Updated: curl/libcurl4/-devel/-doc, mingw64-x86_64-curl 8.4
Cygwin curl Maintainer
Brian.Inglis@Shaw.ca
Wed Oct 11 09:58:37 GMT 2023
NOTE:
Immediate upgrade recommended as this release fixes a high
severity SOCKS5 heap buffer overflow vulnerability
https://curl.se/docs/CVE-2023-38545.html
The following packages have been upgraded in the Cygwin distribution:
* curl 8.4
* libcurl4 8.4
* libcurl-devel 8.4
* libcurl-doc 8.4
* mingw64-x86_64-curl 8.4
Command line tool and Library supporting transferring files with
URL syntax, using FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, and
FILE, SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form
based upload, proxies, cookies, user+password authentication (Basic,
Digest, NTLM, Negotiate...), file transfer resume, proxy tunneling and a
busload of other useful tricks.
For more information see the project home page:
https://curl.se/
As there are multiple components and many changes each release see below
or read /usr/share/doc/curl/RELEASE-NOTES after installation;
for complete details of changes since the previous Cygwin release see:
/usr/share/doc/curl/CHANGES
or
https://curl.se/changes.html
curl and libcurl 8.4 2023-10-11
Public curl releases: 252
Command line options: 258
curl_easy_setopt() options: 303
Public functions in libcurl: 93
Contributors: 2995
This release includes the following known bugs:
- see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
Planned upcoming removals include:
- support for space-separated NOPROXY patterns
See https://curl.se/dev/deprecate.html for details
This release includes the following changes:
- curl: add support for the IPFS protocols via HTTP gateway
- curl_multi_get_handles: get easy handles from a multi handle
- mingw: delete support for legacy mingw.org toolchain
This release includes the following bugfixes:
- acinclude.m4: Document proper system truststore on FreeBSD
- appveyor: fix yamlint issues, indent
- appveyor: rewrite batch in PowerShell + CI improvements
- autotools: adjust `CURL_CA_PATH` value to CMake
- autotools: restore `HAVE_IOCTL_*` detections
- base64: also build for curl
- bufq: remove Curl_bufq_skip_and_shift (unused)
- build: delete checks for C89 standard headers
- build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros
- cf-socket: simulate slow/blocked receives in debug
- cmake, configure: also link with CoreServices
- cmake: add check for suseconds_t
- cmake: add feature checks for `memrchr` and `getifaddrs`
- cmake: add missing checks
- cmake: delete old `HAVE_LDAP_URL_PARSE` logic
- cmake: detect `HAVE_CLOCK_GETTIME_MONOTONIC_RAW`
- cmake: detect `HAVE_GETADDRINFO_THREADSAFE`
- cmake: detect `sys/wait.h` and `netinet/udp.h`
- cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS
- cmake: disable unity mode with Windows Unicode + TrackMemory
- cmake: fix `HAVE_LDAP_SSL`, `HAVE_LDAP_URL_PARSE` on non-Windows
- cmake: fix `HAVE_WRITABLE_ARGV` detection
- cmake: fix duplicate symbols when linking tests
- cmake: fix missing `zlib.h` when compiling `libcurltool`
- cmake: fix stderr initialization in unity builds
- cmake: fix the help text to the static build option in CMakeLists.txt
- cmake: fix unity builds for more build combinations
- cmake: fix unity symbol collisions in h2 builds
- cmake: fix unity with Windows Unicode + TrackMemory
- cmake: improve OpenLDAP builds
- cmake: lib `CURL_STATICLIB` fixes (Windows)
- cmake: move global headers to specific checks
- cmake: pre-cache `HAVE_BASENAME` for mingw-w64 and MSVC
- cmake: pre-cache `HAVE_POLL_FINE` on Windows
- cmake: tidy-up `NOT_NEED_LBER_H` detection
- cmake: validate `CURL_DEFAULT_SSL_BACKEND` config value
- configure: check for the capath by default
- configure: remove unused checks
- configure: replace adhoc domain with `localhost` in tests
- configure: sort AC_CHECK_FUNCS
- connect: expire the timeout when trying next
- connect: only start the happy eyeballs timer when needed
- cookie: do not store the expire or max-age strings
- cookie: remove unnecessary struct fields
- cookie: set ->running in cookie_init even if data is NULL
- create-dirs.d: clarify it also uses --output-dirs
- curl.h: mark CURLSSLBACKEND_NSS as deprecated since 8.3.0
- curl_easy_pause.3: mention h2/h3 buffering
- curl_easy_pause.3: mention it works within callbacks
- curl_easy_pause: set "in callback" true on exit if true
- CURLOPT_DEBUGFUNCTION.3: warn about internal handles
- docs/libcurl/opts/Makefile.inc: add missing manpage files
- docs: adapt SEE ALSO sections to new requirements
- docs: explain how PINNEDPUBLICKEY is independent of VERIFYPEER
- docs: replace made up domains with example.com
- docs: update curl man page references
- docs: use CURLSSLBACKEND_NONE
- doh: inherit DEBUGFUNCTION/DATA
- escape: replace Curl_isunreserved with ISUNRESERVED
- FAQ: How do I upgrade curl.exe in Windows?
- GHA/linux: run singleuse to detect single-use global functions
- GHA: add workflow to compare configure vs cmake outputs
- h2-proxy: remove left-over mistake in drain_tunnel()
- h2: testcase and fix for pausing h2 streams
- h3: add support for ngtcp2 with AWS-LC builds
- http2: refused stream handling for retry
- http: fix CURL_DISABLE_BEARER_AUTH breakage
- http: h1/h2 proxy unification
- http: remove wrong comment for http_should_fail
- http: use per-request counter to check too large headers
- http_aws_sigv4: fix sorting with empty parts
- idn: fix WinIDN null ptr deref on bad host
- idn: if idn2_check_version returns NULL, return error
- inet_ntop: add typecast to silence Coverity
- lib: disambiguate Curl_client_write flag semantics
- lib: enable hmac for digest as well
- lib: failf/infof compiler warnings
- lib: let the max filesize option stop too big transfers too
- lib: move handling of `data->req.writer_stack` into Curl_client_write()
- lib: provide and use Curl_hexencode
- lib: remove TIME_WITH_SYS_TIME
- lib: use wrapper for curl_mime_data fseek callback
- libssh2: fix error message on failed pubkey-from-file
- libssh: cap SFTP packet size sent
- Makefile.mk: always set `CURL_STATICLIB` for lib (Windows)
- MANUAL.md: change domain to example.com
- misc: better random strings
- MQTT: improve receive of ACKs
- multi: do CURLM_CALL_MULTI_PERFORM at two more places
- multi: fix small timeouts
- multi: remove Curl_multi_dump
- multi: round the timeout up to prevent early wakeups
- multi: set CURLM_CALL_MULTI_PERFORM after switch to DOING_MORE
- openssl: improve ssl shutdown handling
- openssl: use X509_ALGOR_get0 instead of reaching into X509_ALGOR
- pytest: exclude test_03_goaway in CI runs due to timing dependency
- quic: set ciphers/curves the same way regular TLS does
- quiche: fix build error with --with-ca-fallback
- RELEASE-PROCEDURE.md: updated coming release dates
- runtests: display the test status if tests appear hung
- runtests: eliminate a warning on old perl versions
- socks: return error if hostname too long for remote resolve
- src/mkhelp: make generated code pass `checksrc`
- test1056: disable on Windows
- test1474: disable test on NetBSD, OpenBSD and Solaris 10
- test1592: greatly increase the maximum test timeout
- test1903: actually verify the cookies after the test
- test1906: set a lower timeout since it's hit on Windows
- test2600: remove special case handling for USE_ALARM_TIMEOUT
- test650: fix an end tag typo
- test661: return from test early in case of curl error
- test: add missing <feature>s
- tests: close the shell used to start sshd
- tests: fix a race condition in ftp server disconnect
- tests: fix compiler warnings
- tests: Fix zombie processes left behind by FTP tests.
- tests: improve SLOWDOWN test reliability by reducing sent data
- tests: increase lib571 timeout from 3s to 30s
- tests: log the test result code after each libtest
- tests: propagate errors in libtests
- tests: set --expect100-timeout to improve test reliability
- tests: show which curl tool `runtests.pl` is using
- tests: stop overriding the lock timeout
- tftpd: always use curl's own tftp.h
- tool: use our own stderr variable
- tool_cb_wrt: fix debug assertion
- tool_getparam: accept variable expansion on file names too
- tool_setopt: remove unused function tool_setopt_flags
- upload-file.d: describe the file name slash/backslash handling
- url: fall back to http/https proxy env-variable if ws/wss not set
- url: fix netrc info message
- warnless: remove unused functions
- wolfssh: do cleanup in Curl_ssh_cleanup
- wolfssl: allow capath with CURLOPT_CAINFO_BLOB
- wolfssl: if CURLOPT_CAINFO_BLOB is set, ignore the CA files
- wolfssl: ignore errors in CA path
More information about the Cygwin-announce
mailing list