Changes in 7.24.0 - January 24 2012

Changes:

• CURLOPT_QUOTE: SFTP supports the '*'-prefix now
• CURLOPT_DNS_SERVERS: set name servers if possible
• Add support for using nettle instead of gcrypt as gnutls backend
• CURLOPT_INTERFACE: avoid resolving interfaces names with magic prefixes
• Added CURLOPT_ACCEPTTIMEOUT_MS
• configure: add symbols versioning option --enable-versioned-symbols

Bugfixes:

• curl was vulnerable to a data injection attack for certain protocols CVE-2012-0036
• curl was vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL
• SSL session share: move the age counter to the share object
• -J -O: use -O name if no Content-Disposition header comes!
• protocol_connect: show verbose connect and set connect time
• query-part: ignore the URI part for given protocols
• gnutls: only translate winsock errors for old versions
• POP3: fix end of body detection
• POP3: detect when LIST returns no mails
• TELNET: improved treatment of options
• configure: add support for pkg-config detection of libidn
• CyaSSL 2.0+ library initialization adjustment
• multi interface: only use non-NULL socker function pointer
• call opensocket callback properly for active FTP
• don't call close socket callback for sockets created with accept()
• differentiate better between host/proxy errors
• SSH: fix CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and --hostpubmd5
• multi: handle timeouts on DNS servers by checking for new sockets
• CURLOPT_DNS_SERVERS: fix return code
• POP3: fixed escaped dot not being stripped out
• OpenSSL: check for the SSLv2 function in configure
• MakefileBuild: fix the static build
• create_conn: don't switch to HTTP protocol if tunneling is enabled
• multi interface: fix block when CONNECT_ONLY option is used
• Fix connection reuse for TLS upgraded connections
• multiple file upload with -F and custom type
• multi interface: active FTP connections are no longer blocking
• Android build fix
• timer: restore PRETRANSFER timing
• libcurl.m4: Fix quoting arguments of AC_LANG_PROGRAM
• appconnect time fixed for non-blocking connect ssl backends
• do not include SSL handshake into time spent waiting for 100-continue
• handle dns cache case insensitive
• use new hostname casing for subsequent HTTP requests
• CURLOPT_RESOLVE: avoid adding already present hostnames
• SFTP mkdir: use correct permission
• resolve: don't leak pre-populated dns entries
• --retry: Retry transfers on timeout and DNS errors
• negotiate with SSPI backend: use the correct buffer for input
• SFTP dir: increase buffer size counter to avoid cut off filenames
• TFTP: fix resending (again)
• c-ares: don't include getaddrinfo-using code
• FTP: CURLE_PARTIAL_FILE will not close the control channel
• win32-threaded-resolver: stop using a dummy socket
• OpenSSL: remove reference to openssl internal struct
• OpenSSL: SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option no longer enabled
• OpenSSL: fix PKCS#12 certificate parsing related memory leak
• OpenLDAP: fix LDAP connection phase memory leak
• Telnet: Use correct file descriptor for telnet upload
• Telnet: Remove bogus optimisation of telnet upload
• URL parse: username with ipv6 numerical address
• polarssl: show cipher suite name correctly with 1.1.0
• polarssl: havege_rand is not present in version 1.1.0 WARNING, we still use the old API which is said to be insecure
• gnutls: enforced use of SSLv3

Further