From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp-out-so.shaw.ca (smtp-out-so.shaw.ca [64.59.136.138]) by sourceware.org (Postfix) with ESMTPS id 0D9683858001 for ; Mon, 14 Dec 2020 20:01:25 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 0D9683858001 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=SystematicSW.ab.ca Authentication-Results: sourceware.org; spf=none smtp.mailfrom=brian.inglis@systematicsw.ab.ca Received: from SystematicSW.ab.ca ([24.64.172.44]) by shaw.ca with ESMTP id ou27kNB4OktFkou28kijqx; Mon, 14 Dec 2020 13:01:25 -0700 X-Authority-Analysis: v=2.4 cv=NYRYa0P4 c=1 sm=1 tr=0 ts=5fd7c495 a=kiZT5GMN3KAWqtYcXc+/4Q==:117 a=kiZT5GMN3KAWqtYcXc+/4Q==:17 a=ugkhXdxtAAAA:8 a=kPCIzciLAAAA:20 a=Q824LlzhAj6yFHTINoIA:9 a=i0ZCOD_hNsQA:10 a=ZG-MjRxWnTTVGrJRUvVH:22 a=pHzHmUro8NiASowvMSCR:22 a=6VlIyEUom7LUIeUMNQJH:22 From: Brian Inglis To: Cygwin Announcements Reply-To: Cygwin Date: Mon, 14 Dec 2020 12:51:36 -0700 Message-Id: <20201214125136.36169-1-Brian.Inglis@SystematicSW.ab.ca> Subject: Updated: curl, libcurl{4, -devel, -doc}, mingw64-{x86_64, i686}-curl 7.74 X-CMAE-Envelope: MS4xfPoAudpav/T1BFdGzk+16Eq1qBykHjiyC0V/z7lV1U7tSHL6qt5dGTIBC4Tc46PJxJCquYq36uoY9dQjJNY/criijPX+qTFSMDgCMrNLEFvtDXGhiJPk 8/SQ7AzJ9SOmgSPZYDWkUCkWR+9Vgx012SdUArh456Fc5UOAOtDwRFeYKJ0Z0mcxgBM6s1SMKlpDoYraljnpzQccrB5m/SCA4cFagaJoTmXberhaGrVoEMrj s6b6sR8Ort0huPqcMihSqXeB75bBc4o5LVPEX9mUtOA= X-Spam-Status: No, score=-5.8 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_NUMSUBJECT, KAM_SHORT, RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-Mailman-Approved-At: Mon, 14 Dec 2020 22:09:51 +0000 X-BeenThere: cygwin-announce@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Read-only mailing list announcing new and updated Cygwin packages List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Dec 2020 20:01:27 -0000 The following packages have been upgraded in the Cygwin distribution: * curl 7.74 * libcurl4 7.74 * libcurl-devel 7.74 * libcurl-doc 7.74 * mingw64-x86_64-curl 7.74 * mingw64-i686-curl 7.74 Command line tool and Library supporting transferring files with URL syntax, using FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, and FILE, SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate...), file transfer resume, proxy tunneling and a busload of other useful tricks. For more information see the project home page: https://curl.se/ This release enables debug mode, previously a default: https://github.com/curl/curl/blob/0d75bf9ae99f62ac5aab46cd281fd5a7e0760a69/lib/vtls/openssl.c#L4244-L4259 For debug builds be a little stricter and error on any SSL_ERROR_SYSCALL. For example a server may have closed the connection abruptly without a close_notify alert. *Curl users should be aware that deviations from strict protocol are deprecated and will be reported as errors unconditionally in a near future release.* As there are multiple components and many changes each release please see below or read /usr/share/doc/curl/RELEASE-NOTES after installation for complete details: https://curl.se/changes.html curl and libcurl 7.74.0 This release includes the following changes: * hsts: add experimental support for Strict-Transport-Security [37] This release includes the following bugfixes: * CVE-2020-8286: Inferior OCSP verification [93] * CVE-2020-8285: FTP wildcard stack overflow [95] * CVE-2020-8284: trusting FTP PASV responses [97] * alt-svc: enable (in the build) by default [20] * connect: repair build without ipv6 availability [19] * curl.1: add an "OUTPUT" section at the top of the manpage [32] * curl.se: new home [59] * curl: only warn not fail, if not finding the home dir [15] * docs: document the 8MB input string limit [57] * header.d: mention the "Transfer-Encoding: chunked" handling [45] * httpput-postfields.c: new example doing PUT with POSTFIELDS [35] * libssh2: fix transport over HTTPS proxy [31] * ngtcp2: adapt to recent nghttp3 updates [49] * ngtcp2: advertise h3 ALPN unconditionally [72] * ngtcp2: Fix build error due to symbol name change [90] * ngtcp2: use the minimal version of QUIC supported by ngtcp2 [67] * range.d: clarify that curl will not parse multipart responses [36] * scripts/completion.pl: parse all opts [101] * socks: check for DNS entries with the right port number [74] * tool_help: make "output" description less confusing [21] * tool_operate: --retry for HTTP 408 responses too [43] * tool_operate: bail out proper on errors during parallel transfers [29] * urlapi: don't accept blank port number field without scheme [98] * urlapi: URL encode a '+' in the query part [14]