Bug: https://curl.haxx.se/mail/lib-2018-01/0087.html
Reported-by: John Hascall

Closes #2257

... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how
curl already handles Authorization headers created internally.

Note: this changes behavior slightly, for the sake of reducing mistakes.

Added test 317 and 318 to verify.

Reported-by: Craig de Stigter
Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html

Get screen width from the environment variable COLUMNS first, if set. If
not, use ioctl(). If nether works, assume 79.

Closes #2242

The "refresh" is for the -# output when no total transfer size is
known. It will now only use a single updated line even for this case:

The "-=O=-" ship moves when data is transferred. The four flying
"hashes" move (on a sine wave) on each refresh, independent of data.

Fixes #2237
Closes #2249

vtls.c:multissl_init() might do a curl_free() call so strip that out to
make this work with more builds. We just want to verify that
memorytracking works so skipping one line is no harm.

Reported-by: XhstormR on github
Fixes #2245

In case an identity didn't match[0], the state machine would fail in
state SSH_AUTH_AGENT instead of progressing to the next identity in
ssh-agent. As a result, ssh-agent authentication only worked if the
identity required happened to be the first added to ssh-agent.

This was introduced as part of commit c4eb10e2, which
stated that the "else" statement was required to prevent getting stuck
in state SSH_AUTH_AGENT. Given the state machine's logic and libssh2's
interface I couldn't see how this could happen or reproduce it and I
also couldn't find a more detailed description of the problem which
would explain a test case to reproduce the problem this was supposed to
fix.

[0] libssh2_agent_userauth returning LIBSSH2_ERROR_AUTHENTICATION_FAILED

Closes #2248

Coverity CID 1427646.

Follow-up to 84fcaa2e. libressl does not have the API even if it says it is
late OpenSSL version...

Fixes #2246
Closes #2247

Reported-by: jungle-boogie on github

... to avoid excessive recursive calls. The number 5 is totally
arbitrary and could be modified if someone has a good motivation.

.... and avoid advancing the pointer to trigger an out of buffer read.

Detected by OSS-fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5251
Assisted-by: Max Dymond

1. don't use "ULL" suffix since unsupported in older MSVC
2. use curl_off_t instead of custom long long ifdefs
3. make get_posix_time() not do unaligned data access

Fixes #2211
Closes #2240
Reported-by: Chester Liu

Closes #2239

Follow-up commit to 615edc1f which was incomplete.

Assisted-by: Max Dymond
Detected by OSS-fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5206

Fixes #2210
Closes #2236

A mime tree attached to an easy handle using CURLOPT_MIMEPOST is
strongly bound to the handle: there is a pointer to the easy handle in
each item of the mime tree and following the parent pointer list
of mime items ends in a dummy part stored within the handle.

Because of this binding, a mime tree cannot be shared between different
easy handles, thus it needs to be cloned upon easy handle duplication.

There is no way for the caller to get the duplicated mime tree
handle: it is then set to be automatically destroyed upon freeing the
new easy handle.

New test 654 checks proper mime structure duplication/release.

Add a warning note in curl_mime_data_cb() documentation about sharing
user data between duplicated handles.

Closes #2235

... and make the max filesize check trigger if the value is too big.

Updates test 178.

Reported-by: Brad Spencer
Fixes #2212
Closes #2223

Link order should list libraries after the libraries that use them,
so when we're guessing that we might also need to add -ldl in order
to use -lssl, we should add -ldl after -lssl.

Closes https://github.com/curl/curl/pull/2234

Broken since f121575c (precedes 7.56.1).

Bug: https://github.com/curl/curl/issues/2225


Reported-by:  <cmfrolick@users.noreply.github.com>

Closes https://github.com/curl/curl/pull/2227

This also upgrades ILE/RPG bindings with latest setopt options.

Reported-By: jonrumsey on github
Fixes #2230
Closes #2233

Prior to this change the stored byte count of each trailer was
miscalculated and 1 less than required. It appears any trailer
after the first that was passed to Curl_client_write would be truncated
or corrupted as well as the size. Potentially the size of some
subsequent trailer could be erroneously extracted from the contents of
that trailer, and since that size is used by client write an
out-of-bounds read could occur and cause a crash or be otherwise
processed by client write.

The bug appears to have been born in 0761a51e (precedes 7.49.0).

Closes https://github.com/curl/curl/pull/2231

Before calling Curl_client_chop_write(), change the owner of connection
to the current Curl_easy handle. This will fix the issue #2217.

Fixes https://github.com/curl/curl/issues/2217
Closes https://github.com/curl/curl/pull/2221

__SIZEOF_LONG__ was introduced in GCC 4.4, __LONG_MAX__ was introduced
in GCC 3.3.

Closes #2216

to increase accuracy for quick transfers

Fixes #2200
Closes #2206

- Enable execute permission (chmod +x)

- Change interpreter to /usr/bin/env perl

Closes https://github.com/curl/curl/pull/2222