Command line tool and Library supporting transferring files with
URL syntax, using FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, and
FILE, SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form
based upload, proxies, cookies, user+password authentication (Basic,
Digest, NTLM, Negotiate...), file transfer resume, proxy tunneling and a
busload of other useful tricks.
For more information see the project home page:
https://curl.se/
The following packages have been upgraded in the Cygwin distribution:
* curl 8.9.1
* libcurl-doc 8.9.1
* libcurl-devel 8.9.1
* libcurl4 8.9.1
* mingw64-x86_64-curl 8.9.1
This Cygwin release includes additional documentation including the
ebook Everything Curl in ePub and PDF formats, curl.txt, and MarkDown
documents.
For information on security vulnerabilities and fixes see:
https://curl.se/docs/security.html
As there are many functions and changes each release see below
or read /usr/share/doc/curl/RELEASE-NOTES after installation;
for complete details of changes see:
/usr/share/doc/curl/CHANGES
or
https://curl.se/changes.html
curl and libcurl 8.9.1 2024-07-31
Public curl releases: 259
Command line options: 263
curl_easy_setopt() options: 306
Public functions in libcurl: 94
Contributors: 3211
Planned upcoming removals include:
- TLS libraries not supporting TLS 1.3
See https://curl.se/dev/deprecate.html for details
This release includes the following known bugs:
- see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
This release includes the following bugfixes:
- cmake: detect `libssh` via `pkg-config`
- cmake: detect `nettle` when building with GnuTLS
- cmake: drop `if(PKG_CONFIG_FOUND)` guard for `pkg_check_modules()`
- configure: limit `__builtin_available` test to Darwin
- connect: fix connection shutdown for event based processing
- contrithanks.sh: use -F with -v to match lines as strings
- curl: more defensive socket code for --ip-tos
- CURLOPT_SSL_CTX_FUNCTION.md: mention CA caching
- CURLSHOPT_SHARE.md: mention sessions/cookies as not thread-safe
- example/multi-uv: remove the use of globals
- ftpserver.pl: make POP3 LIST serve content from the test file
- GHA/windows: increase timeout for vcpkg build step
- lib: survive some NULL input args
- macos: fix Apple SDK bug workaround for non-macOS targets
- misc: cleanup after removing years from copyright
- os400: build cli manual.
- os400: workaround an IBM ASCII run-time library bug
- RELEASE-PROCEDURE.md: remove the initial build step
- runtests: fold timing details with GHA, sync `-r` tflags
- tests: provide FTP directory contents in the test file
- tidy-up: URL updates
- TODO: thread-safe sharing
- transfer: speed limiting fix for 32bit systems
- vtls: avoid forward declaration in MultiSSL builds
- wolfSSL: allow wolfSSL's implementation of kyber to be used
- wolfssl: avoid calling get_cached_x509_store if store is uncachable
- wolfssl: CA store share fix
- x509asn1: unittests and fixes for gtime2str
CVE-2024-7264: ASN.1 date parser overread (severity low)
libcurlâs ASN1 parser code has the GTime2str() function, used for
parsing an ASN.1 Generalized Time field. If given an syntactically
incorrect field, the parser might end up using -1 for the length of
the time fraction, leading to a strlen() getting performed on a
pointer to a heap buffer area that is not (purposely) null terminated.
--
*** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***
The easiest way to unsubscribe is to visit
<https://cygwin.com/mailman/options/cygwin-announce>, and click 'Unsubscribe'.
If you need more information on unsubscribing, start reading here:
<https://sourceware.org/lists.html#unsubscribe>.
