Changes in 7.43.0 - June 17 2015

Changes:

• Added CURLOPT_PROXY_SERVICE_NAME
• Added CURLOPT_SERVICE_NAME
• New curl option: --proxy-service-name
• New curl option: --service-name
• New curl option: --data-raw
• Added CURLOPT_PIPEWAIT
• Added support for multiplexing transfers using HTTP/2, enable this with the new CURLPIPE_MULTIPLEX bit for CURLMOPT_PIPELINING
• HTTP/2: requires nghttp2 1.0.0 or later
• scripts: add zsh.pl for generating zsh completion
• curl.h: add CURL_HTTP_VERSION_2

Bugfixes:

• CVE-2015-3236: lingering HTTP credentials in connection re-use
• CVE-2015-3237: SMB send off unrelated memory contents
• nss: fix compilation failure with old versions of NSS
• curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION
• schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error
• Curl_ossl_init: load builtin modules
• configure: follow-up fix for krb5-config
• sasl_sspi: Populate domain from the realm in the challenge
• netrc: support 'default' token
• README: convert to UTF-8
• cyassl: Implement public key pinning
• nss: implement public key pinning for NSS backend
• mingw build: add arch -m32/-m64 to LDFLAGS
• schannel: Fix out of bounds array
• configure: remove autogenerated files by autoconf
• configure: remove --automake from libtoolize call
• acinclude.m4: fix shell test for default CA cert bundle/path
• schannel: fix regression in schannel_recv
• openssl: skip trace outputs for ssl_ver == 0
• gnutls: properly retrieve certificate status
• netrc: Read in text mode when cygwin
• winbuild: Document the option used to statically link the CRT
• FTP: Make EPSV use the control IP address rather than the original host
• FTP: fix dangling conn->ip_addr dereference on verbose EPSV
• conncache: keep bundles on host+port bases, not only hostnames
• runtests.pl: use 'h2c' now, no -14 anymore
• curlver: introducing new version number (checking) macros
• openssl: boringssl build brekage, use SSL_CTX_set_msg_callback
• CURLOPT_POSTFIELDS.3: correct variable names
• curl_easy_unescape.3: update RFC reference
• gnutls: don't fail on non-fatal alerts during handshake
• testcurl.pl: allow source to be in an arbitrary directory
• CURLOPT_HTTPPROXYTUNNEL.3: only works with an HTTP proxy
• SSPI-error: Change SEC_E_ILLEGAL_MESSAGE description
• parse_proxy: switch off tunneling if non-HTTP proxy
• share_init: fix OOM crash
• perl: remove subdir, not touched in 9 years
• CURLOPT_COOKIELIST.3: Add example
• CURLOPT_COOKIE.3: Explain that the cookies won't be modified
• CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain
• FAQ: How do I port libcurl to my OS?
• openssl: Use TLS_client_method for OpenSSL 1.1.0+
• HTTP-NTLM: fail auth on connection close instead of looping
• curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT
• curl_getdate.3: update RFC reference
• curl_multi_info_read.3: added example
• curl_multi_perform.3: added example
• curl_multi_timeout.3: added example
• cookie: Stop exporting any-domain cookies
• openssl: remove dummy callback use from SSL_CTX_set_verify()
• openssl: remove SSL_get_session()-using code
• openssl: removed USERDATA_IN_PWD_CALLBACK kludge
• openssl: removed error string #ifdef
• openssl: Fix verification of server-sent legacy intermediates
• docs: manpage indentation and syntax fixes
• docs: Spelling fixes
• fopen.c: fix a few compiler warnings
• CURLOPT_OPENSOCKETFUNCTION: return error at once
• schannel: Add support for optional client certificates
• build: Properly detect OpenSSL 1.0.2 when using configure
• urldata: store POST size in state.infilesize too
• security:choose_mech remove dead code
• rtsp_do: remove dead code
• docs: many HTTP URIs changed to HTTPS
• schannel: schannel_recv overhaul

Further