7.18.1

132 - Xponaut's CURLFORM_STREAM option to curl_formadd()
I'm officially pushing the two remaining issues to the next release instead,
2008-03-30 09:11:35 +00:00 · 2008-03-30 09:08:40 +00:00 · 2008-03-30 09:07:08 +00:00 · 2008-03-28 18:19:11 +00:00 · 2008-03-27 23:13:57 +00:00 · 2008-03-27 23:10:24 +00:00
719 changed files with 49835 additions and 27430 deletions
--- a/2718
+++ b/2718
--- a/CHANGES.0
+++ b/CHANGES.0
--- a/CHANGES.1999
+++ b/CHANGES.1999
@@ -1,835 +0,0 @@
-Daniel (28 December 1999):
- - Tim Verhoeven correctly identified that curl
-   doesn't support URL formatted file names when getting ftp. Now, there's a
-   problem with getting very weird file names off FTP servers. RFC 959 defines
-   that the file name syntax to use should be the same as in the native OS of
-   the server. Since we don't know the peer server system we currently just
-   translate the URL syntax into plain letters. It is still better and with
-   the solaris 2.6-supplied ftp server it works with spaces in the file names.
-
-Daniel (27 December 1999):
- - When curl parsed cookies straight off a remote site, it corrupted the input
-   data, which, if the downloaded headers were stored made very odd characters
-   in the saved data. Correctly identified and reported by Paul Harrington.
-
-Daniel (13 December 1999):
- - General cleanups in the library interface. There had been some bad kludges
-   added during times of stress and I did my best to clean them off. It was
-   both regarding the lib API as well as include file confusions.
-
-Daniel (3 December 1999):
- - A small --stderr bug was reported by Eetu Ojanen...
-
- - who also brought the suggestion of extending the -X flag to ftp list as
-   well. So, now it is and the long option is now --request instead. It is
-   only for ftp list for now (and the former http stuff too of course).
-
-Lars J. Aas (24 November 1999):
- - Patched curl to compile and build under BeOS. Doesn't work yet though!
-
- - Corrected the Makefile.am files to allow putting object files in
-   different directories than the sources.
-
-Version 6.3.1
-
-Daniel (23 November 1999):
- - I've had this major disk crash. My good old trust-worthy source disk died
-   along with the machine that hosted it. Thank goodness most of all the
-   things I've done are either backed up elsewhere or stored in this CVS
-   server!
-
- - Michael S. Steuer pointed out a bug in the -F handling
-   that made curl hang if you posted an empty variable such as '-F name='. It
-   was one of those old bugs that never have worked properly...
-
- - Jason Baietto pointed out a general flaw in the HTTP
-   download. Curl didn't complain if it was prematurely aborted before the
-   entire download was completed. It does now.
-
-Daniel (19 November 1999):
- - Chris Maltby very accurately criticized the lack of
-   return code checks on the fwrite() calls. I did a thorough check for all
-   occurrences and corrected this.
-
-Daniel (17 November 1999):
- - Paul Harrington pointed out that the -m/--max-time option
-   doesn't work for the slow system calls like gethostbyname()... I don't have
-   any good fix yet, just a slightly less bad one that makes curl exit hard
-   when the timeout is reached.
-
- - Bjorn Reese helped me point out a possible problem that might be the reason
-   why Thomas Hurst experience problems in his Amiga version.
-
- Daniel (12 November 1999):
- - I found a crash in the new cookie file parser. It crashed when you gave
-   a plain http header file as input...
-
-Version 6.3
-
- Daniel (10 November 1999):
- - I kind of found out that the HTTP time-conditional GETs (-z) aren't always
-   respected by the web server and the document is therefore sent in whole
-   again, even though it doesn't match the requested condition. After reading
-   section 13.3.4 of RFC 2616, I think I'm doing the right thing now when I do
-   my own check as well. If curl thinks the condition isn't met, the transfer
-   is aborted prematurely (after all the headers have been received).
-
- - After comments from Robert Linden I also rewrote some parts of the man page
-   to better describe how the -F works.
-
- - Michael Anti put up a new curl download mirror in
-   China:  http://www.pshowing.com/curl/
-
- - I added the list of download mirrors to the README file
-
- - I did add more explanations to the man page
-
- Daniel (8 November 1999):
- - I made the -b/--cookie option capable of reading netscape formatted cookie
-   files as well as normal http-header files. It should be able to
-   transparently figure out what kind of file it got as input.
-
- Daniel (29 October 1999):
- - Another one of Sebastiaan van Erk's ideas (that has been requested before
-   but I seem to have forgotten who it was), is to add support for ranges in
-   FTP downloads. As usual, one request is just a request, when they're two
-   it is a demand. I've added simple support for X-Y style fetches. X has to
-   be the lower number, though you may omit one of the numbers. Use the -r/
-   --range switch (previously HTTP-only).
-
- - Sebastiaan van Erk suggested that curl should be
-   able to show the file size of a specified file. I think this is a splendid
-   idea and the -I flag is now working for FTP. It displays the file size in
-   this manner:
-        Content-Length: XXXX
-   As it resembles normal headers, and leaves us the opportunity to add more
-   info in that display if we can come up with more in the future! It also
-   makes sense since if you access ftp through a HTTP proxy, you'd get the
-   file size the same way.
-
-   I changed the order of the QUOTE command executions. They're now executed
-   just after the login and before any other command. I made this to enable
-   quote commands to run before the -I stuff is done too.
-
- - I found out that -D/--dump-header and -V/--version weren't documented in
-   the man page.
-
- - Many HTTP/1.1 servers do not support ranges. Don't ask me why. I did add
-   some text about this in the man page for the range option. The thread in
-   the mailing list that started this was initiated by Michael Anti.
-
- - I get reports about nroff crashes on solaris 2.6+ when displaying the curl
-   man page. Switch to gnroff instead, it is reported to work(!). Adam Barclay
-   reported and brought the suggestion.
-
- - In a dialogue with Johannes G. Kristinsson we came
-   up with the idea to let -H/--header specified headers replace the
-   internally generated headers, if you happened to select to add a header
-   that curl normally uses by itself. The advantage with this is not entirely
-   obvious, but in Johannes' case it means that he can use another Host: than
-   the one curl would set.
-
- Daniel (27 October 1999):
- - Jongki Suwandi brought a nice patch for (yet another) crash when following
-   a location:. This time you had to follow a https:// server's redirect to
-   get the core.
-
-Version 6.2
-
- Daniel (21 October 1999):
- - I think I managed to remove the suspicious (nil) that has been seen just
-   before the "Host:" in HTTP requests when -v was used.
- - I found out that if you followed a location: when using a proxy, without
-   having specified http:// in the URL, the protocol part was added once again
-   when moving to the next URL! (The protocol part has to be added to the
-   URL when going through a proxy since it has no protocol-guessing system
-   such as curl has.)
- - Benjamin Ritcey reported a core dump under solaris 2.6
-   with OpenSSL 0.9.4. It turned out this was due to a bad free() in main.c
-   that occurred after the download was done and completed.
- - Benjamin found ftp downloads to show the first line of the download meter
-   to get written twice, and I removed that problem. It was introduced with
-   the multiple URL support.
- - Dan Zitter correctly pointed out that curl 6.1 and earlier versions didn't
-   honor RFC 2616 chapter 4 section 2, "Message Headers": "...Field names are
-   case-insensitive..."  HTTP header parsing assumed a certain casing. Dan
-   also provided me with a patch that corrected this, which I took the liberty
-   of editing slightly.
- - Dan Zitter also provided a nice patch for config.guess to better recognize
-   the Mac OS X
- - Dan also corrected a minor problem in the lib/Makefile that caused linking
-   to fail on OS X.
-
- Daniel (19 October 1999):
- - Len Marinaccio came up with some problems with curl.  Since Windows has a
-   crippled shell, it can't redirect stderr and that causes trouble. I added
-   --stderr today which allows the user to redirect the stderr stream to a
-   file or stdout.
-
- Daniel (18 October 1999):
- - The configure script now understands the '--without-ssl' flag, which now
-   totally disable SSL/https support. Previously it wasn't possible to force
-   the configure script to leave SSL alone. The previous functionality has
-   been retained. Troy Engel helped test this new one.
-
-Version 6.1
-
- Daniel (17 October 1999):
- - I ifdef'ed or commented all the zlib stuff in the sources and configure
-   script. It turned out we needed to mock more with zlib than I initially
-   thought, to make it capable of downloading compressed HTTP documents and
-   uncompress them on the fly. I didn't mean the zlib parts of curl to become
-   more than minor so this means I halt the zlib expedition for now and wait
-   until someone either writes the code or zlib gets updated and better
-   adjusted for this kind of usage.  I won't get into details here, but a
-   short a summary is suitable:
-   - zlib can't automatically detect whether to use zlib or gzip
-     decompression methods.
-   - zlib is very neat for reading gzipped files from a file descriptor,
-     although not as nice for reading buffer-based data such as we would
-     want it.
-   - there are still some problems with the win32 version when reading from
-     a file descriptor if that is a socket
-
- Daniel (14 October 1999):
- - Moved the (external) include files for libcurl into a subdirectory named
-   curl and adjusted all #include lines to use <curl/XXXX> to maintain a
-   better name space and control of the headers. This has been requested.
-
- Daniel (12 October 1999):
- - I modified the 'maketgz' script to perform a 'make' too before a release
-   archive is put together in an attempt to make the time stamps better and
-   hopefully avoid the double configure-running that use to occur.
-
- Daniel (11 October 1999):
- - Applied J<>rn's patches that fixes zlib for mingw32 compiles as well as
-   some other missing zlib #ifdef and more text on the multiple URL docs in
-   the man page.
-
-Version 6.1beta
-
- Daniel (6 October 1999):
- - Douglas E. Wegscheid sent me a patch that made the exact same thing as I
-   just made: the -d switch is now capable of reading post data from a named
-   file or stdin.  Use it similarly to the -F. To read the post data from a
-   given file:
-
-        curl -d @path/to/filename www.postsite.com
-
-   or let curl read it out from stdin:
-
-        curl -d @- www.postit.com
-
- J<>rn Hartroth (3 October 1999):
- - Brought some more patches for multiple URL functionality. The MIME
-   separation ideas are almost scrapped now, and a custom separator is being
-   used instead. This is still compile-time "flagged".
-
- Daniel
- - Updated curl.1 with multiple URL info.
-
- Daniel (30 September 1999):
- - Felix von Leitner brought openssl-check fixes for configure.in to work
-   out-of-the-box when the openssl files are installed in the system default
-   dirs.
-
- Daniel (28 September 1999)
- - Added libz functionality. This should enable decompressing gzip, compress
-   or deflate encoding HTTP documents. It also makes curl send an accept that
-   it accepts that kind of encoding. Compressed contents usually shortens
-   download time. I *need* someone to tell me a site that uses compressed HTTP
-   documents so that I can test this out properly.
-
- - As a result of the adding of zlib awareness, I changed the version string
-   a little. I plan to add openldap version reporting in there too.
-
- Daniel (17 September 1999)
- - Made the -F option allow stdin when specifying files. By using '-' instead
-   of file name, the data will be read from stdin.
-
-Version 6.0
-
- Daniel (13 September 1999)
- - Added -X/--http-request <request> to enable any HTTP command to be sent.
-   Do not that your server has to support the exact string you enter. This
-   should possibly a string like DELETE or TRACE.
-
- - Applied Douglas' mingw32-fixes for the makefiles.
-
- Daniel (10 September 1999)
- - Douglas E. Wegscheid pointed out a problem. Curl didn't check the FTP
-   servers return code properly after the --quote commands were issued. It
-   took anything non 200 as an error, when all 2XX codes should be accepted as
-   OK.
-
- - Sending cookies to the same site in multiple lines like curl used to do
-   turned out to be bad and breaking the cookie specs. Curl now sends all
-   cookies on a single Cookie: line. Curl is not yet RFC 2109 compliant, but I
-   doubt that many servers do use that syntax (yet).
-
- Daniel (8 September 1999)
- - J<>rn helped me make sure it still compiles nicely with mingw32 under win32.
-
- Daniel (7 September 1999)
- - FTP upload through proxy is now turned into a HTTP PUT. Requested by
-   Stefan Kanthak.
-
- - Added the ldap files to the .m32 makefile.
-
- Daniel (3 September 1999)
- - Made cookie matching work while using HTTP proxy.
-
- Bjorn Reese (31 August 1999)
- - Passed his ldap:// patch. Note that this requires the openldap shared
-   library to be installed and that LD_LIBRARY_PATH points to the
-   directory where the lib will be found when curl is run with a
-   ldap:// URL.
-
- J<>rn Hartroth (31 August 1999)
- - Made the Mingw32 makefiles into single files.
- - Made file:// work for Win32. The same code is now used for unix as well for
-   performance reasons.
-
- Douglas E. Wegscheid (30 August 1999)
- - Patched the Mingw32 makefiles for SSL builds.
-
- Matthew Clarke (30 August 1999)
- - Made a cool patch for configure.in to allow --with-ssl to specify the
-   root dir of the openssl installation, as in
-
-        ./configure --with-ssl=/usr/ssl_here
-
- - Corrected the 'reconf' script to work better with some shells.
-
- J<>rn Hartroth (26 August 1999)
- - Fixed the Mingw32 makefiles in lib/ and corrected the file.c for win32
-   compiles.
-
-Version 5.11
-
- Daniel (25 August 1999)
- - John Weismiller pointed out a bug in the header-line
-   realloc() system in download.c.
-
- - I added lib/file.[ch] to offer a first, simple, file:// support. It
-   probably won't do much good on win32 system at this point, but I see it
-   as a start.
-
- - Made the release archives get a Makefile in the root dir, which can be
-   used to start the compiling/building process easier. I haven't really
-   changed any INSTALL text yet, I wanted to get some feed-back on this
-   first.
-
- Daniel (17 August 1999)
- - Another Location: bug. Curl didn't do proper relative locations if the
-   original URL had cgi-parameters that contained a slash. Nusu's page
-   again.
-
- - Corrected the NO_PROXY usage. It is a list of substrings that if one of
-   them matches the tail of the host name it should connect to, curl should
-   not use a proxy to connect there. Pointed out to me by Douglas
-   E. Wegscheid.  I also changed the README text a little regarding this.
-
- Daniel (16 August 1999)
- - Fixed a memory bug with http-servers that sent Location: to a Location:
-   page. Nusu's page showed this too.
-
- - Made cookies work a lot better. Setting the same cookie name several times
-   used to add more cookies instead of replacing the former one which it
-   should've. Nusu <nus at intergorj.ro> brought me an URL that made this
-   painfully visible...
-
- Troy (15 August 1999)
- - Brought new .spec files as well as a patch for configure.in that lets the
-   configure script find the openssl files better, even when the include
-   files are in /usr/include/openssl
-
-Version 5.10
-
- Daniel (13 August 1999)
- - SSL_CTX_set_default_passwd_cb() has been modified in the 0.9.4 version of
-   OpenSSL. Now why couldn't they simply add a *new* function instead of
-   modifying the parameters of an already existing function? This way, we get
-   a compiler warning if compiling with 0.9.4 but not with earlier. So, I had
-   to come up with a #if construction that deals with this...
-
- - Made curl output the SSL version number get displayed properly with 0.9.4.
-
- Troy (12 August 1999)
- - Added MingW32 (GCC-2.95) support under Win32. The INSTALL file was also
-   a bit rearranged.
- 
- Daniel (12 August 1999)
- - I had to copy a good <arpa/telnet.h> include file into the curl source
-   tree to enable the silly win32 systems to compile. The distribution rights
-   allows us to do that as long as the file remains unmodified.
-
- - I corrected a few minor things that made the compiler complain when
-   -Wall -pedantic was used.
-
- - I'm moving the official curl web page to http://curl.haxx.nu. I think it
-   will make it easier to remember as it is a lot shorter and less cryptic.
-   The old one still works and shows the same info.
-
- Daniel (11 August 1999)
- - Albert Chin-A-Young mailed me another correction for NROFF in the
-   configure.in that is supposed to be better for IRIX users.
-
- Daniel (10 August 1999)
- - Albert Chin-A-Young helped me with some stupid Makefile things, as well as
-   some fiddling with the getdate.c stuff that he had problems with under
-   HP-UX v10. getdate.y will now be compiled into getdate.c if the appropriate
-   yacc or bison is found by the configure script. Since this is slightly new,
-   we need to test the output getdate.c with win32 systems to make sure it
-   still compiles there.
-
- Daniel (5 August 1999)
- - I've just setup a new mailing list with the intention to keep discussions
-   around libcurl development in it. I mainly expect it to be for thoughts and
-   brainstorming around a "next generation" library, rather than nitpicking
-   about the current implementation or details in the current libcurl.
-
-   To join our happy bunch of future-looking geeks, enter 'subscribe
-   <address>' in the body of a mail and send it to
-   libcurl-request@listserv.fts.frontec.se.  Curl bug reports, the usual curl
-   talk and everything else should still be kept in this mailing list. I've
-   started to archive this mailing list and have put the libcurl web page at
-   www.fts.frontec.se/~dast/libcurl/.
-
- - Stefan Kanthak contacted me regarding a few problems in the configure
-   script which he discovered when trying to make curl compile and build under
-   Siemens SINIX-Z V5.42B2004!
-
- - Marcus Klein very accurately informed me that src/version.h was not present
-   in the CVS repository. Oh, how silly...
-
- - Linus Nielsen rewrote the telnet:// part and now curl offers limited telnet
-   support. If you run curl like 'curl telnet://host' you'll get all output on
-   the screen and curl will read input from stdin. You'll be able to login and
-   run commands etc, but since the output is buffered, expect to get a little
-   weird output.
-
-   This is still in its infancy and it might get changed. We need your
-   feed-back and input in how this is best done.
-
-   WIN32 NOTE: I bet we'll get problems when trying to compile the current
-   lib/telnet.c on win32, but I think we can sort them out in time.
-
- - David Sanderson reported that FORCE_ALLOCA_H or HAVE_ALLOCA_H must be
-   defined for getdate.c to compile properly on HP-UX 11.0. I updated the
-   configure script to check for alloca.h which should make it.
-
- Daniel (4 August 1999)
- - I finally got to understand Marcus Klein's ftp download resume problem,
-   which turns out to be due to different outputs from different ftp
-   servers. It makes ftp download resuming a little trickier, but I've made
-   some modifications I really believe will work for most ftp servers and I do
-   hope you report if you have problems with this!
-
- - Added text about file transfer resuming to README.curl.
-
- Daniel (2 August 1999)
- - Applied a progress-bar patch from Lars J. Aas. It offers
-   a new styled progress bar enabled with -#/--progress-bar. 
-
- T. Yamada <tai at imasy.or.jp> (30 July 1999)
- - It breaks with segfault when 1) curl is using .netrc to obtain
-   username/password (option '-n'), and 2) is automatically redirected to
-   another location (option '-L').
-
-   There is a small bug in lib/url.c (block starting from line 641), which
-   tries to take out username/password from user- supplied command-line
-   argument ('-u' option). This block is never executed on first attempt since
-   CONF_USERPWD bit isn't set at first, but curl later turns it on when it
-   checks for CONF_NETRC bit. So when curl tries to redo everything due to
-   redirection, it segfaults trying to access *data->userpwd.
-
-Version 5.9.1
-
- Daniel (30 July 1999)
- - Steve Walch pointed out that there is a memory leak in the formdata
-   functions. I added a FormFree() function that is now used and supposed to
-   correct this flaw.
-
- - Mark Wotton reported:
-   'curl -L https://www.cwa.com.au/' core dumps.  I managed to cure this by
-   correcting the cleanup procedure. The bug seems to be gone with my OpenSSL
-   0.9.2b, although still occurs when I run the ~100 years old SSLeay 0.8.0. I
-   don't know whether it is curl or SSLeay that is to blame for that.
-
- - Marcus Klein:
-   Reported an FTP upload resume bug that I really can't repeat nor understand.
-   I leave it here so that it won't be forgotten.
-
- Daniel (29 July 1999)
- - Costya Shulyupin suggested support for longer URLs when following Location:
-   and I could only agree and fix it!
-
- - Leigh Purdie found a problem in the upload/POST department. It turned out
-   that http.c accidentaly cleared the pointer instead of the byte counter
-   when supposed to.
-
- - Costya Shulyupin pointed out a problem with port numbers and Location:. If
-   you had a server at a non-standard port that redirected to an URL using a
-   standard port number, curl still used that first port number.
-
- - Ralph Beckmann pointed out a problem when using both CONF_FOLLOWLOCATION
-   and CONF_FAILONERROR simultaneously. Since the CONF_FAILONERROR exits on
-   the 302-code that the follow location header outputs it will never show any
-   html on location: pages. I have now made it look for >=400 codes if
-   CONF_FOLLOWLOCATION is set.
-
- - 'struct slist' is now renamed to 'struct curl_slist' (as suggested by Ralph
-   Beckmann).
-
- - Joshua Swink and Rick Welykochy were the first to point out to me that the
-   latest OpenSSL package now have moved the standard include path. It is now
-   in /usr/local/ssl/include/openssl and I have now modified the --enable-ssl
-   option for the configure script to use that as the primary path, and I
-   leave the former path too to work with older packages of OpenSSL too.
-
- Daniel (9 June 1999)
- - I finally understood the IRIX problem and now it seem to compile on it!
-   I am gonna remove those #define strcasecmp() things once and for all now.
-
- Daniel (4 June 1999)
- - I adjusted the FTP reply 227 parser to make the PASV command work better
-   with more ftp servers. Appearantly the Roxen Challanger server replied
-   something curl 5.9 could deal with! :-( Reported by Ashley Reid-Montanaro
-   and Mark Butler brought a solution for it.
-
- Daniel (26 May 1999)
- - Rearranged. README is new, the old one is now README.curl and I added a
-   README.libcurl with text I got from Ralph Beckmann.
-
- - I also updated the INSTALL text.
-
- Daniel (25 May 1999)
- - David Jonathan Lowsky correctly pointed out that curl didn't properly deal
-   with form posting where the variable shouldn't have any content, as in curl
-   -F "form=" www.site.com. It was now fixed.
-
-Version 5.9
-
- Daniel (22 May 1999)
- - I've got a bug report from Aaron Scarisbrick in which he states he has some
-   problems with -L under FreeBSD 3.0. I have previously got another bug
-   report from Stefan Grether which points at an error with similar sympthoms
-   when using win32. I made the allocation of the new url string a bit faster
-   and different, don't know if it actually improves anything though...
-
- Daniel (20 May 1999)
- - Made the cookie parser deal with CRLF newlines too.
-
- Daniel (19 May 1999)
- - Download() didn't properly deal with failing return codes from the sread()
-   function. Adam Coyne found the problem in the win32 version, and Troy Engel
-   helped me out isolating it.
-
- Daniel (16 May 1999)
- - Richard Adams pointed out a bug I introduced in 5.8. --dump-header doesn't
-   work anymore! :-/ I fixed it now.
-
- - After a suggestion by Joshua Swink I added -S / --show-error to force curl
-   to display the error message in case of an error, even if -s/--silent was
-   used.
-
- Daniel (10 May 1999)
- - I moved the stuff concerning HTTP, DICT and TELNET it their own source
-   files now. It is a beginning on my clean-up of the sources to make them
-   layer all those protocols better to enable more to be added easier in the
-   future!
-
- - Leon Breedt sent me some files I've not put into the main curl
-   archive. They're for creating the Debian package thingie. He also sent me a
-   debian package that I've made available for download at the web page
-
- Daniel (9 May 1999)
- - Made it compile on cygwin too.
-
- Troy Engel (7 May 1999)
- - Brought a series of patches to allow curl to compile smoothly on MSVC++ 6
-   again!
-
- Daniel (6 May 1999)
- - I changed the #ifdef HAVE_STRFTIME placement for the -z code so that it
-   will be easier to discover systems that don't have that function and thus
-   can't use -z successfully. Made the strftime() get used if WIN32 is defined
-   too.
-
-Version 5.8
-
- Daniel (5 May 1999)
- - I've had it with this autoconf/automake mess. It seems to work allright
-   for most people who don't have automake installed, but for those who have
-   there are problems all over.
-
-   I've got like five different bug reports on this only the last
-   week... Claudio Neves and Federico Bianchi and root <duggerj001 at
-   hawaii.rr.com> are some of them reporting this.
-
-   Currently, I have no really good fix since I want to use automake myself to
-   generate the Makefile.in files. I've found out that the @SHELL@-problems
-   can often be fixed by manually invoking 'automake' in the archive root
-   before you run ./configure... I've hacked my maketgz script now to fiddle
-   a bit with this and my tests seem to work better than before at least!
-
- Daniel (4 May 1999)
- - mkhelp.pl has been doing badly lately. I corrected a case problem in
-   the regexes.
-
- - I've now remade the -o option to not touch the file unless it needs to.
-   I had to do this to make -z option really fine, since now you can make a
-   curl fetch and use a local copy's time when downloading to that file, as
-   in:
-
-        curl -z dump -o dump remote.site.com/file.html
-
-   This will only get the file if the remote one is newer than the local.
-   I'm aware that this alters previous behaviour a little. Some scripts out
-   there may depend on that the file is always touched...
-
- - Corrected a bug in the SSLv2/v3 selection.
-
- - Felix von Leitner requested that curl should be able to send
-   "If-Modified-Since" headers, which indeed is a fair idea.  I implemented it
-   right away! Try -z <expression> where expression is a full GNU date
-   expression or a file name to get the date from!
-
- Stephan Lagerholm (30 Apr 1999)
- - Pointed out a problem with the src/Makefile for FreeBSD. The RM variable
-   isn't set and causes the make to fail.
-
- Daniel (26 April 1999)
- - Am I silly or what? Irving Wolfe pointed out to me that the curl version
-   number was not set properly. Hasn't been since 5.6. This was due to a bug
-   in my maketgz script!
-
- David Eriksson (25 Apr 1999)
- - Found a bug in cookies.c that made it crash at times.
-
-Version 5.7.1
-
- Doug Kaufman (23 Apr 1999)
- - Brought two sunos 4 fixes. One of them being the hostip.c fix mentioned
-   below and the other one a correction in include/stdcheaders.h
-
- - Added a paragraph about compiling with the US-version of openssl to the
-   INSTALL file.
-
- Daniel
- - New mailing list address. Info updated on the web page as well as in the
-   README file
-
- Greg Onufer (20 Apr 1999)
- - hostip.c didn't compile properly on SunOS 5.5.1.
-   It needs an #include <sys/types.h>
-
-Version 5.7
-
- Daniel (Apr 20 1999)
- - Decided to upload a non-beta version right now!
-
- - Made curl support any-length HTTP headers. The destination buffer is now
-   simply enlarged every time it turns out to be too small!
-
- - Added the FAQ file to the archive. Still a bit smallish, but it is a
-   start.
-
- Eric Thelin (15 Apr 1999)
- - Made -D accept '-' instead of filename to write to stdout.
-
-Version 5.6.3beta
-
- Daniel (Apr 12 1999)
-
- - Changed two #ifdef WIN32 to better #ifdef <errorcode> when connect()ing
-   in url.c and ftp.c. Makes cygwin32 deal with them better too. We should
-   try to get some decent win32-replacement there. Anyone?
-
- - The old -3/--crlf option is now ONLY --crlf!
-
- - I changed the "SSL fix" to a more lame one, but that doesn't remove as
-   much functionality. Now I've enabled the lib to select what SSL version it
-   should try first. Appearantly some older SSL-servers don't like when you
-   talk v3 with them so you need to be able to force curl to talk v2 from the
-   start. The fix dated April 6 and posted on the mailing list forced curl to
-   use v2 at all times using a modern OpenSSL version, but we don't really
-   want such a crippled solution.
- 
- - Marc Boucher sent me a patch that corrected a math error for the
-   "Curr.Speed" progress meter.
-
- - Eric Thelin sent me a patch that enables '-K -' to read a config file from
-   stdin.
-
- - I found out we didn't close the file properly before so I added it!
-
- Daniel (Apr 9 1999)
- - Yu Xin pointed out a problem with ftp download resume.  It didn't work at
-   all! ;-O
-
- Daniel (Apr 6 1999)
- - Corrected the version string part generated for the SSL version.
-
- - I found a way to make some other SSL page work with openssl 0.9.1+ that
-   previously didn't (ssleay 0.8.0 works with it though!). Trying to get
-   some real info from the OpenSSL guys to see how I should do to behave the
-   best way. SSLeay 0.8.0 shouldn't be that much in use anyway these days!
-
-Version 5.6.2beta
-
- Daniel (Apr 4 1999)
- - Finally have curl more cookie "aware". Now read carefully. This is how
-   it works.
-   To make curl read cookies from an already existing file, in plain header-
-   format (like from the headers of a previous fetch) invoke curl with the
-   -b flag like:
-
-        curl -b file http://site/foo.html
-
-   Curl will then use all cookies it finds matching. The old style that sets
-   a single cookie with -b is still supported and is used if the string
-   following -b includes a '=' letter, as in "-b name=daniel".
-
-   To make curl read the cookies sent in combination with a location: (which
-   sites often do) point curl to read a non-existing file at first (i.e
-   to start with no existing cookies), like:
-
-        curl -b nowhere http://site/setcookieandrelocate.html
-
- - Added a paragraph in the TODO file about the SSL problems recently
-   reported. Evidently, some kind of SSL-problem curl may need to address.
-
- - Better "Location:" following.
-
- Douglas E. Wegscheid (Tue, 30 Mar 1999)
- - A subsecond display patch.
-
- Daniel (Mar 14 1999)
- - I've separated the version number of libcurl and curl now. To make
-   things a little easier, I decided to start the curl numbering from
-   5.6 and the former version number known as "curl" is now the one
-   set for libcurl.
-
- - Removed the 'enable-no-pass' from configure, I doubt anyone wanted
-   that.
-
- - Made lots of tiny adjustments to compile smoothly with cygwin under
-   win32. It's a killer for porting this to win32, bye bye VC++! ;-)
-   Compiles and builds out-of-the-box now. See the new wordings in
-   INSTALL for details.
-
- - Beginning experiments with downloading multiple document from a http
-   server while remaining connected.
-
-Version 5.6beta
-
- Daniel (Mar 13 1999)
- - Since I've changed so much, I thought I'd just go ahead and implement the
-   suggestion from Douglas E. Wegscheid. -D or --dump-header is now storing
-   HTTP headers separately in the specified file.
-
- - Added new text to INSTALL on what to do to build this on win32 now.
-
- - Aaargh. I had to take a step back and prefix the shared #include files
-   in the sources with "../include/" to please VC++...
-
- Daniel (Mar 12 1999)
- - Split the url.c source into many tiny sources for better readability
-   and smaller size.
-
- Daniel (Mar 11 1999)
- - Started to change stuff for a move to make libcurl and a more separate
-   curl application that uses the libcurl. Made the libcurl sources into
-   the new lib directory while the curl application will remain in src as
-   before. New makefiles, adjusted configure script and so.
-
-   libcurl.a built quickly and easily. I better make a better interface to
-   the lib functions though.
-
-   The new root dir include/ is supposed to contain the public information
-   about the new libcurl. It is a little ugly so far :-)
-
-
- Daniel (Mar 1 1999)
- - Todd Kaufmann sent me a good link to Netscape's cookie spec as well as the
-   info that RFC 2109 specifies how to use them.  The link is now in the
-   README and the RFC in the RESOURCES.
-
- Daniel (Feb 23 1999)
- - Finally made configure accept --with-ssl to look for SSL libs and includes
-   in the "standard" place /usr/local/ssl...
-
- Daniel (Feb 22 1999)
- - Verified that curl linked fine with OpenSSL 0.9.1c which seems to be
-   the most recent.
-
- Henri Gomez (Fri Feb  5 1999)
- - Sent in an updated curl-ssl.spec. I still miss the script that builds an
-   RPM automatically...
-
-Version 5.5.1
-
- Mark Butler (27 Jan 1999)
- - Corrected problems in Download().
-
- Danitel Stenberg (25 Jan 1999)
- - Jeremie Petit pointed out a few flaws in the source that prevented it from
-   compile warning free with the native compiler under Digital Unix v4.0d.
-
-Version 5.5
-
- Daniel Stenberg (15 Jan 1999)
- - Added Bjorns small text to the README about the DICT protocol.
-
- Daniel Stenberg (11 Jan 1999)
- - <jswink at softcom.net> reported about the win32-versioin: "Doesn't use
-   ALL_PROXY environment variable". Turned out to be because of the static-
-   buffer nature of the win32 environment variable calls!
-
- Bjorn Reese (10 Jan 1999)
- - I have attached a simple addition for the DICT protocol (RFC 2229).
-   It performs dictionary lookups. The output still needs to be better
-   formatted.
-
-   To test it try (the exact format, and more examples are described in
-   the RFC)
-
-        dict://dict.org/m:hello
-        dict://dict.org/m:hello::soundex
-
-
- Vicente Garcia (10 Jan 1999)
- - Corrected the progress meter for files larger than 20MB.
-
- Daniel Stenberg (7 Jan 1999)
- - Corrected the -t and -T help texts. They claimed to be FTP only.
-
-Version 5.4
-
- Daniel Stenberg
- (7 Jan 1999)
- - Irving Wolfe reported that curl -s didn't always supress the progress
-   reporting. It was the form post that autoamtically always switched it on
-   again. This is now corrected!
-
- (4 Jan 1999)
- - Andreas Kostyrka suggested I'd add PUT and he helped me out to test it. If
-   you use -t or -T now on a http or https server, PUT will be used for file
-   upload.
-
-   I removed the former use of -T with HTTP. I doubt anyone ever really used
-   that.
-
- (4 Jan 1999)
- - Erik Jacobsen found a width bug in the mprintf() function.  I corrected it
-   now.
-
- (4 Jan 1999)
- - As John V. Chow pointed out to me, curl accepted very limited URL sizes. It
-   should now accept path parts that are up to at least 4096 bytes.
-
- - Somehow I screwed up when applying the AIX fix from Gilbert Ramirez, so
-   I redid that now.
-
--- a/CHANGES.2000
+++ b/CHANGES.2000
--- a/CHANGES.2001
+++ b/CHANGES.2001
--- a/CHANGES.2002
+++ b/CHANGES.2002
--- a/CHANGES.2003
+++ b/CHANGES.2003
--- a/CHANGES.2004
+++ b/CHANGES.2004
--- a/CHANGES.2005
+++ b/CHANGES.2005
--- a/2
+++ b/2
@@ -1,6 +1,6 @@
 COPYRIGHT AND PERMISSION NOTICE

-Copyright (c) 1996 - 2007, Daniel Stenberg, <daniel@haxx.se>.
+Copyright (c) 1996 - 2008, Daniel Stenberg, <daniel@haxx.se>.

 All rights reserved.

--- a/9
+++ b/9
@@ -12,8 +12,8 @@ inner sanctum.

 Compile and build instructions follow below.

-  CHANGES.0     contains ancient changes.
-  CHANGES.$year contains changes for the particular year.
+  CHANGES.0     contains ancient changes
+  CHANGES       contains the most recent changes

  Makefile.dist is included as the root Makefile in distribution archives

@@ -49,9 +49,8 @@ installed:

   If you don't have nroff and perl and you for some reason don't want to
   install them, you can rename the source file src/hugehelp.c.cvs to
-   src/hugehelp.c and avoid having to generate this file. This will of course
-   give you an older version of the file that isn't up-to-date. That file was
-   checked in once and won't be updated very regularly.
+   src/hugehelp.c and avoid having to generate this file. This will give you
+   a stubbed version of the file that doesn't contain actual content.

 MAC OS X

--- a/Makefile.am
+++ b/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -49,7 +49,7 @@ html:
 pdf:
 	cd docs; make pdf

-check: test
+check: test examples

 if CROSSCOMPILING
 test-full: test
@@ -71,6 +71,9 @@ test-torture:

 endif

+examples:
+	@(cd docs/examples; $(MAKE) all)
+
 #
 # Build source and binary rpms. For rpm-3.0 and above, the ~/.rpmmacros
 # must contain the following line:
@@ -128,3 +131,7 @@ install-data-hook:
 uninstall-hook:
 	cd include && $(MAKE) uninstall
 	cd docs && $(MAKE) uninstall
+
+ca-bundle: lib/mk-ca-bundle.pl
+	@echo "generate a fresh ca-bundle.crt"
+	@perl $< -b -l -u lib/ca-bundle.crt
--- a/Makefile.dist
+++ b/Makefile.dist
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -68,18 +68,22 @@ watcom-clean:
 	wmake -f Makefile.Watcom clean

 mingw32:
+	$(MAKE) -C lib -f Makefile.m32
+	$(MAKE) -C src -f Makefile.m32
+
+mingw32-zlib:
 	$(MAKE) -C lib -f Makefile.m32 ZLIB=1
 	$(MAKE) -C src -f Makefile.m32 ZLIB=1

-mingw32-ssl:
+mingw32-ssl-zlib:
 	$(MAKE) -C lib -f Makefile.m32 SSL=1 ZLIB=1
 	$(MAKE) -C src -f Makefile.m32 SSL=1 ZLIB=1

-mingw32-ssh2-ssl:
+mingw32-ssh2-ssl-zlib:
 	$(MAKE) -C lib -f Makefile.m32 SSH2=1 SSL=1 ZLIB=1
 	$(MAKE) -C src -f Makefile.m32 SSH2=1 SSL=1 ZLIB=1

-mingw32-ssh2-ssl-sspi:
+mingw32-ssh2-ssl-sspi-zlib:
 	$(MAKE) -C lib -f Makefile.m32 SSH2=1 SSL=1 SSPI=1 ZLIB=1
 	$(MAKE) -C src -f Makefile.m32 SSH2=1 SSL=1 SSPI=1 ZLIB=1

@@ -124,6 +128,12 @@ vc:
 	cd ..\src
 	nmake /f Makefile.$(VC)

+vc-x64:
+	cd lib
+	MACHINE=x64 nmake /f Makefile.$(VC) cfg=release
+	cd ..\src
+	MACHINE=x64 nmake /f Makefile.$(VC)
+
 vc-zlib:
 	cd lib
 	nmake /f Makefile.$(VC) cfg=release-zlib
@@ -234,6 +244,10 @@ netware-clean:
 	$(MAKE) -C lib -f Makefile.netware clean
 	$(MAKE) -C src -f Makefile.netware clean

+netware-install:
+	$(MAKE) -C lib -f Makefile.netware install
+	$(MAKE) -C src -f Makefile.netware install
+
 unix: all

 unix-ssl: ssl
@@ -241,3 +255,14 @@ unix-ssl: ssl
 linux: all

 linux-ssl: ssl
+
+vc8:
+	@echo "generate VC8 makefiles"
+	@sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/wsock32.lib/wsock32.lib bufferoverflowu.lib/g" -e "s/VC6/VC8/g" lib/Makefile.vc6 > lib/Makefile.vc8
+	@sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/wsock32.lib/wsock32.lib bufferoverflowu.lib/g" -e "s/VC6/VC8/g" src/Makefile.vc6 > src/Makefile.vc8
+
+ca-bundle: lib/mk-ca-bundle.pl
+	@echo "generate a fresh ca-bundle.crt"
+	@perl $< -b -l -u lib/ca-bundle.crt
+
+
--- a/111
+++ b/111
@@ -1,56 +1,59 @@
-Curl and libcurl 7.16.2
+Curl and libcurl 7.18.1

- Public curl release number:               98
- Releases counted from the very beginning: 125
- Available command line options:           118
- Available curl_easy_setopt() options:     141
- Number of public functions in libcurl:    54
- Amount of public web site mirrors:        38
- Number of known libcurl bindings:         35
- Number of contributors:                   539
+ Public curl releases:         104
+ Command line options:         126
+ curl_easy_setopt() options:   150
+ Public functions in libcurl:  56
+ Public web site mirrors:      39
+ Known libcurl bindings:       36
+ Contributors:                 621

 This release includes the following changes:
 
- o added CURLOPT_TIMEOUT_MS and CURLOPT_CONNECTTIMEOUT_MS
- o added CURLOPT_HTTP_CONTENT_DECODING, CURLOPT_HTTP_TRANSFER_DECODING and
-   --raw
- o added support for using the NSS library for TLS/SSL
- o changed default anonymous FTP password
- o changed the CURLOPT_FTP_SSL_CCC option to handle active and passive
-   CCC shutdown
- o added the --ftp-ssl-ccc-mode command line option
- o includes VC8 Makefiles in the release archive
- o --ftp-ssl-control is now honoured on ftps:// URLs
- o added experimental CURL_ACKNOWLEDGE_EINTR symbol definition check
- o --key and new --pubkey options for SSH public key file logins
- o --pass now works for a SSH public key file, too
- o select (2) support no longer needed to build the library if poll() used
- o CURLOPT_POSTQUOTE works for SFTP
+ o added support for HttpOnly cookies
+ o 'make ca-bundle' downloads and generates an updated ca bundle file
+ o we no longer distribute or install a ca cert bundle
+ o SSLv2 is now disabled by default for SSL operations
+ o the test509-style setting URL in callback is officially no longer supported
+ o support a full chain of certificates in a given PKCS12 certificate
+ o resumed transfers work with SFTP
+ o added type checking macros for curl_easy_setopt() and curl_easy_getinfo(),
+   watch out for new warnings in code using libcurl (needs gcc-4.3 and
+   currently only works in C mode)
+ o curl_easy_setopt(), curl_easy_getinfo(), curl_share_setopt() and
+   curl_multi_setopt() uses are now checked to use exactly three arguments
+ o --with-ca-path=DIR configure option allows to set an openSSL CApath instead
+   of a default ca bundle.

 This release includes the following bugfixes:

- o in testsuite, update test cookies expiration from 2007-Feb-1 to year 2035 
- o socks5 works
- o builds fine with VC2005
- o CURLOPT_RANGE set to NULL resets the range for FTP
- o curl_multi_remove_handle() rare crash
- o passive FTP transfers work with SOCKS
- o multi interface HTTPS connection re-use memory leak
- o libcurl.m4's --with-libcurl is improved
- o curl-config --libs and libcurl.pc no longer list unnecessary dependencies
- o fixed an issue with CCC not working on some servers
- o several HTTP pipelining problems
- o HTTP CONNECT thru a proxy is now less blocking when the multi interface is
-   used
- o HTTP Digest header parsing fix for unquoted last word ending with CRLF
- o CURLOPT_PORT, HTTP proxy, re-using connections and non-HTTP protocols
- o CURLOPT_INTERFACE for ipv6
- o use-after-free issue with HTTP transfers with the multi interface
- o the progress callback can get called more frequently
- o timeout would restart when signal caught while awaiting socket events
- o curl -f with user+password embedded in the URL
- o 26 flaws identified by coverity.com
- o builds on QNX 6 again
+ o improved pipelining
+ o improved strdup replacement
+ o GnuTLS-built libcurl failed when doing global cleanup and reinit
+ o error message problem when unable to resolve a host on Windows
+ o Accept: header replacing
+ o not verifying server certs with GnuTLS still failed if gnutls had
+   problems with the cert
+ o when using the multi interface and a handle is removed while still having
+   a transfer going on, the connection is now closed by force
+ o bad re-use of SSL connections in non-complete state
+ o test case 405 failures with GnuTLS builds
+ o crash when connection cache size is 1 and Curl_do() failed
+ o GnuTLS-built libcurl can now be forced to prefer SSLv3
+ o crash when doing Negotiate again on a re-used connection
+ o select/poll regression
+ o better MIT kerberos configure check
+ o curl_easy_reset() + SFTP re-used connection download crash
+ o SFTP non-existing file + SFTP existing file error
+ o sharing DNS cache between easy handles running in multiple threads could
+   lead to crash
+ o SFTP upload with CURLOPT_FTP_CREATE_MISSING_DIRS on re-used connection
+ o SFTP infinite loop when given an invalid quote command
+ o curl-config erroneously reported LDAPS support with missing LDAP libraries
+ o SCP infinite loop when downloading a zero byte file
+ o setting the CURLOPT_SSL_CTX_FUNCTION with libcurl built without OpenSSL
+   now makes curl_easy_setopt() properly return failure
+ o configure --with-libssh2 (with no given path)

 This release includes the following known bugs:

@@ -58,21 +61,19 @@ This release includes the following known bugs:

 Other curl-related news:

- o pycurl 7.16.1 was released: http://pycurl.sf.net/
+ o 

 New curl mirrors:

- o http://curl.basemirror.de is a new mirror in Germany
- o http://curl.xxtracker.org is a new mirror in The Netherlands
+ o http://curl.cuendet.com/ is a new mirror in Atlanta, USA

 This release would not have looked like this without help, code, reports and
 advice from friends like these:

- Yang Tse, Manfred Schwarb, Michael Wallner, Jeff Pohlmeyer, Shmulik Regev,
- Rob Crittenden, Robert A. Monat, Dan Fandrich, Duncan Mac-Vicar Prett,
- Michal Marek, Robson Braga Araujo, Ian Turner, Linus Nielsen Feltzing,
- Ravi Pratap, Adam D. Moss, Jose Kahan, Hang Kin Lau, Justin Fletcher,
- Robert Iakobashvili, Bryan Henderson, Eygene Ryabinkin, Daniel Johnson,
- Matt Kraai, Nick Zitzmann, Rob Jones
+ Michal Marek, Dmitry Kurochkin, Niklas Angebrand, G<>nter Knauf, Yang Tse,
+ Dan Fandrich, Mike Hommey, Pooyan McSporran, Jerome Muffat-Meridol,
+ Kaspar Brand, Gautam Kachroo, Zmey Petroff, Georg Lippitsch, Sam Listopad,
+ Anatoli Tubman, Mike Protts, Michael Calmer, Brian Ulm, Dmitry Popov,
+ Jes Badwal, Dan Petitt, Stephen Collyer

        Thanks! (and sorry if I forgot to mention someone)
--- a/16
+++ b/16
@@ -1,5 +1,17 @@
-To be addressed before 7.16.3 (planned release: June 2007)
+To be addressed before 7.18.2 (planned release: June 2008)
 =============================

-93 - 
+128 - Phil Blundell's ares and ipv6 fix (feedback lacking)
+
+129 - Pierre Reiss' libcurl + https + multi = lost information (awaiting
+     better example/clarification on how to figure out when the claimed
+     problem occurs)
+
+130 - Vincent Le Normand's SFTP patch for touch
+
+131 - Scott Barrett's Support for CURLOPT_NOBODY with SFTP
+
+132 - Xponaut's CURLFORM_STREAM option to curl_formadd()
+
+133 - 

--- a/acinclude.m4
+++ b/acinclude.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -171,6 +171,515 @@ AC_DEFUN([CURL_CHECK_HEADER_WS2TCPIP], [
 ])


+dnl CURL_CHECK_HEADER_WINLDAP
+dnl -------------------------------------------------
+dnl Check for compilable and valid winldap.h header
+
+AC_DEFUN([CURL_CHECK_HEADER_WINLDAP], [
+  AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl
+  AC_CACHE_CHECK([for winldap.h], [ac_cv_header_winldap_h], [
+    AC_COMPILE_IFELSE([
+      AC_LANG_PROGRAM([
+#undef inline
+#ifdef HAVE_WINDOWS_H
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+#include <windows.h>
+#endif
+#include <winldap.h>
+      ],[
+#ifdef __CYGWIN__
+        HAVE_WINLDAP_H shall not be defined.
+#else
+        LDAP *ldp = ldap_init("dummy", LDAP_PORT);
+        ULONG res = ldap_unbind(ldp);
+#endif
+      ])
+    ],[
+      ac_cv_header_winldap_h="yes"
+    ],[
+      ac_cv_header_winldap_h="no"
+    ])
+  ])
+  case "$ac_cv_header_winldap_h" in
+    yes)
+      AC_DEFINE_UNQUOTED(HAVE_WINLDAP_H, 1,
+        [Define to 1 if you have the winldap.h header file.])
+      ;;
+  esac
+])
+
+
+dnl CURL_CHECK_HEADER_WINBER
+dnl -------------------------------------------------
+dnl Check for compilable and valid winber.h header
+
+AC_DEFUN([CURL_CHECK_HEADER_WINBER], [
+  AC_REQUIRE([CURL_CHECK_HEADER_WINLDAP])dnl
+  AC_CACHE_CHECK([for winber.h], [ac_cv_header_winber_h], [
+    AC_COMPILE_IFELSE([
+      AC_LANG_PROGRAM([
+#undef inline
+#ifdef HAVE_WINDOWS_H
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+#include <windows.h>
+#endif
+#include <winldap.h>
+#include <winber.h>
+      ],[
+#ifdef __CYGWIN__
+        HAVE_WINBER_H shall not be defined.
+#else
+        BERVAL *bvp = NULL;
+        BerElement *bep = ber_init(bvp);
+        ber_free(bep, 1);
+#endif
+      ])
+    ],[
+      ac_cv_header_winber_h="yes"
+    ],[
+      ac_cv_header_winber_h="no"
+    ])
+  ])
+  case "$ac_cv_header_winber_h" in
+    yes)
+      AC_DEFINE_UNQUOTED(HAVE_WINBER_H, 1,
+        [Define to 1 if you have the winber.h header file.])
+      ;;
+  esac
+])
+
+
+dnl CURL_CHECK_HEADER_LBER
+dnl -------------------------------------------------
+dnl Check for compilable and valid lber.h header,
+dnl and check if it is needed even with ldap.h
+
+AC_DEFUN([CURL_CHECK_HEADER_LBER], [
+  AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl
+  AC_CACHE_CHECK([for lber.h], [ac_cv_header_lber_h], [
+    AC_COMPILE_IFELSE([
+      AC_LANG_PROGRAM([
+#undef inline
+#ifdef HAVE_WINDOWS_H
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+#include <windows.h>
+#else
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#endif
+#ifndef NULL
+#define NULL (void *)0
+#endif
+#include <lber.h>
+      ],[
+        BerValue *bvp = NULL;
+        BerElement *bep = ber_init(bvp);
+        ber_free(bep, 1);
+      ])
+    ],[
+      ac_cv_header_lber_h="yes"
+    ],[
+      ac_cv_header_lber_h="no"
+    ])
+  ])
+  if test "$ac_cv_header_lber_h" = "yes"; then
+    AC_DEFINE_UNQUOTED(HAVE_LBER_H, 1,
+      [Define to 1 if you have the lber.h header file.])
+    #
+    AC_COMPILE_IFELSE([
+      AC_LANG_PROGRAM([
+#undef inline
+#ifdef HAVE_WINDOWS_H
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+#include <windows.h>
+#else
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#endif
+#ifndef NULL
+#define NULL (void *)0
+#endif
+#ifndef LDAP_DEPRECATED
+#define LDAP_DEPRECATED 1
+#endif
+#include <ldap.h>
+      ],[
+        BerValue *bvp = NULL;
+        BerElement *bep = ber_init(bvp);
+        ber_free(bep, 1);
+      ])
+    ],[
+      curl_cv_need_header_lber_h="no"
+    ],[
+      curl_cv_need_header_lber_h="yes"
+    ])
+    #
+    case "$curl_cv_need_header_lber_h" in
+      yes)
+        AC_DEFINE_UNQUOTED(NEED_LBER_H, 1,
+          [Define to 1 if you need the lber.h header file even with ldap.h])
+        ;;
+    esac
+  fi
+])
+
+
+dnl CURL_CHECK_HEADER_LDAP
+dnl -------------------------------------------------
+dnl Check for compilable and valid ldap.h header
+
+AC_DEFUN([CURL_CHECK_HEADER_LDAP], [
+  AC_REQUIRE([CURL_CHECK_HEADER_LBER])dnl
+  AC_CACHE_CHECK([for ldap.h], [ac_cv_header_ldap_h], [
+    AC_COMPILE_IFELSE([
+      AC_LANG_PROGRAM([
+#undef inline
+#ifdef HAVE_WINDOWS_H
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+#include <windows.h>
+#else
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#endif
+#ifndef LDAP_DEPRECATED
+#define LDAP_DEPRECATED 1
+#endif
+#ifdef NEED_LBER_H
+#include <lber.h>
+#endif
+#include <ldap.h>
+      ],[
+        LDAP *ldp = ldap_init("dummy", LDAP_PORT);
+        int res = ldap_unbind(ldp);
+      ])
+    ],[
+      ac_cv_header_ldap_h="yes"
+    ],[
+      ac_cv_header_ldap_h="no"
+    ])
+  ])
+  case "$ac_cv_header_ldap_h" in
+    yes)
+      AC_DEFINE_UNQUOTED(HAVE_LDAP_H, 1,
+        [Define to 1 if you have the ldap.h header file.])
+      ;;
+  esac
+])
+
+
+dnl CURL_CHECK_HEADER_LDAP_SSL
+dnl -------------------------------------------------
+dnl Check for compilable and valid ldap_ssl.h header
+
+AC_DEFUN([CURL_CHECK_HEADER_LDAP_SSL], [
+  AC_REQUIRE([CURL_CHECK_HEADER_LDAP])dnl
+  AC_CACHE_CHECK([for ldap_ssl.h], [ac_cv_header_ldap_ssl_h], [
+    AC_COMPILE_IFELSE([
+      AC_LANG_PROGRAM([
+#undef inline
+#ifdef HAVE_WINDOWS_H
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+#include <windows.h>
+#else
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#endif
+#ifndef LDAP_DEPRECATED
+#define LDAP_DEPRECATED 1
+#endif
+#ifdef NEED_LBER_H
+#include <lber.h>
+#endif
+#ifdef HAVE_LDAP_H
+#include <ldap.h>
+#endif
+#include <ldap_ssl.h>
+      ],[
+        LDAP *ldp = ldapssl_init("dummy", LDAPS_PORT, 1);
+      ])
+    ],[
+      ac_cv_header_ldap_ssl_h="yes"
+    ],[
+      ac_cv_header_ldap_ssl_h="no"
+    ])
+  ])
+  case "$ac_cv_header_ldap_ssl_h" in
+    yes)
+      AC_DEFINE_UNQUOTED(HAVE_LDAP_SSL_H, 1,
+        [Define to 1 if you have the ldap_ssl.h header file.])
+      ;;
+  esac
+])
+
+
+dnl CURL_CHECK_HEADER_LDAPSSL
+dnl -------------------------------------------------
+dnl Check for compilable and valid ldapssl.h header
+
+AC_DEFUN([CURL_CHECK_HEADER_LDAPSSL], [
+  AC_REQUIRE([CURL_CHECK_HEADER_LDAP])dnl
+  AC_CACHE_CHECK([for ldapssl.h], [ac_cv_header_ldapssl_h], [
+    AC_COMPILE_IFELSE([
+      AC_LANG_PROGRAM([
+#undef inline
+#ifdef HAVE_WINDOWS_H
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+#include <windows.h>
+#else
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#endif
+#ifndef NULL
+#define NULL (void *)0
+#endif
+#ifndef LDAP_DEPRECATED
+#define LDAP_DEPRECATED 1
+#endif
+#ifdef NEED_LBER_H
+#include <lber.h>
+#endif
+#ifdef HAVE_LDAP_H
+#include <ldap.h>
+#endif
+#include <ldapssl.h>
+      ],[
+        char *cert_label = NULL;
+        LDAP *ldp = ldap_ssl_init("dummy", LDAPS_PORT, cert_label);
+      ])
+    ],[
+      ac_cv_header_ldapssl_h="yes"
+    ],[
+      ac_cv_header_ldapssl_h="no"
+    ])
+  ])
+  case "$ac_cv_header_ldapssl_h" in
+    yes)
+      AC_DEFINE_UNQUOTED(HAVE_LDAPSSL_H, 1,
+        [Define to 1 if you have the ldapssl.h header file.])
+      ;;
+  esac
+])
+
+
+dnl CURL_CHECK_LIBS_WINLDAP
+dnl -------------------------------------------------
+dnl Check for libraries needed for WINLDAP support,
+dnl and prepended to LIBS any needed libraries.
+dnl This macro can take an optional parameter with a
+dnl white space separated list of libraries to check
+dnl before the WINLDAP default ones.
+
+AC_DEFUN([CURL_CHECK_LIBS_WINLDAP], [
+  AC_REQUIRE([CURL_CHECK_HEADER_WINBER])dnl
+  #
+  AC_MSG_CHECKING([for WINLDAP libraries])
+  #
+  u_libs=""
+  #
+  ifelse($1,,,[
+    for x_lib in $1; do
+      case "$x_lib" in
+        -l*)
+          l_lib="$x_lib"
+          ;;
+        *)
+          l_lib="-l$x_lib"
+          ;;
+      esac
+      if test -z "$u_libs"; then
+        u_libs="$l_lib"
+      else
+        u_libs="$u_libs $l_lib"
+      fi
+    done
+  ])
+  #
+  curl_cv_save_LIBS="$LIBS"
+  curl_cv_ldap_LIBS="unknown"
+  #
+  for x_nlibs in '' "$u_libs" \
+    '-lwldap32' ; do
+    if test -z "$x_nlibs"; then
+      LIBS="$curl_cv_save_LIBS"
+    else
+      LIBS="$x_nlibs $curl_cv_save_LIBS"
+    fi
+    AC_LINK_IFELSE([
+      AC_LANG_PROGRAM([
+#undef inline
+#ifdef HAVE_WINDOWS_H
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+#include <windows.h>
+#ifdef HAVE_WINLDAP_H
+#include <winldap.h>
+#endif
+#ifdef HAVE_WINBER_H
+#include <winber.h>
+#endif
+#endif
+      ],[
+        BERVAL *bvp = NULL;
+        BerElement *bep = ber_init(bvp);
+        LDAP *ldp = ldap_init("dummy", LDAP_PORT);
+        ULONG res = ldap_unbind(ldp);
+        ber_free(bep, 1);
+      ])
+    ],[
+       curl_cv_ldap_LIBS="$x_nlibs"
+       break
+    ])
+  done
+  #
+  LIBS="$curl_cv_save_LIBS"
+  #
+  case X-"$curl_cv_ldap_LIBS" in
+    X-unknown)
+      AC_MSG_RESULT([cannot find WINLDAP libraries])
+      ;;
+    X-)
+      AC_MSG_RESULT([no additional lib required])
+      ;;
+    *)
+      if test -z "$curl_cv_save_LIBS"; then
+        LIBS="$curl_cv_ldap_LIBS"
+      else
+        LIBS="$curl_cv_ldap_LIBS $curl_cv_save_LIBS"
+      fi
+      AC_MSG_RESULT([$curl_cv_ldap_LIBS])
+      ;;
+  esac
+  #
+])
+
+
+dnl CURL_CHECK_LIBS_LDAP
+dnl -------------------------------------------------
+dnl Check for libraries needed for LDAP support,
+dnl and prepended to LIBS any needed libraries.
+dnl This macro can take an optional parameter with a
+dnl white space separated list of libraries to check
+dnl before the default ones.
+
+AC_DEFUN([CURL_CHECK_LIBS_LDAP], [
+  AC_REQUIRE([CURL_CHECK_HEADER_LDAP])dnl
+  #
+  AC_MSG_CHECKING([for LDAP libraries])
+  #
+  u_libs=""
+  #
+  ifelse($1,,,[
+    for x_lib in $1; do
+      case "$x_lib" in
+        -l*)
+          l_lib="$x_lib"
+          ;;
+        *)
+          l_lib="-l$x_lib"
+          ;;
+      esac
+      if test -z "$u_libs"; then
+        u_libs="$l_lib"
+      else
+        u_libs="$u_libs $l_lib"
+      fi
+    done
+  ])
+  #
+  curl_cv_save_LIBS="$LIBS"
+  curl_cv_ldap_LIBS="unknown"
+  #
+  for x_nlibs in '' "$u_libs" \
+    '-lldap' \
+    '-llber -lldap' \
+    '-lldap -llber' \
+    '-lldapssl -lldapx -lldapsdk' \
+    '-lldapsdk -lldapx -lldapssl' ; do
+    if test -z "$x_nlibs"; then
+      LIBS="$curl_cv_save_LIBS"
+    else
+      LIBS="$x_nlibs $curl_cv_save_LIBS"
+    fi
+    AC_LINK_IFELSE([
+      AC_LANG_PROGRAM([
+#undef inline
+#ifdef HAVE_WINDOWS_H
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+#include <windows.h>
+#else
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#endif
+#ifndef NULL
+#define NULL (void *)0
+#endif
+#ifndef LDAP_DEPRECATED
+#define LDAP_DEPRECATED 1
+#endif
+#ifdef NEED_LBER_H
+#include <lber.h>
+#endif
+#ifdef HAVE_LDAP_H
+#include <ldap.h>
+#endif
+      ],[
+        BerValue *bvp = NULL;
+        BerElement *bep = ber_init(bvp);
+        LDAP *ldp = ldap_init("dummy", LDAP_PORT);
+        int res = ldap_unbind(ldp);
+        ber_free(bep, 1);
+      ])
+    ],[
+       curl_cv_ldap_LIBS="$x_nlibs"
+       break
+    ])
+  done
+  #
+  LIBS="$curl_cv_save_LIBS"
+  #
+  case X-"$curl_cv_ldap_LIBS" in
+    X-unknown)
+      AC_MSG_RESULT([cannot find LDAP libraries])
+      ;;
+    X-)
+      AC_MSG_RESULT([no additional lib required])
+      ;;
+    *)
+      if test -z "$curl_cv_save_LIBS"; then
+        LIBS="$curl_cv_ldap_LIBS"
+      else
+        LIBS="$curl_cv_ldap_LIBS $curl_cv_save_LIBS"
+      fi
+      AC_MSG_RESULT([$curl_cv_ldap_LIBS])
+      ;;
+  esac
+  #
+])
+
+
 dnl CURL_CHECK_HEADER_MALLOC
 dnl -------------------------------------------------
 dnl Check for compilable and valid malloc.h header,
@@ -1107,7 +1616,7 @@ AC_DEFUN([CURL_CHECK_NONBLOCKING_SOCKET],
 #  define PLATFORM_SUNOS4
 # endif
 #endif
-#if (defined(_AIX) || defined(__xlC__)) && !defined(_AIX4)
+#if (defined(_AIX) || defined(__xlC__)) && !defined(_AIX41)
 # define PLATFORM_AIX_V3
 #endif

@@ -1316,6 +1825,9 @@ AC_TRY_RUN([
 #include <string.h>
 #include <sys/types.h>
 #include <netdb.h>
+#ifndef NULL
+#define NULL (void *)0
+#endif

 int
 main () {
@@ -1762,7 +2274,7 @@ AC_DEFUN([CURL_CC_DEBUG_OPTS],
           dnl only if the compiler is newer than 2.95 since we got lots of
           dnl "`_POSIX_C_SOURCE' is not defined" in system headers with
           dnl gcc 2.95.4 on FreeBSD 4.9!
-           WARN="$WARN -Wundef -Wno-long-long -Wsign-compare"
+           WARN="$WARN -Wundef -Wno-long-long -Wsign-compare -Wshadow -Wno-multichar"
         fi

         if test "$gccnum" -ge "296"; then
@@ -1830,81 +2342,6 @@ AC_DEFUN([CURL_CC_DEBUG_OPTS],

 ]) dnl end of AC_DEFUN()

-
-dnl Determine the name of the library to pass to dlopen() based on the name
-dnl that would normally be given to AC_CHECK_LIB.  The preprocessor symbol
-dnl given is set to the quoted library file name. 
-dnl The standard dynamic library file name is first generated, based on the
-dnl current system type, then a search is performed for that file on the
-dnl standard dynamic library path.  If it is a symbolic link, the destination
-dnl of the link is used as the file name, after stripping off any minor
-dnl version numbers. If a library file can't be found, a guess is made.
-dnl This macro assumes AC_PROG_LIBTOOL has been called and requires perl
-dnl to be available in the PATH, or $PERL to be set to its location.
-dnl
-dnl CURL_DLLIB_NAME(VARIABLE, library_name)
-dnl e.g. CURL_DLLIB_NAME(LDAP_NAME, ldap) on a Linux system might result
-dnl in LDAP_NAME holding the string "libldap.so.2".
-
-AC_DEFUN([CURL_DLLIB_NAME],
-[
-AC_MSG_CHECKING([name of dynamic library $2])
-dnl The shared library extension variable name changes from version to
-dnl version of libtool.  Try a few names then just set one statically.
-test -z "$shared_ext" && eval shared_ext=\"$shrext_cmds\"
-test -z "$shared_ext" && shared_ext="$std_shrext"
-test -z "$shared_ext" && shared_ext="$shrext"
-test -z "$shared_ext" && shared_ext=".so"
-
-dnl Create the library link name of the correct form for this platform
-LIBNAME_LINK_SPEC=`echo "$library_names_spec" | $SED 's/^.* //'`
-DLGUESSLIB=`name=$2 eval echo "$libname_spec"`
-DLGUESSFILE=`libname="$DLGUESSLIB" release="" major="" versuffix="" eval echo "$LIBNAME_LINK_SPEC"`
-dnl Last resort in case libtool knows nothing about shared libs on this platform
-test -z "$DLGUESSFILE" && DLGUESSFILE="$DLGUESSLIB$shared_ext"
-
-dnl Synthesize a likely dynamic library name in case we can't find an actual one
-SO_NAME_SPEC="$soname_spec"
-dnl soname_spec undefined when identical to the 1st entry in library_names_spec
-test -z "$SO_NAME_SPEC" && SO_NAME_SPEC=`echo "$library_names_spec" | $SED 's/ .*$//'`
-DLGUESSSOFILE=`libname="$DLGUESSLIB" release="" major="" versuffix="" eval echo "$SO_NAME_SPEC"`
-dnl Last resort in case libtool knows nothing about shared libs on this platform
-test -z "$DLGUESSSOFILE" && DLGUESSSOFILE="$DLGUESSFILE"
-
-if test "$cross_compiling" = yes; then
-  dnl Can't look at filesystem when cross-compiling
-  AC_DEFINE_UNQUOTED($1, "$DLGUESSSOFILE", [$2 dynamic library file])
-  AC_MSG_RESULT([$DLGUESSSOFILE (guess while cross-compiling)])
-else
-
-  DLFOUNDFILE=""
-  if test "$sys_lib_dlsearch_path_spec" ; then
-    dnl Search for the link library name and see what it points to.
-    for direc in $sys_lib_dlsearch_path_spec ; do
-      DLTRYFILE="$direc/$DLGUESSFILE"
-      dnl Find where the symbolic link for this name points
-      changequote(<<, >>)dnl
-      <<
-      DLFOUNDFILE=`${PERL:-perl} -e 'use File::Basename; (basename(readlink($ARGV[0])) =~ /^(.*[^\d]\.\d+)[\d\.]*$/ && print ${1}) || exit 1;' "$DLTRYFILE" 2>&5`
-      >>
-      changequote([, ])dnl
-      if test "$?" -eq "0"; then
-        dnl Found the file link
-        break
-      fi
-    done
-  fi
-
-  if test -z "$DLFOUNDFILE" ; then
-    dnl Couldn't find a link library, so guess at a name.
-    DLFOUNDFILE="$DLGUESSSOFILE"
-  fi
-
-  AC_DEFINE_UNQUOTED($1, "$DLFOUNDFILE", [$2 dynamic library file])
-  AC_MSG_RESULT($DLFOUNDFILE)
-fi
-])
-
 # This is only a temporary fix. This macro is here to replace the broken one
 # delivered by the automake project (including the 1.9.6 release). As soon as
 # they ship a working version we SHOULD remove this work-around.
@@ -2054,3 +2491,106 @@ AC_DEFUN([CURL_CHECK_NATIVE_WINDOWS], [
  esac
 ])

+
+dnl CURL_CHECK_CA_BUNDLE
+dnl -------------------------------------------------
+dnl Check if a default ca-bundle should be used
+dnl
+dnl regarding the paths this will scan:
+dnl /etc/ssl/certs/ca-certificates.crt Debian systems
+dnl /etc/pki/tls/certs/ca-bundle.crt Redhat and Mandriva
+dnl /usr/share/ssl/certs/ca-bundle.crt old(er) Redhat
+dnl /etc/ssl/certs/ (ca path) SUSE
+
+AC_DEFUN([CURL_CHECK_CA_BUNDLE], [
+
+  AC_MSG_CHECKING([default CA cert bundle/path])
+
+  AC_ARG_WITH(ca-bundle,
+AC_HELP_STRING([--with-ca-bundle=FILE], [File name to use as CA bundle])
+AC_HELP_STRING([--without-ca-bundle], [Don't use a default CA bundle]),
+  [
+    want_ca="$withval"
+    if test "x$want_ca" = "xyes"; then
+      AC_MSG_ERROR([--with-ca-bundle=FILE requires a path to the CA bundle])
+    fi
+  ],
+  [ want_ca="unset" ])
+  AC_ARG_WITH(ca-path,
+AC_HELP_STRING([--with-ca-path=DIRECTORY], [Directory to use as CA path])
+AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
+  [
+    want_capath="$withval"
+    if test "x$want_capath" = "xyes"; then
+      AC_MSG_ERROR([--with-ca-path=DIRECTORY requires a path to the CA path directory])
+    fi
+  ],
+  [ want_capath="unset"])
+
+  if test "x$want_ca" != "xno" -a "x$want_ca" != "xunset" -a \
+          "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
+    dnl both given
+    AC_MSG_ERROR([Can't specify both --with-ca-bundle and --with-ca-path.])
+  elif test "x$want_ca" != "xno" -a "x$want_ca" != "xunset"; then
+    dnl --with-ca-bundle given
+    ca="$want_ca"
+    capath="no"
+  elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
+    dnl --with-ca-path given
+    if test "x$OPENSSL_ENABLED" != "x1"; then
+      AC_MSG_ERROR([--with-ca-path only works with openSSL])
+    fi
+    capath="$want_capath"
+    ca="no"
+  else
+    dnl neither of --with-ca-* given
+    dnl first try autodetecting a CA bundle , then a CA path
+    dnl both autodetections can be skipped by --without-ca-*
+    ca="no"
+    capath="no"
+    if test "x$want_ca" = "xunset"; then
+      dnl the path we previously would have installed the curl ca bundle
+      dnl to, and thus we now check for an already existing cert in that place
+      dnl in case we find no other
+      if test "x$prefix" != xNONE; then
+        cac="${prefix}/share/curl/curl-ca-bundle.crt"
+      else
+        cac="$ac_default_prefix/share/curl/curl-ca-bundle.crt"
+      fi
+
+      for a in /etc/ssl/certs/ca-certificates.crt \
+               /etc/pki/tls/certs/ca-bundle.crt \
+               /usr/share/ssl/certs/ca-bundle.crt \
+               "$cac"; do
+        if test -f "$a"; then
+          ca="$a"
+          break
+        fi
+      done
+    fi
+    if test "x$want_capath" = "xunset" -a "x$ca" = "xno" -a \
+            "x$OPENSSL_ENABLED" = "x1"; then
+      for a in /etc/ssl/certs/; do
+        if test -d "$a" && ls "$a"/[[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]].0 >/dev/null 2>/dev/null; then
+          capath="$a"
+          break
+        fi
+      done
+    fi
+  fi
+        
+    
+
+  if test "x$ca" != "xno"; then
+    CURL_CA_BUNDLE='"'$ca'"'
+    AC_SUBST(CURL_CA_BUNDLE)
+    AC_MSG_RESULT([$ca])
+  elif test "x$capath" != "xno"; then
+    CURL_CA_PATH="\"$capath\""
+    AC_SUBST(CURL_CA_PATH)
+    AC_MSG_RESULT([$capath (capath)])
+  else
+    AC_MSG_RESULT([no])
+  fi
+])
+
--- a/ares/AUTHORS
+++ b/ares/AUTHORS
@@ -20,3 +20,9 @@ Brad Spencer
 Ravi Pratap
 William Ahern
 Bram Matthys
+Michael Wallner
+Vlad Dinulescu
+Brad House
+Shmulik Regev
+Ashish Sharma
+Brad Spencer
--- a/ares/CHANGES
+++ b/ares/CHANGES
@@ -1,16 +1,208 @@
  Changelog for the c-ares project

-* February 19
+* December 11 2007 (Gisle Vanem)
+
+- Added another sample application; acountry.c which converts an
+  IPv4-address(es) and/or host-name(s) to country-name and country-code.
+  This uses the service of the DNSBL at countries.nerd.dk.
+
+* December 3 2007 (Daniel Stenberg)
+
+- Brad Spencer fixed the configure script to assume that there's no
+  /dev/urandom when built cross-compiled as then the script cannot check for
+  it.
+
+- Erik Kline cleaned up ares_gethostbyaddr.c:next_lookup() somewhat
+
+Version 1.5.1 (Nov 21, 2007)
+
+* November 21 2007 (Daniel Stenberg)
+
+- Robin Cornelius pointed out that ares_llist.h was missing in the release
+  archive for 1.5.0
+
+Version 1.5.0 (Nov 21, 2007)
+
+* October 2 2007 (Daniel Stenberg)
+
+- ares_strerror() segfaulted if the input error number was out of the currently
+  supported range.
+
+- Yang Tse: Avoid a segfault when generating a DNS "Transaction ID" in
+  internal function init_id_key() under low memory conditions.
+
+* September 28 2007 (Daniel Stenberg)
+
+- Bumped version to 1.5.0 for next release and soname bumped to 2 due to ABI
+  and API changes in the progress callback (and possibly more coming up from
+  Steinar)
+
+* September 28 2007 (Steinar H. Gunderson)
+
+- Don't skip a server if it's the only one. (Bugfix from the Google tree.)
+
+- Made the query callbacks receive the number of timeouts that happened during
+  the execution of a query, and updated documentation accordingly. (Patch from
+  the Google tree.)
+
+- Support a few more socket options: ARES_OPT_SOCK_SNDBUF and
+  ARES_OPT_SOCK_RCVBUF
+
+- Always register for TCP events even if there are no outstanding queries, as
+  the other side could always close the connection, which is a valid event
+  which should be responded to.
+
+* September 22 2007 (Daniel Stenberg)
+
+- Steinar H. Gunderson fixed: Correctly clear sockets from the fd_set on in
+  several functions (write_tcp_data, read_tcp_data, read_udp_packets) so that
+  if it fails and the socket is closed the following code doesn't try to use
+  the file descriptor.
+
+- Steinar H. Gunderson modified c-ares to now also do to DNS retries even when
+  TCP is used since there are several edge cases where it still makes sense.
+
+- Brad House provided a fix for ares_save_options():
+
+  Apparently I overlooked something with the ares_save_options() where it
+  would try to do a malloc(0) when no options of that type needed to be saved.
+  On most platforms, this was fine because malloc(0) doesn't actually return
+  NULL, but on AIX it does, so ares_save_options would return ARES_ENOMEM.
+
+* July 14 2007 (Daniel Stenberg)
+
+- Vlad Dinulescu fixed two outstanding valgrind reports:
+
+  1. In ares_query.c , in find_query_by_id we compare q->qid (which is a short
+  int variable) with qid, which is declared as an int variable.  Moreover,
+  DNS_HEADER_SET_QID is used to set the value of qid, but DNS_HEADER_SET_QID
+  sets only the first two bytes of qid. I think that qid should be declared as
+  "unsigned short" in this function.
+
+  2. The same problem occurs in ares_process.c, process_answer() .  query->qid
+  (an unsigned short integer variable) is compared with id, which is an
+  integer variable. Moreover, id is initialized from DNS_HEADER_QID which sets
+  only the first two bytes of id. I think that the id variable should be
+  declared as "unsigned short" in this function.
+
+  Even after declaring these variables as "unsigned short", the valgrind
+  errors are still there. Which brings us to the third problem.
+
+  3. The third problem is that Valgrind assumes that query->qid is not
+  initialised correctly. And it does that because query->qid is set from
+  DNS_HEADER_QID(qbuf); Valgrind says that qbuf has unitialised bytes. And
+  qbuf has uninitialised bytes because of channel->next_id . And next_id is
+  set by ares_init.c:ares__generate_new_id() . I found that putting short r=0
+  in this function (instead of short r) makes all Valgrind warnings go away.
+  I have studied ares__rc4() too, and this is the offending line:
+
+        buffer_ptr[counter] ^= state[xorIndex];   (ares_query.c:62)
+
+  This is what triggers Valgrind.. buffer_ptr is unitialised in this function,
+  and by applying ^= on it, it remains unitialised.
+
+Version 1.4.0 (June 8, 2007)
+
+* June 4 2007 (Daniel Stenberg)
+
+- James Bursa reported a major memory problem when resolving multi-IP names
+  and I found and fixed the problem. It was added by Ashish Sharma's patch
+  two days ago.
+
+  When I then tried to verify multiple entries in /etc/hosts after my fix, I
+  got another segfault and decided this code was not ripe for inclusion and I
+  reverted the patch.
+
+* June 2 2007
+
+- Brad Spencer found and fixed three flaws in the code, found with the new
+  gcc 4.2.0 warning: -Waddress
+
+- Brad House fixed VS2005 compiler warnings due to time_t being 64bit.
+  He also made recent Microsoft compilers use _strdup() instead of strdup().
+
+- Brad House's man pages for ares_save_options() and ares_destroy_options()
+  were added.
+
+- Ashish Sharma provided a patch for supporting multiple entries in the
+  /etc/hosts file. Patch edited for coding style and functionality by me
+  (Daniel).
+
+* May 30 2007
+
+- Shmulik Regev brought cryptographically secure transaction IDs:
+
+  The c-ares library implementation uses a DNS "Transaction ID" field that is
+  seeded with a pseudo random number (based on gettimeofday) which is
+  incremented (++) between consecutive calls and is therefore rather
+  predictable. In general, predictability of DNS Transaction ID is a well
+  known security problem (e.g.
+  http://bak.spc.org/dms/archive/dns_id_attack.txt) and makes a c-ares based
+  implementation vulnerable to DNS poisoning. Credit goes to Amit Klein
+  (Trusteer) for identifying this problem.
+
+  The patch I wrote changes the implementation to use a more secure way of
+  generating unique IDs. It starts by obtaining a key with reasonable entropy
+  which is used with an RC4 stream to generate the cryptographically secure
+  transaction IDs.
+
+  Note that the key generation code (in ares_init:randomize_key) has two
+  versions, the Windows specific one uses a cryptographically safe function
+  provided (but undocumented :) by the operating system (described at
+  http://blogs.msdn.com/michael_howard/archive/2005/01/14/353379.aspx).  The
+  default implementation is a bit naive and uses the standard 'rand'
+  function. Surely a better way to generate random keys exists for other
+  platforms.
+
+  The patch can be tested by using the adig utility and using the '-s' option.
+
+- Brad House added ares_save_options() and ares_destroy_options() that can be
+  used to keep options for later re-usal when ares_init_options() is used.
+
+  Problem: Calling ares_init() for each lookup can be unnecessarily resource
+         intensive.  On windows, it must LoadLibrary() or search the registry
+         on each call to ares_init().  On unix, it must read and parse
+         multiple files to obtain the necessary configuration information.  In
+         a single-threaded environment, it would make sense to only
+         ares_init() once, but in a heavily multi-threaded environment, it is
+         undesirable to ares_init() and ares_destroy() for each thread created
+         and track that.
+
+  Solution: Create ares_save_options() and ares_destroy_options() functions to
+         retrieve and free options obtained from an initialized channel.  The
+         options populated can be used to pass back into ares_init_options(),
+         it should populate all needed fields and not retrieve any information
+         from the system.  Probably wise to destroy the cache every minute or
+         so to prevent the data from becoming stale.
+
+- Daniel S added ares_process_fd() to allow applications to ask for processing
+  on specific sockets and thus avoiding select() and associated
+  functions/macros.  This function will be used by upcoming libcurl releases
+  for this very reason. It also made me export the ares_socket_t type in the
+  public ares.h header file, since ares_process_fd() uses that type for two of
+  the arguments.
+
+* May 25 2007
+
+- Ravi Pratap fixed a flaw in the init_by_resolv_conf() function for windows
+  that could cause it to return a bad return code.
+
+* April 16 2007
+
+- Yang Tse: Provide ares_getopt() command-line parser function as a source
+  code helper function, not belonging to the actual c-ares library.
+
+* February 19 2007

 - Vlad Dinulescu added ares_parse_ns_reply().

-* February 13
+* February 13 2007

 - Yang Tse: Fix failure to get the search sequence of /etc/hosts and
  DNS from /etc/nsswitch.conf, /etc/host.conf or /etc/svc.conf when
  /etc/resolv.conf did not exist or was unable to read it.

-* November 22
+* November 22 2006

 - Install ares_dns.h too

@@ -18,7 +210,7 @@
  struct, and there are domain/search entries in /etc/resolv.conf, the domains
  of the options struct will be overridden.

-* November 6
+* November 6 2006

 - Yang Tse removed a couple of potential zero size memory allocations.

--- a/ares/Makefile.am
+++ b/ares/Makefile.am
@@ -8,13 +8,24 @@ MSVCFILES = vc/adig/adig.dep vc/adig/adig.dsp vc/vc.dsw vc/ahost/ahost.dep \
 vc/ahost/ahost.dsp vc/areslib/areslib.dep vc/areslib/areslib.dsp	   \
 vc/areslib/areslib.dsw

+if DEBUGBUILD
+PROGS =
+else
+PROGS = ahost adig acountry
+endif
+
+noinst_PROGRAMS =$(PROGS)
+
 # adig and ahost are just sample programs and thus not mentioned with the
 # regular sources and headers
-EXTRA_DIST = CHANGES README.cares Makefile.inc adig.c ahost.c $(man_MANS) \
- $(MSVCFILES) AUTHORS config-win32.h
+EXTRA_DIST = AUTHORS CHANGES README.cares Makefile.inc Makefile.dj \
+ Makefile.m32 Makefile.netware Makefile.vc6 adig.c ahost.c $(man_MANS) \
+ $(MSVCFILES) config-win32.h RELEASE-NOTES libcares.pc.in

+pkgconfigdir = $(libdir)/pkgconfig
+pkgconfig_DATA = libcares.pc

-VER=-version-info 1:0:0
+VER=-version-info 2:0:0
 # This flag accepts an argument of the form current[:revision[:age]]. So,
 # passing -version-info 3:12:1 sets current to 3, revision to 12, and age to
 # 1.
@@ -61,6 +72,15 @@ libcares_ladir = $(includedir)
 # what headers to install on 'make install':
 libcares_la_HEADERS = ares.h ares_version.h ares_dns.h

+ahost_SOURCES = ahost.c ares_getopt.c
+ahost_LDADD = $(top_builddir)/$(lib_LTLIBRARIES)
+
+adig_SOURCES = adig.c ares_getopt.c
+adig_LDADD = $(top_builddir)/$(lib_LTLIBRARIES)
+
+acountry_SOURCES = acountry.c ares_getopt.c
+acountry_LDADD = $(top_builddir)/$(lib_LTLIBRARIES)
+
 # Make files named *.dist replace the file without .dist extension
 dist-hook:
 	find $(distdir) -name "*.dist" -exec rm {} \;
--- a/ares/Makefile.dj
+++ b/ares/Makefile.dj
@@ -14,14 +14,15 @@ CFLAGS += -DWATT32 -DHAVE_AF_INET6 -DHAVE_PF_INET6 -DHAVE_FIONBIO \
          -DHAVE_STRUCT_IN6_ADDR -DHAVE_SOCKADDR_IN6_SIN6_SCOPE_ID \
          -DHAVE_SYS_TIME_H -DHAVE_STRUCT_SOCKADDR_IN6 -DHAVE_STRUCT_ADDRINFO \
          -DHAVE_SIGNAL_H -DHAVE_SIG_ATOMIC_T -DRETSIGTYPE='void' -DHAVE_PROCESS_H \
-          -DHAVE_ARPA_NAMESER_H -DNS_INADDRSZ=4 -DHAVE_RECV -DHAVE_SEND \
+          -DHAVE_ARPA_NAMESER_H -DHAVE_SYS_SOCKET_H -DHAVE_SYS_UIO_H -DHAVE_NETINET_IN_H \
+          -DHAVE_NETINET_TCP_H -DNS_INADDRSZ=4 -DHAVE_RECV -DHAVE_SEND \
          -DSEND_TYPE_ARG1='int'   -DSEND_QUAL_ARG2='const' \
          -DSEND_TYPE_ARG2='void*' -DSEND_TYPE_ARG3='int' \
          -DSEND_TYPE_ARG4='int'   -DSEND_TYPE_RETV='int' \
          -DRECV_TYPE_ARG1='int'   -DRECV_TYPE_ARG2='void*' \
          -DRECV_TYPE_ARG3='int'   -DRECV_TYPE_ARG4='int' \
          -DRECV_TYPE_RETV='int'   -DHAVE_STRUCT_TIMEVAL \
-          -UHAVE_CONFIG_H
+          -Dselect=select_s        -Dsocklen_t=int -UHAVE_CONFIG_H

 LDFLAGS = -s

@@ -38,7 +39,6 @@ endif

 ifeq ($(USE_ZLIB),1)
  EX_LIBS += $(ZLIB_ROOT)/libz.a
-  CFLAGS  += -DUSE_MANUAL
 endif

 ifeq ($(USE_IDNA),1)
@@ -49,23 +49,26 @@ EX_LIBS += $(WATT32_ROOT)/lib/libwatt.a

 OBJECTS = $(addprefix $(OBJ_DIR)/, $(CSOURCES:.c=.o))

-all: $(OBJ_DIR) libcares.a ahost.exe adig.exe
+all: $(OBJ_DIR) libcares.a ahost.exe adig.exe acountry.exe
 	@echo Welcome to c-ares.

 libcares.a: $(OBJECTS)
 	ar rs $@ $?

-ahost.exe: ahost.c $(OBJ_HACK)
+ahost.exe: ahost.c $(OBJ_DIR)/ares_getopt.o $(OBJ_HACK)
 	$(CC) $(LDFLAGS) $(CFLAGS) -o $@ $^ $(EX_LIBS)

-adig.exe: adig.c $(OBJ_HACK)
+adig.exe: adig.c $(OBJ_DIR)/ares_getopt.o $(OBJ_HACK)
+	$(CC) $(LDFLAGS) $(CFLAGS) -o $@ $^ $(EX_LIBS)
+
+acountry.exe: acountry.c $(OBJ_DIR)/ares_getopt.o $(OBJ_HACK)
 	$(CC) $(LDFLAGS) $(CFLAGS) -o $@ $^ $(EX_LIBS)

 clean:
 	rm -f $(OBJECTS) libcares.a

 vclean realclean: clean
-	rm -f ahost.exe adig.exe depend.dj
+	rm -f ahost.exe adig.exe acountry.exe depend.dj
 	- rmdir $(OBJ_DIR)

 -include depend.dj
--- a/ares/Makefile.inc
+++ b/ares/Makefile.inc
@@ -6,11 +6,11 @@ ares_timeout.c ares_destroy.c ares_mkquery.c ares_version.c		\
 ares_expand_name.c ares_parse_a_reply.c windows_port.c			\
 ares_expand_string.c ares_parse_ptr_reply.c ares_parse_aaaa_reply.c	\
 ares_getnameinfo.c inet_net_pton.c bitncmp.c inet_ntop.c		\
-ares_parse_ns_reply.c
+ares_parse_ns_reply.c ares_llist.c

 HHEADERS = ares.h ares_private.h setup.h ares_dns.h ares_version.h          \
           nameser.h inet_net_pton.h inet_ntop.h ares_ipv6.h bitncmp.h      \
-           setup_once.h 
+           setup_once.h ares_llist.h

 MANPAGES= ares_destroy.3 ares_expand_name.3 ares_expand_string.3 ares_fds.3 \
 ares_free_hostent.3 ares_free_string.3 ares_gethostbyaddr.3		    \
@@ -18,5 +18,5 @@ MANPAGES= ares_destroy.3 ares_expand_name.3 ares_expand_string.3 ares_fds.3 \
 ares_parse_a_reply.3 ares_parse_ptr_reply.3 ares_process.3		    \
 ares_query.3 ares_search.3 ares_send.3 ares_strerror.3 ares_timeout.3	    \
 ares_version.3 ares_cancel.3 ares_parse_aaaa_reply.3 ares_getnameinfo.3    \
- ares_getsock.3 ares_parse_ns_reply.3
-
+ ares_getsock.3 ares_parse_ns_reply.3 \
+ ares_destroy_options.3 ares_save_options.3
--- a/ares/Makefile.m32
+++ b/ares/Makefile.m32
@@ -5,45 +5,45 @@
 ## Use: make -f Makefile.m32 [demos]
 ##
 ## Quick hack by Guenter; comments to: /dev/nul
-
-CC = gcc
-RANLIB = ranlib
-
+#
 ########################################################
 ## Nothing more to do below this line!

 LIB	= libcares.a
+
 CC	= gcc
+LD	= gcc
+RANLIB	= ranlib
+#RM	= rm -f
+
 CFLAGS	= -O2 -Wall
 LDFLAGS	= -s
 LIBS	= -lwsock32

-MANPAGES := $(patsubst %.c,%.o,$(wildcard ares_*.3))
+# Makefile.inc provides the CSOURCES and HHEADERS defines
+include Makefile.inc

-OBJS	:= $(patsubst %.c,%.o,$(wildcard ares_*.c))
-OBJS	+= windows_port.o inet_ntop.o inet_net_pton.o bitncmp.o
+OBJLIB	:= $(patsubst %.c,%.o,$(strip $(CSOURCES)))

-$(LIB): ${OBJS}
-	ar cru $@ ${OBJS}
-	${RANLIB} $@
+
+$(LIB): $(OBJLIB)
+	ar cru $@ $^
+	$(RANLIB) $@

 all: $(LIB) demos

-demos: adig.exe ahost.exe
+demos: adig.exe ahost.exe acountry.exe

 tags:
 	etags *.[ch]

-adig.exe: adig.o $(LIB)
-	${CC} ${LDFLAGS} -o $@ adig.o $(LIB) ${LIBS}
+%.exe: %.o ares_getopt.o $(LIB)
+	$(LD) $(LDFLAGS) -o $@ $^ $(LIBS)

-ahost.exe: ahost.o $(LIB)
-	${CC} ${LDFLAGS} -o $@ ahost.o $(LIB) ${LIBS}
-
-${OBJS}: ares.h ares_dns.h ares_private.h
+$(OBJLIB): ares.h ares_dns.h ares_private.h

 .c.o:
-	${CC} -c ${CFLAGS} $<
+	$(CC) $(CFLAGS) -c $<

 check:

@@ -61,8 +61,8 @@ install:
 	done)

 clean:
-	rm -f ${OBJS} $(LIB) adig.o adig.exe ahost.o ahost.exe
+	$(RM) ares_getopt.o $(OBJLIB) $(LIB) adig.exe ahost.exe acountry.exe

 distclean: clean
-	rm -f config.cache config.log config.status Makefile
+	$(RM) config.cache config.log config.status Makefile

--- a/ares/Makefile.netware
+++ b/ares/Makefile.netware
@@ -1,7 +1,7 @@
 #################################################################
 # $Id$
 #
-## Makefile for building libares (NetWare version - gnu make)
+## Makefile for building libcares (NetWare version - gnu make)
 ## Use: make -f Makefile.netware
 ##
 ## Comments to: Guenter Knauf http://www.gknw.de/phpbb
@@ -14,14 +14,14 @@ NDKBASE	= c:/novell
 endif

 ifndef INSTDIR
-INSTDIR	= ../curl-$(LIBCURL_VERSION_STR)-bin-nw
+INSTDIR	= ../ares-$(LIBCARES_VERSION_STR)-bin-nw
 endif

 # Edit the vars below to change NLM target settings.
-TARGETS = adig.nlm ahost.nlm
+TARGETS = adig.nlm ahost.nlm acountry.nlm
 LTARGET = libcares.$(LIBEXT)
 VERSION	= $(LIBCARES_VERSION)
-COPYR	= Copyright (C) 1996 - 2007, Daniel Stenberg, <daniel@haxx.se>
+COPYR	= Copyright (C) 1996 - 2008, Daniel Stenberg, <daniel@haxx.se>
 DESCR	= cURL $(subst .def,,$(notdir $@)) $(LIBCARES_VERSION_STR) - http://curl.haxx.se
 MTSAFE	= YES
 STACK	= 64000
@@ -35,10 +35,10 @@ ifndef LIBARCH
 LIBARCH = LIBC
 endif

-# must be equal to DEBUG or NDEBUG
+# must be equal to NDEBUG or DEBUG, CURLDEBUG
+ifndef DB
 DB	= NDEBUG
-# DB	= DEBUG
-# DB	= CURLDEBUG
+endif
 # Optimization: -O<n> or debugging: -g
 ifeq ($(DB),NDEBUG)
 	OPT	= -O2
@@ -51,18 +51,27 @@ endif
 # Include the version info retrieved from curlver.h
 -include $(OBJDIR)/version.inc

-# The following line defines your compiler.
+# The following lines defines your compiler.
+ifdef CWFolder
+	METROWERKS = $(CWFolder)
+endif
 ifdef METROWERKS
+	# MWCW_PATH = $(subst \,/,$(METROWERKS))/Novell Support
+	MWCW_PATH = $(subst \,/,$(METROWERKS))/Novell Support/Metrowerks Support
 	CC = mwccnlm
 else
 	CC = gcc
 endif
+# a native win32 awk can be downloaded from here:
+# http://www.gknw.net/development/prgtools/awk-20070501.zip
+AWK	= awk
 YACC	= bison -y
 CP	= cp -afv
+MKDIR	= mkdir
 # RM	= rm -f
 # if you want to mark the target as MTSAFE you will need a tool for
 # generating the xdc data for the linker; here's a minimal tool:
-# http://www.gknw.com/development/prgtools/mkxdc.zip
+# http://www.gknw.net/development/prgtools/mkxdc.zip
 MPKXDC	= mkxdc

 # Global flags for all compilers
@@ -70,10 +79,11 @@ CFLAGS	= $(OPT) -D$(DB) -DNETWARE -DHAVE_CONFIG_H -nostdinc

 ifeq ($(CC),mwccnlm)
 LD	= mwldnlm
-LDFLAGS	= -nostdlib $(PRELUDE) $(OBJS) $(<:.def=.o) -o $@ -commandfile
+LDFLAGS	= -nostdlib $(PRELUDE) $(OBJEXE) $(<:.def=.o) -o $@ -commandfile
 AR	= mwldnlm
-ARFLAGS	= -type library -w nocmdline $(OBJDIR)/*.o -o
+ARFLAGS	= -nostdlib -type library -o
 LIBEXT	= lib
+#RANLIB	=
 CFLAGS	+= -msgstyle gcc -gccinc -inline off -opt nointrinsics -proc 586
 CFLAGS	+= -relax_pointers
 #CFLAGS	+= -w on
@@ -81,8 +91,10 @@ ifeq ($(LIBARCH),LIBC)
 	PRELUDE = $(SDK_LIBC)/imports/libcpre.o
 	CFLAGS += -align 4
 else
-	PRELUDE = "$(METROWERKS)/Novell Support/libraries/runtime/prelude.obj"
-#	CFLAGS += -include "$(METROWERKS)/Novell Support/headers/nlm_prefix.h"
+	# PRELUDE = $(SDK_CLIB)/imports/clibpre.o
+	# to avoid the __init_* / __deinit_* whoes dont use prelude from NDK
+	PRELUDE = "$(MWCW_PATH)/libraries/runtime/prelude.obj"
+	# CFLAGS += -include "$(MWCW_PATH)/headers/nlm_clib_prefix.h"
 	CFLAGS += -align 1
 endif
 else
@@ -91,12 +103,16 @@ LDFLAGS	= -T
 AR	= ar
 ARFLAGS	= -cq
 LIBEXT	= a
+RANLIB	= ranlib
 CFLAGS	+= -fno-builtin -fpcc-struct-return -fno-strict-aliasing
 CFLAGS	+= -Wall -Wno-format -Wno-uninitialized # -pedantic
 ifeq ($(LIBARCH),LIBC)
 	PRELUDE = $(SDK_LIBC)/imports/libcpre.gcc.o
 else
-	PRELUDE = $(SDK_CLIB)/imports/clibpre.gcc.o
+	# PRELUDE = $(SDK_CLIB)/imports/clibpre.gcc.o
+	# to avoid the __init_* / __deinit_* whoes dont use prelude from NDK
+	# http://www.gknw.net/development/mk_nlm/gcc_pre.zip
+	PRELUDE = $(NDK_ROOT)/pre/prelude.o
 	CFLAGS += -include $(NDKBASE)/nlmconv/genlm.h
 endif
 endif
@@ -106,14 +122,17 @@ SDK_CLIB = $(NDK_ROOT)/nwsdk
 SDK_LIBC = $(NDK_ROOT)/libc

 ifeq ($(LIBARCH),LIBC)
-	INCLUDES += -I$(SDK_LIBC)/include -I$(SDK_LIBC)/include/nks
+	INCLUDES += -I$(SDK_LIBC)/include
+	# INCLUDES += -I$(SDK_LIBC)/include/nks
 	# INCLUDES += -I$(SDK_LIBC)/include/winsock
 	CFLAGS += -D_POSIX_SOURCE
-#	CFLAGS += -D__ANSIC__
 else
-	INCLUDES += -I$(SDK_CLIB)/include/nlm -I$(SDK_CLIB)/include
+	INCLUDES += -I$(SDK_CLIB)/include/nlm
 	# INCLUDES += -I$(SDK_CLIB)/include/nlm/obsolete
-	CFLAGS += -DNETDB_USE_INTERNET
+	# INCLUDES += -I$(SDK_CLIB)/include
+endif
+ifeq ($(DB),CURLDEBUG)
+INCLUDES += -I../include
 endif
 CFLAGS	+= -I. $(INCLUDES)

@@ -132,7 +151,8 @@ endif
 # Makefile.inc provides the CSOURCES and HHEADERS defines
 include Makefile.inc

-OBJS	:= $(patsubst %.c,$(OBJDIR)/%.o,$(strip $(CSOURCES)))
+OBJLIB	:= $(patsubst %.c,$(OBJDIR)/%.o,$(strip $(CSOURCES)))
+OBJEXE	= $(OBJLIB) $(OBJDIR)/ares_getopt.o

 .PHONY: lib nlm prebuild dist install clean

@@ -142,10 +162,6 @@ nlm: prebuild $(TARGETS)

 prebuild: $(OBJDIR) $(OBJDIR)/version.inc config.h arpa/nameser.h

-dist: all
-	-$(RM) $(OBJS) $(OBJDIR)/*.map $(OBJDIR)/*.ncv
-	-$(RM) $(OBJDIR)/*.def $(OBJDIR)/*.xdc $(OBJDIR)/version.inc
-
 install: $(INSTDIR) all
 	@$(CP) *.nlm $(INSTDIR)
 	@$(CP) ../CHANGES $(INSTDIR)
@@ -158,21 +174,21 @@ clean:
 	-$(RM) -r $(OBJDIR)
 	-$(RM) -r arpa

-%.$(LIBEXT): $(OBJS)
+%.$(LIBEXT): $(OBJLIB)
 	@echo Creating $@
 	@-$(RM) $@
 	@$(AR) $(ARFLAGS) $@ $^
+ifdef RANLIB
+	@$(RANLIB) $@
+endif

-%.nlm: $(OBJDIR)/%.def $(OBJDIR)/%.o $(OBJDIR)/%.xdc $(OBJS)
+%.nlm: $(OBJDIR)/%.def $(OBJDIR)/%.o $(OBJDIR)/%.xdc $(OBJEXE)
 	@echo Linking $@
 	@-$(RM) $@
 	@$(LD) $(LDFLAGS) $<

-$(INSTDIR):
-	@mkdir $(INSTDIR)
-
-$(OBJDIR):
-	@mkdir $(OBJDIR)
+$(OBJDIR) $(INSTDIR):
+	@$(MKDIR) $@

 $(OBJDIR)/%.o: %.c
 #	@echo Compiling $<
@@ -180,7 +196,7 @@ $(OBJDIR)/%.o: %.c

 $(OBJDIR)/version.inc: ares_version.h $(OBJDIR)
 	@echo Creating $@
-	@awk -f ../packages/NetWare/get_ver.awk $< > $@
+	@$(AWK) -f get_ver.awk $< > $@

 $(OBJDIR)/%.xdc: Makefile.netware
 	@echo Creating $@
@@ -247,8 +263,9 @@ ifdef IMPORTS
 	@echo $(DL)import $(IMPORTS)$(DL) >> $@
 endif
 ifeq ($(LD),nlmconv)
-	@echo $(DL)input $(OBJS)$(DL) >> $@
 	@echo $(DL)input $(PRELUDE)$(DL) >> $@
+	@echo $(DL)input $(OBJEXE)$(DL) >> $@
+	@echo $(DL)input $(@:.def=.o)$(DL) >> $@
 	@echo $(DL)output $(notdir $(@:.def=.nlm))$(DL) >> $@
 endif

@@ -261,25 +278,75 @@ config.h: Makefile.netware
 	@echo $(DL)#ifndef NETWARE$(DL) >> $@
 	@echo $(DL)#error This $(notdir $@) is created for NetWare platform!$(DL) >> $@
 	@echo $(DL)#endif$(DL) >> $@
-	@echo $(DL)#define OS "i586-pc-NetWare"$(DL) >> $@
 	@echo $(DL)#define VERSION "$(LIBCARES_VERSION_STR)"$(DL) >> $@
 	@echo $(DL)#define PACKAGE_BUGREPORT "a suitable curl mailing list => http://curl.haxx.se/mail/"$(DL) >> $@
-	@echo $(DL)#define HAVE_ARPA_INET_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_ARPA_NAMESER_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_ASSERT_H 1$(DL) >> $@
+ifeq ($(LIBARCH),CLIB)
+	@echo $(DL)#define OS "i586-pc-clib-NetWare"$(DL) >> $@
+	@echo $(DL)#define MAXHOSTNAMELEN 256$(DL) >> $@
+	@echo $(DL)#define NETDB_USE_INTERNET 1$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG1 int$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG2 char *$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG3 int$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG4 int$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_RETV int$(DL) >> $@
+	@echo $(DL)#define SEND_QUAL_ARG2$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG1 int$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG2 char *$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG3 int$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG4 int$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_RETV int$(DL) >> $@
+	@echo $(DL)#define socklen_t int$(DL) >> $@
+	@echo $(DL)#define strncasecmp strnicmp$(DL) >> $@
+	@echo $(DL)#define strcasecmp stricmp$(DL) >> $@
+else
+	@echo $(DL)#define OS "i586-pc-libc-NetWare"$(DL) >> $@
 	@echo $(DL)#define HAVE_DLFCN_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_DLOPEN 1$(DL) >> $@
-	@echo $(DL)#define HAVE_ERR_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_FCNTL_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_FIONBIO 1$(DL) >> $@
-	@echo $(DL)#define HAVE_GETHOSTBYADDR 1$(DL) >> $@
+	@echo $(DL)#define HAVE_FTRUNCATE 1$(DL) >> $@
 	@echo $(DL)#define HAVE_GETTIMEOFDAY 1$(DL) >> $@
-	@echo $(DL)#define HAVE_INET_ADDR 1$(DL) >> $@
-	@echo $(DL)#define HAVE_INET_NTOA 1$(DL) >> $@
 	@echo $(DL)#define HAVE_INET_PTON 1$(DL) >> $@
 	@echo $(DL)#define HAVE_INTTYPES_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_LIMITS_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_LONGLONG 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STDINT_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRCASECMP 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRLCAT 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRLCPY 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRTOLL 1$(DL) >> $@
+	@echo $(DL)#define HAVE_SYS_PARAM_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_SYS_SELECT_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_TERMIOS_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_AF_INET6 1$(DL) >> $@
+	@echo $(DL)#define HAVE_PF_INET6 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRUCT_IN6_ADDR 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRUCT_SOCKADDR_IN6 1$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG1 int$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG2 void *$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG3 size_t$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG4 int$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_RETV ssize_t$(DL) >> $@
+	@echo $(DL)#define SEND_QUAL_ARG2$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG1 int$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG2 void *$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG3 size_t$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG4 int$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_RETV ssize_t$(DL) >> $@
+	@echo $(DL)#define SIZEOF_STRUCT_IN6_ADDR 16$(DL) >> $@
+endif
+	@echo $(DL)#define HAVE_ARPA_INET_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_ARPA_NAMESER_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_ASSERT_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_ERR_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_FCNTL_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_FIONBIO 1$(DL) >> $@
+	@echo $(DL)#define HAVE_GETHOSTBYADDR 1$(DL) >> $@
+	@echo $(DL)#define HAVE_GETHOSTBYNAME 1$(DL) >> $@
+	@echo $(DL)#define HAVE_GETPROTOBYNAME 1$(DL) >> $@
+	@echo $(DL)#define HAVE_GMTIME_R 1$(DL) >> $@
+	@echo $(DL)#define HAVE_INET_ADDR 1$(DL) >> $@
+	@echo $(DL)#define HAVE_INET_NTOA 1$(DL) >> $@
+	@echo $(DL)#define HAVE_LL 1$(DL) >> $@
+	@echo $(DL)#define HAVE_LOCALTIME_R 1$(DL) >> $@
 	@echo $(DL)#define HAVE_MALLOC_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_NETINET_IN_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_RECV 1$(DL) >> $@
@@ -290,46 +357,26 @@ config.h: Makefile.netware
 	@echo $(DL)#define HAVE_SIGNAL_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_SIG_ATOMIC_T 1$(DL) >> $@
 	@echo $(DL)#define HAVE_SOCKET 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STDINT_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STDLIB_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRCASECMP 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRDUP 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRFTIME 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRING_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRLCAT 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRLCPY 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRSTR 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SYS_PARAM_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SYS_SELECT_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRUCT_ADDRINFO 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRUCT_TIMEVAL 1$(DL) >> $@
+	@echo $(DL)#define HAVE_SYS_IOCTL_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_SYS_STAT_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_SYS_TIME_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_TERMIOS_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_TIME_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_UNAME 1$(DL) >> $@
 	@echo $(DL)#define HAVE_UNISTD_H 1$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_ARG1 int$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_ARG2 char *$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_ARG3 int$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_ARG4 int$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_RETV int$(DL) >> $@
+	@echo $(DL)#define HAVE_UTIME 1$(DL) >> $@
+	@echo $(DL)#define HAVE_UTIME_H 1$(DL) >> $@
 	@echo $(DL)#define RETSIGTYPE void$(DL) >> $@
-	@echo $(DL)#define SEND_QUAL_ARG2$(DL) >> $@
-	@echo $(DL)#define SEND_TYPE_ARG1 int$(DL) >> $@
-	@echo $(DL)#define SEND_TYPE_ARG2 char *$(DL) >> $@
-	@echo $(DL)#define SEND_TYPE_ARG3 int$(DL) >> $@
-	@echo $(DL)#define SEND_TYPE_ARG4 int$(DL) >> $@
-	@echo $(DL)#define SEND_TYPE_RETV int$(DL) >> $@
 	@echo $(DL)#define SIZEOF_CURL_OFF_T 4$(DL) >> $@
+	@echo $(DL)#define SIZEOF_STRUCT_IN_ADDR 4$(DL) >> $@
 	@echo $(DL)#define STDC_HEADERS 1$(DL) >> $@
 	@echo $(DL)#define TIME_WITH_SYS_TIME 1$(DL) >> $@
-	@echo $(DL)#define HAVE_AF_INET6 1$(DL) >> $@
-	@echo $(DL)#define HAVE_PF_INET6 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRUCT_ADDRINFO 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRUCT_IN6_ADDR 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRUCT_SOCKADDR_IN6 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRUCT_TIMEVAL 1$(DL) >> $@
-	@echo $(DL)#define SIZEOF_STRUCT_IN6_ADDR 16$(DL) >> $@
-	@echo $(DL)#define SIZEOF_STRUCT_IN_ADDR 4$(DL) >> $@
 ifdef NW_WINSOCK
 	@echo $(DL)#define HAVE_CLOSESOCKET 1$(DL) >> $@
 else
--- a/ares/Makefile.vc6
+++ b/ares/Makefile.vc6
@@ -60,6 +60,7 @@ OBJECTS = $(OBJ_DIR)\ares_fds.obj              \
          $(OBJ_DIR)\ares_strerror.obj         \
          $(OBJ_DIR)\ares_cancel.obj           \
          $(OBJ_DIR)\ares_init.obj             \
+          $(OBJ_DIR)\ares_llist.obj            \
          $(OBJ_DIR)\ares_timeout.obj          \
          $(OBJ_DIR)\ares_destroy.obj          \
          $(OBJ_DIR)\ares_mkquery.obj          \
@@ -75,7 +76,7 @@ OBJECTS = $(OBJ_DIR)\ares_fds.obj              \
          $(OBJ_DIR)\inet_net_pton.obj         \
          $(OBJ_DIR)\inet_ntop.obj

-all: $(OBJ_DIR) cares.lib cares.dll cares_imp.lib ahost.exe adig.exe
+all: $(OBJ_DIR) cares.lib cares.dll cares_imp.lib ahost.exe adig.exe acountry.exe
       @echo Welcome to c-ares library and examples

 $(OBJ_DIR):
@@ -124,11 +125,14 @@ $(DEF_FILE): $(OBJECTS) Makefile.VC6
       @echo   ares_gettimeofday      >> $@
       @echo   ares_parse_aaaa_reply  >> $@

-ahost.exe: $(OBJ_DIR) $(OBJ_DIR)\ahost.obj $(OBJ_DIR)\getopt.obj cares_imp.lib
-       link $(LDFLAGS) -out:$@ $(OBJ_DIR)\ahost.obj $(OBJ_DIR)\getopt.obj cares_imp.lib $(EX_LIBS)
+ahost.exe: $(OBJ_DIR) $(OBJ_DIR)\ahost.obj $(OBJ_DIR)\ares_getopt.obj cares_imp.lib
+       link $(LDFLAGS) -out:$@ $(OBJ_DIR)\ahost.obj $(OBJ_DIR)\ares_getopt.obj cares_imp.lib $(EX_LIBS)

-adig.exe: $(OBJ_DIR) $(OBJ_DIR)\adig.obj $(OBJ_DIR)\getopt.obj cares_imp.lib
-       link $(LDFLAGS) -out:$@ $(OBJ_DIR)\adig.obj $(OBJ_DIR)\getopt.obj cares_imp.lib $(EX_LIBS)
+adig.exe: $(OBJ_DIR) $(OBJ_DIR)\adig.obj $(OBJ_DIR)\ares_getopt.obj cares_imp.lib
+       link $(LDFLAGS) -out:$@ $(OBJ_DIR)\adig.obj $(OBJ_DIR)\ares_getopt.obj cares_imp.lib $(EX_LIBS)
+
+acountry.exe: $(OBJ_DIR) $(OBJ_DIR)\acountry.obj $(OBJ_DIR)\ares_getopt.obj cares_imp.lib
+       link $(LDFLAGS) -out:$@ $(OBJ_DIR)\acountry.obj $(OBJ_DIR)\ares_getopt.obj cares_imp.lib $(EX_LIBS)

 clean:
       - del $(OBJ_DIR)\*.obj *.ilk *.pdb *.pbt *.pbi *.pbo *._xe *.map
@@ -229,3 +233,8 @@ $(OBJ_DIR)\bitncmp.obj: bitncmp.c bitncmp.h

 $(OBJ_DIR)\inet_ntop.obj: inet_ntop.c setup.h setup_once.h nameser.h           \
  ares_ipv6.h inet_ntop.h
+
+$(OBJ_DIR)\ares_getopt.obj: ares_getopt.c ares_getopt.h
+
+$(OBJ_DIR)\ares_llist.obj: ares_llist.c setup.h setup_once.h ares.h            \
+  ares_private.h ares_llist.h
--- a/ares/RELEASE-NOTES
+++ b/ares/RELEASE-NOTES
@@ -0,0 +1,9 @@
+This is what's new and changed in the c-ares 1.5.2 release:
+
+ o 
+
+Thanks go to these friendly people for their efforts and contributions:
+
+ 
+
+Have fun!
--- a/ares/acinclude.m4
+++ b/ares/acinclude.m4
@@ -1085,7 +1085,7 @@ AC_DEFUN([CURL_CHECK_NONBLOCKING_SOCKET],
 #  define PLATFORM_SUNOS4
 # endif
 #endif
-#if (defined(_AIX) || defined(__xlC__)) && !defined(_AIX4)
+#if (defined(_AIX) || defined(__xlC__)) && !defined(_AIX41)
 # define PLATFORM_AIX_V3
 #endif

@@ -1369,7 +1369,7 @@ AC_DEFUN([CURL_CC_DEBUG_OPTS],
           dnl only if the compiler is newer than 2.95 since we got lots of
           dnl "`_POSIX_C_SOURCE' is not defined" in system headers with
           dnl gcc 2.95.4 on FreeBSD 4.9!
-           WARN="$WARN -Wundef -Wno-long-long -Wsign-compare"
+           WARN="$WARN -Wundef -Wno-long-long -Wsign-compare -Wshadow -Wno-multichar"
         fi

         if test "$gccnum" -ge "296"; then
--- a/ares/acountry.c
+++ b/ares/acountry.c
@@ -0,0 +1,589 @@
+/*
+ * $Id$
+ *
+ * IP-address/hostname to country converter.
+ *
+ * Problem; you want to know where IP a.b.c.d is located.
+ *
+ * Use ares_gethostbyname ("d.c.b.a.zz.countries.nerd.dk")
+ * and get the CNAME (host->h_name). Result will be:
+ *   CNAME = zz<CC>.countries.nerd.dk with address 127.0.x.y (ver 1) or
+ *   CNAME = <a.b.c.d>.zz.countries.nerd.dk with address 127.0.x.y (ver 2)
+ *
+ * The 2 letter country code in <CC> and the ISO-3166 country
+ * number in x.y (number = x*256 + y). Version 2 of the protocol is missing
+ * the <CC> number.
+ *
+ * Ref: http://countries.nerd.dk/more.html
+ *
+ * Written by G. Vanem <gvanem@broadpark.no> 2006, 2007
+ *
+ * NB! This program may not be big-endian aware.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "setup.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <ctype.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#if defined(WIN32)
+  #include <winsock.h>
+#else
+  #include <arpa/inet.h>
+  #include <netinet/in.h>
+  #include <netdb.h>
+#endif
+
+#include "ares.h"
+#include "ares_getopt.h"
+#include "inet_net_pton.h"
+#include "inet_ntop.h"
+
+static const char *usage      = "acountry [-vh?] {host|addr} ...\n";
+static const char  nerd_fmt[] = "%u.%u.%u.%u.zz.countries.nerd.dk";
+static const char *nerd_ver1  = nerd_fmt + 14;
+static const char *nerd_ver2  = nerd_fmt + 11;
+static int         verbose    = 0;
+
+#define TRACE(fmt) do {               \
+                     if (verbose > 0) \
+                       printf fmt ;   \
+                   } while (0)
+
+static void wait_ares(ares_channel channel);
+static void callback(void *arg, int status, int timeouts, struct hostent *host);
+static void callback2(void *arg, int status, int timeouts, struct hostent *host);
+static void find_country_from_cname(const char *cname, struct in_addr addr);
+
+static void Abort(const char *fmt, ...)
+{
+  va_list args;
+  va_start(args, fmt);
+  vfprintf(stderr, fmt, args);
+  va_end(args);
+  exit(1);
+}
+
+int main(int argc, char **argv)
+{
+  ares_channel channel;
+  int    ch, status;
+
+#ifdef WIN32
+  WORD wVersionRequested = MAKEWORD(USE_WINSOCK,USE_WINSOCK);
+  WSADATA wsaData;
+  WSAStartup(wVersionRequested, &wsaData);
+#endif
+
+  while ((ch = ares_getopt(argc, argv, "dvh?")) != -1)
+    switch (ch)
+      {
+      case 'd':
+#ifdef WATT32
+        dbug_init();
+#endif
+        break;
+      case 'v':
+        verbose++;
+        break;
+      case 'h':
+      case '?':
+      default:
+        Abort(usage);
+      }
+
+  argc -= optind;
+  argv += optind;
+  if (argc < 1)
+     Abort(usage);
+
+  status = ares_init(&channel);
+  if (status != ARES_SUCCESS)
+    {
+      fprintf(stderr, "ares_init: %s\n", ares_strerror(status));
+      return 1;
+    }
+
+  /* Initiate the queries, one per command-line argument. */
+  for ( ; *argv; argv++)
+    {
+      struct in_addr addr;
+      char buf[100];
+
+      /* If this fails, assume '*argv' is a host-name that
+       * must be resolved first
+       */
+      if (ares_inet_pton(AF_INET, *argv, &addr) != 1)
+        {
+          ares_gethostbyname(channel, *argv, AF_INET, callback2, &addr);
+          wait_ares(channel);
+          if (addr.s_addr == INADDR_NONE)
+            {
+              printf("Failed to lookup %s\n", *argv);
+              continue;
+            }
+        }
+
+      sprintf(buf, nerd_fmt,
+              (unsigned int)(addr.s_addr >> 24),
+              (unsigned int)((addr.s_addr >> 16) & 255),
+              (unsigned int)((addr.s_addr >> 8) & 255),
+              (unsigned int)(addr.s_addr & 255));
+      TRACE(("Looking up %s...", buf));
+      fflush(stdout);
+      ares_gethostbyname(channel, buf, AF_INET, callback, buf);
+    }
+
+  wait_ares(channel);
+  ares_destroy(channel);
+
+#ifdef WIN32
+  WSACleanup();
+#endif
+
+  return 0;
+}
+
+/*
+ * Wait for the queries to complete.
+ */
+static void wait_ares(ares_channel channel)
+{
+  while (1)
+    {
+      struct timeval *tvp, tv;
+      fd_set read_fds, write_fds;
+      int nfds;
+
+      FD_ZERO(&read_fds);
+      FD_ZERO(&write_fds);
+      nfds = ares_fds(channel, &read_fds, &write_fds);
+      if (nfds == 0)
+        break;
+      tvp = ares_timeout(channel, NULL, &tv);
+      select(nfds, &read_fds, &write_fds, NULL, tvp);
+      ares_process(channel, &read_fds, &write_fds);
+    }
+}
+
+/*
+ * This is the callback used when we have the IP-address of interest.
+ * Extract the CNAME and figure out the country-code from it.
+ */
+static void callback(void *arg, int status, int timeouts, struct hostent *host)
+{
+  const char *name = (const char*)arg;
+  const char *cname;
+  char buf[20];
+
+  (void)timeouts;
+
+  if (!host || status != ARES_SUCCESS)
+    {
+      printf("Failed to lookup %s: %s\n", name, ares_strerror(status));
+      return;
+    }
+
+  TRACE(("\nFound address %s, name %s\n",
+         ares_inet_ntop(AF_INET,(const char*)host->h_addr,buf,sizeof(buf)),
+         host->h_name));
+
+  cname = host->h_name;  /* CNAME gets put here */
+  if (!cname)
+    printf("Failed to get CNAME for %s\n", name);
+  else
+    find_country_from_cname(cname, *(struct in_addr*)host->h_addr);
+}
+
+/*
+ * This is the callback used to obtain the IP-address of the host of interest.
+ */
+static void callback2(void *arg, int status, int timeouts, struct hostent *host)
+{
+  struct in_addr *addr = (struct in_addr*) arg;
+
+  (void)timeouts;
+  if (!host || status != ARES_SUCCESS)
+    memset(addr, INADDR_NONE, sizeof(*addr));
+  else
+    memcpy(addr, host->h_addr, sizeof(*addr));
+}
+
+struct search_list {
+       int         country_number; /* ISO-3166 country number */
+       char        short_name[3];  /* A2 short country code */
+       const char *long_name;      /* normal country name */
+     };
+
+const struct search_list *list_lookup(int number, const struct search_list *list, int num)
+{
+  while (num > 0 && list->long_name)
+    {
+      if (list->country_number == number)
+        return (list);
+      num--;
+      list++;
+    }
+  return (NULL);
+}
+
+/*
+ * Ref: ftp://ftp.ripe.net/iso3166-countrycodes.txt
+ */
+static const struct search_list country_list[] = {
+       {   4, "af", "Afghanistan"                          },
+       { 248, "ax", "<EFBFBD>land Island"                         },
+       {   8, "al", "Albania"                              },
+       {  12, "dz", "Algeria"                              },
+       {  16, "as", "American Samoa"                       },
+       {  20, "ad", "Andorra"                              },
+       {  24, "ao", "Angola"                               },
+       { 660, "ai", "Anguilla"                             },
+       {  10, "aq", "Antarctica"                           },
+       {  28, "ag", "Antigua & Barbuda"                    },
+       {  32, "ar", "Argentina"                            },
+       {  51, "am", "Armenia"                              },
+       { 533, "aw", "Aruba"                                },
+       {  36, "au", "Australia"                            },
+       {  40, "at", "Austria"                              },
+       {  31, "az", "Azerbaijan"                           },
+       {  44, "bs", "Bahamas"                              },
+       {  48, "bh", "Bahrain"                              },
+       {  50, "bd", "Bangladesh"                           },
+       {  52, "bb", "Barbados"                             },
+       { 112, "by", "Belarus"                              },
+       {  56, "be", "Belgium"                              },
+       {  84, "bz", "Belize"                               },
+       { 204, "bj", "Benin"                                },
+       {  60, "bm", "Bermuda"                              },
+       {  64, "bt", "Bhutan"                               },
+       {  68, "bo", "Bolivia"                              },
+       {  70, "ba", "Bosnia & Herzegowina"                 },
+       {  72, "bw", "Botswana"                             },
+       {  74, "bv", "Bouvet Island"                        },
+       {  76, "br", "Brazil"                               },
+       {  86, "io", "British Indian Ocean Territory"       },
+       {  96, "bn", "Brunei Darussalam"                    },
+       { 100, "bg", "Bulgaria"                             },
+       { 854, "bf", "Burkina Faso"                         },
+       { 108, "bi", "Burundi"                              },
+       { 116, "kh", "Cambodia"                             },
+       { 120, "cm", "Cameroon"                             },
+       { 124, "ca", "Canada"                               },
+       { 132, "cv", "Cape Verde"                           },
+       { 136, "ky", "Cayman Islands"                       },
+       { 140, "cf", "Central African Republic"             },
+       { 148, "td", "Chad"                                 },
+       { 152, "cl", "Chile"                                },
+       { 156, "cn", "China"                                },
+       { 162, "cx", "Christmas Island"                     },
+       { 166, "cc", "Cocos Islands"                        },
+       { 170, "co", "Colombia"                             },
+       { 174, "km", "Comoros"                              },
+       { 178, "cg", "Congo"                                },
+       { 180, "cd", "Congo"                                },
+       { 184, "ck", "Cook Islands"                         },
+       { 188, "cr", "Costa Rica"                           },
+       { 384, "ci", "Cote d'Ivoire"                        },
+       { 191, "hr", "Croatia"                              },
+       { 192, "cu", "Cuba"                                 },
+       { 196, "cy", "Cyprus"                               },
+       { 203, "cz", "Czech Republic"                       },
+       { 208, "dk", "Denmark"                              },
+       { 262, "dj", "Djibouti"                             },
+       { 212, "dm", "Dominica"                             },
+       { 214, "do", "Dominican Republic"                   },
+       { 218, "ec", "Ecuador"                              },
+       { 818, "eg", "Egypt"                                },
+       { 222, "sv", "El Salvador"                          },
+       { 226, "gq", "Equatorial Guinea"                    },
+       { 232, "er", "Eritrea"                              },
+       { 233, "ee", "Estonia"                              },
+       { 231, "et", "Ethiopia"                             },
+       { 238, "fk", "Falkland Islands"                     },
+       { 234, "fo", "Faroe Islands"                        },
+       { 242, "fj", "Fiji"                                 },
+       { 246, "fi", "Finland"                              },
+       { 250, "fr", "France"                               },
+       { 249, "fx", "France, Metropolitan"                 },
+       { 254, "gf", "French Guiana"                        },
+       { 258, "pf", "French Polynesia"                     },
+       { 260, "tf", "French Southern Territories"          },
+       { 266, "ga", "Gabon"                                },
+       { 270, "gm", "Gambia"                               },
+       { 268, "ge", "Georgia"                              },
+       { 276, "de", "Germany"                              },
+       { 288, "gh", "Ghana"                                },
+       { 292, "gi", "Gibraltar"                            },
+       { 300, "gr", "Greece"                               },
+       { 304, "gl", "Greenland"                            },
+       { 308, "gd", "Grenada"                              },
+       { 312, "gp", "Guadeloupe"                           },
+       { 316, "gu", "Guam"                                 },
+       { 320, "gt", "Guatemala"                            },
+       { 324, "gn", "Guinea"                               },
+       { 624, "gw", "Guinea-Bissau"                        },
+       { 328, "gy", "Guyana"                               },
+       { 332, "ht", "Haiti"                                },
+       { 334, "hm", "Heard & Mc Donald Islands"            },
+       { 336, "va", "Vatican City"                         },
+       { 340, "hn", "Honduras"                             },
+       { 344, "hk", "Hong kong"                            },
+       { 348, "hu", "Hungary"                              },
+       { 352, "is", "Iceland"                              },
+       { 356, "in", "India"                                },
+       { 360, "id", "Indonesia"                            },
+       { 364, "ir", "Iran"                                 },
+       { 368, "iq", "Iraq"                                 },
+       { 372, "ie", "Ireland"                              },
+       { 376, "il", "Israel"                               },
+       { 380, "it", "Italy"                                },
+       { 388, "jm", "Jamaica"                              },
+       { 392, "jp", "Japan"                                },
+       { 400, "jo", "Jordan"                               },
+       { 398, "kz", "Kazakhstan"                           },
+       { 404, "ke", "Kenya"                                },
+       { 296, "ki", "Kiribati"                             },
+       { 408, "kp", "Korea (north)"                        },
+       { 410, "kr", "Korea (south)"                        },
+       { 414, "kw", "Kuwait"                               },
+       { 417, "kg", "Kyrgyzstan"                           },
+       { 418, "la", "Laos"                                 },
+       { 428, "lv", "Latvia"                               },
+       { 422, "lb", "Lebanon"                              },
+       { 426, "ls", "Lesotho"                              },
+       { 430, "lr", "Liberia"                              },
+       { 434, "ly", "Libya"                                },
+       { 438, "li", "Liechtenstein"                        },
+       { 440, "lt", "Lithuania"                            },
+       { 442, "lu", "Luxembourg"                           },
+       { 446, "mo", "Macao"                                },
+       { 807, "mk", "Macedonia"                            },
+       { 450, "mg", "Madagascar"                           },
+       { 454, "mw", "Malawi"                               },
+       { 458, "my", "Malaysia"                             },
+       { 462, "mv", "Maldives"                             },
+       { 466, "ml", "Mali"                                 },
+       { 470, "mt", "Malta"                                },
+       { 584, "mh", "Marshall Islands"                     },
+       { 474, "mq", "Martinique"                           },
+       { 478, "mr", "Mauritania"                           },
+       { 480, "mu", "Mauritius"                            },
+       { 175, "yt", "Mayotte"                              },
+       { 484, "mx", "Mexico"                               },
+       { 583, "fm", "Micronesia"                           },
+       { 498, "md", "Moldova"                              },
+       { 492, "mc", "Monaco"                               },
+       { 496, "mn", "Mongolia"                             },
+       { 500, "ms", "Montserrat"                           },
+       { 504, "ma", "Morocco"                              },
+       { 508, "mz", "Mozambique"                           },
+       { 104, "mm", "Myanmar"                              },
+       { 516, "na", "Namibia"                              },
+       { 520, "nr", "Nauru"                                },
+       { 524, "np", "Nepal"                                },
+       { 528, "nl", "Netherlands"                          },
+       { 530, "an", "Netherlands Antilles"                 },
+       { 540, "nc", "New Caledonia"                        },
+       { 554, "nz", "New Zealand"                          },
+       { 558, "ni", "Nicaragua"                            },
+       { 562, "ne", "Niger"                                },
+       { 566, "ng", "Nigeria"                              },
+       { 570, "nu", "Niue"                                 },
+       { 574, "nf", "Norfolk Island"                       },
+       { 580, "mp", "Northern Mariana Islands"             },
+       { 578, "no", "Norway"                               },
+       { 512, "om", "Oman"                                 },
+       { 586, "pk", "Pakistan"                             },
+       { 585, "pw", "Palau"                                },
+       { 275, "ps", "Palestinian Territory"                },
+       { 591, "pa", "Panama"                               },
+       { 598, "pg", "Papua New Guinea"                     },
+       { 600, "py", "Paraguay"                             },
+       { 604, "pe", "Peru"                                 },
+       { 608, "ph", "Philippines"                          },
+       { 612, "pn", "Pitcairn"                             },
+       { 616, "pl", "Poland"                               },
+       { 620, "pt", "Portugal"                             },
+       { 630, "pr", "Puerto Rico"                          },
+       { 634, "qa", "Qatar"                                },
+       { 638, "re", "Reunion"                              },
+       { 642, "ro", "Romania"                              },
+       { 643, "ru", "Russia"                               },
+       { 646, "rw", "Rwanda"                               },
+       { 659, "kn", "Saint Kitts & Nevis"                  },
+       { 662, "lc", "Saint Lucia"                          },
+       { 670, "vc", "Saint Vincent"                        },
+       { 882, "ws", "Samoa"                                },
+       { 674, "sm", "San Marino"                           },
+       { 678, "st", "Sao Tome & Principe"                  },
+       { 682, "sa", "Saudi Arabia"                         },
+       { 686, "sn", "Senegal"                              },
+       { 891, "cs", "Serbia and Montenegro"                },
+       { 690, "sc", "Seychelles"                           },
+       { 694, "sl", "Sierra Leone"                         },
+       { 702, "sg", "Singapore"                            },
+       { 703, "sk", "Slovakia"                             },
+       { 705, "si", "Slovenia"                             },
+       {  90, "sb", "Solomon Islands"                      },
+       { 706, "so", "Somalia"                              },
+       { 710, "za", "South Africa"                         },
+       { 239, "gs", "South Georgia"                        },
+       { 724, "es", "Spain"                                },
+       { 144, "lk", "Sri Lanka"                            },
+       { 654, "sh", "St. Helena"                           },
+       { 666, "pm", "St. Pierre & Miquelon"                },
+       { 736, "sd", "Sudan"                                },
+       { 740, "sr", "Suriname"                             },
+       { 744, "sj", "Svalbard & Jan Mayen Islands"         },
+       { 748, "sz", "Swaziland"                            },
+       { 752, "se", "Sweden"                               },
+       { 756, "ch", "Switzerland"                          },
+       { 760, "sy", "Syrian Arab Republic"                 },
+       { 626, "tl", "Timor-Leste"                          },
+       { 158, "tw", "Taiwan"                               },
+       { 762, "tj", "Tajikistan"                           },
+       { 834, "tz", "Tanzania"                             },
+       { 764, "th", "Thailand"                             },
+       { 768, "tg", "Togo"                                 },
+       { 772, "tk", "Tokelau"                              },
+       { 776, "to", "Tonga"                                },
+       { 780, "tt", "Trinidad & Tobago"                    },
+       { 788, "tn", "Tunisia"                              },
+       { 792, "tr", "Turkey"                               },
+       { 795, "tm", "Turkmenistan"                         },
+       { 796, "tc", "Turks & Caicos Islands"               },
+       { 798, "tv", "Tuvalu"                               },
+       { 800, "ug", "Uganda"                               },
+       { 804, "ua", "Ukraine"                              },
+       { 784, "ae", "United Arab Emirates"                 },
+       { 826, "gb", "United Kingdom"                       },
+       { 840, "us", "United States"                        },
+       { 581, "um", "United States Minor Outlying Islands" },
+       { 858, "uy", "Uruguay"                              },
+       { 860, "uz", "Uzbekistan"                           },
+       { 548, "vu", "Vanuatu"                              },
+       { 862, "ve", "Venezuela"                            },
+       { 704, "vn", "Vietnam"                              },
+       {  92, "vg", "Virgin Islands (British)"             },
+       { 850, "vi", "Virgin Islands (US)"                  },
+       { 876, "wf", "Wallis & Futuna Islands"              },
+       { 732, "eh", "Western Sahara"                       },
+       { 887, "ye", "Yemen"                                },
+       { 894, "zm", "Zambia"                               },
+       { 716, "zw", "Zimbabwe"                             }
+     };
+
+/*
+ * Check if start of 'str' is simply an IPv4 address.
+ */
+#define BYTE_OK(x) ((x) >= 0 && (x) <= 255)
+
+static int is_addr(char *str, char **end)
+{
+  int a0, a1, a2, a3, num, rc = 0, length = 0;
+
+  if ((num = sscanf(str,"%3d.%3d.%3d.%3d%n",&a0,&a1,&a2,&a3,&length)) == 4 &&
+      BYTE_OK(a0) && BYTE_OK(a1) && BYTE_OK(a2) && BYTE_OK(a3) &&
+      length >= (3+4))
+    {
+      rc = 1;
+      *end = str + length;
+    }
+  return rc;
+}
+
+/*
+ * Find the country-code and name from the CNAME. E.g.:
+ *   version 1: CNAME = zzno.countries.nerd.dk with address 127.0.2.66
+ *              yields ccode_A" = "no" and cnumber 578 (2.66).
+ *   version 2: CNAME = <a.b.c.d>.zz.countries.nerd.dk with address 127.0.2.66
+ *              yields cnumber 578 (2.66). ccode_A is "";
+ */
+static void find_country_from_cname(const char *cname, struct in_addr addr)
+{
+  const struct search_list *country;
+  char  ccode_A2[3], *ccopy, *dot_4;
+  int   cnumber, z0, z1, ver_1, ver_2;
+  u_long ip;
+
+  ip = ntohl(addr.s_addr);
+  z0 = tolower(cname[0]);
+  z1 = tolower(cname[1]);
+  ccopy = strdup(cname);
+
+  ver_1 = (z0 == 'z' && z1 == 'z' && !strcasecmp(cname+4,nerd_ver1));
+  ver_2 = (is_addr(ccopy,&dot_4) && !strcasecmp(dot_4,nerd_ver2));
+
+  if (ver_1)
+    {
+      const char *dot = strchr(cname, '.');
+      if ((z0 != 'z' && z1 != 'z') || dot != cname+4)
+        {
+          printf("Unexpected CNAME %s (ver_1)\n", cname);
+          return;
+        }
+    }
+  else if (ver_2)
+    {
+      z0 = tolower(dot_4[1]);
+      z1 = tolower(dot_4[2]);
+      if (z0 != 'z' && z1 != 'z')
+        {
+          printf("Unexpected CNAME %s (ver_2)\n", cname);
+          return;
+        }
+    }
+  else
+    {
+      printf("Unexpected CNAME %s (ver?)\n", cname);
+      return;
+    }
+
+  if (ver_1)
+    {
+      ccode_A2[0] = tolower(cname[2]);
+      ccode_A2[1] = tolower(cname[3]);
+      ccode_A2[2] = '\0';
+    }
+  else
+    ccode_A2[0] = '\0';
+
+  cnumber = ip & 0xFFFF;
+
+  TRACE(("Found country-code `%s', number %d\n",
+         ver_1 ? ccode_A2 : "<n/a>", cnumber));
+
+  country = list_lookup(cnumber, country_list,
+                        sizeof(country_list) / sizeof(country_list[0]));
+  if (!country)
+    printf("Name for country-number %d not found.\n", cnumber);
+  else
+    {
+      if (ver_1 && *(unsigned short*)&country->short_name != *(unsigned*)&ccode_A2)
+        printf("short-name mismatch; %s vs %s\n", country->short_name, ccode_A2);
+
+      printf("%s (%s), number %d.\n",
+             country->long_name, country->short_name, cnumber);
+    }
+  free(ccopy);
+}
+
--- a/ares/adig.c
+++ b/ares/adig.c
@@ -32,9 +32,6 @@
 #endif
 #include <netdb.h>
 #endif
-#ifdef HAVE_GETOPT_H
-#include <getopt.h>
-#endif

 #include <stdio.h>
 #include <stdlib.h>
@@ -45,6 +42,7 @@
 #include "ares.h"
 #include "ares_dns.h"
 #include "inet_ntop.h"
+#include "ares_getopt.h"

 #ifdef WATT32
 #undef WIN32  /* Redefined in MingW headers */
@@ -55,11 +53,6 @@
 #define T_SRV 33 /* server selection */
 #endif

-#ifndef optind
-extern int optind;
-extern char *optarg;
-#endif
-
 struct nv {
  const char *name;
  int value;
@@ -134,7 +127,8 @@ static const char *rcodes[] = {
  "(unknown)", "(unknown)", "(unknown)", "(unknown)", "NOCHANGE"
 };

-static void callback(void *arg, int status, unsigned char *abuf, int alen);
+static void callback(void *arg, int status, int timeouts,
+                     unsigned char *abuf, int alen);
 static const unsigned char *display_question(const unsigned char *aptr,
                                             const unsigned char *abuf,
                                             int alen);
@@ -163,7 +157,7 @@ int main(int argc, char **argv)
  options.flags = ARES_FLAG_NOCHECKRESP;
  options.servers = NULL;
  options.nservers = 0;
-  while ((c = getopt(argc, argv, "df:s:c:t:T:U:")) != -1)
+  while ((c = ares_getopt(argc, argv, "df:s:c:t:T:U:")) != -1)
    {
      switch (c)
        {
@@ -301,7 +295,8 @@ int main(int argc, char **argv)
  return 0;
 }

-static void callback(void *arg, int status, unsigned char *abuf, int alen)
+static void callback(void *arg, int status, int timeouts,
+                     unsigned char *abuf, int alen)
 {
  char *name = (char *) arg;
  int id, qr, opcode, aa, tc, rd, ra, rcode;
--- a/ares/ahost.c
+++ b/ares/ahost.c
@@ -34,28 +34,13 @@
 #include <stdlib.h>
 #include <string.h>

-#ifdef HAVE_GETOPT_H
-#include <getopt.h>
-#endif
-
 #include "ares.h"
 #include "ares_dns.h"
 #include "inet_ntop.h"
 #include "inet_net_pton.h"
+#include "ares_getopt.h"

-#ifndef optind
-extern int   optind;
-extern char *optarg;
-#endif
-
-#ifndef HAVE_STRUCT_IN6_ADDR
-struct in6_addr
-{
-  unsigned char s6_addr[16];
-};
-#endif
-
-static void callback(void *arg, int status, struct hostent *host);
+static void callback(void *arg, int status, int timeouts, struct hostent *host);
 static void usage(void);

 int main(int argc, char **argv)
@@ -73,7 +58,7 @@ int main(int argc, char **argv)
  WSAStartup(wVersionRequested, &wsaData);
 #endif

-  while ((c = getopt(argc,argv,"dt:h")) != -1)
+  while ((c = ares_getopt(argc,argv,"dt:h")) != -1)
    {
      switch (c)
        {
@@ -150,7 +135,7 @@ int main(int argc, char **argv)
  return 0;
 }

-static void callback(void *arg, int status, struct hostent *host)
+static void callback(void *arg, int status, int timeouts, struct hostent *host)
 {
  char **p;

--- a/ares/ares.h
+++ b/ares/ares.h
@@ -18,22 +18,37 @@
 #ifndef ARES__H
 #define ARES__H

+/*
+ * Define WIN32 when build target is Win32 API
+ */
+
+#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32)
+#define WIN32
+#endif
+
 #include <sys/types.h>

-#if defined(_AIX) || defined(NETWARE)
+#if defined(_AIX) || (defined(NETWARE) && defined(__NOVELL_LIBC__))
 /* HP-UX systems version 9, 10 and 11 lack sys/select.h and so does oldish
   libc5-based Linux systems. Only include it on system that are known to
   require it! */
 #include <sys/select.h>
 #endif
+#if (defined(NETWARE) && !defined(__NOVELL_LIBC__))
+#include <sys/bsdskt.h>
+#endif

 #if defined(WATT32)
  #include <netinet/in.h>
  #include <sys/socket.h>
  #include <tcp.h>
 #elif defined(WIN32)
-  #include <winsock2.h>
+#  ifndef WIN32_LEAN_AND_MEAN
+#    define WIN32_LEAN_AND_MEAN
+#  endif
 #  include <windows.h>
+#  include <winsock2.h>
+#  include <ws2tcpip.h>
 #else
  #include <netinet/in.h>
  #include <sys/socket.h>
@@ -94,6 +109,9 @@ extern "C" {
 #define ARES_OPT_DOMAINS        (1 << 7)
 #define ARES_OPT_LOOKUPS        (1 << 8)
 #define ARES_OPT_SOCK_STATE_CB  (1 << 9)
+#define ARES_OPT_SORTLIST       (1 << 10)
+#define ARES_OPT_SOCK_SNDBUF    (1 << 11)
+#define ARES_OPT_SOCK_RCVBUF    (1 << 12)

 /* Nameinfo flag values */
 #define ARES_NI_NOFQDN                  (1 << 0)
@@ -136,17 +154,28 @@ extern "C" {
 #define ARES_GETSOCK_WRITABLE(bits,num) (bits & (1 << ((num) + \
                                         ARES_GETSOCK_MAXNUM)))

+
+/*
+ * Typedef our socket type
+ */
+
+#ifndef ares_socket_typedef
 #ifdef WIN32
-typedef void (*ares_sock_state_cb)(void *data,
-                                   SOCKET socket,
-                                   int readable,
-                                   int writable);
+typedef SOCKET ares_socket_t;
+#define ARES_SOCKET_BAD INVALID_SOCKET
 #else
+typedef int ares_socket_t;
+#define ARES_SOCKET_BAD -1
+#endif
+#define ares_socket_typedef
+#endif /* ares_socket_typedef */
+
 typedef void (*ares_sock_state_cb)(void *data,
-                                   int socket,
+                                   ares_socket_t socket_fd,
                                   int readable,
                                   int writable);
-#endif
+
+struct apattern;

 struct ares_options {
  int flags;
@@ -155,6 +184,8 @@ struct ares_options {
  int ndots;
  unsigned short udp_port;
  unsigned short tcp_port;
+  int socket_send_buffer_size;
+  int socket_receive_buffer_size;
  struct in_addr *servers;
  int nservers;
  char **domains;
@@ -162,6 +193,8 @@ struct ares_options {
  char *lookups;
  ares_sock_state_cb sock_state_cb;
  void *sock_state_cb_data;
+  struct apattern *sortlist;
+  int nsort;
 };

 struct hostent;
@@ -169,16 +202,18 @@ struct timeval;
 struct sockaddr;
 struct ares_channeldata;
 typedef struct ares_channeldata *ares_channel;
-typedef void (*ares_callback)(void *arg, int status, unsigned char *abuf,
-                              int alen);
-typedef void (*ares_host_callback)(void *arg, int status,
+typedef void (*ares_callback)(void *arg, int status, int timeouts,
+                              unsigned char *abuf, int alen);
+typedef void (*ares_host_callback)(void *arg, int status, int timeouts,
                                   struct hostent *hostent);
-typedef void (*ares_nameinfo_callback)(void *arg, int status,
+typedef void (*ares_nameinfo_callback)(void *arg, int status, int timeouts,
                                       char *node, char *service);

 int ares_init(ares_channel *channelptr);
 int ares_init_options(ares_channel *channelptr, struct ares_options *options,
                      int optmask);
+int ares_save_options(ares_channel channel, struct ares_options *options, int *optmask);
+void ares_destroy_options(struct ares_options *options);
 void ares_destroy(ares_channel channel);
 void ares_cancel(ares_channel channel);
 void ares_send(ares_channel channel, const unsigned char *qbuf, int qlen,
@@ -200,6 +235,8 @@ int ares_getsock(ares_channel channel, int *socks, int numsocks);
 struct timeval *ares_timeout(ares_channel channel, struct timeval *maxtv,
                             struct timeval *tv);
 void ares_process(ares_channel channel, fd_set *read_fds, fd_set *write_fds);
+void ares_process_fd(ares_channel channel, ares_socket_t read_fd,
+                     ares_socket_t write_fd);

 int ares_mkquery(const char *name, int dnsclass, int type, unsigned short id,
                 int rd, unsigned char **buf, int *buflen);
@@ -207,10 +244,38 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf,
                     int alen, char **s, long *enclen);
 int ares_expand_string(const unsigned char *encoded, const unsigned char *abuf,
                     int alen, unsigned char **s, long *enclen);
+
+#if !defined(HAVE_STRUCT_IN6_ADDR) && !defined(s6_addr)
+struct in6_addr {
+  union {
+    unsigned char _S6_u8[16];
+  } _S6_un;
+};
+#define s6_addr _S6_un._S6_u8
+#endif
+
+struct addrttl {
+  struct in_addr ipaddr;
+  int            ttl;
+};
+struct addr6ttl {
+  struct in6_addr ip6addr;
+  int             ttl;
+};
+
+/*
+** Parse the buffer, starting at *abuf and of length alen bytes, previously
+** obtained from an ares_search call.  Put the results in *host, if nonnull.
+** Also, if addrttls is nonnull, put up to *naddrttls IPv4 addresses along with
+** their TTLs in that array, and set *naddrttls to the number of addresses
+** so written.
+*/
 int ares_parse_a_reply(const unsigned char *abuf, int alen,
-                       struct hostent **host);
+                       struct hostent **host,
+                       struct addrttl *addrttls, int *naddrttls);
 int ares_parse_aaaa_reply(const unsigned char *abuf, int alen,
-                       struct hostent **host);
+                       struct hostent **host,
+                       struct addr6ttl *addrttls, int *naddrttls);
 int ares_parse_ptr_reply(const unsigned char *abuf, int alen, const void *addr,
                         int addrlen, int family, struct hostent **host);
 int ares_parse_ns_reply(const unsigned char *abuf, int alen,
--- a/ares/ares__close_sockets.c
+++ b/ares/ares__close_sockets.c
@@ -35,6 +35,8 @@ void ares__close_sockets(ares_channel channel, struct server_state *server)
      /* Advance server->qhead; pull out query as we go. */
      sendreq = server->qhead;
      server->qhead = sendreq->next;
+      if (sendreq->data_storage != NULL)
+        free(sendreq->data_storage);
      free(sendreq);
    }
  server->qtail = NULL;
@@ -45,12 +47,16 @@ void ares__close_sockets(ares_channel channel, struct server_state *server)
  server->tcp_buffer = NULL;
  server->tcp_lenbuf_pos = 0;

+  /* Reset brokenness */
+  server->is_broken = 0;
+
  /* Close the TCP and UDP sockets. */
  if (server->tcp_socket != ARES_SOCKET_BAD)
    {
      SOCK_STATE_CALLBACK(channel, server->tcp_socket, 0, 0);
      closesocket(server->tcp_socket);
      server->tcp_socket = ARES_SOCKET_BAD;
+      server->tcp_connection_generation = ++channel->tcp_connection_generation;
    }
  if (server->udp_socket != ARES_SOCKET_BAD)
    {
--- a/ares/ares__get_hostent.c
+++ b/ares/ares__get_hostent.c
@@ -183,6 +183,7 @@ int ares__get_hostent(FILE *fp, int family, struct hostent **host)
            free(hostent->h_addr_list);
          free(hostent);
        }
+      *host = NULL;
      return ARES_ENOMEM;
    }

--- a/ares/ares_cancel.c
+++ b/ares/ares_cancel.c
@@ -14,29 +14,45 @@
 */

 #include "setup.h"
+#include <assert.h>
 #include <stdlib.h>
 #include "ares.h"
 #include "ares_private.h"

 /*
- * ares_cancel() cancels a ongoing request/resolve that might be going on on
- * the given channel. It does NOT kill the channel, use ares_destroy() for
+ * ares_cancel() cancels all ongoing requests/resolves that might be going on
+ * on the given channel. It does NOT kill the channel, use ares_destroy() for
 * that.
 */
 void ares_cancel(ares_channel channel)
 {
-  struct query *query, *next;
+  struct query *query;
+  struct list_node* list_head;
+  struct list_node* list_node;
  int i;

-  for (query = channel->queries; query; query = next)
+  list_head = &(channel->all_queries);
+  for (list_node = list_head->next; list_node != list_head; )
  {
-    next = query->next;
-    query->callback(query->arg, ARES_ETIMEOUT, NULL, 0);
-    free(query->tcpbuf);
-    free(query->skip_server);
-    free(query);
+    query = list_node->data;
+    list_node = list_node->next;  /* since we're deleting the query */
+    query->callback(query->arg, ARES_ETIMEOUT, 0, NULL, 0);
+    ares__free_query(query);
  }
-  channel->queries = NULL;
+#ifndef NDEBUG
+  /* Freeing the query should remove it from all the lists in which it sits,
+   * so all query lists should be empty now.
+   */
+  assert(ares__is_list_empty(&(channel->all_queries)));
+  for (i = 0; i < ARES_QID_TABLE_SIZE; i++)
+    {
+      assert(ares__is_list_empty(&(channel->queries_by_qid[i])));
+    }
+  for (i = 0; i < ARES_TIMEOUT_TABLE_SIZE; i++)
+    {
+      assert(ares__is_list_empty(&(channel->queries_by_timeout[i])));
+    }
+#endif
  if (!(channel->flags & ARES_FLAG_STAYOPEN))
  {
    if (channel->servers)
--- a/ares/ares_destroy.c
+++ b/ares/ares_destroy.c
@@ -16,21 +16,64 @@
 */

 #include "setup.h"
+#include <assert.h>
 #include <stdlib.h>
 #include "ares.h"
 #include "ares_private.h"

+void ares_destroy_options(struct ares_options *options)
+{
+  int i;
+
+  free(options->servers);
+  for (i = 0; i < options->ndomains; i++)
+    free(options->domains[i]);
+  free(options->domains);
+  if(options->sortlist)
+    free(options->sortlist);
+  free(options->lookups);
+}
+
 void ares_destroy(ares_channel channel)
 {
  int i;
  struct query *query;
+  struct list_node* list_head;
+  struct list_node* list_node;
  
  if (!channel)
    return;

+  list_head = &(channel->all_queries);
+  for (list_node = list_head->next; list_node != list_head; )
+    {
+      query = list_node->data;
+      list_node = list_node->next;  /* since we're deleting the query */
+      query->callback(query->arg, ARES_EDESTRUCTION, 0, NULL, 0);
+      ares__free_query(query);
+    }
+#ifndef NDEBUG
+  /* Freeing the query should remove it from all the lists in which it sits,
+   * so all query lists should be empty now.
+   */
+  assert(ares__is_list_empty(&(channel->all_queries)));
+  for (i = 0; i < ARES_QID_TABLE_SIZE; i++)
+    {
+      assert(ares__is_list_empty(&(channel->queries_by_qid[i])));
+    }
+  for (i = 0; i < ARES_TIMEOUT_TABLE_SIZE; i++)
+    {
+      assert(ares__is_list_empty(&(channel->queries_by_timeout[i])));
+    }
+#endif
+
  if (channel->servers) {
    for (i = 0; i < channel->nservers; i++)
-      ares__close_sockets(channel, &channel->servers[i]);
+      {
+        struct server_state *server = &channel->servers[i];
+        ares__close_sockets(channel, server);
+        assert(ares__is_list_empty(&(server->queries_to_server)));
+      }
    free(channel->servers);
  }

@@ -46,16 +89,5 @@ void ares_destroy(ares_channel channel)
  if (channel->lookups)
    free(channel->lookups);

-  while (channel->queries) {
-    query = channel->queries;
-    channel->queries = query->next;
-    query->callback(query->arg, ARES_EDESTRUCTION, NULL, 0);
-    if (query->tcpbuf)
-      free(query->tcpbuf);
-    if (query->skip_server)
-      free(query->skip_server);
-    free(query);
-  }
-
  free(channel);
 }
--- a/ares/ares_destroy_options.3
+++ b/ares/ares_destroy_options.3
@@ -0,0 +1,39 @@
+.\" $Id$
+.\"
+.\" Copyright 1998 by the Massachusetts Institute of Technology.
+.\"
+.\" Permission to use, copy, modify, and distribute this
+.\" software and its documentation for any purpose and without
+.\" fee is hereby granted, provided that the above copyright
+.\" notice appear in all copies and that both that copyright
+.\" notice and this permission notice appear in supporting
+.\" documentation, and that the name of M.I.T. not be used in
+.\" advertising or publicity pertaining to distribution of the
+.\" software without specific, written prior permission.
+.\" M.I.T. makes no representations about the suitability of
+.\" this software for any purpose.  It is provided "as is"
+.\" without express or implied warranty.
+.\"
+.TH ARES_DESTROY_OPTIONS 3 "1 June 2007"
+.SH NAME
+ares_destroy_options \- Destroy options initialized with ares_save_options
+.SH SYNOPSIS
+.nf
+.B #include <ares.h>
+.PP
+.B void ares_destroy_options(struct ares_options *\fIoptions\fP)
+.fi
+.SH DESCRIPTION
+The
+.B ares_destroy_options
+function destroys the options struct identified by
+.IR options ,
+freeing all memory allocated by ares_save_options.
+
+.SH SEE ALSO
+.BR ares_save_options (3),
+.BR ares_init_options (3)
+.SH AUTHOR
+Brad House
+.br
+Copyright 1998 by the Massachusetts Institute of Technology.
--- a/ares/ares_expand_name.c
+++ b/ares/ares_expand_name.c
@@ -74,6 +74,15 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf,
    return ARES_ENOMEM;
  q = *s;

+  if (len == 0) {
+    /* RFC2181 says this should be ".": the root of the DNS tree.
+     * Since this function strips trailing dots though, it becomes ""
+     */
+    q[0] = '\0';
+    *enclen = 1;  /* the caller should move one byte to get past this */
+    return ARES_SUCCESS;
+  }
+
  /* No error-checking necessary; it was all done by name_length(). */
  p = encoded;
  while (*p)
--- a/ares/ares_expand_string.3
+++ b/ares/ares_expand_string.3
@@ -28,7 +28,7 @@ ares_expand_string \- Expand a length encoded string
 .SH DESCRIPTION
 The
 .B ares_expand_string
-function converts a length encoded string to a NULL terminated C
+function converts a length encoded string to a NUL-terminated C
 string.  The argument
 .I encoded
 gives the beginning of the encoded string, and the arguments
--- a/ares/ares_fds.c
+++ b/ares/ares_fds.c
@@ -30,20 +30,26 @@ int ares_fds(ares_channel channel, fd_set *read_fds, fd_set *write_fds)
  ares_socket_t nfds;
  int i;

-  /* No queries, no file descriptors. */
-  if (!channel->queries)
-    return 0;
+  /* Are there any active queries? */
+  int active_queries = !ares__is_list_empty(&(channel->all_queries));

  nfds = 0;
  for (i = 0; i < channel->nservers; i++)
    {
      server = &channel->servers[i];
-      if (server->udp_socket != ARES_SOCKET_BAD)
+      /* We only need to register interest in UDP sockets if we have
+       * outstanding queries.
+       */
+      if (active_queries && server->udp_socket != ARES_SOCKET_BAD)
        {
          FD_SET(server->udp_socket, read_fds);
          if (server->udp_socket >= nfds)
            nfds = server->udp_socket + 1;
        }
+      /* We always register for TCP events, because we want to know
+       * when the other side closes the connection, so we don't waste
+       * time trying to use a broken connection.
+       */
      if (server->tcp_socket != ARES_SOCKET_BAD)
       {
         FD_SET(server->tcp_socket, read_fds);
--- a/ares/ares_free_hostent.3
+++ b/ares/ares_free_hostent.3
@@ -33,12 +33,13 @@ allocated by one of the functions \fIares_parse_a_reply(3)\fP,
 .SH NOTES
 It is not necessary (and is not correct) to free the host structure passed to
 the callback functions for \fIares_gethostbyname(3)\fP or
-\fIares_gethostbyaddr(3)\fP. The ares library will automatically free such
-host structures when the callback returns.
+\fIares_gethostbyaddr(3)\fP. c-ares will automatically free such host
+structures when the callback returns.
 .SH SEE ALSO
 .BR ares_parse_a_reply (3),
 .BR ares_parse_aaaa_reply (3),
-.BR ares_parse_ptr_reply (3)
+.BR ares_parse_ptr_reply (3),
+.BR ares_parse_ns_reply (3)
 .SH AUTHOR
 Greg Hudson, MIT Information Systems
 .br
--- a/ares/ares_free_hostent.c
+++ b/ares/ares_free_hostent.c
@@ -33,7 +33,8 @@ void ares_free_hostent(struct hostent *host)
  for (p = host->h_aliases; *p; p++)
    free(*p);
  free(host->h_aliases);
-  free(host->h_addr_list[0]);
+  free(host->h_addr_list[0]); /* no matter if there is one or many entries,
+                                 there is only one malloc for all of them */
  free(host->h_addr_list);
  free(host);
 }
--- a/ares/ares_gethostbyaddr.3
+++ b/ares/ares_gethostbyaddr.3
@@ -22,7 +22,7 @@ ares_gethostbyaddr \- Initiate a host query by address
 .B #include <ares.h>
 .PP
 .B typedef void (*ares_host_callback)(void *\fIarg\fP, int \fIstatus\fP,
-.B	struct hostent *\fIhostent\fP)
+.B	int \fItimeouts\fP, struct hostent *\fIhostent\fP)
 .PP
 .B void ares_gethostbyaddr(ares_channel \fIchannel\fP, const void *\fIaddr\fP,
 .B 	int \fIaddrlen\fP, int \fIfamily\fP, ares_host_callback \fIcallback\fP,
@@ -76,6 +76,11 @@ The name service channel
 .I channel
 is being destroyed; the query will not be completed.
 .PP
+The callback argument
+.I timeouts
+reports how many times a query timed out during the execution of the
+given request.
+.PP
 On successful completion of the query, the callback argument
 .I hostent
 points to a
--- a/ares/ares_gethostbyaddr.c
+++ b/ares/ares_gethostbyaddr.c
@@ -49,14 +49,16 @@ struct addr_query {
  void *arg;

  const char *remaining_lookups;
+  int timeouts;
 };

 static void next_lookup(struct addr_query *aquery);
-static void addr_callback(void *arg, int status, unsigned char *abuf,
-                          int alen);
+static void addr_callback(void *arg, int status, int timeouts,
+                          unsigned char *abuf, int alen);
 static void end_aquery(struct addr_query *aquery, int status,
                       struct hostent *host);
 static int file_lookup(union ares_addr *addr, int family, struct hostent **host);
+static void ptr_rr_name(char *name, int family, union ares_addr *addr);

 void ares_gethostbyaddr(ares_channel channel, const void *addr, int addrlen,
                        int family, ares_host_callback callback, void *arg)
@@ -65,21 +67,21 @@ void ares_gethostbyaddr(ares_channel channel, const void *addr, int addrlen,

  if (family != AF_INET && family != AF_INET6)
    {
-      callback(arg, ARES_ENOTIMP, NULL);
+      callback(arg, ARES_ENOTIMP, 0, NULL);
      return;
    }

  if ((family == AF_INET && addrlen != sizeof(struct in_addr)) ||
      (family == AF_INET6 && addrlen != sizeof(struct in6_addr)))
    {
-      callback(arg, ARES_ENOTIMP, NULL);
+      callback(arg, ARES_ENOTIMP, 0, NULL);
      return;
    }

  aquery = malloc(sizeof(struct addr_query));
  if (!aquery)
    {
-      callback(arg, ARES_ENOMEM, NULL);
+      callback(arg, ARES_ENOMEM, 0, NULL);
      return;
    }
  aquery->channel = channel;
@@ -91,6 +93,7 @@ void ares_gethostbyaddr(ares_channel channel, const void *addr, int addrlen,
  aquery->callback = callback;
  aquery->arg = arg;
  aquery->remaining_lookups = channel->lookups;
+  aquery->timeouts = 0;

  next_lookup(aquery);
 }
@@ -99,48 +102,26 @@ static void next_lookup(struct addr_query *aquery)
 {
  const char *p;
  char name[128];
-  int a1, a2, a3, a4, status;
+  int status;
  struct hostent *host;
-  unsigned long addr;

  for (p = aquery->remaining_lookups; *p; p++)
    {
      switch (*p)
        {
        case 'b':
-          if (aquery->family == AF_INET)
-            {
-              addr = ntohl(aquery->addr.addr4.s_addr);
-              a1 = (int)((addr >> 24) & 0xff);
-              a2 = (int)((addr >> 16) & 0xff);
-              a3 = (int)((addr >> 8) & 0xff);
-              a4 = (int)(addr & 0xff);
-              sprintf(name, "%d.%d.%d.%d.in-addr.arpa", a4, a3, a2, a1);
+          ptr_rr_name(name, aquery->family, &aquery->addr);
          aquery->remaining_lookups = p + 1;
          ares_query(aquery->channel, name, C_IN, T_PTR, addr_callback,
                     aquery);
-            }
-          else
-            {
-              unsigned char *bytes;
-              bytes = (unsigned char *)&aquery->addr.addr6.s6_addr;
-              sprintf(name, "%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.ip6.arpa",
-                      bytes[15]&0xf, bytes[15] >> 4, bytes[14]&0xf, bytes[14] >> 4,
-                      bytes[13]&0xf, bytes[13] >> 4, bytes[12]&0xf, bytes[12] >> 4,
-                      bytes[11]&0xf, bytes[11] >> 4, bytes[10]&0xf, bytes[10] >> 4,
-                      bytes[9]&0xf, bytes[9] >> 4, bytes[8]&0xf, bytes[8] >> 4,
-                      bytes[7]&0xf, bytes[7] >> 4, bytes[6]&0xf, bytes[6] >> 4,
-                      bytes[5]&0xf, bytes[5] >> 4, bytes[4]&0xf, bytes[4] >> 4,
-                      bytes[3]&0xf, bytes[3] >> 4, bytes[2]&0xf, bytes[2] >> 4,
-                      bytes[1]&0xf, bytes[1] >> 4, bytes[0]&0xf, bytes[0] >> 4);
-              aquery->remaining_lookups = p + 1;
-              ares_query(aquery->channel, name, C_IN, T_PTR, addr_callback,
-                         aquery);
-            }
          return;
        case 'f':
          status = file_lookup(&aquery->addr, aquery->family, &host);
-          if (status != ARES_ENOTFOUND)
+
+          /* this status check below previously checked for !ARES_ENOTFOUND,
+             but we should not assume that this single error code is the one
+             that can occur, as that is in fact no longer the case */
+          if (status == ARES_SUCCESS)
            {
              end_aquery(aquery, status, host);
              return;
@@ -151,11 +132,13 @@ static void next_lookup(struct addr_query *aquery)
  end_aquery(aquery, ARES_ENOTFOUND, NULL);
 }

-static void addr_callback(void *arg, int status, unsigned char *abuf, int alen)
+static void addr_callback(void *arg, int status, int timeouts,
+                          unsigned char *abuf, int alen)
 {
  struct addr_query *aquery = (struct addr_query *) arg;
  struct hostent *host;

+  aquery->timeouts += timeouts;
  if (status == ARES_SUCCESS)
    {
      if (aquery->family == AF_INET)
@@ -175,7 +158,7 @@ static void addr_callback(void *arg, int status, unsigned char *abuf, int alen)
 static void end_aquery(struct addr_query *aquery, int status,
                       struct hostent *host)
 {
-  aquery->callback(aquery->arg, status, host);
+  aquery->callback(aquery->arg, status, aquery->timeouts, host);
  if (host)
    ares_free_hostent(host);
  free(aquery);
@@ -260,3 +243,31 @@ static int file_lookup(union ares_addr *addr, int family, struct hostent **host)
    *host = NULL;
  return status;
 }
+
+static void ptr_rr_name(char *name, int family, union ares_addr *addr)
+{
+  if (family == AF_INET)
+    {
+       unsigned long laddr = ntohl(addr->addr4.s_addr);
+       int a1 = (int)((laddr >> 24) & 0xff);
+       int a2 = (int)((laddr >> 16) & 0xff);
+       int a3 = (int)((laddr >> 8) & 0xff);
+       int a4 = (int)(laddr & 0xff);
+       sprintf(name, "%d.%d.%d.%d.in-addr.arpa", a4, a3, a2, a1);
+    }
+  else
+    {
+       unsigned char *bytes = (unsigned char *)&addr->addr6.s6_addr;
+       sprintf(name,
+                "%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x."
+                "%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.ip6.arpa",
+                bytes[15]&0xf, bytes[15] >> 4, bytes[14]&0xf, bytes[14] >> 4,
+                bytes[13]&0xf, bytes[13] >> 4, bytes[12]&0xf, bytes[12] >> 4,
+                bytes[11]&0xf, bytes[11] >> 4, bytes[10]&0xf, bytes[10] >> 4,
+                bytes[9]&0xf, bytes[9] >> 4, bytes[8]&0xf, bytes[8] >> 4,
+                bytes[7]&0xf, bytes[7] >> 4, bytes[6]&0xf, bytes[6] >> 4,
+                bytes[5]&0xf, bytes[5] >> 4, bytes[4]&0xf, bytes[4] >> 4,
+                bytes[3]&0xf, bytes[3] >> 4, bytes[2]&0xf, bytes[2] >> 4,
+                bytes[1]&0xf, bytes[1] >> 4, bytes[0]&0xf, bytes[0] >> 4);
+    }
+}
--- a/ares/ares_gethostbyname.3
+++ b/ares/ares_gethostbyname.3
@@ -22,7 +22,7 @@ ares_gethostbyname \- Initiate a host query by name
 .B #include <ares.h>
 .PP
 .B typedef void (*ares_host_callback)(void *\fIarg\fP, int \fIstatus\fP,
-.B	struct hostent *\fIhostent\fP)
+.B	int \fItimeouts\fP, struct hostent *\fIhostent\fP)
 .PP
 .B void ares_gethostbyname(ares_channel \fIchannel\fP, const char *\fIname\fP,
 .B 	int \fIfamily\fP, ares_host_callback \fIcallback\fP, void *\fIarg\fP)
@@ -80,6 +80,11 @@ The name service channel
 .I channel
 is being destroyed; the query will not be completed.
 .PP
+The callback argument
+.I timeouts
+reports how many times a query timed out during the execution of the
+given request.
+.PP
 On successful completion of the query, the callback argument
 .I hostent
 points to a
--- a/ares/ares_gethostbyname.c
+++ b/ares/ares_gethostbyname.c
@@ -54,11 +54,12 @@ struct host_query {
  void *arg;
  int family;
  const char *remaining_lookups;
+  int timeouts;
 };

-static void next_lookup(struct host_query *hquery);
-static void host_callback(void *arg, int status, unsigned char *abuf,
-                          int alen);
+static void next_lookup(struct host_query *hquery, int status_code);
+static void host_callback(void *arg, int status, int timeouts,
+                          unsigned char *abuf, int alen);
 static void end_hquery(struct host_query *hquery, int status,
                       struct hostent *host);
 static int fake_hostent(const char *name, int family, ares_host_callback callback,
@@ -81,7 +82,7 @@ void ares_gethostbyname(ares_channel channel, const char *name, int family,
  /* Right now we only know how to look up Internet addresses. */
  if (family != AF_INET && family != AF_INET6)
    {
-      callback(arg, ARES_ENOTIMP, NULL);
+      callback(arg, ARES_ENOTIMP, 0, NULL);
      return;
    }

@@ -92,7 +93,7 @@ void ares_gethostbyname(ares_channel channel, const char *name, int family,
  hquery = malloc(sizeof(struct host_query));
  if (!hquery)
    {
-      callback(arg, ARES_ENOMEM, NULL);
+      callback(arg, ARES_ENOMEM, 0, NULL);
      return;
    }
  hquery->channel = channel;
@@ -101,22 +102,23 @@ void ares_gethostbyname(ares_channel channel, const char *name, int family,
  if (!hquery->name)
    {
      free(hquery);
-      callback(arg, ARES_ENOMEM, NULL);
+      callback(arg, ARES_ENOMEM, 0, NULL);
      return;
    }
  hquery->callback = callback;
  hquery->arg = arg;
  hquery->remaining_lookups = channel->lookups;
+  hquery->timeouts = 0;

  /* Start performing lookups according to channel->lookups. */
-  next_lookup(hquery);
+  next_lookup(hquery, ARES_ECONNREFUSED /* initial error code */);
 }

-static void next_lookup(struct host_query *hquery)
+static void next_lookup(struct host_query *hquery, int status_code)
 {
-  int status;
  const char *p;
  struct hostent *host;
+  int status = status_code;

  for (p = hquery->remaining_lookups; *p; p++)
    {
@@ -126,8 +128,8 @@ static void next_lookup(struct host_query *hquery)
          /* DNS lookup */
          hquery->remaining_lookups = p + 1;
          if (hquery->family == AF_INET6)
-            ares_search(hquery->channel, hquery->name, C_IN, T_AAAA, host_callback,
-                        hquery);
+            ares_search(hquery->channel, hquery->name, C_IN, T_AAAA,
+                        host_callback, hquery);
          else
            ares_search(hquery->channel, hquery->name, C_IN, T_A, host_callback,
                        hquery);
@@ -136,34 +138,41 @@ static void next_lookup(struct host_query *hquery)
        case 'f':
          /* Host file lookup */
          status = file_lookup(hquery->name, hquery->family, &host);
-          if (status != ARES_ENOTFOUND)
+
+          /* this status check below previously checked for !ARES_ENOTFOUND,
+             but we should not assume that this single error code is the one
+             that can occur, as that is in fact no longer the case */
+          if (status == ARES_SUCCESS)
            {
              end_hquery(hquery, status, host);
              return;
            }
+          status = status_code;   /* Use original status code */
          break;
        }
    }
-  end_hquery(hquery, ARES_ENOTFOUND, NULL);
+  end_hquery(hquery, status, NULL);
 }

-static void host_callback(void *arg, int status, unsigned char *abuf, int alen)
+static void host_callback(void *arg, int status, int timeouts,
+                          unsigned char *abuf, int alen)
 {
  struct host_query *hquery = (struct host_query *) arg;
  ares_channel channel = hquery->channel;
  struct hostent *host;

+  hquery->timeouts += timeouts;
  if (status == ARES_SUCCESS)
    {
      if (hquery->family == AF_INET)
        {
-          status = ares_parse_a_reply(abuf, alen, &host);
+          status = ares_parse_a_reply(abuf, alen, &host, NULL, NULL);
          if (host && channel->nsort)
            sort_addresses(host, channel->sortlist, channel->nsort);
        }
      else if (hquery->family == AF_INET6)
        {
-          status = ares_parse_aaaa_reply(abuf, alen, &host);
+          status = ares_parse_aaaa_reply(abuf, alen, &host, NULL, NULL);
          if (host && channel->nsort)
            sort6_addresses(host, channel->sortlist, channel->nsort);
        }
@@ -179,13 +188,13 @@ static void host_callback(void *arg, int status, unsigned char *abuf, int alen)
  else if (status == ARES_EDESTRUCTION)
    end_hquery(hquery, status, NULL);
  else
-    next_lookup(hquery);
+    next_lookup(hquery, status);
 }

 static void end_hquery(struct host_query *hquery, int status,
                       struct hostent *host)
 {
-  hquery->callback(hquery->arg, status, host);
+  hquery->callback(hquery->arg, status, hquery->timeouts, host);
  if (host)
    ares_free_hostent(host);
  free(hquery->name);
@@ -206,7 +215,27 @@ static int fake_hostent(const char *name, int family, ares_host_callback callbac
  struct in6_addr in6;

  if (family == AF_INET)
+    {
+      /* It only looks like an IP address if it's all numbers and dots. */
+      int numdots = 0;
+      const char *p;
+      for (p = name; *p; p++)
+        {
+          if (!ISDIGIT(*p) && *p != '.') {
+            return 0;
+          } else if (*p == '.') {
+            numdots++;
+          }
+        }
+    
+      /* if we don't have 3 dots, it is illegal 
+       * (although inet_addr doesn't think so).
+       */
+      if (numdots != 3)
+        result = 0;
+      else
        result = ((in.s_addr = inet_addr(name)) == INADDR_NONE ? 0 : 1);
+    }
  else if (family == AF_INET6)
    result = (ares_inet_pton(AF_INET6, name, &in6) < 1 ? 0 : 1);

@@ -227,7 +256,7 @@ static int fake_hostent(const char *name, int family, ares_host_callback callbac
  hostent.h_name = strdup(name);
  if (!hostent.h_name)
    {
-      callback(arg, ARES_ENOMEM, NULL);
+      callback(arg, ARES_ENOMEM, 0, NULL);
      return 1;
    }

@@ -236,7 +265,7 @@ static int fake_hostent(const char *name, int family, ares_host_callback callbac
  hostent.h_aliases = aliases;
  hostent.h_addrtype = family;
  hostent.h_addr_list = addrs;
-  callback(arg, ARES_SUCCESS, &hostent);
+  callback(arg, ARES_SUCCESS, 0, &hostent);

  free((char *)(hostent.h_name));
  return 1;
@@ -416,4 +445,3 @@ static int get6_address_index(struct in6_addr *addr, struct apattern *sortlist,
    }
  return i;
 }
-
--- a/ares/ares_getnameinfo.3
+++ b/ares/ares_getnameinfo.3
@@ -22,7 +22,7 @@ ares_getnameinfo \- Address-to-nodename translation in protocol-independent mann
 .B #include <ares.h>
 .PP
 .B typedef void (*ares_nameinfo_callback)(void *\fIarg\fP, int \fIstatus\fP,
-.B	char *\fInode\fP, char *\fIservice\fP)
+.B	int \fItimeouts\fP, char *\fInode\fP, char *\fIservice\fP)
 .PP
 .B void ares_getnameinfo(ares_channel \fIchannel\fP, const struct sockaddr *\fIsa\fP,
 .B 	socklen_t \fIsalen\fP, int \fIflags\fP, ares_nameinfo_callback \fIcallback\fP,
@@ -120,6 +120,11 @@ The
 .I flags
 parameter contains an illegal value.
 .PP
+The callback argument
+.I timeouts
+reports how many times a query timed out during the execution of the
+given request.
+.PP
 On successful completion of the query, the callback argument
 .I node
 contains a string representing the hostname (assuming 
--- a/ares/ares_getnameinfo.c
+++ b/ares/ares_getnameinfo.c
@@ -59,6 +59,7 @@ struct nameinfo_query {
  } addr;
  int family;
  int flags;
+  int timeouts;
 };

 #ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
@@ -67,7 +68,7 @@ struct nameinfo_query {
 #define IPBUFSIZ 40
 #endif

-static void nameinfo_callback(void *arg, int status, struct hostent *host);
+static void nameinfo_callback(void *arg, int status, int timeouts, struct hostent *host);
 static char *lookup_service(unsigned short port, int flags,
                            char *buf, size_t buflen);
 #ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
@@ -90,7 +91,7 @@ void ares_getnameinfo(ares_channel channel, const struct sockaddr *sa, socklen_t
    addr6 = (struct sockaddr_in6 *)sa;
  else
    {
-      callback(arg, ARES_ENOTIMP, NULL, NULL);
+      callback(arg, ARES_ENOTIMP, 0, NULL, NULL);
      return;
    }

@@ -110,7 +111,7 @@ void ares_getnameinfo(ares_channel channel, const struct sockaddr *sa, socklen_t
        port = addr6->sin6_port;
      service = lookup_service((unsigned short)(port & 0xffff),
                               flags, buf, sizeof(buf));
-      callback(arg, ARES_SUCCESS, NULL, service);
+      callback(arg, ARES_SUCCESS, 0, NULL, service);
      return;
    }

@@ -131,7 +132,7 @@ void ares_getnameinfo(ares_channel channel, const struct sockaddr *sa, socklen_t
         */
        if (flags & ARES_NI_NAMEREQD)
          {
-            callback(arg, ARES_EBADFLAGS, NULL, NULL);
+            callback(arg, ARES_EBADFLAGS, 0, NULL, NULL);
            return;
          }
        if (salen == sizeof(struct sockaddr_in6))
@@ -152,7 +153,7 @@ void ares_getnameinfo(ares_channel channel, const struct sockaddr *sa, socklen_t
        if (flags & ARES_NI_LOOKUPSERVICE)
          service = lookup_service((unsigned short)(port & 0xffff),
                                   flags, srvbuf, sizeof(srvbuf));
-        callback(arg, ARES_SUCCESS, ipbuf, service);
+        callback(arg, ARES_SUCCESS, 0, ipbuf, service);
        return;
      }
    /* This is where a DNS lookup becomes necessary */
@@ -161,12 +162,13 @@ void ares_getnameinfo(ares_channel channel, const struct sockaddr *sa, socklen_t
        niquery = malloc(sizeof(struct nameinfo_query));
        if (!niquery)
          {
-            callback(arg, ARES_ENOMEM, NULL, NULL);
+            callback(arg, ARES_ENOMEM, 0, NULL, NULL);
            return;
          }
        niquery->callback = callback;
        niquery->arg = arg;
        niquery->flags = flags;
+        niquery->timeouts = 0;
        if (sa->sa_family == AF_INET)
          {
            niquery->family = AF_INET;
@@ -185,13 +187,13 @@ void ares_getnameinfo(ares_channel channel, const struct sockaddr *sa, socklen_t
    }
 }

-static void nameinfo_callback(void *arg, int status, struct hostent *host)
+static void nameinfo_callback(void *arg, int status, int timeouts, struct hostent *host)
 {
  struct nameinfo_query *niquery = (struct nameinfo_query *) arg;
  char srvbuf[33];
  char *service = NULL;

-
+  niquery->timeouts += timeouts;
  if (status == ARES_SUCCESS)
    {
      /* They want a service too */
@@ -220,7 +222,7 @@ static void nameinfo_callback(void *arg, int status, struct hostent *host)
                 *end = 0;
             }
        }
-      niquery->callback(niquery->arg, ARES_SUCCESS, (char *)(host->h_name),
+      niquery->callback(niquery->arg, ARES_SUCCESS, niquery->timeouts, (char *)(host->h_name),
                        service);
      return;
    }
@@ -247,10 +249,10 @@ static void nameinfo_callback(void *arg, int status, struct hostent *host)
            service = lookup_service(niquery->addr.addr6.sin6_port,
                                     niquery->flags, srvbuf, sizeof(srvbuf));
        }
-      niquery->callback(niquery->arg, ARES_SUCCESS, ipbuf, service);
+      niquery->callback(niquery->arg, ARES_SUCCESS, niquery->timeouts, ipbuf, service);
      return;
    }
-  niquery->callback(niquery->arg, status, NULL, NULL);
+  niquery->callback(niquery->arg, status, niquery->timeouts, NULL, NULL);
  free(niquery);
 }

@@ -295,7 +297,11 @@ static char *lookup_service(unsigned short port, int flags,
 #endif
 #else
          /* Lets just hope the OS uses TLS! */
+#if (defined(NETWARE) && !defined(__NOVELL_LIBC__))
+          sep = getservbyport(port, (char*)proto);
+#else
          sep = getservbyport(port, proto);
+#endif
 #endif
        }
      if (sep && sep->s_name)
--- a/ares/ares_getopt.c
+++ b/ares/ares_getopt.c
@@ -0,0 +1,123 @@
+/*
+ * Original file name getopt.c  Initial import into the c-ares source tree
+ * on 2007-04-11.  Lifted from version 5.2 of the 'Open Mash' project with
+ * the modified BSD license, BSD license without the advertising clause.
+ *
+ * $Id$
+ */
+
+/*
+ * getopt.c --
+ *
+ *      Standard UNIX getopt function.  Code is from BSD.
+ *
+ * Copyright (c) 1987-2001 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * A. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * B. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * C. Neither the names of the copyright holders nor the names of its
+ *    contributors may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS
+ * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* #if !defined(lint)
+ * static char sccsid[] = "@(#)getopt.c 8.2 (Berkeley) 4/2/94";
+ * #endif
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "ares_getopt.h"
+
+int   opterr = 1,     /* if error message should be printed */
+      optind = 1,     /* index into parent argv vector */
+      optopt,         /* character checked for validity */
+      optreset;       /* reset getopt */
+char  *optarg;        /* argument associated with option */
+
+#define  BADCH   (int)'?'
+#define  BADARG  (int)':'
+#define  EMSG    (char *)""
+
+/*
+ * ares_getopt --
+ *    Parse argc/argv argument vector.
+ */
+int
+ares_getopt(int nargc, char * const nargv[], const char *ostr)
+{
+    static char *place = EMSG;                /* option letter processing */
+    char *oli;                                /* option letter list index */
+
+    if (optreset || !*place) {                /* update scanning pointer */
+        optreset = 0;
+        if (optind >= nargc || *(place = nargv[optind]) != '-') {
+            place = EMSG;
+            return (EOF);
+        }
+        if (place[1] && *++place == '-') {    /* found "--" */
+            ++optind;
+            place = EMSG;
+            return (EOF);
+        }
+    }                                         /* option letter okay? */
+    if ((optopt = (int)*place++) == (int)':' ||
+        !(oli = strchr(ostr, optopt))) {
+        /*
+         * if the user didn't specify '-' as an option,
+         * assume it means EOF.
+         */
+        if (optopt == (int)'-')
+            return (EOF);
+        if (!*place)
+            ++optind;
+        if (opterr && *ostr != ':')
+            (void)fprintf(stderr,
+                "%s: illegal option -- %c\n", __FILE__, optopt);
+        return (BADCH);
+    }
+    if (*++oli != ':') {                      /* don't need argument */
+        optarg = NULL;
+        if (!*place)
+            ++optind;
+    }
+    else {                                    /* need an argument */
+        if (*place)                           /* no white space */
+            optarg = place;
+        else if (nargc <= ++optind) {         /* no arg */
+            place = EMSG;
+            if (*ostr == ':')
+                return (BADARG);
+            if (opterr)
+                (void)fprintf(stderr,
+                    "%s: option requires an argument -- %c\n",
+                    __FILE__, optopt);
+            return (BADCH);
+        }
+         else                                 /* white space */
+            optarg = nargv[optind];
+        place = EMSG;
+        ++optind;
+    }
+    return (optopt);                          /* dump back option letter */
+}
--- a/ares/ares_getopt.h
+++ b/ares/ares_getopt.h
@@ -0,0 +1,41 @@
+#ifndef ARES_GETOPT_H
+#define ARES_GETOPT_H
+
+/*
+ * Copyright (c) 1987-2001 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * A. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * B. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * C. Neither the names of the copyright holders nor the names of its
+ *    contributors may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS
+ * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+
+int ares_getopt(int nargc, char * const nargv[], const char *ostr);
+
+extern char *optarg;
+extern int optind;
+extern int opterr;
+
+
+#endif /* ARES_GETOPT_H */
--- a/ares/ares_getsock.c
+++ b/ares/ares_getsock.c
@@ -34,16 +34,18 @@ int ares_getsock(ares_channel channel,

  ares_socket_t *socks = (ares_socket_t *)s;

-  /* No queries, no file descriptors. */
-  if (!channel->queries)
-    return 0;
+  /* Are there any active queries? */
+  int active_queries = !ares__is_list_empty(&(channel->all_queries));

  for (i = 0;
       (i < channel->nservers) && (sockindex < ARES_GETSOCK_MAXNUM);
       i++)
    {
      server = &channel->servers[i];
-      if (server->udp_socket != ARES_SOCKET_BAD)
+      /* We only need to register interest in UDP sockets if we have
+       * outstanding queries.
+       */
+      if (active_queries && server->udp_socket != ARES_SOCKET_BAD)
        {
          if(sockindex >= numsocks)
            break;
@@ -51,6 +53,10 @@ int ares_getsock(ares_channel channel,
          bitmap |= ARES_GETSOCK_READABLE(setbits, sockindex);
          sockindex++;
        }
+      /* We always register for TCP events, because we want to know
+       * when the other side closes the connection, so we don't waste
+       * time trying to use a broken connection.
+       */
      if (server->tcp_socket != ARES_SOCKET_BAD)
       {
         if(sockindex >= numsocks)
@@ -58,7 +64,7 @@ int ares_getsock(ares_channel channel,
         socks[sockindex] = server->tcp_socket;
         bitmap |= ARES_GETSOCK_READABLE(setbits, sockindex);

-         if (server->qhead)
+         if (server->qhead && active_queries)
           /* then the tcp socket is also writable! */
           bitmap |= ARES_GETSOCK_WRITABLE(setbits, sockindex);

--- a/ares/ares_init.c
+++ b/ares/ares_init.c
@@ -23,7 +23,10 @@
 #include <malloc.h>

 #else
+#ifdef HAVE_SYS_PARAM_H
 #include <sys/param.h>
+#endif
+
 #ifdef HAVE_SYS_TIME_H
 #include <sys/time.h>
 #endif
@@ -61,7 +64,7 @@
 #undef WIN32  /* Redefined in MingW/MSVC headers */
 #endif

-static int init_by_options(ares_channel channel, struct ares_options *options,
+static int init_by_options(ares_channel channel, const struct ares_options *options,
                           int optmask);
 static int init_by_environment(ares_channel channel);
 static int init_by_resolv_conf(ares_channel channel);
@@ -72,6 +75,8 @@ static int config_nameserver(struct server_state **servers, int *nservers,
 static int set_search(ares_channel channel, const char *str);
 static int set_options(ares_channel channel, const char *str);
 static const char *try_option(const char *p, const char *q, const char *opt);
+static int init_id_key(rc4_key* key,int key_data_len);
+
 #ifndef WIN32
 static int sortlist_alloc(struct apattern **sortlist, int *nsort, struct apattern *pat);
 static int ip_addr(const char *s, int len, struct in_addr *addr);
@@ -84,6 +89,12 @@ static int config_sortlist(struct apattern **sortlist, int *nsort,
 static char *try_config(char *s, const char *opt);
 #endif

+#define ARES_CONFIG_CHECK(x) (x->lookups && x->nsort > -1 && \
+                             x->nservers > -1 && \
+                             x->ndomains > -1 && \
+                             x->ndots > -1 && x->timeout > -1 && \
+                             x->tries > -1)
+
 int ares_init(ares_channel *channelptr)
 {
  return ares_init_options(channelptr, NULL, 0);
@@ -96,7 +107,6 @@ int ares_init_options(ares_channel *channelptr, struct ares_options *options,
  int i;
  int status = ARES_SUCCESS;
  struct server_state *server;
-  struct timeval tv;

 #ifdef CURLDEBUG
  const char *env = getenv("CARES_MEMDEBUG");
@@ -123,17 +133,32 @@ int ares_init_options(ares_channel *channelptr, struct ares_options *options,
  channel->ndots = -1;
  channel->udp_port = -1;
  channel->tcp_port = -1;
+  channel->socket_send_buffer_size = -1;
+  channel->socket_receive_buffer_size = -1;
  channel->nservers = -1;
  channel->ndomains = -1;
  channel->nsort = -1;
+  channel->tcp_connection_generation = 0;
  channel->lookups = NULL;
-  channel->queries = NULL;
  channel->domains = NULL;
  channel->sortlist = NULL;
  channel->servers = NULL;
  channel->sock_state_cb = NULL;
  channel->sock_state_cb_data = NULL;

+  channel->last_timeout_processed = (long)time(NULL);
+
+  /* Initialize our lists of queries */
+  ares__init_list_head(&(channel->all_queries));
+  for (i = 0; i < ARES_QID_TABLE_SIZE; i++)
+    {
+      ares__init_list_head(&(channel->queries_by_qid[i]));
+    }
+  for (i = 0; i < ARES_TIMEOUT_TABLE_SIZE; i++)
+    {
+      ares__init_list_head(&(channel->queries_by_timeout[i]));
+    }
+
  /* Initialize configuration by each of the four sources, from highest
   * precedence to lowest.
   */
@@ -162,6 +187,18 @@ int ares_init_options(ares_channel *channelptr, struct ares_options *options,
      DEBUGF(fprintf(stderr, "Error: init_by_defaults failed: %s\n",
                     ares_strerror(status)));
  }
+
+  /* Generate random key */
+
+  if (status == ARES_SUCCESS) {
+    status = init_id_key(&channel->id_key, ARES_ID_KEY_LEN);
+    if (status == ARES_SUCCESS)
+      channel->next_id = ares__generate_new_id(&channel->id_key);
+    else
+      DEBUGF(fprintf(stderr, "Error: init_id_key failed: %s\n",
+                     ares_strerror(status)));
+  }
+
  if (status != ARES_SUCCESS)
    {
      /* Something failed; clean up memory we may have allocated. */
@@ -191,28 +228,99 @@ int ares_init_options(ares_channel *channelptr, struct ares_options *options,
      server = &channel->servers[i];
      server->udp_socket = ARES_SOCKET_BAD;
      server->tcp_socket = ARES_SOCKET_BAD;
+      server->tcp_connection_generation = ++channel->tcp_connection_generation;
      server->tcp_lenbuf_pos = 0;
      server->tcp_buffer = NULL;
      server->qhead = NULL;
      server->qtail = NULL;
+      ares__init_list_head(&(server->queries_to_server));
+      server->channel = channel;
+      server->is_broken = 0;
    }

-  /* Choose a somewhat random query ID.  The main point is to avoid
-   * collisions with stale queries.  An attacker trying to spoof a DNS
-   * answer also has to guess the query ID, but it's only a 16-bit
-   * field, so there's not much to be done about that.
-   */
-  gettimeofday(&tv, NULL);
-  channel->next_id = (unsigned short)
-    ((tv.tv_sec ^ tv.tv_usec ^ getpid()) & 0xffff);
-
-  channel->queries = NULL;
-
  *channelptr = channel;
  return ARES_SUCCESS;
 }

-static int init_by_options(ares_channel channel, struct ares_options *options,
+/* Save options from initialized channel */
+int ares_save_options(ares_channel channel, struct ares_options *options,
+                      int *optmask)
+{
+  int i;
+
+  /* Zero everything out */
+  memset(options, 0, sizeof(struct ares_options));
+
+  if (!ARES_CONFIG_CHECK(channel))
+    return ARES_ENODATA;
+
+  (*optmask) = (ARES_OPT_FLAGS|ARES_OPT_TIMEOUT|ARES_OPT_TRIES|ARES_OPT_NDOTS|
+                ARES_OPT_UDP_PORT|ARES_OPT_TCP_PORT|ARES_OPT_SOCK_STATE_CB|
+                ARES_OPT_SERVERS|ARES_OPT_DOMAINS|ARES_OPT_LOOKUPS|
+                ARES_OPT_SORTLIST);
+
+  /* Copy easy stuff */
+  options->flags   = channel->flags;
+  options->timeout = channel->timeout;
+  options->tries   = channel->tries;
+  options->ndots   = channel->ndots;
+  options->udp_port = (unsigned short)channel->udp_port;
+  options->tcp_port = (unsigned short)channel->tcp_port;
+  options->sock_state_cb     = channel->sock_state_cb;
+  options->sock_state_cb_data = channel->sock_state_cb_data;
+
+  /* Copy servers */
+  if (channel->nservers) {
+    options->servers =
+      malloc(channel->nservers * sizeof(struct server_state));
+    if (!options->servers && channel->nservers != 0)
+      return ARES_ENOMEM;
+    for (i = 0; i < channel->nservers; i++)
+      options->servers[i] = channel->servers[i].addr;
+  }
+  options->nservers = channel->nservers;
+
+  /* copy domains */
+  if (channel->ndomains) {
+    options->domains = malloc(channel->ndomains * sizeof(char *));
+    if (!options->domains)
+      return ARES_ENOMEM;
+
+    for (i = 0; i < channel->ndomains; i++)
+    {
+      options->ndomains = i;
+      options->domains[i] = strdup(channel->domains[i]);
+      if (!options->domains[i])
+        return ARES_ENOMEM;
+    }
+  }
+  options->ndomains = channel->ndomains;
+
+  /* copy lookups */
+  if (channel->lookups) {
+    options->lookups = strdup(channel->lookups);
+    if (!options->lookups && channel->lookups)
+      return ARES_ENOMEM;
+  }
+
+  /* copy sortlist */
+  if (channel->nsort) {
+    options->sortlist = malloc(channel->nsort * sizeof(struct apattern));
+    if (!options->sortlist)
+      return ARES_ENOMEM;
+    for (i = 0; i < channel->nsort; i++)
+    {
+      memcpy(&(options->sortlist[i]), &(channel->sortlist[i]),
+             sizeof(struct apattern));
+    }
+  }
+  options->nsort = channel->nsort;
+
+  return ARES_SUCCESS;
+}
+
+static int init_by_options(ares_channel channel,
+                           const struct ares_options *options,
                           int optmask)
 {
  int i;
@@ -235,6 +343,12 @@ static int init_by_options(ares_channel channel, struct ares_options *options,
      channel->sock_state_cb = options->sock_state_cb;
      channel->sock_state_cb_data = options->sock_state_cb_data;
    }
+  if ((optmask & ARES_OPT_SOCK_SNDBUF)
+      && channel->socket_send_buffer_size == -1)
+    channel->socket_send_buffer_size = options->socket_send_buffer_size;
+  if ((optmask & ARES_OPT_SOCK_RCVBUF)
+      && channel->socket_receive_buffer_size == -1)
+    channel->socket_receive_buffer_size = options->socket_receive_buffer_size;

  /* Copy the servers, if given. */
  if ((optmask & ARES_OPT_SERVERS) && channel->nservers == -1)
@@ -282,6 +396,19 @@ static int init_by_options(ares_channel channel, struct ares_options *options,
        return ARES_ENOMEM;
    }

+  /* copy sortlist */
+  if ((optmask & ARES_OPT_SORTLIST) && channel->nsort == -1)
+    {
+      channel->sortlist = malloc(options->nsort * sizeof(struct apattern));
+      if (!channel->sortlist)
+        return ARES_ENOMEM;
+      for (i = 0; i < options->nsort; i++)
+        {
+          memcpy(&(channel->sortlist[i]), &(options->sortlist[i]), sizeof(struct apattern));
+        }
+      channel->nsort = options->nsort;
+    }
+
  return ARES_SUCCESS;
 }

@@ -370,7 +497,7 @@ static int get_iphlpapi_dns_info (char *ret_buf, size_t ret_size)
  FIXED_INFO    *fi   = alloca (sizeof(*fi));
  DWORD          size = sizeof (*fi);
  typedef DWORD (WINAPI* get_net_param_func) (FIXED_INFO*, DWORD*);
-  get_net_param_func GetNetworkParams;  /* available only on Win-98/2000+ */
+  get_net_param_func fpGetNetworkParams;  /* available only on Win-98/2000+ */
  HMODULE        handle;
  IP_ADDR_STRING *ipAddr;
  int            i, count = 0;
@@ -387,16 +514,16 @@ static int get_iphlpapi_dns_info (char *ret_buf, size_t ret_size)
  if (!handle)
     return (0);

-  GetNetworkParams = (get_net_param_func) GetProcAddress (handle, "GetNetworkParams");
-  if (!GetNetworkParams)
+  fpGetNetworkParams = (get_net_param_func) GetProcAddress (handle, "GetNetworkParams");
+  if (!fpGetNetworkParams)
     goto quit;

-  res = (*GetNetworkParams) (fi, &size);
+  res = (*fpGetNetworkParams) (fi, &size);
  if ((res != ERROR_BUFFER_OVERFLOW) && (res != ERROR_SUCCESS))
     goto quit;

  fi = alloca (size);
-  if (!fi || (*GetNetworkParams) (fi, &size) != ERROR_SUCCESS)
+  if (!fi || (*fpGetNetworkParams) (fi, &size) != ERROR_SUCCESS)
     goto quit;

  if (debug)
@@ -555,6 +682,10 @@ DhcpNameServer

  if (status == ARES_SUCCESS)
    status = ARES_EOF;
+  else
+    /* Catch the case when all the above checks fail (which happens when there
+       is no network card or the cable is unplugged) */
+    status = ARES_EFILE;

 #elif defined(__riscos__)

@@ -611,6 +742,10 @@ DhcpNameServer
    int linesize;
    int error;

+    /* Don't read resolv.conf and friends if we don't have to */
+    if (ARES_CONFIG_CHECK(channel))
+        return ARES_SUCCESS;
+
    fp = fopen(PATH_RESOLV_CONF, "r");
    if (fp) {
      while ((status = ares__read_line(fp, &line, &linesize)) == ARES_SUCCESS)
@@ -968,7 +1103,7 @@ static int config_sortlist(struct apattern **sortlist, int *nsort,
        ipbufpfx[0] = '\0';
      /* Lets see if it is CIDR */
      /* First we'll try IPv6 */
-      if ((bits = ares_inet_net_pton(AF_INET6, ipbufpfx ? ipbufpfx : ipbuf,
+      if ((bits = ares_inet_net_pton(AF_INET6, ipbufpfx[0] ? ipbufpfx : ipbuf,
                                     &pat.addr.addr6,
                                     sizeof(pat.addr.addr6))) > 0)
        {
@@ -978,7 +1113,7 @@ static int config_sortlist(struct apattern **sortlist, int *nsort,
          if (!sortlist_alloc(sortlist, nsort, &pat))
            return ARES_ENOMEM;
        }
-      if (ipbufpfx &&
+      if (ipbufpfx[0] &&
          (bits = ares_inet_net_pton(AF_INET, ipbufpfx, &pat.addr.addr4,
                                     sizeof(pat.addr.addr4))) > 0)
        {
@@ -991,7 +1126,7 @@ static int config_sortlist(struct apattern **sortlist, int *nsort,
      /* See if it is just a regular IP */
      else if (ip_addr(ipbuf, (int)(q-str), &pat.addr.addr4) == 0)
        {
-          if (ipbufpfx)
+          if (ipbufpfx[0])
            {
              memcpy(ipbuf, str, (int)(q-str));
              ipbuf[(int)(q-str)] = '\0';
@@ -1175,3 +1310,83 @@ static void natural_mask(struct apattern *pat)
    pat->mask.addr.addr4.s_addr = htonl(IN_CLASSC_NET);
 }
 #endif
+/* initialize an rc4 key. If possible a cryptographically secure random key
+   is generated using a suitable function (for example win32's RtlGenRandom as
+   described in
+   http://blogs.msdn.com/michael_howard/archive/2005/01/14/353379.aspx
+   otherwise the code defaults to cross-platform albeit less secure mechanism
+   using rand
+*/
+static void randomize_key(unsigned char* key,int key_data_len)
+{
+  int randomized = 0;
+  int counter=0;
+#ifdef WIN32
+  HMODULE lib=LoadLibrary("ADVAPI32.DLL");
+  if (lib) {
+    BOOLEAN (APIENTRY *pfn)(void*, ULONG) =
+      (BOOLEAN (APIENTRY *)(void*,ULONG))GetProcAddress(lib,"SystemFunction036");
+    if (pfn && pfn(key,key_data_len) )
+      randomized = 1;
+
+    FreeLibrary(lib);
+  }
+#else /* !WIN32 */
+#ifdef RANDOM_FILE
+  char buffer[256];
+  FILE *f = fopen(RANDOM_FILE, "rb");
+  if(f) {
+    size_t i;
+    size_t rc = fread(buffer, key_data_len, 1, f);
+    for(i=0; i<rc && counter < key_data_len; i++)
+      key[counter++]=buffer[i];
+    fclose(f);
+  }
+#endif
+#endif /* WIN32 */
+
+  if ( !randomized ) {
+    for (;counter<key_data_len;counter++)
+      key[counter]=(unsigned char)(rand() % 256);
+  }
+}
+
+static int init_id_key(rc4_key* key,int key_data_len)
+{
+  unsigned char index1;
+  unsigned char index2;
+  unsigned char* state;
+  short counter;
+  unsigned char *key_data_ptr = 0;
+
+  key_data_ptr = calloc(1,key_data_len);
+  if (!key_data_ptr)
+    return ARES_ENOMEM;
+
+  randomize_key(key->state,key_data_len);
+  state = &key->state[0];
+  for(counter = 0; counter < 256; counter++)
+    /* unnecessary AND but it keeps some compilers happier */
+    state[counter] = (unsigned char)(counter & 0xff);
+  key->x = 0;
+  key->y = 0;
+  index1 = 0;
+  index2 = 0;
+  for(counter = 0; counter < 256; counter++)
+  {
+    index2 = (unsigned char)((key_data_ptr[index1] + state[counter] +
+                              index2) % 256);
+    ARES_SWAP_BYTE(&state[counter], &state[index2]);
+
+    index1 = (unsigned char)((index1 + 1) % key_data_len);
+  }
+  free(key_data_ptr);
+  return ARES_SUCCESS;
+}
+
+short ares__generate_new_id(rc4_key* key)
+{
+  short r=0;
+  ares__rc4(key, (unsigned char *)&r, sizeof(r));
+  return r;
+}
--- a/ares/ares_ipv6.h
+++ b/ares/ares_ipv6.h
@@ -1,6 +1,7 @@
 /* $Id$ */

-/*
+/* Copyright (C) 2005 by Dominick Meglio
+ *
 * Permission to use, copy, modify, and distribute this
 * software and its documentation for any purpose and without
 * fee is hereby granted, provided that the above copyright
@@ -21,11 +22,13 @@
 #define PF_INET6 AF_INET6
 #endif

-#ifndef HAVE_STRUCT_IN6_ADDR
-struct in6_addr
-{
-  unsigned char s6_addr[16];
+#if !defined(HAVE_STRUCT_IN6_ADDR) && !defined(s6_addr)
+struct in6_addr {
+  union {
+    unsigned char _S6_u8[16];
+  } _S6_un;
 };
+#define s6_addr _S6_un._S6_u8
 #endif

 #ifndef HAVE_STRUCT_SOCKADDR_IN6
--- a/ares/ares_llist.c
+++ b/ares/ares_llist.c
@@ -0,0 +1,87 @@
+/* $Id$ */
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "setup.h"
+
+#include "ares.h"
+#include "ares_private.h"
+
+/* Routines for managing doubly-linked circular linked lists with a
+ * dummy head.
+ */
+
+/* Initialize a new head node */
+void ares__init_list_head(struct list_node* head) {
+  head->prev = head;
+  head->next = head;
+  head->data = NULL;
+}
+
+/* Initialize a list node */
+void ares__init_list_node(struct list_node* node, void* d) {
+  node->prev = NULL;
+  node->next = NULL;
+  node->data = d;
+}
+
+/* Returns true iff the given list is empty */
+int ares__is_list_empty(struct list_node* head) {
+  return ((head->next == head) && (head->prev == head));
+}
+
+/* Inserts new_node before old_node */
+void ares__insert_in_list(struct list_node* new_node,
+                          struct list_node* old_node) {
+  new_node->next = old_node;
+  new_node->prev = old_node->prev;
+  old_node->prev->next = new_node;
+  old_node->prev = new_node;
+}
+
+/* Removes the node from the list it's in, if any */
+void ares__remove_from_list(struct list_node* node) {
+  if (node->next != NULL) {
+    node->prev->next = node->next;
+    node->next->prev = node->prev;
+    node->prev = NULL;
+    node->next = NULL;
+  }
+}
+
+/* Swap the contents of two lists */
+void ares__swap_lists(struct list_node* head_a,
+                      struct list_node* head_b) {
+  int is_a_empty = ares__is_list_empty(head_a);
+  int is_b_empty = ares__is_list_empty(head_b);
+  struct list_node old_a = *head_a;
+  struct list_node old_b = *head_b;
+
+  if (is_a_empty) {
+    ares__init_list_head(head_b);
+  } else {
+    *head_b = old_a;
+    old_a.next->prev = head_b;
+    old_a.prev->next = head_b;
+  }
+  if (is_b_empty) {
+    ares__init_list_head(head_a);
+  } else {
+    *head_a = old_b;
+    old_b.next->prev = head_a;
+    old_b.prev->next = head_a;
+  }
+}
--- a/ares/ares_llist.h
+++ b/ares/ares_llist.h
@@ -0,0 +1,43 @@
+#ifndef __ARES_LLIST_H
+#define __ARES_LLIST_H
+
+/* $Id$ */
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+
+/* Node definition for circular, doubly-linked list */
+struct list_node {
+  struct list_node *prev;
+  struct list_node *next;
+  void* data;
+};
+
+void ares__init_list_head(struct list_node* head);
+
+void ares__init_list_node(struct list_node* node, void* d);
+
+int ares__is_list_empty(struct list_node* head);
+
+void ares__insert_in_list(struct list_node* new_node,
+                          struct list_node* old_node);
+
+void ares__remove_from_list(struct list_node* node);
+
+void ares__swap_lists(struct list_node* head_a,
+                      struct list_node* head_b);
+
+#endif /* __ARES_LLIST_H */
--- a/ares/ares_mkquery.c
+++ b/ares/ares_mkquery.c
@@ -88,6 +88,10 @@ int ares_mkquery(const char *name, int dnsclass, int type, unsigned short id,
  unsigned char *q;
  const char *p;

+  /* Set our results early, in case we bail out early with an error. */
+  *buflen = 0;
+  *buf = NULL;
+
  /* Compute the length of the encoded name so we can check buflen.
   * Start counting at 1 for the zero-length label at the end. */
  len = 1;
@@ -104,6 +108,23 @@ int ares_mkquery(const char *name, int dnsclass, int type, unsigned short id,
  if (*name && *(p - 1) != '.')
    len++;

+  /* Immediately reject names that are longer than the maximum of 255
+   * bytes that's specified in RFC 1035 ("To simplify implementations,
+   * the total length of a domain name (i.e., label octets and label
+   * length octets) is restricted to 255 octets or less."). We aren't
+   * doing this just to be a stickler about RFCs. For names that are
+   * too long, 'dnscache' closes its TCP connection to us immediately
+   * (when using TCP) and ignores the request when using UDP, and
+   * BIND's named returns ServFail (TCP or UDP). Sending a request
+   * that we know will cause 'dnscache' to close the TCP connection is
+   * painful, since that makes any other outstanding requests on that
+   * connection fail. And sending a UDP request that we know
+   * 'dnscache' will ignore is bad because resources will be tied up
+   * until we time-out the request.
+   */
+  if (len > MAXCDNAME)
+    return ARES_EBADNAME;
+
  *buflen = len + HFIXEDSZ + QFIXEDSZ;
  *buf = malloc(*buflen);
  if (!*buf)
--- a/ares/ares_parse_a_reply.3
+++ b/ares/ares_parse_a_reply.3
@@ -22,24 +22,39 @@ ares_parse_a_reply \- Parse a reply to a DNS query of type A into a hostent
 .B #include <ares.h>
 .PP
 .B int ares_parse_a_reply(const unsigned char *\fIabuf\fP, int \fIalen\fP,
-.B 	struct hostent **\fIhost\fP);
+.B 	struct hostent **\fIhost\fP,
+.B      struct addrttl *\fIaddrttls\fB, int *\fInaddrttls\fB);
 .fi
 .SH DESCRIPTION
 The
 .B ares_parse_a_reply
 function parses the response to a query of type A into a
-.BR "struct hostent" .
+.BR "struct hostent"
+and/or an array of
+.BR "struct addrttls" . 
 The parameters
 .I abuf
 and
 .I alen
 give the contents of the response.  The result is stored in allocated
 memory and a pointer to it stored into the variable pointed to by
-.IR host .
+.IR host ,
+if host is nonnull.
 It is the caller's responsibility to free the resulting host structure
 using
 .BR ares_free_hostent (3)
 when it is no longer needed.
+.PP
+If
+.IR addrttls
+and
+.IR naddrttls
+are both nonnull,
+then up to *naddrttls
+.BR "struct addrttl"
+records are stored in the array pointed to by addrttls,
+and then *naddrttls is set to the number of records so stored.
+Note that the memory for these records is supplied by the caller.
 .SH RETURN VALUES
 .B ares_parse_a_reply
 can return any of the following values:
--- a/ares/ares_parse_a_reply.c
+++ b/ares/ares_parse_a_reply.c
@@ -32,24 +32,32 @@

 #include <stdlib.h>
 #include <string.h>
+#include <limits.h>
 #include "ares.h"
 #include "ares_dns.h"
 #include "ares_private.h"

 int ares_parse_a_reply(const unsigned char *abuf, int alen,
-                       struct hostent **host)
+                       struct hostent **host,
+                       struct addrttl *addrttls, int *naddrttls)
 {
  unsigned int qdcount, ancount;
-  int status, i, rr_type, rr_class, rr_len, naddrs;
+  int status, i, rr_type, rr_class, rr_len, rr_ttl, naddrs;
+  int cname_ttl = INT_MAX;  /* the TTL imposed by the CNAME chain */
  int naliases;
  long len;
  const unsigned char *aptr;
  char *hostname, *rr_name, *rr_data, **aliases;
  struct in_addr *addrs;
  struct hostent *hostent;
+  const int max_addr_ttls = (addrttls && naddrttls) ? *naddrttls : 0;

  /* Set *host to NULL for all failure cases. */
+  if (host)
    *host = NULL;
+  /* Same with *naddrttls. */
+  if (naddrttls)
+    *naddrttls = 0;

  /* Give up if abuf doesn't have room for a header. */
  if (alen < HFIXEDSZ)
@@ -73,6 +81,8 @@ int ares_parse_a_reply(const unsigned char *abuf, int alen,
    }
  aptr += len + QFIXEDSZ;

+  if (host)
+    {
      /* Allocate addresses and aliases; ancount gives an upper bound for both. */
      addrs = malloc(ancount * sizeof(struct in_addr));
      if (!addrs)
@@ -87,6 +97,13 @@ int ares_parse_a_reply(const unsigned char *abuf, int alen,
          free(addrs);
          return ARES_ENOMEM;
        }
+    }
+  else
+    {
+      addrs = NULL;
+      aliases = NULL;
+    }
+  
  naddrs = 0;
  naliases = 0;

@@ -106,13 +123,33 @@ int ares_parse_a_reply(const unsigned char *abuf, int alen,
      rr_type = DNS_RR_TYPE(aptr);
      rr_class = DNS_RR_CLASS(aptr);
      rr_len = DNS_RR_LEN(aptr);
+      rr_ttl = DNS_RR_TTL(aptr);
      aptr += RRFIXEDSZ;

      if (rr_class == C_IN && rr_type == T_A
          && rr_len == sizeof(struct in_addr)
          && strcasecmp(rr_name, hostname) == 0)
        {
+          if (addrs)
+            {
+              if (aptr + sizeof(struct in_addr) > abuf + alen)
+              {
+                status = ARES_EBADRESP;
+                break;
+              }
              memcpy(&addrs[naddrs], aptr, sizeof(struct in_addr));
+            }
+          if (naddrs < max_addr_ttls)
+            {
+              struct addrttl * const at = &addrttls[naddrs];
+              if (aptr + sizeof(struct in_addr) > abuf + alen)
+              {
+                status = ARES_EBADRESP;
+                break;
+              }
+              memcpy(&at->ipaddr, aptr,  sizeof(struct in_addr));
+              at->ttl = rr_ttl;
+            }
          naddrs++;
          status = ARES_SUCCESS;
        }
@@ -120,7 +157,10 @@ int ares_parse_a_reply(const unsigned char *abuf, int alen,
      if (rr_class == C_IN && rr_type == T_CNAME)
        {
          /* Record the RR name as an alias. */
+          if (aliases)
            aliases[naliases] = rr_name;
+          else
+            free(rr_name);
          naliases++;

          /* Decode the RR data and replace the hostname with it. */
@@ -129,6 +169,10 @@ int ares_parse_a_reply(const unsigned char *abuf, int alen,
            break;
          free(hostname);
          hostname = rr_data;
+
+          /* Take the min of the TTLs we see in the CNAME chain. */
+          if (cname_ttl > rr_ttl)
+            cname_ttl = rr_ttl;
        }
      else
        free(rr_name);
@@ -145,8 +189,23 @@ int ares_parse_a_reply(const unsigned char *abuf, int alen,
    status = ARES_ENODATA;
  if (status == ARES_SUCCESS)
    {
-      /* We got our answer.  Allocate memory to build the host entry. */
+      /* We got our answer. */
+      if (naddrttls)
+        {
+          const int n = naddrs < max_addr_ttls ? naddrs : max_addr_ttls;
+          for (i = 0; i < n; i++)
+            {
+              /* Ensure that each A TTL is no larger than the CNAME TTL. */
+              if (addrttls[i].ttl > cname_ttl)
+                addrttls[i].ttl = cname_ttl;
+            }
+          *naddrttls = n;
+        }
+      if (aliases)
        aliases[naliases] = NULL;
+      if (host)
+        {
+          /* Allocate memory to build the host entry. */
          hostent = malloc(sizeof(struct hostent));
          if (hostent)
            {
@@ -168,9 +227,13 @@ int ares_parse_a_reply(const unsigned char *abuf, int alen,
            }
          status = ARES_ENOMEM;
        }
+     }
+  if (aliases)
+    {
      for (i = 0; i < naliases; i++)
        free(aliases[i]);
      free(aliases);
+    }
  free(addrs);
  free(hostname);
  return status;
--- a/ares/ares_parse_aaaa_reply.3
+++ b/ares/ares_parse_aaaa_reply.3
@@ -22,24 +22,39 @@ ares_parse_aaaa_reply \- Parse a reply to a DNS query of type AAAA into a hosten
 .B #include <ares.h>
 .PP
 .B int ares_parse_aaaa_reply(const unsigned char *\fIabuf\fP, int \fIalen\fP,
-.B 	struct hostent **\fIhost\fP);
+.B 	struct hostent **\fIhost\fP,         
+.B      struct addrttl *\fIaddrttls\fB, int *\fInaddrttls\fB);
 .fi
 .SH DESCRIPTION
 The
 .B ares_parse_aaaa_reply
 function parses the response to a query of type AAAA into a
-.BR "struct hostent" .
+.BR "struct hostent"
+and/or an array of
+.BR "struct addrttls" . 
 The parameters
 .I abuf
 and
 .I alen
 give the contents of the response.  The result is stored in allocated
 memory and a pointer to it stored into the variable pointed to by
-.IR host .
+.IR host ,
+if host is nonnull.
 It is the caller's responsibility to free the resulting host structure
 using
 .BR ares_free_hostent (3)
 when it is no longer needed.
+.PP
+If
+.IR addrttls
+and
+.IR naddrttls
+are both nonnull,
+then up to *naddrttls
+.BR "struct addr6ttl"
+records are stored in the array pointed to by addrttls,
+and then *naddrttls is set to the number of records so stored.
+Note that the memory for these records is supplied by the caller.
 .SH RETURN VALUES
 .B ares_parse_aaaa_reply
 can return any of the following values:
--- a/ares/ares_parse_aaaa_reply.c
+++ b/ares/ares_parse_aaaa_reply.c
@@ -34,25 +34,33 @@

 #include <stdlib.h>
 #include <string.h>
+#include <limits.h>
 #include "ares.h"
 #include "ares_dns.h"
 #include "inet_net_pton.h"
 #include "ares_private.h"

 int ares_parse_aaaa_reply(const unsigned char *abuf, int alen,
-                       struct hostent **host)
+                          struct hostent **host, struct addr6ttl *addrttls,
+                          int *naddrttls)
 {
  unsigned int qdcount, ancount;
-  int status, i, rr_type, rr_class, rr_len, naddrs;
+  int status, i, rr_type, rr_class, rr_len, rr_ttl, naddrs;
+  int cname_ttl = INT_MAX;  /* the TTL imposed by the CNAME chain */
  int naliases;
  long len;
  const unsigned char *aptr;
  char *hostname, *rr_name, *rr_data, **aliases;
  struct in6_addr *addrs;
  struct hostent *hostent;
+  const int max_addr_ttls = (addrttls && naddrttls) ? *naddrttls : 0;

  /* Set *host to NULL for all failure cases. */
+  if (host)
    *host = NULL;
+  /* Same with *naddrttls. */
+  if (naddrttls)
+    *naddrttls = 0;

  /* Give up if abuf doesn't have room for a header. */
  if (alen < HFIXEDSZ)
@@ -77,6 +85,8 @@ int ares_parse_aaaa_reply(const unsigned char *abuf, int alen,
  aptr += len + QFIXEDSZ;

  /* Allocate addresses and aliases; ancount gives an upper bound for both. */
+  if (host)
+    {
      addrs = malloc(ancount * sizeof(struct in6_addr));
      if (!addrs)
        {
@@ -90,6 +100,12 @@ int ares_parse_aaaa_reply(const unsigned char *abuf, int alen,
          free(addrs);
          return ARES_ENOMEM;
        }
+    }
+  else
+    {
+      addrs = NULL;
+      aliases = NULL;
+    }
  naddrs = 0;
  naliases = 0;

@@ -109,13 +125,33 @@ int ares_parse_aaaa_reply(const unsigned char *abuf, int alen,
      rr_type = DNS_RR_TYPE(aptr);
      rr_class = DNS_RR_CLASS(aptr);
      rr_len = DNS_RR_LEN(aptr);
+      rr_ttl = DNS_RR_TTL(aptr);
      aptr += RRFIXEDSZ;

      if (rr_class == C_IN && rr_type == T_AAAA
          && rr_len == sizeof(struct in6_addr)
          && strcasecmp(rr_name, hostname) == 0)
        {
+          if (addrs)
+            {
+              if (aptr + sizeof(struct in6_addr) > abuf + alen)
+              {
+                status = ARES_EBADRESP;
+                break;
+              }
              memcpy(&addrs[naddrs], aptr, sizeof(struct in6_addr));
+            }
+          if (naddrs < max_addr_ttls)
+            {
+              struct addr6ttl * const at = &addrttls[naddrs];
+              if (aptr + sizeof(struct in6_addr) > abuf + alen)
+              {
+                status = ARES_EBADRESP;
+                break;
+              }
+              memcpy(&at->ip6addr, aptr,  sizeof(struct in6_addr));
+              at->ttl = rr_ttl;
+            }
          naddrs++;
          status = ARES_SUCCESS;
        }
@@ -123,7 +159,10 @@ int ares_parse_aaaa_reply(const unsigned char *abuf, int alen,
      if (rr_class == C_IN && rr_type == T_CNAME)
        {
          /* Record the RR name as an alias. */
+          if (aliases)
            aliases[naliases] = rr_name;
+          else
+            free(rr_name);
          naliases++;

          /* Decode the RR data and replace the hostname with it. */
@@ -132,6 +171,10 @@ int ares_parse_aaaa_reply(const unsigned char *abuf, int alen,
            break;
          free(hostname);
          hostname = rr_data;
+
+          /* Take the min of the TTLs we see in the CNAME chain. */
+          if (cname_ttl > rr_ttl)
+            cname_ttl = rr_ttl;
        }
      else
        free(rr_name);
@@ -148,8 +191,23 @@ int ares_parse_aaaa_reply(const unsigned char *abuf, int alen,
    status = ARES_ENODATA;
  if (status == ARES_SUCCESS)
    {
-      /* We got our answer.  Allocate memory to build the host entry. */
+      /* We got our answer. */
+      if (naddrttls)
+        {
+          const int n = naddrs < max_addr_ttls ? naddrs : max_addr_ttls;
+          for (i = 0; i < n; i++)
+            {
+              /* Ensure that each A TTL is no larger than the CNAME TTL. */
+              if (addrttls[i].ttl > cname_ttl)
+                addrttls[i].ttl = cname_ttl;
+            }
+          *naddrttls = n;
+        }
+      if (aliases)
        aliases[naliases] = NULL;
+      if (host)
+        {
+          /* Allocate memory to build the host entry. */
          hostent = malloc(sizeof(struct hostent));
          if (hostent)
            {
@@ -171,9 +229,13 @@ int ares_parse_aaaa_reply(const unsigned char *abuf, int alen,
            }
          status = ARES_ENOMEM;
        }
+    }
+  if (aliases)
+    {
      for (i = 0; i < naliases; i++)
        free(aliases[i]);
      free(aliases);
+    }
  free(addrs);
  free(hostname);
  return status;
--- a/ares/ares_private.h
+++ b/ares/ares_private.h
@@ -18,6 +18,14 @@
 * without express or implied warranty.
 */

+/*
+ * Define WIN32 when build target is Win32 API
+ */
+
+#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32)
+#define WIN32
+#endif
+
 #include <stdio.h>
 #include <sys/types.h>

@@ -80,13 +88,23 @@

 #endif

+#define ARES_ID_KEY_LEN 31
+
 #include "ares_ipv6.h"
+#include "ares_llist.h"
+
+struct query;

 struct send_request {
  /* Remaining data to send */
  const unsigned char *data;
  size_t len;

+  /* The query for which we're sending this data */
+  struct query* owner_query;
+  /* The buffer we're using, if we have our own copy of the packet */
+  unsigned char *data_storage;
+
  /* Next request in queue */
  struct send_request *next;
 };
@@ -108,13 +126,42 @@ struct server_state {
  /* TCP output queue */
  struct send_request *qhead;
  struct send_request *qtail;
+
+  /* Which incarnation of this connection is this? We don't want to
+   * retransmit requests into the very same socket, but if the server
+   * closes on us and we re-open the connection, then we do want to
+   * re-send. */
+  int tcp_connection_generation;
+
+  /* Circular, doubly-linked list of outstanding queries to this server */
+  struct list_node queries_to_server;
+
+  /* Link back to owning channel */
+  ares_channel channel;
+
+  /* Is this server broken? We mark connections as broken when a
+   * request that is queued for sending times out.
+   */
+  int is_broken;
 };

+/* State to represent a DNS query */
 struct query {
  /* Query ID from qbuf, for faster lookup, and current timeout */
  unsigned short qid;
  time_t timeout;

+  /*
+   * Links for the doubly-linked lists in which we insert a query.
+   * These circular, doubly-linked lists that are hash-bucketed based
+   * the attributes we care about, help making most important
+   * operations O(1).
+   */
+  struct list_node queries_by_qid;    /* hopefully in same cache line as qid */
+  struct list_node queries_by_timeout;
+  struct list_node queries_to_server;
+  struct list_node all_queries;
+
  /* Query buf with length at beginning, for TCP transmission */
  unsigned char *tcpbuf;
  int tcplen;
@@ -128,12 +175,16 @@ struct query {
  /* Query status */
  int try;
  int server;
-  int *skip_server;
+  struct query_server_info *server_info;   /* per-server state */
  int using_tcp;
  int error_status;
+  int timeouts; /* number of timeouts we saw for this request */
+};

-  /* Next query in chain */
-  struct query *next;
+/* Per-server state for a query */
+struct query_server_info {
+  int skip_server;  /* should we skip server, due to errors, etc? */
+  int tcp_connection_generation;  /* into which TCP connection did we send? */
 };

 /* An IP address pattern; matches an IP address X if X & mask == addr */
@@ -156,6 +207,13 @@ struct apattern {
  unsigned short type;
 };

+typedef struct rc4_key
+{
+  unsigned char state[256];
+  unsigned char x;
+  unsigned char y;
+} rc4_key;
+
 struct ares_channeldata {
  /* Configuration data */
  int flags;
@@ -164,6 +222,8 @@ struct ares_channeldata {
  int ndots;
  int udp_port;
  int tcp_port;
+  int socket_send_buffer_size;
+  int socket_receive_buffer_size;
  char **domains;
  int ndomains;
  struct apattern *sortlist;
@@ -176,18 +236,39 @@ struct ares_channeldata {

  /* ID to use for next query */
  unsigned short next_id;
+  /* key to use when generating new ids */
+  rc4_key id_key;

-  /* Active queries */
-  struct query *queries;
+  /* Generation number to use for the next TCP socket open/close */
+  int tcp_connection_generation;
+
+  /* The time at which we last called process_timeouts() */
+  time_t last_timeout_processed;
+
+  /* Circular, doubly-linked list of queries, bucketed various ways.... */
+  /* All active queries in a single list: */
+  struct list_node all_queries;
+  /* Queries bucketed by qid, for quickly dispatching DNS responses: */
+#define ARES_QID_TABLE_SIZE 2048
+  struct list_node queries_by_qid[ARES_QID_TABLE_SIZE];
+  /* Queries bucketed by timeout, for quickly handling timeouts: */
+#define ARES_TIMEOUT_TABLE_SIZE 1024
+  struct list_node queries_by_timeout[ARES_TIMEOUT_TABLE_SIZE];

  ares_sock_state_cb sock_state_cb;
  void *sock_state_cb_data;
 };

+void ares__rc4(rc4_key* key,unsigned char *buffer_ptr, int buffer_len);
 void ares__send_query(ares_channel channel, struct query *query, time_t now);
 void ares__close_sockets(ares_channel channel, struct server_state *server);
 int ares__get_hostent(FILE *fp, int family, struct hostent **host);
 int ares__read_line(FILE *fp, char **buf, int *bufsize);
+void ares__free_query(struct query *query);
+short ares__generate_new_id(rc4_key* key);
+
+#define ARES_SWAP_BYTE(a,b) \
+  { unsigned char swapByte = *(a);  *(a) = *(b);  *(b) = swapByte; }

 #define SOCK_STATE_CALLBACK(c, s, r, w)                                 \
  do {                                                                  \
@@ -204,4 +285,3 @@ int ares__read_line(FILE *fp, char **buf, int *bufsize);
 #endif

 #endif /* __ARES_PRIVATE_H */
-
--- a/ares/ares_process.3
+++ b/ares/ares_process.3
@@ -24,16 +24,16 @@ ares_process \- Process events for name resolution
 .B void ares_process(ares_channel \fIchannel\fP, fd_set *\fIread_fds\fP,
 .B	fd_set *\fIwrite_fds\fP)
 .fi
+.PP
+.B void ares_process_fd(ares_channel \fIchannel\fP,
+.B      ares_socket_t \fIread_fd\fP,
+.B	ares_socket_t \fIwrite_fd\fP)
+.fi
 .SH DESCRIPTION
-The
-.B ares_process
-function handles input/output events and timeouts associated with
-queries pending on the name service channel identified by
+The \fBares_process(3)\fP function handles input/output events and timeouts
+associated with queries pending on the name service channel identified by
 .IR channel .
-The file descriptor sets pointed to by
-.I read_fds
-and
-.I write_fds
+The file descriptor sets pointed to by \fIread_fds\fP and \fIwrite_fds\fP
 should have file descriptors set in them according to whether the file
 descriptors specified by \fIares_fds(3)\fP are ready for reading and writing.
 (The easiest way to determine this information is to invoke
@@ -44,6 +44,11 @@ The
 .B ares_process
 function will invoke callbacks for pending queries if they complete
 successfully or fail.
+
+\fBares_process_fd(3)\fP works the same way but acts and operates only on the
+specific file descriptors (sockets) you pass in to the function. Use
+ARES_SOCKET_BAD for "no action". This function is of course provided to allow
+users of c-ares to void select() in their applications and within c-ares.
 .SS EXAMPLE
 The following code fragment waits for all pending queries on a channel
 to complete:
--- a/ares/ares_process.c
+++ b/ares/ares_process.c
@@ -21,13 +21,24 @@
 #include "nameser.h"

 #else
+#ifdef HAVE_SYS_SOCKET_H
 #include <sys/socket.h>
+#endif
 #ifdef HAVE_SYS_UIO_H
 #include <sys/uio.h>
 #endif
-#include <netinet/in.h>
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h> /* <netinet/tcp.h> may need it */
+#endif
+#ifdef HAVE_NETINET_TCP_H
+#include <netinet/tcp.h> /* for TCP_NODELAY */
+#endif
+#ifdef HAVE_NETDB_H
 #include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
 #include <arpa/nameser.h>
+#endif
 #ifdef HAVE_ARPA_NAMESER_COMPAT_H
 #include <arpa/nameser_compat.h>
 #endif
@@ -43,6 +54,7 @@
 #include <sys/filio.h>
 #endif

+#include <assert.h>
 #include <string.h>
 #include <stdlib.h>
 #include <fcntl.h>
@@ -56,20 +68,27 @@

 static int try_again(int errnum);
 static void write_tcp_data(ares_channel channel, fd_set *write_fds,
-                           time_t now);
-static void read_tcp_data(ares_channel channel, fd_set *read_fds, time_t now);
+                           ares_socket_t write_fd, time_t now);
+static void read_tcp_data(ares_channel channel, fd_set *read_fds,
+                          ares_socket_t read_fd, time_t now);
 static void read_udp_packets(ares_channel channel, fd_set *read_fds,
-                             time_t now);
+                             ares_socket_t read_fd, time_t now);
+static void advance_tcp_send_queue(ares_channel channel, int whichserver,
+                                   ssize_t num_bytes);
 static void process_timeouts(ares_channel channel, time_t now);
+static void process_broken_connections(ares_channel channel, time_t now);
 static void process_answer(ares_channel channel, unsigned char *abuf,
-                           int alen, int whichserver, int tcp, int now);
+                           int alen, int whichserver, int tcp, time_t now);
 static void handle_error(ares_channel channel, int whichserver, time_t now);
-static struct query *next_server(ares_channel channel, struct query *query, time_t now);
+static void skip_server(ares_channel channel, struct query *query,
+                        int whichserver);
+static void next_server(ares_channel channel, struct query *query, time_t now);
+static int configure_socket(int s, ares_channel channel);
 static int open_tcp_socket(ares_channel channel, struct server_state *server);
 static int open_udp_socket(ares_channel channel, struct server_state *server);
 static int same_questions(const unsigned char *qbuf, int qlen,
                          const unsigned char *abuf, int alen);
-static struct query *end_query(ares_channel channel, struct query *query, int status,
+static void end_query(ares_channel channel, struct query *query, int status,
                      unsigned char *abuf, int alen);

 /* Something interesting happened on the wire, or there was a timeout.
@@ -80,12 +99,31 @@ void ares_process(ares_channel channel, fd_set *read_fds, fd_set *write_fds)
  time_t now;

  time(&now);
-  write_tcp_data(channel, write_fds, now);
-  read_tcp_data(channel, read_fds, now);
-  read_udp_packets(channel, read_fds, now);
+  write_tcp_data(channel, write_fds, ARES_SOCKET_BAD, now);
+  read_tcp_data(channel, read_fds, ARES_SOCKET_BAD, now);
+  read_udp_packets(channel, read_fds, ARES_SOCKET_BAD, now);
+  process_timeouts(channel, now);
+  process_broken_connections(channel, now);
+}
+
+/* Something interesting happened on the wire, or there was a timeout.
+ * See what's up and respond accordingly.
+ */
+void ares_process_fd(ares_channel channel,
+                     ares_socket_t read_fd, /* use ARES_SOCKET_BAD or valid
+                                               file descriptors */
+                     ares_socket_t write_fd)
+{
+  time_t now;
+
+  time(&now);
+  write_tcp_data(channel, NULL, write_fd, now);
+  read_tcp_data(channel, NULL, read_fd, now);
+  read_udp_packets(channel, NULL, read_fd, now);
  process_timeouts(channel, now);
 }

+
 /* Return 1 if the specified error number describes a readiness error, or 0
 * otherwise. This is mostly for HP-UX, which could return EAGAIN or
 * EWOULDBLOCK. See this man page
@@ -114,7 +152,10 @@ static int try_again(int errnum)
 /* If any TCP sockets select true for writing, write out queued data
 * we have for them.
 */
-static void write_tcp_data(ares_channel channel, fd_set *write_fds, time_t now)
+static void write_tcp_data(ares_channel channel,
+                           fd_set *write_fds,
+                           ares_socket_t write_fd,
+                           time_t now)
 {
  struct server_state *server;
  struct send_request *sendreq;
@@ -124,14 +165,35 @@ static void write_tcp_data(ares_channel channel, fd_set *write_fds, time_t now)
  ssize_t wcount;
  size_t n;

+  if(!write_fds && (write_fd == ARES_SOCKET_BAD))
+    /* no possible action */
+    return;
+
  for (i = 0; i < channel->nservers; i++)
    {
-      /* Make sure server has data to send and is selected in write_fds. */
+      /* Make sure server has data to send and is selected in write_fds or
+         write_fd. */
      server = &channel->servers[i];
-      if (!server->qhead || server->tcp_socket == ARES_SOCKET_BAD
-          || !FD_ISSET(server->tcp_socket, write_fds))
+      if (!server->qhead || server->tcp_socket == ARES_SOCKET_BAD || server->is_broken)
        continue;

+      if(write_fds) {
+        if(!FD_ISSET(server->tcp_socket, write_fds))
+          continue;
+      }
+      else {
+        if(server->tcp_socket != write_fd)
+          continue;
+      }
+
+      if(write_fds)
+        /* If there's an error and we close this socket, then open
+         * another with the same fd to talk to another server, then we
+         * don't want to think that it was the new socket that was
+         * ready. This is not disastrous, but is likely to result in
+         * extra system calls and confusion. */
+        FD_CLR(server->tcp_socket, write_fds);
+
      /* Count the number of send queue items. */
      n = 0;
      for (sendreq = server->qhead; sendreq; sendreq = sendreq->next)
@@ -159,27 +221,7 @@ static void write_tcp_data(ares_channel channel, fd_set *write_fds, time_t now)
            }

          /* Advance the send queue by as many bytes as we sent. */
-          while (wcount)
-            {
-              sendreq = server->qhead;
-              if ((size_t)wcount >= sendreq->len)
-                {
-                  wcount -= sendreq->len;
-                  server->qhead = sendreq->next;
-                  if (server->qhead == NULL)
-                    {
-                      SOCK_STATE_CALLBACK(channel, server->tcp_socket, 1, 0);
-                      server->qtail = NULL;
-                    }
-                  free(sendreq);
-                }
-              else
-                {
-                  sendreq->data += wcount;
-                  sendreq->len -= wcount;
-                  break;
-                }
-            }
+          advance_tcp_send_queue(channel, i, wcount);
        }
      else
        {
@@ -195,21 +237,38 @@ static void write_tcp_data(ares_channel channel, fd_set *write_fds, time_t now)
            }

          /* Advance the send queue by as many bytes as we sent. */
-          if ((size_t)scount == sendreq->len)
+          advance_tcp_send_queue(channel, i, scount);
+        }
+    }
+}
+
+/* Consume the given number of bytes from the head of the TCP send queue. */
+static void advance_tcp_send_queue(ares_channel channel, int whichserver,
+                                   ssize_t num_bytes)
 {
+  struct send_request *sendreq;
+  struct server_state *server = &channel->servers[whichserver];
+  while (num_bytes > 0)
+    {
+      sendreq = server->qhead;
+      if ((size_t)num_bytes >= sendreq->len)
+       {
+         num_bytes -= sendreq->len;
         server->qhead = sendreq->next;
         if (server->qhead == NULL)
           {
             SOCK_STATE_CALLBACK(channel, server->tcp_socket, 1, 0);
             server->qtail = NULL;
           }
+         if (sendreq->data_storage != NULL)
+           free(sendreq->data_storage);
         free(sendreq);
       }
      else
       {
-              sendreq->data += scount;
-              sendreq->len -= scount;
-            }
+         sendreq->data += num_bytes;
+         sendreq->len -= num_bytes;
+         num_bytes = 0;
       }
    }
 }
@@ -218,20 +277,41 @@ static void write_tcp_data(ares_channel channel, fd_set *write_fds, time_t now)
 * allocate a buffer if we finish reading the length word, and process
 * a packet if we finish reading one.
 */
-static void read_tcp_data(ares_channel channel, fd_set *read_fds, time_t now)
+static void read_tcp_data(ares_channel channel, fd_set *read_fds,
+                          ares_socket_t read_fd, time_t now)
 {
  struct server_state *server;
  int i;
  ssize_t count;

+  if(!read_fds && (read_fd == ARES_SOCKET_BAD))
+    /* no possible action */
+    return;
+
  for (i = 0; i < channel->nservers; i++)
    {
      /* Make sure the server has a socket and is selected in read_fds. */
      server = &channel->servers[i];
-      if (server->tcp_socket == ARES_SOCKET_BAD ||
-          !FD_ISSET(server->tcp_socket, read_fds))
+      if (server->tcp_socket == ARES_SOCKET_BAD || server->is_broken)
        continue;

+      if(read_fds) {
+        if(!FD_ISSET(server->tcp_socket, read_fds))
+          continue;
+      }
+      else {
+        if(server->tcp_socket != read_fd)
+          continue;
+      }
+
+      if(read_fds)
+        /* If there's an error and we close this socket, then open
+         * another with the same fd to talk to another server, then we
+         * don't want to think that it was the new socket that was
+         * ready. This is not disastrous, but is likely to result in
+         * extra system calls and confusion. */
+        FD_CLR(server->tcp_socket, read_fds);
+
      if (server->tcp_lenbuf_pos != 2)
        {
          /* We haven't yet read a length word, so read that (or
@@ -294,54 +374,97 @@ static void read_tcp_data(ares_channel channel, fd_set *read_fds, time_t now)

 /* If any UDP sockets select true for reading, process them. */
 static void read_udp_packets(ares_channel channel, fd_set *read_fds,
-                             time_t now)
+                             ares_socket_t read_fd, time_t now)
 {
  struct server_state *server;
  int i;
  ssize_t count;
  unsigned char buf[PACKETSZ + 1];

+  if(!read_fds && (read_fd == ARES_SOCKET_BAD))
+    /* no possible action */
+    return;
+
  for (i = 0; i < channel->nservers; i++)
    {
      /* Make sure the server has a socket and is selected in read_fds. */
      server = &channel->servers[i];

-      if (server->udp_socket == ARES_SOCKET_BAD ||
-          !FD_ISSET(server->udp_socket, read_fds))
+      if (server->udp_socket == ARES_SOCKET_BAD || server->is_broken)
        continue;

+      if(read_fds) {
+        if(!FD_ISSET(server->udp_socket, read_fds))
+          continue;
+      }
+      else {
+        if(server->udp_socket != read_fd)
+          continue;
+      }
+
+      if(read_fds)
+        /* If there's an error and we close this socket, then open
+         * another with the same fd to talk to another server, then we
+         * don't want to think that it was the new socket that was
+         * ready. This is not disastrous, but is likely to result in
+         * extra system calls and confusion. */
+        FD_CLR(server->udp_socket, read_fds);
+
+      /* To reduce event loop overhead, read and process as many
+       * packets as we can. */
+      do {
        count = sread(server->udp_socket, buf, sizeof(buf));
        if (count == -1 && try_again(SOCKERRNO))
          continue;
        else if (count <= 0)
          handle_error(channel, i, now);
-
+        else
          process_answer(channel, buf, (int)count, i, 0, now);
+       } while (count > 0);
    }
 }

 /* If any queries have timed out, note the timeout and move them on. */
 static void process_timeouts(ares_channel channel, time_t now)
 {
-  struct query *query, *next;
+  time_t t;  /* the time of the timeouts we're processing */
+  struct query *query;
+  struct list_node* list_head;
+  struct list_node* list_node;

-  for (query = channel->queries; query; query = next)
+  /* Process all the timeouts that have fired since the last time we
+   * processed timeouts. If things are going well, then we'll have
+   * hundreds/thousands of queries that fall into future buckets, and
+   * only a handful of requests that fall into the "now" bucket, so
+   * this should be quite quick.
+   */
+  for (t = channel->last_timeout_processed; t <= now; t++)
    {
-      next = query->next;
+      list_head = &(channel->queries_by_timeout[t % ARES_TIMEOUT_TABLE_SIZE]);
+      for (list_node = list_head->next; list_node != list_head; )
+        {
+          query = list_node->data;
+          list_node = list_node->next;  /* in case the query gets deleted */
          if (query->timeout != 0 && now >= query->timeout)
            {
              query->error_status = ARES_ETIMEOUT;
-          next = next_server(channel, query, now);
+              ++query->timeouts;
+              next_server(channel, query, now);
            }
        }
     }
+  channel->last_timeout_processed = now;
+}

 /* Handle an answer from a server. */
 static void process_answer(ares_channel channel, unsigned char *abuf,
-                           int alen, int whichserver, int tcp, int now)
+                           int alen, int whichserver, int tcp, time_t now)
 {
-  int id, tc, rcode;
+  int tc, rcode;
+  unsigned short id;
  struct query *query;
+  struct list_node* list_head;
+  struct list_node* list_node;

  /* If there's no room in the answer for a header, we can't do much
   * with it. */
@@ -353,12 +476,25 @@ static void process_answer(ares_channel channel, unsigned char *abuf,
  tc = DNS_HEADER_TC(abuf);
  rcode = DNS_HEADER_RCODE(abuf);

-  /* Find the query corresponding to this packet. */
-  for (query = channel->queries; query; query = query->next)
+  /* Find the query corresponding to this packet. The queries are
+   * hashed/bucketed by query id, so this lookup should be quick.
+   * Note that both the query id and the questions must be the same;
+   * when the query id wraps around we can have multiple outstanding
+   * queries with the same query id, so we need to check both the id and
+   * question.
+   */
+  query = NULL;
+  list_head = &(channel->queries_by_qid[id % ARES_QID_TABLE_SIZE]);
+  for (list_node = list_head->next; list_node != list_head;
+       list_node = list_node->next)
    {
-      if (query->qid == id)
+      struct query *q = list_node->data;
+      if ((q->qid == id) && same_questions(q->qbuf, q->qlen, abuf, alen))
+        {
+          query = q;
          break;
        }
+    }
  if (!query)
    return;

@@ -389,13 +525,7 @@ static void process_answer(ares_channel channel, unsigned char *abuf,
    {
      if (rcode == SERVFAIL || rcode == NOTIMP || rcode == REFUSED)
        {
-          query->skip_server[whichserver] = 1;
-          if (query->server == whichserver)
-            next_server(channel, query, now);
-          return;
-        }
-      if (!same_questions(query->qbuf, query->qlen, abuf, alen))
-        {
+          skip_server(channel, query, whichserver);
          if (query->server == whichserver)
            next_server(channel, query, now);
          return;
@@ -405,29 +535,72 @@ static void process_answer(ares_channel channel, unsigned char *abuf,
  end_query(channel, query, ARES_SUCCESS, abuf, alen);
 }

+/* Close all the connections that are no longer usable. */
+static void process_broken_connections(ares_channel channel, time_t now)
+{
+  int i;
+  for (i = 0; i < channel->nservers; i++)
+    {
+      struct server_state *server = &channel->servers[i];
+      if (server->is_broken)
+        {
+          handle_error(channel, i, now);
+        }
+    }
+}
+
 static void handle_error(ares_channel channel, int whichserver, time_t now)
 {
-  struct query *query, *next;
+  struct server_state *server;
+  struct query *query;
+  struct list_node list_head;
+  struct list_node* list_node;
+
+  server = &channel->servers[whichserver];

  /* Reset communications with this server. */
-  ares__close_sockets(channel, &channel->servers[whichserver]);
+  ares__close_sockets(channel, server);

  /* Tell all queries talking to this server to move on and not try
-   * this server again.
+   * this server again. We steal the current list of queries that were
+   * in-flight to this server, since when we call next_server this can
+   * cause the queries to be re-sent to this server, which will
+   * re-insert these queries in that same server->queries_to_server
+   * list.
   */
-
-  for (query = channel->queries; query; query = next)
+  ares__init_list_head(&list_head);
+  ares__swap_lists(&list_head, &(server->queries_to_server));
+  for (list_node = list_head.next; list_node != &list_head; )
    {
-      next = query->next;
-      if (query->server == whichserver)
-        {
-          query->skip_server[whichserver] = 1;
-          next = next_server(channel, query, now);
+      query = list_node->data;
+      list_node = list_node->next;  /* in case the query gets deleted */
+      assert(query->server == whichserver);
+      skip_server(channel, query, whichserver);
+      next_server(channel, query, now);
    }
+  /* Each query should have removed itself from our temporary list as
+   * it re-sent itself or finished up...
+   */
+  assert(ares__is_list_empty(&list_head));
+}
+
+static void skip_server(ares_channel channel, struct query *query,
+                        int whichserver) {
+  /* The given server gave us problems with this query, so if we have
+   * the luxury of using other servers, then let's skip the
+   * potentially broken server and just use the others. If we only
+   * have one server and we need to retry then we should just go ahead
+   * and re-use that server, since it's our only hope; perhaps we
+   * just got unlucky, and retrying will work (eg, the server timed
+   * out our TCP connection just as we were sending another request).
+   */
+  if (channel->nservers > 1)
+    {
+      query->server_info[whichserver].skip_server = 1;
    }
 }

-static struct query *next_server(ares_channel channel, struct query *query, time_t now)
+static void next_server(ares_channel channel, struct query *query, time_t now)
 {
  /* Advance to the next server or try. */
  query->server++;
@@ -435,19 +608,33 @@ static struct query *next_server(ares_channel channel, struct query *query, time
    {
      for (; query->server < channel->nservers; query->server++)
        {
-          if (!query->skip_server[query->server])
+          struct server_state *server = &channel->servers[query->server];
+          /* We don't want to use this server if (1) we decided this
+           * connection is broken, and thus about to be closed, (2)
+           * we've decided to skip this server because of earlier
+           * errors we encountered, or (3) we already sent this query
+           * over this exact connection.
+           */
+          if (!server->is_broken &&
+               !query->server_info[query->server].skip_server &&
+               !(query->using_tcp &&
+                 (query->server_info[query->server].tcp_connection_generation ==
+                  server->tcp_connection_generation)))
            {
               ares__send_query(channel, query, now);
-              return (query->next);
+               return;
            }
        }
      query->server = 0;

-      /* Only one try if we're using TCP. */
-      if (query->using_tcp)
-        break;
+      /* You might think that with TCP we only need one try. However,
+       * even when using TCP, servers can time-out our connection just
+       * as we're sending a request, or close our connection because
+       * they die, or never send us a reply because they get wedged or
+       * tickle a bug that drops our request.
+       */
    }
-  return end_query(channel, query, query->error_status, NULL, 0);
+  end_query(channel, query, query->error_status, NULL, 0);
 }

 void ares__send_query(ares_channel channel, struct query *query, time_t now)
@@ -465,7 +652,7 @@ void ares__send_query(ares_channel channel, struct query *query, time_t now)
        {
          if (open_tcp_socket(channel, server) == -1)
            {
-              query->skip_server[query->server] = 1;
+              skip_server(channel, query, query->server);
              next_server(channel, query, now);
              return;
            }
@@ -476,8 +663,16 @@ void ares__send_query(ares_channel channel, struct query *query, time_t now)
        end_query(channel, query, ARES_ENOMEM, NULL, 0);
          return;
        }
+      /* To make the common case fast, we avoid copies by using the
+       * query's tcpbuf for as long as the query is alive. In the rare
+       * case where the query ends while it's queued for transmission,
+       * then we give the sendreq its own copy of the request packet
+       * and put it in sendreq->data_storage.
+       */
+      sendreq->data_storage = NULL;
      sendreq->data = query->tcpbuf;
      sendreq->len = query->tcplen;
+      sendreq->owner_query = query;
      sendreq->next = NULL;
      if (server->qtail)
        server->qtail->next = sendreq;
@@ -487,7 +682,8 @@ void ares__send_query(ares_channel channel, struct query *query, time_t now)
          server->qhead = sendreq;
        }
      server->qtail = sendreq;
-      query->timeout = 0;
+      query->server_info[query->server].tcp_connection_generation =
+        server->tcp_connection_generation;
    }
  else
    {
@@ -495,7 +691,7 @@ void ares__send_query(ares_channel channel, struct query *query, time_t now)
        {
          if (open_udp_socket(channel, server) == -1)
            {
-              query->skip_server[query->server] = 1;
+              skip_server(channel, query, query->server);
              next_server(channel, query, now);
              return;
            }
@@ -503,21 +699,36 @@ void ares__send_query(ares_channel channel, struct query *query, time_t now)
      if (swrite(server->udp_socket, query->qbuf, query->qlen) == -1)
        {
          /* FIXME: Handle EAGAIN here since it likely can happen. */
-          query->skip_server[query->server] = 1;
+          skip_server(channel, query, query->server);
          next_server(channel, query, now);
          return;
        }
+    }
    query->timeout = now
        + ((query->try == 0) ? channel->timeout
           : channel->timeout << query->try / channel->nservers);
-    }
+    /* Keep track of queries bucketed by timeout, so we can process
+     * timeout events quickly.
+     */
+    ares__remove_from_list(&(query->queries_by_timeout));
+    ares__insert_in_list(
+        &(query->queries_by_timeout),
+        &(channel->queries_by_timeout[query->timeout %
+                                      ARES_TIMEOUT_TABLE_SIZE]));
+
+    /* Keep track of queries bucketed by server, so we can process server
+     * errors quickly.
+     */
+    ares__remove_from_list(&(query->queries_to_server));
+    ares__insert_in_list(&(query->queries_to_server),
+                         &(server->queries_to_server));
 }

 /*
- * nonblock() set the given socket to either blocking or non-blocking mode
+ * setsocknonblock sets the given socket to either blocking or non-blocking mode
 * based on the 'nonblock' boolean argument. This function is highly portable.
 */
-static int nonblock(ares_socket_t sockfd,    /* operate on this */
+static int setsocknonblock(ares_socket_t sockfd,    /* operate on this */
                    int nonblock   /* TRUE or FALSE */)
 {
 #undef SETBLOCK
@@ -585,9 +796,36 @@ static int nonblock(ares_socket_t sockfd,    /* operate on this */
 #endif
 }

+static int configure_socket(int s, ares_channel channel)
+{
+  setsocknonblock(s, TRUE);
+
+#if defined(FD_CLOEXEC) && !defined(MSDOS)
+  /* Configure the socket fd as close-on-exec. */
+  if (fcntl(s, F_SETFD, FD_CLOEXEC) == -1)
+    return -1;
+#endif
+
+  /* Set the socket's send and receive buffer sizes. */
+  if ((channel->socket_send_buffer_size > 0) &&
+      setsockopt(s, SOL_SOCKET, SO_SNDBUF,
+                 (void *)&channel->socket_send_buffer_size,
+                 sizeof(channel->socket_send_buffer_size)) == -1)
+    return -1;
+
+  if ((channel->socket_receive_buffer_size > 0) &&
+      setsockopt(s, SOL_SOCKET, SO_RCVBUF,
+                 (void *)&channel->socket_receive_buffer_size,
+                 sizeof(channel->socket_receive_buffer_size)) == -1)
+    return -1;
+
+  return 0;
+ }
+
 static int open_tcp_socket(ares_channel channel, struct server_state *server)
 {
  ares_socket_t s;
+  int opt;
  struct sockaddr_in sockin;

  /* Acquire a socket. */
@@ -595,8 +833,26 @@ static int open_tcp_socket(ares_channel channel, struct server_state *server)
  if (s == ARES_SOCKET_BAD)
    return -1;

-  /* Set the socket non-blocking. */
-  nonblock(s, TRUE);
+  /* Configure it. */
+  if (configure_socket(s, channel) < 0)
+    {
+       close(s);
+       return -1;
+    }
+
+  /*
+   * Disable the Nagle algorithm (only relevant for TCP sockets, and thus not in
+   * configure_socket). In general, in DNS lookups we're pretty much interested
+   * in firing off a single request and then waiting for a reply, so batching
+   * isn't very interesting in general.
+   */
+  opt = 1;
+  if (setsockopt(s, IPPROTO_TCP, TCP_NODELAY,
+                 (void *)&opt, sizeof(opt)) == -1)
+    {
+       close(s);
+       return -1;
+    }

  /* Connect to the server. */
  memset(&sockin, 0, sizeof(sockin));
@@ -615,6 +871,7 @@ static int open_tcp_socket(ares_channel channel, struct server_state *server)
  SOCK_STATE_CALLBACK(channel, s, 1, 0);
  server->tcp_buffer_pos = 0;
  server->tcp_socket = s;
+  server->tcp_connection_generation = ++channel->tcp_connection_generation;
  return 0;
 }

@@ -629,7 +886,11 @@ static int open_udp_socket(ares_channel channel, struct server_state *server)
    return -1;

  /* Set the socket non-blocking. */
-  nonblock(s, TRUE);
+  if (configure_socket(s, channel) < 0)
+    {
+       close(s);
+       return -1;
+    }

  /* Connect to the server. */
  memset(&sockin, 0, sizeof(sockin));
@@ -727,34 +988,92 @@ static int same_questions(const unsigned char *qbuf, int qlen,
  return 1;
 }

-static struct query *end_query (ares_channel channel, struct query *query, int status,
+static void end_query (ares_channel channel, struct query *query, int status,
                       unsigned char *abuf, int alen)
 {
-  struct query **q, *next;
  int i;

-  query->callback(query->arg, status, abuf, alen);
-  for (q = &channel->queries; *q; q = &(*q)->next)
+  /* First we check to see if this query ended while one of our send
+   * queues still has pointers to it.
+   */
+  for (i = 0; i < channel->nservers; i++)
    {
-      if (*q == query)
-        break;
+      struct server_state *server = &channel->servers[i];
+      struct send_request *sendreq;
+      for (sendreq = server->qhead; sendreq; sendreq = sendreq->next)
+        if (sendreq->owner_query == query)
+          {
+            sendreq->owner_query = NULL;
+            assert(sendreq->data_storage == NULL);
+            if (status == ARES_SUCCESS)
+              {
+                /* We got a reply for this query, but this queued
+                 * sendreq points into this soon-to-be-gone query's
+                 * tcpbuf. Probably this means we timed out and queued
+                 * the query for retransmission, then received a
+                 * response before actually retransmitting. This is
+                 * perfectly fine, so we want to keep the connection
+                 * running smoothly if we can. But in the worst case
+                 * we may have sent only some prefix of the query,
+                 * with some suffix of the query left to send. Also,
+                 * the buffer may be queued on multiple queues. To
+                 * prevent dangling pointers to the query's tcpbuf and
+                 * handle these cases, we just give such sendreqs
+                 * their own copy of the query packet.
+                 */
+               sendreq->data_storage = malloc(sendreq->len);
+               if (sendreq->data_storage != NULL)
+                 {
+                   memcpy(sendreq->data_storage, sendreq->data, sendreq->len);
+                   sendreq->data = sendreq->data_storage;
                 }
-  *q = query->next;
-  if (*q)
-    next = (*q)->next;
-  else
-    next = NULL;
-  free(query->tcpbuf);
-  free(query->skip_server);
-  free(query);
+              }
+            if ((status != ARES_SUCCESS) || (sendreq->data_storage == NULL))
+              {
+                /* We encountered an error (probably a timeout,
+                 * suggesting the DNS server we're talking to is
+                 * probably unreachable, wedged, or severely
+                 * overloaded) or we couldn't copy the request, so
+                 * mark the connection as broken. When we get to
+                 * process_broken_connections() we'll close the
+                 * connection and try to re-send requests to another
+                 * server.
+                 */
+               server->is_broken = 1;
+               /* Just to be paranoid, zero out this sendreq... */
+               sendreq->data = NULL;
+               sendreq->len = 0;
+             }
+          }
+    }
+
+  /* Invoke the callback */
+  query->callback(query->arg, status, query->timeouts, abuf, alen);
+  ares__free_query(query);

  /* Simple cleanup policy: if no queries are remaining, close all
   * network sockets unless STAYOPEN is set.
   */
-  if (!channel->queries && !(channel->flags & ARES_FLAG_STAYOPEN))
+  if (!(channel->flags & ARES_FLAG_STAYOPEN) &&
+      ares__is_list_empty(&(channel->all_queries)))
    {
      for (i = 0; i < channel->nservers; i++)
        ares__close_sockets(channel, &channel->servers[i]);
    }
-  return (next);
+}
+
+void ares__free_query(struct query *query)
+{
+  /* Remove the query from all the lists in which it is linked */
+  ares__remove_from_list(&(query->queries_by_qid));
+  ares__remove_from_list(&(query->queries_by_timeout));
+  ares__remove_from_list(&(query->queries_to_server));
+  ares__remove_from_list(&(query->all_queries));
+  /* Zero out some important stuff, to help catch bugs */
+  query->callback = NULL;
+  query->arg = NULL;
+  /* Deallocate the memory associated with the query */
+  free(query->tcpbuf);
+  free(query->server_info);
+  free(query);
 }
--- a/ares/ares_query.3
+++ b/ares/ares_query.3
@@ -22,7 +22,7 @@ ares_query \- Initiate a single-question DNS query
 .B #include <ares.h>
 .PP
 .B typedef void (*ares_callback)(void *\fIarg\fP, int \fIstatus\fP,
-.B	unsigned char *\fIabuf\fP, int \fIalen\fP)
+.B	int \fItimeouts\fP, unsigned char *\fIabuf\fP, int \fIalen\fP)
 .PP
 .B void ares_query(ares_channel \fIchannel\fP, const char *\fIname\fP,
 .B 	int \fIdnsclass\fP, int \fItype\fP, ares_callback \fIcallback\fP,
@@ -124,6 +124,11 @@ The name service channel
 .I channel
 is being destroyed; the query will not be completed.
 .PP
+The callback argument
+.I timeouts
+reports how many times a query timed out during the execution of the
+given request.
+.PP
 If the query completed (even if there was something wrong with it, as
 indicated by some of the above error codes), the callback argument
 .I abuf
--- a/ares/ares_query.c
+++ b/ares/ares_query.c
@@ -37,7 +37,69 @@ struct qquery {
  void *arg;
 };

-static void qcallback(void *arg, int status, unsigned char *abuf, int alen);
+static void qcallback(void *arg, int status, int timeouts, unsigned char *abuf, int alen);
+
+void ares__rc4(rc4_key* key, unsigned char *buffer_ptr, int buffer_len)
+{
+  unsigned char x;
+  unsigned char y;
+  unsigned char* state;
+  unsigned char xorIndex;
+  short counter;
+
+  x = key->x;
+  y = key->y;
+
+  state = &key->state[0];
+  for(counter = 0; counter < buffer_len; counter ++)
+  {
+    x = (unsigned char)((x + 1) % 256);
+    y = (unsigned char)((state[x] + y) % 256);
+    ARES_SWAP_BYTE(&state[x], &state[y]);
+
+    xorIndex = (unsigned char)((state[x] + state[y]) % 256);
+
+    buffer_ptr[counter] = (unsigned char)(buffer_ptr[counter]^state[xorIndex]);
+  }
+  key->x = x;
+  key->y = y;
+}
+
+static struct query* find_query_by_id(ares_channel channel, int id)
+{
+  unsigned short qid;
+  struct list_node* list_head;
+  struct list_node* list_node;
+  DNS_HEADER_SET_QID(((unsigned char*)&qid), id);
+
+  /* Find the query corresponding to this packet. */
+  list_head = &(channel->queries_by_qid[qid % ARES_QID_TABLE_SIZE]);
+  for (list_node = list_head->next; list_node != list_head;
+       list_node = list_node->next)
+    {
+       struct query *q = list_node->data;
+       if (q->qid == qid)
+	  return q;
+    }
+  return NULL;
+}
+
+
+/* a unique query id is generated using an rc4 key. Since the id may already
+   be used by a running query (as infrequent as it may be), a lookup is
+   performed per id generation. In practice this search should happen only
+   once per newly generated id
+*/
+static int generate_unique_id(ares_channel channel)
+{
+  int id;
+
+  do {
+	id = ares__generate_new_id(&channel->id_key);
+  } while (find_query_by_id(channel,id));
+
+  return id;
+}

 void ares_query(ares_channel channel, const char *name, int dnsclass,
                int type, ares_callback callback, void *arg)
@@ -50,19 +112,21 @@ void ares_query(ares_channel channel, const char *name, int dnsclass,
  rd = !(channel->flags & ARES_FLAG_NORECURSE);
  status = ares_mkquery(name, dnsclass, type, channel->next_id, rd, &qbuf,
                        &qlen);
-  channel->next_id++;
  if (status != ARES_SUCCESS)
    {
-      callback(arg, status, NULL, 0);
+      if (qbuf != NULL) free(qbuf);
+      callback(arg, status, 0, NULL, 0);
      return;
    }

+  channel->next_id = generate_unique_id(channel);
+
  /* Allocate and fill in the query structure. */
  qquery = malloc(sizeof(struct qquery));
  if (!qquery)
    {
      ares_free_string(qbuf);
-      callback(arg, ARES_ENOMEM, NULL, 0);
+      callback(arg, ARES_ENOMEM, 0, NULL, 0);
      return;
    }
  qquery->callback = callback;
@@ -73,14 +137,14 @@ void ares_query(ares_channel channel, const char *name, int dnsclass,
  ares_free_string(qbuf);
 }

-static void qcallback(void *arg, int status, unsigned char *abuf, int alen)
+static void qcallback(void *arg, int status, int timeouts, unsigned char *abuf, int alen)
 {
  struct qquery *qquery = (struct qquery *) arg;
  unsigned int ancount;
  int rcode;

  if (status != ARES_SUCCESS)
-    qquery->callback(qquery->arg, status, abuf, alen);
+    qquery->callback(qquery->arg, status, timeouts, abuf, alen);
  else
    {
      /* Pull the response code and answer count from the packet. */
@@ -109,7 +173,7 @@ static void qcallback(void *arg, int status, unsigned char *abuf, int alen)
          status = ARES_EREFUSED;
          break;
        }
-      qquery->callback(qquery->arg, status, abuf, alen);
+      qquery->callback(qquery->arg, status, timeouts, abuf, alen);
    }
  free(qquery);
 }
--- a/ares/ares_save_options.3
+++ b/ares/ares_save_options.3
@@ -0,0 +1,49 @@
+.\" $Id$
+.\"
+.\" Copyright 1998 by the Massachusetts Institute of Technology.
+.\"
+.\" Permission to use, copy, modify, and distribute this
+.\" software and its documentation for any purpose and without
+.\" fee is hereby granted, provided that the above copyright
+.\" notice appear in all copies and that both that copyright
+.\" notice and this permission notice appear in supporting
+.\" documentation, and that the name of M.I.T. not be used in
+.\" advertising or publicity pertaining to distribution of the
+.\" software without specific, written prior permission.
+.\" M.I.T. makes no representations about the suitability of
+.\" this software for any purpose.  It is provided "as is"
+.\" without express or implied warranty.
+.\"
+.TH ARES_SAVE_OPTIONS 3 "1 June 2007"
+.SH NAME
+ares_save_options \- Save configuration values obtained from initialized ares_channel
+.SH SYNOPSIS
+.nf
+.B #include <ares.h>
+.PP
+.B void ares_save_options(ares_channel \fIchannel\fP, struct ares_options *\fIoptions\fP, int *\fIoptmask\fP)
+.fi
+.SH DESCRIPTION
+The
+.B ares_save_options
+function saves the channel data identified by
+.IR channel ,
+into the options struct identified by
+.IR options ,
+and saves the mask of options which are set to the integer
+pointer (passed by reference) identified by
+.IR optmask .
+
+The resultant options and optmask are then able to be
+passed directly to ares_init_options.  When the options
+are no longer needed, ares_destroy_options should be called
+to free any associated memory.
+
+
+.SH SEE ALSO
+.BR ares_destroy_options (3),
+.BR ares_init_options (3)
+.SH AUTHOR
+Brad House
+.br
+Copyright 1998 by the Massachusetts Institute of Technology.
--- a/ares/ares_search.3
+++ b/ares/ares_search.3
@@ -22,7 +22,7 @@ ares_search \- Initiate a DNS query with domain search
 .B #include <ares.h>
 .PP
 .B typedef void (*ares_callback)(void *\fIarg\fP, int \fIstatus\fP,
-.B	unsigned char *\fIabuf\fP, int \fIalen\fP)
+.B	int \fItimeouts\fP, unsigned char *\fIabuf\fP, int \fIalen\fP)
 .PP
 .B void ares_search(ares_channel \fIchannel\fP, const char *\fIname\fP,
 .B 	int \fIdnsclass\fP, int \fItype\fP, ares_callback \fIcallback\fP,
@@ -125,6 +125,11 @@ The name service channel
 .I channel
 is being destroyed; the query will not be completed.
 .PP
+The callback argument
+.I timeouts
+reports how many times a query timed out during the execution of the
+given request.
+.PP
 If a query completed successfully, the callback argument
 .I abuf
 points to a result buffer of length
--- a/ares/ares_search.c
+++ b/ares/ares_search.c
@@ -41,10 +41,12 @@ struct search_query {
  int status_as_is;             /* error status from trying as-is */
  int next_domain;              /* next search domain to try */
  int trying_as_is;             /* current query is for name as-is */
+  int timeouts;                 /* number of timeouts we saw for this request */
+  int ever_got_nodata;          /* did we ever get ARES_ENODATA along the way? */
 };

-static void search_callback(void *arg, int status, unsigned char *abuf,
-                            int alen);
+static void search_callback(void *arg, int status, int timeouts,
+                            unsigned char *abuf, int alen);
 static void end_squery(struct search_query *squery, int status,
                       unsigned char *abuf, int alen);
 static int cat_domain(const char *name, const char *domain, char **s);
@@ -64,7 +66,7 @@ void ares_search(ares_channel channel, const char *name, int dnsclass,
  status = single_domain(channel, name, &s);
  if (status != ARES_SUCCESS)
    {
-      callback(arg, status, NULL, 0);
+      callback(arg, status, 0, NULL, 0);
      return;
    }
  if (s)
@@ -80,7 +82,7 @@ void ares_search(ares_channel channel, const char *name, int dnsclass,
  squery = malloc(sizeof(struct search_query));
  if (!squery)
    {
-      callback(arg, ARES_ENOMEM, NULL, 0);
+      callback(arg, ARES_ENOMEM, 0, NULL, 0);
      return;
    }
  squery->channel = channel;
@@ -88,7 +90,7 @@ void ares_search(ares_channel channel, const char *name, int dnsclass,
  if (!squery->name)
    {
      free(squery);
-      callback(arg, ARES_ENOMEM, NULL, 0);
+      callback(arg, ARES_ENOMEM, 0, NULL, 0);
      return;
    }
  squery->dnsclass = dnsclass;
@@ -96,6 +98,8 @@ void ares_search(ares_channel channel, const char *name, int dnsclass,
  squery->status_as_is = -1;
  squery->callback = callback;
  squery->arg = arg;
+  squery->timeouts = 0;
+  squery->ever_got_nodata = 0;

  /* Count the number of dots in name. */
  ndots = 0;
@@ -132,18 +136,20 @@ void ares_search(ares_channel channel, const char *name, int dnsclass,
        /* failed, free the malloc()ed memory */
        free(squery->name);
        free(squery);
-        callback(arg, status, NULL, 0);
+        callback(arg, status, 0, NULL, 0);
      }
    }
 }

-static void search_callback(void *arg, int status, unsigned char *abuf,
-                            int alen)
+static void search_callback(void *arg, int status, int timeouts,
+                            unsigned char *abuf, int alen)
 {
  struct search_query *squery = (struct search_query *) arg;
  ares_channel channel = squery->channel;
  char *s;
                
+  squery->timeouts += timeouts;
+
  /* Stop searching unless we got a non-fatal error. */
  if (status != ARES_ENODATA && status != ARES_ESERVFAIL
      && status != ARES_ENOTFOUND)
@@ -153,6 +159,17 @@ static void search_callback(void *arg, int status, unsigned char *abuf,
      /* Save the status if we were trying as-is. */
      if (squery->trying_as_is)
        squery->status_as_is = status;
+
+      /* 
+       * If we ever get ARES_ENODATA along the way, record that; if the search
+       * should run to the very end and we got at least one ARES_ENODATA,
+       * then callers like ares_gethostbyname() may want to try a T_A search
+       * even if the last domain we queried for T_AAAA resource records
+       * returned ARES_ENOTFOUND.
+       */
+      if (status == ARES_ENODATA)
+        squery->ever_got_nodata = 1;
+
      if (squery->next_domain < channel->ndomains)
        {
          /* Try the next domain. */
@@ -176,15 +193,20 @@ static void search_callback(void *arg, int status, unsigned char *abuf,
          ares_query(channel, squery->name, squery->dnsclass, squery->type,
                     search_callback, squery);
        }
+      else {
+        if (squery->status_as_is == ARES_ENOTFOUND && squery->ever_got_nodata) {
+          end_squery(squery, ARES_ENODATA, NULL, 0);
+        }
        else
          end_squery(squery, squery->status_as_is, NULL, 0);
      }
    }
+}

 static void end_squery(struct search_query *squery, int status,
                       unsigned char *abuf, int alen)
 {
-  squery->callback(squery->arg, status, abuf, alen);
+  squery->callback(squery->arg, status, squery->timeouts, abuf, alen);
  free(squery->name);
  free(squery);
 }
--- a/ares/ares_send.3
+++ b/ares/ares_send.3
@@ -22,7 +22,7 @@ ares_send \- Initiate a DNS query
 .B #include <ares.h>
 .PP
 .B typedef void (*ares_callback)(void *\fIarg\fP, int \fIstatus\fP,
-.B	unsigned char *\fIabuf\fP, int \fIalen\fP)
+.B	int \fItimeouts\fP, unsigned char *\fIabuf\fP, int \fIalen\fP)
 .PP
 .B void ares_send(ares_channel \fIchannel\fP, const unsigned char *\fIqbuf\fP,
 .B 	int \fIqlen\fP, ares_callback \fIcallback\fP, void *\fIarg\fP)
@@ -79,6 +79,11 @@ The name service channel
 .I channel
 is being destroyed; the query will not be completed.
 .PP
+The callback argument
+.I timeouts
+reports how many times a query timed out during the execution of the
+given request.
+.PP
 If the query completed, the callback argument
 .I abuf
 points to a result buffer of length
--- a/ares/ares_send.c
+++ b/ares/ares_send.c
@@ -44,7 +44,7 @@ void ares_send(ares_channel channel, const unsigned char *qbuf, int qlen,
  /* Verify that the query is at least long enough to hold the header. */
  if (qlen < HFIXEDSZ || qlen >= (1 << 16))
    {
-      callback(arg, ARES_EBADQUERY, NULL, 0);
+      callback(arg, ARES_EBADQUERY, 0, NULL, 0);
      return;
    }

@@ -52,22 +52,23 @@ void ares_send(ares_channel channel, const unsigned char *qbuf, int qlen,
  query = malloc(sizeof(struct query));
  if (!query)
    {
-      callback(arg, ARES_ENOMEM, NULL, 0);
+      callback(arg, ARES_ENOMEM, 0, NULL, 0);
      return;
    }
  query->tcpbuf = malloc(qlen + 2);
  if (!query->tcpbuf)
    {
      free(query);
-      callback(arg, ARES_ENOMEM, NULL, 0);
+      callback(arg, ARES_ENOMEM, 0, NULL, 0);
      return;
    }
-  query->skip_server = malloc(channel->nservers * sizeof(int));
-  if (!query->skip_server)
+  query->server_info = malloc(channel->nservers *
+                              sizeof(query->server_info[0]));
+  if (!query->server_info)
    {
      free(query->tcpbuf);
      free(query);
-      callback(arg, ARES_ENOMEM, NULL, 0);
+      callback(arg, ARES_ENOMEM, 0, NULL, 0);
      return;
    }

@@ -93,13 +94,28 @@ void ares_send(ares_channel channel, const unsigned char *qbuf, int qlen,
  query->try = 0;
  query->server = 0;
  for (i = 0; i < channel->nservers; i++)
-    query->skip_server[i] = 0;
+    {
+      query->server_info[i].skip_server = 0;
+      query->server_info[i].tcp_connection_generation = 0;
+    }
  query->using_tcp = (channel->flags & ARES_FLAG_USEVC) || qlen > PACKETSZ;
  query->error_status = ARES_ECONNREFUSED;
+  query->timeouts = 0;

-  /* Chain the query into this channel's query list. */
-  query->next = channel->queries;
-  channel->queries = query;
+  /* Initialize our list nodes. */
+  ares__init_list_node(&(query->queries_by_qid),     query);
+  ares__init_list_node(&(query->queries_by_timeout), query);
+  ares__init_list_node(&(query->queries_to_server),  query);
+  ares__init_list_node(&(query->all_queries),        query);
+       
+  /* Chain the query into the list of all queries. */
+  ares__insert_in_list(&(query->all_queries), &(channel->all_queries));
+  /* Keep track of queries bucketed by qid, so we can process DNS
+   * responses quickly.
+   */
+  ares__insert_in_list(
+      &(query->queries_by_qid),
+      &(channel->queries_by_qid[query->qid % ARES_QID_TABLE_SIZE]));

  /* Perform the first query action. */
  time(&now);
--- a/ares/ares_strerror.c
+++ b/ares/ares_strerror.c
@@ -46,6 +46,8 @@ const char *ares_strerror(int code)
    "Illegal hints flags specified"
  };

-  DEBUGASSERT(code >= 0 && code < (int)(sizeof(errtext) / sizeof(*errtext)));
+  if(code >= 0 && code < (int)(sizeof(errtext) / sizeof(*errtext)))
    return errtext[code];
+  else
+    return "unknown";
 }
--- a/ares/ares_timeout.c
+++ b/ares/ares_timeout.c
@@ -26,22 +26,34 @@
 #include "ares.h"
 #include "ares_private.h"

+/* WARNING: Beware that this is linear in the number of outstanding
+ * requests! You are probably far better off just calling ares_process()
+ * once per second, rather than calling ares_timeout() to figure out
+ * when to next call ares_process().
+ */
 struct timeval *ares_timeout(ares_channel channel, struct timeval *maxtv,
                             struct timeval *tvbuf)
 {
  struct query *query;
+  struct list_node* list_head;
+  struct list_node* list_node;
  time_t now;
-  int offset, min_offset;
+  time_t offset, min_offset; /* these use time_t since some 32 bit systems
+                                still use 64 bit time_t! (like VS2005) */

  /* No queries, no timeout (and no fetch of the current time). */
-  if (!channel->queries)
+  if (ares__is_list_empty(&(channel->all_queries)))
    return maxtv;

  /* Find the minimum timeout for the current set of queries. */
  time(&now);
  min_offset = -1;
-  for (query = channel->queries; query; query = query->next)
+
+  list_head = &(channel->all_queries);
+  for (list_node = list_head->next; list_node != list_head;
+       list_node = list_node->next)
    {
+      query = list_node->data;
      if (query->timeout == 0)
        continue;
      offset = query->timeout - now;
@@ -57,7 +69,7 @@ struct timeval *ares_timeout(ares_channel channel, struct timeval *maxtv,
   */
  if (min_offset != -1 && (!maxtv || min_offset <= maxtv->tv_sec))
    {
-      tvbuf->tv_sec = min_offset;
+      tvbuf->tv_sec = (long)min_offset;
      tvbuf->tv_usec = 0;
      return tvbuf;
    }
--- a/ares/ares_version.h
+++ b/ares/ares_version.h
@@ -4,12 +4,12 @@
 #define ARES__VERSION_H

 #define ARES_VERSION_MAJOR 1
-#define ARES_VERSION_MINOR 3
-#define ARES_VERSION_PATCH 3
+#define ARES_VERSION_MINOR 5
+#define ARES_VERSION_PATCH 2
 #define ARES_VERSION ((ARES_VERSION_MAJOR<<16)|\
                       (ARES_VERSION_MINOR<<8)|\
                       (ARES_VERSION_PATCH))
-#define ARES_VERSION_STR "1.3.3-CVS"
+#define ARES_VERSION_STR "1.5.2-CVS"

 #ifdef  __cplusplus
 extern "C" {
--- a/ares/bitncmp.h
+++ b/ares/bitncmp.h
@@ -3,7 +3,8 @@

 /* $Id$ */

-/*
+/* Copyright (C) 2005 by Dominick Meglio
+ *
 * Permission to use, copy, modify, and distribute this
 * software and its documentation for any purpose and without
 * fee is hereby granted, provided that the above copyright
--- a/ares/config-win32.h
+++ b/ares/config-win32.h
@@ -146,11 +146,6 @@
 #define ssize_t int
 #endif

-/* Define to 'int' if socklen_t is not an available 'typedefed' type */
-#ifndef HAVE_WS2TCPIP_H
-#define socklen_t int
-#endif
-
 /* ---------------------------------------------------------------- */
 /*                          STRUCT RELATED                          */
 /* ---------------------------------------------------------------- */
@@ -164,24 +159,58 @@
 /* Define this if you have struct timeval */
 #define HAVE_STRUCT_TIMEVAL 1

+/* ---------------------------------------------------------------- */
+/*                        COMPILER SPECIFIC                         */
+/* ---------------------------------------------------------------- */
+
+/* Define to avoid VS2005 complaining about portable C functions */
+#if defined(_MSC_VER) && (_MSC_VER >= 1400)
+#define _CRT_SECURE_NO_DEPRECATE 1
+#define _CRT_NONSTDC_NO_DEPRECATE 1
+#endif
+
+/* VS2008 does not support Windows build targets prior to WinXP, */
+/* so, if no build target has been defined we will target WinXP. */
+#if defined(_MSC_VER) && (_MSC_VER >= 1500)
+#  ifndef _WIN32_WINNT
+#    define _WIN32_WINNT 0x0501
+#  endif
+#  ifndef WINVER
+#    define WINVER 0x0501
+#  endif
+#  if (_WIN32_WINNT < 0x0501) || (WINVER < 0x0501)
+#    error VS2008 does not support Windows build targets prior to WinXP
+#  endif
+#endif
+
 /* ---------------------------------------------------------------- */
 /*                         IPV6 COMPATIBILITY                       */
 /* ---------------------------------------------------------------- */

 /* Define this if you have address family AF_INET6 */
+#ifdef HAVE_WINSOCK2_H
 #define HAVE_AF_INET6 1
+#endif

 /* Define this if you have protocol family PF_INET6 */
+#ifdef HAVE_WINSOCK2_H
 #define HAVE_PF_INET6 1
+#endif

 /* Define this if you have struct in6_addr */
+#ifdef HAVE_WS2TCPIP_H
 #define HAVE_STRUCT_IN6_ADDR 1
+#endif

 /* Define this if you have struct sockaddr_in6 */
+#ifdef HAVE_WS2TCPIP_H
 #define HAVE_STRUCT_SOCKADDR_IN6 1
+#endif

 /* Define this if you have sockaddr_in6 with scopeid */
+#ifdef HAVE_WS2TCPIP_H
 #define HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID 1
+#endif


 #endif  /* __ARES_CONFIG_WIN32_H */
--- a/ares/configure.ac
+++ b/ares/configure.ac
@@ -46,6 +46,8 @@ AC_HELP_STRING([--disable-debug],[Disable debug options]),
    dnl when doing the debug stuff, use static library only
    AC_DISABLE_SHARED

+    debugbuild="yes"
+
    dnl the entire --enable-debug is a hack that lives and runs on top of
    dnl libcurl stuff so this BUILDING_LIBCURL is not THAT much uglier
    AC_DEFINE(BUILDING_LIBCURL, 1, [when building as static part of libcurl])
@@ -70,6 +72,7 @@ AC_HELP_STRING([--disable-debug],[Disable debug options]),
  esac ],
       AC_MSG_RESULT(no)
 )
+AM_CONDITIONAL(DEBUGBUILD, test x$debugbuild = xyes)

 dnl skip libtool C++ and Fortran compiler checks
 m4_ifdef([AC_PROG_CXX], [m4_undefine([AC_PROG_CXX])])
@@ -117,6 +120,43 @@ dnl gethostbyname_r() version
 dnl **********************************************************************
 CURL_DETECT_ICC([CFLAGS="$CFLAGS -we 147"])

+dnl **********************************************************************
+dnl platform/compiler/architecture specific checks/flags
+dnl **********************************************************************
+
+case $host in
+  #
+  x86_64*linux*)
+    #
+    dnl find out if icc is being used
+    if test "z$ICC" = "z"; then
+      CURL_DETECT_ICC
+    fi
+    #
+    if test "$ICC" = "yes"; then
+      dnl figure out icc version
+      AC_MSG_CHECKING([icc version])
+      iccver=`$CC -dumpversion`
+      iccnhi=`echo $iccver | cut -d . -f1`
+      iccnlo=`echo $iccver | cut -d . -f2`
+      iccnum=`(expr $iccnhi "*" 100 + $iccnlo) 2>/dev/null`
+      AC_MSG_RESULT($iccver)
+      #
+      if test "$iccnum" -ge "900" && test "$iccnum" -lt "1000"; then
+        dnl icc 9.X specific
+        CFLAGS="$CFLAGS -i-dynamic"
+      fi
+      #
+      if test "$iccnum" -ge "1000"; then
+        dnl icc 10.X or later
+        CFLAGS="$CFLAGS -shared-intel"
+      fi
+      #
+    fi
+    ;;
+  #
+esac
+
 dnl **********************************************************************
 dnl Checks for libraries.
 dnl **********************************************************************
@@ -221,9 +261,6 @@ fi
 dnl socket lib?
 AC_CHECK_FUNC(connect, , [ AC_CHECK_LIB(socket, connect) ])

-dnl dl lib?
-AC_CHECK_FUNC(dlclose, , [ AC_CHECK_LIB(dl, dlopen) ])
-
 AC_MSG_CHECKING([whether to use libgcc])
 AC_ARG_ENABLE(libgcc,
 AC_HELP_STRING([--enable-libgcc],[use libgcc when linking]),
@@ -305,6 +342,9 @@ if test "x$RECENTAIX" = "xyes"; then
         dnl the optimizer assumes that pointers can only point to
         dnl an object of the same type.
         CFLAGS="$CFLAGS -qnoansialias"
+         dnl Force AIX xlc to stop after the compilation phase, and not
+         dnl generate object code, when the source compiles with errors.
+         CFLAGS="$CFLAGS -qhalt=e"
       )
 fi

@@ -337,8 +377,10 @@ AC_CHECK_HEADERS(
       sys/select.h \
       sys/socket.h \
       sys/ioctl.h \
+       sys/param.h \
       netdb.h \
       netinet/in.h \
+       netinet/tcp.h \
       net/if.h \
       errno.h \
       stdbool.h \
@@ -600,6 +642,7 @@ AC_CHECK_MEMBER(struct addrinfo.ai_flags,


 AC_CHECK_FUNCS( bitncmp \
+                gettimeofday \
                if_indextoname,
 dnl if found
 [],
@@ -785,4 +828,27 @@ AC_C_BIGENDIAN(
    [AC_MSG_WARN([couldn't figure out endianess, assuming little endian!])]
 )

-AC_OUTPUT(Makefile)
+dnl Check for user-specified random device
+AC_ARG_WITH(random,
+AC_HELP_STRING([--with-random=FILE],
+               [read randomness from FILE (default=/dev/urandom)]),
+    [ RANDOM_FILE="$withval" ],
+    [
+        dnl Check for random device.  If we're cross compiling, we can't
+        dnl check, and it's better to assume it doesn't exist than it is
+        dnl to fail on AC_CHECK_FILE or later.
+        if test "$cross_compiling" = "no"; then
+          AC_CHECK_FILE("/dev/urandom", [ RANDOM_FILE="/dev/urandom"] )
+        else
+          AC_MSG_WARN([cannot check for /dev/urandom while cross compiling; assuming none])
+        fi
+        
+    ]
+)
+if test -n "$RANDOM_FILE" && test X"$RANDOM_FILE" != Xno ; then
+        AC_SUBST(RANDOM_FILE)
+        AC_DEFINE_UNQUOTED(RANDOM_FILE, "$RANDOM_FILE",
+        [a suitable file/device to read random data from])
+fi
+
+AC_OUTPUT(Makefile libcares.pc)
--- a/ares/get_ver.awk
+++ b/ares/get_ver.awk
@@ -0,0 +1,36 @@
+# ***************************************************************************
+# *  Project: c-ares
+# *
+# * $Id$
+# ***************************************************************************
+# awk script which fetches c-ares version number and string from input
+# file and writes them to STDOUT. Here you can get an awk version for Win32:
+# http://www.gknw.net/development/prgtools/awk-20070501.zip
+#
+BEGIN {
+  if (match (ARGV[1], /ares_version.h/)) {
+    while ((getline < ARGV[1]) > 0) {
+      if (match ($0, /^#define ARES_COPYRIGHT "[^"]+"$/)) {
+        libcares_copyright_str = substr($0, 25, length($0)-25);
+      }
+      else if (match ($0, /^#define ARES_VERSION_STR "[^"]+"$/)) {
+        libcares_ver_str = substr($3, 2, length($3)-2);
+      }
+      else if (match ($0, /^#define ARES_VERSION_MAJOR [0-9]+$/)) {
+        libcares_ver_major = substr($3, 1, length($3));
+      }
+      else if (match ($0, /^#define ARES_VERSION_MINOR [0-9]+$/)) {
+        libcares_ver_minor = substr($3, 1, length($3));
+      }
+      else if (match ($0, /^#define ARES_VERSION_PATCH [0-9]+$/)) {
+        libcares_ver_patch = substr($3, 1, length($3));
+      }
+    }
+    libcares_ver = libcares_ver_major "," libcares_ver_minor "," libcares_ver_patch;
+    print "LIBCARES_VERSION = " libcares_ver "";
+    print "LIBCARES_VERSION_STR = " libcares_ver_str "";
+    print "LIBCARES_COPYRIGHT_STR = " libcares_copyright_str "";
+  }
+}
+
+
--- a/ares/inet_net_pton.h
+++ b/ares/inet_net_pton.h
@@ -3,7 +3,8 @@

 /* $Id$ */

-/*
+/* Copyright (C) 2005 by Daniel Stenberg
+ *
 * Permission to use, copy, modify, and distribute this
 * software and its documentation for any purpose and without
 * fee is hereby granted, provided that the above copyright
--- a/ares/inet_ntop.h
+++ b/ares/inet_ntop.h
@@ -3,7 +3,8 @@

 /* $Id$ */

-/*
+/* Copyright (C) 2005 by Dominick Meglio
+ *
 * Permission to use, copy, modify, and distribute this
 * software and its documentation for any purpose and without
 * fee is hereby granted, provided that the above copyright
--- a/ares/libcares.pc.in
+++ b/ares/libcares.pc.in
@@ -0,0 +1,20 @@
+#***************************************************************************
+# Project        ___       __ _ _ __ ___  ___ 
+#               / __|____ / _` | '__/ _ \/ __|
+#              | (_|_____| (_| | | |  __/\__ \
+#               \___|     \__,_|_|  \___||___/
+# $id: $
+#
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: c-ares
+URL: http://daniel.haxx.se/projects/c-ares/
+Description: asynchronous DNS lookup library
+Version: @VERSION@
+Requires: 
+Requires.private: 
+Cflags: -I${includedir}
+Libs: -L${libdir} -lcares
--- a/ares/nameser.h
+++ b/ares/nameser.h
@@ -7,9 +7,6 @@
   port build */

 #ifndef NETWARE
-#ifndef __CYGWIN__
-#include <windows.h>
-#endif
 #include <process.h> /* for the _getpid() proto */
 #endif  /* !NETWARE */
 #include <sys/types.h>
@@ -32,7 +29,9 @@ struct iovec
 int ares_writev (SOCKET s, const struct iovec *vector, size_t count);
 #define writev(s,vect,count)  ares_writev(s,vect,count)

+#ifndef HAVE_GETTIMEOFDAY
 struct timezone { int dummy; };
+#endif

 int ares_gettimeofday(struct timeval *tv, struct timezone *tz);
 #define gettimeofday(tv,tz) ares_gettimeofday(tv,tz)
@@ -147,6 +146,11 @@ typedef enum __ns_opcode {

 #define T_CNAME                ns_t_cname

+#define NS_MAXDNAME   256     /* maximum domain name */
+#define MAXDNAME      NS_MAXDNAME
+
+#define NS_MAXCDNAME  255     /* maximum compressed domain name */
+#define MAXCDNAME     NS_MAXCDNAME

 #define NS_PACKETSZ   512     /* maximum packet size */
 #define PACKETSZ       NS_PACKETSZ
--- a/ares/setup.h
+++ b/ares/setup.h
@@ -3,7 +3,7 @@

 /* $Id$ */

-/* Copyright (C) 2004 - 2005 by Daniel Stenberg et al
+/* Copyright (C) 2004 - 2007 by Daniel Stenberg et al
 *
 * Permission to use, copy, modify, and distribute this software and its
 * documentation for any purpose and without fee is hereby granted, provided
@@ -16,13 +16,11 @@
 * without express or implied warranty.
 */

-#if !defined(WIN32) && defined(__WIN32__)
-/* Borland fix */
-#define WIN32
-#endif
+/*
+ * Define WIN32 when build target is Win32 API
+ */

-#if !defined(WIN32) && defined(_WIN32)
-/* VS2005 on x64 fix */
+#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32)
 #define WIN32
 #endif

@@ -97,10 +95,6 @@
 #define ssize_t int
 #endif

-#ifndef HAVE_WS2TCPIP_H
-#define socklen_t int
-#endif
-
 #endif /* HAVE_CONFIG_H */

 /*
@@ -117,18 +111,6 @@
 #undef VERSION
 #undef PACKAGE

-/*
- * Typedef our socket type
- */
-
-#ifdef USE_WINSOCK
-typedef SOCKET ares_socket_t;
-#define ARES_SOCKET_BAD INVALID_SOCKET
-#else
-typedef int ares_socket_t;
-#define ARES_SOCKET_BAD -1
-#endif
-
 /*
 * Assume a few thing unless they're set by configure
 */
@@ -156,6 +138,11 @@ int ares_strcasecmp(const char *s1, const char *s2);
   same */
 #define strncasecmp(a,b,c) ares_strncasecmp(a,b,c)
 #define strcasecmp(a,b) ares_strcasecmp(a,b)
+#ifdef _MSC_VER
+#  if _MSC_VER >= 1400
+#    define strdup(a) _strdup(a)
+#  endif
+#endif
 #endif

 /* IPv6 compatibility */
--- a/ares/setup_once.h
+++ b/ares/setup_once.h
@@ -91,6 +91,31 @@ struct timeval {
 #endif


+/*
+ * Windows build targets have socklen_t definition in
+ * ws2tcpip.h but some versions of ws2tcpip.h do not
+ * have the definition. It seems that when the socklen_t
+ * definition is missing from ws2tcpip.h the definition
+ * for INET_ADDRSTRLEN is also missing, and that when one
+ * definition is present the other one also is available.
+ */
+
+#if defined(WIN32) && !defined(HAVE_SOCKLEN_T)
+#  if ( defined(_MSC_VER) && !defined(INET_ADDRSTRLEN) ) || \
+      (!defined(_MSC_VER) && !defined(HAVE_WS2TCPIP_H) )
+#    define socklen_t int
+#    define HAVE_SOCKLEN_T
+#  endif
+#endif
+
+
+#if defined(__minix)
+/* Minix doesn't support recv on TCP sockets */
+#define sread(x,y,z) (ssize_t)read((RECV_TYPE_ARG1)(x), \
+                                   (RECV_TYPE_ARG2)(y), \
+                                   (RECV_TYPE_ARG3)(z))
+
+#elif defined(HAVE_RECV)
 /*
 * The definitions for the return type and arguments types
 * of functions recv() and send() belong and come from the
@@ -113,7 +138,6 @@ struct timeval {
 * SEND_TYPE_RETV must also be defined.
 */

-#ifdef HAVE_RECV
 #if !defined(RECV_TYPE_ARG1) || \
    !defined(RECV_TYPE_ARG2) || \
    !defined(RECV_TYPE_ARG3) || \
@@ -136,7 +160,14 @@ struct timeval {
 #endif
 #endif /* HAVE_RECV */

-#ifdef HAVE_SEND
+
+#if defined(__minix)
+/* Minix doesn't support send on TCP sockets */
+#define swrite(x,y,z) (ssize_t)write((SEND_TYPE_ARG1)(x), \
+                                    (SEND_TYPE_ARG2)(y), \
+                                    (SEND_TYPE_ARG3)(z))
+
+#elif defined(HAVE_SEND)
 #if !defined(SEND_TYPE_ARG1) || \
    !defined(SEND_QUAL_ARG2) || \
    !defined(SEND_TYPE_ARG2) || \
@@ -337,5 +368,117 @@ typedef int sig_atomic_t;
 #endif


+/*
+ *  Actually use __32_getpwuid() on 64-bit VMS builds for getpwuid()
+ */
+
+#if defined(VMS) && \
+    defined(__INITIAL_POINTER_SIZE) && (__INITIAL_POINTER_SIZE == 64)
+#define getpwuid __32_getpwuid
+#endif
+
+
+/*
+ * Macro argv_item_t hides platform details to code using it.
+ */
+
+#ifdef VMS
+#define argv_item_t  __char_ptr32
+#else
+#define argv_item_t  char *
+#endif
+
+
+/*
+ * We use this ZERO_NULL to avoid picky compiler warnings,
+ * when assigning a NULL pointer to a function pointer var.
+ */
+
+#define ZERO_NULL 0
+
+
+#if defined (__LP64__) && defined(__hpux) && !defined(_XOPEN_SOURCE_EXTENDED)
+#include <sys/socket.h>
+/* HP-UX has this oddity where it features a few functions that don't work
+   with socklen_t so we need to convert to ints
+
+   This is due to socklen_t being a 64bit int under 64bit ABI, but the
+   pre-xopen (default) interfaces require an int, which is 32bits.
+
+   Therefore, Anytime socklen_t is passed by pointer, the libc function
+   truncates the 64bit socklen_t value by treating it as a 32bit value.
+
+
+   Note that some socket calls are allowed to have a NULL pointer for
+   the socklen arg.
+*/
+
+inline static int Curl_hp_getsockname(int s, struct sockaddr *name,
+                                      socklen_t *namelen)
+{
+  int rc;
+  if(namelen) {
+     int len = *namelen;
+     rc = getsockname(s, name, &len);
+     *namelen = len;
+   }
+  else
+     rc = getsockname(s, name, 0);
+  return rc;
+}
+
+inline static int Curl_hp_getsockopt(int  s, int level, int optname,
+                                     void *optval, socklen_t *optlen)
+{
+  int rc;
+  if(optlen) {
+    int len = *optlen;
+    rc = getsockopt(s, level, optname, optval, &len);
+    *optlen = len;
+  }
+  else
+    rc = getsockopt(s, level, optname, optval, 0);
+  return rc;
+}
+
+inline static int Curl_hp_accept(int sockfd, struct sockaddr *addr,
+                                 socklen_t *addrlen)
+{
+  int rc;
+  if(addrlen) {
+     int len = *addrlen;
+     rc = accept(sockfd, addr, &len);
+     *addrlen = len;
+  }
+  else
+     rc = accept(sockfd, addr, 0);
+  return rc;
+}
+
+
+inline static ssize_t Curl_hp_recvfrom(int s, void *buf, size_t len, int flags,
+                                       struct sockaddr *from,
+                                       socklen_t *fromlen)
+{
+  ssize_t rc;
+  if(fromlen) {
+    int fromlen32 = *fromlen;
+    rc = recvfrom(s, buf, len, flags, from, &fromlen32);
+    *fromlen = fromlen32;
+  }
+  else {
+    rc = recvfrom(s, buf, len, flags, from, 0);
+  }
+  return rc;
+}
+
+#define getsockname(a,b,c) Curl_hp_getsockname((a),(b),(c))
+#define getsockopt(a,b,c,d,e) Curl_hp_getsockopt((a),(b),(c),(d),(e))
+#define accept(a,b,c) Curl_hp_accept((a),(b),(c))
+#define recvfrom(a,b,c,d,e,f) Curl_hp_recvfrom((a),(b),(c),(d),(e),(f))
+
+#endif /* HPUX work-around */
+
+
 #endif /* __SETUP_ONCE_H */

--- a/ares/vc/adig/adig.dsp
+++ b/ares/vc/adig/adig.dsp
@@ -49,8 +49,8 @@ BSC32=bscmake.exe
 # ADD BASE BSC32 /nologo
 # ADD BSC32 /nologo
 LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib  kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 wsock32.lib areslib.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 /libpath:"..\areslib\Release"
+# ADD BASE LINK32 ws2_32.lib advapi32.lib /nologo /subsystem:console /machine:I386
+# ADD LINK32 ws2_32.lib advapi32.lib areslib.lib /nologo /subsystem:console /machine:I386 /libpath:"..\areslib\Release"

 !ELSEIF  "$(CFG)" == "adig - Win32 Debug"

@@ -73,8 +73,8 @@ BSC32=bscmake.exe
 # ADD BASE BSC32 /nologo
 # ADD BSC32 /nologo
 LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib  kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 wsock32.lib areslib.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /libpath:"..\areslib\Debug"
+# ADD BASE LINK32 ws2_32.lib advapi32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 ws2_32.lib advapi32.lib areslib.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /libpath:"..\areslib\Debug"

 !ENDIF 

@@ -91,12 +91,16 @@ SOURCE=..\..\adig.c
 # End Source File
 # Begin Source File

-SOURCE=..\..\getopt.c
+SOURCE=..\..\ares_getopt.c
 # End Source File
 # End Group
 # Begin Group "Header Files"

 # PROP Default_Filter "h;hpp;hxx;hm;inl"
+# Begin Source File
+
+SOURCE=..\..\ares_getopt.h
+# End Source File
 # End Group
 # Begin Group "Resource Files"

--- a/ares/vc/ahost/ahost.dsp
+++ b/ares/vc/ahost/ahost.dsp
@@ -39,6 +39,7 @@ RSC=rc.exe
 # PROP Use_Debug_Libraries 0
 # PROP Output_Dir "Release"
 # PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
 # ADD CPP /nologo /MD /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
@@ -48,8 +49,8 @@ BSC32=bscmake.exe
 # ADD BASE BSC32 /nologo
 # ADD BSC32 /nologo
 LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib  kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 wsock32.lib areslib.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 /libpath:"..\areslib\Release"
+# ADD BASE LINK32 ws2_32.lib advapi32.lib /nologo /subsystem:console /machine:I386
+# ADD LINK32 ws2_32.lib advapi32.lib areslib.lib /nologo /subsystem:console /machine:I386 /libpath:"..\areslib\Release"

 !ELSEIF  "$(CFG)" == "ahost - Win32 Debug"

@@ -62,6 +63,7 @@ LINK32=link.exe
 # PROP Use_Debug_Libraries 1
 # PROP Output_Dir "Debug"
 # PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
 # ADD CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /YX /FD /GZ /c
@@ -71,8 +73,8 @@ BSC32=bscmake.exe
 # ADD BASE BSC32 /nologo
 # ADD BSC32 /nologo
 LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib  kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 wsock32.lib areslib.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /libpath:"..\areslib\Debug"
+# ADD BASE LINK32 ws2_32.lib advapi32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 ws2_32.lib advapi32.lib areslib.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /libpath:"..\areslib\Debug"

 !ENDIF 

@@ -87,10 +89,18 @@ LINK32=link.exe

 SOURCE=..\..\ahost.c
 # End Source File
+# Begin Source File
+
+SOURCE=..\..\ares_getopt.c
+# End Source File
 # End Group
 # Begin Group "Header Files"

 # PROP Default_Filter "h;hpp;hxx;hm;inl"
+# Begin Source File
+
+SOURCE=..\..\ares_getopt.h
+# End Source File
 # End Group
 # Begin Group "Resource Files"

--- a/ares/vc/areslib/areslib.dsp
+++ b/ares/vc/areslib/areslib.dsp
@@ -137,6 +137,10 @@ SOURCE=..\..\ares_init.c
 # End Source File
 # Begin Source File

+SOURCE=..\..\ares_llist.c
+# End Source File
+# Begin Source File
+
 SOURCE=..\..\ares_mkquery.c
 # End Source File
 # Begin Source File
@@ -213,6 +217,10 @@ SOURCE=..\..\ares_ipv6.h
 # End Source File
 # Begin Source File

+SOURCE=..\..\ares_llist.h
+# End Source File
+# Begin Source File
+
 SOURCE=..\..\ares_private.h
 # End Source File
 # Begin Source File
--- a/configure.ac
+++ b/configure.ac
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -24,11 +24,11 @@ dnl Process this file with autoconf to produce a configure script.

 AC_PREREQ(2.57)

-dnl We don't know the version number "staticly" so we use a dash here
+dnl We don't know the version number "statically" so we use a dash here
 AC_INIT(curl, [-], [a suitable curl mailing list => http://curl.haxx.se/mail/])

 dnl configure script copyright
-AC_COPYRIGHT([Copyright (c) 1998 - 2006 Daniel Stenberg, <daniel@haxx.se>
+AC_COPYRIGHT([Copyright (c) 1998 - 2008 Daniel Stenberg, <daniel@haxx.se>
 This configure script may be copied, distributed and modified under the
 terms of the curl license; see COPYING for more details])

@@ -55,6 +55,7 @@ AC_SUBST(AR)
 if test "x$AR" = "xar-was-not-found-by-configure"; then
  AC_MSG_WARN([ar was not found, this may ruin your chances to build fine])
 fi
+AC_SUBST(libext)

 dnl figure out the libcurl version
 VERSION=`$SED -ne 's/^#define LIBCURL_VERSION "\(.*\)"/\1/p' ${srcdir}/include/curl/curlver.h`
@@ -89,6 +90,8 @@ dnl initialize all the info variables
 curl_manual_msg="no      (--enable-manual)"
 curl_verbose_msg="enabled (--disable-verbose)"
   curl_sspi_msg="no      (--enable-sspi)"
+   curl_ldap_msg="no      (--enable-ldap / --with-ldap-lib / --with-lber-lib)"
+  curl_ldaps_msg="no      (--enable-ldaps)"

 dnl
 dnl Save anything in $LIBS for later
@@ -118,12 +121,16 @@ AC_LIBTOOL_WIN32_DLL
 dnl skip libtool C++ and Fortran compiler checks
 m4_ifdef([AC_PROG_CXX], [m4_undefine([AC_PROG_CXX])])
 m4_defun([AC_PROG_CXX],[])
+m4_ifdef([AC_PROG_CXXCPP], [m4_undefine([AC_PROG_CXXCPP])])
+m4_defun([AC_PROG_CXXCPP],[true])
 m4_ifdef([AC_PROG_F77], [m4_undefine([AC_PROG_F77])])
 m4_defun([AC_PROG_F77],[])

 dnl skip libtool C++ and Fortran linker checks
 m4_ifdef([AC_LIBTOOL_CXX], [m4_undefine([AC_LIBTOOL_CXX])])
 m4_defun([AC_LIBTOOL_CXX],[])
+m4_ifdef([AC_LIBTOOL_CXXCPP], [m4_undefine([AC_LIBTOOL_CXXCPP])])
+m4_defun([AC_LIBTOOL_CXXCPP],[true])
 m4_ifdef([AC_LIBTOOL_F77], [m4_undefine([AC_LIBTOOL_F77])])
 m4_defun([AC_LIBTOOL_F77],[])

@@ -167,6 +174,7 @@ case $host in
 esac
 AC_MSG_RESULT($mimpure)
 AM_CONDITIONAL(MIMPURE, test x$mimpure = xyes)
+AM_CONDITIONAL(STATICLIB, false)

 AC_MSG_CHECKING([if we need BUILDING_LIBCURL])
 case $host in
@@ -178,6 +186,7 @@ case $host in
    then
      AC_DEFINE(CURL_STATICLIB, 1, [when not building a shared library])
      AC_MSG_RESULT(yes)
+      AM_CONDITIONAL(STATICLIB, true)
    else
      AC_MSG_RESULT(no)
    fi
@@ -200,6 +209,9 @@ dnl The install stuff has already been taken care of by the automake stuff
 dnl AC_PROG_INSTALL
 AC_PROG_MAKE_SET

+dnl check if there's a way to force code inline
+AC_C_INLINE
+
 dnl **********************************************************************
 dnl Make sure that our checks for headers windows.h winsock.h winsock2.h
 dnl and ws2tcpip.h take precedence over any other further checks which
@@ -212,6 +224,45 @@ CURL_CHECK_HEADER_WINSOCK
 CURL_CHECK_HEADER_WINSOCK2
 CURL_CHECK_HEADER_WS2TCPIP

+CURL_CHECK_HEADER_WINLDAP
+CURL_CHECK_HEADER_WINBER
+
+dnl **********************************************************************
+dnl platform/compiler/architecture specific checks/flags
+dnl **********************************************************************
+
+case $host in
+  #
+  x86_64*linux*)
+    #
+    dnl find out if icc is being used
+    if test "z$ICC" = "z"; then
+      CURL_DETECT_ICC
+    fi
+    #
+    if test "$ICC" = "yes"; then
+      dnl figure out icc version
+      AC_MSG_CHECKING([icc version])
+      iccver=`$CC -dumpversion`
+      iccnhi=`echo $iccver | cut -d . -f1`
+      iccnlo=`echo $iccver | cut -d . -f2`
+      iccnum=`(expr $iccnhi "*" 100 + $iccnlo) 2>/dev/null`
+      AC_MSG_RESULT($iccver)
+      #
+      if test "$iccnum" -ge "900" && test "$iccnum" -lt "1000"; then
+        dnl icc 9.X specific
+        CFLAGS="$CFLAGS -i-dynamic"
+      fi
+      #
+      if test "$iccnum" -ge "1000"; then
+        dnl icc 10.X or later
+        CFLAGS="$CFLAGS -shared-intel"
+      fi
+      #
+    fi
+    ;;
+  #
+esac

 dnl ************************************************************
 dnl switch off particular protocols
@@ -272,11 +323,56 @@ AC_HELP_STRING([--disable-ldap],[Disable LDAP support]),
       AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP])
       AC_SUBST(CURL_DISABLE_LDAP, [1])
       ;;
-  *)   AC_MSG_RESULT(yes)
+  *)
+       case $host in
+         *-*-cygwin*)
+           # Force no ldap. config/build process is broken for cygwin
+           AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP])
+           AC_SUBST(CURL_DISABLE_LDAP, [1])
+           AC_MSG_RESULT(no)
+           ;;
+         *)
+           AC_MSG_RESULT(yes)
+       esac
+       ;;
+  esac ],[
+       case $host in
+         *-*-cygwin*)
+           # Force no ldap. config/build process is broken for cygwin
+           AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP])
+           AC_SUBST(CURL_DISABLE_LDAP, [1])
+           AC_MSG_RESULT(no)
+           ;;
+         *)
+           AC_MSG_RESULT(yes)
+       esac ]
+)
+AC_MSG_CHECKING([whether to support ldaps])
+AC_ARG_ENABLE(ldaps,
+AC_HELP_STRING([--enable-ldaps],[Enable LDAPS support])
+AC_HELP_STRING([--disable-ldaps],[Disable LDAPS support]),
+[ case "$enableval" in
+  no)
+       AC_MSG_RESULT(no)
+       AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS])
+       AC_SUBST(CURL_DISABLE_LDAPS, [1])
+       ;;
+  *)   if test x$CURL_DISABLE_LDAP = x1 ; then
+               AC_MSG_RESULT(LDAP support needs to be enabled in order to enable LDAPS support!)
+               AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS])
+               AC_SUBST(CURL_DISABLE_LDAPS, [1])
+       else
+               AC_MSG_RESULT(yes)
+               AC_DEFINE(HAVE_LDAP_SSL, 1, [Use LDAPS implementation])
+               curl_ldaps_msg="enabled"
+       fi
       ;;
  esac ],
-       AC_MSG_RESULT(yes)
+       AC_MSG_RESULT(no)
+       AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS])
+       AC_SUBST(CURL_DISABLE_LDAPS, [1])
 )
+
 AC_MSG_CHECKING([whether to support dict])
 AC_ARG_ENABLE(dict,
 AC_HELP_STRING([--enable-dict],[Enable DICT support])
@@ -412,6 +508,21 @@ then
             )
 fi

+if test "$HAVE_GETHOSTBYNAME" != "1"
+then
+  dnl This is for Minix 3.1
+  AC_MSG_CHECKING([for gethostbyname for Minix 3])
+  AC_TRY_LINK([
+/* Older Minix versions may need <net/gen/netdb.h> here instead */
+#include <netdb.h>],
+               [gethostbyname("www.dummysite.com");],
+               [ dnl worked!
+               AC_MSG_RESULT([yes])
+               HAVE_GETHOSTBYNAME="1"],
+               AC_MSG_RESULT(no)
+             )
+fi
+
 if test "$HAVE_GETHOSTBYNAME" != "1"
 then
  dnl This is for eCos with a stubbed DNS implementation
@@ -478,55 +589,88 @@ AC_HELP_STRING([--enable-libgcc],[use libgcc when linking]),
       AC_MSG_RESULT(no)
 )

-dnl dl lib?
-AC_CHECK_FUNC(dlclose, , [ AC_CHECK_LIB(dl, dlopen) ])
-
 dnl **********************************************************************
-dnl Check for the name of dynamic OpenLDAP libraries
+dnl Check for LDAP
 dnl **********************************************************************

 LDAPLIBNAME=""
 AC_ARG_WITH(ldap-lib,
-AC_HELP_STRING([--with-ldap-lib=libname],[Specify name of dynamic ldap lib file]),
+AC_HELP_STRING([--with-ldap-lib=libname],[Specify name of ldap lib file]),
 [LDAPLIBNAME="$withval"])

 LBERLIBNAME=""
 AC_ARG_WITH(lber-lib,
-AC_HELP_STRING([--with-lber-lib=libname],[Specify name of dynamic lber lib file]),
+AC_HELP_STRING([--with-lber-lib=libname],[Specify name of lber lib file]),
 [LBERLIBNAME="$withval"])

 if test x$CURL_DISABLE_LDAP != x1 ; then

+  CURL_CHECK_HEADER_LBER
+  CURL_CHECK_HEADER_LDAP
+  CURL_CHECK_HEADER_LDAPSSL
+  CURL_CHECK_HEADER_LDAP_SSL
+
  if test -z "$LDAPLIBNAME" ; then
    case $host in
-      *-*-cygwin | *-*-mingw* | *-*-pw32*)
+      *-*-cygwin* | *-*-mingw* | *-*-pw32*)
        dnl Windows uses a single and unique OpenLDAP DLL name
-        LDAPLIBNAME="wldap32.dll"
+        LDAPLIBNAME="wldap32"
        LBERLIBNAME="no"
        ;;
    esac
  fi

  if test "$LDAPLIBNAME" ; then
-    AC_DEFINE_UNQUOTED(DL_LDAP_FILE, "$LDAPLIBNAME")
-    AC_MSG_CHECKING([name of dynamic library ldap])
-    AC_MSG_RESULT($LDAPLIBNAME)
+    AC_CHECK_LIB("$LDAPLIBNAME", ldap_init,, [
+      AC_MSG_WARN(["$LDAPLIBNAME" is not an LDAP library: LDAP disabled])
+      AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP])
+      AC_SUBST(CURL_DISABLE_LDAP, [1])])
+      AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS])
+      AC_SUBST(CURL_DISABLE_LDAPS, [1])
  else
-    dnl Try to find the right ldap library name for this system
-    CURL_DLLIB_NAME(DL_LDAP_FILE, ldap)
+    dnl Try to find the right ldap libraries for this system
+    CURL_CHECK_LIBS_LDAP
+    case X-"$curl_cv_ldap_LIBS" in
+      X-unknown)
+        AC_MSG_WARN([Cannot find libraries for LDAP support: LDAP disabled])
+        AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP])
+        AC_SUBST(CURL_DISABLE_LDAP, [1])
+        AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS])
+        AC_SUBST(CURL_DISABLE_LDAPS, [1])
+        ;;
+    esac
+  fi
 fi

+if test x$CURL_DISABLE_LDAP != x1 ; then
+
  if test "$LBERLIBNAME" ; then
-    dnl If name is "no" then don't define this variable at all
+    dnl If name is "no" then don't define this library at all
    dnl (it's only needed if libldap.so's dependencies are broken).
    if test "$LBERLIBNAME" != "no" ; then
-      AC_DEFINE_UNQUOTED(DL_LBER_FILE, "$LBERLIBNAME")
+      AC_CHECK_LIB("$LBERLIBNAME", ber_free,, [
+        AC_MSG_WARN(["$LBERLIBNAME" is not an LBER library: LDAP disabled])
+        AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP])
+        AC_SUBST(CURL_DISABLE_LDAP, [1])])
+        AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS])
+        AC_SUBST(CURL_DISABLE_LDAPS, [1])
    fi
-    AC_MSG_CHECKING([name of dynamic library lber])
-    AC_MSG_RESULT($LBERLIBNAME)
+  fi
+fi
+
+if test x$CURL_DISABLE_LDAP != x1 ; then
+  AC_CHECK_FUNCS([ldap_url_parse])
+
+  if test "$LDAPLIBNAME" = "wldap32"; then
+    curl_ldap_msg="enabled (winldap)"
+    AC_DEFINE(CURL_LDAP_WIN, 1, [Use W$ LDAP implementation])
+    case $host in
+      *-*-cygwin* | *-*-pw32*)
+        AC_DEFINE(CURL_LDAP_HYBRID, 1, [W$ LDAP with non-W$ compiler])
+        ;;
+    esac
  else
-    dnl Try to find the right lber library name for this system
-    CURL_DLLIB_NAME(DL_LBER_FILE, lber)
+    curl_ldap_msg="enabled (OpenLDAP)"
  fi
 fi

@@ -784,6 +928,9 @@ dnl **********************************************************************
 dnl Check for GSS-API libraries
 dnl **********************************************************************

+dnl check for gss stuff in the /usr as default
+
+GSSAPI_ROOT="/usr"
 AC_ARG_WITH(gssapi-includes,
  AC_HELP_STRING([--with-gssapi-includes=DIR],
                 [Specify location of GSSAPI header]),
@@ -804,6 +951,10 @@ AC_ARG_WITH(gssapi,
  GSSAPI_ROOT="$withval"
  if test x"$GSSAPI_ROOT" != xno; then
    want_gss="yes"
+    if test x"$GSSAPI_ROOT" = xyes; then
+      dnl if yes, then use default root
+      GSSAPI_ROOT="/usr"
+    fi
  fi
 ])

@@ -815,11 +966,15 @@ if test x"$want_gss" = xyes; then
  if test -z "$GSSAPI_INCS"; then
     if test -f "$GSSAPI_ROOT/bin/krb5-config"; then
        GSSAPI_INCS=`$GSSAPI_ROOT/bin/krb5-config --cflags gssapi`
+        GSSAPI_LIBS=`$GSSAPI_ROOT/bin/krb5-config --libs gssapi`
     elif test "$GSSAPI_ROOT" != "yes"; then
        GSSAPI_INCS="-I$GSSAPI_ROOT/include"
+        GSSAPI_LIBS="-lgssapi"
     fi
  fi
+
  CPPFLAGS="$CPPFLAGS $GSSAPI_INCS"
+  LIBS="$LIBS $GSSAPI_LIBS"

  AC_CHECK_HEADER(gss.h,
    [
@@ -828,19 +983,19 @@ if test x"$want_gss" = xyes; then
      gnu_gss=yes
    ],
    [
-      dnl not found, check Heimdal
-      AC_CHECK_HEADER(gssapi.h,
-        [
-          dnl found in the given dirs
-          AC_DEFINE(HAVE_GSSHEIMDAL, 1, [if you have the Heimdal gssapi libraries])
-        ],
-        [
-          dnl not found, check in gssapi/ subdir 
+      dnl not found, check MIT
      AC_CHECK_HEADER(gssapi/gssapi.h,
        [
-              dnl found 
+          dnl found in the given dirs
          AC_DEFINE(HAVE_GSSMIT, 1, [if you have the MIT gssapi libraries])
        ],
+        [
+          dnl not found, check for Heimdal
+          AC_CHECK_HEADER(gssapi.h,
+            [
+              dnl found
+              AC_DEFINE(HAVE_GSSHEIMDAL, 1, [if you have the Heimdal gssapi libraries])
+            ],
            [
              dnl no header found, disabling GSS
              want_gss=no
@@ -861,18 +1016,23 @@ if test x"$want_gss" = xyes; then

  if test -n "$gnu_gss"; then
    curl_gss_msg="enabled (GNU GSS)"
-    LDFLAGS="$LDFLAGS $GSSAPI_LIB_DIR -lgss"
+    LDFLAGS="$LDFLAGS $GSSAPI_LIB_DIR"
+    LIBS="$LIBS -lgss"
  elif test -z "$GSSAPI_LIB_DIR"; then
     if test -f "$GSSAPI_ROOT/bin/krb5-config"; then
-        gss_ldflags=`$GSSAPI_ROOT/bin/krb5-config --libs gssapi`
-	LDFLAGS="$LDFLAGS $gss_ldflags"
+        dnl krb5-config doesn't have --libs-only-L or similar, put everything
+        dnl into LIBS
+        gss_libs=`$GSSAPI_ROOT/bin/krb5-config --libs gssapi`
+        LIBS="$LIBS $gss_libs"
     elif test "$GSSAPI_ROOT" != "yes"; then
-        LDFLAGS="$LDFLAGS -L$GSSAPI_ROOT/lib$libsuff -lgssapi"
+        LDFLAGS="$LDFLAGS -L$GSSAPI_ROOT/lib$libsuff"
+        LIBS="$LIBS -lgssapi"
     else
-        LDFLAGS="$LDFLAGS -lgssapi"
+        LIBS="$LIBS -lgssapi"
     fi
  else
-     LDFLAGS="$LDFLAGS $GSSAPI_LIB_DIR -lgssapi"
+     LDFLAGS="$LDFLAGS $GSSAPI_LIB_DIR"
+     LIBS="$LIBS -lgssapi"
  fi
 else
  CPPFLAGS="$save_CPPFLAGS"
@@ -888,7 +1048,7 @@ dnl Default to no CA bundle
 ca="no"
 AC_ARG_WITH(ssl,dnl
 AC_HELP_STRING([--with-ssl=PATH],[Where to look for OpenSSL, PATH points to the SSL installation (default: /usr/local/ssl); when possible, set the PKG_CONFIG_PATH environment variable instead of using this option])
-AC_HELP_STRING([--without-ssl], [disable SSL]),
+AC_HELP_STRING([--without-ssl], [disable OpenSSL]),
  OPT_SSL=$withval)

 if test X"$OPT_SSL" != Xno; then
@@ -1175,6 +1335,7 @@ else
  if test "$HAVE_LIBZ" = "1" && test "$HAVE_ZLIB_H" != "1"
  then
    AC_MSG_WARN([configure found only the libz lib, not the header file!])
+    HAVE_LIBZ=""
  elif test "$HAVE_LIBZ" != "1" && test "$HAVE_ZLIB_H" = "1"
  then
    AC_MSG_WARN([configure found only the libz header file, not the lib!])
@@ -1219,7 +1380,7 @@ if test X"$OPT_LIBSSH2" != Xno; then
  yes)
    dnl --with-libssh2 (without path) used
    PREFIX_LIBSSH2=/usr/local/lib
-    LIB_LIBSSH2="$PREFIX_LIBSSH2/lib$libsuff"
+    LIB_LIBSSH2="$PREFIX_LIBSSH2$libsuff"
    ;;
  off)
    dnl no --with-libssh2 option given, just check default places
@@ -1239,7 +1400,9 @@ if test X"$OPT_LIBSSH2" != Xno; then
  AC_CHECK_HEADERS(libssh2.h,
    curl_ssh_msg="enabled (libSSH2)"
    LIBSSH2_ENABLED=1
-    AC_DEFINE(USE_LIBSSH2, 1, [if libSSH2 is in use]))
+    AC_DEFINE(USE_LIBSSH2, 1, [if libSSH2 is in use])
+    AC_SUBST(USE_LIBSSH2, [1])
+  )

  if test X"$OPT_LIBSSH2" != Xoff &&
     test "$LIBSSH2_ENABLED" != "1"; then
@@ -1395,6 +1558,14 @@ if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then
      version="unknown"
      gtlsprefix=$OPT_GNUTLS
    fi
+
+    dnl Check for functionPK11_CreateGenericObject
+    dnl this is needed for using the PEM PKCS#11 module
+    AC_CHECK_LIB(nss3, PK11_CreateGenericObject,
+     [
+     AC_DEFINE(HAVE_PK11_CREATEGENERICOBJECT, 1, [if you have the function PK11_CreateGenericObject])
+     AC_SUBST(HAVE_PK11_CREATEGENERICOBJECT, [1])
+     ])
    if test -n "$addlib"; then

      CLEANLIBS="$LIBS"
@@ -1440,36 +1611,20 @@ fi dnl OPENSSL != 1 -a GNUTLS_ENABLED != 1
 if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED" = "x"; then
  AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.])
  AC_MSG_WARN([Use --with-ssl, --with-gnutls or --with-nss to address this.])
+else
+  # SSL is enabled, genericly
+  AC_SUBST(SSL_ENABLED)
+  SSL_ENABLED="1"
 fi

 dnl **********************************************************************
 dnl Check for the CA bundle
 dnl **********************************************************************

-if test X"$USE_GNUTLS$OPENSSL_ENABLED" != "X"; then
-
-  AC_MSG_CHECKING([CA cert bundle install path])
-
-  AC_ARG_WITH(ca-bundle,
-AC_HELP_STRING([--with-ca-bundle=FILE], [File name to install the CA bundle as])
-AC_HELP_STRING([--without-ca-bundle], [Don't install the CA bundle]),
-    [ ca="$withval" ],
-    [
-      if test "x$prefix" != xNONE; then
-        ca="\${prefix}/share/curl/curl-ca-bundle.crt"
-      else
-        ca="$ac_default_prefix/share/curl/curl-ca-bundle.crt"
-      fi
-    ] )
-
-    if test "x$ca" != "xno"; then
-      CURL_CA_BUNDLE='"'$ca'"'
-      AC_SUBST(CURL_CA_BUNDLE)  
-    fi
-    AC_MSG_RESULT([$ca])
-fi dnl only done if some kind of SSL was enabled
+CURL_CHECK_CA_BUNDLE

 AM_CONDITIONAL(CABUNDLE, test x$ca != xno)
+AM_CONDITIONAL(CAPATH, test x$capath != xno)

 dnl **********************************************************************
 dnl Check for the presence of IDN libraries and headers
@@ -1607,6 +1762,9 @@ if test "x$RECENTAIX" = "xyes"; then
         dnl the optimizer assumes that pointers can only point to
         dnl an object of the same type.
         CFLAGS="$CFLAGS -qnoansialias"
+         dnl Force AIX xlc to stop after the compilation phase, and not
+         dnl generate object code, when the source compiles with errors.
+         CFLAGS="$CFLAGS -qhalt=e"
       )


@@ -1656,7 +1814,7 @@ if test x$cross_compiling != xyes; then
    )
  fi
 else
-  dnl and for crosscompilings
+  dnl and for crosscompiling
  AC_CHECK_FUNCS(gmtime_r)
 fi

@@ -1694,7 +1852,6 @@ AC_CHECK_HEADERS(
        termio.h \
        sgtty.h \
        fcntl.h \
-        dlfcn.h \
        alloca.h \
        time.h \
        io.h \
@@ -1702,6 +1859,7 @@ AC_CHECK_HEADERS(
        utime.h \
        sys/utime.h \
        sys/poll.h \
+        poll.h \
        sys/resource.h \
        libgen.h \
        locale.h \
@@ -1749,6 +1907,7 @@ AC_CHECK_SIZEOF(curl_off_t, ,[
 AC_CHECK_SIZEOF(size_t)
 AC_CHECK_SIZEOF(long)
 AC_CHECK_SIZEOF(time_t)
+AC_CHECK_SIZEOF(off_t)

 AC_CHECK_TYPE(long long,
   [AC_DEFINE(HAVE_LONGLONG, 1, [if your compiler supports long long])]
@@ -1817,6 +1976,7 @@ AC_CHECK_FUNCS( strtoll \
                select \
                strdup \
                strstr \
+                strcasestr \
                strtok_r \
                uname \
                strcasecmp \
@@ -1836,7 +1996,7 @@ AC_CHECK_FUNCS( strtoll \
                strlcat \
                getpwuid \
                geteuid \
-                dlopen \
+                getppid \
                utime \
                sigsetjmp \
                basename \
@@ -1963,6 +2123,8 @@ if test "$disable_poll" = "no"; then
    AC_RUN_IFELSE([
 #ifdef HAVE_SYS_POLL_H
 #include <sys/poll.h>
+#elif defined(HAVE_POLL_H)
+#include <poll.h>
 #endif

  int main(void)
@@ -2031,10 +2193,10 @@ fi
 dnl set variable for use in automakefile(s)
 AM_CONDITIONAL(USE_MANUAL, test x"$USE_MANUAL" = x1)

-AC_MSG_CHECKING([whether to enable ares])
+AC_MSG_CHECKING([whether to enable c-ares])
 AC_ARG_ENABLE(ares,
-AC_HELP_STRING([--enable-ares=PATH],[Enable ares for name lookups])
-AC_HELP_STRING([--disable-ares],[Disable ares for name lookups]),
+AC_HELP_STRING([--enable-ares=PATH],[Enable c-ares for name lookups])
+AC_HELP_STRING([--disable-ares],[Disable c-ares for name lookups]),
 [ case "$enableval" in
  no)
       AC_MSG_RESULT(no)
@@ -2042,10 +2204,10 @@ AC_HELP_STRING([--disable-ares],[Disable ares for name lookups]),
  *)   AC_MSG_RESULT(yes)

       if test "x$IPV6_ENABLED" = "x1"; then
-         AC_MSG_NOTICE([ares may not work properly with ipv6])
+         AC_MSG_NOTICE([c-ares may not work properly with ipv6])
       fi

-       AC_DEFINE(USE_ARES, 1, [Define if you want to enable ares support])
+       AC_DEFINE(USE_ARES, 1, [Define if you want to enable c-ares support])
       dnl substitute HAVE_ARES for curl-config and similar
       HAVE_ARES="1"
       AC_SUBST(HAVE_ARES)
@@ -2090,7 +2252,8 @@ void curl_domalloc() { }
 int main(void)
 {
  ares_channel channel;
-  ares_cancel(channel);
+  ares_cancel(channel); /* added in 1.2.0 */
+  ares_process_fd(channel, 0, 0); /* added in 1.4.0 */
  return 0;
 }
 ],
@@ -2115,7 +2278,6 @@ AC_HELP_STRING([--disable-verbose],[Disable verbose strings]),
  no)
       AC_MSG_RESULT(no)
       AC_DEFINE(CURL_DISABLE_VERBOSE_STRINGS, 1, [to disable verbose strings])
-       AC_SUBST(CURL_DISABLE_VERBOSE_STRINGS)
       curl_verbose_msg="no"
       ;;
  *)   AC_MSG_RESULT(yes)
@@ -2138,7 +2300,7 @@ AC_HELP_STRING([--disable-sspi],[Disable SSPI]),
       if test "$ac_cv_native_windows" = "yes"; then
         AC_MSG_RESULT(yes)
         AC_DEFINE(USE_WINDOWS_SSPI, 1, [to enable SSPI support])
-         AC_SUBST(USE_WINDOWS_SSPI)
+         AC_SUBST(USE_WINDOWS_SSPI, [1])
         curl_sspi_msg="yes"
       else
         AC_MSG_RESULT(no)
@@ -2188,7 +2350,6 @@ AC_HELP_STRING([--disable-crypto-auth],[Disable cryptographic authentication]),
  no)
       AC_MSG_RESULT(no)
       AC_DEFINE(CURL_DISABLE_CRYPTO_AUTH, 1, [to disable cryptographic authentication])
-       AC_SUBST(CURL_DISABLE_CRYPTO_AUTH)
       ;;
  *)   AC_MSG_RESULT(yes)
       ;;
@@ -2207,7 +2368,6 @@ AC_HELP_STRING([--disable-cookies],[Disable cookies support]),
  no)
       AC_MSG_RESULT(no)
       AC_DEFINE(CURL_DISABLE_COOKIES, 1, [to disable cookies support])
-       AC_SUBST(CURL_DISABLE_COOKIES)
       ;;
  *)   AC_MSG_RESULT(yes)
       ;;
@@ -2234,9 +2394,7 @@ AC_HELP_STRING([--disable-hidden-symbols],[Leave all symbols with default visibi
         if $CC --help --verbose 2>&1 | grep fvisibility= > /dev/null ; then
           AC_MSG_RESULT(yes)
           AC_DEFINE(CURL_HIDDEN_SYMBOLS, 1, [to enable hidden symbols])
-	   AC_SUBST(CURL_HIDDEN_SYMBOLS)
           AC_DEFINE(CURL_EXTERN_SYMBOL, [__attribute__ ((visibility ("default")))], [to make a symbol visible])
-	   AC_SUBST(CURL_EXTERN_SYMBOL)
           CFLAGS="$CFLAGS -fvisibility=hidden"
         else
            AC_MSG_RESULT(no)
@@ -2247,9 +2405,7 @@ AC_HELP_STRING([--disable-hidden-symbols],[Leave all symbols with default visibi
         if $CC 2>&1 | grep flags >/dev/null && $CC -flags | grep xldscope= >/dev/null ; then
           AC_MSG_RESULT(yes)
           AC_DEFINE(CURL_HIDDEN_SYMBOLS, 1, [to enable hidden symbols])
-	   AC_SUBST(CURL_HIDDEN_SYMBOLS)
           AC_DEFINE(CURL_EXTERN_SYMBOL, [__global], [to make a symbol visible])
-	   AC_SUBST(CURL_EXTERN_SYMBOL)
           CFLAGS="$CFLAGS -xldscope=hidden"
         else
           AC_MSG_RESULT(no)
@@ -2339,5 +2495,8 @@ AC_MSG_NOTICE([Configured to build curl/libcurl:
  Built-in manual: ${curl_manual_msg}
  Verbose errors:  ${curl_verbose_msg}
  SSPI support:    ${curl_sspi_msg}
-  ca cert path:    ${ca}
+  ca cert bundle:  ${ca}
+  ca cert path:    ${capath}
+  LDAP support:    ${curl_ldap_msg}
+  LDAPS support:   ${curl_ldaps_msg}
 ])
--- a/curl-config.in
+++ b/curl-config.in
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2001 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 2001 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -41,10 +41,11 @@ Available values for OPTION include:
  --cflags    pre-processor and compiler flags
  --checkfor [version] check for (lib)curl of the specified version
  --features  newline separated list of enabled features
-  --protocols newline separated list of enabled protocols
  --help      display this help and exit
  --libs      library linking information
  --prefix    curl install prefix
+  --protocols newline separated list of enabled protocols
+  --static-libs static libcurl library linking information
  --version   output version information
  --vernum    output the version information as a number (hexadecimal)
 EOF
@@ -82,7 +83,7 @@ while test $# -gt 0; do
 	if test "@USE_SSLEAY@" = "1"; then
          echo "SSL"
          NTLM=1 # OpenSSL implies NTLM
-        elif test -n "@USE_GNUTLS@"; then
+        elif test -n "@SSL_ENABLED@"; then
          echo "SSL"
        fi
 	if test "@KRB4_ENABLED@" = "1"; then
@@ -112,13 +113,13 @@ while test $# -gt 0; do
    --protocols)
 	if test "@CURL_DISABLE_HTTP@" != "1"; then
          echo "HTTP"
-	  if test "@USE_SSLEAY@" = "1"; then
+	  if test "@SSL_ENABLED@" = "1"; then
            echo "HTTPS"
          fi
        fi
 	if test "@CURL_DISABLE_FTP@" != "1"; then
          echo "FTP"
-	  if test "@USE_SSLEAY@" = "1"; then
+	  if test "@SSL_ENABLED@" = "1"; then
            echo "FTPS"
          fi
        fi
@@ -131,12 +132,19 @@ while test $# -gt 0; do
 	if test "@CURL_DISABLE_LDAP@" != "1"; then
          echo "LDAP"
        fi
+	if test "@CURL_DISABLE_LDAPS@" != "1"; then
+          echo "LDAPS"
+        fi
 	if test "@CURL_DISABLE_DICT@" != "1"; then
          echo "DICT"
        fi
 	if test "@CURL_DISABLE_TFTP@" != "1"; then
          echo "TFTP"
        fi
+	if test "@USE_LIBSSH2@" = "1"; then
+          echo "SCP"
+          echo "SFTP"
+        fi
 	;;
    --version)
 	echo libcurl @VERSION@
@@ -181,7 +189,7 @@ while test $# -gt 0; do
       	;;

    --libs)
-	if test "X@libdir@" != "X/usr/lib"; then
+	if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then
 	   CURLLIBDIR="-L@libdir@ "
 	else
 	   CURLLIBDIR=""
@@ -193,6 +201,10 @@ while test $# -gt 0; do
 	fi
 	;;

+    --static-libs)
+	echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@ @LIBS@
+	;;
+
    *)
        echo "unknown option: $1"
 	usage 1
--- a/docs/BINDINGS
+++ b/docs/BINDINGS
@@ -32,7 +32,7 @@ C
 C++

  Written by Jean-Philippe Barrette-LaPierre
-  http://rrette.com/curlpp.html
+  http://rrette.com/textpattern/index.php?s=cURLpp

 Ch

@@ -72,7 +72,7 @@ glib/GTK+

 Java

-  Maintained by Vic Hanson
+  Maintained by [blank]
  http://curl.haxx.se/libcurl/java/

 Lisp
@@ -82,9 +82,12 @@ Lisp

 Lua

-  LuaCURL Written by Alexander Marinov
+  luacurl by Alexander Marinov
  http://luacurl.luaforge.net/

+  Lua-cURL by J<>rgen H<>tzel
+  http://luaforge.net/projects/lua-curl/
+
 Mono

  Written by Jeffrey Phillips
@@ -92,7 +95,7 @@ Mono

 .NET

-  libcurl-net Written by Jeffrey Phillips
+  libcurl-net by Jeffrey Phillips
  http://sourceforge.net/projects/libcurl-net/

 Object-Pascal
@@ -127,12 +130,12 @@ PostgreSQL

 Python

-  PycURL is written by Kjetil Jacobsen
+  PycURL by Kjetil Jacobsen
  http://pycurl.sourceforge.net/

 R

-  RCurl is written by Duncan Temple Lang
+  RCurl by Duncan Temple Lang
  http://www.omegahat.org/RCurl/

 Rexx
@@ -140,39 +143,52 @@ Rexx
  Written Mark Hessling
  http://rexxcurl.sourceforge.net/

+RPG
+
+  Support for ILE/RPG on OS/400 is included in source distribution
+  http://curl.haxx.se/libcurl/
+  See packages/OS400/README.OS400 and packages/OS400/curl.inc.in
+
 Ruby

-  Written by Ross Bamford
+  curb - written by Ross Bamford
  http://curb.rubyforge.org/

+  ruby-curl-multi - written by Kristjan Petursson and Keith Rarick
+  http://curl-multi.rubyforge.org/
+
 Scheme

-  Bigloo binding written by Kirill Lisovsky
+  Bigloo binding by Kirill Lisovsky
  http://curl.haxx.se/libcurl/scheme/

 S-Lang

-  S-Lang binding written by John E Davis
+  S-Lang binding by John E Davis
  http://www.jedsoft.org/slang/modules/curl.html

 Smalltalk

-  Smalltalk binding written by Danil Osipchuk
+  Smalltalk binding by Danil Osipchuk
  http://www.squeaksource.com/CurlPlugin/

+SP-Forth
+  SP-Forth binding by ygrek
+  http://www.forth.org.ru/~ac/lib/lin/curl/
+
 SPL

-  SPL binding written by Clifford Wolf
+  SPL binding by Clifford Wolf
  http://www.clifford.at/spl/

 Tcl

-  Tclcurl is written by Andr<64>s Garc<72>a
+  Tclcurl by Andr<64>s Garc<72>a
  http://personal1.iddeo.es/andresgarci/tclcurl/english/docs.html

 Visual Basic

-  libcurl-vb is written by Jeffrey Phillips
+  libcurl-vb by Jeffrey Phillips
  http://sourceforge.net/projects/libcurl-vb/

 Q
--- a/docs/BUGS
+++ b/docs/BUGS
@@ -8,7 +8,7 @@ $Id$
 BUGS

  Curl and libcurl have grown substantially since the beginning. At the time
-  of writing (August 2003), there are about 40000 lines of source code, and by
+  of writing (July 2007), there are about 47000 lines of source code, and by
  the time you read this it has probably grown even more.

  Of course there are lots of bugs left. And lots of misfeatures.
@@ -39,6 +39,7 @@ WHAT TO REPORT
   - your operating system's name and version number (uname -a under a unix
     is fine)
   - what version of curl you're using (curl -V is fine)
+   - versions of the used libraries that libcurl is built to use
   - what URL you were working with (if possible), at least which protocol

  and anything and everything else you think matters. Tell us what you
--- a/docs/CONTRIBUTE
+++ b/docs/CONTRIBUTE
@@ -10,16 +10,46 @@
 mind when you decide to contribute to the project. This concerns new features
 as well as corrections to existing flaws or bugs.

-Join the Community
+ 1. Learning cURL
+ 1.1 Join the Community
+ 1.2 License
+ 1.3 What To Read
+
+ 2. cURL Coding Standards
+ 2.1 Naming
+ 2.2 Indenting
+ 2.3 Commenting
+ 2.4 Line Lengths
+ 2.5 General Style
+ 2.6 Non-clobbering All Over
+ 2.7 Platform Dependent Code
+ 2.8 Write Separate Patches
+ 2.9 Patch Against Recent Sources
+ 2.10 Document
+ 2.11 Test Cases
+
+ 3. Pushing Out Your Changes 
+ 3.1 Write Access to CVS Repository
+ 3.2 How To Make a Patch
+ 3.3 How to get your changes into the main sources
+
+==============================================================================
+
+1. Learning cURL
+
+1.1 Join the Community

 Skip over to http://curl.haxx.se/mail/ and join the appropriate mailing
 list(s).  Read up on details before you post questions. Read this file before
 you start sending patches! We prefer patches and discussions being held on
 the mailing list(s), not sent to individuals.

+ Before posting to one of the curl mailing lists, please read up on the mailing
+ list etiquette: http://curl.haxx.se/mail/etiquette.html
+
 We also hang out on IRC in #curl on irc.freenode.net

-License
+1.2. License

 When contributing with code, you agree to put your changes and new code under
 the same license curl and libcurl is already using unless stated and agreed
@@ -43,14 +73,16 @@ License
 give credit but also to keep a trace back to who made what changes. Please
 always provide us with your full real name when contributing!

-What To Read
+1.3 What To Read

 Source code, the man pages, the INTERNALS document, TODO, KNOWN_BUGS, the
 most recent CHANGES. Just lurking on the libcurl mailing list is gonna give
 you a lot of insights on what's going on right now. Asking there is a good
 idea too.

-Naming
+2. cURL Coding Standards
+
+2.1 Naming

 Try using a non-confusing naming scheme for your new functions and variable
 names. It doesn't necessarily have to mean that you should use the same as in
@@ -61,7 +93,7 @@ Naming
 See the INTERNALS document on how we name non-exported library-global
 symbols.

-Indenting
+2.2 Indenting

 Please try using the same indenting levels and bracing method as all the
 other code already does. It makes the source code a lot easier to follow if
@@ -70,7 +102,9 @@ Indenting
 using spaces only (no tabs) and having the opening brace ({) on the same line
 as the if() or while().

-Commenting
+ Also note that we use if() and while() with no space before the parenthesis.
+
+2.3 Commenting

 Comment your source code extensively using C comments (/* comment */), DO NOT
 use C++ comments (// this style). Commented code is quality code and enables
@@ -78,12 +112,16 @@ Commenting
 replaced when someone wants to extend things, since other persons' source
 code can get quite hard to read.

-General Style
+2.4 Line Lengths
+
+ We try to keep source lines shorter than 80 columns.
+
+2.5 General Style

 Keep your functions small. If they're small you avoid a lot of mistakes and
 you don't accidentally mix up variables etc.

-Non-clobbering All Over
+2.6 Non-clobbering All Over

 When you write new functionality or fix bugs, it is important that you don't
 fiddle all over the source files and functions. Remember that it is likely
@@ -92,14 +130,14 @@ Non-clobbering All Over
 functionality, try writing it in a new source file. If you fix bugs, try to
 fix one bug at a time and send them as separate patches.

-Platform Dependent Code
+2.7 Platform Dependent Code

 Use #ifdef HAVE_FEATURE to do conditional code. We avoid checking for
 particular operating systems or hardware in the #ifdef lines. The
 HAVE_FEATURE shall be generated by the configure script for unix-like systems
 and they are hard-coded in the config-[system].h files for the others.

-Separate Patches
+2.8 Write Separate Patches

 It is annoying when you get a huge patch from someone that is said to fix 511
 odd problems, but discussions and opinions don't agree with 510 of them - or
@@ -110,14 +148,14 @@ Separate Patches
 description exactly what they correct so that all patches can be selectively
 applied by the maintainer or other interested parties.

-Patch Against Recent Sources
+2.9 Patch Against Recent Sources

 Please try to get the latest available sources to make your patches
 against. It makes the life of the developers so much easier. The very best is
 if you get the most up-to-date sources from the CVS repository, but the
 latest release archive is quite OK as well!

-Document
+2.10 Document

 Writing docs is dead boring and one of the big problems with many open source
 projects. Someone's gotta do it. It makes it a lot easier if you submit a
@@ -128,16 +166,7 @@ Document
 ASCII files. All HTML files on the web site and in the release archives are
 generated from the nroff/ASCII versions.

-Write Access to CVS Repository
-
- If you are a frequent contributor, or have another good reason, you can of
- course get write access to the CVS repository and then you'll be able to
- check-in all your changes straight into the CVS tree instead of sending all
- changes by mail as patches. Just ask if this is what you'd want. You will be
- required to have posted a few quality patches first, before you can be
- granted write access.
-
-Test Cases
+2.11 Test Cases

 Since the introduction of the test suite, we can quickly verify that the main
 features are working as they're supposed to. To maintain this situation and
@@ -146,7 +175,18 @@ Test Cases
 test case that verifies that it works as documented. If every submitter also
 posts a few test cases, it won't end up as a heavy burden on a single person!

-How To Make a Patch
+3. Pushing Out Your Changes 
+
+3.1 Write Access to CVS Repository
+
+ If you are a frequent contributor, or have another good reason, you can of
+ course get write access to the CVS repository and then you'll be able to
+ check-in all your changes straight into the CVS tree instead of sending all
+ changes by mail as patches. Just ask if this is what you'd want. You will be
+ required to have posted a few quality patches first, before you can be
+ granted write access.
+
+3.2 How To Make a Patch

 Keep a copy of the unmodified curl sources. Make your changes in a separate
 source tree. When you think you have something that you want to offer the
@@ -166,7 +206,7 @@ How To Make a Patch

 For unix-like operating systems:

-        http://www.fsf.org/software/patch/patch.html
+   http://www.gnu.org/software/patch/patch.html
   http://www.gnu.org/directory/diffutils.html

 For Windows:
@@ -174,7 +214,7 @@ How To Make a Patch
   http://gnuwin32.sourceforge.net/packages/patch.htm
   http://gnuwin32.sourceforge.net/packages/diffutils.htm

-How to get your patches into the libcurl sources
+3.3 How to get your changes into the main sources

 1. Submit your patch to the curl-library mailing list

@@ -189,5 +229,5 @@ How to get your patches into the libcurl sources
    simply drop such patches from my TODO list.

 5. If you've followed the above mentioned paragraphs and your patch still
-    hasn't been incorporated after some weeks, consider resubmitting them to
-    the list.
+    hasn't been incorporated after some weeks, consider resubmitting it to the
+    list.
--- a/docs/FAQ
+++ b/docs/FAQ
@@ -1,4 +1,4 @@
-Updated: February 11, 2007 (http://curl.haxx.se/docs/faq.html)
+Updated: Feb 18, 2008 (http://curl.haxx.se/docs/faq.html)
                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
@@ -18,6 +18,7 @@ FAQ
  1.8 I have a problem who do I mail?
  1.9 Where do I buy commercial support for curl?
  1.10 How many are using curl?
+  1.11 Why don't you update ca-bundle.crt

 2. Install Related Problems
  2.1 configure doesn't find OpenSSL even when it is installed
@@ -68,6 +69,7 @@ FAQ
  4.12 Why do I get "certificate verify failed" ?
  4.13 Why is curl -R on Windows one hour off?
  4.14 Redirects work in browser but not with curl!
+  4.15 FTPS doesn't work

 5. libcurl Issues
  5.1 Is libcurl thread-safe?
@@ -82,6 +84,7 @@ FAQ
  5.10 How do I prevent libcurl from writing the response to stdout?
  5.11 How do I make libcurl not receive the whole HTTP response?
  5.12 Can I make libcurl fake or hide my real IP address?
+  5.13 How do I stop an ongoing transfer?

 6. License Issues
  6.1 I have a GPL program, can I use the libcurl library?
@@ -213,8 +216,7 @@ FAQ
  improvements and have them inserted in the main sources (of course on the
  condition that developers agree on that the fixes are good).

-  The full list of the more than 530 contributors is found in the docs/THANKS
-  file.
+  The full list of all contributors is found in the docs/THANKS file.

  curl is developed by a community, with Daniel at the wheel.

@@ -289,13 +291,13 @@ FAQ

  Some facts to use as input to the math:

-  curl packages are downloaded from the curl.haxx.se and mirrors almost one
+  curl packages are downloaded from the curl.haxx.se and mirrors over a
  million times per year. curl is installed by default with most Linux
  distributions. curl is installed by default with Mac OS X. curl and libcurl
  as used by numerous applications that include libcurl binaries in their
  distribution packages (like Adobe Acrobat Reader and Google Earth).

-  More than 60 known named companies use curl in commercial environments and
+  More than 80 known named companies use curl in commercial environments and
  products. More than 100 known named open source projects depend on
  (lib)curl.

@@ -316,6 +318,29 @@ FAQ
  http://counter.li.org/estimates.php
  http://news.netcraft.com/archives/2005/03/14/fedora_makes_rapid_progress.html

+  1.11 Why don't you update ca-bundle.crt
+
+  The ca-bundle.crt file that used to be bundled with curl was very outdated
+  (it being last modified year 2000 should tell) and must be replaced with a
+  much more modern and up-to-date version by anyone who wants to verify peers
+  anyway. It is no longer provided, the last curl release that shipped it was
+  curl 7.18.0.
+
+  In the cURL project we've decided not to attempt to keep this file updated
+  (or even present anymore) since deciding what to add to a ca cert bundle is
+  an undertaking we've not been ready to accept, and the one we can get from
+  Mozilla is perfectly fine so there's no need to duplicate that work.
+
+  Today, with many services performed over HTTPS, every operating system
+  should come with a default ca cert bundle that can be deemed somewhat
+  trustworthy and that collection (if reasonably updated) should be deemed to
+  be a lot better than a private curl version.
+
+  If you want the most recent collection of ca certs that Mozilla Firefox
+  uses, we recommend that you extract the collection yourself from Mozilla
+  Firefox (by running 'make ca-bundle), or by using our online service setup
+  for this purpose: http://curl.haxx.se/docs/caextract.html
+

 2. Install Related Problems

@@ -374,7 +399,7 @@ FAQ

  2.4 Does curl support Socks (RFC 1928) ?

-  Yes, SOCKS5 is supported.
+  Yes, SOCKS 4 and 5 are supported.


 3. Usage problems
@@ -446,6 +471,10 @@ FAQ

     curl -O ftp://download.com/coolfile -Q '-DELE coolfile'

+  or rename a file after upload:
+
+     curl -T infile ftp://upload.com/dir/ -Q "-RNFR infile" -Q "-RNTO newname"
+
  3.8 How do I tell curl to follow HTTP redirects?

  Curl does not follow so-called redirects by default. The Location: header
@@ -755,7 +784,9 @@ FAQ
  4.9 Curl can't authenticate to the server that requires NTLM?

  This is supported in curl 7.10.6 or later. No earlier curl version knows
-  of this magic.
+  of this magic. Later versions require the OpenSSL or Microsoft Windows 
+  libraries to provide this functionality. Using GnuTLS or NSS libraries will 
+  not provide NTLM authentication functionality in curl.

  NTLM is a Microsoft proprietary protocol. Proprietary formats are evil. You
  should not use such ones.
@@ -822,6 +853,20 @@ FAQ
  manually figure out what the page is set to do, or you write a script that
  parses the results and fetches the new URL.

+  4.15 FTPS doesn't work
+
+  curl supports FTPS (sometimes known as FTP-SSL) both implicit and explicit
+  mode.
+
+  When a URL is used that starts with FTPS://, curl assumes implicit SSL on
+  the control connection and will therefore immediately connect and try to
+  speak SSL. FTPS:// connections default to port 990.
+
+  To use explicit FTPS, you use a FTP:// URL and the --ftp-ssl option (or one
+  of its related flavours). This is the most common method, and the one
+  mandated by RFC4217. This kind of connection then of course uses the
+  standard FTP port 21 by default.
+

 5. libcurl Issues

@@ -1012,6 +1057,18 @@ FAQ
  that makes you see and use a different IP address locally than what the
  remote server will see you coming from.

+  5.13 How do I stop an ongoing transfer?
+
+  There are several ways, but none of them are instant. There is no function
+  you can call from another thread or similar that will stop it immediately.
+  Instead you need to make sure that one of the callbacks you use return an
+  appropriate value that will stop the transfer.
+
+  Suitable callbacks that you can do this with include the progress callback,
+  the read callback and the write callback.
+
+  If you're using the multi interface, you also stop a transfer by removing
+  the particular easy handle from the multi stack.

 6. License Issues

@@ -1097,14 +1154,14 @@ FAQ
  In the cURL project we call this module PHP/CURL to differentiate it from
  curl the command line tool and libcurl the library. The PHP team however
  does not refer to it like this (for unknown reasons). They call it plain
-  CURL (often using all caps) which causes much confusion to users which in
-  turn gives us a higher question load.
+  CURL (often using all caps) or sometimes ext/curl, but both cause much
+  confusion to users which in turn gives us a higher question load.

  7.2 Who write PHP/CURL?

  PHP/CURL is a module that comes with the regular PHP package. It depends and
  uses libcurl, so you need to have libcurl installed properly first before
-  PHP/CURL can be used. PHP/CURL is written by Sterling Hughes.
+  PHP/CURL can be used. PHP/CURL was initially written by Sterling Hughes.

  7.3 Can I perform multiple requests using the same handle?

--- a/docs/FEATURES
+++ b/docs/FEATURES
@@ -33,6 +33,7 @@ libcurl supports
 - supports large files (>2GB and >4GB) both upload/download
 - replacable memory functions (malloc, free, realloc, etc)
 - asynchronous name resolving (*6)
+ - both a push and a pull style interface

 HTTP
 - HTTP/1.1 compliant (optionally uses 1.0)
@@ -40,6 +41,7 @@ HTTP
 - PUT
 - HEAD
 - POST
+ - Pipelining
 - multipart formpost (RFC1867-style)
 - authentication: Basic, Digest, NTLM(*1), GSS-Negotiate/Negotiate(*3) and
   SPNEGO (*4) to server and proxy
@@ -71,7 +73,7 @@ HTTPS (*1)
 FTP
 - download
 - authentication
- - kerberos4 (*5)
+ - kerberos4 (*5), kerberos5 (*3)
 - active/passive using PORT, EPRT, PASV or EPSV
 - single file size information (compare to HTTP HEAD)
 - 'type=' URL support
@@ -94,6 +96,13 @@ FTPS (*1)
 - explicit "AUTH TSL" and "AUTH SSL" usage to "upgrade" plain ftp://
   connection to use SSL for both or one of the connections

+SCP (*8)
+ - both password and public key auth
+
+SFTP (*8)
+ - both password and public key auth
+ - with custom commands sent before/after the transfer
+
 TFTP
 - download / upload

@@ -116,10 +125,11 @@ FILE
 FOOTNOTES
 =========

-  *1 = requires OpenSSL, GnuTLS or NSS
+  *1 = requires OpenSSL, GnuTLS, NSS or yassl
  *2 = requires OpenLDAP
  *3 = requires a GSSAPI-compliant library, such as Heimdal or similar.
  *4 = requires FBopenssl
  *5 = requires a krb4 library, such as the MIT one or similar.
  *6 = requires c-ares
  *7 = requires OpenSSL or NSS, as GnuTLS only supports SSLv3 and TLSv1
+  *8 = requires libssh2
--- a/docs/INSTALL
+++ b/docs/INSTALL
@@ -85,15 +85,6 @@ UNIX

        LDFLAGS=-R/usr/local/ssl/lib ./configure --with-ssl

-   Another option to the previous trick, is to set LD_LIBRARY_PATH or edit the
-   /etc/ld.so.conf file.
-
-   If your SSL library was compiled with rsaref (this was common in the past
-   when used in the United States), you may also need to set:
-
-     LIBS=-lRSAglue -lrsaref
-     (as suggested by Doug Kaufman)
-
   MORE OPTIONS

     To force configure to use the standard cc compiler if both cc and gcc are
@@ -143,6 +134,12 @@ UNIX
     To build with NSS support instead of OpenSSL for SSL/TLS, note that
     you need to use both --without-ssl and --with-nss.

+     To get GSSAPI support, build with --with-gssapi and have the MIT or
+     Heimdal Kerberos 5 packages installed.
+
+     To get support for SCP and SFTP, build with --with-libssh2 and have
+     libssh2 0.16 or later installed.
+     

 Win32
 =====
@@ -173,9 +170,17 @@ Win32
   MingW32
   -------

-   Run the 'mingw32.bat' file to get the proper environment variables set,
-   then run 'make mingw32' in the root dir. Use 'make mingw32-ssl' to build
-   curl SSL enabled.
+   Make sure that MinGW32's bin dir is in the search path, for example:
+
+     set PATH=c:\mingw32\bin;%PATH%
+
+   then run 'mingw32-make mingw32' in the root dir. There are other
+   make targets available to build libcurl with more features, use:
+   'mingw32-make mingw32-zlib' to build with Zlib support;
+   'mingw32-make mingw32-ssl-zlib' to build with SSL and Zlib enabled;
+   'mingw32-make mingw32-ssh2-ssl-zlib' to build with SSH2, SSL, Zlib;
+   'mingw32-make mingw32-ssh2-ssl-sspi-zlib' to build with SSH2, SSL, Zlib
+   and SSPI support.

   If you have any problems linking libraries or finding header files, be sure
   to verify that the provided "Makefile.m32" files use the proper paths, and
@@ -183,19 +188,38 @@ Win32
   environment variables, for example:

     set ZLIB_PATH=c:\zlib-1.2.3
-     set OPENSSL_PATH=c:\openssl-0.9.8d
-     set LIBSSH2_PATH=c:\libssh2-0.15
+     set OPENSSL_PATH=c:\openssl-0.9.8g
+     set LIBSSH2_PATH=c:\libssh2-0.17

   ATTENTION: if you want to build with libssh2 support you have to use latest
-   sources fetched from CVS - the current 0.14 release will NOT work!
-   Use 'make mingw32-ssh2-ssl' to build curl with SSH2 and SSL enabled.
+   version 0.17 - previous versions will NOT work with 7.17.0 and later!
+   Use 'mingw32-make mingw32-ssh2-ssl-zlib' to build with SSH2 and SSL enabled.
+
+   It is now also possible to build with other LDAP SDKs than MS LDAP;
+   currently it is possible to build with native Win32 OpenLDAP, or with the
+   Novell CLDAP SDK. If you want to use these you need to set these vars:
+
+     set LDAP_SDK=c:\openldap
+     set USE_LDAP_OPENLDAP=1
+
+   or for using the Novell SDK:
+
+     set USE_LDAP_NOVELL=1
+
+   If you want to enable LDAPS support then set LDAPS=1.
+
+   - optional MingW32-built OpenlDAP SDK available from:
+     http://www.gknw.net/mirror/openldap/
+   - optional recent Novell CLDAP SDK available from:
+     http://developer.novell.com/ndk/cldap.htm
+

   Cygwin
   ------

   Almost identical to the unix installation. Run the configure script in the
   curl root with 'sh configure'. Make sure you have the sh executable in
-   /bin/ or you'll see the configure fail towards the end.
+   /bin/ or you'll see the configure fail toward the end.

   Run 'make'

@@ -233,7 +257,7 @@ Win32
   Before running nmake define the OPENSSL_PATH environment variable with
   the root/base directory of OpenSSL, for example:

-     set OPENSSL_PATH=c:\openssl-0.9.8d
+     set OPENSSL_PATH=c:\openssl-0.9.8g

   Then run 'nmake vc-ssl' or 'nmake vc-ssl-dll' in curl's root
   directory.  'nmake vc-ssl' will create a libcurl static and dynamic
@@ -307,6 +331,7 @@ Win32
   CURL_DISABLE_TELNET   disables TELNET
   CURL_DISABLE_DICT     disables DICT
   CURL_DISABLE_FILE     disables FILE
+   CURL_DISABLE_TFTP     disables TFTP

   If you want to set any of these defines you have the following
   possibilities:
@@ -399,7 +424,7 @@ VMS

   Facility - basically the program ID. A code assigned to the program
   the name can be fetched from external or internal message libraries
-   Errorcode - the errodes assigned by the application
+   Error code - the err codes assigned by the application
   Sev. - severity: Even = error, off = non error
      0 = Warning
      1 = Success
@@ -409,7 +434,7 @@ VMS
      <5-7> reserved.

   This all presents itself with:
-   %<FACILITY>-<SeV>-<Errorname>, <Error message>
+   %<FACILITY>-<Sev>-<Errorname>, <Error message>

   See also the src/curlmsg.msg file, it has the source for the messages In
   src/main.c a section is devoted to message status values, the globalvalues
@@ -484,18 +509,33 @@ NetWare
     http://www.gknw.net/development/prgtools/
   - recent Novell LibC SDK available from:
     http://developer.novell.com/ndk/libc.htm
-   - optional zlib sources (at the moment only dynamic linking with zlib.imp);
+   - or recent Novell CLib SDK available from:
+     http://developer.novell.com/ndk/clib.htm
+   - optional recent Novell CLDAP SDK available from:
+     http://developer.novell.com/ndk/cldap.htm
+   - optional zlib sources (static or dynamic linking with zlib.imp);
     sources with NetWare Makefile can be obtained from:
     http://www.gknw.net/mirror/zlib/
-   - optional OpenSSL sources (version 0.9.8 or later which builds with BSD);
+   - optional OpenSSL sources (version 0.9.8 or later build with BSD sockets);
+     you can find precompiled packages at:
+     http://www.gknw.net/development/ossl/netware/
+     for CLIB-based builds OpenSSL needs to be patched to build with BSD
+     sockets (currently only a winsock-based CLIB build is supported):
+     http://www.gknw.net/development/ossl/netware/patches/v_0.9.8g/openssl-0.9.8g.diff
+   - optional SSH2 sources (version 0.17 or later);

   Set a search path to your compiler, linker and tools; on Linux make
-   sure that the var OSTYPE contains the string 'linux'; and then type
-   'make netware' from the top source directory; other tagets available
+   sure that the var OSTYPE contains the string 'linux'; set the var
+   NDKBASE to point to the base of your Novell NDK; and then type
+   'make netware' from the top source directory; other targets available
   are 'netware-ssl', 'netware-ssl-zlib', 'netware-zlib' and 'netware-ares';
   if you need other combinations you can control the build with the
-   environment variables WITH_SSL, WITH_ZLIB, WITH_ARES and ENABLE_IPV6.
-   I found on some Linux systems (RH9) that OS detection didnt work although
+   environment variables WITH_SSL, WITH_ZLIB, WITH_ARES, WITH_SSH2, and
+   ENABLE_IPV6; you can set LINK_STATIC=1 to link curl.nlm statically.
+   By default LDAP support is enabled, however currently you will need a patch
+   in order to use the CLDAP NDK with BSD sockets (Novell Bug 300237):
+   http://www.gknw.net/test/curl/cldap_ndk/ldap_ndk.diff
+   I found on some Linux systems (RH9) that OS detection didn't work although
   a 'set | grep OSTYPE' shows the var present and set; I simply overwrote it
   with 'OSTYPE=linux-rh9-gnu' and the detection in the Makefile worked...
   Any help in testing appreciated!
@@ -577,20 +617,42 @@ eCos

 Minix
 =====
-   curl can be compiled on Minix 3 using gcc (ACK has a few problems due
-   to mismatched headers and libraries as of ver. 3.1.2).  The gcc and bash
-   packages must be installed first.  The default heap size allocated to
-   bash is inadequate for running configure and will result in out of memory
-   errors.  Increase it with the command:
+   curl can be compiled on Minix 3 using gcc or ACK (starting with
+   ver. 3.1.3).  The default heap size allocated to several required
+   programs is inadequate for configuring and compiling curl and will
+   result in strange errors unless fixed (which only needs to be done
+   once).
+   
+   ACK
+   ---
+   Increase heap sizes with the commands:
+
+     chmem =1024000 /usr/lib/em_cemcom.ansi
+     chmem =512000 /usr/lib/i386/as
+
+   If you have bash installed:

     chmem =2048000 /usr/local/bin/bash

-   Make sure gcc and bash are in the PATH then configure curl with a
-   command like this:
+   Configure and compile with:

-     ./configure GREP=/usr/bin/grep AR=/usr/gnu/bin/gar --disable-ldap
+     ./configure CC=cc LD=cc GREP=grep CPPFLAGS=-D_POSIX_SOURCE=1
+     make

-   Then simply run 'make'.
+   GCC
+   ---
+   If you have bash installed:
+
+     chmem =2048000 /usr/local/bin/bash
+
+   Make sure gcc is in your PATH with the command:
+   
+     export PATH=/usr/gnu/bin:$PATH
+   
+   then configure and compile curl with:
+
+     ./configure CC=gcc GREP=grep AR=/usr/gnu/bin/gar
+     make


 CROSS COMPILE
@@ -652,6 +714,9 @@ REDUCING SIZE

      ./configure CFLAGS='-Os' ...

+   Note that newer compilers often produce smaller code than older versions
+   due to better optimization.
+
   Be sure to specify as many --disable- and --without- flags on the configure
   command-line as you can to disable all the libcurl features that you
   know your application is not going to need.  Besides specifying the
@@ -678,9 +743,9 @@ REDUCING SIZE
   sections of the shared library using the -R option to objcopy (e.g. the
   .comment section).

-   Using these techniques it is possible to create an HTTP-only shared
-   libcurl library for i386 Linux platforms that is less than 90 KB in
-   size (as of version 7.15.4).
+   Using these techniques it is possible to create an HTTP-only shared libcurl
+   library for i386 Linux platforms that is only 96 KiB in size (as of libcurl
+   version 7.17.1, using gcc 4.2.2).

   You may find that statically linking libcurl to your application will
   result in a lower total size.
@@ -705,6 +770,7 @@ PORTS
        - HP3000 MPE/iX
        - MIPS IRIX 6.2, 6.5
        - MIPS Linux
+        - OS/400
        - Pocket PC/Win CE 3.0
        - Power AIX 3.2.5, 4.2, 4.3.1, 4.3.2, 5.1, 5.2
        - PowerPC Darwin 1.0
@@ -719,6 +785,7 @@ PORTS
        - StrongARM (and other ARM) RISC OS 3.1, 4.02
        - StrongARM/ARM7/ARM9 Linux 2.4, 2.6
        - StrongARM NetBSD 1.4.1
+        - TPF
        - Ultrix 4.3a
        - UNICOS 9.0
        - i386 BeOS
@@ -728,7 +795,7 @@ PORTS
        - i386 FreeBSD
        - i386 HURD
        - i386 Linux 1.3, 2.0, 2.2, 2.3, 2.4, 2.6
-        - i386 MINIX 3.1.2
+        - i386 MINIX 3.1
        - i386 NetBSD
        - i386 Novell NetWare
        - i386 OS/2
@@ -741,10 +808,12 @@ PORTS
        - ia64 Linux 2.3.99
        - m68k AmigaOS 3
        - m68k Linux
+        - m68k uClinux
        - m68k OpenBSD
        - m88k dg-dgux5.4R3.00
        - s390 Linux
        - XScale/PXA250 Linux 2.4
+        - Nios II uClinux

 Useful URLs
 ===========
--- a/docs/INTERNALS
+++ b/docs/INTERNALS
@@ -1,4 +1,3 @@
-                                    Updated for curl 7.9.1 on November 2, 2001
                                  _   _ ____  _     
                              ___| | | |  _ \| |    
                             / __| | | | |_) | |    
@@ -37,8 +36,8 @@ Windows vs Unix

 2. Windows requires a couple of init calls for the socket stuff.

-   Those must be made by the application that uses libcurl, in curl that means
-   src/main.c has some code #ifdef'ed to do just that.
+   That's taken care of by the curl_global_init() call, but if other libs also
+   do it etc there might be reasons for applications to alter that behaviour.

 3. The file descriptors for network communication and file operations are
    not easily interchangable as in unix.
@@ -98,7 +97,9 @@ Library

   ... analyzes the URL, it separates the different components and connects to
   the remote host. This may involve using a proxy and/or using SSL. The
-   Curl_gethost() function in lib/hostip.c is used for looking up host names.
+   Curl_resolv() function in lib/hostip.c is used for looking up host names
+   (it does then use the proper underlying method, which may vary between
+   platforms and builds).

   When Curl_connect is done, we are connected to the remote site. Then it is
   time to tell the server to get a document/file. Curl_do() arranges this.
@@ -123,17 +124,20 @@ Library
   Curl_Transfer() function (in lib/transfer.c) to setup the transfer and
   returns.

-   Starting in 7.9.1, if this DO function fails and the connection is being
-   re-used, libcurl will then close this connection, setup a new connection
-   and re-issue the DO request on that. This is because there is no way to be
-   perfectly sure that we have discovered a dead connection before the DO
-   function and thus we might wrongly be re-using a connection that was closed
-   by the remote peer.
+   If this DO function fails and the connection is being re-used, libcurl will
+   then close this connection, setup a new connection and re-issue the DO
+   request on that. This is because there is no way to be perfectly sure that
+   we have discovered a dead connection before the DO function and thus we
+   might wrongly be re-using a connection that was closed by the remote peer.
+
+   Some time during the DO function, the Curl_setup_transfer() function must
+   be called with some basic info about the upcoming transfer: what socket(s)
+   to read/write and the expected file tranfer sizes (if known).

 o Transfer()

-   Curl_perform() then calls Transfer() in lib/transfer.c that performs
-   the entire file transfer.
+   Curl_perform() then calls Transfer() in lib/transfer.c that performs the
+   entire file transfer.

   During transfer, the progress functions in lib/progress.c are called at a
   frequent interval (or at the user's choice, a specified callback might get
@@ -237,9 +241,8 @@ Library
 URL encoding and decoding, called escaping and unescaping in the source code,
 is found in lib/escape.c.

- While transfering data in Transfer() a few functions might get
- used. curl_getdate() in lib/getdate.c is for HTTP date comparisons (and
- more).
+ While transfering data in Transfer() a few functions might get used.
+ curl_getdate() in lib/parsedate.c is for HTTP date comparisons (and more).

 lib/getenv.c offers curl_getenv() which is for reading environment variables
 in a neat platform independent way. That's used in the client, but also in
@@ -255,10 +258,6 @@ Library
 A function named curl_version() that returns the full curl version string is
 found in lib/version.c.

- If authentication is requested but no password is given, a getpass_r() clone
- exists in lib/getpass.c. libcurl offers a custom callback that can be used
- instead of this, but it doesn't change much to us.
-
 Persistent Connections
 ======================

@@ -270,9 +269,11 @@ Persistent Connections
   all the options etc that the library-user may choose.
 o The 'SessionHandle' struct holds the "connection cache" (an array of
   pointers to 'connectdata' structs). There's one connectdata struct
-   allocated for each connection that libcurl knows about.
- o This also enables the 'curl handle' to be reused on subsequent transfers,
-   something that was illegal before libcurl 7.7.
+   allocated for each connection that libcurl knows about. Note that when you
+   use the multi interface, the multi handle will hold the connection cache
+   and not the particular easy handle. This of course to allow all easy handles
+   in a multi stack to be able to share and re-use connections.
+ o This enables the 'curl handle' to be reused on subsequent transfers.
 o When we are about to perform a transfer with curl_easy_perform(), we first
   check for an already existing connection in the cache that we can use,
   otherwise we create a new one and add to the cache. If the cache is full
@@ -282,11 +283,46 @@ Persistent Connections
 o When the transfer operation is complete, we try to leave the connection
   open. Particular options may tell us not to, and protocols may signal
   closure on connections and then we don't keep it open of course.
- o When curl_easy_cleanup() is called, we close all still opened connections.
+ o When curl_easy_cleanup() is called, we close all still opened connections,
+   unless of course the multi interface "owns" the connections.

 You do realize that the curl handle must be re-used in order for the
 persistent connections to work.

+multi interface/non-blocking
+============================
+
+ We make an effort to provide a non-blocking interface to the library, the
+ multi interface. To make that interface work as good as possible, no
+ low-level functions within libcurl must be written to work in a blocking
+ manner.
+
+ One of the primary reasons we introduced c-ares support was to allow the name
+ resolve phase to be perfectly non-blocking as well.
+
+ The ultimate goal is to provide the easy interface simply by wrapping the
+ multi interface functions and thus treat everything internally as the multi
+ interface is the single interface we have.
+
+ The FTP and the SFTP/SCP protocols are thus perfect examples of how we adapt
+ and adjust the code to allow non-blocking operations even on multi-stage
+ protocols. The DICT, TELNET and TFTP are crappy examples and they are subject
+ for rewrite in the future to better fit the libcurl protocol family.
+
+SSL libraries
+=============
+
+ Originally libcurl supported SSLeay for SSL/TLS transports, but that was then
+ extended to its successor OpenSSL but has since also been extended to several
+ other SSL/TLS libraries and we expect and hope to further extend the support
+ in future libcurl versions.
+
+ To deal with this internally in the best way possible, we have a generic SSL
+ function API as provided by the sslgen.[ch] system, and they are the only SSL
+ functions we must use from within libcurl. sslgen is then crafted to use the
+ appropriate lower-level function calls to whatever SSL library that is in
+ use.
+
 Library Symbols
 ===============
 
@@ -310,6 +346,13 @@ Return Codes and Informationals
 them. They are best used when revealing information that isn't otherwise
 obvious.

+API/ABI
+=======
+
+ We make an effort to not export or show internals or how internals work, as
+ that makes it easier to keep a solid API/ABI over time. See docs/libcurl/ABI
+ for our promise to users.
+
 Client
 ======

--- a/docs/KNOWN_BUGS
+++ b/docs/KNOWN_BUGS
@@ -3,14 +3,37 @@ join in and help us correct one or more of these! Also be sure to check the
 changelog of the current development status, as one or more of these problems
 may have been fixed since this was written!

+52. Gautam Kachroo's issue that identifies a problem with the multi interface
+  where a connection can be re-used without actually being properly
+  SSL-negoatiated:
+  http://curl.haxx.se/mail/lib-2008-01/0277.html
+
+49. If using --retry and the transfer timeouts (possibly due to using -m or
+  -y/-Y) the next attempt doesn't resume the transfer properly from what was
+  downloaded in the previous attempt but will truncate and restart at the
+  original position where it was at before the previous failed attempt. See
+  http://curl.haxx.se/mail/lib-2008-01/0080.html
+
+48. If a CONNECT response-headers are larger than BUFSIZE (16KB) when the
+  connection is meant to be kept alive (like for NTLM proxy auth), the
+  function will return prematurely and will confuse the rest of the HTTP
+  protocol code. This should be very rare.
+
+45. libcurl built to support ipv6 uses getaddrinfo() to resolve host names.
+  getaddrinfo() sorts the response list which effectively kills how libcurl
+  deals with round-robin DNS entries. All details:
+    http://curl.haxx.se/mail/lib-2007-07/0168.html
+  initial suggested function to use for randomizing the response:
+    http://curl.haxx.se/mail/lib-2007-07/0178.html
+
+43. There seems to be a problem when connecting to the Microsoft telnet server.
+  http://curl.haxx.se/bug/view.cgi?id=1720605
+
 41. When doing an operation over FTP that requires the ACCT command (but not
  when logging in), the operation will fail since libcurl doesn't detect this
  and thus fails to issue the correct command:
  http://curl.haxx.se/bug/view.cgi?id=1693337

-40. Mac OS X test failures (Daniel Johnson)
-  http://curl.haxx.se/mail/lib-2007-03/0095.html
-
 39. Steffen Rumler's Race Condition in Curl_proxyCONNECT:
  http://curl.haxx.se/mail/lib-2007-01/0045.html

@@ -31,29 +54,15 @@ may have been fixed since this was written!
  Also see #12. According to bug #1556528, even the SOCKS5 connect code does
  not do it right: http://curl.haxx.se/bug/view.cgi?id=1556528,

-33. Doing multi-pass HTTP authentication on a non-default port does not work.
-  This happens because the multi-pass code abuses the redirect following code
-  for doing multiple requests, and when we following redirects to an absolute
-  URL we must use the newly specified port and not the one specified in the
-  original URL. A proper fix to this would need to separate the negotiation
-  "redirect" from an actual redirect.
-
-32. (At least on Windows) If libcurl is built with c-ares and there's no DNS
-  server configured in the system, the ares_init() call fails and thus
-  curl_easy_init() fails as well. This causes weird effects for people who use
-  numerical IP addresses only.
-
 31. "curl-config --libs" will include details set in LDFLAGS when configure is
-  run that might be needed only for building libcurl. Similarly, it might
-  include options that perhaps aren't suitable both for static and dynamic
-  linking. Further, curl-config --cflags suffers from the same effects with
-  CFLAGS/CPPFLAGS.
+  run that might be needed only for building libcurl. Further, curl-config
+  --cflags suffers from the same effects with CFLAGS/CPPFLAGS.

 30. You need to use -g to the command line tool in order to use RFC2732-style
  IPv6 numerical addresses in URLs.

 29. IPv6 URLs with zone ID is not supported.
-  http://www.ietf.org/internet-drafts/draft-fenner-literal-zone-02.txt
+  http://www.ietf.org/internet-drafts/draft-fenner-literal-zone-02.txt (expired)
  specifies the use of a plus sign instead of a percent when specifying zone
  IDs in URLs to get around the problem of percent signs being
  special. According to the reporter, Firefox deals with the URL _with_ a
@@ -68,7 +77,6 @@ may have been fixed since this was written!
 23. SOCKS-related problems:
  A) libcurl doesn't support SOCKS for IPv6.
  B) libcurl doesn't support FTPS over a SOCKS proxy.
-  C) We don't have any test cases for SOCKS proxy.
  E) libcurl doesn't support active FTP over a SOCKS proxy

  We probably have even more bugs and lack of features when a SOCKS proxy is
--- a/docs/MANUAL
+++ b/docs/MANUAL
@@ -809,18 +809,19 @@ CUSTOM OUTPUT

        curl -w 'We downloaded %{size_download} bytes\n' www.download.com

-KERBEROS4 FTP TRANSFER
+KERBEROS FTP TRANSFER

-  Curl supports kerberos4 for FTP transfers. You need the kerberos package
-  installed and used at curl build time for it to be used.
+  Curl supports kerberos4 and kerberos5/GSSAPI for FTP transfers. You need
+  the kerberos package installed and used at curl build time for it to be
+  used.

-  First, get the krb-ticket the normal way, like with the kauth tool. Then use
-  curl in way similar to:
+  First, get the krb-ticket the normal way, like with the kinit/kauth tool.
+  Then use curl in way similar to:

-        curl --krb4 private ftp://krb4site.com -u username:fakepwd
+        curl --krb private ftp://krb4site.com -u username:fakepwd

  There's no use for a password on the -u switch, but a blank one will make
-  curl ask for one and you already entered the real password to kauth.
+  curl ask for one and you already entered the real password to kinit/kauth.

 TELNET

--- a/docs/README.win32
+++ b/docs/README.win32
@@ -20,3 +20,7 @@ README.win32
  command line similar to this in order to extract a separate text file:

        curl -M >manual.txt
+
+  Read the INSTALL file for instructions how to compile curl self.
+
+
--- a/docs/SSLCERTS
+++ b/docs/SSLCERTS
@@ -1,21 +1,25 @@
                      Peer SSL Certificate Verification
                      =================================

-libcurl performs peer SSL certificate verification by default. This is done by
-installing a default CA cert bundle on 'make install' (or similar), that CA
-bundle package is used by default on operations against SSL servers.
+libcurl performs peer SSL certificate verification by default.  This is done
+by using CA cert bundle that the SSL library can use to make sure the peer's
+server certificate is valid.

 If you communicate with HTTPS or FTPS servers using certificates that are
 signed by CAs present in the bundle, you can be sure that the remote server
 really is the one it claims to be.

-If the remote server uses a self-signed certificate, if you don't install
-curl's CA cert bundle, if the server uses a certificate signed by a CA that
-isn't included in the bundle or if the remote host is an impostor
+Until 7.18.0, curl bundled a severely outdated ca bundle file that was
+installed by default. These days, the curl archives include no ca certs at
+all. You need to get them elsewhere. See below for example.
+
+If the remote server uses a self-signed certificate, if you don't install a CA
+cert bundle, if the server uses a certificate signed by a CA that isn't
+included in the bundle you use or if the remote host is an impostor
 impersonating your favorite site, and you want to transfer files from this
 server, do one of the following:

- 1. Tell libcurl to *not* verify the peer. With libcurl you disable with with
+ 1. Tell libcurl to *not* verify the peer. With libcurl you disable this with
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);

    With the curl command line tool, you disable this with -k/--insecure.
@@ -27,10 +31,8 @@ server, do one of the following:
    With the curl command line tool: --cacert [file]

 3. Add the CA cert for your server to the existing default CA cert bundle.
-    The default path of the CA bundle installed with the curl package is:
-    /usr/local/share/curl/curl-ca-bundle.crt, which can be changed by running
-    configure with the --with-ca-bundle option pointing out the path of your
-    choice.
+    The default path of the CA bundle used can be changed by running configure
+    with the --with-ca-bundle option pointing out the path of your choice.

    To do this, you need to get the CA cert for your server in PEM format and
    then append that to your CA cert bundle.
@@ -48,8 +50,6 @@ server, do one of the following:
     o Append the 'outcert.pem' to the CA cert bundle or use it stand-alone
       as described below.

-     (Thanks to Frankie V for this description)
-
    If you use the 'openssl' tool, this is one way to get extract the CA cert
    for a particular server:

@@ -64,8 +64,6 @@ server, do one of the following:
       cert_bundle or use it stand-alone as described. Just remember that the
       security is no better than the way you obtained the certificate.

-     (Thanks to Doug Kaufman for this description)
-
 4. If you're using the curl command line tool, you can specify your own CA
    cert path by setting the environment variable CURL_CA_BUNDLE to the path
    of your choice.
@@ -80,8 +78,9 @@ server, do one of the following:
      5. all directories along %PATH%

 5. Get a better/different/newer CA cert bundle! One option is to extract the
-    one a recent Mozilla browser uses, by following the instruction found
-    here:
+    one a recent Mozilla browser uses by running 'make ca-bundle' in the curl
+    build tree root, or possibly download a version that was generated this
+    way for you:

        http://curl.haxx.se/docs/caextract.html

--- a/docs/THANKS
+++ b/docs/THANKS
@@ -4,12 +4,16 @@

 If you have contributed but are missing here, please let us know!

+Adam D. Moss
+Adam Piggott
 Adrian Schuur
 Alan Pinstein
 Albert Chin-A-Young
 Albert Choy
 Ale Vesely
 Aleksandar Milivojevic
+Alessandro Vesely
+Alex Fishman
 Alex Neblett
 Alex Suykov
 Alex aka WindEagle
@@ -17,10 +21,14 @@ Alexander Kourakos
 Alexander Krasnostavsky
 Alexander Lazic
 Alexander Zhuravlev
+Alexey Pesternikov
 Alexey Simak
 Alexis Carvalho
+Allen Pulsifer
 Amol Pattekar
+Anders Gustafsson
 Andi Jahja
+Andre Guibert de Bruet
 Andreas Damm
 Andreas Ntaflos
 Andreas Olsson
@@ -31,6 +39,8 @@ Andrew Biggs
 Andrew Bushnell
 Andrew Francis
 Andrew Fuller
+Andrew Moise
+Andrew Wansink
 Andr<EFBFBD>s Garc<72>a
 Andy Cedilnik
 Andy Serpa
@@ -67,10 +77,12 @@ Casey O'Donnell
 Chih-Chung Chang
 Chris "Bob Bob"
 Chris Combes
+Chris Flerackers
 Chris Gaukroger
 Chris Maltby
 Christian Kurz
 Christian Robottom Reis
+Christian Vogt
 Christophe Demory
 Christophe Legry
 Christopher R. Palmer
@@ -78,6 +90,7 @@ Ciprian Badescu
 Clarence Gardner
 Clifford Wolf
 Cody Jones
+Colin Hogben
 Colin Watson
 Colm Buckley
 Cory Nelson
@@ -92,6 +105,10 @@ Dan Fandrich
 Dan Nelson
 Dan Torop
 Dan Zitter
+Daniel Black
+Daniel Cater
+Daniel Egger
+Daniel Johnson
 Daniel Stenberg
 Daniel at touchtunes
 Darryl House
@@ -99,6 +116,7 @@ Dave Dribin
 Dave Halbakken
 Dave Hamilton
 Dave May
+Dave Vasilevsky
 David Byron
 David Cohen
 David Eriksson
@@ -115,6 +133,7 @@ David Phillips
 David Shaw
 David Tarendash
 David Thiel
+David Wright
 David Yan
 Detlef Schmier
 Diego Casorran
@@ -125,6 +144,7 @@ Dirk Eddelbuettel
 Dirk Manske
 Dmitriy Sergeyev
 Dmitry Bartsevich
+Dmitry Kurochkin
 Dmitry Rechkin
 Dolbneff A.V
 Domenico Andreoli
@@ -135,16 +155,19 @@ Douglas E. Wegscheid
 Douglas R. Horner
 Dov Murik
 Duane Cathey
+Duncan Mac-Vicar Prett
 Dustin Boswell
 Dylan Ellicott
 Dylan Salisbury
 Early Ehlinger
 Edin Kadribasic
 Ellis Pritchard
+Emil Romanus
 Emiliano Ida
 Enrico Scholz
 Enrik Berkhan
 Eric Cooper
+Eric Landes
 Eric Lavigne
 Eric Melville
 Eric Rautman
@@ -156,33 +179,44 @@ Erwan Legrand
 Erwin Authried
 Eugene Kotlyarov
 Evan Jordan
+Eygene Ryabinkin
 Fabrizio Ammollo
 Fedor Karpelevitch
 Felix von Leitner
+Feng Tu
 Florian Schoppmann
 Forrest Cahoon
+Frank Hempel
 Frank Keeney
 Frank Ticheler
 Fred New
 Fred Noz
 Frederic Lepied
+Gary Maxwell
 Gautam Mani
+Gavrie Philipson
 Gaz Iqbal
 Georg Horn
 Georg Huettenegger
+Georg Lippitsch
 Georg Wicherski
 Gerd v. Egidy
 Gerhard Herre
+Gerrit Bruchh<68>user
+Giancarlo Formicuccia
 Giaslas Georgios
 Gilad
 Gilbert Ramirez Jr.
+Gilles Blanc
 Gisle Vanem
 Giuseppe Attardi
 Giuseppe D'Ambrosio
 Glen Nakamura
 Glen Scott
 Greg Hewgill
+Greg Morse
 Greg Onufer
+Greg Zavertnik
 Grigory Entin
 Guenole Bescon
 Guillaume Arluison
@@ -191,6 +225,7 @@ Gwenole Beauchesne
 G<EFBFBD>tz Babin-Ebell
 G<EFBFBD>nter Knauf
 Hamish Mackenzie
+Hang Kin Lau
 Hanno Kranzhoff
 Hans Steegers
 Hardeep Singh
@@ -200,11 +235,14 @@ Henrik Storner
 Hzhijun
 Ian Ford
 Ian Gulliver
+Ian Turner
 Ian Wilkes
 Ignacio Vazquez-Abrams
+Igor Franchuk
 Igor Polyakov
 Ilguiz Latypov
 Ilja van Sprundel
+Immanuel Gregoire
 Ingmar Runge
 Ingo Ralf Blum
 Ingo Wilken
@@ -224,12 +262,15 @@ Jan Kunder
 Jared Lundell
 Jari Sundell
 Jason S. Priebe
+Jay Austin
+Jayesh A Shah
 Jaz Fresh
 Jean Jacques Drouin
 Jean-Claude Chauve
 Jean-Louis Lemaire
 Jean-Marc Ranger
 Jean-Philippe Barrette-LaPierre
+Jeff Johnson
 Jeff Lawson
 Jeff Phillips
 Jeff Pohlmeyer
@@ -239,7 +280,9 @@ Jesper Jensen
 Jesse Noller
 Jim Drash
 Joe Halpin
+Joe Malicki
 Joel Chen
+Jofell Gallardo
 Johan Anderson
 Johan Nilsson
 John Crow
@@ -247,6 +290,7 @@ John Janssen
 John Kelly
 John Lask
 John McGowan
+Johnny Luong
 Jon Grubbs
 Jon Travis
 Jon Turner
@@ -254,14 +298,17 @@ Jonas Forsman
 Jonatan Lander
 Jonathan Hseu
 Jongki Suwandi
+Jose Kahan
 Josh Kapell
 Juan F. Codagnone
 Juan Ignacio Herv<72>s
+Judson Bishop
 Juergen Wilke
 Jukka Pihl
 Julian Noble
 Jun-ichiro itojun Hagino
 Jurij Smakov
+Justin Fletcher
 J<EFBFBD>rg Mueller-Tolk
 J<EFBFBD>rn Hartroth
 Kai Sommerfeld
@@ -270,6 +317,7 @@ Kang-Jin Lee
 Karl Moerder
 Karol Pietrzak
 Katie Wang
+Kees Cook
 Keith MacDonald
 Keith McGuigan
 Ken Hirsch
@@ -277,13 +325,16 @@ Ken Rastatter
 Kent Boortz
 Kevin Fisk
 Kevin Lussier
+Kevin Reed
 Kevin Roth
+Kim Rinnewitz
 Kimmo Kinnunen
 Kjell Ericson
 Kjetil Jacobsen
 Klevtsov Vadim
 Kris Kennaway
 Krishnendu Majumdar
+Kristian Gunstone
 Kristian K<>hntopp
 Kyle Sallee
 Lachlan O'Dea
@@ -293,6 +344,7 @@ Lars Gustafsson
 Lars J. Aas
 Lars Nilsson
 Lars Torben Wilson
+Lau Hang Kin
 Legoff Vincent
 Lehel Bernadt
 Len Krause
@@ -309,6 +361,7 @@ Luke Call
 Luong Dinh Dung
 Maciej Karpiuk
 Maciej W. Rozycki
+Manfred Schwarb
 Marc Boucher
 Marcelo Juchem 
 Marcin Konicki
@@ -316,6 +369,7 @@ Marco G. Salvagno
 Marcus Webster
 Mario Schroeder
 Mark Butler
+Mark Davies
 Mark Eichin
 Mark Lentczner
 Markus Koetter
@@ -328,13 +382,17 @@ Martin Skinner
 Marty Kuhrt
 Maruko
 Massimiliano Ziccardi
+Mateusz Loskot
 Mathias Axelsson
 Mats Lidell
+Matt Kraai
 Matt Veenstra
 Matt Witherspoon
 Matthew Blain
 Matthew Clarke
 Maurice Barnum
+Max Katsev
+Maxim Perenesenko
 Mekonikum
 Mettgut Jamalla
 Michael Benedict
@@ -356,6 +414,7 @@ Mitz Wark
 Mohamed Lrhazi
 Mohun Biswas
 Moonesamy
+Nathan Coulter
 Nathan O'Sullivan
 Nathanael Nerode
 Naveen Noel
@@ -364,12 +423,14 @@ Neil Spring
 Nic Roets
 Nick Gimbrone
 Nick Humfrey
+Nick Zitzmann
 Nico Baggus
 Nicolas Berloquin
 Nicolas Croiset
 Nicolas Fran<61>ois
 Niels van Tongeren
 Nikita Schmidt
+Nikitinskit Dmitriy
 Nir Soffer
 Nis Jorgensen
 Nodak Sodak
@@ -380,6 +441,7 @@ Olaf St
 Oren Tirosh
 P R Schaffner
 Patrick Bihan-Faou
+Patrick Monnerat
 Patrick Smith
 Paul Harrington
 Paul Marquis
@@ -394,6 +456,7 @@ Pete Su
 Peter Bray
 Peter Forret
 Peter Heuchert
+Peter O'Gorman
 Peter Pentchev
 Peter Silva
 Peter Su
@@ -404,6 +467,7 @@ Peter Wullinger
 Peteris Krumins
 Phil Karn
 Philip Gladstone
+Philip Langdale
 Philippe Hameau
 Philippe Raoult
 Philippe Vaucher
@@ -411,11 +475,13 @@ Pierre
 Puneet Pawaia
 Quagmire
 Rafael Sagula
+Ralf S. Engelschall
 Ralph Beckmann
 Ralph Mitchell
 Ramana Mokkapati
 Randy McMurchy
 Ravi Pratap
+Ray Pekowski
 Reinout van Schouwen
 Renaud Chaillat
 Renaud Duhaut
@@ -423,6 +489,7 @@ Rene Bernhardt
 Rene Rebe
 Ricardo Cadime
 Rich Gray
+Rich Rauenzahn
 Richard Archer
 Richard Atterer
 Richard Bramante
@@ -432,11 +499,16 @@ Richard Gorton
 Richard Prescott
 Rick Jones
 Rick Richardson
+Rob Crittenden
+Rob Jones
 Rob Stanzel
+Robert A. Monat
 Robert D. Young
 Robert Foreman
+Robert Iakobashvili
 Robert Olson
 Robert Weaver
+Robin Johnson
 Robin Kay
 Robson Braga Araujo
 Rodney Simmons
@@ -457,6 +529,7 @@ Samuel D
 Samuel Listopad
 Sander Gates
 Saul good
+Scott Cantor
 Scott Davis
 Sebastien Willemijns
 Sergio Ballestrero
@@ -469,6 +542,9 @@ Siddhartha Prakash Jain
 Simon Dick
 Simon Josefsson
 Simon Liu
+Song Ma
+Sonia Subramanian
+Spacen Jasset
 Spiridonoff A.V
 Stadler Stephan
 Stefan Esser
@@ -480,6 +556,7 @@ Stephen More
 Sterling Hughes
 Steve Green
 Steve Lhomme
+Steve Little
 Steve Marx
 Steve Oliphant
 Steven Bazyl
@@ -490,6 +567,7 @@ S
 T. Bharath
 T. Yamada
 Temprimus
+Thomas J. Moore
 Thomas Klausner
 Thomas Schwinge
 Thomas Tonino
@@ -497,6 +575,7 @@ Tim Baker
 Tim Bartley
 Tim Costello
 Tim Sneddon
+Tobias Rundstr<74>m
 Toby Peterson
 Todd Kulesza
 Todd Vierling
@@ -504,6 +583,7 @@ Tom Benoist
 Tom Lee
 Tom Mattison
 Tom Moers
+Tom Regner
 Tom Zerucha
 Tomas Pospisek
 Tomas Szepe
@@ -522,10 +602,12 @@ Ulf H
 Ulrich Zadow
 Venkat Akella
 Victor Snezhko
+Vikram Saxena
 Vilmos Nebehaj
 Vincent Bronner
 Vincent Penquerc'h
 Vincent Sanders
+Vladimir Lazarenko
 Vojtech Janota
 Vojtech Minarik
 Walter J. Mack
--- a/docs/TODO
+++ b/docs/TODO
@@ -4,225 +4,445 @@
                            | (__| |_| |  _ <| |___ 
                             \___|\___/|_| \_\_____|

-TODO
+                Things that could be nice to do in the future

 Things to do in project cURL. Please tell us what you think, contribute and
- send us patches that improve things! Also check the http://curl.haxx.se/dev
- web section for various technical development notes.
+ send us patches that improve things!

 All bugs documented in the KNOWN_BUGS document are subject for fixing!

- LIBCURL
+ 1. libcurl
+ 1.1 Zero-copy interface
+ 1.2 More data sharing
+ 1.3 struct lifreq
+ 1.4 Get IP address
+ 1.5 c-ares ipv6
+ 1.6 configure-based info in public headers

- * Introduce another callback interface for upload/download that makes one
-   less copy of data and thus a faster operation.
+ 2. libcurl - multi interface
+ 2.1 More non-blocking
+ 2.2 Pause transfers
+ 2.3 Remove easy interface internally
+ 2.4 Avoid having to remove/readd handles
+
+ 3. Documentation
+ 3.1  More and better
+
+ 4. FTP
+ 4.1 PRET
+ 4.2 Alter passive/active on failure and retry
+ 4.3 Earlier bad letter detection
+ 4.4 REST for large files
+ 4.5 FTP proxy support
+ 4.6 PORT port range
+ 4.7 ASCII support
+
+ 5. HTTP
+ 5.1 Other HTTP versions with CONNECT
+ 5.2 Better persistancy for HTTP 1.0
+ 5.3 support FF3 sqlite cookie files
+
+ 6. TELNET
+ 6.1 ditch stdin
+ 6.2 ditch telnet-specific select
+
+ 7. SSL
+ 7.1 Disable specific versions
+ 7.2 Provide mytex locking API
+ 7.3 dumpcert
+ 7.4 Evaluate SSL patches
+ 7.5 Cache OpenSSL contexts
+ 7.6 Export session ids
+ 7.7 Provide callback for cert verfication
+ 7.8 Support other SSL libraries
+ 7.9  Support SRP on the TLS layer
+ 7.10 improve configure --with-ssl
+
+ 8. GnuTLS
+ 8.1 Make NTLM work without OpenSSL functions
+ 8.2 SSl engine stuff
+ 8.3 SRP
+ 8.4 non-blocking
+ 8.5 check connection
+
+ 9. LDAP
+ 9.1 ditch ldap-specific select
+
+ 10. New protocols
+ 10.1 RTSP
+ 10.2 RSYNC
+ 10.3 RTMP
+
+ 11. Client
+ 11.1 Content-Disposition
+ 11.2 sync
+ 11.3 glob posts
+ 11.4 prevent file overwriting
+ 11.5 ftp wildcard download
+ 11.6 simultaneous parallel transfers
+ 11.7 provide formpost headers
+ 11.8 url-specific options
+
+ 12. Build
+ 12.1 roffit
+
+ 13. Test suite
+ 13.1 SSL tunnel
+ 13.2 nicer lacking perl message
+ 13.3 more protocols supported
+ 13.4 more platforms supported
+
+ 14. Next SONAME bump
+ 14.1 http-style HEAD output for ftp
+ 14.2 combine error codes
+ 14.3 extend CURLOPT_SOCKOPTFUNCTION prototype
+
+ 15. Next major release
+ 15.1 cleanup return codes
+ 15.2 remove obsolete defines
+ 15.3 size_t
+ 15.4 remove several functions
+ 15.5 remove CURLOPT_FAILONERROR
+ 15.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
+
+==============================================================================
+
+1. libcurl
+
+1.1 Zero-copy interface
+
+ Introdue another callback interface for upload/download that makes one less
+ copy of data and thus a faster operation.
 [http://curl.haxx.se/dev/no_copy_callbacks.txt]

- * More data sharing. curl_share_* functions already exist and work, and they
-   can be extended to share more. For example, enable sharing of the ares
-   channel and the connection cache.
+1.2 More data sharing

- * Introduce a new error code indicating authentication problems (for proxy
-   CONNECT error 407 for example). This cannot be an error code, we must not
-   return informational stuff as errors, consider a new info returned by
-   curl_easy_getinfo() http://curl.haxx.se/bug/view.cgi?id=845941
+ curl_share_* functions already exist and work, and they can be extended to
+ share more. For example, enable sharing of the ares channel and the
+ connection cache.

- * Use 'struct lifreq' and SIOCGLIFADDR instead of 'struct ifreq' and
+1.3 struct lifreq
+
+ Use 'struct lifreq' and SIOCGLIFADDR instead of 'struct ifreq' and
 SIOCGIFADDR on newer Solaris versions as they claim the latter is obsolete.
-   To support ipv6 interface addresses properly.
+ To support ipv6 interface addresses for network interfaces properly.

- * Add the following to curl_easy_getinfo(): GET_HTTP_IP, GET_FTP_IP and
-   GET_FTP_DATA_IP. Return a string with the used IP. Suggested by Alan.
+1.4 Get IP address

- * Add option that changes the interval in which the progress callback is
-   called at most.
+ Add the following to curl_easy_getinfo(): GET_HTTP_IP, GET_FTP_IP and
+ GET_FTP_DATA_IP. Return a string with the used IP.

- * Make libcurl built with c-ares use c-ares' IPv6 abilities. They weren't
+1.5 c-ares ipv6
+
+ Make libcurl built with c-ares use c-ares' IPv6 abilities. They weren't
 present when we first added c-ares support but they have been added since!
 When this is done and works, we can actually start considering making c-ares
 powered libcurl the default build (which of course would require that we'd
 bundle the c-ares source code in the libcurl source code releases).

- * Make the curl/*.h headers include the proper system includes based on what
-   was present at the time when configure was run. Currently, the sys/select.h
-   header is for example included by curl/multi.h only on specific platforms
-   we know MUST have it. This is error-prone. We therefore want the header
-   files to adapt to configure results. Those results must be stored in a new
-   header and they must use a curl name space, i.e not be HAVE_* prefix (as
-   that would risk collide with other apps that use libcurl and that runs
-   configure).
+1.6 configure-based info in public headers

- LIBCURL - multi interface
+ Make the public headers include the proper system includes based on what was
+ present at the time when configure was run. Currently, the sys/select.h
+ header is for example included by curl/multi.h only on specific platforms we
+ know MUST have it. This is error-prone. We therefore want the header files to
+ adapt to configure results. Those results must be stored in a new header and
+ they must use a curl name space, i.e not be HAVE_* prefix (as that would risk
+ collide with other apps that use libcurl and that runs configure).

- * Make sure we don't ever loop because of non-blocking sockets return
+ Work on this has been started but hasn't been finished, and the initial patch
+ and some details are found here:
+ http://curl.haxx.se/mail/lib-2006-12/0084.html
+
+ The remaining problems to solve involve the platforms that can't run
+ configure.
+
+2. libcurl - multi interface
+
+2.1 More non-blocking
+
+ Make sure we don't ever loop because of non-blocking sockets return
 EWOULDBLOCK or similar. The GnuTLS connection etc.

- * Make transfers treated more carefully. We need a way to tell libcurl we
-   have data to write, as the current system expects us to upload data each
-   time the socket is writable and there is no way to say that we want to
-   upload data soon just not right now, without that aborting the upload. The
-   opposite situation should be possible as well, that we tell libcurl we're
-   ready to accept read data. Today libcurl feeds the data as soon as it is
-   available for reading, no matter what.
+2.2 Pause transfers

- * Make curl_easy_perform() a wrapper-function that simply creates a multi
+ Make transfers treated more carefully. We need a way to tell libcurl we have
+ data to write, as the current system expects us to upload data each time the
+ socket is writable and there is no way to say that we want to upload data
+ soon just not right now, without that aborting the upload. The opposite
+ situation should be possible as well, that we tell libcurl we're ready to
+ accept read data. Today libcurl feeds the data as soon as it is available for
+ reading, no matter what.
+
+2.3 Remove easy interface internally
+
+ Make curl_easy_perform() a wrapper-function that simply creates a multi
 handle, adds the easy handle to it, runs curl_multi_perform() until the
 transfer is done, then detach the easy handle, destroy the multi handle and
 return the easy handle's return code. This will thus make everything
 internally use and assume the multi interface. The select()-loop should use
 curl_multi_socket().

- DOCUMENTATION
+2.4 Avoid having to remove/readd handles

- * More and better
+ curl_multi_handle_control() - this can control the easy handle (while) added
+ to a multi handle in various ways:

- FTP
+ o RESTART, unconditionally restart this easy handle's transfer from the
+   start, re-init the state

- * Make the detection of (bad) %0d and %0a codes in FTP url parts earlier in
-   the process to avoid doing a resolve and connect in vain.
+ o RESTART_COMPLETED, restart this easy handle's transfer but only if the
+   existing transfer has already completed and it is in a "finished state".

- * Support GSS/Kerberos 5 for ftp file transfer. This will allow user
-   authentication and file encryption.  Possible libraries and example clients
-   are available from MIT or Heimdal. Requested by Markus Moeller.
+ o STOP, just stop this transfer and consider it completed

- * REST fix for servers not behaving well on >2GB requests. This should fail
-   if the server doesn't set the pointer to the requested index. The tricky
-   (impossible?) part is to figure out if the server did the right thing or
-   not.
+ o PAUSE?

- * Support the most common FTP proxies, Philip Newton provided a list
-   allegedly from ncftp:
-   http://curl.haxx.se/mail/archive-2003-04/0126.html
+ o RESUME?

- * Make CURLOPT_FTPPORT support an additional port number on the IP/if/name,
+3. Documentation
+
+3.1  More and better
+
+ Exactly
+
+4. FTP
+
+4.1 PRET
+
+ PRET is a command that primarily "drftpd" supports, which could be useful
+ when using libcurl against such a server. It is a non-standard and a rather
+ oddly designed command, but...
+ http://curl.haxx.se/bug/feature.cgi?id=1729967
+
+4.2 Alter passive/active on failure and retry
+
+ When trying to connect passively to a server which only supports active
+ connections, libcurl returns CURLE_FTP_WEIRD_PASV_REPLY and closes the
+ connection. There could be a way to fallback to an active connection (and
+ vice versa). http://curl.haxx.se/bug/feature.cgi?id=1754793
+
+4.3 Earlier bad letter detection
+
+ Make the detection of (bad) %0d and %0a codes in FTP url parts earlier in the
+ process to avoid doing a resolve and connect in vain.
+
+4.4 REST for large files
+
+ REST fix for servers not behaving well on >2GB requests. This should fail if
+ the server doesn't set the pointer to the requested index. The tricky
+ (impossible?) part is to figure out if the server did the right thing or not.
+
+4.5 FTP proxy support
+
+ Support the most common FTP proxies, Philip Newton provided a list allegedly
+ from ncftp. This is not a subject without debate, and is probably not really
+ suitable for libcurl.  http://curl.haxx.se/mail/archive-2003-04/0126.html
+
+4.6 PORT port range
+
+ Make CURLOPT_FTPPORT support an additional port number on the IP/if/name,
 like "blabla:[port]" or possibly even "blabla:[portfirst]-[portsecond]".
+ http://curl.haxx.se/bug/feature.cgi?id=1505166

- * FTP ASCII transfers do not follow RFC959. They don't convert the data
+4.7 ASCII support
+
+ FTP ASCII transfers do not follow RFC959. They don't convert the data
 accordingly.

- * Since USERPWD always override the user and password specified in URLs, we
-   might need another way to specify user+password for anonymous ftp logins.
+5. HTTP

- * The FTP code should get a way of returning errors that is known to still
-   have the control connection alive and sound. Currently, a returned error
-   from within ftp-functions does not tell if the control connection is still
-   OK to use or not. This causes libcurl to fail to re-use connections
-   slightly too often.
+5.1 Other HTTP versions with CONNECT

- HTTP
+ When doing CONNECT to a HTTP proxy, libcurl always uses HTTP/1.0. This has
+ never been reported as causing trouble to anyone, but should be considered to
+ use the HTTP version the user has chosen.

- * When doing CONNECT to a HTTP proxy, libcurl always uses HTTP/1.0. This has
-   never been reported as causing trouble to anyone, but should be considered
-   to use the HTTP version the user has chosen.
+5.2 Better persistancy for HTTP 1.0

- TELNET
+ "Better" support for persistent connections over HTTP 1.0
+ http://curl.haxx.se/bug/feature.cgi?id=1089001

- * Reading input (to send to the remote server) on stdin is a crappy solution
-   for library purposes. We need to invent a good way for the application to
-   be able to provide the data to send.
+5.3 support FF3 sqlite cookie files

- * Move the telnet support's network select() loop go away and merge the code
+ Firefox 3 is changing from its former format to a a sqlite database instead.
+ We should consider how (lib)curl can/should support this.
+ http://curl.haxx.se/bug/feature.cgi?id=1871388
+
+6. TELNET
+
+6.1 ditch stdin
+
+Reading input (to send to the remote server) on stdin is a crappy solution for
+library purposes. We need to invent a good way for the application to be able
+to provide the data to send.
+
+6.2 ditch telnet-specific select
+
+ Move the telnet support's network select() loop go away and merge the code
 into the main transfer loop. Until this is done, the multi interface won't
 work for telnet.

- SSL
+7. SSL

- * Provide a libcurl API for setting mutex callbacks in the underlying SSL
+7.1 Disable specific versions
+
+ Provide an option that allows for disabling specific SSL versions, such as
+ SSLv2 http://curl.haxx.se/bug/feature.cgi?id=1767276
+
+7.2 Provide mytex locking API
+
+ Provide a libcurl API for setting mutex callbacks in the underlying SSL
 library, so that the same application code can use mutex-locking
 independently of OpenSSL or GnutTLS being used.

- * Anton Fedorov's "dumpcert" patch:
+7.3 dumpcert
+
+ Anton Fedorov's "dumpcert" patch:
 http://curl.haxx.se/mail/lib-2004-03/0088.html

- * Evaluate/apply Gertjan van Wingerde's SSL patches:
+7.4 Evaluate SSL patches
+
+ Evaluate/apply Gertjan van Wingerde's SSL patches:
 http://curl.haxx.se/mail/lib-2004-03/0087.html

- * "Look at SSL cafile - quick traces look to me like these are done on every
-   request as well, when they should only be necessary once per ssl context
-   (or once per handle)". The major improvement we can rather easily do is to
-   make sure we don't create and kill a new SSL "context" for every request,
-   but instead make one for every connection and re-use that SSL context in
-   the same style connections are re-used. It will make us use slightly more
-   memory but it will libcurl do less creations and deletions of SSL contexts.
+7.5 Cache OpenSSL contexts

- * Add an interface to libcurl that enables "session IDs" to get
+ "Look at SSL cafile - quick traces look to me like these are done on every
+ request as well, when they should only be necessary once per ssl context (or
+ once per handle)". The major improvement we can rather easily do is to make
+ sure we don't create and kill a new SSL "context" for every request, but
+ instead make one for every connection and re-use that SSL context in the same
+ style connections are re-used. It will make us use slightly more memory but
+ it will libcurl do less creations and deletions of SSL contexts.
+
+7.6 Export session ids
+
+ Add an interface to libcurl that enables "session IDs" to get
 exported/imported. Cris Bailiff said: "OpenSSL has functions which can
-   serialise the current SSL state to a buffer of your choice, and
-   recover/reset the state from such a buffer at a later date - this is used
-   by mod_ssl for apache to implement and SSL session ID cache".
+ serialise the current SSL state to a buffer of your choice, and recover/reset
+ the state from such a buffer at a later date - this is used by mod_ssl for
+ apache to implement and SSL session ID cache".

- * OpenSSL supports a callback for customised verification of the peer
+7.7 Provide callback for cert verfication
+
+ OpenSSL supports a callback for customised verification of the peer
 certificate, but this doesn't seem to be exposed in the libcurl APIs. Could
-   it be? There's so much that could be done if it were! (brought by Chris
-   Clark)
+ it be? There's so much that could be done if it were!

- * Make curl's SSL layer capable of using other free SSL libraries.  Such as
+7.8 Support other SSL libraries
+
+ Make curl's SSL layer capable of using other free SSL libraries.  Such as
 MatrixSSL (http://www.matrixssl.org/).

- * Peter Sylvester's patch for SRP on the TLS layer.
-   Awaits OpenSSL support for this, no need to support this in libcurl before
-   there's an OpenSSL release that does it.
+7.9  Support SRP on the TLS layer

- * make the configure --with-ssl option first check for OpenSSL, then GnuTLS,
+ Peter Sylvester's patch for SRP on the TLS layer.  Awaits OpenSSL support for
+ this, no need to support this in libcurl before there's an OpenSSL release
+ that does it.
+
+7.10 improve configure --with-ssl
+
+ make the configure --with-ssl option first check for OpenSSL, then GnuTLS,
 then NSS...

- GnuTLS
+8. GnuTLS

- * Get NTLM working using the functions provided by libgcrypt, since GnuTLS
+8.1 Make NTLM work without OpenSSL functions
+
+ Get NTLM working using the functions provided by libgcrypt, since GnuTLS
 already depends on that to function. Not strictly SSL/TLS related, but
 hey... Another option is to get available DES and MD4 source code from the
 cryptopp library. They are fine license-wise, but are C++.

- * SSL engine stuff?
+8.2 SSl engine stuff

- * Work out a common method with Peter Sylvester's OpenSSL-patch for SRP
-   on the TLS to provide name and password
+ Is this even possible?

- * Fix the connection phase to be non-blocking when multi interface is used
+8.3 SRP

- * Add a way to check if the connection seems to be alive, to correspond to
-   the SSL_peak() way we use with OpenSSL.
+ Work out a common method with Peter Sylvester's OpenSSL-patch for SRP on the
+ TLS to provide name and password. GnuTLS already supports it...

- LDAP
+8.4 non-blocking
+
+ Fix the connection phase to be non-blocking when multi interface is used
+
+8.5 check connection
+
+ Add a way to check if the connection seems to be alive, to correspond to the
+ SSL_peak() way we use with OpenSSL.
+
+9. LDAP
+
+9.1 ditch ldap-specific select

 * Look over the implementation. The looping will have to "go away" from the
   lib/ldap.c source file and get moved to the main network code so that the
   multi interface and friends will work for LDAP as well.

- NEW PROTOCOLS
+10. New protocols

- * RTSP - RFC2326 (protocol - very HTTP-like, also contains URL description)
+10.1 RTSP

- * RSYNC (no RFCs for protocol nor URI/URL format).  An implementation should
+ RFC2326 (protocol - very HTTP-like, also contains URL description)
+
+10.2 RSYNC
+
+ There's no RFC for protocol nor URI/URL format.  An implementation should
 most probably use an existing rsync library, such as librsync.

- CLIENT
+10.3 RTMP

- * "curl --sync http://example.com/feed[1-100].rss" or
+ There exists a patch that claims to introduce this protocol:
+ http://osdir.com/ml/gnu.gnash.devel2/2006-11/msg00278.html, further details
+ in the feature-request: http://curl.haxx.se/bug/feature.cgi?id=1843469
+
+11. Client
+
+11.1 Content-Disposition
+
+ Add option that is similar to -O but that takes the output file name from the
+ Content-Disposition: header, and/or uses the local file name used in
+ redirections for the cases the server bounces the request further to a
+ different file (name): http://curl.haxx.se/bug/feature.cgi?id=1364676
+
+11.2 sync
+
+ "curl --sync http://example.com/feed[1-100].rss" or
 "curl --sync http://example.net/{index,calendar,history}.html"

 Downloads a range or set of URLs using the remote name, but only if the
 remote file is newer than the local file. A Last-Modified HTTP date header
 should also be used to set the mod date on the downloaded file.
-   (idea from "Brianiac")

- * Globbing support for -d and -F, as in 'curl -d "name=foo[0-9]" URL'.
-   Requested by Dane Jensen and others. This is easily scripted though.
+11.3 glob posts

- * Add an option that prevents cURL from overwriting existing local files. When
+ Globbing support for -d and -F, as in 'curl -d "name=foo[0-9]" URL'.
+ This is easily scripted though.
+
+11.4 prevent file overwriting
+
+ Add an option that prevents cURL from overwriting existing local files. When
 used, and there already is an existing file with the target file name
 (either -O or -o), a number should be appended (and increased if already
 existing). So that index.html becomes first index.html.1 and then
-   index.html.2 etc. Jeff Pohlmeyer suggested.
+ index.html.2 etc.

- * "curl ftp://site.com/*.txt"
+11.5 ftp wildcard download

- * The client could be told to use maximum N simultaneous transfers and then
-   just make sure that happens. It should of course not make more than one
-   connection to the same remote host. This would require the client to use
-   the multi interface.
+ "curl ftp://site.com/*.txt"

- * Extending the capabilities of the multipart formposting. How about leaving
+11.6 simultaneous parallel transfers
+
+ The client could be told to use maximum N simultaneous parallel transfers and
+ then just make sure that happens. It should of course not make more than one
+ connection to the same remote host. This would require the client to use the
+ multi interface. http://curl.haxx.se/bug/feature.cgi?id=1558595
+
+11.7 provide formpost headers
+
+ Extending the capabilities of the multipart formposting. How about leaving
 the ';type=foo' syntax as it is and adding an extra tag (headers) which
 works like this: curl -F "coolfiles=@fil1.txt;headers=@fil1.hdr" where
 fil1.hdr contains extra headers like
@@ -232,17 +452,11 @@ TODO
   X-User-Comment: Please don't use browser specific HTML code

 which should overwrite the program reasonable defaults (plain/text,
-   8bit...) (Idea brough to us by kromJx)
+ 8bit...)

- * ability to specify the classic computing suffixes on the range
-   specifications. For example, to download the first 500 Kilobytes of a file,
-   be able to specify the following for the -r option: "-r 0-500K" or for the
-   first 2 Megabytes of a file: "-r 0-2M". (Mark Smith suggested)
+11.8 url-specific options

- * --data-encode that URL encodes the data before posting
-   http://curl.haxx.se/mail/archive-2003-11/0091.html (Kevin Roth suggested)
-
- * Provide a way to make options bound to a specific URL among several on the
+ Provide a way to make options bound to a specific URL among several on the
 command line. Possibly by letting ':' separate options between URLs,
 similar to this:

@@ -254,46 +468,105 @@ TODO

 The example would do a POST-GET-POST combination on a single command line.

- BUILD
+12. Build

- * Consider extending 'roffit' to produce decent ASCII output, and use that
+12.1 roffit
+
+ Consider extending 'roffit' to produce decent ASCII output, and use that
 instead of (g)nroff when building src/hugehelp.c

- TEST SUITE
+13. Test suite

- * Make our own version of stunnel for simple port forwarding to enable HTTPS
+13.1 SSL tunnel
+
+ Make our own version of stunnel for simple port forwarding to enable HTTPS
 and FTP-SSL tests without the stunnel dependency, and it could allow us to
 provide test tools built with either OpenSSL or GnuTLS

- * Make the test servers able to serve multiple running test suites. Like if
-   two users run 'make test' at once.
+13.2 nicer lacking perl message

- * If perl wasn't found by the configure script, don't attempt to run the
-   tests but explain something nice why it doesn't.
+ If perl wasn't found by the configure script, don't attempt to run the tests
+ but explain something nice why it doesn't.

- * Extend the test suite to include more protocols. The telnet could just do
-   ftp or http operations (for which we have test servers).
+13.3 more protocols supported

- * Make the test suite work on more platforms. OpenBSD and Mac OS. Remove
+ Extend the test suite to include more protocols. The telnet could just do ftp
+ or http operations (for which we have test servers).
+
+13.4 more platforms supported
+
+ Make the test suite work on more platforms. OpenBSD and Mac OS. Remove
 fork()s and it should become even more portable.

- NEXT MAJOR RELEASE
+14. Next SONAME bump

- * curl_easy_cleanup() returns void, but curl_multi_cleanup() returns a
+14.1 http-style HEAD output for ftp
+
+ #undef CURL_FTP_HTTPSTYLE_HEAD in lib/ftp.c to remove the HTTP-style headers
+ from being output in NOBODY requests over ftp
+
+14.2 combine error codes
+
+ Combine some of the error codes to remove duplicates.  The original
+ numbering should not be changed, and the old identifiers would be
+ macroed to the new ones in an CURL_NO_OLDIES section to help with
+ backward compatibility.
+
+ Candidates for removal and their replacements:
+
+    CURLE_FILE_COULDNT_READ_FILE => CURLE_REMOTE_FILE_NOT_FOUND
+    CURLE_FTP_COULDNT_RETR_FILE => CURLE_REMOTE_FILE_NOT_FOUND
+    CURLE_FTP_COULDNT_USE_REST => CURLE_RANGE_ERROR
+    CURLE_FUNCTION_NOT_FOUND => CURLE_FAILED_INIT
+    CURLE_LDAP_INVALID_URL => CURLE_URL_MALFORMAT
+    CURLE_TFTP_NOSUCHUSER => CURLE_TFTP_ILLEGAL
+    CURLE_TFTP_NOTFOUND => CURLE_REMOTE_FILE_NOT_FOUND
+    CURLE_TFTP_PERM => CURLE_REMOTE_ACCESS_DENIED
+
+14.3 extend CURLOPT_SOCKOPTFUNCTION prototype
+
+ The current prototype only provides 'purpose' that tells what the
+ connection/socket is for, but not any protocol or similar. It makes it hard
+ for applications to differentiate on TCP vs UDP and even HTTP vs FTP and
+ similar.
+
+15. Next major release
+
+15.1 cleanup return codes
+
+ curl_easy_cleanup() returns void, but curl_multi_cleanup() returns a
 CURLMcode. These should be changed to be the same.

- * remove obsolete defines from curl/curl.h
+15.2 remove obsolete defines

- * make several functions use size_t instead of int in their APIs
+ remove obsolete defines from curl/curl.h
+
+15.3 size_t
+
+ make several functions use size_t instead of int in their APIs
+
+15.4 remove several functions
+
+ remove the following functions from the public API:

- * remove the following functions from the public API:
 curl_getenv
+
 curl_mprintf (and variations)
+
 curl_strequal
+
 curl_strnequal

 They will instead become curlx_ - alternatives. That makes the curl app
 still capable of building with them from source.

- * Remove support for CURLOPT_FAILONERROR, it has gotten too kludgy and weird
+15.5 remove CURLOPT_FAILONERROR
+
+ Remove support for CURLOPT_FAILONERROR, it has gotten too kludgy and weird
 internally. Let the app judge success or not for itself.
+
+15.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
+
+ Remove support for a global DNS cache. Anything global is silly, and we
+ already offer the share interface for the same functionality but done
+ "right".
--- a/docs/curl-config.1
+++ b/docs/curl-config.1
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -21,7 +21,7 @@
 .\" * $Id$
 .\" **************************************************************************
 .\"
-.TH curl-config 1 "25 Jan 2004" "Curl 7.15.4" "curl-config manual"
+.TH curl-config 1 "25 Oct 2007" "Curl 7.17.1" "curl-config manual"
 .SH NAME
 curl-config \- Get information about a libcurl installation
 .SH SYNOPSIS
@@ -62,6 +62,9 @@ the time of writing, this list may include HTTP, HTTPS, FTP, FTPS, FILE,
 TELNET, LDAP, DICT. Do not assume any particular order. The protocols will
 be listed using uppercase and are separated by newlines. There may be none,
 one or several protocols in the list. (Added in 7.13.0)
+.IP "--static-libs"
+Shows the complete set of libs and other linker options you will need in order
+to link your application with libcurl statically. (Added in 7.17.1)
 .IP "--version"
 Outputs version information about the installed libcurl.
 .IP "--vernum"
--- a/Show More
+++ b/Show More