tests/runtests.pl | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 runtests_gdb.

docs/index.html | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix path to "theartofhttpscripting" in docs.

lib/libcurl.vers.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 keep versioned symbols backwards compatibility.

ltmain.sh | 14 14 + 0 - 0 !
1 file changed, 14 insertions(+)

 work around libtool --as-needed reordering bug

tests/Makefile.am | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 always disable valgrind tests

m4/curl-compilers.m4 | 11 0 + 11 - 0 !
1 file changed, 11 deletions(-)

 do not disable debug symbols without --enable-debug

docs/curl.1 | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix spelling error in manpage

buildconf | 41 15 + 26 - 0 !
1 file changed, 15 insertions(+), 26 deletions(-)

 check for libtoolize rather than libtool
Last-Modified: 2014-09-19

libtool is now in package libtool-bin, but curl really only uses libtoolize.

lib/asyn-thread.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] threaded-resolver: revert curl_expire_latest() switch

The switch to using Curl_expire_latest() in commit cacdc27f52b was a
mistake and was against the advice even mentioned in that commit. The
comparison in asyn-thread.c:Curl_resolver_is_resolved() makes
Curl_expire() the suitable function to use.

Bug: http://curl.haxx.se/bug/view.cgi?id=1426
Reported-By: graysky

lib/formdata.c | 52 9 + 43 - 0 !
lib/strdup.c | 32 27 + 5 - 0 !
lib/strdup.h | 3 2 + 1 - 0 !
lib/url.c | 22 17 + 5 - 0 !
lib/urldata.h | 11 9 + 2 - 0 !
src/Makefile.inc | 4 2 + 2 - 0 !
src/tool_setup.h | 5 2 + 3 - 0 !
src/tool_strdup.c | 47 47 + 0 - 0 !
src/tool_strdup.h | 30 30 + 0 - 0 !
9 files changed, 145 insertions(+), 61 deletions(-)

 [patch] curl_easy_duphandle: curlopt_copypostfields read out of
 bounds

When duplicating a handle, the data to post was duplicated using
strdup() when it could be binary and contain zeroes and it was not even
zero terminated! This caused read out of bounds crashes/segfaults.

Since the lib/strdup.c file no longer is easily shared with the curl
tool with this change, it now uses its own version instead.

Bug: http://curl.haxx.se/docs/adv_20141105.html
CVE: CVE-2014-3707
Reported-By: Symeon Paraschoudis

lib/url.c | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 [patch] url-parsing: reject crlfs within urls

Bug: http://curl.haxx.se/docs/adv_20150108B.html
Reported-by: Andrey Labunets

docs/examples/Makefile.am | 4 2 + 2 - 0 !
lib/Makefile.am | 30 15 + 15 - 0 !
src/Makefile.am | 6 3 + 3 - 0 !
tests/libtest/Makefile.am | 10 5 + 5 - 0 !
4 files changed, 25 insertions(+), 25 deletions(-)

 build with gnutls.

docs/examples/Makefile.am | 4 2 + 2 - 0 !
lib/Makefile.am | 30 15 + 15 - 0 !
src/Makefile.am | 6 3 + 3 - 0 !
tests/libtest/Makefile.am | 10 5 + 5 - 0 !
4 files changed, 25 insertions(+), 25 deletions(-)

 build with nss.