Curl and libcurl 7.38.0 Public curl releases: 141 Command line options: 162 curl_easy_setopt() options: 208 Public functions in libcurl: 58 Contributors: 1164 This release includes the following changes: o CURLE_HTTP2 is a new error code o CURLAUTH_NEGOTIATE is a new auth define o CURL_VERSION_GSSAPI is a new capability bit o no longer use fbopenssl for anything o schannel: use CryptGenRandom for random numbers o axtls: define curlssl_random using axTLS's PRNG o cyassl: use RNG_GenerateBlock to generate a good random number o findprotocol: show unsupported protocol within quotes o version: detect and show LibreSSL o version: detect and show BoringSSL This release includes the following bugfixes: o fix a build failure on Debian when NSS support is enabled [1] o http2: fixed compiler warnings when built disabled [2] o cyassl: return the correct error code on no CA cert o http: Deprecate GSS-Negotiate macros due to bad naming o http: Fixed Negotiate: authentication o multi: Improve proxy CONNECT performance (regression) [3] o ntlm_wb: Avoid invoking ntlm_auth helper with empty username o ntlm_wb: Fix hard-coded limit on NTLM auth packet size o url.c: use the preferred symbol name: *READDATA [4] o smtp: fixed a segfault during test 1320 torture test o cyassl: made it compile with version 2.0.6 again o nss: do not check the version of NSS at run time o c-ares: fix build without IPv6 support [5] o http2: use base64url encoding [6] o SSPI Negotiate: Fix 3 memory leaks o libtest: fixed duplicated line in Makefile [7] o conncache: fix compiler warning [8] o openssl: make ossl_send return CURLE_OK better o HTTP2: Support expect: 100-continue o HTTP/2: Fix infinite loop in readwrite_data() o parsedate: fix the return code for an overflow edge condition o darwinssl: don't use strtok() o http_negotiate_sspi: Fixed specific username and password not working [9] o openssl: replace call to OPENSSL_config [10] o http2: show the received header for better debugging o HTTP/2: Move :authority before non-pseudo header fields o HTTP/2: Reset promised stream, not its associated stream o http2: added some more logging for debugging stream problems o ntlm: Added support for SSPI package info query o ntlm: Fixed hard coded buffer for SSPI based auth packet generation This release includes the following known bugs: o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html) This release would not have looked like this without help, code, reports and advice from friends like these: Alessandro Ghedini, Anthon Pang, Dan Fandrich, Daniel Stenberg, Dave Reisner, David Woodhouse, Fabian Keil, Jan Ehrhardt, Kamil Dudka, Leonardo Rosati, Marcel Raad, Michael Osipov, Michael Wallner, Patrick Monnerat, Paul Saab, Rafaël Carré, Sergey Nikulov, Spork Schivago, Steve Holme, Tatsuhiro Tsujikawa, Toby Peterson, Thanks! (and sorry if I forgot to mention someone) References to bug reports and discussions on issues: [1] = http://curl.haxx.se/mail/lib-2014-07/0209.html [2] = http://curl.haxx.se/mail/lib-2014-07/0202.html [3] = http://curl.haxx.se/bug/view.cgi?id=1397 [4] = http://curl.haxx.se/bug/view.cgi?id=1398 [5] = http://curl.haxx.se/mail/lib-2014-07/0337.html [6] = https://github.com/tatsuhiro-t/nghttp2/issues/62 [7] = https://github.com/bagder/curl/pull/105 [8] = http://curl.haxx.se/bug/view.cgi?id=1399 [9] = http://curl.haxx.se/mail/lib-2014-06/0224.html [10] = http://curl.haxx.se/bug/view.cgi?id=1401