                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Version 8.2.0 (19 Jul 2023)

Daniel Stenberg (19 Jul 2023)

- RELEASE-NOTES: synced

  8.2.0 release

- THANKS-filter: strip out "GitHub"

- THANKS: add contributors from 8.2.0

- RELEASE-PROCEDURE.md: adjust the release dates

Stefan Eissing (17 Jul 2023)

- quiche: fix defects found in latest coverity report

  Closes #11455

Daniel Stenberg (17 Jul 2023)

- quiche: avoid NULL deref in debug logging

  Coverity reported "Dereference after null check"

  If stream is NULL and the function exits, the logging must not deref it.

  Closes #11454

Stefan Eissing (17 Jul 2023)

- http2: treat initial SETTINGS as a WINDOW_UPDATE

  - refs #11426 where spurious stalls on large POST requests
    are reported
  - the issue seems to involve the following
    * first stream on connection adds up to 64KB of POST
      data, which is the max default HTTP/2 stream window size
      transfer is set to HOLD
    * initial SETTINGS from server arrive, enlarging the stream
      window. But no WINDOW_UPDATE is received.
    * curl stalls
  - the fix un-HOLDs a stream on receiving SETTINGS, not
    relying on a WINDOW_UPDATE from lazy servers

  Closes #11450

Daniel Stenberg (17 Jul 2023)

- ngtcp2: assigning timeout, but value is overwritten before used

  Reported by Coverity

  Closes #11453

- krb5: add typecast to please Coverity

Derzsi Dániel (16 Jul 2023)

- wolfssl: support setting CA certificates as blob

  Closes #11445

- wolfssl: detect when TLS 1.2 support is not built into wolfssl

  Closes #11444

Graham Campbell (15 Jul 2023)

- CI: bump nghttp2 from 1.55.0 to 1.55.1

  Closes #11442

Daniel Stenberg (15 Jul 2023)

- curl: return error when asked to use an unsupported HTTP version

  When one of the following options are used but the libcurl in use does
  not support it:

  --http2
  --http2-prior-knowledge
  --proxy-http2

  Closes #11440

Chris Paulson-Ellis (14 Jul 2023)

- cf-socket: don't bypass fclosesocket callback if cancelled before connect

  After upgrading to 8.1.2 from 7.84.0, I found that sockets were being
  closed without calling the fclosesocket callback if a request was
  cancelled after the associated socket was created, but before the socket
  was connected. This lead to an imbalance of fopensocket & fclosesocket
  callbacks, causing problems with a custom event loop integration using
  the multi-API.

  This was caused by cf_socket_close() calling sclose() directly instead
  of calling socket_close() if the socket was not active. For regular TCP
  client connections, the socket is activated by cf_socket_active(), which
  is only called when the socket completes the connect.

  As far as I can tell, this issue has existed since 7.88.0. That is,
  since the code in question was introduced by:
      commit 71b7e0161032927cdfb4e75ea40f65b8898b3956
      Author: Stefan Eissing <stefan@eissing.org>
      Date:   Fri Dec 30 09:14:55 2022 +0100

          lib: connect/h2/h3 refactor

  Closes #11439

Daniel Stenberg (13 Jul 2023)

- tool_parsecfg: accept line lengths up to 10M

  Bumped from 100K set in 47dd957daff9

  Reported-by: Antoine du Hamel
  Fixes #11431
  Closes #11435

Stefan Eissing (13 Jul 2023)

- CI: brew fix for openssl in default path

  If brew install/update links openssl into /usr/local, it will be found
  before anything we add with `-isystem path` to CPP/LDLFAGS.  Get rid of
  that by unlinking the keg.

  Fixes #11413
  Closes #11436

Daniel Stenberg (13 Jul 2023)

- RELEASE-NOTES: synced

Ondřej Koláček (13 Jul 2023)

- sectransp: fix EOF handling

  Regression since the large refactor from 2022

  Closes #11427

Daniel Stenberg (13 Jul 2023)

- checksrc: quote the file name to work with "funny" letters

  Closes #11437

Karthikdasari0423 (13 Jul 2023)

- HTTP3.md: ngtcp2 updated to v0.17.0 and nghttp3 to v0.13.0

  Follow-up to e0093b4b732f6

  Closes #11433

Daniel Stenberg (13 Jul 2023)

- CURLOPT_MIMEPOST.3: clarify what setting to NULL means

  Follow-up to e08382a208d4e480

  Closes #11430

Tatsuhiro Tsujikawa (12 Jul 2023)

- ngtcp2: build with 0.17.0 and nghttp3 0.13.0

  - ngtcp2_crypto_openssl was renamed to ngtcp2_crypto_quictls.

  Closes #11428

- CI: Bump ngtcp2, nghttp3, and nghttp2

  Closes #11428

James Fuller (11 Jul 2023)

- example/maxconnects: set maxconnect example

  Closes #11343

Pontakorn Prasertsuk (11 Jul 2023)

- http2: send HEADER & DATA together if possible

  Closes #11420

Daniel Stenberg (11 Jul 2023)

- CI: use wolfSSL 5.6.3 in builds

  No using master anymore

  Closes #11424

SaltyMilk (11 Jul 2023)

- fopen: optimize

  Closes #11419

Daniel Stenberg (11 Jul 2023)

- cmake: make use of snprintf

  Follow-up to 935b1bd4544a23a91d68

  Closes #11423

Stefan Eissing (11 Jul 2023)

- macOS: fix taget detection

  - TARGET_OS_OSX is not always defined on macOS
  - this leads to missing symbol Curl_macos_init()
  - TargetConditionals.h seems to define these only when
    dynamic targets are enabled (somewhere?)
  - this PR fixes that on my macOS 13.4.1
  - I have no clue why CI builds worked without it

  Follow-up to c7308592fb8ba213fc2c1
  Closes #11417

Stan Hu (9 Jul 2023)

- hostip.c: Move macOS-specific calls into global init call

  https://github.com/curl/curl/pull/7121 introduced a macOS system call
  to `SCDynamicStoreCopyProxies`, which is invoked every time an IP
  address needs to be resolved.

  However, this system call is not thread-safe, and macOS will kill the
  process if the system call is run first in a fork. To make it possible
  for the parent process to call this once and prevent the crash, only
  invoke this system call in the global initialization routine.

  In addition, this change is beneficial because it:

  1. Avoids extra macOS system calls for every IP lookup.
  2. Consolidates macOS-specific initialization in a separate file.

  Fixes #11252
  Closes #11254

Daniel Stenberg (9 Jul 2023)

- docs: use a space after RFC when spelling out RFC numbers

  Closes #11382

Margu (9 Jul 2023)

- imap-append.c: update to make it more likely to work

  Fixes #10300
  Closes #11397

Emanuele Torre (9 Jul 2023)

- tool_writeout_json: fix encoding of control characters

  Control characters without a special escape sequence e.g. %00 or %06
  were being encoded as "u0006" instead of "\u0006".

  Ref: https://github.com/curl/trurl/pull/214#discussion_r1257487858
  Closes #11414

Stefan Eissing (9 Jul 2023)

- http3/ngtcp2: upload EAGAIN handling

  - refs #11389 where IDLE timeouts on upload are reported
  - reword ngtcp2 expiry handling to apply to both send+recv
    calls into the filter
  - EAGAIN uploads similar to the recent changes in HTTP/2, e.g.
    report success only when send data was ACKed.
  - HOLD sending of EAGAINed uploads to avoid cpu busy loops
  - rename internal function for consistency with HTTP/2
    implementation

  Fixes #11389
  Closes #11390

Brian Nixon (9 Jul 2023)

- tool_easysrc.h: correct `easysrc_perform` for `CURL_DISABLE_LIBCURL_OPTION`

  Closes #11398

Daniel Stenberg (9 Jul 2023)

- RELEASE-NOTES: synced

- transfer: clear credentials when redirecting to absolute URL

  Make sure the user and password for the second request is taken from the
  redirected-to URL.

  Add test case 899 to verify.

  Reported-by: James Lucas
  Fixes #11410
  Closes #11412

Stefan Eissing (8 Jul 2023)

- hyper: fix EOF handling on input

  We ran out of disc space due to an infinite loop with debug logging

  Fixes #11377
  Closes #11385
  Reported-by: Dan Fandrich

- http2: raise header limitations above and beyond

  - not quite to infinity
  - rewrote the implementation of our internal HTTP/1.x request
    parsing to work with very large lines using dynbufs.
  - new default limit is `DYN_HTTP_REQUEST`, aka 1MB, which
    is also the limit of curl's general HTTP request processing.

  Fixes #11405
  Closes #11407

Juan Cruz Viotti (8 Jul 2023)

- curl_easy_nextheader.3: add missing open parenthesis examples

  Closes #11409
  Signed-off-by: Juan Cruz Viotti <jv@jviotti.com>

Dan Fandrich (7 Jul 2023)

- CI: enable verbose test output on pytest

  This shows individual pass/fail status on tests and makes this output
  consistent with other jobs' pytest invocations.

Stefan Eissing (28 Jun 2023)

- http2: fix crash in handling stream weights

  - Delay the priority handling until the stream has been opened.

  - Add test2404 to reproduce and verify.

  Weights may change "on the run", which is why there are checks in
  general egress handling. These must not trigger when the stream has not
  been opened yet.

  Reported-by: jbgoog@users.noreply.github.com

  Fixes https://github.com/curl/curl/issues/11379
  Closes https://github.com/curl/curl/pull/11384

- tests/http: Add mod_h2 directive `H2ProxyRequests`

  master of mod_h2 now requires H2ProxyRequests directives for forward
  proxying with HTTP/2 to work.

  Ref: https://github.com/icing/mod_h2/commit/3897a7086

  Closes https://github.com/curl/curl/pull/11392

Dan Fandrich (28 Jun 2023)

- CI: make Appveyor job names unique

  Two otherwise identical mingw-w64 jobs now have their differing compiler
  versions mentioned in their names.

Sheshadri.V (25 Jun 2023)

- curl.h: include <sys/select.h> for vxworks

  Closes #11356

Dan Fandrich (24 Jun 2023)

- CI: enable parallel make in more builds

  Most CI services provide at least two cores, so enable parallel make
  jobs to take advantage of that for builds. Some dependencies aren't safe
  to build in parallel so leave those as-is.  Also, rename a few
  workflows to eliminate duplicate names and provide a better idea what
  they're about.

- CI: don't install impacket if tests are not run

  It just wastes time and bandwidth and isn't even used.

divinity76 (24 Jun 2023)

- configure: the --without forms of the options are also gone

  --without-darwin-ssl and --without-metalink

  Closes #11378

Daniel Stenberg (23 Jun 2023)

- configure: add check for ldap_init_fd

  ... as otherwise the configure script will say it is OpenLDAP in the
  summary, but not set the USE_OPENLDAP define, therefor not using the
  intended OpenLDAP code paths.

  Regression since 4d7385446 (7.85.0)
  Fixes #11372
  Closes #11374
  Reported-by: vlkl-sap on github

Michał Petryka (23 Jun 2023)

- cmake: stop CMake from quietly ignoring missing Brotli

  The CMake project was set to `QUIET` for Brotli instead of
  `REQUIRED`. This makes builds unexpectedly ignore missing Brotli even
  when `CURL_BROTLI` is enabled.

  Closes #11376

Emanuele Torre (22 Jun 2023)

- docs: add more .IP after .RE to fix indentation of generate paragraphs

  follow-up from 099f41e097c030077b8ec078f2c2d4038d31353b

  I just thought of checking all the other files with .RE, and I found 6
  other files that were missing .IP at the end.

  Closes #11375

Stefan Eissing (22 Jun 2023)

- http2: h2 and h2-PROXY connection alive check fixes

  - fix HTTP/2 check to not declare a connection dead when
    the read attempt results in EAGAIN
  - add H2-PROXY alive check as for HTTP/2 that was missing
    and is needed
  - add attach/detach around Curl_conn_is_alive() and remove
    these in filter methods
  - add checks for number of connections used in some test_10
    proxy tunneling tests

  Closes #11368

- http2: error stream resets with code CURLE_HTTP2_STREAM

  - refs #11357, where it was reported that HTTP/1.1 downgrades
    no longer works
  - fixed with suggested change
  - added test_05_03 and a new handler in the curltest module
    to reproduce that downgrades work

  Fixes #11357
  Closes #11362
  Reported-by: Jay Satiro

Daniel Stenberg (22 Jun 2023)

- connect-timeout.d: mention that the DNS lookup is included

  Closes #11370

Emanuele Torre (22 Jun 2023)

- quote.d: fix indentation of generated paragraphs

  quote.d was missing a .IP at the end which caused the paragraphs
  generated for See-also, Multi, and Example to not be indented correctly.

  I also remove a redundant "This option can be used multiple times.", and
  replaced .IP "item" with .TP .B "item" to make more clear which lines
  are part of the list of commands and which aren't.

  Closes #11371

Paul Wise (22 Jun 2023)

- checksrc: modernise perl file open

  Use regular variables and separate file open modes from filenames.

  Suggested by perlcritic

  Copied from https://github.com/curl/trurl/commit/f2784a9240f47ee28a845

  Closes #11358

Dan Fandrich (21 Jun 2023)

- runtests: work around a perl without SIGUSR1

  At least msys2 perl v5.32.1 doesn't seem to define this signal. Since
  this signal is only used for debugging, just ignore if setting it fails.

  Reported-by: Marcel Raad
  Fixes #11350
  Closes #11366

- runtests: include missing valgrind package

  use valgrind was missing which caused torture tests with valgrind
  enabled to fail.

  Reported-by: Daniel Stenberg
  Fixes #11364
  Closes #11365

- runtests: use more consistent failure lines

  After a test failure log a consistent log message to make it easier to
  parse the log file.  Also, log a consistent message with "ignored" for
  failures that cause the test to be not considered at all. These should
  perhaps be counted in the skipped category, but this commit does not
  change that behaviour.

- runtests: consistently write the test check summary block

  The memory check character was erroneously omitted if the memory
  checking file was not available for some reason, making the block of
  characters an inconsistent length.

- test2600: fix the description

  It looks like it was cut-and-pasted.

  Closes #11354

Daniel Stenberg (21 Jun 2023)

- TODO: "Support HTTP/2 for HTTP(S) proxies" *done*

humbleacolyte (21 Jun 2023)

- cf-socket: move ctx declaration under HAVE_GETPEERNAME

  Closes #11352

Daniel Stenberg (20 Jun 2023)

- RELEASE-NOTES: synced

- example/connect-to: show CURLOPT_CONNECT_TO

  Closes #11340

Stefan Eissing (20 Jun 2023)

- hyper: unslow

  - refs #11203 where hyper was reported as being slow
  - fixes hyper_executor_poll to loop until it is out of
    tasks as advised by @seanmonstar in https://github.com/hyperium/hyper/issue
  s/3237
  - added a fix in hyper io handling for detecting EAGAIN
  - added some debug logs to see IO results
  - pytest http/1.1 test cases pass
  - pytest h2 test cases fail on connection reuse. HTTP/2
    connection reuse does not seem to work. Hyper submits
    a request on a reused connection, curl's IO works and
    thereafter hyper declares `Hyper: [1] operation was canceled: connection cl
  osed`
    on stderr without any error being logged before.

  Fixes #11203
  Reported-by: Gisle Vanem
  Advised-by: Sean McArthur
  Closes #11344

- HTTP/2: upload handling fixes

  - fixes #11242 where 100% CPU on uploads was reported
  - fixes possible stalls on last part of a request body when
    that information could not be fully send on the connection
    due to an EAGAIN
  - applies the same EGAIN handling to HTTP/2 proxying

  Reported-by: Sergey Alirzaev
  Fixed #11242
  Closes #11342

Daniel Stenberg (20 Jun 2023)

- example/opensslthreadlock: remove

  This shows how to setup OpenSSL mutex callbacks, but this is not
  necessary since OpenSSL 1.1.0 - meaning that no currently supported
  OpenSSL version requires this anymore

  Closes #11341

Dan Fandrich (19 Jun 2023)

- libtest: display the times after a test timeout error

  This is to help with test failure debugging.

  Ref: #11328
  Closes #11329

- test2600: bump a test timeout

  Case 1 failed at least once on GHA by going 30 msec too long.

  Ref: #11328

- runtests: better detect and handle pipe errors in the controller

  Errors reading and writing to the pipes are now better detected and
  propagated up to the main test loop so it can be cleanly shut down. Such
  errors are usually due to a runner dying so it doesn't make much sense
  to try to continue the test run.

- runtests: cleanly abort the runner if the controller dies

  If the controller dies unexpectedly, have the runner stop its servers
  and exit cleanly. Otherwise, the orphaned servers will stay running in
  the background.

- runtests: improve error logging

  Give more information about test harness error conditions to help figure
  out what might be wrong. Print some internal test state when SIGUSR1 is
  sent to runtests.pl.

  Ref: #11328

- runtests: better handle ^C during slow tests

  Since the SIGINT handler now just sets a flag that must be checked in the
  main controller loop, make sure that runs periodically.  Rather than
  blocking on a response from a test runner near the end of the test run,
  add a short timeout to allow it.

- runtests: rename server command file

  The name ftpserver.cmd was historical and has been used for more than
  ftp for many years now. Rename it to plain server.cmd to reduce
  confusion.

- tests: improve reliability of TFTP tests

  Stop checking the timeout used by the client under test (for most
  tests). The timeout will change if the TFTP test server is slow (such as
  happens on an overprovisioned CI server) because the client will retry
  and reduce its timeout, and the actual value is not important for most
  tests.

  test285 is changed a different way, by increasing the connect timeout.
  This improves test coverage by allowing the changed timeout value to be
  checked, but improves reliability with a carefully-chosen timeout that
  not only allows twice the time to respond as before, but also allows
  several retries before the client will change its timeout value.

  Ref: #11328

Daniel Stenberg (19 Jun 2023)

- cf-socket: skip getpeername()/getsockname for TFTP

  Since the socket is not connected then the call fails. When the call
  fails, failf() is called to write an error message that is then
  surviving and is returned when the *real* error occurs later. The
  earlier, incorrect, error therefore hides the actual error message.

  This could be seen in stderr for test 1007

  Test 1007 has now been extended to verify the stderr message.

  Closes #11332

- example/crawler: make it use a few more options

  For show, but reasonable

- libcurl-ws.3: mention raw mode

  Closes #11339

- example/default-scheme: set the default scheme for schemeless URLs

  Closes #11338

- example/hsts-preload: show one way to HSTS preload

  Closes #11337

- examples/http-options: show how to send "OPTIONS *"

  With CURLOPT_REQUEST_TARGET.

  Also add use of CURLOPT_QUICK_EXIT to show.

  Closes #11333

- examples: make use of CURLOPT_(REDIR_|)PROTOCOLS_STR

  To show how to use them

  Closes #11334

- examples/smtp-mime: use CURLOPT_MAIL_RCPT_ALLOWFAILS

  For show

  Closes #11335

- http: rectify the outgoing Cookie: header field size check

  Previously it would count the size of the entire outgoing request and
  not just the size of only the Cookie: header field - which was the
  intention.

  This could make the check be off by several hundred bytes in some cases.

  Closes #11331

Jay Satiro (17 Jun 2023)

- lib: fix some format specifiers

  - Use CURL_FORMAT_CURL_OFF_T where %zd was erroneously used for some
    curl_off_t variables.

  - Use %zu where %zd was erroneously used for some size_t variables.

  Prior to this change some of the Windows CI tests were failing because
  in Windows 32-bit targets have a 32-bit size_t and a 64-bit curl_off_t.
  When %zd was used for some curl_off_t variables then only the lower
  32-bits was read and the upper 32-bits would be read for part or all of
  the next specifier.

  Fixes https://github.com/curl/curl/issues/11327
  Closes https://github.com/curl/curl/pull/11321

Marcel Raad (16 Jun 2023)

- test427: add `cookies` feature and keyword

  This test doesn't work with `--disable-cookies`.

  Closes https://github.com/curl/curl/pull/11320

Chris Talbot (15 Jun 2023)

- imap: Provide method to disable SASL if it is advertised

  - Implement AUTH=+LOGIN for CURLOPT_LOGIN_OPTIONS to prefer plaintext
    LOGIN over SASL auth.

  Prior to this change there was no method to be able to fall back to
  LOGIN if an IMAP server advertises SASL capabilities. However, this may
  be desirable for e.g. a misconfigured server.

  Per: https://www.ietf.org/rfc/rfc5092.html#section-3.2

  ";AUTH=<enc-auth-type>" looks to be the correct way to specify what
  authenication method to use, regardless of SASL or not.

  Closes https://github.com/curl/curl/pull/10041

Daniel Stenberg (15 Jun 2023)

- RELEASE-NOTES: synced

- examples/multi-debugcallback.c: avoid the bool typedef

  Apparently this cannot be done in c23

  Reported-by: Cristian Rodríguez
  Fixes #11299
  Closes #11319

- docs/libcurl/libcurl.3: cleanups and improvements

  Closes #11317

- libcurl-ws.3: fix typo

- curl_ws_*.3: enhance

  - all: SEE ALSO the libcurl-ws man page
  - send: add example and return value information
  - meta: mention that the returned data is read-only

  Closes #11318

- docs/libcurl/libcurl-ws.3: see also CURLOPT_WS_OPTIONS

- docs/libcurl/libcurl-ws.3: minor polish

- libcurl-ws.3. WebSocket API overview

  Closes #11314

- libcurl-url.3: also mention CURLUPART_ZONEID

  ... and sort the two part-using lists alphabetically

Marcel Raad (14 Jun 2023)

- fopen: fix conversion warning on 32-bit Android

  When building for 32-bit ARM or x86 Android, `st_mode` is defined as
  `unsigned int` instead of `mode_t`, resulting in a
  -Wimplicit-int-conversion clang warning because `mode_t` is
  `unsigned short`. Add a cast to silence the warning.

  Ref: https://android.googlesource.com/platform/bionic/+/refs/tags/ndk-r25c/li
  bc/include/sys/stat.h#86
  Closes https://github.com/curl/curl/pull/11313

- http2: fix variable type

  `max_recv_speed` is `curl_off_t`, so using `size_t` might result in
  -Wconversion GCC warnings for 32-bit `size_t`. Visible in the NetBSD
  ARM autobuilds.

  Closes https://github.com/curl/curl/pull/11312

Daniel Stenberg (13 Jun 2023)

- vtls: fix potentially uninitialized local variable warnings

  Follow-up from a4a5e438ae533c

  Closes #11310

- timeval: use CLOCK_MONOTONIC_RAW if available

  Reported-by: Harry Sintonen
  Ref: #11288
  Closes #11291

Stefan Eissing (12 Jun 2023)

- tool: add curl command line option `--trace-ids`

  - added and documented --trace-ids to prepend (after the timestamp)
    the transfer and connection identifiers to each verbose log line
  - format is [n-m] with `n` being the transfer id and `m` being the
    connection id. In case there is not valid connection id, print 'x'.
  - Log calls with a handle that has no transfer id yet, are written
    without any ids.

  Closes #11185

- lib: add CURLINFO_CONN_ID and CURLINFO_XFER_ID

  - add an `id` long to Curl_easy, -1 on init
  - once added to a multi (or its own multi), it gets
    a non-negative number assigned by the connection cache
  - `id` is unique among all transfers using the same
    cache until reaching LONG_MAX where it will wrap
    around. So, not unique eternally.
  - CURLINFO_CONN_ID returns the connection id attached to
    data or, if none present, data->state.lastconnect_id
  - variables and type declared in tool for write out

  Closes #11185

Daniel Stenberg (12 Jun 2023)

- CURLOPT_INFILESIZE.3: mention -1 triggers chunked

  Ref: #11300
  Closes #11304

Philip Heiduck (12 Jun 2023)

- CI: openssl-3.0.9+quic

  Closes #11296

Karthikdasari0423 (12 Jun 2023)

- HTTP3.md: update openssl version

  Closes #11297

Daniel Stenberg (12 Jun 2023)

- vtls: avoid memory leak if sha256 call fails

  ... in the pinned public key handling function.

  Reported-by: lizhuang0630 on github
  Fixes #11306
  Closes #11307

- examples/ipv6: disable on win32

  I can't make if_nametoindex() work there

  Follow-up to c23dc42f3997acf23

  Closes #11305

- tool_operate: allow cookie lines up to 8200 bytes

  Since this option might set multiple cookies in the same line, it does
  not make total sense to cap this at 4096 bytes, which is the limit for a
  single cookie name or value.

  Closes #11303

- test427: verify sending more cookies than fit in a 8190 bytes line

  curl will then only populate the header with cookies that fit, dropping
  ones that otherwise would have been sent

  Ref: https://curl.se/mail/lib-2023-06/0020.html

  Closes #11303

- testutil: allow multiple %-operators on the same line

  Closes #11303

Oleg Jukovec (12 Jun 2023)

- docs: update CURLOPT_UPLOAD.3

  The behavior of CURLOPT_UPLOAD differs from what is described in the
  documentation. The option automatically adds the 'Transfer-Encoding:
  chunked' header if the upload size is unknown.

  Closes #11300

Daniel Stenberg (12 Jun 2023)

- RELEASE-NOTES: synced

- CURLOPT_AWS_SIGV4.3: remove unused variable from example

  Closes #11302

- examples/https.c: use CURLOPT_CA_CACHE_TIMEOUT

  for demonstration purposes

  Closes #11290

- example/ipv6: feature CURLOPT_ADDRESS_SCOPE in use

  Closes #11282

Karthikdasari0423 (10 Jun 2023)

- docs: Update HTTP3.md for newer ngtcp2 and nghttp3

  Follow-up to fb9b9b58

  Ref: #11184
  Closes #11295

Dan Fandrich (10 Jun 2023)

- docs: update the supported ngtcp2 and nghttp3 versions

  Follow-up to cae9d10b

  Ref: #11184
  Closes #11294

- tests: fix error messages & handling around sockets

  The wrong error code was checked on Windows on UNIX socket failures,
  which could have caused all UNIX sockets to be reported as having
  errored and the tests therefore skipped. Also, a useless error message
  was displayed on socket errors in many test servers on Windows because
  strerror() doesn't work on WinSock error codes; perror() is overridden
  there to work on all errors and is used instead.

  Ref #11258
  Closes #11265

Daniel Stenberg (9 Jun 2023)

- CURLOPT_SSH_PRIVATE_KEYFILE.3: expand on the file search

  Reported-by: atjg on github
  Ref: #11287
