... and require the space after the filtering to make the filter able to
remove names.

Added forward declaration of digestdata to overcome the following
compilation warning:

warning: 'struct digestdata' declared inside parameter list

Additionally made the ntlmdata forward declaration dependent on
USE_NTLM similar to how digestdata and kerberosdata are.

Broken as part of the rework, in commit 7e6d51a7, to assist with the
addition of HTTP digest via Windows SSPI.

error: invalid operands to binary
warning: pointer targets in assignment differ in signedness

Bug: http://curl.haxx.se/mail/lib-2014-11/0035.html
Reported-by: Jan Ehrhardt

...as Curl_memdup() duplicates an area of fix size memory, that may be
binary, and not a null terminated string.

conversion from 'curl_off_t' to 'size_t', possible loss of data

To provide consistent behaviour between the various HTTP authentication
functions use CURLcode based error codes for Curl_input_digest()
especially as the calling code doesn't use the specific error code just
that it failed.

docs/THANKS-filter is a new filter file for converting contributor names
we get or have recorded in alternative formats to the one we already use
in THANKS. To help us show individual contributors using a single
presentation of their names.

The removed names also appear as:
Andrés García, François Charlier, Gökhan Şengün, Michał Górny, Sébastien
Willemijns, Christopher Conroy, John E. Malmberg, Luca Altea, Peter Su,
S. Moonesamy, Samuel Listopad, Yasuharu Yamada, Karl Moerder

These were previously hard coded, and whilst defined in security.h,
they may or may not be present in old header files given that these
defines were never used in the original code.

Not only that, but there appears to be some ambiguity between the ANSI
and UNICODE NTLM definition name in security.h.

./contributors.sh found these extra ones that somehow had fallen
through the cracks and never gotten added here.

Reported-by: Frank Gevaerts

When duplicating a handle, the data to post was duplicated using
strdup() when it could be binary and contain zeroes and it was not even
zero terminated! This caused read out of bounds crashes/segfaults.

Since the lib/strdup.c file no longer is easily shared with the curl
tool with this change, it now uses its own version instead.

Bug: http://curl.haxx.se/docs/adv_20141105.html
CVE: CVE-2014-3707
Reported-By: Symeon Paraschoudis

To verify that curl_easy_duphandle() works fine on a handle that has
gotten data stored with *_COPYPOSTFIELDS.

... and make test 2034 and 2035 require it, and have it set when built
with OpenSSL or GnuTLS.

As we only use libtoolize, only check for that!

As implementations are refereed to GSS-API libraries as per the RFC and
GSSAPI typically refers to the SASL authentication mechanism.

...and minor rewording on the same paragraph.

CMake 2.8's FindZLIB.cmake documents ZLIB_INCLUDE_DIRS, see
http://www.cmake.org/cmake/help/v2.8.0/cmake.html#module:FindZLIB

Bug: https://github.com/bagder/curl/pull/123

- Prior to this change no SSL minimum version was set by default at
runtime for PolarSSL. Therefore in most cases PolarSSL would probably
have defaulted to a minimum version of SSLv3 which is no longer secure.

... instead of duplicating info.

8cb01014 removed the CurlCheckCSourceCompiles.cmake and
CurlCheckCSourceRuns.cmake files