This was added earlier but appears to have been removed accidentally.

AFAICT this is very much still an issue.

-----

I say "accidentally" because the text seems to have harmlessly snuck
into [1] (which makes no mention of it).  [1] was later reverted for
unspecified reasons in [2], presumably because the mentioned issue was
fixed or invalid.

[1] de9fac00
[2] 16d1f369

Closes #2618

A non-escaped bracket ([) is for a character group - as documented. It
will *not* match an individual bracket anymore. Test case 1307 updated
accordingly to match.

Problem detected by OSS-Fuzz, although this fix is probably not a final
fix for the notorious timeout issues.

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8525
Closes #2614

The latest psl is cached in the multi or share handle. It is refreshed
before use after 72 hours.
New share lock CURL_LOCK_DATA_PSL controls the psl cache sharing.
If the latest psl is not available, the builtin psl is used.

Reported-by: Yaakov Selkowitz
Fixes #2553
Closes #2601

The ssh2 pkg-config file could contain the following lines when build
with a static version of mbedtls:
   Libs: -L${libdir} -lssh2 /xxx/libmbedcrypto.a
   Libs.private: /xxx/libmbedcrypto.a

This static mbedtls library must be used to correctly detect ssh2
support and this library must be copied in libcurl.pc otherwise
compilation of any application (such as upmpdcli) with libcurl will fail
when trying to found mbedtls functions included in libssh2.  So, replace
pkg-config --libs-only-l by pkg-config --libs.

Fixes:
 - http://autobuild.buildroot.net/results/43e24b22a77f616d6198c10435dcc23cc3b9088a



Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Closes #2613

The autotools-based build system does it, so we do it also in CMake.

Bug: #2609
Signed-off-by: Bernhard Walle <bernhard@bwalle.de>

--data, --form, and --ntlm were declared to be mutually exclusive with
non-existing options. --data and --form referred to --upload (which is
short for --upload-file and therefore did work, so this one was merely
a bit confusing), --ntlm referred to --negotiated instead of --negotiate.

Closes #2612

Almost all headers start with an uppercase letter, but some didn't.

Closes #2604

Change requirement from $(DISTDIR) to $(DIRDIST)

closes #2603

This removes the slightly annoying "Could not file LIBCURL_OBJS.inc" and
"Could not find CURL_OBJS.inc.inc" message when building into a clean
folder.

closes #2602

Fallback on Z_SYNC_FLUSH when Z_BLOCK is not available.

Fixes #2606
Closes #2608

... even when there's no protocol specific handler setup.

Bug: https://curl.haxx.se/mail/lib-2018-05/0062.html
Reported-by: Sean Miller
Closes #2600

Closes #2102

Closes #2588

       using -DCMAKE_DEBUG_POSTFIX explicitly

       fixes #2121, obsoletes #2384

When given a prefix, the $PREFIX_OPENSSL/lib/openssl.pc or
$PREFIX_OPENSSL/include/openssl/ssl.h files must be present or cause an
error. Helps users detect when giving configure the wrong path.

Reported-by: Oleg Pudeyev
Assisted-by: Per Malmberg
Fixes #2580

This avoids appending error data to already existing good data.

Test 92 is updated to match this change.
New test 1156 checks all combinations of --range/--resume, --fail,
Content-Range header and http status code 200/416.

Fixes #1163
Reported-By: Ithubg on github
Closes #2578

follow-up to mistake in 6876ccf9

OpenSSL has supported --cacert for ages, always accepting LF-only line
endings ("Unix line endings") as well as CR/LF line endings ("Windows
line endings").

When we introduced support for --cacert also with Secure Channel (or in
cURL speak: "WinSSL"), we did not take care to support CR/LF line
endings, too, even if we are much more likely to receive input in that
form when using Windows.

Let's fix that.

Happily, CryptQueryObject(), the function we use to parse the ca-bundle,
accepts CR/LF input already, and the trailing LF before the END
CERTIFICATE marker catches naturally any CR/LF line ending, too. So all
we need to care about is the BEGIN CERTIFICATE marker. We do not
actually need to verify here that the line ending is CR/LF. Just
checking for a CR or an LF is really plenty enough.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Closes https://github.com/curl/curl/pull/2592

Closes #2573

... and unify the source code to adhere.

Closes #2563

It is enabled by default, so --no-styled-output will switch off the
detection/use of bold headers.

Closes #2538

The feature is only enabled if the output is believed to be a tty.

-J: There's some minor differences and improvements in -J handling, as
now J should work with -i and it actually creates a file first using the
initial name and then *renames* that to the one found in
Content-Disposition (if any).

-i: only shows headers for HTTP transfers now (as documented).
Previously it would also show for pieces of the transfer that were HTTP
(for example when doing FTP over a HTTP proxy).

-i: now shows trailers as well. Previously they were not shown at all.

--libcurl: the CURLOPT_HEADER is no longer set, as the header output is
now done in the header callback.

... instead of exeucting code to get the size. Removes the use of
LD_LIBRARY_PATH for this.

Fixes #2586
Closes #2589
Reported-by: Bernhard Walle

... and export LD_LIBRARY_PATH properly. This is a follow-up from
2d4c2152.

Fixes #2586
Reported-by: Bernhard Walle

Reported-by: bsammon on github
Fixes #2590

The previous limit of 5 can still end up in situation that takes a very
long time and consumes a lot of CPU.

If there is still a rare use case for this, a user can provide their own
fnmatch callback for a version that allows a larger set of wildcards.

This commit was triggered by yet another OSS-Fuzz timeout due to this.
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8369

Closes #2587

follow-up to e05ad5dd

...as there's also a version 2.

Closes #2579

This example was changed in ce2140a8 to use the new microsecond based
getinfo option. This change makes it conditionally keep using the older
option so that the example still builds with older libcurl versions.

Closes #2584

follow-up to d9e92fd9

Provide a set of new timers that return the time intervals using integer
number of microseconds instead of floats.

The new info names are as following:

CURLINFO_APPCONNECT_TIME_T
CURLINFO_CONNECT_TIME_T
CURLINFO_NAMELOOKUP_TIME_T
CURLINFO_PRETRANSFER_TIME_T
CURLINFO_REDIRECT_TIME_T
CURLINFO_STARTTRANSFER_TIME_T
CURLINFO_TOTAL_TIME_T

Closes #2495