                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Version 7.47.1 (8 Feb 2016)

Daniel Stenberg (8 Feb 2016)
- RELEASE-NOTES: curl 7.47.1 time!

Jay Satiro (8 Feb 2016)
- tool_operhlp: Check for backslashes in get_url_file_name
  
  Extract the filename from the last slash or backslash. Prior to this
  change backslashes could be part of the filename.
  
  This change needed for the curl tool built for Cygwin. Refer to the
  CYGWIN addendum in advisory 20160127B.
  
  Bug: https://curl.haxx.se/docs/adv_20160127B.html

Daniel Stenberg (7 Feb 2016)
- RELEASE-NOTES: synced with d6a8869ea34

Jay Satiro (6 Feb 2016)
- openssl: Fix signed/unsigned mismatch warning in X509V3_ext
  
  sk_X509_EXTENSION_num may return an unsigned integer, however the value
  will fit in an int.
  
  Bug: https://github.com/curl/curl/commit/dd1b44c#commitcomment-15913896
  Reported-by: Gisle Vanem

Daniel Stenberg (7 Feb 2016)
- TODO: 17.11 -w output to stderr

Jay Satiro (6 Feb 2016)
- [Michael Kaufmann brought this change]

  idn_win32: Better error checking
  
  .. also fix a conversion bug in the unused function
  curl_win32_ascii_to_idn().
  
  And remove wprintfs on error (Jay).
  
  Bug: https://github.com/curl/curl/pull/637

- [Gisle Vanem brought this change]

  examples/asiohiper: Avoid function name collision on Windows
  
  closesocket => close_socket
  Winsock already has the former.
  
  Bug: https://curl.haxx.se/mail/lib-2016-02/0016.html

- [Gisle Vanem brought this change]

  examples/htmltitle: Use _stricmp on Windows
  
  Bug: https://curl.haxx.se/mail/lib-2016-02/0017.html

Daniel Stenberg (6 Feb 2016)
- COPYING: clarify that Daniel is not the sole author
  
  ... done on request and as it is a fair point.

Jay Satiro (5 Feb 2016)
- unit1604: Fix unit setup return code

- tool_doswin: Use type SANITIZEcode in sanitize_file_name

- tool_doswin: Improve sanitization processing
  
  - Add unit test 1604 to test the sanitize_file_name function.
  
  - Use -DCURL_STATICLIB when building libcurltool for unit testing.
  
  - Better detection of reserved DOS device names.
  
  - New flags to modify sanitize behavior:
  
  SANITIZE_ALLOW_COLONS: Allow colons
  SANITIZE_ALLOW_PATH: Allow path separators and colons
  SANITIZE_ALLOW_RESERVED: Allow reserved device names
  SANITIZE_ALLOW_TRUNCATE: Allow truncating a long filename
  
  - Restore sanitization of banned characters from user-specified outfile.
  
  Prior to this commit sanitization of a user-specified outfile was
  temporarily disabled in 2b6dadc because there was no way to allow path
  separators and colons through while replacing other banned characters.
  Now in such a case we call the sanitize function with
  SANITIZE_ALLOW_PATH which allows path separators and colons to pass
  through.
  
  
  Closes https://github.com/curl/curl/issues/624
  Reported-by: Octavio Schroeder

- [Viktor Szakats brought this change]

  URLs: change more http to https

- sasl_sspi: Fix memory leak in domain populate
  
  Free an existing domain before replacing it.
  
  Bug: https://github.com/curl/curl/issues/635
  Reported-by: silveja1@users.noreply.github.com

Daniel Stenberg (4 Feb 2016)
- [Viktor Szakats brought this change]

  URLs: follow GitHub project rename (also Travis CI)
  
  Closes #632

- CHANGES.o: fix references to curl.haxx.nu
  
  I removed the scheme prefix from the URLs references this host name, as
  we don't own/run that anymore but the name is kept for historic reasons.

- HISTORY: add some info about when we used which host names

Jay Satiro (2 Feb 2016)
- [Viktor Szakats brought this change]

  URLs: change more http to https

Dan Fandrich (3 Feb 2016)
- URLs: Change more haxx.se URLs from http: to https:

Daniel Stenberg (3 Feb 2016)
- RELEASE-NOTES: synced with 4af40b364

- URLs: change all http:// URLs to https://

- configure: update the copyright year range in output

- dotdot: allow an empty input string too
  
  It isn't used by the code in current conditions but for safety it seems
  sensible to at least not crash on such input.
  
  Extended unit test 1395 to verify this too as well as a plain "/" input.

- HTTPS: update a bunch of URLs from HTTP to HTTPS

- [Sergei Nikulov brought this change]

  AppVeyor: updated to handle OpenSSL/WinSSL builds
  
  Closes #621

Jay Satiro (1 Feb 2016)
- tool_operate: Don't sanitize --output path (Windows)
  
  Due to path separators being incorrectly sanitized in --output
  pathnames, eg -o c:\foo => c__foo
  
  This is a partial revert of 3017d8a until I write a proper fix. The
  remote-name will continue to be sanitized, but if the user specified an
  --output with string replacement (#1, #2, etc) that data is unsanitized
  until I finish a fix.
  
  Bug: https://github.com/bagder/curl/issues/624
  Reported-by: Octavio Schroeder

- curl.1: Explain remote-name behavior if file already exists
  
  .. also warn about letting the server pick the filename.

- [Gisle Vanem brought this change]

  urldata: Error on missing SSL backend-specific connect info

Daniel Stenberg (28 Jan 2016)
- bump: towards the next (7.47.1 ?)

- [Sergei Nikulov brought this change]

  cmake: fixed when OpenSSL enabled on Windows and schannel detected
  
  Closes #617

Jay Satiro (28 Jan 2016)
- [Sergei Nikulov brought this change]

  urldata: moved common variable out of ifdef
  
  Closes https://github.com/bagder/curl/pull/618

- [Viktor Szakats brought this change]

  tool_doswin: silence unused function warning
  
  tool_doswin.c:185:14: warning: 'msdosify' defined but not used
  [-Wunused-function]
  
  Closes https://github.com/bagder/curl/pull/616

Daniel Stenberg (27 Jan 2016)
- getredirect.c: fix variable name
  
  Reported-by: Bernard Spil

Version 7.47.0 (27 Jan 2016)

Daniel Stenberg (27 Jan 2016)
- examples/Makefile.inc: specify programs without .c!

- THANKS: 6 new contributors from 7.47.0 release notes

- [Isaac Boukris brought this change]

  NTLM: Fix ConnectionExists to compare Proxy credentials
  
  Proxy NTLM authentication should compare credentials when
  re-using a connection similar to host authentication, as it
  authenticate the connection.
  
  Example:
  curl -v -x http://proxy:port http://host/ -U good_user:good_pwd
    --proxy-ntlm --next -x http://proxy:port http://host/
      [-U fake_user:fake_pwd --proxy-ntlm]
  
  CVE-2016-0755
  
  Bug: http://curl.haxx.se/docs/adv_20160127A.html

- [Ray Satiro brought this change]

  curl: avoid local drive traversal when saving file (Windows)
  
  curl does not sanitize colons in a remote file name that is used as the
  local file name. This may lead to a vulnerability on systems where the
  colon is a special path character. Currently Windows/DOS is the only OS
  where this vulnerability applies.
  
  CVE-2016-0754
  
  Bug: http://curl.haxx.se/docs/adv_20160127B.html

- RELEASE-NOTES: 7.47.0

- FAQ: language fix in 4.19

- [paulehoffman brought this change]

  FAQ: Update to point to GitHub
  
  Current FAQ didn't make it clear where the main repo is.
  
  Closes #612

- maketgz: generate date stamp with LC_TIME=C
  
  bug: http://curl.haxx.se/mail/lib-2016-01/0123.html

- curl_multi_socket_action.3: line wrap

- RELEASE-NOTES: synced with d58ba66eeceb

Steve Holme (21 Jan 2016)
- TODO: "Create remote directories" for SMB

Jay Satiro (18 Jan 2016)
- mbedtls: Fix pinned key return value on fail
  
  - Switch from verifying a pinned public key in a callback during the
  certificate verification to inline after the certificate verification.
  
  The callback method had three problems:
  
  1. If a pinned public key didn't match, CURLE_SSL_PINNEDPUBKEYNOTMATCH
  was not returned.
  
  2. If peer certificate verification was disabled the pinned key
  verification did not take place as it should.
  
  3. (related to #2) If there was no certificate of depth 0 the callback
  would not have checked the pinned public key.
  
  Though all those problems could have been fixed it would have made the
  code more complex. Instead we now verify inline after the certificate
  verification in mbedtls_connect_step2.
  
  Ref: http://curl.haxx.se/mail/lib-2016-01/0047.html
  Ref: https://github.com/bagder/curl/pull/601

- tests: Add a test for pinnedpubkey fail even when insecure
  
  Because disabling the peer verification (--insecure) must not disable
  the public key pinning check (--pinnedpubkey).

- [Daniel Schauenberg brought this change]

  CURLINFO_RESPONSE_CODE.3: add example

Kamil Dudka (15 Jan 2016)
- ssh: make CURLOPT_SSH_PUBLIC_KEYFILE treat "" as NULL
  
  The CURLOPT_SSH_PUBLIC_KEYFILE option has been documented to handle
  empty strings specially since curl-7_25_0-31-g05a443a but the behavior
  was unintentionally removed in curl-7_38_0-47-gfa7d04f.
  
  This commit restores the original behavior and clarifies it in the
  documentation that NULL and "" have both the same meaning when passed
  to CURLOPT_SSH_PUBLIC_KEYFILE.
  
  Bug: http://curl.haxx.se/mail/lib-2016-01/0072.html

Daniel Stenberg (14 Jan 2016)
- RELEASE-NOTES: synced with 35083ca60ed035a

- openssl: improved error detection/reporting
  
  ... by extracting the LIB + REASON from the OpenSSL error code. OpenSSL
  1.1.0+ returned a new func number of another cerfificate fail so this
  required a fix and this is the better way to catch this error anyway.

- openssl: for 1.1.0+ they now provide a SSLeay() macro of their own

- CURLOPT_RESOLVE.3: minor language polish

- configure: assume IPv6 works when cross-compiled
  
  The configure test uses AC_TRY_RUN to figure out if an ipv6 socket
  works, and testing like that doesn't work for cross-compiles. These days
  IPv6 support is widespread so a blind guess is probably more likely to
  be 'yes' than 'no' now.
  
  Further: anyone who cross-compiles can use configure's --disable-ipv6 to
  explicitly disable IPv6 and that also works for cross-compiles.
  
  Made happen after discussions in issue #594

- TODO: "Try to URL encode given URL"
  
  Closes #514

- ConnectionExists: only do pipelining/multiplexing when asked
  
  When an HTTP/2 upgrade request fails (no protocol switch), it would
  previously detect that as still possible to pipeline on (which is
  acorrect) and do that when PIPEWAIT was enabled even if pipelining was
  not explictily enabled.
  
  It should only pipelined if explicitly asked to.
  
  Closes #584

- [Mohammad AlSaleh brought this change]

  lib: Prefix URLs with lower-case protocol names/schemes
  
  Before this patch, if a URL does not start with the protocol
  name/scheme, effective URLs would be prefixed with upper-case protocol
  names/schemes. This behavior might not be expected by library users or
  end users.
  
  For example, if `CURLOPT_DEFAULT_PROTOCOL` is set to "https". And the
  URL is "hostname/path". The effective URL would be
  "HTTPS://hostname/path" instead of "https://hostname/path".
  
  After this patch, effective URLs would be prefixed with a lower-case
  protocol name/scheme.
  
  Closes #597
  
  Signed-off-by: Mohammad AlSaleh <CE.Mohammad.AlSaleh@gmail.com>

- [Alessandro Ghedini brought this change]

  scripts: don't generate and install zsh completion when cross-compiling

- [Alessandro Ghedini brought this change]

  scripts: fix zsh completion generation
  
  The script should use the just-built curl, not the system one. This fixes
  zsh completion generation when no system curl is installed.

- [Alessandro Ghedini brought this change]

  zsh.pl: fail if no curl is found
  
  Instead of generation a broken completion file.

- [Michael Kaufmann brought this change]

  IDN host names: Remove the port number before converting to ACE
  
  Closes #596

Jay Satiro (10 Jan 2016)
- runtests: Add mbedTLS to the SSL backends
  
  .. and enable SSLpinning tests for mbedTLS, BoringSSL and LibreSSL.

Daniel Stenberg (10 Jan 2016)
- [Thomas Glanzmann brought this change]

  mbedtls: implement CURLOPT_PINNEDPUBLICKEY

Jay Satiro (9 Jan 2016)
- [Tatsuhiro Tsujikawa brought this change]

  url: Fix compile error with --enable-werror

- [Tatsuhiro Tsujikawa brought this change]

  http2: Ensure that http2_handle_stream_close is called
  
  Previously, when HTTP/2 is enabled and used, and stream has content
  length known, Curl_read was not called when there was no bytes left to
  read. Because of this, we could not make sure that
  http2_handle_stream_close was called for every stream. Since we use
  http2_handle_stream_close to emit trailer fields, they were
  effectively ignored. This commit changes the code so that Curl_read is
  called even if no bytes left to read, to ensure that
  http2_handle_stream_close is called for every stream.
  
  Discussed in https://github.com/bagder/curl/pull/564

Daniel Stenberg (8 Jan 2016)
- http2: handle the received SETTINGS frame
  
  This regression landed in 5778e6f5 and made libcurl not act on received
  settings and instead stayed with its internal defaults.
  
  Bug: http://curl.haxx.se/mail/lib-2016-01/0031.html
  Reported-by: Bankde

- Revert "multiplex: allow only once HTTP/2 is actually used"
  
  This reverts commit 46cb70e9fa81c9a56de484cdd7c5d9d0d9fbec36.
  
  Bug: http://curl.haxx.se/mail/lib-2016-01/0031.html

Jay Satiro (8 Jan 2016)
- [Tatsuhiro Tsujikawa brought this change]

  http2: Fix PUSH_PROMISE headers being treated as trailers
  
  Discussed in https://github.com/bagder/curl/pull/564

Daniel Stenberg (8 Jan 2016)
- [Michael Kaufmann brought this change]

  connection reuse: IDN host names fixed
  
  Use the ACE form of IDN hostnames as key in the connection cache.  Add
  new tests.
  
  Closes #592

- tests: mark IPv6 FTP and FTPS tests with the FTP keyword

Jay Satiro (7 Jan 2016)
- mbedtls: Fix ALPN support
  
  - Fix ALPN reply detection.
  
  - Wrap nghttp2 code in ifdef USE_NGHTTP2.
  
  
  Prior to this change ALPN and HTTP/2 did not work properly in mbedTLS.

- http2: Fix client write for trailers on stream close
  
  Check that the trailer buffer exists before attempting a client write
  for trailers on stream close.
  
  Refer to comments in https://github.com/bagder/curl/pull/564

Daniel Stenberg (7 Jan 2016)
- COPYING: update general copyright year range

- ConnectionExists: add missing newline in infof() call
  
  Mistake from commit a464f33843ee1

- multiplex: allow only once HTTP/2 is actually used
  
  To make sure curl doesn't allow multiplexing before a connection is
  upgraded to HTTP/2 (like when Upgrade: h2c fails), we must make sure the
  connection uses HTTP/2 as well and not only check what's wanted.
  
  Closes #584
  
  Patch-by: c0ff

Jay Satiro (4 Jan 2016)
- curl_global_init.3: Add Windows-specific info for init via DLL
  
  - Add to both curl_global_init.3 and libcurl.3 the caveat for Windows
  that initializing libcurl via a DLL's DllMain or static initializer
  could cause a deadlock.
  
  Bug: https://github.com/bagder/curl/issues/586
  Reported-by: marc-groundctl@users.noreply.github.com

Daniel Stenberg (4 Jan 2016)
- FAQ: clarify who to mail about ECCN clarifications

- progressfunc.c: spellfix description

- docs/examples/multi-app.c: fix bad desc formatting

- examples: added descriptions

- example/simple.c: add description

- getredirect.c: a new example

Marc Hoersken (27 Dec 2015)
- RELEASE-NOTES: add 5e0e81a9c4e35f04ca

Daniel Stenberg (26 Dec 2015)
- RELEASE-NOTES: synced with 2aec4359db1088b10d

Marc Hoersken (26 Dec 2015)
- test 1515: add data check

- test 1515: add MSYS support by passing a relative path
  
  MSYS would otherwise turn a /-style path into a C:\-style path.

- test 539: use datacheck mode text for ASCII-mode LISTings
  
  While still using datacheck mode binary for the inline reply data.

- runtests.pl: check up to 5 data parts with different text modes
  
  Move the text-mode conversion for reply/replycheck from the verify
  section into the load section and add support for 4 more check parts.

Daniel Stenberg (24 Dec 2015)
- CURLOPT_RANGE: for HTTP servers, range support is optional

Marc Hoersken (24 Dec 2015)
- tests 1048 and 1050: use datacheck mode text for ASCII-mode LISTings

- tests 706 and 707: use datacheck mode text for ASCII-mode LISTings

- tests 400,403,406: use datacheck mode text for ASCII-mode LISTings

- sockfilt.c: fix calculation of sleep timeout on Windows
  
  Not converting to double caused small timeouts to be skipped.

- tests first.c: fix calculation of sleep timeout on Windows
  
  Not converting to double caused small timeouts to be skipped.

- test 573: add more debug output

- ftplistparser.c: fix handling of file LISTings using Windows EOL
  
  Previously file.txt[CR][LF] would have been returned as file.tx
  (without the last t) if filetype is symlink. Now the t is
  included and the internal item_length includes the zero byte.
  
  Spotted using test 576 on Windows.

- test 16: fix on Linux (and Windows) by using plain ASCII characters
  
  Follow up on b064ff0c351bb287557228575ef4c1d079b866fb, thanks Daniel.

- tftpd server: add Windows support by writing files in binary mode

- tests 252-255: use datacheck mode text for ASCII-mode LISTings

- test 16: fix on Windows by converting data file from ANSI to UTF-8

Daniel Stenberg (23 Dec 2015)
- Makefile.inc: s/curl_SOURCES/CURL_FILES
  
  This allows the root Makefile.am to include the Makefile.inc without
  causing automake to warn on it (variables named *_SOURCES are
  magic). curl_SOURCES is then instead assigned properly in
  src/Makefile.am only.
  
  Closes #577

- [Anders Bakken brought this change]

  ConnectionExists: with *PIPEWAIT, wait for connections
  
  Try harder to prevent libcurl from opening up an additional socket when
  CURLOPT_PIPEWAIT is set. Accomplished by letting ongoing TCP and TLS
  handshakes complete first before the decision is made.
  
  Closes #575

- [Anders Bakken brought this change]

  Add .dir-locals and set c-basic-offset to 2.
  
  This makes it easier for emacs users to automatically get the right
  2-space indentation when they edit curl source files.
  
  c++-mode is in there as well because Emacs can't easily know if
  something is a C or C++ header.
  
  Closes #574

- [Johannes Schindelin brought this change]

  configure: detect IPv6 support on Windows
  
  This patch was "nicked" from the MINGW-packages project by Daniel.
  
  https://github.com/Alexpux/MINGW-packages/commit/9253d0bf58a1486e91f7efb5316e7fdb48fa4007
  Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

- configure: allow static builds on mingw
  
  This patch is adopted from the MINGW-packages project. It makes it
  possible to build curl both shared and static again.
  
  URL: https://github.com/Alexpux/MINGW-packages/tree/master/mingw-w64-curl

Marc Hoersken (17 Dec 2015)
- test 1326: fix file check since curl is outputting binary data

- test 1326: fix getting stuck on Windows due to incomplete request
  
  The request needs to be read and send in binary mode in order to use
  CRLF instead of LF. Adding --upload-file - causes curl to read stdin
  in binary mode.

Daniel Stenberg (17 Dec 2015)
- RELEASE-NOTES: command line option recount

Dan Fandrich (16 Dec 2015)
- scripts/Makefile: build zsh script even in an out-of-tree build

Marc Hoersken (16 Dec 2015)
- sockfilt.c: added some debug output to select_ws

- sockfilt.c: keep lines shorter than 80 chars

- sockfilt.c: do not wait on unreliable file or pipe handle
  
  The previous implementation caused issues on modern MSYS2 runtimes.

Daniel Stenberg (16 Dec 2015)
- cyassl: deal with lack of *get_peer_certificate
  
  The function is only present in wolfssl/cyassl if it was built with
  --enable-opensslextra. With these checks added, pinning support is disabled
  unless the TLS lib has that function available.
  
  Also fix the mistake in configure that checks for the wrong lib name.
  
  Closes #566

- wolfssl: handle builds without SSLv3 support

- [Tatsuhiro Tsujikawa brought this change]

  http2: Support trailer fields
  
  This commit adds trailer support in HTTP/2.  In HTTP/1.1, chunked
  encoding must be used to send trialer fields.  HTTP/2 deprecated any
  trandfer-encoding, including chunked.  But trailer fields are now
  always available.
  
  Since trailer fields are relatively rare these days (gRPC uses them
  extensively though), allocating buffer for trailer fields is done when
  we detect that HEADERS frame containing trailer fields is started.  We
  use Curl_add_buffer_* functions to buffer all trailers, just like we
  do for regular header fields.  And then deliver them when stream is
  closed.  We have to be careful here so that all data are delivered to
  upper layer before sending trailers to the application.
  
  We can deliver trailer field one by one using NGHTTP2_ERR_PAUSE
  mechanism, but current method is far more simple.
  
  Another possibility is use chunked encoding internally for HTTP/2
  traffic.  I have not tested it, but it could add another overhead.
  
  Closes #564

- RELEASE-NOTES: synced with 6c2c019654e658a

Jay Satiro (15 Dec 2015)
- x509asn1: Fix host altname verification
  
  - In Curl_verifyhost check all altnames in the certificate.
  
  Prior to this change only the first altname was checked. Only the GSKit
  SSL backend was affected by this bug.
  
  Bug: http://curl.haxx.se/mail/lib-2015-12/0062.html
  Reported-by: John Kohl

Daniel Stenberg (15 Dec 2015)
- curl --expect100-timeout: added
  
  This is the new command line option to set the value for the existing
  libcurl option CURLOPT_EXPECT_100_TIMEOUT_MS

- cyassl: fix compiler warning on type conversion

- curlver: the pending release will become 7.47.0

- [Anders Bakken brought this change]

  setstropt: const-correctness
  
  Closes #565

- ROADMAP: implemented HTTP2 for HTTPS-only

- HTTP2.md: spell fix and remove TODO now implemented

- libressl: the latest openssl x509 funcs are not in libressl

- curl: use 2TLS by default
  
  Make this the default for the curl tool (if built with HTTP/2 powers
  enabled) unless a specific HTTP version is requested on the command
  line.
  
  This should allow more users to get HTTP/2 powers without having to
  change anything.

- http: add libcurl option to allow HTTP/2 for HTTPS only
  
  ... and stick to 1.1 for HTTP. This is in line with what browsers do and
  should have very little risk.

- openssl: adapt to openssl >= 1.1.0 X509 opaque structs
  
  Closes #491

- openssl: avoid BIO_reset() warnings since it returns a value

- openssl: adapt to 1.1.0+ name changes

- scripts/makefile: add standard header

- scripts/Makefile: fix GNUism and survive no perl
  
  Closes #555
  
  Reported-by: Thomas Klausner

- fix b6d5cb40d7038fe

- [Tatsuhiro Tsujikawa brought this change]

  http2: Fix hanging paused stream
  
  When NGHTTP2_ERR_PAUSE is returned from data_source_read_callback, we
  might not process DATA frame fully.  Calling nghttp2_session_mem_recv()
  again will continue to process DATA frame, but if there is no incoming
  frames, then we have to call it again with 0-length data.  Without this,
  on_stream_close callback will not be called, and stream could be hanged.
  
  Bug: http://curl.haxx.se/mail/lib-2015-11/0103.html
  Reported-by: Francisco Moraes

- [Christian Stewart brought this change]

  build: fix compilation error with CURL_DISABLE_VERBOSE_STRINGS
  
  With curl disable verbose strings in http.c the compilation fails due to
  the data variable being undefined later on in the function.
  
  Closes #558

Jay Satiro (7 Dec 2015)
- [Gisle Vanem brought this change]

  config-win32: Fix warning HAVE_WINSOCK2_H undefined

- [Gisle Vanem brought this change]

  openssl: BoringSSL doesn't have CONF_modules_free

- [Gisle Vanem brought this change]

  lwip: Fix compatibility issues with later versions
  
  The name of the header guard in lwIP's <lwip/opt.h> has changed from
  '__LWIP_OPT_H__' to 'LWIP_HDR_OPT_H' (bug #35874 in May 2015).
  
  Other fixes:
  
  - In curl_setup.h, the problem with an old PSDK doesn't apply if lwIP is
  used.
  
  - In memdebug.h, the 'socket' should be undefined first due to lwIP's
  lwip_socket() macro.
  
  - In curl_addrinfo.c lwIP's getaddrinfo() + freeaddrinfo() macros need
  special handling because they were undef'ed in memdebug.h.
  
  - In select.c we can't use preprocessor conditionals inside select if
  MSVC and select is a macro, as it is with lwIP.
  
  http://curl.haxx.se/mail/lib-2015-12/0023.html
  http://curl.haxx.se/mail/lib-2015-12/0024.html

Patrick Monnerat (7 Dec 2015)
- os400: define CURL_VERSION_PSL in ILE/RPG binding

Jay Satiro (7 Dec 2015)
- [Gisle Vanem brought this change]

  version: Add flag CURL_VERSION_PSL for libpsl

- formdata: Check if length is too large for memory
  
  - If the size of the length type (curl_off_t) is greater than the size
  of the size_t type then check before allocating memory to make sure the
  value of length will fit in a size_t without overflow. If it doesn't
  then return CURLE_BAD_FUNCTION_ARGUMENT.
  
  Bug: https://github.com/bagder/curl/issues/425#issuecomment-154518679
  Reported-by: Steve Holme

Steve Holme (3 Dec 2015)
- tests: Corrected copy and pasted comments from commit e643c5c908

Daniel Stenberg (3 Dec 2015)
- curl: remove keepalive #ifdef checks done on libcurl's behalf
  
  They didn't match the ifdef logic used within libcurl anyway so they
  could indeed warn for the wrong case - plus the tool cannot know how the
  lib actually performs at that level.

Steve Holme (2 Dec 2015)
- test947: Corrected typo in test name

- tests: Disable the OAUTHBEARER tests when using a non-default port number
  
  Tests 842, 843, 844, 845, 887, 888, 889, 890, 946, 947, 948 and 949 fail
  if a custom port number is specified via the -b option of runtests.pl.
  
  Suggested by: Kamil Dudka
  Bug: http://curl.haxx.se/mail/lib-2015-12/0003.html

Daniel Stenberg (2 Dec 2015)
- bump: towards next release
  
  for all we know now, it might be called 7.46.1

Version 7.46.0 (1 Dec 2015)

Daniel Stenberg (1 Dec 2015)
- RELEASE-NOTES: updated contributor count for 7.46.0

- THANKS: new contributors from the 7.46.0 release

- THANKS-filter: single Tim Rühsen spelling

- docs/examples: gitignore some more built examples

- RELEASE-NOTES; this bug was never released

- RELEASE-NOTES: synced with e55f15454efacb0

- [Flavio Medeiros brought this change]

  Curl_read_plain: clean up ifdefs that break statements
  
  Closes #546

- http2: convert some verbose output into debug-only output

- http2 push: add missing inits of new stream
  
  - set the correct stream_id for pushed streams
  - init maxdownload and size properly

- http2 push: set weight for new stream
  
  give the new stream the old one's stream_weight internally to avoid
  sending a PRIORITY frame unless asked for it

- curl_setup.h: undef freeaddrinfo in c-ares block to fix build
  
  Fixes warnings 78c25c854a added.

- nonblock: fix setting non-blocking mode for Amiga
  
  IoctlSocket() apparently wants a pointer to a long, passed as a char *
  in its third parameter. This bug was introduced already back in commit
  c5fdeef41d from October 1 2001!
  
  Bug: http://curl.haxx.se/mail/lib-2015-11/0088.html
  Reported-by: Norbert Kett

- zsh install: fix DESTDIR support
  
  Reported-by: Mohammad AlSaleh

Dan Fandrich (27 Nov 2015)
- lib: Only define curl_dofreeaddrinfo if struct addrinfo is available

Steve Holme (27 Nov 2015)
- tool_paramhlp: Fixed display of URL index in password prompt for --next
  
  Commit f3bae6ed73 added the URL index to the password prompt when using
  --next. Unfortunately, because the size_t specifier (%zu) is not
  supported by all sprintf() implementations we use the curl_off_t format
  specifier instead. The display of an incorrect value arises on platforms
  where size_t and curl_off_t are of a different size.

Daniel Stenberg (25 Nov 2015)
- timecond: do not add if-modified-since without timecondition
  
  The RTSP code path didn't skip adding the if-modified-since for certain
  RTSP code paths, even if CURLOPT_TIMECONDITION was set to
  CURL_TIMECOND_NONE.
  
  Also, an unknown non-zero CURLOPT_TIMECONDITION value no longer equals
  CURL_TIMECOND_IFMODSINCE.
  
  Bug: http://stackoverflow.com/questions/33903982/curl-timecond-none-doesnt-work-how-to-remove-if-modified-since-header

- RELEASE-NOTES: synced with 99d17a5e2ba77e58

- examples/README: cut out the incomplete list
  
  ... and add a generic explanation for them instead. Each example file
  should contain its own description these days.

- test1513: make sure the callback is only called once

- [Daniel Shahaf brought this change]

  build: Install zsh completion
  
  Fixes #534
  Closes #537

- done: make sure the final progress update is made
  
  It would previously be skipped if an existing error was returned, but
  would lead to a previous value being left there and later used.
  CURLINFO_TOTAL_TIME for example.
  
  Still it avoids that final progress update if we reached DONE as the
  result of a callback abort to avoid another callback to be called after
  an abort-by-callback.
  
  Reported-by: Lukas Ruzicka
  
  Closes #538

- curl: expanded the -XHEAD warning text
  
  ... to also mention the specific options used.

- Revert "cleanup: general removal of TODO (and similar) comments"
  
  This reverts commit 64e959ffe37c436503f9fed1ce2d6ee6ae50bd9a.
  
  Feedback-by: Dan Fandrich
  URL: http://curl.haxx.se/mail/lib-2015-11/0062.html

- CURLOPT_HEADERFUNCTION.3: fix typo
  
  Refer to _HEADERDATA not _WRITEDATA.
  
  Reported-by: Michał Piechowski

- TODO: TCP Fast Open

Steve Holme (22 Nov 2015)
- examples: Added website parse-able descriptions to the e-mail examples

- TODO: Added another 'multi-interface' idea

- smb.c: Fixed compilation warnings
  
  smb.c:134:3: warning: conversion to 'short unsigned int' from 'int' may
               alter its value
  smb.c:146:42: warning: conversion to 'unsigned int' from 'long long
                unsigned int' may alter its value
  smb.c:146:65: warning: conversion to 'unsigned int' from 'long long
                unsigned int' may alter its value

- schannel: Corrected copy/paste error in commit 8d17117683

- schannel: Use GetVersionEx() when VerifyVersionInfo() isn't available
  
  Regression from commit 7a8e861a5 as highlighted in the msys autobuilds.

