7.14.1 coming right up

broke krb4 builds!

CHANGES

@@ -7,6 +7,19 @@
                                   Changelog
 
 
+Version 7.14.1 (1 September 2005)
+
+Daniel (29 August 2005)
+- Kevin Lussier pointed out a problem with curllib.dsp and how to fix it.
+
+- Igor Polyakov fixed a rather nasty problem with the threaded name resolver
+  for Windows, that could lead to an Access Violation when the multi interface
+  was used due to an issue with how the resolver thread was and was not
+  terminated.
+
+- Simon Josefsson brought a patch that allows curl to get built to use GNU GSS
+  instead of MIT/Heimdal for GSS capabilities.
+
 Daniel (24 August 2005)
 - Toby Peterson added CURLOPT_IGNORE_CONTENT_LENGTH to the library, accessible
   from the command line tool with --ignore-content-length. This will make it
@@ -14,7 +27,7 @@ Daniel (24 August 2005)
   still having problems serving files larger than 2 or 4 GB. When this option
   is enabled, curl will simply have to wait for the server to close the
   connection to signal end of transfer. I wrote test case 269 that runs a
-  simple test that this works.
+  simple test to verify that this works.
 
 - (Trying hard to exclude emotions now.) valgrind version 3 suddenly renamed
   the --logfile command line option to --log-file, and thus the test script
@@ -22,7 +35,8 @@ Daniel (24 August 2005)
   alters the valgrind command line accordingly.
 
 - Fixed CA cert verification using GnuTLS with the default bundle, which
-  previously failed due to GnuTLS not allowing x509 v1 CA certs by default.     
+  previously failed due to GnuTLS not allowing x509 v1 CA certs by default.
+  Ralph Mitchell reported.
 
 Daniel (19 August 2005)
 - Norbert Novotny had problems with FTPS and he helped me work out a patch

RELEASE-NOTES

@@ -11,6 +11,7 @@ Curl and libcurl 7.14.1
 
 This release includes the following changes:
 
+ o GNU GSS support
  o --ignore-content-length and CURLOPT_IGNORE_CONTENT_LENGTH added
  o negotiates data connection SSL earlier when doing FTPS with PASV
  o CURLOPT_COOKIELIST and CURLINFO_COOKIELIST
@@ -20,6 +21,8 @@ This release includes the following changes:
 
 This release includes the following bugfixes:
 
+ o MSVC build problem with the DSP file
+ o windows threaded resolver access violation with multi interface
  o test suite works with valgrind 3
  o CA cert verification with GnuTLS builds
  o handles expiry times in cookie files that go beyond 32 bits in size
@@ -43,7 +46,7 @@ This release includes the following bugfixes:
  o c-ares enabled build with mingw
  o proxy host set with numerical IPv6 address
  o better treatment of binary zeroes in HTTP response headers
- o fixed the notorius FTP server failure in the test suite
+ o fixed the notorious FTP server failure in the test suite
  o better checking of text output in the test suite on windows
  o FTP servers' TYPE command response check made less strict
  o URL-without-slash as in http://somehost?data
@@ -57,6 +60,7 @@ Other curl-related news since the previous public release:
  o http://curl.miscellaneousmirror.org is a new German curl mirror
  o LuaCURL by Alexander Marinov at http://luacurl.luaforge.net/
  o http://curl.hostingzero.com/ is a new US curl mirror
+ o ocurl 0.2.1 was released at http://sourceforge.net/projects/ocurl
 
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
@@ -65,6 +69,6 @@ advice from friends like these:
  Tupone Alfredo, Gisle Vanem, David Shaw, Andrew Bushnell, Dan Fandrich,
  Adrian Schuur, Diego Casorran, Peteris Krumins, Jon Grubbs, Christopher
  R. Palmer, Mario Schroeder, Richard Clayton, James Bursa, Jeff Pohlmeyer,
- Norbert Novotny, Toby Peterson
+ Norbert Novotny, Toby Peterson, Simon Josefsson, Igor Polyakov, Kevin Lussier
 
         Thanks! (and sorry if I forgot to mention someone)

configure.ac

@@ -687,7 +687,7 @@ AC_ARG_WITH(gssapi-includes,
 AC_ARG_WITH(gssapi-libs,
   AC_HELP_STRING([--with-gssapi-libs=DIR],
   		 [Specify location of GSSAPI libs]),
-  [ GSSAPI_LIBS="-L$withval -lgssapi"
+  [ GSSAPI_LIBS="-L$withval"
     want_gss="yes" ]
 )
 
@@ -700,8 +700,11 @@ AC_ARG_WITH(gssapi,
   fi
 ])
 
+save_CPPFLAGS="$CPPFLAGS"
 AC_MSG_CHECKING([if GSSAPI support is requested])
 if test x"$want_gss" = xyes; then
+  AC_MSG_RESULT(yes)
+
   if test -z "$GSSAPI_INCS"; then
      if test -f "$GSSAPI_ROOT/bin/krb5-config"; then
         GSSAPI_INCS=`$GSSAPI_ROOT/bin/krb5-config --cflags gssapi`
@@ -710,8 +713,49 @@ if test x"$want_gss" = xyes; then
      fi
   fi
   CPPFLAGS="$CPPFLAGS $GSSAPI_INCS"
-  
-  if test -z "$GSSAPI_LIB_DIR"; then
+
+  AC_CHECK_HEADER(gss.h,
+    [
+      dnl found in the given dirs
+      AC_DEFINE(HAVE_GSSGNU, 1, [if you have the GNU gssapi libraries])
+      gnu_gss=yes
+    ],
+    [
+      dnl not found, check Heimdal
+      AC_CHECK_HEADER(gssapi.h,
+        [
+          dnl found in the given dirs
+          AC_DEFINE(HAVE_GSSHEIMDAL, 1, [if you have the Heimdal gssapi libraries])
+        ],
+        [
+          dnl not found, check in gssapi/ subdir 
+          AC_CHECK_HEADER(gssapi/gssapi.h,
+            [
+              dnl found 
+              AC_DEFINE(HAVE_GSSMIT, 1, [if you have the MIT gssapi libraries])
+            ],
+            [
+              dnl no header found, disabling GSS
+              want_gss=no
+              AC_MSG_WARN(disabling GSSAPI since no header files was found)
+            ]
+          )
+        ]
+      )        
+    ]
+  )
+else
+  AC_MSG_RESULT(no)
+fi
+if test x"$want_gss" = xyes; then
+  AC_DEFINE(HAVE_GSSAPI, 1, [if you have the gssapi libraries])
+
+  curl_gss_msg="enabled (MIT/Heimdal)"
+
+  if test -n "$gnu_gss"; then
+    curl_gss_msg="enabled (GNU GSS)"
+    LDFLAGS="$LDFLAGS $GSSAPI_LIB_DIR -lgss"
+  elif test -z "$GSSAPI_LIB_DIR"; then
      if test -f "$GSSAPI_ROOT/bin/krb5-config"; then
         gss_ldflags=`$GSSAPI_ROOT/bin/krb5-config --libs gssapi`
 	LDFLAGS="$LDFLAGS $gss_ldflags"
@@ -721,31 +765,10 @@ if test x"$want_gss" = xyes; then
         LDFLAGS="$LDFLAGS -lgssapi"
      fi
   else
-     LDFLAGS="$LDFLAGS $GSSAPI_LIB_DIR"
+     LDFLAGS="$LDFLAGS $GSSAPI_LIB_DIR -lgssapi"
   fi
-
-  AC_MSG_RESULT(yes)
-  AC_DEFINE(HAVE_GSSAPI, 1, [if you have the gssapi libraries])
-
-  curl_gss_msg="enabled"
-
-  AC_CHECK_HEADER(gssapi.h,
-    [
-       dnl found in the given dirs
-      AC_DEFINE(HAVE_GSSHEIMDAL, 1, [if you have the Heimdal gssapi libraries])
-    ],
-    [
-      dnl not found, check in gssapi/ subdir 
-      AC_CHECK_HEADER(gssapi/gssapi.h,
-        dnl found 
-        AC_DEFINE(HAVE_GSSMIT, 1, [if you have the MIT gssapi libraries])
-      )
-      
-    ]
-  )
-
 else
-  AC_MSG_RESULT(no)
+  CPPFLAGS="$save_CPPFLAGS"
 fi
   
 dnl **********************************************************************

docs/DISTRO-DILEMMA

@@ -0,0 +1,186 @@
+Date: September 1, 2005
+Author: Daniel Stenberg <daniel@haxx.se>
+URL: http://curl.haxx.se/legal/distro-dilemma.html
+
+Condition
+
+ This document is written to describe the sitution as it is right now. libcurl
+ 7.14.0 is currently the latest version available. Things may (or perhaps
+ will) of course change in the future.
+
+ This document reflects my view and understanding of these things. Please tell
+ me where and how you think I'm wrong, and I'll try to correct my mistakes.
+
+Background 
+
+ The Free Software Foundation has deemed the Original BSD license[1] to be
+ "incompatible"[2] with GPL[3]. I'd rather say it is the other way around, but
+ the point is the same: if you distribute a binary version of a GPL program,
+ it MUST NOT be linked with any Original BSD-licenced parts or
+ libraries. Doing so will violate the GPL license. For a long time, very many
+ GPL licensed programs have avoided this license mess by adding an
+ exception[8] to their license. And many others have just closed their eyes
+ for this problem.
+
+ libcurl is MIT-style[4] licensed - how on earth did this dilemma fall onto
+ our plates?
+
+ libcurl is only a little library. libcurl can be built to use OpenSSL for its
+ SSL/TLS capabilities. OpenSSL is basically Original BSD licensed[5].
+
+ If libcurl built to use OpenSSL is used by a GPL-licensed application and you
+ decide to distribute a binary version of it (Linux distros - for example -
+ tend to), you have a clash. GPL vs Original BSD.
+
+ This dilemma is not libcurl-specific nor is it specific to any particular
+ Linux distro.
+
+Part of the Operating System
+
+ This would not be a problem if the used lib would be considered part of the
+ uderlying operating system, as then the GPL license has an exception
+ clause[6] that allows applications to use such libs without having to be
+ allowed to distribute it or its sources. Possibly some distros will claim
+ that OpenSSL is part of their operating system.
+
+ Debian does however not take this stance and has officially(?) claimed that
+ OpenSSL is not a required part of the Debian operating system
+
+Debian-legal
+
+ In August 2004 I figured I should start pulling people's attention to this to
+ see if anyone has any bright ideas or if they would dismiss my worries based
+ on some elegant writing I had missed somewhere:
+
+ My post to debian-legal on August 12 2004:
+
+        http://lists.debian.org/debian-legal/2004/08/msg00279.html
+
+ Several people agreed then that this is a known and rather big problem, but
+ the following discussion didn't result in much.
+
+GnuTLS
+
+ With the release of libcurl 7.14.0 (May 2005), it can now get built to use
+ GnuTLS instead of OpenSSL. GnuTLS is a LGPL[7] licensed library that offers a
+ matching set of features as OpenSSL does. Now, you can build and distribute
+ an SSL capable libcurl without including any Original BSD licensed code.
+
+ I believe Debian is the first distro to provide libcurl/GnutTLS packages.
+
+GnuTLS vs OpenSSL
+
+ While these two libraries offer similar features, they are not equal. Both
+ libraries have features the other one lacks. libcurl does not (yet) offer a
+ standardized stable ABI if you decide to switch from using libcurl-openssl to
+ libcurl-gnutls or vice versa. The GnuTLS support is very recent in libcurl
+ and it has not been tested nor used very extensively, while the OpenSSL
+ equivalent code has been used and thus matured for more than seven (7) years.
+
+ In August 2005, the debian-devel mailing list discovered the license issue as
+ a GPL licensed application wanted SSL capabilities from libcurl and thus was
+ forced to use the GnuTLS powered libcurl. For a reason that is unknown to me,
+ the application authors didn't want to or was unable to add an exception to
+ their GPL license. Alas, the license problem hit the fan again.
+
+The Better License, Original BSD or LGPL?
+
+ It isn't obvious or without debate to any objective interested party that
+ either of these licenses are the "better" or even the "preferred" one in a
+ generic situation.
+
+ Instead, I think we should accept the fact that the SSL/TLS libraries and
+ their different licenses will fit different applications and their authors
+ differently depending on the applications' licenses and their general usage
+ pattern (considering how LGPL libraries can be burdonsome for embedded
+ systems usage).
+
+More SSL Libraries
+
+ In libcurl, there's no stopping us here. There are at least a few more Open
+ Source/Free SSL/TLS libraries and we would very much like to support them as
+ well, to offer application authors an even wider scope of choice.
+
+Application Angle of this Problem
+
+ libcurl is built to use one SSL/TLS library. It uses a single fixed name (by
+ default), and applications are built/linked to use that single lib. Replacing
+ one libcurl instance with another one that uses the other SSL/TLS library
+ might break one or more applications (due to ABI differences and/or different
+ feature set). You want your application to use the libcurl it was built for.
+
+Project cURL Angle of this Problem
+
+ We distribute libcurl and everyone may build libcurl with either library. At
+ their choice. This problem is not directly a problem of ours. It merely
+ affects users - GPL application authors only - of our lib as it comes
+ included and delivered on some distros.
+
+Distro Angle of this Problem
+
+ A distro can provide separate libcurls built with different SSL/TLS libraries
+ to work around this, but at least Debian seems to be very hostile against
+ such an approach, probably since it makes things like devel packages for the
+ different libs collide since they would provide the same include files and
+ man pages etc.
+
+Fixing the Only Problem
+
+ The only problem is thus for distributions that want to offer libcurl
+ versions built with more than one SSL/TLS library.
+
+ Since multiple libcurl binaries using different names are ruled out, we need
+ to come up with a way to have one single libcurl that someone uses different
+ underlying libraries. The best(?) approach currently suggested involves this:
+
+ A new intermediate library (named lib2 so far in the discussions) with the
+ single purpose of providing libcurl with SSL/TLS capabilities. It would have
+ a unified API and ABI no matter what underlying library it would use.
+
+ There would be one lib2 binary provided for each supported SSL/TLS library.
+ For example: lib2-openssl, lib2-gnutls, lib2-yassl, lib2-matrixssl and
+ lib2-nossl. Yes, take note of the last one that provides the lib2 ABI but
+ that lacks the actual powers.
+
+ When libcurl is built and linked, it will be linked against a lib2 with the
+ set ABI.
+
+ When you link an app against libcurl, it would also need to provide one of
+ the (many) lib2 libs to decide what approach that fits the app. An app that
+ doesn't want SSL at all would still need to link with the lib2-nossl lib.
+
+ GPL apps can pick the lib2-gnutls, others may pick the lib2-openssl.
+
+ This concept works equally well both for shared and static libraries.
+
+ A positive side effect of this approach could be a more generic "de facto"
+ standard API for SSL/TLS libraries.
+
+When Will This Happen
+
+ Note again that this is not a problem in curl, it doesn't solve any actual
+ technical problems in our project. Don't hold your breath for this to happen
+ very soon (if at all) unless you step forward and contribute.
+
+ The suggestion that is outlined above is still only a suggestion. Feel free
+ to bring a better idea!
+
+ Also, to keep in mind: I don't want this new concept to have too much of an
+ impact on the existing code. Preferably it should be possible to build the
+ code like today (without the use of lib2), should you decide to ignore the
+ problems outlined in this document.
+
+Footnotes
+
+ [1] = http://www.xfree86.org/3.3.6/COPYRIGHT2.html#6
+ [2] = http://www.fsf.org/licensing/essays/bsd.html
+ [3] = http://www.fsf.org/licensing/licenses/gpl.html
+ [4] = http://curl.haxx.se/docs/copyright.html
+ [5] = http://www.openssl.org/source/license.html
+ [6] = http://www.fsf.org/licensing/licenses/gpl.html end of section 3
+ [7] = http://www.fsf.org/licensing/licenses/lgpl.html
+ [8] = http://en.wikipedia.org/wiki/OpenSSL_exception
+
+Feedback/Updates provided by
+
+ Eric Cooper

docs/LICENSE-MIXING

@@ -27,29 +27,30 @@ libcurl http://curl.haxx.se/docs/copyright.html
 
 OpenSSL http://www.openssl.org/source/license.html
 
-        Uses an Original BSD-style license with an announement clause that
-        makes it "incompatible" with GPL. You are not allowed to ship binaries
-        that link with OpenSSL that includes GPL code (unless that specific
-        GPL code includes an exception for OpenSSL - a habit that is growing
-        more and more common). If OpenSSL's licensing is a problem for you,
-        consider using GnuTLS instead.
+        (May be used for SSL/TLS support) Uses an Original BSD-style license
+        with an announement clause that makes it "incompatible" with GPL. You
+        are not allowed to ship binaries that link with OpenSSL that includes
+        GPL code (unless that specific GPL code includes an exception for
+        OpenSSL - a habit that is growing more and more common). If OpenSSL's
+        licensing is a problem for you, consider using GnuTLS instead.
 
 GnuTLS  http://www.gnutls.org/
 
-        Uses the LGPL[3] license. If this is a problem for you, consider using
-        OpenSSL instead. Also note that GnuTLS itself depends on and uses
-        other libs (libgcrypt and libgpg-error) and they too are LGPL- or
-        GPL-licensed.
+        (May be used for SSL/TLS support) Uses the LGPL[3] license. If this is
+        a problem for you, consider using OpenSSL instead. Also note that
+        GnuTLS itself depends on and uses other libs (libgcrypt and
+        libgpg-error) and they too are LGPL- or GPL-licensed.
 
 c-ares  http://daniel.haxx.se/projects/c-ares/license.html
 
-        Uses an MIT license that is very liberal and imposes no restrictions
-        on any other library or part you may link with.
+        (Used for asynchronous name resolves) Uses an MIT license that is very
+        liberal and imposes no restrictions on any other library or part you
+        may link with.
 
 zlib    http://www.gzip.org/zlib/zlib_license.html
 
-        Uses an MIT-style license that shouldn't collide with any other
-        library.
+        (Used for compressed Transfer-Encoding support) Uses an MIT-style
+        license that shouldn't collide with any other library.
 
 krb4
 
@@ -59,33 +60,43 @@ krb4
         of the code in libcurl that is written to deal with Kerberos4 likewise
         have such a license.
 
-GSSAPI
+MIT Kerberos http://web.mit.edu/kerberos/www/dist/
 
-        While nothing in particular says that a GSS/Kerberos5 library must use
-        any particular license, the one I've used (Heimdal) is Original BSD-
-        licensed with the announcement clause.
+        (May be used for GSS support) MIT licensed, that shouldn't collide
+        with any other parts.
+
+Heimdal http://www.pdc.kth.se/heimdal/
+
+        (May be used for GSS support) Heimdal is Original BSD licensed with
+        the announcement clause.
+
+GNU GSS http://www.gnu.org/software/gss/
+
+        (May be used for GSS support) GNU GSS is GPL licensed. Note that you
+        may not distribute binary curl packages that uses this if you build
+        curl to also link and use any Original BSD licensed libraries!
 
 fbopenssl
 
-        Unclear license. Based on its name, I assume that it uses the OpenSSL
-        license and thus shares the same issues as described for OpenSSL
-        above.
+        (Used for SPNEGO support) Unclear license. Based on its name, I assume
+        that it uses the OpenSSL license and thus shares the same issues as
+        described for OpenSSL above.
 
 libidn  http://www.gnu.org/licenses/lgpl.html
 
-        Uses the GNU Lesser General Public License. LGPL is a variation of GPL
-        with slightly less aggressive "copyleft". This license requires more
-        requirements to be met when distributing binaries, see the license for
-        details. Also note that if you distribute a binary that includes this
-        library, you must also include the full LGPL license text. Please
-        properly point out what parts of the distributed package that the
-        license addresses.
+        (Used for IDNA support) Uses the GNU Lesser General Public
+        License. LGPL is a variation of GPL with slightly less aggressive
+        "copyleft". This license requires more requirements to be met when
+        distributing binaries, see the license for details. Also note that if
+        you distribute a binary that includes this library, you must also
+        include the full LGPL license text. Please properly point out what
+        parts of the distributed package that the license addresses.
 
 OpenLDAP http://www.openldap.org/software/release/license.html
 
-        Uses a Modified BSD-style license. Since libcurl uses OpenLDAP as a
-        shared library only, I have not heard of anyone that ships OpenLDAP
-        linked with libcurl in an app.
+        (Used for LDAP support) Uses a Modified BSD-style license. Since
+        libcurl uses OpenLDAP as a shared library only, I have not heard of
+        anyone that ships OpenLDAP linked with libcurl in an app.
 
 
 [1] = GPL - GNU General Public License: http://www.gnu.org/licenses/gpl.html

docs/Makefile.am

@@ -17,7 +17,7 @@ CLEANFILES = $(GENHTMLPAGES) $(PDFPAGES)
 EXTRA_DIST = MANUAL BUGS CONTRIBUTE FAQ FEATURES INTERNALS SSLCERTS	\
  README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS	\
  KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY INSTALL		\
- $(PDFPAGES) LICENSE-MIXING README.netware
+ $(PDFPAGES) LICENSE-MIXING README.netware DISTRO-DILEMMA
 
 MAN2HTML= roffit < $< >$@
 

docs/libcurl/curl_easy_setopt.3

@@ -233,6 +233,9 @@ perform operation will return the error code from this callback function.  Set
 the \fIparm\fP argument with the \fICURLOPT_SSL_CTX_DATA\fP option. This
 option was introduced in 7.11.0.
 
+This function will get called on all new connections made to a server, during
+the SSL negotiation. The SSL_CTX pointer will be a new one every time.
+
 \fBNOTE:\fP To use this properly, a non-trivial amount of knowledge of the
 openssl libraries is necessary. Using this function allows for example to use
 openssl callbacks to add additional validation code for certificates, and even

lib/hostthre.c

@@ -157,11 +157,119 @@ struct thread_data {
   FILE *stderr_file;
   HANDLE mutex_waiting;  /* marks that we are still waiting for a resolve */
   HANDLE event_resolved; /* marks that the thread obtained the information */
+  HANDLE event_thread_started; /* marks that the thread has initialized and
+                                  started */
+  HANDLE mutex_terminate; /* serializes access to flag_terminate */
+  HANDLE event_terminate; /* flag for thread to terminate instead of calling
+                             callbacks */
 #ifdef CURLRES_IPV6
   struct addrinfo hints;
 #endif
 };
 
+/* Data for synchronization between resolver thread and its parent */
+struct thread_sync_data {
+  HANDLE mutex_waiting;   /* thread_data.mutex_waiting duplicate */
+  HANDLE mutex_terminate; /* thread_data.mutex_terminate duplicate */
+  HANDLE event_terminate; /* thread_data.event_terminate duplicate */
+  char * hostname;        /* hostname to resolve, Curl_async.hostname
+                             duplicate */
+};
+
+/* Destroy resolver thread synchronization data */
+void destroy_thread_sync_data(struct thread_sync_data * tsd)
+{
+  if (tsd->hostname) {
+    free(tsd->hostname);
+    tsd->hostname = NULL;
+  }
+  if (tsd->event_terminate) {
+    CloseHandle(tsd->event_terminate);
+    tsd->event_terminate = NULL;
+  }
+  if (tsd->mutex_terminate) {
+    CloseHandle(tsd->mutex_terminate);
+    tsd->mutex_terminate = NULL;
+  }
+  if (tsd->mutex_waiting) {
+    CloseHandle(tsd->mutex_waiting);
+    tsd->mutex_waiting = NULL;
+  }
+}
+
+/* Initialize resolver thread synchronization data */
+BOOL init_thread_sync_data(struct thread_data * td,
+                           char * hostname,
+                           struct thread_sync_data * tsd)
+{
+  HANDLE curr_proc = GetCurrentProcess();
+
+  memset(tsd, 0, sizeof(tsd));
+  if (!DuplicateHandle(curr_proc, td->mutex_waiting,
+                       curr_proc, &tsd->mutex_waiting, 0, FALSE,
+                       DUPLICATE_SAME_ACCESS)) {
+    /* failed to duplicate the mutex, no point in continuing */
+    destroy_thread_sync_data(tsd);
+    return FALSE;
+  }
+  if (!DuplicateHandle(curr_proc, td->mutex_terminate,
+                       curr_proc, &tsd->mutex_terminate, 0, FALSE,
+                       DUPLICATE_SAME_ACCESS)) {
+    /* failed to duplicate the mutex, no point in continuing */
+    destroy_thread_sync_data(tsd);
+    return FALSE;
+  }
+  if (!DuplicateHandle(curr_proc, td->event_terminate,
+                       curr_proc, &tsd->event_terminate, 0, FALSE,
+                       DUPLICATE_SAME_ACCESS)) {
+    /* failed to duplicate the event, no point in continuing */
+    destroy_thread_sync_data(tsd);
+    return FALSE;
+  }
+  /* Copying hostname string because original can be destroyed by parent
+   * thread during gethostbyname execution.
+   */
+  tsd->hostname = strdup(hostname);
+  if (!tsd->hostname) {
+    /* Memory allocation failed */
+    destroy_thread_sync_data(tsd);
+    return FALSE;
+  }
+  return TRUE;
+}
+
+/* acquire resolver thread synchronization */
+BOOL acquire_thread_sync(struct thread_sync_data * tsd)
+{
+  /* is the thread initiator still waiting for us ? */
+  if (WaitForSingleObject(tsd->mutex_waiting, 0) == WAIT_TIMEOUT) {
+    /* yes, it is */
+
+    /* Waiting access to event_terminate */
+    if (WaitForSingleObject(tsd->mutex_terminate, INFINITE) != WAIT_OBJECT_0) {
+      /* Something went wrong - now just ignoring */
+    }
+    else {
+      if (WaitForSingleObject(tsd->event_terminate, 0) != WAIT_TIMEOUT) {
+        /* Parent thread signaled us to terminate.
+         * This means that all data in conn->async is now destroyed
+         * and we cannot use it.
+         */
+      }
+      else {
+        return TRUE;
+      }
+    }
+  }
+  return FALSE;
+}
+
+/* release resolver thread synchronization */
+void release_thread_sync(struct thread_sync_data * tsd)
+{
+  ReleaseMutex(tsd->mutex_terminate);
+}
+
 #if defined(CURLRES_IPV4)
 /*
  * gethostbyname_thread() resolves a name, calls the Curl_addrinfo4_callback
@@ -177,17 +285,13 @@ static unsigned __stdcall gethostbyname_thread (void *arg)
   struct hostent *he;
   int    rc = 0;
 
-  /* Duplicate the passed mutex handle.
+  /* Duplicate the passed mutex and event handles.
    * This allows us to use it even after the container gets destroyed
    * due to a resolver timeout.
    */
-  HANDLE mutex_waiting = NULL;
-  HANDLE curr_proc = GetCurrentProcess();
-
-  if (!DuplicateHandle(curr_proc, td->mutex_waiting,
-                       curr_proc, &mutex_waiting, 0, FALSE,
-                       DUPLICATE_SAME_ACCESS)) {
-    /* failed to duplicate the mutex, no point in continuing */
+  struct thread_sync_data tsd = {0};
+  if (!init_thread_sync_data(td, conn->async.hostname, &tsd)) {
+    /* thread synchronization data initialization failed */
     return -1;
   }
 
@@ -200,17 +304,18 @@ static unsigned __stdcall gethostbyname_thread (void *arg)
 #endif
 
   WSASetLastError (conn->async.status = NO_DATA); /* pending status */
-  he = gethostbyname (conn->async.hostname);
 
-  /* is the thread initiator still waiting for us ? */
-  if (WaitForSingleObject(mutex_waiting, 0) == WAIT_TIMEOUT) {
-    /* yes, it is */
+  /* Signaling that we have initialized all copies of data and handles we
+     need */
+  SetEvent(td->event_thread_started);
 
-    /* Mark that we have obtained the information, and that we are
-     * calling back with it.
-     */
+  he = gethostbyname (tsd.hostname);
+
+  /* is parent thread waiting for us and are we able to access conn members? */
+  if (acquire_thread_sync(&tsd)) {
+    /* Mark that we have obtained the information, and that we are calling
+     * back with it. */
     SetEvent(td->event_resolved);
-
     if (he) {
       rc = Curl_addrinfo4_callback(conn, CURL_ASYNC_SUCCESS, he);
     }
@@ -219,10 +324,11 @@ static unsigned __stdcall gethostbyname_thread (void *arg)
     }
     TRACE(("Winsock-error %d, addr %s\n", conn->async.status,
            he ? inet_ntoa(*(struct in_addr*)he->h_addr) : "unknown"));
+    release_thread_sync(&tsd);
   }
 
   /* clean up */
-  CloseHandle(mutex_waiting);
+  destroy_thread_sync_data(&tsd);
 
   return (rc);
   /* An implicit _endthreadex() here */
@@ -244,18 +350,15 @@ static unsigned __stdcall getaddrinfo_thread (void *arg)
   struct addrinfo    *res;
   char   service [NI_MAXSERV];
   int    rc;
+  struct addrinfo hints = td->hints;
 
   /* Duplicate the passed mutex handle.
    * This allows us to use it even after the container gets destroyed
    * due to a resolver timeout.
    */
-  HANDLE mutex_waiting = NULL;
-  HANDLE curr_proc = GetCurrentProcess();
-
-  if (!DuplicateHandle(curr_proc, td->mutex_waiting,
-                       curr_proc, &mutex_waiting, 0, FALSE,
-                       DUPLICATE_SAME_ACCESS)) {
-    /* failed to duplicate the mutex, no point in continuing */
+  struct thread_sync_data tsd = {0};
+  if (!init_thread_sync_data(td, conn->async.hostname, &tsd)) {
+    /* thread synchronization data initialization failed */
     return -1;
   }
 
@@ -267,15 +370,16 @@ static unsigned __stdcall getaddrinfo_thread (void *arg)
 
   WSASetLastError(conn->async.status = NO_DATA); /* pending status */
 
-  rc = getaddrinfo(conn->async.hostname, service, &td->hints, &res);
+  /* Signaling that we have initialized all copies of data and handles we
+     need */
+  SetEvent(td->event_thread_started);
 
-  /* is the thread initiator still waiting for us ? */
-  if (WaitForSingleObject(mutex_waiting, 0) == WAIT_TIMEOUT) {
-    /* yes, it is */
+  rc = getaddrinfo(tsd.hostname, service, &hints, &res);
 
-    /* Mark that we have obtained the information, and that we are
-     * calling back with it.
-     */
+  /* is parent thread waiting for us and are we able to access conn members? */
+  if (acquire_thread_sync(&tsd)) {
+    /* Mark that we have obtained the information, and that we are calling
+       back with it. */
     SetEvent(td->event_resolved);
 
     if (rc == 0) {
@@ -288,10 +392,11 @@ static unsigned __stdcall getaddrinfo_thread (void *arg)
       rc = Curl_addrinfo6_callback(conn, (int)WSAGetLastError(), NULL);
       TRACE(("Winsock-error %d, no address\n", conn->async.status));
     }
+    release_thread_sync(&tsd);
   }
 
   /* clean up */
-  CloseHandle(mutex_waiting);
+  destroy_thread_sync_data(&tsd);
 
   return (rc);
   /* An implicit _endthreadex() here */
@@ -311,6 +416,24 @@ void Curl_destroy_thread_data (struct Curl_async *async)
     struct thread_data *td = (struct thread_data*) async->os_specific;
     curl_socket_t sock = td->dummy_sock;
 
+    if (td->mutex_terminate && td->event_terminate) {
+      /* Signaling resolver thread to terminate */
+      if (WaitForSingleObject(td->mutex_terminate, INFINITE) == WAIT_OBJECT_0) {
+        SetEvent(td->event_terminate);
+        ReleaseMutex(td->mutex_terminate);
+      }
+      else {
+        /* Something went wrong - just ignoring it */
+      }
+    }
+
+    if (td->mutex_terminate)
+      CloseHandle(td->mutex_terminate);
+    if (td->event_terminate)
+      CloseHandle(td->event_terminate);
+    if (td->event_thread_started)
+      CloseHandle(td->event_thread_started);
+
     if (sock != CURL_SOCKET_BAD)
       sclose(sock);
 
@@ -341,6 +464,7 @@ static bool init_resolve_thread (struct connectdata *conn,
                                  const Curl_addrinfo *hints)
 {
   struct thread_data *td = calloc(sizeof(*td), 1);
+  HANDLE thread_and_event[2] = {0};
 
   if (!td) {
     SetLastError(ENOMEM);
@@ -381,6 +505,31 @@ static bool init_resolve_thread (struct connectdata *conn,
     SetLastError(EAGAIN);
     return FALSE;
   }
+  /* Create the mutex used to serialize access to event_terminated
+   * between us and resolver thread.
+   */
+  td->mutex_terminate = CreateMutex(NULL, FALSE, NULL);
+  if (td->mutex_terminate == NULL) {
+    Curl_destroy_thread_data(&conn->async);
+    SetLastError(EAGAIN);
+    return FALSE;
+  }
+  /* Create the event used to signal thread that it should terminate.
+   */
+  td->event_terminate = CreateEvent(NULL, TRUE, FALSE, NULL);
+  if (td->event_terminate == NULL) {
+    Curl_destroy_thread_data(&conn->async);
+    SetLastError(EAGAIN);
+    return FALSE;
+  }
+  /* Create the event used by thread to inform it has initialized its own data.
+   */
+  td->event_thread_started = CreateEvent(NULL, TRUE, FALSE, NULL);
+  if (td->event_thread_started == NULL) {
+    Curl_destroy_thread_data(&conn->async);
+    SetLastError(EAGAIN);
+    return FALSE;
+  }
 
   td->stderr_file = stderr;
 
@@ -406,6 +555,15 @@ static bool init_resolve_thread (struct connectdata *conn,
      Curl_destroy_thread_data(&conn->async);
      return FALSE;
   }
+  /* Waiting until the thread will initialize its data or it will exit due errors.
+   */
+  thread_and_event[0] = td->thread_hnd;
+  thread_and_event[1] = td->event_thread_started;
+  if (WaitForMultipleObjects(sizeof(thread_and_event) / sizeof(thread_and_event[0]), thread_and_event, FALSE, INFINITE) == WAIT_FAILED) {
+    /* The resolver thread has been created,
+     * most probably it works now - ignoring this "minor" error
+     */
+  }
   /* This socket is only to keep Curl_resolv_fdset() and select() happy;
    * should never become signalled for read/write since it's unbound but
    * Windows needs atleast 1 socket in select().

lib/msvcproj.head

@@ -42,8 +42,8 @@ RSC=rc.exe
 # PROP Intermediate_Dir "Release"
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
-# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "CURLLIB_EXPORTS" /YX /FD /c
-# ADD CPP /nologo /MT /W3 /GX /Zi /O2 /I "." /I "..\include" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "CURLLIB_EXPORTS" /D "_WINDLL" /FR /FD /c
+# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "BUILDING_LIBCURL" /YX /FD /c
+# ADD CPP /nologo /MT /W3 /GX /Zi /O2 /I "." /I "..\include" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "BUILDING_LIBCURL" /D "_WINDLL" /FR /FD /c
 # SUBTRACT CPP /YX
 # ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
 # ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
@@ -69,8 +69,8 @@ LINK32=link.exe
 # PROP Intermediate_Dir "Debug"
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
-# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "CURLLIB_EXPORTS" /YX /FD /GZ /c
-# ADD CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /I "." /I "..\include" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "CURLLIB_EXPORTS" /FR /FD /GZ /c
+# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "BUILDING_LIBCURL" /YX /FD /GZ /c
+# ADD CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /I "." /I "..\include" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "BUILDING_LIBCURL" /FR /FD /GZ /c
 # SUBTRACT CPP /WX /YX
 # ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
 # ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32

lib/urldata.h

@@ -98,12 +98,14 @@
 #include "hash.h"
 
 #ifdef HAVE_GSSAPI
-#ifdef HAVE_GSSMIT
-#include <gssapi/gssapi.h>
-#include <gssapi/gssapi_generic.h>
-#else
-#include <gssapi.h>
-#endif
+# ifdef HAVE_GSSGNU
+#  include <gss.h>
+# elif defined HAVE_GSSMIT
+#  include <gssapi/gssapi.h>
+#  include <gssapi/gssapi_generic.h>
+# else
+#  include <gssapi.h>
+# endif
 #endif
 
 /* Download buffer size, keep it fairly big for speed reasons */

tests/testcurl.pl

@@ -412,20 +412,23 @@ if ($configurebuild) {
 }
 
 sub findinpath {
-    my $c;
-    my $e;
-    my $p=$ENV{'PATH'};
-    my @pa = split(":", $p);
-    for $c (@_) {
-        for $e (@pa) {
-            if( -x "$e/$c") {
-                return $c;
-            }
-        }
+  my $c;
+  my $e;
+  my $x='';
+  $x='.exe' if ($^O eq 'MSWin32');
+  my $s=':';
+  $s=';' if ($^O eq 'MSWin32');
+  my $p=$ENV{'PATH'};
+  my @pa = split($s, $p);
+  for $c (@_) {
+    for $e (@pa) {
+      if( -x "$e/$c$x") {
+        return $c;
+      }
     }
+  }
 }
 
-
 my $make = findinpath("gmake", "make", "nmake");
 if(!$make) {
     mydie "Couldn't find make in the PATH";