Log Message:
Upstream release notes:

Fixed in 7.36.0 - March 26 2014
Release contains security-related bug fixes

Changes:

    ntlm: Added support for NTLMv2
    tool: Added support for URL specific options
    openssl: add ALPN support
    gtls: add ALPN support
    nss: add ALPN and NPN support
    added CURLOPT_EXPECT_100_TIMEOUT_MS
    tool: add --no-alpn and --no-npn
    added CURLOPT_SSL_ENABLE_NPN and CURLOPT_SSL_ENABLE_ALPN
    winssl: enable TLSv1.1 and TLSv1.2 by default
    winssl: TLSv1.2 disables certificate signatures using MD5 hash
    winssl: enable hostname verification of IP address using SAN or CN
    darwinssl: Don't omit CN verification when an IP address is used
    http2: build with current nghttp2 version
    polarssl: dropped support for PolarSSL < 1.3.0
    openssl: info message with SSL version used

Bugfixes:

    SECURITY ADVISORY: wrong re-use of connections
    SECURITY ADVISORY: IP address wildcard certificate validation
    SECURITY ADVISORY: not verifying certs for TLS to IP address / Darwinssl
    SECURITY ADVISORY: not verifying certs for TLS to IP address / Winssl
    nss: allow to use ECC ciphers if NSS implements them
    netrc: Fixed a memory leak in an OOM condition
    ftp: fixed a memory leak on wildcard error path
    pipeline: Fixed a NULL pointer dereference on OOM
    nss: prefer highest available TLS version
    100-continue: fix timeout condition
    ssh: Fixed a NULL pointer dereference on OOM condition
    formpost: use semicolon in multipart/mixaed
    --help: add missing --tlsv1.x options
    formdata: Fixed memory leak on OOM condition
    ConnectionExists: reusing possible HTTP+NTLM connections better
    mingw32: fix compilation
    chunked decoder: track overflows correctly
    curl_easy_setopt.3: add CURL_HTTP_VERSION_2_0
    dict: fix memory leak in OOM exit path
    valgrind: added suppression on optimized code
    curl: output protocol headers using binary mode
    tool: Added URL index to password prompt for multiple operations
    ConnectionExists: re-use non-NTLM connections better
    axtls: call ssl_read repeatedly
    multi: make MAXCONNECTS default 4 x number of easy handles function
    configure: Fix the --disable-crypto-auth option
    multi: ignore SIGPIPE internally
    curl.1: update the description of --tlsv1
    SFTP: skip reading the dir when NOBODY=1
    easy: Fixed a memory leak on OOM condition
    tool: Fixed incorrect return code when setting HTTP request fails
    configure: Tiny fix to honor POSIX
    tool: Do not output libcurl source for the information only parameters
    Rework Open Watcom make files to use standard Wmake features
    x509asn: moved out Curl_verifyhost from NSS builds
    configure: call it GSS-API
    hostcheck: Curl_cert_hostcheck is not used by NSS builds
    multi_runsingle: move timestamp into INIT
    remote_port: allow connect to port 0
    parse_remote_port: error out on illegal port numbers better
    ssh: Pass errors from libssh2_sftp_read up the stack
    docs: remove documentation on setting up krb4 support
    polarssl: build fixes to work with PolarSSL 1.3.x
    polarssl: fix possible handshake timeout issue in multi
    nss: allow to enable/disable cipher-suites better
    ssh: prevent a logic error that could result in an infinite loop
    http2: free resources on disconnect
    polarssl: avoid extra newlines in debug messages
    rtsp: parse "Session:" header properly
    trynextip: don't store 'ai' on failed connects
    Curl_cert_hostcheck: strip trailing dots in host name and wildcard