: fix build errors when disabled

- [Tatsuhiro Tsujikawa brought this change]

  Reduced #ifdef HAVE_METALINK

- [Tatsuhiro Tsujikawa brought this change]

  Disable hash check if neither OpenSSL nor GNUTLS is installed.

- [Tatsuhiro Tsujikawa brought this change]

  Format GETOUT_METALINK nicely

- [Tatsuhiro Tsujikawa brought this change]

  Minimize usage of structs from libmetalink

- [Tatsuhiro Tsujikawa brought this change]

  Check checksum of downloaded file if checksum is available
  
  Metalink file contains several hash types of checksums, such as
  md5, sha-1, sha-256, etc. To deal with these checksums, I created
  abstraction layer based on lib/curl_md5.h and
  lib/md5.c. Basically, they are almost the same but I changed the
  code so that it is not hash type dependent. Currently,
  GNUTLS(nettle or gcrypt) and OpenSSL functions are supported.
  
  Checksum checking is done by reopening download file.  If there
  is an I/O error, the current implementation just prints error
  message and does not try next resource.
  
  In this patch, the supported hash types are: md5, sha-1 and sha-256.

- [Tatsuhiro Tsujikawa brought this change]

  Always create directory hierarchy for Metalink.
  
  Filenames contained in Metalink file can include directory information.
  Filenames are unique in Metalink file, taking into account the directory
  information. So we need to create the directory hierarchy.
  
  Curl has --create-dirs option, but we create directory hierarchy for
  Metalink downloads regardless of the option value.
  
  This patch also put metalink int variable outside of HAVE_LIBMETALINK
  guard. This reduces the number of #ifdefs.

- [Tatsuhiro Tsujikawa brought this change]

  Fixed segmentation fault when Metalink has no valid file or no resource.

- [Tatsuhiro Tsujikawa brought this change]

  Support media-type parameter in Content-Type

- [Tatsuhiro Tsujikawa brought this change]

  Print "Metalink" in Features if Metalink support is enabled.

- [Tatsuhiro Tsujikawa brought this change]

  Removed trailing space

- [ant brought this change]

  Add --metalink to --help

- [ant brought this change]

  Add Metalink information and --metalink option to man page

- [ant brought this change]

  Add Metalink information and --metalink option to man page

- [ant brought this change]

  Adds Metalink information to INSTALL

- [Tatsuhiro Tsujikawa brought this change]

  --metalink option is available regardless of Metalink support.

- [Tatsuhiro Tsujikawa brought this change]

  metalink: parse downloaded Metalink file
  
  Parse downloaded Metalink file and add downloads described there. Fixed
  compile error without metalink support.

- [Tatsuhiro Tsujikawa brought this change]

  Fixed HAVE_LIBMETALINK conditional is always true

- [Tatsuhiro Tsujikawa brought this change]

  metalink: minor metalinkfile fix
  
  Don't update config->metalinkfile_last in operate(). Use local variable
  to point to the current metalinkfile.

- [Tatsuhiro Tsujikawa brought this change]

  metalink: show help message even if disabled
  
  Print message if --metalink is used while metalink support is not
  enabled. Migrated Metalink support in tool_operate.c and removed
  operatemetalink().

- [Tatsuhiro Tsujikawa brought this change]

  Applied patches from Daniel

- [Tatsuhiro Tsujikawa brought this change]

  Support Metalink.
  
  This change adds experimental Metalink support to curl.
  To enable Metalink support, run configure with --with-libmetalink.
  To feed Metalink file to curl, use --metalink option like this:
  
    $ curl -O --metalink foo.metalink
  
  We use libmetalink to parse Metalink files.

Steve Holme (26 May 2012)
- DOCS: Fixed line spacing of authentication examples in CURLOPT_URL

- DOCS: Changed domain names in various examples to example.com
  
  Updated various references of real domain names to example.com as per
  RFC-2606.

- DOCS: Fixed meaning of bit 2 in CURLOPT_POSTREDIR
  
  Setting bit 2 for this value was documented as having a constant value
  defined as CURL_REDIR_POST_303 yet referenced a 302 request.
  
  Additionally corrected the meaning of CURL_REDIR_POST_ALL for all three
  bits and fixed problems with the bolding of keywords in this section.

- DOCS: Standardised how RFCs are referenced.
  
  Standardised how RFCs are referenced so that the website may autolink to
  the correct documentation on ietf.org. Additionally removed the one link
  to RFC3986 on curl.haxx.se.

Yang Tse (26 May 2012)
- Fix libcurl.pc and curl-config generation for static MingW* cross builds

Daniel Stenberg (25 May 2012)
- [Tatsuhiro Tsujikawa brought this change]

  Made -D option work with -O and -J.
  
  To achieve this, first new structure HeaderData is defined to hold
  necessary data to perform header-related work.  Then tool_header_cb now
  receives HeaderData pointer as userdata.  All header-related work
  (currently, dumping header and Content-Disposition inspection) are done
  in this callback function.  HeaderData.outs->config is used to determine
  whether each work is done.
  
  Unit tests were also updated because after this change, curl code always
  sets CURLOPT_HEADERFUNCTION and CURLOPT_HEADERDATA.
  
  Tested with -O -J -D, -O -J -i and -O -J -D -i and all worked fine.

Steve Holme (25 May 2012)
- sasl: Re-factored auth-mechanism constants to be more generic

- smtp: Moved auth-mechanism constants into a separate header file
  
  Move the SMTP_AUTH constants into a separate header file in
  preparation for adding SASL based authentication to POP3 as the two
  protocols will need to share them.

Kamil Dudka (25 May 2012)
- nss: avoid using explicit casts of code pointers

Steve Holme (24 May 2012)
- DOCS: Added LDAP to the CURLOPT_URL section

- TODO: Removed DIGEST-MD5 authentication from SMTP to do list
  
  Removed DIGEST-MD5 from Section 9.1 Other authentication mechanisms as
  the feature was added to SMTP in 7.26.0.
  
  Also corrected small spelling mistake.

Daniel Stenberg (24 May 2012)
- bump to 7.26.1: start working towards next release

Version 7.26.0 (24 May 2012)

Daniel Stenberg (24 May 2012)
- RELEASE-NOTES: synced with ef60fdbd73
  
  Just before 7.26.0 is about to ship

Steve Holme (22 May 2012)
- smtp: Fixed an issue with the multi-interface always sending postdata
  
  Due to the result code being reset to CURLE_OK when smtp_dophase_done()
  was called, postdata would incorrectly be sent to the server when the
  MAIL FROM or RCPT command was rejected.
  
  As such, libcurl would return the wrong result code from performing the
  operation and additionally set CURLINFO_RESPONSE_CODE to be that
  returned by the postdata command.
  
  Bug: http://curl.haxx.se/mail/lib-2012-05/0108.html
  Reported by: Gokhan Sengun

- DOCS: Updated version number for features added in the pending release

Daniel Stenberg (22 May 2012)
- [Tatsuhiro Tsujikawa brought this change]

  Fixed compile error with GNUTLS+NETTLE
  
  In nettle/md5.h, md5_init and md5_update are defined as macros to
  nettle_md5_init and nettle_md5_update respectively.  This causes
  error when using MD5_params.md5_init and md5_update.  This patch
  renames these members as md5_init_func and md5_update_func to
  avoid name conflict. For completeness, MD5_params.md5_final was
  also renamed as md5_final_func.
  
  The changes in curl_ntlm_core.c is conversion error and fixed by
  casting to proper type.

- TODO-RELEASE: mention the pending biggies for 7.27.0

- [Jan Ehrhardt brought this change]

  winbuild: fix IPv6 enabled build
  
  The existing check was wrong so IPv6 support would never be enabled

- 7.26.0: will be the next release version

- RELEASE-NOTES: synced with 8ae1e657e82a
  
  And mention that this will become 7.26.0

Guenter Knauf (22 May 2012)
- Updated dependency libary versions.

Daniel Stenberg (20 May 2012)
- curl-config.1: fix curl-config usage in example
  
  The curl-config command must be used twice in the single command line to
  work properly in some environments.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3528241
  Reported by: Julian Taylor

Steve Holme (17 May 2012)
- smtp: Fixed non-escaping of dot character at beginning of line
  
  A dot character at the beginning of a line would not be escaped to a
  double dot as required by RFC-2821, instead it would be deleted by the
  mail server. Please see section 4.5.2 of the RFC for more information.
  
  Note: This fix also simplifies the detection of repeated CRLF.CRLF
  combinations, such as CRLF.CRLF.CRLF, a little rather than having to
  advance the eob counter to 2.

Daniel Stenberg (16 May 2012)
- FAQ: updated 1.10 How many are using curl?
  
  Now linking to http://daniel.haxx.se/blog/2012/05/16/300m-users/

- disable-versioned-symbols: removed superfluous 'fi'
  
  The commit e315927a1a left this in

- MakefileBuild.vc: use the correct IDN variable
  
  The variable that control IDN enablement is called USE_IDN within these
  Makefiles

- [Pierre Chapuis brought this change]

  autoconf: improve handling of versioned symbols
  
  It checks whether versioned symbols should be enabled before checking
  whether it is possible (i.e. the linker supports --version-script) or
  not. This avoids a useless warning when building cURL on a platform that
  does not use GNU ld.
  
  Moreover, it fixes broken indentation of this chunk of code.

- curl.1: clarify -x usage
  
  1 - fix the syntax in the .IP line
  
  2 - Provided user names and passwords are URL decoded by libcurl
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3525935

- NTLM: is supported in GnuTLS builds too
  
  ... since commit 9a4c887c4a7 introduced in libcurl 7.19.4

- TODO: happy eyeballs is now RFC6555

- my_useragent: shorten user-agent
  
  The built-in user-agent will now only say curl/[version] and nothing
  else in an attempt to decrease overhead in HTTP requests.

- CURLOPT_HEADERFUNCTION: works for non-HTTP protocols too

Claes Jakobsson (3 May 2012)
- Add note about default timeout in CURLOPT_TIMEOUT

Daniel Stenberg (2 May 2012)
- [Gokhan Sengun brought this change]

  MD5: OOM fix
  
  check whether md5 initialization succeeded before updating digest of
  buffers onto it

- REALEASE-NOTES: synced with 64f48e884e3c1

- [Jan Schaumann brought this change]

  add newly created manual page

- [Jan Schaumann brought this change]

  add a manual page for mk-ca-bundle

Guenter Knauf (26 Apr 2012)
- Updated dependency lib versions.

Daniel Stenberg (23 Apr 2012)
- URL parse: reject numerical IPv6 addresses outside brackets
  
  Roman Mamedov spotted (in
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670126) that curl would
  not complain when given a URL with an IPv6 numerical address without
  brackets. It would simply cut off the last ":[hex]" part and thus not
  work correctly.
  
  That's a URL using an illegal syntax and now libcurl will instead return
  a clear error code and error message detailing the error.
  
  The above mentioned bug report claims this to be a regression but
  libcurl does not guarantee functionality when given URLs that aren't
  following the URL spec (RFC3986 mostly). I consider the fact that it
  used to handle this differently a mere coincidence.

- Curl_MD5_init: fix OOM memory leak
  
  Bug: http://curl.haxx.se/mail/lib-2012-04/0246.html
  Reported by: Michael Mueller

- [Gokhan Sengun brought this change]

  OpenSSL cert: provide more details when cert check fails
  
  curl needs to be more chatty regarding certificate verification failure
  during SSL handshake

Yang Tse (23 Apr 2012)
- Revert "sspi: Added version information"
  
  This reverts commit 2976de480808119dae08fc6f52c8d75ba1aedb1a.

- Revert "sspi - Small code tidy up"
  
  This reverts commit 46cd5f1daddad3b3e542e6d93eee52e8bb9a8687.

- Revert "Fixed 'extra tokens at end of #endif directive'."
  
  This reverts commit 77172a242fc0c820f97eae39d0e3e0f265222fe6.

- Revert "Fixed 'Trailing whitespace' found by checksrc."
  
  This reverts commit 683bfa60ad0b52505947e59b03515e5f44378523.

- Revert "sspi: Code tidy up to remove unused variable."
  
  This reverts commit 412510f97407d617426d93b80e6b6bf0a8ff11ac.

- Revert "Add -lversion if build with SSPI."
  
  This reverts commit 9ec0b7e0c44d29eca6f45916fe5af3501168fe85.

Guenter Knauf (23 Apr 2012)
- Add -lversion if build with SSPI.

Steve Holme (22 Apr 2012)
- sspi: Code tidy up to remove unused variable.

Guenter Knauf (22 Apr 2012)
- Fixed 'Trailing whitespace' found by checksrc.

- Fixed 'extra tokens at end of #endif directive'.

Steve Holme (22 Apr 2012)
- sspi - Small code tidy up

- sspi: Added version information
  
  Added version information for Windows SSPI to curl's main version
  string and removed SSPI from the features string.

Daniel Stenberg (20 Apr 2012)
- HTTP: empty chunked POST ended up in two zero size chunks
  
  When doing a chunked-encoded POST with -d (CURLOPT_POSTFIELDS) and the
  size of the POST was zero length, it made libcurl first send a zero
  chunk and then the terminating one. This could confuse a receiver and it
  should rather just send the terminating chunk as it does with this fix.
  
  Test case 1333 is added to verify.
  
  Bug: http://curl.haxx.se/mail/archive-2012-04/0060.html
  Reported by: Arnaud Compan

Guenter Knauf (20 Apr 2012)
- Updated dependency lib versions.

Daniel Stenberg (19 Apr 2012)
- singleipconnect: return OK even when Curl_socket() fails
  
  Commit 9109cdec11ee5a brought this regression (shipped since 7.24.0).
  
  The singleipconnect() function must not return an error if Curl_socket()
  returns an error. It should then simply return OK and pass a SOCKET_BAD
  back simply because that is how the user of this function expects it to
  work and something else is not fine.
  
  Reported by: Blaise Potard
  Bug: http://curl.haxx.se/bug/view.cgi?id=3516508

Yang Tse (19 Apr 2012)
- Take in account that CURLAUTH_* bitmasks are now 'unsigned long' - follow-up
  
  MIPSPro compiler detected curl_easy_getinfo() related missing adjustments.
  SunPro compiler detected curl tool --libcurl option related missing adjustments.

- url.c: CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH fixes
  
  Fail with CURLE_NOT_BUILT_IN when none of requested auth methods is supported.
  
  Reject CURLAUTH_ONLY bit when given alone or with CURLAUTH_NONE.

- Take in account that CURLAUTH_* bitmasks are now 'unsigned long'
  
  Data type of internal vars holding CURLAUTH_* bitmasks changed from 'long' to
  'unsigned long' for proper handling and operating.

- curl.h: CURLAUTH_* bitmasks adjusted to become 'unsigned long' typed
  
  Info: http://curl.haxx.se/mail/lib-2012-04/0170.html

- Some explicit conversion to 'long' of curl_easy_setopt() third argument
  
  Explicit conversion to 'long' of curl_easy_setopt() third argument for options
  CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH given that this is how its bitmasks are
  docummented to be used.

- build adjustments: commit 9e24b9c7 follow-up

Daniel Stenberg (17 Apr 2012)
- -# progress meter: avoid superfluous updates and duplicate lines
  
  By comparing if a different "progress point" is reached or not since the
  previous update, the progress function callback for this now avoids many
  superfluous screen updates. This has the nice side-effect that it fixes
  a problem that causes a second progress meter line.
  
  The second line output happened because when we use the -# progress
  meter, we force a newline output after the transfer in the main loop in
  curl, but when libcurl calls the progress callback from
  curl_easy_cleanup() it would then output the progress display
  again. Possibly the naive newline output is wrong but this optimization
  was suitable anyway...
  
  Reported by: Daniel Theron
  Bug: http://curl.haxx.se/bug/view.cgi?id=3517418

Yang Tse (16 Apr 2012)
- nss.c: fix compiler warning

- curl-compilers.m4: -Wno-pedantic-ms-format for Windows gcc 4.5 builds
  
  When building a Windows target with gcc 4.5 or newer and strict compiler
  warnings enabled use -Wno-pedantic-ms-format in addition to other flags.

Kamil Dudka (16 Apr 2012)
- tests/valgrind.pm: suppress memleaks of NSS_InitContext()
  
  Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=745224

Yang Tse (14 Apr 2012)
- setup_once.h: tighten requirements for stdbool.h header inclusion
  
  Include stdbool.h only when it is available and configure is capable of
  detecting a proper 'bool' data type when the header is included.
  
  Compilation fix for old or unpatched versions of XL C compiler.
  
  Report: http://curl.haxx.se/mail/archive-2012-04/0022.html

- headers: require GCC 2.7 or newer in order to allow attribute GCC'isms usage
  
  Usage in other code paths already protected and requiring even newer versions.

- [Jonathan Nieder brought this change]

  headers: surround GCC attribute names with double underscores
  
  This protects from attribute names being defined by third party's code.
  
  Improvement: http://curl.haxx.se/mail/lib-2012-04/0127.html

Guenter Knauf (13 Apr 2012)
- Updated copyright year.

Yang Tse (13 Apr 2012)
- testcurl.pl: build example programs for Android cross-compiles

- nss.c: fix compiler warning

- examples: fix compiler warnings

Kamil Dudka (13 Apr 2012)
- nss: provide human-readable names for NSS errors

- nss: use NSS_InitContext() to initialize NSS if available
  
  NSS_InitContext() was introduced in NSS 3.12.5 and helps to prevent
  collisions on NSS initialization/shutdown with other libraries.
  
  Bug: https://bugzilla.redhat.com/738456

- nss: unconditionally require PK11_CreateGenericObject()
  
  This bumps the minimal supported version of NSS to 3.12.x.

Guenter Knauf (13 Apr 2012)
- Set batch mode to 755 to make Cygwin git pulls work.

- Added section for Android configure cross-compile.

- Added NetWare export.

Yang Tse (12 Apr 2012)
- testcurl.pl: build example programs for MinGW cross-compiles

- tool_operate.c: fix compiler warning

- url.c: fix compiler warning

Guenter Knauf (12 Apr 2012)
- Updated dependency lib versions (2nd try).

- Updated dependency lib versions.

Yang Tse (12 Apr 2012)
- tool_formparse.c: rename a couple of vars to avoid declaration shadowing

- OS400/initscript.sh: fix db2_name() module name generation
  
  Allow repeatable file name length reduction on file names with underscore or
  dash characters. This is done in order to better support libcurl's existing
  source file names and allow OS/400 package to build out of the box again.

- testcurl.pl: log more environment vars that modify configure and build behavior

- configure: NATIVE_WINDOWS no longer defined in config files

- build adjustments: CURL_HIDDEN_SYMBOLS no longer defined in config files
  
  configure script now provides conditional definitions for Makefile.am
  that result in CURL_HIDDEN_SYMBOLS being defined by resulting makefiles
  when appropriate.
  
  Additionally, configure script option for symbol hiding control is now
  named --enable-symbol-hiding --disable-symbol-hiding. While still valid,
  old option name --enable-hidden-symbols --disable-hidden-symbols will
  be deprecated in some future release.

- build adjustments: functionally revert commits 4d3fb91f and bbfe1182
  
  Undefining CURL_HIDDEN_SYMBOLS in source files isn't the proper fix.

- test servers: build adjustment
  
  Undefine CURL_HIDDEN_SYMBOLS libcurl private preprocessor macro that might
  leak from lib/setup.h into source files where this should not be defined.

- libtests: build adjustment
  
  Undefine CURL_HIDDEN_SYMBOLS libcurl private preprocessor macro that might
  leak from lib/setup.h into source files where this should not be defined.

- curl tool: make setup.h first header included in tool_setup.h again

- curl tool: use configuration files from lib directory - follow-up II
  
  lib/config-win32.h no longer copied to src/config-win32.h

- configure: Windows cross-compilation fixes
  
  BUILDING_LIBCURL and CURL_STATICLIB are no longer defined in curl_config.h,
  configure will generate appropriate conditionals so that mentioned symbols
  get defined and used in Makefiles at compilation time

- curl tool: make curl.h first header included in tool_setup.h

- curl tool: use configuration files from lib directory - follow-up I
  
  amigaos.[ch] now integrates nicely with any libcurl build

- curl tool: use configuration files from lib directory
  
  Configuration files such as curl_config.h and all config-*.h no longer exist
  nor are generated/copied into 'src' directory, now these only exist in 'lib'
  directory from where curl tool sources uses them.
  
  Additionally old src/setup.h has been refactored into src/tool_setup.h which
  now pulls lib/setup.h
  
  The possibility of a makefile needing an include path adjustment exists.

Daniel Stenberg (6 Apr 2012)
- PolarSSL: correct return code for CRL matches
  
  When a server certificate matches one in the given CRL file, the code
  now returns CURLE_SSL_CACERT as test case 313 expects and verifies.

- PolarSSL: include version number in version string
  
  Previously it would say PolarSSL only, now it says PolarSSL/1.1.0 in the
  same style other libs and components do.

- test: added test 1332 that tests --post303

- curl: add --post303 to set the CURL_REDIR_POST_303 option

- [Andrei Cipu brought this change]

  CURLOPT_POSTREDIR: also allow 303 to do POST on the redirected URL
  
  As it turns out, some people do want that after all.

- test1331: cookies on a 407 response
  
  Verify that cookies are sent back even after a 407 response has been
  received

- [Dag Ekengren brought this change]

  PolarSSL: add support for asynchronous connect

- [Tim Heckman brought this change]

  Revert "access the CA source file using HTTPS"
  
  This reverts commit f7e2ab6.
  
  This change caused fetching of the certificates to become unreliable.
  
  Bug: http://curl.haxx.se/mail/lib-2012-03/0238.html
  Reported by: Tim Heckman

- [Andrei Cipu brought this change]

  IPv6 cookie domain: get rid of the first bracket before the second.
  
  Commit 97b66ebe was copying a smaller buffer, thus duplicating the last
  character.

- MAIL-ETIQUETTE: Added "How to unsubscribe"
  
  ... as it seems to hard for some people

Yang Tse (4 Apr 2012)
- ftp.c: ftplistparser related OOM handling fix

- smtp.c: fix compiler warnings

- lib599.c: fix compiler warning

Daniel Stenberg (4 Apr 2012)
- runtests: yassl and polarssl are not openssl
  
  Don't set the "has_openssl" variable if yassl or polarssl is found as
  they will simply not work as 100% drop-in replacements for some of the
  stuff the "OpenSSL" feature is used for.
  
  I spotted this problem when doing test runs with PolarSSL builds.

- [Lijo Antony brought this change]

  connect.c: return changed to CURLE_COULDNT_CONNECT when opensocket fails
  
  Curl_socket returns CURLE_COULDNT_CONNECT when the opensocket callback
  returns CURL_SOCKET_BAD. Previous return value CURLE_FAILED_INIT
  conveys incorrect information to the user.

Steve Holme (2 Apr 2012)
- pop3: Reworked the command sending and handling
  
  Reworked the command sending from two specific LIST and RETR command
  functions into a single command based function as well as the two
  associated response handlers into a generic command handler.

Daniel Stenberg (1 Apr 2012)
- [Dave Reisner brought this change]

  curl tool: add filename_effective token for --write-out
  
  By modifying the parameter list for ourWriteOut() and passing the
  OutStruct that collects data in tool_operate, we get access to the
  remote name that we're writing to. Shell scripters should find this
  useful when used in conjuntion with the --remote-header-name option.

Steve Holme (1 Apr 2012)
- smtp.c: Code policing and tidy up

Daniel Stenberg (1 Apr 2012)
- [Armel Asselin brought this change]

  SSH: public key can now be an empty string
  
  If an empty string is passed to CURLOPT_SSH_PUBLIC_KEYFILE, libcurl will
  pass no public key to libssh2 which then tries to compute it from the
  private key. This is known to work when libssh2 1.4.0+ is linked against
  OpenSSL.

- [Tatsuhiro Tsujikawa brought this change]

  OpenSSL: Made cert hostname check conform to RFC 6125
  
  This change replaces RFC 2818 based hostname check in OpenSSL build with
  RFC 6125 [1] based one.
  
  The hostname check in RFC 2818 is ambiguous and each project implements
  it in the their own way and they are slightly different. I check curl,
  gnutls, Firefox and Chrome and they are all different.
  
  I don't think there is a bug in current implementation of hostname
  check. But it is not as strict as the modern browsers do. Currently,
  curl allows multiple wildcard character '*' and it matches '.'. (as
  described in the comment in ssluse.c).
  
  Firefox implementation is also based on RFC 2818 but it only allows at
  most one wildcard character and it must be in the left-most label in the
  pattern and the wildcard must not be followed by any character in the
  label.[2] Chromium implementation is based on RFC 6125 as my patch does.
  Firefox and Chromium both require wildcard in the left-most label in the
  presented identifier.
  
  This patch is more strict than the current implementation, so there may
  be some cases where old curl works but new one does not. But at the same
  time I think it is good practice to follow the modern browsers do and
  follow the newer RFC.
  
  [1] http://tools.ietf.org/html/rfc6125#section-6.4.3
  [2] https://bugzilla.mozilla.org/show_bug.cgi?id=159483

- HTTP: reset expected DL/UL sizes on redirects
  
  With FOLLOWLOCATION enabled. When a 3xx page is downloaded and the
  download size was known (like with a Content-Length header), but the
  subsequent URL (transfered after the 3xx page) was chunked encoded, then
  the previous "known download size" would linger and cause the progress
  meter to get incorrect information, ie the former value would remain
  being sent in. This could easily result in downloads that were WAY
  larger than "expected" and would cause >100% outputs with the curl
  command line tool.
  
  Test case 599 was created and it was used to repeat the bug and then
  verify the fix.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=3510057
  Reported by: Michael Wallner

Steve Holme (31 Mar 2012)
- [Gökhan Şengün brought this change]

  smtp: Add support for DIGEST-MD5 authentication

- [Gökhan Şengün brought this change]

  smtp: Cody tidy up of md5 digest length
  
  Replaced the hard coded md5 digest length (16) with a preprocessor
  constant

- [Gökhan Şengün brought this change]

  md5: Add support for calculating the md5 sum of buffers incrementally
  
  It is now possible to calculate the md5 sum as the stream of buffers
  becomes known where as previously it was only possible to calculate the
  md5 sum of a pre-prepared buffer.

Daniel Stenberg (31 Mar 2012)
- Revert "mk-ca-bundle.pl: use LWP::UserAgent for https"
  
  This reverts commit 9f0e1689f169b83b8fbdae23e0024cc57dcbc770.
  
  It turned out that "improvement" instead made the fetching of the
  certificates unreliable
  
  Bug: http://curl.haxx.se/mail/lib-2012-03/0238.html
  Reported by: Tim Heckman

Steve Holme (31 Mar 2012)
- DOCS: Added information regarding POP3 commands to CURLOPT_CUSTOMREQUEST

- pop3: Added support for additional pop3 commands
  
  This feature allows the user to specify and use additional POP3
  commands such as UIDL and DELE via libcurl's CURLOPT_CUSTOMREQUEST or
  curl's -X command line option.

Yang Tse (30 Mar 2012)
- [tetetest tetetest brought this change]

  CMakeLists.txt: fix Windows LDAP/LDAPS option handling
  
  bug: http://curl.haxx.se/mail/lib-2012-03/0278.html

- [tetetest tetetest brought this change]

  CMakeLists.txt: fix MS Visual Studio x64 unsigned long long literal suffix
  
  bug: http://curl.haxx.se/mail/lib-2012-03/0255.html

Steve Holme (28 Mar 2012)
- TODO: Corrected POP3 section heading

Yang Tse (28 Mar 2012)
- curl-functions.m4: update detection logic of getaddrinfo() thread-safeness
  
  Take in account that h_errno might be a modifiable lvalue not defined as
  a C preprocessor macro

Steve Holme (27 Mar 2012)
- TODO: Added SMTP and POP3 specific features

Yang Tse (27 Mar 2012)
- [Olaf Flebbe brought this change]

  tool_cb_dbg.c: fix tool_cb_dbg() to behave properly even for size 0
  
  curl segfault in debug callback triggered with CURLINFO_HEADER_OUT and size 0
  
  bug: http://curl.haxx.se/bug/view.cgi?id=3511794

- test #1405: support HTTP disabled builds

Steve Holme (26 Mar 2012)
- test #809: Updated error code to match recent pop3 changes

Yang Tse (25 Mar 2012)
- ssh.c: code cleanup, Curl_safefree() already nullifies pointer

- fix some compiler warnings

Steve Holme (25 Mar 2012)
- pop3.c: Corrected problem with state() introduced in 01690ed2bce5

- pop.c: Small code tidy up

- pop3: Removed the need for the single message LIST command handler
  
  Simplified the code to remove the need for a separate "LIST <msg id>"
  command handler and state machine and instead use the LIST command
  handler for both operations.