cURL 7.25.0 - Changelog

What's new in cURL 7.25.0:

March 23rd, 2012

Changes:
· configure: add option disable --libcurl output
· --ssl-allow-beast and CURLOPT_SSL_OPTIONS added
· Added CURLOPT_TCP_KEEPALIVE, CURLOPT_TCP_KEEPIDLE, CURLOPT_TCP_KEEPINTVL
· curl: use new library-side TCP_KEEPALIVE options
· Added a new CURLOPT_MAIL_AUTH option
· Added support for --mail-auth
· --libcurl now also works with -F and more!

Bug fixes:
· --max-redirs: allow negative numbers as option value
· parse_proxy: bail out on zero-length proxy names
· configure: don't modify LD_LIBRARY_PATH for cross compiles
· curl_easy_reset: reset the referer string
· curl tool: don't abort glob-loop due to failures
· CONNECT: send correct Host: with IPv6 numerical address
· Explicitly link to the nettle/gcrypt libraries
· more resilient connection times among IP addresses
· winbuild: fix IPV6 and IDN options
· SMTP: Fixed error when using CURLOPT_CONNECT_ONLY
· cyassl: update to CyaSSL 2.0.x API
· smtp: Fixed an issue with the EOB checking
· pop3: Fixed drop of final CRLF in EOB checking
· smtp: Fixed an issue with writing postdata
· smtp: Added support for returning SMTP response codes
· CONNECT: fix ipv6 address in the Request-Line
· curl-config: only provide libraries with --libs
· LWIP: don't consider HAVE_ERRNO_H to be winsock
· ssh: tunnel through HTTP proxy if requested
· cookies: strip off [brackets] from numerical ipv6 host names
· libcurl docs: version corrections
· cmake: list_spaces_append_once failure
· resolve with c-ares: don't resolve IPv6 when not working
· smtp: changed error code for EHLO and HELO responses
· parsedate: fix a numeric overflow

What's new in cURL 7.24.0:

January 26th, 2012

Changes:
· CURLOPT_QUOTE: SFTP supports the '*'-prefix now
· CURLOPT_DNS_SERVERS: set name servers if possible
· Add support for using nettle instead of gcrypt as gnutls backend
· CURLOPT_INTERFACE: avoid resolving interfaces names with magic prefixes
· Added CURLOPT_ACCEPTTIMEOUT_MS
· configure: add symbols versioning option --enable-versioned-symbols

Bug fixes:
· curl was vulnerable to a data injection attack for certain protocols CVE-2012-0036
· curl was vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL
· SSL session share: move the age counter to the share object
· -J -O: use -O name if no Content-Disposition header comes!
· protocol_connect: show verbose connect and set connect time
· query-part: ignore the URI part for given protocols
· gnutls: only translate winsock errors for old versions
· POP3: fix end of body detection
· POP3: detect when LIST returns no mails
· TELNET: improved treatment of options
· configure: add support for pkg-config detection of libidn
· CyaSSL 2.0+ library initialization adjustment
· multi interface: only use non-NULL socker function pointer
· call opensocket callback properly for active FTP
· don't call close socket callback for sockets created with accept()
· differentiate better between host/proxy errors
· SSH: fix CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and --hostpubmd5
· multi: handle timeouts on DNS servers by checking for new sockets
· CURLOPT_DNS_SERVERS: fix return code
· POP3: fixed escaped dot not being stripped out
· OpenSSL: check for the SSLv2 function in configure
· MakefileBuild: fix the static build
· create_conn: don't switch to HTTP protocol if tunneling is enabled
· multi interface: fix block when CONNECT_ONLY option is used
· Fix connection reuse for TLS upgraded connections
· multiple file upload with -F and custom type
· multi interface: active FTP connections are no longer blocking
· Android build fix
· timer: restore PRETRANSFER timing
· libcurl.m4: Fix quoting arguments of AC_LANG_PROGRAM
· appconnect time fixed for non-blocking connect ssl backends
· do not include SSL handshake into time spent waiting for 100-continue
· handle dns cache case insensitive
· use new host name casing for subsequent HTTP requests
· CURLOPT_RESOLVE: avoid adding already present host names
· SFTP mkdir: use correct permission
· resolve: don't leak pre-populated dns entries
· --retry: Retry transfers on timeout and DNS errors
· negotiate with SSPI backend: use the correct buffer for input
· SFTP dir: increase buffer size counter to avoid cut off file names
· TFTP: fix resending (again)
· c-ares: don't include getaddrinfo-using code
· FTP: CURLE_PARTIAL_FILE will not close the control channel
· win32-threaded-resolver: stop using a dummy socket
· OpenSSL: remove reference to openssl internal struct
· OpenSSL: SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option no longer enabled
· OpenSSL: fix PKCS#12 certificate parsing related memory leak
· OpenLDAP: fix LDAP connection phase memory leak
· Telnet: Use correct file descriptor for telnet upload
· Telnet: Remove bogus optimisation of telnet upload
· URL parse: user name with ipv6 numerical address
· polarssl: show cipher suite name correctly with 1.1.0
· polarssl: havege_rand is not present in version 1.1.0 WARNING, we still use the old API which is said to be insecure
· gnutls: enforced use of SSLv3

What's new in cURL 7.23.1:

November 21st, 2011

Bug fixes:
· Windows: curl would fail if it found no CA cert, unless -k was used. Even if a non-SSL protocol URL was used

What's new in cURL 7.22.0:

November 21st, 2011

Changes:
· Empty headers can be sent in HTTP requests by terminating with a semicolon
· SSL session sharing support added to curl_share_setopt()
· Added support to MAIL FROM for the optional SIZE parameter
· smtp: Added support for NTLM authentication
· curl tool: code split into tool_*.[ch] files

Bug fixes:
· handle HTTP redirects to "//hostname/path"
· SMTP without --mail-from caused segfault
· prevent extra progress meter headers between multiple files
· allow Content-Length to be replaced when sending HTTP requests
· curl now always sets postfieldsize to allow --data-binary and --data to be mixed in the same command line
· curl_multi_fdset: avoid FD_SET out of bounds
· lots of MinGW build tweaks
· Curl_gethostname: return un-qualified machine name
· fixed the openssl version number configure check
· nss: certificates from files are no longer looked up by file base names
· returning abort from the progress function when using the multi interface would not properly cancel the transfer and close the connection
· fix libcurl.m4 to not fail with modern gcc versions
· ftp: improved the failed PORT host name resolved error message
· TFTP timeout and unexpected block adjustments
· HTTP and GOPHER test server-side connection closing adjustments
· fix endless loop upon transport connection timeout
· don't clobber errno on failed connect
· typecheck: allow NULL to unset CURLOPT_ERRORBUFFER
· formdata: ack read callback abort
· make --show-error properly position independent
· set the ipv6-connection boolean correctly on connect
· SMTP: fix end-of-body string escaping
· gtls: only call gnutls_transport_set_lowat with HTTP: handle multiple auths in a single WWW-Authenticate line
· curl_multi_fdset: correct fdset with FTP PORT use
· windbuild: fix the static build
· fix builds with GnuTLS version 3
· fix calling of OpenSSL's ERR_remove_state(0)
· HTTP auth: fix proxy Negotiate bug when Negotiate not requested
· ftp PORT: don't hang if bind() fails
· -# would crash on terminals wider than 256 columns

What's new in cURL 7.21.7:

June 25th, 2011

Changes:
· recognize the [protocol]:// prefix in proxy hosts where the protocol is one of socks4, socks4a, socks5 or socks5h.
· Added CURLOPT_CLOSESOCKETFUNCTION and CURLOPT_CLOSESOCKETDATA

Bug fixes:
· SECURITY ADVISORY: inappropriate GSSAPI delegation
· NTLM: work with unicode
· fix connect with SOCKS proxy when using the multi interface
· anyauthput.c: stdint.h must not be included unconditionally
· CMake: improved build
· SCP/SFTP enable non-blocking earlier
· GnuTLS handshake: fix timeout
· cyassl: build without filesystem
· HTTPS over HTTP proxy using the multi interface
· speedcheck: invalid timeout event on a reused handle
· Force connection close for HTTP 200 OK when time condition matched
· curl_formget: fix FILE * leak
· configure: improved OpenSSL detection
· Android build: support gingerbread
· CURLFORM_STREAM: acknowledge CURLFORM_FILENAME
· windows build: use correct MS CRT
· pop3: remove extra space in LIST command

What's new in cURL 7.21.6:

April 23rd, 2011

Changes:
· Added --tr-encoding and CURLOPT_TRANSFER_ENCODING
Bugfixes:
· curl-config: fix --version
· curl_easy_setopt.3: CURLOPT_PROXYTYPE clarification
· use HTTPS properly after CONNECT
· SFTP: close file before post quote operations

What's new in cURL 7.21.4:

February 19th, 2011

Changes:
· CURLINFO_FTP_ENTRY_PATH now supports SFTP
· introduced new framework for unit-testing
· IDN: use win32 API if told to
· ares: ask for both IPv4 and IPv6 addresses
· HTTP: do Negotiate authentication using SSPI on windows
· Windows build: alternative makefile
· TLS-SRP: support added when using GnuTLS

Bugfixes:
· SMTP: add brackets for MAIL FROM
· ossl_seed: no more RAND_screen (on Windows)
· multi: connect fail => use next IP address
· use the timeout when using multiple IP addresses similar to how the easy interface does it
· cookies: tricked dotcounter fixed
· pubkey_show: allocate buffer to fit any-size result
· Curl_nss_connect: avoid PATH_MAX
· Curl_do: avoid using stale conn pointer
· tftpd test server: avoid buffer overflow report from glibc
· nss: avoid CURLE_OUT_OF_MEMORY given a file name without any slash
· nss: fix a bug in handling of CURLOPT_CAPATH
· CMake: Use upstream CheckTypeSize module
· OpenSSL get_cert_chain: support larger data sets
· SCP/SFTP transfers: acknowledge speedcheck
· GnuTLS builds: fix memory leak
· connect problem: use UDP correctly
· Borland C++ makefile tweaks
· OpenSSL: improved error message on SSL_CTX_new failures
HTTP: memory leak on multiple Location:
· ares_query_completed_cb: don't touch invalid data
· ares: memory leak fix
· mk-ca-bundle: use new cacert url
· Curl_gmtime: added a portable gmtime and check for NULL
· curl.1: typo in -v description
· CURLOPT_SOCKOPTFUNCTION: return proper error code
· --keepalive-time: warn if not supported properly
· file: add support for CURLOPT_TIMECONDITION
· nss: avoid memory leaks and failure of NSS shutdown
· multi: fix CURLM_STATE_TOOFAST for multi_socket

What's new in cURL 7.21.3:

December 17th, 2010

Changes:
· Added --noconfigure switch to testcurl.pl
· Added --xattr option
· Added CURLOPT_RESOLVE and --resolve
· Added CURLAUTH_ONLY
· Added version-check.pl to the examples dir

Bugfixes:
· check for libcurl features for some command line options
· Curl_setopt: disallow CURLOPT_USE_SSL without SSL support
· http_chunks: remove debug output
· URL-parsing: consider ? a divider
· SSH: avoid using the libssh2_ prefix
· SSH: use libssh2_session_handshake() to work on win64
· ftp: prevent server from hanging on closed data connection when stopping a transfer before the end of the full transfer (ranges)
· LDAP: detect non-binary attributes properly
· ftp: treat server's response 421 as CURLE_OPERATION_TIMEDOUT
· gnutls->handshake: improved timeout handling
· security: Pass the right parameter to init
· krb5: Use GSS_ERROR to check for error
· TFTP: resend the correct data
· configure: fix autoconf 2.68 warning: no AC_LANG_SOURCE call detected
· GnuTLS: now detects socket errors on Windows
· symbols-in-versions: updated en masse
· added a couple examples that were missing from the tar ball
· Curl_send/recv_plain: return errno on failure
· Curl_wait_for_resolv (for c-ares): correct timeout
· ossl_connect_common: detect connection re-use
· configure: Prevent link errors with --librtmp
· openldap: use remote port in URL passed to ldap_init_fd()
· url: provide dead_connection flag in Curl_handler::disconnect
· lots of compiler warning fixes
· ssh: fix a download resume point calculation
· fix getinfo CURLINFO_LOCAL* for reused connections
· multi: the returned running handles conuter could turn negative
· multi: only ever consider pipelining for connections doing HTTP(S)

What's new in cURL 7.21.2:

October 13th, 2010

Changes:
· curl -T: ignore file size of special files
· Added GOPHER protocol support
· Added mk-ca-bundle.vbs script
· c-ares build now requires c-ares >= 1.6.0

Bug fixes:
· --remote-header-name security vulnerability fixed
· multi: support the timeouts correctly, fixes known bug #62
· multi: use timeouts properly for MAX_RECV/SEND_SPEED
· negotiation: Wrong proxy authorization
· multi: avoid sending multiple complete messages
· cmdline: make -F type= accept ;charset=
· RESUME_FROM: clarify what ftp uploads do
· http: handle trailer headers in all chunked responses
· Curl_is_connected: use correct errno
· Added SSPI build to Watcom makefile
· progress: callback for POSTs less than MAX_INITIAL_POST_SIZE
· linking problem on Fedora 13
· Link curl and the test apps with -lrt explicitly when necessary
· chunky parser: only rewind stream internally if needed
· remote-header-name: don't output filename when NULL
· Curl_timeleft: avoid returning "no timeout" by mistake
· timeout: use the correct start value as offset
· FTP: fix wrong timeout trigger
· buildconf got better output on failures
· rtsp: avoid SIGSEGV on malformed header
· LDAP: Support for tunnelling queries through HTTP proxy
· configure's --enable-werror had a bashism
· test565: Don't hardcode IP:PORT
· configure: check for gcrypt if using GnuTLS
· configure: don't enable RTMP if the lib detect fails
· curl_easy_duphandle: clone the c-ares handle correctly
· MacOSX-Framework: updates for Snowleopard
· support URL containing colon without trailing port number
· parsedate: allow time specified without seconds
· curl_easy_escape: don't escape "unreserved" characters
· SFTP: avoid downloading negative sizes
· Lots of GSS/KRB FTP fixes
· TFTP: Work around tftpd-hpa upload bug
· libcurl.m4: several fixes
· HTTP: remove special case for 416
· examples: use example.com in example URLs
· globbing: fix crash on unballanced open brace
· cmake: build fixed

What's new in cURL 7.21.1:

August 12th, 2010

Changes:
· maketgz: produce CHANGES automatically
· added support for NTLM authentication when compiled with NSS
· build: Enable configure --enable-werror
· curl-config: --built-shared returns shared info

Bugfixes:
· configure: spell --disable-threaded-resolver correctly
· multi: call the progress callback in all states
· multi: unmark handle as used when no longer head of pipeline
· sendrecv: treat all negative values from send/recv as errors
· ftp-wildcard: avoid tight loop when used without any pattern
· multi_socket: re-use of same socket without notifying app
· ftp wildcard: FTP LIST parser FIX
· urlglobbing backslash escaping bug
· build: add enable IPV6 option for the VC makefiles
· multi: CURLINFO_LASTSOCKET doesn't work after remove_handle
· --libcurl: use *_LARGE options with typecasted constants
· --libcurl: hide setopt() calls setting default options
· curl: avoid setting libcurl options to its default
· --libcurl: list the tricky options instead of using [REMARK]
· http: don't enable chunked during authentication negotiations
· upload: warn users trying to upload from stdin with anyauth
· configure: allow environments variable to override internals
· threaded resolver: fix timeout issue
· multi: fix condition that remove timers before trigger
· examples: add curl_multi_timeout
· --retry: access violation with URL part sets continued
· ssh: Fix compile error on 64-bit systems.
· remote-header-name: chop filename at next semicolon
· ftp: response timeout bug in "quote" sending
· CUSTOMREQUEST: shouldn't be disabled when HTTP is disabled
· Watcom makefiles overhaul.
· NTLM tests: boost coverage by forcing the hostname
· multi: fix FTPS connecting the data connection with OpenSSL
· retry: consider retrying even if -f is used
· fix SOCKS problem when using multi interface
· typecheck-gcc: add checks for recently added options
· SCP: send large files properly with new enough libssh2
· multi_socket: set timeout for 100-continue
· ";type=" URL suffix over HTTP proxy
· acknowledge progress callback error returns during connect
· Watcom makefile fixes
· runtests: clear old setenv remainders before test

What's new in cURL 7.21.0:

June 16th, 2010

Changes:
· added the --proto and -proto-redir options
· new configure option --enable-threaded-resolver
· improve TELNET ability with libcurl
· added support for PolarSSL
· added support for FTP wildcard matching and downloads
· added support for RTMP
· introducing new LDAP code for new enough OpenLDAP
· OpenLDAP support enabled for cygwin builds
· added CURLINFO_PRIMARY_PORT, CURLINFO_LOCAL_IP and CURLINFO_LOCAL_PORT

Bugfixes:
· prevent needless reverse name lookups
· detect GSS on ancient Linux distros
· GnuTLS: EOF caused error when it wasn't
· GnuTLS: SSL handshake phase is non-blocking
· -J/--remote-header-name strips CRLF
· MSVC makefiles now use ws2_32.lib instead of wsock32.lib
· -O crash on windows
· SSL handshake timeout underflow in libcurl-NSS
· multi interface missed storing connection time
· broken CRL support in libcurl-NSS
· ignore response-body on redirect even if compressed
· OpenSSL handshake state-machine for multi interface
· TFTP timeout option sent correctly
· TFTP block id wrap
· curl_multi_socket_action() timeout handles inaccuracy in timers better
· SCP/SFTP failure to respect the timeout
· spurious SSL connection aborts with OpenSSL

What's new in cURL 7.20.0:

February 10th, 2010

Changes:
· support SSL_FILETYPE_ENGINE for client certificate
· curl-config can now show the arguments used when building curl
· non-blocking TFTP
· send Expect: 100-continue for POSTs with unknown sizes
· added support for IMAP(S), POP3(S), SMTP(S) and RTSP
· added new curl_easy_setopt() options for SMTP and RTSP
· added --mail-from and --mail-rcpt for SMTP
· VMS build system enhancements
· added support for the PRET ftp command
· curl supports --ssl and --ssl-reqd
· added -J/--remote-header-name for using server-provided filename with -O
· enhanced asynchronous DNS lookups
· symbol CURL_FORMAT_OFF_T is obsoleted

Bugfixes:
· progress meter percentage and transfer time estimates fixes
· portability enhancement for OS's without orthogonal directory tree structure
· progress meter/callback during FTP connection
· DNS cache timeout while transfer in progress
· compilation when configured --with-gssapi having GNU GSS installed
· SSL connection reused with mismatched protection level
· configure --with-nss is set but not "yes"
· don't store LDFLAGS in pkg-config file
· never-pruned DNS cached entries
· HTTP proxy tunnel re-used connection even if tunnel got disabled
· SSL lib post-close write
· curl failed to report write errors for tiny failed downloads
· TFTP BLKSIZE
· Expect: 100-continue handling when set by the application
· multi interface with OpenSSL read already freed memory when closing down
· --retry didn't do right for FTP transient errors
· some *_proxy environment variables didn't function
· libcurl-OpenSSL engine cleanup
· header include fix for FreeBSD versions before v8
· fragment part of URLs are no longer sent to the server
· progress callback called repeatedly with c-ares for resolving
· OpenSSL session id ref count leak
· progress callback called repeatedly during slow connects
· curl_multi_fdset() would return -1 too often during SCP/SFTP transfers
· FTP file size checks with ASCII transfers
· HTTP Cookie: headers sort cookies based on specified path lengths
· CURLM_CALL_MULTI_PERFORM fix for multi socket timeout calls
· libcurl data callback excessive length

What's new in cURL 7.19.7:

November 6th, 2009

Changes:
· -T. is now for non-blocking uploading from stdin
· SYST handling on FTP for OS/400 FTP server cases
· libcurl refuses to read a single HTTP header longer than 100K
· added the --crlfile option to curl

Bugfixes:
· The windows makefiles work again
· libcurl-NSS acknowledges verifyhost
· SIGSEGV when pipelined pipe unexpectedly breaks
· data corruption issue with re-connected transfers
· use after free if we're completed but easy_conn not NULL (pipelined)
· missing strdup() return code check
· CURLOPT_PROXY_TRANSFER_MODE could pass along wrong syntax
· configure --with-gnutls=PATH fixed
· ftp response reader bug on failed control connections
· improved NSS error message on failed host name verifications
· ftp NOBODY on re-used connection hang
· configure uses pkg-config for cross-compiles as well
· improved NSS detection in configure
· cookie expiry date at 1970-jan-1 00:00:00
· libcurl-OpenSSL failed to verify some certs with Subject Alternative Name
· libcurl-OpenSSL can load CRL files with more than one certificate inside
· received cookies without explicit path got saved wrong if the URL had a query part
· don't shrink SO_SNDBUF on windows for those who have it set large already
· connect next bug
· invalid file name characters handling on Windows
· double close() on the primary socket with libcurl-NSS
· GSS negotiate infinite loop on bad credentials
· memory leak in SCP/SFTP connections
· use pkg-config to find out libssh2 installation details in configure
· unparsable cookie expire dates make cookies get treated as session coookies
· POST with Digest authentication and "Transfer-Encoding: chunked"
· SCP connection re-use with wrong auth
· CURLINFO_CONTENT_LENGTH_DOWNLOAD for 0 bytes transfers
· CURLINFO_SIZE_DOWNLOAD for ldap transfers (-w size_download)

What's new in cURL 7.19.6:

August 16th, 2009

Changes:
· CURLOPT_FTPPORT (and curl's -P/--ftpport) support port ranges
· Added CURLOPT_SSH_KNOWNHOSTS, CURLOPT_SSH_KEYFUNCTION, CURLOPT_SSH_KEYDATA
· CURLOPT_QUOTE, CURLOPT_POSTQUOTE and CURLOPT_PREQUOTE can be told to ignore error responses when used with FTP

Bug fixes:
· crash on bad socket close with FTP
· leaking cookie memory when duplicate domains or paths were used
· build fix for Symbian
· CURLOPT_USERPWD set to NULL clears auth credentials
· libcurl-NSS build fixes
· configure script fixed for VMS
· set Content-Length: with POST and PUT failed with NTLM auth
· allow building libcurl for VxWorks
· curl tool exit codes fixed for VMS
· --no-buffer treated correctly
· djgpp build fix
· configure detection of GnuTLS now based on pkg-config as well
· libcurl-NSS client cert handling segfaults
· curl uploading from stdin/pipes now works in non-blocking way so that it continues the downloading even when the read stalls
· ftp credentials are added to the url if needed for http proxies
· curl -o - sends data to stdout using binary mode on windows
· fixed the separators for "array" style string that CURLINFO_CERTINFO returns
· auth problem over several hosts with re-used connection
· improved the support for client certificates in libcurl+NSS
· fix leak in gtls code
· missing algorithms in libcurl+OpenSSL
· with noproxy set you could still get a proxy if a proxy env was set
· rand seeding on libcurl on windows built with OpenSSL was not thread-safe
· fixed the zero byte inserted in cert name flaw in libcurl+OpenSSL
· don't try SNI with SSLv2 or SSLv3 (OpenSSL and GnuTLS builds)
· libcurl+OpenSSL would wrongly acknowledge a cert if CN matched but subjectAltName didn't
· TFTP upload sent illegal TSIZE packets

What's new in cURL 7.19.5:

May 22nd, 2009

Changes:
· libcurl now closes all dead connections whenever you attempt to open a new connection
· libssh2's version number can now be figured out run-time instead of using the build-time fixed number
· CURLOPT_SEEKFUNCTION may now return CURL_SEEKFUNC_CANTSEEK
· curl can now upload with resume even when reading from a pipe
· a build-time configured curl_socklen_t is now used instead of socklen_t

Bugfixes:
· NTLM authentication memory leak on SSPI enabled Windows builds
· fixed the GnuTLS-using code to do correct return code checks
· an alloc-related call in the OpenSSL-using code didn't check the return value
· curl_easy_duphandle() failed to duplicate cookies at times
· missing TELNET timeout support in Windows builds
· missing Curl_read() and write callback result checking in TELNET transfers
· more ciphers enabled in libcurl built to use NSS
· properly return an error code in curl_easy_recv
· Sun compilers specific preprocessor block removed from curlbuild.h.dist
· allow creation of four way fat libcurl Mac OS X Framework
· several memory leaks in libcurl+NSS
· improved the CURLOPT_NOBODY set to 0 confusions
· persistent connections when doing FTP over a HTTP proxy
· --libcurl bogus strings where other data was pointed to
· crash related to FTP and "Re-used connection seems dead, get a new one"
· CURLINFO_APPCONNECT_TIME with the multi interface
· Enhanced upload speeds on Windows
· TFTP problems after a failed transfer to the same host
· improved out of the box TPF compatibility
· HTTP PUT protocol line endings portions mangled from CRLF to CRCRLF
· Rejected SSL session ids are killed properly (for OpenSSL and GnuTLS builds)
· Deal with the TFTP OACK packet
· fixed roff mistakes in man pages
· use SOCKS proxy with the multi interface
· fixed the Curl_getoff_all_pipelines SIGSEGV
· POST, NTLM and following a redirect hang
· libcurl+NSS endless loop on incorrect password for private key
· gzip decompression memory leak
· no_proxy flaw with user name in URL

What's new in cURL 7.19.4:

March 18th, 2009

Changes:
· Added CURLOPT_NOPROXY and the corresponding --noproxy
· the OpenSSL-specific code disables TICKET (rfc5077) which is enabled by default in openssl 0.9.8j
· Added CURLOPT_TFTP_BLKSIZE
· Added CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC - with the corresponding curl options --socks5-gssapi-service and --socks5-gssapi-nec
· Improved IPv6 support when built with with c-ares >= 1.6.1
· Added CURLPROXY_HTTP_1_0 and --proxy1.0
· Added docs/libcurl/symbols-in-versions
· Added CURLINFO_CONDITION_UNMET
· Added support for Digest and NTLM authentication using GnuTLS
· CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 to retry the CWD even when MKD fails
· GnuTLS initing moved to curl_global_init()
· Added CURLOPT_REDIR_PROTOCOLS and CURLOPT_PROTOCOLS, see also the security advisory

Bugfixes:
· missing ssh.obj in VS makefiles
· FTP ;type=i URLs now work with CURLOPT_PROXY_TRANSFER_MODE in Turkish locale
· realms with quoted quotation marks in HTTP Digest headers
· VC9 makefiles are now really included
· multi interface memory leak with CURLMOPT_MAXCONNECTS set
· CURLINFO_CONTENT_LENGTH_DOWNLOAD size from file:// "transfers" with CURLOPT_NOBODY set true
· memory leak on some libz errors for content encodings
· NSS-enabled build is repaired
· superfluous wait in SFTP downloads removed
· FTP with the multi interface no longer kills the control connection as easily on transfer failures
· compilation halting when using VS2008 to build a Windows 2000 target
· ease creation of libcurl Mac OS X Framework
· CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD are -1 if unknown
· Negotiate proxy authentication
· CURLOPT_INTERFACE and CURLOPT_LOCALPORT used together

What's new in cURL 7.19.3:

January 20th, 2009

Changes:
· CURLAUTH_DIGEST_IE bit added for CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH
· VC9 Makefiles were added to the release package

Bugfixes:
· build failure when disabling FTP but enabling GSS
· fixed several calls to memory functions that didn't check return codes
· memory leak for SSL connects with libcurl/NSS when CURLOPT_ISSUERCERT was used
· re-use of connections with the multi interface when multiple handles used the same server
· memory leak with HTTP GSS/kerberos authentication
· removed the default use of "Pragma: no-cache"
· fix SCP/SFTP busyloop by using a new libssh2 1.0 function
· bad fclose() after a fatal error in cookie code
· curl_multi_remove_handle() when the handle was in use in a HTTP pipeline
· GSS authentication infinite loop problem
· 550 response from SIZE no longer treated as missing file
· ftps:// control connections now use explicit protection level
· dotted IPv6 addresses longer than 39 bytes failed
· curl_easy_duphandle() doesn't try to duplicate the connection cache pointer
· build failure on OS/400 when enabling IPv6
· better detection of SFTP failures
· improved connection re-use for subsequent SCP and SFTP transfers
· multi interface does less busy-loops for SCP and SFTP transfers with libssh2 1.0 or later
· curl_multi_timeout() no longer returns timeout 0 when there's still more than 0 but less than 999 microseconds left
· the multi_socket API and HTTP pipelining now work a lot better when combined
· SFTP seek/resume beyond 32bit file sizes
· fixed breakage with --with-ssl --disable-verbose
· TTL "leak" in the DNS cache
· improved NSS initing
· curl_easy_reset now resets more options
· rare Location: follow bug with the multi interface
· the configure script can now detect gnutls with pkg-config
· curlbuild.h was adjusted for SunPro compilers
· CURLOPT_COOKIELIST set to "SESS" on an easy handle with no cookies data
· fixed timeouts for TFTP
· fixed PPC builds

What's new in cURL 7.19.2:

November 15th, 2008

· build failure when using MSVC 6 makefile and on four platforms more
· crash when using --interface name on Linux systems with a TEQL device
· using the multi interface to download a HTTPS page with libcurl built powered by OpenSSL could download "rubbish" instead of actual content

What's new in cURL 7.19.1:

November 5th, 2008

Changes:
· pkg-config can now show supported_protocols and supported_features.
· Added CURLOPT_CERTINFO and CURLINFO_CERTINFO.
· Added CURLOPT_POSTREDIR.
· Better detect HTTP 1.0 servers and don't do HTTP 1.1 requests on them.
· configure --disable-proxy disables proxy support.
· Added CURLOPT_USERNAME and CURLOPT_PASSWORD.
· --interface now works with IPv6 connections on glibc systems.
· Added CURLOPT_PROXYUSERNAME and CURLOPT_PROXYPASSWORD.

Bugfixes:
· MingW32 non-configure builds are now largefile feature enabled by default.
· NetWare LIBC builds are now largefile feature enabled by default.
· curl_easy_pause() could behave wrongly on unpause.
· cookies with invalid expire dates are now considered expired.
· HTTP pipelining over proxy.
· fix regression in configure script which affected OpenSSL builds on MSYS.
· GnuTLS-based multi interface doing HTTPS over proxy failed.
· recv() failures cause CURLE_RECV_ERROR.
· SFTP over SOCKS crash fixed.
· thread-safety issues addressed for NSS-powered libcurls.
· removed the use of mktime() and gmtime(_r)() in date parsing and conversions.
· HTTP Digest with a blank realm did wrong.
· CURLINFO_REDIRECT_URL didn't work with the multi interface.
· CURLOPT_RANGE now works for SFTP downloads.
· FTP SIZE response 550 now causes CURLE_REMOTE_FILE_NOT_FOUND.
· CURLINFO_PRIMARY_IP fixed for persistent connection re-use cases.
· remove_handle/add_handle multi interface timer callback flaw.
· CURLINFO_REDIRECT_URL memory leak and wrong-doing.
· case insensitive string matching works in Turkish too.
· Solaris builds get _REENTRANT defined properly and work again.
· Garbage sent on chunky upload after curl_easy_pause().
· ipv4 name resolves when libcurl is built with ipv6-enabled c-ares.
· undersized IPv6 address internal buffer truncated long IPv6 addresses.
· CURLINFO_FILETIME works for file:// transfers as well.

What's new in cURL 7.19.0:

September 2nd, 2008

· curl_off_t gets its size/typedef somewhat differently than before. This _may_ cause an ABI change for you. See lib/README.curl_off_t for a full explanation.
· Added CURLINFO_PRIMARY_IP
· Added CURLOPT_CRLFILE and CURLE_SSL_CRL_BADFILE
· Added CURLOPT_ISSUERCERT and CURLE_SSL_ISSUER_ERROR
· curl's option parser for boolean options reworked
· Added --remote-name-all
· Now builds for the INTEGRITY operating system
· Added CURLINFO_APPCONNECT_TIME
· Added test selection by key word in runtests.pl
· the curl tool's -w option support the %{ssl_verify_result} variable
· Added CURLOPT_ADDRESS_SCOPE and scope parsing of the URL according to RFC4007
· Support --append on SFTP uploads (not with OpenSSH, though)
· Added curlbuild.h and curlrules.h to the external library interface
· Fixed curl-config --ca
· Fixed the multi interface connection re-use with NSS-built libcurl
· connection re-use when using the multi interface with pipelining enabled
· curl_multi_socket() socket callback fix for close/re-create sockets case
· SCP or SFTP over socks proxy crashed
· RC4-MD5 cipher now works with NSS-built libcurl
· range requests with --head are now done correctly
· fallback to gettimeofday when monotonic clock is unavailable at run-time
· range numbers could be made to wrongly get output as signed
· unexpected 1xx responses hung transfers
· FTP transfers segfault when using different CURLOPT_FTP_FILEMETHOD
· c-ares powered libcurls can resolve/use IPv6 addresses
· poll not working on Windows Vista due to POLLPRI being incorrectly used
· user-agent in CONNECT with non-HTTP protocols
· CURL_READFUNC_PAUSE problems fixed
· --use-ascii now works on Symbian OS, MS-DOS and OS/2
· CURLINFO_SSL_VERIFYRESULT is fixed
· FTP URLs and IPv6 URLs mangled when sent to proxy with CURLOPT_PORT set
· a user name in a proxy URL without a password was parsed incorrectly
· library will now be built with _REENTRANT symbol defined only if needed
· no longer link with gdi32 on Windows cross-compiled targets
· HTTP PUT with -C - sent bad Content-Range: header
· HTTP PUT or POST with redirect could lead to hang
· re-use of connections with failed SSL connects in the multi interface
· NTLM over proxy state was wrongly cleared when host connection was closed
· Windows SSPI DLL loading is now done in curl_global_init()
· runtests.pl has an improved find-stunnel-and-invoke
· FTP sessions could go out of sync on a long header boundary condition
· potential buffer overflows in the MS-DOS command-line port fixed
· --stderr is now honoured with the -v option
· memory leak in libcurl on Windows built with OpenSSL
· improved curl_m*printf() integral data type size and signedness handling
· error when --dump-header - used with more than one URL
· proxy closing connect during CONNECT with auth with the multi interface
· CURLOPT_UPLOAD sets HTTP method back to GET or HEAD when passed in a 0
· shared cookies could get locked twice
· deal with closed connection while doing POST/PUT

What's new in cURL 7.18.2:

June 5th, 2008

· CURLFORM_STREAM was added
· CURLOPT_NOBODY is now supported over SFTP
· curl can now run on Symbian OS
· curl -w redirect_url and CURLINFO_REDIRECT_URL
· added curl_easy_send() and curl_easy_recv()
· CURLOPT_NOBODY first set to TRUE and then FALSE for HTTP no longer causes the confusion that could lead to a hung transfer
· curl_easy_reset() resets the max redirect limit properly
· configure now correctly recognizes Heimdal and MIT gssapi libraries
· malloc() failure check in Negotiate
· -i and -I together now work the same no matter what order they're used
· the typechecker can be bypassed by defining CURL_DISABLE_TYPECHECK
· a pointer mixup could make the FTP code send bad user password under rare circumstances (found when using curlftpfs)
· CURLOPT_OPENSOCKETFUNCTION can now be used to create a unix domain socket
· CURLOPT_TCP_NODELAY crash due to getprotobyname() use
· libcurl sometimes sent body twice when using CURLAUTH_ANY
· configure detecting debug-enabled c-ares
· microsecond resolution keys for internal splay trees
· krb4 and krb5 ftp segfault
· multi interface busy loop for CONNECT requests
· internal time differences now use monotonic time source if available
· several curl_multi_socket() fixes
· builds fine for Haiku OS
· follow redirect with only a new query string
· SCP and SFTP memory leaks on aborted transfers
· curl_multi_socket() and HTTP pipelining transfer stalls
· lost telnet data on an EWOULDBLOCK condition

What's new in cURL 7.18.1:

March 31st, 2008

· added support for HttpOnly cookies
· 'make ca-bundle' downloads and generates an updated ca bundle file
· we no longer distribute or install a ca cert bundle
· SSLv2 is now disabled by default for SSL operations
· the test509-style setting URL in callback is officially no longer supported
· support a full chain of certificates in a given PKCS12 certificate
· resumed transfers work with SFTP
· added type checking macros for curl_easy_setopt() and curl_easy_getinfo(), watch out for new warnings in code using libcurl (needs gcc-4.3 and currently only works in C mode)
· curl_easy_setopt(), curl_easy_getinfo(), curl_share_setopt() and curl_multi_setopt() uses are now checked to use exactly three arguments
· --with-ca-path=DIR configure option allows to set an openSSL CApath instead of a default ca bundle.
· improved pipelining
· improved strdup replacement
· GnuTLS-built libcurl failed when doing global cleanup and reinit
· error message problem when unable to resolve a host on Windows
· Accept: header replacing
· not verifying server certs with GnuTLS still failed if gnutls had problems with the cert
· when using the multi interface and a handle is removed while still having a transfer going on, the connection is now closed by force
· bad re-use of SSL connections in non-complete state
· test case 405 failures with GnuTLS builds
· crash when connection cache size is 1 and Curl_do() failed
· GnuTLS-built libcurl can now be forced to prefer SSLv3
· crash when doing Negotiate again on a re-used connection
· select/poll regression
· better MIT kerberos configure check
· curl_easy_reset() SFTP re-used connection download crash
· SFTP non-existing file SFTP existing file error
· sharing DNS cache between easy handles running in multiple threads could lead to crash
· SFTP upload with CURLOPT_FTP_CREATE_MISSING_DIRS on re-used connection
· SFTP infinite loop when given an invalid quote command
· curl-config erroneously reported LDAPS support with missing LDAP libraries
· SCP infinite loop when downloading a zero byte file
· setting the CURLOPT_SSL_CTX_FUNCTION with libcurl built without OpenSSL now makes curl_easy_setopt() properly return failure
· configure --with-libssh2 (with no given path)