Command line tool and Library supporting transferring files with
URL syntax, using FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, and
FILE, SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form
based upload, proxies, cookies, user+password authentication (Basic,
Digest, NTLM, Negotiate...), file transfer resume, proxy tunneling and a
busload of other useful tricks.
For more information see the project home page:
https://curl.se/
NOTE: This Cygwin release includes the previous official patches for
CVE-2024-11053: netrc and redirect credential leak. (Severity: Low)
When asked to both use a .netrc file for credentials and to follow HTTP
redirects, curl could leak the password used for the first host to the
followed-to host under certain circumstances.
This Cygwin version includes a new release of wCurl - a simple download
wrapper shell script that makes it easy setting output defaults, names,
timestamps, downloading in parallel, etc.
Documentation is provided as a man page, under
/usr/share/doc/curl/wcurl/, and under its own project home page:
https://github.com/curl/wcurl
The following packages have been upgraded in the Cygwin distribution:
- curl 8.11.1
- libcurl-doc 8.11.1
- libcurl-devel 8.11.1
- libcurl4 8.11.1
- mingw64-x86_64-curl 8.11.1
As there are many functions and changes each release see below,
https://curl.se/ch/8.11.0.html or /usr/share/doc/curl/RELEASE-NOTES
after installation:
2024-12-11 8.11.1
Public curl releases: 263
Command line options: 266
curl_easy_setopt() options: 306
Public functions in libcurl: 94
Contributors: 3298
For information on security vulnerabilities and fixes see:
https://curl.se/docs/vuln-8.10.1.html
Planned upcoming removals include:
- Hyper support after February 2025
- TLS libraries not supporting TLS 1.3
See https://curl.se/dev/deprecate.html for details
This release includes the following known bugs:
- see https://curl.se/docs/knownbugs.html or
/usr/share/doc/curl/KNOWN_BUGS after installation
This release includes the following significant changes:
curl
-continue-at is mutually exclusive with -no-clobber
-continue-at is mutually exclusive with -range
-continue-at is mutually exclusive with -remove-on-error
use real time in trace timestamps
scripts
dmaketgz: use -no-cache when building docker image
libcurl
duphandle: also init netrc
hostip: donât use the resolver for FQDN localhost
mime: fix reader stall on small read lengths
mprintf: fix integer overflow checks
multi: fix callback for CURLMOPT_TIMERFUNCTION not being called again
netrc: address several netrc parser flaws
netrc: support large file, longer lines, longer tokens
socket: handle binding to âhost!â
http related
http_negotiate: allow for a one byte larger channel binding buffer
digest: produce a shorter cnonce in Digest headers
cookie: treat cookie name case sensitively
nghttp2: use custom memory functions
protocols
libssh: use libssh sftp_aio to upload file
libssh: when using IPv6 numerical address, add brackets
OpenSSL: improved error message on expired certificate
rtsp: check EOS in the RTSP receive and return an error code
schannel: remove TLS 1.3 ciphersuite-list support
fixes for wolfSSL OPENSSL_COEXIST
For all changes ever done in curl:
See https://curl.se/changes.html
This release includes the following bugfixes:
- build: fix ECH to always enable HTTPS RR
- build: fix MSVC UWP builds
- build: omit certain deps from `libcurl.pc` unless found via `pkg-config`
- build: use `_fseeki64()` on Windows, drop detections
- cmake: do not echo most inherited `LDFLAGS` to config files
- cmake: drop cmake args list from `buildinfo.txt`
- cmake: include `wolfssl/options.h` first
- cmake: remove legacy unused IMMEDIATE keyword
- cmake: restore cmake args list in `buildinfo.txt`
- cmake: set `CURL_STATICLIB` for static lib when `SHARE_LIB_OBJECT=OFF`
- cmake: sync GSS config code with other deps
- cmake: typo in comment
- cmake: work around `ios.toolchain.cmake` breaking feature-detections
- cmakelint: fix to check root `CMakeLists.txt`
- cmdline/ech.md: formatting cleanups
- configure: add FIXMEs for disabled pkg-config references
- configure: do not echo most inherited `LDFLAGS` to config files
- configure: replace `$#` shell syntax
- cookie: treat cookie name case sensitively
- curl-rustls.m4: keep existing `CPPFLAGS`/`LDFLAGS` when detected
- curl.h: mark two error codes as obsolete
- curl: --continue-at is mutually exclusive with --no-clobber
- curl: --continue-at is mutually exclusive with --range
- curl: --continue-at is mutually exclusive with --remove-on-error
- curl: --test-duphandle in debug builds runs "duphandled"
- curl: do more command line parsing in sub functions
- curl: rename struct var to fix AIX build
- curl: use realtime in trace timestamps
- curl_multi_socket_all.md: soften the deprecation warning
- CURLOPT_PREREQFUNCTION.md: add result code on failure
- digest: produce a shorter cnonce in Digest headers
- DISTROS: update Alt Linux links
- dmaketgz: use --no-cache when building docker image
- docs: bring back ALTSVC.md and HSTS.md
- docs: document default `User-Agent`
- docs: suggest --ssl-reqd instead of --ftp-ssl
- duphandle: also init netrc
- ECH: enable support for the AWS-LC backend
- hostip: don't use the resolver for FQDN localhost
- http_negotiate: allow for a one byte larger channel binding buffer
- http_proxy: move dynhds_add_custom here from http.c
- KNOWN_BUGS: setting a disabled option should return CURLE_NOT_BUILT_IN
- krb5: fix socket/sockindex confusion, MSVC compiler warnings
- lib: fixes for wolfSSL OPENSSL_COEXIST
- libssh: use libssh sftp_aio to upload file
- libssh: when using IPv6 numerical address, add brackets
- macos: disable gcc `availability` workaround as needed
- mbedtls: call psa_crypt_init() in global init
- mime: fix reader stall on small read lengths
- mk-ca-bundle: remove CKA_NSS_SERVER_DISTRUST_AFTER conditions
- mprintf: fix the integer overflow checks
- multi: add clarifying comment for wakeup_write()
- multi: fix callback for `CURLMOPT_TIMERFUNCTION` not being called again
- netrc: address several netrc parser flaws
- netrc: support large file, longer lines, longer tokens
- nghttp2: use custom memory functions
- OpenSSL: improvde error message on expired certificate
- openssl: remove three "Useless Assignments"
- openssl: stop using SSL_CTX_ function prefix for our functions
- os400: Fix IBMi builds
- os400: Fix IBMi EBCDIC conversion of arguments
- pytest: add test for use of CURLMOPT_MAX_HOST_CONNECTIONS
- rtsp: check EOS in the RTSP receive and return an error code
- schannel: remove TLS 1.3 ciphersuite-list support
- setopt: fix CURLOPT_HTTP_CONTENT_DECODING
- setopt: fix missing options for builds without HTTP & MQTT
- show-headers.md: clarify the headers are saved with the data
- socket: handle binding to "host!<ip>"
- socketpair: fix enabling `USE_EVENTFD`
- strtok: use namespaced `strtok_r` macro instead of redefining it
- tests: add the ending time stamp in testcurl.pl
- tests: re-enable 2086, and 472, 1299, 1613 for Windows
- TODO: consider OCSP stapling by default
- tool_formparse: remove use of sscanf()
- tool_getparam: parse --localport without using sscanf
- tool_getpass: fix UWP `-Wnull-dereference`
- tool_getpass: replace `getch()` call with `_getch()` on Windows
- tool_urlglob: parse character globbing range without sscanf
- vtls: fix compile warning when ALPN is not available
--
*** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***
The easiest way to unsubscribe is to visit
<https://cygwin.com/mailman/options/cygwin-announce>, and click 'Unsubscribe'.
If you need more information on unsubscribing, start reading here:
<https://sourceware.org/lists.html#unsubscribe>.
