                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Version 7.65.3 (19 Jul 2019)

Daniel Stenberg (19 Jul 2019)
- RELEASE-NOTES: 7.65.3

- THANKS: 7.65.3 status

- progress: make the progress meter appear again
  
  Fix regression caused by 21080e1
  
  Reported-by: Chih-Hsuan Yen
  Fixes #4122
  Closes #4124

- version: bump to 7.65.3

- RELEASE-NOTES: Contributors or now 1990

Version 7.65.2 (17 Jul 2019)

Daniel Stenberg (17 Jul 2019)
- RELEASE-NOTES: 7.65.2

- THANKS: add contributors from 7.65.2

Jay Satiro (17 Jul 2019)
- [aasivov brought this change]

  cmake: Fix finding Brotli on case-sensitive file systems
  
  - Find package "Brotli" instead of "BROTLI" since the former is the
    casing used for CMake/FindBrotli.cmake, and otherwise find_package
    may fail on a case-sensitive file system.
  
  Fixes https://github.com/curl/curl/issues/4117

- CURLOPT_RANGE.3: Caution against using it for HTTP PUT
  
  AFAICT CURLOPT_RANGE does not support ranged HTTP PUT uploads so I've
  cautioned against using it for that purpose and included a workaround.
  
  Bug: https://curl.haxx.se/mail/lib-2019-04/0075.html
  Reported-by: Christopher Head
  
  Closes https://github.com/curl/curl/issues/3814

- [Stefano Simonelli brought this change]

  CURLOPT_SEEKDATA.3: fix variable name
  
  Closes https://github.com/curl/curl/pull/4118

- [georgeok brought this change]

  CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH
  
  If the SSL backend is Schannel and the user specifies an Schannel CALG_
  that is not supported by the protocol or the server then curl returns
  CURLE_SSL_CONNECT_ERROR (35) SEC_E_ALGORITHM_MISMATCH.
  
  Fixes https://github.com/curl/curl/issues/3389
  Closes https://github.com/curl/curl/pull/4106

- [Daniel Gustafsson brought this change]

  nss: inspect returnvalue of token check
  
  PK11_IsPresent() checks for the token for the given slot is available,
  and sets needlogin flags for the PK11_Authenticate() call.  Should it
  return false, we should however treat it as an error and bail out.
  
  Closes https://github.com/curl/curl/pull/4110

- docs: Explain behavior change in --tlsv1. options since 7.54
  
  Since 7.54 --tlsv1. options use the specified version or later, however
  older versions of curl documented it as using just the specified version
  which may or may not have happened depending on the TLS library.
  Document this discrepancy to allay confusion for users familiar with the
  old documentation that expect just the specified version.
  
  Fixes https://github.com/curl/curl/issues/4097
  Closes https://github.com/curl/curl/pull/4119

- libcurl: Restrict redirect schemes (follow-up)
  
  - Allow FTPS on redirect.
  
  - Update default allowed redirect protocols in documentation.
  
  Follow-up to 6080ea0.
  
  Ref: https://github.com/curl/curl/pull/4094
  
  Closes https://github.com/curl/curl/pull/4115

Daniel Stenberg (16 Jul 2019)
- test1173: make it also check all libcurl option man pages
  
  ... and adjust those that cause errors
  
  Closes #4116

- curl: only accept COLUMNS less than 10000
  
  ... as larger values would rather indicate something silly (and could
  potentially cause buffer problems).
  
  Reported-by: pendrek at hackerone
  Closes #4114

- dist: add manpage-syntax.pl
  
  follow-up to 7fb66c403

- test1173: detect some basic man page format mistakes
  
  Triggered by PR #4111
  
  Closes #4113

Jay Satiro (15 Jul 2019)
- [Bjarni Ingi Gislason brought this change]

  docs: Fix missing lines caused by undefined macros
  
  - Escape apostrophes at line start.
  
  Some lines begin with a "'" (apostrophe, single quote), which is then
  interpreted as a control character in *roff.
  
  Such lines are interpreted as being a call to a macro, and if
  undefined, the lines are removed from the output.
  
  Bug: https://bugs.debian.org/926352
  Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
  
  Submitted-by: Alessandro Ghedini
  
  Closes https://github.com/curl/curl/pull/4111

Daniel Stenberg (14 Jul 2019)
- libcurl-security.3: update to new CURLOPT_REDIR_PROTOCOLS defaults
  
  follow-up to 6080ea098

- [Linos Giannopoulos brought this change]

  libcurl: Add testcase for gopher redirects
  
  The testcase ensures that redirects to CURLPROTO_GOPHER won't be
  allowed, by default, in the future. Also, curl is being used
  for convenience while keeping the testcases DRY.
  
  The expected error code is CURLE_UNSUPPORTED_PROTOCOL when the client is
  redirected to CURLPROTO_GOPHER
  
  Signed-off-by: Linos Giannopoulos <lgian@skroutz.gr>

- [Linos Giannopoulos brought this change]

  libcurl: Restrict redirect schemes
  
  All protocols except for CURLPROTO_FILE/CURLPROTO_SMB and their TLS
  counterpart were allowed for redirect. This vastly broadens the
  exploitation surface in case of a vulnerability such as SSRF [1], where
  libcurl-based clients are forced to make requests to arbitrary hosts.
  
  For instance, CURLPROTO_GOPHER can be used to smuggle any TCP-based
  protocol by URL-encoding a payload in the URI. Gopher will open a TCP
  connection and send the payload.
  
  Only HTTP/HTTPS and FTP are allowed. All other protocols have to be
  explicitly enabled for redirects through CURLOPT_REDIR_PROTOCOLS.
  
  [1]: https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/
  
  Signed-off-by: Linos Giannopoulos <lgian@skroutz.gr>
  
  Closes #4094

- [Zenju brought this change]

  openssl: define HAVE_SSL_GET_SHUTDOWN based on version number
  
  Closes #4100

- [Peter Simonyi brought this change]

  http: allow overriding timecond with custom header
  
  With CURLOPT_TIMECONDITION set, a header is automatically added (e.g.
  If-Modified-Since).  Allow this to be replaced or suppressed with
  CURLOPT_HTTPHEADER.
  
  Fixes #4103
  Closes #4109

Jay Satiro (11 Jul 2019)
- [Juergen Hoetzel brought this change]

  smb: Use the correct error code for access denied on file open
  
  - Return CURLE_REMOTE_ACCESS_DENIED for SMB access denied on file open.
  
  Prior to this change CURLE_REMOTE_FILE_NOT_FOUND was returned instead.
  
  Closes https://github.com/curl/curl/pull/4095

- [Daniel Gustafsson brought this change]

  DEPRECATE: fixup versions and spelling
  
  Correctly set the July 17 version to 7.65.2, and update spelling to
  be consistent. Also fix a typo.
  
  Closes https://github.com/curl/curl/pull/4107

- [Gisle Vanem brought this change]

  system_win32: fix clang warning
  
  - Declare variable in header as extern.
  
  Bug: https://github.com/curl/curl/commit/48b9ea4#commitcomment-34084597

Daniel Gustafsson (10 Jul 2019)
- headers: Remove no longer exported functions
  
  There were a leftover few prototypes of Curl_ functions that we used to
  export but no longer do, this removes those prototypes and cleans up any
  comments still referring to them.
  
  Curl_write32_le(), Curl_strcpy_url(), Curl_strlen_url(), Curl_up_free()
  Curl_concat_url(), Curl_detach_connnection(), Curl_http_setup_conn()
  were made static in 05b100aee247bb9bec8e9a1b0166496aa4248d1c.
  Curl_http_perhapsrewind() made static in 574aecee208f79d391f10d57520b3.
  
  For the remainder, I didn't trawl the Git logs hard enough to capture
  their exact time of deletion, but they were all gone: Curl_splayprint(),
  Curl_http2_send_request(), Curl_global_host_cache_dtor(),
  Curl_scan_cache_used(), Curl_hostcache_destroy(), Curl_second_connect(),
  Curl_http_auth_stage() and Curl_close_connections().
  
  Closes #4096
  Reviewed-by: Daniel Stenberg <daniel@haxx.se>

- CMake: fix typos and spelling

- [Kyle Edwards brought this change]

  CMake: Convert errant elseif() to else()
  
  CMake interprets an elseif() with no arguments as elseif(FALSE),
  resulting in the elseif() block not being executed. That is not what
  was intended here. Change the empty elseif() to an else() as it was
  intended.
  
  Closes #4101
  Reported-by: Artalus <artalus-mail@yandex.ru>
  Reviewed-by: Daniel Gustafsson <daniel@yesql.se>

- buildconf: fix header filename
  
  The header file inclusion had a typo, it should be .h and not .hd.
  Fix by renaming.
  
  Fixes #4102
  Reported-by: AceCrow on Github

- [Jan Chren brought this change]

  configure: fix --disable-code-coverage
  
  This fixes the case when --disable-code-coverage supplied to ./configure
  would result in coverage="yes" being set.
  
  Closes #4099
  Reviewed-by: Daniel Gustafsson <daniel@yesql.se>

- cleanup: fix typo in comment

- RELEASE-NOTES: synced

Jay Satiro (6 Jul 2019)
- [Daniel Gustafsson brought this change]

  nss: support using libnss on macOS
  
  The file suffix for dynamically loadable objects on macOS is .dylib,
  which need to be added for the module definitions in order to get the
  NSS TLS backend to work properly on macOS.
  
  Closes https://github.com/curl/curl/pull/4046

- [Daniel Gustafsson brought this change]

  nss: don't set unused parameter
  
  The value of the maxPTDs parameter to PR_Init() has since at least
  NSPR 2.1, which was released sometime in 1998, been marked ignored
  as is accordingly not used in the initialization code.  Setting it
  to a value when calling PR_Init() is thus benign, but indicates an
  intent which may be misleading. Reset the value to zero to improve
  clarity.
  
  Closes https://github.com/curl/curl/pull/4054

- [Daniel Gustafsson brought this change]

  nss: only cache valid CRL entries
  
  Change the logic around such that we only keep CRLs that NSS actually
  ended up caching around for later deletion.  If CERT_CacheCRL() fails
  then there is little point in delaying the freeing of the CRL as it
  is not used.
  
  Closes https://github.com/curl/curl/pull/4053

- [Gergely Nagy brought this change]

  lib: Use UTF-8 encoding in comments
  
  Some editors and IDEs assume that source files use UTF-8 file encodings.
  It also fixes the build with MSVC when /utf-8 command line option is
  used (this option is mandatory for some other open-source projects, this
  is useful when using the same options is desired for building all
  libraries of a project).
  
  Closes https://github.com/curl/curl/pull/4087

- [Caleb Raitto brought this change]

  CURLOPT_HEADEROPT.3: Fix example
  
  Fix an issue where example builds a curl_slist, but fails to actually
  use it, or free it.
  
  Closes https://github.com/curl/curl/pull/4090

- [Shankar Jadhavar brought this change]

  winbuild: Change Makefile to honor ENABLE_OPENSSL_AUTO_LOAD_CONFIG
  
  - Made changes so that ENABLE_OPENSSL_AUTO_LOAD_CONFIG will be honored.
  
  - Also removed some ^M chars from file.
  
  Prior to this change while building on Windows platform even if we pass
  the ENABLE_OPENSSL_AUTO_LOAD_CONFIG option with value as "no" it does
  not set the CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG flag.
  
  Closes https://github.com/curl/curl/pull/4086

Daniel Stenberg (4 Jul 2019)
- doh-url.d: added in 7.62.0

Jay Satiro (30 Jun 2019)
- docs: Fix links to OpenSSL docs
  
  OpenSSL changed their manual locations and does not redirect to the new
  locations.
  
  Bug: https://curl.haxx.se/mail/lib-2019-06/0056.html
  Reported-by: Daniel Stenberg

Daniel Stenberg (26 Jun 2019)
- [Gaël PORTAY brought this change]

  curl_multi_wait.3: escape backslash in example
  
  The backslash in the character Line Feed must be escaped.
  
  The current man-page outputs the code as following:
  
          fprintf(stderr, "curl_multi failed, code %d.0, mc);
  
  The commit fixes it as follow:
  
          fprintf(stderr, "curl_multi failed, code %d\n", mc);
  
  Closes #4079

- openssl: disable engine if OPENSSL_NO_UI_CONSOLE is defined
  
  ... since that needs UI_OpenSSL() which isn't provided when OpenSSL is
  built with OPENSSL_NO_UI_CONSOLE which happens when OpenSSL is built for
  UWP (with "VC-WIN32-UWP").
  
  Reported-by: Vasily Lobaskin
  Fixes #4073
  Closes #4077

- test1521: adapt to SLISTPOINT
  
  The header now has the slist-using options marked as SLISTPOINT so this
  makes sure test 1521 understands that.
  
  Follow-up to ae99b4de1c443ae989
  
  Closes #4074

- win32: make DLL loading a no-op for UWP
  
  Reported-by: Michael Brehm
  Fixes #4060
  Closes #4072

- [1ocalhost brought this change]

  configure: fix typo '--disable-http-uath'
  
  Closes #4076

- [Niklas Hambüchen brought this change]

  docs: fix string suggesting HTTP/2 is not the default
  
  Commit 25fd1057c9c86e3 made HTTP2 the default, and further down in the
  man page that new default is mentioned, but the section at the top
  contradicted it until now.
  
  Also remove claim that setting the HTTP version is not sensible.
  
  Closes #4075

- RELEASE-NOTES: synced

- [Stephan Szabo brought this change]

  tests: update fixed IP for hostip/clientip split
  
  These tests give differences for me on linux when using a hostip
  pointing to the external ip address for the local machine.
  
  Closes #4070

Daniel Gustafsson (24 Jun 2019)
- http: clarify header buffer size calculation
  
  The header buffer size calculation can from static analysis seem to
  overlow as it performs an addition between two size_t variables and
  stores the result in a size_t variable. Overflow is however guarded
  against elsewhere since the input to the addition is regulated by
  the maximum read buffer size. Clarify this with a comment since the
  question was asked.
  
  Reviewed-by: Daniel Stenberg <daniel@haxx.se>

Daniel Stenberg (24 Jun 2019)
- KNOWN_BUGS: Don't clear digest for single realm
  
  Closes #3267

- KNOWN_BUGS: Schannel disable CURLOPT_SSL_VERIFYPEER and verify hostname
  
  Closes #3284

- http2: call done_sending on end of upload
  
  To make sure a HTTP/2 stream registers the end of stream.
  
  Bug #4043 made me find this problem but this fix doesn't correct the
  reported issue.
  
  Closes #4068

- [James Brown brought this change]

  c-ares: honor port numbers in CURLOPT_DNS_SERVERS
  
  By using ares_set_servers_ports_csv on new enough c-ares.
  
  Fixes #4066
  Closes #4067

Daniel Gustafsson (24 Jun 2019)
- CURLMOPT_SOCKETFUNCTION.3: fix typo

Daniel Stenberg (24 Jun 2019)
- [Koen Dergent brought this change]

  curl: skip CURLOPT_PROXY_CAPATH for disabled-proxy builds
  
  Closes #4061

- test153: fix content-length to avoid occasional hang
  
  Closes #4065

- RELEASE-NOTES: synced

- multi: enable multiplexing by default (again)
  
  It was originally made default in d7c4213bd0c (7.62.0) but mistakenly
  reverted in commit 2f44e94efb3d (7.65.0). Now enabled again.
  
  Closes #4051

- typecheck: add 3 missing strings and a callback data pointer
  
  Closes #4050

- tests: add disable-scan.pl to dist
  
  follow-up from 29177f422a5
  
  Closes #4059

- http2: don't call stream-close on already closed streams
  
  Closes #4055

Marcel Raad (20 Jun 2019)
- travis: enable alt-svc for coverage build
  
  Closes

- travis: enable libssh2 for coverage build
  
  It was enabled by default before commit c92d2e14cfb.
  
  Disable torture tests 600 and 601 because of
  https://github.com/curl/curl/issues/1678.
  
  Closes

- travis: disable threaded resolver for coverage build
  
  This enables more tests.
  
  Closes

- travis: enable brotli for all xenial jobs
  
  There's no need for a separate job, and no need to build it from source
  with Xenial.
  
  Closes

- travis: enable warnings-as-errors for coverage build
  
  Closes

GitHub (20 Jun 2019)
- [Gisle Vanem brought this change]

  system_win32: fix typo

Daniel Stenberg (20 Jun 2019)
- typecheck: CURLOPT_CONNECT_TO takes an slist too
  
  Additionally, add an alias in curl.h for slist-using options so that
  we can grep/parse those out at will.
  
  Closes #4042

- [Stephan Szabo brought this change]

  tests: support non-localhost HOSTIP for dict/smb servers
  
  smbserver.py/dictserver.py were explicitly using localhost/127.0.0.1 for
  binding the server which when we were running the tests with a separate
  HOSTIP and CLIENTIP had failures verifying the server from the device we
  were testing.
  
  This changes them to take the address from runtests.py and default to
  localhost/127.0.0.1 if none is given.
  
  Closes #4048

- test1523: basic test of CURLOPT_LOW_SPEED_LIMIT

- configure: --disable-progress-meter
  
  Builds libcurl without support for the built-in progress meter.
  
  Closes #4023

- curl: improved skip-setopt-options when built with disabled features
  
  Reduces #ifdefs in src/tool_operate.c
  
  Follow-up from 4e86f2fc4e6
  Closes #3936

Steve Holme (18 Jun 2019)
- netrc: Return the correct error code when out of memory
  
  Introduced in 763c5178.
  
  Closes #4036

Daniel Stenberg (18 Jun 2019)
- config-os400: add getpeername and getsockname defines
  
  Reported-by: jonrumsey on github
  Fixes #4037
  Closes #4039

- runtests: keep logfiles around by default
  
  Make '-k' a no-op. The singletest function now clears the log directory
  BEFORE each individual test and not after, which makes it possible to
  always keep the logfiles around after a test has been run. No need to
  specify -k anymore. Keeping the option parsing around to work with users
  of old habits.
  
  Some tests also didn't work properly when -k was used (since the old
  logs would be kep when a new test starts) which this change also fixes.
  
  Closes #4035

- [Gergely Nagy brought this change]

  openssl: fix pubkey/signature algorithm detection in certinfo
  
  Certinfo gives the same result for all OpenSSL versions.
  Also made printing RSA pubkeys consistent with older versions.
  
  Reported-by: Michael Wallner
  Fixes #3706
  Closes #4030

- conn_maxage: move the check to prune_dead_connections()
  
  ... and avoid the locking issue.
  
  Reported-by: Kunal Ekawde
  Fixes #4029
  Closes #4032

- tests: have runtests figure out disabled features
  
  ... so that runtests can skip individual test cases that test features
  that are explicitly disabled in this build. This new logic is intended
  for disabled features that aren't otherwise easily visible through the
  curl_version_info() or other API calls.
  
  tests/server/disabled is a newly built executable that will output a
  list of disabled features. Outputs nothing for a default build.
  
  Closes #3950

- test188/189: fix Content-Length
  
  This cures the flaky test results
  
  Closes #4034

- [Thomas Gamper brought this change]

  winbuild: use WITH_PREFIX if given
  
  Closes #4031

Daniel Gustafsson (17 Jun 2019)
- openssl: remove outdated comment
  
  OpenSSL used to call exit(1) on syntax errors in OPENSSL_config(),
  which is why we switched to CONF_modules_load_file() and introduced
  a comment stating why. This behavior was however changed in OpenSSL
  commit abdd677125f3a9e3082f8c5692203590fdb9b860, so remove the now
  outdated and incorrect comment. The mentioned commit also declares
  OPENSSL_config() deprecated so keep the current coding.
  
  Closes #4033
  Reviewed-by: Daniel Stenberg <daniel@haxx.se>

Daniel Stenberg (16 Jun 2019)
- RELEASE-NOTES: synced

Patrick Monnerat (16 Jun 2019)
- os400: make vsetopt() non-static as Curl_vsetopt() for os400 support.
  
  Use it in curl_easy_setopt_ccsid().
  
  Reported-by: jonrumsey on github
  Fixes #3833
  Closes #4028

Daniel Stenberg (15 Jun 2019)
- runtests: report single test time + total duration
  
  ... after each successful test.
  
  Closes #4027

- multi: fix the transfer hash function
  
  Follow-up from 8b987cc7eb
  
  Reported-by: Tom van der Woerdt
  Fixes #4018
  Closes #4024

- unit1654: cleanup on memory failure
  
  ... to make it handle torture tests properly.
  
  Reported-by: Marcel Raad
  Fixes #4021
  Closes #4022

Marcel Raad (13 Jun 2019)
- krb5: fix compiler warning
  
  Even though the variable was used in a DEBUGASSERT, GCC 8 warned in
  debug mode:
  krb5.c:324:17: error: unused variable 'maj' [-Werror=unused-variable]
  
  Just suppress the warning and declare the variable unconditionally
  instead of only for DEBUGBUILD (which also missed the check for
  HAVE_ASSERT_H).
  
  Closes https://github.com/curl/curl/pull/4020

Daniel Stenberg (13 Jun 2019)
- quote.d: asterisk prefix works for SFTP as well
  
  Reported-by: Ben Voris
  Fixes #4017
  Closes #4019

- multi: fix the transfer hashes in the socket hash entries
  
  - The transfer hashes weren't using the correct keys so removing entries
    failed.
  
  - Simplified the iteration logic over transfers sharing the same socket and
    they now simply are set to expire and thus get handled in the "regular"
    timer loop instead.
  
  Reported-by: Tom van der Woerdt
  Fixes #4012
  Closes #4014

Jay Satiro (12 Jun 2019)
- [Cliff Crosland brought this change]

  url: Fix CURLOPT_MAXAGE_CONN time comparison
  
  Old connections are meant to expire from the connection cache after
  CURLOPT_MAXAGE_CONN seconds. However, they actually expire after 1000x
  that value. This occurs because a time value measured in milliseconds is
  accidentally divided by 1M instead of by 1,000.
  
  Closes https://github.com/curl/curl/pull/4013

Daniel Stenberg (11 Jun 2019)
- test1165: verify that CURL_DISABLE_ symbols are in sync
  
  between configure.ac and source code. They should be possible to switch
  on/off in configure AND be used in source code.

- configure: remove CURL_DISABLE_TLS_SRP
  
  It isn't used by code so stop providing the define.
  
  Closes #4010

- Revert "cmake: add SMB to list of disabled protocols if HTTP_ONLY is specified"
  
  This reverts commit 36738caeb78603ce24e3ea089a167b8c216fb938.
  
  Apparently several of the appveyor windows builds broke.

- [sergey-raevskiy brought this change]

  cmake: add SMB to list of disabled protocols if HTTP_ONLY is specified
  
  Reviewed-by: Jakub Zakrzewski
  Closes #3770

- RELEASE-NOTES: synced

- http2: remove CURL_DISABLE_TYPECHECK define
  
  ... in http2-less builds as it served no use.

- configure: more --disable switches to toggle off individual features
  
  ... actual support in the code for disabling these has already landed.
  
  Closes #4009

- wolfssl: fix key pinning build error
  
  follow-up from deb9462ff2de8

- CURLMOPT_SOCKETFUNCTION.3: clarified
  
  Moved away the callback explanation from curl_multi_socket_action.3 and
  expanded it somewhat.
  
  Closes #4006

- wolfssl: fixup for SNI use
  
  follow-up from deb9462ff2de8
  
  Closes #4007

- CURLOPT_CAINFO.3: polished wording
  
  Clarify the functionality when built to use Schannel and Secure
  Transport and stop calling it the "recommended" or "preferred" way and
  instead rather call it the default.
  
  Removed the reference to the ssl comparison table as it isn't necessary.
  
  Reported-by: Richard Alcock
  Bug: https://curl.haxx.se/mail/lib-2019-06/0019.html
  Closes #4005

GitHub (10 Jun 2019)
- [Daniel Stenberg brought this change]

  SECURITY.md: created
  
  Brief security policy description for use/display on github.

Daniel Gustafsson (10 Jun 2019)
- tool_cb_prg: Fix integer overflow in progress bar
  
  Commit 61faa0b420c236480bc9ef6fd52b4ecc1e0f8d17 fixed the progress bar
  width calculation to avoid integer overflow, but failed to account for
  the fact that initial_size is initialized to -1 when the file size is
  retrieved from the remote on an upload, causing another signed integer
  overflow.  Fix by separately checking for this case before the width
  calculation.
  
  Closes #3984
  Reported-by: Brian Carpenter (Geeknik Labs)
  Reviewed-by: Daniel Stenberg <daniel@haxx.se>

Daniel Stenberg (10 Jun 2019)
- wolfssl: refer to it as wolfSSL only
  
  Remove support for, references to and use of "cyaSSL" from the source
  and docs. wolfSSL is the current name and there's no point in keeping
  references to ancient history.
  
  Assisted-by: Daniel Gustafsson
  
  Closes #3903

- RELEASE-NOTES: synced

- bindlocal: detect and avoid IP version mismatches in bind()
  
  Reported-by: Alex Grebenschikov
  Fixes #3993
  Closes #4002

- multi: make sure 'data' can present in several sockhash entries
  
  Since more than one socket can be used by each transfer at a given time,
  each sockhash entry how has its own hash table with transfers using that
  socket.
  
  In addition, the sockhash entry can now be marked 'blocked = TRUE'"
  which then makes the delete function just set 'removed = TRUE' instead
  of removing it "for real", as a way to not rip out the carpet under the
  feet of a parent function that iterates over the transfers of that same
  sockhash entry.
  
  Reported-by: Tom van der Woerdt
  Fixes #3961
  Fixes #3986
  Fixes #3995
  Fixes #4004
  Closes #3997

- [Sorcus brought this change]

  libcurl-tutorial.3: Fix small typo (mutipart -> multipart)
  
  Fixed-by: MrSorcus on github
  Closes #4000

- unpause: trigger a timeout for event-based transfers
  
  ... so that timeouts or other state machine actions get going again
  after a changing pause state. For example, if the last delivery was
  paused there's no pending socket activity.
  
  Reported-by: sstruchtrup on github
  Fixes #3994
  Closes #4001

Marcel Raad (9 Jun 2019)
- travis: use xenial LLVM package for scan-build
  
  I missed that in commit 99a49d6.

- travis: update scan-build job to xenial
  
  Closes https://github.com/curl/curl/pull/3999

Daniel Stenberg (8 Jun 2019)
- bump: start working on 7.65.2

Marcel Raad (5 Jun 2019)
- examples/htmltitle: use C++ casts between pointer types
  
  Compilers and static analyzers warn about using C-style casts here.
  
  Closes https://github.com/curl/curl/pull/3975

- examples/fopen: fix comparison
  
  As want is size_t, (file->buffer_pos - want) is unsigned, so checking
  if it's less than zero makes no sense.
  Check if file->buffer_pos is less than want instead to avoid the
  unsigned integer wraparound.
  
  Closes https://github.com/curl/curl/pull/3975

- build: fix Codacy warnings
  
  Reduce variable scopes and remove redundant variable stores.
  
  Closes https://github.com/curl/curl/pull/3975

- sws: remove unused variables
  
  Unused since commit 2f44e94.
  
  Closes https://github.com/curl/curl/pull/3975

Version 7.65.1 (4 Jun 2019)

Daniel Stenberg (4 Jun 2019)
- RELEASE-NOTES: 7.65.1

- THANKS: new contributors from 7.65.1

Steve Holme (4 Jun 2019)
- [Frank Gevaerts brought this change]

  ssl: Update outdated "openssl-only" comments for supported backends
  
  These are for features that used to be openssl-only but were expanded
  over time to support other SSL backends.
  
  Closes #3985

Daniel Stenberg (4 Jun 2019)
- curl_share_setopt.3: improve wording [ci ship]
  
  Reported-by: Carlos ORyan

Steve Holme (4 Jun 2019)
- tool_parsecfg: Use correct return type for GetModuleFileName()
  
  GetModuleFileName() returns a DWORD which is a typedef of an unsigned
  long and not an int.
  
  Closes #3980

Daniel Stenberg (3 Jun 2019)
- TODO: "at least N milliseconds between requests" [ci skip]
  
  Suggested-by: dkwolfe4 on github
  Closes #3920

Steve Holme (2 Jun 2019)
- tests/server/.gitignore: Add socksd to the ignore list
  
  Missed in 04fd6755.
  
  Closes #3978

- tool_parsecfg: Fix control flow issue (DEADCODE)
  
  Follow-up to 8144ba38.
  
  Detected by Coverity CID 1445663
  Closes #3976

Daniel Stenberg (2 Jun 2019)
- [Sergey Ogryzkov brought this change]

  NTLM: reset proxy "multipass" state when CONNECT request is done
  
  Closes #3972

- test334: verify HTTP 204 response with chunked coding header
  
  Verifies that a bodyless response don't parse this content-related
