                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Version 7.68.0 (8 Jan 2020)

Daniel Stenberg (8 Jan 2020)
- RELEASE-NOTES: 7.68.0

- THANKS: updated with names from the 7.68.0 release

- RELEASE-PROCEDURE: add four future release dates
  
  and remove four past release dates
  
  [skip ci]

Marcel Raad (6 Jan 2020)
- TrackMemory tests: always remove CR before LF
  
  It was removed for output containing ' =' via `s/ =.*//`. With classic
  MinGW, this made lines with `free()` end with CRLF, but lines with e.g.
  `malloc()` end with only LF. The tests expect LF only.
  
  Closes https://github.com/curl/curl/pull/4788

Daniel Stenberg (6 Jan 2020)
- multi.h: move INITIAL_MAX_CONCURRENT_STREAMS from public header
  
  ... to the private multihhandle.h. It is not for public use and it
  wasn't prefixed correctly anyway!
  
  Closes #4790

- file: fix copyright year range
  
  Follow-up to 1b71bc532bd

- curl -w: handle a blank input file correctly
  
  Previously it would end up with an uninitialized memory buffer that
  would lead to a crash or junk getting output.
  
  Added test 1271 to verify.
  
  Reported-by: Brian Carpenter
  Closes #4786

- file: on Windows, refuse paths that start with \\
  
  ... as that might cause an unexpected SMB connection to a given host
  name.
  
  Reported-by: Fernando Muñoz
  CVE-2019-15601
  Bug: https://curl.haxx.se/docs/CVE-2019-15601.html

Jay Satiro (6 Jan 2020)
- CURLOPT_READFUNCTION.3: fix fopen params in example

- CURLOPT_READFUNCTION.3: fix variable name in example
  
  Reported-by: Paul Joyce
  
  Fixes https://github.com/curl/curl/issues/4787

Daniel Stenberg (5 Jan 2020)
- curl:getparameter return error for --http3 if libcurl doesn't support
  
  Closes #4785

- docs: mention CURL_MAX_INPUT_LENGTH restrictions
  
  ... for curl_easy_setopt() and curl_url_set().
  
  [skip ci]
  
  Closes #4783

- curl: properly free mimepost data
  
  ... as it could otherwise leak memory when a transfer failed.
  
  Added test 1293 to verify.
  
  Reported-by: Brian Carpenter
  Fixes #4781
  Closes #4782

- curl: cleanup multi handle on failure
  
  ... to fix memory leak in error path.
  
  Fixes #4772
  Closes #4780
  Reported-by: Brian Carpenter

Marcel Raad (3 Jan 2020)
- lib: fix compiler warnings with `CURL_DISABLE_VERBOSE_STRINGS`
  
  Closes https://github.com/curl/curl/pull/4775

Daniel Stenberg (3 Jan 2020)
- COPYING: it's 2020!
  
  [skip ci]

Jay Satiro (3 Jan 2020)
- [Marc Aldorasi brought this change]

  tests: Fix bounce requests with truncated writes
  
  Prior to this change the swsbounce check in service_connection could
  fail because prevtestno and prevpartno were not set, which would cause
  the wrong response data to be sent to some tests and cause them to fail.
  
  Ref: https://github.com/curl/curl/pull/4717#issuecomment-570240785

Marcel Raad (31 Dec 2019)
- tool: make a few char pointers point to const char instead
  
  These are read-only.
  
  Closes https://github.com/curl/curl/pull/4771

Jay Satiro (31 Dec 2019)
- tests: Change NTLM tests to require SSL
  
  Prior to this change tests that required NTLM feature did not require
  SSL feature.
  
  There are pending changes to cmake builds that will allow enabling NTLM
  in non-SSL builds in Windows. In that case the NTLM auth strings created
  are different from what is expected by the NTLM tests and they fail:
  
  "The issue with NTLM is that previous non-SSL builds would not enable
  NTLM and so the NTLM tests would be skipped."
  
  Assisted-by: marc-groundctl@users.noreply.github.com
  
  Ref: https://github.com/curl/curl/pull/4717#issuecomment-566218729
  
  Closes https://github.com/curl/curl/pull/4768

- [Michael Forney brought this change]

  bearssl: Improve I/O handling
  
  Factor out common I/O loop as bearssl_run_until, which reads/writes TLS
  records until the desired engine state is reached. This is now used for
  the handshake, read, write, and close.
  
  Match OpenSSL SSL_write behavior, and don't return the number of bytes
  written until the corresponding records have been completely flushed
  across the socket. This involves keeping track of the length of data
  buffered into the TLS engine, and assumes that when CURLE_AGAIN is
  returned, the write function will be called again with the same data
  and length arguments. This is the same requirement of SSL_write.
  
  Handle TLS close notify as EOF when reading by returning 0.
  
  Closes https://github.com/curl/curl/pull/4748

- travis: Fix error detection
  
  - Stop using inline shell scripts for before_script and script sections.
  
  Prior to this change Travis could ignore errors from commands in inline
  scripts. I don't understand how or why it happens. This is a workaround.
  
  Assisted-by: Simon Warta
  
  Ref: https://github.com/travis-ci/travis-ci/issues/1066
  
  Fixes https://github.com/curl/curl/issues/3730
  Closes https://github.com/curl/curl/pull/3755

- tool_operate: fix mem leak when failed config parse
  
  Found by fuzzing the config file.
  
  Reported-by: Geeknik Labs
  
  Fixes https://github.com/curl/curl/issues/4767

- [Xiang Xiao brought this change]

  lib: remove erroneous +x file permission on some c files
  
  Modified by commit eb9a604 accidentally.
  
  Closes https://github.com/curl/curl/pull/4756

- [Xiang Xiao brought this change]

  lib: fix warnings found when porting to NuttX
  
  - Undefine DEBUGASSERT in curl_setup_once.h in case it was already
    defined as a system macro.
  
  - Don't compile write32_le in curl_endian unless
    CURL_SIZEOF_CURL_OFF_T > 4, since it's only used by Curl_write64_le.
  
  - Include <arpa/inet.h> in socketpair.c.
  
  Closes https://github.com/curl/curl/pull/4756

- os400: Add missing CURLE error constants
  
  Bug: https://github.com/curl/curl/pull/4754#issuecomment-569126922
  Reported-by: Emil Engler

- CURLOPT_HEADERFUNCTION.3: Document that size is always 1
  
  For compatibility with `fwrite`, the `CURLOPT_HEADERFUNCTION` callback
  is passed two `size_t` parameters which, when multiplied, designate the
  number of bytes of data passed in. In practice, CURL always sets the
  first parameter (`size`) to 1.
  
  This practice is also enshrined in documentation and cannot be changed
  in future. The documentation states that the default callback is
  `fwrite`, which means `fwrite` must be a suitable function for this
  purpose. However, the documentation also states that the callback must
  return the number of *bytes* it successfully handled, whereas ISO C
  `fwrite` returns the number of items (each of size `size`) which it
  wrote. The only way these numbers can be equal is if `size` is 1.
  
  Since `size` is 1 and can never be changed in future anyway, document
  that fact explicitly and let users rely on it.
  
  Reported-by: Frank Gevaerts
  Commit-message-by: Christopher Head
  
  Ref: https://github.com/curl/curl/pull/2787
  
  Fixes https://github.com/curl/curl/issues/4758

- examples/postinmemory.c: Call curl_global_cleanup always
  
  Prior to this change curl_global_cleanup was not called if
  curl_easy_init failed.
  
  Reported-by: kouzhudong@users.noreply.github.com
  
  Fixes https://github.com/curl/curl/issues/4751

Daniel Stenberg (21 Dec 2019)
- url2file.c: fix copyright year
  
  Follow-up to 525787269599b5

- [Rickard Hallerbäck brought this change]

  examples/url2file.c: corrected a comment
  
  The comment was confusing and suggested that setting CURLOPT_NOPROGRESS
  to 0L would both enable and disable debug output at the same time, like
  a Schrödinger's cat of CURLOPTs.
  
  Closes #4745

- HISTORY: OSS-Fuzz started fuzzing libcurl in 2017

- RELEASE-NOTES: synced

Jay Satiro (20 Dec 2019)
- ngtcp2: Support the latest update key callback type
  
  - Remove our cb_update_key in favor of ngtcp2's new
    ngtcp2_crypto_update_key_cb which does the same thing.
  
  Several days ago the ngtcp2_update_key callback function prototype was
  changed in ngtcp2/ngtcp2@42ce09c. Though it would be possible to
  fix up our cb_update_key for that change they also added
  ngtcp2_crypto_update_key_cb which does the same thing so we'll use that
  instead.
  
  Ref: https://github.com/ngtcp2/ngtcp2/commit/42ce09c
  
  Closes https://github.com/curl/curl/pull/4735

Daniel Stenberg (19 Dec 2019)
- sws: search for "Testno:" header uncondtionally if no testno
  
  Even if the initial request line wasn't found. With the fix to 1455, the
  test number is now detected correctly.
  
  (Problem found when running tests in random order.)
  
  Closes #4744

- tests: set LC_ALL in more tests
  
  Follow-up to 23208e330ac0c21
  
  Closes #4743

- test165: set LC_ALL=en_US.UTF-8 too
  
  On my current Debian Unstable with libidn2 2.2.0, I get an error if
  LC_ALL is set to blank. Then curl errors out with:
  
  curl: (3) Failed to convert www.åäö.se to ACE; could not convert string to UTF-8
  
  Closes #4738

- curl.h: add two defines for the "pre ISO C" case
  
  Without this fix, this caused a compilation failure on AIX with IBM xlc
  13.1.3 compiler.
  
  Reported-by: Ram Krushna Mishra
  Fixes #4739
  Closes #4740

- create_conn: prefer multiplexing to using new connections
  
  ... as it would previously prefer new connections rather than
  multiplexing in most conditions! The (now removed) code was a leftover
  from the Pipelining code that was translated wrongly into a
  multiplex-only world.
  
  Reported-by: Kunal Ekawde
  Bug: https://curl.haxx.se/mail/lib-2019-12/0060.html
  Closes #4732

- test1456: remove the use of a fixed local port
  
  Fixup the test to instead not compare the port number. It sometimes
  caused problems like this:
  
  "curl: (45) bind failed with errno 98: Address already in use"
  
  Closes #4733

Jay Satiro (18 Dec 2019)
- CURLOPT_QUOTE.3: fix typos
  
  Prior to this change the EXAMPLE in the QUOTE/PREQUOTE/POSTQUOTE man
  pages would not compile because a variable name was incorrect.
  
  Reported-by: Bylon2@users.noreply.github.com
  
  Fixes https://github.com/curl/curl/issues/4736

- [Gisle Vanem brought this change]

  strerror: Fix compiler warning "empty expression"
  
  - Remove the final semi-colon in the SEC2TXT() macro definition.
  
  Before:  #define SEC2TXT(sec) case sec: txt = #sec; break;
  
  After:   #define SEC2TXT(sec) case sec: txt = #sec; break
  
  Prior to this change SEC2TXT(foo); would generate break;; which caused
  the empty expression warning.
  
  Ref: https://github.com/curl/curl/commit/5b22e1a#r36458547

Daniel Stenberg (18 Dec 2019)
- curl/parseconfig: use curl_free() to free memory allocated by libcurl
  
  Reported-by: bxac on github
  Fixes #4730
  Closes #4731

- curl/parseconfig: fix mem-leak
  
  When looping, first trying '.curlrc' and then '_curlrc', the function
  would not free the first string.
  
  Closes #4731

- CURLOPT_URL.3: "curl supports SMB version 1 (only)"
  
  [skip ci]

- test1270: a basic -w redirect_url test
  
  Closes #4728

- HISTORY: the SMB(S) support landed in 2014

- define: remove HAVE_ENGINE_LOAD_BUILTIN_ENGINES, not used anymore
  
  It is covered by USE_OPENSSL_ENGINE now.
  
  Reported-by: Gisle Vanem
  Bug: https://github.com/curl/curl/commit/87b9337c8f76c21c57b204e88b68c6ecf3bd1ac0#commitcomment-36447951
  
  Closes #4725

- lib: remove ASSIGNWITHINCONDITION exceptions, use our code style
  
  ... even for macros
  
  Reviewed-by: Daniel Gustafsson
  Reviewed-by: Jay Satiro
  Reported-by: Jay Satiro
  Fixes #4683
  Closes #4722

- tests: make sure checksrc runs on header files too

- Revert "checksrc: fix regexp for ASSIGNWITHINCONDITION"
  
  This reverts commit ba82673dac3e8d00a76aa5e3779a0cb80e7442af.
  
  Bug: #4683

- KNOWN_BUGS: TLS session cache doesn't work with TFO
  
  [skip ci]
  Closes #4301

- KNOWN_BUGS: Connection information when using TCP Fast Open
  
  Also point to #4296 for more details
  Closes #4296

- KNOWN_BUGS: LDAP on Windows doesn't work
  
  Closes #4261

- docs: TLS SRP doesn't work with TLS 1.3
  
  Reported-by: sayrer on github
  Closes #4262
  [skip ci]

Dan Fandrich (16 Dec 2019)
- cirrus: Switch to the FreeBSD 12.1 point release & enable more tests.
  
  A few tests are now passing on FreeBSD, so no longer skip them.
  [skip ci]

Daniel Stenberg (16 Dec 2019)
- azure: the macos cmake doesn't need to install cmake
  
   Error: cmake 3.15.5 is already installed
   To upgrade to 3.16.1, run `brew upgrade cmake`.
  
  Closes #4723

Jay Satiro (15 Dec 2019)
- winbuild: Document CURL_STATICLIB requirement for static libcurl
  
  A static libcurl (ie winbuild mode=static) requires that the user define
  CURL_STATICLIB when using it in their application. This is already
  covered in the FAQ and INSTALL.md, but is a pretty important point so
  now it's noted in the BUILD.WINDOWS.txt as well.
  
  Assisted-by: Michael Vittiglio
  
  Closes https://github.com/curl/curl/pull/4721

Daniel Stenberg (15 Dec 2019)
- [Santino Keupp brought this change]

  libssh2: add support for ECDSA and ed25519 knownhost keys
  
  ... if a new enough libssh2 version is present.
  
  Source: https://curl.haxx.se/mail/archive-2019-12/0023.html
  Co-Authored-by: Daniel Stenberg
  Closes #4714

- lib1591: free memory properly on OOM, in the trailers callback
  
  Detected by torture tests.
  
  Closes #4720

- runtests: --repeat=[num] to repeat tests
  
  Closes #4715

- RELEASE-NOTES: synced

- azure: add a torture test on mac
  
  Uses --shallow=25 to keep it small enough to get through in time.
  
  Closes #4712

- multi: free sockhash on OOM
  
  This would otherwise leak memory in the error path.
  
  Detected by torture test 1540.
  
  Closes #4713

Marcel Raad (13 Dec 2019)
- tests: use DoH feature for DoH tests
  
  Previously, http/2 was used instead.
  
  Assisted-by: Jay Satiro
  Closes https://github.com/curl/curl/pull/4692

- hostip: suppress compiler warning
  
  With `--disable-doh --disable-threaded-resolver`, the `dns` parameter
  is not used.
  
  Closes https://github.com/curl/curl/pull/4692

- tests: fix build with `CURL_DISABLE_DOH`
  
  Closes https://github.com/curl/curl/pull/4692

Daniel Stenberg (13 Dec 2019)
- azure: add a torture test
  
  Skipping all FTP tests for speed reasons.
  
  Closes #4697

- azure: make the default build use --enable-debug --enable-werror

- ntlm_wb: fix double-free in OOM
  
  Detected by torture testing test 1310
  
  Closes #4710

Dan Fandrich (13 Dec 2019)
- cirrus: Drop the FreeBSD 10.4 build
  
  Upstream support for 10.4 ended a year ago, and it looks like the image
  is now gone, too.
  [skip ci]

Daniel Stenberg (13 Dec 2019)
- unit1620: fix bad free in OOM
  
  Closes #4709

- unit1609: fix mem-leak in OOM
  
  Closes #4709

- unit1607: fix mem-leak in OOM
  
  Closes #4709

- lib1559: fix mem-leak in OOM
  
  Closes #4709

- lib1557: fix mem-leak in OOM
  
  Closes #4709

- altsvc: make the save function ignore NULL filenames
  
  It might happen in OOM situations. Detected bv torture tests.
  
  Closes #4707

- curl: fix memory leak in OOM in etags logic
  
  Detected by torture tests
  
  Closes #4706

- doh: make it behave when built without proxy support
  
  Reported-by: Marcel Raad
  Bug: https://github.com/curl/curl/pull/4692#issuecomment-564115734
  
  Closes #4704

- curl: improved cleanup in upload error path
  
  Memory leak found by torture test 58
  
  Closes #4705

- mailmap: fix Andrew Ishchuk

- travis: make torture use --shallow=40
  
  As a first step to enable it to run over a more diverse set of tests in
  a reasonable time.

- runtests: introduce --shallow to reduce huge torture tests
  
  When set, shallow mode limits runtests -t to make no more than NUM fails
  per test case. If more are found, it will randomly discard entries until
  the number is right. The random seed can also be set.
  
  This is particularly useful when running MANY tests as then most torture
  failures will already fail the same functions over and over and make the
  total operation painfully tedious.
  
  Closes #4699

- conncache: CONNECT_ONLY connections assumed always in-use
  
  This makes them never to be considered "the oldest" to be discarded when
  reaching the connection cache limit. The reasoning here is that
  CONNECT_ONLY is primarily used in combination with using the
  connection's socket post connect and since that is used outside of
  curl's knowledge we must assume that it is in use until explicitly
  closed.
  
  Reported-by: Pavel Pavlov
  Reported-by: Pavel Löbl
  Fixes #4426
  Fixes #4369
  Closes #4696

- [Gisle Vanem brought this change]

  vtls: make BearSSL possible to set with CURL_SSL_BACKEND
  
  Ref: https://github.com/curl/curl/commit/9b879160df01e7ddbb4770904391d3b74114302b#commitcomment-36355622
  
  Closes #4698

- RELEASE-NOTES: synced

- travis: remove "coverage", make it "torture"
  
  The coveralls service and test coverage numbers are just too unreliable.
  Removed badge from README.md as well.
  
  Fixes #4694
  Closes #4695

- azure: add libssh2 and cmake macos builds
  
  Removed the macos libssh2 build from travis
  
  Closes #4686

- curl: use errorf() better
  
  Change series of error outputs to use errorf().
  
  Only errors that are due to mistakes in command line option usage should
  use helpf(), other types of errors in the tool should rather use
  errorf().
  
  Closes #4691

Jay Satiro (9 Dec 2019)
- [Marc Hoersken brought this change]

  tests: make it possible to set executable extensions
  
  This enables the use of Windows Subsystem for Linux (WSL) to run the
  testsuite against Windows binaries while using Linux servers.
  
  This commit introduces the following environment variables:
  - CURL_TEST_EXE_EXT: set the executable extension for all components
  - CURL_TEST_EXE_EXT_TOOL: set it for the curl tool only
  - CURL_TEST_EXE_EXT_SSH: set it for the SSH tools only
  
  Later testcurl.pl could be adjusted to make use of those variables.
  - CURL_TEST_EXE_EXT_SRV: set it for the test servers only
  
  (This is one of several commits to support use of WSL for the tests.)
  
  Closes https://github.com/curl/curl/pull/3899

- [Marc Hoersken brought this change]

  tests: fix permissions of ssh keys in WSL
  
  Keys created on Windows Subsystem for Linux (WSL) require it for some
  reason.
  
  (This is one of several commits to support use of WSL for the tests.)
  
  Ref: https://github.com/curl/curl/pull/3899

- [Marc Hoersken brought this change]

  tests: use \r\n for log messages in WSL
  
  Bash in Windows Subsystem for Linux (WSL) requires it for some reason.
  
  (This is one of several commits to support use of WSL for the tests.)
  
  Ref: https://github.com/curl/curl/pull/3899

- [Andrew Ishchuk brought this change]

  winbuild: Define CARES_STATICLIB when WITH_CARES=static
  
  When libcurl is built with MODE=static, c-ares is forced into static
  linkage too. That doesn't happen when MODE=dll so linker would break
  over undefined symbols.
  
  closes https://github.com/curl/curl/pull/4688

Daniel Stenberg (9 Dec 2019)
- conn: always set bits.close with connclose()
  
  Closes #4690

- cirrus: enable clang sanitizers on freebsd 13

- conncache: fix multi-thread use of shared connection cache
  
  It could accidentally let the connection get used by more than one
  thread, leading to double-free and more.
  
  Reported-by: Christopher Reid
  Fixes #4544
  Closes #4557

- azure: add a vanilla macos build
  
  Closes #4685

- curl: make the etag load logic work without fseek
  
  The fseek()s were unnecessary and caused Coverity warning CID 1456554
  
  Closes #4681

- mailmap: Mohammad Hasbini

- [Mohammad Hasbini brought this change]

  docs: fix some typos
  
  Closes #4680

- RELEASE-NOTES: synced

Jay Satiro (5 Dec 2019)
- lib: fix some loose ends for recently added CURLSSLOPT_NO_PARTIALCHAIN
  
  Add support for CURLSSLOPT_NO_PARTIALCHAIN in CURLOPT_PROXY_SSL_OPTIONS
  and OS400 package spec.
  
  Also I added the option to the NameValue list in the tool even though it
  isn't exposed as a command-line option (...yet?). (NameValue stringizes
  the option name for the curl cmd -> libcurl source generator)
  
  Follow-up to 564d88a which added CURLSSLOPT_NO_PARTIALCHAIN.
  
  Ref: https://github.com/curl/curl/pull/4655

- setopt: Fix ALPN / NPN user option when built without HTTP2
  
  - Stop treating lack of HTTP2 as an unknown option error result for
    CURLOPT_SSL_ENABLE_ALPN and CURLOPT_SSL_ENABLE_NPN.
  
  Prior to this change it was impossible to disable ALPN / NPN if libcurl
  was built without HTTP2. Setting either option would result in
  CURLE_UNKNOWN_OPTION and the respective internal option would not be
  set. That was incorrect since ALPN and NPN are used independent of
  HTTP2.
  
  Reported-by: Shailesh Kapse
  
  Fixes https://github.com/curl/curl/issues/4668
  Closes https://github.com/curl/curl/pull/4672

Daniel Stenberg (5 Dec 2019)
- etag: allow both --etag-compare and --etag-save in same cmdline
  
  Fixes #4669
  Closes #4678

Marcel Raad (5 Dec 2019)
- curl_setup: fix `CURLRES_IPV6` condition
  
  Move the definition of `CURLRES_IPV6` to before undefining
  `HAVE_GETADDRINFO`. Regression from commit 67a08dca27a which caused
  some tests to fail and others to be skipped with c-ares.
  
  Fixes https://github.com/curl/curl/issues/4673
  Closes https://github.com/curl/curl/pull/4677

Daniel Stenberg (5 Dec 2019)
- test342: make it return a 304 as the tag matches

Peter Wu (4 Dec 2019)
- CMake: add support for building with the NSS vtls backend
  
  Options are cross-checked with configure.ac and acinclude.m4.
  Tested on Arch Linux, untested on other platforms like Windows or macOS.
  
  Closes #4663
  Reviewed-by: Kamil Dudka

Daniel Stenberg (4 Dec 2019)
- azure: add more builds
  
  ... removed two from travis (that now runs on azure instead)
  
  Closes #4671

- CURLOPT_VERBOSE.3: see also ERRORBUFFER

- hostip4.c: bump copyright year range

Marcel Raad (3 Dec 2019)
- configure: enable IPv6 support without `getaddrinfo`
  
  This makes it possible to recognize and connect to literal IPv6
  addresses when `getaddrinfo` is not available, which is already the
  case for the CMake build. This affects e.g. classic MinGW because it
  still targets Windows 2000 by default, where `getaddrinfo` is not
  available, but general IPv6 support is.
  
  Instead of checking for `getaddrinfo`, check for `sockaddr_in6` as the
  CMake build does.
  
  Closes https://github.com/curl/curl/pull/4662

- curl_setup: disable IPv6 resolver without `getaddrinfo`
  
  Also, use `CURLRES_IPV6` only for actual DNS resolution, not for IPv6
  address support. This makes it possible to connect to IPv6 literals by
  setting `ENABLE_IPV6` even without `getaddrinfo` support. It also fixes
  the CMake build when using the synchronous resolver without
  `getaddrinfo` support.
  
  Closes https://github.com/curl/curl/pull/4662

Daniel Stenberg (3 Dec 2019)
- github action/azure pipeline: run 'make test-nonflaky' for tests
  
  To match travis and give more info on failures.

- openssl: CURLSSLOPT_NO_PARTIALCHAIN can disable partial cert chains
  
  Closes #4655

- openssl: set X509_V_FLAG_PARTIAL_CHAIN
  
  Have intermediate certificates in the trust store be treated as
  trust-anchors, in the same way as self-signed root CA certificates
  are. This allows users to verify servers using the intermediate cert
  only, instead of needing the whole chain.
  
  Other TLS backends already accept partial chains.
  
  Reported-by: Jeffrey Walton
  Bug: https://curl.haxx.se/mail/lib-2019-11/0094.html

- curl: show better error message when no homedir is found
  
  Reported-by: Vlastimil Ovčáčík
  Fixes #4644
  Closes #4665

- OPENSOCKETFUNCTION.3: correct the purpose description
  
  Reported-by: Jeff Mears
  Bug: https://curl.haxx.se/mail/lib-2019-12/0007.html
  
  Closes #4667

- [Peter Wu brought this change]

  travis: do not use OVERRIDE_CC or OVERRIDE_CXX if empty
  
  Fixes the macOS builds where OVERRIDE_CC and OVERRIDE_CXX are not set.
  
  Reported-by: Jay Satiro
  Fixes #4659
  Closes #4661
  Closes #4664

- azure-pipelines: fix the test script

- Azure Pipelines: initial CI setup
  
  [skip ci]

- docs: add "added: 7.68.0" to the --etag-* docs

- copyright: fix the year ranges for two files
  
  Follow-up to 9c1806ae

Jay Satiro (1 Dec 2019)
- build: Disable Visual Studio warning "conditional expression is constant"
  
  - Disable warning C4127 "conditional expression is constant" globally
    in curl_setup.h for when building with Microsoft's compiler.
  
  This mainly affects building with the Visual Studio project files found
  in the projects dir.
  
  Prior to this change the cmake and winbuild build systems already
  disabled 4127 globally for when building with Microsoft's compiler.
  Also, 4127 was already disabled for all build systems in the limited
  circumstance of the WHILE_FALSE macro which disabled the warning
  specifically for while(0). This commit removes the WHILE_FALSE macro and
  all other cruft in favor of disabling globally in curl_setup.
  
  Background:
  
  We have various macros that cause 0 or 1 to be evaluated, which would
  cause warning C4127 in Visual Studio. For example this causes it:
  
      #define Curl_resolver_asynch() 1
  
  Full behavior is not clearly defined and inconsistent across versions.
  However it is documented that since VS 2015 Update 3 Microsoft has
  addressed this somewhat but not entirely, not warning on while(true) for
  example.
  
  Prior to this change some C4127 warnings occurred when I built with
  Visual Studio using the generated projects in the projects dir.
  
  Closes https://github.com/curl/curl/pull/4658

- openssl: retrieve reported LibreSSL version at runtime
  
  - Retrieve LibreSSL runtime version when supported (>= 2.7.1).
  
  For earlier versions we continue to use the compile-time version.
  
  Ref: https://man.openbsd.org/OPENSSL_VERSION_NUMBER.3
  
  Closes https://github.com/curl/curl/pull/2425

- strerror: Add Curl_winapi_strerror for Win API specific errors
  
  - In all code call Curl_winapi_strerror instead of Curl_strerror when
    the error code is known to be from Windows GetLastError.
  
  Curl_strerror prefers CRT error codes (errno) over Windows API error
  codes (GetLastError) when the two overlap. When we know the error code
  is from GetLastError it is more accurate to prefer the Windows API error
  messages.
  
  Reported-by: Richard Alcock
  
  Fixes https://github.com/curl/curl/issues/4550
  Closes https://github.com/curl/curl/pull/4581

Daniel Stenberg (2 Dec 2019)
- global_init: undo the "intialized" bump in case of failure
  
  ... so that failures in the global init function don't count as a
  working init and it can then be called again.
  
  Reported-by: Paul Groke
  Fixes #4636
  Closes #4653

- parsedate: offer a getdate_capped() alternative
  
  ... and use internally. This function will return TIME_T_MAX instead of
  failure if the parsed data is found to be larger than what can be
  represented. TIME_T_MAX being the largest value curl can represent.
  
  Reviewed-by: Daniel Gustafsson
  Reported-by: JanB on github
  Fixes #4152
  Closes #4651

- docs: add more references to curl_multi_poll
  
  Fixes #4643
  Closes #4652

- sha256: bump the copyright year range
  
  Follow-up from 66e21520f

Daniel Gustafsson (28 Nov 2019)
- curl_setup_once: consistently use WHILE_FALSE in macros
  
  The WHILE_FALSE construction is used to avoid compiler warnings in
  macro constructions. This fixes a few instances where it was not
  used in order to keep the code consistent.
  
  Closes #4649
  Reviewed-by: Daniel Stenberg <daniel@haxx.se>

Daniel Stenberg (28 Nov 2019)
- [Steve Holme brought this change]

  http_ntlm: Remove duplicate NSS initialisation
  
  Given that this is performed by the NTLM code there is no need to
  perform the initialisation in the HTTP layer. This also keeps the
  initialisation the same as the SASL based protocols and also fixes a
  possible compilation issue if both NSS and SSPI were to be used as
  multiple SSL backends.
  
  Reviewed-by: Kamil Dudka
