Command line tool and Library supporting transferring files with URL syntax, using FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, and FILE, SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate...), file transfer resume, proxy tunneling and a busload of other useful tricks.
For more information see the project home page: https://curl.se/ The following packages have been upgraded in the Cygwin distribution: * curl 8.9.1 * libcurl-doc 8.9.1 * libcurl-devel 8.9.1 * libcurl4 8.9.1 * mingw64-x86_64-curl 8.9.1 This Cygwin release includes additional documentation including the ebook Everything Curl in ePub and PDF formats, curl.txt, and MarkDown documents. For information on security vulnerabilities and fixes see: https://curl.se/docs/security.html As there are many functions and changes each release see below or read /usr/share/doc/curl/RELEASE-NOTES after installation; for complete details of changes see: /usr/share/doc/curl/CHANGES or https://curl.se/changes.html curl and libcurl 8.9.1 2024-07-31 Public curl releases: 259 Command line options: 263 curl_easy_setopt() options: 306 Public functions in libcurl: 94 Contributors: 3211 Planned upcoming removals include: - TLS libraries not supporting TLS 1.3 See https://curl.se/dev/deprecate.html for details This release includes the following known bugs: - see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html) This release includes the following bugfixes: - cmake: detect `libssh` via `pkg-config` - cmake: detect `nettle` when building with GnuTLS - cmake: drop `if(PKG_CONFIG_FOUND)` guard for `pkg_check_modules()` - configure: limit `__builtin_available` test to Darwin - connect: fix connection shutdown for event based processing - contrithanks.sh: use -F with -v to match lines as strings - curl: more defensive socket code for --ip-tos - CURLOPT_SSL_CTX_FUNCTION.md: mention CA caching - CURLSHOPT_SHARE.md: mention sessions/cookies as not thread-safe - example/multi-uv: remove the use of globals - ftpserver.pl: make POP3 LIST serve content from the test file - GHA/windows: increase timeout for vcpkg build step - lib: survive some NULL input args - macos: fix Apple SDK bug workaround for non-macOS targets - misc: cleanup after removing years from copyright - os400: build cli manual. - os400: workaround an IBM ASCII run-time library bug - RELEASE-PROCEDURE.md: remove the initial build step - runtests: fold timing details with GHA, sync `-r` tflags - tests: provide FTP directory contents in the test file - tidy-up: URL updates - TODO: thread-safe sharing - transfer: speed limiting fix for 32bit systems - vtls: avoid forward declaration in MultiSSL builds - wolfSSL: allow wolfSSL's implementation of kyber to be used - wolfssl: avoid calling get_cached_x509_store if store is uncachable - wolfssl: CA store share fix - x509asn1: unittests and fixes for gtime2str CVE-2024-7264: ASN.1 date parser overread (severity low) libcurlâs ASN1 parser code has the GTime2str() function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen() getting performed on a pointer to a heap buffer area that is not (purposely) null terminated.
-- *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO *** The easiest way to unsubscribe is to visit <https://cygwin.com/mailman/options/cygwin-announce>, and click 'Unsubscribe'. If you need more information on unsubscribing, start reading here: <https://sourceware.org/lists.html#unsubscribe>.