cURL Changelog

New in version 7.43.0

June 18th, 2015
  • Changes:
  • Added CURLOPT_PROXY_SERVICE_NAME
  • Added CURLOPT_SERVICE_NAME
  • New curl option: --proxy-service-name
  • New curl option: --service-name
  • New curl option: --data-raw
  • Added CURLOPT_PIPEWAIT
  • Added support for multiplexing transfers using HTTP/2, enable this with the new CURLPIPE_MULTIPLEX bit for CURLMOPT_PIPELINING
  • HTTP/2: requires nghttp2 1.0.0 or later
  • scripts: add zsh.pl for generating zsh completion
  • curl.h: add CURL_HTTP_VERSION_2
  • Bugfixes:
  • CVE-2015-3236: lingering HTTP credentials in connection re-use
  • CVE-2015-3237: SMB send off unrelated memory contents
  • nss: fix compilation failure with old versions of NSS
  • curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION
  • schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error
  • Curl_ossl_init: load builtin modules
  • configure: follow-up fix for krb5-config
  • sasl_sspi: Populate domain from the realm in the challenge
  • netrc: support 'default' token
  • README: convert to UTF-8
  • cyassl: Implement public key pinning
  • nss: implement public key pinning for NSS backend
  • mingw build: add arch -m32/-m64 to LDFLAGS
  • schannel: Fix out of bounds array
  • configure: remove autogenerated files by autoconf
  • configure: remove --automake from libtoolize call
  • acinclude.m4: fix shell test for default CA cert bundle/path
  • schannel: fix regression in schannel_recv
  • openssl: skip trace outputs for ssl_ver == 0
  • gnutls: properly retrieve certificate status
  • netrc: Read in text mode when cygwin
  • winbuild: Document the option used to statically link the CRT
  • FTP: Make EPSV use the control IP address rather than the original host
  • FTP: fix dangling conn->ip_addr dereference on verbose EPSV
  • conncache: keep bundles on host+port bases, not only host names
  • runtests.pl: use 'h2c' now, no -14 anymore
  • curlver: introducing new version number (checking) macros
  • openssl: boringssl build brekage, use SSL_CTX_set_msg_callback
  • CURLOPT_POSTFIELDS.3: correct variable names
  • curl_easy_unescape.3: update RFC reference
  • gnutls: don't fail on non-fatal alerts during handshake
  • testcurl.pl: allow source to be in an arbitrary directory
  • CURLOPT_HTTPPROXYTUNNEL.3: only works with a HTTP proxy
  • SSPI-error: Change SEC_E_ILLEGAL_MESSAGE description
  • parse_proxy: switch off tunneling if non-HTTP proxy
  • share_init: fix OOM crash
  • perl: remove subdir, not touched in 9 years
  • CURLOPT_COOKIELIST.3: Add example
  • CURLOPT_COOKIE.3: Explain that the cookies won't be modified
  • CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain
  • FAQ: How do I port libcurl to my OS?
  • openssl: Use TLS_client_method for OpenSSL 1.1.0+
  • HTTP-NTLM: fail auth on connection close instead of looping
  • curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT
  • curl_getdate.3: update RFC reference
  • curl_multi_info_read.3: added example
  • curl_multi_perform.3: added example
  • curl_multi_timeout.3: added example
  • cookie: Stop exporting any-domain cookies
  • openssl: remove dummy callback use from SSL_CTX_set_verify()
  • openssl: remove SSL_get_session()-using code
  • openssl: removed USERDATA_IN_PWD_CALLBACK kludge
  • openssl: removed error string #ifdef
  • openssl: Fix verification of server-sent legacy intermediates
  • docs: man page indentation and syntax fixes
  • docs: Spelling fixes
  • fopen.c: fix a few compiler warnings
  • CURLOPT_OPENSOCKETFUNCTION: return error at once
  • schannel: Add support for optional client certificates
  • build: Properly detect OpenSSL 1.0.2 when using configure
  • urldata: store POST size in state.infilesize too
  • security:choose_mech remove dead code
  • rtsp_do: remove dead code
  • docs: many HTTP URIs changed to HTTPS
  • schannel: schannel_recv overhaul

New in version 7.42.1 (April 29th, 2015)

  • Bugfixes:
  • CURLOPT_HEADEROPT: default to separate
  • dist: include {src,lib}/checksrc.whitelist
  • connectionexists: fix build without NTLM
  • docs: distribute the CURLOPT_PINNEDPUBLICKEY man page, too
  • curl -z: do not write empty file on unmet condition
  • openssl: fix serial number output
  • curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION
  • sws: init http2 state properly
  • curl.1: fix typo

New in version 7.42.0 (April 23rd, 2015)

  • Changes:
  • openssl: show the cipher selection to use in verbose text
  • gtls: implement CURLOPT_CERTINFO
  • add CURLOPT_SSL_FALSESTART option (darwinssl and NSS)
  • curl: add --false-start option
  • add CURLOPT_PATH_AS_IS
  • curl: add --path-as-is option
  • curl: create output file on successful download of an empty file
  • Bugfixes:
  • ConnectionExists: for NTLM re-use, require credentials to match
  • cookie: cookie parser out of boundary memory access
  • fix_hostname: zero length host name caused -1 index offset
  • http_done: close Negotiate connections when done
  • sws: timeout idle CONNECT connections
  • nss: improve error handling in Curl_nss_random()
  • nss: do not skip Curl_nss_seed() if data is NULL
  • curl-config.in: eliminate double quotes around CURL_CA_BUNDLE
  • http2: move lots of verbose output to be debug-only
  • dist: add extern-scan.pl to the tarball
  • http2: return recv error on unexpected EOF
  • build: Use default RandomizedBaseAddress directive in VC9+ project files
  • build: Removed DataExecutionPrevention directive from VC9+ project files
  • tool: Updated the warnf() function to use the GlobalConfig structure
  • http2: Return error if stream was closed with other than NO_ERROR
  • mprintf.h: remove #ifdef CURLDEBUG
  • libtest: fixed linker errors on msvc
  • tool: use ENABLE_CURLX_PRINTF instead of _MPRINTF_REPLACE
  • curl.1: fix "The the" typo
  • cmake: handle build definitions CURLDEBUG/DEBUGBUILD
  • openssl: remove all uses of USE_SSLEAY
  • multi: fix memory-leak on timeout (regression)
  • curl_easy_setopt.3: added CURLOPT_SSL_VERIFYSTATUS
  • metalink: add some error checks
  • TLS: make it possible to enable ALPN/NPN without HTTP/2
  • http2: use CURL_HTTP_VERSION_* symbols instead of NPN_*
  • conncontrol: only log changes to the connection bit
  • multi: fix *getsock() with CONNECT
  • symbols.pl: handle '-' in the deprecated field
  • MacOSX-Framework: use @rpath instead of @executable_path
  • GnuTLS: add support for CURLOPT_CAPATH
  • GnuTLS: print negotiated TLS version and full cipher suite name
  • GnuTLS: don't print double newline after certificate dates
  • memanalyze.pl: handle free(NULL)
  • proxy: re-use proxy connections (regression)
  • mk-ca-bundle: Don't report SHA1 numbers with "-q"
  • http: always send Host: header as first header
  • openssl: sort ciphers to use based on strength
  • openssl: use colons properly in the ciphers list
  • http2: detect premature close without data transfered
  • hostip: Fix signal race in Curl_resolv_timeout
  • closesocket: call multi socket cb on close even with custom close
  • mksymbolsmanpage.pl: use std header and generate better nroff header
  • connect: Fix happy eyeballs logic for IPv4-only builds
  • curl_easy_perform.3: remove superfluous close brace from example
  • HTTP: don't use Expect: headers when on HTTP/2
  • Curl_sh_entry: remove unused 'timestamp'
  • docs/libcurl: makefile portability fix
  • mkhelp: Remove trailing carriage return from every line of input
  • nss: explicitly tell NSS to disable NPN/ALPN when libcurl disables it
  • curl_easy_setopt.3: added a few missing options
  • metalink: fix resource leak in OOM
  • axtls: version 1.5.2 now requires that config.h be manually included
  • HTTP: don't switch to HTTP/2 from 1.1 until we get the 101
  • cyassl: detect the library as renamed wolfssl
  • CURLOPT_HTTPHEADER.3: add a "SECURITY CONCERNS" section
  • CURLOPT_URL.3: Added "SECURITY CONCERNS
  • openssl: try to avoid accessing OCSP structs when possible
  • test938: added missing closing tags
  • testcurl: Allow '=' in values given on command line
  • tests/certs: added make target to rebuild certificates
  • tests/certs: rebuild certificates with modified key usage bits
  • gtls: avoid uninitialized variable
  • gtls: dereferencing NULL pointer
  • gtls: add check of return code
  • test1513: eliminated race condition in test run
  • dict: rename byte to avoid compiler shadowed declaration warning
  • curl_easy_recv/send: make them work with the multi interface
  • vtls: fix compile with --disable-crypto-auth but with SSL
  • openssl: adapt to ASN1/X509 things gone opaque in 1.1
  • openssl: verifystatus: only use the OCSP work-around

New in version 7.41.0 (February 25th, 2015)

  • Changes:
  • NetWare build: added TLS-SRP enabled build
  • winbuild: Added option to build with c-ares
  • Added --cert-status
  • Added CURLOPT_SSL_VERIFYSTATUS
  • sasl: implement EXTERNAL authentication mechanism
  • Bugfixes:
  • sasl_gssapi: Fixed build on NetBSD with built-in GSS-API
  • FTP: fix IPv6 host using link-local address
  • FTP: if EPSV fails on IPV6 connections, bail out
  • gssapi: Remove need for duplicated GSS_C_NT_HOSTBASED_SERVICE definitions
  • NSS: fix compiler error when built http2-enabled
  • mingw build: allow to pass custom CFLAGS
  • add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS
  • curl_schannel.c: mark session as removed from cache if not freed
  • Curl_pretransfer: reset expected transfer sizes
  • curl.h: remove extra space
  • curl_endian: Fixed build when 64-bit integers are not supported
  • checksrc.bat: Better detection of Perl installation
  • build-openssl.bat: Added check for Perl installation
  • http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int
  • http_negotiate: Added empty decoded challenge message info text
  • vtls: Removed unimplemented overrides of curlssl_close_all()
  • sasl_gssapi: Fixed memory leak with local SPN variable
  • http_negotiate: Use dynamic buffer for SPN generation
  • ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP
  • openssl: do public key pinning check independently
  • timeval: typecast for better type (on Amiga)
  • ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6
  • SASL: common URL option and auth capabilities decoders for all protocols
  • BoringSSL: fix build
  • BoringSSL: detected by configure, switches off NTLM
  • openvms: Handle openssl/0.8.9zb version parsing
  • configure: detect libresssl
  • configure: remove detection of the old yassl emulation API
  • curl_setup: Disable SMB/CIFS support when HTTP only
  • imap: remove automatic password setting: it breaks external sasl authentication
  • sasl: remove XOAUTH2 from default enabled authentication mechanism
  • runtests: identify BoringSSL and libressl
  • security: avoid compiler warning
  • ldap: build with BoringSSL
  • des: Added Curl_des_set_odd_parity()
  • CURLOPT_SEEKFUNCTION.3: also when server closes a connection
  • CURLOPT_HTTP_VERSION.3: CURL_HTTP_VERSION_2_0 added in 7.33.0
  • build: Removed unused Visual Studio bscmake settings
  • build: Enabled DEBUGBUILD in Visual Studio debug builds
  • build: Renamed top level Visual Studio solution files
  • build: Removed Visual Studio SuppressStartupBanner directive for VC8+
  • libcurl-symbols: first basic shot for autogenerated docs
  • Makefile.am: fix 'make distcheck'
  • getpass_r: read from stdin, not stdout!
  • getpass: protect include with proper #ifdef
  • opts: CURLOPT_CAINFO availability depends on SSL engine
  • more cleanup of 'CURLcode result' return code
  • MD4: replace implementation
  • MD5: replace implementation
  • openssl: SSL_SESSION->ssl_version no longer exist
  • md5: use axTLS's own MD5 functions when available
  • schannel: Removed curl_ prefix from source files
  • curl.1: add warning when using -H and redirects
  • curl.1: clarify that -X is used for all requests
  • gskit: Fix exclusive SSLv3 option
  • polarssl: Fix exclusive SSL protocol version options
  • http2: Fix bug that associated stream canceled on PUSH_PROMISE
  • ftp: accept all 2xx responses to the PORT command
  • configure: allow both --with-ca-bundle and --with-ca-path
  • cmake: install the dll file to the correct directory
  • nss: fix NPN/ALPN protocol negotiation
  • polarssl: fix ALPN protocol negotiation
  • cmake: Fix generation of tool_hugehelp.c on windows
  • cmake: fix winsock2 detection on windows
  • gnutls: fix build with HTTP2
  • connect: fix a spurious connect failure on dual-stacked hosts
  • test: test 530 is now less timing dependent
  • telnet: invalid use of custom read function if not set

New in version 7.40.0 (January 8th, 2015)

  • Changes:
  • http_digest: Added support for Windows SSPI based authentication
  • version info: Added Kerberos V5 to the supported features
  • Makefile: Added VC targets for WinIDN
  • config-win32: Introduce build targets for VS2012+
  • SSL: Add PEM format support for public key pinning
  • smtp: Added support for the conversion of Unix newlines during mail send
  • smb: Added initial support for the SMB/CIFS protocol
  • Added support for HTTP over unix domain sockets, via CURLOPT_UNIX_SOCKET_PATH and --unix-socket
  • sasl: Added support for GSS-API based Kerberos V5 authentication
  • Bugfixes:
  • darwinssl: fix session ID keys to only reuse identical sessions
  • url-parsing: reject CRLFs within URLs
  • OS400: Adjust specific support to last release
  • THANKS: Remove duplicate names
  • url.c: Fixed compilation warning
  • ssh: Fixed build on platforms where R_OK is not defined
  • tool_strdup.c: include the tool strdup.h
  • build: Fixed Visual Studio project file generation of strdup.[c|h]
  • curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY
  • curl.1: show zone index use in a URL
  • mk-ca-bundle.vbs: switch to new certdata.txt url
  • Makefile.dist: Added some missing SSPI configurations
  • build: Fixed no NTLM support for email when CURL_DISABLE_HTTP is defined
  • SSH: use the port number as well for known_known checks
  • libssh2: detect features based on version, not configure checks
  • http2: Deal with HTTP/2 data inside Upgrade response header buffer
  • multi: removed Curl_multi_set_easy_connection
  • symbol-scan.pl: do not require autotools
  • cmake: add ENABLE_THREADED_RESOLVER, rename ARES
  • cmake: build libhostname for test suite
  • cmake: fix HAVE_GETHOSTNAME definition
  • tests: fix libhostname visibility
  • tests: fix memleak in server/resolve.c
  • vtls.h: Fixed compiler warning when compiled without SSL
  • CMake: Restore order-dependent header checks
  • CMake: Restore order-dependent library checks
  • tool: Removed krb4 from the supported features
  • http2: Don't send Upgrade headers when we already do HTTP/2
  • examples: Don't call select() to sleep on windows
  • win32: Updated some legacy APIs to use the newer extended versions
  • easy.c: Fixed compilation warning when no verbose string support
  • connect.c: Fixed compilation warning when no verbose string support
  • build: in Makefile.m32 pass -F flag to windres
  • build: in Makefile.m32 add -m32 flag for 32bit
  • multi: when leaving for timeout, close accordingly
  • CMake: Simplify if() conditions on check result variables
  • build: in Makefile.m32 try to detect 64bit target
  • multi: inform about closed sockets before they are closed
  • multi-uv.c: close the file handle after download
  • examples: Wait recommended 100ms when no file descriptors are ready
  • ntlm: Split the SSPI based messaging code from the native messaging code
  • cmake: fix NTLM detection when CURL_DISABLE_HTTP defined
  • cmake: add Kerberos to the supported feature
  • CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option
  • http: Disable pipelining for HTTP/2 and upgraded connections
  • ntlm: Fixed static'ness of local decode function
  • sasl: Reduced the need for two sets of NTLM messaging functions
  • multi.c: Fixed compilation warnings when no verbose string support
  • select.c: fix compilation for VxWorks
  • multi-single.c: switch to use curl_multi_wait
  • curl_multi_wait.3: clarify numfds being used if not NULL
  • http.c: Fixed compilation warnings from features being disabled
  • NSS: enable the CAPATH option
  • docs: Fix FAILONERROR typos
  • HTTP: don't abort connections with pending Negotiate authentication
  • HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a request
  • http_perhapsrewind: don't abort CONNECT requests
  • build: updated dependencies in makefiles
  • multi.c: Fixed compilation warning
  • ftp.c: Fixed compilation warnings when proxy support disabled
  • get_url_file_name: Fixed crash on OOM on debug build
  • cookie.c: Refactored cleanup code to simplify
  • OS400: enable NTLM authentication
  • ntlm: Use Windows Crypt API
  • http2: avoid logging neg "failure" if h2 was not requested
  • schannel_recv: return the correct code
  • VC build: added sspi define for winssl-zlib builds
  • Curl_client_write(): chop long data, convert data only once
  • openldap: do not ignore Curl_client_write() return code
  • ldap: check Curl_client_write() return codes
  • parsedate.c: Fixed compilation warning
  • url.c: Fixed compilation warning when USE_NTLM is not defined
  • ntlm_wb_response: fix "statement not reached"
  • telnet: fix "cast increases required alignment of target type"
  • smtp: Fixed dot stuffing when EOL characters at end of input buffers
  • ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined
  • ntlm: Disable NTLM v2 when 64-bit integers are not supported
  • ntlm: Use short integer when decoding 16-bit values
  • ftp.c: Fixed compilation warning when no verbose string support
  • synctime.c: fixed timeserver URLs
  • mk-ca-bundle.pl: restored forced run again
  • ntlm: Fixed return code for bad type-2 Target Info
  • curl_schannel.c: Data may be available before connection shutdown
  • curl_schannel: Improvements to memory re-allocation strategy
  • darwinssl: aprintf() to allocate the session key
  • tool_util.c: Use GetTickCount64 if it is available
  • lib: Fixed multiple code analysis warnings if SAL are available
  • tool_binmode.c: Explicitly ignore the return code of setmode
  • tool_urlglob.c: Silence warning C6293: Ill-defined for-loop
  • opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS
  • SFTP: work-around servers that return zero size on STAT
  • connect: singleipconnect(): properly try other address families after failure
  • IPV6: address scope != scope id
  • parseurlandfillconn(): fix improper non-numeric scope_id stripping
  • secureserver.pl: make OpenSSL CApath and cert absolute path values
  • secureserver.pl: update Windows detection and fix path conversion
  • secureserver.pl: clean up formatting of config and fix verbose output
  • tests: Added Windows support using Cygwin-based OpenSSH
  • sockfilt.c: use non-Ex functions that are available before WinXP
  • VMS: Updates for 0740-0D1220
  • openssl: warn for SRP set if SSLv3 is used, not for TLS version
  • openssl: make it compile against openssl 1.1.0-DEV master branch
  • openssl: fix SSL/TLS versions in verbose output
  • curl: show size of inhibited data when using -v
  • build: Removed WIN32 definition from the Visual Studio projects
  • build: Removed WIN64 definition from the libcurl Visual Studio projects
  • vtls: Use bool for Curl_ssl_getsessionid() return type
  • sockfilt.c: Replace 100ms sleep with thread throttle
  • sockfilt.c: Reduce the number of individual memory allocations
  • vtls: Don't set cert info count until memory allocation is successful
  • nss: Don't ignore Curl_ssl_init_certinfo() OOM failure
  • nss: Don't ignore Curl_extract_certinfo() OOM failure
  • vtls: Fixed compilation warning and an ignored return code
  • sockfilt.c: Fixed compilation warnings
  • darwinssl: Fixed compilation warning
  • vtls: Use '(void) arg' for unused parameters
  • sepheaders.c: Fixed resource leak on failure
  • lib1900.c: Fixed cppcheck error
  • ldap: Fixed Unicode connection details in Win32 initialsation / bind calls
  • ldap: Fixed Unicode DN, attributes and filter in Win32 search calls

New in version 7.39.0 (November 5th, 2014)

  • Changes:
  • SSLv3 is disabled by default
  • CURLOPT_COOKIELIST: Added "RELOAD" command
  • build: Added WinIDN build configuration options to Visual Studio projects
  • ssh: improve key file search
  • SSL: public key pinning. Use CURLOPT_PINNEDPUBLICKEY and --pinnedpubkey
  • vtls: remove QsoSSL support, use gskit!
  • mk-ca-bundle: added SHA-384 signature algorithm
  • docs: added many examples for libcurl opts and other doc improvements
  • build: Added VC ssh2 target to main Makefile
  • MinGW: Added support to build with nghttp2
  • NetWare: Added support to build with nghttp2
  • build: added Watcom support to build with WinSSL
  • build: Added optional specific version generation of VC project files
  • Bugfixes:
  • curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds
  • openssl: build fix for versions < 0.9.8e
  • newlines: fix mixed newlines to LF-only
  • ntlm: Fixed HTTP proxy authentication when using Windows SSPI
  • sasl_sspi: Fixed Unicode build
  • file: reject paths using embedded
  • threaded-resolver: revert Curl_expire_latest() switch
  • configure: allow --with-ca-path with PolarSSL too
  • HTTP/2: Fix busy loop when EOF is encountered
  • CURLOPT_CAPATH: return failure if set without backend support
  • nss: do not fail if a CRL is already cached
  • smtp: Fixed intermittent "SSL3_WRITE_PENDING: bad write retry" error
  • fixed 20+ nits/memory leaks identified by Coverity scans
  • curl_schannel.c: Fixed possible memory or handle leak
  • multi-uv.c: call curl_multi_info_read() better
  • cmake: Check for OpenSSL before OpenLDAP
  • cmake: Fix library list provided to cURL tests
  • cmake: Avoid cycle directory dependencies
  • cmake: Build with GSS-API libraries (MIT or Heimdal)
  • vtls: provide backend defines for internal source code
  • nss: fix a connection failure when FTPS handle is reused
  • tests/http_pipe.py: Python 3 support
  • cmake: build tool_hugehelp (ENABLE_MANUAL)
  • cmake: enable IPv6 by default if available
  • tests: move TESTCASES to Makefile.inc, add show for cmake
  • ntlm: Avoid unnecessary buffer allocation for SSPI based type-2 token
  • ntlm: Fixed empty/bad base-64 decoded buffer return codes
  • ntlm: Fixed empty type-2 decoded message info text
  • cmake: add CMake/Macros.cmake to the release tarball
  • cmake: add SUPPORT_FEATURES and SUPPORT_PROTOCOLS
  • cmake: use LIBCURL_VERSION from curlver.h
  • cmake: generate pkg-config and curl-config
  • fixed several superfluous variable assignements identified by cppcheck
  • cleanup of 'CURLcode result' return code
  • pipelining: only output "is not blacklisted" in debug builds
  • SSL: Remove SSLv3 from SSL default due to POODLE attack
  • gskit.c: remove SSLv3 from SSL default
  • darwinssl: detect possible future removal of SSLv3 from the framework
  • ntlm: Only define ntlm data structure when USE_NTLM is defined
  • ntlm: Return CURLcode from Curl_ntlm_core_mk_lm_hash()
  • ntlm: Return all errors from Curl_ntlm_core_mk_nt_hash()
  • sspi: Only call CompleteAuthToken() when complete is needed
  • http_negotiate: Fixed missing check for USE_SPNEGO
  • HTTP: return larger than 3 digit response codes too
  • openssl: Check for NPN / ALPN via OpenSSL version number
  • openssl: enable NPN separately from ALPN
  • sasl_sspi: Allow DIGEST-MD5 to use current windows credentials
  • sspi: Return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failure
  • resume: consider a resume from
  • sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used
  • build-openssl.bat: Fix x64 release build
  • cmake: drop _BSD_SOURCE macro usage
  • cmake: fix gethostby{addr,name}_r in CurlTests
  • cmake: clean OtherTests, fixing -Werror
  • cmake: fix struct sockaddr_storage check
  • Curl_single_getsock: fix hold/pause sock handling
  • SSL: PolarSSL default min SSL version TLS 1.0
  • cmake: fix ZLIB_INCLUDE_DIRS use
  • buildconf: stop checking for libtool

New in version 7.38.0 (September 10th, 2014)

  • Changes:
  • supports HTTP/2 draft-14
  • CURLE_HTTP2 is a new error code
  • CURLAUTH_NEGOTIATE is a new auth define
  • CURL_VERSION_GSSAPI is a new capability bit
  • no longer use fbopenssl for anything
  • schannel: use CryptGenRandom for random numbers
  • axtls: define curlssl_random using axTLS's PRNG
  • cyassl: use RNG_GenerateBlock to generate a good random number
  • findprotocol: show unsupported protocol within quotes
  • version: detect and show LibreSSL
  • version: detect and show BoringSSL
  • imap/pop3/smtp: Kerberos (SASL GSSAPI) authentication via Windows SSPI
  • http2: requires nghttp2 0.6.0 or later
  • Bugfixes:
  • SECURITY ADVISORY: cookie leak with IP address as domain
  • SECURITY ADVISORY: cookie leak for TLDs
  • fix a build failure on Debian when NSS support is enabled
  • HTTP/2: fixed compiler warnings when built disabled
  • cyassl: return the correct error code on no CA cert
  • http: Deprecate GSS-Negotiate macros due to bad naming
  • http: Fixed Negotiate: authentication
  • multi: Improve proxy CONNECT performance (regression)
  • ntlm_wb: Avoid invoking ntlm_auth helper with empty username
  • ntlm_wb: Fix hard-coded limit on NTLM auth packet size
  • url.c: use the preferred symbol name: *READDATA
  • smtp: fixed a segfault during test 1320 torture test
  • cyassl: made it compile with version 2.0.6 again
  • nss: do not check the version of NSS at run time
  • c-ares: fix build without IPv6 support
  • HTTP/2: use base64url encoding
  • SSPI Negotiate: Fix 3 memory leaks
  • libtest: fixed duplicated line in Makefile
  • conncache: fix compiler warning
  • openssl: make ossl_send return CURLE_OK better
  • HTTP/2: Support expect: 100-continue
  • HTTP/2: Fix infinite loop in readwrite_data()
  • parsedate: fix the return code for an overflow edge condition
  • darwinssl: don't use strtok()
  • http_negotiate_sspi: Fixed specific username and password not working
  • openssl: replace call to OPENSSL_config
  • http2: show the received header for better debugging
  • HTTP/2: Move :authority before non-pseudo header fields
  • HTTP/2: Reset promised stream, not its associated stream
  • HTTP/2: added some more logging for debugging stream problems
  • ntlm: Added support for SSPI package info query
  • ntlm: Fixed hard coded buffer for SSPI based auth packet generation
  • sasl_sspi: Fixed memory leak with not releasing Package Info struct
  • sasl_sspi: Fixed SPN not being converted to wchar under Unicode builds
  • sasl: Use a dynamic buffer for DIGEST-MD5 SPN generation
  • http_negotiate_sspi: Use a dynamic buffer for SPN generation
  • sasl_sspi: Fixed missing free of challenge buffer on SPN failure
  • sasl_sspi: Fixed hard coded buffer for response generation
  • Curl_poll + Curl_wait_ms: fix timeout return value
  • docs/SSLCERTS: update the section about NSS database
  • create_conn: prune dead connections
  • openssl: fix version report for the 0.9.8 branch
  • mk-ca-bundle.pl: switched to using hg.mozilla.org
  • http: fix the Content-Range: parser
  • Curl_disconnect: don't free the URL
  • win32: Fixed WinSock 2 #if
  • NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth
  • curl.1: clarify --limit-rate's effect on both directions
  • disconnect: don't touch easy-related state on disconnects
  • Cmake: big cleanup and numerous fixes
  • HTTP/2: supports draft-14 - moved :headers before the non-psuedo headers
  • HTTP/2: Reset promised stream, not its associated stream
  • configure.ac: Add support for recent GSS-API implementations for HP-UX
  • CONNECT: close proxy connections that fail
  • CURLOPT_NOBODY.3: clarify this option is for downloads
  • darwinssl: fix CA certificate checking using PEM format
  • resolve: cache lookup for async resolvers
  • low-speed-limit: avoid timeout flood
  • polarssl: implement CURLOPT_SSLVERSION
  • multi: convert CURLM_STATE_CONNECT_PEND handling to a list
  • curl_multi_cleanup: remove superfluous NULL assigns
  • polarssl: support CURLOPT_CAPATH / --capath
  • progress: size_dl/size_ul are always >= 0, and clear "KNOWN" properly

New in version 7.37.1 (August 27th, 2014)

  • Changes:
  • bits.close: introduce connection close tracking
  • darwinssl: Add support for --cacert
  • polarssl: add ALPN support
  • docs: Added new option man pages
  • Bugfixes:
  • build: Fixed incorrect reference to curl_setup.h in Visual Studio files
  • build: Use $(TargetDir) and $(TargetName) macros for .pdb and .lib output
  • curl.1: clarify that -u can't specify a user with colon
  • openssl: Fix uninitialized variable use in NPN callback
  • curl_easy_reset: reset the URL
  • curl_version_info.3: returns a pointer to a static struct
  • url-parser: only use if_nametoindex if detected by configure
  • select: with winsock, avoid passing unsupported arguments to select()
  • gnutls: don't use deprecated type names anymore
  • gnutls: allow building with nghttp2 but without ALPN support
  • tests: Fix portability issue with the tftpd server
  • curl_sasl_sspi: Fixed corrupt hostname in DIGEST-MD5 SPN
  • curl_sasl: extended native DIGEST-MD5 cnonce to be a 32-byte hex string
  • random: use Curl_rand() for proper random data
  • Curl_ossl_init: call OPENSSL_config for initing engines
  • config-win32.h: Updated for VC12
  • winbuild: Don't USE_WINSSL when WITH_SSL is being used
  • getinfo: HTTP CONNECT code not reset between transfers
  • Curl_rand: Use a fake entropy for debug builds when CURL_ENTROPY set
  • http2: avoid segfault when using the plain-text http2
  • conncache: move the connection counter to the cache struct
  • http2: better return code error checking
  • curlbuild: fix GCC build on SPARC systems without configure script
  • tool_metalink: Support polarssl as digest provider
  • curl.h: reverse the enum/define setup for old symbols
  • curl.h: moved two really old deprecated symbols
  • curl.h: renamed CURLOPT_DEPRECATEDx to CURLOPT_OBSOLETEx
  • buildconf: do not search tools in current directory.
  • OS400: make it compilable again. Make RPG binding up to date
  • nss: do not abort on connection failure (failing tests 305 and 404)
  • nss: make the fallback to SSLv3 work again
  • tool: prevent valgrind from reporting possibly lost memory (nss only)
  • progress callback: skip last callback update on errors
  • nss: fix a memory leak when CURLOPT_CRLFILE is used
  • compiler warnings: potentially uninitialized variables
  • url.c: Fixed memory leak on OOM
  • gnutls: ignore invalid certificate dates with VERIFYPEER disabled
  • gnutls: fix SRP support with versions of GnuTLS from 2.99.0
  • gnutls: fixed a couple of uninitialized variable references
  • gnutls: fixed compilation against versions < 2.12.0
  • build: Fixed overridden compiler PDB settings in VC7 to VC12
  • ntlm_wb: Fixed buffer size not being large enough for NTLMv2 sessions
  • netrc: don't abort if home dir cannot be found
  • netrc: fixed thread safety problem by using getpwuid_r if available
  • cookie: avoid mutex deadlock
  • configure: respect host tool prefix for krb5-config
  • gnutls: handle IP address in cert name check

New in version 7.35.0 (January 29th, 2014)

  • Changes:
  • imap/pop3/smtp: Added support for SASL authentication downgrades
  • imap/pop3/smtp: Extended the login options to support multiple auth mechanisms
  • TheArtOfHttpScripting: major update, converted layout and more
  • mprintf: Added support for I, I32 and I64 size specifiers
  • makefile: Added support for VC7, VC11 and VC12
  • Bugfixes:
  • SECURITY ADVISORY: re-use of wrong HTTP NTLM connection
  • curl_easy_setopt: Fixed OAuth 2.0 Bearer option name
  • pop3: Fixed APOP being determined by CAPA response rather than by timestamp
  • Curl_pp_readresp: zero terminate line
  • FILE: don't wait due to CURLOPT_MAX_RECV_SPEED_LARGE
  • docs: mention CURLOPT_MAX_RECV/SEND_SPEED_LARGE don't work for FILE://
  • pop3: Fixed auth preference not being honored when CAPA not supported
  • imap: Fixed auth preference not being honored when CAPABILITY not supported
  • threaded resolver: Use pthread_t * for curl_thread_t
  • FILE: we don't support paused transfers using this protocol
  • connect: Try all addresses in first connection attempt
  • curl_easy_setopt.3: Added SMTP information to CURLOPT_INFILESIZE_LARGE
  • OpenSSL: Fix forcing SSLv3 connections
  • openssl: allow explicit sslv2 selection
  • FTP parselist: fix "total" parser
  • conncache: fix possible dereference of null pointer
  • multi.c: fix possible dereference of null pointer
  • mk-ca-bundle: introduces -d and warns about using this script
  • ConnectionExists: fix NTLM check for new connection
  • trynextip: fix build for non-IPV6 capable systems
  • Curl_updateconninfo: don't do anything for UDP "connections"
  • darwinssl: un-break Leopard build after PKCS#12 change
  • threaded-resolver: never use NULL hints with getaddrinf
  • multi_socket: remind app if timeout didn't run
  • OpenSSL: deselect weak ciphers by default
  • error message: Sensible message on timeout when transfer size unknown
  • curl_easy_setopt.3: mention how to unset CURLOPT_INFILESIZE*
  • win32: Fixed use of deprecated function 'GetVersionInfoEx' for VC12
  • configure: fix gssapi linking on HP-UX
  • chunked-parser: abort on overflows, allow 64 bit chunks
  • chunked parsing: relax the CR strictness
  • cookie: max-age fixes
  • progress bar: always update when at 100%
  • progress bar: increase update frequency to 10Hz
  • tool: Fixed incorrect return code if command line parser runs out of memory
  • tool: Fixed incorrect return code if password prompting runs out of memory
  • HTTP POST: omit Content-Length if data size is unknown
  • GnuTLS: disable insecure ciphers
  • GnuTLS: honor --slv2 and the --tlsv1[.N] switches
  • multi: Fixed a memory leak on OOM condition
  • netrc: Fixed a memory and file descriptor leak on OOM
  • getpass: fix password parsing from console
  • TFTP: fix crash on time-out
  • hostip: don't remove DNS entries that are in use
  • tests: lots of tests fixed to pass the OOM torture tests

New in version 7.34.0 (December 23rd, 2013)

  • Changes:
  • SSL: protocol version can be specified more precisely
  • imap/pop3/smtp: Added graceful cancellation of SASL authentication
  • Add "Happy Eyeballs" for IPv4/IPv6 dual connect attempts
  • base64: Added validation of base64 input strings when decoding
  • curl_easy_setopt: Added the ability to set the login options separately
  • smtp: Added support for additional SMTP commands
  • curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internals
  • nss: allow to use TLS > 1.0 if built against recent NSS
  • SECURITY: added this document to describe our security processes
  • parseconfig: warn if unquoted white spaces are detected
  • Bugfixes:
  • SECURITY VULNERABILITY: libcurl cert name check ignore with GnuTLS
  • darwinssl: un-break iOS build after PKCS#12 feature added
  • tool: use XFERFUNCTION to save some casts
  • usercertinmem: fix memory leaks
  • ssh: Handle successful SSH_USERAUTH_NONE
  • NSS: acknowledge the --no-sessionid/CURLOPT_SSL_SESSIONID_CACHE option
  • test906: Fixed failing test on some platforms
  • sasl: initialize NSS before using NTLM crypto
  • sasl: Fixed memory leak in OAUTH2 message creation
  • imap/pop3/smtp: Fixed QUIT / LOGOUT being sent when SSL connect fails
  • cmake: unbreak for non-Windows platforms
  • ssh: initialize per-handle data in ssh_connect()
  • glob: fix broken URLs
  • configure: check for long long when building with cyassl
  • CURLOPT_RESOLVE: mention they don't time-out
  • docs/examples/httpput.c: fix build for MSVC
  • FTP: make the data connection work when going through proxy
  • NSS: support for CERTINFO feature
  • curl_multi_wait: accept 0 from multi_timeout() as valid timeout
  • glob_range: pass the closing bracket for a-z ranges
  • tool_help: Updated --list-only description to include POP3
  • Curl_ssl_push_certinfo_len: don't %.*s non-zero-terminated string
  • cmake: fix Windows build with IPv6 support
  • ares: Fixed compilation under Visual Studio 2012
  • curl_easy_setopt.3: clarify CURLOPT_SSL_VERIFYHOST documentation
  • curl.1: mention that -O does no URL decoding
  • darwinssl: PKCS#12 import feature now requires Lion or later
  • darwinssl: check for SSLSetSessionOption() presence when toggling BEAST
  • configure: Fix test with -Werror=implicit-function-declaration
  • sigpipe: factor out sigpipe_reset from easy.c
  • curl_multi_cleanup: ignore SIGPIPE
  • globbing: curl glob counter mismatch with {} list use
  • parseconfig: dash options can't specified with colon or equals
  • digest: fix CURLAUTH_DIGEST_IE
  • curl.h: for OpenBSD
  • darwinssl: Fix #if 10.6.0 for SecKeychainSearch
  • TFTP: fix return codes for connect timeout
  • login options: remove the ;[options] support from CURLOPT_USERPWD
  • imap: Fixed incorrect fallback to clear text authentication
  • parsedate: avoid integer overflow
  • curl.1: document -J doesn't %-decode
  • multi: add timer inaccuracy margin to timeout/connecttimeout

New in version 7.33.0 (October 15th, 2013)

  • Changes:
  • test code for testing the event based API
  • CURLM_ADDED_ALREADY: new error code
  • test TFTP server: support "writedelay" within
  • krb4 support has been removed
  • imap/pop3/smtp: added basic SASL XOAUTH2 support
  • darwinssl: add support for PKCS#12 files for client authentication
  • darwinssl: enable BEAST workaround on iOS 7 & later
  • Pass password to OpenSSL engine by user interface
  • c-ares: Add support for various DNS binding options
  • cookies: add expiration
  • curl: added --oauth2-bearer option
  • Bugfixes:
  • nss: make sure that NSS is initialized
  • curl: make --no-[option] work properly for several options
  • FTP: with socket_action send better socket updates in active mode
  • curl: fix the --sasl-ir in the --help output
  • tests 2032, 2033: Don't hardcode port in expected output
  • urlglob: better detect unclosed braces, empty lists and overflows
  • urlglob: error out on range overflow
  • imap: Fixed response check for SEARCH, EXPUNGE, LSUB, UID and NOOP commands
  • handle arbitrary-length username and password
  • TFTP: make the CURLOPT_LOW_SPEED* options work
  • curl.h: name space pollution by "enum type"
  • multi: move on from STATE_DONE faster
  • FTP: 60 secs delay if aborted in the CURLOPT_HEADERFUNCTION callback
  • multi_socket: improved 100-continue timeout handling
  • curl_multi_remove_handle: allow multiple removes
  • FTP: fix getsock during DO_MORE state
  • -x: rephrased the --proxy section somewhat
  • acinclude: fix --without-ca-path when cross-compiling
  • LDAP: fix bad free() when URL parsing failed
  • --data: mention CRLF treatment when reading from file
  • curl_easy_pause: suggest one way to unpause
  • imap: Fixed calculation of transfer when partial FETCH received
  • pingpong: Check SSL library buffers for already read data
  • imap/pop3/smtp: Speed up SSL connection initialization
  • libcurl.3: for multi interface connections are held in the multi handle
  • curl_easy_setopt.3: mention RTMP URL quirks
  • curl.1: detail how short/long options work
  • curl.1: Added information about optional login options to --user option
  • curl: Added clarification to the --mail options in the --help output
  • curl_easy_setopt.3: clarify that TIMEOUT and TIMEOUT_MS set the same value
  • openssl: use correct port number in error message
  • darwinssl: block TLS_RSA_WITH_NULL_SHA256 cipher
  • OpenSSL: acknowledge CURLOPT_SSL_VERIFYHOST without VERIFYPEER
  • xattr: add support for FreeBSD xattr API
  • win32: fix Visual Studio 2010 build with WINVER >= 0x600
  • configure: use icc options without space
  • test1112: Increase the timeout from 7s to 16s
  • SCP: upload speed on a fast connection limited to 16384 B/s
  • curl_setup_once: fix errno access for lwip on Windows
  • HTTP: Output http response 304 when modified time is too old

New in version 7.32.0 (August 12th, 2013)

  • curl: allow timeouts to accept decimal values
  • OS400: add slist and certinfo EBCDIC support
  • OS400: new SSL backend GSKit
  • CURLOPT_XFERINFOFUNCTION: introducing a new progress callback
  • LIBCURL-STRUCTS: new document

New in version 7.31.0 (June 24th, 2013)

  • Changes:
  • darwinssl: add TLS session resumption
  • darwinssl: add TLS crypto authentication
  • imap/pop3/smtp: Added support for ;auth= in the URL
  • imap/pop3/smtp: Added support for ;auth= to CURLOPT_USERPWD
  • usercertinmem.c: add example showing user cert in memory
  • url: Added smtp and pop3 hostnames to the protocol detection list
  • imap/pop3/smtp: Added support for enabling the SASL initial response
  • curl -E: allow to use ':' in certificate nicknames
  • Bugfixes:
  • SECURITY VULNERABILITY: curl_easy_unescape() may parse data beyond the end of the input buffer [26]
  • FTP: access files in root dir correctly
  • configure: try pthread_create without -lpthread
  • FTP: handle a 230 welcome response
  • curl-config: don't output static libs when they are disabled
  • CURL_CHECK_CA_BUNDLE: don't check for paths when cross-compiling
  • Various documentation updates
  • getinfo.c: reset timecond when clearing session-info variables
  • FILE: prevent an artificial timeout event due to stale speed-check data
  • ftp_state_pasv_resp: connect through proxy also when set by env
  • sshserver: disable StrictHostKeyChecking
  • ftpserver: Fixed imap logout confirmation data
  • curl_easy_init: use less mallocs
  • smtp: Fixed unknown percentage complete in progress bar
  • smtp: Fixed sending of double CRLF caused by first in EOB
  • bindlocal: move brace out of #ifdef
  • winssl: Fixed invalid memory access during SSL shutdown
  • OS X framework: fix invalid symbolic link
  • OpenSSL: allow empty server certificate subject
  • axtls: prevent memleaks on SSL handshake failures
  • cookies: only consider full path matches
  • Revert win32 MemoryTracking: wcsdup() _wcsdup() and _tcsdup()
  • Curl_cookie_add: handle IPv6 hosts
  • ossl_send: SSL_write() returning 0 is an error too
  • ossl_recv: SSL_read() returning 0 is an error too
  • Digest auth: escape user names with backslash or " in them
  • curl_formadd.3: fixed wrong "end-marker" syntax
  • libcurl-tutorial.3: fix incorrect backslash
  • curl_multi_wait: reduce timeout if the multi handle wants to
  • tests/Makefile: typo in the perlcheck target
  • axtls: honor disabled VERIFYHOST
  • OpenSSL: avoid double free in the PKCS12 certificate code
  • multi_socket: reduce timeout inaccuracy margin
  • digest: support auth-int for empty entity body
  • axtls: now done non-blocking
  • lib1900: use tutil_tvnow instead of gettimeofday
  • curl_easy_perform: avoid busy-looping
  • CURLOPT_COOKIELIST: take cookie share lock
  • multi_socket: react on socket close immediately

New in version 7.30.0 (April 12th, 2013)

  • imap: Changed response tag generation to be completely unique
  • imap: Added support for SASL-IR extension
  • imap: Added support for the list command
  • imap: Added support for the append command
  • imap: Added custom request parsing
  • imap: Added support to the fetch command for UID and SECTION properties
  • imap: Added parsing and verification of the UIDVALIDITY mailbox attribute
  • darwinssl: Make certificate errors less techy
  • imap/pop3/smtp: Added support for the STARTTLS capability
  • checksrc: ban use of sprintf, vsprintf, strcat, strncat and gets
  • curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag
  • Added CURLMOPT_MAX_HOST_CONNECTIONS, CURLMOPT_MAX_TOTAL_CONNECTIONS for new multi interface connection handling
  • Added CURLMOPT_MAX_PIPELINE_LENGTH, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, CURLMOPT_PIPELINING_SITE_BL and CURLMOPT_PIPELI NING_SERVER_BL for new pipelining control
  • Bugfixes:
  • SECURITY ADVISORY: cookie tailmatching to avoid cross-domain leakage
  • darwinssl: Fix build under Leopard
  • DONE: consider callback-aborted transfers premature
  • ntlm: Fixed memory leaks
  • smtp: Fixed an issue when processing EHLO failure responses
  • pop3: Fixed incorrect return value from pop3_endofresp()
  • pop3: Fixed SASL authentication capability detection
  • pop3: Fixed blocking SSL connect when connecting via POP3S
  • imap: Fixed memory leak when performing multiple selects
  • nss: fix misplaced code enabling non-blocking socket mode
  • AddFormData: prevent only directories from being posted
  • darwinssl: fix infinite loop if server disconnected abruptly
  • metalink: fix improbable crash parsing metalink filename
  • show proper host name on failed resolve
  • MacOSX-Framework: Make script work in Xcode 4.0 and later
  • strlcat: remove function
  • darwinssl: Fix send glitchiness with data > 32 or so KB
  • polarssl: better 1.1.x and 1.2.x support
  • various documentation improvements
  • multi: NULL pointer reference when closing an unused multi handle
  • SOCKS: fix socks proxy when noproxy matched
  • install-sh: updated to support multiple source files as arguments
  • PolarSSL: added human readable error strings
  • resolver_error: remove wrong error message output
  • docs: updates HTML index and general improvements
  • curlbuild.h.dist: enhance non-configure GCC ABI detection logic
  • sasl: Fixed null pointer reference when decoding empty digest challenge
  • easy: do not ignore poll() failures other than EINTR
  • darwinssl: disable ECC ciphers under Mountain Lion by default
  • CONNECT: count received headers
  • build: fixes for VMS
  • CONNECT: clear 'rewindaftersend' on success
  • HTTP proxy: insert slash in URL if missing
  • hiperfifo: updated to use current libevent API
  • getinmemory.c: abort the transfer nicely if not enough memory
  • improved win32 memorytracking
  • corrected proxy header response headers count
  • FTP quote operations on re-used connection
  • tcpkeepalive on win32
  • tcpkeepalive on Mac OS X
  • easy: acknowledge the CURLOPT_MAXCONNECTS option properly
  • easy interface: restore default MAXCONNECTS to 5
  • win32: don't set SO_SNDBUF for windows vista or later versions
  • HTTP: made cookie sort function more deterministic
  • winssl: Fixed memory leak if connection was not successful
  • FTP: wait on both connections during active STOR state
  • connect: treat a failed local bind of an interface as a non-fatal error
  • darwinssl: disable insecure ciphers by default
  • FTP: handle "rubbish" in front of directory name in 257 responses
  • mk-ca-bundle: Fixed lost OpenSSL output with "-t"

New in version 7.29.0 (February 6th, 2013)

  • Changes:
  • test: offer "automake" output and check for perl better
  • always-multi: always use non-blocking internals
  • imap: Added support for sasl digest-md5 authentication
  • imap: Added support for sasl cram-md5 authentication
  • imap: Added support for sasl ntlm authentication
  • imap: Added support for sasl login authentication
  • imap: Added support for sasl plain text authentication
  • imap: Added support for login disabled server capability
  • mk-ca-bundle: add -f, support passing to stdout and more
  • writeout: -w now supports remote_ip/port and local_ip/port
  • Bugfixes:
  • SECURITY ADVISORY: SASL buffer overflow vulnerability
  • nss: prevent NSS from crashing on client auth hook failure
  • darwinssl: Fixed inability to disable peer verification on Snow Leopard and Lion
  • curl_multi_remove_handle: fix memory leak triggered with CURLOPT_RESOLVE
  • SCP: relative path didn't work as documented
  • setup_once.h: HP-UX issue workaround
  • configure: fix cross pkg-config detection
  • runtests: Do not add undefined values to @INC
  • build: fix compilation with CURL_DISABLE_CRYPTO_AUTH flag
  • multi: fix re-sending request on early connection close
  • HTTP: remove stray CRLF in chunk-encoded content-free request bodies
  • build: fix AIX compilation and usage of events/revents
  • VC Makefiles: add missing hostcheck
  • nss: clear session cache if a client certificate from file is used
  • nss: fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
  • fix HTTP CONNECT tunnel establishment upon delayed response
  • --libcurl: fix for non-zero default options
  • FTP: reject illegal port numbers in EPSV 229 responses
  • build: use per-target '_CPPFLAGS' for those currently using default
  • configure: fix automake 1.13 compatibility
  • curl: ignore SIGPIPE
  • pop3: Added support for non-blocking SSL upgrade
  • pop3: Fixed default authentication detection
  • imap: Fixed usernames and passwords that contain escape characters
  • packages/DOS/common.dj: remove COFF debug info generation
  • imap/pop3/smtp: Fixed failure detection during TLS upgrade
  • pop3: Fixed no known authentication mechanism when fallback is required
  • formadd: reject trying to read a directory where a file is expected
  • formpost: support quotes, commas and semicolon in file names
  • docs: update the comments about loading CA certs with NSS
  • docs: fix typos in man pages
  • darwinssl: Fix bug where packets were sometimes transmitted twice
  • winbuild: include version info for .dll .exe
  • schannel: Removed extended error connection setup flag
  • VMS: fix and generate the VMS build config

New in version 7.23.1 (November 23rd, 2011)

  • Several improvements and various bugfixes were made.

New in version 7.21.1 (August 12th, 2010)

  • This version supports NTLM authentication when compiled with NSS.
  • It has at least 37 documented bugfixes.

New in version 7.21.0 (June 17th, 2010)

  • Changes:
  • added the --proto and -proto-redir options
  • new configure option --enable-threaded-resolver
  • improve TELNET ability with libcurl
  • added support for PolarSSL
  • added support for FTP wildcard matching and downloads
  • added support for RTMP
  • introducing new LDAP code for new enough OpenLDAP
  • OpenLDAP support enabled for cygwin builds
  • added CURLINFO_PRIMARY_PORT, CURLINFO_LOCAL_IP and CURLINFO_LOCAL_PORT
  • Bugfixes:
  • prevent needless reverse name lookups
  • detect GSS on ancient Linux distros
  • GnuTLS: EOF caused error when it wasn't
  • GnuTLS: SSL handshake phase is non-blocking
  • -J/--remote-header-name strips CRLF
  • MSVC makefiles now use ws2_32.lib instead of wsock32.lib
  • -O crash on windows
  • SSL handshake timeout underflow in libcurl-NSS
  • multi interface missed storing connection time
  • broken CRL support in libcurl-NSS
  • ignore response-body on redirect even if compressed
  • OpenSSL handshake state-machine for multi interface
  • TFTP timeout option sent correctly
  • TFTP block id wrap
  • curl_multi_socket_action() timeout handles inaccuracy in timers better
  • SCP/SFTP failure to respect the timeout
  • spurious SSL connection aborts with OpenSSL

New in version 7.19.1 (November 5th, 2008)

  • CURLOPT_CERTINFO, CURLINFO_CERTINFO, CURLOPT_POSTREDIR, CURLOPT_USERNAME, CURLOPT_PASSWORD, CURLOPT_PROXYUSERNAME, and CURLOPT_PROXYPASSWORD were added. 24 bugs were fixed.

New in version 7.19.0 (September 2nd, 2008)

  • Some new libcurl options, new Boolean options handling in the curl tool, and around 40 bugfixes.