Curl and libcurl 7.36.0

 Public curl releases:         138
 Command line options:         161
 curl_easy_setopt() options:   206
 Public functions in libcurl:  58
 Known libcurl bindings:       42
 Contributors:                 1123

This release includes the following changes:

 o ntlm: Added support for NTLMv2 [2]
 o tool: Added support for URL specific options [3]
 o openssl: add ALPN support
 o gtls: add ALPN support
 o nss: add ALPN and NPN support
 o added CURLOPT_EXPECT_100_TIMEOUT_MS [7]
 o tool: add --no-alpn and --no-npn
 o added CURLOPT_SSL_ENABLE_NPN and CURLOPT_SSL_ENABLE_ALPN
 o winssl: enable TLSv1.1 and TLSv1.2 by default
 o winssl: TLSv1.2 disables certificate signatures using MD5 hash
 o winssl: enable hostname verification of IP address using SAN or CN [11]
 o darwinssl: Don't omit CN verification when an IP address is used [12]
 o http2: build with current nghttp2 version

This release includes the following bugfixes:

 o nss: allow to use ECC ciphers if NSS implements them [1]
 o netrc: Fixed a memory leak in an OOM condition
 o ftp: fixed a memory leak on wildcard error path
 o pipeline: Fixed a NULL pointer dereference on OOM
 o nss: prefer highest available TLS version
 o 100-continue: fix timeout condition [4]
 o ssh: Fixed a NULL pointer dereference on OOM condition
 o formpost: use semicolon in multipart/mixed [5]
 o --help: add missing --tlsv1.x options
 o formdata: Fixed memory leak on OOM condition
 o ConnectionExists: reusing possible HTTP+NTLM connections better [6]
 o mingw32: fix compilation
 o chunked decoder: track overflows correctly [8]
 o curl_easy_setopt.3: add CURL_HTTP_VERSION_2_0
 o dict: fix memory leak in OOM exit path
 o valgrind: added suppression on optimized code
 o curl: output protocol headers using binary mode
 o tool: Added URL index to password prompt for multiple operations
 o ConnectionExists: re-use non-NTLM connections better [9]
 o axtls: call ssl_read repeatedly
 o multi: make MAXCONNECTS default 4 x number of easy handles function
 o configure: Fix the --disable-crypto-auth option
 o multi: ignore SIGPIPE internally
 o curl.1: update the description of --tlsv1
 o SFTP: skip reading the dir when NOBODY=1 [10]
 o easy: Fixed a memory leak on OOM condition
 o tool: Fixed incorrect return code when setting HTTP request fails
 o configure: Tiny fix to honor POSIX
 o tool: Do not output libcurl source for the information only parameters

This release includes the following known bugs:

 o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

  Adam Sampson, Arvid Norberg, Colin Hogben, Dan Fandrich, Daniel Stenberg,
  David Ryskalczyk, Fabian Frank, Gisle Vanem, Hubert Kario, Jeff King,
  Maks Naumov, Kamil Dudka, Marc Hoersken, naota, Patrick Monnerat,
  Prash Dush, Remi Gacogne, Rob Davies, Romulo A. Ceccon, Shao Shuchao,
  Steve Holme, Tatsuhiro Tsujikawa, Thomas Braun, Tiit Pikma,
  Yehezkel Horowitz

        Thanks! (and sorry if I forgot to mention someone)

References to bug reports and discussions on issues:

 [1] = https://bugzilla.redhat.com/1058776
 [2] = http://curl.haxx.se/mail/lib-2014-01/0183.html
 [3] = http://curl.haxx.se/mail/archive-2013-11/0006.html
 [4] = http://curl.haxx.se/bug/view.cgi?id=1334
 [5] = http://curl.haxx.se/bug/view.cgi?id=1333
 [6] = http://curl.haxx.se/mail/lib-2014-02/0100.html
 [7] = http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTEXPECT100TIMEOUTMS
 [8] = http://curl.haxx.se/mail/lib-2014-02/0097.html
 [9] = http://thread.gmane.org/gmane.comp.version-control.git/242213
 [10] = http://curl.haxx.se/mail/lib-2014-02/0155.html
 [11] = http://curl.haxx.se/mail/lib-2014-02/0243.html
 [12] = https://github.com/bagder/curl/pull/93