libcurl: update to 7.67

2 files changed, 1541 insertions, 2025 deletions

diff --git a/libs/libcurl/docs/CHANGES b/libs/libcurl/docs/CHANGES
index 0047ab41ac..d35f541998 100644
--- a/libs/libcurl/docs/CHANGES
+++ b/libs/libcurl/docs/CHANGES
@@ -6,6 +6,1505 @@
 
                                   Changelog
 
+Version 7.67.0 (5 Nov 2019)
+
+Daniel Stenberg (5 Nov 2019)
+- RELEASE-NOTES: synced
+  
+  The 7.67.0 release
+
+- THANKS: add new names from 7.67.0
+
+- configure: only say ipv6 enabled when the variable is set
+  
+  Previously it could say "IPv6: enabled" at the end of the configure run
+  but the define wasn't set because of a missing getaddrinfo().
+  
+  Reported-by: Marcel Raad
+  Fixes #4555
+  Closes #4560
+
+Marcel Raad (2 Nov 2019)
+- certs/Server-localhost-lastSAN-sv: regenerate with sha256
+  
+  All other certificates were regenerated in commit ba782baac30, but
+  this one was missed.
+  Fixes test3001 on modern systems.
+  
+  Closes https://github.com/curl/curl/pull/4551
+
+Daniel Stenberg (2 Nov 2019)
+- [Vilhelm Prytz brought this change]
+
+  copyrights: update all copyright notices to 2019 on files changed this year
+  
+  Closes #4547
+
+- [Bastien Bouclet brought this change]
+
+  mbedtls: add error message for cert validity starting in the future
+  
+  Closes #4552
+
+Jay Satiro (1 Nov 2019)
+- schannel_verify: Fix concurrent openings of CA file
+  
+  - Open the CA file using FILE_SHARE_READ mode so that others can read
+    from it as well.
+  
+  Prior to this change our schannel code opened the CA file without
+  sharing which meant concurrent openings (eg an attempt from another
+  thread or process) would fail during the time it was open without
+  sharing, which in curl's case would cause error:
+  "schannel: failed to open CA file".
+  
+  Bug: https://curl.haxx.se/mail/lib-2019-10/0104.html
+  Reported-by: Richard Alcock
+
+Daniel Stenberg (31 Oct 2019)
+- gtls: make gnutls_bye() not wait for response on shutdown
+  
+  ... as it can make it wait there for a long time for no good purpose.
+  
+  Patched-by: Jay Satiro
+  Reported-by: Bylon2 on github
+  Adviced-by: Nikos Mavrogiannopoulos
+  
+  Fixes #4487
+  Closes #4541
+
+- [Michał Janiszewski brought this change]
+
+  appveyor: publish artifacts on appveyor
+  
+  This allows obtaining upstream builds of curl directly from appveyor for
+  all the available configurations
+  
+  Closes #4509
+
+- url: make Curl_close() NULLify the pointer too
+  
+  This is the common pattern used in the code and by a unified approach we
+  avoid mistakes.
+  
+  Closes #4534
+
+- [Trivikram Kamat brought this change]
+
+  INSTALL: add missing space for configure commands
+  
+  Closes #4539
+
+- url: Curl_free_request_state() should also free doh handles
+  
+  ... or risk DoH memory leaks.
+  
+  Reported-by: Paul Dreik
+  Fixes #4463
+  Closes #4527
+
+- examples: remove the "this exact code has not been verified"
+  
+  ... as really confuses the reader to not know what to believe!
+
+- [Trivikram Kamat brought this change]
+
+  HTTP3: fix typo somehere1 > somewhere1
+  
+  Closes #4535
+
+Jay Satiro (28 Oct 2019)
+- [Javier Blazquez brought this change]
+
+  HTTP3: fix invalid use of sendto for connected UDP socket
+  
+  On macOS/BSD, trying to call sendto on a connected UDP socket fails
+  with a EISCONN error. Because the singleipconnect has already called
+  connect on the socket when we're trying to use it for QUIC transfers
+  we need to use plain send instead.
+  
+  Fixes #4529
+  Closes https://github.com/curl/curl/pull/4533
+
+Daniel Stenberg (28 Oct 2019)
+- RELEASE-NOTES: synced
+
+- [Javier Blazquez brought this change]
+
+  HTTP3: fix Windows build
+  
+  The ngtcp2 QUIC backend was using the MSG_DONTWAIT flag for send/recv
+  in order to perform nonblocking operations. On Windows this flag does
+  not exist. Instead, the socket must be set to nonblocking mode via
+  ioctlsocket.
+  
+  This change sets the nonblocking flag on UDP sockets used for QUIC on
+  all platforms so the use of MSG_DONTWAIT is not needed.
+  
+  Fixes #4531
+  Closes #4532
+
+Marcel Raad (27 Oct 2019)
+- appveyor: add --disable-proxy autotools build
+  
+  This would have caught issue #3926.
+  
+  Also make formatting more consistent.
+  
+  Closes https://github.com/curl/curl/pull/4526
+
+Daniel Stenberg (25 Oct 2019)
+- appveyor: make winbuilds with DEBUG=no/yes and VS 2015/2017
+  
+  ... and invoke "curl -V" once done
+  
+  Co-Authored-By: Jay Satiro
+  
+  Closes #4523
+
+- [Francois Rivard brought this change]
+
+  schannel: reverse the order of certinfo insertions
+  
+  Fixes #4518
+  Closes #4519
+
+Marcel Raad (24 Oct 2019)
+- test1591: fix spelling of http feature
+  
+  The test never got run because the feature name is `http` in lowercase.
+  
+  Closes https://github.com/curl/curl/pull/4520
+
+Daniel Stenberg (23 Oct 2019)
+- [Michał Janiszewski brought this change]
+
+  appveyor: Use two parallel compilation on appveyor with CMake
+  
+  Appveyor provides 2 CPUs for each builder[1], make sure to use parallel
+  compilation, when running with CMake. CMake learned this new option in
+  version 3.12[2] and the version provided by appveyor is fresh enough.
+  
+  Curl doesn't really take that long to build and it is using the slowest
+  builder available, msbuild, so expect only a moderate improvement in
+  build times.
+  
+  [1] https://www.appveyor.com/docs/build-environment/
+  [2] https://cmake.org/cmake/help/v3.12/release/3.12.html
+  
+  Closes #4508
+
+- conn-reuse: requests wanting NTLM can reuse non-NTLM connections
+  
+  Added test case 338 to verify.
+  
+  Reported-by: Daniel Silverstone
+  Fixes #4499
+  Closes #4514
+
+Marcel Raad (23 Oct 2019)
+- tests: add missing proxy features
+
+Daniel Stenberg (22 Oct 2019)
+- RELEASE-NOTES: synced
+
+Marcel Raad (21 Oct 2019)
+- tests: use %FILE_PWD for file:// URLs
+  
+  This way, we always have exactly one slash after the host name, making
+  the tests pass when curl is compiled with the MSYS GCC.
+  
+  Closes https://github.com/curl/curl/pull/4512
+
+- tests: add `connect to non-listen` keywords
+  
+  These tests try to connect to ports nothing is listening on.
+  
+  Closes https://github.com/curl/curl/pull/4511
+
+- runtests: get textaware info from curl instead of perl
+  
+  The MSYS system on Windows can run the test suite for curl built with
+  any toolset. When built with the MSYS GCC, curl uses Unix line endings,
+  while it uses Windows line endings when built with the MinGW GCC, and
+  `^O` reports 'msys' in both cases. Use the curl executable itself to
+  determine the line endings instead, which reports 'x86_64-pc-msys' when
+  built with the MSYS GCC.
+  
+  Closes https://github.com/curl/curl/pull/4506
+
+Daniel Stenberg (20 Oct 2019)
+- [Michał Janiszewski brought this change]
+
+  appveyor: Add MSVC ARM64 build
+  
+  Closes #4507
+
+- http2_recv: a closed stream trumps pause state
+  
+  ... and thus should return 0, not EAGAIN.
+  
+  Reported-by: Tom van der Woerdt
+  Fixes #4496
+  Closes #4505
+
+- http2: expire a timeout at end of stream
+  
+  To make sure that transfer is being dealt with. Streams without
+  Content-Length need a final read to notice the end-of-stream state.
+  
+  Reported-by: Tom van der Woerdt
+  Fixes #4496
+
+Dan Fandrich (18 Oct 2019)
+- travis: Add an ARM64 build
+  
+  Test 323 is failing for some reason, so disable it there for now.
+
+Marcel Raad (18 Oct 2019)
+- examples/sslbackend: fix -Wchar-subscripts warning
+  
+  With the `isdigit` implementation that comes with MSYS2, the argument
+  is used as an array subscript, resulting in a -Wchar-subscripts
+  warning. `isdigit`'s behavior is undefined if the argument is negative
+  and not EOF [0]. As done in lib/curl_ctype.h, cast the `char` variable
+  to `unsigned char` to avoid that.
+  
+  [0] https://en.cppreference.com/w/c/string/byte/isdigit
+  
+  Closes https://github.com/curl/curl/pull/4503
+
+Daniel Stenberg (18 Oct 2019)
+- configure: remove all cyassl references
+  
+  In particular, this removes the case where configure would find an old
+  cyall installation rather than a wolfssl one if present. The library is
+  named wolfssl in modern days so there's no real need to keep support for
+  the former.
+  
+  Reported-by: Jacob Barthelmeh
+  Closes #4502
+
+Marcel Raad (17 Oct 2019)
+- test1162: disable MSYS2's POSIX path conversion
+  
+  This avoids MSYS2 converting the backslasb in the URL to a slash,
+  causing the test to fail.
+
+Daniel Stenberg (17 Oct 2019)
+- RELEASE-NOTES: synced
+
+Jay Satiro (16 Oct 2019)
+- CURLOPT_TIMEOUT.3: Clarify transfer timeout time includes queue time
+  
+  Prior to this change some users did not understand that the "request"
+  starts when the handle is added to the multi handle, or probably they
+  did not understand that some of those transfers may be queued and that
+  time is included in timeout.
+  
+  Reported-by: Jeroen Ooms
+  
+  Fixes https://github.com/curl/curl/issues/4486
+  Closes https://github.com/curl/curl/pull/4489
+
+- [Stian Soiland-Reyes brought this change]
+
+  tool_operate: Fix retry sleep time shown to user when Retry-After
+  
+  - If server header Retry-After is being used for retry sleep time then
+    show that value to the user instead of the normal retry sleep time.
+  
+  This is a follow-up to 640b973 (7.66.0) which changed curl tool so that
+  the value from Retry-After header overrides other retry timing options.
+  
+  Closes https://github.com/curl/curl/pull/4498
+
+Daniel Stenberg (16 Oct 2019)
+- url: normalize CURLINFO_EFFECTIVE_URL
+  
+  The URL extracted with CURLINFO_EFFECTIVE_URL was returned as given as
+  input in most cases, which made it not get a scheme prefixed like before
+  if the URL was given without one, and it didn't remove dotdot sequences
+  etc.
+  
+  Added test case 1907 to verify that this now works as intended and as
+  before 7.62.0.
+  
+  Regression introduced in 7.62.0
+  
+  Reported-by: Christophe Dervieux
+  Fixes #4491
+  Closes #4493
+
+Marcel Raad (16 Oct 2019)
+- tests: line ending fixes for Windows
+  
+  Mark some files as text.
+  
+  Closes https://github.com/curl/curl/pull/4490
+
+- tests: use proxy feature
+  
+  This makes the tests succeed when using --disable-proxy.
+  
+  Closes https://github.com/curl/curl/pull/4488
+
+- smbserver: fix Python 3 compatibility
+  
+  Python 2's `ConfigParser` module is spelled `configparser` in Python 3.
+  
+  Closes https://github.com/curl/curl/pull/4484
+
+- security: silence conversion warning
+  
+  With MinGW-w64, `curl_socket_t` is is a 32 or 64 bit unsigned integer,
+  while `read` expects a 32 bit signed integer.
+  Use `sread` instead of `read` to use the correct parameter type.
+  
+  Closes https://github.com/curl/curl/pull/4483
+
+- connect: silence sign-compare warning
+  
+  With MinGW-w64 using WinSock, `curl_socklen_t` is signed, while the
+  result of `sizeof` is unsigned.
+  
+  Closes https://github.com/curl/curl/pull/4483
+
+Daniel Stenberg (13 Oct 2019)
+- TODO: Handle growing SFTP files
+  
+  Closes #4344
+
+- KNOWN_BUGS: remove "CURLFORM_CONTENTLEN in an array"
+  
+  The curl_formadd() function is deprecated and shouldn't be used so the
+  real fix for applications is to switch to the curl_mime_* API.
+
+- KNOWN_BUGS: "LDAP on Windows does authentication wrong"
+  
+  Closes #3116
+
+- appveyor: add a winbuild that uses VS2017
+  
+  Closes #4482
+
+- [Harry Sintonen brought this change]
+
+  socketpair: fix include and define for older TCP header systems
+  
+  fixed build for systems that need netinet/in.h for IPPROTO_TCP and are
+  missing INADDR_LOOPBACK
+  
+  Closes #4480
+
+- socketpair: fix double-close in error case
+  
+  Follow-up to bc2dbef0afc08
+
+- gskit: use the generic Curl_socketpair
+
+- asyn-thread: make use of Curl_socketpair() where available
+
+- socketpair: an implemention for Windows and more
+  
+  Curl_socketpair() is designed to be used and work everywhere if there's
+  no native version or the native version isn't good enough.
+  
+  Closes #4466
+
+- RELEASE-NOTES: synced
+
+- connect: return CURLE_OPERATION_TIMEDOUT for errno == ETIMEDOUT
+  
+  Previosly all connect() failures would return CURLE_COULDNT_CONNECT, no
+  matter what errno said.
+  
+  This makes for example --retry work on these transfer failures.
+  
+  Reported-by: Nathaniel J. Smith
+  Fixes #4461
+  Clsoes #4462
+
+- cirrus: switch off blackhole status on the freebsd CI machines
+
+- tests: use port 2 instead of 60000 for a safer non-listening port
+  
+  ... when the tests want "connection refused".
+
+- KNOWN_BUGS: IDN tests failing on Windows
+  
+  Closes #3747
+
+Dan Fandrich (9 Oct 2019)
+- cirrus: Increase the git clone depth.
+  
+  If more commits are submitted to master between the time of triggering
+  the first Cirrus build and the time the final build gets started, the
+  desired commit is no longer at HEAD and the build will error out.
+  [skip ci]
+
+Daniel Stenberg (9 Oct 2019)
+- docs: make sure the --no-progress-meter docs file is in dist too
+
+- docs: document it as --no-progress-meter instead of the reverse
+  
+  Follow-up to 93373a960c3bb4
+  
+  Reported-by: infinnovation-dev on github
+  Fixes #4474
+  Closes #4475
+
+Dan Fandrich (9 Oct 2019)
+- cirrus: Switch the FreeBSD 11.x build to 11.3 and add a 13.0 build.
+  
+  Also, select the images using image_family to get the latest snapshots
+  automatically.
+  [skip ci]
+
+Daniel Stenberg (8 Oct 2019)
+- curl: --no-progress-meter
+  
+  New option that allows a user to ONLY switch off curl's progress meter
+  and leave everything else in "talkative" mode.
+  
+  Reported-by: Piotr Komborski
+  Fixes #4422
+  Closes #4470
+
+- TODO: Consult %APPDATA% also for .netrc
+  
+  Closes #4016
+
+- CURLOPT_TIMEOUT.3: remove the mention of "minutes"
+  
+  ... just say that limiting operations risk aborting otherwise fine
+  working transfers. If that means seconds, minutes or hours, we leave to
+  the user.
+  
+  Reported-by: Martin Gartner
+  Closes #4469
+
+- [Andrei Valeriu BICA brought this change]
+
+  docs: added multi-event.c example
+  
+  Similar to multi-uv.c but using libevent 2. This is a simpler libevent
+  integration example then hiperfifo.c.
+  
+  Closes #4471
+
+Jay Satiro (5 Oct 2019)
+- [Nicolas brought this change]
+
+  ldap: fix OOM error on missing query string
+  
+  - Allow missing queries, don't return NO_MEMORY error in such a case.
+  
+  It is acceptable for there to be no specified query string, for example:
+  
+  curl ldap://ldap.forumsys.com
+  
+  A regression bug in 1b443a7 caused this issue.
+  
+  This is a partial fix for #4261.
+  
+  Bug: https://github.com/curl/curl/issues/4261#issuecomment-525543077
+  Reported-by: Jojojov@users.noreply.github.com
+  Analyzed-by: Samuel Surtees
+  
+  Closes https://github.com/curl/curl/pull/4467
+
+- [Paul B. Omta brought this change]
+
+  build: Remove unused HAVE_LIBSSL and HAVE_LIBCRYPTO defines
+  
+  Closes https://github.com/curl/curl/pull/4460
+
+Daniel Stenberg (5 Oct 2019)
+- RELEASE-NOTES: synced
+
+- [Stian Soiland-Reyes brought this change]
+
+  curl: ensure HTTP 429 triggers --retry
+  
+  This completes #3794.
+  
+  Also make sure the new tests from #4195 are enabled
+  
+  Closes #4465
+
+Marcel Raad (4 Oct 2019)
+- [apique brought this change]
+
+  winbuild: add ENABLE_UNICODE option
+  
+  Fixes https://github.com/curl/curl/issues/4308
+  Closes https://github.com/curl/curl/pull/4309
+
+Daniel Stenberg (4 Oct 2019)
+- ngtcp2: adapt to API change
+  
+  Closes #4457
+
+- cookies: change argument type for Curl_flush_cookies
+  
+  The second argument is really a 'bool' so use that and pass in TRUE/FALSE
+  to make it clear.
+  
+  Closes #4455
+
+- http2: move state-init from creation to pre-transfer
+  
+  To make sure that the HTTP/2 state is initialized correctly for
+  duplicated handles. It would otherwise easily generate "spurious"
+  PRIORITY frames to get sent over HTTP/2 connections when duplicated easy
+  handles were used.
+  
+  Reported-by: Daniel Silverstone
+  Fixes #4303
+  Closes #4442
+
+- urlapi: fix use-after-free bug
+  
+  Follow-up from 2c20109a9b5d04
+  
+  Added test 663 to verify.
+  
+  Reported by OSS-Fuzz
+  Bug: https://crbug.com/oss-fuzz/17954
+  
+  Closes #4453
+
+- [Paul Dreik brought this change]
+
+  cookie: avoid harmless use after free
+  
+  This fix removes a use after free which can be triggered by
+  the internal cookie fuzzer, but otherwise is probably
+  impossible to trigger from an ordinary application.
+  
+  The following program reproduces it:
+  
+          curl_global_init(CURL_GLOBAL_DEFAULT);
+          CURL*  handle=curl_easy_init();
+          CookieInfo* info=Curl_cookie_init(handle,NULL,NULL,false);
+          curl_easy_setopt(handle, CURLOPT_COOKIEJAR, "/dev/null");
+          Curl_flush_cookies(handle, true);
+          Curl_cookie_cleanup(info);
+          curl_easy_cleanup(handle);
+          curl_global_cleanup();
+  
+  This was found through fuzzing.
+  
+  Closes #4454
+
+- [Denis Chaplygin brought this change]
+
+  docs: add note on failed handles not being counted by curl_multi_perform
+  
+  Closes #4446
+
+- CURLMOPT_MAX_CONCURRENT_STREAMS.3: fix SEE ALSO typo
+
+- [Niall brought this change]
+
+  ESNI: initial build/setup
+  
+  Closes #4011
+
+- RELEASE-NOTES: synced
+
+- redirect: when following redirects to an absolute URL, URL encode it
+  
+  ... to make it handle for example (RFC violating) embeded spaces.
+  
+  Reported-by: momala454 on github
+  Fixes #4445
+  Closes #4447
+
+- urlapi: fix URL encoding when setting a full URL
+
+- tool_operate: rename functions to make more sense
+
+- curl: create easy handles on-demand and not ahead of time
+  
+  This should again enable crazy-large download ranges of the style
+  [1-10000000] that otherwise easily ran out of memory starting in 7.66.0
+  when this new handle allocating scheme was introduced.
+  
+  Reported-by: Peter Sumatra
+  Fixes #4393
+  Closes #4438
+
+- [Kunal Ekawde brought this change]
+
+  CURLMOPT_MAX_CONCURRENT_STREAMS: new setopt
+  
+  Closes #4410
+
+- chunked-encoding: stop hiding the CURLE_BAD_CONTENT_ENCODING error
+  
+  Unknown content-encoding would get returned as CURLE_WRITE_ERROR if the
+  response is chunked-encoded.
+  
+  Reported-by: Ilya Kosarev
+  Fixes #4310
+  Closes #4449
+
+Marcel Raad (1 Oct 2019)
+- checksrc: fix uninitialized variable warning
+  
+  The loop doesn't need to be executed without a file argument.
+  
+  Closes https://github.com/curl/curl/pull/4444
+
+- urlapi: fix unused variable warning
+  
+  `dest` is only used with `ENABLE_IPV6`.
+  
+  Closes https://github.com/curl/curl/pull/4444
+
+- lib: silence conversion warnings
+  
+  Closes https://github.com/curl/curl/pull/4444
+
+- AppVeyor: add 32-bit MinGW-w64 build
+  
+  With WinSSL and testing enabled so that it would have detected most of
+  the warnings fixed in [0] and [1].
+  
+  [0] https://github.com/curl/curl/pull/4398
+  [1] https://github.com/curl/curl/pull/4415
+  
+  Closes https://github.com/curl/curl/pull/4433
+
+- AppVeyor: remove MSYS2_ARG_CONV_EXCL for winbuild
+  
+  It's only used for MSYS2 with MinGW.
+  
+  Closes
+
+Daniel Stenberg (30 Sep 2019)
+- [Emil Engler brought this change]
+
+  git: add tests/server/disabled to .gitignore
+  
+  Closes #4441
+
+- altsvc: accept quoted ma and persist values
+  
+  As mandated by the spec. Test 1654 is extended to verify.
+  
+  Closes #4443
+
+- mailmap: a Lucas fix
+
+Alessandro Ghedini (29 Sep 2019)
+- [Lucas Pardue brought this change]
+
+  quiche: update HTTP/3 config creation to new API
+
+Daniel Stenberg (29 Sep 2019)
+- BINDINGS: PureBasic, Net::Curl for perl and Nim
+
+- BINDINGS: Kapito is an Erlang library, basically a binding
+
+- BINDINGS: added clj-curl
+  
+  Reported-by: Lucas Severo
+
+- [Jay Satiro brought this change]
+
+  docs: disambiguate CURLUPART_HOST is for host name (ie no port)
+  
+  Closes #4424
+
+- cookies: using a share with cookies shouldn't enable the cookie engine
+  
+  The 'share object' only sets the storage area for cookies. The "cookie
+  engine" still needs to be enabled or activated using the normal cookie
+  options.
+  
+  This caused the curl command line tool to accidentally use cookies
+  without having been told to, since curl switched to using shared cookies
+  in 7.66.0.
+  
+  Test 1166 verifies
+  
+  Updated test 506
+  
+  Fixes #4429
+  Closes #4434
+
+- setopt: handle ALTSVC set to NULL
+
+- RELEASE-NOTES: synced
+
+- [grdowns brought this change]
+
+  INSTALL: add vcpkg installation instructions
+  
+  Closes #4435
+
+- [Zenju brought this change]
+
+  FTP: add test for FTPFILE_NOCWD: Avoid redundant CWDs
+  
+  Add libtest 661
+  
+  Closes #4417
+
+- [Zenju brought this change]
+
+  FTP: url-decode path before evaluation
+  
+  Closes #4428
+
+Marcel Raad (27 Sep 2019)
+- tests: fix narrowing conversion warnings
+  
+  `timediff_t` is 64 bits wide also on 32-bit systems since
+  commit b1616dad8f0.
+  
+  Closes https://github.com/curl/curl/pull/4415
+
+Jay Satiro (27 Sep 2019)
+- [julian brought this change]
+
+  vtls: Fix comment typo about macosx-version-min compiler flag
+  
+  Closes https://github.com/curl/curl/pull/4425
+
+Daniel Stenberg (26 Sep 2019)
+- [Yechiel Kalmenson brought this change]
+
+  README: minor grammar fix
+  
+  Closes #4431
+
+- [Spezifant brought this change]
+
+  HTTP3: fix prefix parameter for ngtcp2 build
+  
+  Closes #4430
+
+- quiche: don't close connection at end of stream!
+
+- quiche: set 'drain' when returning without having drained the queues
+
+- Revert "FTP: url-decode path before evaluation"
+  
+  This reverts commit 2f036a72d543e96128bd75cb0fedd88815fd42e2.
+
+- HTTP3: merged and simplified the two 'running' sections
+
+- HTTP3: show an --alt-svc using example too
+
+- [Zenju brought this change]
+
+  FTP: url-decode path before evaluation
+  
+  Closes #4423
+
+- openssl: use strerror on SSL_ERROR_SYSCALL
+  
+  Instead of showing the somewhat nonsensical errno number, use strerror()
+  to provide a more relatable error message.
+  
+  Closes #4411
+
+- HTTP3: update quic.aiortc.org + add link to server list
+  
+  Reported-by: Jeremy Lainé
+
+Jay Satiro (26 Sep 2019)
+- url: don't set appconnect time for non-ssl/non-ssh connections
+  
+  Prior to this change non-ssl/non-ssh connections that were reused set
+  TIMER_APPCONNECT [1]. Arguably that was incorrect since no SSL/SSH
+  handshake took place.
+  
+  [1]: TIMER_APPCONNECT is publicly known as CURLINFO_APPCONNECT_TIME in
+  libcurl and %{time_appconnect} in the curl tool. It is documented as
+  "the time until the SSL/SSH handshake is completed".
+  
+  Reported-by: Marcel Hernandez
+  
+  Ref: https://github.com/curl/curl/issues/3760
+  
+  Closes https://github.com/curl/curl/pull/3773
+
+Daniel Stenberg (25 Sep 2019)
+- ngtcp2: remove fprintf() calls
+  
+  - convert some of them to H3BUF() calls to infof()
+  - remove some of them completely
+  - made DEBUG_HTTP3 defined only if CURLDEBUG is set for now
+  
+  Closes #4421
+
+- [Jay Satiro brought this change]
+
+  url: fix the NULL hostname compiler warning case
+  
+  Closes #4403
+
+- [Jay Satiro brought this change]
+
+  travis: move the go install to linux-only
+  
+  ... to repair the build again
+  Closes #4403
+
+- altsvc: correct the #ifdef for the ngtcp2 backend
+
+- altsvc: save h3 as h3-23
+  
+  Follow-up to d176a2c7e5
+
+- urlapi: question mark within fragment is still fragment
+  
+  The parser would check for a query part before fragment, which caused it
+  to do wrong when the fragment contains a question mark.
+  
+  Extended test 1560 to verify.
+  
+  Reported-by: Alex Konev
+  Fixes #4412
+  Closes #4413
+
+- [Alex Samorukov brought this change]
+
+  HTTP3.md: move -p for mkdir, remove -j for make
+  
+  - mkdir on OSX/Darwin requires `-p` argument before dir
+  
+  - portabbly figuring out number of cores is an exercise for somewhere
+    else
+  
+  Closes #4407
+
+Patrick Monnerat (24 Sep 2019)
+- os400: getpeername() and getsockname() return ebcdic AF_UNIX sockaddr,
+  
+  As libcurl now uses these 2 system functions, wrappers are needed on os400
+  to convert returned AF_UNIX sockaddrs to ascii.
+  
+  This is a follow-up to commit 7fb54ef.
+  See also #4037.
+  Closes #4214
+
+Jay Satiro (24 Sep 2019)
+- [Lucas Pardue brought this change]
+
+  strcase: fix raw lowercasing the letter X
+  
+  Casing mistake in Curl_raw_tolower 'X' wasn't lowercased as 'x' prior to
+  this change.
+  
+  Follow-up to 0023fce which added the function several days ago.
+  
+  Ref: https://github.com/curl/curl/pull/4401#discussion_r327396546
+  
+  Closes https://github.com/curl/curl/pull/4408
+
+Daniel Stenberg (23 Sep 2019)
+- http2: Expression 'stream->stream_id != - 1' is always true
+  
+  PVS-Studio warning
+  Fixes #4402
+
+- http2: A value is being subtracted from the unsigned variable
+  
+  PVS-Studio warning
+  Fixes #4402
+
+- libssh: part of conditional expression is always true: !result
+  
+  PVS-Studio warning
+  Fixed #4402
+
+- libssh: part of conditional expression is always true
+  
+  PVS-Studio warning
+  Fixes #4402
+
+- libssh: The expression is excessive or contains a misprint
+  
+  PVS-Studio warning
+  Fixes #4402
+
+- quiche: The expression must be surrounded by parentheses
+  
+  PVS-Studio warning
+  Fixes #4402
+
+- vauth: The parameter 'status' must be surrounded by parentheses
+  
+  PVS-Studio warning
+  Fixes #4402
+
+- [Paul Dreik brought this change]
+
+  doh: allow only http and https in debug mode
+  
+  Otherwise curl may be told to use for instance pop3 to
+  communicate with the doh server, which most likely
+  is not what you want.
+  
+  Found through fuzzing.
+  
+  Closes #4406
+
+- [Paul Dreik brought this change]
+
+  doh: return early if there is no time left
+  
+  Closes #4406
+
+- [Barry Pollard brought this change]
+
+  http: lowercase headernames for HTTP/2 and HTTP/3
+  
+  Closes #4401
+  Fixes #4400
+
+Marcel Raad (23 Sep 2019)
+- vtls: fix narrowing conversion warnings
+  
+  Curl_timeleft returns `timediff_t`, which is 64 bits wide also on
+  32-bit systems since commit b1616dad8f0.
+  
+  Closes https://github.com/curl/curl/pull/4398
+
+Daniel Stenberg (23 Sep 2019)
+- [Joel Depooter brought this change]
+
+  winbuild: Add manifest to curl.exe for proper OS version detection
+  
+  This is a small fix to commit ebd213270a017a6830928ee2e1f4a9cabc799898
+  in pull request #1221. That commit added the CURL_EMBED_MANIFEST flag to
+  CURL_RC_FLAGS. However, later in the file CURL_RC_FLAGS is
+  overwritten. The fix is to append values to CURL_RC_FLAGS instead of
+  overwriting
+  
+  Closes #4399
+
+- RELEASE-NOTES: synced
+
+Marcel Raad (22 Sep 2019)
+- openssl: fix compiler warning with LibreSSL
+  
+  It was already fixed for BoringSSL in commit a0f8fccb1e0.
+  LibreSSL has had the second argument to SSL_CTX_set_min_proto_version
+  as uint16_t ever since the function was added in [0].
+  
+  [0] https://github.com/libressl-portable/openbsd/commit/56f107201baefb5533486d665a58d8f57fd3aeda
+  
+  Closes https://github.com/curl/curl/pull/4397
+
+Daniel Stenberg (22 Sep 2019)
+- curl: exit the create_transfers loop on errors
+  
+  When looping around the ranges and given URLs to create transfers, all
+  errors should exit the loop and return. Previously it would keep
+  looping.
+  
+  Reported-by: SumatraPeter on github
+  Bug: #4393
+  Closes #4396
+
+Jay Satiro (21 Sep 2019)
+- socks: Fix destination host shown on SOCKS5 error
+  
+  Prior to this change when a server returned a socks5 connect error then
+  curl would parse the destination address:port from that data and show it
+  to the user as the destination:
+  
+  curld -v --socks5 10.0.3.1:1080 http://google.com:99
+  * SOCKS5 communication to google.com:99
+  * SOCKS5 connect to IPv4 172.217.12.206 (locally resolved)
+  * Can't complete SOCKS5 connection to 253.127.0.0:26673. (1)
+  curl: (7) Can't complete SOCKS5 connection to 253.127.0.0:26673. (1)
+  
+  That's incorrect because the address:port included in the connect error
+  is actually a bind address:port (typically unused) and not the
+  destination address:port. This fix changes curl to show the destination
+  information that curl sent to the server instead:
+  
+  curld -v --socks5 10.0.3.1:1080 http://google.com:99
+  * SOCKS5 communication to google.com:99
+  * SOCKS5 connect to IPv4 172.217.7.14:99 (locally resolved)
+  * Can't complete SOCKS5 connection to 172.217.7.14:99. (1)
+  curl: (7) Can't complete SOCKS5 connection to 172.217.7.14:99. (1)
+  
+  curld -v --socks5-hostname 10.0.3.1:1080 http://google.com:99
+  * SOCKS5 communication to google.com:99
+  * SOCKS5 connect to google.com:99 (remotely resolved)
+  * Can't complete SOCKS5 connection to google.com:99. (1)
+  curl: (7) Can't complete SOCKS5 connection to google.com:99. (1)
+  
+  Ref: https://tools.ietf.org/html/rfc1928#section-6
+  
+  Closes https://github.com/curl/curl/pull/4394
+
+Daniel Stenberg (21 Sep 2019)
+- travis: enable ngtcp2 h3-23 builds
+
+- altsvc: both backends run h3-23 now
+  
+  Closes #4395
+
+- http: fix warning on conversion from int to bit
+  
+  Follow-up from 03ebe66d70
+
+- urldata: use 'bool' for the bit type on MSVC compilers
+  
+  Closes #4387
+  Fixes #4379
+
+- appveyor: upgrade VS2017 to VS2019
+  
+  Closes #4383
+
+- [Zenju brought this change]
+
+  FTP: FTPFILE_NOCWD: avoid redundant CWDs
+  
+  Closes #4382
+
+- cookie: pass in the correct cookie amount to qsort()
+  
+  As the loop discards cookies without domain set. This bug would lead to
+  qsort() trying to sort uninitialized pointers. We have however not found
+  it a security problem.
+  
+  Reported-by: Paul Dreik
+  Closes #4386
+
+- [Paul Dreik brought this change]
+
+  urlapi: avoid index underflow for short ipv6 hostnames
+  
+  If the input hostname is "[", hlen will underflow to max of size_t when
+  it is subtracted with 2.
+  
+  hostname[hlen] will then cause a warning by ubsanitizer:
+  
+  runtime error: addition of unsigned offset to 0x<snip> overflowed to
+  0x<snip>
+  
+  I think that in practice, the generated code will work, and the output
+  of hostname[hlen] will be the first character "[".
+  
+  This can be demonstrated by the following program (tested in both clang
+  and gcc, with -O3)
+  
+  int main() {
+    char* hostname=strdup("[");
+    size_t hlen = strlen(hostname);
+  
+    hlen-=2;
+    hostname++;
+    printf("character is %d\n",+hostname[hlen]);
+    free(hostname-1);
+  }
+  
+  I found this through fuzzing, and even if it seems harmless, the proper
+  thing is to return early with an error.
+  
+  Closes #4389
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+  ngtcp2: compile with latest ngtcp2 + nghttp3 draft-23
+  
+  Closes #4392
+
+- THANKS-filter: deal with my typos 'Jat' => 'Jay'
+
+- travis: use go master
+  
+  ... as the boringssl builds needs a very recent version
+  
+  Co-authored-by: Jat Satiro
+  Closes #4361
+
+- tool_operate: removed unused variable 'done'
+  
+  Fixes warning detected by PVS-Studio
+  Fixes #4374
+
+- tool_operate: Expression 'config->resume_from' is always true
+  
+  Fixes warning detected by PVS-Studio
+  Fixes #4374
+
+- tool_getparam: remove duplicate switch case
+  
+  Fixes warning detected by PVS-Studio
+  Fixes #4374
+
+- libssh2: part of conditional expression is always true: !result
+  
+  Fixes warning detected by PVS-Studio
+  Fixes #4374
+
+- urlapi: Expression 'storep' is always true
+  
+  Fixes warning detected by PVS-Studio
+  Fixes #4374
+
+- urlapi: 'scheme' is always true
+  
+  Fixes warning detected by PVS-Studio
+  Fixes #4374
+
+- urlapi: part of conditional expression is always true: (relurl[0] == '/')
+  
+  Fixes warning detected by PVS-Studio
+  Fixes #4374
+
+- setopt: store CURLOPT_RTSP_SERVER_CSEQ correctly
+  
+  Fixes bug detected by PVS-Studio
+  Fixes #4374
+
+- mime: make Curl_mime_duppart() assert if called without valid dst
+  
+  Fixes warning detected by PVS-Studio
+  Fixes #4374
+
+- http_proxy: part of conditional expression is always true: !error
+  
+  Fixes warning detected by PVS-Studio
+  Fixes #4374
+
+- imap: merged two case-branches performing the same action
+  
+  Fixes warning detected by PVS-Studio
+  Fixes #4374
+
+- multi: value '2L' is assigned to a boolean
+  
+  Fixes warning detected by PVS-Studio
+  Fixes #4374
+
+- easy: part of conditional expression is always true: !result
+  
+  Fixes warning detected by PVS-Studio
+  Fixes #4374
+
+- netrc: part of conditional expression is always true: !done
+  
+  Fixes warning detected by PVS-Studio
+  Fixes #4374
+
+- version: Expression 'left > 1' is always true
+  
+  Fixes warning detected by PVS-Studio
+  Fixes #4374
+
+- url: remove dead code
+  
+  Fixes warning detected by PVS-Studio
+  Fixes #4374
+
+- url: part of expression is always true: (bundle->multiuse == 0)
+  
+  Fixes warning detected by PVS-Studio
+  Fixes #4374
+
+- ftp: the conditional expression is always true
+  
+  ... both !result and (ftp->transfer != FTPTRANSFER_BODY)!
+  
+  Fixes warning detected by PVS-Studio
+  Fixes #4374
+
+- ftp: Expression 'ftpc->wait_data_conn' is always false
+  
+  Fixes warning detected by PVS-Studio
+  Fixes #4374
+
+- ftp: Expression 'ftpc->wait_data_conn' is always true
+  
+  Fixes warning detected by PVS-Studio
+  Fixes #4374
+
+- ftp: part of conditional expression is always true: !result
+  
+  Fixes warning detected by PVS-Studio
+  Fixes #4374
+
+- http: fix Expression 'http->postdata' is always false
+  
+  Fixes warning detected by PVS-Studio
+  Fixes #4374
+  Reported-by: Valerii Zapodovnikov
+
+- [Niall O'Reilly brought this change]
+
+  doh: avoid truncating DNS QTYPE to lower octet
+  
+  Closes #4381
+
+- [Jens Finkhaeuser brought this change]
+
+  urlapi: CURLU_NO_AUTHORITY allows empty authority/host part
+  
+  CURLU_NO_AUTHORITY is intended for use with unknown schemes (i.e. not
+  "file:///") to override cURL's default demand that an authority exists.
+  
+  Closes #4349
+
+- version: next release will be 7.67.0
+
+- RELEASE-NOTES: synced
+
+- url: only reuse TLS connections with matching pinning
+  
+  If the requests have different CURLOPT_PINNEDPUBLICKEY strings set, the
+  connection should not be reused.
+  
+  Bug: https://curl.haxx.se/mail/lib-2019-09/0061.html
+  Reported-by: Sebastian Haglund
+  
+  Closes #4347
+
+- README: add OSS-Fuzz badge [skip ci]
+  
+  Closes #4380
+
+Michael Kaufmann (18 Sep 2019)
+- http: merge two "case" statements
+
+Daniel Stenberg (18 Sep 2019)
+- [Zenju brought this change]
+
+  FTP: remove trailing slash from path for LIST/MLSD
+  
+  Closes #4348
+
+- mime: when disabled, avoid C99 macro
+  
+  Closes #4368
+
+- url: cleanup dangling DOH request headers too
+  
+  Follow-up to 9bc44ff64d9081
+  
+  Credit to OSS-Fuzz
+  Bug: https://crbug.com/oss-fuzz/17269
+  
+  Closes #4372
+
+- [Christoph M. Becker brought this change]
+
+  http2: relax verification of :authority in push promise requests
+  
+  If the :authority pseudo header field doesn't contain an explicit port,
+  we assume it is valid for the default port, instead of rejecting the
+  request for all ports.
+  
+  Ref: https://curl.haxx.se/mail/lib-2019-09/0041.html
+  
+  Closes #4365
+
+- doh: clean up dangling DOH handles and memory on easy close
+  
+  If you set the same URL for target as for DoH (and it isn't a DoH
+  server), like "https://example.com" in both, the easy handles used for
+  the DoH requests could be left "dangling" and end up not getting freed.
+  
+  Reported-by: Paul Dreik
+  Closes #4366
+
+- unit1655: make it C90 compliant
+  
+  Unclear why this was not detected in the CI.
+  
+  Follow-up to b7666027296a
+
+- smb: check for full size message before reading message details
+  
+  To avoid reading of uninitialized data.
+  
+  Assisted-by: Max Dymond
+  Bug: https://crbug.com/oss-fuzz/16907
+  Closes #4363
+
+- quiche: persist connection details
+  
+  ... like we do for other protocols at connect time. This makes "curl -I"
+  and other things work.
+  
+  Reported-by: George Liu
+  Fixes #4358
+  Closes #4360
+
+- openssl: fix warning with boringssl and SSL_CTX_set_min_proto_version
+  
+  Follow-up to ffe34b7b59
+  Closes #4359
+
+- [Paul Dreik brought this change]
+
+  doh: fix undefined behaviour and open up for gcc and clang optimization
+  
+  The undefined behaviour is annoying when running fuzzing with
+  sanitizers. The codegen is the same, but the meaning is now not up for
+  dispute. See https://cppinsights.io/s/516a2ff4
+  
+  By incrementing the pointer first, both gcc and clang recognize this as
+  a bswap and optimizes it to a single instruction.  See
+  https://godbolt.org/z/994Zpx
+  
+  Closes #4350
+
+- [Paul Dreik brought this change]
+
+  doh: fix (harmless) buffer overrun
+  
+  Added unit test case 1655 to verify.
+  Close #4352
+  
+  the code correctly finds the flaws in the old code,
+  if one temporarily restores doh.c to the old version.
+
+Alessandro Ghedini (15 Sep 2019)
+- docs: remove trailing ':' from section names in CURLOPT_TRAILER* man
+
+- docs: fix typo in CURLOPT_HTTP_VERSION man
+
+GitHub (14 Sep 2019)
+- [Daniel Stenberg brought this change]
+
+  CI: inintial github action job
+  
+  First shot at a CI build on github actions
+
+Daniel Stenberg (13 Sep 2019)
+- appveyor: add a winbuild
+  
+  Assisted-by: Marcel Raad
+  Assisted-by: Jay Satiro
+  
+  Closes #4324
+
+- FTP: allow "rubbish" prepended to the SIZE response
+  
+  This is a protocol violation but apparently there are legacy proprietary
+  servers doing this.
+  
+  Added test 336 and 337 to verify.
+  
+  Reported-by: Philippe Marguinaud
+  Closes #4339
+
+- [Zenju brought this change]
+
+  FTP: skip CWD to entry dir when target is absolute
+  
+  Closes #4332
+
+Kamil Dudka (13 Sep 2019)
+- curl: fix memory leaked by parse_metalink()
+  
+  This commit fixes a regression introduced by curl-7_65_3-5-gb88940850.
+  Detected by tests 2005, 2008, 2009, 2010, 2011, and 2012 with valgrind
+  and libmetalink enabled.
+  
+  Closes #4326
+
+Daniel Stenberg (13 Sep 2019)
+- parsedate: still provide the name arrays when disabled
+  
+  If FILE or FTP are enabled, since they also use them!
+  
+  Reported-by: Roland Hieber
+  Fixes #4325
+  Closes #4343
+
+- [Gilles Vollant brought this change]
+
+  curl:file2string: load large files much faster
+  
+  ... by using a more efficient realloc scheme.
+  
+  Bug: https://curl.haxx.se/mail/lib-2019-09/0045.html
+  Closes #4336
+
+- openssl: close_notify on the FTP data connection doesn't mean closure
+  
+  For FTPS transfers, curl gets close_notify on the data connection
+  without that being a signal to close the control connection!
+  
+  Regression since 3f5da4e59a556fc (7.65.0)
+  
+  Reported-by: Zenju on github
+  Reviewed-by: Jay Satiro
+  Fixes #4329
+  Closes #4340
+
+- [Jimmy Gaussen brought this change]
+
+  docs/HTTP3: fix `--with-ssl` ngtcp2 configure flag
+  
+  Closes #4338
+
+- RELEASE-NOTES: synced
+
+- curlver: bump to 7.66.1
+
+- [Zenju brought this change]
+
+  setopt: make it easier to add new enum values
+  
+  ... by using the *_LAST define names better.
+  
+  Closes #4321
+
+- asyn-thread: s/AF_LOCAL/AF_UNIX for Solaris
+  
+  Reported-by: Dagobert Michelsen
+  Fixes #4328
+  Closes #4333
+
+- [Bernhard Walle brought this change]
+
+  winbuild/MakefileBuild.vc: Add vssh
+  
+  Without that modification, the Windows build using the makefiles doesn't
+  work.
+  
+  Signed-off-by: Bernhard Walle <bernhard.walle@posteo.eu>
+  
+  Fixes #4322
+  Closes #4323
+
+Bernhard Walle (11 Sep 2019)
+- winbuild/MakefileBuild.vc: Fix line endings
+  
+  The file had mixed line endings.
+  
+  Signed-off-by: Bernhard Walle <bernhard.walle@posteo.eu>
+
+Jay Satiro (11 Sep 2019)
+- ldap: Stop using wide char version of ldapp_err2string
+  
+  Despite ldapp_err2string being documented by MS as returning a
+  PCHAR (char *), when UNICODE it is mapped to ldap_err2stringW and
+  returns PWCHAR (wchar_t *).
+  
+  We have lots of code that expects ldap_err2string to return char *,
+  most of it failf used like this:
+  
+  failf(data, "LDAP local: Some error: %s", ldap_err2string(rc));
+  
+  Closes https://github.com/curl/curl/pull/4272
+
 Version 7.66.0 (10 Sep 2019)
 
 Daniel Stenberg (10 Sep 2019)
@@ -5598,2028 +7097,3 @@ Alessandro Ghedini (7 Feb 2019)
    % curl -E <TAB>
   
   Bug: https://bugs.debian.org/921452
-
-- zsh.pl: update regex to better match curl -h output
-  
-  The current regex fails to match '<...>' arguments properly (e.g. those
-  with spaces in them), which causes an completion script with wrong
-  descriptions for some options.
-  
-  Here's a diff of the generated completion script, comparing the previous
-  version to the one with this fix:
-  
-  --- /usr/share/zsh/vendor-completions/_curl     2019-01-15 20:47:40.000000000 +0000
-  +++ _curl       2019-02-05 20:57:29.453349040 +0000
-  @@ -9,48 +9,48 @@
-  
-   _arguments -C -S \
-     --happy-eyeballs-timeout-ms'[How long to wait in milliseconds for IPv6 before trying IPv4]':'<milliseconds>' \
-  +  --resolve'[Resolve the host+port to this address]':'<host:port:address[,address]...>' \
-     {-c,--cookie-jar}'[Write cookies to <filename> after operation]':'<filename>':_files \
-     {-D,--dump-header}'[Write the received headers to <filename>]':'<filename>':_files \
-     {-y,--speed-time}'[Trigger '\''speed-limit'\'' abort after this time]':'<seconds>' \
-     --proxy-cacert'[CA certificate to verify peer against for proxy]':'<file>':_files \
-  -  --tls13-ciphers'[of TLS 1.3 ciphersuites> TLS 1.3 cipher suites to use]':'<list' \
-  +  --tls13-ciphers'[TLS 1.3 cipher suites to use]':'<list of TLS 1.3 ciphersuites>' \
-     {-E,--cert}'[Client certificate file and password]':'<certificate[:password]>' \
-     --libcurl'[Dump libcurl equivalent code of this command line]':'<file>':_files \
-     --proxy-capath'[CA directory to verify peer against for proxy]':'<dir>':_files \
-  -  --proxy-negotiate'[HTTP Negotiate (SPNEGO) authentication on the proxy]':'Use' \
-     --proxy-pinnedpubkey'[FILE/HASHES public key to verify proxy with]':'<hashes>' \
-     --crlfile'[Get a CRL list in PEM format from the given file]':'<file>':_files \
-  -  --proxy-insecure'[HTTPS proxy connections without verifying the proxy]':'Do' \
-  -  --proxy-ssl-allow-beast'[security flaw for interop for HTTPS proxy]':'Allow' \
-  +  --proxy-negotiate'[Use HTTP Negotiate (SPNEGO) authentication on the proxy]' \
-     --abstract-unix-socket'[Connect via abstract Unix domain socket]':'<path>' \
-     --pinnedpubkey'[FILE/HASHES Public key to verify peer against]':'<hashes>' \
-  +  --proxy-insecure'[Do HTTPS proxy connections without verifying the proxy]' \
-     --proxy-pass'[Pass phrase for the private key for HTTPS proxy]':'<phrase>' \
-  +  --proxy-ssl-allow-beast'[Allow security flaw for interop for HTTPS proxy]' \
-     {-p,--proxytunnel}'[Operate through an HTTP proxy tunnel (using CONNECT)]' \
-     --socks5-hostname'[SOCKS5 proxy, pass host name to proxy]':'<host[:port]>' \
-     --proto-default'[Use PROTOCOL for any URL missing a scheme]':'<protocol>' \
-  -  --proxy-tls13-ciphers'[list> TLS 1.3 proxy cipher suites]':'<ciphersuite' \
-  +  --proxy-tls13-ciphers'[TLS 1.3 proxy cipher suites]':'<ciphersuite list>' \
-     --socks5-gssapi-service'[SOCKS5 proxy service name for GSS-API]':'<name>' \
-     --ftp-alternative-to-user'[String to replace USER \[name\]]':'<command>' \
-  -  --ftp-ssl-control'[SSL/TLS for FTP login, clear for transfer]':'Require' \
-     {-T,--upload-file}'[Transfer local FILE to destination]':'<file>':_files \
-     --local-port'[Force use of RANGE for local port numbers]':'<num/range>' \
-     --proxy-tlsauthtype'[TLS authentication type for HTTPS proxy]':'<type>' \
-     {-R,--remote-time}'[Set the remote file'\''s time on the local output]' \
-  -  --retry-connrefused'[on connection refused (use with --retry)]':'Retry' \
-  -  --suppress-connect-headers'[proxy CONNECT response headers]':'Suppress' \
-  -  {-j,--junk-session-cookies}'[session cookies read from file]':'Ignore' \
-  -  --location-trusted'[--location, and send auth to other hosts]':'Like' \
-  +  --ftp-ssl-control'[Require SSL/TLS for FTP login, clear for transfer]' \
-     --proxy-cert-type'[Client certificate type for HTTPS proxy]':'<type>' \
-     {-O,--remote-name}'[Write output to a file named as the remote file]' \
-  +  --retry-connrefused'[Retry on connection refused (use with --retry)]' \
-  +  --suppress-connect-headers'[Suppress proxy CONNECT response headers]' \
-     --trace-ascii'[Like --trace, but without hex output]':'<file>':_files \
-     --connect-timeout'[Maximum time allowed for connection]':'<seconds>' \
-     --expect100-timeout'[How long to wait for 100-continue]':'<seconds>' \
-     {-g,--globoff}'[Disable URL sequences and ranges using {} and \[\]]' \
-  +  {-j,--junk-session-cookies}'[Ignore session cookies read from file]' \
-     {-m,--max-time}'[Maximum time allowed for the transfer]':'<seconds>' \
-     --dns-ipv4-addr'[IPv4 address to use for DNS requests]':'<address>' \
-     --dns-ipv6-addr'[IPv6 address to use for DNS requests]':'<address>' \
-  -  --ignore-content-length'[the size of the remote resource]':'Ignore' \
-     {-k,--insecure}'[Allow insecure server connections when using SSL]' \
-  +  --location-trusted'[Like --location, and send auth to other hosts]' \
-     --mail-auth'[Originator address of the original email]':'<address>' \
-     --noproxy'[List of hosts which do not use proxy]':'<no-proxy-list>' \
-     --proto-redir'[Enable/disable PROTOCOLS on redirect]':'<protocols>' \
-  @@ -62,18 +62,19 @@
-     --socks5-basic'[Enable username/password auth for SOCKS5 proxies]' \
-     --cacert'[CA certificate to verify peer against]':'<file>':_files \
-     {-H,--header}'[Pass custom header(s) to server]':'<header/@file>' \
-  +  --ignore-content-length'[Ignore the size of the remote resource]' \
-     {-i,--include}'[Include protocol response headers in the output]' \
-     --proxy-header'[Pass custom header(s) to proxy]':'<header/@file>' \
-     --unix-socket'[Connect through this Unix domain socket]':'<path>' \
-     {-w,--write-out}'[Use output FORMAT after completion]':'<format>' \
-  -  --http2-prior-knowledge'[HTTP 2 without HTTP/1.1 Upgrade]':'Use' \
-     {-o,--output}'[Write to file instead of stdout]':'<file>':_files \
-  -  {-J,--remote-header-name}'[the header-provided filename]':'Use' \
-  +  --preproxy'[\[protocol://\]host\[:port\] Use this proxy first]' \
-     --socks4a'[SOCKS4a proxy on given host + port]':'<host[:port]>' \
-     {-Y,--speed-limit}'[Stop transfers slower than this]':'<speed>' \
-     {-z,--time-cond}'[Transfer based on a time condition]':'<time>' \
-     --capath'[CA directory to verify peer against]':'<dir>':_files \
-     {-f,--fail}'[Fail silently (no output at all) on HTTP errors]' \
-  +  --http2-prior-knowledge'[Use HTTP 2 without HTTP/1.1 Upgrade]' \
-     --proxy-tlspassword'[TLS password for HTTPS proxy]':'<string>' \
-     {-U,--proxy-user}'[Proxy user and password]':'<user:password>' \
-     --proxy1.0'[Use HTTP/1.0 proxy on given port]':'<host[:port]>' \
-  @@ -81,52 +82,49 @@
-     {-A,--user-agent}'[Send User-Agent <name> to server]':'<name>' \
-     --egd-file'[EGD socket path for random data]':'<file>':_files \
-     --fail-early'[Fail on first transfer error, do not continue]' \
-  -  --haproxy-protocol'[HAProxy PROXY protocol v1 header]':'Send' \
-  -  --preproxy'[Use this proxy first]':'[protocol://]host[:port]' \
-  +  {-J,--remote-header-name}'[Use the header-provided filename]' \
-     --retry-max-time'[Retry only within this period]':'<seconds>' \
-     --socks4'[SOCKS4 proxy on given host + port]':'<host[:port]>' \
-     --socks5'[SOCKS5 proxy on given host + port]':'<host[:port]>' \
-  -  --socks5-gssapi-nec'[with NEC SOCKS5 server]':'Compatibility' \
-  -  --ssl-allow-beast'[security flaw to improve interop]':'Allow' \
-     --cert-status'[Verify the status of the server certificate]' \
-  -  --ftp-create-dirs'[the remote dirs if not present]':'Create' \
-     {-:,--next}'[Make next URL use its separate set of options]' \
-     --proxy-key-type'[Private key file type for proxy]':'<type>' \
-  -  --remote-name-all'[the remote file name for all URLs]':'Use' \
-     {-X,--request}'[Specify request command to use]':'<command>' \
-     --retry'[Retry request if transient problems occur]':'<num>' \
-  -  --ssl-no-revoke'[cert revocation checks (WinSSL)]':'Disable' \
-     --cert-type'[Certificate file type (DER/PEM/ENG)]':'<type>' \
-     --connect-to'[Connect to host]':'<HOST1:PORT1:HOST2:PORT2>' \
-     --create-dirs'[Create necessary local directory hierarchy]' \
-  +  --haproxy-protocol'[Send HAProxy PROXY protocol v1 header]' \
-     --max-redirs'[Maximum number of redirects allowed]':'<num>' \
-     {-n,--netrc}'[Must read .netrc for user name and password]' \
-  +  {-x,--proxy}'[\[protocol://\]host\[:port\] Use this proxy]' \
-     --proxy-crlfile'[Set a CRL list for proxy]':'<file>':_files \
-     --sasl-ir'[Enable initial response in SASL authentication]' \
-  -  --socks5-gssapi'[GSS-API auth for SOCKS5 proxies]':'Enable' \
-  +  --socks5-gssapi-nec'[Compatibility with NEC SOCKS5 server]' \
-  +  --ssl-allow-beast'[Allow security flaw to improve interop]' \
-  +  --ftp-create-dirs'[Create the remote dirs if not present]' \
-     --interface'[Use network INTERFACE (or address)]':'<name>' \
-     --key-type'[Private key file type (DER/PEM/ENG)]':'<type>' \
-     --netrc-file'[Specify FILE for netrc]':'<filename>':_files \
-     {-N,--no-buffer}'[Disable buffering of the output stream]' \
-     --proxy-service-name'[SPNEGO proxy service name]':'<name>' \
-  -  --styled-output'[styled output for HTTP headers]':'Enable' \
-  +  --remote-name-all'[Use the remote file name for all URLs]' \
-  +  --ssl-no-revoke'[Disable cert revocation checks (WinSSL)]' \
-     --max-filesize'[Maximum file size to download]':'<bytes>' \
-     --negotiate'[Use HTTP Negotiate (SPNEGO) authentication]' \
-     --no-keepalive'[Disable TCP keepalive on the connection]' \
-     {-#,--progress-bar}'[Display transfer progress as a bar]' \
-  -  {-x,--proxy}'[Use this proxy]':'[protocol://]host[:port]' \
-  -  --proxy-anyauth'[any proxy authentication method]':'Pick' \
-     {-Q,--quote}'[Send command(s) to server before transfer]' \
-  -  --request-target'[the target for this request]':'Specify' \
-  +  --socks5-gssapi'[Enable GSS-API auth for SOCKS5 proxies]' \
-     {-u,--user}'[Server user and password]':'<user:password>' \
-     {-K,--config}'[Read config from a file]':'<file>':_files \
-     {-C,--continue-at}'[Resumed transfer offset]':'<offset>' \
-     --data-raw'[HTTP POST data, '\''@'\'' allowed]':'<data>' \
-  -  --disallow-username-in-url'[username in url]':'Disallow' \
-     --krb'[Enable Kerberos with security <level>]':'<level>' \
-     --proxy-ciphers'[SSL ciphers to use for proxy]':'<list>' \
-     --proxy-digest'[Use Digest authentication on the proxy]' \
-     --proxy-tlsuser'[TLS username for HTTPS proxy]':'<name>' \
-  +  --styled-output'[Enable styled output for HTTP headers]' \
-     {-b,--cookie}'[Send cookies from string/file]':'<data>' \
-     --data-urlencode'[HTTP POST data url encoded]':'<data>' \
-     --delegation'[GSS-API delegation permission]':'<LEVEL>' \
-  @@ -134,7 +132,10 @@
-     --post301'[Do not switch to GET after following a 301]' \
-     --post302'[Do not switch to GET after following a 302]' \
-     --post303'[Do not switch to GET after following a 303]' \
-  +  --proxy-anyauth'[Pick any proxy authentication method]' \
-  +  --request-target'[Specify the target for this request]' \
-     --trace-time'[Add time stamps to trace/verbose output]' \
-  +  --disallow-username-in-url'[Disallow username in url]' \
-     --dns-servers'[DNS server addrs to use]':'<addresses>' \
-     {-G,--get}'[Put the post data in the URL and use GET]' \
-     --limit-rate'[Limit transfer speed to RATE]':'<speed>' \
-  @@ -148,21 +149,21 @@
-     --metalink'[Process given URLs as metalink XML file]' \
-     --tr-encoding'[Request compressed transfer encoding]' \
-     --xattr'[Store metadata in extended file attributes]' \
-  -  --ftp-skip-pasv-ip'[the IP address for PASV]':'Skip' \
-     --pass'[Pass phrase for the private key]':'<phrase>' \
-     --proxy-ntlm'[Use NTLM authentication on the proxy]' \
-     {-S,--show-error}'[Show error even when -s is used]' \
-  -  --ciphers'[of ciphers> SSL ciphers to use]':'<list' \
-  +  --ciphers'[SSL ciphers to use]':'<list of ciphers>' \
-     --form-string'[Specify multipart MIME data]':'<name=string>' \
-     --login-options'[Server login options]':'<options>' \
-     --tftp-blksize'[Set TFTP BLKSIZE option]':'<value>' \
-  -  --tftp-no-options'[not send any TFTP options]':'Do' \
-     {-v,--verbose}'[Make the operation more talkative]' \
-  +  --ftp-skip-pasv-ip'[Skip the IP address for PASV]' \
-     --proxy-key'[Private key for HTTPS proxy]':'<key>' \
-     {-F,--form}'[Specify multipart MIME data]':'<name=content>' \
-     --mail-from'[Mail from this address]':'<address>' \
-     --oauth2-bearer'[OAuth 2 Bearer Token]':'<token>' \
-     --proto'[Enable/disable PROTOCOLS]':'<protocols>' \
-  +  --tftp-no-options'[Do not send any TFTP options]' \
-     --tlsauthtype'[TLS authentication type]':'<type>' \
-     --doh-url'[Resolve host names over DOH]':'<URL>' \
-     --no-sessionid'[Disable SSL session-ID reusing]' \
-  @@ -173,14 +174,13 @@
-     --ftp-ssl-ccc'[Send CCC after authenticating]' \
-     {-4,--ipv4}'[Resolve names to IPv4 addresses]' \
-     {-6,--ipv6}'[Resolve names to IPv6 addresses]' \
-  -  --netrc-optional'[either .netrc or URL]':'Use' \
-     --service-name'[SPNEGO service name]':'<name>' \
-     {-V,--version}'[Show version number and quit]' \
-     --data-ascii'[HTTP POST ASCII data]':'<data>' \
-     --ftp-account'[Account data string]':'<data>' \
-  -  --compressed-ssh'[SSH compression]':'Enable' \
-     --disable-eprt'[Inhibit using EPRT or LPRT]' \
-     --ftp-method'[Control CWD usage]':'<method>' \
-  +  --netrc-optional'[Use either .netrc or URL]' \
-     --pubkey'[SSH Public key file name]':'<key>' \
-     --raw'[Do HTTP "raw"; no transfer decoding]' \
-     --anyauth'[Pick any authentication method]' \
-  @@ -189,6 +189,7 @@
-     --no-alpn'[Disable the ALPN TLS extension]' \
-     --tcp-nodelay'[Use the TCP_NODELAY option]' \
-     {-B,--use-ascii}'[Use ASCII/text transfer]' \
-  +  --compressed-ssh'[Enable SSH compression]' \
-     --digest'[Use HTTP Digest Authentication]' \
-     --proxy-tlsv1'[Use TLSv1 for HTTPS proxy]' \
-     --engine'[Crypto engine to use]':'<name>' \
-
-Marcel Raad (7 Feb 2019)
-- tool_operate: fix typecheck warning
-  
-  Use long for CURLOPT_HTTP09_ALLOWED to fix the following warning:
-  tool_operate.c: In function 'operate_do':
-  ../include/curl/typecheck-gcc.h:47:9: error: call to
-  '_curl_easy_setopt_err_long' declared with attribute warning:
-  curl_easy_setopt expects a long argument for this option [-Werror]
-  
-  Closes https://github.com/curl/curl/pull/3534
-
-Jay Satiro (6 Feb 2019)
-- [Chris Araman brought this change]
-
-  url: close TLS before removing conn from cache
-  
-  - Fix potential crashes in schannel shutdown.
-  
-  Ensure any TLS shutdown messages are sent before removing the
-  association between the connection and the easy handle. Reverts
-  @bagder's previous partial fix for #3412.
-  
-  Fixes https://github.com/curl/curl/issues/3412
-  Fixes https://github.com/curl/curl/issues/3505
-  Closes https://github.com/curl/curl/pull/3531
-
-Daniel Gustafsson (6 Feb 2019)
-- INTERNALS.md: fix subsection depth and link
-  
-  The Kerberos subsection was mistakenly a subsubsection under FTP, and
-  the curlx subsection was missing an anchor for the TOC link.
-  
-  Closes #3529
-  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-Version 7.64.0 (6 Feb 2019)
-
-Daniel Stenberg (6 Feb 2019)
-- RELEASE-NOTES: 7.64.0
-
-- RELEASE-PROCEDURE: update the release calendar
-
-- THANKS: 7.64.0 status
-
-Daniel Gustafsson (5 Feb 2019)
-- ROADMAP: remove already performed item
-  
-  Commit 7a09b52c98ac8d840a8a9907b1a1d9a9e684bcf5 introduced support
-  for the draft-ietf-httpbis-cookie-alone-01 cookie draft, and while
-  the entry was removed from the TODO it was mistakenly left here.
-  Fix by removing and rewording the entry slightly.
-  
-  Closes #3530
-  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-- [Etienne Simard brought this change]
-
-  CONTRIBUTE.md: Fix grammatical errors
-  
-  Fix grammatical errors making the document read better. Also fixes
-  a typo.
-  
-  Closes #3525
-  Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
-
-Daniel Stenberg (4 Feb 2019)
-- [Julian Z brought this change]
-
-  docs: use $(INSTALL_DATA) to install man page
-  
-  Fixes #3518
-  Closes #3522
-
-Jay Satiro (4 Feb 2019)
-- [Ladar Levison brought this change]
-
-  runtests.pl: Fix perl call to include srcdir
-  
-  - Use explicit include opt for perl calls.
-  
-  Prior to this change some scripts couldn't find their dependencies.
-  
-  At the top, perl is called using with the "-Isrcdir" option, and it
-  works:
-  
-  https://github.com/curl/curl/blob/curl-7_63_0/tests/runtests.pl#L183
-  
-  But on line 3868, that option is omitted. This caused problems for me,
-  as the symbol-scan.pl script in particular couldn't find its
-  dependencies properly:
-  
-  https://github.com/curl/curl/blob/curl-7_63_0/tests/runtests.pl#L3868
-  
-  This patch fixes that oversight by making calls to perl sub-shells
-  uniform.
-  
-  Closes https://github.com/curl/curl/pull/3496
-
-Daniel Stenberg (4 Feb 2019)
-- [Daniel Gustafsson brought this change]
-
-  smtp: avoid risk of buffer overflow in strtol
-  
-  If the incoming len 5, but the buffer does not have a termination
-  after 5 bytes, the strtol() call may keep reading through the line
-  buffer until is exceeds its boundary. Fix by ensuring that we are
-  using a bounded read with a temporary buffer on the stack.
-  
-  Bug: https://curl.haxx.se/docs/CVE-2019-3823.html
-  Reported-by: Brian Carpenter (Geeknik Labs)
-  CVE-2019-3823
-
-- ntlm: fix *_type3_message size check to avoid buffer overflow
-  
-  Bug: https://curl.haxx.se/docs/CVE-2019-3822.html
-  Reported-by: Wenxiang Qian
-  CVE-2019-3822
-
-- NTLM: fix size check condition for type2 received data
-  
-  Bug: https://curl.haxx.se/docs/CVE-2018-16890.html
-  Reported-by: Wenxiang Qian
-  CVE-2018-16890
-
-Marcel Raad (1 Feb 2019)
-- [Giorgos Oikonomou brought this change]
-
-  spnego_sspi: add support for channel binding
-  
-  Attempt to add support for Secure Channel binding when negotiate
-  authentication is used. The problem to solve is that by default IIS
-  accepts channel binding and curl doesn't utilise them. The result was a
-  401 response. Scope affects only the Schannel(winssl)-SSPI combination.
-  
-  Fixes https://github.com/curl/curl/issues/3503
-  Closes https://github.com/curl/curl/pull/3509
-
-Daniel Stenberg (1 Feb 2019)
-- RELEASE-NOTES: synced
-
-- schannel: stop calling it "winssl"
-  
-  Stick to "Schannel" everywhere. The configure option --with-winssl is
-  kept to allow existing builds to work but --with-schannel is added as an
-  alias.
-  
-  Closes #3504
-
-- multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
-  
-  To make sure Curl_timeleft() also thinks the timeout has been reached
-  when one of the EXPIRE_*TIMEOUTs expires.
-  
-  Bug: https://curl.haxx.se/mail/lib-2019-01/0073.html
-  Reported-by: Zhao Yisha
-  Closes #3501
-
-- [John Marshall brought this change]
-
-  doc: use meaningless port number in CURLOPT_LOCALPORT example
-  
-  Use an ephemeral port number here; previously the example had 8080
-  which could be confusing as the common web server port number might
-  be misinterpreted as suggesting this option affects the remote port.
-  
-  URL: https://curl.haxx.se/mail/lib-2019-01/0084.html
-  Closes #3513
-
-GitHub (29 Jan 2019)
-- [Gisle Vanem brought this change]
-
-  Escape the '\'
-  
-  A backslash should be escaped in Roff / Troff.
-
-Jay Satiro (29 Jan 2019)
-- TODO: WinSSL: 'Add option to disable client cert auto-send'
-  
-  By default WinSSL selects and send a client certificate automatically,
-  but for privacy and consistency we should offer an option to disable the
-  default auto-send behavior.
-  
-  Reported-by: Jeroen Ooms
-  
-  Closes https://github.com/curl/curl/issues/2262
-
-Daniel Stenberg (28 Jan 2019)
-- [Jeremie Rapin brought this change]
-
-  sigpipe: if mbedTLS is used, ignore SIGPIPE
-  
-  mbedTLS doesn't have a sigpipe management. If a write/read occurs when
-  the remote closes the socket, the signal is raised and kills the
-  application.  Use the curl mecanisms fix this behavior.
-  
-  Signed-off-by: Jeremie Rapin <j.rapin@overkiz.com>
-  
-  Closes #3502
-
-- unit1653: make it survive torture tests
-
-Jay Satiro (28 Jan 2019)
-- [Michael Kujawa brought this change]
-
-  timeval: Disable MSVC Analyzer GetTickCount warning
-  
-  Compiling with msvc /analyze and a recent Windows SDK warns against
-  using GetTickCount (Suggests to use GetTickCount64 instead.)
-  
-  Since GetTickCount is only being used when GetTickCount64 isn't
-  available, I am disabling that warning.
-  
-  Fixes https://github.com/curl/curl/issues/3437
-  Closes https://github.com/curl/curl/pull/3440
-
-Daniel Stenberg (26 Jan 2019)
-- configure: rewrite --enable-code-coverage
-  
-  The previously used ax_code_coverage.m4 is not license compatible and
-  must not be used.
-  
-  Reported-by: William A. Rowe Jr
-  Fixes #3497
-  Closes #3499
-
-- [Felix Hädicke brought this change]
-
-  setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
-  
-  CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION are supported for
-  libssh as well. So accepting these options only when compiling with
-  libssh2 is wrong here.
-  
-  Fixes #3493
-  Closes #3494
-
-- [Felix Hädicke brought this change]
-
-  libssh: do not let libssh create socket
-  
-  By default, libssh creates a new socket, instead of using the socket
-  created by curl for SSH connections.
-  
-  Pass the socket created by curl to libssh using ssh_options_set() with
-  SSH_OPTIONS_FD directly after ssh_new(). So libssh uses our socket
-  instead of creating a new one.
-  
-  This approach is very similar to what is done in the libssh2 code, where
-  the socket created by curl is passed to libssh2 when
-  libssh2_session_startup() is called.
-  
-  Fixes #3491
-  Closes #3495
-
-- RELEASE-NOTES: synced
-
-- [Archangel_SDY brought this change]
-
-  schannel: preserve original certificate path parameter
-  
-  Fixes #3480
-  Closes #3487
-
-- KNOWN_BUGS: tests not compatible with python3
-  
-  Closes #3289
-  [skip ci]
-
-Daniel Gustafsson (20 Jan 2019)
-- memcmp: avoid doing single char memcmp
-  
-  There is no real gain in performing memcmp() comparisons on single
-  characters, so change these to array subscript inspections which
-  saves a call and makes the code clearer.
-  
-  Closes #3486
-  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-  Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
-
-Daniel Stenberg (19 Jan 2019)
-- COPYING: it's 2019
-  
-  [skip ci]
-
-- [hhb brought this change]
-
-  configure: fix recv/send/select detection on Android
-  
-  This reverts commit d4f25201fb7da03fc88f90d51101beb3d0026db9.
-  
-  The overloadable attribute is removed again starting from
-  NDK17. Actually they only exist in two NDK versions (15 and 16). With
-  overloadable, the first condition tried will succeed. Results in wrong
-  detection result.
-  
-  Closes #3484
-
-Marcel Raad (19 Jan 2019)
-- [Giorgos Oikonomou brought this change]
-
-  ntlm_sspi: add support for channel binding
-  
-  Windows extended potection (aka ssl channel binding) is required
-  to login to ntlm IIS endpoint, otherwise the server returns 401
-  responses.
-  
-  Fixes #3280
-  Closes #3321
-
-Daniel Stenberg (18 Jan 2019)
-- schannel: on connection close there might not be a transfer
-  
-  Reported-by: Marcel Raad
-  Fixes #3412
-  Closes #3483
-
-- [Joel Depooter brought this change]
-
-  ssh: log the libssh2 error message when ssh session startup fails
-  
-  When a ssh session startup fails, it is useful to know why it has
-  failed. This commit changes the message from:
-     "Failure establishing ssh session"
-  to something like this, for example:
-     "Failure establishing ssh session: -5, Unable to exchange encryption keys"
-  
-  Closes #3481
-
-Alessandro Ghedini (16 Jan 2019)
-- Fix typo in manpage
-
-Daniel Stenberg (16 Jan 2019)
-- RELEASE-NOTES: synced
-
-Sergei Nikulov (16 Jan 2019)
-- cmake: updated check for HAVE_POLL_FINE to match autotools
-
-Daniel Stenberg (16 Jan 2019)
-- curl-compilers.m4: check for __ibmxl__ to detect xlclang
-  
-  Follow-up to 2fa0d57e2e3. The __xlc__ symbol is only defined there if a
-  particular flag is used for legacy macros.
-  
-  Fixes #3474
-  Closes #3479
-
-- openssl: fix the SSL_get_tlsext_status_ocsp_resp call
-  
-  .... to not pass in a const in the second argument as that's not how it
-  is supposed to be used and might cause compiler warnings.
-  
-  Reported-by: Pavel Pavlov
-  Fixes #3477
-  Closes #3478
-
-- curl-compilers.m4: detect xlclang
-  
-  Since it isn't totally clang compatible, we detect this IBM clang
-  front-end and if detected, avoids some clang specific magic.
-  
-  Reported-by: Kees Dekker
-  Fixes #3474
-  Closes #3476
-
-- README: add codacy code quality badge
-  
-  [skip ci]
-
-- extract_if_dead: follow-up to 54b201b48c90a
-  
-  extract_if_dead() dead is called from two functions, and only one of
-  them should get conn->data updated and now neither call path clears it.
-  
-  scan-build found a case where conn->data would be NULL dereferenced in
-  ConnectionExists() otherwise.
-  
-  Closes #3473
-
-- multi: remove "Dead assignment"
-  
-  Found by scan-build. Follow-up to 4c35574bb785ce.
-  
-  Closes #3471
-
-- tests: move objnames-* from lib into tests
-  
-  Since they're used purely for testing purposes, I think they should
-  rather be stored there.
-  
-  Closes #3470
-
-Sergei Nikulov (15 Jan 2019)
-- travis: added cmake build for osx
-
-Daniel Stenberg (14 Jan 2019)
-- [Frank Gevaerts brought this change]
-
-  cookie: fix comment typo (url_path_len -> uri_path_len)
-  
-  Closes #3469
-
-Marcel Raad (14 Jan 2019)
-- winbuild: conditionally use /DZLIB_WINAPI
-  
-  zlibwapi.lib (dynamic library) and zlibstat.lib (static library) have
-  the ZLIB_WINAPI define set by default. Using them requires that define
-  too.
-  
-  Ref: https://zlib.net/DLL_FAQ.txt
-  
-  Fixes https://github.com/curl/curl/issues/3133
-  Closes https://github.com/curl/curl/pull/3460
-
-Daniel Stenberg (14 Jan 2019)
-- src/Makefile: make 'tidy' target work for metalink builds
-
-- extract_if_dead: use a known working transfer when checking connections
-  
-  Make sure that this function sets a proper "live" transfer for the
-  connection before calling the protocol-specific connection check
-  function, and then clear it again afterward as a non-used connection has
-  no current transfer.
-  
-  Reported-by: Jeroen Ooms
-  Reviewed-by: Marcel Raad
-  Reviewed-by: Daniel Gustafsson
-  Fixes #3463
-  Closes #3464
-
-- openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
-  
-  OpenSSL_version() replaces OpenSSL_version_num()
-  
-  Closes #3462
-
-Sergei Nikulov (11 Jan 2019)
-- cmake: added checks for HAVE_VARIADIC_MACROS_C99 and HAVE_VARIADIC_MACROS_GCC
-
-Daniel Stenberg (11 Jan 2019)
-- urldata: rename easy_conn to just conn
-  
-  We use "conn" everywhere to be a pointer to the connection.
-  
-  Introduces two functions that "attaches" and "detaches" the connection
-  to and from the transfer.
-  
-  Going forward, we should favour using "data->conn" (since a transfer
-  always only has a single connection or none at all) to "conn->data"
-  (since a connection can have none, one or many transfers associated with
-  it and updating conn->data to be correct is error prone and a frequent
-  reason for internal issues).
-  
-  Closes #3442
-
-- tool_cb_prg: avoid integer overflow
-  
-  When calculating the progress bar width.
-  
-  Reported-by: Peng Li
-  Fixes #3456
-  Closes #3458
-
-Daniel Gustafsson (11 Jan 2019)
-- travis: turn off copyright year checks in checksrc
-  
-  Invoking the maintainer intended COPYRIGHTYEAR check for everyone
-  in the PR pipeline is too invasive, especially at the turn of the
-  year when many files get affected. Remove and leave it as a tool
-  for maintainers to verify patches before commits.
-  
-  This reverts f7bdf4b2e1d81b2652b81b9b3029927589273b41.
-  
-  After discussion with: Daniel Stenberg
-
-Daniel Stenberg (10 Jan 2019)
-- KNOWN_BUGS: cmake makes unusable tool_hugehelp.c with MinGW
-  
-  Closes #3125
-
-- KNOWN_BUGS: Improve --data-urlencode space encoding
-  
-  Closes #3229
-
-Patrick Monnerat (10 Jan 2019)
-- os400: add a missing closing bracket
-  
-  See https://github.com/curl/curl/issues/3453#issuecomment-453054458
-  
-  Reported-by: jonrumsey on github
-
-- os400: fix extra parameter syntax error.
-  
-  Reported-by: jonrumsey on github
-  Closes #3453
-
-Daniel Stenberg (10 Jan 2019)
-- test1558: verify CURLINFO_PROTOCOL on file:// transfer
-  
-  Attempt to reproduce issue #3444.
-  
-  Closes #3447
-
-- RELEASE-NOTES: synced
-
-- xattr: strip credentials from any URL that is stored
-  
-  Both user and password are cleared uncondtitionally.
-  
-  Added unit test 1621 to verify.
-  
-  Fixes #3423
-  Closes #3433
-
-- cookies: allow secure override when done over HTTPS
-  
-  Added test 1562 to verify.
-  
-  Reported-by: Jeroen Ooms
-  Fixes #3445
-  Closes #3450
-
-- multi: multiplexing improvements
-  
-  Fixes #3436
-  Closes #3448
-  
-   Problem 1
-  
-  After LOTS of scratching my head, I eventually realized that even when doing
-  10 uploads in parallel, sometimes the socket callback to the application that
-  tells it what to wait for on the socket, looked like it would reflect the
-  status of just the single transfer that just changed state.
-  
-  Digging into the code revealed that this was indeed the truth. When multiple
-  transfers are using the same connection, the application did not correctly get
-  the *combined* flags for all transfers which then could make it switch to READ
-  (only) when in fact most transfers wanted to get told when the socket was
-  WRITEABLE.
-  
-   Problem 1b
-  
-  A separate but related regression had also been introduced by me when I
-  cleared connection/transfer association better a while ago, as now the logic
-  couldn't find the connection and see if that was marked as used by more
-  transfers and then it would also prematurely remove the socket from the socket
-  hash table even in times other transfers were still using it!
-  
-   Fix 1
-  
-  Make sure that each socket stored in the socket hash has a "combined" action
-  field of what to ask the application to wait for, that is potentially the ORed
-  action of multiple parallel transfers. And remove that socket hash entry only
-  if there are no transfers left using it.
-  
-   Problem 2
-  
-  The socket hash entry stored an association to a single transfer using that
-  socket - and when curl_multi_socket_action() was called to tell libcurl about
-  activities on that specific socket only that transfer was "handled".
-  
-  This was WRONG, as a single socket/connection can be used by numerous parallel
-  transfers and not necessarily a single one.
-  
-   Fix 2
-  
-  We now store a list of handles in the socket hashtable entry and when libcurl
-  is told there's traffic for a particular socket, it now iterates over all
-  known transfers using that single socket.
-
-- test1561: improve test name
-  
-  [skip ci]
-
-- [Katsuhiko YOSHIDA brought this change]
-
-  cookies: skip custom cookies when redirecting cross-site
-  
-  Closes #3417
-
-- THANKS: fixups and a dedupe
-  
-  [skip ci]
-
-- timediff: fix math for unsigned time_t
-  
-  Bug: https://curl.haxx.se/mail/lib-2018-12/0088.html
-  
-  Closes #3449
-
-- [Bernhard M. Wiedemann brought this change]
-
-  tests: allow tests to pass by 2037-02-12
-  
-  similar to commit f508d29f3902104018
-  
-  Closes #3443
-
-- RELEASE-NOTES: synced
-
-- [Brad Spencer brought this change]
-
-  curl_multi_remove_handle() don't block terminating c-ares requests
-  
-  Added Curl_resolver_kill() for all three resolver modes, which only
-  blocks when necessary, along with test 1592 to confirm
-  curl_multi_remove_handle() doesn't block unless it must.
-  
-  Closes #3428
-  Fixes #3371
-
-- Revert "http_negotiate: do not close connection until negotiation is completed"
-  
-  This reverts commit 07ebaf837843124ee670e5b8c218b80b92e06e47.
-  
-  This also reopens PR #3275 which brought the change now reverted.
-  
-  Fixes #3384
-  Closes #3439
-
-- curl/urlapi.h: include "curl.h" first
-  
-  This allows programs to include curl/urlapi.h directly.
-  
-  Reviewed-by: Daniel Gustafsson
-  Reported-by: Ben Kohler
-  Fixes #3438
-  Closes #3441
-
-Marcel Raad (6 Jan 2019)
-- VS projects: fix build warning
-  
-  Starting with Visual Studio 2017 Update 9, Visual Studio doesn't like
-  the MinimalRebuild option anymore and warns:
-  
-  cl : Command line warning D9035: option 'Gm' has been deprecated and
-  will be removed in a future release
-  
-  The option can be safely removed so that the default is used.
-  
-  Closes https://github.com/curl/curl/pull/3425
-
-- schannel: fix compiler warning
-  
-  When building with Unicode on MSVC, the compiler warns about freeing a
-  pointer to const in Curl_unicodefree. Fix this by declaring it as
-  non-const and casting the argument to Curl_convert_UTF8_to_tchar to
-  non-const too, like we do in all other places.
-  
-  Closes https://github.com/curl/curl/pull/3435
-
-Daniel Stenberg (4 Jan 2019)
-- [Rikard Falkeborn brought this change]
-
-  printf: introduce CURL_FORMAT_TIMEDIFF_T
-
-- [Rikard Falkeborn brought this change]
-
-  printf: fix format specifiers
-  
-  Closes #3426
-
-- libtest/stub_gssapi: use "real" snprintf
-  
-  ... since it doesn't link with libcurl.
-  
-  Reverts the commit dcd6f81025 changes from this file.
-  
-  Bug: https://curl.haxx.se/mail/lib-2019-01/0000.html
-  Reported-by: Shlomi Fish
-  Reviewed-by: Daniel Gustafsson
-  Reviewed-by: Kamil Dudka
-  
-  Closes #3434
-
-- INTERNALS: correct some outdated function names
-  
-  Closes #3431
-
-- docs/version.d: mention MultiSSL
-  
-  Reviewed-by: Daniel Gustafsson
-  Closes #3432
-
-Daniel Gustafsson (2 Jan 2019)
-- [Rikard Falkeborn brought this change]
-
-  examples: Update .gitignore
-  
-  Add a few missing examples to make `make examples` not leave the
-  workspace in a dirty state.
-  
-  Closes #3427
-  Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
-
-- THANKS: add more missing names
-  
-  Add Adrian Burcea who made the artwork for the curl://up 2018 event
-  which was held in Stockholm, Sweden.
-
-- docs: mention potential leak in curl_slist_append
-  
-  When a non-empty list is appended to, and used as the returnvalue,
-  the list pointer can leak in case of an allocation failure in the
-  curl_slist_append() call. This is correctly handled in curl code
-  usage but we weren't explicitly pointing it out in the API call
-  documentation. Fix by extending the RETURNVALUE manpage section
-  and example code.
-  
-  Closes #3424
-  Reported-by: dnivras on github
-  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-Marcel Raad (1 Jan 2019)
-- tvnow: silence conversion warnings
-  
-  MinGW-w64 defaults to targeting Windows 7 now, so GetTickCount64 is
-  used and the milliseconds are represented as unsigned long long,
-  leading to a compiler warning when implicitly converting them to long.
-
-Daniel Stenberg (1 Jan 2019)
-- THANKS: dedupe more names
-  
-  Researched-by: Tae Wong
-
-Marcel Raad (1 Jan 2019)
-- [Markus Moeller brought this change]
-
-  ntlm: update selection of type 3 response
-  
-  NTLM2 did not work i.e. no NTLMv2 response was created. Changing the
-  check seems to work.
-  
-  Ref: https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-NLMP/[MS-NLMP].pdf
-  
-  Fixes https://github.com/curl/curl/issues/3286
-  Closes https://github.com/curl/curl/pull/3287
-  Closes https://github.com/curl/curl/pull/3415
-
-Daniel Stenberg (31 Dec 2018)
-- THANKS: added missing names from year <= 2000
-  
-  Due to a report of a missing name in THANKS I manually went through an
-  old CHANGES.0 file and added many previously missing names here.
-
-Daniel Gustafsson (30 Dec 2018)
-- urlapi: fix parsing ipv6 with zone index
-  
-  The previous fix for parsing IPv6 URLs with a zone index was a paddle
-  short for URLs without an explicit port. This patch fixes that case
-  and adds a unit test case.
-  
-  This bug was highlighted by issue #3408, and while it's not the full
-  fix for the problem there it is an isolated bug that should be fixed
-  regardless.
-  
-  Closes #3411
-  Reported-by: GitYuanQu on github
-  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-Daniel Stenberg (30 Dec 2018)
-- THANKS: dedupe Guenter Knauf
-  
-  Reported-by: Tae Wong
-
-- THANKS: missing name from the 6.3.1 release!
-
-Daniel Gustafsson (27 Dec 2018)
-- RELEASE-NOTES: synced
-
-- [Claes Jakobsson brought this change]
-
-  hostip: support wildcard hosts
-  
-  This adds support for wildcard hosts in CURLOPT_RESOLVE. These are
-  try-last so any non-wildcard entry is resolved first. If specified,
-  any host not matched by another CURLOPT_RESOLVE config will use this
-  as fallback.
-  
-  Example send a.com to 10.0.0.1 and everything else to 10.0.0.2:
-    curl --resolve *:443:10.0.0.2 --resolve a.com:443:10.0.0.1 \
-         https://a.com https://b.com
-  
-  This is probably quite similar to using:
-    --connect-to a.com:443:10.0.0.1:443 --connect-to :443:10.0.0.2:443
-  
-  Closes #3406
-  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-- url: fix incorrect indentation
-
-Patrick Monnerat (26 Dec 2018)
-- os400: upgrade ILE/RPG binding.
-  
-  - Trailer function support.
-  - http 0.9 option.
-  - curl_easy_upkeep.
-
-Daniel Gustafsson (25 Dec 2018)
-- FAQ: remove mention of sourceforge for github
-  
-  The project bug tracker is no longer hosted at sourceforge but is now
-  hosted on the curl Github page. Update the FAQ to reflect.
-  
-  Closes #3410
-  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-- openvms: fix typos in documentation
-
-- openvms: fix OpenSSL discovery on VAX
-  
-  The DCL code had a typo in one of the commands which would make the
-  OpenSSL discovery on VAX fail. The correct syntax is F$ENVIRONMENT.
-  
-  Closes #3407
-  Reviewed-by: Viktor Szakats <commit@vszakats.net>
-
-Daniel Stenberg (24 Dec 2018)
-- [Ruslan Baratov brought this change]
-
-  cmake: use lowercase for function name like the rest of the code
-  
-  Reviewed-by: Sergei Nikulov
-  
-  closes #3196
-
-- Revert "libssh: no data pointer == nothing to do"
-  
-  This reverts commit c98ee5f67f497195c9 since commit f3ce38739fa fixed the
-  problem in a more generic way.
-
-- disconnect: set conn->data for protocol disconnect
-  
-  Follow-up to fb445a1e18d: Set conn->data explicitly to point out the
-  current transfer when invoking the protocol-specific disconnect function
-  so that it can work correctly.
-  
-  Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12173
-
-Jay Satiro (23 Dec 2018)
-- [Pavel Pavlov brought this change]
-
-  timeval: Use high resolution timestamps on Windows
-  
-  - Use QueryPerformanceCounter on Windows Vista+
-  
-  There is confusing info floating around that QueryPerformanceCounter
-  can leap etc, which might have been true long time ago, but no longer
-  the case nowadays (perhaps starting from WinXP?). Also, boost and
-  std::chrono::steady_clock use QueryPerformanceCounter in a similar way.
-  
-  Prior to this change GetTickCount or GetTickCount64 was used, which has
-  lower resolution. That is still the case for <= XP.
-  
-  Fixes https://github.com/curl/curl/issues/3309
-  Closes https://github.com/curl/curl/pull/3318
-
-Daniel Stenberg (22 Dec 2018)
-- libssh: no data pointer == nothing to do
-
-- conncache_unlock: avoid indirection by changing input argument type
-
-- disconnect: separate connections and easy handles better
-  
-  Do not assume/store assocation between a given easy handle and the
-  connection if it can be avoided.
-  
-  Long-term, the 'conn->data' pointer should probably be removed as it is a
-  little too error-prone. Still used very widely though.
-  
-  Reported-by: masbug on github
-  Fixes #3391
-  Closes #3400
-
-- libssh: free sftp_canonicalize_path() data correctly
-  
-  Assisted-by: Harry Sintonen
-  
-  Fixes #3402
-  Closes #3403
-
-- RELEASE-NOTES: synced
-
-- http: added options for allowing HTTP/0.9 responses
-  
-  Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose.
-  
-  For now, both the tool and library allow HTTP/0.9 by default.
-  docs/DEPRECATE.md lays out the plan for when to reverse that default: 6
-  months after the 7.64.0 release. The options are added already now so
-  that applications/scripts can start using them already now.
-  
-  Fixes #2873
-  Closes #3383
-
-- if2ip: remove unused function Curl_if_is_interface_name
-  
-  Closes #3401
-
-- http2: clear pause stream id if it gets closed
-  
-  Reported-by: Florian Pritz
-  
-  Fixes #3392
-  Closes #3399
-
-Daniel Gustafsson (20 Dec 2018)
-- [David Garske brought this change]
-
-  wolfssl: Perform cleanup
-  
-  This adds a cleanup callback for cyassl. Resolves possible memory leak
-  when using ECC fixed point cache.
-  
-  Closes #3395
-  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-  Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
-
-Daniel Stenberg (20 Dec 2018)
-- mbedtls: follow-up VERIFYHOST fix from f097669248
-  
-  Fix-by: Eric Rosenquist
-  
-  Fixes #3376
-  Closes #3390
-
-- curlver: bump to 7.64.0 for next release
-
-Daniel Gustafsson (19 Dec 2018)
-- cookies: extend domain checks to non psl builds
-  
-  Ensure to perform the checks we have to enforce a sane domain in
-  the cookie request. The check for non-PSL enabled builds is quite
-  basic but it's better than nothing.
-  
-  Closes #2964
-  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-Daniel Stenberg (19 Dec 2018)
-- [Matus Uzak brought this change]
-
-  smb: fix incorrect path in request if connection reused
-  
-  Follow-up to 09e401e01bf9.  If connection gets reused, then data member
-  will be copied, but not the proto member.  As a result, in smb_do(),
-  path has been set from the original proto.share data.
-  
-  Closes #3388
-
-- curl -J: do not append to the destination file
-  
-  Reported-by: Kamil Dudka
-  Fixes #3380
-  Closes #3381
-
-- mbedtls: use VERIFYHOST
-  
-  Previously, VERIFYPEER would enable/disable all checks.
-  
-  Reported-by: Eric Rosenquist
-  Fixes #3376
-  Closes #3380
-
-- pingpong: change default response timeout to 120 seconds
-  
-  Previously it was 30 minutes
-
-- pingpong: ignore regular timeout in disconnect phase
-  
-  The timeout set with CURLOPT_TIMEOUT is no longer used when
-  disconnecting from one of the pingpong protocols (FTP, IMAP, SMTP,
-  POP3).
-  
-  Reported-by: jasal82 on github
-  
-  Fixes #3264
-  Closes #3374
-
-- TODO: Windows: set attribute 'archive' for completed downloads
-  
-  Closes #3354
-
-- RELEASE-NOTES: synced
-
-- http: minor whitespace cleanup from f464535b
-
-- [Ayoub Boudhar brought this change]
-
-  http: Implement trailing headers for chunked transfers
-  
-  This adds the CURLOPT_TRAILERDATA and CURLOPT_TRAILERFUNCTION
-  options that allow a callback based approach to sending trailing headers
-  with chunked transfers.
-  
-  The test server (sws) was updated to take into account the detection of the
-  end of transfer in the case of trailing headers presence.
-  
-  Test 1591 checks that trailing headers can be sent using libcurl.
-  
-  Closes #3350
-
-- darwinssl: accept setting max-tls with default min-tls
-  
-  Reported-by: Andrei Neculau
-  Fixes #3367
-  Closes #3373
-
-- gopher: fix memory leak from 9026083ddb2a9
-
-- [Leonardo Taccari brought this change]
-
-  test1201: Add a trailing `?' to the selector
-  
-  This verify that the `?' in the selector is kept as is.
-  
-  Verifies the fix in #3370
-
-- [Leonardo Taccari brought this change]
-
-  gopher: always include the entire gopher-path in request
-  
-  After the migration to URL API all octets in the selector after the
-  first `?' were interpreted as query and accidentally discarded and not
-  passed to the server.
-  
-  Add a gopherpath to always concatenate possible path and query URL
-  pieces.
-  
-  Fixes #3369
-  Closes #3370
-
-- [Leonardo Taccari brought this change]
-
-  urlapi: distinguish possibly empty query
-  
-  If just a `?' to indicate the query is passed always store a zero length
-  query instead of having a NULL query.
-  
-  This permits to distinguish URL with trailing `?'.
-  
-  Fixes #3369
-  Closes #3370
-
-Daniel Gustafsson (13 Dec 2018)
-- OS400: handle memory error in list conversion
-  
-  Curl_slist_append_nodup() returns NULL when it fails to create a new
-  item for the specified list, and since the coding here reassigned the
-  new list on top of the old list it would result in a dangling pointer
-  and lost memory. Also, in case we hit an allocation failure at some
-  point during the conversion, with allocation succeeding again on the
-  subsequent call(s) we will return a truncated list around the malloc
-  failure point. Fix by assigning to a temporary list pointer, which can
-  be checked (which is the common pattern for slist appending), and free
-  all the resources on allocation failure.
-  
-  Closes #3372
-  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-- cookies: leave secure cookies alone
-  
-  Only allow secure origins to be able to write cookies with the
-  'secure' flag set. This reduces the risk of non-secure origins
-  to influence the state of secure origins. This implements IETF
-  Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates
-  RFC6265.
-  
-  Closes #2956
-  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-Daniel Stenberg (13 Dec 2018)
-- docs: fix the --tls-max description
-  
-  Reported-by: Tobias Lindgren
-  Pointed out in #3367
-  
-  Closes #3368
-
-Daniel Gustafsson (12 Dec 2018)
-- urlapi: Fix port parsing of eol colon
-  
-  A URL with a single colon without a portnumber should use the default
-  port, discarding the colon. Fix, add a testcase and also do little bit
-  of comment wordsmithing.
-  
-  Closes #3365
-  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-Version 7.63.0 (12 Dec 2018)
-
-Daniel Stenberg (12 Dec 2018)
-- RELEASE-NOTES: 7.63.0
-
-- THANKS: from the curl 7.62.0 cycle
-
-- test1519: use lib1518 and test CURLINFO_REDIRECT_URL more
-
-- Curl_follow: extract the Location: header field unvalidated
-  
-  ... when not actually following the redirect. Otherwise we return error
-  for this and an application can't extract the value.
-  
-  Test 1518 added to verify.
-  
-  Reported-by: Pavel Pavlov
-  Fixes #3340
-  Closes #3364
-
-- multi: convert two timeout variables to timediff_t
-  
-  The time_t type is unsigned on some systems and these variables are used
-  to hold return values from functions that return timediff_t
-  already. timediff_t is always a signed type.
-  
-  Closes #3363
-
-- delta: use --diff-filter on the git diff-tree invokes
-  
-  Suggested-by: Dave Reisner
-
-Patrick Monnerat (11 Dec 2018)
-- documentation: curl_formadd field and file names are now escaped
-  
-  Prior to 7.56.0, fieldnames and filenames were set in Content-Disposition
-  header without special processing: this may lead to invalid RFC 822
-  quoted-strings.
-  7.56.0 introduces escaping of backslashes and double quotes in these names:
-  mention it in the documentation.
-  
-  Reported-by: daboul on github
-  Closes #3361
-
-Daniel Stenberg (11 Dec 2018)
-- scripts/delta: show repo delta info from last release
-  
-  ... where "last release" should be the git tag in the repo.
-
-Daniel Gustafsson (11 Dec 2018)
-- tests: add urlapi unittest
-  
-  This adds a new unittest intended to cover the internal functions in
-  the urlapi code, starting with parse_port(). In order to avoid name
-  collisions in debug builds, parse_port() is renamed Curl_parse_port()
-  since it will be exported.
-  
-  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-  Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
-
-- urlapi: fix portnumber parsing for ipv6 zone index
-  
-  An IPv6 URL which contains a zone index includes a '%%25<zode id>'
-  string before the ending ']' bracket. The parsing logic wasn't set
-  up to cope with the zone index however, resulting in a malformed url
-  error being returned. Fix by breaking the parsing into two stages
-  to correctly handle the zone index.
-  
-  Closes #3355
-  Closes #3319
-  Reported-by: tonystz on Github
-  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-  Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
-
-Daniel Stenberg (11 Dec 2018)
-- [Jay Satiro brought this change]
-
-  http: fix HTTP auth to include query in URI
-  
-  - Include query in the path passed to generate HTTP auth.
-  
-  Recent changes to use the URL API internally (46e1640, 7.62.0)
-  inadvertently broke authentication URIs by omitting the query.
-  
-  Fixes https://github.com/curl/curl/issues/3353
-  Closes #3356
-
-- [Michael Kaufmann brought this change]
-
-  http: don't set CURLINFO_CONDITION_UNMET for http status code 204
-  
-  The http status code 204 (No Content) should not change the "condition
-  unmet" flag. Only the http status code 304 (Not Modified) should do
-  this.
-  
-  Closes #359
-
-- [Samuel Surtees brought this change]
-
-  ldap: fix LDAP URL parsing regressions
-  
-  - Match URL scheme with LDAP and LDAPS
-  - Retrieve attributes, scope and filter from URL query instead
-  
-  Regression brought in 46e164069d1a5230 (7.62.0)
-  
-  Closes #3362
-
-- RELEASE-NOTES: synced
-
-- [Stefan Kanthak brought this change]
-
-  (lib)curl.rc: fixup for minor bugs
-  
-  All resources defined in lib/libcurl.rc and curl.rc are language
-  neutral.
-  
-  winbuild/MakefileBuild.vc ALWAYS defines the macro DEBUGBUILD, so the
-  ifdef's in line 33 of lib/libcurl.rc and src/curl.rc are wrong.
-  
-  Replace the hard-coded constants in both *.rc files with #define'd
-  values.
-  
-  Thumbs-uped-by: Rod Widdowson, Johannes Schindelin
-  URL: https://curl.haxx.se/mail/lib-2018-11/0000.html
-  Closes #3348
-
-- test329: verify cookie max-age=0 immediate expiry
-
-- cookies: expire "Max-Age=0" immediately
-  
-  Reported-by: Jeroen Ooms
-  Fixes #3351
-  Closes #3352
-
-- [Johannes Schindelin brought this change]
-
-  Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1
-  
-  This is a companion patch to cbea2fd2c (NTLM: force the connection to
-  HTTP/1.1, 2018-12-06): with NTLM, we can switch to HTTP/1.1
-  preemptively. However, with other (Negotiate) authentication it is not
-  clear to this developer whether there is a way to make it work with
-  HTTP/2, so let's try HTTP/2 first and fall back in case we encounter the
-  error HTTP_1_1_REQUIRED.
-  
-  Note: we will still keep the NTLM workaround, as it avoids an extra
-  round trip.
-  
-  Daniel Stenberg helped a lot with this patch, in particular by
-  suggesting to introduce the Curl_h2_http_1_1_error() function.
-  
-  Closes #3349
-  
-  Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Ben Greear brought this change]
-
-  openssl: fix unused variable compiler warning with old openssl
-  
-  URL: https://curl.haxx.se/mail/lib-2018-11/0055.html
-  
-  Closes #3347
-
-- [Johannes Schindelin brought this change]
-
-  NTLM: force the connection to HTTP/1.1
-  
-  Since v7.62.0, cURL tries to use HTTP/2 whenever the server announces
-  the capability. However, NTLM authentication only works with HTTP/1.1,
-  and will likely remain in that boat (for details, see
-  https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported).
-  
-  When we just found out that we want to use NTLM, and when the current
-  connection runs in HTTP/2 mode, let's force the connection to be closed
-  and to be re-opened using HTTP/1.1.
-  
-  Fixes https://github.com/curl/curl/issues/3341.
-  Closes #3345
-  
-  Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
-
-  curl_global_sslset(): id == -1 is not necessarily an error
-  
-  It is allowed to call that function with id set to -1, specifying the
-  backend by the name instead. We should imitate what is done further down
-  in that function to allow for that.
-  
-  Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-  
-  Closes #3346
-
-Johannes Schindelin (6 Dec 2018)
-- .gitattributes: make tabs in indentation a visible error
-  
-  Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-Daniel Stenberg (6 Dec 2018)
-- RELEASE-NOTES: synced
-
-- doh: fix memory leak in OOM situation
-  
-  Reviewed-by: Daniel Gustafsson
-  Closes #3342
-
-- doh: make it work for h2-disabled builds too
-  
-  Reported-by: dtmsecurity at github
-  Fixes #3325
-  Closes #3336
-
-- packages: remove old leftover files and dirs
-  
-  This subdir has mostly become an attic of never-used cruft from the
-  past.
-  
-  Closes #3331
-
-- [Gergely Nagy brought this change]
-
-  openssl: do not use file BIOs if not requested
-  
-  Moves the file handling BIO calls to the branch of the code where they
-  are actually used.
-  
-  Closes #3339
-
-- [Paul Howarth brought this change]
-
-  nss: Fix compatibility with nss versions 3.14 to 3.15
-
-- [Paul Howarth brought this change]
-
-  nss: Improve info message when falling back SSL protocol
-  
-  Use descriptive text strings rather than decimal numbers.
-
-- [Paul Howarth brought this change]
-
-  nss: Fall back to latest supported SSL version
-  
-  NSS may be built without support for the latest SSL/TLS versions,
-  leading to "SSL version range is not valid" errors when the library
-  code supports a recent version (e.g. TLS v1.3) but it has explicitly
-  been disabled.
-  
-  This change adjusts the maximum SSL version requested by libcurl to
-  be the maximum supported version at runtime, as long as that version
-  is at least as high as the minimum version required by libcurl.
-  
-  Fixes #3261
-
-Daniel Gustafsson (3 Dec 2018)
-- travis: enable COPYRIGHTYEAR extended warning
-  
-  The extended warning for checking incorrect COPYRIGHTYEAR is quite
-  expensive to run, so rather than expecting every developer to do it
-  we ensure it's turned on locally for Travis.
-
-- checksrc: add COPYRIGHTYEAR check
-  
-  Forgetting to bump the year in the copyright clause when hacking has
-  been quite common among curl developers, but a traditional checksrc
-  check isn't a good fit as it would penalize anyone hacking on January
-  1st (among other things). This adds a more selective COPYRIGHTYEAR
-  check which intends to only cover the currently hacked on changeset.
-  
-  The check for updated copyright year is currently not enforced on all
-  files but only on files edited and/or committed locally. This is due to
-  the amount of files which aren't updated with their correct copyright
-  year at the time of their respective commit.
-  
-  To further avoid running this expensive check for every developer, it
-  adds a new local override mode for checksrc where a .checksrc file can
-  be used to turn on extended warnings locally.
-  
-  Closes #3303
-  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-Daniel Stenberg (3 Dec 2018)
-- CHECKSRC.md: document more warnings
-  
-  Closes #3335
-  [ci skip]
-
-- RELEASE-NOTES: synced
-
-- SECURITY-PROCESS: bountygraph shuts down
-  
-  This backpedals back the documents to the state before bountygraph.
-  
-  Closes #3311
-
-- curl: fix memory leak reading --writeout from file
-  
-  If another string had been set first, the writout function for reading
-  the syntax from file would leak the previously allocated memory.
-  
-  Reported-by: Brian Carpenter
-  Fixes #3322
-  Closes #3330
-
-- tool_main: rename function to make it unique and better
-  
-  ... there's already another function in the curl tool named
-  free_config_fields!
-
-Daniel Gustafsson (29 Nov 2018)
-- TODO: remove CURLOPT_DNS_USE_GLOBAL_CACHE entry
-  
-  Commit 7c5837e79280e6abb3ae143dfc49bca5e74cdd11 deprecated the option
-  making it a manual code-edit operation to turn it back on. The removal
-  process has thus started and is now documented in docs/DEPRECATE.md so
-  remove from the TODO to avoid anyone looking for something to pick up
-  spend cycles on an already in-progress entry.
-  
-  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-Jay Satiro (29 Nov 2018)
-- [Sevan Janiyan brought this change]
-
-  connect: fix building for recent versions of Minix
-  
-  EBADIOCTL doesn't exist on more recent Minix.
-  There have also been substantial changes to the network stack.
-  Fixes build on Minix 3.4rc
-  
-  Closes https://github.com/curl/curl/pull/3323
-
-- [Konstantin Kushnir brought this change]
-
-  CMake: fix MIT/Heimdal Kerberos detection
-  
-  - fix syntax error in FindGSS.cmake
-  - correct krb5 include directory. FindGSS exports
-    "GSS_INCLUDE_DIR" variable.
-  
-  Closes https://github.com/curl/curl/pull/3316
-
-Daniel Stenberg (28 Nov 2018)
-- test328: verify Content-Encoding: none
-  
-  Because of issue #3315
-  
-  Closes #3317
-
-- [James Knight brought this change]
-
-  configure: include all libraries in ssl-libs fetch
-  
-  When compiling a collection of SSL libraries to link against (SSL_LIBS),
-  ensure all libraries are included. The call `--libs-only-l` can produce
-  only a subset of found in a `--libs` call (e.x. pthread may be excluded).
-  Adding `--libs-only-other` ensures other libraries are also included in
-  the list. This corrects select build environments compiling against a
-  static version of OpenSSL. Before the change, the following could be
-  observed:
-  
-      checking for openssl options with pkg-config... found
-      configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -lcrypto -lz -ldl "
-      configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib "
-      configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include "
-      checking for HMAC_Update in -lcrypto... no
-      checking for HMAC_Init_ex in -lcrypto... no
-      checking OpenSSL linking with -ldl... no
-      checking OpenSSL linking with -ldl and -lpthread... no
-      configure: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.
-      configure: WARNING: Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, or --with-darwinssl to address this.
-      ...
-      SSL support:      no      (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} )
-      ...
-  
-  And include the other libraries when compiling SSL_LIBS succeeds with:
-  
-      checking for openssl options with pkg-config... found
-      configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -pthread -lcrypto -lz -ldl -pthread "
-      configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib "
-      configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include "
-      checking for HMAC_Update in -lcrypto... yes
-      checking for SSL_connect in -lssl... yes
-      ...
-      SSL support:      enabled (OpenSSL)
-      ...
-  
-  Signed-off-by: James Knight <james.d.knight@live.com>
-  Closes #3193
-
-Daniel Gustafsson (26 Nov 2018)
-- doh: fix typo in infof call
-  
-  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-- cmdline-opts/gen.pl: define the correct varname
-  
-  The variable definition had a small typo making it declare another
-  variable then the intended.
-  
-  Closes #3304
-  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-Daniel Stenberg (25 Nov 2018)
-- RELEASE-NOTES: synced
-
-- curl_easy_perform: fix timeout handling
-  
-  curl_multi_wait() was erroneously used from within
-  curl_easy_perform(). It could lead to it believing there was no socket
-  to wait for and then instead sleep for a while instead of monitoring the
-  socket and then miss acting on that activity as swiftly as it should
-  (causing an up to 1000 ms delay).
-  
-  Reported-by: Antoni Villalonga
-  Fixes #3305
-  Closes #3306
-  Closes #3308
-
-- CURLOPT_WRITEFUNCTION.3: spell out that it gets called many times
-
-- cookies: create the cookiejar even if no cookies to save
-  
-  Important for when the file is going to be read again and thus must not
-  contain old contents!
-  
-  Adds test 327 to verify.
-  
-  Reported-by: daboul on github
-  Fixes #3299
-  Closes #3300
-
-- checksrc: ban snprintf use, add command line flag to override warns
-
-- snprintf: renamed and we now only use msnprintf()
-  
-  The function does not return the same value as snprintf() normally does,
-  so readers may be mislead into thinking the code works differently than
-  it actually does. A different function name makes this easier to detect.
-  
-  Reported-by: Tomas Hoger
-  Assisted-by: Daniel Gustafsson
-  Fixes #3296
-  Closes #3297
-
-- [Tobias Hintze brought this change]
-
-  test: update test20/1322 for eglibc bug workaround
-  
-  The tests 20 and 1322 are using getaddrinfo of libc for resolving. In
-  eglibc-2.19 there is a memory leakage and invalid free bug which
-  surfaces in some special circumstances (PF_UNSPEC hint with invalid or
-  non-existent names). The valgrind runs in testing fail in these
-  situations.
-  
-  As the tests 20/1322 are not specific on either protocol (IPv4/IPv6)
-  this commit changes the hints to IPv4 protocol by passing `--ipv4` flag
-  on the tests' command line.  This prevents the valgrind failures.
-
-- [Tobias Hintze brought this change]
-
-  host names: allow trailing dot in name resolve, then strip it
-  
-  Delays stripping of trailing dots to after resolving the hostname.
-  
-  Fixes #3022
-  Closes #3222
-
-- [UnknownShadow200 brought this change]
-
-  CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis and description
-  
-  Closes #3295
-
-Daniel Gustafsson (21 Nov 2018)
-- configure: Fix typo in comment
-
-Michael Kaufmann (21 Nov 2018)
-- openssl: support session resume with TLS 1.3
-  
-  Session resumption information is not available immediately after a TLS 1.3
-  handshake. The client must wait until the server has sent a session ticket.
-  
-  Use OpenSSL's "new session" callback to get the session information and put it
-  into curl's session cache. For TLS 1.3 sessions, this callback will be invoked
-  after the server has sent a session ticket.
-  
-  The "new session" callback is invoked only if OpenSSL's session cache is
-  enabled, so enable it and use the "external storage" mode which lets curl manage
-  the contents of the session cache.
-  
-  A pointer to the connection data and the sockindex are now saved as "SSL extra
-  data" to make them available to the callback.
-  
-  This approach also works for old SSL/TLS versions and old OpenSSL versions.
-  
-  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-  
-  Fixes #3202
-  Closes #3271
-
-- ssl: fix compilation with OpenSSL 0.9.7
-  
-  - ENGINE_cleanup() was used without including "openssl/engine.h"
-  - enable engine support for OpenSSL 0.9.7
-  
-  Closes #3266
-
-Daniel Stenberg (21 Nov 2018)
-- openssl: disable TLS renegotiation with BoringSSL
-  
-  Since we're close to feature freeze, this change disables this feature
-  with an #ifdef. Define ALLOW_RENEG at build-time to enable.
-  
-  This could be converted to a bit for CURLOPT_SSL_OPTIONS to let
-  applications opt-in this.
-  
-  Concern-raised-by: David Benjamin
-  Fixes #3283
-  Closes #3293
-
-- [Romain Fliedel brought this change]
-
-  ares: remove fd from multi fd set when ares is about to close the fd
-  
-  When using c-ares for asyn dns, the dns socket fd was silently closed
-  by c-ares without curl being aware. curl would then 'realize' the fd
-  has been removed at next call of Curl_resolver_getsock, and only then
-  notify the CURLMOPT_SOCKETFUNCTION to remove fd from its poll set with
-  CURL_POLL_REMOVE. At this point the fd is already closed.
-  
-  By using ares socket state callback (ARES_OPT_SOCK_STATE_CB), this
-  patch allows curl to be notified that the fd is not longer needed
-  for neither for write nor read. At this point by calling
-  Curl_multi_closed we are able to notify multi with CURL_POLL_REMOVE
-  before the fd is actually closed by ares.
-  
-  In asyn-ares.c Curl_resolver_duphandle we can't use ares_dup anymore
-  since it does not allow passing a different sock_state_cb_data
-  
-  Closes #3238
-
-- [Romain Fliedel brought this change]
-
-  examples/ephiperfifo: report error when epoll_ctl fails
-
-Daniel Gustafsson (20 Nov 2018)
-- [pkubaj brought this change]
-
-  ntlm: Remove redundant ifdef USE_OPENSSL
-  
-  lib/curl_ntlm.c had code that read as follows:
-  
-    #ifdef USE_OPENSSL
-    # ifdef USE_OPENSSL
-    # else
-    # ..
-    # endif
-    #endif
-  
-  Remove the redundant USE_OPENSSL along with #else (it's not possible to
-  reach it anyway). The removed construction is a leftover from when the
-  SSLeay support was removed.
-  
-  Closes #3269
-  Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
-  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-Daniel Stenberg (20 Nov 2018)
-- [Han Han brought this change]
-
-  ssl: replace all internal uses of CURLE_SSL_CACERT
-  
-  Closes #3291
-
-Han Han (19 Nov 2018)
-- docs: add more description to unified ssl error codes
-
-- curle: move deprecated error code to ifndef block
-
-Patrick Monnerat (19 Nov 2018)
-- os400: add CURLOPT_CURLU to ILE/RPG binding.
-
-- os400: Add curl_easy_conn_upkeep() to ILE/RPG binding.
-
-- os400: fix return type of curl_easy_pause() in ILE/RPG binding.
-
-Daniel Stenberg (19 Nov 2018)
-- RELEASE-NOTES: synced
-
-- impacket: add LICENSE
-  
-  The license for the impacket package was not in our tree.
-  
-  Imported now from upstream's
-  https://github.com/SecureAuthCorp/impacket/blob/master/LICENSE
-  
-  Reported-by: infinnovation-dev on github
-  Fixes #3276
-  Closes #3277
-
-Daniel Gustafsson (18 Nov 2018)
-- tool_doswin: Fix uninitialized field warning
-  
-  The partial struct initialization in 397664a065abffb7c3445ca9 caused
-  a warning on uninitialized MODULEENTRY32 struct members:
-  
-    /src/tool_doswin.c:681:3: warning: missing initializer for field
-    'th32ModuleID' of 'MODULEENTRY32 {aka struct tagMODULEENTRY32}'
-    [-Wmissing-field-initializers]
-  
-  This is sort of a bogus warning as the remaining members will be set
-  to zero by the compiler, as all omitted members are. Nevertheless,
-  remove the warning by omitting all members and setting the dwSize
-  members explicitly.
-  
-  Closes #3254
-  Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
-  Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
-
-- openssl: Remove SSLEAY leftovers
-  
-  Commit 709cf76f6bb7dbac deprecated USE_SSLEAY, as curl since long isn't
-  compatible with the SSLeay library. This removes the few leftovers that
-  were omitted in the less frequently used platform targets.
-  
-  Closes #3270
-  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-Daniel Stenberg (16 Nov 2018)
-- [Elia Tufarolo brought this change]
-
-  http_negotiate: do not close connection until negotiation is completed
-  
-  Fix HTTP POST using CURLAUTH_NEGOTIATE.
-  
-  Closes #3275
-
-- pop3: only do APOP with a valid timestamp
-  
-  Brought-by: bobmitchell1956 on github
-  Fixes #3278
-  Closes #3279
-
-Jay Satiro (16 Nov 2018)
-- [Peter Wu brought this change]
-
-  openssl: do not log excess "TLS app data" lines for TLS 1.3
-  
-  The SSL_CTX_set_msg_callback callback is not just called for the
-  Handshake or Alert protocols, but also for the raw record header
-  (SSL3_RT_HEADER) and the decrypted inner record type
-  (SSL3_RT_INNER_CONTENT_TYPE). Be sure to ignore the latter to avoid
-  excess debug spam when using `curl -v` against a TLSv1.3-enabled server:
-  
-      * TLSv1.3 (IN), TLS app data, [no content] (0):
-  
-  (Following this message, another callback for the decrypted
-  handshake/alert messages will be be present anyway.)
-  
-  Closes https://github.com/curl/curl/pull/3281
-
-Marc Hoersken (15 Nov 2018)
-- tests: disable SO_EXCLUSIVEADDRUSE for stunnel on Windows
-  
-  SO_EXCLUSIVEADDRUSE is on by default on Vista or newer,
-  but does not work together with SO_REUSEADDR being on.
-  
-  The default changes were made with stunnel 5.34 and 5.35.
-
-Daniel Stenberg (13 Nov 2018)
-- [Kamil Dudka brought this change]
-
-  nss: remove version selecting dead code
-  
-  Closes #3262
-
-- nss: set default max-tls to 1.3/1.2
-  
-  Fixes #3261
-
-Daniel Gustafsson (13 Nov 2018)
-- tool_cb_wrt: Silence function cast compiler warning
-  
-  Commit 5bfaa86ceb3c2a9ac474a928e748c4a86a703b33 introduced a new
-  compiler warning on Windows cross compilation with GCC. See below
-  for an example of the warning from the autobuild logs (whitespace
-  edited to fit):
-  
-  /src/tool_cb_wrt.c:175:9: warning: cast from function call of type
-      'intptr_t {aka long long int}' to non-matching type 'void *'
-      [-Wbad-function-cast]
-  (HANDLE) _get_osfhandle(fileno(outs->stream)),
-  ^
-  
-  Store the return value from _get_osfhandle() in an intermediate
-  variable and cast the variable in WriteConsoleW() rather than the
-  function call directly to avoid a compiler warning.
-  
-  In passing, also add inspection of the MultiByteToWideChar() return
-  value and return failure in case an error is reported.
-  
-  Closes #3263
-  Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
-  Reviewed-by: Viktor Szakats <commit@vszakats.net>
-
-Daniel Stenberg (12 Nov 2018)
-- nss: fix fallthrough comment to fix picky compiler warning
-
-- docs: expanded on some CURLU details
-
-- [Tim Rühsen brought this change]
-
-  ftp: avoid two unsigned int overflows in FTP listing parser
-  
-  Curl_ftp_parselist: avoid unsigned integer overflows
-  
-  The overflow has no real world impact, just avoid it for "best
-  practice".
-  
-  Closes #3225
diff --git a/libs/libcurl/docs/THANKS b/libs/libcurl/docs/THANKS
index 73b84cfdb3..884906ae26 100644
--- a/libs/libcurl/docs/THANKS
+++ b/libs/libcurl/docs/THANKS
@@ -51,6 +51,7 @@ Alex Chan
 Alex Fishman
 Alex Grebenschikov
 Alex Gruz
+Alex Konev
 Alex Malinovich
 Alex Mayorga
 Alex McLellan
@@ -58,6 +59,7 @@ Alex Neblett
 Alex Nichols
 Alex Potapenko
 Alex Rousskov
+Alex Samorukov
 Alex Suykov
 Alex Vinnik
 Alex aka WindEagle
@@ -116,6 +118,7 @@ Andrei Karas
 Andrei Kurushin
 Andrei Neculau
 Andrei Sedoi
+Andrei Valeriu BICA
 Andrei Virtosu
 Andrej E Baranov
 Andrew Benham
@@ -177,9 +180,11 @@ Balaji Salunke
 Balazs Kovacsics
 Balint Szilakszi
 Barry Abrahamson
+Barry Pollard
 Bart Whiteley
 Bas Mevissen
 Bas van Schaik
+Bastien Bouclet
 Basuke Suzuki
 Ben Boeckel
 Ben Darnell
@@ -257,6 +262,7 @@ Bruno Thomsen
 Bruno de Carvalho
 Bryan Henderson
 Bryan Kemp
+Bylon2 on github
 Byrial Jensen
 Caleb Raitto
 Cameron Kaiser
@@ -304,7 +310,9 @@ Christian Schmitz
 Christian Stewart
 Christian Vogt
 Christian Weisgerber
+Christoph M. Becker
 Christophe Demory
+Christophe Dervieux
 Christophe Legry
 Christopher Conroy
 Christopher Head
@@ -382,6 +390,7 @@ Daniel Romero
 Daniel Schauenberg
 Daniel Seither
 Daniel Shahaf
+Daniel Silverstone
 Daniel Steinberg
 Daniel Stenberg
 Daniel Theron
@@ -436,6 +445,7 @@ David Woodhouse
 David Wright
 David Yan
 Dengminwen
+Denis Chaplygin
 Denis Feklushkin
 Denis Ollier
 Dennis Clarke
@@ -520,6 +530,7 @@ Elliot Saba
 Ellis Pritchard
 Elmira A Semenova
 Emanuele Bovisio
+Emil Engler
 Emil Lerner
 Emil Romanus
 Emiliano Ida
@@ -589,6 +600,7 @@ Forrest Cahoon
 Francisco Moraes
 Francisco Sedano
 Francois Petitjean
+Francois Rivard
 Frank Denis
 Frank Gevaerts
 Frank Hempel
@@ -622,6 +634,7 @@ Georg Horn
 Georg Huettenegger
 Georg Lippitsch
 Georg Wicherski
+George Liu
 Gerd v. Egidy
 Gergely Nagy
 Gerhard Herre
@@ -633,6 +646,7 @@ Gil Weber
 Gilad
 Gilbert Ramirez Jr.
 Gilles Blanc
+Gilles Vollant
 Giorgos Oikonomou
 Gisle Vanem
 GitYuanQu on github
@@ -657,6 +671,7 @@ Greg Rowe
 Greg Zavertnik
 Gregory Nicholls
 Gregory Szorc
+Griffin Downs
 Grigory Entin
 Guenole Bescon
 Guido Berhoerster
@@ -727,6 +742,7 @@ Ihor Karpenko
 Iida Yosiaki
 Ilguiz Latypov
 Ilja van Sprundel
+Ilya Kosarev
 Immanuel Gregoire
 Inca R
 Ingmar Runge
@@ -744,6 +760,7 @@ Ivo Bellin Salarin
 Jack Zhang
 Jackarain on github
 Jacky Lam
+Jacob Barthelmeh
 Jacob Meuser
 Jacob Moshenko
 Jactry Zeng
@@ -813,6 +830,7 @@ Jeff Phillips
 Jeff Pohlmeyer
 Jeff Weber
 Jeffrey Walton
+Jens Finkhaeuser
 Jens Rantil
 Jens Schleusener
 Jeremie Rapin
@@ -840,6 +858,7 @@ Jim Freeman
 Jim Fuller
 Jim Hollinger
 Jim Meyering
+Jimmy Gaussen
 Jiri Dvorak
 Jiri Hruska
 Jiri Jaburek
@@ -890,6 +909,7 @@ John Weismiller
 John Wilkinson
 John-Mark Bell
 Johnny Luong
+Jojojov on github
 Jon DeVree
 Jon Grubbs
 Jon Nelson
@@ -1070,6 +1090,7 @@ Luca Altea
 Luca Boccassi
 Lucas Adamski
 Lucas Pardue
+Lucas Severo
 Ludek Finstrle
 Ludovico Cavedon
 Ludwig Nussel
@@ -1107,6 +1128,7 @@ Marc Kleine-Budde
 Marc Renault
 Marc Schlatter
 Marc-Antoine Perennou
+Marcel Hernandez
 Marcel Raad
 Marcel Roelofs
 Marcelo Echeverria
@@ -1151,6 +1173,7 @@ Martin Drasar
 Martin Dreher
 Martin Frodl
 Martin Galvan
+Martin Gartner
 Martin Hager
 Martin Hedenfalk
 Martin Jansen
@@ -1283,6 +1306,7 @@ Nate Prewitt
 Nathan Coulter
 Nathan O'Sullivan
 Nathanael Nerode
+Nathaniel J. Smith
 Nathaniel Waisbrot
 Naveen Chandran
 Naveen Noel
@@ -1292,6 +1316,7 @@ Neil Bowers
 Neil Dunbar
 Neil Kolban
 Neil Spring
+Niall O'Reilly
 Nic Roets
 Nicholas Maniscalco
 Nick Draffen
@@ -1370,7 +1395,9 @@ Patrick Smith
 Patrick Watson
 Patrik Thunstrom
 Pau Garcia i Quiles
+Paul B. Omta
 Paul Donohue
+Paul Dreik
 Paul Groke
 Paul Harrington
 Paul Harris
@@ -1415,6 +1442,7 @@ Peter Piekarski
 Peter Silva
 Peter Simonyi
 Peter Su
+Peter Sumatra
 Peter Sylvester
 Peter Todd
 Peter Varga
@@ -1438,6 +1466,7 @@ Philip Langdale
 Philip Prindeville
 Philipp Waehnert
 Philippe Hameau
+Philippe Marguinaud
 Philippe Raoult
 Philippe Vaucher
 Pierre
@@ -1446,6 +1475,7 @@ Pierre Chapuis
 Pierre Joye
 Pierre Ynard
 Piotr Dobrogost
+Piotr Komborski
 Po-Chuan Hsieh
 Pooyan McSporran
 Poul T Lomholt
@@ -1563,6 +1593,7 @@ Rodric Glaser
 Rodrigo Silva
 Roger Leigh
 Roland Blom
+Roland Hieber
 Roland Krikava
 Roland Zimmermann
 Rolf Eike Beer
@@ -1626,6 +1657,7 @@ Sean Burford
 Sean MacLennan
 Sean Miller
 Sebastiaan van Erk
+Sebastian Haglund
 Sebastian Mundry
 Sebastian Pohlschmidt
 Sebastian Rasmussen
@@ -1669,6 +1701,7 @@ Somnath Kundu
 Song Ma
 Sonia Subramanian
 Spacen Jasset
+Spezifant on github
 Spiridonoff A.V
 Spork Schivago
 Stadler Stephan
@@ -1714,8 +1747,10 @@ Steven G. Johnson
 Steven Gu
 Steven M. Schweda
 Steven Parkes
+Stian Soiland-Reyes
 Stoned Elipot
 Stuart Henderson
+SumatraPeter on github
 Sune Ahlgren
 Sunny Purushe
 Sven Anders
@@ -1827,6 +1862,7 @@ Toshiyuki Maezawa
 Traian Nicolescu
 Travis Burtrum
 Travis Obenhaus
+Trivikram Kamat
 Troels Walsted Hansen
 Troy Engel
 Tseng Jun
@@ -1840,6 +1876,7 @@ Ulrich Doehner
 Ulrich Telle
 Ulrich Zadow
 Valentin David
+Valerii Zapodovnikov
 Vasiliy Faronov
 Vasily Lobaskin
 Vasy Okhin
@@ -1850,6 +1887,7 @@ Victor Snezhko
 Vijay Panghal
 Vikram Saxena
 Viktor Szakats
+Vilhelm Prytz
 Ville Skyttä
 Vilmos Nebehaj
 Vincas Razma
@@ -1899,6 +1937,7 @@ Yang Tse
 Yarram Sunil
 Yasuharu Yamada
 Yasuhiro Matsumoto
+Yechiel Kalmenson
 Yehezkel Horowitz
 Yehoshua Hershberg
 Yi Huang
@@ -1966,6 +2005,7 @@ jonrumsey on github
 joshhe on github
 jungle-boogie on github
 jveazey on github
+jzinn on github
 ka7 on github
 kreshano on github
 l00p3r on Hackerone
@@ -1977,6 +2017,7 @@ masbug on github
 mccormickt12 on github
 migueljcrum on github
 mkzero on github
+momala454 on github
 moohoorama on github
 nedres on github
 neex on github
@@ -1984,6 +2025,7 @@ neheb on github
 nevv on HackerOne/curl
 niallor on github
 nianxuejie on github
+nico-abram on github
 niner on github
 nk
 nopjmp on github