[ANNOUNCEMENT] Updated: curl/libcurl4/-devel/-doc, mingw64-x86_64-curl 8.3
The following packages have been upgraded in the Cygwin distribution:
* curl 8.3
* libcurl4 8.3
* libcurl-devel 8.3
* libcurl-doc 8.3
* mingw64-x86_64-curl 8.3
Command line tool and Library supporting transferring files with
URL syntax, using FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, and
FILE, SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form
based upload, proxies, cookies, user+password authentication (Basic,
Digest, NTLM, Negotiate...), file transfer resume, proxy tunneling and a
busload of other useful tricks.
For more information see the project home page:
https://curl.se/
As there are multiple components and many changes each release please
see below or read /usr/share/doc/curl/RELEASE-NOTES after installation;
for complete details of changes since the previous Cygwin release see:
/usr/share/doc/curl/CHANGES
or
https://curl.se/changes.html
curl and libcurl 8.3.0 2023-09-13
Public curl releases:251
Command line options:257
curl_easy_setopt() options: 303
Public functions in libcurl: 92
Contributors: 2977
Planned upcoming removals include:
- support for space-separated NOPROXY patterns
- support for the original legacy mingw version 1
See https://curl.se/dev/deprecate.html for details
This release includes the following known bugs:
- see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
This release includes the following changes:
- curl: make %output{} in -w specify a file to write to
- gskit: remove
- lib: --disable-bindlocal builds curl without local binding support
- nss: remove support for this TLS library
- tool: add "variable" support
- trace: make tracing available in non-debug builds
- url: change default value for CURLOPT_MAXREDIRS to 30
- urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name
- wolfssl: support loading system CA certificates
This release includes the following bugfixes:
- altsvc: accept and parse IPv6 addresses in response headers
- asyn-ares: reduce timeout to 2000ms
- aws-sigv4: canonicalize the query
- aws-sigv4: fix having date header twice in some cases
- aws-sigv4: handle no-value user header entries
- bearssl: don't load CA certs when peer verification is disabled
- bearssl: handshake fix, provide proper get_select_socks() implementation
- build: fix portability of mancheck and checksrc targets
- build: streamline non-UWP wincrypt detections
- c-hyper: adjust the hyper to curlcode conversion
- c-hyper: fix memory leaks in `Curl_http`
- cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the *source* IP
- cf-socket: log successful interface bind
- CI/cirrus: disable python install on FreeBSD
- CI: add a 32-bit i686 Linux build
- CI: add caching to many jobs
- CI: move on to ngtcp2 v0.19.1
- CI: move the Alpine build from Cirrus to GHA
- CI: ngtcp2-linux: use separate caches for tls libraries
- CI: remove Windows builds from Cirrus, without replacement
- CI: switch macOS ARM build from Cirrus to Circle CI
- CI: use master again for wolfssl
- cirrus: install everthing with pkg, avoid pip
- cmake: add GnuTLS option
- cmake: add support for `CURL_DEFAULT_SSL_BACKEND`
- cmake: add support for single libcurl compilation pass
- cmake: allow `SHARE_LIB_OBJECT=ON` on all platforms
- cmake: assume `wldap32` availability on Windows
- cmake: cache more config and delete unused ones
- cmake: detect `SSL_set0_wbio` in OpenSSL
- cmake: drop `HAVE_LIBWINMM` and `HAVE_LIBWS2_32` feature checks
- cmake: fix to use variable for the curl namespace
- cmake: fixup H2 duplicate symbols for unity builds
- cmake: set SIZEOF_LONG_LONG in curl_config.h
- cmake: support building static and shared libcurl in one go
- cmdline-docs: make sure to phrase it as "added in "
- cmdline-docs: use present tense, not future
- cmdline-opts/docs: mention the negative option part
- cmdline-opts/page-header: clarify stronger that !opt == URL
- cmdline-opts/page-header: reorder, clean up
- configure, cmake, lib: more form api deprecation
- configure: fix `HAVE_TIME_T_UNSIGNED` check
- configure: trust pkg-config when it's used for zlib
- configure: use the pkg-config --libs-only-l flag for libssh2
- connect: stop halving the remaining timeout when less than 600 ms left
- cookie-jar.d: emphasize that this option is ONLY writing cookies
- crypto: ensure crypto initialization works
- curl_url_get/set.3: add missing semicolon in SYNOPSIS
- CURLINFO_CERTINFO.3: better explain curl_certinfo struct
- CURLINFO_TLS_SSL_PTR.3: clarify a recommendation
- CURLOPT_*TIMEOUT*: extend and clarify
- CURLOPT_SSL_VERIFYPEER.3: mention it does not load CA certs when disabled
- CURLOPT_URL.3: add two URL API calls in the see-also section
- CURLOPT_URL.3: explain curl_url_set() uses the same parser
- digest: Use hostname to generate spn instead of realm
- disable.d: explain --disable not implemented prior to 7.50.0
- docs/cmdline-opts/gen.pl: hide
[ANNOUNCEMENT] Updated: curl/libcurl4/-devel/-doc, mingw64-x86_64-curl 8.2.1
The following packages have been upgraded in the Cygwin distribution: * curl 8.2.1 * libcurl4 8.2.1 * libcurl-devel 8.2.1 * libcurl-doc 8.2.1 * mingw64-x86_64-curl 8.2.1 Command line tool and Library supporting transferring files with URL syntax, using FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, and FILE, SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate...), file transfer resume, proxy tunneling and a busload of other useful tricks. For more information see the project home page: https://curl.se/ As there are multiple components and many changes each release please see below or read /usr/share/doc/curl/RELEASE-NOTES after installation; for complete details of changes since the previous Cygwin release see: /usr/share/doc/curl/CHANGES or https://curl.se/changes.html curl and libcurl 8.2.1 2023-07-26 Public curl releases:221 Command line options:255 curl_easy_setopt() options: 303 Public functions in libcurl: 91 Contributors: 2927 Planned upcoming removals include: - gskit - NSS - support for space-separated NOPROXY patterns - support for the original legacy mingw version 1 See https://curl.se/dev/deprecate.html for details This release includes the following known bugs: - see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html) This release includes the following bugfixes: - amigaos: fix sys/mbuf.h m_len macro clash - amissl: add missing signal.h include - amissl: fix AmiSSL v5 detection - cfilters: rename close/connect functions to avoid clashes - ciphers.d: put URL in first column - cmake: add `libcurlu`/`libcurltool` for unit tests - cmake: update ngtcp2 detection - configure: check for nghttp2_session_get_stream_local_window_size - CONTRIBUTE: drop mention of copyright year ranges - CONTRIBUTE: fix syntax in commit message description - curl_multi_wait.3: fix arg quoting to doc macro .BR - docs: mark two TLS options for TLS, not SSL - docs: provide more see also for cipher options - hostip: return IPv6 first for localhost resolves - http2: fix regression on upload EOF handling - http: VLH, very large header test and fixes - libcurl-errors.3: add CURLUE_OK - os400: correct EXPECTED_STRING_LASTZEROTERMINATED - quiche: fix lookup of transfer at multi - quiche: fix segfault and other things - rustls: update rustls-ffi 0.10.0 - socks: print ipv6 address within brackets - src/mkhelp: strip off escape sequences - tool: fix tool_seek_cb build when SIZEOF_CURL_OFF_T > SIZEOF_OFF_T - transfer: do not clear the credentials on redirect to absolute URL - unittest: remove unneeded *_LDADD - websocket: rename arguments/variables to match docs -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
[ANNOUNCEMENT] Updated: curl/libcurl4/-devel/-doc, mingw64-x86_64-curl 8.2
The following packages have been upgraded in the Cygwin distribution: * curl 8.2 * libcurl4 8.2 * libcurl-devel 8.2 * libcurl-doc 8.2 * mingw64-x86_64-curl 8.2 Command line tool and Library supporting transferring files with URL syntax, using FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, and FILE, SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate...), file transfer resume, proxy tunneling and a busload of other useful tricks. For more information see the project home page: https://curl.se/ As there are multiple components and many changes each release please see below or read /usr/share/doc/curl/RELEASE-NOTES after installation; for complete details of changes since the previous Cygwin release see: /usr/share/doc/curl/CHANGES or https://curl.se/changes.html curl and libcurl 8.22023-07-19 Public curl releases:220 Command line options:255 curl_easy_setopt() options: 303 Public functions in libcurl: 91 Contributors: 2922 Planned upcoming removals include: * gskit * NSS * support for space-separated NOPROXY patterns * support for the original legacy mingw version 1 See https://curl.se/dev/deprecate.html for details This release includes the following known bugs: * see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html) This release includes the following changes: * curl: add --ca-native and --proxy-ca-native * curl: add --trace-ids * CURLOPT_MAIL_RCPT_ALLOWFAILS: replace CURLOPT_MAIL_RCPT_ALLLOWFAILS * haproxy: add --haproxy-clientip flag to set client IPs * lib: add CURLINFO_CONN_ID and CURLINFO_XFER_ID This release includes the following bugfixes: * bufq: make write/pass methods more robust * build: drop unused/redundant `HAVE_WINLDAP_H` * cf-socket: don't bypass fclosesocket callback if cancelled before connect * cf-socket: move ctx declaration under HAVE_GETPEERNAME * cf-socket: skip getpeername()/getsockname for TFTP * checksrc: modernise perl file open * checksrc: quote the file name to work with "funny" letters * CI: brew fix for openssl in default path * CI: don't install impacket if tests are not run * CI: enable parallel make in more builds * circleci: install impacket & wolfssl 5.6.0 * cmake: add support for "unity" builds * cmake: make use of snprintf * cmake: stop CMake from quietly ignoring missing Brotli * configure: add check for ldap_init_fd * configure: fix run-compiler for old /bin/sh * configure: the --without forms of the options are also gone * connect-timeout.d: mention that the DNS lookup is included * curl.h: include for vxworks * curl: count uploaded data to stop at the originally given size * curl: return error when asked to use an unsupported HTTP version * curl_easy_nextheader.3: add missing open parenthesis examples * curl_log: evaluate log statement only when transfer is verbose * curl_mprintf.3: minor fix of the example * curl_pushheader_byname/bynum.3: document in their own man pages * curl_url_set: enforce the max string length check for all parts * CURLOPT_AWS_SIGV4.3: remove unused variable from example * CURLOPT_INFILESIZE.3: mention -1 triggers chunked * CURLOPT_MIMEPOST.3: clarify what setting to NULL means * CURLOPT_SSH_PRIVATE_KEYFILE.3: expand on the file search * docs/libcurl/libcurl.3: cleanups and improvements * docs: add more .IP after .RE to fix indentation of generate paragraphs * docs: fix missing parameter names in examples * docs: update CURLOPT_UPLOAD.3 * docs: update HTTP3.md for newer ngtcp2 and nghttp3 * docs: use a space after RFC when spelling out RFC numbers * example/connect-to: show CURLOPT_CONNECT_TO * example/crawler: also set CURLOPT_AUTOREFERER * example/crawler: make it use a few more options * example/default-scheme: set the default scheme for schemeless URLs * example/hsts-preload: show one way to HSTS preload * example/http2-download: set CURLOPT_BUFFERSIZE * example/ipv6: feature CURLOPT_ADDRESS_SCOPE in use * example/maxconnects: set maxconnect example * example/opensslthreadlock: remove * examples/ftpuploadresume.c: add use of CURLOPT_ACCEPTTIMEOUT_MS * examples/http-options: show how to send "OPTIONS *" * examples/https.c: use CURLOPT_CA_CACHE_TIMEOUT * examples/multi-debugcallback.c: avoid the bool typedef * examples/smtp-mime: use CURLOPT_MAIL_RCPT_ALLOWFAILS * examples/unixsocket.c: example using CURLOPT_UNIX_SOCKET_PATH * examples/websocket.c: websocket example using CONNECT_ONLY * examples: make use of CURLOPT_(REDIR_|)PROTOCOLS_STR * fopen: fix conversion warning on 32-bit Android * fopen: optimize * hostip.c: Move macOS-specific calls into global init call * HTTP/2: upload handling fixes * http2: better support for --limit-rate * http2: error stream resets with code CURLE_HTTP2_STREAM * http2: fix crash in handling stream weights * http2: fix variable type *
[ANNOUNCEMENT] Updated: curl/libcurl4/-devel/-doc, mingw64-x86_64-curl 8.1.2
The following packages have been upgraded in the Cygwin distribution: * curl 8.1.2 * libcurl4 8.1.2 * libcurl-devel 8.1.2 * libcurl-doc 8.1.2 * mingw64-x86_64-curl 8.1.2 Command line tool and Library supporting transferring files with URL syntax, using FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, and FILE, SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate...), file transfer resume, proxy tunneling and a busload of other useful tricks. For more information see the project home page: https://curl.se/ As there are multiple components and many changes each release please see below or read /usr/share/doc/curl/RELEASE-NOTES after installation; for complete details of changes since the previous Cygwin release see: /usr/share/doc/curl/CHANGES or https://curl.se/changes.html curl and libcurl 8.1.2 2023-05-30 Public curl releases:219 Command line options:251 curl_easy_setopt() options: 302 Public functions in libcurl: 91 Contributors: 2888 Planned upcoming removals include: * gskit * NSS * support for space-separated NOPROXY patterns * support for the original legacy mingw version 1 See https://curl.se/dev/deprecate.html for details This release includes the following known bugs: * see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html) This release includes the following bugfixes: * configure: quote the assignments for run-compiler * configure: without pkg-config and no custom path, use -lnghttp2 * curl: cache the --trace-time value for a second * http2: fix EOF handling on uploads with auth negotiation * http3: send EOF indicator early as possible * lib1560: verify more scheme guessing * lib: remove unused functions, make single-use static * libcurl.m4: remove trailing 'dnl' that causes this to break autoconf * libssh: when keyboard-interactive auth fails, try password * misc: fix spelling mistakes * page-header: mention curl version and how to figure out current release * page-header: minor wording polish in the URL segment * scripts/singleuse.pl: add more API calls * urlapi: remove superfluous host name check -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
[ANNOUNCEMENT] Updated: curl/libcurl4/-devel/-doc, mingw64-x86_64-curl 8.1.1
The following packages have been upgraded in the Cygwin distribution: * curl 8.1.1 * libcurl4 8.1.1 * libcurl-devel 8.1.1 * libcurl-doc 8.1.1 * mingw64-x86_64-curl 8.1.1 Command line tool and Library supporting transferring files with URL syntax, using FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, and FILE, SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate...), file transfer resume, proxy tunneling and a busload of other useful tricks. For more information see the project home page: https://curl.se/ As there are multiple components and many changes each release please see below or read /usr/share/doc/curl/RELEASE-NOTES after installation; for complete details of changes since the previous Cygwin release see: /usr/share/doc/curl/CHANGES or https://curl.se/changes.html curl and libcurl 8.1.1 2023-05-23 Public curl releases:218 Command line options:251 curl_easy_setopt() options: 302 Public functions in libcurl: 91 Contributors: 2875 Planned upcoming removals include: * gskit * NSS * support for space-separated NOPROXY patterns * support for the original legacy mingw version 1 See https://curl.se/dev/deprecate.html for details This release includes the following known bugs: * see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html) This release includes the following bugfixes: o cf-socket: completely remove the disabled USE_RECV_BEFORE_SEND_WORKAROUND [12] o checksrc: disallow spaces before labels [16] o cmake: avoid `list(PREPEND)` for compatibility [24] o cmake: repair cross compiling [10] o configure: fix --help alignment [9] o configure: generate a script to run the compiler [11] o curl_easy_getinfo: clarify on return data types [15] o docs: document that curl_url_cleanup(NULL) is a safe no-op [4] o hostip: move easy_lock.h include above curl_memory.h [14] o http2: double http request parser max line length [8] o http2: increase stream window size to 10 MB [22] o http2: upload improvements [21] o lib: fix conversion warnings with gcc on macOS o lib: rename struct 'http_req' to 'httpreq' [23] o ngtcp2: fix compiler warning about possible null-deref [3] o ngtcp2: proper handling of uint64_t when adjusting send buffer [1] o os400: update chkstrings.c [2] o runtests: handle interrupted reads from IPC pipes o runtests: use the correct fd after select [20] o sectransp.c: make the code c89 compatible [17] o select: avoid returning an error on EINTR from select() or poll() [5] o test425: fix the log directory for the upload o url: provide better error message when URLs fail to parse [18] o urlapi: allow numerical parts in the host name [7] o vquic.c: make recvfrom_packets static, avoid compiler warning [6] -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
[ANNOUNCEMENT] Updated: curl/libcurl4/-devel/-doc, mingw64-x86_64-curl 8.1.0
The following packages have been upgraded in the Cygwin distribution: * curl 8.1.0 * libcurl4 8.1.0 * libcurl-devel 8.1.0 * libcurl-doc 8.1.0 * mingw64-x86_64-curl 8.1.0 Command line tool and Library supporting transferring files with URL syntax, using FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, and FILE, SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate...), file transfer resume, proxy tunneling and a busload of other useful tricks. For more information see the project home page: https://curl.se/ As there are multiple components and many changes each release please see below or read /usr/share/doc/curl/RELEASE-NOTES after installation; for complete details of changes since the previous Cygwin release see: /usr/share/doc/curl/CHANGES or https://curl.se/changes.html curl and libcurl 8.1.0 2023-05-17 Public curl releases:217 Command line options:251 curl_easy_setopt() options: 302 Public functions in libcurl: 91 Contributors: 2875 Planned upcoming removals include: * gskit * NSS * support for space-separated NOPROXY patterns * support for the original legacy mingw version 1 See https://curl.se/dev/deprecate.html for details This release includes the following known bugs: * see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html) This release includes the following changes: * curl: add --proxy-http2 * CURLPROXY_HTTPS2: for HTTPS proxy that may speak HTTP/2 * hostip: refuse to resolve the .onion TLD * tool_writeout: add URL component variables This release includes the following bugfixes: * amiga: Fix CA certificate paths for AmiSSL and MorphOS * autotools: sync up clang picky warnings with cmake * aws-sigv4.d: fix region identifier in example * bufq: simplify since expression is always true * cf-h1-proxy: skip an extra NULL assign * cf-h2-proxy: fix processing ingress to stop too early * cf-socket: add socket recv buffering for most tcp cases * cf-socket: Disable socket receive buffer by default * cf-socket: remove dead code discovered by PVS * cf-socket: turn off IPV6_V6ONLY on Windows if it is supported * checksrc: check for spaces before the colon of switch labels * checksrc: find bad indentation in conditions without open brace * checksrc: fix SPACEBEFOREPAREN for conditions starting with "*" * ci: `-Wno-vla` no longer necessary * CI: fix brew retries on GHA * CI: Set minimal permissions on workflow ngtcp2-quictls.yml * CI: skip Azure for commits which change only GHA * CI: use another glob syntax for matching files on Appveyor * cmake: bring in the network library on Haiku * cmake: do not add zlib headers for openssl * CMake: make config version 8 compatible with 7 * cmake: picky-linker fixes for openssl, ZLIB, H3 and more * cmake: set SONAME for SunOS too * cmake: speed up and extend picky clang/gcc options * CMakeLists.txt: fix typo for Haiku detection * compressed.d: clarify the words on "not notifying headers" * config-dos.h: fix SIZEOF_CURL_OFF_T for MS-DOS/DJGPP * configure: don't set HAVE_WRITABLE_ARGV on Windows * configure: fix detection of apxs (for httpd) * configure: make quiche require quiche_conn_send_ack_eliciting * connect: fix https connection setup to treat ssl_mode correctly * content_encoding: only do transfer-encoding compression if asked to * cookie: address PVS nits * cookie: clarify that init with data set to NULL reads no file * curl: do NOT append file name to path for upload when there's a query * curl_easy_getinfo.3: typo fix (duplicated "from the") * curl_easy_unescape.3: rename the argument * curl_path: bring back support for SFTP path ending in /~ * curl_url_set.3: mention that users can set content rather freely * CURLOPT_IPRESOLVE.3: this for host names, not IP addresses * data.d: emphasize no conversion * digest: clear target buffer * doc: curl_mime_init() strong easy binding was relaxed in 7.87.0 * docs/cmdline-opts: document the dotless config path * docs/examples/protofeats.c: outputs all protocols and features * docs/libcurl/curl_*escape.3: rename "url" argument to "input"/"string" * docs/SECURITY-ADVISORY.md: how to write a curl security advisory * docs: bump the minimum perl version to 5.6 * docs: clarify that more backends have HTTPS proxy support * dynbuf: never allocate larger than "toobig" * easy_cleanup: require a "good" handle to act * ftp: fix 'portsock' variable was assigned the same value * ftp: remove dead code * ftplistparser: move out private data from public struct * ftplistparser: replace realloc with dynbuf * gen.pl: error on duplicated See-Also fields * getpart: better handle case of file not found * GHA-linux: add an address-sanitizer build * GHA: add a memory-sanitizer job * GHA: run all linux test jobs with valgrind * GHA: suppress git clone output * GIT-INFO: add
[ANNOUNCEMENT] Updated: curl/libcurl4/-devel/-doc, mingw64-x86_64-curl 8.0.1
The following packages have been upgraded in the Cygwin distribution:
* curl 8.0.1
* libcurl4 8.0.1
* libcurl-devel 8.0.1
* libcurl-doc 8.0.1
* mingw64-x86_64-curl 8.0.1
Command line tool and Library supporting transferring files with
URL syntax, using FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, and
FILE, SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form
based upload, proxies, cookies, user+password authentication (Basic,
Digest, NTLM, Negotiate...), file transfer resume, proxy tunneling and a
busload of other useful tricks.
To celebrate curl's *25th* anniversary, the version has been
bumped to 8!
Congratulations and thanks are due to the curl developers and
contributors for their achievements, efforts, and support for
all those years.
For more information see the project home page:
https://curl.se/
As there are multiple components and many changes each release please
see below or read /usr/share/doc/curl/RELEASE-NOTES after installation;
for complete details of changes since the previous Cygwin release see:
/usr/share/doc/curl/CHANGES
or
https://curl.se/changes.html
curl and libcurl 8.0.1 2023-03-20
Public curl releases:216
Command line options:250
curl_easy_setopt() options: 302
Public functions in libcurl: 91
Contributors: 2841
Planned upcoming removals include:
- gskit
- NSS
- support for space-separated NOPROXY patterns
- support for the original legacy mingw version 1
See https://curl.se/dev/deprecate.html for details
This release includes the following known bugs:
* see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
This release includes the following changes:
* build: remove support for curl_off_t < 8 bytes
This release includes the following bugfixes:
* Revert "multi: remove PENDING + MSGSENT handles"
* .cirrus.yml: Bump to FreeBSD 13.2
* aws_sigv4: fall back to UNSIGNED-PAYLOAD for sign_as_s3
* BINDINGS: add Fortran binding
* build: drop the use of XC_AMEND_DISTCLEAN
* build: fix stdint/inttypes detection with non-autotools
* cf-socket: fix handling of remote addr for accepted tcp sockets
* cf-socket: if socket is already connected, return CURLE_OK
* cf-socket: use port 80 when resolving name for local bind
* CI: don't run CI jobs if only another CI was changed
* CI: update ngtcp2 and nghttp2 for pytest
* cmake: delete unused HAVE__STRTOI64
* cmake: fix enabling LDAPS on Windows
* cmake: skip CA-path/bundle auto-detection in cross-builds
* connect: fix time_connect and time_appconnect timer statistics
* cookie: don't load cookies again when flushing
* cookie: parse without sscanf()
* curl.h: require gcc 12.1 for the deprecation magic
* curl: make -w's %{stderr} use the file set with --stderr
* curl_path: create the new path with dynbuf
* CURLOPT_PIPEWAIT: allow waited reuse also for subsequent connections
* CURLOPT_PROXY.3: curl+NSS does not handle HTTPS over unix domain socket
* CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe
* DEPRECATE: the original legacy mingw version 1
* doc: fix compiler warning in libcurl.m4
* docs/cmdline-opts: mark all global options
* docs/SECURITY-PROCESS.md: updates
* docs: extend the URL API descriptions
* docs: note '--data-urlencode' option
* DYNBUF.md: note Curl_dyn_add* calls Curl_dyn_free on failure
* easy: remove infof() debug leftover from curl_easy_recv
* examples/http3.c: use CURL_HTTP_VERSION_3
* ftp: active mode with SSL, add the filter
* ftp: add more conditions for connection reuse
* ftp: allocate the wildcard struct on demand
* ftp: make the EPSV response parser not use sscanf
* ftp: replace sscanf for MDTM 213 response parsing
* ftp: replace sscanf for PASV parsing
* gssapi: align `gss_OID_desc` to silence ld warnings on macOS ventura
* headers: make curl_easy_header and nextheader return different buffers
* hostip: avoid sscanf and extra buffer copies
* http2: fix error handling during parallel operations
* http2: fix for http2-prior-knowledge when reusing connections
* http2: fix handling of RST and GOAWAY to recognize partial transfers
* http2: fix upload busy loop
* http: don't send 100-continue for short PUT requests
* http: fix unix domain socket use in https connects
* http: rewrite the status line parser without sscanf
* http_proxy: parse the status line without sscanf
* idn: return error if the conversion ends up with a blank host
* krb5: avoid sscanf for parsing
* lib1560: test parsing URLs with ridiculously large fields
* lib2305: deal with CURLE_AGAIN
* lib517: verify time stamps without leading zeroes plus some more
* lib: silence clang/gcc -Wvla warnings in brotli headers
* lib: skip Curl_llist_destroy calls
* libcurl-errors.3: add the CURLHcode errors from curl_easy_header.3
* libssh2: only set the memory callbacks when debugging
* libssh2: remove unused variable from libssh2's struct
* libssh: use dynbuf instead of realloc
* Makefile.mk: delete
[ANNOUNCEMENT] Updated: curl/libcurl4/-devel/-doc, mingw64-x86_64-curl 7.88.1
The following packages have been upgraded in the Cygwin distribution:
* curl 7.88.1
* libcurl4 7.88.1
* libcurl-devel 7.88.1
* libcurl-doc 7.88.1
* mingw64-x86_64-curl 7.88.1
NOTE:
This release has been built with debug options disabled, as they are
strongly discouraged for production use, and displays warning messages.
Command line tool and Library supporting transferring files with
URL syntax, using FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, and
FILE, SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form
based upload, proxies, cookies, user+password authentication (Basic,
Digest, NTLM, Negotiate...), file transfer resume, proxy tunneling and a
busload of other useful tricks.
For more information see the project home page:
https://curl.se/
As there are multiple components and many changes each release please
see below or read /usr/share/doc/curl/RELEASE-NOTES after installation;
for complete details of changes since the previous Cygwin release see:
/usr/share/doc/curl/CHANGES
or
https://curl.se/changes.html
curl and libcurl 7.88.1 2023-02-20
* Public curl releases: 214
* Command line options: 250
* curl_easy_setopt() options: 302
* Public functions in libcurl: 91
* Contributors: 2818
The next release is planned and intended to become version 8.
Planned upcoming removals include:
* gskit
* NSS
* support for space-separated NOPROXY patterns
* support for systems without 64 bit data types
See https://curl.se/dev/deprecate.html for details
This release includes the following known bugs:
* see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
This release includes the following bugfixes:
* build-openssl.bat: keep OpenSSL 3 engine binaries
* cmake: fix Windows check for CryptAcquireContext
* connnect: fix timeout handling to use full duration
* curl: make --silent work stand-alone
* curl_setup: Suppress OpenSSL 3 deprecation warnings
* CURLOPT_WS_OPTIONS.3: fix the availability version
* GHA: update rustls dependency to 0.9.2
* http2: buffer/pausedata and output flush fix.
* http2: set drain on stream end
* http: include stdint.h more readily
* krb5: silence cast-align warning
* lib1560: add IPv6 canonicalization tests
* os400: correct Curl_os400_sendto()
* remote-header-name.d: mention that filename* is not supported
* runtests: fix "uninitialized value $port"
* setopt: allow HTTP3 when HTTP2 is not defined
* socketpair: allow EWOULDBLOCK when reading the pair check bytes
* socks: allow using DoH to resolve host names
* tests-httpd: add proxy tests
* tests: make sure gnuserv-tls has SRP support before using it
* tests: make the telnet server shut down a socket gracefully
* tool_getparam: make --get a true boolean
* tool_operate: allow debug builds to set buffersize
* urlapi: do the port number extraction without using sscanf()
* urldata: remove `now` from struct SingleRequest - not needed
curl and libcurl 7.88.0 2023-02-15
Numbers
the 213th release
5 changes
56 days (total: 9,098)
173 bug-fixes (total: 8,665)
250 commits (total: 29,821)
0 new public libcurl function (total: 91)
0 new curl_easy_setopt() option (total:302)
1 new curl command line option (total:250)
78 contributors, 41 new (total: 2,812)
42 authors, 18 new (total: 1,119)
3 security fixes(total:135)
Security
This time we bring you three security fixes.
All of them covering cases for which we have had problems reported and
fixed before, but these are new subtle variations.
* CVE-2023-23914: HSTS ignored on multiple requests
* CVE-2023-23915: HSTS amnesia with âparallel
* CVE-2023-23916: HTTP multi-header compression denial of service
Changes
* curl.h: add CURL_HTTP_VERSION_3ONLY
* share: add sharing of HSTS cache among handles
* src: add --http3-only
* tool_operate: share HSTS between handles
* urlapi: add CURLU_PUNYCODE
* writeout: add %{certs} and %{num_certs}
Bugfixes
* cf-socket: fix build when not HAVE_GETPEERNAME
* cf-socket: keep sockaddr local in the socket filters
* cfilters:Curl_conn_get_select_socks: use the first non-connected
filter
* CI: add a workflow to automatically label pull requests
* CI: add pytest GHA to CI test/tests-httpd on a HTTP/3 setup
* CI: Retry failed downloads to reduce spurious failures
* CI: update wolfssl / wolfssh to 5.5.4 / 1.4.12
* cmake: bump requirement to 3.7
* cmake: check for sendmsg
* cmake: delete redundant macro definition `SECURITY_WIN32`
* cmake: fix dev warning due to mismatched arg
* cmake: fix the snprintf detection
* cmake: remove deprecated symbols check
* cmake: set SOVERSION also for macOS
* cmake: use list APPEND syntax for CMAKE_REQUIRED_DEFINITIONS
* cmdline-opts/Makefile: on error, do not leave a partial
* CODEOWNERS: remove the peeps mentioned as CI owners
* connect: fix access of pointer
