Microsoft Malicious Software Removal Tool (64-bit)

What's new in this version:

Changed:
- curl.h: add CURL_HTTP_VERSION_3ONLY
- share: add sharing of HSTS cache among handles
- src: add --http3-only
- tool_operate: share HSTS between handles
- urlapi: add CURLU_PUNYCODE
- writeout: add %{certs} and %{num_certs}

Fixed:
- cf-socket: fix build when not HAVE_GETPEERNAME
- cf-socket: keep sockaddr local in the socket filters
- cfilters:Curl_conn_get_select_socks: use the first non-connected filter
- CI: add a workflow to automatically label pull requests
- CI: add pytest GHA to CI test/tests-httpd on a HTTP/3 setup
- CI: Retry failed downloads to reduce spurious failures
- CI: update wolfssl / wolfssh to 5.5.4 / 1.4.12
- cmake: bump requirement to 3.7
- cmake: check for sendmsg
- cmake: delete redundant macro definition `SECURITY_WIN32`
- cmake: fix dev warning due to mismatched arg
- cmake: fix the snprintf detection
- cmake: remove deprecated symbols check
- cmake: set SOVERSION also for macOS
- cmake: use list APPEND syntax for CMAKE_REQUIRED_DEFINITIONS
- cmdline-opts/Makefile: on error, do not leave a partial
- CODEOWNERS: remove the peeps mentioned as CI owners
- connect: fix access of pointer before NULL check
- connect: fix build when not ENABLE_IPV6
- connect: fix strategy testing for attempts, timeouts and happy-eyeball
- connections: introduce http/3 happy eyeballs
- content_encoding: do not reset stage counter for each header
- CONTRIBUTE: More formally specify the commit description
- cookies: fp is always not NULL
- copyright.pl: cease doing year verifications
- copyright: update all copyright lines and remove year ranges
- curl.1: make help, version and manual sections "custom"
- curl.h: allow up to 10M buffer size
- curl.h: mark CURLSSLBACKEND_MESALINK as deprecated
- curl/websockets.h: extend the websocket frame struct
- curl: output warning at --verbose output for debug-enabled version
- curl_free.3: fix return type of `curl_free`
- curl_global_sslset.3: clarify the openssl situation
- curl_log: for failf/infof and debug logging implementations
- curl_setup: Disable by default recv-before-send in Windows
- curl_version_info.3: fix typo
- curl_ws_send.3: clarify how to send multi-frame messages
- CURLOPT_HEADERDATA.3: warn DLL users must set write function
- CURLOPT_READFUNCTION.3: the callback 'size' arg is always 1
- CURLOPT_WRITEFUNCTION.3: fix memory leak in example
- dict: URL decode the entire path always
- docs/DEPRECATE.md: deprecate gskit
- docs: add link to GitHub Discussions
- docs: mention indirect effects of --insecure
- docs: POSTFIELDSIZE must be set to -1 with read function
- doh: ifdef IPv6 code
- easyoptions: fix header printing in generation script
- escape: hex decode with a lookup-table
- escape: use table lookup when adding %-codes to output
- examples: remove the curlgtk.c example
- fopen: remove unnecessary assignment
- ftpserver: lower the DATA connect timeout to speed up torture tests
- GHA/macos.yml: bump to gcc-12
- GHA/macos: use Xcode_14.0.1 for cmake builds
- GHA: add job on Slackware 15.0
- GHA: bump ngtcp2 workflow dependencies
- GHA: enable websockets in the torture job
- GHA: move the quiche job here from zuul
- GHA: use designated ngtcp2 and its dependencies versions
- haxproxy: send before TLS handhshake
- header.d: add a header file example
- hsts.d: explain hsts more
- hsts: handle adding the same host name again
- HTTP/[23]: continue upload when state.drain is set
- http2: aggregate small SETTINGS/PRIO/WIN_UPDATE frames
- http2: fix compiler warning due to uninitialized variable
- http2: minor buffer and error path fixes
- http2: when using printf %.*s, the length arg must be 'int'
- HTTP3: mention what needs to be in place to remove EXPERIMENTAL label
- http: add additional condition for including stdint.h
- http: decode transfer encoding first
- http: fix "part of conditional expression is always false"
- http: remove the trace message "Mark bundle... multiuse"
- http_aws_sigv4: remove typecasts from HMAC_SHA256 macro
- http_proxy: do not assign data->req.p.http use local copy
- INSTALL: document how to use multiple TLS backends
- lib670: make test.h the first include
- lib: connect/h2/h3 refactor
- lib: fix typos
- lib: fix typos in comments which repeat a word
- libssh2: try sha2 algos for hostkey methods
- libtest: add a sleep macro for Windows
- Linux CI: update some dependecies to latest tag
- Makefile.mk: fix wolfssl and mbedtls default paths
- man pages: call the custom user pointer 'clientp' consistently
- md4: fix build with GnuTLS + OpenSSL v1
- misc: fix grammar and spelling
- misc: fix spelling
- misc: reduce struct and struct field sizes
- msh3: add support for request payload
- msh3: update to v0.5 Release
- msh3: update to v0.6
- multi: stop sending empty HTTP/3 UDP datagrams on Windows
- multihandle: turn bool struct fields into bits
- ngtcp2: add CURLOPT_SSL_CTX_FUNCTION support for openssl+wolfssl
- ngtcp2: fix the build without 'sendmsg'
- ngtcp2: replace removed define and stop using removed function
- no-clobber.d: only use long form options in man page text
- noproxy: support for space-separated names is deprecated
- nss: implement data_pending method
- openldap: fix missing sasl symbols at build in specific configs
- openssl: adapt to boringssl's error code type
- openssl: don't ignore CA paths when using Windows CA store (redux)
- openssl: don't log raw record headers
- openssl: make the BIO_METHOD a local variable in the connection filter
- openssl: only use CA_BLOB if verifying peer
- openssl: remove attached easy handles from SSL instances
- openssl: store the CA after first send (ClientHello)
- os400: fixes to make-lib.sh and initscript.sh
- packages: remove Android, update README
- release-notes.pl: check fixes/closes lines better
- Revert "x509asn1: avoid freeing unallocated pointers"
- runtest.pl: add expected fourth return value
- runtests: tear down http2/http3 servers when https server is stopped
- runtests: consider warnings fatal and error on them
- runtests: fix detection of TLS backends
- runtests: make 'mbedtls' a testable feature
- rustls: improve error messages
- scripts/delta: show percent of number of files changed since last tag
- scripts: fix Appveyor job detection in cijobs.pl
- scripts: set file mode +x on all perl and shell scripts
- sectransp: fix for incomplete read/writes
- SECURITY-PROCESS.md: document severity levels
- setopt: Address undefined behaviour by checking for null
- setopt: move the SHA256 opt within #ifdef libssh2
- setopt: use >, not >=, when checking if uarg is larger than uint-max
- smb: return error on upload without size
- socketpair: allow localhost MITM sniffers
- strdup: name it Curl_strdup
- system.h: assume OS400 is always built with ILEC compiler
- test1560: use a UTF8-using locale when run
- test2304: remove stdout verification
- tests-httpd: basic infra to run curl against an apache httpd
- tests: add 3 new HTTP/2 test cases, plus https: support for nghttpx
- tests: add tests for HTTP/2 and HTTP/3 to verify the header API
- tests: avoid use of sha1 in certificates
- tls: fixes for wolfssl + openssl combo builds
- tool_getparam: fix hiding of command line secrets
- tool_operate: fix `CURLOPT_SOCKS5_GSSAPI_NEC` type
- tool_operate: fix error codes during DOS filename sanitize
- tool_operate: fix error codes on bad URL & OOM
- tool_operate: fix headerfile writing
- tool_operate: repair --rate
- transfer: break the read loop when RECV is cleared
- typecheck: accept expressions for option/info parameters
- url: fix part of conditional expression is always true
- urlapi: avoid Curl_dyn_addf() for hex outputs
- urlapi: fix part of conditional expression is always true: qlen
- urlapi: skip path checks if path is just "/"
- urlapi: skip the extra dedotdot alloc if no dot in path
- urldata: cease storing TLS auth type
- urldata: make 'ftp_create_missing_dirs' depend on FTP || SFTP
- urldata: make set.http200aliases conditional on HTTP being present
- urldata: move the cookefilelist to the 'set' struct
- urldata: remove unused struct fields, made more conditional
- vquic: stabilization and improvements
- vtls: fix hostname handling in filters
- vtls: manage current easy handle in nested cfilter calls
- vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used
- winbuild: document that arm64 is supported
- windows: always use curl's basename() implementation
- wolfssl: remove deprecated post-quantum algorithms
- workflows/linux.yml: merge 3 common packages
- write-out.d: add 'since version' to %{header_json} documentation
- write-out.d: clarify Windows % symbol escaping
- ws: fix autoping handling
- ws: fix multiframe send handling
- ws: fix recv of larger frames
- ws: remove bad assert
- ws: unstick connect-only shutdown
- ws: use %Ou for outputting curl_off_t with info()
- x509asn1: fix compile errors and warnings
- zuul: stop using this CI service