Merge tag 'curl-7_58_0' of https://github.com/curl/curl

curl 7.58.0

15 files changed, 414 insertions, 47 deletions

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index e9adb48a9..eefd0c356 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -4,7 +4,7 @@ Curl and libcurl 7.58.0
  Command line options:         211
  curl_easy_setopt() options:   249
  Public functions in libcurl:  74
- Contributors:                 1649
+ Contributors:                 1685
 
 This release includes the following changes:
 
@@ -13,6 +13,8 @@ This release includes the following changes:
 
 This release includes the following bugfixes:
 
+ o http2: fix incorrect trailer buffer size [40]
+ o http: prevent custom Authorization headers in redirects [55]
  o travis: add boringssl build [1]
  o examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL [2]
  o SSL: Avoid magic allocation of SSL backend specific data [3]
@@ -74,7 +76,6 @@ This release includes the following bugfixes:
  o progress: calculate transfer speed on milliseconds if possible [38]
  o system.h: check __LONG_MAX__ for defining curl_off_t [31]
  o easy: fix connection ownership in curl_easy_pause [39]
- o http2: fix incorrect trailer buffer size [40]
  o setopt: reintroduce non-static Curl_vsetopt() for OS400 support [41]
  o setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values [42]
  o configure.ac: append extra linker flags instead of prepending them [43]
@@ -92,6 +93,8 @@ This release includes the following bugfixes:
  o examples/url2file.c: add missing curl_global_cleanup() call [52]
  o http2: don't close connection when single transfer is stopped [53]
  o libcurl-env.3: first version
+ o curl: progress bar refresh, get width using ioctl() [54]
+ o CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support [56]
 
 This release includes the following known bugs:
 
@@ -100,19 +103,20 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
-  ahodesuka on github, Basuke Suzuki, Brad Spencer, Chester Liu,
-  cmfrolick on github, Daniel Stenberg, Dan Johnson, David Benjamin,
-  Dima Tisnek, Dimitrios Apostolou, Dmitry Kostjuchenko, Dominik Hölzl,
-  Elliot Saba, Frank Gevaerts, Gisle Vanem, guitared on github, Jan Ehrhardt,
-  Johannes Schindelin, John DeHelian, jonrumsey on github,
-  jungle-boogie on github, Kartik Mahajan, Martin Galvan, Matthew Kerwin,
-  Mattias Fornander, Max Dymond, Michael Felt, Michael Gmelin,
-  Michael Kaufmann, Mikalai Ananenka, Nikos Mavrogiannopoulos, Oleg Pudeyev,
-  Patrick Dawson, Patrick Monnerat, Per Malmberg, Pete Lomax, Rainer Canavan,
-  Randall S. Becker, Ray Satiro, Richard Alcock, Sean MacLennan, Stepan Broz,
-  Steve Holme, Thomas van Hesteren, W. Mark Kubacki, XhstormR on github,
+  ahodesuka on github, Andreas Schneider, Basuke Suzuki, Brad Spencer,
+  Chester Liu, cmfrolick on github, Craig de Stigter, Daniel Stenberg,
+  Dan Johnson, David Benjamin, Dima Tisnek, Dimitrios Apostolou,
+  Dmitry Kostjuchenko, Dominik Hölzl, Elliot Saba, Frank Gevaerts, Gisle Vanem,
+  guitared on github, Jan Ehrhardt, Johannes Schindelin, John DeHelian,
+  John Hascall, jonrumsey on github, jungle-boogie on github, Kartik Mahajan,
+  Martin Galvan, Matthew Kerwin, Mattias Fornander, Max Dymond, Michael Felt,
+  Michael Gmelin, Michael Kaufmann, Mikalai Ananenka, Nikos Mavrogiannopoulos,
+  Oleg Pudeyev, Patrick Dawson, Patrick Monnerat, Per Malmberg, Pete Lomax,
+  Rainer Canavan, Randall S. Becker, Ray Satiro, Richard Alcock, Robert Kolcun,
+  Sean MacLennan, Stanislav Zidek, Stepan Broz, Steve Holme,
+  Thomas van Hesteren, Tomas Mraz, W. Mark Kubacki, XhstormR on github,
   Zachary Seguin, Zhouyihai Ding,
-  (48 contributors)
+  (54 contributors)
 
         Thanks! (and sorry if I forgot to mention someone)
 
@@ -157,7 +161,7 @@ References to bug reports and discussions on issues:
  [37] = https://curl.haxx.se/bug/?i=2222
  [38] = https://curl.haxx.se/bug/?i=2200
  [39] = https://curl.haxx.se/bug/?i=2217
- [40] = https://curl.haxx.se/bug/?i=2231
+ [40] = https://curl.haxx.se/docs/adv_2018-824a.html
  [41] = https://curl.haxx.se/bug/?i=2230
  [42] = https://curl.haxx.se/bug/?i=2225
  [43] = https://curl.haxx.se/bug/?i=2234
@@ -171,5 +175,6 @@ References to bug reports and discussions on issues:
  [51] = https://curl.haxx.se/bug/?i=2248
  [52] = https://curl.haxx.se/bug/?i=2245
  [53] = https://curl.haxx.se/bug/?i=2237
-
-
+ [54] = https://curl.haxx.se/bug/?i=2242
+ [55] = https://curl.haxx.se/docs/adv_2018-b3bf.html
+ [56] = https://curl.haxx.se/mail/lib-2018-01/0087.html
diff --git a/docs/THANKS b/docs/THANKS
index 5d1f57d4f..7d5cf079e 100644
--- a/docs/THANKS
+++ b/docs/THANKS
@@ -91,6 +91,7 @@ Andreas Ntaflos
 Andreas Olsson
 Andreas Rieke
 Andreas Roth
+Andreas Schneider
 Andreas Schuldei
 Andreas Streichardt
 Andreas Wurf
@@ -153,6 +154,7 @@ Balint Szilakszi
 Barry Abrahamson
 Bart Whiteley
 Bas Mevissen
+Basuke Suzuki
 Ben Boeckel
 Ben Darnell
 Ben Greear
@@ -234,6 +236,7 @@ Chandrakant Bagul
 Charles Kerr
 Charles Romestant
 Chen Prog
+Chester Liu
 Chih-Chung Chang
 Chris "Bob Bob"
 Chris Araman
@@ -285,6 +288,7 @@ Cory Nelson
 Craig A West
 Craig Davison
 Craig Markwardt
+Craig de Stigter
 Cris Bailiff
 Cristian Rodríguez
 Curt Bogmine
@@ -305,6 +309,7 @@ Dan Cristian
 Dan Donahue
 Dan Fandrich
 Dan Jacobson
+Dan Johnson
 Dan Locks
 Dan McNulty
 Dan Nelson
@@ -390,6 +395,7 @@ Dima Barsky
 Dima Tisnek
 Dimitar Boevski
 Dimitre Dimitrov
+Dimitrios Apostolou
 Dimitrios Siganos
 Dimitris Sarris
 Dinar
@@ -748,6 +754,7 @@ John Dennis
 John Dunn
 John E. Malmberg
 John Gardiner Myers
+John Hascall
 John Janssen
 John Joseph Bachir
 John Kelly
@@ -827,6 +834,7 @@ Kang Lin
 Kang-Jin Lee
 Karl Moerder
 Karol Pietrzak
+Kartik Mahajan
 Kaspar Brand
 Katie Wang
 Kazuho Oku
@@ -979,6 +987,7 @@ Martijn Koster
 Martin C. Martin
 Martin Drasar
 Martin Frodl
+Martin Galvan
 Martin Hager
 Martin Hedenfalk
 Martin Jansen
@@ -1007,6 +1016,7 @@ Matthew Clarke
 Matthew Hall
 Matthew Kerwin
 Matthias Bolte
+Mattias Fornander
 Maurice Barnum
 Mauro Iorio
 Mauro Rappa
@@ -1027,6 +1037,7 @@ Michael Cronenworth
 Michael Curtis
 Michael Day
 Michael Felt
+Michael Gmelin
 Michael Goffioul
 Michael Jahn
 Michael Jerris
@@ -1054,6 +1065,7 @@ Miguel Diaz
 Mihai Ionescu
 Mikael Johansson
 Mikael Sennerholm
+Mikalai Ananenka
 Mike Bytnar
 Mike Crowe
 Mike Dobbs
@@ -1184,6 +1196,7 @@ Pedro Larroy
 Pedro Neves
 Per Lundberg
 Per Malmberg
+Pete Lomax
 Peter Bray
 Peter Forret
 Peter Frühberger
@@ -1310,6 +1323,7 @@ Robert B. Harris
 Robert D. Young
 Robert Foreman
 Robert Iakobashvili
+Robert Kolcun
 Robert Olson
 Robert Schumann
 Robert Weaver
@@ -1377,6 +1391,7 @@ Scott Davis
 Scott McCreary
 Sean Boudreau
 Sean Burford
+Sean MacLennan
 Sebastian Mundry
 Sebastian Pohlschmidt
 Sebastian Rasmussen
@@ -1414,6 +1429,7 @@ Spork Schivago
 Stadler Stephan
 Stan van de Burgt
 Stanislav Ivochkin
+Stanislav Zidek
 Stefan Bühler
 Stefan Eissing
 Stefan Esser
@@ -1478,6 +1494,7 @@ Thomas Petazzoni
 Thomas Ruecker
 Thomas Schwinge
 Thomas Tonino
+Thomas van Hesteren
 Thorsten Schöning
 Tiit Pikma
 Till Maas
@@ -1521,6 +1538,7 @@ Tom Zerucha
 Tomas Hoger
 Tomas Jakobsson
 Tomas Mlcoch
+Tomas Mraz
 Tomas Pospisek
 Tomas Szepe
 Tomas Tomecek
@@ -1595,6 +1613,7 @@ Wouter Van Rooy
 Wu Yongzheng
 Wyatt O'Day
 Xavier Bouchoux
+XhstormR on github
 Xiangbin Li
 Yaakov Selkowitz
 Yamada Yasuharu
@@ -1616,6 +1635,7 @@ Zachary Seguin
 Zdenek Pavlas
 Zekun Ni
 Zenju on github
+Zhouyihai Ding
 Zmey Petroff
 Zvi Har'El
 afrind on github
@@ -1626,6 +1646,7 @@ baumanj on github
 bsammon on github
 canavan on github
 cbartl on github
+cmfrolick on github
 destman on github
 dkjjr89 on github
 dpull on github
@@ -1636,6 +1657,7 @@ hsiao yi
 imilli on github
 jonrumsey on github
 joshhe on github
+jungle-boogie on github
 jveazey on github
 ka7 on github
 kreshano on github
diff --git a/docs/libcurl/libgnurl-env.3 b/docs/libcurl/libgnurl-env.3
index 6548cd4aa..3eb3b42e2 100644
--- a/docs/libcurl/libgnurl-env.3
+++ b/docs/libcurl/libgnurl-env.3
@@ -48,13 +48,13 @@ specific backend at first use. If no selection is done by the program using
 libcurl, this variable's selection will be used. It should be set to the full
 SSL backend name to use (case insensitve).
 .IP HOME
-When the netrc feature is used (\fBCURLOPT_NETRC(3)\fP), this variable is
+When the netrc feature is used (\fICURLOPT_NETRC(3)\fP), this variable is
 checked as the primary way to find the "current" home directory in which
 the .netrc file is likely to exist.
 .IP LOGNAME
 User name to use when invoking the ntlm-wb tool, if NTLMUSER wasn't set.
 .IP NO_PROXY
-This has the same functionality as the \fBCURLOPT_NOPROXY(3)\fP option: it
+This has the same functionality as the \fICURLOPT_NOPROXY(3)\fP option: it
 gives libcurl a comma-separated list of host name patterns for which libcurl
 should not use a proxy.
 .IP NTLMUSER
diff --git a/docs/libcurl/opts/GNURLOPT_HTTPHEADER.3 b/docs/libcurl/opts/GNURLOPT_HTTPHEADER.3
index 4687a7573..927432c04 100644
--- a/docs/libcurl/opts/GNURLOPT_HTTPHEADER.3
+++ b/docs/libcurl/opts/GNURLOPT_HTTPHEADER.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -77,6 +77,16 @@ the headers. They may be private or otherwise sensitive to leak.
 
 Use \fICURLOPT_HEADEROPT(3)\fP to make the headers only get sent to where you
 intend them to get sent.
+
+Custom headers are sent in all requests done by the easy handles, which
+implies that if you tell libcurl to follow redirects
+(\fICURLOPT_FOLLOWLOCATION(3)\fP), the same set of custom headers will be sent
+in the subsequent request. Redirects can of course go to other hosts and thus
+those servers will get all the contents of your custom headers too.
+
+Starting in 7.58.0, libcurl will specifically prevent "Authorization:" headers
+from being sent to other hosts than the first used one, unless specifically
+permitted with the \fICURLOPT_UNRESTRICTED_AUTH(3)\fP option.
 .SH DEFAULT
 NULL
 .SH PROTOCOLS
diff --git a/lib/http.c b/lib/http.c
index 919b16fa8..900e83d0c 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -714,7 +714,7 @@ Curl_http_output_auth(struct connectdata *conn,
   if(!data->state.this_is_a_follow ||
      conn->bits.netrc ||
      !data->state.first_host ||
-     data->set.http_disable_hostname_check_before_authentication ||
+     data->set.allow_auth_to_other_hosts ||
      strcasecompare(data->state.first_host, conn->host.name)) {
     result = output_auth_headers(conn, authhost, request, path, FALSE);
   }
@@ -1636,6 +1636,14 @@ CURLcode Curl_add_custom_headers(struct connectdata *conn,
                   checkprefix("Transfer-Encoding:", headers->data))
             /* HTTP/2 doesn't support chunked requests */
             ;
+          else if(checkprefix("Authorization:", headers->data) &&
+                  /* be careful of sending this potentially sensitive header to
+                     other hosts */
+                  (data->state.this_is_a_follow &&
+                   data->state.first_host &&
+                   !data->set.allow_auth_to_other_hosts &&
+                   !strcasecompare(data->state.first_host, conn->host.name)))
+            ;
           else {
             CURLcode result = Curl_add_bufferf(req_buffer, "%s\r\n",
                                                headers->data);
diff --git a/lib/setopt.c b/lib/setopt.c
index 66f30ea65..a5ef75c72 100644
--- a/lib/setopt.c
+++ b/lib/setopt.c
@@ -442,7 +442,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
      * Send authentication (user+password) when following locations, even when
      * hostname changed.
      */
-    data->set.http_disable_hostname_check_before_authentication =
+    data->set.allow_auth_to_other_hosts =
       (0 != va_arg(param, long)) ? TRUE : FALSE;
     break;
 
diff --git a/lib/url.c b/lib/url.c
index d45da5e72..74813e874 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -3612,6 +3612,7 @@ static CURLcode parse_connect_to_host_port(struct Curl_easy *data,
 
   /* detect and extract RFC6874-style IPv6-addresses */
   if(*hostptr == '[') {
+#ifdef ENABLE_IPV6
     char *ptr = ++hostptr; /* advance beyond the initial bracket */
     while(*ptr && (ISXDIGIT(*ptr) || (*ptr == ':') || (*ptr == '.')))
       ptr++;
@@ -3635,6 +3636,11 @@ static CURLcode parse_connect_to_host_port(struct Curl_easy *data,
      * hostptr first, but I can't see anything wrong with that as no host
      * name nor a numeric can legally start with a bracket.
      */
+#else
+    failf(data, "Use of IPv6 in *_CONNECT_TO without IPv6 support built-in!");
+    free(host_dup);
+    return CURLE_NOT_BUILT_IN;
+#endif
   }
 
   /* Get port number off server.com:1080 */
diff --git a/lib/urldata.h b/lib/urldata.h
index e8549ead8..afc972ac0 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -1600,7 +1600,7 @@ struct UserDefined {
   bool http_keep_sending_on_error; /* for HTTP status codes >= 300 */
   bool http_follow_location; /* follow HTTP redirects */
   bool http_transfer_encoding; /* request compressed HTTP transfer-encoding */
-  bool http_disable_hostname_check_before_authentication;
+  bool allow_auth_to_other_hosts;
   bool include_header;   /* include received protocol headers in data output */
   bool http_set_referer; /* is a custom referer used */
   bool http_auto_referer; /* set "correct" referer when following location: */
diff --git a/src/tool_cb_prg.c b/src/tool_cb_prg.c
index 8ea9ef020..cf3251b29 100644
--- a/src/tool_cb_prg.c
+++ b/src/tool_cb_prg.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2014, 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -21,6 +21,10 @@
  ***************************************************************************/
 #include "tool_setup.h"
 
+#ifdef HAVE_SYS_IOCTL_H
+#include <sys/ioctl.h>
+#endif
+
 #define ENABLE_CURLX_PRINTF
 /* use our own printf() functions */
 #include "curlx.h"
@@ -31,6 +35,65 @@
 
 #include "memdebug.h" /* keep this as LAST include */
 
+/* 200 values generated by this perl code:
+
+   my $pi = 3.1415;
+   foreach my $i (1 .. 200) {
+     printf "%d, ", sin($i/200 * 2 * $pi) * 5000 + 5000;
+   }
+*/
+static const unsigned int sinus[] = {
+  5157, 5313, 5470, 5626, 5782, 5936, 6090, 6243, 6394, 6545, 6693, 6840, 6985,
+  7128, 7269, 7408, 7545, 7679, 7810, 7938, 8064, 8187, 8306, 8422, 8535, 8644,
+  8750, 8852, 8950, 9045, 9135, 9221, 9303, 9381, 9454, 9524, 9588, 9648, 9704,
+  9755, 9801, 9842, 9879, 9911, 9938, 9960, 9977, 9990, 9997, 9999, 9997, 9990,
+  9977, 9960, 9938, 9911, 9879, 9842, 9801, 9755, 9704, 9648, 9588, 9524, 9455,
+  9381, 9303, 9221, 9135, 9045, 8950, 8852, 8750, 8645, 8535, 8422, 8306, 8187,
+  8064, 7939, 7810, 7679, 7545, 7409, 7270, 7129, 6986, 6841, 6694, 6545, 6395,
+  6243, 6091, 5937, 5782, 5627, 5470, 5314, 5157, 5000, 4843, 4686, 4529, 4373,
+  4218, 4063, 3909, 3757, 3605, 3455, 3306, 3159, 3014, 2871, 2730, 2591, 2455,
+  2321, 2190, 2061, 1935, 1813, 1693, 1577, 1464, 1355, 1249, 1147, 1049, 955,
+  864, 778, 696, 618, 545, 476, 411, 351, 295, 244, 198, 157, 120, 88, 61, 39,
+  22, 9, 2, 0, 2, 9, 22, 39, 61, 88, 120, 156, 198, 244, 295, 350, 410, 475,
+  544, 618, 695, 777, 864, 954, 1048, 1146, 1248, 1354, 1463, 1576, 1692, 1812,
+  1934, 2060, 2188, 2320, 2454, 2590, 2729, 2870, 3013, 3158, 3305, 3454, 3604,
+  3755, 3908, 4062, 4216, 4372, 4528, 4685, 4842, 4999
+};
+
+static void fly(struct ProgressData *bar, bool moved)
+{
+  char buf[256];
+  int pos;
+  int check = bar->width - 2;
+
+  snprintf(buf, sizeof(buf), "%*s\r", bar->width-1, " ");
+  memcpy(&buf[bar->bar], "-=O=-", 5);
+
+  pos = sinus[bar->tick%200] / (10000 / check);
+  buf[pos] = '#';
+  pos = sinus[(bar->tick + 5)%200] / (10000 / check);
+  buf[pos] = '#';
+  pos = sinus[(bar->tick + 10)%200] / (10000 / check);
+  buf[pos] = '#';
+  pos = sinus[(bar->tick + 15)%200] / (10000 / check);
+  buf[pos] = '#';
+
+  fputs(buf, stderr);
+  bar->tick += 2;
+  if(bar->tick >= 200)
+    bar->tick -= 200;
+
+  bar->bar += (moved?bar->barmove:0);
+  if(bar->bar >= (bar->width - 6)) {
+    bar->barmove = -1;
+    bar->bar = bar->width - 6;
+  }
+  else if(bar->bar < 0) {
+    bar->barmove = 1;
+    bar->bar = 0;
+  }
+}
+
 /*
 ** callback for CURLOPT_XFERINFOFUNCTION
 */
@@ -74,27 +137,17 @@ int tool_progress_cb(void *clientp,
     }
     else {
       /* total is unknown */
-      if(bar->prev/1024 == point/1024)
-        /* the same kilobyte level as last invoke */
-        return 0;
-      else if(tvdiff(now, bar->prevtime) < 100L)
+      if(tvdiff(now, bar->prevtime) < 100L)
         /* limit progress-bar updating to 10 Hz */
         return 0;
+      fly(bar, point != bar->prev);
     }
   }
 
   /* simply count invokes */
   bar->calls++;
 
-  if(total < 1) {
-    curl_off_t prevblock = bar->prev / 1024;
-    curl_off_t thisblock = point / 1024;
-    while(thisblock > prevblock) {
-      fprintf(bar->out, "#");
-      prevblock++;
-    }
-  }
-  else if(point != bar->prev) {
+  if((total > 0) && (point != bar->prev)) {
     if(point > total)
       /* we have got more than the expected total! */
       total = point;
@@ -121,7 +174,6 @@ void progressbarinit(struct ProgressData *bar,
                      struct OperationConfig *config)
 {
   char *colp;
-
   memset(bar, 0, sizeof(struct ProgressData));
 
   /* pass this through to progress function so
@@ -134,14 +186,47 @@ void progressbarinit(struct ProgressData *bar,
   if(colp) {
     char *endptr;
     long num = strtol(colp, &endptr, 10);
-    if((endptr != colp) && (endptr == colp + strlen(colp)) && (num > 0))
+    if((endptr != colp) && (endptr == colp + strlen(colp)) && (num > 20))
       bar->width = (int)num;
-    else
-      bar->width = 79;
     curl_free(colp);
   }
-  else
+
+  if(!bar->width) {
+    int cols = 0;
+
+#ifdef TIOCGSIZE
+    struct ttysize ts;
+    if(!ioctl(STDIN_FILENO, TIOCGSIZE, &ts))
+      cols = ts.ts_cols;
+#elif defined(TIOCGWINSZ)
+    struct winsize ts;
+    if(!ioctl(STDIN_FILENO, TIOCGWINSZ, &ts))
+      cols = ts.ws_col;
+#elif defined(_WIN32)
+    {
+      HANDLE  stderr_hnd = GetStdHandle(STD_ERROR_HANDLE);
+      CONSOLE_SCREEN_BUFFER_INFO console_info;
+
+      if((stderr_hnd != INVALID_HANDLE_VALUE) &&
+         GetConsoleScreenBufferInfo(stderr_hnd, &console_info)) {
+        /*
+         * Do not use +1 to get the true screen-width since writing a
+         * character at the right edge will cause a line wrap.
+         */
+        cols = (int)
+          (console_info.srWindow.Right - console_info.srWindow.Left);
+      }
+    }
+#endif /* TIOCGSIZE */
+    bar->width = cols;
+  }
+
+  if(!bar->width)
     bar->width = 79;
+  else if(bar->width > MAX_BARLENGTH)
+    bar->width = MAX_BARLENGTH;
 
   bar->out = config->global->errors;
+  bar->tick = 150;
+  bar->barmove = 1;
 }
diff --git a/src/tool_cb_prg.h b/src/tool_cb_prg.h
index d62b4a073..f8d6deaba 100644
--- a/src/tool_cb_prg.h
+++ b/src/tool_cb_prg.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -33,6 +33,9 @@ struct ProgressData {
   int         width;
   FILE       *out;  /* where to write everything to */
   curl_off_t  initial_size;
+  unsigned int tick;
+  int bar;
+  int barmove;
 };
 
 void progressbarinit(struct ProgressData *bar,
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 5babad3f0..98d03b6b4 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -55,7 +55,7 @@ test280 test281 test282 test283 test284 test285 test286 test287 test288 \
 test289 test290 test291 test292 test293 test294 test295 test296 test297 \
 test298 test299 test300 test301 test302 test303 test304 test305 test306 \
 test307 test308 test309 test310 test311 test312 test313 test314 test315 \
-test316                         test320 test321 test322 test323 test324 \
+test316 test317 test318         test320 test321 test322 test323 test324 \
 test325 \
 test350 test351 test352 test353 test354 \
 test393 test394 test395 \
@@ -161,7 +161,7 @@ test1424 test1425 test1426 test1427 \
 test1428 test1429 test1430 test1431 test1432 test1433 test1434 test1435 \
 test1436 test1437 test1438 test1439 test1440 test1441 test1442 test1443 \
 test1444 test1445 test1446 test1447 test1448 test1449 test1450 test1451 \
-test1452 test1453 \
+test1452 test1453 test1454 \
 test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
 test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
 test1516 test1517 \
diff --git a/tests/data/test1454 b/tests/data/test1454
new file mode 100644
index 000000000..36e28e49a
--- /dev/null
+++ b/tests/data/test1454
@@ -0,0 +1,38 @@
+<testcase>
+<info>
+<keywords>
+--connect-to
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+!ipv6
+</features>
+<server>
+http
+</server>
+ <name>
+--connect-to with IPv6 address w/o IPv6 support!
+ </name>
+<command>
+--connect-to localhost:80:[::1]:80 localhost
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+# 4 == CURLE_NOT_BUILT_IN
+<errorcode>
+4
+</errorcode>
+</verify>
+</testcase>
diff --git a/tests/data/test317 b/tests/data/test317
new file mode 100644
index 000000000..c6d8697be
--- /dev/null
+++ b/tests/data/test317
@@ -0,0 +1,94 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP proxy
+HTTP Basic auth
+HTTP proxy Basic auth
+followlocation
+</keywords>
+</info>
+#
+# Server-side
+<reply>
+<data>
+HTTP/1.1 302 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake swsclose
+Content-Type: text/html
+Funny-head: yesyes
+Location: http://goto.second.host.now/3170002
+Content-Length: 8
+Connection: close
+
+contents
+</data>
+<data2>
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake swsclose
+Content-Type: text/html
+Funny-head: yesyes
+Content-Length: 9
+
+contents
+</data2>
+
+<datacheck>
+HTTP/1.1 302 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake swsclose
+Content-Type: text/html
+Funny-head: yesyes
+Location: http://goto.second.host.now/3170002
+Content-Length: 8
+Connection: close
+
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake swsclose
+Content-Type: text/html
+Funny-head: yesyes
+Content-Length: 9
+
+contents
+</datacheck>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP with custom Authorization: and redirect to new host
+ </name>
+ <command>
+http://first.host.it.is/we/want/that/page/317 -x %HOSTIP:%HTTPPORT -H "Authorization: s3cr3t" --proxy-user testing:this --location
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET http://first.host.it.is/we/want/that/page/317 HTTP/1.1

+Host: first.host.it.is

+Proxy-Authorization: Basic dGVzdGluZzp0aGlz

+Accept: */*

+Proxy-Connection: Keep-Alive

+Authorization: s3cr3t

+

+GET http://goto.second.host.now/3170002 HTTP/1.1

+Host: goto.second.host.now

+Proxy-Authorization: Basic dGVzdGluZzp0aGlz

+Accept: */*

+Proxy-Connection: Keep-Alive

+

+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test318 b/tests/data/test318
new file mode 100644
index 000000000..838d1ba0f
--- /dev/null
+++ b/tests/data/test318
@@ -0,0 +1,95 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP proxy
+HTTP Basic auth
+HTTP proxy Basic auth
+followlocation
+</keywords>
+</info>
+#
+# Server-side
+<reply>
+<data>
+HTTP/1.1 302 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake swsclose
+Content-Type: text/html
+Funny-head: yesyes
+Location: http://goto.second.host.now/3180002
+Content-Length: 8
+Connection: close
+
+contents
+</data>
+<data2>
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake swsclose
+Content-Type: text/html
+Funny-head: yesyes
+Content-Length: 9
+
+contents
+</data2>
+
+<datacheck>
+HTTP/1.1 302 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake swsclose
+Content-Type: text/html
+Funny-head: yesyes
+Location: http://goto.second.host.now/3180002
+Content-Length: 8
+Connection: close
+
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake swsclose
+Content-Type: text/html
+Funny-head: yesyes
+Content-Length: 9
+
+contents
+</datacheck>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP with custom Authorization: and redirect to new host
+ </name>
+ <command>
+http://first.host.it.is/we/want/that/page/318 -x %HOSTIP:%HTTPPORT -H "Authorization: s3cr3t" --proxy-user testing:this --location-trusted
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET http://first.host.it.is/we/want/that/page/318 HTTP/1.1

+Host: first.host.it.is

+Proxy-Authorization: Basic dGVzdGluZzp0aGlz

+Accept: */*

+Proxy-Connection: Keep-Alive

+Authorization: s3cr3t

+

+GET http://goto.second.host.now/3180002 HTTP/1.1

+Host: goto.second.host.now

+Proxy-Authorization: Basic dGVzdGluZzp0aGlz

+Accept: */*

+Proxy-Connection: Keep-Alive

+Authorization: s3cr3t

+

+</protocol>
+</verify>
+</testcase>
diff --git a/tests/runtests.pl b/tests/runtests.pl
index 827b759e3..b7bacfc76 100755
--- a/tests/runtests.pl
+++ b/tests/runtests.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -340,6 +340,7 @@ $ENV{'CURL_MEMDEBUG'} = $memdump;
 $ENV{'CURL_ENTROPY'}="12345678";
 $ENV{'CURL_FORCETIME'}=1; # for debug NTLM magic
 $ENV{'HOME'}=$pwd;
+$ENV{'COLUMNS'}=79; # screen width!
 
 sub catch_zap {
     my $signame = shift;