                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Version 7.52.1 (22 Dec 2016)

Daniel Stenberg (22 Dec 2016)
- RELEASE-NOTES: curl 7.52.1

- lib557.c: use a shorter MAXIMIZE representation
  
  Since several compilers had problems with the previous one
  
  Reported-by: Ray Satiro
  Bug: https://curl.haxx.se/mail/lib-2016-12/0098.html

- runtests: remove the valgrind parser
  
  Old legacy parsing that 1) hid problems for us and 2) probably isn't
  needed anymore.

- [Kamil Dudka brought this change]

  randit: store the value in the buffer

- tests/Makefile: run checksrc on debug builds
  
  ... just like we already do in src/ and lib/

- lib557: move the "enable LONGLINE" to allow more long lines
  
  This file is riddled with them...

- bump: toward next release

Marcel Raad (21 Dec 2016)
- lib: fix MSVC compiler warnings
  
  Visual C++ complained:
  warning C4267: '=': conversion from 'size_t' to 'long', possible loss of data
  warning C4701: potentially uninitialized local variable 'path' used

Version 7.52.0 (20 Dec 2016)

Daniel Stenberg (20 Dec 2016)
- THANKS: 13 new contributors from 7.52.0

- RELEASE-NOTES: 7.52.0

- ssh: inhibit coverity warning with (void)
  
  CID 1397391 (#1 of 1): Unchecked return value (CHECKED_RETURN)

- Curl_recv_has_postponed_data: silence compiler warnings
  
  Follow-up to d00f2a8f2

Jay Satiro (19 Dec 2016)
- tests: checksrc compliance

- http_proxy: Fix proxy CONNECT hang on pending data
  
  - Check for pending data before waiting on the socket.
  
  Bug: https://github.com/curl/curl/issues/1156
  Reported-by: Adam Langley

Daniel Stenberg (19 Dec 2016)
- cmdline-opts/tlsv1.d: rephrased

- [Dan McNulty brought this change]

  schannel: fix wildcard cert name validation on Win CE
  
  Fixes a few issues in manual wildcard cert name validation in
  schannel support code for Win32 CE:
  - when comparing the wildcard name to the hostname, the wildcard
    character was removed from the cert name and the hostname
    was checked to see if it ended with the modified cert name.
    This allowed cert names like *.com to match the connection
    hostname. This violates recommendations from RFC 6125.
  - when the wildcard name in the certificate is longer than the
    connection hostname, a buffer overread of the connection
    hostname buffer would occur during the comparison of the
    certificate name and the connection hostname.

- printf: fix floating point buffer overflow issues
  
  ... and add a bunch of floating point printf tests

- config-amigaos.h: (embarrassed) made the line shorter

- config-amigaos.h: fix bug report email reference

- RELEASE-NOTES: synced with 4517158abfeba

- CIPHERS.md: backtick the names to show underscores fine

- form-string.d: fix format mistake
  
  and regenerated curl.1
  
  Reported-by: Gisle Vanem

Michael Kaufmann (18 Dec 2016)
- openssl: simplify expression in Curl_ossl_version

- curl_easy_recv: Improve documentation and example program
  
  Follow-up to 82245ea: Fix the example program sendrecv.c (handle
  CURLE_AGAIN, handle incomplete send). Improve the documentation
  for curl_easy_recv() and curl_easy_send().
  
  Reviewed-by: Frank Meier
  Assisted-by: Jay Satiro
  
  See https://github.com/curl/curl/pull/1134

- [Isaac Boukris brought this change]

  Curl_getconnectinfo: avoid checking if the connection is closed
  
  It doesn't benefit us much as the connection could get closed at
  any time, and also by checking we lose the ability to determine
  if the socket was closed by reading zero bytes.
  
  Reported-by: Michael Kaufmann
  
  Closes https://github.com/curl/curl/pull/1134

Daniel Stenberg (18 Dec 2016)
- CIPHERS.md: attempt to document TLS cipher names
  
  As the official docs seems really hard to keep track of and link to over
  time

- curl.1: generated after 6cce4dbf830

- cmdline-opts/post30X.d: fix the RFC references

- curl.1: regenerated
  
  Fixed trailing whitespace and numerous formatting glitches

- cmdline-opts: formatting fixes

- curl_easy_setopt.3: removed CURLOPT_SOCKS_PROXYTYPE

- tool_getparam.c: make comments use the up-to-date option names

- manpage-scan.pl: allow deprecated options to get removed from curl.1
  
  --krb4, --ftp-ssl and --ftp-ssl-reqd no longer need to be documented in the
  man page

- cmdline-opts/gen.pl: trim off trailing spaces

- cmdline-opts/proxy-tlsuser.d: remove trailing .d

- curl_easy_setopt.3: CURLOPT_PRE_PROXY instead of CURLOPT_SOCKS_PROXY

- symbols: removed two, added one

- cmdline-opts: include the man page split up files in the dist

- curl.1: generated with gen.pl
  
  This is the first time we replace the manually edited curt.1 with the
  generated one created by gen.pl and the individual option documentation
  pages.
  
  Do not edit this file, edit the individual pages and regenerate this
  output.
  
  This file will be generated by the build system soon and then removed
  from git.

- cmdline-opts: added some missing info

- CURLINFO_SSL_VERIFYRESULT.3: language

- HTTPS-PROXY docs: update/polish

- cmdline-opts/page-header: mention it is generated
  
  ... to avoid people from trying to edit the pending curl.1 version that
  gets generated by gen.pl

- preproxy: renamed what was added as SOCKS_PROXY
  
  CURLOPT_SOCKS_PROXY -> CURLOPT_PRE_PROXY
  
  Added the corresponding --preroxy command line option. Sets a SOCKS
  proxy to connect to _before_ connecting to a HTTP(S) proxy.

- curl: normal socks proxies still use CURLOPT_PROXY
  
  ... the newly introduced CURLOPT_SOCKS_PROXY is special and should be
  asked for specially. (Needs new code.)
  
  Unified proxy type to a single variable in the config struct.

- CURLOPT_SOCKS_PROXYTYPE: removed
  
  This was added as part of the SOCKS+HTTPS proxy merge but there's no
  need to support this as we prefer to have the protocol specified as a
  prefix instead.

- curl_multi_socket.3: fix typo

- checksrc: warn for assignments within if() expressions
  
  ... they're already frowned upon in our source code style guide, this
  now enforces the rule harder.

- checksrc: stricter no-space-before-paren enforcement
  
  In order to make the code style more uniform everywhere

- ISSUE_TEMPLATE: try mentioning known bugs/todo in new issue template

- RELEASE-NOTES: synced with 71a55534fa6

- [Adam Langley brought this change]

  openssl: don't use OpenSSL's ERR_PACK.
  
  ERR_PACK is an internal detail of OpenSSL. Also, when using it, a
  function name must be specified which is overly specific: the test will
  break whenever OpenSSL internally change things so that a different
  function creates the error.
  
  Closes #1157

Dan Fandrich (5 Dec 2016)
- test2032: Mark test as flaky

Jay Satiro (3 Dec 2016)
- [Jeremy Pearson brought this change]

  libcurl-multi.3: typo
  
  Closes https://github.com/curl/curl/pull/1153

Dan Fandrich (2 Dec 2016)
- test1281: added http as a required feature

Daniel Stenberg (2 Dec 2016)
- curl: support zero-length argument strings in config files
  
  ... like 'user-agent = ""'
  
  Adjusted test 71 to verify.

- http_proxy: simplify CONNECT response reading
  
  Since it now reads responses one byte a time, a loop could be removed
  and it is no longer limited to get the whole response within 16K, it is
  now instead only limited to 16K maximum header line lengths.

- tests: fix CONNECT test cases to be more strict
  
  ... as they broke with the cleaned up CONNECT handling

- CONNECT: read responses one byte at a time
  
  ... so that it doesn't read data that is actually coming from the
  remote. 2xx responses have no body from the proxy, that data is from the
  peer.
  
  Fixes #1132

- CONNECT: reject TE or CL in 2xx responses
  
  A server MUST NOT send any Transfer-Encoding or Content-Length header
  fields in a 2xx (Successful) response to CONNECT. (RFC 7231 section
  4.3.6)
  
  Also fixes the three test cases that did this.

- URL parser: reject non-numerical port numbers
  
  Test 1281 added to verify

Dan Fandrich (30 Nov 2016)
- runtests: made Servers: output be more consistent by removing OFF

- cyassl: fixed typo introduced in 4f8b1774

Michael Kaufmann (30 Nov 2016)
- CURLOPT_CONNECT_TO: Skip non-matching "connect-to" entries properly
  
  If a port number in a "connect-to" entry does not match, skip this
  entry instead of connecting to port 0.
  
  If a port number in a "connect-to" entry matches, use this entry
  and look no further.
  
  Reported-by: Jay Satiro
  Assisted-by: Jay Satiro, Daniel Stenberg
  
  Closes #1148

Daniel Stenberg (29 Nov 2016)
- BUGS: describe bug handling process

- RELEASE-NOTES: synced with 19613fb3

Jay Satiro (28 Nov 2016)
- http2: check nghttp2_session_set_local_window_size exists
  
  The function only exists since nghttp2 1.12.0.
  
  Bug: https://github.com/curl/curl/commit/a4d8888#commitcomment-19985676
  Reported-by: Michael Kaufmann

Daniel Stenberg (28 Nov 2016)
- [Anders Bakken brought this change]

  http2: Fix crashes when parent stream gets aborted
  
  Closes #1125

- cmdline-docs: more options converted and fixed
  
  Now all options are in the new system.

- gen: include footer in mainpage output

Jay Satiro (28 Nov 2016)
- lib1536: checksrc compliance

Daniel Stenberg (28 Nov 2016)
- cmdline-opts: more command line options documented
  
  Moved over to the new format

- curl: remove --proxy-ssl* options
  
  There's mostly likely no need to allow setting SSLv2/3 version for HTTPS
  proxy. Those protocols are insecure by design and deprecated.

- CURLOPT_PROXY_*.3: polished some proxy option man pages

Patrick Monnerat (26 Nov 2016)
- os400: support CURLOPT_PROXY_PINNEDPUBLICKEY
  
  Also define it in ILE/RPG binding.

Daniel Stenberg (26 Nov 2016)
- [Okhin Vasilij brought this change]

  curl_version_info: add CURL_VERSION_HTTPS_PROXY
  
  Closes #1142

- [Frank Gevaerts brought this change]

  tests: Add some testcases for recent new features.
  
  Add missing tests for CURLINFO_SCHEME, CURLINFO_PROTOCOL, %{scheme},
  and %{http_version}
  
  closes #1143

- [Frank Gevaerts brought this change]

  curl_easy_reset: clear info for CULRINFO_PROTOCOL and CURLINFO_SCHEME

- CURLOPT_PROXY_CAINFO.3: clarify proxy use

- CURLOPT_PROXY_CRLFILE.3: clarify https proxy and availability

- curl_easy_setopt.3: add CURLOPT_PROXY_PINNEDPUBLICKEY
  
  Follow-up to 4f8b17743d7c55a

- docs: include all opts man pages in dist
  
  Sorted the lists too.
  
  ... and include the new ones in the PDF and HTML generation targets

- [Thomas Glanzmann brought this change]

  HTTPS Proxy: Implement CURLOPT_PROXY_PINNEDPUBLICKEY

- [Thomas Glanzmann brought this change]

  url: proxy: Use 443 as default port for https proxies

- TODO: removed "HTTPS proxy"

- [Jan-E brought this change]

  winbuild: add config option ENABLE_NGHTTP2
  
  Closes #1141

Jay Satiro (24 Nov 2016)
- tool_urlglob: Improve sanity check in glob_range
  
  Prior to this change we depended on errno if strtol could not perform a
  conversion. POSIX says EINVAL *may* be set. Some implementations like
  Microsoft's will not set it if there's no conversion.
  
  Ref: https://github.com/curl/curl/commit/ee4f7660#commitcomment-19658189

- tool_help: Change description for --retry-connrefused
  
  Ref: https://github.com/curl/curl/pull/1064#issuecomment-260052409

Patrick Monnerat (25 Nov 2016)
- os400: sync ILE/RPG binding

Jay Satiro (24 Nov 2016)
- test1135: Fix curl_easy_duphandle prototype for code style
  
  Follow-up to dbadaeb which changed the style.

- x509asn1: Restore the parameter check in Curl_getASN1Element
  
  - Restore the removed parts of the parameter check.
  
  Follow-up to 945f60e which altered the parameter check.

Daniel Stenberg (25 Nov 2016)
- RELEASE-NOTES: update option counters

- [Frank Gevaerts brought this change]

  add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme}
  
  Adds access to the effectively used protocol/scheme to both libcurl and
  curl, both in string and numeric (CURLPROTO_*) form.
  
  Note that the string form will be uppercase, as it is just the internal
  string.
  
  As these strings are declared internally as const, and all other strings
  returned by curl_easy_getinfo() are de-facto const as well, string
  handling in getinfo.c got const-ified.
  
  Closes #1137

- RELEASE-NOTES: synced with 63198a4750aeb

- curl.1: the new --proxy options ship in 7.52.0

- checksrc: move open braces to comply with function declaration style

- checksrc: detect wrongly placed open braces in func declarations

- checksrc: white space edits to comply to stricter checksrc

- checksrc: verify ASTERISKNOSPACE
  
  Detects (char*) and 'char*foo' uses.

- checksrc: code style: use 'char *name' style

- checksrc: add ASTERISKSPACE
  
  Verifies a 'char *name' style, with no space after the asterisk.

- openssl: remove dead code
  
  Coverity CID 1394666

- [Okhin Vasilij brought this change]

  HTTPS-proxy: fixed mbedtls and polishing

- darwinssl: adopted to the HTTPS proxy changes
  
  It builds and runs all test cases. No adaptations for actual HTTPS proxy
  support has been made.

- gtls: fix indent to silence compiler warning
  
  vtls/gtls.c: In function ‘Curl_gtls_data_pending’:
  vtls/gtls.c:1429:3: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation]
     if(conn->proxy_ssl[connindex].session &&
        ^~
        vtls/gtls.c:1433:5: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’
             return res;

- [Thomas Glanzmann brought this change]

  mbedtls: Fix compile errors

- [Alex Rousskov brought this change]

  proxy: Support HTTPS proxy and SOCKS+HTTP(s)
  
  * HTTPS proxies:
  
  An HTTPS proxy receives all transactions over an SSL/TLS connection.
  Once a secure connection with the proxy is established, the user agent
  uses the proxy as usual, including sending CONNECT requests to instruct
  the proxy to establish a [usually secure] TCP tunnel with an origin
  server. HTTPS proxies protect nearly all aspects of user-proxy
  communications as opposed to HTTP proxies that receive all requests
  (including CONNECT requests) in vulnerable clear text.
  
  With HTTPS proxies, it is possible to have two concurrent _nested_
  SSL/TLS sessions: the "outer" one between the user agent and the proxy
  and the "inner" one between the user agent and the origin server
  (through the proxy). This change adds supports for such nested sessions
  as well.
  
  A secure connection with a proxy requires its own set of the usual SSL
  options (their actual descriptions differ and need polishing, see TODO):
  
    --proxy-cacert FILE        CA certificate to verify peer against
    --proxy-capath DIR         CA directory to verify peer against
    --proxy-cert CERT[:PASSWD] Client certificate file and password
    --proxy-cert-type TYPE     Certificate file type (DER/PEM/ENG)
    --proxy-ciphers LIST       SSL ciphers to use
    --proxy-crlfile FILE       Get a CRL list in PEM format from the file
    --proxy-insecure           Allow connections to proxies with bad certs
    --proxy-key KEY            Private key file name
    --proxy-key-type TYPE      Private key file type (DER/PEM/ENG)
    --proxy-pass PASS          Pass phrase for the private key
    --proxy-ssl-allow-beast    Allow security flaw to improve interop
    --proxy-sslv2              Use SSLv2
    --proxy-sslv3              Use SSLv3
    --proxy-tlsv1              Use TLSv1
    --proxy-tlsuser USER       TLS username
    --proxy-tlspassword STRING TLS password
    --proxy-tlsauthtype STRING TLS authentication type (default SRP)
  
  All --proxy-foo options are independent from their --foo counterparts,
  except --proxy-crlfile which defaults to --crlfile and --proxy-capath
  which defaults to --capath.
  
  Curl now also supports %{proxy_ssl_verify_result} --write-out variable,
  similar to the existing %{ssl_verify_result} variable.
  
  Supported backends: OpenSSL, GnuTLS, and NSS.
  
  * A SOCKS proxy + HTTP/HTTPS proxy combination:
  
  If both --socks* and --proxy options are given, Curl first connects to
  the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS
  proxy.
  
  TODO: Update documentation for the new APIs and --proxy-* options.
  Look for "Added in 7.XXX" marks.

Patrick Monnerat (24 Nov 2016)
- Declare endian read functions argument as a const pointer.
  This is done for all functions of the form Curl_read[136][624]_[lb]e.

- Limit ASN.1 structure sizes to 256K. Prevent some allocation size overflows.
  See CRL-01-006.

Jay Satiro (22 Nov 2016)
- url: Fix conn reuse for local ports and interfaces
  
  - Fix connection reuse for when the proposed new conn 'needle' has a
  specified local port but does not have a specified device interface.
  
  Bug: https://curl.haxx.se/mail/lib-2016-11/0137.html
  Reported-by: bjt3[at]hotmail.com

Daniel Stenberg (21 Nov 2016)
- rand: pass in number of randoms as an unsigned argument

Jay Satiro (20 Nov 2016)
- rand: Fix potentially uninitialized result warning

Marcel Raad (19 Nov 2016)
- vtls: fix build warnings
  
  Fix warnings about conversions from long to time_t in openssl.c and
  schannel.c.
  
  Follow-up to de4de4e3c7c

Daniel Stenberg (18 Nov 2016)
- [Marcel Raad brought this change]

  lib: fix compiler warnings after de4de4e3c7c
  
  Visual C++ now complains about implicitly casting time_t (64-bit) to
  long (32-bit). Fix this by changing some variables from long to time_t,
  or explicitly casting to long where the public interface would be
  affected.
  
  Closes #1131

Peter Wu (17 Nov 2016)
- [Isaac Boukris brought this change]

  Don't mix unix domain sockets with regular ones
  
  When reusing a connection, make sure the unix domain
  socket option matches.

Jay Satiro (17 Nov 2016)
- tests: Fix HTTP2-Settings header for huge window size
  
  Follow-up to a4d8888. Changing the window size in that commit resulted
  in a different HTTP2-Settings upgrade header, causing test 1800 to fail.

- http2: Use huge HTTP/2 windows
  
  - Improve performance by using a huge HTTP/2 window size.
  
  Bug: https://github.com/curl/curl/issues/1102
  Reported-by: afrind@users.noreply.github.com
  Assisted-by: Tatsuhiro Tsujikawa

Daniel Stenberg (16 Nov 2016)
- cmdline-docs: more conversion

- gen: support 'protos'
  
  and warn on unrecognized lines

- gen: support 'single' to make an individual page man page

- cmdline-docs: more options converted over

- gen: support 'redirect'
  
  ... and warn for too long --help lines

- cmdline/gen: replace options in texts better

Jay Satiro (16 Nov 2016)
- http2: Fix address sanitizer memcpy warning
  
  - In Curl_http2_switched don't call memcpy when src is NULL.
  
  Curl_http2_switched can be called like:
  
  Curl_http2_switched(conn, NULL, 0);
  
  .. and prior to this change memcpy was then called like:
  
  memcpy(dest, NULL, 0)
  
  .. causing address sanitizer to warn:
  
  http2.c:2057:3: runtime error: null pointer passed as argument 2, which
  is declared to never be null

- tool_help: Clarify --dump-header only writes received headers

- curl.1: Clarify --dump-header only writes received headers

Daniel Stenberg (15 Nov 2016)
- [Alex Chan brought this change]

  docs: Spelling fixes

Kamil Dudka (15 Nov 2016)
- docs: the next release will be 7.52.0

Daniel Stenberg (15 Nov 2016)
- cmdline-opts: support generating the --help output

- [David Schweikert brought this change]

  darwinssl: fix SSL client certificate not found on MacOS Sierra
  
  Reviewed-by: Nick Zitzmann
  
  Closes #1105

- curl: add --fail-early to help output
  
  Fixes test 1139 failures
  
  Follow-up to f82bbe01c8835

- glob: fix [a-c] globbing regression
  
  Brought in ee4f76606cf
  
  Added test case 1280 to verify
  
  Reported-by: Dave Reisner
  
  Bug: https://github.com/curl/curl/commit/ee4f76606cfa4ee068bf28edd37c8dae7e8db317#commitcomment-19823146

- curl: add --fail-early
  
  Exit with an error on the first transfer error instead of continuing to
  do the rest of the URLs.
  
  Discussion: https://curl.haxx.se/mail/archive-2016-11/0038.html

- Curl_rand: fixed and moved to rand.c
  
  Now Curl_rand() is made to fail if it cannot get the necessary random
  level.
  
  Changed the proto of Curl_rand() slightly to provide a number of ints at
  once.
  
  Moved out from vtls, since it isn't a TLS function and vtls provides
  Curl_ssl_random() for this to use.
  
  Discussion: https://curl.haxx.se/mail/lib-2016-11/0119.html

- cmdline-opts: first test version of a new man page generator kit
  
  See MANPAGE.md for the description of how this works. Each command line
  option is now described in a separate .d file.

- time_t fix: follow-up to de4de4e3c7c
  
  Blah, I accidentally wrote size_t instead of time_t for two variables.
  
  Reported-by: Dave Reisner

- timeval: prefer time_t to hold seconds instead of long
  
  ... as long is still 32bit on modern 64bit windows machines, while
  time_t is generally 64bit.

Dan Fandrich (12 Nov 2016)
- tests: fixed variable might be clobbered warning
  
  This stops the compiler from potentially making invalid assumptions
  about the immutability of sdp and sap across the longjmp boundary.

Daniel Stenberg (12 Nov 2016)
- RELEASE-NOTES: synced with 346340808c

- URL-parser: for file://[host]/ URLs, the [host] must be localhost
  
  Previously, the [host] part was just ignored which made libcurl accept
  strange URLs misleading users. like "file://etc/passwd" which might've
  looked like it refers to "/etc/passwd" but is just "/passwd" since the
  "etc" is an ignored host name.
  
  Reported-by: Mike Crowe
  Assisted-by: Kamil Dudka

- test558: adapt to 0649433da

- openssl: make sure to fail in the unlikely event that PRNG seeding fails

- openssl: avoid unnecessary seeding if already done
  
  1.1.0+ does more of this by itself so we can avoid extra processing this
  way.

- openssl: RAND_status always exists in OpenSSL >= 0.9.7
  
  and remove RAND_screen from configure since nothing is using that
  function

- Curl_pgrsUpdate: use dedicated function for time passed

- realloc: use Curl_saferealloc to avoid common mistakes
  
  Discussed: https://curl.haxx.se/mail/lib-2016-11/0087.html

- [Daniel Hwang brought this change]

  curl: Add --retry-connrefused
  
  to consider ECONNREFUSED as a transient error.
  
  Closes #1064

- openssl: raise the max_version to 1.3 if asked for
  
  Now I've managed to negotiate TLS 1.3 with https://enabled.tls13.com/ when
  using boringssl.

Jay Satiro (9 Nov 2016)
- vtls: Fail on unrecognized param for CURLOPT_SSLVERSION
  
  - Fix GnuTLS code for CURL_SSLVERSION_TLSv1_2 that broke when the
  TLS 1.3 support was added in 6ad3add.
  
  - Homogenize across code for all backends the error message when TLS 1.3
  is not available to "<backend>: TLS 1.3 is not yet supported".
  
  - Return an error when a user-specified ssl version is unrecognized.
  
  ---
  
  Prior to this change our code for some of the backends used the
  'default' label in the switch statement (ie ver unrecognized) for
  ssl.version and treated it the same as CURL_SSLVERSION_DEFAULT.
  
  Bug: https://curl.haxx.se/mail/lib-2016-11/0048.html
  Reported-by: Kamil Dudka

Daniel Stenberg (9 Nov 2016)
- [Isaac Boukris brought this change]

  SPNEGO: Fix memory leak when authentication fails
  
  If SPNEGO fails, cleanup the negotiate handle right away.
  
  Fixes #1115
  
  Signed-off-by: Isaac Boukris <iboukris@gmail.com>
  Reported-by: ashman-p

- CODE_STYLE.md: link to INTERNALS.md correctly

- bump: next version will be 7.52.0

- RELEASE-NOTES: synced with dfcdaaba371e9a3

- examples/fileupload.c: fclose the file as well

- printf: fix ".*f" handling
  
  It would always use precision 1 instead of reading it from the argument
  list as intended.
  
  Reported-by: Ray Satiro
  
  Bug: #1113

- curl_formadd.3: *_FILECONTENT and *_FILE need the file to be kept
  
  Reported-by: Frank Gevaerts

Kamil Dudka (7 Nov 2016)
- nss: silence warning 'SSL_NEXT_PROTO_EARLY_VALUE not handled in switch'
  
  ... with nss-3.26.0 and newer
  
  Reported-by: Daniel Stenberg

Daniel Stenberg (7 Nov 2016)
- openssl: initial TLS 1.3 adaptions
  
  BoringSSL supports TLSv1.3 already, but these changes don't seem to be anough
  to get it working.

- ssh: check md5 fingerprints case insensitively (regression)
  
  Revert the change from ce8d09483eea but use the new function
  
  Reported-by: Kamil Dudka
  Bug: https://github.com/curl/curl/commit/ce8d09483eea2fcb1b50e323e1a8ed1f3613b2e3#commitcomment-19666146

Kamil Dudka (7 Nov 2016)
- curl: introduce the --tlsv1.3 option to force TLS 1.3
  
  Fully implemented with the NSS backend only for now.
  
  Reviewed-by: Ray Satiro

- vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3
  
  Fully implemented with the NSS backend only for now.
  
  Reviewed-by: Ray Satiro

- nss: map CURL_SSLVERSION_DEFAULT to NSS default
  
  ... but make sure we use at least TLSv1.0 according to libcurl API
  
  Reported-by: Cure53
  Reviewed-by: Ray Satiro

Daniel Stenberg (7 Nov 2016)
- s/cURL/curl
  
  We're mostly saying just "curl" in lower case these days so here's a big
  cleanup to adapt to this reality. A few instances are left as the
  project could still formally be considered called cURL.

Jay Satiro (7 Nov 2016)
- [Tatsuhiro Tsujikawa brought this change]

  http2: Don't send header fields prohibited by HTTP/2 spec
  
  Previously, we just ignored "Connection" header field.  But HTTP/2
  specification actually prohibits few more header fields.  This commit
  ignores all of them so that we don't send these bad header fields.
  
  Bug: https://curl.haxx.se/mail/archive-2016-10/0033.html
  Reported-by: Ricki Hirner
  
  Closes https://github.com/curl/curl/pull/1092

Daniel Stenberg (7 Nov 2016)
- curl.1: explain the SMTP data expected for -T
  
  Fixes #1107
  
  Reported-by: Adam Piggott

Peter Wu (6 Nov 2016)
- cmake: disable poll for macOS
  
  Mirrors the autotools behavior introduced with curl-7_50_3-83-ga34c7ce.
  
  Fixes #1089

Jay Satiro (5 Nov 2016)
- easy: Initialize info variables on easy init and duphandle
  
  - Call Curl_initinfo on init and duphandle.
  
  Prior to this change the statistical and informational variables were
  simply zeroed by calloc on easy init and duphandle. While zero is the
  correct default value for almost all info variables, there is one where
  it isn't (filetime initializes to -1).
  
  Bug: https://github.com/curl/curl/issues/1103
  Reported-by: Neal Poole

Daniel Stenberg (5 Nov 2016)
- [Mauro Rappa brought this change]

  curl -w: added more decimal digits to timing counters
  
  Now showing microsecond resolution.
  
  Closes #1106

Jakub Zakrzewski (4 Nov 2016)
- dist: add CMakeLists.txt to the tarball

Daniel Stenberg (4 Nov 2016)
- mbedtls: fix build with mbedtls versions < 2.4.0
  
  Regression added in 62a8095e714
  
  Reported-by: Tony Kelman
  
  Discussed in #1087

- configure: verify that compiler groks -Werror=partial-availability
  
  Reported-by: bemoody
  
  Fixes #1104

- docs: shorten and simplify the top comment in multi-uv.c
  
  and change URL to use https

- [Andrei Sedoi brought this change]

  docs: handle CURL_POLL_INOUT in multi-uv example

- [Andrei Sedoi brought this change]

  docs: multi-uv: don't use CURLMsg after cleanup

- [Andrei Sedoi brought this change]

  docs: remove unused variables in multi-uv example

- bump: start working on 7.51.1

- winbuild: remove strcase.obj from curl build
  
  Reported-by: Bruce Stephens
  
  Fixes #1098

Dan Fandrich (2 Nov 2016)
- msvc: removed a straggling reference to strequal.c
  
  Follow-up to 502acba2

Version 7.51.0 (2 Nov 2016)

Daniel Stenberg (2 Nov 2016)
- THANKS: synced with 7.51.0

- RELEASE-NOTES: 7.51.0

- ftp_done: don't clobber the passed in error code
  
  Coverity CID 1374359 pointed out the unused result value.

- ftp: remove dead code in ftp_done
  
  Coverity CID 1374358

Jay Satiro (1 Nov 2016)
- generate.bat: Include include/curl in libcurl VS projects
  
  .. because including those headers helps Visual Studio's Intellisense.

- generate.bat: Remove strcase.[ch] from curl tool VS projects
  
  ..because they're no longer needed in the tool build. strcase is still
