1Curl and libcurl 7.43.0
2
3 Public curl releases:         147
4 Command line options:         176
5 curl_easy_setopt() options:   219
6 Public functions in libcurl:  58
7 Contributors:                 1291
8
9This release includes the following changes:
10
11 o Added CURLOPT_PROXY_SERVICE_NAME[11]
12 o Added CURLOPT_SERVICE_NAME[12]
13 o New curl option: --proxy-service-name[13]
14 o Mew curl option: --service-name [14]
15 o New curl option: --data-raw [5]
16 o Added CURLOPT_PIPEWAIT [15]
17 o Added support for multiplexing transfers using HTTP/2, enable this
18   with the new CURLPIPE_MULTIPLEX bit for CURLMOPT_PIPELINING [16]
19 o HTTP/2: requires nghttp2 1.0.0 or later
20 o scripts: add zsh.pl for generating zsh completion
21 o curl.h: add CURL_HTTP_VERSION_2
22
23This release includes the following bugfixes:
24
25 o CVE-2015-3236: lingering HTTP credentials in connection re-use [30]
26 o CVE-2015-3237: SMB send off unrelated memory contents [31]
27 o nss: fix compilation failure with old versions of NSS [1]
28 o curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION
29 o schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error
30 o Curl_ossl_init: load builtin modules [2]
31 o configure: follow-up fix for krb5-config [3]
32 o sasl_sspi: Populate domain from the realm in the challenge [4]
33 o netrc: support 'default' token
34 o README: convert to UTF-8
35 o cyassl: Implement public key pinning
36 o nss: implement public key pinning for NSS backend
37 o mingw build: add arch -m32/-m64 to LDFLAGS
38 o schannel: Fix out of bounds array [6]
39 o configure: remove autogenerated files by autoconf
40 o configure: remove --automake from libtoolize call
41 o acinclude.m4: fix shell test for default CA cert bundle/path
42 o schannel: fix regression in schannel_recv [7]
43 o openssl: skip trace outputs for ssl_ver == 0 [8]
44 o gnutls: properly retrieve certificate status
45 o netrc: Read in text mode when cygwin [9]
46 o winbuild: Document the option used to statically link the CRT [10]
47 o FTP: Make EPSV use the control IP address rather than the original host
48 o FTP: fix dangling conn->ip_addr dereference on verbose EPSV
49 o conncache: keep bundles on host+port bases, not only host names
50 o runtests.pl: use 'h2c' now, no -14 anymore
51 o curlver: introducing new version number (checking) macros
52 o openssl: boringssl build brekage, use SSL_CTX_set_msg_callback [17]
53 o CURLOPT_POSTFIELDS.3: correct variable names [18]
54 o curl_easy_unescape.3: update RFC reference [19]
55 o gnutls: don't fail on non-fatal alerts during handshake
56 o testcurl.pl: allow source to be in an arbitrary directory
57 o CURLOPT_HTTPPROXYTUNNEL.3: only works with a HTTP proxy
58 o SSPI-error: Change SEC_E_ILLEGAL_MESSAGE description [20]
59 o parse_proxy: switch off tunneling if non-HTTP proxy [21]
60 o share_init: fix OOM crash
61 o perl: remove subdir, not touched in 9 years
62 o CURLOPT_COOKIELIST.3: Add example
63 o CURLOPT_COOKIE.3: Explain that the cookies won't be modified [22]
64 o CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain [23]
65 o FAQ: How do I port libcurl to my OS?
66 o openssl: Use TLS_client_method for OpenSSL 1.1.0+
67 o HTTP-NTLM: fail auth on connection close instead of looping [24]
68 o curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT [25]
69 o curl_getdate.3: update RFC reference
70 o curl_multi_info_read.3: added example
71 o curl_multi_perform.3: added example
72 o curl_multi_timeout.3: added example
73 o cookie: Stop exporting any-domain cookies [26]
74 o openssl: remove dummy callback use from SSL_CTX_set_verify()
75 o openssl: remove SSL_get_session()-using code
76 o openssl: removed USERDATA_IN_PWD_CALLBACK kludge
77 o openssl: removed error string #ifdef
78 o openssl: Fix verification of server-sent legacy intermediates [27]
79 o docs: man page indentation and syntax fixes
80 o docs: Spelling fixes
81 o fopen.c: fix a few compiler warnings
82 o CURLOPT_OPENSOCKETFUNCTION: return error at once [28]
83 o schannel: Add support for optional client certificates
84 o build: Properly detect OpenSSL 1.0.2 when using configure
85 o urldata: store POST size in state.infilesize too [29]
86 o security:choose_mech remove dead code
87 o rtsp_do: remove dead code
88 o docs: many HTTP URIs changed to HTTPS
89 o schannel: schannel_recv overhaul [32]
90
91This release includes the following known bugs:
92
93 o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)
94
95This release would not have looked like this without help, code, reports and
96advice from friends like these:
97
98  Alessandro Ghedini, Alexander Dyagilev, Anders Bakken, Anthony Avina,
99  Ashish Shukla, Bert Huijben, Brian Chrisman, Brian Prodoehl, Chris Araman,
100  Dagobert Michelsen, Dan Fandrich, Daniel Melani, Daniel Stenberg,
101  Dmitry Eremin-Solenikov, Drake Arconis, Egon Eckert, Frank Meier, Fred Stluka,
102  Gisle Vanem, Grant Pannell, Isaac Boukris, Jens Rantil, Joel Depooter,
103  Kamil Dudka, Linus Nielsen Feltzing, Linus Nielsen Feltzing Feltzing,
104  Liviu Chircu, Marc Hoersken, Michael Osipov, Oren Souroujon, Orgad Shaneh,
105  Patrick Monnerat, Patrick Rapin, Paul Howarth, Paul Oliver, Rafayel Mkrtchyan,
106  Ray Satiro, Sean Boudreau, Tatsuhiro Tsujikawa, Tomas Tomecek, Viktor Szakáts,
107  Ville Skyttä, Yehezkel Horowitz,
108  (43 contributors)
109
110        Thanks! (and sorry if I forgot to mention someone)
111
112References to bug reports and discussions on issues:
113
114 [1] = http://curl.haxx.se/mail/lib-2015-04/0095.html
115 [2] = https://github.com/bagder/curl/pull/206
116 [3] = https://github.com/bagder/curl/commit/5b668606527613179d0349f21b4ab0df2971e3d2#commitcomment-10473445
117 [4] = https://github.com/bagder/curl/pull/141
118 [5] = https://github.com/bagder/curl/issues/198
119 [6] = http://curl.haxx.se/mail/lib-2015-04/0199.html
120 [7] = https://github.com/bagder/curl/issues/244
121 [8] = https://github.com/bagder/curl/issues/219
122 [9] = https://github.com/bagder/curl/pull/258
123 [10] = https://github.com/bagder/curl/issues/254
124 [11] = http://curl.haxx.se/libcurl/c/CURLOPT_PROXY_SERVICE_NAME.html
125 [12] = http://curl.haxx.se/libcurl/c/CURLOPT_SERVICE_NAME.html
126 [13] = http://curl.haxx.se/docs/manpage.html#--proxy-service-name
127 [14] = http://curl.haxx.se/docs/manpage.html#--service-name
128 [15] = http://curl.haxx.se/libcurl/c/CURLOPT_PIPEWAIT.html
129 [16] = http://curl.haxx.se/libcurl/c/CURLMOPT_PIPELINING.html
130 [17] = https://github.com/bagder/curl/issues/275
131 [18] = https://github.com/bagder/curl/issues/281
132 [19] = https://github.com/bagder/curl/issues/282
133 [20] = https://github.com/bagder/curl/issues/267
134 [21] = http://curl.haxx.se/mail/lib-2015-05/0056.html
135 [22] = http://curl.haxx.se/mail/lib-2015-05/0115.html
136 [23] = http://curl.haxx.se/mail/lib-2015-05/0137.html
137 [24] = https://github.com/bagder/curl/issues/256
138 [25] = https://github.com/bagder/curl/pull/258#issuecomment-107093055
139 [26] = https://github.com/bagder/curl/issues/292
140 [27] = https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
141 [28] = http://curl.haxx.se/mail/lib-2015-06/0047.html
142 [29] = http://curl.haxx.se/mail/lib-2015-06/0019.html
143 [30] = http://curl.haxx.se/docs/adv_20150617A.html
144 [31] = http://curl.haxx.se/docs/adv_20150617B.html
145 [32] = https://github.com/bagder/curl/issues/244
146