                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Version 7.58.0 (23 Jan 2018)

Daniel Stenberg (23 Jan 2018)
- RELEASE: 7.58.0

- [Gisle Vanem brought this change]

  progress-bar: get screen width on windows

- test1454: --connect-to with IPv6 address w/o IPv6 support!

- CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support
  
  Bug: https://curl.haxx.se/mail/lib-2018-01/0087.html
  Reported-by: John Hascall
  
  Closes #2257

- docs: fix man page syntax to make test 1140 OK again

- http: prevent custom Authorization headers in redirects
  
  ... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how
  curl already handles Authorization headers created internally.
  
  Note: this changes behavior slightly, for the sake of reducing mistakes.
  
  Added test 317 and 318 to verify.
  
  Reported-by: Craig de Stigter
  Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html

- curl: progress bar refresh, get width using ioctl()
  
  Get screen width from the environment variable COLUMNS first, if set. If
  not, use ioctl(). If nether works, assume 79.
  
  Closes #2242
  
  The "refresh" is for the -# output when no total transfer size is
  known. It will now only use a single updated line even for this case:
  
  The "-=O=-" ship moves when data is transferred. The four flying
  "hashes" move (on a sine wave) on each refresh, independent of data.

- RELEASE-NOTES: synced with bb0ffcc36

- libcurl-env.3: first take

- TODO: two possible name resolver improvements

- [Kartik Mahajan brought this change]

  http2: don't close connection when single transfer is stopped
  
  Fixes #2237
  Closes #2249

- test558: fix for multissl builds
  
  vtls.c:multissl_init() might do a curl_free() call so strip that out to
  make this work with more builds. We just want to verify that
  memorytracking works so skipping one line is no harm.

- examples/url2file.c: add missing curl_global_cleanup() call
  
  Reported-by: XhstormR on github
  Fixes #2245

- [Michael Gmelin brought this change]

  SSH: Fix state machine for ssh-agent authentication
  
  In case an identity didn't match[0], the state machine would fail in
  state SSH_AUTH_AGENT instead of progressing to the next identity in
  ssh-agent. As a result, ssh-agent authentication only worked if the
  identity required happened to be the first added to ssh-agent.
  
  This was introduced as part of commit c4eb10e2f06fbd6cc904f1d78e4, which
  stated that the "else" statement was required to prevent getting stuck
  in state SSH_AUTH_AGENT. Given the state machine's logic and libssh2's
  interface I couldn't see how this could happen or reproduce it and I
  also couldn't find a more detailed description of the problem which
  would explain a test case to reproduce the problem this was supposed to
  fix.
  
  [0] libssh2_agent_userauth returning LIBSSH2_ERROR_AUTHENTICATION_FAILED
  
  Closes #2248

- openssl: fix potential memory leak in SSLKEYLOGFILE logic
  
  Coverity CID 1427646.

- openssl: fix the libressl build again
  
  Follow-up to 84fcaa2e7. libressl does not have the API even if it says it is
  late OpenSSL version...
  
  Fixes #2246
  Closes #2247
  
  Reported-by: jungle-boogie on github

- unit1307: test many wildcards too

- curl_fnmatch: only allow 5 '*' sections in a single pattern
  
  ... to avoid excessive recursive calls. The number 5 is totally
  arbitrary and could be modified if someone has a good motivation.

- ftp-wildcard: fix matching an empty string with "*[^a]"
  
  .... and avoid advancing the pointer to trigger an out of buffer read.
  
  Detected by OSS-fuzz
  Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5251
  Assisted-by: Max Dymond

- SMB: fix numeric constant suffix and variable types
  
  1. don't use "ULL" suffix since unsupported in older MSVC
  2. use curl_off_t instead of custom long long ifdefs
  3. make get_posix_time() not do unaligned data access
  
  Fixes #2211
  Closes #2240
  Reported-by: Chester Liu

- [rouzier brought this change]

  CURLOPT_TCP_NODELAY.3: fix typo
  
  Closes #2239

- smtp/pop3/imap_get_message: decrease the data length too...
  
  Follow-up commit to 615edc1f73 which was incomplete.
  
  Assisted-by: Max Dymond
  Detected by OSS-fuzz
  Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5206

- openssl: enable SSLKEYLOGFILE support by default
  
  Fixes #2210
  Closes #2236

Patrick Monnerat (14 Jan 2018)
- mime: clone mime tree upon easy handle duplication.
  
  A mime tree attached to an easy handle using CURLOPT_MIMEPOST is
  strongly bound to the handle: there is a pointer to the easy handle in
  each item of the mime tree and following the parent pointer list
  of mime items ends in a dummy part stored within the handle.
  
  Because of this binding, a mime tree cannot be shared between different
  easy handles, thus it needs to be cloned upon easy handle duplication.
  
  There is no way for the caller to get the duplicated mime tree
  handle: it is then set to be automatically destroyed upon freeing the
  new easy handle.
  
  New test 654 checks proper mime structure duplication/release.
  
  Add a warning note in curl_mime_data_cb() documentation about sharing
  user data between duplicated handles.
  
  Closes #2235

- docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata

Daniel Stenberg (13 Jan 2018)
- test395: HTTP with overflow Content-Length value

- test394: verify abort of rubbish in Content-Length: value

- test393: verify --max-filesize with excessive Content-Length

- HTTP: bail out on negative Content-Length: values
  
  ... and make the max filesize check trigger if the value is too big.
  
  Updates test 178.
  
  Reported-by: Brad Spencer
  Fixes #2212
  Closes #2223

Marcel Raad (13 Jan 2018)
- [Dan Johnson brought this change]

  configure.ac: append extra linker flags instead of prepending them.
  
  Link order should list libraries after the libraries that use them,
  so when we're guessing that we might also need to add -ldl in order
  to use -lssl, we should add -ldl after -lssl.
  
  Closes https://github.com/curl/curl/pull/2234

Daniel Stenberg (13 Jan 2018)
- RELEASE-NOTES: synced with 6fa10c8fa

Jay Satiro (13 Jan 2018)
- setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values
  
  Broken since f121575 (precedes 7.56.1).
  
  Bug: https://github.com/curl/curl/issues/2225
  Reported-by: cmfrolick@users.noreply.github.com
  
  Closes https://github.com/curl/curl/pull/2227

Patrick Monnerat (13 Jan 2018)
- setopt: reintroduce non-static Curl_vsetopt() for OS400 support
  
  This also upgrades ILE/RPG bindings with latest setopt options.
  
  Reported-By: jonrumsey on github
  Fixes #2230
  Closes #2233

Jay Satiro (11 Jan 2018)
- [Zhouyihai Ding brought this change]

  http2: fix incorrect trailer buffer size
  
  Prior to this change the stored byte count of each trailer was
  miscalculated and 1 less than required. It appears any trailer
  after the first that was passed to Curl_client_write would be truncated
  or corrupted as well as the size. Potentially the size of some
  subsequent trailer could be erroneously extracted from the contents of
  that trailer, and since that size is used by client write an
  out-of-bounds read could occur and cause a crash or be otherwise
  processed by client write.
  
  The bug appears to have been born in 0761a51 (precedes 7.49.0).
  
  Closes https://github.com/curl/curl/pull/2231

- [Basuke Suzuki brought this change]

  easy: fix connection ownership in curl_easy_pause
  
  Before calling Curl_client_chop_write(), change the owner of connection
  to the current Curl_easy handle. This will fix the issue #2217.
  
  Fixes https://github.com/curl/curl/issues/2217
  Closes https://github.com/curl/curl/pull/2221

Daniel Stenberg (9 Jan 2018)
- [Dimitrios Apostolou brought this change]

  system.h: Additionally check __LONG_MAX__ for defining curl_off_t
  
  __SIZEOF_LONG__ was introduced in GCC 4.4, __LONG_MAX__ was introduced
  in GCC 3.3.
  
  Closes #2216

- COPYING: it's 2018!

- progress: calculate transfer speed on milliseconds if possible
  
  to increase accuracy for quick transfers
  
  Fixes #2200
  Closes #2206

Jay Satiro (7 Jan 2018)
- scripts: allow all perl scripts to be run directly
  
  - Enable execute permission (chmod +x)
  
  - Change interpreter to /usr/bin/env perl
  
  Closes https://github.com/curl/curl/pull/2222

- mail-rcpt.d: fix short-text description

- build: remove HAVE_LIMITS_H check
  
  .. because limits.h presence isn't optional, it's required by C89.
  
  Ref: http://port70.net/~nsz/c/c89/c89-draft.html#2.2.4.2
  
  Closes https://github.com/curl/curl/pull/2215

- openssl: fix memory leak of SSLKEYLOGFILE filename
  
  - Free the copy of SSLKEYLOGFILE env returned by curl_getenv during ossl
    initialization.
  
  Caught by ASAN.

- Revert "curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX"
  
  This reverts commit c97648b55080343bb371522bf4233e94a2a13a99.
  
  SIZEOF_LONG should not be checked in system.h since that macro is only
  defined when building libcurl.
  
  Ref: https://github.com/curl/curl/pull/2186#issuecomment-354767080
  Ref: https://gcc.gnu.org/onlinedocs/cpp/Common-Predefined-Macros.html

Michael Kaufmann (30 Dec 2017)
- test1554: improve the error handling

- test1554: add global initialization and cleanup

Daniel Stenberg (29 Dec 2017)
- curl_version_info.3: call the argument 'age'
  
  Reported-by: Pete Lomax
  Bug: https://curl.haxx.se/mail/lib-2017-12/0074.html

Patrick Monnerat (27 Dec 2017)
- [Mikalai Ananenka brought this change]

  brotli: data at the end of content can be lost
  
  Decoding loop implementation did not concern the case when all
  received data is consumed by Brotli decoder and the size of decoded
  data internally hold by Brotli decoder is greater than CURL_MAX_WRITE_SIZE.
  For content with unencoded length greater than CURL_MAX_WRITE_SIZE this
  can result in the loss of data at the end of content.
  
  Closes #2194

Jay Satiro (26 Dec 2017)
- examples/cacertinmem: ignore cert-already-exists error
  
  - Ignore X509_R_CERT_ALREADY_IN_HASH_TABLE errors in the CTX callback
    since it's possible the cert may have already been loaded by libcurl.
  
  - Remove the EXAMPLE code in the CURLOPT_SSL_CTX_FUNCTION.3 doc.
    Instead have it direct the reader to this cacertinmem.c example.
  
  - Fix the CA certificate to use the right CA for example.com, Digicert.
  
  Bug: https://curl.haxx.se/mail/lib-2017-12/0057.html
  Reported-by: Thomas van Hesteren
  
  Closes https://github.com/curl/curl/pull/2182

- [Gisle Vanem brought this change]

  tool_getparam: Support size modifiers for --max-filesize
  
  - Move the size modifier detection code from limit-rate to its own
    function so that it can also be used with max-filesize.
  
  Size modifiers are the suffixes such as G (gigabyte), M (megabyte) etc.
  
  For example --max-filesize 1G
  
  Ref: https://curl.haxx.se/mail/archive-2017-12/0000.html
  
  Closes https://github.com/curl/curl/pull/2179

Steve Holme (22 Dec 2017)
- build: Fixed incorrect script termination from commit ad1dc10e61

- Makefile.vc: Added our standard copyright header

- winbuild: Added support for VC15

- build: Added Visual Studio 2017 project files

- build-wolfssl.bat: Added support for VC15

- build-openssl.bat: Added support for VC15

Jay Satiro (22 Dec 2017)
- [Dimitrios Apostolou brought this change]

  curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX
  
  Closes https://github.com/curl/curl/pull/2186

- [Mattias Fornander brought this change]

  examples/rtsp: fix error handling macros
  
  Closes https://github.com/curl/curl/pull/2185

Patrick Monnerat (20 Dec 2017)
- curl_easy_reset: release mime-related data.
  
  Move curl_mime_initpart() and curl_mime_cleanpart() calls to lower-level
  functions dealing with UserDefined structure contents.
  This avoids memory leakages on curl-generated part mime headers.
  New test 2073 checks this using the cli tool --next option: it
  triggers a valgrind error if bug is present.
  
  Bug: https://curl.haxx.se/mail/lib-2017-12/0060.html
  Reported-by: Martin Galvan

- content_encoding: rework zlib_inflate
  
  - When zlib version is < 1.2.0.4, process gzip trailer before considering
  extra data as an error.
  - Inflate with Z_BLOCK instead of Z_SYNC_FLUSH to maximize correct data
  and minimize corrupt data output.
  - Do not try to restart deflate decompression in raw mode if output has
  started or if the leading data is not available anymore.
  - New test 232 checks inflating raw-deflated content.
  
  Closes #2068

- brotli: allow compiling with version 0.6.0.
  
  Some error codes were not yet defined in brotli 0.6.0: do not issue code
  for them in this case.

Daniel Stenberg (13 Dec 2017)
- CURLOPT_READFUNCTION.3: refer to argument with correct name
  
  Bug: #2175
  
  [ci skip]

- rand: add a clang-analyzer work-around
  
  scan-build would warn on a potential access of an uninitialized
  buffer. I deem it a false positive and had to add this somewhat ugly
  work-around to silence it.

- krb5: fix a potential access of uninitialized memory
  
  A scan-build warning.

- conncache: fix a return code [regression]
  
  This broke in 07cb27c98e. Make sure to return 'result' properly. Pointed
  out by scan-build!

- curl: support >256 bytes warning messsages
  
  Bug: #2174

Michael Kaufmann (12 Dec 2017)
- libssh: fix a syntax error in configure.ac
  
  Follow-up to c92d2e1
  
  Closes #2172

Daniel Stenberg (12 Dec 2017)
- examples/smtp-mail.c: use separate defines for options and mail
  
  ... to make it clearer that the options want address-only, while the
  headers in an email can also have the real name.
  
  Assisted-by: Sean MacLennan

- THANKS: added missing names
  
  ... as I reran the contrithanks script after the mailmap name fixups.

- mailmap: added/clarified several names

- setopt: less *or equal* than INT_MAX/1000 should be fine
  
  ... for the CURLOPT_TIMEOUT, CURLOPT_CONNECTTIMEOUT and
  CURLOPT_SERVER_RESPONSE_TIMEOUT range checks.
  
  Reported-by: Dominik Hölzl
  Bug: https://curl.haxx.se/mail/lib-2017-12/0037.html
  
  Closes #2173

- [Dmitry Kostjuchenko brought this change]

  vtls: replaced getenv() with curl_getenv()
  
  Fixed undefined symbol of getenv() which does not exist when compiling
  for Windows 10 App (CURL_WINDOWS_APP). Replaced getenv() with
  curl_getenv() which is aware of getenv() absence when CURL_WINDOWS_APP
  is defined.
  
  Closes #2171

- RELEASE-NOTES: synced with 3b9ea70ee

- TODO: Expose tried IP addresses that failed
  
  Suggested-by: Rainer Canavan
  
  Closes #2126

- curl.1: mention http:// and https:// as valid proxy prefixes

- curl.1: documented two missing valid exit codes

- CURLOPT_DNS_LOCAL_IP4.3: fixed the seel also to not self-reference

- Revert "curl: don't set CURLOPT_INTERLEAVEDATA"
  
  This reverts commit 9ffad8eb1329bb35c8988115ac7ed85cf91ef955.
  
  It was actually added rather recently in 8e8afa82cbb629 due to a crash
  that would otherwise happen in the RTSP code. As I don't think we've
  fixed that behavior yet, we better keep this work-around until we have
  fixed it better.

Michael Kaufmann (10 Dec 2017)
- tests: mark data files as non-executable in git

- tests: update .gitignore for libtests

Daniel Stenberg (10 Dec 2017)
- multi_done: prune DNS cache
  
  Prune the DNS cache immediately after the dns entry is unlocked in
  multi_done. Timed out entries will then get discarded in a more orderly
  fashion.
  
  Test506 is updated
  
  Reported-by: Oleg Pudeyev
  
  Fixes #2169
  Closes #2170

- mailmap: fixup two old git Author "aliases"

Jay Satiro (10 Dec 2017)
- openssl: Disable file buffering for Win32 SSLKEYLOGFILE
  
  Prior to this change SSLKEYLOGFILE used line buffering on WIN32 just
  like it does for other platforms. However, the Windows CRT does not
  actually support line buffering (_IOLBF) and will use full buffering
  (_IOFBF) instead. We can't use full buffering because multiple processes
  may be writing to the file and that could lead to corruption, and since
  full buffering is the only buffering available this commit disables
  buffering for Windows SSLKEYLOGFILE entirely (_IONBF).
  
  Ref: https://github.com/curl/curl/pull/1346#issuecomment-350530901

Daniel Stenberg (10 Dec 2017)
- RESOLVE: output verbose text when trying to set a duplicate name
  
  ... to help users understand what is or isn't done!

- CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE

- [John DeHelian brought this change]

  sftp: allow quoted commands to use relative paths
  
  Closes #1900

Jay Satiro (8 Dec 2017)
- [Richard Alcock brought this change]

  CURLOPT_PRIVATE.3: fix grammar
  
  - Change "never does nothing" double-negative to "never does anything".
  
  Closes https://github.com/curl/curl/pull/2168

Daniel Stenberg (8 Dec 2017)
- curl: remove __EMX__ #ifdefs
  
  These are OS/2-specific things added to the code in the year 2000. They
  were always ugly. If there's any user left, they still don't need it
  done this way.
  
  Closes #2166

Jay Satiro (8 Dec 2017)
- openssl: improve data-pending check for https proxy
  
  - Allow proxy_ssl to be checked for pending data even when connssl does
    not yet have an SSL handle.
  
  This change is for posterity. Currently there doesn't seem to be a code
  path that will cause a pending data check when proxyssl could have
  pending data and the connssl handle doesn't yet exist [1].
  
  [1]: Recall that an https proxy connection starts out in connssl but if
  the destination is also https then the proxy SSL backend data is moved
  from connssl to proxyssl, which means connssl handle is temporarily
  empty until an SSL handle for the destination can be created.
  
  Ref: https://github.com/curl/curl/commit/f4a6238#commitcomment-24396542
  
  Closes https://github.com/curl/curl/pull/1916

Daniel Stenberg (8 Dec 2017)
- curl: don't set CURLOPT_INTERLEAVEDATA
  
  That data is only ever used by the CURLOPT_INTERLEAVEFUNCTION callback
  and that option isn't set or used by the curl tool!
  
  Updates the 9 tests that verify --libcurl
  
  Closes #2167

- curl.h: remove incorrect comment about ERRORBUFFER
  
  ... error messages are _not_ sent to stderr if this is not set.

- [Michael Felt brought this change]

  configure: add AX_CODE_COVERAGE only if using gcc
  
  Fixes #2076
  Closes #2125

- curl: limit -# update frequency for unknown total size
  
  Make it use a max 10Hz update frequency for this case as well. Return
  early if the "point" hasn't moved since last invoke.
  
  Reported-by: Elliot Saba
  
  Fixes #2158
  Closes #2163

- BINDINGS: another PostgreSQL client
  
  ...the former link is dead.
  
  Reported-by: Frank Gevaerts

- [Zachary Seguin brought this change]

  CONNECT: keep close connection flag in http_connect_state struct
  
  Fixes #2088
  Closes #2157

- [Per Malmberg brought this change]

  include: get netinet/in.h before linux/tcp.h
  
  ... to allow build on older Linux dists (specifically CentOS 4.8 on gcc
  4.8.5)
  
  Closes #2160

- openldap: fix checksrc nits

- [Stepan Broz brought this change]

  openldap: add commented out debug possibilities
  
  ... to aid debugging openldap library using its built-in debug messages.
  
  Closes #2159

- examples: move threaded-shared-conn.c to the "complicated" ones
  
  ... due it relying on pthreads to link.

- RELEASE-NOTES: synced with b261c44e8
  
  ... and bump next release version to 7.58.0

- [Jan Ehrhardt brought this change]

  URL: tolerate backslash after drive letter for FILE:
  
  ... as in "file://c:\some\path\curl.out"
  
  Reviewed-by: Matthew Kerwin
  Closes #2154

- [Randall S. Becker brought this change]

  tests: added netinet/in6.h includes in test servers

- [Randall S. Becker brought this change]

  configure: check for netinet/in6.h
  
  Needed by HPE NonStop NSE and NSX systems
  
  Fixes #2146
  Closes #2155

- curl-config: add --ssl-backends
  
  Lists all SSL backends that were enabled at build-time.
  
  Suggested-by: Oleg Pudeyev
  Fixes #2128

- conncache: only allow multiplexing within same multi handle
  
  Connections that are used for HTTP/1.1 Pipelining or HTTP/2 multiplexing
  only get additional transfers added to them if the existing connection
  is held by the same multi or easy handle. libcurl does not support doing
  HTTP/2 streams in different threads using a shared connection.
  
  Closes #2152

- threaded-shared-conn.c: fixed typo in commenta

- threaded-shared-conn.c: new example

- conncache: fix several lock issues
  
  If the lock is released before the dealings with the bundle is over, it may
  have changed by another thread in the mean time.
  
  Fixes #2132
  Fixes #2151
  Closes #2139

- libssh: remove dead code in sftp_qoute
  
  ... by removing a superfluous NULL pointer check that also confuses
  Coverity.
  
  Fixes #2143
  Closes #2153

- sasl_getmesssage: make sure we have a long enough string to pass
  
  For pop3/imap/smtp, added test 891 to somewhat verify the pop3
  case.
  
  For this, I enhanced the pingpong test server to be able to send back
  responses with LF-only instead of always using CRLF.
  
  Closes #2150

- libssh2: remove dead code from SSH_SFTP_QUOTE
  
  Figured out while reviewing code in the libssh backend. The pointer was
  checked for NULL after having been dereferenced, so we know it would
  always equal true or it would've crashed.
  
  Pointed-out-by: Nikos Mavrogiannopoulos
  
  Bug #2143
  Closes #2148

- ssh-libssh.c: please checksrc

Nikos Mavrogiannopoulos (4 Dec 2017)
- libssh: fixed dereference in statvfs access
  
  The behavior is now equivalent to ssh.c when SSH_SFTP_QUOTE_STATVFS
  handling fails.
  
  Fixes #2142

Daniel Stenberg (4 Dec 2017)
- [Guitared brought this change]

  RESOURCES: update spec names
  
  Closes #2145

Nikos Mavrogiannopoulos (3 Dec 2017)
- libssh: corrected use of sftp_statvfs() in SSH_SFTP_QUOTE_STATVFS
  
  The previous code was incorrectly following the libssh2 error detection
  for libssh2_sftp_statvfs, which is not correct for libssh's sftp_statvfs.
  
  Fixes #2142
  
  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

- libssh: no need to call sftp_get_error as ssh_get_error is sufficient
  
  Fixes #2141
  
  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Daniel Stenberg (2 Dec 2017)
- libssh: fix minor static code analyzer nits
  
  - remove superfluous NULL check which otherwise tricks the static code
  analyzers to assume NULL pointer dereferences.
  
  - fix fallthrough in switch()
  
  - indent mistake

- openssl: pkcs12 is supported by boringssl
  
  Removes another #ifdef for BoringSSL
  
  Pointed-out-by: David Benjamin
  
  Closes #2134

- [Jay Satiro brought this change]

  travis: use pip2 instead of pip
  
  .. since now mac osx image expects pip2 or pip3, and doesn't know pip:
  
  0.01s$ pip install --user cpp-coveralls
  /Users/travis/.travis/job_stages: line 57: pip: command not found
  
  Ref: https://github.com/travis-ci/travis-ci/issues/8829
  
  Closes https://github.com/curl/curl/pull/2133

- [Nikos Mavrogiannopoulos brought this change]

  lib582: do not verify host for SFTP
  
  This SFTP test fails with libssh back-end due to failure to verify
  the peer. Disable peer verification in the test as there seems to
  be the intention of the test.
  
  Note that the libssh back-end automatically verifies the peer's
  host using the default known_hosts file.
  
  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

- [Nikos Mavrogiannopoulos brought this change]

  libssh: added SFTP support
  
  The SFTP back-end supports asynchronous reading only, limited
  to 32-bit file length. Writing is synchronous with no other
  limitations.
  
  This also brings keyboard-interactive authentication.
  
  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

- [Nikos Mavrogiannopoulos brought this change]

  symbols-in-versions: added new symbols with 7.56.3 version
  
  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

- [Nikos Mavrogiannopoulos brought this change]

  .travis.yml: added build --with-libssh
  
  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

- [Nikos Mavrogiannopoulos brought this change]

  libssh2: return CURLE_UPLOAD_FAILED on failure to upload
  
  This brings its in sync with the error code returned by the
  libssh backend.
  
  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

- [Nikos Mavrogiannopoulos brought this change]

  libssh2: send the correct CURLE error code on scp file not found
  
  That also updates tests to expect the right error code
  
  libssh2 back-end returns CURLE_SSH error if the remote file
  is not found. Expect instead CURLE_REMOTE_FILE_NOT_FOUND
  which is sent by the libssh backend.
  
  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

- [Nikos Mavrogiannopoulos brought this change]

  Added support for libssh SSH SCP back-end
  
  libssh is an alternative library to libssh2.
  https://www.libssh.org/
  
  That patch set also introduces support for ECDSA
  ed25519 keys, as well as gssapi authentication.
  
  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

- RELEASE-NOTES: synced with af8cc7a69

- curlver: towards 7.57.1

- [W. Mark Kubacki brought this change]

  lib: don't export all symbols, just everything curl_*
  
  Absent any 'symbol map' or script to limit what gets exported, static
  linking of libraries previously resulted in a libcurl with curl's and
  those other symbols being (re-)exported.
  
  This did not happen if 'versioned symbols' were enabled (which is not
  the default) because then a version script is employed.
  
  This limits exports to everything starting in 'curl_*'., which is
  what "libcurl.vers" exports.
  
  This avoids strange side-effects such as with mixing methods
  from system libraries and those erroneously offered by libcurl.
  
  Closes #2127

- [Johannes Schindelin brought this change]

  SSL: Avoid magic allocation of SSL backend specific data
  
  Originally, my idea was to allocate the two structures (or more
  precisely, the connectdata structure and the four SSL backend-specific
  strucutres required for ssl[0..1] and proxy_ssl[0..1]) in one go, so
  that they all could be free()d together.
  
  However, getting the alignment right is tricky. Too tricky.
  
  So let's just bite the bullet and allocate the SSL backend-specific
  data separately.
  
  As a consequence, we now have to be very careful to release the memory
  allocated for the SSL backend-specific data whenever we release any
  connectdata.
  
  Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
  
  Closes #2119

- examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL
  
  Reported-by: Dima Tisnek

- travis: add boringssl build
  
  Uses a separate build without --enable-debug and no valgrind.
  
  The debug option causes far too many warnings in boringssl's headers
  (C++ comments, trailing commas etc).  Valgrind triggers some false
  positive errors in thread-local data used by boringssl.
  
  Closes #2118

Version 7.57.0 (29 Nov 2017)

Daniel Stenberg (29 Nov 2017)
- RELEASE-NOTES: curl 7.57.0

- THANKS: added contributors from 7.57.0 release

- openssl: fix boringssl build again
  
  commit d3ab7c5a21e broke the boringssl build since it doesn't have
  RSA_flags(), so we disable that code block for boringssl builds.
  
  Reported-by: W. Mark Kubacki
  Fixes #2117

- curl_ntlm_core.c: use the limits.h's SIZE_T_MAX if provided

- libcurl-share.3: the connection cache is shareable now

- global_init: ignore CURL_GLOBAL_SSL's absense
  
  This bit is no longer used. It is not clear what it meant for users to
  "init the TLS" in a world with different TLS backends and since the
  introduction of multissl, libcurl didn't properly work if inited without
  this bit set.
  
  Not a single user responded to the call for users of it:
  https://curl.haxx.se/mail/lib-2017-11/0072.html
  
  Reported-by: Evgeny Grin
  Assisted-by: Jay Satiro
  
  Fixes #2089
  Fixes #2083
  Closes #2107

- ntlm: avoid integer overflow for malloc size
  
  Reported-by: Alex Nichols
  Assisted-by: Kamil Dudka and Max Dymond
  
  CVE-2017-8816
  
  Bug: https://curl.haxx.se/docs/adv_2017-11e7.html

- wildcardmatch: fix heap buffer overflow in setcharset
  
  The code would previous read beyond the end of the pattern string if the
  match pattern ends with an open bracket when the default pattern
  matching function is used.
  
  Detected by OSS-Fuzz:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4161
  
  CVE-2017-8817
  
  Bug: https://curl.haxx.se/docs/adv_2017-ae72.html

