7.17.1!

correct mirror count
let 7.17.1 be version-info 4:1:0
2007-10-29 14:49:11 +00:00 · 2007-10-29 14:48:37 +00:00 · 2007-10-29 10:19:07 +00:00 · 2007-10-28 12:02:20 +00:00 · 2007-10-28 09:33:03 +00:00 · 2007-10-27 01:04:36 +00:00
510 changed files with 19997 additions and 6215 deletions
--- a/613
+++ b/613
@@ -6,6 +6,619 @@
                                  Changelog
 Version 7.17.1 (29 October 2007)
 Dan F (25 October 2007)
 - Added the --static-libs option to curl-config
 Daniel S (25 October 2007)
 - Made libcurl built with NSS possible to ignore the peer verification.
  Previously it would fail if the ca bundle wasn't present, even if the code
  ignored the verification results.
 Patrick M (25 October 2007)
 - Fixed test server to allow null bytes in binary posts.
 _ Added tests 35, 544 & 545 to check binary data posts, both static (in place)
  and dynamic (copied).
 Daniel S (25 October 2007)
 - Michal Marek fixed the test script to be able to use valgrind even when the
  lib is built shared with libtool.
 - Fixed a few memory leaks when the same easy handle is re-used to request
  URLs with different protocols. FTP and TFTP related leaks. Caught thanks to
  Dan F's new test cases.
 Dan F (24 October 2007)
 - Fixed the test FTP and TFTP servers to support the >10000 test number
  notation
 - Added test cases 2000 through 2003 which test multiple protocols using the
  same easy handle
 - Fixed the filecheck: make target to work outside the source tree
 Daniel S (24 October 2007)
 - Vladimir Lazarenko pointed out that we should do some 'mt' magic when
  building with VC8 to get the "manifest" embedded to make fine stand-alone
  binaries. The maketgz and the src/Makefile.vc6 files were adjusted
  accordingly.
 Daniel S (23 October 2007)
 - Bug report #1812190 (http://curl.haxx.se/bug/view.cgi?id=1812190) points out
  that libcurl tried to re-use connections a bit too much when using non-SSL
  protocols tunneled over a HTTP proxy.
 Daniel S (22 October 2007)
 - Michal Marek forwarded the bug report
  https://bugzilla.novell.com/show_bug.cgi?id=332917 about a HTTP redirect to
  FTP that caused memory havoc. His work together with my efforts created two
  fixes:
  #1 - FTP::file was moved to struct ftp_conn, because is has to be dealt with
       at connection cleanup, at which time the struct HandleData could be
       used by another connection.
       Also, the unused char *urlpath member is removed from struct FTP.
  #2 - provide a Curl_reset_reqproto() function that frees
       data->reqdata.proto.* on connection setup if needed (that is if the
       SessionHandle was used by a different connection).
  A long-term goal is of course to somehow get rid of how the reqdata struct
  is used, as it is too error-prone.
 - Bug report #1815530 (http://curl.haxx.se/bug/view.cgi?id=1815530) points out
  that specifying a proxy with a trailing slash didn't work (unless it also
  contained a port number).
 Patrick M (15 October 2007)
 - Fixed the dynamic CURLOPT_POSTFIELDS problem: this option is now static again
  and option CURLOPT_COPYPOSTFIELDS has been added to support dynamic mode.
 Patrick M (12 October 2007)
 - Added per-protocol callback static tables, replacing callback ptr storage
  in the connectdata structure by a single handler table ptr.
 Dan F (11 October 2007)
 - Fixed the -l option of runtests.pl
 - Added support for skipping tests based on key words.
 Daniel S (9 October 2007)
 - Michal Marek removed the no longer existing return codes from the curl.1
  man page.
 Daniel S (7 October 2007)
 - Known bug #47, which confused libcurl if doing NTLM auth over a proxy with
  a response that was larger than 16KB is now improved slightly so that now
  the restriction at 16KB is for the headers only and it should be a rare
  situation where the response-headers exceed 16KB. Thus, I consider #47 fixed
  and the header limitation is now known as known bug #48.
 Daniel S (5 October 2007)
 - Michael Wallner made the CULROPT_COOKIELIST option support a new magic
  string: "FLUSH". Using that will cause libcurl to flush its cookies to the
  CURLOPT_COOKIEJAR file.
 - The new file docs/libcurl/ABI describes how we view ABI breakages, soname
  bumps and what the version number's significance to all that is.
 Daniel S (4 October 2007)
 - I enabled test 1009 and made the --local-port use a wide range to reduce the
  risk of failures.
 - Kim Rinnewitz reported that --local-port didn't work with TFTP transfers.
  This happened because the tftp code always uncondionally did a bind()
  without caring if one already had been done and then it failed. I wrote a
  test case (1009) to verify this, but it is a bit error-prone since it will
  have to pick a fixed local port number and since the tests are run on so
  many different hosts in different situations I'll add it in disabled state.
 Yang Tse (3 October 2007)
 - Fixed issue related with the use of ares_timeout() result.
 Daniel S (3 October 2007)
 - Alexey Pesternikov introduced CURLOPT_OPENSOCKETFUNCTION and
  CURLOPT_OPENSOCKETDATA to set a callback that allows an application to
  replace the socket() call used by libcurl. It basically allows the app to
  change address, protocol or whatever of the socket.
 - I renamed the CURLE_SSL_PEER_CERTIFICATE error code to
  CURLE_PEER_FAILED_VERIFICATION (standard CURL_NO_OLDIES style), and made
  this return code get used by the previous SSH MD5 fingerprint check in case
  it fails.
 - Based on a patch brought by Johnny Luong, libcurl now offers
  CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and the curl tool --hostpubmd5. They both
  make the SCP or SFTP connection verify the remote host's md5 checksum of the
  public key before doing a connect, to reduce the risk of a man-in-the-middle
  attack.
 Daniel S (2 October 2007)
 - libcurl now handles chunked-encoded CONNECT responses
 Daniel S (1 October 2007)
 - Alex Fishman reported a curl_easy_escape() problem that was made the
  function do wrong on all input bytes that are >= 0x80 (decimal 128) due to a
  signed / unsigned mistake in the code. I fixed it and added test case 543 to
  verify.
 Daniel S (29 September 2007)
 - Immanuel Gregoire fixed a problem with persistent transfers over SFTP.
 Daniel S (28 September 2007)
 - Adapted the c-ares code to the API change c-ares 1.5.0 brings in the
  notifier callback(s).
 Dan F (26 September 2007)
 - Enabled a few more gcc warnings with --enable-debug.  Renamed a few
  variables to avoid shadowing global declarations.
 Daniel S (26 September 2007)
 - Philip Langdale provided the new CURLOPT_POST301 option for
  curl_easy_setopt() that alters how libcurl functions when following
  redirects. It makes libcurl obey the RFC2616 when a 301 response is received
  after a non-GET request is made. Default libcurl behaviour is to change
  method to GET in the subsequent request (like it does for response code 302
  - because that's what many/most browsers do), but with this CURLOPT_POST301
  option enabled it will do what the spec says and do the next request using
  the same method again. I.e keep POST after 301. 
  The curl tool got this option as --post301
  Test case 1011 and 1012 were added to verify.
 - Max Katsev reported that when doing a libcurl FTP request with
  CURLOPT_NOBODY enabled but not CURLOPT_HEADER, libcurl wouldn't do TYPE
  before it does SIZE which makes it less useful. I walked over the code and
  made it do this properly, and added test case 542 to verify it.
 Daniel S (24 September 2007)
 - Immanuel Gregoire fixed KNOWN_BUGS #44: --ftp-method nocwd did not handle
  URLs ending with a slash properly (it should list the contents of that
  directory). Test case 351 brought back and also test 1010 was added.
 Daniel S (21 September 2007)
 - Mark Davies fixed Negotiate authentication over proxy, and also introduced
  the --proxy-negotiate command line option to allow a user to explicitly
  select it.
 Daniel S (19 September 2007)
 - Rob Crittenden provided an NSS update with the following highlights:
  o It looks for the NSS database first in the environment variable SSL_DIR,
    then in /etc/pki/nssdb, then it initializes with no database if neither of
    those exist.
  o If the NSS PKCS#11 libnspsem.so driver is available then PEM files may be
    loaded, including the ca-bundle. If it is not available then only
    certificates already in the NSS database are used.
  o Tries to detect whether a file or nickname is being passed in so the right
    thing is done
  o Added a bit of code to make the output more like the OpenSSL module,
    including displaying the certificate information when connecting in
    verbose mode
  o Improved handling of certificate errors (expired, untrusted, etc)
  The libnsspem.so PKCS#11 module is currently only available in Fedora
  8/rawhide. Work will be done soon to upstream it. The NSS module will work
  with or without it, all that changes is the source of the certificates and
  keys.
 Daniel S (18 September 2007)
 - Immanuel Gregoire pointed out that public key SSH auth failed if no
  public/private key was specified and there was no HOME environment variable,
  and then it didn't continue to try the other auth methods. Now it will
  instead try to get the files id_dsa.pub and id_dsa from the current
  directory if none of the two conditions were met.
 Dan F (17 September 2007)
 - Added hooks to the test suite to make it possible to test a curl running
  on a remote host.
 - Changed some FTP tests to validate the format of the PORT and EPRT commands
  sent by curl, if not the addresses themselves.
 Daniel S (15 September 2007)
 - Michal Marek made libcurl automatically append ";type=<a|i>" when using HTTP
  proxies for FTP urls.
 - G<>nter Knauf fixed LDAP builds in the Windows makefiles and fixed LDAPv3
  support on Windows.
 Dan F (13 September 2007)
 - Added LDAPS, SCP and SFTP to curl-config --protocols. Removed and
  fixed some AC_SUBST configure entries.
 Version 7.17.0 (13 September 2007)
 Daniel S (12 September 2007)
 - Bug report #1792649 (http://curl.haxx.se/bug/view.cgi?id=1792649) pointed
  out a problem with doing an empty upload over FTP on a re-used connection.
  I added test case 541 to reproduce it and to verify the fix.
 - I noticed while writing test 541 that the FTP code wrongly did a CWD on the
  second transfer as it didn't store and remember the "" path from the
  previous transfer so it would instead CWD to the entry path as stored. This
  worked, but did a superfluous command. Thus, test case 541 now also verifies
  this fix.
 Dan F (5 September 2007)
 - Added test case 1007 to test permission problem when uploading with TFTP
  (to validate bug #1790403).
 - TFTP now reports the "not defined" TFTP error code 0 as an error,
  not success.
 Daniel S (5 September 2007)
 - Continued the work on a fix for #1779054
  (http://curl.haxx.se/bug/view.cgi?id=1779054). My previous fix from August
  24 was not complete (either) but could accidentally "forget" parts of a
  server response which led to faulty server response time-out errors.
 Dan F (5 September 2007)
 - Minix doesn't support getsockopt on UDP sockets or send/recv on TCP
  sockets.
 Dan F (31 August 2007)
 - Made some of the error strings returned by the *strerror functions more
  generic, and more consistent with each other.
 - Renamed the curl_ftpssl enum to curl_usessl and its enumerated constants,
  creating macros for backward compatibility:
    CURLFTPSSL_NONE => CURLUSESSL_NONE
    CURLFTPSSL_TRY => CURLUSESSL_TRY
    CURLFTPSSL_CONTROL => CURLUSESSL_CONTROL
    CURLFTPSSL_ALL => CURLUSESSL_ALL
    CURLFTPSSL_LAST => CURLUSESSL_LAST
 Dan F (30 August 2007)
 - Renamed several libcurl error codes and options to make them more general
  and allow reuse by multiple protocols. Several unused error codes were
  removed.  In all cases, macros were added to preserve source (and binary)
  compatibility with the old names.  These macros are subject to removal at
  a future date, but probably not before 2009.  An application can be
  tested to see if it is using any obsolete code by compiling it with the
  CURL_NO_OLDIES macro defined.
  The following unused error codes were removed:
    CURLE_BAD_CALLING_ORDER
    CURLE_BAD_PASSWORD_ENTERED
    CURLE_FTP_CANT_RECONNECT
    CURLE_FTP_COULDNT_GET_SIZE
    CURLE_FTP_COULDNT_SET_ASCII
    CURLE_FTP_USER_PASSWORD_INCORRECT
    CURLE_FTP_WEIRD_USER_REPLY
    CURLE_FTP_WRITE_ERROR
    CURLE_LIBRARY_NOT_FOUND
    CURLE_MALFORMAT_USER
    CURLE_OBSOLETE
    CURLE_SHARE_IN_USE
    CURLE_URL_MALFORMAT_USER
  The following error codes were renamed:
    CURLE_FTP_ACCESS_DENIED =>      CURLE_REMOTE_ACCESS_DENIED
    CURLE_FTP_COULDNT_SET_BINARY => CURLE_FTP_COULDNT_SET_TYPE
    CURLE_FTP_SSL_FAILED =>         CURLE_USE_SSL_FAILED
    CURLE_FTP_QUOTE_ERROR =>        CURLE_QUOTE_ERROR
    CURLE_TFTP_DISKFULL =>          CURLE_REMOTE_DISK_FULL
    CURLE_TFTP_EXISTS =>            CURLE_REMOTE_FILE_EXISTS
    CURLE_HTTP_RANGE_ERROR =>       CURLE_RANGE_ERROR 
  The following options were renamed:
    CURLOPT_SSLKEYPASSWD => CURLOPT_KEYPASSWD 
    CURLOPT_FTPAPPEND =>    CURLOPT_APPEND
    CURLOPT_FTPLISTONLY =>  CURLOPT_DIRLISTONLY
    CURLOPT_FTP_SSL =>      CURLOPT_USE_SSL
  A few more changes will take place with the next SONAME bump of the
  library.  These are documented in docs/TODO
 - Documented some newer error codes in libcurl-error(3)
 - Added more accurate error code returns from SFTP operations.  Added test
  case 615 to test an SFTP upload failure.
 Dan F (28 August 2007)
 - Some minor internal type and const changes based on a splint scan.
 Daniel S (24 August 2007)
 - Bug report #1779054 (http://curl.haxx.se/bug/view.cgi?id=1779054) pointed
  out that libcurl didn't deal with large responses from server commands, when
  the single response was consisting of multiple lines but of a total size of
  16KB or more. Dan Fandrich improved the ftp test script and provided test
  case 1006 to repeat the problem, and I fixed the code to make sure this new
  test case runs fine.
 Patrick M (23 August 2007)
 - OS/400 port: new files lib/config-os400.h lib/setup-os400.h packages/OS400/*.
  See packages/OS400/README.OS400.
 Daniel S (23 August 2007)
 - Bug report #1779751 (http://curl.haxx.se/bug/view.cgi?id=1779751) pointed
  out that doing first a file:// upload and then an FTP upload crashed libcurl
  or at best caused furious valgrind complaints. Fixed now!
 Daniel S (22 August 2007)
 - Bug report #1779054 (http://curl.haxx.se/bug/view.cgi?id=1779054) pointed
  out that libcurl didn't deal with very long (>16K) FTP server response lines
  properly. Starting now, libcurl will chop them off (thus the client app will
  not get the full line) but survive and deal with them fine otherwise. Test
  case 1003 was added to verify this.
 Daniel S (20 August 2007)
 - Based on a patch by Christian Vogt, the FTP code now sets the upcoming
  download transfer size much earlier to be possible to get read with
  CURLINFO_CONTENT_LENGTH_DOWNLOAD as soon as possible. This is very much in a
  similar spirit to the HTTP size change from August 11 2007.
 Daniel S (18 August 2007)
 - Robson Braga Araujo filed bug report #1776232
  (http://curl.haxx.se/bug/view.cgi?id=1776232) about libcurl calling
  Curl_client_write(), passing on a const string that the caller may not
  modify and yet it does (on some platforms).
 - Robson Braga Araujo filed bug report #1776235
  (http://curl.haxx.se/bug/view.cgi?id=1776235) about ftp requests with NOBODY
  on a directory would do a "SIZE (null)" request. This is now fixed and test
  case 1000 was added to verify.
 Daniel S (17 August 2007)
 - Song Ma provided a patch that cures a problem libcurl has when doing resume
  HTTP PUT using Digest authentication. Test case 5320 and 5322 were also
  added to verify the functionality.
 Daniel S (14 August 2007)
 - Andrew Wansink provided an NTLM bugfix: in the case the server sets the flag
  NTLMFLAG_NEGOTIATE_UNICODE, we need to filter it off because libcurl doesn't
  UNICODE encode the strings it packs into the NTLM authenticate packet.
 Daniel S (11 August 2007)
 - Allen Pulsifer provided a patch that makes libcurl set the expected download
  size earlier when doing HTTP downloads, so that applications and the
  progress meter etc know get the info earlier in the flow than before.
 - Patrick Monnerat modified the LDAP code and approach in curl. Starting now,
  the configure script checks for openldap and friends and we link with those
  libs just like we link all other third party libraries, and we no longer
  dlopen() those libraries. Our private header file lib/ldap.h was renamed to
  lib/curl_ldap.h due to this. I set a tag in CVS (curl-7_17_0-preldapfix)
  just before this commit, just in case.
 Dan F (8 August 2007)
 - Song Ma noted a zlib memory leak in the illegal compressed header
  countermeasures code path.
 Daniel S (4 August 2007)
 - Patrick Monnerat fixed curl_easy_escape() and curlx_strtoll() to work on
  non-ASCII systems.
 Daniel S (3 August 2007)
 - I cut out support for libssh2 versions older than 0.16 to make our code a
  lot simpler, and to avoid getting trouble with the LIBSSH2_APINO define
  that 1) didn't work properly since it was >32 bits and 2) is removed in
  libssh2 0.16...
 Daniel S (2 August 2007)
 - Scott Cantor filed bug report #1766320
  (http://curl.haxx.se/bug/view.cgi?id=1766320) pointing out that the libcurl
  code accessed two curl_easy_setopt() options (CURLOPT_DNS_CACHE_TIMEOUT and
  CURLOPT_DNS_USE_GLOBAL_CACHE) as ints even though they're documented to be
  passed in as longs, and that makes a difference on 64 bit architectures.
 - Dmitriy Sergeyev reported a regression: resumed file:// transfers broke
  after 7.16.2. This is much due to the different treatment file:// gets
  internally, but now I added test 231 to make it less likely to happen again
  without us noticing!
 Daniel S (1 August 2007)
 - Patrick Monnerat and I modified libcurl so that now it *copies* all strings
  passed to it with curl_easy_setopt()! Previously it has always just refered
  to the data, forcing the user to keep the data around until libcurl is done
  with it. That is now history and libcurl will instead clone the given
  strings and keep private copies. This is also part of Patrick Monnerat's
  OS/400 port.
  Due to this being a somewhat interesting change API wise, I've decided to
  bump the version of the upcoming release to 7.17.0. Older applications will
  of course not notice this change nor do they have to care, but new
  applications can be written to take advantage of this.
 - Greg Morse reported a problem with POSTing using ANYAUTH to a server
  requiring NTLM, and he provided test code and a test server and we worked
  out a bug fix. We failed to count sent body data at times, which then caused
  internal confusions when libcurl tried to send the rest of the data in order
  to maintain the same connection alive.
 Daniel S (31 July 2007)
 - Peter O'Gorman pointed out (and fixed) that the non-blocking check in
  configure made libcurl use blocking sockets on AIX 4 and 5, while that
  wasn't the intention.
 Daniel S (29 July 2007)
 - Jayesh A Shah filed bug report #1759542
  (http://curl.haxx.se/bug/view.cgi?id=1759542) identifying a rather serious
  problem with FTPS: libcurl closed the data connection socket and then later
  in the flow it would call the SSL layer to do SSL shutdown which then would
  use a socket that had already been closed - so if the application had opened
  a new one in the mean time, libcurl could send gibberish that way! I worked
  with Greg Zavertnik to properly diagnose and fix this. The fix affects code
  for all SSL libraries we support, but it has only been truly verified to
  work fine for the OpenSSL version. The others have only been code reviewed.
 Daniel S (23 July 2007)
 - Implemented the parts of Patrick Monnerat's OS/400 patch that introduces
  support for the OS/400 Secure Sockets Layer library.
 Dan F (23 July 2007)
 - Implemented only the parts of Patrick Monnerat's OS/400 patch that renamed
  some few internal identifiers to avoid conflicts, which could be useful on
  other platforms.
 Daniel S (22 July 2007)
 - HTTP Digest bug fix by Chris Flerackers:
  Scenario
  - Perfoming a POST request with body
  - With authentication (only Digest)
  - Re-using a connection
  libcurl would send a HTTP POST with an Authorization header but without
  body. Our server would return 400 Bad Request in that case (because
  authentication passed, but the body was empty).
  Cause
  1) http_digest.c -> Curl_output_digest
  - Updates allocptr.userpwd/allocptr.proxyuserpwd *only* if d->nonce is
  filled in (and no errors)
  - authp->done = TRUE if d->nonce is filled in
  2) http.c -> Curl_http
  - *Always* uses allocptr.userpwd/allocptr.proxyuserpwd if not NULL
  3) http.c -> Curl_http, Curl_http_output_auth
  So what happens is that Curl_output_digest cannot yet update the
  Authorization header (allocptr.userpwd) which results in authhost->done=0 ->
  authhost->multi=1 -> conn->bits.authneg = TRUE.  The body is not
  added. *However*, allocptr.userpwd is still used when building the request
 - Added test case 354 that makes a simple FTP retrieval without password, which
  verifies the bug fix in #1757328.
 Daniel S (21 July 2007)
 - To allow more flexibility in FTP test cases, I've removed the enforced states
  from the test server code as they served no real purpose. The test server
  is here to serve for the test cases, not to attempt to function as a real
  server! While at it, I modified test case 141 to better test and verify
  curl -I on a single FTP file.
 Daniel S (20 July 2007)
 - James Housley fixed the SFTP PWD command to work.
 - Ralf S. Engelschall filed bug report #1757328
  (http://curl.haxx.se/bug/view.cgi?id=1757328) and submitted a patch. It
  turns out we broke login to FTP servers that don't require (nor understand)
  PASS after the USER command. The breakage was done as part of the krb5
  commit so a krb-using person needs to verify that the current version now
  works or if we need to fix it (in a different way of course).
 Dan F (17 July 2007)
 - Fixed test cases 613 and 614 by improving the log postprocessor to handle
  a new directory listing format that newer libssh2's can provide.  This
  is probably NOT sufficient to handle all directory listing formats that
  server's can provide, and should be revisited.
 Daniel S (17 July 2007)
 - Daniel Johnson fixed a bug in how libssh2_session_last_error() was used, in
  two places.
 - Jofell Gallardo posted a libcurl log using FTP that exposed a bug which made
  a control connection that was deemed "dead" to yet be re-used in a following
  request.
 Daniel S (13 July 2007)
 - Colin Hogben filed bug report #1750274
  (http://curl.haxx.se/bug/view.cgi?id=1750274) and submitted a patch for the
  case where libcurl did a connect attempt to a non-listening port and didn't
  provide a human readable error string back.
 - Daniel Cater fixes:
  1 - made 'make vc8' work on windows.
  2 - made libcurl itself built with CURL_NO_OLDIES defined (which doesn't
      define the symbols for backwards source compatibility)
  3 - updated libcurl-errors.3
  4 - added CURL_DISABLE_TFTP to docs/INSTALL
 Daniel S (12 July 2007)
 - Made the krb5 code build with Heimdal's GSSAPI lib.
 Dan F (12 July 2007)
 - Compile most of the example apps in docs/examples when doing a 'make check'.
  Fixed some compile warnings and errors in those examples.
 - Removed the example program ftp3rdparty.c since libcurl doesn't support
  3rd party FTP transfers any longer.
 Daniel S (12 July 2007)
 - Shmulik Regev found an (albeit rare) case where the proxy CONNECT operation
  could in fact get stuck in an endless loop.
 - Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation:
  fail to connect if there is no Common Name field found in the remote cert.
  We should deprecate the support for this set to 1 anyway soon, since the
  feature is pointless and most likely never really used by anyone.
 Daniel S (11 July 2007)
 - Shmulik Regev fixed a bug with transfer-encoding skipping during the 407
  error pages for proxy authentication.
 - Giancarlo Formicuccia reported and fixed a problem with a closed connection
  to a proxy during CONNECT auth negotiation.
 Dan F (10 July 2007)
 - Fixed a curl memory leak reported by Song Ma with a modified version
  of the patch he suggested.  Added his test case as test289 to verify.
 - Force the time zone to GMT in the cookie tests in case the user is
  using one of the so-called 'right' time zones that take into account
  leap seconds, which causes the tests to fail (as reported by
  Daniel Black in bug report #1745964).
 Version 7.16.4 (10 July 2007)
 Daniel S (10 July 2007)
 - Kees Cook notified us about a security flaw
  (http://curl.haxx.se/docs/adv_20070710.html) in which libcurl failed to
  properly reject some outdated or not yet valid server certificates when
  built with GnuTLS. Kees also provided the patch.
 James H (5 July 2007)
 - Gavrie Philipson provided a patch that will use a more specific error
  message for an scp:// upload failure.  If libssh2 has his matching
  patch, then the error message return by the server will be used instead
  of a more generic error.
 Daniel S (1 July 2007)
 - Thomas J. Moore provided a patch that introduces Kerberos5 support in
  libcurl. This also makes the options change name to --krb (from --krb4) and
  CURLOPT_KRBLEVEL (from CURLOPT_KRB4LEVEL) but the old names are still 
 - Song Ma helped me verify and extend a fix for doing FTP over a SOCKS4/5
  proxy.
 Daniel S (27 June 2007)
 - James Housley: Add two new options for the SFTP/SCP/FILE protocols:
  CURLOPT_NEW_FILE_PERMS and CURLOPT_NEW_DIRECTORY_PERMS. These control the
  premissions for files and directories created on the remote
  server. CURLOPT_NEW_FILE_PERMS defaults to 0644 and
  CURLOPT_NEW_DIRECTORY_PERMS defaults to 0755
 - I corrected the 10-at-a-time.c example and applied a patch for it by James
  Bursa.
 Daniel S (26 June 2007)
 - Robert Iakobashvili re-arranged the internal hash code to work with a custom
  hash function for different hashes, and also expanded the default size for
  the socket hash table used in multi handles to greatly enhance speed when
  very many connections are added and the socket API is used.
 - James Housley made the CURLOPT_FTPLISTONLY mode work for SFTP directory
  listings as well
 Daniel S (25 June 2007)
 - Adjusted how libcurl treats HTTP 1.1 responses without content-lenth or
  chunked encoding (that also lacks "Connection: close"). It now simply
  assumes that the connection WILL be closed to signal the end, as that is how
  RFC2616 section 4.4 point #5 says we should behave.
 Version 7.16.3 (25 June 2007)
 Daniel S (23 June 2007)
--- a/Makefile.am
+++ b/Makefile.am
@@ -49,7 +49,7 @@ html:
 pdf:
 	cd docs; make pdf
-check: test
+check: test examples
 if CROSSCOMPILING
 test-full: test
@@ -71,6 +71,9 @@ test-torture:
 endif
 examples:
 	@(cd docs/examples; $(MAKE) all)
 #
 # Build source and binary rpms. For rpm-3.0 and above, the ~/.rpmmacros
 # must contain the following line:
--- a/Makefile.dist
+++ b/Makefile.dist
@@ -68,18 +68,22 @@ watcom-clean:
 	wmake -f Makefile.Watcom clean
 mingw32:
 	$(MAKE) -C lib -f Makefile.m32
 	$(MAKE) -C src -f Makefile.m32
 mingw32-zlib:
 	$(MAKE) -C lib -f Makefile.m32 ZLIB=1
 	$(MAKE) -C src -f Makefile.m32 ZLIB=1
-mingw32-ssl:
+mingw32-ssl-zlib:
 	$(MAKE) -C lib -f Makefile.m32 SSL=1 ZLIB=1
 	$(MAKE) -C src -f Makefile.m32 SSL=1 ZLIB=1
-mingw32-ssh2-ssl:
+mingw32-ssh2-ssl-zlib:
 	$(MAKE) -C lib -f Makefile.m32 SSH2=1 SSL=1 ZLIB=1
 	$(MAKE) -C src -f Makefile.m32 SSH2=1 SSL=1 ZLIB=1
-mingw32-ssh2-ssl-sspi:
+mingw32-ssh2-ssl-sspi-zlib:
 	$(MAKE) -C lib -f Makefile.m32 SSH2=1 SSL=1 SSPI=1 ZLIB=1
 	$(MAKE) -C src -f Makefile.m32 SSH2=1 SSL=1 SSPI=1 ZLIB=1
@@ -248,5 +252,5 @@ linux-ssl: ssl
 vc8:
 	echo "generate VC8 makefiles"
-	sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e 's#/GZ#/RTC1#' -e 's/wsock32.lib/wsock32.lib bufferoverflowu.lib/g' -e 's/VC6/VC8/g' lib/Makefile.vc6 > lib/Makefile.vc8
+	sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/wsock32.lib/wsock32.lib bufferoverflowu.lib/g" -e "s/VC6/VC8/g" lib/Makefile.vc6 > lib/Makefile.vc8
-	sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e 's#/GZ#/RTC1#' -e 's/wsock32.lib/wsock32.lib bufferoverflowu.lib/g' -e 's/VC6/VC8/g' src/Makefile.vc6 > src/Makefile.vc8
+	sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/wsock32.lib/wsock32.lib bufferoverflowu.lib/g" -e "s/VC6/VC8/g" src/Makefile.vc6 > src/Makefile.vc8
--- a/120
+++ b/120
@@ -1,67 +1,53 @@
-Curl and libcurl 7.16.3
+Curl and libcurl 7.17.1
- Public curl release number:               99
+ Public curl release number:               102
- Releases counted from the very beginning: 126
+ Releases counted from the very beginning: 128
- Available command line options:           118
+ Available command line options:           121
- Available curl_easy_setopt() options:     141
+ Available curl_easy_setopt() options:     147
- Number of public functions in libcurl:    54
+ Number of public functions in libcurl:    55
- Amount of public web site mirrors:        38
+ Amount of public web site mirrors:        43
- Number of known libcurl bindings:         35
+ Number of known libcurl bindings:         36
- Number of contributors:                   554
+ Number of contributors:                   588
 This release includes the following changes:
- o added curl_multi_socket_action()
+ o automatically append ";type=<a|i>" when using HTTP proxies for FTP urls
- o deprecated curl_multi_socket()
+ o improved NSS support
- o uses less memory in non-pipelined use cases
+ o added --proxy-negotiate
- o CURLOPT_HTTP200ALIASES matched transfers assume HTTP 1.0 compliance
+ o added --post301 and CURLOPT_POST301
- o more than one test harness can run at the same time without conflict
+ o builds with c-ares 1.5.0
- o SFTP now supports quote commands before a transfer
+ o added CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and --hostpubmd5
- o CURLMOPT_MAXCONNECTS added to curl_multi_setopt()
+ o renamed CURLE_SSL_PEER_CERTIFICATE to CURLE_PEER_FAILED_VERIFICATION
- o upload resume works for file:// URLs
+ o added CURLOPT_OPENSOCKETFUNCTION and CURLOPT_OPENSOCKETDATA
- o asynchronous name resolves now require c-ares 1.4.0 or later
+ o CULROPT_COOKIELIST supports "FLUSH"
- o added SOCKS test cases
+ o added CURLOPT_COPYPOSTFIELDS
- o CURLOPT_FTP_CREATE_MISSING_DIRS and --ftp-create-dirs now work for SFTP
+ o added --static-libs to curl-config
   operations as well
 This release includes the following bugfixes:
- o if2up too long interface name memory leak
+ o curl-config --protocols now properly reports LDAPS, SCP and SFTP
- o test case 534 started to fail 2007-04-13 due to the existance of a
+ o ldapv3 support on Windows
-   new host on the net with the same silly domain the test was using
+ o ldap builds with the MSVC makefiles
-   for a host which was supposed not to exist.
+ o no HOME and no key given caused SSH auth failure
- o test suite SSL certificate works better with newer stunnel
+ o Negotiate authentication over proxy
- o internal progress meter update frequency back to once per second
+ o --ftp-method nocwd on directory listings
- o avoid some unnecessary calls to function gettimeofday
+ o FTP, CURLOPT_NOBODY enabled and CURLOPT_HEADER disabled now does TYPE
- o a double-free in the SSL-layer
+   before SIZE
- o GnuTLS free of NULL credentials
+ o re-used handle transfers with SFTP
- o NSS-fix for closing down SSL
+ o curl_easy_escape() problem with byte values >= 128
- o bad warning from configure when gnutls was selected
+ o handles chunked-encoded CONNECT responses
- o compilation on VMS 64-bit mode
+ o misuse of ares_timeout() result
- o SCP/SFTP downloads could hang on the last bytes of a transfer
+ o --local-port on TFTP transfers
- o curl_easy_duphandle() crash
+ o CURLOPT_POSTFIELDS could fail to send binary data
- o curl -V / curl_version*() works even when GnuTLS is used on a system without
+ o specifying a proxy with a trailing slash didn't work (unless it also
-   a good random source
+   contained a port number)
- o curl_multi_socket() not "noticing" newly added handles
+ o redirect from HTTP to FTP or TFTP memory problems and leaks
- o lack of Content-Length and chunked encoding now requires HTTP 1.1 as well
+ o re-used connections a bit too much when using non-SSL protocols tunneled
-   to be treated as without response body
+   over a HTTP proxy
- o connection cache growth in multi handles
+ o embed the manifest in VC8 builds
- o better handling of out of memory conditions
+ o use valgrind in the tests even when the lib is built shared with libtool
- o overwriting an uploaded file with sftp now truncates it first
+ o libcurl built with NSS can now ignore the peer verification even when the
- o SFTP quote commands chmod, chown, chgrp can now set a value of 0
+   ca cert bundle is absent
 o TFTP connect timouts less than 5 seconds
 o improved curl -w for TFTP transfers
 o memory leak when failed OpenSSL certificate CN field checking
 o memory leak when OpenSSL failed PKCS #12 parsing
 o FPL-SSL when built with NSS
 o out-of-boundary write in Curl_select()
 o -s/--silent can now be used to toggle off the silence again
 o builds fine on 64bit HP-UX
 o multi interface HTTP CONNECT glitch
 o list FTP root directories when login dir is not root
 o no longer slows down when getting very many URLs on the same command line
 o lock share before decreasing dirty counter
 o no-body FTP requests on re-used connections
 This release includes the following known bugs:
@@ -69,26 +55,18 @@ This release includes the following known bugs:
 Other curl-related news:
- o PycURL 7.16.2.1 was released: http://pycurl.sf.net/
+ o 
 o TclCurl 7.16.2 was released:
   http://personal1.iddeo.es/andresgarci/tclcurl/english/
 New curl mirrors:
- o http://curl.spegulo.be is a new mirror in Belgium
+ o http://curl.wetzlmayr.at/ is a new web mirror in Nuremberg, Germany
 o http://curl.piotrkosoft.net is a new mirror in Poland
 o http://curl.smudge-it.net is a new mirror in St Louis, MO, USA
 o http://curl.askapache.com is a new mirror in Indiana, USA
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
- Song Ma, Dan Fandrich, Yang Tse, Jay Austin, Robert Iakobashvil,
+ Dan Fandrich, Michal Marek, G<>nter Knauf, Rob Crittenden, Immanuel Gregoire,
- James Housley, Daniel Black, Steve Little, Sonia Subramanian, Peter O'Gorman,
+ Mark Davies, Max Katsev, Philip Langdale, Alex Fishman, Johnny Luong,
- Frank Hempel, Michael Wallner, Jeff Pohlmeyer, Tobias Rundstr<74>m,
+ Alexey Pesternikov, Yang Tse, Kim Rinnewitz, Michael Wallner,
- Anders Gustafsson, James Bursa, Kristian Gunstone, Feng Tu,
+ Patrick Monnerat, Vladimir Lazarenko
 Andre Guibert de Bruet, Rob Crittenden, Rich Rauenzahn, Tom Regner,
 Dave Vasilevsky, Shmulik Regev, Robson Braga Araujo, Adam Piggott,
 Gerrit Bruchh<68>user
        Thanks! (and sorry if I forgot to mention someone)
--- a/5
+++ b/5
@@ -1,5 +1,4 @@
-To be addressed before 7.16.3 (planned release: June 2007)
+To be addressed before 7.17.1 (planned release: late October 2007)
 =============================
-93 - 
+106 - 
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -171,6 +171,515 @@ AC_DEFUN([CURL_CHECK_HEADER_WS2TCPIP], [
 ])
 dnl CURL_CHECK_HEADER_WINLDAP
 dnl -------------------------------------------------
 dnl Check for compilable and valid winldap.h header
 AC_DEFUN([CURL_CHECK_HEADER_WINLDAP], [
  AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl
  AC_CACHE_CHECK([for winldap.h], [ac_cv_header_winldap_h], [
    AC_COMPILE_IFELSE([
      AC_LANG_PROGRAM([
 #undef inline
 #ifdef HAVE_WINDOWS_H
 #ifndef WIN32_LEAN_AND_MEAN
 #define WIN32_LEAN_AND_MEAN
 #endif
 #include <windows.h>
 #endif
 #include <winldap.h>
      ],[
 #ifdef __CYGWIN__
        HAVE_WINLDAP_H shall not be defined.
 #else
        LDAP *ldp = ldap_init("dummy", LDAP_PORT);
        ULONG res = ldap_unbind(ldp);
 #endif
      ])
    ],[
      ac_cv_header_winldap_h="yes"
    ],[
      ac_cv_header_winldap_h="no"
    ])
  ])
  case "$ac_cv_header_winldap_h" in
    yes)
      AC_DEFINE_UNQUOTED(HAVE_WINLDAP_H, 1,
        [Define to 1 if you have the winldap.h header file.])
      ;;
  esac
 ])
 dnl CURL_CHECK_HEADER_WINBER
 dnl -------------------------------------------------
 dnl Check for compilable and valid winber.h header
 AC_DEFUN([CURL_CHECK_HEADER_WINBER], [
  AC_REQUIRE([CURL_CHECK_HEADER_WINLDAP])dnl
  AC_CACHE_CHECK([for winber.h], [ac_cv_header_winber_h], [
    AC_COMPILE_IFELSE([
      AC_LANG_PROGRAM([
 #undef inline
 #ifdef HAVE_WINDOWS_H
 #ifndef WIN32_LEAN_AND_MEAN
 #define WIN32_LEAN_AND_MEAN
 #endif
 #include <windows.h>
 #endif
 #include <winldap.h>
 #include <winber.h>
      ],[
 #ifdef __CYGWIN__
        HAVE_WINBER_H shall not be defined.
 #else
        BERVAL *bvp = NULL;
        BerElement *bep = ber_init(bvp);
        ber_free(bep, 1);
 #endif
      ])
    ],[
      ac_cv_header_winber_h="yes"
    ],[
      ac_cv_header_winber_h="no"
    ])
  ])
  case "$ac_cv_header_winber_h" in
    yes)
      AC_DEFINE_UNQUOTED(HAVE_WINBER_H, 1,
        [Define to 1 if you have the winber.h header file.])
      ;;
  esac
 ])
 dnl CURL_CHECK_HEADER_LBER
 dnl -------------------------------------------------
 dnl Check for compilable and valid lber.h header,
 dnl and check if it is needed even with ldap.h
 AC_DEFUN([CURL_CHECK_HEADER_LBER], [
  AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl
  AC_CACHE_CHECK([for lber.h], [ac_cv_header_lber_h], [
    AC_COMPILE_IFELSE([
      AC_LANG_PROGRAM([
 #undef inline
 #ifdef HAVE_WINDOWS_H
 #ifndef WIN32_LEAN_AND_MEAN
 #define WIN32_LEAN_AND_MEAN
 #endif
 #include <windows.h>
 #else
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
 #endif
 #ifndef NULL
 #define NULL (void *)0
 #endif
 #include <lber.h>
      ],[
        BerValue *bvp = NULL;
        BerElement *bep = ber_init(bvp);
        ber_free(bep, 1);
      ])
    ],[
      ac_cv_header_lber_h="yes"
    ],[
      ac_cv_header_lber_h="no"
    ])
  ])
  if test "$ac_cv_header_lber_h" = "yes"; then
    AC_DEFINE_UNQUOTED(HAVE_LBER_H, 1,
      [Define to 1 if you have the lber.h header file.])
    #
    AC_COMPILE_IFELSE([
      AC_LANG_PROGRAM([
 #undef inline
 #ifdef HAVE_WINDOWS_H
 #ifndef WIN32_LEAN_AND_MEAN
 #define WIN32_LEAN_AND_MEAN
 #endif
 #include <windows.h>
 #else
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
 #endif
 #ifndef NULL
 #define NULL (void *)0
 #endif
 #ifndef LDAP_DEPRECATED
 #define LDAP_DEPRECATED 1
 #endif
 #include <ldap.h>
      ],[
        BerValue *bvp = NULL;
        BerElement *bep = ber_init(bvp);
        ber_free(bep, 1);
      ])
    ],[
      curl_cv_need_header_lber_h="no"
    ],[
      curl_cv_need_header_lber_h="yes"
    ])
    #
    case "$curl_cv_need_header_lber_h" in
      yes)
        AC_DEFINE_UNQUOTED(NEED_LBER_H, 1,
          [Define to 1 if you need the lber.h header file even with ldap.h])
        ;;
    esac
  fi
 ])
 dnl CURL_CHECK_HEADER_LDAP
 dnl -------------------------------------------------
 dnl Check for compilable and valid ldap.h header
 AC_DEFUN([CURL_CHECK_HEADER_LDAP], [
  AC_REQUIRE([CURL_CHECK_HEADER_LBER])dnl
  AC_CACHE_CHECK([for ldap.h], [ac_cv_header_ldap_h], [
    AC_COMPILE_IFELSE([
      AC_LANG_PROGRAM([
 #undef inline
 #ifdef HAVE_WINDOWS_H
 #ifndef WIN32_LEAN_AND_MEAN
 #define WIN32_LEAN_AND_MEAN
 #endif
 #include <windows.h>
 #else
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
 #endif
 #ifndef LDAP_DEPRECATED
 #define LDAP_DEPRECATED 1
 #endif
 #ifdef NEED_LBER_H
 #include <lber.h>
 #endif
 #include <ldap.h>
      ],[
        LDAP *ldp = ldap_init("dummy", LDAP_PORT);
        int res = ldap_unbind(ldp);
      ])
    ],[
      ac_cv_header_ldap_h="yes"
    ],[
      ac_cv_header_ldap_h="no"
    ])
  ])
  case "$ac_cv_header_ldap_h" in
    yes)
      AC_DEFINE_UNQUOTED(HAVE_LDAP_H, 1,
        [Define to 1 if you have the ldap.h header file.])
      ;;
  esac
 ])
 dnl CURL_CHECK_HEADER_LDAP_SSL
 dnl -------------------------------------------------
 dnl Check for compilable and valid ldap_ssl.h header
 AC_DEFUN([CURL_CHECK_HEADER_LDAP_SSL], [
  AC_REQUIRE([CURL_CHECK_HEADER_LDAP])dnl
  AC_CACHE_CHECK([for ldap_ssl.h], [ac_cv_header_ldap_ssl_h], [
    AC_COMPILE_IFELSE([
      AC_LANG_PROGRAM([
 #undef inline
 #ifdef HAVE_WINDOWS_H
 #ifndef WIN32_LEAN_AND_MEAN
 #define WIN32_LEAN_AND_MEAN
 #endif
 #include <windows.h>
 #else
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
 #endif
 #ifndef LDAP_DEPRECATED
 #define LDAP_DEPRECATED 1
 #endif
 #ifdef NEED_LBER_H
 #include <lber.h>
 #endif
 #ifdef HAVE_LDAP_H
 #include <ldap.h>
 #endif
 #include <ldap_ssl.h>
      ],[
        LDAP *ldp = ldapssl_init("dummy", LDAPS_PORT, 1);
      ])
    ],[
      ac_cv_header_ldap_ssl_h="yes"
    ],[
      ac_cv_header_ldap_ssl_h="no"
    ])
  ])
  case "$ac_cv_header_ldap_ssl_h" in
    yes)
      AC_DEFINE_UNQUOTED(HAVE_LDAP_SSL_H, 1,
        [Define to 1 if you have the ldap_ssl.h header file.])
      ;;
  esac
 ])
 dnl CURL_CHECK_HEADER_LDAPSSL
 dnl -------------------------------------------------
 dnl Check for compilable and valid ldapssl.h header
 AC_DEFUN([CURL_CHECK_HEADER_LDAPSSL], [
  AC_REQUIRE([CURL_CHECK_HEADER_LDAP])dnl
  AC_CACHE_CHECK([for ldapssl.h], [ac_cv_header_ldapssl_h], [
    AC_COMPILE_IFELSE([
      AC_LANG_PROGRAM([
 #undef inline
 #ifdef HAVE_WINDOWS_H
 #ifndef WIN32_LEAN_AND_MEAN
 #define WIN32_LEAN_AND_MEAN
 #endif
 #include <windows.h>
 #else
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
 #endif
 #ifndef NULL
 #define NULL (void *)0
 #endif
 #ifndef LDAP_DEPRECATED
 #define LDAP_DEPRECATED 1
 #endif
 #ifdef NEED_LBER_H
 #include <lber.h>
 #endif
 #ifdef HAVE_LDAP_H
 #include <ldap.h>
 #endif
 #include <ldapssl.h>
      ],[
        char *cert_label = NULL;
        LDAP *ldp = ldap_ssl_init("dummy", LDAPS_PORT, cert_label);
      ])
    ],[
      ac_cv_header_ldapssl_h="yes"
    ],[
      ac_cv_header_ldapssl_h="no"
    ])
  ])
  case "$ac_cv_header_ldapssl_h" in
    yes)
      AC_DEFINE_UNQUOTED(HAVE_LDAPSSL_H, 1,
        [Define to 1 if you have the ldapssl.h header file.])
      ;;
  esac
 ])
 dnl CURL_CHECK_LIBS_WINLDAP
 dnl -------------------------------------------------
 dnl Check for libraries needed for WINLDAP support,
 dnl and prepended to LIBS any needed libraries.
 dnl This macro can take an optional parameter with a
 dnl white space separated list of libraries to check
 dnl before the WINLDAP default ones.
 AC_DEFUN([CURL_CHECK_LIBS_WINLDAP], [
  AC_REQUIRE([CURL_CHECK_HEADER_WINBER])dnl
  #
  AC_MSG_CHECKING([for WINLDAP libraries])
  #
  u_libs=""
  #
  ifelse($1,,,[
    for x_lib in $1; do
      case "$x_lib" in
        -l*)
          l_lib="$x_lib"
          ;;
        *)
          l_lib="-l$x_lib"
          ;;
      esac
      if test -z "$u_libs"; then
        u_libs="$l_lib"
      else
        u_libs="$u_libs $l_lib"
      fi
    done
  ])
  #
  curl_cv_save_LIBS="$LIBS"
  curl_cv_ldap_LIBS="unknown"
  #
  for x_nlibs in '' "$u_libs" \
    '-lwldap32' ; do
    if test -z "$x_nlibs"; then
      LIBS="$curl_cv_save_LIBS"
    else
      LIBS="$x_nlibs $curl_cv_save_LIBS"
    fi
    AC_LINK_IFELSE([
      AC_LANG_PROGRAM([
 #undef inline
 #ifdef HAVE_WINDOWS_H
 #ifndef WIN32_LEAN_AND_MEAN
 #define WIN32_LEAN_AND_MEAN
 #endif
 #include <windows.h>
 #ifdef HAVE_WINLDAP_H
 #include <winldap.h>
 #endif
 #ifdef HAVE_WINBER_H
 #include <winber.h>
 #endif
 #endif
      ],[
        BERVAL *bvp = NULL;
        BerElement *bep = ber_init(bvp);
        LDAP *ldp = ldap_init("dummy", LDAP_PORT);
        ULONG res = ldap_unbind(ldp);
        ber_free(bep, 1);
      ])
    ],[
       curl_cv_ldap_LIBS="$x_nlibs"
       break
    ])
  done
  #
  LIBS="$curl_cv_save_LIBS"
  #
  case X-"$curl_cv_ldap_LIBS" in
    X-unknown)
      AC_MSG_RESULT([cannot find WINLDAP libraries])
      ;;
    X-)
      AC_MSG_RESULT([no additional lib required])
      ;;
    *)
      if test -z "$curl_cv_save_LIBS"; then
        LIBS="$curl_cv_ldap_LIBS"
      else
        LIBS="$curl_cv_ldap_LIBS $curl_cv_save_LIBS"
      fi
      AC_MSG_RESULT([$curl_cv_ldap_LIBS])
      ;;
  esac
  #
 ])
 dnl CURL_CHECK_LIBS_LDAP
 dnl -------------------------------------------------
 dnl Check for libraries needed for LDAP support,
 dnl and prepended to LIBS any needed libraries.
 dnl This macro can take an optional parameter with a
 dnl white space separated list of libraries to check
 dnl before the default ones.
 AC_DEFUN([CURL_CHECK_LIBS_LDAP], [
  AC_REQUIRE([CURL_CHECK_HEADER_LDAP])dnl
  #
  AC_MSG_CHECKING([for LDAP libraries])
  #
  u_libs=""
  #
  ifelse($1,,,[
    for x_lib in $1; do
      case "$x_lib" in
        -l*)
          l_lib="$x_lib"
          ;;
        *)
          l_lib="-l$x_lib"
          ;;
      esac
      if test -z "$u_libs"; then
        u_libs="$l_lib"
      else
        u_libs="$u_libs $l_lib"
      fi
    done
  ])
  #
  curl_cv_save_LIBS="$LIBS"
  curl_cv_ldap_LIBS="unknown"
  #
  for x_nlibs in '' "$u_libs" \
    '-lldap' \
    '-llber -lldap' \
    '-lldap -llber' \
    '-lldapssl -lldapx -lldapsdk' \
    '-lldapsdk -lldapx -lldapssl' ; do
    if test -z "$x_nlibs"; then
      LIBS="$curl_cv_save_LIBS"
    else
      LIBS="$x_nlibs $curl_cv_save_LIBS"
    fi
    AC_LINK_IFELSE([
      AC_LANG_PROGRAM([
 #undef inline
 #ifdef HAVE_WINDOWS_H
 #ifndef WIN32_LEAN_AND_MEAN
 #define WIN32_LEAN_AND_MEAN
 #endif
 #include <windows.h>
 #else
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
 #endif
 #ifndef NULL
 #define NULL (void *)0
 #endif
 #ifndef LDAP_DEPRECATED
 #define LDAP_DEPRECATED 1
 #endif
 #ifdef NEED_LBER_H
 #include <lber.h>
 #endif
 #ifdef HAVE_LDAP_H
 #include <ldap.h>
 #endif
      ],[
        BerValue *bvp = NULL;
        BerElement *bep = ber_init(bvp);
        LDAP *ldp = ldap_init("dummy", LDAP_PORT);
        int res = ldap_unbind(ldp);
        ber_free(bep, 1);
      ])
    ],[
       curl_cv_ldap_LIBS="$x_nlibs"
       break
    ])
  done
  #
  LIBS="$curl_cv_save_LIBS"
  #
  case X-"$curl_cv_ldap_LIBS" in
    X-unknown)
      AC_MSG_RESULT([cannot find LDAP libraries])
      ;;
    X-)
      AC_MSG_RESULT([no additional lib required])
      ;;
    *)
      if test -z "$curl_cv_save_LIBS"; then
        LIBS="$curl_cv_ldap_LIBS"
      else
        LIBS="$curl_cv_ldap_LIBS $curl_cv_save_LIBS"
      fi
      AC_MSG_RESULT([$curl_cv_ldap_LIBS])
      ;;
  esac
  #
 ])
 dnl CURL_CHECK_HEADER_MALLOC
 dnl -------------------------------------------------
 dnl Check for compilable and valid malloc.h header,
@@ -1107,7 +1616,7 @@ AC_DEFUN([CURL_CHECK_NONBLOCKING_SOCKET],
 #  define PLATFORM_SUNOS4
 # endif
 #endif
-#if (defined(_AIX) || defined(__xlC__)) && !defined(_AIX4)
+#if (defined(_AIX) || defined(__xlC__)) && !defined(_AIX41)
 # define PLATFORM_AIX_V3
 #endif
@@ -1316,6 +1825,9 @@ AC_TRY_RUN([
 #include <string.h>
 #include <sys/types.h>
 #include <netdb.h>
 #ifndef NULL
 #define NULL (void *)0
 #endif
 int
 main () {
@@ -1762,7 +2274,7 @@ AC_DEFUN([CURL_CC_DEBUG_OPTS],
           dnl only if the compiler is newer than 2.95 since we got lots of
           dnl "`_POSIX_C_SOURCE' is not defined" in system headers with
           dnl gcc 2.95.4 on FreeBSD 4.9!
-           WARN="$WARN -Wundef -Wno-long-long -Wsign-compare"
+           WARN="$WARN -Wundef -Wno-long-long -Wsign-compare -Wshadow -Wno-multichar"
         fi
         if test "$gccnum" -ge "296"; then
@@ -1830,81 +2342,6 @@ AC_DEFUN([CURL_CC_DEBUG_OPTS],
 ]) dnl end of AC_DEFUN()
 dnl Determine the name of the library to pass to dlopen() based on the name
 dnl that would normally be given to AC_CHECK_LIB.  The preprocessor symbol
 dnl given is set to the quoted library file name. 
 dnl The standard dynamic library file name is first generated, based on the
 dnl current system type, then a search is performed for that file on the
 dnl standard dynamic library path.  If it is a symbolic link, the destination
 dnl of the link is used as the file name, after stripping off any minor
 dnl version numbers. If a library file can't be found, a guess is made.
 dnl This macro assumes AC_PROG_LIBTOOL has been called and requires perl
 dnl to be available in the PATH, or $PERL to be set to its location.
 dnl
 dnl CURL_DLLIB_NAME(VARIABLE, library_name)
 dnl e.g. CURL_DLLIB_NAME(LDAP_NAME, ldap) on a Linux system might result
 dnl in LDAP_NAME holding the string "libldap.so.2".
 AC_DEFUN([CURL_DLLIB_NAME],
 [
 AC_MSG_CHECKING([name of dynamic library $2])
 dnl The shared library extension variable name changes from version to
 dnl version of libtool.  Try a few names then just set one statically.
 test -z "$shared_ext" && eval shared_ext=\"$shrext_cmds\"
 test -z "$shared_ext" && shared_ext="$std_shrext"
 test -z "$shared_ext" && shared_ext="$shrext"
 test -z "$shared_ext" && shared_ext=".so"
 dnl Create the library link name of the correct form for this platform
 LIBNAME_LINK_SPEC=`echo "$library_names_spec" | $SED 's/^.* //'`
 DLGUESSLIB=`name=$2 eval echo "$libname_spec"`
 DLGUESSFILE=`libname="$DLGUESSLIB" release="" major="" versuffix="" eval echo "$LIBNAME_LINK_SPEC"`
 dnl Last resort in case libtool knows nothing about shared libs on this platform
 test -z "$DLGUESSFILE" && DLGUESSFILE="$DLGUESSLIB$shared_ext"
 dnl Synthesize a likely dynamic library name in case we can't find an actual one
 SO_NAME_SPEC="$soname_spec"
 dnl soname_spec undefined when identical to the 1st entry in library_names_spec
 test -z "$SO_NAME_SPEC" && SO_NAME_SPEC=`echo "$library_names_spec" | $SED 's/ .*$//'`
 DLGUESSSOFILE=`libname="$DLGUESSLIB" release="" major="" versuffix="" eval echo "$SO_NAME_SPEC"`
 dnl Last resort in case libtool knows nothing about shared libs on this platform
 test -z "$DLGUESSSOFILE" && DLGUESSSOFILE="$DLGUESSFILE"
 if test "$cross_compiling" = yes; then
  dnl Can't look at filesystem when cross-compiling
  AC_DEFINE_UNQUOTED($1, "$DLGUESSSOFILE", [$2 dynamic library file])
  AC_MSG_RESULT([$DLGUESSSOFILE (guess while cross-compiling)])
 else
  DLFOUNDFILE=""
  if test "$sys_lib_dlsearch_path_spec" ; then
    dnl Search for the link library name and see what it points to.
    for direc in $sys_lib_dlsearch_path_spec ; do
      DLTRYFILE="$direc/$DLGUESSFILE"
      dnl Find where the symbolic link for this name points
      changequote(<<, >>)dnl
      <<
      DLFOUNDFILE=`${PERL:-perl} -e 'use File::Basename; (basename(readlink($ARGV[0])) =~ /^(.*[^\d]\.\d+)[\d\.]*$/ && print ${1}) || exit 1;' "$DLTRYFILE" 2>&5`
      >>
      changequote([, ])dnl
      if test "$?" -eq "0"; then
        dnl Found the file link
        break
      fi
    done
  fi
  if test -z "$DLFOUNDFILE" ; then
    dnl Couldn't find a link library, so guess at a name.
    DLFOUNDFILE="$DLGUESSSOFILE"
  fi
  AC_DEFINE_UNQUOTED($1, "$DLFOUNDFILE", [$2 dynamic library file])
  AC_MSG_RESULT($DLFOUNDFILE)
 fi
 ])
 # This is only a temporary fix. This macro is here to replace the broken one
 # delivered by the automake project (including the 1.9.6 release). As soon as
 # they ship a working version we SHOULD remove this work-around.
--- a/ares/CHANGES
+++ b/ares/CHANGES
@@ -1,5 +1,83 @@
  Changelog for the c-ares project
 * October 2 2007 (Daniel Stenberg)
 - ares_strerror() segfaulted if the input error number was out of the currently
  supported range.
 - Yang Tse: Avoid a segfault when generating a DNS "Transaction ID" in
  internal function init_id_key() under low memory conditions.
 * September 28 2007 (Daniel Stenberg)
 - Bumped version to 1.5.0 for next release and soname bumped to 2 due to ABI
  and API changes in the progress callback (and possibly more coming up from
  Steinar)
 * September 28 2007 (Steinar H. Gunderson)
 - Don't skip a server if it's the only one. (Bugfix from the Google tree.)
 - Made the query callbacks receive the number of timeouts that happened during
  the execution of a query, and updated documentation accordingly. (Patch from
  the Google tree.)
 - Support a few more socket options: ARES_OPT_SOCK_SNDBUF and
  ARES_OPT_SOCK_RCVBUF
 - Always register for TCP events even if there are no outstanding queries, as
  the other side could always close the connection, which is a valid event
  which should be responded to.
 * September 22 2007 (Daniel Stenberg)
 - Steinar H. Gunderson fixed: Correctly clear sockets from the fd_set on in
  several functions (write_tcp_data, read_tcp_data, read_udp_packets) so that
  if it fails and the socket is closed the following code doesn't try to use
  the file descriptor.
 - Steinar H. Gunderson modified c-ares to now also do to DNS retries even when
  TCP is used since there are several edge cases where it still makes sense.
 - Brad House provided a fix for ares_save_options():
  Apparently I overlooked something with the ares_save_options() where it
  would try to do a malloc(0) when no options of that type needed to be saved.
  On most platforms, this was fine because malloc(0) doesn't actually return
  NULL, but on AIX it does, so ares_save_options would return ARES_ENOMEM.
 * July 14 2007 (Daniel Stenberg)
 - Vlad Dinulescu fixed two outstanding valgrind reports:
  1. In ares_query.c , in find_query_by_id we compare q->qid (which is a short
  int variable) with qid, which is declared as an int variable.  Moreover,
  DNS_HEADER_SET_QID is used to set the value of qid, but DNS_HEADER_SET_QID
  sets only the first two bytes of qid. I think that qid should be declared as
  "unsigned short" in this function.
  2. The same problem occurs in ares_process.c, process_answer() .  query->qid
  (an unsigned short integer variable) is compared with id, which is an
  integer variable. Moreover, id is initialized from DNS_HEADER_QID which sets
  only the first two bytes of id. I think that the id variable should be
  declared as "unsigned short" in this function.
  Even after declaring these variables as "unsigned short", the valgrind
  errors are still there. Which brings us to the third problem.
  3. The third problem is that Valgrind assumes that query->qid is not
  initialised correctly. And it does that because query->qid is set from
  DNS_HEADER_QID(qbuf); Valgrind says that qbuf has unitialised bytes. And
  qbuf has uninitialised bytes because of channel->next_id . And next_id is
  set by ares_init.c:ares__generate_new_id() . I found that putting short r=0
  in this function (instead of short r) makes all Valgrind warnings go away.
  I have studied ares__rc4() too, and this is the offending line:
        buffer_ptr[counter] ^= state[xorIndex];   (ares_query.c:62)
  This is what triggers Valgrind.. buffer_ptr is unitialised in this function,
  and by applying ^= on it, it remains unitialised.
 Version 1.4.0 (June 8, 2007)
 * June 4 2007 (Daniel Stenberg)
--- a/ares/Makefile.am
+++ b/ares/Makefile.am
@@ -11,10 +11,10 @@ MSVCFILES = vc/adig/adig.dep vc/adig/adig.dsp vc/vc.dsw vc/ahost/ahost.dep \
 # adig and ahost are just sample programs and thus not mentioned with the
 # regular sources and headers
 EXTRA_DIST = CHANGES README.cares Makefile.inc adig.c ahost.c $(man_MANS) \
- $(MSVCFILES) AUTHORS config-win32.h RELEASE-NOTES
+ $(MSVCFILES) AUTHORS config-win32.h RELEASE-NOTES libcares.pc.in
-VER=-version-info 1:0:0
+VER=-version-info 2:0:0
 # This flag accepts an argument of the form current[:revision[:age]]. So,
 # passing -version-info 3:12:1 sets current to 3, revision to 12, and age to
 # 1.
--- a/ares/Makefile.dj
+++ b/ares/Makefile.dj
@@ -14,7 +14,8 @@ CFLAGS += -DWATT32 -DHAVE_AF_INET6 -DHAVE_PF_INET6 -DHAVE_FIONBIO \
          -DHAVE_STRUCT_IN6_ADDR -DHAVE_SOCKADDR_IN6_SIN6_SCOPE_ID \
          -DHAVE_SYS_TIME_H -DHAVE_STRUCT_SOCKADDR_IN6 -DHAVE_STRUCT_ADDRINFO \
          -DHAVE_SIGNAL_H -DHAVE_SIG_ATOMIC_T -DRETSIGTYPE='void' -DHAVE_PROCESS_H \
-          -DHAVE_ARPA_NAMESER_H -DNS_INADDRSZ=4 -DHAVE_RECV -DHAVE_SEND \
+          -DHAVE_ARPA_NAMESER_H -DHAVE_SYS_SOCKET_H -DHAVE_SYS_UIO_H -DHAVE_NETINET_IN_H \
          -DHAVE_NETINET_TCP_H -DNS_INADDRSZ=4 -DHAVE_RECV -DHAVE_SEND \
          -DSEND_TYPE_ARG1='int'   -DSEND_QUAL_ARG2='const' \
          -DSEND_TYPE_ARG2='void*' -DSEND_TYPE_ARG3='int' \
          -DSEND_TYPE_ARG4='int'   -DSEND_TYPE_RETV='int' \
--- a/ares/Makefile.inc
+++ b/ares/Makefile.inc
@@ -6,7 +6,7 @@ ares_timeout.c ares_destroy.c ares_mkquery.c ares_version.c		\
 ares_expand_name.c ares_parse_a_reply.c windows_port.c			\
 ares_expand_string.c ares_parse_ptr_reply.c ares_parse_aaaa_reply.c	\
 ares_getnameinfo.c inet_net_pton.c bitncmp.c inet_ntop.c		\
-ares_parse_ns_reply.c
+ares_parse_ns_reply.c ares_llist.c
 HHEADERS = ares.h ares_private.h setup.h ares_dns.h ares_version.h          \
           nameser.h inet_net_pton.h inet_ntop.h ares_ipv6.h bitncmp.h      \
--- a/ares/Makefile.netware
+++ b/ares/Makefile.netware
@@ -35,10 +35,10 @@ ifndef LIBARCH
 LIBARCH = LIBC
 endif
-# must be equal to DEBUG or NDEBUG
+# must be equal to NDEBUG or DEBUG, CURLDEBUG
 ifndef DB
 DB	= NDEBUG
-# DB	= DEBUG
+endif
 # DB	= CURLDEBUG
 # Optimization: -O<n> or debugging: -g
 ifeq ($(DB),NDEBUG)
 	OPT	= -O2
@@ -51,12 +51,20 @@ endif
 # Include the version info retrieved from curlver.h
 -include $(OBJDIR)/version.inc
-# The following line defines your compiler.
+# The following lines defines your compiler.
 ifdef CWFolder
 	METROWERKS = $(CWFolder)
 endif
 ifdef METROWERKS
 	# MWCW_PATH = $(subst \,/,$(METROWERKS))/Novell Support
 	MWCW_PATH = $(subst \,/,$(METROWERKS))/Novell Support/Metrowerks Support
 	CC = mwccnlm
 else
 	CC = gcc
 endif
 # a native win32 awk can be downloaded from here:
 # http://www.gknw.net/development/prgtools/awk-20050424.zip
 AWK	= awk
 YACC	= bison -y
 CP	= cp -afv
 # RM	= rm -f
@@ -82,8 +90,10 @@ ifeq ($(LIBARCH),LIBC)
 	PRELUDE = $(SDK_LIBC)/imports/libcpre.o
 	CFLAGS += -align 4
 else
-	PRELUDE = "$(METROWERKS)/Novell Support/libraries/runtime/prelude.obj"
+	# PRELUDE = $(SDK_CLIB)/imports/clibpre.o
-#	CFLAGS += -include "$(METROWERKS)/Novell Support/headers/nlm_prefix.h"
+	# to avoid the __init_* / __deinit_* whoes dont use prelude from NDK
 	PRELUDE = "$(MWCW_PATH)/libraries/runtime/prelude.obj"
 	# CFLAGS += -include "$(MWCW_PATH)/headers/nlm_clib_prefix.h"
 	CFLAGS += -align 1
 endif
 else
@@ -98,7 +108,10 @@ CFLAGS	+= -Wall -Wno-format -Wno-uninitialized # -pedantic
 ifeq ($(LIBARCH),LIBC)
 	PRELUDE = $(SDK_LIBC)/imports/libcpre.gcc.o
 else
-	PRELUDE = $(SDK_CLIB)/imports/clibpre.gcc.o
+	# PRELUDE = $(SDK_CLIB)/imports/clibpre.gcc.o
 	# to avoid the __init_* / __deinit_* whoes dont use prelude from NDK
 	# http://www.gknw.net/development/mk_nlm/gcc_pre.zip
 	PRELUDE = $(NDK_ROOT)/pre/prelude.o
 	CFLAGS += -include $(NDKBASE)/nlmconv/genlm.h
 endif
 endif
@@ -108,14 +121,17 @@ SDK_CLIB = $(NDK_ROOT)/nwsdk
 SDK_LIBC = $(NDK_ROOT)/libc
 ifeq ($(LIBARCH),LIBC)
-	INCLUDES += -I$(SDK_LIBC)/include -I$(SDK_LIBC)/include/nks
+	INCLUDES += -I$(SDK_LIBC)/include
 	# INCLUDES += -I$(SDK_LIBC)/include/nks
 	# INCLUDES += -I$(SDK_LIBC)/include/winsock
 	CFLAGS += -D_POSIX_SOURCE
 #	CFLAGS += -D__ANSIC__
 else
-	INCLUDES += -I$(SDK_CLIB)/include/nlm -I$(SDK_CLIB)/include
+	INCLUDES += -I$(SDK_CLIB)/include/nlm
 	# INCLUDES += -I$(SDK_CLIB)/include/nlm/obsolete
-	CFLAGS += -DNETDB_USE_INTERNET
+	# INCLUDES += -I$(SDK_CLIB)/include
 endif
 ifeq ($(DB),CURLDEBUG)
 INCLUDES += -I../include
 endif
 CFLAGS	+= -I. $(INCLUDES)
@@ -186,7 +202,7 @@ $(OBJDIR)/%.o: %.c
 $(OBJDIR)/version.inc: ares_version.h $(OBJDIR)
 	@echo Creating $@
-	@awk -f ../packages/NetWare/get_ver.awk $< > $@
+	@$(AWK) -f ../packages/NetWare/get_ver.awk $< > $@
 $(OBJDIR)/%.xdc: Makefile.netware
 	@echo Creating $@
@@ -267,25 +283,77 @@ config.h: Makefile.netware
 	@echo $(DL)#ifndef NETWARE$(DL) >> $@
 	@echo $(DL)#error This $(notdir $@) is created for NetWare platform!$(DL) >> $@
 	@echo $(DL)#endif$(DL) >> $@
 	@echo $(DL)#define OS "i586-pc-NetWare"$(DL) >> $@
 	@echo $(DL)#define VERSION "$(LIBCARES_VERSION_STR)"$(DL) >> $@
 	@echo $(DL)#define PACKAGE_BUGREPORT "a suitable curl mailing list => http://curl.haxx.se/mail/"$(DL) >> $@
-	@echo $(DL)#define HAVE_ARPA_INET_H 1$(DL) >> $@
+ifeq ($(LIBARCH),CLIB)
-	@echo $(DL)#define HAVE_ARPA_NAMESER_H 1$(DL) >> $@
+	@echo $(DL)#define OS "i586-pc-clib-NetWare"$(DL) >> $@
-	@echo $(DL)#define HAVE_ASSERT_H 1$(DL) >> $@
+	@echo $(DL)#define MAXHOSTNAMELEN 256$(DL) >> $@
 	@echo $(DL)#define NETDB_USE_INTERNET 1$(DL) >> $@
 	@echo $(DL)#define RECV_TYPE_ARG1 int$(DL) >> $@
 	@echo $(DL)#define RECV_TYPE_ARG2 char *$(DL) >> $@
 	@echo $(DL)#define RECV_TYPE_ARG3 int$(DL) >> $@
 	@echo $(DL)#define RECV_TYPE_ARG4 int$(DL) >> $@
 	@echo $(DL)#define RECV_TYPE_RETV int$(DL) >> $@
 	@echo $(DL)#define SEND_QUAL_ARG2$(DL) >> $@
 	@echo $(DL)#define SEND_TYPE_ARG1 int$(DL) >> $@
 	@echo $(DL)#define SEND_TYPE_ARG2 char *$(DL) >> $@
 	@echo $(DL)#define SEND_TYPE_ARG3 int$(DL) >> $@
 	@echo $(DL)#define SEND_TYPE_ARG4 int$(DL) >> $@
 	@echo $(DL)#define SEND_TYPE_RETV int$(DL) >> $@
 	@echo $(DL)#define DL_LDAP_FILE "ldapsdk.nlm"$(DL) >> $@
 	@echo $(DL)#define socklen_t int$(DL) >> $@
 	@echo $(DL)#define strncasecmp strnicmp$(DL) >> $@
 	@echo $(DL)#define strcasecmp stricmp$(DL) >> $@
 else
 	@echo $(DL)#define OS "i586-pc-libc-NetWare"$(DL) >> $@
 	@echo $(DL)#define HAVE_DLFCN_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_DLOPEN 1$(DL) >> $@
-	@echo $(DL)#define HAVE_ERR_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_FTRUNCATE 1$(DL) >> $@
 	@echo $(DL)#define HAVE_FCNTL_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_FIONBIO 1$(DL) >> $@
 	@echo $(DL)#define HAVE_GETHOSTBYADDR 1$(DL) >> $@
 	@echo $(DL)#define HAVE_GETTIMEOFDAY 1$(DL) >> $@
 	@echo $(DL)#define HAVE_INET_ADDR 1$(DL) >> $@
 	@echo $(DL)#define HAVE_INET_NTOA 1$(DL) >> $@
 	@echo $(DL)#define HAVE_INET_PTON 1$(DL) >> $@
 	@echo $(DL)#define HAVE_INTTYPES_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_LIMITS_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_LONGLONG 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STDINT_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRCASECMP 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRLCAT 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRLCPY 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRTOLL 1$(DL) >> $@
 	@echo $(DL)#define HAVE_SYS_PARAM_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_SYS_SELECT_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_TERMIOS_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_AF_INET6 1$(DL) >> $@
 	@echo $(DL)#define HAVE_PF_INET6 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRUCT_IN6_ADDR 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRUCT_SOCKADDR_IN6 1$(DL) >> $@
 	@echo $(DL)#define RECV_TYPE_ARG1 int$(DL) >> $@
 	@echo $(DL)#define RECV_TYPE_ARG2 void *$(DL) >> $@
 	@echo $(DL)#define RECV_TYPE_ARG3 size_t$(DL) >> $@
 	@echo $(DL)#define RECV_TYPE_ARG4 int$(DL) >> $@
 	@echo $(DL)#define RECV_TYPE_RETV ssize_t$(DL) >> $@
 	@echo $(DL)#define SEND_QUAL_ARG2$(DL) >> $@
 	@echo $(DL)#define SEND_TYPE_ARG1 int$(DL) >> $@
 	@echo $(DL)#define SEND_TYPE_ARG2 void *$(DL) >> $@
 	@echo $(DL)#define SEND_TYPE_ARG3 size_t$(DL) >> $@
 	@echo $(DL)#define SEND_TYPE_ARG4 int$(DL) >> $@
 	@echo $(DL)#define SEND_TYPE_RETV ssize_t$(DL) >> $@
 	@echo $(DL)#define SIZEOF_STRUCT_IN6_ADDR 16$(DL) >> $@
 	@echo $(DL)#define DL_LDAP_FILE "lldapsdk.nlm"$(DL) >> $@
 endif
 	@echo $(DL)#define HAVE_ARPA_INET_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_ARPA_NAMESER_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_ASSERT_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_ERR_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_FCNTL_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_FIONBIO 1$(DL) >> $@
 	@echo $(DL)#define HAVE_GETHOSTBYADDR 1$(DL) >> $@
 	@echo $(DL)#define HAVE_GETHOSTBYNAME 1$(DL) >> $@
 	@echo $(DL)#define HAVE_GETPROTOBYNAME 1$(DL) >> $@
 	@echo $(DL)#define HAVE_GMTIME_R 1$(DL) >> $@
 	@echo $(DL)#define HAVE_INET_ADDR 1$(DL) >> $@
 	@echo $(DL)#define HAVE_INET_NTOA 1$(DL) >> $@
 	@echo $(DL)#define HAVE_LL 1$(DL) >> $@
 	@echo $(DL)#define HAVE_LOCALTIME_R 1$(DL) >> $@
 	@echo $(DL)#define HAVE_MALLOC_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_NETINET_IN_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_RECV 1$(DL) >> $@
@@ -296,46 +364,26 @@ config.h: Makefile.netware
 	@echo $(DL)#define HAVE_SIGNAL_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_SIG_ATOMIC_T 1$(DL) >> $@
 	@echo $(DL)#define HAVE_SOCKET 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STDINT_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STDLIB_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRCASECMP 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRDUP 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRFTIME 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRING_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRLCAT 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRLCPY 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRSTR 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SYS_PARAM_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRUCT_ADDRINFO 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SYS_SELECT_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRUCT_TIMEVAL 1$(DL) >> $@
 	@echo $(DL)#define HAVE_SYS_IOCTL_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_SYS_STAT_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_SYS_TIME_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_TERMIOS_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_TIME_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_UNAME 1$(DL) >> $@
 	@echo $(DL)#define HAVE_UNISTD_H 1$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_ARG1 int$(DL) >> $@
+	@echo $(DL)#define HAVE_UTIME 1$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_ARG2 char *$(DL) >> $@
+	@echo $(DL)#define HAVE_UTIME_H 1$(DL) >> $@
 	@echo $(DL)#define RECV_TYPE_ARG3 int$(DL) >> $@
 	@echo $(DL)#define RECV_TYPE_ARG4 int$(DL) >> $@
 	@echo $(DL)#define RECV_TYPE_RETV int$(DL) >> $@
 	@echo $(DL)#define RETSIGTYPE void$(DL) >> $@
 	@echo $(DL)#define SEND_QUAL_ARG2$(DL) >> $@
 	@echo $(DL)#define SEND_TYPE_ARG1 int$(DL) >> $@
 	@echo $(DL)#define SEND_TYPE_ARG2 char *$(DL) >> $@
 	@echo $(DL)#define SEND_TYPE_ARG3 int$(DL) >> $@
 	@echo $(DL)#define SEND_TYPE_ARG4 int$(DL) >> $@
 	@echo $(DL)#define SEND_TYPE_RETV int$(DL) >> $@
 	@echo $(DL)#define SIZEOF_CURL_OFF_T 4$(DL) >> $@
 	@echo $(DL)#define SIZEOF_STRUCT_IN_ADDR 4$(DL) >> $@
 	@echo $(DL)#define STDC_HEADERS 1$(DL) >> $@
 	@echo $(DL)#define TIME_WITH_SYS_TIME 1$(DL) >> $@
 	@echo $(DL)#define HAVE_AF_INET6 1$(DL) >> $@
 	@echo $(DL)#define HAVE_PF_INET6 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRUCT_ADDRINFO 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRUCT_IN6_ADDR 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRUCT_SOCKADDR_IN6 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRUCT_TIMEVAL 1$(DL) >> $@
 	@echo $(DL)#define SIZEOF_STRUCT_IN6_ADDR 16$(DL) >> $@
 	@echo $(DL)#define SIZEOF_STRUCT_IN_ADDR 4$(DL) >> $@
 ifdef NW_WINSOCK
 	@echo $(DL)#define HAVE_CLOSESOCKET 1$(DL) >> $@
 else
--- a/ares/Makefile.vc6
+++ b/ares/Makefile.vc6
@@ -60,6 +60,7 @@ OBJECTS = $(OBJ_DIR)\ares_fds.obj              \
          $(OBJ_DIR)\ares_strerror.obj         \
          $(OBJ_DIR)\ares_cancel.obj           \
          $(OBJ_DIR)\ares_init.obj             \
          $(OBJ_DIR)\ares_llist.obj            \
          $(OBJ_DIR)\ares_timeout.obj          \
          $(OBJ_DIR)\ares_destroy.obj          \
          $(OBJ_DIR)\ares_mkquery.obj          \
@@ -231,3 +232,6 @@ $(OBJ_DIR)\inet_ntop.obj: inet_ntop.c setup.h setup_once.h nameser.h           \
  ares_ipv6.h inet_ntop.h
 $(OBJ_DIR)\ares_getopt.obj: ares_getopt.c ares_getopt.h
 $(OBJ_DIR)\ares_llist.obj: ares_llist.c setup.h setup_once.h ares.h            \
  ares_private.h ares_llist.h
--- a/ares/acinclude.m4
+++ b/ares/acinclude.m4
@@ -1085,7 +1085,7 @@ AC_DEFUN([CURL_CHECK_NONBLOCKING_SOCKET],
 #  define PLATFORM_SUNOS4
 # endif
 #endif
-#if (defined(_AIX) || defined(__xlC__)) && !defined(_AIX4)
+#if (defined(_AIX) || defined(__xlC__)) && !defined(_AIX41)
 # define PLATFORM_AIX_V3
 #endif
@@ -1369,7 +1369,7 @@ AC_DEFUN([CURL_CC_DEBUG_OPTS],
           dnl only if the compiler is newer than 2.95 since we got lots of
           dnl "`_POSIX_C_SOURCE' is not defined" in system headers with
           dnl gcc 2.95.4 on FreeBSD 4.9!
-           WARN="$WARN -Wundef -Wno-long-long -Wsign-compare"
+           WARN="$WARN -Wundef -Wno-long-long -Wsign-compare -Wshadow -Wno-multichar"
         fi
         if test "$gccnum" -ge "296"; then
--- a/ares/adig.c
+++ b/ares/adig.c
@@ -127,7 +127,8 @@ static const char *rcodes[] = {
  "(unknown)", "(unknown)", "(unknown)", "(unknown)", "NOCHANGE"
 };
-static void callback(void *arg, int status, unsigned char *abuf, int alen);
+static void callback(void *arg, int status, int timeouts,
                     unsigned char *abuf, int alen);
 static const unsigned char *display_question(const unsigned char *aptr,
                                             const unsigned char *abuf,
                                             int alen);
@@ -294,7 +295,8 @@ int main(int argc, char **argv)
  return 0;
 }
-static void callback(void *arg, int status, unsigned char *abuf, int alen)
+static void callback(void *arg, int status, int timeouts,
                     unsigned char *abuf, int alen)
 {
  char *name = (char *) arg;
  int id, qr, opcode, aa, tc, rd, ra, rcode;
--- a/ares/ahost.c
+++ b/ares/ahost.c
@@ -47,7 +47,7 @@ struct in6_addr
 };
 #endif
-static void callback(void *arg, int status, struct hostent *host);
+static void callback(void *arg, int status, int timeouts, struct hostent *host);
 static void usage(void);
 int main(int argc, char **argv)
@@ -142,7 +142,7 @@ int main(int argc, char **argv)
  return 0;
 }
-static void callback(void *arg, int status, struct hostent *host)
+static void callback(void *arg, int status, int timeouts, struct hostent *host)
 {
  char **p;
--- a/ares/ares.h
+++ b/ares/ares.h
@@ -20,12 +20,15 @@
 #include <sys/types.h>
-#if defined(_AIX) || defined(NETWARE)
+#if defined(_AIX) || (defined(NETWARE) && defined(__NOVELL_LIBC__))
 /* HP-UX systems version 9, 10 and 11 lack sys/select.h and so does oldish
   libc5-based Linux systems. Only include it on system that are known to
   require it! */
 #include <sys/select.h>
 #endif
 #if (defined(NETWARE) && !defined(__NOVELL_LIBC__))
 #include <sys/bsdskt.h>
 #endif
 #if defined(WATT32)
  #include <netinet/in.h>
@@ -95,6 +98,8 @@ extern "C" {
 #define ARES_OPT_LOOKUPS        (1 << 8)
 #define ARES_OPT_SOCK_STATE_CB  (1 << 9)
 #define ARES_OPT_SORTLIST       (1 << 10)
 #define ARES_OPT_SOCK_SNDBUF    (1 << 11)
 #define ARES_OPT_SOCK_RCVBUF    (1 << 12)
 /* Nameinfo flag values */
 #define ARES_NI_NOFQDN                  (1 << 0)
@@ -153,17 +158,10 @@ typedef int ares_socket_t;
 #define ares_socket_typedef
 #endif /* ares_socket_typedef */
 #ifdef WIN32
 typedef void (*ares_sock_state_cb)(void *data,
-                                   SOCKET socket,
+                                   ares_socket_t socket_fd,
                                   int readable,
                                   int writable);
 #else
 typedef void (*ares_sock_state_cb)(void *data,
                                   int socket,
                                   int readable,
                                   int writable);
 #endif
 struct apattern;
@@ -174,6 +172,8 @@ struct ares_options {
  int ndots;
  unsigned short udp_port;
  unsigned short tcp_port;
  int socket_send_buffer_size;
  int socket_receive_buffer_size;
  struct in_addr *servers;
  int nservers;
  char **domains;
@@ -190,11 +190,11 @@ struct timeval;
 struct sockaddr;
 struct ares_channeldata;
 typedef struct ares_channeldata *ares_channel;
-typedef void (*ares_callback)(void *arg, int status, unsigned char *abuf,
+typedef void (*ares_callback)(void *arg, int status, int timeouts,
-                              int alen);
+                              unsigned char *abuf, int alen);
-typedef void (*ares_host_callback)(void *arg, int status,
+typedef void (*ares_host_callback)(void *arg, int status, int timeouts,
                                   struct hostent *hostent);
-typedef void (*ares_nameinfo_callback)(void *arg, int status,
+typedef void (*ares_nameinfo_callback)(void *arg, int status, int timeouts,
                                       char *node, char *service);
 int ares_init(ares_channel *channelptr);
--- a/ares/ares__close_sockets.c
+++ b/ares/ares__close_sockets.c
@@ -35,6 +35,8 @@ void ares__close_sockets(ares_channel channel, struct server_state *server)
      /* Advance server->qhead; pull out query as we go. */
      sendreq = server->qhead;
      server->qhead = sendreq->next;
      if (sendreq->data_storage != NULL)
        free(sendreq->data_storage);
      free(sendreq);
    }
  server->qtail = NULL;
@@ -45,12 +47,16 @@ void ares__close_sockets(ares_channel channel, struct server_state *server)
  server->tcp_buffer = NULL;
  server->tcp_lenbuf_pos = 0;
  /* Reset brokenness */
  server->is_broken = 0;
  /* Close the TCP and UDP sockets. */
  if (server->tcp_socket != ARES_SOCKET_BAD)
    {
      SOCK_STATE_CALLBACK(channel, server->tcp_socket, 0, 0);
      closesocket(server->tcp_socket);
      server->tcp_socket = ARES_SOCKET_BAD;
      server->tcp_connection_generation = ++channel->tcp_connection_generation;
    }
  if (server->udp_socket != ARES_SOCKET_BAD)
    {
--- a/ares/ares_cancel.c
+++ b/ares/ares_cancel.c
@@ -14,29 +14,45 @@
 */
 #include "setup.h"
 #include <assert.h>
 #include <stdlib.h>
 #include "ares.h"
 #include "ares_private.h"
 /*
- * ares_cancel() cancels a ongoing request/resolve that might be going on on
+ * ares_cancel() cancels all ongoing requests/resolves that might be going on
- * the given channel. It does NOT kill the channel, use ares_destroy() for
+ * on the given channel. It does NOT kill the channel, use ares_destroy() for
 * that.
 */
 void ares_cancel(ares_channel channel)
 {
-  struct query *query, *next;
+  struct query *query;
  struct list_node* list_head;
  struct list_node* list_node;
  int i;
-  for (query = channel->queries; query; query = next)
+  list_head = &(channel->all_queries);
  for (list_node = list_head->next; list_node != list_head; )
  {
-    next = query->next;
+    query = list_node->data;
-    query->callback(query->arg, ARES_ETIMEOUT, NULL, 0);
+    list_node = list_node->next;  /* since we're deleting the query */
-    free(query->tcpbuf);
+    query->callback(query->arg, ARES_ETIMEOUT, 0, NULL, 0);
-    free(query->skip_server);
+    ares__free_query(query);
    free(query);
  }
-  channel->queries = NULL;
+#ifndef NDEBUG
  /* Freeing the query should remove it from all the lists in which it sits,
   * so all query lists should be empty now.
   */
  assert(ares__is_list_empty(&(channel->all_queries)));
  for (i = 0; i < ARES_QID_TABLE_SIZE; i++)
    {
      assert(ares__is_list_empty(&(channel->queries_by_qid[i])));
    }
  for (i = 0; i < ARES_TIMEOUT_TABLE_SIZE; i++)
    {
      assert(ares__is_list_empty(&(channel->queries_by_timeout[i])));
    }
 #endif
  if (!(channel->flags & ARES_FLAG_STAYOPEN))
  {
    if (channel->servers)
--- a/ares/ares_destroy.c
+++ b/ares/ares_destroy.c
@@ -16,6 +16,7 @@
 */
 #include "setup.h"
 #include <assert.h>
 #include <stdlib.h>
 #include "ares.h"
 #include "ares_private.h"
@@ -37,13 +38,42 @@ void ares_destroy(ares_channel channel)
 {
  int i;
  struct query *query;
  struct list_node* list_head;
  struct list_node* list_node;
  if (!channel)
    return;
  list_head = &(channel->all_queries);
  for (list_node = list_head->next; list_node != list_head; )
    {
      query = list_node->data;
      list_node = list_node->next;  /* since we're deleting the query */
      query->callback(query->arg, ARES_EDESTRUCTION, 0, NULL, 0);
      ares__free_query(query);
    }
 #ifndef NDEBUG
  /* Freeing the query should remove it from all the lists in which it sits,
   * so all query lists should be empty now.
   */
  assert(ares__is_list_empty(&(channel->all_queries)));
  for (i = 0; i < ARES_QID_TABLE_SIZE; i++)
    {
      assert(ares__is_list_empty(&(channel->queries_by_qid[i])));
    }
  for (i = 0; i < ARES_TIMEOUT_TABLE_SIZE; i++)
    {
      assert(ares__is_list_empty(&(channel->queries_by_timeout[i])));
    }
 #endif
  if (channel->servers) {
    for (i = 0; i < channel->nservers; i++)
-      ares__close_sockets(channel, &channel->servers[i]);
+      {
        struct server_state *server = &channel->servers[i];
        ares__close_sockets(channel, server);
        assert(ares__is_list_empty(&(server->queries_to_server)));
      }
    free(channel->servers);
  }
@@ -59,16 +89,5 @@ void ares_destroy(ares_channel channel)
  if (channel->lookups)
    free(channel->lookups);
  while (channel->queries) {
    query = channel->queries;
    channel->queries = query->next;
    query->callback(query->arg, ARES_EDESTRUCTION, NULL, 0);
    if (query->tcpbuf)
      free(query->tcpbuf);
    if (query->skip_server)
      free(query->skip_server);
    free(query);
  }
  free(channel);
 }
--- a/ares/ares_expand_name.c
+++ b/ares/ares_expand_name.c
@@ -74,6 +74,15 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf,
    return ARES_ENOMEM;
  q = *s;
  if (len == 0) {
    /* RFC2181 says this should be ".": the root of the DNS tree.
     * Since this function strips trailing dots though, it becomes ""
     */
    q[0] = '\0';
    *enclen = 1;  /* the caller should move one byte to get past this */
    return ARES_SUCCESS;
  }
  /* No error-checking necessary; it was all done by name_length(). */
  p = encoded;
  while (*p)
--- a/ares/ares_expand_string.3
+++ b/ares/ares_expand_string.3
@@ -28,7 +28,7 @@ ares_expand_string \- Expand a length encoded string
 .SH DESCRIPTION
 The
 .B ares_expand_string
-function converts a length encoded string to a NULL terminated C
+function converts a length encoded string to a NUL-terminated C
 string.  The argument
 .I encoded
 gives the beginning of the encoded string, and the arguments
--- a/ares/ares_fds.c
+++ b/ares/ares_fds.c
@@ -30,20 +30,26 @@ int ares_fds(ares_channel channel, fd_set *read_fds, fd_set *write_fds)
  ares_socket_t nfds;
  int i;
-  /* No queries, no file descriptors. */
+  /* Are there any active queries? */
-  if (!channel->queries)
+  int active_queries = !ares__is_list_empty(&(channel->all_queries));
    return 0;
  nfds = 0;
  for (i = 0; i < channel->nservers; i++)
    {
      server = &channel->servers[i];
-      if (server->udp_socket != ARES_SOCKET_BAD)
+      /* We only need to register interest in UDP sockets if we have
       * outstanding queries.
       */
      if (active_queries && server->udp_socket != ARES_SOCKET_BAD)
        {
          FD_SET(server->udp_socket, read_fds);
          if (server->udp_socket >= nfds)
            nfds = server->udp_socket + 1;
        }
      /* We always register for TCP events, because we want to know
       * when the other side closes the connection, so we don't waste
       * time trying to use a broken connection.
       */
      if (server->tcp_socket != ARES_SOCKET_BAD)
       {
         FD_SET(server->tcp_socket, read_fds);
--- a/ares/ares_free_hostent.3
+++ b/ares/ares_free_hostent.3
@@ -33,12 +33,13 @@ allocated by one of the functions \fIares_parse_a_reply(3)\fP,
 .SH NOTES
 It is not necessary (and is not correct) to free the host structure passed to
 the callback functions for \fIares_gethostbyname(3)\fP or
-\fIares_gethostbyaddr(3)\fP. The ares library will automatically free such
+\fIares_gethostbyaddr(3)\fP. c-ares will automatically free such host
-host structures when the callback returns.
+structures when the callback returns.
 .SH SEE ALSO
 .BR ares_parse_a_reply (3),
 .BR ares_parse_aaaa_reply (3),
-.BR ares_parse_ptr_reply (3)
+.BR ares_parse_ptr_reply (3),
 .BR ares_parse_ns_reply (3)
 .SH AUTHOR
 Greg Hudson, MIT Information Systems
 .br
--- a/ares/ares_gethostbyaddr.3
+++ b/ares/ares_gethostbyaddr.3
@@ -22,7 +22,7 @@ ares_gethostbyaddr \- Initiate a host query by address
 .B #include <ares.h>
 .PP
 .B typedef void (*ares_host_callback)(void *\fIarg\fP, int \fIstatus\fP,
-.B	struct hostent *\fIhostent\fP)
+.B	int \fItimeouts\fP, struct hostent *\fIhostent\fP)
 .PP
 .B void ares_gethostbyaddr(ares_channel \fIchannel\fP, const void *\fIaddr\fP,
 .B 	int \fIaddrlen\fP, int \fIfamily\fP, ares_host_callback \fIcallback\fP,
@@ -76,6 +76,11 @@ The name service channel
 .I channel
 is being destroyed; the query will not be completed.
 .PP
 The callback argument
 .I timeouts
 reports how many times a query timed out during the execution of the
 given request.
 .PP
 On successful completion of the query, the callback argument
 .I hostent
 points to a
--- a/ares/ares_gethostbyaddr.c
+++ b/ares/ares_gethostbyaddr.c
@@ -49,11 +49,12 @@ struct addr_query {
  void *arg;
  const char *remaining_lookups;
  int timeouts;
 };
 static void next_lookup(struct addr_query *aquery);
-static void addr_callback(void *arg, int status, unsigned char *abuf,
+static void addr_callback(void *arg, int status, int timeouts,
-                          int alen);
+                          unsigned char *abuf, int alen);
 static void end_aquery(struct addr_query *aquery, int status,
                       struct hostent *host);
 static int file_lookup(union ares_addr *addr, int family, struct hostent **host);
@@ -65,21 +66,21 @@ void ares_gethostbyaddr(ares_channel channel, const void *addr, int addrlen,
  if (family != AF_INET && family != AF_INET6)
    {
-      callback(arg, ARES_ENOTIMP, NULL);
+      callback(arg, ARES_ENOTIMP, 0, NULL);
      return;
    }
  if ((family == AF_INET && addrlen != sizeof(struct in_addr)) ||
      (family == AF_INET6 && addrlen != sizeof(struct in6_addr)))
    {
-      callback(arg, ARES_ENOTIMP, NULL);
+      callback(arg, ARES_ENOTIMP, 0, NULL);
      return;
    }
  aquery = malloc(sizeof(struct addr_query));
  if (!aquery)
    {
-      callback(arg, ARES_ENOMEM, NULL);
+      callback(arg, ARES_ENOMEM, 0, NULL);
      return;
    }
  aquery->channel = channel;
@@ -91,6 +92,7 @@ void ares_gethostbyaddr(ares_channel channel, const void *addr, int addrlen,
  aquery->callback = callback;
  aquery->arg = arg;
  aquery->remaining_lookups = channel->lookups;
  aquery->timeouts = 0;
  next_lookup(aquery);
 }
@@ -151,11 +153,13 @@ static void next_lookup(struct addr_query *aquery)
  end_aquery(aquery, ARES_ENOTFOUND, NULL);
 }
-static void addr_callback(void *arg, int status, unsigned char *abuf, int alen)
+static void addr_callback(void *arg, int status, int timeouts,
                          unsigned char *abuf, int alen)
 {
  struct addr_query *aquery = (struct addr_query *) arg;
  struct hostent *host;
  aquery->timeouts += timeouts;
  if (status == ARES_SUCCESS)
    {
      if (aquery->family == AF_INET)
@@ -175,7 +179,7 @@ static void addr_callback(void *arg, int status, unsigned char *abuf, int alen)
 static void end_aquery(struct addr_query *aquery, int status,
                       struct hostent *host)
 {
-  aquery->callback(aquery->arg, status, host);
+  aquery->callback(aquery->arg, status, aquery->timeouts, host);
  if (host)
    ares_free_hostent(host);
  free(aquery);
--- a/ares/ares_gethostbyname.3
+++ b/ares/ares_gethostbyname.3
@@ -22,7 +22,7 @@ ares_gethostbyname \- Initiate a host query by name
 .B #include <ares.h>
 .PP
 .B typedef void (*ares_host_callback)(void *\fIarg\fP, int \fIstatus\fP,
-.B	struct hostent *\fIhostent\fP)
+.B	int \fItimeouts\fP, struct hostent *\fIhostent\fP)
 .PP
 .B void ares_gethostbyname(ares_channel \fIchannel\fP, const char *\fIname\fP,
 .B 	int \fIfamily\fP, ares_host_callback \fIcallback\fP, void *\fIarg\fP)
@@ -80,6 +80,11 @@ The name service channel
 .I channel
 is being destroyed; the query will not be completed.
 .PP
 The callback argument
 .I timeouts
 reports how many times a query timed out during the execution of the
 given request.
 .PP
 On successful completion of the query, the callback argument
 .I hostent
 points to a
--- a/ares/ares_gethostbyname.c
+++ b/ares/ares_gethostbyname.c
@@ -54,11 +54,12 @@ struct host_query {
  void *arg;
  int family;
  const char *remaining_lookups;
  int timeouts;
 };
-static void next_lookup(struct host_query *hquery);
+static void next_lookup(struct host_query *hquery, int status);
-static void host_callback(void *arg, int status, unsigned char *abuf,
+static void host_callback(void *arg, int status, int timeouts,
-                          int alen);
+                          unsigned char *abuf, int alen);
 static void end_hquery(struct host_query *hquery, int status,
                       struct hostent *host);
 static int fake_hostent(const char *name, int family, ares_host_callback callback,
@@ -81,7 +82,7 @@ void ares_gethostbyname(ares_channel channel, const char *name, int family,
  /* Right now we only know how to look up Internet addresses. */
  if (family != AF_INET && family != AF_INET6)
    {
-      callback(arg, ARES_ENOTIMP, NULL);
+      callback(arg, ARES_ENOTIMP, 0, NULL);
      return;
    }
@@ -92,7 +93,7 @@ void ares_gethostbyname(ares_channel channel, const char *name, int family,
  hquery = malloc(sizeof(struct host_query));
  if (!hquery)
    {
-      callback(arg, ARES_ENOMEM, NULL);
+      callback(arg, ARES_ENOMEM, 0, NULL);
      return;
    }
  hquery->channel = channel;
@@ -101,20 +102,20 @@ void ares_gethostbyname(ares_channel channel, const char *name, int family,
  if (!hquery->name)
    {
      free(hquery);
-      callback(arg, ARES_ENOMEM, NULL);
+      callback(arg, ARES_ENOMEM, 0, NULL);
      return;
    }
  hquery->callback = callback;
  hquery->arg = arg;
  hquery->remaining_lookups = channel->lookups;
  hquery->timeouts = 0;
  /* Start performing lookups according to channel->lookups. */
-  next_lookup(hquery);
+  next_lookup(hquery, ARES_SUCCESS);
 }
-static void next_lookup(struct host_query *hquery)
+static void next_lookup(struct host_query *hquery, int status)
 {
  int status;
  const char *p;
  struct hostent *host;
@@ -126,8 +127,8 @@ static void next_lookup(struct host_query *hquery)
          /* DNS lookup */
          hquery->remaining_lookups = p + 1;
          if (hquery->family == AF_INET6)
-            ares_search(hquery->channel, hquery->name, C_IN, T_AAAA, host_callback,
+            ares_search(hquery->channel, hquery->name, C_IN, T_AAAA,
-                        hquery);
+                        host_callback, hquery);
          else
            ares_search(hquery->channel, hquery->name, C_IN, T_A, host_callback,
                        hquery);
@@ -144,15 +145,17 @@ static void next_lookup(struct host_query *hquery)
          break;
        }
    }
-  end_hquery(hquery, ARES_ENOTFOUND, NULL);
+  end_hquery(hquery, status, NULL);
 }
-static void host_callback(void *arg, int status, unsigned char *abuf, int alen)
+static void host_callback(void *arg, int status, int timeouts,
                          unsigned char *abuf, int alen)
 {
  struct host_query *hquery = (struct host_query *) arg;
  ares_channel channel = hquery->channel;
  struct hostent *host;
  hquery->timeouts += timeouts;
  if (status == ARES_SUCCESS)
    {
      if (hquery->family == AF_INET)
@@ -179,13 +182,13 @@ static void host_callback(void *arg, int status, unsigned char *abuf, int alen)
  else if (status == ARES_EDESTRUCTION)
    end_hquery(hquery, status, NULL);
  else
-    next_lookup(hquery);
+    next_lookup(hquery, status);
 }
 static void end_hquery(struct host_query *hquery, int status,
                       struct hostent *host)
 {
-  hquery->callback(hquery->arg, status, host);
+  hquery->callback(hquery->arg, status, hquery->timeouts, host);
  if (host)
    ares_free_hostent(host);
  free(hquery->name);
@@ -206,7 +209,27 @@ static int fake_hostent(const char *name, int family, ares_host_callback callbac
  struct in6_addr in6;
  if (family == AF_INET)
    {
      /* It only looks like an IP address if it's all numbers and dots. */
      int numdots = 0;
      const char *p;
      for (p = name; *p; p++)
        {
          if (!ISDIGIT(*p) && *p != '.') {
            return 0;
          } else if (*p == '.') {
            numdots++;
          }
        }
      /* if we don't have 3 dots, it is illegal 
       * (although inet_addr doesn't think so).
       */
      if (numdots != 3)
        result = 0;
      else
        result = ((in.s_addr = inet_addr(name)) == INADDR_NONE ? 0 : 1);
    }
  else if (family == AF_INET6)
    result = (ares_inet_pton(AF_INET6, name, &in6) < 1 ? 0 : 1);
@@ -227,7 +250,7 @@ static int fake_hostent(const char *name, int family, ares_host_callback callbac
  hostent.h_name = strdup(name);
  if (!hostent.h_name)
    {
-      callback(arg, ARES_ENOMEM, NULL);
+      callback(arg, ARES_ENOMEM, 0, NULL);
      return 1;
    }
@@ -236,7 +259,7 @@ static int fake_hostent(const char *name, int family, ares_host_callback callbac
  hostent.h_aliases = aliases;
  hostent.h_addrtype = family;
  hostent.h_addr_list = addrs;
-  callback(arg, ARES_SUCCESS, &hostent);
+  callback(arg, ARES_SUCCESS, 0, &hostent);
  free((char *)(hostent.h_name));
  return 1;
@@ -416,4 +439,3 @@ static int get6_address_index(struct in6_addr *addr, struct apattern *sortlist,
    }
  return i;
 }
--- a/ares/ares_getnameinfo.3
+++ b/ares/ares_getnameinfo.3
@@ -22,7 +22,7 @@ ares_getnameinfo \- Address-to-nodename translation in protocol-independent mann
 .B #include <ares.h>
 .PP
 .B typedef void (*ares_nameinfo_callback)(void *\fIarg\fP, int \fIstatus\fP,
-.B	char *\fInode\fP, char *\fIservice\fP)
+.B	int \fItimeouts\fP, char *\fInode\fP, char *\fIservice\fP)
 .PP
 .B void ares_getnameinfo(ares_channel \fIchannel\fP, const struct sockaddr *\fIsa\fP,
 .B 	socklen_t \fIsalen\fP, int \fIflags\fP, ares_nameinfo_callback \fIcallback\fP,
@@ -120,6 +120,11 @@ The
 .I flags
 parameter contains an illegal value.
 .PP
 The callback argument
 .I timeouts
 reports how many times a query timed out during the execution of the
 given request.
 .PP
 On successful completion of the query, the callback argument
 .I node
 contains a string representing the hostname (assuming 
--- a/ares/ares_getnameinfo.c
+++ b/ares/ares_getnameinfo.c
@@ -59,6 +59,7 @@ struct nameinfo_query {
  } addr;
  int family;
  int flags;
  int timeouts;
 };
 #ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
@@ -67,7 +68,7 @@ struct nameinfo_query {
 #define IPBUFSIZ 40
 #endif
-static void nameinfo_callback(void *arg, int status, struct hostent *host);
+static void nameinfo_callback(void *arg, int status, int timeouts, struct hostent *host);
 static char *lookup_service(unsigned short port, int flags,
                            char *buf, size_t buflen);
 #ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
@@ -90,7 +91,7 @@ void ares_getnameinfo(ares_channel channel, const struct sockaddr *sa, socklen_t
    addr6 = (struct sockaddr_in6 *)sa;
  else
    {
-      callback(arg, ARES_ENOTIMP, NULL, NULL);
+      callback(arg, ARES_ENOTIMP, 0, NULL, NULL);
      return;
    }
@@ -110,7 +111,7 @@ void ares_getnameinfo(ares_channel channel, const struct sockaddr *sa, socklen_t
        port = addr6->sin6_port;
      service = lookup_service((unsigned short)(port & 0xffff),
                               flags, buf, sizeof(buf));
-      callback(arg, ARES_SUCCESS, NULL, service);
+      callback(arg, ARES_SUCCESS, 0, NULL, service);
      return;
    }
@@ -131,7 +132,7 @@ void ares_getnameinfo(ares_channel channel, const struct sockaddr *sa, socklen_t
         */
        if (flags & ARES_NI_NAMEREQD)
          {
-            callback(arg, ARES_EBADFLAGS, NULL, NULL);
+            callback(arg, ARES_EBADFLAGS, 0, NULL, NULL);
            return;
          }
        if (salen == sizeof(struct sockaddr_in6))
@@ -152,7 +153,7 @@ void ares_getnameinfo(ares_channel channel, const struct sockaddr *sa, socklen_t
        if (flags & ARES_NI_LOOKUPSERVICE)
          service = lookup_service((unsigned short)(port & 0xffff),
                                   flags, srvbuf, sizeof(srvbuf));
-        callback(arg, ARES_SUCCESS, ipbuf, service);
+        callback(arg, ARES_SUCCESS, 0, ipbuf, service);
        return;
      }
    /* This is where a DNS lookup becomes necessary */
@@ -161,12 +162,13 @@ void ares_getnameinfo(ares_channel channel, const struct sockaddr *sa, socklen_t
        niquery = malloc(sizeof(struct nameinfo_query));
        if (!niquery)
          {
-            callback(arg, ARES_ENOMEM, NULL, NULL);
+            callback(arg, ARES_ENOMEM, 0, NULL, NULL);
            return;
          }
        niquery->callback = callback;
        niquery->arg = arg;
        niquery->flags = flags;
        niquery->timeouts = 0;
        if (sa->sa_family == AF_INET)
          {
            niquery->family = AF_INET;
@@ -185,13 +187,13 @@ void ares_getnameinfo(ares_channel channel, const struct sockaddr *sa, socklen_t
    }
 }
-static void nameinfo_callback(void *arg, int status, struct hostent *host)
+static void nameinfo_callback(void *arg, int status, int timeouts, struct hostent *host)
 {
  struct nameinfo_query *niquery = (struct nameinfo_query *) arg;
  char srvbuf[33];
  char *service = NULL;
-
+  niquery->timeouts += timeouts;
  if (status == ARES_SUCCESS)
    {
      /* They want a service too */
@@ -220,7 +222,7 @@ static void nameinfo_callback(void *arg, int status, struct hostent *host)
                 *end = 0;
             }
        }
-      niquery->callback(niquery->arg, ARES_SUCCESS, (char *)(host->h_name),
+      niquery->callback(niquery->arg, ARES_SUCCESS, niquery->timeouts, (char *)(host->h_name),
                        service);
      return;
    }
@@ -247,10 +249,10 @@ static void nameinfo_callback(void *arg, int status, struct hostent *host)
            service = lookup_service(niquery->addr.addr6.sin6_port,
                                     niquery->flags, srvbuf, sizeof(srvbuf));
        }
-      niquery->callback(niquery->arg, ARES_SUCCESS, ipbuf, service);
+      niquery->callback(niquery->arg, ARES_SUCCESS, niquery->timeouts, ipbuf, service);
      return;
    }
-  niquery->callback(niquery->arg, status, NULL, NULL);
+  niquery->callback(niquery->arg, status, niquery->timeouts, NULL, NULL);
  free(niquery);
 }
@@ -295,7 +297,11 @@ static char *lookup_service(unsigned short port, int flags,
 #endif
 #else
          /* Lets just hope the OS uses TLS! */
 #if (defined(NETWARE) && !defined(__NOVELL_LIBC__))
          sep = getservbyport(port, (char*)proto);
 #else
          sep = getservbyport(port, proto);
 #endif
 #endif
        }
      if (sep && sep->s_name)
--- a/ares/ares_getsock.c
+++ b/ares/ares_getsock.c
@@ -34,16 +34,18 @@ int ares_getsock(ares_channel channel,
  ares_socket_t *socks = (ares_socket_t *)s;
-  /* No queries, no file descriptors. */
+  /* Are there any active queries? */
-  if (!channel->queries)
+  int active_queries = !ares__is_list_empty(&(channel->all_queries));
    return 0;
  for (i = 0;
       (i < channel->nservers) && (sockindex < ARES_GETSOCK_MAXNUM);
       i++)
    {
      server = &channel->servers[i];
-      if (server->udp_socket != ARES_SOCKET_BAD)
+      /* We only need to register interest in UDP sockets if we have
       * outstanding queries.
       */
      if (active_queries && server->udp_socket != ARES_SOCKET_BAD)
        {
          if(sockindex >= numsocks)
            break;
@@ -51,6 +53,10 @@ int ares_getsock(ares_channel channel,
          bitmap |= ARES_GETSOCK_READABLE(setbits, sockindex);
          sockindex++;
        }
      /* We always register for TCP events, because we want to know
       * when the other side closes the connection, so we don't waste
       * time trying to use a broken connection.
       */
      if (server->tcp_socket != ARES_SOCKET_BAD)
       {
         if(sockindex >= numsocks)
@@ -58,7 +64,7 @@ int ares_getsock(ares_channel channel,
         socks[sockindex] = server->tcp_socket;
         bitmap |= ARES_GETSOCK_READABLE(setbits, sockindex);
-         if (server->qhead)
+         if (server->qhead && active_queries)
           /* then the tcp socket is also writable! */
           bitmap |= ARES_GETSOCK_WRITABLE(setbits, sockindex);
--- a/ares/ares_init.c
+++ b/ares/ares_init.c
@@ -23,7 +23,10 @@
 #include <malloc.h>
 #else
 #ifdef HAVE_SYS_PARAM_H
 #include <sys/param.h>
 #endif
 #ifdef HAVE_SYS_TIME_H
 #include <sys/time.h>
 #endif
@@ -72,7 +75,7 @@ static int config_nameserver(struct server_state **servers, int *nservers,
 static int set_search(ares_channel channel, const char *str);
 static int set_options(ares_channel channel, const char *str);
 static const char *try_option(const char *p, const char *q, const char *opt);
-static void init_id_key(rc4_key* key,int key_data_len);
+static int init_id_key(rc4_key* key,int key_data_len);
 #ifndef WIN32
 static int sortlist_alloc(struct apattern **sortlist, int *nsort, struct apattern *pat);
@@ -130,17 +133,32 @@ int ares_init_options(ares_channel *channelptr, struct ares_options *options,
  channel->ndots = -1;
  channel->udp_port = -1;
  channel->tcp_port = -1;
  channel->socket_send_buffer_size = -1;
  channel->socket_receive_buffer_size = -1;
  channel->nservers = -1;
  channel->ndomains = -1;
  channel->nsort = -1;
  channel->tcp_connection_generation = 0;
  channel->lookups = NULL;
  channel->queries = NULL;
  channel->domains = NULL;
  channel->sortlist = NULL;
  channel->servers = NULL;
  channel->sock_state_cb = NULL;
  channel->sock_state_cb_data = NULL;
  channel->last_timeout_processed = (long)time(NULL);
  /* Initialize our lists of queries */
  ares__init_list_head(&(channel->all_queries));
  for (i = 0; i < ARES_QID_TABLE_SIZE; i++)
    {
      ares__init_list_head(&(channel->queries_by_qid[i]));
    }
  for (i = 0; i < ARES_TIMEOUT_TABLE_SIZE; i++)
    {
      ares__init_list_head(&(channel->queries_by_timeout[i]));
    }
  /* Initialize configuration by each of the four sources, from highest
   * precedence to lowest.
   */
@@ -169,6 +187,18 @@ int ares_init_options(ares_channel *channelptr, struct ares_options *options,
      DEBUGF(fprintf(stderr, "Error: init_by_defaults failed: %s\n",
                     ares_strerror(status)));
  }
  /* Generate random key */
  if (status == ARES_SUCCESS) {
    status = init_id_key(&channel->id_key, ARES_ID_KEY_LEN);
    if (status == ARES_SUCCESS)
      channel->next_id = ares__generate_new_id(&channel->id_key);
    else
      DEBUGF(fprintf(stderr, "Error: init_id_key failed: %s\n",
                     ares_strerror(status)));
  }
  if (status != ARES_SUCCESS)
    {
      /* Something failed; clean up memory we may have allocated. */
@@ -198,17 +228,16 @@ int ares_init_options(ares_channel *channelptr, struct ares_options *options,
      server = &channel->servers[i];
      server->udp_socket = ARES_SOCKET_BAD;
      server->tcp_socket = ARES_SOCKET_BAD;
      server->tcp_connection_generation = ++channel->tcp_connection_generation;
      server->tcp_lenbuf_pos = 0;
      server->tcp_buffer = NULL;
      server->qhead = NULL;
      server->qtail = NULL;
      ares__init_list_head(&(server->queries_to_server));
      server->channel = channel;
      server->is_broken = 0;
    }
  init_id_key(&channel->id_key, ARES_ID_KEY_LEN);
  channel->next_id = ares__generate_new_id(&channel->id_key);
  channel->queries = NULL;
  *channelptr = channel;
  return ARES_SUCCESS;
 }
@@ -235,24 +264,28 @@ int ares_save_options(ares_channel channel, struct ares_options *options,
  options->timeout = channel->timeout;
  options->tries   = channel->tries;
  options->ndots   = channel->ndots;
-  options->udp_port = channel->udp_port;
+  options->udp_port = (unsigned short)channel->udp_port;
-  options->tcp_port = channel->tcp_port;
+  options->tcp_port = (unsigned short)channel->tcp_port;
  options->sock_state_cb     = channel->sock_state_cb;
  options->sock_state_cb_data = channel->sock_state_cb_data;
  /* Copy servers */
  if (channel->nservers) {
    options->servers =
      malloc(channel->nservers * sizeof(struct server_state));
    if (!options->servers && channel->nservers != 0)
      return ARES_ENOMEM;
    for (i = 0; i < channel->nservers; i++)
      options->servers[i] = channel->servers[i].addr;
  }
  options->nservers = channel->nservers;
  /* copy domains */
  if (channel->ndomains) {
    options->domains = malloc(channel->ndomains * sizeof(char *));
    if (!options->domains)
      return ARES_ENOMEM;
    for (i = 0; i < channel->ndomains; i++)
    {
      options->ndomains = i;
@@ -260,14 +293,18 @@ int ares_save_options(ares_channel channel, struct ares_options *options,
      if (!options->domains[i])
        return ARES_ENOMEM;
    }
  }
  options->ndomains = channel->ndomains;
  /* copy lookups */
  if (channel->lookups) {
    options->lookups = strdup(channel->lookups);
-  if (!options->lookups)
+    if (!options->lookups && channel->lookups)
      return ARES_ENOMEM;
  }
  /* copy sortlist */
  if (channel->nsort) {
    options->sortlist = malloc(channel->nsort * sizeof(struct apattern));
    if (!options->sortlist)
      return ARES_ENOMEM;
@@ -276,6 +313,7 @@ int ares_save_options(ares_channel channel, struct ares_options *options,
      memcpy(&(options->sortlist[i]), &(channel->sortlist[i]),
             sizeof(struct apattern));
    }
  }
  options->nsort = channel->nsort;
  return ARES_SUCCESS;
@@ -305,6 +343,12 @@ static int init_by_options(ares_channel channel,
      channel->sock_state_cb = options->sock_state_cb;
      channel->sock_state_cb_data = options->sock_state_cb_data;
    }
  if ((optmask & ARES_OPT_SOCK_SNDBUF)
      && channel->socket_send_buffer_size == -1)
    channel->socket_send_buffer_size = options->socket_send_buffer_size;
  if ((optmask & ARES_OPT_SOCK_RCVBUF)
      && channel->socket_receive_buffer_size == -1)
    channel->socket_receive_buffer_size = options->socket_receive_buffer_size;
  /* Copy the servers, if given. */
  if ((optmask & ARES_OPT_SERVERS) && channel->nservers == -1)
@@ -453,7 +497,7 @@ static int get_iphlpapi_dns_info (char *ret_buf, size_t ret_size)
  FIXED_INFO    *fi   = alloca (sizeof(*fi));
  DWORD          size = sizeof (*fi);
  typedef DWORD (WINAPI* get_net_param_func) (FIXED_INFO*, DWORD*);
-  get_net_param_func GetNetworkParams;  /* available only on Win-98/2000+ */
+  get_net_param_func fpGetNetworkParams;  /* available only on Win-98/2000+ */
  HMODULE        handle;
  IP_ADDR_STRING *ipAddr;
  int            i, count = 0;
@@ -470,16 +514,16 @@ static int get_iphlpapi_dns_info (char *ret_buf, size_t ret_size)
  if (!handle)
     return (0);
-  GetNetworkParams = (get_net_param_func) GetProcAddress (handle, "GetNetworkParams");
+  fpGetNetworkParams = (get_net_param_func) GetProcAddress (handle, "GetNetworkParams");
-  if (!GetNetworkParams)
+  if (!fpGetNetworkParams)
     goto quit;
-  res = (*GetNetworkParams) (fi, &size);
+  res = (*fpGetNetworkParams) (fi, &size);
  if ((res != ERROR_BUFFER_OVERFLOW) && (res != ERROR_SUCCESS))
     goto quit;
  fi = alloca (size);
-  if (!fi || (*GetNetworkParams) (fi, &size) != ERROR_SUCCESS)
+  if (!fi || (*fpGetNetworkParams) (fi, &size) != ERROR_SUCCESS)
     goto quit;
  if (debug)
@@ -1303,11 +1347,11 @@ static void randomize_key(unsigned char* key,int key_data_len)
  if ( !randomized ) {
    for (;counter<key_data_len;counter++)
-      key[counter]=rand() % 256;
+      key[counter]=(unsigned char)(rand() % 256);
  }
 }
-static void init_id_key(rc4_key* key,int key_data_len)
+static int init_id_key(rc4_key* key,int key_data_len)
 {
  unsigned char index1;
  unsigned char index2;
@@ -1316,29 +1360,33 @@ static void init_id_key(rc4_key* key,int key_data_len)
  unsigned char *key_data_ptr = 0;
  key_data_ptr = calloc(1,key_data_len);
  if (!key_data_ptr)
    return ARES_ENOMEM;
  randomize_key(key->state,key_data_len);
  state = &key->state[0];
  for(counter = 0; counter < 256; counter++)
-        state[counter] = counter;
+    /* unnecessary AND but it keeps some compilers happier */
    state[counter] = (unsigned char)(counter & 0xff);
  key->x = 0;
  key->y = 0;
  index1 = 0;
  index2 = 0;
  for(counter = 0; counter < 256; counter++)
  {
-    index2 = (key_data_ptr[index1] + state[counter] +
+    index2 = (unsigned char)((key_data_ptr[index1] + state[counter] +
-              index2) % 256;
+                              index2) % 256);
    ARES_SWAP_BYTE(&state[counter], &state[index2]);
-    index1 = (index1 + 1) % key_data_len;
+    index1 = (unsigned char)((index1 + 1) % key_data_len);
  }
  free(key_data_ptr);
-
+  return ARES_SUCCESS;
 }
 short ares__generate_new_id(rc4_key* key)
 {
-  short r;
+  short r=0;
  ares__rc4(key, (unsigned char *)&r, sizeof(r));
  return r;
 }
--- a/ares/ares_llist.c
+++ b/ares/ares_llist.c
@@ -0,0 +1,87 @@
 /* $Id$ */
 /* Copyright 1998 by the Massachusetts Institute of Technology.
 *
 * Permission to use, copy, modify, and distribute this
 * software and its documentation for any purpose and without
 * fee is hereby granted, provided that the above copyright
 * notice appear in all copies and that both that copyright
 * notice and this permission notice appear in supporting
 * documentation, and that the name of M.I.T. not be used in
 * advertising or publicity pertaining to distribution of the
 * software without specific, written prior permission.
 * M.I.T. makes no representations about the suitability of
 * this software for any purpose.  It is provided "as is"
 * without express or implied warranty.
 */
 #include "setup.h"
 #include "ares.h"
 #include "ares_private.h"
 /* Routines for managing doubly-linked circular linked lists with a
 * dummy head.
 */
 /* Initialize a new head node */
 void ares__init_list_head(struct list_node* head) {
  head->prev = head;
  head->next = head;
  head->data = NULL;
 }
 /* Initialize a list node */
 void ares__init_list_node(struct list_node* node, void* d) {
  node->prev = NULL;
  node->next = NULL;
  node->data = d;
 }
 /* Returns true iff the given list is empty */
 int ares__is_list_empty(struct list_node* head) {
  return ((head->next == head) && (head->prev == head));
 }
 /* Inserts new_node before old_node */
 void ares__insert_in_list(struct list_node* new_node,
                          struct list_node* old_node) {
  new_node->next = old_node;
  new_node->prev = old_node->prev;
  old_node->prev->next = new_node;
  old_node->prev = new_node;
 }
 /* Removes the node from the list it's in, if any */
 void ares__remove_from_list(struct list_node* node) {
  if (node->next != NULL) {
    node->prev->next = node->next;
    node->next->prev = node->prev;
    node->prev = NULL;
    node->next = NULL;
  }
 }
 /* Swap the contents of two lists */
 void ares__swap_lists(struct list_node* head_a,
                      struct list_node* head_b) {
  int is_a_empty = ares__is_list_empty(head_a);
  int is_b_empty = ares__is_list_empty(head_b);
  struct list_node old_a = *head_a;
  struct list_node old_b = *head_b;
  if (is_a_empty) {
    ares__init_list_head(head_b);
  } else {
    *head_b = old_a;
    old_a.next->prev = head_b;
    old_a.prev->next = head_b;
  }
  if (is_b_empty) {
    ares__init_list_head(head_a);
  } else {
    *head_a = old_b;
    old_b.next->prev = head_a;
    old_b.prev->next = head_a;
  }
 }
--- a/ares/ares_llist.h
+++ b/ares/ares_llist.h
@@ -0,0 +1,43 @@
 #ifndef __ARES_LLIST_H
 #define __ARES_LLIST_H
 /* $Id$ */
 /* Copyright 1998 by the Massachusetts Institute of Technology.
 *
 * Permission to use, copy, modify, and distribute this
 * software and its documentation for any purpose and without
 * fee is hereby granted, provided that the above copyright
 * notice appear in all copies and that both that copyright
 * notice and this permission notice appear in supporting
 * documentation, and that the name of M.I.T. not be used in
 * advertising or publicity pertaining to distribution of the
 * software without specific, written prior permission.
 * M.I.T. makes no representations about the suitability of
 * this software for any purpose.  It is provided "as is"
 * without express or implied warranty.
 */
 /* Node definition for circular, doubly-linked list */
 struct list_node {
  struct list_node *prev;
  struct list_node *next;
  void* data;
 };
 void ares__init_list_head(struct list_node* head);
 void ares__init_list_node(struct list_node* node, void* d);
 int ares__is_list_empty(struct list_node* head);
 void ares__insert_in_list(struct list_node* new_node,
                          struct list_node* old_node);
 void ares__remove_from_list(struct list_node* node);
 void ares__swap_lists(struct list_node* head_a,
                      struct list_node* head_b);
 #endif /* __ARES_LLIST_H */
--- a/ares/ares_mkquery.c
+++ b/ares/ares_mkquery.c
@@ -88,6 +88,10 @@ int ares_mkquery(const char *name, int dnsclass, int type, unsigned short id,
  unsigned char *q;
  const char *p;
  /* Set our results early, in case we bail out early with an error. */
  *buflen = 0;
  *buf = NULL;
  /* Compute the length of the encoded name so we can check buflen.
   * Start counting at 1 for the zero-length label at the end. */
  len = 1;
@@ -104,6 +108,23 @@ int ares_mkquery(const char *name, int dnsclass, int type, unsigned short id,
  if (*name && *(p - 1) != '.')
    len++;
  /* Immediately reject names that are longer than the maximum of 255
   * bytes that's specified in RFC 1035 ("To simplify implementations,
   * the total length of a domain name (i.e., label octets and label
   * length octets) is restricted to 255 octets or less."). We aren't
   * doing this just to be a stickler about RFCs. For names that are
   * too long, 'dnscache' closes its TCP connection to us immediately
   * (when using TCP) and ignores the request when using UDP, and
   * BIND's named returns ServFail (TCP or UDP). Sending a request
   * that we know will cause 'dnscache' to close the TCP connection is
   * painful, since that makes any other outstanding requests on that
   * connection fail. And sending a UDP request that we know
   * 'dnscache' will ignore is bad because resources will be tied up
   * until we time-out the request.
   */
  if (len > MAXCDNAME)
    return ARES_EBADNAME;
  *buflen = len + HFIXEDSZ + QFIXEDSZ;
  *buf = malloc(*buflen);
  if (!*buf)
--- a/ares/ares_private.h
+++ b/ares/ares_private.h
@@ -83,12 +83,20 @@
 #define ARES_ID_KEY_LEN 31
 #include "ares_ipv6.h"
 #include "ares_llist.h"
 struct query;
 struct send_request {
  /* Remaining data to send */
  const unsigned char *data;
  size_t len;
  /* The query for which we're sending this data */
  struct query* owner_query;
  /* The buffer we're using, if we have our own copy of the packet */
  unsigned char *data_storage;
  /* Next request in queue */
  struct send_request *next;
 };
@@ -110,13 +118,42 @@ struct server_state {
  /* TCP output queue */
  struct send_request *qhead;
  struct send_request *qtail;
  /* Which incarnation of this connection is this? We don't want to
   * retransmit requests into the very same socket, but if the server
   * closes on us and we re-open the connection, then we do want to
   * re-send. */
  int tcp_connection_generation;
  /* Circular, doubly-linked list of outstanding queries to this server */
  struct list_node queries_to_server;
  /* Link back to owning channel */
  ares_channel channel;
  /* Is this server broken? We mark connections as broken when a
   * request that is queued for sending times out.
   */
  int is_broken;
 };
 /* State to represent a DNS query */
 struct query {
  /* Query ID from qbuf, for faster lookup, and current timeout */
  unsigned short qid;
  time_t timeout;
  /*
   * Links for the doubly-linked lists in which we insert a query.
   * These circular, doubly-linked lists that are hash-bucketed based
   * the attributes we care about, help making most important
   * operations O(1).
   */
  struct list_node queries_by_qid;    /* hopefully in same cache line as qid */
  struct list_node queries_by_timeout;
  struct list_node queries_to_server;
  struct list_node all_queries;
  /* Query buf with length at beginning, for TCP transmission */
  unsigned char *tcpbuf;
  int tcplen;
@@ -130,12 +167,16 @@ struct query {
  /* Query status */
  int try;
  int server;
-  int *skip_server;
+  struct query_server_info *server_info;   /* per-server state */
  int using_tcp;
  int error_status;
  int timeouts; /* number of timeouts we saw for this request */
 };
-  /* Next query in chain */
+/* Per-server state for a query */
-  struct query *next;
+struct query_server_info {
  int skip_server;  /* should we skip server, due to errors, etc? */
  int tcp_connection_generation;  /* into which TCP connection did we send? */
 };
 /* An IP address pattern; matches an IP address X if X & mask == addr */
@@ -173,6 +214,8 @@ struct ares_channeldata {
  int ndots;
  int udp_port;
  int tcp_port;
  int socket_send_buffer_size;
  int socket_receive_buffer_size;
  char **domains;
  int ndomains;
  struct apattern *sortlist;
@@ -188,8 +231,21 @@ struct ares_channeldata {
  /* key to use when generating new ids */
  rc4_key id_key;
-  /* Active queries */
+  /* Generation number to use for the next TCP socket open/close */
-  struct query *queries;
+  int tcp_connection_generation;
  /* The time at which we last called process_timeouts() */
  time_t last_timeout_processed;
  /* Circular, doubly-linked list of queries, bucketed various ways.... */
  /* All active queries in a single list: */
  struct list_node all_queries;
  /* Queries bucketed by qid, for quickly dispatching DNS responses: */
 #define ARES_QID_TABLE_SIZE 2048
  struct list_node queries_by_qid[ARES_QID_TABLE_SIZE];
  /* Queries bucketed by timeout, for quickly handling timeouts: */
 #define ARES_TIMEOUT_TABLE_SIZE 1024
  struct list_node queries_by_timeout[ARES_TIMEOUT_TABLE_SIZE];
  ares_sock_state_cb sock_state_cb;
  void *sock_state_cb_data;
@@ -200,6 +256,7 @@ void ares__send_query(ares_channel channel, struct query *query, time_t now);
 void ares__close_sockets(ares_channel channel, struct server_state *server);
 int ares__get_hostent(FILE *fp, int family, struct hostent **host);
 int ares__read_line(FILE *fp, char **buf, int *bufsize);
 void ares__free_query(struct query *query);
 short ares__generate_new_id(rc4_key* key);
 #define ARES_SWAP_BYTE(a,b) \
@@ -220,4 +277,3 @@ short ares__generate_new_id(rc4_key* key);
 #endif
 #endif /* __ARES_PRIVATE_H */
--- a/ares/ares_process.c
+++ b/ares/ares_process.c
@@ -21,13 +21,24 @@
 #include "nameser.h"
 #else
 #ifdef HAVE_SYS_SOCKET_H
 #include <sys/socket.h>
 #endif
 #ifdef HAVE_SYS_UIO_H
 #include <sys/uio.h>
 #endif
-#include <netinet/in.h>
+#ifdef HAVE_NETINET_IN_H
 #include <netinet/in.h> /* <netinet/tcp.h> may need it */
 #endif
 #ifdef HAVE_NETINET_TCP_H
 #include <netinet/tcp.h> /* for TCP_NODELAY */
 #endif
 #ifdef HAVE_NETDB_H
 #include <netdb.h>
 #endif
 #ifdef HAVE_ARPA_NAMESER_H
 #include <arpa/nameser.h>
 #endif
 #ifdef HAVE_ARPA_NAMESER_COMPAT_H
 #include <arpa/nameser_compat.h>
 #endif
@@ -43,6 +54,7 @@
 #include <sys/filio.h>
 #endif
 #include <assert.h>
 #include <string.h>
 #include <stdlib.h>
 #include <fcntl.h>
@@ -61,16 +73,22 @@ static void read_tcp_data(ares_channel channel, fd_set *read_fds,
                          ares_socket_t read_fd, time_t now);
 static void read_udp_packets(ares_channel channel, fd_set *read_fds,
                             ares_socket_t read_fd, time_t now);
 static void advance_tcp_send_queue(ares_channel channel, int whichserver,
                                   ssize_t num_bytes);
 static void process_timeouts(ares_channel channel, time_t now);
 static void process_broken_connections(ares_channel channel, time_t now);
 static void process_answer(ares_channel channel, unsigned char *abuf,
                           int alen, int whichserver, int tcp, time_t now);
 static void handle_error(ares_channel channel, int whichserver, time_t now);
-static struct query *next_server(ares_channel channel, struct query *query, time_t now);
+static void skip_server(ares_channel channel, struct query *query,
                        int whichserver);
 static void next_server(ares_channel channel, struct query *query, time_t now);
 static int configure_socket(int s, ares_channel channel);
 static int open_tcp_socket(ares_channel channel, struct server_state *server);
 static int open_udp_socket(ares_channel channel, struct server_state *server);
 static int same_questions(const unsigned char *qbuf, int qlen,
                          const unsigned char *abuf, int alen);
-static struct query *end_query(ares_channel channel, struct query *query, int status,
+static void end_query(ares_channel channel, struct query *query, int status,
                      unsigned char *abuf, int alen);
 /* Something interesting happened on the wire, or there was a timeout.
@@ -85,6 +103,7 @@ void ares_process(ares_channel channel, fd_set *read_fds, fd_set *write_fds)
  read_tcp_data(channel, read_fds, ARES_SOCKET_BAD, now);
  read_udp_packets(channel, read_fds, ARES_SOCKET_BAD, now);
  process_timeouts(channel, now);
  process_broken_connections(channel, now);
 }
 /* Something interesting happened on the wire, or there was a timeout.
@@ -155,7 +174,7 @@ static void write_tcp_data(ares_channel channel,
      /* Make sure server has data to send and is selected in write_fds or
         write_fd. */
      server = &channel->servers[i];
-      if (!server->qhead || server->tcp_socket == ARES_SOCKET_BAD)
+      if (!server->qhead || server->tcp_socket == ARES_SOCKET_BAD || server->is_broken)
        continue;
      if(write_fds) {
@@ -167,6 +186,14 @@ static void write_tcp_data(ares_channel channel,
          continue;
      }
      if(write_fds)
        /* If there's an error and we close this socket, then open
         * another with the same fd to talk to another server, then we
         * don't want to think that it was the new socket that was
         * ready. This is not disastrous, but is likely to result in
         * extra system calls and confusion. */
        FD_CLR(server->tcp_socket, write_fds);
      /* Count the number of send queue items. */
      n = 0;
      for (sendreq = server->qhead; sendreq; sendreq = sendreq->next)
@@ -194,27 +221,7 @@ static void write_tcp_data(ares_channel channel,
            }
          /* Advance the send queue by as many bytes as we sent. */
-          while (wcount)
+          advance_tcp_send_queue(channel, i, wcount);
            {
              sendreq = server->qhead;
              if ((size_t)wcount >= sendreq->len)
                {
                  wcount -= sendreq->len;
                  server->qhead = sendreq->next;
                  if (server->qhead == NULL)
                    {
                      SOCK_STATE_CALLBACK(channel, server->tcp_socket, 1, 0);
                      server->qtail = NULL;
                    }
                  free(sendreq);
                }
              else
                {
                  sendreq->data += wcount;
                  sendreq->len -= wcount;
                  break;
                }
            }
        }
      else
        {
@@ -230,21 +237,38 @@ static void write_tcp_data(ares_channel channel,
            }
          /* Advance the send queue by as many bytes as we sent. */
-          if ((size_t)scount == sendreq->len)
+          advance_tcp_send_queue(channel, i, scount);
        }
    }
 }
 /* Consume the given number of bytes from the head of the TCP send queue. */
 static void advance_tcp_send_queue(ares_channel channel, int whichserver,
                                   ssize_t num_bytes)
 {
  struct send_request *sendreq;
  struct server_state *server = &channel->servers[whichserver];
  while (num_bytes > 0)
    {
      sendreq = server->qhead;
      if ((size_t)num_bytes >= sendreq->len)
       {
         num_bytes -= sendreq->len;
         server->qhead = sendreq->next;
         if (server->qhead == NULL)
           {
             SOCK_STATE_CALLBACK(channel, server->tcp_socket, 1, 0);
             server->qtail = NULL;
           }
         if (sendreq->data_storage != NULL)
           free(sendreq->data_storage);
         free(sendreq);
       }
      else
       {
-              sendreq->data += scount;
+         sendreq->data += num_bytes;
-              sendreq->len -= scount;
+         sendreq->len -= num_bytes;
-            }
+         num_bytes = 0;
       }
    }
 }
@@ -268,7 +292,7 @@ static void read_tcp_data(ares_channel channel, fd_set *read_fds,
    {
      /* Make sure the server has a socket and is selected in read_fds. */
      server = &channel->servers[i];
-      if (server->tcp_socket == ARES_SOCKET_BAD)
+      if (server->tcp_socket == ARES_SOCKET_BAD || server->is_broken)
        continue;
      if(read_fds) {
@@ -280,6 +304,14 @@ static void read_tcp_data(ares_channel channel, fd_set *read_fds,
          continue;
      }
      if(read_fds)
        /* If there's an error and we close this socket, then open
         * another with the same fd to talk to another server, then we
         * don't want to think that it was the new socket that was
         * ready. This is not disastrous, but is likely to result in
         * extra system calls and confusion. */
        FD_CLR(server->tcp_socket, read_fds);
      if (server->tcp_lenbuf_pos != 2)
        {
          /* We haven't yet read a length word, so read that (or
@@ -358,7 +390,7 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds,
      /* Make sure the server has a socket and is selected in read_fds. */
      server = &channel->servers[i];
-      if (server->udp_socket == ARES_SOCKET_BAD)
+      if (server->udp_socket == ARES_SOCKET_BAD || server->is_broken)
        continue;
      if(read_fds) {
@@ -370,38 +402,69 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds,
          continue;
      }
      if(read_fds)
        /* If there's an error and we close this socket, then open
         * another with the same fd to talk to another server, then we
         * don't want to think that it was the new socket that was
         * ready. This is not disastrous, but is likely to result in
         * extra system calls and confusion. */
        FD_CLR(server->udp_socket, read_fds);
      /* To reduce event loop overhead, read and process as many
       * packets as we can. */
      do {
        count = sread(server->udp_socket, buf, sizeof(buf));
        if (count == -1 && try_again(SOCKERRNO))
          continue;
        else if (count <= 0)
          handle_error(channel, i, now);
-
+        else
          process_answer(channel, buf, (int)count, i, 0, now);
       } while (count > 0);
    }
 }
 /* If any queries have timed out, note the timeout and move them on. */
 static void process_timeouts(ares_channel channel, time_t now)
 {
-  struct query *query, *next;
+  time_t t;  /* the time of the timeouts we're processing */
  struct query *query;
  struct list_node* list_head;
  struct list_node* list_node;
-  for (query = channel->queries; query; query = next)
+  /* Process all the timeouts that have fired since the last time we
   * processed timeouts. If things are going well, then we'll have
   * hundreds/thousands of queries that fall into future buckets, and
   * only a handful of requests that fall into the "now" bucket, so
   * this should be quite quick.
   */
  for (t = channel->last_timeout_processed; t <= now; t++)
    {
-      next = query->next;
+      list_head = &(channel->queries_by_timeout[t % ARES_TIMEOUT_TABLE_SIZE]);
      for (list_node = list_head->next; list_node != list_head; )
        {
          query = list_node->data;
          list_node = list_node->next;  /* in case the query gets deleted */
          if (query->timeout != 0 && now >= query->timeout)
            {
              query->error_status = ARES_ETIMEOUT;
-          next = next_server(channel, query, now);
+              ++query->timeouts;
              next_server(channel, query, now);
            }
        }
     }
  channel->last_timeout_processed = now;
 }
 /* Handle an answer from a server. */
 static void process_answer(ares_channel channel, unsigned char *abuf,
                           int alen, int whichserver, int tcp, time_t now)
 {
-  int id, tc, rcode;
+  int tc, rcode;
  unsigned short id;
  struct query *query;
  struct list_node* list_head;
  struct list_node* list_node;
  /* If there's no room in the answer for a header, we can't do much
   * with it. */
@@ -413,12 +476,25 @@ static void process_answer(ares_channel channel, unsigned char *abuf,
  tc = DNS_HEADER_TC(abuf);
  rcode = DNS_HEADER_RCODE(abuf);
-  /* Find the query corresponding to this packet. */
+  /* Find the query corresponding to this packet. The queries are
-  for (query = channel->queries; query; query = query->next)
+   * hashed/bucketed by query id, so this lookup should be quick.
   * Note that both the query id and the questions must be the same;
   * when the query id wraps around we can have multiple outstanding
   * queries with the same query id, so we need to check both the id and
   * question.
   */
  query = NULL;
  list_head = &(channel->queries_by_qid[id % ARES_QID_TABLE_SIZE]);
  for (list_node = list_head->next; list_node != list_head;
       list_node = list_node->next)
    {
-      if (query->qid == id)
+      struct query *q = list_node->data;
      if ((q->qid == id) && same_questions(q->qbuf, q->qlen, abuf, alen))
        {
          query = q;
          break;
        }
    }
  if (!query)
    return;
@@ -449,13 +525,7 @@ static void process_answer(ares_channel channel, unsigned char *abuf,
    {
      if (rcode == SERVFAIL || rcode == NOTIMP || rcode == REFUSED)
        {
-          query->skip_server[whichserver] = 1;
+          skip_server(channel, query, whichserver);
          if (query->server == whichserver)
            next_server(channel, query, now);
          return;
        }
      if (!same_questions(query->qbuf, query->qlen, abuf, alen))
        {
          if (query->server == whichserver)
            next_server(channel, query, now);
          return;
@@ -465,29 +535,72 @@ static void process_answer(ares_channel channel, unsigned char *abuf,
  end_query(channel, query, ARES_SUCCESS, abuf, alen);
 }
-static void handle_error(ares_channel channel, int whichserver, time_t now)
+/* Close all the connections that are no longer usable. */
 static void process_broken_connections(ares_channel channel, time_t now)
 {
-  struct query *query, *next;
+  int i;
-
+  for (i = 0; i < channel->nservers; i++)
  /* Reset communications with this server. */
  ares__close_sockets(channel, &channel->servers[whichserver]);
  /* Tell all queries talking to this server to move on and not try
   * this server again.
   */
  for (query = channel->queries; query; query = next)
    {
-      next = query->next;
+      struct server_state *server = &channel->servers[i];
-      if (query->server == whichserver)
+      if (server->is_broken)
        {
-          query->skip_server[whichserver] = 1;
+          handle_error(channel, i, now);
          next = next_server(channel, query, now);
        }
    }
 }
-static struct query *next_server(ares_channel channel, struct query *query, time_t now)
+static void handle_error(ares_channel channel, int whichserver, time_t now)
 {
  struct server_state *server;
  struct query *query;
  struct list_node list_head;
  struct list_node* list_node;
  server = &channel->servers[whichserver];
  /* Reset communications with this server. */
  ares__close_sockets(channel, server);
  /* Tell all queries talking to this server to move on and not try
   * this server again. We steal the current list of queries that were
   * in-flight to this server, since when we call next_server this can
   * cause the queries to be re-sent to this server, which will
   * re-insert these queries in that same server->queries_to_server
   * list.
   */
  ares__init_list_head(&list_head);
  ares__swap_lists(&list_head, &(server->queries_to_server));
  for (list_node = list_head.next; list_node != &list_head; )
    {
      query = list_node->data;
      list_node = list_node->next;  /* in case the query gets deleted */
      assert(query->server == whichserver);
      skip_server(channel, query, whichserver);
      next_server(channel, query, now);
    }
  /* Each query should have removed itself from our temporary list as
   * it re-sent itself or finished up...
   */
  assert(ares__is_list_empty(&list_head));
 }
 static void skip_server(ares_channel channel, struct query *query,
                        int whichserver) {
  /* The given server gave us problems with this query, so if we have
   * the luxury of using other servers, then let's skip the
   * potentially broken server and just use the others. If we only
   * have one server and we need to retry then we should just go ahead
   * and re-use that server, since it's our only hope; perhaps we
   * just got unlucky, and retrying will work (eg, the server timed
   * out our TCP connection just as we were sending another request).
   */
  if (channel->nservers > 1)
    {
      query->server_info[whichserver].skip_server = 1;
    }
 }
 static void next_server(ares_channel channel, struct query *query, time_t now)
 {
  /* Advance to the next server or try. */
  query->server++;
@@ -495,19 +608,33 @@ static struct query *next_server(ares_channel channel, struct query *query, time
    {
      for (; query->server < channel->nservers; query->server++)
        {
-          if (!query->skip_server[query->server])
+          struct server_state *server = &channel->servers[query->server];
          /* We don't want to use this server if (1) we decided this
           * connection is broken, and thus about to be closed, (2)
           * we've decided to skip this server because of earlier
           * errors we encountered, or (3) we already sent this query
           * over this exact connection.
           */
          if (!server->is_broken &&
               !query->server_info[query->server].skip_server &&
               !(query->using_tcp &&
                 (query->server_info[query->server].tcp_connection_generation ==
                  server->tcp_connection_generation)))
            {
               ares__send_query(channel, query, now);
-              return (query->next);
+               return;
            }
        }
      query->server = 0;
-      /* Only one try if we're using TCP. */
+      /* You might think that with TCP we only need one try. However,
-      if (query->using_tcp)
+       * even when using TCP, servers can time-out our connection just
-        break;
+       * as we're sending a request, or close our connection because
       * they die, or never send us a reply because they get wedged or
       * tickle a bug that drops our request.
       */
    }
-  return end_query(channel, query, query->error_status, NULL, 0);
+  end_query(channel, query, query->error_status, NULL, 0);
 }
 void ares__send_query(ares_channel channel, struct query *query, time_t now)
@@ -525,7 +652,7 @@ void ares__send_query(ares_channel channel, struct query *query, time_t now)
        {
          if (open_tcp_socket(channel, server) == -1)
            {
-              query->skip_server[query->server] = 1;
+              skip_server(channel, query, query->server);
              next_server(channel, query, now);
              return;
            }
@@ -536,8 +663,16 @@ void ares__send_query(ares_channel channel, struct query *query, time_t now)
        end_query(channel, query, ARES_ENOMEM, NULL, 0);
          return;
        }
      /* To make the common case fast, we avoid copies by using the
       * query's tcpbuf for as long as the query is alive. In the rare
       * case where the query ends while it's queued for transmission,
       * then we give the sendreq its own copy of the request packet
       * and put it in sendreq->data_storage.
       */
      sendreq->data_storage = NULL;
      sendreq->data = query->tcpbuf;
      sendreq->len = query->tcplen;
      sendreq->owner_query = query;
      sendreq->next = NULL;
      if (server->qtail)
        server->qtail->next = sendreq;
@@ -547,7 +682,8 @@ void ares__send_query(ares_channel channel, struct query *query, time_t now)
          server->qhead = sendreq;
        }
      server->qtail = sendreq;
-      query->timeout = 0;
+      query->server_info[query->server].tcp_connection_generation =
        server->tcp_connection_generation;
    }
  else
    {
@@ -555,7 +691,7 @@ void ares__send_query(ares_channel channel, struct query *query, time_t now)
        {
          if (open_udp_socket(channel, server) == -1)
            {
-              query->skip_server[query->server] = 1;
+              skip_server(channel, query, query->server);
              next_server(channel, query, now);
              return;
            }
@@ -563,21 +699,36 @@ void ares__send_query(ares_channel channel, struct query *query, time_t now)
      if (swrite(server->udp_socket, query->qbuf, query->qlen) == -1)
        {
          /* FIXME: Handle EAGAIN here since it likely can happen. */
-          query->skip_server[query->server] = 1;
+          skip_server(channel, query, query->server);
          next_server(channel, query, now);
          return;
        }
    }
    query->timeout = now
        + ((query->try == 0) ? channel->timeout
           : channel->timeout << query->try / channel->nservers);
-    }
+    /* Keep track of queries bucketed by timeout, so we can process
     * timeout events quickly.
     */
    ares__remove_from_list(&(query->queries_by_timeout));
    ares__insert_in_list(
        &(query->queries_by_timeout),
        &(channel->queries_by_timeout[query->timeout %
                                      ARES_TIMEOUT_TABLE_SIZE]));
    /* Keep track of queries bucketed by server, so we can process server
     * errors quickly.
     */
    ares__remove_from_list(&(query->queries_to_server));
    ares__insert_in_list(&(query->queries_to_server),
                         &(server->queries_to_server));
 }
 /*
- * nonblock() set the given socket to either blocking or non-blocking mode
+ * setsocknonblock sets the given socket to either blocking or non-blocking mode
 * based on the 'nonblock' boolean argument. This function is highly portable.
 */
-static int nonblock(ares_socket_t sockfd,    /* operate on this */
+static int setsocknonblock(ares_socket_t sockfd,    /* operate on this */
                    int nonblock   /* TRUE or FALSE */)
 {
 #undef SETBLOCK
@@ -645,9 +796,36 @@ static int nonblock(ares_socket_t sockfd,    /* operate on this */
 #endif
 }
 static int configure_socket(int s, ares_channel channel)
 {
  setsocknonblock(s, TRUE);
 #if defined(FD_CLOEXEC) && !defined(MSDOS)
  /* Configure the socket fd as close-on-exec. */
  if (fcntl(s, F_SETFD, FD_CLOEXEC) == -1)
    return -1;
 #endif
  /* Set the socket's send and receive buffer sizes. */
  if ((channel->socket_send_buffer_size > 0) &&
      setsockopt(s, SOL_SOCKET, SO_SNDBUF,
                 (void *)&channel->socket_send_buffer_size,
                 sizeof(channel->socket_send_buffer_size)) == -1)
    return -1;
  if ((channel->socket_receive_buffer_size > 0) &&
      setsockopt(s, SOL_SOCKET, SO_RCVBUF,
                 (void *)&channel->socket_receive_buffer_size,
                 sizeof(channel->socket_receive_buffer_size)) == -1)
    return -1;
  return 0;
 }
 static int open_tcp_socket(ares_channel channel, struct server_state *server)
 {
  ares_socket_t s;
  int opt;
  struct sockaddr_in sockin;
  /* Acquire a socket. */
@@ -655,8 +833,26 @@ static int open_tcp_socket(ares_channel channel, struct server_state *server)
  if (s == ARES_SOCKET_BAD)
    return -1;
-  /* Set the socket non-blocking. */
+  /* Configure it. */
-  nonblock(s, TRUE);
+  if (configure_socket(s, channel) < 0)
    {
       close(s);
       return -1;
    }
  /*
   * Disable the Nagle algorithm (only relevant for TCP sockets, and thus not in
   * configure_socket). In general, in DNS lookups we're pretty much interested
   * in firing off a single request and then waiting for a reply, so batching
   * isn't very interesting in general.
   */
  opt = 1;
  if (setsockopt(s, IPPROTO_TCP, TCP_NODELAY,
                 (void *)&opt, sizeof(opt)) == -1)
    {
       close(s);
       return -1;
    }
  /* Connect to the server. */
  memset(&sockin, 0, sizeof(sockin));
@@ -675,6 +871,7 @@ static int open_tcp_socket(ares_channel channel, struct server_state *server)
  SOCK_STATE_CALLBACK(channel, s, 1, 0);
  server->tcp_buffer_pos = 0;
  server->tcp_socket = s;
  server->tcp_connection_generation = ++channel->tcp_connection_generation;
  return 0;
 }
@@ -689,7 +886,11 @@ static int open_udp_socket(ares_channel channel, struct server_state *server)
    return -1;
  /* Set the socket non-blocking. */
-  nonblock(s, TRUE);
+  if (configure_socket(s, channel) < 0)
    {
       close(s);
       return -1;
    }
  /* Connect to the server. */
  memset(&sockin, 0, sizeof(sockin));
@@ -787,34 +988,92 @@ static int same_questions(const unsigned char *qbuf, int qlen,
  return 1;
 }
-static struct query *end_query (ares_channel channel, struct query *query, int status,
+static void end_query (ares_channel channel, struct query *query, int status,
                       unsigned char *abuf, int alen)
 {
  struct query **q, *next;
  int i;
-  query->callback(query->arg, status, abuf, alen);
+  /* First we check to see if this query ended while one of our send
-  for (q = &channel->queries; *q; q = &(*q)->next)
+   * queues still has pointers to it.
   */
  for (i = 0; i < channel->nservers; i++)
    {
-      if (*q == query)
+      struct server_state *server = &channel->servers[i];
-        break;
+      struct send_request *sendreq;
      for (sendreq = server->qhead; sendreq; sendreq = sendreq->next)
        if (sendreq->owner_query == query)
          {
            sendreq->owner_query = NULL;
            assert(sendreq->data_storage == NULL);
            if (status == ARES_SUCCESS)
              {
                /* We got a reply for this query, but this queued
                 * sendreq points into this soon-to-be-gone query's
                 * tcpbuf. Probably this means we timed out and queued
                 * the query for retransmission, then received a
                 * response before actually retransmitting. This is
                 * perfectly fine, so we want to keep the connection
                 * running smoothly if we can. But in the worst case
                 * we may have sent only some prefix of the query,
                 * with some suffix of the query left to send. Also,
                 * the buffer may be queued on multiple queues. To
                 * prevent dangling pointers to the query's tcpbuf and
                 * handle these cases, we just give such sendreqs
                 * their own copy of the query packet.
                 */
               sendreq->data_storage = malloc(sendreq->len);
               if (sendreq->data_storage != NULL)
                 {
                   memcpy(sendreq->data_storage, sendreq->data, sendreq->len);
                   sendreq->data = sendreq->data_storage;
                 }
-  *q = query->next;
+              }
-  if (*q)
+            if ((status != ARES_SUCCESS) || (sendreq->data_storage == NULL))
-    next = (*q)->next;
+              {
-  else
+                /* We encountered an error (probably a timeout,
-    next = NULL;
+                 * suggesting the DNS server we're talking to is
-  free(query->tcpbuf);
+                 * probably unreachable, wedged, or severely
-  free(query->skip_server);
+                 * overloaded) or we couldn't copy the request, so
-  free(query);
+                 * mark the connection as broken. When we get to
                 * process_broken_connections() we'll close the
                 * connection and try to re-send requests to another
                 * server.
                 */
               server->is_broken = 1;
               /* Just to be paranoid, zero out this sendreq... */
               sendreq->data = NULL;
               sendreq->len = 0;
             }
          }
    }
  /* Invoke the callback */
  query->callback(query->arg, status, query->timeouts, abuf, alen);
  ares__free_query(query);
  /* Simple cleanup policy: if no queries are remaining, close all
   * network sockets unless STAYOPEN is set.
   */
-  if (!channel->queries && !(channel->flags & ARES_FLAG_STAYOPEN))
+  if (!(channel->flags & ARES_FLAG_STAYOPEN) &&
      ares__is_list_empty(&(channel->all_queries)))
    {
      for (i = 0; i < channel->nservers; i++)
        ares__close_sockets(channel, &channel->servers[i]);
    }
-  return (next);
+}
 void ares__free_query(struct query *query)
 {
  /* Remove the query from all the lists in which it is linked */
  ares__remove_from_list(&(query->queries_by_qid));
  ares__remove_from_list(&(query->queries_by_timeout));
  ares__remove_from_list(&(query->queries_to_server));
  ares__remove_from_list(&(query->all_queries));
  /* Zero out some important stuff, to help catch bugs */
  query->callback = NULL;
  query->arg = NULL;
  /* Deallocate the memory associated with the query */
  free(query->tcpbuf);
  free(query->server_info);
  free(query);
 }
--- a/ares/ares_query.3
+++ b/ares/ares_query.3
@@ -22,7 +22,7 @@ ares_query \- Initiate a single-question DNS query
 .B #include <ares.h>
 .PP
 .B typedef void (*ares_callback)(void *\fIarg\fP, int \fIstatus\fP,
-.B	unsigned char *\fIabuf\fP, int \fIalen\fP)
+.B	int \fItimeouts\fP, unsigned char *\fIabuf\fP, int \fIalen\fP)
 .PP
 .B void ares_query(ares_channel \fIchannel\fP, const char *\fIname\fP,
 .B 	int \fIdnsclass\fP, int \fItype\fP, ares_callback \fIcallback\fP,
@@ -124,6 +124,11 @@ The name service channel
 .I channel
 is being destroyed; the query will not be completed.
 .PP
 The callback argument
 .I timeouts
 reports how many times a query timed out during the execution of the
 given request.
 .PP
 If the query completed (even if there was something wrong with it, as
 indicated by some of the above error codes), the callback argument
 .I abuf
--- a/ares/ares_query.c
+++ b/ares/ares_query.c
@@ -37,7 +37,7 @@ struct qquery {
  void *arg;
 };
-static void qcallback(void *arg, int status, unsigned char *abuf, int alen);
+static void qcallback(void *arg, int status, int timeouts, unsigned char *abuf, int alen);
 void ares__rc4(rc4_key* key, unsigned char *buffer_ptr, int buffer_len)
 {
@@ -53,13 +53,13 @@ void ares__rc4(rc4_key* key, unsigned char *buffer_ptr, int buffer_len)
  state = &key->state[0];
  for(counter = 0; counter < buffer_len; counter ++)
  {
-	x = (x + 1) % 256;
+    x = (unsigned char)((x + 1) % 256);
-	y = (state[x] + y) % 256;
+    y = (unsigned char)((state[x] + y) % 256);
    ARES_SWAP_BYTE(&state[x], &state[y]);
-	xorIndex = (state[x] + state[y]) % 256;
+    xorIndex = (unsigned char)((state[x] + state[y]) % 256);
-	buffer_ptr[counter] ^= state[xorIndex];
+    buffer_ptr[counter] = (unsigned char)(buffer_ptr[counter]^state[xorIndex]);
  }
  key->x = x;
  key->y = y;
@@ -67,13 +67,17 @@ void ares__rc4(rc4_key* key, unsigned char *buffer_ptr, int buffer_len)
 static struct query* find_query_by_id(ares_channel channel, int id)
 {
-  int qid;
+  unsigned short qid;
-  struct query* q;
+  struct list_node* list_head;
  struct list_node* list_node;
  DNS_HEADER_SET_QID(((unsigned char*)&qid), id);
  /* Find the query corresponding to this packet. */
-  for (q = channel->queries; q; q = q->next)
+  list_head = &(channel->queries_by_qid[qid % ARES_QID_TABLE_SIZE]);
  for (list_node = list_head->next; list_node != list_head;
       list_node = list_node->next)
    {
       struct query *q = list_node->data;
       if (q->qid == qid)
 	  return q;
    }
@@ -110,7 +114,8 @@ void ares_query(ares_channel channel, const char *name, int dnsclass,
                        &qlen);
  if (status != ARES_SUCCESS)
    {
-      callback(arg, status, NULL, 0);
+      if (qbuf != NULL) free(qbuf);
      callback(arg, status, 0, NULL, 0);
      return;
    }
@@ -121,7 +126,7 @@ void ares_query(ares_channel channel, const char *name, int dnsclass,
  if (!qquery)
    {
      ares_free_string(qbuf);
-      callback(arg, ARES_ENOMEM, NULL, 0);
+      callback(arg, ARES_ENOMEM, 0, NULL, 0);
      return;
    }
  qquery->callback = callback;
@@ -132,14 +137,14 @@ void ares_query(ares_channel channel, const char *name, int dnsclass,
  ares_free_string(qbuf);
 }
-static void qcallback(void *arg, int status, unsigned char *abuf, int alen)
+static void qcallback(void *arg, int status, int timeouts, unsigned char *abuf, int alen)
 {
  struct qquery *qquery = (struct qquery *) arg;
  unsigned int ancount;
  int rcode;
  if (status != ARES_SUCCESS)
-    qquery->callback(qquery->arg, status, abuf, alen);
+    qquery->callback(qquery->arg, status, timeouts, abuf, alen);
  else
    {
      /* Pull the response code and answer count from the packet. */
@@ -168,7 +173,7 @@ static void qcallback(void *arg, int status, unsigned char *abuf, int alen)
          status = ARES_EREFUSED;
          break;
        }
-      qquery->callback(qquery->arg, status, abuf, alen);
+      qquery->callback(qquery->arg, status, timeouts, abuf, alen);
    }
  free(qquery);
 }
--- a/ares/ares_search.3
+++ b/ares/ares_search.3
@@ -22,7 +22,7 @@ ares_search \- Initiate a DNS query with domain search
 .B #include <ares.h>
 .PP
 .B typedef void (*ares_callback)(void *\fIarg\fP, int \fIstatus\fP,
-.B	unsigned char *\fIabuf\fP, int \fIalen\fP)
+.B	int \fItimeouts\fP, unsigned char *\fIabuf\fP, int \fIalen\fP)
 .PP
 .B void ares_search(ares_channel \fIchannel\fP, const char *\fIname\fP,
 .B 	int \fIdnsclass\fP, int \fItype\fP, ares_callback \fIcallback\fP,
@@ -125,6 +125,11 @@ The name service channel
 .I channel
 is being destroyed; the query will not be completed.
 .PP
 The callback argument
 .I timeouts
 reports how many times a query timed out during the execution of the
 given request.
 .PP
 If a query completed successfully, the callback argument
 .I abuf
 points to a result buffer of length
--- a/ares/ares_search.c
+++ b/ares/ares_search.c
@@ -41,10 +41,12 @@ struct search_query {
  int status_as_is;             /* error status from trying as-is */
  int next_domain;              /* next search domain to try */
  int trying_as_is;             /* current query is for name as-is */
  int timeouts;                 /* number of timeouts we saw for this request */
  int ever_got_nodata;          /* did we ever get ARES_ENODATA along the way? */
 };
-static void search_callback(void *arg, int status, unsigned char *abuf,
+static void search_callback(void *arg, int status, int timeouts,
-                            int alen);
+                            unsigned char *abuf, int alen);
 static void end_squery(struct search_query *squery, int status,
                       unsigned char *abuf, int alen);
 static int cat_domain(const char *name, const char *domain, char **s);
@@ -64,7 +66,7 @@ void ares_search(ares_channel channel, const char *name, int dnsclass,
  status = single_domain(channel, name, &s);
  if (status != ARES_SUCCESS)
    {
-      callback(arg, status, NULL, 0);
+      callback(arg, status, 0, NULL, 0);
      return;
    }
  if (s)
@@ -80,7 +82,7 @@ void ares_search(ares_channel channel, const char *name, int dnsclass,
  squery = malloc(sizeof(struct search_query));
  if (!squery)
    {
-      callback(arg, ARES_ENOMEM, NULL, 0);
+      callback(arg, ARES_ENOMEM, 0, NULL, 0);
      return;
    }
  squery->channel = channel;
@@ -88,7 +90,7 @@ void ares_search(ares_channel channel, const char *name, int dnsclass,
  if (!squery->name)
    {
      free(squery);
-      callback(arg, ARES_ENOMEM, NULL, 0);
+      callback(arg, ARES_ENOMEM, 0, NULL, 0);
      return;
    }
  squery->dnsclass = dnsclass;
@@ -96,6 +98,8 @@ void ares_search(ares_channel channel, const char *name, int dnsclass,
  squery->status_as_is = -1;
  squery->callback = callback;
  squery->arg = arg;
  squery->timeouts = 0;
  squery->ever_got_nodata = 0;
  /* Count the number of dots in name. */
  ndots = 0;
@@ -132,18 +136,20 @@ void ares_search(ares_channel channel, const char *name, int dnsclass,
        /* failed, free the malloc()ed memory */
        free(squery->name);
        free(squery);
-        callback(arg, status, NULL, 0);
+        callback(arg, status, 0, NULL, 0);
      }
    }
 }
-static void search_callback(void *arg, int status, unsigned char *abuf,
+static void search_callback(void *arg, int status, int timeouts,
-                            int alen)
+                            unsigned char *abuf, int alen)
 {
  struct search_query *squery = (struct search_query *) arg;
  ares_channel channel = squery->channel;
  char *s;
  squery->timeouts += timeouts;
  /* Stop searching unless we got a non-fatal error. */
  if (status != ARES_ENODATA && status != ARES_ESERVFAIL
      && status != ARES_ENOTFOUND)
@@ -153,6 +159,17 @@ static void search_callback(void *arg, int status, unsigned char *abuf,
      /* Save the status if we were trying as-is. */
      if (squery->trying_as_is)
        squery->status_as_is = status;
      /* 
       * If we ever get ARES_ENODATA along the way, record that; if the search
       * should run to the very end and we got at least one ARES_ENODATA,
       * then callers like ares_gethostbyname() may want to try a T_A search
       * even if the last domain we queried for T_AAAA resource records
       * returned ARES_ENOTFOUND.
       */
      if (status == ARES_ENODATA)
        squery->ever_got_nodata = 1;
      if (squery->next_domain < channel->ndomains)
        {
          /* Try the next domain. */
@@ -176,15 +193,20 @@ static void search_callback(void *arg, int status, unsigned char *abuf,
          ares_query(channel, squery->name, squery->dnsclass, squery->type,
                     search_callback, squery);
        }
      else {
        if (squery->status_as_is == ARES_ENOTFOUND && squery->ever_got_nodata) {
          end_squery(squery, ARES_ENODATA, NULL, 0);
        }
        else
          end_squery(squery, squery->status_as_is, NULL, 0);
      }
    }
 }
 static void end_squery(struct search_query *squery, int status,
                       unsigned char *abuf, int alen)
 {
-  squery->callback(squery->arg, status, abuf, alen);
+  squery->callback(squery->arg, status, squery->timeouts, abuf, alen);
  free(squery->name);
  free(squery);
 }
--- a/ares/ares_send.3
+++ b/ares/ares_send.3
@@ -22,7 +22,7 @@ ares_send \- Initiate a DNS query
 .B #include <ares.h>
 .PP
 .B typedef void (*ares_callback)(void *\fIarg\fP, int \fIstatus\fP,
-.B	unsigned char *\fIabuf\fP, int \fIalen\fP)
+.B	int \fItimeouts\fP, unsigned char *\fIabuf\fP, int \fIalen\fP)
 .PP
 .B void ares_send(ares_channel \fIchannel\fP, const unsigned char *\fIqbuf\fP,
 .B 	int \fIqlen\fP, ares_callback \fIcallback\fP, void *\fIarg\fP)
@@ -79,6 +79,11 @@ The name service channel
 .I channel
 is being destroyed; the query will not be completed.
 .PP
 The callback argument
 .I timeouts
 reports how many times a query timed out during the execution of the
 given request.
 .PP
 If the query completed, the callback argument
 .I abuf
 points to a result buffer of length
--- a/ares/ares_send.c
+++ b/ares/ares_send.c
@@ -44,7 +44,7 @@ void ares_send(ares_channel channel, const unsigned char *qbuf, int qlen,
  /* Verify that the query is at least long enough to hold the header. */
  if (qlen < HFIXEDSZ || qlen >= (1 << 16))
    {
-      callback(arg, ARES_EBADQUERY, NULL, 0);
+      callback(arg, ARES_EBADQUERY, 0, NULL, 0);
      return;
    }
@@ -52,22 +52,23 @@ void ares_send(ares_channel channel, const unsigned char *qbuf, int qlen,
  query = malloc(sizeof(struct query));
  if (!query)
    {
-      callback(arg, ARES_ENOMEM, NULL, 0);
+      callback(arg, ARES_ENOMEM, 0, NULL, 0);
      return;
    }
  query->tcpbuf = malloc(qlen + 2);
  if (!query->tcpbuf)
    {
      free(query);
-      callback(arg, ARES_ENOMEM, NULL, 0);
+      callback(arg, ARES_ENOMEM, 0, NULL, 0);
      return;
    }
-  query->skip_server = malloc(channel->nservers * sizeof(int));
+  query->server_info = malloc(channel->nservers *
-  if (!query->skip_server)
+                              sizeof(query->server_info[0]));
  if (!query->server_info)
    {
      free(query->tcpbuf);
      free(query);
-      callback(arg, ARES_ENOMEM, NULL, 0);
+      callback(arg, ARES_ENOMEM, 0, NULL, 0);
      return;
    }
@@ -93,13 +94,28 @@ void ares_send(ares_channel channel, const unsigned char *qbuf, int qlen,
  query->try = 0;
  query->server = 0;
  for (i = 0; i < channel->nservers; i++)
-    query->skip_server[i] = 0;
+    {
      query->server_info[i].skip_server = 0;
      query->server_info[i].tcp_connection_generation = 0;
    }
  query->using_tcp = (channel->flags & ARES_FLAG_USEVC) || qlen > PACKETSZ;
  query->error_status = ARES_ECONNREFUSED;
  query->timeouts = 0;
-  /* Chain the query into this channel's query list. */
+  /* Initialize our list nodes. */
-  query->next = channel->queries;
+  ares__init_list_node(&(query->queries_by_qid),     query);
-  channel->queries = query;
+  ares__init_list_node(&(query->queries_by_timeout), query);
  ares__init_list_node(&(query->queries_to_server),  query);
  ares__init_list_node(&(query->all_queries),        query);
  /* Chain the query into the list of all queries. */
  ares__insert_in_list(&(query->all_queries), &(channel->all_queries));
  /* Keep track of queries bucketed by qid, so we can process DNS
   * responses quickly.
   */
  ares__insert_in_list(
      &(query->queries_by_qid),
      &(channel->queries_by_qid[query->qid % ARES_QID_TABLE_SIZE]));
  /* Perform the first query action. */
  time(&now);
--- a/ares/ares_strerror.c
+++ b/ares/ares_strerror.c
@@ -46,6 +46,8 @@ const char *ares_strerror(int code)
    "Illegal hints flags specified"
  };
-  DEBUGASSERT(code >= 0 && code < (int)(sizeof(errtext) / sizeof(*errtext)));
+  if(code >= 0 && code < (int)(sizeof(errtext) / sizeof(*errtext)))
    return errtext[code];
  else
    return "unknown";
 }
--- a/ares/ares_timeout.c
+++ b/ares/ares_timeout.c
@@ -26,23 +26,34 @@
 #include "ares.h"
 #include "ares_private.h"
 /* WARNING: Beware that this is linear in the number of outstanding
 * requests! You are probably far better off just calling ares_process()
 * once per second, rather than calling ares_timeout() to figure out
 * when to next call ares_process().
 */
 struct timeval *ares_timeout(ares_channel channel, struct timeval *maxtv,
                             struct timeval *tvbuf)
 {
  struct query *query;
  struct list_node* list_head;
  struct list_node* list_node;
  time_t now;
  time_t offset, min_offset; /* these use time_t since some 32 bit systems
                                still use 64 bit time_t! (like VS2005) */
  /* No queries, no timeout (and no fetch of the current time). */
-  if (!channel->queries)
+  if (ares__is_list_empty(&(channel->all_queries)))
    return maxtv;
  /* Find the minimum timeout for the current set of queries. */
  time(&now);
  min_offset = -1;
-  for (query = channel->queries; query; query = query->next)
+
  list_head = &(channel->all_queries);
  for (list_node = list_head->next; list_node != list_head;
       list_node = list_node->next)
    {
      query = list_node->data;
      if (query->timeout == 0)
        continue;
      offset = query->timeout - now;
--- a/ares/ares_version.h
+++ b/ares/ares_version.h
@@ -4,12 +4,12 @@
 #define ARES__VERSION_H
 #define ARES_VERSION_MAJOR 1
-#define ARES_VERSION_MINOR 4
+#define ARES_VERSION_MINOR 5
-#define ARES_VERSION_PATCH 1
+#define ARES_VERSION_PATCH 0
 #define ARES_VERSION ((ARES_VERSION_MAJOR<<16)|\
                       (ARES_VERSION_MINOR<<8)|\
                       (ARES_VERSION_PATCH))
-#define ARES_VERSION_STR "1.4.1-CVS"
+#define ARES_VERSION_STR "1.5.0-CVS"
 #ifdef  __cplusplus
 extern "C" {
--- a/ares/config-win32.h
+++ b/ares/config-win32.h
@@ -146,11 +146,6 @@
 #define ssize_t int
 #endif
 /* Define to 'int' if socklen_t is not an available 'typedefed' type */
 #ifndef HAVE_WS2TCPIP_H
 #define socklen_t int
 #endif
 /* ---------------------------------------------------------------- */
 /*                          STRUCT RELATED                          */
 /* ---------------------------------------------------------------- */
--- a/ares/configure.ac
+++ b/ares/configure.ac
@@ -117,6 +117,43 @@ dnl gethostbyname_r() version
 dnl **********************************************************************
 CURL_DETECT_ICC([CFLAGS="$CFLAGS -we 147"])
 dnl **********************************************************************
 dnl platform/compiler/architecture specific checks/flags
 dnl **********************************************************************
 case $host in
  #
  x86_64*linux*)
    #
    dnl find out if icc is being used
    if test "z$ICC" = "z"; then
      CURL_DETECT_ICC
    fi
    #
    if test "$ICC" = "yes"; then
      dnl figure out icc version
      AC_MSG_CHECKING([icc version])
      iccver=`$CC -dumpversion`
      iccnhi=`echo $iccver | cut -d . -f1`
      iccnlo=`echo $iccver | cut -d . -f2`
      iccnum=`(expr $iccnhi "*" 100 + $iccnlo) 2>/dev/null`
      AC_MSG_RESULT($iccver)
      #
      if test "$iccnum" -ge "900" && test "$iccnum" -lt "1000"; then
        dnl icc 9.X specific
        CFLAGS="$CFLAGS -i-dynamic"
      fi
      #
      if test "$iccnum" -ge "1000"; then
        dnl icc 10.X or later
        CFLAGS="$CFLAGS -shared-intel"
      fi
      #
    fi
    ;;
  #
 esac
 dnl **********************************************************************
 dnl Checks for libraries.
 dnl **********************************************************************
@@ -337,8 +374,10 @@ AC_CHECK_HEADERS(
       sys/select.h \
       sys/socket.h \
       sys/ioctl.h \
       sys/param.h \
       netdb.h \
       netinet/in.h \
       netinet/tcp.h \
       net/if.h \
       errno.h \
       stdbool.h \
@@ -600,6 +639,7 @@ AC_CHECK_MEMBER(struct addrinfo.ai_flags,
 AC_CHECK_FUNCS( bitncmp \
                gettimeofday \
                if_indextoname,
 dnl if found
 [],
@@ -801,4 +841,4 @@ if test -n "$RANDOM_FILE" && test X"$RANDOM_FILE" != Xno ; then
        [a suitable file/device to read random data from])
 fi
-AC_OUTPUT(Makefile)
+AC_OUTPUT(Makefile libcares.pc)
--- a/ares/libcares.pc.in
+++ b/ares/libcares.pc.in
@@ -0,0 +1,20 @@
 #***************************************************************************
 # Project        ___       __ _ _ __ ___  ___ 
 #               / __|____ / _` | '__/ _ \/ __|
 #              | (_|_____| (_| | | |  __/\__ \
 #               \___|     \__,_|_|  \___||___/
 # $id: $
 #
 prefix=@prefix@
 exec_prefix=@exec_prefix@
 libdir=@libdir@
 includedir=@includedir@
 Name: c-ares
 URL: http://daniel.haxx.se/projects/c-ares/
 Description: asyncronous DNS lookup library
 Version: @VERSION@
 Requires: 
 Requires.private: 
 Cflags: -I${includedir}
 Libs: -L${libdir} -lcares
--- a/ares/nameser.h
+++ b/ares/nameser.h
@@ -32,7 +32,9 @@ struct iovec
 int ares_writev (SOCKET s, const struct iovec *vector, size_t count);
 #define writev(s,vect,count)  ares_writev(s,vect,count)
 #ifndef HAVE_GETTIMEOFDAY
 struct timezone { int dummy; };
 #endif
 int ares_gettimeofday(struct timeval *tv, struct timezone *tz);
 #define gettimeofday(tv,tz) ares_gettimeofday(tv,tz)
@@ -147,6 +149,11 @@ typedef enum __ns_opcode {
 #define T_CNAME                ns_t_cname
 #define NS_MAXDNAME   256     /* maximum domain name */
 #define MAXDNAME      NS_MAXDNAME
 #define NS_MAXCDNAME  255     /* maximum compressed domain name */
 #define MAXCDNAME     NS_MAXCDNAME
 #define NS_PACKETSZ   512     /* maximum packet size */
 #define PACKETSZ       NS_PACKETSZ
--- a/ares/setup.h
+++ b/ares/setup.h
@@ -97,10 +97,6 @@
 #define ssize_t int
 #endif
 #ifndef HAVE_WS2TCPIP_H
 #define socklen_t int
 #endif
 #endif /* HAVE_CONFIG_H */
 /*
--- a/ares/setup_once.h
+++ b/ares/setup_once.h
@@ -91,6 +91,31 @@ struct timeval {
 #endif
 /*
 * Windows build targets have socklen_t definition in
 * ws2tcpip.h but some versions of ws2tcpip.h do not
 * have the definition. It seems that when the socklen_t
 * definition is missing from ws2tcpip.h the definition
 * for INET_ADDRSTRLEN is also missing, and that when one
 * definition is present the other one also is available.
 */
 #if defined(WIN32) && !defined(HAVE_SOCKLEN_T)
 #  if ( defined(_MSC_VER) && !defined(INET_ADDRSTRLEN) ) || \
      (!defined(_MSC_VER) && !defined(HAVE_WS2TCPIP_H) )
 #    define socklen_t int
 #    define HAVE_SOCKLEN_T
 #  endif
 #endif
 #if defined(__minix)
 /* Minix doesn't support recv on TCP sockets */
 #define sread(x,y,z) (ssize_t)read((RECV_TYPE_ARG1)(x), \
                                   (RECV_TYPE_ARG2)(y), \
                                   (RECV_TYPE_ARG3)(z))
 #elif defined(HAVE_RECV)
 /*
 * The definitions for the return type and arguments types
 * of functions recv() and send() belong and come from the
@@ -113,7 +138,6 @@ struct timeval {
 * SEND_TYPE_RETV must also be defined.
 */
 #ifdef HAVE_RECV
 #if !defined(RECV_TYPE_ARG1) || \
    !defined(RECV_TYPE_ARG2) || \
    !defined(RECV_TYPE_ARG3) || \
@@ -136,7 +160,14 @@ struct timeval {
 #endif
 #endif /* HAVE_RECV */
-#ifdef HAVE_SEND
+
 #if defined(__minix)
 /* Minix doesn't support send on TCP sockets */
 #define swrite(x,y,z) (ssize_t)write((SEND_TYPE_ARG1)(x), \
                                    (SEND_TYPE_ARG2)(y), \
                                    (SEND_TYPE_ARG3)(z))
 #elif defined(HAVE_SEND)
 #if !defined(SEND_TYPE_ARG1) || \
    !defined(SEND_QUAL_ARG2) || \
    !defined(SEND_TYPE_ARG2) || \
@@ -358,5 +389,96 @@ typedef int sig_atomic_t;
 #endif
 /*
 * We use this ZERO_NULL to avoid picky compiler warnings,
 * when assigning a NULL pointer to a function pointer var.
 */
 #define ZERO_NULL 0
 #if defined (__LP64__) && defined(__hpux) && !defined(_XOPEN_SOURCE_EXTENDED)
 #include <sys/socket.h>
 /* HP-UX has this oddity where it features a few functions that don't work
   with socklen_t so we need to convert to ints
   This is due to socklen_t being a 64bit int under 64bit ABI, but the
   pre-xopen (default) interfaces require an int, which is 32bits.
   Therefore, Anytime socklen_t is passed by pointer, the libc function
   truncates the 64bit socklen_t value by treating it as a 32bit value.
   Note that some socket calls are allowed to have a NULL pointer for
   the socklen arg.
 */
 inline static int Curl_hp_getsockname(int s, struct sockaddr *name,
                                      socklen_t *namelen)
 {
  int rc;
  if(namelen) {
     int len = *namelen;
     rc = getsockname(s, name, &len);
     *namelen = len;
   }
  else
     rc = getsockname(s, name, 0);
  return rc;
 }
 inline static int Curl_hp_getsockopt(int  s, int level, int optname,
                                     void *optval, socklen_t *optlen)
 {
  int rc;
  if(optlen) {
    int len = *optlen;
    rc = getsockopt(s, level, optname, optval, &len);
    *optlen = len;
  }
  else
    rc = getsockopt(s, level, optname, optval, 0);
  return rc;
 }
 inline static int Curl_hp_accept(int sockfd, struct sockaddr *addr,
                                 socklen_t *addrlen)
 {
  int rc;
  if(addrlen) {
     int len = *addrlen;
     rc = accept(sockfd, addr, &len);
     *addrlen = len;
  }
  else
     rc = accept(sockfd, addr, 0);
  return rc;
 }
 inline static ssize_t Curl_hp_recvfrom(int s, void *buf, size_t len, int flags,
                                       struct sockaddr *from,
                                       socklen_t *fromlen)
 {
  ssize_t rc;
  if(fromlen) {
    int fromlen32 = *fromlen;
    rc = recvfrom(s, buf, len, flags, from, &fromlen32);
    *fromlen = fromlen32;
  }
  else {
    rc = recvfrom(s, buf, len, flags, from, 0);
  }
  return rc;
 }
 #define getsockname(a,b,c) Curl_hp_getsockname((a),(b),(c))
 #define getsockopt(a,b,c,d,e) Curl_hp_getsockopt((a),(b),(c),(d),(e))
 #define accept(a,b,c) Curl_hp_accept((a),(b),(c))
 #define recvfrom(a,b,c,d,e,f) Curl_hp_recvfrom((a),(b),(c),(d),(e),(f))
 #endif /* HPUX work-around */
 #endif /* __SETUP_ONCE_H */
--- a/ares/vc/areslib/areslib.dsp
+++ b/ares/vc/areslib/areslib.dsp
@@ -137,6 +137,10 @@ SOURCE=..\..\ares_init.c
 # End Source File
 # Begin Source File
 SOURCE=..\..\ares_llist.c
 # End Source File
 # Begin Source File
 SOURCE=..\..\ares_mkquery.c
 # End Source File
 # Begin Source File
@@ -213,6 +217,10 @@ SOURCE=..\..\ares_ipv6.h
 # End Source File
 # Begin Source File
 SOURCE=..\..\ares_llist.h
 # End Source File
 # Begin Source File
 SOURCE=..\..\ares_private.h
 # End Source File
 # Begin Source File
--- a/configure.ac
+++ b/configure.ac
@@ -55,6 +55,7 @@ AC_SUBST(AR)
 if test "x$AR" = "xar-was-not-found-by-configure"; then
  AC_MSG_WARN([ar was not found, this may ruin your chances to build fine])
 fi
 AC_SUBST(libext)
 dnl figure out the libcurl version
 VERSION=`$SED -ne 's/^#define LIBCURL_VERSION "\(.*\)"/\1/p' ${srcdir}/include/curl/curlver.h`
@@ -89,6 +90,8 @@ dnl initialize all the info variables
 curl_manual_msg="no      (--enable-manual)"
 curl_verbose_msg="enabled (--disable-verbose)"
   curl_sspi_msg="no      (--enable-sspi)"
   curl_ldap_msg="no      (--enable-ldap / --with-ldap-lib / --with-lber-lib)"
  curl_ldaps_msg="no      (--enable-ldaps)"
 dnl
 dnl Save anything in $LIBS for later
@@ -219,6 +222,45 @@ CURL_CHECK_HEADER_WINSOCK
 CURL_CHECK_HEADER_WINSOCK2
 CURL_CHECK_HEADER_WS2TCPIP
 CURL_CHECK_HEADER_WINLDAP
 CURL_CHECK_HEADER_WINBER
 dnl **********************************************************************
 dnl platform/compiler/architecture specific checks/flags
 dnl **********************************************************************
 case $host in
  #
  x86_64*linux*)
    #
    dnl find out if icc is being used
    if test "z$ICC" = "z"; then
      CURL_DETECT_ICC
    fi
    #
    if test "$ICC" = "yes"; then
      dnl figure out icc version
      AC_MSG_CHECKING([icc version])
      iccver=`$CC -dumpversion`
      iccnhi=`echo $iccver | cut -d . -f1`
      iccnlo=`echo $iccver | cut -d . -f2`
      iccnum=`(expr $iccnhi "*" 100 + $iccnlo) 2>/dev/null`
      AC_MSG_RESULT($iccver)
      #
      if test "$iccnum" -ge "900" && test "$iccnum" -lt "1000"; then
        dnl icc 9.X specific
        CFLAGS="$CFLAGS -i-dynamic"
      fi
      #
      if test "$iccnum" -ge "1000"; then
        dnl icc 10.X or later
        CFLAGS="$CFLAGS -shared-intel"
      fi
      #
    fi
    ;;
  #
 esac
 dnl ************************************************************
 dnl switch off particular protocols
@@ -284,6 +326,32 @@ AC_HELP_STRING([--disable-ldap],[Disable LDAP support]),
  esac ],
       AC_MSG_RESULT(yes)
 )
 AC_MSG_CHECKING([whether to support ldaps])
 AC_ARG_ENABLE(ldaps,
 AC_HELP_STRING([--enable-ldaps],[Enable LDAPS support])
 AC_HELP_STRING([--disable-ldaps],[Disable LDAPS support]),
 [ case "$enableval" in
  no)
       AC_MSG_RESULT(no)
       AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS])
       AC_SUBST(CURL_DISABLE_LDAPS, [1])
       ;;
  *)   if test x$CURL_DISABLE_LDAP = x1 ; then
               AC_MSG_RESULT(LDAP support needs to be enabled in order to enable LDAPS support!)
               AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS])
               AC_SUBST(CURL_DISABLE_LDAPS, [1])
       else
               AC_MSG_RESULT(yes)
               AC_DEFINE(HAVE_LDAP_SSL, 1, [Use LDAPS implementation])
               curl_ldaps_msg="enabled"
       fi
       ;;
  esac ],
       AC_MSG_RESULT(no)
       AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS])
       AC_SUBST(CURL_DISABLE_LDAPS, [1])
 )
 AC_MSG_CHECKING([whether to support dict])
 AC_ARG_ENABLE(dict,
 AC_HELP_STRING([--enable-dict],[Enable DICT support])
@@ -500,55 +568,82 @@ AC_HELP_STRING([--enable-libgcc],[use libgcc when linking]),
       AC_MSG_RESULT(no)
 )
 dnl dl lib?
 AC_CHECK_FUNC(dlclose, , [ AC_CHECK_LIB(dl, dlopen) ])
 dnl **********************************************************************
-dnl Check for the name of dynamic OpenLDAP libraries
+dnl Check for LDAP
 dnl **********************************************************************
 LDAPLIBNAME=""
 AC_ARG_WITH(ldap-lib,
-AC_HELP_STRING([--with-ldap-lib=libname],[Specify name of dynamic ldap lib file]),
+AC_HELP_STRING([--with-ldap-lib=libname],[Specify name of ldap lib file]),
 [LDAPLIBNAME="$withval"])
 LBERLIBNAME=""
 AC_ARG_WITH(lber-lib,
-AC_HELP_STRING([--with-lber-lib=libname],[Specify name of dynamic lber lib file]),
+AC_HELP_STRING([--with-lber-lib=libname],[Specify name of lber lib file]),
 [LBERLIBNAME="$withval"])
 if test x$CURL_DISABLE_LDAP != x1 ; then
  CURL_CHECK_HEADER_LBER
  CURL_CHECK_HEADER_LDAP
  CURL_CHECK_HEADER_LDAPSSL
  CURL_CHECK_HEADER_LDAP_SSL
  if test -z "$LDAPLIBNAME" ; then
    case $host in
-      *-*-cygwin | *-*-mingw* | *-*-pw32*)
+      *-*-cygwin* | *-*-mingw* | *-*-pw32*)
        dnl Windows uses a single and unique OpenLDAP DLL name
-        LDAPLIBNAME="wldap32.dll"
+        LDAPLIBNAME="wldap32"
        LBERLIBNAME="no"
        ;;
    esac
  fi
  if test "$LDAPLIBNAME" ; then
-    AC_DEFINE_UNQUOTED(DL_LDAP_FILE, "$LDAPLIBNAME")
+    AC_CHECK_LIB("$LDAPLIBNAME", ldap_init,, [
-    AC_MSG_CHECKING([name of dynamic library ldap])
+      AC_MSG_WARN(["$LDAPLIBNAME" is not an LDAP library: LDAP disabled])
-    AC_MSG_RESULT($LDAPLIBNAME)
+      AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP])
      AC_SUBST(CURL_DISABLE_LDAP, [1])])
  else
-    dnl Try to find the right ldap library name for this system
+    dnl Try to find the right ldap libraries for this system
-    CURL_DLLIB_NAME(DL_LDAP_FILE, ldap)
+    CURL_CHECK_LIBS_LDAP
    case X-"$curl_cv_ldap_LIBS" in
      X-unknown)
        AC_MSG_WARN([Cannot find libraries for LDAP support: LDAP disabled])
        AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP])
        AC_SUBST(CURL_DISABLE_LDAP, [1])
        ;;
    esac
  fi
 fi
 if test x$CURL_DISABLE_LDAP != x1 ; then
  if test "$LBERLIBNAME" ; then
-    dnl If name is "no" then don't define this variable at all
+    dnl If name is "no" then don't define this library at all
    dnl (it's only needed if libldap.so's dependencies are broken).
    if test "$LBERLIBNAME" != "no" ; then
-      AC_DEFINE_UNQUOTED(DL_LBER_FILE, "$LBERLIBNAME")
+      AC_CHECK_LIB("$LBERLIBNAME", ber_free,, [
        AC_MSG_WARN(["$LBERLIBNAME" is not an LBER library: LDAP disabled])
        AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP])
        AC_SUBST(CURL_DISABLE_LDAP, [1])])
    fi
-    AC_MSG_CHECKING([name of dynamic library lber])
+  fi
-    AC_MSG_RESULT($LBERLIBNAME)
+fi
 if test x$CURL_DISABLE_LDAP != x1 ; then
  AC_CHECK_FUNCS([ldap_url_parse])
  if test "$LDAPLIBNAME" = "wldap32"; then
    curl_ldap_msg="enabled (winldap)"
    AC_DEFINE(CURL_LDAP_WIN, 1, [Use W$ LDAP implementation])
    case $host in
      *-*-cygwin* | *-*-pw32*)
        AC_DEFINE(CURL_LDAP_HYBRID, 1, [W$ LDAP with non-W$ compiler])
        ;;
    esac
  else
-    dnl Try to find the right lber library name for this system
+    curl_ldap_msg="enabled (OpenLDAP)"
    CURL_DLLIB_NAME(DL_LBER_FILE, lber)
  fi
 fi
@@ -1262,6 +1357,7 @@ if test X"$OPT_LIBSSH2" != Xno; then
    curl_ssh_msg="enabled (libSSH2)"
    LIBSSH2_ENABLED=1
    AC_DEFINE(USE_LIBSSH2, 1, [if libSSH2 is in use]))
    AC_SUBST(USE_LIBSSH2, [1])
  if test X"$OPT_LIBSSH2" != Xoff &&
     test "$LIBSSH2_ENABLED" != "1"; then
@@ -1417,6 +1513,14 @@ if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then
      version="unknown"
      gtlsprefix=$OPT_GNUTLS
    fi
    dnl Check for functionPK11_CreateGenericObject
    dnl this is needed for using the PEM PKCS#11 module
    AC_CHECK_LIB(nss3, PK11_CreateGenericObject-d,
     [
     AC_DEFINE(HAVE_PK11_CREATEGENERICOBJECT, 1, [if you have the function PK11_CreateGenericObject])
     AC_SUBST(HAVE_PK11_CREATEGENERICOBJECT, [1])
     ])
    if test -n "$addlib"; then
      CLEANLIBS="$LIBS"
@@ -1468,7 +1572,7 @@ dnl **********************************************************************
 dnl Check for the CA bundle
 dnl **********************************************************************
-if test X"$USE_GNUTLS$OPENSSL_ENABLED" != "X"; then
+if test X"$USE_NSS$USE_GNUTLS$OPENSSL_ENABLED" != "X"; then
  AC_MSG_CHECKING([CA cert bundle install path])
@@ -1716,7 +1820,6 @@ AC_CHECK_HEADERS(
        termio.h \
        sgtty.h \
        fcntl.h \
        dlfcn.h \
        alloca.h \
        time.h \
        io.h \
@@ -1839,6 +1942,7 @@ AC_CHECK_FUNCS( strtoll \
                select \
                strdup \
                strstr \
                strcasestr \
                strtok_r \
                uname \
                strcasecmp \
@@ -1858,7 +1962,6 @@ AC_CHECK_FUNCS( strtoll \
                strlcat \
                getpwuid \
                geteuid \
                dlopen \
                utime \
                sigsetjmp \
                basename \
@@ -2138,7 +2241,6 @@ AC_HELP_STRING([--disable-verbose],[Disable verbose strings]),
  no)
       AC_MSG_RESULT(no)
       AC_DEFINE(CURL_DISABLE_VERBOSE_STRINGS, 1, [to disable verbose strings])
       AC_SUBST(CURL_DISABLE_VERBOSE_STRINGS)
       curl_verbose_msg="no"
       ;;
  *)   AC_MSG_RESULT(yes)
@@ -2161,7 +2263,7 @@ AC_HELP_STRING([--disable-sspi],[Disable SSPI]),
       if test "$ac_cv_native_windows" = "yes"; then
         AC_MSG_RESULT(yes)
         AC_DEFINE(USE_WINDOWS_SSPI, 1, [to enable SSPI support])
-         AC_SUBST(USE_WINDOWS_SSPI)
+         AC_SUBST(USE_WINDOWS_SSPI, [1])
         curl_sspi_msg="yes"
       else
         AC_MSG_RESULT(no)
@@ -2211,7 +2313,6 @@ AC_HELP_STRING([--disable-crypto-auth],[Disable cryptographic authentication]),
  no)
       AC_MSG_RESULT(no)
       AC_DEFINE(CURL_DISABLE_CRYPTO_AUTH, 1, [to disable cryptographic authentication])
       AC_SUBST(CURL_DISABLE_CRYPTO_AUTH)
       ;;
  *)   AC_MSG_RESULT(yes)
       ;;
@@ -2230,7 +2331,6 @@ AC_HELP_STRING([--disable-cookies],[Disable cookies support]),
  no)
       AC_MSG_RESULT(no)
       AC_DEFINE(CURL_DISABLE_COOKIES, 1, [to disable cookies support])
       AC_SUBST(CURL_DISABLE_COOKIES)
       ;;
  *)   AC_MSG_RESULT(yes)
       ;;
@@ -2257,9 +2357,7 @@ AC_HELP_STRING([--disable-hidden-symbols],[Leave all symbols with default visibi
         if $CC --help --verbose 2>&1 | grep fvisibility= > /dev/null ; then
           AC_MSG_RESULT(yes)
           AC_DEFINE(CURL_HIDDEN_SYMBOLS, 1, [to enable hidden symbols])
 	   AC_SUBST(CURL_HIDDEN_SYMBOLS)
           AC_DEFINE(CURL_EXTERN_SYMBOL, [__attribute__ ((visibility ("default")))], [to make a symbol visible])
 	   AC_SUBST(CURL_EXTERN_SYMBOL)
           CFLAGS="$CFLAGS -fvisibility=hidden"
         else
            AC_MSG_RESULT(no)
@@ -2270,9 +2368,7 @@ AC_HELP_STRING([--disable-hidden-symbols],[Leave all symbols with default visibi
         if $CC 2>&1 | grep flags >/dev/null && $CC -flags | grep xldscope= >/dev/null ; then
           AC_MSG_RESULT(yes)
           AC_DEFINE(CURL_HIDDEN_SYMBOLS, 1, [to enable hidden symbols])
 	   AC_SUBST(CURL_HIDDEN_SYMBOLS)
           AC_DEFINE(CURL_EXTERN_SYMBOL, [__global], [to make a symbol visible])
 	   AC_SUBST(CURL_EXTERN_SYMBOL)
           CFLAGS="$CFLAGS -xldscope=hidden"
         else
           AC_MSG_RESULT(no)
@@ -2363,4 +2459,6 @@ AC_MSG_NOTICE([Configured to build curl/libcurl:
  Verbose errors:  ${curl_verbose_msg}
  SSPI support:    ${curl_sspi_msg}
  ca cert path:    ${ca}
  LDAP support:    ${curl_ldap_msg}
  LDAPS support:   ${curl_ldaps_msg}
 ])
--- a/curl-config.in
+++ b/curl-config.in
@@ -41,10 +41,11 @@ Available values for OPTION include:
  --cflags    pre-processor and compiler flags
  --checkfor [version] check for (lib)curl of the specified version
  --features  newline separated list of enabled features
  --protocols newline separated list of enabled protocols
  --help      display this help and exit
  --libs      library linking information
  --prefix    curl install prefix
  --protocols newline separated list of enabled protocols
  --static-libs static libcurl library linking information
  --version   output version information
  --vernum    output the version information as a number (hexadecimal)
 EOF
@@ -131,12 +132,19 @@ while test $# -gt 0; do
 	if test "@CURL_DISABLE_LDAP@" != "1"; then
          echo "LDAP"
        fi
 	if test "@CURL_DISABLE_LDAPS@" != "1"; then
          echo "LDAPS"
        fi
 	if test "@CURL_DISABLE_DICT@" != "1"; then
          echo "DICT"
        fi
 	if test "@CURL_DISABLE_TFTP@" != "1"; then
          echo "TFTP"
        fi
 	if test "@USE_LIBSSH2@" = "1"; then
          echo "SCP"
          echo "SFTP"
        fi
 	;;
    --version)
 	echo libcurl @VERSION@
@@ -193,6 +201,10 @@ while test $# -gt 0; do
 	fi
 	;;
    --static-libs)
 	echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@ @LIBS@
 	;;
    *)
        echo "unknown option: $1"
 	usage 1
--- a/docs/BINDINGS
+++ b/docs/BINDINGS
@@ -32,7 +32,7 @@ C
 C++
  Written by Jean-Philippe Barrette-LaPierre
-  http://rrette.com/curlpp.html
+  http://rrette.com/textpattern/index.php?s=cURLpp
 Ch
@@ -82,9 +82,12 @@ Lisp
 Lua
-  LuaCURL Written by Alexander Marinov
+  luacurl by Alexander Marinov
  http://luacurl.luaforge.net/
  Lua-cURL by J<>rgen H<>tzel
  http://luaforge.net/projects/lua-curl/
 Mono
  Written by Jeffrey Phillips
@@ -92,7 +95,7 @@ Mono
 .NET
-  libcurl-net Written by Jeffrey Phillips
+  libcurl-net by Jeffrey Phillips
  http://sourceforge.net/projects/libcurl-net/
 Object-Pascal
@@ -127,12 +130,12 @@ PostgreSQL
 Python
-  PycURL is written by Kjetil Jacobsen
+  PycURL by Kjetil Jacobsen
  http://pycurl.sourceforge.net/
 R
-  RCurl is written by Duncan Temple Lang
+  RCurl by Duncan Temple Lang
  http://www.omegahat.org/RCurl/
 Rexx
@@ -147,32 +150,36 @@ Ruby
 Scheme
-  Bigloo binding written by Kirill Lisovsky
+  Bigloo binding by Kirill Lisovsky
  http://curl.haxx.se/libcurl/scheme/
 S-Lang
-  S-Lang binding written by John E Davis
+  S-Lang binding by John E Davis
  http://www.jedsoft.org/slang/modules/curl.html
 Smalltalk
-  Smalltalk binding written by Danil Osipchuk
+  Smalltalk binding by Danil Osipchuk
  http://www.squeaksource.com/CurlPlugin/
 SP-Forth
  SP-Forth binding by ygrek
  http://www.forth.org.ru/~ac/lib/lin/curl/
 SPL
-  SPL binding written by Clifford Wolf
+  SPL binding by Clifford Wolf
  http://www.clifford.at/spl/
 Tcl
-  Tclcurl is written by Andr<64>s Garc<72>a
+  Tclcurl by Andr<64>s Garc<72>a
  http://personal1.iddeo.es/andresgarci/tclcurl/english/docs.html
 Visual Basic
-  libcurl-vb is written by Jeffrey Phillips
+  libcurl-vb by Jeffrey Phillips
  http://sourceforge.net/projects/libcurl-vb/
 Q
--- a/docs/BUGS
+++ b/docs/BUGS
@@ -8,7 +8,7 @@ $Id$
 BUGS
  Curl and libcurl have grown substantially since the beginning. At the time
-  of writing (August 2003), there are about 40000 lines of source code, and by
+  of writing (July 2007), there are about 47000 lines of source code, and by
  the time you read this it has probably grown even more.
  Of course there are lots of bugs left. And lots of misfeatures.
@@ -39,6 +39,7 @@ WHAT TO REPORT
   - your operating system's name and version number (uname -a under a unix
     is fine)
   - what version of curl you're using (curl -V is fine)
   - versions of the used libraries that libcurl is built to use
   - what URL you were working with (if possible), at least which protocol
  and anything and everything else you think matters. Tell us what you
--- a/docs/CONTRIBUTE
+++ b/docs/CONTRIBUTE
@@ -10,16 +10,46 @@
 mind when you decide to contribute to the project. This concerns new features
 as well as corrections to existing flaws or bugs.
-Join the Community
+ 1. Learning cURL
 1.1 Join the Community
 1.2 License
 1.3 What To Read
 2. cURL Coding Standards
 2.1 Naming
 2.2 Indenting
 2.3 Commenting
 2.4 Line Lengths
 2.5 General Style
 2.6 Non-clobbering All Over
 2.7 Platform Dependent Code
 2.8 Write Separate Patches
 2.9 Patch Against Recent Sources
 2.10 Document
 2.11 Test Cases
 3. Pushing Out Your Changes 
 3.1 Write Access to CVS Repository
 3.2 How To Make a Patch
 3.3 How to get your changes into the main sources
 ==============================================================================
 1. Learning cURL
 1.1 Join the Community
 Skip over to http://curl.haxx.se/mail/ and join the appropriate mailing
 list(s).  Read up on details before you post questions. Read this file before
 you start sending patches! We prefer patches and discussions being held on
 the mailing list(s), not sent to individuals.
 Before posting to one of the curl mailing lists, please read up on the mailing
 list etiquette: http://curl.haxx.se/mail/etiquette.html
 We also hang out on IRC in #curl on irc.freenode.net
-License
+1.2. License
 When contributing with code, you agree to put your changes and new code under
 the same license curl and libcurl is already using unless stated and agreed
@@ -43,14 +73,16 @@ License
 give credit but also to keep a trace back to who made what changes. Please
 always provide us with your full real name when contributing!
-What To Read
+1.3 What To Read
 Source code, the man pages, the INTERNALS document, TODO, KNOWN_BUGS, the
 most recent CHANGES. Just lurking on the libcurl mailing list is gonna give
 you a lot of insights on what's going on right now. Asking there is a good
 idea too.
-Naming
+2. cURL Coding Standards
 2.1 Naming
 Try using a non-confusing naming scheme for your new functions and variable
 names. It doesn't necessarily have to mean that you should use the same as in
@@ -61,7 +93,7 @@ Naming
 See the INTERNALS document on how we name non-exported library-global
 symbols.
-Indenting
+2.2 Indenting
 Please try using the same indenting levels and bracing method as all the
 other code already does. It makes the source code a lot easier to follow if
@@ -70,7 +102,7 @@ Indenting
 using spaces only (no tabs) and having the opening brace ({) on the same line
 as the if() or while().
-Commenting
+2.3 Commenting
 Comment your source code extensively using C comments (/* comment */), DO NOT
 use C++ comments (// this style). Commented code is quality code and enables
@@ -78,12 +110,16 @@ Commenting
 replaced when someone wants to extend things, since other persons' source
 code can get quite hard to read.
-General Style
+2.4 Line Lengths
 We try to keep source lines shorter than 80 columns.
 2.5 General Style
 Keep your functions small. If they're small you avoid a lot of mistakes and
 you don't accidentally mix up variables etc.
-Non-clobbering All Over
+2.6 Non-clobbering All Over
 When you write new functionality or fix bugs, it is important that you don't
 fiddle all over the source files and functions. Remember that it is likely
@@ -92,14 +128,14 @@ Non-clobbering All Over
 functionality, try writing it in a new source file. If you fix bugs, try to
 fix one bug at a time and send them as separate patches.
-Platform Dependent Code
+2.7 Platform Dependent Code
 Use #ifdef HAVE_FEATURE to do conditional code. We avoid checking for
 particular operating systems or hardware in the #ifdef lines. The
 HAVE_FEATURE shall be generated by the configure script for unix-like systems
 and they are hard-coded in the config-[system].h files for the others.
-Separate Patches
+2.8 Write Separate Patches
 It is annoying when you get a huge patch from someone that is said to fix 511
 odd problems, but discussions and opinions don't agree with 510 of them - or
@@ -110,14 +146,14 @@ Separate Patches
 description exactly what they correct so that all patches can be selectively
 applied by the maintainer or other interested parties.
-Patch Against Recent Sources
+2.9 Patch Against Recent Sources
 Please try to get the latest available sources to make your patches
 against. It makes the life of the developers so much easier. The very best is
 if you get the most up-to-date sources from the CVS repository, but the
 latest release archive is quite OK as well!
-Document
+2.10 Document
 Writing docs is dead boring and one of the big problems with many open source
 projects. Someone's gotta do it. It makes it a lot easier if you submit a
@@ -128,16 +164,7 @@ Document
 ASCII files. All HTML files on the web site and in the release archives are
 generated from the nroff/ASCII versions.
-Write Access to CVS Repository
+2.11 Test Cases
 If you are a frequent contributor, or have another good reason, you can of
 course get write access to the CVS repository and then you'll be able to
 check-in all your changes straight into the CVS tree instead of sending all
 changes by mail as patches. Just ask if this is what you'd want. You will be
 required to have posted a few quality patches first, before you can be
 granted write access.
 Test Cases
 Since the introduction of the test suite, we can quickly verify that the main
 features are working as they're supposed to. To maintain this situation and
@@ -146,7 +173,18 @@ Test Cases
 test case that verifies that it works as documented. If every submitter also
 posts a few test cases, it won't end up as a heavy burden on a single person!
-How To Make a Patch
+3. Pushing Out Your Changes 
 3.1 Write Access to CVS Repository
 If you are a frequent contributor, or have another good reason, you can of
 course get write access to the CVS repository and then you'll be able to
 check-in all your changes straight into the CVS tree instead of sending all
 changes by mail as patches. Just ask if this is what you'd want. You will be
 required to have posted a few quality patches first, before you can be
 granted write access.
 3.2 How To Make a Patch
 Keep a copy of the unmodified curl sources. Make your changes in a separate
 source tree. When you think you have something that you want to offer the
@@ -166,7 +204,7 @@ How To Make a Patch
 For unix-like operating systems:
-        http://www.fsf.org/software/patch/patch.html
+   http://www.gnu.org/software/patch/patch.html
   http://www.gnu.org/directory/diffutils.html
 For Windows:
@@ -174,7 +212,7 @@ How To Make a Patch
   http://gnuwin32.sourceforge.net/packages/patch.htm
   http://gnuwin32.sourceforge.net/packages/diffutils.htm
-How to get your patches into the libcurl sources
+3.3 How to get your changes into the main sources
 1. Submit your patch to the curl-library mailing list
@@ -189,5 +227,5 @@ How to get your patches into the libcurl sources
    simply drop such patches from my TODO list.
 5. If you've followed the above mentioned paragraphs and your patch still
-    hasn't been incorporated after some weeks, consider resubmitting them to
+    hasn't been incorporated after some weeks, consider resubmitting it to the
-    the list.
+    list.
--- a/docs/FAQ
+++ b/docs/FAQ
@@ -1,4 +1,4 @@
-Updated: February 11, 2007 (http://curl.haxx.se/docs/faq.html)
+Updated: July 30, 2007 (http://curl.haxx.se/docs/faq.html)
                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
@@ -68,6 +68,7 @@ FAQ
  4.12 Why do I get "certificate verify failed" ?
  4.13 Why is curl -R on Windows one hour off?
  4.14 Redirects work in browser but not with curl!
  4.15 FTPS doesn't work
 5. libcurl Issues
  5.1 Is libcurl thread-safe?
@@ -289,13 +290,13 @@ FAQ
  Some facts to use as input to the math:
-  curl packages are downloaded from the curl.haxx.se and mirrors almost one
+  curl packages are downloaded from the curl.haxx.se and mirrors over a
  million times per year. curl is installed by default with most Linux
  distributions. curl is installed by default with Mac OS X. curl and libcurl
  as used by numerous applications that include libcurl binaries in their
  distribution packages (like Adobe Acrobat Reader and Google Earth).
-  More than 60 known named companies use curl in commercial environments and
+  More than 70 known named companies use curl in commercial environments and
  products. More than 100 known named open source projects depend on
  (lib)curl.
@@ -374,7 +375,7 @@ FAQ
  2.4 Does curl support Socks (RFC 1928) ?
-  Yes, SOCKS5 is supported.
+  Yes, SOCKS 4 and 5 are supported.
 3. Usage problems
@@ -446,6 +447,10 @@ FAQ
     curl -O ftp://download.com/coolfile -Q '-DELE coolfile'
  or rename a file after upload:
     curl -T infile ftp://upload.com/dir/ -Q "-RNFR infile" -Q "-RNTO newname"
  3.8 How do I tell curl to follow HTTP redirects?
  Curl does not follow so-called redirects by default. The Location: header
@@ -824,6 +829,20 @@ FAQ
  manually figure out what the page is set to do, or you write a script that
  parses the results and fetches the new URL.
  4.15 FTPS doesn't work
  curl supports FTPS (sometimes known as FTP-SSL) both implicit and explicit
  mode.
  When a URL is used that starts with FTPS://, curl assumes implicit SSL on
  the control connection and will therefore immediately connect and try to
  speak SSL. FTPS:// connections default to port 990.
  To use explicit FTPS, you use a FTP:// URL and the --ftp-ssl option (or one
  of its related flavours). This is the most common method, and the one
  mandated by RFC4217. This kind of connection then of course uses the
  standard FTP port 21 by default.
 5. libcurl Issues
@@ -1099,14 +1118,14 @@ FAQ
  In the cURL project we call this module PHP/CURL to differentiate it from
  curl the command line tool and libcurl the library. The PHP team however
  does not refer to it like this (for unknown reasons). They call it plain
-  CURL (often using all caps) which causes much confusion to users which in
+  CURL (often using all caps) or sometimes ext/curl, but both cause much
-  turn gives us a higher question load.
+  confusion to users which in turn gives us a higher question load.
  7.2 Who write PHP/CURL?
  PHP/CURL is a module that comes with the regular PHP package. It depends and
  uses libcurl, so you need to have libcurl installed properly first before
-  PHP/CURL can be used. PHP/CURL is written by Sterling Hughes.
+  PHP/CURL can be used. PHP/CURL was initially written by Sterling Hughes.
  7.3 Can I perform multiple requests using the same handle?
--- a/docs/FEATURES
+++ b/docs/FEATURES
@@ -73,7 +73,7 @@ HTTPS (*1)
 FTP
 - download
 - authentication
- - kerberos4 (*5)
+ - kerberos4 (*5), kerberos5 (*3)
 - active/passive using PORT, EPRT, PASV or EPSV
 - single file size information (compare to HTTP HEAD)
 - 'type=' URL support
--- a/docs/INSTALL
+++ b/docs/INSTALL
@@ -85,15 +85,6 @@ UNIX
        LDFLAGS=-R/usr/local/ssl/lib ./configure --with-ssl
   Another option to the previous trick, is to set LD_LIBRARY_PATH or edit the
   /etc/ld.so.conf file.
   If your SSL library was compiled with rsaref (this was common in the past
   when used in the United States), you may also need to set:
     LIBS=-lRSAglue -lrsaref
     (as suggested by Doug Kaufman)
   MORE OPTIONS
     To force configure to use the standard cc compiler if both cc and gcc are
@@ -143,6 +134,12 @@ UNIX
     To build with NSS support instead of OpenSSL for SSL/TLS, note that
     you need to use both --without-ssl and --with-nss.
     To get GSSAPI support, build with --with-gssapi and have the MIT or
     Heimdal Kerberos 5 packages installed.
     To get support for SCP and SFTP, build with --with-libssh2 and have
     libssh2 0.16 or later installed.
 Win32
 =====
@@ -173,9 +170,17 @@ Win32
   MingW32
   -------
-   Run the 'mingw32.bat' file to get the proper environment variables set,
+   Make sure that MinGW32's bin dir is in the search path, for example:
-   then run 'make mingw32' in the root dir. Use 'make mingw32-ssl' to build
+
-   curl SSL enabled.
+     set PATH=c:\mingw32\bin;%PATH%
   then run 'mingw32-make mingw32' in the root dir. There are other
   make targets available to build libcurl with more features, use:
   'mingw32-make mingw32-zlib' to build with Zlib support;
   'mingw32-make mingw32-ssl-zlib' to build with SSL and Zlib enabled;
   'mingw32-make mingw32-ssh2-ssl-zlib' to build with SSH2, SSL, Zlib;
   'mingw32-make mingw32-ssh2-ssl-sspi-zlib' to build with SSH2, SSL, Zlib
   and SSPI support.
   If you have any problems linking libraries or finding header files, be sure
   to verify that the provided "Makefile.m32" files use the proper paths, and
@@ -183,19 +188,38 @@ Win32
   environment variables, for example:
     set ZLIB_PATH=c:\zlib-1.2.3
-     set OPENSSL_PATH=c:\openssl-0.9.8d
+     set OPENSSL_PATH=c:\openssl-0.9.8e
-     set LIBSSH2_PATH=c:\libssh2-0.15
+     set LIBSSH2_PATH=c:\libssh2-0.17
   ATTENTION: if you want to build with libssh2 support you have to use latest
-   sources fetched from CVS - the current 0.14 release will NOT work!
+   version 0.17 - previous versions will NOT work with 7.17.0 and later!
-   Use 'make mingw32-ssh2-ssl' to build curl with SSH2 and SSL enabled.
+   Use 'mingw32-make mingw32-ssh2-ssl-zlib' to build with SSH2 and SSL enabled.
   It is now also possible to build with other LDAP SDKs than MS LDAP;
   currently it is possible to build with native Win32 OpenLDAP, or with the
   Novell CLDAP SDK. If you want to use these you need to set these vars:
     set LDAP_SDK=c:\openldap
     set USE_LDAP_OPENLDAP=1
   or for using the Novell SDK:
     set USE_LDAP_NOVELL=1
   If you want to enable LDAPS support then set LDAPS=1.
   - optional MingW32-built OpenlDAP SDK available from:
     http://www.gknw.net/mirror/openldap/
   - optional recent Novell CLDAP SDK available from:
     http://developer.novell.com/ndk/cldap.htm
   Cygwin
   ------
   Almost identical to the unix installation. Run the configure script in the
   curl root with 'sh configure'. Make sure you have the sh executable in
-   /bin/ or you'll see the configure fail towards the end.
+   /bin/ or you'll see the configure fail toward the end.
   Run 'make'
@@ -233,7 +257,7 @@ Win32
   Before running nmake define the OPENSSL_PATH environment variable with
   the root/base directory of OpenSSL, for example:
-     set OPENSSL_PATH=c:\openssl-0.9.8d
+     set OPENSSL_PATH=c:\openssl-0.9.8e
   Then run 'nmake vc-ssl' or 'nmake vc-ssl-dll' in curl's root
   directory.  'nmake vc-ssl' will create a libcurl static and dynamic
@@ -307,6 +331,7 @@ Win32
   CURL_DISABLE_TELNET   disables TELNET
   CURL_DISABLE_DICT     disables DICT
   CURL_DISABLE_FILE     disables FILE
   CURL_DISABLE_TFTP     disables TFTP
   If you want to set any of these defines you have the following
   possibilities:
@@ -399,7 +424,7 @@ VMS
   Facility - basically the program ID. A code assigned to the program
   the name can be fetched from external or internal message libraries
-   Errorcode - the errodes assigned by the application
+   Error code - the err codes assigned by the application
   Sev. - severity: Even = error, off = non error
      0 = Warning
      1 = Success
@@ -409,7 +434,7 @@ VMS
      <5-7> reserved.
   This all presents itself with:
-   %<FACILITY>-<SeV>-<Errorname>, <Error message>
+   %<FACILITY>-<Sev>-<Errorname>, <Error message>
   See also the src/curlmsg.msg file, it has the source for the messages In
   src/main.c a section is devoted to message status values, the globalvalues
@@ -484,18 +509,33 @@ NetWare
     http://www.gknw.net/development/prgtools/
   - recent Novell LibC SDK available from:
     http://developer.novell.com/ndk/libc.htm
-   - optional zlib sources (at the moment only dynamic linking with zlib.imp);
+   - or recent Novell CLib SDK available from:
     http://developer.novell.com/ndk/clib.htm
   - optional recent Novell CLDAP SDK available from:
     http://developer.novell.com/ndk/cldap.htm
   - optional zlib sources (static or dynamic linking with zlib.imp);
     sources with NetWare Makefile can be obtained from:
     http://www.gknw.net/mirror/zlib/
-   - optional OpenSSL sources (version 0.9.8 or later which builds with BSD);
+   - optional OpenSSL sources (version 0.9.8 or later build with BSD sockets);
     you can find precompiled packages at:
     http://www.gknw.net/development/ossl/netware/
     for CLIB-based builds OpenSSL needs to be patched to build with BSD
     sockets (currently only a winsock-based CLIB build is supported):
     http://www.gknw.net/development/ossl/netware/patches/v_0.9.8e/openssl-0.9.8e.diff
   - optional SSH2 sources (version 0.17 or later);
   Set a search path to your compiler, linker and tools; on Linux make
-   sure that the var OSTYPE contains the string 'linux'; and then type
+   sure that the var OSTYPE contains the string 'linux'; set the var
-   'make netware' from the top source directory; other tagets available
+   NDKBASE to point to the base of your Novell NDK; and then type
   'make netware' from the top source directory; other targets available
   are 'netware-ssl', 'netware-ssl-zlib', 'netware-zlib' and 'netware-ares';
   if you need other combinations you can control the build with the
-   environment variables WITH_SSL, WITH_ZLIB, WITH_ARES and ENABLE_IPV6.
+   environment variables WITH_SSL, WITH_ZLIB, WITH_ARES, WITH_SSH2, and
-   I found on some Linux systems (RH9) that OS detection didnt work although
+   ENABLE_IPV6; you can set LINK_STATIC=1 to link curl.nlm statically.
   By default LDAP support is enabled, however currently you will need a patch
   in order to use the CLDAP NDK with BSD sockets (Novell Bug 300237):
   http://www.gknw.net/test/curl/cldap_ndk/ldap_ndk.diff
   I found on some Linux systems (RH9) that OS detection didn't work although
   a 'set | grep OSTYPE' shows the var present and set; I simply overwrote it
   with 'OSTYPE=linux-rh9-gnu' and the detection in the Makefile worked...
   Any help in testing appreciated!
@@ -578,29 +618,40 @@ eCos
 Minix
 =====
   curl can be compiled on Minix 3 using gcc or ACK (starting with
-   ver. 3.1.3).  The gcc and bash packages must be installed first.
+   ver. 3.1.3).  The default heap size allocated to several required
-   The default heap size allocated to bash is inadequate for running
+   programs is inadequate for configuring and compiling curl and will
-   configure and will result in out of memory errors.  Increase it with
+   result in strange errors unless fixed (which only needs to be done
-   the command:
+   once).
-     chmem =2048000 /usr/local/bin/bash
+   ACK
-
+   ---
-   Make sure gcc and bash are in the PATH with the command:
+   Increase heap sizes with the commands:
     export PATH=/usr/gnu/bin:$PATH
   then configure curl with a command like this:
     ./configure CC=gcc GREP=grep AR=/usr/gnu/bin/gar --disable-ldap
   Then simply run 'make'.
   To compile with the ACK C compiler:
     chmem =1024000 /usr/lib/em_cemcom.ansi
     chmem =512000 /usr/lib/i386/as
-     ./configure CC=cc LD=cc GREP=grep CPPFLAGS=-D_POSIX_SOURCE=1 \
+
-                 --disable-ldap
+   If you have bash installed:
     chmem =2048000 /usr/local/bin/bash
   Configure and compile with:
     ./configure CC=cc LD=cc GREP=grep CPPFLAGS=-D_POSIX_SOURCE=1
     make
   GCC
   ---
   If you have bash installed:
     chmem =2048000 /usr/local/bin/bash
   Make sure gcc is in your PATH with the command:
     export PATH=/usr/gnu/bin:$PATH
   then configure and compile curl with:
     ./configure CC=gcc GREP=grep AR=/usr/gnu/bin/gar
     make
@@ -663,6 +714,9 @@ REDUCING SIZE
      ./configure CFLAGS='-Os' ...
   Note that newer compilers often produce smaller code than older versions
   due to better optimization.
   Be sure to specify as many --disable- and --without- flags on the configure
   command-line as you can to disable all the libcurl features that you
   know your application is not going to need.  Besides specifying the
@@ -689,9 +743,9 @@ REDUCING SIZE
   sections of the shared library using the -R option to objcopy (e.g. the
   .comment section).
-   Using these techniques it is possible to create an HTTP-only shared
+   Using these techniques it is possible to create an HTTP-only shared libcurl
-   libcurl library for i386 Linux platforms that is less than 90 KB in
+   library for i386 Linux platforms that is only 96 KiB in size (as of libcurl
-   size (as of version 7.15.4).
+   version 7.17.1, using gcc 4.2.2).
   You may find that statically linking libcurl to your application will
   result in a lower total size.
@@ -716,6 +770,7 @@ PORTS
        - HP3000 MPE/iX
        - MIPS IRIX 6.2, 6.5
        - MIPS Linux
        - OS/400
        - Pocket PC/Win CE 3.0
        - Power AIX 3.2.5, 4.2, 4.3.1, 4.3.2, 5.1, 5.2
        - PowerPC Darwin 1.0
@@ -730,6 +785,7 @@ PORTS
        - StrongARM (and other ARM) RISC OS 3.1, 4.02
        - StrongARM/ARM7/ARM9 Linux 2.4, 2.6
        - StrongARM NetBSD 1.4.1
        - TPF
        - Ultrix 4.3a
        - UNICOS 9.0
        - i386 BeOS
--- a/docs/INTERNALS
+++ b/docs/INTERNALS
@@ -1,4 +1,3 @@
                                    Updated for curl 7.9.1 on November 2, 2001
                                  _   _ ____  _     
                              ___| | | |  _ \| |    
                             / __| | | | |_) | |    
@@ -37,8 +36,8 @@ Windows vs Unix
 2. Windows requires a couple of init calls for the socket stuff.
-   Those must be made by the application that uses libcurl, in curl that means
+   That's taken care of by the curl_global_init() call, but if other libs also
-   src/main.c has some code #ifdef'ed to do just that.
+   do it etc there might be reasons for applications to alter that behaviour.
 3. The file descriptors for network communication and file operations are
    not easily interchangable as in unix.
--- a/docs/KNOWN_BUGS
+++ b/docs/KNOWN_BUGS
@@ -3,8 +3,17 @@ join in and help us correct one or more of these! Also be sure to check the
 changelog of the current development status, as one or more of these problems
 may have been fixed since this was written!
-44. --ftp-method nocwd does not handle URLs ending with a slash properly (it
+48. If a CONNECT response-headers are larger than BUFSIZE (16KB) when the
-  should list the contents of that directory). See test case 351.
+  connection is meant to be kept alive (like for NTLM proxy auth), the
  function will return prematurely and will confuse the rest of the HTTP
  protocol code. This should be very rare.
 45. libcurl built to support ipv6 uses getaddrinfo() to resolve host names.
  getaddrinfo() sorts the response list which effectively kills how libcurl
  deals with round-robin DNS entries. All details:
    http://curl.haxx.se/mail/lib-2007-07/0168.html
  initial suggested function to use for randomizing the response:
    http://curl.haxx.se/mail/lib-2007-07/0178.html
 43. There seems to be a problem when connecting to the Microsoft telnet server.
  http://curl.haxx.se/bug/view.cgi?id=1720605
@@ -56,7 +65,7 @@ may have been fixed since this was written!
  IPv6 numerical addresses in URLs.
 29. IPv6 URLs with zone ID is not supported.
-  http://www.ietf.org/internet-drafts/draft-fenner-literal-zone-02.txt
+  http://www.ietf.org/internet-drafts/draft-fenner-literal-zone-02.txt (expired)
  specifies the use of a plus sign instead of a percent when specifying zone
  IDs in URLs to get around the problem of percent signs being
  special. According to the reporter, Firefox deals with the URL _with_ a
@@ -71,7 +80,6 @@ may have been fixed since this was written!
 23. SOCKS-related problems:
  A) libcurl doesn't support SOCKS for IPv6.
  B) libcurl doesn't support FTPS over a SOCKS proxy.
  C) We don't have any test cases for SOCKS proxy.
  E) libcurl doesn't support active FTP over a SOCKS proxy
  We probably have even more bugs and lack of features when a SOCKS proxy is
--- a/docs/MANUAL
+++ b/docs/MANUAL
@@ -809,18 +809,19 @@ CUSTOM OUTPUT
        curl -w 'We downloaded %{size_download} bytes\n' www.download.com
-KERBEROS4 FTP TRANSFER
+KERBEROS FTP TRANSFER
-  Curl supports kerberos4 for FTP transfers. You need the kerberos package
+  Curl supports kerberos4 and kerberos5/GSSAPI for FTP transfers. You need
-  installed and used at curl build time for it to be used.
+  the kerberos package installed and used at curl build time for it to be
  used.
-  First, get the krb-ticket the normal way, like with the kauth tool. Then use
+  First, get the krb-ticket the normal way, like with the kinit/kauth tool.
-  curl in way similar to:
+  Then use curl in way similar to:
-        curl --krb4 private ftp://krb4site.com -u username:fakepwd
+        curl --krb private ftp://krb4site.com -u username:fakepwd
  There's no use for a password on the -u switch, but a blank one will make
-  curl ask for one and you already entered the real password to kauth.
+  curl ask for one and you already entered the real password to kinit/kauth.
 TELNET
--- a/docs/README.win32
+++ b/docs/README.win32
@@ -20,3 +20,7 @@ README.win32
  command line similar to this in order to extract a separate text file:
        curl -M >manual.txt
  Read the INSTALL file for instructions how to compile curl self.
--- a/docs/THANKS
+++ b/docs/THANKS
@@ -5,6 +5,7 @@
 If you have contributed but are missing here, please let us know!
 Adam D. Moss
 Adam Piggott
 Adrian Schuur
 Alan Pinstein
 Albert Chin-A-Young
@@ -20,8 +21,11 @@ Alexander Lazic
 Alexander Zhuravlev
 Alexey Simak
 Alexis Carvalho
 Allen Pulsifer
 Amol Pattekar
 Anders Gustafsson
 Andi Jahja
 Andre Guibert de Bruet
 Andreas Damm
 Andreas Ntaflos
 Andreas Olsson
@@ -32,6 +36,7 @@ Andrew Biggs
 Andrew Bushnell
 Andrew Francis
 Andrew Fuller
 Andrew Wansink
 Andr<EFBFBD>s Garc<72>a
 Andy Cedilnik
 Andy Serpa
@@ -68,10 +73,12 @@ Casey O'Donnell
 Chih-Chung Chang
 Chris "Bob Bob"
 Chris Combes
 Chris Flerackers
 Chris Gaukroger
 Chris Maltby
 Christian Kurz
 Christian Robottom Reis
 Christian Vogt
 Christophe Demory
 Christophe Legry
 Christopher R. Palmer
@@ -79,6 +86,7 @@ Ciprian Badescu
 Clarence Gardner
 Clifford Wolf
 Cody Jones
 Colin Hogben
 Colin Watson
 Colm Buckley
 Cory Nelson
@@ -93,6 +101,8 @@ Dan Fandrich
 Dan Nelson
 Dan Torop
 Dan Zitter
 Daniel Black
 Daniel Cater
 Daniel Johnson
 Daniel Stenberg
 Daniel at touchtunes
@@ -101,6 +111,7 @@ Dave Dribin
 Dave Halbakken
 Dave Hamilton
 Dave May
 Dave Vasilevsky
 David Byron
 David Cohen
 David Eriksson
@@ -163,20 +174,25 @@ Eygene Ryabinkin
 Fabrizio Ammollo
 Fedor Karpelevitch
 Felix von Leitner
 Feng Tu
 Florian Schoppmann
 Forrest Cahoon
 Frank Hempel
 Frank Keeney
 Frank Ticheler
 Fred New
 Fred Noz
 Frederic Lepied
 Gautam Mani
 Gavrie Philipson
 Gaz Iqbal
 Georg Horn
 Georg Huettenegger
 Georg Wicherski
 Gerd v. Egidy
 Gerhard Herre
 Gerrit Bruchh<68>user
 Giancarlo Formicuccia
 Giaslas Georgios
 Gilad
 Gilbert Ramirez Jr.
@@ -186,7 +202,9 @@ Giuseppe D'Ambrosio
 Glen Nakamura
 Glen Scott
 Greg Hewgill
 Greg Morse
 Greg Onufer
 Greg Zavertnik
 Grigory Entin
 Guenole Bescon
 Guillaume Arluison
@@ -230,6 +248,8 @@ Jan Kunder
 Jared Lundell
 Jari Sundell
 Jason S. Priebe
 Jay Austin
 Jayesh A Shah
 Jaz Fresh
 Jean Jacques Drouin
 Jean-Claude Chauve
@@ -246,6 +266,7 @@ Jesse Noller
 Jim Drash
 Joe Halpin
 Joel Chen
 Jofell Gallardo
 Johan Anderson
 Johan Nilsson
 John Crow
@@ -278,6 +299,7 @@ Kang-Jin Lee
 Karl Moerder
 Karol Pietrzak
 Katie Wang
 Kees Cook
 Keith MacDonald
 Keith McGuigan
 Ken Hirsch
@@ -292,6 +314,7 @@ Kjetil Jacobsen
 Klevtsov Vadim
 Kris Kennaway
 Krishnendu Majumdar
 Kristian Gunstone
 Kristian K<>hntopp
 Kyle Sallee
 Lachlan O'Dea
@@ -391,6 +414,7 @@ Olaf St
 Oren Tirosh
 P R Schaffner
 Patrick Bihan-Faou
 Patrick Monnerat
 Patrick Smith
 Paul Harrington
 Paul Marquis
@@ -405,6 +429,7 @@ Pete Su
 Peter Bray
 Peter Forret
 Peter Heuchert
 Peter O'Gorman
 Peter Pentchev
 Peter Silva
 Peter Su
@@ -422,6 +447,7 @@ Pierre
 Puneet Pawaia
 Quagmire
 Rafael Sagula
 Ralf S. Engelschall
 Ralph Beckmann
 Ralph Mitchell
 Ramana Mokkapati
@@ -434,6 +460,7 @@ Rene Bernhardt
 Rene Rebe
 Ricardo Cadime
 Rich Gray
 Rich Rauenzahn
 Richard Archer
 Richard Atterer
 Richard Bramante
@@ -472,6 +499,7 @@ Samuel D
 Samuel Listopad
 Sander Gates
 Saul good
 Scott Cantor
 Scott Davis
 Sebastien Willemijns
 Sergio Ballestrero
@@ -484,6 +512,8 @@ Siddhartha Prakash Jain
 Simon Dick
 Simon Josefsson
 Simon Liu
 Song Ma
 Sonia Subramanian
 Spiridonoff A.V
 Stadler Stephan
 Stefan Esser
@@ -495,6 +525,7 @@ Stephen More
 Sterling Hughes
 Steve Green
 Steve Lhomme
 Steve Little
 Steve Marx
 Steve Oliphant
 Steven Bazyl
@@ -505,6 +536,7 @@ S
 T. Bharath
 T. Yamada
 Temprimus
 Thomas J. Moore
 Thomas Klausner
 Thomas Schwinge
 Thomas Tonino
@@ -512,6 +544,7 @@ Tim Baker
 Tim Bartley
 Tim Costello
 Tim Sneddon
 Tobias Rundstr<74>m
 Toby Peterson
 Todd Kulesza
 Todd Vierling
@@ -519,6 +552,7 @@ Tom Benoist
 Tom Lee
 Tom Mattison
 Tom Moers
 Tom Regner
 Tom Zerucha
 Tomas Pospisek
 Tomas Szepe
--- a/docs/TODO
+++ b/docs/TODO
@@ -52,6 +52,10 @@ TODO
   that would risk collide with other apps that use libcurl and that runs
   configure).
   Work on this has been started but hasn't been finished, and the initial
   patch and some details are found here:
   http://curl.haxx.se/mail/lib-2006-12/0084.html
 LIBCURL - multi interface
 * Make sure we don't ever loop because of non-blocking sockets return
@@ -72,19 +76,35 @@ TODO
   internally use and assume the multi interface. The select()-loop should use
   curl_multi_socket().
 * curl_multi_handle_control() - this can control the easy handle (while)
   added to a multi handle in various ways:
   o RESTART, unconditionally restart this easy handle's transfer from the
     start, re-init the state
   o RESTART_COMPLETED, restart this easy handle's transfer but only if the
     existing transfer has already completed and it is in a "finished state".
   o STOP, just stop this transfer and consider it completed
   o PAUSE?
   o RESUME?
 DOCUMENTATION
 * More and better
 FTP
 * PRET is a command that primarily "drftpd" supports, which could be useful
   when using libcurl against such a server. It is a non-standard and a rather
   oddly designed command, but...
   http://curl.haxx.se/bug/feature.cgi?id=1729967
 * When trying to connect passively to a server which only supports active
   connections, libcurl returns CURLE_FTP_WEIRD_PASV_REPLY and closes the
   connection. There could be a way to fallback to an active connection (and
   vice versa). http://curl.haxx.se/bug/feature.cgi?id=1754793
 * Make the detection of (bad) %0d and %0a codes in FTP url parts earlier in
   the process to avoid doing a resolve and connect in vain.
 * Support GSS/Kerberos 5 for ftp file transfer. This will allow user
   authentication and file encryption.  Possible libraries and example clients
   are available from MIT or Heimdal. Requested by Markus Moeller.
 * REST fix for servers not behaving well on >2GB requests. This should fail
   if the server doesn't set the pointer to the requested index. The tricky
   (impossible?) part is to figure out if the server did the right thing or
@@ -96,6 +116,7 @@ TODO
 * Make CURLOPT_FTPPORT support an additional port number on the IP/if/name,
   like "blabla:[port]" or possibly even "blabla:[portfirst]-[portsecond]".
   http://curl.haxx.se/bug/feature.cgi?id=1505166
 * FTP ASCII transfers do not follow RFC959. They don't convert the data
   accordingly.
@@ -115,6 +136,9 @@ TODO
   never been reported as causing trouble to anyone, but should be considered
   to use the HTTP version the user has chosen.
 * "Better" support for persistent connections over HTTP 1.0
   http://curl.haxx.se/bug/feature.cgi?id=1089001
 TELNET
 * Reading input (to send to the remote server) on stdin is a crappy solution
@@ -127,6 +151,9 @@ TODO
 SSL
 * Provide an option that allows for disabling specific SSL versions, such as
   SSLv2 http://curl.haxx.se/bug/feature.cgi?id=1767276
 * Provide a libcurl API for setting mutex callbacks in the underlying SSL
   library, so that the same application code can use mutex-locking
   independently of OpenSSL or GnutTLS being used.
@@ -198,6 +225,11 @@ TODO
 CLIENT
 * Add option that is similar to -O but that takes the output file name from
   the Content-Disposition: header, and/or uses the local file name used in
   redirections for the cases the server bounces the request further to a
   different file (name): http://curl.haxx.se/bug/feature.cgi?id=1364676 
 * "curl --sync http://example.com/feed[1-100].rss" or
   "curl --sync http://example.net/{index,calendar,history}.html"
@@ -217,10 +249,10 @@ TODO
 * "curl ftp://site.com/*.txt"
- * The client could be told to use maximum N simultaneous transfers and then
+ * The client could be told to use maximum N simultaneous parallel transfers
-   just make sure that happens. It should of course not make more than one
+   and then just make sure that happens. It should of course not make more
-   connection to the same remote host. This would require the client to use
+   than one connection to the same remote host. This would require the client
-   the multi interface.
+   to use the multi interface. http://curl.haxx.se/bug/feature.cgi?id=1558595
 * Extending the capabilities of the multipart formposting. How about leaving
   the ';type=foo' syntax as it is and adding an extra tag (headers) which
@@ -265,9 +297,6 @@ TODO
   and FTP-SSL tests without the stunnel dependency, and it could allow us to
   provide test tools built with either OpenSSL or GnuTLS
 * Make the test servers able to serve multiple running test suites. Like if
   two users run 'make test' at once.
 * If perl wasn't found by the configure script, don't attempt to run the
   tests but explain something nice why it doesn't.
@@ -277,6 +306,27 @@ TODO
 * Make the test suite work on more platforms. OpenBSD and Mac OS. Remove
   fork()s and it should become even more portable.
 NEXT soname bump
 * #undef CURL_FTP_HTTPSTYLE_HEAD in lib/ftp.c to remove the HTTP-style headers
   from being output in NOBODY requests over ftp
 * Combine some of the error codes to remove duplicates.  The original
   numbering should not be changed, and the old identifiers would be
   macroed to the new ones in an CURL_NO_OLDIES section to help with
   backward compatibility.
   Candidates for removal and their replacements:
      CURLE_FILE_COULDNT_READ_FILE => CURLE_REMOTE_FILE_NOT_FOUND
      CURLE_FTP_COULDNT_RETR_FILE => CURLE_REMOTE_FILE_NOT_FOUND
      CURLE_FTP_COULDNT_USE_REST => CURLE_RANGE_ERROR
      CURLE_FUNCTION_NOT_FOUND => CURLE_FAILED_INIT
      CURLE_LDAP_INVALID_URL => CURLE_URL_MALFORMAT
      CURLE_TFTP_NOSUCHUSER => CURLE_TFTP_ILLEGAL
      CURLE_TFTP_NOTFOUND => CURLE_REMOTE_FILE_NOT_FOUND
      CURLE_TFTP_PERM => CURLE_REMOTE_ACCESS_DENIED
 NEXT MAJOR RELEASE
 * curl_easy_cleanup() returns void, but curl_multi_cleanup() returns a
--- a/docs/curl-config.1
+++ b/docs/curl-config.1
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -21,7 +21,7 @@
 .\" * $Id$
 .\" **************************************************************************
 .\"
-.TH curl-config 1 "25 Jan 2004" "Curl 7.15.4" "curl-config manual"
+.TH curl-config 1 "25 Oct 2007" "Curl 7.17.1" "curl-config manual"
 .SH NAME
 curl-config \- Get information about a libcurl installation
 .SH SYNOPSIS
@@ -62,6 +62,9 @@ the time of writing, this list may include HTTP, HTTPS, FTP, FTPS, FILE,
 TELNET, LDAP, DICT. Do not assume any particular order. The protocols will
 be listed using uppercase and are separated by newlines. There may be none,
 one or several protocols in the list. (Added in 7.13.0)
 .IP "--static-libs"
 Shows the complete set of libs and other linker options you will need in order
 to link your application with libcurl statically. (Added in 7.17.1)
 .IP "--version"
 Outputs version information about the installed libcurl.
 .IP "--vernum"
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -21,7 +21,7 @@
 .\" * $Id$
 .\" **************************************************************************
 .\"
-.TH curl 1 "28 Feb 2007" "Curl 7.16.2" "Curl Manual"
+.TH curl 1 "21 Sep 2007" "Curl 7.17.1" "Curl Manual"
 .SH NAME
 curl \- transfer a URL
 .SH SYNOPSIS
@@ -35,7 +35,7 @@ FILE).  The command is designed to work without user interaction.
 curl offers a busload of useful tricks like proxy support, user
 authentication, ftp upload, HTTP post, SSL connections, cookies, file transfer
-resume and more. As you will see below, the amount of features will make your
+resume and more. As you will see below, the number of features will make your
 head spin!
 curl is powered by libcurl for all transfer-related features. See
@@ -106,8 +106,8 @@ file instead of overwriting it. If the file doesn't exist, it will be created.
 If this option is used twice, the second one will disable append mode again.
 .IP "-A/--user-agent <agent string>"
 (HTTP) Specify the User-Agent string to send to the HTTP server. Some badly
-done CGIs fail if its not set to "Mozilla/4.0".  To encode blanks in the
+done CGIs fail if this field isn't set to "Mozilla/4.0". To encode blanks in
-string, surround the string with single quote marks.  This can also be set
+the string, surround the string with single quote marks. This can also be set
 with the \fI-H/--header\fP option of course.
 If this option is set more than once, the last one will be the one that's
@@ -330,7 +330,9 @@ them independently.
 If curl is built against the NSS SSL library then this option tells
 curl the nickname of the certificate to use within the NSS database defined
-by --cacert.
+by the environment variable SSL_DIR (or by default /etc/pki/nssdb). If the
 NSS PEM PKCS#11 module (libnsspem.so) is available then PEM files may be
 loaded.
 If this option is used several times, the last one will be used.
 .IP "--cert-type <type>"
@@ -352,7 +354,10 @@ The windows version of curl will automatically look for a CA certs file named
 Current Working Directory, or in any folder along your PATH.
 If curl is built against the NSS SSL library then this option tells
-curl the directory that the NSS certificate database resides in.
+curl the nickname of the CA certificate to use within the NSS database
 defined by the environment variable SSL_DIR (or by default /etc/pki/nssdb).
 If the NSS PEM PKCS#11 module (libnsspem.so) is available then PEM files
 may be loaded.
 If this option is used several times, the last one will be used.
 .IP "--capath <CA certificate directory>"
@@ -539,6 +544,11 @@ for you.
 See also the \fI-A/--user-agent\fP and \fI-e/--referer\fP options.
 This option can be used multiple times to add/replace/remove multiple headers.
 .IP "--hostpubmd5"
 Pass a string containing 32 hexadecimal digits. The string should be the 128
 bit MD5 cheksum of the remote host's public key, curl will refuse the
 connection with the host unless the md5sums match. This option is only for SCP
 and SFTP transfers. (Added in 7.17.1)
 .IP "--ignore-content-length"
 (HTTP)
 Ignore the Content-Length header. This is particularly useful for servers
@@ -593,13 +603,14 @@ private key is. DER, PEM and ENG are supported. If not specified, PEM is
 assumed.
 If this option is used several times, the last one will be used.
-.IP "--krb4 <level>"
+.IP "--krb <level>"
-(FTP) Enable Kerberos4 authentication and use. The level must be entered and
+(FTP) Enable Kerberos authentication and use. The level must be entered and
 should be one of 'clear', 'safe', 'confidential' or 'private'. Should you use
 a level that is not one of these, 'private' will instead be used.
-This option requires that the library was built with Kerberos4 support. This
+This option requires that the library was built with kerberos4 or GSSAPI
-is not very common. Use \fI-V/--version\fP to see if your curl supports it.
+(GSS-Negotiate) support. This is not very common. Use \fI-V/--version\fP to
 see if your curl supports it.
 If this option is used several times, the last one will be used.
 .IP "-K/--config <config file>"
@@ -658,6 +669,10 @@ Append this option to any ordinary curl command line, and you will get a
 libcurl-using source code written to the file that does the equivalent
 operation of what your command line operation does!
 NOTE: this does not properly support -F and the sending of multipart
 formposts, so in those cases the output program will be missing necessary
 calls to \fIcurl_formadd(3)\fP, and possibly more.
 If this option is used several times, the last given file name will be used.
 .IP "--limit-rate <speed>"
 Specify the maximum transfer rate you want curl to use. This feature is useful
@@ -764,6 +779,9 @@ meant as a support for Kerberos5 authentication but may be also used along
 with another authentication methods. For more information see IETF draft
 draft-brezak-spnego-http-04.txt.
 If you want to enable Negotiate for your proxy authentication, then use
 \fI--proxy-negotiate\fP.
 This option requires that the library was built with GSSAPI support. This is
 not very common. Use \fI-V/--version\fP to see if your version supports
 GSS-Negotiate.
@@ -834,6 +852,13 @@ You may use this option as many times as you have number of URLs.
 (SSL/SSH) Pass phrase for the private key
 If this option is used several times, the last one will be used.
 .IP "--post301"
 Tells curl to respect RFC 2616/10.3.2 and not convert POST requests into GET
 requests when following a 301 redirection. The non-RFC behaviour is ubiquitous
 in web browsers, so curl does the conversion by default to maintain
 consistency. However, a server may requires a POST to remain a POST after such
 a redirection. This option is meaningful only when using \fI-L/--location\fP
 (Added in 7.17.1)
 .IP "--proxy-anyauth"
 Tells curl to pick a suitable authentication method when communicating with
 the given proxy. This will cause an extra request/response round-trip. (Added
@@ -853,6 +878,13 @@ Tells curl to use HTTP Digest authentication when communicating with the given
 proxy. Use \fI--digest\fP for enabling HTTP Digest with a remote host.
 If this option is used twice, the second will again disable proxy HTTP Digest.
 .IP "--proxy-negotiate"
 Tells curl to use HTTP Negotiate authentication when communicating
 with the given proxy. Use \fI--negotiate\fP for enabling HTTP Negotiate
 with a remote host.
 If this option is used twice, the second will again disable proxy HTTP
 Negotiate. (Added in 7.17.1)
 .IP "--proxy-ntlm"
 Tells curl to use HTTP NTLM authentication when communicating with the given
 proxy. Use \fI--ntlm\fP for enabling NTLM with a remote host.
@@ -908,7 +940,7 @@ the server returns failure for one of the commands, the entire operation
 will be aborted. You must send syntactically correct FTP commands as
 RFC959 defines to FTP servers, or one of the following commands (with
 appropriate arguments) to SFTP servers: chgrp, chmod, chown, ln, mkdir,
-rename, rm, rmdir, symlink.
+pwd, rename, rm, rmdir, symlink.
 This option can be used multiple times.
 .IP "--random-file <file>"
@@ -1153,7 +1185,7 @@ Automatic decompression of compressed files over HTTP is supported.
 .IP "NTLM"
 NTLM authentication is supported.
 .IP "GSS-Negotiate"
-Negotiate authentication is supported.
+Negotiate authentication and krb5 for ftp is supported.
 .IP "Debug"
 This curl uses a libcurl built with Debug. This enables more error-tracking
 and memory debugging etc. For curl-developers only!
@@ -1376,8 +1408,6 @@ Unsupported protocol. This build of curl has no support for this protocol.
 Failed to initialize.
 .IP 3
 URL malformat. The syntax was not correct.
 .IP 4
 URL user malformatted. The user-part of the URL syntax was not correct.
 .IP 5
 Couldn't resolve proxy. The given proxy host could not be resolved.
 .IP 6
@@ -1390,21 +1420,14 @@ FTP weird server reply. The server sent data curl couldn't parse.
 FTP access denied. The server denied login or denied access to the particular
 resource or directory you wanted to reach. Most often you tried to change to a
 directory that doesn't exist on the server.
 .IP 10
 FTP user/password incorrect. Either one or both were not accepted by the
 server.
 .IP 11
 FTP weird PASS reply. Curl couldn't parse the reply sent to the PASS request.
 .IP 12
 FTP weird USER reply. Curl couldn't parse the reply sent to the USER request.
 .IP 13
 FTP weird PASV reply, Curl couldn't parse the reply sent to the PASV request.
 .IP 14
 FTP weird 227 format. Curl couldn't parse the 227-line the server sent.
 .IP 15
 FTP can't get host. Couldn't resolve the host IP we got in the 227-line.
 .IP 16
 FTP can't reconnect. Couldn't connect to the host we got in the 227-line.
 .IP 17
 FTP couldn't set binary. Couldn't change transfer method to binary.
 .IP 18
@@ -1412,8 +1435,6 @@ Partial file. Only a part of the file was transferred.
 .IP 19
 FTP couldn't download/access the given file, the RETR (or similar) command
 failed.
 .IP 20
 FTP write error. The transfer was reported bad by the server.
 .IP 21
 FTP quote error. A quote command returned error from the server.
 .IP 22
@@ -1422,8 +1443,6 @@ error with the HTTP error code being 400 or above. This return code only
 appears if \fI-f/--fail\fP is used.
 .IP 23
 Write error. Curl couldn't write data to a local filesystem or similar.
 .IP 24
 Malformed user. User name badly specified.
 .IP 25
 FTP couldn't STOR file. The server denied the STOR operation, used for FTP
 uploading.
@@ -1434,17 +1453,12 @@ Out of memory. A memory allocation request failed.
 .IP 28
 Operation timeout. The specified time-out period was reached according to the
 conditions.
 .IP 29
 FTP couldn't set ASCII. The server returned an unknown reply.
 .IP 30
 FTP PORT failed. The PORT command failed. Not all FTP servers support the PORT
 command, try doing a transfer using PASV instead!
 .IP 31
 FTP couldn't use REST. The REST command failed. This command is used for
 resumed FTP transfers.
 .IP 32
 FTP couldn't use SIZE. The SIZE command failed. The command is an extension
 to the original FTP spec RFC 959.
 .IP 33
 HTTP range error. The range "command" didn't work.
 .IP 34
@@ -1459,20 +1473,14 @@ FILE couldn't read file. Failed to open the file. Permissions?
 LDAP cannot bind. LDAP bind operation failed.
 .IP 39
 LDAP search failed.
 .IP 40
 Library not found. The LDAP library was not found.
 .IP 41
 Function not found. A required LDAP function was not found.
 .IP 42
 Aborted by callback. An application told curl to abort the operation.
 .IP 43
 Internal error. A function was called with a bad parameter.
 .IP 44
 Internal error. A function was called in a bad order.
 .IP 45
 Interface error. A specified outgoing interface could not be used.
 .IP 46
 Bad password entered. An error was signalled when the password was entered.
 .IP 47
 Too many redirects. When following redirects, curl hit the maximum amount.
 .IP 48
@@ -1480,7 +1488,7 @@ Unknown TELNET option specified.
 .IP 49
 Malformed telnet option.
 .IP 51
-The remote peer's SSL certificate wasn't ok
+The peer's SSL certificate or SSH MD5 fingerprint was not ok
 .IP 52
 The server didn't reply anything, which here is considered an error.
 .IP 53
@@ -1491,14 +1499,12 @@ Cannot set SSL crypto engine as default
 Failed sending network data
 .IP 56
 Failure in receiving network data
 .IP 57
 Share is in use (internal error)
 .IP 58
 Problem with the local certificate
 .IP 59
 Couldn't use specified SSL cipher
 .IP 60
-Problem with the CA cert (path? permission?)
+Peer certificate cannot be authenticated with known CA certificates
 .IP 61
 Unrecognized transfer encoding
 .IP 62
@@ -1531,6 +1537,14 @@ No such user (TFTP)
 Character conversion failed
 .IP 76
 Character conversion functions required
 .IP 77
 Problem with reading the SSL CA cert (path? access rights?)
 .IP 78
 The resource referenced in the URL does not exist
 .IP 79
 An unspecified error occurred during the SSH session
 .IP 80
 Failed to shut down the SSL connection
 .IP XX
 There will appear more error codes here in future releases. The existing ones
 are meant to never change.
--- a/docs/examples/.cvsignore
+++ b/docs/examples/.cvsignore
@@ -1,2 +1,30 @@
 Makefile
 Makefile.in
 .deps
 .libs
 10-at-a-time
 anyauthput
 cookie_interface
 debug
 fileupload
 fopen
 ftpget
 ftpgetresp
 ftpupload
 getinfo
 getinmemory
 http-post
 httpput
 https
 multi-app
 multi-debugcallback
 multi-double
 multi-post
 multi-single
 persistant
 post-callback
 postit2
 sepheaders
 simple
 simplepost
 simplessl
--- a/docs/examples/10-at-a-time.c
+++ b/docs/examples/10-at-a-time.c
@@ -13,7 +13,10 @@
 * Written by Michael Wallner
 */
 #include <errno.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
 #include <curl/multi.h>
 static const char *urls[] = {
@@ -106,6 +109,10 @@ int main(void)
  cm = curl_multi_init();
  /* we can optionally limit the total amount of connections this multi handle
     uses */
  curl_multi_setopt(cm, CURLMOPT_MAXCONNECTS, MAX);
  for (C = 0; C < MAX; ++C) {
    init(cm, C);
  }
@@ -123,22 +130,26 @@ int main(void)
        return EXIT_FAILURE;
      }
      /* In a real-world program you OF COURSE check the return that maxfd is
         bigger than -1 so that the call to select() below makes sense! */
      if (curl_multi_timeout(cm, &L)) {
        fprintf(stderr, "E: curl_multi_timeout\n");
        return EXIT_FAILURE;
      }
      if (L == -1)
        L = 100;
      if (M == -1) {
        sleep(L / 1000);
      } else {
        T.tv_sec = L/1000;
        T.tv_usec = (L%1000)*1000;
        if (0 > select(M+1, &R, &W, &E, &T)) {
-        fprintf(stderr, "E: select\n");
+          fprintf(stderr, "E: select(%i,,,,%li): %i: %s\n",
              M+1, L, errno, strerror(errno));
          return EXIT_FAILURE;
        }
      }
    }
    while ((msg = curl_multi_info_read(cm, &Q))) {
      if (msg->msg == CURLMSG_DONE) {
@@ -155,6 +166,8 @@ int main(void)
      }
      if (C < CNT) {
        init(cm, C++);
        U++; /* just to prevent it from remaining at 0 if there are more
                URLs to get */
      }
    }
  }
--- a/docs/examples/Makefile.am
+++ b/docs/examples/Makefile.am
@@ -2,17 +2,30 @@
 # $Id$
 #
-AUTOMAKE_OPTIONS = foreign no-dependencies
+AUTOMAKE_OPTIONS = foreign nostdinc
-EXTRA_DIST = README curlgtk.c sepheaders.c simple.c postit2.c		\
+EXTRA_DIST = README Makefile.example makefile.dj $(COMPLICATED_EXAMPLES)
- persistant.c ftpget.c Makefile.example multithread.c getinmemory.c	\
+
- ftpupload.c httpput.c simplessl.c ftpgetresp.c http-post.c		\
+INCLUDES = -I$(top_srcdir)/include
- post-callback.c multi-app.c multi-double.c multi-single.c		\
+
- multi-post.c fopen.c simplepost.c makefile.dj curlx.c https.c		\
+LIBDIR = $(top_builddir)/lib
- multi-debugcallback.c fileupload.c getinfo.c ftp3rdparty.c debug.c	\
+CPPFLAGS = -DCURL_NO_OLDIES
- anyauthput.c htmltitle.cc htmltidy.c opensslthreadlock.c		\
+
- cookie_interface.c cacertinmem.c synctime.c sampleconv.c ftpuploadresume.c \
+# Dependencies
- 10-at-a-time.c hiperfifo.c ghiper.c
+LDADD = $(LIBDIR)/libcurl.la
 # These are all libcurl example programs to be test compiled
 noinst_PROGRAMS = 10-at-a-time anyauthput cookie_interface \
  debug fileupload fopen ftpget ftpgetresp ftpupload \
  getinfo getinmemory http-post httpput \
  https multi-app multi-debugcallback multi-double \
  multi-post multi-single persistant post-callback \
  postit2 sepheaders simple simplepost simplessl
 # These examples require external dependencies that may not be commonly
 # available on POSIX systems, so don't bother attempting to compile them here.
 COMPLICATED_EXAMPLES = \
 curlgtk.c curlx.c htmltitle.cc cacertinmem.c ftpuploadresume.c \
 ghiper.c hiperfifo.c htmltidy.c multithread.c \
 opensslthreadlock.c sampleconv.c synctime.c
 all:
 	@echo "done"
--- a/docs/examples/Makefile.example
+++ b/docs/examples/Makefile.example
@@ -29,9 +29,8 @@ LDFLAGS = -L/home/dast/lib -L/usr/local/ssl/lib
 # We need -lcurl for the curl stuff
 # We need -lsocket and -lnsl when on Solaris
 # We need -lssl and -lcrypto when using libcurl with SSL support
 # We need -ldl for dlopen() if that is in libdl
 # We need -lpthread for the pthread example
-LIBS = -lcurl -lsocket -lnsl -lssl -lcrypto -dl
+LIBS = -lcurl -lsocket -lnsl -lssl -lcrypto
 # Link the target with all objects and libraries
 $(TARGET) : $(OBJS)
--- a/docs/examples/README
+++ b/docs/examples/README
@@ -40,7 +40,6 @@ curlx.c        - getting file info from the remote cert data
 debug.c        - showing how to use the debug callback
 fileupload.c   - uploading to a file:// URL
 fopen.c        - fopen() layer that supports opening URLs and files
 ftp3rdparty.c  - FTP 3rd party transfer
 ftpget.c       - simple getting a file from FTP
 ftpgetresp.c   - get the response strings from the FTP server
 ftpupload.c    - upload a file to an FTP server
@@ -50,6 +49,7 @@ getinmemory.c  - download a file to memory only
 ghiper.c       - curl_multi_socket() using code with glib-2
 hiperfifo.c    - downloads all URLs written to the fifo, using
                 curl_multi_socket() and libevent
 htmltidy.c     - download a document and use libtidy to parse the HTML
 htmltitle.cc   - download a HTML file and extract the <title> tag from a HTML
                 page using libxml
 http-post.c    - HTTP POST
@@ -60,9 +60,9 @@ multi-debugcallback.c - a multi-interface app using the debug callback
 multi-double.c - a multi-interface app doing two simultaneous transfers
 multi-post.c   - a multi-interface app doing a multipart formpost
 multi-single.c - a multi-interface app getting a single file
-multithread.c  - an example using multi-treading transfering multiple files
+multithread.c  - an example using multi-treading transferring multiple files
 opensslthreadlock.c - show how to do locking when using OpenSSL multi-threaded
-persistant.c   - request two URLs with a persistant connection
+persistant.c   - request two URLs with a persistent connection
 post-callback.c - send a HTTP POST using a callback
 postit2.c      - send a HTTP multipart formpost
 sampleconv.c   - showing how a program on a non-ASCII platform would invoke
@@ -72,5 +72,5 @@ sepheaders.c   - download headers to a separate file
 simple.c       - the most simple download a URL source
 simplepost.c   - HTTP POST
 simplessl.c    - HTTPS example with certificates many options set
-synctime.c     - Sync local time by extracing date from remote HTTP servers
+synctime.c     - Sync local time by extracting date from remote HTTP servers
 10-at-a-time.c - Download many files simultaneously, 10 at a time.
--- a/docs/examples/anyauthput.c
+++ b/docs/examples/anyauthput.c
@@ -11,6 +11,7 @@
 #include <stdio.h>
 #include <fcntl.h>
 #include <sys/stat.h>
 #include <unistd.h>
 #include <curl/curl.h>
@@ -18,6 +19,10 @@
 #error "upgrade your libcurl to no less than 7.12.3"
 #endif
 #ifndef TRUE
 #define TRUE 1
 #endif
 /*
 * This example shows a HTTP PUT operation with authentiction using "any"
 * type. It PUTs a file given as a command line argument to the URL also given
@@ -52,7 +57,7 @@ static curlioerr my_ioctl(CURL *handle, curliocmd cmd, void *userp)
 }
 /* read callback function, fread() look alike */
-size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
+static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
 {
  size_t retcode;
--- a/docs/examples/cacertinmem.c
+++ b/docs/examples/cacertinmem.c
@@ -135,4 +135,5 @@ int main(void)
  curl_easy_cleanup(ch);
  curl_global_cleanup();
  return rv;
 }
--- a/docs/examples/cookie_interface.c
+++ b/docs/examples/cookie_interface.c
@@ -10,6 +10,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
 #include <errno.h>
 #include <time.h>
@@ -74,7 +75,7 @@ main(void)
 #define snprintf _snprintf
 #endif
    /* Netscape format cookie */
-    snprintf(nline, 256, "%s\t%s\t%s\t%s\t%u\t%s\t%s",
+    snprintf(nline, sizeof(nline), "%s\t%s\t%s\t%s\t%lu\t%s\t%s",
      ".google.com", "TRUE", "/", "FALSE", time(NULL) + 31337, "PREF", "hello google, i like you very much!");
    res = curl_easy_setopt(curl, CURLOPT_COOKIELIST, nline);
    if (res != CURLE_OK) {
@@ -83,7 +84,7 @@ main(void)
    }
    /* HTTP-header style cookie */
-    snprintf(nline, 256,
+    snprintf(nline, sizeof(nline),
      "Set-Cookie: OLD_PREF=3d141414bf4209321; "
      "expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/; domain=.google.com");
    res = curl_easy_setopt(curl, CURLOPT_COOKIELIST, nline);
--- a/docs/examples/curlx.c
+++ b/docs/examples/curlx.c
@@ -81,6 +81,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <curl/curl.h>
 #include <openssl/x509v3.h>
 #include <openssl/x509_vfy.h>
@@ -94,13 +95,13 @@
 #include <openssl/bio.h>
 #include <openssl/ssl.h>
-static char *curlx_usage[]={
+static const char *curlx_usage[]={
  "usage: curlx args\n",
  " -p12 arg         - tia  file ",
  " -envpass arg     - environement variable which content the tia private key password",
  " -out arg         - output file (response)- default stdout",
  " -in arg          - input file (request)- default stdin",
-  " -connect arg     - URL of the server for the connection ex: www.openevidenve.org",
+  " -connect arg     - URL of the server for the connection ex: www.openevidence.org",
  " -mimetype arg    - MIME type for data in ex : application/timestamp-query or application/dvcs -default application/timestamp-query",
  " -acceptmime arg  - MIME type acceptable for the response ex : application/timestamp-response or application/dvcs -default none",
  " -accesstype arg  - an Object identifier in an AIA/SIA method, e.g. AD_DVCS or ad_timestamping",
@@ -268,19 +269,21 @@ int main(int argc, char **argv) {
  char* mimetype;
  char* mimetypeaccept=NULL;
  char* contenttype;
-  char** pp;
+  const char** pp;
  unsigned char* hostporturl = NULL;
  binaryptr=(char*)malloc(tabLength);
  BIO * p12bio ;
  char **args = argv + 1;
  unsigned char * serverurl;
  sslctxparm p;
  char *response;
  p.verbose = 0;
  CURLcode res;
  struct curl_slist * headers=NULL;
  int badarg=0;
  binaryptr=(char*)malloc(tabLength);
  p.verbose = 0;
  p.errorbio = BIO_new_fp (stderr, BIO_NOCLOSE);
  curl_global_init(CURL_GLOBAL_DEFAULT);
@@ -292,7 +295,6 @@ int main(int argc, char **argv) {
  ERR_load_crypto_strings();
  int badarg=0;
  while (*args && *args[0] == '-') {
    if (!strcmp (*args, "-in")) {
@@ -407,10 +409,9 @@ int main(int argc, char **argv) {
  }
  else if (p.accesstype != 0) { /* see whether we can find an AIA or SIA for a given access type */
    if (!(serverurl = my_get_ext(p.usercert,p.accesstype,NID_info_access))) {
      int j=0;
      BIO_printf(p.errorbio,"no service URL in user cert "
                 "cherching in others certificats\n");
      int j=0;
      int find=0;
      for (j=0;j<sk_X509_num(p.ca);j++) {
        if ((serverurl = my_get_ext(sk_X509_value(p.ca,j),p.accesstype,
                                    NID_info_access)))
--- a/docs/examples/fileupload.c
+++ b/docs/examples/fileupload.c
@@ -17,7 +17,6 @@ int main(void)
 {
  CURL *curl;
  CURLcode res;
  curl_off_t size;
  struct stat file_info;
  double speed_upload, total_time;
  FILE *fd;
--- a/docs/examples/fopen.c
+++ b/docs/examples/fopen.c
@@ -70,7 +70,7 @@ struct fcurl_data
 typedef struct fcurl_data URL_FILE;
 /* exported functions */
-URL_FILE *url_fopen(char *url,const char *operation);
+URL_FILE *url_fopen(const char *url,const char *operation);
 int url_fclose(URL_FILE *file);
 int url_feof(URL_FILE *file);
 size_t url_fread(void *ptr, size_t size, size_t nmemb, URL_FILE *file);
@@ -93,11 +93,11 @@ write_callback(char *buffer,
    URL_FILE *url = (URL_FILE *)userp;
    size *= nitems;
-    rembuff=url->buffer_len - url->buffer_pos;//remaining space in buffer
+    rembuff=url->buffer_len - url->buffer_pos; /* remaining space in buffer */
    if(size > rembuff)
    {
-        //not enuf space in buffer
+        /* not enough space in buffer */
        newbuff=realloc(url->buffer,url->buffer_len + (size - rembuff));
        if(newbuff==NULL)
        {
@@ -211,7 +211,7 @@ use_buffer(URL_FILE *file,int want)
 URL_FILE *
-url_fopen(char *url,const char *operation)
+url_fopen(const char *url,const char *operation)
 {
    /* this code could check for URLs or types in the 'url' and
       basicly use the real fopen() for standard files */
@@ -236,7 +236,7 @@ url_fopen(char *url,const char *operation)
        curl_easy_setopt(file->handle.curl, CURLOPT_URL, url);
        curl_easy_setopt(file->handle.curl, CURLOPT_WRITEDATA, file);
-        curl_easy_setopt(file->handle.curl, CURLOPT_VERBOSE, FALSE);
+        curl_easy_setopt(file->handle.curl, CURLOPT_VERBOSE, 0);
        curl_easy_setopt(file->handle.curl, CURLOPT_WRITEFUNCTION, write_callback);
        if(!multi_handle)
@@ -466,7 +466,7 @@ main(int argc, char *argv[])
    int nread;
    char buffer[256];
-    char *url;
+    const char *url;
    if(argc < 2)
    {
@@ -481,7 +481,7 @@ main(int argc, char *argv[])
    outf=fopen("fgets.test","w+");
    if(!outf)
    {
-        perror("couldnt open fgets output file\n");
+        perror("couldn't open fgets output file\n");
        return 1;
    }
@@ -508,7 +508,7 @@ main(int argc, char *argv[])
    outf=fopen("fread.test","w+");
    if(!outf)
    {
-        perror("couldnt open fread output file\n");
+        perror("couldn't open fread output file\n");
        return 1;
    }
@@ -533,7 +533,7 @@ main(int argc, char *argv[])
    outf=fopen("rewind.test","w+");
    if(!outf)
    {
-        perror("couldnt open fread output file\n");
+        perror("couldn't open fread output file\n");
        return 1;
    }
--- a/docs/examples/ftp3rdparty.c
+++ b/docs/examples/ftp3rdparty.c
@@ -1,103 +0,0 @@
 /*****************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * $Id$
 */
 #include <stdio.h>
 #include <curl/curl.h>
 #include <curl/types.h>
 #include <curl/easy.h>
 /*
 * This is an example showing how to transfer a file between two remote hosts.
 * 7.13.0 or later required.
 */
 int main(void)
 {
  CURL *curl;
  CURLcode res;
  char source_url[] = "ftp://remotehost.com/path/to/source";
  char target_url[] = "ftp://aotherserver.com/path/to/dest";
  char sourceUserPass[] = "user:pass";
  char targetUserPass[] = "user:pass";
  char url[100];
  struct curl_slist *source_pre_cmd = NULL;
  struct curl_slist *target_pre_cmd = NULL;
  struct curl_slist *source_post_cmd = NULL;
  struct curl_slist *target_post_cmd = NULL;
  char cmd[] = "PWD";   /* just to test */
  curl_global_init(CURL_GLOBAL_DEFAULT);
  curl = curl_easy_init();
  if (curl) {
    /* The ordinary URL is the target when speaking 3rd party transfers */
    curl_easy_setopt(curl, CURLOPT_URL, target_url);
    /* Set a source URL */
    curl_easy_setopt(curl, CURLOPT_SOURCE_URL, source_url);
    /* Set target user and password */
    curl_easy_setopt(curl, CURLOPT_USERPWD, targetUserPass);
    /* Set source user and password */
    curl_easy_setopt(curl, CURLOPT_SOURCE_USERPWD, sourceUserPass);
 #if 0
    /* FTPPORT enables PORT on the target side, instead of PASV. */
    curl_easy_setopt(curl, CURLOPT_FTPPORT, "");   /* optional */
 #endif
    /* build a list of commands to pass to libcurl */
    source_pre_cmd = curl_slist_append(source_pre_cmd, cmd);
    /* Set a proxy pre-quote command */
    curl_easy_setopt(curl, CURLOPT_SOURCE_PREQUOTE, source_pre_cmd);
    /* build a list of commands to pass to libcurl */
    target_pre_cmd = curl_slist_append(target_pre_cmd, cmd);
    /* Set a pre-quote command */
    curl_easy_setopt(curl, CURLOPT_PREQUOTE, target_pre_cmd);
    /* build a list of commands to pass to libcurl */
    source_post_cmd = curl_slist_append(source_post_cmd, cmd);
    /* Set a proxy post-quote command */
    curl_easy_setopt(curl, CURLOPT_SOURCE_POSTQUOTE, source_post_cmd);
    /* build a list of commands to pass to libcurl */
    target_post_cmd = curl_slist_append(target_post_cmd, cmd);
    /* Set a post-quote command */
    curl_easy_setopt(curl, CURLOPT_POSTQUOTE, target_post_cmd);
    /* Switch on full protocol/debug output */
    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
    res = curl_easy_perform(curl);
    /* clean up the FTP commands list */
    curl_slist_free_all(source_pre_cmd);
    curl_slist_free_all(target_pre_cmd);
    curl_slist_free_all(source_post_cmd);
    curl_slist_free_all(target_post_cmd);
    /* always cleanup */
    curl_easy_cleanup(curl);
    if(CURLE_OK != res) {
      /* we failed */
      fprintf(stderr, "curl told us %d\n", res);
    }
  }
  curl_global_cleanup();
  return 0;
 }
--- a/docs/examples/ftpget.c
+++ b/docs/examples/ftpget.c
@@ -22,11 +22,11 @@
 */
 struct FtpFile {
-  char *filename;
+  const char *filename;
  FILE *stream;
 };
-int my_fwrite(void *buffer, size_t size, size_t nmemb, void *stream)
+static int my_fwrite(void *buffer, size_t size, size_t nmemb, void *stream)
 {
  struct FtpFile *out=(struct FtpFile *)stream;
  if(out && !out->stream) {
@@ -65,7 +65,7 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_WRITEDATA, &ftpfile);
    /* Switch on full protocol/debug output */
-    curl_easy_setopt(curl, CURLOPT_VERBOSE, TRUE);
+    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
    res = curl_easy_perform(curl);
--- a/docs/examples/ftpgetresp.c
+++ b/docs/examples/ftpgetresp.c
@@ -21,7 +21,7 @@
 * This functionality was introduced in libcurl 7.9.3.
 */
-size_t
+static size_t
 write_response(void *ptr, size_t size, size_t nmemb, void *data)
 {
  FILE *writehere = (FILE *)data;
@@ -46,6 +46,8 @@ int main(int argc, char **argv)
    /* Get a file listing from sunet */
    curl_easy_setopt(curl, CURLOPT_URL, "ftp://ftp.sunet.se/");
    curl_easy_setopt(curl, CURLOPT_WRITEDATA, ftpfile);
    /* If you intend to use this on windows with a libcurl DLL, you must use
       CURLOPT_WRITEFUNCTION as well */
    curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, write_response);
    curl_easy_setopt(curl, CURLOPT_WRITEHEADER, respfile);
    res = curl_easy_perform(curl);
--- a/docs/examples/ftpupload.c
+++ b/docs/examples/ftpupload.c
@@ -14,6 +14,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <unistd.h>
 /*
 * This example shows an FTP upload, with a rename of the file just after
@@ -31,14 +32,13 @@ int main(int argc, char **argv)
 {
  CURL *curl;
  CURLcode res;
  FILE *ftpfile;
  FILE * hd_src ;
  int hd ;
  struct stat file_info;
  struct curl_slist *headerlist=NULL;
-  char buf_1 [] = "RNFR " UPLOAD_FILE_AS;
+  static const char buf_1 [] = "RNFR " UPLOAD_FILE_AS;
-  char buf_2 [] = "RNTO " RENAME_FILE_TO;
+  static const char buf_2 [] = "RNTO " RENAME_FILE_TO;
  /* get the file size of the local file */
  hd = open(LOCAL_FILE, O_RDONLY) ;
@@ -61,7 +61,7 @@ int main(int argc, char **argv)
    headerlist = curl_slist_append(headerlist, buf_2);
    /* enable uploading */
-    curl_easy_setopt(curl, CURLOPT_UPLOAD, TRUE) ;
+    curl_easy_setopt(curl, CURLOPT_UPLOAD, 1) ;
    /* specify target */
    curl_easy_setopt(curl,CURLOPT_URL, REMOTE_URL);
--- a/docs/examples/ftpuploadresume.c
+++ b/docs/examples/ftpuploadresume.c
@@ -24,7 +24,9 @@
 /* The MinGW headers are missing a few Win32 function definitions,
   you shouldn't need this if you use VC++ */
 #ifdef __MINGW32__
 int __cdecl _snscanf(const char * input, size_t length, const char * format, ...);
 #endif
 /* parse headers for Content-Length */
@@ -75,7 +77,7 @@ int upload(CURL *curlhandle, const char * remotepath, const char * localpath,
 		return 0;
 	}
-	curl_easy_setopt(curlhandle, CURLOPT_UPLOAD, TRUE);
+	curl_easy_setopt(curlhandle, CURLOPT_UPLOAD, 1);
 	curl_easy_setopt(curlhandle, CURLOPT_URL, remotepath);
@@ -91,9 +93,9 @@ int upload(CURL *curlhandle, const char * remotepath, const char * localpath,
 	curl_easy_setopt(curlhandle, CURLOPT_READDATA, f);
 	curl_easy_setopt(curlhandle, CURLOPT_FTPPORT, "-"); /* disable passive mode */
-	curl_easy_setopt(curlhandle, CURLOPT_FTP_CREATE_MISSING_DIRS, TRUE);
+	curl_easy_setopt(curlhandle, CURLOPT_FTP_CREATE_MISSING_DIRS, 1);
-	curl_easy_setopt(curlhandle, CURLOPT_VERBOSE, TRUE);
+	curl_easy_setopt(curlhandle, CURLOPT_VERBOSE, 1);
 	for (c = 0; (r != CURLE_OK) && (c < tries); c++) {
 		/* are we resuming? */
@@ -108,22 +110,22 @@ int upload(CURL *curlhandle, const char * remotepath, const char * localpath,
 			 * because HEADER will dump the headers to stdout
 			 * without it.
 			 */
-			curl_easy_setopt(curlhandle, CURLOPT_NOBODY, TRUE);
+			curl_easy_setopt(curlhandle, CURLOPT_NOBODY, 1);
-			curl_easy_setopt(curlhandle, CURLOPT_HEADER, TRUE);
+			curl_easy_setopt(curlhandle, CURLOPT_HEADER, 1);
 			r = curl_easy_perform(curlhandle);
 			if (r != CURLE_OK)
 				continue;
-			curl_easy_setopt(curlhandle, CURLOPT_NOBODY, FALSE);
+			curl_easy_setopt(curlhandle, CURLOPT_NOBODY, 0);
-			curl_easy_setopt(curlhandle, CURLOPT_HEADER, FALSE);
+			curl_easy_setopt(curlhandle, CURLOPT_HEADER, 0);
 			fseek(f, uploaded_len, SEEK_SET);
-			curl_easy_setopt(curlhandle, CURLOPT_FTPAPPEND, TRUE);
+			curl_easy_setopt(curlhandle, CURLOPT_APPEND, 1);
 		}
 		else { /* no */
-			curl_easy_setopt(curlhandle, CURLOPT_FTPAPPEND, FALSE);
+			curl_easy_setopt(curlhandle, CURLOPT_APPEND, 0);
 		}
 		r = curl_easy_perform(curlhandle);
--- a/docs/examples/getinmemory.c
+++ b/docs/examples/getinmemory.c
@@ -26,7 +26,7 @@ struct MemoryStruct {
  size_t size;
 };
-void *myrealloc(void *ptr, size_t size)
+static void *myrealloc(void *ptr, size_t size)
 {
  /* There might be a realloc() out there that doesn't like reallocing
     NULL pointers, so we take care of it here */
@@ -36,7 +36,7 @@ void *myrealloc(void *ptr, size_t size)
    return malloc(size);
 }
-size_t
+static size_t
 WriteMemoryCallback(void *ptr, size_t size, size_t nmemb, void *data)
 {
  size_t realsize = size * nmemb;
--- a/docs/examples/ghiper.c
+++ b/docs/examples/ghiper.c
@@ -91,9 +91,9 @@ typedef struct _SockInfo {
 /* Die if we get a bad CURLMcode somewhere */
-static void mcode_or_die(char *where, CURLMcode code) {
+static void mcode_or_die(const char *where, CURLMcode code) {
  if ( CURLM_OK != code ) {
-    char *s;
+    const char *s;
    switch (code) {
      case     CURLM_CALL_MULTI_PERFORM: s="CURLM_CALL_MULTI_PERFORM"; break;
      case     CURLM_OK:                 s="CURLM_OK";                 break;
@@ -259,7 +259,7 @@ static int sock_cb(CURL *e, curl_socket_t s, int what, void *cbp, void *sockp)
 {
  GlobalInfo *g = (GlobalInfo*) cbp;
  SockInfo *fdp = (SockInfo*) sockp;
-  char *whatstr[]={ "none", "IN", "OUT", "INOUT", "REMOVE" };
+  static const char *whatstr[]={ "none", "IN", "OUT", "INOUT", "REMOVE" };
  MSG_OUT("socket callback: s=%d e=%p what=%s ", s, e, whatstr[what]);
  if (what == CURL_POLL_REMOVE) {
@@ -402,7 +402,7 @@ static gboolean fifo_cb (GIOChannel *ch, GIOCondition condition, gpointer data)
 int init_fifo(void)
 {
 struct stat st;
- char *fifo = "hiper.fifo";
+ const char *fifo = "hiper.fifo";
 int socket;
 if (lstat (fifo, &st) == 0) {
--- a/docs/examples/hiperfifo.c
+++ b/docs/examples/hiperfifo.c
@@ -252,7 +252,7 @@ static int sock_cb(CURL *e, curl_socket_t s, int what, void *cbp, void *sockp)
 {
  GlobalInfo *g = (GlobalInfo*) cbp;
  SockInfo *fdp = (SockInfo*) sockp;
-  char *whatstr[]={ "none", "IN", "OUT", "INOUT", "REMOVE" };
+  const char *whatstr[]={ "none", "IN", "OUT", "INOUT", "REMOVE" };
  fprintf(MSG_OUT,
          "socket callback: s=%d e=%p what=%s ", s, e, whatstr[what]);
@@ -357,7 +357,7 @@ void fifo_cb(int fd, short event, void *arg) {
 /* Create a named pipe and tell libevent to monitor it */
 int init_fifo (GlobalInfo *g) {
  struct stat st;
-  char *fifo = "hiper.fifo";
+  static const char *fifo = "hiper.fifo";
  int socket;
  fprintf(MSG_OUT, "Creating named pipe \"%s\"\n", fifo);
--- a/docs/examples/httpput.c
+++ b/docs/examples/httpput.c
@@ -11,6 +11,7 @@
 #include <stdio.h>
 #include <fcntl.h>
 #include <sys/stat.h>
 #include <unistd.h>
 #include <curl/curl.h>
@@ -24,7 +25,7 @@
 * http://www.apacheweek.com/features/put
 */
-size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
+static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
 {
  size_t retcode;
@@ -75,10 +76,10 @@ int main(int argc, char **argv)
    curl_easy_setopt(curl, CURLOPT_READFUNCTION, read_callback);
    /* enable uploading */
-    curl_easy_setopt(curl, CURLOPT_UPLOAD, TRUE) ;
+    curl_easy_setopt(curl, CURLOPT_UPLOAD, 1) ;
    /* HTTP PUT please */
-    curl_easy_setopt(curl, CURLOPT_PUT, TRUE);
+    curl_easy_setopt(curl, CURLOPT_PUT, 1);
    /* specify target URL, and note that this URL should include a file
       name, not only a directory */
--- a/docs/examples/https.c
+++ b/docs/examples/https.c
@@ -31,7 +31,7 @@ int main(void)
     * default bundle, then the CURLOPT_CAPATH option might come handy for
     * you.
     */
-    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
+    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
 #endif
 #ifdef SKIP_HOSTNAME_VERFICATION
--- a/docs/examples/makefile.dj
+++ b/docs/examples/makefile.dj
@@ -23,7 +23,7 @@ CSOURCES = fopen.c ftpget.c ftpgetresp.c ftpupload.c getinmemory.c  \
           multi-post.c multi-single.c persistant.c post-callback.c \
           postit2.c sepheaders.c simple.c simplepost.c simplessl.c \
           multi-debugcallback.c fileupload.c getinfo.c anyauthput.c \
-           10-at-a-time.c # ftpuploadresume.c ftp3rdparty.c cookie_interface.c
+           10-at-a-time.c # ftpuploadresume.c cookie_interface.c
 PROGRAMS = $(CSOURCES:.c=.exe)
--- a/docs/examples/multi-app.c
+++ b/docs/examples/multi-app.c
@@ -47,7 +47,7 @@ int main(int argc, char **argv)
  curl_easy_setopt(handles[HTTP_HANDLE], CURLOPT_URL, "http://website.com");
  curl_easy_setopt(handles[FTP_HANDLE], CURLOPT_URL, "ftp://ftpsite.com");
-  curl_easy_setopt(handles[FTP_HANDLE], CURLOPT_UPLOAD, TRUE);
+  curl_easy_setopt(handles[FTP_HANDLE], CURLOPT_UPLOAD, 1);
  /* init a multi stack */
  multi_handle = curl_multi_init();
--- a/docs/examples/multi-post.c
+++ b/docs/examples/multi-post.c
@@ -19,7 +19,6 @@
 int main(int argc, char *argv[])
 {
  CURL *curl;
  CURLcode res;
  CURLM *multi_handle;
  int still_running;
@@ -27,7 +26,7 @@ int main(int argc, char *argv[])
  struct curl_httppost *formpost=NULL;
  struct curl_httppost *lastptr=NULL;
  struct curl_slist *headerlist=NULL;
-  char buf[] = "Expect:";
+  static const char buf[] = "Expect:";
  /* Fill in the file upload field. This makes libcurl load data from  
     the given file name when curl_easy_perform() is called. */
@@ -58,7 +57,6 @@ int main(int argc, char *argv[])
     wanted */
  headerlist = curl_slist_append(headerlist, buf);
  if(curl && multi_handle) {
    int perform=0;
    /* what URL that receives this POST */
    curl_easy_setopt(curl, CURLOPT_URL,
--- a/docs/examples/multithread.c
+++ b/docs/examples/multithread.c
@@ -24,7 +24,7 @@
  http://www.openssl.org/docs/crypto/threads.html#DESCRIPTION
 */
-char *urls[]= {
+const char *urls[]= {
  "http://curl.haxx.se/",
  "ftp://cool.haxx.se/",
  "http://www.contactor.se/",
@@ -59,7 +59,7 @@ int main(int argc, char **argv)
    error = pthread_create(&tid[i],
                           NULL, /* default attributes please */
                           pull_one_url,
-                           urls[i]);
+                           (void *)urls[i]);
    if(0 != error)
      fprintf(stderr, "Couldn't run thread number %d, errno %d\n", i, error);
    else
--- a/docs/examples/opensslthreadlock.c
+++ b/docs/examples/opensslthreadlock.c
@@ -16,6 +16,11 @@
 * Author: Jeremy Brown
 */
 #include <stdio.h>
 #include <pthread.h>
 #include <openssl/err.h>
 #define MUTEX_TYPE       pthread_mutex_t
 #define MUTEX_SETUP(x)   pthread_mutex_init(&(x), NULL)
 #define MUTEX_CLEANUP(x) pthread_mutex_destroy(&(x))
@@ -25,7 +30,7 @@
 void handle_error(const char *file, int lineno, const char *msg){
-     fprintf(stderr, ** %s:%i %s\n, file, lineno, msg);
+     fprintf(stderr, "** %s:%d %s\n", file, lineno, msg);
     ERR_print_errors_fp(stderr);
     /* exit(-1); */
 }
--- a/docs/examples/post-callback.c
+++ b/docs/examples/post-callback.c
@@ -15,14 +15,14 @@
 #include <string.h>
 #include <curl/curl.h>
-char data[]="this is what we post to the silly web server";
+const char data[]="this is what we post to the silly web server";
 struct WriteThis {
-  char *readptr;
+  const char *readptr;
  int sizeleft;
 };
-size_t read_callback(void *ptr, size_t size, size_t nmemb, void *userp)
+static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *userp)
 {
  struct WriteThis *pooh = (struct WriteThis *)userp;
@@ -55,7 +55,7 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_URL,
                     "http://receivingsite.com.pooh/index.cgi");
    /* Now specify we want to POST data */
-    curl_easy_setopt(curl, CURLOPT_POST, TRUE);
+    curl_easy_setopt(curl, CURLOPT_POST, 1);
    /* we want to use our own read function */
    curl_easy_setopt(curl, CURLOPT_READFUNCTION, read_callback);
--- a/docs/examples/postit2.c
+++ b/docs/examples/postit2.c
@@ -36,7 +36,7 @@ int main(int argc, char *argv[])
  struct curl_httppost *formpost=NULL;
  struct curl_httppost *lastptr=NULL;
  struct curl_slist *headerlist=NULL;
-  char buf[] = "Expect:";
+  static const char buf[] = "Expect:";
  curl_global_init(CURL_GLOBAL_ALL);
--- a/docs/examples/sepheaders.c
+++ b/docs/examples/sepheaders.c
@@ -16,7 +16,7 @@
 #include <curl/types.h>
 #include <curl/easy.h>
-size_t write_data(void *ptr, size_t size, size_t nmemb, void *stream)
+static size_t write_data(void *ptr, size_t size, size_t nmemb, void *stream)
 {
  int written = fwrite(ptr, size, nmemb, (FILE *)stream);
  return written;
@@ -25,9 +25,9 @@ size_t write_data(void *ptr, size_t size, size_t nmemb, void *stream)
 int main(int argc, char **argv)
 {
  CURL *curl_handle;
-  char *headerfilename = "head.out";
+  static const char *headerfilename = "head.out";
  FILE *headerfile;
-  char *bodyfilename = "body.out";
+  static const char *bodyfilename = "body.out";
  FILE *bodyfile;
  curl_global_init(CURL_GLOBAL_ALL);
--- a/docs/examples/simplepost.c
+++ b/docs/examples/simplepost.c
@@ -9,6 +9,7 @@
 */
 #include <stdio.h>
 #include <string.h>
 #include <curl/curl.h>
 int main(void)
@@ -16,7 +17,7 @@ int main(void)
  CURL *curl;
  CURLcode res;
-  char *postthis="moo mooo moo moo";
+  static const char *postthis="moo mooo moo moo";
  curl = curl_easy_init();
  if(curl) {
--- a/docs/examples/simplessl.c
+++ b/docs/examples/simplessl.c
@@ -38,9 +38,10 @@ int main(int argc, char **argv)
  CURL *curl;
  CURLcode res;
  FILE *headerfile;
  const char *pPassphrase = NULL;
-  const char *pCertFile = "testcert.pem";
+  static const char *pCertFile = "testcert.pem";
-  const char *pCACertFile="cacert.pem";
+  static const char *pCACertFile="cacert.pem";
  const char *pKeyName;
  const char *pKeyType;
@@ -57,8 +58,6 @@ int main(int argc, char **argv)
  pEngine   = NULL;
 #endif
  const char *pPassphrase = NULL;
  headerfile = fopen("dumpit", "w");
  curl_global_init(CURL_GLOBAL_DEFAULT);
@@ -96,7 +95,7 @@ int main(int argc, char **argv)
      /* sorry, for engine we must set the passphrase
         (if the key has one...) */
      if (pPassphrase)
-        curl_easy_setopt(curl,CURLOPT_SSLKEYPASSWD,pPassphrase);
+        curl_easy_setopt(curl,CURLOPT_KEYPASSWD,pPassphrase);
      /* if we use a key stored in a crypto engine,
         we must set the key type to "ENG" */
--- a/docs/examples/synctime.c
+++ b/docs/examples/synctime.c
@@ -87,7 +87,7 @@ typedef struct
  char timeserver[MAX_STRING1];
 } conf_t;
-char DefaultTimeServer[4][MAX_STRING1] =
+const char DefaultTimeServer[4][MAX_STRING1] =
 {
  "http://nist.time.gov/timezone.cgi?UTC/s/0",
  "http://www.google.com/",
@@ -95,8 +95,8 @@ char DefaultTimeServer[4][MAX_STRING1] =
  "http://www.worldtime.com/cgi-bin/wt.cgi"
 };
-char *DayStr[] = {"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"};
+const char *DayStr[] = {"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"};
-char *MthStr[] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun",
+const char *MthStr[] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun",
                        "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
 int  ShowAllHeader;
--- a/Show More
+++ b/Show More