X-Spam-Check-By: sourceware.org
Message-Id: <cygwin.438674FB.B215BB05@dessent.net>
Date: Thu, 24 Nov 2005 18:20:43 -0800
From: Brian Dessent <brian AT dessent DOT net>
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: [ANNOUNCEMENT] Updated: curl-7.15.0-3, curl-devel-7.15.0-3, libcurl2-7.11.1-2,   libcurl3-7.15.0-3
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Reply-To: cygwin AT cygwin DOT com
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com


I've updated cURL to version 7.15.0.

cURL is a command line tool for transferring files with URL syntax,
supporting FTP, FTPS, TFTP, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and
LDAP. curl supports HTTPS certificates, HTTP POST, HTTP PUT, FTP
uploading, HTTP form based upload, proxies, cookies, user+password
authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file
transfer resume, proxy tunneling and a busload of other useful tricks.  

See <http://curl.haxx.se/> for more information about cURL, and
<http://curl.haxx.se/changes.html> for a list of what has changed. 
SSL/TLS support via OpenSSL is enabled in these packages.

IMPORTANT SECURITY INFORMATION:

cURL versions prior to 7.13.1 contain a buffer overflow vulnerability in
the NTLM/krb4 authorization functions.  It is strongly recommended that
you upgrade.  Note that the updated libcurl2 compatibility package
contains a backport of the fix for this flaw, so it is safe to use.

PACKAGING NOTES:

The layout of the curl packages has been changed, with the DLL moved to
its own versioned package, as follows:

curl:       main curl command line binary and documentation
libcurl3:   current version of the libcurl runtime (DLL)
libcurl2:   older obsolete version of the libcurl runtime (DLL)
curl-devel: headers, static library, import library, samples, and
            documentation for developing applications that use libcurl

libcurl2 exists only to provide the older version of the DLL for
existing programs that were linked to libcurl -- currently this is only
ogg123 from the vorbis-tools package, and any third party or
self-compiled apps.  All new applications should use libcurl3.

Version 7.11.1-1 of curl is still available as "prev".  However, please
do note that you *must* manually select libcurl2 *and* ensure that its
cygcurl-2.dll overwrites the old vulnerable cygcurl-2.dll in the old
7.11.1 package if you plan to use this version, otherwise you will still
be vulnerable to the above security flaw.

To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page.  This downloads setup.exe to your
system.  Then, run setup and answer all of the questions.

              *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there.  It will be in the format:

cygwin-announce-unsubscribe-you=yourdomain DOT com AT cygwin DOT com

If you need more information on unsubscribing, start reading here:

http://sources.redhat.com/lists.html#unsubscribe-simple

Please read *all* of the information on unsubscribing that is available
starting at this URL.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/