Pending RELEASE-NOTES for the upcoming release

This is work in progress and will change before the release goes public on 9th of December 2020.

Changes:

• hsts: add experimental support for Strict-Transport-Security

Bugfixes:

• acinclude: detect manually set minimum macos/ipod version
• alt-svc: enable (in the build) by default
• alt-svc: minimize variable scope and avoid "DEAD_STORE"
• asyn: use 'struct thread_data *' instead of 'void *'
• checksrc: warn on empty line before open brace
• CI/appveyor: disable test 571 in two cmake builds
• CI/azure: improve on flakiness by avoiding libtool wrappers
• CI/tests: enable test target on TravisCI for CMake builds
• CI/travis: add brotli and zstd to the libssh2 build
• cirrus: build with FreeBSD 12.2 in CirrusCI
• cmake: call the feature unixsockets without dash
• cmake: check for linux/tcp.h
• cmake: correctly handle linker flags for static libs
• cmake: don't pass -fvisibility=hidden to clang-cl on Windows
• cmake: make BUILD_TESTING dependent option
• cmake: make CURL_ZLIB a tri-state variable
• cmake: set the unicode feature in curl-config on Windows
• cmake: store IDN2 information in curl_config.h
• cmake: use libcurl.rc in all Windows builds
• configure: pass -pthread to Libs.private for pkg-config
• configure: use pkgconfig to find openSSL when cross-compiling
• connect: repair build without ipv6 availability
• curl.1: add an "OUTPUT" section at the top of the manpage
• curl.se: new home
• curl: add compatibility for Amiga and GCC 6.5
• curl: only warn not fail, if not finding the home dir
• curl_easy_escape: limit output string length to 3 * max input
• Curl_pgrsStartNow: init speed limit time stamps at start
• curl_setup: USE_RESOLVE_ON_IPS is for Apple native resolver use
• curl_url_set.3: fix typo in the RETURN VALUE section
• CURLOPT_DNS_USE_GLOBAL_CACHE.3: fix typo
• CURLOPT_HSTS.3: document the file format
• CURLOPT_NOBODY.3: fix typo
• CURLOPT_TCP_NODELAY.3: fix comment in example code
• CURLOPT_URL.3: clarify SCP/SFTP URLs are for uploads as well
• docs: document the 8MB input string limit
• docs: fix typos and markup in ETag manpage sections
• docs: Fix various typos in documentation
• examples/httpput: remove use of CURLOPT_PUT
• FAQ: refreshed
• file: avoid duplicated code sequence
• gnutls: fix memory leaks (certfields memory wasn't released)
• header.d: mention the "Transfer-Encoding: chunked" handling
• HISTORY: the new domain
• http3: fix two build errors, silence warnings
• http3: use the master branch of GnuTLS for testing
• http: pass correct header size to debug callback for chunked post
• http_proxy: use enum with state names for 'keepon'
• httpput-postfields.c: new example doing PUT with POSTFIELDS
• infof/failf calls: fix format specifiers
• libssh2: fix build with disabled proxy support
• libssh2: fix transport over HTTPS proxy
• libssh2: require version 1.0 or later
• Makefile.m32: add support for HTTP/3 via ngtcp2+nghttp3
• Makefile.m32: add support for UNICODE builds
• mqttd: fclose test file when done
• NEW-PROTOCOL: document what needs to be done to add one
• ngtcp2: adapt to recent nghttp3 updates
• ngtcp2: advertise h3 ALPN unconditionally
• ngtcp2: Fix build error due to symbol name change
• ngtcp2: use the minimal version of QUIC supported by ngtcp2
• ntlm: avoid malloc(0) on zero length user and domain
• openssl: acknowledge SRP disabling in configure properly
• openssl: free mem_buf in error path
• openssl: guard against OOM on context creation
• openssl: use OPENSSL_init_ssl() with >= 1.1.0
• os400: Sync libcurl API options
• packages/OS400: make the source code-style compliant
• quiche: close the connection
• quiche: remove 'static' from local buffer
• range.d: clarify that curl will not parse multipart responses
• range.d: fix typo
• rtsp: error out on empty Session ID, unified the code
• rtsp: fixed Session ID comparison to refuse prefix
• rtsp: fixed the RTST Session ID mismatch in test 570
• runtests: return error if no tests ran
• runtests: revert the mistaken edit of $CURL
• runtests: show keywords when no tests ran
• socks: check for DNS entries with the right port number
• src/tool_filetime: disable -Wformat on mingw for this file
• strerror: use 'const' as the string should never be modified
• test122[12]: remove these two tests
• test506: make it not run in c-ares builds
• tests/*server.py: close log file after each log line
• tests/server/tftpd.c: close upload file right after transfer
• tests/util.py: fix compatibility with Python 2
• tests: add missing global_init/cleanup calls
• tests: fix some http/2 tests for older versions of nghttpx
• tool_debug_cb: do not assume zero-terminated data
• tool_help: make "output" description less confusing
• tool_operate: --retry for HTTP 408 responses too
• tool_operate: bail out proper on errors during parallel transfers
• tool_operate: fix compiler warning when --libcurl is disabled
• tool_writeout: use off_t getinfo-types instead of doubles
• travis: use ninja-build for CMake builds
• travis: use valgrind when running tests for debug builds
• urlapi: URL encode a '+' in the query part
• urldata: remove 'void *protop' and create the union 'p'
• vquic/ngtcp2.h: define local_addr as sockaddr_storage

Contributors:

Andreas Fischer, asavah on github, b9a1 on github, Baruch Siach, Basuke Suzuki, bobmitchell1956 on github, BrumBrum on hackerone, Cristian Morales Vega, Daiki Ueno, Daniel Gustafsson, Daniel Stenberg, Dietmar Hauser, Dirk Wetter, emanruse on github, Emil Engler, hamstergene on github, Harry Sintonen, Jakub Zakrzewski, Jeroen Ooms, Jon Rumsey, José Joaquín Atria, Junho Choi, Kael1117 on github, Klaus Crusius, Kovalkov Dmitrii, Marcel Raad, Marc Hörsken, Marc Schlatter, Niranjan Hasabnis, nosajsnikta on github, Oliver Urbann, Per Nilsson, Philipp Klaus Krause, Ray Satiro, Rikard Falkeborn, Rui LIU, Sergei Nikulov, Tobias Hieta, Tom G. Christensen, Viktor Szakats, Vincent Torri,