When input stream for curl is stdin and input stream is not a file but
generated by a script then curl can truncate data transfer to arbitrary
size since a partial packet is treated as end of transfer by TFTP.

Fixes #857

Makes the script pass on comments holding meta data to the output
file. Like fingerprinters, issuer, date ranges etc.

Closes #937

Previously, passing a timeout of zero to Curl_expire() was a magic code
for clearing all timeouts for the handle. That is now instead made with
the new Curl_expire_clear() function and thus a 0 timeout is fine to set
and will trigger a timeout ASAP.

This will help removing short delays, in particular notable when doing
HTTP/2.

Regression added in 790d6de4. The was then added to avoid one
particular transfer to starve out others. But when aborting due to
reading the maxcount, the connection must be marked to be read from
again without first doing a select as for some protocols (like SFTP/SCP)
the data may already have been read off the socket.

Reported-by: Dan Donahue
Bug: https://curl.haxx.se/mail/lib-2016-07/0057.html

CVE-2016-5420
Bug: https://curl.haxx.se/docs/adv_20160803B.html

CVE-2016-5419
Bug: https://curl.haxx.se/docs/adv_20160803A.html
Reported-by: Bru Rom
Contributions-by: Eric Rescorla and Ray Satiro

CVE-2016-5421
Bug: https://curl.haxx.se/docs/adv_20160803C.html
Reported-by: Marcelo Echeverria and Fernando Muñoz

This patch is necessary so that curl compiles if MBEDTLS_DEBUG is
defined.

Bug: https://curl.haxx.se/mail/lib-2016-08/0001.html

If a call to GetSystemDirectory fails, the `path` pointer that was
previously allocated would be leaked. This makes sure that `path` is
always freed.

Closes #938

As SPNEGO is only defined when these pre-processor variables are defined
there is no need to query them explicitly.

Typo introduced in commit ad5e9bfd.

This is a follow up to the parent commit dcdd4be3 which fixes one leak
but creates another by failing to free the credentials handle if out of
memory. Also there's a second location a few lines down where we fail to
do same. This commit fixes both of those issues.

This patch allocates memory to "output_token" only when it is required
so that memory is not leaked if function returns.

- Linux TFO + TLS is not implemented yet.

Bug: https://github.com/curl/curl/issues/907

- Curl_ipv6works() is not thread-safe until after the first call, so
call it once during global init to avoid a possible race condition.

Bug: https://github.com/curl/curl/issues/915
PR: https://github.com/curl/curl/pull/918

Closes https://github.com/curl/curl/pull/913

Closes https://github.com/curl/curl/pull/911

Reported-by: Gou Lingfeng
Bug: https://curl.haxx.se/mail/lib-2016-06/0139.html

- the expression of an 'if' was always true
- a 'while' contained a condition that was always true
- use 'if(k->exp100 > EXP100_SEND_DATA)' instead of 'if(k->exp100)'
- fixed a typo

Closes #889

... as otherwise we could get a 0 which would count as no error and we'd
wrongly continue and could end up segfaulting.

Bug: https://curl.haxx.se/mail/lib-2016-06/0052.html
Reported-by: 暖和的和暖

Necessary since 6cabd785

Fixes #853

Broken since 6cabd785, which adds use of the Curl_extract_certinfo
function from the x509asn1.c file.

... and save the typedef'ed names for headers and external APIs.

Prior to this change we called Curl_ssl_getsessionid and
Curl_ssl_addsessionid regardless of whether session ID reusing was
enabled. According to comments that is in case session ID reuse was
disabled but then later enabled.

The old way was not intuitive and probably not something users expected.
When a user disables session ID caching I'd guess they don't expect the
session ID to be cached anyway in case the caching is later enabled.

Closes #887

Regression introduced in 5f5b6263 (released in 7.48.0)

Reported-by: Fabian Ruff
Fixes #875

- Enable protocol family logic for IPv6 resolves even when support
for synthesized addresses is enabled.

This is a follow up to the parent commit that added support for
synthesized IPv6 addresses from IPv4 on iOS/OS X. The protocol family
logic needed for IPv6 was inadvertently excluded if support for
synthesized addresses was enabled.

Bug: https://github.com/curl/curl/issues/863
Ref: https://github.com/curl/curl/pull/866
Ref: https://github.com/curl/curl/pull/867

Use getaddrinfo() to resolve the IPv4 address literal on iOS/Mac OS X.
If the current network interface doesn’t support IPv4, but supports
IPv6, NAT64, and DNS64.

Closes #866
Fixes #863

Calling QueryContextAttributes with SECPKG_ATTR_APPLICATION_PROTOCOL
fails on Windows < 8.1 so we need to disable ALPN on these OS versions.

Inspiration provide by: Daniel Seither

Closes #848
Fixes #840

LoadLibrary was supplanted by Curl_load_library for security
reasons in 6df916d7.

- Change the parser to not require a minor version for HTTP/2.

HTTP/2 connection reuse broke when we changed from HTTP/2.0 to HTTP/2
in 8243a958 because the parser still expected a minor version.

Bug: https://github.com/curl/curl/issues/855
Reported-by: Andrew Robbins, Frank Gevaerts

connect.c:952:5: warning: suggest explicit braces to avoid ambiguous 'else'

Closes #845