Updated: curl, libcurl{4, -devel, -doc}, mingw64-{x86_64, i686}-curl 7.74

Brian Inglis Brian.Inglis@SystematicSW.ab.ca
Mon Dec 14 19:51:36 GMT 2020


The following packages have been upgraded in the Cygwin distribution:

* curl			7.74
* libcurl4		7.74
* libcurl-devel		7.74
* libcurl-doc		7.74
* mingw64-x86_64-curl	7.74
* mingw64-i686-curl	7.74

Command line tool and Library supporting transferring files with
URL syntax, using FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, and
FILE, SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form
based upload, proxies, cookies, user+password authentication (Basic,
Digest, NTLM, Negotiate...), file transfer resume, proxy tunneling and a
busload of other useful tricks.

For more information see the project home page:

	https://curl.se/


This release enables debug mode, previously a default:

https://github.com/curl/curl/blob/0d75bf9ae99f62ac5aab46cd281fd5a7e0760a69/lib/vtls/openssl.c#L4244-L4259
For debug builds be a little stricter and error on any SSL_ERROR_SYSCALL.
For example a server may have closed the connection abruptly without a
close_notify alert.

*Curl users should be aware that deviations from strict protocol are
deprecated and will be reported as errors unconditionally in a near
future release.*


As there are multiple components and many changes each release please
see below or read /usr/share/doc/curl/RELEASE-NOTES after installation
for complete details:

	https://curl.se/changes.html

curl and libcurl 7.74.0

This release includes the following changes:

* hsts: add experimental support for Strict-Transport-Security [37]

This release includes the following bugfixes:

* CVE-2020-8286: Inferior OCSP verification [93]
* CVE-2020-8285: FTP wildcard stack overflow [95]
* CVE-2020-8284: trusting FTP PASV responses [97]
* alt-svc: enable (in the build) by default [20]
* connect: repair build without ipv6 availability [19]
* curl.1: add an "OUTPUT" section at the top of the manpage [32]
* curl.se: new home [59]
* curl: only warn not fail, if not finding the home dir [15]
* docs: document the 8MB input string limit [57]
* header.d: mention the "Transfer-Encoding: chunked" handling [45]
* httpput-postfields.c: new example doing PUT with POSTFIELDS [35]
* libssh2: fix transport over HTTPS proxy [31]
* ngtcp2: adapt to recent nghttp3 updates [49]
* ngtcp2: advertise h3 ALPN unconditionally [72]
* ngtcp2: Fix build error due to symbol name change [90]
* ngtcp2: use the minimal version of QUIC supported by ngtcp2 [67]
* range.d: clarify that curl will not parse multipart responses [36]
* scripts/completion.pl: parse all opts [101]
* socks: check for DNS entries with the right port number [74]
* tool_help: make "output" description less confusing [21]
* tool_operate: --retry for HTTP 408 responses too [43]
* tool_operate: bail out proper on errors during parallel transfers [29]
* urlapi: don't accept blank port number field without scheme [98]
* urlapi: URL encode a '+' in the query part [14]



More information about the Cygwin-announce mailing list