--- changes per libwhisker release -------------------------------------

[] libwhisker 1.8

- Fixed a bug that would cause Net::SSLeay to segfault/bus error on
socket close.  Basically have to call Net::SSLeay::free() before
normal socket close.

- Fixed a SSL timeout bug reported by Pavel Kankovsky and Sullo.

- Fixed the socket sharing problem; it will be OK for now, but I still
recommend the eventual shift to libwhisker2, which has a new stream/socket
implementation that bypasses all these problems.

- utils_normalize_uri() pulled from updated libwhisker2 code.

- dump() pulled from updated libwhisker2 code; it now returns undef on error.

--------------------------------------------------------------------------

[] libwhisker 1.7

- Changes to html_find_tags in order to let it parse XML documents as 
well.  Also a few speed enhancements, but they will most likely be
unnoticed during average use.  XML reader will be introduced in LW2.

- Documentation updates, fixed POD typos, etc.

- Multiple Set-Cookie headers were ignored due to a bug in cookie_read.
This would only happen if A) {whisker}->{ignore_duplicate_headers} was
set to 0 (not default), and B) the server sent multiple cookies.

- Changed cookie_read() to use utils_find_lowercase_key(), to be a little
more robust regardless of the alpha case of the Set-Cookie header.

- You can now have libwhisker bind the socket to a specific port and
address (currently for non-SSL sockets only).  {whisker}->{bind_port} 
and {whisker}->{bind_addr} control the values (they default to 14011 and
INADDR_ANY, respectively).  You need to set {whisker}->{bind_socket}=1
to trigger the binding.

- Shortcut in crawl() to skip non absolute http/https URLs.  Pointed out
by Michael Coulter.

- utils_split_uri() got a big makeover, and was made to be RFC-compliant
on parsing URLs (parsing order is important).  It should handle URIs with
no network location info now too (also known as 'net_loc').  It also fixes
a bug in which 'http' scheme name comparision was not case-insensitive.

- utils_join_uri() also got a makeover.  It should now handle non-HTTP URIs
given by utils_split_uri().  It also now adds username/password as well.

- tweaks to utils_get_dir(), for proper parsing order and speed tweaks.
Also removed some dead code.

- dump() now correctly saves undefined values (undef).

- Documented the ignore_duplicate_headers gotcha that may affect some
programs.  It's in the KNOWNBUGS file, even though it's not really a bug.

- utils_absolute_uri() now strips fragments and parameters from base_uri 
before combining uris.

- Anti-IDS mode 3 was missing a few characters.  All better now.

--------------------------------------------------------------------------

[] libwhisker 1.6

- I broke crawl() in v1.4 by implementing some changes in utils_absolute_uri(),
without reflecting those changes in crawl().  Somehow it managed to survive 
all of v1.5 without being noticed...

- dumper() will now not escape the space character.

- Better documented dumper() to indicate structures are saves as references.

- Fixed http_do_request_ex() so it doesn't include the "\r" at the end of
{http_resp_message}.

- Added the get_page_hash() function, which basically just requests the
given URL, and returns the resulting whisker response hash.  Suggested by
jeremiah[at]whitehatsec.com.

- cookie_write()'s check of not sending secure cookies of insecure 
connections was backwards.  Apologies to Thomas Reinke 
(reinke[at]e-softinc.com) For not putting this in v1.5.

- cookie_parse() was too greedy when it came to '='.  Thanks again to Thomas
Reinke.

- Moved the {raw_headers_save} code behind the error check in 
http_do_request().

- Sprinkled more 'defined' checks in http_do_request() in order to stop a
tr/// warning reported by Jeremiah Grossman.

- utils_recperm did not check to see if an array was defined before
using it, causing it to crash.

--------------------------------------------------------------------------

[] libwhisker 1.5

- Recording of forms by crawl() did not normalize URL before storing it,
making it impossible to find the absolute location of relative form
actions.  All fixed now.

- Crawl() didn't clear out previous result values from %LW::crawl_*, which
lead to results carrying over to future scans.  Crawl() now clears things
out.  Reported by Seraphim Down.

- Crawl() now saves cookies to %LW::crawl_cookies if the save_cookies
crawl config is set.

- I broke the perl implementation of md5 when I added the replacement
'use integer' code--and I didn't catch it because my test machine uses
the normal MD5 perl module.  The problem has to do with me not wrapping
the $^H manipulation in a BEGIN{}.  Thanks to the many who pointed the 
problem out, particularly filipe[at]rnl.ist.utl.pt.

- Changed http_queue_read() for Net::SSLeay to return errors on SIGPIPE
signals.  Thanks to filipe[at]rnl.ist.utl.pt.

- Changed is_sock_valid() to always return 'no' for SSL sockets; the
libraries we currently use do not allow persistent connections, so we
will never reuse an SSL connection.  Prevents some SIGPIPEs from
propogating up into the code.

- Inserted SSL session resuming code, which involved a few modifications
to http_do_request_ex() internals.  Session resuming leads to a speed
increase for sequential SSL requests, when using the Net::SSLeay lib.
This behavior is on be default, and can be turned off by setting
{whisker}->{ssl_resume}=0.

- Reworked Net::SSLeay code so that the SSL context (CTX) is reused,
rather than reallocated per request.  Hopefully this will give a little
performance boost, and will be more system resource friendly.

- Added support for being able to specify the exact order headers are
presented to the server, which is controlled by an anonymous array
stuffed into {whisker}->{header_order}.  This removes one of the last
remaining hurdles that libwhisker imposes on the programmer--coming ever
so closer to a 'no rules' paridigm. :)

- Fixed perl warning in http_do_request()'s handling of 100-Continue
responses.  Thanks to jeremiah[at]whitehatsec.com.

- auth_set_header() has the optional $domain parameter added.

- Added the do_auth() alias for auth_set_header().  do_auth() is easier
to remember, and makes much more sense for an API name.  Suggested by
Seraphim Down.

- auth_brute_force() has the optional $domain parameter added.

- md5 lib was renamed to mdx, due to the addition of md4 routines (needed
for NTLM authentication).  This doesn't affect the APIs one bit.

- Added encode_unicode() to convert normal strings to unicode strings
(basically sticking in NULLs every other character).

- The ntlm subpackage was added, which holds NTLM auth routines, and the
supporting DES functions.  Right now all crypto is implemented in 100%
perl, which is slow, but does the job...although benchmarks show my
NTLM auth routines to be 300% faster than Authen::NTLM on multiple
requests with the same username/password.

- http_do_request() was largely modified to accomodate NTLM auth. NTLM 
(and MD5 too) auth sucks because it requires multiple HTTP requests,
which is not jive very well with the single-request-per-http_do_request()
call model currently setup.  Not to mention the whisker retries feature
also throws a curve ball, all the while trying to maintain persistent
connections.  In the end it works, but http_do_request() exploded in size.
Fortunately now the framework is there to eventually add MD5 auth too.

- Added utils_text_wrapper() for pretty printing.

- forms_parse_callback() incorrecly had $UNKOWNS instead of $UNKNOWNS.

- Tweakage to the README, api-demo.pl, and various documentation.  Some 
changes pointed out by: Maximiliano Pérez, Seraphim Down

- Added some stuff to the Makefile 'diag' option.

- encode_str2ruri() had bugs which kept it from producing the correct
encoded URI.  This also affected anti-IDS mode 1.  Thanks to
Benoît Calmels for pointing it out and supplying patched code.

- multipart_read() did not pass the correct parameters to
multipart_read_data() (the $filepath varb was not proprogated correctly).

- http_do_request_ex() tweak to not delete CR/LFs from $resp, in case
there's an error and it needs to be written to {whisker}->{data}.

- http_do_request_ex() now sets {whisker}->{INITIAL_MAGIC} in responses
to 31338, so that it's possible to tell apart requests and reponses by
looking at the INITIAL_MAGIC value (31337 for requests, 31338 for
responses).

- Some changes to the various docs.

- Defining/setting {whisker}->{save_raw_headers} in the request causes
http_do_request(_ex) to save the raw response and headers into
{whisker}->{raw_header_data} in the response hash. 

--------------------------------------------------------------------------

[] libwhisker 1.4

- Made various changes to support 5.004 Perl versions.  Some of
the changes came at a price--view the docs/OPTIMIZE text file included with
the source distribution in order to learn of some tweaks for your platform
in order to gain back a few fractions of a second in speed. :)  I'm
currently evaluating if 5.003 support is possible...

- The md5 function will now abort the entire program if it detects that
the md5 result is incorrect (it does an internal self-test upon init).
This is to keep funky architectures/perls from generating incorrect md5
checksums (without any warning they are incorrect).  Realistically, this
is just a worst-case-scenario, and really shouldn't affect anyone.  If it
does affect you, then drop me a note and we'll get it all fixed up.

- Made some changes to utils_recperm, which are not backwards-compatible.
However, I'm willing to guess that *no one* used that function, since it
was largely undocumented, obscure, and scary looking.  If you happened to
use that function, then email me and I'll accomodate you in the next
release.  The change itself involved adding another callback function for
testing code responses.

- Added the dump subpackage, which provides functions that give basic
Data::Dumper functionality.  That's one less perl module you need to
depend on.

- Added utils_save_page() to have an easy way to save the HTML output
of a response to a file.

- Error check in utils_split_uri(): basically, don't transfer bogus values
to given hash if protocol is not HTTP or HTTPS.  I would hope that the user
would check for such a condition, but you never know...the downside is that
you might re-run a prior HTTP request if you try to set a non-HTTP 
protocol (without checking it first).

- Added utils_getopts(), which is a reimplementation of GetOpts::Std.
Yet again, one less perl module dependancy. :)

- utils_absolute_uri() now can take a third parameter flag which indicates
whether or not to pass the output through utils_normalize_uri() before
returning it.  Things are still backwards compatible with the 2-param ver.
I made other changes to it that makes it identical to URI->abs().

- Turns out the 'use integer' pragma is actually an external module (!).
This caused the MD5 routines to puke, and thus the entire library to puke,
if the proper modules weren't installed.  So I recoded the MD5 routines
to set integer mode manually (by fiddling with $^H).

- Added the utils_unidecode_uri() function, which does basic unicode
decoding, catching any overlong characters.

- auth_brute_force() return code was changed to give undef on error or
no password found...that way you can test for an empty ('') password.

- http_do_request[_ex] now copies over {whisker}->{uri} into the response/
hout hash.

- crawl_set_config() now can take multiple parameters at once, as in:
crawl_set_config(param1=>'val1',param2=>'val2')

- crawl()'s handling of %LW::crawl_forms was completely broken.  All
better now...

- crawl() actually does much better now that utils_normalize_uri() has
been fixed up.  Thanks to Mark.Schaad[at]veritect.com for pointing out 
some bugs.

- Fixed a warning in cookie_read().

--------------------------------------------------------------------------

[] libwhisker 1.3

- Added the {whisker}->{queue_md5} option, which requests the libwhisker
to save a hash of the output queue before sending it to the server.

- According to ActiveState's BugDB, ActivePerl under Windows does not
support non-blocking sockets, thus no non-blocking connects for Windows
users.  It seems even the IO::Socket module doesn't get nonblock support.
I'm glad I found this out, as I was bending over backwards to try to
accomodate Windows and non-blocking....

- So what I wound up doing was using the standard alarm()/eval() combo
around the blocking connect...hopefully this will still provide a crude
way to get some kind of connect() timeout.  Windows users are still out
of luck, but fortunately the Windows connect() does timeout and not hang
infinitely...and the timeout is acceptable (neighborhood of 15-20 
seconds).  At least, this was the case on my Win2K Pro box w/ 
ActiveState perl.

- Fixed bug in html_find_tags().  Callback was using $start and not
$tagstart.  Thanks to Jeremiah[at]whitehatsec.com for pointing it out.

- Various work on crawl().  @LW::crawl_cookies was changed to
%LW::crawl_cookies (@LW::crawl_cookies was never populated, so this change
shouldn't affect anyone as the code was essentially unimplemented until
this point).  Added %LW::crawl_referrers, which will save the referring
pages when the save_referrers value is set to 1 (set to 0 by default).

- Added the utils_absolute_uri() and utils_normalize_uri() functions.
Basically they mangle/parse URLs in various ways to get the correct URL
representation.

- Added normalizing to crawl(), pointed out by multiple people.  Crawl
will normalize all found URIs when crawl_config{'normalize_uri'} is set
to 1 (which it is by default).

- Fixed potential error in sock_valid (used $$Z instead of $$z).  Also
cleaned up a warning with uninitialized $vin.

- Fixed bugs in cookie_parse() which didn't account for whitespace and
deleted the path when it was set to '/'.  Thanks to 
cyril.perrault[at]fr.pwcglobal.com for the pointer.

- Added lots of binmode() on various sockets/file handles, to keep
Windows/DOS from mucking things up.

- Slight tweak to Makefile.pl so that LW.pm is assembled the same on
various systems (libs added in alphabetic order, vs. whatever random 
order the readdir() returned them in); otherwise line numbers from
warnings/errors don't always correspond to the same code...

- anti_ids() incorrectly set {'ids_session_splicing'} instead of
{'ids_session_splice'}.  All better now.

- Updated the docs/whisker_hash.txt file.

- {'ssl_save_info'} can only save data from Net::SSLeay; however, it was
possible for Net::SSL to reach that point, which would puke.  Now the
option is ignored if Net::SSL is in use.

--------------------------------------------------------------------------

[] libwhisker 1.2

- The return value of inet_aton was not checked; if a DNS entry did not
exist, then the library actually then tried to connect to the localhost.
All better now.

- There was a bug in the non-blocking connect code added in 1.1.  
Basically, if a connect failed, the library would still try to use the
socket.  The bug was actually a really subtle/arcane one that involved
the eval{} statement--rather than the function returning when an error
occur, the eval seemed to trap the return, and thus short-circuit errors
back into the pipeline.  I removed the eval{}, with the tradeoff that
platforms that don't have the fcntl function will error out; however,
since the code will only be executed if the Fcntl module is present, I
think this is a safe assumption.

- Fixed up a few warnings and 'use strict' areas.

--------------------------------------------------------------------------

[] libwhisker 1.1

- Added the entire multipart subpackage, which is used for multipart
requests, such as those needed to upload files.  The syntax is similar to
the cookie subpackage (get/set to manipulate values, and read/write to put
those values into a request).  The multipart_read function works in my
test scenarios, but is definately still work-in-progress. Unfortunately
the multipart package added over 8K of code to the library size. :/

- Modified utils_split_uri() to take an optional %hin_request hash.  If
one is supplied then the function will not only split the URI, but also
set the appropriate values in the hash.

- Added the 'easy' subpackage, which is just a collection of high-level
routines to do simple tasks: get_page(), get_page_to_file(), upload_file(),
download_file(), etc.

- The test.pl script was renamed to api_demo.pl.  I also added the
simple.pl script, to show off the simple/easy request support added by
the easy subpackage.

- Added missing POD documentation.

- Sprinkled in a little error checking for passed function params.

- Added utils_lowercase_hashkeys, which is an alias to
utils_lowercase_headers.  I didn't want it to seem as if the function
was limited to headers...

- Added utils_find_lowercase_key(), which will try to find the given
key in a supplied hash, regardless of the case of the key or the keys
in the hash.

- Beefed up the utils_randstr, so that you can specify an optional
returned string size, and what characters it's composed of.  Still
backwards-compatible with prior 1.0 verson.

- Added utils_getline and utils_getline_crlf, for grabbing (CR)LF
lines out of a piece of data.  They internally track position, so you
need to reset them initially by calling utils_getline(\$data,0) the
first time; after that you just call utils_getline(\$data).  The crlf
version requires a terminating CRLF sequence; the regular utils_getline
just stops at the next LF (\n).

- Added MD5 support via new md5 subpackage.  Use the md5() command to
get a string hex hash of the supplied data.  Like the encode_base64
routines, it will attempt to use the faster MD5 Perl module, if available.
MD5 support is needed for eventual Digest authentication...

- While libwhisker had timeout support for already-established connections,
it didn't have timeouts for the initial connect().  So I implemented
nonblocking connects on systems that will support it (libwhisker will test
for it and use it automatically).  Many thanks to Lincoln Stein's "Network
Programming with Perl" book for being an excellent reference through all this
nonblocking IO cruft.

- Fixed a small bug which caused HTML data to not be saved if the HTML data
doesn't end in a \n and the server didn't return a Content-Length header.
This was due to me using the sock_getline in a loop to retrieve HTML data.

- Added the internal-use-only sock_getall, which was used to combat the bug
spoken of prior (where HTML data was lost).

- Added the forms subpackage, which is the start of routines to parse out
HTML forms into something that can be programmically reviewed.  Right now
there's forms_read() to turn HTML into form hashes, and forms_write() to
turn a form hash back into generic HTML.

- The html_find_tags function was lowercasing all found tag/element
names.  This technically alters the data, so it was modified to *not*
lowercase the names.  It is the responsibility of the callback function to
handle any required conversions (including making them lowercase if need
be).

- Recoded the Makefile to be cross-platform independant, and moved the
nopod script functionality into the Makefile.  Plus other changes.

--------------------------------------------------------------------------

[] libwhisker 1.0

- Simon Cozens was awesome enough to spare some time and give a once-over 
to libwhisker, pointing out tons of perl-isms and potential changes.  We 
had some discussion about making libwhisker a proper CPAN module--in the 
end, I believe my goals for libwhisker and the goals of CPAN are different 
enough to not really warrant that happening.  But I did heed a lot of the 
advice.  Details follow...

- HUGE CHANGE: the namespace is changed from 'lw' to 'LW', and the library 
was renamed to LW.pm in order to make the package name and module name the 
same.  It was capitalized since lowercase names passed to 'use' are 
typically reserved for perl pragmas.  Thanks to Simon for pointing this 
out.  I figure if libwww can have LWP, libwhisker can have LW. :)

- ANOTHER NOTABLE CHANGE: I added the minimum requirement of perl 5.005.
This is because 5.004 and prior don't have some of the functions
libwhisker uses (like the 4 argument substr).  It may be possible to port
the code back to 5.004, but I don't have intensions of doing that right
now.

- Added {'whisker'}->{'recv_header_order'} to keep track of the exact 
order of incoming headers.  Useful for various testing.

- Successfully ran libwhisker on Windows with ActiveState perl (there
wasn't really any doubts, but I just wanted to confirm it anyways).  128K
requests without a burp...so support on Windows is definately as solid as 
on unix/linux.  SSL doesn't count...

- Bug tweaks to html_find_tags.  These were found while trying to parse
the evil.htm file located in /docs/.  Also, I've been using the
LW::bin::html_find_tags replacement, which means I haven't been seeing the
bugs sitting in the perl version (LW::html_find_tags).  So I've cleaned up 
some problems that may have been affecting crawl(), and both perl and C
versions parse the same (correct) results.

- Added <SCRIPT> support to html_find_tags, in order to handle funky script
code which may look like HTML (but it is not!).

- Stupid me actually killed the normalize_incoming_headers code in
http_do_request in the PR4 release.  I put it back now.  Doh.

- More -w and 'use strict' fixups.  A lot.  All over.  Much better now.

- Bugs in cookie_read fixed: referencing the wrong hash...found thanks to 
'use strict'.  Forgot {'whisker'}-> before {'lowercase_incoming_headers'},
found thanks to -w.  See, they do serve a purpose. :)

- Everyone has been waiting for it...I added the antiids.pl sub package.  
But before you get excited, I only included the older, whisker v1.x 
anti-ids methods.  You'll still have to wait for the new ones. :)
Engage anti-ids mode by setting {'whisker'}->{'anti_ids'} to the modes you 
wish to use.  http_do_request will do all the work (of course, a little 
code was added to http_do_request to handle this transparently).

- Added the LW::encode_str2uri and LW::encode_str2ruri functions, which 
perform string to (random) URL encoding.  These were required by 
LW::anti_ids.

- Added GPL headers to each individual file, as I believe is required by 
the GPL license.  Not that some ASCII text splashed en-masse will stop 
some lamer for-profit corporation from horking my code and burying it deep 
within their product.  But hey, why the hell would they want code in Perl, 
anyway? ;)

- I just found a disturbing bug in IIS 5.0 (may be in 4.0 and 6.0 as
well).  When a script makes an HTTP 1.0 request for an ASP page and
specifies 'Connection:  close', it seems IIS will still send a
'Connection: Keep-Alive' response header, and then close the connection.  
This, coupled with the fact that the vec/select combo test to see if a 
socket is dead was not working, led to big issues. So...

- Added the sock_valid function, which tests to see if an open socket
still has a listening host connected to it.  It does this by checking
for EPIPE or EOF, and thus has to read in all waiting data in the process.
Only an issue with HTTP/1.1 Keep-alive (persistent) connections.

- The sock_valid function brings up a problem which unfortunately is
encountered more than I would hope: what to do with "extra" data sent
by a server?  Specifically, this is a problem with persistant/Keep-alive
connections because:
	- Server might tack extra CR/LF onto data
	- Server might print HTTP response indicating connection timeout
	- Server might print non-HTTP response string indicating timeout
	- Server might send wrong content-length (too small)
In all cases, when it's time for the next request, we must deal with any
waiting data, and that falls on the shoulders of the sock_valid function,
which will attempt to slurp any waiting data in order to get it out of the
way and test if the connection is still valid.  So in order to control
this 'slurping', I have added the {whisker}->{trailing_slurp} option which
takes three values: 0 (default) will add any slurped data into the normal
incoming data queue; 1 will append slurped data to {whisker}->{slurped},
for post-request analysis; 2 will cause all slurped data to be discarded.

- Tweaked the error return messages so it's obvious when the server puked 
and closed the connection vs. sent an invalid HTTP response.

- Changed http_init_request to clear the entire hash, rather than just the 
{'whisker'} control hash.

- Added the {'whisker'}->{'force_close'} option, which will tell 
libwhisker to shut down the socket regardless of any persistance or 
keep-alives.

- Added the {'whisker'}->{'force_open'} option, which will tell 
libwhisker to not shut down the socket regardless of connection: close
indicators from client or server.  Note that sockets are still closed
for errors...this only overrides 'Connection: close' directives.

- Small bug in http_do_request: wouldn't send {'whisker'}->{'data'} if 
method was set to HEAD.  The method has nothing to do with sending data...

- Flushed the incoming/outgoing queues whenever we open a new socket in
http_do_request.

- libwhisker wouldn't properly take headers if they didn't end in CRLF (as 
opposed to just LF).  This was due to a "$varb = rindex(..) || rindex(..)" 
glitch which had the first rindex returning -1 (not found), but perl 
evaluating it to true, and thus not running the second rindex.  Replaced 
it with a much more accurate and faster s/[\r]{0,1}\n$//.

- The 'selfload' option to Makefile.pl was screwed up (broken in pr4).  
All better now.

- Redid the crawl_extract_links_test function, taking an approach like 
that used in HTML::LinkExtor.  All the tags were placed in a special hash 
named %LW::crawl_linktags, which has the bonus of letting the user/app 
modify which tags they care about.  The speed savings were great (a 
useless tag is a best-case result in the new function, versus a worst-case 
result in the old one).

- Modified http_do_request to be able to take arbitrary whitespace after a 
"Header:" name, per the HTTP RFC.  Originally it expected a single space.

- Changed {whisker}->{http_eol} from "\r\n" to "\x0d\x0a", since a note in 
libwww-perl mentions that "\r\n" is not cross-platform portable (seems 
Macs define "\r\n" as "\x0a\x0d", which is opposite the convention).

- Fixed http_queue_send so that it will error if *all* data wasn't sent.

- More error checking, particularly on data sending and receiving.

- Net::SSLeay::randomize() is now called on startup.

- Bug when server didn't send a response (getline() returned undef).
Didn't reference Z glob correctly (had $Z instead of $$Z).  Also stored
any data in queue into {whisker}->{data} for post-request analysis.

- Fixed bug when server wouldn't return Content-Length header and
connection was flagged Keep-Alive.  Libwhisker would read until the
server stopped sending data, but it wouldn't close the socket 
afterwards....leading to issues when the next persistent request was
made.  To Keep-Alive a connection, we either need a Content-
Length header, or we need to be chunked (which indicates data length).

- Added {whisker}->{force_bodysnatch}, for those rare moments when you
want to snarf the data body during a HEAD request, which happens with
some broken servers (some IIS extension handlers do this too).

- http_fixup_request wouldn't calculate data length if method was HEAD.
Now it will.

- Default User-Agent set by http_init_request is now libwhisker/$VERSION,
where $VERSION is libwhisker version number (duh).

- http_do_request() became http_do_request_ex(), and a new http_do_request
wrapper was made.  This new wrapper has some retry logic in order to redo
requests that failed.  This behaviour is controlled by the 
{whisker}->{retry} option value (0: don't retry, any other positive number is
the number of times to retry).  Note that it will only retry requests that 
resulted in errors *after* making a valid connection.  This is most used to 
catch persistent errors where the server shuts down the socket sometime after
the sock_valid() check, but before the entire transaction is parsed.  Also,
the return values of http_do_request_ex() were modified (returns 1 or 2 on
error, 0 on success), which is passed back via http_do_request().  This way
the calling program knows if they should retry the connection or not.

- Spawned off crawl_do_request(), which is used internally by crawl().
Mostly just a code cleanup.

- Added the 'do_head' configuration value to crawl(), which will attempt to
use head requests to determine if a file should be downloaded via GET.  Good
to use if site has lots of funky file extensions that result in varying 
content types--with do_head enabled (off by default) crawl_do_request() will
only download (and thus parse) html documents.

- Added the 'source_callback' capability to crawl(), which will call the
callback function right before the downloaded HTML is parsed for links.

- Slight tweaks to utils_split_uri, particularly in the order of operations.

- Added hout{whisker}->{code}, which contains the same value as 
{whisker}->{http_resp}.  {code} is easier to remember. :)

- Added hout{whisker}->{100_continue}, which contains the number of "HTTP
100 Continue" responses http_do_request(_ex) snarfed (if any) while waiting 
for the real header.  Only defined if a header was seen (and ignored).

- Added hout{whisker}->{abnormal_header_spacing}, which indicates how many
headers have something other than a single space between the colon and 
header value in "Header: value".  Basically used to see if the server spit
back any funky headers, like "Header:value", or "Header:     value".  Only
defined if an abnormal spacing was seen.

- The auth_set_header function now takes 'proxy-basic' as a type, and will
set the appropriate header for basic auth to a proxy (duh).  Inspired by
sq@cirt.net.

- Added UDP support, so that you can use libwhisker to play around with
SSDP/uPnP (HTTP over UDP).  Set {whisker}->{UDP}=1 to use UDP instead
of TCP.

- Crawl() was saving server tags to %LW::server_tags, instead of the proper
%LW::crawl_server_tags.  All better now.

- Fixed a bug in the detection of external modules (eval sets $@, not $!,
on error).  Thanks to sq@cirt.net for working it through with me.

- Added a Makefile.pl tweak from sq@cirt.net to support OS X/darwin.  
Eventually the Makefile.pl needs to be cleaned up, but it will do for now.

- Changed ssl_read_all() to read() in http_queue_read, since for some
reason ssl_read_all was blocking/stalling on some SSL requests.  Seems to
be just fine now.

- Slashdot.org uses a screwy piece of invalid (yet it works) HTML in
the form of <FORM ACTION="//slashdot.org/somefile">.  So I had to add the
'slashdot_bug' config option to %crawl_configs in order to deal with this
wackiness.  It is enabled by default.

- Lots of functionality was added if you use Net::SSLeay.  You can specify
a client certificate and RSA key by setting {'whisker'}->{'ssl_certfile'}
and {'whisker'}->{'ssl_rsacertfile'} to the filename of the unpassworded PEM
cert files.  You can also pick your ciphers by setting {'whisker'}->
{'ssl_ciphers'} to the appropriate string.  You can request that the chosen 
cipher and server certificate information be saved in the %hout hash by 
setting {'whisker'}->{'save_ssl_info'} to 1.

--------------------------------------------------------------------------

[] libwhisker pr4

- Implemented concurrent-host support; libwhisker now maintains state for 
each separate host, allowing for multiple open sockets at once.  This is 
good if you have to make multiple requests to different hosts (such as a 
proxy would).  This required adding the @Z/Z-glob, which replaced a bunch 
of variables used by various functions within the http subpackage.  Note 
that the Z glob is global to the libwhisker package and is available to 
all functions.

- Redid the utils_recperm function (odds are no one knows what the hell it
does anyway--don't worry about it).  In short, it's a 'recursive
permutation' function, which is used by whisker in the scan function.

- Added {'whisker'}->{'lowercase_incoming_headers'} option which will
lowercase the entire header name--this is a workaround for lame web 
servers (and proxies) that have non-standard capitalization in header 
names (note: you're still responsible to handle header values).  The 
http_do_request internally lowercases all headers in order to find the 
ones required for handling the HTTP connection.  This is more reliable
than 'normalize_incoming_headers', but normalize_incomnig_headers is still 
available.  The http_do_request function will also set the 
'lowercase_incoming_headers' value in the %hout hash as well, so that 
internal functions (e.g. cookie_read) will know how to look for the 
headers.  A bunch of internal functions were also changed to be able to 
handle various case in header names.

- Continuing with the 'lowercase_incoming_headers' kick, I added 
utils_lowercase_headers(), which will step through the given hash and 
lowercase all the header names (but not values!).

- More speed improvements.  Viva la Benchmark.pm!  Most of this is done by
fast-path checking, and replacing slow regexes with faster index/rindex
and substr combinations.

- Tweaks to the cookie routines, to not make an empty cookie header.

- Added more POD documentation for various functions.

- libwhisker can now do SSL connections through a proxy (only an issue
with Net::SSLeay; Net::SSL handles proxies differently, and actually was
supported in pr3).  The actual code to send to the proxy is hardcoded, but 
I don't think this will be a problem (or maybe it will...)

- Added /docs/ subdirectory in the build environment, and finally made a 
document that had all the special {'whisker'}->{'?'} values listed and 
detailed.

- For some reason the "eval 'use module'; if(!$@){}" wasn't working 
reliably for testing the availability of modules.  So everything was 
ported over to check in %INC, which is an internal perl hash that tracks 
loaded modules.  I have no idea what's going on with eval/$@, but it's 
just not working...if you're a perl guru and know what's going on, email 
me to dispell my confusion.

- Typo in utils_split_uri (I predeclared @results, but wound up using @res
in the code).  This was the source of crawl() not working (for the most 
part).  Stupid mistake on my part...

- Added utils_join_uri, which is opposite of utils_split_uri.

- Reworked the entire crawl() function and supporting functions as well.
Added more crawl config options; check the POD docs for crawl_set_config 
for the full list and explainations.

- I think I figured out what to do with the auth problem.  I'm starting a
auth_do_request, which will be identical to http_do_request, except it
will be 'auth aware' and handle any auth setup messiness.

- Lots of tweaks to Makefile.pl.  You can now do './Makefile.pl clean lib 
nopod install' (i.e. multiple commands).

- The bruteurl submodule was horribly out of date; brought it up to speed.

- Changed the build structure around.  Under the libs/ directory are three
types of files: *.wpl (global files), *.pl (release code), *.dpl (devel
code).  The .pl and .dpl are the important ones--the RELEASE branch (aka
official versions) use the code found in the .pl ONLY.  The ongoing DEVEL
branch uses both the .pl and .dpl.  What's this mean?  Well, the APIs
defined in the .pl files are NOT GOING TO CHANGE.  That means you can
start coding on them without worrying about me killing or redoing the API
in the future.  Of course, the internals might be tweaked, but the API
will stay the same.

- Added support for crawl to follow move responses.  Thanks to HD Moore
for reminding me this is a useful feature to have. :)

--------------------------------------------------------------------------

[] libwhisker pr3

- Lots of code tweaks so that libwhisker doesn't spit out tons of errors 
under 'use strict', -T, and -w.  Using test.pl proves ok; however, if you 
come across other warnings of problems with 'use strict', let me know 
(even better, fix them and send me a diff!)

- Reworked the entire queue'ing routines for the HTTP functions--this 
results in *major* speed enhancements.

- Added support for Crypt::SSLeay, which has the Net::SSL module (not to
be confused with the already-supported Net::SSLeay module).  This way, if
you already have Crypt::SSLeay, you don't need to install Net::SSLeay.  
Also, it appears ActiveState has Crypt::SSLeay for Win32 available (but
not by default), which means Windows users may be able to have SSL
support.

- I've spawned off the 'libwhisker binary helper module', or 'lwbin' for 
short.  This is because I have a few functions that either A) exist in C 
and I don't want to port to perl (like NTLM's unchained forward DES 
crap), or B) some things are significantly faster under C (like the HTML 
parser).  lwbin will be considered a separate package, but is *NOT* 
required for normal operation.

- Lots of work on the HTML parser; I implemented a binary helper version, 
and worked out how to have the function be able to find *and* rewrite 
tags, all based on the callback function control.

- Reworked the crawl and html packages; moved the extract links function 
to the crawl subpackage, and ported it to the callback format.

- More fixing/cleanup of the auth subpackage.  I'm at a standstill for MD5 
and NTLM auth, since it requires multiple requests to authenticate (unlike 
Basic).  I'm not sure if I should make an auth_do_request function, which 
can handle all kinds of auth types (MD5, NTLM, basic), or hook something 
directly into http_do_request.  Unfortunately, it can't really be 
externally-controlled due to the fact that you need multiple HTTP 
requests to do MD5 and NTLM auth (suck).

- First crack at cookie support (cookie subpackage).

- libwhisker now uses {'whisker'}->{'http_eol'} instead of "\r\n", in
case you need to tweak the request header line endings (more of the 'no 
rules' approach).  {'whisker'}->{'http_eol'} is set in http_init_request.

- Moved from the Unix 'make' Makefile to a more generic Makefile.pl,
which will allow anyone to build libwhisker on any platform that has perl
(which you should, else why are you using libwhisker?!?)

- Added 'selfload' build option.  This will build a version of libwhisker 
that uses the perl SelfLoader module; this means the code is imported 
quickly into your program (since libwhisker is getting sizable, a small 
delay is had at the initialization of the program while the script is 
compiled).

- Added 'nopod' build option.  This will strip the POD documentation out 
of an already build libwhisker (it will build libwhisker if it doesn't 
exist).  Using 'nopod' makes libwhisker significantly smaller (almost 1/2 
the size), and gives a minor speed tweak (perl interpreter doesn't have 
to remove it on program execution).  If you don't need the function/API 
docs, then use 'nopod'.  The ./scripts/nopod.pl utility does all the 
work.

- Added 'install' and 'uninstall' build options, if you want to install 
the files locally.  Note: you don't have to install libwhisker to use 
it...simply having 'require libwhisker;' (or 'reqire "./libwhisker.pm";') 
will work, because perl will use the file from the local directory.  

- Added 'support' build option, which will query your system to see what 
available external modules are available, and print the results for you.  
This will let you know which modules are not installed, in case you want 
to install them (rather than having to hunt through your perl module 
directories, or find our the hard way by coding/running scripts).  It 
will also tell you the versions of what's already installed (including 
any (old) installed copies of libwhisker).

- Moved around the file structure, particularly introducing 
'globals.wpl'.  This allows for the SelfLoader building; plus, it's nice 
to see what variables are available to the entire package.

- Added the %LW_AVAILABLE hash, which tracks what libraries (and
versions)  are loaded into libwhisker.

- test.pl has evolved a little more.

- Fixed/added more POD documentation.

- Made libwhisker resemble (at least a little) a normal perl module. ;)

--------------------------------------------------------------------------

[] libwhisker pr2

- Lluis Mora (llmora@gibnet.gi) submitted a patch that helped clean up
some of my first-attempts at using Net::SSLeay.  He also caught the
whitespace that was screwing up the POD output.

- The *entire* socket reading/writing method was redone to use queues.  It 
allowed for better abstraction of SSL vs. normal sockets, and now the code 
catches timeouts properly.  If you were using any of the sock_getline and 
http_queue functions, you'll need to redo your code (although those low 
level functions weren't meant to be used).  In the end, it's much cleaner 
(versus the initial hack to get SSL in there).

- Now that the socket reading/writing is clean, SSL seems (heh) solid!

- Fixed various POD/documentation descriptions

- Added incoming header normalization, which is turned on by default.  Set 
{'whisker'}->{'incoming_header_normalization'}=0 to turn off.  
Normalization will turn headers like 'Content-length' and 'blah-blah-blah' 
into 'Content-Length' and 'Blah-Blah-Blah'.  Thanks to Lluis for catching 
and recommending code to counter this.

- Finally figured out what I want to do with the naming/versioning!  
libwhisker will be starting with the preview release (pr) numbers (I don't
particularly like the current 0.x trend), eventually hitting 1.0.  
whisker will have the current v1.4, and eventually start the 2.0 branch.  
So from this point on, libwhisker is separate from whisker.

- Added more {'whisker'} directives.  Will be documenting all of them 
real soon.

- Cleaned up the auth submodule, and branched off the base64 stuff into 
the encode submodule (plus, there's *much* more stuff in the encode 
submodule that I haven't released yet).

- Released development structure (separated subpackages with Makefile).

--------------------------------------------------------------------------

[] libwhisker pr1

- Initial code release (first official code population).  Released as 
built libwhisker.pm only.

--------------------------------------------------------------------------