RELEASE-NOTES: synced with ecd624b8e7

CMake: Build fix.
Do not match the trailing '\n' in the regular expression as this would make us dump a ) parenthesis on a new line. This fixes the following error: would get transformed into: ) Bug: http://curl.haxx.se/mail/lib-2010-10/0065.html Reported by: Dimitre Dimitrov
2010-10-12 23:30:35 +02:00 · 2010-10-12 23:25:51 +02:00 · 2010-10-12 22:56:21 +02:00 · 2010-10-12 12:13:32 -07:00 · 2010-10-12 11:22:18 -07:00 · 2010-10-12 15:31:41 +02:00
167 changed files with 4310 additions and 2258 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -831,7 +831,7 @@ function(TRANSFORM_MAKEFILE_INC INPUT_FILE OUTPUT_FILE)
  string(REPLACE "$(top_builddir)" "\${CURL_BINARY_DIR}" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT})

  string(REGEX REPLACE "\\\\\n" "<22>!<21>" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT})
-  string(REGEX REPLACE "([a-zA-Z_][a-zA-Z0-9_]*)[\t ]*=[\t ]*([^\n]*\n)" "SET(\\1 \\2)\n" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT})
+  string(REGEX REPLACE "([a-zA-Z_][a-zA-Z0-9_]*)[\t ]*=[\t ]*([^\n]*)" "SET(\\1 \\2)" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT})
  string(REPLACE "<22>!<21>" "\n" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT})

  string(REGEX REPLACE "\\$\\(([a-zA-Z_][a-zA-Z0-9_]*)\\)" "\${\\1}" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT})    # Replace $() with ${}
--- a/118
+++ b/118
@@ -1,26 +1,76 @@
 #!/bin/bash
 # This script performs all of the steps needed to build a
 # universal binary libcurl.framework for Mac OS X 10.4 or greater.
+#
+# Hendrik Visage:
+#  Generalizations added since  Snowleopard (10.6) do not include
+# the 10.4u SDK.
+#
+# Also note:
+# 10.5 is the *ONLY* SDK that support PPC64 :( -- 10.6 do not have ppc64 support
+#If you need to have PPC64 support then change below to 1
+PPC64_NEEDED=0
+
+# For me the default is to develop for the platform I am on, and if you
+#desire compatibility with older versions then change USE_OLD to 1 :)
+USE_OLD=0

 VERSION=`/usr/bin/sed -ne 's/^#define LIBCURL_VERSION "\(.*\)"/\1/p' include/curl/curlver.h`
+FRAMEWORK_VERSION=Versions/Release-$VERSION

-SDK32='/Developer/SDKs/MacOSX10.4u.sdk'
+#I also wanted to "copy over" the system, and thus the reason I added the
+# version to Versions/Release-7.20.1 etc.
+# now a simple rsync -vaP libcurl.framework /Library/Frameworks will install it
+# and setup the right paths to this version, leaving the system version
+# "intact", so you can "fix" it later with the links to Versions/A/...

-MINVER32='-mmacosx-version-min=10.4'

-ARCHES32='-arch ppc -arch i386'
+OLD_SDK=`ls  /Developer/SDKs|head -1`
+NEW_SDK=`ls -r /Developer/SDKs|head -1`

-SDK64='/Developer/SDKs/MacOSX10.5.sdk'
+if test "0"$USE_OLD -gt 0
+then
+ SDK32=$OLD_SDK
+else
+ SDK32=$NEW_SDK
+fi

-MINVER64='-mmacosx-version-min=10.5'
+MACVER=`echo $SDK32|sed -e s/[a-zA-Z]//g -e s/.\$//`

-ARCHES64='-arch ppc64 -arch x86_64'
+SDK32_DIR='/Developer/SDKs/'$SDK32
+MINVER32='-mmacosx-version-min='$MACVER
+ARCHES32='-arch i386 -arch ppc'

-if test -d $SDK32; then
+
+if test $PPC64_NEEDED -gt 0
+then
+  SDK64=10.5
+  ARCHES64='-arch x86_64 -arch ppc64'
+  SDK64=`ls  /Developer/SDKs|grep 10.5|head -1`
+else
+ ARCHES64='-arch x86_64'
+ #We "know" that 10.4 and earlier do not support 64bit
+ OLD_SDK64=`ls  /Developer/SDKs|egrep -v "10.[0-4]"|head -1`
+ NEW_SDK64=`ls -r /Developer/SDKs|egrep -v "10.[0-4]"|head -1`
+ if test $USE_OLD -gt 0
+  then
+   SDK64=$OLD_SDK64
+  else
+   SDK64=$NEW_SDK64
+  fi
+fi
+
+SDK64_DIR='/Developer/SDKs/'$SDK64
+MACVER64=`echo $SDK64|sed -e s/[a-zA-Z]//g -e s/.\$//`
+
+MINVER64='-mmacosx-version-min='$MACVER64
+
+if test ! -z $SDK32; then
  echo "----Configuring libcurl for 32 bit universal framework..."
+  make clean
  ./configure --disable-dependency-tracking --disable-static --with-gssapi \
-    CFLAGS="-Os -isysroot $SDK32 $ARCHES32 $MINVER32" \
-    LDFLAGS="-Wl,-syslibroot,$SDK32 $ARCHES32 $MINVER32 -Wl,-headerpad_max_install_names" \
+    CFLAGS="-Os -isysroot $SDK32_DIR $ARCHES32 $MINVER32" \
+    LDFLAGS="-Wl,-syslibroot,$SDK32_DIR $ARCHES32 $MINVER32 -Wl,-headerpad_max_install_names" \
    CC=$CC

  echo "----Building 32 bit libcurl..."
@@ -28,40 +78,43 @@ if test -d $SDK32; then

  echo "----Creating 32 bit framework..."
  rm -r libcurl.framework
-  mkdir -p libcurl.framework/Versions/A/Resources
-  cp lib/.libs/libcurl.dylib libcurl.framework/Versions/A/libcurl
-  install_name_tool -id @executable_path/../Frameworks/libcurl.framework/Versions/A/libcurl libcurl.framework/Versions/A/libcurl
-  /usr/bin/sed -e "s/7\.12\.3/$VERSION/" lib/libcurl.plist >libcurl.framework/Versions/A/Resources/Info.plist
-  mkdir -p libcurl.framework/Versions/A/Headers/curl
-  cp include/curl/*.h libcurl.framework/Versions/A/Headers/curl
+  mkdir -p libcurl.framework/${FRAMEWORK_VERSION}/Resources
+  cp lib/.libs/libcurl.dylib libcurl.framework/${FRAMEWORK_VERSION}/libcurl
+  install_name_tool -id @executable_path/../Frameworks/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl
+  /usr/bin/sed -e "s/7\.12\.3/$VERSION/" lib/libcurl.plist >libcurl.framework/${FRAMEWORK_VERSION}/Resources/Info.plist
+  mkdir -p libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl
+  cp include/curl/*.h libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl
  pushd libcurl.framework
-  ln -fs Versions/A/libcurl libcurl
-  ln -fs Versions/A/Resources Resources
-  ln -fs Versions/A/Headers Headers
+  ln -fs ${FRAMEWORK_VERSION}/libcurl libcurl
+  ln -fs ${FRAMEWORK_VERSION}/Resources Resources
+  ln -fs ${FRAMEWORK_VERSION}/Headers Headers
  cd Versions
-  ln -fs A Current
+  ln -fs ${FRAMEWORK_VERSION} Current

-  if test -d $SDK64; then
+  echo TEsting for SDK64
+  if test -d $SDK64_DIR; then
+  echo entering...
    popd
    make clean
    echo "----Configuring libcurl for 64 bit universal framework..."
    ./configure --disable-dependency-tracking --disable-static --with-gssapi \
-      CFLAGS="-Os -isysroot $SDK64 $ARCHES64 $MINVER64" \
-      LDFLAGS="-Wl,-syslibroot,$SDK64 $ARCHES64 $MINVER64 -Wl,-headerpad_max_install_names" \
+      CFLAGS="-Os -isysroot $SDK64_DIR $ARCHES64 $MINVER64" \
+      LDFLAGS="-Wl,-syslibroot,$SDK64_DIR $ARCHES64 $MINVER64 -Wl,-headerpad_max_install_names" \
      CC=$CC

    echo "----Building 64 bit libcurl..."
    make

    echo "----Appending 64 bit framework to 32 bit framework..."
-    cp lib/.libs/libcurl.dylib libcurl.framework/Versions/A/libcurl64
-    install_name_tool -id @executable_path/../Frameworks/libcurl.framework/Versions/A/libcurl libcurl.framework/Versions/A/libcurl64
-    cp libcurl.framework/Versions/A/libcurl libcurl.framework/Versions/A/libcurl32
-    lipo libcurl.framework/Versions/A/libcurl32 libcurl.framework/Versions/A/libcurl64 -create -output libcurl.framework/Versions/A/libcurl
-    rm libcurl.framework/Versions/A/libcurl32 libcurl.framework/Versions/A/libcurl64
-    cp libcurl.framework/Versions/A/Headers/curl/curlbuild.h libcurl.framework/Versions/A/Headers/curl/curlbuild32.h
-    cp include/curl/curlbuild.h libcurl.framework/Versions/A/Headers/curl/curlbuild64.h
-    cat >libcurl.framework/Versions/A/Headers/curl/curlbuild.h <<EOF
+    cp lib/.libs/libcurl.dylib libcurl.framework/${FRAMEWORK_VERSION}/libcurl64
+    install_name_tool -id @executable_path/../Frameworks/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl64
+    cp libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl32
+    pwd
+    lipo libcurl.framework/${FRAMEWORK_VERSION}/libcurl32 libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 -create -output libcurl.framework/${FRAMEWORK_VERSION}/libcurl
+    rm libcurl.framework/${FRAMEWORK_VERSION}/libcurl32 libcurl.framework/${FRAMEWORK_VERSION}/libcurl64
+    cp libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl/curlbuild.h libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl/curlbuild32.h
+    cp include/curl/curlbuild.h libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl/curlbuild64.h
+    cat >libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl/curlbuild.h <<EOF
 #ifdef __LP64__
 #include "curl/curlbuild64.h"
 #else
@@ -70,9 +123,10 @@ if test -d $SDK32; then
 EOF
  fi

-  lipo -info libcurl.framework/Versions/A/libcurl
+  pwd
+  lipo -info libcurl.framework/${FRAMEWORK_VERSION}/libcurl
  echo "libcurl.framework is built and can now be included in other projects."
  echo "Copy libcurl.framework to your bundle's Contents/Frameworks folder, ~/Library/Frameworks or /Library/Frameworks."
 else
-  echo "Building libcurl.framework requires Mac OS X 10.4 or later with the MacOSX10.4u SDK installed."
+  echo "Building libcurl.framework requires Mac OS X 10.4 or later with the MacOSX10.4/5/6 SDK installed."
 fi
--- a/Makefile.dist
+++ b/Makefile.dist
@@ -96,13 +96,13 @@ mingw32-clean:
 	$(MAKE) -C lib -f Makefile.m32 clean
 	$(MAKE) -C src -f Makefile.m32 clean

-vc-clean:
+vc-clean: $(VC)
 	cd lib
 	nmake -f Makefile.$(VC) clean
 	cd ..\src
 	nmake -f Makefile.$(VC) clean

-vc-all:
+vc-all: $(VC)
 	cd lib
 	nmake -f Makefile.$(VC) cfg=release
 	nmake -f Makefile.$(VC) cfg=release-ssl
@@ -127,85 +127,85 @@ vc-all:
 	nmake -f Makefile.$(VC) cfg=debug-dll-zlib-dll
 	nmake -f Makefile.$(VC) cfg=debug-dll-ssl-dll-zlib-dll

-vc:
+vc: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) cfg=release
 	cd ..\src
 	nmake /f Makefile.$(VC)

-vc-x64:
+vc-x64: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release
 	cd ..\src
 	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release

-vc-zlib:
+vc-zlib: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) cfg=release-zlib
 	cd ..\src
 	nmake /f Makefile.$(VC) cfg=release-zlib

-vc-ssl:
+vc-ssl: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) cfg=release-ssl
 	cd ..\src
 	nmake /f Makefile.$(VC) cfg=release-ssl

-vc-ssl-zlib:
+vc-ssl-zlib: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) cfg=release-ssl-zlib
 	cd ..\src
 	nmake /f Makefile.$(VC) cfg=release-ssl-zlib

-vc-x64-ssl-zlib:
+vc-x64-ssl-zlib: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl-zlib
 	cd ..\src
 	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl-zlib

-vc-ssl-dll:
+vc-ssl-dll: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) cfg=release-ssl-dll
 	cd ..\src
 	nmake /f Makefile.$(VC) cfg=release-ssl-dll

-vc-dll-ssl-dll:
+vc-dll-ssl-dll: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) cfg=release-dll-ssl-dll
 	cd ..\src
 	nmake /f Makefile.$(VC) cfg=release-dll-ssl-dll

-vc-dll:
+vc-dll: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) cfg=release-dll
 	cd ..\src
 	nmake /f Makefile.$(VC) cfg=release-dll

-vc-dll-zlib-dll:
+vc-dll-zlib-dll: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) cfg=release-dll-zlib-dll
 	cd ..\src
 	nmake /f Makefile.$(VC) cfg=release-dll-zlib-dll

-vc-dll-ssl-dll-zlib-dll:
+vc-dll-ssl-dll-zlib-dll: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) cfg=release-dll-ssl-dll-zlib-dll
 	cd ..\src
 	nmake /f Makefile.$(VC) cfg=release-dll-ssl-dll-zlib-dll

-vc-ssl-dll-zlib-dll:
+vc-ssl-dll-zlib-dll: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) cfg=release-ssl-dll-zlib-dll
 	cd ..\src
 	nmake /f Makefile.$(VC) cfg=release-ssl-dll-zlib-dll

-vc-zlib-dll:
+vc-zlib-dll: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) cfg=release-zlib-dll
 	cd ..\src
 	nmake /f Makefile.$(VC) cfg=release-zlib-dll

-vc-sspi:
+vc-sspi: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) cfg=release WINDOWS_SSPI=1
 	cd ..\src
@@ -267,6 +267,8 @@ linux: all

 linux-ssl: ssl

+# We don't need to do anything for vc6.
+vc6:

 vc8: lib/Makefile.vc8 src/Makefile.vc8

@@ -289,6 +291,17 @@ src/Makefile.vc9: src/Makefile.vc6
 	@echo "generate $@"
 	@sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/ws2_32.lib/ws2_32.lib/g" -e "s/vc6/vc9/g" -e "s/VC6/VC9/g" src/Makefile.vc6 > src/Makefile.vc9

+# VC10 makefiles are for use with VS2010
+vc10: lib/Makefile.vc10 src/Makefile.vc10
+
+lib/Makefile.vc10: lib/Makefile.vc6
+	@echo "generate $@"
+	@sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/ws2_32.lib/ws2_32.lib/g" -e "s/vc6/vc10/g" -e "s/VC6/VC10/g" lib/Makefile.vc6 > lib/Makefile.vc10
+
+src/Makefile.vc10: src/Makefile.vc6
+	@echo "generate $@"
+	@sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/ws2_32.lib/ws2_32.lib/g" -e "s/vc6/vc10/g" -e "s/VC6/VC10/g" src/Makefile.vc6 > src/Makefile.vc10
+
 ca-bundle: lib/mk-ca-bundle.pl
 	@echo "generate a fresh ca-bundle.crt"
 	@perl $< -b -l -u lib/ca-bundle.crt
--- a/102
+++ b/102
@@ -1,58 +1,61 @@
-Curl and libcurl 7.21.1
+Curl and libcurl 7.21.2

- Public curl releases:         117
+ Public curl releases:         118
 Command line options:         138
 curl_easy_setopt() options:   180
 Public functions in libcurl:  58
 Known libcurl bindings:       39
- Contributors:                 808
+ Contributors:                 817

 This release includes the following changes:

- o maketgz: produce CHANGES automatically
- o added support for NTLM authentication when compiled with NSS
- o build: Enable configure --enable-werror
- o curl-config: --built-shared returns shared info
+ o curl -T: ignore file size of special files
+ o Added GOPHER protocol support
+ o Added mk-ca-bundle.vbs script
+ o c-ares build now requires c-ares >= 1.6.0

 This release includes the following bugfixes:

- o configure: spell --disable-threaded-resolver correctly
- o multi: call the progress callback in all states
- o multi: unmark handle as used when no longer head of pipeline
- o sendrecv: treat all negative values from send/recv as errors
- o ftp-wildcard: avoid tight loop when used without any pattern
- o multi_socket: re-use of same socket without notifying app
- o ftp wildcard: FTP LIST parser FIX
- o urlglobbing backslash escaping bug
- o build: add enable IPV6 option for the VC makefiles
- o multi: CURLINFO_LASTSOCKET doesn't work after remove_handle
- o --libcurl: use *_LARGE options with typecasted constants
- o --libcurl: hide setopt() calls setting default options
- o curl: avoid setting libcurl options to its default
- o --libcurl: list the tricky options instead of using [REMARK]
- o http: don't enable chunked during authentication negotiations
- o upload: warn users trying to upload from stdin with anyauth
- o configure: allow environments variable to override internals
- o threaded resolver: fix timeout issue
- o multi: fix condition that remove timers before trigger
- o examples: add curl_multi_timeout
- o --retry: access violation with URL part sets continued
- o ssh: Fix compile error on 64-bit systems.
- o remote-header-name: chop filename at next semicolon
- o ftp: response timeout bug in "quote" sending
- o CUSTOMREQUEST: shouldn't be disabled when HTTP is disabled
- o Watcom makefiles overhaul.
- o NTLM tests: boost coverage by forcing the hostname
- o multi: fix FTPS connecting the data connection with OpenSSL
- o retry: consider retrying even if -f is used
- o fix SOCKS problem when using multi interface
- o typecheck-gcc: add checks for recently added options
- o SCP: send large files properly with new enough libssh2
- o multi_socket: set timeout for 100-continue
- o ";type=" URL suffix over HTTP proxy
- o acknowledge progress callback error returns during connect
- o Watcom makefile fixes
- o runtests: clear old setenv remainders before test
+ o --remote-header-name security vulnerability fixed:
+   http://curl.haxx.se/docs/adv_20101013.html
+
+ o multi: support the timeouts correctly, fixes known bug #62
+ o multi: use timeouts properly for MAX_RECV/SEND_SPEED
+ o negotiation: Wrong proxy authorization
+ o multi: avoid sending multiple complete messages
+ o cmdline: make -F type= accept ;charset=
+ o RESUME_FROM: clarify what ftp uploads do
+ o http: handle trailer headers in all chunked responses
+ o Curl_is_connected: use correct errno
+ o Added SSPI build to Watcom makefile
+ o progress: callback for POSTs less than MAX_INITIAL_POST_SIZE
+ o linking problem on Fedora 13
+ o Link curl and the test apps with -lrt explicitly when necessary
+ o chunky parser: only rewind stream internally if needed
+ o remote-header-name: don't output filename when NULL
+ o Curl_timeleft: avoid returning "no timeout" by mistake
+ o timeout: use the correct start value as offset
+ o FTP: fix wrong timeout trigger
+ o buildconf got better output on failures
+ o rtsp: avoid SIGSEGV on malformed header
+ o LDAP: Support for tunnelling queries through HTTP proxy
+ o configure's --enable-werror had a bashism
+ o test565: Don't hardcode IP:PORT
+ o configure: check for gcrypt if using GnuTLS
+ o configure: don't enable RTMP if the lib detect fails
+ o curl_easy_duphandle: clone the c-ares handle correctly
+ o MacOSX-Framework: updates for Snowleopard
+ o support URL containing colon without trailing port number
+ o parsedate: allow time specified without seconds
+ o curl_easy_escape: don't escape "unreserved" characters
+ o SFTP: avoid downloading negative sizes
+ o Lots of GSS/KRB FTP fixes
+ o TFTP: Work around tftpd-hpa upload bug
+ o libcurl.m4: several fixes
+ o HTTP: remove special case for 416
+ o examples: use example.com in example URLs
+ o globbing: fix crash on unballanced open brace
+ o cmake: build fixed

 This release includes the following known bugs:

@@ -61,11 +64,10 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:

- Dan Fandrich, Kamil Dudka, Krister Johansen, Pavel Raiskup, Jon Sargeant,
- Pierre Joye, Tor Arntsen, Constantine Sapuntzakis, Sidney San Martin,
- Jeff Pohlmeyer, Jan Van Boghout, Ben Greear, Guenter Knauf, Adam Light,
- Georg Lippitsch, Mike Power, Robin Cornelius, Mikael Johansson,
- Yang Tse, Ben Darnell
-
+ Kamil Dudka, Ben Greear, Cameron Kaiser, Dan Fandrich, Dirk Manske,
+ Guenter Knauf, Julien Chaffraix, Quanah Gibson-Mount, Tor Arntsen,
+ Peter Pentchev, James Bursa, Fabian Keil, Michal Gorny, Mauro Iorio,
+ Hendrik Visage, Ning Dong, David McCreedy, Patrick Monnerat,
+ Tim Newsome, Dan Locks, Vlad Ureche, Dimitre Dimitrov

        Thanks! (and sorry if I forgot to mention someone)
--- a/17
+++ b/17
@@ -1,4 +1,17 @@
-To be addressed in 7.XX.X
+To be addressed in 7.21.2
 =========================

-261 - 
+268 - 3076430 SFTP resume with 4GB file does not work
+
+271 -
+
+To be addressed in 7.21.3
+=========================
+
+262 - Manual setting of TLS Server Name Indication - use Host:
+
+263 - Support binding DNS to local interface/IP
+
+265 - 1. FTP cmd channel and data channel validation
+
+267 - 2. Cert chain for data channel
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -2145,6 +2145,7 @@ AC_DEFUN([CURL_CHECK_LIBS_CLOCK_GETTIME_MONOTONIC], [
        else
          LIBS="$curl_cv_gclk_LIBS $curl_cv_save_LIBS"
        fi
+        CURL_LIBS="$CURL_LIBS $curl_cv_gclk_LIBS"
        AC_MSG_RESULT([$curl_cv_gclk_LIBS])
        ac_cv_func_clock_gettime="yes"
        ;;
--- a/8
+++ b/8
@@ -248,13 +248,17 @@ fi
 #--------------------------------------------------------------------------
 # m4 check
 #
-m4=`${M4:-m4} --version 2>/dev/null|head -n 1`;
+m4=`(${M4:-m4} --version || ${M4:-gm4} --version) 2>/dev/null | head -n 1`;
 m4_version=`echo $m4 | sed -e 's/^.* \([0-9]\)/\1/' -e 's/[a-z]* *$//'`

 if { echo $m4 | grep "GNU" >/dev/null 2>&1; } then
  echo "buildconf: GNU m4 version $m4_version (ok)"
 else
-  echo "buildconf: m4 version $m4 found. You need a GNU m4 installed!"
+  if test -z "$m4"; then
+    echo "buildconf: m4 version not recognized. You need a GNU m4 installed!"
+  else
+    echo "buildconf: m4 version $m4 found. You need a GNU m4 installed!"
+  fi
  exit 1
 fi

--- a/configure.ac
+++ b/configure.ac
@@ -24,7 +24,7 @@ dnl Process this file with autoconf to produce a configure script.
 AC_PREREQ(2.57)

 dnl We don't know the version number "statically" so we use a dash here
-AC_INIT([curl], [-], [a suitable curl mailing list => http://curl.haxx.se/mail/])
+AC_INIT([curl], [-], [a suitable curl mailing list: http://curl.haxx.se/mail/])

 CURL_OVERRIDE_AUTOCONF

@@ -53,7 +53,7 @@ CONFIGURE_OPTIONS="\"$ac_configure_args\""
 AC_SUBST(CONFIGURE_OPTIONS)

 CURL_CFLAG_EXTRAS=""
-if test X"$want_werror" == Xyes; then
+if test X"$want_werror" = Xyes; then
  CURL_CFLAG_EXTRAS="-Werror"
 fi
 AC_SUBST(CURL_CFLAG_EXTRAS)
@@ -416,7 +416,6 @@ AC_HELP_STRING([--disable-ldaps],[Disable LDAPS support]),
         AC_MSG_RESULT(yes)
         AC_DEFINE(HAVE_LDAP_SSL, 1, [Use LDAPS implementation])
         AC_SUBST(HAVE_LDAP_SSL, [1])
-         curl_ldaps_msg="enabled"
       fi
       ;;
  esac ],[
@@ -428,7 +427,6 @@ AC_HELP_STRING([--disable-ldaps],[Disable LDAPS support]),
         AC_MSG_RESULT(yes)
         AC_DEFINE(HAVE_LDAP_SSL, 1, [Use LDAPS implementation])
         AC_SUBST(HAVE_LDAP_SSL, [1])
-         curl_ldaps_msg="enabled"
       fi ]
 )

@@ -570,6 +568,22 @@ AC_HELP_STRING([--disable-smtp],[Disable SMTP support]),
       AC_MSG_RESULT(yes)
 )

+AC_MSG_CHECKING([whether to support gopher])
+AC_ARG_ENABLE(gopher,
+AC_HELP_STRING([--enable-gopher],[Enable Gopher support])
+AC_HELP_STRING([--disable-gopher],[Disable Gopher support]),
+[ case "$enableval" in
+  no)
+       AC_MSG_RESULT(no)
+       AC_DEFINE(CURL_DISABLE_GOPHER, 1, [to disable Gopher])
+       AC_SUBST(CURL_DISABLE_GOPHER, [1])
+       ;;
+  *)   AC_MSG_RESULT(yes)
+       ;;
+  esac ],
+       AC_MSG_RESULT(yes)
+)
+

 dnl **********************************************************************
 dnl Check for built-in manual
@@ -876,6 +890,10 @@ if test x$CURL_DISABLE_LDAP != x1 ; then
  fi
 fi

+if test x$CURL_DISABLE_LDAPS != x1 ; then
+    curl_ldaps_msg="enabled"
+fi
+
 dnl **********************************************************************
 dnl Checks for IPv6
 dnl **********************************************************************
@@ -1718,6 +1736,20 @@ if test "$OPENSSL_ENABLED" != "1"; then

 fi dnl OPENSSL != 1

+dnl ---
+dnl If GnuTLS is enabled, we MUST verify that it uses libgcrypt since
+dnl curl code relies on that but recent GnuTLS versions can in fact build
+dnl with different crypto libraries which curl right now cannot handle
+dnl ---
+
+if test "$GNUTLS_ENABLED" = "1"; then
+  AC_CHECK_LIB(gcrypt,
+               gcry_control, ,
+    [
+      AC_MSG_ERROR([need GnuTLS built with gcrypt to function with GnuTLS])
+    ])
+fi
+
 dnl ----------------------------------------------------
 dnl check for PolarSSL
 dnl ----------------------------------------------------
@@ -2035,6 +2067,7 @@ if test X"$OPT_LIBRTMP" != Xno; then
    ;;
  off)
    dnl no --with-librtmp option given, just check default places
+    LIB_RTMP="-lrtmp"
    ;;
  *)
    dnl use the given --with-librtmp spot
@@ -2053,13 +2086,19 @@ if test X"$OPT_LIBRTMP" != Xno; then
  CPPFLAGS="$CPPFLAGS $CPP_RTMP"
  LIBS="$LIBS $LIB_RTMP"

-  AC_CHECK_LIB(rtmp, RTMP_Init)
-
-  AC_CHECK_HEADERS(librtmp/rtmp.h,
-    curl_rtmp_msg="enabled (librtmp)"
-    LIBRTMP_ENABLED=1
-    AC_DEFINE(USE_LIBRTMP, 1, [if librtmp is in use])
-    AC_SUBST(USE_LIBRTMP, [1])
+  AC_CHECK_LIB(rtmp, RTMP_Init,
+    [
+     AC_CHECK_HEADERS(librtmp/rtmp.h,
+        curl_rtmp_msg="enabled (librtmp)"
+        LIBRTMP_ENABLED=1
+        AC_DEFINE(USE_LIBRTMP, 1, [if librtmp is in use])
+        AC_SUBST(USE_LIBRTMP, [1])
+     )
+    ],
+      dnl not found, revert back to clean variables
+      LDFLAGS=$CLEANLDFLAGS
+      CPPFLAGS=$CLEANCPPFLAGS
+      LIBS=$CLEANLIBS
  )

  if test X"$OPT_LIBRTMP" != Xoff &&
@@ -2067,12 +2106,6 @@ if test X"$OPT_LIBRTMP" != Xno; then
    AC_MSG_ERROR([librtmp libs and/or directories were not found where specified!])
  fi

-  if test "$LIBRTMP_ENABLED" != "1"; then
-    dnl no librtmp, revert back to clean variables
-    LDFLAGS=$CLEANLDFLAGS
-    CPPFLAGS=$CLEANCPPFLAGS
-    LIBS=$CLEANLIBS
-  fi
 fi

 dnl **********************************************************************
@@ -2738,6 +2771,9 @@ fi
 if test "x$CURL_DISABLE_TFTP" != "x1"; then
  SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS TFTP"
 fi
+if test "x$CURL_DISABLE_GOPHER" != "x1"; then
+  SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS GOPHER"
+fi
 if test "x$CURL_DISABLE_POP3" != "x1"; then
  SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS POP3"
  if test "x$SSL_ENABLED" = "x1"; then
--- a/docs/FAQ
+++ b/docs/FAQ
@@ -1,4 +1,4 @@
-Updated: June 30, 2010 (http://curl.haxx.se/docs/faq.html)
+Updated: October 6, 2010 (http://curl.haxx.se/docs/faq.html)
                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
@@ -20,6 +20,8 @@ FAQ
  1.10 How many are using curl?
  1.11 Why don't you update ca-bundle.crt
  1.12 I have a problem who can I chat with?
+  1.13 curl's ECCN number?
+  1.14 How do I submit my patch?

 2. Install Related Problems
  2.1 configure doesn't find OpenSSL even when it is installed
@@ -48,6 +50,7 @@ FAQ
  3.16 What certificates do I need when I use SSL?
  3.17 How do I list the root dir of an FTP server?
  3.18 Can I use curl to send a POST/PUT and not wait for a response?
+  3.19 How do I get HTTP from a host using a specific IP address?

 4. Running Problems
  4.1 Problems connecting to SSL servers.
@@ -123,8 +126,10 @@ FAQ

  libcurl

-    A free and easy-to-use client-side URL transfer library, supporting FTP,
-    FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, FILE, LDAP and LDAPS.
+    A free and easy-to-use client-side URL transfer library, supporting DICT,
+    FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3,
+    POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, TELNET and TFTP.
+
    libcurl supports HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading,
    kerberos, HTTP form based upload, proxies, cookies, user+password
    authentication, file transfer resume, http proxy tunneling and more!
@@ -142,9 +147,8 @@ FAQ

    A command line tool for getting or sending files using URL syntax.

-    Since curl uses libcurl, it supports a range of common Internet protocols,
-    currently including HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, LDAP, LDAPS,
-    DICT, TELNET and FILE.
+    Since curl uses libcurl, curl supports the same wide range of common
+    Internet protocols that libcurl does.

  We pronounce curl and cURL with an initial k sound: [kurl].

@@ -308,9 +312,9 @@ FAQ
  as used by numerous applications that include libcurl binaries in their
  distribution packages (like Adobe Acrobat Reader and Google Earth).

-  More than 90 known named companies use curl in commercial environments and
-  products. More than 100 known named open source projects depend on
-  (lib)curl.
+  More than a hundred known named companies use curl in commercial
+  environments and products and more than a hundred known named open source
+  projects depend on (lib)curl.

  In a poll on the curl web site mid-2005, more than 50% of the 300+ answers
  estimated a user base of one million users or more.
@@ -320,6 +324,12 @@ FAQ
  based web servers. A guess is that a fair amount of these Linux
  installations have curl installed.

+  The Debian project maintains statistics on packages installed by people
+  who have voluntarily run their package counting application.  In mid-2010,
+  libcurl3 was installed on over 55000 such systems (62% of reporting systems)
+  and was one of the 320 most popular installed packages (out of about 107000
+  possible packages).
+
  All this taken together, there is no doubt that there are millions of
  (lib)curl users.

@@ -328,6 +338,7 @@ FAQ
  http://curl.haxx.se/libcurl/using/apps.html
  http://counter.li.org/estimates.php
  http://news.netcraft.com/archives/2005/03/14/fedora_makes_rapid_progress.html
+  http://qa.debian.org/popcon.php?package=curl

  1.11 Why don't you update ca-bundle.crt

@@ -358,6 +369,41 @@ FAQ
  IRC network irc.freenode.net. If you're polite and nice, chances are big
  that you can get -- or provide -- help instantly.

+  1.13 curl's ECCN number?
+
+  The US government restricts exports of software that contains or uses
+  cryptography. When doing so, the Export Control Classification Number (ECCN)
+  is used to identify the level of export control etc.
+
+  ASF gives a good explanation at http://www.apache.org/dev/crypto.html
+
+  We believe curl's number might be ECCN 5D002, another possibility is
+  5D992. It seems necessary to write them, asking to confirm.
+
+  Comprehensible explanations of the meaning of such numbers and how to
+  obtain them (resp.) are here
+
+  http://www.bis.doc.gov/licensing/exportingbasics.htm
+  http://www.bis.doc.gov/licensing/do_i_needaneccn.html
+
+  An incomprehensible description of the two numbers above is here
+  http://www.access.gpo.gov/bis/ear/pdf/ccl5-pt2.pdf
+
+  1.14 How do I submit my patch?
+
+  When you have made a patch or a change of whatever sort, and want to submit
+  that to the project, there are a few different ways we prefer:
+
+  o send a patch to the curl-library mailing list. We're many subscribers
+    there and there are lots of people who can review patches, comment on them
+    and "receive" them properly.
+
+  o if your patch changes or fixes a bug, you can also opt to submit a bug
+    report in the bug tracker and attach your patch there. There are less
+    people involved there.
+
+  Lots of more details are found in the CONTRIBUTE and INTERNALS docs.
+

 2. Install Related Problems

@@ -615,6 +661,9 @@ FAQ
    provide this in order to prove that you actually are who you claim to be.
    If the server doesn't require this, you don't need a client certificate.

+    A client certificate is always used together with a private key, and the
+    private key has a pass phrase that protects it.
+
  - Server certificate. The server you communicate with has a server
    certificate. You can and should verify this certificate to make sure that
    you are truly talking to the real server and not a server impersonating
@@ -622,8 +671,9 @@ FAQ

  - Certificate Authority certificate ("CA cert"). You often have several CA
    certs in a CA cert bundle that can be used to verify a server certificate
-    that was signed by one of the authorities in the bundle. curl comes with a
-    default CA cert bundle. You can override the default.
+    that was signed by one of the authorities in the bundle. curl does not
+    come with a CA cert bundle but most curl installs provide one. You can
+    also override the default.

    The server certificate verification process is made by using a Certificate
    Authority certificate ("CA cert") that was used to sign the server
@@ -654,6 +704,17 @@ FAQ

  But you could easily write your own program using libcurl to do such stunts.

+  3.19 How do I get HTTP from a host using a specific IP address?
+
+  For example, you may be trying out a web site installation that isn't yet in
+  the DNS. Or you have a site using multiple IP addresses for a given host
+  name and you want to address a specific one out of the set.
+
+  Set a custom Host: header that identifies the server name you want to reach
+  but use the target IP address in the URL:
+
+    curl --header "Host: www.example.com" http://127.0.0.1/
+

 4. Running Problems

@@ -802,10 +863,8 @@ FAQ

  4.9 Curl can't authenticate to the server that requires NTLM?

-  This is supported in curl 7.10.6 or later. No earlier curl version knows
-  of this magic. Later versions require the OpenSSL, GnuTLS or Microsoft
-  Windows libraries to provide this functionality. Using the NSS library
-  will not provide NTLM authentication functionality in curl.
+  NTLM support requires OpenSSL, GnuTLS, NSS or Microsoft Windows libraries at
+  build-time to provide this functionality.

  NTLM is a Microsoft proprietary protocol. Proprietary formats are evil. You
  should not use such ones.
@@ -1070,11 +1129,14 @@ FAQ

  When building an application that uses the static libcurl library, you must
  add -DCURL_STATICLIB to your CFLAGS. Otherwise the linker will look for
-  dynamic import symbols. If you get linker error like "unknown symbol
-  __imp__curl_easy_init ..." you have linked against the wrong (static)
-  library.  If you want to use the libcurl.dll and import lib, you don't need
-  any extra CFLAGS, but use one of the import libraries below. These are the
-  libraries produced by the various lib/Makefile.* files:
+  dynamic import symbols. If you're using Visual Studio, you need to instead
+  add CURL_STATICLIB in the "Preprocessor Definitions" section.
+
+  If you get linker error like "unknown symbol __imp__curl_easy_init ..." you
+  have linked against the wrong (static) library.  If you want to use the
+  libcurl.dll and import lib, you don't need any extra CFLAGS, but use one of
+  the import libraries below. These are the libraries produced by the various
+  lib/Makefile.* files:

  Target:          static lib.   import lib for libcurl*.dll.
  -----------------------------------------------------------
--- a/docs/HISTORY
+++ b/docs/HISTORY
@@ -161,6 +161,12 @@ December 2005:

 security vulnerability: libcurl URL Buffer Overflow

+January 2006:
+
+ We dropped support for Gopher. We found bugs in the implementation that
+ turned out having been introduced years ago, so with the conclusion that
+ nobody had found out in all this time we removed it instead of fixing it.
+
 March 2006:

 security vulnerability: libcurl TFTP Packet Buffer Overflow
@@ -235,3 +241,4 @@ August 2010:
 Known libcurl bindings:       39
 Contributors:                 808

+ Gopher support added (re-added actually)
--- a/docs/INSTALL
+++ b/docs/INSTALL
@@ -980,10 +980,17 @@ PORTS
 Useful URLs
 ===========

-OpenSSL   http://www.openssl.org
-MingW     http://www.mingw.org
-OpenLDAP  http://www.openldap.org
-Zlib      http://www.gzip.org/zlib/
+c-ares    http://daniel.haxx.se/projects/c-ares/license.html
+GNU GSS   http://www.gnu.org/software/gss/
+GnuTLS    http://www.gnu.org/software/gnutls/
+Heimdal   http://www.pdc.kth.se/heimdal/
+libidn    http://www.gnu.org/software/libidn/
 libssh2   http://www.libssh2.org
-
-
+MingW     http://www.mingw.org
+MIT Kerberos http://web.mit.edu/kerberos/www/dist/
+NSS       http://www.mozilla.org/projects/security/pki/nss/
+OpenLDAP  http://www.openldap.org
+OpenSSL   http://www.openssl.org
+PolarSSL  http://polarssl.org
+yassl     http://www.yassl.com/
+Zlib      http://www.gzip.org/zlib/
--- a/docs/INTERNALS
+++ b/docs/INTERNALS
@@ -37,7 +37,7 @@ Portability
 GnuTLS       1.2
 zlib         1.1.4
 libssh2      0.16
- c-ares       1.5.0
+ c-ares       1.6.0
 libidn       0.4.1
 *yassl       1.4.0 (http://curl.haxx.se/mail/lib-2008-02/0093.html)
 openldap     2.0
--- a/docs/KNOWN_BUGS
+++ b/docs/KNOWN_BUGS
@@ -54,11 +54,6 @@ may have been fixed since this was written!
  handle with curl_easy_cleanup() and create a new. Some more details:
  http://curl.haxx.se/mail/lib-2009-04/0300.html

-62. CURLOPT_TIMEOUT does not work properly with the regular multi and
-  multi_socket interfaces. The work-around for apps is to simply remove the
-  easy handle once the time is up. See also:
-  http://curl.haxx.se/bug/view.cgi?id=2501457
-
 61. If an upload using Expect: 100-continue receives an HTTP 417 response,
  it ought to be automatically resent without the Expect:.  A workaround is
  for the client application to redo the transfer after disabling Expect:.
--- a/docs/THANKS
+++ b/docs/THANKS
@@ -6,6 +6,7 @@

 Aaron Oneal
 Adam D. Moss
+Adam Light
 Adam Piggott
 Adrian Schuur
 Akos Pasztory
@@ -72,6 +73,7 @@ Axel Tillequin
 Balint Szilakszi
 Bart Whiteley
 Bas Mevissen
+Ben Darnell
 Ben Greear
 Ben Madsen
 Ben Van Hof
@@ -339,6 +341,7 @@ Jamie Lokier
 Jamie Newton
 Jamie Wilkinson
 Jan Kunder
+Jan Van Boghout
 Jared Lundell
 Jari Sundell
 Jason McDonald
@@ -389,6 +392,7 @@ John-Mark Bell
 Johnny Luong
 Jon Grubbs
 Jon Nelson
+Jon Sargeant
 Jon Travis
 Jon Turner
 Jonas Forsman
@@ -535,11 +539,13 @@ Michal Bonino
 Michal Marek
 Michele Bini
 Mihai Ionescu
+Mikael Johansson
 Mikael Sennerholm
 Mike Bytnar
 Mike Crowe
 Mike Dobbs
 Mike Hommey
+Mike Power
 Mike Protts
 Mike Revi
 Miklos Nemeth
@@ -621,6 +627,7 @@ Philippe Raoult
 Philippe Vaucher
 Pierre
 Pierre Brico
+Pierre Joye
 Pooyan McSporran
 Pramod Sharma
 Puneet Pawaia
@@ -665,6 +672,7 @@ Robert Foreman
 Robert Iakobashvili
 Robert Olson
 Robert Weaver
+Robin Cornelius
 Robin Johnson
 Robin Kay
 Robson Braga Araujo
@@ -705,6 +713,7 @@ Shard
 Shawn Poulson
 Shmulik Regev
 Siddhartha Prakash Jain
+Sidney San Martin
 Siegfried Gyuricsko
 Simon Dick
 Simon Josefsson
--- a/docs/TODO
+++ b/docs/TODO
@@ -22,7 +22,6 @@
 2.2 Remove easy interface internally
 2.3 Avoid having to remove/readd handles
 2.4 Fix HTTP Pipelining for PUT
- 2.5 Make curl_multi_info_read faster

 3. Documentation
 3.1  More and better
@@ -56,18 +55,17 @@
 7.7 Support other SSL libraries
 7.8  Support SRP on the TLS layer
 7.9 improve configure --with-ssl
- 7.10 Make NTLM work with other crypto functions

 8. GnuTLS
 8.1 SSL engine stuff
 8.2 SRP
 8.3 check connection
+ 8.4 non-gcrypt

 9. Other protocols

 10. New protocols
 10.1 RSYNC
- 10.2 RTMP

 11. Client
 11.1 sync
@@ -185,11 +183,6 @@
 serial requests and currently libcurl only supports that for HEAD and GET
 requests but it should also be possible for PUT.

-2.5 Make curl_multi_info_read faster
-
- When checking if there's info to return, this function scans over ALL added
- easy handles every time. That makes this function unnecessary heavy and slow.
-
 3. Documentation

 3.1  More and better
@@ -342,14 +335,6 @@ to provide the data to send.
 make the configure --with-ssl option first check for OpenSSL, then GnuTLS,
 then NSS...

-7.10 Make NTLM work with other crypto functions
-
- Get NTLM working using the functions provided by NSS etc. Not strictly
- SSL/TLS related, but hey... Another option is to get available DES and MD4
- source code from the cryptopp library. They are fine license-wise, but are
- C++. NTLM currenly only works when libcurl is built with OpenSSL or GnuTLS
- support.
-
 8. GnuTLS

 8.1 SSL engine stuff
@@ -366,6 +351,17 @@ to provide the data to send.
 Add a way to check if the connection seems to be alive, to correspond to the
 SSL_peak() way we use with OpenSSL.

+8.4 non-gcrypt
+
+ libcurl assumes that there are gcrypt functions available when
+ GnuTLS is.
+
+ GnuTLS can be built to use libnettle instead as crypto library,
+ which breaks the previously mentioned assumption
+
+ The correct fix would be to detect which crypto layer that is in use and
+ adapt our code to use that instead of blindly assuming gcrypt.
+
 9. Other protocols

 10. New protocols
@@ -375,12 +371,6 @@ to provide the data to send.
 There's no RFC for protocol nor URI/URL format.  An implementation should
 most probably use an existing rsync library, such as librsync.

-10.2 RTMP
-
- There exists a patch that claims to introduce this protocol:
- http://osdir.com/ml/gnu.gnash.devel2/2006-11/msg00278.html, further details
- in the feature-request: http://curl.haxx.se/bug/feature.cgi?id=1843469
-
 11. Client

 11.1 sync
--- a/docs/TheArtOfHttpScripting
+++ b/docs/TheArtOfHttpScripting
@@ -38,10 +38,10 @@ Date:    May 28, 2008
 request a particular action, and then the server replies a few text lines
 before the actual requested content is sent to the client.

- Using curl's option -v will display what kind of commands curl sends to the
- server, as well as a few other informational texts. -v is the single most
- useful option when it comes to debug or even understand the curl<->server
- interaction.
+ Using curl's option --verbose (-v as a short option) will display what kind of
+ commands curl sends to the server, as well as a few other informational texts. 
+ --verbose is the single most useful option when it comes to debug or even
+ understand the curl<->server interaction.

 2. URL

@@ -62,9 +62,9 @@ Date:    May 28, 2008
 that that URL holds.

 All HTTP replies contain a set of headers that are normally hidden, use
- curl's -i option to display them as well as the rest of the document. You can
- also ask the remote server for ONLY the headers by using the -I option (which
- will make curl issue a HEAD request).
+ curl's --include (-i) option to display them as well as the rest of the
+ document. You can also ask the remote server for ONLY the headers by using the
+ --head (-I) option (which will make curl issue a HEAD request).

 4. Forms

@@ -103,7 +103,7 @@ Date:    May 28, 2008
  To make curl do the GET form post for you, just enter the expected created
  URL:

-        curl "www.hotmail.com/when/junk.cgi?birthyear=1905&press=OK"
+        curl "http://www.hotmail.com/when/junk.cgi?birthyear=1905&press=OK"

 4.2 POST

@@ -127,7 +127,7 @@ Date:    May 28, 2008
  And to use curl to post this form with the same data filled in as before, we
  could do it like:

-        curl -d "birthyear=1905&press=%20OK%20" www.hotmail.com/when/junk.cgi
+        curl --data "birthyear=1905&press=%20OK%20" http://www.hotmail.com/when/junk.cgi

  This kind of POST will use the Content-Type
  application/x-www-form-urlencoded and is the most widely used POST kind.
@@ -139,7 +139,7 @@ Date:    May 28, 2008

  Recent curl versions can in fact url-encode POST data for you, like this:

-        curl --data-urlencode "name=I am Daniel" www.example.com
+        curl --data-urlencode "name=I am Daniel" http://www.example.com

 4.3 File Upload POST

@@ -160,7 +160,7 @@ Date:    May 28, 2008

  To post to a form like this with curl, you enter a command line like:

-        curl -F upload=@localfilename -F press=OK [URL]
+        curl --form upload=@localfilename --form press=OK [URL]

 4.4 Hidden Fields

@@ -181,7 +181,7 @@ Date:    May 28, 2008
  To post this with curl, you won't have to think about if the fields are
  hidden or not. To curl they're all the same:

-        curl -d "birthyear=1905&press=OK&person=daniel" [URL]
+        curl --data "birthyear=1905&press=OK&person=daniel" [URL]

 4.5 Figure Out What A POST Looks Like

@@ -204,7 +204,7 @@ Date:    May 28, 2008

 Put a file to a HTTP server with curl:

-        curl -T uploadfile www.uploadhttp.com/receive.cgi
+        curl --upload-file uploadfile http://www.uploadhttp.com/receive.cgi

 6. HTTP Authentication

@@ -217,7 +217,7 @@ Date:    May 28, 2008

 To tell curl to use a user and password for authentication:

-        curl -u name:password www.secrets.com
+        curl --user name:password http://www.secrets.com

 The site might require a different authentication method (check the headers
 returned by the server), and then --ntlm, --digest, --negotiate or even
@@ -228,7 +228,7 @@ Date:    May 28, 2008
 may require its own user and password to allow the client to get through to
 the Internet. To specify those with curl, run something like:

-        curl -U proxyuser:proxypassword curl.haxx.se
+        curl --proxy-user proxyuser:proxypassword curl.haxx.se

 If your proxy requires the authentication to be done using the NTLM method,
 use --proxy-ntlm, if it requires Digest use --proxy-digest.
@@ -257,7 +257,7 @@ Date:    May 28, 2008

 Use curl to set the referer field with:

-        curl -e http://curl.haxx.se daniel.haxx.se
+        curl --referer http://curl.haxx.se http://daniel.haxx.se

 8. User Agent

@@ -275,11 +275,11 @@ Date:    May 28, 2008

 To make curl look like Internet Explorer on a Windows 2000 box:

-        curl -A "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" [URL]
+        curl --user-agent "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" [URL]

 Or why not look like you're using Netscape 4.73 on a Linux (PIII) box:

-        curl -A "Mozilla/4.73 [en] (X11; U; Linux 2.2.15 i686)" [URL]
+        curl --user-agent "Mozilla/4.73 [en] (X11; U; Linux 2.2.15 i686)" [URL]

 9. Redirects

@@ -294,11 +294,12 @@ Date:    May 28, 2008

 To tell curl to follow a Location:

-        curl -L www.sitethatredirects.com
+        curl --location http://www.sitethatredirects.com

 If you use curl to POST to a site that immediately redirects you to another
- page, you can safely use -L and -d/-F together. Curl will only use POST in
- the first request, and then revert to GET in the following operations.
+ page, you can safely use --location (-L) and --data/--form together. Curl will
+ only use POST in the first request, and then revert to GET in the following
+ operations.

 10. Cookies

@@ -320,16 +321,16 @@ Date:    May 28, 2008
 The simplest way to send a few cookies to the server when getting a page with
 curl is to add them on the command line like:

-        curl -b "name=Daniel" www.cookiesite.com
+        curl --cookie "name=Daniel" http://www.cookiesite.com

 Cookies are sent as common HTTP headers. This is practical as it allows curl
 to record cookies simply by recording headers. Record cookies with curl by
- using the -D option like:
+ using the --dump-header (-D) option like:

-        curl -D headers_and_cookies www.cookiesite.com
+        curl --dump-header headers_and_cookies http://www.cookiesite.com

- (Take note that the -c option described below is a better way to store
- cookies.)
+ (Take note that the --cookie-jar option described below is a better way to
+ store cookies.)

 Curl has a full blown cookie parsing engine built-in that comes to use if you
 want to reconnect to a server and use cookies that were stored from a
@@ -337,24 +338,24 @@ Date:    May 28, 2008
 believing you had a previous connection). To use previously stored cookies,
 you run curl like:

-        curl -b stored_cookies_in_file www.cookiesite.com
+        curl --cookie stored_cookies_in_file http://www.cookiesite.com

- Curl's "cookie engine" gets enabled when you use the -b option. If you only
- want curl to understand received cookies, use -b with a file that doesn't
- exist. Example, if you want to let curl understand cookies from a page and
- follow a location (and thus possibly send back cookies it received), you can
- invoke it like:
+ Curl's "cookie engine" gets enabled when you use the --cookie option. If you
+ only want curl to understand received cookies, use --cookie with a file that
+ doesn't exist. Example, if you want to let curl understand cookies from a page 
+ and follow a location (and thus possibly send back cookies it received), you
+ can invoke it like:

-        curl -b nada -L www.cookiesite.com
+        curl --cookie nada --location http://www.cookiesite.com

 Curl has the ability to read and write cookie files that use the same file
 format that Netscape and Mozilla do. It is a convenient way to share cookies
- between browsers and automatic scripts. The -b switch automatically detects
- if a given file is such a cookie file and parses it, and by using the
- -c/--cookie-jar option you'll make curl write a new cookie file at the end of
+ between browsers and automatic scripts. The --cookie (-b) switch automatically
+ detects if a given file is such a cookie file and parses it, and by using the
+ --cookie-jar (-c) option you'll make curl write a new cookie file at the end of
 an operation:

-        curl -b cookies.txt -c newcookies.txt www.cookiesite.com
+        curl --cookie cookies.txt --cookie-jar newcookies.txt http://www.cookiesite.com

 11. HTTPS

@@ -381,13 +382,13 @@ Date:    May 28, 2008
  can be specified on the command line or if not, entered interactively when
  curl queries for it. Use a certificate with curl on a HTTPS server like:

-        curl -E mycert.pem https://that.secure.server.com
+        curl --cert mycert.pem https://that.secure.server.com

  curl also tries to verify that the server is who it claims to be, by
  verifying the server's certificate against a locally stored CA cert
  bundle. Failing the verification will cause curl to deny the connection. You
-  must then use -k in case you want to tell curl to ignore that the server
-  can't be verified.
+  must then use --insecure (-k) in case you want to tell curl to ignore that
+  the server can't be verified.

  More about server certificate verification and ca cert bundles can be read
  in the SSLCERTS document, available online here:
@@ -402,17 +403,17 @@ Date:    May 28, 2008
 For example, you can change the POST request to a PROPFIND and send the data
 as "Content-Type: text/xml" (instead of the default Content-Type) like this:

-        curl -d "<xml>" -H "Content-Type: text/xml" -X PROPFIND url.com
+        curl --data "<xml>" --header "Content-Type: text/xml" --request PROPFIND url.com

 You can delete a default header by providing one without content. Like you
 can ruin the request by chopping off the Host: header:

-        curl -H "Host:" http://mysite.com
+        curl --header "Host:" http://mysite.com

 You can add headers the same way. Your server may want a "Destination:"
 header, and you can add it:

-        curl -H "Destination: http://moo.com/nowhere" http://url.com
+        curl --header "Destination: http://moo.com/nowhere" http://url.com

 13. Web Login

@@ -456,8 +457,8 @@ Date:    May 28, 2008
 * Use the --trace-ascii option to store fully detailed logs of the requests
   for easier analyzing and better understanding

- * Make sure you check for and use cookies when needed (both reading with -b
-   and writing with -c)
+ * Make sure you check for and use cookies when needed (both reading with
+   --cookie and writing with --cookie-jar)

 * Set user-agent to one like a recent popular browser does

--- a/docs/curl.1
+++ b/docs/curl.1
@@ -29,8 +29,9 @@ curl \- transfer a URL
 .SH DESCRIPTION
 .B curl
 is a tool to transfer data from or to a server, using one of the supported
-protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or
-FILE).  The command is designed to work without user interaction.
+protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP,
+LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, TELNET and TFTP).  The
+command is designed to work without user interaction.

 curl offers a busload of useful tricks like proxy support, user
 authentication, FTP upload, HTTP post, SSL connections, cookies, file transfer
@@ -55,16 +56,16 @@ or you can get sequences of alphanumeric series by using [] as in:
 ftp://ftp.numericals.com/file[001-100].txt    (with leading zeros)
 ftp://ftp.letters.com/file[a-z].txt

-No nesting of the sequences is supported at the moment, but you can use
-several ones next to each other:
+Nested sequences are not supported, but you can use several ones next to each
+other:

 http://any.org/archive[1996-1999]/vol[1-4]/part{a,b,c}.html

 You can specify any amount of URLs on the command line. They will be fetched
 in a sequential manner in the specified order.

-Since curl 7.15.1 you can also specify a step counter for the ranges, so that
-you can get every Nth number or letter:
+You can specify a step counter for the ranges to get every Nth number or
+letter:

 http://www.numericals.com/file[1-100:10].txt
 http://www.letters.com/file[a-z:2].txt
@@ -87,8 +88,8 @@ invokes.
 curl normally displays a progress meter during operations, indicating the amount
 of transferred data, transfer speeds and estimated time left, etc.

-However, since curl displays this data to the terminal by default, if you invoke
-curl to do an operation and it is about to write data to the terminal, it
+curl displays this data to the terminal by default, so if you invoke curl to
+do an operation and it is about to write data to the terminal, it
 \fIdisables\fP the progress meter as otherwise it would mess up the output
 mixing progress meter and response data.

@@ -300,8 +301,8 @@ away. EPRT and LPRT are extensions to the original FTP protocol, and may not wor
 on all servers, but they enable more functionality in a better way than the
 traditional PORT command.

-Since curl 7.19.0, \fB--eprt\fP can be used to explicitly enable EPRT again
-and \fB--no-eprt\fP is an alias for \fB--disable-eprt\fP.
+\fB--eprt\fP can be used to explicitly enable EPRT again and \fB--no-eprt\fP
+is an alias for \fB--disable-eprt\fP.

 Disabling EPRT only changes the active behavior. If you want to switch to
 passive mode you need to not use \fI-P/--ftp-port\fP or force it with
@@ -311,8 +312,8 @@ passive mode you need to not use \fI-P/--ftp-port\fP or force it with
 transfers. Curl will normally always first attempt to use EPSV before PASV,
 but with this option, it will not try using EPSV.

-Since curl 7.19.0, \fB--epsv\fP can be used to explicitly enable EPRT again
-and \fB--no-epsv\fP is an alias for \fB--disable-epsv\fP.
+\fB--epsv\fP can be used to explicitly enable EPRT again and \fB--no-epsv\fP
+is an alias for \fB--disable-epsv\fP.

 Disabling EPSV only changes the passive behavior. If you want to switch to
 active mode you need to use \fI-P/--ftp-port\fP.
--- a/docs/examples/10-at-a-time.c
+++ b/docs/examples/10-at-a-time.c
@@ -119,7 +119,7 @@ int main(void)
  }

  while (U) {
-    while (CURLM_CALL_MULTI_PERFORM == curl_multi_perform(cm, &U));
+    curl_multi_perform(cm, &U);

    if (U) {
      FD_ZERO(&R);
--- a/docs/examples/cacertinmem.c
+++ b/docs/examples/cacertinmem.c
@@ -111,7 +111,7 @@ int main(void)
  rv=curl_easy_setopt(ch,CURLOPT_WRITEHEADER, stderr);
  rv=curl_easy_setopt(ch,CURLOPT_SSLCERTTYPE,"PEM");
  rv=curl_easy_setopt(ch,CURLOPT_SSL_VERIFYPEER,1L);
-  rv=curl_easy_setopt(ch, CURLOPT_URL, "https://www.cacert.org/");
+  rv=curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/");

  /* first try: retrieve page without cacerts' certificate -> will fail
   */
--- a/docs/examples/certinfo.c
+++ b/docs/examples/certinfo.c
@@ -20,7 +20,7 @@ int main(int argc, char **argv)

  curl = curl_easy_init();
  if(curl) {
-    curl_easy_setopt(curl, CURLOPT_URL, "https://www.networking4all.com/");
+    curl_easy_setopt(curl, CURLOPT_URL, "https://www.example.com/");

    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, wrfu);

--- a/docs/examples/cookie_interface.c
+++ b/docs/examples/cookie_interface.c
@@ -53,7 +53,7 @@ main(void)
  if (curl) {
    char nline[256];

-    curl_easy_setopt(curl, CURLOPT_URL, "http://www.google.com/"); /* google.com sets "PREF" cookie */
+    curl_easy_setopt(curl, CURLOPT_URL, "http://www.example.com/");
    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
    curl_easy_setopt(curl, CURLOPT_COOKIEFILE, ""); /* just to start the cookie engine */
    res = curl_easy_perform(curl);
--- a/docs/examples/debug.c
+++ b/docs/examples/debug.c
@@ -118,7 +118,7 @@ int main(void)
    /* the DEBUGFUNCTION has no effect until we enable VERBOSE */
    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);

-    curl_easy_setopt(curl, CURLOPT_URL, "curl.haxx.se");
+    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/");
    res = curl_easy_perform(curl);

    /* always cleanup */
--- a/docs/examples/evhiperfifo.c
+++ b/docs/examples/evhiperfifo.c
@@ -68,7 +68,6 @@ typedef struct _GlobalInfo
  struct ev_io fifo_event;
  struct ev_timer timer_event;
  CURLM *multi;
-  int prev_running;
  int still_running;
  FILE* input;
 } GlobalInfo;
@@ -122,7 +121,6 @@ static void mcode_or_die(const char *where, CURLMcode code)
    switch ( code )
    {
    case CURLM_CALL_MULTI_PERFORM: s="CURLM_CALL_MULTI_PERFORM"; break;
-    case CURLM_OK:                 s="CURLM_OK";                 break;
    case CURLM_BAD_HANDLE:         s="CURLM_BAD_HANDLE";         break;
    case CURLM_BAD_EASY_HANDLE:    s="CURLM_BAD_EASY_HANDLE";    break;
    case CURLM_OUT_OF_MEMORY:      s="CURLM_OUT_OF_MEMORY";      break;
@@ -144,54 +142,33 @@ static void mcode_or_die(const char *where, CURLMcode code)


 /* Check for completed transfers, and remove their easy handles */
-static void check_run_count(GlobalInfo *g)
+static void check_multi_info(GlobalInfo *g)
 {
-  DPRINT("%s prev %i still %i\n", __PRETTY_FUNCTION__,
-         g->prev_running, g->still_running);
-  if ( g->prev_running > g->still_running )
-  {
-    char *eff_url=NULL;
-    CURLMsg *msg;
-    int msgs_left;
-    ConnInfo *conn=NULL;
-    CURL*easy;
-    CURLcode res;
+  char *eff_url;
+  CURLMsg *msg;
+  int msgs_left;
+  ConnInfo *conn;
+  CURL *easy;
+  CURLcode res;

-    fprintf(MSG_OUT, "REMAINING: %d\n", g->still_running);
-    /*
-      I am still uncertain whether it is safe to remove an easy
-      handle from inside the curl_multi_info_read loop, so here I
-      will search for completed transfers in the inner "while"
-      loop, and then remove them in the outer "do-while" loop...
-    */
-    do
-    {
-      easy=NULL;
-      while ( (msg = curl_multi_info_read(g->multi, &msgs_left)) )
-      {
-        if ( msg->msg == CURLMSG_DONE )
-        {
-          easy=msg->easy_handle;
-          res=msg->data.result;
-        }
-
-        if ( easy )
-        {
-          curl_easy_getinfo(easy, CURLINFO_PRIVATE, &conn);
-          curl_easy_getinfo(easy, CURLINFO_EFFECTIVE_URL, &eff_url);
-          fprintf(MSG_OUT, "DONE: %s => (%d) %s\n", eff_url, res, conn->error);
-          curl_multi_remove_handle(g->multi, easy);
-          free(conn->url);
-          curl_easy_cleanup(easy);
-          free(conn);
-        }
-      }
-    } while ( easy );
+  fprintf(MSG_OUT, "REMAINING: %d\n", g->still_running);
+  while ((msg = curl_multi_info_read(g->multi, &msgs_left))) {
+    if (msg->msg == CURLMSG_DONE) {
+      easy = msg->easy_handle;
+      res = msg->data.result;
+      curl_easy_getinfo(easy, CURLINFO_PRIVATE, &conn);
+      curl_easy_getinfo(easy, CURLINFO_EFFECTIVE_URL, &eff_url);
+      fprintf(MSG_OUT, "DONE: %s => (%d) %s\n", eff_url, res, conn->error);
+      curl_multi_remove_handle(g->multi, easy);
+      free(conn->url);
+      curl_easy_cleanup(easy);
+      free(conn);
+    }
  }
-  g->prev_running = g->still_running;
 }


+
 /* Called by libevent when we get action on a multi socket */
 static void event_cb(EV_P_ struct ev_io *w, int revents)
 {
@@ -201,12 +178,9 @@ static void event_cb(EV_P_ struct ev_io *w, int revents)

  int action = (revents&EV_READ?CURL_POLL_IN:0)|
    (revents&EV_WRITE?CURL_POLL_OUT:0);
-  do
-  {
-    rc = curl_multi_socket_action(g->multi, w->fd, action, &g->still_running);
-  } while ( rc == CURLM_CALL_MULTI_PERFORM );
-  mcode_or_die("event_cb: curl_multi_socket", rc);
-  check_run_count(g);
+  rc = curl_multi_socket_action(g->multi, w->fd, action, &g->still_running);
+  mcode_or_die("event_cb: curl_multi_socket_action", rc);
+  check_multi_info(g);
  if ( g->still_running <= 0 )
  {
    fprintf(MSG_OUT, "last transfer done, kill timeout\n");
@@ -222,12 +196,9 @@ static void timer_cb(EV_P_ struct ev_timer *w, int revents)
  GlobalInfo *g = (GlobalInfo *)w->data;
  CURLMcode rc;

-  do
-  {
-    rc = curl_multi_socket_action(g->multi, CURL_SOCKET_TIMEOUT, 0, &g->still_running);
-  } while ( rc == CURLM_CALL_MULTI_PERFORM );
-  mcode_or_die("timer_cb: curl_multi_socket", rc);
-  check_run_count(g);
+  rc = curl_multi_socket_action(g->multi, CURL_SOCKET_TIMEOUT, 0, &g->still_running);
+  mcode_or_die("timer_cb: curl_multi_socket_action", rc);
+  check_multi_info(g);
 }

 /* Clean up the SockInfo structure */
@@ -364,11 +335,11 @@ static void new_conn(char *url, GlobalInfo *g )

  fprintf(MSG_OUT,
          "Adding easy %p to multi %p (%s)\n", conn->easy, g->multi, url);
-  rc =curl_multi_add_handle(g->multi, conn->easy);
+  rc = curl_multi_add_handle(g->multi, conn->easy);
  mcode_or_die("new_conn: curl_multi_add_handle", rc);

-  mcode_or_die("new_conn: curl_multi_socket_all", rc);
-  check_run_count(g);
+  /* note that the add_handle() will set a time-out to trigger very soon so
+     that the necessary socket_action() call will be called by this app */
 }

 /* This gets called whenever data is received from the fifo */
@@ -448,10 +419,9 @@ int main(int argc, char **argv)
  curl_multi_setopt(g.multi, CURLMOPT_SOCKETDATA, &g);
  curl_multi_setopt(g.multi, CURLMOPT_TIMERFUNCTION, multi_timer_cb);
  curl_multi_setopt(g.multi, CURLMOPT_TIMERDATA, &g);
-  do
-  {
-    rc = curl_multi_socket_all(g.multi, &g.still_running);
-  } while ( CURLM_CALL_MULTI_PERFORM == rc );
+
+  /* we don't call any curl_multi_socket*() function yet as we have no handles
+     added! */

  ev_loop(g.loop, 0);
  curl_multi_cleanup(g.multi);
--- a/docs/examples/fopen.c
+++ b/docs/examples/fopen.c
@@ -184,12 +184,7 @@ fill_buffer(URL_FILE *file,int want,int waittime)

        default:
            /* timeout or readable/writable sockets */
-            /* note we *could* be more efficient and not wait for
-             * CURLM_CALL_MULTI_PERFORM to clear here and check it on re-entry
-             * but that gets messy */
-            while(curl_multi_perform(multi_handle, &file->still_running) ==
-                  CURLM_CALL_MULTI_PERFORM);
-
+            curl_multi_perform(multi_handle, &file->still_running);
            break;
        }
    } while(file->still_running && (file->buffer_pos < want));
@@ -260,8 +255,7 @@ url_fopen(const char *url,const char *operation)
        curl_multi_add_handle(multi_handle, file->handle.curl);

        /* lets start the fetch */
-        while(curl_multi_perform(multi_handle, &file->still_running) ==
-              CURLM_CALL_MULTI_PERFORM );
+        curl_multi_perform(multi_handle, &file->still_running);

        if((file->buffer_pos == 0) && (!file->still_running))
        {
--- a/docs/examples/ftp-wildcard.c
+++ b/docs/examples/ftp-wildcard.c
@@ -67,8 +67,7 @@ int main(int argc, char **argv)
  if(argc == 2)
    curl_easy_setopt(handle, CURLOPT_URL, argv[1]);
  else
-    curl_easy_setopt(handle, CURLOPT_URL,
-      "ftp://curltest.howto.cz:123456@curltest.howto.cz/test/*");
+    curl_easy_setopt(handle, CURLOPT_URL, "ftp://example.com/test/*");

  /* and start transfer! */
  rc = curl_easy_perform(handle);
--- a/docs/examples/ftpget.c
+++ b/docs/examples/ftpget.c
@@ -52,12 +52,10 @@ int main(void)
  curl = curl_easy_init();
  if(curl) {
    /*
-     * Get curl 7.9.2 from sunet.se's FTP site. curl 7.9.2 is most likely not
-     * present there by the time you read this, so you'd better replace the
-     * URL with one that works!
+     * You better replace the URL with one that works!
     */
    curl_easy_setopt(curl, CURLOPT_URL,
-                     "ftp://ftp.sunet.se/pub/www/utilities/curl/curl-7.9.2.tar.gz");
+                     "ftp://ftp.example.com/pub/www/utilities/curl/curl-7.9.2.tar.gz");
    /* Define our callback to get called when there's data to be written */
    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, my_fwrite);
    /* Set a pointer to our struct to pass to the callback */
--- a/docs/examples/ftpgetinfo.c
+++ b/docs/examples/ftpgetinfo.c
@@ -28,8 +28,7 @@ static size_t throw_away(void *ptr, size_t size, size_t nmemb, void *data)

 int main(void)
 {
-  /* Check for binutils 2.19.1 from ftp.gnu.org's FTP site. */
-  char ftpurl[] = "ftp://ftp.gnu.org/gnu/binutils/binutils-2.19.1.tar.bz2";
+  char ftpurl[] = "ftp://ftp.example.com/gnu/binutils/binutils-2.19.1.tar.bz2";
  CURL *curl;
  CURLcode res;
  const time_t filetime;
--- a/docs/examples/ftpgetresp.c
+++ b/docs/examples/ftpgetresp.c
@@ -43,7 +43,7 @@ int main(int argc, char **argv)
  curl = curl_easy_init();
  if(curl) {
    /* Get a file listing from sunet */
-    curl_easy_setopt(curl, CURLOPT_URL, "ftp://ftp.sunet.se/");
+    curl_easy_setopt(curl, CURLOPT_URL, "ftp://ftp.example.com/");
    curl_easy_setopt(curl, CURLOPT_WRITEDATA, ftpfile);
    /* If you intend to use this on windows with a libcurl DLL, you must use
       CURLOPT_WRITEFUNCTION as well */
--- a/docs/examples/ftpupload.c
+++ b/docs/examples/ftpupload.c
@@ -30,7 +30,7 @@

 #define LOCAL_FILE      "/tmp/uploadthis.txt"
 #define UPLOAD_FILE_AS  "while-uploading.txt"
-#define REMOTE_URL      "ftp://localhost/"  UPLOAD_FILE_AS
+#define REMOTE_URL      "ftp://example.com/"  UPLOAD_FILE_AS
 #define RENAME_FILE_TO  "renamed-and-fine.txt"

 /* NOTE: if you want this example to work on Windows with libcurl as a
--- a/docs/examples/ftpuploadresume.c
+++ b/docs/examples/ftpuploadresume.c
@@ -32,7 +32,8 @@ int __cdecl _snscanf(const char * input, size_t length, const char * format, ...


 /* parse headers for Content-Length */
-size_t getcontentlengthfunc(void *ptr, size_t size, size_t nmemb, void *stream) {
+size_t getcontentlengthfunc(void *ptr, size_t size, size_t nmemb, void *stream)
+{
  int r;
  long len = 0;

@@ -46,7 +47,8 @@ size_t getcontentlengthfunc(void *ptr, size_t size, size_t nmemb, void *stream)
 }

 /* discard downloaded data */
-size_t discardfunc(void *ptr, size_t size, size_t nmemb, void *stream) {
+size_t discardfunc(void *ptr, size_t size, size_t nmemb, void *stream)
+{
  return size * nmemb;
 }

@@ -143,13 +145,14 @@ int upload(CURL *curlhandle, const char * remotepath, const char * localpath,
  }
 }

-int main(int c, char **argv) {
+int main(int c, char **argv)
+{
  CURL *curlhandle = NULL;

  curl_global_init(CURL_GLOBAL_ALL);
  curlhandle = curl_easy_init();

-  upload(curlhandle, "ftp://user:pass@host/path/file", "C:\\file", 0, 3);
+  upload(curlhandle, "ftp://user:pass@example.com/path/file", "C:\\file", 0, 3);

  curl_easy_cleanup(curlhandle);
  curl_global_cleanup();
--- a/docs/examples/getinfo.c
+++ b/docs/examples/getinfo.c
@@ -19,7 +19,7 @@ int main(void)
  curl = curl_easy_init();
  if(curl) {
    /* http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTURL */
-    curl_easy_setopt(curl, CURLOPT_URL, "curl.haxx.se");
+    curl_easy_setopt(curl, CURLOPT_URL, "http://www.example.com/");
    /* http://curl.haxx.se/libcurl/c/curl_easy_perform.html */
    res = curl_easy_perform(curl);

--- a/docs/examples/getinmemory.c
+++ b/docs/examples/getinmemory.c
@@ -8,8 +8,6 @@
 *
 * Example source code to show how the callback function can be used to
 * download data into a chunk of memory instead of storing it in a file.
- *
- * This exact source code has not been verified to work.
 */

 #include <stdio.h>
@@ -17,25 +15,12 @@
 #include <string.h>

 #include <curl/curl.h>
-#include <curl/types.h>
-#include <curl/easy.h>

 struct MemoryStruct {
  char *memory;
  size_t size;
 };

-static void *myrealloc(void *ptr, size_t size);
-
-static void *myrealloc(void *ptr, size_t size)
-{
-  /* There might be a realloc() out there that doesn't like reallocing
-     NULL pointers, so we take care of it here */
-  if(ptr)
-    return realloc(ptr, size);
-  else
-    return malloc(size);
-}

 static size_t
 WriteMemoryCallback(void *ptr, size_t size, size_t nmemb, void *data)
@@ -43,22 +28,28 @@ WriteMemoryCallback(void *ptr, size_t size, size_t nmemb, void *data)
  size_t realsize = size * nmemb;
  struct MemoryStruct *mem = (struct MemoryStruct *)data;

-  mem->memory = myrealloc(mem->memory, mem->size + realsize + 1);
-  if (mem->memory) {
-    memcpy(&(mem->memory[mem->size]), ptr, realsize);
-    mem->size += realsize;
-    mem->memory[mem->size] = 0;
+  mem->memory = realloc(mem->memory, mem->size + realsize + 1);
+  if (mem->memory == NULL) {
+    /* out of memory! */
+    printf("not enough memory (realloc returned NULL)\n");
+    exit(EXIT_FAILURE);
  }
+
+  memcpy(&(mem->memory[mem->size]), ptr, realsize);
+  mem->size += realsize;
+  mem->memory[mem->size] = 0;
+
  return realsize;
 }

+
 int main(int argc, char **argv)
 {
  CURL *curl_handle;

  struct MemoryStruct chunk;

-  chunk.memory=NULL; /* we expect realloc(NULL, size) to work */
+  chunk.memory = malloc(1);  /* will be grown as needed by the realloc above */
  chunk.size = 0;    /* no data at this point */

  curl_global_init(CURL_GLOBAL_ALL);
@@ -67,7 +58,7 @@ int main(int argc, char **argv)
  curl_handle = curl_easy_init();

  /* specify URL to get */
-  curl_easy_setopt(curl_handle, CURLOPT_URL, "http://cool.haxx.se/");
+  curl_easy_setopt(curl_handle, CURLOPT_URL, "http://www.example.com/");

  /* send all data to this function  */
  curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, WriteMemoryCallback);
@@ -96,6 +87,8 @@ int main(int argc, char **argv)
   * you're done with it, you should free() it as a nice application.
   */

+  printf("%lu bytes retrieved\n", chunk.size);
+
  if(chunk.memory)
    free(chunk.memory);

--- a/docs/examples/ghiper.c
+++ b/docs/examples/ghiper.c
@@ -58,10 +58,7 @@ callback.
 typedef struct _GlobalInfo {
  CURLM *multi;
  guint timer_event;
-  int prev_running;
  int still_running;
-  int requested; /* count: curl_easy_init() */
-  int completed; /* count: curl_easy_cleanup() */
 } GlobalInfo;


@@ -95,7 +92,6 @@ static void mcode_or_die(const char *where, CURLMcode code) {
    const char *s;
    switch (code) {
      case     CURLM_CALL_MULTI_PERFORM: s="CURLM_CALL_MULTI_PERFORM"; break;
-      case     CURLM_OK:                 s="CURLM_OK";                 break;
      case     CURLM_BAD_HANDLE:         s="CURLM_BAD_HANDLE";         break;
      case     CURLM_BAD_EASY_HANDLE:    s="CURLM_BAD_EASY_HANDLE";    break;
      case     CURLM_OUT_OF_MEMORY:      s="CURLM_OUT_OF_MEMORY";      break;
@@ -113,62 +109,43 @@ static void mcode_or_die(const char *where, CURLMcode code) {


 /* Check for completed transfers, and remove their easy handles */
-static void check_run_count(GlobalInfo *g)
+static void check_multi_info(GlobalInfo *g)
 {
-  if (g->prev_running > g->still_running) {
-    char *eff_url=NULL;
-    CURLMsg *msg;
-    int msgs_left;
-    ConnInfo *conn=NULL;
-    CURL*easy;
-    CURLcode res;
+  char *eff_url;
+  CURLMsg *msg;
+  int msgs_left;
+  ConnInfo *conn;
+  CURL *easy;
+  CURLcode res;

-    MSG_OUT("REMAINING: %d\n", g->still_running);
-    /*
-      I am still uncertain whether it is safe to remove an easy handle
-      from inside the curl_multi_info_read loop, so here I will search
-      for completed transfers in the inner "while" loop, and then remove
-      them in the outer "do-while" loop...
-   */
-    do {
-      easy=NULL;
-      while ((msg = curl_multi_info_read(g->multi, &msgs_left))) {
-        if (msg->msg == CURLMSG_DONE) {
-          easy=msg->easy_handle;
-          res=msg->data.result;
-          break;
-        }
-      }
-      if (easy) {
-          curl_easy_getinfo(easy, CURLINFO_PRIVATE, &conn);
-          curl_easy_getinfo(easy, CURLINFO_EFFECTIVE_URL, &eff_url);
-          MSG_OUT("DONE: %s => (%d) %s\n", eff_url, res, conn->error);
-          curl_multi_remove_handle(g->multi, easy);
-          g_free(conn->url);
-          curl_easy_cleanup(easy);
-          g_free(conn);
-          g->completed++;
-      }
-    } while ( easy );
-    MSG_OUT("Requested: %d Completed:%d\n", g->requested, g->completed);
+  MSG_OUT("REMAINING: %d\n", g->still_running);
+  while ((msg = curl_multi_info_read(g->multi, &msgs_left))) {
+    if (msg->msg == CURLMSG_DONE) {
+      easy = msg->easy_handle;
+      res = msg->data.result;
+      curl_easy_getinfo(easy, CURLINFO_PRIVATE, &conn);
+      curl_easy_getinfo(easy, CURLINFO_EFFECTIVE_URL, &eff_url);
+      MSG_OUT("DONE: %s => (%d) %s\n", eff_url, res, conn->error);
+      curl_multi_remove_handle(g->multi, easy);
+      free(conn->url);
+      curl_easy_cleanup(easy);
+      free(conn);
+    }
  }
-  g->prev_running = g->still_running;
 }



-
 /* Called by glib when our timeout expires */
 static gboolean timer_cb(gpointer data)
 {
  GlobalInfo *g = (GlobalInfo *)data;
  CURLMcode rc;

-  do {
-    rc = curl_multi_socket(g->multi, CURL_SOCKET_TIMEOUT, &g->still_running);
-  } while (rc == CURLM_CALL_MULTI_PERFORM);
-  mcode_or_die("timer_cb: curl_multi_socket", rc);
-  check_run_count(g);
+  rc = curl_multi_socket_action(g->multi,
+                                  CURL_SOCKET_TIMEOUT, 0, &g->still_running);
+  mcode_or_die("timer_cb: curl_multi_socket_action", rc);
+  check_multi_info(g);
  return FALSE;
 }

@@ -198,11 +175,15 @@ static gboolean event_cb(GIOChannel *ch, GIOCondition condition, gpointer data)
  GlobalInfo *g = (GlobalInfo*) data;
  CURLMcode rc;
  int fd=g_io_channel_unix_get_fd(ch);
-  do {
-    rc = curl_multi_socket(g->multi, fd, &g->still_running);
-  } while (rc == CURLM_CALL_MULTI_PERFORM);
-  mcode_or_die("event_cb: curl_multi_socket", rc);
-  check_run_count(g);
+
+  int action =
+    (condition & G_IO_IN ? CURL_CSELECT_IN : 0) |
+    (condition & G_IO_OUT ? CURL_CSELECT_OUT : 0);
+
+  rc = curl_multi_socket_action(g->multi, fd, action, &g->still_running);
+  mcode_or_die("event_cb: curl_multi_socket_action", rc);
+
+  check_multi_info(g);
  if(g->still_running) {
    return TRUE;
  } else {
@@ -338,12 +319,9 @@ static void new_conn(char *url, GlobalInfo *g )
  MSG_OUT("Adding easy %p to multi %p (%s)\n", conn->easy, g->multi, url);
  rc =curl_multi_add_handle(g->multi, conn->easy);
  mcode_or_die("new_conn: curl_multi_add_handle", rc);
-  g->requested++;
-  do {
-    rc = curl_multi_socket_all(g->multi, &g->still_running);
-  } while (CURLM_CALL_MULTI_PERFORM == rc);
-  mcode_or_die("new_conn: curl_multi_socket_all", rc);
-  check_run_count(g);
+
+  /* note that the add_handle() will set a time-out to trigger very soon so
+     that the necessary socket_action() call will be called by this app */
 }


@@ -451,9 +429,10 @@ int main(int argc, char **argv)
  curl_multi_setopt(g->multi, CURLMOPT_SOCKETDATA, g);
  curl_multi_setopt(g->multi, CURLMOPT_TIMERFUNCTION, update_timeout_cb);
  curl_multi_setopt(g->multi, CURLMOPT_TIMERDATA, g);
-  do {
-    rc = curl_multi_socket_all(g->multi, &g->still_running);
-  } while (CURLM_CALL_MULTI_PERFORM == rc);
+
+  /* we don't call any curl_multi_socket*() function yet as we have no handles
+     added! */
+
  g_main_loop_run(gmain);
  curl_multi_cleanup(g->multi);
  return 0;
--- a/docs/examples/hiperfifo.c
+++ b/docs/examples/hiperfifo.c
@@ -62,7 +62,6 @@ typedef struct _GlobalInfo {
  struct event fifo_event;
  struct event timer_event;
  CURLM *multi;
-  int prev_running;
  int still_running;
  FILE* input;
 } GlobalInfo;
@@ -110,7 +109,6 @@ static void mcode_or_die(const char *where, CURLMcode code)
    const char *s;
    switch (code) {
      case     CURLM_CALL_MULTI_PERFORM: s="CURLM_CALL_MULTI_PERFORM"; break;
-      case     CURLM_OK:                 s="CURLM_OK";                 break;
      case     CURLM_BAD_HANDLE:         s="CURLM_BAD_HANDLE";         break;
      case     CURLM_BAD_EASY_HANDLE:    s="CURLM_BAD_EASY_HANDLE";    break;
      case     CURLM_OUT_OF_MEMORY:      s="CURLM_OUT_OF_MEMORY";      break;
@@ -132,44 +130,29 @@ static void mcode_or_die(const char *where, CURLMcode code)


 /* Check for completed transfers, and remove their easy handles */
-static void check_run_count(GlobalInfo *g)
+static void check_multi_info(GlobalInfo *g)
 {
-  if (g->prev_running > g->still_running) {
-    char *eff_url=NULL;
-    CURLMsg *msg;
-    int msgs_left;
-    ConnInfo *conn=NULL;
-    CURL*easy;
-    CURLcode res;
+  char *eff_url;
+  CURLMsg *msg;
+  int msgs_left;
+  ConnInfo *conn;
+  CURL *easy;
+  CURLcode res;

-    fprintf(MSG_OUT, "REMAINING: %d\n", g->still_running);
-    /*
-      I am still uncertain whether it is safe to remove an easy handle
-      from inside the curl_multi_info_read loop, so here I will search
-      for completed transfers in the inner "while" loop, and then remove
-      them in the outer "do-while" loop...
-   */
-    do {
-      easy=NULL;
-      while ((msg = curl_multi_info_read(g->multi, &msgs_left))) {
-        if (msg->msg == CURLMSG_DONE) {
-          easy=msg->easy_handle;
-          res=msg->data.result;
-          break;
-        }
-      }
-      if (easy) {
-          curl_easy_getinfo(easy, CURLINFO_PRIVATE, &conn);
-          curl_easy_getinfo(easy, CURLINFO_EFFECTIVE_URL, &eff_url);
-          fprintf(MSG_OUT, "DONE: %s => (%d) %s\n", eff_url, res, conn->error);
-          curl_multi_remove_handle(g->multi, easy);
-          free(conn->url);
-          curl_easy_cleanup(easy);
-          free(conn);
-      }
-    } while ( easy );
+  fprintf(MSG_OUT, "REMAINING: %d\n", g->still_running);
+  while ((msg = curl_multi_info_read(g->multi, &msgs_left))) {
+    if (msg->msg == CURLMSG_DONE) {
+      easy = msg->easy_handle;
+      res = msg->data.result;
+      curl_easy_getinfo(easy, CURLINFO_PRIVATE, &conn);
+      curl_easy_getinfo(easy, CURLINFO_EFFECTIVE_URL, &eff_url);
+      fprintf(MSG_OUT, "DONE: %s => (%d) %s\n", eff_url, res, conn->error);
+      curl_multi_remove_handle(g->multi, easy);
+      free(conn->url);
+      curl_easy_cleanup(easy);
+      free(conn);
+    }
  }
-  g->prev_running = g->still_running;
 }


@@ -181,16 +164,13 @@ static void event_cb(int fd, short kind, void *userp)
  CURLMcode rc;

  int action =
-    (kind&EV_READ?CURL_CSELECT_IN:0)|
-    (kind&EV_WRITE?CURL_CSELECT_OUT:0);
-
-  do {
-    rc = curl_multi_socket_action(g->multi, fd, action, &g->still_running);
-  } while (rc == CURLM_CALL_MULTI_PERFORM);
+    (kind & EV_READ ? CURL_CSELECT_IN : 0) |
+    (kind & EV_WRITE ? CURL_CSELECT_OUT : 0);

+  rc = curl_multi_socket_action(g->multi, fd, action, &g->still_running);
  mcode_or_die("event_cb: curl_multi_socket_action", rc);

-  check_run_count(g);
+  check_multi_info(g);
  if ( g->still_running <= 0 ) {
    fprintf(MSG_OUT, "last transfer done, kill timeout\n");
    if (evtimer_pending(&g->timer_event, NULL)) {
@@ -209,12 +189,10 @@ static void timer_cb(int fd, short kind, void *userp)
  (void)fd;
  (void)kind;

-  do {
-    rc = curl_multi_socket_action(g->multi,
+  rc = curl_multi_socket_action(g->multi,
                                  CURL_SOCKET_TIMEOUT, 0, &g->still_running);
-  } while (rc == CURLM_CALL_MULTI_PERFORM);
  mcode_or_die("timer_cb: curl_multi_socket_action", rc);
-  check_run_count(g);
+  check_multi_info(g);
 }


@@ -340,7 +318,7 @@ static void new_conn(char *url, GlobalInfo *g )
  curl_easy_setopt(conn->easy, CURLOPT_PROGRESSDATA, conn);
  fprintf(MSG_OUT,
          "Adding easy %p to multi %p (%s)\n", conn->easy, g->multi, url);
-  rc =curl_multi_add_handle(g->multi, conn->easy);
+  rc = curl_multi_add_handle(g->multi, conn->easy);
  mcode_or_die("new_conn: curl_multi_add_handle", rc);

  /* note that the add_handle() will set a time-out to trigger very soon so
--- a/docs/examples/https.c
+++ b/docs/examples/https.c
@@ -17,7 +17,7 @@ int main(void)

  curl = curl_easy_init();
  if(curl) {
-    curl_easy_setopt(curl, CURLOPT_URL, "https://sourceforge.net/");
+    curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");

 #ifdef SKIP_PEER_VERIFICATION
    /*
--- a/docs/examples/multi-app.c
+++ b/docs/examples/multi-app.c
@@ -43,9 +43,9 @@ int main(int argc, char **argv)
      handles[i] = curl_easy_init();

  /* set the options (I left out a few, you'll get the point anyway) */
-  curl_easy_setopt(handles[HTTP_HANDLE], CURLOPT_URL, "http://website.com");
+  curl_easy_setopt(handles[HTTP_HANDLE], CURLOPT_URL, "http://example.com");

-  curl_easy_setopt(handles[FTP_HANDLE], CURLOPT_URL, "ftp://ftpsite.com");
+  curl_easy_setopt(handles[FTP_HANDLE], CURLOPT_URL, "ftp://example.com");
  curl_easy_setopt(handles[FTP_HANDLE], CURLOPT_UPLOAD, 1L);

  /* init a multi stack */
@@ -56,8 +56,7 @@ int main(int argc, char **argv)
      curl_multi_add_handle(multi_handle, handles[i]);

  /* we start some action by calling perform right away */
-  while(CURLM_CALL_MULTI_PERFORM ==
-        curl_multi_perform(multi_handle, &still_running));
+  curl_multi_perform(multi_handle, &still_running);

  while(still_running) {
    struct timeval timeout;
@@ -108,8 +107,7 @@ int main(int argc, char **argv)
    default:
      /* one or more of curl's file descriptors say there's data to read
         or write */
-      while(CURLM_CALL_MULTI_PERFORM ==
-            curl_multi_perform(multi_handle, &still_running));
+      curl_multi_perform(multi_handle, &still_running);
      break;
    }
  }
--- a/docs/examples/multi-debugcallback.c
+++ b/docs/examples/multi-debugcallback.c
@@ -118,7 +118,7 @@ int main(int argc, char **argv)
  http_handle = curl_easy_init();

  /* set the options (I left out a few, you'll get the point anyway) */
-  curl_easy_setopt(http_handle, CURLOPT_URL, "http://www.haxx.se/");
+  curl_easy_setopt(http_handle, CURLOPT_URL, "http://www.example.com/");

  curl_easy_setopt(http_handle, CURLOPT_DEBUGFUNCTION, my_trace);
  curl_easy_setopt(http_handle, CURLOPT_VERBOSE, 1L);
@@ -130,8 +130,7 @@ int main(int argc, char **argv)
  curl_multi_add_handle(multi_handle, http_handle);

  /* we start some action by calling perform right away */
-  while(CURLM_CALL_MULTI_PERFORM ==
-        curl_multi_perform(multi_handle, &still_running));
+  curl_multi_perform(multi_handle, &still_running);

  while(still_running) {
    struct timeval timeout;
@@ -181,8 +180,7 @@ int main(int argc, char **argv)
    case 0:
    default:
      /* timeout or readable/writable sockets */
-      while(CURLM_CALL_MULTI_PERFORM ==
-            curl_multi_perform(multi_handle, &still_running));
+      curl_multi_perform(multi_handle, &still_running);
      break;
    }
  }
--- a/docs/examples/multi-double.c
+++ b/docs/examples/multi-double.c
@@ -34,7 +34,7 @@ int main(int argc, char **argv)
  http_handle2 = curl_easy_init();

  /* set options */
-  curl_easy_setopt(http_handle, CURLOPT_URL, "http://www.haxx.se/");
+  curl_easy_setopt(http_handle, CURLOPT_URL, "http://www.example.com/");

  /* set options */
  curl_easy_setopt(http_handle2, CURLOPT_URL, "http://localhost/");
@@ -47,8 +47,7 @@ int main(int argc, char **argv)
  curl_multi_add_handle(multi_handle, http_handle2);

  /* we start some action by calling perform right away */
-  while(CURLM_CALL_MULTI_PERFORM ==
-        curl_multi_perform(multi_handle, &still_running));
+  curl_multi_perform(multi_handle, &still_running);

  while(still_running) {
    struct timeval timeout;
@@ -96,8 +95,7 @@ int main(int argc, char **argv)
    case 0:
    default:
      /* timeout or readable/writable sockets */
-      while(CURLM_CALL_MULTI_PERFORM ==
-            curl_multi_perform(multi_handle, &still_running));
+      curl_multi_perform(multi_handle, &still_running);
      break;
    }
  }
--- a/docs/examples/multi-post.c
+++ b/docs/examples/multi-post.c
@@ -58,8 +58,7 @@ int main(int argc, char *argv[])
  if(curl && multi_handle) {

    /* what URL that receives this POST */
-    curl_easy_setopt(curl, CURLOPT_URL,
-                     "http://www.fillinyoururl.com/upload.cgi");
+    curl_easy_setopt(curl, CURLOPT_URL, "http://www.example.com/upload.cgi");
    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);

    curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headerlist);
@@ -67,8 +66,7 @@ int main(int argc, char *argv[])

    curl_multi_add_handle(multi_handle, curl);

-    while(CURLM_CALL_MULTI_PERFORM ==
-          curl_multi_perform(multi_handle, &still_running));
+    curl_multi_perform(multi_handle, &still_running);

    while(still_running) {
      struct timeval timeout;
@@ -118,8 +116,7 @@ int main(int argc, char *argv[])
      default:
        /* timeout or readable/writable sockets */
        printf("perform!\n");
-        while(CURLM_CALL_MULTI_PERFORM ==
-              curl_multi_perform(multi_handle, &still_running));
+        curl_multi_perform(multi_handle, &still_running);
        printf("running: %d!\n", still_running);
        break;
      }
--- a/docs/examples/multi-single.c
+++ b/docs/examples/multi-single.c
@@ -32,7 +32,7 @@ int main(int argc, char **argv)
  http_handle = curl_easy_init();

  /* set the options (I left out a few, you'll get the point anyway) */
-  curl_easy_setopt(http_handle, CURLOPT_URL, "http://www.haxx.se/");
+  curl_easy_setopt(http_handle, CURLOPT_URL, "http://www.example.com/");

  /* init a multi stack */
  multi_handle = curl_multi_init();
@@ -41,8 +41,7 @@ int main(int argc, char **argv)
  curl_multi_add_handle(multi_handle, http_handle);

  /* we start some action by calling perform right away */
-  while(CURLM_CALL_MULTI_PERFORM ==
-        curl_multi_perform(multi_handle, &still_running));
+  curl_multi_perform(multi_handle, &still_running);

  while(still_running) {
    struct timeval timeout;
@@ -92,8 +91,7 @@ int main(int argc, char **argv)
    case 0:
    default:
      /* timeout or readable/writable sockets */
-      while(CURLM_CALL_MULTI_PERFORM ==
-            curl_multi_perform(multi_handle, &still_running));
+      curl_multi_perform(multi_handle, &still_running);
      break;
    }
  }
--- a/docs/examples/persistant.c
+++ b/docs/examples/persistant.c
@@ -24,12 +24,12 @@ int main(int argc, char **argv)
    curl_easy_setopt(curl, CURLOPT_HEADER, 1L);

    /* get the first document */
-    curl_easy_setopt(curl, CURLOPT_URL, "http://curl.haxx.se/");
+    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/");
    res = curl_easy_perform(curl);

    /* get another document from the same server using the same
       connection */
-    curl_easy_setopt(curl, CURLOPT_URL, "http://curl.haxx.se/docs/");
+    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/docs/");
    res = curl_easy_perform(curl);

    /* always cleanup */
--- a/docs/examples/post-callback.c
+++ b/docs/examples/post-callback.c
@@ -51,8 +51,8 @@ int main(void)
  curl = curl_easy_init();
  if(curl) {
    /* First set the URL that is about to receive our POST. */
-    curl_easy_setopt(curl, CURLOPT_URL,
-                     "http://receivingsite.com.pooh/index.cgi");
+    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/index.cgi");
+
    /* Now specify we want to POST data */
    curl_easy_setopt(curl, CURLOPT_POST, 1L);

--- a/docs/examples/postit2.c
+++ b/docs/examples/postit2.c
@@ -67,7 +67,7 @@ int main(int argc, char *argv[])
  headerlist = curl_slist_append(headerlist, buf);
  if(curl) {
    /* what URL that receives this POST */
-    curl_easy_setopt(curl, CURLOPT_URL, "http://curl.haxx.se/examplepost.cgi");
+    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/examplepost.cgi");
    if ( (argc == 2) && (!strcmp(argv[1], "noexpectheader")) )
      /* only disable 100-continue header if explicitly requested */
      curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headerlist);
--- a/docs/examples/sampleconv.c
+++ b/docs/examples/sampleconv.c
@@ -75,7 +75,7 @@ int main(void)

  curl = curl_easy_init();
  if(curl) {
-    curl_easy_setopt(curl, CURLOPT_URL, "curl.haxx.se");
+    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");

    /* use platform-specific functions for codeset conversions */
    curl_easy_setopt(curl, CURLOPT_CONV_FROM_NETWORK_FUNCTION,
--- a/docs/examples/sendrecv.c
+++ b/docs/examples/sendrecv.c
@@ -48,13 +48,13 @@ int main(void)
  CURL *curl;
  CURLcode res;
  /* Minimalistic http request */
-  const char *request = "GET / HTTP/1.0\r\nHost: curl.haxx.se\r\n\r\n";
+  const char *request = "GET / HTTP/1.0\r\nHost: example.com\r\n\r\n";
  int sockfd; /* socket */
  size_t iolen;

  curl = curl_easy_init();
  if(curl) {
-    curl_easy_setopt(curl, CURLOPT_URL, "curl.haxx.se");
+    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
    /* Do not do the transfer - only connect to host */
    curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 1L);
    res = curl_easy_perform(curl);
--- a/docs/examples/sepheaders.c
+++ b/docs/examples/sepheaders.c
@@ -35,7 +35,7 @@ int main(int argc, char **argv)
  curl_handle = curl_easy_init();

  /* set URL to get */
-  curl_easy_setopt(curl_handle, CURLOPT_URL, "http://curl.haxx.se");
+  curl_easy_setopt(curl_handle, CURLOPT_URL, "http://example.com");

  /* no progress meter please */
  curl_easy_setopt(curl_handle, CURLOPT_NOPROGRESS, 1L);
--- a/docs/examples/simple.c
+++ b/docs/examples/simple.c
@@ -17,7 +17,7 @@ int main(void)

  curl = curl_easy_init();
  if(curl) {
-    curl_easy_setopt(curl, CURLOPT_URL, "curl.haxx.se");
+    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
    res = curl_easy_perform(curl);

    /* always cleanup */
--- a/docs/examples/simplepost.c
+++ b/docs/examples/simplepost.c
@@ -20,7 +20,7 @@ int main(void)

  curl = curl_easy_init();
  if(curl) {
-    curl_easy_setopt(curl, CURLOPT_URL, "http://posthere.com");
+    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
    curl_easy_setopt(curl, CURLOPT_POSTFIELDS, postthis);

    /* if we don't provide POSTFIELDSIZE, libcurl will strlen() by
--- a/docs/examples/threaded-ssl.c
+++ b/docs/examples/threaded-ssl.c
@@ -91,10 +91,10 @@ void init_locks(void)

 /* List of URLs to fetch.*/
 const char * const urls[]= {
-  "https://www.sf.net/",
-  "https://www.openssl.org/",
-  "https://www.sf.net/",
-  "https://www.openssl.org/",
+  "https://www.example.com/",
+  "https://www2.example.com/",
+  "https://www3.example.com/",
+  "https://www4.example.com/",
 };

 static void *pull_one_url(void *url)
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -1259,9 +1259,15 @@ A parameter set to 1 tells the library to just list the names of files in a
 directory, instead of doing a full directory listing that would include file
 sizes, dates etc. This works for FTP and SFTP URLs.

-This causes an FTP NLST command to be sent on an FTP server.  Beware
-that some FTP servers list only files in their response to NLST; they
-might not include subdirectories and symbolic links.
+This causes an FTP NLST command to be sent on an FTP server.  Beware that some
+FTP servers list only files in their response to NLST; they might not include
+subdirectories and symbolic links.
+
+Setting this option to 1 also implies a directory listing even if the URL
+doesn't end with a slash, which otherwise is necessary.
+
+Do NOT use this option if you also use \fICURLOPT_WILDCARDMATCH\fP as it will
+effectively break that feature then.

 (This option was known as CURLOPT_FTPLISTONLY up to 7.16.4)
 .IP CURLOPT_APPEND
@@ -1539,6 +1545,10 @@ want the transfer to start from. Set this option to 0 to make the transfer
 start from the beginning (effectively disabling resume). For FTP, set this
 option to -1 to make the transfer start from the end of the target file
 (useful to continue an interrupted upload).
+
+When doing uploads with FTP, the resume position is where in the local/source
+file libcurl should try to resume the upload from and it will then append the
+source file to the remote target file.
 .IP CURLOPT_RESUME_FROM_LARGE
 Pass a curl_off_t as parameter. It contains the offset in number of bytes that
 you want the transfer to start from. (Added in 7.11.0)
--- a/docs/libcurl/libcurl-tutorial.3
+++ b/docs/libcurl/libcurl-tutorial.3
@@ -275,6 +275,10 @@ NSS

 is claimed to be thread-safe already without anything required.

+PolarSSL
+
+ Required actions unknown.
+
 yassl

 Required actions unknown.
@@ -1233,6 +1237,15 @@ are used to generate structured data. Characters like embedded carriage
 returns or ampersands could allow the user to create additional headers or
 fields that could cause malicious transactions.

+.IP "Server-supplied Names"
+A server can supply data which the application may, in some cases, use as
+a file name. The curl command-line tool does this with --remote-header-name,
+using the Content-disposition: header to generate a file name.  An application
+could also use CURLINFO_EFFECTIVE_URL to generate a file name from a
+server-supplied redirect URL. Special care must be taken to sanitize such
+names to avoid the possibility of a malicious server supplying one like
+"/etc/passwd", "\autoexec.bat" or even ".bashrc".
+
 .IP "Server Certificates"
 A secure application should never use the CURLOPT_SSL_VERIFYPEER option to
 disable certificate validation. There are numerous attacks that are enabled
--- a/docs/libcurl/libcurl.m4
+++ b/docs/libcurl/libcurl.m4
@@ -61,7 +61,7 @@ AC_DEFUN([LIBCURL_CHECK_CONFIG],
  AH_TEMPLATE([LIBCURL_PROTOCOL_SMTP],[Defined if libcurl supports SMTP])

  AC_ARG_WITH(libcurl,
-     AC_HELP_STRING([--with-libcurl=DIR],[look for the curl library in DIR]),
+     AC_HELP_STRING([--with-libcurl=PREFIX],[look for the curl library in PREFIX/lib and headers in PREFIX/include]),
     [_libcurl_with=$withval],[_libcurl_with=ifelse([$1],,[yes],[$1])])

  if test "$_libcurl_with" != "no" ; then
@@ -75,10 +75,10 @@ AC_DEFUN([LIBCURL_CHECK_CONFIG],
     if test -d "$_libcurl_with" ; then
        LIBCURL_CPPFLAGS="-I$withval/include"
        _libcurl_ldflags="-L$withval/lib"
-        AC_PATH_PROG([_libcurl_config],[curl-config],["$withval/bin"],
+        AC_PATH_PROG([_libcurl_config],[curl-config],[],
                     ["$withval/bin"])
     else
-        AC_PATH_PROG([_libcurl_config],[curl-config])
+        AC_PATH_PROG([_libcurl_config],[curl-config],[],[$PATH])
     fi

     if test x$_libcurl_config != "x" ; then
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -722,6 +722,7 @@ typedef enum {
 #define CURLPROTO_RTMPTE (1<<22)
 #define CURLPROTO_RTMPS  (1<<23)
 #define CURLPROTO_RTMPTS (1<<24)
+#define CURLPROTO_GOPHER (1<<25)
 #define CURLPROTO_ALL    (~0) /* enable everything */

 /* long may be 32 or 64 bits, but we should never depend on anything else
--- a/include/curl/curlver.h
+++ b/include/curl/curlver.h
@@ -30,13 +30,13 @@

 /* This is the version number of the libcurl package from which this header
   file origins: */
-#define LIBCURL_VERSION "7.21.1-DEV"
+#define LIBCURL_VERSION "7.21.2-DEV"

 /* The numeric version number is also available "in parts" by using these
   defines: */
 #define LIBCURL_VERSION_MAJOR 7
 #define LIBCURL_VERSION_MINOR 21
-#define LIBCURL_VERSION_PATCH 1
+#define LIBCURL_VERSION_PATCH 2

 /* This is the numeric version of the libcurl version number, meant for easier
   parsing and comparions by programs. The LIBCURL_VERSION_NUM define will
@@ -53,7 +53,7 @@
   and it is always a greater number in a more recent release. It makes
   comparisons with greater than and less than work.
 */
-#define LIBCURL_VERSION_NUM 0x071501
+#define LIBCURL_VERSION_NUM 0x071502

 /*
 * This is the date and time when the full source package was created. The
--- a/include/curl/typecheck-gcc.h
+++ b/include/curl/typecheck-gcc.h
@@ -25,11 +25,16 @@
 /* wraps curl_easy_setopt() with typechecking */

 /* To add a new kind of warning, add an
- *   if(_curl_is_sometype_option(_curl_opt) && ! _curl_is_sometype(value))
- *     _curl_easy_setopt_err_sometype();
+ *   if(_curl_is_sometype_option(_curl_opt))
+ *     if(!_curl_is_sometype(value))
+ *       _curl_easy_setopt_err_sometype();
 * block and define _curl_is_sometype_option, _curl_is_sometype and
 * _curl_easy_setopt_err_sometype below
 *
+ * NOTE: We use two nested 'if' statements here instead of the && operator, in
+ *       order to work around gcc bug #32061.  It affects only gcc 4.3.x/4.4.x
+ *       when compiling with -Wlogical-op.
+ *
 * To add an option that uses the same type as an existing option, you'll just
 * need to extend the appropriate _curl_*_option macro
 */
@@ -37,51 +42,66 @@
 __extension__ ({                                                              \
  __typeof__ (option) _curl_opt = option;                                     \
  if (__builtin_constant_p(_curl_opt)) {                                      \
-    if (_curl_is_long_option(_curl_opt) && !_curl_is_long(value))             \
-      _curl_easy_setopt_err_long();                                           \
-    if (_curl_is_off_t_option(_curl_opt) && !_curl_is_off_t(value))           \
-      _curl_easy_setopt_err_curl_off_t();                                     \
-    if (_curl_is_string_option(_curl_opt) && !_curl_is_string(value))         \
-      _curl_easy_setopt_err_string();                                         \
-    if (_curl_is_write_cb_option(_curl_opt) && !_curl_is_write_cb(value))     \
-      _curl_easy_setopt_err_write_callback();                                 \
-    if ((_curl_opt) == CURLOPT_READFUNCTION && !_curl_is_read_cb(value))      \
-      _curl_easy_setopt_err_read_cb();                                        \
-    if ((_curl_opt) == CURLOPT_IOCTLFUNCTION && !_curl_is_ioctl_cb(value))    \
-      _curl_easy_setopt_err_ioctl_cb();                                       \
-    if ((_curl_opt) == CURLOPT_SOCKOPTFUNCTION && !_curl_is_sockopt_cb(value))\
-      _curl_easy_setopt_err_sockopt_cb();                                     \
-    if ((_curl_opt) == CURLOPT_OPENSOCKETFUNCTION &&                          \
-            !_curl_is_opensocket_cb(value))                                   \
-      _curl_easy_setopt_err_opensocket_cb();                                  \
-    if ((_curl_opt) == CURLOPT_PROGRESSFUNCTION &&                            \
-            !_curl_is_progress_cb(value))                                     \
-      _curl_easy_setopt_err_progress_cb();                                    \
-    if ((_curl_opt) == CURLOPT_DEBUGFUNCTION && !_curl_is_debug_cb(value))    \
-      _curl_easy_setopt_err_debug_cb();                                       \
-    if ((_curl_opt) == CURLOPT_SSL_CTX_FUNCTION &&                            \
-            !_curl_is_ssl_ctx_cb(value))                                      \
-      _curl_easy_setopt_err_ssl_ctx_cb();                                     \
-    if (_curl_is_conv_cb_option(_curl_opt) && !_curl_is_conv_cb(value))       \
-      _curl_easy_setopt_err_conv_cb();                                        \
-    if ((_curl_opt) == CURLOPT_SEEKFUNCTION && !_curl_is_seek_cb(value))      \
-      _curl_easy_setopt_err_seek_cb();                                        \
-    if (_curl_is_cb_data_option(_curl_opt) && !_curl_is_cb_data(value))       \
-      _curl_easy_setopt_err_cb_data();                                        \
-    if ((_curl_opt) == CURLOPT_ERRORBUFFER && !_curl_is_error_buffer(value))  \
-      _curl_easy_setopt_err_error_buffer();                                   \
-    if ((_curl_opt) == CURLOPT_STDERR && !_curl_is_FILE(value))               \
-      _curl_easy_setopt_err_FILE();                                           \
-    if (_curl_is_postfields_option(_curl_opt) && !_curl_is_postfields(value)) \
-      _curl_easy_setopt_err_postfields();                                     \
-    if ((_curl_opt) == CURLOPT_HTTPPOST &&                                    \
-            !_curl_is_arr((value), struct curl_httppost))                     \
-      _curl_easy_setopt_err_curl_httpost();                                   \
-    if (_curl_is_slist_option(_curl_opt) &&                                   \
-            !_curl_is_arr((value), struct curl_slist))                        \
-      _curl_easy_setopt_err_curl_slist();                                     \
-    if ((_curl_opt) == CURLOPT_SHARE && !_curl_is_ptr((value), CURLSH))       \
-      _curl_easy_setopt_err_CURLSH();                                         \
+    if (_curl_is_long_option(_curl_opt))                                      \
+      if (!_curl_is_long(value))                                              \
+        _curl_easy_setopt_err_long();                                         \
+    if (_curl_is_off_t_option(_curl_opt))                                     \
+      if (!_curl_is_off_t(value))                                             \
+        _curl_easy_setopt_err_curl_off_t();                                   \
+    if (_curl_is_string_option(_curl_opt))                                    \
+      if (!_curl_is_string(value))                                            \
+        _curl_easy_setopt_err_string();                                       \
+    if (_curl_is_write_cb_option(_curl_opt))                                  \
+      if (!_curl_is_write_cb(value))                                          \
+        _curl_easy_setopt_err_write_callback();                               \
+    if ((_curl_opt) == CURLOPT_READFUNCTION)                                  \
+      if (!_curl_is_read_cb(value))                                           \
+        _curl_easy_setopt_err_read_cb();                                      \
+    if ((_curl_opt) == CURLOPT_IOCTLFUNCTION)                                 \
+      if (!_curl_is_ioctl_cb(value))                                          \
+        _curl_easy_setopt_err_ioctl_cb();                                     \
+    if ((_curl_opt) == CURLOPT_SOCKOPTFUNCTION)                               \
+      if (!_curl_is_sockopt_cb(value))                                        \
+        _curl_easy_setopt_err_sockopt_cb();                                   \
+    if ((_curl_opt) == CURLOPT_OPENSOCKETFUNCTION)                            \
+      if (!_curl_is_opensocket_cb(value))                                     \
+        _curl_easy_setopt_err_opensocket_cb();                                \
+    if ((_curl_opt) == CURLOPT_PROGRESSFUNCTION)                              \
+      if (!_curl_is_progress_cb(value))                                       \
+        _curl_easy_setopt_err_progress_cb();                                  \
+    if ((_curl_opt) == CURLOPT_DEBUGFUNCTION)                                 \
+      if (!_curl_is_debug_cb(value))                                          \
+        _curl_easy_setopt_err_debug_cb();                                     \
+    if ((_curl_opt) == CURLOPT_SSL_CTX_FUNCTION)                              \
+      if (!_curl_is_ssl_ctx_cb(value))                                        \
+        _curl_easy_setopt_err_ssl_ctx_cb();                                   \
+    if (_curl_is_conv_cb_option(_curl_opt))                                   \
+      if (!_curl_is_conv_cb(value))                                           \
+        _curl_easy_setopt_err_conv_cb();                                      \
+    if ((_curl_opt) == CURLOPT_SEEKFUNCTION)                                  \
+      if (!_curl_is_seek_cb(value))                                           \
+        _curl_easy_setopt_err_seek_cb();                                      \
+    if (_curl_is_cb_data_option(_curl_opt))                                   \
+      if (!_curl_is_cb_data(value))                                           \
+        _curl_easy_setopt_err_cb_data();                                      \
+    if ((_curl_opt) == CURLOPT_ERRORBUFFER)                                   \
+      if (!_curl_is_error_buffer(value))                                      \
+        _curl_easy_setopt_err_error_buffer();                                 \
+    if ((_curl_opt) == CURLOPT_STDERR)                                        \
+      if (!_curl_is_FILE(value))                                              \
+        _curl_easy_setopt_err_FILE();                                         \
+    if (_curl_is_postfields_option(_curl_opt))                                \
+      if (!_curl_is_postfields(value))                                        \
+        _curl_easy_setopt_err_postfields();                                   \
+    if ((_curl_opt) == CURLOPT_HTTPPOST)                                      \
+      if (!_curl_is_arr((value), struct curl_httppost))                       \
+        _curl_easy_setopt_err_curl_httpost();                                 \
+    if (_curl_is_slist_option(_curl_opt))                                     \
+      if (!_curl_is_arr((value), struct curl_slist))                          \
+        _curl_easy_setopt_err_curl_slist();                                   \
+    if ((_curl_opt) == CURLOPT_SHARE)                                         \
+      if (!_curl_is_ptr((value), CURLSH))                                     \
+        _curl_easy_setopt_err_CURLSH();                                       \
  }                                                                           \
  curl_easy_setopt(handle, _curl_opt, value);                                 \
 })
@@ -92,15 +112,18 @@ __extension__ ({                                                              \
 __extension__ ({                                                              \
  __typeof__ (info) _curl_info = info;                                        \
  if (__builtin_constant_p(_curl_info)) {                                     \
-    if (_curl_is_string_info(_curl_info) && !_curl_is_arr((arg), char *))     \
-      _curl_easy_getinfo_err_string();                                        \
-    if (_curl_is_long_info(_curl_info) && !_curl_is_arr((arg), long))         \
-      _curl_easy_getinfo_err_long();                                          \
-    if (_curl_is_double_info(_curl_info) && !_curl_is_arr((arg), double))     \
-      _curl_easy_getinfo_err_double();                                        \
-    if (_curl_is_slist_info(_curl_info) &&                                    \
-           !_curl_is_arr((arg), struct curl_slist *))                         \
-      _curl_easy_getinfo_err_curl_slist();                                    \
+    if (_curl_is_string_info(_curl_info))                                     \
+      if (!_curl_is_arr((arg), char *))                                       \
+        _curl_easy_getinfo_err_string();                                      \
+    if (_curl_is_long_info(_curl_info))                                       \
+      if (!_curl_is_arr((arg), long))                                         \
+        _curl_easy_getinfo_err_long();                                        \
+    if (_curl_is_double_info(_curl_info))                                     \
+      if (!_curl_is_arr((arg), double))                                       \
+        _curl_easy_getinfo_err_double();                                      \
+    if (_curl_is_slist_info(_curl_info))                                      \
+      if (!_curl_is_arr((arg), struct curl_slist *))                          \
+        _curl_easy_getinfo_err_curl_slist();                                  \
  }                                                                           \
  curl_easy_getinfo(handle, _curl_info, arg);                                 \
 })
--- a/lib/Makefile.Watcom
+++ b/lib/Makefile.Watcom
@@ -34,12 +34,12 @@ RC = wrc
 !endif

 !if $(__VERSION__) < 1250                                                                                                           
-RM = del /q /f >NUL 2>&1
+RM = del /q /f 2>NUL
 !else                                                                                                                               
 RM = rm -f                                                                                                                          
 !endif
 MD = mkdir
-RD = rmdir /q /s >NUL 2>&1
+RD = rmdir /q /s 2>NUL
 CP = copy

 CFLAGS = -3r -mf -hc -zff -zgf -zq -zm -zc -s -fr=con -w2 -fpi -oilrtfm &
@@ -57,6 +57,10 @@ CFLAGS += -d0
 CFLAGS += -d_WIN32_WINNT=0x0501 -dENABLE_IPV6
 !endif

+!ifdef %use_sspi
+CFLAGS += -dUSE_WINDOWS_SSPI
+!endif
+
 #
 # Change to suite.
 #
@@ -66,6 +70,18 @@ ZLIB_ROOT = $(%zlib_root)
 ZLIB_ROOT = ..\..\zlib-1.2.5
 !endif

+!ifdef %libssh2_root
+LIBSSH2_ROOT = $(%libssh2_root)
+!else
+LIBSSH2_ROOT = ..\..\libssh2-1.2.7
+!endif
+
+!ifdef %librtmp_root
+LIBRTMP_ROOT = $(%librtmp_root)
+!else
+LIBRTMP_ROOT = ..\..\librtmp-2.3
+!endif
+
 !ifdef %openssl_root
 OPENSSL_ROOT = $(%openssl_root)
 !else
@@ -82,6 +98,14 @@ ARES_ROOT = ..\ares
 CFLAGS += -dHAVE_ZLIB_H -dHAVE_LIBZ -I$(ZLIB_ROOT)
 !endif

+!ifdef %use_rtmp
+CFLAGS += -dUSE_LIBRTMP -I$(LIBRTMP_ROOT)
+!endif
+
+!ifdef %use_ssh2
+CFLAGS += -DUSE_LIBSSH2 -DHAVE_LIBSSH2_H -I$(LIBSSH2_ROOT)\include -I$(LIBSSH2_ROOT)\win32
+!endif
+
 !ifdef %use_ssl
 CFLAGS += -wcd=138 -dUSE_OPENSSL -dUSE_SSLEAY -I$(OPENSSL_ROOT)\inc32
 !endif
@@ -128,7 +152,7 @@ clean: .SYMBOLIC
 	-$(RM) $(OBJS_DYN)
 	-$(RM) $(RESOURCE) $(LINK_ARG) $(LIB_ARG)

-vclean realclean: clean .SYMBOLIC
+vclean distclean: clean .SYMBOLIC
 	-$(RM) $(TARGETS) $(LIBNAME).map $(LIBNAME).sym
 	-$(RD) $(OBJ_BASE)\stat
 	-$(RD) $(OBJ_BASE)\dyn
@@ -179,6 +203,12 @@ $(LINK_ARG): $(__MAKEFILES__)
 !ifdef %use_zlib
 	@%append $^@ library $(ZLIB_ROOT)\zlib.lib
 !endif
+!ifdef %use_rtmp
+	@%append $^@ library $(LIBRTMP_ROOT)\librtmp\librtmp.lib
+!endif
+!ifdef %use_ssh2
+	@%append $^@ library $(LIBSSH2_ROOT)\win32\libssh2.lib
+!endif
 !ifdef %use_ssl
 	@%append $^@ library $(OPENSSL_ROOT)\out32\libeay32.lib, $(OPENSSL_ROOT)\out32\ssleay32.lib
 !endif
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -37,7 +37,8 @@ EXTRA_DIST = Makefile.b32 Makefile.m32 Makefile.vc6 Makefile.riscos $(DSP) \
 Makefile.netware nwlib.c nwos.c libcurl.imp msvcproj.head msvcproj.foot   \
 config-win32ce.h config-os400.h setup-os400.h config-symbian.h		   \
 Makefile.Watcom config-tpf.h $(DOCS) $(VCPROJ) mk-ca-bundle.pl		   \
- firefox-db2pem.sh $(CMAKE_DIST) config-vxworks.h Makefile.vxworks
+ mk-ca-bundle.vbs firefox-db2pem.sh $(CMAKE_DIST) config-vxworks.h	   \
+ Makefile.vxworks

 CLEANFILES = $(DSP) $(VCPROJ)

--- a/lib/Makefile.inc
+++ b/lib/Makefile.inc
@@ -20,7 +20,8 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c	\
  strdup.c socks.c ssh.c nss.c qssl.c rawstr.c curl_addrinfo.c		\
  socks_gssapi.c socks_sspi.c curl_sspi.c slist.c nonblock.c		\
  curl_memrchr.c imap.c pop3.c smtp.c pingpong.c rtsp.c curl_threads.c	\
-  warnless.c hmac.c polarssl.c curl_rtmp.c openldap.c curl_gethostname.c
+  warnless.c hmac.c polarssl.c curl_rtmp.c openldap.c curl_gethostname.c\
+  gopher.c

 HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h	\
  progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h	\
@@ -34,5 +35,6 @@ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h	\
  tftp.h sockaddr.h splay.h strdup.h setup_once.h socks.h ssh.h nssg.h	\
  curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h	\
  curl_memrchr.h imap.h pop3.h smtp.h pingpong.h rtsp.h curl_threads.h	\
-  warnless.h curl_hmac.h polarssl.h curl_rtmp.h curl_gethostname.h
+  warnless.h curl_hmac.h polarssl.h curl_rtmp.h curl_gethostname.h      \
+  gopher.h

--- a/lib/Makefile.m32
+++ b/lib/Makefile.m32
@@ -4,7 +4,7 @@
 ## and optionally OpenSSL (0.9.8), libssh2 (1.2), zlib (1.2.5)
 ##
 ## Usage:
-## mingw32-make -f Makefile.m32 [SSL=1] [SSH2=1] [ZLIB=1] [IDN=1] [SSPI=1] [IPV6=1] [LDAPS=1] [DYN=1]
+## mingw32-make -f Makefile.m32 [SSL=1] [SSH2=1] [ZLIB=1] [IDN=1] [SSPI=1] [IPV6=1] [LDAPS=1] [RTMP=1] [DYN=1]
 ##
 ## Hint: you can also set environment vars to control the build, f.e.:
 ## set ZLIB_PATH=c:/zlib-1.2.5
@@ -24,12 +24,16 @@ OPENSSL_PATH = ../../openssl-0.9.8o
 endif
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../libssh2-1.2.6
+LIBSSH2_PATH = ../../libssh2-1.2.7
 endif
 # Edit the path below to point to the base of your libidn package.
 ifndef LIBIDN_PATH
 LIBIDN_PATH = ../../libidn-1.18
 endif
+# Edit the path below to point to the base of your librtmp package.
+ifndef LIBRTMP_PATH
+LIBRTMP_PATH = ../../librtmp-2.3
+endif
 # Edit the path below to point to the base of your Novell LDAP NDK.
 ifndef LDAP_SDK
 LDAP_SDK = c:/novell/ndk/cldapsdk/win32
@@ -47,7 +51,7 @@ LDFLAGS = -s
 RANLIB = ranlib
 RC = windres
 RCFLAGS = --include-dir=../include -DDEBUGBUILD=0 -O COFF -i
-RM = del /q /f > NUL 2>&1
+RM = del /q /f 2>NUL
 STRIP = strip -g

 ########################################################
@@ -61,6 +65,11 @@ ifdef ARES
  DLL_LIBS += -L$(LIBCARES_PATH) -lcares
  libcurl_dll_DEPENDENCIES = $(LIBCARES_PATH)/libcares.a
 endif
+ifdef RTMP
+  INCLUDES += -I"$(LIBRTMP_PATH)"
+  CFLAGS += -DUSE_LIBRTMP
+  DLL_LIBS += -L"$(LIBRTMP_PATH)/librtmp" -lrtmp -lwinmm
+endif
 ifdef SSH2
  INCLUDES += -I"$(LIBSSH2_PATH)/include" -I"$(LIBSSH2_PATH)/win32"
  CFLAGS += -DUSE_LIBSSH2 -DHAVE_LIBSSH2_H
@@ -148,7 +157,7 @@ $(libcurl_dll_LIBRARY): $(libcurl_a_OBJECTS) $(RESOURCE) $(libcurl_dll_DEPENDENC
 clean:
 	-$(RM) $(libcurl_a_OBJECTS) $(RESOURCE)

-distrib: clean
+distclean vclean: clean
 	-$(RM) $(libcurl_a_LIBRARY) $(libcurl_dll_LIBRARY) $(libcurl_dll_a_LIBRARY)

 FORCE: ;
@@ -156,4 +165,3 @@ FORCE: ;
 $(LIBCARES_PATH)/libcares.a:
 	$(MAKE) -C $(LIBCARES_PATH) -f Makefile.m32

-
--- a/lib/Makefile.netware
+++ b/lib/Makefile.netware
@@ -24,7 +24,7 @@ endif

 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../libssh2-1.2.6
+LIBSSH2_PATH = ../../libssh2-1.2.7
 endif

 # Edit the path below to point to the base of your libidn package.
@@ -32,6 +32,11 @@ ifndef LIBIDN_PATH
 LIBIDN_PATH = ../../libidn-1.18
 endif

+# Edit the path below to point to the base of your librtmp package.
+ifndef LIBRTMP_PATH
+LIBRTMP_PATH = ../../librtmp-2.3
+endif
+
 # Edit the path below to point to the base of your c-ares package.
 ifndef LIBCARES_PATH
 LIBCARES_PATH = ../ares
@@ -84,14 +89,13 @@ else
 	CC = gcc
 endif
 PERL	= perl
-# a native win32 awk can be downloaded from here:
+# Here you can find a native Win32 binary of the original awk:
 # http://www.gknw.net/development/prgtools/awk-20070501.zip
 AWK	= awk
-YACC	= bison -y
 CP	= cp -afv
 MKDIR	= mkdir
 # RM	= rm -f
-# if you want to mark the target as MTSAFE you will need a tool for
+# If you want to mark the target as MTSAFE you will need a tool for
 # generating the xdc data for the linker; here's a minimal tool:
 # http://www.gknw.net/development/prgtools/mkxdc.zip
 MPKXDC	= mkxdc
@@ -117,13 +121,13 @@ CFLAGS	+= -relax_pointers
 #CFLAGS	+= -w on
 ifeq ($(LIBARCH),LIBC)
 ifeq ($(POSIXFL),1)
-	PRELUDE = $(SDK_LIBC)/imports/posixpre.o
+	PRELUDE = $(NDK_LIBC)/imports/posixpre.o
 else
-	PRELUDE = $(SDK_LIBC)/imports/libcpre.o
+	PRELUDE = $(NDK_LIBC)/imports/libcpre.o
 endif
 	CFLAGS += -align 4
 else
-	# PRELUDE = $(SDK_CLIB)/imports/clibpre.o
+	# PRELUDE = $(NDK_CLIB)/imports/clibpre.o
 	# to avoid the __init_* / __deinit_* whoes dont use prelude from NDK
 	PRELUDE = "$(MWCW_PATH)/libraries/runtime/prelude.obj"
 	# CFLAGS += -include "$(MWCW_PATH)/headers/nlm_clib_prefix.h"
@@ -140,12 +144,12 @@ CFLAGS	+= -fno-builtin -fpcc-struct-return -fno-strict-aliasing
 CFLAGS	+= -Wall # -pedantic
 ifeq ($(LIBARCH),LIBC)
 ifeq ($(POSIXFL),1)
-	PRELUDE = $(SDK_LIBC)/imports/posixpre.gcc.o
+	PRELUDE = $(NDK_LIBC)/imports/posixpre.gcc.o
 else
-	PRELUDE = $(SDK_LIBC)/imports/libcpre.gcc.o
+	PRELUDE = $(NDK_LIBC)/imports/libcpre.gcc.o
 endif
 else
-	PRELUDE = $(SDK_CLIB)/imports/clibpre.gcc.o
+	PRELUDE = $(NDK_CLIB)/imports/clibpre.gcc.o
 	# to avoid the __init_* / __deinit_* whoes dont use prelude from NDK
 	# http://www.gknw.net/development/mk_nlm/gcc_pre.zip
 	# PRELUDE = $(NDK_ROOT)/pre/prelude.o
@@ -154,9 +158,15 @@ endif
 endif

 NDK_ROOT = $(NDKBASE)/ndk
-SDK_CLIB = $(NDK_ROOT)/nwsdk
-SDK_LIBC = $(NDK_ROOT)/libc
-SDK_LDAP = $(NDK_ROOT)/cldapsdk/netware
+ifndef NDK_CLIB
+NDK_CLIB = $(NDK_ROOT)/nwsdk
+endif
+ifndef NDK_LIBC
+NDK_LIBC = $(NDK_ROOT)/libc
+endif
+ifndef NDK_LDAP
+NDK_LDAP = $(NDK_ROOT)/cldapsdk/netware
+endif
 CURL_INC = ../include
 CURL_LIB = ../lib

@@ -175,6 +185,10 @@ else
 	IMPORTS += @$(LIBSSH2_PATH)/nw/libssh2.imp
 endif
 endif
+ifdef WITH_RTMP
+	INCLUDES += -I$(LIBRTMP_PATH)
+	LDLIBS += $(LIBRTMP_PATH)/librtmp/librtmp.$(LIBEXT)
+endif
 ifdef WITH_SSL
 	INCLUDES += -I$(OPENSSL_PATH)/outinc_nw_$(LIBARCH_L)
 	LDLIBS += $(OPENSSL_PATH)/out_nw_$(LIBARCH_L)/ssl.$(LIBEXT)
@@ -197,17 +211,17 @@ ifdef WITH_IDN
 endif

 ifeq ($(LIBARCH),LIBC)
-	INCLUDES += -I$(SDK_LIBC)/include
-	# INCLUDES += -I$(SDK_LIBC)/include/nks
-	# INCLUDES += -I$(SDK_LIBC)/include/winsock
+	INCLUDES += -I$(NDK_LIBC)/include
+	# INCLUDES += -I$(NDK_LIBC)/include/nks
+	# INCLUDES += -I$(NDK_LIBC)/include/winsock
 	CFLAGS += -D_POSIX_SOURCE
 else
-	INCLUDES += -I$(SDK_CLIB)/include/nlm
-	# INCLUDES += -I$(SDK_CLIB)/include/nlm/obsolete
-	# INCLUDES += -I$(SDK_CLIB)/include
+	INCLUDES += -I$(NDK_CLIB)/include/nlm
+	# INCLUDES += -I$(NDK_CLIB)/include/nlm/obsolete
+	# INCLUDES += -I$(NDK_CLIB)/include
 endif
 ifndef DISABLE_LDAP
-	INCLUDES += -I$(SDK_LDAP)/$(LIBARCH_L)/inc
+	INCLUDES += -I$(NDK_LDAP)/$(LIBARCH_L)/inc
 endif
 CFLAGS	+= $(INCLUDES)

@@ -269,7 +283,7 @@ clean:
 	-$(RM) curl_config.h
 	-$(RM) -r $(OBJDIR)

-distclean: clean
+distclean vclean: clean
 	-$(RM) $(TARGET).$(LIBEXT) $(TARGET).nlm
 	-$(RM) certdata.txt ca-bundle.crt

@@ -323,15 +337,15 @@ endif
 ifeq ($(LIBARCH),CLIB)
 	@echo $(DL)start _Prelude$(DL) >> $@
 	@echo $(DL)exit _Stop$(DL) >> $@
-	@echo $(DL)import @$(SDK_CLIB)/imports/clib.imp$(DL) >> $@
-	@echo $(DL)import @$(SDK_CLIB)/imports/threads.imp$(DL) >> $@
-	@echo $(DL)import @$(SDK_CLIB)/imports/nlmlib.imp$(DL) >> $@
-	@echo $(DL)import @$(SDK_CLIB)/imports/socklib.imp$(DL) >> $@
+	@echo $(DL)import @$(NDK_CLIB)/imports/clib.imp$(DL) >> $@
+	@echo $(DL)import @$(NDK_CLIB)/imports/threads.imp$(DL) >> $@
+	@echo $(DL)import @$(NDK_CLIB)/imports/nlmlib.imp$(DL) >> $@
+	@echo $(DL)import @$(NDK_CLIB)/imports/socklib.imp$(DL) >> $@
 	@echo $(DL)module clib$(DL) >> $@
 ifndef DISABLE_LDAP
-	@echo $(DL)import @$(SDK_LDAP)/clib/imports/ldapsdk.imp$(DL) >> $@
-	@echo $(DL)import @$(SDK_LDAP)/clib/imports/ldapssl.imp$(DL) >> $@
-#	@echo $(DL)import @$(SDK_LDAP)/clib/imports/ldapx.imp$(DL) >> $@
+	@echo $(DL)import @$(NDK_LDAP)/clib/imports/ldapsdk.imp$(DL) >> $@
+	@echo $(DL)import @$(NDK_LDAP)/clib/imports/ldapssl.imp$(DL) >> $@
+#	@echo $(DL)import @$(NDK_LDAP)/clib/imports/ldapx.imp$(DL) >> $@
 	@echo $(DL)module ldapsdk ldapssl$(DL) >> $@
 endif
 else
@@ -348,13 +362,13 @@ else
 	@echo $(DL)exit _LibCPostlude$(DL) >> $@
 	@echo $(DL)check _LibCCheckUnload$(DL) >> $@
 endif
-	@echo $(DL)import @$(SDK_LIBC)/imports/libc.imp$(DL) >> $@
-	@echo $(DL)import @$(SDK_LIBC)/imports/netware.imp$(DL) >> $@
+	@echo $(DL)import @$(NDK_LIBC)/imports/libc.imp$(DL) >> $@
+	@echo $(DL)import @$(NDK_LIBC)/imports/netware.imp$(DL) >> $@
 	@echo $(DL)module libc$(DL) >> $@
 ifndef DISABLE_LDAP
-	@echo $(DL)import @$(SDK_LDAP)/libc/imports/lldapsdk.imp$(DL) >> $@
-	@echo $(DL)import @$(SDK_LDAP)/libc/imports/lldapssl.imp$(DL) >> $@
-#	@echo $(DL)import @$(SDK_LDAP)/libc/imports/lldapx.imp$(DL) >> $@
+	@echo $(DL)import @$(NDK_LDAP)/libc/imports/lldapsdk.imp$(DL) >> $@
+	@echo $(DL)import @$(NDK_LDAP)/libc/imports/lldapssl.imp$(DL) >> $@
+#	@echo $(DL)import @$(NDK_LDAP)/libc/imports/lldapx.imp$(DL) >> $@
 	@echo $(DL)module lldapsdk lldapssl$(DL) >> $@
 endif
 endif
@@ -425,13 +439,6 @@ else
 	@echo $(DL)#define HAVE_SYS_PARAM_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_SYS_SELECT_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_TERMIOS_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_AF_INET6 1$(DL) >> $@
-	@echo $(DL)#define HAVE_PF_INET6 1$(DL) >> $@
-	@echo $(DL)#define HAVE_FREEADDRINFO 1$(DL) >> $@
-	@echo $(DL)#define HAVE_GETADDRINFO 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRUCT_IN6_ADDR 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRUCT_SOCKADDR_IN6 1$(DL) >> $@
 	@echo $(DL)#define RECV_TYPE_ARG1 int$(DL) >> $@
 	@echo $(DL)#define RECV_TYPE_ARG2 void *$(DL) >> $@
 	@echo $(DL)#define RECV_TYPE_ARG3 size_t$(DL) >> $@
@@ -451,11 +458,19 @@ else
 	@echo $(DL)#define SEND_TYPE_ARG3 size_t$(DL) >> $@
 	@echo $(DL)#define SEND_TYPE_ARG4 int$(DL) >> $@
 	@echo $(DL)#define SEND_TYPE_RETV ssize_t$(DL) >> $@
-	@echo $(DL)#define SIZEOF_STRUCT_IN6_ADDR 16$(DL) >> $@
 	@echo $(DL)#define SIZEOF_OFF_T 8$(DL) >> $@
 	@echo $(DL)#define _LARGEFILE 1$(DL) >> $@
 ifdef ENABLE_IPV6
 	@echo $(DL)#define ENABLE_IPV6 1$(DL) >> $@
+	@echo $(DL)#define HAVE_AF_INET6 1$(DL) >> $@
+	@echo $(DL)#define HAVE_PF_INET6 1$(DL) >> $@
+	@echo $(DL)#define HAVE_FREEADDRINFO 1$(DL) >> $@
+	@echo $(DL)#define HAVE_GETADDRINFO 1$(DL) >> $@
+	@echo $(DL)#define HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRUCT_ADDRINFO 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRUCT_IN6_ADDR 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRUCT_SOCKADDR_IN6 1$(DL) >> $@
+	@echo $(DL)#define SIZEOF_STRUCT_IN6_ADDR 16$(DL) >> $@
 endif
 endif
 	@echo $(DL)#define USE_MANUAL 1$(DL) >> $@
@@ -491,7 +506,6 @@ endif
 	@echo $(DL)#define HAVE_STRFTIME 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRING_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRSTR 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRUCT_ADDRINFO 1$(DL) >> $@
 	@echo $(DL)#define HAVE_STRUCT_TIMEVAL 1$(DL) >> $@
 	@echo $(DL)#define HAVE_SYS_IOCTL_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_SYS_STAT_H 1$(DL) >> $@
@@ -555,6 +569,9 @@ endif
 ifdef WITH_IDN
 	@echo $(DL)#define HAVE_LIBIDN 1$(DL) >> $@
 	@echo $(DL)#define HAVE_TLD_H 1$(DL) >> $@
+endif
+ifdef WITH_RTMP
+	@echo $(DL)#define USE_LIBRTMP 1$(DL) >> $@
 endif
 	@echo $(DL)#ifdef __GNUC__$(DL) >> $@
 	@echo $(DL)#define HAVE_VARIADIC_MACROS_GCC 1$(DL) >> $@
--- a/lib/Makefile.riscos
+++ b/lib/Makefile.riscos
@@ -3,7 +3,7 @@
 # Project objects:
 objs =	o.base64 o.connect o.cookie o.dict \
 	o.dllinit o.easy o.escape o.file \
-	o.formdata o.ftp o.getenv \
+	o.formdata o.ftp o.getenv o.gopher \
 	o.getinfo o.getpass o.hostip \
 	o.hostip4 o.hostsyn o.http \
 	o.http_chunks o.inet_ntop o.inet_pton o.if2ip o.krb4 o.ldap \
@@ -84,6 +84,9 @@ o.getinfo:	c.getinfo
 o.getpass:	c.getpass
 		gcc $(compileropts) -c -o getpass.o c.getpass

+o.gopher:	c.gopher
+		gcc $(compileropts) -c -o gopher.o c.gopher
+
 o.hmac:		c.hmac
 		gcc $(compileropts) -c -o hmac.o c.hmac

--- a/lib/Makefile.vc6
+++ b/lib/Makefile.vc6
@@ -471,6 +471,7 @@ X_OBJS= \
 	$(DIROBJ)\getenv.obj \
 	$(DIROBJ)\getinfo.obj \
 	$(DIROBJ)\gtls.obj \
+	$(DIROBJ)\gopher.obj \
 	$(DIROBJ)\hash.obj \
 	$(DIROBJ)\hmac.obj \
 	$(DIROBJ)\hostares.obj \
--- a/lib/README.ares
+++ b/lib/README.ares
@@ -11,7 +11,7 @@ c-ares:
  http://c-ares.haxx.se/

 NOTE
-  The latest libcurl version requires c-ares 1.4.0 or later.
+  The latest libcurl version requires c-ares 1.6.0 or later.

  Once upon the time libcurl built fine with the "original" ares. That is no
  longer true. You need to use c-ares.
--- a/lib/connect.c
+++ b/lib/connect.c
@@ -174,6 +174,9 @@ long Curl_timeleft(struct connectdata *conn,

  /* substract elapsed time */
  timeout_ms -= Curl_tvdiff(*nowp, data->progress.t_startsingle);
+  if(!timeout_ms)
+    /* avoid returning 0 as that means no timeout! */
+    return -1;

  return timeout_ms;
 }
@@ -627,6 +630,7 @@ CURLcode Curl_is_connected(struct connectdata *conn,
  CURLcode code = CURLE_OK;
  curl_socket_t sockfd = conn->sock[sockindex];
  long allow = DEFAULT_CONNECT_TIMEOUT;
+  int error = 0;

  DEBUGASSERT(sockindex >= FIRSTSOCKET && sockindex <= SECONDARYSOCKET);

@@ -634,13 +638,6 @@ CURLcode Curl_is_connected(struct connectdata *conn,

  if(conn->bits.tcpconnect) {
    /* we are connected already! */
-    long allow_total = 0;
-
-    /* subtract the most strict timeout of the ones */
-    if(data->set.timeout)
-      allow_total = data->set.timeout;
-
-    Curl_expire(data, allow_total);
    *connected = TRUE;
    return CURLE_OK;
  }
@@ -654,13 +651,13 @@ CURLcode Curl_is_connected(struct connectdata *conn,
    return CURLE_OPERATION_TIMEDOUT;
  }

-  Curl_expire(data, allow);
-
  /* check for connect without timeout as we want to return immediately */
  rc = waitconnect(conn, sockfd, 0);
+  if(WAITCONN_TIMEOUT == rc)
+    /* not an error, but also no connection yet */
+    return code;

  if(WAITCONN_CONNECTED == rc) {
-    int error;
    if(verifyconnect(sockfd, &error)) {
      /* we are connected, awesome! */
      conn->bits.tcpconnect = TRUE;
@@ -672,38 +669,34 @@ CURLcode Curl_is_connected(struct connectdata *conn,
      return CURLE_OK;
    }
    /* nope, not connected for real */
-    data->state.os_errno = error;
-    infof(data, "Connection failed\n");
-    code = trynextip(conn, sockindex, connected);
-    if(code)
-      failf(data, "Failed connect to %s:%ld; %s",
-            conn->host.name, conn->port, Curl_strerror(conn, error));
  }
-  else if(WAITCONN_TIMEOUT != rc) {
-    int error = 0;
-
+  else {
    /* nope, not connected  */
    if(WAITCONN_FDSET_ERROR == rc) {
      (void)verifyconnect(sockfd, &error);
-      data->state.os_errno = error;
-      infof(data, "%s\n",Curl_strerror(conn,error));
+      infof(data, "%s\n",Curl_strerror(conn, error));
    }
    else
      infof(data, "Connection failed\n");
-
-    code = trynextip(conn, sockindex, connected);
-
-    if(code) {
-      error = SOCKERRNO;
-      data->state.os_errno = error;
-      failf(data, "Failed connect to %s:%ld; %s",
-            conn->host.name, conn->port, Curl_strerror(conn, error));
-    }
  }
+
  /*
-   * If the connection failed here, we should attempt to connect to the "next
-   * address" for the given host.
+   * The connection failed here, we should attempt to connect to the "next
+   * address" for the given host. But first remember the latest error.
   */
+  if(error) {
+    data->state.os_errno = error;
+    SET_SOCKERRNO(error);
+  }
+
+  code = trynextip(conn, sockindex, connected);
+
+  if(code) {
+    error = SOCKERRNO;
+    data->state.os_errno = error;
+    failf(data, "Failed connect to %s:%ld; %s",
+          conn->host.name, conn->port, Curl_strerror(conn, error));
+  }

  return code;
 }
@@ -1029,7 +1022,6 @@ CURLcode Curl_connecthost(struct connectdata *conn,  /* context */
    failf(data, "Connection time-out");
    return CURLE_OPERATION_TIMEDOUT;
  }
-  Curl_expire(data, timeout_ms);

  /* Max time for each address */
  num_addr = Curl_num_addresses(remotehost->addr);
@@ -1094,12 +1086,12 @@ CURLcode Curl_connecthost(struct connectdata *conn,  /* context */
 * Used to extract socket and connectdata struct for the most recent
 * transfer on the given SessionHandle.
 *
- * The socket 'long' will be -1 in case of failure!
+ * The returned socket will be CURL_SOCKET_BAD in case of failure!
 */
-CURLcode Curl_getconnectinfo(struct SessionHandle *data,
-                             long *param_longp,
-                             struct connectdata **connp)
+curl_socket_t Curl_getconnectinfo(struct SessionHandle *data,
+                                  struct connectdata **connp)
 {
+  curl_socket_t sockfd;
  if((data->state.lastconnect != -1) &&
     (data->state.connc->connects[data->state.lastconnect] != NULL)) {
    struct connectdata *c =
@@ -1107,13 +1099,13 @@ CURLcode Curl_getconnectinfo(struct SessionHandle *data,
    if(connp)
      /* only store this if the caller cares for it */
      *connp = c;
-    *param_longp = c->sock[FIRSTSOCKET];
+    sockfd = c->sock[FIRSTSOCKET];
    /* we have a socket connected, let's determine if the server shut down */
    /* determine if ssl */
    if(c->ssl[FIRSTSOCKET].use) {
      /* use the SSL context */
      if(!Curl_ssl_check_cxn(c))
-        *param_longp = -1;   /* FIN received */
+        return CURL_SOCKET_BAD;   /* FIN received */
    }
 /* Minix 3.1 doesn't support any flags on recv; just assume socket is OK */
 #ifdef MSG_PEEK
@@ -1122,13 +1114,13 @@ CURLcode Curl_getconnectinfo(struct SessionHandle *data,
      char buf;
      if(recv((RECV_TYPE_ARG1)c->sock[FIRSTSOCKET], (RECV_TYPE_ARG2)&buf,
              (RECV_TYPE_ARG3)1, (RECV_TYPE_ARG4)MSG_PEEK) == 0) {
-        *param_longp = -1;   /* FIN received */
+        return CURL_SOCKET_BAD;   /* FIN received */
      }
    }
 #endif
  }
  else
-    *param_longp = -1;
+    return CURL_SOCKET_BAD;

-  return CURLE_OK;
+  return sockfd;
 }
--- a/lib/connect.h
+++ b/lib/connect.h
@@ -47,11 +47,10 @@ long Curl_timeleft(struct connectdata *conn,
 * Used to extract socket and connectdata struct for the most recent
 * transfer on the given SessionHandle.
 *
- * The socket 'long' will be -1 in case of failure!
+ * The returned socket will be CURL_SOCKET_BAD in case of failure!
 */
-CURLcode Curl_getconnectinfo(struct SessionHandle *data,
-                             long *param_longp,
-                             struct connectdata **connp);
+curl_socket_t Curl_getconnectinfo(struct SessionHandle *data,
+                                  struct connectdata **connp);

 #ifdef WIN32
 /* When you run a program that uses the Windows Sockets API, you may
--- a/lib/content_encoding.c
+++ b/lib/content_encoding.c
@@ -123,7 +123,9 @@ inflate_stream(struct connectdata *conn,
      }

      /* Done with these bytes, exit */
-      if(status == Z_OK && z->avail_in == 0) {
+
+      /* status is always Z_OK at this point! */
+      if(z->avail_in == 0) {
        free(decomp);
        return result;
      }
--- a/lib/curl_sspi.c
+++ b/lib/curl_sspi.c
@@ -36,6 +36,9 @@
 #include "memdebug.h"


+/* We use our own typedef here since some headers might lack these */
+typedef PSecurityFunctionTableA (APIENTRY *INITSECURITYINTERFACE_FN_A)(VOID);
+
 /* Handle of security.dll or secur32.dll, depending on Windows version */
 HMODULE s_hSecDll = NULL;

@@ -59,7 +62,7 @@ CURLcode
 Curl_sspi_global_init(void)
 {
  OSVERSIONINFO osver;
-  INIT_SECURITY_INTERFACE_A pInitSecurityInterface;
+  INITSECURITYINTERFACE_FN_A pInitSecurityInterface;

  /* If security interface is not yet initialized try to do this */
  if(s_hSecDll == NULL) {
@@ -84,7 +87,7 @@ Curl_sspi_global_init(void)
      return CURLE_FAILED_INIT;

    /* Get address of the InitSecurityInterfaceA function from the SSPI dll */
-    pInitSecurityInterface = (INIT_SECURITY_INTERFACE_A)
+    pInitSecurityInterface = (INITSECURITYINTERFACE_FN_A)
      GetProcAddress(s_hSecDll, "InitSecurityInterfaceA");
    if(! pInitSecurityInterface)
      return CURLE_FAILED_INIT;
--- a/lib/easy.c
+++ b/lib/easy.c
@@ -700,8 +700,9 @@ CURL *curl_easy_duphandle(CURL *incurl)
    }

 #ifdef USE_ARES
-    /* If we use ares, we setup a new ares channel for the new handle */
-    if(ARES_SUCCESS != ares_init(&outcurl->state.areschannel))
+    /* If we use ares, we clone the ares channel for the new handle */
+    if(ARES_SUCCESS != ares_dup(&outcurl->state.areschannel,
+                                data->state.areschannel))
      break;
 #endif

@@ -1072,9 +1073,6 @@ static CURLcode easy_connection(struct SessionHandle *data,
                                curl_socket_t *sfd,
                                struct connectdata **connp)
 {
-  CURLcode ret;
-  long sockfd;
-
  if(data == NULL)
    return CURLE_BAD_FUNCTION_ARGUMENT;

@@ -1084,18 +1082,13 @@ static CURLcode easy_connection(struct SessionHandle *data,
    return CURLE_UNSUPPORTED_PROTOCOL;
  }

-  ret = Curl_getconnectinfo(data, &sockfd, connp);
-  if(ret != CURLE_OK)
-    return ret;
+  *sfd = Curl_getconnectinfo(data, connp);

-  if(sockfd == -1) {
+  if(*sfd == CURL_SOCKET_BAD) {
    failf(data, "Failed to get recent socket");
    return CURLE_UNSUPPORTED_PROTOCOL;
  }

-  *sfd = (curl_socket_t)sockfd; /* we know that this is actually a socket
-                                   descriptor so the typecast is fine here */
-
  return CURLE_OK;
 }

--- a/lib/escape.c
+++ b/lib/escape.c
@@ -43,8 +43,10 @@
 #include "memdebug.h"

 /* Portable character check (remember EBCDIC). Do not use isalnum() because
-its behavior is altered by the current locale. */
-static bool Curl_isalnum(unsigned char in)
+   its behavior is altered by the current locale.
+   See http://tools.ietf.org/html/rfc3986#section-2.3
+*/
+static bool Curl_isunreserved(unsigned char in)
 {
  switch (in) {
    case '0': case '1': case '2': case '3': case '4':
@@ -59,6 +61,7 @@ static bool Curl_isalnum(unsigned char in)
    case 'K': case 'L': case 'M': case 'N': case 'O':
    case 'P': case 'Q': case 'R': case 'S': case 'T':
    case 'U': case 'V': case 'W': case 'X': case 'Y': case 'Z':
+    case '-': case '.': case '_': case '~':
      return TRUE;
    default:
      break;
@@ -100,7 +103,7 @@ char *curl_easy_escape(CURL *handle, const char *string, int inlength)
  while(length--) {
    in = *string;

-    if (Curl_isalnum(in)) {
+    if (Curl_isunreserved(in)) {
      /* just copy this */
      ns[strindex++]=in;
    }
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -324,7 +324,7 @@ static CURLcode AllowServerConnect(struct connectdata *conn)
  for(;;) {
    timeout_ms = Curl_timeleft(conn, NULL, TRUE);

-    if(timeout_ms <= 0) {
+    if(timeout_ms < 0) {
      /* if a timeout was already reached, bail out */
      failf(data, "Timeout while waiting for server connect");
      return CURLE_OPERATION_TIMEDOUT;
@@ -2424,7 +2424,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
           set a valid level */
        Curl_sec_request_prot(conn, data->set.str[STRING_KRB_LEVEL]);

-        if(Curl_sec_login(conn) != 0)
+        if(Curl_sec_login(conn) != CURLE_OK)
          infof(data, "Logging in with password in cleartext!\n");
        else
          infof(data, "Authentication successful\n");
@@ -3076,10 +3076,6 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
  /* free the dir tree and file parts */
  freedirs(ftpc);

-#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
-  Curl_sec_fflush_fd(conn, conn->sock[SECONDARYSOCKET]);
-#endif
-
  /* shut down the socket to inform the server we're done */

 #ifdef _WIN32_WCE
@@ -3864,6 +3860,10 @@ static CURLcode ftp_disconnect(struct connectdata *conn)

  Curl_pp_disconnect(pp);

+#if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
+  Curl_sec_end(conn);
+#endif
+
  return CURLE_OK;
 }

--- a/lib/getinfo.c
+++ b/lib/getinfo.c
@@ -83,6 +83,7 @@ CURLcode Curl_getinfo(struct SessionHandle *data, CURLINFO info, ...)
  char **param_charp=NULL;
  struct curl_slist **param_slistp=NULL;
  int type;
+  curl_socket_t sockfd;

  union {
    struct curl_certinfo * to_certinfo;
@@ -219,7 +220,16 @@ CURLcode Curl_getinfo(struct SessionHandle *data, CURLINFO info, ...)
    *param_charp = data->state.most_recent_ftp_entrypath;
    break;
  case CURLINFO_LASTSOCKET:
-    (void)Curl_getconnectinfo(data, param_longp, NULL);
+    sockfd = Curl_getconnectinfo(data, NULL);
+
+    /* note: this is not a good conversion for systems with 64 bit sockets and
+       32 bit longs */
+    if(sockfd != CURL_SOCKET_BAD)
+      *param_longp = (long)sockfd;
+    else
+      /* this interface is documented to return -1 in case of badness, which
+         may not be the same as the CURL_SOCKET_BAD value */
+      *param_longp = -1;
    break;
  case CURLINFO_REDIRECT_URL:
    /* Return the URL this request would have been redirected to if that
--- a/lib/gopher.c
+++ b/lib/gopher.c
@@ -0,0 +1,208 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "setup.h"
+
+#ifndef CURL_DISABLE_GOPHER
+
+/* -- WIN32 approved -- */
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <ctype.h>
+
+#ifdef WIN32
+#include <time.h>
+#include <io.h>
+#else
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#include <netinet/in.h>
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <netdb.h>
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_NET_IF_H
+#include <net/if.h>
+#endif
+#ifdef HAVE_SYS_IOCTL_H
+#include <sys/ioctl.h>
+#endif
+
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+
+
+#endif
+
+#include "urldata.h"
+#include <curl/curl.h>
+#include "transfer.h"
+#include "sendf.h"
+
+#include "progress.h"
+#include "strequal.h"
+#include "gopher.h"
+#include "rawstr.h"
+#include "select.h"
+#include "url.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+
+/*
+ * Forward declarations.
+ */
+
+static CURLcode gopher_do(struct connectdata *conn, bool *done);
+
+/*
+ * Gopher protocol handler.
+ * This is also a nice simple template to build off for simple
+ * connect-command-download protocols.
+ */
+
+const struct Curl_handler Curl_handler_gopher = {
+  "GOPHER",                             /* scheme */
+  ZERO_NULL,                            /* setup_connection */
+  gopher_do,                            /* do_it */
+  ZERO_NULL,                            /* done */
+  ZERO_NULL,                            /* do_more */
+  ZERO_NULL,                            /* connect_it */
+  ZERO_NULL,                            /* connecting */
+  ZERO_NULL,                            /* doing */
+  ZERO_NULL,                            /* proto_getsock */
+  ZERO_NULL,                            /* doing_getsock */
+  ZERO_NULL,                            /* perform_getsock */
+  ZERO_NULL,                            /* disconnect */
+  PORT_GOPHER,                          /* defport */
+  PROT_GOPHER                           /* protocol */
+};
+
+static CURLcode gopher_do(struct connectdata *conn, bool *done)
+{
+  CURLcode result=CURLE_OK;
+  struct SessionHandle *data=conn->data;
+  curl_socket_t sockfd = conn->sock[FIRSTSOCKET];
+
+  curl_off_t *bytecount = &data->req.bytecount;
+  char *path = data->state.path;
+  char *sel;
+  char *sel_org = NULL;
+  ssize_t amount, k;
+
+  *done = TRUE; /* unconditionally */
+
+  /* Create selector. Degenerate cases: / and /1 => convert to "" */
+  if (strlen(path) <= 2)
+    sel = (char *)"";
+  else {
+    char *newp;
+    size_t j, i;
+    int len;
+
+    /* Otherwise, drop / and the first character (i.e., item type) ... */
+    newp = path;
+    newp+=2;
+
+    /* ... then turn ? into TAB for search servers, Veronica, etc. ... */
+    j = strlen(newp);
+    for(i=0; i<j; i++)
+      if(newp[i] == '?')
+        newp[i] = '\x09';
+
+    /* ... and finally unescape */
+    sel = curl_easy_unescape(data, newp, 0, &len);
+    if (!sel)
+      return CURLE_OUT_OF_MEMORY;
+    sel_org = sel;
+  }
+
+  /* We use Curl_write instead of Curl_sendf to make sure the entire buffer is
+     sent, which could be sizeable with long selectors. */
+  k = strlen(sel);
+
+  for(;;) {
+    result = Curl_write(conn, sockfd, sel, k, &amount);
+    if (CURLE_OK == result) { /* Which may not have written it all! */
+      result = Curl_client_write(conn, CLIENTWRITE_HEADER, sel, amount);
+      if(result) {
+        Curl_safefree(sel_org);
+        return result;
+      }
+      k -= amount;
+      sel += amount;
+      if (k < 1)
+        break; /* but it did write it all */
+    }
+    else {
+      failf(data, "Failed sending Gopher request");
+      Curl_safefree(sel_org);
+      return result;
+    }
+    /* Don't busyloop. The entire loop thing is a work-around as it causes a
+       BLOCKING behavior which is a NO-NO. This function should rather be
+       split up in a do and a doing piece where the pieces that aren't
+       possible to send now will be sent in the doing function repeatedly
+       until the entire request is sent.
+
+       Wait a while for the socket to be writable. Note that this doesn't
+       acknowledge the timeout.
+    */
+    Curl_socket_ready(CURL_SOCKET_BAD, sockfd, 100);
+  }
+
+  Curl_safefree(sel_org);
+
+  /* We can use Curl_sendf to send the terminal \r\n relatively safely and
+     save allocing another string/doing another _write loop. */
+  result = Curl_sendf(sockfd, conn, "\r\n");
+  if (result != CURLE_OK) {
+    failf(data, "Failed sending Gopher request");
+    return result;
+  }
+  result = Curl_client_write(conn, CLIENTWRITE_HEADER, (char *)"\r\n", 2);
+  if(result)
+    return result;
+
+  Curl_setup_transfer(conn, FIRSTSOCKET, -1, FALSE, bytecount,
+                      -1, NULL); /* no upload */
+  return CURLE_OK;
+}
+#endif /*CURL_DISABLE_GOPHER*/
--- a/lib/gopher.h
+++ b/lib/gopher.h
@@ -0,0 +1,29 @@
+#ifndef HEADER_CURL_GOPHER_H
+#define HEADER_CURL_GOPHER_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#ifndef CURL_DISABLE_GOPHER
+extern const struct Curl_handler Curl_handler_gopher;
+#endif
+
+#endif /* HEADER_CURL_GOPHER_H */
--- a/lib/hostthre.c
+++ b/lib/hostthre.c
@@ -419,8 +419,6 @@ CURLcode Curl_is_resolved(struct connectdata *conn,

  if (done) {
    getaddrinfo_complete(conn);
-    if (td->poll_interval != 0)
-        Curl_expire(conn->data, 0);
    Curl_destroy_thread_data(&conn->async);

    if(!conn->async.dns) {
@@ -431,29 +429,21 @@ CURLcode Curl_is_resolved(struct connectdata *conn,
    *entry = conn->async.dns;
  } else {
    /* poll for name lookup done with exponential backoff up to 250ms */
-    int elapsed;
-
-    elapsed = Curl_tvdiff(Curl_tvnow(), data->progress.t_startsingle);
-    if (elapsed < 0) {
+    int elapsed = Curl_tvdiff(Curl_tvnow(), data->progress.t_startsingle);
+    if (elapsed < 0)
      elapsed = 0;
-    }

-    if (td->poll_interval == 0) {
+    if (td->poll_interval == 0)
      /* Start at 1ms poll interval */
      td->poll_interval = 1;
-    } else if (elapsed >= td->interval_end) {
+    else if (elapsed >= td->interval_end)
      /* Back-off exponentially if last interval expired  */
      td->poll_interval *= 2;
-    }

    if (td->poll_interval > 250)
      td->poll_interval = 250;

    td->interval_end = elapsed + td->poll_interval;
-
-    /* Reset old timer so we can set a new one further in the future */
-    Curl_expire(conn->data, 0);
-
    Curl_expire(conn->data, td->poll_interval);
  }

--- a/lib/http.c
+++ b/lib/http.c
@@ -2894,6 +2894,8 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
        }
        if(result)
          return result;
+        /* Make sure the progress information is accurate */
+        Curl_pgrsSetUploadSize(data, postsize);
      }
      else {
        /* A huge POST coming up, do data separate from the request */
@@ -3291,13 +3293,6 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
      data->req.deductheadercount =
        (100 <= k->httpcode && 199 >= k->httpcode)?data->req.headerbytecount:0;

-      if(data->state.resume_from &&
-         (data->set.httpreq==HTTPREQ_GET) &&
-         (k->httpcode == 416)) {
-        /* "Requested Range Not Satisfiable" */
-        *stop_reading = TRUE;
-      }
-
      if(!*stop_reading) {
        /* Curl_http_auth_act() checks what authentication methods
         * that are available and decides which one (if any) to
@@ -3510,9 +3505,6 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
           * message-body, and thus is always terminated by the first
           * empty line after the header fields. */
          /* FALLTHROUGH */
-        case 416: /* Requested Range Not Satisfiable, it has the
-                     Content-Length: set as the "real" document but no
-                     actual response is sent. */
        case 304:
          /* (quote from RFC2616, section 10.3.5): The 304 response
           * MUST NOT contain a message-body, and thus is always
@@ -3544,10 +3536,7 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
    /* Curl_convert_from_network calls failf if unsuccessful */
 #endif /* CURL_DOES_CONVERSIONS */

-    /* Check for Content-Length: header lines to get size. Ignore
-       the header completely if we get a 416 response as then we're
-       resuming a document that we don't get, and this header contains
-       info about the true size of the document we didn't get now. */
+    /* Check for Content-Length: header lines to get size */
    if(!k->ignorecl && !data->set.ignorecl &&
       checkprefix("Content-Length:", k->p)) {
      curl_off_t contentlength = curlx_strtoofft(k->p+15, NULL, 10);
@@ -3645,20 +3634,6 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
      /* init our chunky engine */
      Curl_httpchunk_init(conn);
    }
-
-    else if(checkprefix("Trailer:", k->p) ||
-            checkprefix("Trailers:", k->p)) {
-      /*
-       * This test helps Curl_httpchunk_read() to determine to look
-       * for well formed trailers after the zero chunksize record. In
-       * this case a CRLF is required after the zero chunksize record
-       * when no trailers are sent, or after the last trailer record.
-       *
-       * It seems both Trailer: and Trailers: occur in the wild.
-       */
-      k->trailerhdrpresent = TRUE;
-    }
-
    else if(checkprefix("Content-Encoding:", k->p) &&
            data->set.str[STRING_ENCODING]) {
      /*
--- a/lib/http_chunks.c
+++ b/lib/http_chunks.c
@@ -184,22 +184,8 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
      if(*datap == 0x0a) {
        /* we're now expecting data to come, unless size was zero! */
        if(0 == ch->datasize) {
-          if(k->trailerhdrpresent!=TRUE) {
-            /* No Trailer: header found - revert to original Curl processing */
-            ch->state = CHUNK_STOPCR;
-
-            /* We need to increment the datap here since we bypass the
-               increment below with the immediate break */
-            length--;
-            datap++;
-
-            /* This is the final byte, continue to read the final CRLF */
-            break;
-          }
-          else {
-            ch->state = CHUNK_TRAILER; /* attempt to read trailers */
-            conn->trlPos=0;
-          }
+          ch->state = CHUNK_TRAILER; /* now check for trailers */
+          conn->trlPos=0;
        }
        else {
          ch->state = CHUNK_DATA;
@@ -280,9 +266,9 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
        datap++;
        length--;
      }
-      else {
+      else
        return CHUNKE_BAD_CHUNK;
-      }
+
      break;

    case CHUNK_POSTLF:
@@ -295,44 +281,76 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
        datap++;
        length--;
      }
-      else {
+      else
        return CHUNKE_BAD_CHUNK;
-      }

      break;

    case CHUNK_TRAILER:
-      /* conn->trailer is assumed to be freed in url.c on a
-         connection basis */
-      if(conn->trlPos >= conn->trlMax) {
-        /* in this logic we always allocate one byte more than trlMax
-           contains, just because CHUNK_TRAILER_POSTCR will append two bytes
-           so we need to make sure we have room for an extra byte */
-        char *ptr;
-        if(conn->trlMax) {
-          conn->trlMax *= 2;
-          ptr = realloc(conn->trailer, conn->trlMax + 1);
+      if(*datap == 0x0d) {
+        /* this is the end of a trailer, but if the trailer was zero bytes
+           there was no trailer and we move on */
+
+        if(conn->trlPos) {
+          /* we allocate trailer with 3 bytes extra room to fit this */
+          conn->trailer[conn->trlPos++]=0x0d;
+          conn->trailer[conn->trlPos++]=0x0a;
+          conn->trailer[conn->trlPos]=0;
+
+#ifdef CURL_DOES_CONVERSIONS
+          /* Convert to host encoding before calling Curl_client_write */
+          result = Curl_convert_from_network(conn->data,
+                                             conn->trailer,
+                                             conn->trlPos);
+          if(result != CURLE_OK)
+            /* Curl_convert_from_network calls failf if unsuccessful */
+            /* Treat it as a bad chunk */
+            return CHUNKE_BAD_CHUNK;
+
+#endif /* CURL_DOES_CONVERSIONS */
+          if(!data->set.http_te_skip) {
+            result = Curl_client_write(conn, CLIENTWRITE_HEADER,
+                                       conn->trailer, conn->trlPos);
+            if(result)
+              return CHUNKE_WRITE_ERROR;
+          }
+          conn->trlPos=0;
+          ch->state = CHUNK_TRAILER_CR;
        }
        else {
-          conn->trlMax=128;
-          ptr = malloc(conn->trlMax + 1);
+          /* no trailer, we're on the final CRLF pair */
+          ch->state = CHUNK_TRAILER_POSTCR;
+          break; /* don't advance the pointer */
        }
-        if(!ptr)
-          return CHUNKE_OUT_OF_MEMORY;
-        conn->trailer = ptr;
      }
-      conn->trailer[conn->trlPos++]=*datap;
-
-      if(*datap == 0x0d)
-        ch->state = CHUNK_TRAILER_CR;
      else {
-        datap++;
-        length--;
+        /* conn->trailer is assumed to be freed in url.c on a
+           connection basis */
+        if(conn->trlPos >= conn->trlMax) {
+          /* we always allocate three extra bytes, just because when the full
+             header has been received we append CRLF\0 */
+          char *ptr;
+          if(conn->trlMax) {
+            conn->trlMax *= 2;
+            ptr = realloc(conn->trailer, conn->trlMax + 3);
+          }
+          else {
+            conn->trlMax=128;
+            ptr = malloc(conn->trlMax + 3);
+          }
+          if(!ptr)
+            return CHUNKE_OUT_OF_MEMORY;
+          conn->trailer = ptr;
+        }
+        fprintf(stderr, "MOO: %c\n", *datap);
+        conn->trailer[conn->trlPos++]=*datap;
      }
+      datap++;
+      length--;
      break;

    case CHUNK_TRAILER_CR:
-      if(*datap == 0x0d) {
+      if(*datap == 0x0a) {
        ch->state = CHUNK_TRAILER_POSTCR;
        datap++;
        length--;
@@ -342,48 +360,17 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
      break;

    case CHUNK_TRAILER_POSTCR:
-      if(*datap == 0x0a) {
-        conn->trailer[conn->trlPos++]=0x0a;
-        conn->trailer[conn->trlPos]=0;
-        if(conn->trlPos==2) {
-          ch->state = CHUNK_STOP;
-          length--;
-
-          /*
-           * Note that this case skips over the final STOP states since we've
-           * already read the final CRLF and need to return
-           */
-
-          ch->dataleft = length;
-
-          return CHUNKE_STOP; /* return stop */
-        }
-        else {
-#ifdef CURL_DOES_CONVERSIONS
-          /* Convert to host encoding before calling Curl_client_write */
-          result = Curl_convert_from_network(conn->data,
-                                             conn->trailer,
-                                             conn->trlPos);
-          if(result != CURLE_OK) {
-            /* Curl_convert_from_network calls failf if unsuccessful */
-            /* Treat it as a bad chunk */
-            return(CHUNKE_BAD_CHUNK);
-          }
-#endif /* CURL_DOES_CONVERSIONS */
-          if(!data->set.http_te_skip) {
-            result = Curl_client_write(conn, CLIENTWRITE_HEADER,
-                                       conn->trailer, conn->trlPos);
-            if(result)
-              return CHUNKE_WRITE_ERROR;
-          }
-        }
+      /* We enter this state when a CR should arrive so we expect to
+         have to first pass a CR before we wait for LF */
+      if(*datap != 0x0d) {
+        /* not a CR then it must be another header in the trailer */
        ch->state = CHUNK_TRAILER;
-        conn->trlPos=0;
-        datap++;
-        length--;
+        break;
      }
-      else
-        return CHUNKE_BAD_CHUNK;
+      datap++;
+      length--;
+      /* now wait for the final LF */
+      ch->state = CHUNK_STOP;
      break;

    case CHUNK_STOPCR:
@@ -394,9 +381,8 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
        datap++;
        length--;
      }
-      else {
+      else
        return CHUNKE_BAD_CHUNK;
-      }
      break;

    case CHUNK_STOP:
@@ -409,9 +395,8 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
        ch->dataleft = length;
        return CHUNKE_STOP; /* return stop */
      }
-      else {
+      else
        return CHUNKE_BAD_CHUNK;
-      }

    default:
      return CHUNKE_STATE_ERROR;
--- a/lib/http_digest.c
+++ b/lib/http_digest.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -129,7 +129,6 @@ CURLdigest Curl_input_digest(struct connectdata *conn,
                             const char *header) /* rest of the *-authenticate:
                                                    header */
 {
-  bool more = TRUE;
  char *token = NULL;
  char *tmp = NULL;
  bool foundAuth = FALSE;
@@ -159,7 +158,7 @@ CURLdigest Curl_input_digest(struct connectdata *conn,
    /* clear off any former leftovers and init to defaults */
    Curl_digest_cleanup_one(d);

-    while(more) {
+    while(1) {
      char value[MAX_VALUE_LENGTH];
      char content[MAX_CONTENT_LENGTH];

--- a/lib/http_negotiate.c
+++ b/lib/http_negotiate.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -277,6 +277,7 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
    &conn->data->state.negotiate;
  char *encoded = NULL;
  size_t len;
+  char *userp;

 #ifdef HAVE_SPNEGO /* Handle SPNEGO */
  if(checkprefix("Negotiate", neg_ctx->protocol)) {
@@ -330,12 +331,16 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
  if(len == 0)
    return CURLE_OUT_OF_MEMORY;

-  conn->allocptr.userpwd =
-    aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "",
-            neg_ctx->protocol, encoded);
+  userp = aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "",
+                  neg_ctx->protocol, encoded);
+
+  if(proxy)
+    conn->allocptr.proxyuserpwd = userp;
+  else
+    conn->allocptr.userpwd = userp;
  free(encoded);
  Curl_cleanup_negotiate (conn->data);
-  return (conn->allocptr.userpwd == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
+  return (userp == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
 }

 static void cleanup(struct negotiatedata *neg_ctx)
--- a/lib/krb4.h
+++ b/lib/krb4.h
@@ -47,7 +47,6 @@ extern struct Curl_sec_client_mech Curl_krb5_client_mech;
 #endif

 CURLcode Curl_krb_kauth(struct connectdata *conn);
-int Curl_sec_fflush_fd(struct connectdata *conn, int fd);
 int Curl_sec_fprintf (struct connectdata *, FILE *, const char *, ...);
 int Curl_sec_getc (struct connectdata *conn, FILE *);
 int Curl_sec_putc (struct connectdata *conn, int, FILE *);
@@ -58,10 +57,10 @@ int Curl_sec_fprintf2(struct connectdata *conn, FILE *f, const char *fmt, ...);
 int Curl_sec_vfprintf2(struct connectdata *conn, FILE *, const char *, va_list);

 void Curl_sec_end (struct connectdata *);
-int Curl_sec_login (struct connectdata *);
+CURLcode Curl_sec_login (struct connectdata *);
 void Curl_sec_prot (int, char **);
 int Curl_sec_request_prot (struct connectdata *conn, const char *level);
-void Curl_sec_set_protection_level(struct connectdata *conn);
+int Curl_sec_set_protection_level(struct connectdata *conn);
 void Curl_sec_status (void);

 enum protection_level Curl_set_command_prot(struct connectdata *,
--- a/lib/krb5.c
+++ b/lib/krb5.c
@@ -75,10 +75,19 @@
 #define LOCAL_ADDR (&conn->local_addr)
 #define REMOTE_ADDR conn->ip_addr->ai_addr

+static int
+krb5_init(void *app_data)
+{
+  gss_ctx_id_t *context = app_data;
+  /* Make sure our context is initialized for krb5_end. */
+  *context = GSS_C_NO_CONTEXT;
+  return 0;
+}
+
 static int
 krb5_check_prot(void *app_data, int level)
 {
-  app_data = NULL; /* prevent compiler warning */
+  (void)app_data; /* unused */
  if(level == prot_confidential)
    return -1;
  return 0;
@@ -161,7 +170,7 @@ krb5_encode(void *app_data, const void *from, int length, int level, void **to,
 static int
 krb5_auth(void *app_data, struct connectdata *conn)
 {
-  int ret;
+  int ret = AUTH_OK;
  char *p;
  const char *host = conn->host.name;
  ssize_t nread;
@@ -169,7 +178,7 @@ krb5_auth(void *app_data, struct connectdata *conn)
  struct SessionHandle *data = conn->data;
  CURLcode result;
  const char *service = "ftp", *srv_host = "host";
-  gss_buffer_desc gssbuf, _gssresp, *gssresp;
+  gss_buffer_desc input_buffer, output_buffer, _gssresp, *gssresp;
  OM_uint32 maj, min;
  gss_name_t gssname;
  gss_ctx_id_t *context = app_data;
@@ -205,28 +214,31 @@ krb5_auth(void *app_data, struct connectdata *conn)
        return -1;
    }

-    gssbuf.value = data->state.buffer;
-    gssbuf.length = snprintf(gssbuf.value, BUFSIZE, "%s@%s", service, host);
-    maj = gss_import_name(&min, &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &gssname);
+    input_buffer.value = data->state.buffer;
+    input_buffer.length = snprintf(input_buffer.value, BUFSIZE, "%s@%s",
+                                   service, host);
+    maj = gss_import_name(&min, &input_buffer, GSS_C_NT_HOSTBASED_SERVICE,
+                          &gssname);
    if(maj != GSS_S_COMPLETE) {
      gss_release_name(&min, &gssname);
      if(service == srv_host) {
-        Curl_failf(data, "Error importing service name %s", gssbuf.value);
+        Curl_failf(data, "Error importing service name %s", input_buffer.value);
        return AUTH_ERROR;
      }
      service = srv_host;
      continue;
    }
-    {
-      gss_OID t;
-      gss_display_name(&min, gssname, &gssbuf, &t);
-      Curl_infof(data, "Trying against %s\n", gssbuf.value);
-      gss_release_buffer(&min, &gssbuf);
-    }
+    /* We pass NULL as |output_name_type| to avoid a leak. */
+    gss_display_name(&min, gssname, &output_buffer, NULL);
+    Curl_infof(data, "Trying against %s\n", output_buffer.value);
    gssresp = GSS_C_NO_BUFFER;
    *context = GSS_C_NO_CONTEXT;

    do {
+      /* Release the buffer at each iteration to avoid leaking: the first time
+         we are releasing the memory from gss_display_name. The last item is
+         taken care by a final gss_release_buffer. */
+      gss_release_buffer(&min, &output_buffer);
      ret = AUTH_OK;
      maj = gss_init_sec_context(&min,
                                 GSS_C_NO_CREDENTIAL,
@@ -238,7 +250,7 @@ krb5_auth(void *app_data, struct connectdata *conn)
                                 &chan,
                                 gssresp,
                                 NULL,
-                                 &gssbuf,
+                                 &output_buffer,
                                 NULL,
                                 NULL);

@@ -253,9 +265,9 @@ krb5_auth(void *app_data, struct connectdata *conn)
        break;
      }

-      if(gssbuf.length != 0) {
-        if(Curl_base64_encode(data, (char *)gssbuf.value, gssbuf.length, &p)
-           < 1) {
+      if(output_buffer.length != 0) {
+        if(Curl_base64_encode(data, (char *)output_buffer.value,
+                              output_buffer.length, &p) < 1) {
          Curl_infof(data, "Out of memory base64-encoding");
          ret = AUTH_CONTINUE;
          break;
@@ -298,6 +310,7 @@ krb5_auth(void *app_data, struct connectdata *conn)
    } while(maj == GSS_S_CONTINUE_NEEDED);

    gss_release_name(&min, &gssname);
+    gss_release_buffer(&min, &output_buffer);

    if(gssresp)
      free(_gssresp.value);
@@ -307,14 +320,25 @@ krb5_auth(void *app_data, struct connectdata *conn)

    service = srv_host;
  }
+  return ret;
+}
+
+static void krb5_end(void *app_data)
+{
+    OM_uint32 maj, min;
+    gss_ctx_id_t *context = app_data;
+    if (*context != GSS_C_NO_CONTEXT) {
+      maj = gss_delete_sec_context(&min, context, GSS_C_NO_BUFFER);
+      DEBUGASSERT(maj == GSS_S_COMPLETE);
+    }
 }

 struct Curl_sec_client_mech Curl_krb5_client_mech = {
    "GSSAPI",
    sizeof(gss_ctx_id_t),
-    NULL, /* init */
+    krb5_init,
    krb5_auth,
-    NULL, /* end */
+    krb5_end,
    krb5_check_prot,
    krb5_overhead,
    krb5_encode,
--- a/lib/llist.c
+++ b/lib/llist.c
@@ -55,7 +55,13 @@ Curl_llist_alloc(curl_llist_dtor dtor)
 }

 /*
- * Curl_llist_insert_next() returns 1 on success and 0 on failure.
+ * Curl_llist_insert_next()
+ *
+ * Inserts a new list element after the given one 'e'. If the given existing
+ * entry is NULL and the list already has elements, the new one will be
+ * inserted first in the list.
+ *
+ * Returns: 1 on success and 0 on failure.
 */
 int
 Curl_llist_insert_next(struct curl_llist *list, struct curl_llist_element *e,
@@ -73,15 +79,21 @@ Curl_llist_insert_next(struct curl_llist *list, struct curl_llist_element *e,
    list->tail = ne;
  }
  else {
-    ne->next = e->next;
+    /* if 'e' is NULL here, we insert the new element first in the list */
+    ne->next = e?e->next:list->head;
    ne->prev = e;
-    if(e->next) {
+    if(!e) {
+      list->head->prev = ne;
+      list->head = ne;
+    }
+    else if(e->next) {
      e->next->prev = ne;
    }
    else {
      list->tail = ne;
    }
-    e->next = ne;
+    if(e)
+      e->next = ne;
  }

  ++list->size;
--- a/lib/mk-ca-bundle.vbs
+++ b/lib/mk-ca-bundle.vbs
@@ -0,0 +1,271 @@
+'***************************************************************************
+'*                                  _   _ ____  _
+'*  Project                     ___| | | |  _ \| |
+'*                             / __| | | | |_) | |
+'*                            | (__| |_| |  _ <| |___
+'*                             \___|\___/|_| \_\_____|
+'*
+'* Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+'*
+'* This software is licensed as described in the file COPYING, which
+'* you should have received as part of this distribution. The terms
+'* are also available at http://curl.haxx.se/docs/copyright.html.
+'*
+'* You may opt to use, copy, modify, merge, publish, distribute and/or sell
+'* copies of the Software, and permit persons to whom the Software is
+'* furnished to do so, under the terms of the COPYING file.
+'*
+'* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+'* KIND, either express or implied.
+'*
+'***************************************************************************
+'* Script to fetch certdata.txt from Mozilla.org site and create a
+'* ca-bundle.crt for use with OpenSSL / libcurl / libcurl bindings
+'* Requires WinHttp.WinHttpRequest.5.1 and ADODB.Stream which are part of
+'* W2000 SP3 or later, WXP SP1 or later, W2003 Server SP1 or later.
+'* Hacked by Guenter Knauf
+'***************************************************************************
+Option Explicit
+Const myVersion = "0.3.5"
+
+Const myUrl = "http://mxr.mozilla.org/firefox/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1"
+
+Const myOpenssl = "openssl.exe"
+
+Const myCdSavF = FALSE       ' Flag: save downloaded data to file certdata.txt
+Const myCaBakF = TRUE        ' Flag: backup existing ca-bundle certificate
+Const myAskLiF = TRUE        ' Flag: display certdata.txt license agreement
+Const myAskTiF = TRUE        ' Flag: ask to include certificate text info
+
+'******************* Nothing to configure below! *******************
+Dim objShell, objNetwork, objFSO, objHttp
+Dim myBase, mySelf, myFh, myTmpFh, myCdData, myCdFile, myCaFile, myTmpName, myBakNum, myOptTxt, i
+Set objNetwork = WScript.CreateObject("WScript.Network")
+Set objShell = WScript.CreateObject("WScript.Shell")
+Set objFSO = WScript.CreateObject("Scripting.FileSystemObject")
+Set objHttp = WScript.CreateObject("WinHttp.WinHttpRequest.5.1")
+If objHttp Is Nothing Then Set objHttp = WScript.CreateObject("WinHttp.WinHttpRequest")
+myBase = Left(WScript.ScriptFullName, InstrRev(WScript.ScriptFullName, "\"))
+mySelf = Left(WScript.ScriptName, InstrRev(WScript.ScriptName, ".") - 1) & " " & myVersion
+myCdFile = Mid(myUrl, InstrRev(myUrl, "/") + 1, InstrRev(myUrl, "?") - InstrRev(myUrl, "/") - 1)
+myCaFile = "ca-bundle.crt"
+myTmpName = InputBox("Enter output filename:", mySelf, myCaFile)
+If Not (myTmpName = "") Then
+  myCaFile = myTmpName
+End If
+' Lets ignore SSL invalid cert errors
+objHttp.Option(4) = 256 + 512 + 4096 + 8192
+objHttp.SetTimeouts 0, 5000, 10000, 10000
+objHttp.Open "GET", myUrl, FALSE
+objHttp.setRequestHeader "User-Agent", WScript.ScriptName & "/" & myVersion
+objHttp.Send ""
+If Not (objHttp.statusText = "OK") Then
+  MsgBox("Failed to download '" & myCdFile & "': " & objHttp.statusText), vbCritical, mySelf
+  WScript.Quit 1
+End If
+' Convert data from ResponseBody instead of using ResponseText because of UTF-8
+myCdData = ConvertBinaryData(objHttp.ResponseBody)
+Set objHttp = Nothing
+' Write received data to file if enabled
+If (myCdSavF = TRUE) Then
+  Set myFh = objFSO.OpenTextFile(myCdFile, 2, TRUE)
+  myFh.Write myCdData
+  myFh.Close
+End If
+' Backup exitsing ca-bundle certificate file
+If (myCaBakF = TRUE) Then
+  If objFSO.FileExists(myCaFile) Then
+    Dim myBakFile, b
+    b = 1
+    myBakFile = myCaFile & ".~" & b & "~"
+    While objFSO.FileExists(myBakFile)
+      b = b + 1
+      myBakFile = myCaFile & ".~" & b & "~"
+    Wend
+    Set myTmpFh = objFSO.GetFile(myCaFile)
+    myTmpFh.Move myBakFile
+  End If
+End If
+If (myAskTiF = TRUE) Then
+  If (6 = objShell.PopUp("Do you want to include text information about each certificate?" & vbLf & _
+          "(requires OpenSSL commandline in current directory or in search path)",, _
+          mySelf, vbQuestion + vbYesNo + vbDefaultButton2)) Then
+    myOptTxt = TRUE
+  Else
+    myOptTxt = FALSE
+  End If
+End If
+' Process the received data
+Dim myLines, myPattern, myInsideCert, myInsideLicense, myLicenseText, myNumCerts
+Dim myLabel, myOctets, myData, myPem, myRev, j
+myData = ""
+myLines = Split(myCdData, vbLf, -1)
+Set myFh = objFSO.OpenTextFile(myCaFile, 2, TRUE)
+myFh.Write "##" & vbLf
+myFh.Write "## " & myCaFile & " -- Bundle of CA Root Certificates" & vbLf
+myFh.Write "##" & vbLf
+myFh.Write "## Converted at: " & Now & vbLf
+myFh.Write "##" & vbLf
+myFh.Write "## This is a bundle of X.509 certificates of public Certificate Authorities" & vbLf
+myFh.Write "## (CA). These were automatically extracted from Mozilla's root certificates" & vbLf
+myFh.Write "## file (certdata.txt).  This file can be found in the mozilla source tree:" & vbLf
+myFh.Write "## '/mozilla/security/nss/lib/ckfw/builtins/certdata.txt'" & vbLf
+myFh.Write "##" & vbLf
+myFh.Write "## It contains the certificates in PEM format and therefore" & vbLf
+myFh.Write "## can be directly used with curl / libcurl / php_curl, or with" & vbLf
+myFh.Write "## an Apache+mod_ssl webserver for SSL client authentication." & vbLf
+myFh.Write "## Just configure this file as the SSLCACertificateFile." & vbLf
+myFh.Write "##" & vbLf
+myFh.Write vbLf
+For i = 0 To UBound(myLines)
+  If InstrRev(myLines(i), "CKA_LABEL ") Then
+    myPattern = "^CKA_LABEL\s+[A-Z0-9]+\s+""(.+?)"""
+    myLabel = RegExprFirst(myPattern, myLines(i))
+  End If
+  If (myInsideCert = TRUE) Then
+    If InstrRev(myLines(i), "END") Then
+      myInsideCert = FALSE
+      myFh.Write myLabel & vbLf
+      myFh.Write String(Len(myLabel), "=") & vbLf
+      myPem = "-----BEGIN CERTIFICATE-----" & vbLf & _
+              Base64Encode(myData) & vbLf & _
+              "-----END CERTIFICATE-----" & vbLf
+      If (myOptTxt = FALSE) Then
+        myFh.Write myPem & vbLf
+      Else
+        Dim myCmd, myRval, myTmpIn, myTmpOut
+        myTmpIn = objFSO.GetSpecialFolder(2).Path & "\" & objFSO.GetTempName
+        myTmpOut = objFSO.GetSpecialFolder(2).Path & "\" & objFSO.GetTempName
+        Set myTmpFh = objFSO.OpenTextFile(myTmpIn, 2, TRUE)
+        myTmpFh.Write myPem
+        myTmpFh.Close
+        myCmd = myOpenssl & " x509 -md5 -fingerprint -text -inform PEM" & _
+                " -in " & myTmpIn & " -out " & myTmpOut
+        myRval = objShell.Run (myCmd, 0, TRUE)
+        objFSO.DeleteFile myTmpIn, TRUE
+        If Not (myRval = 0) Then
+          MsgBox("Failed to process PEM cert with OpenSSL commandline!"), vbCritical, mySelf
+          objFSO.DeleteFile myTmpOut, TRUE
+          WScript.Quit 3
+        End If
+        Set myTmpFh = objFSO.OpenTextFile(myTmpOut, 1)
+        myFh.Write myTmpFh.ReadAll & vbLf
+        myTmpFh.Close
+        objFSO.DeleteFile myTmpOut, TRUE
+      End If
+      myData = ""
+      myNumCerts = myNumCerts + 1
+    Else
+      myOctets = Split(myLines(i), "\")
+      For j = 1 To UBound(myOctets)
+        myData = myData & Chr(CByte("&o" & myOctets(j)))
+      Next
+    End If
+  End If
+  If InstrRev(myLines(i), "CVS_ID ") Then
+    myPattern = "^CVS_ID\s+""(.+?)"""
+    myRev = RegExprFirst(myPattern, myLines(i))
+    myFh.Write "# " & myRev & vbLf & vbLf
+  End If
+  If InstrRev(myLines(i), "CKA_VALUE MULTILINE_OCTAL") Then
+    myInsideCert = TRUE
+  End If
+  If InstrRev(myLines(i), "***** BEGIN LICENSE BLOCK *****") Then
+    myInsideLicense = TRUE
+  End If
+  If (myInsideLicense = TRUE) Then
+    myFh.Write myLines(i) & vbLf
+    myLicenseText = myLicenseText & Mid(myLines(i), 2) & vbLf
+  End If
+  If InstrRev(myLines(i), "***** END LICENSE BLOCK *****") Then
+    myInsideLicense = FALSE
+    If (myAskLiF = TRUE) Then
+      If Not (6 = objShell.PopUp(myLicenseText & vbLf & _
+              "Do you agree to the license shown above (required to proceed) ?",, _
+              mySelf, vbQuestion + vbYesNo + vbDefaultButton1)) Then
+        myFh.Close
+        objFSO.DeleteFile myCaFile, TRUE
+        WScript.Quit 2
+      End If
+    End If
+  End If
+Next
+myFh.Close
+objShell.PopUp "Done (" & myNumCerts & " CA certs processed).", 20, mySelf, vbInformation
+WScript.Quit 0
+
+Function ConvertBinaryData(arrBytes)
+  Dim objStream
+  Set objStream = CreateObject("ADODB.Stream")
+  objStream.Open
+  objStream.Type = 1
+  objStream.Write arrBytes
+  objStream.Position = 0
+  objStream.Type = 2
+  objStream.Charset = "ascii"
+  ConvertBinaryData = objStream.ReadText
+  Set objStream = Nothing
+End Function
+
+Function RegExprFirst(SearchPattern, TheString)
+  Dim objRegExp, Matches                        ' create variables.
+  Set objRegExp = New RegExp                    ' create a regular expression.
+  objRegExp.Pattern = SearchPattern             ' sets the search pattern.
+  objRegExp.IgnoreCase = TRUE                   ' set to ignores case.
+  objRegExp.Global = TRUE                       ' set to gloabal search.
+  Set Matches = objRegExp.Execute(TheString)    ' do the search.
+  If (Matches.Count) Then
+    RegExprFirst = Matches(0).SubMatches(0)     ' return first match.
+  Else
+    RegExprFirst = ""
+  End If
+  Set objRegExp = Nothing
+End Function
+
+Function Base64Encode(inData)
+  Const Base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
+  Dim cOut, sOut, I
+
+  'For each group of 3 bytes
+  For I = 1 To Len(inData) Step 3
+    Dim nGroup, pOut, sGroup
+
+    'Create one long from this 3 bytes.
+    nGroup = &H10000 * Asc(Mid(inData, I, 1)) + _
+             &H100 * MyASC(Mid(inData, I + 1, 1)) + _
+             MyASC(Mid(inData, I + 2, 1))
+
+    'Oct splits the long To 8 groups with 3 bits
+    nGroup = Oct(nGroup)
+
+    'Add leading zeros
+    nGroup = String(8 - Len(nGroup), "0") & nGroup
+
+    'Convert To base64
+    pOut = Mid(Base64, CLng("&o" & Mid(nGroup, 1, 2)) + 1, 1) & _
+           Mid(Base64, CLng("&o" & Mid(nGroup, 3, 2)) + 1, 1) & _
+           Mid(Base64, CLng("&o" & Mid(nGroup, 5, 2)) + 1, 1) & _
+           Mid(Base64, CLng("&o" & Mid(nGroup, 7, 2)) + 1, 1)
+
+    'Add the part To OutPut string
+    sOut = sOut + pOut
+
+    'Add a new line For Each 76 chars In dest (76*3/4 = 57)
+    If (I < Len(inData) - 2) Then
+      If (I + 2) Mod 57 = 0 Then sOut = sOut & vbLf
+    End If
+  Next
+  Select Case Len(inData) Mod 3
+    Case 1: '8 bit final
+      sOut = Left(sOut, Len(sOut) - 2) & "=="
+    Case 2: '16 bit final
+      sOut = Left(sOut, Len(sOut) - 1) & "="
+  End Select
+  Base64Encode = sOut
+End Function
+
+Function MyASC(OneChar)
+  If OneChar = "" Then MyASC = 0 Else MyASC = Asc(OneChar)
+End Function
+
+
--- a/lib/multi.c
+++ b/lib/multi.c
--- a/lib/multiif.h
+++ b/lib/multiif.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -27,8 +27,6 @@
 */
 void Curl_expire(struct SessionHandle *data, long milli);

-void Curl_multi_rmeasy(void *multi, CURL *data);
-
 bool Curl_multi_canPipeline(const struct Curl_multi* multi);
 void Curl_multi_handlePipeBreak(struct SessionHandle *data);

--- a/lib/openldap.c
+++ b/lib/openldap.c
@@ -165,6 +165,7 @@ static CURLcode ldap_setup(struct connectdata *conn)
  li = calloc(1, sizeof(ldapconninfo));
  li->proto = proto;
  conn->proto.generic = li;
+  conn->bits.close = FALSE;
  /* TODO:
   * - provide option to choose SASL Binds instead of Simple
   */
@@ -198,6 +199,35 @@ static CURLcode ldap_connect(struct connectdata *conn, bool *done)

  ldap_set_option(li->ld, LDAP_OPT_PROTOCOL_VERSION, &proto);

+#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_PROXY)
+  if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
+    /* for LDAP over HTTP proxy */
+    struct HTTP http_proxy;
+    ldapconninfo *li_save;
+    CURLcode result;
+
+    /* BLOCKING */
+    /* We want "seamless" LDAP operations through HTTP proxy tunnel */
+
+    /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the member
+     * conn->proto.http; we want LDAP through HTTP and we have to change the
+     * member temporarily for connecting to the HTTP proxy. After
+     * Curl_proxyCONNECT we have to set back the member to the original struct
+     * LDAP pointer
+     */
+    li_save = data->state.proto.generic;
+    memset(&http_proxy, 0, sizeof(http_proxy));
+    data->state.proto.http = &http_proxy;
+    result = Curl_proxyCONNECT(conn, FIRSTSOCKET,
+                               conn->host.name, conn->remote_port);
+
+    data->state.proto.generic = li_save;
+
+    if(CURLE_OK != result)
+      return result;
+  }
+#endif /* !CURL_DISABLE_HTTP && !CURL_DISABLE_PROXY */
+
 #ifdef USE_SSL
  if (conn->protocol & PROT_SSL) {
    CURLcode res;
--- a/lib/parsedate.c
+++ b/lib/parsedate.c
@@ -371,6 +371,12 @@ int Curl_parsedate(const char *date, time_t *output)
        /* time stamp! */
        date += 8;
      }
+      else if((secnum == -1) &&
+              (2 == sscanf(date, "%02d:%02d", &hournum, &minnum))) {
+        /* time stamp without seconds */
+        date += 5;
+        secnum = 0;
+      }
      else {
        val = (int)strtol(date, &end, 10);

--- a/lib/rtsp.c
+++ b/lib/rtsp.c
@@ -709,7 +709,7 @@ CURLcode Curl_rtsp_parseheader(struct connectdata *conn,
    while(*start && ISSPACE(*start))
      start++;

-    if(!start) {
+    if(!*start) {
      failf(data, "Got a blank Session ID");
    }
    else if(data->set.str[STRING_RTSP_SESSION_ID]) {
--- a/lib/security.c
+++ b/lib/security.c
@@ -46,10 +46,7 @@
 #ifndef CURL_DISABLE_FTP
 #if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)

-#define _MPRINTF_REPLACE /* we want curl-functions instead of native ones */
-#include <curl/mprintf.h>
-
-#include <stdlib.h>
+#include <stdarg.h>
 #include <string.h>

 #ifdef HAVE_NETDB_H
@@ -61,11 +58,11 @@
 #endif

 #include "urldata.h"
-#include "krb4.h"
 #include "curl_base64.h"
-#include "sendf.h"
-#include "ftp.h"
 #include "curl_memory.h"
+#include "krb4.h"
+#include "ftp.h"
+#include "sendf.h"
 #include "rawstr.h"

 /* The last #include file should be: */
@@ -91,78 +88,142 @@ name_to_level(const char *name)
  return (enum protection_level)-1;
 }

+/* Convert a protocol |level| to its char representation.
+   We take an int to catch programming mistakes. */
+static char level_to_char(int level) {
+  switch(level) {
+  case prot_clear:
+    return 'C';
+  case prot_safe:
+    return 'S';
+  case prot_confidential:
+    return 'E';
+  case prot_private:
+    return 'P';
+  case prot_cmd:
+    /* Fall through */
+  default:
+    /* Those 2 cases should not be reached! */
+    break;
+  }
+  DEBUGASSERT(0);
+  /* Default to the most secure alternative. */
+  return 'P';
+}
+
 static const struct Curl_sec_client_mech * const mechs[] = {
-#ifdef HAVE_GSSAPI
+#if defined(HAVE_GSSAPI)
  &Curl_krb5_client_mech,
 #endif
-#ifdef HAVE_KRB4
+#if defined(HAVE_KRB4)
  &Curl_krb4_client_mech,
 #endif
  NULL
 };

-static int
-block_read(int fd, void *buf, size_t len)
+/* Send an FTP command defined by |message| and the optional arguments. The
+   function returns the ftp_code. If an error occurs, -1 is returned. */
+static int ftp_send_command(struct connectdata *conn, const char *message, ...)
 {
-  unsigned char *p = buf;
-  int b;
-  while(len) {
-    b = read(fd, p, len);
-    if(b == 0)
-      return 0;
-    else if(b < 0 && (errno == EINTR || errno == EAGAIN))
-      /* TODO: this will busy loop in the EAGAIN case */
-      continue;
-    else if(b < 0)
-      return -1;
-    len -= b;
-    p += b;
+  int ftp_code;
+  ssize_t nread;
+  va_list args;
+  char print_buffer[50];
+
+  va_start(args, message);
+  vsnprintf(print_buffer, sizeof(print_buffer), message, args);
+  va_end(args);
+
+  if(Curl_ftpsendf(conn, print_buffer) != CURLE_OK) {
+    ftp_code = -1;
  }
-  return p - (unsigned char*)buf;
+  else {
+    if(Curl_GetFTPResponse(&nread, conn, &ftp_code) != CURLE_OK)
+      ftp_code = -1;
+  }
+
+  (void)nread; /* Unused */
+  return ftp_code;
 }

-static int
-block_write(int fd, const void *buf, size_t len)
+/* Read |len| from the socket |fd| and store it in |to|. Return a CURLcode
+   saying whether an error occured or CURLE_OK if |len| was read. */
+static CURLcode
+socket_read(curl_socket_t fd, void *to, size_t len)
 {
-  const unsigned char *p = buf;
-  int b;
-  while(len) {
-    b = write(fd, p, len);
-    if(b < 0 && (errno == EINTR || errno == EAGAIN))
-      continue;
-    else if(b < 0)
-      return -1;
-    len -= b;
-    p += b;
+  char *to_p = to;
+  CURLcode code;
+  ssize_t nread;
+
+  while(len > 0) {
+    code = Curl_read_plain(fd, to_p, len, &nread);
+    if(code == CURLE_OK) {
+      len -= nread;
+      to_p += nread;
+    }
+    else {
+      /* FIXME: We are doing a busy wait */
+      if(code == CURLE_AGAIN)
+        continue;
+      return code;
+    }
  }
-  return p - (unsigned char*)buf;
+  return CURLE_OK;
 }

-static int
-sec_get_data(struct connectdata *conn,
-             int fd, struct krb4buffer *buf)
+
+/* Write |len| bytes from the buffer |to| to the socket |fd|. Return a
+   CURLcode saying whether an error occured or CURLE_OK if |len| was
+   written. */
+static CURLcode
+socket_write(struct connectdata *conn, curl_socket_t fd, const void *to,
+             size_t len)
+{
+  const char *to_p = to;
+  CURLcode code;
+  ssize_t written;
+
+  while(len > 0) {
+    code = Curl_write_plain(conn, fd, to_p, len, &written);
+    if(code == CURLE_OK) {
+      len -= written;
+      to_p += written;
+    }
+    else {
+      /* FIXME: We are doing a busy wait */
+      if(code == CURLE_AGAIN)
+        continue;
+      return code;
+    }
+  }
+  return CURLE_OK;
+}
+
+static CURLcode read_data(struct connectdata *conn,
+                          curl_socket_t fd,
+                          struct krb4buffer *buf)
 {
  int len;
-  int b;
+  void* tmp;
+  CURLcode ret;
+
+  ret = socket_read(fd, &len, sizeof(len));
+  if (ret != CURLE_OK)
+    return ret;

-  b = block_read(fd, &len, sizeof(len));
-  if(b == 0)
-    return 0;
-  else if(b < 0)
-    return -1;
  len = ntohl(len);
-  /* TODO: This realloc will cause a memory leak in an out of memory
-   * condition */
-  buf->data = realloc(buf->data, len);
-  b = buf->data ? block_read(fd, buf->data, len) : -1;
-  if(b == 0)
-    return 0;
-  else if(b < 0)
-    return -1;
-  buf->size = (conn->mech->decode)(conn->app_data, buf->data, len,
-                                   conn->data_prot, conn);
+  tmp = realloc(buf->data, len);
+  if (tmp == NULL)
+    return CURLE_OUT_OF_MEMORY;
+
+  buf->data = tmp;
+  ret = socket_read(fd, buf->data, len);
+  if (ret != CURLE_OK)
+    return ret;
+  buf->size = conn->mech->decode(conn->app_data, buf->data, len,
+                                 conn->data_prot, conn);
  buf->index = 0;
-  return 0;
+  return CURLE_OK;
 }

 static size_t
@@ -175,95 +236,109 @@ buffer_read(struct krb4buffer *buf, void *data, size_t len)
  return len;
 }

-static ssize_t sec_read(struct connectdata *conn, int num,
-                        char *buffer, size_t length, CURLcode *err)
+/* Matches Curl_recv signature */
+static ssize_t sec_recv(struct connectdata *conn, int sockindex,
+                        char *buffer, size_t len, CURLcode *err)
 {
-  size_t len;
-  int rx = 0;
-  curl_socket_t fd = conn->sock[num];
+  size_t bytes_read;
+  size_t total_read = 0;
+  curl_socket_t fd = conn->sock[sockindex];

  *err = CURLE_OK;

+  /* Handle clear text response. */
+  if(conn->sec_complete == 0 || conn->data_prot == prot_clear)
+      return read(fd, buffer, len);
+
  if(conn->in_buffer.eof_flag) {
    conn->in_buffer.eof_flag = 0;
    return 0;
  }

-  len = buffer_read(&conn->in_buffer, buffer, length);
-  length -= len;
-  rx += len;
-  buffer = (char*)buffer + len;
+  bytes_read = buffer_read(&conn->in_buffer, buffer, len);
+  len -= bytes_read;
+  total_read += bytes_read;
+  buffer += bytes_read;

-  while(length) {
-    if(sec_get_data(conn, fd, &conn->in_buffer) < 0)
+  while(len > 0) {
+    if(read_data(conn, fd, &conn->in_buffer) != CURLE_OK)
      return -1;
    if(conn->in_buffer.size == 0) {
-      if(rx)
+      if(bytes_read > 0)
        conn->in_buffer.eof_flag = 1;
-      return rx;
+      return bytes_read;
    }
-    len = buffer_read(&conn->in_buffer, buffer, length);
-    length -= len;
-    rx += len;
-    buffer = (char*)buffer + len;
+    bytes_read = buffer_read(&conn->in_buffer, buffer, len);
+    len -= bytes_read;
+    total_read += bytes_read;
+    buffer += bytes_read;
  }
-  return rx;
+  /* FIXME: Check for overflow */
+  return total_read;
 }

-static int
-sec_send(struct connectdata *conn, int fd, const char *from, int length)
+/* Send |length| bytes from |from| to the |fd| socket taking care of encoding
+   and negociating with the server. |from| can be NULL. */
+/* FIXME: We don't check for errors nor report any! */
+static void do_sec_send(struct connectdata *conn, curl_socket_t fd,
+                        const char *from, int length)
 {
-  int bytes;
-  void *buf;
-  enum protection_level protlevel = conn->data_prot;
-  int iscmd = protlevel == prot_cmd;
+  size_t bytes;
+  size_t htonl_bytes;
+  char *buffer;
+  char *cmd_buffer;
+  enum protection_level prot_level = conn->data_prot;
+  bool iscmd = prot_level == prot_cmd;

  if(iscmd) {
    if(!strncmp(from, "PASS ", 5) || !strncmp(from, "ACCT ", 5))
-      protlevel = prot_private;
+      prot_level = prot_private;
    else
-      protlevel = conn->command_prot;
+      prot_level = conn->command_prot;
  }
-  bytes = (conn->mech->encode)(conn->app_data, from, length, protlevel,
-                               &buf, conn);
+  bytes = conn->mech->encode(conn->app_data, from, length, prot_level,
+                             (void**)&buffer, conn);
  if(iscmd) {
-    char *cmdbuf;
-
-    bytes = Curl_base64_encode(conn->data, (char *)buf, bytes, &cmdbuf);
+    bytes = Curl_base64_encode(conn->data, buffer, bytes, &cmd_buffer);
    if(bytes > 0) {
-      if(protlevel == prot_private)
-        block_write(fd, "ENC ", 4);
+      static const char *enc = "ENC ";
+      static const char *mic = "MIC ";
+      if(prot_level == prot_private)
+        socket_write(conn, fd, enc, 4);
      else
-        block_write(fd, "MIC ", 4);
-      block_write(fd, cmdbuf, bytes);
-      block_write(fd, "\r\n", 2);
-      Curl_infof(conn->data, "%s %s\n",
-                 protlevel == prot_private ? "ENC" : "MIC", cmdbuf);
-      free(cmdbuf);
+        socket_write(conn, fd, mic, 4);
+
+      socket_write(conn, fd, cmd_buffer, bytes);
+      socket_write(conn, fd, "\r\n", 2);
+      infof(conn->data, "Send: %s%s\n", prot_level == prot_private?enc:mic,
+            cmd_buffer);
+      free(cmd_buffer);
    }
  }
  else {
-    bytes = htonl(bytes);
-    block_write(fd, &bytes, sizeof(bytes));
-    block_write(fd, buf, ntohl(bytes));
+    htonl_bytes = htonl(bytes);
+    socket_write(conn, fd, &htonl_bytes, sizeof(htonl_bytes));
+    socket_write(conn, fd, buffer, bytes);
  }
-  free(buf);
-  return length;
+  free(buffer);
 }

-static ssize_t sec_write(struct connectdata *conn, int fd,
-                         const char *buffer, int length)
+static ssize_t sec_write(struct connectdata *conn, curl_socket_t fd,
+                         const char *buffer, size_t length)
 {
-  int len = conn->buffer_size;
+  /* FIXME: Check for overflow */
+  ssize_t len = conn->buffer_size;
  int tx = 0;

-  len -= (conn->mech->overhead)(conn->app_data, conn->data_prot, len);
+  len -= conn->mech->overhead(conn->app_data, conn->data_prot, len);
  if(len <= 0)
    len = length;
-  while(length){
-    if(length < len)
+  while(length) {
+    if(len >= 0 || length < (size_t)len) {
+      /* FIXME: Check for overflow. */
      len = length;
-    sec_send(conn, fd, buffer, len);
+    }
+    do_sec_send(conn, fd, buffer, len);
    length -= len;
    buffer += len;
    tx += len;
@@ -271,61 +346,57 @@ static ssize_t sec_write(struct connectdata *conn, int fd,
  return tx;
 }

-int
-Curl_sec_fflush_fd(struct connectdata *conn, int fd)
+/* Matches Curl_send signature */
+static ssize_t sec_send(struct connectdata *conn, int sockindex,
+                        const void *buffer, size_t len, CURLcode *err)
 {
-  if(conn->data_prot != prot_clear) {
-    if(conn->out_buffer.index > 0){
-      sec_write(conn, fd, conn->out_buffer.data, conn->out_buffer.index);
-      conn->out_buffer.index = 0;
-    }
-    sec_send(conn, fd, NULL, 0);
-  }
-  return 0;
-}
-
-static ssize_t _sec_send(struct connectdata *conn, int num,
-                         const void *buffer, size_t length, CURLcode *err)
-{
-  curl_socket_t fd = conn->sock[num];
+  curl_socket_t fd = conn->sock[sockindex];
  *err = CURLE_OK;
-  return sec_write(conn, fd, buffer, length);
+  return sec_write(conn, fd, buffer, len);
 }

-int
-Curl_sec_read_msg(struct connectdata *conn, char *s, int level)
+/* FIXME: |level| should not be an int but a struct protection_level */
+int Curl_sec_read_msg(struct connectdata *conn, char *buffer, int level)
 {
-  int len;
-  unsigned char *buf;
-  int code;
+  /* decoded_len should be size_t or ssize_t but conn->mech->decode returns an
+     int */
+  int decoded_len;
+  char *buf;
+  int ret_code;

-  len = Curl_base64_decode(s + 4, &buf); /* XXX */
-  if(len > 0)
-    len = (conn->mech->decode)(conn->app_data, buf, len, level, conn);
-  else
+  decoded_len = Curl_base64_decode(buffer + 4, (unsigned char **)&buf);
+  if(decoded_len <= 0) {
+    free(buf);
    return -1;
+  }

-  if(len < 0) {
+  decoded_len = conn->mech->decode(conn->app_data, buf, decoded_len,
+                                   level, conn);
+  if(decoded_len <= 0) {
    free(buf);
    return -1;
  }

  if(conn->data->set.verbose) {
-    buf[len] = '\n';
-    Curl_debug(conn->data, CURLINFO_HEADER_IN, (char *)buf, len + 1, conn);
+    buf[decoded_len] = '\n';
+    Curl_debug(conn->data, CURLINFO_HEADER_IN, buf, decoded_len + 1, conn);
  }

-  buf[len] = '\0';
-
+  buf[decoded_len] = '\0';
+  DEBUGASSERT(decoded_len > 3);
  if(buf[3] == '-')
-    code = 0;
-  else
-    sscanf((char *)buf, "%d", &code);
-  if(buf[len-1] == '\n')
-    buf[len-1] = '\0';
-  strcpy(s, (char *)buf);
+    ret_code = 0;
+  else {
+    /* Check for error? */
+    sscanf(buf, "%d", &ret_code);
+  }
+
+  if(buf[decoded_len - 1] == '\n')
+    buf[decoded_len - 1] = '\0';
+  /* FIXME: Is |buffer| length always greater than |decoded_len|? */
+  strcpy(buffer, buf);
  free(buf);
-  return code;
+  return ret_code;
 }

 enum protection_level
@@ -336,64 +407,62 @@ Curl_set_command_prot(struct connectdata *conn, enum protection_level level)
  return old;
 }

-static int
-sec_prot_internal(struct connectdata *conn, int level)
+/* FIXME: The error code returned here is never checked. */
+int Curl_sec_set_protection_level(struct connectdata *conn)
 {
-  char *p;
-  unsigned int s = 1048576;
-  ssize_t nread;
+  int code;
+  char* pbsz;
+  static unsigned int buffer_size = 1 << 20; /* 1048576 */
+  enum protection_level level = conn->request_data_prot;

-  if(!conn->sec_complete){
-    infof(conn->data, "No security data exchange has taken place.\n");
+  if(!conn->sec_complete) {
+    infof(conn->data, "Trying to change the protection level after the"
+                      "completion of the data exchange.\n");
    return -1;
  }

-  if(level){
-    int code;
-    if(Curl_ftpsendf(conn, "PBSZ %u", s))
+  /* Bail out if we try to set up the same level */
+  if(conn->data_prot == level)
+    return 0;
+
+  if(level) {
+    code = ftp_send_command(conn, "PBSZ %u", buffer_size);
+    if(code < 0)
      return -1;

-    if(Curl_GetFTPResponse(&nread, conn, &code))
-      return -1;
-
-    if(code/100 != 2){
-      failf(conn->data, "Failed to set protection buffer size.");
+    if(code/100 != 2) {
+      failf(conn->data, "Failed to set the protection's buffer size.");
      return -1;
    }
-    conn->buffer_size = s;
+    conn->buffer_size = buffer_size;

-    p = strstr(conn->data->state.buffer, "PBSZ=");
-    if(p)
-      sscanf(p, "PBSZ=%u", &s);
-    if(s < conn->buffer_size)
-      conn->buffer_size = s;
+    pbsz = strstr(conn->data->state.buffer, "PBSZ=");
+    if(pbsz) {
+      /* FIXME: Checks for errors in sscanf? */
+      sscanf(pbsz, "PBSZ=%u", &buffer_size);
+      if(buffer_size < conn->buffer_size)
+        conn->buffer_size = buffer_size;
+    }
  }

-  if(Curl_ftpsendf(conn, "PROT %c", level["CSEP"]))
+  /* Now try to negiociate the protection level. */
+  code = ftp_send_command(conn, "PROT %c", level_to_char(level));
+
+  if(code < 0)
    return -1;

-  if(Curl_GetFTPResponse(&nread, conn, NULL))
-    return -1;
-
-  if(conn->data->state.buffer[0] != '2'){
-    failf(conn->data, "Failed to set protection level.");
+  if(code/100 != 2) {
+    failf(conn->data, "Failed to set the protection level.");
    return -1;
  }

-  conn->data_prot = (enum protection_level)level;
+  conn->data_prot = level;
  if(level == prot_private)
-    conn->command_prot = (enum protection_level)level;
+    conn->command_prot = level;
+
  return 0;
 }

-void
-Curl_sec_set_protection_level(struct connectdata *conn)
-{
-  if(conn->sec_complete && conn->data_prot != conn->request_data_prot)
-    sec_prot_internal(conn, conn->request_data_prot);
-}
-
-
 int
 Curl_sec_request_prot(struct connectdata *conn, const char *level)
 {
@@ -404,73 +473,81 @@ Curl_sec_request_prot(struct connectdata *conn, const char *level)
  return 0;
 }

-int
-Curl_sec_login(struct connectdata *conn)
+static CURLcode choose_mech(struct connectdata *conn)
 {
  int ret;
-  const struct Curl_sec_client_mech * const *m;
-  ssize_t nread;
-  struct SessionHandle *data=conn->data;
-  int ftpcode;
+  struct SessionHandle *data = conn->data;
+  const struct Curl_sec_client_mech * const *mech;
+  void *tmp_allocation;
+  const char *mech_name;

-  for(m = mechs; *m && (*m)->name; m++) {
-    void *tmp;
-
-    tmp = realloc(conn->app_data, (*m)->size);
-    if(tmp == NULL) {
-      failf (data, "realloc %u failed", (*m)->size);
-      return -1;
-    }
-    conn->app_data = tmp;
-
-    if((*m)->init && (*(*m)->init)(conn->app_data) != 0) {
-      infof(data, "Skipping %s...\n", (*m)->name);
+  for(mech = mechs; (*mech); ++mech) {
+    mech_name = (*mech)->name;
+    /* We have no mechanism with a NULL name but keep this check */
+    DEBUGASSERT(mech_name != NULL);
+    if(mech_name == NULL) {
+      infof(data, "Skipping mechanism with empty name (%p)\n", mech);
      continue;
    }
-    infof(data, "Trying %s...\n", (*m)->name);
+    tmp_allocation = realloc(conn->app_data, (*mech)->size);
+    if(tmp_allocation == NULL) {
+      failf(data, "Failed realloc of size %u", (*mech)->size);
+      mech = NULL;
+      return CURLE_OUT_OF_MEMORY;
+    }
+    conn->app_data = tmp_allocation;

-    if(Curl_ftpsendf(conn, "AUTH %s", (*m)->name))
-      return -1;
+    if((*mech)->init) {
+      ret = (*mech)->init(conn);
+      if(ret != 0) {
+        infof(data, "Failed initialization for %s. Skipping it.\n", mech_name);
+        continue;
+      }
+    }

-    if(Curl_GetFTPResponse(&nread, conn, &ftpcode))
-      return -1;
+    infof(data, "Trying mechanism %s...\n", mech_name);
+    ret = ftp_send_command(conn, "AUTH %s", mech_name);
+    if(ret < 0)
+      /* FIXME: This error is too generic but it is OK for now. */
+      return CURLE_COULDNT_CONNECT;

-    if(conn->data->state.buffer[0] != '3'){
-      switch(ftpcode) {
+    if(ret/100 != 3) {
+      switch(ret) {
      case 504:
-        infof(data,
-              "%s is not supported by the server.\n", (*m)->name);
+        infof(data, "Mechanism %s is not supported by the server (server "
+                    "returned ftp code: 504).\n", mech_name);
        break;
      case 534:
-        infof(data, "%s rejected as security mechanism.\n", (*m)->name);
+        infof(data, "Mechanism %s was rejected by the server (server returned "
+                    "ftp code: 534).\n", mech_name);
        break;
      default:
-        if(conn->data->state.buffer[0] == '5') {
-          infof(data, "The server doesn't support the FTP "
-                "security extensions.\n");
-          return -1;
+        if(ret/100 == 5) {
+          infof(data, "The server does not support the security extensions.\n");
+          return CURLE_USE_SSL_FAILED;
        }
        break;
      }
      continue;
    }

-    ret = (*(*m)->auth)(conn->app_data, conn);
+    /* Authenticate */
+    ret = (*mech)->auth(conn->app_data, conn);

    if(ret == AUTH_CONTINUE)
      continue;
-    else if(ret != AUTH_OK){
-      /* mechanism is supposed to output error string */
+    else if(ret != AUTH_OK) {
+      /* Mechanism has dumped the error to stderr, don't error here. */
      return -1;
    }
-    conn->mech = *m;
+    DEBUGASSERT(ret == AUTH_OK);
+
+    conn->mech = *mech;
    conn->sec_complete = 1;
-    if (conn->data_prot != prot_clear) {
-      conn->recv[FIRSTSOCKET] = sec_read;
-      conn->send[FIRSTSOCKET] = _sec_send;
-      conn->recv[SECONDARYSOCKET] = sec_read;
-      conn->send[SECONDARYSOCKET] = _sec_send;
-    }
+    conn->recv[FIRSTSOCKET] = sec_recv;
+    conn->send[FIRSTSOCKET] = sec_send;
+    conn->recv[SECONDARYSOCKET] = sec_recv;
+    conn->send[SECONDARYSOCKET] = sec_send;
    conn->command_prot = prot_safe;
    /* Set the requested protection level */
    /* BLOCKING */
@@ -478,23 +555,38 @@ Curl_sec_login(struct connectdata *conn)
    break;
  }

-  return *m == NULL;
+  return mech != NULL ? CURLE_OK : CURLE_FAILED_INIT;
 }

+CURLcode
+Curl_sec_login(struct connectdata *conn)
+{
+  return choose_mech(conn);
+}
+
+
 void
 Curl_sec_end(struct connectdata *conn)
 {
-  if(conn->mech != NULL) {
-    if(conn->mech->end)
-      (conn->mech->end)(conn->app_data);
-    memset(conn->app_data, 0, conn->mech->size);
+  if(conn->mech != NULL && conn->mech->end)
+    conn->mech->end(conn->app_data);
+  if(conn->app_data) {
    free(conn->app_data);
    conn->app_data = NULL;
  }
+  if(conn->in_buffer.data) {
+    free(conn->in_buffer.data);
+    conn->in_buffer.data = NULL;
+    conn->in_buffer.size = 0;
+    conn->in_buffer.index = 0;
+    /* FIXME: Is this really needed? */
+    conn->in_buffer.eof_flag = 0;
+  }
  conn->sec_complete = 0;
  conn->data_prot = (enum protection_level)0;
-  conn->mech=NULL;
+  conn->mech = NULL;
 }

-#endif /* HAVE_KRB4 */
+#endif /* HAVE_KRB4 || HAVE_GSSAPI */
+
 #endif /* CURL_DISABLE_FTP */
--- a/lib/setup.h
+++ b/lib/setup.h
@@ -552,6 +552,11 @@ int netware_init(void);
 #define CURL_CA_BUNDLE getenv("CURL_CA_BUNDLE")
 #endif

+/* Define S_ISREG if not defined by system headers, f.e. MSVC */
+#if !defined(S_ISREG) && defined(S_IFMT) && defined(S_IFREG)
+#define S_ISREG(m) (((m) & S_IFMT) == S_IFREG)
+#endif
+
 /*
 * Include macros and defines that should only be processed once.
 */
--- a/lib/smtp.c
+++ b/lib/smtp.c
@@ -237,7 +237,8 @@ static int smtp_endofresp(struct pingpong *pp, int *resp)

    for (;;) {
      while (len &&
-       (*line == ' ' || *line == '\t' || *line == '\r' || *line == '\n')) {
+             (*line == ' ' || *line == '\t' ||
+              *line == '\r' || *line == '\n')) {
        line++;
        len--;
      }
@@ -246,7 +247,8 @@ static int smtp_endofresp(struct pingpong *pp, int *resp)
        break;

      for (wordlen = 0; wordlen < len && line[wordlen] != ' ' &&
-       line[wordlen] != '\t' && line[wordlen] != '\r' && line[wordlen] != '\n';)
+             line[wordlen] != '\t' && line[wordlen] != '\r' &&
+             line[wordlen] != '\n';)
        wordlen++;

      if(wordlen == 5 && !memcmp(line, "LOGIN", 5))
@@ -409,8 +411,10 @@ static CURLcode smtp_authenticate(struct connectdata *conn)
      state2 = SMTP_AUTHPASSWD;
      l = smtp_auth_login_user(conn, &initresp);
    }
-    else
+    else {
+      infof(conn->data, "No known auth mechanisms supported!\n");
      result = CURLE_LOGIN_DENIED;      /* Other mechanisms not supported. */
+    }

    if(!result) {
      if(!l)
--- a/lib/ssh.c
+++ b/lib/ssh.c
@@ -1442,6 +1442,11 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
            data->state.resume_from = 0;
          }
          else {
+            curl_off_t size = attrs.filesize;
+            if(size < 0) {
+              failf(data, "Bad file size (%" FORMAT_OFF_T ")", size);
+              return CURLE_BAD_DOWNLOAD_RESUME;
+            }
            data->state.resume_from = attrs.filesize;
          }
        }
@@ -1911,9 +1916,12 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
        data->req.maxdownload = -1;
      }
      else {
-        curl_off_t size;
+        curl_off_t size = attrs.filesize;

-        size = attrs.filesize;
+        if(size < 0) {
+          failf(data, "Bad file size (%" FORMAT_OFF_T ")", size);
+          return CURLE_BAD_DOWNLOAD_RESUME;
+        }
        if(conn->data->state.use_range) {
          curl_off_t from, to;
          char *ptr;
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1595,10 +1595,8 @@ ossl_connect_step1(struct connectdata *conn,
    if ( !lookup ||
         (!X509_load_crl_file(lookup,data->set.str[STRING_SSL_CRLFILE],
                              X509_FILETYPE_PEM)) ) {
-      failf(data,"error loading CRL file :\n"
-            "  CRLfile: %s\n",
-            data->set.str[STRING_SSL_CRLFILE]?
-            data->set.str[STRING_SSL_CRLFILE]: "none");
+      failf(data,"error loading CRL file: %s\n",
+            data->set.str[STRING_SSL_CRLFILE]);
      return CURLE_SSL_CRL_BADFILE;
    }
    else {
--- a/lib/tftp.c
+++ b/lib/tftp.c
@@ -169,7 +169,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done);
 static CURLcode tftp_disconnect(struct connectdata *conn);
 static CURLcode tftp_do(struct connectdata *conn, bool *done);
 static CURLcode tftp_done(struct connectdata *conn,
-                               CURLcode, bool premature);
+                          CURLcode, bool premature);
 static CURLcode tftp_setup_connection(struct connectdata * conn);
 static CURLcode tftp_multi_statemach(struct connectdata *conn, bool *done);
 static CURLcode tftp_doing(struct connectdata *conn, bool *dophase_done);
@@ -374,12 +374,12 @@ static CURLcode tftp_parse_option_ack(tftp_state_data_t *state,
      }
      else if(blksize > TFTP_BLKSIZE_MAX) {
        failf(data, "%s (%d)", "blksize is larger than max supported",
-                TFTP_BLKSIZE_MAX);
+              TFTP_BLKSIZE_MAX);
        return CURLE_TFTP_ILLEGAL;
      }
      else if(blksize < TFTP_BLKSIZE_MIN) {
        failf(data, "%s (%d)", "blksize is smaller than min supported",
-                TFTP_BLKSIZE_MIN);
+              TFTP_BLKSIZE_MIN);
        return CURLE_TFTP_ILLEGAL;
      }
      else if (blksize > state->requested_blksize) {
@@ -387,13 +387,13 @@ static CURLcode tftp_parse_option_ack(tftp_state_data_t *state,
         * support for the server requesting a bigger blksize than the client
         * requests */
        failf(data, "%s (%ld)",
-                "server requested blksize larger than allocated", blksize);
+              "server requested blksize larger than allocated", blksize);
        return CURLE_TFTP_ILLEGAL;
      }

      state->blksize = (int)blksize;
      infof(data, "%s (%d) %s (%d)\n", "blksize parsed from OACK",
-        state->blksize, "requested", state->requested_blksize);
+            state->blksize, "requested", state->requested_blksize);
    }
    else if(checkprefix(option, TFTP_OPTION_TSIZE)) {
      long tsize = 0;
@@ -716,42 +716,48 @@ static CURLcode tftp_tx(tftp_state_data_t *state, tftp_event_t event)
  case TFTP_EVENT_ACK:
  case TFTP_EVENT_OACK:
    if (event == TFTP_EVENT_ACK) {
-       /* Ack the packet */
-       rblock = getrpacketblock(&state->rpacket);
+      /* Ack the packet */
+      rblock = getrpacketblock(&state->rpacket);

-       if(rblock != state->block) {
-          /* This isn't the expected block.  Log it and up the retry counter */
-          infof(data, "Received ACK for block %d, expecting %d\n",
-                rblock, state->block);
-          state->retries++;
-          /* Bail out if over the maximum */
-          if(state->retries>state->retry_max) {
-             failf(data, "tftp_tx: giving up waiting for block %d ack",
-                   state->block);
-             res = CURLE_SEND_ERROR;
+      if(rblock != state->block &&
+         /* There's a bug in tftpd-hpa that causes it to send us an ack for
+          * 65535 when the block number wraps to 0. So when we're expecting
+          * 0, also accept 65535. See
+          * http://syslinux.zytor.com/archives/2010-September/015253.html
+          * */
+         !(state->block == 0 && rblock == 65535)) {
+        /* This isn't the expected block.  Log it and up the retry counter */
+        infof(data, "Received ACK for block %d, expecting %d\n",
+              rblock, state->block);
+        state->retries++;
+        /* Bail out if over the maximum */
+        if(state->retries>state->retry_max) {
+          failf(data, "tftp_tx: giving up waiting for block %d ack",
+                state->block);
+          res = CURLE_SEND_ERROR;
+        }
+        else {
+          /* Re-send the data packet */
+          sbytes = sendto(state->sockfd, (void *)&state->spacket,
+                          4+state->sbytes, SEND_4TH_ARG,
+                          (struct sockaddr *)&state->remote_addr,
+                          state->remote_addrlen);
+          /* Check all sbytes were sent */
+          if(sbytes<0) {
+            failf(data, "%s", Curl_strerror(state->conn, SOCKERRNO));
+            res = CURLE_SEND_ERROR;
          }
-          else {
-             /* Re-send the data packet */
-             sbytes = sendto(state->sockfd, (void *)&state->spacket,
-                             4+state->sbytes, SEND_4TH_ARG,
-                             (struct sockaddr *)&state->remote_addr,
-                             state->remote_addrlen);
-             /* Check all sbytes were sent */
-             if(sbytes<0) {
-                failf(data, "%s", Curl_strerror(state->conn, SOCKERRNO));
-                res = CURLE_SEND_ERROR;
-             }
-          }
-          return res;
-       }
-       /* This is the expected packet.  Reset the counters and send the next
-          block */
-       time(&state->rx_time);
-       state->block++;
-    }
-    else {
-       state->block = 1; /* first data block is 1 when using OACK */
+        }
+        return res;
+      }
+      /* This is the expected packet.  Reset the counters and send the next
+         block */
+      time(&state->rx_time);
+      state->block++;
    }
+    else
+      state->block = 1; /* first data block is 1 when using OACK */
+
    state->retries = 0;
    setpacketevent(&state->spacket, TFTP_EVENT_DATA);
    setpacketblock(&state->spacket, state->block);
@@ -1032,7 +1038,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
 *
 **********************************************************/
 static CURLcode tftp_done(struct connectdata *conn, CURLcode status,
-                               bool premature)
+                          bool premature)
 {
  CURLcode code = CURLE_OK;
  tftp_state_data_t *state = (tftp_state_data_t *)conn->proto.tftpc;
@@ -1056,7 +1062,7 @@ static CURLcode tftp_done(struct connectdata *conn, CURLcode status,
 *
 **********************************************************/
 static int tftp_getsock(struct connectdata *conn, curl_socket_t *socks,
-                       int numsocks)
+                        int numsocks)
 {
  if(!numsocks)
    return GETSOCK_BLANK;
@@ -1085,11 +1091,11 @@ static CURLcode tftp_receive_packet(struct connectdata *conn)
  /* Receive the packet */
  fromlen = sizeof(fromaddr);
  state->rbytes = (int)recvfrom(state->sockfd,
-                                   (void *)state->rpacket.data,
-                                   state->blksize+4,
-                                   0,
-                                   (struct sockaddr *)&fromaddr,
-                                   &fromlen);
+                                (void *)state->rpacket.data,
+                                state->blksize+4,
+                                0,
+                                (struct sockaddr *)&fromaddr,
+                                &fromlen);
  if(state->remote_addrlen==0) {
    memcpy(&state->remote_addr, &fromaddr, fromlen);
    state->remote_addrlen = fromlen;
@@ -1129,8 +1135,8 @@ static CURLcode tftp_receive_packet(struct connectdata *conn)
      break;
    case TFTP_EVENT_OACK:
      result = tftp_parse_option_ack(state,
-                                   (const char *)state->rpacket.data+2,
-                                   state->rbytes-2);
+                                     (const char *)state->rpacket.data+2,
+                                     state->rbytes-2);
      if(result)
        return result;
      break;
@@ -1182,7 +1188,7 @@ static long tftp_state_timeout(struct connectdata *conn, tftp_event_t *event)
  /* there's a typecast below here since 'time_t' may in fact be larger than
     'long', but we estimate that a 'long' will still be able to hold number
     of seconds even if "only" 32 bit */
-  return (long) state->max_time-current;
+  return (long)(state->max_time - current);
 }


@@ -1252,11 +1258,11 @@ static CURLcode tftp_easy_statemach(struct connectdata *conn)

    /* Force a progress callback if it's been too long */
    if (Curl_tvdiff(k->now, k->start) >= data->set.timeout) {
-       if(Curl_pgrsUpdate(conn)) {
-          tftp_state_machine(state, TFTP_EVENT_ERROR);
-          return CURLE_ABORTED_BY_CALLBACK;
-       }
-       k->start = k->now;
+      if(Curl_pgrsUpdate(conn)) {
+        tftp_state_machine(state, TFTP_EVENT_ERROR);
+        return CURLE_ABORTED_BY_CALLBACK;
+      }
+      k->start = k->now;
    }

    if(rc == -1) {
@@ -1283,7 +1289,7 @@ static CURLcode tftp_easy_statemach(struct connectdata *conn)
      else {
        result = tftp_receive_packet(conn);
        if (result == CURLE_OK)
-           transaction_start = Curl_tvnow();
+          transaction_start = Curl_tvnow();

        if(k->bytecountp)
          *k->bytecountp = k->bytecount; /* read count */
@@ -1455,7 +1461,7 @@ static CURLcode tftp_do(struct connectdata *conn, bool *done)

  /* If tftp_perform() returned an error, use that for return code. If it
     was OK, see if tftp_translate_code() has an error. */
-  if (code == CURLE_OK) 
+  if (code == CURLE_OK)
    /* If we have encountered an internal tftp error, translate it. */
    code = tftp_translate_code(state->error);

--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -103,6 +103,7 @@
 #include "multiif.h"
 #include "easyif.h" /* for Curl_convert_to_network prototype */
 #include "rtsp.h"
+#include "connect.h"

 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -594,9 +595,12 @@ static CURLcode readwrite_data(struct SessionHandle *data,

          dataleft = conn->chunk.dataleft;
          if(dataleft != 0) {
-            infof(conn->data, "Leftovers after chunking. "
-                  " Rewinding %zu bytes\n",dataleft);
-            read_rewind(conn, dataleft);
+            infof(conn->data, "Leftovers after chunking: %zu bytes", dataleft);
+            if(conn->data->multi && Curl_multi_canPipeline(conn->data->multi)) {
+              /* only attempt the rewind if we truly are pipelining */
+              infof(conn->data, "Rewinding %zu bytes\n",dataleft);
+              read_rewind(conn, dataleft);
+            }
          }
        }
        /* If it returned OK, we just keep going */
@@ -1060,17 +1064,17 @@ CURLcode Curl_readwrite(struct connectdata *conn,
    return result;

  if(k->keepon) {
-    if(data->set.timeout &&
-       (Curl_tvdiff(k->now, k->start) >= data->set.timeout)) {
+    if(0 > Curl_timeleft(conn, &k->now, FALSE)) {
      if(k->size != -1) {
        failf(data, "Operation timed out after %ld milliseconds with %"
              FORMAT_OFF_T " out of %" FORMAT_OFF_T " bytes received",
-              Curl_tvdiff(k->now, k->start), k->bytecount, k->size);
+              Curl_tvdiff(k->now, data->progress.t_startsingle), k->bytecount,
+              k->size);
      }
      else {
        failf(data, "Operation timed out after %ld milliseconds with %"
              FORMAT_OFF_T " bytes received",
-              Curl_tvdiff(k->now, k->start), k->bytecount);
+              Curl_tvdiff(k->now, data->progress.t_startsingle), k->bytecount);
      }
      return CURLE_OPERATION_TIMEDOUT;
    }
@@ -1343,12 +1347,10 @@ Transfer(struct connectdata *conn)
         to work with, skip the timeout */
      timeout_ms = 0;
    else {
-      if(data->set.timeout) {
-        totmp = (int)(data->set.timeout - Curl_tvdiff(k->now, k->start));
-        if(totmp < 0)
-          return CURLE_OPERATION_TIMEDOUT;
-      }
-      else
+      totmp = Curl_timeleft(conn, &k->now, FALSE);
+      if(totmp < 0)
+        return CURLE_OPERATION_TIMEDOUT;
+      else if(!totmp)
        totmp = 1000;

      if (totmp < timeout_ms)
@@ -1433,6 +1435,12 @@ CURLcode Curl_pretransfer(struct SessionHandle *data)
  Curl_initinfo(data); /* reset session-specific information "variables" */
  Curl_pgrsStartNow(data);

+  if(data->set.timeout)
+    Curl_expire(data, data->set.timeout);
+
+  if(data->set.connecttimeout)
+    Curl_expire(data, data->set.connecttimeout);
+
  return CURLE_OK;
 }

--- a/lib/url.c
+++ b/lib/url.c
@@ -138,6 +138,7 @@ void idn_free (void *ptr); /* prototype from idn-free.h, not provided by
 #include "socks.h"
 #include "rtsp.h"
 #include "curl_rtmp.h"
+#include "gopher.h"

 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -227,6 +228,10 @@ static const struct Curl_handler * const protocols[] = {
  &Curl_handler_rtsp,
 #endif

+#ifndef CURL_DISABLE_GOPHER
+  &Curl_handler_gopher,
+#endif
+
 #ifdef USE_LIBRTMP
  &Curl_handler_rtmp,
  &Curl_handler_rtmpt,
@@ -476,10 +481,20 @@ CURLcode Curl_close(struct SessionHandle *data)
  }
 #endif

+  Curl_expire(data, 0); /* shut off timers */
+
  if(m)
    /* This handle is still part of a multi handle, take care of this first
       and detach this handle from there. */
-    Curl_multi_rmeasy(data->multi, data);
+    curl_multi_remove_handle(data->multi, data);
+
+  /* Destroy the timeout list that is held in the easy handle. It is
+     /normally/ done by curl_multi_remove_handle() but this is "just in
+     case" */
+  if(data->state.timeoutlist) {
+    Curl_llist_destroy(data->state.timeoutlist, NULL);
+    data->state.timeoutlist = NULL;
+  }

  data->magic = 0; /* force a clear AFTER the possibly enforced removal from
                      the multi handle, since that function uses the magic
@@ -2566,7 +2581,6 @@ CURLcode Curl_disconnect(struct connectdata *conn)
                  NULL, Curl_scan_cache_used);
 #endif

-  Curl_expire(data, 0); /* shut off timers */
  Curl_hostcache_prune(data); /* kill old DNS cache entries */

  {
@@ -2685,11 +2699,10 @@ static bool RTSPConnIsDead(struct connectdata *check)
  }
  else if (sval & CURL_CSELECT_IN) {
    /* readable with no error. could be closed or could be alive */
-    long connectinfo = 0;
-    Curl_getconnectinfo(check->data, &connectinfo, &check);
-    if(connectinfo != -1) {
+    curl_socket_t connectinfo =
+      Curl_getconnectinfo(check->data, &check);
+    if(connectinfo != CURL_SOCKET_BAD)
      ret_val = FALSE;
-    }
  }

  return ret_val;
@@ -4307,6 +4320,11 @@ static CURLcode parse_remote_port(struct SessionHandle *data,
      *portptr = '\0'; /* cut off the name there */
      conn->remote_port = curlx_ultous(port);
    }
+    else if(!port)
+      /* Browser behavior adaptation. If there's a colon with no digits after,
+         just cut off the name there which makes us ignore the colon and just
+         use the default port. Firefox and Chrome both do that. */
+      *portptr = '\0';
  }
  return CURLE_OK;
 }
@@ -4387,30 +4405,7 @@ static CURLcode resolve_server(struct SessionHandle *data,
                               bool *async)
 {
  CURLcode result=CURLE_OK;
-  long shortest = 0; /* default to no timeout */
-
-  /*************************************************************
-   * Set timeout if that is being used
-   *************************************************************/
-  if(data->set.timeout || data->set.connecttimeout) {
-
-    /* We set the timeout on the name resolving phase first, separately from
-     * the download/upload part to allow a maximum time on everything. This is
-     * a signal-based timeout, why it won't work and shouldn't be used in
-     * multi-threaded environments. */
-
-    shortest = data->set.timeout; /* default to this timeout value */
-    if(shortest && data->set.connecttimeout &&
-       (data->set.connecttimeout < shortest))
-      /* if both are set, pick the shortest */
-      shortest = data->set.connecttimeout;
-    else if(!shortest)
-      /* if timeout is not set, use the connect timeout */
-      shortest = data->set.connecttimeout;
-  /* We can expect the conn->created time to be "now", as that was just
-     recently set in the beginning of this function and nothing slow
-     has been done since then until now. */
-  }
+  long timeout_ms = Curl_timeleft(conn, NULL, TRUE);

  /*************************************************************
   * Resolve the name of the server or proxy
@@ -4437,7 +4432,7 @@ static CURLcode resolve_server(struct SessionHandle *data,

      /* Resolve target host right on */
      rc = Curl_resolv_timeout(conn, conn->host.name, (int)conn->port,
-                               &hostaddr, shortest);
+                               &hostaddr, timeout_ms);
      if(rc == CURLRESOLV_PENDING)
        *async = TRUE;

@@ -4458,7 +4453,7 @@ static CURLcode resolve_server(struct SessionHandle *data,

      /* resolve proxy */
      rc = Curl_resolv_timeout(conn, conn->proxy.name, (int)conn->port,
-                               &hostaddr, shortest);
+                               &hostaddr, timeout_ms);

      if(rc == CURLRESOLV_PENDING)
        *async = TRUE;
@@ -5137,8 +5132,6 @@ CURLcode Curl_done(struct connectdata **connp,
  conn = *connp;
  data = conn->data;

-  Curl_expire(data, 0); /* stop timer */
-
  if(conn->bits.done)
    /* Stop if Curl_done() has already been called */
    return CURLE_OK;
@@ -5292,10 +5285,8 @@ static CURLcode do_init(struct connectdata *conn)
 static void do_complete(struct connectdata *conn)
 {
  conn->data->req.chunk=FALSE;
-  conn->data->req.trailerhdrpresent=FALSE;
-
  conn->data->req.maxfd = (conn->sockfd>conn->writesockfd?
-                               conn->sockfd:conn->writesockfd)+1;
+                           conn->sockfd:conn->writesockfd)+1;
 }

 CURLcode Curl_do(struct connectdata **connp, bool *done)
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -46,6 +46,7 @@
 #define PORT_RTMP 1935
 #define PORT_RTMPT PORT_HTTP
 #define PORT_RTMPS PORT_HTTPS
+#define PORT_GOPHER 70

 #define DICT_MATCH "/MATCH:"
 #define DICT_MATCH2 "/M:"
@@ -588,9 +589,6 @@ struct SingleRequest {
  bool forbidchunk;   /* used only to explicitly forbid chunk-upload for
                         specific upload buffers. See readmoredata() in
                         http.c for details. */
-  bool trailerhdrpresent; /* Set when Trailer: header found in HTTP response.
-                             Required to determine whether to look for trailers
-                             in case of Transfer-Encoding: chunking */
 };

 /*
@@ -715,11 +713,13 @@ struct connectdata {
 #define PROT_RTMPTE  CURLPROTO_RTMPTE
 #define PROT_RTMPS   CURLPROTO_RTMPS
 #define PROT_RTMPTS  CURLPROTO_RTMPTS
+#define PROT_GOPHER  CURLPROTO_GOPHER

-/* (1<<24) is currently the highest used bit in the public bitmask. We make
-   sure we use "private bits" above the public ones to make things easier. */
+/* (1<<25) is currently the highest used bit in the public bitmask. We make
+   sure we use "private bits" above the public ones to make things easier;
+   Gopher will not conflict with the current bit 25. */

-#define PROT_EXTMASK 0xffffff
+#define PROT_EXTMASK 0x03ffffff

 #define PROT_SSL     (1<<29) /* protocol requires SSL */

@@ -806,7 +806,7 @@ struct connectdata {
  enum protection_level data_prot;
  enum protection_level request_data_prot;
  size_t buffer_size;
-  struct krb4buffer in_buffer, out_buffer;
+  struct krb4buffer in_buffer;
  void *app_data;
  const struct Curl_sec_client_mech *mech;
  struct sockaddr_in local_addr;
@@ -1094,6 +1094,7 @@ struct UrlState {
 #endif /* USE_SSLEAY */
  struct timeval expiretime; /* set this with Curl_expire() only */
  struct Curl_tree timenode; /* for the splay stuff */
+  struct curl_llist *timeoutlist; /* list of pending timeouts */

  /* a place to store the most recently set FTP entrypath */
  char *most_recent_ftp_entrypath;
--- a/lib/version.c
+++ b/lib/version.c
@@ -158,6 +158,9 @@ static const char * const protocols[] = {
 #if defined(USE_SSL) && !defined(CURL_DISABLE_FTP)
  "ftps",
 #endif
+#ifndef CURL_DISABLE_GOPHER
+  "gopher",
+#endif
 #ifndef CURL_DISABLE_HTTP
  "http",
 #endif
--- a/m4/curl-confopts.m4
+++ b/m4/curl-confopts.m4
@@ -472,6 +472,7 @@ AC_DEFUN([CURL_CHECK_LIB_ARES], [
          ares_channel channel;
          ares_cancel(channel); /* added in 1.2.0 */
          ares_process_fd(channel, 0, 0); /* added in 1.4.0 */
+          ares_dup(&channel, channel); /* added in 1.6.0 */
        ]])
      ],[
        AC_MSG_RESULT([yes])
--- a/4
+++ b/4
@@ -60,8 +60,8 @@ sed -e 's/^#define LIBCURL_VERSION .*/#define LIBCURL_VERSION "'$libversion'"/g'
 # Replace version number in header file:
 sed 's/#define CURL_VERSION .*/#define CURL_VERSION "'$curlversion'"/g' $CHEADER >$CHEADER.dist

-# Generate VC8 and VC9 versions from the VC6 Makefile versions
-for ver in vc8 vc9; do
+# Generate VC8, VC9, and VC10 versions from the VC6 Makefile versions
+for ver in vc8 vc9 vc10; do
  make -f Makefile.dist $ver
  mv src/Makefile.$ver src/Makefile.$ver.dist
  mv lib/Makefile.$ver lib/Makefile.$ver.dist
--- a/packages/OS400/curl.inc.in
+++ b/packages/OS400/curl.inc.in
@@ -645,6 +645,8 @@
     d                 c                   X'00800000'
     d  CURLPROTO_RTMPTS...
     d                 c                   X'01000000'
+     d  CURLPROTO_GOPHER...
+     d                 c                   X'02000000'
      *
     d CURLoption      s             10i 0 based(######ptr######)               Enum
     d  CURLOPT_FILE   c                   10001
--- a/Show More
+++ b/Show More