Fixes #3745
Closes #3746

The following snippet
```

int main()
{
    CURL* hCurlHandle = curl_easy_init();
    curl_easy_setopt(hCurlHandle, CURLOPT_URL, "http://example.com");
    curl_easy_setopt(hCurlHandle, CURLOPT_PROXY, "1");
    curl_easy_perform(hCurlHandle);
    curl_easy_cleanup(hCurlHandle);
    return 0;
}
```
triggers the following Valgrind warning

```
==4125== Invalid read of size 8
==4125==    at 0x4E7D1EE: Curl_llist_remove (llist.c:97)
==4125==    by 0x4E7EF5C: detach_connnection (multi.c:798)
==4125==    by 0x4E80545: multi_runsingle (multi.c:1451)
==4125==    by 0x4E8197C: curl_multi_perform (multi.c:2072)
==4125==    by 0x4E766A0: easy_transfer (easy.c:625)
==4125==    by 0x4E76915: easy_perform (easy.c:719)
==4125==    by 0x4E7697C: curl_easy_perform (easy.c:738)
==4125==    by 0x4008BE: main (in /home/even/curl/test)
==4125==  Address 0x9b3d1d0 is 1,120 bytes inside a block of size 1,600 free'd
==4125==    at 0x4C2ECF0: free (vg_replace_malloc.c:530)
==4125==    by 0x4E62C36: conn_free (url.c:756)
==4125==    by 0x4E62D34: Curl_disconnect (url.c:818)
==4125==    by 0x4E48DF9: Curl_once_resolved (hostip.c:1097)
==4125==    by 0x4E8052D: multi_runsingle (multi.c:1446)
==4125==    by 0x4E8197C: curl_multi_perform (multi.c:2072)
==4125==    by 0x4E766A0: easy_transfer (easy.c:625)
==4125==    by 0x4E76915: easy_perform (easy.c:719)
==4125==    by 0x4E7697C: curl_easy_perform (easy.c:738)
==4125==    by 0x4008BE: main (in /home/even/curl/test)
==4125==  Block was alloc'd at
==4125==    at 0x4C2F988: calloc (vg_replace_malloc.c:711)
==4125==    by 0x4E6438E: allocate_conn (url.c:1654)
==4125==    by 0x4E685B4: create_conn (url.c:3496)
==4125==    by 0x4E6968F: Curl_connect (url.c:4023)
==4125==    by 0x4E802E7: multi_runsingle (multi.c:1368)
==4125==    by 0x4E8197C: curl_multi_perform (multi.c:2072)
==4125==    by 0x4E766A0: easy_transfer (easy.c:625)
==4125==    by 0x4E76915: easy_perform (easy.c:719)
==4125==    by 0x4E7697C: curl_easy_perform (easy.c:738)
==4125==    by 0x4008BE: main (in /home/even/curl/test)
```

This has been bisected to commit 2f44e94e

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14109
Credit to OSS Fuzz

As previously planned and documented in DEPRECATE.md, all pipelining
code is removed.

Closes #3651

Closes #3731
Fixes #3289

This groups all SSL backends into the feature "SSL" and sets the
SSL_BACKENDS analogue to configure.ac

Closes https://github.com/curl/curl/pull/3736

In case of an empty list, SORTing leads to the cmake error "list
sub-command SORT requires list to be present."

Closes https://github.com/curl/curl/pull/3736

Fish defines a vendor completions directory for completions that are not
installed as part of the fish project itself, and the vendor completions
are preferred if they exist. This prevents trying to overwrite the
builtin curl.fish completion (or creating file conflicts in distro
packaging).

Prefer the pkg-config defined location exported by fish, if it can be
found, and fall back to the correct directory defined by most systems.

Closes #3723
Reviewed-by: Daniel Gustafsson

Removing the block is consistent with line 954/957.

Closes https://github.com/curl/curl/pull/3732

Just remove the redundant condition, which also makes it clear that
k->buf is always 0-terminated if this break is not hit.

Closes https://github.com/curl/curl/pull/3732

- Fix clang string-plus-int warning.

Clang 8 warns about adding a string to an int does not append to the
string. Indeed it doesn't, but that was not the intention either. Use
array indexing as suggested to silence the warning. There should be no
functional changes.

(In other words clang warns about "foo"+2 but not &"foo"[2] so use the
latter.)

smtp.c:1221:29: warning: adding 'int' to a string does not append to the
string [-Wstring-plus-int]
      eob = strdup(SMTP_EOB + 2);
            ~~~~~~~~~~~~~~~~^~~~

Closes https://github.com/curl/curl/pull/3729

All Windows APIs have been natively UTF-16 since Windows 2000 and the
non-Unicode variants are just wrappers around them. Only Windows 9x
doesn't understand Unicode without the UnicoWS DLL. As later Visual
Studio versions cannot target Windows 9x anyway, using the ANSI API
doesn't really have any benefit there.

This avoids issues like KNOWN_BUGS 6.5.

Ref: https://github.com/curl/curl/issues/2120
Closes https://github.com/curl/curl/pull/3720

Bump the version in progress to 7.64.2, if we merge any "change"
before the cut-off date we can update the version.

Closes #3724
Reviewed-by: Jakub Zakrzewski
Reviewed-by: Daniel Gustafsson

OAUTHBEARER tokens were incorrectly generated in a format similar to
XOAUTH2 tokens. These changes make OAUTHBEARER tokens conform to the
RFC7628.

Fixes: #2487
Reported-by: Paolo Mossino

Closes https://github.com/curl/curl/pull/3377

Commit f5bc578f reintroduced the
warning fixed in commit 2f5f31bb.
Extend fhnd's scope and reuse that variable instead of calling
_get_osfhandle a second time to fix the warning again.

Closes https://github.com/curl/curl/pull/3718

Already done in commit d5cfefd0 for the
library project, but I forgot the tool project template. Now also
removed for that.

Try to run as many test cases as possible on each OS version.
12.0 passes 13 more tests than the older versions, so we might as well
run them.

Reported-by: Wyatt O'Day
Fixes #3715
Closes #3716

This allows a way to test changes other than through PRs.

Closes #3699

Make sure to downgrade to 1.1 even when we get this HTTP/2 stream error
on first flight.

Reported-by: niner on github
Fixes #3696
Closes #3707

Closes #3709

This reverts commit 9130ead9.

Fixes #3708

Closes #3704

- Improve console detection.

Prior to this change WriteConsole could be called to write to a handle
that may not be a console, which would cause an error. This issue is
limited to character devices that are not also consoles such as the null
device NUL.

Bug: https://github.com/curl/curl/issues/3175#issuecomment-439068724
Reported-by: Gisle Vanem

Closes #3698

Follow-up to 520f0b47 which added Alt-Svc support and enabled it by
default for OS400. Since the feature is experimental, it should be
disabled by default.

Ref: https://github.com/curl/curl/commit/520f0b4#commitcomment-32792332
Ref: https://curl.haxx.se/mail/lib-2019-02/0008.html

Closes https://github.com/curl/curl/pull/3688

[ci skip]

Test 311 is now fine, leaving only 313 (CRL) disabled.

Test 313 details can be found here:
https://github.com/wolfSSL/wolfssl/issues/1546

Closes #3697

Fixes #3692
Closes #3692

Reported-by: nianxuejie on github
Assisted-by: Nick Zitzmann
Assisted-by: Jay Satiro
Fixes #3689
Closes #3690

The threaded-shared-conn.c example turned into test case. Only works if
pthread was detected.

An attempt to detect future regressions such as e3a53e3e

Closes #3687

Although experimental, enable it in the platform config file.
Upgrade ILE/RPG binding.

- make sure an already "owned" connection isn't returned unless
  multiplexed.

- clear ->data when returning the connection to the cache again

Regression since 7.62.0 (probably in commit 1b76c389)

Bug: https://curl.haxx.se/mail/lib-2019-03/0064.html

Closes #3686