1 Curl and libcurl 7.43.0 2 3 Public curl releases: 147 4 Command line options: 176 5 curl_easy_setopt() options: 219 6 Public functions in libcurl: 58 7 Contributors: 1291 8 9 This release includes the following changes: 10 11 o Added CURLOPT_PROXY_SERVICE_NAME[11] 12 o Added CURLOPT_SERVICE_NAME[12] 13 o New curl option: --proxy-service-name[13] 14 o Mew curl option: --service-name [14] 15 o New curl option: --data-raw [5] 16 o Added CURLOPT_PIPEWAIT [15] 17 o Added support for multiplexing transfers using HTTP/2, enable this 18 with the new CURLPIPE_MULTIPLEX bit for CURLMOPT_PIPELINING [16] 19 o HTTP/2: requires nghttp2 1.0.0 or later 20 o scripts: add zsh.pl for generating zsh completion 21 o curl.h: add CURL_HTTP_VERSION_2 22 23 This release includes the following bugfixes: 24 25 o CVE-2015-3236: lingering HTTP credentials in connection re-use [30] 26 o CVE-2015-3237: SMB send off unrelated memory contents [31] 27 o nss: fix compilation failure with old versions of NSS [1] 28 o curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION 29 o schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error 30 o Curl_ossl_init: load builtin modules [2] 31 o configure: follow-up fix for krb5-config [3] 32 o sasl_sspi: Populate domain from the realm in the challenge [4] 33 o netrc: support 'default' token 34 o README: convert to UTF-8 35 o cyassl: Implement public key pinning 36 o nss: implement public key pinning for NSS backend 37 o mingw build: add arch -m32/-m64 to LDFLAGS 38 o schannel: Fix out of bounds array [6] 39 o configure: remove autogenerated files by autoconf 40 o configure: remove --automake from libtoolize call 41 o acinclude.m4: fix shell test for default CA cert bundle/path 42 o schannel: fix regression in schannel_recv [7] 43 o openssl: skip trace outputs for ssl_ver == 0 [8] 44 o gnutls: properly retrieve certificate status 45 o netrc: Read in text mode when cygwin [9] 46 o winbuild: Document the option used to statically link the CRT [10] 47 o FTP: Make EPSV use the control IP address rather than the original host 48 o FTP: fix dangling conn->ip_addr dereference on verbose EPSV 49 o conncache: keep bundles on host+port bases, not only host names 50 o runtests.pl: use 'h2c' now, no -14 anymore 51 o curlver: introducing new version number (checking) macros 52 o openssl: boringssl build brekage, use SSL_CTX_set_msg_callback [17] 53 o CURLOPT_POSTFIELDS.3: correct variable names [18] 54 o curl_easy_unescape.3: update RFC reference [19] 55 o gnutls: don't fail on non-fatal alerts during handshake 56 o testcurl.pl: allow source to be in an arbitrary directory 57 o CURLOPT_HTTPPROXYTUNNEL.3: only works with a HTTP proxy 58 o SSPI-error: Change SEC_E_ILLEGAL_MESSAGE description [20] 59 o parse_proxy: switch off tunneling if non-HTTP proxy [21] 60 o share_init: fix OOM crash 61 o perl: remove subdir, not touched in 9 years 62 o CURLOPT_COOKIELIST.3: Add example 63 o CURLOPT_COOKIE.3: Explain that the cookies won't be modified [22] 64 o CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain [23] 65 o FAQ: How do I port libcurl to my OS? 66 o openssl: Use TLS_client_method for OpenSSL 1.1.0+ 67 o HTTP-NTLM: fail auth on connection close instead of looping [24] 68 o curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT [25] 69 o curl_getdate.3: update RFC reference 70 o curl_multi_info_read.3: added example 71 o curl_multi_perform.3: added example 72 o curl_multi_timeout.3: added example 73 o cookie: Stop exporting any-domain cookies [26] 74 o openssl: remove dummy callback use from SSL_CTX_set_verify() 75 o openssl: remove SSL_get_session()-using code 76 o openssl: removed USERDATA_IN_PWD_CALLBACK kludge 77 o openssl: removed error string #ifdef 78 o openssl: Fix verification of server-sent legacy intermediates [27] 79 o docs: man page indentation and syntax fixes 80 o docs: Spelling fixes 81 o fopen.c: fix a few compiler warnings 82 o CURLOPT_OPENSOCKETFUNCTION: return error at once [28] 83 o schannel: Add support for optional client certificates 84 o build: Properly detect OpenSSL 1.0.2 when using configure 85 o urldata: store POST size in state.infilesize too [29] 86 o security:choose_mech remove dead code 87 o rtsp_do: remove dead code 88 o docs: many HTTP URIs changed to HTTPS 89 o schannel: schannel_recv overhaul [32] 90 91 This release includes the following known bugs: 92 93 o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html) 94 95 This release would not have looked like this without help, code, reports and 96 advice from friends like these: 97 98 Alessandro Ghedini, Alexander Dyagilev, Anders Bakken, Anthony Avina, 99 Ashish Shukla, Bert Huijben, Brian Chrisman, Brian Prodoehl, Chris Araman, 100 Dagobert Michelsen, Dan Fandrich, Daniel Melani, Daniel Stenberg, 101 Dmitry Eremin-Solenikov, Drake Arconis, Egon Eckert, Frank Meier, Fred Stluka, 102 Gisle Vanem, Grant Pannell, Isaac Boukris, Jens Rantil, Joel Depooter, 103 Kamil Dudka, Linus Nielsen Feltzing, Linus Nielsen Feltzing Feltzing, 104 Liviu Chircu, Marc Hoersken, Michael Osipov, Oren Souroujon, Orgad Shaneh, 105 Patrick Monnerat, Patrick Rapin, Paul Howarth, Paul Oliver, Rafayel Mkrtchyan, 106 Ray Satiro, Sean Boudreau, Tatsuhiro Tsujikawa, Tomas Tomecek, Viktor Szakts, 107 Ville Skytt, Yehezkel Horowitz, 108 (43 contributors) 109 110 Thanks! (and sorry if I forgot to mention someone) 111 112 References to bug reports and discussions on issues: 113 114 [1] = http://curl.haxx.se/mail/lib-2015-04/0095.html 115 [2] = https://github.com/bagder/curl/pull/206 116 [3] = https://github.com/bagder/curl/commit/5b668606527613179d0349f21b4ab0df2971e3d2#commitcomment-10473445 117 [4] = https://github.com/bagder/curl/pull/141 118 [5] = https://github.com/bagder/curl/issues/198 119 [6] = http://curl.haxx.se/mail/lib-2015-04/0199.html 120 [7] = https://github.com/bagder/curl/issues/244 121 [8] = https://github.com/bagder/curl/issues/219 122 [9] = https://github.com/bagder/curl/pull/258 123 [10] = https://github.com/bagder/curl/issues/254 124 [11] = http://curl.haxx.se/libcurl/c/CURLOPT_PROXY_SERVICE_NAME.html 125 [12] = http://curl.haxx.se/libcurl/c/CURLOPT_SERVICE_NAME.html 126 [13] = http://curl.haxx.se/docs/manpage.html#--proxy-service-name 127 [14] = http://curl.haxx.se/docs/manpage.html#--service-name 128 [15] = http://curl.haxx.se/libcurl/c/CURLOPT_PIPEWAIT.html 129 [16] = http://curl.haxx.se/libcurl/c/CURLMOPT_PIPELINING.html 130 [17] = https://github.com/bagder/curl/issues/275 131 [18] = https://github.com/bagder/curl/issues/281 132 [19] = https://github.com/bagder/curl/issues/282 133 [20] = https://github.com/bagder/curl/issues/267 134 [21] = http://curl.haxx.se/mail/lib-2015-05/0056.html 135 [22] = http://curl.haxx.se/mail/lib-2015-05/0115.html 136 [23] = http://curl.haxx.se/mail/lib-2015-05/0137.html 137 [24] = https://github.com/bagder/curl/issues/256 138 [25] = https://github.com/bagder/curl/pull/258#issuecomment-107093055 139 [26] = https://github.com/bagder/curl/issues/292 140 [27] = https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest 141 [28] = http://curl.haxx.se/mail/lib-2015-06/0047.html 142 [29] = http://curl.haxx.se/mail/lib-2015-06/0019.html 143 [30] = http://curl.haxx.se/docs/adv_20150617A.html 144 [31] = http://curl.haxx.se/docs/adv_20150617B.html 145 [32] = https://github.com/bagder/curl/issues/244 146
