7.16.4 preps

added better CodeWarrior detection (forgot to add with previos version).
added better CodeWarrior detection;
2007-07-10 21:36:30 +00:00 · 2007-07-09 02:00:39 +00:00 · 2007-07-08 23:19:24 +00:00 · 2007-07-08 23:18:47 +00:00 · 2007-07-08 23:17:56 +00:00 · 2007-07-07 16:26:02 +00:00
56 changed files with 1344 additions and 475 deletions
--- a/47
+++ b/47
@@ -6,6 +6,53 @@

                                  Changelog

+Version 7.16.4 (10 July 2007)
+
+Daniel S (10 July 2007)
+- Kees Cook notified us about a security flaw
+  (http://curl.haxx.se/docs/adv_20070710.html) in which libcurl failed to
+  properly reject some outdated or not yet valid server certificates when
+  built with GnuTLS. Kees also provided the patch.
+
+James H (5 July 2007)
+- Gavrie Philipson provided a patch that will use a more specific error
+  message for an scp:// upload failure.  If libssh2 has his matching
+  patch, then the error message return by the server will be used instead
+  of a more generic error.
+
+Daniel S (1 July 2007)
+- Thomas J. Moore provided a patch that introduces Kerberos5 support in
+  libcurl. This also makes the options change name to --krb (from --krb4) and
+  CURLOPT_KRBLEVEL (from CURLOPT_KRB4LEVEL) but the old names are still 
+
+- Song Ma helped me verify and extend a fix for doing FTP over a SOCKS4/5
+  proxy.
+
+Daniel S (27 June 2007)
+- James Housley: Add two new options for the SFTP/SCP/FILE protocols:
+  CURLOPT_NEW_FILE_PERMS and CURLOPT_NEW_DIRECTORY_PERMS. These control the
+  premissions for files and directories created on the remote
+  server. CURLOPT_NEW_FILE_PERMS defaults to 0644 and
+  CURLOPT_NEW_DIRECTORY_PERMS defaults to 0755
+
+- I corrected the 10-at-a-time.c example and applied a patch for it by James
+  Bursa.
+
+Daniel S (26 June 2007)
+- Robert Iakobashvili re-arranged the internal hash code to work with a custom
+  hash function for different hashes, and also expanded the default size for
+  the socket hash table used in multi handles to greatly enhance speed when
+  very many connections are added and the socket API is used.
+
+- James Housley made the CURLOPT_FTPLISTONLY mode work for SFTP directory
+  listings as well
+
+Daniel S (25 June 2007)
+- Adjusted how libcurl treats HTTP 1.1 responses without content-lenth or
+  chunked encoding (that also lacks "Connection: close"). It now simply
+  assumes that the connection WILL be closed to signal the end, as that is how
+  RFC2616 section 4.4 point #5 says we should behave.
+  
 Version 7.16.3 (25 June 2007)

 Daniel S (23 June 2007)
--- a/89
+++ b/89
@@ -1,67 +1,30 @@
-Curl and libcurl 7.16.3
+Curl and libcurl 7.16.4

- Public curl release number:               99
+ Public curl release number:               100
 Releases counted from the very beginning: 126
 Available command line options:           118
- Available curl_easy_setopt() options:     141
- Number of public functions in libcurl:    54
- Amount of public web site mirrors:        38
+ Available curl_easy_setopt() options:     143
+ Number of public functions in libcurl:    55
+ Amount of public web site mirrors:        39
 Number of known libcurl bindings:         35
- Number of contributors:                   554
+ Number of contributors:                   572

 This release includes the following changes:
 
- o added curl_multi_socket_action()
- o deprecated curl_multi_socket()
- o uses less memory in non-pipelined use cases
- o CURLOPT_HTTP200ALIASES matched transfers assume HTTP 1.0 compliance
- o more than one test harness can run at the same time without conflict
- o SFTP now supports quote commands before a transfer
- o CURLMOPT_MAXCONNECTS added to curl_multi_setopt()
- o upload resume works for file:// URLs
- o asynchronous name resolves now require c-ares 1.4.0 or later
- o added SOCKS test cases
- o CURLOPT_FTP_CREATE_MISSING_DIRS and --ftp-create-dirs now work for SFTP
-   operations as well
+ o added CURLOPT_NEW_FILE_PERMS and CURLOPT_NEW_DIRECTORY_PERMS
+ o improved hashing of sockets for the multi_socket API
+ o ftp kerberos5 support added

 This release includes the following bugfixes:

- o if2up too long interface name memory leak
- o test case 534 started to fail 2007-04-13 due to the existance of a
-   new host on the net with the same silly domain the test was using
-   for a host which was supposed not to exist.
- o test suite SSL certificate works better with newer stunnel
- o internal progress meter update frequency back to once per second
- o avoid some unnecessary calls to function gettimeofday
- o a double-free in the SSL-layer
- o GnuTLS free of NULL credentials
- o NSS-fix for closing down SSL
- o bad warning from configure when gnutls was selected
- o compilation on VMS 64-bit mode
- o SCP/SFTP downloads could hang on the last bytes of a transfer
- o curl_easy_duphandle() crash
- o curl -V / curl_version*() works even when GnuTLS is used on a system without
-   a good random source
- o curl_multi_socket() not "noticing" newly added handles
- o lack of Content-Length and chunked encoding now requires HTTP 1.1 as well
-   to be treated as without response body
- o connection cache growth in multi handles
- o better handling of out of memory conditions
- o overwriting an uploaded file with sftp now truncates it first
- o SFTP quote commands chmod, chown, chgrp can now set a value of 0
- o TFTP connect timouts less than 5 seconds
- o improved curl -w for TFTP transfers
- o memory leak when failed OpenSSL certificate CN field checking
- o memory leak when OpenSSL failed PKCS #12 parsing
- o FPL-SSL when built with NSS
- o out-of-boundary write in Curl_select()
- o -s/--silent can now be used to toggle off the silence again
- o builds fine on 64bit HP-UX
- o multi interface HTTP CONNECT glitch
- o list FTP root directories when login dir is not root
- o no longer slows down when getting very many URLs on the same command line
- o lock share before decreasing dirty counter
- o no-body FTP requests on re-used connections
+ o adjusted how libcurl treats HTTP 1.1 responses without content-lenth or
+   chunked encoding
+ o fixed the 10-at-a-time.c example
+ o FTP over SOCKS proxy
+ o improved error messages on SCP upload failures
+ o security flaw (http://curl.haxx.se/docs/adv_20070710.html) in which libcurl
+   failed to properly reject some outdated or not yet valid server certificates
+   when built with GnuTLS

 This release includes the following known bugs:

@@ -69,26 +32,16 @@ This release includes the following known bugs:

 Other curl-related news:

- o PycURL 7.16.2.1 was released: http://pycurl.sf.net/
- o TclCurl 7.16.2 was released:
-   http://personal1.iddeo.es/andresgarci/tclcurl/english/
+ o 

 New curl mirrors:

- o http://curl.spegulo.be is a new mirror in Belgium
- o http://curl.piotrkosoft.net is a new mirror in Poland
- o http://curl.smudge-it.net is a new mirror in St Louis, MO, USA
- o http://curl.askapache.com is a new mirror in Indiana, USA
+ o 

 This release would not have looked like this without help, code, reports and
 advice from friends like these:

- Song Ma, Dan Fandrich, Yang Tse, Jay Austin, Robert Iakobashvil,
- James Housley, Daniel Black, Steve Little, Sonia Subramanian, Peter O'Gorman,
- Frank Hempel, Michael Wallner, Jeff Pohlmeyer, Tobias Rundstr<74>m,
- Anders Gustafsson, James Bursa, Kristian Gunstone, Feng Tu,
- Andre Guibert de Bruet, Rob Crittenden, Rich Rauenzahn, Tom Regner,
- Dave Vasilevsky, Shmulik Regev, Robson Braga Araujo, Adam Piggott,
- Gerrit Bruchh<68>user
+ Robert Iakobashvili, James Housley, G<>nter Knauf, James Bursa, Song Ma,
+ Thomas J. Moore, Gavrie Philipson, Kees Cook

        Thanks! (and sorry if I forgot to mention someone)
--- a/ares/Makefile.netware
+++ b/ares/Makefile.netware
@@ -35,10 +35,10 @@ ifndef LIBARCH
 LIBARCH = LIBC
 endif

-# must be equal to DEBUG or NDEBUG
+# must be equal to NDEBUG or DEBUG, CURLDEBUG
+ifndef DB
 DB	= NDEBUG
-# DB	= DEBUG
-# DB	= CURLDEBUG
+endif
 # Optimization: -O<n> or debugging: -g
 ifeq ($(DB),NDEBUG)
 	OPT	= -O2
@@ -51,12 +51,20 @@ endif
 # Include the version info retrieved from curlver.h
 -include $(OBJDIR)/version.inc

-# The following line defines your compiler.
+# The following lines defines your compiler.
+ifdef CWFolder
+	METROWERKS = $(CWFolder)
+endif
 ifdef METROWERKS
+	# MWCW_PATH = $(subst \,/,$(METROWERKS))/Novell Support
+	MWCW_PATH = $(subst \,/,$(METROWERKS))/Novell Support/Metrowerks Support
 	CC = mwccnlm
 else
 	CC = gcc
 endif
+# a native win32 awk can be downloaded from here:
+# http://www.gknw.net/development/prgtools/awk-20050424.zip
+AWK	= awk
 YACC	= bison -y
 CP	= cp -afv
 # RM	= rm -f
@@ -82,8 +90,10 @@ ifeq ($(LIBARCH),LIBC)
 	PRELUDE = $(SDK_LIBC)/imports/libcpre.o
 	CFLAGS += -align 4
 else
-	PRELUDE = "$(METROWERKS)/Novell Support/libraries/runtime/prelude.obj"
-#	CFLAGS += -include "$(METROWERKS)/Novell Support/headers/nlm_prefix.h"
+	# PRELUDE = $(SDK_CLIB)/imports/clibpre.o
+	# to avoid the __init_* / __deinit_* whoes dont use prelude from NDK
+	PRELUDE = "$(MWCW_PATH)/libraries/runtime/prelude.obj"
+	# CFLAGS += -include "$(MWCW_PATH)/headers/nlm_clib_prefix.h"
 	CFLAGS += -align 1
 endif
 else
@@ -98,7 +108,10 @@ CFLAGS	+= -Wall -Wno-format -Wno-uninitialized # -pedantic
 ifeq ($(LIBARCH),LIBC)
 	PRELUDE = $(SDK_LIBC)/imports/libcpre.gcc.o
 else
-	PRELUDE = $(SDK_CLIB)/imports/clibpre.gcc.o
+	# PRELUDE = $(SDK_CLIB)/imports/clibpre.gcc.o
+	# to avoid the __init_* / __deinit_* whoes dont use prelude from NDK
+	# http://www.gknw.net/development/mk_nlm/gcc_pre.zip
+	PRELUDE = $(NDK_ROOT)/pre/prelude.o
 	CFLAGS += -include $(NDKBASE)/nlmconv/genlm.h
 endif
 endif
@@ -108,14 +121,14 @@ SDK_CLIB = $(NDK_ROOT)/nwsdk
 SDK_LIBC = $(NDK_ROOT)/libc

 ifeq ($(LIBARCH),LIBC)
-	INCLUDES += -I$(SDK_LIBC)/include -I$(SDK_LIBC)/include/nks
+	INCLUDES += -I$(SDK_LIBC)/include
+	# INCLUDES += -I$(SDK_LIBC)/include/nks
 	# INCLUDES += -I$(SDK_LIBC)/include/winsock
 	CFLAGS += -D_POSIX_SOURCE
-#	CFLAGS += -D__ANSIC__
 else
-	INCLUDES += -I$(SDK_CLIB)/include/nlm -I$(SDK_CLIB)/include
+	INCLUDES += -I$(SDK_CLIB)/include/nlm
 	# INCLUDES += -I$(SDK_CLIB)/include/nlm/obsolete
-	CFLAGS += -DNETDB_USE_INTERNET
+	# INCLUDES += -I$(SDK_CLIB)/include
 endif
 CFLAGS	+= -I. $(INCLUDES)

@@ -186,7 +199,7 @@ $(OBJDIR)/%.o: %.c

 $(OBJDIR)/version.inc: ares_version.h $(OBJDIR)
 	@echo Creating $@
-	@awk -f ../packages/NetWare/get_ver.awk $< > $@
+	@$(AWK) -f ../packages/NetWare/get_ver.awk $< > $@

 $(OBJDIR)/%.xdc: Makefile.netware
 	@echo Creating $@
@@ -267,25 +280,77 @@ config.h: Makefile.netware
 	@echo $(DL)#ifndef NETWARE$(DL) >> $@
 	@echo $(DL)#error This $(notdir $@) is created for NetWare platform!$(DL) >> $@
 	@echo $(DL)#endif$(DL) >> $@
-	@echo $(DL)#define OS "i586-pc-NetWare"$(DL) >> $@
 	@echo $(DL)#define VERSION "$(LIBCARES_VERSION_STR)"$(DL) >> $@
 	@echo $(DL)#define PACKAGE_BUGREPORT "a suitable curl mailing list => http://curl.haxx.se/mail/"$(DL) >> $@
-	@echo $(DL)#define HAVE_ARPA_INET_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_ARPA_NAMESER_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_ASSERT_H 1$(DL) >> $@
+ifeq ($(LIBARCH),CLIB)
+	@echo $(DL)#define OS "i586-pc-clib-NetWare"$(DL) >> $@
+	@echo $(DL)#define MAXHOSTNAMELEN 256$(DL) >> $@
+	@echo $(DL)#define NETDB_USE_INTERNET 1$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG1 int$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG2 char *$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG3 int$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG4 int$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_RETV int$(DL) >> $@
+	@echo $(DL)#define SEND_QUAL_ARG2$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG1 int$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG2 char *$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG3 int$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG4 int$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_RETV int$(DL) >> $@
+	@echo $(DL)#define DL_LDAP_FILE "ldapsdk.nlm"$(DL) >> $@
+	@echo $(DL)#define socklen_t int$(DL) >> $@
+	@echo $(DL)#define strncasecmp strnicmp$(DL) >> $@
+	@echo $(DL)#define strcasecmp stricmp$(DL) >> $@
+else
+	@echo $(DL)#define OS "i586-pc-libc-NetWare"$(DL) >> $@
 	@echo $(DL)#define HAVE_DLFCN_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_DLOPEN 1$(DL) >> $@
-	@echo $(DL)#define HAVE_ERR_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_FCNTL_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_FIONBIO 1$(DL) >> $@
-	@echo $(DL)#define HAVE_GETHOSTBYADDR 1$(DL) >> $@
+	@echo $(DL)#define HAVE_FTRUNCATE 1$(DL) >> $@
 	@echo $(DL)#define HAVE_GETTIMEOFDAY 1$(DL) >> $@
-	@echo $(DL)#define HAVE_INET_ADDR 1$(DL) >> $@
-	@echo $(DL)#define HAVE_INET_NTOA 1$(DL) >> $@
 	@echo $(DL)#define HAVE_INET_PTON 1$(DL) >> $@
 	@echo $(DL)#define HAVE_INTTYPES_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_LIMITS_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_LONGLONG 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STDINT_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRCASECMP 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRLCAT 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRLCPY 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRTOLL 1$(DL) >> $@
+	@echo $(DL)#define HAVE_SYS_PARAM_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_SYS_SELECT_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_TERMIOS_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_AF_INET6 1$(DL) >> $@
+	@echo $(DL)#define HAVE_PF_INET6 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRUCT_IN6_ADDR 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRUCT_SOCKADDR_IN6 1$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG1 int$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG2 void *$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG3 size_t$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG4 int$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_RETV ssize_t$(DL) >> $@
+	@echo $(DL)#define SEND_QUAL_ARG2$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG1 int$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG2 void *$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG3 size_t$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG4 int$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_RETV ssize_t$(DL) >> $@
+	@echo $(DL)#define SIZEOF_STRUCT_IN6_ADDR 16$(DL) >> $@
+	@echo $(DL)#define DL_LDAP_FILE "lldapsdk.nlm"$(DL) >> $@
+endif
+	@echo $(DL)#define HAVE_ARPA_INET_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_ARPA_NAMESER_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_ASSERT_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_ERR_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_FCNTL_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_FIONBIO 1$(DL) >> $@
+	@echo $(DL)#define HAVE_GETHOSTBYADDR 1$(DL) >> $@
+	@echo $(DL)#define HAVE_GETHOSTBYNAME 1$(DL) >> $@
+	@echo $(DL)#define HAVE_GETPROTOBYNAME 1$(DL) >> $@
+	@echo $(DL)#define HAVE_GMTIME_R 1$(DL) >> $@
+	@echo $(DL)#define HAVE_INET_ADDR 1$(DL) >> $@
+	@echo $(DL)#define HAVE_INET_NTOA 1$(DL) >> $@
+	@echo $(DL)#define HAVE_LL 1$(DL) >> $@
+	@echo $(DL)#define HAVE_LOCALTIME_R 1$(DL) >> $@
 	@echo $(DL)#define HAVE_MALLOC_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_NETINET_IN_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_RECV 1$(DL) >> $@
@@ -296,46 +361,26 @@ config.h: Makefile.netware
 	@echo $(DL)#define HAVE_SIGNAL_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_SIG_ATOMIC_T 1$(DL) >> $@
 	@echo $(DL)#define HAVE_SOCKET 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STDINT_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STDLIB_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRCASECMP 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRDUP 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRFTIME 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRING_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRLCAT 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRLCPY 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRSTR 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SYS_PARAM_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SYS_SELECT_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRUCT_ADDRINFO 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRUCT_TIMEVAL 1$(DL) >> $@
+	@echo $(DL)#define HAVE_SYS_IOCTL_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_SYS_STAT_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_SYS_TIME_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_TERMIOS_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_TIME_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_UNAME 1$(DL) >> $@
 	@echo $(DL)#define HAVE_UNISTD_H 1$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_ARG1 int$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_ARG2 char *$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_ARG3 int$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_ARG4 int$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_RETV int$(DL) >> $@
+	@echo $(DL)#define HAVE_UTIME 1$(DL) >> $@
+	@echo $(DL)#define HAVE_UTIME_H 1$(DL) >> $@
 	@echo $(DL)#define RETSIGTYPE void$(DL) >> $@
-	@echo $(DL)#define SEND_QUAL_ARG2$(DL) >> $@
-	@echo $(DL)#define SEND_TYPE_ARG1 int$(DL) >> $@
-	@echo $(DL)#define SEND_TYPE_ARG2 char *$(DL) >> $@
-	@echo $(DL)#define SEND_TYPE_ARG3 int$(DL) >> $@
-	@echo $(DL)#define SEND_TYPE_ARG4 int$(DL) >> $@
-	@echo $(DL)#define SEND_TYPE_RETV int$(DL) >> $@
 	@echo $(DL)#define SIZEOF_CURL_OFF_T 4$(DL) >> $@
+	@echo $(DL)#define SIZEOF_STRUCT_IN_ADDR 4$(DL) >> $@
 	@echo $(DL)#define STDC_HEADERS 1$(DL) >> $@
 	@echo $(DL)#define TIME_WITH_SYS_TIME 1$(DL) >> $@
-	@echo $(DL)#define HAVE_AF_INET6 1$(DL) >> $@
-	@echo $(DL)#define HAVE_PF_INET6 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRUCT_ADDRINFO 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRUCT_IN6_ADDR 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRUCT_SOCKADDR_IN6 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRUCT_TIMEVAL 1$(DL) >> $@
-	@echo $(DL)#define SIZEOF_STRUCT_IN6_ADDR 16$(DL) >> $@
-	@echo $(DL)#define SIZEOF_STRUCT_IN_ADDR 4$(DL) >> $@
 ifdef NW_WINSOCK
 	@echo $(DL)#define HAVE_CLOSESOCKET 1$(DL) >> $@
 else
--- a/ares/ares.h
+++ b/ares/ares.h
@@ -20,12 +20,15 @@

 #include <sys/types.h>

-#if defined(_AIX) || defined(NETWARE)
+#if defined(_AIX) || (defined(NETWARE) && defined(__NOVELL_LIBC__))
 /* HP-UX systems version 9, 10 and 11 lack sys/select.h and so does oldish
   libc5-based Linux systems. Only include it on system that are known to
   require it! */
 #include <sys/select.h>
 #endif
+#if (defined(NETWARE) && !defined(__NOVELL_LIBC__))
+#include <sys/bsdskt.h>
+#endif

 #if defined(WATT32)
  #include <netinet/in.h>
--- a/ares/ares_getnameinfo.c
+++ b/ares/ares_getnameinfo.c
@@ -295,7 +295,11 @@ static char *lookup_service(unsigned short port, int flags,
 #endif
 #else
          /* Lets just hope the OS uses TLS! */
+#if (defined(NETWARE) && !defined(__NOVELL_LIBC__))
+          sep = getservbyport(port, (char*)proto);
+#else
          sep = getservbyport(port, proto);
+#endif
 #endif
        }
      if (sep && sep->s_name)
--- a/ares/ares_init.c
+++ b/ares/ares_init.c
@@ -23,7 +23,10 @@
 #include <malloc.h>

 #else
+#ifdef HAVE_SYS_PARAM_H
 #include <sys/param.h>
+#endif
+
 #ifdef HAVE_SYS_TIME_H
 #include <sys/time.h>
 #endif
--- a/ares/configure.ac
+++ b/ares/configure.ac
@@ -337,6 +337,7 @@ AC_CHECK_HEADERS(
       sys/select.h \
       sys/socket.h \
       sys/ioctl.h \
+       sys/param.h \
       netdb.h \
       netinet/in.h \
       net/if.h \
@@ -600,6 +601,7 @@ AC_CHECK_MEMBER(struct addrinfo.ai_flags,


 AC_CHECK_FUNCS( bitncmp \
+                gettimeofday \
                if_indextoname,
 dnl if found
 [],
--- a/ares/nameser.h
+++ b/ares/nameser.h
@@ -32,7 +32,9 @@ struct iovec
 int ares_writev (SOCKET s, const struct iovec *vector, size_t count);
 #define writev(s,vect,count)  ares_writev(s,vect,count)

+#ifndef HAVE_GETTIMEOFDAY
 struct timezone { int dummy; };
+#endif

 int ares_gettimeofday(struct timeval *tv, struct timezone *tz);
 #define gettimeofday(tv,tz) ares_gettimeofday(tv,tz)
--- a/docs/FAQ
+++ b/docs/FAQ
@@ -1,4 +1,4 @@
-Updated: February 11, 2007 (http://curl.haxx.se/docs/faq.html)
+Updated: June 26, 2007 (http://curl.haxx.se/docs/faq.html)
                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
@@ -446,6 +446,10 @@ FAQ

     curl -O ftp://download.com/coolfile -Q '-DELE coolfile'

+  or rename a file after upload:
+
+     curl -T infile ftp://upload.com/dir/ -Q "-RNFR infile" -Q "-RNTO newname"
+
  3.8 How do I tell curl to follow HTTP redirects?

  Curl does not follow so-called redirects by default. The Location: header
--- a/docs/FEATURES
+++ b/docs/FEATURES
@@ -73,7 +73,7 @@ HTTPS (*1)
 FTP
 - download
 - authentication
- - kerberos4 (*5)
+ - kerberos4 (*5), kerberos5 (*3)
 - active/passive using PORT, EPRT, PASV or EPSV
 - single file size information (compare to HTTP HEAD)
 - 'type=' URL support
--- a/docs/INSTALL
+++ b/docs/INSTALL
@@ -484,17 +484,26 @@ NetWare
     http://www.gknw.net/development/prgtools/
   - recent Novell LibC SDK available from:
     http://developer.novell.com/ndk/libc.htm
-   - optional zlib sources (at the moment only dynamic linking with zlib.imp);
+   - or recent Novell CLib SDK available from:
+     http://developer.novell.com/ndk/clib.htm
+   - optional zlib sources (static or dynamic linking with zlib.imp);
     sources with NetWare Makefile can be obtained from:
     http://www.gknw.net/mirror/zlib/
-   - optional OpenSSL sources (version 0.9.8 or later which builds with BSD);
+   - optional OpenSSL sources (version 0.9.8 or later build with BSD sockets);
+     you can find precompiled packages at:
+     http://www.gknw.net/development/ossl/netware/
+     for CLIB-based builds OpenSSL needs to be extended to build with BSD
+     sockets (currently only a winsock-based CLIB build is supported); 
+   - optional SSH2 sources (version 0.15 or later);

   Set a search path to your compiler, linker and tools; on Linux make
-   sure that the var OSTYPE contains the string 'linux'; and then type
+   sure that the var OSTYPE contains the string 'linux'; set the var
+   NDKBASE to point to the base of your Novell NDK; and then type
   'make netware' from the top source directory; other tagets available
   are 'netware-ssl', 'netware-ssl-zlib', 'netware-zlib' and 'netware-ares';
   if you need other combinations you can control the build with the
-   environment variables WITH_SSL, WITH_ZLIB, WITH_ARES and ENABLE_IPV6.
+   environment variables WITH_SSL, WITH_ZLIB, WITH_ARES, WITH_SSH2, and
+   ENABLE_IPV6; you can set LINK_STATIC=1 to link curl.nlm statically.
   I found on some Linux systems (RH9) that OS detection didnt work although
   a 'set | grep OSTYPE' shows the var present and set; I simply overwrote it
   with 'OSTYPE=linux-rh9-gnu' and the detection in the Makefile worked...
--- a/docs/MANUAL
+++ b/docs/MANUAL
@@ -809,18 +809,19 @@ CUSTOM OUTPUT

        curl -w 'We downloaded %{size_download} bytes\n' www.download.com

-KERBEROS4 FTP TRANSFER
+KERBEROS FTP TRANSFER

-  Curl supports kerberos4 for FTP transfers. You need the kerberos package
-  installed and used at curl build time for it to be used.
+  Curl supports kerberos4 and kerberos5/GSSAPI for FTP transfers. You need
+  the kerberos package installed and used at curl build time for it to be
+  used.

-  First, get the krb-ticket the normal way, like with the kauth tool. Then use
-  curl in way similar to:
+  First, get the krb-ticket the normal way, like with the kinit/kauth tool.
+  Then use curl in way similar to:

-        curl --krb4 private ftp://krb4site.com -u username:fakepwd
+        curl --krb private ftp://krb4site.com -u username:fakepwd

  There's no use for a password on the -u switch, but a blank one will make
-  curl ask for one and you already entered the real password to kauth.
+  curl ask for one and you already entered the real password to kinit/kauth.

 TELNET

--- a/docs/THANKS
+++ b/docs/THANKS
@@ -5,6 +5,7 @@
 If you have contributed but are missing here, please let us know!

 Adam D. Moss
+Adam Piggott
 Adrian Schuur
 Alan Pinstein
 Albert Chin-A-Young
@@ -21,7 +22,9 @@ Alexander Zhuravlev
 Alexey Simak
 Alexis Carvalho
 Amol Pattekar
+Anders Gustafsson
 Andi Jahja
+Andre Guibert de Bruet
 Andreas Damm
 Andreas Ntaflos
 Andreas Olsson
@@ -93,6 +96,7 @@ Dan Fandrich
 Dan Nelson
 Dan Torop
 Dan Zitter
+Daniel Black
 Daniel Johnson
 Daniel Stenberg
 Daniel at touchtunes
@@ -101,6 +105,7 @@ Dave Dribin
 Dave Halbakken
 Dave Hamilton
 Dave May
+Dave Vasilevsky
 David Byron
 David Cohen
 David Eriksson
@@ -163,8 +168,10 @@ Eygene Ryabinkin
 Fabrizio Ammollo
 Fedor Karpelevitch
 Felix von Leitner
+Feng Tu
 Florian Schoppmann
 Forrest Cahoon
+Frank Hempel
 Frank Keeney
 Frank Ticheler
 Fred New
@@ -177,6 +184,7 @@ Georg Huettenegger
 Georg Wicherski
 Gerd v. Egidy
 Gerhard Herre
+Gerrit Bruchh<68>user
 Giaslas Georgios
 Gilad
 Gilbert Ramirez Jr.
@@ -230,6 +238,7 @@ Jan Kunder
 Jared Lundell
 Jari Sundell
 Jason S. Priebe
+Jay Austin
 Jaz Fresh
 Jean Jacques Drouin
 Jean-Claude Chauve
@@ -292,6 +301,7 @@ Kjetil Jacobsen
 Klevtsov Vadim
 Kris Kennaway
 Krishnendu Majumdar
+Kristian Gunstone
 Kristian K<>hntopp
 Kyle Sallee
 Lachlan O'Dea
@@ -405,6 +415,7 @@ Pete Su
 Peter Bray
 Peter Forret
 Peter Heuchert
+Peter O'Gorman
 Peter Pentchev
 Peter Silva
 Peter Su
@@ -434,6 +445,7 @@ Rene Bernhardt
 Rene Rebe
 Ricardo Cadime
 Rich Gray
+Rich Rauenzahn
 Richard Archer
 Richard Atterer
 Richard Bramante
@@ -449,6 +461,7 @@ Rob Stanzel
 Robert A. Monat
 Robert D. Young
 Robert Foreman
+Robert Iakobashvil
 Robert Iakobashvili
 Robert Olson
 Robert Weaver
@@ -484,6 +497,8 @@ Siddhartha Prakash Jain
 Simon Dick
 Simon Josefsson
 Simon Liu
+Song Ma
+Sonia Subramanian
 Spiridonoff A.V
 Stadler Stephan
 Stefan Esser
@@ -495,6 +510,7 @@ Stephen More
 Sterling Hughes
 Steve Green
 Steve Lhomme
+Steve Little
 Steve Marx
 Steve Oliphant
 Steven Bazyl
@@ -512,6 +528,7 @@ Tim Baker
 Tim Bartley
 Tim Costello
 Tim Sneddon
+Tobias Rundstr<74>m
 Toby Peterson
 Todd Kulesza
 Todd Vierling
@@ -519,6 +536,7 @@ Tom Benoist
 Tom Lee
 Tom Mattison
 Tom Moers
+Tom Regner
 Tom Zerucha
 Tomas Pospisek
 Tomas Szepe
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -593,13 +593,14 @@ private key is. DER, PEM and ENG are supported. If not specified, PEM is
 assumed.

 If this option is used several times, the last one will be used.
-.IP "--krb4 <level>"
-(FTP) Enable Kerberos4 authentication and use. The level must be entered and
+.IP "--krb <level>"
+(FTP) Enable Kerberos authentication and use. The level must be entered and
 should be one of 'clear', 'safe', 'confidential' or 'private'. Should you use
 a level that is not one of these, 'private' will instead be used.

-This option requires that the library was built with Kerberos4 support. This
-is not very common. Use \fI-V/--version\fP to see if your curl supports it.
+This option requires that the library was built with kerberos4 or GSSAPI
+(GSS-Negotiate) support. This is not very common. Use \fI-V/--version\fP to
+see if your curl supports it.

 If this option is used several times, the last one will be used.
 .IP "-K/--config <config file>"
@@ -1153,7 +1154,7 @@ Automatic decompression of compressed files over HTTP is supported.
 .IP "NTLM"
 NTLM authentication is supported.
 .IP "GSS-Negotiate"
-Negotiate authentication is supported.
+Negotiate authentication and krb5 for ftp is supported.
 .IP "Debug"
 This curl uses a libcurl built with Debug. This enables more error-tracking
 and memory debugging etc. For curl-developers only!
--- a/docs/examples/10-at-a-time.c
+++ b/docs/examples/10-at-a-time.c
@@ -13,7 +13,10 @@
 * Written by Michael Wallner
 */

+#include <errno.h>
 #include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
 #include <curl/multi.h>

 static const char *urls[] = {
@@ -106,6 +109,10 @@ int main(void)

  cm = curl_multi_init();

+  /* we can optionally limit the total amount of connections this multi handle
+     uses */
+  curl_multi_setopt(cm, CURLMOPT_MAXCONNECTS, MAX);
+
  for (C = 0; C < MAX; ++C) {
    init(cm, C);
  }
@@ -123,20 +130,24 @@ int main(void)
        return EXIT_FAILURE;
      }

-      /* In a real-world program you OF COURSE check the return that maxfd is
-         bigger than -1 so that the call to select() below makes sense! */
-
      if (curl_multi_timeout(cm, &L)) {
        fprintf(stderr, "E: curl_multi_timeout\n");
        return EXIT_FAILURE;
      }
+      if (L == -1)
+        L = 100;

-      T.tv_sec = L/1000;
-      T.tv_usec = (L%1000)*1000;
+      if (M == -1) {
+        sleep(L / 1000);
+      } else {
+        T.tv_sec = L/1000;
+        T.tv_usec = (L%1000)*1000;

-      if (0 > select(M+1, &R, &W, &E, &T)) {
-        fprintf(stderr, "E: select\n");
-        return EXIT_FAILURE;
+        if (0 > select(M+1, &R, &W, &E, &T)) {
+          fprintf(stderr, "E: select(%i,,,,%li): %i: %s\n",
+              M+1, L, errno, strerror(errno));
+          return EXIT_FAILURE;
+        }
      }
    }

@@ -155,6 +166,8 @@ int main(void)
      }
      if (C < CNT) {
        init(cm, C++);
+        U++; /* just to prevent it from remaining at 0 if there are more
+                URLs to get */
      }
    }
  }
--- a/docs/examples/ftpgetresp.c
+++ b/docs/examples/ftpgetresp.c
@@ -46,6 +46,8 @@ int main(int argc, char **argv)
    /* Get a file listing from sunet */
    curl_easy_setopt(curl, CURLOPT_URL, "ftp://ftp.sunet.se/");
    curl_easy_setopt(curl, CURLOPT_WRITEDATA, ftpfile);
+    /* If you intend to use this on windows with a libcurl DLL, you must use
+       CURLOPT_WRITEFUNCTION as well */
    curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, write_response);
    curl_easy_setopt(curl, CURLOPT_WRITEHEADER, respfile);
    res = curl_easy_perform(curl);
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -810,6 +810,7 @@ it thinks fit.
 Enforce HTTP 1.0 requests.
 .IP CURL_HTTP_VERSION_1_1
 Enforce HTTP 1.1 requests.
+.RE
 .IP CURLOPT_IGNORE_CONTENT_LENGTH
 Ignore the Content-Length header. This is useful for Apache 1.x (and similar
 servers) which will report incorrect content length for files over 2
@@ -826,7 +827,6 @@ Pass a long to tell libcurl how to act on transfer decoding. If set to zero,
 transfer decoding will be disabled, if set to 1 it is enabled
 (default). libcurl does chunked transfer decoding by default unless this
 option is set to zero. (added in 7.16.2)
-.RE
 .SH FTP OPTIONS
 .IP CURLOPT_FTPPORT
 Pass a pointer to a zero terminated string as parameter. It will be used to
@@ -1370,12 +1370,14 @@ this to 1 to enable it. By default all transfers are done using the
 cache. Note that while nothing ever should get hurt by attempting to reuse SSL
 session-IDs, there seem to be broken SSL implementations in the wild that may
 require you to disable this in order for you to succeed. (Added in 7.16.0)
-.IP CURLOPT_KRB4LEVEL
-Pass a char * as parameter. Set the krb4 security level, this also enables
-krb4 awareness.  This is a string, 'clear', 'safe', 'confidential' or
-\&'private'.  If the string is set but doesn't match one of these, 'private'
-will be used. Set the string to NULL to disable Kerberos4. The Kerberos
-support only works for FTP.
+.IP CURLOPT_KRBLEVEL
+Pass a char * as parameter. Set the kerberos security level for FTP; this
+also enables kerberos awareness.  This is a string, 'clear', 'safe',
+'confidential' or \&'private'.  If the string is set but doesn't match one
+of these, 'private' will be used. Set the string to NULL to disable kerberos
+support for FTP.
+
+(This option was known as CURLOPT_KRB4LEVEL up to 7.16.3)
 .SH SSH OPTIONS
 .IP CURLOPT_SSH_AUTH_TYPES
 Pass a long set to a bitmask consisting of one or more of
@@ -1401,6 +1403,17 @@ this curl handle use the data from the shared handle instead of keeping the
 data to itself. This enables several curl handles to share data. If the curl
 handles are used simultaneously, you \fBMUST\fP use the locking methods in the
 share handle. See \fIcurl_share_setopt(3)\fP for details.
+.IP CURLOPT_NEW_FILE_PERMS
+Pass a long as a parameter, containing the value of the permissions that will
+be assigned to newly created files on the remote server.  The default value is
+\fI0644\fP, but any valid value can be used.  The only protocols that can use
+this are \fIsftp://\fP, \fIscp://\fP and \fIfile://\fP. (Added in 7.16.4)
+.IP CURLOPT_NEW_DIRECTORY_PERMS
+Pass a long as a parameter, containing the value of the permissions that will
+be assigned to newly created directories on the remote server.  The default
+value is \fI0755\fP, but any valid value can be used.  The only protocols that
+can use this are \fIsftp://\fP, \fIscp://\fP and \fIfile://\fP.
+(Added in 7.16.4)
 .SH TELNET OPTIONS
 .IP CURLOPT_TELNETOPTIONS
 Provide a pointer to a curl_slist with variables to pass to the telnet
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -151,7 +151,7 @@ extern "C" {
 /* HP-UX systems version 9, 10 and 11 lack sys/select.h and so does oldish
   libc5-based Linux systems. Only include it on system that are known to
   require it! */
-#if defined(_AIX) || defined(NETWARE) || defined(__NetBSD__) || defined(__minix)
+#if defined(_AIX) || defined(__NOVELL_LIBC__) || defined(__NetBSD__) || defined(__minix)
 #include <sys/select.h>
 #endif

@@ -736,10 +736,12 @@ typedef enum {
  /* Set the interface string to use as outgoing network interface */
  CINIT(INTERFACE, OBJECTPOINT, 62),

-  /* Set the krb4 security level, this also enables krb4 awareness.  This is a
-   * string, 'clear', 'safe', 'confidential' or 'private'.  If the string is
-   * set but doesn't match one of these, 'private' will be used.  */
-  CINIT(KRB4LEVEL, OBJECTPOINT, 63),
+  /* Set the krb4/5 security level, this also enables krb4/5 awareness.  This
+   * is a string, 'clear', 'safe', 'confidential' or 'private'.  If the string
+   * is set but doesn't match one of these, 'private' will be used.  */
+  CINIT(KRBLEVEL, OBJECTPOINT, 63),
+  /* This is for compatibility with older curl releases */
+#define CURLOPT_KRB4LEVEL CURLOPT_KRBLEVEL

  /* Set if we should verify the peer in ssl handshake, set 1 to verify. */
  CINIT(SSL_VERIFYPEER, LONG, 64),
@@ -1076,6 +1078,11 @@ typedef enum {
  CINIT(HTTP_TRANSFER_DECODING, LONG, 157),
  CINIT(HTTP_CONTENT_DECODING, LONG, 158),

+  /* Permission used when creating new files and directories on the remote
+     server for protocols that support it, SFTP/SCP/FILE */
+  CINIT(NEW_FILE_PERMS, LONG, 159),
+  CINIT(NEW_DIRECTORY_PERMS, LONG, 160),
+
  CURLOPT_LASTENTRY /* the last unused */
 } CURLoption;

--- a/include/curl/curlver.h
+++ b/include/curl/curlver.h
@@ -28,13 +28,13 @@

 /* This is the version number of the libcurl package from which this header
   file origins: */
-#define LIBCURL_VERSION "7.16.3-CVS"
+#define LIBCURL_VERSION "7.16.4-CVS"

 /* The numeric version number is also available "in parts" by using these
   defines: */
 #define LIBCURL_VERSION_MAJOR 7
 #define LIBCURL_VERSION_MINOR 16
-#define LIBCURL_VERSION_PATCH 3
+#define LIBCURL_VERSION_PATCH 4

 /* This is the numeric version of the libcurl version number, meant for easier
   parsing and comparions by programs. The LIBCURL_VERSION_NUM define will
@@ -51,7 +51,7 @@
   and it is always a greater number in a more recent release. It makes
   comparisons with greater than and less than work.
 */
-#define LIBCURL_VERSION_NUM 0x071003
+#define LIBCURL_VERSION_NUM 0x071004

 /*
 * This is the date and time when the full source package was created. The
--- a/lib/Makefile.inc
+++ b/lib/Makefile.inc
@@ -4,6 +4,7 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c	\
  cookie.c http.c sendf.c ftp.c url.c dict.c if2ip.c speedcheck.c	\
  ldap.c ssluse.c version.c getenv.c escape.c mprintf.c telnet.c	\
  netrc.c getinfo.c transfer.c strequal.c easy.c security.c krb4.c	\
+  krb5.c \
  memdebug.c http_chunks.c strtok.c connect.c llist.c hash.c multi.c	\
  content_encoding.c share.c http_digest.c md5.c http_negotiate.c	\
  http_ntlm.c inet_pton.c strtoofft.c strerror.c hostares.c hostasyn.c	\
--- a/lib/Makefile.m32
+++ b/lib/Makefile.m32
@@ -19,6 +19,8 @@ ifndef ZLIB_PATH
 ZLIB_PATH = ../../zlib-1.2.3
 endif

+ARES_LIB = ../ares
+
 CC = gcc
 AR = ar
 RM = rm -f
@@ -30,6 +32,11 @@ STRIP = strip -g

 INCLUDES = -I. -I../include
 CFLAGS = -g -O2 -DBUILDING_LIBCURL -DHAVE_LONGLONG
+ifdef ARES
+  INCLUDES += -I$(ARES_LIB)
+  CFLAGS += -DUSE_ARES
+  DLL_LIBS += -L$(ARES_LIB) -lcares
+endif
 ifdef SSH2
  INCLUDES += -I"$(LIBSSH2_PATH)/include" -I"$(LIBSSH2_PATH)/win32"
  CFLAGS += -DUSE_LIBSSH2 -DHAVE_LIBSSH2_H
--- a/lib/Makefile.netware
+++ b/lib/Makefile.netware
@@ -36,7 +36,7 @@ endif
 TARGET  = libcurl
 VERSION	= $(LIBCURL_VERSION)
 COPYR	= Copyright (C) 1996 - 2007, Daniel Stenberg, <daniel@haxx.se>
-DESCR	= cURL libcurl $(LIBCURL_VERSION_STR) - http://curl.haxx.se
+DESCR	= cURL libcurl $(LIBCURL_VERSION_STR) ($(LIBARCH)) - http://curl.haxx.se
 MTSAFE	= YES
 STACK	= 64000
 SCREEN	= none
@@ -60,15 +60,19 @@ else
 	OBJDIR	= debug
 endif

-# Include the version info retrieved from curlver.h
-include $(OBJDIR)/version.inc
-
-# The following line defines your compiler.
+# The following lines defines your compiler.
+ifdef CWFolder
+	METROWERKS = $(CWFolder)
+endif
 ifdef METROWERKS
+	# MWCW_PATH = $(subst \,/,$(METROWERKS))/Novell Support
+	MWCW_PATH = $(subst \,/,$(METROWERKS))/Novell Support/Metrowerks Support
 	CC = mwccnlm
 else
 	CC = gcc
 endif
+# a native win32 awk can be downloaded from here:
+# http://www.gknw.net/development/prgtools/awk-20050424.zip
 AWK	= awk
 YACC	= bison -y
 CP	= cp -afv
@@ -78,6 +82,12 @@ CP	= cp -afv
 # http://www.gknw.net/development/prgtools/mkxdc.zip
 MPKXDC	= mkxdc

+# LIBARCH_U = $(shell $(AWK) 'BEGIN {print toupper(ARGV[1])}' $(LIBARCH))
+LIBARCH_L = $(shell $(AWK) 'BEGIN {print tolower(ARGV[1])}' $(LIBARCH))
+
+# Include the version info retrieved from curlver.h
+-include $(OBJDIR)/version.inc
+
 # Global flags for all compilers
 CFLAGS	= $(OPT) -D$(DB) -DNETWARE -DHAVE_CONFIG_H -nostdinc

@@ -95,8 +105,10 @@ ifeq ($(LIBARCH),LIBC)
 	PRELUDE = $(SDK_LIBC)/imports/libcpre.o
 	CFLAGS += -align 4
 else
-	PRELUDE = "$(METROWERKS)/Novell Support/libraries/runtime/prelude.obj"
-#	CFLAGS += -include "$(METROWERKS)/Novell Support/headers/nlm_prefix.h"
+	# PRELUDE = $(SDK_CLIB)/imports/clibpre.o
+	# to avoid the __init_* / __deinit_* whoes dont use prelude from NDK
+	PRELUDE = "$(MWCW_PATH)/libraries/runtime/prelude.obj"
+	# CFLAGS += -include "$(MWCW_PATH)/headers/nlm_clib_prefix.h"
 	CFLAGS += -align 1
 endif
 else
@@ -111,7 +123,10 @@ CFLAGS	+= -Wall # -pedantic
 ifeq ($(LIBARCH),LIBC)
 	PRELUDE = $(SDK_LIBC)/imports/libcpre.gcc.o
 else
-	PRELUDE = $(SDK_CLIB)/imports/clibpre.gcc.o
+	# PRELUDE = $(SDK_CLIB)/imports/clibpre.gcc.o
+	# to avoid the __init_* / __deinit_* whoes dont use prelude from NDK
+	# http://www.gknw.net/development/mk_nlm/gcc_pre.zip
+	PRELUDE = $(NDK_ROOT)/pre/prelude.o
 	CFLAGS += -include $(NDKBASE)/nlmconv/genlm.h
 endif
 endif
@@ -128,15 +143,15 @@ INCLUDES = -I$(CURL_INC) -I$(CURL_LIB)

 ifdef WITH_ARES
 	INCLUDES += -I$(ARES_LIB)
-	LDLIBS = $(ARES_LIB)/libcares.$(LIBEXT)
+	LDLIBS += $(ARES_LIB)/libcares.$(LIBEXT)
 endif
 ifdef WITH_ZLIB
 	INCLUDES += -I$(ZLIB_PATH)
 ifdef LINK_STATIC
-	LDLIBS += $(ZLIB_PATH)/nw/libz.$(LIBEXT)
+	LDLIBS += $(ZLIB_PATH)/nw/$(LIBARCH)/libz.$(LIBEXT)
 else
 	MODULES += libz.nlm
-	IMPORTS += @$(ZLIB_PATH)/nw/libz.imp
+	IMPORTS += @$(ZLIB_PATH)/nw/$(LIBARCH)/libz.imp
 endif
 endif
 ifdef WITH_SSH2
@@ -149,23 +164,25 @@ else
 endif
 endif
 ifdef WITH_SSL
-	INCLUDES += -I$(OPENSSL_PATH)/outinc_nw_libc -I$(OPENSSL_PATH)/outinc_nw_libc/openssl
-	LDLIBS += $(OPENSSL_PATH)/out_nw_libc/ssl.$(LIBEXT)
-	LDLIBS += $(OPENSSL_PATH)/out_nw_libc/crypto.$(LIBEXT)
+	INCLUDES += -I$(OPENSSL_PATH)/outinc_nw_$(LIBARCH_L) -I$(OPENSSL_PATH)/outinc_nw_$(LIBARCH_L)/openssl
+	LDLIBS += $(OPENSSL_PATH)/out_nw_$(LIBARCH_L)/ssl.$(LIBEXT)
+	LDLIBS += $(OPENSSL_PATH)/out_nw_$(LIBARCH_L)/crypto.$(LIBEXT)
 	IMPORTS += GetProcessSwitchCount RunningProcess
 endif

 ifeq ($(LIBARCH),LIBC)
-	INCLUDES += -I$(SDK_LIBC)/include -I$(SDK_LIBC)/include/nks
+	INCLUDES += -I$(SDK_LIBC)/include
+	# INCLUDES += -I$(SDK_LIBC)/include/nks
 	# INCLUDES += -I$(SDK_LIBC)/include/winsock
 	# INCLUDES += -I$(SDK_LDAP)/libc/inc
 	CFLAGS += -D_POSIX_SOURCE
-	# CFLAGS += -D__ANSIC__
 else
-	INCLUDES += -I$(SDK_CLIB)/include/nlm -I$(SDK_CLIB)/include
+	INCLUDES += -I$(SDK_CLIB)/include/nlm
 	# INCLUDES += -I$(SDK_CLIB)/include/nlm/obsolete
+	# INCLUDES += -I$(SDK_CLIB)/include
 	# INCLUDES += -I$(SDK_LDAP)/clib/inc
-	CFLAGS += -DNETDB_USE_INTERNET
+	# for now disable LDAP unless we have coded a CLIB dynaloader.
+	DISABLE_LDAP = 1
 endif
 CFLAGS	+= $(INCLUDES)

@@ -281,6 +298,7 @@ endif
 ifdef XDCDATA
 	@echo $(DL)xdcdata $(XDCDATA)$(DL) >> $@
 endif
+	@echo $(DL)flag_on 64$(DL) >> $@
 ifeq ($(LIBARCH),CLIB)
 	@echo $(DL)start _Prelude$(DL) >> $@
 	@echo $(DL)exit _Stop$(DL) >> $@
@@ -293,7 +311,6 @@ ifeq ($(LIBARCH),CLIB)
 #	@echo $(DL)import @$(SDK_LDAP)/clib/imports/ldapx.imp$(DL) >> $@
 	@echo $(DL)module clib$(DL) >> $@
 else
-	@echo $(DL)flag_on 64$(DL) >> $@
 	@echo $(DL)pseudopreemption$(DL) >> $@
 	@echo $(DL)start _LibCPrelude$(DL) >> $@
 	@echo $(DL)exit _LibCPostlude$(DL) >> $@
@@ -332,24 +349,78 @@ config.h: Makefile.netware
 	@echo $(DL)#ifndef NETWARE$(DL) >> $@
 	@echo $(DL)#error This $(notdir $@) is created for NetWare platform!$(DL) >> $@
 	@echo $(DL)#endif$(DL) >> $@
-	@echo $(DL)#define OS "i586-pc-NetWare"$(DL) >> $@
 	@echo $(DL)#define VERSION "$(LIBCURL_VERSION_STR)"$(DL) >> $@
 	@echo $(DL)#define PACKAGE_BUGREPORT "a suitable curl mailing list => http://curl.haxx.se/mail/"$(DL) >> $@
-	@echo $(DL)#define HAVE_ARPA_INET_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_ASSERT_H 1$(DL) >> $@
+ifeq ($(LIBARCH),CLIB)
+	@echo $(DL)#define OS "i586-pc-clib-NetWare"$(DL) >> $@
+	@echo $(DL)#define NETDB_USE_INTERNET 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRICMP 1$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG1 int$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG2 char *$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG3 int$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG4 int$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_RETV int$(DL) >> $@
+	@echo $(DL)#define SEND_QUAL_ARG2$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG1 int$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG2 char *$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG3 int$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG4 int$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_RETV int$(DL) >> $@
+	@echo $(DL)#define socklen_t int$(DL) >> $@
+	@echo $(DL)#define DL_LDAP_FILE "ldapsdk.nlm"$(DL) >> $@
+else
+	@echo $(DL)#define OS "i586-pc-libc-NetWare"$(DL) >> $@
 	@echo $(DL)#define HAVE_DLFCN_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_DLOPEN 1$(DL) >> $@
-	@echo $(DL)#define HAVE_ERR_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_FCNTL_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_FIONBIO 1$(DL) >> $@
-	@echo $(DL)#define HAVE_GETHOSTBYADDR 1$(DL) >> $@
+	@echo $(DL)#define HAVE_FTRUNCATE 1$(DL) >> $@
 	@echo $(DL)#define HAVE_GETTIMEOFDAY 1$(DL) >> $@
-	@echo $(DL)#define HAVE_INET_ADDR 1$(DL) >> $@
-	@echo $(DL)#define HAVE_INET_NTOA 1$(DL) >> $@
 	@echo $(DL)#define HAVE_INET_PTON 1$(DL) >> $@
 	@echo $(DL)#define HAVE_INTTYPES_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_LIMITS_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_LONGLONG 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STDINT_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRCASECMP 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRLCAT 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRLCPY 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRTOLL 1$(DL) >> $@
+	@echo $(DL)#define HAVE_SYS_PARAM_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_SYS_SELECT_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_TERMIOS_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_AF_INET6 1$(DL) >> $@
+	@echo $(DL)#define HAVE_PF_INET6 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRUCT_IN6_ADDR 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRUCT_SOCKADDR_IN6 1$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG1 int$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG2 void *$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG3 size_t$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG4 int$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_RETV ssize_t$(DL) >> $@
+	@echo $(DL)#define SEND_QUAL_ARG2$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG1 int$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG2 void *$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG3 size_t$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG4 int$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_RETV ssize_t$(DL) >> $@
+	@echo $(DL)#define SIZEOF_STRUCT_IN6_ADDR 16$(DL) >> $@
+	@echo $(DL)#define DL_LDAP_FILE "lldapsdk.nlm"$(DL) >> $@
+ifdef ENABLE_IPV6
+	@echo $(DL)#define ENABLE_IPV6 1$(DL) >> $@
+endif
+endif
+	@echo $(DL)#define HAVE_ARPA_INET_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_ASSERT_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_ERR_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_FCNTL_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_FIONBIO 1$(DL) >> $@
+	@echo $(DL)#define HAVE_GETHOSTBYADDR 1$(DL) >> $@
+	@echo $(DL)#define HAVE_GETHOSTBYNAME 1$(DL) >> $@
+	@echo $(DL)#define HAVE_GETPROTOBYNAME 1$(DL) >> $@
+	@echo $(DL)#define HAVE_GMTIME_R 1$(DL) >> $@
+	@echo $(DL)#define HAVE_INET_ADDR 1$(DL) >> $@
+	@echo $(DL)#define HAVE_INET_NTOA 1$(DL) >> $@
+	@echo $(DL)#define HAVE_LL 1$(DL) >> $@
+	@echo $(DL)#define HAVE_LOCALTIME_R 1$(DL) >> $@
+	@echo $(DL)#define HAVE_MALLOC_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_NETINET_IN_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_RECV 1$(DL) >> $@
 	@echo $(DL)#define HAVE_SELECT 1$(DL) >> $@
@@ -359,52 +430,28 @@ config.h: Makefile.netware
 	@echo $(DL)#define HAVE_SIGNAL_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_SIG_ATOMIC_T 1$(DL) >> $@
 	@echo $(DL)#define HAVE_SOCKET 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STDINT_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STDLIB_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRCASECMP 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRDUP 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRFTIME 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRING_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRLCAT 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRLCPY 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRSTR 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SYS_PARAM_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SYS_SELECT_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRUCT_ADDRINFO 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRUCT_TIMEVAL 1$(DL) >> $@
+	@echo $(DL)#define HAVE_SYS_IOCTL_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_SYS_STAT_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_SYS_TIME_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_TERMIOS_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_TIME_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_UNAME 1$(DL) >> $@
 	@echo $(DL)#define HAVE_UNISTD_H 1$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_ARG1 int$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_ARG2 char *$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_ARG3 int$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_ARG4 int$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_RETV int$(DL) >> $@
+	@echo $(DL)#define HAVE_UTIME 1$(DL) >> $@
+	@echo $(DL)#define HAVE_UTIME_H 1$(DL) >> $@
 	@echo $(DL)#define RETSIGTYPE void$(DL) >> $@
-	@echo $(DL)#define SEND_QUAL_ARG2$(DL) >> $@
-	@echo $(DL)#define SEND_TYPE_ARG1 int$(DL) >> $@
-	@echo $(DL)#define SEND_TYPE_ARG2 char *$(DL) >> $@
-	@echo $(DL)#define SEND_TYPE_ARG3 int$(DL) >> $@
-	@echo $(DL)#define SEND_TYPE_ARG4 int$(DL) >> $@
-	@echo $(DL)#define SEND_TYPE_RETV int$(DL) >> $@
 	@echo $(DL)#define SIZEOF_CURL_OFF_T 4$(DL) >> $@
+	@echo $(DL)#define SIZEOF_STRUCT_IN_ADDR 4$(DL) >> $@
 	@echo $(DL)#define STDC_HEADERS 1$(DL) >> $@
 	@echo $(DL)#define TIME_WITH_SYS_TIME 1$(DL) >> $@
-	@echo $(DL)#define HAVE_AF_INET6 1$(DL) >> $@
-	@echo $(DL)#define HAVE_PF_INET6 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRUCT_ADDRINFO 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRUCT_IN6_ADDR 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRUCT_SOCKADDR_IN6 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRUCT_TIMEVAL 1$(DL) >> $@
-	@echo $(DL)#define SIZEOF_STRUCT_IN6_ADDR 16$(DL) >> $@
-	@echo $(DL)#define SIZEOF_STRUCT_IN_ADDR 4$(DL) >> $@
 ifdef DISABLE_LDAP
 	@echo $(DL)#define CURL_DISABLE_LDAP 1$(DL) >> $@
-else
-	@echo $(DL)#define DL_LDAP_FILE "lldapsdk.nlm"$(DL) >> $@
-endif
-ifdef ENABLE_IPV6
-	@echo $(DL)#define ENABLE_IPV6 1$(DL) >> $@
 endif
 ifdef NW_WINSOCK
 	@echo $(DL)#define HAVE_CLOSESOCKET 1$(DL) >> $@
@@ -463,6 +510,7 @@ endif

 info: $(OBJDIR)/version.inc
 	@echo Configured to build $(TARGET) with these options:
+	@echo libarchitecture: $(LIBARCH)
 	@echo curl version:    $(LIBCURL_VERSION_STR)
 	@echo compiler/linker: $(CC) / $(LD)
 ifdef CABUNDLE
@@ -494,7 +542,7 @@ else
 	@echo ipv6 support:    no
 endif

-$(LIBCARES):
+$(ARES_LIB)/libcares.$(LIBEXT):
 	$(MAKE) -C $(ARES_LIB) -f Makefile.netware lib


--- a/lib/connect.c
+++ b/lib/connect.c
@@ -59,10 +59,13 @@
 #include <stdlib.h> /* required for free() prototype, without it, this crashes */
 #endif              /* on macos 68K */

-#if (defined(HAVE_FIONBIO) && defined(__NOVELL_LIBC__))
+#if (defined(HAVE_FIONBIO) && defined(NETWARE))
 #include <sys/filio.h>
 #endif
-#if (defined(NETWARE) && defined(__NOVELL_LIBC__))
+#ifdef NETWARE
+#ifndef __NOVELL_LIBC__
+NETDB_DEFINE_CONTEXT
+#endif
 #undef in_addr_t
 #define in_addr_t unsigned long
 #endif
--- a/lib/easy.c
+++ b/lib/easy.c
@@ -731,6 +731,8 @@ void curl_easy_reset(CURL *curl)

  data->set.ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth
                                                      type */
+  data->set.new_file_perms = 0644;    /* Default permissions */
+  data->set.new_directory_perms = 0755; /* Default permissions */
 }

 #ifdef CURL_DOES_CONVERSIONS
--- a/lib/file.c
+++ b/lib/file.c
@@ -217,8 +217,22 @@ static CURLcode file_upload(struct connectdata *conn)

  if(data->reqdata.resume_from)
    fp = fopen( file->path, "ab" );
-  else
-    fp = fopen(file->path, "wb");
+  else {
+    int fd;
+
+#if defined(WIN32) || defined(MSDOS) || defined(__EMX__)
+    fd = open(file->path, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY,
+              conn->data->set.new_file_perms);
+#else /* !(WIN32 || MSDOS || __EMX__) */
+    fd = open(file->path, O_WRONLY|O_CREAT|O_TRUNC,
+              conn->data->set.new_file_perms);
+#endif /* !(WIN32 || MSDOS || __EMX__) */
+    if (fd < 0) {
+      failf(data, "Can't open %s for writing", file->path);
+      return CURLE_WRITE_ERROR;
+    }
+    fp = fdopen(fd, "wb");
+  }

  if(!fp) {
    failf(data, "Can't open %s for writing", file->path);
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -75,7 +75,7 @@
 #include "socks.h"
 #include "ftp.h"

-#ifdef HAVE_KRB4
+#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
 #include "krb4.h"
 #endif

@@ -319,8 +319,17 @@ static CURLcode ftp_readresp(curl_socket_t sockfd,
      ftpc->cache_size = 0; /* zero the size just in case */
    }
    else {
-      int res = Curl_read(conn, sockfd, ptr, BUFSIZE-ftpc->nread_resp,
-                          &gotbytes);
+      int res;
+#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
+      enum protection_level prot = conn->data_prot;
+
+      conn->data_prot = 0;
+#endif
+      res = Curl_read(conn, sockfd, ptr, BUFSIZE-ftpc->nread_resp,
+		      &gotbytes);
+#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
+      conn->data_prot = prot;
+#endif
      if(res < 0)
        /* EWOULDBLOCK */
        return CURLE_OK; /* return */
@@ -360,6 +369,9 @@ static CURLcode ftp_readresp(curl_socket_t sockfd,
             the line isn't really terminated until the LF comes */

          /* output debug output if that is requested */
+#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
+	  if(!conn->sec_complete)
+#endif
          if(data->set.verbose)
            Curl_debug(data, CURLINFO_HEADER_IN,
                       ftpc->linestart_resp, (size_t)perline, conn);
@@ -414,18 +426,18 @@ static CURLcode ftp_readresp(curl_socket_t sockfd,
  if(!result)
    code = atoi(buf);

-#ifdef HAVE_KRB4
+#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
  /* handle the security-oriented responses 6xx ***/
  /* FIXME: some errorchecking perhaps... ***/
  switch(code) {
  case 631:
-    Curl_sec_read_msg(conn, buf, prot_safe);
+    code = Curl_sec_read_msg(conn, buf, prot_safe);
    break;
  case 632:
-    Curl_sec_read_msg(conn, buf, prot_private);
+    code = Curl_sec_read_msg(conn, buf, prot_private);
    break;
  case 633:
-    Curl_sec_read_msg(conn, buf, prot_confidential);
+    code = Curl_sec_read_msg(conn, buf, prot_confidential);
    break;
  default:
    /* normal ftp stuff we pass through! */
@@ -553,7 +565,17 @@ CURLcode Curl_GetFTPResponse(ssize_t *nreadp, /* return number of bytes read */
        ftpc->cache_size = 0; /* zero the size just in case */
      }
      else {
-        int res = Curl_read(conn, sockfd, ptr, BUFSIZE-*nreadp, &gotbytes);
+	int res;
+#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
+	enum protection_level prot = conn->data_prot;
+
+	conn->data_prot = 0;
+#endif
+	res = Curl_read(conn, sockfd, ptr, BUFSIZE-*nreadp,
+			&gotbytes);
+#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
+	conn->data_prot = prot;
+#endif
        if(res < 0)
          /* EWOULDBLOCK */
          continue; /* go looping again */
@@ -593,6 +615,9 @@ CURLcode Curl_GetFTPResponse(ssize_t *nreadp, /* return number of bytes read */
               the line isn't really terminated until the LF comes */

            /* output debug output if that is requested */
+#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
+	  if(!conn->sec_complete)
+#endif
            if(data->set.verbose)
              Curl_debug(data, CURLINFO_HEADER_IN,
                         line_start, (size_t)perline, conn);
@@ -646,18 +671,18 @@ CURLcode Curl_GetFTPResponse(ssize_t *nreadp, /* return number of bytes read */
  if(!result)
    code = atoi(buf);

-#ifdef HAVE_KRB4
+#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
  /* handle the security-oriented responses 6xx ***/
  /* FIXME: some errorchecking perhaps... ***/
  switch(code) {
  case 631:
-    Curl_sec_read_msg(conn, buf, prot_safe);
+    code = Curl_sec_read_msg(conn, buf, prot_safe);
    break;
  case 632:
-    Curl_sec_read_msg(conn, buf, prot_private);
+    code = Curl_sec_read_msg(conn, buf, prot_private);
    break;
  case 633:
-    Curl_sec_read_msg(conn, buf, prot_confidential);
+    code = Curl_sec_read_msg(conn, buf, prot_confidential);
    break;
  default:
    /* normal ftp stuff we pass through! */
@@ -1610,7 +1635,9 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
        if(ptr) {
          newport = (unsigned short)(num & 0xffff);

-          if (conn->bits.tunnel_proxy)
+          if (conn->bits.tunnel_proxy ||
+              data->set.proxytype == CURLPROXY_SOCKS5 ||
+              data->set.proxytype == CURLPROXY_SOCKS4)
            /* proxy tunnel -> use other host info because ip_addr_str is the
               proxy address not the ftp host */
            snprintf(newhost, sizeof(newhost), "%s", conn->host.name);
@@ -1662,7 +1689,9 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
      infof(data, "Skips %d.%d.%d.%d for data connection, uses %s instead\n",
            ip[0], ip[1], ip[2], ip[3],
            conn->ip_addr_str);
-      if (conn->bits.tunnel_proxy)
+      if (conn->bits.tunnel_proxy ||
+          data->set.proxytype == CURLPROXY_SOCKS5 ||
+          data->set.proxytype == CURLPROXY_SOCKS4)
        /* proxy tunnel -> use other host info because ip_addr_str is the
           proxy address not the ftp host */
        snprintf(newhost, sizeof(newhost), "%s", conn->host.name);
@@ -2295,14 +2324,7 @@ static CURLcode ftp_state_loggedin(struct connectdata *conn)
  CURLcode result = CURLE_OK;

 #ifdef HAVE_KRB4
-  if(conn->data->set.krb4) {
-    /* We are logged in, asked to use Kerberos. Set the requested
-     * protection level
-     */
-    if(conn->sec_complete)
-      /* BLOCKING */
-      Curl_sec_set_protection_level(conn);
-
+  if(conn->data->set.krb) {
    /* We may need to issue a KAUTH here to have access to the files
     * do it if user supplied a password
     */
@@ -2349,7 +2371,8 @@ static CURLcode ftp_state_user_resp(struct connectdata *conn,
  struct ftp_conn *ftpc = &conn->proto.ftpc;
  (void)instate; /* no use for this yet */

-  if((ftpcode == 331) && (ftpc->state == FTP_USER)) {
+  /* some need password anyway, and others just return 2xx ignored */
+  if((ftpcode == 331 || ftpcode/100 == 2) && (ftpc->state == FTP_USER)) {
    /* 331 Password required for ...
       (the server requires to send the user's password too) */
    NBFTPSENDF(conn, "PASS %s", ftp->passwd?ftp->passwd:"");
@@ -2457,15 +2480,15 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
      }

      /* We have received a 220 response fine, now we proceed. */
-#ifdef HAVE_KRB4
-      if(data->set.krb4) {
+#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
+      if(data->set.krb) {
        /* If not anonymous login, try a secure login. Note that this
           procedure is still BLOCKING. */

        Curl_sec_request_prot(conn, "private");
        /* We set private first as default, in case the line below fails to
           set a valid level */
-        Curl_sec_request_prot(conn, data->set.krb4_level);
+	Curl_sec_request_prot(conn, data->set.krb_level);

        if(Curl_sec_login(conn) != 0)
          infof(data, "Logging in with password in cleartext!\n");
@@ -3082,7 +3105,7 @@ CURLcode Curl_ftp_done(struct connectdata *conn, CURLcode status, bool premature
  /* free the dir tree and file parts */
  freedirs(conn);

-#ifdef HAVE_KRB4
+#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
  Curl_sec_fflush_fd(conn, conn->sock[SECONDARYSOCKET]);
 #endif

@@ -3492,16 +3515,21 @@ CURLcode Curl_nbftpsendf(struct connectdata *conn,
                       const char *fmt, ...)
 {
  ssize_t bytes_written;
-  char s[256];
+/* may still not be big enough for some krb5 tokens */
+#define SBUF_SIZE 1024
+  char s[SBUF_SIZE];
  size_t write_len;
  char *sptr=s;
  CURLcode res = CURLE_OK;
  struct SessionHandle *data = conn->data;
  struct ftp_conn *ftpc = &conn->proto.ftpc;
+#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
+  enum protection_level data_sec = conn->data_prot;
+#endif

  va_list ap;
  va_start(ap, fmt);
-  vsnprintf(s, 250, fmt, ap);
+  vsnprintf(s, SBUF_SIZE-3, fmt, ap);
  va_end(ap);

  strcat(s, "\r\n"); /* append a trailing CRLF */
@@ -3519,8 +3547,14 @@ CURLcode Curl_nbftpsendf(struct connectdata *conn,
  }
 #endif /* CURL_DOES_CONVERSIONS */

+#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
+  conn->data_prot = prot_cmd;
+#endif
  res = Curl_write(conn, conn->sock[FIRSTSOCKET], sptr, write_len,
                   &bytes_written);
+#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
+  conn->data_prot = data_sec;
+#endif

  if(CURLE_OK != res)
    return res;
@@ -3553,14 +3587,17 @@ CURLcode Curl_ftpsendf(struct connectdata *conn,
                       const char *fmt, ...)
 {
  ssize_t bytes_written;
-  char s[256];
+  char s[SBUF_SIZE];
  size_t write_len;
  char *sptr=s;
  CURLcode res = CURLE_OK;
+#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
+  enum protection_level data_sec = conn->data_prot;
+#endif

  va_list ap;
  va_start(ap, fmt);
-  vsnprintf(s, 250, fmt, ap);
+  vsnprintf(s, SBUF_SIZE-3, fmt, ap);
  va_end(ap);

  strcat(s, "\r\n"); /* append a trailing CRLF */
@@ -3577,8 +3614,14 @@ CURLcode Curl_ftpsendf(struct connectdata *conn,
 #endif /* CURL_DOES_CONVERSIONS */

  while(1) {
+#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
+    conn->data_prot = prot_cmd;
+#endif
    res = Curl_write(conn, conn->sock[FIRSTSOCKET], sptr, write_len,
                     &bytes_written);
+#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
+    conn->data_prot = data_sec;
+#endif

    if(CURLE_OK != res)
      break;
--- a/lib/gtls.c
+++ b/lib/gtls.c
@@ -420,6 +420,43 @@ Curl_gtls_connect(struct connectdata *conn,
  else
    infof(data, "\t common name: %s (matched)\n", certbuf);

+  /* Check for time-based validity */
+  clock = gnutls_x509_crt_get_expiration_time(x509_cert);
+
+  if(clock == (time_t)-1) {
+    failf(data, "server cert expiration date verify failed");
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  if(clock < time(NULL)) {
+    if (data->set.ssl.verifypeer) {
+      failf(data, "server certificate expiration date has passed.");
+      return CURLE_SSL_PEER_CERTIFICATE;
+    }
+    else
+      infof(data, "\t server certificate expiration date FAILED\n");
+  }
+  else
+    infof(data, "\t server certificate expiration date OK\n");
+
+  clock = gnutls_x509_crt_get_activation_time(x509_cert);
+
+  if(clock == (time_t)-1) {
+    failf(data, "server cert activation date verify failed");
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  if(clock > time(NULL)) {
+    if (data->set.ssl.verifypeer) {
+      failf(data, "server certificate not activated yet.");
+      return CURLE_SSL_PEER_CERTIFICATE;
+    }
+    else
+      infof(data, "\t server certificate activation date FAILED\n");
+  }
+  else
+    infof(data, "\t server certificate activation date OK\n");
+
  /* Show:

  - ciphers used
--- a/lib/hash.c
+++ b/lib/hash.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -33,20 +33,6 @@
 /* this must be the last include file */
 #include "memdebug.h"

-static unsigned long
-hash_str(const char *key, size_t key_length)
-{
-  char *end = (char *) key + key_length;
-  unsigned long h = 5381;
-
-  while (key < end) {
-    h += h << 5;
-    h ^= (unsigned long) *key++;
-  }
-
-  return h;
-}
-
 static void
 hash_element_dtor(void *user, void *element)
 {
@@ -63,10 +49,20 @@ hash_element_dtor(void *user, void *element)

 /* return 1 on error, 0 is fine */
 int
-Curl_hash_init(struct curl_hash *h, int slots, curl_hash_dtor dtor)
+Curl_hash_init(struct curl_hash *h,
+               int slots,
+               hash_function hfunc,
+               comp_function comparator,
+               curl_hash_dtor dtor)
 {
  int i;

+  if (!slots || !hfunc || !comparator ||!dtor) {
+    return 1; /* failure */
+  }
+
+  h->hash_func = hfunc;
+  h->comp_func = comparator;
  h->dtor = dtor;
  h->size = 0;
  h->slots = slots;
@@ -89,13 +85,20 @@ Curl_hash_init(struct curl_hash *h, int slots, curl_hash_dtor dtor)
 }

 struct curl_hash *
-Curl_hash_alloc(int slots, curl_hash_dtor dtor)
+Curl_hash_alloc(int slots,
+                hash_function hfunc,
+                comp_function comparator,
+                curl_hash_dtor dtor)
 {
  struct curl_hash *h;

+  if (!slots || !hfunc || !comparator ||!dtor) {
+    return NULL; /* failure */
+  }
+
  h = (struct curl_hash *) malloc(sizeof(struct curl_hash));
  if (h) {
-    if(Curl_hash_init(h, slots, dtor)) {
+    if(Curl_hash_init(h, slots, hfunc, comparator, dtor)) {
      /* failure */
      free(h);
      h = NULL;
@@ -105,26 +108,16 @@ Curl_hash_alloc(int slots, curl_hash_dtor dtor)
  return h;
 }

-static int
-hash_key_compare(char *key1, size_t key1_len, char *key2, size_t key2_len)
-{
-  if (key1_len == key2_len &&
-      *key1 == *key2 &&
-      memcmp(key1, key2, key1_len) == 0) {
-    return 1;
-  }

-  return 0;
-}

 static struct curl_hash_element *
-mk_hash_element(char *key, size_t key_len, const void *p)
+mk_hash_element(void *key, size_t key_len, const void *p)
 {
  struct curl_hash_element *he =
    (struct curl_hash_element *) malloc(sizeof(struct curl_hash_element));

  if(he) {
-    char *dup = malloc(key_len);
+    void *dup = malloc(key_len);
    if(dup) {
      /* copy the key */
      memcpy(dup, key, key_len);
@@ -142,22 +135,20 @@ mk_hash_element(char *key, size_t key_len, const void *p)
  return he;
 }

-#define find_slot(__h, __k, __k_len) (hash_str(__k, __k_len) % (__h)->slots)
-
-#define FETCH_LIST(x,y,z) x->table[find_slot(x, y, z)]
+#define FETCH_LIST(x,y,z) x->table[x->hash_func(y, z, x->slots)]

 /* Return the data in the hash. If there already was a match in the hash,
   that data is returned. */
 void *
-Curl_hash_add(struct curl_hash *h, char *key, size_t key_len, void *p)
+Curl_hash_add(struct curl_hash *h, void *key, size_t key_len, void *p)
 {
  struct curl_hash_element  *he;
  struct curl_llist_element *le;
-  struct curl_llist *l = FETCH_LIST(h, key, key_len);
+  struct curl_llist *l = FETCH_LIST (h, key, key_len);

  for (le = l->head; le; le = le->next) {
    he = (struct curl_hash_element *) le->ptr;
-    if (hash_key_compare(he->key, he->key_len, key, key_len)) {
+    if (h->comp_func(he->key, he->key_len, key, key_len)) {
      h->dtor(p);     /* remove the NEW entry */
      return he->ptr; /* return the EXISTING entry */
    }
@@ -183,7 +174,7 @@ Curl_hash_add(struct curl_hash *h, char *key, size_t key_len, void *p)
 }

 /* remove the identified hash entry, returns non-zero on failure */
-int Curl_hash_delete(struct curl_hash *h, char *key, size_t key_len)
+int Curl_hash_delete(struct curl_hash *h, void *key, size_t key_len)
 {
  struct curl_llist_element *le;
  struct curl_hash_element  *he;
@@ -191,7 +182,7 @@ int Curl_hash_delete(struct curl_hash *h, char *key, size_t key_len)

  for (le = l->head; le; le = le->next) {
    he = le->ptr;
-    if (hash_key_compare(he->key, he->key_len, key, key_len)) {
+    if (h->comp_func(he->key, he->key_len, key, key_len)) {
      Curl_llist_remove(l, le, (void *) h);
      return 0;
    }
@@ -200,7 +191,7 @@ int Curl_hash_delete(struct curl_hash *h, char *key, size_t key_len)
 }

 void *
-Curl_hash_pick(struct curl_hash *h, char *key, size_t key_len)
+Curl_hash_pick(struct curl_hash *h, void *key, size_t key_len)
 {
  struct curl_llist_element *le;
  struct curl_hash_element  *he;
@@ -208,7 +199,7 @@ Curl_hash_pick(struct curl_hash *h, char *key, size_t key_len)

  for (le = l->head; le; le = le->next) {
    he = le->ptr;
-    if (hash_key_compare(he->key, he->key_len, key, key_len)) {
+    if (h->comp_func(he->key, he->key_len, key, key_len)) {
      return he->ptr;
    }
  }
@@ -282,6 +273,34 @@ Curl_hash_destroy(struct curl_hash *h)
  free(h);
 }

+size_t Curl_hash_str(void* key, size_t key_length, size_t slots_num)
+{
+  char* key_str = (char *) key;
+  char *end = (char *) key_str + key_length;
+  unsigned long h = 5381;
+
+  while (key_str < end) {
+    h += h << 5;
+    h ^= (unsigned long) *key_str++;
+  }
+
+  return (h % slots_num);
+}
+
+size_t Curl_str_key_compare(void*k1, size_t key1_len, void*k2, size_t key2_len)
+{
+  char *key1 = (char *)k1;
+  char *key2 = (char *)k2;
+
+  if (key1_len == key2_len &&
+      *key1 == *key2 &&
+      memcmp(key1, key2, key1_len) == 0) {
+    return 1;
+  }
+
+  return 0;
+}
+
 #if 0 /* useful function for debugging hashes and their contents */
 void Curl_hash_print(struct curl_hash *h,
                     void (*func)(void *))
--- a/lib/hash.h
+++ b/lib/hash.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -29,10 +29,29 @@

 #include "llist.h"

+/* Hash function prototype */
+typedef size_t (*hash_function) (void* key,
+                                 size_t key_length,
+                                 size_t slots_num);
+
+/*
+   Comparator function prototype. Compares two keys.
+*/
+typedef size_t (*comp_function) (void* key1,
+                                 size_t key1_len,
+                                 void*key2,
+                                 size_t key2_len);
+
 typedef void (*curl_hash_dtor)(void *);

 struct curl_hash {
  struct curl_llist **table;
+
+  /* Hash function to be used for this hash table */
+  hash_function hash_func;
+
+  /* Comparator function to compare keys */
+  comp_function comp_func;
  curl_hash_dtor   dtor;
  int slots;
  size_t size;
@@ -45,11 +64,20 @@ struct curl_hash_element {
 };


-int Curl_hash_init(struct curl_hash *, int, curl_hash_dtor);
-struct curl_hash *Curl_hash_alloc(int, curl_hash_dtor);
-void *Curl_hash_add(struct curl_hash *, char *, size_t, void *);
-int Curl_hash_delete(struct curl_hash *h, char *key, size_t key_len);
-void *Curl_hash_pick(struct curl_hash *, char *, size_t);
+int Curl_hash_init(struct curl_hash *h,
+                   int slots,
+                   hash_function hfunc,
+                   comp_function comparator,
+                   curl_hash_dtor dtor);
+
+struct curl_hash *Curl_hash_alloc(int slots,
+                                  hash_function hfunc,
+                                  comp_function comparator,
+                                  curl_hash_dtor dtor);
+
+void *Curl_hash_add(struct curl_hash *h, void *key, size_t key_len, void *p);
+int Curl_hash_delete(struct curl_hash *h, void *key, size_t key_len);
+void *Curl_hash_pick(struct curl_hash *, void * key, size_t key_len);
 void Curl_hash_apply(struct curl_hash *h, void *user,
                     void (*cb)(void *user, void *ptr));
 int Curl_hash_count(struct curl_hash *h);
@@ -58,4 +86,8 @@ void Curl_hash_clean_with_criterium(struct curl_hash *h, void *user,
                                    int (*comp)(void *, void *));
 void Curl_hash_destroy(struct curl_hash *h);

+size_t Curl_hash_str(void* key, size_t key_length, size_t slots_num);
+size_t Curl_str_key_compare(void*k1, size_t key1_len, void*k2,
+                            size_t key2_len);
+
 #endif
--- a/lib/hostip.c
+++ b/lib/hostip.c
@@ -131,7 +131,8 @@ static void freednsentry(void *freethis);
 void Curl_global_host_cache_init(void)
 {
  if (!host_cache_initialized) {
-    Curl_hash_init(&hostname_cache, 7, freednsentry);
+    Curl_hash_init(&hostname_cache, 7, Curl_hash_str, Curl_str_key_compare,
+                   freednsentry);
    host_cache_initialized = 1;
  }
 }
@@ -537,7 +538,7 @@ static void freednsentry(void *freethis)
 */
 struct curl_hash *Curl_mk_dnscache(void)
 {
-  return Curl_hash_alloc(7, freednsentry);
+  return Curl_hash_alloc(7, Curl_hash_str, Curl_str_key_compare, freednsentry);
 }

 #ifdef CURLRES_ADDRINFO_COPY
@@ -574,6 +575,8 @@ void Curl_freeaddrinfo(Curl_addrinfo *ai)
  /* walk over the list and free all entries */
  while(ai) {
    next = ai->ai_next;
+    if(ai->ai_canonname)
+      free(ai->ai_canonname);
    free(ai);
    ai = next;
  }
--- a/lib/hostip.h
+++ b/lib/hostip.h
@@ -26,9 +26,9 @@
 #include "setup.h"
 #include "hash.h"

-#if (defined(NETWARE) && defined(__NOVELL_LIBC__))
+#ifdef NETWARE
 #undef in_addr_t
-#define in_addr_t uint32_t
+#define in_addr_t unsigned long
 #endif

 /*
--- a/lib/hostip4.c
+++ b/lib/hostip4.c
@@ -284,7 +284,12 @@ Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
     * which the gethostbyname() is the preferred() function.
     */
  else {
+#if (defined(NETWARE) && !defined(__NOVELL_LIBC__))
+    NETDB_DEFINE_CONTEXT
+    h = gethostbyname((char*)hostname);
+#else
    h = gethostbyname(hostname);
+#endif
    if (!h)
      infof(conn->data, "gethostbyname(2) failed for %s\n", hostname);
 #endif /*HAVE_GETHOSTBYNAME_R */
@@ -375,6 +380,9 @@ Curl_addrinfo *Curl_he2ai(const struct hostent *he, int port)
       and use that area to store the address */
    ai->ai_addr = (struct sockaddr *) ((char*)ai + sizeof(Curl_addrinfo));

+    /* FIXME: need to free this eventually */
+    ai->ai_canonname = strdup(he->h_name);
+
    /* leave the rest of the struct filled with zero */

    addr = (struct sockaddr_in *)ai->ai_addr; /* storage area for this info */
--- a/lib/hostip6.c
+++ b/lib/hostip6.c
@@ -279,9 +279,10 @@ Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
    /* the given address is numerical only, prevent a reverse lookup */
    hints.ai_flags = AI_NUMERICHOST;
  }
-#if 0 /* removed nov 8 2005 before 7.15.1 */
-  else
-    hints.ai_flags = AI_CANONNAME;
+#ifdef HAVE_GSSAPI
+  if(conn->data->set.krb)
+    /* if krb is used, we (might) need the canonical host name */
+    hints.ai_flags |= AI_CANONNAME;
 #endif

  if(port) {
--- a/lib/inet_ntop.c
+++ b/lib/inet_ntop.c
@@ -42,6 +42,10 @@

 #include "inet_ntop.h"

+#if (defined(NETWARE) && !defined(__NOVELL_LIBC__))
+NETINET_DEFINE_CONTEXT
+#endif
+
 #if defined(HAVE_INET_NTOA_R) && !defined(HAVE_INET_NTOA_R_DECL)
 /* this platform has a inet_ntoa_r() function, but no proto declared anywhere
   so we include our own proto to make compilers happy */
--- a/lib/krb4.h
+++ b/lib/krb4.h
@@ -40,7 +40,12 @@ struct Curl_sec_client_mech {
 #define AUTH_CONTINUE   1
 #define AUTH_ERROR      2

+#ifdef HAVE_KRB4
 extern struct Curl_sec_client_mech Curl_krb4_client_mech;
+#endif
+#ifdef HAVE_GSSAPI
+extern struct Curl_sec_client_mech Curl_krb5_client_mech;
+#endif

 CURLcode Curl_krb_kauth(struct connectdata *conn);
 int Curl_sec_fflush_fd(struct connectdata *conn, int fd);
--- a/lib/krb5.c
+++ b/lib/krb5.c
@@ -0,0 +1,301 @@
+/* GSSAPI/krb5 support for FTP - loosely based on old krb4.c
+ *
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H<>gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.  */
+
+#include "setup.h"
+
+#ifndef CURL_DISABLE_FTP
+#ifdef HAVE_GSSAPI
+
+#include <stdlib.h>
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#include <string.h>
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_generic.h>
+#include <gssapi/gssapi_krb5.h>
+
+#include "urldata.h"
+#include "base64.h"
+#include "ftp.h"
+#include "sendf.h"
+#include "krb4.h"
+#include "memory.h"
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#define LOCAL_ADDR (&conn->local_addr)
+#define REMOTE_ADDR conn->ip_addr->ai_addr
+
+static int
+krb5_check_prot(void *app_data, int level)
+{
+  app_data = NULL; /* prevent compiler warning */
+  if(level == prot_confidential)
+    return -1;
+  return 0;
+}
+
+static int
+krb5_decode(void *app_data, void *buf, int len, int level,
+            struct connectdata *conn)
+{
+  gss_ctx_id_t *context = app_data;
+  OM_uint32 maj, min;
+  gss_buffer_desc enc, dec;
+
+  /* shut gcc up */
+  level = 0;
+  conn = NULL;
+
+  enc.value = buf;
+  enc.length = len;
+  maj = gss_unseal(&min, *context, &enc, &dec, NULL, NULL);
+  if(maj != GSS_S_COMPLETE) {
+    if(len >= 4)
+      strcpy(buf, "599 ");
+    return -1;
+  }
+
+  memcpy(buf, dec.value, dec.length);
+  len = dec.length;
+  gss_release_buffer(&min, &dec);
+
+  return len;
+}
+
+static int
+krb5_overhead(void *app_data, int level, int len)
+{
+  /* no arguments are used, just init them to prevent compiler warnings */
+  app_data = NULL;
+  level = 0;
+  len = 0;
+  return 0;
+}
+
+static int
+krb5_encode(void *app_data, void *from, int length, int level, void **to,
+            struct connectdata *conn)
+{
+  gss_ctx_id_t *context = app_data;
+  gss_buffer_desc dec, enc;
+  OM_uint32 maj, min;
+  int state;
+  int len;
+
+  /* shut gcc up */
+  conn = NULL;
+
+  dec.value = from;
+  dec.length = length;
+  maj = gss_seal(&min, *context,
+		 level == prot_private,
+		 GSS_C_QOP_DEFAULT,
+		 &dec, &state, &enc);
+
+  if(maj != GSS_S_COMPLETE)
+    return -1;
+
+  /* malloc a new buffer, in case gss_release_buffer doesn't work as expected */
+  *to = malloc(enc.length);
+  if(!*to)
+    return -1;
+  memcpy(*to, enc.value, enc.length);
+  len = enc.length;
+  gss_release_buffer(&min, &enc);
+  return len;
+}
+
+static int
+krb5_auth(void *app_data, struct connectdata *conn)
+{
+  int ret;
+  char *p;
+  const char *host = conn->dns_entry->addr->ai_canonname;
+  ssize_t nread;
+  unsigned int l = sizeof(conn->local_addr);
+  struct SessionHandle *data = conn->data;
+  CURLcode result;
+  const char *service = "ftp", *srv_host = "host";
+  gss_buffer_desc gssbuf, _gssresp, *gssresp;
+  OM_uint32 maj, min;
+  gss_name_t gssname;
+  gss_ctx_id_t *context = app_data;
+  struct gss_channel_bindings_struct chan;
+
+  if(getsockname(conn->sock[FIRSTSOCKET],
+                 (struct sockaddr *)LOCAL_ADDR, &l) < 0)
+    perror("getsockname()");
+
+  chan.initiator_addrtype = GSS_C_AF_INET;
+  chan.initiator_address.length = l - 4;
+  chan.initiator_address.value = &((struct sockaddr_in *)LOCAL_ADDR)->sin_addr.s_addr;
+  chan.acceptor_addrtype = GSS_C_AF_INET;
+  chan.acceptor_address.length = l - 4;
+  chan.acceptor_address.value = &((struct sockaddr_in *)REMOTE_ADDR)->sin_addr.s_addr;
+  chan.application_data.length = 0;
+  chan.application_data.value = NULL;
+
+  /* this loop will execute twice (once for service, once for host) */
+  while(1) {
+    /* this really shouldn't be repeated here, but can't help it */
+    if(service == srv_host) {
+      result = Curl_ftpsendf(conn, "AUTH GSSAPI");
+
+      if(result)
+	return -2;
+      if(Curl_GetFTPResponse(&nread, conn, NULL))
+	return -1;
+
+      if(data->state.buffer[0] != '3')
+	return -1;
+    }
+
+    gssbuf.value = data->state.buffer;
+    gssbuf.length = snprintf(gssbuf.value, BUFSIZE, "%s@%s", service, host);
+    maj = gss_import_name(&min, &gssbuf, gss_nt_service_name, &gssname);
+    if(maj != GSS_S_COMPLETE) {
+      gss_release_name(&min, &gssname);
+      if(service == srv_host) {
+	Curl_failf(data, "Error importing service name %s", gssbuf.value);
+	return AUTH_ERROR;
+      }
+      service = srv_host;
+      continue;
+    }
+    {
+      gss_OID t;
+      gss_display_name(&min, gssname, &gssbuf, &t);
+      Curl_infof(data, "Trying against %s\n", gssbuf.value);
+      gss_release_buffer(&min, &gssbuf);
+    }
+    gssresp = GSS_C_NO_BUFFER;
+    *context = GSS_C_NO_CONTEXT;
+
+    do {
+      ret = AUTH_OK;
+      maj = gss_init_sec_context(&min,
+				 GSS_C_NO_CREDENTIAL,
+				 context,
+				 gssname,
+				 GSS_C_NO_OID,
+				 GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
+				 0,
+				 &chan,
+				 gssresp,
+				 NULL,
+				 &gssbuf,
+				 NULL,
+				 NULL);
+
+      if(gssresp) {
+	free(_gssresp.value);
+	gssresp = NULL;
+      }
+
+      if(maj != GSS_S_COMPLETE && maj != GSS_S_CONTINUE_NEEDED) {
+	Curl_infof(data, "Error creating security context");
+	ret = AUTH_ERROR;
+	break;
+      }
+
+      if(gssbuf.length != 0) {
+	if(Curl_base64_encode(data, (char *)gssbuf.value, gssbuf.length, &p) < 1) {
+	  Curl_infof(data, "Out of memory base64-encoding");
+	  ret = AUTH_CONTINUE;
+	  break;
+	}
+
+	result = Curl_ftpsendf(conn, "ADAT %s", p);
+
+	free(p);
+
+	if(result) {
+	  ret = -2;
+	  break;
+	}
+
+	if(Curl_GetFTPResponse(&nread, conn, NULL)) {
+	  ret = -1;
+	  break;
+	}
+
+	if(data->state.buffer[0] != '2' && data->state.buffer[0] != '3'){
+	  Curl_infof(data, "Server didn't accept auth data\n");
+	  ret = AUTH_ERROR;
+	  break;
+	}
+
+	p = data->state.buffer + 4;
+	p = strstr(p, "ADAT=");
+	if(p) {
+	  _gssresp.length = Curl_base64_decode(p + 5, (unsigned char **)&_gssresp.value);
+	  if(_gssresp.length < 1) {
+	    Curl_failf(data, "Out of memory base64-encoding");
+	    ret = AUTH_CONTINUE;
+	    break;
+	  }
+	}
+
+	gssresp = &_gssresp;
+      }
+    } while(maj == GSS_S_CONTINUE_NEEDED);
+
+    gss_release_name(&min, &gssname);
+
+    if(gssresp)
+      free(_gssresp.value);
+
+    if(ret == AUTH_OK || service == srv_host)
+      return ret;
+
+    service = srv_host;
+  }
+}
+
+struct Curl_sec_client_mech Curl_krb5_client_mech = {
+    "GSSAPI",
+    sizeof(gss_ctx_id_t),
+    NULL, /* init */
+    krb5_auth,
+    NULL, /* end */
+    krb5_check_prot,
+    krb5_overhead,
+    krb5_encode,
+    krb5_decode
+};
+
+#endif /* HAVE_GSSAPI */
+#endif /* CURL_DISABLE_FTP */
--- a/lib/memdebug.c
+++ b/lib/memdebug.c
@@ -280,6 +280,16 @@ FILE *curl_fopen(const char *file, const char *mode,
  return res;
 }

+FILE *curl_fdopen(int filedes, const char *mode,
+                  int line, const char *source)
+{
+  FILE *res=(fdopen)(filedes, mode);
+  if(logfile)
+    fprintf(logfile, "FILE %s:%d fdopen(\"%d\",\"%s\") = %p\n",
+            source, line, filedes, mode, res);
+  return res;
+}
+
 int curl_fclose(FILE *file, int line, const char *source)
 {
  int res;
--- a/lib/memdebug.h
+++ b/lib/memdebug.h
@@ -67,6 +67,8 @@ CURL_EXTERN int curl_accept(int s, void *addr, void *addrlen,
 /* FILE functions */
 CURL_EXTERN FILE *curl_fopen(const char *file, const char *mode, int line,
                             const char *source);
+CURL_EXTERN FILE *curl_fdopen(int filedes, const char *mode, int line,
+                              const char *source);
 CURL_EXTERN int curl_fclose(FILE *file, int line, const char *source);

 #ifndef MEMDEBUG_NODEFINES
@@ -117,6 +119,8 @@ CURL_EXTERN int curl_fclose(FILE *file, int line, const char *source);

 #undef fopen
 #define fopen(file,mode) curl_fopen(file,mode,__LINE__,__FILE__)
+#undef fdopen
+#define fdopen(file,mode) curl_fdopen(file,mode,__LINE__,__FILE__)
 #define fclose(file) curl_fclose(file,__LINE__,__FILE__)

 #endif /* MEMDEBUG_NODEFINES */
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -50,6 +50,15 @@
 /* The last #include file should be: */
 #include "memdebug.h"

+/*
+  CURL_SOCKET_HASH_TABLE_SIZE should be a prime number. Increasing it from 97
+  to 911 takes on a 32-bit machine 4 x 804 = 3211 more bytes.  Still, every
+  CURL handle takes 45-50 K memory, therefore this 3K are not significant.
+*/
+#ifndef CURL_SOCKET_HASH_TABLE_SIZE
+#define CURL_SOCKET_HASH_TABLE_SIZE 911
+#endif
+
 struct Curl_message {
  /* the 'CURLMsg' is the part that is visible to the external user */
  struct CURLMsg extmsg;
@@ -305,6 +314,21 @@ static void sh_freeentry(void *freethis)
  free(p);
 }

+static size_t fd_key_compare(void*k1, size_t k1_len, void*k2, size_t k2_len)
+{
+  (void) k1_len; (void) k2_len;
+
+  return ((*((int* ) k1)) == (*((int* ) k2))) ? 1 : 0;
+}
+
+static size_t hash_fd(void* key, size_t key_length, size_t slots_num)
+{
+  int fd = * ((int* ) key);
+  (void) key_length;
+
+  return (fd % (int)slots_num);
+}
+
 /*
 * sh_init() creates a new socket hash and returns the handle for it.
 *
@@ -325,7 +349,8 @@ static void sh_freeentry(void *freethis)
 */
 static struct curl_hash *sh_init(void)
 {
-  return Curl_hash_alloc(97, sh_freeentry);
+  return Curl_hash_alloc(CURL_SOCKET_HASH_TABLE_SIZE, hash_fd, fd_key_compare,
+                         sh_freeentry);
 }

 CURLM *curl_multi_init(void)
--- a/lib/nwlib.c
+++ b/lib/nwlib.c
@@ -23,9 +23,12 @@

 #ifdef NETWARE /* Novell NetWare */

+#include <stdlib.h>
+
+#ifdef __NOVELL_LIBC__
+/* For native LibC-based NLM we need to register as a real lib. */
 #include <errno.h>
 #include <string.h>
-#include <stdlib.h>
 #include <library.h>
 #include <netware.h>
 #include <screen.h>
@@ -148,7 +151,7 @@ void _NonAppStop( void )
 ** we return a non-zero value. Right now, there isn't any reason not to allow
 ** it.
 */
-int  _NonAppCheckUnload( void )
+int _NonAppCheckUnload( void )
 {
    return 0;
 }
@@ -275,10 +278,10 @@ int GetOrSetUpData(int id, libdata_t **appData,
  return err;
 }

-int DisposeLibraryData( void    *data)
+int DisposeLibraryData( void *data )
 {
  if (data) {
-    void    *tenbytes = ((libdata_t *) data)->tenbytes;
+    void *tenbytes = ((libdata_t *) data)->tenbytes;
    
    if (tenbytes)
      free(tenbytes);
@@ -289,10 +292,10 @@ int DisposeLibraryData( void    *data)
  return 0;
 }

-void DisposeThreadData(void    *data)
+void DisposeThreadData( void *data )
 {
  if (data) {
-    void    *twentybytes = ((libthreaddata_t *) data)->twentybytes;
+    void *twentybytes = ((libthreaddata_t *) data)->twentybytes;
    
    if (twentybytes)
      free(twentybytes);
@@ -301,4 +304,28 @@ void DisposeThreadData(void    *data)
  }
 }

+#else /* __NOVELL_LIBC__ */
+/* For native CLib-based NLM seems we can do a bit more simple. */
+#include <nwthread.h>
+
+/* Make the CLIB Ctx stuff link */
+/*
+#include <stdio.h>
+#include <netdb.h>
+NETDB_DEFINE_CONTEXT
+*/
+
+int main ( void )
+{
+    /* initialize any globals here... */
+
+    /* do this if any global initializing was done 
+    SynchronizeStart();
+    */
+    ExitThread (TSR_THREAD, 0);
+    return 0;
+}
+
+#endif /* __NOVELL_LIBC__ */
+
 #endif /* NETWARE */
--- a/lib/security.c
+++ b/lib/security.c
@@ -41,7 +41,7 @@
 #include "setup.h"

 #ifndef CURL_DISABLE_FTP
-#ifdef HAVE_KRB4
+#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)

 #define _MPRINTF_REPLACE /* we want curl-functions instead of native ones */
 #include <curl/mprintf.h>
@@ -87,8 +87,8 @@ name_to_level(const char *name)
 }

 static const struct Curl_sec_client_mech * const mechs[] = {
-#ifdef KRB5
-  /* not supported */
+#ifdef HAVE_GSSAPI
+    &Curl_krb5_client_mech,
 #endif
 #ifdef HAVE_KRB4
    &Curl_krb4_client_mech,
@@ -118,6 +118,8 @@ block_read(int fd, void *buf, size_t len)
    b = read(fd, p, len);
    if (b == 0)
      return 0;
+    else if (b < 0 && (errno == EINTR || errno == EAGAIN))
+      continue;
    else if (b < 0)
      return -1;
    len -= b;
@@ -127,13 +129,15 @@ block_read(int fd, void *buf, size_t len)
 }

 static int
-block_write(int fd, void *buf, size_t len)
+block_write(int fd, const void *buf, size_t len)
 {
-  unsigned char *p = buf;
+  const unsigned char *p = buf;
  int b;
  while(len) {
    b = write(fd, p, len);
-    if(b < 0)
+    if (b < 0 && (errno == EINTR || errno == EAGAIN))
+      continue;
+    else if(b < 0)
      return -1;
    len -= b;
    p += b;
@@ -155,7 +159,7 @@ sec_get_data(struct connectdata *conn,
    return -1;
  len = ntohl(len);
  buf->data = realloc(buf->data, len);
-  b = block_read(fd, buf->data, len);
+  b = buf->data ? block_read(fd, buf->data, len) : -1;
  if (b == 0)
    return 0;
  else if (b < 0)
@@ -234,11 +238,36 @@ sec_send(struct connectdata *conn, int fd, char *from, int length)
 {
  int bytes;
  void *buf;
-  bytes = (conn->mech->encode)(conn->app_data, from, length, conn->data_prot,
+  enum protection_level protlevel = conn->data_prot;
+  int iscmd = protlevel == prot_cmd;
+
+  if(iscmd) {
+    if(!strncmp(from, "PASS ", 5) || !strncmp(from, "ACCT ", 5))
+      protlevel = prot_private;
+    else
+      protlevel = conn->command_prot;
+  }
+  bytes = (conn->mech->encode)(conn->app_data, from, length, protlevel,
                               &buf, conn);
-  bytes = htonl(bytes);
-  block_write(fd, &bytes, sizeof(bytes));
-  block_write(fd, buf, ntohl(bytes));
+  if(iscmd) {
+    char *cmdbuf;
+
+    bytes = Curl_base64_encode(conn->data, (char *)buf, bytes, &cmdbuf);
+    if(bytes > 0) {
+      if(protlevel == prot_private)
+	block_write(fd, "ENC ", 4);
+      else
+	block_write(fd, "MIC ", 4);
+      block_write(fd, cmdbuf, bytes);
+      block_write(fd, "\r\n", 2);
+      Curl_infof(conn->data, "%s %s\n", protlevel == prot_private ? "ENC" : "MIC", cmdbuf);
+      free(cmdbuf);
+    }
+  } else {
+    bytes = htonl(bytes);
+    block_write(fd, &bytes, sizeof(bytes));
+    block_write(fd, buf, ntohl(bytes));
+  }
  free(buf);
  return length;
 }
@@ -267,6 +296,8 @@ Curl_sec_write(struct connectdata *conn, int fd, char *buffer, int length)
    return write(fd, buffer, length);

  len -= (conn->mech->overhead)(conn->app_data, conn->data_prot, len);
+  if(len <= 0)
+    len = length;
  while(length){
    if(length < len)
      len = length;
@@ -319,6 +350,11 @@ Curl_sec_read_msg(struct connectdata *conn, char *s, int level)
    return -1;
  }

+  if(conn->data->set.verbose) {
+    buf[len] = '\n';
+    Curl_debug(conn->data, CURLINFO_HEADER_IN, (char *)buf, len + 1, conn);
+  }
+
  buf[len] = '\0';

  if(buf[3] == '-')
@@ -360,7 +396,7 @@ sec_prot_internal(struct connectdata *conn, int level)
    if(Curl_GetFTPResponse(&nread, conn, &code))
      return -1;

-    if(code/100 != '2'){
+    if(code/100 != 2){
      failf(conn->data, "Failed to set protection buffer size.");
      return -1;
    }
@@ -385,6 +421,8 @@ sec_prot_internal(struct connectdata *conn, int level)
  }

  conn->data_prot = (enum protection_level)level;
+  if(level == prot_private)
+    conn->command_prot = (enum protection_level)level;
  return 0;
 }

@@ -468,6 +506,9 @@ Curl_sec_login(struct connectdata *conn)
    conn->mech = *m;
    conn->sec_complete = 1;
    conn->command_prot = prot_safe;
+    /* Set the requested protection level */
+    /* BLOCKING */
+    Curl_sec_set_protection_level(conn);
    break;
  }

--- a/lib/sendf.c
+++ b/lib/sendf.c
@@ -47,7 +47,7 @@
 #define _MPRINTF_REPLACE /* use the internal *printf() functions */
 #include <curl/mprintf.h>

-#ifdef HAVE_KRB4
+#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
 #include "krb4.h"
 #else
 #define Curl_sec_send(a,b,c,d) -1
@@ -365,7 +365,7 @@ CURLcode Curl_write(struct connectdata *conn,
    bytes_written = Curl_sftp_send(conn, num, mem, len);
 #endif /* !USE_LIBSSH2 */
  else if(conn->sec_complete)
-    /* only TRUE if krb4 enabled */
+    /* only TRUE if krb enabled */
    bytes_written = Curl_sec_send(conn, num, mem, len);
  else
    bytes_written = Curl_plain_send(conn, num, mem, len);
--- a/lib/setup.h
+++ b/lib/setup.h
@@ -315,6 +315,10 @@ int fileno( FILE *stream);
 #endif

 #ifdef NETWARE
+#ifndef __NOVELL_LIBC__
+#include <sys/bsdskt.h>
+#include <sys/timeval.h>
+#endif
 #undef HAVE_ALARM
 #endif

--- a/lib/ssh.c
+++ b/lib/ssh.c
@@ -1125,7 +1125,7 @@ CURLcode Curl_scp_do(struct connectdata *conn, bool *done)

  if (conn->data->set.upload) {
    if(conn->data->set.infilesize < 0) {
-      failf(conn->data, "SCP requries a known file size for upload");
+      failf(conn->data, "SCP requires a known file size for upload");
      return CURLE_UPLOAD_FAILED;
    }
    /*
@@ -1137,23 +1137,23 @@ CURLcode Curl_scp_do(struct connectdata *conn, bool *done)
 #if (LIBSSH2_APINO >= 200706012030)
    do {
      scp->ssh_channel = libssh2_scp_send_ex(scp->ssh_session, scp->path,
-                                             LIBSSH2_SFTP_S_IRUSR|
-                                             LIBSSH2_SFTP_S_IWUSR|
-                                             LIBSSH2_SFTP_S_IRGRP|
-                                             LIBSSH2_SFTP_S_IROTH,
+                                             conn->data->set.new_file_perms,
                                             conn->data->set.infilesize, 0, 0);
      if (!scp->ssh_channel &&
          (libssh2_session_last_errno(scp->ssh_session) !=
           LIBSSH2_ERROR_EAGAIN)) {
-        return CURLE_FAILED_INIT;
+        int err;
+        char *err_msg;
+
+        err = libssh2_session_error_to_CURLE(
+            libssh2_session_last_error(scp->ssh_session, &err_msg, NULL, 0));
+        failf(conn->data, "%s", err_msg);
+        return err;
      }
    } while (!scp->ssh_channel);
 #else /* !(LIBSSH2_APINO >= 200706012030) */
    scp->ssh_channel = libssh2_scp_send_ex(scp->ssh_session, scp->path,
-                                           LIBSSH2_SFTP_S_IRUSR|
-                                           LIBSSH2_SFTP_S_IWUSR|
-                                           LIBSSH2_SFTP_S_IRGRP|
-                                           LIBSSH2_SFTP_S_IROTH,
+                                           conn->data->set.new_file_perms,
                                           conn->data->set.infilesize, 0, 0);
    if (!scp->ssh_channel)
      return CURLE_FAILED_INIT;
@@ -1363,8 +1363,7 @@ CURLcode Curl_sftp_do(struct connectdata *conn, bool *done)
      sftp->sftp_handle =
        libssh2_sftp_open(sftp->sftp_session, sftp->path,
                        LIBSSH2_FXF_WRITE|LIBSSH2_FXF_CREAT|LIBSSH2_FXF_TRUNC,
-                        LIBSSH2_SFTP_S_IRUSR|LIBSSH2_SFTP_S_IWUSR|
-                        LIBSSH2_SFTP_S_IRGRP|LIBSSH2_SFTP_S_IROTH);
+                        data->set.new_file_perms);
      if (!sftp->sftp_handle &&
          (libssh2_session_last_errno(sftp->ssh_session) !=
           LIBSSH2_ERROR_EAGAIN)) {
@@ -1381,8 +1380,7 @@ CURLcode Curl_sftp_do(struct connectdata *conn, bool *done)
              sftp->sftp_handle = libssh2_sftp_open(sftp->sftp_session,
                          sftp->path,
                          LIBSSH2_FXF_WRITE|LIBSSH2_FXF_CREAT|LIBSSH2_FXF_TRUNC,
-                          LIBSSH2_SFTP_S_IRUSR|LIBSSH2_SFTP_S_IWUSR|
-                          LIBSSH2_SFTP_S_IRGRP|LIBSSH2_SFTP_S_IROTH);
+                          data->set.new_file_perms);
              if (!sftp->sftp_handle &&
                  (libssh2_session_last_errno(sftp->ssh_session) !=
                   LIBSSH2_ERROR_EAGAIN)) {
@@ -1406,8 +1404,7 @@ CURLcode Curl_sftp_do(struct connectdata *conn, bool *done)
    sftp->sftp_handle =
      libssh2_sftp_open(sftp->sftp_session, sftp->path,
                        LIBSSH2_FXF_WRITE|LIBSSH2_FXF_CREAT|LIBSSH2_FXF_TRUNC,
-                        LIBSSH2_SFTP_S_IRUSR|LIBSSH2_SFTP_S_IWUSR|
-                        LIBSSH2_SFTP_S_IRGRP|LIBSSH2_SFTP_S_IROTH);
+                        data->set.new_file_perms);
    if (!sftp->sftp_handle) {
      err = libssh2_sftp_last_error(sftp->sftp_session);
      if (((err == LIBSSH2_FX_NO_SUCH_FILE) ||
@@ -1420,8 +1417,7 @@ CURLcode Curl_sftp_do(struct connectdata *conn, bool *done)
        if (res == 0) {
          sftp->sftp_handle = libssh2_sftp_open(sftp->sftp_session, sftp->path,
                    LIBSSH2_FXF_WRITE|LIBSSH2_FXF_CREAT|LIBSSH2_FXF_TRUNC,
-                    LIBSSH2_SFTP_S_IRUSR|LIBSSH2_SFTP_S_IWUSR|
-                    LIBSSH2_SFTP_S_IRGRP|LIBSSH2_SFTP_S_IROTH);
+                    data->set.new_file_perms);
        }
      }
      if (!sftp->sftp_handle) {
@@ -1487,11 +1483,14 @@ CURLcode Curl_sftp_do(struct connectdata *conn, bool *done)
          filename[len] = '\0';

          if (data->set.ftp_list_only) {
-            if ((attrs.flags & LIBSSH2_SFTP_ATTR_PERMISSIONS) &&
-                ((attrs.permissions & LIBSSH2_SFTP_S_IFMT) ==
-                 LIBSSH2_SFTP_S_IFDIR)) {
-              infof(data, "%s\n", filename);
+            char *tmpLine;
+
+            tmpLine = aprintf("%s\n", filename);
+            if (tmpLine == NULL) {
+              return CURLE_OUT_OF_MEMORY;
            }
+            res = Curl_client_write(conn, CLIENTWRITE_BODY, tmpLine, 0);
+            Curl_safefree(tmpLine);
          }
          else {
            totalLen = 80 + len;
@@ -1633,8 +1632,7 @@ CURLcode Curl_sftp_do(struct connectdata *conn, bool *done)
      do {
        sftp->sftp_handle =
          libssh2_sftp_open(sftp->sftp_session, sftp->path, LIBSSH2_FXF_READ,
-                          LIBSSH2_SFTP_S_IRUSR|LIBSSH2_SFTP_S_IWUSR|
-                          LIBSSH2_SFTP_S_IRGRP|LIBSSH2_SFTP_S_IROTH);
+                          data->set.new_file_perms);
        if (!sftp->sftp_handle &&
            (libssh2_session_last_errno(sftp->ssh_session) !=
                                   LIBSSH2_ERROR_EAGAIN)) {
@@ -1647,8 +1645,7 @@ CURLcode Curl_sftp_do(struct connectdata *conn, bool *done)
 #else /* !(LIBSSH2_APINO >= 200706012030) */
      sftp->sftp_handle =
        libssh2_sftp_open(sftp->sftp_session, sftp->path, LIBSSH2_FXF_READ,
-                          LIBSSH2_SFTP_S_IRUSR|LIBSSH2_SFTP_S_IWUSR|
-                          LIBSSH2_SFTP_S_IRGRP|LIBSSH2_SFTP_S_IROTH);
+                          data->set.new_file_perms);
      if (!sftp->sftp_handle) {
        err = libssh2_sftp_last_error(sftp->sftp_session);
        failf(conn->data, "Could not open remote file for reading: %s",
@@ -2301,15 +2298,11 @@ static CURLcode sftp_create_dirs(struct connectdata *conn) {
      /* 'mode' - parameter is preliminary - default to 0644 */
 #if (LIBSSH2_APINO >= 200706012030)
      while ((rc = libssh2_sftp_mkdir(sftp->sftp_session, sftp->path,
-                               LIBSSH2_SFTP_S_IRWXU |
-                               LIBSSH2_SFTP_S_IRGRP | LIBSSH2_SFTP_S_IXGRP |
-                               LIBSSH2_SFTP_S_IROTH | LIBSSH2_SFTP_S_IXOTH)) ==
+                                      conn->data->set.new_directory_perms)) ==
             LIBSSH2_ERROR_EAGAIN);
 #else /* !(LIBSSH2_APINO >= 200706012030) */
      rc = libssh2_sftp_mkdir(sftp->sftp_session, sftp->path,
-                               LIBSSH2_SFTP_S_IRWXU |
-                               LIBSSH2_SFTP_S_IRGRP | LIBSSH2_SFTP_S_IXGRP |
-                               LIBSSH2_SFTP_S_IROTH | LIBSSH2_SFTP_S_IXOTH);
+                               conn->data->set.new_directory_perms);
 #endif /* !(LIBSSH2_APINO >= 200706012030) */
      *slash_pos = '/';
      ++slash_pos;
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -574,14 +574,16 @@ CURLcode Curl_readwrite(struct connectdata *conn,
                k->header = FALSE; /* no more header to parse! */

                if((k->size == -1) && !conn->bits.chunk && !conn->bits.close &&
-                   (k->httpversion >= 11) )
+                   (k->httpversion >= 11) ) {
                  /* On HTTP 1.1, when connection is not to get closed, but no
                     Content-Length nor Content-Encoding chunked have been
-                     received, there is no body in this response. We don't set
-                     stop_reading TRUE since that would also prevent necessary
-                     authentication actions to take place. */
-                  conn->bits.no_body = TRUE;
-
+                     received, according to RFC2616 section 4.4 point 5, we
+                     assume that the server will close the connection to
+                     signal the end of the document. */
+                  infof(data, "no chunk, no close, no size. Assume close to "
+                        "signal end\n");
+                  conn->bits.close = TRUE;
+                }
              }

              if (417 == k->httpcode) {
@@ -800,11 +802,13 @@ CURLcode Curl_readwrite(struct connectdata *conn,
                  }
                }

-                if(k->httpversion == 10)
+                if(k->httpversion == 10) {
                  /* Default action for HTTP/1.0 must be to close, unless
                     we get one of those fancy headers that tell us the
                     server keeps it open for us! */
+                  infof(data, "HTTP 1.0, assume close after body\n");
                  conn->bits.close = TRUE;
+                }

                switch(k->httpcode) {
                case 204:
@@ -1720,8 +1724,6 @@ CURLcode Curl_readwrite_init(struct connectdata *conn)
 */
 void Curl_pre_readwrite(struct connectdata *conn)
 {
-  DEBUGF(infof(conn->data, "Pre readwrite setting chunky header "
-               "values to default\n"));
  conn->bits.chunk=FALSE;
  conn->bits.trailerHdrPresent=FALSE;
 }
--- a/lib/url.c
+++ b/lib/url.c
@@ -146,9 +146,6 @@ void idn_free (void *ptr); /* prototype from idn-free.h, not provided by
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>

-#ifdef HAVE_KRB4
-#include "krb4.h"
-#endif
 #include "memory.h"

 /* The last #include file should be: */
@@ -595,6 +592,8 @@ CURLcode Curl_open(struct SessionHandle **curl)

    data->set.ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth
                                                        type */
+    data->set.new_file_perms = 0644;    /* Default permissions */
+    data->set.new_directory_perms = 0755; /* Default permissions */

    /* most recent connection is not yet defined */
    data->state.lastconnect = -1;
@@ -1496,12 +1495,12 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
     */
    data->set.localportrange = (int) va_arg(param, long);
    break;
-  case CURLOPT_KRB4LEVEL:
+  case CURLOPT_KRBLEVEL:
    /*
-     * A string that defines the krb4 security level.
+     * A string that defines the kerberos security level.
     */
-    data->set.krb4_level = va_arg(param, char *);
-    data->set.krb4 = (bool)(NULL != data->set.krb4_level);
+    data->set.krb_level = va_arg(param, char *);
+    data->set.krb = (bool)(NULL != data->set.krb_level);
    break;
  case CURLOPT_SSL_VERIFYPEER:
    /*
@@ -1759,6 +1758,21 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
     */
    data->set.http_ce_skip = (bool)(0 == va_arg(param, long));
    break;
+
+  case CURLOPT_NEW_FILE_PERMS:
+    /*
+     * Uses these permissions instead of 0644
+     */
+    data->set.new_file_perms = va_arg(param, long);
+    break;
+
+  case CURLOPT_NEW_DIRECTORY_PERMS:
+    /*
+     * Uses these permissions instead of 0755
+     */
+    data->set.new_directory_perms = va_arg(param, long);
+    break;
+
  default:
    /* unknown tag and its companion, just ignore: */
    result = CURLE_FAILED_INIT; /* correct this */
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -133,8 +133,8 @@
   We prefix with CURL to prevent name collisions. */
 #define CURLMAX(x,y) ((x)>(y)?(x):(y))

-#ifdef HAVE_KRB4
-/* Types needed for krb4-ftp connections */
+#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
+/* Types needed for krb4/5-ftp connections */
 struct krb4buffer {
  void *data;
  size_t size;
@@ -145,7 +145,8 @@ enum protection_level {
  prot_clear,
  prot_safe,
  prot_confidential,
-  prot_private
+  prot_private,
+  prot_cmd
 };
 #endif

@@ -882,8 +883,8 @@ struct connectdata {
    char *cookiehost; /* free later if not NULL */
  } allocptr;

-  int sec_complete; /* if krb4 is enabled for this connection */
-#ifdef HAVE_KRB4
+  int sec_complete; /* if kerberos is enabled for this connection */
+#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
  enum protection_level command_prot;
  enum protection_level data_prot;
  enum protection_level request_data_prot;
@@ -1277,7 +1278,7 @@ struct UserDefined {
                    * to which to send the authorization data to, and no other
                    * host (which location-following otherwise could lead to)
                    */
-  char *krb4_level; /* what security level */
+  char *krb_level;  /* what security level */
  struct ssl_config_data ssl;  /* user defined SSL stuff */

  curl_proxytype proxytype; /* what kind of proxy that is in use */
@@ -1331,7 +1332,7 @@ struct UserDefined {
  char *netrc_file;      /* if not NULL, use this instead of trying to find
                            $HOME/.netrc */
  bool verbose;
-  bool krb4;             /* kerberos4 connection requested */
+  bool krb;              /* kerberos connection requested */
  bool reuse_forbid;     /* forbidden to be reused, close after use */
  bool reuse_fresh;      /* do not re-use an existing connection  */
  bool ftp_use_epsv;     /* if EPSV is to be attempted or not */
@@ -1356,6 +1357,8 @@ struct UserDefined {
                            transfer-encoded (chunked, compressed) */
  bool http_ce_skip;     /* pass the raw body data to the user, even when
                            content-encoded (chunked, compressed) */
+  long new_file_perms;    /* Permissions to use when creating remote files */
+  long new_directory_perms; /* Permissions to use when creating remote dirs */
 };

 struct Names {
--- a/src/Makefile.m32
+++ b/src/Makefile.m32
@@ -19,6 +19,8 @@ ifndef ZLIB_PATH
 ZLIB_PATH = ../../zlib-1.2.3
 endif

+ARES_LIB = ../ares
+
 CC = gcc
 CFLAGS = -g -O2
 LDFLAGS =
@@ -47,6 +49,10 @@ else
  curl_LDADD = -L../lib -lcurl
  COMPILE += -DCURL_STATICLIB
 endif
+ifdef ARES
+  CFLAGS += -DUSE_ARES
+  curl_LDADD += -L$(ARES_LIB) -lcares
+endif
 ifdef SSH2
  CFLAGS += -DUSE_LIBSSH2 -DHAVE_LIBSSH2_H
  curl_LDADD += -L$(LIBSSH2_PATH)/win32 -lssh2
--- a/src/Makefile.netware
+++ b/src/Makefile.netware
@@ -36,12 +36,12 @@ endif
 TARGET  = curl
 VERSION	= $(LIBCURL_VERSION)
 COPYR	= Copyright (C) 1996 - 2007, Daniel Stenberg, <daniel@haxx.se>
-DESCR	= cURL $(LIBCURL_VERSION_STR) - http://curl.haxx.se
+DESCR	= cURL $(LIBCURL_VERSION_STR) ($(LIBARCH)) - http://curl.haxx.se
 MTSAFE	= YES
 STACK	= 64000
 SCREEN	= $(TARGET) commandline utility
 # Comment the line below if you dont want to load protected automatically.
-LDRING	= 3
+#LDRING	= 3

 # Edit the var below to point to your lib architecture.
 ifndef LIBARCH
@@ -61,15 +61,19 @@ else
 	OBJDIR	= debug
 endif

-# Include the version info retrieved from curlver.h
-include $(OBJDIR)/version.inc
-
-# The following line defines your compiler.
+# The following lines defines your compiler.
+ifdef CWFolder
+	METROWERKS = $(CWFolder)
+endif
 ifdef METROWERKS
+	# MWCW_PATH = $(subst \,/,$(METROWERKS))/Novell Support
+	MWCW_PATH = $(subst \,/,$(METROWERKS))/Novell Support/Metrowerks Support
 	CC = mwccnlm
 else
 	CC = gcc
 endif
+# a native win32 awk can be downloaded from here:
+# http://www.gknw.net/development/prgtools/awk-20050424.zip
 AWK	= awk
 CP	= cp -afv
 # RM	= rm -f
@@ -78,6 +82,12 @@ CP	= cp -afv
 # http://www.gknw.net/development/prgtools/mkxdc.zip
 MPKXDC	= mkxdc

+# LIBARCH_U = $(shell $(AWK) 'BEGIN {print toupper(ARGV[1])}' $(LIBARCH))
+LIBARCH_L = $(shell $(AWK) 'BEGIN {print tolower(ARGV[1])}' $(LIBARCH))
+
+# Include the version info retrieved from curlver.h
+-include $(OBJDIR)/version.inc
+
 # Global flags for all compilers
 CFLAGS	= $(OPT) -D$(DB) -DNETWARE -DHAVE_CONFIG_H -nostdinc

@@ -92,8 +102,10 @@ ifeq ($(LIBARCH),LIBC)
 	PRELUDE = $(SDK_LIBC)/imports/libcpre.o
 	CFLAGS += -align 4
 else
-	PRELUDE = "$(METROWERKS)/Novell Support/libraries/runtime/prelude.obj"
-#	CFLAGS += -include "$(METROWERKS)/Novell Support/headers/nlm_prefix.h"
+	# PRELUDE = $(SDK_CLIB)/imports/clibpre.o
+	# to avoid the __init_* / __deinit_* whoes dont use prelude from NDK
+	PRELUDE = "$(MWCW_PATH)/libraries/runtime/prelude.obj"
+	# CFLAGS += -include "$(MWCW_PATH)/headers/nlm_clib_prefix.h"
 	CFLAGS += -align 1
 endif
 else
@@ -105,7 +117,10 @@ CFLAGS	+= -Wall # -pedantic
 ifeq ($(LIBARCH),LIBC)
 	PRELUDE = $(SDK_LIBC)/imports/libcpre.gcc.o
 else
-	PRELUDE = $(SDK_CLIB)/imports/clibpre.gcc.o
+	# PRELUDE = $(SDK_CLIB)/imports/clibpre.gcc.o
+	# to avoid the __init_* / __deinit_* whoes dont use prelude from NDK
+	# http://www.gknw.net/development/mk_nlm/gcc_pre.zip
+	PRELUDE = $(NDK_ROOT)/pre/prelude.o
 	CFLAGS += -include $(NDKBASE)/nlmconv/genlm.h
 endif
 endif
@@ -122,6 +137,9 @@ INCLUDES = -I$(CURL_INC) -I$(CURL_LIB)

 ifdef LINK_STATIC
 	LDLIBS	= $(CURL_LIB)/libcurl.$(LIBEXT)
+ifdef WITH_ARES
+	LDLIBS += $(ARES_LIB)/libcares.$(LIBEXT)
+endif
 else
 	MODULES	= libcurl.nlm
 	IMPORTS	= @$(CURL_LIB)/libcurl.imp
@@ -129,10 +147,10 @@ endif
 ifdef WITH_ZLIB
 	INCLUDES += -I$(ZLIB_PATH)
 ifdef LINK_STATIC
-	LDLIBS += $(ZLIB_PATH)/nw/libz.$(LIBEXT)
+	LDLIBS += $(ZLIB_PATH)/nw/$(LIBARCH)/libz.$(LIBEXT)
 else
 	MODULES += libz.nlm
-	IMPORTS += @$(ZLIB_PATH)/nw/libz.imp
+	IMPORTS += @$(ZLIB_PATH)/nw/$(LIBARCH)/libz.imp
 endif
 endif
 ifdef WITH_SSH2
@@ -145,21 +163,21 @@ else
 endif
 endif
 ifdef WITH_SSL
-	LDLIBS += $(OPENSSL_PATH)/out_nw_libc/ssl.$(LIBEXT)
-	LDLIBS += $(OPENSSL_PATH)/out_nw_libc/crypto.$(LIBEXT)
+	LDLIBS += $(OPENSSL_PATH)/out_nw_$(LIBARCH_L)/ssl.$(LIBEXT)
+	LDLIBS += $(OPENSSL_PATH)/out_nw_$(LIBARCH_L)/crypto.$(LIBEXT)
 	IMPORTS += GetProcessSwitchCount RunningProcess
 endif

 ifeq ($(LIBARCH),LIBC)
-	INCLUDES += -I$(SDK_LIBC)/include -I$(SDK_LIBC)/include/nks
+	INCLUDES += -I$(SDK_LIBC)/include
+	# INCLUDES += -I$(SDK_LIBC)/include/nks
 	# INCLUDES += -I$(SDK_LIBC)/include/winsock
 	# INCLUDES += -I$(SDK_LDAP)/libc/inc
 	CFLAGS += -D_POSIX_SOURCE
-	# CFLAGS += -D__ANSIC__
 else
-	INCLUDES += -I$(SDK_CLIB)/include/nlm -I$(SDK_CLIB)/include
+	INCLUDES += -I$(SDK_CLIB)/include/nlm
+	# INCLUDES += -I$(SDK_CLIB)/include
 	# INCLUDES += -I$(SDK_LDAP)/clib/inc
-	CFLAGS += -DNETDB_USE_INTERNET
 endif
 CFLAGS	+= $(INCLUDES)

@@ -206,7 +224,7 @@ dist: all
 	-$(RM) $(OBJDIR)/$(TARGET).def $(OBJDIR)/version.inc $(XDCDATA)

 install: $(INSTDIR) all
-	@$(CP) ../docs/$(TARGET).pdf $(INSTDIR)
+	@-$(CP) ../docs/$(TARGET).pdf $(INSTDIR)
 	@$(CP) $(TARGET).nlm $(INSTDIR)

 clean:
@@ -317,72 +335,96 @@ config.h: Makefile.netware
 	@echo $(DL)#ifndef NETWARE$(DL) >> $@
 	@echo $(DL)#error This $(notdir $@) is created for NetWare platform!$(DL) >> $@
 	@echo $(DL)#endif$(DL) >> $@
-	@echo $(DL)#define OS "i586-pc-NetWare"$(DL) >> $@
 	@echo $(DL)#define VERSION "$(LIBCURL_VERSION_STR)"$(DL) >> $@
 	@echo $(DL)#define PACKAGE_BUGREPORT "a suitable curl mailing list => http://curl.haxx.se/mail/"$(DL) >> $@
-	@echo $(DL)#define USE_MANUAL 1$(DL) >> $@
-	@echo $(DL)#define HAVE_ARPA_INET_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_ASSERT_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_DLFCN_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_DLOPEN 1$(DL) >> $@
-	@echo $(DL)#define HAVE_ERR_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_FCNTL_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_FIONBIO 1$(DL) >> $@
-	@echo $(DL)#define HAVE_FTRUNCATE 1$(DL) >> $@
-	@echo $(DL)#define HAVE_GETHOSTBYADDR 1$(DL) >> $@
-	@echo $(DL)#define HAVE_GETTIMEOFDAY 1$(DL) >> $@
-	@echo $(DL)#define HAVE_INET_ADDR 1$(DL) >> $@
-	@echo $(DL)#define HAVE_INET_NTOA 1$(DL) >> $@
-	@echo $(DL)#define HAVE_INET_PTON 1$(DL) >> $@
-	@echo $(DL)#define HAVE_INTTYPES_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_LIMITS_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_LONGLONG 1$(DL) >> $@
-	@echo $(DL)#define HAVE_MALLOC_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_NETINET_IN_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_RECV 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SELECT 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SEND 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SETJMP_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SIGNAL 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SIGNAL_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SIG_ATOMIC_T 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SOCKET 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STDINT_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STDLIB_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRCASECMP 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRDUP 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRFTIME 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRING_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRLCAT 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRLCPY 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRSTR 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SYS_PARAM_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SYS_SELECT_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SYS_STAT_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SYS_TIME_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_TERMIOS_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_TIME_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_UNAME 1$(DL) >> $@
-	@echo $(DL)#define HAVE_UNISTD_H 1$(DL) >> $@
+ifeq ($(LIBARCH),CLIB)
+	@echo $(DL)#define OS "i586-pc-clib-NetWare"$(DL) >> $@
+	@echo $(DL)#define NETDB_USE_INTERNET 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRICMP 1$(DL) >> $@
 	@echo $(DL)#define RECV_TYPE_ARG1 int$(DL) >> $@
 	@echo $(DL)#define RECV_TYPE_ARG2 char *$(DL) >> $@
 	@echo $(DL)#define RECV_TYPE_ARG3 int$(DL) >> $@
 	@echo $(DL)#define RECV_TYPE_ARG4 int$(DL) >> $@
 	@echo $(DL)#define RECV_TYPE_RETV int$(DL) >> $@
-	@echo $(DL)#define RETSIGTYPE void$(DL) >> $@
 	@echo $(DL)#define SEND_QUAL_ARG2$(DL) >> $@
 	@echo $(DL)#define SEND_TYPE_ARG1 int$(DL) >> $@
 	@echo $(DL)#define SEND_TYPE_ARG2 char *$(DL) >> $@
 	@echo $(DL)#define SEND_TYPE_ARG3 int$(DL) >> $@
 	@echo $(DL)#define SEND_TYPE_ARG4 int$(DL) >> $@
 	@echo $(DL)#define SEND_TYPE_RETV int$(DL) >> $@
-	@echo $(DL)#define SIZEOF_CURL_OFF_T 4$(DL) >> $@
-	@echo $(DL)#define STDC_HEADERS 1$(DL) >> $@
-	@echo $(DL)#define TIME_WITH_SYS_TIME 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRUCT_TIMEVAL 1$(DL) >> $@
+	@echo $(DL)#define socklen_t int$(DL) >> $@
+	@echo $(DL)#define pressanykey PressAnyKeyToContinue$(DL) >> $@
+else
+	@echo $(DL)#define OS "i586-pc-libc-NetWare"$(DL) >> $@
+	@echo $(DL)#define HAVE_DLFCN_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_DLOPEN 1$(DL) >> $@
+	@echo $(DL)#define HAVE_FTRUNCATE 1$(DL) >> $@
+	@echo $(DL)#define HAVE_GETTIMEOFDAY 1$(DL) >> $@
+	@echo $(DL)#define HAVE_INET_PTON 1$(DL) >> $@
+	@echo $(DL)#define HAVE_INTTYPES_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_LIMITS_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_LONGLONG 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STDINT_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRCASECMP 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRLCAT 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRLCPY 1$(DL) >> $@
+	@echo $(DL)#define HAVE_SYS_PARAM_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_SYS_SELECT_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_TERMIOS_H 1$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG1 int$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG2 void *$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG3 size_t$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_ARG4 int$(DL) >> $@
+	@echo $(DL)#define RECV_TYPE_RETV ssize_t$(DL) >> $@
+	@echo $(DL)#define SEND_QUAL_ARG2$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG1 int$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG2 void *$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG3 size_t$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_ARG4 int$(DL) >> $@
+	@echo $(DL)#define SEND_TYPE_RETV ssize_t$(DL) >> $@
 ifdef ENABLE_IPV6
 	@echo $(DL)#define ENABLE_IPV6 1$(DL) >> $@
 endif
+endif
+	@echo $(DL)#define USE_MANUAL 1$(DL) >> $@
+	@echo $(DL)#define HAVE_ARPA_INET_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_ASSERT_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_ERR_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_FCNTL_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_FIONBIO 1$(DL) >> $@
+	@echo $(DL)#define HAVE_GETHOSTBYADDR 1$(DL) >> $@
+	@echo $(DL)#define HAVE_INET_ADDR 1$(DL) >> $@
+	@echo $(DL)#define HAVE_INET_NTOA 1$(DL) >> $@
+	@echo $(DL)#define HAVE_LL 1$(DL) >> $@
+	@echo $(DL)#define HAVE_LOCALE_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_MALLOC_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_NETINET_IN_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_RECV 1$(DL) >> $@
+	@echo $(DL)#define HAVE_SELECT 1$(DL) >> $@
+	@echo $(DL)#define HAVE_SEND 1$(DL) >> $@
+	@echo $(DL)#define HAVE_SETJMP_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_SETLOCALE 1$(DL) >> $@
+	@echo $(DL)#define HAVE_SIGNAL 1$(DL) >> $@
+	@echo $(DL)#define HAVE_SIGNAL_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_SIG_ATOMIC_T 1$(DL) >> $@
+	@echo $(DL)#define HAVE_SOCKET 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STDLIB_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRDUP 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRFTIME 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRING_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRSTR 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRUCT_TIMEVAL 1$(DL) >> $@
+	@echo $(DL)#define HAVE_SYS_STAT_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_SYS_TIME_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_TIME_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_UNAME 1$(DL) >> $@
+	@echo $(DL)#define HAVE_UNISTD_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_UTIME 1$(DL) >> $@
+	@echo $(DL)#define HAVE_UTIME_H 1$(DL) >> $@
+	@echo $(DL)#define RETSIGTYPE void$(DL) >> $@
+	@echo $(DL)#define SIZEOF_CURL_OFF_T 4$(DL) >> $@
+	@echo $(DL)#define STDC_HEADERS 1$(DL) >> $@
+	@echo $(DL)#define TIME_WITH_SYS_TIME 1$(DL) >> $@
 ifdef NW_WINSOCK
 	@echo $(DL)#define HAVE_CLOSESOCKET 1$(DL) >> $@
 else
@@ -428,4 +470,7 @@ hugehelp.c:
 	@echo Creating $@
 	@$(CP) hugehelp.c.cvs $@

+$(ARES_LIB)/libcares.$(LIBEXT):
+	$(MAKE) -C $(ARES_LIB) -f Makefile.netware lib
+

--- a/src/getpass.c
+++ b/src/getpass.c
@@ -126,11 +126,40 @@ char *getpass_r(const char *prompt, char *buffer, size_t buflen)

 #ifdef NETWARE
 /* NetWare implementation */
+#ifdef __NOVELL_LIBC__
 #include <screen.h>
 char *getpass_r(const char *prompt, char *buffer, size_t buflen)
 {
  return getpassword(prompt, buffer, buflen);
 }
+#else
+#include <nwconio.h>
+char *getpass_r(const char *prompt, char *buffer, size_t buflen)
+{
+  size_t i = 0;
+
+  printf("%s", prompt);
+  do {
+    buffer[i++] = getch();
+    if (buffer[i-1] == '\b') {
+      /* remove this letter and if this is not the first key,
+         remove the previous one as well */
+      if (i > 1) {   
+        printf("\b \b");
+        i = i - 2;
+      } else {
+        RingTheBell();
+        i = i - 1;
+      }
+    } else if (buffer[i-1] != 13) {
+      putchar('*');
+    }
+  } while ((buffer[i-1] != 13) && (i < buflen));
+  buffer[i-1] = 0;
+  printf("\r\n");
+  return buffer;
+}
+#endif /* __NOVELL_LIBC__ */
 #define DONE
 #endif /* NETWARE */

--- a/src/main.c
+++ b/src/main.c
@@ -47,8 +47,13 @@

 #define CURLseparator   "--_curl_--"

+#ifdef NETWARE
 #ifdef __NOVELL_LIBC__
 #include <screen.h>
+#else
+#include <nwconio.h>
+#define mkdir mkdir_510
+#endif
 #endif

 #include "version.h"
@@ -406,7 +411,7 @@ struct Configurable {
  bool list_engines;
  bool crlf;
  char *customrequest;
-  char *krb4level;
+  char *krblevel;
  char *trace_dump; /* file to dump the network trace to, or NULL */
  FILE *trace_stream;
  bool trace_fopened;
@@ -660,7 +665,7 @@ static void help(void)
    " -I/--head          Show document info only",
    " -j/--junk-session-cookies Ignore session cookies read from file (H)",
    "    --interface <interface> Specify network interface/address to use",
-    "    --krb4 <level>  Enable krb4 with specified security level (F)",
+    "    --krb <level>   Enable kerberos with specified security level (F)",
    " -k/--insecure      Allow connections to SSL sites without certs (H)",
    " -K/--config        Specify which config file to read",
    "    --libcurl <file> Dump libcurl equivalent code of this command line",
@@ -731,7 +736,7 @@ static void help(void)
  };
  for(i=0; helptext[i]; i++) {
    puts(helptext[i]);
-#ifdef __NOVELL_LIBC__
+#ifdef NETWARE
    if (i && ((i % 23) == 0))
      pressanykey();
 #endif
@@ -1471,7 +1476,8 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
    {"*u", "crlf",        FALSE},
    {"*v", "stderr",      TRUE},
    {"*w", "interface",   TRUE},
-    {"*x", "krb4",        TRUE},
+    {"*x", "krb" ,        TRUE},
+    {"*x", "krb4" ,       TRUE}, /* this is the previous name */
    {"*y", "max-filesize", TRUE},
    {"*z", "disable-eprt", FALSE},
    {"$a", "ftp-ssl",    FALSE},
@@ -1804,10 +1810,10 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
        /* interface */
        GetStr(&config->iface, nextarg);
        break;
-      case 'x': /* --krb4 */
-        /* krb4 level string */
-        if(curlinfo->features & CURL_VERSION_KERBEROS4)
-          GetStr(&config->krb4level, nextarg);
+      case 'x': /* --krb */
+        /* kerberos level string */
+        if(curlinfo->features & (CURL_VERSION_KERBEROS4 | CURL_VERSION_GSSNEGOTIATE))
+          GetStr(&config->krblevel, nextarg);
        else
          return PARAM_LIBCURL_DOESNT_SUPPORT;
        break;
@@ -3255,8 +3261,8 @@ static void free_config_fields(struct Configurable *config)
    free(config->cookie);
  if(config->cookiefile)
    free(config->cookiefile);
-  if(config->krb4level)
-    free(config->krb4level);
+  if(config->krblevel)
+    free(config->krblevel);
  if(config->headerfile)
    free(config->headerfile);
  if(config->ftpport)
@@ -4216,7 +4222,7 @@ operate(struct Configurable *config, int argc, argv_item_t argv[])
        /* three new ones in libcurl 7.3: */
        my_setopt(curl, CURLOPT_HTTPPROXYTUNNEL, config->proxytunnel);
        my_setopt(curl, CURLOPT_INTERFACE, config->iface);
-        my_setopt(curl, CURLOPT_KRB4LEVEL, config->krb4level);
+        my_setopt(curl, CURLOPT_KRBLEVEL, config->krblevel);

        progressbarinit(&progressbar, config);
        if((config->progressmode == CURL_PROGRESS_BAR) &&
--- a/src/setup.h
+++ b/src/setup.h
@@ -176,6 +176,10 @@ int fileno( FILE *stream);
 #define typedef_bool
 #endif

+#if (defined(NETWARE) && !defined(__NOVELL_LIBC__))
+#include <sys/timeval.h>
+#endif
+
 #ifndef SIZEOF_CURL_OFF_T
 #define SIZEOF_CURL_OFF_T sizeof(curl_off_t)
 #endif
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -46,9 +46,9 @@ TEST_F =
 TEST_T =
 else # if not cross-compiling:
 TEST = srcdir=$(srcdir) $(PERL) $(PERLFLAGS) $(srcdir)/runtests.pl
-TEST_Q = -s -a
+TEST_Q = -a -s
 TEST_F = -a -p
-TEST_T = -t
+TEST_T = -a -t
 endif

 test: all
--- a/tests/data/test282
+++ b/tests/data/test282
@@ -10,7 +10,7 @@ HTTP GET
 # Server-side
 <reply>
 <data>
-HTTP/1.1 200 OK
+HTTP/1.1 200 OK swsclose

 </data>
 </reply>
--- a/tests/memanalyze.pl
+++ b/tests/memanalyze.pl
@@ -237,7 +237,7 @@ while(<FILE>) {
        $linenum = $2;
        $function = $3;

-        if($function =~ /fopen\(\"([^\"]*)\",\"([^\"]*)\"\) = (\(nil\)|0x([0-9a-f]*))/) {
+        if($function =~ /f[d]*open\(\"([^\"]*)\",\"([^\"]*)\"\) = (\(nil\)|0x([0-9a-f]*))/) {
            if($3 eq "(nil)") {
                ;
            }
--- a/tests/testcurl.pl
+++ b/tests/testcurl.pl
@@ -477,6 +477,7 @@ if ($configurebuild) {
    mydie "configure didn't work";
  }
 } else {
+  logit "copying files to build dir ...";
  if (($^O eq 'MSWin32') && ($targetos !~ /netware/)) {
    system("xcopy /s /q ..\\$CURLDIR .");
    system("buildconf.bat");
Author	SHA1	Message	Date
Daniel Stenberg	4b1782c371	7.16.4 preps	2007-07-10 21:36:30 +00:00
Gunter Knauf	f84642197f	added better CodeWarrior detection (forgot to add with previos version).	2007-07-09 02:00:39 +00:00
Gunter Knauf	ec1b7a0eea	added better CodeWarrior detection; added defines for setlocale().	2007-07-08 23:19:24 +00:00
Gunter Knauf	4b0e48cb4e	added better CodeWarrior detection; moved autounload flag so that its used for both lib architectures.	2007-07-08 23:18:47 +00:00
Gunter Knauf	41df67fc2c	added better CodeWarrior detection.	2007-07-08 23:17:56 +00:00
Gunter Knauf	932d38323f	removed some obsolete include paths and defines.	2007-07-07 16:26:02 +00:00
Daniel Stenberg	74ad8516d7	Thomas J. Moore made it build with less warnings	2007-07-06 22:14:29 +00:00
Daniel Stenberg	ed4a16dbd1	Gavrie Philipson's change, updated numbers	2007-07-06 21:56:42 +00:00
Daniel Stenberg	e2bac4fe6f	add note about windows and dlls with CURLOPT_WRITEDATA	2007-07-06 20:14:03 +00:00
Gunter Knauf	836ffbfc22	fixed NetWare CLIB implementation of getpass_r()	2007-07-06 14:58:59 +00:00
James Housley	7fd4f82a45	Gavrie Philipson provided a patch that will use a more specific error message for an scp:// upload failure. If libssh2 has his matching patch, then the error message return by the server will be used instead of a more generic error.	2007-07-05 12:48:34 +00:00
Dan Fandrich	598bc3968e	Add -a when running torture tests now that it's supported.	2007-07-05 01:38:00 +00:00
James Housley	29357151af	Fix spelling error in error message	2007-07-04 22:54:29 +00:00
Gunter Knauf	6606ae6fe0	add test for gettimeofday() so that HAVE_GETTIMEOFDAY gets defined.	2007-07-04 17:20:19 +00:00
Gunter Knauf	9f21f74fbd	enabled ares build.	2007-07-04 13:45:46 +00:00
Gunter Knauf	3760180320	although the check for HAVE_STRUCT_TIMEVAL solved the redefine it is incorrect; lets see if a check for HAVE_GETTIMEOFDAY also works; if gettimeofday() is present then we can assume we have the timezone struct too.	2007-07-04 10:54:15 +00:00
Gunter Knauf	056af4c9ac	added check for sys/param.h.	2007-07-04 09:01:40 +00:00
Gunter Knauf	07bf3c86b6	trial to catch problem with Daniels cross-mingw ares builds.	2007-07-03 18:18:40 +00:00
Gunter Knauf	4182803bc2	added NetWare CLIB-own header to solve gcc warnings.	2007-07-03 16:21:57 +00:00
Gunter Knauf	7509ef6b4e	few minor changes to make ares compile for NetWare CLIB architecture.	2007-07-03 16:00:36 +00:00
Gunter Knauf	70f8068d4d	fixed rule to build libcares when needed.	2007-07-03 00:50:40 +00:00
Gunter Knauf	a7513a8521	changed to build for CLIB / LIBC.	2007-07-03 00:42:11 +00:00
Gunter Knauf	3f7e541415	added libcares to static build if ares enabled.	2007-07-03 00:12:03 +00:00
Daniel Stenberg	f7e9a21c53	contributors from the 7.16.3 release notes	2007-07-02 22:04:36 +00:00
Gunter Knauf	f1537d45ca	sync'd with lib makefile changes: use var for awk; fixed RECV* / SEND* defines; debug var can be overwritten; added better compiler path handling.	2007-07-02 18:50:18 +00:00
Gunter Knauf	5a051617f3	some more makefile tweaks and hacks to deal with both lib architectures.	2007-07-02 18:42:14 +00:00
James Housley	55cd28283c	Fix problem with the indenting noticed by Pavel	2007-07-02 17:22:51 +00:00
Gunter Knauf	924665c84c	ignore make error when trying to copy curl.pdf which isnt in CVS.	2007-07-01 22:17:07 +00:00
Daniel Stenberg	fcfffbe2f2	mention the old name	2007-07-01 22:03:47 +00:00
Daniel Stenberg	54967d2a3a	Thomas J. Moore provided a patch that introduces Kerberos5 support in libcurl. This also makes the options change name to --krb (from --krb4) and CURLOPT_KRBLEVEL (from CURLOPT_KRB4LEVEL) but the old names are still	2007-07-01 22:01:18 +00:00
Daniel Stenberg	667fd9a60b	Song Ma helped me verify and extend a fix for doing FTP over a SOCKS4/5 proxy	2007-07-01 21:28:14 +00:00
Gunter Knauf	892a24f4c4	changed RECV_* / SEND_* defines to correctly reflect NetWare APIs; some more minor Makefile tidyups.	2007-07-01 21:06:41 +00:00
Gunter Knauf	f7676e9667	disabled 64bit type for CLIB build which removes compiler runtime dependency.	2007-07-01 16:55:37 +00:00
Gunter Knauf	8727803cf8	updated NetWare docu.	2007-07-01 12:09:25 +00:00
Gunter Knauf	73e13ef19d	added lib architecture to NLM description.	2007-07-01 01:33:51 +00:00
Gunter Knauf	e983cd5cd3	added HAVE_SYS_IOCTL_H define; added gcc runtime.	2007-06-30 23:53:54 +00:00
Gunter Knauf	ca3e5a6322	moved includes to setup.h so that the project headers also pick them up (eleminate gcc warning).	2007-06-30 23:45:57 +00:00
Gunter Knauf	c4931601c6	fixed path to Metrowerks tools and runtime since they changed between compiler versions.	2007-06-30 21:20:24 +00:00
Gunter Knauf	857492ac9e	minor patches to enable building for NetWare CLIB. sent by Dmitry Mityugov.	2007-06-30 20:16:03 +00:00
Gunter Knauf	afdfa4bed2	minor patches to enable building for NetWare CLIB. sent by Dmitry Mityugov.	2007-06-30 20:08:13 +00:00
Gunter Knauf	3fc6faf1ae	enabled building for NetWare CLIB architecture.	2007-06-30 20:02:51 +00:00
Gunter Knauf	c8a47bf662	revert previous patch since it turned out that older cp dont know this switch, argh!	2007-06-28 22:31:18 +00:00
James Housley	aed0cc6f2a	Using fdopen() is a more correct way to implement the CURLOPT_NEW_FILE_PREMS file.c, but the debug interface was missing. This adds the routines needed to make the memory debuging work for fdopen().	2007-06-28 11:11:29 +00:00
Daniel Stenberg	d500c468fc	reality sync	2007-06-28 10:47:05 +00:00
Gunter Knauf	5df5a2aa54	fixed nasty cp warnings about not beeing able to preserve ownership.	2007-06-28 01:20:30 +00:00
Daniel Stenberg	9ca688c8e7	James Bursa's improvement	2007-06-27 21:35:17 +00:00
Daniel Stenberg	8edbe262d9	fix little flaw that could make the transfer loop end prematurely	2007-06-27 21:29:29 +00:00
James Housley	4cd7f85410	Add two new options for the SFTP/SCP/FILE protocols: CURLOPT_NEW_FILE_PERMS and CURLOPT_NEW_DIRECTORY_PERMS. These control the premissions for files and directories created on the remote server. CURLOPT_NEW_FILE_PERMS defaults to 0644 and CURLOPT_NEW_DIRECTORY_PERMS defaults to 0755	2007-06-27 20:15:48 +00:00
Gunter Knauf	edd35cab5c	removed trailing spaces.	2007-06-27 10:14:00 +00:00
Gunter Knauf	a2060effed	fixed wrong var name	2007-06-27 10:12:48 +00:00
Daniel Stenberg	33b9daaa4c	add an FTP rename example to 3.7	2007-06-26 21:53:46 +00:00
Daniel Stenberg	62f0f5571d	Robert Iakobashvili re-arranged the internal hash code to work with a custom hash function for different hashes, and also expanded the default size for the socket hash table used in multi handles to greatly enhance speed when very many connections are added and the socket API is used.	2007-06-26 21:09:28 +00:00
James Housley	7a360de49d	The results for a list only directory should be sent to the callback	2007-06-26 20:23:10 +00:00
James Housley	1be4557694	ftp_list_only mode should list all file types, not just directories.	2007-06-26 19:12:58 +00:00
Daniel Stenberg	6a21738704	gah, adding missing braces, removed silly debug output, added new debug output	2007-06-25 14:17:52 +00:00
Daniel Stenberg	974fa1242a	Adjusted how libcurl treats HTTP 1.1 responses without content-lenth or chunked encoding (that also lacks "Connection: close"). It now simply assumes that the connection WILL be closed to signal the end, as that is how RFC2616 section 4.4 point #5 says we should behave.	2007-06-25 13:58:14 +00:00
Daniel Stenberg	3dff58b3aa	fix the version string as well	2007-06-25 13:52:16 +00:00
Daniel Stenberg	abf8589f0d	start working towards 7.16.4	2007-06-25 09:34:44 +00:00