Visual Studio doesn't like LF line endings in solution files and always
converts them to CRLF when doing changes to the solution. Notably, this
affects the solutions in the release archive.

Closes https://github.com/curl/curl/pull/1746

This folder is generated when using the CMake build system from within
Visual Studio.

Closes https://github.com/curl/curl/pull/1746

Bug: https://github.com/curl/curl/issues/1685


Reported-by:  <paulharris@users.noreply.github.com>

Assisted-by: Isaac Boukris

Closes https://github.com/curl/curl/pull/1742

These weren't included in the 7.55.0 release, but are required in order
to run the full test suite.

Closes #1744

The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't
complete: if the parsed number in num is larger than will fit in a long,
the conversion is undefined behaviour (causing test1427 to fail for me
on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7).  Getting
rid of the cast means the comparison will be done using doubles.

It might make more sense for the max argument to also be a double...

Fixes #1750
Closes #1749

Broken since d24838d4

Reported-by: Bernard Spil

Closes #1741

... since they now provide several functions as
__attribute__((overloadable)), the argument detection logic need
updates.

Patched-by: destman at github

Fixes #1738
Closes #1739

This updates the script to aad5ad5fedb306b39f901a899b7bd305b66c418d
from August 01, 2017. Notably, this removes the lconv version whitelist.

Closes https://github.com/curl/curl/pull/1716

Make the number parser aware of the maximum limit curl accepts for a
value and return an error immediately if larger, instead of running an
integer overflow later.

Fixes #1730
Closes #1736

Added test 1289 to verify.

CVE-2017-1000101

Bug: https://curl.haxx.se/docs/adv_20170809A.html
Reported-by: Brian Carpenter

... and thereby avoid telling send() to send off more bytes than the
size of the buffer!

CVE-2017-1000100

Bug: https://curl.haxx.se/docs/adv_20170809B.html
Reported-by: Even Rouault

Credit to OSS-Fuzz for the discovery

Regression brought by 7c312f84 (April 2017)

CVE-2017-1000099

Bug: https://curl.haxx.se/docs/adv_20170809C.html

Credit to OSS-Fuzz for the discovery

First: this function is only used in debug-builds and not in
release/real builds. It is used to drive tests using the event-based
API.

A pointer to the local struct is passed to CURLMOPT_TIMERDATA, but the
CURLMOPT_TIMERFUNCTION calback can in fact be called even after this
funtion returns, namely when curl_multi_remove_handle() is called.

Reported-by: Brian Carpenter

Fixes #1728

When multiple rounds are needed to establish a security context
(usually ntlm), we overwrite old token with a new one without free.
Found by proposed gss tests using stub a gss implementation (by
valgrind error), though I have confirmed the leak with a real
gssapi implementation as well.

Closes https://github.com/curl/curl/pull/1733

clang complains:
vtls/darwinssl.c:40:8: error: extra tokens at end of #endif directive
[-Werror,-Wextra-tokens]

This breaks the darwinssl build on Travis. Fix it by making this token
a comment.

Closes https://github.com/curl/curl/pull/1734

When using CURL_WERROR in MSVC builds, the debug flags were overridden
by the release flags and /WX got added twice in debug mode.

Closes https://github.com/curl/curl/pull/1715

... by doing two transfers in nocwd mode and check that there's no
superfluous CWD command.

... when reusing a connection. If it didn't do any CWD previously.

Fixes #1718

This makes the builds more reproducible as travis is currently rolling
out trusty as default dist [1]. Specifically, this avoids coverage
check failures when trusty is used as seen in [2] until we figure out
what's wrong.

[1] https://blog.travis-ci.com/2017-07-11-trusty-as-default-linux-is-coming
[2] https://github.com/curl/curl/pull/1692

Closes https://github.com/curl/curl/pull/1725

(to make the full line appear nicer on travis web UI)

Closes #1706

With a clang pragma and three type fixes

Fixes #1722

Bug: https://curl.haxx.se/mail/lib-2017-08/0008.html

The MSVC warning level defaults to 3 in CMake. Change it to 4, which is
consistent with the Visual Studio and NMake builds. Disable level 4
warning C4127 for the library and additionally C4306 for the test
servers to get a clean CURL_WERROR build as that warning is raised in
some macros in older Visual Studio versions.

Ref: https://github.com/curl/curl/pull/1667#issuecomment-314082794
Closes https://github.com/curl/curl/pull/1711

Reported-by: Viktor Szakats

... and CURLOPT_NETRC_FILE(3).

Use LongToHandle to convert from long to HANDLE in the Win32
implementation.
This should fix the following warning when compiling with
MSVC 11 (2012) in 64-bit mode:
lib\curl_threads.c(113): warning C4306:
'type cast' : conversion from 'long' to 'HANDLE' of greater size

Closes https://github.com/curl/curl/pull/1717