- Change the parser to not require a minor version for HTTP/2.

HTTP/2 connection reuse broke when we changed from HTTP/2.0 to HTTP/2
in 8243a958 because the parser still expected a minor version.

Bug: https://github.com/curl/curl/issues/855
Reported-by: Andrew Robbins, Frank Gevaerts

connect.c:952:5: warning: suggest explicit braces to avoid ambiguous 'else'

Closes #845

... causing SIGSEGV while parsing URL with too many globs.
Minimal example:

$ curl $(for i in $(seq 101); do printf '{a}'; done)

Reported-by: Romain Coltel
Bug: https://bugzilla.redhat.com/1340757

Closes #850

Dependency added by 6cabd785

Closes #849

Sessionid cache management is inseparable from managing individual
session lifetimes. E.g. for reference-counted sessions (like those in
SChannel and OpenSSL engines) every session addition and removal
should be accompanied with refcount increment and decrement
respectively. Failing to do so synchronously leads to a race condition
that causes symptoms like use-after-free and memory corruption.
This commit:
 - makes existing session cache locking explicit, thus allowing
   individual engines to manage lock's scope.
 - fixes OpenSSL and SChannel engines by putting refcount management
   inside this lock's scope in relevant places.
 - adds these explicit locking calls to other engines that use
   sessionid cache to accommodate for this change. Note, however,
   that it is unknown whether any of these engines could also have
   this race.

Bug: https://github.com/curl/curl/issues/815
Fixes #815
Closes #847

Closes #822

... to make it not look like an OpenSSL function

Closes #844

This broke in 7.49.0 with commit e2000344

Fixes #842

Mostly in order to support broken web sites that redirect to broken URLs
that are accepted by browsers.

Browsers are typically even more leniant than this as the WHATWG URL
spec they should allow an _infinite_ amount. I tested 8000 slashes with
Firefox and it just worked.

Added test case 1141, 1142 and 1143 to verify the new parser.

Closes #791

Closes #837

Closes #838

Adds access to the effectively used http version to both libcurl and
curl.

Closes #799

With OPENSSL_NO_COMP defined, there is no function
SSL_COMP_free_compression_methods

Closes #836

Fixes #828

Closes #834

Inspiration provided by: Daniel Stenberg and Ray Satiro

Bug: https://curl.haxx.se/docs/adv_20160530.html

Ref: Windows DLL hijacking with curl, CVE-2016-4802

Bug: https://github.com/curl/curl/issues/826
Reported-by: Michael Wallner

The statvfs functionality was added to libssh2 in that version, so we
switch off that functionality when built with older libraries.

Fixes #831

Regression from the previous *printf() rearrangements, this file missed to
include the correct header to make sure snprintf() works universally.

Reported-by: Moti Avrahami
Bug: https://curl.haxx.se/mail/lib-2016-05/0196.html

Added support for checking the tchar, unicode and mbcs variants of
strcat() and strncat() in the banned function list.

Now giving credit properly to github user names, fixed some UTF-8 issues
and added names discovered when contrithanks was improved.

from 1577bfa3

Prior to this change if a GitHub contributor's real name was unknown
they would be omitted from the list.

Bug: https://github.com/curl/curl/issues/824