Updated: nghttp2, libnghttp2-devel/_14 mingw64-x86_64-nghttp2 1.61

2024-04-06 Thread Cygwin nghttp2 Maintainer 
The following packages have been upgraded in the Cygwin distribution:

* nghttp2   1.61
* libnghttp2-devel  1.61
* libnghttp2_14 1.61
* mingw64-x86_64-nghttp21.61

HTTP/2 and its header compression algorithm HPACK implementation.
The framing layer of HTTP/2 is implemented as a reusable library.
Also included are an HTTP/2 client, server, proxy, load test and
benchmarking tool.

For more information see the project home page:

https://nghttp2.org/

or the repo README:

https://github.com/nghttp2/nghttp2#readme

See link or text below for recent changes; after installation for
complete details of changes read /usr/share/doc/nghttp2/ChangeLog.

https://nghttp2.org/blog/

NOTE

Support for previously deprecated Python bindings, modules,
and documentation was dropped some releases ago.


2024-04-04  1.61.0

Security Advisory

CVE-2024-28182: Reading unbounded number of HTTP/2 CONTINUATION frames
causes excessive CPU usage

nghttp2 library keeps reading an unbounded number of HTTP/2
CONTINUATION frames even after a stream is reset to keep HPACK context
in sync.
This causes excessive CPU usage to decode HPACK stream.

See also https://www.kb.cert.org/vuls/id/421644

nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of
CONTINUATION frames it can accept after a HEADERS frame.
The default limits the number of CONTINUATION frames after a HEADERS
frame to 8.
The limit is also now configurable.


h2load

Allow host header to be overridden


nghttp

Support SSLKEYLOGFILE


nghttpd

Fix read stall


nghttpx

Faster worker lookup
Header idle timeout
Allocate 3 bits for QUIC configuration in Connection ID
Discard UDP datagram that is too short to be a valid QUIC packet
Drop a UDP datagram from well-known port
Fix error message
Fix frontend-header-timeout does not work in config file
Fix port byte order
Migrate to ares_getaddrinfo
More QUIC prohibited ports
Rework Connection ID construction
Rework QUIC stateless reset packet size
Shutdown h3 stream read with trailer as well
Simplify quic connection close handling
Split thread into worker_process and thread


lib

Add actions/stale
Automate release process
Further reduce Stateless reset emission
No rfc7540 priorities fix
Rewrite hexdump


build

autotools: Switch to tar-pax
autotools: Use tar-ustar automake option
cmake: check SSL_provide_quic_data when ENABLE_HTTP3 is ON
Respect BUILD_STATIC_LIBS and add option for tests


third-party

bpf: Drop bad QUIC packet
Bump munit
Bump ngtcp2
Bump github.com/quic-go/quic-go from 0.41.0 to 0.42.0
Bump golang.org/x/net from 0.21.0 to 0.22.0
Checkout with submodules
docker: Use copy --link
docker: Switch to distroless/base-nossl
Workaround llvm issue on github ubuntu runner
-- 
  *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

The easiest way to unsubscribe is to visit 
, and click 'Unsubscribe'.

If you need more information on unsubscribing, start reading here: 
.

Updated: pkgconf 2.2.0-1

2024-04-06 Thread ASSI 


The following packages have been uploaded to the Cygwin distribution:

 libpkgconf-devel-2.2.0-1
 libpkgconf4-2.2.0-1
 pkg-config-2.2.0-1
 pkgconf-2.2.0-1

pkgconf is a program which helps to configure compiler and linker flags 
for development frameworks.  It is an alternative to pkg-config.

This is an update to the latest upstream release.  The cross-pkg-config 
commands have been switched to symlinks based on upstream advice.

-- 
-- 
  *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

The easiest way to unsubscribe is to visit 
, and click 'Unsubscribe'.

If you need more information on unsubscribing, start reading here: 
.

Updated: upx-4.2.3-1

2024-04-06 Thread ASSI 


UPX has been updated to version 4.2.3, see the release news for changes:

https://upx.github.io/upx-news.txt

UPX is a free, portable, extendable, high-performance executable packer
for several executable formats.

UPX upstream bundles all dependencies as source and links them in
directly during the build starting with this release, so the Cygwin
package no longer depends on zlib0 and ucl.

-- 
-- 
  *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

The easiest way to unsubscribe is to visit 
, and click 'Unsubscribe'.

If you need more information on unsubscribing, start reading here: 
.

Updated: zstd-1.5.6-1 and development headers / libraries

2024-04-06 Thread ASSI 


This release updates Zstandard to the latest upstream version, which is
a maintenance release with bugfixes and minor performance improvements.


Zstandard, or zstd as short version, is a fast lossless compression
algorithm, targeting real-time compression scenarios at zlib-level and
better compression ratios.

http://www.zstd.net/


Besides a standalone compression tool, development headers and a library
with comprehensive API are available both for Cygwin native applications
and cross-compilation toolchains in the following sub-packages:

libzstd-devel-1.5.6-1
libzstd1-1.5.6-1
mingw64-i686-zstd-1.5.6-1
mingw64-x86_64-zstd-1.5.6-1

Notes
-

This version is compiled with support for GZip, LZ4 and Xz compression
and all libraries are built with MT capability.  Support for legacy
formats from ZStandard versions before 1.0 has been removed.

-- 
-- 
  *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

The easiest way to unsubscribe is to visit 
, and click 'Unsubscribe'.

If you need more information on unsubscribing, start reading here: 
.

Updated: Perl distributions

2024-04-06 Thread ASSI 


The following Perl distributions have been updated to their latest
release version available on CPAN:

noarch
--
 perl-DateTime-Locale-1.41-1


-- 
-- 
  *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

The easiest way to unsubscribe is to visit 
, and click 'Unsubscribe'.

If you need more information on unsubscribing, start reading here: 
.

Re: Cygwin a bit slow

2024-04-06 Thread Lee via Cygwin 
On Fri, Apr 5, 2024 at 11:18 AM J M  wrote:
>
> Hi,
>
> I'm seeing that Cygwin is a bit slow, directly and after comparing to
> simple ubuntu virtual machines by example.
>
> Specifically:
>
> - Copy and paste texts in vim, I see clearly the slow in paste.

I don't know about the rest, but paste being slow is an old problem - eg:
Subject: speeding up a paste operation
To:  cygwin@cygwin.com
Date:Fri, Aug 24, 2018 at 7:30 PM

at least on my machine, there's a clear
winner for pasting in an absurdly large amount of text:

$ time d2u < /dev/clipboard > hosts-3.txt

real0m11.372s
user0m3.749s
sys 0m6.984s

$ time cat /dev/clipboard | tr -d '\r' > hosts-2.txt

real0m4.405s
user0m0.124s
sys 0m3.577s

$ time getclip -u > hosts.txt

real0m0.734s
user0m0.031s
sys 0m0.031s

Regards,
Lee

-- 
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple