The config files define curl and libcurl targets as imported targets
CURL::curl and CURL::libcurl. For backward compatibility with CMake-
provided find-module the CURL_INCLUDE_DIRS and CURL_LIBRARIES are
also set.

Closes #1879

Updated docs to include support for RFC7616

Signed-off-by: Florin <petriuc.florin@gmail.com>

Closes #1934

Signed-off-by: Florin <petriuc.florin@gmail.com>

Closes #2002

Removed done stuff. Removed entries no longer considered for the near
term.

Closes #2028

returning 'time_t' is problematic when that type is unsigned and we
return values less than zero to signal "already expired", used in
several places in the code.

Closes #2021

Regression since f121575c

Reported-by: Rob Cotrone

This avoids warnings about unused stuff.

Closes https://github.com/curl/curl/pull/2023

"PR-welcome" was the former name.

If WINAPI_FAMILY is defined, it should be safe to try to include
winapifamily.h to check what the define evaluates to.

This should fix detection of CURL_WINDOWS_APP if building with
_WIN32_WINNT set to 0x0600.

Closes #2025

- When uploading via chunked-encoding don't compare file size to bytes
  sent to determine whether the upload has finished.

Chunked-encoding adds its own overhead which why the bytes sent is not
equal to the file size. Prior to this change if a file was uploaded in
chunked-encoding and its size was known it was possible that the upload
could end prematurely without sending the final few chunks. That would
result in a server hang waiting for the remaining data, likely followed
by a disconnect.

The scope of this bug is limited to some arbitrary file sizes which have
not been determined. One size that triggers the bug is 475020.

Bug: https://github.com/curl/curl/issues/2001


Reported-by:  <moohoorama@users.noreply.github.com>

Closes https://github.com/curl/curl/pull/2010

... by using curl_off_t for the typedef if time_t is larger than 4
bytes.

Reported-by: Gisle Vanem
Bug: https://github.com/curl/curl/commit/b9d25f9a6b3ca791385b80a6a3c3fa5ae113e1e0#co
mmitcomment-25205058
Closes #2019

... instead of doing an infinite loop!

Added test 1162 to verify.

Reported-by: Max Dymond
Fixes #2015
Closes #2017

Fixes timeouts in the fuzzing tests for non-FTP protocols.

Closes #2016

Allow users to specify their own hash define for
CURL_CONNECTION_HASH_SIZE so that both values can be overridden.

Closes #1982

... since the 'tv' stood for timeval and this function does not return a
timeval struct anymore.

Also, cleaned up the Curl_timediff*() functions to avoid typecasts and
clean up the descriptive comments.

Closes #2011

When using the FTP list parser, ensure that the memory that's
allocated is always freed.

Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3682
Closes #2013

... to cater for systems with unsigned time_t variables.

- Renamed the functions to curlx_timediff and Curl_timediff_us.

- Added overflow protection for both of them in either direction for
  both 32 bit and 64 bit time_ts

- Reprefixed the curlx_time functions to use Curl_*

Reported-by: Peter Piekarski
Fixes #2004
Closes #2005

They use $(TESTUTIL) and thus should use $(TESTUTIL_LIBS) too.

This fixes build failures on Fedora 13.

Closes #2006

closes #2008

We don't expect any steps to fail in travis. Exit the script if they do.

Closes #1966

Aurora is no longer used by Mozilla
https://hacks.mozilla.org/2017/04/simplifying-firefox-release-channels/

The 'tip' is the most recent branch committed to, this should be
'default' like the URLs for the browser are.

Closes #1998

CVE-2017-1000257

Reported-by: Brian Carpenter and 0xd34db347
Also detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3586

... by using range checks. Among other things, this avoids an undefined
behavior for a left shift that could happen on negative or very large
values.

Closes #1997

Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3694

See issue #1999

The contents might have changed: size must be recomputed.

Reported-by: moteus on github
Fixes #1999

Even if OpenSSL is enabled, it might not be the default backend when
multi-ssl is enabled, causing the test to fail.

On OS/400, `close' is an ASCII system macro that corrupts the code if
not used in a context not targetting the close() system API.