RELEASE-NOTES: cleaned up for 7.30 (synced with 5c5e1a1cd2)

Most notable the security advisory: http://curl.haxx.se/docs/adv_20130412.html
test1218: another cookie tailmatch test
2013-04-12 00:05:39 +02:00 · 2013-04-11 23:52:12 +02:00 · 2013-04-11 23:52:12 +02:00 · 2013-04-11 14:05:08 +02:00 · 2013-04-10 16:44:54 +02:00 · 2013-04-10 00:20:37 +02:00
327 changed files with 11727 additions and 5326 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -45,3 +45,4 @@ CHANGES.dist
 .project
 .cproject
 .settings
+/[0-9]*.patch
--- a/52
+++ b/52
@@ -10,6 +10,10 @@
 # 10.5 is the *ONLY* SDK that support PPC64 :( -- 10.6 do not have ppc64 support
 #If you need to have PPC64 support then change below to 1
 PPC64_NEEDED=0
+# Apple does not support building for PPC anymore in Xcode 4 and later.
+# If you're using Xcode 3 or earlier and need PPC support, then change
+# the setting below to 1
+PPC_NEEDED=0

 # For me the default is to develop for the platform I am on, and if you
 #desire compatibility with older versions then change USE_OLD to 1 :)
@@ -24,9 +28,16 @@ FRAMEWORK_VERSION=Versions/Release-$VERSION
 # and setup the right paths to this version, leaving the system version
 # "intact", so you can "fix" it later with the links to Versions/A/...

-
-OLD_SDK=`ls  /Developer/SDKs|head -1`
-NEW_SDK=`ls -r /Developer/SDKs|head -1`
+DEVELOPER_PATH=`xcode-select --print-path`
+# Around Xcode 4.3, SDKs were moved from the Developer folder into the
+# MacOSX.platform folder
+if test -d "$DEVELOPER_PATH/Platforms/MacOSX.platform/Developer/SDKs"; then
+ SDK_PATH="$DEVELOPER_PATH/Platforms/MacOSX.platform/Developer/SDKs"
+else
+ SDK_PATH="$DEVELOPER_PATH/SDKs";
+fi
+OLD_SDK=`ls  $SDK_PATH|head -1`
+NEW_SDK=`ls -r $SDK_PATH|head -1`

 if test "0"$USE_OLD -gt 0
 then
@@ -37,21 +48,24 @@ fi

 MACVER=`echo $SDK32|sed -e s/[a-zA-Z]//g -e s/.\$//`

-SDK32_DIR='/Developer/SDKs/'$SDK32
+SDK32_DIR=$SDK_PATH/$SDK32
 MINVER32='-mmacosx-version-min='$MACVER
-ARCHES32='-arch i386 -arch ppc'
-
+if test $PPC_NEEDED -gt 0; then
+ ARCHES32='-arch i386 -arch ppc'
+else
+ ARCHES32='-arch i386'
+fi

 if test $PPC64_NEEDED -gt 0
 then
  SDK64=10.5
  ARCHES64='-arch x86_64 -arch ppc64'
-  SDK64=`ls  /Developer/SDKs|grep 10.5|head -1`
+  SDK64=`ls  $SDK_PATH|grep 10.5|head -1`
 else
 ARCHES64='-arch x86_64'
 #We "know" that 10.4 and earlier do not support 64bit
- OLD_SDK64=`ls  /Developer/SDKs|egrep -v "10.[0-4]"|head -1`
- NEW_SDK64=`ls -r /Developer/SDKs|egrep -v "10.[0-4]"|head -1`
+ OLD_SDK64=`ls  $SDK_PATH|egrep -v "10.[0-4]"|head -1`
+ NEW_SDK64=`ls -r $SDK_PATH|egrep -v "10.[0-4]"|head -1`
 if test $USE_OLD -gt 0
  then
   SDK64=$OLD_SDK64
@@ -60,7 +74,7 @@ else
  fi
 fi

-SDK64_DIR='/Developer/SDKs/'$SDK64
+SDK64_DIR=$SDK_PATH/$SDK64
 MACVER64=`echo $SDK64|sed -e s/[a-zA-Z]//g -e s/.\$//`

 MINVER64='-mmacosx-version-min='$MACVER64
@@ -68,13 +82,13 @@ MINVER64='-mmacosx-version-min='$MACVER64
 if test ! -z $SDK32; then
  echo "----Configuring libcurl for 32 bit universal framework..."
  make clean
-  ./configure --disable-dependency-tracking --disable-static --with-gssapi \
-    CFLAGS="-Os -isysroot $SDK32_DIR $ARCHES32 $MINVER32" \
-    LDFLAGS="-Wl,-syslibroot,$SDK32_DIR $ARCHES32 $MINVER32 -Wl,-headerpad_max_install_names" \
+  ./configure --disable-dependency-tracking --disable-static --with-gssapi --with-darwinssl \
+    CFLAGS="-Os -isysroot $SDK32_DIR $ARCHES32" \
+    LDFLAGS="-Wl,-syslibroot,$SDK32_DIR $ARCHES32 -Wl,-headerpad_max_install_names" \
    CC=$CC

  echo "----Building 32 bit libcurl..."
-  make
+  make -j `sysctl -n hw.logicalcpu_max`

  echo "----Creating 32 bit framework..."
  rm -r libcurl.framework
@@ -91,19 +105,19 @@ if test ! -z $SDK32; then
  cd Versions
  ln -fs ${FRAMEWORK_VERSION} Current

-  echo TEsting for SDK64
+  echo Testing for SDK64
  if test -d $SDK64_DIR; then
  echo entering...
    popd
    make clean
    echo "----Configuring libcurl for 64 bit universal framework..."
-    ./configure --disable-dependency-tracking --disable-static --with-gssapi \
-      CFLAGS="-Os -isysroot $SDK64_DIR $ARCHES64 $MINVER64" \
-      LDFLAGS="-Wl,-syslibroot,$SDK64_DIR $ARCHES64 $MINVER64 -Wl,-headerpad_max_install_names" \
+    ./configure --disable-dependency-tracking --disable-static --with-gssapi --with-darwinssl \
+      CFLAGS="-Os -isysroot $SDK64_DIR $ARCHES64" \
+      LDFLAGS="-Wl,-syslibroot,$SDK64_DIR $ARCHES64 -Wl,-headerpad_max_install_names" \
      CC=$CC

    echo "----Building 64 bit libcurl..."
-    make
+    make -j `sysctl -n hw.logicalcpu_max`

    echo "----Appending 64 bit framework to 32 bit framework..."
    cp lib/.libs/libcurl.dylib libcurl.framework/${FRAMEWORK_VERSION}/libcurl64
--- a/Makefile.am
+++ b/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -30,13 +30,38 @@ CMake/CurlTests.c CMake/FindOpenSSL.cmake CMake/FindZLIB.cmake		\
 CMake/OtherTests.cmake CMake/Platforms/WindowsCache.cmake		\
 CMake/Utilities.cmake include/curl/curlbuild.h.cmake

+VC6LIBDSP = vs/vc6/lib/vc6libcurl.dsp
+VC6LIBDSPHEAD = vs/t/lib/vc6_libcurl_dsp.head
+VC6LIBDSPFOOT = vs/t/lib/vc6_libcurl_dsp.foot
+
+VC8LIBPRJ = vs/vc8/lib/vc8libcurl.vcproj
+VC8LIBPRJHEAD = vs/t/lib/vc8_libcurl_prj.head
+VC8LIBPRJFOOT = vs/t/lib/vc8_libcurl_prj.foot
+
+VC_DIST = \
+ vs/t/README \
+ $(VC6LIBDSP) $(VC6LIBDSPHEAD) $(VC6LIBDSPFOOT) \
+ $(VC8LIBPRJ) $(VC8LIBPRJHEAD) $(VC8LIBPRJFOOT) \
+ vs/vc6/vc6curl.dsw \
+ vs/vc6/lib/vc6libcurl.dsw \
+ vs/vc6/src/vc6curltool.dsw \
+ vs/vc6/src/vc6curltool.dsp
+
+VC6LIBDSP_DEPS = $(VC6LIBDSPHEAD) $(VC6LIBDSPFOOT) \
+ Makefile.am lib/Makefile.inc
+
+VC8LIBPRJ_DEPS = $(VC8LIBPRJHEAD) $(VC8LIBPRJFOOT) \
+ Makefile.am lib/Makefile.inc
+
 WINBUILD_DIST = winbuild/BUILD.WINDOWS.txt winbuild/gen_resp_file.bat	\
-winbuild/MakefileBuild.vc winbuild/Makefile.vc
+ winbuild/MakefileBuild.vc winbuild/Makefile.vc				\
+ winbuild/Makefile.msvc.names

 EXTRA_DIST = CHANGES COPYING maketgz Makefile.dist curl-config.in	\
- curl-style.el sample.emacs RELEASE-NOTES buildconf 	\
- libcurl.pc.in vc6curl.dsw MacOSX-Framework Android.mk $(CMAKE_DIST)	\
- Makefile.msvc.names $(WINBUILD_DIST) lib/libcurl.vers.in
+ RELEASE-NOTES buildconf libcurl.pc.in MacOSX-Framework	\
+ $(CMAKE_DIST) $(VC_DIST) $(WINBUILD_DIST) lib/libcurl.vers.in
+
+CLEANFILES = $(VC6LIBDSP) $(VC8LIBPRJ)

 bin_SCRIPTS = curl-config

@@ -46,6 +71,12 @@ DIST_SUBDIRS = $(SUBDIRS) tests packages docs
 pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = libcurl.pc

+# List of libcurl source files required to generate VC IDE dsp and prj files
+include lib/Makefile.inc
+
+WIN32SOURCES = $(CSOURCES)
+WIN32HEADERS = $(HHEADERS) config-win32.h
+
 dist-hook:
 	rm -rf $(top_builddir)/tests/log
 	find $(distdir) -name "*.dist" -exec rm {} \;
@@ -89,7 +120,7 @@ endif
 examples:
 	@(cd docs/examples; $(MAKE) check)

-# This is a hook to have 'make clean' also clean up the dosc and the tests
+# This is a hook to have 'make clean' also clean up the docs and the tests
 # dir. The extra check for the Makefiles being present is necessary because
 # 'make distcheck' will make clean first in these directories _before_ it runs
 # this hook.
@@ -166,3 +197,86 @@ ca-firefox: lib/firefox-db2pem.sh
 checksrc:
 	cd lib && $(MAKE) checksrc
 	cd src && $(MAKE) checksrc
+
+.PHONY: vc6-ide
+
+vc6-ide:
+	$(MAKE) $(VC6LIBDSP)
+
+$(VC6LIBDSP): $(VC6LIBDSP_DEPS)
+	@(echo "generating '$(VC6LIBDSP)'"; \
+	\
+	for dir in 'vs' 'vs/vc6' 'vs/vc6/lib'; do \
+	  test -d "$$dir" || mkdir "$$dir" || exit 1; \
+	done; \
+	\
+	dir='..\..\..\lib\'; \
+	body='$(VC6LIBDSP)'.body; \
+	win32_srcs='$(WIN32SOURCES)'; \
+	win32_hdrs='$(WIN32HEADERS)'; \
+	sorted_srcs=`for file in $$win32_srcs; do echo $$file; done | sort`; \
+	sorted_hdrs=`for file in $$win32_hdrs; do echo $$file; done | sort`; \
+	\
+	echo "# Begin Group \"Source Files\""  > $$body; \
+	echo ""                               >> $$body; \
+	echo "# PROP Default_Filter \"\""     >> $$body; \
+	for file in $$sorted_srcs; do \
+	  echo "# Begin Source File"          >> $$body; \
+	  echo ""                             >> $$body; \
+	  echo "SOURCE="$$dir$$file           >> $$body; \
+	  echo "# End Source File"            >> $$body; \
+	done; \
+	echo "# End Group"                    >> $$body; \
+	echo "# Begin Group \"Header Files\"" >> $$body; \
+	echo ""                               >> $$body; \
+	echo "# PROP Default_Filter \"\""     >> $$body; \
+	for file in $$sorted_hdrs; do \
+	  echo "# Begin Source File"          >> $$body; \
+	  echo ""                             >> $$body; \
+	  echo "SOURCE="$$dir$$file           >> $$body; \
+	  echo "# End Source File"            >> $$body; \
+	done; \
+	echo "# End Group"                    >> $$body; \
+	\
+	awk '{ printf("%s\r\n", $$0); }' \
+	  $(srcdir)/$(VC6LIBDSPHEAD) $$body $(srcdir)/$(VC6LIBDSPFOOT) \
+	  > $(VC6LIBDSP) || { rm -f $$body; exit 1; }; \
+	\
+	rm -f $$body)
+
+.PHONY: vc8-ide
+
+vc8-ide:
+	$(MAKE) $(VC8LIBPRJ)
+
+$(VC8LIBPRJ): $(VC8LIBPRJ_DEPS)
+	@(echo "generating '$(VC8LIBPRJ)'"; \
+	\
+	for dir in 'vs' 'vs/vc8' 'vs/vc8/lib'; do \
+	  test -d "$$dir" || mkdir "$$dir" || exit 1; \
+	done; \
+	\
+	dir='..\..\..\lib\'; \
+	body='$(VC8LIBPRJ)'.body; \
+	win32_srcs='$(WIN32SOURCES)'; \
+	win32_hdrs='$(WIN32HEADERS)'; \
+	sorted_srcs=`for file in $$win32_srcs; do echo $$file; done | sort`; \
+	sorted_hdrs=`for file in $$win32_hdrs; do echo $$file; done | sort`; \
+	\
+	echo "%tab%%tab%<Filter Name=\"Source Files\">"  > $$body; \
+	for file in $$sorted_srcs; do \
+	  echo "%tab%%tab%%tab%<File RelativePath=\""$$dir$$file"\"></File>" >> $$body; \
+	done; \
+	echo "%tab%%tab%</Filter>"                      >> $$body; \
+	echo "%tab%%tab%<Filter Name=\"Header Files\">" >> $$body; \
+	for file in $$sorted_hdrs; do \
+	  echo "%tab%%tab%%tab%<File RelativePath=\""$$dir$$file"\"></File>" >> $$body; \
+	done; \
+	echo "%tab%%tab%</Filter>"                      >> $$body; \
+	\
+	awk '{ gsub(/%tab%/, "\t"); printf("%s\r\n", $$0); }' \
+	  $(srcdir)/$(VC8LIBPRJHEAD) $$body $(srcdir)/$(VC8LIBPRJFOOT) \
+	  > $(VC8LIBPRJ) || { rm -f $$body; exit 1; }; \
+	\
+	rm -f $$body)
+
--- a/185
+++ b/185
@@ -1,66 +1,88 @@
-Curl and libcurl 7.29.0
+Curl and libcurl 7.30.0

- Public curl releases:         131
+ Public curl releases:         132
 Command line options:         152
 curl_easy_setopt() options:   199
 Public functions in libcurl:  58
- Known libcurl bindings:       39
- Contributors:                 993
+ Known libcurl bindings:       42
+ Contributors:                 1005

-This release includes the following securify fix:
-
- o POP3/IMAP/SMTP SASL buffer overflow vulnerability [17]
+***
+  krb4 support is up for removal. If you care about it at all, speak up
+  on the curl-library list asap!
+***

 This release includes the following changes:

- o test: offer "automake" output and check for perl better
- o always-multi: always use non-blocking internals [1]
- o imap: Added support for sasl digest-md5 authentication
- o imap: Added support for sasl cram-md5 authentication
- o imap: Added support for sasl ntlm authentication
- o imap: Added support for sasl login authentication
- o imap: Added support for sasl plain text authentication
- o imap: Added support for login disabled server capability
- o mk-ca-bundle: add -f, support passing to stdout and more [5]
- o writeout: -w now supports remote_ip/port and local_ip/port
+ o imap: Changed response tag generation to be completely unique
+ o imap: Added support for SASL-IR extension
+ o imap: Added support for the list command
+ o imap: Added support for the append command
+ o imap: Added custom request parsing
+ o imap: Added support to the fetch command for UID and SECTION properties
+ o imap: Added parsing and verification of the UIDVALIDITY mailbox attribute
+ o darwinssl: Make certificate errors less techy
+ o imap/pop3/smtp: Added support for the STARTTLS capability
+ o checksrc: ban use of sprintf, vsprintf, strcat, strncat and gets
+ o curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag [10]
+ o Added CURLMOPT_MAX_HOST_CONNECTIONS, CURLMOPT_MAX_TOTAL_CONNECTIONS for
+   new multi interface connection handling
+ o Added CURLMOPT_MAX_PIPELINE_LENGTH, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE,
+   CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, CURLMOPT_PIPELINING_SITE_BL and
+   CURLMOPT_PIPELINING_SERVER_BL for new pipelining control [15]

 This release includes the following bugfixes:

- o nss: prevent NSS from crashing on client auth hook failure
- o darwinssl: Fixed inability to disable peer verification on Snow Leopard
-   and Lion
- o curl_multi_remove_handle: fix memory leak triggered with CURLOPT_RESOLVE
- o SCP: relative path didn't work as documented [7]
- o setup_once.h: HP-UX <sys/socket.h> issue workaround
- o configure: fix cross pkg-config detection
- o runtests: Do not add undefined values to @INC
- o build: fix compilation with CURL_DISABLE_CRYPTO_AUTH flag
- o multi: fix re-sending request on early connection close
- o HTTP: remove stray CRLF in chunk-encoded content-free request bodies
- o build: fix AIX compilation and usage of events/revents
- o VC Makefiles: add missing hostcheck
- o nss: clear session cache if a client certificate from file is used
- o nss: fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
- o fix HTTP CONNECT tunnel establishment upon delayed response [2]
- o --libcurl: fix for non-zero default options
- o FTP: reject illegal port numbers in EPSV 229 responses
- o build: use per-target '_CPPFLAGS' for those currently using default
- o configure: fix automake 1.13 compatibility [6]
- o curl: ignore SIGPIPE [4]
- o pop3: Added support for non-blocking SSL upgrade
- o pop3: Fixed default authentication detection
- o imap: Fixed usernames and passwords that contain escape characters
- o packages/DOS/common.dj: remove COFF debug info generation [3]
- o imap/pop3/smtp: Fixed failure detection during TLS upgrade [8]
- o pop3: Fixed no known authentication mechanism when fallback is required [9]
- o formadd: reject trying to read a directory where a file is expected [10]
- o formpost: support quotes, commas and semicolon in file names [11]
- o docs: update the comments about loading CA certs with NSS [12]
- o docs: fix typos in man pages [13]
- o darwinssl: Fix bug where packets were sometimes transmitted twice [14]
- o winbuild: include version info for .dll .exe [15]
- o schannel: Removed extended error connection setup flag [16]
- o VMS: fix and generate the VMS build config
+ o SECURITY ADVISORY: cookie tailmatching to avoid cross-domain leakage [25]
+ o darwinssl: Fix build under Leopard
+ o DONE: consider callback-aborted transfers premature [1]
+ o ntlm: Fixed memory leaks
+ o smtp: Fixed an issue when processing EHLO failure responses
+ o pop3: Fixed incorrect return value from pop3_endofresp()
+ o pop3: Fixed SASL authentication capability detection
+ o pop3: Fixed blocking SSL connect when connecting via POP3S
+ o imap: Fixed memory leak when performing multiple selects 
+ o nss: fix misplaced code enabling non-blocking socket mode
+ o AddFormData: prevent only directories from being posted [2]
+ o darwinssl: fix infinite loop if server disconnected abruptly [3]
+ o metalink: fix improbable crash parsing metalink filename
+ o show proper host name on failed resolve
+ o MacOSX-Framework: Make script work in Xcode 4.0 and later
+ o strlcat: remove function [4]
+ o darwinssl: Fix send glitchiness with data > 32 or so KB [5]
+ o polarssl: better 1.1.x and 1.2.x support
+ o various documentation improvements
+ o multi: NULL pointer reference when closing an unused multi handle [9]
+ o SOCKS: fix socks proxy when noproxy matched [7]
+ o install-sh: updated to support multiple source files as arguments [6]
+ o PolarSSL: added human readable error strings
+ o resolver_error: remove wrong error message output
+ o docs: updates HTML index and general improvements
+ o curlbuild.h.dist: enhance non-configure GCC ABI detection logic
+ o sasl: Fixed null pointer reference when decoding empty digest challenge [8]
+ o easy: do not ignore poll() failures other than EINTR
+ o darwinssl: disable ECC ciphers under Mountain Lion by default
+ o CONNECT: count received headers [11]
+ o build: fixes for VMS
+ o CONNECT: clear 'rewindaftersend' on success [12]
+ o HTTP proxy: insert slash in URL if missing [13]
+ o hiperfifo: updated to use current libevent API [14]
+ o getinmemory.c: abort the transfer nicely if not enough memory
+ o improved win32 memorytracking
+ o corrected proxy header response headers count [16]
+ o FTP quote operations on re-used connection [17]
+ o tcpkeepalive on win32 [18]
+ o tcpkeepalive on Mac OS X [23]
+ o easy: acknowledge the CURLOPT_MAXCONNECTS option properly [19]
+ o easy interface: restore default MAXCONNECTS to 5
+ o win32: don't set SO_SNDBUF for windows vista or later versions [20]
+ o HTTP: made cookie sort function more deterministic
+ o winssl: Fixed memory leak if connection was not successful
+ o FTP: wait on both connections during active STOR state [21]
+ o connect: treat a failed local bind of an interface as a non-fatal error [22]
+ o darwinssl: disable insecure ciphers by default
+ o FTP: handle "rubbish" in front of directory name in 257 responses [24]
+ o mk-ca-bundle: Fixed lost OpenSSL output with "-t"

 This release includes the following known bugs:

@@ -69,32 +91,43 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:

- Nick Zitzmann, Colin Watson, Fabian Keil, Kamil Dudka, Lijo Antony,
- Linus Nielsen Feltzing, Marc Hoersken, Stanislav Ivochkin, Steve Holme,
- Yang Tse, Balaji Parasuram, Dan Fandrich, Bob Relyea, Gisle Vanem,
- Yves Arrouye, Kai Engert, Lluís Batlle i Rossell, Jirí Hruka,
- John E. Malmberg, Tor Arntsen, Matt Arsenault, Sergei Nikulov,
- Guenter Knauf, Craig Davison, Ulrich Doehner, Jiri Jaburek, Bruno de Carvalho,
- Eldar Zaitov
+ Kamil Dudka, Steve Holme, Nick Zitzmann, Patricia Muscalu, Dan Fandrich,
+ Gisle Vanem, Guenter Knauf, Yang Tse, Oliver Gondža, Aki Koskinen,
+ Alexander Klauer, Kim Vandry, Willem Sparreboom, Jeremy Huddleston,
+ Bruno de Carvalho, Rainer Jung, Jeremy Huddleston, Kim Vandry, Jiri Hruska,
+ Alexander Klauer, Saran Neti, Alessandro Ghedini, Linus Nielsen Feltzing,
+ Martin Jansen, John E. Malmberg, Tom Grace, Patrick Monnerat,
+ Zdenek Pavlas, Myk Taylor, Cédric Deltheil, Robert Wruck, Sam Deane,
+ Clemens Gruber, Marc Hoersken, Tomas Mlcoch, Fredrik Thulin, Steven Gu,
+ Andrew Kurushin, Christian Hägele, Daniel Theron, Bill Middlecamp,
+ Richard Michael, Yamada Yasuharu

        Thanks! (and sorry if I forgot to mention someone)

 References to bug reports and discussions on issues:

- [1] = http://daniel.haxx.se/blog/2013/01/17/internally-were-all-multi-now/
- [2] = http://curl.haxx.se/mail/lib-2013-01/0191.html
- [3] = http://curl.haxx.se/mail/lib-2013-01/0130.html
- [4] = http://curl.haxx.se/bug/view.cgi?id=1180
- [5] = http://curl.haxx.se/mail/lib-2013-01/0045.html
- [6] = http://curl.haxx.se/mail/lib-2012-12/0246.html
- [7] = http://curl.haxx.se/bug/view.cgi?id=1173
- [8] = http://curl.haxx.se/mail/lib-2013-01/0250.html
- [9] = http://curl.haxx.se/mail/lib-2013-02/0004.html
- [10] = http://curl.haxx.se/mail/archive-2013-01/0017.html
- [11] = http://curl.haxx.se/bug/view.cgi?id=1171
- [12] = https://bugzilla.redhat.com/696783
- [13] = https://bugzilla.redhat.com/896544
- [14] = http://curl.haxx.se/mail/lib-2013-01/0295.html
- [15] = http://curl.haxx.se/bug/view.cgi?id=1186
- [16] = http://curl.haxx.se/bug/view.cgi?id=1187
- [17] = http://curl.haxx.se/docs/adv_20130206.html
+ [1] = http://curl.haxx.se/bug/view.cgi?id=1184
+ [2] = http://curl.haxx.se/mail/archive-2013-02/0040.html
+ [3] = http://curl.haxx.se/mail/lib-2013-03/0014.html
+ [4] = http://curl.haxx.se/bug/view.cgi?id=1192
+ [5] = http://curl.haxx.se/mail/lib-2013-02/0145.html
+ [6] = http://curl.haxx.se/bug/view.cgi?id=1195
+ [7] = http://curl.haxx.se/bug/view.cgi?id=1190
+ [8] = http://curl.haxx.se/bug/view.cgi?id=1193
+ [9] = http://curl.haxx.se/bug/view.cgi?id=1194
+ [10] = http://curl.haxx.se/bug/view.cgi?id=1168
+ [11] = http://curl.haxx.se/bug/view.cgi?id=1204
+ [12] = https://groups.google.com/d/msg/msysgit/B31LNftR4BI/KhRTz0iuGmUJ
+ [13] = http://curl.haxx.se/bug/view.cgi?id=1206
+ [14] = http://curl.haxx.se/bug/view.cgi?id=1199
+ [15] = http://daniel.haxx.se/blog/2013/03/26/better-pipelining-in-libcurl-7-30-0/
+ [16] = http://curl.haxx.se/bug/view.cgi?id=1204
+ [17] = http://curl.haxx.se/mail/lib-2013-03/0319.html
+ [18] = http://curl.haxx.se/bug/view.cgi?id=1209
+ [19] = http://curl.haxx.se/bug/view.cgi?id=1212
+ [20] = http://curl.haxx.se/bug/view.cgi?id=1188
+ [21] = http://curl.haxx.se/bug/view.cgi?id=1183
+ [22] = http://curl.haxx.se/bug/view.cgi?id=1189
+ [23] = http://curl.haxx.se/bug/view.cgi?id=1214
+ [24] = http://curl.haxx.se/mail/lib-2013-04/0113.html
+ [25] = http://curl.haxx.se/docs/adv_20130412.html
--- a/12
+++ b/12
@@ -1,14 +1,4 @@
-To be addressed in 7.29
+To be addressed in ...
 =======================

-310 - a new authentication callback
-
-312 - custom Content-Length appears in CONNECT, solve it by offering a
-      separate option to provide headers for the CONNECT request:
-      http://curl.haxx.se/mail/lib-2012-09/0059.html
-
-317 - CURLINFO_SSL_TRUST to return SSL-specific data for a darwinssl build
-
-322 - pipelining improvements
-
 327 - 
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -1597,213 +1597,6 @@ AC_DEFUN([CURL_CHECK_FUNC_SEND], [
  fi
 ])

-
-dnl CURL_CHECK_FUNC_RECVFROM
-dnl -------------------------------------------------
-dnl Test if the socket recvfrom() function is available,
-dnl and check its return type and the types of its
-dnl arguments. If the function succeeds HAVE_RECVFROM
-dnl will be defined, defining the types of the arguments
-dnl in RECVFROM_TYPE_ARG1, RECVFROM_TYPE_ARG2, and so on
-dnl to RECVFROM_TYPE_ARG6, defining also the type of the
-dnl function return value in RECVFROM_TYPE_RETV.
-dnl Notice that the types returned for pointer arguments
-dnl will actually be the type pointed by the pointer.
-
-AC_DEFUN([CURL_CHECK_FUNC_RECVFROM], [
-  AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK])dnl
-  AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK2])dnl
-  AC_CHECK_HEADERS(sys/types.h sys/socket.h)
-  #
-  AC_MSG_CHECKING([for recvfrom])
-  AC_LINK_IFELSE([
-    AC_LANG_PROGRAM([[
-#undef inline
-#ifdef HAVE_WINDOWS_H
-#ifndef WIN32_LEAN_AND_MEAN
-#define WIN32_LEAN_AND_MEAN
-#endif
-#include <windows.h>
-#ifdef HAVE_WINSOCK2_H
-#include <winsock2.h>
-#else
-#ifdef HAVE_WINSOCK_H
-#include <winsock.h>
-#endif
-#endif
-#else
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#endif
-    ]],[[
-      recvfrom(0, 0, 0, 0, 0, 0);
-    ]])
-  ],[
-    AC_MSG_RESULT([yes])
-    curl_cv_recvfrom="yes"
-  ],[
-    AC_MSG_RESULT([no])
-    curl_cv_recvfrom="no"
-  ])
-  #
-  if test "$curl_cv_recvfrom" = "yes"; then
-    AC_CACHE_CHECK([types of args and return type for recvfrom],
-      [curl_cv_func_recvfrom_args], [
-      curl_cv_func_recvfrom_args="unknown"
-      for recvfrom_retv in 'int' 'ssize_t'; do
-        for recvfrom_arg1 in 'int' 'ssize_t' 'SOCKET'; do
-          for recvfrom_arg2 in 'char *' 'void *'; do
-            for recvfrom_arg3 in 'size_t' 'int' 'socklen_t' 'unsigned int'; do
-              for recvfrom_arg4 in 'int' 'unsigned int'; do
-                for recvfrom_arg5 in 'struct sockaddr *' 'void *' 'const struct sockaddr *'; do
-                  for recvfrom_arg6 in 'socklen_t *' 'int *' 'unsigned int *' 'size_t *' 'void *'; do
-                    if test "$curl_cv_func_recvfrom_args" = "unknown"; then
-                      AC_COMPILE_IFELSE([
-                        AC_LANG_PROGRAM([[
-#undef inline
-#ifdef HAVE_WINDOWS_H
-#ifndef WIN32_LEAN_AND_MEAN
-#define WIN32_LEAN_AND_MEAN
-#endif
-#include <windows.h>
-#ifdef HAVE_WINSOCK2_H
-#include <winsock2.h>
-#else
-#ifdef HAVE_WINSOCK_H
-#include <winsock.h>
-#endif
-#endif
-#define RECVFROMCALLCONV PASCAL
-#else
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#define RECVFROMCALLCONV
-#endif
-                          extern $recvfrom_retv RECVFROMCALLCONV
-                          recvfrom($recvfrom_arg1, $recvfrom_arg2,
-                                   $recvfrom_arg3, $recvfrom_arg4,
-                                   $recvfrom_arg5, $recvfrom_arg6);
-                        ]],[[
-                          $recvfrom_arg1 s=0;
-                          $recvfrom_arg2 buf=0;
-                          $recvfrom_arg3 len=0;
-                          $recvfrom_arg4 flags=0;
-                          $recvfrom_arg5 addr=0;
-                          $recvfrom_arg6 addrlen=0;
-                          $recvfrom_retv res=0;
-                          res = recvfrom(s, buf, len, flags, addr, addrlen);
-                        ]])
-                      ],[
-                        curl_cv_func_recvfrom_args="$recvfrom_arg1,$recvfrom_arg2,$recvfrom_arg3,$recvfrom_arg4,$recvfrom_arg5,$recvfrom_arg6,$recvfrom_retv"
-                      ])
-                    fi
-                  done
-                done
-              done
-            done
-          done
-        done
-      done
-    ]) # AC-CACHE-CHECK
-    # Nearly last minute change for this release starts here
-    AC_DEFINE_UNQUOTED(HAVE_RECVFROM, 1,
-      [Define to 1 if you have the recvfrom function.])
-    ac_cv_func_recvfrom="yes"
-    # Nearly last minute change for this release ends here
-    if test "$curl_cv_func_recvfrom_args" = "unknown"; then
-      AC_MSG_WARN([Cannot find proper types to use for recvfrom args])
-    else
-      recvfrom_prev_IFS=$IFS; IFS=','
-      set dummy `echo "$curl_cv_func_recvfrom_args" | sed 's/\*/\*/g'`
-      IFS=$recvfrom_prev_IFS
-      shift
-      #
-      recvfrom_ptrt_arg2=$[2]
-      recvfrom_qual_ptrt_arg5=$[5]
-      recvfrom_ptrt_arg6=$[6]
-      #
-      AC_DEFINE_UNQUOTED(RECVFROM_TYPE_ARG1, $[1],
-        [Define to the type of arg 1 for recvfrom.])
-      AC_DEFINE_UNQUOTED(RECVFROM_TYPE_ARG3, $[3],
-        [Define to the type of arg 3 for recvfrom.])
-      AC_DEFINE_UNQUOTED(RECVFROM_TYPE_ARG4, $[4],
-        [Define to the type of arg 4 for recvfrom.])
-      AC_DEFINE_UNQUOTED(RECVFROM_TYPE_RETV, $[7],
-        [Define to the function return type for recvfrom.])
-      #
-      prev_sh_opts=$-
-      #
-      case $prev_sh_opts in
-        *f*)
-          ;;
-        *)
-          set -f
-          ;;
-      esac
-      #
-      case "$recvfrom_qual_ptrt_arg5" in
-        const*)
-          recvfrom_qual_arg5=const
-          recvfrom_ptrt_arg5=`echo $recvfrom_qual_ptrt_arg5 | sed 's/^const //'`
-        ;;
-        *)
-          recvfrom_qual_arg5=
-          recvfrom_ptrt_arg5=$recvfrom_qual_ptrt_arg5
-        ;;
-      esac
-      #
-      recvfrom_type_arg2=`echo $recvfrom_ptrt_arg2 | sed 's/ \*//'`
-      recvfrom_type_arg5=`echo $recvfrom_ptrt_arg5 | sed 's/ \*//'`
-      recvfrom_type_arg6=`echo $recvfrom_ptrt_arg6 | sed 's/ \*//'`
-      #
-      AC_DEFINE_UNQUOTED(RECVFROM_TYPE_ARG2, $recvfrom_type_arg2,
-        [Define to the type pointed by arg 2 for recvfrom.])
-      AC_DEFINE_UNQUOTED(RECVFROM_QUAL_ARG5, $recvfrom_qual_arg5,
-        [Define to the type qualifier pointed by arg 5 for recvfrom.])
-      AC_DEFINE_UNQUOTED(RECVFROM_TYPE_ARG5, $recvfrom_type_arg5,
-        [Define to the type pointed by arg 5 for recvfrom.])
-      AC_DEFINE_UNQUOTED(RECVFROM_TYPE_ARG6, $recvfrom_type_arg6,
-        [Define to the type pointed by arg 6 for recvfrom.])
-      #
-      if test "$recvfrom_type_arg2" = "void"; then
-        AC_DEFINE_UNQUOTED(RECVFROM_TYPE_ARG2_IS_VOID, 1,
-          [Define to 1 if the type pointed by arg 2 for recvfrom is void.])
-      fi
-      if test "$recvfrom_type_arg5" = "void"; then
-        AC_DEFINE_UNQUOTED(RECVFROM_TYPE_ARG5_IS_VOID, 1,
-          [Define to 1 if the type pointed by arg 5 for recvfrom is void.])
-      fi
-      if test "$recvfrom_type_arg6" = "void"; then
-        AC_DEFINE_UNQUOTED(RECVFROM_TYPE_ARG6_IS_VOID, 1,
-          [Define to 1 if the type pointed by arg 6 for recvfrom is void.])
-      fi
-      #
-      case $prev_sh_opts in
-        *f*)
-          ;;
-        *)
-          set +f
-          ;;
-      esac
-      #
-      AC_DEFINE_UNQUOTED(HAVE_RECVFROM, 1,
-        [Define to 1 if you have the recvfrom function.])
-      ac_cv_func_recvfrom="yes"
-    fi
-  else
-    AC_MSG_WARN([Unable to link function recvfrom])
-  fi
-])
-
-
 dnl CURL_CHECK_MSG_NOSIGNAL
 dnl -------------------------------------------------
 dnl Check for MSG_NOSIGNAL
--- a/configure.ac
+++ b/configure.ac
@@ -198,74 +198,50 @@ CURL_CONFIGURE_REENTRANT
 dnl check for how to do large files
 AC_SYS_LARGEFILE

-dnl support building of Windows DLLs
-AC_LIBTOOL_WIN32_DLL
+XC_LIBTOOL

-dnl force libtool to build static libraries with PIC on AMD64-Linux & FreeBSD
-AC_MSG_CHECKING([if arch-OS host is AMD64-Linux/FreeBSD (to build static libraries with PIC)])
-case $host in
-  x86_64*linux*|amd64*freebsd*|ia64*freebsd*)
-    AC_MSG_RESULT([yes])
-    with_pic=yes
-    ;;
-  *)
-    AC_MSG_RESULT([no])
-    ;;
-esac
+#
+# Automake conditionals based on libtool related checks
+#

-AC_MSG_CHECKING([if compiler is icc (to build with PIC)])
-case $CC in
-  icc | */icc)
-    AC_MSG_RESULT([yes])
-    with_pic=yes
-    ;;
-  *)
-    AC_MSG_RESULT([no])
-    ;;
-esac
+AM_CONDITIONAL([CURL_LT_SHLIB_USE_VERSION_INFO],
+  [test "x$xc_lt_shlib_use_version_info" = 'xyes'])
+AM_CONDITIONAL([CURL_LT_SHLIB_USE_NO_UNDEFINED],
+  [test "x$xc_lt_shlib_use_no_undefined" = 'xyes'])
+AM_CONDITIONAL([CURL_LT_SHLIB_USE_MIMPURE_TEXT],
+  [test "x$xc_lt_shlib_use_mimpure_text" = 'xyes'])

-dnl libtool setup
-AC_PROG_LIBTOOL
+#
+# Due to libtool and automake machinery limitations of not allowing
+# specifying separate CPPFLAGS or CFLAGS when compiling objects for
+# inclusion of these in shared or static libraries, we are forced to
+# build using separate configure runs for shared and static libraries
+# on systems where different CPPFLAGS or CFLAGS are mandatory in order
+# to compile objects for each kind of library. Notice that relying on
+# the '-DPIC' CFLAG that libtool provides is not valid given that the
+# user might for example choose to build static libraries with PIC.
+#

-AC_MSG_CHECKING([if we need -mimpure-text])
-mimpure=no
-case $host in
-  *-*-solaris2*)
-    if test "$GCC" = "yes"; then
-      mimpure="yes"
-    fi
-    ;;
-  *)
-    ;;
-esac
-AC_MSG_RESULT($mimpure)
-AM_CONDITIONAL(MIMPURE, test x$mimpure = xyes)
+#
+# Make our Makefile.am files use the staticlib CPPFLAG only when strictly
+# targeting a static library and not building its shared counterpart.
+#
+
+AM_CONDITIONAL([USE_CPPFLAG_CURL_STATICLIB],
+  [test "x$xc_lt_build_static_only" = 'xyes'])
+
+#
+# Make staticlib CPPFLAG variable and its definition visible in output
+# files unconditionally, providing an empty definition unless strictly
+# targeting a static library and not building its shared counterpart.
+#
+
+CPPFLAG_CURL_STATICLIB=
+if test "x$xc_lt_build_static_only" = 'xyes'; then
+  CPPFLAG_CURL_STATICLIB='-DCURL_STATICLIB'
+fi
+AC_SUBST([CPPFLAG_CURL_STATICLIB])

-AC_MSG_CHECKING([if we need BUILDING_LIBCURL])
-use_cppflag_building_libcurl="no"
-use_cppflag_curl_staticlib="no"
-CPPFLAG_CURL_STATICLIB=""
-case $host in
-  *-*-mingw*)
-    AC_MSG_RESULT(yes)
-    use_cppflag_building_libcurl="yes"
-    AC_MSG_CHECKING([if we need CURL_STATICLIB])
-    if test "X$enable_shared" = "Xno"
-    then
-      AC_MSG_RESULT(yes)
-      use_cppflag_curl_staticlib="yes"
-      CPPFLAG_CURL_STATICLIB="-DCURL_STATICLIB"
-    else
-      AC_MSG_RESULT(no)
-    fi
-    ;;
-  *)
-    AC_MSG_RESULT(no)
-    ;;
-esac
-AM_CONDITIONAL(USE_CPPFLAG_BUILDING_LIBCURL, test x$use_cppflag_building_libcurl = xyes)
-AM_CONDITIONAL(USE_CPPFLAG_CURL_STATICLIB, test x$use_cppflag_curl_staticlib = xyes)
-AC_SUBST(CPPFLAG_CURL_STATICLIB)

 # Determine whether all dependent libraries must be specified when linking
 if test "X$enable_shared" = "Xyes" -a "X$link_all_deplibs" = "Xno"
@@ -277,10 +253,6 @@ fi
 AC_SUBST(REQUIRE_LIB_DEPS)
 AM_CONDITIONAL(USE_EXPLICIT_LIB_DEPS, test x$REQUIRE_LIB_DEPS = xyes)

-dnl The install stuff has already been taken care of by the automake stuff
-dnl AC_PROG_INSTALL
-AC_PROG_MAKE_SET
-
 dnl check if there's a way to force code inline
 AC_C_INLINE

@@ -311,9 +283,6 @@ CURL_CHECK_COMPILER_ARRAY_SIZE_NEGATIVE
 CURL_CHECK_COMPILER_PROTOTYPE_MISMATCH
 CURL_CHECK_COMPILER_SYMBOL_HIDING

-CURL_CHECK_NO_UNDEFINED
-AM_CONDITIONAL(NO_UNDEFINED, test x$need_no_undefined = xyes)
-
 CURL_CHECK_CURLDEBUG
 AM_CONDITIONAL(CURLDEBUG, test x$want_curldebug = xyes)

@@ -2293,7 +2262,7 @@ fi

 if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$AXTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$DARWINSSL_ENABLED" = "x"; then
  AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.])
-  AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls or --with-winssl to address this.])
+  AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, or --with-darwinssl to address this.])
 else
  # SSL is enabled, genericly
  AC_SUBST(SSL_ENABLED)
@@ -2613,8 +2582,10 @@ AC_MSG_RESULT(no)
 ]
 )

-AC_SUBST(VERSIONED_FLAVOUR, ["$versioned_symbols_flavour"])
-AM_CONDITIONAL(VERSIONED_SYMBOLS, test "x$versioned_symbols" = "xyes")
+AC_SUBST([CURL_LT_SHLIB_VERSIONED_FLAVOUR],
+  ["$versioned_symbols_flavour"])
+AM_CONDITIONAL([CURL_LT_SHLIB_USE_VERSIONED_SYMBOLS],
+  [test "x$versioned_symbols" = 'xyes'])

 dnl -------------------------------------------------
 dnl check winidn option before other IDN libraries
@@ -2997,7 +2968,6 @@ AC_TYPE_SIGNAL
 CURL_CHECK_FUNC_SELECT

 CURL_CHECK_FUNC_RECV
-CURL_CHECK_FUNC_RECVFROM
 CURL_CHECK_FUNC_SEND
 CURL_CHECK_MSG_NOSIGNAL

@@ -3039,12 +3009,10 @@ CURL_CHECK_FUNC_SIGSETJMP
 CURL_CHECK_FUNC_SOCKET
 CURL_CHECK_FUNC_SOCKETPAIR
 CURL_CHECK_FUNC_STRCASECMP
-CURL_CHECK_FUNC_STRCASESTR
 CURL_CHECK_FUNC_STRCMPI
 CURL_CHECK_FUNC_STRDUP
 CURL_CHECK_FUNC_STRERROR_R
 CURL_CHECK_FUNC_STRICMP
-CURL_CHECK_FUNC_STRLCAT
 CURL_CHECK_FUNC_STRNCASECMP
 CURL_CHECK_FUNC_STRNCMPI
 CURL_CHECK_FUNC_STRNICMP
--- a/curl-config.in
+++ b/curl-config.in
@@ -71,62 +71,62 @@ while test $# -gt 0; do
        ;;

    --ca)
-	echo "@CURL_CA_BUNDLE@"
-	;;
+        echo "@CURL_CA_BUNDLE@"
+        ;;

    --cc)
-	echo "@CC@"
-	;;
+        echo "@CC@"
+        ;;

    --prefix)
-	echo "$prefix"
-	;;
+        echo "$prefix"
+        ;;

    --feature|--features)
        for feature in @SUPPORT_FEATURES@ ""; do
            test -n "$feature" && echo "$feature"
        done
-	;;
+        ;;

    --protocols)
        for protocol in @SUPPORT_PROTOCOLS@; do
            echo "$protocol"
        done
-	;;
+        ;;

    --version)
-	echo libcurl @CURLVERSION@
-	exit 0
-	;;
+        echo libcurl @CURLVERSION@
+        exit 0
+        ;;

    --checkfor)
        checkfor=$2
        cmajor=`echo $checkfor | cut -d. -f1`
        cminor=`echo $checkfor | cut -d. -f2`
        # when extracting the patch part we strip off everything after a
-	# dash as that's used for things like version 1.2.3-CVS
-	cpatch=`echo $checkfor | cut -d. -f3 | cut -d- -f1`
+        # dash as that's used for things like version 1.2.3-CVS
+        cpatch=`echo $checkfor | cut -d. -f3 | cut -d- -f1`
        checknum=`echo "$cmajor*256*256 + $cminor*256 + ${cpatch:-0}" | bc`
        numuppercase=`echo @VERSIONNUM@ | tr 'a-f' 'A-F'`
        nownum=`echo "obase=10; ibase=16; $numuppercase" | bc`

-	if test "$nownum" -ge "$checknum"; then
-	  # silent success
-	  exit 0
-	else
-	  echo "requested version $checkfor is newer than existing @CURLVERSION@"
-	  exit 1
-	fi
-	;;
+        if test "$nownum" -ge "$checknum"; then
+          # silent success
+          exit 0
+        else
+          echo "requested version $checkfor is newer than existing @CURLVERSION@"
+          exit 1
+        fi
+        ;;

    --vernum)
-	echo @VERSIONNUM@
-	exit 0
-	;;
+        echo @VERSIONNUM@
+        exit 0
+        ;;

    --help)
-	usage 0
-	;;
+        usage 0
+        ;;

    --cflags)
        if test "X$cppflag_curl_staticlib" = "X-DCURL_STATICLIB"; then
@@ -134,38 +134,38 @@ while test $# -gt 0; do
        else
          CPPFLAG_CURL_STATICLIB=""
        fi
-       	if test "X@includedir@" = "X/usr/include"; then
+        if test "X@includedir@" = "X/usr/include"; then
          echo "$CPPFLAG_CURL_STATICLIB"
        else
          echo "${CPPFLAG_CURL_STATICLIB}-I@includedir@"
        fi
-       	;;
+        ;;

    --libs)
-	if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then
-	   CURLLIBDIR="-L@libdir@ "
-	else
-	   CURLLIBDIR=""
-	fi
-	if test "X@REQUIRE_LIB_DEPS@" = "Xyes"; then
-	  echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@
-	else
-	  echo ${CURLLIBDIR}-lcurl
-	fi
-	;;
+        if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then
+           CURLLIBDIR="-L@libdir@ "
+        else
+           CURLLIBDIR=""
+        fi
+        if test "X@REQUIRE_LIB_DEPS@" = "Xyes"; then
+          echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@
+        else
+          echo ${CURLLIBDIR}-lcurl
+        fi
+        ;;

    --static-libs)
-	echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@
-	;;
+        echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@
+        ;;

    --configure)
-      echo @CONFIGURE_OPTIONS@
-    ;;
+        echo @CONFIGURE_OPTIONS@
+        ;;

    *)
        echo "unknown option: $1"
-	usage 1
-	;;
+        usage 1
+        ;;
    esac
    shift
 done
--- a/curl-style.el
+++ b/curl-style.el
@@ -1,50 +0,0 @@
-;;;; Emacs Lisp help for writing curl code. ;;;;
-
-;;; The curl hacker's C conventions.
-;;; See the sample.emacs file on how this file can be made to take
-;;; effect automatically when editing curl source files.
-
-(defconst curl-c-style
-  '((c-basic-offset . 2)
-    (c-comment-only-line-offset . 0)
-    (c-hanging-braces-alist     . ((substatement-open before after)))
-    (c-offsets-alist . ((topmost-intro        . 0)
-			(topmost-intro-cont   . 0)
-			(substatement         . +)
-			(substatement-open    . 0)
-			(statement-case-intro . +)
-			(statement-case-open  . 0)
-			(case-label           . 0)
-			))
-    )
-  "Curl C Programming Style")
-
-(defun curl-code-cleanup ()
-  "no docs"
-  (interactive)
-  (untabify (point-min) (point-max))
-  (delete-trailing-whitespace)
-)
-
-;; Customizations for all of c-mode, c++-mode, and objc-mode
-(defun curl-c-mode-common-hook ()
-  "Curl C mode hook"
-  ;; add curl style and set it for the current buffer
-  (c-add-style "curl" curl-c-style t)
-  (setq tab-width 8
-	indent-tabs-mode nil		; Use spaces. Not tabs.
-	comment-column 40
-	c-font-lock-extra-types (append '("bool" "CURL" "CURLcode" "ssize_t" "size_t" "curl_socklen_t" "fd_set" "time_t" "curl_off_t" "curl_socket_t" "in_addr_t" "CURLSHcode" "CURLMcode" "Curl_addrinfo"))
-	)
-  ;; keybindings for C, C++, and Objective-C.  We can put these in
-  ;; c-mode-base-map because of inheritance ...
-  (define-key c-mode-base-map "\M-q" 'c-fill-paragraph)
-  (define-key c-mode-base-map "\M-m" 'curl-code-cleanup)
-  (setq c-recognize-knr-p nil)
-  ;;; (add-hook 'write-file-hooks 'delete-trailing-whitespace t)
-  (setq show-trailing-whitespace t)
-  )
-
-;; Set this is in your .emacs if you want to use the c-mode-hook as
-;; defined here right out of the box.
-; (add-hook 'c-mode-common-hook 'curl-c-mode-common-hook)
--- a/docs/BINDINGS
+++ b/docs/BINDINGS
@@ -6,14 +6,14 @@

                               libcurl bindings

-Creative people have written bindings or interfaces for various environments
-and programming languages. Using one of these allows you to take advantage of
-curl powers from within your favourite language or system.
+ Creative people have written bindings or interfaces for various environments
+ and programming languages. Using one of these allows you to take advantage of
+ curl powers from within your favourite language or system.

-This is a list of all known interfaces as of this writing.
+ This is a list of all known interfaces as of this writing.

-The bindings listed below are not part of the curl/libcurl distribution
-archives, but must be downloaded and installed separately.
+ The bindings listed below are not part of the curl/libcurl distribution
+ archives, but must be downloaded and installed separately.

 Ada95

@@ -41,7 +41,10 @@ Ch

 Cocoa

-  Written by Dan Wood
+  BBHTTP: written by Bruno de Carvalho
+  https://github.com/brunodecarvalho/BBHTTP
+
+  curlhandle: Written by Dan Wood
  http://curlhandle.sourceforge.net/

 D
@@ -55,6 +58,7 @@ Dylan
  http://dylanlibs.sourceforge.net/

 Eiffel
+
  Written by Eiffel Software
  http://curl.haxx.se/libcurl/eiffel/

@@ -81,6 +85,11 @@ glib/GTK+
  Written by Richard Atterer
  http://atterer.net/glibcurl/

+Guile:
+
+  Written by Michael L. Gran
+  http://www.lonelycactus.com/guile-curl.html
+
 Haskell

  Written by Galois, Inc
@@ -91,6 +100,11 @@ Java
  Maintained by [blank]
  http://curl.haxx.se/libcurl/java/

+Julia
+
+  Written by Paul Howe
+  https://github.com/forio/Curl.jl
+
 Lisp

  Written by Liam Healy
--- a/docs/CONTRIBUTE
+++ b/docs/CONTRIBUTE
@@ -212,7 +212,7 @@
 commit.

 Now send those patches off to the curl-library list. You can of course opt to
- do that with the 'get send-email' command.
+ do that with the 'git send-email' command.

 3.3 How To Make a Patch without git

--- a/docs/FAQ
+++ b/docs/FAQ
@@ -245,10 +245,10 @@ FAQ
  supervised in any way by the project.

  We still get help from companies. Haxx provides web site, bandwidth, mailing
-  lists etc and sourceforge.net hosts project services we take advantage from,
-  like the bug tracker. Also again, some companies have sponsored certain
-  parts of the development in the past and I hope some will continue to do so
-  in the future.
+  lists etc, sourceforge.net hosts project services we take advantage from,
+  like the bug tracker and github hosts the primary git repository. Also
+  again, some companies have sponsored certain parts of the development in the
+  past and I hope some will continue to do so in the future.

  If you want to support our project, consider a donation or a banner-program
  or even better: by helping us coding, documenting, testing etc.
@@ -309,17 +309,16 @@ FAQ
  never use it.

  In May 2012 Daniel did a counting game and came up with a number that may
-  be completely wrong or somewhat accurate. 300 million!
+  be completely wrong or somewhat accurate. Over 500 million!

  See http://daniel.haxx.se/blog/2012/05/16/300m-users/

  1.11 Why don't you update ca-bundle.crt

-  The ca-bundle.crt file that used to be bundled with curl was very outdated
-  (it being last modified year 2000 should tell) and must be replaced with a
-  much more modern and up-to-date version by anyone who wants to verify peers
-  anyway. It is no longer provided, the last curl release that shipped it was
-  curl 7.18.0.
+  The ca cert bundle that used to shipped with curl was very outdated and must
+  be replaced with an up-to-date version by anyone who wants to verify
+  peers. It is no longer provided by curl. The last curl release ever that
+  shipped a ca cert bundle was curl 7.18.0.

  In the cURL project we've decided not to attempt to keep this file updated
  (or even present anymore) since deciding what to add to a ca cert bundle is
@@ -433,10 +432,10 @@ FAQ

  That is an OpenSSL binary built for Windows.

-  Curl uses OpenSSL to do the SSL stuff. The LIBEAY32.DLL is what curl needs
-  on a windows machine to do https://. Check out the curl web site to find
-  accurate and up-to-date pointers to recent OpenSSL DLLs and other binary
-  packages.
+  Curl can be built with OpenSSL to do the SSL stuff. The LIBEAY32.DLL is then
+  what curl needs on a windows machine to do https:// etc. Check out the curl
+  web site to find accurate and up-to-date pointers to recent OpenSSL DLLs and
+  other binary packages.

  2.4 Does curl support SOCKS (RFC 1928) ?

@@ -472,9 +471,9 @@ FAQ
  3.3 Why doesn't my posting using -F work?

  You can't simply use -F or -d at your choice. The web server that will
-  receive your post assumes one of the formats. If the form you're trying to
-  "fake" sets the type to 'multipart/form-data', then and only then you must
-  use the -F type. In all the most common cases, you should use -d which then
+  receive your post expects one of the formats. If the form you're trying to
+  submit uses the type 'multipart/form-data', then and only then you must use
+  the -F type. In all the most common cases, you should use -d which then
  causes a posting with the type 'application/x-www-form-urlencoded'.

  This is described in some detail in the MANUAL and TheArtOfHttpScripting
@@ -502,9 +501,9 @@ FAQ
  3.6 Does curl support ASP, XML, XHTML or HTML version Y?

  To curl, all contents are alike. It doesn't matter how the page was
-  generated. It may be ASP, PHP, Perl, shell-script, SSI or plain
-  HTML-files. There's no difference to curl and it doesn't even know what kind
-  of language that generated the page.
+  generated. It may be ASP, PHP, Perl, shell-script, SSI or plain HTML
+  files. There's no difference to curl and it doesn't even know what kind of
+  language that generated the page.

  See also item 3.14 regarding javascript.

--- a/docs/FEATURES
+++ b/docs/FEATURES
@@ -13,27 +13,29 @@ curl tool
 - multiple file upload on a single command line
 - custom maximum transfer rate
 - redirectable stderr
+ - metalink support (*13)

-libcurl supports
+libcurl
 - full URL syntax with no length limit
 - custom maximum download time
 - custom least download speed acceptable
 - custom output result after completion
 - guesses protocol from host name unless specified
 - uses .netrc
- - progress bar/time specs while downloading
+ - progress bar with time statistics while downloading
 - "standard" proxy environment variables support
 - compiles on win32 (reported builds on 40+ operating systems)
 - selectable network interface for outgoing traffic
 - IPv6 support on unix and Windows
 - persistent connections
 - socks5 support
- - supports user name + password in proxy environment variables
+ - supports user name and password in proxy environment variables
 - operations through proxy "tunnel" (using CONNECT)
- - supports large files (>2GB and >4GB) both upload/download
+ - support for large files (>2GB and >4GB) during upload and download
 - replaceable memory functions (malloc, free, realloc, etc)
 - asynchronous name resolving (*6)
 - both a push and a pull style interface
+ - international domain names (*11)

 HTTP
 - HTTP/1.1 compliant (optionally uses 1.0)
@@ -60,7 +62,8 @@ HTTP
 - via http-proxy
 - retrieve file modification date
 - Content-Encoding support for deflate and gzip
- - "Transfer-Encoding: chunked" support for "uploads"
+ - "Transfer-Encoding: chunked" support in uploads
+ - data compression (*12)

 HTTPS (*1)
 - (all the HTTP features)
@@ -68,12 +71,13 @@ HTTPS (*1)
 - verify server certificate
 - via http-proxy
 - select desired encryption
- - force usage of a specific SSL version (SSLv2(*7), SSLv3 or TLSv1)
+ - force usage of a specific SSL version (SSLv2 (*7), SSLv3 (*10) or TLSv1)

 FTP
 - download
 - authentication
- - kerberos4 (*5), kerberos5 (*3)
+ - kerberos4 (*5)
+ - kerberos5 (*3)
 - active/passive using PORT, EPRT, PASV or EPSV
 - single file size information (compare to HTTP HEAD)
 - 'type=' URL support
@@ -93,7 +97,7 @@ FTP

 FTPS (*1)
 - implicit ftps:// support that use SSL on both connections
- - explicit "AUTH TSL" and "AUTH SSL" usage to "upgrade" plain ftp://
+ - explicit "AUTH TLS" and "AUTH SSL" usage to "upgrade" plain ftp://
   connection to use SSL for both or one of the connections

 SCP (*8)
@@ -104,7 +108,8 @@ SFTP (*8)
 - with custom commands sent before/after the transfer

 TFTP
- - download / upload
+ - download
+ - upload

 TELNET
 - connection negotiation
@@ -119,12 +124,12 @@ DICT

 FILE
 - URL support
- - "uploads"
+ - upload
 - resume

 SMTP
 - authentication: Plain, Login, CRAM-MD5, Digest-MD5 and NTLM (*9)
- - send mail
+ - send e-mails
 - mail from support
 - mail size support
 - mail auth support for trusted server-to-server relaying
@@ -142,7 +147,8 @@ POP3
   NTLM (*9)
 - list e-mails
 - retrieve e-mails
- - enhanced command support for: CAPA, DELE, TOP, STAT, UIDL and NOOP
+ - enhanced command support for: CAPA, DELE, TOP, STAT, UIDL and NOOP via
+   custom requests
 - via http-proxy

 POP3S (*1)
@@ -152,10 +158,14 @@ POP3S (*1)

 IMAP
 - authentication: Clear Text and SASL
- - select mailbox
- - basic fetch e-mail support
 - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5 and
   NTLM (*9)
+ - list the folders of a mailbox
+ - select a mailbox with support for verifing the UIDVALIDITY
+ - fetch e-mails with support for specifing the UID and SECTION
+ - upload e-mails via the append command
+ - enhanced command support for: EXAMINE, CREATE, DELETE, RENAME, STATUS,
+   STORE, COPY and UID via custom requests
 - via http-proxy

 IMAPS (*1)
@@ -167,12 +177,20 @@ FOOTNOTES
 =========

  *1 = requires OpenSSL, GnuTLS, NSS, yassl, axTLS, PolarSSL, schannel (native
-       Windows), Secure Transport (native iOS/OS X)  or qssl (native IBM i)
+       Windows), Secure Transport (native iOS/OS X) or qssl (native IBM i)
  *2 = requires OpenLDAP
-  *3 = requires a GSSAPI-compliant library, such as Heimdal or similar.
+  *3 = requires a GSSAPI-compliant library, such as Heimdal or similar
  *4 = requires FBopenssl
-  *5 = requires a krb4 library, such as the MIT one or similar.
+  *5 = requires a krb4 library, such as the MIT one or similar
  *6 = requires c-ares
-  *7 = requires OpenSSL or NSS, as GnuTLS only supports SSLv3 and TLSv1
+  *7 = requires OpenSSL, NSS, qssl, schannel or Secure Transport; GnuTLS, for
+       example, only supports SSLv3 and TLSv1
  *8 = requires libssh2
-  *9 = requires OpenSSL, GnuTLS, NSS, yassl or SSPI (native Windows)
+  *9 = requires OpenSSL, GnuTLS, NSS, yassl, Secure Transport or SSPI (native
+       Windows)
+  *10 = requires any of the SSL libraries in (*1) above other than axTLS, which
+        does not support SSLv3
+  *11 = requires libidn or Windows
+  *12 = requires libz
+  *13 = requires libmetalink, and either an Apple or Microsoft operating
+        system, or OpenSSL, or GnuTLS, or NSS
--- a/docs/INSTALL
+++ b/docs/INSTALL
@@ -221,7 +221,7 @@ Win32
   environment variables, for example:

     set ZLIB_PATH=c:\zlib-1.2.7
-     set OPENSSL_PATH=c:\openssl-0.9.8x
+     set OPENSSL_PATH=c:\openssl-0.9.8y
     set LIBSSH2_PATH=c:\libssh2-1.4.3

   ATTENTION: if you want to build with libssh2 support you have to use latest
@@ -337,7 +337,7 @@ Win32
   Before running nmake define the OPENSSL_PATH environment variable with
   the root/base directory of OpenSSL, for example:

-     set OPENSSL_PATH=c:\openssl-0.9.8x
+     set OPENSSL_PATH=c:\openssl-0.9.8y

   Then run 'nmake vc-ssl' or 'nmake vc-ssl-dll' in curl's root
   directory.  'nmake vc-ssl' will create a libcurl static and dynamic
@@ -359,7 +359,7 @@ Win32
   source distribution archive to allow proper building of the two included
   projects, the libcurl library and the curl tool.

-   1) Open the vc6curl.dsw workspace with MSVC6's IDE.
+   1) Open the vs/vc6/vc6curl.dsw workspace with MSVC6's IDE.
   2) Select 'Build' from top menu.
   3) Select 'Batch Build' from dropdown menu.
   4) Make sure that the eight project configurations are 'checked'.
@@ -367,12 +367,12 @@ Win32
   6) Once the eight project configurations are built you are done.

   Dynamic and static libcurl libraries are built in debug and release flavours,
-   and can be located each one in its own subdirectory, DLL-Debug, DLL-Release,
-   LIB-Debug and LIB-Release, all of them below the 'lib' subdirectory.
+   and can be located each one in its own subdirectory, dll-debug, dll-release,
+   lib-debug and lib-release, all of them below the 'vs/vc6/lib' subdirectory.

   In the same way four curl executables are created, each using its respective
   library. The resulting curl executables are located in its own subdirectory,
-   DLL-Debug, DLL-Release, LIB-Debug and LIB-Release, below the 'src' subdir.
+   dll-debug, dll-release, lib-debug and lib-release, below 'vs/vc6/src' subdir.

   These reference VC++ 6.0 configurations are generated using the dynamic CRT.

@@ -876,7 +876,7 @@ VxWorks
 Android
 =======
   Method using the static makefile:
-      - see the build notes in the Android.mk file.
+      - see the build notes in the packages/Android/Android.mk file.

   Method using a configure cross-compile (tested with Android NDK r7c, r8):
      - prepare the toolchain of the Android NDK for standalone use; this can
--- a/docs/INTERNALS
+++ b/docs/INTERNALS
@@ -42,7 +42,7 @@ Portability
 cyassl       2.0.0
 openldap     2.0
 MIT krb5 lib 1.2.4
- qsossl       V5R2M0
+ qsossl       V5R3M0
 NSS          3.12.x
 axTLS        1.2.7
 Heimdal      ?
@@ -52,7 +52,7 @@ Portability
 curl running fine on:

 Windows      98
- AS/400       V5R2M0
+ AS/400       V5R3M0
 Symbian      9.1
 Windows CE   ?
 TPF          ?
--- a/docs/SSLCERTS
+++ b/docs/SSLCERTS
@@ -1,6 +1,12 @@
                      Peer SSL Certificate Verification
                      =================================

+(NOTE: If libcurl was built with Schannel or Secure Transport support, then
+this does not apply to you. Scroll down for details on how the OS-native
+engines handle SSL certificates. If you're not sure, then run "curl -V" and
+read the results. If the version string says "WinSSL" in it, then it was built
+with Schannel support.)
+
 libcurl performs peer SSL certificate verification by default.  This is done
 by using CA cert bundle that the SSL library can use to make sure the peer's
 server certificate is valid.
@@ -93,24 +99,40 @@ server.
                      Peer SSL Certificate Verification with NSS
                      ==========================================

-If libcurl is build with NSS support then depending on the OS distribution it
-is probably required to take some additional steps to use the system-wide CA
-cert db. RedHat ships with an additional module libnsspem.so which enables NSS
-to read the OpenSSL PEM CA bundle. With OpenSuSE this lib is missing, and NSS
-can only work with its own internal formats. Also NSS got a new database
-format:
-https://wiki.mozilla.org/NSS_Shared_DB
-Starting with version 7.19.7 libcurl will check for the NSS version it runs,
-and add automatically the 'sql:' prefix to the certdb directory (either the
+If libcurl was built with NSS support, then depending on the OS distribution,
+it is probably required to take some additional steps to use the system-wide CA
+cert db. RedHat ships with an additional module, libnsspem.so, which enables
+NSS to read the OpenSSL PEM CA bundle. This library is missing in OpenSuSE, and
+without it, NSS can only work with its own internal formats. NSS also has a new
+database format: https://wiki.mozilla.org/NSS_Shared_DB
+
+Starting with version 7.19.7, libcurl will check for the NSS version it runs,
+and automatically add the 'sql:' prefix to the certdb directory (either the
 hardcoded default /etc/pki/nssdb or the directory configured with SSL_DIR
-environment variable) if a version 3.12.0 or later is detected.
-To check which certdb format your distribution provides examine the default
-certdb location /etc/pki/nssdb; the new certdb format can be identified by
+environment variable) if version 3.12.0 or later is detected. To check which
+ertdb format your distribution provides, examine the default
+certdb location: /etc/pki/nssdb; the new certdb format can be identified by
 the filenames cert9.db, key4.db, pkcs11.txt; filenames of older versions are
 cert8.db, key3.db, modsec.db.
-Usually these cert databases are empty; but NSS also has built-in CAs which are
-provided through a shared library libnssckbi.so; if you want to use these
-built-in CAs then create a symlink to libnssckbi.so in /etc/pki/nssdb:
+
+Usually these cert databases are empty, but NSS also has built-in CAs which are
+provided through a shared library, libnssckbi.so; if you want to use these
+built-in CAs, then create a symlink to libnssckbi.so in /etc/pki/nssdb:
 ln -s /usr/lib[64]/libnssckbi.so /etc/pki/nssdb/libnssckbi.so

+     Peer SSL Certificate Verification with Schannel and Secure Transport
+     ====================================================================

+If libcurl was built with Schannel (Microsoft's TLS/SSL engine) or Secure
+Transport (Apple's TLS/SSL engine) support, then libcurl will still perform
+peer certificate verification, but instead of using a CA cert bundle, it will
+use the certificates that are built into the OS. These are the same
+certificates that appear in the Internet Options control panel (under Windows)
+or Keychain Access application (under OS X). Any custom security rules for
+certificates will be honored.
+
+Schannel will run CRL checks on certificates unless peer verification is
+disabled. Secure Transport on iOS will run OCSP checks on certificates unless
+peer verification is disabled. Secure Transport on OS X will run either OCSP
+or CRL checks on certificates if those features are enabled, and this behavior
+can be adjusted in the preferences of Keychain Access.
--- a/docs/THANKS
+++ b/docs/THANKS
@@ -89,6 +89,7 @@ Ates Goral
 Augustus Saunders
 Avery Fay
 Axel Tillequin
+Balaji Parasuram
 Balint Szilakszi
 Bart Whiteley
 Bas Mevissen
@@ -111,6 +112,7 @@ Bjorn Augustsson
 Bjorn Reese
 Björn Stenberg
 Blaise Potard
+Bob Relyea
 Bob Richmond
 Bob Schader
 Bogdan Nicula
@@ -128,6 +130,7 @@ Brian R Duffy
 Brian Ulm
 Brock Noland
 Bruce Mitchener
+Bruno de Carvalho
 Bryan Henderson
 Bryan Kemp
 Cameron Kaiser
@@ -271,6 +274,7 @@ Eduard Bloch
 Edward Sheldrake
 Eelco Dolstra
 Eetu Ojanen
+Eldar Zaitov
 Ellis Pritchard
 Emanuele Bovisio
 Emil Romanus
@@ -445,6 +449,8 @@ Jim Drash
 Jim Freeman
 Jim Hollinger
 Jim Meyering
+Jiri Jaburek
+Jiri Hruska
 Jocelyn Jaubert
 Joe Halpin
 Joe Malicki
@@ -502,6 +508,7 @@ Jurij Smakov
 Justin Fletcher
 Jörg Mueller-Tolk
 Jörn Hartroth
+Kai Engert
 Kai Sommerfeld
 Kai-Uwe Rommel
 Kalle Vahlman
@@ -559,6 +566,7 @@ Ling Thio
 Linus Nielsen Feltzing
 Lisa Xu
 Liza Alenchery
+Lluís Batlle i Rossell
 Loic Dachary
 Loren Kirkby
 Luca Altea
@@ -616,6 +624,7 @@ Massimo Callegari
 Mateusz Loskot
 Mathias Axelsson
 Mats Lidell
+Matt Arsenault
 Matt Kraai
 Matt Veenstra
 Matt Witherspoon
@@ -876,6 +885,7 @@ Spacen Jasset
 Spiridonoff A.V
 Stadler Stephan
 Stan van de Burgt
+Stanislav Ivochkin
 Stefan Esser
 Stefan Krause
 Stefan Teleman
@@ -958,6 +968,7 @@ Troels Walsted Hansen
 Troy Engel
 Tupone Alfredo
 Ulf Härnhammar
+Ulrich Doehner
 Ulrich Zadow
 Venkat Akella
 Victor Snezhko
@@ -991,6 +1002,7 @@ Yarram Sunil
 Yehoshua Hershberg
 Yukihiro Kawada
 Yuriy Sosov
+Yves Arrouye
 Yves Lejeune
 Zmey Petroff
 Zvi Har'El
--- a/docs/TODO
+++ b/docs/TODO
@@ -45,36 +45,41 @@
 6.3 feature negotiation debug data
 6.4 send data in chunks

- 7. SSL
- 7.1 Disable specific versions
- 7.2 Provide mutex locking API
- 7.3 Evaluate SSL patches
- 7.4 Cache OpenSSL contexts
- 7.5 Export session ids
- 7.6 Provide callback for cert verification
- 7.7 Support other SSL libraries
- 7.9 improve configure --with-ssl
- 7.10 Support DANE
-
- 8. GnuTLS
- 8.1 SSL engine stuff
- 8.3 check connection
-
- 9. SMTP
- 9.1 Specify the preferred authentication mechanism
- 9.2 Initial response
- 9.3 Pipelining
+ 7. SMTP
+ 7.1 Specify the preferred authentication mechanism
+ 7.2 Initial response
+ 7.3 Pipelining
+ 7.4 Graceful base64 decoding failure
 
- 10. POP3
- 10.1 auth= in URLs
+ 8. POP3
+ 8.1 auth= in URLs
+ 8.2 Initial response
+ 8.3 Graceful base64 decoding failure
 
- 11. LDAP
- 11.1 SASL based authentication mechanisms
+ 9. IMAP
+ 9.1 auth= in URLs
+ 9.2 Graceful base64 decoding failure
 
- 12. Other protocols
+ 10. LDAP
+ 10.1 SASL based authentication mechanisms
+ 
+ 11. New protocols
+ 11.1 RSYNC

- 13. New protocols
- 13.1 RSYNC
+ 12. SSL
+ 12.1 Disable specific versions
+ 12.2 Provide mutex locking API
+ 12.3 Evaluate SSL patches
+ 12.4 Cache OpenSSL contexts
+ 12.5 Export session ids
+ 12.6 Provide callback for cert verification
+ 12.7 Support other SSL libraries
+ 12.8 improve configure --with-ssl
+ 12.9 Support DANE
+
+ 13. GnuTLS
+ 13.1 SSL engine stuff
+ 13.2 check connection

 14. SASL
 14.1 Other authentication mechanisms
@@ -173,7 +178,6 @@

    http://tools.ietf.org/html/rfc6555

-
 2. libcurl - multi interface

 2.1 More non-blocking
@@ -265,7 +269,6 @@
 headers use a default value so only headers that need to be moved have to be
 specified.

-
 6. TELNET

 6.1 ditch stdin
@@ -290,25 +293,103 @@ to provide the data to send.
  use, but inefficient for any other.  Sent data should be sent in larger
  chunks.

-7. SSL
+7. SMTP

-7.1 Disable specific versions
+7.1 Specify the preferred authentication mechanism
+
+ Add the ability to specify the preferred authentication mechanism or a list
+ of mechanisms that should be used. Not only that, but the order that is
+ returned by the server during the EHLO response should be honored by curl.
+
+7.2 Initial response
+
+ Add the ability for the user to specify whether the initial response is
+ included in the AUTH command. Some email servers, such as Microsoft
+ Exchange, can work with either whilst others need to have the initial
+ response sent separately:
+
+ http://curl.haxx.se/mail/lib-2012-03/0114.html
+
+7.3 Pipelining
+
+ Add support for pipelining emails.
+
+7.4 Graceful base64 decoding failure
+
+ Rather than shutting down the session and returning an error when the
+ decoding of a base64 encoded authentication response fails, we should
+ gracefully shutdown the authentication process by sending a * response to the
+ server as per RFC4954.
+
+8. POP3
+
+8.1 auth= in URLs
+
+ Being able to specify the preferred authentication mechanism in the URL as
+ per RFC2384.
+
+8.2 Initial response
+
+ Add the ability for the user to specify whether the initial response is
+ included in the AUTH command as per RFC5034.
+
+8.3 Graceful base64 decoding failure
+
+ Rather than shutting down the session and returning an error when the
+ decoding of a base64 encoded authentication response fails, we should
+ gracefully shutdown the authentication process by sending a * response to the
+ server as per RFC5034.
+
+9. IMAP
+
+9.1 auth= in URLs
+
+ Being able to specify the preferred authentication mechanism in the URL as
+ per RFC5092.
+
+9.2 Graceful base64 decoding failure
+
+ Rather than shutting down the session and returning an error when the
+ decoding of a base64 encoded authentication response fails, we should
+ gracefully shutdown the authentication process by sending a * response to the
+ server as per RFC3501.
+
+10. LDAP
+
+10.1 SASL based authentication mechanisms
+
+ Currently the LDAP module only supports ldap_simple_bind_s() in order to bind
+ to an LDAP server. However, this function sends username and password details
+ using the simple authentication mechanism (as clear text). However, it should
+ be possible to use ldap_bind_s() instead specifing the security context
+ information ourselves.
+
+11. New protocols
+
+11.1 RSYNC
+
+ There's no RFC for the protocol or an URI/URL format.  An implementation
+ should most probably use an existing rsync library, such as librsync.
+
+12. SSL
+
+12.1 Disable specific versions

 Provide an option that allows for disabling specific SSL versions, such as
 SSLv2 http://curl.haxx.se/bug/feature.cgi?id=1767276

-7.2 Provide mutex locking API
+12.2 Provide mutex locking API

 Provide a libcurl API for setting mutex callbacks in the underlying SSL
 library, so that the same application code can use mutex-locking
 independently of OpenSSL or GnutTLS being used.

-7.3 Evaluate SSL patches
+12.3 Evaluate SSL patches

 Evaluate/apply Gertjan van Wingerde's SSL patches:
 http://curl.haxx.se/mail/lib-2004-03/0087.html

-7.4 Cache OpenSSL contexts
+12.4 Cache OpenSSL contexts

 "Look at SSL cafile - quick traces look to me like these are done on every
 request as well, when they should only be necessary once per ssl context (or
@@ -318,7 +399,7 @@ to provide the data to send.
 style connections are re-used. It will make us use slightly more memory but
 it will libcurl do less creations and deletions of SSL contexts.

-7.5 Export session ids
+12.5 Export session ids

 Add an interface to libcurl that enables "session IDs" to get
 exported/imported. Cris Bailiff said: "OpenSSL has functions which can
@@ -326,93 +407,44 @@ to provide the data to send.
 the state from such a buffer at a later date - this is used by mod_ssl for
 apache to implement and SSL session ID cache".

-7.6 Provide callback for cert verification
+12.6 Provide callback for cert verification

 OpenSSL supports a callback for customised verification of the peer
 certificate, but this doesn't seem to be exposed in the libcurl APIs. Could
 it be? There's so much that could be done if it were!

-7.7 Support other SSL libraries
+12.7 Support other SSL libraries

 Make curl's SSL layer capable of using other free SSL libraries.  Such as
 MatrixSSL (http://www.matrixssl.org/).

-7.9 improve configure --with-ssl
+12.8 improve configure --with-ssl

 make the configure --with-ssl option first check for OpenSSL, then GnuTLS,
 then NSS...

-7.10 Support DANE
+12.9 Support DANE

 DNS-Based Authentication of Named Entities (DANE) is a way to provide SSL
 keys and certs over DNS using DNSSEC as an alternative to the CA model.
 http://www.rfc-editor.org/rfc/rfc6698.txt

+13. GnuTLS

-8. GnuTLS
-
-8.1 SSL engine stuff
+13.1 SSL engine stuff

 Is this even possible?

-8.3 check connection
+13.2 check connection

 Add a way to check if the connection seems to be alive, to correspond to the
 SSL_peak() way we use with OpenSSL.

-
-9. SMTP
-
-9.1 Specify the preferred authentication mechanism
-
- Add the ability to specify the preferred authentication mechanism or a list
- of mechanisms that should be used. Not only that, but the order that is
- returned by the server during the EHLO response should be honored by curl.
-
-9.2 Initial response
-
- Add the ability for the user to specify whether the initial response is
- included in the AUTH command. Some email servers, such as Microsoft
- Exchange, can work with either whilst others need to have the initial
- response sent separately:
-
- http://curl.haxx.se/mail/lib-2012-03/0114.html
-
-9.3 Pipelining
-
- Add support for pipelining emails.
-
-10. POP3
-
-10.1 auth= in URLs
-
- Being able to specify the preferred authentication mechanism in the URL as
- per RFC2384.
-
-11. LDAP
-
-11.1 SASL based authentication mechanisms
-
- Currently the LDAP module only supports ldap_simple_bind_s() in order to bind
- to an LDAP server. However, this function sends username and password details
- using the simple authentication mechanism (as clear text). However, it should
- be possible to use ldap_bind_s() instead specifing the security context
- information ourselves.
-
-12. Other protocols
-
-13. New protocols
-
-13.1 RSYNC
-
- There's no RFC for the protocol or an URI/URL format.  An implementation
- should most probably use an existing rsync library, such as librsync.
-
 14. SASL

 14.1 Other authentication mechanisms

- Add support for gssapi to SMTP, POP3 and IMAP.
+ Add support for GSSAPI to SMTP, POP3 and IMAP.

 15. Client

--- a/docs/examples/Makefile.am
+++ b/docs/examples/Makefile.am
@@ -43,7 +43,6 @@ LIBDIR = $(top_builddir)/lib
 # Avoid libcurl obsolete stuff
 AM_CPPFLAGS += -DCURL_NO_OLDIES

-# Mostly for Windows build targets, when using static libcurl
 if USE_CPPFLAG_CURL_STATICLIB
 AM_CPPFLAGS += -DCURL_STATICLIB
 endif
--- a/docs/examples/Makefile.inc
+++ b/docs/examples/Makefile.inc
@@ -12,4 +12,5 @@ check_PROGRAMS = 10-at-a-time anyauthput cookie_interface debug fileupload \
 COMPLICATED_EXAMPLES = curlgtk.c curlx.c htmltitle.cpp cacertinmem.c	   \
  ftpuploadresume.c ghiper.c hiperfifo.c htmltidy.c multithread.c	   \
  opensslthreadlock.c sampleconv.c synctime.c threaded-ssl.c evhiperfifo.c \
-  smooth-gtk-thread.c version-check.pl href_extractor.c asiohiper.cpp
+  smooth-gtk-thread.c version-check.pl href_extractor.c asiohiper.cpp \
+  multi-uv.c
--- a/docs/examples/Makefile.m32
+++ b/docs/examples/Makefile.m32
@@ -38,7 +38,7 @@ ZLIB_PATH = ../../../zlib-1.2.7
 endif
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../../openssl-0.9.8x
+OPENSSL_PATH = ../../../openssl-0.9.8y
 endif
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
--- a/docs/examples/Makefile.netware
+++ b/docs/examples/Makefile.netware
@@ -19,7 +19,7 @@ endif

 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../../openssl-0.9.8x
+OPENSSL_PATH = ../../../openssl-0.9.8y
 endif

 # Edit the path below to point to the base of your LibSSH2 package.
--- a/docs/examples/README
+++ b/docs/examples/README
@@ -61,6 +61,7 @@ multi-debugcallback.c - a multi-interface app using the debug callback
 multi-double.c - a multi-interface app doing two simultaneous transfers
 multi-post.c   - a multi-interface app doing a multipart formpost
 multi-single.c - a multi-interface app getting a single file
+multi-uv.c     - a multi-interface app using libuv
 multithread.c  - an example using multi-treading transferring multiple files
 opensslthreadlock.c - show how to do locking when using OpenSSL multi-threaded
 persistant.c   - request two URLs with a persistent connection
--- a/docs/examples/chkspeed.c
+++ b/docs/examples/chkspeed.c
@@ -60,7 +60,7 @@ int main(int argc, char *argv[])
 {
  CURL *curl_handle;
  CURLcode res;
-  int prtsep = 0, prttime = 0;
+  int prtall = 0, prtsep = 0, prttime = 0;
  const char *url = URL_1M;
  char *appname = argv[0];

@@ -77,6 +77,8 @@ int main(int argc, char *argv[])
          fprintf(stderr, "\r%s %s - %s\n",
                  appname, CHKSPEED_VERSION, curl_version());
          exit(1);
+        } else if (strncasecmp(*argv, "-A", 2) == 0) {
+          prtall = 1;
        } else if (strncasecmp(*argv, "-X", 2) == 0) {
          prtsep = 1;
        } else if (strncasecmp(*argv, "-T", 2) == 0) {
@@ -161,6 +163,18 @@ int main(int argc, char *argv[])
    if((CURLE_OK == res) && (val>0))
      printf("Average download speed: %0.3f kbyte/sec.\n", val / 1024);

+    if (prtall) {
+      /* check for name resolution time */
+      res = curl_easy_getinfo(curl_handle, CURLINFO_NAMELOOKUP_TIME, &val);
+      if((CURLE_OK == res) && (val>0))
+        printf("Name lookup time: %0.3f sec.\n", val);
+
+      /* check for connect time */
+      res = curl_easy_getinfo(curl_handle, CURLINFO_CONNECT_TIME, &val);
+      if((CURLE_OK == res) && (val>0))
+        printf("Connect time: %0.3f sec.\n", val);
+    }
+
  } else {
    fprintf(stderr, "Error while fetching '%s' : %s\n",
            url, curl_easy_strerror(res));
--- a/docs/examples/getinmemory.c
+++ b/docs/examples/getinmemory.c
@@ -42,10 +42,10 @@ WriteMemoryCallback(void *contents, size_t size, size_t nmemb, void *userp)
  struct MemoryStruct *mem = (struct MemoryStruct *)userp;

  mem->memory = realloc(mem->memory, mem->size + realsize + 1);
-  if (mem->memory == NULL) {
+  if(mem->memory == NULL) {
    /* out of memory! */
    printf("not enough memory (realloc returned NULL)\n");
-    exit(EXIT_FAILURE);
+    return 0;
  }

  memcpy(&(mem->memory[mem->size]), contents, realsize);
@@ -59,6 +59,7 @@ WriteMemoryCallback(void *contents, size_t size, size_t nmemb, void *userp)
 int main(void)
 {
  CURL *curl_handle;
+  CURLcode res;

  struct MemoryStruct chunk;

@@ -84,24 +85,31 @@ int main(void)
  curl_easy_setopt(curl_handle, CURLOPT_USERAGENT, "libcurl-agent/1.0");

  /* get it! */
-  curl_easy_perform(curl_handle);
+  res = curl_easy_perform(curl_handle);
+
+  /* check for errors */
+  if(res != CURLE_OK) {
+    fprintf(stderr, "curl_easy_perform() failed: %s\n",
+            curl_easy_strerror(res));
+  }
+  else {
+    /*
+     * Now, our chunk.memory points to a memory block that is chunk.size
+     * bytes big and contains the remote file.
+     *
+     * Do something nice with it!
+     *
+     * You should be aware of the fact that at this point we might have an
+     * allocated data block, and nothing has yet deallocated that data. So when
+     * you're done with it, you should free() it as a nice application.
+     */
+
+    printf("%lu bytes retrieved\n", (long)chunk.size);
+  }

  /* cleanup curl stuff */
  curl_easy_cleanup(curl_handle);

-  /*
-   * Now, our chunk.memory points to a memory block that is chunk.size
-   * bytes big and contains the remote file.
-   *
-   * Do something nice with it!
-   *
-   * You should be aware of the fact that at this point we might have an
-   * allocated data block, and nothing has yet deallocated that data. So when
-   * you're done with it, you should free() it as a nice application.
-   */
-
-  printf("%lu bytes retrieved\n", (long)chunk.size);
-
  if(chunk.memory)
    free(chunk.memory);

--- a/docs/examples/hiperfifo.c
+++ b/docs/examples/hiperfifo.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -24,7 +24,7 @@

 Written by Jeff Pohlmeyer

-Requires libevent and a (POSIX?) system that has mkfifo().
+Requires libevent version 2 and a (POSIX?) system that has mkfifo().

 This is an adaptation of libcurl's "hipev.c" and libevent's "event-test.c"
 sample programs.
@@ -61,7 +61,7 @@ callback.
 #include <unistd.h>
 #include <sys/poll.h>
 #include <curl/curl.h>
-#include <event.h>
+#include <event2/event.h>
 #include <fcntl.h>
 #include <sys/stat.h>
 #include <errno.h>
@@ -71,9 +71,11 @@ callback.


 /* Global information, common to all connections */
-typedef struct _GlobalInfo {
-  struct event fifo_event;
-  struct event timer_event;
+typedef struct _GlobalInfo
+{
+  struct event_base *evbase;
+  struct event *fifo_event;
+  struct event *timer_event;
  CURLM *multi;
  int still_running;
  FILE* input;
@@ -81,7 +83,8 @@ typedef struct _GlobalInfo {


 /* Information associated with a specific easy handle */
-typedef struct _ConnInfo {
+typedef struct _ConnInfo
+{
  CURL *easy;
  char *url;
  GlobalInfo *global;
@@ -90,12 +93,13 @@ typedef struct _ConnInfo {


 /* Information associated with a specific socket */
-typedef struct _SockInfo {
+typedef struct _SockInfo
+{
  curl_socket_t sockfd;
  CURL *easy;
  int action;
  long timeout;
-  struct event ev;
+  struct event *ev;
  int evset;
  GlobalInfo *global;
 } SockInfo;
@@ -111,7 +115,7 @@ static int multi_timer_cb(CURLM *multi, long timeout_ms, GlobalInfo *g)
  timeout.tv_sec = timeout_ms/1000;
  timeout.tv_usec = (timeout_ms%1000)*1000;
  fprintf(MSG_OUT, "multi_timer_cb: Setting timeout to %ld ms\n", timeout_ms);
-  evtimer_add(&g->timer_event, &timeout);
+  evtimer_add(g->timer_event, &timeout);
  return 0;
 }

@@ -186,8 +190,8 @@ static void event_cb(int fd, short kind, void *userp)
  check_multi_info(g);
  if ( g->still_running <= 0 ) {
    fprintf(MSG_OUT, "last transfer done, kill timeout\n");
-    if (evtimer_pending(&g->timer_event, NULL)) {
-      evtimer_del(&g->timer_event);
+    if (evtimer_pending(g->timer_event, NULL)) {
+      evtimer_del(g->timer_event);
    }
  }
 }
@@ -215,7 +219,7 @@ static void remsock(SockInfo *f)
 {
  if (f) {
    if (f->evset)
-      event_del(&f->ev);
+      event_free(f->ev);
    free(f);
  }
 }
@@ -232,16 +236,17 @@ static void setsock(SockInfo*f, curl_socket_t s, CURL*e, int act, GlobalInfo*g)
  f->action = act;
  f->easy = e;
  if (f->evset)
-    event_del(&f->ev);
-  event_set(&f->ev, f->sockfd, kind, event_cb, g);
-  f->evset=1;
-  event_add(&f->ev, NULL);
+    event_free(f->ev);
+  f->ev = event_new(g->evbase, f->sockfd, kind, event_cb, g);
+  f->evset = 1;
+  event_add(f->ev, NULL);
 }



 /* Initialize a new SockInfo structure */
-static void addsock(curl_socket_t s, CURL *easy, int action, GlobalInfo *g) {
+static void addsock(curl_socket_t s, CURL *easy, int action, GlobalInfo *g)
+{
  SockInfo *fdp = calloc(sizeof(SockInfo), 1);

  fdp->global = g;
@@ -359,10 +364,10 @@ static void fifo_cb(int fd, short event, void *arg)
 }

 /* Create a named pipe and tell libevent to monitor it */
+static const char *fifo = "hiper.fifo";
 static int init_fifo (GlobalInfo *g)
 {
  struct stat st;
-  static const char *fifo = "hiper.fifo";
  curl_socket_t sockfd;

  fprintf(MSG_OUT, "Creating named pipe \"%s\"\n", fifo);
@@ -386,11 +391,18 @@ static int init_fifo (GlobalInfo *g)
  g->input = fdopen(sockfd, "r");

  fprintf(MSG_OUT, "Now, pipe some URL's into > %s\n", fifo);
-  event_set(&g->fifo_event, sockfd, EV_READ | EV_PERSIST, fifo_cb, g);
-  event_add(&g->fifo_event, NULL);
+  g->fifo_event = event_new(g->evbase, sockfd, EV_READ|EV_PERSIST, fifo_cb, g);
+  event_add(g->fifo_event, NULL);
  return (0);
 }

+static void clean_fifo(GlobalInfo *g)
+{
+    event_free(g->fifo_event);
+    fclose(g->input);
+    unlink(fifo);
+}
+
 int main(int argc, char **argv)
 {
  GlobalInfo g;
@@ -398,10 +410,10 @@ int main(int argc, char **argv)
  (void)argv;

  memset(&g, 0, sizeof(GlobalInfo));
-  event_init();
+  g.evbase = event_base_new();
  init_fifo(&g);
  g.multi = curl_multi_init();
-  evtimer_set(&g.timer_event, timer_cb, &g);
+  g.timer_event = evtimer_new(g.evbase, timer_cb, &g);

  /* setup the generic multi interface options we want */
  curl_multi_setopt(g.multi, CURLMOPT_SOCKETFUNCTION, sock_cb);
@@ -412,7 +424,13 @@ int main(int argc, char **argv)
  /* we don't call any curl_multi_socket*() function yet as we have no handles
     added! */

-  event_dispatch();
+  event_base_dispatch(g.evbase);
+
+  /* this, of course, won't get called since only way to stop this program is
+     via ctrl-C, but it is here to show how cleanup /would/ be done. */
+  clean_fifo(&g);
+  event_free(g.timer_event);
+  event_base_free(g.evbase);
  curl_multi_cleanup(g.multi);
  return 0;
 }
--- a/docs/examples/htmltitle.cpp
+++ b/docs/examples/htmltitle.cpp
@@ -25,7 +25,7 @@
 //
 // GNU C++ compile command line suggestion (edit paths accordingly):
 //
-// g++ -Wall -I/opt/curl/include -I/opt/libxml/include/libxml2 htmltitle.cc \
+// g++ -Wall -I/opt/curl/include -I/opt/libxml/include/libxml2 htmltitle.cpp \
 // -o htmltitle -L/opt/curl/lib -L/opt/libxml/lib -lcurl -lxml2

 #include <stdio.h>
--- a/docs/examples/multi-single.c
+++ b/docs/examples/multi-single.c
@@ -41,6 +41,8 @@ int main(void)

  int still_running; /* keep number of running handles */

+  curl_global_init(CURL_GLOBAL_DEFAULT);
+
  http_handle = curl_easy_init();

  /* set the options (I left out a few, you'll get the point anyway) */
@@ -108,9 +110,13 @@ int main(void)
    }
  } while(still_running);

-  curl_multi_cleanup(multi_handle);
+  curl_multi_remove_handle(multi_handle, http_handle);

  curl_easy_cleanup(http_handle);

+  curl_multi_cleanup(multi_handle);
+
+  curl_global_cleanup();
+
  return 0;
 }
--- a/docs/examples/multi-uv.c
+++ b/docs/examples/multi-uv.c
@@ -0,0 +1,212 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/* Example application code using the multi socket interface to download
+   multiple files at once, but instead of using curl_multi_perform and
+   curl_multi_wait, which uses select(), we use libuv.
+   It supports epoll, kqueue, etc. on unixes and fast IO completion ports on
+   Windows, which means, it should be very fast on all platforms..
+
+   Written by Clemens Gruber, based on an outdated example from uvbook and
+   some tests from libuv.
+
+   Requires libuv and (of course) libcurl.
+
+   See http://nikhilm.github.com/uvbook/ for more information on libuv.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <uv.h>
+#include <curl/curl.h>
+
+uv_loop_t *loop;
+CURLM *curl_handle;
+uv_timer_t timeout;
+
+typedef struct curl_context_s {
+  uv_poll_t poll_handle;
+  curl_socket_t sockfd;
+} curl_context_t;
+
+curl_context_t* create_curl_context(curl_socket_t sockfd)
+{
+  curl_context_t *context;
+
+  context = (curl_context_t *) malloc(sizeof *context);
+
+  context->sockfd = sockfd;
+
+  uv_poll_init_socket(loop, &context->poll_handle, sockfd);
+  context->poll_handle.data = context;
+
+  return context;
+}
+
+void curl_close_cb(uv_handle_t *handle)
+{
+  curl_context_t* context = (curl_context_t*) handle->data;
+  free(context);
+}
+
+void destroy_curl_context(curl_context_t *context)
+{
+  uv_close((uv_handle_t*) &context->poll_handle, curl_close_cb);
+}
+
+
+void add_download(const char *url, int num)
+{
+  char filename[50];
+  FILE *file;
+  CURL *handle;
+
+  sprintf(filename, "%d.download", num);
+
+  file = fopen(filename, "w");
+  if (file == NULL) {
+    fprintf(stderr, "Error opening %s\n", filename);
+    return;
+  }
+
+  handle = curl_easy_init();
+  curl_easy_setopt(handle, CURLOPT_WRITEDATA, file);
+  curl_easy_setopt(handle, CURLOPT_URL, url);
+  curl_multi_add_handle(curl_handle, handle);
+  fprintf(stderr, "Added download %s -> %s\n", url, filename);
+}
+
+void curl_perform(uv_poll_t *req, int status, int events)
+{
+  int running_handles;
+  int flags = 0;
+  curl_context_t *context;
+  char *done_url;
+  CURLMsg *message;
+  int pending;
+
+  uv_timer_stop(&timeout);
+
+  if (events & UV_READABLE)
+    flags |= CURL_CSELECT_IN;
+  if (events & UV_WRITABLE)
+    flags |= CURL_CSELECT_OUT;
+
+  context = (curl_context_t*)req;
+
+  curl_multi_socket_action(curl_handle, context->sockfd, flags,
+                           &running_handles);
+
+  while ((message = curl_multi_info_read(curl_handle, &pending))) {
+    switch (message->msg) {
+    case CURLMSG_DONE:
+      curl_easy_getinfo(message->easy_handle, CURLINFO_EFFECTIVE_URL,
+                        &done_url);
+      printf("%s DONE\n", done_url);
+
+      curl_multi_remove_handle(curl_handle, message->easy_handle);
+      curl_easy_cleanup(message->easy_handle);
+
+      break;
+    default:
+      fprintf(stderr, "CURLMSG default\n");
+      abort();
+    }
+  }
+}
+
+void on_timeout(uv_timer_t *req, int status)
+{
+  int running_handles;
+  curl_multi_socket_action(curl_handle, CURL_SOCKET_TIMEOUT, 0,
+                           &running_handles);
+}
+
+void start_timeout(CURLM *multi, long timeout_ms, void *userp)
+{
+  if (timeout_ms <= 0)
+    timeout_ms = 1; /* 0 means directly call socket_action, but we'll do it in
+                       a bit */
+  uv_timer_start(&timeout, on_timeout, timeout_ms, 0);
+}
+
+int handle_socket(CURL *easy, curl_socket_t s, int action, void *userp,
+                  void *socketp)
+{
+  curl_context_t *curl_context;
+  if (action == CURL_POLL_IN || action == CURL_POLL_OUT) {
+    if (socketp) {
+      curl_context = (curl_context_t*) socketp;
+    }
+    else {
+      curl_context = create_curl_context(s);
+    }
+    curl_multi_assign(curl_handle, s, (void *) curl_context);
+  }
+
+  switch (action) {
+  case CURL_POLL_IN:
+    uv_poll_start(&curl_context->poll_handle, UV_READABLE, curl_perform);
+    break;
+  case CURL_POLL_OUT:
+    uv_poll_start(&curl_context->poll_handle, UV_WRITABLE, curl_perform);
+    break;
+  case CURL_POLL_REMOVE:
+    if (socketp) {
+      uv_poll_stop(&((curl_context_t*)socketp)->poll_handle);
+      destroy_curl_context((curl_context_t*) socketp);
+      curl_multi_assign(curl_handle, s, NULL);
+    }
+    break;
+  default:
+    abort();
+  }
+
+  return 0;
+}
+
+int main(int argc, char **argv)
+{
+  loop = uv_default_loop();
+
+  if (argc <= 1)
+    return 0;
+
+  if (curl_global_init(CURL_GLOBAL_ALL)) {
+    fprintf(stderr, "Could not init cURL\n");
+    return 1;
+  }
+
+  uv_timer_init(loop, &timeout);
+
+  curl_handle = curl_multi_init();
+  curl_multi_setopt(curl_handle, CURLMOPT_SOCKETFUNCTION, handle_socket);
+  curl_multi_setopt(curl_handle, CURLMOPT_TIMERFUNCTION, start_timeout);
+
+  while (argc-- > 1) {
+    add_download(argv[argc], argc);
+  }
+
+  uv_run(loop, UV_RUN_DEFAULT);
+  curl_multi_cleanup(curl_handle);
+  return 0;
+}
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -58,7 +58,8 @@ The \fIhandle\fP is the return code from a \fIcurl_easy_init(3)\fP or
 Set the parameter to 1 to get the library to display a lot of verbose
 information about its operations. Very useful for libcurl and/or protocol
 debugging and understanding. The verbose information will be sent to stderr,
-or the stream set with \fICURLOPT_STDERR\fP.
+or the stream set with \fICURLOPT_STDERR\fP. The default value for this
+parameter is 0.

 You hardly ever want this set in production use, you will almost always want
 this when you debug/report problems. Another neat option for debugging is the
@@ -66,11 +67,11 @@ this when you debug/report problems. Another neat option for debugging is the
 .IP CURLOPT_HEADER
 A parameter set to 1 tells the library to include the header in the body
 output. This is only relevant for protocols that actually have headers
-preceding the data (like HTTP).
+preceding the data (like HTTP). The default value for this parameter is 0.
 .IP CURLOPT_NOPROGRESS
 Pass a long. If set to 1, it tells the library to shut off the progress meter
 completely. It will also prevent the \fICURLOPT_PROGRESSFUNCTION\fP from
-getting called.
+getting called. The default value for this parameter is 1.

 Future versions of libcurl are likely to not have any built-in progress meter
 at all.
@@ -79,6 +80,7 @@ Pass a long. If it is 1, libcurl will not use any functions that
 install signal handlers or any functions that cause signals to be sent to the
 process. This option is mainly here to allow multi-threaded unix applications
 to still set/use all timeout options etc, without risking getting signals.
+The default value for this parameter is 0.
 (Added in 7.10)

 If this option is set and libcurl has been built with the standard name
@@ -180,8 +182,9 @@ means 100K.
 .IP CURLOPT_WRITEDATA
 Data pointer to pass to the file write function. If you use the
 \fICURLOPT_WRITEFUNCTION\fP option, this is the pointer you'll get as
-input. If you don't use a callback, you must pass a 'FILE *' as libcurl will
-pass this to fwrite() when writing data.
+input. If you don't use a callback, you must pass a 'FILE *' (cast
+to 'void *') as libcurl will pass this to fwrite() when writing data.
+By default, the value of this parameter is unspecified.

 The internal \fICURLOPT_WRITEFUNCTION\fP will write the data to the FILE *
 given with this option, or to stdout if this option hasn't been set.
@@ -226,7 +229,7 @@ userdata set with \fICURLOPT_READDATA\fP.
 Data pointer to pass to the file read function. If you use the
 \fICURLOPT_READFUNCTION\fP option, this is the pointer you'll get as input. If
 you don't specify a read callback but instead rely on the default internal
-read function, this data must be a valid readable FILE *.
+read function, this data must be a valid readable FILE * (cast to 'void *').

 If you're using libcurl as a win32 DLL, you MUST use a
 \fICURLOPT_READFUNCTION\fP if you set this option.
@@ -240,13 +243,15 @@ gets called by libcurl when something special I/O-related needs to be done
 that the library can't do by itself. For now, rewinding the read data stream
 is the only action it can request. The rewinding of the read data stream may
 be necessary when doing a HTTP PUT or POST with a multi-pass authentication
-method.  (Option added in 7.12.3).
+method. By default, this parameter is set to NULL.  (Option added in 7.12.3).

-Use \fICURLOPT_SEEKFUNCTION\fP instead to provide seeking!
+Use \fICURLOPT_SEEKFUNCTION\fP instead to provide seeking! If
+\fICURLOPT_SEEKFUNCTION\fP is set, this parameter will be ignored when seeking.
 .IP CURLOPT_IOCTLDATA
 Pass a pointer that will be untouched by libcurl and passed as the 3rd
-argument in the ioctl callback set with \fICURLOPT_IOCTLFUNCTION\fP.  (Option
-added in 7.12.3)
+argument in the ioctl callback set with \fICURLOPT_IOCTLFUNCTION\fP.
+By default, the value of this parameter is unspecified.  (Option added in
+7.12.3)
 .IP CURLOPT_SEEKFUNCTION
 Pass a pointer to a function that matches the following prototype: \fBint
 function(void *instream, curl_off_t offset, int origin);\fP This function gets
@@ -262,6 +267,8 @@ success, 1 (CURL_SEEKFUNC_FAIL) to cause the upload operation to fail or 2
 free to work around the problem if possible. The latter can sometimes be done
 by instead reading from the input or similar.

+By default, this parameter is unset.
+
 If you forward the input arguments directly to "fseek" or "lseek", note that
 the data type for \fIoffset\fP is not the same as defined for curl_off_t on
 many systems! (Option added in 7.18.0)
@@ -271,7 +278,8 @@ Data pointer to pass to the file seek function. If you use the
 you don't specify a seek callback, NULL is passed. (Option added in 7.18.0)
 .IP CURLOPT_SOCKOPTFUNCTION
 Pass a pointer to a function that matches the following prototype: \fBint
-function(void *clientp, curl_socket_t curlfd, curlsocktype purpose);\fP. This
+function(void *clientp, curl_socket_t curlfd, curlsocktype purpose);\fP. By
+default, this parameter is unset. If set, this
 function gets called by libcurl after the socket() call but before the
 connect() call. The callback's \fIpurpose\fP argument identifies the exact
 purpose for this particular socket:
@@ -293,6 +301,7 @@ in fact already connected and then libcurl will not attempt to connect it.
 .IP CURLOPT_SOCKOPTDATA
 Pass a pointer that will be untouched by libcurl and passed as the first
 argument in the sockopt callback set with \fICURLOPT_SOCKOPTFUNCTION\fP.
+The default value of this parameter is unspecified.
 (Option added in 7.16.0)
 .IP CURLOPT_OPENSOCKETFUNCTION
 Pass a pointer to a function that matches the following prototype:
@@ -317,6 +326,7 @@ blacklisting.  The default behavior is:
 .IP CURLOPT_OPENSOCKETDATA
 Pass a pointer that will be untouched by libcurl and passed as the first
 argument in the opensocket callback set with \fICURLOPT_OPENSOCKETFUNCTION\fP.
+The default value of this parameter is unspecified.
 (Option added in 7.17.1.)
 .IP CURLOPT_CLOSESOCKETFUNCTION
 Pass a pointer to a function that matches the following prototype: \fBint
@@ -328,7 +338,9 @@ success and 1 if there was an error.  (Option added in 7.21.7)
 .IP CURLOPT_CLOSESOCKETDATA
 Pass a pointer that will be untouched by libcurl and passed as the first
 argument in the closesocket callback set with
-\fICURLOPT_CLOSESOCKETFUNCTION\fP.  (Option added in 7.21.7)
+\fICURLOPT_CLOSESOCKETFUNCTION\fP.
+The default value of this parameter is unspecified.
+(Option added in 7.21.7)
 .IP CURLOPT_PROGRESSFUNCTION
 Pass a pointer to a function that matches the following prototype: \fBint
 function(void *clientp, double dltotal, double dlnow, double ultotal, double
@@ -349,6 +361,7 @@ get called.
 .IP CURLOPT_PROGRESSDATA
 Pass a pointer that will be untouched by libcurl and passed as the first
 argument in the progress callback set with \fICURLOPT_PROGRESSFUNCTION\fP.
+The default value of this parameter is unspecified.
 .IP CURLOPT_HEADERFUNCTION
 Pass a pointer to a function that matches the following prototype:
 \fBsize_t function( void *ptr, size_t size, size_t nmemb, void
@@ -714,12 +727,39 @@ the HELO / EHLO command to the mail server at example.com.

 .B POP3

-The path part of a POP3 request specifies the mailbox (message) to retrieve.
-If the mailbox is not specified then a list of waiting messages is returned
-instead.
+The path part of a POP3 request specifies the message ID to retrieve. If the
+ID is not specified then a list of waiting messages is returned instead.

-pop3://user:password@mail.example.com - This lists the available messages
-pop3://user:password@mail.example.com/1 - This retrieves the first message
+pop3://user:password@mail.example.com - This lists the available messages for
+the user
+
+pop3://user:password@mail.example.com/1 - This retrieves the first message for
+the user
+
+.B IMAP
+
+The path part of an IMAP request not only specifies the mailbox to list (Added
+in 7.30.0) or select, but can also be used to check the UIDVALIDITY of the
+mailbox and to specify the UID and SECTION of the message to fetch (Added in
+7.30.0).
+
+imap://user:password@mail.example.com - Performs a top level folder list
+
+imap://user:password@mail.example.com/INBOX - Performs a folder list on the
+user's inbox
+
+imap://user:password@mail.example.com/INBOX/;UID=1 - Selects the user's inbox
+and fetches message 1
+
+imap://user:password@mail.example.com/INBOX;UIDVALIDITY=50/;UID=2 - Selects
+the user's inbox, checks the UIDVALIDITY of the mailbox is 50 and fetches
+message 2 if it is
+
+imap://user:password@mail.example.com/INBOX/;UID=3/;SECTION=TEXT - Selects the
+user's inbox and fetches message 3 with only the text portion of the message
+
+For more information about the individual components of an IMAP URL please
+see RFC5092.

 .B SCP

@@ -1445,7 +1485,7 @@ to GET. Usable if a POST, HEAD, PUT, or a custom request has been used
 previously using the same curl handle.

 When setting \fICURLOPT_HTTPGET\fP to 1, it will automatically set
-\fICURLOPT_NOBODY\fP to 0 (since 7.14.1).
+\fICURLOPT_NOBODY\fP to 0 and \fICURLOPT_UPLOAD\fP to 0.
 .IP CURLOPT_HTTP_VERSION
 Pass a long, set to one of the values described below. They force libcurl to
 use the specific HTTP versions. This is not sensible to do unless you have a
@@ -1468,8 +1508,8 @@ connection. (added in 7.14.1)
 .IP CURLOPT_HTTP_CONTENT_DECODING
 Pass a long to tell libcurl how to act on content decoding. If set to zero,
 content decoding will be disabled. If set to 1 it is enabled. Libcurl has no
-default content decoding but requires you to use \fICURLOPT_ENCODING\fP for
-that. (added in 7.16.2)
+default content decoding but requires you to use \fICURLOPT_ACCEPT_ENCODING\fP
+for that. (added in 7.16.2)
 .IP CURLOPT_HTTP_TRANSFER_DECODING
 Pass a long to tell libcurl how to act on transfer decoding. If set to zero,
 transfer decoding will be disabled, if set to 1 it is enabled
--- a/docs/libcurl/curl_global_init.3
+++ b/docs/libcurl/curl_global_init.3
@@ -56,7 +56,8 @@ details of how to use this function.
 .SH FLAGS
 .TP 5
 .B CURL_GLOBAL_ALL
-Initialize everything possible. This sets all known bits.
+Initialize everything possible. This sets all known bits except
+\fBCURL_GLOBAL_ACK_EINTR\fP.
 .TP
 .B CURL_GLOBAL_SSL
 Initialize SSL
@@ -70,6 +71,10 @@ Initialise nothing extra. This sets no bit.
 .B CURL_GLOBAL_DEFAULT
 A sensible default. It will init both SSL and Win32. Right now, this equals
 the functionality of the \fBCURL_GLOBAL_ALL\fP mask.
+.TP
+.B CURL_GLOBAL_ACK_EINTR
+When this flag is set, curl will acknowledge EINTR condition when connecting
+or when waiting for data.  Otherwise, curl waits until full timeout elapses.
 .SH RETURN VALUE
 If this function returns non-zero, something went wrong and you cannot use the
 other curl functions.
--- a/docs/libcurl/curl_multi_cleanup.3
+++ b/docs/libcurl/curl_multi_cleanup.3
@@ -41,6 +41,7 @@ handle is no longer connected to the multi handle
 3 - \fIcurl_multi_cleanup(3)\fP should be called when all easy handles are
 removed
 .SH RETURN VALUE
-CURLMcode type, general libcurl multi interface error code.
+CURLMcode type, general libcurl multi interface error code. On success,
+CURLM_OK is returned.
 .SH "SEE ALSO"
 .BR curl_multi_init "(3)," curl_easy_cleanup "(3)," curl_easy_init "(3)"
--- a/docs/libcurl/curl_multi_setopt.3
+++ b/docs/libcurl/curl_multi_setopt.3
@@ -49,7 +49,7 @@ argument with \fICURLMOPT_SOCKETDATA\fP.  See \fIcurl_multi_socket(3)\fP for
 more callback details.
 .IP CURLMOPT_SOCKETDATA
 Pass a pointer to whatever you want passed to the \fBcurl_socket_callback\fP's
-forth argument, the userp pointer. This is not used by libcurl but only
+fourth argument, the userp pointer. This is not used by libcurl but only
 passed-thru as-is. Set the callback pointer with
 \fICURLMOPT_SOCKETFUNCTION\fP.
 .IP CURLMOPT_PIPELINING
@@ -61,14 +61,17 @@ on the same connection rather than being executed in parallel. (Added in
 7.16.0)
 .IP CURLMOPT_TIMERFUNCTION
 Pass a pointer to a function matching the \fBcurl_multi_timer_callback\fP
-prototype.  This function will then be called when the timeout value
+prototype: int curl_multi_timer_callback(CURLM *multi /* multi handle */,
+long timeout_ms /* timeout in milliseconds */, void *userp /* TIMERDATA */).
+This function will then be called when the timeout value
 changes. The timeout value is at what latest time the application should call
 one of the \&"performing" functions of the multi interface
 (\fIcurl_multi_socket_action(3)\fP and \fIcurl_multi_perform(3)\fP) - to allow
 libcurl to keep timeouts and retries etc to work. A timeout value of -1 means
 that there is no timeout at all, and 0 means that the timeout is already
 reached. Libcurl attempts to limit calling this only when the fixed future
-timeout time actually changes. See also \fICURLMOPT_TIMERDATA\fP. This
+timeout time actually changes. See also \fICURLMOPT_TIMERDATA\fP. The callback
+should return 0 on success, and -1 on error. This
 callback can be used instead of, or in addition to,
 \fIcurl_multi_timeout(3)\fP. (Added in 7.16.0)
 .IP CURLMOPT_TIMERDATA
@@ -92,6 +95,112 @@ This option is for the multi handle's use only, when using the easy interface
 you should instead use the \fICURLOPT_MAXCONNECTS\fP option.

 (Added in 7.16.3)
+.IP CURLMOPT_MAX_HOST_CONNECTIONS
+Pass a long. The set number will be used as the maximum amount of
+simultaneously open connections to a single host. For each new session to
+a host, libcurl will open a new connection up to the limit set by
+CURLMOPT_MAX_HOST_CONNECTIONS. When the limit is reached, the sessions will
+be pending until there are available connections. If CURLMOPT_PIPELINING is
+1, libcurl will try to pipeline if the host is capable of it.
+
+The default value is 0, which means that there is no limit.
+However, for backwards compatibility, setting it to 0 when CURLMOPT_PIPELINING
+is 1 will not be treated as unlimited. Instead it will open only 1 connection
+and try to pipeline on it.
+
+(Added in 7.30.0)
+.IP CURLMOPT_MAX_PIPELINE_LENGTH
+Pass a long. The set number will be used as the maximum amount of requests
+in a pipelined connection. When this limit is reached, libcurl will use another
+connection to the same host (see CURLMOPT_MAX_HOST_CONNECTIONS), or queue the
+requests until one of the pipelines to the host is ready to accept a request.
+Thus, the total number of requests in-flight is CURLMOPT_MAX_HOST_CONNECTIONS *
+CURLMOPT_MAX_PIPELINE_LENGTH.
+The default value is 5.
+
+(Added in 7.30.0)
+.IP CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE
+Pass a long. If a pipelined connection is currently processing a request
+with a Content-Length larger than CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, that
+connection will not be considered for additional requests, even if it is
+shorter than CURLMOPT_MAX_PIPELINE_LENGTH.
+The default value is 0, which means that the penalization is inactive.
+
+(Added in 7.30.0)
+.IP CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE
+Pass a long. If a pipelined connection is currently processing a
+chunked (Transfer-encoding: chunked) request with a current chunk length
+larger than CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, that connection will not be
+considered for additional requests, even if it is shorter than
+CURLMOPT_MAX_PIPELINE_LENGTH.
+The default value is 0, which means that the penalization is inactive.
+
+(Added in 7.30.0)
+.IP CURLMOPT_PIPELINING_SITE_BL
+Pass an array of char *, ending with NULL. This is a list of sites that are
+blacklisted from pipelining, i.e sites that are known to not support HTTP
+pipelining. The array is copied by libcurl.
+
+The default value is NULL, which means that there is no blacklist.
+
+Pass a NULL pointer to clear the blacklist.
+
+Example:
+
+.nf
+  site_blacklist[] =
+  {
+    "www.haxx.se",
+    "www.example.com:1234",
+    NULL
+  };
+
+  curl_multi_setopt(m, CURLMOPT_PIPELINE_SITE_BL, site_blacklist);
+.fi
+
+(Added in 7.30.0)
+.IP CURLMOPT_PIPELINING_SERVER_BL
+Pass an array of char *, ending with NULL. This is a list of server types
+prefixes (in the Server: HTTP header) that are blacklisted from pipelining,
+i.e server types that are known to not support HTTP pipelining. The array is
+copied by libcurl.
+
+Note that the comparison matches if the Server: header begins with the string
+in the blacklist, i.e "Server: Ninja 1.2.3" and "Server: Ninja 1.4.0" can 
+both be blacklisted by having "Ninja" in the backlist.
+
+The default value is NULL, which means that there is no blacklist.
+
+Pass a NULL pointer to clear the blacklist.
+
+Example:
+
+.nf
+  server_blacklist[] =
+  {
+    "Microsoft-IIS/6.0",
+    "nginx/0.8.54",
+    NULL
+  };
+
+  curl_multi_setopt(m, CURLMOPT_PIPELINE_SERVER_BL, server_blacklist);
+.fi
+
+(Added in 7.30.0)
+.IP CURLMOPT_MAX_TOTAL_CONNECTIONS
+Pass a long. The set number will be used as the maximum amount of
+simultaneously open connections in total. For each new session, libcurl
+will open a new connection up to the limit set by
+CURLMOPT_MAX_TOTAL_CONNECTIONS. When the limit is reached, the sessions will
+be pending until there are available connections. If CURLMOPT_PIPELINING is
+1, libcurl will try to pipeline if the host is capable of it.
+
+The default value is 0, which means that there is no limit.
+However, for backwards compatibility, setting it to 0 when CURLMOPT_PIPELINING
+is 1 will not be treated as unlimited. Instead it will open only 1 connection
+and try to pipeline on it.
+
+(Added in 7.30.0)
 .SH RETURNS
 The standard CURLMcode for multi interface error codes. Note that it returns a
 CURLM_UNKNOWN_OPTION if you try setting an option that this version of libcurl
--- a/docs/libcurl/curl_multi_socket_action.3
+++ b/docs/libcurl/curl_multi_socket_action.3
@@ -38,7 +38,9 @@ can be passed as an events bitmask \fBev_bitmask\fP by first setting
 \fBev_bitmask\fP to 0, and then adding using bitwise OR (|) any combination of
 events to be chosen from CURL_CSELECT_IN, CURL_CSELECT_OUT or
 CURL_CSELECT_ERR. When the events on a socket are unknown, pass 0 instead, and
-libcurl will test the descriptor internally.
+libcurl will test the descriptor internally. It is also permissible to pass
+CURL_SOCKET_TIMEOUT to the \fBsockfd\fP parameter in order to initiate the
+whole process or when a timeout occurs.

 At return, the integer \fBrunning_handles\fP points to will contain the number
 of running easy handles within the multi handle. When this number reaches
@@ -71,7 +73,10 @@ The socket \fBcallback\fP function uses a prototype like this
                           curl_socket_t s, /* socket */
                           int action,      /* see values below */
                           void *userp,    /* private callback pointer */
-                           void *socketp); /* private socket pointer */
+                           void *socketp); /* private socket pointer,
+                                              \fBNULL\fI if not
+                                              previously assigned with
+                                              \fIcurl_multi_assign(3)\fP */

 .fi
 The callback MUST return 0.
@@ -132,15 +137,15 @@ timeout value to use when waiting for socket activities.
 them for activity. This can be done through your application code, or by way
 of an external library such as libevent or glib.

-6. Call curl_multi_socket_action(...CURL_SOCKET_TIMEOUT...) to kickstart
-everything. To get one or more callbacks called.
+6. Call curl_multi_socket_action(..., CURL_SOCKET_TIMEOUT, 0, ...)
+to kickstart everything. To get one or more callbacks called.

 7. Wait for activity on any of libcurl's sockets, use the timeout value your
-callback has been told
+callback has been told.

 8, When activity is detected, call curl_multi_socket_action() for the
 socket(s) that got action. If no activity is detected and the timeout expires,
-call \fIcurl_multi_socket_action(3)\fP with \fICURL_SOCKET_TIMEOUT\fP
+call \fIcurl_multi_socket_action(3)\fP with \fICURL_SOCKET_TIMEOUT\fP.
 .SH AVAILABILITY
 This function was added in libcurl 7.15.4, and is deemed stable since 7.16.0.
 .SH "SEE ALSO"
--- a/docs/libcurl/curl_multi_timeout.3
+++ b/docs/libcurl/curl_multi_timeout.3
@@ -42,7 +42,7 @@ of milliseconds at this very moment. If 0, it means you should proceed
 immediately without waiting for anything. If it returns -1, there's no timeout
 at all set.

-An application that uses the multi_socket API SHOULD not use this function, but
+An application that uses the multi_socket API SHOULD NOT use this function, but
 SHOULD instead use \fIcurl_multi_setopt(3)\fP and its
 \fPCURLMOPT_TIMERFUNCTION\fP option for proper and desired behavior.

--- a/docs/libcurl/curl_version.3
+++ b/docs/libcurl/curl_version.3
@@ -31,6 +31,7 @@ curl_version - returns the libcurl version string
 Returns a human readable string with the version number of libcurl and some of
 its important components (like OpenSSL version).
 .SH RETURN VALUE
-A pointer to a zero terminated string.
+A pointer to a zero terminated string. The string resides in a statically
+allocated buffer and must not be freed by the caller.
 .SH "SEE ALSO"
 .BR curl_version_info "(3)"
--- a/docs/libcurl/index.html
+++ b/docs/libcurl/index.html
@@ -21,40 +21,49 @@
 <H2>Library Functions (A-Z)</H2>
 <a href="curl_easy_cleanup.html">curl_easy_cleanup</A>
 <br><a href="curl_easy_duphandle.html">curl_easy_duphandle</A>
+<br><a href="curl_easy_escape.html">curl_easy_escape</A>
 <br><a href="curl_easy_getinfo.html">curl_easy_getinfo</A>
 <br><a href="curl_easy_init.html">curl_easy_init</A>
+<br><a href="curl_easy_pause.html">curl_easy_pause</A>
 <br><a href="curl_easy_perform.html">curl_easy_perform</A>
 <br><a href="curl_easy_recv.html">curl_easy_recv</A>
 <br><a href="curl_easy_reset.html">curl_easy_reset</A>
 <br><a href="curl_easy_send.html">curl_easy_send</A>
 <br><a href="curl_easy_setopt.html">curl_easy_setopt</A>
 <br><a href="curl_easy_strerror.html">curl_easy_strerror</A>
-<br><a href="curl_escape.html">curl_escape</A>
+<br><a href="curl_easy_unescape.html">curl_easy_unescape</A>
+<br><a href="curl_escape.html">curl_escape</A> (deprecated)
 <br><a href="curl_formadd.html">curl_formadd</A>
 <br><a href="curl_formfree.html">curl_formfree</A>
+<br><a href="curl_formget.html">curl_formget</A>
 <br><a href="curl_free.html">curl_free</A>
 <br><a href="curl_getdate.html">curl_getdate</A>
-<br><a href="curl_getenv.html">curl_getenv</A>
+<br><a href="curl_getenv.html">curl_getenv</A> (deprecated)
 <br><a href="curl_global_cleanup.html">curl_global_cleanup</A>
 <br><a href="curl_global_init.html">curl_global_init</A>
 <br><a href="curl_global_init_mem.html">curl_global_init_mem</A>
-<br><a href="curl_mprintf.html">curl_mprintf</A>
+<br><a href="curl_mprintf.html">curl_mprintf</A> (deprecated)
 <br><a href="curl_multi_add_handle.html">curl_multi_add_handle</a>
+<br><a href="curl_multi_assign.html">curl_multi_assign</a>
 <br><a href="curl_multi_cleanup.html">curl_multi_cleanup</a>
 <br><a href="curl_multi_fdset.html">curl_multi_fdset</a>
 <br><a href="curl_multi_info_read.html">curl_multi_info_read</a>
 <br><a href="curl_multi_init.html">curl_multi_init</a>
 <br><a href="curl_multi_perform.html">curl_multi_perform</a>
 <br><a href="curl_multi_remove_handle.html">curl_multi_remove_handle</a>
-<br><a href="curl_multi_strerror.html">curl_multi_strerror.html</a>
+<br><a href="curl_multi_setopt.html">curl_multi_setopt</a>
+<br><a href="curl_multi_socket.html">curl_multi_socket</a> (deprecated)
+<br><a href="curl_multi_socket_action.html">curl_multi_socket_action</a>
+<br><a href="curl_multi_strerror.html">curl_multi_strerror</a>
+<br><a href="curl_multi_timeout.html">curl_multi_timeout</a> (deprecated)
 <br><a href="curl_share_cleanup.html">curl_share_cleanup</A>
 <br><a href="curl_share_init.html">curl_share_init</A>
 <br><a href="curl_share_setopt.html">curl_share_setopt</A>
-<br><a href="curl_share_strerror.html">curl_share_strerror.html</a>
+<br><a href="curl_share_strerror.html">curl_share_strerror</a>
 <br><a href="curl_slist_append.html">curl_slist_append</A>
 <br><a href="curl_slist_free_all.html">curl_slist_free_all</A>
 <br><a href="curl_strequal.html">curl_strequal and curl_strnequal</A>
-<br><a href="curl_unescape.html">curl_unescape</A>
+<br><a href="curl_unescape.html">curl_unescape</A> (deprecated)
 <br><a href="curl_version.html">curl_version</A>
 <br><a href="curl_version_info.html">curl_version_info</A>

--- a/docs/libcurl/libcurl-errors.3
+++ b/docs/libcurl/libcurl-errors.3
@@ -240,6 +240,9 @@ Mismatch of RTSP Session Identifiers.
 Unable to parse FTP file list (during FTP wildcard downloading).
 .IP "CURLE_CHUNK_FAILED (88)"
 Chunk callback reported error.
+.IP "CURLE_NO_CONNECTION_AVAILABLE (89)"
+(For internal use only, will never be returned by libcurl) No connection
+available, the session will be queued. (added in 7.30.0)
 .IP "CURLE_OBSOLETE*"
 These error codes will never be returned. They were used in an old libcurl
 version and are currently unused.
--- a/docs/libcurl/libcurl-tutorial.3
+++ b/docs/libcurl/libcurl-tutorial.3
@@ -289,6 +289,10 @@ axTLS

 Required actions unknown.

+Secure Transport
+
+ The engine is fully thread-safe, and no additional steps are required.
+
 When using multiple threads you should set the CURLOPT_NOSIGNAL option to 1
 for all handles. Everything will or might work fine except that timeouts are
 not honored during the DNS lookup - which you can work around by building
--- a/docs/libcurl/symbols-in-versions
+++ b/docs/libcurl/symbols-in-versions
@@ -85,6 +85,7 @@ CURLE_LDAP_SEARCH_FAILED        7.1
 CURLE_LIBRARY_NOT_FOUND         7.1           7.17.0
 CURLE_LOGIN_DENIED              7.13.1
 CURLE_MALFORMAT_USER            7.1           7.17.0
+CURLE_NO_CONNECTION_AVAILABLE   7.30.0
 CURLE_NOT_BUILT_IN              7.21.5
 CURLE_OK                        7.1
 CURLE_OPERATION_TIMEDOUT        7.10.2
@@ -267,8 +268,15 @@ CURLKHTYPE_DSS                  7.19.6
 CURLKHTYPE_RSA                  7.19.6
 CURLKHTYPE_RSA1                 7.19.6
 CURLKHTYPE_UNKNOWN              7.19.6
+CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE 7.30.0
+CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE 7.30.0
+CURLMOPT_MAX_HOST_CONNECTIONS   7.30.0
+CURLMOPT_MAX_PIPELINE_LENGTH    7.30.0
+CURLMOPT_MAX_TOTAL_CONNECTIONS  7.30.0
 CURLMOPT_MAXCONNECTS            7.16.3
 CURLMOPT_PIPELINING             7.16.0
+CURLMOPT_PIPELINING_SERVER_BL   7.30.0
+CURLMOPT_PIPELINING_SITE_BL     7.30.0
 CURLMOPT_SOCKETDATA             7.15.4
 CURLMOPT_SOCKETFUNCTION         7.15.4
 CURLMOPT_TIMERDATA              7.16.0
@@ -614,6 +622,7 @@ CURL_GLOBAL_DEFAULT             7.8
 CURL_GLOBAL_NOTHING             7.8
 CURL_GLOBAL_SSL                 7.8
 CURL_GLOBAL_WIN32               7.8.1
+CURL_GLOBAL_ACK_EINTR           7.30.0
 CURL_HTTP_VERSION_1_0           7.9.1
 CURL_HTTP_VERSION_1_1           7.9.1
 CURL_HTTP_VERSION_NONE          7.9.1
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -93,29 +93,21 @@ extern "C" {
 typedef void CURL;

 /*
- * Decorate exportable functions for Win32 and Symbian OS DLL linking.
- * This avoids using a .def file for building libcurl.dll.
+ * libcurl external API function linkage decorations.
 */
-#if (defined(WIN32) || defined(_WIN32) || defined(__SYMBIAN32__)) && \
-     !defined(CURL_STATICLIB)
-#if defined(BUILDING_LIBCURL)
-#define CURL_EXTERN  __declspec(dllexport)
-#else
-#define CURL_EXTERN  __declspec(dllimport)
-#endif
-#else

-#ifdef CURL_HIDDEN_SYMBOLS
-/*
- * This definition is used to make external definitions visible in the
- * shared library when symbols are hidden by default.  It makes no
- * difference when compiling applications whether this is set or not,
- * only when compiling the library.
- */
-#define CURL_EXTERN CURL_EXTERN_SYMBOL
+#ifdef CURL_STATICLIB
+#  define CURL_EXTERN
+#elif defined(WIN32) || defined(_WIN32) || defined(__SYMBIAN32__)
+#  if defined(BUILDING_LIBCURL)
+#    define CURL_EXTERN  __declspec(dllexport)
+#  else
+#    define CURL_EXTERN  __declspec(dllimport)
+#  endif
+#elif defined(BUILDING_LIBCURL) && defined(CURL_HIDDEN_SYMBOLS)
+#  define CURL_EXTERN CURL_EXTERN_SYMBOL
 #else
-#define CURL_EXTERN
-#endif
+#  define CURL_EXTERN
 #endif

 #ifndef curl_socket_typedef
@@ -515,6 +507,8 @@ typedef enum {
  CURLE_RTSP_SESSION_ERROR,      /* 86 - mismatch of RTSP Session Ids */
  CURLE_FTP_BAD_FILE_LIST,       /* 87 - unable to parse FTP file list */
  CURLE_CHUNK_FAILED,            /* 88 - chunk callback reported error */
+  CURLE_NO_CONNECTION_AVAILABLE, /* 89 - No connection available, the
+                                    session will be queued */
  CURL_LAST /* never use! */
 } CURLcode;

@@ -2023,6 +2017,7 @@ typedef enum {
 #define CURL_GLOBAL_ALL (CURL_GLOBAL_SSL|CURL_GLOBAL_WIN32)
 #define CURL_GLOBAL_NOTHING 0
 #define CURL_GLOBAL_DEFAULT CURL_GLOBAL_ALL
+#define CURL_GLOBAL_ACK_EINTR (1<<2)


 /*****************************************************************************
--- a/include/curl/curlbuild.h.dist
+++ b/include/curl/curlbuild.h.dist
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -527,7 +527,8 @@
 /* ===================================== */

 #elif defined(__GNUC__)
-#  if defined(__i386__) || defined(__ppc__)
+#  if defined(__ILP32__) || \
+      defined(__i386__) || defined(__ppc__) || defined(__arm__)
 #    define CURL_SIZEOF_LONG           4
 #    define CURL_TYPEOF_CURL_OFF_T     long long
 #    define CURL_FORMAT_CURL_OFF_T     "lld"
@@ -536,7 +537,8 @@
 #    define CURL_SIZEOF_CURL_OFF_T     8
 #    define CURL_SUFFIX_CURL_OFF_T     LL
 #    define CURL_SUFFIX_CURL_OFF_TU    ULL
-#  elif defined(__x86_64__) || defined(__ppc64__)
+#  elif defined(__LP64__) || \
+        defined(__x86_64__) || defined(__ppc64__)
 #    define CURL_SIZEOF_LONG           8
 #    define CURL_TYPEOF_CURL_OFF_T     long
 #    define CURL_FORMAT_CURL_OFF_T     "ld"
--- a/include/curl/curlver.h
+++ b/include/curl/curlver.h
@@ -30,13 +30,13 @@

 /* This is the version number of the libcurl package from which this header
   file origins: */
-#define LIBCURL_VERSION "7.28.2-DEV"
+#define LIBCURL_VERSION "7.30.0-DEV"

 /* The numeric version number is also available "in parts" by using these
   defines: */
 #define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 28
-#define LIBCURL_VERSION_PATCH 2
+#define LIBCURL_VERSION_MINOR 30
+#define LIBCURL_VERSION_PATCH 0

 /* This is the numeric version of the libcurl version number, meant for easier
   parsing and comparions by programs. The LIBCURL_VERSION_NUM define will
@@ -53,7 +53,7 @@
   and it is always a greater number in a more recent release. It makes
   comparisons with greater than and less than work.
 */
-#define LIBCURL_VERSION_NUM 0x071c02
+#define LIBCURL_VERSION_NUM 0x071e00

 /*
 * This is the date and time when the full source package was created. The
--- a/include/curl/mprintf.h
+++ b/include/curl/mprintf.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -58,7 +58,7 @@ CURL_EXTERN char *curl_mvaprintf(const char *format, va_list args);
 # define printf curl_mprintf
 # define fprintf curl_mfprintf
 #ifdef CURLDEBUG
-/* When built with CURLDEBUG we define away the sprintf() functions since we
+/* When built with CURLDEBUG we define away the sprintf functions since we
   don't want internal code to be using them */
 # define sprintf sprintf_was_used
 # define vsprintf vsprintf_was_used
--- a/include/curl/multi.h
+++ b/include/curl/multi.h
@@ -338,6 +338,31 @@ typedef enum {
  /* maximum number of entries in the connection cache */
  CINIT(MAXCONNECTS, LONG, 6),

+  /* maximum number of (pipelining) connections to one host */
+  CINIT(MAX_HOST_CONNECTIONS, LONG, 7),
+
+  /* maximum number of requests in a pipeline */
+  CINIT(MAX_PIPELINE_LENGTH, LONG, 8),
+
+  /* a connection with a content-length longer than this
+     will not be considered for pipelining */
+  CINIT(CONTENT_LENGTH_PENALTY_SIZE, OFF_T, 9),
+
+  /* a connection with a chunk length longer than this
+     will not be considered for pipelining */
+  CINIT(CHUNK_LENGTH_PENALTY_SIZE, OFF_T, 10),
+
+  /* a list of site names(+port) that are blacklisted from
+     pipelining */
+  CINIT(PIPELINING_SITE_BL, OBJECTPOINT, 11),
+
+  /* a list of server types that are blacklisted from
+     pipelining */
+  CINIT(PIPELINING_SERVER_BL, OBJECTPOINT, 12),
+
+  /* maximum number of open connections in total */
+  CINIT(MAX_TOTAL_CONNECTIONS, LONG, 13),
+
  CURLMOPT_LASTENTRY /* the last unused */
 } CURLMoption;

--- a/675
+++ b/675
@@ -1,250 +1,527 @@
 #!/bin/sh
-#
 # install - install a program, script, or datafile
-# This comes from X11R5 (mit/util/scripts/install.sh).
+
+scriptversion=2011-01-19.21; # UTC
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
 #
-# Copyright 1991 by the Massachusetts Institute of Technology
+# Copyright (C) 1994 X Consortium
 #
-# Permission to use, copy, modify, distribute, and sell this software and its
-# documentation for any purpose is hereby granted without fee, provided that
-# the above copyright notice appear in all copies and that both that
-# copyright notice and this permission notice appear in supporting
-# documentation, and that the name of M.I.T. not be used in advertising or
-# publicity pertaining to distribution of the software without specific,
-# written prior permission.  M.I.T. makes no representations about the
-# suitability of this software for any purpose.  It is provided "as is"
-# without express or implied warranty.
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
 #
 # Calling this script install-sh is preferred over install.sh, to prevent
 # `make' implicit rules from creating a file called install from it
 # when there is no Makefile.
 #
 # This script is compatible with the BSD install script, but was written
-# from scratch.  It can only install one file at a time, a restriction
-# shared with many OS's install programs.
+# from scratch.

+nl='
+'
+IFS=" ""	$nl"

 # set DOITPROG to echo to test this script

 # Don't use :- since 4.3BSD and earlier shells don't like it.
-doit="${DOITPROG-}"
-
-
-# put in absolute paths if you don't have them in your path; or use env. vars.
-
-mvprog="${MVPROG-mv}"
-cpprog="${CPPROG-cp}"
-chmodprog="${CHMODPROG-chmod}"
-chownprog="${CHOWNPROG-chown}"
-chgrpprog="${CHGRPPROG-chgrp}"
-stripprog="${STRIPPROG-strip}"
-rmprog="${RMPROG-rm}"
-mkdirprog="${MKDIRPROG-mkdir}"
-
-transformbasename=""
-transform_arg=""
-instcmd="$mvprog"
-chmodcmd="$chmodprog 0755"
-chowncmd=""
-chgrpcmd=""
-stripcmd=""
-rmcmd="$rmprog -f"
-mvcmd="$mvprog"
-src=""
-dst=""
-dir_arg=""
-
-while [ x"$1" != x ]; do
-    case $1 in
-	-c) instcmd="$cpprog"
-	    shift
-	    continue;;
-
-	-d) dir_arg=true
-	    shift
-	    continue;;
-
-	-m) chmodcmd="$chmodprog $2"
-	    shift
-	    shift
-	    continue;;
-
-	-o) chowncmd="$chownprog $2"
-	    shift
-	    shift
-	    continue;;
-
-	-g) chgrpcmd="$chgrpprog $2"
-	    shift
-	    shift
-	    continue;;
-
-	-s) stripcmd="$stripprog"
-	    shift
-	    continue;;
-
-	-t=*) transformarg=`echo $1 | sed 's/-t=//'`
-	    shift
-	    continue;;
-
-	-b=*) transformbasename=`echo $1 | sed 's/-b=//'`
-	    shift
-	    continue;;
-
-	*)  if [ x"$src" = x ]
-	    then
-		src=$1
-	    else
-		# this colon is to work around a 386BSD /bin/sh bug
-		:
-		dst=$1
-	    fi
-	    shift
-	    continue;;
-    esac
-done
-
-if [ x"$src" = x ]
-then
-	echo "install:	no input file specified"
-	exit 1
+doit=${DOITPROG-}
+if test -z "$doit"; then
+  doit_exec=exec
 else
-	true
+  doit_exec=$doit
 fi

-if [ x"$dir_arg" != x ]; then
-	dst=$src
-	src=""
-	
-	if [ -d $dst ]; then
-		instcmd=:
-	else
-		instcmd=mkdir
-	fi
-else
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.

-# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
-# might cause directories to be created, which would be especially bad
-# if $src (and thus $dsttmp) contains '*'.
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}

-	if [ -f $src -o -d $src ]
-	then
-		true
-	else
-		echo "install:  $src does not exist"
-		exit 1
-	fi
-	
-	if [ x"$dst" = x ]
-	then
-		echo "install:	no destination specified"
-		exit 1
-	else
-		true
-	fi
-
-# If destination is a directory, append the input filename; if your system
-# does not like double slashes in filenames, you may need to add some logic
-
-	if [ -d $dst ]
-	then
-		dst="$dst"/`basename $src`
-	else
-		true
-	fi
-fi
-
-## this sed command emulates the dirname command
-dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
-
-# Make sure that the destination directory exists.
-#  this part is taken from Noah Friedman's mkinstalldirs script
-
-# Skip lots of stat calls in the usual case.
-if [ ! -d "$dstdir" ]; then
-defaultIFS='	
+posix_glob='?'
+initialize_posix_glob='
+  test "$posix_glob" != "?" || {
+    if (set -f) 2>/dev/null; then
+      posix_glob=
+    else
+      posix_glob=:
+    fi
+  }
 '
-IFS="${IFS-${defaultIFS}}"

-oIFS="${IFS}"
-# Some sh's can't handle IFS=/ for some reason.
-IFS='%'
-set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
-IFS="${oIFS}"
+posix_mkdir=

-pathcomp=''
+# Desired mode of installed file.
+mode=0755

-while [ $# -ne 0 ] ; do
-	pathcomp="${pathcomp}${1}"
-	shift
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=

-	if [ ! -d "${pathcomp}" ] ;
-        then
-		$mkdirprog "${pathcomp}"
-	else
-		true
-	fi
+src=
+dst=
+dir_arg=
+dst_arg=

-	pathcomp="${pathcomp}/"
+copy_on_change=false
+no_target_directory=
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+     --help     display this help and exit.
+     --version  display version info and exit.
+
+  -c            (ignored)
+  -C            install only if different (preserve the last data modification time)
+  -d            create directories instead of installing files.
+  -g GROUP      $chgrpprog installed files to GROUP.
+  -m MODE       $chmodprog installed files to MODE.
+  -o USER       $chownprog installed files to USER.
+  -s            $stripprog installed files.
+  -t DIRECTORY  install into DIRECTORY.
+  -T            report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+  RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+  case $1 in
+    -c) ;;
+
+    -C) copy_on_change=true;;
+
+    -d) dir_arg=true;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+	shift;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) mode=$2
+	case $mode in
+	  *' '* | *'	'* | *'
+'*	  | *'*'* | *'?'* | *'['*)
+	    echo "$0: invalid mode: $mode" >&2
+	    exit 1;;
+	esac
+	shift;;
+
+    -o) chowncmd="$chownprog $2"
+	shift;;
+
+    -s) stripcmd=$stripprog;;
+
+    -t) dst_arg=$2
+	# Protect names problematic for `test' and other utilities.
+	case $dst_arg in
+	  -* | [=\(\)!]) dst_arg=./$dst_arg;;
+	esac
+	shift;;
+
+    -T) no_target_directory=true;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    --)	shift
+	break;;
+
+    -*)	echo "$0: invalid option: $1" >&2
+	exit 1;;
+
+    *)  break;;
+  esac
+  shift
 done
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+  # When -d is used, all remaining arguments are directories to create.
+  # When -t is used, the destination is already specified.
+  # Otherwise, the last argument is the destination.  Remove it from $@.
+  for arg
+  do
+    if test -n "$dst_arg"; then
+      # $@ is not empty: it contains at least $arg.
+      set fnord "$@" "$dst_arg"
+      shift # fnord
+    fi
+    shift # arg
+    dst_arg=$arg
+    # Protect names problematic for `test' and other utilities.
+    case $dst_arg in
+      -* | [=\(\)!]) dst_arg=./$dst_arg;;
+    esac
+  done
 fi

-if [ x"$dir_arg" != x ]
-then
-	$doit $instcmd $dst &&
+if test $# -eq 0; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call `install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi

-	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
-	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
-	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
-	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
-else
+if test -z "$dir_arg"; then
+  do_exit='(exit $ret); exit $ret'
+  trap "ret=129; $do_exit" 1
+  trap "ret=130; $do_exit" 2
+  trap "ret=141; $do_exit" 13
+  trap "ret=143; $do_exit" 15

-# If we're going to rename the final executable, determine the name now.
+  # Set umask so as not to create temps with too-generous modes.
+  # However, 'strip' requires both read and write access to temps.
+  case $mode in
+    # Optimize common cases.
+    *644) cp_umask=133;;
+    *755) cp_umask=22;;

-	if [ x"$transformarg" = x ]
-	then
-		dstfile=`basename $dst`
+    *[0-7])
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw='% 200'
+      fi
+      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+    *)
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw=,u+rw
+      fi
+      cp_umask=$mode$u_plus_rw;;
+  esac
+fi
+
+for src
+do
+  # Protect names problematic for `test' and other utilities.
+  case $src in
+    -* | [=\(\)!]) src=./$src;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    dstdir=$dst
+    test -d "$dstdir"
+    dstdir_status=$?
+  else
+
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dst_arg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+    dst=$dst_arg
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      if test -n "$no_target_directory"; then
+	echo "$0: $dst_arg: Is a directory" >&2
+	exit 1
+      fi
+      dstdir=$dst
+      dst=$dstdir/`basename "$src"`
+      dstdir_status=0
+    else
+      # Prefer dirname, but fall back on a substitute if dirname fails.
+      dstdir=`
+	(dirname "$dst") 2>/dev/null ||
+	expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	     X"$dst" : 'X\(//\)[^/]' \| \
+	     X"$dst" : 'X\(//\)$' \| \
+	     X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
+	echo X"$dst" |
+	    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)[^/].*/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\).*/{
+		   s//\1/
+		   q
+		 }
+		 s/.*/./; q'
+      `
+
+      test -d "$dstdir"
+      dstdir_status=$?
+    fi
+  fi
+
+  obsolete_mkdir_used=false
+
+  if test $dstdir_status != 0; then
+    case $posix_mkdir in
+      '')
+	# Create intermediate dirs using mode 755 as modified by the umask.
+	# This is like FreeBSD 'install' as of 1997-10-28.
+	umask=`umask`
+	case $stripcmd.$umask in
+	  # Optimize common cases.
+	  *[2367][2367]) mkdir_umask=$umask;;
+	  .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+	  *[0-7])
+	    mkdir_umask=`expr $umask + 22 \
+	      - $umask % 100 % 40 + $umask % 20 \
+	      - $umask % 10 % 4 + $umask % 2
+	    `;;
+	  *) mkdir_umask=$umask,go-w;;
+	esac
+
+	# With -d, create the new directory with the user-specified mode.
+	# Otherwise, rely on $mkdir_umask.
+	if test -n "$dir_arg"; then
+	  mkdir_mode=-m$mode
 	else
-		dstfile=`basename $dst $transformbasename |
-			sed $transformarg`$transformbasename
+	  mkdir_mode=
 	fi

-# don't allow the sed command to completely eliminate the filename
+	posix_mkdir=false
+	case $umask in
+	  *[123567][0-7][0-7])
+	    # POSIX mkdir -p sets u+wx bits regardless of umask, which
+	    # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+	    ;;
+	  *)
+	    tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+	    trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0

-	if [ x"$dstfile" = x ]
-	then
-		dstfile=`basename $dst`
+	    if (umask $mkdir_umask &&
+		exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+	    then
+	      if test -z "$dir_arg" || {
+		   # Check for POSIX incompatibilities with -m.
+		   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+		   # other-writeable bit of parent directory when it shouldn't.
+		   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+		   ls_ld_tmpdir=`ls -ld "$tmpdir"`
+		   case $ls_ld_tmpdir in
+		     d????-?r-*) different_mode=700;;
+		     d????-?--*) different_mode=755;;
+		     *) false;;
+		   esac &&
+		   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+		     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+		     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+		   }
+		 }
+	      then posix_mkdir=:
+	      fi
+	      rmdir "$tmpdir/d" "$tmpdir"
+	    else
+	      # Remove any dirs left behind by ancient mkdir implementations.
+	      rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+	    fi
+	    trap '' 0;;
+	esac;;
+    esac
+
+    if
+      $posix_mkdir && (
+	umask $mkdir_umask &&
+	$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+      )
+    then :
+    else
+
+      # The umask is ridiculous, or mkdir does not conform to POSIX,
+      # or it failed possibly due to a race condition.  Create the
+      # directory the slow way, step by step, checking for races as we go.
+
+      case $dstdir in
+	/*) prefix='/';;
+	[-=\(\)!]*) prefix='./';;
+	*)  prefix='';;
+      esac
+
+      eval "$initialize_posix_glob"
+
+      oIFS=$IFS
+      IFS=/
+      $posix_glob set -f
+      set fnord $dstdir
+      shift
+      $posix_glob set +f
+      IFS=$oIFS
+
+      prefixes=
+
+      for d
+      do
+	test X"$d" = X && continue
+
+	prefix=$prefix$d
+	if test -d "$prefix"; then
+	  prefixes=
 	else
-		true
+	  if $posix_mkdir; then
+	    (umask=$mkdir_umask &&
+	     $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+	    # Don't fail if two instances are running concurrently.
+	    test -d "$prefix" || exit 1
+	  else
+	    case $prefix in
+	      *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+	      *) qprefix=$prefix;;
+	    esac
+	    prefixes="$prefixes '$qprefix'"
+	  fi
 	fi
+	prefix=$prefix/
+      done

-# Make a temp file name in the proper directory.
+      if test -n "$prefixes"; then
+	# Don't fail if two instances are running concurrently.
+	(umask $mkdir_umask &&
+	 eval "\$doit_exec \$mkdirprog $prefixes") ||
+	  test -d "$dstdir" || exit 1
+	obsolete_mkdir_used=true
+      fi
+    fi
+  fi

-	dsttmp=$dstdir/#inst.$$#
+  if test -n "$dir_arg"; then
+    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+  else

-# Move or copy the file name to the temp name
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_

-	$doit $instcmd $src $dsttmp &&
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0

-	trap "rm -f ${dsttmp}" 0 &&
+    # Copy the file name to the temp name.
+    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&

-# and set any options; do chmod last to preserve setuid bits
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&

-# If any of these fail, we abort the whole thing.  If we want to
-# ignore errors from any of these, just make sure not to ignore
-# errors from the above "$doit $instcmd $src $dsttmp" command.
+    # If -C, don't bother to copy if it wouldn't change the file.
+    if $copy_on_change &&
+       old=`LC_ALL=C ls -dlL "$dst"	2>/dev/null` &&
+       new=`LC_ALL=C ls -dlL "$dsttmp"	2>/dev/null` &&

-	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
-	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
-	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
-	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
+       eval "$initialize_posix_glob" &&
+       $posix_glob set -f &&
+       set X $old && old=:$2:$4:$5:$6 &&
+       set X $new && new=:$2:$4:$5:$6 &&
+       $posix_glob set +f &&

-# Now rename the file to the real destination.
+       test "$old" = "$new" &&
+       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+    then
+      rm -f "$dsttmp"
+    else
+      # Rename the file to the real destination.
+      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||

-	$doit $rmcmd -f $dstdir/$dstfile &&
-	$doit $mvcmd $dsttmp $dstdir/$dstfile
+      # The rename failed, perhaps because mv can't rename something else
+      # to itself, or perhaps because mv is so ancient that it does not
+      # support -f.
+      {
+	# Now remove or move aside any old file at destination location.
+	# We try this two ways since rm can't unlink itself on some
+	# systems and the destination file might be busy for other
+	# reasons.  In this case, the final cleanup might fail but the new
+	# file should still install successfully.
+	{
+	  test ! -f "$dst" ||
+	  $doit $rmcmd -f "$dst" 2>/dev/null ||
+	  { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+	    { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+	  } ||
+	  { echo "$0: cannot unlink or rename $dst" >&2
+	    (exit 1); exit 1
+	  }
+	} &&

-fi &&
+	# Now rename the file to the real destination.
+	$doit $mvcmd "$dsttmp" "$dst"
+      }
+    fi || exit 1

+    trap '' 0
+  fi
+done

-exit 0
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
--- a/lib/.gitignore
+++ b/lib/.gitignore
@@ -7,8 +7,6 @@ TAGS
 Makefile.vc8.dist
 Makefile.vc9.dist
 libcurl.plist.dist
-libcurl.vcproj
-vc6libcurl.dsp
 Makefile.vc10.dist
 libcurl.vers
 *.a
--- a/lib/Makefile.Watcom
+++ b/lib/Makefile.Watcom
@@ -101,7 +101,7 @@ LIBRTMP_ROOT = ..$(DS)..$(DS)rtmpdump-2.3
 !ifdef %openssl_root
 OPENSSL_ROOT = $(%openssl_root)
 !else
-OPENSSL_ROOT = ..$(DS)..$(DS)openssl-0.9.8x
+OPENSSL_ROOT = ..$(DS)..$(DS)openssl-0.9.8y
 !endif

 !ifdef %ares_root
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -21,35 +21,32 @@
 ###########################################################################
 AUTOMAKE_OPTIONS = foreign nostdinc

-DSP = vc6libcurl.dsp
-VCPROJ = libcurl.vcproj
-
 DOCS = README.encoding README.memoryleak README.ares README.curlx	\
 README.hostip README.multi_socket README.httpauth README.pipelining    \
 README.curl_off_t README.pingpong

 CMAKE_DIST = CMakeLists.txt curl_config.h.cmake

-EXTRA_DIST = Makefile.b32 Makefile.m32 Makefile.vc6 $(DSP)		\
- vc6libcurl.dsw config-win32.h config-win32ce.h config-riscos.h		\
- config-mac.h curl_config.h.in makefile.dj config-dos.h libcurl.plist	\
- libcurl.rc config-amigaos.h makefile.amiga Makefile.netware nwlib.c	\
- nwos.c msvcproj.head msvcproj.foot config-win32ce.h config-os400.h	\
- setup-os400.h config-symbian.h Makefile.Watcom config-tpf.h $(DOCS)	\
- $(VCPROJ) mk-ca-bundle.pl mk-ca-bundle.vbs firefox-db2pem.sh		\
- $(CMAKE_DIST) config-vxworks.h Makefile.vxworks checksrc.pl		\
+EXTRA_DIST = Makefile.b32 Makefile.m32 Makefile.vc6 config-win32.h	\
+ config-win32ce.h config-riscos.h config-mac.h curl_config.h.in		\
+ makefile.dj config-dos.h libcurl.plist libcurl.rc config-amigaos.h	\
+ makefile.amiga Makefile.netware nwlib.c nwos.c config-win32ce.h	\
+ config-os400.h setup-os400.h config-symbian.h Makefile.Watcom		\
+ config-tpf.h $(DOCS) mk-ca-bundle.pl mk-ca-bundle.vbs $(CMAKE_DIST)	\
+ firefox-db2pem.sh config-vxworks.h Makefile.vxworks checksrc.pl	\
 objnames-test08.sh objnames-test10.sh objnames.inc

-CLEANFILES = $(DSP) $(VCPROJ)
-
 lib_LTLIBRARIES = libcurl.la
-LIBCURL_LIBS = @LIBCURL_LIBS@
+
+if BUILD_UNITTESTS
+noinst_LTLIBRARIES = libcurlu.la
+else
+noinst_LTLIBRARIES =
+endif

 # This might hold -Werror
 CFLAGS += @CURL_CFLAG_EXTRAS@

-CFLAG_CURL_SYMBOL_HIDING = @CFLAG_CURL_SYMBOL_HIDING@
-
 # Specify our include paths here, and do it relative to $(top_srcdir) and
 # $(top_builddir), to ensure that these paths which belong to the library
 # being currently built and tested are searched before the library which
@@ -79,15 +76,8 @@ AM_CPPFLAGS = -I$(top_builddir)/include/curl \
              -I$(top_srcdir)/lib
 endif

-# Mostly for Windows build targets, when building libcurl library
-if USE_CPPFLAG_BUILDING_LIBCURL
-AM_CPPFLAGS += -DBUILDING_LIBCURL
-endif
-
-# Mostly for Windows build targets, when building static libcurl
-if USE_CPPFLAG_CURL_STATICLIB
-AM_CPPFLAGS += -DCURL_STATICLIB
-endif
+# Prevent LIBS from being used for all link targets
+LIBS = $(BLANK_AT_MAKETIME)

 if SONAME_BUMP
 #
@@ -117,43 +107,45 @@ endif
 #
 # For the full guide on libcurl ABI rules, see docs/libcurl/ABI

-if NO_UNDEFINED
-# The -no-undefined flag is crucial to build fine on some platforms
-UNDEF = -no-undefined
+AM_CPPFLAGS += -DBUILDING_LIBCURL
+AM_LDFLAGS =
+AM_CFLAGS =
+
+libcurl_la_CPPFLAGS_EXTRA =
+libcurl_la_LDFLAGS_EXTRA =
+libcurl_la_CFLAGS_EXTRA =
+
+if CURL_LT_SHLIB_USE_VERSION_INFO
+libcurl_la_LDFLAGS_EXTRA += $(VERSIONINFO)
 endif

-if MIMPURE
-# This is for gcc on Solaris (8+ ?) to avoid "relocations remain against
-# allocatable but non-writable sections" problems.
-MIMPURE = -mimpure-text
+if CURL_LT_SHLIB_USE_NO_UNDEFINED
+libcurl_la_LDFLAGS_EXTRA += -no-undefined
 endif

-if VERSIONED_SYMBOLS
-VERSIONED_SYMBOLS = -Wl,--version-script=libcurl.vers
+if CURL_LT_SHLIB_USE_MIMPURE_TEXT
+libcurl_la_LDFLAGS_EXTRA += -mimpure-text
 endif

-# Prevent LIBS from being used for all link targets
-LIBS = $(BLANK_AT_MAKETIME)
+if CURL_LT_SHLIB_USE_VERSIONED_SYMBOLS
+libcurl_la_LDFLAGS_EXTRA += -Wl,--version-script=libcurl.vers
+endif

-libcurl_la_LDFLAGS = $(UNDEF) $(VERSIONINFO) $(MIMPURE) $(VERSIONED_SYMBOLS) $(LIBCURL_LIBS)
+if USE_CPPFLAG_CURL_STATICLIB
+libcurl_la_CPPFLAGS_EXTRA += -DCURL_STATICLIB
+endif

 if DOING_CURL_SYMBOL_HIDING
-libcurl_la_CPPFLAGS = $(AM_CPPFLAGS) -DCURL_HIDDEN_SYMBOLS
-libcurl_la_CFLAGS = $(AM_CFLAGS) $(CFLAG_CURL_SYMBOL_HIDING)
-else
-libcurl_la_CPPFLAGS = $(AM_CPPFLAGS)
-libcurl_la_CFLAGS = $(AM_CFLAGS)
+libcurl_la_CPPFLAGS_EXTRA += -DCURL_HIDDEN_SYMBOLS
+libcurl_la_CFLAGS_EXTRA += $(CFLAG_CURL_SYMBOL_HIDING)
 endif

-# unit testing static library built only along with unit tests
-if BUILD_UNITTESTS
-noinst_LTLIBRARIES = libcurlu.la
-else
-noinst_LTLIBRARIES =
-endif
+libcurl_la_CPPFLAGS = $(AM_CPPFLAGS) $(libcurl_la_CPPFLAGS_EXTRA)
+libcurl_la_LDFLAGS = $(AM_LDFLAGS) $(libcurl_la_LDFLAGS_EXTRA) $(LIBCURL_LIBS)
+libcurl_la_CFLAGS = $(AM_CFLAGS) $(libcurl_la_CFLAGS_EXTRA)

-libcurlu_la_CPPFLAGS = $(AM_CPPFLAGS) -DUNITTESTS
-libcurlu_la_LDFLAGS = -static $(LIBCURL_LIBS)
+libcurlu_la_CPPFLAGS = $(AM_CPPFLAGS) -DCURL_STATICLIB -DUNITTESTS
+libcurlu_la_LDFLAGS = $(AM_LDFLAGS) -static $(LIBCURL_LIBS)
 libcurlu_la_CFLAGS = $(AM_CFLAGS)

 # Makefile.inc provides the CSOURCES and HHEADERS defines
@@ -162,58 +154,6 @@ include Makefile.inc
 libcurl_la_SOURCES = $(CSOURCES) $(HHEADERS)
 libcurlu_la_SOURCES = $(CSOURCES) $(HHEADERS)

-WIN32SOURCES = $(CSOURCES)
-WIN32HEADERS = $(HHEADERS) config-win32.h
-
-DSPOUT = | awk '{printf("%s\r\n", $$0)}' >> $(DSP)
-VCPROJOUT = | awk '{printf("%s\r\n", $$0)}' >> $(VCPROJ)
-
-$(DSP): msvcproj.head msvcproj.foot Makefile.am
-	echo "creating $(DSP)"
-	@(cp $(srcdir)/msvcproj.head $(DSP); \
-	echo "# Begin Group \"Source Files\"" $(DSPOUT); \
-        echo "" $(DSPOUT); \
-        echo "# PROP Default_Filter \"\"" $(DSPOUT); \
-        win32_srcs='$(WIN32SOURCES)'; \
-        sorted_srcs=`for file in $$win32_srcs; do echo $$file; done | sort`; \
-        for file in $$sorted_srcs; do \
-	echo "# Begin Source File" $(DSPOUT); \
-	echo "" $(DSPOUT); \
-	echo "SOURCE=.\\"$$file $(DSPOUT); \
-	echo "# End Source File" $(DSPOUT); \
-	done; \
-	echo "# End Group" $(DSPOUT); \
-	echo "# Begin Group \"Header Files\"" $(DSPOUT); \
-        echo "" $(DSPOUT); \
-        echo "# PROP Default_Filter \"\"" $(DSPOUT); \
-        win32_hdrs='$(WIN32HEADERS)'; \
-        sorted_hdrs=`for file in $$win32_hdrs; do echo $$file; done | sort`; \
-        for file in $$sorted_hdrs; do \
-	echo "# Begin Source File" $(DSPOUT); \
-	echo "" $(DSPOUT); \
-	echo "SOURCE=.\\"$$file $(DSPOUT); \
-	echo "# End Source File" $(DSPOUT); \
-	done; \
-	echo "# End Group" $(DSPOUT); \
-	cat $(srcdir)/msvcproj.foot $(DSPOUT) )
-
-$(VCPROJ): vc8proj.head vc8proj.foot Makefile.am
-	echo "creating $(VCPROJ)"
-	@(cp $(srcdir)/vc8proj.head $(VCPROJ); \
-        win32_srcs='$(WIN32SOURCES)'; \
-        sorted_srcs=`for file in $$win32_srcs; do echo $$file; done | sort`; \
-        for file in $$sorted_srcs; do \
-	echo "<File RelativePath=\""$$file"\"></File>" $(VCPROJOUT); \
-	done; \
-	echo "</Filter><Filter	Name=\"Header Files\">" $(VCPROJOUT); \
-        win32_hdrs='$(WIN32HEADERS)'; \
-        sorted_hdrs=`for file in $$win32_hdrs; do echo $$file; done | sort`; \
-        for file in $$sorted_hdrs; do \
-	echo "<File RelativePath=\""$$file"\"></File>" $(VCPROJOUT); \
-	done; \
-	cat $(srcdir)/vc8proj.foot $(VCPROJOUT) )
-
-
 checksrc:
 	@@PERL@ $(top_srcdir)/lib/checksrc.pl -D$(top_srcdir)/lib $(CSOURCES) $(HHEADERS)

--- a/lib/Makefile.b32
+++ b/lib/Makefile.b32
@@ -27,7 +27,7 @@ ZLIB_PATH = ..\..\zlib-1.2.7

 # Edit the path below to point to the base of your OpenSSL package.
 !ifndef OPENSSL_PATH
-OPENSSL_PATH = ..\..\openssl-0.9.8x
+OPENSSL_PATH = ..\..\openssl-0.9.8y
 !endif

 # Set libcurl static lib, dll and import lib
--- a/lib/Makefile.inc
+++ b/lib/Makefile.inc
@@ -20,12 +20,12 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c	\
  qssl.c rawstr.c curl_addrinfo.c socks_gssapi.c socks_sspi.c		\
  curl_sspi.c slist.c nonblock.c curl_memrchr.c imap.c pop3.c smtp.c	\
  pingpong.c rtsp.c curl_threads.c warnless.c hmac.c polarssl.c		\
-  curl_rtmp.c openldap.c curl_gethostname.c gopher.c axtls.c		\
-  idn_win32.c http_negotiate_sspi.c cyassl.c http_proxy.c non-ascii.c	\
-  asyn-ares.c asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c	\
-  curl_ntlm_core.c curl_ntlm_msgs.c curl_sasl.c curl_schannel.c	        \
-  curl_multibyte.c curl_darwinssl.c hostcheck.c                         \
-  bundles.c conncache.c
+  polarssl_threadlock.c curl_rtmp.c openldap.c curl_gethostname.c	\
+  gopher.c axtls.c idn_win32.c http_negotiate_sspi.c cyassl.c		\
+  http_proxy.c non-ascii.c asyn-ares.c asyn-thread.c curl_gssapi.c	\
+  curl_ntlm.c curl_ntlm_wb.c curl_ntlm_core.c curl_ntlm_msgs.c		\
+  curl_sasl.c curl_schannel.c curl_multibyte.c curl_darwinssl.c		\
+  hostcheck.c bundles.c conncache.c pipeline.c

 HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h	\
  progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h	\
@@ -36,12 +36,12 @@ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h	\
  curl_md5.h http_digest.h http_negotiate.h inet_pton.h amigaos.h	\
  strtoofft.h strerror.h inet_ntop.h curlx.h curl_memory.h curl_setup.h	\
  transfer.h select.h easyif.h multiif.h parsedate.h sslgen.h gtls.h	\
-  tftp.h sockaddr.h splay.h strdup.h socks.h ssh.h nssg.h		\
-  curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h	\
+  tftp.h sockaddr.h splay.h strdup.h socks.h ssh.h nssg.h curl_base64.h	\
+  rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h		\
  curl_memrchr.h imap.h pop3.h smtp.h pingpong.h rtsp.h curl_threads.h	\
-  warnless.h curl_hmac.h polarssl.h curl_rtmp.h curl_gethostname.h	\
-  gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h asyn.h curl_ntlm.h	\
-  curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h curl_ntlm_msgs.h	\
-  curl_sasl.h curl_schannel.h curl_multibyte.h curl_darwinssl.h	        \
-  hostcheck.h bundles.h conncache.h curl_setup_once.h multihandle.h     \
-  setup-vms.h
+  warnless.h curl_hmac.h polarssl.h polarssl_threadlock.h curl_rtmp.h	\
+  curl_gethostname.h gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h	\
+  asyn.h curl_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h	\
+  curl_ntlm_msgs.h curl_sasl.h curl_schannel.h curl_multibyte.h		\
+  curl_darwinssl.h hostcheck.h bundles.h conncache.h curl_setup_once.h	\
+  multihandle.h setup-vms.h pipeline.h
--- a/lib/Makefile.m32
+++ b/lib/Makefile.m32
@@ -18,7 +18,7 @@ ZLIB_PATH = ../../zlib-1.2.7
 endif
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../openssl-0.9.8x
+OPENSSL_PATH = ../../openssl-0.9.8y
 endif
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
@@ -106,6 +106,9 @@ endif
 ifeq ($(findstring -ares,$(CFG)),-ares)
 ARES = 1
 endif
+ifeq ($(findstring -sync,$(CFG)),-sync)
+SYNC = 1
+endif
 ifeq ($(findstring -rtmp,$(CFG)),-rtmp)
 RTMP = 1
 SSL = 1
@@ -151,11 +154,15 @@ endif
 INCLUDES = -I. -I../include
 CFLAGS += -DBUILDING_LIBCURL

-ifdef ARES
-  INCLUDES += -I"$(LIBCARES_PATH)"
-  CFLAGS += -DUSE_ARES
-  DLL_LIBS += -L"$(LIBCARES_PATH)" -lcares
-  libcurl_dll_DEPENDENCIES = $(LIBCARES_PATH)/libcares.a
+ifdef SYNC
+  CFLAGS += -DUSE_SYNC_DNS
+else
+  ifdef ARES
+    INCLUDES += -I"$(LIBCARES_PATH)"
+    CFLAGS += -DUSE_ARES -DCARES_STATICLIB
+    DLL_LIBS += -L"$(LIBCARES_PATH)" -lcares
+    libcurl_dll_DEPENDENCIES = $(LIBCARES_PATH)/libcares.a
+  endif
 endif
 ifdef RTMP
  INCLUDES += -I"$(LIBRTMP_PATH)"
--- a/lib/Makefile.netware
+++ b/lib/Makefile.netware
@@ -19,7 +19,7 @@ endif

 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../openssl-0.9.8x
+OPENSSL_PATH = ../../openssl-0.9.8y
 endif

 # Edit the path below to point to the base of your LibSSH2 package.
--- a/lib/Makefile.vc6
+++ b/lib/Makefile.vc6
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1999 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1999 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -62,10 +62,10 @@
 # Makefile.msvc.names provides libcurl file names
 # ------------------------------------------------

-!INCLUDE ..\Makefile.msvc.names
+!INCLUDE ..\winbuild\Makefile.msvc.names

 !IFNDEF OPENSSL_PATH
-OPENSSL_PATH   = ../../openssl-0.9.8x
+OPENSSL_PATH   = ../../openssl-0.9.8y
 !ENDIF

 !IFNDEF LIBSSH2_PATH
@@ -494,8 +494,10 @@ clean:
 # A config was provided, so the library can be built.
 #
 X_OBJS= \
+	$(DIROBJ)\amigaos.obj \
 	$(DIROBJ)\asyn-ares.obj \
 	$(DIROBJ)\asyn-thread.obj \
+	$(DIROBJ)\axtls.obj \
 	$(DIROBJ)\base64.obj \
 	$(DIROBJ)\bundles.obj \
 	$(DIROBJ)\conncache.obj \
@@ -506,6 +508,7 @@ X_OBJS= \
 	$(DIROBJ)\curl_darwinssl.obj \
 	$(DIROBJ)\curl_fnmatch.obj \
 	$(DIROBJ)\curl_gethostname.obj \
+	$(DIROBJ)\curl_gssapi.obj \
 	$(DIROBJ)\curl_memrchr.obj \
 	$(DIROBJ)\curl_multibyte.obj \
 	$(DIROBJ)\curl_ntlm.obj \
@@ -518,6 +521,7 @@ X_OBJS= \
 	$(DIROBJ)\curl_schannel.obj \
 	$(DIROBJ)\curl_sspi.obj \
 	$(DIROBJ)\curl_threads.obj \
+	$(DIROBJ)\cyassl.obj \
 	$(DIROBJ)\dict.obj \
 	$(DIROBJ)\easy.obj \
 	$(DIROBJ)\escape.obj \
@@ -544,10 +548,13 @@ X_OBJS= \
 	$(DIROBJ)\http_negotiate.obj \
 	$(DIROBJ)\http_negotiate_sspi.obj \
 	$(DIROBJ)\http_proxy.obj \
+	$(DIROBJ)\idn_win32.obj \
 	$(DIROBJ)\if2ip.obj \
 	$(DIROBJ)\imap.obj \
 	$(DIROBJ)\inet_ntop.obj \
 	$(DIROBJ)\inet_pton.obj \
+	$(DIROBJ)\krb4.obj \
+	$(DIROBJ)\krb5.obj \
 	$(DIROBJ)\ldap.obj \
 	$(DIROBJ)\llist.obj \
 	$(DIROBJ)\md4.obj \
@@ -556,15 +563,21 @@ X_OBJS= \
 	$(DIROBJ)\mprintf.obj \
 	$(DIROBJ)\multi.obj \
 	$(DIROBJ)\netrc.obj \
+	$(DIROBJ)\non-ascii.obj \
 	$(DIROBJ)\nonblock.obj \
+	$(DIROBJ)\nss.obj \
 	$(DIROBJ)\openldap.obj \
 	$(DIROBJ)\parsedate.obj \
 	$(DIROBJ)\pingpong.obj \
+	$(DIROBJ)\pipeline.obj \
 	$(DIROBJ)\polarssl.obj \
+	$(DIROBJ)\polarssl_threadlock.obj \
 	$(DIROBJ)\pop3.obj \
 	$(DIROBJ)\progress.obj \
+	$(DIROBJ)\qssl.obj \
 	$(DIROBJ)\rawstr.obj \
 	$(DIROBJ)\rtsp.obj \
+	$(DIROBJ)\security.obj \
 	$(DIROBJ)\select.obj \
 	$(DIROBJ)\sendf.obj \
 	$(DIROBJ)\share.obj \
@@ -578,6 +591,7 @@ X_OBJS= \
 	$(DIROBJ)\ssh.obj \
 	$(DIROBJ)\sslgen.obj \
 	$(DIROBJ)\ssluse.obj \
+	$(DIROBJ)\strdup.obj \
 	$(DIROBJ)\strequal.obj \
 	$(DIROBJ)\strerror.obj \
 	$(DIROBJ)\strtok.obj \
--- a/lib/Makefile.vxworks
+++ b/lib/Makefile.vxworks
@@ -33,8 +33,8 @@ BUILD_TYPE := debug
 USER_CFLAGS:=

 # directories where to seek for includes and libraries
-OPENSSL_INC := D:/libraries/openssl/openssl-0.9.8x-vxWorks6.3/include
-OPENSSL_LIB := D:/libraries/openssl/openssl-0.9.8x-vxWorks6.3
+OPENSSL_INC := D:/libraries/openssl/openssl-0.9.8y-vxWorks6.3/include
+OPENSSL_LIB := D:/libraries/openssl/openssl-0.9.8y-vxWorks6.3
 ZLIB_INC    := D:/libraries/zlib/zlib-1.2.7-VxWorks6.3/zlib-1.2.7
 ZLIB_LIB    := D:/libraries/zlib/zlib-1.2.7-VxWorks6.3/binaries/vxworks_3.1_gnu/Debug/lib
 ARES_INC    :=
--- a/lib/README.pipelining
+++ b/lib/README.pipelining
@@ -42,10 +42,3 @@ Details
  still resolve the second one properly to make sure that they actually _can_
  be considered for pipelining. Also, asking for explicit pipelining on handle
  X may be tricky when handle X get a closed connection.
-
- We need options to control max pipeline length, and probably how to behave
-  if we reach that limit. As was discussed on the list, it can probably be
-  made very complicated, so perhaps we can think of a way to pass all
-  variables involved to a callback and let the application decide how to act
-  in specific situations. Either way, these fancy options are only interesting
-  to work on when everything is working and we have working apps to test with.
--- a/lib/asyn-thread.c
+++ b/lib/asyn-thread.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -170,7 +170,7 @@ struct thread_sync_data {
 struct thread_data {
  curl_thread_t thread_hnd;
  unsigned int poll_interval;
-  int interval_end;
+  long interval_end;
  struct thread_sync_data tsd;
 };

@@ -387,61 +387,27 @@ static bool init_resolve_thread (struct connectdata *conn,
  return FALSE;
 }

-#if defined(HAVE_GETADDRINFO) && !defined(HAVE_GAI_STRERROR) && !defined(WIN32)
-/* NetWare has getaddrinfo but lacks gai_strerror.
-   Windows has a gai_strerror but it is bad (not thread-safe) and the generic
-   socket error string function can be used for this pupose. */
-static const char *gai_strerror(int ecode)
-{
-  switch (ecode) {
-  case EAI_AGAIN:
-    return "The name could not be resolved at this time";
-  case EAI_BADFLAGS:
-    return "The flags parameter had an invalid value";
-  case EAI_FAIL:
-    return "A non-recoverable error occurred when attempting to "
-      "resolve the name";
-  case EAI_FAMILY:
-    return "The address family was not recognized";
-  case EAI_MEMORY:
-    return "Out of memory";
-  case EAI_NONAME:
-    return "The name does not resolve for the supplied parameters";
-  case EAI_SERVICE:
-    return "The service passed was not recognized for the "
-      "specified socket type"
-  case EAI_SOCKTYPE:
-    return "The intended socket type was not recognized"
-  case EAI_SYSTEM:
-    return "A system error occurred";
-  case EAI_OVERFLOW:
-    return "An argument buffer overflowed";
-  default:
-    return "Unknown error";
-
-/* define this now as this is a private implementation of said function */
-#define HAVE_GAI_STRERROR
-}
-#endif
-
-
 /*
 * resolver_error() calls failf() with the appropriate message after a resolve
 * error
 */

-static void resolver_error(struct connectdata *conn, const char *host_or_proxy)
+static CURLcode resolver_error(struct connectdata *conn)
 {
-  failf(conn->data, "Could not resolve %s: %s; %s", host_or_proxy,
-        conn->async.hostname,
-#ifdef HAVE_GAI_STRERROR
-        /* NetWare doesn't have gai_strerror and on Windows it isn't deemed
-           thread-safe */
-        gai_strerror(conn->async.status)
-#else
-        Curl_strerror(conn, conn->async.status)
-#endif
-    );
+  const char *host_or_proxy;
+  CURLcode rc;
+  if(conn->bits.httpproxy) {
+    host_or_proxy = "proxy";
+    rc = CURLE_COULDNT_RESOLVE_PROXY;
+  }
+  else {
+    host_or_proxy = "host";
+    rc = CURLE_COULDNT_RESOLVE_HOST;
+  }
+
+  failf(conn->data, "Could not resolve %s: %s", host_or_proxy,
+        conn->async.hostname);
+  return rc;
 }

 /*
@@ -473,17 +439,9 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
  if(entry)
    *entry = conn->async.dns;

-  if(!conn->async.dns) {
-    /* a name was not resolved */
-    if(conn->bits.httpproxy) {
-      resolver_error(conn, "proxy");
-      rc = CURLE_COULDNT_RESOLVE_PROXY;
-    }
-    else {
-      resolver_error(conn, "host");
-      rc = CURLE_COULDNT_RESOLVE_HOST;
-    }
-  }
+  if(!conn->async.dns)
+    /* a name was not resolved, report error */
+    rc = resolver_error(conn);

  destroy_async_data(&conn->async);

@@ -518,17 +476,18 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn,

  if(done) {
    getaddrinfo_complete(conn);
-    destroy_async_data(&conn->async);

    if(!conn->async.dns) {
-      resolver_error(conn, "host");
-      return CURLE_COULDNT_RESOLVE_HOST;
+      CURLcode rc = resolver_error(conn);
+      destroy_async_data(&conn->async);
+      return rc;
    }
+    destroy_async_data(&conn->async);
    *entry = conn->async.dns;
  }
  else {
    /* poll for name lookup done with exponential backoff up to 250ms */
-    int elapsed = Curl_tvdiff(Curl_tvnow(), data->progress.t_startsingle);
+    long elapsed = Curl_tvdiff(Curl_tvnow(), data->progress.t_startsingle);
    if(elapsed < 0)
      elapsed = 0;

--- a/lib/checksrc.pl
+++ b/lib/checksrc.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 2011 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -153,6 +153,12 @@ sub scanfile {
            checkwarn($line, length($1)+1, $file, $l, "missing space after close paren");
        }

+        # scan for use of banned functions
+        if($l =~ /^(.*\W)(sprintf|vsprintf|strcat|strncat|gets)\s*\(/) {
+            checkwarn($line, length($1), $file, $l,
+                      "use of $2 is banned");
+        }
+
        # check for open brace first on line but not first column
        # only alert if previous line ended with a close paren and wasn't a cpp
        # line
--- a/lib/config-dos.h
+++ b/lib/config-dos.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -79,7 +79,6 @@
 #define HAVE_SYS_SOCKET_H      1
 #define HAVE_SYS_STAT_H        1
 #define HAVE_SYS_TYPES_H       1
-#define HAVE_TERMIOS_H         1
 #define HAVE_TIME_H            1
 #define HAVE_UNISTD_H          1

@@ -149,7 +148,7 @@

 #if defined(__HIGHC__) || \
    (defined(__GNUC__) && (__GNUC__ < 4))
-#define ssize_t    int
+  #define ssize_t  int
 #endif

 #define CURL_CA_BUNDLE  getenv("CURL_CA_BUNDLE")
@@ -162,12 +161,9 @@
  #define HAVE_SIGACTION  1
  #define HAVE_SIGSETJMP  1
  #define HAVE_SYS_TIME_H 1
+  #define HAVE_TERMIOS_H  1
  #define HAVE_VARIADIC_MACROS_GCC 1

-  #if (DJGPP_MINOR >= 4)
-    #define HAVE_STRLCAT  1
-  #endif
-
  /* Because djgpp <= 2.03 doesn't have snprintf() etc. */
  #if (DJGPP_MINOR < 4)
    #define _MPRINTF_REPLACE
@@ -178,11 +174,11 @@

 #elif defined(__HIGHC__)
  #define HAVE_SYS_TIME_H 1
+  #define strerror(e) strerror_s_((e))
 #endif

 #ifdef MSDOS  /* Watt-32 */
-  #define HAVE_CLOSESOCKET_CAMEL  1
-  #define CloseSocket(s)          close_s((s))
+  #define HAVE_CLOSE_S    1
 #endif

 #undef word
--- a/lib/config-os400.h
+++ b/lib/config-os400.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -298,9 +298,6 @@
 /* Define if you have the <string.h> header file. */
 #define HAVE_STRING_H

-/* Define if you have the `strlcat' function. */
-#undef HAVE_STRLCAT
-
 /* Define if you have the `strlcpy' function. */
 #undef HAVE_STRLCPY

--- a/lib/config-riscos.h
+++ b/lib/config-riscos.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -305,9 +305,6 @@
 /* Define if you have the <string.h> header file. */
 #define HAVE_STRING_H

-/* Define if you have the `strlcat' function. */
-#undef HAVE_STRLCAT
-
 /* Define if you have the `strlcpy' function. */
 #undef HAVE_STRLCPY

--- a/lib/config-symbian.h
+++ b/lib/config-symbian.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -504,9 +504,6 @@
 /* Define to 1 if you have the `strcasecmp' function. */
 #define HAVE_STRCASECMP 1

-/* Define to 1 if you have the `strcasestr' function. */
-#define HAVE_STRCASESTR 1
-
 /* Define to 1 if you have the `strcmpi' function. */
 /* #undef HAVE_STRCMPI */

@@ -525,9 +522,6 @@
 /* Define to 1 if you have the <string.h> header file. */
 #define HAVE_STRING_H 1

-/* Define to 1 if you have the `strlcat' function. */
-#define HAVE_STRLCAT 1
-
 /* Define to 1 if you have the `strlcpy' function. */
 #define HAVE_STRLCPY 1

--- a/lib/config-tpf.h
+++ b/lib/config-tpf.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -471,9 +471,6 @@
 /* Define to 1 if you have the <string.h> header file. */
 #define HAVE_STRING_H 1

-/* Define to 1 if you have the `strlcat' function. */
-/* #undef HAVE_STRLCAT */
-
 /* Define to 1 if you have the `strlcpy' function. */
 /* #undef HAVE_STRLCPY */

--- a/lib/config-vxworks.h
+++ b/lib/config-vxworks.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -571,9 +571,6 @@
 /* Define to 1 if you have the strcasecmp function. */
 #define HAVE_STRCASECMP 1

-/* Define to 1 if you have the strcasestr function. */
-/* #undef HAVE_STRCASESTR */
-
 /* Define to 1 if you have the strcmpi function. */
 /* #undef HAVE_STRCMPI */

@@ -592,9 +589,6 @@
 /* Define to 1 if you have the <string.h> header file. */
 #define HAVE_STRING_H 1

-/* Define to 1 if you have the strlcat function. */
-/* #undef HAVE_STRLCAT */
-
 /* Define to 1 if you have the `strlcpy' function. */
 /* #undef HAVE_STRLCPY */

--- a/lib/config-win32.h
+++ b/lib/config-win32.h
@@ -611,8 +611,11 @@
 /* Define to enable c-ares asynchronous DNS lookups. */
 /* #define USE_ARES 1 */

-/* Define to enable threaded asynchronous DNS lookups. */
-#define USE_THREADS_WIN32 1
+/* Default define to enable threaded asynchronous DNS lookups. */
+#if !defined(USE_SYNC_DNS) && !defined(USE_ARES) && \
+    !defined(USE_THREADS_WIN32)
+#  define USE_THREADS_WIN32 1
+#endif

 #if defined(USE_ARES) && defined(USE_THREADS_WIN32)
 #  error "Only one DNS lookup specialty may be defined at most"
--- a/lib/connect.c
+++ b/lib/connect.c
@@ -87,13 +87,23 @@

 static bool verifyconnect(curl_socket_t sockfd, int *error);

-#ifdef __DragonFly__
-/* DragonFlyBSD uses millisecond as KEEPIDLE and KEEPINTVL units */
+#if defined(__DragonFly__) || defined(HAVE_WINSOCK_H)
+/* DragonFlyBSD and Windows use millisecond units */
 #define KEEPALIVE_FACTOR(x) (x *= 1000)
 #else
 #define KEEPALIVE_FACTOR(x)
 #endif

+#if defined(HAVE_WINSOCK_H) && !defined(SIO_KEEPALIVE_VALS)
+#define SIO_KEEPALIVE_VALS    _WSAIOW(IOC_VENDOR,4)
+
+struct tcp_keepalive {
+  u_long onoff;
+  u_long keepalivetime;
+  u_long keepaliveinterval;
+};
+#endif
+
 static void
 tcpkeepalive(struct SessionHandle *data,
             curl_socket_t sockfd)
@@ -106,6 +116,22 @@ tcpkeepalive(struct SessionHandle *data,
    infof(data, "Failed to set SO_KEEPALIVE on fd %d\n", sockfd);
  }
  else {
+#if defined(SIO_KEEPALIVE_VALS)
+    struct tcp_keepalive vals;
+    DWORD dummy;
+    vals.onoff = 1;
+    optval = curlx_sltosi(data->set.tcp_keepidle);
+    KEEPALIVE_FACTOR(optval);
+    vals.keepalivetime = optval;
+    optval = curlx_sltosi(data->set.tcp_keepintvl);
+    KEEPALIVE_FACTOR(optval);
+    vals.keepaliveinterval = optval;
+    if(WSAIoctl(sockfd, SIO_KEEPALIVE_VALS, (LPVOID) &vals, sizeof(vals),
+                NULL, 0, &dummy, NULL, NULL) != 0) {
+      infof(data, "Failed to set SIO_KEEPALIVE_VALS on fd %d: %d\n",
+            (int)sockfd, WSAGetLastError());
+    }
+#else
 #ifdef TCP_KEEPIDLE
    optval = curlx_sltosi(data->set.tcp_keepidle);
    KEEPALIVE_FACTOR(optval);
@@ -121,6 +147,16 @@ tcpkeepalive(struct SessionHandle *data,
          (void *)&optval, sizeof(optval)) < 0) {
      infof(data, "Failed to set TCP_KEEPINTVL on fd %d\n", sockfd);
    }
+#endif
+#ifdef TCP_KEEPALIVE
+    /* Mac OS X style */
+    optval = curlx_sltosi(data->set.tcp_keepidle);
+    KEEPALIVE_FACTOR(optval);
+    if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPALIVE,
+          (void *)&optval, sizeof(optval)) < 0) {
+      infof(data, "Failed to set TCP_KEEPALIVE on fd %d\n", sockfd);
+    }
+#endif
 #endif
  }
 }
@@ -283,41 +319,54 @@ static CURLcode bindlocal(struct connectdata *conn,
    }

    /* interface */
-    if(!is_host && (is_interface || Curl_if_is_interface_name(dev))) {
-      if(Curl_if2ip(af, dev, myhost, sizeof(myhost)) == NULL)
-        return CURLE_INTERFACE_FAILED;
-
-      /*
-       * We now have the numerical IP address in the 'myhost' buffer
-       */
-      infof(data, "Local Interface %s is ip %s using address family %i\n",
-            dev, myhost, af);
-      done = 1;
+    if(!is_host) {
+      switch(Curl_if2ip(af, conn->scope, dev, myhost, sizeof(myhost))) {
+        case IF2IP_NOT_FOUND:
+          if(is_interface) {
+            /* Do not fall back to treating it as a host name */
+            failf(data, "Couldn't bind to interface '%s'", dev);
+            return CURLE_INTERFACE_FAILED;
+          }
+          break;
+        case IF2IP_AF_NOT_SUPPORTED:
+          /* Signal the caller to try another address family if available */
+          return CURLE_UNSUPPORTED_PROTOCOL;
+        case IF2IP_FOUND:
+          is_interface = TRUE;
+          /*
+           * We now have the numerical IP address in the 'myhost' buffer
+           */
+          infof(data, "Local Interface %s is ip %s using address family %i\n",
+                dev, myhost, af);
+          done = 1;

 #ifdef SO_BINDTODEVICE
-      /* I am not sure any other OSs than Linux that provide this feature, and
-       * at the least I cannot test. --Ben
-       *
-       * This feature allows one to tightly bind the local socket to a
-       * particular interface.  This will force even requests to other local
-       * interfaces to go out the external interface.
-       *
-       *
-       * Only bind to the interface when specified as interface, not just as a
-       * hostname or ip address.
-       */
-      if(setsockopt(sockfd, SOL_SOCKET, SO_BINDTODEVICE,
-                    dev, (curl_socklen_t)strlen(dev)+1) != 0) {
-        error = SOCKERRNO;
-        infof(data, "SO_BINDTODEVICE %s failed with errno %d: %s;"
-              " will do regular bind\n",
-              dev, error, Curl_strerror(conn, error));
-        /* This is typically "errno 1, error: Operation not permitted" if
-           you're not running as root or another suitable privileged user */
-      }
+          /* I am not sure any other OSs than Linux that provide this feature,
+           * and at the least I cannot test. --Ben
+           *
+           * This feature allows one to tightly bind the local socket to a
+           * particular interface.  This will force even requests to other
+           * local interfaces to go out the external interface.
+           *
+           *
+           * Only bind to the interface when specified as interface, not just
+           * as a hostname or ip address.
+           */
+          if(setsockopt(sockfd, SOL_SOCKET, SO_BINDTODEVICE,
+                        dev, (curl_socklen_t)strlen(dev)+1) != 0) {
+            error = SOCKERRNO;
+            infof(data, "SO_BINDTODEVICE %s failed with errno %d: %s;"
+                  " will do regular bind\n",
+                  dev, error, Curl_strerror(conn, error));
+            /* This is typically "errno 1, error: Operation not permitted" if
+               you're not running as root or another suitable privileged
+               user */
+          }
 #endif
+          break;
+      }
    }
-    else {
+    if(!is_interface) {
      /*
       * This was not an interface, resolve the name as a host name
       * or IP number
@@ -361,11 +410,26 @@ static CURLcode bindlocal(struct connectdata *conn,
    if(done > 0) {
 #ifdef ENABLE_IPV6
      /* ipv6 address */
-      if((af == AF_INET6) &&
-         (Curl_inet_pton(AF_INET6, myhost, &si6->sin6_addr) > 0)) {
-        si6->sin6_family = AF_INET6;
-        si6->sin6_port = htons(port);
-        sizeof_sa = sizeof(struct sockaddr_in6);
+      if(af == AF_INET6) {
+#ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
+        char *scope_ptr = strchr(myhost, '%');
+
+        if(scope_ptr) *(scope_ptr++) = 0;
+#endif
+        if(Curl_inet_pton(AF_INET6, myhost, &si6->sin6_addr) > 0) {
+          si6->sin6_family = AF_INET6;
+          si6->sin6_port = htons(port);
+#ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
+          if(scope_ptr) {
+            /* The "myhost" string either comes from Curl_if2ip or
+               from Curl_printable_address. The latter returns only
+               numeric scope IDs and the former returns none at all.
+               So the scope ID, if present, is known to be numeric */
+            si6->sin6_scope_id = atoi(scope_ptr);
+          }
+        }
+#endif
+          sizeof_sa = sizeof(struct sockaddr_in6);
      }
      else
 #endif
@@ -825,13 +889,35 @@ static void nosigpipe(struct connectdata *conn,
   Work-around: Make the Socket Send Buffer Size Larger Than the Program Send
   Buffer Size

+   The problem described in this knowledge-base is applied only to pre-Vista
+   Windows.  Following function trying to detect OS version and skips
+   SO_SNDBUF adjustment for Windows Vista and above.
 */
+#define DETECT_OS_NONE 0
+#define DETECT_OS_PREVISTA 1
+#define DETECT_OS_VISTA_OR_LATER 2
+
 void Curl_sndbufset(curl_socket_t sockfd)
 {
  int val = CURL_MAX_WRITE_SIZE + 32;
  int curval = 0;
  int curlen = sizeof(curval);

+  OSVERSIONINFO osver;
+  static int detectOsState = DETECT_OS_NONE;
+
+  if(detectOsState == DETECT_OS_NONE) {
+    memset(&osver, 0, sizeof(osver));
+    osver.dwOSVersionInfoSize = sizeof(osver);
+    detectOsState = DETECT_OS_PREVISTA;
+    if(GetVersionEx(&osver)) {
+      if(osver.dwMajorVersion >= 6)
+        detectOsState = DETECT_OS_VISTA_OR_LATER;
+    }
+  }
+  if(detectOsState == DETECT_OS_VISTA_OR_LATER)
+    return;
+
  if(getsockopt(sockfd, SOL_SOCKET, SO_SNDBUF, (char *)&curval, &curlen) == 0)
    if(curval > val)
      return;
@@ -917,6 +1003,11 @@ singleipconnect(struct connectdata *conn,
  res = bindlocal(conn, sockfd, addr.family);
  if(res) {
    Curl_closesocket(conn, sockfd); /* close socket and bail out */
+    if(res == CURLE_UNSUPPORTED_PROTOCOL) {
+      /* The address family is not supported on this interface.
+         We can continue trying addresses */
+      return CURLE_OK;
+    }
    return res;
  }

--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -118,15 +118,29 @@ static void freecookie(struct Cookie *co)
  free(co);
 }

-static bool tailmatch(const char *little, const char *bigone)
+static bool tailmatch(const char *cooke_domain, const char *hostname)
 {
-  size_t littlelen = strlen(little);
-  size_t biglen = strlen(bigone);
+  size_t cookie_domain_len = strlen(cooke_domain);
+  size_t hostname_len = strlen(hostname);

-  if(littlelen > biglen)
+  if(hostname_len < cookie_domain_len)
    return FALSE;

-  return Curl_raw_equal(little, bigone+biglen-littlelen) ? TRUE : FALSE;
+  if(!Curl_raw_equal(cooke_domain, hostname+hostname_len-cookie_domain_len))
+    return FALSE;
+
+  /* A lead char of cookie_domain is not '.'.
+     RFC6265 4.1.2.3. The Domain Attribute says:
+       For example, if the value of the Domain attribute is
+       "example.com", the user agent will include the cookie in the Cookie
+       header when making HTTP requests to example.com, www.example.com, and
+       www.corp.example.com.
+   */
+  if(hostname_len == cookie_domain_len)
+    return TRUE;
+  if('.' == *(hostname + hostname_len - cookie_domain_len - 1))
+    return TRUE;
+  return FALSE;
 }

 /*
@@ -689,9 +703,9 @@ Curl_cookie_add(struct SessionHandle *data,
      lastc->next = co;
    else
      c->cookies = co;
+    c->numcookies++; /* one more cookie in the jar */
  }

-  c->numcookies++; /* one more cookie in the jar */
  return co;
 }

@@ -777,11 +791,28 @@ static int cookie_sort(const void *p1, const void *p2)
 {
  struct Cookie *c1 = *(struct Cookie **)p1;
  struct Cookie *c2 = *(struct Cookie **)p2;
+  size_t l1, l2;

-  size_t l1 = c1->path?strlen(c1->path):0;
-  size_t l2 = c2->path?strlen(c2->path):0;
+  /* 1 - compare cookie path lengths */
+  l1 = c1->path ? strlen(c1->path) : 0;
+  l2 = c2->path ? strlen(c2->path) : 0;

-  return (l2 > l1) ? 1 : (l2 < l1) ? -1 : 0 ;
+  if(l1 != l2)
+    return (l2 > l1) ? 1 : -1 ; /* avoid size_t <=> int conversions */
+
+  /* 2 - compare cookie domain lengths */
+  l1 = c1->domain ? strlen(c1->domain) : 0;
+  l2 = c2->domain ? strlen(c2->domain) : 0;
+
+  if(l1 != l2)
+    return (l2 > l1) ? 1 : -1 ;  /* avoid size_t <=> int conversions */
+
+  /* 3 - compare cookie names */
+  if(c1->name && c2->name)
+    return strcmp(c1->name, c2->name);
+
+  /* sorry, can't be more deterministic */
+  return 0;
 }

 /*****************************************************************************
--- a/lib/curl_darwinssl.c
+++ b/lib/curl_darwinssl.c
@@ -59,6 +59,7 @@

 /* From MacTypes.h (which we can't include because it isn't present in iOS: */
 #define ioErr -36
+#define paramErr -50

 /* In Mountain Lion and iOS 5, Apple made some changes to the API. They
   added TLS 1.1 and 1.2 support, and deprecated and replaced some
@@ -97,8 +98,8 @@ static OSStatus SocketRead(SSLConnectionRef connection,
    if(rrtn <= 0) {
      /* this is guesswork... */
      theErr = errno;
-      if((rrtn == 0) && (theErr == 0)) {
-        /* try fix for iSync */
+      if(rrtn == 0) { /* EOF = server hung up */
+        /* the framework will turn this into errSSLClosedNoNotify */
        rtn = errSSLClosedGraceful;
      }
      else /* do the switch */
@@ -360,6 +361,7 @@ CF_INLINE const char *TLSCipherNameForNumber(SSLCipherSuite cipher) {
    case TLS_DH_anon_WITH_AES_256_CBC_SHA:
      return "TLS_DH_anon_WITH_AES_256_CBC_SHA";
      break;
+#if defined(__MAC_10_6) || defined(__IPHONE_5_0)
    /* TLS 1.0 with ECDSA (RFC 4492) */
    case TLS_ECDH_ECDSA_WITH_NULL_SHA:
      return "TLS_ECDH_ECDSA_WITH_NULL_SHA";
@@ -436,6 +438,7 @@ CF_INLINE const char *TLSCipherNameForNumber(SSLCipherSuite cipher) {
    case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
      return "TLS_ECDH_anon_WITH_AES_256_CBC_SHA";
      break;
+#endif /* defined(__MAC_10_6) || defined(__IPHONE_5_0) */
 #if defined(__MAC_10_8) || defined(__IPHONE_5_0)
    /* TLS 1.2 (RFC 5246) */
    case TLS_RSA_WITH_NULL_MD5:
@@ -626,39 +629,66 @@ CF_INLINE const char *TLSCipherNameForNumber(SSLCipherSuite cipher) {
  return "TLS_NULL_WITH_NULL_NULL";
 }

-CF_INLINE bool IsRunningMountainLionOrLater(void)
-{
 #if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE))
+CF_INLINE void GetDarwinVersionNumber(int *major, int *minor)
+{
  int mib[2];
  char *os_version;
  size_t os_version_len;
-  char *os_version_major/*, *os_version_minor, *os_version_point*/;
-  int os_version_major_int;
+  char *os_version_major, *os_version_minor/*, *os_version_point*/;

  /* Get the Darwin kernel version from the kernel using sysctl(): */
  mib[0] = CTL_KERN;
  mib[1] = KERN_OSRELEASE;
  if(sysctl(mib, 2, NULL, &os_version_len, NULL, 0) == -1)
-    return false;
+    return;
  os_version = malloc(os_version_len*sizeof(char));
  if(!os_version)
-    return false;
+    return;
  if(sysctl(mib, 2, os_version, &os_version_len, NULL, 0) == -1) {
    free(os_version);
-    return false;
+    return;
  }

-  /* Parse the version. If it's version 12.0.0 or later, then this user is
-     using Mountain Lion. */
+  /* Parse the version: */
  os_version_major = strtok(os_version, ".");
-  /*os_version_minor = strtok(NULL, ".");
-  os_version_point = strtok(NULL, ".");*/
-  os_version_major_int = atoi(os_version_major);
+  os_version_minor = strtok(NULL, ".");
+  /*os_version_point = strtok(NULL, ".");*/
+  *major = atoi(os_version_major);
+  *minor = atoi(os_version_minor);
  free(os_version);
-  return os_version_major_int >= 12;
-#else
-  return true;  /* iOS users: this doesn't concern you */
+}
 #endif
+
+/* Apple provides a myriad of ways of getting information about a certificate
+   into a string. Some aren't available under iOS or newer cats. So here's
+   a unified function for getting a string describing the certificate that
+   ought to work in all cats starting with Leopard. */
+CF_INLINE CFStringRef CopyCertSubject(SecCertificateRef cert)
+{
+  CFStringRef server_cert_summary = CFSTR("(null)");
+
+#if (TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)
+  /* iOS: There's only one way to do this. */
+  server_cert_summary = SecCertificateCopySubjectSummary(cert);
+#else
+#if defined(__MAC_10_7)
+  /* Lion & later: Get the long description if we can. */
+  if(SecCertificateCopyLongDescription != NULL)
+    server_cert_summary =
+      SecCertificateCopyLongDescription(NULL, cert, NULL);
+  else
+#endif /* defined(__MAC_10_7) */
+#if defined(__MAC_10_6)
+  /* Snow Leopard: Get the certificate summary. */
+  if(SecCertificateCopySubjectSummary != NULL)
+    server_cert_summary = SecCertificateCopySubjectSummary(cert);
+  else
+#endif /* defined(__MAC_10_6) */
+  /* Leopard is as far back as we go... */
+  (void)SecCertificateCopyCommonName(cert, &server_cert_summary);
+#endif /* (TARGET_OS_EMBEDDED || TARGET_OS_IPHONE) */
+  return server_cert_summary;
 }

 static CURLcode darwinssl_connect_step1(struct connectdata *conn,
@@ -672,8 +702,14 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
 #else
  struct in_addr addr;
 #endif
-  /*SSLConnectionRef ssl_connection;*/
+  size_t all_ciphers_count = 0UL, allowed_ciphers_count = 0UL, i;
+  SSLCipherSuite *all_ciphers = NULL, *allowed_ciphers = NULL;
  OSStatus err = noErr;
+#if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE))
+  int darwinver_maj = 0, darwinver_min = 0;
+
+  GetDarwinVersionNumber(&darwinver_maj, &darwinver_min);
+#endif

 #if defined(__MAC_10_8) || defined(__IPHONE_5_0)
  if(SSLCreateContext != NULL) {  /* use the newer API if avaialble */
@@ -706,6 +742,7 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
    return CURLE_OUT_OF_MEMORY;
  }
 #endif /* defined(__MAC_10_8) || defined(__IPHONE_5_0) */
+  connssl->ssl_write_buffered_length = 0UL; /* reset buffered write length */

  /* check to see if we've been told to use an explicit SSL/TLS version */
 #if defined(__MAC_10_8) || defined(__IPHONE_5_0)
@@ -817,7 +854,12 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
     to disable certificate validation if the user turned that off.
     (SecureTransport will always validate the certificate chain by
     default.) */
-  if(SSLSetSessionOption != NULL && IsRunningMountainLionOrLater()) {
+  /* (Note: Darwin 12.x.x is Mountain Lion.) */
+#if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE))
+  if(SSLSetSessionOption != NULL && darwinver_maj >= 12) {
+#else
+  if(SSLSetSessionOption != NULL) {
+#endif /* (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) */
    err = SSLSetSessionOption(connssl->ssl_ctx,
                              kSSLSessionOptionBreakOnServerAuth,
                              data->set.ssl.verifypeer?false:true);
@@ -861,6 +903,93 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
    }
  }

+  /* Disable cipher suites that ST supports but are not safe. These ciphers
+     are unlikely to be used in any case since ST gives other ciphers a much
+     higher priority, but it's probably better that we not connect at all than
+     to give the user a false sense of security if the server only supports
+     insecure ciphers. (Note: We don't care about SSLv2-only ciphers.) */
+  (void)SSLGetNumberSupportedCiphers(connssl->ssl_ctx, &all_ciphers_count);
+  all_ciphers = malloc(all_ciphers_count*sizeof(SSLCipherSuite));
+  allowed_ciphers = malloc(all_ciphers_count*sizeof(SSLCipherSuite));
+  if(all_ciphers && allowed_ciphers &&
+     SSLGetSupportedCiphers(connssl->ssl_ctx, all_ciphers,
+       &all_ciphers_count) == noErr) {
+    for(i = 0UL ; i < all_ciphers_count ; i++) {
+#if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE))
+     /* There's a known bug in early versions of Mountain Lion where ST's ECC
+        ciphers (cipher suite 0xC001 through 0xC032) simply do not work.
+        Work around the problem here by disabling those ciphers if we are
+        running in an affected version of OS X. */
+      if(darwinver_maj == 12 && darwinver_min <= 3 &&
+         all_ciphers[i] >= 0xC001 && all_ciphers[i] <= 0xC032) {
+           continue;
+      }
+#endif
+      switch(all_ciphers[i]) {
+        /* Disable NULL ciphersuites: */
+        case SSL_NULL_WITH_NULL_NULL:
+        case SSL_RSA_WITH_NULL_MD5:
+        case SSL_RSA_WITH_NULL_SHA:
+        case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
+        case 0xC001: /* TLS_ECDH_ECDSA_WITH_NULL_SHA */
+        case 0xC006: /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */
+        case 0xC00B: /* TLS_ECDH_RSA_WITH_NULL_SHA */
+        case 0xC010: /* TLS_ECDHE_RSA_WITH_NULL_SHA */
+        /* Disable anonymous ciphersuites: */
+        case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
+        case SSL_DH_anon_WITH_RC4_128_MD5:
+        case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
+        case SSL_DH_anon_WITH_DES_CBC_SHA:
+        case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA:
+        case TLS_DH_anon_WITH_AES_128_CBC_SHA:
+        case TLS_DH_anon_WITH_AES_256_CBC_SHA:
+        case 0xC015: /* TLS_ECDH_anon_WITH_NULL_SHA */
+        case 0xC016: /* TLS_ECDH_anon_WITH_RC4_128_SHA */
+        case 0xC017: /* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA */
+        case 0xC018: /* TLS_ECDH_anon_WITH_AES_128_CBC_SHA */
+        case 0xC019: /* TLS_ECDH_anon_WITH_AES_256_CBC_SHA */
+        case 0x006C: /* TLS_DH_anon_WITH_AES_128_CBC_SHA256 */
+        case 0x006D: /* TLS_DH_anon_WITH_AES_256_CBC_SHA256 */
+        case 0x00A6: /* TLS_DH_anon_WITH_AES_128_GCM_SHA256 */
+        case 0x00A7: /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */
+        /* Disable weak key ciphersuites: */
+        case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
+        case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
+        case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
+        case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
+        case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
+        case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
+        case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
+        case SSL_RSA_WITH_DES_CBC_SHA:
+        case SSL_DH_DSS_WITH_DES_CBC_SHA:
+        case SSL_DH_RSA_WITH_DES_CBC_SHA:
+        case SSL_DHE_DSS_WITH_DES_CBC_SHA:
+        case SSL_DHE_RSA_WITH_DES_CBC_SHA:
+        /* Disable IDEA: */
+        case SSL_RSA_WITH_IDEA_CBC_SHA:
+        case SSL_RSA_WITH_IDEA_CBC_MD5:
+          break;
+        default: /* enable everything else */
+          allowed_ciphers[allowed_ciphers_count++] = all_ciphers[i];
+          break;
+      }
+    }
+    err = SSLSetEnabledCiphers(connssl->ssl_ctx, allowed_ciphers,
+                               allowed_ciphers_count);
+    if(err != noErr) {
+      failf(data, "SSL: SSLSetEnabledCiphers() failed: OSStatus %d", err);
+      return CURLE_SSL_CONNECT_ERROR;
+    }
+  }
+  else {
+    Curl_safefree(all_ciphers);
+    Curl_safefree(allowed_ciphers);
+    failf(data, "SSL: Failed to allocate memory for allowed ciphers");
+    return CURLE_OUT_OF_MEMORY;
+  }
+  Curl_safefree(all_ciphers);
+  Curl_safefree(allowed_ciphers);
+
  err = SSLSetIOFuncs(connssl->ssl_ctx, SocketRead, SocketWrite);
  if(err != noErr) {
    failf(data, "SSL: SSLSetIOFuncs() failed: OSStatus %d", err);
@@ -872,8 +1001,6 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
   * SSLSetConnection() will not copy that address. I've found that
   * conn->sock[sockindex] may change on its own. */
  connssl->ssl_sockfd = sockfd;
-  /*ssl_connection = &(connssl->ssl_sockfd);
-  err = SSLSetConnection(connssl->ssl_ctx, ssl_connection);*/
  err = SSLSetConnection(connssl->ssl_ctx, connssl);
  if(err != noErr) {
    failf(data, "SSL: SSLSetConnection() failed: %d", err);
@@ -907,22 +1034,57 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex)
            ssl_connect_2_writing : ssl_connect_2_reading;
        return CURLE_OK;

-      case errSSLServerAuthCompleted:
+      /* The below is errSSLServerAuthCompleted; it's not defined in
+        Leopard's headers */
+      case -9841:
        /* the documentation says we need to call SSLHandshake() again */
        return darwinssl_connect_step2(conn, sockindex);

+      /* These are all certificate problems with the server: */
      case errSSLXCertChainInvalid:
-      case errSSLUnknownRootCert:
-      case errSSLNoRootCert:
-      case errSSLCertExpired:
-        failf(data, "SSL certificate problem: OSStatus %d", err);
+        failf(data, "SSL certificate problem: Invalid certificate chain");
        return CURLE_SSL_CACERT;
+      case errSSLUnknownRootCert:
+        failf(data, "SSL certificate problem: Untrusted root certificate");
+        return CURLE_SSL_CACERT;
+      case errSSLNoRootCert:
+        failf(data, "SSL certificate problem: No root certificate");
+        return CURLE_SSL_CACERT;
+      case errSSLCertExpired:
+        failf(data, "SSL certificate problem: Certificate chain had an "
+              "expired certificate");
+        return CURLE_SSL_CACERT;
+      case errSSLBadCert:
+        failf(data, "SSL certificate problem: Couldn't understand the server "
+              "certificate format");
+        return CURLE_SSL_CONNECT_ERROR;

+      /* This error is raised if the server's cert didn't match the server's
+         host name: */
      case errSSLHostNameMismatch:
        failf(data, "SSL certificate peer verification failed, the "
              "certificate did not match \"%s\"\n", conn->host.dispname);
        return CURLE_PEER_FAILED_VERIFICATION;

+      /* Generic handshake errors: */
+      case errSSLConnectionRefused:
+        failf(data, "Server dropped the connection during the SSL handshake");
+        return CURLE_SSL_CONNECT_ERROR;
+      case errSSLClosedAbort:
+        failf(data, "Server aborted the SSL handshake");
+        return CURLE_SSL_CONNECT_ERROR;
+      case errSSLNegotiation:
+        failf(data, "Could not negotiate an SSL cipher suite with the server");
+        return CURLE_SSL_CONNECT_ERROR;
+      /* Sometimes paramErr happens with buggy ciphers: */
+      case paramErr: case errSSLInternal:
+        failf(data, "Internal SSL engine error encountered during the "
+              "SSL handshake");
+        return CURLE_SSL_CONNECT_ERROR;
+      case errSSLFatalAlert:
+        failf(data, "Fatal SSL engine error encountered during the SSL "
+              "handshake");
+        return CURLE_SSL_CONNECT_ERROR;
      default:
        failf(data, "Unknown SSL protocol error in connection to %s:%d",
              conn->host.name, err);
@@ -993,7 +1155,7 @@ darwinssl_connect_step3(struct connectdata *conn,
    count = SecTrustGetCertificateCount(trust);
    for(i = 0L ; i < count ; i++) {
      server_cert = SecTrustGetCertificateAtIndex(trust, i);
-      server_cert_summary = SecCertificateCopySubjectSummary(server_cert);
+      server_cert_summary = CopyCertSubject(server_cert);
      memset(server_cert_summary_c, 0, 128);
      if(CFStringGetCString(server_cert_summary,
                            server_cert_summary_c,
@@ -1019,8 +1181,7 @@ darwinssl_connect_step3(struct connectdata *conn,
      count = SecTrustGetCertificateCount(trust);
      for(i = 0L ; i < count ; i++) {
        server_cert = SecTrustGetCertificateAtIndex(trust, i);
-        server_cert_summary =
-          SecCertificateCopyLongDescription(NULL, server_cert, NULL);
+        server_cert_summary = CopyCertSubject(server_cert);
        memset(server_cert_summary_c, 0, 128);
        if(CFStringGetCString(server_cert_summary,
                              server_cert_summary_c,
@@ -1041,7 +1202,7 @@ darwinssl_connect_step3(struct connectdata *conn,
        server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs,
                                                                i);

-        server_cert_summary = SecCertificateCopySubjectSummary(server_cert);
+        server_cert_summary = CopyCertSubject(server_cert);
        memset(server_cert_summary_c, 0, 128);
        if(CFStringGetCString(server_cert_summary,
                              server_cert_summary_c,
@@ -1062,8 +1223,7 @@ darwinssl_connect_step3(struct connectdata *conn,
    count = CFArrayGetCount(server_certs);
    for(i = 0L ; i < count ; i++) {
      server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs, i);
-
-      server_cert_summary = SecCertificateCopySubjectSummary(server_cert);
+      server_cert_summary = CopyCertSubject(server_cert);
      memset(server_cert_summary_c, 0, 128);
      if(CFStringGetCString(server_cert_summary,
                            server_cert_summary_c,
@@ -1384,22 +1544,58 @@ static ssize_t darwinssl_send(struct connectdata *conn,
  /*struct SessionHandle *data = conn->data;*/
  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  size_t processed = 0UL;
-  OSStatus err = SSLWrite(connssl->ssl_ctx, mem, len, &processed);
+  OSStatus err;

-  if(err != noErr) {
+  /* The SSLWrite() function works a little differently than expected. The
+     fourth argument (processed) is currently documented in Apple's
+     documentation as: "On return, the length, in bytes, of the data actually
+     written."
+
+     Now, one could interpret that as "written to the socket," but actually,
+     it returns the amount of data that was written to a buffer internal to
+     the SSLContextRef instead. So it's possible for SSLWrite() to return
+     errSSLWouldBlock and a number of bytes "written" because those bytes were
+     encrypted and written to a buffer, not to the socket.
+
+     So if this happens, then we need to keep calling SSLWrite() over and
+     over again with no new data until it quits returning errSSLWouldBlock. */
+
+  /* Do we have buffered data to write from the last time we were called? */
+  if(connssl->ssl_write_buffered_length) {
+    /* Write the buffered data: */
+    err = SSLWrite(connssl->ssl_ctx, NULL, 0UL, &processed);
    switch (err) {
-      case errSSLWouldBlock:  /* return how much we sent (if anything) */
-        if(processed)
-          return (ssize_t)processed;
+      case noErr:
+        /* processed is always going to be 0 because we didn't write to
+           the buffer, so return how much was written to the socket */
+        processed = connssl->ssl_write_buffered_length;
+        connssl->ssl_write_buffered_length = 0UL;
+        break;
+      case errSSLWouldBlock: /* argh, try again */
        *curlcode = CURLE_AGAIN;
-        return -1;
-        break;
-
+        return -1L;
      default:
-        failf(conn->data, "SSLWrite() return error %d", err);
+        failf(conn->data, "SSLWrite() returned error %d", err);
        *curlcode = CURLE_SEND_ERROR;
-        return -1;
-        break;
+        return -1L;
+    }
+  }
+  else {
+    /* We've got new data to write: */
+    err = SSLWrite(connssl->ssl_ctx, mem, len, &processed);
+    if(err != noErr) {
+      switch (err) {
+        case errSSLWouldBlock:
+          /* Data was buffered but not sent, we have to tell the caller
+             to try sending again, and remember how much was buffered */
+          connssl->ssl_write_buffered_length = len;
+          *curlcode = CURLE_AGAIN;
+          return -1L;
+        default:
+          failf(conn->data, "SSLWrite() returned error %d", err);
+          *curlcode = CURLE_SEND_ERROR;
+          return -1L;
+      }
    }
  }
  return (ssize_t)processed;
@@ -1422,18 +1618,23 @@ static ssize_t darwinssl_recv(struct connectdata *conn,
        if(processed)
          return (ssize_t)processed;
        *curlcode = CURLE_AGAIN;
-        return -1;
+        return -1L;
        break;

-      case errSSLClosedGraceful: /* they're done; fail gracefully */
+      /* errSSLClosedGraceful - server gracefully shut down the SSL session
+         errSSLClosedNoNotify - server hung up on us instead of sending a
+           closure alert notice, read() is returning 0
+         Either way, inform the caller that the server disconnected. */
+      case errSSLClosedGraceful:
+      case errSSLClosedNoNotify:
        *curlcode = CURLE_OK;
-        return -1;
+        return -1L;
        break;

      default:
        failf(conn->data, "SSLRead() return error %d", err);
        *curlcode = CURLE_RECV_ERROR;
-        return -1;
+        return -1L;
        break;
    }
  }
--- a/lib/curl_memory.h
+++ b/lib/curl_memory.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -22,17 +22,86 @@
 *
 ***************************************************************************/

-#include <curl/curl.h> /* for the typedefs */
+/*
+ * Nasty internal details ahead...
+ *
+ * File curl_memory.h must be included by _all_ *.c source files
+ * that use memory related functions strdup, malloc, calloc, realloc
+ * or free, and given source file is used to build libcurl library.
+ *
+ * There is nearly no exception to above rule. All libcurl source
+ * files in 'lib' subdirectory as well as those living deep inside
+ * 'packages' subdirectories and linked together in order to build
+ * libcurl library shall follow it.
+ *
+ * File lib/strdup.c is an exception, given that it provides a strdup
+ * clone implementation while using malloc. Extra care needed inside
+ * this one. TODO: revisit this paragraph and related code.
+ *
+ * The need for curl_memory.h inclusion is due to libcurl's feature
+ * of allowing library user to provide memory replacement functions,
+ * memory callbacks, at runtime with curl_global_init_mem()
+ *
+ * Any *.c source file used to build libcurl library that does not
+ * include curl_memory.h and uses any memory function of the five
+ * mentioned above will compile without any indication, but it will
+ * trigger weird memory related issues at runtime.
+ *
+ * OTOH some source files from 'lib' subdirectory may additionally be
+ * used directly as source code when using some curlx_ functions by
+ * third party programs that don't even use libcurl at all. When using
+ * these source files in this way it is necessary these are compiled
+ * with CURLX_NO_MEMORY_CALLBACKS defined, in order to ensure that no
+ * attempt of calling libcurl's memory callbacks is done from code
+ * which can not use this machinery.
+ *
+ * Notice that libcurl's 'memory tracking' system works chaining into
+ * the memory callback machinery. This implies that when compiling
+ * 'lib' source files with CURLX_NO_MEMORY_CALLBACKS defined this file
+ * disengages usage of libcurl's 'memory tracking' system, defining
+ * MEMDEBUG_NODEFINES and overriding CURLDEBUG purpose.
+ *
+ * CURLX_NO_MEMORY_CALLBACKS takes precedence over CURLDEBUG. This is
+ * done in order to allow building a 'memory tracking' enabled libcurl
+ * and at the same time allow building programs which do not use it.
+ *
+ * Programs and libraries in 'tests' subdirectories have specific
+ * purposes and needs, and as such each one will use whatever fits
+ * best, depending additionally wether it links with libcurl or not.
+ *
+ * Caveat emptor. Proper curlx_* separation is a work in progress
+ * the same as CURLX_NO_MEMORY_CALLBACKS usage, some adjustments may
+ * still be required. IOW don't use them yet, there are sharp edges.
+ */
+
+#ifdef HEADER_CURL_MEMDEBUG_H
+#error "Header memdebug.h shall not be included before curl_memory.h"
+#endif
+
+#ifndef CURLX_NO_MEMORY_CALLBACKS
+
+#include <curl/curl.h> /* for the callback typedefs */

 extern curl_malloc_callback Curl_cmalloc;
 extern curl_free_callback Curl_cfree;
 extern curl_realloc_callback Curl_crealloc;
 extern curl_strdup_callback Curl_cstrdup;
 extern curl_calloc_callback Curl_ccalloc;
+#ifdef WIN32
+extern curl_wcsdup_callback Curl_cwcsdup;
+#endif

 #ifndef CURLDEBUG
-/* Only do this define-mania if we're not using the memdebug system, as that
-   has preference on this magic. */
+
+/*
+ * libcurl's 'memory tracking' system defines strdup, malloc, calloc,
+ * realloc and free, along with others, in memdebug.h in a different
+ * way although still using memory callbacks forward declared above.
+ * When using the 'memory tracking' system (CURLDEBUG defined) we do
+ * not define here the five memory functions given that definitions
+ * from memdebug.h are the ones that shall be used.
+ */
+
 #undef strdup
 #define strdup(ptr) Curl_cstrdup(ptr)
 #undef malloc
@@ -44,6 +113,27 @@ extern curl_calloc_callback Curl_ccalloc;
 #undef free
 #define free(ptr) Curl_cfree(ptr)

+#ifdef WIN32
+#  undef wcsdup
+#  define wcsdup(ptr) Curl_cwcsdup(ptr)
+#  undef _wcsdup
+#  define _wcsdup(ptr) Curl_cwcsdup(ptr)
+#  undef _tcsdup
+#  ifdef UNICODE
+#    define _tcsdup(ptr) Curl_cwcsdup(ptr)
+#  else
+#    define _tcsdup(ptr) Curl_cstrdup(ptr)
+#  endif
 #endif

+#endif /* CURLDEBUG */
+
+#else /* CURLX_NO_MEMORY_CALLBACKS */
+
+#ifndef MEMDEBUG_NODEFINES
+#define MEMDEBUG_NODEFINES
+#endif
+
+#endif /* CURLX_NO_MEMORY_CALLBACKS */
+
 #endif /* HEADER_CURL_MEMORY_H */
--- a/lib/curl_ntlm.c
+++ b/lib/curl_ntlm.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -181,7 +181,6 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
    /* Create a type-1 message */
    error = Curl_ntlm_create_type1_message(userp, passwdp, ntlm, &base64,
                                           &len);
-
    if(error)
      return error;

@@ -190,8 +189,10 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
      *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
                              proxy ? "Proxy-" : "",
                              base64);
-      DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd));
      free(base64);
+      if(!*allocuserpwd)
+        return CURLE_OUT_OF_MEMORY;
+      DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd));
    }
    break;

@@ -207,8 +208,10 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
      *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
                              proxy ? "Proxy-" : "",
                              base64);
-      DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
      free(base64);
+      if(!*allocuserpwd)
+        return CURLE_OUT_OF_MEMORY;
+      DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));

      ntlm->state = NTLMSTATE_TYPE3; /* we send a type-3 */
      authp->done = TRUE;
@@ -218,10 +221,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
  case NTLMSTATE_TYPE3:
    /* connection is already authenticated,
     * don't send a header in future requests */
-    if(*allocuserpwd) {
-      free(*allocuserpwd);
-      *allocuserpwd = NULL;
-    }
+    Curl_safefree(*allocuserpwd);
    authp->done = TRUE;
    break;
  }
--- a/lib/curl_ntlm_core.c
+++ b/lib/curl_ntlm_core.c
@@ -421,7 +421,7 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
 #elif defined(USE_NSS)
    Curl_md4it(ntbuffer, pw, 2 * len);
 #elif defined(USE_DARWINSSL)
-    (void)CC_MD4(pw, 2 * len, ntbuffer);
+    (void)CC_MD4(pw, (CC_LONG)(2 * len), ntbuffer);
 #endif

    memset(ntbuffer + 16, 0, 21 - 16);
--- a/lib/curl_ntlm_msgs.c
+++ b/lib/curl_ntlm_msgs.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -179,10 +179,11 @@ static unsigned int readint_le(unsigned char *buf)
 /*
 * Curl_ntlm_decode_type2_message()
 *
- * This is used to decode a ntlm type-2 message received from a: HTTP, SMTP
- * or POP3 server. The message is first decoded from a base64 string into a
- * raw ntlm message and checked for validity before the appropriate data for
- * creating a type-3 message is written to the given ntlm data structure.
+ * This is used to decode a ntlm type-2 message received from a HTTP or SASL
+ * based (such as SMTP, POP3 or IMAP) server. The message is first decoded
+ * from a base64 string into a raw ntlm message and checked for validity
+ * before the appropriate data for creating a type-3 message is written to
+ * the given ntlm data structure.
 *
 * Parameters:
 *
@@ -305,9 +306,9 @@ static void unicodecpy(unsigned char *dest,
 /*
 * Curl_ntlm_create_type1_message()
 *
- * This is used to generate an already encoded NTLM type-1 message ready
- * for sending to the recipient, be it a: HTTP, SMTP or POP3 server,
- * using the appropriate compile time crypo API.
+ * This is used to generate an already encoded NTLM type-1 message ready for
+ * sending to the recipient, be it a HTTP or SASL based (such as SMTP, POP3
+ * or IMAP) server, using the appropriate compile time crypo API.
 *
 * Parameters:
 *
@@ -552,9 +553,9 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
 /*
 * Curl_ntlm_create_type3_message()
 *
- * This is used to generate an already encoded NTLM type-3 message ready
- * for sending to the recipient, be it a: HTTP, SMTP or POP3 server,
- * using the appropriate compile time crypo API.
+ * This is used to generate an already encoded NTLM type-3 message ready for
+ * sending to the recipient, be it a HTTP or SASL based (such as SMTP, POP3
+ * or IMAP) server, using the appropriate compile time crypo API.
 *
 * Parameters:
 *
--- a/lib/curl_sasl.c
+++ b/lib/curl_sasl.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 2012-2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -90,8 +90,8 @@ static bool sasl_digest_get_key_value(const unsigned char *chlg,
 * Returns CURLE_OK on success.
 */
 CURLcode Curl_sasl_create_plain_message(struct SessionHandle *data,
-                                        const char* userp,
-                                        const char* passwdp,
+                                        const char *userp,
+                                        const char *passwdp,
                                        char **outptr, size_t *outlen)
 {
  char plainauth[2 * MAX_CURL_USER_LENGTH + MAX_CURL_PASSWORD_LENGTH];
@@ -138,7 +138,7 @@ CURLcode Curl_sasl_create_plain_message(struct SessionHandle *data,
 * Returns CURLE_OK on success.
 */
 CURLcode Curl_sasl_create_login_message(struct SessionHandle *data,
-                                        const char* valuep, char **outptr,
+                                        const char *valuep, char **outptr,
                                        size_t *outlen)
 {
  size_t vlen = strlen(valuep);
@@ -179,9 +179,9 @@ CURLcode Curl_sasl_create_login_message(struct SessionHandle *data,
 * Returns CURLE_OK on success.
 */
 CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data,
-                                           const char* chlg64,
-                                           const char* userp,
-                                           const char* passwdp,
+                                           const char *chlg64,
+                                           const char *userp,
+                                           const char *passwdp,
                                           char **outptr, size_t *outlen)
 {
  CURLcode result = CURLE_OK;
@@ -250,10 +250,10 @@ CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data,
 * Returns CURLE_OK on success.
 */
 CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
-                                             const char* chlg64,
-                                             const char* userp,
-                                             const char* passwdp,
-                                             const char* service,
+                                             const char *chlg64,
+                                             const char *userp,
+                                             const char *passwdp,
+                                             const char *service,
                                             char **outptr, size_t *outlen)
 {
  static const char table16[] = "0123456789abcdef";
@@ -283,6 +283,9 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
  if(result)
    return result;

+  if(!chlg)
+    return CURLE_LOGIN_DENIED;
+
  /* Retrieve nonce string from the challenge */
  if(!sasl_digest_get_key_value(chlg, "nonce=\"", nonce,
                                sizeof(nonce), '\"')) {
--- a/lib/curl_sasl.h
+++ b/lib/curl_sasl.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -35,30 +35,30 @@

 /* This is used to generate a base64 encoded PLAIN authentication message */
 CURLcode Curl_sasl_create_plain_message(struct SessionHandle *data,
-                                        const char* userp,
-                                        const char* passwdp,
+                                        const char *userp,
+                                        const char *passwdp,
                                        char **outptr, size_t *outlen);

 /* This is used to generate a base64 encoded LOGIN authentication message
   containing either the user name or password details */
 CURLcode Curl_sasl_create_login_message(struct SessionHandle *data,
-                                        const char* valuep, char **outptr,
+                                        const char *valuep, char **outptr,
                                        size_t *outlen);

 #ifndef CURL_DISABLE_CRYPTO_AUTH
 /* This is used to generate a base64 encoded CRAM-MD5 response message */
 CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data,
-                                           const char* chlg64,
-                                           const char* user,
-                                           const char* passwdp,
+                                           const char *chlg64,
+                                           const char *user,
+                                           const char *passwdp,
                                           char **outptr, size_t *outlen);

 /* This is used to generate a base64 encoded DIGEST-MD5 response message */
 CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
-                                             const char* chlg64,
-                                             const char* user,
-                                             const char* passwdp,
-                                             const char* service,
+                                             const char *chlg64,
+                                             const char *user,
+                                             const char *passwdp,
+                                             const char *service,
                                             char **outptr, size_t *outlen);
 #endif

--- a/lib/curl_schannel.c
+++ b/lib/curl_schannel.c
@@ -1063,6 +1063,7 @@ int Curl_schannel_shutdown(struct connectdata *conn, int sockindex)
   */
  struct SessionHandle *data = conn->data;
  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  struct curl_schannel_cred *cached_cred = NULL;

  infof(data, "schannel: shutting down SSL/TLS connection with %s port %hu\n",
        conn->host.name, conn->remote_port);
@@ -1126,15 +1127,32 @@ int Curl_schannel_shutdown(struct connectdata *conn, int sockindex)

    /* free SSPI Schannel API security context handle */
    if(connssl->ctxt) {
+      infof(data, "schannel: clear security context handle\n");
      s_pSecFn->DeleteSecurityContext(&connssl->ctxt->ctxt_handle);
      Curl_safefree(connssl->ctxt);
    }

-    /* decrement the reference counter of the credential/session handle */
-    if(connssl->cred && connssl->cred->refcount > 0) {
-      connssl->cred->refcount--;
-      infof(data, "schannel: decremented credential handle refcount = %d\n",
-            connssl->cred->refcount);
+    /* free SSPI Schannel API credential handle */
+    if(connssl->cred) {
+      /* decrement the reference counter of the credential/session handle */
+      if(connssl->cred->refcount > 0) {
+        connssl->cred->refcount--;
+        infof(data, "schannel: decremented credential handle refcount = %d\n",
+              connssl->cred->refcount);
+      }
+
+      /* if the handle refcount is zero, check if we have not cached it */
+      if(connssl->cred->refcount == 0) {
+        if(Curl_ssl_getsessionid(conn, (void**)&cached_cred, NULL)) {
+          cached_cred = NULL;
+        }
+        /* if the handle was not cached, it is stale to be freed */
+        if(connssl->cred != cached_cred) {
+          infof(data, "schannel: clear credential handle\n");
+          s_pSecFn->FreeCredentialsHandle(&connssl->cred->cred_handle);
+          Curl_safefree(connssl->cred);
+        }
+      }
    }
  }

--- a/lib/curl_setup.h
+++ b/lib/curl_setup.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -270,6 +270,7 @@
 #    endif
 #  endif
 #  include <tchar.h>
+   typedef wchar_t *(*curl_wcsdup_callback)(const wchar_t *str);
 #endif

 /*
@@ -694,4 +695,9 @@ int netware_init(void);
 #define S_ISREG(m) (((m) & S_IFMT) == S_IFREG)
 #endif

+/* Define S_ISDIR if not defined by system headers, f.e. MSVC */
+#if !defined(S_ISDIR) && defined(S_IFMT) && defined(S_IFDIR)
+#define S_ISDIR(m) (((m) & S_IFMT) == S_IFDIR)
+#endif
+
 #endif /* HEADER_CURL_SETUP_H */
--- a/lib/curl_setup_once.h
+++ b/lib/curl_setup_once.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -257,6 +257,8 @@ struct timeval {
 #  define sclose(x)  closesocket((x))
 #elif defined(HAVE_CLOSESOCKET_CAMEL)
 #  define sclose(x)  CloseSocket((x))
+#elif defined(HAVE_CLOSE_S)
+#  define sclose(x)  close_s((x))
 #elif defined(USE_LWIPSOCK)
 #  define sclose(x)  lwip_close((x))
 #else
--- a/lib/easy.c
+++ b/lib/easy.c
@@ -22,6 +22,14 @@

 #include "curl_setup.h"

+/*
+ * See comment in curl_memory.h for the explanation of this sanity check.
+ */
+
+#ifdef CURLX_NO_MEMORY_CALLBACKS
+#error "libcurl shall not ever be built with CURLX_NO_MEMORY_CALLBACKS defined"
+#endif
+
 #ifdef HAVE_NETINET_IN_H
 #include <netinet/in.h>
 #endif
@@ -189,6 +197,9 @@ curl_free_callback Curl_cfree = (curl_free_callback)free;
 curl_realloc_callback Curl_crealloc = (curl_realloc_callback)realloc;
 curl_strdup_callback Curl_cstrdup = (curl_strdup_callback)system_strdup;
 curl_calloc_callback Curl_ccalloc = (curl_calloc_callback)calloc;
+#ifdef WIN32
+curl_wcsdup_callback Curl_cwcsdup = (curl_wcsdup_callback)wcsdup;
+#endif
 #else
 /*
 * Symbian OS doesn't support initialization to code in writeable static data.
@@ -220,6 +231,9 @@ CURLcode curl_global_init(long flags)
  Curl_crealloc = (curl_realloc_callback)realloc;
  Curl_cstrdup = (curl_strdup_callback)system_strdup;
  Curl_ccalloc = (curl_calloc_callback)calloc;
+#ifdef WIN32
+  Curl_cwcsdup = (curl_wcsdup_callback)wcsdup;
+#endif

  if(flags & CURL_GLOBAL_SSL)
    if(!Curl_ssl_init()) {
@@ -262,6 +276,9 @@ CURLcode curl_global_init(long flags)
  }
 #endif

+  if(flags & CURL_GLOBAL_ACK_EINTR)
+    Curl_ack_eintr = 1;
+
  init_flags  = flags;

  /* Preset pseudo-random number sequence. */
@@ -426,6 +443,9 @@ CURLcode curl_easy_perform(CURL *easy)
    data->multi_easy = multi;
  }

+  /* Copy the MAXCONNECTS option to the multi handle */
+  curl_multi_setopt(multi, CURLMOPT_MAXCONNECTS, data->set.maxconnects);
+
  mcode = curl_multi_add_handle(multi, easy);
  if(mcode) {
    curl_multi_cleanup(multi);
@@ -441,11 +461,19 @@ CURLcode curl_easy_perform(CURL *easy)

  while(!done && !mcode) {
    int still_running;
+    int ret;

-    mcode = curl_multi_wait(multi, NULL, 0, 1000, NULL);
+    mcode = curl_multi_wait(multi, NULL, 0, 1000, &ret);
+
+    if(mcode == CURLM_OK) {
+      if(ret == -1) {
+        /* poll() failed not on EINTR, indicate a network problem */
+        code = CURLE_RECV_ERROR;
+        break;
+      }

-    if(mcode == CURLM_OK)
      mcode = curl_multi_perform(multi, &still_running);
+    }

    /* only read 'still_running' if curl_multi_perform() return OK */
    if((mcode == CURLM_OK) && !still_running) {
--- a/lib/formdata.c
+++ b/lib/formdata.c
@@ -56,6 +56,7 @@ static char *Curl_basename(char *path);
 #endif

 static size_t readfromfile(struct Form *form, char *buffer, size_t size);
+static char *formboundary(void);

 /* What kind of Content-Type to use on un-specified files with unrecognized
   extensions. */
@@ -830,7 +831,7 @@ static CURLcode AddFormData(struct FormData **formp,
         file */
      if(!strequal("-", newform->line)) {
        struct_stat file;
-        if(!stat(newform->line, &file) && S_ISREG(file.st_mode))
+        if(!stat(newform->line, &file) && !S_ISDIR(file.st_mode))
          *size += file.st_size;
        else
          return CURLE_BAD_FUNCTION_ARGUMENT;
@@ -1100,7 +1101,7 @@ CURLcode Curl_getformdata(struct SessionHandle *data,
  if(!post)
    return result; /* no input => no output! */

-  boundary = Curl_FormBoundary();
+  boundary = formboundary();
  if(!boundary)
    return CURLE_OUT_OF_MEMORY;

@@ -1156,7 +1157,7 @@ CURLcode Curl_getformdata(struct SessionHandle *data,
         the magic to include several files with the same field name */

      Curl_safefree(fileboundary);
-      fileboundary = Curl_FormBoundary();
+      fileboundary = formboundary();
      if(!fileboundary) {
        result = CURLE_OUT_OF_MEMORY;
        break;
@@ -1459,6 +1460,34 @@ char *Curl_formpostheader(void *formp, size_t *len)
  return header;
 }

+/*
+ * formboundary() creates a suitable boundary string and returns an allocated
+ * one.
+ */
+static char *formboundary(void)
+{
+  char *retstring;
+  size_t i;
+
+  static const char table16[]="0123456789abcdef";
+
+  retstring = malloc(BOUNDARY_LENGTH+1);
+
+  if(!retstring)
+    return NULL; /* failed */
+
+  strcpy(retstring, "----------------------------");
+
+  for(i=strlen(retstring); i<BOUNDARY_LENGTH; i++)
+    retstring[i] = table16[Curl_rand()%16];
+
+  /* 28 dashes and 12 hexadecimal digits makes 12^16 (184884258895036416)
+     combinations */
+  retstring[BOUNDARY_LENGTH]=0; /* zero terminate */
+
+  return retstring;
+}
+
 #else  /* CURL_DISABLE_HTTP */
 CURLFORMcode curl_formadd(struct curl_httppost **httppost,
                          struct curl_httppost **last_post,
@@ -1484,37 +1513,5 @@ void curl_formfree(struct curl_httppost *form)
  /* does nothing HTTP is disabled */
 }

-#endif  /* CURL_DISABLE_HTTP */

-#if !defined(CURL_DISABLE_HTTP) || defined(USE_SSLEAY)
-
-/*
- * Curl_FormBoundary() creates a suitable boundary string and returns an
- * allocated one. This is also used by SSL-code so it must be present even
- * if HTTP is disabled!
- */
-char *Curl_FormBoundary(void)
-{
-  char *retstring;
-  size_t i;
-
-  static const char table16[]="0123456789abcdef";
-
-  retstring = malloc(BOUNDARY_LENGTH+1);
-
-  if(!retstring)
-    return NULL; /* failed */
-
-  strcpy(retstring, "----------------------------");
-
-  for(i=strlen(retstring); i<BOUNDARY_LENGTH; i++)
-    retstring[i] = table16[Curl_rand()%16];
-
-  /* 28 dashes and 12 hexadecimal digits makes 12^16 (184884258895036416)
-     combinations */
-  retstring[BOUNDARY_LENGTH]=0; /* zero terminate */
-
-  return retstring;
-}
-
-#endif  /* !defined(CURL_DISABLE_HTTP) || defined(USE_SSLEAY) */
+#endif  /* !defined(CURL_DISABLE_HTTP) */
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -162,8 +162,6 @@ static CURLcode ftp_dophase_done(struct connectdata *conn,
                                 bool connected);

 /* easy-to-use macro: */
-#define FTPSENDF(x,y,z)    if((result = Curl_ftpsendf(x,y,z)) != CURLE_OK) \
-                              return result
 #define PPSENDF(x,y,z)  if((result = Curl_pp_sendf(x,y,z)) != CURLE_OK) \
                              return result

@@ -598,17 +596,17 @@ static CURLcode AllowServerConnect(struct connectdata *conn, bool *connected)
 /* macro to check for the last line in an FTP server response */
 #define LASTLINE(line) (STATUSCODE(line) && (' ' == line[3]))

-static int ftp_endofresp(struct pingpong *pp,
-                         int *code)
+static bool ftp_endofresp(struct connectdata *conn, char *line, size_t len,
+                          int *code)
 {
-  char *line = pp->linestart_resp;
-  size_t len = pp->nread_resp;
+  (void)conn;

  if((len > 3) && LASTLINE(line)) {
    *code = curlx_sltosi(strtol(line, NULL, 10));
-    return 1;
+    return TRUE;
  }
-  return 0;
+
+  return FALSE;
 }

 static CURLcode ftp_readresp(curl_socket_t sockfd,
@@ -880,14 +878,16 @@ static int ftp_domore_getsock(struct connectdata *conn, curl_socket_t *socks,
     remote site, or we could wait for that site to connect to us. Or just
     handle ordinary commands.

-     When waiting for a connect, we will be in FTP_STOP state and then we wait
-     for the secondary socket to become writeable. If we're in another state,
-     we're still handling commands on the control (primary) connection.
+     When waiting for a connect, we can be in FTP_STOP state (or we're in
+     FTP_STOR when we do an upload) and then we wait for the secondary socket
+     to become writeable. . If we're in another state, we're still handling
+     commands on the control (primary) connection.

  */

  switch(ftpc->state) {
  case FTP_STOP:
+  case FTP_STOR:
    break;
  default:
    return Curl_pp_getsock(&conn->proto.ftpc.pp, socks, numsocks);
@@ -1068,12 +1068,17 @@ static CURLcode ftp_state_use_port(struct connectdata *conn,

    if(*addr != '\0') {
      /* attempt to get the address of the given interface name */
-      if(!Curl_if2ip(conn->ip_addr->ai_family, addr,
-                     hbuf, sizeof(hbuf)))
-        /* not an interface, use the given string as host name instead */
-        host = addr;
-      else
-        host = hbuf; /* use the hbuf for host name */
+      switch(Curl_if2ip(conn->ip_addr->ai_family, conn->scope, addr,
+                     hbuf, sizeof(hbuf))) {
+        case IF2IP_NOT_FOUND:
+          /* not an interface, use the given string as host name instead */
+          host = addr;
+          break;
+        case IF2IP_AF_NOT_SUPPORTED:
+          return CURLE_FTP_PORT_FAILED;
+        case IF2IP_FOUND:
+          host = hbuf; /* use the hbuf for host name */
+      }
    }
    else
      /* there was only a port(-range) given, default the host */
@@ -2866,13 +2871,19 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
          return CURLE_OUT_OF_MEMORY;

        /* Reply format is like
-           257<space>"<directory-name>"<space><commentary> and the RFC959
-           says
+           257<space>[rubbish]"<directory-name>"<space><commentary> and the
+           RFC959 says

           The directory name can contain any character; embedded
           double-quotes should be escaped by double-quotes (the
           "quote-doubling" convention).
        */
+
+        /* scan for the first double-quote for non-standard responses */
+        while(ptr < &data->state.buffer[sizeof(data->state.buffer)]
+              && *ptr != '\n' && *ptr != '\0' && *ptr != '"')
+          ptr++;
+
        if('\"' == *ptr) {
          /* it started good */
          ptr++;
@@ -3124,7 +3135,7 @@ static CURLcode ftp_multi_statemach(struct connectdata *conn,
                                    bool *done)
 {
  struct ftp_conn *ftpc = &conn->proto.ftpc;
-  CURLcode result = Curl_pp_multi_statemach(&ftpc->pp);
+  CURLcode result = Curl_pp_statemach(&ftpc->pp, FALSE);

  /* Check for the state outside of the Curl_socket_ready() return code checks
     since at times we are in fact already in this state when this function
@@ -3134,14 +3145,14 @@ static CURLcode ftp_multi_statemach(struct connectdata *conn,
  return result;
 }

-static CURLcode ftp_easy_statemach(struct connectdata *conn)
+static CURLcode ftp_block_statemach(struct connectdata *conn)
 {
  struct ftp_conn *ftpc = &conn->proto.ftpc;
  struct pingpong *pp = &ftpc->pp;
  CURLcode result = CURLE_OK;

  while(ftpc->state != FTP_STOP) {
-    result = Curl_pp_easy_statemach(pp);
+    result = Curl_pp_statemach(pp, TRUE);
    if(result)
      break;
  }
@@ -3369,7 +3380,7 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
 #endif

  if(conn->sock[SECONDARYSOCKET] != CURL_SOCKET_BAD) {
-    if(!result && ftpc->dont_check && data->req.maxdownload > 0)
+    if(!result && ftpc->dont_check && data->req.maxdownload > 0) {
      /* partial download completed */
      result = Curl_pp_sendf(pp, "ABOR");
      if(result) {
@@ -3378,6 +3389,7 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
        ftpc->ctl_valid = FALSE; /* mark control connection as bad */
        conn->bits.close = TRUE; /* mark for connection closure */
      }
+    }

    if(conn->ssl[SECONDARYSOCKET].use) {
      /* The secondary socket is using SSL so we must close down that part
@@ -3523,7 +3535,7 @@ CURLcode ftp_sendquote(struct connectdata *conn, struct curl_slist *quote)
        acceptfail = TRUE;
      }

-      FTPSENDF(conn, "%s", cmd);
+      PPSENDF(&conn->proto.ftpc.pp, "%s", cmd);

      pp->response = Curl_tvnow(); /* timeout relative now */

@@ -3978,16 +3990,11 @@ static CURLcode wc_statemach(struct connectdata *conn)
    /* filelist has at least one file, lets get first one */
    struct ftp_conn *ftpc = &conn->proto.ftpc;
    struct curl_fileinfo *finfo = wildcard->filelist->head->ptr;
-    char *tmp_path = malloc(strlen(conn->data->state.path) +
-                      strlen(finfo->filename) + 1);
-    if(!tmp_path) {
-      return CURLE_OUT_OF_MEMORY;
-    }

-    tmp_path[0] = 0;
-    /* make full path to matched file */
-    strcat(tmp_path, wildcard->path);
-    strcat(tmp_path, finfo->filename);
+    char *tmp_path = aprintf("%s%s", wildcard->path, finfo->filename);
+    if(!tmp_path)
+      return CURLE_OUT_OF_MEMORY;
+
    /* switch default "state.pathbuffer" and tmp_path, good to see
       ftp_parse_url_path function to understand this trick */
    Curl_safefree(conn->data->state.pathbuffer);
@@ -4124,13 +4131,13 @@ CURLcode Curl_ftpsendf(struct connectdata *conn,

  va_list ap;
  va_start(ap, fmt);
-  vsnprintf(s, SBUF_SIZE-3, fmt, ap);
+  write_len = vsnprintf(s, SBUF_SIZE-3, fmt, ap);
  va_end(ap);

-  strcat(s, "\r\n"); /* append a trailing CRLF */
+  strcpy(&s[write_len], "\r\n"); /* append a trailing CRLF */
+  write_len +=2;

  bytes_written=0;
-  write_len = strlen(s);

  res = Curl_convert_to_network(conn->data, s, write_len);
  /* Curl_convert_to_network calls failf if unsuccessful */
@@ -4193,7 +4200,7 @@ static CURLcode ftp_quit(struct connectdata *conn)

    state(conn, FTP_QUIT);

-    result = ftp_easy_statemach(conn);
+    result = ftp_block_statemach(conn);
  }

  return result;
--- a/lib/ftp.h
+++ b/lib/ftp.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -97,13 +97,6 @@ typedef enum {
                            file */
 } curl_ftpfile;

-typedef enum {
-  FTPTRANSFER_BODY, /* yes do transfer a body */
-  FTPTRANSFER_INFO, /* do still go through to get info/headers */
-  FTPTRANSFER_NONE, /* don't get anything and don't get info */
-  FTPTRANSFER_LAST  /* end of list marker, never used */
-} curl_ftptransfer;
-
 /* This FTP struct is used in the SessionHandle. All FTP data that is
   connection-oriented must be in FTP_conn to properly deal with the fact that
   perhaps the SessionHandle is changed between the times the connection is
@@ -115,7 +108,7 @@ struct FTP {

  /* transfer a file/body or not, done as a typedefed enum just to make
     debuggers display the full symbol and not just the numerical value */
-  curl_ftptransfer transfer;
+  curl_pp_transfer transfer;
  curl_off_t downloadsize;
 };

--- a/lib/hash.h
+++ b/lib/hash.h
@@ -104,4 +104,3 @@ void Curl_hash_print(struct curl_hash *h,


 #endif /* HEADER_CURL_HASH_H */
-
--- a/lib/http.c
+++ b/lib/http.c
@@ -73,6 +73,8 @@
 #include "http_proxy.h"
 #include "warnless.h"
 #include "non-ascii.h"
+#include "bundles.h"
+#include "pipeline.h"

 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -1737,8 +1739,11 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
    conn->bits.authneg = FALSE;

  Curl_safefree(conn->allocptr.ref);
-  if(data->change.referer && !Curl_checkheaders(data, "Referer:"))
+  if(data->change.referer && !Curl_checkheaders(data, "Referer:")) {
    conn->allocptr.ref = aprintf("Referer: %s\r\n", data->change.referer);
+    if(!conn->allocptr.ref)
+      return CURLE_OUT_OF_MEMORY;
+  }
  else
    conn->allocptr.ref = NULL;

@@ -3148,13 +3153,19 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
        }
        else if(conn->httpversion >= 11 &&
                !conn->bits.close) {
+          struct connectbundle *cb_ptr;

          /* If HTTP version is >= 1.1 and connection is persistent
             server supports pipelining. */
          DEBUGF(infof(data,
                       "HTTP 1.1 or later with persistent connection, "
                       "pipelining supported\n"));
-          conn->server_supports_pipelining = TRUE;
+          /* Activate pipelining if needed */
+          cb_ptr = conn->bundle;
+          if(cb_ptr) {
+            if(!Curl_pipeline_site_blacklisted(data, conn))
+              cb_ptr->server_supports_pipelining = TRUE;
+          }
        }

        switch(k->httpcode) {
@@ -3231,6 +3242,16 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
        data->info.contenttype = contenttype;
      }
    }
+    else if(checkprefix("Server:", k->p)) {
+      char *server_name = copy_header_value(k->p);
+
+      /* Turn off pipelining if the server version is blacklisted */
+      if(conn->bundle && conn->bundle->server_supports_pipelining) {
+        if(Curl_pipeline_server_blacklisted(data, server_name))
+          conn->bundle->server_supports_pipelining = FALSE;
+      }
+      Curl_safefree(server_name);
+    }
    else if((conn->httpversion == 10) &&
            conn->bits.httpproxy &&
            Curl_compareheader(k->p,
--- a/lib/http_digest.c
+++ b/lib/http_digest.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -287,6 +287,7 @@ CURLcode Curl_output_digest(struct connectdata *conn,
  struct timeval now;

  char **allocuserpwd;
+  size_t userlen;
  const char *userp;
  const char *passwdp;
  struct auth *authp;
@@ -533,10 +534,11 @@ CURLcode Curl_output_digest(struct connectdata *conn,
  }

  /* append CRLF + zero (3 bytes) to the userpwd header */
-  tmp = realloc(*allocuserpwd, strlen(*allocuserpwd) + 3);
+  userlen = strlen(*allocuserpwd);
+  tmp = realloc(*allocuserpwd, userlen + 3);
  if(!tmp)
    return CURLE_OUT_OF_MEMORY;
-  strcat(tmp, "\r\n");
+  strcpy(&tmp[userlen], "\r\n"); /* append the data */
  *allocuserpwd = tmp;

  return CURLE_OK;
--- a/lib/http_negotiate.c
+++ b/lib/http_negotiate.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -135,7 +135,7 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
  struct SessionHandle *data = conn->data;
  struct negotiatedata *neg_ctx = proxy?&data->state.proxyneg:
    &data->state.negotiate;
-  OM_uint32 major_status, minor_status, minor_status2;
+  OM_uint32 major_status, minor_status, discard_st;
  gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
  gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
  int ret;
@@ -192,46 +192,50 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
      return -1;
    input_token.length = rawlen;

+    DEBUGASSERT(input_token.value != NULL);
+
 #ifdef HAVE_SPNEGO /* Handle SPNEGO */
    if(checkprefix("Negotiate", header)) {
-      ASN1_OBJECT *   object            = NULL;
-      unsigned char * spnegoToken       = NULL;
+      unsigned char  *spnegoToken       = NULL;
      size_t          spnegoTokenLength = 0;
-      unsigned char * mechToken         = NULL;
-      size_t          mechTokenLength   = 0;
-
-      if(input_token.value == NULL)
-        return CURLE_OUT_OF_MEMORY;
+      gss_buffer_desc mechToken         = GSS_C_EMPTY_BUFFER;

      spnegoToken = malloc(input_token.length);
-      if(spnegoToken == NULL)
+      if(spnegoToken == NULL) {
+        Curl_safefree(input_token.value);
        return CURLE_OUT_OF_MEMORY;
-
+      }
+      memcpy(spnegoToken, input_token.value, input_token.length);
      spnegoTokenLength = input_token.length;

-      object = OBJ_txt2obj ("1.2.840.113554.1.2.2", 1);
      if(!parseSpnegoTargetToken(spnegoToken,
                                 spnegoTokenLength,
                                 NULL,
                                 NULL,
-                                 &mechToken,
-                                 &mechTokenLength,
+                                 (unsigned char**)&mechToken.value,
+                                 &mechToken.length,
                                 NULL,
                                 NULL)) {
-        free(spnegoToken);
-        spnegoToken = NULL;
+        Curl_safefree(spnegoToken);
        infof(data, "Parse SPNEGO Target Token failed\n");
      }
+      else if(!mechToken.value || !mechToken.length) {
+        Curl_safefree(spnegoToken);
+        if(mechToken.value)
+          gss_release_buffer(&discard_st, &mechToken);
+        infof(data, "Parse SPNEGO Target Token succeeded (NULL token)\n");
+      }
      else {
-        free(input_token.value);
-        input_token.value = malloc(mechTokenLength);
-        if(input_token.value == NULL)
+        Curl_safefree(spnegoToken);
+        Curl_safefree(input_token.value);
+        input_token.value = malloc(mechToken.length);
+        if(input_token.value == NULL) {
+          gss_release_buffer(&discard_st, &mechToken);
          return CURLE_OUT_OF_MEMORY;
-
-        memcpy(input_token.value, mechToken,mechTokenLength);
-        input_token.length = mechTokenLength;
-        free(mechToken);
-        mechToken = NULL;
+        }
+        memcpy(input_token.value, mechToken.value, mechToken.length);
+        input_token.length = mechToken.length;
+        gss_release_buffer(&discard_st, &mechToken);
        infof(data, "Parse SPNEGO Target Token succeeded\n");
      }
    }
@@ -246,23 +250,23 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
                                           &input_token,
                                           &output_token,
                                           NULL);
-  if(input_token.length > 0)
-    gss_release_buffer(&minor_status2, &input_token);
+  Curl_safefree(input_token.value);
+
  neg_ctx->status = major_status;
  if(GSS_ERROR(major_status)) {
-    /* Curl_cleanup_negotiate(data) ??? */
-    log_gss_error(conn, minor_status,
-                  "gss_init_sec_context() failed: ");
+    if(output_token.value)
+      gss_release_buffer(&discard_st, &output_token);
+    log_gss_error(conn, minor_status, "gss_init_sec_context() failed: ");
    return -1;
  }

-  if(output_token.length == 0) {
+  if(!output_token.value || !output_token.length) {
+    if(output_token.value)
+      gss_release_buffer(&discard_st, &output_token);
    return -1;
  }

  neg_ctx->output_token = output_token;
-  /* conn->bits.close = FALSE; */
-
  return 0;
 }

@@ -275,14 +279,14 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
  size_t len = 0;
  char *userp;
  CURLcode error;
+  OM_uint32 discard_st;

 #ifdef HAVE_SPNEGO /* Handle SPNEGO */
  if(checkprefix("Negotiate", neg_ctx->protocol)) {
-    ASN1_OBJECT *   object            = NULL;
-    unsigned char * spnegoToken       = NULL;
-    size_t          spnegoTokenLength = 0;
-    unsigned char * responseToken       = NULL;
+    ASN1_OBJECT    *object              = NULL;
+    unsigned char  *responseToken       = NULL;
    size_t          responseTokenLength = 0;
+    gss_buffer_desc spnegoToken         = GSS_C_EMPTY_BUFFER;

    responseToken = malloc(neg_ctx->output_token.length);
    if(responseToken == NULL)
@@ -291,30 +295,34 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
           neg_ctx->output_token.length);
    responseTokenLength = neg_ctx->output_token.length;

-    object=OBJ_txt2obj ("1.2.840.113554.1.2.2", 1);
-    if(!makeSpnegoInitialToken (object,
-                                 responseToken,
-                                 responseTokenLength,
-                                 &spnegoToken,
-                                 &spnegoTokenLength)) {
-      free(responseToken);
-      responseToken = NULL;
+    object = OBJ_txt2obj("1.2.840.113554.1.2.2", 1);
+    if(!object) {
+      Curl_safefree(responseToken);
+      return CURLE_OUT_OF_MEMORY;
+    }
+
+    if(!makeSpnegoInitialToken(object,
+                               responseToken,
+                               responseTokenLength,
+                               (unsigned char**)&spnegoToken.value,
+                               &spnegoToken.length)) {
+      Curl_safefree(responseToken);
+      ASN1_OBJECT_free(object);
      infof(conn->data, "Make SPNEGO Initial Token failed\n");
    }
+    else if(!spnegoToken.value || !spnegoToken.length) {
+      Curl_safefree(responseToken);
+      ASN1_OBJECT_free(object);
+      if(spnegoToken.value)
+        gss_release_buffer(&discard_st, &spnegoToken);
+      infof(conn->data, "Make SPNEGO Initial Token succeeded (NULL token)\n");
+    }
    else {
-      free(responseToken);
-      responseToken = NULL;
-      free(neg_ctx->output_token.value);
-      neg_ctx->output_token.value = malloc(spnegoTokenLength);
-      if(neg_ctx->output_token.value == NULL) {
-        free(spnegoToken);
-        spnegoToken = NULL;
-        return CURLE_OUT_OF_MEMORY;
-      }
-      memcpy(neg_ctx->output_token.value, spnegoToken,spnegoTokenLength);
-      neg_ctx->output_token.length = spnegoTokenLength;
-      free(spnegoToken);
-      spnegoToken = NULL;
+      Curl_safefree(responseToken);
+      ASN1_OBJECT_free(object);
+      gss_release_buffer(&discard_st, &neg_ctx->output_token);
+      neg_ctx->output_token.value = spnegoToken.value;
+      neg_ctx->output_token.length = spnegoToken.length;
      infof(conn->data, "Make SPNEGO Initial Token succeeded\n");
    }
  }
@@ -324,26 +332,33 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
                             neg_ctx->output_token.length,
                             &encoded, &len);
  if(error) {
-    Curl_safefree(neg_ctx->output_token.value);
+    gss_release_buffer(&discard_st, &neg_ctx->output_token);
    neg_ctx->output_token.value = NULL;
+    neg_ctx->output_token.length = 0;
    return error;
  }

-  if(len == 0) {
-    Curl_safefree(neg_ctx->output_token.value);
+  if(!encoded || !len) {
+    gss_release_buffer(&discard_st, &neg_ctx->output_token);
    neg_ctx->output_token.value = NULL;
+    neg_ctx->output_token.length = 0;
    return CURLE_REMOTE_ACCESS_DENIED;
  }

  userp = aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "",
                  neg_ctx->protocol, encoded);
-
-  if(proxy)
+  if(proxy) {
+    Curl_safefree(conn->allocptr.proxyuserpwd);
    conn->allocptr.proxyuserpwd = userp;
-  else
+  }
+  else {
+    Curl_safefree(conn->allocptr.userpwd);
    conn->allocptr.userpwd = userp;
-  free(encoded);
-  Curl_cleanup_negotiate (conn->data);
+  }
+
+  Curl_safefree(encoded);
+  Curl_cleanup_negotiate(conn->data);
+
  return (userp == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
 }

@@ -353,7 +368,7 @@ static void cleanup(struct negotiatedata *neg_ctx)
  if(neg_ctx->context != GSS_C_NO_CONTEXT)
    gss_delete_sec_context(&minor_status, &neg_ctx->context, GSS_C_NO_BUFFER);

-  if(neg_ctx->output_token.length != 0)
+  if(neg_ctx->output_token.value)
    gss_release_buffer(&minor_status, &neg_ctx->output_token);

  if(neg_ctx->server_name != GSS_C_NO_NAME)
--- a/lib/http_proxy.c
+++ b/lib/http_proxy.c
@@ -356,6 +356,10 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,

                  result = Curl_client_write(conn, writetype, line_start,
                                             perline);
+
+                  data->info.header_size += (long)perline;
+                  data->req.headerbytecount += (long)perline;
+
                  if(result)
                    return result;

@@ -560,6 +564,8 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,

  infof (data, "Proxy replied OK to CONNECT request\n");
  data->req.ignorebody = FALSE; /* put it (back) to non-ignore state */
+  conn->bits.rewindaftersend = FALSE; /* make sure this isn't set for the
+                                         document request  */
  return CURLE_OK;
 }
 #endif /* CURL_DISABLE_PROXY */
--- a/lib/if2ip.c
+++ b/lib/if2ip.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -83,40 +83,63 @@ bool Curl_if_is_interface_name(const char *interf)
  return result;
 }

-char *Curl_if2ip(int af, const char *interf, char *buf, int buf_size)
+if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
+                          const char *interf, char *buf, int buf_size)
 {
  struct ifaddrs *iface, *head;
-  char *ip = NULL;
+  if2ip_result_t res = IF2IP_NOT_FOUND;
+
+#ifndef ENABLE_IPV6
+  (void) remote_scope;
+#endif

  if(getifaddrs(&head) >= 0) {
    for(iface=head; iface != NULL; iface=iface->ifa_next) {
-      if((iface->ifa_addr != NULL) &&
-         (iface->ifa_addr->sa_family == af) &&
-         curl_strequal(iface->ifa_name, interf)) {
-        void *addr;
-        char scope[12]="";
+      if(iface->ifa_addr != NULL) {
+        if(iface->ifa_addr->sa_family == af) {
+          if(curl_strequal(iface->ifa_name, interf)) {
+            void *addr;
+            char *ip;
+            char scope[12]="";
+            char ipstr[64];
 #ifdef ENABLE_IPV6
-        if(af == AF_INET6) {
-          unsigned int scopeid = 0;
-          addr = &((struct sockaddr_in6 *)iface->ifa_addr)->sin6_addr;
+            if(af == AF_INET6) {
+              unsigned int scopeid = 0;
+              addr = &((struct sockaddr_in6 *)iface->ifa_addr)->sin6_addr;
 #ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
-          /* Include the scope of this interface as part of the address */
-          scopeid = ((struct sockaddr_in6 *)iface->ifa_addr)->sin6_scope_id;
+              /* Include the scope of this interface as part of the address */
+              scopeid =
+                ((struct sockaddr_in6 *)iface->ifa_addr)->sin6_scope_id;
 #endif
-          if(scopeid)
-            snprintf(scope, sizeof(scope), "%%%u", scopeid);
+              if(scopeid != remote_scope) {
+                /* We are interested only in interface addresses whose
+                   scope ID matches the remote address we want to
+                   connect to: global (0) for global, link-local for
+                   link-local, etc... */
+                if(res == IF2IP_NOT_FOUND) res = IF2IP_AF_NOT_SUPPORTED;
+                continue;
+              }
+              if(scopeid)
+                snprintf(scope, sizeof(scope), "%%%u", scopeid);
+            }
+            else
+#endif
+              addr = &((struct sockaddr_in *)iface->ifa_addr)->sin_addr;
+            res = IF2IP_FOUND;
+            ip = (char *) Curl_inet_ntop(af, addr, ipstr, sizeof(ipstr));
+            snprintf(buf, buf_size, "%s%s", ip, scope);
+            break;
+          }
+        }
+        else if((res == IF2IP_NOT_FOUND) &&
+                curl_strequal(iface->ifa_name, interf)) {
+          res = IF2IP_AF_NOT_SUPPORTED;
        }
-        else
-#endif
-          addr = &((struct sockaddr_in *)iface->ifa_addr)->sin_addr;
-        ip = (char *) Curl_inet_ntop(af, addr, buf, buf_size);
-        strlcat(buf, scope, buf_size);
-        break;
      }
    }
    freeifaddrs(head);
  }
-  return ip;
+  return res;
 }

 #elif defined(HAVE_IOCTL_SIOCGIFADDR)
@@ -126,30 +149,31 @@ bool Curl_if_is_interface_name(const char *interf)
  /* This is here just to support the old interfaces */
  char buf[256];

-  char *ip = Curl_if2ip(AF_INET, interf, buf, sizeof(buf));
-
-  return (ip != NULL) ? TRUE : FALSE;
+  return (Curl_if2ip(AF_INET, 0, interf, buf, sizeof(buf)) ==
+          IF2IP_NOT_FOUND) ? FALSE : TRUE;
 }

-char *Curl_if2ip(int af, const char *interf, char *buf, int buf_size)
+if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
+                          const char *interf, char *buf, int buf_size)
 {
  struct ifreq req;
  struct in_addr in;
  struct sockaddr_in *s;
  curl_socket_t dummy;
  size_t len;
-  char *ip;
+
+  (void)remote_scope;

  if(!interf || (af != AF_INET))
-    return NULL;
+    return IF2IP_NOT_FOUND;

  len = strlen(interf);
  if(len >= sizeof(req.ifr_name))
-    return NULL;
+    return IF2IP_NOT_FOUND;

  dummy = socket(AF_INET, SOCK_STREAM, 0);
  if(CURL_SOCKET_BAD == dummy)
-    return NULL;
+    return IF2IP_NOT_FOUND;

  memset(&req, 0, sizeof(req));
  memcpy(req.ifr_name, interf, len+1);
@@ -157,15 +181,18 @@ char *Curl_if2ip(int af, const char *interf, char *buf, int buf_size)

  if(ioctl(dummy, SIOCGIFADDR, &req) < 0) {
    sclose(dummy);
-    return NULL;
+    /* With SIOCGIFADDR, we cannot tell the difference between an interface
+       that does not exist and an interface that has no address of the
+       correct family. Assume the interface does not exist */
+    return IF2IP_NOT_FOUND;
  }

  s = (struct sockaddr_in *)&req.ifr_addr;
  memcpy(&in, &s->sin_addr, sizeof(in));
-  ip = (char *) Curl_inet_ntop(s->sin_family, &in, buf, buf_size);
+  Curl_inet_ntop(s->sin_family, &in, buf, buf_size);

  sclose(dummy);
-  return ip;
+  return IF2IP_FOUND;
 }

 #else
@@ -177,13 +204,15 @@ bool Curl_if_is_interface_name(const char *interf)
  return FALSE;
 }

-char *Curl_if2ip(int af, const char *interf, char *buf, int buf_size)
+if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
+                          const char *interf, char *buf, int buf_size)
 {
    (void) af;
+    (void) remote_scope;
    (void) interf;
    (void) buf;
    (void) buf_size;
-    return NULL;
+    return IF2IP_NOT_FOUND;
 }

 #endif
--- a/lib/if2ip.h
+++ b/lib/if2ip.h
@@ -24,7 +24,15 @@
 #include "curl_setup.h"

 bool Curl_if_is_interface_name(const char *interf);
-char *Curl_if2ip(int af, const char *interf, char *buf, int buf_size);
+
+typedef enum {
+  IF2IP_NOT_FOUND = 0, /* Interface not found */
+  IF2IP_AF_NOT_SUPPORTED = 1, /* Int. exists but has no address for this af */
+  IF2IP_FOUND = 2 /* The address has been stored in "buf" */
+} if2ip_result_t;
+
+if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
+                          const char *interf, char *buf, int buf_size);

 #ifdef __INTERIX

--- a/lib/imap.c
+++ b/lib/imap.c
--- a/lib/imap.h
+++ b/lib/imap.h
@@ -31,10 +31,10 @@ typedef enum {
  IMAP_STOP,         /* do nothing state, stops the state machine */
  IMAP_SERVERGREET,  /* waiting for the initial greeting immediately after
                        a connect */
+  IMAP_CAPABILITY,
  IMAP_STARTTLS,
  IMAP_UPGRADETLS,   /* asynchronously upgrade the connection to SSL/TLS
                       (multi mode only) */
-  IMAP_CAPABILITY,
  IMAP_AUTHENTICATE_PLAIN,
  IMAP_AUTHENTICATE_LOGIN,
  IMAP_AUTHENTICATE_LOGIN_PASSWD,
@@ -43,26 +43,47 @@ typedef enum {
  IMAP_AUTHENTICATE_DIGESTMD5_RESP,
  IMAP_AUTHENTICATE_NTLM,
  IMAP_AUTHENTICATE_NTLM_TYPE2MSG,
-  IMAP_AUTHENTICATE,
+  IMAP_AUTHENTICATE_FINAL,
  IMAP_LOGIN,
+  IMAP_LIST,
  IMAP_SELECT,
  IMAP_FETCH,
+  IMAP_FETCH_FINAL,
+  IMAP_APPEND,
+  IMAP_APPEND_FINAL,
  IMAP_LOGOUT,
  IMAP_LAST          /* never used */
 } imapstate;

+/* This IMAP struct is used in the SessionHandle. All IMAP data that is
+   connection-oriented must be in imap_conn to properly deal with the fact that
+   perhaps the SessionHandle is changed between the times the connection is
+   used. */
+struct IMAP {
+  curl_pp_transfer transfer;
+  char *mailbox;          /* Mailbox to select */
+  char *uidvalidity;      /* UIDVALIDITY to check in select */
+  char *uid;              /* Message UID to fetch */
+  char *section;          /* Message SECTION to fetch */
+  char *custom;           /* Custom request */
+  char *custom_params;    /* Parameters for the custom request */
+};
+
 /* imap_conn is used for struct connection-oriented data in the connectdata
   struct */
 struct imap_conn {
  struct pingpong pp;
-  char *mailbox;          /* Mailbox to select */
-  unsigned int authmechs; /* Accepted authentication mechanisms */
-  unsigned int authused;  /* Auth mechanism used for the connection */
-  imapstate state;        /* Always use imap.c:state() to change state! */
-  int cmdid;              /* Next command ID */
-  const char *idstr;      /* String based response ID to wait for */
-  bool ssldone;           /* Is connect() over SSL done? */
-  bool login_disabled;    /* LOGIN command explicitly disabled by server */
+  imapstate state;            /* Always use imap.c:state() to change state! */
+  bool ssldone;               /* Is connect() over SSL done? */
+  unsigned int authmechs;     /* Accepted authentication mechanisms */
+  unsigned int authused;      /* Auth mechanism used for the connection */
+  int cmdid;                  /* Last used command ID */
+  char resptag[5];            /* Response tag to wait for */
+  bool tls_supported;         /* StartTLS capability supported by server */
+  bool login_disabled;        /* LOGIN command disabled by server */
+  bool ir_supported;          /* Initial response supported by server */
+  char *mailbox;              /* The last selected mailbox */
+  char *mailbox_uidvalidity;  /* UIDVALIDITY parsed from select response */
 };

 extern const struct Curl_handler Curl_handler_imap;
--- a/lib/libcurl.plist
+++ b/lib/libcurl.plist
@@ -12,7 +12,7 @@
 	<string>curl</string>

 	<key>CFBundleIdentifier</key>
-	<string>com.libcurl.libcurl</string>
+	<string>se.haxx.curl.libcurl</string>

 	<key>CFBundleVersion</key>
 	<string>7.12.3</string>
--- a/lib/libcurl.vers.in
+++ b/lib/libcurl.vers.in
@@ -6,7 +6,7 @@ HIDDEN
    _save*;
 };

-CURL_@VERSIONED_FLAVOUR@4
+CURL_@CURL_LT_SHLIB_VERSIONED_FLAVOUR@4
 {
  global: curl_*;
  local: *;
--- a/lib/memdebug.c
+++ b/lib/memdebug.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -239,6 +239,32 @@ char *curl_dostrdup(const char *str, int line, const char *source)
  return mem;
 }

+#ifdef WIN32
+wchar_t *curl_dowcsdup(const wchar_t *str, int line, const char *source)
+{
+  wchar_t *mem;
+  size_t wsiz, bsiz;
+
+  assert(str != NULL);
+
+  if(countcheck("wcsdup", line, source))
+    return NULL;
+
+  wsiz = wcslen(str) + 1;
+  bsiz = wsiz * sizeof(wchar_t);
+
+  mem = curl_domalloc(bsiz, 0, NULL); /* NULL prevents logging */
+  if(mem)
+    memcpy(mem, str, bsiz);
+
+  if(source)
+    curl_memlog("MEM %s:%d wcsdup(%p) (%zu) = %p\n",
+                source, line, str, bsiz, mem);
+
+  return mem;
+}
+#endif
+
 /* We provide a realloc() that accepts a NULL as pointer, which then
   performs a malloc(). In order to work with ares. */
 void *curl_dorealloc(void *ptr, size_t wantedsize,
--- a/lib/memdebug.h
+++ b/lib/memdebug.h
@@ -8,7 +8,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -46,6 +46,11 @@ CURL_EXTERN void *curl_dorealloc(void *ptr, size_t size, int line,
                                 const char *source);
 CURL_EXTERN void curl_dofree(void *ptr, int line, const char *source);
 CURL_EXTERN char *curl_dostrdup(const char *str, int line, const char *source);
+#ifdef WIN32
+CURL_EXTERN wchar_t *curl_dowcsdup(const wchar_t *str, int line,
+                                   const char *source);
+#endif
+
 CURL_EXTERN void curl_memdebug(const char *logname);
 CURL_EXTERN void curl_memlimit(long limit);
 CURL_EXTERN void curl_memlog(const char *format, ...);
@@ -84,6 +89,19 @@ CURL_EXTERN int curl_fclose(FILE *file, int line, const char *source);
 #define realloc(ptr,size) curl_dorealloc(ptr, size, __LINE__, __FILE__)
 #define free(ptr) curl_dofree(ptr, __LINE__, __FILE__)

+#ifdef WIN32
+#  undef wcsdup
+#  define wcsdup(ptr) curl_dowcsdup(ptr, __LINE__, __FILE__)
+#  undef _wcsdup
+#  define _wcsdup(ptr) curl_dowcsdup(ptr, __LINE__, __FILE__)
+#  undef _tcsdup
+#  ifdef UNICODE
+#    define _tcsdup(ptr) curl_dowcsdup(ptr, __LINE__, __FILE__)
+#  else
+#    define _tcsdup(ptr) curl_dostrdup(ptr, __LINE__, __FILE__)
+#  endif
+#endif
+
 #define socket(domain,type,protocol)\
 curl_socket(domain,type,protocol,__LINE__,__FILE__)
 #undef accept /* for those with accept as a macro */
--- a/lib/mk-ca-bundle.pl
+++ b/lib/mk-ca-bundle.pl
@@ -34,15 +34,19 @@ use Getopt::Std;
 use MIME::Base64;
 use LWP::UserAgent;
 use strict;
-use vars qw($opt_b $opt_f $opt_h $opt_i $opt_l $opt_n $opt_q $opt_t $opt_u $opt_v);
+use vars qw($opt_b $opt_f $opt_h $opt_i $opt_l $opt_n $opt_q $opt_t $opt_u $opt_v $opt_w);

 my $url = 'http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1';
 # If the OpenSSL commandline is not in search path you can configure it here!
 my $openssl = 'openssl';

-my $version = '1.17';
+my $version = '1.18';

-getopts('bfhilnqtuv');
+$opt_w = 76; # default base64 encoded lines length
+
+$0 =~ s@.*(/|\\)@@;
+$Getopt::Std::STANDARD_HELP_VERSION = 1;
+getopts('bfhilnqtuvw:');

 if ($opt_i) {
  print ("=" x 78 . "\n");
@@ -56,9 +60,8 @@ if ($opt_i) {
  print ("=" x 78 . "\n");
 }

-$0 =~ s@.*(/|\\)@@;
-if ($opt_h) {
-  printf("Usage:\t%s [-b] [-f] [-i] [-l] [-n] [-q] [-t] [-u] [-v] [<outputfile>]\n", $0);
+sub HELP_MESSAGE() {
+  print "Usage:\t${0} [-b] [-f] [-i] [-l] [-n] [-q] [-t] [-u] [-v] [-w<l>] [<outputfile>]\n";
  print "\t-b\tbackup an existing version of ca-bundle.crt\n";
  print "\t-f\tforce rebuild even if certdata.txt is current\n";
  print "\t-i\tprint version info about used modules\n";
@@ -68,9 +71,16 @@ if ($opt_h) {
  print "\t-t\tinclude plain text listing of certificates\n";
  print "\t-u\tunlink (remove) certdata.txt after processing\n";
  print "\t-v\tbe verbose and print out processed CAs\n";
+  print "\t-w <l>\twrap base64 output lines after <l> chars (default: ${opt_w})\n";
  exit;
 }

+sub VERSION_MESSAGE() {
+  print "${0} version ${version} running Perl ${]} on ${^O}\n";
+}
+
+HELP_MESSAGE() if ($opt_h);
+
 my $crt = $ARGV[0] || 'ca-bundle.crt';
 (my $txt = $url) =~ s@(.*/|\?.*)@@g;

@@ -114,7 +124,7 @@ print CRT <<EOT;
 ## This is a bundle of X.509 certificates of public Certificate Authorities
 ## (CA). These were automatically extracted from Mozilla's root certificates
 ## file (certdata.txt).  This file can be found in the mozilla source tree:
-## $url
+## ${url}
 ##
 ## It contains the certificates in ${format}PEM format and therefore
 ## can be directly used with curl / libcurl / php_curl, or with
@@ -182,18 +192,27 @@ while (<TXT>) {
    if ($untrusted) {
      $skipnum ++;
    } else {
+      my $encoded = MIME::Base64::encode_base64($data, '');
+      $encoded =~ s/(.{1,${opt_w}})/$1\n/g;
      my $pem = "-----BEGIN CERTIFICATE-----\n"
-              . MIME::Base64::encode($data)
+              . $encoded
              . "-----END CERTIFICATE-----\n";
      print CRT "\n$caname\n";
      print CRT ("=" x length($caname) . "\n");
      if (!$opt_t) {
        print CRT $pem;
-      }
-      if ($opt_t) {
-        open(TMP, "|$openssl x509 -md5 -fingerprint -text -inform PEM >> $crt") or die "Couldn't open openssl pipe: $!\n";
+      } else {
+        my $pipe = "|$openssl x509 -md5 -fingerprint -text -inform PEM";
+        if (!$stdout) {
+          $pipe .= " >> $crt.~";
+          close(CRT) or die "Couldn't close $crt.~: $!";
+        }
+        open(TMP, $pipe) or die "Couldn't open openssl pipe: $!";
        print TMP $pem;
-        close(TMP) or die "Couldn't close openssl pipe: $!\n";
+        close(TMP) or die "Couldn't close openssl pipe: $!";
+        if (!$stdout) {
+          open(CRT, ">>$crt.~") or die "Couldn't open $crt.~: $!";
+        }
      }
      print STDERR "Parsing: $caname\n" if ($opt_v);
      $certnum ++;
--- a/lib/mk-ca-bundle.vbs
+++ b/lib/mk-ca-bundle.vbs
@@ -5,7 +5,7 @@
 '*                            | (__| |_| |  _ <| |___
 '*                             \___|\___/|_| \_\_____|
 '*
-'* Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+'* Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 '*
 '* This software is licensed as described in the file COPYING, which
 '* you should have received as part of this distribution. The terms
@@ -26,7 +26,7 @@
 '* Hacked by Guenter Knauf
 '***************************************************************************
 Option Explicit
-Const myVersion = "0.3.6"
+Const myVersion = "0.3.7"

 Const myUrl = "http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1"

@@ -36,6 +36,7 @@ Const myCdSavF = FALSE       ' Flag: save downloaded data to file certdata.txt
 Const myCaBakF = TRUE        ' Flag: backup existing ca-bundle certificate
 Const myAskLiF = TRUE        ' Flag: display certdata.txt license agreement
 Const myAskTiF = TRUE        ' Flag: ask to include certificate text info
+Const myWrapLe = 76          ' Default length of base64 output lines

 '******************* Nothing to configure below! *******************
 Dim objShell, objNetwork, objFSO, objHttp
@@ -239,7 +240,8 @@ End Function

 Function Base64Encode(inData)
  Const Base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
-  Dim cOut, sOut, I
+  Dim cOut, sOut, lWrap, I
+  lWrap = Int(myWrapLe * 3 / 4)

  'For each group of 3 bytes
  For I = 1 To Len(inData) Step 3
@@ -265,9 +267,9 @@ Function Base64Encode(inData)
    'Add the part To OutPut string
    sOut = sOut + pOut

-    'Add a new line For Each 76 chars In dest (76*3/4 = 57)
+    'Add a new line For Each myWrapLe chars In dest
    If (I < Len(inData) - 2) Then
-      If (I + 2) Mod 57 = 0 Then sOut = sOut & vbLf
+      If (I + 2) Mod lWrap = 0 Then sOut = sOut & vbLf
    End If
  Next
  Select Case Len(inData) Mod 3
--- a/lib/mprintf.c
+++ b/lib/mprintf.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1999 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1999 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -203,101 +203,6 @@ static int dprintf_IsQualifierNoDollar(char c)
  }
 }

-#ifdef DPRINTF_DEBUG2
-static void dprintf_Pass1Report(va_stack_t *vto, int max)
-{
-  int i;
-  char buffer[256];
-  int bit;
-  int flags;
-
-  for(i=0; i<max; i++) {
-    char *type;
-    switch(vto[i].type) {
-    case FORMAT_UNKNOWN:
-      type = "unknown";
-      break;
-    case FORMAT_STRING:
-      type ="string";
-      break;
-    case FORMAT_PTR:
-      type ="pointer";
-      break;
-    case FORMAT_INT:
-      type = "int";
-      break;
-    case FORMAT_INTPTR:
-      type = "intptr";
-      break;
-    case FORMAT_LONG:
-      type = "long";
-      break;
-    case FORMAT_LONGLONG:
-      type = "long long";
-      break;
-    case FORMAT_DOUBLE:
-      type = "double";
-      break;
-    case FORMAT_LONGDOUBLE:
-      type = "long double";
-      break;
-    }
-
-
-    buffer[0]=0;
-
-    for(bit=0; bit<31; bit++) {
-      flags = vto[i].flags & (1<<bit);
-
-      if(flags & FLAGS_SPACE)
-        strcat(buffer, "space ");
-      else if(flags & FLAGS_SHOWSIGN)
-        strcat(buffer, "plus ");
-      else if(flags & FLAGS_LEFT)
-        strcat(buffer, "left ");
-      else if(flags & FLAGS_ALT)
-        strcat(buffer, "alt ");
-      else if(flags & FLAGS_SHORT)
-        strcat(buffer, "short ");
-      else if(flags & FLAGS_LONG)
-        strcat(buffer, "long ");
-      else if(flags & FLAGS_LONGLONG)
-        strcat(buffer, "longlong ");
-      else if(flags & FLAGS_LONGDOUBLE)
-        strcat(buffer, "longdouble ");
-      else if(flags & FLAGS_PAD_NIL)
-        strcat(buffer, "padnil ");
-      else if(flags & FLAGS_UNSIGNED)
-        strcat(buffer, "unsigned ");
-      else if(flags & FLAGS_OCTAL)
-        strcat(buffer, "octal ");
-      else if(flags & FLAGS_HEX)
-        strcat(buffer, "hex ");
-      else if(flags & FLAGS_UPPER)
-        strcat(buffer, "upper ");
-      else if(flags & FLAGS_WIDTH)
-        strcat(buffer, "width ");
-      else if(flags & FLAGS_WIDTHPARAM)
-        strcat(buffer, "widthparam ");
-      else if(flags & FLAGS_PREC)
-        strcat(buffer, "precision ");
-      else if(flags & FLAGS_PRECPARAM)
-        strcat(buffer, "precparam ");
-      else if(flags & FLAGS_CHAR)
-        strcat(buffer, "char ");
-      else if(flags & FLAGS_FLOATE)
-        strcat(buffer, "floate ");
-      else if(flags & FLAGS_FLOATG)
-        strcat(buffer, "floatg ");
-    }
-    printf("REPORT: %d. %s [%s]\n", i, type, buffer);
-
-  }
-
-
-}
-#endif
-
 /******************************************************************
 *
 * Pass 1:
@@ -537,10 +442,6 @@ static long dprintf_Pass1(const char *format, va_stack_t *vto, char **endpos,
    }
  }

-#ifdef DPRINTF_DEBUG2
-  dprintf_Pass1Report(vto, max_param);
-#endif
-
  /* Read the arg list parameters into our data list */
  for(i=0; i<max_param; i++) {
    if((i + 1 < max_param) && (vto[i + 1].type == FORMAT_WIDTH)) {
@@ -919,7 +820,7 @@ static int dprintf_formatf(
    case FORMAT_DOUBLE:
      {
        char formatbuf[32]="%";
-        char *fptr;
+        char *fptr = &formatbuf[1];
        size_t left = sizeof(formatbuf)-strlen(formatbuf);
        int len;

@@ -936,15 +837,15 @@ static int dprintf_formatf(
          prec = (long)vto[p->precision].data.num.as_signed;

        if(p->flags & FLAGS_LEFT)
-          strcat(formatbuf, "-");
+          *fptr++ = '-';
        if(p->flags & FLAGS_SHOWSIGN)
-          strcat(formatbuf, "+");
+          *fptr++ = '+';
        if(p->flags & FLAGS_SPACE)
-          strcat(formatbuf, " ");
+          *fptr++ = ' ';
        if(p->flags & FLAGS_ALT)
-          strcat(formatbuf, "#");
+          *fptr++ = '#';

-        fptr=&formatbuf[strlen(formatbuf)];
+        *fptr = 0;

        if(width >= 0) {
          /* RECURSIVE USAGE */
@@ -969,8 +870,8 @@ static int dprintf_formatf(

        *fptr = 0; /* and a final zero termination */

-        /* NOTE NOTE NOTE!! Not all sprintf() implementations returns number
-           of output characters */
+        /* NOTE NOTE NOTE!! Not all sprintf implementations return number of
+           output characters */
        (sprintf)(work, formatbuf, p->data.dnum);

        for(fptr=work; *fptr; fptr++)
--- a/lib/msvcproj.head
+++ b/lib/msvcproj.head
@@ -1,147 +0,0 @@
-# Microsoft Developer Studio Project File - Name="libcurl" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
-# TARGTYPE "Win32 (x86) Static Library" 0x0104
-
-CFG=libcurl - Win32 LIB Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "libcurl.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "libcurl.mak" CFG="libcurl - Win32 LIB Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "libcurl - Win32 DLL Debug" (based on "Win32 (x86) Dynamic-Link Library")
-!MESSAGE "libcurl - Win32 DLL Release" (based on "Win32 (x86) Dynamic-Link Library")
-!MESSAGE "libcurl - Win32 LIB Debug" (based on "Win32 (x86) Static Library")
-!MESSAGE "libcurl - Win32 LIB Release" (based on "Win32 (x86) Static Library")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-
-!IF  "$(CFG)" == "libcurl - Win32 DLL Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "DLL-Debug"
-# PROP BASE Intermediate_Dir "DLL-Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "DLL-Debug"
-# PROP Intermediate_Dir "DLL-Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-CPP=cl.exe
-# ADD BASE CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "." /I "..\include" /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "BUILDING_LIBCURL" /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /Zi /Od /I "." /I "..\include" /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "BUILDING_LIBCURL" /FD /GZ /c
-MTL=midl.exe
-# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-RSC=rc.exe
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib ws2_32.lib wldap32.lib advapi32.lib /nologo /dll /incremental:no /map /debug /machine:I386 /out:"DLL-Debug/libcurld.dll" /implib:"DLL-Debug/libcurld_imp.lib" /pdbtype:sept
-# ADD LINK32 kernel32.lib ws2_32.lib wldap32.lib advapi32.lib /nologo /dll /incremental:no /map /debug /machine:I386 /out:"DLL-Debug/libcurld.dll" /implib:"DLL-Debug/libcurld_imp.lib" /pdbtype:sept
-
-!ELSEIF  "$(CFG)" == "libcurl - Win32 DLL Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "DLL-Release"
-# PROP BASE Intermediate_Dir "DLL-Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "DLL-Release"
-# PROP Intermediate_Dir "DLL-Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-CPP=cl.exe
-# ADD BASE CPP /nologo /MD /W3 /GX /O2 /I "." /I "..\include" /D "WIN32" /D "NDEBUG" /D "_MBCS" /D "BUILDING_LIBCURL" /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "." /I "..\include" /D "WIN32" /D "NDEBUG" /D "_MBCS" /D "BUILDING_LIBCURL" /FD /c
-MTL=midl.exe
-# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-RSC=rc.exe
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib ws2_32.lib wldap32.lib advapi32.lib /nologo /dll /pdb:none /machine:I386 /out:"DLL-Release/libcurl.dll" /implib:"DLL-Release/libcurl_imp.lib"
-# ADD LINK32 kernel32.lib ws2_32.lib wldap32.lib advapi32.lib /nologo /dll /pdb:none /machine:I386 /out:"DLL-Release/libcurl.dll" /implib:"DLL-Release/libcurl_imp.lib"
-
-!ELSEIF  "$(CFG)" == "libcurl - Win32 LIB Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "LIB-Debug"
-# PROP BASE Intermediate_Dir "LIB-Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "LIB-Debug"
-# PROP Intermediate_Dir "LIB-Debug"
-# PROP Target_Dir ""
-CPP=cl.exe
-# ADD BASE CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "." /I "..\include" /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "BUILDING_LIBCURL" /D "CURL_STATICLIB" /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /Zi /Od /I "." /I "..\include" /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "BUILDING_LIBCURL" /D "CURL_STATICLIB" /FD /GZ /c
-RSC=rc.exe
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LIB32=link.exe -lib
-# ADD BASE LIB32 /nologo /out:"LIB-Debug/libcurld.lib" /machine:I386
-# ADD LIB32 /nologo /out:"LIB-Debug/libcurld.lib" /machine:I386
-
-!ELSEIF  "$(CFG)" == "libcurl - Win32 LIB Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "LIB-Release"
-# PROP BASE Intermediate_Dir "LIB-Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "LIB-Release"
-# PROP Intermediate_Dir "LIB-Release"
-# PROP Target_Dir ""
-CPP=cl.exe
-# ADD BASE CPP /nologo /MD /W3 /GX /O2 /I "." /I "..\include" /D "WIN32" /D "NDEBUG" /D "_MBCS" /D "BUILDING_LIBCURL" /D "CURL_STATICLIB" /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "." /I "..\include" /D "WIN32" /D "NDEBUG" /D "_MBCS" /D "BUILDING_LIBCURL" /D "CURL_STATICLIB" /FD /c
-RSC=rc.exe
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LIB32=link.exe -lib
-# ADD BASE LIB32 /nologo /out:"LIB-Release/libcurl.lib" /machine:I386
-# ADD LIB32 /nologo /out:"LIB-Release/libcurl.lib" /machine:I386
-
-!ENDIF 
-
-# Begin Target
-
-# Name "libcurl - Win32 DLL Debug"
-# Name "libcurl - Win32 DLL Release"
-# Name "libcurl - Win32 LIB Debug"
-# Name "libcurl - Win32 LIB Release"
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -40,6 +40,7 @@
 #include "conncache.h"
 #include "bundles.h"
 #include "multihandle.h"
+#include "pipeline.h"

 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -69,13 +70,6 @@ static void singlesocket(struct Curl_multi *multi,
                         struct Curl_one_easy *easy);
 static int update_timer(struct Curl_multi *multi);

-static CURLcode addHandleToSendOrPendPipeline(struct SessionHandle *handle,
-                                              struct connectdata *conn);
-static int checkPendPipeline(struct connectdata *conn);
-static void moveHandleFromSendToRecvPipeline(struct SessionHandle *handle,
-                                             struct connectdata *conn);
-static void moveHandleFromRecvToDonePipeline(struct SessionHandle *handle,
-                                             struct connectdata *conn);
 static bool isHandleAtHead(struct SessionHandle *handle,
                           struct curl_llist *pipeline);
 static CURLMcode add_next_timeout(struct timeval now,
@@ -85,6 +79,7 @@ static CURLMcode add_next_timeout(struct timeval now,
 #ifdef DEBUGBUILD
 static const char * const statename[]={
  "INIT",
+  "CONNECT_PEND",
  "CONNECT",
  "WAITRESOLVE",
  "WAITCONNECT",
@@ -125,9 +120,9 @@ static void mstate(struct Curl_one_easy *easy, CURLMstate state
  easy->state = state;

 #ifdef DEBUGBUILD
-  if(easy->easy_conn) {
-    if(easy->state > CURLM_STATE_CONNECT &&
-       easy->state < CURLM_STATE_COMPLETED)
+  if(easy->state >= CURLM_STATE_CONNECT_PEND &&
+     easy->state < CURLM_STATE_COMPLETED) {
+    if(easy->easy_conn)
      connection_id = easy->easy_conn->connection_id;

    infof(easy->easy_handle,
@@ -218,16 +213,16 @@ static void sh_freeentry(void *freethis)
    free(p);
 }

-static size_t fd_key_compare(void*k1, size_t k1_len, void*k2, size_t k2_len)
+static size_t fd_key_compare(void *k1, size_t k1_len, void *k2, size_t k2_len)
 {
  (void) k1_len; (void) k2_len;

-  return (*((int* ) k1)) == (*((int* ) k2));
+  return (*((int *) k1)) == (*((int *) k2));
 }

-static size_t hash_fd(void* key, size_t key_length, size_t slots_num)
+static size_t hash_fd(void *key, size_t key_length, size_t slots_num)
 {
-  int fd = * ((int* ) key);
+  int fd = *((int *) key);
  (void) key_length;

  return (fd % (int)slots_num);
@@ -314,6 +309,7 @@ CURLM *curl_multi_init(void)
  multi->easy.next = &multi->easy;
  multi->easy.prev = &multi->easy;

+  multi->max_pipeline_length = 5;
  return (CURLM *) multi;

  error:
@@ -580,7 +576,7 @@ CURLMcode curl_multi_remove_handle(CURLM *multi_handle,

    /* as this was using a shared connection cache we clear the pointer
       to that since we're not part of that multi handle anymore */
-    easy->easy_handle->state.conn_cache = NULL;
+      easy->easy_handle->state.conn_cache = NULL;

    /* change state without using multistate(), only to make singlesocket() do
       what we want */
@@ -638,9 +634,9 @@ CURLMcode curl_multi_remove_handle(CURLM *multi_handle,
    return CURLM_BAD_EASY_HANDLE; /* twasn't found */
 }

-bool Curl_multi_canPipeline(const struct Curl_multi* multi)
+bool Curl_multi_pipeline_enabled(const struct Curl_multi *multi)
 {
-  return multi->pipelining_enabled;
+  return (multi && multi->pipelining_enabled) ? TRUE : FALSE;
 }

 void Curl_multi_handlePipeBreak(struct SessionHandle *data)
@@ -802,7 +798,8 @@ CURLMcode curl_multi_wait(CURLM *multi_handle,
  curl_socket_t sockbunch[MAX_SOCKSPEREASYHANDLE];
  int bitmap;
  unsigned int i;
-  unsigned int nfds = extra_nfds;
+  unsigned int nfds = 0;
+  unsigned int curlfds;
  struct pollfd *ufds = NULL;

  if(!GOOD_MULTI_HANDLE(multi))
@@ -832,6 +829,9 @@ CURLMcode curl_multi_wait(CURLM *multi_handle,
    easy = easy->next; /* check next handle */
  }

+  curlfds = nfds; /* number of internal file descriptors */
+  nfds += extra_nfds; /* add the externally provided ones */
+
  if(nfds) {
    ufds = malloc(nfds * sizeof(struct pollfd));
    if(!ufds)
@@ -839,32 +839,37 @@ CURLMcode curl_multi_wait(CURLM *multi_handle,
  }
  nfds = 0;

-  /* Add the curl handles to our pollfds first */
-  easy=multi->easy.next;
-  while(easy != &multi->easy) {
-    bitmap = multi_getsock(easy, sockbunch, MAX_SOCKSPEREASYHANDLE);
+  /* only do the second loop if we found descriptors in the first stage run
+     above */

-    for(i=0; i< MAX_SOCKSPEREASYHANDLE; i++) {
-      curl_socket_t s = CURL_SOCKET_BAD;
+  if(curlfds) {
+    /* Add the curl handles to our pollfds first */
+    easy=multi->easy.next;
+    while(easy != &multi->easy) {
+      bitmap = multi_getsock(easy, sockbunch, MAX_SOCKSPEREASYHANDLE);

-      if(bitmap & GETSOCK_READSOCK(i)) {
-        ufds[nfds].fd = sockbunch[i];
-        ufds[nfds].events = POLLIN;
-        ++nfds;
-        s = sockbunch[i];
-      }
-      if(bitmap & GETSOCK_WRITESOCK(i)) {
-        ufds[nfds].fd = sockbunch[i];
-        ufds[nfds].events = POLLOUT;
-        ++nfds;
-        s = sockbunch[i];
-      }
-      if(s == CURL_SOCKET_BAD) {
-        break;
+      for(i=0; i< MAX_SOCKSPEREASYHANDLE; i++) {
+        curl_socket_t s = CURL_SOCKET_BAD;
+
+        if(bitmap & GETSOCK_READSOCK(i)) {
+          ufds[nfds].fd = sockbunch[i];
+          ufds[nfds].events = POLLIN;
+          ++nfds;
+          s = sockbunch[i];
+        }
+        if(bitmap & GETSOCK_WRITESOCK(i)) {
+          ufds[nfds].fd = sockbunch[i];
+          ufds[nfds].events = POLLOUT;
+          ++nfds;
+          s = sockbunch[i];
+        }
+        if(s == CURL_SOCKET_BAD) {
+          break;
+        }
      }
+
+      easy = easy->next; /* check next handle */
    }
-
-    easy = easy->next; /* check next handle */
  }

  /* Add external file descriptions from poll-like struct curl_waitfd */
@@ -998,16 +1003,27 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
      }
      break;

+    case CURLM_STATE_CONNECT_PEND:
+      /* We will stay here until there is a connection available. Then
+         we try again in the CURLM_STATE_CONNECT state. */
+      break;
+
    case CURLM_STATE_CONNECT:
-      /* Connect. We get a connection identifier filled in. */
+      /* Connect. We want to get a connection identifier filled in. */
      Curl_pgrsTime(data, TIMER_STARTSINGLE);
      easy->result = Curl_connect(data, &easy->easy_conn,
                                  &async, &protocol_connect);
+      if(CURLE_NO_CONNECTION_AVAILABLE == easy->result) {
+        /* There was no connection available. We will go to the pending
+           state and wait for an available connection. */
+        multistate(easy, CURLM_STATE_CONNECT_PEND);
+        easy->result = CURLE_OK;
+        break;
+      }

      if(CURLE_OK == easy->result) {
        /* Add this handle to the send or pend pipeline */
-        easy->result = addHandleToSendOrPendPipeline(data,
-                                                     easy->easy_conn);
+        easy->result = Curl_add_handle_to_pipeline(data, easy->easy_conn);
        if(CURLE_OK != easy->result)
          disconnect_conn = TRUE;
        else {
@@ -1202,8 +1218,9 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
      }
      else {
        /* Perform the protocol's DO action */
-        easy->result = Curl_do(&easy->easy_conn,
-                               &dophase_done);
+        easy->result = Curl_do(&easy->easy_conn, &dophase_done);
+
+        /* When Curl_do() returns failure, easy->easy_conn might be NULL! */

        if(CURLE_OK == easy->result) {
          if(!dophase_done) {
@@ -1292,7 +1309,8 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
        else {
          /* failure detected */
          Curl_posttransfer(data);
-          Curl_done(&easy->easy_conn, easy->result, FALSE);
+          if(easy->easy_conn)
+            Curl_done(&easy->easy_conn, easy->result, FALSE);
          disconnect_conn = TRUE;
        }
      }
@@ -1346,9 +1364,9 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,

    case CURLM_STATE_DO_DONE:
      /* Move ourselves from the send to recv pipeline */
-      moveHandleFromSendToRecvPipeline(data, easy->easy_conn);
+      Curl_move_handle_from_send_to_recv_pipe(data, easy->easy_conn);
      /* Check if we can move pending requests to send pipe */
-      checkPendPipeline(easy->easy_conn);
+      Curl_multi_process_pending_handles(multi);
      multistate(easy, CURLM_STATE_WAITPERFORM);
      result = CURLM_CALL_MULTI_PERFORM;
      break;
@@ -1480,15 +1498,14 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
        Curl_posttransfer(data);

        /* we're no longer receiving */
-        moveHandleFromRecvToDonePipeline(data,
-                                         easy->easy_conn);
+        Curl_removeHandleFromPipeline(data, easy->easy_conn->recv_pipe);

        /* expire the new receiving pipeline head */
        if(easy->easy_conn->recv_pipe->head)
          Curl_expire(easy->easy_conn->recv_pipe->head->ptr, 1);

        /* Check if we can move pending requests to send pipe */
-        checkPendPipeline(easy->easy_conn);
+        Curl_multi_process_pending_handles(multi);

        /* When we follow redirects or is set to retry the connection, we must
           to go back to the CONNECT state */
@@ -1543,14 +1560,11 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
    case CURLM_STATE_DONE:

      if(easy->easy_conn) {
-        /* Remove ourselves from the receive and done pipelines. Handle
-           should be on one of these lists, depending upon how we got here. */
+        /* Remove ourselves from the receive pipeline, if we are there. */
        Curl_removeHandleFromPipeline(data,
                                      easy->easy_conn->recv_pipe);
-        Curl_removeHandleFromPipeline(data,
-                                      easy->easy_conn->done_pipe);
        /* Check if we can move pending requests to send pipe */
-        checkPendPipeline(easy->easy_conn);
+        Curl_multi_process_pending_handles(multi);

        if(easy->easy_conn->bits.stream_was_rewound) {
          /* This request read past its response boundary so we quickly let
@@ -1627,10 +1641,8 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
                                        easy->easy_conn->send_pipe);
          Curl_removeHandleFromPipeline(data,
                                        easy->easy_conn->recv_pipe);
-          Curl_removeHandleFromPipeline(data,
-                                        easy->easy_conn->done_pipe);
          /* Check if we can move pending requests to send pipe */
-          checkPendPipeline(easy->easy_conn);
+          Curl_multi_process_pending_handles(multi);

          if(disconnect_conn) {
            /* disconnect properly */
@@ -1773,11 +1785,13 @@ CURLMcode curl_multi_cleanup(CURLM *multi_handle)
    /* Close all the connections in the connection cache */
    close_all_connections(multi);

-    multi->closure_handle->dns.hostcache = multi->hostcache;
-    Curl_hostcache_clean(multi->closure_handle);
+    if(multi->closure_handle) {
+      multi->closure_handle->dns.hostcache = multi->hostcache;
+      Curl_hostcache_clean(multi->closure_handle);

-    Curl_close(multi->closure_handle);
-    multi->closure_handle = NULL;
+      Curl_close(multi->closure_handle);
+      multi->closure_handle = NULL;
+    }

    Curl_hash_destroy(multi->sockhash);
    multi->sockhash = NULL;
@@ -1812,6 +1826,10 @@ CURLMcode curl_multi_cleanup(CURLM *multi_handle)
    Curl_hash_destroy(multi->hostcache);
    multi->hostcache = NULL;

+    /* Free the blacklists by setting them to NULL */
+    Curl_pipeline_set_site_blacklist(NULL, &multi->pipelining_site_bl);
+    Curl_pipeline_set_server_blacklist(NULL, &multi->pipelining_server_bl);
+
    free(multi);

    return CURLM_OK;
@@ -2229,6 +2247,29 @@ CURLMcode curl_multi_setopt(CURLM *multi_handle,
  case CURLMOPT_MAXCONNECTS:
    multi->maxconnects = va_arg(param, long);
    break;
+  case CURLMOPT_MAX_HOST_CONNECTIONS:
+    multi->max_host_connections = va_arg(param, long);
+    break;
+  case CURLMOPT_MAX_PIPELINE_LENGTH:
+    multi->max_pipeline_length = va_arg(param, long);
+    break;
+  case CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE:
+    multi->content_length_penalty_size = va_arg(param, long);
+    break;
+  case CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE:
+    multi->chunk_length_penalty_size = va_arg(param, long);
+    break;
+  case CURLMOPT_PIPELINING_SITE_BL:
+    res = Curl_pipeline_set_site_blacklist(va_arg(param, char **),
+                                           &multi->pipelining_site_bl);
+    break;
+  case CURLMOPT_PIPELINING_SERVER_BL:
+    res = Curl_pipeline_set_server_blacklist(va_arg(param, char **),
+                                             &multi->pipelining_server_bl);
+    break;
+  case CURLMOPT_MAX_TOTAL_CONNECTIONS:
+    multi->max_total_connections = va_arg(param, long);
+    break;
  default:
    res = CURLM_UNKNOWN_OPTION;
    break;
@@ -2353,131 +2394,12 @@ static int update_timer(struct Curl_multi *multi)
  return multi->timer_cb((CURLM*)multi, timeout_ms, multi->timer_userp);
 }

-static CURLcode addHandleToSendOrPendPipeline(struct SessionHandle *handle,
+void Curl_multi_set_easy_connection(struct SessionHandle *handle,
                                              struct connectdata *conn)
 {
-  size_t pipeLen = conn->send_pipe->size + conn->recv_pipe->size;
-  struct curl_llist_element *sendhead = conn->send_pipe->head;
-  struct curl_llist *pipeline;
-  CURLcode rc;
-
-  if(!Curl_isPipeliningEnabled(handle) ||
-     pipeLen == 0)
-    pipeline = conn->send_pipe;
-  else {
-    if(conn->server_supports_pipelining &&
-       pipeLen < MAX_PIPELINE_LENGTH)
-      pipeline = conn->send_pipe;
-    else
-      pipeline = conn->pend_pipe;
-  }
-
-  rc = Curl_addHandleToPipeline(handle, pipeline);
-
-  if(pipeline == conn->send_pipe && sendhead != conn->send_pipe->head) {
-    /* this is a new one as head, expire it */
-    conn->writechannel_inuse = FALSE; /* not in use yet */
-#ifdef DEBUGBUILD
-    infof(conn->data, "%p is at send pipe head!\n",
-          conn->send_pipe->head->ptr);
-#endif
-    Curl_expire(conn->send_pipe->head->ptr, 1);
-  }
-
-  return rc;
+  handle->set.one_easy->easy_conn = conn;
 }

-static int checkPendPipeline(struct connectdata *conn)
-{
-  int result = 0;
-  struct curl_llist_element *sendhead = conn->send_pipe->head;
-
-  size_t pipeLen = conn->send_pipe->size + conn->recv_pipe->size;
-  if(conn->server_supports_pipelining || pipeLen == 0) {
-    struct curl_llist_element *curr = conn->pend_pipe->head;
-    const size_t maxPipeLen =
-      conn->server_supports_pipelining ? MAX_PIPELINE_LENGTH : 1;
-
-    while(pipeLen < maxPipeLen && curr) {
-      Curl_llist_move(conn->pend_pipe, curr,
-                      conn->send_pipe, conn->send_pipe->tail);
-      Curl_pgrsTime(curr->ptr, TIMER_PRETRANSFER);
-      ++result; /* count how many handles we moved */
-      curr = conn->pend_pipe->head;
-      ++pipeLen;
-    }
-  }
-
-  if(result) {
-    conn->now = Curl_tvnow();
-    /* something moved, check for a new send pipeline leader */
-    if(sendhead != conn->send_pipe->head) {
-      /* this is a new one as head, expire it */
-      conn->writechannel_inuse = FALSE; /* not in use yet */
-#ifdef DEBUGBUILD
-      infof(conn->data, "%p is at send pipe head!\n",
-            conn->send_pipe->head->ptr);
-#endif
-      Curl_expire(conn->send_pipe->head->ptr, 1);
-    }
-  }
-
-  return result;
-}
-
-/* Move this transfer from the sending list to the receiving list.
-
-   Pay special attention to the new sending list "leader" as it needs to get
-   checked to update what sockets it acts on.
-
-*/
-static void moveHandleFromSendToRecvPipeline(struct SessionHandle *handle,
-                                             struct connectdata *conn)
-{
-  struct curl_llist_element *curr;
-
-  curr = conn->send_pipe->head;
-  while(curr) {
-    if(curr->ptr == handle) {
-      Curl_llist_move(conn->send_pipe, curr,
-                      conn->recv_pipe, conn->recv_pipe->tail);
-
-      if(conn->send_pipe->head) {
-        /* Since there's a new easy handle at the start of the send pipeline,
-           set its timeout value to 1ms to make it trigger instantly */
-        conn->writechannel_inuse = FALSE; /* not used now */
-#ifdef DEBUGBUILD
-        infof(conn->data, "%p is at send pipe head B!\n",
-              conn->send_pipe->head->ptr);
-#endif
-        Curl_expire(conn->send_pipe->head->ptr, 1);
-      }
-
-      /* The receiver's list is not really interesting here since either this
-         handle is now first in the list and we'll deal with it soon, or
-         another handle is already first and thus is already taken care of */
-
-      break; /* we're done! */
-    }
-    curr = curr->next;
-  }
-}
-
-static void moveHandleFromRecvToDonePipeline(struct SessionHandle *handle,
-                                            struct connectdata *conn)
-{
-  struct curl_llist_element *curr;
-
-  curr = conn->recv_pipe->head;
-  while(curr) {
-    if(curr->ptr == handle) {
-      Curl_llist_move(conn->recv_pipe, curr,
-                      conn->done_pipe, conn->done_pipe->tail);
-      break;
-    }
-    curr = curr->next;
-  }
-}
 static bool isHandleAtHead(struct SessionHandle *handle,
                           struct curl_llist *pipeline)
 {
@@ -2657,6 +2579,56 @@ CURLMcode curl_multi_assign(CURLM *multi_handle,
  return CURLM_OK;
 }

+size_t Curl_multi_max_host_connections(struct Curl_multi *multi)
+{
+  return multi ? multi->max_host_connections : 0;
+}
+
+size_t Curl_multi_max_total_connections(struct Curl_multi *multi)
+{
+  return multi ? multi->max_total_connections : 0;
+}
+
+size_t Curl_multi_max_pipeline_length(struct Curl_multi *multi)
+{
+  return multi ? multi->max_pipeline_length : 0;
+}
+
+curl_off_t Curl_multi_content_length_penalty_size(struct Curl_multi *multi)
+{
+  return multi ? multi->content_length_penalty_size : 0;
+}
+
+curl_off_t Curl_multi_chunk_length_penalty_size(struct Curl_multi *multi)
+{
+  return multi ? multi->chunk_length_penalty_size : 0;
+}
+
+struct curl_llist *Curl_multi_pipelining_site_bl(struct Curl_multi *multi)
+{
+  return multi->pipelining_site_bl;
+}
+
+struct curl_llist *Curl_multi_pipelining_server_bl(struct Curl_multi *multi)
+{
+  return multi->pipelining_server_bl;
+}
+
+void Curl_multi_process_pending_handles(struct Curl_multi *multi)
+{
+  struct Curl_one_easy *easy;
+
+  easy=multi->easy.next;
+  while(easy != &multi->easy) {
+    if(easy->state == CURLM_STATE_CONNECT_PEND) {
+      multistate(easy, CURLM_STATE_CONNECT);
+      /* Make sure that the handle will be processed soonish. */
+      Curl_expire(easy->easy_handle, 1);
+    }
+    easy = easy->next; /* operate on next handle */
+  }
+}
+
 #ifdef DEBUGBUILD
 void Curl_multi_dump(const struct Curl_multi *multi_handle)
 {
--- a/lib/multihandle.h
+++ b/lib/multihandle.h
@@ -31,25 +31,26 @@ struct Curl_message {
   well!
 */
 typedef enum {
-  CURLM_STATE_INIT,        /* 0 - start in this state */
-  CURLM_STATE_CONNECT,     /* 1 - resolve/connect has been sent off */
-  CURLM_STATE_WAITRESOLVE, /* 2 - awaiting the resolve to finalize */
-  CURLM_STATE_WAITCONNECT, /* 3 - awaiting the connect to finalize */
-  CURLM_STATE_WAITPROXYCONNECT, /* 4 - awaiting proxy CONNECT to finalize */
-  CURLM_STATE_PROTOCONNECT, /* 5 - completing the protocol-specific connect
-                               phase */
-  CURLM_STATE_WAITDO,      /* 6 - wait for our turn to send the request */
-  CURLM_STATE_DO,          /* 7 - start send off the request (part 1) */
-  CURLM_STATE_DOING,       /* 8 - sending off the request (part 1) */
-  CURLM_STATE_DO_MORE,     /* 9 - send off the request (part 2) */
-  CURLM_STATE_DO_DONE,     /* 10 - done sending off request */
-  CURLM_STATE_WAITPERFORM, /* 11 - wait for our turn to read the response */
-  CURLM_STATE_PERFORM,     /* 12 - transfer data */
-  CURLM_STATE_TOOFAST,     /* 13 - wait because limit-rate exceeded */
-  CURLM_STATE_DONE,        /* 14 - post data transfer operation */
-  CURLM_STATE_COMPLETED,   /* 15 - operation complete */
-  CURLM_STATE_MSGSENT,     /* 16 - the operation complete message is sent */
-  CURLM_STATE_LAST         /* 17 - not a true state, never use this */
+  CURLM_STATE_INIT,         /* 0 - start in this state */
+  CURLM_STATE_CONNECT_PEND, /* 1 - no connections, waiting for one */
+  CURLM_STATE_CONNECT,      /* 2 - resolve/connect has been sent off */
+  CURLM_STATE_WAITRESOLVE,  /* 3 - awaiting the resolve to finalize */
+  CURLM_STATE_WAITCONNECT,  /* 4 - awaiting the connect to finalize */
+  CURLM_STATE_WAITPROXYCONNECT, /* 5 - awaiting proxy CONNECT to finalize */
+  CURLM_STATE_PROTOCONNECT, /* 6 - completing the protocol-specific connect
+                                   phase */
+  CURLM_STATE_WAITDO,       /* 7 - wait for our turn to send the request */
+  CURLM_STATE_DO,           /* 8 - start send off the request (part 1) */
+  CURLM_STATE_DOING,        /* 9 - sending off the request (part 1) */
+  CURLM_STATE_DO_MORE,      /* 10 - send off the request (part 2) */
+  CURLM_STATE_DO_DONE,      /* 11 - done sending off request */
+  CURLM_STATE_WAITPERFORM,  /* 12 - wait for our turn to read the response */
+  CURLM_STATE_PERFORM,      /* 13 - transfer data */
+  CURLM_STATE_TOOFAST,      /* 14 - wait because limit-rate exceeded */
+  CURLM_STATE_DONE,         /* 15 - post data transfer operation */
+  CURLM_STATE_COMPLETED,    /* 16 - operation complete */
+  CURLM_STATE_MSGSENT,      /* 17 - the operation complete message is sent */
+  CURLM_STATE_LAST          /* 18 - not a true state, never use this */
 } CURLMstate;

 /* we support N sockets per easy handle. Set the corresponding bit to what
@@ -123,6 +124,30 @@ struct Curl_multi {
  long maxconnects; /* if >0, a fixed limit of the maximum number of entries
                       we're allowed to grow the connection cache to */

+  long max_host_connections; /* if >0, a fixed limit of the maximum number
+                                of connections per host */
+
+  long max_total_connections; /* if >0, a fixed limit of the maximum number
+                                 of connections in total */
+
+  long max_pipeline_length; /* if >0, maximum number of requests in a
+                               pipeline */
+
+  long content_length_penalty_size; /* a connection with a
+                                       content-length bigger than
+                                       this is not considered
+                                       for pipelining */
+
+  long chunk_length_penalty_size; /* a connection with a chunk length
+                                     bigger than this is not
+                                     considered for pipelining */
+
+  struct curl_llist *pipelining_site_bl; /* List of sites that are blacklisted
+                                            from pipelining */
+
+  struct curl_llist *pipelining_server_bl; /* List of server types that are
+                                              blacklisted from pipelining */
+
  /* timer callback and user data pointer for the *socket() API */
  curl_multi_timer_callback timer_cb;
  void *timer_userp;
--- a/Show More
+++ b/Show More
				`@@ -104,4 +104,3 @@ void Curl_hash_print(struct curl_hash *h,`


				`#endif /* HEADER_CURL_HASH_H */`