RELEASE: 8.9.1

curl · Jul 31, 2024 · 3c72fad · 3c72fad
1 parent 0bbf56d
commit 3c72fad
Show file tree

Hide file tree

Showing 4 changed files with 57 additions and 5 deletions.
diff --git a/Makefile b/Makefile
@@ -1,10 +1,10 @@
 ROOT=.
 
 # the latest stable version is:
-STABLE= 8.9.0
-RELDATE = "2024-07-24"
+STABLE= 8.9.1
+RELDATE = "2024-07-31"
 # The planned *next* release is:
-NEXTDATE = "2024-07-31"
+NEXTDATE = "2024-09-11"
 
 # generated file with binary package stats
 STAT = packstat.t

diff --git a/_changes.html b/_changes.html
@@ -47,6 +47,41 @@
 <a name="changes"></a>
 TITLE(All changes ever made)
 
+<a name="8_9_1"></a>
+SUBTITLE(Fixed in 8.9.1 - July 31 2024)
+VULNBOX(8.9.1)
+<p> Bugfixes:
+<ul class="bugfixes">
+ BGF <a href="https://curl.se/bug/?i=14199">cmake: detect `libssh` via `pkg-config`</a>
+ BGF <a href="https://curl.se/bug/?i=14285">cmake: detect `nettle` when building with GnuTLS</a>
+ BGF <a href="https://curl.se/bug/?i=14309">cmake: drop `if(PKG_CONFIG_FOUND)` guard for `pkg_check_modules()`</a>
+ BGF <a href="https://curl.se/bug/?i=14196">configure: limit `__builtin_available` test to Darwin</a>
+ BGF <a href="https://curl.se/bug/?i=14280">connect: fix connection shutdown for event based processing</a>
+ BGF contrithanks.sh: use -F with -v to match lines as strings
+ BGF <a href="https://curl.se/bug/?i=14304">curl: more defensive socket code for --ip-tos</a>
+ BGF <a href="https://curl.se/bug/?i=14302">CURLOPT_SSL_CTX_FUNCTION.md: mention CA caching</a>
+ BGF <a href="https://curl.se/bug/?i=14292">CURLSHOPT_SHARE.md: mention sessions/cookies as not thread-safe</a>
+ BGF <a href="https://curl.se/bug/?i=14287">example/multi-uv: remove the use of globals</a>
+ BGF <a href="https://curl.se/bug/?i=14293">ftpserver.pl: make POP3 LIST serve content from the test file</a>
+ BGF GHA/windows: increase timeout for vcpkg build step
+ BGF <a href="https://curl.se/bug/?i=14247">lib: survive some NULL input args</a>
+ BGF <a href="https://curl.se/bug/?i=14269">macos: fix Apple SDK bug workaround for non-macOS targets</a>
+ BGF <a href="https://curl.se/bug/?i=14312">misc: cleanup after removing years from copyright</a>
+ BGF <a href="https://curl.se/bug/?i=14289">os400: build cli manual.</a>
+ BGF <a href="https://curl.se/bug/?i=14281">os400: workaround an IBM ASCII run-time library bug</a>
+ BGF <a href="https://curl.se/bug/?i=14267">RELEASE-PROCEDURE.md: remove the initial build step</a>
+ BGF <a href="https://curl.se/bug/?i=14284">runtests: fold timing details with GHA, sync `-r` tflags</a>
+ BGF <a href="https://curl.se/bug/?i=14295">tests: provide FTP directory contents in the test file</a>
+ BGF <a href="https://curl.se/bug/?i=14318">tidy-up: URL updates</a>
+ BGF TODO: thread-safe sharing
+ BGF <a href="https://curl.se/bug/?i=14272">transfer: speed limiting fix for 32bit systems</a>
+ BGF <a href="https://curl.se/bug/?i=14305">vtls: avoid forward declaration in MultiSSL builds</a>
+ BGF <a href="https://curl.se/bug/?i=14268">wolfSSL: allow wolfSSL&apos;s implementation of kyber to be used</a>
+ BGF <a href="https://curl.se/bug/?i=14306">wolfssl: avoid calling get_cached_x509_store if store is uncachable</a>
+ BGF <a href="https://curl.se/bug/?i=14278">wolfssl: CA store share fix</a>
+ BGF <a href="https://curl.se/bug/?i=14316">x509asn1: unittests and fixes for gtime2str</a>
+</ul>
+
 <a name="8_9_0"></a>
 SUBTITLE(Fixed in 8.9.0 - July 24 2024)
 RELEASEVIDEO(8.9.0, "https://youtu.be/85prwzeilnY?si=MRgVUOOHbDRgO3Gw")

diff --git a/_newslog.html b/_newslog.html
@@ -34,6 +34,20 @@
  NCOLE
 #endif
 
+NSUBJ(curl and libcurl 8.9.1)
+NDATE(July 31 2024)
+NCOLS
+
+The curl team proudly presents curl and
+libcurl <a href="download.html">version 8.9.1</a>. See the
+full <a href="/ch/8.9.1.html">changelog</a>.
+
+<p>
+Pay special attention to the <a href="/docs/security.html">security
+vulnerability</a> fixed in this version.
+
+NCOLE
+
 NSUBJ(curl and libcurl 8.9.0)
 NDATE(July 24 2024)
 NCOLS
@@ -44,7 +58,7 @@
 
 <p>
 Pay special attention to the <a href="/docs/security.html">security
-vulnerability</a> fixed in this version.
+vulnerabilities</a> fixed in this version.
 
 NCOLE
 

diff --git a/docs/CVE-2024-7264.md b/docs/CVE-2024-7264.md
@@ -64,7 +64,10 @@ curl built with different backends starting in different versions:
 SOLUTION
 ------------
 
-- Fixed-in: https://github.com/curl/curl/commit/3c914bc680155b321
+- Fixed-in: https://github.com/curl/curl/commit/27959ecce75cdb2
+
+Note that this fixing commit was a follow-up to this previous incomplete fix:
+https://github.com/curl/curl/commit/3c914bc680155b321
 
 RECOMMENDATIONS
 ---------------