Pending RELEASE-NOTES for the upcoming release

This is work in progress and will change before the release goes public on 2025-02-05.

Changes:

curl: add byte range support to --variable reading from file
curl: make --etag-save acknowledge --create-dirs
getinfo: fix CURLINFO_QUEUE_TIME_T and add 'time_queue' var
getinfo: provide info which auth was used for HTTP and proxy
hyper: drop support
openssl: add support to use keys and certificates from PKCS#11 provider
QUIC: 0RTT for gnutls via CURLSSLOPT_EARLYDATA
vtls: feature ssls-export for SSL session im-/export

Bugfixes:

altsvc: avoid integer overflow in expire calculation
async-thread: avoid closing eventfd twice
autotools: silence gcc warnings in libtool code
binmode: convert to macro and use it from tests
build: delete `-Wsign-conversion` related FIXMEs
build: drop `-Winline` picky warning
build: drop unused feature macros, update exception list
build: fix the tidy targets for autotools
build: fix unsigned `time_t` detection for cmake, MS-DOS, AmigaOS
build: replace configure check with PP condition (Android <21)
cd2nroff: support "none" as a TLS backend
cf-socket: error if address can't be copied
checksrc: ban use of sscanf()
checksrc: fix the return() checker
checksrc: introduce 'banfunc' to ban specific functions
cmake/FindLDAP: avoid empty 'Requires' item when omitting `pkg-config` module
cmake/FindLDAP: avoid framework locations for libs too (Apple)
cmake/FindLibpsl: protect against `pkg-config` "half-detection"
cmake/FindLibssh: sync header comment with other modules
cmake/FindMbedTLS: drop lib duplicates early
cmake: add `librtmp` Find module
cmake: add LDAP Find module
cmake: add native `pkg-config` detection for remaining Find modules
cmake: allow `CURL_LTO` regardless of `CURL_BUILD_TYPE`, enable in CI
cmake: clang-cl improvements
cmake: delete accidental debug message
cmake: drop duplicate Windows cache value
cmake: drop redundant FOUND checks (libgsasl, libssh, libuv)
cmake: drop redundant opening/closing `.*` from `MATCH` expressions
cmake: drop unused `HAVE_SYS_XATTR_H` detection
cmake: extend zlib's `AUTO` option to brotli, zstd and enable if found
cmake: fix `net/in.h` detection for MS-DOS
cmake: improve `curl_dumpvars()` and move to `Utilities.cmake`
cmake: make libpsl required by default
cmake: make system libraries `dl`, `m`, `pthread` customizable
cmake: move `pkg-config` names to Find modules
cmake: move GSS init before feature detections
cmake: namespace functions and macros
cmake: optimize out 4 picky warning option detections with gcc
cmake: pre-fill `HAVE_STDINT_H` on Windows
cmake: publish/check supported protocols/features via `CURLConfig.cmake`
cmake: replace `unset(VAR)` with `set(VAR "")` for init
cmake: sync OpenSSL QUIC fork detection with autotools
cmake: use `CMAKE_REQUIRED_LINK_DIRECTORIES`
cmake: use `STREQUAL` to detect Linux
completion.pl: add completion for paths after @ for fish
config-mac: drop `MACOS_SSL_SUPPORT` macro
configure: drop unused detections and macros
conncache: count shutdowns against host and max limits
conncache: result_cb comment removed from function docs
content_encoding: namespace GZIP flag constants
cookie: cap expire times to 400 days
cookie: fix crash in netscape cookie parsing
cookie: parse only the exact expire date
curl: return error if etag options are used with multiple URLs
curl_multibyte: support Windows paths longer than MAX_PATH
curl_sha512_256: rename symbols to the curl namespace
curl_url_set.md: adjust the added-in to 7.62.0
curl_ws_recv.md: fix typo
CURLOPT_PROXY.md: clarify the crendential support in proxy URLs
CURLOPT_RESOLVE.md: fix wording
CURLOPT_SEEKFUNCTION.md: used for FTP, HTTP and SFTP (only)
docs/BUGS.md: remove leading space from a link
docs/cmdline-opts/_ENVIRONMENT.md: minor language fix
docs/HTTP-COOKIES.md: link to more information
docs/libcurl/opts: clarify the return values
docs/libcurl: return value overhall
docs: use lowercase curl and libcurl
ECH: update APIs to those agreed with OpenSSL maintainers
examples/block-ip: drop redundant `memory.h` include
examples/block-ip: show how to block IP addresses
examples/complicated: fix warnings, bump deprecated callback, tidy up
examples/synctime.c: remove references to dead URLs and functionality
examples: make them compile with compatibility functions disabled (Windows)
file: drop `OPEN_NEEDS_ARG3` option
file: fix Android compiler warning
GnuTLS: fix 'time_appconnect' for early data
hash: add asserts in hash_element_dtor()
HTTP/2: strip TE request header
http2: fix value stored to 'result' is never read
http: fix build with `CURL_DISABLE_COOKIES`
http: ignore invalid Retry-After times
http_aws_sigv4: Fix invalid compare function handling zero-length pairs
INFRASTRUCTURE.md: project infra
lib517: extend the getdate test with quotes and leading "junk"
lib: remove `__EMX__` guards
lib: replace `inline` redefine with `CURL_INLINE` macro
lib: supress deprecation warnings in apple builds
lib: TLS session ticket caching reworked
Makefile.mk: drop in favour of autotools and cmake (MS-DOS, AmigaOS3)
mbedtls: fix handling of blocked sends
mime: explicitly rewind subparts at attachment time.
msvc: drop checks for ancient versions
msvc: fix building with `HAVE_INET_NTOP` and MSVC <=1900
multi: fix curl_multi_waitfds reporting of fd_count
multi: fix return code for an already-removed easy handle
multissl: auto-enable `OPENSSL_COEXIST` for wolfSSL + OpenSSL
multissl: make openssl + wolfssl builds work
netrc: 'default' with no credentials is not a match
netrc: fix password-only entries
netrc: restore _netrc fallback logic
ngtcp2: fix two cases of value stored never read
openssl: fix ECH logic
osslq: use SSL_poll to determine writeability of QUIC streams
projects/Windows: remove wolfSSL from legacy projects
RELEASE-PROCEDURE.md: mention how to publish security advisories
scripts/mdlinkcheck: markdown link checker
sectransp: free certificate on error
select: avoid a NULL deref in cwfds_add_sock
smb: fix compiler warning
src: add `CURL_STRICMP()` macro, use `_stricmp()` on Windows
src: drop support for `CURL_TESTDIR` debug env
strparse: string parsing helper functions
system.h: add 64-bit curl_off_t definitions for NonStop
test483: require cookie support
tests/http/clients: use proper sleep() call on NonStop
TheArtOfHttpScripting.md: rewrite double 'that'
tool_formparse.c: make curlx_uztoso a static in here
tool_formparse: accept digits in --form type= strings
tool_getparam: fix "Ignored Return Value"
tool_getparam: fix memory leak on error in parse_ech
tool_getparam: fix the ECH parser
tool_operate: make --etag-compare always accept a non-existing file
urlapi: fix redirect to a new fragment or query (only)
variable.md: mention --expand-variable for variables to variables
variable.md: show function use with examples
vquic: fix 4th function call argument is an uninitialized value
vquic: make vquic_send_packets not return without setting psent
vtls: only remember the expiry timestamp in session cache
vtls: remove 'detach/attach' functions from TLS handler struct
vtls: remove unusued 'check_cxn' from TLS handler struct
vtls: replace "none"-functions with NULL pointers
VULN-DISCLOSURE-POLICY.md: mention the not setting CVSS
ws-docs: remove the outdated texts saying ws support is experimental

Contributors:

Andy Pan, Asger Hautop Drewsen, baranyaib90 on github, Ben Zanin, Christian Heusel, Christian Schmitz, Christopher Dannemiller, Daniel Stenberg, Darren Banfi, dependabot[bot], Derek Huang, dwickr, Ganesh Viswanathan, Hermes Zhang, IcedCoffeee on github, Jakub Jelen, Jeroen Ooms, Jiri Stary, Kai Pastor, Kevin Sun, Kuan-Wei Chiu, Manuel Einfalt, Marcel Raad, Mohammed Sadiq, Neil Horman, Patrick Monnerat, prpr19xx on github, Qriist on github, Ralph Sennhauser, Randall S. Becker, Ray Satiro, renovate[bot], Rudi Heitbaum, Samuel Henrique, Stefan Eissing, Stephen Farrell, Tal Regev, Tamás Bálint Misius, Tamir Duberstein, Viktor Szakats, Yedaya Katsman, Yihang Zhou