Merge branch 'master' of github.com:bagder/curl

21 files changed, 239 insertions, 167 deletions

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index e7d4f3c97..6bea290a4 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,4 +1,4 @@
-Curl and libcurl 7.24.0
+Curl and libcurl 7.24.1
 
  Public curl releases:         127
  Command line options:         149
@@ -7,65 +7,17 @@ Curl and libcurl 7.24.0
  Known libcurl bindings:       39
  Contributors:                 907
 
+This release includes the following security fixes:
+
+ o 
+
 This release includes the following changes:
 
- o CURLOPT_QUOTE: SFTP supports the '*'-prefix now [24]
- o CURLOPT_DNS_SERVERS: set name servers if possible [23]
- o Add support for using nettle instead of gcrypt as gnutls backend [22]
- o CURLOPT_INTERFACE: avoid resolving interfaces names with magic prefixes [21]
- o Added CURLOPT_ACCEPTTIMEOUT_MS [30]
- o configure: add symbols versioning option --enable-versioned-symbols [31]
+ o 
 
 This release includes the following bugfixes:
 
- o SSL session share: move the age counter to the share object [1]
- o -J -O: use -O name if no Content-Disposition header comes! [2]
- o protocol_connect: show verbose connect and set connect time [3]
- o query-part: ignore the URI part for given protocols [4]
- o gnutls: only translate winsock errors for old versions [5]
- o POP3: fix end of body detection [6]
- o POP3: detect when LIST returns no mails
- o TELNET: improved treatment of options [7]
- o configure: add support for pkg-config detection of libidn [8]
- o CyaSSL 2.0+ library initialization adjustment [9]
- o multi interface: only use non-NULL socker function pointer
- o call opensocket callback properly for active FTP
- o don't call close socket callback for sockets created with accept() [10]
- o differentiate better between host/proxy errors [11]
- o SSH: fix CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and --hostpubmd5 [12]
- o multi: handle timeouts on DNS servers by checking for new sockets [13]
- o CURLOPT_DNS_SERVERS: fix return code
- o POP3: fixed escaped dot not being stripped out [14]
- o OpenSSL: check for the SSLv2 function in configure [15]
- o MakefileBuild: fix the static build [16]
- o create_conn: don't switch to HTTP protocol if tunneling is enabled [17]
- o multi interface: fix block when CONNECT_ONLY option is used [18]
- o Fix connection reuse for TLS upgraded connections [19]
- o multiple file upload with -F and custom type [20]
- o multi interface: active FTP connections are no longer blocking [25]
- o Android build fix [26]
- o timer: restore PRETRANSFER timing [27]
- o libcurl.m4: Fix quoting arguments of AC_LANG_PROGRAM [28]
- o appconnect time fixed for non-blocking connect ssl backends [29]
- o do not include SSL handshake into time spent waiting for 100-continue [32]
- o handle dns cache case insensitive
- o use new host name casing for subsequent HTTP requests [33]
- o CURLOPT_RESOLVE: avoid adding already present host names
- o SFTP mkdir: use correct permission [34]
- o resolve: don't leak pre-populated dns entries [35]
- o --retry: Retry transfers on timeout and DNS errors
- o negotiate with SSPI backend: use the correct buffer for input [36]
- o SFTP dir: increase buffer size counter to avoid cut off file names [37]
- o TFTP: fix resending (again) [38]
- o c-ares: don't include getaddrinfo-using code [39]
- o FTP: CURLE_PARTIAL_FILE will not close the control channel [40]
- o win32-threaded-resolver: stop using a dummy socket
- o OpenSSL: remove reference to openssl internal struct [41]
- o OpenSSL: SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option no longer enabled
- o OpenSSL: fix PKCS#12 certificate parsing related memory leak
- o OpenLDAP: fix LDAP connection phase memory leak [42]
- o Telnet: Use correct file descriptor for telnet upload
- o Telnet: Remove bogus optimisation of telnet upload
+ o 
 
 This release includes the following known bugs:
 
@@ -74,58 +26,10 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
- Alejandro Alvarez Ayllon, Jason Glasgow, Jonas Schnelli, Mark Brand,
- Martin Storsjo, Yang Tse, Laurent Rabret, Jason Glasgow, Steve Holme,
- Reza Arbab, Jason Liu, Gokhan Sengun, Rob Ward, Dan Fandrich,
- Naveen Chandran, Ward Willats, Vladimir Grishchenko, Colin Hogben,
- Alessandro Ghedini, Cedric Deltheil, Toni Moreno, Bernhard Reutner-Fischer,
- Sven Wegener, Alex Vinnik, Kamil Dudka, Mamoru Tasaka, Patrice Guerin,
- Armel Asselin, Arthur Murray, Steve H Truong, Peter Sylvester,
- Johannes Bauer
+ 
 
         Thanks! (and sorry if I forgot to mention someone)
 
 References to bug reports and discussions on issues:
 
- [1] = http://curl.haxx.se/mail/lib-2011-11/0116.html
- [2] = http://curl.haxx.se/mail/archive-2011-11/0030.htm
- [3] = http://curl.haxx.se/mail/archive-2011-11/0035.html
- [4] = http://curl.haxx.se/mail/lib-2011-11/0218.html
- [5] = http://curl.haxx.se/mail/lib-2011-11/0267.html
- [6] = http://curl.haxx.se/mail/lib-2011-11/0279.html
- [7] = http://curl.haxx.se/mail/lib-2011-11/0247.html
- [8] = http://curl.haxx.se/mail/lib-2011-11/0294.html
- [9] = http://curl.haxx.se/bug/view.cgi?id=3442068
- [10] = http://curl.haxx.se/mail/lib-2011-12/0018.html
- [11] = http://curl.haxx.se/mail/archive-2011-12/0010.html
- [12] = http://curl.haxx.se/bug/view.cgi?id=3451592
- [13] = http://curl.haxx.se/mail/lib-2011-11/0371.html
- [14] = http://curl.haxx.se/mail/lib-2011-11/0368.html
- [15] = http://curl.haxx.se/mail/archive-2011-12/0012.html
- [16] = http://curl.haxx.se/mail/lib-2011-12/0063.html
- [17] = http://curl.haxx.se/mail/lib-2011-12/0010.html
- [18] = http://curl.haxx.se/mail/lib-2011-12/0070.html
- [19] = http://curl.haxx.se/mail/lib-2011-11/0022.html
- [20] = http://curl.haxx.se/mail/lib-2011-12/0121.html
- [21] = http://curl.haxx.se/mail/lib-2011-12/0107.html
- [22] = http://curl.haxx.se/mail/lib-2011-11/0164.html
- [23] = http://curl.haxx.se/mail/lib-2011-11/0067.html
- [24] = http://curl.haxx.se/mail/lib-2011-11/0205.html
- [25] = http://curl.haxx.se/mail/lib-2011-12/0179.html
- [26] = http://curl.haxx.se/mail/lib-2011-12/0215.html
- [27] = http://curl.haxx.se/mail/archive-2011-12/0022.html
- [28] = http://curl.haxx.se/mail/lib-2011-12/0218.html
- [29] = http://curl.haxx.se/mail/lib-2011-12/0211.html
- [30] = http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTACCEPTTIMOUTMS
- [31] = http://curl.haxx.se/mail/lib-2011-12/0133.html
- [32] = https://bugzilla.redhat.com/767490
- [33] = http://curl.haxx.se/mail/lib-2011-12/0314.html
- [34] = http://curl.haxx.se/mail/lib-2011-12/0249.html
- [35] = http://curl.haxx.se/bug/view.cgi?id=3463121
- [36] = http://curl.haxx.se/bug/view.cgi?id=3466497
- [37] = http://curl.haxx.se/mail/lib-2011-12/0249.html
- [38] = http://curl.haxx.se/mail/lib-2012-01/0146.html
- [39] = http://curl.haxx.se/mail/lib-2012-01/0160.html
- [40] = http://curl.haxx.se/mail/lib-2012-01/0096.html
- [41] = http://curl.haxx.se/mail/lib-2012-01/0049.html
- [42] = http://curl.haxx.se/bug/view.cgi?id=3474308
+ 
diff --git a/TODO-RELEASE b/TODO-RELEASE
index 6c94376fc..386cccf57 100644
--- a/TODO-RELEASE
+++ b/TODO-RELEASE
@@ -1,4 +1,4 @@
-To be addressed in 7.22.1
+To be addressed in 7.24.1
 =========================
 
 295 - "RTSP Authentication (#22)" https://github.com/bagder/curl/pull/22
@@ -8,4 +8,8 @@ To be addressed in 7.22.1
 300 - "Polling on stray socket on sequential transfers." Andrew S
       http://curl.haxx.se/mail/lib-2011-07/0053.html
 
-308 -
+308 - Revisit option --enable-threaded-resolver at least allow selection among
+      pthreads and Windows threads when building a Windows target.
+      http://curl.haxx.se/mail/lib-2012-01/0291.html
+
+309 - 
diff --git a/docs/THANKS b/docs/THANKS
index dd32c6a31..0b2fd3b4b 100644
--- a/docs/THANKS
+++ b/docs/THANKS
@@ -20,11 +20,13 @@ Albert Choy
 Ale Vesely
 Alejandro Alvarez
 Aleksandar Milivojevic
+Alessandro Ghedini
 Alessandro Vesely
 Alex Bligh
 Alex Fishman
 Alex Neblett
 Alex Suykov
+Alex Vinnik
 Alex aka WindEagle
 Alexander Beedie
 Alexander Kourakos
@@ -74,6 +76,7 @@ Anton Kalmykov
 Arkadiusz Miskiewicz
 Armel Asselin
 Arnaud Ebalard
+Arthur Murray
 Arve Knudsen
 Ates Goral
 Augustus Saunders
@@ -91,6 +94,7 @@ Ben Winslow
 Benbuck Nason
 Benjamin Gerard
 Bernard Leak
+Bernhard Reutner-Fischer
 Bertrand Demiddelaer
 Bill Egert
 Bill Hoffman
@@ -105,6 +109,7 @@ Brad Burdick
 Brad Hards
 Brad King
 Bradford Bruce
+Brandon Wang
 Brendan Jurd
 Brent Beardsley
 Brian Akins
@@ -121,6 +126,7 @@ Camille Moncelier
 Caolan McNamara
 Carsten Lange
 Casey O'Donnell
+Cedric Deltheil
 Chad Monroe
 Charles Kerr
 Chih-Chung Chang
@@ -133,6 +139,7 @@ Chris Gaukroger
 Chris Maltby
 Chris Mumford
 Chris Smowton
+Christian Grothoff
 Christian Hagele
 Christian Krause
 Christian Kurz
@@ -382,6 +389,8 @@ Jan Kunder
 Jan Van Boghout
 Jared Lundell
 Jari Sundell
+Jason Glasgow
+Jason Liu
 Jason McDonald
 Jason S. Priebe
 Jay Austin
@@ -418,6 +427,7 @@ Jofell Gallardo
 Johan Anderson
 Johan Nilsson
 Johan van Selst
+Johannes Bauer
 John Bradshaw
 John Crow
 John Dennis
@@ -437,6 +447,7 @@ Jon Sargeant
 Jon Travis
 Jon Turner
 Jonas Forsman
+Jonas Schnelli
 Jonatan Lander
 Jonathan Hseu
 Jongki Suwandi
@@ -524,6 +535,7 @@ Luke Call
 Luong Dinh Dung
 Maciej Karpiuk
 Maciej W. Rozycki
+Mamoru Tasaka
 Mandy Wu
 Manfred Schwarb
 Manuel Massing
@@ -614,6 +626,7 @@ Moonesamy
 Nathan Coulter
 Nathan O'Sullivan
 Nathanael Nerode
+Naveen Chandran
 Naveen Noel
 Neil Dunbar
 Neil Spring
@@ -631,6 +644,7 @@ Nikita Schmidt
 Nikitinskit Dmitriy
 Niklas Angebrand
 Nikolai Kondrashov
+Nikos Mavrogiannopoulos
 Ning Dong
 Nir Soffer
 Nis Jorgensen
@@ -647,6 +661,7 @@ Paolo Piacentini
 Pascal Terjan
 Pasha Kuznetsov
 Pat Ray
+Patrice Guerin
 Patrick Bihan-Faou
 Patrick Monnerat
 Patrick Scott
@@ -720,6 +735,7 @@ Renaud Duhaut
 Rene Bernhardt
 Rene Rebe
 Reuven Wachtfogel
+Reza Arbab
 Ricardo Cadime
 Rich Gray
 Rich Rauenzahn
@@ -736,11 +752,13 @@ Rick Richardson
 Rob Crittenden
 Rob Jones
 Rob Stanzel
+Rob Ward
 Robert A. Monat
 Robert D. Young
 Robert Foreman
 Robert Iakobashvili
 Robert Olson
+Robert Schumann
 Robert Weaver
 Robin Cornelius
 Robin Johnson
@@ -809,6 +827,7 @@ Stephen Kick
 Stephen More
 Sterling Hughes
 Steve Green
+Steve H Truong
 Steve Holme
 Steve Lhomme
 Steve Little
@@ -864,6 +883,7 @@ Tomasz Lacki
 Tommie Gannert
 Tommy Tam
 Ton Voon
+Toni Moreno
 Toon Verwaest
 Tor Arntsen
 Torsten Foertsch
@@ -892,6 +912,7 @@ Vojtech Janota
 Vojtech Minarik
 Vsevolod Novikov
 Walter J. Mack
+Ward Willats
 Wayne Haigh
 Werner Koch
 Wesley Laxton
diff --git a/docs/examples/README b/docs/examples/README
index da04d2886..270048a6c 100644
--- a/docs/examples/README
+++ b/docs/examples/README
@@ -55,6 +55,7 @@ htmltitle.cc   - download a HTML file and extract the <title> tag from a HTML
 http-post.c    - HTTP POST
 httpput.c      - HTTP PUT a local file
 https.c        - simple HTTPS transfer
+imap.c         - simple IMAP transfer
 multi-app.c    - a multi-interface app
 multi-debugcallback.c - a multi-interface app using the debug callback
 multi-double.c - a multi-interface app doing two simultaneous transfers
@@ -75,4 +76,5 @@ simple.c       - the most simple download a URL source
 simplepost.c   - HTTP POST
 simplessl.c    - HTTPS example with certificates many options set
 synctime.c     - Sync local time by extracting date from remote HTTP servers
+url2file.c     - download a document and store it in a file
 10-at-a-time.c - Download many files simultaneously, 10 at a time.
diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3
index 9dcce8770..d94a84b78 100644
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -266,7 +266,7 @@ If you forward the input arguments directly to "fseek" or "lseek", note that
 the data type for \fIoffset\fP is not the same as defined for curl_off_t on
 many systems! (Option added in 7.18.0)
 .IP CURLOPT_SEEKDATA
-Data pointer to pass to the file read function. If you use the
+Data pointer to pass to the file seek function. If you use the
 \fICURLOPT_SEEKFUNCTION\fP option, this is the pointer you'll get as input. If
 you don't specify a seek callback, NULL is passed. (Option added in 7.18.0)
 .IP CURLOPT_SOCKOPTFUNCTION
@@ -322,7 +322,7 @@ to the \fICURLOPT_OPENSOCKETFUNCTION\fP option. Return 0 to signal success and
 1 if there was an error.  (Option added in 7.21.7)
 .IP CURLOPT_CLOSESOCKETDATA
 Pass a pointer that will be untouched by libcurl and passed as the first
-argument in the opensocket callback set with
+argument in the closesocket callback set with
 \fICURLOPT_CLOSESOCKETFUNCTION\fP.  (Option added in 7.21.7)
 .IP CURLOPT_PROGRESSFUNCTION
 Function pointer that should match the \fIcurl_progress_callback\fP prototype
@@ -2070,7 +2070,7 @@ This option requires that libcurl was built with a resolver backend that
 supports this operation. The c-ares backend is the only such one.
 
 (Added in 7.24.0)
-.IP CURLOPT_ACCEPTTIMOUT_MS
+.IP CURLOPT_ACCEPTTIMEOUT_MS
 Pass a long telling libcurl the maximum number of milliseconds to wait for a
 server to connect back to libcurl when an active FTP connection is used. If no
 timeout is set, the internal default of 60000 will be used. (Added in 7.24.0)
diff --git a/include/curl/curlver.h b/include/curl/curlver.h
index bc6ca64ca..0c0d9bd29 100644
--- a/include/curl/curlver.h
+++ b/include/curl/curlver.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -30,13 +30,13 @@
 
 /* This is the version number of the libcurl package from which this header
    file origins: */
-#define LIBCURL_VERSION "7.24.0-DEV"
+#define LIBCURL_VERSION "7.24.1-DEV"
 
 /* The numeric version number is also available "in parts" by using these
    defines: */
 #define LIBCURL_VERSION_MAJOR 7
 #define LIBCURL_VERSION_MINOR 24
-#define LIBCURL_VERSION_PATCH 0
+#define LIBCURL_VERSION_PATCH 1
 
 /* This is the numeric version of the libcurl version number, meant for easier
    parsing and comparions by programs. The LIBCURL_VERSION_NUM define will
@@ -53,7 +53,7 @@
    and it is always a greater number in a more recent release. It makes
    comparisons with greater than and less than work.
 */
-#define LIBCURL_VERSION_NUM 0x071800
+#define LIBCURL_VERSION_NUM 0x071801
 
 /*
  * This is the date and time when the full source package was created. The
diff --git a/lib/escape.c b/lib/escape.c
index b0922bc93..0dd5a1d0a 100644
--- a/lib/escape.c
+++ b/lib/escape.c
@@ -31,6 +31,7 @@
 #include "urldata.h"
 #include "warnless.h"
 #include "non-ascii.h"
+#include "escape.h"
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -84,7 +85,7 @@ char *curl_easy_escape(CURL *handle, const char *string, int inlength)
   char *testing_ptr = NULL;
   unsigned char in; /* we need to treat the characters unsigned */
   size_t newlen = alloc;
-  int strindex=0;
+  size_t strindex=0;
   size_t length;
   CURLcode res;
 
@@ -132,23 +133,29 @@ char *curl_easy_escape(CURL *handle, const char *string, int inlength)
 }
 
 /*
- * Unescapes the given URL escaped string of given length. Returns a
- * pointer to a malloced string with length given in *olen.
- * If length == 0, the length is assumed to be strlen(string).
- * If olen == NULL, no output length is stored.
+ * Curl_urldecode() URL decodes the given string.
+ *
+ * Optionally detects control characters (byte codes lower than 32) in the
+ * data and rejects such data.
+ *
+ * Returns a pointer to a malloced string in *ostring with length given in
+ * *olen. If length == 0, the length is assumed to be strlen(string).
+ *
  */
-char *curl_easy_unescape(CURL *handle, const char *string, int length,
-                         int *olen)
+CURLcode Curl_urldecode(struct SessionHandle *data,
+                        const char *string, size_t length,
+                        char **ostring, size_t *olen,
+                        bool reject_ctrl)
 {
-  int alloc = (length?length:(int)strlen(string))+1;
+  size_t alloc = (length?length:strlen(string))+1;
   char *ns = malloc(alloc);
   unsigned char in;
-  int strindex=0;
+  size_t strindex=0;
   unsigned long hex;
   CURLcode res;
 
   if(!ns)
-    return NULL;
+    return CURLE_OUT_OF_MEMORY;
 
   while(--alloc > 0) {
     in = *string;
@@ -164,16 +171,20 @@ char *curl_easy_unescape(CURL *handle, const char *string, int length,
 
       in = curlx_ultouc(hex); /* this long is never bigger than 255 anyway */
 
-      res = Curl_convert_from_network(handle, &in, 1);
+      res = Curl_convert_from_network(data, &in, 1);
       if(res) {
         /* Curl_convert_from_network calls failf if unsuccessful */
         free(ns);
-        return NULL;
+        return res;
       }
 
       string+=2;
       alloc-=2;
     }
+    if(reject_ctrl && (in < 0x20)) {
+      free(ns);
+      return CURLE_URL_MALFORMAT;
+    }
 
     ns[strindex++] = in;
     string++;
@@ -183,7 +194,33 @@ char *curl_easy_unescape(CURL *handle, const char *string, int length,
   if(olen)
     /* store output size */
     *olen = strindex;
-  return ns;
+
+  if(ostring)
+    /* store output string */
+    *ostring = ns;
+
+  return CURLE_OK;
+}
+
+/*
+ * Unescapes the given URL escaped string of given length. Returns a
+ * pointer to a malloced string with length given in *olen.
+ * If length == 0, the length is assumed to be strlen(string).
+ * If olen == NULL, no output length is stored.
+ */
+char *curl_easy_unescape(CURL *handle, const char *string, int length,
+                         int *olen)
+{
+  char *str = NULL;
+  size_t inputlen = length;
+  size_t outputlen;
+  CURLcode res = Curl_urldecode(handle, string, inputlen, &str, &outputlen,
+                                FALSE);
+  if(res)
+    return NULL;
+  if(olen)
+    *olen = curlx_uztosi(outputlen);
+  return str;
 }
 
 /* For operating systems/environments that use different malloc/free
diff --git a/lib/escape.h b/lib/escape.h
index 04b06a973..4c7f84133 100644
--- a/lib/escape.h
+++ b/lib/escape.h
@@ -1,5 +1,5 @@
-#ifndef __ESCAPE_H
-#define __ESCAPE_H
+#ifndef HEADER_CURL_ESCAPE_H
+#define HEADER_CURL_ESCAPE_H
 
 /***************************************************************************
  *                                  _   _ ____  _
@@ -8,7 +8,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -25,5 +25,9 @@
 /* Escape and unescape URL encoding in strings. The functions return a new
  * allocated string or NULL if an error occurred.  */
 
+CURLcode Curl_urldecode(struct SessionHandle *data,
+                        const char *string, size_t length,
+                        char **ostring, size_t *olen,
+                        bool reject_crlf);
 
 #endif
diff --git a/lib/gtls.c b/lib/gtls.c
index f44fd7748..e24e7a81e 100644
--- a/lib/gtls.c
+++ b/lib/gtls.c
@@ -453,7 +453,13 @@ gtls_connect_step1(struct connectdata *conn,
     rc = gnutls_protocol_set_priority(session, protocol_priority);
 #else
     const char *err;
-    rc = gnutls_priority_set_direct(session, "-VERS-TLS-ALL:+VERS-SSL3.0",
+    /* the combination of the cipher ARCFOUR with SSL 3.0 and TLS 1.0 is not
+       vulnerable to attacks such as the BEAST, why this code now explicitly
+       asks for that
+    */
+    rc = gnutls_priority_set_direct(session,
+                                    "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0:"
+                                    "-CIPHER-ALL:+ARCFOUR-128",
                                     &err);
 #endif
     if(rc != GNUTLS_E_SUCCESS)
diff --git a/lib/imap.c b/lib/imap.c
index c39664d86..c6701417d 100644
--- a/lib/imap.c
+++ b/lib/imap.c
@@ -953,17 +953,12 @@ static CURLcode imap_parse_url_path(struct connectdata *conn)
   struct imap_conn *imapc = &conn->proto.imapc;
   struct SessionHandle *data = conn->data;
   const char *path = data->state.path;
-  int len;
 
   if(!*path)
     path = "INBOX";
 
   /* url decode the path and use this mailbox */
-  imapc->mailbox = curl_easy_unescape(data, path, 0, &len);
-  if(!imapc->mailbox)
-    return CURLE_OUT_OF_MEMORY;
-
-  return CURLE_OK;
+  return Curl_urldecode(data, path, 0, &imapc->mailbox, NULL, TRUE);
 }
 
 /* call this when the DO phase has completed */
diff --git a/lib/pop3.c b/lib/pop3.c
index b7781109b..cc360b8b9 100644
--- a/lib/pop3.c
+++ b/lib/pop3.c
@@ -914,11 +914,7 @@ static CURLcode pop3_parse_url_path(struct connectdata *conn)
   const char *path = data->state.path;
 
   /* url decode the path and use this mailbox */
-  pop3c->mailbox = curl_easy_unescape(data, path, 0, NULL);
-  if(!pop3c->mailbox)
-    return CURLE_OUT_OF_MEMORY;
-
-  return CURLE_OK;
+  return Curl_urldecode(data, path, 0, &pop3c->mailbox, NULL, TRUE);
 }
 
 /* call this when the DO phase has completed */
diff --git a/lib/smtp.c b/lib/smtp.c
index 4cb25efca..553c697d0 100644
--- a/lib/smtp.c
+++ b/lib/smtp.c
@@ -1244,7 +1244,6 @@ static CURLcode smtp_connect(struct connectdata *conn,
   struct SessionHandle *data = conn->data;
   struct pingpong *pp = &smtpc->pp;
   const char *path = conn->data->state.path;
-  int len;
   char localhost[HOSTNAME_MAX + 1];
 
   *done = FALSE; /* default to not done yet */
@@ -1316,9 +1315,9 @@ static CURLcode smtp_connect(struct connectdata *conn,
   }
 
   /* url decode the path and use it as domain with EHLO */
-  smtpc->domain = curl_easy_unescape(conn->data, path, 0, &len);
-  if(!smtpc->domain)
-    return CURLE_OUT_OF_MEMORY;
+  result = Curl_urldecode(conn->data, path, 0, &smtpc->domain, NULL, TRUE);
+  if(result)
+    return result;
 
   /* When we connect, we start in the state where we await the server greeting
    */
diff --git a/lib/ssluse.c b/lib/ssluse.c
index ec1a149c8..014d5b56a 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1545,6 +1545,13 @@ ossl_connect_step1(struct connectdata *conn,
      become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate
      CVE-2010-4180 when using previous OpenSSL versions we no longer enable
      this option regardless of OpenSSL version and SSL_OP_ALL definition.
+
+     OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
+     (http://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to
+     SSL_OP_ALL that _disables_ that work-around despite the fact that
+     SSL_OP_ALL is documented to do "rather harmless" workarounds. In order to
+     keep the secure work-around, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit
+     must not be set.
   */
 
   ctx_options = SSL_OP_ALL;
@@ -1553,12 +1560,15 @@ ossl_connect_step1(struct connectdata *conn,
   ctx_options |= SSL_OP_NO_TICKET;
 #endif
 
-#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && \
-  (SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG == 0x00000008L)
+#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
   /* mitigate CVE-2010-4180 */
   ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
 #endif
 
+#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+  ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+#endif
+
   /* disable SSLv2 in the default case (i.e. allow SSLv3 and TLSv1) */
   if(data->set.ssl.version == CURL_SSLVERSION_DEFAULT)
     ctx_options |= SSL_OP_NO_SSLv2;
diff --git a/lib/telnet.c b/lib/telnet.c
index e7cb295d8..0be795435 100644
--- a/lib/telnet.c
+++ b/lib/telnet.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -1273,11 +1273,13 @@ static CURLcode telnet_done(struct connectdata *conn,
   (void)status; /* unused */
   (void)premature; /* not used */
 
+  if(!tn)
+    return CURLE_OK;
+
   curl_slist_free_all(tn->telnet_vars);
   tn->telnet_vars = NULL;
 
-  free(conn->data->state.proto.telnet);
-  conn->data->state.proto.telnet = NULL;
+  Curl_safefree(conn->data->state.proto.telnet);
 
   return CURLE_OK;
 }
diff --git a/lib/url.c b/lib/url.c
index fd46a7e03..466748bfc 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -137,7 +137,9 @@ static long ConnectionKillOne(struct SessionHandle *data);
 static void conn_free(struct connectdata *conn);
 static void signalPipeClose(struct curl_llist *pipeline, bool pipe_broke);
 static CURLcode do_init(struct connectdata *conn);
-
+static CURLcode parse_url_userpass(struct SessionHandle *data,
+                                   struct connectdata *conn,
+                                   char *user, char *passwd);
 /*
  * Protocol table.
  */
@@ -3666,7 +3668,9 @@ static CURLcode findprotocol(struct SessionHandle *data,
  */
 static CURLcode parseurlandfillconn(struct SessionHandle *data,
                                     struct connectdata *conn,
-                                    bool *prot_missing)
+                                    bool *prot_missing,
+                                    char *user,
+                                    char *passwd)
 {
   char *at;
   char *fragment;
@@ -3675,6 +3679,7 @@ static CURLcode parseurlandfillconn(struct SessionHandle *data,
   int rc;
   char protobuf[16];
   const char *protop;
+  CURLcode result;
 
   *prot_missing = FALSE;
 
@@ -3841,6 +3846,14 @@ static CURLcode parseurlandfillconn(struct SessionHandle *data,
     path[0] = '/';
   }
 
+  /*************************************************************
+   * Parse a user name and password in the URL and strip it out
+   * of the host name
+   *************************************************************/
+  result = parse_url_userpass(data, conn, user, passwd);
+  if(result != CURLE_OK)
+    return result;
+
   if(conn->host.name[0] == '[') {
     /* This looks like an IPv6 address literal.  See if there is an address
        scope.  */
@@ -4783,7 +4796,7 @@ static CURLcode create_conn(struct SessionHandle *data,
   conn->host.name = conn->host.rawalloc;
   conn->host.name[0] = 0;
 
-  result = parseurlandfillconn(data, conn, &prot_missing);
+  result = parseurlandfillconn(data, conn, &prot_missing, user, passwd);
   if(result != CURLE_OK)
     return result;
 
@@ -4813,15 +4826,6 @@ static CURLcode create_conn(struct SessionHandle *data,
   }
 
   /*************************************************************
-   * Parse a user name and password in the URL and strip it out
-   * of the host name
-   *************************************************************/
-  result = parse_url_userpass(data, conn, user, passwd);
-  if(result != CURLE_OK)
-    return result;
-
-
-  /*************************************************************
    * If the protocol can't handle url query strings, then cut
    * of the unhandable part
    *************************************************************/
diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
index 85a6e4b2f..610243c24 100644
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@@ -82,7 +82,7 @@ test1220 \
 test1300 test1301 test1302 test1303 test1304 test1305	\
 test1306 test1307 test1308 test1309 test1310 test1311 test1312 test1313 \
 test1314 test1315 test1316 test1317 test1318 test1319 test1320 test1321 \
-test1325 test1326 test1327 \
+test1322 test1323 test1324 test1325 test1326 test1327 \
 test2000 test2001 test2002 test2003 test2004
 
 EXTRA_DIST = $(TESTCASES) DISABLED
diff --git a/tests/data/test1322 b/tests/data/test1322
new file mode 100644
index 000000000..996727e94
--- /dev/null
+++ b/tests/data/test1322
@@ -0,0 +1,29 @@
+<testcase>
+<info>
+<keywords>
+POP3
+CRLF-in-URL
+</keywords>
+</info>
+
+# Client-side
+<client>
+<server>
+pop3
+</server>
+ <name>
+POP3 with URL-encoded CR LF in the URL
+ </name>
+ <command>
+pop3://%HOSTIP:%POP3PORT/%0d%0a/1322
+</command>
+</client>
+
+#
+<verify>
+# 3 - CURLE_URL_MALFORMAT
+<errorcode>
+3
+</errorcode>
+</verify>
+</testcase>
diff --git a/tests/data/test1323 b/tests/data/test1323
new file mode 100644
index 000000000..90eb88b7d
--- /dev/null
+++ b/tests/data/test1323
@@ -0,0 +1,29 @@
+<testcase>
+<info>
+<keywords>
+SMTP
+CRLF-in-URL
+</keywords>
+</info>
+
+# Client-side
+<client>
+<server>
+smtp
+</server>
+ <name>
+SMTP with URL-encoded CR LF in the URL
+ </name>
+ <command>
+smtp://%HOSTIP:%SMTPPORT/%0d%0a/1323
+</command>
+</client>
+
+#
+<verify>
+# 3 - CURLE_URL_MALFORMAT
+<errorcode>
+3
+</errorcode>
+</verify>
+</testcase>
diff --git a/tests/data/test1324 b/tests/data/test1324
new file mode 100644
index 000000000..c9835efea
--- /dev/null
+++ b/tests/data/test1324
@@ -0,0 +1,29 @@
+<testcase>
+<info>
+<keywords>
+IMAP
+CRLF-in-URL
+</keywords>
+</info>
+
+# Client-side
+<client>
+<server>
+imap
+</server>
+ <name>
+IMAP with URL-encoded CR LF in the URL
+ </name>
+ <command>
+imap://%HOSTIP:%IMAPPORT/%0d%0a/1322
+</command>
+</client>
+
+#
+<verify>
+# 3 - CURLE_URL_MALFORMAT
+<errorcode>
+3
+</errorcode>
+</verify>
+</testcase>
diff --git a/tests/libtest/testtrace.c b/tests/libtest/testtrace.c
index 9c082394e..5cb5fec5e 100644
--- a/tests/libtest/testtrace.c
+++ b/tests/libtest/testtrace.c
@@ -111,7 +111,7 @@ int libtest_debug_cb(CURL *handle, curl_infotype type,
 
   switch (type) {
   case CURLINFO_TEXT:
-    fprintf(stderr, "%s== Info: %s", timebuf, data);
+    fprintf(stderr, "%s== Info: %s", &timebuf[0], data);
   default: /* in case a new one is introduced to shock us */
     return 0;
 
diff --git a/tests/stunnel.pem b/tests/stunnel.pem
index 1b4d66993..6a3859b33 100644
--- a/tests/stunnel.pem
+++ b/tests/stunnel.pem
@@ -137,6 +137,7 @@ Ft896NmH4QFsDAetZcCFf24AM4DbUQo5jtG+dkanI/7IxxNYJ1PQ64/yscdQFvHW
 xhIX3Q6FqABjcN5nc80Rog+b6eS8QRX1BRnQqbGtocuptUgW5mWsSb+DR6pZbA==
 -----END CERTIFICATE-----
 -----BEGIN DH PARAMETERS-----
-MEYCQQD+KCcagSasA1QSo8tRXpbaLJJ1Ezt3FJFEZ3RVplp4qZwXQpSZ+Vly3xWx
-q3YvALe/enMbIq8F3OUmppq3UHwTAgEC
+MIGHAoGBAMq/KFGh2oy16WzkFs1U71Uz7dIEKvSYfc+zo439pYyVzcD8MkcC15Zb
+ayK3jPBYf07eKzc2TvI3/ZSducmECNP8gk2gAndP1P1rmpheN+owZJS7kQVfQmHl
+UmT87U99NPaMHXMNOsFj/3mbAaANndKEnd8PM2r5fg16C4+2e5KzAgEC
 -----END DH PARAMETERS-----