- Keshav Krity found out that libcurl failed to deal with dotted IPv6

addresses if they were very long (>39 letters) due to a too strict address
  validity parser. It now accepts addresses up to 45 bytes long.

CHANGES

@@ -6,6 +6,11 @@
 
                                   Changelog
 
+Daniel Stenberg (11 Dec 2008)
+- Keshav Krity found out that libcurl failed to deal with dotted IPv6
+  addresses if they were very long (>39 letters) due to a too strict address
+  validity parser. It now accepts addresses up to 45 bytes long.
+
 Daniel Stenberg (11 Dec 2008)
 - Internet Explorer had a broken HTTP digest authentication before v7 and
   there are servers "out there" that relies on the client doing this broken

RELEASE-NOTES

@@ -27,6 +27,7 @@ This release includes the following bugfixes:
  o GSS authentication infinite loop problem
  o 550 response from SIZE no longer treated as missing file
  o ftps:// control connections now use explicit protection level
+ o dotted IPv6 addresses longer than 39 bytes failed
 
 This release includes the following known bugs:
 
@@ -37,6 +38,6 @@ advice from friends like these:
 
  Yang Tse, Daniel Fandrich, Jim Meyering, Christian Krause, Andreas Wurf,
  Markus Koetter, Josef Wolf, Vlad Grachov, Pawel Kierski, Igor Novoseltsev,
- Fred Machado, Ken Hirsch
+ Fred Machado, Ken Hirsch, Keshav Krity
 
         Thanks! (and sorry if I forgot to mention someone)

lib/url.c

@@ -3724,7 +3724,8 @@ static CURLcode parse_remote_port(struct SessionHandle *data,
   char *portptr;
   char endbracket;
 
-  if((1 == sscanf(conn->host.name, "[%*39[0123456789abcdefABCDEF:.%]%c", &endbracket)) &&
+  if((1 == sscanf(conn->host.name, "[%*45[0123456789abcdefABCDEF:.%]%c",
+                  &endbracket)) &&
      (']' == endbracket)) {
     /* this is a RFC2732-style specified IP-address */
     conn->bits.ipv6_ip = TRUE;