curl and libcurl 8.12.0

 Public curl releases:         264
 Command line options:         266
 curl_easy_setopt() options:   306
 Public functions in libcurl:  94
 Contributors:                 3316

This release includes the following changes:

 o curl: add byte range support to --variable reading from file [56]
 o curl: make --etag-save acknowledge --create-dirs [31]
 o getinfo: fix CURLINFO_QUEUE_TIME_T and add 'time_queue' var [55]
 o getinfo: provide info which auth was used for HTTP and proxy [40]
 o hyper: drop support [57]
 o openssl: add support to use keys and certificates from PKCS#11 provider [77]
 o QUIC: 0RTT for gnutls via CURLSSLOPT_EARLYDATA [61]

This release includes the following bugfixes:

 o altsvc: avoid integer overflow in expire calculation [16]
 o async-thread: avoid closing eventfd twice [9]
 o autotools: silence gcc warnings in libtool code [96]
 o binmode: convert to macro and use it from tests [44]
 o build: drop `-Winline` picky warning [53]
 o build: drop unused feature macros, update exception list [51]
 o build: fix the tidy targets for autotools [52]
 o build: fix unsigned `time_t` detection for cmake, MS-DOS, AmigaOS [104]
 o build: replace configure check with PP condition (Android <21) [97]
 o cd2nroff: support "none" as a TLS backend [29]
 o cf-socket: error if address can't be copied [72]
 o checksrc: ban use of sscanf() [7]
 o checksrc: fix the return() checker [35]
 o checksrc: introduce 'banfunc' to ban specific functions [117]
 o cmake/FindLDAP: avoid empty 'Requires' item when omitting `pkg-config` module [90]
 o cmake/FindLDAP: avoid framework locations for libs too (Apple) [122]
 o cmake/FindLibpsl: protect against `pkg-config` "half-detection" [89]
 o cmake/FindLibssh: sync header comment with other modules
 o cmake/FindMbedTLS: drop lib duplicates early [17]
 o cmake: add `librtmp` Find module [86]
 o cmake: add LDAP Find module [46]
 o cmake: add native `pkg-config` detection for remaining Find modules [37]
 o cmake: allow `CURL_LTO` regardless of `CURL_BUILD_TYPE`, enable in CI [88]
 o cmake: clang-cl improvements [42]
 o cmake: delete accidental debug message
 o cmake: drop duplicate Windows cache value [81]
 o cmake: drop redundant FOUND checks (libgsasl, libssh, libuv) [49]
 o cmake: drop redundant opening/closing `.*` from `MATCH` expressions [64]
 o cmake: drop unused `HAVE_SYS_XATTR_H` detection [79]
 o cmake: extend zlib's `AUTO` option to brotli, zstd and enable if found [36]
 o cmake: fix `net/in.h` detection for MS-DOS [103]
 o cmake: improve `curl_dumpvars()` and move to `Utilities.cmake` [50]
 o cmake: make libpsl required by default [45]
 o cmake: make system libraries `dl`, `m`, `pthread` customizable [123]
 o cmake: move `pkg-config` names to Find modules [87]
 o cmake: move GSS init before feature detections [93]
 o cmake: namespace functions and macros [41]
 o cmake: optimize out 4 picky warning option detections with gcc [78]
 o cmake: publish/check supported protocols/features via `CURLConfig.cmake` [100]
 o cmake: replace `unset(VAR)` with `set(VAR "")` for init [43]
 o cmake: sync OpenSSL QUIC fork detection with autotools [102]
 o cmake: use `CMAKE_REQUIRED_LINK_DIRECTORIES` [48]
 o cmake: use `STREQUAL` to detect Linux [68]
 o config-mac: drop `MACOS_SSL_SUPPORT` macro [63]
 o configure: drop unused detections and macros [105]
 o conncache: result_cb comment removed from function docs [1]
 o cookie: fix crash in netscape cookie parsing [84]
 o cookie: parse only the exact expire date [3]
 o curl: return error if etag options are used with multiple URLs [5]
 o curl_multibyte: support Windows paths longer than MAX_PATH [76]
 o curl_sha512_256: rename symbols to the curl namespace [124]
 o curl_url_set.md: adjust the added-in to 7.62.0 [94]
 o curl_ws_recv.md: fix typo
 o CURLOPT_PROXY.md: clarify the crendential support in proxy URLs [66]
 o CURLOPT_RESOLVE.md: fix wording [30]
 o CURLOPT_SEEKFUNCTION.md: used for FTP, HTTP and SFTP (only) [109]
 o docs/BUGS.md: remove leading space from a link
 o docs/cmdline-opts/_ENVIRONMENT.md: minor language fix [119]
 o docs/HTTP-COOKIES.md: link to more information [125]
 o docs/libcurl/opts: clarify the return values [114]
 o docs/libcurl: return value overhall [120]
 o docs: use lowercase curl and libcurl [113]
 o examples/block-ip: drop redundant `memory.h` include
 o examples/block-ip: show how to block IP addresses [74]
 o examples/complicated: fix warnings, bump deprecated callback, tidy up [59]
 o examples/synctime.c: remove references to dead URLs and functionality [62]
 o examples: make them compile with compatibility functions disabled (Windows) [58]
 o file: drop `OPEN_NEEDS_ARG3` option [91]
 o file: fix Android compiler warning [85]
 o hash: add asserts in hash_element_dtor() [126]
 o http2: fix value stored to 'result' is never read [71]
 o http: fix build with `CURL_DISABLE_COOKIES` [95]
 o http: ignore invalid Retry-After times [107]
 o http_aws_sigv4: Fix invalid compare function handling zero-length pairs [24]
 o INFRASTRUCTURE.md: project infra [99]
 o lib517: extend the getdate test with quotes and leading "junk" [4]
 o lib: remove `__EMX__` guards [83]
 o lib: replace `inline` redefine with `CURL_INLINE` macro [47]
 o lib: supress deprecation warnings in apple builds [32]
 o lib: TLS session ticket caching reworked [60]
 o Makefile.mk: drop in favour of autotools and cmake (MS-DOS, AmigaOS3) [38]
 o mbedtls: fix handling of blocked sends [116]
 o mime: explicitly rewind subparts at attachment time. [80]
 o multi: fix curl_multi_waitfds reporting of fd_count [73]
 o multi: fix return code for an already-removed easy handle [106]
 o multissl: auto-enable `OPENSSL_COEXIST` for wolfSSL + OpenSSL [92]
 o multissl: make openssl + wolfssl builds work [34]
 o netrc: 'default' with no credentials is not a match [108]
 o netrc: fix password-only entries [28]
 o netrc: restore _netrc fallback logic [6]
 o ngtcp2: fix two cases of value stored never read [65]
 o openssl: fix ECH logic [67]
 o projects/Windows: remove wolfSSL from legacy projects [75]
 o RELEASE-PROCEDURE.md: mention how to publish security advisories [2]
 o scripts/mdlinkcheck: markdown link checker [19]
 o sectransp: free certificate on error [12]
 o select: avoid a NULL deref in cwfds_add_sock [128]
 o smb: fix compiler warning [112]
 o src: add `CURL_STRICMP()` macro, use `_stricmp()` on Windows [54]
 o src: drop support for `CURL_TESTDIR` debug env [121]
 o strparse: string parsing helper functions [8]
 o system.h: add 64-bit curl_off_t definitions for NonStop [11]
 o test483: require cookie support [98]
 o tests/http/clients: use proper sleep() call on NonStop [10]
 o TheArtOfHttpScripting.md: rewrite double 'that' [115]
 o tool_formparse.c: make curlx_uztoso a static in here [39]
 o tool_formparse: accept digits in --form type= strings [33]
 o tool_getparam: fix "Ignored Return Value" [21]
 o tool_getparam: fix memory leak on error in parse_ech [14]
 o tool_getparam: fix the ECH parser [20]
 o tool_operate: make --etag-compare always accept a non-existing file [22]
 o urlapi: fix redirect to a new fragment or query (only) [118]
 o variable.md: mention --expand-variable for variables to variables [13]
 o variable.md: show function use with examples [18]
 o vquic: fix 4th function call argument is an uninitialized value [70]
 o vquic: make vquic_send_packets not return without setting psent [69]
 o vtls: only remember the expiry timestamp in session cache [110]
 o vtls: remove 'detach/attach' functions from TLS handler struct [25]
 o vtls: remove unusued 'check_cxn' from TLS handler struct [26]
 o vtls: replace "none"-functions with NULL pointers [27]
 o VULN-DISCLOSURE-POLICY.md: mention the not setting CVSS [23]
 o ws-docs: remove the outdated texts saying ws support is experimental [15]

This release includes the following known bugs:

 See docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)

For all changes ever done in curl:

 See https://curl.se/changes.html

Planned upcoming removals include:

 o TLS libraries not supporting TLS 1.3

 See https://curl.se/dev/deprecate.html for details

This release would not have looked like this without help, code, reports and
advice from friends like these:

  Andy Pan, Ben Zanin, Christian Heusel, Christian Schmitz,
  Christopher Dannemiller, Daniel Stenberg, Darren Banfi, dependabot[bot],
  Derek Huang, dwickr, Ganesh Viswanathan, Hermes Zhang, IcedCoffeee on github,
  Jakub Jelen, Jeroen Ooms, Kai Pastor, Kevin Sun, Kuan-Wei Chiu,
  Manuel Einfalt, Marcel Raad, Mohammed Sadiq, Patrick Monnerat,
  prpr19xx on github, Qriist on github, Ralph Sennhauser, Randall S. Becker,
  Ray Satiro, renovate[bot], Rudi Heitbaum, Samuel Henrique, Stefan Eissing,
  Tamás Bálint Misius, Tamir Duberstein, Viktor Szakats, Yedaya Katsman,
  Yihang Zhou
  (36 contributors)

References to bug reports and discussions on issues:

 [1] = https://curl.se/bug/?i=15720
 [2] = https://curl.se/bug/?i=15714
 [3] = https://curl.se/bug/?i=15709
 [4] = https://curl.se/bug/?i=15708
 [5] = https://curl.se/bug/?i=15729
 [6] = https://curl.se/bug/?i=15734
 [7] = https://curl.se/bug/?i=15687
 [8] = https://curl.se/bug/?i=15692
 [9] = https://curl.se/bug/?i=15725
 [10] = https://curl.se/bug/?i=15711
 [11] = https://curl.se/bug/?i=15723
 [12] = https://curl.se/bug/?i=15721
 [13] = https://curl.se/bug/?i=15752
 [14] = https://curl.se/bug/?i=15753
 [15] = https://curl.se/bug/?i=15749
 [16] = https://issues.oss-fuzz.com/issues/383911309
 [17] = https://curl.se/bug/?i=15495
 [18] = https://curl.se/bug/?i=15743
 [19] = https://curl.se/bug/?i=15742
 [20] = https://curl.se/bug/?i=15741
 [21] = https://curl.se/bug/?i=15740
 [22] = https://curl.se/bug/?i=15737
 [23] = https://curl.se/bug/?i=15779
 [24] = https://curl.se/bug/?i=15778
 [25] = https://curl.se/bug/?i=15776
 [26] = https://curl.se/bug/?i=15775
 [27] = https://curl.se/bug/?i=15772
 [28] = https://curl.se/bug/?i=15767
 [29] = https://curl.se/bug/?i=15769
 [30] = https://curl.se/bug/?i=15770
 [31] = https://curl.se/bug/?i=15730
 [32] = https://curl.se/bug/?i=15763
 [33] = https://curl.se/bug/?i=15761
 [34] = https://curl.se/bug/?i=15596
 [35] = https://curl.se/bug/?i=15764
 [36] = https://curl.se/bug/?i=15431
 [37] = https://curl.se/bug/?i=15408
 [38] = https://curl.se/bug/?i=15543
 [39] = https://curl.se/bug/?i=15796
 [40] = https://curl.se/bug/?i=15450
 [41] = https://curl.se/bug/?i=15498
 [42] = https://curl.se/bug/?i=15478
 [43] = https://curl.se/bug/?i=15255
 [44] = https://curl.se/bug/?i=15787
 [45] = https://curl.se/bug/?i=15464
 [46] = https://curl.se/bug/?i=15273
 [47] = https://curl.se/bug/?i=15523
 [48] = https://curl.se/bug/?i=15280
 [49] = https://curl.se/bug/?i=15465
 [50] = https://curl.se/bug/?i=15562
 [51] = https://curl.se/bug/?i=15577
 [52] = https://curl.se/bug/?i=15813
 [53] = https://curl.se/bug/?i=15815
 [54] = https://curl.se/bug/?i=15788
 [55] = https://curl.se/bug/?i=15512
 [56] = https://curl.se/bug/?i=15739
 [57] = https://curl.se/bug/?i=15120
 [58] = https://curl.se/bug/?i=15789
 [59] = https://curl.se/bug/?i=15785
 [60] = https://curl.se/bug/?i=15774
 [61] = https://curl.se/bug/?i=15667
 [62] = https://curl.se/bug/?i=15786
 [63] = https://curl.se/bug/?i=15777
 [64] = https://curl.se/bug/?i=15773
 [65] = https://curl.se/bug/?i=15812
 [66] = https://curl.se/bug/?i=15805
 [67] = https://curl.se/bug/?i=15814
 [68] = https://curl.se/bug/?i=15855
 [69] = https://curl.se/bug/?i=15807
 [70] = https://curl.se/bug/?i=15808
 [71] = https://curl.se/bug/?i=15806
 [72] = https://curl.se/bug/?i=15784
 [73] = https://curl.se/bug/?i=15146
 [74] = https://curl.se/bug/?i=15748
 [75] = https://curl.se/bug/?i=15468
 [76] = https://curl.se/bug/?i=13522
 [77] = https://curl.se/bug/?i=15587
 [78] = https://curl.se/bug/?i=15850
 [79] = https://curl.se/bug/?i=15845
 [80] = https://curl.se/bug/?i=15842
 [81] = https://curl.se/bug/?i=15840
 [83] = https://curl.se/bug/?i=15884
 [84] = https://curl.se/bug/?i=15826
 [85] = https://curl.se/bug/?i=15883
 [86] = https://curl.se/bug/?i=15832
 [87] = https://curl.se/bug/?i=15800
 [88] = https://curl.se/bug/?i=15829
 [89] = https://curl.se/bug/?i=15827
 [90] = https://curl.se/bug/?i=15828
 [91] = https://curl.se/bug/?i=15882
 [92] = https://curl.se/bug/?i=15765
 [93] = https://curl.se/bug/?i=15809
 [94] = https://curl.se/bug/?i=15822
 [95] = https://curl.se/bug/?i=15820
 [96] = https://curl.se/bug/?i=15915
 [97] = https://curl.se/bug/?i=15871
 [98] = https://curl.se/bug/?i=15876
 [99] = https://curl.se/bug/?i=15906
 [100] = https://curl.se/bug/?i=15854
 [102] = https://curl.se/bug/?i=15873
 [103] = https://curl.se/bug/?i=15869
 [104] = https://curl.se/bug/?i=15868
 [105] = https://curl.se/bug/?i=15867
 [106] = https://curl.se/bug/?i=15844
 [107] = https://curl.se/bug/?i=15833
 [108] = https://curl.se/bug/?i=15908
 [109] = https://curl.se/bug/?i=15903
 [110] = https://curl.se/bug/?i=15861
 [112] = https://curl.se/bug/?i=15902
 [113] = https://curl.se/bug/?i=15898
 [114] = https://curl.se/bug/?i=15900
 [115] = https://curl.se/bug/?i=15863
 [116] = https://curl.se/bug/?i=15801
 [117] = https://curl.se/bug/?i=15835
 [118] = https://curl.se/bug/?i=15836
 [119] = https://curl.se/bug/?i=15897
 [120] = https://curl.se/bug/?i=15899
 [121] = https://curl.se/bug/?i=15893
 [122] = https://curl.se/bug/?i=15895
 [123] = https://curl.se/bug/?i=15892
 [124] = https://curl.se/bug/?i=15894
 [125] = https://curl.se/bug/?i=15891
 [126] = https://curl.se/bug/?i=15889
 [128] = https://curl.se/bug/?i=15881