[platform/upstream/curl.git] / CHANGES

                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Version 7.40.0 (7 Jan 2015)

Daniel Stenberg (7 Jan 2015)
- RELEASE-NOTES: version 7.40.0

- darwinssl: fix session ID keys to only reuse identical sessions
  
  ...to avoid a session ID getting cached without certificate checking and
  then after a subsequent _enabling_ of the check libcurl could still
  re-use the session done without cert checks.
  
  Bug: http://curl.haxx.se/docs/adv_20150108A.html
  Reported-by: Marc Hesse

- tests: make sure CRLFs can't be used in URLs passed to proxy
  
  Bug: http://curl.haxx.se/docs/adv_20150108B.html

- url-parsing: reject CRLFs within URLs
  
  Bug: http://curl.haxx.se/docs/adv_20150108B.html
  Reported-by: Andrey Labunets

Steve Holme (7 Jan 2015)
- ldap: Convert attribute output to UTF-8 when Unicode

- ldap: Convert DN output to UTF-8 when Unicode

Daniel Stenberg (7 Jan 2015)
- hostip: remove 'stale' argument from Curl_fetch_addr proto
  
  Also, remove the log output of the resolved name is NOT in the cache in
  the spirit of only telling when something is actually happening.

Steve Holme (7 Jan 2015)
- ldap/imap: Fixed spelling mistake in comments and variable names
  
  Reported-by: Michael Osipov

Daniel Stenberg (7 Jan 2015)
- RELEASE-NOTES: updated with ./contributors.sh output

Dan Fandrich (5 Jan 2015)
- curl_multibyte.h: Eliminated some trailing whitespace

Steve Holme (4 Jan 2015)
- RELEASE-NOTES: Synced with ea93252ef1

- ldap: Fixed Unicode usage for all Win32 builds
  
  Otherwise, the fixes in the previous commits would only be applicable
  to IDN and SSPI based builds and not others such as OpenSSL with LDAP
  enabled.

- ldap: Fixed memory leak from commit efb64fdf80

- ldap: Fix memory leak from commit 3a805c5cc1

- ldap: Fixed attribute variable warnings when Unicode is enabled
  
  Use 'TCHAR *' for local attribute variable rather than 'char *'.

- ldap: Fixed DN variable warnings when Unicode is enabled
  
  Use 'TCHAR *' for local DN variable rather than 'char *'.

- ldap: Remove the unescape_elements() function
  
  Due to the recent modifications this function is no longer used.

- ldap.c: Fixed compilation warning
  
  ldap.c:98: warning: extra tokens at end of #endif directive

- ldap: Fixed support for Unicode filter in Win32 search call

- ldap.c: Fixed compilation warning
  
  ldap.c:802: warning: comparison between signed and unsigned integer
              expressions

- ldap: Fixed support for Unicode attributes in Win32 search call

- ldap: Fixed memory leak from commit efb64fdf80
  
  The unescapped DN was not freed after a successful character conversion.

- ldap.c: Fixed compilation error
  
  ldap.c:738: error: macro "LDAP_TRACE" passed 2 arguments, but takes
              just 1

- ldap.c: Fixed compilation warning
  
  ldap.c:89: warning: extra tokens at end of #endif directive

- ldap: Fixed support for Unicode DN in Win32 search call

- ldap: Fixed Unicode user and password in Win32 bind calls

- ldap: Fixed Unicode host name in Win32 initialisation calls

- ldap: Use host.dispname for infof() connection failure messages
  
  As host.name may be encoded use dispname for infof() failure messages.

- ldap: Prefer 'CURLcode result' for curl result codes

- ldap: Pass write length in all Curl_client_write() calls
  
  As we get the length for the DN and attribute variables, and we know
  the length for the line terminator, pass the length values rather than
  zero as this will save Curl_client_write() from having to perform an
  additional strlen() call.

- ldap: Fixed attribute memory leaks on failed client write
  
  Fixed memory leaks from commit 086ad79970 as was noted in the commit
  comments.

- ldap: Fixed DN memory leaks on failed client write
  
  Fixed memory leaks from commit 086ad79970 as was noted in the commit
  comments.

- curl_ntlm_core.c: Fixed compilation warning from commit 1cb17b2a5d
  
  curl_ntlm_core.c:146: warning: passing 'DES_cblock' (aka 'unsigned char
                        [8]') to parameter of type 'char *' converts
                        between pointers to integer types with different
                        sign

- ntlm: Use extend_key_56_to_64() for all cryptography engines
  
  Rather than duplicate the code in setup_des_key() for OpenSSL and in
  extend_key_56_to_64() for non-OpenSSL based crypto engines, as it is
  the same, use extend_key_56_to_64() for all engines.

- RELEASE-NOTES: Synced with 34f0bd110f

- curl_ntlm_core.c: Fixed compilation warning
  
  curl_ntlm_core.c:458: warning: 'ascii_uppercase_to_unicode_le' defined
                        but not used

- endian: Fixed bit-shift in 64-bit integer read functions
  
  From commit 43792592ca and 4bb5a351b2.
  
  Reported-by: Michael Osipov

- smb: Use endian functions for reading NBT and message size values

- endian: Added big endian read functions

- endian: Added 64-bit integer read function

- COPYING: Bumped copyright year to 2015

- version: Bump copyright year to 2015

- smb.c: Fixed compilation warnings
  
  smb.c:780: warning: passing 'char *' to parameter of type 'unsigned
             char *' converts between pointers to integer types with
             different sign
  smb.c:781: warning: passing 'char *' to parameter of type 'unsigned
             char *' converts between pointers to integer types with
             different sign
  smb.c:804: warning: passing 'char *' to parameter of type 'unsigned
             char *' converts between pointers to integer types with
             different sign

- smb: Use endian functions for reading length and offset values

- endian: Added 16-bit integer write function

- endian: Fixed Linux compilation issues
  
  Having files named endian.[c|h] seemed to cause issues under Linux so
  renamed them both to have the curl_ prefix in the filenames.

- [Julien Nabet brought this change]

  lib1900.c: Fixed cppcheck error
  
  lib1900.c:182: (style) Array index 'handlenum' is used before limits
                 check
  
  Bug: https://github.com/bagder/curl/pull/133

- endian: Added standard function descriptions

- endian: Renamed functions for curl API naming convention

- endian: Moved write functions to new module

- endian: Moved read functions to new module

- endian: Introduced endian module
  
  To allow the little endian functions, currently used in two of the NTLM
  source files, to be used by other modules such as the SMB module.

- sepheaders.c: Applied curl oding standards

- [Julien Nabet brought this change]

  sepheaders.c: Fixed resource leak on failure

- vtls: Use '(void) arg' for unused parameters
  
  Prefer void for unused parameters, rather than assigning an argument to
  itself as a) unintelligent compilers won't optimize it out, b) it can't
  be used for const parameters, c) it will cause compilation warnings for
  clang with -Wself-assign and d) is inconsistent with other areas of the
  curl source code.

- smb.c: Fixed compilation warning
  
  smb.c:586: warning: conversion to 'short unsigned int' from 'int' may
             alter its value

- [Bill Nagel brought this change]

  smb: Use the connection's upload buffer
  
  Use the connection's upload buffer instead of allocating our own send
  buffer.

- RELEASE-NOTES: Synced with 1933f9d33c

- schannel: Moved the ISC return flag definitions to the SSPI module
  
  Moved our Initialize Security Context return attribute definitions to
  the SSPI module, as a) these can be used by other SSPI based providers
  and b) the ISC required attributes are defined there.

- [Bill Nagel brought this change]

  smb: Close the connection after a failed client write

- darwinssl: Fixed compilation warning
  
  vtls.c:683:43: warning: unused parameter 'data'

- sockfilt.c: Fixed compilation warnings
  
  sockfilt.c:288: warning: conversion to 'DWORD' from 'size_t' may alter
                  its value
  sockfilt.c:291: warning: conversion to 'DWORD' from 'size_t' may alter
                  its value
  sockfilt.c:323: warning: conversion to 'DWORD' from 'size_t' may alter
                  its value
  sockfilt.c:326: warning: conversion to 'DWORD' from 'size_t' may alter
                  its value

- test1509: Fixed compilation warning
  
  lib1509.c:93:18: warning: conversion to 'long int' from 'size_t' may
                   alter its value

- test556: Fixed compilation warning
  
  lib556.c:90: warning: conversion to 'unsigned int' from 'size_t' may
               alter its value

- sasl_gssapi: Fixed use of dummy username with real username

- vtls: Fixed compilation warning and an ignored return code
  
  curl_schannel.h:123: warning: right-hand operand of comma expression
                       has no effect
  
  Some instances of the curlssl_close_all() function were declared with a
  void return type whilst others as int. The schannel version returned
  CURLE_NOT_BUILT_IN and others simply returned zero, but in all cases the
  return code was ignored by the calling function Curl_ssl_close_all().
  
  For the time being and to keep the internal API consistent, changed all
  declarations to use a void return type.
  
  To reduce code we might want to consider removing the unimplemented
  versions and use a void #define like schannel does.

Daniel Stenberg (28 Dec 2014)
- TODO: 2.3 Better support for same name resolves

Steve Holme (28 Dec 2014)
- test1520: Fixed initial teething problems
  
  * Missing initialisation of upload status caused a seg fault
  * Missing data termination caused corrupt data to be uploaded
  * Data verification should be performed in <upload> element
  * Added missing recipient list cleanup

- test1520: Fixed compilation errors

- tests: Added test for bug #1456

- checksrc.bat: Fixed a problem opening files with spaces in the filename

- openldap: Prefer use of 'CURLcode result'

- openldap: Use 'LDAPMessage *msg' for messages
  
  This frees up the 'result' variable for CURLcode based result codes.

- nss: Don't ignore Curl_extract_certinfo() OOM failure

- nss: Don't ignore Curl_ssl_init_certinfo() OOM failure

- nss: Use 'CURLcode result' for curl result codes
  
  ...and don't use CURLE_OK in failure/success comparisons.

- getinfo: Code style policing

- getinfo: Use 'CURLcode result' for curl result codes

- darwinssl: Use 'CURLcode result' for curl result codes

- polarssl: Use 'CURLcode result' for curl result codes

- docs: Updated following the addition of SASL GSSAPI via GSS-API libraries
  
  As this feature has been implemented for 7.40.0.

- asiohiper.cpp: No need to initialise members of ConnInfo
  
  ...as calloc() automatically clears the area of memory with zeros.

- asiohiper.cpp: Updated for curl coding standards
  
  ...with the exception of the start of block statement curly brackets.

- code/docs: Use correct case for IPv4 and IPv6
  
  For consistency, as we seem to have a bit of a mixed bag, changed all
  instances of ipv4 and ipv6 in comments and documentations to use the
  correct case.

- runtests: Fixed detection of Unix Sockets feature
  
  ...following change in curl --version output.

- code/docs: Use Unix rather than UNIX to avoid use of the trademark
  
  Use Unix when generically writing about Unix based systems as UNIX is
  the trademark and should only be used in a particular product's name.

- ip2ip.c: Fixed compilation warning when IPv6 Scope ID not supported
  
  if2ip.c:119: warning: unused parameter 'remote_scope_id'
  
  ...and some minor code style policing in the same function.

- vtls: Don't set cert info count until memory allocation is successful
  
  Otherwise Curl_ssl_init_certinfo() can fail and set the num_of_certs
  member variable to the requested count, which could then be used
  incorrectly as libcurl closes down.

- vtls: Use CURLcode for Curl_ssl_init_certinfo() return type
  
  The return type for this function was 0 on success and 1 on error. This
  was then examined by the calling functions and, in most cases, used to
  return CURLE_OUT_OF_MEMORY.
  
  Instead use CURLcode for the return type and return the out of memory
  error directly, propagating it up the call stack.

- configure: Use camel case for UNIX sockets feature output
  
  To match the curl --version output.

Marc Hoersken (26 Dec 2014)
- sockfilt.c: Reduce the number of individual memory allocations
  
  Merge multiple internal arrays into one, even if some variables
  will not not be used. They are all created with the number of
  file descriptors as their size.
  
  Also fix possible thread handle leak in CloseHandle-loop.

- sockfilt.c: Replace 100ms sleep with thread throttle
  
  Improves performance of test cases 574 and 575 by 50%.
  
  A value of zero causes the thread to relinquish the remainder
  of its time slice to any other thread of equal priority that is
  ready to run. If there are no other threads of equal priority
  ready to run, the function returns immediately, and the thread
  continues execution.
  
  http://msdn.microsoft.com/library/windows/desktop/ms686307.aspx

Steve Holme (25 Dec 2014)
- tool_help: Use camel case for UNIX sockets feature output
  
  In line with the other features listed in the --version output,
  capitalise the UNIX socket feature.

- vtls: Use bool for Curl_ssl_getsessionid() return type
  
  The return type of this function is a boolean value, and even uses a
  bool internally, so use bool in the function declaration as well as
  the variables that store the return value, to avoid any confusion.

- schannel: Minor code style policing for casts

- schannel: Prefer 'CURLcode result' for curl result codes

- cyassl: Prefer 'CURLcode result' for curl result codes

- tool_xattr: Use 'CURLcode result' for curl result codes

- curl_ntlm_core.c: Fixed compilation warnings
  
  curl_ntlm_core.c:301: warning: pointer targets in passing argument 2 of
                        'CryptImportKey' differ in signedness
  curl_ntlm_core.c:310: warning: passing argument 6 of 'CryptEncrypt' from
                        incompatible pointer type
  curl_ntlm_core.c:540: warning: passing argument 4 of 'CryptGetHashParam'
                        from incompatible pointer type

- RELEASE-NOTES: Synced with 8830df8b66

- gtls: Use preferred 'CURLcode result'

- openldap: Use standard naming for setup connection function
  
  Renamed ldap_setup() to ldap_setup_connection() to follow more widely
  used function naming.

- rtmp: Use standard naming for setup connection function
  
  Renamed rtmp_setup() to rtmp_setup_connection() to follow more widely
  used function naming.

- smb: Use standard naming for setup connection function
  
  Renamed smb_setup() to smb_setup_connection() to follow more widely
  used function naming.

- config-win32.h: Fixed line length > 79 columns

- openssl: Prefer we don't use NULL in comparisons

- build: Removed WIN32 definition from the Visual Studio projects
  
  As this pre-processor definition is defined in curl_setup.h there is no
  need to include it in the Visual Studio project files.

- build: Removed WIN64 definition from the libcurl Visual Studio projects
  
  Removed the WIN64 pre-processor definition from the libcurl project
  files as:
  
  * WIN64 is not used in our source code
  * The curl projects files don't define it
  * It isn't required by or used in the platform SDK
  * For backwards compatability curl_setup.h defines WIN32
  * The compiler automatically defines _WIN64 for x64 builds
  
  Historically Visual Studio projects have defined WIN32, in addition to
  the compiler defined _WIN32 definition, and I had incorrectly changed
  that to WIN64 for the x64 libcurl builds but not in the curl projects.
  
  As such, it is questionable whether this should be defined or not. For
  more information see the following cache of a discussion that took
  place on the microsoft.public.vc.mfc newsgroup:
  
  http://www.tech-archive.net/Archive/VC/microsoft.public.vc.mfc/2008-06/msg00074.html

- openssl.c Fix for compilation errors with older versions of OpenSSL
  
  openssl.c:1408: error: 'TLS1_1_VERSION' undeclared
  openssl.c:1411: error: 'TLS1_2_VERSION' undeclared

Daniel Stenberg (22 Dec 2014)
- [John Malmberg brought this change]

  Fix comment edit in vms/backup_gnv_curl_src.com
  
  packages/vms/backup_gnv_curl_src.com: Originally copied from Bash port.

- curl: show size of inhibited data when using -v
  
  To offer some more info and yet it doesn't use more lines.

- openssl: fix SSL/TLS versions in verbose output

- openssl: make it compile against openssl 1.1.0-DEV master branch

Marc Hoersken (22 Dec 2014)
- sshserver.pl: clarify and streamline variable names

Daniel Stenberg (21 Dec 2014)
- openssl: warn for SRP set if SSLv3 is used, not for TLS version
  
  ... as it requires TLS and it was was left to warn on the default from
  when default was SSL...

- smb: use memcpy() instead of strncpy()
  
  ... as it never copies the trailing zero anyway and always just the four
  bytes so let's not mislead anyone into thinking it is actually treated
  as a string.
  
  Coverity CID: 1260214

- [John E. Malmberg brought this change]

  VMS: Updates for 0740-0D1220
  
  lib/setup-vms.h : VAX HP OpenSSL port is ancient, needs help.
                    More defines to set symbols to uppercase.
  
  src/tool_main.c : Fix parameter to vms_special_exit() call.
  
  packages/vms/ :
    backup_gnv_curl_src.com : Fix the error message to have the correct package.
  
    build_curl-config_script.com : Rewrite to be more accurate.
  
    build_libcurl_pc.com : Use tool_version.h now.
  
    build_vms.com : Fix to handle lib/vtls directory.
  
    curl_gnv_build_steps.txt : Updated build procedure documentation.
  
    generate_config_vms_h_curl.com :
         * VAX does not support 64 bit ints, so no NTLM support for now.
         * VAX HP SSL port is ancient, needs some help.
         * Disable NGHTTP2 for now, not ported to VMS.
         * Disable UNIX_SOCKETS, not available on VMS yet.
         * HP GSSAPI port does not have gss_nt_service_name.
  
    gnv_link_curl.com : Update for new curl structure.
  
    pcsi_product_gnv_curl.com : Set up to optionally do a complete build.

Marc Hoersken (21 Dec 2014)
- sockfilt.c: use non-Ex functions that are available before WinXP
  
  It was initially reported by Guenter that GetFileSizeEx
  requires (_WIN32_WINNT >= 0x0500) to be true.

- tests: use Cygwin-style paths in SSH, SSHD and SFTP config files
  
  Second patch to enable Windows support using Cygwin-based OpenSSH.
  
  Tested with CopSSH 5.0.0 free edition using an msys shell on Windows 7.

- tests: support spaces in paths to SSH, SSHD and SFTP binaries
  
  First patch to enable Windows support using Cygwin-based OpenSSH.

Steve Holme (20 Dec 2014)
- non-ascii: Reduce variable usage
  
  Removed 'next' variable in Curl_convert_form(). Rather than setting it
  from 'form->next' and using that to set 'form' after the conversion
  just use 'form = form->next' instead.

- non-ascii: Prefer while loop rather than a do loop
  
  This also removes the need to check that the 'form' argument is valid.

- non-ascii: Reduce variable scope
  
  As 'result' isn't used out side the conversion callback code and
  previously caused variable shadowing in the libiconv based code.

- non-ascii: We prefer 'CURLcode result'
  
  This also fixes a variable shadowing issue when HAVE_ICONV is defined
  as rc was declared for the result code of libiconv based functions.

Marc Hoersken (19 Dec 2014)
- secureserver.pl: clean up formatting of config and fix verbose output
  
  Verbose output was not matching the actual configuration file,
  because FIPS and Windows conditions were ignored.

- secureserver.pl: update Windows detection and fix path conversion

- secureserver.pl: make OpenSSL CApath and cert absolute path values
  
  Recent stunnel versions (5.08) seem to have trouble with relative
  paths on Windows. This turns the relative paths into absolute ones.

Patrick Monnerat (18 Dec 2014)
- if2ip: dummy scope parameter for Curl_if2ip() call in SIOCGIFADDR-enabled code.

- [Kyle J. McKay brought this change]

  parseurlandfillconn(): fix improper non-numeric scope_id stripping.
  Fixes SF bug 1149: http://sourceforge.net/p/curl/bugs/1449/

- IPV6: address scope != scope id
  There was a confusion between these: this commit tries to disambiguate them.
  - Scope can be computed from the address itself.
  - Scope id is scope dependent: it is currently defined as 1-based local
    interface index for link-local scoped addresses, and as a site index(?) for
    (obsolete) site-local addresses. Linux only supports it for link-local
    addresses.
  The URL parser properly parses a scope id as an interface index, but stores it
  in a field named "scope": confusion. The field has been renamed into "scope_id".
  Curl_if2ip() used the scope id as it was a scope. This caused failures
  to bind to an interface.
  Scope is now computed from the addresses and Curl_if2ip() matches them.
  If redundantly specified in the URL, scope id is check for mismatch with
  the interface index.
  
  This commit should fix SF bug #1451.

- connect: singleipconnect(): properly try other address families after failure

Daniel Stenberg (16 Dec 2014)
- SFTP: work-around servers that return zero size on STAT
  
  Bug: http://curl.haxx.se/mail/lib-2014-12/0103.html
  Pathed-by: Marc Renault

- glob_next_url: make the loop count upwards
  
  As the former contruct apparently caused a compiler warning, mentioned
  in d8efde07e556c.

- tool_operate: we prefer 'CURLcode result'

- tool_urlglob: unify return codes to use CURLcode
  
  There was a mix of GlobCode, CURLcode and ints and they were mostly
  passing around CURLcode errors. This change makes the functions use only
  CURLcode and removes the GlobCode type completely.

- tool_urlglob.c: partly reverse dc19789444
  
  The loop in glob_next_url() needs to be done backwards to maintain the
  logic. dc19789444 caused test 1235 to fail.

- KNOWN_BUGS: the SFTP code doesn't support CURLINFO_FILETIME

- [Jay Satiro brought this change]

  opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS
  
  Change CURLOPT_TIMEOUT doc to warn that if CURLOPT_TIMEOUT and
  CURLOPT_TIMEOUT_MS are both set whichever one is set last is the one
  that will be used.
  
  Prior to this change that behavior was only noted in the
  CURLOPT_TIMEOUT_MS doc.

Nick Zitzmann (15 Dec 2014)
- darwinssl: fix incorrect usage of aprintf()
  
  Commit b13923f changed an snprintf() to use aprintf(), but the API usage
  wasn't correct, and was causing a crash to occur. This fixes it.

Steve Holme (14 Dec 2014)
- copyright: Updated the copyright year following recent updates

Daniel Stenberg (14 Dec 2014)
- tool_urlglob.c: reverse two loops
  
  By counting from 0 and up instead of backwards like before, we remove
  the need for the "funny" check of the unsigned variable when decreased
  passed zero. Easier to read and less risk for compiler warnings.

Marc Hoersken (14 Dec 2014)
- tool_urlglob.c: Added braces to clarify the conditions

- tool_urlglob.c: Silence warning C6293: Ill-defined for-loop
  
  The >= 0 is actually not required, since i underflows and
  the for-loop is stopped using the < condition, but this
  makes the VS2012 compiler and code analysis happy.

- tool_binmode.c: Explicitly ignore the return code of setmode
  
  Fixes code analysis warning C6031:
  return value ignored: <function> could return unexpected value

- lib: Fixed multiple code analysis warnings if SAL are available
  
  warning C28252: Inconsistent annotation for function:
  parameter has another annotation on this instance

Steve Holme (14 Dec 2014)
- smb.c: Fixed code analysis warning
  
  smb.c:320: warning C6297: Arithmetic overflow: 32-bit value is shifted,
             then cast to 64-bit value. Result may not be an expected
             value

Marc Hoersken (14 Dec 2014)
- tool_util.c: Use GetTickCount64 if it is available

Steve Holme (14 Dec 2014)
- smb: Use HAVE_PROCESS_H for process.h inclusion
  
  Rather than testing against _WIN32 use the preferred HAVE_PROCESS_H
  pre-processor define when including process.h.

Daniel Stenberg (14 Dec 2014)
- darwinssl: aprintf() to allocate the session key
  
  ... to avoid using a fixed memory size that risks being too large or too
  small.

Marc Hoersken (14 Dec 2014)
- curl_schannel: Improvements to memory re-allocation strategy
  
  - do not grow memory by doubling its size
  - do not leak previously allocated memory if reallocation fails
  - replace while-loop with a single check to make sure
    that the requested amount of data fits into the buffer
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1450
  Reported-by: Warren Menzer

Steve Holme (14 Dec 2014)
- asyn-ares: We prefer use of 'CURLcode result'

Marc Hoersken (14 Dec 2014)
- curl_schannel.c: Data may be available before connection shutdown

Steve Holme (14 Dec 2014)
- http2: Use 'CURLcode result' for curl result codes

- asyn-thread:  We prefer 'CURLcode result'

- smb: Fixed unnecessary initialisation of struct member variables
  
  There is no need to set the 'state' and 'result' member variables to
  SMB_REQUESTING (0) and CURLE_OK (0) after the allocation via calloc()
  as calloc() initialises the contents to zero.

- ntlm: Fixed return code for bad type-2 Target Info
  
  Use CURLE_BAD_CONTENT_ENCODING for bad type-2 Target Info security
  buffers just like we do for bad decodes.

- ntlm: Remove unnecessary casts in readshort_le()
  
  I don't think both of my fix ups from yesterday were needed to fix the
  compilation warning, so remove the one that I think is unnecessary and
  let the next Android autobuild prove/disprove it.

- curl_ntlm_msgs.c: Another attempt to fix compilation warning
  
  curl_ntlm_msgs.c:170: warning: conversion to 'short unsigned int' from
                        'int' may alter its value

Guenter Knauf (13 Dec 2014)
- synctime.c: added own user-agent string.

Steve Holme (13 Dec 2014)
- smb.c: Fixed line longer than 79 columns

- curl_ntlm_msgs.c: Fixed compilation warning from commit 783b5c3b11
  
  curl_ntlm_msgs.c:169: warning: conversion to 'short unsigned int' from
                        'int' may alter its value

Guenter Knauf (13 Dec 2014)
- mk-ca-bundle.pl: restored forced run again.

- synctime.c: removed another timeserver URL.
  
  worldtimeserver.com seems also no longer available.

- synctime.c: fixed timeserver URLs.
  
  For getting the date header its not necessary to access special
  pages or even CGI scripts - all pages including the main index
  reply with the date header, therefore shortened URLs to domain.
  Removed worldtime.com; added pool.ntp.org.

Steve Holme (13 Dec 2014)
- ftp.c: Fixed compilation warning when no verbose string support
  
  ftp.c:819: warning: unused parameter 'lineno'

- smb: Added state change functions to assist with debugging
  
  For debugging purposes, and as per other protocols within curl, added
  state change functions rather than changing the states directly.

- ntlm: Use short integer when decoding 16-bit values

- RELEASE-NOTES: Synced with 6291a16b20

- smtp.c: Fixed compilation warnings
  
  smtp.c:2357 warning: adding 'size_t' (aka 'unsigned long') to a string
              does not append to the string
  smtp.c:2375 warning: adding 'size_t' (aka 'unsigned long') to a string
              does not append to the string
  smtp.c:2386 warning: adding 'size_t' (aka 'unsigned long') to a string
              does not append to the string
  
  Used array index notation instead.

- smb: Disable SMB when 64-bit integers are not supported
  
  This fixes compilation issues with compilers that don't support 64-bit
  integers through long long or __int64.

- ntlm: Disable NTLM v2 when 64-bit integers are not supported
  
  This fixes compilation issues with compilers that don't support 64-bit
  integers through long long or __int64 which was introduced in commit
  07b66cbfa4.

- ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined
  
  Previously USE_NTLM2SESSION would only be defined automatically when
  USE_NTRESPONSES wasn't already defined. Separated the two definitions
  so that the user can manually set USE_NTRESPONSES themselves but
  USE_NTLM2SESSION is defined automatically if they don't define it.

- smtp.c: Fixed line longer than 79 columns

- config-win32.h: Don't enable Windows Crypt API if using OpenSSL
  
  As the OpenSSL and NSS Crypto engines are prefered by the core NTLM
  routines, to the Windows Crypt API, don't define USE_WIN32_CRYPT
  automatically when either OpenSSL or NSS are in use - doing so would
  disable NTLM2Session responses in NTLM type-3 messages.

- smtp: Fixed inappropriate free of the scratch buffer
  
  If the scratch buffer was allocated in a previous call to
  Curl_smtp_escape_eob(), a new buffer not allocated in the subsequent
  call and no action taken by that call, then an attempt would be made to
  try and free the buffer which, by now, would be part of the data->state
  structure.
  
  This bug was introduced in commit 4bd860a001.

- smtp: Fixed dot stuffing when EOL characters were at end of input buffers
  
  Fixed a problem with the CRLF. detection when multiple buffers were
  used to upload an email to libcurl and the line ending character(s)
  appeared at the end of each buffer. This meant any lines which started
  with . would not be escaped into .. and could be interpreted as the end
  of transmission string instead.
  
  This only affected libcurl based applications that used a read function
  and wasn't reproducible with the curl command-line tool.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1456
  Assisted-by: Patrick Monnerat

Daniel Stenberg (11 Dec 2014)
- telnet: fix "cast increases required alignment of target type"

- ntlm_wb_response: fix "statement not reached"
  
  ... and I could use a break instead of a goto to end the loop.
  
  Bug: http://curl.haxx.se/mail/lib-2014-12/0089.html
  Reported-by: Tor Arntsen

Steve Holme (10 Dec 2014)
- RELEASE-NOTES: Synced with 1cc5194337
  
  Added some bug fixes that I had missed in previous synchronisations.

Daniel Stenberg (10 Dec 2014)
- Curl_unix2addr: avoid using the variable name 'sun'
  
  I suspect this causes compile failures on Solaris:
  
  Bug: http://curl.haxx.se/mail/lib-2014-12/0081.html

Steve Holme (10 Dec 2014)
- url.c: Fixed compilation warning when USE_NTLM is not defined
  
  url.c:3078: warning: variable 'credentialsMatch' set but not used

- parsedate.c: Fixed compilation warning
  
  parsedate.c:548: warning: 'parsed' may be used uninitialized in this
                   function
  
  As curl_getdate() returns -1 when parsedate() fails we can initialise
  parsed to -1.

Daniel Stenberg (10 Dec 2014)
- TODO: Cache negative name resolves
  
  Worth exploring

- ldap: check Curl_client_write() return codes
  
  There might be one or two memory leaks left in the error paths.

- ldap: rename variables to comply to curl standards

Dan Fandrich (10 Dec 2014)
- sws.c: Fixed 'rc' may be used uninitialized warning

- cookies: Improved OOM handling in cookies
  
  This fixes the test 506 torture test. The internal cookie API really
  ought to be improved to separate cookie parsing errors (which may be
  ignored) with OOM errors (which should be fatal).

Guenter Knauf (9 Dec 2014)
- synctime.c: fixed user-agent setting.
  
  Some websites meanwhile refuse to reply to requests from ancient
  browsers like IE6, therefore I've comment out this setting, but
  also fixed the string to now fake IE8 if someone enables it.

Daniel Stenberg (9 Dec 2014)
- smb: fix unused return code warning

Patrick Monnerat (9 Dec 2014)
- Curl_client_write() & al.: chop long data, convert data only once.

Guenter Knauf (9 Dec 2014)
- VC build: added sspi define for winssl-zlib builds.

Daniel Stenberg (9 Dec 2014)
- schannel_recv: return the correct code
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1462
  Reported-by: Tae Hyoung Ahn

- http2: avoid logging neg "failure" if h2 was not requested

- openldap: do not ignore Curl_client_write() return codes

- compile: warn on unused return code from Curl_client_write()

Patrick Monnerat (8 Dec 2014)
- SMB: Fix a data size mismatch that broke SMB on big-endian platforms

Steve Holme (7 Dec 2014)
- smb: Fixed Windows autoconf builds following commit eb88d778e7
  
  As Windows based autoconf builds don't yet define USE_WIN32_CRYPTO
  either explicitly through --enable-win32-cypto or automatically on
  _WIN32 based platforms, subsequent builds broke with the following
  error message:
  
  "Can't compile NTLM support without a crypto library."

- RELEASE-NOTES: Synced with 526603ff05

- [Bill Nagel brought this change]

  smb: Build with SSPI enabled
  
  Build SMB/CIFS protocol support when SSPI is enabled.

- [Bill Nagel brought this change]

  ntlm: Use Windows Crypt API
  
  Allow the use of the Windows Crypt API for NTLMv1 functions.

Dan Fandrich (7 Dec 2014)
- cookie.c: Refactored cleanup code to simplify
  
  Also, fixed the outdated comments on the cookie API.

- get_url_file_name: Fixed crash on OOM on debug build
  
  This caused a null-pointer dereference which caused a few dozen
  torture tests to fail.

Steve Holme (6 Dec 2014)
- sws.c: Fixed compilation warning
  
  sws.c:2191 warning: 'rc' may be used uninitialized in this function

- ftp.c: Fixed compilation warnings when proxy support disabled
  
  ftp.c:1827 warning: unused parameter 'newhost'
  ftp.c:1827 warning: unused parameter 'newport'

- smb: Fixed a problem with large file transfers
  
  Fixed an issue with the message size calculation where the raw bytes
  from the buffer were interpreted as signed values rather than unsigned
  values.
  
  Reported-by: Gisle Vanem
  Assisted-by: Bill Nagel

- smb: Moved the URL decoding into a separate function

- smb: Fixed URL encoded URLs not working

- Makefile.inc: Added our standard header and updated file formatting

- Makefile.inc: Updated file formatting
  
  Aligned continuation character and used space as the separator
  character as per other makefile files.

- curl_md4.h: Updated copyright year following recent edit
  
  ...and minor layout adjustment.

Patrick Monnerat (5 Dec 2014)
- SMB: Fix big endian problems. Make it OS/400 aware.

- OS400: enable NTLM authentication

Steve Holme (5 Dec 2014)
- multi.c: Fixed compilation warning
  
  multi.c:2695: warning: declaration of `exp' shadows a global declaration

Guenter Knauf (5 Dec 2014)
- build: updated dependencies in makefiles.

Steve Holme (5 Dec 2014)
- sasl: Corrected formatting of function descriptions

- sasl_gssapi: Added missing function description

- RELEASE-NOTES: Provided better descriptions
  
  As it is often difficult to choose the best description for a single
  feature when it spans many commits, updated the descriptions for the
  recent SMB/CIFS protocol and GSS-API additions.

- sasl_sspi: Corrected some typos

- sasl_sspi: Don't use hard coded sizes in Kerberos V5 security data
  
  Don't use a hard coded size of 4 for the security layer and buffer size
  in Curl_sasl_create_gssapi_security_message(), instead, use sizeof() as
  we have done in the sasl_gssapi module.

- sasl_sspi: Free the Kerberos V5 challenge as soon as we're done with it
  
  Reduced the amount of free's required for the decoded challenge message
  in Curl_sasl_create_gssapi_security_message() as a result of coding it
  differently in the sasl_gssapi module.

- gssapi: Corrected typo in comments

- sasl_gssapi: Added body to Curl_sasl_create_gssapi_security_message()

Daniel Stenberg (4 Dec 2014)
- [Stefan Bühler brought this change]

  http_perhapsrewind: don't abort CONNECT requests
  
  ...they never have a body

- [Stefan Bühler brought this change]

  HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a request
  
  Sending NTLM/Negotiate header again after successful authentication
  breaks the connection with certain Proxies and request types (POST to MS
  Forefront).

- [Stefan Bühler brought this change]

  HTTP: don't abort connections with pending Negotiate authentication
  
  ... similarly to how NTLM works as Negotiate is in fact often NTLM with
  another name.

- [Stefan Bühler brought this change]

  fix gdb libtool invocation path

Steve Holme (4 Dec 2014)
- sasl_gssapi: Fixed missing include from commit d3cca934ee

Daniel Stenberg (4 Dec 2014)
- [Jay Satiro brought this change]

  examples: remove sony.com from 10-at-a-time
  
  Prior to this change the 10-at-a-time example showed CURLE_RECV_ERROR
  for the sony website because it ends the connection when the request is
  missing a user agent.

Steve Holme (4 Dec 2014)
- sasl_gssapi: Fixed missing decoding debug failure message

- sasl_gssapi: Fixed honouring of no mutual authentication

- sasl_sspi: Added more Kerberos V5 decoding debug failure messages

Daniel Stenberg (4 Dec 2014)
- [Anthon Pang brought this change]

  docs: Fix FAILONERROR typos
  
  It returns error for >= 400 HTTP responses.
  
  Bug: https://github.com/bagder/curl/pull/129

- [Peter Wu brought this change]

  tool: fix CURLOPT_UNIX_SOCKET_PATH in --libcurl output
  
  Mark CURLOPT_UNIX_SOCKET_PATH as string to ensure that it ends up as
  option in the file generated by --libcurl.
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- [Peter Wu brought this change]

  opts: fix CURLOPT_UNIX_SOCKET_PATH formatting
  
  Add .nf and .fi such that the code gets wrapped in a pre on the web.
  Fixed grammar, fixed formatting of the "See also" items.
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

Patrick Monnerat (4 Dec 2014)
- OS400: enable Unix sockets.

Daniel Stenberg (3 Dec 2014)
- RELEASE-NOTES: synced with b216427e73b5e9

- opts: added CURLOPT_UNIX_SOCKET_PATH to Makefile.am

- updateconninfo: clear destination struct before getsockname()
  
  Otherwise we may read uninitialized bytes later in the unix-domain
  sockets case.

- curl.1: added --unix-socket

- [Peter Wu brought this change]

  tool: add --unix-socket option
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- [Peter Wu brought this change]

  libcurl: add UNIX domain sockets support
  
  The ability to do HTTP requests over a UNIX domain socket has been
  requested before, in Apr 2008 [0][1] and Sep 2010 [2]. While a
  discussion happened, no patch seems to get through. I decided to give it
  a go since I need to test a nginx HTTP server which listens on a UNIX
  domain socket.
  
  One patch [3] seems to make it possible to use the
  CURLOPT_OPENSOCKETFUNCTION function to gain a UNIX domain socket.
  Another person wrote a Go program which can do HTTP over a UNIX socket
  for Docker[4] which uses a special URL scheme (though the name contains
  cURL, it has no relation to the cURL library).
  
  This patch considers support for UNIX domain sockets at the same level
  as HTTP proxies / IPv6, it acts as an intermediate socket provider and
  not as a separate protocol. Since this feature affects network
  operations, a new feature flag was added ("unix-sockets") with a
  corresponding CURL_VERSION_UNIX_SOCKETS macro.
  
  A new CURLOPT_UNIX_SOCKET_PATH option is added and documented. This
  option enables UNIX domain sockets support for all requests on the
  handle (replacing IP sockets and skipping proxies).
  
  A new configure option (--enable-unix-sockets) and CMake option
  (ENABLE_UNIX_SOCKETS) can disable this optional feature. Note that I
  deliberately did not mark this feature as advanced, this is a
  feature/component that should easily be available.
  
   [0]: http://curl.haxx.se/mail/lib-2008-04/0279.html
   [1]: http://daniel.haxx.se/blog/2008/04/14/http-over-unix-domain-sockets/
   [2]: http://sourceforge.net/p/curl/feature-requests/53/
   [3]: http://curl.haxx.se/mail/lib-2008-04/0361.html
   [4]: https://github.com/Soulou/curl-unix-socket
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- [Peter Wu brought this change]

  tests: add two HTTP over UNIX socket tests
  
  test1435: a simple test that checks whether a HTTP request can be
  performed over the UNIX socket. The hostname/port are interpreted
  by sws and should be ignored by cURL.
  
  test1436: test for the ability to do two requests to the same host,
  interleaved with one to a different hostname.
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- [Peter Wu brought this change]

  tests: add HTTP UNIX socket server testing support
  
  The variable `$ipvnum` can now contain "unix" besides the integers 4
  and 6 since the variable. Functions which receive this parameter
  have their `$port` parameter renamed to `$port_or_path` to support a
  path to the UNIX domain socket (as a "port" is only meaningful for TCP).
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- [Peter Wu brought this change]

  sws: try to remove socket and retry bind
  
  If sws is killed it might leave a stale socket file on the filesystem
  which would cause an EADDRINUSE error. After this patch, it is checked
  whether the socket is really stale and if so, the socket file gets
  removed and another bind is executed.
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- [Peter Wu brought this change]

  sws: add UNIX domain socket support
  
  This extends sws with a --unix-socket option which causes the port to
  be ignored (as the server now listens on the path specified by
  --unix-socket). This feature will be available in the following patch
  that enables checking for UNIX domain socket support.
  
  Proxy support (CONNECT) is not considered nor tested. It does not make
  sense anyway, first connecting through a TCP proxy, then let that TCP
  proxy connect to a UNIX socket.
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- [Peter Wu brought this change]

  sws: restrict TCP_NODELAY to IP sockets
  
  TCP_NODELAY does not make sense for Unix sockets, so enable it only if
  the socket is using IP.
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

Dan Fandrich (3 Dec 2014)
- [Dave Reisner brought this change]

  curl.1: fix trivial typo

Steve Holme (3 Dec 2014)
- sasl_gssapi: Added body to Curl_sasl_create_gssapi_user_message()

- sasl_gssapi: Added body to Curl_sasl_gssapi_cleanup()

- sasl_gssapi: Added Curl_sasl_build_gssapi_spn() function
  
  Added helper function for returning a GSS-API compatible SPN.

Daniel Stenberg (3 Dec 2014)
- NSS: enable the CAPATH option
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1457
  Patch-by: Tomasz Kojm

Steve Holme (3 Dec 2014)
- sasl_gssapi: Enable USE_KERBEROS5 for GSS-API based builds

- sasl_gssapi: Added GSS-API based Kerberos V5 variables

- sws.c: Fixed compilation warning when IPv6 is disabled
  
  sws.c:69: warning: comma at end of enumerator list

- sasl_gssapi: Made log_gss_error() a common GSS-API function
  
  Made log_gss_error() a common function so that it can be used in both
  the http_negotiate code as well as the curl_sasl_gssapi code.

- sasl_gssapi: Introduced GSS-API based SASL module
  
  Added the initial version of curl_sasl_gssapi.c and updated the project
  files in preparation for adding GSS-API based Kerberos V5 support.

- smb: Don't try to connect with empty credentials
  
  On some platforms curl would crash if no credentials were used. As such
  added detection of such a use case to prevent this from happening.
  
  Reported-by: Gisle Vanem

- smb.c: Coding policing of pointer usage

- configure: Fixed inclusion of SMB when no crypto engines available

Guenter Knauf (1 Dec 2014)
- build: in Makefile.m32 simplified autodetection.

Daniel Stenberg (30 Nov 2014)
- [Peter Wu brought this change]

  sws: move away from IPv4/IPv4-only assumption
  
  Instead of depending the socket domain type on use_ipv6, specify the
  domain type (AF_INET / AF_INET6) as variable. An enum is used here with
  switch to avoid compiler warnings in connect_to, complaining that rc
  is possibly undefined (which is not possible as socket_domain is
  always set).
  
  Besides abstracting the socket type, make the debugging messages be
  independent on IP (introduce location_str which points to "port XXXXX").
  Rename "ipv_inuse" to "socket_type" and tighten the scope (main).
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- [Peter Wu brought this change]

  lib/connect: restrict IP/TCP options to said sockets
  
  This patch prepares for adding UNIX domain sockets support.
  
  TCP_NODELAY and TCP_KEEPALIVE are specific to TCP/IP sockets, so do not
  apply these to other socket types. bindlocal only works for IP sockets
  (independent of TCP/UDP), so filter that out too for other types.
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- smb.c: use size_t as input argument types for msg sizes
  
  This fixes warnings about conversions to int

Steve Holme (30 Nov 2014)
- version: The next release will become 7.40.0

- [Bill Nagel brought this change]

  docs: Updated for the SMB protocol
  
  This patch updates the documentation for the SMB/CIFS protocol.

- curl tool: Exclude SMB from the protocol redirect
  
  As local files could be accessed through \\localhost\c$.

- [Bill Nagel brought this change]

  curl tool: Enable support for the SMB protocol
  
  This patch enables SMB/CIFS support in the curl command-line tool.

- smb.c: Fixed compilation warnings
  
  smb.c:398: warning: comparison of integers of different signs:
             'ssize_t' (aka 'long') and 'unsigned long'
  smb.c:443: warning: comparison of integers of different signs:
             'ssize_t' (aka 'long') and 'unsigned long'

- libcurl: Exclude SMB from the protocol redirect
  
  As local files could be accessed through \\localhost\c$.

- [Bill Nagel brought this change]

  libcurl: Enable support for the SMB protocol
  
  This patch enables SMB/CIFS support in libcurl.

- smb.c: Fixed compilation warnings
  
  smb.c:322: warning: conversion to 'short unsigned int' from 'unsigned
             int' may alter its value
  smb.c:323: warning: conversion to 'short unsigned int' from 'unsigned
             int' may alter its value
  smb.c:482: warning: conversion to 'short unsigned int' from 'int' may
             alter its value
  smb.c:521: warning: conversion to 'unsigned int' from 'curl_off_t' may
             alter its value
  smb.c:549: warning: conversion to 'unsigned int' from 'curl_off_t' may
             alter its value
  smb.c:550: warning: conversion to 'short unsigned int' from 'int' may
             alter its value

- smb.c: Renamed SMB command message variables to avoid compiler warnings
  
  smb.c:489: warning: declaration of 'close' shadows a global declaration
  smb.c:511: warning: declaration of 'read' shadows a global declaration
  smb.c:528: warning: declaration of 'write' shadows a global declaration

- smb.c: Fixed compilation warnings
  
  smb.c:212: warning: unused parameter 'done'
  smb.c:380: warning: ISO C does not allow extra ';' outside of a function
  smb.c:812: warning: unused parameter 'premature'
  smb.c:822: warning: unused parameter 'dead'

- smb.c: Fixed compilation warnings
  
  smb.c:311: warning: conversion from 'unsigned __int64' to 'u_short',
             possible loss of data
  smb.c:425: warning: conversion from '__int64' to 'unsigned short',
             possible loss of data
  smb.c:452: warning: conversion from '__int64' to 'unsigned short',
             possible loss of data

- smb.c: Fixed compilation warnings
  
  smb.c:162: error: comma at end of enumerator list
  smb.c:469: warning: conversion from 'size_t' to 'unsigned short',
             possible loss of data
  smb.c:517: warning: conversion from 'curl_off_t' to 'unsigned int',
             possible loss of data
  smb.c:545: warning: conversion from 'curl_off_t' to 'unsigned int',
             possible loss of data

- [Bill Nagel brought this change]

  smb: Added initial SMB functionality
  
  Initial implementation of the SMB/CIFS protocol.

- [Bill Nagel brought this change]

  smb: Added SMB handler interfaces
  
  Added the SMB and SMBS handler interface structures and associated
  functions required for SMB/CIFS operation.

- transfer: Code style policing
  
  Prefer ! rather than NULL in if statements, added comments and updated
  function spacing, argument spacing and line spacing to be more readble.

- transfer: Fixed existing scratch buffer being checked for NULL twice
  
  If the scratch buffer already existed when the CRLF conversion was
  performed then the buffer pointer would be checked twice for NULL. This
  second check is only necessary if the call to malloc() was performed by
  the first check.

- smtp: Fixed dot stuffing being performed when no new data read
  
  Whilst I had moved the dot stuffing code from being performed before
  CRLF conversion takes place to after it, in commit 4bd860a001, I had
  moved it outside the 'when something read' block of code when meant
  it could perform the dot stuffing twice on partial send if nread
  happened to contain the right values. It also meant the function could
  potentially read past the end of buffer. This was highlighted by the
  following warning:
  
  warning: `nread' might be used uninitialized in this function

Daniel Stenberg (29 Nov 2014)
- smb.h: fixed picky compiler warning
  
  smb.h:30:16: error: comma at end of enumerator list [-Werror=pedantic]

Steve Holme (29 Nov 2014)
- tests: Disable test 1013 until SMB is fully added

- [Bill Nagel brought this change]

  smb: Added SMB protocol and port definitions
  
  Added the necessary protocol and port definitions in order to support
  SMB/CIFS.

- [Bill Nagel brought this change]

  smb: Added internal SMB definitions and structures
  
  Added the internal definitions and structures necessary for SMB/CIFS
  support.

- [Bill Nagel brought this change]

  smb: Added SMB connection structure
  
  Added the connection structure that will be required in urldata.h for
  SMB/CIFS based connections.

- [Bill Nagel brought this change]

  smb: Added initial source files for SMB
  
  Added the initial source files and updated the relevant project files in
  order to support SMB/CIFS.

- [Bill Nagel brought this change]

  smb: Added configuration options for SMB
  
  Added --enable-smb and --disable-smb configuration options for the
  upcoming SMB/CIFS protocol support.

Daniel Stenberg (28 Nov 2014)
- [Peter Wu brought this change]

  runtests.pl: fix startup of IPv6 servers
  
  Commit curl-7_23_1-143-g8218064 changed the parameter of
  responsive_http_server to accept types other than IPv6 (converting
  from a boolean to a string), but only considered the lower-case "ipv6"
  and not the "IPv6" variant. This caused all servers to start in IPv4
  mode instead.
  
  This patch converts the remaining cases to "ipv6". While not strictly
  necessary for the run*server variants, these got also converted for
  consistency and to prevent future errors.
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- [Peter Wu brought this change]

  runtests.pl: fix warning message, remove duplicate value
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

Steve Holme (27 Nov 2014)
- http.c: Fixed compilation warnings from features being disabled
  
  warning: unused variable 'data'
  warning: variable 'addcookies' set but not used
  
  ...and some very minor coding style policing.

- RELEASE-NOTES: Synced with c5399c827d

- tests: Added SMTP with --crlf test case

- docs: Updated for commit 4bd860a001 and SMTP Unix line ending conversion

- smtp: Fixed const'ness of nread parameter in Curl_smtp_escape_eob()
  
  ...and some comment typos!

- smtp: Added support for the conversion of Unix newlines during mail send
  
  Added support for the automatic conversion of Unix newlines to CRLF
  during mail uploads.
  
  Feature: http://curl.haxx.se/bug/view.cgi?id=1456

- CURLOPT_CRLF.3: Fixed inclusion of SMTP in listed protocols

Daniel Stenberg (25 Nov 2014)
- curl*3: added small examples
  
  and some minor edits

- libcurl.3: fix formatting
  
  refer to functions with the man page section properly

- man pages: SEE ALSO curl_multi_wait

- curl_multi_wait.3: clarify numfds being used if not NULL

- multi-single.c: switch to use curl_multi_wait
  
  Makes the example much easier and straight-forward!

- testcurl: bump the version of this script!

- testcurl: skip reading the setup file if given enough cmdline info
  
  This makes it much easier to run multiple tests in the same directory,
  just altering the command lines used.

- select.c: fix compilation for VxWorks
  
  Reported-by: Brian
  Bug: http://curl.haxx.se/bug/view.cgi?id=1455

Patrick Monnerat (24 Nov 2014)
- [moparisthebest brought this change]

  SSL: Add PEM format support for public key pinning

Kamil Dudka (24 Nov 2014)
- Revert "repository: ignore patch files generated by git"
  
  This reverts commit 217024a687ce86eb6d2317822ed81c7e5abc4b61.
  
  Bug: https://github.com/bagder/curl/commit/217024a6#commitcomment-8693738

Steve Holme (23 Nov 2014)
- multi.c: Fixed compilation warnings when no verbose string support
  
  warning: variable 'connection_id' set but not used
  warning: unused parameter 'lineno'

- RELEASE-NOTES: Synced with 1450712e76

- sasl: Tidied up some parameter comments

- sasl: Reduced the need for two sets of NTLM functions

- ntlm: Moved NSS initialisation to base decode function

- http_ntlm: Fixed additional NSS initialisation call when decoding type-2
  
  After commit 48d19acb7c the HTTP code would call Curl_nss_force_init()
  twice when decoding a NTLM type-2 message, once directly and the other
  through the call to Curl_sasl_decode_ntlm_type2_message().

- ntlm: Fixed static'ness of local decode function

- ntlm: Corrected some parameter names and comments

- runtests.pl: Re-aligned feature support comments

- runtests.pl: Use Kerberos and SPNEGO as proxies for the crypto feature
  
  In addition to NTLM, use Kerberos and SPNEGO as proxies to the crypto
  feature.
  
  ...and converted tab characters, from commit 4b4e8a5853, to spaces.

- runtests.pl: Added support for SPNEGO

- runtests.pl: Added Kerberos detection

- runtests.pl: Added GSS-API detection

- FILEFORMAT: Added SSPI, GSS-API and Kerberos to the features list

- FILEFORMAT: Added test requires feature not present information
  
  Such as !SSPI as we do for the NTLM and Digest tests.

Daniel Stenberg (20 Nov 2014)
- http.c: log if it notices HTTP 1.1 after a upgrade to http2

- test1801: first real http2 test case

- sws: initial tiny steps toward http2 support

- FILEFORMAT: mention the new upgrade support

- test1800: first plain-text http2 test case
  
  Verifies the upgrade request, but gets a plain 1.1 response

- [Tatsuhiro Tsujikawa brought this change]

  http: Disable pipelining for HTTP/2 and upgraded connections
  
  This commit disables pipelining for HTTP/2 or upgraded connections.  For
  HTTP/2, we do not support multiplexing.  In general, requests cannot be
  pipelined in an upgraded connection, since it is now different protocol.

- [Brad Harder brought this change]

  CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option

Steve Holme (19 Nov 2014)
- multi-uv.c: Updated for curl coding standards

- conncache: Fixed specifiers in infof() for long and size_t variables

- [Peter Wu brought this change]

  cmake: add Kerberos to the supported features
  
  Updated following commit eda919f and a4b7f71.
  
  Acked-by: Brad King <brad.king@kitware.com>
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- [Peter Wu brought this change]

  cmake: fix NTLM detection when CURL_DISABLE_HTTP defined
  
  Updated following changes in commit f0d860d.
  
  Acked-by: Brad King <brad.king@kitware.com>
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

Daniel Stenberg (19 Nov 2014)
- RELEASE-NOTES: synced with cb13fad733e

- [Jay Satiro brought this change]

  examples: Wait recommended 100ms when no file descriptors are ready
  
  Prior to this change when no file descriptors were ready on platforms
  other than Windows the multi examples would sleep whatever was in
  timeout, which may or may not have been less than the minimum
  recommended value [1] of 100ms.
  
  [1]: http://curl.haxx.se/libcurl/c/curl_multi_fdset.html

- [Waldek Kozba brought this change]

  multi-uv.c: close the file handle after download

- [Jon Spencer brought this change]

  multi: inform about closed sockets before they are closed
  
  When the connection code decides to close a socket it informs the multi
  system via the Curl_multi_closed function. The multi system may, in
  turn, invoke the CURLMOPT_SOCKETFUNCTION function with
  CURL_POLL_REMOVE. This happens after the socket has already been
  closed. Reorder the code so that CURL_POLL_REMOVE is called before the
  socket is closed.

Guenter Knauf (19 Nov 2014)
- build: in Makefile.m32 moved target autodetection.
  
  Moved target autodetection block after defining CC macro.

- build: in Makefile.m32 simplify platform flags.

- build: in Makefile.m32 try to detect 64bit target.

Daniel Stenberg (19 Nov 2014)
- [Brad King brought this change]

  CMake: Simplify if() conditions on check result variables
  
  Remove use of an old hack that takes advantage of the auto-dereference
  behavior of the if() command to detect if a variable is defined.  The
  hack has the form:
  
   if("${VAR} MATCHES "^${VAR}$")
  
  where "${VAR}" is a macro argument reference.  Use if(DEFINED) instead.
  This also avoids warnings for CMake Policy CMP0054 in CMake 3.1.

- TODO-RELEASE: removed

- [Carlo Wood brought this change]

  debug: added new connection cache output, plus fixups
  
  Debug output 'typo' fix.
  
  Don't print an extra "0x" in
    * Pipe broke: handle 0x0x2546d88, url = /
  
  Add debug output.
  Print the number of connections in the connection cache when
    adding one, and not only when one is removed.
  
  Fix typos in comments.

- multi: move the ending condition into the loop as well
  
  ... as it was before I changed the loop in commit e04ccbd50. It caused
  test 2030 and 2032 to fail.

Steve Holme (18 Nov 2014)
- multi: Prefer we don't use CURLE_OK and NULL in comparisons

Daniel Stenberg (18 Nov 2014)
- multi_runsingle: use 'result' for local CURLcode storage
  
  ... and assign data->result only at the end. Makes the code more compact
  (easier to read) and more similar to other code.

- multi_runsingle: rename result to rc
  
  save 'result' for CURLcode types

- multi: make multi_runsingle loop internally
  
  simplifies the use of this function at little cost.

- [Carlo Wood brought this change]

  multi: when leaving for timeout, close accordingly
  
  Fixes the problem when a transfer in a pipeline times out.

Guenter Knauf (18 Nov 2014)
- build: in Makefile.m32 add -m32 flag for 32bit.

- mk-ca-bundle.vbs: update copyright year.

- build: in Makefile.m32 pass -F flag to windres.

Steve Holme (17 Nov 2014)
- config-win32: Fixed build targets for the VS2012+ Windows XP toolset
  
  Even though commit 23e70e1cc6 mentioned the v110_xp toolset, I had
  forgotten to include the relevant pre-processor definitions.

- sasl_sspi: Removed note about the NTLM functions being a wrapper

- connect.c: Fixed compilation warning when no verbose string support
  
  warning: unused parameter 'reason'

- easy.c: Fixed compilation warning when no verbose string support
  
  warning: unused parameter 'easy'

- win32: Updated some legacy APIs to use the newer extended versions
  
  Updated the usage of some legacy APIs, that are preventing curl from
  compiling for Windows Store and Windows Phone build targets.
  
  Suggested-by: Stefan Neis
  Feature: http://sourceforge.net/p/curl/feature-requests/82/

- config-win32: Introduce build targets for VS2012+
  
  Visual Studio 2012 introduced support for Windows Store apps as well as
  supporting Windows Phone 8. Introduced build targets that allow more
  modern APIs to be used as certain legacy ones are not available on these
  new platforms.

- sasl_sspi: Fixed compilation warnings when no verbose string support

- sasl_sspi: Added base64 decoding debug failure messages
  
  Just like in the NTLM code, added infof() failure messages for
  DIGEST-MD5 and GSSAPI authentication when base64 decoding fails.

- ntlm: Moved the SSPI based Type-3 message generation into the SASL module

- ntlm: Moved the SSPI based Type-2 message decoding into the SASL module

- ntlm: Moved the SSPI based Type-1 message generation into the SASL module

- [Michael Osipov brought this change]

  kerberos: Use symbol qualified with _KERBEROS5
  
  For consistency renamed USE_KRB5 to USE_KERBEROS5.

Daniel Stenberg (15 Nov 2014)
- [Jay Satiro brought this change]

  examples: Don't call select() to sleep on windows
  
  Windows does not support using select() for sleeping without a dummy
  socket. Instead use Windows' Sleep() and sleep for 100ms which is the
  minimum suggested value in the curl_multi_fdset() doc.
  
  Prior to this change the multi examples would exit prematurely since
  select() would error instead of sleeping when called without an fd.
  
  Reported-by: Johan Lantz
  Bug: http://curl.haxx.se/mail/lib-2014-11/0221.html

- [Tatsuhiro Tsujikawa brought this change]

  http2: Don't send Upgrade headers when we already do HTTP/2

Steve Holme (15 Nov 2014)
- sasl: Corrected Curl_sasl_build_spn() function description
  
  There was a mismatch in function parameter names.

- tool: Removed krb4 from the supported features
  
  Although libcurl would never return CURL_VERSION_KERBEROS4 after 7.33,
  so would not be output with --version, removed krb4 from the supported
  features output.

- [Michael Osipov brought this change]

  tool: Use Kerberos for supported features

- urldata: Don't define sec_complete when no GSS-API support present
  
  This variable is only used with HAVE_GSSAPI is defined by the FTP code
  so let's place the definition with the other GSS-API based variables.

- [Michael Osipov brought this change]

  docs: Use consistent naming for Kerberos

- TODO: Lets support QOP options in GSSAPI authentication

- sasl_sspi: Corrected a couple of comment typos

- sasl: Moved Curl_sasl_gssapi_cleanup() definition into header file
  
  Rather than define the function as extern in the source files that use
  it, moved the function declaration into the SASL header file just like
  the Digest and NTLM clean-up functions.
  
  Additionally, added a function description comment block.

- sasl_sspi: Added missing RFC reference for HTTP Digest authentication

- ntlm: Clean-up and standardisation of base64 decoding

- ntlm: We prefer 'CURLcode result'

Daniel Stenberg (13 Nov 2014)
- [Brad King brought this change]

  CMake: Restore order-dependent library checks
  
  Revert commit 2257deb502 (Cmake: Avoid cycle directory dependencies,
  2014-08-22) and add a comment explaining the purpose of the original
  code.
  
  The check_library_exists_concat macro is intended to be called multiple
  times on a sequence of possibly dependent libraries.  Later libraries
  may depend on earlier libraries when they are static.  They cannot be
  safely linked in reverse order on some platforms.
  
  Signed-off-by: Brad King <brad.king@kitware.com>

- [Brad King brought this change]

  CMake: Restore order-dependent header checks
  
  Revert commit 1269df2e3b (Cmake: Don't check for all headers each
  time, 2014-08-15) and add a comment explaining the purpose of the
  original code.
  
  The check_include_file_concat macro is intended to be called multiple
  times on a sequence of possibly dependent headers.  Later headers
  may depend on earlier headers to provide declarations.  They cannot
  be safely included independently on some platforms.
  
  For example, many POSIX APIs document including sys/types.h before some
  other headers.  Also on some OS X versions sys/socket.h must be included
  before net/if.h or the check for the latter will fail.
  
  Signed-off-by: Brad King <brad.king@kitware.com>

- [Peter Wu brought this change]

  test22: expand a backtick command
  
  This is the only user of the backtick operator in the command. As the
  commands will soon not be executed by a shell anymore (but by perl),
  replace the command with its output.
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- RELEASE-NOTES: synced with 2ee3c63b13

- http2: fix switched macro when http2 is not enabled

- [Tatsuhiro Tsujikawa brought this change]

  http2: Deal with HTTP/2 data inside response header buffer
  
  Previously if HTTP/2 traffic is appended to HTTP Upgrade response header
  (thus they are in the same buffer), the trailing HTTP/2 traffic is not
  processed and lost.  The appended data is most likely SETTINGS frame.
  If it is lost, nghttp2 library complains server does not obey the HTTP/2
  protocol and issues GOAWAY frame and curl eventually drops connection.
  This commit fixes this problem and now trailing data is processed.

Steve Holme (11 Nov 2014)
- configure: Fixed inclusion of krb5 when CURL_DISABLE_CRYPTO_AUTH is defined
  
  Commit fe0f8967bf fixed a problem with krb5 not being defined as a
  supported feature when HAVE_GSSAPI is defined, however, it should
  only be included if CURL_DISABLE_CRYPTO_AUTH is not set, like when
  SPNEGO is listed as a feature.

Daniel Stenberg (10 Nov 2014)
- multi: removed Curl_multi_set_easy_connection
  
  It isn't used anywhere!
  
  Reported-by: Carlo Wood

- [Peter Wu brought this change]

  symbol-scan.pl: do not require autotools
  
  Makes test1119 pass when building with cmake.
  
  configurehelp.pm is generated by configure (autotools). As cmake does
  not provide a separate variable for the C preprocessor, default to cpp.
  Before commit ef24ecde68a5f577a7f0f423a767620f09a0ab16 ("symbol-scan:
  use configure script knowledge about how to run the C preprocessor"),
  this tool would also use 'cpp'.
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- [Peter Wu brought this change]

  cmake: add ENABLE_THREADED_RESOLVER, rename ARES
  
  Fix detection of the AsynchDNS feature which not just depends on
  pthreads support, but also on whether USE_POSIX_THREADS is set or not.
  Caught by test 1014.
  
  This patch adds a new ENABLE_THREADED_RESOLVER option (corresponding to
  --enable-threaded-resolver of autotools) which also needs a check for
  HAVE_PTHREAD_H.
  
  For symmetry with autotools, CURL_USE_ARES is renamed to ENABLE_ARES
  (--enable-ares). Checks that test for the availability actually use
  USE_ARES instead as that is the result of whether a-res is available or
  not (in practice this does not matter as CARES is marked as required
  package, but nevertheless it is better to write the intent).
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- [Peter Wu brought this change]

  cmake: build libhostname for test suite
  
  Used by some test cases via LD_PRELOAD in order to fake the host name.
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- [Peter Wu brought this change]

  cmake: fix HAVE_GETHOSTNAME definition
  
  Otherwise Curl_gethostname always fails. Windows has gethostname
  since Vista according to
  http://msdn.microsoft.com/en-us/library/ms738527%28VS.85%29.aspx, but
  accordings to byte_bucket's VC 2005 documentation, it is available even
  in Windows 95. (possibly after installing a Platform SDK, the
  Windows Server 2003 SP1 Platform SDK should be sufficient).
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- [Peter Wu brought this change]

  tests: fix libhostname visibility
  
  I noticed that a patched cmake build would pass tests with a fake local
  hostname, but the autotools build skips them:
  
      got unexpected host name back, LD_PRELOAD failed
  
  It turns out that -fvisibility=hidden hides the symbol, and since the
  tests are not part of libcurl, it fails too. Just remove the LIBCURL
  guard.
  
  Broken since cURL 7.30 (commit 83a42ee20ea7fc25abb61c0b7ef56ebe712d7093,
  "curl.h: stricter CURL_EXTERN linkage decorations logic").
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- [Peter Wu brought this change]

  tests: fix memleak in server/resolve.c
  
  This makes LeakSanitizer happy.
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- configure: assume krb5 when gss-api works
  
  To please test 1014 while we work out if this is truly the a correct
  assumption.

Steve Holme (9 Nov 2014)
- vtls.h: Fixed compiler warning when compiled without SSL
  
  vtls.c:185:46: warning: unused parameter 'data'

- RELEASE-NOTES: Synced with 2fbf23875f

- ntlm: Added separate SSPI based functions
  
  In preparation for moving the NTLM message code into the SASL module,
  and separating the native code from the SSPI code, added functions that
  simply call the functions in curl_ntlm_msg.c.

- http_ntlm: Use the SASL functions instead
  
  In preparation for moving the NTLM message code into the SASL module
  use the SASL functions in the HTTP code instead.

Daniel Stenberg (9 Nov 2014)
- libssh2: detect features based on version, not configure checks
  
  ... so that non-configure builds get the correct functions too based on
  the libssh2 version used.

- [Nobuhiro Ban brought this change]

  SSH: use the port number as well for known_known checks
  
  ... if the libssh2 version is new enough.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1448

Steve Holme (9 Nov 2014)
- INSTALL: Updated pre-processor references to the old VC6 project files
  
  Reworked the two sections that discuss modifying the Visual Studio pre-
  processor settings, and vc6libcurl.dsw/vc6libcurl.dsp, to remove the
  project files references as they have been superseded by a more thorough
  set of project files for VC6 through VC12, but to also give the correct
  reference to this setting in later versions of Visual Studio.

- INSTALL: Added email protocols to the "Disabling in Win32 builds" section

- configure: Fixed NTLM missing from features when CURL_DISABLE_HTTP defined

- build: Fixed no NTLM support for email when CURL_DISABLE_HTTP is defined
  
  USE_NTLM would only be defined if: HTTP support was enabled, NTLM and
  cryptography weren't disabled, and either a supporting cryptography
  library or Windows SSPI was being compiled against.
  
  This means it was not possible to build libcurl without HTTP support
  and use NTLM for other protocols such as IMAP, POP3 and SMTP. Rather
  than introduce a new SASL pre-processor definition, removed the HTTP
  prerequisite just like USE_SPNEGO and USE_KRB5.
  
  Note: Winbind support still needs to be dependent on CURL_DISABLE_HTTP
  as it is only available to HTTP at present.
  
  This bug dates back to August 2011 when I started to add support for
  NTLM to SMTP.

- ntlm: Removed an unnecessary free of native Target Info
  
  Due to commit 40ee1ba0dc the free in Curl_ntlm_decode_type2_target() is
  longer required.

- ntlm: Moved the native Target Info clean-up from HTTP specific function

- ntlm: Moved SSPI clean-up code into SASL module

- Makefile.dist: Added support for WinIDN

- Makefile.vc6: Added support for WinIDN

- Makefile.dist: Added some missing SSPI configurations

- Makefile.dist: Separated the groups of SSL configurations from each other

- Makefile.dist: Grouped the x64 configurations next to their x86 counterparts

- curl.h: Tidy up of CURL_VERSION_* flags
  
  As the list has gotten a little messy and hard to read, especially with
  the introduction of deprecated items, aligned the values and comments
  into clean columns and reworked some of the comments in the process.

- curl_tool: Added krb5 to the supported features

- configure: Added krb5 to the supported features

- version info: Added Kerberos V5 to the supported features

Guenter Knauf (7 Nov 2014)
- mk-ca-bundle.vbs: switch to new certdata.txt url.

Steve Holme (7 Nov 2014)
- RELEASE-NOTES: Synced with dcad09e125

- http_digest: Fixed some memory leaks introduced in commit 6f8d8131b1
  
  Fixed a couple of memory leaks as a result of moving code that used to
  populate allocuserpwd and relied on it's clean up.

- docs: Updated following the addition of SSPI based HTTP digest auth

- sasl_sspi: Tidy up of the existing digest code
  
  Following the addition of SSPI support for HTTP digest, synchronised
  elements of the email digest code with that of the new HTTP code.

- http_digest: Post SSPI support tidy up
  
  Post tidy up to ensure commonality of code style and variable names.

Dan Fandrich (6 Nov 2014)
- test552: Don't run HTTP digest tests for SSPI based builds
  
  Technical difficulties prevented this from going into the
  previous commit.

Steve Holme (6 Nov 2014)
- tests: Don't run HTTP digest tests for SSPI based builds
  
  Added !SSPI to the features list of the HTTP digest tests, as SSPI
  based builds now use the Windows SSPI messaging API rather than the
  internal functions, and we can't control the random numbers that get
  used as part of the digest.

Daniel Stenberg (6 Nov 2014)
- curl.1: show zone index use in a URL

Steve Holme (6 Nov 2014)
- http_digest: Fixed auth retry loop when SSPI based authentication fails

- http_digest: Reworked the SSPI based input token storage
  
  Reworked the input token (challenge message) storage as what is passed
  to the buf and desc in the response generation are typically blobs of
  data rather than strings, so this is more in keeping with other areas
  of the SSPI code, such as the NTLM message functions.

- sasl_sspi: Fixed compilation warning from commit 2d2a62e3d9
  
  Added void reference to unused 'data' parameter back to fix compilation
  warning.

- sspi: Align definition values to even columns as we use 2 char spacing

- sspi: Fixed missing definition of ISC_REQ_USE_HTTP_STYLE
  
  Some versions of Microsoft's sspi.h don't define this.

- sasl: Removed non-SSPI Digest functions and defines from SSPI based builds
  
  Introduced in commit 7e6d51a73c these functions and definitions are only
  required by the internal challenge-response functions now.

- sasl_sspi: Added HTTP digest response generation code

- http_digest: Added SSPI based challenge decoding code

- http_digest: Added SSPI based clean-up code

- http_digest: Added SSPI based authentication functions
  
  This temporarily breaks HTTP digest authentication in SSPI based builds,
  causing CURLE_NOT_BUILT_IN to be returned. A follow up commit will
  resume normal operation.

- http_digest: Added required SSPI based variables to digest structure

Daniel Stenberg (6 Nov 2014)
- [Frank Gevaerts brought this change]

  contributors.sh: --releasenotes reads in names from RELEASE-NOTES
  
  This is very handy when updating the RELEASE-NOTES as then we sometimes
  have names added manually in the existing list and we use this script to
  update the set.

- RELEASE-NOTES: synced with 68542e72a9

- curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY
  
  Reported-by: Christian Hägele
  Bug: http://curl.haxx.se/mail/lib-2014-11/0078.html

Steve Holme (5 Nov 2014)
- build: Fixed Visual Studio project file generation of strdup.[c|h]
  
  As the curl command-line tool now includes it's own version of strdup(),
  for platforms that don't have it, fixed up the git respository Visual
  Studio project file generator to not include the version from lib in the
  tool project files, rather than having both lib\strdup.[c|h] and
  src\tool_strdup.[c|h] present.

Daniel Stenberg (5 Nov 2014)
- tool_strdup.c: include the tool strdup.h
  
  ... not the lib/ one that the tool no longer uses!

- THANKS-filter: added another Michał Górny version we've used

- contributors.sh: split lists using " and "
  
  ... and require the space after the filtering to make the filter able to
  remove names.

Steve Holme (5 Nov 2014)
- http_digest: Fixed memory leaks from commit 6f8d8131b1

- sasl: Fixed compilation warning from commit 25264131e2
  
  Added forward declaration of digestdata to overcome the following
  compilation warning:
  
  warning: 'struct digestdata' declared inside parameter list
  
  Additionally made the ntlmdata forward declaration dependent on
  USE_NTLM similar to how digestdata and kerberosdata are.

- sasl: Fixed HTTP digest challenges with spaces between auth parameters
  
  Broken as part of the rework, in commit 7e6d51a73c, to assist with the
  addition of HTTP digest via Windows SSPI.

- http_digest: Fixed compilation errors from commit 6f8d8131b1
  
  error: invalid operands to binary
  warning: pointer targets in assignment differ in signedness

- http_digest: Moved response generation into SASL module

- http_digest: Moved challenge decoding into SASL module

- http_digest: Moved clean-up function into SASL module

- http_digest: Moved algorithm definitions to SASL module

- [Gisle Vanem brought this change]

  ssh: Fixed build on platforms where R_OK is not defined
  
  Bug: http://curl.haxx.se/mail/lib-2014-11/0035.html
  Reported-by: Jan Ehrhardt

- strdup: Removed irrelevant comment
  
  ...as Curl_memdup() duplicates an area of fix size memory, that may be
  binary, and not a null terminated string.

- url.c: Fixed compilation warning
  
  conversion from 'curl_off_t' to 'size_t', possible loss of data

- http_digest: Use CURLcode instead of CURLdigest
  
  To provide consistent behaviour between the various HTTP authentication
  functions use CURLcode based error codes for Curl_input_digest()
  especially as the calling code doesn't use the specific error code just
  that it failed.

Daniel Stenberg (5 Nov 2014)
- contributors.sh: filter common alternative name spellings
  
  docs/THANKS-filter is a new filter file for converting contributor names
  we get or have recorded in alternative formats to the one we already use
  in THANKS. To help us show individual contributors using a single
  presentation of their names.

- THANKS: added missing contributor from 2012

- [Frank Gevaerts brought this change]

  Remove duplicate names.
  
  The removed names also appear as:
  Andrés García, François Charlier, Gökhan Şengün, Michał Górny, Sébastien
  Willemijns, Christopher Conroy, John E. Malmberg, Luca Altea, Peter Su,
  S. Moonesamy, Samuel Listopad, Yasuharu Yamada, Karl Moerder

Steve Holme (5 Nov 2014)
- sspi: Define authentication package name constants
  
  These were previously hard coded, and whilst defined in security.h,
  they may or may not be present in old header files given that these
  defines were never used in the original code.
  
  Not only that, but there appears to be some ambiguity between the ANSI
  and UNICODE NTLM definition name in security.h.

Patrick Monnerat (5 Nov 2014)
- Adjust OS400-specific support to last release

Daniel Stenberg (5 Nov 2014)
- THANKS: added two missing names and removed a duplicate
  
  ./contributors.sh found these extra ones that somehow had fallen
  through the cracks and never gotten added here.
  
  Reported-by: Frank Gevaerts

- bump: towards next release

- THANKS: added names from 7.39.0 release notes

Version 7.39.0 (5 Nov 2014)

Daniel Stenberg (5 Nov 2014)
- RELEASE-NOTES: 7.39.0 release (commit b3875606925)

- curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds
  
  When duplicating a handle, the data to post was duplicated using
  strdup() when it could be binary and contain zeroes and it was not even
  zero terminated! This caused read out of bounds crashes/segfaults.
  
  Since the lib/strdup.c file no longer is easily shared with the curl
  tool with this change, it now uses its own version instead.
  
  Bug: http://curl.haxx.se/docs/adv_20141105.html
  CVE: CVE-2014-3707
  Reported-By: Symeon Paraschoudis

- lib544.c: use duphandle for test 545
  
  To verify that curl_easy_duphandle() works fine on a handle that has
  gotten data stored with *_COPYPOSTFIELDS.

- tests: add new feature 'SSLpinning'
  
  ... and make test 2034 and 2035 require it, and have it set when built
  with OpenSSL or GnuTLS.

- buildconf: update copyright year

Steve Holme (4 Nov 2014)
- INSTALL: Consistent spacing in section headings, paragraphs and examples

Daniel Stenberg (4 Nov 2014)
- buildconf: stop checking for libtool
  
  As we only use libtoolize, only check for that!

Steve Holme (4 Nov 2014)
- INSTALL: Corrected MIT Kerberos and Heimdal package names

- README: Corrected inconsistent use of --help

- INSTALL: Use GSS-API rather than GSSAPI
  
  As implementations are refereed to GSS-API libraries as per the RFC and
  GSSAPI typically refers to the SASL authentication mechanism.
  
  ...and minor rewording on the same paragraph.

- README: Added note about using Visual Studio projects out of git repository

Daniel Stenberg (4 Nov 2014)
- [K. R. Walker brought this change]

  cmake: fix ZLIB_INCLUDE_DIRS use
  
  CMake 2.8's FindZLIB.cmake documents ZLIB_INCLUDE_DIRS, see
  http://www.cmake.org/cmake/help/v2.8.0/cmake.html#module:FindZLIB
  
  Bug: https://github.com/bagder/curl/pull/123

- [Jay Satiro brought this change]

  SSL: PolarSSL default min SSL version TLS 1.0
  
  - Prior to this change no SSL minimum version was set by default at
  runtime for PolarSSL. Therefore in most cases PolarSSL would probably
  have defaulted to a minimum version of SSLv3 which is no longer secure.

- opts-Makefile: put more man pages into dist and make hmtl+pdf

- curl_multi_setopt.3: refer to stand-alone pages
  
  ... instead of duplicating info.

- opts: more multi options as stand-alone man pages

- Makefile.am: two cmake files are gone
  
  8cb010144 removed the CurlCheckCSourceCompiles.cmake and
  CurlCheckCSourceRuns.cmake files

- opts: made stand-alone man-pages for several multi options

- [Carlo Wood brought this change]

  Curl_single_getsock: fix hold/pause sock handling
  
  The previous condition that checked if the socket was marked as readable
  when also adding a writable one, was incorrect and didn't take the pause
  bits properly into account.

- [Peter Wu brought this change]

  cmake: fix struct sockaddr_storage check
  
  CHECK_TYPE_SIZE_PREINCLUDE is an internal, undocumented variable which
  was removed in cmake 2.8.1. According to the MSDN docs[1], inclusion
  of winsock2.h is sufficient. WIN32_LEAN_AND_MEAN does not really seem
  to affect the tests, so remove it too[2].
  
  For the non-windows case, remove inet headers as POSIX only requires
  sys/socket.h.
  
   [1]: http://msdn.microsoft.com/en-us/library/windows/desktop/ms740504%28v=vs.85%29.aspx
   [2]: http://stackoverflow.com/questions/11040133/what-does-defining-win32-lean-and-mean-exclude-exactly
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- [Peter Wu brought this change]

  cmake: clean OtherTests, fixing -Werror
  
  There were several -Wunused warnings and one duplicate macro definition.
  The EXTRA_DEFINES variable of the CurlCheckCSources macro was being
  abused ("__unused1\n#undef inline\n#define __unused2", seriously?) to
  insert extra C code. Avoid this broken abstraction and use cmake's
  check_c_source_compiles directly (works fine with CMake 2.8, maybe
  even cmake 2.6).
  
  After cleaning up all related variables (EXTRA_DEFINES,
  HEADER_INCLUDES, auxiliary headers_hack), also remove a duplicate
  add_headers_include macro and remove duplicate header additions before
  the struct timeval check.
  
  Oh, and now the code is converted to use CheckCSourceRuns and
  CheckCSourceCompiles, the two curl-specific helpers can be removed.
  Unfortunately, the cmake output is now slightly more verbose. Before:
  
      Performing Test int send(int, const void *, size_t, int) (curl_cv_func_send_test)
      Performing Test int send(int, const void *, size_t, int) (curl_cv_func_send_test) - Failed
  
  Since check_c_source_compiles prints the varname, now you see:
  
      Performing Test curl_cv_func_send_test
      Performing Test curl_cv_func_send_test - Failed
      Tested: int send(int, const void *, size_t, int)
  
  Compared cmake output with each other using vimdiff, no functional
  differences were found. Tested with GCC 4.9.1 and Clang 3.5.0.
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- [Peter Wu brought this change]

  cmake: fix gethostby{addr,name}_r in CurlTests
  
  This patch cleans up the automatically-generated (?) code and fixes one
  case that will always fail due to syntax error.
  
  HAVE_GETHOSTBYADDR_R_5_REENTRANT always failed because of a trailing
  character ("int length;q"). Several parameter type and unused variable
  warnings popped up. This causes a detection failure with -Werror.
  
  Observe that the REENTRANT cases are exactly the same as their
  non-REENTRANT cases except for a `_REENTRANT` macro definition.
  Merge all these pieces and build one big main function with different
  cases, but reusing variables where logical.
  
  For the cases where the parameters where NULL, I looked at
  lib/hostip4.c to get an idea of the parameters types.
  
  void-cast variables such as 'rc' to avoid -Wuninitialized errors.
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- [Peter Wu brought this change]

  cmake: drop _BSD_SOURCE macro usage
  
  autotools does not use features.h nor _BSD_SOURCE. As this macro
  triggers warnings since glibc 2.20, remove it. It should not have
  functional differences.
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

Steve Holme (2 Nov 2014)
- RELEASE-NOTES: Synced with d71ea7c01e
  
  Additionally, updated "GSSAPI" to "GSS-API" for a Cmake related change
  as GSSAPI can be confused with the authentication mechanism rather than
  a GSS-API implementation library such as MIT or Heimdal.

- build: Added WinIDN build configuration options
  
  Added support for WinIDN build configurations to the VC6 project files.

- build: Added WinIDN build configuration options
  
  Added support for WinIDN build configurations to the VC7 and VC7.1
  project files.

- build: Fixed the pre-processor separator in Visual Studio project files
  
  A left over from the VC6 project files, so mainly cosmetic in Visual
  Studio .NET as it can handle both comma and semi-colon characters for
  separating multiple pre-processor definitions.
  
  However, the IDE uses semi-colons if the value is edited, and as such,
  this may cause problems in future for anyone updating the files or
  merging patches.
  
  Used the Visual Studio IDE to correct the separator character.

- build: Added optional specific version generation of VC project files
  
  ..when working from the git repository. This is particularly useful
  for single development environments where the project files for all
  supported versions of Visual Studio may not be required.

- [Jay Satiro brought this change]

  build-openssl.bat: Fix x64 release build
  
  Prior to this change if x64 release was specified a failed attempt was
  made to build x86 release instead.

- CURLOPT_XOAUTH2_BEARER.3: Corrected the OAuth version number

- CURLOPT_SASL_IR.3: Added supported mechanism information
  
  ...and removed duplication of what protocols are supported from the
  description text.

- opts: Use common wording for MAIL related names

- opts: Use common wording for TLS user/password option names
  
  ...and revised the proxy wording a little as well.

- CURLOPT_MAXCONNECTS.3: Reworked the description to be less confusing
  
  ...and corrected a related typo in curl_easy_setopt.3.

Guenter Knauf (2 Nov 2014)
- RELEASE-NOTES: removed obsolete entry; fixed entry.

Steve Holme (2 Nov 2014)
- RELEASE-NOTES: Synced with e7da67f5d3

- docs: Added mention of Kerberos for CURL_VERSION_SSPI
  
  As this has been present for SOCKSv5 proxy since v7.19.4 and for IMAP,
  POP3 and SMTP authentication since v7.38.0.

- CURL_VERSION_KERBEROS4: Mark as deprecated
  
  Support for Kerberos V4 was removed in v7.33.0.

- sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used
  
  Typically the USE_WINDOWS_SSPI definition would not be used when the
  CURL_DISABLE_CRYPTO_AUTH define is, however, it is still a valid build
  configuration and, as such, the SASL Kerberos V5 (GSSAPI) authentication
  data structures and functions would incorrectly be used when they
  shouldn't be.
  
  Introduced a new USE_KRB5 definition that takes into account the use of
  CURL_DISABLE_CRYPTO_AUTH like USE_SPNEGO and USE_NTLM do.

- openssl: Use 'CURLcode result'
  
  More CURLcode fixes.

Daniel Stenberg (1 Nov 2014)
- resume: consider a resume from [content-length] to be OK
  
  Basically since servers often then don't respond well to this and
  instead send the full contents and then libcurl would instead error out
  with the assumption that the server doesn't support resume. As the data
  is then already transfered, this is now considered fine.
  
  Test case 1434 added to verify this. Test case 1042 slightly modified.
  
  Reported-by: hugo
  Bug: http://curl.haxx.se/bug/view.cgi?id=1443

Steve Holme (1 Nov 2014)
- openssl: Use 'CURLcode result'
  
  More standardisation of CURLcode usage and coding style.

- openssl: Use 'CURLcode result'
  
  ...and some minor code style changes.

- ftplistparser: We prefer 'CURLcode result'

- opts: Use common wording for user/password option names

- CURLOPT_CONNECT_ONLY.3: Removed "This option is implemented for..." text
  
  As this is covered by the PROTOCOLS section and saves having to update
  two parts of the document with the same information in future.

- CURLOPT_GSSAPI_DELEGATION.3: Use GSS-API rather than GSSAPI
  
  As implementations are refereed to GSS-API libraries as per the RFC and
  GSSAPI typically refers to an authentication mechanism.

- CURLOPT_CONNECT_ONLY.3: Fixed incomplete protocol list
  
  Added missing IMAP to the protocol list.

- code cleanup: Use 'CURLcode result'

- curl_easy_setopt.3: Fixed lots of typos

- curl_easy_setopt.3: Moved CURLOPT_DIRLISTONLY into PROTOCOL OPTIONS
  
  ...as this option affects more that just FTP.

Guenter Knauf (30 Oct 2014)
- build: added Watcom support to build with WinSSL.

Daniel Stenberg (30 Oct 2014)
- CURLOPT_PINNEDPUBLICKEY.3: added details

Steve Holme (30 Oct 2014)
- CURLOPT_CUSTOMREQUEST.3: Fixed incomplete protocol list
  
  Whilst the description included information about SMTP, the protocol
  list only showed "TTP, FTP, IMAP, POP3".

- CURLOPT_DIRLISTONLY.3: Added information about the usage in POP3

Daniel Stenberg (29 Oct 2014)
- openssl: enable NPN separately from ALPN
  
  ... and allow building with nghttp2 but completely without NPN and ALPN,
  as nghttp2 can still be used for plain-text HTTP.
  
  Reported-by: Lucas Pardue

- configure.ac: remove checks for OpenSSL NPN/ALPN funcs again
  
  ... since the conditional in the code are now based on OpenSSL versions
  instead to better support non-configure builds.

- opts: added some "SEE ALSO" references

Steve Holme (29 Oct 2014)
- RELEASE-NOTES: Synced with 32913182dc

- vtls.c: Fixed compilation warning
  
  conversion from 'size_t' to 'unsigned int', possible loss of data

- sspi: Return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failure
  
  Return a more appropriate error, rather than CURLE_OUT_OF_MEMORY when
  acquiring the credentials handle fails. This is then consistent with
  the code prior to commit f7e24683c4 when log-in credentials were empty.

- sasl_sspi: Allow DIGEST-MD5 to use current windows credentials
  
  Fixed the ability to use the current log-in credentials with DIGEST-MD5.
  I had previously disabled this functionality in commit 607883f13c as I
  couldn't get this to work under Windows 8, however, from testing HTTP
  Digest authentication through Windows SSPI and then further testing of
  this code I have found it works in Windows 7.
  
  Some further investigation is required to see what the differences are
  between Windows 7 and 8, but for now enable this functionality as the
  code will return an error when AcquireCredentialsHandle() fails.

Kamil Dudka (29 Oct 2014)
- transfer: drop the code handling the ssl_connect_retry flag
  
  Its last use has been removed by the previous commit.

- nss: drop the code for libcurl-level downgrade to SSLv3
  
  This code was already deactivated by commit
  ec783dc142129d3860e542b443caaa78a6172d56.

- openssl: fix a line length warning

Guenter Knauf (29 Oct 2014)
- Added NetWare support to build with nghttp2.

- Fixed error message since we require ALPN support.

- Check for ALPN via OpenSSL version number.
  
  This check works also with to non-configure platforms.

Steve Holme (28 Oct 2014)
- sasl_sspi: Fixed typo in comment

- code cleanup: We prefer 'CURLcode result'

Daniel Stenberg (28 Oct 2014)
- TODO: consider supporting STAT

- mk-ca-bundle: spell fix "version"

- HTTP: return larger than 3 digit response codes too
  
  HTTP 1.1 is clearly specified to only allow three digit response codes,
  and libcurl used sscanf("%3d") for that purpose. This made libcurl
  support smaller numbers but not larger. It does now, but we will not
  make any specific promises nor document this further since it is going
  outside of what HTTP is.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1441
  Reported-by: Balaji

- src/: remove version.h.dist from gitignore
  
  It has not been used since commit f7bfdbab in 2011

Steve Holme (26 Oct 2014)
- ntlm: We prefer 'CURLcode result'
  
  Continuing commit 0eb3d15ccb more return code variable name changes.

Guenter Knauf (26 Oct 2014)
- Cosmetics: lowercase non-special subroutine names.

Steve Holme (26 Oct 2014)
- RELEASE-NOTES: Synced with 07ac29a058

- http_negotiate: We prefer 'CURLcode result'
  
  Continuing commit 0eb3d15ccb more return code variable name changes.

- http_negotiate: Fixed missing check for USE_SPNEGO

- sspi: Synchronization of cleanup code between auth mechanisms

- sspi: Renamed max token length variables
  
  Code cleanup to try and synchronise code between the different SSPI
  based authentication mechanisms.

- sspi: Renamed expiry time stamp variables
  
  Code cleanup to try and synchronise code between the different SSPI
  based authentication mechanisms.

- sspi: Only call CompleteAuthToken() when complete is needed
  
  Don't call CompleteAuthToken() after InitializeSecurityContext() has
  returned SEC_I_CONTINUE_NEEDED as this return code only indicates the
  function should be called again after receiving a response back from
  the server.
  
  This only affected the Digest and NTLM authentication code.

Dan Fandrich (26 Oct 2014)
- Added the "flaky" keyword to a number of tests
  
  Each shows evidence of flakiness on at least one platform on
  the autobuilds. Users can use this keyword to skip these tests
  if desired.

Steve Holme (26 Oct 2014)
- ntlm: Return all errors from Curl_ntlm_core_mk_nt_hash()
  
  For consistency with other areas of the NTLM code propagate all errors
  from Curl_ntlm_core_mk_nt_hash() up the call stack rather than just
  CURLE_OUT_OF_MEMORY.

- ntlm: Return CURLcode from Curl_ntlm_core_mk_lm_hash()

- ntlm: Use 'CURLcode result'
  
  Continuing commit 0eb3d15ccb more return code variable name changes.

- ntlm: Only define ntlm data structure when USE_NTLM is defined

- ntlm: Changed handles to be dynamic like other SSPI handles
  
  Code cleanup to try and synchronise code between the different SSPI
  based authentication mechanisms.

- ntlm: Renamed handle variables to match other SSPI structures
  
  Code cleanup to try and synchronise code between the different SSPI
  based authentication mechanisms.

- ntlm: Renamed SSPI based input token variables
  
  Code cleanup to try and synchronise code between the different SSPI
  based authentication mechanisms.

- ntlm: We prefer 'CURLcode result'
  
  Continuing commit 0eb3d15ccb more return code variable name changes.

- build: Added WinIDN build configuration options
  
  Added support for WinIDN build configurations to the VC8 and VC9
  project files.

Nick Zitzmann (24 Oct 2014)
- darwinssl: detect possible future removal of SSLv3 from the framework
  
  If Apple ever drops SSLv3 support from the Security framework, we'll fail with an error if the user insists on using SSLv3.

Patrick Monnerat (24 Oct 2014)
- gskit.c: remove SSLv3 from SSL default.

- gskit.c: use 'CURLcode result'

Daniel Stenberg (24 Oct 2014)
- [Jay Satiro brought this change]

  SSL: Remove SSLv3 from SSL default due to POODLE attack
  
  - Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss,
  openssl effectively making the default TLS 1.x. axTLS is not affected
  since it supports only TLS, and gnutls is not affected since it already
  defaults to TLS 1.x.
  
  - Update CURLOPT_SSLVERSION doc

- pipelining: only output "is not blacklisted" in debug builds

- *.3: add/extend "SEE ALSO" sections

- curl_easy_pause.3: minor wording edit

- curl_getdate.3: provide a "SEE ALSO" section

- curl_global_init.3: minor formatting fix, add version info

- url.c: use 'CURLcode result'

- code cleanup: we prefer 'CURLcode result'
  
  ... for the local variable name in functions holding the return
  code. Using the same name universally makes code easier to read and
  follow.
  
  Also, unify code for checking for CURLcode errors with:
  
   if(result) or if(!result)
  
  instead of
  
   if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK)

- Curl_add_timecondition: skip superfluous varible assignment
  
  Detected by cppcheck.

- Curl_pp_flushsend: skip superfluous assignment
  
  Detected by cppcheck.

- Curl_pp_readresp: remove superfluous assignment
  
  Variable already assigned a few lines up.
  
  Detected by cppcheck.

- Curl_proxyCONNECT: remove superfluous statement
  
  The variable is already assigned, skip the duplicate assignment.
  
  Pointed out by cppcheck.

Guenter Knauf (24 Oct 2014)
- Added MinGW support to build with nghttp2.

- Added VC ssh2 target to main Makefile.

- Some cosmetics and simplifies.

- Remove dependency on openssl and cut.
  
  Prefer usage of Perl modules for sha1 calculation since there
  might be systems where openssl is not installed or not in path.
  If openssl is used for sha1 calculation then dont rely on cut
  since it is usually not available on other systems than Linux.

Daniel Stenberg (23 Oct 2014)
- RELEASE-NOTES: synced with e116d0a62

- CURLOPT_RESOLVE.3: add an example

- gnutls: removed dead code
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1437
  Reported-by: Julien

- Curl_rand: Uninitialized variable: r
  
  This is not actually used uninitialized but we silence warnings.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1437
  Reported-by: Julien

- opts: provide more and updated examples

- CURLOPT_RANGE.3: works for SFTP as well
  
  ... and added a small example

- curl.1: edited for clarity

- CURLOPT_SSLVERSION.3: provide an example

- docs/libcurl/ABI: more markdown friendly

- docs: edited lots of libcurl docs for clarity

- opts: added examples

- HISTORY: two glimpses in 2014

Kamil Dudka (20 Oct 2014)
- nss: reset SSL handshake state machine
  
  ... when the handshake succeeds
  
  This fixes a connection failure when FTPS handle is reused.

Daniel Stenberg (20 Oct 2014)
- [Peter Wu brought this change]

  cmake: generate pkg-config and curl-config
  
  Initial work to generate a pkg-config and curl-config script. Static
  linking (`curl-config --static-libs` and `pkg-config --shared --libs
  libcurl`) is broken and therefore disabled.
  
  CONFIGURE_OPTIONS does not make sense for CMake, use an empty string
  for now.
  
  At least `curl-config --features` and `curl-config --protocols` work
  which is needed by runtests.pl.
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- [Peter Wu brought this change]

  cmake: use LIBCURL_VERSION from curlver.h
  
  This matches the behavior from autotools. The auxiliary major, minor
  and patch components are not needed anymore and therefore removed.
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- [Peter Wu brought this change]

  cmake: add SUPPORT_FEATURES and SUPPORT_PROTOCOLS
  
  For compatibility with autoconf, it will be used later for curl-config
  and pkg-config. Not all features and or protocols can be enabled as
  these are missing additional checks (see new TODOs).
  
  SUPPORT_PROTOCOLS is partially scripted (grep for SUPPORT_PROTOCOLS=)
  and manually verified/modified. SUPPORT_FEATURES is manually added.
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- cmake: add CMake/Macros.cmake to the release tarball

- test545: make it not use a trailing zero
  
  CURLOPT_COPYPOSTFIELDS with a given CURLOPT_POSTFIELDSIZE does not
  require a trailing zero of the data and by making sure this test doesn't
  use one we know it works (combined with valgrind).

Steve Holme (16 Oct 2014)
- ntlm: Fixed empty type-2 decoded message info text
  
  Updated the info text when the base-64 decode of the type-2 message
  returns a null buffer to be more specific.

- ntlm: Fixed empty/bad base-64 decoded buffer return codes

- ntlm: Avoid unnecessary buffer allocation for SSPI based type-2 token

Daniel Stenberg (16 Oct 2014)
- httpcustomheader.c: make use of more CURLOPT_HTTPHEADER features
  
  ... and only do a single request for clarity.

Steve Holme (15 Oct 2014)
- sasl_sspi: Fixed some typos

- sasl_sspi: Fixed Kerberos response buffer not being allocated when using SSO

Daniel Stenberg (15 Oct 2014)
- [Bruno Thomsen brought this change]

  mk-ca-bundle: added SHA-384 signature algorithm
  
  Certificates based on SHA-1 are being phased out[1].
  So we should expect a rise in certificates based on SHA-2.
  Adding SHA-384 as a valid signature algorithm.
  
  [1] https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/
  
  Signed-off-by: Bruno Thomsen <bth@kamstrup.dk>

Patrick Monnerat (14 Oct 2014)
- OS400: fix bugs in curl_*escape_ccsid() and reduce variables scope

- Implement pinned public key in GSKit backend

Daniel Stenberg (14 Oct 2014)
- CURLOPT_TLSAUTH_*.3: fix reference typos

- cleanups: reduce variable scope
  
  cppcheck pointed these out.

- singleipconnect: remove dead assignment never used
  
  cppcheck pointed this out.

- pinning: minor code style policing

Patrick Monnerat (13 Oct 2014)
- Factorize pinned public key code into generic file handling and backend specific

- vtls: remove QsoSSL

- gskit: supply dummy randomization function

- vtls/*: deprecate have_curlssl_md5sum and set-up default md5sum implementation

Daniel Stenberg (13 Oct 2014)
- [Peter Wu brought this change]

  tests: move TESTCASES to Makefile.inc, add show for cmake
  
  This change allows runtests.pl to be run from the CMake builddir:
  
      export srcdir=/tmp/curl/tests;
      perl -I$srcdir $srcdir/runtests.pl -l
  
  In order to make this possible, all test cases have been moved from
  Makefile.am to Makefile.inc.
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- [Peter Wu brought this change]

  cmake: enable IPv6 by default if available
  
  ENABLE_IPV6 depends on HAVE_GETADDRINFO or you will get a
  Curl_getaddrinfo_ex error. Enable IPv6 by default, disabling it if
  struct sockaddr_in6 is not found in netinet/in.h.
  
  Note that HAVE_GETADDRINFO_THREADSAFE is still not set as it needs more
  platform checks even though POSIX requires a thread-safe getaddrinfo.
  
  Verified on Arch Linux x86_64 with glibc 2.20-2 and Linux 3.16-rc7.
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- [Peter Wu brought this change]

  cmake: build tool_hugehelp (ENABLE_MANUAL)
  
  Rather than always outputting an empty manual page for the '-M' option,
  generate a full manual page as done by autotools. For simplicity in
  CMake, always generate the gzipped page as it will not be used anyway
  when zlib is not available.
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- [Peter Wu brought this change]

  tests/http_pipe.py: Python 3 support
  
  The 2to3 tool converted socketserver (which I manually fixed up with an
  import fallback) and the print(e) line. The xrange option was converted
  to range, but it seems better to use the '*' operator here for
  simplicity.
  
  Signed-off-by: Peter Wu <peter@lekensteyn.nl>

- SECURITY: slightly nicer markdown format

- RELEASE-PROCEDURE: better markdown, more content

- RELEASE-NOTES: synced with 6637b237e6eb
  
  ... and bumped the planned release version.

- vtls: have vtls.h include the backend header files
  
  It turned out some features were not enabled in the build since for
  example url.c #ifdefs on features that are defined on a per-backend
  basis but vtls.h didn't include the backend headers.
  
  CURLOPT_CERTINFO was one such feature that was accidentally disabled.

- test2036: verify -O with no slash at all in the URL
  
  Similar to test 76 but that test's URL has a slash just no file name
  part.

- get_url_file_name: make no slash equal empty string

- get_url_file_name: never return a NULL string *and* OK
  
  Change 987a4a73 assumes that as it simplifies life in the calling
  function.
  
  Reported-by: Fabian Keil

- [Jakub Zakrzewski brought this change]

  Cmake: Build with GSSAPI (MIT or Heimdal)
  
  It tries hard to recognise SDK's on different platforms. On windows MIT
  Kerberos installs SDK with other things and puts path into registry.
  Heimdal have separate zip archive. On linux pkg-config is tried, then
  krb5-config script and finally old-style libs and headers detection.
  
  Command line args:
  * CMAKE_USE_GSSAPI - enables GSSAPI detection
  * GSS_ROOT_DIR - if set, should point to the root of GSSAPI installation
                   (the one with include and lib directories)

- [Jakub Zakrzewski brought this change]

  Cmake: Got rid of setup_curl_dependencies
  
  There is no need for such function. Include_directories propagate by
  themselves and having a function with one simple link statement makes
  little sense.

- [Jakub Zakrzewski brought this change]

  Cmake: Avoid cycle directory dependencies.
  
  Because we prepended libraries to list, CMake had troubles resolving
  link directory order as it detected some cycles. Appending to list ensures
  that dependencies will preceed dependees.

- [Jakub Zakrzewski brought this change]

  Cmake: Fix library list provided to cURL tests.
  
  The list must be set after those nice CMake tests as we mess with
  CMAKE_REQUIRED_LIBRARIES there.

- [Jakub Zakrzewski brought this change]

  Cmake: Check for OpenSSL before OpenLDAP.
  
  OpenLDAP might have been build with OpenSSL. Checking for OpenLDAP first
  may result in undefined symbols. Of course, the found OpenSSL libraries
  must also be linked whenever OpenLDAP is.

- curl_multi_fdset.3: improved the formatting slightly

- curl_multi_fdset: explain the fd_set arguments

Kamil Dudka (8 Oct 2014)
- nss: do not fail if a CRL is already cached
  
  This fixes a copy-paste mistake from commit 2968f957.

Patrick Monnerat (8 Oct 2014)
- OS400: upgrade interface for pinned public key (no implementation yet)

Daniel Stenberg (8 Oct 2014)
- FormAdd: precaution against memdup() of NULL pointer
  
  Coverity CID 252518. This function is in general far too complicated for
  its own good and really should be broken down into several smaller
  funcitons instead - but I'm adding this protection here now since it
  seems there's a risk the code flow can end up here and dereference a
  NULL pointer.

- operate: avoid NULL dereference
  
  Coverity CID 1241948. dumpeasysrc() would get called with
  config->current set to NULL which could be dereferenced by a warnf()
  call.

- do_sec_send: remove dead code
  
  Coverity CID 1241951. The condition 'len >= 0' would always be true at
  that point and thus not necessary to check for.

- krb5_encode: remove unused argument
  
  Coverity CID 1241957. Removed the unused argument. As this struct and
  pointer now are used only for krb5, there's no need to keep unused
  function arguments around.

- operate_do: skip superfluous check for NULL pointer
  
  Coverity CID 1243583. get_url_file_name() cannot fail and return a NULL
  file name pointer so skip the check for that - it tricks coverity into
  believing it can happen and it then warns later on when we use 'outfile'
  without checking for NULL.

- curl_easy_getinfo.3: spell-fix
  
  Reported-By: Luan Cestari

- [moparisthebest brought this change]

  GnuTLS: Implement public key pinning

- [moparisthebest brought this change]

  SSL: implement public key pinning
  
  Option --pinnedpubkey takes a path to a public key in DER format and
  only connect if it matches (currently only implemented with OpenSSL).
  
  Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().
  
  Extract a public RSA key from a website like so:
  openssl s_client -connect google.com:443 2>&1 < /dev/null | \
  sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
  | openssl rsa -pubin -outform DER > google.com.der

- multi_runsingle: fix possible memory leak
  
  Coverity CID 1202837. 'newurl' can in fact be allocated even when
  Curl_retry_request() returns failure so free it if need be.

- ares::Curl_resolver_cancel: skip checking for NULL conn
  
  Coverity CID 1243581. 'conn' will never be NULL here, and if it would be
  the subsequent statement would dereference it!

- parseconfig: skip a NULL check
  
  Coverity CID 1154198. This NULL check implies that the pointer _can_ be
  NULL at this point, which it can't. Thus it is dead code. It tricks
  static analyzers to warn about dereferencing the pointer since the code
  seems to imply it can be NULL.

- [Waldek Kozba brought this change]

  multi-uv.c: call curl_multi_info_read() better
  
  Improves it for low-latency cases (like the communication with
  localhost)

- tool_go_sleep: use (void) to spell out we ignore the return value
  
  Coverity CID 1222080.

- ssh_statemach_act: split out assignment from check
  
  just a minor code style thing to make the code clearer

Marc Hoersken (4 Oct 2014)
- curl_schannel.c: Fixed possible memory or handle leak
  
  First try to fix possible memory leaks, in this case:
  Only connssl->ctxt xor onnssl->cred being initialized.

Daniel Stenberg (4 Oct 2014)
- getparameter: remove dead code
  
  Coverity CID 1061126. 'parse' will always be non-NULL here.

- getparameter: comment a switch FALLTHROUGH
  
  Coverity CID 1061118. Point out that it is on purpose.

- choose_mech: fix return code
  
  Coverity CID 1241950. The pointer is never NULL but it might point to
  NULL.

- Curl_sec_read_msg: spell out that we ignore return code
  
  Coverity CID 1241947. Since if sscanf() fails, the previously set value
  remains set.

- nonblock: call with (void) to show we ignore the return code
  
  Coverity pointed out several of these.

- parse_proxy: remove dead code.
  
  Coverity CID 982331.

- Curl_debug: document switch fallthroughs

- curl_multi_remove_handle: remove dead code
  
  Coverify CID 1157776. Removed a superfluous if() that always evaluated
  true (and an else clause that never ran), and then re-indented the
  function accordingly.

- Curl_pipeline_server_blacklisted: handle a NULL server name
  
  Coverity CID 1215284. The server name is extracted with
  Curl_copy_header_value() and passed in to this function, and
  copy_header_value can actually can fail and return NULL.

- ssh: comment "fallthrough" in switch statement

- [Jeremy Lin brought this change]

  ssh: improve key file search
  
  For private keys, use the first match from: user-specified key file
  (if provided), ~/.ssh/id_rsa, ~/.ssh/id_dsa, ./id_rsa, ./id_dsa
  
  Note that the previous code only looked for id_dsa files. id_rsa is
  now generally preferred, as it supports larger key sizes.
  
  For public keys, use the user-specified key file, if provided.
  Otherwise, try to extract the public key from the private key file.
  This means that passing --pubkey is typically no longer required,
  and makes the key-handling behavior more like OpenSSH.

- CURLOPT_HTTPHEADER.3: libcurl doesn't copy the whole list

- detect_proxy: fix possible single-byte memory leak
  
  Coverity CID 1202836. If the proxy environment variable returned an empty
  string, it would be leaked. While an empty string is not really a proxy, other
  logic in this function already allows a blank string to be returned so allow
  that here to avoid the leak.

- multi_runsingle: fix memory leak
  
  Coverity CID 1202837. There's a potential risk that 'newurl' gets
  overwritten when it was already pointing to allocated memory.

- pop3_perform_authentication: fix memory leak
  
  Coverity CID 1215287. There's a potential risk for a memory leak in
  here, and moving the free call to be unconditional seems like a cheap
  price to remove the risk.

- imap_perform_authentication: fix memory leak
  
  Coverity CID 1215296. There's a potential risk for a memory leak in
  here, and moving the free call to be unconditional seems like a cheap
  price to remove the risk.

- wait_or_timeout: return failure when Curl_poll() fails
  
  Coverity detected this. CID 1241954. When Curl_poll() returns a negative value
  'mcode' was uninitialized. Pretty harmless since this is debug code only and
  would at worst cause an error to _not_ be returned...

- curl.1: mention quoting in the URL section
  
  and separate the example URLs with newlines

Steve Holme (30 Sep 2014)
- [Bill Nagel brought this change]

  smtp: Fixed intermittent "SSL3_WRITE_PENDING: bad write retry" error
  
  This patch fixes the "SSL3_WRITE_PENDING: bad write retry" error that
  sometimes occurs when sending an email over SMTPS with OpenSSL. OpenSSL
  appears to require the same pointer on a write that follows a retry
  (CURLE_AGAIN) as discussed here:
  
  http://stackoverflow.com/questions/2997218/why-am-i-getting-error1409f07fssl-routinesssl3-write-pending-bad-write-retr

Daniel Stenberg (30 Sep 2014)
- RELEASE-NOTES: synced with 53cbea22310f15

- file: reject paths using embedded %00
  
  Mostly because we use C strings and they end at a binary zero so we know
  we can't open a file name using an embedded binary zero.
  
  Reported-by: research@g0blin.co.uk

Dan Fandrich (26 Sep 2014)
- test506: Fixed a couple of memory leaks in test

Daniel Stenberg (25 Sep 2014)
- [Yousuke Kimoto brought this change]

  CURLOPT_COOKIELIST: Added "RELOAD" command

- [Michael Wallner brought this change]

  CURLOPT_POSTREDIR.3: Added availability for CURL_REDIR_POST_303

- threaded-resolver: revert Curl_expire_latest() switch
  
  The switch to using Curl_expire_latest() in commit cacdc27f52b was a
  mistake and was against the advice even mentioned in that commit. The
  comparison in asyn-thread.c:Curl_resolver_is_resolved() makes
  Curl_expire() the suitable function to use.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1426
  Reported-By: graysky

- libcurl docs: improvements all over

Steve Holme (19 Sep 2014)
- build: Added WinIDN build configuration options
  
  Added initial support for WinIDN build configurations to the VC10+
  project files.

Daniel Stenberg (19 Sep 2014)
- tutorial: signals aren't used for the threaded resolver

- FAQ: update the pronunciation section
  
  As we weren't using the correct phonetic description and doing it correctly
  involves funny letters that I'm sure will cause problems for people in a text
  document so I instead rephrased it and link to a WAV file with a person
  actually saying 'curl'.
  
  Reported-By: Dimitar Boevski

- CURLOPT_COOKIE*: added more cross-references

- BINDINGS: add node-libcurl
  
  Reported-By: Jonathan Cardoso Machado
  URL: http://curl.haxx.se/mail/lib-2014-09/0102.html

- README.http2: updated to reflect current status

- formdata: removed unnecessary USE_SSLEAY use

- curlssl: make tls backend symbols use curlssl in the name

- url: let the backend decide CURLOPT_SSL_CTX_ support
  
  ... to further remove specific TLS backend knowledge from url.c

- vtls: have the backend tell if it supports CERTINFO

- [Catalin Patulea brought this change]

  configure: allow --with-ca-path with PolarSSL too
  
  Missed this in af45542c.
  
  Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>

- CURLOPT_CAPATH: return failure if set without backend support

- [Tatsuhiro Tsujikawa brought this change]

  http2: Fix busy loop when EOF is encountered
  
  Previously we did not handle EOF from underlying transport socket and
  wrongly just returned error code CURL_AGAIN from http2_recv, which
  caused busy loop since socket has been closed.  This patch adds the
  code to handle EOF situation and tells the upper layer that we got
  EOF.

Steve Holme (13 Sep 2014)
- build: Added batch wrapper to checksrc.pl

- RELEASE-NOTES: Synced with bd3df5ec6d

- [Marcel Raad brought this change]

  sasl_sspi: Fixed Unicode build
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1422
  Verified-by: Steve Holme

Daniel Stenberg (12 Sep 2014)
- libcurl-tutorial.3: fix GnuTLS link to thread-safety guidelines
  
  The former link was turned into a 404 at some point.
  
  Reported-By: Askar Safin

- contributors.sh: split list of names at comma
  
  ... to support a list of names provided in a commit message.

Steve Holme (12 Sep 2014)
- [Ulrich Telle brought this change]

  ntlm: Fixed HTTP proxy authentication when using Windows SSPI
  
  Removed ISC_REQ_* flags from calls to InitializeSecurityContext to fix
  bug in NTLM handshake for HTTP proxy authentication.
  
  NTLM handshake for HTTP proxy authentication failed with error
  SEC_E_INVALID_TOKEN from InitializeSecurityContext for certain proxy
  servers on generating the NTLM Type-3 message.
  
  The flag ISC_REQ_CONFIDENTIALITY seems to cause the problem according
  to the observations and suggestions made in a bug report for the
  QT project (https://bugreports.qt-project.org/browse/QTBUG-17322).
  
  Removing all the flags solved the problem.
  
  Bug: http://curl.haxx.se/mail/lib-2014-08/0273.html
  Reported-by: Ulrich Telle
  Assisted-by: Steve Holme, Daniel Stenberg

Daniel Stenberg (12 Sep 2014)
- [Ray Satiro brought this change]

  newlines: fix mixed newlines to LF-only
  
  I use the curl repo mainly on Windows with the typical Windows git
  checkout which converts the LF line endings in the curl repo to CRLF
  automatically on checkout. The automatic conversion is not done on files
  in the repo with mixed line endings. I recently noticed some weird
  output with projects/build-openssl.bat that I traced back to mixed line
  endings, so I scanned the repo and there are files (excluding the
  test data) that have mixed line endings.
  
  I used this command below to do the scan. Unfortunately it's not as easy
  as git grep, at least not on Windows. This gets the names of all the
  files in the repo's HEAD, gets each of those files raw from HEAD, checks
  for mixed line endings of both LF and CRLF, and prints the name if
  mixed. I excluded path tests/data/test* because those can have mixed
  line endings if I understand correctly.
  
  for f in `git ls-tree --name-only --full-tree -r HEAD`;
  do if [ -n "${f##tests/data/test*}" ];
      then git show "HEAD:$f" | \
          perl -0777 -ne 'exit 1 if /([^\r]\n.*\r\n)|(\r\n.*[^\r]\n)/';
      if [ $? -ne 0 ];
          then echo "$f";
      fi;
  fi;
  done

- [Viktor Szakáts brought this change]

  mk-ca-bundle.pl: converted tabs to spaces, deleted trailing spaces

- ROADMAP: markdown eats underscores
  
  It interprets them as italic indictors unless we backtick the word.

- ROADMAP: tiny formatting edit for nicer web output

Steve Holme (10 Sep 2014)
- ROADMAP.md: Updated GSSAPI authentication following 7.38.0 additions

- INTERNALS: Added email and updated Kerberos details

- FEATURES: Updated Kerberos details
  
  Added support for Kerberos 5 to the email protocols following the recent
  additions in 7.38.0.
  
  Removed Kerberos 4 as this has been gone for a while now.

Daniel Stenberg (10 Sep 2014)
- [Paul Howarth brought this change]

  openssl: build fix for versions < 0.9.8e
  
  Bug: http://curl.haxx.se/mail/lib-2014-09/0064.html

- mk-ca-bundle.pl: first, try downloading HTTPS with curl
  
  As a sort of step forward, this script will now first try to get the
  data from the HTTPS URL using curl, and only if that fails it will
  switch back to the HTTP transfer using perl's native LWP functionality.
  To reduce the risk of this script being tricked.
  
  Using HTTPS to get a cert bundle introduces a chicken-and-egg problem so
  we can't really ever completely disable HTTP, but chances are that most
  users already have a ca cert bundle that trusts the mozilla.org site
  that this script downloads from.
  
  A future version of this script will probably switch to require a
  dedicated "insecure" command line option to allow downloading over HTTP
  (or unverified HTTPS).

- LICENSE-MIXING: removed krb4 info
  
  krb4 has been dropped since a while now

- bump: on the 7.38.1-DEV train now!

- SSLCERTS: minor updates
  
  Edited format to look better on the web, added a "it is about trust"
  section.

Version 7.38.0 (10 Sep 2014)

Daniel Stenberg (10 Sep 2014)
- dist: two cmake files are no more
  
  CMake/FindOpenSSL.cmake and FindZLIB.cmake are gone since 14aa8f0c117b

- RELEASE-NOTES: final update for 7.38.0

- cookies: reject incoming cookies set for TLDs
  
  Test 61 was modified to verify this.
  
  CVE-2014-3620
  
  Reported-by: Tim Ruehsen
  URL: http://curl.haxx.se/docs/adv_20140910B.html

- [Tim Ruehsen brought this change]

  cookies: only use full host matches for hosts used as IP address
  
  By not detecting and rejecting domain names for partial literal IP
  addresses properly when parsing received HTTP cookies, libcurl can be
  fooled to both send cookies to wrong sites and to allow arbitrary sites
  to set cookies for others.
  
  CVE-2014-3613
  
  Bug: http://curl.haxx.se/docs/adv_20140910A.html

- HISTORY: fix the 1998 title position

- HISTORY: extended and now markdown

- SSLCERTS: converted to markdown
  
  Only minor edits to make it generate nice HTML output using markdown, as
  this document serves both in source release tarballs as on the web site.
  
  URL: http://curl.haxx.se/docs/sslcerts.html

- ftp-wildcard.c: spell fix
  
  Reported-By: Frank Gevaerts

- RELEASE-NOTES: synced with 921a0c22a6f

- THANKS: synced with RELEASE-NOTES for 921a0c22a6f

- polarassl: avoid memset() when clearing the first byte is enough

- [Catalin Patulea brought this change]

  polarssl: support CURLOPT_CAPATH / --capath
  
  Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>

- SECURITY: eh, make more sense!

- SECURITY: how to join the curl-security list

- RELEASE-NOTES: fix the required nghttp2 version typo

- [Brandon Casey brought this change]

  Ensure progress.size_dl/progress.size_ul are always >= 0
  
  Historically the default "unknown" value for progress.size_dl and
  progress.size_ul has been zero, since these values are initialized
  implicitly by the calloc that allocates the curl handle that these
  variables are a part of.  Users of curl that install progress
  callbacks may expect these values to always be >= 0.
  
  Currently it is possible for progress.size_dl and progress.size_ul
  to by set to a value of -1, if Curl_pgrsSetDownloadSize() or
  Curl_pgrsSetUploadSize() are passed a "size" of -1 (which a few
  places currently do, and a following patch will add more).  So
  lets update Curl_pgrsSetDownloadSize() and Curl_pgrsSetUploadSize()
  so they make sure that these variables always contain a value that
  is >= 0.
  
  Updates test579 and test599.
  
  Signed-off-by: Brandon Casey <drafnel@gmail.com>

Steve Holme (7 Sep 2014)
- tests: Added test1420 to the makefile

- test1420: Removed unnecessary CURLOPT setting

- tests: Added more "Clear Text" authentication keywords

- tests: Updated "based on" text due to email test renumbering

- tests: For consistency added --libcurl to test name

- tests: Added --libcurl for IMAP test case

- multi.c: Avoid invalid memory read after free() from commit 3c8c873252
  
  As the current element in the list is free()d by Curl_llist_remove(),
  when the associated connection is pending, reworked the loop to avoid
  accessing the next element through e->next afterward.

- multi.c: Fixed compilation warning from commit 3c8c873252
  
  warning: implicit conversion from enumeration type 'CURLMcode' to
  different enumeration type 'CURLcode'

- url.c: Use CURLAUTH_NONE constant rather than 0
  
  Small follow up to commit 898808fa8c to use auth constants rather than
  hard code value when clearing picked authentication mechanism.

- RELEASE-NOTES: Synced with fd1ce3856a

Nick Zitzmann (4 Sep 2014)
- [Vilmos Nebehaj brought this change]

  darwinssl: Use CopyCertSubject() to check CA cert.
  
  SecCertificateCopyPublicKey() is not available on iPhone. Use
  CopyCertSubject() instead to see if the certificate returned by
  SecCertificateCreateWithData() is valid.
  
  Reported-by: Toby Peterson

Steve Holme (4 Sep 2014)
- RELEASE-NOTES: Clarify email Kerberos support is currently via Windows SSPI

Daniel Stenberg (4 Sep 2014)
- MAIL-ETIQUETTE: "1.8 I posted, now what?"

- CURLOPT_CA*: better refering between *CAINFO and *CAPATH
  
  ... and a minor wording edit

- THANKS: added Dennis Clarke
  
  Dennis Clarke from Blastwave.org for ensuring that nightly builds run
  smooth on Solaris!

- curl_multi_cleanup: remove superfluous NULL assigns
  
  ... as the struct is free()d in the end anyway. It was first pointed out
  to me that one of the ->msglist assignments were supposed to have been
  ->pending but was a copy and paste mistake when I realized none of the
  clearing of pointers had to be there.

- multi: convert CURLM_STATE_CONNECT_PEND handling to a list
  
  ... instead of scanning through all handles, stash only the actual
  handles that are in that state in the new ->pending list and scan that
  list only. It should be mostly empty or very short. And only used for
  pipelining.
  
  This avoids a rather hefty slow-down especially notable if you add many
  handles to the same multi handle. Regression introduced in commit
  0f147887 (version 7.30.0).
  
  Bug: http://curl.haxx.se/mail/lib-2014-07/0206.html
  Reported-by: David Meyer

- RELEASE-NOTES: synced with e608324f9f9

- [Andre Heinecke brought this change]

  polarssl: implement CURLOPT_SSLVERSION
  
  Forwards the setting as minimum ssl version (if set) to polarssl.  If
  the server does not support the requested version the SSL Handshake will
  fail.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1419

nickzman (1 Sep 2014)
- Merge pull request #115 from ldx/darwinsslfixpr
  
  darwinssl: now accepts cacert bundles in PEM format in addition to single certs

Vilmos Nebehaj (1 Sep 2014)
- Check CA certificate in curl_darwinssl.c.
  
  SecCertificateCreateWithData() returns a non-NULL SecCertificateRef even
  if the buffer holds an invalid or corrupt certificate. Call
  SecCertificateCopyPublicKey() to make sure cacert is a valid
  certificate.

Daniel Stenberg (31 Aug 2014)
- low-speed-limit: avoid timeout flood
  
  Introducing Curl_expire_latest(). To be used when we the code flow only
  wants to get called at a later time that is "no later than X" so that
  something can be checked (and another timeout be added).
  
  The low-speed logic for example could easily be made to set very many
  expire timeouts if it would be called faster or sooner than what it had
  set its own timer and this goes for a few other timers too that aren't
  explictiy checked for timer expiration in the code.
  
  If there's no condition the code that says if(time-passed >= TIME), then
  Curl_expire_latest() is preferred to Curl_expire().
  
  If there exists such a condition, it is on the other hand important that
  Curl_expire() is used and not the other.
  
  Bug: http://curl.haxx.se/mail/lib-2014-06/0235.html
  Reported-by: Florian Weimer

- [Michael Wallner brought this change]

  resolve: cache lookup for async resolvers
  
  While waiting for a host resolve, check if the host cache may have
  gotten the name already (by someone else), for when the same name is
  resolved by several simultanoues requests.
  
  The resolver thread occasionally gets stuck in getaddrinfo() when the
  DNS or anything else is crappy or slow, so when a host is found in the
  DNS cache, leave the thread alone and let itself cleanup the mess.

Vilmos Nebehaj (30 Aug 2014)
- Fix CA certificate bundle handling in darwinssl.
  
  If the --cacert option is used with a CA certificate bundle that
  contains multiple CA certificates, iterate through it, adding each
  certificate as a trusted root CA.

Daniel Stenberg (29 Aug 2014)
- [Askar Safin brought this change]

  getinfo-times: Typo fixed

- [Askar Safin brought this change]

  libcurl.3: Typo fixed

- curl_formadd.3: setting CURLFORM_CONTENTSLENGTH 0 zero means strlen

- curl.1: add an example for -H

- FAQ: mention -w in the 4.20 answer as well

- FAQ: 4.20 curl doesn't return error for HTTP non-200 responses

- CURLOPT_NOBODY.3: clarify this option is for downloads
  
  When enabling CURLOPT_NOBODY, libcurl effectively switches off upload
  mode and will do a download (without a body). This is now better
  explained in this man page.
  
  Bug: http://curl.haxx.se/mail/lib-2014-08/0236.html
  Reported-by: John Coffey

- INTERNALS: nghttp2 must be 0.6.0 or later

- [Tatsuhiro Tsujikawa brought this change]

  Compile with latest nghttp2

Dan Fandrich (26 Aug 2014)
- THANKS: removed a few more duplicates

Daniel Stenberg (26 Aug 2014)
- RELEASE-NOTES: synced with 007242257683a
  
  ... and bumped the contributor amount after recount

- THANKS: added 52 missing contributors
  
  I re-ran contributors.sh on all changes since 7.10 and I found these
  contributors who are mentioned in the commits but never were added to
  THANKS before!
  
  I also removed a couple of duplicates (mostly due to different
  spellings).

- contributors: grep and sort case insensitively

- [Michael Osipov brought this change]

  configure.ac: Add support for recent GSS-API implementations for HP-UX
  
  By default, configure script assumes that libcurl will use the
  HP-supplied GSS-API implementation which does not have krb5-config.
  If a dev needs a more recent version which has that config script,
  the change will allow to pass an appropriate GSSAPI_ROOT.

- CONNECT: close proxy connections that fail to CONNECT
  
  This is usually due to failed auth. There's no point in us keeping such
  a connection alive since it shouldn't be re-used anyway.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1381
  Reported-by: Marcel Raad

- RELEASE-NOTES: added two missing HTTP/2 bug fixes
  
  And renamed all http2 references to HTTP/2 in this file

- RELEASE-NOTES: synced with f646e9075f47

- [Jakub Zakrzewski brought this change]

  Cmake: Possibility to use OpenLDAP, OpenSSL, LibSSH2 on windows
  
  At this point I can build libcurl on windows. It provides at least the same
  list of protocols as for linux build and works with our software.

- [Jakub Zakrzewski brought this change]

  Cmake: Removed repeated content from ending blocks
  
  They are unnecesary in modern CMake and removing them improves readability.

- [Jakub Zakrzewski brought this change]

  Cmake: Removed some useless empty SET statements.
  
  Undefined variables resolve to empty strings and we do not ever test if
  the variable is defined thus those SETs are superfluous.

- [Jakub Zakrzewski brought this change]

  Cmake: Removed useless comments from CMakeLists.txt
  
  They look like some relics after changes.

- [Jakub Zakrzewski brought this change]

  Cmake: Don't check for all headers each time
  
  One header at a time is the right way. Apart from that the output on
  windows goes from:
  ...
  -- Looking for include files I:/src/libssh2-1.4.3/include/libssh2.h, ws2tcpip.h
  -- Looking for include files I:/src/libssh2-1.4.3/include/libssh2.h, ws2tcpip.h
  - found
  -- Looking for 3 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins
  ock2.h
  -- Looking for 3 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins
  ock2.h - found
  -- Looking for 4 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., stdi
  o.h
  -- Looking for 4 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., stdi
  o.h - found
  -- Looking for 5 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wind
  ows.h
  -- Looking for 5 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wind
  ows.h - found
  -- Looking for 6 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins
  ock.h
  -- Looking for 6 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins
  ock.h - found
  -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/
  filio.h
  -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/
  filio.h - not found
  -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/
  ioctl.h
  -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/
  ioctl.h - not found
  -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/
  resource.h
  ...
  
  To much nicer:
  ...
  -- Looking for ws2tcpip.h
  -- Looking for ws2tcpip.h - found
  -- Looking for winsock2.h
  -- Looking for winsock2.h - found
  -- Looking for stdio.h
  -- Looking for stdio.h - found
  -- Looking for windows.h
  -- Looking for windows.h - found
  -- Looking for winsock.h
  -- Looking for winsock.h - found
  -- Looking for sys/filio.h
  -- Looking for sys/filio.h - not found
  -- Looking for sys/ioctl.h
  -- Looking for sys/ioctl.h - not found
  -- Looking for sys/resource.h

- [Jakub Zakrzewski brought this change]

  Cmake: Append OpenSSL include directory to search path
  
  At this point I can build libcurl with OpenSSL, OpenLDAP and LibSSH2.
  Supported protocols are at least:
  HTTP, HTTPS, FTP, SFTP, TFTP, LDAP, LDAPS, POP3, SMTP
  (those are the ones we have regression tests for
  in our product's testsuite)

- [Jakub Zakrzewski brought this change]

  Cmake: Search for liblber, LDAP SSL headers, swith for using OpenLDAP code.

- [Jakub Zakrzewski brought this change]

  Cmake: LibSSH2 detection and use.

- [Jakub Zakrzewski brought this change]

  Cmake: Moved macros out of the main CMakeLists.txt

- [Jakub Zakrzewski brought this change]

  Cmake: Added missing protocol-disable switches
  
  They already have their defines in config.h. This makes it possible to
  disable the protocols from command line during configure step.

- [Jakub Zakrzewski brought this change]

  Cmake: Made boolean defines be defined to "1" instead of "ON"
  
  It's by convention, for compatibility and because the comments say so.
  Just mabe someone have written a test like "#if HAVE_XX==1"

- [Jakub Zakrzewski brought this change]

  Cmake: Require at least CMake 2.8.
  
  CMake 2.6 is already a bit old. Many bugs have been fixed since
  its release. We use 2.8 in our company and we have no intention
  of polluting our environment with old software, so 2.6 would
  not be tested. This shouldn't be a problem since all one need
  to build CMake from source is C and C++ compiler.

- disconnect: don't touch easy-related state on disconnects
  
  This was done to make sure NTLM state that is bound to a connection
  doesn't survive and gets used for the subsequent request - but
  disconnects can also be done to for example make room in the connection
  cache and thus that connection is not strictly related to the easy
  handle's current operation.
  
  The http authentication state is still kept in the easy handle since all
  http auth _except_ NTLM is connection independent and thus survive over
  multiple connections.
  
  Bug: http://curl.haxx.se/mail/lib-2014-08/0148.html
  Reported-by: Paras S

- curl.1: clarify --limit-rate's effect on both directions
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1414
  Reported-by: teo8976

- curl.1: mention the --post30x options within the --location desc

Dan Fandrich (22 Aug 2014)
- sasl: Fixed a memory leak on OOM

Daniel Stenberg (22 Aug 2014)
- [Frank Meier brought this change]

  NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth
  
  Problem: if CURLOPT_FORBID_REUSE is set, requests using NTLM failed
  since NTLM requires multiple requests that re-use the same connection
  for the authentication to work
  
  Solution: Ignore the forbid reuse flag in case the NTLM authentication
  handshake is in progress, according to the NTLM state flag.
  
  Fixed known bug #77.

Steve Holme (22 Aug 2014)
- openssl.c: Fixed longer than 79 columns

- openssl.c: Fixed compilation warning
  
  warning: declaration of 'minor' shadows a global declaration

Daniel Stenberg (21 Aug 2014)
- [Haris Okanovic brought this change]

  win32: Fixed WinSock 2 #if
  
  A conditionally compiled block in connect.c references WinSock 2
  symbols, but used `#ifdef HAVE_WINSOCK_H` instead of `#ifdef
  HAVE_WINSOCK2_H`.
  
  Bug: http://curl.haxx.se/mail/lib-2014-08/0155.html

- Curl_disconnect: don't free the URL
  
  The URL is not a property of the connection so it should not be freed in
  the connection disconnect but in the Curl_close() that frees the easy
  handle.
  
  Bug: http://curl.haxx.se/mail/lib-2014-08/0148.html
  Reported-by: Paras S

- help output: minor whitespace edits
  
  Should've been amended in the previous commit but wasn't due to a
  mistake.

- [Zearin brought this change]

  help output: use ≥2 spaces between option and description
  
  ... and some other cleanups

- FAQ: some actually sometimes get paid...

Steve Holme (17 Aug 2014)
- sasl_sspi: Fixed a memory leak with the GSSAPI base-64 decoded challenge

- sasl_sspi: Renamed GSSAPI mutual authentication parameter
  
  ...From "mutual" to "mutual_auth" which better describes what it is.

- sasl_sspi: Corrected some of the GSSAPI security message error codes
  
  Corrected a number of the error codes that can be returned from the
  Curl_sasl_create_gssapi_security_message() function when things go
  wrong.
  
  It makes more sense to return CURLE_BAD_CONTENT_ENCODING when the
  inbound security challenge can't be decoded correctly or doesn't
  contain the KERB_WRAP_NO_ENCRYPT flag and CURLE_OUT_OF_MEMORY when
  EncryptMessage() fails. Unfortunately the previous error code of
  CURLE_RECV_ERROR was a copy and paste mistakes on my part and should
  have been correct in commit 4b491c675f :(

- docs: Escaped single backslash

- TODO: Updated following GSSAPI (Kerberos V5) additions
  
  Updated "FTP 4.6 GSSAPI via Windows SSPI" and "SASL 14.1 Other
  authentication mechanisms" following recent additions.
  
  Added SASL 14.2 GSSAPI via GSS-API libraries.

- CURLOPT_USERNAME.3: Added Kerberos V5 and NTLM domain information
  
  This repeats what has already been documented in both the curl manpage
  and CURLOPT_USERPWD documentation but is provided here for completeness
  as someone may not especially read the latter when using libcurl.

- CURLOPT_USERPWD.3: Updated following Kerberos V5 SSPI changes
  
  Added information about Kerberos V5 requiring the domain part in the
  user name.
  
  Mentioned that the user name can be specified in UPN format, and not
  just in Down-Level Logon Name format, following the information
  added in commit 7679cb3fa8 reworking the exisitng information in the
  process.

- docs: Added Kerberos V5 and NTLM domain information to --user

- docs: Added Kerberos V5 to the --user SSPI current credentials usage

- sasl_sspi: Tell the server we don't support a GSSAPI receive buffer

- smtp: Added support for GSSAPI (Kerberos V5) authentication via Windows SSPI

- pop3: Added support for GSSAPI (Kerberos V5) authentication via Windows SSPI

- imap: Added support for GSSAPI (Kerberos V5) authentication via Windows SSPI

- email: Added mutual authentication flag

Daniel Stenberg (15 Aug 2014)
- RELEASE-NOTES: synced with 0187c9e11d079

- http: fix the Content-Range: parser
  
  ... to handle "*/[total]". Also, removed the strange hack that made
  CURLOPT_FAILONERROR on a 416 response after a *RESUME_FROM return
  CURLE_OK.
  
  Reported-by: Dimitrios Siganos
  Bug: http://curl.haxx.se/mail/lib-2014-06/0221.html

Steve Holme (14 Aug 2014)
- email: Introduced the GSSAPI states

- curl_sasl_sspi.c: Fixed more compilation warnings from commit 4b491c675f
  
  warning: unused variable 'resp'
  
  warning: no previous prototype for 'Curl_sasl_gssapi_cleanup'

- SHA-1: 61c93383b7f6cf79d12ff99e9dced1d1cc2a7064
  
  * curl_sasl_sspi.c: Fixed compilation warning from commit 4b491c675f
  
  warning: declaration of 'result' shadows a previous local

- curl_sasl.h: Fixed compilation error from commit 4b491c675f
  
  warning: 'struct kerberos5data' declared inside parameter list
  
  Due to missing forward declaration.

- urldata.h: Fixed compilation warnings from commit 3ec253532e
  
  warning: extra tokens at end of #endif directive

- sasl_sspi: Added GSSAPI message functions

- urldata: Introduced a GSSAPI (Kerberos V5) data structure
  
  Added a kerberos5data structure which is similar in nature to the
  ntlmdata and negotiatedata structures.

- sspi: Moved KERB_WRAP_NO_ENCRYPT from socks_sspi module
  
  In preparation for the upcoming SSPI implementation of GSSAPI
  authentication, moved the definition of KERB_WRAP_NO_ENCRYPT from
  socks_sspi.c to curl_sspi.h allowing it to be shared amongst other
  SSPI based code.

Daniel Stenberg (13 Aug 2014)
- mk-ca-bundle.pl: add missing $

- mk-ca-bundle.pl: switched to using hg.mozilla.org
  
  ... as mxr.mozilla.org is due to be retired.
  
  The new host doesn't support If-Modified-Since nor ETags, meaning that
  the script will now defer to download and do a post-transfer checksum
  check to see if a new output is to be generated. The new output format
  will hold the SHA1 checksum of the source file for that purpose.
  
  We call this version 1.22
  
  Reported-by: Ed Morley
  Bug: http://curl.haxx.se/bug/view.cgi?id=1409

- [Jose Alf brought this change]

  openssl: fix version report for the 0.9.8 branch
  
  Fixed libcurl to correctly output the newer versions of OpenSSL 0.9.8,
  starting from openssl-0.9.8za.

- [Frank Meier brought this change]

  create_conn: prune dead connections
  
  Bringing back the old functionality that was mistakenly removed when the
  connection cache was remade. When creating a new connection, all the
  existing ones are checked and those that are known to be dead get
  disconnected for real and removed from the connection cache. It helps
  the cache from holding on to very many stale connections and aids in
  keeping down the number of system sockets in wait states.
  
  Help-by: Jonatan Vela <jonatan.vela@ergon.ch>
  
  Bug: http://curl.haxx.se/mail/lib-2014-06/0189.html

Kamil Dudka (11 Aug 2014)
- docs/SSLCERTS: update the section about NSS database
  
  Bug: http://curl.haxx.se/mail/lib-2014-07/0335.html
  Reported-by: David Shaw

Daniel Stenberg (11 Aug 2014)
- [Peter Wang brought this change]

  Curl_poll + Curl_wait_ms: fix timeout return value
  
  Curl_poll and Curl_wait_ms require the fix applied to Curl_socket_check
  in commits b61e8b8 and c771968:
  
  When poll or select are interrupted and coincides with the timeout
  elapsing, the functions return -1 indicating an error instead of 0 for
  the timeout.

Steve Holme (10 Aug 2014)
- config-tpf.h: Fixed up line lengths > 79 characters

- config-symbian.h: Fixed up line lengths > 79 characters

- tool_hugehelp.c.cvs: Added copyright
  
  Added copyright due to warning from checksrc.pl.

- RELEASE-NOTES: Synced with cd6ecf6a89

- sasl_sspi: Fixed hard coded buffer for response generation
  
  Given the SSPI package info query indicates a token size of 4096 bytes,
  updated to use a dynamic buffer for the response message generation
  rather than a fixed buffer of 1024 bytes.

- sasl_sspi: Fixed missing free of challenge buffer on SPN failure

- http_negotiate_sspi: Tidy up to remove the get_gss_name() function
  
  Due to the reduction of code in commit 3b924b29 of get_gss_name() the
  function isn't necessary anymore.

- http_negotiate_sspi: Use a dynamic buffer for SPN generation
  
  Updated to use a dynamic buffer for the SPN generation via the recently
  introduced Curl_sasl_build_spn() function rather than a fixed buffer of
  1024 characters, which should have been more than enough, but by using
  the new function removes the need for another variable sname to do the
  wide character conversion in Unicode builds.

- sasl: Tidy up to rename SPN variable from URI

- sasl: Use a dynamic buffer for SPN generation
  
  Updated Curl_sasl_create_digest_md5_message() to use a dynamic buffer
  for the SPN generation via the recently introduced Curl_sasl_build_spn()
  function rather than a fixed buffer of 128 characters.

- sasl_sspi: Fixed SPN not being converted to wchar under Unicode builds
  
  Curl_sasl_create_digest_md5_message() would simply cast the SPN variable
  to a TCHAR when calling InitializeSecurityContext(). This meant that,
  under Unicode builds, it would not be valid wide character string.
  
  Updated to use the recently introduced Curl_sasl_build_spn() function
  which performs the correct conversion for us.

- sasl: Introduced Curl_sasl_build_spn() for building a SPN
  
  Various parts of the libcurl source code build a SPN for inclusion in
  authentication data. This information is either used by our own native
  generation routines or passed to authentication functions in third-party
  libraries such as SSPI. However, some of these instances use fixed
  buffers rather than dynamically allocated ones and not all of those that
  should, convert to wide character strings in Unicode builds.
  
  Implemented a common function that generates a SPN and performs the
  wide character conversion where necessary.

- sasl_sspi: Fixed memory leak with not releasing Package Info struct
  
  Curl_sasl_create_digest_md5_message() wouldn't free the Package Info
  structure after QuerySecurityPackageInfo() had allocated it.

- [Michael Osipov brought this change]

  docs: Update SPNEGO and GSS-API related doc sections
  
  Reflect recent changes in SPNEGO and GSS-API code in the docs.
  Update them with appropriate namings and remove visible spots for
  GSS-Negotiate.

- sspi: Minor code tidy up to standardise coding style
  
  Following the recent changes and in attempt to align the SSPI based
  authentication code performed the following:
  
  * Use NULL and SECBUFFVERSION rather than hard coded constants.
  * Avoid comparison of zero in if statements.
  * Standardised the buf and desc setup code.

- schannel: Fixed compilation warning in vtls.c
  
  vtls.c:688:43: warning: unused parameter 'data'

- tool_getparam.c: Fixed compilation warning
  
  warning: `orig_opt' might be used uninitialized in this function

- RELEASE-NOTES: Synced with 159c3aafd8

Daniel Stenberg (8 Aug 2014)
- curl_ntlm_msgs: make < 80 columns wide

Steve Holme (8 Aug 2014)
- ntlm: Fixed hard coded buffer for SSPI based auth packet generation
  
  Given the SSPI package info query indicates a token size of 2888 bytes,
  and as with the Winbind code and commit 9008f3d56, use a dynamic buffer
  for the Type-1 and Type-3 message generation rather than a fixed buffer
  of 1024 bytes.

- ntlm: Added support for SSPI package info query
  
  Just as with the SSPI implementations of Digest and Negotiate added a
  package info query so that libcurl can a) return a more appropriate
  error code when the NTLM package is not supported and b) it can be of
  use later to allocate a dynamic buffer for the Type-1 and Type-3
  output tokens rather than use a fixed buffer of 1024 bytes.

Daniel Stenberg (7 Aug 2014)
- http2: added some more logging for debugging stream problems

- [Tatsuhiro Tsujikawa brought this change]

  HTTP/2: Reset promised stream, not its associated stream.

- [Tatsuhiro Tsujikawa brought this change]

  HTTP/2: Move :authority before non-pseudo header fields

- http2: show the received header for better debugging

- openssl: replace call to OPENSSL_config
  
  OPENSSL_config() is "strongly recommended" to use but unfortunately that
  function makes an exit() call on wrongly formatted config files which
  makes it hard to use in some situations. OPENSSL_config() itself calls
  CONF_modules_load_file() and we use that instead and we ignore its
  return code!
  
  Reported-by: Jan Ehrhardt
  Bug: http://curl.haxx.se/bug/view.cgi?id=1401

Dan Fandrich (7 Aug 2014)
- [Fabian Keil brought this change]

  runtests.pl: Pad test case numbers with up to three zeroes
  
  Test case numbers with four digits have been available for a
  while now.

Steve Holme (7 Aug 2014)
- docs: Added Negotiate to the SSPI current credentials usage description

- TODO: HTTP Digest via Windows SSPI

- TODO: FTP GSSAPI via Windows SSPI

- http_negotiate_sspi: Fixed specific username and password not working
  
  Bug: http://curl.haxx.se/mail/lib-2014-06/0224.html
  Reported-by: Leonardo Rosati

- http_negotiate_sspi: Fixed endless unauthorized loop in commit 6bc76194e8
  
  If the server rejects our authentication attempt and curl hasn't
  called CompleteAuthToken() then the status variable will be
  SEC_I_CONTINUE_NEEDED and not SEC_E_OK.
  
  As such the existing detection mechanism for determining whether or not
  the authentication process has finished is not sufficient.
  
  However, the WWW-Authenticate: Negotiate header line will not contain
  any data when the server has exhausted the negotiation, so we can use
  that coupled with the already allocated context pointer.

Daniel Stenberg (5 Aug 2014)
- RELEASE-NOTES: synced with 5b37db44a3eb

Dan Fandrich (5 Aug 2014)
- parsedate.c: fix the return code for an overflow edge condition

Daniel Stenberg (5 Aug 2014)
- [Toby Peterson brought this change]

  darwinssl: don't use strtok()
  
  The GetDarwinVersionNumber() function uses strtok, which is not
  thread-safe.

- Curl_ossl_version: adapted to detect BoringSSL
  
  This seems to be the way it should work. Right now we can't build with
  BoringSSL and try this out properly due to a minor API breakage.

- Curl_ossl_version: detect and show libressl
  
  LibreSSL is otherwise OpenSSL API compliant (so far)

- [Tatsuhiro Tsujikawa brought this change]

  HTTP/2: Fix infinite loop in readwrite_data()
  
  To prevent infinite loop in readwrite_data() function when stream is
  reset before any response body comes, reset closed flag to false once
  it is evaluated to true.

Dan Fandrich (3 Aug 2014)
- gtls: only define Curl_gtls_seed if Nettle is not being used

- ssl: provide Curl_ssl_backend even if no SSL library is available

Daniel Stenberg (2 Aug 2014)
- [Tatsuhiro Tsujikawa brought this change]

  HTTP2: Support expect: 100-continue
  
  "Expect: 100-continue", which was once deprecated in HTTP/2, is now
  resurrected in HTTP/2 draft 14.  This change adds its support to
  HTTP/2 code.  This change also includes stricter header field
  checking.

- CURLOPT_SSL_VERIFYPEER.3. add a warning about disabling it

- FEATURES: minor update

- openssl: make ossl_send return CURLE_OK better
  
  Previously it only returned a CURLcode for errors, which is when it
  returns a different size than what was passed in to it.
  
  The http2 code only checked the curlcode and thus failed.

- RELEASE-NOTES: synced with 7bb4c8cadb5d0

- [Michael Wallner brought this change]

  CURLOPT_HEADEROPT.3: typo: do -> to

- [Marcel Raad brought this change]

  schannel: use CryptGenRandom for random numbers
  
  This function is available for every Windows version since Windows 95/NT.
  
  reference:
  http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942.aspx

- curl_version_info.3: 'ssl_version_num' is always 0
  
  ... and has been so since 2005

- ssl: generalize how the ssl backend identifier is set
  
  Each backend now defines CURL_SSL_BACKEND accordingly. Added the *AXTLS
  one which was missing previously.

Dan Fandrich (31 Jul 2014)
- axtls: define curlssl_random using axTLS's PRNG

- cyassl: fix the test for ASN_NO_SIGNER_E
  
  It's an enum so a macro test won't work. The CyaSSL changelog doesn't
  say exactly when this error code was introduced, but it's likely
  to be 2.7.0.

- cyassl: use RNG_GenerateBlock to generate a good random number

- opts: fixed some typos

- smtp: fixed a segfault during test 1320 torture test
  
  Under these circumstances, the connection hasn't been fully established
  and smtp_connect hasn't been called, yet smtp_done still calls the state
  machine which dereferences the NULL conn pointer in struct pingpong.

Daniel Stenberg (30 Jul 2014)
- vtls: repair build without TLS support
  
  ... by defining Curl_ssl_random() properly

- polarssl: provide a (weak) random function
  
  This now provides a weak random function since PolarSSL doesn't have a
  quick and easy way to provide a good one. It does however provide the
  framework to make one so it _can_ and _should_ be done...

- [Michael Wallner brought this change]

  curl_tlsinfo -> curl_tlssessioninfo

- cyassl: use the default (weeker) random
  
  I couldn't find any dedicated function in its API to get a "good" random
  with.

- cyassl: made it compile with version 2.0.6 again
  
  ASN_NO_SIGNER_E didn't exist back then!

- vtls: make the random function mandatory in the TLS backend
  
  To force each backend implementation to really attempt to provide proper
  random. If a proper random function is missing, then we can explicitly
  make use of the default one we use when TLS support is missing.
  
  This commit makes sure it works for darwinssl, gnutls, nss and openssl.

- libcurl.m4: include the standard source header
  
  ... with permission from David Shaw

Kamil Dudka (28 Jul 2014)
- nss: do not check the version of NSS at run time
  
  The minimal required version of NSS is 3.14.x so it does not make sense
  to check for NSS 3.12.0+ at run time.

Daniel Stenberg (28 Jul 2014)
- [Anthon Pang brought this change]

  curl.h: bring back CURLE_OBSOLETE16
  
  Removing defines, even obsolete ones that haven't been used for a very
  long time, still break a lot of applications.
  
  Bug: https://github.com/bagder/curl/pull/106

Dan Fandrich (26 Jul 2014)
- [Fabian Keil brought this change]

  tests: Fix a couple of incomplete response lines

- [Fabian Keil brought this change]

  runtests.pl: Remove filteroff() which hasn't been used since 2001

- [Fabian Keil brought this change]

  runtests.pl: Don't expect $TESTDIR/DISABLED to exist
  
  If a non-standard $TESTDIR is used the file may not be necessary.
  
  Previously a "missing" file resulted in the warning:
  readline() on closed filehandle D at ./runtests.pl line 4940.

- [Fabian Keil brought this change]

  getpart.pm: Fix a comment typo

Daniel Stenberg (25 Jul 2014)
- c-ares: fix build without IPv6 support
  
  Bug: http://curl.haxx.se/mail/lib-2014-07/0337.html
  Reported-by: Spork Schivago

- Curl_base64url_encode: unit-tested in 1302

- base64: added Curl_base64url_encode()
  
  This is now used by the http2 code. It has two different symbols at the
  end of the base64 table to make the output "url safe".
  
  Bug: https://github.com/tatsuhiro-t/nghttp2/issues/62

- [Marcel Raad brought this change]

  SSPI Negotiate: Fix 3 memory leaks
  
  Curl_base64_decode allocates the output string by itself and two other
  strings were not freed either.

- symbols: CURL_VERSION_GSSNEGOTIATE is deprecated

- test1013.pl: GSS-Negotiate doesn't exist as a feature anymore

- [Sergey Nikulov brought this change]

  libtest: fixed duplicated line in Makefile
  
  Bug: https://github.com/bagder/curl/pull/105

Patrick Monnerat (23 Jul 2014)
- GSSAPI: remove useless *_MECHANISM defines.

Daniel Stenberg (23 Jul 2014)
- findprotocol: show unsupported protocol within quotes
  
  ... to aid when for example prefixed with a space or other weird
  character.

Patrick Monnerat (23 Jul 2014)
- GSSAPI: private export mechanisms OIDs. OS400: Make RPG binding up to date.

Daniel Stenberg (23 Jul 2014)
- [Marcel Raad brought this change]

  conncache: fix compiler warning
  
  warning C4267: '=' : conversion from 'size_t' to 'long', possible loss
  of data
  
  The member connection_id of struct connectdata is a long (always a
  32-bit signed integer on Visual C++) and the member next_connection_id
  of struct conncache is a size_t, so one of them should be changed to
  match the other.
  
  This patch the size_t in struct conncache to long (the less invasive
  change as that variable is only ever used in a single code line).
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1399

- RELEASE-NOTES: synced with 81cd24adb8b

- http2: more and better error checking
  
  1 - fixes the warnings when built without http2 support
  
  2 - adds CURLE_HTTP2, a new error code for errors detected by nghttp2
  basically when they are about http2 specific things.

Dan Fandrich (23 Jul 2014)
- cyassl.c: return the correct error code on no CA cert
  
  CyaSSL 3.0.0 returns a unique error code if no CA cert is available,
  so translate that into CURLE_SSL_CACERT_BADFILE when peer verification
  is requested.

Daniel Stenberg (23 Jul 2014)
- symbols-in-versions: new SPNEGO/GSS-API symbols in 7.38.0

- test1013.pl: remove SPNEGO/GSS-API tweaks
  
  No longer necessary after Michael Osipov's rework

- http_negotiate: remove unused variable

- [Michael Osipov brought this change]

  docs: Improve inline GSS-API naming in code documentation

- [Michael Osipov brought this change]

  curl.h/features: Deprecate GSS-Negotiate macros due to bad naming
  
  - Replace CURLAUTH_GSSNEGOTIATE with CURLAUTH_NEGOTIATE
  - CURL_VERSION_GSSNEGOTIATE is deprecated which
    is served by CURL_VERSION_SSPI, CURL_VERSION_GSSAPI and
    CURUL_VERSION_SPNEGO now.
  - Remove display of feature 'GSS-Negotiate'

- [Michael Osipov brought this change]

  configure/features: Add feature and version info for GSS-API and SPNEGO

- [Michael Osipov brought this change]

  HTTP: Remove checkprefix("GSS-Negotiate")
  
  That auth mech has never existed neither on MS nor on Unix side.
  There is only Negotiate over SPNEGO.

- [Michael Osipov brought this change]

  curl_gssapi: Add macros for common mechs and pass them appropriately
  
  Macros defined: KRB5_MECHANISM and SPNEGO_MECHANISM called from
  HTTP, FTP and SOCKS on Unix

- CONNECT: Revert Curl_proxyCONNECT back to 7.29.0 design
  
  This reverts commit cb3e6dfa3511 and instead fixes the problem
  differently.
  
  The reverted commit addressed a test failure in test 1021 by simplifying
  and generalizing the code flow in a way that damaged the
  performance. Now we modify the flow so that Curl_proxyCONNECT() again
  does as much as possible in one go, yet still do test 1021 with and
  without valgrind. It failed due to mistakes in the multi state machine.
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1397
  Reported-by: Paul Saab

- [Marcel Raad brought this change]

  url.c: use the preferred symbol name: *READDATA
  
  with CURL_NO_OLDIES defined, it doesn't compile because this deprecated
  symbol (*INFILE) is used
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1398

Dan Fandrich (19 Jul 2014)
- [Alessandro Ghedini brought this change]

  CURLOPT_CHUNK_BGN_FUNCTION: fix typo

Kamil Dudka (18 Jul 2014)
- [Alessandro Ghedini brought this change]

  build: link curl to NSS libraries when NSS support is enabled
  
  This fixes a build failure on Debian caused by commit
  24c3cdce88f39731506c287cb276e8bf4a1ce393.
  
  Bug: http://curl.haxx.se/mail/lib-2014-07/0209.html

Steve Holme (17 Jul 2014)
- build: Removed unnecessary XML Documentation file directive from VC8 to VC12
  
  The curl tool project files for VC8 to VC12 would set this setting to
  $(IntDir) which is the Visual Studio default value. To avoid confusion
  when viewing settings from within Visual Studio and for consistency
  with the libcurl project files removed this setting.
  
  Conflicts:
        projects/Windows/VC10/src/curlsrc.tmpl
        projects/Windows/VC11/src/curlsrc.tmpl
        projects/Windows/VC12/src/curlsrc.tmpl
        projects/Windows/VC8/src/curlsrc.tmpl
        projects/Windows/VC9/src/curlsrc.tmpl

- build: Removed unnecessary Precompiled Header file directive in VC7 to VC12
  
  The curl tool project files for VC7 to VC12 would set this settings to
  $(IntDir)$(TargetName).pch which is the Visual Studio default value. To
  avoid confusion when viewing settings from within Visual Studio and for
  consistency with the libcurl project files removed this setting.
  
  Conflicts:
        projects/Windows/VC10/src/curlsrc.tmpl
        projects/Windows/VC11/src/curlsrc.tmpl
        projects/Windows/VC12/src/curlsrc.tmpl
        projects/Windows/VC8/src/curlsrc.tmpl
        projects/Windows/VC9/src/curlsrc.tmpl

- build: Removed unnecessary ASM and Object file directives in VC7 to VC12
  
  The curl tool project files for VC7 to VC12 would set these settings to
  $(IntDir) which is the Visual Studio default value. To avoid confusion
  when viewing settings from within Visual Studio and for consistency
  with the libcurl project files removed these two settings.

Daniel Stenberg (17 Jul 2014)
- [Dave Reisner brought this change]

  src/Makefile.am: add .DELETE_ON_ERROR
  
  This prevents targets like tool_hugehelp.c from leaving around
  half-constructed files if the rule fails with GNU make.
  
  Reported-by: Rafaël Carré <funman@videolan.org>

- THANKS: added new contributors from 7.37.1 announcement

Dan Fandrich (17 Jul 2014)
- testcurl.pl: log the value of --runtestopts in the test header

Daniel Stenberg (16 Jul 2014)
- RELEASE-NOTES: cleared, working towards next release

- curl_gssapi.c: make line shorter than 80 columns

- [David Woodhouse brought this change]

  Fix negotiate auth to proxies to track correct state

- [David Woodhouse brought this change]

  Don't abort Negotiate auth when the server has a response for us
  
  It's wrong to assume that we can send a single SPNEGO packet which will
  complete the authentication. It's a *negotiation* — the clue is in the
  name. So make sure we handle responses from the server.
  
  Curl_input_negotiate() will already handle bailing out if it thinks the
  state is GSS_S_COMPLETE (or SEC_E_OK on Windows) and the server keeps
  talking to us, so we should avoid endless loops that way.

- [David Woodhouse brought this change]

  Don't clear GSSAPI state between each exchange in the negotiation
  
  GSSAPI doesn't work very well if we forget everything ever time.
  
  XX: Is Curl_http_done() the right place to do the final cleanup?

- [David Woodhouse brought this change]

  Use SPNEGO for HTTP Negotiate
  
  This is the correct way to do SPNEGO. Just ask for it
  
  Now I correctly see it trying NTLMSSP authentication when a Kerberos ticket
  isn't available. Of course, we bail out when the server responds with the
  challenge packet, since we don't expect that. But I'll fix that bug next...

- [David Woodhouse brought this change]

  Remove all traces of FBOpenSSL SPNEGO support
  
  This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which
  allows client and server to negotiate the underlying mechanism which will
  actually be used to authenticate. This is *often* Kerberos, and can also
  be NTLM and other things. And to complicate matters, there are various
  different OIDs which can be used to specify the Kerberos mechanism too.
  
  A SPNEGO exchange will identify *which* GSSAPI mechanism is being used,
  and will exchange GSSAPI tokens which are appropriate for that mechanism.
  
  But this SPNEGO implementation just strips the incoming SPNEGO packet
  and extracts the token, if any. And completely discards the information
  about *which* mechanism is being used. Then we *assume* it was Kerberos,
  and feed the token into gss_init_sec_context() with the default
  mechanism (GSS_S_NO_OID for the mech_type argument).
  
  Furthermore... broken as this code is, it was never even *used* for input
  tokens anyway, because higher layers of curl would just bail out if the
  server actually said anything *back* to us in the negotiation. We assume
  that we send a single token to the server, and it accepts it. If the server
  wants to continue the exchange (as is required for NTLM and for SPNEGO
  to do anything useful), then curl was broken anyway.
  
  So the only bit which actually did anything was the bit in
  Curl_output_negotiate(), which always generates an *initial* SPNEGO
  token saying "Hey, I support only the Kerberos mechanism and this is its
  token".
  
  You could have done that by manually just prefixing the Kerberos token
  with the appropriate bytes, if you weren't going to do any proper SPNEGO
  handling. There's no need for the FBOpenSSL library at all.
  
  The sane way to do SPNEGO is just to *ask* the GSSAPI library to do
  SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context()
  is for. And then it should all Just Work™.
  
  That 'sane way' will be added in a subsequent patch, as will bug fixes
  for our failure to handle any exchange other than a single outbound
  token to the server which results in immediate success.

- [David Woodhouse brought this change]

  ntlm_wb: Avoid invoking ntlm_auth helper with empty username

- [David Woodhouse brought this change]

  ntlm_wb: Fix hard-coded limit on NTLM auth packet size
  
  Bumping it to 1KiB in commit aaaf9e50ec is all very well, but having hit
  a hard limit once let's just make it cope by reallocating as necessary.

Version 7.37.1 (16 Jul 2014)

Daniel Stenberg (16 Jul 2014)
- RELEASE-NOTES: synced with 4cb2521595

- test506: verify aa6884845168
  
  After the fixed cookie lock deadlock, this test now passes and it
  detects double-locking and double-unlocking of mutexes.

- [Yousuke Kimoto brought this change]

  cookie: avoid mutex deadlock
  
  ... by removing the extra mutex locks around th call to
  Curl_flush_cookies() which takes care of the locking itself already.
  
  Bug: http://curl.haxx.se/mail/lib-2014-02/0184.html

- gnutls: fix compiler warning
  
  conversion to 'int' from 'long int' may alter its value

Dan Fandrich (15 Jul 2014)
- test320: strip off the actual negotiated cipher width
  
  It's irrelevant to the test, and will change depending on which SSL
  library is being used by libcurl.

- gnutls: detect lack of SRP support in GnuTLS at run-time and try without
  
  Reported-by: David Woodhouse

Daniel Stenberg (14 Jul 2014)
- [Michał Górny brought this change]

  configure: respect host tool prefix for krb5-config
  
  Use ${host_alias}-krb5-config if available. This improves cross-
  compilation support and fixes multilib on Gentoo (at least).

- [David Woodhouse brought this change]

  gnutls: handle IP address in cert name check
  
  Before GnuTLS 3.3.6, the gnutls_x509_crt_check_hostname() function
  didn't actually check IP addresses in SubjectAltName, even though it was
  explicitly documented as doing so. So do it ourselves...

Dan Fandrich (14 Jul 2014)
- build: set _POSIX_PTHREAD_SEMANTICS on Solaris to get proper getpwuid_r

Daniel Stenberg (14 Jul 2014)
- RELEASE-NOTES: next one is called 7.37.1

Dan Fandrich (13 Jul 2014)
- gnutls: improved error message if setting cipher list fails
  
  Reported-by: David Woodhouse

- netrc: fixed thread safety problem by using getpwuid_r if available
  
  The old way using getpwuid could cause problems in programs that enable
  reading from netrc files simultaneously in multiple threads.
  
  Reported-by: David Woodhouse

- RELEASE-NOTES: add the reporter of the previous bug fix

- netrc: treat failure to find home dir same as missing netrc file
  
  This previously caused a fatal error (with a confusing error code, at
  that).
  
  Reported by: Glen A Johnson Jr.

Steve Holme (12 Jul 2014)
- RELEASE-NOTES: Synced with aaaf9e50ec

- ntlm_wb: Fixed buffer size not being large enough for NTLMv2 sessions
  
  Bug: http://curl.haxx.se/mail/lib-2014-07/0103.html
  Reported-by: David Woodhouse

- build: Fixed overridden compiler PDB settings in VC7 to VC12
  
  The curl tool project files for VC7 to VC12 would override the default
  setting with the output filename being the same as the linker PDB file.
  As such the compiler file would be overwritten with the linker file
  for all debug builds.
  
  To avoid this overwrite and for consistency with the libcurl project
  files, removed the setting to force the default filename to be used.

Dan Fandrich (12 Jul 2014)
- tests: added globbing keyword to URL globbing tests

- Fixed some "statement not reached" warnings

- gnutls: fixed a couple of uninitialized variable references

- gnutls: fixed compilation against versions < 2.12.0
  
  The AES-GCM ciphers were added to GnuTLS as late as ver. 3.0.1 but
  the code path in which they're referenced here is only ever used for
  somewhat older GnuTLS versions. This caused undeclared identifier errors
  when compiling against those.

- gnutls: explicitly added SRP to the priority string
  
  This seems to have become necessary for SRP support to work starting
  with GnuTLS ver. 2.99.0. Since support for SRP was added to GnuTLS
  before the function that takes this priority string, there should be no
  issue with backward compatibility.

- tests: adjust for capitalization differences in newer gnutls-serv

- test320/1/2/4: fix the port number substitution variables
  
  These tests have been broken since commit 1958fe57 in Oct. 2011

- tests: document more test identifiers and variables

- gnutls: ignore invalid certificate dates with VERIFYPEER disabled
  
  This makes the behaviour consistent with what happens if a date can
  be extracted from the certificate but is expired.

Steve Holme (10 Jul 2014)
- CURLOPT_UPLOAD: Corrected argument type

Daniel Stenberg (9 Jul 2014)
- FAQ: expand the thread-safe section
  
  ... with a mention of *NOSIGNAL, based on talk in bug #1386

Dan Fandrich (9 Jul 2014)
- url.c: Fixed memory leak on OOM
  
  This showed itself on some systems with torture failures
  in tests 1060 and 1061

- Update instances of some obsolete CURLOPTs to their new names

Daniel Stenberg (5 Jul 2014)
- [Marcel Raad brought this change]

  compiler warnings: potentially uninitialized variables
  
  ... pointed out by MSVC2013
  
  Bug: http://curl.haxx.se/bug/view.cgi?id=1391

Kamil Dudka (4 Jul 2014)
- nss: make the list of CRL items global
  
  Otherwise NSS could use an already freed item for another connection.

- nss: fix a memory leak when CURLOPT_CRLFILE is used

- nss: make crl_der allocated on heap
  
  ... and spell it as crl_der instead of crlDER

- nss: let nss_{cache,load}_crl return CURLcode

- tool: oops, forgot to include <plarenas.h>
  
  ... that contains the declaration of PL_ArenaFinish()

- tool: call PL_ArenaFinish() on exit if NSPR is used
  
  This prevents valgrind from reporting still reachable memory allocated
  by NSPR arenas (mainly the freelist).
  
  Reported-by: Hubert Kario

Daniel Stenberg (3 Jul 2014)
- [Dimitrios Siganos brought this change]

  example: use correct type (long) for CURLOPT_FOLLOWLOCATION

- [Dimitrios Siganos brought this change]

  Document type of argument for CURLOPT_FOLLOWLOCATION.

- [Dimitrios Siganos brought this change]

  Document type of argument for CURLOPT_ERRORBUFFER.

- [Dimitrios Siganos brought this change]

  Document type of argument for CURLOPT_COPYPOSTFIELDS.

- [Dimitrios Siganos brought this change]

  Document type of argument for CURLOPT_ADDRESS_SCOPE.

- curl.1: minor language fix
  
  Bug: http://curl.haxx.se/mail/archive-2014-07/0006.html

- [Ray Satiro brought this change]

  progress callback: skip last callback update on errors
  
  When an error has been detected, skip the final forced call to the
  progress callback by making sure to pass the current return code
  variable in the Curl_done() call in the CURLM_STATE_DONE state.
  
  This avoids the "extra" callback that could occur even if you returned
  error from the progress callback.
  
  Bug: http://curl.haxx.se/mail/lib-2014-06/0062.html
  Reported by: Jonathan Cardoso Machado

Dan Fandrich (2 Jul 2014)
- opts: fixed some CURLOPT references so they get turned into links

Kamil Dudka (2 Jul 2014)
- tool: call PR_Cleanup() on exit if NSPR is used
  
  This prevents valgrind from reporting possibly lost memory that NSPR
  uses for file descriptor cache and other globally allocated internal
  data structures.

- nss: make the fallback to SSLv3 work again
  
  This feature was unintentionally disabled by commit ff92fcfb.

- nss: do not abort on connection failure
  
  ... due to calling SSL_VersionRangeGet() with NULL file descriptor
  
  reported-by: upstream tests 305 and 404

Dan Fandrich (1 Jul 2014)
- opts: Document the socket callback function parameters

Steve Holme (28 Jun 2014)
- opts: Fixed some typos

Dan Fandrich (25 Jun 2014)
- curl_easy_setopt.3: fixed the error code for an unsupported option

- opts: added some DEFAULT and RETURN VALUE sections

Daniel Stenberg (21 Jun 2014)
- libcurl docs: man page edits
  
  mainly to improve how the web versions render

Dan Fandrich (21 Jun 2014)
- curl_easy_setopt.3: fixed some typos

Daniel Stenberg (21 Jun 2014)
- lib man pages: update easy setopt option references
  
  ... by using the "\fIopt(3)\fP" syntax they will be linked properly when
  the web version of the page is generated.

- opts: the CURLOPT_SSL_ENABLE_*PN options are enabled by default

- [Colin Hogben brought this change]

  lib: documentation updates in README.hostip
  
  c-ares now does support IPv6;
  avoid implying threaded resolver is Windows-only;
  two referenced source files were renamed in 7de2f92

- curl_easy_setopt.3: CURLOPT_POSTFIELDS is the exception
  
  ... to the always-copy-char *-argument.
  
  And fix some minor mistakes.

- curl_easy_setopt.3: refer to the individual man pages
  
  With all the new individual option man pages created, this now refers to
  each separate one instead of duplicaing the info. Also makes this page
  easier to overview.

Dan Fandrich (21 Jun 2014)
- opts: fixed mancheck for out-of-tree builds

Daniel Stenberg (21 Jun 2014)
- curl_easy_setopt.3: shorten
  
  shorten descriptions, mostly refer to the separate descriptions

- CURLOPT_DNS_LOCAL_IP4.3: better short desc

Dan Fandrich (20 Jun 2014)
- opts: document CURLE_OUT_OF_MEMORY among other return values

- opts: fixed some typos

Daniel Stenberg (20 Jun 2014)
- opts: various corrections

- opts: add the rest of the options
  
  ... and fixed mancheck to ignore obsolete options

- opts: the final bunch of options as man pages
  
  Now all current options have their own man pages.

- opts: 37 additional man pages

- CURLOPT_URL: move up the text from "Notes"

- ROADMAP: removed, now ROADMAP.md

- ROADMAP.md: make it markdown formatted

- ROADMAP: initial commit of "curl the next few years"
  
  To be further discussed, debated and edited

- opts: more man pages

- CURLOPT_UNRESTRICTED_AUTH.3: added missing 'T'

- opts: makefile now includes all current man pages

- opts: 11 more man pages

Dan Fandrich (18 Jun 2014)
- opts: document CURLE_OUT_OF_MEMORY as RETURN VALUE

- opts: fixed a couple of typos

Patrick Monnerat (18 Jun 2014)
- OS400: make it compilable again. Make RPG binding up to date.

- buildconf: do not search tools in current directory.

Dan Fandrich (18 Jun 2014)
- curl.h: renamed CURLOPT_DEPRECATEDx to CURLOPT_OBSOLETEx
  
  This is consistent with the existing obsolete error code naming
  convention.

Daniel Stenberg (18 Jun 2014)
- opts: 16 more man pages