public inbox for
 help / color / mirror / Atom feed
From: Cygwin curl Maintainer <>
To: Cygwin Announcements <>
Subject: Updated: curl, libcurl{4, -devel, -doc}, mingw64-{x86_64, i686}-curl 7.76
Date: Sat, 03 Apr 2021 17:15:08 -0600	[thread overview]
Message-ID: <> (raw)

The following packages have been upgraded in the Cygwin distribution:

* curl			7.76
* libcurl4		7.76
* libcurl-devel		7.76
* libcurl-doc		7.76
* mingw64-x86_64-curl	7.76
* mingw64-i686-curl	7.76

Command line tool and Library supporting transferring files with
FILE, SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form
based upload, proxies, cookies, user+password authentication (Basic,
Digest, NTLM, Negotiate...), file transfer resume, proxy tunneling and a
busload of other useful tricks.

For more information see the project home page:

As there are multiple components and many changes each release please
see below or read /usr/share/doc/curl/RELEASE-NOTES after installation
for complete details:

curl and libcurl 7.76:

* Public curl releases:         198
* Command line options:         240
* curl_easy_setopt() options:   288
* Public functions in libcurl:  85
* Contributors:                 2356

This release includes the following changes:

* cookies: Support multiple -b parameters [69]
* curl: add --fail-with-body [17]
* doh: add options to disable ssl verification [5]
* http: add support to read and store the referrer header [30]
* sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl [4]
* vtls: initial implementation of rustls backend [3]

This release includes the following known bugs:

* see /usr/share/doc/curl/KNOWN_BUGS (

This release includes the following bugfixes:

* CVE-2021-22876: strip credentials from the auto-referer header field [88]
* CVE-2021-22890: add 'isproxy' argument to Curl_ssl_get/addsessionid() [55]
* asyn-ares: use consistent resolve error message [37]
* BUG-BOUNTY: removed the cooperation mention
* build: delete unused feature guards [51]
* build: fix --disable-dateparse [1]
* build: fix --disable-http-auth
* build: remove all traces of USE_BLOCKING_SOCKETS [70]
* c-hyper: Remove superfluous pointer check [56]
* c-hyper: support automatic content-encoding [74]
* CI/azure: disable test 433 on azure-ubuntu [105]
* CI/azure: replace python-impacket with python3-impacket [61]
* ci: stop building on freebsd-12-1 [38]
* cmake: fix import library name for non-MS compiler on Windows [10]
* cmake: use CMAKE_INSTALL_INCLUDEDIR indirection [49]
* cmake: support WinIDN [100]
* config: fix building SMB with configure using Win32 Crypto [91]
* config: fix detection of restricted Windows App environment
* configure: fail if --with-quiche is used and quiche isn't found [48]
* configure: make AC_TRY_* into AC_*_IFELSE
* configure: make hyper opt-in, and fail if missing [53]
* configure: only add OpenSSL paths if they are defined [68]
* configure: provide Largefile feature for curl-config [79]
* configure: remove use of deprecated macros
* configure: s/AC_HELP_STRING/AS_HELP_STRING [110]
* cookies: Fix potential NULL pointer deref with PSL [66]
* curl: set CURLOPT_NEW_FILE_PERMS if requested [65]
* curl_easy_setopt.3: add curl_easy_option* functions to SEE ALSO
* curl_multibyte: always return a heap-allocated copy of string [29]
* curl_multibyte: fall back to local code page stat/access on Windows [8]
* Curl_timeleft: check both timeouts during connect [109]
* curl_url_set.3: mention CURLU_PATH_AS_IS [13]
* CURLOPT_QUOTE.3: clarify that libcurl doesn't parse what's sent [16]
* docs/HTTP2: remove the outdated remark about multiplexing for the tool
* docs/ format to be update-friendly [11]
* docs: add CURLOPT_CURLU to 'See also' in curl_url_ functions [52]
* docs: add missing Arg tag to --stderr [58]
* docs: Add SSL backend names to CURL_SSL_BACKEND [106]
* docs: clarify timeouts for queued transfers in multi API [101]
* docs: Explain DOH transfers inherit some SSL settings [107]
* docs: fix FILE example url in --metalink documentation [19]
* docs: make support *italic* and **bold** [112]
* doh: Fix sharing user's resolve list with DOH handles [46]
* doh: Inherit CURLOPT_STDERR from user's easy handle [60]
* dynbuf: bump the max HTTP request to 1MB [39]
* examples: Remove threaded-shared-conn.c due to bug [119]
* file: Support unicode urls on windows [9]
* ftp: add 'list_only' to the transfer state struct [35]
* ftp: add 'prefer_ascii' to the transfer state struct [36]
* FTP: allow SIZE to fail when doing (resumed) upload [78]
* ftp: avoid SIZE when asking for a TYPE A file [23]
* ftp: fix Codacy/cppcheck warning about null pointer arithmetic [34]
* ftp: fix memory leak in ftp_done [96]
* ftp: never set data->set.ftp_append outside setopt [14]
* quote "bare" minuses in the nroff curl.1 [92]
* github: add torture-ftp for FTP-only torture testing [94]
* gnutls: assume nettle crypto support [33]
* gskit: correct the gskit_send() prototype [21]
* hostip: fix build with sync resolver [20]
* hostip: fix crash in sync resolver builds that use DOH [12]
* hsts: remove unused defines [93]
* http2: don't set KEEP_SEND when there's no more data to be sent [90]
* http2: fail if connection terminated without END_STREAM [97]
* http: cap body data amount during send speed limiting [116]
* http: do not add a referrer header with empty value [44]
* http: make 416 not fail with resume + CURLOPT_FAILONERRROR [108]
* http: remove superfluous NULL assign [75]
* http: strip default port from URL sent to proxy [104]
* http: use credentials from transfer, not connection [25]
* ldap: use correct memory free function [63]
* lib1536: check ptr against NULL before dereferencing it [83]
* lib1537: check ptr against NULL before dereferencing it [84]
* lib: remove 'conn->data' completely [45]
* libssh2: kdb_callback: get the right struct pointer [99]
* libssh2:ssh_connect: clear session pointer after free [98]
* memdebug: close debug logfile explicitly on exit [28]
* mingw: enable using strcasecmp() [50]
* multi: close the connection when h2=>h1 downgrading [122]
* multi: do once-per-transfer inits in before_perform in DID state [54]
* multi: rename the multi transfer states [43]
* multi: update pending list when removing handle [82]
* ngtcp2: adapt to the new recv_datagram callback
* ngtcp2: clarify calculation precedence [27]
* ngtcp2: Fix build error due to change in ngtcp2_addr_init [81]
* ngtcp2: sync with recent API updates [113]
* openldap: avoid NULL pointer dereferences [102]
* openssl: adapt to v3's new const for a few API calls [86]
* openssl: ensure to check SSL_CTX_set_alpn_protos return values [121]
* openssl: remove get_ssl_version_txt in favor of SSL_get_version [67]
* openssl: set the transfer pointer for logging early [123]
* OS400: update for CURLOPT_AWS_SIGV4 [2]
* parse_proxy: fix a memory leak in the OOM path [41]
* fix use of pwd -L in Msys environment
* projects: Update VS projects for OpenSSL 1.1.x [59]
* quiche: fix build error: use 'int' for port number
* quiche: fix crash when failing to connect [87]
* retry-all-errors.d: Explain curl errors versus HTTP response errors [72]
* retry.d: Clarify transient 5xx HTTP response codes [71]
* add %TESTNUMBER variable to make copying tests more convenient
* add a -P option to specify an external proxy
* kill processes locking test log files [62]
* setopt: error on CURLOPT_HTTP09_ALLOWED set true with Hyper [77]
* test1188: change error to check for: --fail HTTP status [26]
* test220/314: adjust to run with Hyper
* test304: header CRLF cleanup to work with Hyper
* test306: make it not run with Hyper
* tests: disable .curlrc in more environments [7]
* tests: use %TESTNUMBER instead of fixed number [103]
* tftp: remove the 3600 second default timeout [111]
* time: enable 64-bit time_t in supported mingw environments [24]
* tool_help: add missing argument for --create-file-mode [18]
* tool_help: Increase space between option and description [64]
* tool_operate: bail if set CURLOPT_HTTP09_ALLOWED returns error [76]
* travis: add a rustls build [89]
* travis: bump wolfssl to 4.7.0
* travis: only build wolfssl when needed [85]
* travis: split "torture" into a separate "events" build [95]
* travis: switch ngtcp2 build over to quictls [73]
* travis: use ubuntu nghttp2 package instead of build our own [80]
* url.c: use consistent error message for failed resolve
* url: fix memory leak if OOM in the HSTS handling [32]
* url: fix possible use-after-free in default protocol [42]
* urldata: don't touch data->set.httpversion at run-time [6]
* urldata: fix build without HTTP and MQTT [22]
* urldata: make 'actions[]' use unsigned char instead of int [47]
* urldata: merge "struct DynamicStatic" into "struct UrlState" [117]
* urldata: remove the 'rtspversion' field [15]
* urldata: remove the _ORIG suffix from string names [31]
* version.d: Add missing features to the features list [57]
* wolfssl: don't store a NULL sessionid [40]

                 reply	other threads:[~2021-04-03 23:17 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).