public inbox for
 help / color / mirror / Atom feed
* Updated: curl, libcurl{4, -devel, -doc}, mingw64-{x86_64, i686}-curl 7.79.1
@ 2021-09-26 12:52 Cygwin curl Maintainer
  0 siblings, 0 replies; only message in thread
From: Cygwin curl Maintainer @ 2021-09-26 12:52 UTC (permalink / raw)
  To: Cygwin Announcements

The following packages have been upgraded in the Cygwin distribution:

* curl			7.79.1
* libcurl4		7.79.1
* libcurl-devel		7.79.1
* libcurl-doc		7.79.1
* mingw64-x86_64-curl	7.79.1
* mingw64-i686-curl	7.79.1

Command line tool and Library supporting transferring files with
FILE, SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form
based upload, proxies, cookies, user+password authentication (Basic,
Digest, NTLM, Negotiate...), file transfer resume, proxy tunneling and a
busload of other useful tricks.

For more information see the project home page:

As there are multiple components and many changes each release please
see below or read /usr/share/doc/curl/RELEASE-NOTES after installation;
for complete details of changes since the previous Cygwin release see:


curl and libcurl 7.79.1

 Public curl releases:         203
 Command line options:         242
 curl_easy_setopt() options:   290
 Public functions in libcurl:  85
 Contributors:                 2489

This release includes the following known bugs:

* see docs/KNOWN_BUGS (

This release includes the following bugfixes:

* Curl_http2_setup: don't change connection data on repeat invokes
* curl_multi_fdset: make FD_SET() not operate on sockets out of range
* dist: provide lib/.checksrc in the tarball
* FAQ: add GOPHERS + curl works on data, not files
* hsts: CURLSTS_FAIL from hsts read callback should fail transfer
* hsts: handle unlimited expiry
* http: fix the broken >3 digit response code detection
* strerror: use sys_errlist instead of strerror on Windows
* test1184: disable
* tests/ make it work with openssh-8.7p1

curl and libcurl 7.79.0 September 15 2021

This release includes the following changes:

* bearssl: support CURLOPT_CAINFO_BLOB
* http: consider cookies over localhost to be secure
* secure transport: support CURLINFO_CERTINFO

This release includes the following bugfixes:

* CVE-2021-22945: clear the leftovers pointer when sending succeeds
* CVE-2021-22946: do not ignore --ssl-reqd
* CVE-2021-22947: reject STARTTLS server response pipelining
* ares: use ares_getaddrinfo()
* asyn-ares.c: move all version number checks to the top
* auth: do not append zero-terminator to authorisation id in kerberos
* auth: properly handle byte order in kerberos security message
* auth: use sasl authzid option in kerberos
* auth: we do not support a security layer after kerberos authentication
* update links to use https where available
* build: fix compiler warnings
* c-hyper: deal with Expect: 100-continue combined with POSTFIELDS
* c-hyper: fix header value passed to debug callback
* c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection
* c-hyper: initial step for 100-continue support
* c-hyper: initial support for "dumping" 1xx HTTP responses
* c-hyper: remove the hyper_executor_poll() loop from Curl_http
* CI/cirrus: reduce compile time with increased parallism
* CI: use GitHub Container Registry instead of Docker Hub
* cirrus: Add FreeBSD 13.0 job and disable sanitizer build
* cmake: avoid poll() on macOS
* cmake: sync CURL_DISABLE options
* codeql: fix error "Resource not accessible by integration"
* compressed.d: it's a request, not an order
* config.d: escape the backslash properly
* config.d: note that curlrc is used even when --config
* config: get rid of the unused HAVE_SIG_ATOMIC_T et. al.
* revert bad nghttp2 library detection improvements
* configure: error out if both ngtcp2 and quiche are specified
* configure: make --disable-hsts work
* configure: set classic mingw minimum OS version to XP
* configure: tweak nghttp2 library name fix
* connect: get local port + ip also when reusing connections
* connect: remove superfluous conditional
* curl-openssl.m4: check lib64 for the pkg-config file
* curl-openssl.m4: show correct output for OpenSSL v3
* curl.1: mention "global" flags
* curl.1: provide examples for each option
* curl: add warning for ignored data after quoted form parameter
* curl: add warning for incompatible parameters usage
* curl: better error message when -O fails to get a good name
* curl: stop retry if Retry-After: is longer than allowed
* curl_easy_setopt.3: improve the string copy wording
* Curl_hsts_loadcb: don't attempt to load if hsts wasn't inited
* curl_setup.h: sync values for HTTP_ONLY
* curl_url_get.3: clarify about path and query
* CURLMOPT_TIMERFUNCTION.3: remove misplaced "time"
* CURLOPT_SSL_CTX_*.3: tidy up the example
* CURLOPT_UNIX_SOCKET_PATH.3: remove nginx reference, add see also
* docs/MQTT: update state of username/password support
* docs: remove experimental mentions from HSTS and MQTT
* docs: the security list is reached at security at now
* easy: use a custom implementation of wcsdup on Windows
* examples/*hiperfifo.c: fix calloc arguments to match function proto
* examples/cookie_interface: avoid printfing time_t directly
* examples/cookie_interface: fix scan-build printf warning
* examples/ephiperfifo.c: simplify signal handler
* FAQ: add two dev related questions
* getparameter: fix the --local-port number parser
* happy-eyeballs-timeout-ms.d: polish the wording
* hostip: Make Curl_ipv6works function independent of getaddrinfo
* http2: Curl_http2_setup needs to init stream data in all invokes
* http2: revert a change that broke upgrade to h2c
* http2: revert call the handle-closed function correctly on closed stream
* http: disallow >3-digit response codes
* http: ignore content-length if any transfer-encoding is used
* http_proxy: clear 'sending' when the outgoing request is sent
* http_proxy: fix the User-Agent inclusion in CONNECT
* http_proxy: fix user-agent and custom headers for CONNECT with hyper
* http_proxy: only wait for writable socket while sending request
* INTERNALS: bump c-ares requirement to 1.16.0
* INTERNALS: c-ares has a new home:
* lib: don't use strerror()
* libcurl-errors.3: clarify two CURLUcode errors
* limit-rate.d: clarify base unit
* mailing lists: move from to
* mbedtls: avoid using a large buffer on the stack
* mbedTLS: initial 3.0.0 support
* mbedtls_threadlock: fix unused variable warning
* Fix showing symbol's last used version
* match symbols case insenitively
* multi: fix compiler warning with `CURL_DISABLE_WAKEUP`
* ngtcp2: compile with the latest ngtcp2 and nghttp3
* ngtcp2: fix build with ngtcp2 and nghttp3
* ngtcp2: remove the acked_crypto_offset struct field init
* ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read
* ngtcp2: reset the oustanding send buffer again when drained
* ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream
* ngtcp2: stop buffering crypto data
* ngtcp2: utilize crypto API functions to simplify
* openssl: annotate SSL3_MT_SUPPLEMENTAL_DATA
* openssl: when creating a new context, there cannot be an old one
* opt-docs: make sure all man pages have examples
* opt-docs: verify man page sections + order
* opts docs: unify phrasing in NAME header
* output.d: add method to suppress response bodies
* page-header: add GOPHERS, simplify wording in the 1st para
* progress: fix a compile warning on some systems
* progress: make trspeed avoid floats
* runtests: add option -u to error on server unexpectedly alive
* schannel: Work around typo in classic mingw macro
* scripts: invoke interpreters through /usr/bin/env
* setopt: enable CURLOPT_IGNORE_CONTENT_LENGTH for hyper
* strerror.h: remove the #include from files not using it
* symbols-in-versions: fix CURLSSLBACKEND_QSOSSL last used version
* test1138: remove trailing space to make work with hyper
* test1173: check references to libcurl options
* test1280: CRLFify the response to please hyper
* test1565: fix windows build errors
* test365: verify response with chunked AND Content-Length headers
* tests/* flush output before executing subprocess
* tests/* remove pidfile on server termination
* tests/ cleanup copy&paste mistakes and unused code
* tests/server/*.c: align handling of portfile argument and file
* tests: adjust the tftpd output to work with hyper mode
* tests: be explicit about using 'python3' instead of 'python'
* tests: enable test 1129 for hyper builds
* tests: make three tests pass until 2037
* tool/tests: fix potential year 2038 issues
* tool_operate: Fix --fail-early with parallel transfers
* url: fix compiler warning in no-verbose builds
* urlapi.c:seturl: assert URL instead of using if-check
* vtls: fix typo in schannel_verify.c
* winbuild/ clarify GEN_PDB option
* wolfssl: clean up wolfcrypt error queue
* write-out.d: clarify size_download/upload
* x509asn1: fix heap over-read when parsing x509 certificates

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2021-09-26 12:54 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-26 12:52 Updated: curl, libcurl{4, -devel, -doc}, mingw64-{x86_64, i686}-curl 7.79.1 Cygwin curl Maintainer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).