The result of a memory allocation should always be checked, as we may
run under memory pressure where even a small allocation can fail. This
adds checking and error handling to a few cases where the allocation
wasn't checked for success. In the ftp case, the freeing of the path
variable is moved ahead of the allocation since there is little point
in keeping it around across the strdup, and the separation makes for
more readable code. In nwlib, the lock is aslo freed in the error path.

Also bumps the copyright years on affected files.

Closes #3084
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

Ensure that the parameters in the comment match the actual names in the
prototype.

Closes #3079
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

Use TLS vX.Y throughout the document, instead of TLS X.Y, as that was
already done in all but a few cases. Also fix a few typos.

Closes #3076
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

Use proper Markdown hyperlink format for the Bountygraph links in order
for the generated website page to be more user friendly. Also link to
the sponsors to give them a little extra credit.

Closes #3082
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

- Use .DLL extension instead of .so to load modules on Windows.

Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html
Reported-by: Maxime Legros

Ref: https://github.com/curl/curl/pull/3016/#issuecomment-423069442

Closes https://github.com/curl/curl/pull/3086

- Advise user that --data-binary sends a default content type of
  x-www-form-urlencoded, and to have the data treated as arbitrary
  binary data by the server set the content-type header to octet-stream.

Ref: https://github.com/curl/curl/pull/2852#issuecomment-426465094

Closes https://github.com/curl/curl/pull/3085

Ref: https://github.com/curl/curl/issues/1751#issuecomment-321522580

Bug: #3077

runtests.pl support running a range of tests, like "44 to 127". Starting
now, the code makes sure that even such given ranges will ignore tests
that are marked as disabled.

Disabled tests can still be run by explictly specifying that test
number.

Closes #3075

... and libcurl doesn't support any single-letter URL schemes (if there
even exist any) so it should be fairly risk-free.

Reported-by: Marcel Raad

Fixes #3070
Closes #3071

CURLOPT_POSTFIELDSIZE is long. Fixes a compiler warning on 64-bit
MinGW.

Use 'GNUInstallDirs' standard module to set destinations of installed
files.

Use uppercase "CURL" names instead of lowercase "curl" to match standard
'FindCURL.cmake' CMake module:
* https://cmake.org/cmake/help/latest/module/FindCURL.html

Meaning:
* Install 'CURLConfig.cmake' instead of 'curl-config.cmake'
* User should call 'find_package(CURL)' instead of 'find_package(curl)'

Use 'configure_package_config_file' function to generate
'CURLConfig.cmake' file. This will make 'curl-config.cmake.in' template
file smaller and handle components better.  E.g.  current configuration
report no error if user specified unknown components (note: new
configuration expects no components, report error if user will try to
specify any).

Closes https://github.com/curl/curl/pull/2849

Follow-up to 570008c9 as it gets link errors.

Reported-by: Michael Kaufmann
Closes #3068

Noticed a typo reading through the docs.

Closes #3069

The DoH spec says "HTTP/2 [RFC7540] is the minimum RECOMMENDED version
of HTTP for use with DoH".

Reported-by: Marcel Raad
Closes #3066

Reported-by: Marcel Raad
Fixes #3064
Closes #3065

... a missing multi_done() call.

Credit to OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10728
Closes #3063

Due to an issue with travis
(https://github.com/travis-ci/travis-ci/issues/9956) we've been using
Xcode 9.2 for darwinssl builds for a while. Now xcode 10 is offered as
an alternative and as it builds curl+darwinssl fine that seems like a
better choice.

Closes #3062

Enabled Console VT support (if running OS supports VT) in tool_main.c.

Fixes #3008
Closes #3011

Follow-up to #3044 - fix a leak OSS-Fuzz detected
Closes #3057

Changes in commit 7867aaa9 (cmake: link curl to the OpenSSL targets
instead of lib absolute paths, 2018-07-17) and commit f826b4ce (cmake:
bumped minimum version to 3.4, 2018-07-19) required CMake 3.4 to fix
issue #2746.  This broke support for users on older versions of CMake
even if they just want to build curl and do not care whether transitive
dependencies work.

Backport the logic to work with CMake 3.0 again by implementing the
fix only when the version of CMake is at least 3.4.

Classic MinGW still has _beginthreadex's return type as unsigned long
instead of uintptr_t [0]. uintptr_t is not even defined because of [1].

[0] https://sourceforge.net/p/mingw/mingw-org-wsl/ci/wsl-5.1-release/tree/mingwrt/include/process.h#l167
[1] https://sourceforge.net/p/mingw/mingw-org-wsl/ci/wsl-5.1-release/tree/mingwrt/include/process.h#l90

Bug: https://github.com/curl/curl/issues/2924#issuecomment-424334807
Closes https://github.com/curl/curl/pull/3051

fix a few leftovers

Fixes #3006
Closes #3049

Closes #3050

Free 'header_recvbuf' unconditionally even if 'h2' isn't (yet) set, for
early failures.

Detected by OSS-Fuzz

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10669
Closes #3046

If the rewind would fail, a strdup() would not get freed.

Detected by OSS-Fuzz

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10665
Closes #3044

The value in question is coming directly from `gnutls-serv`, so it cannot
be modified freely.

Reported-by: Marcel Raad
Ref: https://github.com/curl/curl/commit/6ae6b2a533e8630afbb21f570305bd4ceece6348#commitcomment-30621004

Detected by OSS-Fuzz

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10648
Closes #3042

Regression since 38203f15

Reported-by: Jean Fabrice
Fixes #3023
Closes #3040

OpenSSL 1.1.1 requires clients to opt-in for post-handshake
authentication.

Fixes: https://github.com/curl/curl/issues/3026


Signed-off-by: Christian Heimes <christian@python.org>

Closes https://github.com/curl/curl/pull/3027

This fixes potential out-of-buffer access on "file:./" URL

$ valgrind curl "file:./"
==24516== Memcheck, a memory error detector
==24516== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==24516== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==24516== Command: /home/even/install-curl-git/bin/curl file:./
==24516==
==24516== Conditional jump or move depends on uninitialised value(s)
==24516==    at 0x4C31F9C: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24516==    by 0x4EBB315: seturl (urlapi.c:801)
==24516==    by 0x4EBB568: parseurl (urlapi.c:861)
==24516==    by 0x4EBC509: curl_url_set (urlapi.c:1199)
==24516==    by 0x4E644C6: parseurlandfillconn (url.c:2044)
==24516==    by 0x4E67AEF: create_conn (url.c:3613)
==24516==    by 0x4E68A4F: Curl_connect (url.c:4119)
==24516==    by 0x4E7F0A4: multi_runsingle (multi.c:1440)
==24516==    by 0x4E808E5: curl_multi_perform (multi.c:2173)
==24516==    by 0x4E7558C: easy_transfer (easy.c:686)
==24516==    by 0x4E75801: easy_perform (easy.c:779)
==24516==    by 0x4E75868: curl_easy_perform (easy.c:798)

Was originally spotted by
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10637
Credit to OSS-Fuzz

Closes #3039

- and one in docs/MANUAL as well

Closes https://github.com/curl/curl/pull/3038

- replace tabs with spaces where possible
- remove line ending spaces
- remove double/triple newlines at EOF
- fix a non-UTF-8 character
- cleanup a few indentations/line continuations
  in manual examples

Closes https://github.com/curl/curl/pull/3037

Detected by Coverity. CID 1439610.

Follow-up from 46e16406

Closes #3034

Detected by Coverity. CID 1439611.

Follow-up from 46e16406

Fixes #2987
Closes #3035