                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Version 8.1.0 (17 May 2023)

Daniel Stenberg (17 May 2023)

- RELEASE-NOTES: synced

- THANKS: contributors from the 8.1.0 release

- hostip: include easy_lock.h before using GLOBAL_INIT_IS_THREADSAFE

  Since that header file is the only place that define can be defined.

  Reported-by: Marc Deslauriers

  Follow-up to 13718030ad4b3209

  Closes #11121

Thomas Taylor (16 May 2023)

- aws-sigv4.d: fix region identifier in example

  Closes #11117

Philip Heiduck (15 May 2023)

- mlc_config.json: remove this linkcheck CI job config file

  Closes #11113

Daniel Silverstone (15 May 2023)

- ssh: Add support for libssh2 read timeout

  Hook the new (1.11.0 or newer) libssh2 support for setting a read timeout
  into the SERVER_RESPONSE_TIMEOUT option.  With this done, clients can use
  the standard curl response timeout setting to also control the time that
  libssh2 will wait for packets from a slow server.  This is necessary to
  enable use of very slow SFTP servers.

  Signed-off-by: Daniel Silverstone <daniel.silverstone@codethink.co.uk>

  Closes #10965

Osama Albahrani (14 May 2023)

- GIT-INFO: add --with-openssl

  Closes #11110

Daniel Stenberg (13 May 2023)

- RELEASE-NOTES: synced

Marcel Raad (13 May 2023)

- md(4|5): don't use deprecated iOS functions

  They are marked as deprecated in iOS 13.0, which might result in
  warnings-as-errors.

  Also, use `*_MIN_REQUIRED` instead of `*_MIN_ALLOWED`, which seems to
  be what's currently used.

  Bug: https://github.com/curl/curl/issues/11098
  Closes https://github.com/curl/curl/pull/11102

- md4: only build when used

  Its only usage in curl_ntlm_core.c is guarded by `USE_CURL_NTLM_CORE`,
  so let's use this here too.

  Ref: https://github.com/curl/curl/issues/11098
  Closes https://github.com/curl/curl/pull/11102

Vítor Galvão (12 May 2023)

- write-out.d: Use response_code in example

  Closes #11107

Shohei Maeda (12 May 2023)

- url: fix null dispname for --connect-to option

  Closes #11106

Daniel Stenberg (12 May 2023)

- test2306: verify getting a second response with folded headers

  Reproduces the isue #11101 and verifies the fix.

  Verifies a17b2a503f

- headers: clear (possibly) lingering pointer in init

  The "prevhead" pointer is used for the headers storage but was not
  cleared correctly in init, which made it possible to act up when a
  handle is reused.

  Reported-by: Steve Herrell
  Fixes #11101
  Closes #11103

- RELEASE-NOTES: synced

- ngtcp2: use 0.15.0

  - nghttp3 0.11.0
  - nghttp2 1.53.0

  Adapt to new API calls

  Closes #11031

Jay Satiro (10 May 2023)

- openssl: fix indent

Daniel Stenberg (10 May 2023)

- CURLOPT_DNS_CACHE_TIMEOUT.3: fix spelling

  Follow-up to 9ed7d56e044f5aa1b29

  Closes #11096

- hostip: use time_t for storing oldest DNS entry

  Theoretically, the oldest time could overflow an int. In practice that
  won't happen, but let's do this to please analyzers.

  Follow-up to 9ed7d56e044f5aa1b2928ccde6245d0

  Pointed out by Coverity.
  Closes #11094

- http: free the url before storing a new copy

  To avoid a memory-leak.

  Reported-by: Hiroki Kurosawa

  Closes #11093

- compressed.d: clarify the words on "not notifying headers"

  Reported-by: Dylan Anthony
  Fixes #11091
  Closes #11092

- libssh2: free fingerprint better

  Reported-by: Wei Chong Tan
  Closes #11088

- CURLOPT_IPRESOLVE.3: clarify that this for host names, not IP addresses

  Reported-by: Harry Sintonen
  Closes #11087

- hostip: enforce a maximum DNS cache size independent of timeout value

  To reduce the damage an application can cause if using -1 or other
  ridiculous timeout values and letting the cache live long times.

  The maximum number of entries in the DNS cache is now totally
  arbitrarily and hard-coded set to 29999.

  Closes #11084

- hostip: store dns timeout as 'int'

  ... because it set and held as an 'int' elsewhere and can never be
  larger.

- RELEASE-NOTES: synced

- tool_operate: refuse (--data or --form) and --continue-at combo

  libcurl assumes that a --continue-at resumption is done to continue an
  upload using the read callback and neither --data nor --form use
  that and thus won't do what the user wants. Whatever the user wants
  with this strange combination.

  Add test 426 to verify.

  Reported-by: Smackd0wn on github
  Fixes #11081
  Closes #11083

- transfer: refuse POSTFIELDS + RESUME_FROM combo

  The code assumes that such a resume is wanting to continue an upload
  using the read callback, and since POSTFIELDS is done without callback
  libcurl will just misbehave.

  This combo will make the transfer fail with CURLE_BAD_FUNCTION_ARGUMENT
  with an explanation in the error message.

  Reported-by: Smackd0wn on github
  Fixes #11081
  Closes #11083

- ipv4.d/ipv6.d: they are "mutex", not "boolean"

  ... which for example means they do not have --no-* versions.

  Reported-by: Harry Sintonen
  Fixes #11085
  Closes #11086

- docs/SECURITY-ADVISORY.md: how to write a curl security advisory

  Closes #11080

nobedee on github (5 May 2023)

- MANUAL.md: add dict example for looking up a single definition

  Closes #11077

Dan Fandrich (5 May 2023)

- runtests: fix -c option when run with valgrind

  The curl binary argument wasn't being quoted properly. This seems to
  have broken at some point after quoting was added in commit 606b29fe.

  Reported-by: Daniel Stenberg
  Ref: #11073
  Fixes #11074
  Closes #11076

- runtests: support creating more than one runner process

  The controller currently only creates and uses one, but more are now
  possible.

  Ref: #10818

- runtests: spawn a new process for the test runner

  When the -j option is given, a new process is spawned in which the test
  programs are run and from which test servers are started. Only one
  process can be started at once, but this is sufficient to test that the
  infrastructure can isolate those functions in a new task. There should
  be no visible difference between the two modes at the moment.

  Ref: #10818
  Closes #11064

- runtests: turn singletest() into a state machine

  This allows it to run in a non-blocking manner.

  Ref: #10818

- runtests: change runner interface to be asynchronous

  Program arguments are marshalled and then written to the end of a pipe
  which is later read from and the arguments unmarshalled before the
  desired function is called normally.  The function return values are
  then marshalled and written into another pipe when is later read from
  and unmarshalled before being returned to the caller.

  The implementation is currently blocking but can be made non-blocking
  without any changes to the API.  This allows calling multiple runners
  without blocking in the future.

  Ref: #10818

- runtests: call citest_finishtest in singletest

  This is where citest_starttest is called.

  Ref: #10818

- runtests: add a runner initialization function

  This sets up the runner environment to start running tests.

  Ref: #10818

- runtests: remove directory from server filename variables

  There will soon be multiple log directories so the paths will no longer
  be static in runtests.pl. Also, get rid of $SERVER2IN which was not
  used.

  Ref: #10818

- runtests: reduce package exports after refactoring

  Some recent refactoring made these export no longer necessary. Also,
  stop displaying the Unix socket paths at startup since there will soon
  be many of them and they're not that interesting.

  Ref: #10818

- runtests: use a function to obtain $LOGDIR for a test

  This will no longer be static soon.

  Ref: #10818

Jay Satiro (5 May 2023)

- tool_cb_hdr: Fix 'Location:' formatting for early VTE terminals

  - Disable hyperlink formatting for the 'Location:' header value in VTE
    0.48.1 and earlier, since it is buggy in some of those versions.

  Prior to this change those terminals may show the location header value
  as gibberish or show it twice.

  Ref: https://gist.github.com/egmontkob/eb114294efbcd5adb1944c9f3cb5feda#backw
  ard-compatibility

  Fixes https://github.com/curl/curl/issues/10428
  Closes https://github.com/curl/curl/pull/11071

François Michel (3 May 2023)

- quiche: disable pacing while pacing is not actually performed

  Closes #11068

Daniel Stenberg (2 May 2023)

- easy_cleanup: require a "good" handle to act

  By insisting that the passed in handle is "good" (the magic number is
  intact), this can limit the potential damage if a bad pointer is passed
  in. Like when this function is called twice on the same handle pointer.

  Ref: #10964
  Closes #11061

Andreas Falkenhahn (1 May 2023)

- amiga: Fix CA certificate paths for AmiSSL and MorphOS

  AmiSSL stores certificates in `AmiSSL:Certs` and MorphOS stores them in
  `MOSSYS:Data/SSL/curl-ca-bundle.crt`.

  Closes https://github.com/curl/curl/pull/11059

Daniel Stenberg (30 Apr 2023)

- http2: (void)-mark when we explicitly ignore the return code

  When h2_progress_egress() is called. Pointed out by Coverity.

  Closes #11057

- checksrc: find bad indentation in conditions without open brace

  If the previous line starts with if/while/for AND ends with a closed
  parenthesis and there's an equal number of open and closed parentheses
  on that line, verify that this line is indented $indent more steps, if
  not a cpp line.

  Also adjust the fall-out from this fix.

  Closes #11054

Diogo Teles Sant'Anna (28 Apr 2023)

- CI: Set minimal permissions on workflow ngtcp2-quictls.yml

  Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>

  Closes #11055

Dan Fandrich (28 Apr 2023)

- CI: use another glob syntax for matching files on Appveyor

  The previous globbing syntax was not matching files recursively in
  directories, so try appending a /* to more closely match the examples at
  https://www.appveyor.com/docs/how-to/filtering-commits/

Daniel Stenberg (28 Apr 2023)

- multi: add multi-ignore logic to multi_socket_action

  The multi-ignore logic that was previously applied to
  curl_multi_perform() (#10750) is here applied to the loop within
  curl_multi_socket_action() to make it use the same optimization: most
  handles have the same signal-ignore option state so this drastically
  reduces the number of ignore/unignore calls per libcurl function invoke.

  Follow-up to bc90308328afb8

  Closes #11045

Stefan Eissing (28 Apr 2023)

- http2: do flow window accounting for cancelled streams

  - nghttp2 does not free connection level window flow for
    aborted streams
  - when closing transfers, make sure that any buffered
    response data is "given back" to the flow control window
  - add tests test_02_22 and test_02_23 to reproduce

  Closes #11052

- pingpong: fix compiler warning "assigning an enum to unsigned char"

  Closes #11050

Daniel Stenberg (28 Apr 2023)

- configure: fix detection of apxs (for httpd)

  The condition check was turned the wrong way around!

  Closes #11051

Viktor Szakats (28 Apr 2023)

- ci: `-Wno-vla` no longer necessary

  We handle this issue in the source now.

  Follow-up to b725fe1944b45406676ea3aff333ae3085a848d9

  Reviewed-by: Marcel Raad
  Reviewed-by: Daniel Stenberg
  Closes #11048

Marcel Raad (28 Apr 2023)

- tests/http: make curl_setup.h the first include

  This is required for the macros there to take effect for system
  libraries. Specifically, including the system libraries first led to
  warnings about `_FILE_OFFSET_BITS` being redefined in curl_config.h on
  the Solaris autobuilds for ws-data.c and ws-pingpong.c.
  Also make the curl includes come first for the other source files here
  for consistency.

  Closes https://github.com/curl/curl/pull/11046

Emanuele Torre (27 Apr 2023)

- checksrc: check for spaces before the colon of switch labels

  Closes #11047

Daniel Stenberg (27 Apr 2023)

- RELEASE-NOTES: synced

- libssh: tell it to use SFTP non-blocking

  Reported-by: Andreas Huebner
  Fixes #11020
  Closes #11039

Stefan Eissing (27 Apr 2023)

- http2: enlarge the connection window

  - fixes stalled connections

  - Make the connection window large enough, so that there is
    some room left should 99/100 streams be PAUSED by the application

  Reported-by: Paweł Wegner
  Fixes #10988
  Closes #11043

Daniel Stenberg (27 Apr 2023)

- checksrc: fix SPACEBEFOREPAREN for conditions starting with "*"

  The open paren check wants to warn for spaces before open parenthesis
  for if/while/for but also for any function call. In order to avoid
  catching function pointer declarations, the logic allows a space if the
  first character after the open parenthesis is an asterisk.

  I also spotted what we did not include "switch" in the check but we should.

  This check is a little lame, but we reduce this problem by not allowing
  that space for if/while/for/switch.

  Reported-by: Emanuele Torre
  Closes #11044

- docs: minor polish

  - "an HTTP*" (not "a")
  - remove a few contractions
  - remove a spurious "a"
  - reduce use of "I" in texts

  Closes #11040

- ws: fix CONT opcode check

  Detected by Coverity. Follow-up to 930c00c259

  Closes #11037

Dan Fandrich (27 Apr 2023)

- CI: switch the awslc builds to build out-of-tree

  This is a common configuration that should be tested to avoid
  regressions. The awsls cmake build was already out-of-tree so the
  automake build now joins it.

  Ref: #11006

- tests/http: fix out-of-tree builds

  Add both lib/ directories (src & build) to the search path so
  curl_setup.h and its dependencies can be found.

  Followup-to acd82c8b

  Ref: #11006
  Closes #11036

Daniel Stenberg (27 Apr 2023)

- urlapi: make internal function start with Curl_

  Curl_url_set_authority() it is.

  Follow-up to acd82c8bfd

  Closes #11035

YX Hao (26 Apr 2023)

- cf-socket: turn off IPV6_V6ONLY on Windows if it is supported

  IPV6_V6ONLY refs:
  https://en.wikipedia.org/wiki/IPv6#IPv4-mapped_IPv6_addresses
  https://github.com/golang/go/blob/master/src/net/ipsock_posix.go
  https://en.wikipedia.org/wiki/Unix-like
  https://learn.microsoft.com/en-us/windows/win32/winsock/ipproto-ipv6-socket-o
  ptions

  default value refs:
  https://datatracker.ietf.org/doc/html/rfc3493#section-5.3
  https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html#proc-sys-net
  -ipv6-variables

  Closes #10975

Daniel Stenberg (26 Apr 2023)

- urldata: shrink *select_bits int => unsigned char

  - dselect_bits
  - cselect_bits

  ... are using less than 8 bits. Changed types and moved them towards
  the end of the structs to fit better.

  Closes #11025

Stefan Eissing (26 Apr 2023)

- tests/http: more tests with specific clients

  - Makefile support for building test specific clients in tests/http/clients
  - auto-make of clients when invoking pytest
  - added test_09_02 for server PUSH_PROMISEs using clients/h2-serverpush
  - added test_02_21 for lib based downloads and pausing/unpausing transfers

  curl url parser:
  - added internal method `curl_url_set_authority()` for setting the
    authority part of a url (used for PUSH_PROMISE)

  http2:
  - made logging of PUSH_PROMISE handling nicer

  Placing python test requirements in requirements.txt files
  - separate files to base test suite and http tests since use
    and module lists differ
  - using the files in the gh workflows

  websocket test cases, fixes for we and bufq
  - bufq: account for spare chunks in space calculation
  - bufq: reset chunks that are skipped empty
  - ws: correctly encode frames with 126 bytes payload
  - ws: update frame meta information on first call of collect
    callback that fills user buffer
  - test client ws-data: some test/reporting improvements

  Closes #11006

Jay Satiro (26 Apr 2023)

- libssh2: fix crash in keyboard callback

  - Always set the libssh2 'abstract' user-pointer to the libcurl easy
    handle associated with the ssh session, so it is always passed to the
    ssh keyboard callback.

  Prior to this change and since 8b5f100 (precedes curl 8.0.0), if libcurl
  was built without CURL_DEBUG then it could crash during the ssh auth
  phase due to a null dereference in the ssh keyboard callback.

  Reported-by: Andreas Falkenhahn

  Fixes https://github.com/curl/curl/pull/11024
  Closes https://github.com/curl/curl/pull/11026

Daniel Stenberg (26 Apr 2023)

- docs: clarify that more backends have HTTPS proxy support

  Closes #11033

- KNOWN_BUGS: remove two not-bugs

  - 11.7 signal-based resolver timeouts

  Not considered a bug anymore but just implementation details. People
  should avoid using timeouts with the synchronous name resolver.

  - 11.16 libcurl uses renames instead of locking for atomic operations

  Not a bug, just a description of how it works

  Closes #11032

Harry Sintonen (26 Apr 2023)

- hostip: add locks around use of global buffer for alarm()

  When building with the sync name resolver and timeout ability we now
  require thread-safety to be present to enable it.

  Closes #11030

Daniel Stenberg (26 Apr 2023)

- curl_path: bring back support for SFTP path ending in /~

  libcurl used to do a directory listing for this case (even though the
  documentation says a URL needs to end in a slash for this), but
  4e2b52b5f7a3 modified the behavior.

  This change brings back a directory listing for SFTP paths that are
  specified exactly as /~ in the URL.

  Reported-by: Pavel Mayorov
  Fixes #11001
  Closes #11023

Emanuele Torre (26 Apr 2023)

- docs/libcurl/curl_*escape.3: rename "url" argument to "input"/"string"

  Also reword the DESCRIPTION section to mention "input"/"string" argument
  in bold.

  Closes #11027

- docs/libcurl: minor cleanups

  I was reading curl_unescape(3) and I noticed that there was an extra
  space after the open parenthesis in the SYNOPSIS; I removed the extra
  space.

  I also ran a few  grep -r  commands to find and remove extra spaces
  after '(' in other files, and to find and replace uses of `T*' instead
  of `T *'. Some of the instances of `T*` where unnecessary casts that I
  removed.

  I also fixed a comment that was misaligned in CURLMOPT_SOCKETFUNCTION.3.

  And I fixed some formatting inconsistencies: in curl_unescape(3), all
  function parameter were mentioned with bold text except length, that was
  mentioned as 'length'; and, in curl_easy_unescape(3), all parameters
  were mentioned in bold text except url that was italicised. Now they are
  all mentioned in bold.
  Documentation is not very consistent in how function parameter are
  formatted: many pages italicise them, and others display them in bold
  text; but I think it makes sense to at least be consistent with
  formatting within the same page.

  Closes #11027

Daniel Stenberg (26 Apr 2023)

- man pages: simplify the .TH sections

  - remove the version numbers
  - simplify the texts

  The date and version number will be put there for releases when maketgz
  runs the updatemanpages.pl script.

  Closes #11029

- hostcheck: fix host name wildcard checking

  The leftmost "label" of the host name can now only match against single
  '*'. Like the browsers have worked for a long time.

  - extended unit test 1397 for this
  - move some SOURCE variables from unit/Makefile.am to unit/Makefile.inc

  Reported-by: Hiroki Kurosawa
  Closes #11018

Dan Fandrich (25 Apr 2023)

- smbserver: remove temporary files before exit

  Each execution of test 1451 would leave a file in /tmp before. Since
  Windows can't delete a file while it's open, all the temporary file
  names are stored and deleted on exit.

  Closes #10990

Stefan Eissing (25 Apr 2023)

- Websocket en-/decoding

  - state is fully kept at connection, since curl_ws_send() and
    curl_ws_rec() have lifetime beyond usual transfers
  - no more limit on frame sizes

  Reported-by: simplerobot on github
  Fixes #10962
  Closes #10999

Patrick Monnerat (25 Apr 2023)

- urldata: copy CURLOPT_AWS_SIGV4 value on handle duplication

  Prior to this change STRING_AWS_SIGV4 (CURLOPT_AWS_SIGV4) was wrongly
  marked as binary data that could not be duplicated.

  Without this fix, this option's value is not copied upon calling
  curl_easy_duphandle().

  Closes https://github.com/curl/curl/pull/11021

Stefan Eissing (25 Apr 2023)

- http3: expire unpaused transfers in all HTTP/3 backends

  Closes #11005

- http2: always EXPIRE_RUN_NOW unpaused http/2 transfers

  - just increasing the http/2 flow window does not necessarily
    make a server send new data. It may already have exhausted
    the window before

  Closes #11005

- http2: pass `stream` to http2_handle_stream_close to avoid NULL checks

  Closes #11005

- h2/h3: replace `state.drain` counter with `state.dselect_bits`

  - `drain` was used by http/2 and http/3 implementations to indicate
    that the transfer requires send/recv independant from its socket
    poll state. Intended as a counter, it was used as bool flag only.
  - a similar mechanism exists on `connectdata->cselect_bits` where
    specific protocols can indicate something similar, only for the
    whole connection.
  - `cselect_bits` are cleard in transfer.c on use and, importantly,
    also set when the transfer loop expended its `maxloops` tries.
    `drain` was not cleared by transfer and the http2/3 implementations
    had to take care of that.
  - `dselect_bits` is cleared *and* set by the transfer loop. http2/3
    does no longer clear it, only set when new events happen.

  This change unifies the handling of socket poll overrides, extending
  `cselect_bits` by a easy handle specific value and a common treatment in
  transfers.

  Closes #11005

Daniel Stenberg (25 Apr 2023)

- socketpair: verify with a random value

  ... instead of using the curl time struct, since it would use a few
  uninitialized bytes and the sanitizers would complain. This is a neater
  approach I think.

  Reported-by: Boris Kuschel
  Fixes #10993
  Closes #11015

Stefan Eissing (25 Apr 2023)

- HTTP3: document the ngtcp2/nghttp3 versions to use for building curl

  - refs #11011 to clarify this for people building curl themselves

  Closes #11019

Daniel Stenberg (25 Apr 2023)

- lib: unify the upload/method handling

  By making sure we set state.upload based on the set.method value and not
  independently as set.upload, we reduce confusion and mixup risks, both
  internally and externally.

  Closes #11017

- RELEASE-NOTES: synced

Dan Fandrich (24 Apr 2023)

- CI: don't run CI jobs if only another CI was changed

  A few paths were missed in the last commit, as well as a job added since
  then.

  Followup-to 395b9175

- CI: adjust labeler match patterns

- runtests: support buffering log messages in runner & servers

  Log messages generated with logmsg can now be buffered and returned from
  the runner as a return value.  This will be needed with parallel testing
  to allow all messages for one test to be displayed together instead of
  interspersed with messages of multiple tests. Buffering can be disabled
  by setting a logging callback function with setlogfunc, which is
  currently being done to preserve existing logging behaviour for now.

  Some additional output is generated in verbose and debugprotocol modes,
  which don't always use logmsg. These modes also impact some servers
  which generate extra messages. No attempt is made to buffer everything
  if these modes are enabled.

  Ref: #10818
  Closes #11016

- runtests: more consistently use logmsg in server control code

  Also, display an error when sshversioninfo returns one.

  Ref: #10818

- runtests: create runner functions for clearlocks and stopservers

  runtests.pl now uses runner for all server actions beyond the initial
  variable configuration.

  Ref: #10818

- runtests: tightened servers package exports

  The defaults are intended for runtests.pl, whereas runner.pm needs to
  explicitly specify them.

- runtests: display logs on server failure in singletest()

  This is closer to the place where logs are displayed on test failure.
  Also, only display these logs if -p is given, which is the same flag
  that controls display of test failure logs. Some server log files
  need to be deleted later so that they stay around long enough to be
  displayed on failure.

  Ref: #10818

- runtests: turn a print into a logmsg

  Also enable another couple of useful messages in verbose mode.

  Ref: #10818

Daniel Stenberg (24 Apr 2023)

- http: store the password in the correct variable

  Typo from fc2f1e547a4a, detected by Coverity (because there's dead code
  due to this).

  Closes #11002

Stefan Eissing (24 Apr 2023)

- HTTP3/quiche: terminate h1 response header when no body is sent

  - fixes a failure in test2501 where a response without body was missing
    the final empty line

  Closes #11003

Dan Fandrich (22 Apr 2023)

- runtests: move showdiff into runtests.pl

  It's not used anywhere else.

- devtest: add a new script for testing the test harness

  This is currently useful for starting a test server on its own without
  an associated test, which can be used for interactive curl testing or
  for validating parts of the test harness itself. More commands can be
  added to perform additional functions in the future.

  Ref: #10818
  Closes #11008

- runtests: refactor the main test loop into two

  The test loop now has an initial loop that first runs through all
  possible tests to build a set of those to attempt on this run based on
  features and keywords and only then goes through that new list to run
  them.  This actually makes it three loops through all tests cases, as
  there is an existing loop that gathers possible test numbers from the
  test files on disk.

  This has two minor effects on the output: all the tests that will be
  skipped are displayed at the start (instead of being interspersed with
  other tests) and the -l option no longer shows a count of tests at the
  end or a (misleading) statement that tests have run successfully. The
  skipped tests are also omitted from the test results sent to AppVeyor
  and Azure in CI builds.

  Another effect is a reduction in the amount of work considered part of
  the "Test definition reading and preparation time" reported with -r
  making those figures slightly lower than before.

  Ref: #10818

- runtests: track only the current test timings in runner.pm

  This avoids passing these data through through global variables, which
  soon won't be possible.

  Ref: #10818

- runtests: skip test preprocessing when doing -l

  This speeds up the output tremendously by avoiding unnecessary work.

- runtests: simplify value returned regarding use of valgrind

  As a side effect this will now also show in verbose mode that valgrind
  is being skipped on tests that explicitly disable it, such as 600.

  Ref: #10818

- runtests: fix quoting in Appveyor and Azure test integration

  Test 1442's name was not quoted correctly so wasn't registered in
  Appveyor and it had the wrong name in Azure. The JSON string quotes were
  also invalid, even though both servers happened to accept it regardless.

  Closes #11010

Daniel Stenberg (19 Apr 2023)

- RELEASE-NOTES: synced

Dan Fandrich (18 Apr 2023)

- runtests: spread out the port numbers used by servers

  The server ports are chosen randomly for each server, but the random
  ranges chosen were inconsistently-sized and overlapping. Now, they are
  spread out more so at least the first random port chosen for each server
  is guaranteed to not also be chosen by another server. The starting port
  numbers are also raised to put them in the Ephemeral Port range—not the
  range defined by RFC 6335 but the one used by Linux, which starts lower
  and gives us more room to work with.

  Reported-by: Daniel Stenberg

- runtests: fix problems on <killserver> failure

  The verify time must be set in this case, like all cases. An error
  message needs to be displayed as well.

- runtests: fix perl warning when <tool> is wrong

- runtests: don't try to stop stunnel before trying again

