When CURL_DISABLE_CRYPTO_AUTH is defined, Curl_none_md5sum's parameters
are not used.

... fixes a memory leak with at least IMAP when remove_handle is never
called and the transfer is abruptly just abandoned early.

Test 1552 added to verify

Detected by OSS-fuzz
Assisted-by: Max Dymond
Closes #1954

Fixes #1950: curlx_strtoofft() doesn't fully protect against null 'str'
argument.

Closes #1952

Reported-by: Javier Sixto
Fixes #1955
Closes #1956

The source code is now prepared to handle the case when both
Win32 Crypto and OpenSSL/NSS crypto backends are enabled
at the same time, making it now possible to enable `USE_WIN32_CRYPTO`
whenever the targeted Windows version supports it. Since this
matches the minimum Windows version supported by curl
(Windows 2000), enable it unconditionally for the Win32 platform.

This in turn enables SMB (and SMBS) protocol support whenever
Win32 Crypto is available, regardless of what other crypto backends
are enabled.

Ref: https://github.com/curl/curl/pull/1840#issuecomment-325682052

Closes https://github.com/curl/curl/pull/1943

Reported-by: Wyatt O'Day
Fixes #1945
Closes #1947

Closes https://github.com/curl/curl/pull/1794

Closes #1946

- New `CURL_DLL_SUFFIX` envvar will add a suffix to the generated
  libcurl dll name. Useful to add `-x64` to 64-bit builds so that
  it can live in the same directory as the 32-bit one. By default
  this is empty.

- New `CURL_DLL_A_SUFFIX` envvar to customize the suffix of the
  generated import library (implib) for libcurl .dll. It defaults
  to `dll`, and it's useful to modify that to `.dll` to have the
  standard naming scheme for mingw-built .dlls, i.e. `libcurl.dll.a`.

Closes https://github.com/curl/curl/pull/1942

Use the external curl-fuzzer repository for fuzzing.

Closes #1923

Closes #1936

Closes #1939

Ref: https://github.com/curl/curl/issues/1002

Compare these settings in Curl_ssl_config_matches():
- verifystatus (CURLOPT_SSL_VERIFYSTATUS)
- random_file (CURLOPT_RANDOM_FILE)
- egdsocket (CURLOPT_EGDSOCKET)

Also copy the setting "verifystatus" in Curl_clone_primary_ssl_config(),
and copy the setting "sessionid" unconditionally.

This means that reusing connections that are secured with a client
certificate is now possible, and the statement "TLS session resumption
is disabled when a client certificate is used" in the old advisory at
https://curl.haxx.se/docs/adv_20170419.html is obsolete.

Reviewed-by: Daniel Stenberg

Closes #1917

Reviewed-by: Daniel Stenberg

Closes #1919

... now with a -formadd suffix. While the new mime API is introduced in
7.56.0 we must acknowledge that lots of users can't upgrade their curl
versions immediately.

... a single double quote could leave the entry path buffer without a zero
terminating byte. CVE-2017-1000254

Test 1152 added to verify.

Reported-by: Max Dymond
Bug: https://curl.haxx.se/docs/adv_20171004.html

Fixes https://github.com/curl/curl/issues/1500
Reported-by: Jay Satiro

Fixes https://github.com/curl/curl/pull/1662


Assisted-by: Tom Seddon
Assisted-by:  <dpull@users.noreply.github.com>
Assisted-by:  <elelel@users.noreply.github.com>

Closes https://github.com/curl/curl/pull/1924

Include a guide to form/mime API conversion.

... this will let the second occurance override the first.

Added test 1161 to verify.

Reported-by: Max Dymond
Fixes #1932
Closes #1933

Otherwise, the test fails when the -b test option is used to set a
different test port range.

When curl and libcurl are built with some protocols disabled, they stop
setting and receiving some options that don't make sense with those
protocols.  In particular, when HTTP is disabled many options aren't set
that are used only by HTTP.  However, some options that appear to be
HTTP-only are actually used by other protocols as well (some despite
having HTTP in the name) and should be set, but weren't. This change now
causes some of these options to be set and used for more (or for all)
protocols. In particular, this fixes tests 646 through 649 in an
HTTP-disabled build, which use the MIME API in the mail protocols.

The fix done in 20ea22ff

Regression brought by 2bc230de

Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3513
Assisted-by: Max Dymond

Closes #1930

The timer should be started after conn->connecttime is set. Otherwise
the timer could expire without this condition being true:

    /* should we try another protocol family? */
    if(i == 0 && conn->tempaddr[1] == NULL &&
      curlx_tvdiff(now, conn->connecttime) >= HAPPY_EYEBALLS_TIMEOUT) {

Ref: #1928

Closes #1922

Closes #1921

Closes #1920

A connection can only be reused if the flags "conn_to_host" and
"conn_to_port" match. Therefore it is not necessary to copy these flags
in reuse_conn().

Closes #1918

When building with -std=c++14 on cygwin, this header won't be
automatically included as it otherwise is.

The <sys/select.h> include decision should ideally be reversed and be
avoided where that header file doesn't exist.

Reported-by: Ian Fette
Fixes #1925