out that OpenSSL-powered libcurl didn't support the SHA-2 digest algorithm,
  and provided the solution too: to use OpenSSL_add_all_algorithms() instead
  of the older SSLeay_* alternative. OpenSSL_add_all_algorithms was added in
  OpenSSL 0.9.5

  They introduce known_host support for SSH keys to libcurl. See docs for
  details.

  (https://bugzilla.novell.com/523919). When looking at the code, I found
  that also the ptr pointer can leak.

  in NSS-powered libcurl. Now the client certificates can be selected
  automatically by a NSS built-in hook. Additionally pre-login to all PKCS11
  slots is no more performed. It used to cause problems with HW tokens.

- Fixed reference counting for NSS client certificates. Now the PEM reader
  module should be always properly unloaded on Curl_nss_cleanup(). If the unload
  fails though, libcurl will try to reuse the already loaded instance.

in the Watcom makefiles aren't quite correct).

  errno is not reset on success.

renamed generated config.h to curl_config.h in order to avoid clashes when libcurl is used with other projects which also have a config.h.

  setting a file descriptor non-blocking. Used by the functionality Eric
  himself brough on June 15th.

  (http://curl.haxx.se/bug/view.cgi?id=2813123) and an a patch that fixes the
  problem:

  Url A is accessed using auth. Url A redirects to Url B (on a different
  server0. Url B reuses a persistent connection. Url B has auth, even though
  it's on a different server.

  Note: if Url B does not reuse a persistent connection, auth is not sent.

Markus Koetter provided a patch to avoid getnameinfo() usage which broke a couple of both IPv4 and IPv6 autobuilds.

  range if given colon-separated after the host name/address part. Like
  "192.168.0.1:2000-10000"

  (no newline translations). Use -B/--use-ascii if you rather get the ascii
  approach.

  provided in the url, add it there (squid needs this).

  This allows curl(1) to be used as a client-side tunnel for arbitrary stream
  protocols by abusing chunked transfer encoding in both the HTTP request and
  HTTP response.  This requires server support for sending a response while a
  request is still being read, of course.

  If attempting to read from stdin returns EAGAIN, then we pause our sender.
  This leaves curl to attempt to read from the socket while reading from stdin
  (and thus sending) is paused.

mention configure --enable-curldebug decoupled from --enable-debug

changed testcurl script to allow building test harness
programs when cross-compiling for a *-*-mingw* host.

  contributed a range of patches to fix them.

  issue with client certs that caused issues like segfaults.
  http://curl.haxx.se/mail/lib-2009-05/0316.html

  to detect gnutls build options with pkg-config only and not libgnutls-config
  anymore since GnuTLS has stopped distributing that tool. If an explicit path
  is given to configure, we will instead guess on how to link and use that
  lib. I did not use the patch from the bug report.

- Added some cmake docs and fixed socklen_t in the build.

  broken since 7.19.0

  is almost always a VERY BAD IDEA. Yet there are still apps out there doing
  this, and now recently it triggered a bug/side-effect in libcurl as when
  libcurl sends a POST or PUT with NTLM, it sends an empty post first when it
  knows it will just get a 401/407 back. If the app then replaced the
  Content-Length header, it caused the server to wait for input that libcurl
  wouldn't send. Aaron Oneal reported this problem in bug report #2799008
  http://curl.haxx.se/bug/view.cgi?id=2799008) and helped us verify the fix.

is also needed before curl can be built in Android, but it's not clear
what the best way is to provide one.

  without pkg-config.

  PK11_CreateGenericObject() function.

  the auth credentials back in 7.19.0 and earlier while now you have to set ""
  to get the same effect. His patch brings back the ability to use NULL.

  for a failure properly.

  fine with Nokia 5th edition 1.0 SDK for Symbian.

  out that the cookie parser would leak memory when it parses cookies that are
  received with domain, path etc set multiple times in the same header. While
  such a cookie is questionable, they occur in the wild and libcurl no longer
  leaks memory for them. I added such a header to test case 8.