Log message:
libcurl-gnutls: match curl update

Log message:
*curl*: update to 8.6.0

This release includes the following changes:

 o add CURLE_TOO_LARGE [48]
 o add CURLINFO_QUEUE_TIME_T [76]
 o add CURLOPT_SERVER_RESPONSE_TIMEOUT_MS: add [39]
 o asyn-thread: use GetAddrInfoExW on >= Windows 8 [55]
 o configure: make libpsl detection failure cause error [109]
 o docs/cmdline: change to .md for cmdline docs [77]
 o docs: introduce "curldown" for libcurl man page format [102]
 o runtests: support -gl. Like -g but for lldb. [47]

This release includes the following bugfixes:

 o altsvc: free 'as' when returning error [23]
 o appveyor: replace PowerShell with bash + parallel autotools [54]
 o appveyor: switch to out-of-tree builds [29]
 o asyn-ares: with modern c-ares, use its default timeout [127]
 o build: delete unused `HAVE_{GSSHEIMDAL,GSSMIT,HEIMDAL}` [4]
 o build: delete/replace clang warning pragmas [111]
 o build: enable missing OpenSSF-recommended warnings, with fixes [11]
 o build: fix `-Wconversion`/`-Wsign-conversion` warnings [26]
 o build: fix Windows ADDRESS_FAMILY detection [35]
 o build: more `-Wformat` fixes [40]
 o build: remove redundant `CURL_PULL_*` settings [8]
 o cf-h1-proxy: no CURLOPT_USERAGENT in CONNECT with hyper [133]
 o cf-socket: show errno in tcpkeepalive error messages [120]
 o CI/distcheck: run full tests [31]
 o cmake: add option to disable building docs
 o cmake: fix generation for system name iOS [53]
 o cmake: fix typo [5]
 o cmake: freshen up docs/INSTALL.cmake [101]
 o cmake: prefill/cache `HAVE_STRUCT_SOCKADDR_STORAGE` [45]
 o cmake: rework options to enable curl and libcurl docs [161]
 o cmake: when USE_MANUAL=YES, build the curl.1 man page [113]
 o cmdline-opts/write-out.d: remove spurious double quotes
 o cmdline-opts: update availability for the *-ca-native options [66]
 o cmdline/gen: fix the sorting of the man page options [33]
 o configure: add libngtcp2_crypto_boringssl detection [155]
 o configure: fix no default int compile error in ipv6 detection [69]
 o configure: when enabling QUIC, check that TLS supports QUIC [87]
 o connect: remove margin from eyeballer alloc [79]
 o content_encoding: change return code to typedef'ed enum [94]
 o cookie.d: document use of empty string to enable cookie engine [106]
 o cookie: avoid fopen with empty file name [24]
 o curl.h: CURLOPT_DNS_SERVERS is only available with c-ares [131]
 o curl: show ipfs and ipns as supported "protocols" [15]
 o curl_easy_getinfo.3: remove the wrong time value count [116]
 o curl_multi_fdset.3: remove mention of null pointer support [134]
 o CURLINFO_REFERER.3: clarify that it is the *request* header [70]
 o CURLOPT_AUTOREFERER.3: mention CURLINFO_REFERER
 o CURLOPT_POSTFIELDS.3: fix incorrect C string escape in example [27]
 o CURLOPT_SSH_*_KEYFILE: clarify [57]
 o dist: add tests/errorcodes.pl to the tarball [6]
 o docs: clean up Protocols: for cmdline options [32]
 o docs: describe and highlight super cookies [80]
 o docs: do not start lines/sentences with So, But nor And [140]
 o docs: install curl.1 with cmake [166]
 o docs: mention env vars not used by schannel [124]
 o doh: remove unused local variable [34]
 o examples: add four new examples [99]
 o file+ftp: use stack buffers instead of data->state.buffer [138]
 o ftp: handle the PORT parsing without allocation [44]
 o ftp: use dynbuf to store entrypath [83]
 o ftp: use memdup0 to store the OS from a SYST 215 response [82]
 o ftpserver.pl: send 213 SIZE response without spurious newline
 o gen.pl: support ## for doing .IP in table-like lists [105]
 o gen: do italics/bold for a range of letters, not just single word [78]
 o GHA: add a job scanning for "bad words" in markdown [164]
 o GHA: bump ngtcp2, gnutls, mod_h2, quiche [158]
 o gnutls: fix build with --disable-verbose [3]
 o haproxy-clientip.d: document the arg [68]
 o headers: make sure the trailing newline is not stored [97]
 o headers: remove assert from Curl_headers_push [115]
 o hostip: return error immediately when Curl_ip2addr() fails [19]
 o hsts: remove assert for zero length domain [96]
 o http2: improved on_stream_close/data_done handling [49]
 o http3/quiche: fix result code on a stream reset [91]
 o http3: initial support for OpenSSL 3.2 QUIC stack [110]
 o http: adjust_pollset fix [85]
 o http: check for "Host:" case insensitively [154]
 o http: fix off-by-one error in request method length check [14]
 o http: only act on 101 responses when they are HTTP/1.1 [98]
 o http: remove comment reference to a removed solution [156]
 o http: use stack scratch buffer [150]
 o http_proxy: a blank CURLOPT_USERAGENT should not be used in CONNECT [90]
 o krb5: add prototype to silence clang warnings on mvsnprintf() [119]
 o lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT [62]
 o lib: error out on multissl + http3 [13]
 o lib: fix variable undeclared error caused by `infof` changes [2]
 o lib: reduce use of strncpy [30]
 o lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding [36]
 o lib: replace readwrite with write_resp [137]
 o lib: strndup/memdup instead of malloc, memcpy and null-terminate [42]
 o libssh2: use `libssh2_session_callback_set2()` with v1.11.1 [103]
 o libssh: improve the deprecation warning dismissal [20]
 o libssh: supress warnings without version check [18]
 o Makefile.am: fix the MSVC project generation [22]
 o Makefile.mk: drop Windows support [12]
 o mbedtls: fix `-Wnull-dereference` and `-Wredundant-decls` [117]
 o mbedtls: free the entropy when threaded [46]
 o mime: use memdup0 instead of malloc + memcpy [63]
 o mksymbolsmanpage.pl: provide references to where the symbol is used
 o mprintf: overhaul and bugfixes [52]
 o mqtt: use stack scratch buffer for recv+publish [148]
 o multi: remove total timer reset in file_do() while fetching file:// [89]
 o ngtcp2: put h3 at the front of alpn [58]
 o ntlm_wb: do not use data->state.buffer any longer [151]
 o openldap: fix an LDAP crash [75]
 o openldap: fix STARTTLS [67]
 o openssl: re-match LibreSSL deinit with init [17]
 o openssl: when verifystatus fails, remove session id from cache [100]
 o OS400: sync ILE/RPG binding [114]
 o pingpong: stop using the download buffer [159]
 o pop3: replace calloc + memcpy with memdup0 [60]
 o pytest: scorecard tracking CPU and RSS [157]
 o quiche: return CURLE_HTTP3 on send to invalid stream [65]
 o readwrite_data: loop less [21]
 o Revert "urldata: move async resolver state from easy handle to \ 
connectdata" [16]
 o rtsp: deal with borked server responses [129]
 o runtests: for mode="text" on <stdout>, fix newlines on both \ 
parts [64]
 o sasl: make login option string override http auth [142]
 o schannel: fix `-Warith-conversion` gcc 13 warning [28]
 o sectransp: do verify_cert without memdup for blobs [93]
 o sectransp_ make TLSCipherNameForNumber() available in non-verbose config [1]
 o sendf: fix compiler warning with CURL_DISABLE_HEADERS_API [38]
 o setopt: clear mimepost when formp is freed [92]
 o setopt: use memdup0 when cloning COPYPOSTFIELDS [107]
 o socks: fix generic output string to say SOCKS instead of SOCKS4 [144]
 o socks: use own buffer instead of data->state.buffer [143]
 o ssh: fix namespace of two local macros [51]
 o ssh: use stack scratch buffer for seeks [146]
 o strerror: repair get_winsock_error() [56]
 o system.h: sync mingw `CURL_TYPEOF_CURL_SOCKLEN_T` with other compilers [9]
 o system_win32: fix a function pointer assignment warning [71]
 o telnet: use dynbuf instad of malloc for escape buffer [108]
 o telnet: use stack scratch buffer for do [149]
 o tests/server: delete workaround for old-mingw [25]
 o tests: avoid int/size_t conversion size/sign warnings [163]
 o tests: respect $TMPDIR when creating unix domain sockets [50]
 o tool: make parser reject blank arguments if not supported [86]
 o tool: prepend output_dir in header callback [95]
 o tool_getparam: bsearch cmdline options [74]
 o tool_getparam: do not try to expand without an argument [59]
 o tool_getparam: stop supporting `@filename` style for --cookie [121]
 o tool_listhelp: regenerate after recent .d updates [61]
 o tool_operate: make --remove-on-error only remove "real" files [125]
 o tool_operate: stop setting the file comment on Amiga [128]
 o transfer: adjust_pollset improvements [81]
 o transfer: fix upload rate limiting, add test cases [37]
 o transfer: make the select_bits_paused condition check both directions [104]
 o transfer: remove warning: Value stored to 'blen' is never read [136]
 o url: don't set default CA paths for Secure Transport backend [126]
 o url: for disabled protocols, mention if found in redirect [7]
 o urlapi: remove assert [162]
 o verify-examples.pl: fail verification on unescaped backslash [72]
 o version: show only the libpsl version, not its dependencies [130]
 o vquic: extract TLS setup into own source [88]
 o vtls: fix missing multissl version info [73]
 o vtls: receive max buffer [139]
 o vtls: remove the Curl_cft_ssl_proxy object if CURL_DISABLE_PROXY [41]
 o websockets: check for negative payload lengths [123]
 o websockets: refactor decode chain [122]
 o windows: delete redundant headers [43]
 o windows: simplify detecting and using system headers [10]
 o wolfssl: load certificate *chain* for PEM client certs [84]
 o x509asn1: remove code for WANT_VERIFYHOST [132]
 o x509asn1: switch from malloc to dynbuf [112]

Log message:
curl: update to 8.5.0

Security fix release.

Log message:
*: recursive bump for icu 74.1

Log message:
*: bump for openssl 3

Log message:
curl libcurl-gnutls: updated to 8.4.0

Fixed in 8.4.0 - October 11 2023

Changes:

curl: add support for the IPFS protocols via HTTP gateway
curl_multi_get_handles: get easy handles from a multi handle
mingw: delete support for legacy mingw.org toolchain

Bugfixes:

acinclude.m4: Document proper system truststore on FreeBSD
appveyor: fix yamlint issues, indent
appveyor: rewrite batch in PowerShell + CI improvements
autotools: adjust `CURL_CA_PATH` value to CMake
autotools: restore `HAVE_IOCTL_*` detections
base64: also build for curl
bufq: remove Curl_bufq_skip_and_shift (unused)
build: delete checks for C89 standard headers
build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros
cf-socket: simulate slow/blocked receives in debug
cmake, configure: also link with CoreServices
cmake: add check for suseconds_t
cmake: add feature checks for `memrchr` and `getifaddrs`
cmake: add missing checks
cmake: delete old `HAVE_LDAP_URL_PARSE` logic
cmake: detect `HAVE_CLOCK_GETTIME_MONOTONIC_RAW`
cmake: detect `HAVE_GETADDRINFO_THREADSAFE`
cmake: detect `sys/wait.h` and `netinet/udp.h`
cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS
cmake: disable unity mode with Windows Unicode + TrackMemory
cmake: fix `HAVE_LDAP_SSL`, `HAVE_LDAP_URL_PARSE` on non-Windows
cmake: fix `HAVE_WRITABLE_ARGV` detection
cmake: fix duplicate symbols when linking tests
cmake: fix missing `zlib.h` when compiling `libcurltool`
cmake: fix stderr initialization in unity builds
cmake: fix the help text to the static build option in CMakeLists.txt
cmake: fix unity builds for more build combinations
cmake: fix unity symbol collisions in h2 builds
cmake: fix unity with Windows Unicode + TrackMemory
cmake: improve OpenLDAP builds
cmake: lib `CURL_STATICLIB` fixes (Windows)
cmake: move global headers to specific checks
cmake: pre-cache `HAVE_BASENAME` for mingw-w64 and MSVC
cmake: pre-cache `HAVE_POLL_FINE` on Windows
cmake: tidy-up `NOT_NEED_LBER_H` detection
cmake: validate `CURL_DEFAULT_SSL_BACKEND` config value
configure: check for the capath by default
configure: remove unused checks
configure: replace adhoc domain with `localhost` in tests
configure: sort AC_CHECK_FUNCS
connect: expire the timeout when trying next
connect: only start the happy eyeballs timer when needed
cookie: do not store the expire or max-age strings
cookie: remove unnecessary struct fields
cookie: set ->running in cookie_init even if data is NULL
create-dirs.d: clarify it also uses --output-dirs
curl.h: mark CURLSSLBACKEND_NSS as deprecated since 8.3.0
curl_easy_pause.3: mention h2/h3 buffering
curl_easy_pause.3: mention it works within callbacks
curl_easy_pause: set "in callback" true on exit if true
CURLOPT_DEBUGFUNCTION.3: warn about internal handles
docs/libcurl/opts/Makefile.inc: add missing manpage files
docs: adapt SEE ALSO sections to new requirements
docs: explain how PINNEDPUBLICKEY is independent of VERIFYPEER
docs: replace made up domains with example.com
docs: update curl man page references
docs: use CURLSSLBACKEND_NONE
doh: inherit DEBUGFUNCTION/DATA
escape: replace Curl_isunreserved with ISUNRESERVED
FAQ: How do I upgrade curl.exe in Windows?
GHA/linux: run singleuse to detect single-use global functions
GHA: add workflow to compare configure vs cmake outputs
h2-proxy: remove left-over mistake in drain_tunnel()
h2: testcase and fix for pausing h2 streams
h3: add support for ngtcp2 with AWS-LC builds
http2: refused stream handling for retry
http: fix CURL_DISABLE_BEARER_AUTH breakage
http: h1/h2 proxy unification
http: remove wrong comment for http_should_fail
http: use per-request counter to check too large headers
http_aws_sigv4: fix sorting with empty parts
idn: fix WinIDN null ptr deref on bad host
idn: if idn2_check_version returns NULL, return error
inet_ntop: add typecast to silence Coverity
lib: disambiguate Curl_client_write flag semantics
lib: enable hmac for digest as well
lib: failf/infof compiler warnings
lib: let the max filesize option stop too big transfers too
lib: move handling of `data->req.writer_stack` into Curl_client_write()
lib: provide and use Curl_hexencode
lib: remove TIME_WITH_SYS_TIME
lib: use wrapper for curl_mime_data fseek callback
libssh2: fix error message on failed pubkey-from-file
libssh: cap SFTP packet size sent
Makefile.mk: always set `CURL_STATICLIB` for lib (Windows)
MANUAL.md: change domain to example.com
misc: better random strings
MQTT: improve receive of ACKs
multi: do CURLM_CALL_MULTI_PERFORM at two more places
multi: fix small timeouts
multi: remove Curl_multi_dump
multi: round the timeout up to prevent early wakeups
multi: set CURLM_CALL_MULTI_PERFORM after switch to DOING_MORE
openssl: improve ssl shutdown handling
openssl: use X509_ALGOR_get0 instead of reaching into X509_ALGOR
pytest: exclude test_03_goaway in CI runs due to timing dependency
quic: set ciphers/curves the same way regular TLS does
quiche: fix build error with --with-ca-fallback
RELEASE-PROCEDURE.md: updated coming release dates
runtests: display the test status if tests appear hung
runtests: eliminate a warning on old perl versions
socks: return error if hostname too long for remote resolve
src/mkhelp: make generated code pass `checksrc`
test1056: disable on Windows
test1474: disable test on NetBSD, OpenBSD and Solaris 10
test1592: greatly increase the maximum test timeout
test1903: actually verify the cookies after the test
test1906: set a lower timeout since it's hit on Windows
test2600: remove special case handling for USE_ALARM_TIMEOUT
test650: fix an end tag typo
test661: return from test early in case of curl error
test: add missing <feature>s
tests: close the shell used to start sshd
tests: fix a race condition in ftp server disconnect
tests: fix compiler warnings
tests: Fix zombie processes left behind by FTP tests.
tests: improve SLOWDOWN test reliability by reducing sent data
tests: increase lib571 timeout from 3s to 30s
tests: log the test result code after each libtest
tests: propagate errors in libtests
tests: set --expect100-timeout to improve test reliability
tests: show which curl tool `runtests.pl` is using
tests: stop overriding the lock timeout
tftpd: always use curl's own tftp.h
tool: use our own stderr variable
tool_cb_wrt: fix debug assertion
tool_getparam: accept variable expansion on file names too
tool_setopt: remove unused function tool_setopt_flags
upload-file.d: describe the file name slash/backslash handling
url: fall back to http/https proxy env-variable if ws/wss not set
url: fix netrc info message
warnless: remove unused functions
wolfssh: do cleanup in Curl_ssh_cleanup
wolfssl: allow capath with CURLOPT_CAINFO_BLOB
wolfssl: if CURLOPT_CAINFO_BLOB is set, ignore the CA files
wolfssl: ignore errors in CA path

Log message:
curl libcurl-gnutls: updated to 8.3.0

Fixed in 8.3.0 - September 13 2023

Changes:

curl: make %output{} in -w specify a file to write to
gskit: remove
lib: --disable-bindlocal builds curl without local binding support
nss: remove support for this TLS library
tool: add "variable" support
trace: make tracing available in non-debug builds
url: change default value for CURLOPT_MAXREDIRS to 30
urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name
wolfssl: support loading system CA certificates
Bugfixes:

altsvc: accept and parse IPv6 addresses in response headers
asyn-ares: reduce timeout to 2000ms
aws-sigv4: canonicalize the query
aws-sigv4: fix having date header twice in some cases
aws-sigv4: handle no-value user header entries
bearssl: don't load CA certs when peer verification is disabled
bearssl: handshake fix, provide proper get_select_socks() implementation
build: fix portability of mancheck and checksrc targets
build: streamline non-UWP wincrypt detections
c-hyper: adjust the hyper to curlcode conversion
c-hyper: fix memory leaks in `Curl_http`
cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the *source* IP
cf-socket: log successful interface bind
CI/cirrus: disable python install on FreeBSD
CI: add a 32-bit i686 Linux build
CI: add caching to many jobs
CI: move on to ngtcp2 v0.19.1
CI: move the Alpine build from Cirrus to GHA
CI: ngtcp2-linux: use separate caches for tls libraries
CI: remove Windows builds from Cirrus, without replacement
CI: switch macOS ARM build from Cirrus to Circle CI
CI: use master again for wolfssl
cirrus: install everthing with pkg, avoid pip
cmake: add GnuTLS option
cmake: add support for `CURL_DEFAULT_SSL_BACKEND`
cmake: add support for single libcurl compilation pass
cmake: allow `SHARE_LIB_OBJECT=ON` on all platforms
cmake: assume `wldap32` availability on Windows
cmake: cache more config and delete unused ones
cmake: detect `SSL_set0_wbio` in OpenSSL
cmake: drop `HAVE_LIBWINMM` and `HAVE_LIBWS2_32` feature checks
cmake: fix to use variable for the curl namespace
cmake: fixup H2 duplicate symbols for unity builds
cmake: set SIZEOF_LONG_LONG in curl_config.h
cmake: support building static and shared libcurl in one go
cmdline-docs: make sure to phrase it as "added in ...."
cmdline-docs: use present tense, not future
cmdline-opts/docs: mention the negative option part
cmdline-opts/page-header: clarify stronger that !opt == URL
cmdline-opts/page-header: reorder, clean up
configure, cmake, lib: more form api deprecation
configure: fix `HAVE_TIME_T_UNSIGNED` check
configure: trust pkg-config when it's used for zlib
configure: use the pkg-config --libs-only-l flag for libssh2
connect: stop halving the remaining timeout when less than 600 ms left
cookie-jar.d: emphasize that this option is ONLY writing cookies
crypto: ensure crypto initialization works
curl_url_get/set.3: add missing semicolon in SYNOPSIS
CURLINFO_CERTINFO.3: better explain curl_certinfo struct
CURLINFO_TLS_SSL_PTR.3: clarify a recommendation
CURLOPT_*TIMEOUT*: extend and clarify
CURLOPT_SSL_VERIFYPEER.3: mention it does not load CA certs when disabled
CURLOPT_URL.3: add two URL API calls in the see-also section
CURLOPT_URL.3: explain curl_url_set() uses the same parser
digest: Use hostname to generate spn instead of realm
disable.d: explain --disable not implemented prior to 7.50.0
docs/cmdline-opts/gen.pl: hide "added in" before 7.50.0
docs/cmdline-opts: match the current output
docs/cmdline-opts: spellfixes, typos and polish
docs/cmdline: add small "warning" to verbose options
docs/cmdline: remove repeated working for negotiate + ntlm
docs/HYPER.md: document a workaround for a link error
docs: add curl_global_trace to some SEE ALSO sections
docs: link to the website versions instead of markdowns
docs: mark --ssl-revoke-best-effort as Schannel specific
docs: mention critical files in same directories as curl saves
docs: removing "pausing transfers" from HYPER.md.
docs: rewrite to present tense
easy: remove #ifdefs to make code easier on the eye
egd: delete feature detection and related source code
ftp: fix temp write of ipv6 address
gen.pl: escape all dashes (ascii minus) to avoid unicode hyphens
gen.pl: replace all single quotes with aq
GHA: adding quiche workflow
headers: accept leading whitespaces on first response header
http2: avoid too early connection re-use/multiplexing
http2: cleanup trace messages
http2: disable asssertion blocking OSSFuzz testing
http2: fix in h2 proxy tunnel: progress in ingress on sending
http2: polish things around POST
http2: upgrade tests and add fix for non-existing stream
http3/ngtcp2: shorten handshake, trace cleanup
http3: quiche, handshake optimization, trace cleanup
http: close the connection after a late 417 is received
http: do not require a user name when using CURLAUTH_NEGOTIATE
http: fix sending of large requests
http: remove the p_pragma struct field
http: return error when receiving too large header set
hyper: fix a progress upload counter bug
hyper: fix ownership problems
hyper: remove `hyptransfer->endtask`
imap: add a check for failing strdup()
imap: remove the only sscanf() call in the IMAP code
include.d: explain headers not printed with --fail before 7.75.0
include/curl/mprintf.h: add __attribute__ for the prototypes
krb5: fix "implicit conversion loses integer precision" warnings
lib: add ability to disable auths individually
lib: build fixups when built with most things disabled
lib: fix a few *printf() flag mistakes
lib: fix null ptr derefs and uninitialized vars (h2/h3)
lib: move mimepost data from ->req.p.http to ->state
libtest: use curl_free() to free libcurl allocated data
list-only.d: mention SFTP as supported protocol
macOS: fix target detection more
misc: fix various typos
multi.h: the 'revents' field of curl_waitfd is supported
multi: more efficient pollfd count for poll
multi: remove 'processing: <url>' debug message
ngtcp2: fix handling of large requests
openssl: auto-detect `SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED`
openssl: clear error queue after SSL_shutdown
openssl: make aws-lc version support OCSP
openssl: Support async cert verify callback
openssl: switch to modern init for LibreSSL 2.7.0+
openssl: use `SSL_CTX_set_ciphersuites` with LibreSSL 3.4.1
openssl: use `SSL_CTX_set_keylog_callback` with LibreSSL 3.5.0
openssl: when CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before
os400: build test servers
os400: do not check translatable options at build time
os400: implement CLI tool
page-footer: QLOGDIR works with ngtcp2 and quiche
page-header: move up a URL paragraph from GLOBBING to URL
pytest: fix check for slow_network skips to only apply when intended
quic: don't set SNI if hostname is an IP address
quiche: adjust quiche `QUIC_IDLE_TIMEOUT` to 60s
quiche: enable quiche to handle timeout events
resolve: use PF_INET6 family lookups when CURL_IPRESOLVE_V6 is set
revert "schannel: reverse the order of certinfo insertions"
schannel: fix ordering of cert chain info
schannel: fix user-set legacy algorithms in Windows 10 & 11
schannel: verify hostname independent of verify cert
sectransp: fix compiler warnings
sectransp: prevent CFRelease() of NULL
secureserver.pl: fix stunnel path quoting
secureserver.pl: fix stunnel version parsing
SECURITY-PROCESS.md: not a sec issue: Tricking user to run a cmdline
system.h: add CURL_OFF_T definitions on HP-UX with HP aCC
test1304: build and skip without netrc support
test1554: check translatable string options in OS400 wrapper
test1608: make it build and get skipped without shuffle DNS support
test687/688: two more basic --xattr tests
tests/tftpd+mqttd: make variables static to silence picky warnings
tests: add 'large-time' as a testable feature
tests: add support for nested %if conditions
tests: don't call HTTP errors OK in test cases
tests: ensure `libcurl.def` contains all exports
tests: fix h3 server check and parallel instances
tests: TLS session sharing test
tests: update cookie expiry dates to far in the future
time-cond.d: mention what happens on a missing file
tool: avoid including leading spaces in the Location hyperlink
tool: change some fopen failures from warnings to errors
tool: make the length argument an int for printf()-.* flags
tool_cb_wrt: fix invalid unicode for windows console
tool_filetime: make -z work with file dates before 1970
tool_operate: allow both SSL_CERT_FILE and SSL_CERT_DIR
tool_operate: make aws-sigv4 not require TLS to be used
tool_paramhlp: improve str2num(): avoid unnecessary call to strlen()
tool_urlglob: use the correct format specifier for curl_off_t in msnprintf
transfer: also stop the sending on closed connection
transfer: don't set TIMER_STARTTRANSFER on first send
unit2600: fix build warning if built without verbose messages
url: remove infof() output for "still name resolving"
urlapi: fix heap buffer overflow
urlapi: make sure zoneid is also duplicated in curl_url_dup
urlapi: return CURLUE_BAD_HOSTNAME if puny2idn encoding fails
urlapi: setting a blank URL ("") is not an ok URL
vquic: show stringified messages for errno
vtls: clarify "ALPN: offers" message
winbuild: improve check for static zlib
wolfSSL: avoid the OpenSSL compat API when not needed
workflows/macos.yml: disable zstd and alt-svc in the http-only build
write-out.d: clarify %{time_starttransfer}
ws: fix spelling mistakes in examples and tests

Log message:
curl: updated to 8.2.1

8.2.1

Bugfixes:

amigaos: fix sys/mbuf.h m_len macro clash
amissl: add missing signal.h include
amissl: fix AmiSSL v5 detection
cfilters: rename close/connect functions to avoid clashes
ciphers.d: put URL in first column
cmake: add `libcurlu`/`libcurltool` for unit tests
cmake: update ngtcp2 detection
configure: check for nghttp2_session_get_stream_local_window_size
CONTRIBUTE: drop mention of copyright year ranges
CONTRIBUTE: fix syntax in commit message description
curl_multi_wait.3: fix arg quoting to doc macro .BR
docs: mark two TLS options for TLS, not SSL
docs: provide more see also for cipher options
hostip: return IPv6 first for localhost resolves
http2: fix regression on upload EOF handling
http: VLH, very large header test and fixes
libcurl-errors.3: add CURLUE_OK
os400: correct EXPECTED_STRING_LASTZEROTERMINATED
quiche: fix lookup of transfer at multi
quiche: fix segfault and other things
rustls: update rustls-ffi 0.10.0
socks: print ipv6 address within brackets
src/mkhelp: strip off escape sequences
tool: fix tool_seek_cb build when SIZEOF_CURL_OFF_T > SIZEOF_OFF_T
transfer: do not clear the credentials on redirect to absolute URL
unittest: remove unneeded *_LDADD
websocket: rename arguments/variables to match docs

Log message:
curl, libcurl-gnutls: update to 8.2.0

This release includes the following changes:

 o curl: add --ca-native and --proxy-ca-native [24]
 o curl: add --trace-ids [53]
 o CURLOPT_MAIL_RCPT_ALLOWFAILS: replace CURLOPT_MAIL_RCPT_ALLLOWFAILS [5]
 o haproxy: add --haproxy-clientip flag to set client IPs [23]
 o lib: add CURLINFO_CONN_ID and CURLINFO_XFER_ID [54]

This release includes the following bugfixes:

 o bufq: make write/pass methods more robust [21]
 o build: drop unused/redundant `HAVE_WINLDAP_H` [25]
 o cf-socket: don't bypass fclosesocket callback if cancelled before connect [114]
 o cf-socket: move ctx declaration under HAVE_GETPEERNAME [91]
 o cf-socket: skip getpeername()/getsockname for TFTP [65]
 o checksrc: modernise perl file open [87]
 o checksrc: quote the file name to work with "funny" letters [93]
 o CI: brew fix for openssl in default path [116]
 o CI: don't install impacket if tests are not run
 o CI: enable parallel make in more builds
 o circleci: install impacket & wolfssl 5.6.0 [1]
 o cmake: add support for "unity" builds [13]
 o cmake: make use of snprintf [102]
 o cmake: stop CMake from quietly ignoring missing Brotli [81]
 o configure: add check for ldap_init_fd [80]
 o configure: fix run-compiler for old /bin/sh [4]
 o configure: the --without forms of the options are also gone [79]
 o connect-timeout.d: mention that the DNS lookup is included [85]
 o curl.h: include <sys/select.h> for vxworks [78]
 o curl: count uploaded data to stop at the originally given size [14]
 o curl: return error when asked to use an unsupported HTTP version [113]
 o curl_easy_nextheader.3: add missing open parenthesis examples [74]
 o curl_log: evaluate log statement only when transfer is verbose [8]
 o curl_mprintf.3: minor fix of the example
 o curl_pushheader_byname/bynum.3: document in their own man pages [37]
 o curl_url_set: enforce the max string length check for all parts [38]
 o CURLOPT_AWS_SIGV4.3: remove unused variable from example [11]
 o CURLOPT_INFILESIZE.3: mention -1 triggers chunked [55]
 o CURLOPT_MIMEPOST.3: clarify what setting to NULL means [95]
 o CURLOPT_SSH_PRIVATE_KEYFILE.3: expand on the file search [31]
 o docs/libcurl/libcurl.3: cleanups and improvements [46]
 o docs: add more .IP after .RE to fix indentation of generate paragraphs [82]
 o docs: fix missing parameter names in examples [41]
 o docs: update CURLOPT_UPLOAD.3 [63]
 o docs: update HTTP3.md for newer ngtcp2 and nghttp3 [28]
 o docs: use a space after RFC when spelling out RFC numbers [105]
 o example/connect-to: show CURLOPT_CONNECT_TO [47]
 o example/crawler: also set CURLOPT_AUTOREFERER [35]
 o example/crawler: make it use a few more options
 o example/default-scheme: set the default scheme for schemeless URLs [67]
 o example/hsts-preload: show one way to HSTS preload [68]
 o example/http2-download: set CURLOPT_BUFFERSIZE [34]
 o example/ipv6: feature CURLOPT_ADDRESS_SCOPE in use [27]
 o example/maxconnects: set maxconnect example [98]
 o example/opensslthreadlock: remove [59]
 o examples/ftpuploadresume.c: add use of CURLOPT_ACCEPTTIMEOUT_MS [39]
 o examples/http-options: show how to send "OPTIONS *" [69]
 o examples/https.c: use CURLOPT_CA_CACHE_TIMEOUT [19]
 o examples/multi-debugcallback.c: avoid the bool typedef [29]
 o examples/smtp-mime: use CURLOPT_MAIL_RCPT_ALLOWFAILS [71]
 o examples/unixsocket.c: example using CURLOPT_UNIX_SOCKET_PATH [40]
 o examples/websocket.c: websocket example using CONNECT_ONLY [17]
 o examples: make use of CURLOPT_(REDIR_|)PROTOCOLS_STR [70]
 o fopen: fix conversion warning on 32-bit Android [49]
 o fopen: optimize [101]
 o hostip.c: Move macOS-specific calls into global init call [104]
 o HTTP/2: upload handling fixes [56]
 o http2: better support for --limit-rate [7]
 o http2: error stream resets with code CURLE_HTTP2_STREAM [84]
 o http2: fix crash in handling stream weights [76]
 o http2: fix variable type [50]
 o http2: h2 and h2-PROXY connection alive check fixes [83]
 o http2: raise header limitations above and beyond [73]
 o http2: send HEADER & DATA together if possible [99]
 o http2: treat initial SETTINGS as a WINDOW_UPDATE [100]
 o HTTP3.md: update openssl version [57]
 o http3/ngtcp2: upload EAGAIN handling [108]
 o http: rectify the outgoing Cookie: header field size check [72]
 o hyper: fix EOF handling on input [66]
 o hyper: unslow [51]
 o imap-append.c: update to make it more likely to work [106]
 o imap: Provide method to disable SASL if it is advertised [75]
 o krb5: add typecast to please Coverity
 o libcurl-url.3: also mention CURLUPART_ZONEID
 o libcurl-ws.3. WebSocket API overview [48]
 o libssh2: provide error message when setting host key type fails [9]
 o libssh2: use custom memory functions [12]
 o ngtcp2: assigning timeout, but value is overwritten before used [103]
 o ngtcp2: build with 0.17.0 and nghttp3 0.13.0 [96]
 o ngtcp2: use ever increasing timestamp in io [32]
 o quiche: avoid NULL deref in debug logging [97]
 o quiche: fix defects found in latest coverity report [94]
 o quote.d: fix indentation of generated paragraphs [86]
 o runtests: abort test run after failure without -a [3]
 o runtests: better handle ^C during slow tests
 o runtests: consistently write the test check summary block
 o runtests: create multiple test runners when requested [20]
 o runtests: include missing valgrind package [89]
 o runtests: make test file directories in log/N [44]
 o runtests: rename server command file
 o runtests: use more consistent failure lines
 o runtests: work around a perl without SIGUSR1 [88]
 o runtests; give each server a unique log lock file [43]
 o scripts: Fix GHA matrix job detection in cijobs.pl
 o sectransp: fix EOF handling [92]
 o system.h: remove __IBMC__/__IBMCPP__ guards and apply to all z/OS compiles [10]
 o test2600: fix the description [90]
 o test427: verify sending more cookies than fit in a 8190 bytes line [61]
 o tests/http: Add mod_h2 directive `H2ProxyRequests` [77]
 o tests/servers.pm: pick unused port number with a server socket [16]
 o tests/servers: generate temp names in /tmp for unix domain sockets [6]
 o tests: fix error messages & handling around sockets [30]
 o tests: improve reliability of TFTP tests
 o testutil: allow multiple %-operators on the same line [62]
 o timeval: use CLOCK_MONOTONIC_RAW if available [52]
 o tls13-ciphers.d: include Schannel [36]
 o tool: remove exclamation marks from error/warning messages
 o tool: remove newlines from all helpf/notef/warnf/errorf calls [15]
 o tool_easysrc.h: correct `easysrc_perform` for `CURL_DISABLE_LIBCURL_OPTION` [109]
 o tool_getparam: fix comment [22]
 o tool_operate: allow cookie lines up to 8200 bytes [60]
 o tool_parsecfg: accept line lengths up to 10M [115]
 o tool_urlglob: use curl_off_t instead of longs [2]
 o tool_writeout_json: fix encoding of control characters [107]
 o transfer: clear credentials when redirecting to absolute URL [64]
 o urlapi: have *set(PATH) prepend a slash if one is missing [42]
 o urlapi: scheme must start with alpha [26]
 o vtls: avoid memory leak if sha256 call fails [58]
 o websocket-cb: example doing WebSocket download using callback [18]
 o wolfssl: detect when TLS 1.2 support is not built into wolfssl [111]
 o wolfssl: support setting CA certificates as blob [110]
 o ws: make the curl_ws_meta() return pointer a const [45]

Log message:
libcurl-gnutls: update to version 8.1.2, use Makefile fragment