![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / www / curl
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
*: recursive bump for default Kerberos implementation switch
*: recursive bump for icu 77 and libxml2 2.14
curl: updated to 8.12.1 8.12.1 Bugfixes: all: remove FIXME and TODO comments asyn-thread: fix build with `CURL_DISABLE_SOCKETPAIR` asyn-thread: fix HTTPS RR crash asyn-thread: fix the returned bitmask from Curl_resolver_getsock asyn-thread: survive a c-ares channel set to NULL build: add tool_hugehelp.c into IBMi build checksrc.pl: warn on FIXME/TODO comments cmake/Find: set `<Modulename>_FOUND` for compatibility when found via `pkg-config` cmake: add integration tests, run them in CI cmake: always reference OpenSSL and ZLIB via imported targets cmake: avoid unnecessary `-L` for implicit link dirs cmake: drop `LDAP_DEPRECATED=1` macro, to sync with autotools cmake: fix `HAVE_GETHOSTBYNAME_R_*` detections with `CURL_WERROR=ON` cmake: fix to detect `HAVE_OPENSSL_SRP` in MSVC UWP builds cmake: fix/add missing feature detections for Windows/MS-DOS cmake: initialize variables where missing cmake: lib order fixes for picky linkers (e.g. binutils `ld`) cmake: normalize before matching paths with syspaths cmake: respect `GNUTLS_CFLAGS` when detected via `pkg-config` cmake: respect `GNUTLS_LIBRARY_DIRS` in `libcurl.pc` and `curl-config` cmake: save a line with `CMAKE_C_IMPLICIT_LINK_DIRECTORIES` exclusion cmake: tidy up string append and list prepend syntax configure/cmake: check for realpath configure/cmake: set asyn-rr a feature only if httpsrr is enabled content_encoding: #error on too old zlib curl_global_sslset.md: Add SSL backend names CURLOPT_SSH_KNOWNHOSTS.md: strongly recommend using this CURLSHOPT_SHARE.md: adjust for the new SSL session cache docs: better explain multi-part byte range behavior docs: use valid example domain names generate.bat: remove curl_get_line.c from the curlx file list header.md: mention `Authorization:` and `Cookie:` special treatment imap: TLS upgrade fix INTERNALS: fix c-ares, as we actually support 1.6.0 or later ldap: drop support for legacy Novell LDAP SDK lib: include necessary headers for `inet_ntop`/`inet_pton` lib: silence LibreSSL collision warning on non-MSVC Windows libssh2: comparison is always true because rc <= -1 libssh2: raise lowest supported version to 1.2.8 libssh: drop support for libssh older than 0.9.0 libssh: silence `-Wconversion` with a cast (Windows 32-bit) netrc: return code cleanup, fix missing file error openssl-quic: ignore ciphers for h3 openssl: fix out of scope variables in goto pop3: TLS upgrade fix runtests: fix the disabling of the memory tracking runtests: quote commands to support paths with spaces scache: add magic checks smb: silence `-Warray-bounds` with gcc 13+ smtp: TLS upgrade fix SPONSORS.md: clarify that we don't promise goods or services test1516: avoid failure due to spaces in path test2080: simplify, avoid the null byte tests: fix test 558, 1330 for MSVC, allow TrackMemory with MSVC in cmake tidy-up: make per-file `ARRAYSIZE` macros global as `CURL_ARRAYSIZE` tool_cfgable: sort struct fields by size, use bitfields for booleans tool_getparam: add "TLS required" flag for each such option tool_progress: fix percent output of large parallel transfers tool_ssls: switch to tool-specific get_line function verbose.md: mention how carriage-return might occur in headers vquic: make the "disable GSO" use infof, not failf vtls: fix multissl-init vtsl: eliminate 'data->state.ssl_scache' wakeup_write: make sure the eventfd write sends eight bytes wolfssl: silence compiler warning (MSVC 2019), simplify existing
curl: do not leak build LDFLAGS into curl-config Just do what the patch originally intended to do -- add the necessary rpath flag to the --libs output. Bump PKGREVISION. Ok leot@
curl: update to 8.12.0. curl and libcurl 8.12.0 Public curl releases: 264 Command line options: 267 curl_easy_setopt() options: 306 Public functions in libcurl: 96 Contributors: 3332 This release includes the following changes: o curl: add byte range support to --variable reading from file [56] o curl: make --etag-save acknowledge --create-dirs [31] o getinfo: fix CURLINFO_QUEUE_TIME_T and add 'time_queue' var [55] o getinfo: provide info which auth was used for HTTP and proxy [40] o hyper: drop support [57] o openssl: add support to use keys and certificates from PKCS#11 provider [77] o QUIC: 0RTT for gnutls via CURLSSLOPT_EARLYDATA [61] o vtls: feature ssls-export for SSL session im-/export [141] This release includes the following bugfixes: o altsvc: avoid integer overflow in expire calculation [16] o altsvc: return error on dot-only name [178] o android: add CI jobs, buildinfo, cmake docs, disable `CURL_USE_PKGCONFIG` by default [185] o asyn-ares: acknowledge CURLOPT_DNS_SERVERS set to NULL [190] o asyn-ares: fix memory leak [233] o asyn-ares: initial HTTPS resolve support [166] o asyn-thread: use c-ares to resolve HTTPS RR [205] o async-thread: avoid closing eventfd twice [9] o autotools: add support for mingw UWP builds [192] o autotools: silence gcc warnings in libtool code [96] o binmode: convert to macro and use it from tests [44] o build: delete `-Wsign-conversion` related FIXMEs [137] o build: drop `-Winline` picky warning [53] o build: drop `tool_hugehelp.c.cvs`, tidy up macros, drop `buildconf.bat` [200] o build: drop macro used to enable `-Wsign-conversion` warnings in CI [224] o build: drop unused feature macros, update exception list [51] o build: fix `-Wtrampolines` picky warning for gcc 4.x versions [156] o build: fix compiling with GCC 4.x versions [214] o build: fix the tidy targets for autotools [52] o build: fix unsigned `time_t` detection for cmake, MS-DOS, AmigaOS [104] o build: replace configure check with PP condition (Android <21) [97] o build: stop detecting `sched_yield()` on Windows [176] o c-ares: fix/tidy-up macro initializations, avoid a deprecated function [209] o cd2nroff: do not insist on quoted <> within backticks [222] o cd2nroff: support "none" as a TLS backend [29] o cf-https-connect: look into httpsrr alpns when available [152] o cf-socket: error if address can't be copied [72] o cfilters: kill connection filter events attach+detach [217] o checksrc.bat: remove explicit SNPRINTF bypass [174] o checksrc: ban use of sscanf() [7] o checksrc: check for return with parens around a value/name [130] o checksrc: exclude generated bundle files to avoid race condition [235] o checksrc: fix the return() checker [35] o checksrc: introduce 'banfunc' to ban specific functions [117] o cmake/Find: add `iphlpapi` for c-ares, omit syslibs if dep not found [203] o cmake/FindLDAP: avoid empty 'Requires' item when omitting `pkg-config` module [90] o cmake/FindLDAP: avoid framework locations for libs too (Apple) [122] o cmake/FindLibpsl: protect against `pkg-config` "half-detection" [89] o cmake/FindLibssh: sync header comment with other modules o cmake/FindMbedTLS: drop lib duplicates early [17] o cmake: add `librtmp` Find module [86] o cmake: add LDAP Find module [46] o cmake: add native `pkg-config` detection for remaining Find modules [37] o cmake: allow `CURL_LTO` regardless of `CURL_BUILD_TYPE`, enable in CI [88] o cmake: clang-cl improvements [42] o cmake: delete accidental debug message o cmake: deprecate winbuild, add migration guide from legacy build methods [157] o cmake: detect mingw-w64 version, pre-fill `HAVE_STRTOK_R` [179] o cmake: do not store `MINGW64_VERSION` in cache [175] o cmake: drop `CURL_USE_PKGCONFIG` from `curl-config.cmake.in` [208] o cmake: drop `fseeko()` pre-fill and check for Windows [201] o cmake: drop duplicate Windows cache value [81] o cmake: drop redundant FOUND checks (libgsasl, libssh, libuv) [49] o cmake: drop redundant opening/closing `.*` from `MATCH` expressions [64] o cmake: drop unused `HAVE_SYS_XATTR_H` detection [79] o cmake: drop VS2010 "Dialog Hell" workaround added in 2013 [136] o cmake: extend zlib's `AUTO` option to brotli, zstd and enable if found [36] o cmake: fix `net/in.h` detection for MS-DOS [103] o cmake: improve `curl_dumpvars()` and move to `Utilities.cmake` [50] o cmake: make libpsl required by default [45] o cmake: make system libraries `dl`, `m`, `pthread` customizable [123] o cmake: move `pkg-config` names to Find modules [87] o cmake: move GSS init before feature detections [93] o cmake: move mingw UWP workaround from GHA to `CMakeLists.txt` [194] o cmake: namespace functions and macros [41] o cmake: optimize out 4 picky warning option detections with gcc [78] o cmake: pick a better IPv6 feature flag when assembling the feature list [132] o cmake: pre-fill `HAVE_STDATOMIC_H`, `HAVE_ATOMIC` for mingw-w64 [180] o cmake: pre-fill `HAVE_STDINT_H` on Windows [149] o cmake: prefer dash-style MSVC options [216] o cmake: publish/check supported protocols/features via `CURLConfig.cmake` [100] o cmake: replace `unset(VAR)` with `set(VAR "")` for init [43] o cmake: sync OpenSSL QUIC fork detection with autotools [102] o cmake: use `CMAKE_REQUIRED_LINK_DIRECTORIES` [48] o cmake: use `STREQUAL` to detect Linux [68] o cmake: warn for OpenSSL versions missing TLS 1.3 support [221] o cmdline-opts/version.md: describe multissl, mention SSLS-EXPORT [170] o completion.pl: add completion for paths after @ for fish [82] o config-mac: drop `MACOS_SSL_SUPPORT` macro [63] o config: drop unused code and variables [135] o configure: do not inline 'dnl' comments o configure: drop unused detections and macros [105] o configure: streamline Windows large file feature check [138] o configure: UWP and Android follow-up fixes [184] o conncache: count shutdowns against host and max limits [154] o conncache: result_cb comment removed from function docs [1] o content_encoding: drop support for zlib before 1.2.0.4 [211] o content_encoding: namespace GZIP flag constants [147] o content_encoding: put the decomp buffers into the writer structs [210] o content_encoding: support use of custom libzstd memory functions [186] o cookie: cap expire times to 400 days [111] o cookie: fix crash in netscape cookie parsing [84] o cookie: parse only the exact expire date [3] o curl-functions.m4: fix indentation in `CURL_SIZEOF()` [131] o curl: return error if etag options are used with multiple URLs [5] o curl_multi_fdset: include the shutdown connections in the set [168] o curl_multi_waitfds.md: tidy up the example [162] o curl_multibyte: support Windows paths longer than MAX_PATH [76] o curl_setup: fix missing `ADDRESS_FAMILY` type in rare build cases [144] o curl_sha512_256: rename symbols to the curl namespace [124] o curl_url_set.md: adjust the added-in to 7.62.0 [94] o curl_ws_recv.md: fix typo o CURLOPT_CONNECT_ONLY.md: an easy handle with this option set cannot be reused [164] o CURLOPT_PROXY.md: clarify the crendential support in proxy URLs [66] o CURLOPT_RESOLVE.md: fix wording [30] o CURLOPT_SEEKFUNCTION.md: used for FTP, HTTP and SFTP (only) [109] o docs/BUGS.md: remove leading space from a link o docs/cmdline-opts/_ENVIRONMENT.md: minor language fix [119] o docs/cmdline-opts/location.md: fix typos for location flag [226] o docs/HTTP-COOKIES.md: link to more information [125] o docs/HTTPSRR.md: initial HTTPS RR documentation [204] o docs/libcurl/opts: clarify the return values [114] o docs/libcurl: return value overhall [120] o docs/TLS-SESSIONS: fix typo, the->they [189] o docs: document the behavior of -- in the curl command line [198] o docs: use lowercase curl and libcurl [113] o doh: cleanups and extended HTTPS RR code [161] o doh: send HTTPS RR requests for all HTTP(S) transfers [160] o easy: allow connect-only handle reuse with easy_perform [232] o easy: make curl_easy_perform() return error if connection still there [163] o easy_lock: use Sleep(1) for thread yield on old Windows [191] o ECH: update APIs to those agreed with OpenSSL maintainers [101] o examples/block-ip: drop redundant `memory.h` include o examples/block-ip: show how to block IP addresses [74] o examples/complicated: fix warnings, bump deprecated callback, tidy up [59] o examples/synctime.c: remove references to dead URLs and functionality [62] o examples: make them compile with compatibility functions disabled (Windows) [58] o examples: use return according to code style o file: drop `OPEN_NEEDS_ARG3` option [91] o file: fix Android compiler warning [85] o gitignore: add generated unity sources for lib and src o GnuTLS: fix 'time_appconnect' for early data [127] o hash: add asserts in hash_element_dtor() [126] o HTTP/2: strip TE request header [140] o http2: fix data_pending check [241] o http2: fix value stored to 'result' is never read [71] o http: fix build with `CURL_DISABLE_COOKIES` [95] o http: ignore invalid Retry-After times [107] o http_aws_sigv4: Fix invalid compare function handling zero-length pairs [24] o https-connect: start next immediately on failure [223] o INFRASTRUCTURE.md: project infra [99] o INSTALL-CMAKE.md: fix punctuation o INSTALL.md: add CMake examples for macOS and iOS [242] o INSTALL.md: document VS2008 and mingw-w64 [165] o INTERNALS.md: sync wolfSSL version requirement with source code o lib517: extend the getdate test with quotes and leading "junk" [4] o lib: clarify 'conn->httpversion' [213] o lib: redirect handling by protocol handler [212] o lib: remove `__EMX__` guards [83] o lib: replace `inline` redefine with `CURL_INLINE` macro [47] o lib: supress deprecation warnings in apple builds [32] o lib: TLS session ticket caching reworked [60] o libcurl/opts: do not save files in dirs where attackers have access [199] o Makefile.dist: delete [237] o Makefile.mk: drop in favour of autotools and cmake (MS-DOS, AmigaOS3) [38] o mbedtls: fix handling of blocked sends [116] o mbedtls: PSA can be used independently of TLS 1.3 (avoid runtime errors) [219] o mime: explicitly rewind subparts at attachment time. [80] o mprintf: fix integer handling in float precision [173] o mprintf: terminate snprintf output on windows [172] o msvc: add missing push/pop for warning pragmas [236] o msvc: assume `_INTEGRAL_MAX_BITS >= 64` [158] o msvc: drop checks for ancient versions [133] o msvc: fix building with `HAVE_INET_NTOP` and MSVC <=1900 [151] o msvc: require VS2005 for large file support [143] o msvc: tidy up `_CRT_*_NO_DEPRECATE` definitions [148] o multi: fix curl_multi_waitfds reporting of fd_count [73] o multi: fix return code for an already-removed easy handle [106] o multihandle: add an ssl_scache here [129] o multissl: auto-enable `OPENSSL_COEXIST` for wolfSSL + OpenSSL [92] o multissl: make openssl + wolfssl builds work [34] o netrc: 'default' with no credentials is not a match [108] o netrc: fix password-only entries [28] o netrc: restore _netrc fallback logic [6] o ngtcp2: fix memory leak on connect failure [225] o ngtcp2: fix two cases of value stored never read [65] o openssl: define `HAVE_KEYLOG_CALLBACK` before use [227] o openssl: drop unused `HAVE_SSL_GET_SHUTDOWN` macro [228] o openssl: fix ECH logic [67] o osslq: use SSL_poll to determine writeability of QUIC streams [139] o projects/Windows: remove wolfSSL from legacy projects [75] o projects: fix `INSTALL-CMAKE.md` references o pytest: remove 'repeat' parameter [182] o pytest: use httpd/apache2 directly, no apachectl [169] o RELEASE-PROCEDURE.md: mention how to publish security advisories [2] o runtests.pl: fix precedence issue [207] o scripts/mdlinkcheck: markdown link checker [19] o sectransp: free certificate on error [12] o select: avoid a NULL deref in cwfds_add_sock [128] o smb: fix compiler warning [112] o src: add `CURL_STRICMP()` macro, use `_stricmp()` on Windows [54] o src: drop support for `CURL_TESTDIR` debug env [121] o src: omit hugehelp and ca-embed from libcurltool [215] o ssl session cache: change cache dimensions [159] o strparse: string parsing helper functions [8] o symbols-in-versions: update version for LIBCURL_VERSION and LIBCURL_VERSION_NUM [193] o system.h: add 64-bit curl_off_t definitions for NonStop [11] o system.h: drop compilers lacking 64-bit integer type (Windows/MS-DOS) [155] o system.h: drop duplicate and no-op code [153] o system.h: fix indentation [142] o telnet: handle single-byte input option [177] o test1960: don't close the socket too early [220] o test483: require cookie support [98] o tests/http/clients: use proper sleep() call on NonStop [10] o tests: change the behavior of swsbounce [202] o tests: stop promoting perl warnings to fatal errors o TheArtOfHttpScripting.md: rewrite double 'that' [115] o tidy-up: `curl_setup.h`, `curl_setup_once.h`, `config-win32ce.h` [146] o tidy-up: drop parenthesis around `return` expression [167] o tidy-up: drop parenthesis around `return` values [134] o tidy-up: extend `CURL_O_BINARY` to lib and tests [195] o TLS: check connection for SSL use, not handler [181] o tool_formparse.c: make curlx_uztoso a static in here [39] o tool_formparse: accept digits in --form type= strings [33] o tool_getparam: ECH param parsing refix [150] o tool_getparam: fail --hostpubsha256 if libssh2 is not used [229] o tool_getparam: fix "Ignored Return Value" [21] o tool_getparam: fix memory leak on error in parse_ech [14] o tool_getparam: fix the ECH parser [20] o tool_operate: make --etag-compare always accept a non-existing file [22] o transfer: fix CURLOPT_CURLU override logic [171] o urlapi: fix redirect to a new fragment or query (only) [118] o urldata: tweak the UserDefined struct [240] o variable.md: mention --expand-variable for variables to variables [13] o variable.md: show function use with examples [18] o version: fix the IDN feature for winidn and appleidn [187] o vquic: fix 4th function call argument is an uninitialized value [70] o vquic: make vquic_send_packets not return without setting psent [69] o vtls: fix default SSL backend as a fallback [231] o vtls: only remember the expiry timestamp in session cache [110] o vtls: remove 'detach/attach' functions from TLS handler struct [25] o vtls: remove unusued 'check_cxn' from TLS handler struct [26] o vtls: replace "none"-functions with NULL pointers [27] o VULN-DISCLOSURE-POLICY.md: mention the not setting CVSS [23] o VULN-DISCLOSURE-POLICY: on legacy dependencies [239] o websocket: fix message send corruption [188] o windows: drop dupe macros, detect `CURL_OS` for WinCE ARM, indentation [183] o windows: drop redundant `USE_WIN32_SMALL_FILES` macro [145] o windows: drop two missed `buildconf.bat` references o windows: merge `config-win32ce.h` into `config-win32.h` [196] o ws-docs: extend WebSocket documentation [206] o ws-docs: remove the outdated texts saying ws support is experimental [15] o ws: reject frames with unknown reserved bits set [230] o x509asn1: add parse recursion limit [197]
www/curl: Bump PKGREVISON for libcurl.pc change for NetBSD
curl: update to 8.11.1. This release includes the following bugfixes: o build: fix ECH to always enable HTTPS RR [35] o build: fix MSVC UWP builds [32] o build: omit certain deps from `libcurl.pc` unless found via `pkg-config` [27] o build: use `_fseeki64()` on Windows, drop detections [41] o cmake: do not echo most inherited `LDFLAGS` to config files [55] o cmake: drop cmake args list from `buildinfo.txt` [8] o cmake: include `wolfssl/options.h` first [53] o cmake: remove legacy unused IMMEDIATE keyword [21] o cmake: restore cmake args list in `buildinfo.txt` [26] o cmake: set `CURL_STATICLIB` for static lib when `SHARE_LIB_OBJECT=OFF` [64] o cmake: sync GSS config code with other deps [28] o cmake: typo in comment o cmake: work around `ios.toolchain.cmake` breaking feature-detections [37] o cmakelint: fix to check root `CMakeLists.txt` [36] o cmdline/ech.md: formatting cleanups [13] o configure: add FIXMEs for disabled pkg-config references o configure: do not echo most inherited `LDFLAGS` to config files [31] o configure: replace `$#` shell syntax [25] o cookie: treat cookie name case sensitively [4] o curl-rustls.m4: keep existing `CPPFLAGS`/`LDFLAGS` when detected [40] o curl.h: mark two error codes as obsolete [19] o curl: --continue-at is mutually exclusive with --no-clobber [51] o curl: --continue-at is mutually exclusive with --range [61] o curl: --continue-at is mutually exclusive with --remove-on-error [50] o curl: --test-duphandle in debug builds runs "duphandled" [6] o curl: do more command line parsing in sub functions [71] o curl: rename struct var to fix AIX build [24] o curl: use realtime in trace timestamps [52] o curl_multi_socket_all.md: soften the deprecation warning [56] o CURLOPT_PREREQFUNCTION.md: add result code on failure [23] o digest: produce a shorter cnonce in Digest headers [70] o DISTROS: update Alt Linux links o dmaketgz: use --no-cache when building docker image [66] o docs: bring back ALTSVC.md and HSTS.md [76] o docs: document default `User-Agent` [57] o docs: suggest --ssl-reqd instead of --ftp-ssl [62] o duphandle: also init netrc [3] o ECH: enable support for the AWS-LC backend [5] o hostip: don't use the resolver for FQDN localhost [45] o http_negotiate: allow for a one byte larger channel binding buffer [63] o http_proxy: move dynhds_add_custom here from http.c [18] o KNOWN_BUGS: setting a disabled option should return CURLE_NOT_BUILT_IN [74] o krb5: fix socket/sockindex confusion, MSVC compiler warnings [22] o lib: fixes for wolfSSL OPENSSL_COEXIST [73] o libssh: use libssh sftp_aio to upload file [47] o libssh: when using IPv6 numerical address, add brackets [43] o macos: disable gcc `availability` workaround as needed [7] o mbedtls: call psa_crypt_init() in global init [2] o mime: fix reader stall on small read lengths [65] o mk-ca-bundle: remove CKA_NSS_SERVER_DISTRUST_AFTER conditions [39] o mprintf: fix the integer overflow checks [44] o multi: add clarifying comment for wakeup_write() [9] o multi: fix callback for `CURLMOPT_TIMERFUNCTION` not being called again when... [48] o netrc: address several netrc parser flaws [17] o netrc: support large file, longer lines, longer tokens [14] o nghttp2: use custom memory functions [1] o OpenSSL: improvde error message on expired certificate [59] o openssl: remove three "Useless Assignments" [72] o openssl: stop using SSL_CTX_ function prefix for our functions [20] o os400: Fix IBMi builds [33] o os400: Fix IBMi EBCDIC conversion of arguments [34] o pytest: add test for use of CURLMOPT_MAX_HOST_CONNECTIONS [60] o rtsp: check EOS in the RTSP receive and return an error code [49] o schannel: remove TLS 1.3 ciphersuite-list support [54] o setopt: fix CURLOPT_HTTP_CONTENT_DECODING [15] o setopt: fix missing options for builds without HTTP & MQTT [10] o show-headers.md: clarify the headers are saved with the data [58] o socket: handle binding to "host!<ip>" [16] o socketpair: fix enabling `USE_EVENTFD` [30] o strtok: use namespaced `strtok_r` macro instead of redefining it [29] o tests: add the ending time stamp in testcurl.pl o tests: re-enable 2086, and 472, 1299, 1613 for Windows [38] o TODO: consider OCSP stapling by default [11] o tool_formparse: remove use of sscanf() [68] o tool_getparam: parse --localport without using sscanf [67] o tool_getpass: fix UWP `-Wnull-dereference` [46] o tool_getpass: replace `getch()` call with `_getch()` on Windows [42] o tool_urlglob: parse character globbing range without sscanf [69] o vtls: fix compile warning when ALPN is not available [12]
*: recursive bump for icu 76 shlib major version bump
curl: do not add gssapi and ldap to Requires.private: curl-8.11.0 started to add gssapi and ldap to Requires.private because they are required for static linking. However, both security/heimdal-gssapi and databases/openldap-client builtin.mk-s do not provide any logic to generate fake .pc files in case builtin does not provide any (like it is the case in NetBSD). Revert that part like it was in curl<8.11.0 to avoid generating an unusable libcurl.pc files on such platforms. Add big FIXME comments because strictly speaking this is not correct and we should instead provide logic to generate fake .pc in heimdal-gssapi and openldap-client. PKGREVISION++
*curl*: update to 8.11.0
This release includes the following changes:
o curl: --create-dirs works for --dump-header as well [4]
o gtls: Add P12 format support [9]
o ipfs: add options to disable [8]
o TLS: TLSv1.3 earlydata support for curl [140]
o WebSockets: make support official (non-experimental) [106]
This release includes the following bugfixes:
o alt-svc: honor data->state.httpwant [19]
o altsvc: avoid using local buffer and memcpy [124]
o asyn-ares: remove typecast, fix expire [113]
o autotools: add support for 'unity' builds, enable in CI [15]
o bearssl: avoid strpcy() when generating TLS version log message [120]
o bearssl: improved session handling, test exceptions [233]
o bufq: unwrite fix [121]
o build: add `ldap` to `libcurl.pc` `Requires:` [139]
o build: add pytest targets [71]
o build: clarify CA embed is for curl tool, mark default, improve summary [72]
o build: detect and use `_setmode()` with Cygwin/MSYS, also use on Windows [136]
o build: disable warning `-Wunreachable-code-break` [195]
o build: fix clang-cl builds, add CI job [254]
o build: fix cross-compile check for poll with bionic [70]
o build: fix possible `-Wformat-overflow` in lib557 [85]
o build: limit arc4random detection to no-SSL configs [43]
o build: show if CA bundle to embed was found [83]
o build: tidy up and improve versioned-symbols options [5]
o build: tidy up deprecation suppression, enable warnings for clang [12]
o certs: add missing `-CAcreateserial` option for LibreSSL [247]
o checksrc: add check for spaces around logical AND operators [220]
o checksrc: Added checks for colon operator in ternary expressions [77]
o checksrc: check for spaces around '?', '>' and '<' [46]
o ci: dump `curl_config.h` to log in all jobs [199]
o CI: run with standard mod_http2 [214]
o cmake, Makefile.mk: use -isystem for headers, silence BearSSL issues [37]
o cmake/FindCares: fix version detection for c-ares 1.34.1 [209]
o cmake/FindNGTCP2: use library path as hint for finding crypto module [40]
o cmake: add missed variable to comment
o cmake: add native `pkg-config` detection for mbedTLS, MSH3, Quiche, Rustls, wolfSSL [149]
o cmake: allow building tests in unity mode [31]
o cmake: apply `WIN32_LEAN_AND_MEAN` to all feature checks
o cmake: avoid setting `BUILD_TESTING` [179]
o cmake: clear package version after `pkg-config` detection [207]
o cmake: delete unused NEED_LBER_H, HAVE_LDAP_H [38]
o cmake: detect `HAVE_NETINET_IN6_H`, `HAVE_CLOSESOCKET_CAMEL`, `HAVE_PROTO_BSDSOCKET_H` [132]
o cmake: detect GNU GSS [127]
o cmake: disable default OpenSSL if BearSSL, GnuTLS or Rustls is enabled [44]
o cmake: do not propagate unused `HAVE_GSSAPI_GSSAPI_KRB5_H` to C [131]
o cmake: document `-D` and env build options [208]
o cmake: drop obsolete items from `TODO` and `INSTALL-CMAKE` [228]
o cmake: drop redundant assignments [49]
o cmake: drop redundant zlib var, rename function (internals) [50]
o cmake: expand CURL_USE_PKGCONFIG to non-cross MINGW [13]
o cmake: fix broken dependency chain for cmdline-opts, tidy-ups [11]
o cmake: fix compile warnings for clang-cl [218]
o cmake: fix missing spacing in log message [205]
o cmake: limit `CURL_STATIC_CRT` to MSVC [217]
o cmake: make `test-ci` target skip building dependencies [88]
o cmake: mark as advanced some internal Find* variables [212]
o cmake: readd `generate-curl.1` dependency for `src` just in case [86]
o cmake: rename LDAP dependency config variables to match Find modules [144]
o cmake: replace `check_include_file_concat()` for LDAP and GSS detection [143]
o cmake: replace `CURL_*_DIR` with `{PROJECT,CMAKE_CURRENT}_*_DIR` [211]
o cmake: require quictls (or fork) when using msh3 on non-Windows [14]
o cmake: separate target for examples, optimize CI, fix fallouts [16]
o cmake: set version for `project()` and add CPack support [123]
o cmake: stop adding dependency headers to global `CMAKE_REQUIRED_INCLUDES` [146]
o cmake: sync torture test parallelism with autotools [35]
o cmake: tidy up `CURL_DISABLE_FORM_API` initialization [225]
o cmake: tidy up and shorten symbol hiding initialization [213]
o cmake: tidy up line order
o cmake: tidy up picky warning initialization [215]
o cmake: tidy-ups and rebase fixups [191]
o cmake: tweaks around debug mode and hidden symbols [194]
o cmake: untangle feature detection interdependencies [198]
o cmake: use `list(APPEND)` on `CURL_INCLUDES` [223]
o cmake: use OpenSSL for LDAP detection only if available [102]
o cmake: use the `BSD` variable [210]
o config: rename the OS define to CURL_OS to reduce collision risk [256]
o configure: add GSS to `libcurl.pc` `Depends:` [126]
o configure: catch Apple in more target triplets [6]
o configure: drop duplicate feature checks for `poll()`, `if_nametoindex()` [135]
o configure: drop unused bare `socket.h` detection [133]
o configure: improve help string for some options [78]
o conncache: find bundle again in case it is removed [129]
o conncache: more efficient implementation of cpool_remove_bundle [176]
o cookie: overhaul and cleanup [142]
o curl-rustls.m4: set linker flags to allow rustls build on macos [186]
o curl.h: remove the struct pointer for CURL/CURLSH/CURLM typedefs [174]
o curl: add build options for safe/no CA bundle search (Windows) [26]
o curl: detect ECH support dynamically, not at build time [230]
o curl_addrinfo: support operating systems with only getaddrinfo(3) [239]
o curl_multi_perform.md: fix typo [224]
o curl_trc: fix build with verbose messages disabled [79]
o curl_url_set.md: document HOST handling when URL is parsed [2]
o curl_ws_recv.md: the 'meta' pointer is only returned on success [221]
o curl_ws_recv: return recv 0 and point meta to NULL on all errors [222]
o CURLMOPT_PIPELINING.md: clarify that CURLPIPE_NOTHING is not default [54]
o CURLOPT_APPEND.md: goes for SFTP as well [128]
o CURLOPT_HEADERFUNCTION.md: do not modify the passed in buffer [107]
o DISABLED: disable test 1060 with hyper [154]
o DISTROS: avoid use of "very"
o Dockerfile: update Docker digest to d830561 [226]
o docs/cmdline-opts: GnuTLS supports PKCS#11 URI in --cert option [101]
o docs: clarify FTP over HTTP proxy functionality somewhat [203]
o docs: fix a typo in some cipher options
o ech: spelling, whitespace, say `--ech` default config [137]
o ftp: fix 0-length last write on upload from stdin [76]
o ftp: move listen handling to socket filter [183]
o GHA: optimize test prereq steps [188]
o gnutls: use session cache for QUIC [196]
o hsts: avoid the local buffer and memcpy on lookup [125]
o hsts: improve subdomain handling [158]
o hsts: support "implied LWS" properly around max-age [229]
o http2: auto reset stream on server eos [147]
o http_aws_sigv4: avoid local buffer and strcpy [92]
o INSTALL-CMAKE.md: mention focus on shared libraries [73]
o INSTALL-CMAKE: fix punctuation and a typo
o INSTALL.md: fix a typo that slipped in to RISC OS
o json.md: cli-option `--json` is an alias of `--data-binary` [89]
o lib, src, tests: added space around ternary expressions [56]
o lib/cw-out: initialize 'flush_all' directly [62]
o lib/src: white space edits to comply better with code style [47]
o lib: avoid assigning 'result' temporarily [97]
o lib: fix disabled-verbose-strings + enable-debug build warnings
o lib: fix unity builds with BearSSL, MSH3, Quiche, OmniOS [32]
o lib: move curl_path.[ch] into vssh/ [182]
o lib: msnprintf tidy-ups [245]
o lib: remove Curl_ prefix from static functions [202]
o lib: remove function pointer typecasts for hmac/sha256/md5 [175]
o lib: use bool/TRUE/FALSE properly [48]
o libcurl/opts: improve phrasing for connection cap related options [145]
o libssh.c: handle EGAINS during proto-connect correctly [23]
o libssh2: delete duplicate `break` [190]
o libssh2: put the readdir buffers into struct [170]
o libssh2: use the Curl_* memory functions to avoid memdebug [22]
o libssh2: use the filename buffer when getting the homedir [169]
o libtests: generate the lib1521 atomically [148]
o mbedTLS: fix handling of TLSv1.3 sessions [184]
o mbedtls: handle session as blobs [234]
o mbedtls: remove failf() use from mbedtls_random [255]
o mk-lib1521: fix the long return code check [204]
o mprintf: do not ignore length modifiers of `%o`, `%x`, `%X` [164]
o mprintf: treat `%o` as unsigned, add tests for `%o`, `%x`, `%X` [162]
o mqtt: fix mqtt.md wording and add clearer explanation [172]
o multi.c: make stronger check for paused transfer before asserting [24]
o multi.c: warn/assert on stall only without timer [80]
o multi: avoid reading whole struct pointer from pointer [10]
o multi: convert Curl_follow to static multi_follow [141]
o multi: make curl_multi_cleanup invalidate magic latter [159]
o multi: make multi_handle_timeout use the connect timeout [98]
o multi: split multi_runsingle into sub functions [200]
o negotiate: conditional check around GSS & SSL specific code [1]
o netrc: cache the netrc file in memory [138]
o ngtcp2: do not loop on recv [251]
o ngtcp2: set max window size to 10x of initial (128KB) [232]
o openssl quic: populate x509 store before handshake [117]
o openssl: convert a memcpy to dynbuf use [57]
o openssl: extend the OpenSSL error messages [238]
o openssl: improve retries on shutdown [151]
o openssl: remove two strcpy() calls [64]
o OS400: don't delete source files when building with debug [235]
o packages/OS400/curlmain: remove the strncpy calls [155]
o processhelp.pm: improve taskkill calls (Windows) [52]
o pytest: fix run against multissl curl [236]
o pytest: improve pytest_07_42a reliability [118]
o pytest: include `buildinfo.txt` in the output [189]
o pytest: include curl version string and python platform in log [242]
o pytest: show curl features and protocols [150]
o quic: use send/recvmmsg when available [93]
o quic: use the session cache with wolfSSL as well [231]
o request: on shutdown send, proceed normally on timeout [18]
o runtests.md: suggest a value for -j for torture tests
o runtests: add comment for handle64 pathsep requirement
o runtests: drop unused code for old/classic-mingw support [87]
o runtests: pass single backslashes with Windows Perl [243]
o runtests: use deterministic sort for `TESTINFO` lines [201]
o schannel: fix TLS cert verification by IP SAN [253]
o schannel: ignore error on recv beyond close notify [167]
o schannel: reclassify extra-verbose schannel_recv messages [153]
o select: use poll() if existing, avoid poll() with no sockets [75]
o sendf: add condition to max-filesize check [3]
o server/mqttd: fix two memory leaks [178]
o setopt: avoid superfluous length checks before strcmp() [105]
o setopt: return error for bad input to CURLOPT_RTSP_REQUEST [240]
o setopt_cptr: make overflow check only done when needed [241]
o singleuse: make `git grep` faster, add Apple `nm` support [109]
o smb: do not redefine `getpid` on Windows [187]
o smb: replace use of strcpy() with snprintf() [122]
o socks_gssapi: switch to dynbuf from buffer with strcpy [42]
o source: avoid use of 'very' in comments
o src/lib: remove redundant ternary operators [244]
o src: guard for double declaration of `curl_ca_embed` in unity builds [166]
o sws: fix unused static function with `TCP_NODELAY` undefined [134]
o telnet: avoid two strcpy() by pointing to the strings instead [99]
o test1035: convert host name back to utf8 as should be [63]
o test1515: add tracing and more debug info [119]
o test1540: add debug logging [58]
o test190: replace %FTPTIME2 with a fixed value [34]
o test1915: add tracing and connect timeout [114]
o test1915: remove wrong comment
o test2502: add libtest debug tracing [60]
o test504: fix handling on pending connect [59]
o testrun: explicitly set proper IP address for stunnel listen/connect [61]
o tests/http: fix ubuntu GnuTLS CI failures [161]
o tests/scorecard: allow remote server test [171]
o tests/server/util.c: remove use of strncpy [156]
o tests/valgrind.pm: fix warnings with no valgrind report to show [25]
o tests/valgrind.supp: remove a travis suppression, add a Debian [116]
o tests: add and use `%PERL` variable to refer to the Perl binary [82]
o tests: add codeset-utf8 as a feature [66]
o tests: add file: tests with existing files [45]
o tests: allow pytests to run in out-of-tree builds [192]
o tests: capture stdin to get the vsftpd version number [165]
o tests: change Python code style to pass ruff checks
o tests: check http/2 and http/3 server responsiveness [28]
o tests: delete duplicate macro check [53]
o tests: enable additional ruff Python lint options
o tests: fix `%POSIX_PWD` on native Windows Perl [111]
o tests: fix callback signatures to please UndefinedBehaviorSanitizer [173]
o tests: Fix FILEFORMAT <file name=""> directive [206]
o tests: fix keyword for test1411
o tests: fix shell quoting on native Windows Perl [110]
o tests: fix some Python typing issues
o tests: fixup `checkcmd` `PATH` on non-unixy platforms [108]
o tests: improve mqtt server handling [27]
o tests: introduce %CLIENT6IP-NB [67]
o tests: let openssl generate random cert serials [91]
o tests: libtests and unit tests need explicit #include memdebug [7]
o tests: make precheck for HTTP on 127.0.0.1 into a feature [68]
o tests: Only log warnings or worse by default in smbserver [33]
o tests: postcheck is now in verify [69]
o tests: remove all valgrind disable instructions [21]
o tests: remove debug requirement on 38 tests [100]
o tests: remove the %FTPTIME3 variable [41]
o tests: replace `%PWD` with `%FILE_PWD` for `file://` [84]
o tests: replace `%PWD` with `%SSH_PWD` in SCP/SFTP tests [112]
o tests: replace hard-coded `/dev/null` with variable [81]
o tests: simplify `pathhelp.pm`, avoid using external tools [95]
o tests: speed up builds with single-binary test bundles [29]
o tests: testrunner fairness [39]
o tests: testrunner reliability improvements [55]
o tests: use '-4' where needed [17]
o tests: use a set for several of the curl_props [249]
o tftp: avoid two memcpy/strcpy [94]
o tidy-up: rename CURL_WINDOWS_APP to CURL_WINDOWS_UWP [36]
o tls: avoid abusing CURLE_SSL_ENGINE_INITFAILED [246]
o tool: support --show-headers AND --remote-header-name [103]
o tool_doswin: simplify; remove unused options and strncpy calls [65]
o tool_getparam: drop unused time() call [177]
o tool_getparam: replace two uses of strncpy(), ban strncpy [157]
o tool_operate: make --skip-existing work for --parallel [180]
o tool_operate: reuse the schannel backend check [130]
o tool_xattr: create the user.creator xattr attribute [197]
o unit1307: tidy up Apple OS detection [252]
o unit1660: fix unreachable code warning in no-SSL builds [30]
o url: connection reuse on h3 connections [20]
o url: use same credentials on redirect [181]
o urlapi: drop unused header [51]
o urlapi: normalize the IPv6 address [115]
o version: minor cleanups [152]
o version: say quictls in MSH3 builds [219]
o vquic: fix compiler warning with gcc + MUSL [168]
o vquic: recv_mmsg, use fewer, but larger buffers [250]
o vtls: convert Curl_pin_peer_pubkey to use dynbuf [74]
o vtls: convert pubkey_pem_to_der to use dynbuf [90]
o warnless: remove curlx_sktosi and curlx_sitosk [104]
o winbuild/README: consolidate command prompt section [193]
o winbuild/README: document how to clean a build [163]
o winbuild: add initial wolfSSL support [227]
o winbuild: drop `gen_resp_file.bat` [248]
o wolfssl: convert malloc + memcpys to dynbuf for cipher string [96]
o wolfSSL: fix handling of TLSv1.3 sessions [185]
o wolfssl: no more use of the OpenSSL API [216]
o wolfssl: use old version API without openssl extra [160]
*: revbump for icu downgrade
*: recursive bump for icu 76.1 shlib bump
curl: updated to 8.10.0 Changes in 8.10.0 autotools: add `--enable-windows-unicode` option curl: --help [option] displays documentation for given cmdline option curl: add --skip-existing curl: for -O, use "default" as filename when the URL has none curl: make --rate accept "number of units" curl: make --show-headers the same as --include curl: support --dump-header % to direct to stderr curl: support embedding a CA bundle and --dump-ca-embed curl: support repeated use of the verbose option; -vv etc curl: use libuv for parallel transfers with --test-event getinfo: add CURLINFO_POSTTRANSFER_TIME_T mbedtls: add CURLOPT_TLS13_CIPHERS support rustls: add support for setting TLS version and ciphers vtls: stop offering alpn http/1.1 for http2-prior-knowledge wolfssl: add CURLOPT_TLS13_CIPHERS support wolfssl: add support for ssl cert blob / ssl key blob options Bugfixes ...
curl: include upstream patch for sigpipe issue Noticed by abs@, thanks! Bump PKGREVISION.
curl: update to 8.9.0.
This release includes the following changes:
o curl: add --ip-tos (IP Type of Service / Traffic Class) [42]
o curl: add --mptcp [29]
o curl: add --vlan-priority [107]
o curl: add -w '%{num_retries} [65]
o gnutls: support CA caching [90]
o mbedtls: support CURLOPT_CERTINFO [116]
o noproxy: patterns need to be comma separated [75]
o socket: support binding to interface *AND* IP [80]
o tcpkeepalive: add CURLOPT_TCP_KEEPCNT and --keepalive-cnt [103]
o urlapi: add CURLU_NO_GUESS_SCHEME [72]
o wolfssl: support CA caching [73]
This release includes the following bugfixes:
o (lib)curl.rc: set debug flag also for `CURLDEBUG` and `UNITTESTS` [2]
o asyn-thread: avoid using GetAddrInfoExW with impersonation [7]
o aws-sigv4: url encode the canonical path [55]
o BINDINGS: update java link to one that exists [115]
o build: add Debug, TrackMemory, ECH to feature list [218]
o build: add more supported attributes to the IAR compiler [46]
o build: fix llvm 16 or older + Xcode 15 or newer, and gcc [240]
o build: fix llvm 17 and older + macOS SDK 14.4 and newer [230]
o build: sync warning options between autotools, cmake & compilers [244]
o build: tidy up `__builtin_available` feature checks (Apple) [241]
o build: untangle `CURLDEBUG` and `DEBUGBUILD` macros [9]
o build: use `#error` instead of invalid syntax [212]
o cd2nroff: convert two warnings to errors [135]
o cd2nroff: use an empty "##" to signal end of .IP sequence [56]
o cf-socket: improve SO_SNDBUF update for Winsock [27]
o cf-socket: optimize curlx_nonblock() and check its return error [151]
o cf-socket: remove obsolete recvbuf [203]
o cf-socket: remove two "useless" assignments [238]
o cfilters: make Curl_conn_connect always assign 'done' [60]
o cmake: add CURL_USE_GSASL option with detection + CI test [133]
o cmake: allow `ENABLE_CURLDEBUG=OFF` with `ENABLE_DEBUG=ON` [26]
o cmake: allow SOVERSION override with `CURL_LIBCURL_SOVERSION` [120]
o cmake: alpha-sort feature list [161]
o cmake: always build unit tests with the `testdeps` target [20]
o cmake: bring `curl-config.cmake` closer to `FindCURL` [130]
o cmake: create `configurehelp.pm` like autotools does [252]
o cmake: delete unused `HAVE_LIBSSH2`, `HAVE_LIBSOCKET` macros [251]
o cmake: detect `libidn2` also via `pkg-config` [239]
o cmake: enable SOVERSION for Cygwin and `CMAKE_DLL_NAME_WITH_SOVERSION` [119]
o cmake: fix `-Wredundant-decls` in unity/mingw-w64 builds [15]
o cmake: fix brotli lib order [3]
o cmake: fix building `unit1600` due to missing `ssl/openssl.h` [222]
o cmake: fix building in unity mode [4]
o cmake: fix building with both md4 and md5 in unity mode [13]
o cmake: fix builds with detected libidn2 lib but undetected header [221]
o cmake: fix feature and protocol lists for SecureTransport [194]
o cmake: fix quotes when appending multiple options (SecureTransport) [139]
o cmake: fix test 1013 with websockets enabled and no TLS [47]
o cmake: improve wolfSSL detection [190]
o cmake: show protocols, then features [180]
o cmake: stop setting SOVERSION for the static lib target [127]
o cmake: sync CA bundle/path detection with autotools [253]
o cmake: sync protocol/feature list with `curl -V` output [182]
o cmake: use `APPLE` instead of `CMAKE_SYSTEM_NAME` string [24]
o cmake: whitespace, formatting/tidy-up in comments [25]
o cmdline-docs: "added in" cleanups [171]
o cmdline-docs: fix `--proxy-ca-native` example + tidy-ups [181]
o cmdline-opts/_PROTOCOLS.md: mention WS(S) [94]
o cmdline-opts/ech.md: shorten the help text [93]
o cmdline-opts/fail.md: expand and clarify [95]
o cmdline-opts/interface.md: expand the documentation [66]
o cmdline-opts: category cleanup [196]
o cmdline-opts: expand the parallel explanations [98]
o cmdline-opts: shorten six help texts [178]
o cmdline: expand proxy option explanations [97]
o code: language cleanup in comments [186]
o configure: CA bundle/path detection fixes [254]
o configure: fix `SystemConfiguration` detection [243]
o configure: fix pkg-config library name 'libnghttp3' [138]
o configure: fix pkg-config names (zstd, ngtcp2*) [170]
o configure: limit `SystemConfiguration` test to non-c-ares, IPv6 builds [242]
o configure: remove 'deeper' checks for `AC_CHECK_FUNCS` [23]
o configure: require a QUIC library if nghttp3 is used [142]
o configure: sort feature list, lowercase protocols, use backticks [206]
o configure: use `$EGREP` in place of `grep -E` [41]
o configure: use AC_MSG_WARN for TLS/experimental warning texts [122]
o connect-to.md: expand with examples [147]
o connection: shutdown TLS (for FTP) better [104]
o cookie-jar.md: see also --junk-session-cookies [144]
o curl-config: revert to backticks to support old target envs [88]
o curl: allow etag and content-disposition for 3xx reply [117]
o curl: bsearch the --write-out variable name [102]
o curl: check for --disable case *sensitively* [199]
o curl: list categories in --help [219]
o curl: make warnings and other messages aware of terminal width [58]
o curl: output "flying saucers" with leading carriage return [121]
o curl_easy_escape: elaborate a little on encoding a URL [193]
o curl_mprintf.md: add missing comma
o curl_multi_poll.md: expand the example with an custom file descriptor [21]
o curl_str[n]equal.md: tidy up text to make them stand-alone [195]
o curl_url_set.md: libcurl only parses :// URLs [48]
o curl_url_set: elaborate on scheme guessing [191]
o curldown: make 'added-in:' a mandatory header field [226]
o CURLOPT_CONNECTTIMEOUT*: clarify, document the milliseond version [105]
o CURLOPT_ECH.md: remove repeated 'if' [109]
o CURLOPT_NETRC.md: clarify what it does on Windows [140]
o CURLOPT_RESOLVE.md: mention hostname can be wildcard ('*') [150]
o CURLOPT_SSL_VERIFYHOST.md: refresh [224]
o CURLOPT_TLSAUTH_PASSWORD/USERNAME.md: language fixups [155]
o DISTROS: add a link to the list archive [22]
o DISTROS: add AlmaLinux package source link
o DISTROS: add MSYS2 (native) links [100]
o docs/cmdline-opts: fix mail-auth example TLD typo [35]
o docs/cmdline-opts: remove two superfluous "Added in" mentions [143]
o docs/libcurl: polish the single-line descriptions [159]
o docs/Makefile.am: make curl-config.1 install [14]
o docs: reference non deprecated libcurl options [113]
o docs: start markdown headers with capital letter where applicable [236]
o doh-insecure.md: expand [96]
o doh: fix cleanup [228]
o doh: fix leak and zero-length HTTPS RR crash [227]
o dump-header.md: mention minus for stdout [149]
o examples/threaded-ssl: remove locking callback code [83]
o examples: add missing binaries to .gitignore [106]
o examples: delete unused includes [10]
o examples: fix compiling with MSVC [34]
o examples: suppress deprecation warnings locally [211]
o FEATURES.md: refresh [208]
o file: separate fake headers and body with a stand-alone CRLF [137]
o ftp: remove redundant null pointer check in loop condition [256]
o get.d: clarify the explanation [32]
o GHA/windows: add MSVC wolfSSL job with test [250]
o GHA/windows: ignore FTP test results for old-mingw-w64
o GHA: add MSVC UWP job, expand jobs with more options [216]
o GHA: detect and warn for more English contractions [123]
o GHA: disable MQTT and WebSocket tests in Windows jobs [63]
o GHA: disable TFTP tests in Windows jobs
o GHA: enable tests 1139, 1177, 1477 on Windows [59]
o GHA: improve vcpkg cache, add BoringSSL ECH and LibreSSL MSVC jobs [215]
o GHA: unify http3 workflows into one [77]
o GHA: use vcpkg to install packages for MSVC jobs [145]
o GIT-INFO.md: remove version requirements [209]
o gnutls: improve TLS shutdown [62]
o gnutls: pass in SNI name, not hostname when checking cert [114]
o help: add flags to output and ssh categories [202]
o hostip: skip error check for infallible function call [237]
o http/3: add shutdown support [154]
o http/3: resume upload on ack if we have more data to send [232]
o http: remove "struct HTTP" [134]
o http: write last header line late [44]
o idn: fix ß with AppleIDN [220]
o idn: make macidn fail before trying conversion if name too long [235]
o idn: tweak buffer use when converting with macidn [245]
o lib/v*: tidy up types and casts [64]
o lib: add a few DEBUGASSERT(data) to aid code analyzers [187]
o lib: add failure reason on bind errors [247]
o lib: fix gcc warning in certain debug builds [19]
o lib: fix thread entry point to return `DWORD` on WinCE [85]
o lib: graceful connection shutdown [162]
o lib: prefer `var = time(NULL)` over `time(&var)` [52]
o lib: tidy up types and casts [92]
o lib: xfer_setup and non-blocking shutdown [111]
o libcurl-docs: make option lists alpha-sorted [214]
o libcurl-easy.md: now *more* than 300 options [233]
o libcurl.pc: add `Requires.private`, `Requires` for static linking [129]
o libcurl.pc: add more `Requires.private`/`Requires` dependencies [189]
o libssh: remove CURLOPT_SSL_VERIFYHOST check [36]
o macos: add workaround for gcc, non-c-ares, IPv6, compile error [213]
o macos: undo `availability` macro enabled by Homebrew gcc [231]
o managen: "added in" fixes [131]
o managen: cleanups to generate nicer-looking output [141]
o managen: error on trailing blank lines in input files [165]
o managen: fix removing backticks from subtitles [179]
o managen: insert final .fi for files ending with a quote [174]
o managen: introduce "Multi: per-URL" [176]
o managen: only output .RE for manpage output [156]
o managen: output tabs for each 8 leading spaces [164]
o managen: warn on excessively long help texts [87]
o MANUAL.md: wrap two example urls that overrun styling [234]
o mbedtls: check version before getting tls version [261]
o mbedtls: check version for cipher id [12]
o mbedtls: correct the error message for cert blob parsing failure [225]
o mbedtls: send close-notify on close [11]
o mbedtls: v3.6.0 workarounds [89]
o md4: fix compilation with OpenSSL 1.x with md4 disabled [255]
o misc: fix typos [108]
o mk-ca-bundle.pl: delay 'curl -V' execution until it is needed [168]
o multi: add multi->proto_hash, a key-value store for protocol data [37]
o multi: do a final progress update on connect failure [248]
o multi: fix multi_wait() timeout handling [51]
o multi: fix pollset during RESOLVING phase [166]
o multi: multi_getsock(), check correct socket [167]
o ngtcp2+quictls: fix cert-status use [173]
o noproxy: test bad ipv6 net size first [82]
o openssl/gnutls: rectify the TLS version checks for QUIC [61]
o openssl: fix %-specifier in infof() call [57]
o openssl: fix hostname handling when using ECH [78]
o openssl: stop duplicate ssl key logging for legacy OpenSSL [49]
o os400: make it compilable again [128]
o pytest: add ftp upload tests [16]
o pytest: include testenv/vsftpd.py in dist tarball [99]
o quic: enable UDP GRO [157]
o quic: openssl quic, cmake and doc version update to 3.3.0 [148]
o quic: require at least OpenSSL 3.3 for QUIC [158]
o quic: update to quiche 0.22.0 [175]
o quiche: fix operand of ‘?:’ changes signedness [177]
o request.md: language fix [70]
o request: change the struct field bodywrites to a bool, only for hyper [132]
o reuse: switch to REUSE 3.2 and REUSE.toml [184]
o runtests: show name and keywords for failed tests in summary [249]
o runtests: sort test IDs in summary lines [33]
o runtests: support %DATE for YYYY-MM-DD of right now
o runtests: support %VERNUM
o runtests: support crlf="yes" for the <stderr> section
o sectransp: fix `HAVE_BUILTIN_AVAILABLE` checks to not emit warnings [210]
o sectransp: fix clang compiler warnings, stop silencing them [223]
o sectransp: remove large cipher table [76]
o sectransp: use common code for cipher suite lookup [54]
o sendf: fix CRLF conversion of input [258]
o smtp: for starttls, do full upgrade [260]
o socket: change TCP keepalive from ms to seconds on DragonFly BSD [74]
o socket: use SOCK_NONBLOCK to eliminate extra system call [86]
o socketpair: add `eventfd` and use `SOCK_NONBLOCK` for `socketpair()` [81]
o src/Makefile.am: remove SUBDIRS assignment [172]
o system_win32: add missing curl.h include [160]
o tcpkeepalive: support TCP keep-alive parameters on Solaris <11.4 [91]
o test1119: adapt for `.md` input [204]
o test1139: scan .md files instead of .3 ones [197]
o test1175: scan libcurl-errors.md, not the generated .3 version [188]
o test1486: verify that write-out.md and tool_writeout.c are in sync [112]
o test2600: disable on win32 [259]
o test: add test1484, for HEAD with content [18]
o test: add test1546, chunked not last transfer encoding [17]
o tests/scripts: call it 'manpage' (single word) [229]
o tests: add pytest for --ciphers and --tls13-ciphers options [38]
o tests: delete `CharConv` remains [201]
o tests: delete redundant `!MSDOS` guard [84]
o tests: extend user/password parsing test1620 [40]
o tests: fix sshd IdentityFile path for MinGW/Cygwin [217]
o tests: fix sshd UserKnownHostsFile path for MinGW/Cygwin
o tests: include current directory when running test Perl commands [205]
o tests: log "Throwing away" messages before throwing away
o tests: run with "--trace-config all" to provide even more info [6]
o tests: sync feature names with `curl -V` [257]
o tests: test_17_ssl_use.py clarify mbedTLS TLSv1.3 support [43]
o tests: use exec when spawning nghttpx [45]
o tidy-up: use consistent casing for Windows directories [28]
o TODO: remove some old, clarify, add something [31]
o tool_cb_hdr: return error for failed header writes [30]
o tool_operate: avoid explicitly setting verifypeer to 1 [39]
o tool_operate: simplify return code handling from url_proto() [198]
o tool_writeout: get certinfo only when needing it [101]
o trace-ascii.md: mention "%" for stderr [146]
o transfer: avoid polling socket every transfer loop [200]
o transfer: conn close on paused upload [8]
o transfer: do not use EXPIRE_NOW while blocked [124]
o transfer: remove curl_upload_refill_watermark, no longer used [50]
o transfer: set CSELECT_IN if there is data pending [118]
o unit2604: use 'unitfail' instead of 'error' variable [153]
o url: allow DoH transfers to override max connection limit [68]
o urlapi: remove unused definition of HOST_BAD [262]
o variable.md: make example use expand [207]
o verify-synopsis.pl: work with .md files [185]
o vms: fixed language in comment [110]
o vtls: deprioritize Secure Transport [71]
o vtls: replace addsessionid with set_sessionid [183]
o winbuild: fix PE version info debug flag [1]
o winbuild: MS-DOS batch tidy-ups [163]
o winbuild: remove outdated WIN32 defines [5]
o windows: fix UWP builds, add GHA job [79]
o winsock: move SO_SNDBUF update into cf-socket [53]
o wolfssl: assume key_file equal to clientcert if no key_file [169]
o wolfssl: use larger error buffer when formatting errors [246]
o x509asn1: add some common ECDSA OIDs [67]
o x509asn1: ASN1tostr() should fail when 'constructed' is set [125]
o x509asn1: fallback to dotted OID representation [69]
o x509asn1: make Curl_extract_certinfo store error message [136]
o x509asn1: prevent NULL dereference [152]
o x509asn1: remove superfluous free()
o x509asn1: remove two static variables [126]
revbump after icu and protobuf updates
curl libcurl-gnutls: updated to 8.8.0
8.8.0
Changes:
curl_version_info: provide librtmp version
file: add support for directory listings
idn: add native AppleIDN (icucore) support for macOS/iOS
lib: add curl_multi_waitfds
mbedTLS: implement CURLOPT_SSL_CIPHER_LIST option
NTLM_WB: drop support
TLS: add support for ECH (Encrypted Client Hello)
urlapi: add CURLU_GET_EMPTY for empty queries and fragments
Bugfixes:
appveyor: drop unnecessary `--clean-first` cmake option
appveyor: guard against crash-build with VS2008
appveyor: make gcc 6 mingw64 job build-only
asyn-thread: fix curl_global_cleanup crash in Windows
asyn-thread: fix Curl_thread_create result check
autotools: delete unused functions
autotools: fix `HAVE_IOCTLSOCKET_FIONBIO` test for gcc 14
autotools: only probe for SGI MIPS compilers on IRIX
bearssl: fix compiler warnings
bearssl: use common code for cipher suite lookup
bufq: remove duplicate word in comment
BUG-BOUNTY.md: clarify the third party situation
build: prefer `USE_IPV6` macro internally (was: `ENABLE_IPV6`)
build: remove MacOSX-Framework script
cd2nroff/manage: use UTC when SOURCE_DATE_EPOCH is set
cf-https-connect: use timeouts as unsigned ints
cf-socket: don't try getting local IP without socket
cf-socket: remove references to l_ip, l_port
ci: add curl-for-win builds: Linux MUSL, macOS, Windows
cmake: add `BUILD_EXAMPLES` option to build examples
cmake: add librtmp/rtmpdump option and detection
cmake: check fseeko after detecting HAVE_FILE_OFFSET_BITS
cmake: do not pass linker flags to the static library tool
cmake: enable `-pedantic-errors` for clang when `CURL_WERROR=ON`
cmake: FindNGHTTP2 add static lib name to find_library call
cmake: fix `CURL_WERROR=ON` for old CMake and use it in GHA/linux-old
cmake: fix `HAVE_IOCTLSOCKET_FIONBIO` test with gcc 14
cmake: fixup `DEPENDS` filename
cmake: forward `USE_LIBRTMP` option to C
cmake: generate misc manpages and install `mk-ca-bundle.pl`
cmake: initialize `BUILD_TESTING` before first use
cmake: speed up libcurl doc building again
cmake: tidy-up to use `WORKING_DIRECTORY`
cmake: use namespaced custom target names
cmdline-docs: fix make install with configure --disable-docs
configure: error on missing perl if docs or manual is enabled
configure: make --disable-docs imply --disable-manual
content_encoding: brotli and others, pass through 0-length writes
content_encoding: ignore duplicate chunked encoding
content_encoding: reject transfer-encoding after chunked
contrithanks: honor `CURLWWW` variable
curl-confopts.m4: define CARES_NO_DEPRECATED when c-ares is used
curl.h: change CURL_SSLVERSION_* from enum to defines
curl: make --help adapt to the terminal width
curl: use curl_getenv instead of the curlx_ version
Curl_creader_read: init two variables to avoid using them uninited
curl_easy_pause.md: use correct defines in example
curl_getdate.md: document two-digit year handling
curl_global_trace.md: shorten the description
curl_multibyte: remove access() function wrapper for Windows
curl_path: make Curl_get_pathname use dynbuf
curl_setup.h: add support for IAR compiler
curl_setup.h: detect 'inline' support
curl_sha512_256: do not use workaround for NetBSD when not needed
curl_sha512_256: fix detection of OpenSSL 1.1.1 or later
curl_url_get.md: clarify queries and fragments and CURLU_GET_EMPTY
CURLINFO_REQUEST_SIZE: fixed, add tests for transfer infos reported
CURLOPT_WRITEFUNCTION.md: fix the callback proto in the example
cw-out: improved error handling
DEPRECATE.md: TLS libraries without 1.3 support
digest: replace strcpy for empty string with simple assignment
dist: `set -eu`, fix shellcheck, make reproducible and smaller tarballs
dist: add files missing from release tarball
dist: add reproducible dir entries to tarballs
dist: do not require Perl in `maketgz`
dist: remove the curl-config.1 from the tarball
dist: verify tarball reproducibility in CI
DISTROS: add patch and issues link for curl-for-win
DISTROS: Cygwin updates
dllmain: Call OpenSSL thread cleanup for Windows and Cygwin
doc: pytest `--repeat` -> `--count`
docs/cmdline-opts: invoke managen using a relative path
docs/cmdline-opts: mention STARTTLS for --ssl and --ssl-reqd
docs: add CURLOPT_NOPROGRESS to CURLOPT_XFERINFOFUNCTION example
docs: clarify CURLOPT_MAXFILESIZE and CURLOPT_MAXFILESIZE_LARGE
docs: fix some CURLINFO examples
doh: fix typo in comment
doh: remove unused function prototype
dynbuf: fix returncode on memory error
examples: fix/silence `-Wsign-conversion`
EXPERIMENTAL: add graduation requirements for each feature
file: remove useless assignment
ftp: add tracing support
ftp: fix build for CURL_DISABLE_VERBOSE_STRINGS
ftp: fix socket leak on rare error
GHA: add NetBSD, OpenBSD, FreeBSD/arm64 and OmniOS jobs
GHA: add shellcheck job and fix warnings, shell tidy-ups
GHA: add valgrind to a wolfSSL build
GHA: on macOS remove $HOME/.curlrc
GHA: pin dependencies
gnutls: lazy init the trust settings
h3/ngtcp2: improve error handling
hash: change 'slots' to size_t from int
hash: delete unused debug function
hsts: explicitly skip blank lines
hsts: remove single-use single-line function
http tests: in CI skip test_02_23* for quiche
http2 + ngtcp2: pass CURLcode errors from callbacks
http2, http3: decouple stream state from easy handle
http2: emit RST when client write fails
http3: quiche+ngtcp2 improvements
http: acknowledge a returned error code
http: HEAD response body tolerance
http: reject HTTP major version switch mid connection
http: remove redundant check
http: with chunked POST forced, disable length check on read callback
http_aws_sigv4: remove useless assignment
idn: make Curl_idnconvert_hostname() use Curl_idn_decode()
if2ip: make the buf_size arg a size_t
INSTALL-CMAKE.md: explain `cmake -G <generator-name>`
krb5: use dynbuf
ldap: fix unused variables (seen on OmniOS)
lib/cf-h1-proxy: silence compiler warnings (gcc 14)
lib: add trace support for client reads and writes
lib: bump hash sizes to `size_t`
lib: clear the easy handle's saved errno before transfer
lib: fix compiler warnings (gcc)
lib: make protocol handlers store scheme name lowercase
lib: merge `ENABLE_QUIC` C macro into `USE_HTTP3`
lib: remove two instances of "only only" messages
lib: silence `-Wsign-conversion` in base64, strcase, mprintf
lib: silence warnings on comma misuse
lib: use `#error` instead of invalid syntax in `curl_setup_once.h`
lib: use multi instead of multi_easy for the active multi
libcurl-opts: mention pipelining less
libssh2: delete redundant feature guard
libssh2: replace `access()` with `stat()`
libssh2: set length to 0 if strdup failed
m4: fix rustls pkg-config codepath
MAIL-ETIQUETTE: convert to markdown
makefile: remove the sorting from the vc-ide action
maketgz: put docs/RELEASE-TOOL.md into the tarball
managen: fix the option sort order
mbedtls: call mbedtls_ssl_setup() after RNG callback is set
mbedtls: cut off trailing newlines from debug logs
mbedtls: fix building with v3 in CMake Unity mode
mbedtls: support TLS 1.3
mime: avoid using access()
misc: fix typos
misc: fix typos, quoting and spelling
mprintf: check fputc error rather than matching returned character
mqtt: when Curl_xfer_recv returns error, don't use nread
multi: avoid memory-leak risk
multi: introduce SETUP state for better timeouts
multi: multi_wait improvements
multi: remove the unused Curl_preconnect function
multi: remove useless assignment
multi: timeout handles even without connection
openldap: create ldap URLs correctly for IPv6 addresses
openssl: do not set SSL_MODE_RELEASE_BUFFERS
openssl: revert keylog_callback support for LibreSSL
OS400: fix shellcheck warnings in scripts
projects: drop MSVC project files for recent versions
pytest: add DELETE tests, check server version
pytest: fixes for recent python, add FTP tests
quic: fixup duplicate static function name (for cmake unity)
quiche: expire all active transfers on connection close
quiche: trust its timeout handling
RELEASE-PROCEDURE: mention an initial working build
request: make Curl_req_init return void
request: paused upload on completed download, assess connection
reuse: add copyright + license info to individual docs/*.md files
ROADMAP: remove completed entries, mention websocket
rustls: fix handshake done handling
rustls: fix partial send handling
rustls: remove incorrect SSLSUPP_TLS13_CIPHERSUITES flag
rustsls: fix error code on receive
sendf: fix two typos in comments
sendf: useless assignment in cr_lc_read()
setopt: acknowledge errors proper for CURLOPT_COOKIEJAR
setopt: make the setstropt_userpwd args compulsory
setopt: remove check for 'option' that is always true
setopt: warn on Curl_set*opt() uses not using the return value
smtp: result of Curl_bufq_cread was not used
socket: remove redundant call to getsockname
socketpair: fix compilation when USE_UNIX_SOCKETS is not defined
src: tidy up types, add necessary casts
telnet: check return code from fileno()
tests/http: fix compiler warning
tests: add -q as first option when invoking curl for tests
tests: check caddy server version to match test expectations
tests: enable test 1117 for hyper
tests: fix feature case in test1481
tests: fix test 1167 to skip digit-only symbols
tests: make the unit test result type `CURLcode`
tests: Mark tftpd timer function as noreturn
tests: tidy up types in server code
tls: fix SecureTransport + BearSSL cmake unity builds
tls: remove EXAMPLEs from deprecated options
tls: use shared init code for TCP+QUIC
tool: move tool_ftruncate64 to tool_util.c
tool_cb_rea: limit rate unpause for -T . uploads
tool_cfgable: free {proxy_}cipher13_list on exit
tool_getparam: output warning for leading unicode quote character
tool_getparam: remove two redundant conditions
tool_operate: don't truncate the etag save file by default
tool_operate: init vars unconditionally in post_per_transfer
tool_paramhlp: remove duplicate assign
tool_xattr: "guess" URL scheme if none is provided
tool_xattr: in debug builds, act normally if CURL_FAKE_XATTR is not set
transfer: remove useless assignment
url: do not URL decode proxy crendentials
url: fix use of an uninitialized variable
url: make parse_login_details use memdup0
url: remove duplicate call to Curl_conncache_remove_conn when pruning
urlapi: allow setting port number zero
urlapi: fix relative redirects to fragment-only
urldata: remove fields not used depending on used features
vauth: make two functions void that always just returned OK
version: use msnprintf instead of strncpy
vquic-tls: use correct cert name check API for wolfSSL
vquic: use CURL_FORMAT_CURL_OFF_T for 64 bit printf output
vtls: TLS session storage overhaul
wakeup_create: use FD_CLOEXEC/SOCK_CLOEXEC
warnless: delete orphan declarations
websocket: avoid memory leak in error path
winbuild: add ENABLE_WEBSOCKETS option
winbuild: use $(RC) correctly
wolfssl: plug memory leak in wolfssl_connect_step2()
x509asn1: return error on missing OID
*: recursive bump for gnutls p11-kit option (existing installations need the bl3.mk included, but it's now only optionally included)
curl: update to 8.5.0 Security fix release.
*: recursive bump for icu 74.1
*: bump for openssl 3
curl libcurl-gnutls: updated to 8.3.0
Fixed in 8.3.0 - September 13 2023
Changes:
curl: make %output{} in -w specify a file to write to
gskit: remove
lib: --disable-bindlocal builds curl without local binding support
nss: remove support for this TLS library
tool: add "variable" support
trace: make tracing available in non-debug builds
url: change default value for CURLOPT_MAXREDIRS to 30
urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name
wolfssl: support loading system CA certificates
Bugfixes:
altsvc: accept and parse IPv6 addresses in response headers
asyn-ares: reduce timeout to 2000ms
aws-sigv4: canonicalize the query
aws-sigv4: fix having date header twice in some cases
aws-sigv4: handle no-value user header entries
bearssl: don't load CA certs when peer verification is disabled
bearssl: handshake fix, provide proper get_select_socks() implementation
build: fix portability of mancheck and checksrc targets
build: streamline non-UWP wincrypt detections
c-hyper: adjust the hyper to curlcode conversion
c-hyper: fix memory leaks in `Curl_http`
cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the *source* IP
cf-socket: log successful interface bind
CI/cirrus: disable python install on FreeBSD
CI: add a 32-bit i686 Linux build
CI: add caching to many jobs
CI: move on to ngtcp2 v0.19.1
CI: move the Alpine build from Cirrus to GHA
CI: ngtcp2-linux: use separate caches for tls libraries
CI: remove Windows builds from Cirrus, without replacement
CI: switch macOS ARM build from Cirrus to Circle CI
CI: use master again for wolfssl
cirrus: install everthing with pkg, avoid pip
cmake: add GnuTLS option
cmake: add support for `CURL_DEFAULT_SSL_BACKEND`
cmake: add support for single libcurl compilation pass
cmake: allow `SHARE_LIB_OBJECT=ON` on all platforms
cmake: assume `wldap32` availability on Windows
cmake: cache more config and delete unused ones
cmake: detect `SSL_set0_wbio` in OpenSSL
cmake: drop `HAVE_LIBWINMM` and `HAVE_LIBWS2_32` feature checks
cmake: fix to use variable for the curl namespace
cmake: fixup H2 duplicate symbols for unity builds
cmake: set SIZEOF_LONG_LONG in curl_config.h
cmake: support building static and shared libcurl in one go
cmdline-docs: make sure to phrase it as "added in ...."
cmdline-docs: use present tense, not future
cmdline-opts/docs: mention the negative option part
cmdline-opts/page-header: clarify stronger that !opt == URL
cmdline-opts/page-header: reorder, clean up
configure, cmake, lib: more form api deprecation
configure: fix `HAVE_TIME_T_UNSIGNED` check
configure: trust pkg-config when it's used for zlib
configure: use the pkg-config --libs-only-l flag for libssh2
connect: stop halving the remaining timeout when less than 600 ms left
cookie-jar.d: emphasize that this option is ONLY writing cookies
crypto: ensure crypto initialization works
curl_url_get/set.3: add missing semicolon in SYNOPSIS
CURLINFO_CERTINFO.3: better explain curl_certinfo struct
CURLINFO_TLS_SSL_PTR.3: clarify a recommendation
CURLOPT_*TIMEOUT*: extend and clarify
CURLOPT_SSL_VERIFYPEER.3: mention it does not load CA certs when disabled
CURLOPT_URL.3: add two URL API calls in the see-also section
CURLOPT_URL.3: explain curl_url_set() uses the same parser
digest: Use hostname to generate spn instead of realm
disable.d: explain --disable not implemented prior to 7.50.0
docs/cmdline-opts/gen.pl: hide "added in" before 7.50.0
docs/cmdline-opts: match the current output
docs/cmdline-opts: spellfixes, typos and polish
docs/cmdline: add small "warning" to verbose options
docs/cmdline: remove repeated working for negotiate + ntlm
docs/HYPER.md: document a workaround for a link error
docs: add curl_global_trace to some SEE ALSO sections
docs: link to the website versions instead of markdowns
docs: mark --ssl-revoke-best-effort as Schannel specific
docs: mention critical files in same directories as curl saves
docs: removing "pausing transfers" from HYPER.md.
docs: rewrite to present tense
easy: remove #ifdefs to make code easier on the eye
egd: delete feature detection and related source code
ftp: fix temp write of ipv6 address
gen.pl: escape all dashes (ascii minus) to avoid unicode hyphens
gen.pl: replace all single quotes with aq
GHA: adding quiche workflow
headers: accept leading whitespaces on first response header
http2: avoid too early connection re-use/multiplexing
http2: cleanup trace messages
http2: disable asssertion blocking OSSFuzz testing
http2: fix in h2 proxy tunnel: progress in ingress on sending
http2: polish things around POST
http2: upgrade tests and add fix for non-existing stream
http3/ngtcp2: shorten handshake, trace cleanup
http3: quiche, handshake optimization, trace cleanup
http: close the connection after a late 417 is received
http: do not require a user name when using CURLAUTH_NEGOTIATE
http: fix sending of large requests
http: remove the p_pragma struct field
http: return error when receiving too large header set
hyper: fix a progress upload counter bug
hyper: fix ownership problems
hyper: remove `hyptransfer->endtask`
imap: add a check for failing strdup()
imap: remove the only sscanf() call in the IMAP code
include.d: explain headers not printed with --fail before 7.75.0
include/curl/mprintf.h: add __attribute__ for the prototypes
krb5: fix "implicit conversion loses integer precision" warnings
lib: add ability to disable auths individually
lib: build fixups when built with most things disabled
lib: fix a few *printf() flag mistakes
lib: fix null ptr derefs and uninitialized vars (h2/h3)
lib: move mimepost data from ->req.p.http to ->state
libtest: use curl_free() to free libcurl allocated data
list-only.d: mention SFTP as supported protocol
macOS: fix target detection more
misc: fix various typos
multi.h: the 'revents' field of curl_waitfd is supported
multi: more efficient pollfd count for poll
multi: remove 'processing: <url>' debug message
ngtcp2: fix handling of large requests
openssl: auto-detect `SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED`
openssl: clear error queue after SSL_shutdown
openssl: make aws-lc version support OCSP
openssl: Support async cert verify callback
openssl: switch to modern init for LibreSSL 2.7.0+
openssl: use `SSL_CTX_set_ciphersuites` with LibreSSL 3.4.1
openssl: use `SSL_CTX_set_keylog_callback` with LibreSSL 3.5.0
openssl: when CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before
os400: build test servers
os400: do not check translatable options at build time
os400: implement CLI tool
page-footer: QLOGDIR works with ngtcp2 and quiche
page-header: move up a URL paragraph from GLOBBING to URL
pytest: fix check for slow_network skips to only apply when intended
quic: don't set SNI if hostname is an IP address
quiche: adjust quiche `QUIC_IDLE_TIMEOUT` to 60s
quiche: enable quiche to handle timeout events
resolve: use PF_INET6 family lookups when CURL_IPRESOLVE_V6 is set
revert "schannel: reverse the order of certinfo insertions"
schannel: fix ordering of cert chain info
schannel: fix user-set legacy algorithms in Windows 10 & 11
schannel: verify hostname independent of verify cert
sectransp: fix compiler warnings
sectransp: prevent CFRelease() of NULL
secureserver.pl: fix stunnel path quoting
secureserver.pl: fix stunnel version parsing
SECURITY-PROCESS.md: not a sec issue: Tricking user to run a cmdline
system.h: add CURL_OFF_T definitions on HP-UX with HP aCC
test1304: build and skip without netrc support
test1554: check translatable string options in OS400 wrapper
test1608: make it build and get skipped without shuffle DNS support
test687/688: two more basic --xattr tests
tests/tftpd+mqttd: make variables static to silence picky warnings
tests: add 'large-time' as a testable feature
tests: add support for nested %if conditions
tests: don't call HTTP errors OK in test cases
tests: ensure `libcurl.def` contains all exports
tests: fix h3 server check and parallel instances
tests: TLS session sharing test
tests: update cookie expiry dates to far in the future
time-cond.d: mention what happens on a missing file
tool: avoid including leading spaces in the Location hyperlink
tool: change some fopen failures from warnings to errors
tool: make the length argument an int for printf()-.* flags
tool_cb_wrt: fix invalid unicode for windows console
tool_filetime: make -z work with file dates before 1970
tool_operate: allow both SSL_CERT_FILE and SSL_CERT_DIR
tool_operate: make aws-sigv4 not require TLS to be used
tool_paramhlp: improve str2num(): avoid unnecessary call to strlen()
tool_urlglob: use the correct format specifier for curl_off_t in msnprintf
transfer: also stop the sending on closed connection
transfer: don't set TIMER_STARTTRANSFER on first send
unit2600: fix build warning if built without verbose messages
url: remove infof() output for "still name resolving"
urlapi: fix heap buffer overflow
urlapi: make sure zoneid is also duplicated in curl_url_dup
urlapi: return CURLUE_BAD_HOSTNAME if puny2idn encoding fails
urlapi: setting a blank URL ("") is not an ok URL
vquic: show stringified messages for errno
vtls: clarify "ALPN: offers" message
winbuild: improve check for static zlib
wolfSSL: avoid the OpenSSL compat API when not needed
workflows/macos.yml: disable zstd and alt-svc in the http-only build
write-out.d: clarify %{time_starttransfer}
ws: fix spelling mistakes in examples and tests
*: recursive bump for Python 3.11 as new default
curl: create Makefile.common, to be used by curl and libcurl-gnutls
curl: updated to 8.1.2 curl and libcurl 8.1.2 This release includes the following bugfixes: o configure: quote the assignments for run-compiler [1] o configure: without pkg-config and no custom path, use -lnghttp2 [8] o curl: cache the --trace-time value for a second [9] o http2: fix EOF handling on uploads with auth negotiation [7] o http3: send EOF indicator early as possible [11] o lib1560: verify more scheme guessing [5] o lib: remove unused functions, make single-use static [3] o libcurl.m4: remove trailing 'dnl' that causes this to break autoconf [10] o libssh: when keyboard-interactive auth fails, try password [4] o misc: fix spelling mistakes [2] o page-header: mention curl version and how to figure out current release [13] o page-header: minor wording polish in the URL segment [12] o scripts/singleuse.pl: add more API calls o urlapi: remove superfluous host name check [6]
curl: updated to 8.1.1 curl and libcurl 8.1.1 This release includes the following bugfixes: o cf-socket: completely remove the disabled USE_RECV_BEFORE_SEND_WORKAROUND [12] o checksrc: disallow spaces before labels [16] o cmake: avoid `list(PREPEND)` for compatibility [24] o cmake: repair cross compiling [10] o configure: fix --help alignment [9] o configure: generate a script to run the compiler [11] o curl_easy_getinfo: clarify on return data types [15] o docs: document that curl_url_cleanup(NULL) is a safe no-op [4] o hostip: move easy_lock.h include above curl_memory.h [14] o http2: double http request parser max line length [8] o http2: increase stream window size to 10 MB [22] o http2: upload improvements [21] o lib: fix conversion warnings with gcc on macOS o lib: rename struct 'http_req' to 'httpreq' [23] o ngtcp2: fix compiler warning about possible null-deref [3] o ngtcp2: proper handling of uint64_t when adjusting send buffer [1] o os400: update chkstrings.c [2] o runtests: handle interrupted reads from IPC pipes o runtests: use the correct fd after select [20] o sectransp.c: make the code c89 compatible [17] o select: avoid returning an error on EINTR from select() or poll() [5] o test425: fix the log directory for the upload o url: provide better error message when URLs fail to parse [18] o urlapi: allow numerical parts in the host name [7] o vquic.c: make recvfrom_packets static, avoid compiler warning [6]
curl: update to 8.1.0. This release includes the following changes: o curl: add --proxy-http2 [62] o CURLPROXY_HTTPS2: for HTTPS proxy that may speak HTTP/2 [57] o hostip: refuse to resolve the .onion TLD [19] o tool_writeout: add URL component variables [41] This release includes the following bugfixes: o amiga: Fix CA certificate paths for AmiSSL and MorphOS [150] o autotools: sync up clang picky warnings with cmake [114] o aws-sigv4.d: fix region identifier in example [168] o bufq: simplify since expression is always true [72] o cf-h1-proxy: skip an extra NULL assign [80] o cf-h2-proxy: fix processing ingress to stop too early [76] o cf-socket: add socket recv buffering for most tcp cases [90] o cf-socket: Disable socket receive buffer by default [75] o cf-socket: remove dead code discovered by PVS [82] o cf-socket: turn off IPV6_V6ONLY on Windows if it is supported [123] o checksrc: check for spaces before the colon of switch labels [160] o checksrc: find bad indentation in conditions without open brace [152] o checksrc: fix SPACEBEFOREPAREN for conditions starting with "*" [115] o ci: `-Wno-vla` no longer necessary [158] o CI: fix brew retries on GHA o CI: Set minimal permissions on workflow ngtcp2-quictls.yml [153] o CI: skip Azure for commits which change only GHA o CI: use another glob syntax for matching files on Appveyor o cmake: bring in the network library on Haiku [9] o cmake: do not add zlib headers for openssl [49] o CMake: make config version 8 compatible with 7 [28] o cmake: picky-linker fixes for openssl, ZLIB, H3 and more [31] o cmake: set SONAME for SunOS too [3] o cmake: speed up and extend picky clang/gcc options [116] o CMakeLists.txt: fix typo for Haiku detection [95] o compressed.d: clarify the words on "not notifying headers" [163] o config-dos.h: fix SIZEOF_CURL_OFF_T for MS-DOS/DJGPP [52] o configure: don't set HAVE_WRITABLE_ARGV on Windows [64] o configure: fix detection of apxs (for httpd) [157] o configure: make quiche require quiche_conn_send_ack_eliciting [46] o connect: fix https connection setup to treat ssl_mode correctly [94] o content_encoding: only do transfer-encoding compression if asked to [61] o cookie: address PVS nits [74] o cookie: clarify that init with data set to NULL reads no file [99] o curl: do NOT append file name to path for upload when there's a query [58] o curl_easy_getinfo.3: typo fix (duplicated "from the") [43] o curl_easy_unescape.3: rename the argument [113] o curl_path: bring back support for SFTP path ending in /~ [130] o curl_url_set.3: mention that users can set content rather freely [105] o CURLOPT_IPRESOLVE.3: this for host names, not IP addresses [165] o data.d: emphasize no conversion [5] o digest: clear target buffer [8] o doc: curl_mime_init() strong easy binding was relaxed in 7.87.0 [26] o docs/cmdline-opts: document the dotless config path [1] o docs/examples/protofeats.c: outputs all protocols and features [110] o docs/libcurl/curl_*escape.3: rename "url" argument to "input"/"string" [131] o docs/SECURITY-ADVISORY.md: how to write a curl security advisory [128] o docs: bump the minimum perl version to 5.6 o docs: clarify that more backends have HTTPS proxy support [127] o dynbuf: never allocate larger than "toobig" [17] o easy_cleanup: require a "good" handle to act [149] o ftp: fix 'portsock' variable was assigned the same value [78] o ftp: remove dead code [79] o ftplistparser: move out private data from public struct [20] o ftplistparser: replace realloc with dynbuf [18] o gen.pl: error on duplicated See-Also fields [102] o getpart: better handle case of file not found o GHA-linux: add an address-sanitizer build [15] o GHA: add a memory-sanitizer job [2] o GHA: run all linux test jobs with valgrind [14] o GHA: suppress git clone output [89] o GIT-INFO: add --with-openssl [171] o gskit: various compile errors in OS400 [12] o h2/h3: replace `state.drain` counter with `state.dselect_bits` [141] o hash: fix assigning same value [73] o headers: clear (possibly) lingering pointer in init [167] o hostcheck: fix host name wildcard checking [134] o hostip: add locks around use of global buffer for alarm() [129] o hostip: enforce a maximum DNS cache size independent of timeout value [166] o HTTP-COOKIES.md: mention the #HttpOnly_ prefix [16] o http2: always EXPIRE_RUN_NOW unpaused http/2 transfers [139] o http2: do flow window accounting for cancelled streams [155] o http2: enlarge the connection window [101] o http2: flow control and buffer improvements [54] o http2: move HTTP/2 stream vars into local context [67] o http2: pass `stream` to http2_handle_stream_close to avoid NULL checks [140] o http2: remove unused Curl_http2_strerror function declaration [108] o HTTP3/quiche: terminate h1 response header when no body is sent [112] o http3: check stream_ctx more thoroughly in all backends [77] o HTTP3: document the ngtcp2/nghttp3 versions to use for building curl [143] o http3: expire unpaused transfers in all HTTP/3 backends [138] o http3: improvements across backends [51] o http: free the url before storing a new copy [162] o http: skip a double NULL assign [83] o ipv4.d/ipv6.d: they are "mutex", not "boolean" [122] o KNOWN_BUGS: remove fixed or outdated issues, move non-bugs [65] o lib/cmake: add HAVE_WRITABLE_ARGV check [63] o lib/sha256.c: typo fix in comment (duplicated "is available") [40] o lib1560: verify that more bad host names are rejected [104] o lib: add `bufq` and `dynhds` [34] o lib: remove CURLX_NO_MEMORY_CALLBACKS [55] o lib: unify the upload/method handling [144] o lib: use correct printf flags for sockets and timediffs [36] o libssh2: fix crash in keyboard callback [126] o libssh2: free fingerprint better [164] o libssh: tell it to use SFTP non-blocking [59] o man pages: simplify the .TH sections [133] o MANUAL.md: add dict example for looking up a single definition [132] o md(4|5): don't use deprecated iOS functions [21] o md4: only build when used [68] o mime: skip NULL assigns after Curl_safefree() [84] o multi: add handle asserts in DEBUG builds [11] o multi: add multi-ignore logic to multi_socket_action [154] o multi: free up more data earleier in DONE [118] o multi: remove a few superfluous assigns [97] o multi: remove PENDING + MSGSENT handles from the main linked list [23] o ngtcp2: adapted to 0.15.0 [151] o ngtcp2: adjust config and code checks for ngtcp2 without nghttp3 [4] o noproxy: pointer to local array 'hostip' is stored outside scope [93] o ntlm: clear lm and nt response buffers before use [7] o openssl: interop with AWS-LC [30] o OS400: fix and complete ILE/RPG binding [96] o OS400: implement EBCDIC support for recent features [100] o OS400: improve vararg emulation [92] o OS400: provide ILE/RPG usage examples [81] o pingpong: fix compiler warning "assigning an enum to unsigned char" [156] o pytest: improvements for suitable curl and error output [35] o quiche: disable pacing while pacing is not actually performed [148] o quiche: Enable IDLE egress handling [109] o RELEASE-PROCEDURE: update to new schedule [25] o rtsp: convert mallocs to dynbuf for RTP buffering [37] o rtsp: skip malformed RTSP interleaved frame data [33] o rtsp: skip NULL assigns after Curl_safefree() [85] o runtests: die if curl version can be found [10] o runtests: don't start servers if -l is given o runtests: fix -c option when run with valgrind [145] o runtests: fix quoting in Appveyor and Azure test integration [117] o runtests: lots of refactoring o runtests: refactor into more packages [60] o runtests: show error message if file can't be written o runtests: spawn a new process for the test runner [146] o rustls: fix error in recv handling [50] o schannel: add clarifying comment [98] o server/getpart: clear target buffer before load [6] o smb: remove double assign [86] o smbserver: remove temporary files before exit [135] o socketpair: verify with a random value [142] o ssh: Add support for libssh2 read timeout [170] o telnet: simplify the implementation of str_is_nonascii() [42] o test1169: fix so it works properly everywhere [106] o test1592: add flaky keyword [39] o test1960: point to the correct path for the precheck tool o test303: kill server after test o tests/http: add timeout to running curl in test cases [24] o tests/http: fix log formatting on wrong exit code [27] o tests/http: fix out-of-tree builds [121] o tests/http: improved httpd detection [45] o tests/http: more tests with specific clients [125] o tests/http: relax connection check in test_07_02 [53] o tests/keywords.pl: remove [111] o tests/libtest/lib1900.c: remove o tests/sshserver.pl: Define AddressFamily earlier [103] o tests: 1078 1288 1297 use valid IPv4 addresses o tests: document that the unittest keyword is special o tests: increase sws timeout for more robust testing [66] o tests: log a too-long Unix socket path in sws and socksd o tests: make test_12_01 a bit more forgiving on connection counts o tests: move pidfiles and portfiles under the log directory [48] o tests: move server config files under the pid dir [47] o tests: silence some Perl::Critic warnings in test suite [56] o tests: stop using strndup(), which isn't portable o tests: switch to 3-argument open in test suite o tests: turn perl modules into full packages o tests: use %LOGDIR to refer to the log directory o tool_cb_hdr: Fix 'Location:' formatting for early VTE terminals [147] o tool_operate: pass a long as CURLOPT_HEADEROPT argument [13] o tool_operate: refuse (--data or --form) and --continue-at combo [119] o transfer: refuse POSTFIELDS + RESUME_FROM combo [120] o transfer: skip extra assign [87] o url: fix null dispname for --connect-to option [161] o url: fix PVS nits [71] o url: remove call to Curl_llist_destroy in Curl_close [22] o urlapi: cleanups and improvements [91] o urlapi: detect and error on illegal IPv4 addresses [70] o urlapi: prevent setting invalid schemes with *url_set() [107] o urlapi: skip a pointless assign [88] o urlapi: URL encoding for the URL missed the fragment [29] o urldata: copy CURLOPT_AWS_SIGV4 value on handle duplication [137] o urldata: shrink *select_bits int => unsigned char [124] o vlts: use full buffer size when receiving data if possible [32] o vtls and h2 improvements [69] o Websocket: enhanced en-/decoding [136] o wolfssl.yml: bump to version 5.6.0 [44] o write-out.d: Use response_code in example [159] o ws: handle reads before EAGAIN better [38]
revbump after textproc/icu update
curl: Update to 8.0.1 Changes: 8.0.1 ----- o Revert "multi: remove PENDING + MSGSENT handles" This is a bugfix release only with that change and pretty critical regression that should be okay during the freeze. Thanks to bch for privately pinging and sharing that!
curl: update to 8.0.0. Exactly one month since the previous release, we are happy to give you curl 8.0.0 released on curl’s official 25th birthday. This a major version number bump but without any ground-breaking changes or fireworks. We decided it was about time to reset the minor number down to more a manageable level and doing it exactly on curl’s 25th birthday made it extra fun. There is no API nor ABI break in this version. We disclose six new vulnerabilities today, five of them at severity Low and one of them at Medium. CVE-2023-27533: TELNET option IAC injection CVE-2023-27534: SFTP path ~ resolving discrepancy CVE-2023-27535: FTP too eager connection reuse CVE-2023-27536: GSS delegation too eager connection re-use CVE-2023-27537: HSTS double-free CVE-2023-27538: SSH connection too eager reuse still
curl: updated to 7.88.1 Fixed in 7.88.1 - February 20 2023 Bugfixes: build-openssl.bat: keep OpenSSL 3 engine binaries cmake: fix Windows check for CryptAcquireContext connnect: fix timeout handling to use full duration curl: make --silent work stand-alone curl_setup: Suppress OpenSSL 3 deprecation warnings CURLOPT_WS_OPTIONS.3: fix the availability version GHA: update rustls dependency to 0.9.2 http2: buffer/pausedata and output flush fix. http2: set drain on stream end http: include stdint.h more readily krb5: silence cast-align warning lib1560: add IPv6 canonicalization tests os400: correct Curl_os400_sendto() remote-header-name.d: mention that filename* is not supported runtests: fix "uninitialized value $port" setopt: allow HTTP3 when HTTP2 is not defined socketpair: allow EWOULDBLOCK when reading the pair check bytes socks: allow using DoH to resolve host names tests-httpd: add proxy tests tests: make sure gnuserv-tls has SRP support before using it tests: make the telnet server shut down a socket gracefully tool_getparam: make --get a true boolean tool_operate: allow debug builds to set buffersize urlapi: do the port number extraction without using sscanf() urldata: remove `now` from struct SingleRequest - not needed
curl: update to 7.88.0.
curl and libcurl 7.87.1
This release includes the following changes:
o curl.h: add CURL_HTTP_VERSION_3ONLY [82]
o share: add sharing of HSTS cache among handles [7]
o src: add --http3-only [81]
o tool_operate: share HSTS between handles
o urlapi: add CURLU_PUNYCODE [25]
o writeout: add %{certs} and %{num_certs} [33]
This release includes the following bugfixes:
o cf-socket: fix build when not HAVE_GETPEERNAME [89]
o cf-socket: keep sockaddr local in the socket filters [69]
o cfilters:Curl_conn_get_select_socks: use the first non-connected filter [24]
o CI: add a workflow to automatically label pull requests [102]
o CI: add pytest GHA to CI test/tests-httpd on a HTTP/3 setup [109]
o CI: Retry failed downloads to reduce spurious failures
o CI: update wolfssl / wolfssh to 5.5.4 / 1.4.12 [167]
o cmake: bump requirement to 3.7 [23]
o cmake: check for sendmsg [39]
o cmake: delete redundant macro definition `SECURITY_WIN32` [91]
o cmake: fix dev warning due to mismatched arg [160]
o cmake: fix the snprintf detection [5]
o cmake: remove deprecated symbols check [96]
o cmake: set SOVERSION also for macOS [68]
o cmake: use list APPEND syntax for CMAKE_REQUIRED_DEFINITIONS [94]
o cmdline-opts/Makefile: on error, do not leave a partial [163]
o CODEOWNERS: remove the peeps mentioned as CI owners [128]
o connect: fix access of pointer before NULL check [83]
o connect: fix build when not ENABLE_IPV6 [88]
o connect: fix strategy testing for attempts, timeouts and happy-eyeball [110]
o connections: introduce http/3 happy eyeballs [127]
o content_encoding: do not reset stage counter for each header [170]
o CONTRIBUTE: More formally specify the commit description [158]
o cookies: fp is always not NULL [104]
o copyright.pl: cease doing year verifications [74]
o copyright: update all copyright lines and remove year ranges [35]
o curl.1: make help, version and manual sections "custom" [165]
o curl.h: allow up to 10M buffer size [76]
o curl.h: mark CURLSSLBACKEND_MESALINK as deprecated [52]
o curl/websockets.h: extend the websocket frame struct
o curl: output warning at --verbose output for debug-enabled version [80]
o curl_free.3: fix return type of `curl_free` [113]
o curl_global_sslset.3: clarify the openssl situation [53]
o curl_log: for failf/infof and debug logging implementations [87]
o curl_setup: Disable by default recv-before-send in Windows [154]
o curl_version_info.3: fix typo [100]
o curl_ws_send.3: clarify how to send multi-frame messages
o CURLOPT_HEADERDATA.3: warn DLL users must set write function [45]
o CURLOPT_READFUNCTION.3: the callback 'size' arg is always 1 [73]
o CURLOPT_WRITEFUNCTION.3: fix memory leak in example [122]
o dict: URL decode the entire path always [120]
o docs/DEPRECATE.md: deprecate gskit [36]
o docs: add link to GitHub Discussions [49]
o docs: mention indirect effects of --insecure [19]
o docs: POSTFIELDSIZE must be set to -1 with read function [97]
o doh: ifdef IPv6 code [123]
o easyoptions: fix header printing in generation script [84]
o escape: hex decode with a lookup-table [107]
o escape: use table lookup when adding %-codes to output [105]
o examples: remove the curlgtk.c example [48]
o fopen: remove unnecessary assignment [111]
o ftpserver: lower the DATA connect timeout to speed up torture tests [27]
o GHA/macos.yml: bump to gcc-12 [106]
o GHA/macos: use Xcode_14.0.1 for cmake builds [132]
o GHA: add job on Slackware 15.0 [58]
o GHA: bump ngtcp2 workflow dependencies [169]
o GHA: enable websockets in the torture job [148]
o GHA: move the quiche job here from zuul [75]
o GHA: use designated ngtcp2 and its dependencies versions [77]
o haxproxy: send before TLS handhshake [34]
o header.d: add a header file example [149]
o hsts.d: explain hsts more [78]
o hsts: handle adding the same host name again
o HTTP/[23]: continue upload when state.drain is set [150]
o http2: aggregate small SETTINGS/PRIO/WIN_UPDATE frames [155]
o http2: fix compiler warning due to uninitialized variable
o http2: minor buffer and error path fixes [151]
o http2: when using printf %.*s, the length arg must be 'int' [41]
o HTTP3: mention what needs to be in place to remove EXPERIMENTAL label [31]
o http: add additional condition for including stdint.h [54]
o http: decode transfer encoding first [51]
o http: fix "part of conditional expression is always false" [125]
o http: remove the trace message "Mark bundle... multiuse" [6]
o http_aws_sigv4: remove typecasts from HMAC_SHA256 macro [121]
o http_proxy: do not assign data->req.p.http use local copy [59]
o INSTALL: document how to use multiple TLS backends [103]
o lib670: make test.h the first include [56]
o lib: connect/h2/h3 refactor [57]
o lib: fix typos [99]
o lib: fix typos in comments which repeat a word [67]
o libssh2: try sha2 algos for hostkey methods [2]
o libtest: add a sleep macro for Windows [115]
o Linux CI: update some dependecies to latest tag [44]
o Makefile.mk: fix wolfssl and mbedtls default paths [21]
o man pages: call the custom user pointer 'clientp' consistently [135]
o md4: fix build with GnuTLS + OpenSSL v1 [12]
o misc: fix grammar and spelling [14]
o misc: fix spelling [134]
o misc: reduce struct and struct field sizes [65]
o msh3: add support for request payload [28]
o msh3: update to v0.5 Release [17]
o msh3: update to v0.6 [60]
o multi: stop sending empty HTTP/3 UDP datagrams on Windows [136]
o multihandle: turn bool struct fields into bits [26]
o ngtcp2: add CURLOPT_SSL_CTX_FUNCTION support for openssl+wolfssl [62]
o ngtcp2: fix the build without 'sendmsg' [38]
o ngtcp2: replace removed define and stop using removed function [164]
o no-clobber.d: only use long form options in man page text [145]
o noproxy: support for space-separated names is deprecated [66]
o nss: implement data_pending method [43]
o openldap: fix missing sasl symbols at build in specific configs [152]
o openssl: adapt to boringssl's error code type [118]
o openssl: don't ignore CA paths when using Windows CA store (redux) [101]
o openssl: don't log raw record headers [93]
o openssl: make the BIO_METHOD a local variable in the connection filter [79]
o openssl: only use CA_BLOB if verifying peer [112]
o openssl: remove attached easy handles from SSL instances [29]
o openssl: store the CA after first send (ClientHello) [156]
o os400: fixes to make-lib.sh and initscript.sh [71]
o packages: remove Android, update README [108]
o release-notes.pl: check fixes/closes lines better
o Revert "x509asn1: avoid freeing unallocated pointers" [37]
o runtest.pl: add expected fourth return value [40]
o runtests: tear down http2/http3 servers when https server is stopped [8]
o runtests: consider warnings fatal and error on them [32]
o runtests: fix detection of TLS backends [50]
o runtests: make 'mbedtls' a testable feature
o rustls: improve error messages [162]
o scripts/delta: show percent of number of files changed since last tag
o scripts: fix Appveyor job detection in cijobs.pl
o scripts: set file mode +x on all perl and shell scripts [63]
o sectransp: fix for incomplete read/writes [61]
o SECURITY-PROCESS.md: document severity levels [20]
o setopt: Address undefined behaviour by checking for null [161]
o setopt: move the SHA256 opt within #ifdef libssh2 [42]
o setopt: use >, not >=, when checking if uarg is larger than uint-max [140]
o smb: return error on upload without size [142]
o socketpair: allow localhost MITM sniffers [30]
o strdup: name it Curl_strdup [16]
o system.h: assume OS400 is always built with ILEC compiler [95]
o test1560: use a UTF8-using locale when run [46]
o test2304: remove stdout verification
o tests-httpd: basic infra to run curl against an apache httpd [72]
o tests: add 3 new HTTP/2 test cases, plus https: support for nghttpx [9]
o tests: add tests for HTTP/2 and HTTP/3 to verify the header API [166]
o tests: avoid use of sha1 in certificates [4]
o tls: fixes for wolfssl + openssl combo builds [133]
o tool_getparam: fix hiding of command line secrets [85]
o tool_operate: fix `CURLOPT_SOCKS5_GSSAPI_NEC` type [1]
o tool_operate: fix error codes during DOS filename sanitize [138]
o tool_operate: fix error codes on bad URL & OOM [139]
o tool_operate: fix headerfile writing [64]
o tool_operate: repair --rate [119]
o transfer: break the read loop when RECV is cleared [22]
o typecheck: accept expressions for option/info parameters [3]
o url: fix part of conditional expression is always true [147]
o urlapi: avoid Curl_dyn_addf() for hex outputs [130]
o urlapi: fix part of conditional expression is always true: qlen [146]
o urlapi: skip path checks if path is just "/" [131]
o urlapi: skip the extra dedotdot alloc if no dot in path [126]
o urldata: cease storing TLS auth type [55]
o urldata: make 'ftp_create_missing_dirs' depend on FTP || SFTP [13]
o urldata: make set.http200aliases conditional on HTTP being present [11]
o urldata: move the cookefilelist to the 'set' struct [15]
o urldata: remove unused struct fields, made more conditional [10]
o vquic: stabilization and improvements [141]
o vtls: fix hostname handling in filters [98]
o vtls: manage current easy handle in nested cfilter calls [90]
o vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used
o winbuild: document that arm64 is supported [92]
o windows: always use curl's basename() implementation [157]
o wolfssl: remove deprecated post-quantum algorithms [124]
o workflows/linux.yml: merge 3 common packages [18]
o write-out.d: add 'since version' to %{header_json} documentation [129]
o write-out.d: clarify Windows % symbol escaping [86]
o ws: fix autoping handling [70]
o ws: fix multiframe send handling [143]
o ws: fix recv of larger frames [144]
o ws: remove bad assert [117]
o ws: unstick connect-only shutdown [116]
o ws: use %Ou for outputting curl_off_t with info() [153]
o x509asn1: fix compile errors and warnings [47]
o zuul: stop using this CI service [114]
curl: update to 7.87.0.
Security fix release.
curl and libcurl 7.87.0
Public curl releases: 212
Command line options: 249
curl_easy_setopt() options: 302
Public functions in libcurl: 91
Contributors: 2771
This release includes the following changes:
o curl: add --url-query [52]
o CURLOPT_QUICK_EXIT: don't wait for DNS thread on exit [75]
o lib: add CURL_WRITEFUNC_ERROR to signal write callback error [47]
o openssl: reduce CA certificate bundle reparsing by caching [11]
o version: add a feature names array to curl_version_info_data [67]
This release includes the following bugfixes:
o altsvc: fix rejection of negative port numbers [144]
o aws_sigv4: consult x-%s-content-sha256 for payload hash [102]
o aws_sigv4: fix typos in aws_sigv4.c [101]
o base64: better alloc size [124]
o base64: encode without using snprintf [123]
o base64: faster base64 decoding [120]
o build: assume assert.h is always available [111]
o build: assume errno.h is always available [110]
o c-hyper: CONNECT respones are not server responses [137]
o c-hyper: fix multi-request mechanism [115]
o CI: Change FreeBSD image from 12.3 to 12.4 [108]
o CI: LGTM.com will be shut down in December 2022 [112]
o ci: Remove zuul fuzzing job as it's superseded by CIFuzz
o cmake: check for cross-compile, not for toolchain [54]
o CMake: fix build with `CURL_USE_GSSAPI` [78]
o cmake: really enable warnings with clang [25]
o cmake: set the soname on the shared library [140]
o cmdline-opts/gen.pl: fix the linkifier [64]
o cmdline-opts/page-footer: remove long option nroff formatting
o config-mac: define HAVE_SYS_IOCTL_H [107]
o config-mac: fix typo: size_T -> size_t [125]
o config-mac: remove HAVE_SYS_SELECT_H [116]
o config-win32: fix SIZEOF_OFF_T for MSVC and old MinGW [41]
o configure: require fork for NTLM-WB [36]
o contributors.sh: actually use $CURLWWW instead of just setting it [129]
o cookie: compare cookie prefixes case insensitively [14]
o cookie: expire cookies at once when max-age is negative [45]
o cookie: open cookie jar as a binary file [89]
o curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS [90]
o curl-rustls.m4: on macOS, rustls also needs the Security framework [44]
o curl.h: include <sys/select.h> on SerenityOS [104]
o curl.h: name all public function parameters [118]
o curl.h: reword comment to not use deprecated option [132]
o curl: override the numeric locale and set "C" by force [60]
o curl: timeout in the read callback [15]
o curl_endian: remove Curl_write64_le from header [81]
o curl_get_line: allow last line without newline char [88]
o curl_path: do not add '/' if homedir ends with one [4]
o curl_url_get.3: remove spurious backtick [127]
o curl_url_set.3: document CURLU_DISALLOW_USER [139]
o curl_url_set.3: fix typo [148]
o CURLMOPT_SOCKETFUNCTION.3: clarify CURL_POLL_REMOVE [1]
o CURLOPT_COOKIEFILE.3: advice => advise [131]
o CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example [31]
o CURLOPT_DEBUGFUNCTION.3: emphasize that incoming data is "raw" [130]
o CURLOPT_POST.3: Explain setting to 0 changes request type [61]
o docs/curl_ws_send: Fixed typo in websocket docs [114]
o docs/EARLY-RELEASE.md: how to determine an early release [37]
o docs/examples: spell correction ('Retrieve') [119]
o docs/INSTALL.md: expand on static builds [62]
o docs/WEBSOCKET.md: explain the URL use [71]
o docs: add missing parameters for --retry flag [2]
o docs: add more "SEE ALSO" links to CA related pages [82]
o docs: explain the noproxy CIDR notation support [17]
o docs: extend the dump-header documentation [150]
o docs: remove performance note in CURLOPT_SSL_VERIFYPEER [13]
o examples/10-at-a-time: fix possible skipped final transfers [85]
o examples: update descriptions [83]
o ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH [96]
o gen.pl: do not generate CURLHELP bitmask lines > 79 characters [10]
o GHA: clarify workflows permissions, set least possible privilege [79]
o GHA: NSS use clang instead of clang-9 [103]
o gnutls: use common gnutls init and verify code for ngtcp2 [98]
o headers: add endif comments [51]
o HTTP-COOKIES.md: mention that http://localhost is a secure context [76]
o HTTP-COOKIES.md: update the 6265bis link to draft-11 [70]
o http: do not send PROXY more than once [46]
o http: fix the ::1 comparison for IPv6 localhost for cookies [155]
o http: set 'this_is_a_follow' in the Location: logic [40]
o http: use the IDN decoded name in HSTS checks [154]
o hyper: classify headers as CONNECT and 1XX [56]
o hyper: fix handling of hyper_task's when reusing the same address [33]
o idn: remove Curl_win32_ascii_to_idn [153]
o INSTALL: update operating systems and CPU archs [91]
o KNOWN_BUGS: remove eight entries [50]
o lib1560: add some basic IDN host name tests [151]
o lib: connection filters (cfilter) addition to curl: [43]
o lib: feature deprecation warnings in gcc >= 4.3 [58]
o lib: fix some type mismatches and remove unneeded typecasts [12]
o lib: parse numbers with fixed known base 10 [77]
o lib: remove bad set.opt_no_body assignments [42]
o lib: rewind BEFORE request instead of AFTER previous [65]
o lib: sync guard for Curl_getaddrinfo_ex() definition and use [6]
o lib: use size_t or int etc instead of longs [145]
o libcurl-errors.3: remove duplicate word [3]
o libssh2: return error when ssh_hostkeyfunc returns error [121]
o limit-rate.d: see also --rate
o log2changes.pl: wrap long lines at 80 columns [59]
o Makefile.mk: address minor issues [87]
o Makefile.mk: improve a GNU Make hack [122]
o Makefile.mk: portable Makefile.m32 [86]
o maketgz: set the right version in lib/libcurl.plist [53]
o mime: relax easy/mime structures binding [94]
o misc: Fix incorrect spelling [113]
o misc: remove duplicated include files [28]
o misc: typo and grammar fixes [23]
o negtelnetserver.py: have it call its close() method [68]
o netrc.d: provide mutext info [63]
o netware: remove leftover traces [80]
o noproxy: also match with adjacent comma [19]
o noproxy: guard against empty hostnames in noproxy check [136]
o noproxy: tailmatch like in 7.85.0 and earlier [35]
o nroff-scan.pl: detect double highlights
o ntlm: improve comment for encrypt_des [55]
o ntlm: silence ubsan warning about copying from null target_info pointer [69]
o openssl/mbedtls: use %d for outputing port with failf (int) [72]
o openssl: prefix errors with '[lib]/[version]: ' [105]
o os400: use platform socklen_t in Curl_getnameinfo_a [18]
o page-header: grammar improvement (display transfer rate) [126]
o proxy: refactor haproxy protocol handling as connection filter [57]
o README.md: remove badges and xmas-tree garnish [9]
o rtsp: fix RTSP auth [49]
o runtests: --no-debuginfod now disables DEBUGINFOD_URLS [100]
o runtests: do CRLF replacements per section only [97]
o scripts/checksrc.pl: detect duplicated include files [29]
o sendf: change Curl_read_plain to wrap Curl_recv_plain [48]
o sendf: remove unnecessary if condition [26]
o setup: do not require __MRC__ defined for Mac OS 9 builds [117]
o smb/telnet: do not free the protocol struct in *_done() [152]
o socks: fix username max size is 255 (0xFF) [146]
o spellcheck.words: remove 'github' as an accepted word [22]
o ssl-reqd.d: clarify that this is for upgrading connections only [138]
o strcase: use curl_str(n)equal for case insensitive matches [8]
o styled-output.d: this option does not work on Windows [93]
o system.h: fix socklen_t, curl_off_t, long long for Classic Mac OS [133]
o system.h: support 64-bit curl_off_t for NonStop 32-bit [21]
o test1421: fix typo [109]
o test3026: reduce runtime in legacy mingw builds [73]
o tests/sshserver.pl: re-enable ssh-rsa while using openssh 8.8+
o tests: add authorityInfoAccess to generated certs [99]
o tests: add HTTP/3 test case, custom location for proper nghttpx [106]
o tls: backends use connection filters for IO, enabling HTTPS-proxy [92]
o tool: determine the correct fopen option for -D [95]
o tool_cfgable: free the ssl_ec_curves on exit [142]
o tool_cfgable: make socks5_gssapi_nec a boolean [128]
o tool_formparse: avoid clobbering on function params [135]
o tool_getparam: make --no-get work as the opposite of --get [39]
o tool_operate: provide better errmsg for -G with bad URL [16]
o tool_operate: when aborting, make sure there is a non-NULL error buffer [20]
o tool_paramhlp: free the proto strings on exit [141]
o url: move back the IDN conversion of proxy names [74]
o urlapi: reject more bad letters from the host name: &+() [143]
o urldata: change port num storage to int and unsigned short [66]
o vms: remove SIZEOF_SHORT [134]
o vtls: fix build without proxy support [38]
o vtls: localization of state data in filters [84]
o WEBSOCKET.md: fix broken link [30]
o Websocket: fixes for partial frames and buffer updates [7]
o websockets: fix handling of partial frames [32]
o windows: fail early with a missing windres in autotools [5]
o windows: fix linking .rc to shared curl with autotools [24]
o winidn: drop WANT_IDN_PROTOTYPES [27]
o ws: if no connection is around, return error [149]
o ws: return CURLE_NOT_BUILT_IN when websockets not built in [34]
o x509asn1: avoid freeing unallocated pointers [147]
Pullup ticket #6697 - requested by taca
www/curl: security fix
Revisions pulled up:
- www/curl/Makefile 1.262
- www/curl/PLIST 1.92
- www/curl/distinfo 1.186
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Oct 26 07:44:01 UTC 2022
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
Log Message:
curl: update to 7.86.0.
Changes:
NPN: remove support for and use of
Websockets: initial support
Bugfixes:
altsvc: reject bad port numbers
altsvc: use 'h3' for h3
amiga: do not hardcode openssl/zlib into the os config
amiga: set SIZEOF_CURL_OFF_T=8 by default
amigaos: add missing curl header
asyn-ares: set hint flags when calling ares_getaddrinfo
autotools: allow --enable-symbol-hiding with windows
autotools: allow unix sockets on Windows
autotools: reduce brute-force when detecting recv/send arg list
aws_sigv4: fix header computation
bearssl: make it proper C89 compliant
CI/GHA: cancel outdated CI runs on new PR changes
CI/GHA: merge msh3 and openssl3 builds into linux workflow
cirrus-ci: add macOS build with m1
cirrus: use make LDFLAGS=-all-static instead of curl_LDFLAGS
cli tool: do not use disabled protocols
cmake: add missing inet_ntop check
cmake: add the check of HAVE_SOCKETPAIR
cmake: define BUILDING_LIBCURL in lib/CMakeLists, not config.h
cmake: delete duplicate HAVE_GETADDRINFO test
cmake: enable more detection on Windows
cmake: fix original MinGW builds
cmake: improve usability of CMake build as a sub-project
cmake: set HAVE_GETADDRINFO_THREADSAFE on Windows
cmake: set HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID on Windows
cmake: sync HAVE_SIGNAL detection with autotools
cmdline/docs: add a required 'multi' keyword for each option
configure: correct the wording when checking grep -E
configure: deprecate builds with small curl_off_t
configure: fail if '--without-ssl' + explicit parameter for an ssl lib
configure: the ngtcp2 option should default to 'no'
connect: change verbose IPv6 address:port to [address]:port
connect: fix builds without AF_INET6
connect: fix Curl_updateconninfo for TRNSPRT_UNIX
connect: fix the wrong error message on connect failures
content_encoding: use writer struct subclasses for different encodings
cookie: reject cookie names or content with TAB characters
ctype: remove all use of <ctype.h>, use our own versions
curl-compilers.m4: for gcc + want warnings, set gnu89 standard
curl-compilers.m4: use -O2 as default optimize for clang
curl-wolfssl.m4: error out if wolfSSL is not usable
curl.h: fix mention of wrong error code in comment
curl/add_file_name_to_url: use the libcurl URL parser
curl/add_parallel_transfers: better error handling
curl/get_url_file_name: use libcurl URL parser
curl: warn for --ssl use, considered insecure
curl_ctype: convert to macros-only
curl_easy_pause.3: unpausing is as fast as possible
curl_escape.3: fix typo
curl_setup: disable use of FLOSS for 64-bit NonStop builds
curl_setup: include curl.h after platform setup headers
curl_setup: include only system.h instead of curl.h
curl_strequal.3: fix argument typo
curl_url_set.3: document CURLU_APPENDQUERY proper
CURLMOPT_PIPELINING.3: dedup manpage xref
CURLOPT_ACCEPT_ENCODING.3: remove "four" as they are five
CURLOPT_AUTOREFERER.3: highlight the privacy leak risk
CURLOPT_COOKIEFILE: insist on "" for enable-without-file
CURLOPT_COOKIELIST.3: fix formatting mistake
CURLOPT_DNS_INTERFACE.3: mention it works for almost all protocols
CURLOPT_MIMEPOST.3: add an (inline) example
CURLOPT_POSTFIELDS.3: refer to CURLOPT_MIMEPOST
CURLOPT_PROXY_SSLCERT_BLOB.3: this is for HTTPS proxies
CURLOPT_WILDCARDMATCH.3: Fix backslash escaping under single quotes
CURLSHOPT_UNLOCKFUNC.3: the callback has no 'access' argument
DEPRECATE.md: Support for systems without 64 bit data types
docs/examples: avoid deprecated options in examples where possible
docs/INSTALL: update Android Instructions for newer NDKs
docs/libcurl/symbols-in-versions: add several missing symbols
docs: 100+ spellfixes
docs: correct missing uppercase in Markdown files
docs: document more server names for test files
docs: fix deprecation versions inconsistencies
docs: make sure libcurl opts examples pass in long arguments
docs: remove mentions of deprecated '--without-openssl' parameter
docs: tag curl options better in man pages
docs: tell about disabled protocols in CURLOPT_*PROTOCOLS_STR.
docs: update sourceforge project links
easy: fix the #include order
easy: fix the altsvc init for curl_easy_duphandle
easy_lock: check for HAVE_STDATOMIC_H as well
examples/chkspeed: improve portability
formdata: fix warning: 'CURLformoption' is promoted to 'int'
ftp: ignore a 550 response to MDTM
ftp: remove redundant if
functypes: provide the recv and send arg and return types
getparameter: return PARAM_MANUAL_REQUESTED for -M even when disabled
GHA: build tests in a separate step from the running of them
GHA: run proselint on markdown files
github: initial CODEOWNERS setup for CI configuration
header: define public API functions as extern c
headers: reset the requests counter at transfer start
hostip: guard PF_INET6 use
hostip: lazily wait to figure out if IPv6 works until needed
http, vauth: always provide Curl_allow_auth_to_host() functionality
http2: make nghttp2 less picky about field whitespace
HTTP3.md: update Caddy example
http: try parsing Retry-After: as a number first
http_proxy: restore the protocol pointer on error
httpput-postfields.c: shorten string for C89 compliance
ldap: delete stray CURL_HAS_MOZILLA_LDAP reference
lib1560: extended to verify detect/reject of unknown schemes
lib517: fix C89 constant signedness
lib: add missing limits.h includes
lib: add required Win32 setup definitions in setup-win32.h
lib: prepare the incoming of additional protocols
lib: sanitize conditional exclusion around MIME
lib: set more flags in config-win32.h
lib: the number four in a sequence is the "fourth"
libssh: if sftp_init fails, don't get the sftp error code
Makefile.m32: deduplicate build rules
Makefile.m32: drop CROSSPREFIX and our CC/AR defaults
Makefile.m32: exclude libs & libpaths for shared mode exes
Makefile.m32: fix regression with tool_hugehelp
Makefile.m32: major rework
Makefile.m32: reintroduce CROSSPREFIX and -W -Wall
Makefile.m32: support more options
manpage-syntax.pl: all libcurl option symbols should be \fI-tagged
manpages: Fix spelling of "allows to" -> "allows one to"
misc: ISSPACE() => ISBLANK()
misc: use the term "null-terminate" consistently
mprintf: reject two kinds of precision for the same argument
mprintf: use snprintf if available
mqtt: return error for too long topic
mqtt: spell out CONNECT in comments
msh3: change the static_assert to make the code C89
netrc: compare user name case sensitively
netrc: replace fgets with Curl_get_line
netrc: use the URL-decoded user
ngtcp2: fix build errors due to changes in ngtcp2 library
ngtcp2: fix C89 compliance nit
noproxy: support proxies specified using cidr notation
openssl: make certinfo available for QUIC
README.md: add GHA status badges for Linux and macOS builds
RELEASE-PROCEDURE.md: mention patch releases
resolve: make forced IPv4 resolve only use A queries
runtests: fix uninitialized value on ignored tests
schannel: ban server ALPN change during recv renegotiation
schannel: don't reset recv/send function pointers on renegotiation
schannel: when importing PFX, disable key persistence
scripts: use `grep -E` instead of `egrep`
setopt: use the handler table for protocol name to number conversions
setopt: when POST is set, reset the 'upload' field
setup-win32: no longer define UNICODE/_UNICODE implicitly
single_transfer: use the libcurl URL parser when appending query parts
smb: replace CURL_WIN32 with WIN32
strcase: add and use Curl_timestrcmp
strerror: improve two URL API error messages
symbol-scan.pl: also check for LIBCURL* symbols
symbol-scan.pl: scan and verify .3 man pages
symbols-in-versions: add missing LIBCURL* symbols
symbols-in-versions: CURLOPT_ENCODING is deprecated since 7.21.6
test1119: scan all public headers
test1275: verify uppercase after period in markdown
test972: verify the output without using external tool
tests/certs/scripts: insert standard curl source headers
tests/Makefile: remove run time stats from ci-test
tests: avoid CreateThread if _beginthreadex is available
tests: fix tag syntax errors in test files
tests: skip mime/form tests when mime is not built-in
tidy-up: delete parallel/unused feature flags
tidy-up: delete unused HAVE_STRUCT_POLLFD
TODO: provide the error body from a CONNECT response
tool: avoid generating ambiguous escaped characters in --libcurl
tool: remove dead code
tool: reorganize function c_escape around a dynbuf
tool_hugehelp: make hugehelp a blank macro when disabled
tool_main: exit at once if out of file descriptors
tool_operate: avoid a few #ifdefs for disabled-libcurl builds
tool_operate: more transfer cleanup after parallel transfer fail
tool_operate: prevent over-queuing in parallel mode
tool_operate: reduce errorbuffer allocs
tool_paramhelp: asserts verify maximum sizes for string loading
tool_paramhelp: make the max argument a 'double'
tool_progress: remove 'Qd' from the parallel progress bar
tool_setopt: use better English in --libcurl source comments
tool_xattr: save the original URL, not the final redirected one
unit test 1655: make it C89-compliant
url: a zero-length userinfo part in the URL is still a (blank) user
url: allow non-HTTPS HSTS-matching for debug builds
url: rename function due to name-clash in Watt-32
url: use IDN decoded names for HSTS checks
urlapi: detect scheme better when not guessing
urlapi: fix parsing URL without slash with CURLU_URLENCODE
urlapi: leaner with fewer allocs
urlapi: reject more bad characters from the host name field
winbuild/MakefileBuild.vc: handle spaces in libssh(2) include paths
winbuild: use NMake batch-rules for compilation
windows: add .rc support to autotools builds
windows: adjust name of two internal public functions
windows: autotools .rc warnings fixup
wolfSSL: fix session management bug.
*: bump PKGREVISION for libunistring shlib major bump
curl: update to 7.86.0.
Changes:
NPN: remove support for and use of
Websockets: initial support
Bugfixes:
altsvc: reject bad port numbers
altsvc: use 'h3' for h3
amiga: do not hardcode openssl/zlib into the os config
amiga: set SIZEOF_CURL_OFF_T=8 by default
amigaos: add missing curl header
asyn-ares: set hint flags when calling ares_getaddrinfo
autotools: allow --enable-symbol-hiding with windows
autotools: allow unix sockets on Windows
autotools: reduce brute-force when detecting recv/send arg list
aws_sigv4: fix header computation
bearssl: make it proper C89 compliant
CI/GHA: cancel outdated CI runs on new PR changes
CI/GHA: merge msh3 and openssl3 builds into linux workflow
cirrus-ci: add macOS build with m1
cirrus: use make LDFLAGS=-all-static instead of curl_LDFLAGS
cli tool: do not use disabled protocols
cmake: add missing inet_ntop check
cmake: add the check of HAVE_SOCKETPAIR
cmake: define BUILDING_LIBCURL in lib/CMakeLists, not config.h
cmake: delete duplicate HAVE_GETADDRINFO test
cmake: enable more detection on Windows
cmake: fix original MinGW builds
cmake: improve usability of CMake build as a sub-project
cmake: set HAVE_GETADDRINFO_THREADSAFE on Windows
cmake: set HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID on Windows
cmake: sync HAVE_SIGNAL detection with autotools
cmdline/docs: add a required 'multi' keyword for each option
configure: correct the wording when checking grep -E
configure: deprecate builds with small curl_off_t
configure: fail if '--without-ssl' + explicit parameter for an ssl lib
configure: the ngtcp2 option should default to 'no'
connect: change verbose IPv6 address:port to [address]:port
connect: fix builds without AF_INET6
connect: fix Curl_updateconninfo for TRNSPRT_UNIX
connect: fix the wrong error message on connect failures
content_encoding: use writer struct subclasses for different encodings
cookie: reject cookie names or content with TAB characters
ctype: remove all use of <ctype.h>, use our own versions
curl-compilers.m4: for gcc + want warnings, set gnu89 standard
curl-compilers.m4: use -O2 as default optimize for clang
curl-wolfssl.m4: error out if wolfSSL is not usable
curl.h: fix mention of wrong error code in comment
curl/add_file_name_to_url: use the libcurl URL parser
curl/add_parallel_transfers: better error handling
curl/get_url_file_name: use libcurl URL parser
curl: warn for --ssl use, considered insecure
curl_ctype: convert to macros-only
curl_easy_pause.3: unpausing is as fast as possible
curl_escape.3: fix typo
curl_setup: disable use of FLOSS for 64-bit NonStop builds
curl_setup: include curl.h after platform setup headers
curl_setup: include only system.h instead of curl.h
curl_strequal.3: fix argument typo
curl_url_set.3: document CURLU_APPENDQUERY proper
CURLMOPT_PIPELINING.3: dedup manpage xref
CURLOPT_ACCEPT_ENCODING.3: remove "four" as they are five
CURLOPT_AUTOREFERER.3: highlight the privacy leak risk
CURLOPT_COOKIEFILE: insist on "" for enable-without-file
CURLOPT_COOKIELIST.3: fix formatting mistake
CURLOPT_DNS_INTERFACE.3: mention it works for almost all protocols
CURLOPT_MIMEPOST.3: add an (inline) example
CURLOPT_POSTFIELDS.3: refer to CURLOPT_MIMEPOST
CURLOPT_PROXY_SSLCERT_BLOB.3: this is for HTTPS proxies
CURLOPT_WILDCARDMATCH.3: Fix backslash escaping under single quotes
CURLSHOPT_UNLOCKFUNC.3: the callback has no 'access' argument
DEPRECATE.md: Support for systems without 64 bit data types
docs/examples: avoid deprecated options in examples where possible
docs/INSTALL: update Android Instructions for newer NDKs
docs/libcurl/symbols-in-versions: add several missing symbols
docs: 100+ spellfixes
docs: correct missing uppercase in Markdown files
docs: document more server names for test files
docs: fix deprecation versions inconsistencies
docs: make sure libcurl opts examples pass in long arguments
docs: remove mentions of deprecated '--without-openssl' parameter
docs: tag curl options better in man pages
docs: tell about disabled protocols in CURLOPT_*PROTOCOLS_STR.
docs: update sourceforge project links
easy: fix the #include order
easy: fix the altsvc init for curl_easy_duphandle
easy_lock: check for HAVE_STDATOMIC_H as well
examples/chkspeed: improve portability
formdata: fix warning: 'CURLformoption' is promoted to 'int'
ftp: ignore a 550 response to MDTM
ftp: remove redundant if
functypes: provide the recv and send arg and return types
getparameter: return PARAM_MANUAL_REQUESTED for -M even when disabled
GHA: build tests in a separate step from the running of them
GHA: run proselint on markdown files
github: initial CODEOWNERS setup for CI configuration
header: define public API functions as extern c
headers: reset the requests counter at transfer start
hostip: guard PF_INET6 use
hostip: lazily wait to figure out if IPv6 works until needed
http, vauth: always provide Curl_allow_auth_to_host() functionality
http2: make nghttp2 less picky about field whitespace
HTTP3.md: update Caddy example
http: try parsing Retry-After: as a number first
http_proxy: restore the protocol pointer on error
httpput-postfields.c: shorten string for C89 compliance
ldap: delete stray CURL_HAS_MOZILLA_LDAP reference
lib1560: extended to verify detect/reject of unknown schemes
lib517: fix C89 constant signedness
lib: add missing limits.h includes
lib: add required Win32 setup definitions in setup-win32.h
lib: prepare the incoming of additional protocols
lib: sanitize conditional exclusion around MIME
lib: set more flags in config-win32.h
lib: the number four in a sequence is the "fourth"
libssh: if sftp_init fails, don't get the sftp error code
Makefile.m32: deduplicate build rules
Makefile.m32: drop CROSSPREFIX and our CC/AR defaults
Makefile.m32: exclude libs & libpaths for shared mode exes
Makefile.m32: fix regression with tool_hugehelp
Makefile.m32: major rework
Makefile.m32: reintroduce CROSSPREFIX and -W -Wall
Makefile.m32: support more options
manpage-syntax.pl: all libcurl option symbols should be \fI-tagged
manpages: Fix spelling of "allows to" -> "allows one to"
misc: ISSPACE() => ISBLANK()
misc: use the term "null-terminate" consistently
mprintf: reject two kinds of precision for the same argument
mprintf: use snprintf if available
mqtt: return error for too long topic
mqtt: spell out CONNECT in comments
msh3: change the static_assert to make the code C89
netrc: compare user name case sensitively
netrc: replace fgets with Curl_get_line
netrc: use the URL-decoded user
ngtcp2: fix build errors due to changes in ngtcp2 library
ngtcp2: fix C89 compliance nit
noproxy: support proxies specified using cidr notation
openssl: make certinfo available for QUIC
README.md: add GHA status badges for Linux and macOS builds
RELEASE-PROCEDURE.md: mention patch releases
resolve: make forced IPv4 resolve only use A queries
runtests: fix uninitialized value on ignored tests
schannel: ban server ALPN change during recv renegotiation
schannel: don't reset recv/send function pointers on renegotiation
schannel: when importing PFX, disable key persistence
scripts: use `grep -E` instead of `egrep`
setopt: use the handler table for protocol name to number conversions
setopt: when POST is set, reset the 'upload' field
setup-win32: no longer define UNICODE/_UNICODE implicitly
single_transfer: use the libcurl URL parser when appending query parts
smb: replace CURL_WIN32 with WIN32
strcase: add and use Curl_timestrcmp
strerror: improve two URL API error messages
symbol-scan.pl: also check for LIBCURL* symbols
symbol-scan.pl: scan and verify .3 man pages
symbols-in-versions: add missing LIBCURL* symbols
symbols-in-versions: CURLOPT_ENCODING is deprecated since 7.21.6
test1119: scan all public headers
test1275: verify uppercase after period in markdown
test972: verify the output without using external tool
tests/certs/scripts: insert standard curl source headers
tests/Makefile: remove run time stats from ci-test
tests: avoid CreateThread if _beginthreadex is available
tests: fix tag syntax errors in test files
tests: skip mime/form tests when mime is not built-in
tidy-up: delete parallel/unused feature flags
tidy-up: delete unused HAVE_STRUCT_POLLFD
TODO: provide the error body from a CONNECT response
tool: avoid generating ambiguous escaped characters in --libcurl
tool: remove dead code
tool: reorganize function c_escape around a dynbuf
tool_hugehelp: make hugehelp a blank macro when disabled
tool_main: exit at once if out of file descriptors
tool_operate: avoid a few #ifdefs for disabled-libcurl builds
tool_operate: more transfer cleanup after parallel transfer fail
tool_operate: prevent over-queuing in parallel mode
tool_operate: reduce errorbuffer allocs
tool_paramhelp: asserts verify maximum sizes for string loading
tool_paramhelp: make the max argument a 'double'
tool_progress: remove 'Qd' from the parallel progress bar
tool_setopt: use better English in --libcurl source comments
tool_xattr: save the original URL, not the final redirected one
unit test 1655: make it C89-compliant
url: a zero-length userinfo part in the URL is still a (blank) user
url: allow non-HTTPS HSTS-matching for debug builds
url: rename function due to name-clash in Watt-32
url: use IDN decoded names for HSTS checks
urlapi: detect scheme better when not guessing
urlapi: fix parsing URL without slash with CURLU_URLENCODE
urlapi: leaner with fewer allocs
urlapi: reject more bad characters from the host name field
winbuild/MakefileBuild.vc: handle spaces in libssh(2) include paths
winbuild: use NMake batch-rules for compilation
windows: add .rc support to autotools builds
windows: adjust name of two internal public functions
windows: autotools .rc warnings fixup
wolfSSL: fix session management bug.
curl: updated to 7.85.0 7.85.0 Changes: quic: add support via wolfSSL schannel: Add TLS 1.3 support setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR Bugfixes: amigaos: fix threaded resolver on AmigaOS 4.x amissl: allow AmiSSL to be used with AmigaOS 4.x builds amissl: make AmiSSL v5 a minimum requirement asyn-ares: make a single alloc out of hostname + async data asyn-thread: fix socket leak on OOM asyn-thread: make getaddrinfo_complete return CURLcode base64: base64url encoding has no padding BUGS.md: improve language build: improve OS string in CMake and `config-win32.h` cert.d: clarify that escape character works for file paths cirrus.yml: replace py38-pip with py39-pip cirrus/freebsd-ci: bootstrap the pip installer cmake: add detection of threadsafe feature cmake: do not force Windows target versions cmake: fix build for mingw cross compile cmake: link curl to its dependencies with PRIVATE cmake: remove APPEND in export(TARGETS) cmake: set feature PSL if present cmake: support ngtcp2 boringssl backend cmdline-opts/gen.pl: improve performance config: remove the check for and use of SIZEOF_SHORT configure: -pthread not available on AmigaOS 4.x configure: check for the stdatomic.h header in configure configure: fix --disable-headers-api configure: fix broken m4 syntax in TLS options configure: fixup bsdsocket detection code for AmigaOS 4.x configure: if asked to use TLS, fail if no TLS lib was detected configure: introduce CURL_SIZEOF connect: add quic connection information connect: close the happy eyeballs loser connection when using QUIC connect: revert the use of IP*_RECVERR connect: set socktype/protocol correctly cookie: reject cookies with "control bytes" cookie: treat a blank domain in Set-Cookie: as non-existing cookie: use %zu to infof() for size_t values curl-compilers.m4: make icc use -diag* options and disable two warnings curl-config: quote directories with potential space curl-confopts: remove leftover AC_REQUIREs curl-functions.m4: check whether atomics can link curl-wolfssl.m4: add options header when building test code curl.h: CURLE_CONV_FAILED is obsoleted curl.h: include <sys/select.h> on SunOS curl: output warning when a cookie is dropped due to size curl: writeout: fix repeated header outputs Curl_close: call Curl_resolver_cancel to avoid memory-leak curl_easy_header: Add CURLH_PSEUDO to sanity check curl_mime_data.3: polish the wording curl_multi_timeout.3: clarify usage CURLINFO_SPEED_UPLOAD/DOWNLOAD.3: fix examples CURLOPT_BUFFERSIZE.3: add upload buffersize to see also CURLOPT_CONNECT_ONLY.3: clarify multi API use CURLOPT_SERVER_RESPONSE_TIMEOUT: the new name digest: fix memory leak, fix not quoted 'opaque' digest: fix missing increment of 'nc' value for auth-int digest: pass over leading spaces in qop values digest: reject broken header with session protocol but without qop docs/cmdline-opts/gen.pl: encode leading single and double quotes docs/cmdline-opts: fix example and categories for --form-escape docs/cmdline: mark fail and fail-with-body as mutually exclusive docs: add dns category to --resolve docs: explain curl_easy_escape/unescape curl handle is ignored docs: remove him/her/he/she from documentation doh: move doh related struct definitions to doh.h doh: use https protocol by default easy_lock.h: include sched.h if available to fix build easy_lock.h: use __asm__ instead of asm to fix build easy_lock: fix build for mingw easy_lock: fix build with icc easy_lock: fix the #ifdef conditional for ia32_pause easy_lock: switch to using atomic_int instead of bool easyoptions: fix icc warning escape: remove outdated comment examples/curlx.c: remove file: add handling of native AmigaOS paths file: fix icc enumerated type mixed with another type warning ftp: use a correct expire ID for timer expiry getinfo: return better error on NULL as first argument GHA: add two Intel compiler CI jobs GHA: move libressl CI from zuul to GitHub gha: move over ngtcp2-gnutls CI job from zuul GHA: mv CI torture test from Zuul h2h3: fix overriding the 'TE: Trailers' header hostip: resolve *.localhost to 127.0.0.1/::1 HTTP3.md: update to msh3 v0.4.0 http: typecast the httpreq assignment to avoid icc compiler warning http_aws_sigv4.c: remove two unusued includes http_chunks: remove an assign + typecast hyper: customize test1274 to how hyper unfolds headers hyper: enable obs-folded multiline headers hyper: use wakers for curl pause/resume imap: use ISALNUM() for alphanumeric checks ldap: adapt to conn->port now being an 'int' lib/curl_path.c: add ISC to license expression lib3026: reduce the number of threads to 100 libcurl-security.3: fix typo on macro "SH_" libssh2: make atime/mtime date overflow return error libssh2: provide symlink name in SFTP dir listing libssh: ignore deprecation warnings libssh: make atime/mtime date overflow return error Makefile.m32: add `CURL_RC` and `CURL_STRIP` variables [ci skip] Makefile.m32: add `NGTCP2_LIBS` option [ci skip] makefile.m32: add support for custom ARCH [ci skip] Makefile.m32: allow -nghttp3/-ngtcp2 without -ssl [ci skip] Makefile.m32: do not set the libcurl.rc debug flag [ci skip] Makefile.m32: stop trying to build libcares.a [ci skip] memdebug: add annotation attributes mprintf: fix *dyn_vprintf() when out-of-memory mprintf: make dprintf_formatf never return negative msh3: fix the QUIC disconnect function multi: fix the return code from Curl_pgrsDone() multi: have curl_multi_remove_handle close CONNECT_ONLY transfer multi: use a pipe instead of a socketpair on apple platforms multi: use larger dns hash table for multi interface multi_wait: fix and improve Curl_poll error handling on Windows multi_wait: fix skipping to populate revents for extra_fds netrc.d: remove spurious quote netrc: Use the password from lines without login ngtcp2: Fix build error due to change in nghttp3 prototypes ngtcp2: fix incompatible function pointer types ngtcp2: Fix missing initialization of nghttp3_nv.flags ngtcp2: fix stall or busy loop on STOP_SENDING with upload data ngtcp2: implement cb_h3_stop_sending and cb_h3_reset_stream callbacks openssl: add `CURL_BORINGSSL_VERSION` to identify BoringSSL openssl: add cert path in error message openssl: add details to "unable to set client certificate" error openssl: fix BoringSSL symbol conflicts with LDAP and Schannel quiche: fix build failure select: do not return fatal error on EINTR from poll() sendf: fix paused header writes since after the header API sendf: make Curl_debug a void function sendf: skip storing HTTP headers if HTTP disabled sendf: store the header type in an usigned char to avoid icc warnings splay: avoid using -1 in unsigned variable test3026: add support for Windows using native Win32 threads test3026: require 'threadsafe' test44[2-4]: add '--resolve' to the keywords tests/server/sockfilt.c: avoid race condition without a mutex tests: fix http2 tests to use CRLF headers tests: several enumerated type cleanups THANKS: merged two entries for Evgeny Grin tidy-up: delete unused build configuration macros tool: reintroduce set file comment code for AmigaOS tool_cfgable: make 'synthetic_error' a plain bool tool_formparse: fix variable may be used before its value is set tool_getparam: make --doh-url "" switch it off tool_getparam: repair cleanarg tool_operate: better cleanup of easy handle in exit path tool_paramhlp: fix "enumerated type mixed with another type" tool_paramhlp: make check_protocol return ParameterError tool_progress: avoid division by zero in parallel progress meter tool_writeout: fix enumerated type mixed with another type trace: 0x7F character is non-printable unit1303: four tests should have TRUE for 'connecting' url: enumerated type mixed with another type url: really use the user provided in the url when netrc entry exists url: reject URLs with hostnames longer than 65535 bytes url: treat missing usernames in netrc as empty urldata: change second proxytype field to unsigned char to match urldata: make 'negnpn' use less storage urldata: make state.httpreq an unsigned char urldata: make three *_proto struct fields smaller urldata: move smaller fields down in connectdata struct urldata: reduce size of several struct fields vtls: make Curl_ssl_backend() return the enum type curl_sslbackend windows: improve random source
curl: SunOS build fix. Reported upstream. Bump.
*: recursive bump for perl 5.36
curl: update to 7.84.0.
Security fix release.
This release includes the following changes:
o curl: add --rate to set max request rate per time unit [69]
o curl: deprecate --random-file and --egd-file [12]
o curl_version_info: add CURL_VERSION_THREADSAFE [100]
o CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl [9]
o lib: make curl_global_init() threadsafe when possible [101]
o libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION [78]
o opts: deprecate RANDOM_FILE and EGDSOCKET [13]
o socks: support unix sockets for socks proxy [2]
This release includes the following bugfixes:
o aws-sigv4: fix potentional NULL pointer arithmetic [48]
o bindlocal: don't use a random port if port number would wrap [14]
o c-hyper: mark status line as status for Curl_client_write() [58]
o ci: avoid `cmake -Hpath` [114]
o CI: bump FreeBSD 13.0 to 13.1 [127]
o ci: update github actions [36]
o cmake: add libpsl support [3]
o cmake: do not add libcurl.rc to the static libcurl library [53]
o cmake: enable curl.rc for all Windows targets [55]
o cmake: fix detecting libidn2 [56]
o cmake: support adding a suffix to the OS value [54]
o configure: skip libidn2 detection when winidn is used [89]
o configure: use the SED value to invoke sed [28]
o configure: warn about rustls being experimental [103]
o content_encoding: return error on too many compression steps [106]
o cookie: address secure domain overlay [7]
o cookie: apply limits [83]
o copyright.pl: parse and use .reuse/dep5 for skips [105]
o copyright: make repository REUSE compliant [119]
o curl.1: add a few see also --tls-max [52]
o curl.1: mention exit code zero too [44]
o curl: re-enable --no-remote-name [31]
o curl_easy_pause.3: remove explanation of progress function [97]
o curl_getdate.3: document that some illegal dates pass through [34]
o Curl_parsenetrc: don't access local pwbuf outside of scope [27]
o curl_url_set.3: clarify by default using known schemes only [120]
o CURLOPT_ALTSVC.3: document the file format [118]
o CURLOPT_FILETIME.3: fix the protocols this works with
o CURLOPT_HTTPHEADER.3: improve comment in example [66]
o CURLOPT_NETRC.3: document the .netrc file format
o CURLOPT_PORT.3: We discourage using this option [92]
o CURLOPT_RANGE.3: remove ranged upload advice [99]
o digest: added detection of more syntax error in server headers [81]
o digest: tolerate missing "realm" [80]
o digest: unquote realm and nonce before processing [82]
o DISABLED: disable 1021 for hyper again
o docs/cmdline-opts: add copyright and license identifier to each file [112]
o docs/CONTRIBUTE.md: document the 'needs-votes' concept [79]
o docs: clarify data replacement policy for MIME API [16]
o doh: remove UNITTEST macro definition [67]
o examples/crawler.c: use the curl license [73]
o examples: remove fopen.c and rtsp.c [76]
o FAQ: Clarify Windows double quote usage [42]
o fopen: add Curl_fopen() for better overwriting of files [72]
o ftp: restore protocol state after http proxy CONNECT [110]
o ftp: when failing to do a secure GSSAPI login, fail hard [62]
o GHA/hyper: enable debug in the build
o gssapi: improve handling of errors from gss_display_status [45]
o gssapi: initialize gss_buffer_desc strings
o headers api: remove EXPERIMENTAL tag [35]
o http2: always debug print stream id in decimal with %u [46]
o http2: reject overly many push-promise headers [63]
o http: restore header folding behavior [64]
o hyper: use 'alt-used' [71]
o krb5: return error properly on decode errors [107]
o lib: make more protocol specific struct fields #ifdefed [84]
o libcurl-security.3: add "Secrets in memory" [30]
o libcurl-security.3: document CRLF header injection [98]
o libssh: skip the fake-close when libssh does the right thing [102]
o links: update dead links to the curl-wiki [21]
o log2changes: do not indent empty lines [ci skip] [37]
o macos9: remove partial support [22]
o Makefile.am: fix portability issues [1]
o Makefile.m32: delete obsolete options, improve -On [ci skip] [65]
o Makefile.m32: delete two obsolete OpenSSL options [ci skip] [39]
o Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip] [116]
o max-time.d: clarify max-time sets max transfer time [70]
o mprintf: ignore clang non-literal format string [19]
o netrc: check %USERPROFILE% as well on Windows [77]
o netrc: support quoted strings [33]
o ngtcp2: allow curl to send larger UDP datagrams [29]
o ngtcp2: correct use of ngtcp2 and nghttp3 signed integer types [25]
o ngtcp2: enable Linux GSO [91]
o ngtcp2: extend QUIC transport parameters buffer [4]
o ngtcp2: fix alert_read_func return value [26]
o ngtcp2: fix typo in preprocessor condition [121]
o ngtcp2: handle error from ngtcp2_conn_submit_crypto_data [5]
o ngtcp2: send appropriate connection close error code [6]
o ngtcp2: support boringssl crypto backend [17]
o ngtcp2: use helper funcs to simplify TLS handshake integration [68]
o ntlm: provide a fixed fake host name [32]
o projects: fix third-party SSL library build paths for Visual Studio [125]
o quic: add Curl_quic_idle [18]
o quiche: support ca-fallback [49]
o rand: stop detecting /dev/urandom in cross-builds [113]
o remote-name.d: mention --output-dir [88]
o runtests.pl: add the --repeat parameter to the --help output [43]
o runtests: fix skipping tests not done event-based [95]
o runtests: skip starting the ssh server if user name is lacking [104]
o scripts/copyright.pl: fix the exclusion to not ignore man pages [75]
o sectransp: check for a function defined when __BLOCKS__ is undefined [20]
o select: return error from "lethal" poll/select errors [93]
o server/sws: support spaces in the HTTP request path
o speed-limit/time.d: mention these affect transfers in either direction [74]
o strcase: some optimisations [8]
o test 2081: add a valid reply for the second request [60]
o test 675: add missing CR so the test passes when run through Privoxy [61]
o test414: add the '--resolve' keyword [23]
o test681: verify --no-remote-name [90]
o tests 266, 116 and 1540: add a small write delay
o tests/data/test1501: kill ftp server after slow LIST response [59]
o tests/getpart: fix getpartattr to work with "data" and "data2"
o tests/server/sws.c: change the HTTP writedelay unit to milliseconds [47]
o test{440,441,493,977}: add "HTTP proxy" keywords [40]
o tool_getparam: fix --parallel-max maximum value constraint [51]
o tool_operate: make sure --fail-with-body works with --retry [24]
o transfer: fix potential NULL pointer dereference [15]
o transfer: maintain --path-as-is after redirects [96]
o transfer: upload performance; avoid tiny send [124]
o url: free old conn better on reuse [41]
o url: remove redundant #ifdefs in allocate_conn()
o url: URL encode the path when extracted, if spaces were set
o urlapi: make curl_url_set(url, CURLUPART_URL, NULL, 0) clear all parts [126]
o urlapi: support CURLU_URLENCODE for curl_url_get()
o urldata: reduce size of a few struct fields [86]
o urldata: remove three unused booleans from struct UserDefined [87]
o urldata: store tcp_keepidle and tcp_keepintvl as ints [85]
o version: allow stricmp() for sorting the feature list [57]
o vtls: make curl_global_sslset thread-safe [94]
o wolfssh.h: removed [10]
o wolfssl: correct the failf() message when a handle can't be made [38]
o wolfSSL: explicitly use compatibility layer [11]
o x509asn1: mark msnprintf return as unchecked [50]
curl: update to 7.83.1.
This release includes the following bugfixes:
o altsvc: fix host name matching for trailing dots [31]
o cirrus: Update to FreeBSD 12.3 [24]
o cirrus: Use pip for Python packages on FreeBSD [23]
o conn: fix typo 'connnection' -> 'connection' in two function names [1]
o cookies: make bad_domain() not consider a trailing dot fine [26]
o curl: free resource in error path [3]
o curl: guard against size_t wraparound in no-clobber code [4]
o CURLOPT_DOH_URL.3: mention the known bug [19]
o CURLOPT_HSTS*FUNCTION.3: document the involved structs as well [20]
o CURLOPT_SSH_AUTH_TYPES.3: fix the default [18]
o data/test376: set a proper name
o GHA/mbedtls: enabled nghttp2 in the build [11]
o gha: build msh3 [5]
o gskit: fixed bogus setsockopt calls [17]
o gskit: remove unused function set_callback [2]
o hsts: ignore trailing dots when comparing hosts names [28]
o HTTP-COOKIES: add missing CURLOPT_COOKIESESSION [40]
o http: move Curl_allow_auth_to_host() [9]
o http_proxy/hyper: handle closed connections [34]
o hyper: fix test 357 [32]
o Makefile: fix "make ca-firefox" [37]
o mbedtls: bail out if rng init fails [14]
o mbedtls: fix compile when h2-enabled [12]
o mbedtls: fix some error messages
o misc: use "autoreconf -fi" instead buildconf [22]
o msh3: get msh3 version from MsH3Version [6]
o msh3: print boolean value as text representation [10]
o msh3: psss remote_port to MsH3ConnectionOpen [7]
o ngtcp2: add ca-fallback support for OpenSSL backend [35]
o nss: return error if seemingly stuck in a cert loop [30]
o openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl [8]
o post_per_transfer: remove the updated file name [27]
o sectransp: bail out if SSLSetPeerDomainName fails [33]
o tests/server: declare variable 'reqlogfile' static [39]
o tests: fix markdown formatting in README [38]
o test{898,974,976}: add 'HTTP proxy' keywords [16]
o tls: check more TLS details for connection reuse [25]
o url: check SSH config match on connection reuse [21]
o urlapi: address (harmless) UndefinedBehavior sanitizer warning [15]
o urlapi: reject percent-decoding host name into separator bytes [29]
o x509asn1: make do_pubkey handle EC public keys [13]
*: mark py-flask dependencies as not-for-python-2.x I'll update py-flask soon; the current pkgsrc of py-flask version is broken and all newer versions do not support python 2.x
curl: update to 7.83.0.
curl and libcurl 7.83.0
This release includes the following changes:
o curl: add %header{name} experimental support in -w handling
o curl: add %{header_json} experimental support in -w handling
o curl: add --no-clobber [28]
o curl: add --remove-on-error [11]
o header api: add curl_easy_header and curl_easy_nextheader [56]
o msh3: add support for QUIC and HTTP/3 using msh3 [84]
This release includes the following bugfixes:
o appveyor: add Cygwin build [77]
o appveyor: only add MSYS2 to PATH where required [78]
o BearSSL: add CURLOPT_SSL_CIPHER_LIST support [27]
o BearSSL: add CURLOPT_SSL_CTX_FUNCTION support [26]
o BINDINGS.md: add Hollywood binding [34]
o CI: Do not use buildconf. Instead, just use: autoreconf -fi [42]
o CI: install Python package impacket to run SMB test 1451 [5]
o configure.ac: move -pthread CFLAGS setting back where it used to be [14]
o configure: bump the copyright year range int the generated output
o conncache: include the zone id in the "bundle" hashkey [112]
o connecache: remove duplicate connc->closure_handle check [90]
o connect: make Curl_getconnectinfo work with conn cache from share handle [22]
o connect: use TCP_KEEPALIVE only if TCP_KEEPIDLE is not defined [6]
o cookie.d: clarify when cookies are sent
o cookies: improve errorhandling for reading cookiefile [123]
o curl/system.h: update ifdef condition for MCST-LCC compiler [4]
o curl: error out if -T and -d are used for the same URL [99]
o curl: error out when options need features not present in libcurl [18]
o curl: escape '?' in generated --libcurl code [117]
o curl: fix segmentation fault for empty output file names. [60]
o curl_easy_header: fix typos in documentation [74]
o CURLINFO_PRIMARY_PORT.3: clarify which port this is [126]
o CURLOPT*TLSAUTH.3: they only work with OpenSSL or GnuTLS [105]
o CURLOPT_DISALLOW_USERNAME_IN_URL.3: use uppercase URL
o CURLOPT_PREQUOTE.3: only works for FTP file transfers, not dirs [79]
o CURLOPT_PROGRESSFUNCTION.3: fix typo in example [63]
o CURLOPT_UNRESTRICTED_AUTH.3: extended explanation [127]
o CURLSHOPT_UNLOCKFUNC.3: fix the callback prototype [9]
o docs/HYPER.md: updated to reflect current hyper build needs
o docs/opts: Mention Schannel client cert type is P12 [50]
o docs: Fix missing semicolon in example code [102]
o docs: lots of minor language polish [51]
o English: use American spelling consistently [95]
o fail.d: tweak the description [101]
o firefox-db2pem.sh: make the shell script safer [47]
o ftp: fix error message for partial file upload [61]
o gen.pl: change wording for mutexed options [98]
o GHA: add openssl3 jobs moved over from zuul [88]
o GHA: build hyper with nightly rustc [7]
o GHA: move bearssl jobs over from zuul [85]
o gha: move the event-based test over from Zuul [59]
o gtls: fix build for disabled TLS-SRP [48]
o http2: handle DONE called for the paused stream [69]
o http2: RST the stream if we stop it on our own will [67]
o http: avoid auth/cookie on redirects same host diff port [110]
o http: close the stream (not connection) on time condition abort [68]
o http: reject header contents with nul bytes [41]
o http: return error on colon-less HTTP headers [31]
o http: streamclose "already downloaded" [57]
o hyper: fix status_line() return code [13]
o hyper: fix tests 580 and 581 for hyper [107]
o hyper: no h2c support [33]
o infof: consistent capitalization of warning messages [103]
o ipv4/6.d: clarify that they are about using IP addresses [3]
o json.d: fix typo (overriden -> overridden) [24]
o keepalive-time.d: It takes many probes to detect brokenness [29]
o lib/warnless.[ch]: only check for WIN32 and ignore _WIN32 [45]
o lib670: avoid double check result [71]
o lib: #ifdef on USE_HTTP2 better [65]
o lib: fix some misuse of curlx_convert_wchar_to_UTF8 [38]
o lib: remove exclamation marks [100]
o libssh2: compare sha256 strings case sensitively [114]
o libssh2: make the md5 comparison fail if wrong length [111]
o libssh: fix build with old libssh versions [12]
o libssh: fix double close [124]
o libssh: Improve fix for missing SSH_S_ stat macros [10]
o libssh: unstick SFTP transfers when done event-based [58]
o macos: set .plist version in autoconf [122]
o mbedtls: remove 'protocols' array from backend when ALPN is not used [66]
o mbedtls: remove server_fd from backend [91]
o mk-ca-bundle.pl: Use stricter logic to process the certificates [39]
o mk-ca-bundle.vbs: delete this script in favor of mk-ca-bundle.pl [8]
o mlc_config.json: add file to ignore known troublesome URLs [35]
o mqtt: better handling of TCP disconnect mid-message [55]
o ngtcp2: add client certificate authentication for OpenSSL [15]
o ngtcp2: avoid busy loop in low CWND situation [119]
o ngtcp2: deal with sub-millisecond timeout [116]
o ngtcp2: disconnect the QUIC connection proper [19]
o ngtcp2: enlarge H3_SEND_SIZE [82]
o ngtcp2: fix HTTP/3 upload stall and avoid busy loop [83]
o ngtcp2: fix memory leak [80]
o ngtcp2: fix QUIC_IDLE_TIMEOUT [94]
o ngtcp2: make curl 1ms faster [93]
o ngtcp2: remove remote_addr which is not used in a meaningful way [81]
o ngtcp2: update to work after recent ngtcp2 updates [62]
o ngtcp2: use token when detecting :status header field [92]
o nonblock: restore setsockopt method to curlx_nonblock [20]
o openssl: check SSL_get_peer_cert_chain return value [1]
o openssl: enable CURLOPT_SSL_EC_CURVES with BoringSSL [23]
o openssl: fix CN check error code [21]
o options: remove mistaken space before paren in prototype
o perl: removed a double semicolon at end of line [64]
o pop3/smtp: return *WEIRD_SERVER_REPLY when not understood [43]
o projects/README: converted to markdown [76]
o projects: Update VC version names for VS2017, VS2022 [52]
o rtsp: don't let CSeq error override earlier errors [37]
o runtests: add 'bearssl' as testable feature [87]
o runtests: make 'oldlibssh' be before 0.9.4 [2]
o schannel: remove dead code that will never run [89]
o scripts/copyright.pl: ignore the new mlc_config.json file
o scripts: move three scripts from lib/ to scripts/ [44]
o test1135: sync with recent API updates [54]
o test1459: disable for oldlibssh [53]
o test375: fix line endings on Windows [40]
o test386: Fix an incorrect test markup tag
o test718: edited slightly to return better HTTP [32]
o tests/server/util.h: align WIN32 condition with util.c [46]
o tests: refactor server/socksd.c to support --unix-socket [96]
o timediff.[ch]: add curlx helper functions for timeval conversions [86]
o tls: make mbedtls and NSS check for h2, not nghttp2 [70]
o tool and tests: force flush of all buffers at end of program [17]
o tool_cb_hdr: Turn the Location: into a terminal hyperlink [30]
o tool_getparam: error out on missing -K file [115]
o tool_listhelp.c: uppercase URL
o tool_operate: fix a scan-build warning [16]
o tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3) [97]
o transfer: redirects to other protocols or ports clear auth [109]
o unit1620: call global_init before calling Curl_open [125]
o url: check sasl additional parameters for connection reuse. [113]
o vtls: provide a unified APLN-disagree string for all backends [75]
o vtls: use a backend standard message for "ALPN: offers %s" [73]
o vtls: use a generic "ALPN, server accepted" message [72]
o winbuild/README.md: fixup dead link [36]
o winbuild: Add a Visual Studio example to the README [49]
o wolfssl: fix compiler error without IPv6 [25]
curl: update to 7.82.0. This release includes the following changes: o curl: add --json [67] o mesalink: remove support [23] This release includes the following bugfixes: o appveyor: update images from VS 2019 to 2022 o appveyor: use VS 2017 image for the autotools builds o azure-pipelines: add a build on Windows with libssh [154] o bearssl: fix connect error on expired cert and no verify [132] o bearssl: fix EXC_BAD_ACCESS on incomplete CA cert [131] o bearssl: fix session resumption (session id) [133] o build: enable -Warith-conversion o build: fix -Wenum-conversion handling o build: fix ngtcp2 crypto library detection [63] o checkprefix: remove strlen calls [128] o checksrc: fix typo in comment [34] o CI: move 'distcheck' job from zuul to azure pipelines [60] o CI: move scan-build job from Zuul to Azure Pipelines [59] o CI: move the NSS job from zuul to GHA [84] o ci: move the OpenSSL + c-ares job from Zuul to Circle CI [75] o CI: move the rustls CI job to GHA from Zuul [8] o CI: move two jobs from Zuul to Circle CI [73] o CI: test building wolfssl with --enable-opensslextra [42] o CI: workflows/wolfssl: install impacket [47] o circleci: add a job using libssh [121] o cirlceci: also run a c-ares job on arm with debug enabled [74] o cmake: fix iOS CMake project generation error [13] o cmdline-opts/gen.pl: fix option matching to improve references [50] o config.d: Clarify _curlrc filename is still valid on Windows [95] o configure.ac: use user-specified gssapi dir when using pkg-config [136] o configure: change output for cross-compiled alt-svc support [140] o configure: fix '--enable-code-coverage' typo [110] o configure: remove support for "embedded ares" [82] o configure: requires --with-nss-deprecated to build with NSS [114] o configure: set CURL_LIBRARY_PATH for nghttp2 [58] o configure: support specification of a nghttp2 library path [101] o configure: use correct CFLAGS for threaded resolver with xlC on AIX [54] o curl tool: erase some more sensitive command line arguments [22] o curl-functions.m4: fix LIBRARY_PATH adjustment to avoid eval [5] o curl-functions.m4: revert DYLD_LIBRARY_PATH tricks in CURL_RUN_IFELSE [9] o curl-openssl: fix SRP check for OpenSSL 3.0 [86] o curl-openssl: remove the OpenSSL headers and library versions check [35] o curl.h: fix typo [129] o curl: remove "separators" (when using globbed URLs) [32] o curl_getdate.3: remove pointless .PP line [68] o curl_multi_socket.3: remove callback and typical usage descriptions [7] o curl_url_set.3: mention when CURLU_ALLOW_SPACE was added o CURLMOPT_TIMERFUNCTION/DATA.3: fix the examples [27] o CURLOPT_PROGRESSFUNCTION.3: fix example struct assignment [147] o CURLOPT_RESOLVE.3: change example port to 443 o CURLOPT_XFERINFOFUNCTION.3: fix example struct assignment [153] o CURLOPT_XFERINFOFUNCTION.3: fix typo in example [81] o CURLSHOPT_LOCKFUNC.3: fix typo "relased" -> "released" [71] o des: fix compile break for OpenSSL without DES [141] o docs/cmdline-opts: add "mutexed" options for more http versions [25] o docs/DEPRECATE: remove NPN support in August 2022 [64] o docs: capitalize the name 'Netscape' [77] o docs: document HTTP/2 not insisting on TLS 1.2 [49] o docs: fix mandoc -T lint formatting complaints [2] o docs: update IETF links to use datatracker [41] o examples/curlx: support building with OpenSSL 1.1.0+ [148] o examples/multi-app.c: call curl_multi_remove_handle as well [19] o formdata: avoid size_t => long typecast overflows [37] o ftp: provide error message for control bytes in path [66] o gen.pl: terminate "example" sections better [4] o gha: add a macOS CI job with libssh [142] o gskit: Convert to using Curl_poll [111] o gskit: Fix errors from Curl_strerror refactor [113] o gskit: Fix initialization of Curl_ssl_gskit struct [112] o h2/h3: allow CURLOPT_HTTPHEADER change ":scheme" [88] o hostcheck: fixed to not touch used input strings [38] o hostcheck: reduce strlen calls on chained certificates [92] o hostip: avoid unused parameter error in Curl_resolv_check [144] o http2: move two infof calls to debug-h2-only [145] o http: make Curl_compareheader() take string length arguments too [87] o if2ip: make Curl_ipv6_scope a blank macro when IPv6-disabled [104] o KNOWN_BUGS: fix typo "libpsl" o ldap: return CURLE_URL_MALFORMAT for bad URL [24] o lib: remove support for CURL_DOES_CONVERSIONS [96] o libssh2: don't typecast socket to int for libssh2_session_handshake [151] o libssh: fix include files and defines use for Windows builds [156] o Makefile.am: Generate VS 2022 projects o maketgz: return error if 'make dist' fails [79] o mbedtls: enable use of mbedtls without CRL support [57] o mbedtls: enable use of mbedtls without filesystem functions support [100] o mbedtls: fix CURLOPT_SSLCERT_BLOB (again) o mbedtls: fix ssl_init error with mbedTLS 3.1.0+ [12] o mbedtls: remove #include <mbedtls/certs.h> [56] o mbedtls: return CURLcode result instead of a mbedtls error code [1] o md5: check md5_init_func return value o mime: use a define instead of the magic number 24 [89] o misc: allow curl to build with wolfssl --enable-opensslextra [43] o misc: remove BeOS code and references [30] o misc: remove the final watcom references [29] o misc: remove unused data when IPv6 is not supported [80] o mqtt: free 'sendleftovers' in disconnect [115] o mqtt: free any send leftover data when done [36] o multi: allow user callbacks to call curl_multi_assign [126] o multi: grammar fix in comment [69] o multi: remember connection_id before returning connection to pool [76] o multi: set in_callback for multi interface callbacks [28] o netware: remove support [72] o next.d. remove .fi/.nf as they are handled by gen.pl [3] o ngtcp2: adapt to changed end of headers callback proto [39] o ngtcp2: fix declaration of ‘result’ shadows a previous local [14] o ngtcp2: Reset dynbuf when it is fully drained [143] o nss: handshake callback during shutdown has no conn->bundle [55] o ntlm: remove unused feature defines [117] o openldap: fix compiler warning when built without SSL support [70] o openldap: implement SASL authentication [16] o openldap: pass string length arguments to client_write() [116] o openssl.h: avoid including OpenSSL headers here [15] o openssl: check if sessionid flag is enabled before retrieving session [125] o openssl: check SSL_get_ex_data to prevent potential NULL dereference [40] o openssl: check the return value of BIO_new_mem_buf() [18] o openssl: fix `ctx_option_t` for OpenSSL v3+ o openssl: fix build for version < 1.1.0 [134] o openssl: return error if TLS 1.3 is requested when not supported [45] o os400: Add function wrapper for system command [138] o os400: Add link to QADRT devkit to README.OS400 [137] o os400: Default build to target current release [139] o OS400: fix typos in rpg include file [149] o projects: add support for Visual Studio 17 (2022) [124] o projects: fix Visual Studio wolfSSL configurations o projects: remove support for MSVC before VC10 (Visual Studio 2010) [123] o quiche: after leaving h3_recving state, poll again [108] o quiche: change qlog file extension to `.sqlog` [44] o quiche: fix upload for bigger content-length [146] o quiche: handle stream reset [83] o quiche: remove two leftover debug infof() outputs o quiche: verify the server cert on connect [33] o quiche: when *recv_body() returns data, drain it before polling again [109] o README.md: fix links [118] o remote-header-name.d: clarify [10] o runtests.pl: disable debuginfod [51] o runtests.pl: properly print the test if it contains binary zeros o runtests.pl: support the nonewline attribute for the data part [21] o runtests.pl: tolerate test directories without Makefile.inc [98] o runtests: allow client/file to specify multiple directories o runtests: make 'rustls' a testable feature o runtests: make 'wolfssl' a testable feature [6] o runtests: set 'oldlibssh' for libssh versions before 0.9.5 [122] o rustls: add CURLOPT_CAINFO_BLOB support [26] o schannel: move the algIds array out of schannel.h [135] o scripts/cijobs.pl: output data about all currect CI jobs [78] o scripts/completion.pl: improve zsh completion [46] o scripts/copyright.pl: support many provided file names on the cmdline o scripts/delta: check the file delta for current branch o sectransp: mark a 3DES cipher as weak [130] o setopt: do bounds-check before strdup [99] o setopt: fix the TLSAUTH #ifdefs for proxy-disabled builds [53] o sha256: Fix minimum OpenSSL version [102] o smb: pass socket for writing and reading data instead of FIRSTSOCKET [90] o ssl: reduce allocated space for ssl backend when FTP is disabled [127] o test3021: disable all msys2 path transformation o test374: gif data without new line at the end [20] o tests/disable-scan.pl: properly detect multiple symbols per line [94] o tests/unit/Makefile.am: add NSS_LIBS to build with NSS fine [85] o tool_findfile: check ~/.config/curlrc too [17] o tool_getparam: DNS options that need c-ares now fail without it [31] o TPF: drop support [97] o unit1610: init SSL library before calling SHA256 functions [152] o url: exclude zonefrom_url when no ipv6 is available [103] o url: given a user in the URL, find pwd for that user in netrc [11] o url: keep trailing dot in host name [62] o url: make Curl_disconnect return void [48] o urlapi: handle "redirects" smarter [119] o urldata: CONN_IS_PROXIED replaces bits.proxy when proxy can be disabled [52] o urldata: remove conn->bits.user_passwd [105] o version_win32: fix warning for `CURL_WINDOWS_APP` [93] o vtls: fix socket check conditions [150] o vtls: pass on the right SNI name [61] o vxworks: drop support [65] o winbuild: add parameter WITH_SSH [120] o wolfssl: return CURLE_AGAIN for the SSL_ERROR_NONE case [106] o wolfssl: when SSL_read() returns zero, check the error [107] o write-out.d: Fix num_headers formatting o x509asn1: toggle off functions not needed for diff tls backends [91]
curl: Update MASTER_SITES and HOMEPAGE to follow redirects
curl: updated to 7.81.0
7.81.0
Changes:
mime: use percent-escaping for multipart form field and file names
Bugfixes:
asyn-ares: ares_getaddrinfo needs no happy eyeballs timer
azure: make the "w/o HTTP/SMTP/IMAP" build disable SSL proper
BINDINGS: add cURL client for PostgreSQL
BINDINGS: add one from Everything curl and update a link
checksrc: detect more kinds of NULL comparisons we avoid
CI: build examples for additional code verification
CI: bump job to use mbedtls 3.1.0
cmake: don't set _USRDLL on a static Windows build
cmake: prevent dev warning due to mismatched arg
cmake: private identifiers use CURL_ instead of CMAKE_ prefix
config.d: update documentation to match the path search
configure: add -lm to configure for rustls build.
configure: better diagnostics if hyper is built wrong
configure: don't enable TLS when --without-* flags are used
configure: fix runtime-lib detection on macOS
curl.1: require "see also" for every documented option
curl: improve error message for --head with -J
curl_easy_cleanup.3: remove from multi handle first
curl_easy_escape.3: call curl_easy_cleanup in example
curl_easy_unescape.3: call curl_easy_cleanup in example
curl_multi_init.3: fix EXAMPLE formatting
curl_multi_perform/socket_action.3: clarify what errors mean
curl_share_setopt.3: split out options into their own manpages
CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL
digest: compute user:realm:pass digest w/o userhash
docs/checksrc: Add documentation for STRERROR
docs/cmdline-opts: do not say "protocols: all"
docs/examples: workaround broken -Wno-pedantic-ms-format
docs/HTTP3: describe how to setup a h3 reverse-proxy for testing
docs/INSTALL.md: typo fix : added missing "get" verb
docs/URL-SYNTAX.md: space is not fine in a given URL
docs: add known bugs list to HTTP3.md
docs: address proselint nits
docs: consistent manpage SYNOPSIS
docs: fix dead links, remove ECH.md
docs: fix typo in OpenSSL 3 build instructions
docs: Update the Reducing Size section
example/progressfunc: remove code for old libcurls
examples/multi-single.c: remove WAITMS()
FAQ: typo fix : "yout" ➤ "your"
ftp: disable warning 4706 in MSVC
gen.pl: improve example output format
github workflow: add wolfssl (removed from zuul)
github/workflows: add mbedtls and mbedtls-clang (removed from zuul)
gtls: check return code for gnutls_alpn_set_protocols
hash: lazy-alloc the table in Curl_hash_add()
http2:set_transfer_url() return early on OOM
HTTP3: update quiche build instructions
http: enable haproxy support for hyper backend
http: Fix CURLOPT_HTTP200ALIASES
http_proxy: don't close the socket (too early)
insecure.d: detail its use for SFTP and SCP as well
insecure.d: expand and clarify
libcurl-multi.3: "SOCKS proxy handshakes" are not blocking
libcurl-security.3: mention address and URL mitigations
libssh2: fix error message for sha256 mismatch
libtest: avoid "assignment within conditional expression"
lift: ignore is a deprecated config option, use ignoreRules
linkcheck.yml: add CI job that checks markdown links
m4/curl-compilers: tell clang -Wno-pointer-bool-conversion
Makefile.m32: rename -winssl option to -schannel and tidy up
mbedTLS: add support for CURLOPT_CAINFO_BLOB
mbedtls: fix CURLOPT_SSLCERT_BLOB
mbedtls: fix private member designations for v3.1.0
misc: remove unused doh flags when CURL_DISABLE_DOH is defined
misc: s/e-mail/email
multi: cleanup the socket hash when destroying it
multi: handle errors returned from socket/timer callbacks
multi: shut down CONNECT in Curl_detach_connnection
netrc.d: edit the .netrc example to look nicer
ngtcp2: verify the server cert on connect (quictls)
ngtcp2: verify the server certificate for the gnutls case
nss:set_cipher don't clobber the cipher list
openldap: implement STARTTLS
openldap: process search query response messages one by one
openldap: several minor improvements
openldap: simplify ldif generation code
openssl: check the return value of BIO_new()
openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+
openssl: remove `RSA_METHOD_FLAG_NO_CHECK` handling if unavailable
openssl: remove usage of deprecated `SSL_get_peer_certificate`
openssl: use non-deprecated API to read key parameters
page-footer: add a mention of how to report bugs to the man page
page-footer: document more environment variables
request.d: refer to 'method' rather than 'command'
retry-all-errors.d: make the example complete
runtests: make the SSH library a testable feature
rustls: read of zero bytes might be okay
rustls: remove comment about checking handshaking
rustls: remove incorrect EOF check
sha256/md5: return errors when init fails
socks5: use appropriate ATYP for numerical IP address host names
test1156: enable for hyper
test1156: fixup the stdout check for Windows
test1525: tweaked for hyper
test1526: enable for hyper
test1527: enable for hyper
test1528: enable for hyper
test1554: adjust for hyper
test1556: adjust for hyper
test302[12]: run only with the libssh2 backend
test661: enable for hyper
tests/CI.md: add more information on CI environments
tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256
tftp: mark protocol as not possible to do over CONNECT
tool_findfile: updated search for a file in the homedir
tool_operate: only set SSH related libcurl options for SSH URLs
tool_operate: warn if too many output arguments were found
url.c: fix the SIGPIPE comment for Curl_close
url: check ssl_config when re-use proxy connection
url: reduce ssl backend count for CURL_DISABLE_PROXY builds
urlapi: accept port number zero
urlapi: if possible, shorten given numerical IPv6 addresses
urlapi: provide more detailed return codes
urlapi: reject short file URLs
version_win32: Check build number and platform id
vtls/rustls: adapt to the updated rustls_version proto
writeout: fix %{http_version} for HTTP/3
x509asn1: return early on errors
zuul.d: update rustls-ffi to version 0.8.2
zuul: fix quiche build pointing to wrong Cargo
revbump for icu and libffi
curl: updated to 7.80.0 Fixed in 7.80.0 Changes: CURLOPT_MAXLIFETIME_CONN: maximum allowed lifetime for conn reuse CURLOPT_PREREQFUNCTION: add new callback libssh2: add SHA256 fingerprint support urlapi: add curl_url_strerror() urlapi: support UNC paths in file: URLs on Windows wolfssl: allow setting of groups/curves Bugfixes: .github: retry macos "brew install" command on failure aws-sigv4: make signature work when post data is binary BINDINGS: URL updates build: remove checks for WinSock 1 c-hyper: don't abort CONNECT responses early when auth-in-progress c-hyper: make Curl_http propagate errors better c-hyper: make CURLOPT_SUPPRESS_CONNECT_HEADERS work c-hyper: make test 217 run c-hyper: use hyper_request_set_uri_parts to make h2 better checksrc: ignore preprocessor lines CI/makefiles: introduce dedicated test target ci: update Lift config to match requirements of curl build cirrus: remove FreeBSD 11.4 from the matrix cirrus: switch to openldap24-client cleanup: constify unmodified static structs cmake: add CURL_ENABLE_SSL option cmake: fix error getting LOCATION property on non-imported target CMake: restore support for SecureTransport on iOS cmake: with OpenSSL, define OPENSSL_SUPPRESS_DEPRECATED cmdline-opts: made the 'Added:' field mandatory configure.ac: replace krb5-config with pkg-config configure: when hyper is selected, deselect nghttp2 connect: use sysaddr_un from sys/un.h or custom-defined for windows curl-confopts.m4: remove --enable/disable-hidden-symbols curl-openssl.m4: modify library order for openssl linking curl-openssl: pass argument to sed single-quoted curl.1: remove mentions of really old version changes curl: actually append "-" to --range without number only curl: correct grammar in generated libcurl code curl: print help descriptions in an aligned right column curl_gssapi: fix link error on macOS Monterey curl_multi_socket_action.3: add a "RETURN VALUE" section curl_ntlm_core: use OpenSSL only if DES is available Curl_updateconninfo: store addresses for QUIC connections too CURLOPT_ALTSVC_CTRL.3: mention conn reuse is preferred CURLOPT_HSTSWRITEFUNCTION.3: using CURLOPT_HSTS_CTRL is required CURLOPT_HTTPHEADER.3: add descripion for specific headers docs/HTTP3: improve build instructions docs/Makefile.am: repair 'make html' docs: fix typo in CURLOPT_TRAILERFUNCTION example docs: provide "RETURN VALUE" section for more func manpages docs: reduce use of "very" doh: remove experimental code for DoH with GET examples/htmltidy: correct wrong printf() use examples/imap-append: fix end-of-data check ftp: make the MKD retry to retry once per directory gen.pl: insert the current date and version in generated man page gen.pl: replace leading single quotes with \(aq http2: make getsock not wait for write if there's no remote window HTTP3: fix the HTTP/3 Explained book link http: fix Basic auth with empty name field in URL http: reject HTTP response codes < 100 http: remove assert that breaks hyper http: set content length earlier http_proxy: make hyper CONNECT() return the correct error code http_proxy: multiple CONNECT with hyper done better hyper: disable test 1294 since hyper doesn't allow such crazy headers hyper: does not support disabling CURLOPT_HTTP_TRANSFER_DECODING hyper: pass the CONNECT line to the debug callback imap: display quota information INSTALL: update symbol hiding option lib/mk-ca-bundle.pl: skip certs passed Not Valid After date lib: avoid fallthrough cases in switch statements libcurl.rc: switch out the copyright symbol for plain ASCII libssh2: Get the version at runtime if possible limit-rate.d: this is average over several seconds llist: remove redundant code, branch will not be executed Makefile.m32: fix to not require OpenSSL with -libssh2 or -rtmp options maketgz: redirect updatemanpages.pl output to /dev/null man pages: require all to use the same section header order manpage: adjust the asterisk in some SYNOPSIS sections md5: fix compilation with OpenSSL 3.0 API misc: fix a few issues on MidnightBSD misc: fix typos in docs and comments ngtcp2: advertise h3 as well as h3-29 ngtcp2: compile with the latest nghttp3 ngtcp2: specify the missing required callback functions ngtcp2: use latest QUIC TLS RFC9001 NTLM: use DES_set_key_unchecked with OpenSSL openssl: if verifypeer is not requested, skip the CA loading openssl: with OpenSSL 1.1.0+ a failed RAND_status means goaway Revert "src/tool_filetime: disable -Wformat on mingw for this file" sasl: binary messages schannel: fix memory leak due to failed SSL connection scripts/delta: count command line options in the new file sendf: accept zero-length data in Curl_client_write() sha256: use high-level EVP interface for OpenSSL smooth-gtk-thread.c: enhance the mutex lock use sws: fix memory leak on exit test1160: edited to work with hyper test1173: make manpage-syntax.pl spot \n errors in examples test1185: verify checksrc test1266/1267: disabled on hyper: no HTTP/0.9 support test1287: make work on hyper test207: accept a different error code for hyper test262: don't attempt with hyper test552: updated to work with hyper test559: add 'HTTP' in keywords tests/smbserver.py: fix compatibility with impacket 0.9.23+ tests: add Schannel-specific tests and disable unsupported ones tests: disable test 2043 tests: kill some test servers afterwards to avoid locked logfiles tests: use python3 in test 1451 tls: remove newline from three infof() calls tool_cb_prg: make resumed upload progress bar show better tool_listhelp: easier generated with gen.pl tool_main: fix typo in comment tool_operate: a failed etag save now only fails that transfer URL-SYNTAX: add IMAP UID SEARCH example url: check the return value of curl_url() url: set "k->size" -1 at start of request urlapi: skip a strlen(), pass in zero urlapi: URL decode percent-encoded host names version_win32: use actual version instead of manifested version vtls: Fix a memory leak if an SSL session cannot be added to the cache wolfssl: use for SHA256, MD4, MD5, and setting DES odd parity zuul: pin the quiche build to use an older cmake-rs
*: recursive bump for heimdal 7.7.0 its buildlink3.mk now includes openssl's buildlink3.mk
revbump for boost-libs
curl: updated to 7.79.1 Fixed in 7.79.1 Bugfixes: Curl_http2_setup: don't change connection data on repeat invokes curl_multi_fdset: make FD_SET() not operate on sockets out of range dist: provide lib/.checksrc in the tarball FAQ: add GOPHERS + curl works on data, not files hsts: CURLSTS_FAIL from hsts read callback should fail transfer hsts: handle unlimited expiry http: fix the broken >3 digit response code detection strerror: use sys_errlist instead of strerror on Windows test1184: disable tests/sshserver.pl: make it work with openssh-8.7p1
curl: update to 7.79.0. This release includes the following changes: o bearssl: support CURLOPT_CAINFO_BLOB [3] o http: consider cookies over localhost to be secure [24] o secure transport: support CURLINFO_CERTINFO [63] This release includes the following bugfixes: o CVE-2021-22945: clear the leftovers pointer when sending succeeds [112] o CVE-2021-22946: do not ignore --ssl-reqd [111] o CVE-2021-22947: reject STARTTLS server response pipelining [110] o ares: use ares_getaddrinfo() [51] o asyn-ares.c: move all version number checks to the top o auth: do not append zero-terminator to authorisation id in kerberos [32] o auth: properly handle byte order in kerberos security message [36] o auth: use sasl authzid option in kerberos [34] o auth: we do not support a security layer after kerberos authentication [35] o BINDINGS.md: update links to use https where available [50] o build: fix compiler warnings [39] o c-hyper: deal with Expect: 100-continue combined with POSTFIELDS [66] o c-hyper: fix header value passed to debug callback [46] o c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection [65] o c-hyper: initial step for 100-continue support [43] o c-hyper: initial support for "dumping" 1xx HTTP responses [40] o c-hyper: remove the hyper_executor_poll() loop from Curl_http [13] o CI/cirrus: reduce compile time with increased parallism [19] o CI: use GitHub Container Registry instead of Docker Hub [47] o cirrus: Add FreeBSD 13.0 job and disable sanitizer build [128] o cmake: avoid poll() on macOS [59] o cmake: sync CURL_DISABLE options [55] o codeql: fix error "Resource not accessible by integration" [61] o compressed.d: it's a request, not an order [21] o config.d: escape the backslash properly [81] o config.d: note that curlrc is used even when --config [107] o config: get rid of the unused HAVE_SIG_ATOMIC_T et. al. o configure.ac: revert bad nghttp2 library detection improvements [9] o configure: error out if both ngtcp2 and quiche are specified [30] o configure: make --disable-hsts work [106] o configure: set classic mingw minimum OS version to XP [83] o configure: tweak nghttp2 library name fix [2] o connect: get local port + ip also when reusing connections [95] o connect: remove superfluous conditional [23] o curl-openssl.m4: check lib64 for the pkg-config file [14] o curl-openssl.m4: show correct output for OpenSSL v3 [75] o curl.1: mention "global" flags [7] o curl.1: provide examples for each option [99] o curl: add warning for ignored data after quoted form parameter [60] o curl: add warning for incompatible parameters usage [102] o curl: better error message when -O fails to get a good name [88] o curl: stop retry if Retry-After: is longer than allowed [104] o curl_easy_setopt.3: improve the string copy wording [89] o Curl_hsts_loadcb: don't attempt to load if hsts wasn't inited [116] o curl_setup.h: sync values for HTTP_ONLY [82] o curl_url_get.3: clarify about path and query [45] o CURLMOPT_TIMERFUNCTION.3: remove misplaced "time" [5] o CURLOPT_DOH_URL.3: CURLOPT_OPENSOCKETFUNCTION is not inherited [8] o CURLOPT_SSL_CTX_*.3: tidy up the example [15] o CURLOPT_UNIX_SOCKET_PATH.3: remove nginx reference, add see also [90] o docs/MQTT: update state of username/password support [4] o docs: remove experimental mentions from HSTS and MQTT [93] o docs: the security list is reached at security at curl.se now [124] o easy: use a custom implementation of wcsdup on Windows [31] o examples/*hiperfifo.c: fix calloc arguments to match function proto [103] o examples/cookie_interface: avoid printfing time_t directly [18] o examples/cookie_interface: fix scan-build printf warning [16] o examples/ephiperfifo.c: simplify signal handler [42] o FAQ: add two dev related questions [108] o getparameter: fix the --local-port number parser [58] o happy-eyeballs-timeout-ms.d: polish the wording [10] o hostip: Make Curl_ipv6works function independent of getaddrinfo [26] o http2: Curl_http2_setup needs to init stream data in all invokes [119] o http2: revert a change that broke upgrade to h2c [57] o http2: revert call the handle-closed function correctly on closed stream [25] o http: disallow >3-digit response codes [80] o http: ignore content-length if any transfer-encoding is used [101] o http_proxy: clear 'sending' when the outgoing request is sent [6] o http_proxy: fix the User-Agent inclusion in CONNECT [115] o http_proxy: fix user-agent and custom headers for CONNECT with hyper [38] o http_proxy: only wait for writable socket while sending request [78] o INTERNALS: bump c-ares requirement to 1.16.0 o INTERNALS: c-ares has a new home: c-ares.org o lib: don't use strerror() [127] o libcurl-errors.3: clarify two CURLUcode errors [72] o limit-rate.d: clarify base unit [17] o mailing lists: move from cool.haxx.se to lists.haxx.se o mbedtls: avoid using a large buffer on the stack [105] o mbedTLS: initial 3.0.0 support [33] o mbedtls_threadlock: fix unused variable warning [11] o mksymbolsmanpage.pl: Fix showing symbol's last used version [76] o mksymbolsmanpage.pl: match symbols case insenitively [77] o multi: fix compiler warning with `CURL_DISABLE_WAKEUP` [96] o ngtcp2: compile with the latest ngtcp2 and nghttp3 [12] o ngtcp2: fix build with ngtcp2 and nghttp3 [117] o ngtcp2: remove the acked_crypto_offset struct field init [64] o ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read [28] o ngtcp2: reset the oustanding send buffer again when drained [53] o ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream [29] o ngtcp2: stop buffering crypto data [85] o ngtcp2: utilize crypto API functions to simplify [52] o openssl: annotate SSL3_MT_SUPPLEMENTAL_DATA [98] o openssl: when creating a new context, there cannot be an old one [48] o opt-docs: make sure all man pages have examples [92] o opt-docs: verify man page sections + order [91] o opts docs: unify phrasing in NAME header [126] o output.d: add method to suppress response bodies [49] o page-header: add GOPHERS, simplify wording in the 1st para [94] o progress: fix a compile warning on some systems [54] o progress: make trspeed avoid floats [100] o runtests: add option -u to error on server unexpectedly alive [125] o schannel: Work around typo in classic mingw macro [84] o scripts: invoke interpreters through /usr/bin/env [68] o setopt: enable CURLOPT_IGNORE_CONTENT_LENGTH for hyper [70] o strerror.h: remove the #include from files not using it o symbols-in-versions: fix CURLSSLBACKEND_QSOSSL last used version [73] o test1138: remove trailing space to make work with hyper [71] o test1173: check references to libcurl options [69] o test1280: CRLFify the response to please hyper [86] o test1565: fix windows build errors [27] o test365: verify response with chunked AND Content-Length headers o tests/*server.pl: flush output before executing subprocess [41] o tests/*server.py: remove pidfile on server termination [1] o tests/runtests.pl: cleanup copy&paste mistakes and unused code o tests/server/*.c: align handling of portfile argument and file [56] o tests: adjust the tftpd output to work with hyper mode [97] o tests: be explicit about using 'python3' instead of 'python' [67] o tests: enable test 1129 for hyper builds [87] o tests: make three tests pass until 2037 [22] o tool/tests: fix potential year 2038 issues [20] o tool_operate: Fix --fail-early with parallel transfers [62] o url: fix compiler warning in no-verbose builds [120] o urlapi.c:seturl: assert URL instead of using if-check [74] o vtls: fix typo in schannel_verify.c [44] o winbuild/README.md: clarify GEN_PDB option o wolfssl: clean up wolfcrypt error queue [79] o write-out.d: clarify size_download/upload [118] o x509asn1: fix heap over-read when parsing x509 certificates [37]
curl: Update to 7.78.0 Changes: 7.78.0 ------ This release includes the following changes: o curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE o CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax o hostip: make 'localhost' return fixed values o mbedtls: add support for cert and key blob options o metalink: remove all support for it o mqtt: add support for username and password This release includes the following bugfixes: o --socks4[a]: clarify where the host name is resolved o ares: always store IPv6 addresses first o asyn-ares: remove check for 'data' in Curl_resolver_cancel o bearssl: explicitly initialize all fields of Curl_ssl o bearssl: remove incorrect const on variable that is modified o build: fix compiler warnings when CURL_DISABLE_VERBOSE_STRINGS o c-hyper: abort CONNECT response reading early on non 2xx responses o c-hyper: add support for transfer-encoding in the request o c-hyper: bail on too long response headers o c-hyper: clear NTLM auth buffer when request is issued o c-hyper: convert HYPERE_INVALID_PEER_MESSAGE to CURLE_UNSUPPORTED_PROTOCOL o c-hyper: fix NTLM on closed connection tested with test159 o c-hyper: fix the uploaded field in progress callbacks o c-hyper: handle NULL from hyper_buf_copy() o c-hyper: support CURLINFO_STARTTRANSFER_TIME o c-hyper: support CURLOPT_HEADER o ccsidcurl: fix the compile errors o CI/cirrus: install impacket from PyPI instead of FreeBSD packages o CI: add bearssl build o CI: add Circle CI o CI: add jobs using Zuul o CI: delete --enable-hsts option (it is the default now) o CI: remove travis details o cleanup: spell DoH with a lowercase o o cmake: add CURL_DISABLE_NTLM option o cmake: avoid leaking absolute paths into exported config o cmake: fix IoctlSocket FIONBIO check o cmake: fix support for UnixSockets feature on Win32 o cmake: remove libssh2 feature checks o cmake: try well-known send/recv signature for Apple o configure.ac: make non-executable o configure/cmake: remove checks for many unused functions o configure: add --disable-ntlm option o configure: disable RTSP when hyper is selected o configure: do not strip out debug flags o configure: fix nghttp2 library name for static builds o configure: inhibit the implicit-fallthrough warning on gcc-12 o configure: rename get-easy-option configure option to get-easy-options o conn_shutdown: if closed during CONNECT cleanup properly o conncache: lowercase the hash key for better match o cookies: track expiration in jar to optimize removals o copyright: add boiler-plate headers to CI config files o crustls: bump crustls version and use new URL o curl.h: <sys/select.h> is supported by VxWorks7 o curl.h: include sys/select.h for NuttX RTOS o curl: ignore blank --output-dir o curl_endian: remove the unused Curl_write64_le function o curl_multibyte: Remove local encoding fallbacks o Curl_ntlm_core_mk_nt_hash: fix OOM in error path o Curl_ssl_getsessionid: fail if no session cache exists o CURLOPT_WRITEFUNCTION.3: minor update of the example o docs/BINDINGS: fix outdated links o docs/examples: use curl_multi_poll() in multi examples o docs/INSTALL: remove mentions of configure --with-darwin-ssl o docs: document missing arguments to commands o docs: fix inconsistencies in EGDSOCKET documentation o docs: fix incorrect argument name reference o docs: Fix typos o docs: make docs for --etag-save match the program behaviour o docs: use --max-redirs instead of --max-redir o doh: (void)-prefix call to curl_easy_setopt o doh: fix wrong DEBUGASSERT for doh private_data o easy: during upkeep, attach Curl_easy to connections in the cache o examples/multi-single: fix scan-build warning o examples: length-limit two sscanf() uses of %s o examples: safer and more proper read callback logic o filecheck: quietly remove test-place/*~ o formdata: avoid "Argument cannot be negative" warning o formdata: correct typecast in curl_mime_data call o GHA: add a linux-hyper job o GHA: add several libcurl tests to the hyper job o GHA: run the newly fixed tests with hyper o github: timeout jobs on macOS after 90 minutes o glob: pass an 'int' as len when using printf's %*s o gnutls: set the preferred TLS versions in correct order o GOVERNANCE: add 'user', 'committer' and 'contributor' o hostip: (macOS) free returned memory of SCDynamicStoreCopyProxies o hostip: bad CURLOPT_RESOLVE syntax now returns error o hsts: ignore numberical IP address hosts o HSTS: not experimental anymore o http2: clarify 'Using HTTP2' verbose message o http2: init recvbuf struct for pushed streams o http2_connisdead: handle trailing GOAWAY better o http: fix crash in rate-limited upload o http: make the haproxy support work with unix domain sockets o http_proxy: deal with non-200 CONNECT response with Hyper o hyper: propagate errors back up from read callbacks o HYPER: remove mentions of deprecated development branch o idn: fix libidn2 with windows unicode builds o infof: remove newline from format strings, always append it o lib: don't compare fd to FD_SETSIZE when using poll o lib: fix compiler warnings with CURL_DISABLE_NETRC o lib: fix type of len passed to *printf's %*s o lib: more %u for port and int for %*s fixes o lib: use %u instead of %ld for port number printf o libcurl-security.3: mention file descriptors and forks o libssh2: limit time a disconnect can take to 1 second o mbedtls: make mbedtls_strerror always work o mbedtls: Remove unnecessary include o mqtt: detect illegal and too large file size o mqtt: extend the error message for no topic o msnprintf: return number of printed characters excluding null byte o multi: add scan-build-6 work-around in curl_multi_fdset o multi: alter transfer timeout ordering o multi: do not switch off connect_only flag when closing o multi: fix crash in curl_multi_wait / curl_multi_poll o netrc: skip 'macdef' definitions o ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS o openssl: avoid static variable for seed flag o openssl: don't remove session id entry in disassociate o pinnedpubkey.d: fix formatting for version support lists o proto.d: fix formatting for paragraphs after margin changes o quiche: use send() instead of sendto() to avoid macOS issue o Revert "c-hyper: handle body on HYPER_TASK_EMPTY" o Revert "ftp: Expression 'ftpc->wait_data_conn' is always false" o runtests: also find the last test in Makefile.inc o runtests: enable 'hyper mode' only for HTTP tests o runtests: init $VERSION to avoid warnings when using -l o runtests: parse data/Makefile.inc instead of using make o runtests: skip disabled tests unless -f is used o rustls: remove native_roots fallback o schannel: set ALPN length correctly for HTTP/2 o SChannel: Use '_tcsncmp()' instead o sectransp: check for client certs by name first, then file o setopt: fix incorrect comments o socketpair: fix potential hangs o socks4: scan for the IPv4 address in resolve results o ssl: read pending close notify alert before closing the connection o sws: malloc request struct instead of using stack o telnet: fix option parser to not send uninitialized contents o test1116: hyper doesn't pass through "surprise-trailers" o test1147: hyper doesn't allow "crazy" request headers like built-in o test1151: added missing CRLF to work with hyper o test1216: adjusted for hyper mode o test1218: adjusted for hyper mode o test1230: adjust to work in hyper mode o test1340/1341: adjusted for hyper mode o test1438/1457: add HTTP keyword to make hyper mode work o test1514: add a CRLF to the response to make it correct o test1518: adjusted to work with hyper o test1519: adjusted to work with hyper o test1594/1595/1596: fix to work in hyper mode o test269: disable for hyper o test3010: work with hyper mode o test328: avoid a header-looking body to make hyper mode work o test339: CRLFify better to work in hyper mode o test347: CRLFify to work in hyper mode o test393: make Content-Length fit within 64 bit for hyper o test394: hyper returns a different error o test395: hyper cannot work around > 64 bit content-lengths like built-in o test433: adjust for hyper mode o test434: add HTTP keyword o test500: adjust to work with hyper mode o test566: adjust to work with hyper mode o test599: adjusted to work in hyper mode o test644: remove as duplicate of test 587 o tests: fix Accept-Encoding strips to work with Hyper builds o TLS: prevent shutdown loops to get stuck o tool: make _lseeki64() macro work with the PellesC compiler o tool_help: document that --tlspassword takes a password o tool_help: remove unused define o url.c: remove two variable assigns that are never read o url: (void)-prefix a curl_url_get() call o url: bad CURLOPT_CONNECT_TO syntax now returns error o version: turn version number functions into returning void o vtls: exit addsessionid if no cache is inited o vtls: fix connection reuse checks for issuer cert and case sensitivity o vtls: only store TIMER_APPCONNECT for non-proxy connect o vtls: use free() not curl_free() o warnless: simplify type size handling o Win32: fix build with Watt-32 o winbuild/README: VC should be set to 6 'or larger' o winbuild: support alternate nghttp2 static lib name o wolfssl: failing to set a session id is not reason to error out o write-out.d: clarify urlnum is not unique for de-globbed URLs o zuul: use the new rustls directory name
curl: update to 7.77.0. curl and libcurl 7.77.0 This release includes the following changes: o configure: make the TLS library choice(s) explicit [3] o curl: ignore options asking for SSLv2 or SSLv3 [10] o hsts: enable by default [8] o SSL: support in-memory CA certs for some backends [85] o vtls: refuse setting any SSL version [9] This release includes the following bugfixes: o CVE-2021-22297: schannel cipher selection surprise [132] o CVE-2021-22298: TELNET stack contents disclosure [131] o CVE-2021-22901: TLS session caching disaster [130] o AmigaOS: add functions definitions for SHA256 [126] o build: fix compilation for Windows UWP platform [82] o c-hyper: don't write to set.writeheader if null [67] o c-hyper: fix handling of zero-byte chunk from hyper [39] o c-hyper: handle body on HYPER_TASK_EMPTY [104] o checksrc: complain on == NULL or != 0 checks in conditions [20] o CI/cirrus: add shared and static Windows release builds [102] o cmake: add CURL_ENABLE_EXPORT_TARGET option [133] o cmake: check for getppid and utimes [87] o cmake: detect CURL_SA_FAMILY_T [124] o cmake: fix two invokes result in different curl_config.h [123] o cmake: make libcurl output filename configurable [41] o cmake: Use multithreaded compilation on VS 2008+ [122] o config: remove now-unused macros [107] o configure: if asked for, fail if ldap is not found [109] o configure: provide --with-openssl, deprecate --with-ssl [15] o conn: add 'attach' to protocol handler, make libssh2 use it [119] o connect: use CURL_SA_FAMILY_T for portability [34] o ConnectionExists: respect requests for h1 connections better o cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies [1] o curl-wolfssl.m4: without custom include path, assume /usr/include [116] o curl: include libmetalink version in --version output [111] o Curl_http_header: check for colon when matching Persistent-Auth [51] o Curl_http_input_auth: require valid separator after negotiation type [52] o Curl_input_digest: require space after Digest [50] o curl_mprintf.3: add description [73] o curl_setup: provide the shutdown flags wider [33] o curl_url_set.3: add memory management information [38] o CURLcode: add CURLE_SSL_CLIENTCERT [47] o CURLOPT_CAPATH.3: defaults to a path, not NULL [103] o CURLOPT_IPRESOLVE: preventing wrong IP version from being used [125] o CURLOPT_POSTFIELDS.3: clarify how it gets the size of the data [40] o data_pending: check only SECONDARY socket for FTP(S) transfers [117] o docs/TheArtOfHttpScripting: fix markdown links [129] o docs: camelcase it like GitHub everywhere [62] o docs: cookies from HTTP headers need domain set [121] o docs: fix typo in fail-with-body doc [63] o docs: improve INTERNALS.md regarding getsock cb [105] o docs: replace dots with dashes in markdown enums [101] o easy: ignore sigpipe in curl_easy_send [69] o FILEFORMAT: mention sectransp as a feature [89] o GIT-INFO: suggest using autoreconf instead of buildconf [96] o github: add a workflow with libssh2 on macOS using cmake [81] o github: inhibit deprecated declarations for clang on macOS [118] o GnuTLS: don't allow TLS 1.3 for versions that don't support it [77] o gnutls: make setting only the MAX TLS allowed version work [83] o gskit: fix CURL_DISABLE_PROXY build [57] o gskit: fix undefined reference to 'conn' [58] o hostip.h: remove declaration of unimplemented function [108] o hostip: remove the debug code for LocalHost [113] o http2: call the handle-closed function correctly on closed stream [37] o http2: fix a resource leak in push_promise() [54] o http2: fix resource leaks in set_transfer_url() [55] o http2: make sure pause is done on HTTP [120] o http2: move the stream error field to the per-transfer storage [36] o http2: skip immediate parsing of payload following protocol switch [90] o http2: use nghttp2_session_upgrade2 instead of nghttp2_session_upgrade [91] o HTTP3.md: fix nghttp2's HTTP/3 server port [21] o HTTP3.md: make the ngtcp2 build use the quictls fork [98] o http: deal with partial CONNECT sends [97] o http: fix the check for 'Authorization' with Bearer [53] o http: limit the initial send amount to used upload buffer size [99] o http: reset the header buffer when sending the request [61] o http: use offsets inst of integer literals for header parsing [95] o INSTALL: add IBM i specific quirks [75] o krb5/name_to_level: replace checkprefix with curl_strequal [49] o krb5: don't use 'static' to store PBSZ size response [23] o krb5: remove the unused 'overhead' function [35] o lib/hostip6.c: make NAT64 address synthesis on macOS work [135] o lib1564.c: enable last wakeup test part on Windows [26] o lib: fix 0-length Curl_client_write calls [60] o lib: fix some misuse of curlx_convert_UTF8_to_tchar [64] o libcurl-security.3: be careful of setuid [66] o libcurl-security.3: don't try to filter IPv4 hosts based on the URL [71] o libcurl.3: mention the URL API [76] o libssh2: fix Value stored to 'sshp' is never read [13] o libssh2: ignore timeout during disconnect [45] o libssh: fix "empty expression statement has no effect" warnings [7] o libtest: remove lib530.c [88] o m4: add security frameworks on Mac when compiling rustls [31] o multi: don't close connection HTTP_1_1_REQUIRED o multi: fix slow write/upload performance on Windows [27] o multi: reduce Win32 API calls to improve performance [28] o ngtcp2: fix the cb_acked_stream_data_offset proto [46] o NSS: add ciphers to map [30] o NSS: make colons, commas and spaces valid separators in cipher list [106] o nss_set_blocking: avoid static for sock_opt [72] o ntlm: precaution against super huge type2 offsets [65] o openldap: protect SSL-specific code with proper #ifdef [12] o openldap: replace ldap_ prefix on private functions [84] o openssl: fix build error with OpenSSL < 1.0.2 [4] o openssl: remove unneeded cast for CertOpenSystemStore() [93] o os400: additional support for options metadata [24] o progress: fix scan-build-11 warnings [92] o progress: reset limit_size variables at transfer start [114] o progress: when possible, calculate transfer speeds with microseconds [48] o README.md: delete Codacy UTM parameters [5] o Revert "Revert 'multi: implement wait using winsock events'" [26] o rustls: only return CURLE_AGAIN when TLS session is fully drained [2] o rustls: use ALPN [56] o sasl: use 'unsigned short' to store mechanism [112] o schannel: Disable auto credentials; add an option to enable it [18] o schannel: Support strong crypto option [44] o sectransp: allow cipher name to be specified [29] o sectransp: fix EXC_BAD_ACCESS caused by uninitialized buffer [136] o sigpipe: ignore SIGPIPE when using wolfSSL as well [70] o sockfilt: avoid getting stuck waiting for writable socket [80] o sockfilt: fix invalid increment of handles index variable nfd [79] o sws: #ifdef S_IFSOCK use [32] o sws: allow HTTP requests up to 2MB in size [100] o test server: take care of siginterrupt() deprecation [25] o test2100: make it run with and require IPv6 [127] o tests/disable-scan.pl: also scan all m4 files [17] o tests/getpart: generate output URL encoded for better diffs [128] o tests: ignore case of chunked hex numbers in tests [86] o tls: add USE_HTTP2 define [59] o tool_getparam: handle failure of curlx_convert_tchar_to_UTF8() [78] o tool_getparam: replace (in-place) '%20' by '+' according to RFC1866 [14] o tool_operate: don't discard failed parallel transfer result [16] o tool_writeout: fix the HTTP_CODE json output [11] o travis: disable the failing libssh build [94] o URL-SYNTAX: update IDNA section for WHATWG spec changes [74] o urlapi: "normalize" numerical IPv4 host names [6] o vauth: factor base64 conversions out of authentication procedures [22] o version: add gsasl_version to curl_version_info_data [43] o version: add OpenLDAP version in the output [110] o vtls: deduplicate some DISABLE_PROXY ifdefs [19] o vtls: reset ssl use flag upon negotiation failure [42] o wolfssl: handle SSL_write() returns 0 for error [68] o wolfssl: remove SSLv3 support leftovers [115]
*: recursive bump for perl 5.34
revbump for boost-libs
curl: updated to 7.76.1 7.76.1 Bugfixes: configure: disable min version set for Darwin configure: include <time.h> unconditionally configure: remove use of RETSIGTYPE docs/HTTP3.md: update the build instruction using gnutls examples/hiperfifo.c: check event_initialized before delete file: support GETing directories again github/workflow: add "security-extended" to codeql-analysis.yml h2: allow 100 streams by default hostip: fix builds that disable all asynchronous DNS http_proxy: only loop on 407 + close if we have credentials install: add instructions for Apple Darwin platforms lib: remove unused HAVE_INET_NTOA_R* defines libssh: get rid of PATH_MAX ngtcp2+gnutls: clear credentials when freed ngtcp2: Use ALPN h3-29 for now ntlm: fix negotiated flags usage ntlm: support version 2 on 32-bit platforms openssl: fix CURLOPT_SSLCERT_BLOB without CURLOPT_SSLCERT_KEY TLS: fix HTTP/2 selection tool_progress: fix progress meter final update in parallel mode typecheck-gcc: make the ssl-ctx-cb check use SSL_CTX pointers
Pullup ticket #6435 - requested by leot
www/curl: security update
Revisions pulled up:
- www/curl/Makefile 1.240
- www/curl/PLIST 1.85
- www/curl/distinfo 1.169
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: leot
Date: Wed Mar 31 09:52:31 UTC 2021
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
Log Message:
curl: Update to 7.76.0
Changes:
7.76.0
===
This release includes the following changes:
o cookies: Support multiple -b parameters
o curl: add --fail-with-body
o doh: add options to disable ssl verification
o http: add support to read and store the referrer header
o sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl
o vtls: initial implementation of rustls backend
This release includes the following bugfixes:
o CVE-2021-22876: strip credentials from the auto-referer header field
o CVE-2021-22890: add 'isproxy' argument to Curl_ssl_get/addsessionid()
o asyn-ares: use consistent resolve error message
o BUG-BOUNTY: removed the cooperation mention
o build: delete unused feature guards
o build: fix --disable-dateparse
o build: fix --disable-http-auth
o build: remove all traces of USE_BLOCKING_SOCKETS
o c-hyper: Remove superfluous pointer check
o c-hyper: support automatic content-encoding
o CI/azure: disable test 433 on azure-ubuntu
o CI/azure: replace python-impacket with python3-impacket
o ci: stop building on freebsd-12-1
o cmake: fix import library name for non-MS compiler on Windows
o cmake: use CMAKE_INSTALL_INCLUDEDIR indirection
o cmake: support WinIDN
o config: fix building SMB with configure using Win32 Crypto
o config: fix detection of restricted Windows App environment
o configure: fail if --with-quiche is used and quiche isn't found
o configure: make AC_TRY_* into AC_*_IFELSE
o configure: make hyper opt-in, and fail if missing
o configure: only add OpenSSL paths if they are defined
o configure: provide Largefile feature for curl-config
o configure: remove use of deprecated macros
o configure: s/AC_HELP_STRING/AS_HELP_STRING
o cookies: Fix potential NULL pointer deref with PSL
o curl: set CURLOPT_NEW_FILE_PERMS if requested
o curl_easy_setopt.3: add curl_easy_option* functions to SEE ALSO
o curl_multibyte: always return a heap-allocated copy of string
o curl_multibyte: fall back to local code page stat/access on Windows
o Curl_timeleft: check both timeouts during connect
o curl_url_set.3: mention CURLU_PATH_AS_IS
o CURLOPT_QUOTE.3: clarify that libcurl doesn't parse what's sent
o docs/HTTP2: remove the outdated remark about multiplexing for the tool
o docs/Makefile.inc: format to be update-friendly
o docs: add CURLOPT_CURLU to 'See also' in curl_url_ functions
o docs: add missing Arg tag to --stderr
o docs: Add SSL backend names to CURL_SSL_BACKEND
o docs: clarify timeouts for queued transfers in multi API
o docs: Explain DOH transfers inherit some SSL settings
o docs: fix FILE example url in --metalink documentation
o docs: make gen.pl support *italic* and **bold**
o doh: Fix sharing user's resolve list with DOH handles
o doh: Inherit CURLOPT_STDERR from user's easy handle
o dynbuf: bump the max HTTP request to 1MB
o examples: Remove threaded-shared-conn.c due to bug
o file: Support unicode urls on windows
o ftp: add 'list_only' to the transfer state struct
o ftp: add 'prefer_ascii' to the transfer state struct
o FTP: allow SIZE to fail when doing (resumed) upload
o ftp: avoid SIZE when asking for a TYPE A file
o ftp: fix Codacy/cppcheck warning about null pointer arithmetic
o ftp: fix memory leak in ftp_done
o ftp: never set data->set.ftp_append outside setopt
o gen.pl: quote "bare" minuses in the nroff curl.1
o github: add torture-ftp for FTP-only torture testing
o gnutls: assume nettle crypto support
o gskit: correct the gskit_send() prototype
o hostip: fix build with sync resolver
o hostip: fix crash in sync resolver builds that use DOH
o hsts: remove unused defines
o http2: don't set KEEP_SEND when there's no more data to be sent
o http2: fail if connection terminated without END_STREAM
o http: cap body data amount during send speed limiting
o http: do not add a referrer header with empty value
o http: make 416 not fail with resume + CURLOPT_FAILONERRROR
o http: remove superfluous NULL assign
o http: strip default port from URL sent to proxy
o http: use credentials from transfer, not connection
o ldap: use correct memory free function
o lib1536: check ptr against NULL before dereferencing it
o lib1537: check ptr against NULL before dereferencing it
o lib: remove 'conn->data' completely
o libssh2: kdb_callback: get the right struct pointer
o libssh2:ssh_connect: clear session pointer after free
o memdebug: close debug logfile explicitly on exit
o mingw: enable using strcasecmp()
o multi: close the connection when h2=>h1 downgrading
o multi: do once-per-transfer inits in before_perform in DID state
o multi: rename the multi transfer states
o multi: update pending list when removing handle
o ngtcp2: adapt to the new recv_datagram callback
o ngtcp2: clarify calculation precedence
o ngtcp2: Fix build error due to change in ngtcp2_addr_init
o ngtcp2: sync with recent API updates
o openldap: avoid NULL pointer dereferences
o openssl: adapt to v3's new const for a few API calls
o openssl: ensure to check SSL_CTX_set_alpn_protos return values
o openssl: remove get_ssl_version_txt in favor of SSL_get_version
o openssl: set the transfer pointer for logging early
o OS400: update for CURLOPT_AWS_SIGV4
o parse_proxy: fix a memory leak in the OOM path
o pathhelp.pm: fix use of pwd -L in Msys environment
o projects: Update VS projects for OpenSSL 1.1.x
o quiche: fix build error: use 'int' for port number
o quiche: fix crash when failing to connect
o retry-all-errors.d: Explain curl errors versus HTTP response errors
o retry.d: Clarify transient 5xx HTTP response codes
o runtests.pl: add %TESTNUMBER variable to make copying tests more convenient
o runtests.pl: add a -P option to specify an external proxy
o runtests.pl: kill processes locking test log files
o setopt: error on CURLOPT_HTTP09_ALLOWED set true with Hyper
o test1188: change error to check for: --fail HTTP status
o test220/314: adjust to run with Hyper
o test304: header CRLF cleanup to work with Hyper
o test306: make it not run with Hyper
o tests: disable .curlrc in more environments
o tests: use %TESTNUMBER instead of fixed number
o tftp: remove the 3600 second default timeout
o time: enable 64-bit time_t in supported mingw environments
o tool_help: add missing argument for --create-file-mode
o tool_help: Increase space between option and description
o tool_operate: bail if set CURLOPT_HTTP09_ALLOWED returns error
o travis: add a rustls build
o travis: bump wolfssl to 4.7.0
o travis: only build wolfssl when needed
o travis: split "torture" into a separate "events" build
o travis: switch ngtcp2 build over to quictls
o travis: use ubuntu nghttp2 package instead of build our own
o url.c: use consistent error message for failed resolve
o url: fix memory leak if OOM in the HSTS handling
o url: fix possible use-after-free in default protocol
o urldata: don't touch data->set.httpversion at run-time
o urldata: fix build without HTTP and MQTT
o urldata: make 'actions[]' use unsigned char instead of int
o urldata: merge "struct DynamicStatic" into "struct UrlState"
o urldata: remove the 'rtspversion' field
o urldata: remove the _ORIG suffix from string names
o version.d: Add missing features to the features list
o wolfssl: don't store a NULL sessionid
To generate a diff of this commit:
cvs rdiff -u -r1.239 -r1.240 pkgsrc/www/curl/Makefile
cvs rdiff -u -r1.84 -r1.85 pkgsrc/www/curl/PLIST
cvs rdiff -u -r1.168 -r1.169 pkgsrc/www/curl/distinfo
curl: Update to 7.76.0 Changes: 7.76.0 ====== This release includes the following changes: o cookies: Support multiple -b parameters o curl: add --fail-with-body o doh: add options to disable ssl verification o http: add support to read and store the referrer header o sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl o vtls: initial implementation of rustls backend This release includes the following bugfixes: o CVE-2021-22876: strip credentials from the auto-referer header field o CVE-2021-22890: add 'isproxy' argument to Curl_ssl_get/addsessionid() o asyn-ares: use consistent resolve error message o BUG-BOUNTY: removed the cooperation mention o build: delete unused feature guards o build: fix --disable-dateparse o build: fix --disable-http-auth o build: remove all traces of USE_BLOCKING_SOCKETS o c-hyper: Remove superfluous pointer check o c-hyper: support automatic content-encoding o CI/azure: disable test 433 on azure-ubuntu o CI/azure: replace python-impacket with python3-impacket o ci: stop building on freebsd-12-1 o cmake: fix import library name for non-MS compiler on Windows o cmake: use CMAKE_INSTALL_INCLUDEDIR indirection o cmake: support WinIDN o config: fix building SMB with configure using Win32 Crypto o config: fix detection of restricted Windows App environment o configure: fail if --with-quiche is used and quiche isn't found o configure: make AC_TRY_* into AC_*_IFELSE o configure: make hyper opt-in, and fail if missing o configure: only add OpenSSL paths if they are defined o configure: provide Largefile feature for curl-config o configure: remove use of deprecated macros o configure: s/AC_HELP_STRING/AS_HELP_STRING o cookies: Fix potential NULL pointer deref with PSL o curl: set CURLOPT_NEW_FILE_PERMS if requested o curl_easy_setopt.3: add curl_easy_option* functions to SEE ALSO o curl_multibyte: always return a heap-allocated copy of string o curl_multibyte: fall back to local code page stat/access on Windows o Curl_timeleft: check both timeouts during connect o curl_url_set.3: mention CURLU_PATH_AS_IS o CURLOPT_QUOTE.3: clarify that libcurl doesn't parse what's sent o docs/HTTP2: remove the outdated remark about multiplexing for the tool o docs/Makefile.inc: format to be update-friendly o docs: add CURLOPT_CURLU to 'See also' in curl_url_ functions o docs: add missing Arg tag to --stderr o docs: Add SSL backend names to CURL_SSL_BACKEND o docs: clarify timeouts for queued transfers in multi API o docs: Explain DOH transfers inherit some SSL settings o docs: fix FILE example url in --metalink documentation o docs: make gen.pl support *italic* and **bold** o doh: Fix sharing user's resolve list with DOH handles o doh: Inherit CURLOPT_STDERR from user's easy handle o dynbuf: bump the max HTTP request to 1MB o examples: Remove threaded-shared-conn.c due to bug o file: Support unicode urls on windows o ftp: add 'list_only' to the transfer state struct o ftp: add 'prefer_ascii' to the transfer state struct o FTP: allow SIZE to fail when doing (resumed) upload o ftp: avoid SIZE when asking for a TYPE A file o ftp: fix Codacy/cppcheck warning about null pointer arithmetic o ftp: fix memory leak in ftp_done o ftp: never set data->set.ftp_append outside setopt o gen.pl: quote "bare" minuses in the nroff curl.1 o github: add torture-ftp for FTP-only torture testing o gnutls: assume nettle crypto support o gskit: correct the gskit_send() prototype o hostip: fix build with sync resolver o hostip: fix crash in sync resolver builds that use DOH o hsts: remove unused defines o http2: don't set KEEP_SEND when there's no more data to be sent o http2: fail if connection terminated without END_STREAM o http: cap body data amount during send speed limiting o http: do not add a referrer header with empty value o http: make 416 not fail with resume + CURLOPT_FAILONERRROR o http: remove superfluous NULL assign o http: strip default port from URL sent to proxy o http: use credentials from transfer, not connection o ldap: use correct memory free function o lib1536: check ptr against NULL before dereferencing it o lib1537: check ptr against NULL before dereferencing it o lib: remove 'conn->data' completely o libssh2: kdb_callback: get the right struct pointer o libssh2:ssh_connect: clear session pointer after free o memdebug: close debug logfile explicitly on exit o mingw: enable using strcasecmp() o multi: close the connection when h2=>h1 downgrading o multi: do once-per-transfer inits in before_perform in DID state o multi: rename the multi transfer states o multi: update pending list when removing handle o ngtcp2: adapt to the new recv_datagram callback o ngtcp2: clarify calculation precedence o ngtcp2: Fix build error due to change in ngtcp2_addr_init o ngtcp2: sync with recent API updates o openldap: avoid NULL pointer dereferences o openssl: adapt to v3's new const for a few API calls o openssl: ensure to check SSL_CTX_set_alpn_protos return values o openssl: remove get_ssl_version_txt in favor of SSL_get_version o openssl: set the transfer pointer for logging early o OS400: update for CURLOPT_AWS_SIGV4 o parse_proxy: fix a memory leak in the OOM path o pathhelp.pm: fix use of pwd -L in Msys environment o projects: Update VS projects for OpenSSL 1.1.x o quiche: fix build error: use 'int' for port number o quiche: fix crash when failing to connect o retry-all-errors.d: Explain curl errors versus HTTP response errors o retry.d: Clarify transient 5xx HTTP response codes o runtests.pl: add %TESTNUMBER variable to make copying tests more convenient o runtests.pl: add a -P option to specify an external proxy o runtests.pl: kill processes locking test log files o setopt: error on CURLOPT_HTTP09_ALLOWED set true with Hyper o test1188: change error to check for: --fail HTTP status o test220/314: adjust to run with Hyper o test304: header CRLF cleanup to work with Hyper o test306: make it not run with Hyper o tests: disable .curlrc in more environments o tests: use %TESTNUMBER instead of fixed number o tftp: remove the 3600 second default timeout o time: enable 64-bit time_t in supported mingw environments o tool_help: add missing argument for --create-file-mode o tool_help: Increase space between option and description o tool_operate: bail if set CURLOPT_HTTP09_ALLOWED returns error o travis: add a rustls build o travis: bump wolfssl to 4.7.0 o travis: only build wolfssl when needed o travis: split "torture" into a separate "events" build o travis: switch ngtcp2 build over to quictls o travis: use ubuntu nghttp2 package instead of build our own o url.c: use consistent error message for failed resolve o url: fix memory leak if OOM in the HSTS handling o url: fix possible use-after-free in default protocol o urldata: don't touch data->set.httpversion at run-time o urldata: fix build without HTTP and MQTT o urldata: make 'actions[]' use unsigned char instead of int o urldata: merge "struct DynamicStatic" into "struct UrlState" o urldata: remove the 'rtspversion' field o urldata: remove the _ORIG suffix from string names o version.d: Add missing features to the features list o wolfssl: don't store a NULL sessionid
www/curl: Accomodate SSLCERTBUNDLE Rather than letting openssl perform default validation, curl passes in an explicit request to... use the certificates in the default location. In cases where SSLCERTBUNDLE is defined (because the system uses a bundle instead of the traditonal directory of trust anchors), pass that to curl's configure. As proposed on tech-pkg by Thomas Orgis, without objections.
curl: updated to 7.75.0 Changes: curl: add --create-file-mode [mode] curl: add new variables to --write-out dns: extend CURLOPT_RESOLVE syntax for adding non-permanent entries gopher: implement secure gopher protocol http: add Hyper as new optional HTTP backend http: introduce AWS HTTP v4 Signature support Bugfixes: badsymbols.pl: add verbose mode -v badsymbols.pl: ignore stand-alone single hash lines BUG-BOUNTY: minor language updates build: fix djgpp builds cleanup: fix empty expression statement has no effect cmake: Add an option to disable libidn2 cmake: enable gophers correctly in curl-config cmake: expose CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG cmdline-opts/gen.pl: return hard on errors cmdline-opts/retry.d: mention response code 429 as well configure: set -Wextra-semi-stmt for clang with --enable-debug connect: defer port selection until connect() time connect: mark intentional ignores of setsockopt return values connect: on linux, enable reporting of all ICMP errors on UDP sockets connect: zero variable on stack to silence valgrind complaint cookie: avoid the C1001 internal compiler error with MSVC 14 curl.1: fix typo microsft -> microsoft curl: fix handling of -q option curl: include the file name in --xattr/--remote-time error msgs curl: move fprintf outputs to warnf Curl_chunker: shrink the struct curl_easy_pause.3: add multiplexed pause effects CURLINFO_PRETRANSFER_TIME.3: clarify CURLOPT_URL.3: remove scheme specific details digest_sspi: Show InitializeSecurityContext errors in verbose mode docs/examples: adjust prototypes for CURLOPT_READFUNCTION docs/URL-SYNTAX: the URL syntax curl accepts and works with docs: enable syntax highlighting in several docs files docs: fix line length bug in gen.pl docs: fix typos in NEW-PROTOCOL.md docs: fix wrong documentation in help.d docs: remove redundant "better" in --fail help doh: allocate state struct on demand examples/libtest: add .checksrc to dist examples: remove superfluous asterisk uses failf: remove newline from formatting strings file: don't provide content-length for directories getinfo: build with disabled HTTP support gitattributes: Set batch files to CRLF line endings on checkout h2: do not wait for RECV on paused transfers HISTORY: added dates to early history http: empty reply connection are not left intact http: get CURLOPT_REQUEST_TARGET working with a HTTP proxy http: have CURLOPT_FAILONERROR fail after all headers http: make providing Proxy-Connection header not cause duplicated headers http: show the request as headers even when split-sending http_chunks: correct and clarify a comment on hexnumber length http_proxy: Fix CONNECT chunked encoding race condition httpauth: make multi-request auth work with custom port INSTALL: now at 85 operating systems INSTALL: update the list known OSes and CPU archs curl has run on lib/unit tests: add missing curl_global_cleanup() calls lib1564/5: verify that curl_multi_wakeup returns OK lib: pass in 'struct Curl_easy *' to most functions lib: remove Curl_ prefix from many static functions lib: save a bit of space with some structure packing libssh2: fix "Value stored to 'readdir_len' is never read" libssh2: move data from connection object to transfer object libssh: avoid plain free() of libssh-memory mime: make sure setting MIMEPOST to NULL resets properly misc: assorted typo fixes misc: fix "warning: empty expression statement has no effect" misc: fix typos mk-ca-bundle.pl: deterministic output when using -t mqtt: deal with 0 byte reads correctly mqtt: handle POST/PUBLISH without a set POSTFIELDSIZE multi: set the PRETRANSFER time-stamp when we switch to PERFORM multi: skip DONE state if there's no connection left for ftp wildcard multi: when erroring in TOOFAST state, act as for PERFORM multi_runsingle: bail out early on data->conn == NULL ngtcp2: Fix http3 upload stall ngtcp2: Fix stack buffer overflow ngtcp2: make it build it current master again nss: get the run-time version instead of build-time openssl: lowercase the hostname before using it for SNI OS400: update ccsidcurl.c pretransfer: setup the User-Agent header here quiche: remove fprintf() leftover Revert "CI/github: work-around for brew breakage on macOS" runtests: add 'wakeup' as a feature runtests: add support for %if [feature] conditions runtests: preprocess DISABLED to allow conditionals schannel: plug a memory-leak schannel_verify: fix safefree call typo select: convert Curl_select() to private static function socks: use the download buffer instead speedcheck: exclude paused transfers strerror: skip errnum >= 0 assertion on windows test1522: add debug tracing test1633: set appropriate name test179: use consistent header line endings test410: verify HTTPS GET with a 49K request header tests/mqttd: extract the client id from the correct offset tests: make --libcurl tests only test FTP options if ftp enabled tool_doswin: Restore original console settings on CTRL signal tool_operate: fix the suppression logic of some error messages tool_operate: spellfix a comment tooĺ_writeout: fix the -w time output units transfer: fix GCC 10 warning with flag '-Wint-in-bool-context' travis: build ngtcp2 --with-gnutls travis: limit the tests with quiche builds to HTTPS and FTPS only travis: restrict the openssl3 job to only run https and ftps tests url: if IDNA conversion fails, fallback to Transitional urldata: make magic be the first struct field urldata: remove 'local_ip' from the connectdata struct urldata: remove duplicate 'upkeep_interval_ms' from connectdata urldata: remove duplicate port number storage urldata: remove the duplicate 'ip_addr_str' field urldata: store ip version in a single byte vtls: remove md5sum warnless: remove curlx_ultosi wolfssl: add SECURE_RENEGOTIATION support wolfssl: Support wolfSSL builds missing TLS 1.1
curl: updated to 7.74.0 curl and libcurl 7.74.0 This release includes the following changes: o hsts: add experimental support for Strict-Transport-Security This release includes the following bugfixes: o CVE-2020-8286: Inferior OCSP verification o CVE-2020-8285: FTP wildcard stack overflow o CVE-2020-8284: trusting FTP PASV responses o acinclude: detect manually set minimum macos/ipod version o alt-svc: enable (in the build) by default o alt-svc: minimize variable scope and avoid "DEAD_STORE" o asyn: use 'struct thread_data *' instead of 'void *' o checksrc: warn on empty line before open brace o CI/appveyor: disable test 571 in two cmake builds o CI/azure: improve on flakiness by avoiding libtool wrappers o CI/tests: enable test target on TravisCI for CMake builds o CI/travis: add brotli and zstd to the libssh2 build o cirrus: build with FreeBSD 12.2 in CirrusCI o cmake: call the feature unixsockets without dash o cmake: check for linux/tcp.h o cmake: correctly handle linker flags for static libs o cmake: don't pass -fvisibility=hidden to clang-cl on Windows o cmake: don't use reserved target name 'test' o cmake: make BUILD_TESTING dependent option o cmake: make CURL_ZLIB a tri-state variable o cmake: set the unicode feature in curl-config on Windows o cmake: store IDN2 information in curl_config.h o cmake: use libcurl.rc in all Windows builds o configure: pass -pthread to Libs.private for pkg-config o configure: use pkgconfig to find openSSL when cross-compiling o connect: repair build without ipv6 availability o curl.1: add an "OUTPUT" section at the top of the manpage o curl.se: new home o curl: add compatibility for Amiga and GCC 6.5 o curl: only warn not fail, if not finding the home dir o curl_easy_escape: limit output string length to 3 * max input o Curl_pgrsStartNow: init speed limit time stamps at start o curl_setup: USE_RESOLVE_ON_IPS is for Apple native resolver use o curl_url_set.3: fix typo in the RETURN VALUE section o CURLOPT_DNS_USE_GLOBAL_CACHE.3: fix typo o CURLOPT_HSTS.3: document the file format o CURLOPT_NOBODY.3: fix typo o CURLOPT_TCP_NODELAY.3: fix comment in example code o CURLOPT_URL.3: clarify SCP/SFTP URLs are for uploads as well o docs: document the 8MB input string limit o docs: fix typos and markup in ETag manpage sections o docs: Fix various typos in documentation o examples/httpput: remove use of CURLOPT_PUT o FAQ: refreshed o file: avoid duplicated code sequence o ftp: retry getpeername for FTP with TCP_FASTOPEN o gnutls: fix memory leaks (certfields memory wasn't released) o header.d: mention the "Transfer-Encoding: chunked" handling o HISTORY: the new domain o http3: fix two build errors, silence warnings o http3: use the master branch of GnuTLS for testing o http: pass correct header size to debug callback for chunked post o http_proxy: use enum with state names for 'keepon' o httpput-postfields.c: new example doing PUT with POSTFIELDS o infof/failf calls: fix format specifiers o libssh2: fix build with disabled proxy support o libssh2: fix transport over HTTPS proxy o libssh2: require version 1.0 or later o Makefile.m32: add support for HTTP/3 via ngtcp2+nghttp3 o Makefile.m32: add support for UNICODE builds o mqttd: fclose test file when done o NEW-PROTOCOL: document what needs to be done to add one o ngtcp2: adapt to recent nghttp3 updates o ngtcp2: advertise h3 ALPN unconditionally o ngtcp2: Fix build error due to symbol name change o ngtcp2: use the minimal version of QUIC supported by ngtcp2 o ntlm: avoid malloc(0) on zero length user and domain o openssl: acknowledge SRP disabling in configure properly o openssl: free mem_buf in error path o openssl: guard against OOM on context creation o openssl: use OPENSSL_init_ssl() with >= 1.1.0 o os400: Sync libcurl API options o packages/OS400: make the source code-style compliant o quiche: close the connection o quiche: remove 'static' from local buffer o range.d: clarify that curl will not parse multipart responses o range.d: fix typo o Revert "multi: implement wait using winsock events" o rtsp: error out on empty Session ID, unified the code o rtsp: fixed Session ID comparison to refuse prefix o rtsp: fixed the RTST Session ID mismatch in test 570 o runtests: return error if no tests ran o runtests: revert the mistaken edit of $CURL o runtests: show keywords when no tests ran o scripts/completion.pl: parse all opts o socks: check for DNS entries with the right port number o src/tool_filetime: disable -Wformat on mingw for this file o strerror: use 'const' as the string should never be modified o test122[12]: remove these two tests o test506: make it not run in c-ares builds o tests/*server.py: close log file after each log line o tests/server/tftpd.c: close upload file right after transfer o tests/util.py: fix compatibility with Python 2 o tests: add missing global_init/cleanup calls o tests: fix some http/2 tests for older versions of nghttpx o tool_debug_cb: do not assume zero-terminated data o tool_help: make "output" description less confusing o tool_operate: --retry for HTTP 408 responses too o tool_operate: bail out proper on errors during parallel transfers o tool_operate: fix compiler warning when --libcurl is disabled o tool_writeout: use off_t getinfo-types instead of doubles o travis: use ninja-build for CMake builds o travis: use valgrind when running tests for debug builds o urlapi: don't accept blank port number field without scheme o urlapi: URL encode a '+' in the query part o urldata: remove 'void *protop' and create the union 'p' o vquic/ngtcp2.h: define local_addr as sockaddr_storage
Revbump packages with a runtime Python dep but no version prefix. For the Python 3.8 default switch.
curl: Explicitly disable libpsl support At least on some non-pkgsrc setup it can be accidentally picked up. Noticed by Dr. Thomas Orgis via tech-pkg@.
curl: update to 7.73.0.
curl and libcurl 7.73.0
Public curl releases: 195
Command line options: 234
curl_easy_setopt() options: 278
Public functions in libcurl: 85
Contributors: 2270
This release includes the following changes:
o curl: add --output-dir [25]
o curl: support XDG_CONFIG_HOME to find .curlrc [3]
o curl: update --help with categories [77]
o curl_easy_option_*: new API for meta-data about easy options [40]
o CURLE_PROXY: new error code [7]
o mqtt: enable by default [28]
o sftp: add new quote commands 'atime' and 'mtime' [6]
o ssh: add the option CURLKHSTAT_FINE_REPLACE [27]
o tls: add CURLOPT_SSL_EC_CURVES and --curves [29]
This release includes the following bugfixes:
o altsvc: clone setting in curl_easy_duphandle [60]
o base64: also build for smtp, pop3 and imap [81]
o BUGS: convert document to markdown [107]
o build-wolfssl: fix build with Visual Studio 2019 [114]
o buildconf: invoke 'autoreconf -fi' instead [37]
o checksrc: detect // comments on column 0 [132]
o checksrc: verify do-while and spaces between the braces [2]
o checksrc: warn on space after exclamation mark [129]
o CI/azure: disable test 571 in the msys2 builds [93]
o CI/azure: MQTT is now enabled by default [64]
o CI/azure: no longer ignore results of test 1013 [43]
o CI/tests: fix invocation of tests for CMake builds [117]
o CI/travis: add a CI job with openssl3 (from git master) [51]
o cleanups: avoid curl_ on local variables [53]
o CMake: add option to enable Unicode on Windows [48]
o cmake: make HTTP_ONLY also disable MQTT [58]
o CMake: remove explicit `CMAKE_ANSI_CFLAGS` [45]
o cmake: remove scary warning [96]
o cmdline-opts/gen.pl: generate nicer "See Also" in curl.1 [66]
o configure: don't say HTTPS-proxy is enabled when disabled [120]
o configure: fix pkg-config detecting wolfssl [26]
o configure: let --enable-debug set -Wenum-conversion with gcc >= 10 [56]
o conn: check for connection being dead before reuse [39]
o connect.c: remove superfluous 'else' in Curl_getconnectinfo [42]
o curl.1: add see also no-progress-meter on two spots [67]
o curl.1: fix typo invokved -> invoked [36]
o curl: in retry output don't call all problems "transient" [74]
o curl: make --libcurl show binary posts correctly [130]
o curl: make checkpasswd use dynbuf [100]
o curl: make file2memory use dynbuf [102]
o curl: make file2string use dynbuf [103]
o curl: make glob_match_url use dynbuf [101]
o curl: make sure setopt CURLOPT_IPRESOLVE passes on a long [134]
o curl: retry delays in parallel mode no longer sleeps blocking [70]
o curl: use curlx_dynbuf for realloc when loading config files [73]
o curl:parallel_transfers: make sure retry readds the transfer [71]
o curl_get_line: build only if cookies or alt-svc are enabled [13]
o curl_mime_headers.3: fix the example's use of curl_slist_append [83]
o Curl_pgrsTime - return new time to avoid timeout integer overflow [32]
o Curl_send: return error when pre_receive_plain can't malloc [111]
o dist: add missing CMake Find modules to the distribution [14]
o docs/LICENSE-MIXING: remove [79]
o docs/opts: fix typos in two manual pages [119]
o docs/RESOURCES: remove [105]
o docs/TheArtOfHttpScripting: convert to markdown [106]
o docs: add description about CI platforms to CONTRIBUTE.md [44]
o docs: correct non-existing macros in man pages [35]
o doh: add error message for DOH_DNS_NAME_TOO_LONG [17]
o dynbuf: make sure Curl_dyn_tail() zero terminates [78]
o easy_reset: clear retry counter [82]
o easygetopt: pass a valid enum to avoid compiler warning [75]
o etag: save and use the full received contents [4]
o ftp: a 550 response to SIZE returns CURLE_REMOTE_FILE_NOT_FOUND [99]
o ftp: avoid risk of reading uninitialized integers [76]
o ftp: get rid of the PPSENDF macro [85]
o ftp: make a 552 response return CURLE_REMOTE_DISK_FULL [87]
o ftp: separate FTPS from FTP over "HTTPS proxy" [112]
o git: ignore libtests in 3XXX area [16]
o github: use new issue template feature [88]
o HISTORY: mention alt-svc added in 2019
o HTTP/3: update to OpenSSL_1_1_1g-quic-draft-29 [41]
o http: consolidate nghttp2_session_mem_recv() call paths [80]
o http_proxy: do not count proxy headers in the header bytecount [90]
o http_proxy: do not crash with HTTPS_PROXY and NO_PROXY set [50]
o imap: make imap_send use dynbuf for the send buffer management [110]
o imap: set cselect_bits to CURL_CSELECT_IN initially [104]
o ldap: reduce the amount of #ifdefs needed [124]
o lib/Makefile.am: bump VERSIONINFO due to new functions [65]
o lib1560: verify "redirect" to double-slash leading URL [20]
o lib583: fix enum mixup
o lib: fix -Wassign-enum warnings [84]
o lib: make Curl_gethostname accept a const pointer [38]
o libssh2: handle the SSH protocols done over HTTPS proxy [125]
o libssh2: pass on the error from ssh_force_knownhost_key_type [47]
o Makefile.m32: add ability to override zstd libs [ci skip] [10]
o man pages: switch to https://example.com URLs [86]
o MANUAL: update examples to resolve without redirects [122]
o mbedtls: add missing header when defining MBEDTLS_DEBUG [133]
o memdebug: remove 9 year old unused debug function [126]
o multi: expand pre-check for socket readiness [21]
o multi: handle connection state winsock events [31]
o multi: implement wait using winsock events [22]
o ngtcp2: adapt to new NGTCP2_PROTO_VER_MAX define [108]
o ngtcp2: adapt to the new pkt_info arguments [18]
o ntlm: fix condition for curl_ntlm_core usage [46]
o openssl: avoid error conditions when importing native CA [52]
o openssl: consider ALERT_CERTIFICATE_EXPIRED a failed verification [57]
o openssl: Fix wincrypt symbols conflict with BoringSSL [9]
o parsedate: tune the date to epoch conversion [95]
o pause: only trigger a reread if the unpause sticks [92]
o pingpong: use a dynbuf for the *_pp_sendf() function [113]
o READMEs: convert several to markdown [115]
o runtests: add %repeat[]% for test files [116]
o runtests: allow creating files without newlines [72]
o runtests: allow generating a binary sequence from hex
o runtests: clear pid variables when failing to start a server [12]
o runtests: make cleardir() erase dot files too [8]
o runtests: provide curl's version string as %VERSION for tests [127]
o schannel: fix memory leak when using get_cert_location [15]
o schannel: return CURLE_PEER_FAILED_VERIFICATION for untrusted root [128]
o scripts: improve the "get latest curl release tag" logic
o sectransp: make it build with --disable-proxy [123]
o select.h: make socket validation macros test for INVALID_SOCKET [24]
o select: align poll emulation to return all relevant events [63]
o select: fix poll-based check not detecting connect failure
o select: reduce duplication of Curl_poll in Curl_socket_check [23]
o select: simplify return code handling for poll and select [49]
o setopt: if the buffer exists, refuse the new BUFFERSIZE [5]
o setopt: return CURLE_BAD_FUNCTION_ARGUMENT on bad argument [91]
o socketpair: allow CURL_DISABLE_SOCKETPAIR [11]
o sockfilt: handle FD_CLOSE winsock event on write socket [30]
o src: spell whitespace without whitespace [121]
o SSLCERTS: fix English syntax [34]
o strerror: honor Unicode API choice on Windows [109]
o symbian: drop support [118]
o telnet.c: depend on static requirement of WinSock version 2 [61]
o test1541: remove since it is a known bug [68]
o test163[12]: require http to be built-in to run [94]
o test434: test -K use in a single line without newline [59]
o test971: show test mismatches "inline"
o tests/data: Fix some mismatched XML tags in test cases
o tests/FILEFORMAT: document nonewline support for <file>
o tests/FILEFORMAT: document type=shell for <command>
o tests/server/util.c: fix support for Windows Unicode builds [131]
o tests: remove pipelining tests [69]
o tls: fix SRP detection by using the proper #ifdefs [33]
o tls: provide the CApath verbose log on its own line [1]
o tool_setopt: escape binary data to hex, not octal
o tool_writeout: add new writeout variable, %{num_headers} [97]
o travis: add a build using libressl (from git master) [55]
o url: use blank credentials when using proxy w/o username and password [54]
o urlapi: use more Curl_safefree [89]
o vtls: deduplicate client certificates in ssl_config_data [98]
o win32: drop support for WinSock version 1, require version 2 [62]
o winbuild: convert the instruction text to README.md [19]
*: bump PKGREVISION for perl-5.32.
curl: replace hardcoded perl shebang in tests
curl: Update to 7.72.0
pkgsrc changes:
- Add test dependency to Python and py-impacket for SMB and TELNET tests
Changes:
7.72.0
------
This release includes the following changes:
o content_encoding: add zstd decoding support
o CURL_PUSH_ERROROUT: allow the push callback to fail the parent stream
o CURLINFO_EFFECTIVE_METHOD: added
This release includes the following bugfixes:
o CVE-2020-8231: libcurl: wrong connect-only connection
o appveyor: collect libcurl.dll variants with prefix or suffix
o asyn-ares: correct some bad comments
o bearssl: fix build with disabled proxy support
o buildconf: avoid array concatenation in die()
o buildconf: retire ares buildconf invocation
o checksrc: ban gmtime/localtime
o checksrc: invoke script with -D to find .checksrc proper
o CI/azure: install libssh2 for use with msys2-based builds
o CI/azure: unconditionally enable warnings-as-errors with autotools
o CI/macos: enable warnings as errors for CMake builds
o CI/macos: set minimum macOS version
o CI/macos: unconditionally enable warnings-as-errors with autotools
o CI: Add muse CI analyzer
o cirrus-ci: upgrade 11-STABLE to 11.4
o CMake: don't complain about missing nroff
o CMake: fix test for warning suppressions
o cmake: fix windows xp build
o configure.ac: Sort features name in summary
o configure: allow disabling warnings
o configure: cleanup wolfssl + pkg-config conflicts when cross compiling.
o configure: show zstd "no" in summary when built without it
o connect: remove redundant message about connect failure
o curl-config: ignore REQUIRE_LIB_DEPS in --libs output
o curl.1: add a few missing valid exit codes
o curl: add %{method} to the -w variables
o curl: improve the existing file check with -J
o curl_multi_setopt: fix compiler warning "result is always false"
o curl_version_info.3: CURL_VERSION_KERBEROS4 is deprecated
o CURLINFO_CERTINFO.3: fix typo
o CURLOPT_NOBODY.3: clarify what setting to 0 means
o docs: add date of 7.20 to CURLM_CALL_MULTI_PERFORM mentions
o docs: Add video link to docs/CONTRIBUTE.md
o docs: change "web site" to "website"
o docs: clarify MAX_SEND/RECV_SPEED functionality
o docs: Update a few leftover mentions of DarwinSSL
o doh: remove redundant cast
o file2memory: use a define instead of -1 unsigned value
o ftp: don't do ssl_shutdown instead of ssl_close
o ftpserver: don't verify SMTP MAIL FROM names
o getinfo: reset retry-after value in initinfo
o gnutls: repair the build with `CURL_DISABLE_PROXY`
o gtls: survive not being able to get name/issuer
o h2: repair trailer handling
o http2: close the http2 connection when no more requests may be sent
o http2: fix nghttp2_strerror -> nghttp2_http2_strerror in debug messages
o libssh2: s/ssherr/sftperr/
o libtest/Makefile.am: add -no-undefined for libstubgss for Cygwin
o md(4|5): don't use deprecated macOS functions
o mprintf: Fix dollar string handling
o mprintf: Fix stack overflows
o multi: Condition 'extrawait' is always true
o multi: Remove 10-year old out-commented code
o multi: remove two checks always true
o multi: update comment to say easyp list is linear
o multi_remove_handle: close unused connect-only connections
o ngtcp2: adapt to error code rename
o ngtcp2: adjust to recent sockaddr updates
o ngtcp2: update to modified qlog callback prototype
o nss: fix build with disabled proxy support
o ntlm: free target_info before (re-)malloc
o openssl: fix build with LibreSSL < 2.9.1
o page-header: provide protocol details in the curl.1 man page
o quiche: handle calling disconnect twice
o runtests.pl: treat LibreSSL and BoringSSL as OpenSSL
o runtests: move the gnutls-serv tests to a dynamic port
o runtests: move the smbserver to use a dynamic port number
o runtests: move the TELNET server to a dynamic port
o runtests: run the DICT server on a random port number
o runtests: run the http2 tests on a random port number
o runtests: support dynamicly base64 encoded sections in tests
o setopt: unset NOBODY switches to GET if still HEAD
o smtp_parse_address: handle blank input string properly
o socks: use size_t for size variable
o strdup: remove the odd strlen check
o test1119: verify stdout in the test
o test1139: make it display the difference on test failures
o test1140: compare stdout
o test1908: treat file as text
o tests/FILEFORMAT.md: mention %HTTP2PORT
o tests/sshserver.pl: fix compatibility with OpenSSH for Windows
o TLS naming: fix more Winssl and Darwinssl leftovers
o tls-max.d: this option is only for TLS-using connections
o tlsv1.3.d. only for TLS-using connections
o tool_doswin: Simplify Windows version detection
o tool_getparam: make --krb option work again
o TrackMemory tests: ignore realloc and free in getenv.c
o transfer: fix data_pending for builds with both h2 and h3 enabled
o transfer: fix memory-leak with CURLOPT_CURLU in a duped handle
o transfer: move retrycount from connect struct to easy handle
o travis/script.sh: fix use of `-n' with unquoted envvar
o travis: add ppc64le and s390x builds
o travis: update quiche builds for new boringssl layout
o url: fix CURLU and location following
o url: silence MSVC warning
o util: silence conversion warnings
o win32: Add Curl_verify_windows_version() to curlx
o WIN32: stop forcing narrow-character API
o windows: add unicode to feature list
o windows: disable Unix Sockets for old mingw
curl: updated to 7.71.1 Fixed in 7.71.1: cirrus-ci: disable FreeBSD 13 (again) Curl_inet_ntop: always check the return code CURLOPT_READFUNCTION.3: provide the upload data size up front DYNBUF.md: fix a typo: trail => tail escape: make the URL decode able to reject only %00-bytes escape: zero length input should return a zero length output examples/multithread.c: call curl_global_cleanup() http2: set the correct URL in pushed transfers http: fix proxy auth with blank password mbedtls: fix build with disabled proxy support ngtcp2: sync with current master openssl: Fix compilation on Windows when ngtcp2 is enabled Revert "multi: implement wait using winsock events" sendf: improve the message on client write errors terminology: call them null-terminated strings tool_cb_hdr: Fix etag warning output and return code url: allow user + password to contain "control codes" for HTTP(S) vtls: compare cert blob when finding a connection to reuse
curl: update to 7.71.0. freeze ok: gdt, leot curl and libcurl 7.71.0 Public curl releases: 192 Command line options: 232 curl_easy_setopt() options: 277 Public functions in libcurl: 82 Contributors: 2202 This release includes the following changes: o CURLOPT_SSL_OPTIONS: optional use of Windows' CA store (with openssl) [10] o setopt: add CURLOPT_PROXY_ISSUERCERT(_BLOB) for coherency [31] o setopt: support certificate options in memory with struct curl_blob [41] o tool: Add option --retry-all-errors to retry on any error [27] This release includes the following bugfixes: o CVE-2020-8177: curl overwrite local file with -J [111] o CVE-2020-8169: Partial password leak over DNS on HTTP redirect [48] o *_sspi: fix bad uses of CURLE_NOT_BUILT_IN [21] o all: fix codespell errors [75] o altsvc: bump to h3-29 [114] o altsvc: fix 'dsthost' may be used uninitialized in this function o altsvc: fix parser for lines ending with CRLF [74] o altsvc: remove the num field from the altsvc struct [109] o appveyor: add non-debug plain autotools-based build [90] o appveyor: disable flaky test 1501 and ignore broken 1056 o appveyor: disable test 1139 instead of ignoring it o asyn-*: remove support for never-used NULL entry pointers [19] o azure: use matrix strategy to avoid configuration redundancy [83] o build: disable more code/data when built without proxy support [84] o buildconf: remove -print from the find command that removes files o checksrc: enhance the ASTERISKSPACE and update code accordingly [52] o CI/macos: fix 'is already installed' errors by using bundle [94] o cirrus: disable SFTP and SCP tests [7] o CMake: add ENABLE_ALT_SVC option o CMake: add HTTP/3 support (ngtcp2+nghttp3, quiche) [34] o CMake: add libssh build support [37] o CMake: do not build test programs by default [30] o CMake: fix runtests.pl with CMake, add new test targets [29] o CMake: ignore INTERFACE_LIBRARY targets for pkg-config file [112] o CMake: rebuild Makefile.inc.cmake when Makefile.inc changes [58] o CODE_REVIEW.md: how to do code reviews in curl [108] o configure: fix pthread check with static boringssl o configure: for wolfSSL, check for the DES func needed for NTLM o configure: only strip first -L from LDFLAGS [89] o configure: repair the check if argv can be written to [47] o configure: the wolfssh backend does not provide SCP [57] o connect: improve happy eyeballs handling [118] o connect: make happy eyeballs work for QUIC (again) [16] o curl.1: Quote globbed URLs [51] o curl: remove -J "informational" written on stdout [36] o Curl_addrinfo: use one malloc instead of three [97] o CURLINFO_ACTIVESOCKET.3: clarify the description [87] o doc: add missing closing parenthesis in CURLINFO_SSL_VERIFYRESULT.3 [5] o doc: Rename VERSIONS to VERSIONS.md as it already has Markdown syntax [20] o docs/HTTP3: add qlog to the quiche build instruction o docs/options-in-versions: which version added each cmdline option [53] o docs: unify protocol lists [54] o dynbuf: introduce internal generic dynamic buffer functions [17] o easy: fix dangling pointer on easy_perform fail [26] o examples/ephiperfifo: turn off interval when setting timerfd [79] o examples/http2-down/upload: add error checks [78] o examples: remove asiohiper.cpp [4] o FILEFORMAT: add more features that tests can depend on o FILEFORMAT: describe verify/stderr o ftp: make domore_getsock() return the secondary socket properly o ftp: mark return-ignoring calls to Curl_GetFTPResponse with (void) [64] o ftp: shut down the secondary connection properly when SSL is used [43] o GnuTLS: Backend support for CURLINFO_SSL_VERIFYRESULT [9] o hostip: make Curl_printable_address not return anything [63] o hostip: on macOS avoid DoH when given a numerical IP address [69] o http2: keep trying to send pending frames after req.upload_done [40] o http2: simplify and clean up trailer handling [6] o HTTP3.md: clarify cargo build directory [77] o http: move header storage to Curl_easy from connectdata [107] o libcurl.pc: Merge Libs.private into Libs for static-only builds [28] o libssh2: improved error output for wrong quote syntax [39] o libssh2: keep sftp errors as 'unsigned long' [103] o libssh2: set the expected total size in SCP upload init [2] o libtest/cmake: Remove commented code [13] o list-only.d: this option existed already in 4.0 o manpage: add three missing environment variables [121] o multi: add defensive check on data->multi->num_alive [96] o multi: implement wait using winsock events [120] o ngtcp2: cleanup memory when failing to connect [70] o ngtcp2: fix build with current ngtcp2 master implementing draft 28 [76] o ngtcp2: fix happy eyeballs quic connect crash [118] o ngtcp2: introduce qlog support [23] o ngtcp2: never call fprintf() in lib code in release version o ngtcp2: update with recent API changes [100] o ntlm: enable NTLM support with wolfSSL [81] o OpenSSL: have CURLOPT_CRLFILE imply CURLSSLOPT_NO_PARTIALCHAIN [55] o openssl: set FLAG_TRUSTED_FIRST unconditionally [105] o projects: Add crypt32.lib to dependencies for all OpenSSL configs [93] o quiche: clean up memory properly when failing to connect [71] o quiche: enable qlog output [14] o quiche: update SSLKEYLOGFILE support [98] o Revert "buildconf: use find -execdir" [38] o Revert "ssh: ignore timeouts during disconnect" [67] o runtests: remove sleep calls [18] o runtests: show elapsed test time with higher precision (ms) o select: always use Sleep in Curl_wait_ms on Win32 [82] o select: fix overflow protection in Curl_socket_check [22] o sendf: make failf() use the mvsnprintf() return code [62] o server/sws: fix asan warning on use of uninitialized variable o server/util: fix logmsg format using curl_off_t argument [106] o sha256: fixed potentially uninitialized variable [61] o share: don't set the share flag it something fails [116] o sockfilt: make select_ws stop waiting on exit signal event o socks: detect connection close during handshake [95] o socks: fix expected length of SOCKS5 reply [68] o socks: remove unreachable breaks in socks.c and mime.c [101] o source cleanup: remove all custom typedef structs [42] o test1167: fixes in badsymbols.pl [73] o test1177: look for curl.h in source directory [1] o test1238: avoid tftpd being busy for tests shortly following [33] o test613.pl: make tests 613 and 614 work with OpenSSH for Windows [8] o test75: Remove precheck test o tests: add https-proxy support to the test suite [49] o tests: add support for SSH server variant specific transfer paths [24] o tests: add two simple tests for --login-options [99] o tests: make test 1248 + 1249 use %NOLISTENPORT [3] o tests: pick a random port number for SSH [12] o tests: run stunnel for HTTPS and FTPS on dynamic ports [11] o timeouts: change millisecond timeouts to timediff_t from time_t [86] o timeouts: move ms timeouts to timediff_t from int and long [104] o tool: fixup a few --help descriptions [56] o tool: support UTF-16 command line on Windows [46] o tool_cfgable: free login_options at exit [102] o tool_getparam: fix memory leak in parse_args o tool_operate: fixed potentially uninitialized variables [60] o tool_paramhlp: fixed potentially uninitialized strtol() variable [59] o transfer: close connection after excess data has been read [66] o travis: add "qlog" as feature in the quiche build o travis: Add ngtcp2 and quiche tests for CMake o travis: upgrade to bionic, clang-9, improve readability [35] o typecheck-gcc.h: CURLINFO_PRIVATE does not need a 'char *' [44] o unit1604.c: fix implicit conv from 'SANITIZEcode' to 'CURLcode' [88] o url: accept "any length" credentials for proxy auth [72] o url: alloc the download buffer at transfer start [85] o url: reject too long input when parsing credentials [25] o url: sort the protocol schemes in rough popularity order [32] o urlapi: accept :: as a valid IPv6 address [15] o urldata: leave the HTTP method untouched in the set.* struct [45] o urlglob: treat literal IPv6 addresses with zone IDs as a host name [115] o user-agent.d: spell out what happens given a blank argument [80] o vauth/cleartext: fix theoretical integer overflow [50] o version.d: expanded and alpha-sorted [110] o vtls: Extract and simplify key log file handling from OpenSSL o wolfssl: add SSLKEYLOGFILE support [65] o wording: avoid blacklist/whitelist stereotypes [92] o write-out.d: added "response_code"
revbump after updating security/nettle
revbump after boost update
curl: Update to 7.70.0
Changes:
7.70.0
------
This release includes the following changes:
o curl: add --ssl-revoke-best-effort to allow a "best effort" revocation check
o mqtt: add new experimental protocol
o schannel: add "best effort" revocation check option: CURLSSLOPT_REVOKE_BEST_EFFORT
o writeout: support to generate JSON output with '%{json}'
This release includes the following bugfixes:
o appveyor: add Unicode winbuild jobs
o appveyor: completely disable tests that fail to timeout early
o appveyor: show failed tests in log even if test is ignored
o appveyor: sort builds by type and add two new variants
o appveyor: turn disabled tests into ignored result tests
o appveyor: use random test server ports based upon APPVEYOR_API_URL
o build: fixed build for systems with select() in unistd.h
o buildconf: avoid using tempfile when removing files
o checksrc: warn on obvious conditional blocks on the same line as if()
o CI-fuzz: increase fuzz time to 40 minutes
o ci/tests: fix Azure Pipelines not running Windows containers
o CI: add build with ngtcp2 + gnutls on Travis CI
o CI: bring GitHub Actions fuzzing job in line with macOS jobs
o CI: migrate macOS jobs from Azure and Travis CI to GitHub Actions
o CI: remove default Ubuntu build from GitHub Actions
o cirrus: no longer ignore test 504 which is working again
o cirrus: re-enable the FreeBSD 13 CI builds
o cleanup: insert newline after if() conditions
o cmake: add aliases so exported target names are available in tree
o cmake: add CMAKE_MSVC_RUNTIME_LIBRARY
o cmake: add support for building with wolfSSL
o cmake: Avoid MSVC C4273 warnings in send/recv checks
o cmdline: fix handling of OperationConfig linked list (--next)
o compressed.d: stress that the headers are not modified
o config: remove all defines of HAVE_DES_H
o configure: convert -I to -isystem as a last step
o configure: document 'compiler_num' for gcc
o configure: don't check for Security.framework when cross-compiling
o configure: fix -pedantic-errors for GCC 5 and later
o configure: remove use of -vec-report0 from CFLAGS with icc
o connect: happy eyeballs cleanup
o connect: store connection info for QUIC connections
o copyright: fix out-of-date copyright ranges and missing headers
o curl-functions.m4: remove inappropriate AC_REQUIRE
o curl.h: remnove CURL_VERSION_ESNI. Never supported nor documented
o curl.h: update comment typo
o curl: allow both --etag-compare and --etag-save with same file name
o curl_setup: define _WIN32_WINNT_[OS] symbols
o CURLINFO_CONDITION_UNMET: return true for 304 http status code
o CURLINFO_NUM_CONNECTS: improve accuracy
o CURLOPT_WRITEFUNCTION.3: add inline example and new see-also
o dist: add mail-rcpt-allowfails.d to the tarball
o docs/make: generate curl.1 from listed files only
o docs: add warnings about FILE: URLs on Windows
o easy: fix curl_easy_duphandle for builds missing IPv6 that use c-ares
o examples/sessioninfo.c: add include to fix compiler warning
o github actions: run when pushed to master or */ci + PRs
o gnutls: bump lowest supported version to 3.1.10
o gnutls: Don't skip really long certificate fields
o gnutls: ensure TLS 1.3 when SRP isn't requested
o gopher: check remaining time left during write busy loop
o gskit: use our internal select wrapper for portability
o http2: Fix erroneous debug message that h2 connection closed
o http: don't consider upload done if the request isn't completely sent off
o http: free memory when Alt-Used header creation fails due to OOM
o lib/mk-ca-bundle: skip empty certs
o lib670: use the same Win32 API check as all other lib tests
o lib: fix typos in comments and errormessages
o lib: never define CURL_CA_BUNDLE with a getenv
o libcurl-multi.3: added missing full stop
o libssh: avoid options override by configuration files
o libssh: Use new ECDSA key types to check known hosts
o mailmap: fixup a few author names/fields
o Makefile.m32: Improve windres parameter compatibility
o Makefile: run the cd commands in a subshell
o memdebug: don't log free(NULL)
o mime: properly check Content-Type even if it has parameters
o multi-ssl: reset the SSL backend on `Curl_global_cleanup()`
o multi: improve parameter check for curl_multi_remove_handle
o nghttp2: 1.12.0 required
o ngtcp2: update to git master for the key installation API change
o nss: check for PK11_CreateDigestContext() returning NULL
o openssl: adapt to functions marked as deprecated since version 3
o OS400: update strings for ccsid-ifier (fixes the build)
o output.d: quote the URL when globbing
o packages: add OS400/chkstrings.c to the dist
o RELEASE-PROCEDURE.md: run the copyright.pl script!
o Revert "file: on Windows, refuse paths that start with \\"
o runtests: always put test number in servercmd file
o runtests: provide nicer errormsg when protocol "dump" file is empty
o schannel: Fix blocking timeout logic
o schannel: support .P12 or .PFX client certificates
o scripts/release-notes.pl: add helper script for RELEASE-NOTES maintenance
o select: make Curl_socket_check take timediff_t timeout
o select: move duplicate select preparation code into Curl_select
o select: remove typecast from SOCKET_WRITABLE/READABLE macros
o server/getpart: make the "XML-parser" stricter
o server/resolve: remove AI_CANONNAME to make macos tell the truth
o smtp: set auth correctly
o sockfilt: add logmsg output to select_ws_wait_thread on Windows
o sockfilt: fix broken pipe on Windows to be ready in select_ws
o sockfilt: fix handling of ready closed sockets on Windows
o sockfilt: fix race-condition of waiting threads and event handling
o socks: Fix blocking timeout logic
o src: Remove C99 constructs to ensure C89 compliance
o SSLCERTS.md: Fix example code for setting CA cert file
o test1148: tolerate progress updates better (again)
o test1154: set a proper name
o test1177: verify that all the CURL_VERSION_ bits are documented
o test1566: verify --etag-compare that gets a 304 back
o test1908: avoid using fixed port number in test data
o test2043: use revoked.badssl.com instead of revoked.grc.com
o test2100: fix static port instead of dynamic value being used
o tests/data: fix some XML formatting issues in test cases
o tests/FILEFORMAT: converted to markdown and extended
o tests/server/util.c: use curl_off_t instead of long for pid
o tests: add %NOLISTENPORT and use it
o tests: add Windows compatible pidwait like pidkill and pidterm
o tests: fix conflict between Cygwin/msys and Windows PIDs
o tests: introduce preprocessed test cases
o tests: make Python-based servers compatible with Python 2 and 3
o tests: make runtests check that disabled tests exists
o tests: move pingpong server to dynamic listening port
o tests: remove python_dependencies for smbserver from our tree
o tests: run the RTSP test server on a dynamic port number
o tests: run the SOCKS test server on a dynamic port number
o tests: run the sws server on "any port"
o tests: run the TFTP test server on a dynamic port number
o tests: use Cygwin/msys PIDs for stunnel and sshd on Windows
o tls: remove the BACKEND define kludge from most backends
o tool: do not declare functions with Curl_ prefix
o tool_operate: fix add_parallel_transfers when more are in queue
o transfer: cap retries of "dead connections" to 5
o transfer: Switch PUT to GET/HEAD on 303 redirect
o travis: bump the wolfssl CI build to use 4.4.0
o travis: update the ngtcp2 build to use the latest OpenSSL patch
o url: allow non-HTTPS altsvc-matching for debug builds
o version: add 'cainfo' and 'capath' to version info struct
o version: increase buffer space for ssl version output
o version: skip idn2_check_version() check and add precaution
o vquic: add support for GnuTLS backend of ngtcp2
o vtls: fix ssl_config memory-leak on out-of-memory
o warnless: remove code block for icc that didn't work
o windows: enable UnixSockets with all build toolchains
o windows: suppress UI in all CryptAcquireContext() calls
curl: updated to 7.69.1 curl and libcurl 7.69.1 This release includes the following bugfixes: * ares: store dns parameters for duphandle * cirrus-ci: disable the FreeBSD 13 builds * curl_share_setopt.3: Note sharing cookies doesn't enable the engine * lib1564: reduce number of mid-wait wakeup calls * libssh: Fix matching user-specified MD5 hex key * MANUAL: update a dict-using command line * mime: do not perform more than one read in a row * mime: fix the binary encoder to handle large data properly * mime: latch last read callback status * multi: skip EINTR check on wakeup socket if it was closed * pause: bail out on bad input * pause: force a connection recheck after unpausing (take 2) * pause: return early for calls that don't change pause state * runtests.1: rephrase how to specify what tests to run * runtests: fix missing use of exe_ext helper function * seek: fix fall back for missing ftruncate on Windows * sftp: fix segfault regression introduced in 7.69.0 * sha256: Added SecureTransport implementation * sha256: Added WinCrypt implementation * socks4: fix host resolve regression * socks5: host name resolv regression fix * tests/server: fix missing use of exe_ext helper function * tests: fix static ip:port instead of dynamic values being used * tests: make sleeping portable by avoiding select * unit1612: fix the inclusion and compilation of the HMAC unit test * urldata: remove the 'stream_was_rewound' connectdata struct member * version: make curl_version* thread-safe without using global context
*: recursive bump for libffi
curl: updated to 7.69.0 This release includes the following changes: o polarssl: removed o smtp: add CURLOPT_MAIL_RCPT_ALLLOWFAILS and --mail-rcpt-allowfails o wolfSSH: new SSH backend This release includes the following bugfixes: o altsvc: improved header parser o altsvc: keep a copy of the file name to survive handle reset o altsvc: make saving the cache an atomic operation o altsvc: use h3-27 o azure: disable brotli on the macos debug-builds o build: remove all HAVE_OPENSSL_ENGINE_H defines o checksrc.bat: Fix not being able to run script from the main curl dir o cleanup: fix several comment typos o cleanup: fix typos and wording in docs and comments o cmake: add support for CMAKE_LTO option o cmake: clean up and improve build procedures o cmake: enable SMB for Windows builds o cmake: improve libssh2 check on Windows o cmake: Show HTTPS-proxy in the features output o cmake: support specifying the target Windows version o cmake: use check_symbol_exists also for inet_pton o configure.ac: fix comments about --with-quiche o configure: disable metalink if mbedTLS is specified o configure: disable metalink support for incompatible SSL/TLS o conn: do not reuse connection if SOCKS proxy credentials differ o conncache: removed unused Curl_conncache_bundle_size() o connect: remove some spurious infof() calls o connection reuse: respect the max_concurrent_streams limits o contributors: also include people who contributed to curl-www o contrithanks: use the most recent tag by default o cookie: check __Secure- and __Host- case sensitively o cookies: make saving atomic with a rename o create-dirs.d: mention the mode o curl: avoid using strlen for testing if a string is empty o curl: error on --alt-svc use w/o support o curl: let -D merge headers in one file again o curl: make #0 not output the full URL o curl: make the -# spaceship bar not wrap the line o curl: remove 'config' field from OutStruct o curl:progressbarinit: ignore column width from terminals < 20 o curl_escape.3: add a link to curl_free o curl_getenv.3: fix the memory handling description o curl_global_init: assume the EINTR bit by default o curl_global_init: move the IPv6 works status bool to multi handle o CURLINFO_COOKIELIST.3: Fix example o CURLOPT_ALTSVC_CTRL.3: fix the DEFAULT wording o CURLOPT_PROXY_SSL_OPTIONS.3: Sync with CURLOPT_SSL_OPTIONS.3 o CURLOPT_REDIR_PROTOCOLS.3: update the DEFAULT section o data.d: remove "Multiple files can also be specified" o digest: do not quote algorithm in HTTP authorisation o docs/HTTP3: add --enable-alt-svc to curl's configure o docs/HTTP3: update the OpenSSL branch to use for ngtcp2 o docs: fix typo on CURLINFO_RETRY_AFTER o easy: remove dead code o form.d: fix two minor typos o ftp: convert 'sock_accepted' to a plain boolean o ftp: remove superfluous checking for crlf in user or pwd o ftp: shrink temp buffers used for PORT o github action: add CIFuzz o github: Instructions to post "uname -a" on Unix systems in issues o GnuTLS: always send client cert o gtls: fixed compilation when using GnuTLS < 3.5.0 o hostip: move code to resolve IP address literals to `Curl_resolv` o HTTP-COOKIES: describe the cookie file format o HTTP-COOKIES: mention that a trailing newline is required o http2: make pausing/unpausing set/clear local stream window o http2: now requires nghttp2 >= 1.12.0 o http: added 417 response treatment o http: increase EXPECT_100_THRESHOLD to 1Mb o http: mark POSTs with no body as "upload done" from the start o http: move "oauth_bearer" from connectdata to Curl_easy o include: remove non-curl prefixed defines o KNOWN_BUGS: Multiple methods in a single WWW-Authenticate: header o libssh2: add support for forcing a hostkey type o libssh2: fix variable type o libssh: improve known hosts handling o llist: removed unused Curl_llist_move() o location.d: the method change is from POST to GET only o md4: fixed compilation issues when using GNU TLS gcrypt o md4: use init/update/final functions in Secure Transport o md5: added implementation for mbedTLS o mk-ca-bundle: add support for CKA_NSS_SERVER_DISTRUST_AFTER o multi: change curl_multi_wait/poll to error on negative timeout o multi: fix outdated comment o multi: if Curl_readwrite sets 'comeback' use expire, not loop o multi_done: if multiplexed, make conn->data point to another transfer o multi_wait: stop loop when sread() returns zero o ngtcp2: add error code for QUIC connection errors o ngtcp2: fixed to only use AF_INET6 when ENABLE_IPV6 o ngtcp2: update to git master and its draft-25 support o ntlm: move the winbind data into the NTLM data structure o ntlm: pass the Curl_easy structure to the private winbind functions o ntlm: removed the dependency on the TLS libaries when using MD5 o ntlm_wb: use Curl_socketpair() for greater portability o oauth2-bearer.d: works for HTTP too o openssl: make CURLINFO_CERTINFO not truncate x509v3 fields o openssl: remove redundant assignment o os400: fixed the build o pause: force-drain the transfer on unpause o quiche: update to draft-25 o README: mention that the docs is in docs/ o RELEASE-PROCEDURE: feature win is closed post-release a few days o runtests: make random seed fixed for a month o runtests: restore the command log o schannel: make CURLOPT_CAINFO work better on Windows 7 o schannel_verify: Fix alt names manual verify for UNICODE builds o sha256: use crypto implementations when available o singleuse.pl: support new API functions, fix curl_dbg_ handling o smtp: support the SMTPUTF8 extension o smtp: support UTF-8 based host names in MAIL FROM o SOCKS: make the connect phase non-blocking o strcase: turn Curl_raw_tolower into static o strerror: increase STRERROR_LEN 128 -> 256 o test1323: added missing 'unit test' feature requirement o tests: add a unit test for MD4 digest generation o tests: add a unit test for SHA256 digest generation o tests: add a unit test for the HMAC hash generation o tests: deduce the tool name from the test case for unit tests o tests: fix Python 3 compatibility of smbserver.py o tool_dirhie: allow directory traversal during creation o tool_homedir: change GetEnv() to use libcurl's curl_getenv() o tool_util: improve Windows version of tvnow() o travis: update non-OpenSSL Linux jobs to Bionic o url: include the failure reason when curl_win32_idn_to_ascii() fails o urlapi: guess scheme properly with credentials given o urldata: do string enums without #ifdefs for build scripts o vtls: refactor Curl_multissl_version to make the code clearer o win32: USE_WIN32_CRYPTO to enable Win32 based MD4, MD5 and SHA256
*: Recursive revision bump for openssl 1.1.1.
*: Recursive revbump from devel/boost-libs
curl: Update to 7.68.0 pkgsrc changes: - Removes patch-configure hunks applied upstream Changes: 7.68.0 ------ This release includes the following changes: o TLS: add BearSSL vtls implementation o XFERINFOFUNCTION: support CURL_PROGRESSFUNC_CONTINUE o curl: add --etag-compare and --etag-save o curl: add --parallel-immediate o multi: add curl_multi_wakeup() o openssl: CURLSSLOPT_NO_PARTIALCHAIN can disable partial cert chains This release includes the following bugfixes: o CVE-2019-15601: file: on Windows, refuse paths that start with \\ o Azure Pipelines: add several builds o CMake: add support for building with the NSS vtls backend o CURL-DISABLE: initial docs for the CURL_DISABLE_* defines o CURLOPT_HEADERFUNCTION.3: Document that size is always 1 o CURLOPT_QUOTE.3: fix typos o CURLOPT_READFUNCTION.3: fix the example o CURLOPT_URL.3: "curl supports SMB version 1 (only)" o CURLOPT_VERBOSE.3: see also ERRORBUFFER o HISTORY: added cmake, HTTP/3 and parallel downloads with curl o HISTORY: the SMB(S) support landed in 2014 o INSTALL.md: provide Android build instructions o KNOWN_BUGS: Connection information when using TCP Fast Open o KNOWN_BUGS: LDAP on Windows doesn't work correctly o KNOWN_BUGS: TLS session cache doesn't work with TFO o OPENSOCKETFUNCTION.3: correct the purpose description o TrackMemory tests: always remove CR before LF o altsvc: bump to h3-24 o altsvc: make the save function ignore NULL filenames o build: Disable Visual Studio warning "conditional expression is constant" o build: fix for CURL_DISABLE_DOH o checksrc.bat: Add a check for vquic and vssh directories o checksrc: repair the copyrightyear check o cirrus-ci: enable clang sanitizers on freebsd 13 o cirrus: Drop the FreeBSD 10.4 build o config-win32: cpu-machine-OS for Windows on ARM o configure: avoid unportable `==' test(1) operator o configure: enable IPv6 support without `getaddrinfo` o configure: fix typo in help text o conncache: CONNECT_ONLY connections assumed always in-use o conncache: fix multi-thread use of shared connection cache o copyrights: fix copyright year range o create_conn: prefer multiplexing to using new connections o curl -w: handle a blank input file correctly o curl.h: add two missing defines for "pre ISO C" compilers o curl/parseconfig: fix mem-leak o curl/parseconfig: use curl_free() to free memory allocated by libcurl o curl: cleanup multi handle on failure o curl: fix --upload-file . hangs if delay in STDIN o curl: fix -T globbing o curl: improved cleanup in upload error path o curl: make a few char pointers point to const char instead o curl: properly free mimepost data o curl: show better error message when no homedir is found o curl: show error for --http3 if libcurl lacks support o curl_setup_once: consistently use WHILE_FALSE in macros o define: remove HAVE_ENGINE_LOAD_BUILTIN_ENGINES, not used anymore o docs: Change 'experiemental' to 'experimental' o docs: TLS SRP doesn't work with TLS 1.3 o docs: fix several typos o docs: mention CURL_MAX_INPUT_LENGTH restrictions o doh: improved both encoding and decoding o doh: make it behave when built without proxy support o examples/postinmemory.c: Call curl_global_cleanup always o examples/url2file.c: corrected erroneous comment o examples: add multi-poll.c o global_init: undo the "intialized" bump in case of failure o hostip: suppress compiler warning o http_ntlm: Remove duplicate NSS initialisation o lib: Move lib/ssh.h -> lib/vssh/ssh.h o lib: fix compiler warnings with `CURL_DISABLE_VERBOSE_STRINGS` o lib: fix warnings found when porting to NuttX o lib: remove ASSIGNWITHINCONDITION exceptions, use our code style o lib: remove erroneous +x file permission on some c files o libssh2: add support for ECDSA and ed25519 knownhost keys o multi.h: remove INITIAL_MAX_CONCURRENT_STREAMS from public header o multi: free sockhash on OOM o multi_poll: avoid busy-loop when called without easy handles attached o ngtcp2: Support the latest update key callback type o ngtcp2: fix thread-safety bug in error-handling o ngtcp2: free used resources on disconnect o ngtcp2: handle key updates as ngtcp2 master branch tells us o ngtcp2: increase QUIC window size when data is consumed o ngtcp2: use overflow buffer for extra HTTP/3 data o ntlm: USE_WIN32_CRYPTO check removed to get USE_NTLM2SESSION set o ntlm_wb: fix double-free in OOM o openssl: Revert to less sensitivity for SYSCALL errors o openssl: improve error message for SYSCALL during connect o openssl: prevent recursive function calls from ctx callbacks o openssl: retrieve reported LibreSSL version at runtime o openssl: set X509_V_FLAG_PARTIAL_CHAIN by default o parsedate: offer a getdate_capped() alternative o pause: avoid updating socket if done was already called o projects: Fix Visual Studio projects SSH builds o projects: Fix Visual Studio wolfSSL configurations o quiche: reject HTTP/3 headers in the wrong order o remove_handle: clear expire timers after multi_done() o runtests: --repeat=[num] to repeat tests o runtests: introduce --shallow to reduce huge torture tests o schannel: fix --tls-max for when min is --tlsv1 or default o setopt: Fix ALPN / NPN user option when built without HTTP2 o strerror: Add Curl_winapi_strerror for Win API specific errors o strerror: Fix an error looking up some Windows error strings o strerror: Fix compiler warning "empty expression" o system.h: fix for MCST lcc compiler o test/sws: search for "Testno:" header unconditionally if no testno o test1175: verify symbols-in-versions and libcurl-errors.3 in sync o test1270: a basic -w redirect_url test o test1456: remove the use of a fixed local port number o test1558: use double slash after file: o test1560: require IPv6 for IPv6 aware URL parsing o tests/lib1557: fix mem-leak in OOM o tests/lib1559: fix mem-leak in OOM o tests/lib1591: free memory properly on OOM, in the trailers callback o tests/unit1607: fix mem-leak in OOM o tests/unit1609: fix mem-leak in OOM o tests/unit1620: fix bad free in OOM o tests: Change NTLM tests to require SSL o tests: Fix bounce requests with truncated writes o tests: fix build with `CURL_DISABLE_DOH` o tests: fix permissions of ssh keys in WSL o tests: make it possible to set executable extensions o tests: make sure checksrc runs on header files too o tests: set LC_ALL=en_US.UTF-8 instead of blank in several tests o tests: use DoH feature for DoH tests o tests: use \r\n for log messages in WSL o tool_operate: fix mem leak when failed config parse o travis: Fix error detection o travis: abandon coveralls, it is not reliable o travis: build ngtcp2 with --enable-lib-only o travis: export the CC/CXX variables when set o vtls: make BearSSL possible to set with CURL_SSL_BACKEND o winbuild: Define CARES_STATICLIB when WITH_CARES=static o winbuild: Document CURL_STATICLIB requirement for static libcurl This release includes the following known bugs: o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)
curl: Update to 7.67.0 Changes: 7.67.0 ------ This release includes the following changes: o curl: added --no-progress-meter o setopt: CURLMOPT_MAX_CONCURRENT_STREAMS is new o urlapi: CURLU_NO_AUTHORITY allows empty authority/host part This release includes the following bugfixes: o BINDINGS: five new bindings addded o CURLOPT_TIMEOUT.3: Clarify transfer timeout time includes queue time o CURLOPT_TIMEOUT.3: remove the mention of "minutes" o ESNI: initial build/setup support o FTP: FTPFILE_NOCWD: avoid redundant CWDs o FTP: allow "rubbish" prepended to the SIZE response o FTP: remove trailing slash from path for LIST/MLSD o FTP: skip CWD to entry dir when target is absolute o FTP: url-decode path before evaluation o HTTP3.md: move -p for mkdir, remove -j for make o HTTP3: fix invalid use of sendto for connected UDP socket o HTTP3: fix ngtcp2 Windows build o HTTP3: fix prefix parameter for ngtcp2 build o HTTP3: fix typo somehere1 > somewhere1 o HTTP3: show an --alt-svc using example too o INSTALL: add missing space for configure commands o INSTALL: add vcpkg installation instructions o README: minor grammar fix o altsvc: accept quoted ma and persist values o altsvc: both backends run h3-23 now o appveyor: Add MSVC ARM64 build o appveyor: Use two parallel compilation on appveyor with CMake o appveyor: add --disable-proxy autotools build o appveyor: add 32-bit MinGW-w64 build o appveyor: add a winbuild o appveyor: add a winbuild that uses VS2017 o appveyor: make winbuilds with DEBUG=no/yes and VS 2015/2017 o appveyor: publish artifacts on appveyor o appveyor: upgrade VS2017 to VS2019 o asyn-thread: make use of Curl_socketpair() where available o asyn-thread: s/AF_LOCAL/AF_UNIX for Solaris o build: Remove unused HAVE_LIBSSL and HAVE_LIBCRYPTO defines o checksrc: fix uninitialized variable warning o chunked-encoding: stop hiding the CURLE_BAD_CONTENT_ENCODING error o cirrus: Increase the git clone depth o cirrus: Switch the FreeBSD 11.x build to 11.3 and add a 13.0 build o cirrus: switch off blackhole status on the freebsd CI machines o cleanups: 21 various PVS-Studio warnings o configure: only say ipv6 enabled when the variable is set o configure: remove all cyassl references o conn-reuse: requests wanting NTLM can reuse non-NTLM connections o connect: return CURLE_OPERATION_TIMEDOUT for errno == ETIMEDOUT o connect: silence sign-compare warning o cookie: avoid harmless use after free o cookie: pass in the correct cookie amount to qsort() o cookies: change argument type for Curl_flush_cookies o cookies: using a share with cookies shouldn't enable the cookie engine o copyrights: update copyright notices to 2019 o curl: create easy handles on-demand and not ahead of time o curl: ensure HTTP 429 triggers --retry o curl: exit the create_transfers loop on errors o curl: fix memory leaked by parse_metalink() o curl: load large files with -d @ much faster o docs/HTTP3: fix `--with-ssl` ngtcp2 configure flag o docs: added multi-event.c example o docs: disambiguate CURLUPART_HOST is for host name (ie no port) o docs: note on failed handles not being counted by curl_multi_perform o doh: allow only http and https in debug mode o doh: avoid truncating DNS QTYPE to lower octet o doh: clean up dangling DOH memory on easy close o doh: fix (harmless) buffer overrun o doh: fix undefined behaviour and open up for gcc and clang optimization o doh: return early if there is no time left o examples/sslbackend: fix -Wchar-subscripts warning o examples: remove the "this exact code has not been verified" o git: add tests/server/disabled to .gitignore o gnutls: make gnutls_bye() not wait for response on shutdown o http2: expire a timeout at end of stream o http2: prevent dup'ed handles to send dummy PRIORITY frames o http2: relax verification of :authority in push promise requests o http2_recv: a closed stream trumps pause state o http: lowercase headernames for HTTP/2 and HTTP/3 o ldap: Stop using wide char version of ldapp_err2string o ldap: fix OOM error on missing query string o mbedtls: add error message for cert validity starting in the future o mime: when disabled, avoid C99 macro o ngtcp2: adapt to API change o ngtcp2: compile with latest ngtcp2 + nghttp3 draft-23 o ngtcp2: remove fprintf() calls o openssl: close_notify on the FTP data connection doesn't mean closure o openssl: fix compiler warning with LibreSSL o openssl: use strerror on SSL_ERROR_SYSCALL o os400: getpeername() and getsockname() return ebcdic AF_UNIX sockaddr o parsedate: fix date parsing disabled builds o quiche: don't close connection at end of stream o quiche: persist connection details (fixes -I with --http3) o quiche: set 'drain' when returning without having drained the queues o quiche: update HTTP/3 config creation to new API o redirect: handle redirects to absolute URLs containing spaces o runtests: get textaware info from curl instead of perl o schannel: reverse the order of certinfo insertions o schannel_verify: Fix concurrent openings of CA file o security: silence conversion warning o setopt: handle ALTSVC set to NULL o setopt: make it easier to add new enum values o setopt: store CURLOPT_RTSP_SERVER_CSEQ correctly o smb: check for full size message before reading message details o smbserver: fix Python 3 compatibility o socks: Fix destination host shown on SOCKS5 error o test1162: disable MSYS2's POSIX path conversion o test1591: fix spelling of http feature o tests: add `connect to non-listen` keywords o tests: fix narrowing conversion warnings o tests: fix the test 3001 cert failures o tests: makes tests succeed when using --disable-proxy o tests: use %FILE_PWD for file:// URLs o tests: use port 2 instead of 60000 for a safer non-listening port o tool_operate: Fix retry sleep time shown to user when Retry-After o travis: Add an ARM64 build o url: Curl_free_request_state() should also free doh handles o url: don't set appconnect time for non-ssl/non-ssh connections o url: fix the NULL hostname compiler warning o url: normalize CURLINFO_EFFECTIVE_URL o url: only reuse TLS connections with matching pinning o urlapi: avoid index underflow for short ipv6 hostnames o urlapi: fix URL encoding when setting a full URL o urlapi: fix unused variable warning o urlapi: question mark within fragment is still fragment o urldata: use 'bool' for the bit type on MSVC compilers o vtls: Fix comment typo about macosx-version-min compiler flag o vtls: fix narrowing conversion warnings o winbuild/MakefileBuild.vc: Add vssh o winbuild/MakefileBuild.vc: Fix line endings o winbuild: Add manifest to curl.exe for proper OS version detection o winbuild: add ENABLE_UNICODE option
curl: http2 is now a suggested option; bump revision
curl: Update to 7.66.0 Changes: 7.66.0 ------ This release includes the following changes: o CURLINFO_RETRY_AFTER: parse the Retry-After header value o HTTP3: initial (experimental still not working) support o curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool o curl: support parallel transfers with -Z o curl_multi_poll: a sister to curl_multi_wait() that waits more o sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID This release includes the following bugfixes: o CVE-2019-5481: FTP-KRB double-free o CVE-2019-5482: TFTP small blocksize heap buffer overflow o CI: remove duplicate configure flag for LGTM.com o CMake: remove needless newlines at end of gss variables o CMake: use platform dependent name for dlopen() library o CURLINFO docs: mention that in redirects times are added o CURLOPT_ALTSVC.3: use a "" file name to not load from a file o CURLOPT_ALTSVC_CTRL.3: remove CURLALTSVC_ALTUSED o CURLOPT_HEADERFUNCTION.3: clarify o CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directly o CURLOPT_READFUNCTION.3: provide inline example o CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2 o Curl_addr2string: take an addrlen argument too o Curl_fillreadbuffer: avoid double-free trailer buf on error o HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown o alt-svc: add protocol version selection masking o alt-svc: fix removal of expired cache entry o alt-svc: make it use h3-22 with ngtcp2 as well o alt-svc: more liberal ALPN name parsing o alt-svc: send Alt-Used: in redirected requests o alt-svc: with quiche, use the quiche h3 alpn string o appveyor: pass on -k to make o asyn-thread: create a socketpair to wait on o build-openssl: fix build with Visual Studio 2019 o cleanup: move functions out of url.c and make them static o cleanup: remove the 'numsocks' argument used in many places o configure: avoid undefined check_for_ca_bundle o curl.h: add CURL_HTTP_VERSION_3 to the version enum o curl.h: fix outdated comment o curl: cap the maximum allowed values for retry time arguments o curl: handle a libcurl build without netrc support o curl: make use of CURLINFO_RETRY_AFTER when retrying o curl: remove outdated comment o curl: use .curlrc (with a dot) on Windows o curl: use CURLINFO_PROTOCOL to check for HTTP(s) o curl_global_init_mem.3: mention it was added in 7.12.0 o curl_version: bump string buffer size to 250 o curl_version_info.3: mentioned ALTSVC and HTTP3 o curl_version_info: offer quic (and h3) library info o curl_version_info: provide nghttp2 details o defines: avoid underscore-prefixed defines o docs/ALTSVC: remove what works and the experimental explanation o docs/EXPERIMENTAL: explain what it means and what's experimental now o docs/MANUAL.md: converted to markdown from plain text o docs/examples/curlx: fix errors o docs: s/curl_debug/curl_dbg_debug in comments and docs o easy: resize receive buffer on easy handle reset o examples: Avoid reserved names in hiperfifo examples o examples: add http3.c, altsvc.c and http3-present.c o getenv: support up to 4K environment variable contents on windows o http09: disable HTTP/0.9 by default in both tool and library o http2: when marked for closure and wanted to close == OK o http2_recv: trigger another read when the last data is returned o http: fix use of credentials from URL when using HTTP proxy o http_negotiate: improve handling of gss_init_sec_context() failures o md4: Use our own MD4 when no crypto libraries are available o multi: call detach_connection before Curl_disconnect o netrc: make the code try ".netrc" on Windows o nss: use TLSv1.3 as default if supported o openssl: build warning free with boringssl o openssl: use SSL_CTX_set_<min|max>_proto_version() when available o plan9: add support for running on Plan 9 o progress: reset download/uploaded counter between transfers o readwrite_data: repair setting the TIMER_STARTTRANSFER stamp o scp: fix directory name length used in memcpy o smb: init *msg to NULL in smb_send_and_recv() o smtp: check for and bail out on too short EHLO response o source: remove names from source comments o spnego_sspi: add typecast to fix build warning o src/makefile: fix uncompressed hugehelp.c generation o ssh-libssh: do not specify O_APPEND when not in append mode o ssh: move code into vssh for SSH backends o sspi: fix memory leaks o tests: Replace outdated test case numbering documentation o tftp: return error when packet is too small for options o timediff: make it 64 bit (if possible) even with 32 bit time_t o travis: reduce number of torture tests in 'coverage' o url: make use of new HTTP version if alt-svc has one o urlapi: verify the IPv6 numerical address o urldata: avoid 'generic', use dedicated pointers o vauth: Use CURLE_AUTH_ERROR for auth function errors
Recursive revbump from boost-1.71.0
Bump PKGREVISIONs for perl 5.30.0
*: recursive bump for nettle 3.5.1
curl: Update to 7.65.3 Changes: 7.65.3 ------ This release includes the following bugfixes: o progress: make the progress meter appear again
curl: Update to 7.65.2 Changes: 7.65.2 ------ This release includes the following bugfixes: o CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH o CMake: Convert errant elseif() to else() o CMake: Fix finding Brotli on case-sensitive file systems o CURLMOPT_SOCKETFUNCTION.3: clarified o CURLMOPT_SOCKETFUNCTION.3: fix typo o CURLOPT_CAINFO.3: polished wording o CURLOPT_HEADEROPT.3: Fix example o CURLOPT_RANGE.3: Caution against using it for HTTP PUT o CURLOPT_SEEKDATA.3: fix variable name o DEPRECATE: fixup versions and spelling o bindlocal: detect and avoid IP version mismatches in bind() o build: fix Codacy warnings o buildconf.bat: fix header filename o c-ares: honor port numbers in CURLOPT_DNS_SERVERS o config-os400: add getpeername and getsockname defines o configure: --disable-progress-meter o configure: fix --disable-code-coverage o configure: fix typo '--disable-http-uath' o configure: more --disable switches to toggle off individual features o configure: remove CURL_DISABLE_TLS_SRP o conn_maxage: move the check to prune_dead_connections() o curl: skip CURLOPT_PROXY_CAPATH for disabled-proxy builds o curl_multi_wait.3: escape backslash in example o docs: Explain behavior change in --tlsv1. options since 7.54 o docs: Fix links to OpenSSL docs o docs: fix string suggesting HTTP/2 is not the default o examples/fopen: fix comparison o examples/htmltitle: use C++ casts between pointer types o headers: Remove no longer exported functions o http2: call done_sending on end of upload o http2: don't call stream-close on already closed streams o http2: remove CURL_DISABLE_TYPECHECK define o http: allow overriding timecond with custom header o http: clarify header buffer size calculation o krb5: fix compiler warning o lib: Use UTF-8 encoding in comments o libcurl-tutorial.3: Fix small typo (mutipart -> multipart) o libcurl: Restrict redirect schemes to HTTP, HTTPS, FTP and FTPS o multi: enable multiplexing by default (again) o multi: fix the transfer hashes in the socket hash entries o multi: make sure 'data' can present in several sockhash entries o netrc: Return the correct error code when out of memory o nss: don't set unused parameter o nss: inspect returnvalue of token check o nss: only cache valid CRL entries o nss: support using libnss on macOS o openssl: define HAVE_SSL_GET_SHUTDOWN based on version number o openssl: disable engine if OPENSSL_NO_UI_CONSOLE is defined o openssl: fix pubkey/signature algorithm detection in certinfo o openssl: remove outdated comment o os400: make vsetopt() non-static as Curl_vsetopt() for os400 support o quote.d: asterisk prefix works for SFTP as well o runtests: keep logfiles around by default o runtests: report single test time + total duration o smb: Use the correct error code for access denied on file open o sws: remove unused variables o system_win32: fix clang warning o system_win32: fix typo o test1165: verify that CURL_DISABLE_ symbols are in sync o test1521: adapt to SLISTPOINT o test1523: test CURLOPT_LOW_SPEED_LIMIT o test153: fix content-length to avoid occasional hang o test188/189: fix Content-Length o tests: have runtests figure out disabled features o tests: support non-localhost HOSTIP for dict/smb servers o tests: update fixed IP for hostip/clientip split o tool_cb_prg: Fix integer overflow in progress bar o travis: disable threaded resolver for coverage build o travis: enable alt-svc for coverage build o travis: enable brotli for all xenial jobs o travis: enable libssh2 for coverage build o travis: enable warnings-as-errors for coverage build o travis: update scan-build job to xenial o typecheck: CURLOPT_CONNECT_TO takes an slist too o typecheck: add 3 missing strings and a callback data pointer o unit1654: cleanup on memory failure o unpause: trigger a timeout for event-based transfers o url: Fix CURLOPT_MAXAGE_CONN time comparison o win32: make DLL loading a no-op for UWP o winbuild: Change Makefile to honor ENABLE_OPENSSL_AUTO_LOAD_CONFIG o winbuild: use WITH_PREFIX if given o wolfssl: refer to it as wolfSSL only
Recursive revbump from boost-1.70.0
curl: Update to 7.65.1 Changes: 7.65.1 ------ This release includes the following bugfixes: o CURLOPT_LOW_SPEED_* repaired o NTLM: reset proxy "multipass" state when CONNECT request is done o PolarSSL: deprecate support step 1. Removed from configure o appveyor: add Visual Studio solution build o cmake: check for if_nametoindex() o cmake: support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables o config-win32: add support for if_nametoindex and getsockname o conncache: Remove the DEBUGASSERT on length check o conncache: make "bundles" per host name when doing proxy tunnels o curl-win32.h: Enable Unix Domain Sockets based on the Windows SDK version o curl_share_setopt.3: improve wording o dump-header.d: spell out that no headers == empty file o example/http2-download: fix format specifier o examples: cleanups and compiler warning fixes o http2: Stop drain from being permanently set o http: don't parse body-related headers in bodyless responses o md4: build correctly with openssl without MD4 o md4: include the mbedtls config.h to get the MD4 info o multi: track users of a socket better o nss: allow to specify TLS 1.3 ciphers if supported by NSS o parse_proxy: make sure portptr is initialized o parse_proxy: use the IPv6 zone id if given o sectransp: handle errSSLPeerAuthCompleted from SSLRead() o singlesocket: use separate variable for inner loop o ssl: Update outdated "openssl-only" comments for supported backends o tests: add HAProxy keywords o tests: add support to test against OpenSSH for Windows o tests: make test 1420 and 1406 work with rtsp-disabled libcurl o tls13-docs: mention it is only for OpenSSL >= 1.1.1 o tool_parse_cfg: Avoid 2 fopen() for WIN32 o tool_setopt: for builds with disabled-proxy, skip all proxy setopts() o url: Load if_nametoindex() dynamically from iphlpapi.dll on Windows o url: fix bad feature-disable #ifdef o url: use correct port in ConnectionExists() o winbuild: Use two space indentation
curl: Update to 7.65.0 pkgsrc changes: - Remove patch-configure test(1) `==' -> `=' hunk applied upstream Changes: 7.65.0 ------ This release includes the following changes: o CURLOPT_DNS_USE_GLOBAL_CACHE: removed o CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse o pipelining: removed This release includes the following bugfixes: o CVE-2019-5435: Integer overflows in curl_url_set o CVE-2019-5436: tftp: use the current blksize for recvfrom() o --config: clarify that initial : and = might need quoting o AppVeyor: enable testing for WinSSL build o CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk o CURLOPT_ADDRESS_SCOPE: fix range check and more o CURLOPT_CAINFO.3: with Schannel, you want Windows 8 or later o CURLOPT_CHUNK_BGN_FUNCTION.3: document the struct and time value o CURLOPT_READFUNCTION.3: see also CURLOPT_UPLOAD_BUFFERSIZE o CURL_MAX_INPUT_LENGTH: largest acceptable string input size o Curl_disconnect: treat all CONNECT_ONLY connections as "dead" o INTERNALS: Add code highlighting o OS400/ccsidcurl: replace use of Curl_vsetopt o OpenSSL: Report -fips in version if OpenSSL is built with FIPS o README.md: fix no-consecutive-blank-lines Codacy warning o VC15 project: remove MinimalRebuild o VS projects: use Unicode for VC10+ o WRITEFUNCTION: add missing set_in_callback around callback o altsvc: Fix building with cookies disabled o auth: Rename the various authentication clean up functions o base64: build conditionally if there are users o build-openssl.bat: Fixed support for OpenSSL v1.1.0+ o build: fix "clarify calculation precedence" warnings o checksrc.bat: ignore snprintf warnings in docs/examples o cirrus: Customize the disabled tests per FreeBSD version o cleanup: remove FIXME and TODO comments o cmake: avoid linking executable for some tests with cmake 3.6+ o cmake: clear CMAKE_REQUIRED_LIBRARIES after each use o cmake: rename CMAKE_USE_DARWINSSL to CMAKE_USE_SECTRANSP o cmake: set SSL_BACKENDS o configure: avoid unportable `==' test(1) operator o configure: error out if OpenSSL wasn't detected when asked for o configure: fix default location for fish completions o cookie: Guard against possible NULL ptr deref o curl: make code work with protocol-disabled libcurl o curl: report error for "--no-" on non-boolean options o curl_easy_getinfo.3: fix minor formatting mistake o curlver.h: use parenthesis in CURL_VERSION_BITS macro o docs/BUG-BOUNTY: bug bounty time o docs/INSTALL: fix broken link o docs/RELEASE-PROCEDURE: link to live iCalendar o documentation: Fix several typos o doh: acknowledge CURL_DISABLE_DOH o doh: disable DOH for the cases it doesn't work o examples: remove unused variables o ftplistparser: fix LGTM alert "Empty block without comment" o hostip: acknowledge CURL_DISABLE_SHUFFLE_DNS o http: Ignore HTTP/2 prior knowledge setting for HTTP proxies o http: acknowledge CURL_DISABLE_HTTP_AUTH o http: mark bundle as not for multiuse on < HTTP/2 response o http_digest: Don't expose functions when HTTP and Crypto Auth are disabled o http_negotiate: do not treat failure of gss_init_sec_context() as fatal o http_ntlm: Corrected the name of the include guard o http_ntlm_wb: Handle auth for only a single request o http_ntlm_wb: Return the correct error on receiving an empty auth message o lib509: add missing include for strdup o lib557: initialize variables o makedebug: Fix ERRORLEVEL detection after running where.exe o mbedtls: enable use of EC keys o mime: acknowledge CURL_DISABLE_MIME o multi: improved HTTP_1_1_REQUIRED handling o netrc: acknowledge CURL_DISABLE_NETRC o nss: allow fifos and character devices for certificates o nss: provide more specific error messages on failed init o ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup o ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4 o openssl: mark connection for close on TLS close_notify o openvms: Remove pre-processor for SecureTransport o openvms: Remove pre-processors for Windows o parse_proxy: use the URL parser API o parsedate: disabled on CURL_DISABLE_PARSEDATE o pingpong: disable more when no pingpong protocols are enabled o polarssl_threadlock: remove conditionally unused code o progress: acknowledge CURL_DISABLE_PROGRESS_METER o proxy: acknowledge DISABLE_PROXY more o resolve: apply Happy Eyeballs philosophy to parallel c-ares queries o revert "multi: support verbose conncache closure handle" o sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616 o sasl: only enable if there's a protocol enabled using it o scripts: fix typos o singleipconnect: show port in the verbose "Trying ..." message o smtp: fix compiler warning o socks5: user name and passwords must be shorter than 256 o socks: fix error message o socksd: new SOCKS 4+5 server for tests o spnego_gssapi: fix return code on gss_init_sec_context() failure o ssh-libssh: remove unused variable o ssh: define USE_SSH if SSH is enabled (any backend) o ssh: move variable declaration to where it's used o test1002: correct the name o test2100: Fix typos in test description o tests/server/util: fix Windows Unicode build o tests: Run global cleanup at end of tests o tests: make Impacket (SMB server) Python 3 compatible o tool_cb_wrt: fix bad-function-cast warning o tool_formparse: remove redundant assignment o tool_help: Warn if curl and libcurl versions do not match o tool_help: include <strings.h> for strcasecmp o transfer: fix LGTM alert "Comparison is always true" o travis: add an osx http-only build o travis: allow builds on branches named "ci" o travis: install dependencies only when needed o travis: update some builds do Xenial o travis: updated mesalink builds o url: always clone the CUROPT_CURLU handle o url: convert the zone id from a IPv6 URL to correct scope id o urlapi: add CURLUPART_ZONEID to set and get o urlapi: increase supported scheme length to 40 bytes o urlapi: require a non-zero host name length when parsing URL o urlapi: stricter CURLUPART_PORT parsing o urlapi: strip off zone id from numerical IPv6 addresses o urlapi: urlencode characters above 0x7f correctly o vauth/cleartext: update the PLAIN login to match RFC 4616 o vauth/oauth2: Fix OAUTHBEARER token generation o vauth: Fix incorrect function description for Curl_auth_user_contains_domain o vtls: fix potential ssl_buffer stack overflow o wildcard: disable from build when FTP isn't present o winbuild: Support MultiSSL builds o xattr: skip unittest on unsupported platforms
curl: Update to 7.64.1 pkgsrc changes: - No longer install MANUAL, it is no longer available - Remove patch-lib_hostcheck.c, <netinet/in.h> is already included few lines before - Take MAINTAINERSHIP Changes: 7.64.1 ====== This release includes the following changes: o alt-svc: experiemental support added [74] o configure: add --with-amissl [84] This release includes the following bugfixes: o AppVeyor: add MinGW-w64 and classic Mingw builds [55] o AppVeyor: switch VS 2015 builds to VS 2017 image [49] o CURLU: fix NULL dereference when used over proxy [73] o Curl_easy: remove req.maxfd - never used! [58] o Curl_now: figure out windows version in win32_init: [11] o Curl_resolv: fix a gcc -Werror=maybe-uninitialized warning [20] o DoH: inherit some SSL options from user's easy handle [80] o Secure Transport: no more "darwinssl" [56] o Secure Transport: tvOS 11 is required for ALPN support [94] o cirrus: Added FreeBSD builds using Cirrus CI o cleanup: make local functions static [5] o cli tool: do not use mime.h private structures [27] o cmdline-opts/proxytunnel.d: the option tunnnels all protocols [83] o configure: add additional libraries to check for LDAP support [45] o configure: remove the unused fdopen macro [40] o configure: show features as well in the final summary [15] o conncache: use conn->data to know if a transfer owns it [95] o connection: never reuse CONNECT_ONLY connections [35] o connection_check: restore original conn->data after the check [14] o connection_check: set ->data to the transfer doing the check [3] o cookie: Add support for cookie prefixes [29] o cookies: dotless names can set cookies again [81] o cookies: fix NULL dereference if flushing cookies with no CookieInfo set [47] o curl.1: --user and --proxy-user are hidden from ps output [86] o curl.1: mark the argument to --cookie as <data|filename> [87] o curl.h: use __has_declspec_attribute for shared builds [52] o curl: display --version features sorted alphabetically [51] o curl: fix FreeBSD compiler warning in the --xattr code [2] o curl: remove MANUAL from -M output [38] o curl_easy_duphandle.3: clarify that a duped handle has no shares [64] o curl_multi_remove_handle.3: use at any time, just not from within callbacks o curl_url.3: this API is not experimental anymore o dns: release sharelock as soon as possible [1] o docs: update max-redirs.d phrasing [59] o easy: fix win32 init to work without CURL_GLOBAL_WIN32 [30] o examples/10-at-a-time.c: improve readability and simplify o examples/cacertinmem.c: use multiple certificates for loading CA-chain [54] o examples/crawler: Fix the Accept-Encoding setting o examples/ephiperfifo.c: various fixes [63] o examples/externalsocket: add missing close socket calls [78] o examples/http2-download: cleaned up o examples/http2-serverpush: add some sensible error checks [31] o examples/http2-upload: cleaned up o examples/httpcustomheader: Value stored to 'res' is never read o examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory' o examples/sftpuploadresume: Value stored to 'result' is never read o examples: only include <curl/curl.h> [70] o examples: remove recursive calls to curl_multi_socket_action [42] o examples: remove superfluous null-pointer checks o file: fix "Checking if unsigned variable 'readcount' is less than zero." [90] o fnmatch: disable if FTP is disabled [25] o gnutls: remove call to deprecated gnutls_compression_get_name [66] o gopher: remove check for path == NULL [69] o gssapi: fix deprecated header warnings [16] o hostip: make create_hostcache_id avoid alloc + free [4] o http2: multi_connchanged() moved from multi.c, only used for h2 [21] o http2: verify :athority in push promise requests [37] o http: make adding a blank header thread-safe [33] o http: send payload when (proxy) authentication is done [89] o http: set state.infilesize when sending multipart formposts [57] o makefile: make checksrc and hugefile commands "silent" [85] o mbedtls: make it build even if MBEDTLS_VERSION_C isn't set [24] o mbedtls: release sessionid resources on error [28] o memdebug: log pointer before freeing its data [91] o memdebug: make debug-specific functions use curl_dbg_ prefix [82] o mime: put the boundary buffer into the curl_mime struct [18] o multi: call multi_done on connect timeouts, fixes CURLINFO_TOTAL_TIME [43] o multi: remove verbose "Expire in" ... messages [23] o multi: removed unused code for request retries [79] o multi: support verbose conncache closure handle [72] o negotiate: fix for HTTP POST with Negotiate [88] o openssl: add support for TLS ASYNC state [46] o openssl: if cert type is ENG and no key specified, key is ENG too [93] o pretransfer: don't strlen() POSTFIELDS set for GET requests [22] o rand: Fix a mismatch between comments in source and header [32] o runtests: detect "schannel" as an alias for "winssl" [50] o schannel: be quiet - remove verbose output [19] o schannel: close TLS before removing conn from cache [10] o schannel: support CALG_ECDH_EPHEM algorithm [44] o scripts/completion.pl: also generate fish completion file [67] o singlesocket: fix the 'sincebefore' placement [36] o source: fix two 'nread' may be used uninitialized warnings [68] o ssh: fix Condition '!status' is always true [60] o ssh: loop the state machine if not done and not blocking [71] o strerror: make the strerror function use local buffers [48] o system_win32: move win32_init here from easy.c [65] o test578: make it read data from the correct test o tests: Fixed XML validation errors in some test files o tests: add stderr comparison to the test suite [26] o tests: fix multiple may be used uninitialized warnings o threaded-resolver: shutdown the resolver thread without error message [61] o tool_cb_wrt: fix writing to Windows null device NUL [96] o tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr [84] o tool_operate: build on AmigaOS [84] o tool_operate: fix typecheck warning [9] o transfer.c: do not compute length of undefined hex buffer o travis: add build using gnutls [75] o travis: add scan-build [13] o travis: bump the used wolfSSL version to 4.0.0 [92] o travis: enable valgrind for the iconv tests [12] o travis: use updated compiler versions: clang 7 and gcc 8 [77] o unit1307: require FTP support [17] o unit1651: survive curl_easy_init() fails o url/idnconvert: remove scan for <= 32 ascii values [6] o url: change conn shutdown order to ensure SOCKETFUNCTION callbacks [39] o urlapi: reduce variable scope, remove unreachable 'break' [7] o urldata: convert bools to bitfields and move to end [53] o urldata: simplify bytecounters [62] o urlglob: Argument with 'nonnull' attribute passed null o version.c: silent scan-build even when librtmp is not enabled o vtls: rename some of the SSL functions [84] o wolfssl: stop custom-adding curves [41] o x509asn1: "Dereference of null pointer" o x509asn1: cleanup and unify code layout [34] o zsh.pl: escape ':' character [8] o zsh.pl: update regex to better match curl -h output [8]
Pullup ticket #5910 - requested by mlelstv
www/curl: security fix
Revisions pulled up:
- www/curl/Makefile 1.207
- www/curl/PLIST 1.73
- www/curl/distinfo 1.150
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Feb 6 08:02:48 UTC 2019
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
Log Message:
curl: updated to 7.64.0
curl and libcurl 7.64.0
This release includes the following changes:
* cookies: leave secure cookies alone
* hostip: support wildcard hosts
* http: Implement trailing headers for chunked transfers
* http: added options for allowing HTTP/0.9 responses
* timeval: Use high resolution timestamps on Windows
This release includes the following bugfixes:
* CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
* CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
* CVE-2019-3823: SMTP end-of-response out-of-bounds read
* FAQ: remove mention of sourceforge for github
* OS400: handle memory error in list conversion
* OS400: upgrade ILE/RPG binding.
* README: add codacy code quality badge
* Revert http_negotiate: do not close connection
* THANKS: added several missing names from year <= 2000
* build: make 'tidy' target work for metalink builds
* cmake: added checks for variadic macros
* cmake: updated check for HAVE_POLL_FINE to match autotools
* cmake: use lowercase for function name like the rest of the code
* configure: detect xlclang separately from clang
* configure: fix recv/send/select detection on Android
* configure: rewrite --enable-code-coverage
* conncache_unlock: avoid indirection by changing input argument type
* cookie: fix comment typo
* cookies: allow secure override when done over HTTPS
* cookies: extend domain checks to non psl builds
* cookies: skip custom cookies when redirecting cross-site
* curl --xattr: strip credentials from any URL that is stored
* curl -J: refuse to append to the destination file
* curl/urlapi.h: include "curl.h" first
* curl_multi_remove_handle() don't block terminating c-ares requests
* darwinssl: accept setting max-tls with default min-tls
* disconnect: separate connections and easy handles better
* disconnect: set conn->data for protocol disconnect
* docs/version.d: mention MultiSSL
* docs: fix the --tls-max description
* docs: use $(INSTALL_DATA) to install man page
* docs: use meaningless port number in CURLOPT_LOCALPORT example
* gopher: always include the entire gopher-path in request
* http2: clear pause stream id if it gets closed
* if2ip: remove unused function Curl_if_is_interface_name
* libssh: do not let libssh create socket
* libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
* libssh: free sftp_canonicalize_path() data correctly
* libtest/stub_gssapi: use "real" snprintf
* mbedtls: use VERIFYHOST
* multi: multiplexing improvements
* multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
* ntlm: fix NTMLv2 compliance
* ntlm_sspi: add support for channel binding
* openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
* openssl: fix the SSL_get_tlsext_status_ocsp_resp call
* openvms: fix OpenSSL discovery on VAX
* openvms: fix typos in documentation
* os400: add a missing closing bracket
* os400: fix extra parameter syntax error
* pingpong: change default response timeout to 120 seconds
* pingpong: ignore regular timeout in disconnect phase
* printf: fix format specifiers
* runtests.pl: Fix perl call to include srcdir
* schannel: fix compiler warning
* schannel: preserve original certificate path parameter
* schannel: stop calling it "winssl"
* sigpipe: if mbedTLS is used, ignore SIGPIPE
* smb: fix incorrect path in request if connection reused
* ssh: log the libssh2 error message when ssh session startup fails
* test1558: verify CURLINFO_PROTOCOL on file:// transfer
* test1561: improve test name
* test1653: make it survive torture tests
* tests: allow tests to pass by 2037-02-12
* tests: move objnames-* from lib into tests
* timediff: fix math for unsigned time_t
* timeval: Disable MSVC Analyzer GetTickCount warning
* tool_cb_prg: avoid integer overflow
* travis: added cmake build for osx
* urlapi: Fix port parsing of eol colon
* urlapi: distinguish possibly empty query
* urlapi: fix parsing ipv6 with zone index
* urldata: rename easy_conn to just conn
* winbuild: conditionally use /DZLIB_WINAPI
* wolfssl: fix memory-leak in threaded use
* spnego_sspi: add support for channel binding
curl: updated to 7.64.0 curl and libcurl 7.64.0 This release includes the following changes: * cookies: leave secure cookies alone * hostip: support wildcard hosts * http: Implement trailing headers for chunked transfers * http: added options for allowing HTTP/0.9 responses * timeval: Use high resolution timestamps on Windows This release includes the following bugfixes: * CVE-2018-16890: NTLM type-2 out-of-bounds buffer read * CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow * CVE-2019-3823: SMTP end-of-response out-of-bounds read * FAQ: remove mention of sourceforge for github * OS400: handle memory error in list conversion * OS400: upgrade ILE/RPG binding. * README: add codacy code quality badge * Revert http_negotiate: do not close connection * THANKS: added several missing names from year <= 2000 * build: make 'tidy' target work for metalink builds * cmake: added checks for variadic macros * cmake: updated check for HAVE_POLL_FINE to match autotools * cmake: use lowercase for function name like the rest of the code * configure: detect xlclang separately from clang * configure: fix recv/send/select detection on Android * configure: rewrite --enable-code-coverage * conncache_unlock: avoid indirection by changing input argument type * cookie: fix comment typo * cookies: allow secure override when done over HTTPS * cookies: extend domain checks to non psl builds * cookies: skip custom cookies when redirecting cross-site * curl --xattr: strip credentials from any URL that is stored * curl -J: refuse to append to the destination file * curl/urlapi.h: include "curl.h" first * curl_multi_remove_handle() don't block terminating c-ares requests * darwinssl: accept setting max-tls with default min-tls * disconnect: separate connections and easy handles better * disconnect: set conn->data for protocol disconnect * docs/version.d: mention MultiSSL * docs: fix the --tls-max description * docs: use $(INSTALL_DATA) to install man page * docs: use meaningless port number in CURLOPT_LOCALPORT example * gopher: always include the entire gopher-path in request * http2: clear pause stream id if it gets closed * if2ip: remove unused function Curl_if_is_interface_name * libssh: do not let libssh create socket * libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh * libssh: free sftp_canonicalize_path() data correctly * libtest/stub_gssapi: use "real" snprintf * mbedtls: use VERIFYHOST * multi: multiplexing improvements * multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time * ntlm: fix NTMLv2 compliance * ntlm_sspi: add support for channel binding * openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated * openssl: fix the SSL_get_tlsext_status_ocsp_resp call * openvms: fix OpenSSL discovery on VAX * openvms: fix typos in documentation * os400: add a missing closing bracket * os400: fix extra parameter syntax error * pingpong: change default response timeout to 120 seconds * pingpong: ignore regular timeout in disconnect phase * printf: fix format specifiers * runtests.pl: Fix perl call to include srcdir * schannel: fix compiler warning * schannel: preserve original certificate path parameter * schannel: stop calling it "winssl" * sigpipe: if mbedTLS is used, ignore SIGPIPE * smb: fix incorrect path in request if connection reused * ssh: log the libssh2 error message when ssh session startup fails * test1558: verify CURLINFO_PROTOCOL on file:// transfer * test1561: improve test name * test1653: make it survive torture tests * tests: allow tests to pass by 2037-02-12 * tests: move objnames-* from lib into tests * timediff: fix math for unsigned time_t * timeval: Disable MSVC Analyzer GetTickCount warning * tool_cb_prg: avoid integer overflow * travis: added cmake build for osx * urlapi: Fix port parsing of eol colon * urlapi: distinguish possibly empty query * urlapi: fix parsing ipv6 with zone index * urldata: rename easy_conn to just conn * winbuild: conditionally use /DZLIB_WINAPI * wolfssl: fix memory-leak in threaded use * spnego_sspi: add support for channel binding
curl: Drop redundant comment
revbump for boost 1.69.0
curl: Update www/curl to 7.63.0
pkgsrc changes:
- Remove no longer needed patch-lib_connect.c: imported upstream
Changes:
7.63.0
------
This release includes the following changes:
o curl: add %{stderr} and %{stdout} for --write-out
o curl: add undocumented option --dump-module-paths for win32
o setopt: add CURLOPT_CURLU
This release includes the following bugfixes:
o (lib)curl.rc: fixup for minor bugs
o CURLINFO_REDIRECT_URL: extract the Location: header field unvalidated
o CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis and description
o CURLOPT_WRITEFUNCTION.3: spell out that it gets called many times
o Curl_follow: accept non-supported schemes for "fake" redirects
o KNOWN_BUGS: add --proxy-any connection issue
o NTLM: Remove redundant ifdef USE_OPENSSL
o NTLM: force the connection to HTTP/1.1
o OS400: add URL API ccsid wrappers and sync ILE/RPG bindings
o SECURITY-PROCESS: bountygraph shuts down again
o TODO: Have the URL API offer IDN decoding
o ares: remove fd from multi fd set when ares is about to close the fd
o axtls: removed
o checksrc: add COPYRIGHTYEAR check
o cmake: fix MIT/Heimdal Kerberos detection
o configure: include all libraries in ssl-libs fetch
o configure: show CFLAGS, LDFLAGS etc in summary
o connect: fix building for recent versions of Minix
o cookies: create the cookiejar even if no cookies to save
o cookies: expire "Max-Age=0" immediately
o curl: --local-port range was not "including"
o curl: fix --local-port integer overflow
o curl: fix memory leak reading --writeout from file
o curl: fixed UTF-8 in current console code page (Windows)
o curl_easy_perform: fix timeout handling
o curl_global_sslset(): id == -1 is not necessarily an error
o curl_multibyte: fix a malloc overcalculation
o curle: move deprecated error code to ifndef block
o docs: curl_formadd field and file names are now escaped
o docs: escape "\n" codes
o doh: fix memory leak in OOM situation
o doh: make it work for h2-disabled builds too
o examples/ephiperfifo: report error when epoll_ctl fails
o ftp: avoid two unsigned int overflows in FTP listing parser
o host names: allow trailing dot in name resolve, then strip it
o http2: Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1
o http: don't set CURLINFO_CONDITION_UNMET for http status code 204
o http: fix HTTP Digest auth to include query in URI
o http_negotiate: do not close connection until negotiation is completed
o impacket: add LICENSE
o infof: clearly indicate truncation
o ldap: fix LDAP URL parsing regressions
o libcurl: stop reading from paused transfers
o mprintf: avoid unsigned integer overflow warning
o netrc: don't ignore the login name specified with "--user"
o nss: Fall back to latest supported SSL version
o nss: Fix compatibility with nss versions 3.14 to 3.15
o nss: fix fallthrough comment to fix picky compiler warning
o nss: remove version selecting dead code
o nss: set default max-tls to 1.3/1.2
o openssl: Remove SSLEAY leftovers
o openssl: do not log excess "TLS app data" lines for TLS 1.3
o openssl: do not use file BIOs if not requested
o openssl: fix unused variable compiler warning with old openssl
o openssl: support session resume with TLS 1.3
o openvms: fix example name
o os400: Add curl_easy_conn_upkeep() to ILE/RPG binding
o os400: add CURLOPT_CURLU to ILE/RPG binding
o os400: fix return type of curl_easy_pause() in ILE/RPG binding
o packages: remove old leftover files and dirs
o pop3: only do APOP with a valid timestamp
o runtests: use the local curl for verifying
o schannel: be consistent in Schannel capitalization
o schannel: better CURLOPT_CERTINFO support
o schannel: use Curl_ prefix for global private symbols
o snprintf: renamed and we now only use msnprintf()
o ssl: fix compilation with OpenSSL 0.9.7
o ssl: replace all internal uses of CURLE_SSL_CACERT
o symbols-in-versions: add missing CURLU_ symbols
o test328: verify Content-Encoding: none
o tests: disable SO_EXCLUSIVEADDRUSE for stunnel on Windows
o tests: drop http_pipe.py script no longer used
o tool_cb_wrt: Silence function cast compiler warning
o tool_doswin: Fix uninitialized field warning
o travis: build with clang sanitizers
o travis: remove curl before a normal build
o url: a short host name + port is not a scheme
o url: fix IPv6 numeral address parser
o urlapi: only skip encoding the first '=' with APPENDQUERY set
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Alessandro Ghedini, Alexey Melnichuk, Antoni Villalonga, Ben Greear,
bobmitchell1956 on github, Brad King, Brian Carpenter, daboul on github,
Daniel Gustafsson, Daniel Stenberg, Dave Reisner, David Benjamin,
Dheeraj Sangamkar, dtmsecurity on github, Elia Tufarolo, Frank Gevaerts,
Gergely Nagy, Gisle Vanem, Hagai Auro, Han Han, infinnovation-dev on github,
James Knight, Jérémy Rocher, Jeroen Ooms, Jim Fuller, Johannes Schindelin,
Kamil Dudka, Konstantin Kushnir, Marcel Raad, Marc Hörsken, Marcos Diazr,
Michael Kaufmann, NTMan on Github, Patrick Monnerat, Paul Howarth,
Pavel Pavlov, Peter Wu, Ray Satiro, Rod Widdowson, Romain Fliedel,
Samuel Surtees, Sevan Janiyan, Stefan Kanthak, Sven Blumenstein, Tim Rühsen,
Tobias Hintze, Tomas Hoger, tonystz on Github, tpaukrt on github,
Viktor Szakats, Yasuhiro Matsumoto,
(51 contributors)
Thanks! (and sorry if I forgot to mention someone)
Need pthread support, make sure a substitue is present if OS lacks support natively, e.g Minix at present.
Pullup ticket #5872 - requested by leot
www/curl: security update
Revisions pulled up:
- www/curl/Makefile 1.202
- www/curl/PLIST 1.71
- www/curl/distinfo 1.147
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: leot
Date: Wed Oct 31 08:06:24 UTC 2018
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
Log Message:
curl: Update www/curl to 7.62.0
Changes:
7.62.0
------
This release includes the following changes:
o multiplex: enable by default
o url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
o setopt: add CURLOPT_DOH_URL
o curl: --doh-url added
o setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
o imap: change from "FETCH" to "UID FETCH"
o configure: add option to disable automatic OpenSSL config loading
o upkeep: add a connection upkeep API: curl_easy_upkeep()
o URL-API: added five new functions
o vtls: MesaLink is a new TLS backend
This release includes the following bugfixes:
o CVE-2018-16839: SASL password overflow via integer overflow
o CVE-2018-16840: use-after-free in handle close
o CVE-2018-16842: warning message out-of-buffer read
o CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated
o Curl_dedotdotify(): always nul terminate returned string
o Curl_follow: Always free the passed new URL
o Curl_http2_done: fix memleak in error path
o Curl_retry_request: fix memory leak
o Curl_saferealloc: Fixed typo in docblock
o FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
o GnutTLS: TLS 1.3 support
o SECURITY-PROCESS: mention the bountygraph program
o VS projects: add USE_IPV6:
o Windows: fixes for MinGW targeting Windows Vista
o anyauthput: fix compiler warning on 64-bit Windows
o appveyor: add WinSSL builds
o appveyor: run test suite (on Windows!)
o certs: generate tests certs with sha256 digest algorithm
o checksrc: enable strict mode and warnings
o checksrc: handle zero scoped ignore commands
o cmake: Backport to work with CMake 3.0 again
o cmake: Improve config installation
o cmake: add support for transitive ZLIB target
o cmake: disable -Wpedantic-ms-format
o cmake: don't require OpenSSL if USE_OPENSSL=OFF
o cmake: fixed path used in generation of docs/tests
o cmake: remove unused *SOCKLEN_T variables
o cmake: suppress MSVC warning C4127 for libtest
o cmake: test and set missed defines during configuration
o comment: Fix multiple typos in function parameters
o config: Remove unused SIZEOF_VOIDP
o config_win32: enable LDAPS
o configure: force-use -lpthreads on HPUX
o configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T
o configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE
o cookies: Remove redundant expired check
o cookies: fix leak when writing cookies to file
o curl-config.in: remove dependency on bc
o curl.1: --ipv6 mutexes ipv4 (fixed typo)
o curl: enabled Windows VT Support and UTF-8 output
o curl: update the documentation of --tlsv1.0
o curl_multi_wait: call getsock before figuring out timeout
o curl_ntlm_wb: check aprintf() return codes
o curl_threads: fix classic MinGW compile break
o darwinssl: Fix realloc memleak
o darwinssl: more specific and unified error codes
o data-binary.d: clarify default content-type is x-www-form-urlencoded
o docs/BUG-BOUNTY: explain the bounty program
o docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers
o docs/CIPHERS: fix the TLS 1.3 cipher names
o docs/CIPHERS: mention the colon separation for OpenSSL
o docs/examples: URL updates
o docs: add "see also" links for SSL options
o example/asiohiper: insert warning comment about its status
o example/htmltidy: fix include paths of tidy libraries
o examples/Makefile.m32: sync with core
o examples/http2-pushinmemory: receive HTTP/2 pushed files in memory
o examples/parseurl.c: show off the URL API
o examples: Fix memory leaks from realloc errors
o examples: do not wait when no transfers are running
o ftp: include command in Curl_ftpsend sendbuffer
o gskit: make sure to terminate version string
o gtls: Values stored to but never read
o hostip: fix check on Curl_shuffle_addr return value
o http2: fix memory leaks on error-path
o http: fix memleak in rewind error path
o krb5: fix memory leak in krb_auth
o ldap: show precise LDAP call in error message on Windows
o lib: fix gcc8 warning on Windows
o memory: add missing curl_printf header
o memory: ensure to check allocation results
o multi: Fix error handling in the SENDPROTOCONNECT state
o multi: fix memory leak in content encoding related error path
o multi: make the closure handle "inherit" CURLOPT_NOSIGNAL
o netrc: free temporary strings if memory allocation fails
o nss: fix nssckbi module loading on Windows
o nss: try to connect even if libnssckbi.so fails to load
o ntlm_wb: Fix memory leaks in ntlm_wb_response
o ntlm_wb: bail out if the response gets overly large
o openssl: assume engine support in 0.9.8 or later
o openssl: enable TLS 1.3 post-handshake auth
o openssl: fix gcc8 warning
o openssl: load built-in engines too
o openssl: make 'done' a proper boolean
o openssl: output the correct cipher list on TLS 1.3 error
o openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
o openssl: show "proper" version number for libressl builds
o pipelining: deprecated
o rand: add comment to skip a clang-tidy false positive
o rtmp: fix for compiling with lwIP
o runtests: ignore disabled even when ranges are given
o runtests: skip ld_preload tests on macOS
o runtests: use Windows paths for Windows curl
o schannel: unified error code handling
o sendf: Fix whitespace in infof/failf concatenation
o ssh: free the session on init failures
o ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code
o system.h: use proper setting with Sun C++ as well
o test1299: use single quotes around asterisk
o test1452: mark as flaky
o test1651: unit test Curl_extract_certinfo()
o test320: strip out more HTML when comparing
o tests/negtelnetserver.py: fix Python2-ism in neg TELNET server
o tests: add unit tests for url.c
o timeval: fix use of weak symbol clock_gettime() on Apple platforms
o tool_cb_hdr: handle failure of rename()
o travis: add a "make tidy" build that runs clang-tidy
o travis: add build for "configure --disable-verbose"
o travis: bump the Secure Transport build to use xcode
o travis: make distcheck scan for BOM markers
o unit1300: fix stack-use-after-scope AddressSanitizer warning
o urldata: Fix "connecting" comment
o urlglob: improve error message on bad globs
o vtls: fix ssl version "or later" behavior change for many backends
o x509asn1: Fix SAN IP address verification
o x509asn1: always check return code from getASN1Element()
o x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
o x509asn1: suppress left shift on signed value
To generate a diff of this commit:
cvs rdiff -u -r1.201 -r1.202 pkgsrc/www/curl/Makefile
cvs rdiff -u -r1.70 -r1.71 pkgsrc/www/curl/PLIST
cvs rdiff -u -r1.146 -r1.147 pkgsrc/www/curl/distinfo
curl: Update www/curl to 7.62.0 Changes: 7.62.0 ------ This release includes the following changes: o multiplex: enable by default o url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled o setopt: add CURLOPT_DOH_URL o curl: --doh-url added o setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size o imap: change from "FETCH" to "UID FETCH" o configure: add option to disable automatic OpenSSL config loading o upkeep: add a connection upkeep API: curl_easy_upkeep() o URL-API: added five new functions o vtls: MesaLink is a new TLS backend This release includes the following bugfixes: o CVE-2018-16839: SASL password overflow via integer overflow o CVE-2018-16840: use-after-free in handle close o CVE-2018-16842: warning message out-of-buffer read o CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated o Curl_dedotdotify(): always nul terminate returned string o Curl_follow: Always free the passed new URL o Curl_http2_done: fix memleak in error path o Curl_retry_request: fix memory leak o Curl_saferealloc: Fixed typo in docblock o FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output o GnutTLS: TLS 1.3 support o SECURITY-PROCESS: mention the bountygraph program o VS projects: add USE_IPV6: o Windows: fixes for MinGW targeting Windows Vista o anyauthput: fix compiler warning on 64-bit Windows o appveyor: add WinSSL builds o appveyor: run test suite (on Windows!) o certs: generate tests certs with sha256 digest algorithm o checksrc: enable strict mode and warnings o checksrc: handle zero scoped ignore commands o cmake: Backport to work with CMake 3.0 again o cmake: Improve config installation o cmake: add support for transitive ZLIB target o cmake: disable -Wpedantic-ms-format o cmake: don't require OpenSSL if USE_OPENSSL=OFF o cmake: fixed path used in generation of docs/tests o cmake: remove unused *SOCKLEN_T variables o cmake: suppress MSVC warning C4127 for libtest o cmake: test and set missed defines during configuration o comment: Fix multiple typos in function parameters o config: Remove unused SIZEOF_VOIDP o config_win32: enable LDAPS o configure: force-use -lpthreads on HPUX o configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T o configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE o cookies: Remove redundant expired check o cookies: fix leak when writing cookies to file o curl-config.in: remove dependency on bc o curl.1: --ipv6 mutexes ipv4 (fixed typo) o curl: enabled Windows VT Support and UTF-8 output o curl: update the documentation of --tlsv1.0 o curl_multi_wait: call getsock before figuring out timeout o curl_ntlm_wb: check aprintf() return codes o curl_threads: fix classic MinGW compile break o darwinssl: Fix realloc memleak o darwinssl: more specific and unified error codes o data-binary.d: clarify default content-type is x-www-form-urlencoded o docs/BUG-BOUNTY: explain the bounty program o docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers o docs/CIPHERS: fix the TLS 1.3 cipher names o docs/CIPHERS: mention the colon separation for OpenSSL o docs/examples: URL updates o docs: add "see also" links for SSL options o example/asiohiper: insert warning comment about its status o example/htmltidy: fix include paths of tidy libraries o examples/Makefile.m32: sync with core o examples/http2-pushinmemory: receive HTTP/2 pushed files in memory o examples/parseurl.c: show off the URL API o examples: Fix memory leaks from realloc errors o examples: do not wait when no transfers are running o ftp: include command in Curl_ftpsend sendbuffer o gskit: make sure to terminate version string o gtls: Values stored to but never read o hostip: fix check on Curl_shuffle_addr return value o http2: fix memory leaks on error-path o http: fix memleak in rewind error path o krb5: fix memory leak in krb_auth o ldap: show precise LDAP call in error message on Windows o lib: fix gcc8 warning on Windows o memory: add missing curl_printf header o memory: ensure to check allocation results o multi: Fix error handling in the SENDPROTOCONNECT state o multi: fix memory leak in content encoding related error path o multi: make the closure handle "inherit" CURLOPT_NOSIGNAL o netrc: free temporary strings if memory allocation fails o nss: fix nssckbi module loading on Windows o nss: try to connect even if libnssckbi.so fails to load o ntlm_wb: Fix memory leaks in ntlm_wb_response o ntlm_wb: bail out if the response gets overly large o openssl: assume engine support in 0.9.8 or later o openssl: enable TLS 1.3 post-handshake auth o openssl: fix gcc8 warning o openssl: load built-in engines too o openssl: make 'done' a proper boolean o openssl: output the correct cipher list on TLS 1.3 error o openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer o openssl: show "proper" version number for libressl builds o pipelining: deprecated o rand: add comment to skip a clang-tidy false positive o rtmp: fix for compiling with lwIP o runtests: ignore disabled even when ranges are given o runtests: skip ld_preload tests on macOS o runtests: use Windows paths for Windows curl o schannel: unified error code handling o sendf: Fix whitespace in infof/failf concatenation o ssh: free the session on init failures o ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code o system.h: use proper setting with Sun C++ as well o test1299: use single quotes around asterisk o test1452: mark as flaky o test1651: unit test Curl_extract_certinfo() o test320: strip out more HTML when comparing o tests/negtelnetserver.py: fix Python2-ism in neg TELNET server o tests: add unit tests for url.c o timeval: fix use of weak symbol clock_gettime() on Apple platforms o tool_cb_hdr: handle failure of rename() o travis: add a "make tidy" build that runs clang-tidy o travis: add build for "configure --disable-verbose" o travis: bump the Secure Transport build to use xcode o travis: make distcheck scan for BOM markers o unit1300: fix stack-use-after-scope AddressSanitizer warning o urldata: Fix "connecting" comment o urlglob: improve error message on bad globs o vtls: fix ssl version "or later" behavior change for many backends o x509asn1: Fix SAN IP address verification o x509asn1: always check return code from getASN1Element() o x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert o x509asn1: suppress left shift on signed value
Pullup ticket #5825 - requested by wiz
www/curl: security update
Revisions pulled up:
- www/curl/Makefile 1.201
- www/curl/distinfo 1.146
- www/curl/patches/patch-src_tool__cb__hdr.c deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Wed Sep 5 06:49:26 UTC 2018
Modified Files:
pkgsrc/www/curl: Makefile distinfo
Removed Files:
pkgsrc/www/curl/patches: patch-src_tool__cb__hdr.c
Log Message:
curl: update to 7.61.1.
This release includes the following bugfixes:
o security advisory (CVE-2018-14618): NTLM password overflow via integer overflow [73]
o CURLINFO_SIZE_UPLOAD: fix missing counter update [46]
o CURLOPT_ACCEPT_ENCODING.3: list them comma-separated
o CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse [72]
o Curl_getoff_all_pipelines: improved for multiplexed [3]
o DEPRECATE: remove release date from 7.62.0
o HTTP: Don't attempt to needlessly decompress redirect body [30]
o INTERNALS: require GnuTLS >= 2.11.3 [62]
o README.md: add LGTM.com code quality grade for C/C++ [42]
o SSLCERTS: improve the openssl command line
o Silence GCC 8 cast-function-type warnings [47]
o ares: check for NULL in completed-callback [3]
o asyn-thread: Remove unused macro [40]
o auth: only pick CURLAUTH_BEARER if we *have* a Bearer token [15]
o auth: pick Bearer authentication whenever a token is available [15]
o cmake: CMake config files are defining CURL_STATICLIB for static builds [54]
o cmake: Respect BUILD_SHARED_LIBS [35]
o cmake: Update scripts to use consistent style [9]
o cmake: bumped minimum version to 3.4 [34]
o cmake: link curl to the OpenSSL targets instead of lib absolute paths [34]
o configure: conditionally enable pedantic-errors [64]
o configure: fix for -lpthread detection with OpenSSL and pkg-config [38]
o conn: remove the boolean 'inuse' field [3]
o content_encoding: accept up to 4 unknown trailer bytes after raw deflate data [5]
o cookie tests: treat files as text
o cookies: support creation-time attribute for cookies [75]
o curl: Fix segfault when -H @headerfile is empty [23]
o curl: add http code 408 to transient list for --retry [78]
o curl: fix time-of-check, time-of-use race in dir creation [71]
o curl: use Content-Disposition before the "URL end" for -OJ [29]
o curl: warn the user if a given file name looks like an option [56]
o curl_threads: silence bad-function-cast warning [69]
o darwinssl: add support for ALPN negotiation [7]
o docs/CURLOPT_URL: fix indentation [20]
o docs/CURLOPT_WRITEFUNCTION: size is always 1 [19]
o docs/SECURITY-PROCESS: mention bounty, drop pre-notify
o docs/examples: add hiperfifo example using linux epoll/timerfd [21]
o docs: add disallow-username-in-url.d and haproxy-protocol.d to dist [50]
o docs: clarify NO_PROXY env variable functionality [70]
o docs: improved the manual pages of some callbacks [48]
o docs: mention NULL is fine input to several functions [43]
o formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT [40]
o gopher: Do not translate `?' to `%09' [67]
o header output: switch off all styles, not just unbold [8]
o hostip: fix unused variable warning
o http2: Use correct format identifier for stream_id [77]
o http2: abort the send_callback if not setup yet [63]
o http2: avoid set_stream_user_data() before stream is assigned [61]
o http2: check nghttp2_session_set_stream_user_data return code [55]
o http2: clear the drain counter in Curl_http2_done [27]
o http2: make sure to send after RST_STREAM [58]
o http2: separate easy handle from connections better [12]
o http: fix for tiny "HTTP/0.9" response [51]
o http_proxy: Remove unused macro SELECT_TIMEOUT [40]
o lib/Makefile: only do symbol hiding if told to [32]
o lib1502: fix memory leak in torture test [44]
o lib1522: fix curl_easy_setopt argument type
o libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation [66]
o mime: check Curl_rand_hex's return code [22]
o multi: always do the COMPLETED procedure/state [3]
o openssl: assume engine support in 1.0.0 or later [2]
o openssl: fix debug messages [39]
o projects: Improve Windows perl detection in batch scripts [49]
o retry: return error if rewind was necessary but didn't happen [28]
o reuse_conn(): memory leak - free old_conn->options [17]
o schannel: client certificate store opening fix [68]
o schannel: enable CALG_TLS1PRF for w32api >= 5.1
o schannel: fix MinGW compile break [1]
o sftp: don't send post-qoute sequence when retrying a connection [79]
o smb: fix memory leak on early failure [26]
o smb: fix memory-leak in URL parse error path [4]
o smb_getsock: always wait for write socket too [11]
o ssh-libssh: fix infinite connect loop on invalid private key [53]
o ssh-libssh: reduce excessive verbose output about pubkey auth [53]
o ssh-libssh: use FALLTHROUGH to silence gcc8 [76]
o ssl: set engine implicitly when a PKCS#11 URI is provided [36]
o sws: handle EINTR when calling select() [24]
o system_win32: fix version checking [16]
o telnet: Remove unused macros TELOPTS and TELCMDS [40]
o test1143: disable MSYS2's POSIX path conversion [10]
o test1148: disable if decimal separator is not point [65]
o test1307: (fnmatch testing) disabled [31]
o test1422: add required file feature [6]
o test1531: Add timeout [41]
o test1540: Remove unused macro TEST_HANG_TIMEOUT [40]
o test214: disable MSYS2's POSIX path conversion for URL
o test320: treat curl320.out file as binary [14]
o tests/http_pipe.py: Use /usr/bin/env to find python
o tests: Don't use Windows path %PWD for SSH tests [74]
o tests: fixes for Windows line endlings [13]
o tool_operate: Fix setting proxy TLS 1.3 ciphers
o travis: build darwinssl on macos 10.12 to fix linker errors [33]
o travis: execute "set -eo pipefail" for coverage build [45]
o travis: run a 'make checksrc' too [25]
o travis: update to GCC-8 [52]
o travis: verify that man pages can be regenerated [50]
o upload: allocate upload buffer on-demand [60]
o upload: change default UPLOAD_BUFSIZE to 64KB [60]
o urldata: remove unused pipe_broke struct field [57]
o vtls: reinstantiate engine on duplicated handles [59]
o windows: implement send buffer tuning [37]
o wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random [18]
To generate a diff of this commit:
cvs rdiff -u -r1.200 -r1.201 pkgsrc/www/curl/Makefile
cvs rdiff -u -r1.145 -r1.146 pkgsrc/www/curl/distinfo
cvs rdiff -u -r1.1 -r0 pkgsrc/www/curl/patches/patch-src_tool__cb__hdr.c
curl: update to 7.61.1. This release includes the following bugfixes: o security advisory (CVE-2018-14618): NTLM password overflow via integer overflow [73] o CURLINFO_SIZE_UPLOAD: fix missing counter update [46] o CURLOPT_ACCEPT_ENCODING.3: list them comma-separated o CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse [72] o Curl_getoff_all_pipelines: improved for multiplexed [3] o DEPRECATE: remove release date from 7.62.0 o HTTP: Don't attempt to needlessly decompress redirect body [30] o INTERNALS: require GnuTLS >= 2.11.3 [62] o README.md: add LGTM.com code quality grade for C/C++ [42] o SSLCERTS: improve the openssl command line o Silence GCC 8 cast-function-type warnings [47] o ares: check for NULL in completed-callback [3] o asyn-thread: Remove unused macro [40] o auth: only pick CURLAUTH_BEARER if we *have* a Bearer token [15] o auth: pick Bearer authentication whenever a token is available [15] o cmake: CMake config files are defining CURL_STATICLIB for static builds [54] o cmake: Respect BUILD_SHARED_LIBS [35] o cmake: Update scripts to use consistent style [9] o cmake: bumped minimum version to 3.4 [34] o cmake: link curl to the OpenSSL targets instead of lib absolute paths [34] o configure: conditionally enable pedantic-errors [64] o configure: fix for -lpthread detection with OpenSSL and pkg-config [38] o conn: remove the boolean 'inuse' field [3] o content_encoding: accept up to 4 unknown trailer bytes after raw deflate data [5] o cookie tests: treat files as text o cookies: support creation-time attribute for cookies [75] o curl: Fix segfault when -H @headerfile is empty [23] o curl: add http code 408 to transient list for --retry [78] o curl: fix time-of-check, time-of-use race in dir creation [71] o curl: use Content-Disposition before the "URL end" for -OJ [29] o curl: warn the user if a given file name looks like an option [56] o curl_threads: silence bad-function-cast warning [69] o darwinssl: add support for ALPN negotiation [7] o docs/CURLOPT_URL: fix indentation [20] o docs/CURLOPT_WRITEFUNCTION: size is always 1 [19] o docs/SECURITY-PROCESS: mention bounty, drop pre-notify o docs/examples: add hiperfifo example using linux epoll/timerfd [21] o docs: add disallow-username-in-url.d and haproxy-protocol.d to dist [50] o docs: clarify NO_PROXY env variable functionality [70] o docs: improved the manual pages of some callbacks [48] o docs: mention NULL is fine input to several functions [43] o formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT [40] o gopher: Do not translate `?' to `%09' [67] o header output: switch off all styles, not just unbold [8] o hostip: fix unused variable warning o http2: Use correct format identifier for stream_id [77] o http2: abort the send_callback if not setup yet [63] o http2: avoid set_stream_user_data() before stream is assigned [61] o http2: check nghttp2_session_set_stream_user_data return code [55] o http2: clear the drain counter in Curl_http2_done [27] o http2: make sure to send after RST_STREAM [58] o http2: separate easy handle from connections better [12] o http: fix for tiny "HTTP/0.9" response [51] o http_proxy: Remove unused macro SELECT_TIMEOUT [40] o lib/Makefile: only do symbol hiding if told to [32] o lib1502: fix memory leak in torture test [44] o lib1522: fix curl_easy_setopt argument type o libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation [66] o mime: check Curl_rand_hex's return code [22] o multi: always do the COMPLETED procedure/state [3] o openssl: assume engine support in 1.0.0 or later [2] o openssl: fix debug messages [39] o projects: Improve Windows perl detection in batch scripts [49] o retry: return error if rewind was necessary but didn't happen [28] o reuse_conn(): memory leak - free old_conn->options [17] o schannel: client certificate store opening fix [68] o schannel: enable CALG_TLS1PRF for w32api >= 5.1 o schannel: fix MinGW compile break [1] o sftp: don't send post-qoute sequence when retrying a connection [79] o smb: fix memory leak on early failure [26] o smb: fix memory-leak in URL parse error path [4] o smb_getsock: always wait for write socket too [11] o ssh-libssh: fix infinite connect loop on invalid private key [53] o ssh-libssh: reduce excessive verbose output about pubkey auth [53] o ssh-libssh: use FALLTHROUGH to silence gcc8 [76] o ssl: set engine implicitly when a PKCS#11 URI is provided [36] o sws: handle EINTR when calling select() [24] o system_win32: fix version checking [16] o telnet: Remove unused macros TELOPTS and TELCMDS [40] o test1143: disable MSYS2's POSIX path conversion [10] o test1148: disable if decimal separator is not point [65] o test1307: (fnmatch testing) disabled [31] o test1422: add required file feature [6] o test1531: Add timeout [41] o test1540: Remove unused macro TEST_HANG_TIMEOUT [40] o test214: disable MSYS2's POSIX path conversion for URL o test320: treat curl320.out file as binary [14] o tests/http_pipe.py: Use /usr/bin/env to find python o tests: Don't use Windows path %PWD for SSH tests [74] o tests: fixes for Windows line endlings [13] o tool_operate: Fix setting proxy TLS 1.3 ciphers o travis: build darwinssl on macos 10.12 to fix linker errors [33] o travis: execute "set -eo pipefail" for coverage build [45] o travis: run a 'make checksrc' too [25] o travis: update to GCC-8 [52] o travis: verify that man pages can be regenerated [50] o upload: allocate upload buffer on-demand [60] o upload: change default UPLOAD_BUFSIZE to 64KB [60] o urldata: remove unused pipe_broke struct field [57] o vtls: reinstantiate engine on duplicated handles [59] o windows: implement send buffer tuning [37] o wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random [18]
Recursive bump for perl5-5.28.0
revbump after boost-libs update
curl: fix a regression with -O -J in 7.61.0 using upstream patch. Bump PKGREVISION.
Pullup ticket #5784 - requested by bsiegert
www/curl: security update
Revisions pulled up:
- www/curl/Makefile 1.197
- www/curl/PLIST 1.70
- www/curl/distinfo 1.144
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Wed Jul 11 18:13:26 UTC 2018
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
Log Message:
curl: updated to 7.61.0
Curl and libcurl 7.61.0
This release includes the following changes:
* getinfo: add microsecond precise timers for seven intervals
* curl: show headers in bold, switch off with --no-styled-output
* httpauth: add support for Bearer tokens
* Add CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS
* curl: --tls13-ciphers and --proxy-tls13-ciphers
* Add CURLOPT_DISALLOW_USERNAME_IN_URL
* curl: --disallow-username-in-url
This release includes the following bugfixes:
* CVE-2018-0500: smtp: fix SMTP send buffer overflow
* schannel: disable client cert option if APIs not available
* schannel: disable manual verify if APIs not available
* tests/libtest/Makefile: Do not unconditionally add gcc-specific flags
* openssl: acknowledge --tls-max for default version too
* stub_gssapi: fix 'unused parameter' warnings
* examples/progressfunc: make it build on both new and old libcurls
* docs: mention it is HA Proxy protocol "version 1"
* curl_fnmatch: only allow two asterisks for matching
* docs: clarify CURLOPT_HTTPGET
* configure: replace a AC_TRY_RUN with CURL_RUN_IFELSE
* configure: do compile-time SIZEOF checks instead of run-time
* checksrc: make sure sizeof() is used *with* parentheses
* CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit
* schannel: make CAinfo parsing resilient to CR/LF
* tftp: make sure error is zero terminated before printfing it
* http resume: skip body if http code 416 (range error) is ignored
* configure: add basic test of --with-ssl prefix
* cmake: set -d postfix for debug builds
* multi: provide a socket to wait for in Curl_protocol_getsock
* content_encoding: handle zlib versions too old for Z_BLOCK
* winbuild: only delete OUTFILE if it exists
* winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST
* schannel: add failf calls for client certificate failures
* cmake: Fix the test for fsetxattr and strerror_r
* curl.1: Fix cmdline-opts reference errors
* cmdline-opts/gen.pl: warn if mutexes: or see-also: list non-existing options
* cmake: check for getpwuid_r
* configure: fix ssh2 linking when built with a static mbedtls
* psl: use latest psl and refresh it periodically
* fnmatch: insist on escaped bracket to match
* KNOWN_BUGS: restore text regarding 2101
* INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib
* configure: override AR_FLAGS to silence warning
* os400: implement mime api EBCDIC wrappers
* curl.rc: embed manifest for correct Windows version detection
* strictness: correct {infof, failf} format specifiers
* tests: update .gitignore for libtests
* configure: check for declaration of getpwuid_r
* fnmatch: use the system one if available
* CURLOPT_RESOLVE: always purge old entry first
* multi: remove a potentially bad DEBUGF()
* curl_addrinfo: use same #ifdef conditions in source as header
* build: remove the Borland specific makefiles
* axTLS: not considered fit for use
* cmdline-opts/cert-type.d: mention "p12" as a recognized type
* system.h: add support for IBM xlc C compiler
* tests/libtest: Add lib1521 to nodist_SOURCES
* mk-ca-bundle.pl: leave certificate name untouched
* boringssl + schannel: undef X509_NAME in lib/schannel.h
* openssl: assume engine support in 1.0.1 or later
* cppcheck: fix warnings
* test 46: make test pass after year 2025
* schannel: support selecting ciphers
* Curl_debug: remove dead printhost code
* test 1455: unflakified
* Curl_init_do: handle NULL connection pointer passed in
* progress: remove a set of unused defines
* mk-ca-bundle.pl: make -u delete certdata.txt if found not changed
* GOVERNANCE.md: explains how this project is run
* configure: use pkg-config for c-ares detection
* configure: enhance ability to build with static openssl
* maketgz: fix sed issues on OSX
* multi: fix memory leak when stopped during name resolve
* CURLOPT_INTERFACE.3: interface names not supported on Windows
* url: fix dangling conn->data pointer
* cmake: allow multiple SSL backends
* system.h: fix for gcc on 32 bit OpenServer
* ConnectionExists: make sure conn->data is set when "taking" a connection
* multi: fix crash due to dangling entry in connect-pending list
* CURLOPT_SSL_VERIFYPEER.3: Add performance note
* netrc: use a larger buffer to support longer passwords
* url: check Curl_conncache_add_conn return code
* configure: Add dependent libraries after crypto
* easy_perform: faster local name resolves by using *multi_timeout()
* getnameinfo: not used, removed all configure checks
* travis: add a build using the synchronous name resolver
* CURLINFO_TLS_SSL_PTR.3: improve the example
* openssl: allow TLS 1.3 by default
* openssl: make the requested TLS version the *minimum* wanted
* openssl: Remove some dead code
* telnet: fix clang warnings
* DEPRECATE: new doc describing planned item removals
* example/crawler.c: simple crawler based on libxml2
* libssh: goto DISCONNECT state on error, not SESSION_FREE
* CMake: Remove unused functions
* darwinssl: allow High Sierra users to build the code using GCC
* scripts: include _curl as part of CLEANFILES
* examples: fix -Wformat warnings
* curl_setup: include <winerror.h> before <windows.h>
* schannel: make more cipher options conditional
* CMake: remove redundant and old end-of-block syntax
* post303.d: clarify that this is an RFC violation
To generate a diff of this commit:
cvs rdiff -u -r1.196 -r1.197 pkgsrc/www/curl/Makefile
cvs rdiff -u -r1.69 -r1.70 pkgsrc/www/curl/PLIST
cvs rdiff -u -r1.143 -r1.144 pkgsrc/www/curl/distinfo
curl: updated to 7.61.0
Curl and libcurl 7.61.0
This release includes the following changes:
* getinfo: add microsecond precise timers for seven intervals
* curl: show headers in bold, switch off with --no-styled-output
* httpauth: add support for Bearer tokens
* Add CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS
* curl: --tls13-ciphers and --proxy-tls13-ciphers
* Add CURLOPT_DISALLOW_USERNAME_IN_URL
* curl: --disallow-username-in-url
This release includes the following bugfixes:
* CVE-2018-0500: smtp: fix SMTP send buffer overflow
* schannel: disable client cert option if APIs not available
* schannel: disable manual verify if APIs not available
* tests/libtest/Makefile: Do not unconditionally add gcc-specific flags
* openssl: acknowledge --tls-max for default version too
* stub_gssapi: fix 'unused parameter' warnings
* examples/progressfunc: make it build on both new and old libcurls
* docs: mention it is HA Proxy protocol "version 1"
* curl_fnmatch: only allow two asterisks for matching
* docs: clarify CURLOPT_HTTPGET
* configure: replace a AC_TRY_RUN with CURL_RUN_IFELSE
* configure: do compile-time SIZEOF checks instead of run-time
* checksrc: make sure sizeof() is used *with* parentheses
* CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit
* schannel: make CAinfo parsing resilient to CR/LF
* tftp: make sure error is zero terminated before printfing it
* http resume: skip body if http code 416 (range error) is ignored
* configure: add basic test of --with-ssl prefix
* cmake: set -d postfix for debug builds
* multi: provide a socket to wait for in Curl_protocol_getsock
* content_encoding: handle zlib versions too old for Z_BLOCK
* winbuild: only delete OUTFILE if it exists
* winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST
* schannel: add failf calls for client certificate failures
* cmake: Fix the test for fsetxattr and strerror_r
* curl.1: Fix cmdline-opts reference errors
* cmdline-opts/gen.pl: warn if mutexes: or see-also: list non-existing options
* cmake: check for getpwuid_r
* configure: fix ssh2 linking when built with a static mbedtls
* psl: use latest psl and refresh it periodically
* fnmatch: insist on escaped bracket to match
* KNOWN_BUGS: restore text regarding 2101
* INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib
* configure: override AR_FLAGS to silence warning
* os400: implement mime api EBCDIC wrappers
* curl.rc: embed manifest for correct Windows version detection
* strictness: correct {infof, failf} format specifiers
* tests: update .gitignore for libtests
* configure: check for declaration of getpwuid_r
* fnmatch: use the system one if available
* CURLOPT_RESOLVE: always purge old entry first
* multi: remove a potentially bad DEBUGF()
* curl_addrinfo: use same #ifdef conditions in source as header
* build: remove the Borland specific makefiles
* axTLS: not considered fit for use
* cmdline-opts/cert-type.d: mention "p12" as a recognized type
* system.h: add support for IBM xlc C compiler
* tests/libtest: Add lib1521 to nodist_SOURCES
* mk-ca-bundle.pl: leave certificate name untouched
* boringssl + schannel: undef X509_NAME in lib/schannel.h
* openssl: assume engine support in 1.0.1 or later
* cppcheck: fix warnings
* test 46: make test pass after year 2025
* schannel: support selecting ciphers
* Curl_debug: remove dead printhost code
* test 1455: unflakified
* Curl_init_do: handle NULL connection pointer passed in
* progress: remove a set of unused defines
* mk-ca-bundle.pl: make -u delete certdata.txt if found not changed
* GOVERNANCE.md: explains how this project is run
* configure: use pkg-config for c-ares detection
* configure: enhance ability to build with static openssl
* maketgz: fix sed issues on OSX
* multi: fix memory leak when stopped during name resolve
* CURLOPT_INTERFACE.3: interface names not supported on Windows
* url: fix dangling conn->data pointer
* cmake: allow multiple SSL backends
* system.h: fix for gcc on 32 bit OpenServer
* ConnectionExists: make sure conn->data is set when "taking" a connection
* multi: fix crash due to dangling entry in connect-pending list
* CURLOPT_SSL_VERIFYPEER.3: Add performance note
* netrc: use a larger buffer to support longer passwords
* url: check Curl_conncache_add_conn return code
* configure: Add dependent libraries after crypto
* easy_perform: faster local name resolves by using *multi_timeout()
* getnameinfo: not used, removed all configure checks
* travis: add a build using the synchronous name resolver
* CURLINFO_TLS_SSL_PTR.3: improve the example
* openssl: allow TLS 1.3 by default
* openssl: make the requested TLS version the *minimum* wanted
* openssl: Remove some dead code
* telnet: fix clang warnings
* DEPRECATE: new doc describing planned item removals
* example/crawler.c: simple crawler based on libxml2
* libssh: goto DISCONNECT state on error, not SESSION_FREE
* CMake: Remove unused functions
* darwinssl: allow High Sierra users to build the code using GCC
* scripts: include _curl as part of CLEANFILES
* examples: fix -Wformat warnings
* curl_setup: include <winerror.h> before <windows.h>
* schannel: make more cipher options conditional
* CMake: remove redundant and old end-of-block syntax
* post303.d: clarify that this is an RFC violation
Pullup ticket #5757 - requested by bsiegert
www/curl: security update
Revisions pulled up:
- www/curl/Makefile 1.196
- www/curl/PLIST 1.69
- www/curl/distinfo 1.143
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: leot
Date: Thu May 17 09:59:40 UTC 2018
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
Log Message:
curl: Update www/curl to 7.60.0
Changes:
7.60.0
------
This release includes the following changes:
o Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol
o Add --haproxy-protocol for the command line tool
o Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses
This release includes the following bugfixes:
o FTP: shutdown response buffer overflow CVE-2018-1000300
o RTSP: bad headers buffer over-read CVE-2018-1000301
o FTP: fix typo in recursive callback detection for seeking
o test1208: marked flaky
o HTTP: make header-less responses still count correct body size
o user-agent.d:: mention --proxy-header as well
o http2: fixes typo
o cleanup: misc typos in strings and comments
o rate-limit: use three second window to better handle high speeds
o examples/hiperfifo.c: improved
o pause: when changing pause state, update socket state
o multi: improved pending transfers handling => improved performance
o curl_version_info.3: fix ssl_version description
o add_handle/easy_perform: clear errorbuffer on start if set
o darwinssl: fix iOS build
o cmake: add support for brotli
o parsedate: support UT timezone
o vauth/ntlm.h: fix the #ifdef header guard
o lib/curl_path.h: added #ifdef header guard
o vauth/cleartext: fix integer overflow check
o CURLINFO_COOKIELIST.3: made the example not leak memory
o cookie.d: mention that "-" as filename means stdin
o CURLINFO_SSL_VERIFYRESULT.3: fixed the example
o http2: read pending frames (including GOAWAY) in connection-check
o timeval: remove compilation warning by casting
o cmake: avoid warn-as-error during config checks
o travis-ci: enable -Werror for CMake builds
o openldap: fix for NULL return from ldap_get_attribute_ber()
o threaded resolver: track resolver time and set suitable timeout values
o cmake: Add advapi32 as explicit link library for win32
o docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T
o test1148: set a fixed locale for the test
o cookies: when reading from a file, only remove_expired once
o cookie: store cookies per top-level-domain-specific hash table
o openssl: fix build with LibreSSL 2.7
o tls: fix mbedTLS 2.7.0 build + handle sha256 failures
o openssl: RESTORED verify locations when verifypeer==0
o file: restore old behavior for file:////foo/bar URLs
o FTP: allow PASV on IPv6 connections when a proxy is being used
o build-openssl.bat: allow custom paths for VS and perl
o winbuild: make the clean target work without build-type
o build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15
o curl: retry on FTP 4xx, ignore other protocols
o configure: detect (and use) sa_family_t
o examples/sftpuploadresume: Fix Windows large file seek
o build: cleanup to fix clang warnings/errors
o winbuild: updated the documentation
o lib: silence null-dereference warnings
o travis: bump to clang 6 and gcc 7
o travis: build libpsl and make builds use it
o proxy: show getenv proxy use in verbose output
o duphandle: make sure CURLOPT_RESOLVE is duplicated
o all: Refactor malloc+memset to use calloc
o checksrc: Fix typo
o system.h: Add sparcv8plus to oracle/sunpro 32-bit detection
o vauth: Fix typo
o ssh: show libSSH2 error code when closing fails
o test1148: tolerate progress updates better
o urldata: make service names unconditional
o configure: keep LD_LIBRARY_PATH changes local
o ntlm_sspi: fix authentication using Credential Manager
o schannel: add client certificate authentication
o winbuild: Support custom devel paths for each dependency
o schannel: add support for CURLOPT_CAINFO
o http2: handle on_begin_headers() called more than once
o openssl: support OpenSSL 1.1.1 verbose-mode trace messages
o openssl: fix subjectAltName check on non-ASCII platforms
o http2: avoid strstr() on data not zero terminated
o http2: clear the "drain counter" when a stream is closed
o http2: handle GOAWAY properly
o tool_help: clarify --max-time unit of time is seconds
o curl.1: clarify that options and URLs can be mixed
o http2: convert an assert to run-time check
o curl_global_sslset: always provide available backends
o ftplistparser: keep state between invokes
o Curl_memchr: zero length input can't match
o examples/sftpuploadresume: typecast fseek argument to long
o examples/http2-upload: expand buffer to avoid silly warning
o ctype: restore character classification for non-ASCII platforms
o mime: avoid NULL pointer dereference risk
o cookies: ensure that we have cookies before writing jar
o os400.c: fix checksrc warnings
o configure: provide --with-wolfssl as an alias for --with-cyassl
o cyassl: adapt to libraries without TLS 1.0 support built-in
o http2: get rid of another strstr
o checksrc: force indentation of lines after an else
o cookies: remove unused macro
o CURLINFO_PROTOCOL.3: mention the existing defined names
o tests: provide 'manual' as a feature to optionally require
o travis: enable libssh2 on both macos and Linux
o CURLOPT_URL.3: added ENCODING section
o wolfssl: Fix non-blocking connect
o vtls: don't define MD5_DIGEST_LENGTH for wolfssl
o docs: remove extraneous commas in man pages
o URL: fix ASCII dependency in strcpy_url and strlen_url
o ssh-libssh.c: fix left shift compiler warning
o configure: only check for CA bundle for file-using SSL backends
o travis: add an mbedtls build
o http: don't set the "rewind" flag when not uploading anything
o configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h
o transfer: don't unset writesockfd on setup of multiplexed conns
o vtls: use unified "supports" bitfield member in backends
o URLs: fix one more http url
o travis: add a build using WolfSSL
o openssl: change FILE ops to BIO ops
o travis: add build using NSS
o smb: reject negative file sizes
o cookies: accept parameter names as cookie name
o http2: getsock fix for uploads
o all over: fixed format specifiers
o http2: use the correct function pointer typedef
This release would not have looked like this without help, code, reports and
advice from friends like these:
Adam Brown, Alex Baines, Anders Bakken, Anders Roxell, anshnd on github,
Bas van Schaik, Bernard Spil, Chris Araman, Christian Schmitz, Cyril B,
Dagobert Michelsen, Dan Fandrich, Daniel Gustafsson, Daniel Stenberg,
Dan McNulty, Dario Weisser, dasimx on github, David Garske, David L.,
Denis Ollier, Dmitry Mikhirev, Dongliang Mu, Don J Olmstead, Eric
Gallager,
Ernst Sjöstrand, Frank Gevaerts, Gaurav Malhotra, Geeknik Labs, Howard
Chu,
iz8mbw on github, Jakub Wilk, Jon DeVree, Kees Dekker, Kobi Gurkan,
Laurie Clark-Michalek, Lauri Kasanen, Lawrence Matthews, Luz Paz,
Marcel Raad, Max Dymond, Michael Kaufmann, Michael Kilburn,
Michał Janiszewski, Michal Trybus, Muz Dima, Nikos Tsipinakis, Ori
Avtalion,
Oumph on github, patelvivekv1993 on github, Patrick Monnerat,
Philip Prindeville, Ray Satiro, Rick Deist, Rikard Falkeborn, Sergei
Nikulov,
Stefan Agner, steini2000 on github, Stephan Mühlstrasser, Sunny Purushe,
Terry Wu, Vincas Razma, wncboy on github, Wyatt O'Day, 刘佩东,
(64 contributors)
Thanks! (and sorry if I forgot to mention someone)
To generate a diff of this commit:
cvs rdiff -u -r1.195 -r1.196 pkgsrc/www/curl/Makefile
cvs rdiff -u -r1.68 -r1.69 pkgsrc/www/curl/PLIST
cvs rdiff -u -r1.142 -r1.143 pkgsrc/www/curl/distinfo
curl: Update www/curl to 7.60.0
Changes:
7.60.0
------
This release includes the following changes:
o Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol
o Add --haproxy-protocol for the command line tool
o Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses
This release includes the following bugfixes:
o FTP: shutdown response buffer overflow CVE-2018-1000300
o RTSP: bad headers buffer over-read CVE-2018-1000301
o FTP: fix typo in recursive callback detection for seeking
o test1208: marked flaky
o HTTP: make header-less responses still count correct body size
o user-agent.d:: mention --proxy-header as well
o http2: fixes typo
o cleanup: misc typos in strings and comments
o rate-limit: use three second window to better handle high speeds
o examples/hiperfifo.c: improved
o pause: when changing pause state, update socket state
o multi: improved pending transfers handling => improved performance
o curl_version_info.3: fix ssl_version description
o add_handle/easy_perform: clear errorbuffer on start if set
o darwinssl: fix iOS build
o cmake: add support for brotli
o parsedate: support UT timezone
o vauth/ntlm.h: fix the #ifdef header guard
o lib/curl_path.h: added #ifdef header guard
o vauth/cleartext: fix integer overflow check
o CURLINFO_COOKIELIST.3: made the example not leak memory
o cookie.d: mention that "-" as filename means stdin
o CURLINFO_SSL_VERIFYRESULT.3: fixed the example
o http2: read pending frames (including GOAWAY) in connection-check
o timeval: remove compilation warning by casting
o cmake: avoid warn-as-error during config checks
o travis-ci: enable -Werror for CMake builds
o openldap: fix for NULL return from ldap_get_attribute_ber()
o threaded resolver: track resolver time and set suitable timeout values
o cmake: Add advapi32 as explicit link library for win32
o docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T
o test1148: set a fixed locale for the test
o cookies: when reading from a file, only remove_expired once
o cookie: store cookies per top-level-domain-specific hash table
o openssl: fix build with LibreSSL 2.7
o tls: fix mbedTLS 2.7.0 build + handle sha256 failures
o openssl: RESTORED verify locations when verifypeer==0
o file: restore old behavior for file:////foo/bar URLs
o FTP: allow PASV on IPv6 connections when a proxy is being used
o build-openssl.bat: allow custom paths for VS and perl
o winbuild: make the clean target work without build-type
o build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15
o curl: retry on FTP 4xx, ignore other protocols
o configure: detect (and use) sa_family_t
o examples/sftpuploadresume: Fix Windows large file seek
o build: cleanup to fix clang warnings/errors
o winbuild: updated the documentation
o lib: silence null-dereference warnings
o travis: bump to clang 6 and gcc 7
o travis: build libpsl and make builds use it
o proxy: show getenv proxy use in verbose output
o duphandle: make sure CURLOPT_RESOLVE is duplicated
o all: Refactor malloc+memset to use calloc
o checksrc: Fix typo
o system.h: Add sparcv8plus to oracle/sunpro 32-bit detection
o vauth: Fix typo
o ssh: show libSSH2 error code when closing fails
o test1148: tolerate progress updates better
o urldata: make service names unconditional
o configure: keep LD_LIBRARY_PATH changes local
o ntlm_sspi: fix authentication using Credential Manager
o schannel: add client certificate authentication
o winbuild: Support custom devel paths for each dependency
o schannel: add support for CURLOPT_CAINFO
o http2: handle on_begin_headers() called more than once
o openssl: support OpenSSL 1.1.1 verbose-mode trace messages
o openssl: fix subjectAltName check on non-ASCII platforms
o http2: avoid strstr() on data not zero terminated
o http2: clear the "drain counter" when a stream is closed
o http2: handle GOAWAY properly
o tool_help: clarify --max-time unit of time is seconds
o curl.1: clarify that options and URLs can be mixed
o http2: convert an assert to run-time check
o curl_global_sslset: always provide available backends
o ftplistparser: keep state between invokes
o Curl_memchr: zero length input can't match
o examples/sftpuploadresume: typecast fseek argument to long
o examples/http2-upload: expand buffer to avoid silly warning
o ctype: restore character classification for non-ASCII platforms
o mime: avoid NULL pointer dereference risk
o cookies: ensure that we have cookies before writing jar
o os400.c: fix checksrc warnings
o configure: provide --with-wolfssl as an alias for --with-cyassl
o cyassl: adapt to libraries without TLS 1.0 support built-in
o http2: get rid of another strstr
o checksrc: force indentation of lines after an else
o cookies: remove unused macro
o CURLINFO_PROTOCOL.3: mention the existing defined names
o tests: provide 'manual' as a feature to optionally require
o travis: enable libssh2 on both macos and Linux
o CURLOPT_URL.3: added ENCODING section
o wolfssl: Fix non-blocking connect
o vtls: don't define MD5_DIGEST_LENGTH for wolfssl
o docs: remove extraneous commas in man pages
o URL: fix ASCII dependency in strcpy_url and strlen_url
o ssh-libssh.c: fix left shift compiler warning
o configure: only check for CA bundle for file-using SSL backends
o travis: add an mbedtls build
o http: don't set the "rewind" flag when not uploading anything
o configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h
o transfer: don't unset writesockfd on setup of multiplexed conns
o vtls: use unified "supports" bitfield member in backends
o URLs: fix one more http url
o travis: add a build using WolfSSL
o openssl: change FILE ops to BIO ops
o travis: add build using NSS
o smb: reject negative file sizes
o cookies: accept parameter names as cookie name
o http2: getsock fix for uploads
o all over: fixed format specifiers
o http2: use the correct function pointer typedef
This release would not have looked like this without help, code, reports and
advice from friends like these:
Adam Brown, Alex Baines, Anders Bakken, Anders Roxell, anshnd on github,
Bas van Schaik, Bernard Spil, Chris Araman, Christian Schmitz, Cyril B,
Dagobert Michelsen, Dan Fandrich, Daniel Gustafsson, Daniel Stenberg,
Dan McNulty, Dario Weisser, dasimx on github, David Garske, David L.,
Denis Ollier, Dmitry Mikhirev, Dongliang Mu, Don J Olmstead, Eric Gallager,
Ernst Sjöstrand, Frank Gevaerts, Gaurav Malhotra, Geeknik Labs, Howard Chu,
iz8mbw on github, Jakub Wilk, Jon DeVree, Kees Dekker, Kobi Gurkan,
Laurie Clark-Michalek, Lauri Kasanen, Lawrence Matthews, Luz Paz,
Marcel Raad, Max Dymond, Michael Kaufmann, Michael Kilburn,
Michał Janiszewski, Michal Trybus, Muz Dima, Nikos Tsipinakis, Ori Avtalion,
Oumph on github, patelvivekv1993 on github, Patrick Monnerat,
Philip Prindeville, Ray Satiro, Rick Deist, Rikard Falkeborn, Sergei Nikulov,
Stefan Agner, steini2000 on github, Stephan Mühlstrasser, Sunny Purushe,
Terry Wu, Vincas Razma, wncboy on github, Wyatt O'Day, 刘佩东,
(64 contributors)
Thanks! (and sorry if I forgot to mention someone)
revbump for boost-libs update
Pullup ticket #5721 - requested by maya
www/curl: security update
Revisions pulled up:
- www/curl/Makefile 1.194
- www/curl/PLIST 1.68
- www/curl/distinfo 1.142
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Wed Mar 14 07:44:24 UTC 2018
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
Log Message:
curl: update to 7.59.0.
Curl and libcurl 7.59.0
This release includes the following changes:
o curl: add --proxy-pinnedpubkey [10]
o added: CURLOPT_TIMEVALUE_LARGE and CURLINFO_FILETIME_T [13]
o CURLOPT_RESOLVE: Add support for multiple IP addresses per entry [37]
o Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS [37]
o Add new tool option --happy-eyeballs-timeout-ms [37]
o Add CURLOPT_RESOLVER_START_FUNCTION and CURLOPT_RESOLVER_START_DATA [39]
This release includes the following bugfixes:
o openldap: check ldap_get_attribute_ber() results for NULL before using [50]
o FTP: reject path components with control codes [51]
o readwrite: make sure excess reads don't go beyond buffer end [52]
o lib555: drop text conversion and encode data as ascii codes [1]
o lib517: make variable static to avoid compiler warning
o lib544: sync ascii code data with textual data [1]
o GSKit: restore pinnedpubkey functionality [2]
o darwinssl: Don't import client certificates into Keychain on macOS [3]
o parsedate: fix date parsing for systems with 32 bit long [4]
o openssl: fix pinned public key build error in FIPS mode [5]
o SChannel/WinSSL: Implement public key pinning [6]
o cookies: remove verbose "cookie size:" output
o progress-bar: don't use stderr explicitly, use bar->out [7]
o Fixes for MSDOS
o build: open VC15 projects with VS 2017
o curl_ctype: private is*() type macros and functions [8]
o configure: set PATH_SEPARATOR to colon for PATH w/o separator [9]
o winbuild: make linker generate proper PDB [11]
o curl_easy_reset: clear digest auth state [12]
o curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6 [14]
o range: commonize FTP and FILE range handling [15]
o progress-bar docs: update to match implementation [16]
o fnmatch: do not match the empty string with a character set
o fnmatch: accept an alphanum to be followed by a non-alphanum in char set [17]
o build: fix termios issue on android cross-compile [18]
o getdate: return -1 for out of range [19]
o formdata: use the mime-content type function [20]
o time-cond: fix reading the file modification time on Windows [21]
o build-openssl.bat: Extend VC15 support to include Enterprise and Professional
o build-wolfssl.bat: Extend VC15 support to include Enterprise and Professional
o openssl: Don't add verify locations when verifypeer=0
o fnmatch: optimize processing of consecutive *s and ?s pattern characters [22]
o schannel: fix compiler warnings [23]
o content_encoding: Add "none" alias to "identity" [24]
o get_posix_time: only check for overflows if they can happen
o http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING [25]
o README: language fix [26]
o sha256: build with OpenSSL < 0.9.8 [27]
o smtp: fix processing of initial dot in data [28]
o --tlsauthtype: works only if libcurl is built with TLS-SRP support [29]
o tests: new tests for http raw mode [30]
o libcurl-security.3: man page discussion security concerns when using libcurl
o curl_gssapi: make sure this file too uses our *printf()
o BINDINGS: fix curb link (and remove ruby-curl-multi)
o nss: use PK11_CreateManagedGenericObject() if available [31]
o travis: add build with iconv enabled [32]
o ssh: add two missing state names [33]
o CURLOPT_HEADERFUNCTION.3: mention folded headers
o http: fix the max header length detection logic [34]
o header callback: don't chop headers into smaller pieces [35]
o CURLOPT_HEADER.3: clarify problems with different data sizes
o curl --version: show PSL if the run-time lib has it enabled
o examples/sftpuploadresume: resume upload via CURLOPT_APPEND [36]
o Return error if called recursively from within callbacks [38]
o sasl: prefer PLAIN mechanism over LOGIN
o winbuild: Use CALL to run batch scripts [40]
o curl_share_setopt.3: connection cache is shared within multi handles
o winbuild: Use macros for the names of some build utilities [41]
o projects/README: remove reference to dead IDN link/package [42]
o lib655: silence compiler warning [43]
o configure: Fix version check for OpenSSL 1.1.1
o docs/MANUAL: formfind.pl is not accessible on the site anymore [44]
o unit1309: fix warning on Windows x64 [45]
o unit1307: proper cleanup on OOM to fix torture tests
o curl_ctype: fix macro redefinition warnings
o build: get CFLAGS (including -werror) used for examples and tests [46]
o NO_PROXY: fix for IPv6 numericals in the URL [47]
o krb5: use nondeprecated functions [48]
o winbuild: prefer documented zlib library names [49]
o http2: mark the connection for close on GOAWAY [53]
o limit-rate: kick in even before "limit" data has been received [54]
o HTTP: allow "header;" to replace an internal header with a blank one [55]
o http2: verbose output new MAX_CONCURRENT_STREAMS values
o SECURITY: distros' max embargo time is 14 days
o curl tool: accept --compressed also if Brotli is enabled and zlib is not
o WolfSSL: adding TLSv1.3 [56]
o checksrc.pl: add -i and -m options
o CURLOPT_COOKIEFILE.3: "-" as file name means stdin
To generate a diff of this commit:
cvs rdiff -u -r1.193 -r1.194 pkgsrc/www/curl/Makefile
cvs rdiff -u -r1.67 -r1.68 pkgsrc/www/curl/PLIST
cvs rdiff -u -r1.141 -r1.142 pkgsrc/www/curl/distinfo
curl: update to 7.59.0. Curl and libcurl 7.59.0 This release includes the following changes: o curl: add --proxy-pinnedpubkey [10] o added: CURLOPT_TIMEVALUE_LARGE and CURLINFO_FILETIME_T [13] o CURLOPT_RESOLVE: Add support for multiple IP addresses per entry [37] o Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS [37] o Add new tool option --happy-eyeballs-timeout-ms [37] o Add CURLOPT_RESOLVER_START_FUNCTION and CURLOPT_RESOLVER_START_DATA [39] This release includes the following bugfixes: o openldap: check ldap_get_attribute_ber() results for NULL before using [50] o FTP: reject path components with control codes [51] o readwrite: make sure excess reads don't go beyond buffer end [52] o lib555: drop text conversion and encode data as ascii codes [1] o lib517: make variable static to avoid compiler warning o lib544: sync ascii code data with textual data [1] o GSKit: restore pinnedpubkey functionality [2] o darwinssl: Don't import client certificates into Keychain on macOS [3] o parsedate: fix date parsing for systems with 32 bit long [4] o openssl: fix pinned public key build error in FIPS mode [5] o SChannel/WinSSL: Implement public key pinning [6] o cookies: remove verbose "cookie size:" output o progress-bar: don't use stderr explicitly, use bar->out [7] o Fixes for MSDOS o build: open VC15 projects with VS 2017 o curl_ctype: private is*() type macros and functions [8] o configure: set PATH_SEPARATOR to colon for PATH w/o separator [9] o winbuild: make linker generate proper PDB [11] o curl_easy_reset: clear digest auth state [12] o curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6 [14] o range: commonize FTP and FILE range handling [15] o progress-bar docs: update to match implementation [16] o fnmatch: do not match the empty string with a character set o fnmatch: accept an alphanum to be followed by a non-alphanum in char set [17] o build: fix termios issue on android cross-compile [18] o getdate: return -1 for out of range [19] o formdata: use the mime-content type function [20] o time-cond: fix reading the file modification time on Windows [21] o build-openssl.bat: Extend VC15 support to include Enterprise and Professional o build-wolfssl.bat: Extend VC15 support to include Enterprise and Professional o openssl: Don't add verify locations when verifypeer==0 o fnmatch: optimize processing of consecutive *s and ?s pattern characters [22] o schannel: fix compiler warnings [23] o content_encoding: Add "none" alias to "identity" [24] o get_posix_time: only check for overflows if they can happen o http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING [25] o README: language fix [26] o sha256: build with OpenSSL < 0.9.8 [27] o smtp: fix processing of initial dot in data [28] o --tlsauthtype: works only if libcurl is built with TLS-SRP support [29] o tests: new tests for http raw mode [30] o libcurl-security.3: man page discussion security concerns when using libcurl o curl_gssapi: make sure this file too uses our *printf() o BINDINGS: fix curb link (and remove ruby-curl-multi) o nss: use PK11_CreateManagedGenericObject() if available [31] o travis: add build with iconv enabled [32] o ssh: add two missing state names [33] o CURLOPT_HEADERFUNCTION.3: mention folded headers o http: fix the max header length detection logic [34] o header callback: don't chop headers into smaller pieces [35] o CURLOPT_HEADER.3: clarify problems with different data sizes o curl --version: show PSL if the run-time lib has it enabled o examples/sftpuploadresume: resume upload via CURLOPT_APPEND [36] o Return error if called recursively from within callbacks [38] o sasl: prefer PLAIN mechanism over LOGIN o winbuild: Use CALL to run batch scripts [40] o curl_share_setopt.3: connection cache is shared within multi handles o winbuild: Use macros for the names of some build utilities [41] o projects/README: remove reference to dead IDN link/package [42] o lib655: silence compiler warning [43] o configure: Fix version check for OpenSSL 1.1.1 o docs/MANUAL: formfind.pl is not accessible on the site anymore [44] o unit1309: fix warning on Windows x64 [45] o unit1307: proper cleanup on OOM to fix torture tests o curl_ctype: fix macro redefinition warnings o build: get CFLAGS (including -werror) used for examples and tests [46] o NO_PROXY: fix for IPv6 numericals in the URL [47] o krb5: use nondeprecated functions [48] o winbuild: prefer documented zlib library names [49] o http2: mark the connection for close on GOAWAY [53] o limit-rate: kick in even before "limit" data has been received [54] o HTTP: allow "header;" to replace an internal header with a blank one [55] o http2: verbose output new MAX_CONCURRENT_STREAMS values o SECURITY: distros' max embargo time is 14 days o curl tool: accept --compressed also if Brotli is enabled and zlib is not o WolfSSL: adding TLSv1.3 [56] o checksrc.pl: add -i and -m options o CURLOPT_COOKIEFILE.3: "-" as file name means stdin
Pullup ticket #5689 - requested by wiz
www/curl: security fix
Revisions pulled up:
- www/curl/Makefile 1.192
- www/curl/PLIST 1.67
- www/curl/distinfo 1.141
- www/curl/patches/patch-curl-config.in 1.8
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Jan 24 07:57:19 UTC 2018
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
pkgsrc/www/curl/patches: patch-curl-config.in
Log Message:
curl: update to 7.58.0.
This release includes the following changes:
o new libssh-powered SSH SCP/SFTP back-end
o curl-config: add --ssl-backends [10]
This release includes the following bugfixes:
o http2: fix incorrect trailer buffer size [40]
o http: prevent custom Authorization headers in redirects [55]
o travis: add boringssl build [1]
o examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL [2]
o SSL: Avoid magic allocation of SSL backend specific data [3]
o lib: don't export all symbols, just everything curl_* [4]
o libssh2: send the correct CURLE error code on scp file not found
o libssh2: return CURLE_UPLOAD_FAILED on failure to upload
o openssl: enable pkcs12 in boringssl builds [5]
o libssh2: remove dead code from SSH_SFTP_QUOTE [6]
o sasl_getmesssage: make sure we have a long enough string to pass [7]
o conncache: fix several lock issues [8]
o threaded-shared-conn.c: new example
o conncache: only allow multiplexing within same multi handle [9]
o configure: check for netinet/in6.h [11]
o URL: tolerate backslash after drive letter for FILE: [12]
o openldap: add commented out debug possibilities [13]
o include: get netinet/in.h before linux/tcp.h [14]
o CONNECT: keep close connection flag in http_connect_state struct [15]
o BINDINGS: another PostgreSQL client
o curl: limit -# update frequency for unknown total size [16]
o configure: add AX_CODE_COVERAGE only if using gcc [17]
o curl.h: remove incorrect comment about ERRORBUFFER
o openssl: improve data-pending check for https proxy [18]
o curl: remove __EMX__ #ifdefs [19]
o CURLOPT_PRIVATE.3: fix grammar [20]
o sftp: allow quoted commands to use relative paths [21]
o CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE
o RESOLVE: output verbose text when trying to set a duplicate name
o openssl: Disable file buffering for Win32 SSLKEYLOGFILE [22]
o multi_done: prune DNS cache [23]
o tests: update .gitignore for libtests
o tests: mark data files as non-executable in git
o CURLOPT_DNS_LOCAL_IP4.3: fixed the "SEE ALSO" to not self-reference
o curl.1: documented two missing valid exit codes
o curl.1: mention http:// and https:// as valid proxy prefixes
o vtls: replaced getenv() with curl_getenv() [24]
o setopt: less *or equal* than INT_MAX/1000 should be fine [25]
o examples/smtp-mail.c: use separate defines for options and mail
o curl: support >256 bytes warning messsages [26]
o conncache: fix a return code
o krb5: fix a potential access of uninitialized memory
o rand: add a clang-analyzer work-around
o CURLOPT_READFUNCTION.3: refer to argument with correct name [27]
o brotli: allow compiling with version 0.6.0
o content_encoding: rework zlib_inflate [28]
o curl_easy_reset: release mime-related data [29]
o examples/rtsp: fix error handling macros [30]
o build-openssl.bat: Added support for VC15
o build-wolfssl.bat: Added support for VC15
o build: Added Visual Studio 2017 project files
o winbuild: Added support for VC15
o curl: Support size modifiers for --max-filesize [32]
o examples/cacertinmem: ignore cert-already-exists error [33]
o brotli: data at the end of content can be lost [34]
o curl_version_info.3: call the argument 'age' [35]
o openssl: fix memory leak of SSLKEYLOGFILE filename
o build: remove HAVE_LIMITS_H check [36]
o --mail-rcpt: fix short-text description
o scripts: allow all perl scripts to be run directly [37]
o progress: calculate transfer speed on milliseconds if possible [38]
o system.h: check __LONG_MAX__ for defining curl_off_t [31]
o easy: fix connection ownership in curl_easy_pause [39]
o setopt: reintroduce non-static Curl_vsetopt() for OS400 support [41]
o setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values [42]
o configure.ac: append extra linker flags instead of prepending them [43]
o HTTP: bail out on negative Content-Length: values [44]
o docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata
o mime: clone mime tree upon easy handle duplication [45]
o openssl: enable SSLKEYLOGFILE support by default [46]
o smtp/pop3/imap_get_message: decrease the data length too... [47]
o CURLOPT_TCP_NODELAY.3: fix typo [48]
o SMB: fix numeric constant suffix and variable types [49]
o ftp-wildcard: fix matching an empty string with "*[^a]" [50]
o curl_fnmatch: only allow 5 '*' sections in a single pattern
o openssl: fix potential memory leak in SSLKEYLOGFILE logic
o SSH: Fix state machine for ssh-agent authentication [51]
o examples/url2file.c: add missing curl_global_cleanup() call [52]
o http2: don't close connection when single transfer is stopped [53]
o libcurl-env.3: first version
o curl: progress bar refresh, get width using ioctl() [54]
o CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support [56]
curl: Delete if-def block regarding TEST_TARGET and test dependencies Define TEST_TARGET unconditionally and do not add `perl' to USE_TOOLS, `perl' is already needed as tool.
curl: update to 7.58.0. This release includes the following changes: o new libssh-powered SSH SCP/SFTP back-end o curl-config: add --ssl-backends [10] This release includes the following bugfixes: o http2: fix incorrect trailer buffer size [40] o http: prevent custom Authorization headers in redirects [55] o travis: add boringssl build [1] o examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL [2] o SSL: Avoid magic allocation of SSL backend specific data [3] o lib: don't export all symbols, just everything curl_* [4] o libssh2: send the correct CURLE error code on scp file not found o libssh2: return CURLE_UPLOAD_FAILED on failure to upload o openssl: enable pkcs12 in boringssl builds [5] o libssh2: remove dead code from SSH_SFTP_QUOTE [6] o sasl_getmesssage: make sure we have a long enough string to pass [7] o conncache: fix several lock issues [8] o threaded-shared-conn.c: new example o conncache: only allow multiplexing within same multi handle [9] o configure: check for netinet/in6.h [11] o URL: tolerate backslash after drive letter for FILE: [12] o openldap: add commented out debug possibilities [13] o include: get netinet/in.h before linux/tcp.h [14] o CONNECT: keep close connection flag in http_connect_state struct [15] o BINDINGS: another PostgreSQL client o curl: limit -# update frequency for unknown total size [16] o configure: add AX_CODE_COVERAGE only if using gcc [17] o curl.h: remove incorrect comment about ERRORBUFFER o openssl: improve data-pending check for https proxy [18] o curl: remove __EMX__ #ifdefs [19] o CURLOPT_PRIVATE.3: fix grammar [20] o sftp: allow quoted commands to use relative paths [21] o CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE o RESOLVE: output verbose text when trying to set a duplicate name o openssl: Disable file buffering for Win32 SSLKEYLOGFILE [22] o multi_done: prune DNS cache [23] o tests: update .gitignore for libtests o tests: mark data files as non-executable in git o CURLOPT_DNS_LOCAL_IP4.3: fixed the "SEE ALSO" to not self-reference o curl.1: documented two missing valid exit codes o curl.1: mention http:// and https:// as valid proxy prefixes o vtls: replaced getenv() with curl_getenv() [24] o setopt: less *or equal* than INT_MAX/1000 should be fine [25] o examples/smtp-mail.c: use separate defines for options and mail o curl: support >256 bytes warning messsages [26] o conncache: fix a return code o krb5: fix a potential access of uninitialized memory o rand: add a clang-analyzer work-around o CURLOPT_READFUNCTION.3: refer to argument with correct name [27] o brotli: allow compiling with version 0.6.0 o content_encoding: rework zlib_inflate [28] o curl_easy_reset: release mime-related data [29] o examples/rtsp: fix error handling macros [30] o build-openssl.bat: Added support for VC15 o build-wolfssl.bat: Added support for VC15 o build: Added Visual Studio 2017 project files o winbuild: Added support for VC15 o curl: Support size modifiers for --max-filesize [32] o examples/cacertinmem: ignore cert-already-exists error [33] o brotli: data at the end of content can be lost [34] o curl_version_info.3: call the argument 'age' [35] o openssl: fix memory leak of SSLKEYLOGFILE filename o build: remove HAVE_LIMITS_H check [36] o --mail-rcpt: fix short-text description o scripts: allow all perl scripts to be run directly [37] o progress: calculate transfer speed on milliseconds if possible [38] o system.h: check __LONG_MAX__ for defining curl_off_t [31] o easy: fix connection ownership in curl_easy_pause [39] o setopt: reintroduce non-static Curl_vsetopt() for OS400 support [41] o setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values [42] o configure.ac: append extra linker flags instead of prepending them [43] o HTTP: bail out on negative Content-Length: values [44] o docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata o mime: clone mime tree upon easy handle duplication [45] o openssl: enable SSLKEYLOGFILE support by default [46] o smtp/pop3/imap_get_message: decrease the data length too... [47] o CURLOPT_TCP_NODELAY.3: fix typo [48] o SMB: fix numeric constant suffix and variable types [49] o ftp-wildcard: fix matching an empty string with "*[^a]" [50] o curl_fnmatch: only allow 5 '*' sections in a single pattern o openssl: fix potential memory leak in SSLKEYLOGFILE logic o SSH: Fix state machine for ssh-agent authentication [51] o examples/url2file.c: add missing curl_global_cleanup() call [52] o http2: don't close connection when single transfer is stopped [53] o libcurl-env.3: first version o curl: progress bar refresh, get width using ioctl() [54] o CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support [56]
Revbump after boost update
Pullup ticket #5657 - requested by he
www/curl: security update
Revisions pulled up:
- www/curl/Makefile 1.190
- www/curl/distinfo 1.140,1.139
- www/curl/patches/patch-configure 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Wed Nov 29 13:56:28 UTC 2017
Modified Files:
pkgsrc/www/curl: Makefile distinfo
Log Message:
curl: update to 7.57.0.
Curl and libcurl 7.57.0
o auth: add support for RFC7616 - HTTP Digest access authentication [12]
o share: add support for sharing the connection cache [31]
o HTTP: implement Brotli content encoding [28]
This release includes the following bugfixes:
o CVE-2017-8816: NTLM buffer overflow via integer overflow [47]
o CVE-2017-8817: FTP wildcard out of bounds read [48]
o CVE-2017-8818: SSL out of buffer access [49]
o curl_mime_filedata.3: fix typos [1]
o libtest: Add required test libraries for lib1552 and lib1553 [2]
o fix time diffs for systems using unsigned time_t [3]
o ftplistparser: memory leak fix: free temporary memory always [4]
o multi: allow table handle sizes to be overridden [5]
o wildcards: don't use with non-supported protocols [6]
o curl_fnmatch: return error on illegal wildcard pattern [7]
o transfer: Fix chunked-encoding upload too early exit [8]
o curl_setup: Improve detection of CURL_WINDOWS_APP [9]
o resolvers: only include anything if needed [10]
o setopt: fix CURLOPT_SSH_AUTH_TYPES option read
o appveyor: add a win32 build
o Curl_timeleft: change return type to timediff_t [11]
o cmake: Export libcurl and curl targets to use by other cmake projects [13]
o curl: in -F option arg, comma is a delimiter for files only [14]
o curl: improved ";type=" handling in -F option arguments
o timeval: use mach_absolute_time() on MacOS [15]
o curlx: the timeval functions are no longer provided as curlx_* [16]
o mkhelp.pl: do not generate comment with current date [17]
o memdebug: use send/recv signature for curl_dosend/curl_dorecv [18]
o cookie: avoid NULL dereference [19]
o url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 [20]
o include: remove conncache.h inclusion from where its not needed
o CURLOPT_MAXREDIRS: allow -1 as a value [21]
o tests: Fixed torture tests on tests 556 and 650
o http2: Fixed OOM handling in upgrade request
o url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
o CURLOPT_INFILESIZE: accept -1 [22]
o curl: pass through [] in URLs instead of calling globbing error [23]
o curl: speed up handling of many URLs [24]
o ntlm: avoid malloc(0) for zero length passwords [25]
o url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES [26]
o HTTP: support multiple Content-Encodings [27]
o travis: add a job with brotli enabled
o url: remove unncessary NULL-check
o fnmatch: remove dead code
o connect: store IPv6 connection status after valid connection [29]
o imap: deal with commands case insensitively [30]
o --interface: add support for Linux VRF [32]
o content_encoding: fix inflate_stream for no bytes available [33]
o cmake: Correctly include curl.rc in Windows builds [34]
o cmake: Add missing setmode check [35]
o connect.c: remove executable bit on file [36]
o SMB: fix uninitialized local variable
o zlib/brotli: only include header files in modules needing them [37]
o URL: return error on malformed URLs with junk after IPv6 bracket [38]
o openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY [39]
o macOS: Fix missing connectx function with Xcode version older than 9.0 [40]
o --resolve: allow IP address within [] brackets [41]
o examples/curlx: Fix code style [42]
o ntlm: remove unnecessary NULL-check to please scan-build [43]
o Curl_llist_remove: fix potential NULL pointer deref [43]
o mime: fix "Value stored to 'sz' is never read" scan-build error [43]
o openssl: fix "Value stored to 'rc' is never read" scan-build error [43]
o http2: fix "Value stored to 'hdbuf' is never read" scan-build error [43]
o http2: fix "Value stored to 'end' is never read" scan-build error [43]
o Curl_open: fix OOM return error correctly [43]
o url: reject ASCII control characters and space in host names [44]
o examples/rtsp: clear RANGE again after use [45]
o connect: improve the bind error message [46]
o make: fix "make distclean" [50]
o connect: add support for new TCP Fast Open API on Linux [51]
o metalink: fix memory-leak and NULL pointer dereference [52]
o URL: update "file:" URL handling [53]
o ssh: remove check for a NULL pointer [54]
o global_init: ignore CURL_GLOBAL_SSL's absense [55]
To generate a diff of this commit:
cvs rdiff -u -r1.189 -r1.190 pkgsrc/www/curl/Makefile
cvs rdiff -u -r1.139 -r1.140 pkgsrc/www/curl/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: jperkin
Date: Fri Nov 3 09:40:37 UTC 2017
Modified Files:
pkgsrc/www/curl: distinfo
pkgsrc/www/curl/patches: patch-configure
Log Message:
curl: Don't strip out user-supplied debug flags.
To generate a diff of this commit:
cvs rdiff -u -r1.138 -r1.139 pkgsrc/www/curl/distinfo
cvs rdiff -u -r1.2 -r1.3 pkgsrc/www/curl/patches/patch-configure
curl: update to 7.57.0. Curl and libcurl 7.57.0 o auth: add support for RFC7616 - HTTP Digest access authentication [12] o share: add support for sharing the connection cache [31] o HTTP: implement Brotli content encoding [28] This release includes the following bugfixes: o CVE-2017-8816: NTLM buffer overflow via integer overflow [47] o CVE-2017-8817: FTP wildcard out of bounds read [48] o CVE-2017-8818: SSL out of buffer access [49] o curl_mime_filedata.3: fix typos [1] o libtest: Add required test libraries for lib1552 and lib1553 [2] o fix time diffs for systems using unsigned time_t [3] o ftplistparser: memory leak fix: free temporary memory always [4] o multi: allow table handle sizes to be overridden [5] o wildcards: don't use with non-supported protocols [6] o curl_fnmatch: return error on illegal wildcard pattern [7] o transfer: Fix chunked-encoding upload too early exit [8] o curl_setup: Improve detection of CURL_WINDOWS_APP [9] o resolvers: only include anything if needed [10] o setopt: fix CURLOPT_SSH_AUTH_TYPES option read o appveyor: add a win32 build o Curl_timeleft: change return type to timediff_t [11] o cmake: Export libcurl and curl targets to use by other cmake projects [13] o curl: in -F option arg, comma is a delimiter for files only [14] o curl: improved ";type=" handling in -F option arguments o timeval: use mach_absolute_time() on MacOS [15] o curlx: the timeval functions are no longer provided as curlx_* [16] o mkhelp.pl: do not generate comment with current date [17] o memdebug: use send/recv signature for curl_dosend/curl_dorecv [18] o cookie: avoid NULL dereference [19] o url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 [20] o include: remove conncache.h inclusion from where its not needed o CURLOPT_MAXREDIRS: allow -1 as a value [21] o tests: Fixed torture tests on tests 556 and 650 o http2: Fixed OOM handling in upgrade request o url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1 o CURLOPT_INFILESIZE: accept -1 [22] o curl: pass through [] in URLs instead of calling globbing error [23] o curl: speed up handling of many URLs [24] o ntlm: avoid malloc(0) for zero length passwords [25] o url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES [26] o HTTP: support multiple Content-Encodings [27] o travis: add a job with brotli enabled o url: remove unncessary NULL-check o fnmatch: remove dead code o connect: store IPv6 connection status after valid connection [29] o imap: deal with commands case insensitively [30] o --interface: add support for Linux VRF [32] o content_encoding: fix inflate_stream for no bytes available [33] o cmake: Correctly include curl.rc in Windows builds [34] o cmake: Add missing setmode check [35] o connect.c: remove executable bit on file [36] o SMB: fix uninitialized local variable o zlib/brotli: only include header files in modules needing them [37] o URL: return error on malformed URLs with junk after IPv6 bracket [38] o openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY [39] o macOS: Fix missing connectx function with Xcode version older than 9.0 [40] o --resolve: allow IP address within [] brackets [41] o examples/curlx: Fix code style [42] o ntlm: remove unnecessary NULL-check to please scan-build [43] o Curl_llist_remove: fix potential NULL pointer deref [43] o mime: fix "Value stored to 'sz' is never read" scan-build error [43] o openssl: fix "Value stored to 'rc' is never read" scan-build error [43] o http2: fix "Value stored to 'hdbuf' is never read" scan-build error [43] o http2: fix "Value stored to 'end' is never read" scan-build error [43] o Curl_open: fix OOM return error correctly [43] o url: reject ASCII control characters and space in host names [44] o examples/rtsp: clear RANGE again after use [45] o connect: improve the bind error message [46] o make: fix "make distclean" [50] o connect: add support for new TCP Fast Open API on Linux [51] o metalink: fix memory-leak and NULL pointer dereference [52] o URL: update "file:" URL handling [53] o ssh: remove check for a NULL pointer [54] o global_init: ignore CURL_GLOBAL_SSL's absense [55]
Pullup ticket #5641 - requested by he
www/curl: security update
Revisions pulled up:
- www/curl/Makefile 1.188-1.189
- www/curl/PLIST 1.66
- www/curl/distinfo 1.137-1.138
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Wed Oct 4 06:32:58 UTC 2017
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
Log Message:
curl: update to 7.56.0.
Curl and libcurl 7.56.0
This release includes the following changes:
o curl: enable compression for SCP/SFTP with --compressed-ssh [11]
o libcurl: enable compression for SCP/SFTP with CURLOPT_SSH_COMPRESSION [11]
o vtls: added dynamic changing SSL backend with curl_global_sslset() [28]
o new MIME API, curl_mime_init() and friends [32]
o openssl: initial SSLKEYLOGFILE implementation [36]
This release includes the following bugfixes:
o FTP: zero terminate the entry path even on bad input [67]
o examples/ftpuploadresume.c: use portable code
o runtests: match keywords case insensitively
o travis: build the examples too [1]
o strtoofft: reduce integer overflow risks globally [2]
o zsh.pl: produce a working completion script again [3]
o cmake: remove dead code for CURL_DISABLE_RTMP [4]
o progress: Track total times following redirects [5]
o configure: fix --disable-threaded-resolver [6]
o cmake: remove dead code for DISABLED_THREADSAFE [7]
o configure: fix clang version detection
o darwinssi: fix error: variable length array used
o travis: add metalink to some osx builds [8]
o configure: check for __builtin_available() availability [9]
o http_proxy: fix build error for CURL_DOES_CONVERSIONS [10]
o examples/ftpuploadresume: checksrc compliance
o ftp: fix CWD when doing multicwd then nocwd on same connection [12]
o system.h: remove all CURL_SIZEOF_* defines [13]
o http: Don't wait on CONNECT when there is no proxy [14]
o system.h: check for __ppc__ as well [15]
o http2_recv: return error better on fatal h2 errors [16]
o scripts/contri*sh: use "git log --use-mailmap"
o tftp: fix memory leak on too long filename [17]
o system.h: fix build for hppa [18]
o cmake: enable picky compiler options with clang and gcc [19]
o makefile.m32: add support for libidn2 [20]
o curl: turn off MinGW CRT's globbing [21]
o request-target.d: mention added in 7.55.0
o curl: shorten and clean up CA cert verification error message [22]
o imap: support PREAUTH [23]
o CURLOPT_USERPWD.3: see also CURLOPT_PROXYUSERPWD
o examples/threaded-ssl: mention that this is for openssl before 1.1
o winbuild: fix embedded manifest option [24]
o tests: Make sure libtests & unittests call curl_global_cleanup()
o system.h: include sys/poll.h for AIX [25]
o darwinssl: handle long strings in TLS certs [26]
o strtooff: fix build for systems with long long but no strtoll [27]
o asyn-thread: Improved cleanup after OOM situations
o HELP-US.md: "How to get started helping out in the curl project" [29]
o curl.h: CURLSSLBACKEND_WOLFSSL used wrong value [30]
o unit1301: fix error message on first test
o ossfuzz: moving towards the ideal integration [31]
o http: fix a memory leakage in checkrtspprefix()
o examples/post-callback: stop returning one byte at a time
o schannel: return CURLE_SSL_CACERT on failed verification [33]
o MAIL-ETIQUETTE: added "1.9 Your emails are public"
o http-proxy: treat all 2xx as CONNECT success [34]
o openssl: use OpenSSL's default ciphers by default [35]
o runtests.pl: support attribute "nonewline" in part verify/upload
o configure: remove --enable-soname-bump and SONAME_BUMP [37]
o travis: add c-ares enabled builds linux + osx [38]
o vtls: fix WolfSSL 3.12 build problems [39]
o http-proxy: when not doing CONNECT, that phase is done immediately [40]
o configure: fix curl_off_t check's include order [41]
o configure: use -Wno-varargs on clang 3.9[.X] debug builds
o rtsp: do not call fwrite() with NULL pointer FILE * [42]
o mbedtls: enable CA path processing [43]
o travis: add build without HTTP/SMTP/IMAP
o checksrc: verify more code style rules [44]
o HTTP proxy: on connection re-use, still use the new remote port [45]
o tests: add initial gssapi test using stub implementation [46]
o rtsp: Segfault when using WRITEDATA [47]
o docs: clarify the CURLOPT_INTERLEAVE* options behavior
o non-ascii: use iconv() with 'char **' argument [48]
o server/getpart: provide dummy function to build conversion enabled
o conversions: fix several compiler warnings
o openssl: add missing includes [49]
o schannel: Support partial send for when data is too large [50]
o socks: fix incorrect port number in SOCKS4 error message [51]
o curl: fix integer overflow in timeout options [52]
o travis: on mac, don't install openssl or libidn [53]
o cookies: reject oversized cookies instead of truncating [54]
o cookies: use lock when using CURLINFO_COOKIELIST [55]
o curl: check fseek() return code and bail on error
o examples/post-callback: use long for CURLOPT_POSTFIELDSIZE
o openssl: only verify RSA private key if supported [56]
o tests: make the imap server not verify user+password [57]
o imap: quote atoms properly when escaping characters [58]
o tests: fix a compiler warning in test 643
o file_range: avoid integer overflow when figuring out byte range [59]
o curl.h: include <sys/select.h> on cygwin too [60]
o reuse_conn: don't copy flags that are known to be equal [61]
o http: fix adding custom empty headers to repeated requests [62]
o docs: clarify the use of environment variables for proxy [63]
o docs: link CURLOPT_CONNECTTIMEOUT and CURLOPT_CONNECTTIMEOUT_MS [64]
o connect: fix race condition with happy eyeballs timeout [65]
o cookie: fix memory leak if path was set twice in header [66]
o vtls: compare and clone ssl configs properly [68]
o proxy: read the "no_proxy" variable only if necessary [69]
To generate a diff of this commit:
cvs rdiff -u -r1.187 -r1.188 pkgsrc/www/curl/Makefile
cvs rdiff -u -r1.65 -r1.66 pkgsrc/www/curl/PLIST
cvs rdiff -u -r1.136 -r1.137 pkgsrc/www/curl/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Mon Oct 23 06:59:36 UTC 2017
Modified Files:
pkgsrc/www/curl: Makefile distinfo
Log Message:
curl: update to 7.56.1
Curl and libcurl 7.56.1
This release includes the following bugfixes:
o imap: if a FETCH response has no size, don't call write callback
o ftp: UBsan fixup 'pointer index expression overflowed
o failf: skip the sprintf() if there are no consumers
o fuzzer: move to using external curl-fuzzer
o lib/Makefile.m32: allow customizing dll suffixes
o docs: fix typo in curl_mime_data_cb man page
o darwinssl: add support for TLSv1.3
o build: fix --disable-crypto-auth
o lib/config-win32.h: let SMB/SMBS be enabled with OpenSSL/NSS
o openssl: fix build without HAVE_OPAQUE_EVP_PKEY
o strtoofft: Remove extraneous null check
o multi_cleanup: call DONE on handles that never got that
o tests: added flaky keyword to tests 587 and 644
o pingpong: return error when trying to send without connection
o remove_handle: call multi_done() first, then clear dns cache pointer
o mime: be tolerant about setting twice the same header list in a part.
o mime: improve unbinding top multipart from easy handle.
o mime: avoid resetting a part's encoder when part's contents change.
o mime: refuse to add subparts to one of their own descendants
o RTSP: avoid integer overflow on funny RTSP responses
o curl: don't pass semicolons when parsing Content-Disposition
o openssl: enable PKCS12 support for !BoringSSL
o FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION
o CURLOPT_NOPROGRESS.3: also refer to xferinfofunction
o CURLOPT_XFERINFODATA.3: fix duplicate see also
o test298: verify --ftp-method nowcwd with URL encoded path
o FTP: URL decode path for dir listing in nocwd mode
o smtp_done: fix memory leak on send failure
o ftpserver: support case insensitive commands
o test950; verify SMTP with custom request
o openssl: don't use old BORINGSSL_YYYYMM macros
o setopt: update current connection SSL verify params
o winbuild/BUILD.WINDOWS.txt: mention WITH_NGHTTP2
o curl: reimplement stdin buffering in -F option
o mime: keep "text/plain" content type if user-specified
o mime: fix the content reader to handle >16K data properly
o configure: remove the C++ compiler check
o memdebug: trace send, recv and socket
o runtests: use valgrind for torture as well
o ldap: silence clang warning
o makefile.m32: allow to override gcc, ar and ranlib
o setopt: avoid integer overflows when setting millsecond values
o setopt: range check most long options
o ftp: reject illegal IP/port in PASV 227 response
o mime: do not reuse previously computed multipart size
o vtls: change struct Curl_ssl `close' field name to `close_one'
o os400: add missing symbols in config file
o mime: limit bas64-encoded lines length to 76 characters
o mk-ca-bundle: Remove URL for aurora
o mk-ca-bundle: Fix URL for NSS
To generate a diff of this commit:
cvs rdiff -u -r1.188 -r1.189 pkgsrc/www/curl/Makefile
cvs rdiff -u -r1.137 -r1.138 pkgsrc/www/curl/distinfo
curl: update to 7.56.1 Curl and libcurl 7.56.1 This release includes the following bugfixes: o imap: if a FETCH response has no size, don't call write callback o ftp: UBsan fixup 'pointer index expression overflowed o failf: skip the sprintf() if there are no consumers o fuzzer: move to using external curl-fuzzer o lib/Makefile.m32: allow customizing dll suffixes o docs: fix typo in curl_mime_data_cb man page o darwinssl: add support for TLSv1.3 o build: fix --disable-crypto-auth o lib/config-win32.h: let SMB/SMBS be enabled with OpenSSL/NSS o openssl: fix build without HAVE_OPAQUE_EVP_PKEY o strtoofft: Remove extraneous null check o multi_cleanup: call DONE on handles that never got that o tests: added flaky keyword to tests 587 and 644 o pingpong: return error when trying to send without connection o remove_handle: call multi_done() first, then clear dns cache pointer o mime: be tolerant about setting twice the same header list in a part. o mime: improve unbinding top multipart from easy handle. o mime: avoid resetting a part's encoder when part's contents change. o mime: refuse to add subparts to one of their own descendants o RTSP: avoid integer overflow on funny RTSP responses o curl: don't pass semicolons when parsing Content-Disposition o openssl: enable PKCS12 support for !BoringSSL o FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION o CURLOPT_NOPROGRESS.3: also refer to xferinfofunction o CURLOPT_XFERINFODATA.3: fix duplicate see also o test298: verify --ftp-method nowcwd with URL encoded path o FTP: URL decode path for dir listing in nocwd mode o smtp_done: fix memory leak on send failure o ftpserver: support case insensitive commands o test950; verify SMTP with custom request o openssl: don't use old BORINGSSL_YYYYMM macros o setopt: update current connection SSL verify params o winbuild/BUILD.WINDOWS.txt: mention WITH_NGHTTP2 o curl: reimplement stdin buffering in -F option o mime: keep "text/plain" content type if user-specified o mime: fix the content reader to handle >16K data properly o configure: remove the C++ compiler check o memdebug: trace send, recv and socket o runtests: use valgrind for torture as well o ldap: silence clang warning o makefile.m32: allow to override gcc, ar and ranlib o setopt: avoid integer overflows when setting millsecond values o setopt: range check most long options o ftp: reject illegal IP/port in PASV 227 response o mime: do not reuse previously computed multipart size o vtls: change struct Curl_ssl `close' field name to `close_one' o os400: add missing symbols in config file o mime: limit bas64-encoded lines length to 76 characters o mk-ca-bundle: Remove URL for aurora o mk-ca-bundle: Fix URL for NSS
curl: update to 7.56.0. Curl and libcurl 7.56.0 This release includes the following changes: o curl: enable compression for SCP/SFTP with --compressed-ssh [11] o libcurl: enable compression for SCP/SFTP with CURLOPT_SSH_COMPRESSION [11] o vtls: added dynamic changing SSL backend with curl_global_sslset() [28] o new MIME API, curl_mime_init() and friends [32] o openssl: initial SSLKEYLOGFILE implementation [36] This release includes the following bugfixes: o FTP: zero terminate the entry path even on bad input [67] o examples/ftpuploadresume.c: use portable code o runtests: match keywords case insensitively o travis: build the examples too [1] o strtoofft: reduce integer overflow risks globally [2] o zsh.pl: produce a working completion script again [3] o cmake: remove dead code for CURL_DISABLE_RTMP [4] o progress: Track total times following redirects [5] o configure: fix --disable-threaded-resolver [6] o cmake: remove dead code for DISABLED_THREADSAFE [7] o configure: fix clang version detection o darwinssi: fix error: variable length array used o travis: add metalink to some osx builds [8] o configure: check for __builtin_available() availability [9] o http_proxy: fix build error for CURL_DOES_CONVERSIONS [10] o examples/ftpuploadresume: checksrc compliance o ftp: fix CWD when doing multicwd then nocwd on same connection [12] o system.h: remove all CURL_SIZEOF_* defines [13] o http: Don't wait on CONNECT when there is no proxy [14] o system.h: check for __ppc__ as well [15] o http2_recv: return error better on fatal h2 errors [16] o scripts/contri*sh: use "git log --use-mailmap" o tftp: fix memory leak on too long filename [17] o system.h: fix build for hppa [18] o cmake: enable picky compiler options with clang and gcc [19] o makefile.m32: add support for libidn2 [20] o curl: turn off MinGW CRT's globbing [21] o request-target.d: mention added in 7.55.0 o curl: shorten and clean up CA cert verification error message [22] o imap: support PREAUTH [23] o CURLOPT_USERPWD.3: see also CURLOPT_PROXYUSERPWD o examples/threaded-ssl: mention that this is for openssl before 1.1 o winbuild: fix embedded manifest option [24] o tests: Make sure libtests & unittests call curl_global_cleanup() o system.h: include sys/poll.h for AIX [25] o darwinssl: handle long strings in TLS certs [26] o strtooff: fix build for systems with long long but no strtoll [27] o asyn-thread: Improved cleanup after OOM situations o HELP-US.md: "How to get started helping out in the curl project" [29] o curl.h: CURLSSLBACKEND_WOLFSSL used wrong value [30] o unit1301: fix error message on first test o ossfuzz: moving towards the ideal integration [31] o http: fix a memory leakage in checkrtspprefix() o examples/post-callback: stop returning one byte at a time o schannel: return CURLE_SSL_CACERT on failed verification [33] o MAIL-ETIQUETTE: added "1.9 Your emails are public" o http-proxy: treat all 2xx as CONNECT success [34] o openssl: use OpenSSL's default ciphers by default [35] o runtests.pl: support attribute "nonewline" in part verify/upload o configure: remove --enable-soname-bump and SONAME_BUMP [37] o travis: add c-ares enabled builds linux + osx [38] o vtls: fix WolfSSL 3.12 build problems [39] o http-proxy: when not doing CONNECT, that phase is done immediately [40] o configure: fix curl_off_t check's include order [41] o configure: use -Wno-varargs on clang 3.9[.X] debug builds o rtsp: do not call fwrite() with NULL pointer FILE * [42] o mbedtls: enable CA path processing [43] o travis: add build without HTTP/SMTP/IMAP o checksrc: verify more code style rules [44] o HTTP proxy: on connection re-use, still use the new remote port [45] o tests: add initial gssapi test using stub implementation [46] o rtsp: Segfault when using WRITEDATA [47] o docs: clarify the CURLOPT_INTERLEAVE* options behavior o non-ascii: use iconv() with 'char **' argument [48] o server/getpart: provide dummy function to build conversion enabled o conversions: fix several compiler warnings o openssl: add missing includes [49] o schannel: Support partial send for when data is too large [50] o socks: fix incorrect port number in SOCKS4 error message [51] o curl: fix integer overflow in timeout options [52] o travis: on mac, don't install openssl or libidn [53] o cookies: reject oversized cookies instead of truncating [54] o cookies: use lock when using CURLINFO_COOKIELIST [55] o curl: check fseek() return code and bail on error o examples/post-callback: use long for CURLOPT_POSTFIELDSIZE o openssl: only verify RSA private key if supported [56] o tests: make the imap server not verify user+password [57] o imap: quote atoms properly when escaping characters [58] o tests: fix a compiler warning in test 643 o file_range: avoid integer overflow when figuring out byte range [59] o curl.h: include <sys/select.h> on cygwin too [60] o reuse_conn: don't copy flags that are known to be equal [61] o http: fix adding custom empty headers to repeated requests [62] o docs: clarify the use of environment variables for proxy [63] o docs: link CURLOPT_CONNECTTIMEOUT and CURLOPT_CONNECTTIMEOUT_MS [64] o connect: fix race condition with happy eyeballs timeout [65] o cookie: fix memory leak if path was set twice in header [66] o vtls: compare and clone ssl configs properly [68] o proxy: read the "no_proxy" variable only if necessary [69]
Remove superfluous automake dependency (after update). Fixes PR 52513 by David H. Gutteridge.
Revbump for boost update
Requires devel/gettext-lib
Curl and libcurl 7.55.1 This release includes the following bugfixes: o build: fix 'make install' with configure, install docs/libcurl/* too o make install: add 8 missing man pages to the installation o curl: do bounds check using a double comparison [1] o dist: Add dictserver.py/negtelnetserver.py to release [2] o digest_sspi: Don't reuse context if the user/passwd has changed [3] o gitignore: ignore top-level .vs folder [4] o build: check out *.sln files with Windows line endings [5] o travis: verify "make install" [6] o dist: fix the cmake build by shipping cmake_uninstall.cmake.in too [7] o metalink: fix error: ‘*’ in boolean context, suggest ‘&&’ instead o configure: use the threaded resolver backend by default if possible [8] o mkhelp.pl: allow executing this script directly [9] o maketgz: remove old *.dist files before making the tarball [10] o openssl: remove CONST_ASN1_BIT_STRING [11] o openssl: fix "error: this statement may fall through" o proxy: fix memory leak in case of invalid proxy server name [12] o curl/system.h: support more architectures (OpenRISC, ARC) [13] o docs: fix typos [14] o curl/system.h: add Oracle Solaris Studio [15] o CURLINFO_TOTAL_TIME: could wrongly return 4200 seconds [16] o docs: --connect-to clarified o cmake: allow user to override CMAKE_DEBUG_POSTFIX [17] o travis: test cmake build on tarball too o redirect: make it handle absolute redirects to IDN names [18] o curl/system.h: fix for gcc on PowerPC [19] o curl --interface: fixed for IPV6 unique local addresses [20] o cmake: threads detection improvements [21]
Updated curl to 7.55.0.
Curl and libcurl 7.55.0
Public curl releases: 167
Command line options: 210
curl_easy_setopt() options: 247
Public functions in libcurl: 61
Contributors: 1571
This release includes the following changes:
o curl: allow --header and --proxy-header read from file [7]
o getinfo: provide sizes as curl_off_t [6]
o curl: prevent binary output spewed to terminal [16]
o curl: added --request-target [22]
o libcurl: added CURLOPT_REQUEST_TARGET [22]
o curl: added --socks5-{basic,gssapi}: control socks5 auth [30]
o libcurl: added CURLOPT_SOCKS5_AUTH [30]
This release includes the following bugfixes:
o glob: do not parse after a strtoul() overflow range (CVE-2017-1000101) [85]
o tftp: reject file name lengths that don't fit (CVE-2017-1000100) [84]
o file: output the correct buffer to the user (CVE-2017-1000099) [83]
o includes: remove curl/curlbuild.h and curl/curlrules.h [1]
o dist: make the hugehelp.c not get regenerated unnecessarily [2]
o timers: store internal time stamps as time_t instead of doubles [3]
o progress: let "current speed" be UL + DL speeds combined [4]
o http-proxy: do the HTTP CONNECT process entirely non-blocking [5]
o lib/curl_setup.h: remove CURL_WANTS_CA_BUNDLE_ENV [8]
o fuzz: bring oss-fuzz initial code converted to C89 [10]
o configure: disable nghttp2 too if HTTP has been disabled
o mk-ca-bundle.pl: Check curl's exit code after certdata download [11]
o test1148: verify the -# progressbar [12]
o tests: stabilize test 2032 and 2033 [13]
o HTTPS-Proxy: don't offer h2 for https proxy connections [14]
o http-proxy: only attempt FTP over HTTP proxy [9]
o curl-compilers.m4: enable vla warning for clang [15]
o curl-compilers.m4: enable double-promotion warning [15]
o curl-compilers.m4: enable missing-variable-declarations clang warning [15]
o curl-compilers.m4: enable comma clang warning [15]
o Makefile.m32: enable -W for MinGW32 build [15]
o CURLOPT_PREQUOTE: not supported for SFTP [17]
o http2: fix OOM crash
o PIPELINING_SERVER_BL: cleanup the internal list use [18]
o mkhelp.pl: fix script name in usage text
o lib1521: add curl_easy_getinfo calls to the test set
o travis: do the distcheck test build out-of-tree as well
o if2ip: fix compiler warning in ISO C90 mode
o lib: fix the djgpp build [19]
o typecheck-gcc: add support for CURLINFO_OFF_T [20]
o travis: enable typecheck-gcc warnings [21]
o maketgz: switch to xz instead of lzma [23]
o CURLINFO_REDIRECT_URL.3: mention the CURLOPT_MAXREDIRS case
o curl-compilers.m4: fix unknown-warning-option on Apple clang [24]
o winbuild: fix boringssl build [25]
o curl/system.h: add check for XTENSA for 32bit gcc [26]
o test1537: fixed memory leak on OOM
o test1521: fix compiler warnings [27]
o curl: fix memory leak on test 1147 OOM [28]
o libtest/make: generate lib1521.c dynamically at build-time [29]
o curl_strequal.3: fix typo in SYNOPSIS [31]
o progress: prevent resetting t_starttransfer [32]
o openssl: improve fallback seed of PRNG with a time based hash [33]
o http2: improved PING frame handling [34]
o test1450: add simple testing for DICT [35]
o make: build the docs subdir only from within src [36]
o cmake: Added compatibility options for older Windows versions [37]
o gtls: fix build when sizeof(long) < sizeof(void *) [38]
o url: make the original string get used on subsequent transfers [39]
o timeval.c: Use long long constant type for timeval assignment [40]
o tool_sleep: typecast to avoid macos compiler warning
o travis.yml: use --enable-werror on debug builds [41]
o test1451: add SMB support to the testbed [42]
o configure: remove checks for 5 functions never used [43]
o configure: try ldap/lber in reversed order first [44]
o smb: fix build for djgpp/MSDOS [45]
o travis: install nghttp2 on linux builds [46]
o smb: add support for CURLOPT_FILETIME [47]
o cmake: fix send/recv argument scanner for windows [48]
o inet_pton: fix include on windows to get prototype [49]
o select.h: avoid macro redefinition harder
o cmake: if inet_pton is used, bump _WIN32_WINNT
o asyn-thread.c: fix unused variable warnings on macOS
o runtests: support "threaded-resolver" as a feature
o test506: skip if threaded-resolver
o cmake: remove spurious "-l" from linker flags [50]
o cmake: add CURL_WERROR for enabling "warning as errors"
o memdebug: don't setbuf() if the file open failed [51]
o curl_easy_escape.3: mention the (lack of) encoding [52]
o test1452: add telnet negotiation [53]
o CURLOPT_POSTFIELDS.3: explain the 100-continue magic better
o cmake: offer CMAKE_DEBUG_POSTFIX when building with MSVC [54]
o tests/valgrind.supp: supress OpenSSL false positive seen on travis [55]
o curl_setup_once: Remove ERRNO/SET_ERRNO macros [56]
o curl-compilers.m4: disable warning spam with Cygwin's clang [57]
o ldap: fix MinGW compiler warning [58]
o make: fix docs build on OpenBSD [59]
o curl_setup: always define WIN32_LEAN_AND_MEAN on Windows [60]
o system.h: include winsock2.h before windows.h
o winbuild: build with warning level 4 [61]
o rtspd: fix MSVC level 4 warning
o sockfilt: suppress conversion warning with explicit cast
o libtest: fix MSVC warning C4706
o darwinssl: fix pinnedpubkey build error [62]
o tests/server/resolve.c: fix deprecation warning [63]
o nss: fix a possible use-after-free in SelectClientCert() [64]
o checksrc: escape open brace in regex
o multi: mention integer overflow risk if using > 500 million sockets [65]
o darwinssl: fix --tlsv1.2 regression [66]
o timeval: struct curltime is a struct timeval replacement [67]
o curl_rtmp: fix a compiler warning [68]
o include.d: clarify that it concerns the response headers [69]
o cmake: support make uninstall [70]
o include.d: clarify --include is only for response headers [71]
o libcurl: Stop using error codes defined under CURL_NO_OLDIES [72]
o http: fix response code parser to avoid integer overflow [73]
o configure: fix the check for IdnToUnicode [74]
o multi: fix request timer management [75]
o curl_threads: fix MSVC compiler warning [76]
o travis: build on osx with openssl
o travis: build on osx with libressl
o CURLOPT_NETRC.3: mention the file name on windows
o cmake: set MSVC warning level to 4 [77]
o netrc: skip lines starting with '#' [78]
o darwinssl: fix curlssl_sha256sum() compiler warnings on first argument
o BUILD.WINDOWS: mention buildconf.bat for builds off git
o darwinssl: silence compiler warnings [79]
o travis: build on osx with darwinssl
o FTP: skip unnecessary CWD when in nocwd mode [80]
o gssapi: fix memory leak of output token in multi round context [81]
o getparameter: avoid returning uninitialized 'usedarg' [82]
o curl (debug build) easy_events: make event data static
o curl: detect and bail out early on parameter integer overflows [86]
o configure: fix recv/send/select detection on Android [87]
Changes 7.54.1: curl: show the libcurl release date in --version output Bugfixes: CVE-2017-9502: default protocol drive letter buffer overflow openssl: fix memory leak in servercert tests: remove the html and PDF versions from the tarball mbedtls: enable NTLM (& SMB) even if MD4 support is unavailable typecheck-gcc: handle function pointers properly llist: no longer uses malloc gnutls: removed some code when --disable-verbose is configured lib: fix maybe-uninitialized warnings multi: clarify condition in curl_multi_wait schannel: Don't treat encrypted partial record as pending data configure: fix the -ldl check for openssl, add -lpthread check configure: accept -Og and -Ofast GCC flags Makefile: avoid use of GNU-specific form of $< if2ip: fix -Wcast-align warning configure: stop prepending to LDFLAGS, CPPFLAGS curl: set a 100K buffer size by default typecheck-gcc: fix _curl_is_slist_info nss: do not leak PKCS 11 slot while loading a key nss: load libnssckbi.so if no other trust is specified examples: ftpuploadfrommem.c url: declare get_protocol_family() static examples/cookie_interface.c: changed to example.com test1443: test --remote-time curl: use utimes instead of obsolescent utime when available url: fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE curl_rtmp: fix missing-variable-declarations warnings tests: fixed OOM handling of unit tests to abort test curl_setup: Ensure no more than one IDN lib is enabled tool: Fix missing prototype warnings for CURL_DOES_CONVERSIONS CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size curl: non-boolean command line args reject --no- prefixes telnet: Write full buffer instead of byte-by-byte typecheck-gcc: add missing string options typecheck-gcc: add support for CURLINFO_SOCKET opt man pages: they all have examples now curl_setup_once: use SEND_QUAL_ARG2 for swrite test557: set a known good numeric locale schannel: return a more specific error code for SEC_E_UNTRUSTED_ROOT tests/server: make string literals const runtests: use -R for random order unit1305: fix compiler warning curl_slist_append.3: clarify a NULL input creates a new list tests/server: run checksrc by default in debug-builds tests: fix -Wcast-qual warnings runtests.pl: simplify the datacheck read section curl: remove --environment and tool_writeenv.c buildconf: fix hang on IRIX tftp: silence bad-function-cast warning asyn-thread: fix unused macro warnings tool_parsecfg: fix -Wcast-qual warning sendrecv: fix MinGW-w64 warning test537: use correct variable type rand: treat fake entropy the same regardless of endianness curl: generate the --help output tests: removed redundant --trace-ascii arguments multi: assign IDs to all timers and make each timer singleton multi: use a fixed array of timers instead of malloc mbedtls: Support server renegotiation request pipeline: fix mistakenly trying to pipeline POSTs lib510: don't write past the end of the buffer if it's too small CURLOPT_HTTPPROXYTUNNEL.3: clarify, add example SecureTransport/DarwinSSL: Implement public key pinning curl.1: clarify --config curl_sasl: fix build error with CURL_DISABLE_CRYPTO_AUTH + USE_NTLM darwinssl: Fix exception when processing a client-side certificate curl.1: mention --oauth2-bearer's argument mkhelp.pl: do not add current time into curl binary asiohiper.cpp / evhiperfifo.c: deal with negative timerfunction input ssh: fix memory leak in disconnect due to timeout tests: stabilize test 1034 cmake: auto detection of CURL_CA_BUNDLE/CURL_CA_PATH assert: avoid, use DEBUGASSERT instead LDAP: using ldap_bind_s on Windows with methods redirect: store the "would redirect to" URL when max redirs is reached winbuild: fix the nghttp2 build examples: fix -Wimplicit-fallthrough warnings time: fix type conversions and compiler warnings mbedtls: fix variable shadow warning test557: fix ubsan runtime error due to int left shift transfer: init the infilesize from the postfields docs: clarify NO_PROXY further build-wolfssl: Sync config with wolfSSL 3.11 curl-compilers.m4: enable -Wshift-sign-overflow for clang example/externalsocket.c: make it use CLOSESOCKETFUNCTION too lib574.c: use correct callback proto lib583: fix compiler warning curl-compilers.m4: fix compiler_num for clang typecheck-gcc.h: separate getinfo slist checks from other pointers typecheck-gcc.h: check CURLINFO_TLS_SSL_PTR and CURLINFO_TLS_SESSION typecheck-gcc.h: check CURLINFO_CERTINFO build: provide easy code coverage measuring test1537: dedicated tests of the URL (un)escape API calls curl_endian: remove unused functions test1538: verify the libcurl strerror API calls MD(4|5): silence cast-align clang warning dedotdot: fixed output for ".." and "." only input cyassl: define build macros before including ssl.h updatemanpages.pl: error out on too old git version curl_sasl: fix unused-variable warning x509asn1: fix implicit-fallthrough warning with GCC 7 libtest: fix implicit-fallthrough warnings with GCC 7 BINDINGS: add Ring binding curl_ntlm_core: pass unsigned char to toupper test1262: verify ftp download with -z for "if older than this" test1521: test all curl_easy_setopt options typecheck-gcc: allow CURLOPT_STDERR to be NULL too metalink: remove unused printf() argument file: make speedcheck use current time for checks configure: fix link with librtmp when specifying path examples/multi-uv.c: fix deprecated symbol cmake: Fix inconsistency regarding mbed TLS include directory setopt: check CURLOPT_ADDRESS_SCOPE option range gitignore: ignore all vim swap files urlglob: fix division by zero libressl: OCSP and intermediate certs workaround no longer needed
Recursive revbump from boost update
Pullup ticket #5327 - requested by wiz
www/curl: security fix
Revisions pulled up:
- www/curl/Makefile 1.180
- www/curl/PLIST 1.63
- www/curl/distinfo 1.130-1.131
- www/curl/patches/patch-src_Makefile.in 1.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Apr 19 10:28:07 UTC 2017
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
Log Message:
Updated curl to 7.54.0.
Curl and libcurl 7.54.0
Public curl releases: 165
Command line options: 207
curl_easy_setopt() options: 245
Public functions in libcurl: 61
Contributors: 1538
This release includes the following changes:
o Add CURL_SSLVERSION_MAX_* constants to CURLOPT_SSLVERSION [19]
o Add --max-tls [19]
o Add CURLOPT_SUPPRESS_CONNECT_HEADERS [24]
o Add --suppress-connect-headers [24]
This release includes the following bugfixes:
o CVE-2017-7468: switch off SSL session id when client cert is used [68]
o cmake: Replace invalid UTF-8 byte sequence [1]
o tests: use consistent environment variables for setting charset
o proxy: fixed a memory leak on OOM
o ftp: removed an erroneous free in an OOM path
o docs: de-duplicate file lists in the Makefiles [2]
o ftp: fixed a NULL pointer dereference on OOM
o gopher: fixed detection of an error condition from Curl_urldecode
o url: fix unix-socket support for proxy-disabled builds [3]
o test1139: allow for the possibility that the man page is not rebuilt
o cyassl: get library version string at runtime
o digest_sspi: fix compilation warning
o tests: enable HTTP/2 tests to run with non-default port numbers
o warnless: suppress compiler warning
o darwinssl: Warn that disabling host verify also disables SNI [4]
o configure: fix for --enable-pthreads [5]
o checksrc.bat: Ignore curl_config.h.in, curl_config.h
o no-keepalive.d: fix typo [6]
o configure: fix --with-zlib when a path is specified [7]
o build: fix gcc7 implicit fallthrough warnings [8]
o fix potential use of uninitialized variables [9]
o CURLOPT_SSL_CTX_FUNCTION.3: Fix EXAMPLE formatting errors [10]
o CMake: Reorganize SSL support, separate WinSSL and SSPI [11]
o CMake: Add DarwinSSL support [12]
o CMake: Add mbedTLS support [13]
o ares: return error at once if timed out before name resolve starts [14]
o BINDINGS: added C++, perl, go and Scilab bindings
o URL: return error on malformed URLs with junk after port number
o KNOWN_BUGS: Add DarwinSSL won't import PKCS#12 without a password [15]
o http2: Fix assertion error on redirect with CL=0 [16]
o updatemanpages.pl: Update man pages to use current date and versions [17]
o --insecure: clarify that this option is for server connections [18]
o mkhelp: simplified the gzip code
o build: fixed making man page in out-of-tree tarball builds
o tests: disabled 1903 due to flakiness
o openssl: add two /* FALLTHROUGH */ to satisfy coverity
o cmdline-opts: fixed a few typos
o authneg: clear auth.multi flag at http_done [20]
o curl_easy_reset: Also reset the authentication state [21]
o proxy: skip SSL initialization for closed connections [22]
o http_proxy: ignore TE and CL in CONNECT 2xx responses [23]
o tool_writeout: fixed a buffer read overrun on --write-out
o make: regenerate docs/curl.1 by running make in docs [25]
o winbuild: add basic support for OpenSSL 1.1.x [26]
o build: removed redundant DEPENDENCIES from makefiles
o CURLINFO_LOCAL_PORT.3: added example
o curl: show HTTPS-Proxy options on CURLE_SSL_CACERT [27]
o tests: strip more options from non-HTTP --libcurl tests
o tests: fixed the documented test server port numbers
o runtests.pl: fixed display of the Gopher IPv6 port number
o multi: fix streamclose() crash in debug mode [28]
o cmake: build manual pages [29]
o cmake: add support for building HTML and PDF docs [30]
o mbedtls: add support for CURLOPT_SSL_CTX_FUNCTION [31]
o make: introduce 'test-nonflaky' target
o CURLINFO_PRIMARY_IP.3: add example
o tests/README: mention nroff for --manual tests [32]
o mkhelp: disable compression if the perl gzip module is unavailable
o openssl: fall back on SSL_ERROR_* string when no error detail [33]
o asiohiper: make sure socket is open in event_cb [34]
o tests/README: make "Run" section foolproof [35]
o curl: check for end of input in writeout backslash handling
o .gitattributes: turn off CRLF for *.am [36]
o multi: fix MinGW-w64 compiler warnings
o schannel: fix variable shadowing warning
o openssl: exclude DSA code when OPENSSL_NO_DSA is defined [37]
o http: Fix proxy connection reuse with basic-auth [38]
o pause: handle mixed types of data when paused [39]
o http: do not treat FTPS over CONNECT as HTTPS
o conncache: make hashkey avoid malloc [40]
o make: use the variable MAKE for recursive calls [41]
o curl: fix callback argument inconsistency [42]
o NTLM: check for features with #ifdef instead of #if [43]
o cmake: add several missing files to the dist
o select: use correct SIZEOF_ constant [44]
o connect: fix unreferenced parameter warning
o schannel: fix unused variable warning
o gcc7: fix * in boolean context [45]
o http2: silence unused parameter warnings
o ssh: fix narrowing conversion warning
o telnet: (win32) fix read callback return variable [46]
o docs: Explain --fail-early does not imply --fail [47]
o docs: added examples for CURLINFO_FILETIME.3 and CURLOPT_FILETIME.3
o tests/server/util: remove in6addr_any for recent MinGW [48]
o multi: make curl_multi_wait avoid malloc in the typical case [49]
o include: curl/system.h is a run-time version of curlbuild.h [50]
o easy: silence compiler warning
o llist: replace Curl_llist_alloc with Curl_llist_init [51]
o hash: move key into hash struct to reduce mallocs [52]
o url: don't free postponed data on connection reuse [53]
o curl_sasl: declare mechtable static
o curl: fix Windows Unicode build
o multi: fix queueing of pending easy handles [54]
o tool_operate: fix MinGW compiler warning [55]
o low_speed_limit: improved function for longer time periods [56]
o gtls: fix compiler warning
o sspi: print out InitializeSecurityContext() error message [57]
o schannel: fix compiler warnings [58]
o vtls: fix unreferenced variable warnings
o INSTALL.md: fix secure transport configure arguments
o CURLINFO_SCHEME.3: fix variable type
o libcurl-thread.3: also mention threaded-resolver [59]
o nss: load CA certificates even with --insecure [60]
o openssl: fix this statement may fall through [61]
o poll: prefer <poll.h> over <sys/poll.h> [62]
o polarssl: unbreak build with versions < 1.3.8 [63]
o Curl_expire_latest: ignore already expired timers [64]
o configure: turn implicit function declarations into errors [65]
o mbedtls: fix memory leak in error path [66]
o http2: fix handle leak in error path [67]
o .gitattributes: force shell scripts to LF [69]
o configure.ac: ignore CR after version numbers [70]
o extern-scan.pl: strip trailing CR [71]
o openssl: make SSL_ERROR_to_str more future-proof [72]
o openssl: fix thread-safety bugs in error-handling [73]
o openssl: don't try to print nonexistant peer private keys [74]
o nss: fix MinGW compiler warnings [75]
---
Module Name: pkgsrc
Committed By: ryoon
Date: Wed Apr 19 16:37:33 UTC 2017
Modified Files:
pkgsrc/www/curl: distinfo
Added Files:
pkgsrc/www/curl/patches: patch-src_Makefile.in
Log Message:
Do not use GNU make syntax. Fix build with bmake
Updated curl to 7.54.0. Curl and libcurl 7.54.0 Public curl releases: 165 Command line options: 207 curl_easy_setopt() options: 245 Public functions in libcurl: 61 Contributors: 1538 This release includes the following changes: o Add CURL_SSLVERSION_MAX_* constants to CURLOPT_SSLVERSION [19] o Add --max-tls [19] o Add CURLOPT_SUPPRESS_CONNECT_HEADERS [24] o Add --suppress-connect-headers [24] This release includes the following bugfixes: o CVE-2017-7468: switch off SSL session id when client cert is used [68] o cmake: Replace invalid UTF-8 byte sequence [1] o tests: use consistent environment variables for setting charset o proxy: fixed a memory leak on OOM o ftp: removed an erroneous free in an OOM path o docs: de-duplicate file lists in the Makefiles [2] o ftp: fixed a NULL pointer dereference on OOM o gopher: fixed detection of an error condition from Curl_urldecode o url: fix unix-socket support for proxy-disabled builds [3] o test1139: allow for the possibility that the man page is not rebuilt o cyassl: get library version string at runtime o digest_sspi: fix compilation warning o tests: enable HTTP/2 tests to run with non-default port numbers o warnless: suppress compiler warning o darwinssl: Warn that disabling host verify also disables SNI [4] o configure: fix for --enable-pthreads [5] o checksrc.bat: Ignore curl_config.h.in, curl_config.h o no-keepalive.d: fix typo [6] o configure: fix --with-zlib when a path is specified [7] o build: fix gcc7 implicit fallthrough warnings [8] o fix potential use of uninitialized variables [9] o CURLOPT_SSL_CTX_FUNCTION.3: Fix EXAMPLE formatting errors [10] o CMake: Reorganize SSL support, separate WinSSL and SSPI [11] o CMake: Add DarwinSSL support [12] o CMake: Add mbedTLS support [13] o ares: return error at once if timed out before name resolve starts [14] o BINDINGS: added C++, perl, go and Scilab bindings o URL: return error on malformed URLs with junk after port number o KNOWN_BUGS: Add DarwinSSL won't import PKCS#12 without a password [15] o http2: Fix assertion error on redirect with CL=0 [16] o updatemanpages.pl: Update man pages to use current date and versions [17] o --insecure: clarify that this option is for server connections [18] o mkhelp: simplified the gzip code o build: fixed making man page in out-of-tree tarball builds o tests: disabled 1903 due to flakiness o openssl: add two /* FALLTHROUGH */ to satisfy coverity o cmdline-opts: fixed a few typos o authneg: clear auth.multi flag at http_done [20] o curl_easy_reset: Also reset the authentication state [21] o proxy: skip SSL initialization for closed connections [22] o http_proxy: ignore TE and CL in CONNECT 2xx responses [23] o tool_writeout: fixed a buffer read overrun on --write-out o make: regenerate docs/curl.1 by running make in docs [25] o winbuild: add basic support for OpenSSL 1.1.x [26] o build: removed redundant DEPENDENCIES from makefiles o CURLINFO_LOCAL_PORT.3: added example o curl: show HTTPS-Proxy options on CURLE_SSL_CACERT [27] o tests: strip more options from non-HTTP --libcurl tests o tests: fixed the documented test server port numbers o runtests.pl: fixed display of the Gopher IPv6 port number o multi: fix streamclose() crash in debug mode [28] o cmake: build manual pages [29] o cmake: add support for building HTML and PDF docs [30] o mbedtls: add support for CURLOPT_SSL_CTX_FUNCTION [31] o make: introduce 'test-nonflaky' target o CURLINFO_PRIMARY_IP.3: add example o tests/README: mention nroff for --manual tests [32] o mkhelp: disable compression if the perl gzip module is unavailable o openssl: fall back on SSL_ERROR_* string when no error detail [33] o asiohiper: make sure socket is open in event_cb [34] o tests/README: make "Run" section foolproof [35] o curl: check for end of input in writeout backslash handling o .gitattributes: turn off CRLF for *.am [36] o multi: fix MinGW-w64 compiler warnings o schannel: fix variable shadowing warning o openssl: exclude DSA code when OPENSSL_NO_DSA is defined [37] o http: Fix proxy connection reuse with basic-auth [38] o pause: handle mixed types of data when paused [39] o http: do not treat FTPS over CONNECT as HTTPS o conncache: make hashkey avoid malloc [40] o make: use the variable MAKE for recursive calls [41] o curl: fix callback argument inconsistency [42] o NTLM: check for features with #ifdef instead of #if [43] o cmake: add several missing files to the dist o select: use correct SIZEOF_ constant [44] o connect: fix unreferenced parameter warning o schannel: fix unused variable warning o gcc7: fix ‘*’ in boolean context [45] o http2: silence unused parameter warnings o ssh: fix narrowing conversion warning o telnet: (win32) fix read callback return variable [46] o docs: Explain --fail-early does not imply --fail [47] o docs: added examples for CURLINFO_FILETIME.3 and CURLOPT_FILETIME.3 o tests/server/util: remove in6addr_any for recent MinGW [48] o multi: make curl_multi_wait avoid malloc in the typical case [49] o include: curl/system.h is a run-time version of curlbuild.h [50] o easy: silence compiler warning o llist: replace Curl_llist_alloc with Curl_llist_init [51] o hash: move key into hash struct to reduce mallocs [52] o url: don't free postponed data on connection reuse [53] o curl_sasl: declare mechtable static o curl: fix Windows Unicode build o multi: fix queueing of pending easy handles [54] o tool_operate: fix MinGW compiler warning [55] o low_speed_limit: improved function for longer time periods [56] o gtls: fix compiler warning o sspi: print out InitializeSecurityContext() error message [57] o schannel: fix compiler warnings [58] o vtls: fix unreferenced variable warnings o INSTALL.md: fix secure transport configure arguments o CURLINFO_SCHEME.3: fix variable type o libcurl-thread.3: also mention threaded-resolver [59] o nss: load CA certificates even with --insecure [60] o openssl: fix this statement may fall through [61] o poll: prefer <poll.h> over <sys/poll.h> [62] o polarssl: unbreak build with versions < 1.3.8 [63] o Curl_expire_latest: ignore already expired timers [64] o configure: turn implicit function declarations into errors [65] o mbedtls: fix memory leak in error path [66] o http2: fix handle leak in error path [67] o .gitattributes: force shell scripts to LF [69] o configure.ac: ignore CR after version numbers [70] o extern-scan.pl: strip trailing CR [71] o openssl: make SSL_ERROR_to_str more future-proof [72] o openssl: fix thread-safety bugs in error-handling [73] o openssl: don't try to print nonexistant peer private keys [74] o nss: fix MinGW compiler warnings [75]
Pullup ticket #5242 - requested by wiz www/curl: security patch Revisions pulled up: - www/curl/Makefile 1.179 - www/curl/distinfo 1.129 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Wed Apr 5 12:12:58 UTC 2017 Modified Files: pkgsrc/www/curl: Makefile distinfo Log Message: Updated curl to 7.53.1nb1. Add upstream patch fixing CVE-2017-7407. To generate a diff of this commit: cvs rdiff -u -r1.178 -r1.179 pkgsrc/www/curl/Makefile cvs rdiff -u -r1.128 -r1.129 pkgsrc/www/curl/distinfo
Updated curl to 7.53.1nb1. Add upstream patch fixing CVE-2017-7407.
Changes 7.53.1: Bugfixes: * cyassl: fix typo * url: Improve CURLOPT_PROXY_CAPATH error handling * urldata: include curl_sspi.h when Windows SSPI is enabled * formdata: check for EOF when reading from stdin * tests: Set CHARSET & LANG to UTF-8 in 1035, 2046 and 2047 * url: Default the proxy CA bundle location to CURL_CA_BUNDLE * rand: added missing #ifdef HAVE_FCNTL_H around fcntl.h header
Updated curl to 7.53.0. Curl and libcurl 7.53.0 This release includes the following changes: o unix_socket: added --abstract-unix-socket and CURLOPT_ABSTRACT_UNIX_SOCKET [25] o CURLOPT_BUFFERSIZE: support enlarging receive buffer [29] This release includes the following bugfixes: o CVE-2017-2629: make SSL_VERIFYSTATUS work again [64] o gnutls-random: check return code for failed random o openssl-random: check return code when asking for random o http: remove "Curl_http_done: called premature" message o cyassl: use time_t instead of long for timeout o build-wolfssl: Sync config with wolfSSL 3.10 o ftp-gss: check for init before use o configure: accept --with-libidn2 instead [1] o ftp: failure to resolve proxy should return that error code o curl.1: add three more exit codes o docs/ciphers: link to our own new page about ciphers o vtls: s/SSLEAY/OPENSSL - fixes multi_socket timeouts with openssl [2] o darwinssl: fix iOS build [3] o darwinssl: fix CFArrayRef leak [4] o cmake: use crypt32.lib when building with OpenSSL on windows [5] o curl_formadd.3: CURLFORM_CONTENTSLENGTH not needed when chunked [6] o digest_sspi: copy terminating NUL as well [7] o curl: fix --remote-time incorrect times on Windows [8] o curl.1: several updates and corrections [11] o content_encoding: change return code on a failure o curl.h: CURLE_FUNCTION_NOT_FOUND is no longer in use o docs: TCP_KEEPALIVE start and interval default to 60 [9] o darwinssl: --insecure overrides --cacert if both settings are in use [10] o TheArtOfHttpScripting: grammar o CIPHERS.md: document GSKit ciphers o wolfssl: support setting cipher list o wolfssl: display negotiated SSL version and cipher o lib506: fix build for Open Watcom [12] o asiohiper: improved socket handling [13] o examples: make the C++ examples follow our code style too o tests/sws: retry send() on EWOULDBLOCK [14] o cmake: Fix passing _WINSOCKAPI_ macro to compiler [15] o smtp: Fix STARTTLS denied error message o imap/pop3: don't print response character in STARTTLS denied messages [16] o rand: make it work without TLS backing [17] o url: fix parsing for when 'file' is the default protocol [18] o url: allow file://X:/path URLs on windows again [19] o gnutls: check for alpn and ocsp in configure [20] o IDN: Use TR46 'non-transitional' for toASCII translations [21] o url: Fix NO_PROXY env var to work properly with --proxy option [22] o CURLOPT_PREQUOTE.3: takes a struct curl_slist*, not a char* [23] o docs: Add note about libcurl copying strings to CURLOPT_* manpages [24] o curl: reset the easy handle at --next o --next docs: --trace and --trace-ascii are also global o --write-out docs: 'time_total' is not always shown with ms precision o http: print correct HTTP string in verbose output when using HTTP/2 o docs: improved language in README.md HISTORY.md CONTRIBUTE.md [26] o http2: disable server push if not requested [27] o nss: use the correct lock in nss_find_slot_by_name() o usercertinmem.c: improve the short description o CURLOPT_CONNECT_TO: Fix compile warnings o docs: non-blocking SSL handshake is now supported with NSS o *.rc: escape non-ASCII/non-UTF-8 character for clarity [28] o mbedTLS: fix multi interface non-blocking handshake [30] o PolarSSL: fix multi interface non-blocking handshake [31] o VC: remove the makefile.vc6 build infra [32] o telnet: fix windows compiler warnings [33] o cookies: do not assume a valid domain has a dot o polarssl: fix hangs o gnutls: disable TLS session tickets [34] o mbedtls: disable TLS session tickets [35] o mbedtls: implement CTR-DRBG and HAVEGE random generators [36] o openssl: Don't use certificate after transferring ownership [37] o cmake: Support curl --xattr when built with cmake [38] o OS400: Fix symbols [39] o docs: Add more HTTPS proxy documentation [40] o docs: use more HTTPS links [41] o cmdline-opts: Fixed build and test in out of source tree builds o CHANGES.0: removed o schannel: Remove incorrect SNI disabled message [42] o darwinssl: Avoid parsing certificates when not in verbose mode [43] o test552: Fix typos [44] o telnet: Fix typos [45] o transfer: only retry nobody-requests for HTTP [46] o http2: reset push header counter fixes crash [47] o nss: make FTPS work with --proxytunnel [48] o test1139: Added the --manual keyword since the manual is required o polarssl, mbedtls: Fix detection of pending data [49] o http_proxy: Fix tiny memory leak upon edge case connecting to proxy [50] o URL: only accept ";options" in SMTP/POP3/IMAP URL schemes [51] o curl.1: ftp.sunet.se is no longer an FTP mirror o tool_operate: Show HTTPS-Proxy options on CURLE_SSL_CACERT [52] o http2: fix memory-leak when denying push streams [53] o configure: Allow disabling pthreads, fall back on Win32 threads [54] o curl: fix typo in time condition warning message [55] o axtls: adapt to API changes [56] o tool_urlglob: Allow a glob range with the same start and stop [57] o winbuild: add note on auto-detection of MACHINE in Makefile.vc [58] o http: fix missing 'Content-Length: 0' while negotiating auth [59] o proxy: fix hostname resolution and IDN conversion [60] o docs: fix timeout handling in multi-uv example o digest_sspi: Fix nonce-count generation in HTTP digest [61] o sftp: improved checks for create dir failures [62] o smb: use getpid replacement for windows UWP builds [63] o digest_sspi: Handle 'stale=TRUE' directive in HTTP digest [65]
Revbump after boost update
Updated curl to 7.52.1. Security update.
Fixed in 7.52.1
Bugfixes:
CVE-2016-9594: unititialized random
lib557: fix checksrc warnings
lib: fix MSVC compiler warnings
lib557.c: use a shorter MAXIMIZE representation
tests: run checksrc on debug builds
Updated curl to 7.52.0. Security fixes.
Version 7.52.0 (20 Dec 2016)
Changes:
nss: map CURL_SSLVERSION_DEFAULT to NSS default
vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3
curl: introduce the --tlsv1.3 option to force TLS 1.3
curl: Add --retry-connrefused
proxy: Support HTTPS proxy and SOCKS+HTTP(s)
add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme}
curl: add --fail-early
Bugfixes:
CVE-2016-9586: printf floating point buffer overflow
CVE-2016-9952: Win CE schannel cert wildcard matches too much
CVE-2016-9953: Win CE schannel cert name out of buffer read
msvc: removed a straggling reference to strequal.c
winbuild: remove strcase.obj from curl build
examples: bugfixed multi-uv.c
configure: verify that compiler groks -Werror=partial-availability
mbedtls: fix build with mbedtls versions < 2.4.0
dist: add unit test CMakeLists.txt to the tarball
curl -w: added more decimal digits to timing counters
easy: Initialize info variables on easy init and duphandle
cmake: disable poll for macOS
http2: Don't send header fields prohibited by HTTP/2 spec
ssh: check md5 fingerprints case insensitively (regression)
openssl: initial TLS 1.3 adaptions
curl_formadd.3: *_FILECONTENT and *_FILE need the file to be kept
printf: fix ".*f" handling
examples/fileupload.c: fclose the file as well
SPNEGO: Fix memory leak when authentication fails
realloc: use Curl_saferealloc to avoid common mistakes
openssl: make sure to fail in the unlikely event that PRNG seeding fails
URL-parser: for file://[host]/ URLs, the [host] must be localhost
timeval: prefer time_t to hold seconds instead of long
Curl_rand: fixed and moved to rand.c
glob: fix [a-c] globbing regression
darwinssl: fix SSL client certificate not found on MacOS Sierra
curl.1: Clarify --dump-header only writes received headers
http2: Fix address sanitizer memcpy warning
http2: Use huge HTTP/2 windows
connects: Don't mix unix domain sockets with regular ones
url: Fix conn reuse for local ports and interfaces
x509: Limit ASN.1 structure sizes to 256K
checksrc: add more checks
winbuild: add config option ENABLE_NGHTTP2
http2: check nghttp2_session_set_local_window_size exists
http2: Fix crashes when parent stream gets aborted
CURLOPT_CONNECT_TO: Skip non-matching "connect-to" entries
URL parser: reject non-numerical port numbers
CONNECT: reject TE or CL in 2xx responses
CONNECT: read responses one byte at a time
curl: support zero-length argument strings in config files
openssl: don't use OpenSSL's ERR_PACK
curl.1: generated with the new man page system
curl_easy_recv: Improve documentation and example program
Curl_getconnectinfo: avoid checking if the connection is closed
CIPHERS.md: attempt to document TLS cipher names
curl: update to 7.51.0. security fix
Curl and libcurl 7.51.0
Public curl releases: 160
Command line options: 185
curl_easy_setopt() options: 225
Public functions in libcurl: 61
Contributors: 1467
This release includes the following changes:
o nss: additional cipher suites are now accepted by CURLOPT_SSL_CIPHER_LIST
o New option: CURLOPT_KEEP_SENDING_ON_ERROR [10]
This release includes the following bugfixes:
o CVE-2016-8615: cookie injection for other servers [28]
o CVE-2016-8616: case insensitive password comparison [29]
o CVE-2016-8617: OOB write via unchecked multiplication [30]
o CVE-2016-8618: double-free in curl_maprintf [31]
o CVE-2016-8619: double-free in krb5 code [32]
o CVE-2016-8620: glob parser write/read out of bounds [33]
o CVE-2016-8621: curl_getdate read out of bounds [34]
o CVE-2016-8622: URL unescape heap overflow via integer truncation [35]
o CVE-2016-8623: Use-after-free via shared cookies [36]
o CVE-2016-8624: invalid URL parsing with '#' [37]
o CVE-2016-8625: IDNA 2003 makes curl use wrong host [38]
o openssl: fix per-thread memory leak using 1.0.1 or 1.0.2 [1]
o http: accept "Transfer-Encoding: chunked" for HTTP/2 as well [2]
o LICENSE-MIXING.md: update with mbedTLS dual licensing [3]
o examples/imap-append: Set size of data to be uploaded [4]
o test2048: fix url
o darwinssl: disable RC4 cipher-suite support
o CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting
o openssl: don’t call CRYTPO_cleanup_all_ex_data [5]
o libressl: fix version output [6]
o easy: Reset all statistical session info in curl_easy_reset [7]
o curl_global_cleanup.3: don't unload the lib with sub threads running [8]
o dist: add CurlSymbolHiding.cmake to the tarball
o docs: Remove that --proto is just used for initial retrieval [9]
o configure: Fixed builds with libssh2 in a custom location
o curl.1: --trace supports % for sending to stderr!
o cookies: same domain handling changed to match browser behavior [11]
o formpost: trying to attach a directory no longer crashes [12]
o CURLOPT_DEBUGFUNCTION.3: fixed unused argument warning [13]
o formpost: avoid silent snprintf() truncation
o ftp: fix Curl_ftpsendf
o mprintf: return error on too many arguments
o smb: properly check incoming packet boundaries [14]
o GIT-INFO: remove the Mac 10.1-specific details [15]
o resolve: add error message when resolving using SIGALRM [16]
o cmake: add nghttp2 support [17]
o dist: remove PDF and HTML converted docs from the releases [18]
o configure: disable poll() in macOS builds [19]
o vtls: only re-use session-ids using the same scheme
o pipelining: skip to-be-closed connections when pipelining [20]
o win: fix Universal Windows Platform build [21]
o curl: do not set CURLOPT_SSLENGINE to DEFAULT automatically [22]
o maketgz: make it support "only" generating version info
o Curl_socket_check: add extra check to avoid integer overflow
o gopher: properly return error for poll failures
o curl: set INTERLEAVEDATA too
o polarssl: clear thread array at init
o polarssl: fix unaligned SSL session-id lock
o polarssl: reduce #ifdef madness with a macro
o curl_multi_add_handle: set timeouts in closure handles [23]
o configure: set min version flags for builds on mac [24]
o INSTALL: converted to markdown => INSTALL.md
o curl_multi_remove_handle: fix a double-free [25]
o multi: fix inifinte loop in curl_multi_cleanup() [26]
o nss: fix tight loop in non-blocking TLS handhsake over proxy [27]
o mk-ca-bundle: Change URL retrieval to HTTPS-only by default [39]
o mbedtls: stop using deprecated include file [40]
o docs: fix req->data in multi-uv example [41]
o configure: Fix test syntax for monotonic clock_gettime
o CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2 [42]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Akshay Vernekar, Alexander Sinditskiy, Anders Bakken, Andreas Streichardt,
Andrei Sedoi, Bernard Spil, Christian Heimes, Dan Fandrich,
Daniel Gustafsson, Daniel Stenberg, Darío Hereñú, David Woodhouse,
Fernando Muñoz, Gregory Szorc, Jeroen Ooms, Kamil Dudka, Luật Nguyễn,
lukaszgn on github, Marcel Raad, Martin Frodl, Martin Storsjö,
Michael Kaufmann, Michael Osipov, Miloš Ljumović, Nick Zitzmann,
nopjmp on github, Paul Joyce, Rainer Müller, Ray Satiro, Remo E,
Rider Linden, Sebastian Mundry, Sergei Kuzmin, Stephen Brokenshire,
Tobias Stoeckmann, Toby Peterson, Todd Short, Tony Kelman, Torben Dannhauer,
Valentin David,
(40 contributors)
Thanks! (and sorry if I forgot to mention someone)
References to bug reports and discussions on issues:
[1] = https://curl.haxx.se/bug/?i=964
[2] = https://curl.haxx.se/bug/?i=1013
[3] = https://curl.haxx.se/bug/?i=1019
[4] = https://curl.haxx.se/bug/?i=1011
[5] = https://curl.haxx.se/mail/lib-2016-09/0045.html
[6] = https://curl.haxx.se/bug/?i=1029
[7] = https://curl.haxx.se/bug/?i=1017
[8] = https://curl.haxx.se/bug/?i=997
[9] = https://curl.haxx.se/bug/?i=1031
[10] = https://curl.haxx.se/libcurl/c/CURLOPT_KEEP_SENDING_ON_ERROR.html
[11] = https://curl.haxx.se/bug/?i=1050
[12] = https://curl.haxx.se/bug/?i=1053
[13] = https://curl.haxx.se/bug/?i=1056
[14] = https://curl.haxx.se/bug/?i=1052
[15] = https://curl.haxx.se/bug/?i=1049
[16] = https://curl.haxx.se/bug/?i=1066
[17] = https://curl.haxx.se/bug/?i=922
[18] = https://curl.haxx.se/mail/lib-2016-10/0040.html
[19] = https://curl.haxx.se/bug/?i=1057
[20] = https://curl.haxx.se/bug/?i=1075
[21] = https://curl.haxx.se/bug/?i=1048
[22] = https://curl.haxx.se/bug/?i=1042
[23] = https://curl.haxx.se/bug/?i=739
[24] = https://curl.haxx.se/bug/?i=1069
[25] = https://curl.haxx.se/bug/?i=1083
[26] = https://curl.haxx.se/mail/lib-2016-10/0011.html
[27] = https://bugzilla.redhat.com/1388162
[28] = https://curl.haxx.se/docs/adv_20161102A.html
[29] = https://curl.haxx.se/docs/adv_20161102B.html
[30] = https://curl.haxx.se/docs/adv_20161102C.html
[31] = https://curl.haxx.se/docs/adv_20161102D.html
[32] = https://curl.haxx.se/docs/adv_20161102E.html
[33] = https://curl.haxx.se/docs/adv_20161102F.html
[34] = https://curl.haxx.se/docs/adv_20161102G.html
[35] = https://curl.haxx.se/docs/adv_20161102H.html
[36] = https://curl.haxx.se/docs/adv_20161102I.html
[37] = https://curl.haxx.se/docs/adv_20161102J.html
[38] = https://curl.haxx.se/docs/adv_20161102K.html
[39] = https://curl.haxx.se/bug/?i=1012
[40] = https://curl.haxx.se/bug/?i=1087
[41] = https://curl.haxx.se/bug/?i=1088
[42] = https://curl.haxx.se/bug/?i=1059
Revbump post boost update
Updated curl to 7.50.3. Curl and libcurl 7.50.3 This release includes the following bugfixes: o CVE-2016-7167: escape and unescape integer overflows [8] o mk-ca-bundle.pl: use SHA256 instead of SHA1 o checksrc: detect strtok() use o errors: new alias CURLE_WEIRD_SERVER_REPLY [1] o http2: support > 64bit sized uploads [2] o openssl: fix bad memory free (regression) [3] o CMake: hide private library symbols [4] o http: refuse to pass on response body with NO_NODY was set [5] o cmake: fix curl-config --static-libs [6] o mbedtls: switch off NTLM in build if md4 isn't available [7] o curl: --create-dirs on windows groks both forward and backward slashes [9]
Fixed in 7.50.2 - September 7 2016 Bugfixes: --------- mbedtls: Added support for NTLM SSH: fixed SFTP/SCP transfer problems multi: make Curl_expire() work with 0 ms timeouts mk-ca-bundle.pl: -m keeps ca cert meta data in output TFTP: Fix upload problem with piped input CURLOPT_TCP_NODELAY: now enabled by default mbedtls: set verbose TLS debug when MBEDTLS_DEBUG is defined http2: always wait for readable socket cmake: Enable win32 large file support by default cmake: Enable win32 threaded resolver by default winbuild: Avoid setting redundant CFLAGS to compile commands curl.h: make CURL_NO_OLDIES define CURL_STRICTER docs: make more markdown files use .md extension docs: CONTRIBUTE and LICENSE-MIXING were converted to markdown winbuild: Allow changing C compiler via environment variable CC rtsp: accept any RTSP session id HTTP: retry failed HEAD requests on reused connections too configure: add zlib search with pkg-config openssl: accept subjectAltName iPAddress if no dNSName match MANUAL: Remove invalid link to LDAP documentation socks: improved connection procedure proxy: reject attempts to use unsupported proxy schemes proxy: bring back use of "Proxy-Connection:" curl: allow "pkcs11:" prefix for client certificates spnego_sspi: fix memory leak in case *outlen is zero SOCKS: improve verbose output of SOCKS5 connection sequence SOCKS: display the hostname returned by the SOCKS5 proxy server http/sasl: Query authentication mechanism supported by SSPI before using sasl: Don't use GSSAPI authentication when domain name not specified win: Basic support for Universal Windows Platform apps nss: fix incorrect use of a previously loaded certificate from file nss: work around race condition in PK11_FindSlotByName() ftp: fix wrong poll on the secondary socket openssl: build warning-free with 1.1.0 (again) HTTP: stop parsing headers when switching to unknown protocols test219: Add http as a required feature TLS: random file/egd doesn't have to match for conn reuse schannel: Disable ALPN for Wine since it is causing problems http2: make sure stream errors don't needlessly close the connection http2: return CURLE_HTTP2_STREAM for unexpected stream close darwinssl: --cainfo is intended for backward compatibility only speed caps: not based on average speeds anymore configure: make the cpp -P detection not clobber CPPFLAGS http2: use named define instead of magic constant in read callback http2: skip the content-length parsing, detect unknown size http2: return EOF when done uploading without known size darwinssl: test for errSecSuccess in PKCS12 import rather than noErr openssl: fix CURLINFO_SSL_VERIFYRESULT
Pullup ticket #5079 - requested by sevan
www/curl: security fix
Revisions pulled up:
- www/curl/Makefile 1.168-1.169
- www/curl/PLIST 1.59
- www/curl/distinfo 1.120-1.121
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Jul 24 18:38:34 UTC 2016
Modified Files:
pkgsrc/www/curl: Makefile distinfo
Log Message:
Updated curl to 7.50.0.
Fixed in 7.50.0 - July 21 2016
Changes:
http: add CURLINFO_HTTP_VERSION and %{http_version}
Bugfixes:
memdebug: fix MSVC crash with -DMEMDEBUG_LOG_SYNC
openssl: fix build with OPENSSL_NO_COMP
mbedtls: removed unused variables
cmake: Added missing mbedTLS support
URL parser: allow URLs to use one, two or three slashes
curl: fix -q [regression]
openssl: Use correct buffer sizes for error messages
curl: fix SIGSEGV while parsing URL with too many globs
schannel: add CURLOPT_CERTINFO support
vtls: fix ssl session cache race condition
http: Fix HTTP/2 connection reuse [regression]
checksrc: Add LoadLibrary to the banned functions list
schannel: Disable ALPN on Windows < 8.1
configure: occasional ignorance of --enable-symbol-hiding with GCC
http2: test17xx are the first real HTTP/2 tests
resolve: add support for IPv6 DNS64/NAT64 Networks on OS X + iOS
curl_multi_socket_action.3: rewording
CURLOPT_POSTFIELDS.3: Clarify what happens when set empty
cmake: Fix build with winldap
openssl: fix cert check with non-DNS name fields present
curl.1: mention the units for the progress meter
openssl: use more 'const' to fix build warnings with 1.1.0 branch
cmake: now using BUILD_TESTING=ON/OFF
vtls: Only call add/getsession if session id is enabled
headers: forward declare CURL, CURLM and CURLSH as structs
configure: improve detection of CA bundle path on FreeBSD
SFTP: set a generic error when no SFTP one exists
curl_global_init.3: expand on the SSL and WIN32 bits purpose
conn: don't free easy handle data in handler->disconnect
cookie.c: Fix misleading indentation
library: Fix memory leaks found during static analysis
CURLMOPT_SOCKETFUNCTION.3: fix typo
curl_global_init: moved the "IPv6 works" check here
connect: disable TFO on Linux when using SSL
vauth: Fixed memory leak due to function returning without free
winbuild: fix embedded manifest option
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Aug 3 08:57:51 UTC 2016
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
Log Message:
Updated curl to 7.50.1.
Bugfixes:
TLS: switch off SSL session id when client cert is used
TLS: only reuse connections with the same client cert
curl_multi_cleanup: clear connection pointer for easy handles
include the CURLINFO_HTTP_VERSION man page into the release tarball
include the http2-server.pl script in the release tarball
test558: fix test by stripping file paths from FD lines
spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration
tests: Fix for http/2 feature
cmake: Fix for schannel support
curl.h: make public types void * again
win32: fix a potential memory leak in Curl_load_library
travis: fix OSX build by re-installing libtool
mbedtls: Fix debug function name
Updated curl to 7.50.1.
Bugfixes:
TLS: switch off SSL session id when client cert is used
TLS: only reuse connections with the same client cert
curl_multi_cleanup: clear connection pointer for easy handles
include the CURLINFO_HTTP_VERSION man page into the release tarball
include the http2-server.pl script in the release tarball
test558: fix test by stripping file paths from FD lines
spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration
tests: Fix for http/2 feature
cmake: Fix for schannel support
curl.h: make public types void * again
win32: fix a potential memory leak in Curl_load_library
travis: fix OSX build by re-installing libtool
mbedtls: Fix debug function name
Updated curl to 7.50.0.
Fixed in 7.50.0 - July 21 2016
Changes:
http: add CURLINFO_HTTP_VERSION and %{http_version}
Bugfixes:
memdebug: fix MSVC crash with -DMEMDEBUG_LOG_SYNC
openssl: fix build with OPENSSL_NO_COMP
mbedtls: removed unused variables
cmake: Added missing mbedTLS support
URL parser: allow URLs to use one, two or three slashes
curl: fix -q [regression]
openssl: Use correct buffer sizes for error messages
curl: fix SIGSEGV while parsing URL with too many globs
schannel: add CURLOPT_CERTINFO support
vtls: fix ssl session cache race condition
http: Fix HTTP/2 connection reuse [regression]
checksrc: Add LoadLibrary to the banned functions list
schannel: Disable ALPN on Windows < 8.1
configure: occasional ignorance of --enable-symbol-hiding with GCC
http2: test17xx are the first real HTTP/2 tests
resolve: add support for IPv6 DNS64/NAT64 Networks on OS X + iOS
curl_multi_socket_action.3: rewording
CURLOPT_POSTFIELDS.3: Clarify what happens when set empty
cmake: Fix build with winldap
openssl: fix cert check with non-DNS name fields present
curl.1: mention the units for the progress meter
openssl: use more 'const' to fix build warnings with 1.1.0 branch
cmake: now using BUILD_TESTING=ON/OFF
vtls: Only call add/getsession if session id is enabled
headers: forward declare CURL, CURLM and CURLSH as structs
configure: improve detection of CA bundle path on FreeBSD
SFTP: set a generic error when no SFTP one exists
curl_global_init.3: expand on the SSL and WIN32 bits purpose
conn: don't free easy handle data in handler->disconnect
cookie.c: Fix misleading indentation
library: Fix memory leaks found during static analysis
CURLMOPT_SOCKETFUNCTION.3: fix typo
curl_global_init: moved the "IPv6 works" check here
connect: disable TFO on Linux when using SSL
vauth: Fixed memory leak due to function returning without free
winbuild: fix embedded manifest option
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.
Update curl to 7.49.1. Bugfixes: Windows: prevent DLL hijacking, CVE-2016-4802 dist: include manpage-scan.pl, nroff-scan.pl and CHECKSRC.md schannel: fix compile break with MSVC XP toolset curlbuild.h.dist: check __LP64__ as well to fix MIPS build dist: include curl_multi_socket_all.3 http2: use HTTP/2 in the HTTP/1.1-alike response openssl: ERR_remove_thread_state() is deprecated in latest 1.1.0 CURLOPT_CONNECT_TO.3: user must not free the list prematurely libcurl.m4: Avoid obsolete warning winbuild/Makefile.vc: Fix check on SSL, MBEDTLS, WINSSL exclusivity curl_multibyte: fix compiler error openssl: cleanup must free compression methods (memory leak) mbedtls: fix includes so snprintf() works checksrc.pl: Added variants of strcat() & strncat() to banned function list contributors.sh: better grep pattern and show GitHub username ssh: fix build for libssh2 before 1.2.6 curl_share_setopt.3: Add min ver needed for ssl session lock
Updated curl to 7.49.0.
Fixed in 7.49.0 - May 18 2016
Changes:
schannel: Add ALPN support
SSH: support CURLINFO_FILETIME
SSH: new CURLOPT_QUOTE command "statvfs"
wolfssl: Add ALPN support
http2: added --http2-prior-knowledge
http2: added CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE
libcurl: added CURLOPT_CONNECT_TO
curl: added --connect-to
libcurl: added CURLOPT_TCP_FASTOPEN
curl: added --tcp-fastopen
curl: remove support for --ftpport, -http-request and --socks
Bugfixes:
CVE-2016-3739: TLS certificate check bypass with mbedTLS/PolarSSL
checksrc.bat: Updated the help to be consistent with generate.bat
checksrc.bat: Added support for scanning the tests and examples
openssl: fix ERR_remove_thread_state() for boringssl/libressl
openssl: boringssl provides the same numbering as openssl
multi: fix "Operation timed out after" timer
url: don't use bad offset in tld_check_name to show error
sshserver.pl: use quotes for given options
Makefile.am: skip the scripts dir
curl: warn for --capath use if not supported by libcurl
http2: fix connection reuse
GSS: make Curl_gss_log_error more verbose
build-wolfssl: Allow a broader range of ciphers (Visual Studio)
wolfssl: Use ECC supported curves extension
openssl: Fix compilation warnings
Curl_add_buffer_send: avoid possible NULL dereference
SOCKS5_gssapi_negotiate: don't assume little-endian ints
strerror: don't bit shift a signed integer
url: Corrected get protocol family for FTP and LDAP
curl/mprintf.h: remove support for _MPRINTF_REPLACE
upload: missing rewind call could make libcurl hang
IMAP: check pointer before dereferencing it
build: Changed the Visual Studio projects warning level from 3 to 4
checksrc: now stricter, wider checks, code cleaned up
checksrc: added docs/CHECKSRC.md
curl_sasl: Fixed potential null pointer utilisation
krb5: Fixed missing client response when mutual authentication enabled
krb5: Only process challenge when present
krb5: Only generate a SPN when its not known
formdata: use appropriate fopen() macros
curl.1: -w filename_effective was introduced in 7.26.0
http2: make use of the nghttp2 error callback
http2: fix connection reuse when PING comes after last DATA
curl.1: change example for -F
HTTP2: Add a space character after the status code
curl.1: use example.com more
mbedtls.c: changed private prefix to mbed_
mbedtls: implement and provide *_data_pending() to avoid hang
mbedtls: fix MBEDTLS_DEBUG builds
ftp/imap/pop3/smtp: Allow the service name to be overridden
CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAME
build: include scripts/ in the dist
http2: Add handling stream level error
http2: Improve header parsing
makefile.vc6: use d suffix on debug object
configure: remove check for libresolve
scripts/make: use $(EXEEXT) for executables
checksrc: got rid of the whitelist files
sendf: added ability to call recv() before send() as workaround
NTLM: check for NULL pointer before dereferencing
openssl: builds with OpenSSL 1.1.0-pre5
configure: ac_cv_ -> curl_cv_ for all cached vars
winbuild: add mbedtls support
curl: make --ftp-create-dirs retry on failure
PolarSSL: implement public key pinning
multi: accidentally used resolved host name instead of proxy
CURLINFO_TLS_SESSION.3: clarify TLS library support before 7.48.0
CONNECT_ONLY: don't close connection on GSS 401/407 reponses
opts: Fix some syntax errors in example code fragments
mbedtls: Fix session resume
test1139: verifies libcurl option man page presence
CURLINFO_TLS_SSL_PTR.3: Clarify SSL pointer availability
curl: make --disable work as long form of -q
curl: use --telnet-option as documented
curl.1: document --ftp-ssl-reqd, --krb4 and --ntlm-wb
curl: -h output lacked --proxy-header and --ntlm-wb
curl -J: make it work even without http:// scheme on URL
lib: include curl_printf.h as one of the last headers
tests: handle path properly on Msys/Cygwin
curl.1: --mail-rcpt can be used multiple times
CURLOPT_ACCEPT_ENCODING.3: clarified
docs: fixed lots of broken man page references
tls: make setting pinnedkey option fail if not supported
test1140: run nroff-scan to verify man pages
http: make sure a blank header overrides accept_decoding
connections: do not reuse non-HTTP proxies on different ports
connect: fix invalid "Network is unreachable" errors
TLS: move the ALPN/NPN enable bits to the connection
TLS: SSL_peek is not a const operation
http2: Add space between colon and header value
darwinssl: fix certificate verification disable on OS X 10.8
mprintf: Fix processing of width and prec args
ftp wildcard: segfault due to init only in multi_perform
sunet.se stopped mirroring lots of stuff, remove/comment out references to it
Adjust checks for _USE_DESTDIR != no or incorrect references to USE_DESTDIR.
Changes 7.48.0 - CURLINFO_TLS_SSL_PTR.3: Warn about limitations - Revert "sshserver: remove use of AuthorizedKeysFile2" It seems we may have some autobuild problems after this commit went in. Trying to see if a revert helps to get them back. - maketgz: add -j to make dist ... makes it a lot faster - libcurl-thread.3: minor nroff format fix - CURLINFO_TLS_SSL_PTR.3: minor nroff format fix - CODE_STYLE: indend example code ... to make it look nicer in markdown outputa
Bump PKGREVISION for security/openssl ABI bump.
Pullup ticket #4922 - requested by he
www/curl: security update
Revisions pulled up:
- www/curl/Makefile 1.157-1.160
- www/curl/distinfo 1.112,1.115
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: mef
Date: Thu Jan 28 11:46:02 UTC 2016
Modified Files:
pkgsrc/www/curl: Makefile distinfo
Log Message:
Update 7.46.0 to 7.47.0
-----------------------
Curl and libcurl 7.47.0
Public curl releases: 151
Command line options: 179
curl_easy_setopt() options: 221
Public functions in libcurl: 61
Contributors: 1340
This release includes the following changes:
o version: Add flag CURL_VERSION_PSL for libpsl
o http: added CURL_HTTP_VERSION_2TLS to do HTTP/2 for HTTPS only [8]
o curl: use 2TLS by default
o curl --expect100-timeout: added [10]
o Add .dir-locals and set c-basic-offset to 2 (for emacs) [16]
This release includes the following bugfixes:
o curl: avoid local drive traversal when saving file on Windows [33]
o NTLM: do not resuse proxy connections without diff proxy credentials [34]
o tests: Disable the OAUTHBEARER tests when using a non-default port number [1]
o curl: remove keepalive #ifdef checks done on libcurl's behalf
o formdata: Check if length is too large for memory [2]
o lwip: Fix compatibility issues with later versions [3]
o openssl: BoringSSL doesn't have CONF_modules_free
o config-win32: Fix warning HAVE_WINSOCK2_H undefined
o build: fix compilation error with CURL_DISABLE_VERBOSE_STRINGS [4]
o http2: Fix hanging paused stream [5]
o scripts/Makefile: fix GNUism and survive no perl [6]
o openssl: adapt to 1.1.0+ name changes
o openssl: adapt to openssl >= 1.1.0 X509 opaque structs [7]
o HTTP2.md: spell fix and remove TODO now implemented
o setstropt: const-correctness [9]
o cyassl: fix compiler warning on type conversion
o gskit: Fix host subject altname verification [11]
o http2: Support trailer fields [12]
o wolfssl: handle builds without SSLv3 support
o cyassl: deal with lack of *get_peer_certificate [13]
o sockfilt: do not wait on unreliable file or pipe handle
o make: build zsh script even in an out-of-tree build
o test 1326: fix getting stuck on Windows
o test 87: fix file check on Windows
o configure: allow static builds on mingw [14]
o configure: detect IPv6 support on Windows [15]
o ConnectionExists: with *PIPEWAIT, wait for connections [17]
o Makefile.inc: s/curl_SOURCES/CURL_FILES [18]
o test 16: fixed for Windows
o test 252-255: use datacheck mode text for ASCII-mode LISTings
o tftpd server: add Windows support by writing files in binary mode
o ftplistparser: fix handling of file LISTings using Windows EOL
o tests first.c: fix calculation of sleep timeout on Windows
o tests (several): use datacheck mode text for ASCII-mode LISTings
o CURLOPT_RANGE.3: for HTTP servers, range support is optional
o test 1515: add MSYS support by passing a relative path
o curl_global_init.3: Add Windows-specific info for init via DLL [19]
o http2: Fix client write for trailers on stream close [20]
o mbedtls: Fix ALPN support
o connection reuse: IDN host names fixed [21]
o http2: Fix PUSH_PROMISE headers being treated as trailers [22]
o http2: handle the received SETTINGS frame [23]
o http2: Ensure that http2_handle_stream_close is called [24]
o mbedtls: implement CURLOPT_PINNEDPUBLICKEY
o runtests: Add mbedTLS to the SSL backends
o IDN host names: Remove the port number before converting to ACE [25]
o zsh.pl: fail if no curl is found
o scripts: fix zsh completion generation
o scripts: don't generate and install zsh completion when cross-compiling [26]
o lib: Prefix URLs with lower-case protocol names/schemes [27]
o ConnectionExists: only do pipelining/multiplexing when asked [28]
o configure: assume IPv6 works when cross-compiled [29]
o openssl: for 1.1.0+ they now provide a SSLeay() macro of their own
o openssl: improved error detection/reporting
o ssh: CURLOPT_SSH_PUBLIC_KEYFILE now treats "" as NULL again [30]
o mbedtls: Fix pinned key return value on fail [31]
o maketgz: generate date stamp with LC_TIME=C [32]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Alessandro Ghedini, Anders Bakken, Christian Stewart, Dan Fandrich,
Daniel Schauenberg, Daniel Stenberg, Francisco Moraes, Gisle Vanem,
Isaac Boukris, Johannes Schindelin, John Kohl, Kamil Dudka, Marc Hoersken,
Michael Kaufmann, Mohammad AlSaleh, Patrick Monnerat, Ray Satiro, Steve Holme,
Tatsuhiro Tsujikawa, Thomas Glanzmann, Thomas Klausner,
(21 contributors)
Thanks! (and sorry if I forgot to mention someone)
To generate a diff of this commit:
cvs rdiff -u -r1.156 -r1.157 pkgsrc/www/curl/Makefile
cvs rdiff -u -r1.111 -r1.112 pkgsrc/www/curl/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Thu Jan 28 12:04:45 UTC 2016
Modified Files:
pkgsrc/www/curl: Makefile
Log Message:
Remove gmake dependency, bug was fixed upstream before 7.47.0.
To generate a diff of this commit:
cvs rdiff -u -r1.157 -r1.158 pkgsrc/www/curl/Makefile
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Mon Feb 8 17:35:32 UTC 2016
Modified Files:
pkgsrc/www/curl: Makefile distinfo
Removed Files:
pkgsrc/www/curl/patches: patch-doc_examples_getredirect_c
Log Message:
Changes 7.47.1:
Bugfixes:
* getredirect.c: fix variable name
* tool_doswin: silence unused function warning
* cmake: fixed when OpenSSL enabled on Windows and schannel detected
* curl.1: Explain remote-name behavior if file already exists
* tool_operate: Don't sanitize --output path (Windows)
* URLs: change all http:// URLs to https:// in documentation & comments
* sasl_sspi: Fix memory leak in domain populate
* COPYING: clarify that Daniel is not the sole author
* examples/htmltitle: Use _stricmp on Windows
* examples/asiohiper: Avoid function name collision on Windows
* idn_win32: Better error checking
* openssl: Fix signed/unsigned mismatch warning in X509V3_ext
* curl save files: check for backslashes on cygwin
To generate a diff of this commit:
cvs rdiff -u -r1.158 -r1.159 pkgsrc/www/curl/Makefile
cvs rdiff -u -r1.114 -r1.115 pkgsrc/www/curl/distinfo
cvs rdiff -u -r1.2 -r0 \
pkgsrc/www/curl/patches/patch-doc_examples_getredirect_c
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Wed Feb 10 07:38:47 UTC 2016
Modified Files:
pkgsrc/www/curl: Makefile
Log Message:
The Curl website now enforces the use of HTTPS. Update the home page and
master site URL accordingly.
To generate a diff of this commit:
cvs rdiff -u -r1.159 -r1.160 pkgsrc/www/curl/Makefile
The Curl website now enforces the use of HTTPS. Update the home page and master site URL accordingly.
Changes 7.47.1: Bugfixes: * getredirect.c: fix variable name * tool_doswin: silence unused function warning * cmake: fixed when OpenSSL enabled on Windows and schannel detected * curl.1: Explain remote-name behavior if file already exists * tool_operate: Don't sanitize --output path (Windows) * URLs: change all http:// URLs to https:// in documentation & comments * sasl_sspi: Fix memory leak in domain populate * COPYING: clarify that Daniel is not the sole author * examples/htmltitle: Use _stricmp on Windows * examples/asiohiper: Avoid function name collision on Windows * idn_win32: Better error checking * openssl: Fix signed/unsigned mismatch warning in X509V3_ext * curl save files: check for backslashes on cygwin
Remove gmake dependency, bug was fixed upstream before 7.47.0.
Update 7.46.0 to 7.47.0
-----------------------
Curl and libcurl 7.47.0
Public curl releases: 151
Command line options: 179
curl_easy_setopt() options: 221
Public functions in libcurl: 61
Contributors: 1340
This release includes the following changes:
o version: Add flag CURL_VERSION_PSL for libpsl
o http: added CURL_HTTP_VERSION_2TLS to do HTTP/2 for HTTPS only [8]
o curl: use 2TLS by default
o curl --expect100-timeout: added [10]
o Add .dir-locals and set c-basic-offset to 2 (for emacs) [16]
This release includes the following bugfixes:
o curl: avoid local drive traversal when saving file on Windows [33]
o NTLM: do not resuse proxy connections without diff proxy credentials [34]
o tests: Disable the OAUTHBEARER tests when using a non-default port number [1]
o curl: remove keepalive #ifdef checks done on libcurl's behalf
o formdata: Check if length is too large for memory [2]
o lwip: Fix compatibility issues with later versions [3]
o openssl: BoringSSL doesn't have CONF_modules_free
o config-win32: Fix warning HAVE_WINSOCK2_H undefined
o build: fix compilation error with CURL_DISABLE_VERBOSE_STRINGS [4]
o http2: Fix hanging paused stream [5]
o scripts/Makefile: fix GNUism and survive no perl [6]
o openssl: adapt to 1.1.0+ name changes
o openssl: adapt to openssl >= 1.1.0 X509 opaque structs [7]
o HTTP2.md: spell fix and remove TODO now implemented
o setstropt: const-correctness [9]
o cyassl: fix compiler warning on type conversion
o gskit: Fix host subject altname verification [11]
o http2: Support trailer fields [12]
o wolfssl: handle builds without SSLv3 support
o cyassl: deal with lack of *get_peer_certificate [13]
o sockfilt: do not wait on unreliable file or pipe handle
o make: build zsh script even in an out-of-tree build
o test 1326: fix getting stuck on Windows
o test 87: fix file check on Windows
o configure: allow static builds on mingw [14]
o configure: detect IPv6 support on Windows [15]
o ConnectionExists: with *PIPEWAIT, wait for connections [17]
o Makefile.inc: s/curl_SOURCES/CURL_FILES [18]
o test 16: fixed for Windows
o test 252-255: use datacheck mode text for ASCII-mode LISTings
o tftpd server: add Windows support by writing files in binary mode
o ftplistparser: fix handling of file LISTings using Windows EOL
o tests first.c: fix calculation of sleep timeout on Windows
o tests (several): use datacheck mode text for ASCII-mode LISTings
o CURLOPT_RANGE.3: for HTTP servers, range support is optional
o test 1515: add MSYS support by passing a relative path
o curl_global_init.3: Add Windows-specific info for init via DLL [19]
o http2: Fix client write for trailers on stream close [20]
o mbedtls: Fix ALPN support
o connection reuse: IDN host names fixed [21]
o http2: Fix PUSH_PROMISE headers being treated as trailers [22]
o http2: handle the received SETTINGS frame [23]
o http2: Ensure that http2_handle_stream_close is called [24]
o mbedtls: implement CURLOPT_PINNEDPUBLICKEY
o runtests: Add mbedTLS to the SSL backends
o IDN host names: Remove the port number before converting to ACE [25]
o zsh.pl: fail if no curl is found
o scripts: fix zsh completion generation
o scripts: don't generate and install zsh completion when cross-compiling [26]
o lib: Prefix URLs with lower-case protocol names/schemes [27]
o ConnectionExists: only do pipelining/multiplexing when asked [28]
o configure: assume IPv6 works when cross-compiled [29]
o openssl: for 1.1.0+ they now provide a SSLeay() macro of their own
o openssl: improved error detection/reporting
o ssh: CURLOPT_SSH_PUBLIC_KEYFILE now treats "" as NULL again [30]
o mbedtls: Fix pinned key return value on fail [31]
o maketgz: generate date stamp with LC_TIME=C [32]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Alessandro Ghedini, Anders Bakken, Christian Stewart, Dan Fandrich,
Daniel Schauenberg, Daniel Stenberg, Francisco Moraes, Gisle Vanem,
Isaac Boukris, Johannes Schindelin, John Kohl, Kamil Dudka, Marc Hoersken,
Michael Kaufmann, Mohammad AlSaleh, Patrick Monnerat, Ray Satiro, Steve Holme,
Tatsuhiro Tsujikawa, Thomas Glanzmann, Thomas Klausner,
(21 contributors)
Thanks! (and sorry if I forgot to mention someone)
Update to 7.46.0:
Changes:
configure: build silently by default
cookies: Add support for Publix Suffix List with libpsl
vtls: added support for mbedTLS
Added CURLOPT_STREAM_DEPENDS
Added CURLOPT_STREAM_DEPENDS_E
Added CURLOPT_STREAM_WEIGHT
Added CURLFORM_CONTENTLEN
oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3 and SNMP
Bugfixes:
des: Fix header conditional for Curl_des_set_odd_parity
ntlm: get rid of unconditional use of long long
CURLOPT_CERTINFO.3: fix reference to CURLINFO_CERTINFO
docs: CURLINFO_LASTSOCKET => CURLINFO_ACTIVESOCKET
http2: Fix http2_recv to return -1 if recv returned -1
curl_global_init_mem: set function pointers before doing init
ntlm: error out without 64bit support as the code needs it
openssl: Fix set up of pkcs12 certificate verification chain
acinclude: remove PKGCONFIG override
test1531: case the size to fix the test on non-largefile builds
fread_func: move callback pointer from set to state struct
test1601: fix compilation with --enable-debug and --disable-crypto-auth
http2: Don't pass unitialized name+len pairs to nghttp2_submit_request
curlbuild.h: Fix non-configure compiling to mips and sh4 targets
tool: Generate easysrc with last cache linked-list
cmake: Fix for add_subdirectory(curl) use-case
vtls: fix compiler warning for TLS backends without sha256
build: fix for MSDOS/djgpp
checksrc: add crude // detection
http2: on_frame_recv: trust the conn/data input
ftp: allow CURLOPT_IGNORE_CONTENT_LENGTH to ignore size
polarssl/mbedtls: fix name space pollution
build: Fix mingw ssl gdi32 order
build: Fix support for PKG_CONFIG
MacOSX-Framework: sdk regex fix for sdk 10.10 and later
socks: Fix incorrect port numbers in failed connect messages
curl.1: -E: s/private certificate/client certificate
curl.h: s/HTTPPOST_/CURL_HTTPOST_
curl_formadd: support >2GB files on windows
http redirects: %-encode bytes outside of ascii range
rawstr: Speed up Curl_raw_toupper by 40%
curl_ntlm_core: fix 2 curl_off_t constant overflows.
getinfo: CURLINFO_ACTIVESOCKET: fix bad socket value
tftp tests: verify sent options too
imap: Don't call imap_atom() when no mailbox specified in LIST command
imap: Fixed double quote in LIST command when mailbox contains spaces
imap: Don't check for continuation when executing a CUSTOMREQUEST
acinclude: Remove check for 16-bit curl_off_t
BoringSSL: Work with stricter BIO_get_mem_data()
cmake: Add missing feature macros in config header
sasl_sspi: fixed unicode build for digest authentication
sasl_sspi: fix identity memory leak in digest authentication
unit1602: Fixed failure in torture test
unit1603: Added unit tests for hash functions
vtls/openssl: remove unused traces of yassl ifdefs
openssl: remove #ifdefs for < 0.9.7 support
typecheck-gcc.h: add some missing options
curl: mark two more options strings for --libcurl output
openssl: Free modules on cleanup
CURLMOPT_PUSHFUNCTION.3: *_byname() returns only the first header
getconnectinfo: Don't call recv(2) if socket == -1
http2: http_done: don't free already-freed push headers
zsh completion: Preserve single quotes in output
os400: Provide options for libssh2 use in compile scripts.
build: Fix theoretical infinite loops
pop3: Differentiate between success and continuation responses
examples: Fixed compilation warnings
schannel: Use GetVersionEx() when VerifyVersionInfo() isn't available
CURLOPT_HEADERFUNCTION.3: fix typo
curl: expanded the -XHEAD warning text
done: make sure the final progress update is made
build: Install zsh completion
RTSP: do not add if-modified-since without timecondition
curl: Fixed display of URL index in password prompt for --next
nonblock: fix setting non-blocking mode for Amiga
http2 push: add missing inits of new stream
http2: convert some verbose output into debug-only output
Curl_read_plain: clean up ifdefs that break statements
Update curl to 7.45.0:
Fixed in 7.45.0 - October 7 2015
Changes:
added CURLOPT_DEFAULT_PROTOCOL
added new tool option --proto-default
getinfo: added CURLINFO_ACTIVESOCKET
turned CURLINFO_* option docs as stand-alone man pages
curl: point out unnecessary uses of -X in verbose mode
Bugfixes:
curl_global_init_mem.3: Stronger thread safety warning
buildconf.bat: Fixed issues when ran in directories with special chars
cmake: Fix CurlTests check for gethostbyname_r with 5 arguments
generate.bat: Fixed issues when ran in directories with special chars
generate.bat: Only call buildconf.bat if it exists
generate.bat: Added support for generating only the prerequisite files
curl.1: Document weaknesses in SSLv2 and SSLv3
CURLOPT_HTTP_VERSION.3: connection re-use goes before version
docs: Update the redirect protocols disabled by default
inet_pton.c: Fix MSVC run-time check failure
CURLMOPT_PUSHFUNCTION.3: fix argument types
rtsp: support basic/digest authentication
rtsp: stop reading empty DESCRIBE responses
travis: Upgrading to container based build
travis.yml: Add OS X testbot
FTP: make state machine not get stuck in state
openssl: handle lack of server cert when strict checking disabled
configure: change functions to detect openssl (clones)
configure: detect latest boringssl
runtests: Allow for spaces in server-verify curl custom path
http2: on_frame_recv: get a proper 'conn' for the debug logging
ntlm: mark deliberate switch case fall-through
http2: remove dead code
curl_easy_{escape,unescape}.3: "char *" vs. "const char *"
curl: point out the conflicting HTTP methods if used
cmake: added Windows SSL support
curl_easy_{escape,setopt}.3: fix example
curl_easy_escape.3: escape '\n'
libcurl.m4: Put braces around empty if body
buildconf.bat: Fixed double blank line in 'curl manual' warning output
sasl: Only define Curl_sasl_digest_get_pair() when CRYPTO_AUTH enabled
inet_pton.c: Fix MSVC run-time check failure
CURLOPT_FOLLOWLOCATION.3: mention methods for redirects
http2: don't pass on Connection: headers
nss: do not directly access SSL_ImplementedCiphers
docs: numerous cleanups and spelling fixes
FTP: do_more: add check for wait_data_conn in upload case
parse_proxy: reject illegal port numbers
cmake: IPv6 : disable Unix header check on Windows platform
winbuild: run buildconf.bat if necessary
buildconf.bat: fix syntax error
curl_sspi: fix possibly undefined CRYPT_E_REVOKED
nss: prevent NSS from incorrectly re-using a session
libcurl-errors.3: add two missing error codes
openssl: fix build with < 0.9.8
openssl: refactor certificate parsing to use OpenSSL memory BIO
openldap: only part of LDAP query results received
ssl: add server cert's "sha256//" hash to verbose
NTLM: Reset auth-done when using a fresh connection
curl: generate easysrc only on --libcurl
tests: disable 1801 until fixed
CURLINFO_TLS_SESSION: always return backend info
gnutls: Support CURLOPT_KEYPASSWD
gnutls: Report actual GnuTLS error message for certificate errors
tests: disable 1510 due to CI-problems on github
cmake: Put "winsock2.h" before "windows.h" during configure checks
cmake: Ensure discovered include dirs are considered
configure: Add missing ')' for CURL_CHECK_OPTION_RT
build: fix failures with -Wcast-align and -Werror
FTP: fix uploading ASCII with unknown size
readwrite_data: set a max number of loops
http2: avoid superfluous Curl_expire() calls
http2: set TCP_NODELAY unconditionally
docs: fix unescaped '\n' in man pages
openssl: Fix algorithm init to make (gost) engines work
win32: make recent Borland compilers use long long
runtests: Fix pid check in checkdied
gopher: don't send NUL byte
tool_setopt: fix c_escape truncated octal
hiperfifo: fix the pointer passed to WRITEDATA
getinfo: Fix return code for unknown CURLINFO options
Pullup ticket #4812 - requested by he
www/curl: security update
Revisions pulled up:
- www/curl/Makefile 1.153-1.154
- www/curl/PLIST 1.52-1.53
- www/curl/distinfo 1.108-1.109
- www/curl/patches/patch-aa 1.33-1.34
- www/curl/patches/patch-curl-config.in 1.7
- www/curl/patches/patch-lib_hostcheck.c 1.4
- www/curl/patches/patch-lib_http2.c deleted
---
Module Name: pkgsrc
Committed By: spz
Date: Sat Aug 8 02:44:16 UTC 2015
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
pkgsrc/www/curl/patches: patch-aa patch-curl-config.in
patch-lib_hostcheck.c
Added Files:
pkgsrc/www/curl/patches: patch-lib_multi.c patch-lib_transfer.c
Removed Files:
pkgsrc/www/curl/patches: patch-lib_http2.c
Log Message:
reanimate curl-7.43.0 and add the upstream fix for
http://curl.haxx.se/mail/lib-2015-06/0122.html found in
https://github.com/bagder/curl/commit/903b6e05565bf826b4194447864288642214b094
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon Aug 17 15:43:27 UTC 2015
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
pkgsrc/www/curl/patches: patch-aa
Removed Files:
pkgsrc/www/curl/patches: patch-lib_multi.c patch-lib_transfer.c
Log Message:
Update to 7.44.0:
Curl and libcurl 7.44.0
Public curl releases: 148
Command line options: 176
curl_easy_setopt() options: 219
Public functions in libcurl: 58
Contributors: 1291
This release includes the following changes:
o http2: added CURLMOPT_PUSHFUNCTION and CURLMOPT_PUSHDATA [6]
o examples: added http2-serverpush.c [7]
o http2: added curl_pushheader_byname() and curl_pushheader_bynum()
o docs: added CODE_OF_CONDUCT.md [8]
o curl: Add --ssl-no-revoke to disable certificate revocation checks [5]
o libcurl: New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS [9]
o makefile: Added support for VC14
o build: Added Visual Studio 2015 (VC14) project files
o build: Added wolfSSL configurations to VC10+ project files [18]
This release includes the following bugfixes:
o FTP: fix HTTP CONNECT logic regression [1]
o openssl: Fix build with openssl < ~ 0.9.8f
o openssl: fix build with BoringSSL
o curl_easy_setopt.3: option order doesn't matter
o openssl: fix use of uninitialized buffer [2]
o RTSP: removed dead code
o Makefile.m32: add support for CURL_LDFLAG_EXTRAS
o curl: always provide negotiate/kerberos options
o cookie: Fix bug in export if any-domain cookie is present
o curl_easy_setopt.3: mention CURLOPT_PIPEWAIT
o INSTALL: Advise use of non-native SSL for Windows <= XP
o tool_help: fix --tlsv1 help text to use >= for TLSv1
o HTTP: POSTFIELDSIZE set after added to multi handle [3]
o SSL-PROBLEMS: mention WinSSL problems in WinXP
o setup-vms.h: Symbol case fixups
o SSL: Pinned public key hash support
o libtest: call PR_Cleanup() on exit if NSPR is used
o ntlm_wb: Fix theoretical memory leak
o runtests: Allow for spaces in curl custom path
o http2: add stream != NULL checks for reliability
o schannel: Replace deprecated GetVersion with VerifyVersionInfo
o http2: verify success of strchr() in http2_send()
o configure: add --disable-rt option
o openssl: work around MSVC warning
o HTTP: ignore "Content-Encoding: compress"
o configure: check if OpenSSL linking wants -ldl
o build-openssl.bat: Show syntax if required args are missing
o test1902: attempt to make the test more reliable
o libcurl-thread.3: Consolidate thread safety info
o maketgz: Fixed some VC makefiles missing from the release tarball
o libcurl-multi.3: mention curl_multi_wait [10]
o ABI doc: use secure URL
o http: move HTTP/2 cleanup code off http_disconnect() [11]
o libcurl-thread.3: Warn memory functions must be thread safe [12]
o curl_global_init_mem.3: Warn threaded resolver needs thread safe funcs [13]
o docs: formpost needs the full size at start of upload [14]
o curl_gssapi: remove 'const' to fix compiler warnings
o SSH: three state machine fixups [15]
o libcurl.3: fix a single typo [16]
o generate.bat: Only clean prerequisite files when in ALL mode
o curl_slist_append.3: add error checking to the example
o buildconf.bat: Added support for file clean-up via -clean
o generate.bat: Use buildconf.bat for prerequisite file clean-up
o NTLM: handle auth for only a single request [17]
o curl_multi_remove_handle.3: fix formatting [19]
o checksrc.bat: Fixed error when [directory] isn't a curl source directory
o checksrc.bat: Fixed error when missing *.c and *.h files
o CURLOPT_RESOLVE.3: Note removal support was added in 7.42 [20]
o test46: update cookie expire time
o SFTP: fix range request off-by-one in size check [21]
o CMake: fix GSSAPI builds [22]
o build: refer to fixed libidn versions [4]
o http2: discard frames with no SessionHandle [23]
o curl_easy_recv.3: fix formatting
o libcurl-tutorial.3: fix formatting [24]
o curl_formget.3: correct return code [25]
Update to 7.44.0: Curl and libcurl 7.44.0 Public curl releases: 148 Command line options: 176 curl_easy_setopt() options: 219 Public functions in libcurl: 58 Contributors: 1291 This release includes the following changes: o http2: added CURLMOPT_PUSHFUNCTION and CURLMOPT_PUSHDATA [6] o examples: added http2-serverpush.c [7] o http2: added curl_pushheader_byname() and curl_pushheader_bynum() o docs: added CODE_OF_CONDUCT.md [8] o curl: Add --ssl-no-revoke to disable certificate revocation checks [5] o libcurl: New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS [9] o makefile: Added support for VC14 o build: Added Visual Studio 2015 (VC14) project files o build: Added wolfSSL configurations to VC10+ project files [18] This release includes the following bugfixes: o FTP: fix HTTP CONNECT logic regression [1] o openssl: Fix build with openssl < ~ 0.9.8f o openssl: fix build with BoringSSL o curl_easy_setopt.3: option order doesn't matter o openssl: fix use of uninitialized buffer [2] o RTSP: removed dead code o Makefile.m32: add support for CURL_LDFLAG_EXTRAS o curl: always provide negotiate/kerberos options o cookie: Fix bug in export if any-domain cookie is present o curl_easy_setopt.3: mention CURLOPT_PIPEWAIT o INSTALL: Advise use of non-native SSL for Windows <= XP o tool_help: fix --tlsv1 help text to use >= for TLSv1 o HTTP: POSTFIELDSIZE set after added to multi handle [3] o SSL-PROBLEMS: mention WinSSL problems in WinXP o setup-vms.h: Symbol case fixups o SSL: Pinned public key hash support o libtest: call PR_Cleanup() on exit if NSPR is used o ntlm_wb: Fix theoretical memory leak o runtests: Allow for spaces in curl custom path o http2: add stream != NULL checks for reliability o schannel: Replace deprecated GetVersion with VerifyVersionInfo o http2: verify success of strchr() in http2_send() o configure: add --disable-rt option o openssl: work around MSVC warning o HTTP: ignore "Content-Encoding: compress" o configure: check if OpenSSL linking wants -ldl o build-openssl.bat: Show syntax if required args are missing o test1902: attempt to make the test more reliable o libcurl-thread.3: Consolidate thread safety info o maketgz: Fixed some VC makefiles missing from the release tarball o libcurl-multi.3: mention curl_multi_wait [10] o ABI doc: use secure URL o http: move HTTP/2 cleanup code off http_disconnect() [11] o libcurl-thread.3: Warn memory functions must be thread safe [12] o curl_global_init_mem.3: Warn threaded resolver needs thread safe funcs [13] o docs: formpost needs the full size at start of upload [14] o curl_gssapi: remove 'const' to fix compiler warnings o SSH: three state machine fixups [15] o libcurl.3: fix a single typo [16] o generate.bat: Only clean prerequisite files when in ALL mode o curl_slist_append.3: add error checking to the example o buildconf.bat: Added support for file clean-up via -clean o generate.bat: Use buildconf.bat for prerequisite file clean-up o NTLM: handle auth for only a single request [17] o curl_multi_remove_handle.3: fix formatting [19] o checksrc.bat: Fixed error when [directory] isn't a curl source directory o checksrc.bat: Fixed error when missing *.c and *.h files o CURLOPT_RESOLVE.3: Note removal support was added in 7.42 [20] o test46: update cookie expire time o SFTP: fix range request off-by-one in size check [21] o CMake: fix GSSAPI builds [22] o build: refer to fixed libidn versions [4] o http2: discard frames with no SessionHandle [23] o curl_easy_recv.3: fix formatting o libcurl-tutorial.3: fix formatting [24] o curl_formget.3: correct return code [25]
reanimate curl-7.43.0 and add the upstream fix for http://curl.haxx.se/mail/lib-2015-06/0122.html found in https://github.com/bagder/curl/commit/903b6e05565bf826b4194447864288642214b094
rollback to previous version of curl. See http://mail-index.netbsd.org/tech-pkg/2015/06/29/msg015105.html
update of curl to version 7.43.0. Upstream RELEASE_NOTES:
Curl and libcurl 7.43.0
Public curl releases: 147
Command line options: 176
curl_easy_setopt() options: 219
Public functions in libcurl: 58
Contributors: 1291
This release includes the following changes:
o Added CURLOPT_PROXY_SERVICE_NAME[11]
o Added CURLOPT_SERVICE_NAME[12]
o New curl option: --proxy-service-name[13]
o Mew curl option: --service-name [14]
o New curl option: --data-raw [5]
o Added CURLOPT_PIPEWAIT [15]
o Added support for multiplexing transfers using HTTP/2, enable this
with the new CURLPIPE_MULTIPLEX bit for CURLMOPT_PIPELINING [16]
o HTTP/2: requires nghttp2 1.0.0 or later
o scripts: add zsh.pl for generating zsh completion
o curl.h: add CURL_HTTP_VERSION_2
This release includes the following bugfixes:
o CVE-2015-3236: lingering HTTP credentials in connection re-use [30]
o CVE-2015-3237: SMB send off unrelated memory contents [31]
o nss: fix compilation failure with old versions of NSS [1]
o curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION
o schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error
o Curl_ossl_init: load builtin modules [2]
o configure: follow-up fix for krb5-config [3]
o sasl_sspi: Populate domain from the realm in the challenge [4]
o netrc: support 'default' token
o README: convert to UTF-8
o cyassl: Implement public key pinning
o nss: implement public key pinning for NSS backend
o mingw build: add arch -m32/-m64 to LDFLAGS
o schannel: Fix out of bounds array [6]
o configure: remove autogenerated files by autoconf
o configure: remove --automake from libtoolize call
o acinclude.m4: fix shell test for default CA cert bundle/path
o schannel: fix regression in schannel_recv [7]
o openssl: skip trace outputs for ssl_ver == 0 [8]
o gnutls: properly retrieve certificate status
o netrc: Read in text mode when cygwin [9]
o winbuild: Document the option used to statically link the CRT [10]
o FTP: Make EPSV use the control IP address rather than the original host
o FTP: fix dangling conn->ip_addr dereference on verbose EPSV
o conncache: keep bundles on host+port bases, not only host names
o runtests.pl: use 'h2c' now, no -14 anymore
o curlver: introducing new version number (checking) macros
o openssl: boringssl build brekage, use SSL_CTX_set_msg_callback [17]
o CURLOPT_POSTFIELDS.3: correct variable names [18]
o curl_easy_unescape.3: update RFC reference [19]
o gnutls: don't fail on non-fatal alerts during handshake
o testcurl.pl: allow source to be in an arbitrary directory
o CURLOPT_HTTPPROXYTUNNEL.3: only works with a HTTP proxy
o SSPI-error: Change SEC_E_ILLEGAL_MESSAGE description [20]
o parse_proxy: switch off tunneling if non-HTTP proxy [21]
o share_init: fix OOM crash
o perl: remove subdir, not touched in 9 years
o CURLOPT_COOKIELIST.3: Add example
o CURLOPT_COOKIE.3: Explain that the cookies won't be modified [22]
o CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain [23]
o FAQ: How do I port libcurl to my OS?
o openssl: Use TLS_client_method for OpenSSL 1.1.0+
o HTTP-NTLM: fail auth on connection close instead of looping [24]
o curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT [25]
o curl_getdate.3: update RFC reference
o curl_multi_info_read.3: added example
o curl_multi_perform.3: added example
o curl_multi_timeout.3: added example
o cookie: Stop exporting any-domain cookies [26]
o openssl: remove dummy callback use from SSL_CTX_set_verify()
o openssl: remove SSL_get_session()-using code
o openssl: removed USERDATA_IN_PWD_CALLBACK kludge
o openssl: removed error string #ifdef
o openssl: Fix verification of server-sent legacy intermediates [27]
o docs: man page indentation and syntax fixes
o docs: Spelling fixes
o fopen.c: fix a few compiler warnings
o CURLOPT_OPENSOCKETFUNCTION: return error at once [28]
o schannel: Add support for optional client certificates
o build: Properly detect OpenSSL 1.0.2 when using configure
o urldata: store POST size in state.infilesize too [29]
o security:choose_mech remove dead code
o rtsp_do: remove dead code
o docs: many HTTP URIs changed to HTTPS
o schannel: schannel_recv overhaul [32]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Alessandro Ghedini, Alexander Dyagilev, Anders Bakken, Anthony Avina,
Ashish Shukla, Bert Huijben, Brian Chrisman, Brian Prodoehl, Chris Araman,
Dagobert Michelsen, Dan Fandrich, Daniel Melani, Daniel Stenberg,
Dmitry Eremin-Solenikov, Drake Arconis, Egon Eckert, Frank Meier, Fred Stluka,
Gisle Vanem, Grant Pannell, Isaac Boukris, Jens Rantil, Joel Depooter,
Kamil Dudka, Linus Nielsen Feltzing, Linus Nielsen Feltzing Feltzing,
Liviu Chircu, Marc Hoersken, Michael Osipov, Oren Souroujon, Orgad Shaneh,
Patrick Monnerat, Patrick Rapin, Paul Howarth, Paul Oliver, Rafayel Mkrtchyan,
Ray Satiro, Sean Boudreau, Tatsuhiro Tsujikawa, Tomas Tomecek, Viktor Szakáts,
Ville Skyttä, Yehezkel Horowitz,
(43 contributors)
Thanks! (and sorry if I forgot to mention someone)
References to bug reports and discussions on issues:
[1] = http://curl.haxx.se/mail/lib-2015-04/0095.html
[2] = https://github.com/bagder/curl/pull/206
[3] = https://github.com/bagder/curl/commit/5b668606527613179d0349f21b4ab0df2971e3d2#commitcomment-10473445
[4] = https://github.com/bagder/curl/pull/141
[5] = https://github.com/bagder/curl/issues/198
[6] = http://curl.haxx.se/mail/lib-2015-04/0199.html
[7] = https://github.com/bagder/curl/issues/244
[8] = https://github.com/bagder/curl/issues/219
[9] = https://github.com/bagder/curl/pull/258
[10] = https://github.com/bagder/curl/issues/254
[11] = http://curl.haxx.se/libcurl/c/CURLOPT_PROXY_SERVICE_NAME.html
[12] = http://curl.haxx.se/libcurl/c/CURLOPT_SERVICE_NAME.html
[13] = http://curl.haxx.se/docs/manpage.html#--proxy-service-name
[14] = http://curl.haxx.se/docs/manpage.html#--service-name
[15] = http://curl.haxx.se/libcurl/c/CURLOPT_PIPEWAIT.html
[16] = http://curl.haxx.se/libcurl/c/CURLMOPT_PIPELINING.html
[17] = https://github.com/bagder/curl/issues/275
[18] = https://github.com/bagder/curl/issues/281
[19] = https://github.com/bagder/curl/issues/282
[20] = https://github.com/bagder/curl/issues/267
[21] = http://curl.haxx.se/mail/lib-2015-05/0056.html
[22] = http://curl.haxx.se/mail/lib-2015-05/0115.html
[23] = http://curl.haxx.se/mail/lib-2015-05/0137.html
[24] = https://github.com/bagder/curl/issues/256
[25] = https://github.com/bagder/curl/pull/258#issuecomment-107093055
[26] = https://github.com/bagder/curl/issues/292
[27] = https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
[28] = http://curl.haxx.se/mail/lib-2015-06/0047.html
[29] = http://curl.haxx.se/mail/lib-2015-06/0019.html
[30] = http://curl.haxx.se/docs/adv_20150617A.html
[31] = http://curl.haxx.se/docs/adv_20150617B.html
[32] = https://github.com/bagder/curl/issues/244
Recursive PKGREVISION bump for all packages mentioning 'perl', having a PKGNAME of p5-*, or depending such a package, for perl-5.22.0.
Add optional support for HTTP/2 via www/nghttp2. Patch nghttp2 support until the curl interface is updated in 7.43. Bump PKGREVISION.
Update to 7.42.1:
Version 7.42.1 (28 Apr 2015)
Daniel Stenberg (28 Apr 2015)
- RELEASE-NOTES: 7.42.1 ready
- CURLOPT_HEADEROPT: default to separate
Make the HTTP headers separated by default for improved security and
reduced risk for information leakage.
Bug: http://curl.haxx.se/docs/adv_20150429.html
Reported-by: Yehezkel Horowitz, Oren Souroujon
- RELEASE-NOTES: synced with a6e0270e
- sws: init http2 state properly
It would otherwise cause problems when running tests after 1801 etc.
- curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION
... as it was previouly undocumented what the pointer was.
- openssl: fix serial number output
The code extracting the cert serial number was broken and didn't display
it properly.
Bug: https://github.com/bagder/curl/issues/235
Reported-by: dkjjr89
- [Alessandro Ghedini brought this change]
curl.1: fix typo
- RELEASE-NOTES: toward 7.42.1, synced with 097460a
- [Kamil Dudka brought this change]
curl -z: do not write empty file on unmet condition
This commit fixes a regression introduced in curl-7_41_0-186-g261a0fe.
It also introduces a regression test 1424 based on tests 78 and 1423.
Reported-by: Viktor Szakats
Bug: https://github.com/bagder/curl/issues/237
- [Kamil Dudka brought this change]
docs: distribute the CURLOPT_PINNEDPUBLICKEY(3) man page, too
- connectionexists: follow-up to fd9d3a1ef1f
PROTOPT_CREDSPERREQUEST still needs to be checked even when NTLM is not
enabled.
Mistake-caught-by: Kamil Dudka
- connectionexists: fix build without NTLM
Do not access NTLM-specific struct fields when built without NTLM
enabled!
bug: http://curl.haxx.se/?i=231
Reported-by: Patrick Rapin
- dist: include {src,lib}/checksrc.whitelist
Pullup ticket #4705 - requested by spz
www/curl: security update
Revisions pulled up:
- www/curl/Makefile 1.147
- www/curl/PLIST 1.48
- www/curl/distinfo 1.103
- www/curl/patches/patch-aa 1.30
---
Module Name: pkgsrc
Committed By: jperkin
Date: Wed Apr 22 14:35:21 UTC 2015
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
pkgsrc/www/curl/patches: patch-aa
Log Message:
Update to curl-7.42.0.
This release includes the following changes:
o openssl: show the cipher selection to use in verbose text
o gtls: implement CURLOPT_CERTINFO
o add CURLOPT_SSL_FALSESTART option (darwinssl and NSS)
o curl: add --false-start option
o add CURLOPT_PATH_AS_IS
o curl: add --path-as-is option
o curl: create output file on successful download of an empty file
This release includes the following bugfixes:
o ConnectionExists: for NTLM re-use, require credentials to match
o cookie: cookie parser out of boundary memory access
o fix_hostname: zero length host name caused -1 index offset
o http_done: close Negotiate connections when done
o sws: timeout idle CONNECT connections
o nss: improve error handling in Curl_nss_random()
o nss: do not skip Curl_nss_seed() if data is NULL
o curl-config.in: eliminate double quotes around CURL_CA_BUNDLE
o http2: move lots of verbose output to be debug-only
o dist: add extern-scan.pl to the tarball
o http2: return recv error on unexpected EOF
o build: Use default RandomizedBaseAddress directive in VC9+ project files
o build: Removed DataExecutionPrevention directive from VC9+ project files
o tool: Updated the warnf() function to use the GlobalConfig structure
o http2: Return error if stream was closed with other than NO_ERROR
o mprintf.h: remove #ifdef CURLDEBUG
o libtest: fixed linker errors on msvc
o tool: use ENABLE_CURLX_PRINTF instead of _MPRINTF_REPLACE
o curl.1: fix "The the" typo
o cmake: handle build definitions CURLDEBUG/DEBUGBUILD
o openssl: remove all uses of USE_SSLEAY
o multi: fix memory-leak on timeout (regression)
o curl_easy_setopt.3: added CURLOPT_SSL_VERIFYSTATUS
o metalink: add some error checks
o TLS: make it possible to enable ALPN/NPN without HTTP/2
o http2: use CURL_HTTP_VERSION_* symbols instead of NPN_*
o conncontrol: only log changes to the connection bit
o multi: fix *getsock() with CONNECT
o symbols.pl: handle '-' in the deprecated field
o MacOSX-Framework: use @rpath instead of @executable_path
o GnuTLS: add support for CURLOPT_CAPATH
o GnuTLS: print negotiated TLS version and full cipher suite name
o GnuTLS: don't print double newline after certificate dates
o memanalyze.pl: handle free(NULL)
o proxy: re-use proxy connections (regression)
o mk-ca-bundle: Don't report SHA1 numbers with "-q"
o http: always send Host: header as first header
o openssl: sort ciphers to use based on strength
o openssl: use colons properly in the ciphers list
o http2: detect premature close without data transfered
o hostip: Fix signal race in Curl_resolv_timeout
o closesocket: call multi socket cb on close even with custom close
o mksymbolsmanpage.pl: use std header and generate better nroff header
o connect: Fix happy eyeballs logic for IPv4-only builds
o curl_easy_perform.3: remove superfluous close brace from example
o HTTP: don't use Expect: headers when on HTTP/2
o Curl_sh_entry: remove unused 'timestamp'
o docs/libcurl: makefile portability fix
o mkhelp: Remove trailing carriage return from every line of input
o nss: explicitly tell NSS to disable NPN/ALPN when libcurl disables it
o curl_easy_setopt.3: added a few missing options
o metalink: fix resource leak in OOM
o axtls: version 1.5.2 now requires that config.h be manually included
o HTTP: don't switch to HTTP/2 from 1.1 until we get the 101
o cyassl: detect the library as renamed wolfssl
o CURLOPT_HTTPHEADER.3: add a "SECURITY CONCERNS" section
o CURLOPT_URL.3: Added "SECURITY CONCERNS
o openssl: try to avoid accessing OCSP structs when possible
o test938: added missing closing tags
o testcurl: Allow '=' in values given on command line
o tests/certs: added make target to rebuild certificates
o tests/certs: rebuild certificates with modified key usage bits
o gtls: avoid uninitialized variable
o gtls: dereferencing NULL pointer
o gtls: add check of return code
o test1513: eliminated race condition in test run
o dict: rename byte to avoid compiler shadowed declaration warning
o curl_easy_recv/send: make them work with the multi interface
o vtls: fix compile with --disable-crypto-auth but with SSL
o openssl: adapt to ASN1/X509 things gone opaque in 1.1
o openssl: verifystatus: only use the OCSP work-around <= 1.0.2a
o curl_memory: make curl_memory.h the second-last header file loaded
o testcurl.pl: add the --notes option to supply more info about a build
o cyassl: If wolfSSL then identify as such in version string
o cyassl: Check for invalid length parameter in Curl_cyassl_random
o cyassl: default to highest possible TLS version
o Curl_ssl_md5sum: return CURLcode (fixes OOM)
o polarssl: remove dead code
o polarssl: called mbedTLS in 1.3.10 and later
o globbing: fix step parsing for character globbing ranges
o globbing: fix url number calculation when using range with step
o multi: on a request completion, check all CONNECT_PEND transfers
o build: link curl to openssl libraries when openssl support is enabled
o url: Don't accept CURLOPT_SSLVERSION unless USE_SSL is defined
o vtls: Don't accept unknown CURLOPT_SSLVERSION values
o build: Fix libcurl.sln erroneous mixed configurations
o cyassl: remove undefined reference to CyaSSL_no_filesystem_verify
o cyassl: add SSL context callback support for CyaSSL
o tool: only set SSL options if SSL is enabled
o multi: remove_handle: move pending connections
o configure: Use KRB5CONFIG for krb5-config
o axtls: add timeout within Curl_axtls_connect
o CURLOPT_HTTP200ALIASES.3: Mainly SHOUTcast servers use "ICY 200"
o cyassl: Fix library initialization return value
o cookie: handle spaces after the name in Set-Cookie
o http2: Fix missing nghttp2_session_send call in Curl_http2_switched
o cyassl: Fix certificate load check
o build-openssl.bat: Fix mixed line endings
o checksrc.bat: Check lib\vtls source
o DNS: fix refreshing of obsolete dns cache entries
o CURLOPT_RESOLVE: actually implement removals
o checksrc.bat: quotes to support an SRC_DIR with spaces
o cyassl: Remove 'Connecting to' message from cyassl_connect_step2
o cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size
o lib/transfer.c: Remove factor of 8 from sleep time calculation
o lib/makefile.m32: add missing libs to build libcurl.dll
o build: Generate source prerequisites for Visual Studio in generate.bat
o cyassl: Include the CyaSSL build config
o firefox-db2pem: fix wildcard to find Firefox default profile
o BUGS: refer to the github issue tracker now as primary
o vtls_openssl: improve several certificate error messages
o cyassl: Add support for TLS extension SNI
o parsecfg: do not continue past a zero termination
o configure --with-nss=PATH: query pkg-config if available
o configure --with-nss: drop redundant if statement
o cyassl: Fix include order
o HTTP: fix PUT regression with Negotiate
o curl_version_info.3: fixed the 'protocols' variable type
Update to curl-7.42.0. This release includes the following changes: o openssl: show the cipher selection to use in verbose text o gtls: implement CURLOPT_CERTINFO o add CURLOPT_SSL_FALSESTART option (darwinssl and NSS) o curl: add --false-start option o add CURLOPT_PATH_AS_IS o curl: add --path-as-is option o curl: create output file on successful download of an empty file This release includes the following bugfixes: o ConnectionExists: for NTLM re-use, require credentials to match o cookie: cookie parser out of boundary memory access o fix_hostname: zero length host name caused -1 index offset o http_done: close Negotiate connections when done o sws: timeout idle CONNECT connections o nss: improve error handling in Curl_nss_random() o nss: do not skip Curl_nss_seed() if data is NULL o curl-config.in: eliminate double quotes around CURL_CA_BUNDLE o http2: move lots of verbose output to be debug-only o dist: add extern-scan.pl to the tarball o http2: return recv error on unexpected EOF o build: Use default RandomizedBaseAddress directive in VC9+ project files o build: Removed DataExecutionPrevention directive from VC9+ project files o tool: Updated the warnf() function to use the GlobalConfig structure o http2: Return error if stream was closed with other than NO_ERROR o mprintf.h: remove #ifdef CURLDEBUG o libtest: fixed linker errors on msvc o tool: use ENABLE_CURLX_PRINTF instead of _MPRINTF_REPLACE o curl.1: fix "The the" typo o cmake: handle build definitions CURLDEBUG/DEBUGBUILD o openssl: remove all uses of USE_SSLEAY o multi: fix memory-leak on timeout (regression) o curl_easy_setopt.3: added CURLOPT_SSL_VERIFYSTATUS o metalink: add some error checks o TLS: make it possible to enable ALPN/NPN without HTTP/2 o http2: use CURL_HTTP_VERSION_* symbols instead of NPN_* o conncontrol: only log changes to the connection bit o multi: fix *getsock() with CONNECT o symbols.pl: handle '-' in the deprecated field o MacOSX-Framework: use @rpath instead of @executable_path o GnuTLS: add support for CURLOPT_CAPATH o GnuTLS: print negotiated TLS version and full cipher suite name o GnuTLS: don't print double newline after certificate dates o memanalyze.pl: handle free(NULL) o proxy: re-use proxy connections (regression) o mk-ca-bundle: Don't report SHA1 numbers with "-q" o http: always send Host: header as first header o openssl: sort ciphers to use based on strength o openssl: use colons properly in the ciphers list o http2: detect premature close without data transfered o hostip: Fix signal race in Curl_resolv_timeout o closesocket: call multi socket cb on close even with custom close o mksymbolsmanpage.pl: use std header and generate better nroff header o connect: Fix happy eyeballs logic for IPv4-only builds o curl_easy_perform.3: remove superfluous close brace from example o HTTP: don't use Expect: headers when on HTTP/2 o Curl_sh_entry: remove unused 'timestamp' o docs/libcurl: makefile portability fix o mkhelp: Remove trailing carriage return from every line of input o nss: explicitly tell NSS to disable NPN/ALPN when libcurl disables it o curl_easy_setopt.3: added a few missing options o metalink: fix resource leak in OOM o axtls: version 1.5.2 now requires that config.h be manually included o HTTP: don't switch to HTTP/2 from 1.1 until we get the 101 o cyassl: detect the library as renamed wolfssl o CURLOPT_HTTPHEADER.3: add a "SECURITY CONCERNS" section o CURLOPT_URL.3: Added "SECURITY CONCERNS o openssl: try to avoid accessing OCSP structs when possible o test938: added missing closing tags o testcurl: Allow '=' in values given on command line o tests/certs: added make target to rebuild certificates o tests/certs: rebuild certificates with modified key usage bits o gtls: avoid uninitialized variable o gtls: dereferencing NULL pointer o gtls: add check of return code o test1513: eliminated race condition in test run o dict: rename byte to avoid compiler shadowed declaration warning o curl_easy_recv/send: make them work with the multi interface o vtls: fix compile with --disable-crypto-auth but with SSL o openssl: adapt to ASN1/X509 things gone opaque in 1.1 o openssl: verifystatus: only use the OCSP work-around <= 1.0.2a o curl_memory: make curl_memory.h the second-last header file loaded o testcurl.pl: add the --notes option to supply more info about a build o cyassl: If wolfSSL then identify as such in version string o cyassl: Check for invalid length parameter in Curl_cyassl_random o cyassl: default to highest possible TLS version o Curl_ssl_md5sum: return CURLcode (fixes OOM) o polarssl: remove dead code o polarssl: called mbedTLS in 1.3.10 and later o globbing: fix step parsing for character globbing ranges o globbing: fix url number calculation when using range with step o multi: on a request completion, check all CONNECT_PEND transfers o build: link curl to openssl libraries when openssl support is enabled o url: Don't accept CURLOPT_SSLVERSION unless USE_SSL is defined o vtls: Don't accept unknown CURLOPT_SSLVERSION values o build: Fix libcurl.sln erroneous mixed configurations o cyassl: remove undefined reference to CyaSSL_no_filesystem_verify o cyassl: add SSL context callback support for CyaSSL o tool: only set SSL options if SSL is enabled o multi: remove_handle: move pending connections o configure: Use KRB5CONFIG for krb5-config o axtls: add timeout within Curl_axtls_connect o CURLOPT_HTTP200ALIASES.3: Mainly SHOUTcast servers use "ICY 200" o cyassl: Fix library initialization return value o cookie: handle spaces after the name in Set-Cookie o http2: Fix missing nghttp2_session_send call in Curl_http2_switched o cyassl: Fix certificate load check o build-openssl.bat: Fix mixed line endings o checksrc.bat: Check lib\vtls source o DNS: fix refreshing of obsolete dns cache entries o CURLOPT_RESOLVE: actually implement removals o checksrc.bat: quotes to support an SRC_DIR with spaces o cyassl: Remove 'Connecting to' message from cyassl_connect_step2 o cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size o lib/transfer.c: Remove factor of 8 from sleep time calculation o lib/makefile.m32: add missing libs to build libcurl.dll o build: Generate source prerequisites for Visual Studio in generate.bat o cyassl: Include the CyaSSL build config o firefox-db2pem: fix wildcard to find Firefox default profile o BUGS: refer to the github issue tracker now as primary o vtls_openssl: improve several certificate error messages o cyassl: Add support for TLS extension SNI o parsecfg: do not continue past a zero termination o configure --with-nss=PATH: query pkg-config if available o configure --with-nss: drop redundant if statement o cyassl: Fix include order o HTTP: fix PUT regression with Negotiate o curl_version_info.3: fixed the 'protocols' variable type
Revbump because of security/libssh2 update.
Update to 7.41.0:
Version 7.41.0 (25 Feb 2015)
Daniel Stenberg (25 Feb 2015)
- THANKS: added contributors from the 7.41.0 RELEASE-NOTES
- RELEASE-NOTES: sync with ffc2aeec6e (7.41.0 release time!)
Marc Hoersken (25 Feb 2015)
- Revert "telnet.c: fix handling of 0 being returned from custom read function"
This reverts commit 03fa576833643c67579ae216c4e7350fa9b5f2fe.
- telnet.c: fix invalid use of custom read function if not being set
obj_count can be 1 if the custom read function is set or the stdin
handle is a reference to a pipe. Since the pipe should be handled
using the PeekNamedPipe-check below, the custom read function should
only be used if it is actually enabled.
- telnet.c: fix handling of 0 being returned from custom read function
According to [1]: "Returning 0 will signal end-of-file to the library
and cause it to stop the current transfer."
This change makes the Windows telnet code handle this case accordingly.
[1] http://curl.haxx.se/libcurl/c/CURLOPT_READFUNCTION.html
Daniel Stenberg (24 Feb 2015)
- sws: stop logging about TPC_NODELAY nonsense
- lib530: make it less timing sensible
... by making sure the first request is completed before doing the
remainder.
Kamil Dudka (23 Feb 2015)
- connect: wait for IPv4 connection attempts
... even if the last IPv6 connection attempt has failed.
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c4
- connect: avoid skipping an IPv4 address
... in case the protocol versions are mixed in a DNS response
(IPv6 -> IPv4 -> IPv6).
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c3
Daniel Stenberg (23 Feb 2015)
- RELEASE-NOTES: synced with 5e4395eab839d
- ROADMAP: curl_easy_setopt.3 has already been split up
Remove cmake as marked for removal. It is in much better state now.
- ROADMAP: extend the HTTP/2 stuff, remove SPDY
- [Julian Ospald brought this change]
configure: allow both --with-ca-bundle and --with-ca-path
SSL_CTX_load_verify_locations by default (and if given non-Null
parameters) searches the CAfile first and falls back to CApath. This
allows for CAfile to be a basis (e.g. installed by the package manager)
and CApath to be a user configured directory.
This wasn't reflected by the previous configure constraint which this
patch fixes.
Bug: https://github.com/bagder/curl/pull/139
- [Ben Boeckel brought this change]
cmake: install the dll file to the correct directory
- [Alessandro Ghedini brought this change]
nss: fix NPN/ALPN protocol negotiation
Correctly check for memcmp() return value (it returns 0 if the strings match).
This is not really important, since curl is going to use http/1.1 anyway, but
it's still a bug I guess.
- [Alessandro Ghedini brought this change]
polarssl: fix ALPN protocol negotiation
Correctly check for strncmp() return value (it returns 0 if the strings
match).
- [Sergei Nikulov brought this change]
CMake: Fix generation of tool_hugehelp.c on windows
Use "cmake -E echo" instead of "echo".
Reviewed-by: Brad King <brad.king@kitware.com>
- [Sergei Nikulov brought this change]
CMake: fix winsock2 detection on windows
Set CMAKE_REQUIRED_DEFINITIONS to include definitions needed to get
the winsock2 API from windows.h. Simplify the order of checks to
avoid extra conditions.
Use check_include_file instead of check_include_file_concat to look
for OpenSSL headers. They do not need to participate in a sequence
of dependent system headers. Also they may cause winsock.h to be
included before ws2tcpip.h, causing the latter to not be detected
in the sequence.
Reviewed-by: Brad King <brad.king@kitware.com>
- [Alessandro Ghedini brought this change]
gtls: fix build with HTTP2
Steve Holme (16 Feb 2015)
- Makefile.vc6: Corrected typos in rename of darwinssl.obj
Nick Zitzmann (15 Feb 2015)
- By request, change the name of "curl_darwinssl.[ch]" to "darwinssl.[ch]"
Steve Holme (14 Feb 2015)
- RELEASE-NOTES: Synced with 6f89f86c3d
- tests/README: Updated to reflect email test ranges
- [Alessandro Ghedini brought this change]
curl.1: --cert-status is also supported by OpenSSL now
- build: Removed Visual Studio SuppressStartupBanner directive for VC8+
Visual Studio 2005 and above defaults to disabling the startup banner
for the Compiler, Linker and MIDL tools (with /NOLOGO). As such there
is no need to explicitly set the SuppressStartupBanner directive, as
this is a leftover from the VC7 and VC7.1 projects being upgraded to
VC8 and above.
Kamil Dudka (12 Feb 2015)
- openssl: fix a compile-time warning
lib/vtls/openssl.c:1450:7: warning: extra tokens at end of #endif directive
Steve Holme (11 Feb 2015)
- openssl: Use OPENSSL_IS_BORINGSSL for BoringSSL detection
For consistency with other conditionally compiled code in openssl.c,
use OPENSSL_IS_BORINGSSL rather than HAVE_BORINGSSL and try to use
HAVE_BORINGSSL outside of openssl.c when the OpenSSL header files are
not included.
Patrick Monnerat (11 Feb 2015)
- ftp: accept all 2xx responses to the PORT command
Steve Holme (9 Feb 2015)
- openssl: Disable OCSP in old versions of OpenSSL
Versions of OpenSSL prior to v0.9.8h do not support the necessary
functions for OCSP stapling.
Daniel Stenberg (9 Feb 2015)
- [Tatsuhiro Tsujikawa brought this change]
http2: Fix bug that associated stream canceled on PUSH_PROMISE
Previously we don't ignore PUSH_PROMISE header fields in on_header
callback. It makes header values mixed with following HEADERS,
resulting protocol error.
- [Jay Satiro brought this change]
polarssl: Fix exclusive SSL protocol version options
Prior to this change the options for exclusive SSL protocol versions did
not actually set the protocol exclusive.
http://curl.haxx.se/mail/lib-2015-01/0002.html
Reported-by: Dan Fandrich
- [Jay Satiro brought this change]
gskit: Fix exclusive SSLv3 option
- curl.1: clarify that -X is used for all requests
Reported-by: Jon Seymour
- curl.1: add warning when using -H and redirects
Steve Holme (7 Feb 2015)
- schannel: Removed curl_ prefix from source files
Removed the curl_ prefix from the schannel source files as discussed
with Marc and Daniel at FOSDEM.
Daniel Stenberg (6 Feb 2015)
- md5: use axTLS's own MD5 functions when available
- MD(4|5): make the MD4_* and MD5_* functions static
- axtls: fix conversion from size_t to int warning
Steve Holme (5 Feb 2015)
- ftp: Use 'CURLcode result' for curl result codes
Daniel Stenberg (5 Feb 2015)
- openssl: SSL_SESSION->ssl_version no longer exist
The struct went private in 1.0.2 so we cannot read the version number
from there anymore. Use SSL_version() instead!
Reported-by: Gisle Vanem
Bug: http://curl.haxx.se/mail/lib-2015-02/0034.html
Dan Fandrich (4 Feb 2015)
- unit1600: Fix compilation when NTLM is disabled
Daniel Stenberg (4 Feb 2015)
- MD5: fix compiler warnings and code style nits
- MD5: replace implementation
The previous one was "encumbered" by RSA Inc - to avoid the licensing
restrictions it has being replaced. This is the initial import,
inserting the md5.c and md5.h files from
http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5
Code-by: Alexander Peslyak
- MD4: fix compiler warnings and code style nits
- MD4: replace implementation
The previous one was "encumbered" by RSA Inc - to avoid the licensing
restrictions it has being replaced. This is the initial import,
inserting the md4.c and md4.h files from
http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4
Code-by: Alexander Peslyak
Steve Holme (4 Feb 2015)
- telnet: Prefer 'CURLcode result' for curl result codes
- hostasyn: Prefer 'CURLcode result' for curl result codes
- schannel: Prefer 'CURLcode result' for curl result codes
Daniel Stenberg (3 Feb 2015)
- unit1601: MD5 unit tests
- unit1600: unit test for Curl_ntlm_core_mk_nt_hash
- unit1600: NTLM unit test
- tests/README: add a new range, clean up some language
- [Jay Satiro brought this change]
opts: CURLOPT_CAINFO availability depends on SSL engine
- getpass: protect include with proper #ifdef
Reported-by: Tamir
- getpass_r: read from stdin, not stdout!
The file number used was wrong. This bug was introduced over 10 years
ago, proving this function isn't used much...
Bug: http://curl.haxx.se/bug/view.cgi?id=1476
Reported-by: Tamir
- test1135: verify the CURL_EXTERN order in header files
- Makefile.am: fix 'make distcheck'
... by removing generated files from the *_DIST variable [*] and instead
generate them with a .dist suffix, since that is then handled and put
into the release archive by our generic dist-hook.
[*] = 'make distcheck' fails with non-existing files listed there
Steve Holme (2 Feb 2015)
- curl_sasl.c: More code policing
Better use of 80 character line limit, comment corrections and line
spacing preferences.
Daniel Stenberg (2 Feb 2015)
- libcurl-symbols: first basic shot for autogenerated docs
- FAQ: minor edit of 3.22
Steve Holme (2 Feb 2015)
- build: Added removal of Visual Studio project files
Added the removal of the locally generated project files so one
may revert to a clean repository.
- build: Renamed top level Visual Studio solution files
In preparation for adding the test suite and examples projects renamed
the top level "all" solution files to better describe what they are.
This will also enable us to use "curl" rather than "curlsrc" for the
command line tool solution and project files, which will simplify some
of the configuration.
- build: Enabled DEBUGBUILD in Visual Studio debug builds
Defined the DEBUGBUILD pre-processor variable to allow extra logging,
which is particularly useful in debug builds, as we use this and Visual
Studio typically uses _DEBUG.
We could define DEBUBBUILD, in curl_setup.h, when _MSC_VER and _DEBUG is
defined but that would also affect the makefile based builds which we
probably don't want to do.
- build: Removed unused Visual Studio bscmake settings
Daniel Stenberg (2 Feb 2015)
- CURLOPT_HTTP_VERSION.3: CURL_HTTP_VERSION_2_0 added in 7.33.0
And modify the text to refer to HTTP 2 as it isn't called "2.0".
Reported-By: Michael Wallner
Marc Hoersken (31 Jan 2015)
- TODO: moved WinSSL/SChannel todo items into docs
Daniel Stenberg (29 Jan 2015)
- [Michael Kaufmann brought this change]
CURLOPT_SEEKFUNCTION.3: also when server closes a connection
Steve Holme (29 Jan 2015)
- curl_sasl.c: Fixed compilation warning when cryptography is disabled
curl_sasl.c:1506: warning: unused variable 'chlg'
- curl_sasl.c: Fixed compilation warning when verbose debug output disabled
curl_sasl.c:1317: warning: unused parameter 'conn'
- ntlm_core: Use own odd parity function when crypto engine doesn't have one
- ntlm_core: Prefer sizeof(key) rather than hard coded sizes
- ntlm_core: Added consistent comments to DES functions
- des: Added Curl_des_set_odd_parity()
Added Curl_des_set_odd_parity() for use when cryptography engines
don't include this functionality.
- tests: Grouped SMTP SASL EXTERNAL tests with other SMTP tests
- tests: Grouped POP3 SASL EXTERNAL tests with other POP3 tests
- tests: Grouped IMAP SASL EXTERNAL tests with other IMAP tests
- sasl: Minor code policing and grammar corrections
Daniel Stenberg (28 Jan 2015)
- [Gisle Vanem brought this change]
ldap: build with BoringSSL
- security: avoid compiler warning
Possible access to uninitialised memory '&nread' at line 140 of
lib/security.c in function 'ftp_send_command'.
Reported-by: Rich Burridge
- runtests: identify BoringSSL and libressl
Patrick Monnerat (27 Jan 2015)
- docs: cite SASL external authentication.
- sasl: remove XOAUTH2 from default enabled authentication mechanism.
- test: add test cases for sasl external authentication (imap/pop3/smtp).
- imap: remove automatic password setting: it breaks external sasl authentication
- sasl: implement EXTERNAL authentication mechanism.
Its use is only enabled by explicit requirement in URL (;AUTH=EXTERNAL) and
by not setting the password.
Steve Holme (27 Jan 2015)
- openssl: Fixed Curl_ossl_cert_status_request() not returning FALSE
Modified the Curl_ossl_cert_status_request() function to return FALSE
when built with BoringSSL or when OpenSSL is missing the necessary TLS
extensions.
- openssl: Fixed compilation errors when OpenSSL built with 'no-tlsext'
Fixed the build of openssl.c when OpenSSL is built without the necessary
TLS extensions for OCSP stapling.
Reported-by: John E. Malmberg
- [Brad Spencer brought this change]
curl_setup: Disable SMB/CIFS support when HTTP only
- RELEASE-NOTES: Synced with 37824498a3
Daniel Stenberg (22 Jan 2015)
- configure: remove detection of the old yassl emulation API
... as that is ancient history and not used.
- OCSP stapling: disabled when build with BoringSSL
- [Alessandro Ghedini brought this change]
openssl: add support for the Certificate Status Request TLS extension
Also known as "status_request" or OCSP stapling, defined in RFC6066
section 8.
Thanks-to: Joe Mason
- for the work-around for the OpenSSL bug.
- BoringSSL: fix build for non-configure builds
HAVE_BORINGSSL gets defined now by configure and should be defined by
other build systems in case a BoringSSL build is desired.
- configure: fix BoringSSL detection and detect libresssl
Steve Holme (22 Jan 2015)
- curl_sasl: Reinstate the sasl_ prefix for locally scoped functions
Commit 7a8b2885e2 made some functions static and removed the public
Curl_ prefix. Unfortunately, it also removed the sasl_ prefix, which
is the naming convention we use in this source file.
- curl_sasl: Minor code policing following recent commits
Daniel Stenberg (22 Jan 2015)
- [John Malmberg brought this change]
openvms: Handle openssl/0.8.9zb version parsing
packages/vms/gnv_link_curl.com was assuming only a single letter suffix
in the openssl version. That assumption has been fixed for 7.40.
- BoringSSL: detected by configure, switches off NTLM
- BoringSSL: no PKCS12 support nor ERR_remove_state
- [Leith Bade brought this change]
BoringSSL: fix build
Steve Holme (20 Jan 2015)
- curl_sasl.c: chlglen is not used when cryptography is disabled
- curl_sasl.c: Fixed compilation warning when cyptography is disabled
curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local
variable
- curl_sasl.c: Fixed compilation error when USE_WINDOWS_SSPI defined
curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier
This error could also happen for non-SSPI builds when cryptography is
disabled (CURL_DISABLE_CRYPTO_AUTH is defined).
Patrick Monnerat (20 Jan 2015)
- SASL: make some procedures local-scoped
- SASL: common state engine for imap/pop3/smtp
- SASL: common URL option and auth capabilities decoders for all protocols
- IMAP/POP3/SMTP: use a per-connection sub-structure for SASL parameters.
Daniel Stenberg (20 Jan 2015)
- ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6
Reported-by: Chris Young
- [Chris Young brought this change]
timeval: typecast for better type (on Amiga)
There is an issue with conflicting "struct timeval" definitions with
certain AmigaOS releases and C libraries, depending on what gets
included when. It's a minor difference - the OS one is unsigned,
whereas the common structure has signed elements. If the OS one ends up
getting defined, this causes a timing calculation error in curl.
It's easy enough to resolve this at the curl end, by casting the
potentially errorneous calculation to a signed long.
- openssl: do public key pinning check independently
... of the other cert verification checks so that you can set verifyhost
and verifypeer to FALSE and still check the public key.
Bug: http://curl.haxx.se/bug/view.cgi?id=1471
Reported-by: Kyle J. McKay
Patrick Monnerat (19 Jan 2015)
- OS400: CURLOPT_SSL_VERIFYSTATUS for ILE/RPG too.
Steve Holme (18 Jan 2015)
- ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP
For consistency with other USE_WIN32_ defines as well as the
USE_OPENLDAP define.
- http_negotiate: Use dynamic buffer for SPN generation
Use a dynamicly allocated buffer for the temporary SPN variable similar
to how the SASL GSS-API code does, rather than using a fixed buffer of
2048 characters.
- sasl_gssapi: Make Curl_sasl_build_gssapi_spn() public
- sasl_gssapi: Fixed memory leak with local SPN variable
Daniel Stenberg (17 Jan 2015)
- http_negotiate.c: unused variable 'ret'
Steve Holme (17 Jan 2015)
- gskit.h: Code policing of function pointer arguments
- vtls: Removed unimplemented overrides of curlssl_close_all()
Carrying on from commit 037cd0d991, removed the following unimplemented
instances of curlssl_close_all():
Curl_axtls_close_all()
Curl_darwinssl_close_all()
Curl_cyassl_close_all()
Curl_gskit_close_all()
Curl_gtls_close_all()
Curl_nss_close_all()
Curl_polarssl_close_all()
- vtls: Separate the SSL backend definition from the API setup
Slight code cleanup as the SSL backend #define is mixed up with the API
function setup.
- vtls: Fixed compilation errors when SSL not used
Fixed the following warning and error from commit 3af90a6e19 when SSL
is not being used:
url.c:2004: warning C4013: 'Curl_ssl_cert_status_request' undefined;
assuming extern returning int
error LNK2019: unresolved external symbol Curl_ssl_cert_status_request
referenced in function Curl_setopt
- http_negotiate: Added empty decoded challenge message info text
- http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int
- http_negotiate_sspi: Prefer use of 'attrs' for context attributes
Use the same variable name as other areas of SSPI code.
- http_negotiate_sspi: Use correct return type for QuerySecurityPackageInfo()
Use the SECURITY_STATUS typedef rather than a unsigned long for the
QuerySecurityPackageInfo() return and rename the variable as per other
areas of SSPI code.
- http_negotiate_sspi: Use 'CURLcode result' for CURL result code
- curl_endian: Fixed build when 64-bit integers are not supported (Part 2)
Missed Curl_read64_be() in commit bb12d44471 :(
Daniel Stenberg (16 Jan 2015)
- CURLOPT_SSL_VERIFYSTATUS.3: mention it is added in version 7.41.0
- curlver.h: next release is 7.41.0 due to the changes
- RELEASE-NOTES: mention the new OCSP stapling options, bump version
- opts: add CURLOPT_SSL_VERIFYSTATUS* to docs/Makefile
- help: add --cert-status to --help output
- copyright years: after OCSP stapling changes
- [Alessandro Ghedini brought this change]
curl: add --cert-status option
This enables the CURLOPT_SSL_VERIFYSTATUS functionality.
- [Alessandro Ghedini brought this change]
nss: add support for the Certificate Status Request TLS extension
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8.
This requires NSS 3.15 or higher.
- [Alessandro Ghedini brought this change]
gtls: add support for the Certificate Status Request TLS extension
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8.
This requires GnuTLS 3.1.3 or higher to build, however it's recommended to use
at least GnuTLS 3.3.11 since previous versions had a bug that caused the OCSP
response verfication to fail even on valid responses.
- [Alessandro Ghedini brought this change]
url: add CURLOPT_SSL_VERIFYSTATUS option
This option can be used to enable/disable certificate status verification using
the "Certificate Status Request" TLS extension defined in RFC6066 section 8.
This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the
certificate status verification fails, and the Curl_ssl_cert_status_request()
function, used to check whether the SSL backend supports the status_request
extension.
- TheArtOfHttpScripting: skip the date at the top, we have git
- TheArtOfHttpScripting: phrase it TLS lib agnostic
Steve Holme (16 Jan 2015)
- TODO: Added some SMB ideas
- RELEASE-NOTES: Synced with 5f09947d28
- build-openssl.bat: Added check for Perl installation
- checksrc.bat: Better detection of Perl installation
- curl_endian: Fixed build when 64-bit integers are not supported
Bug: http://curl.haxx.se/mail/lib-2015-01/0094.html
Reported-by: John E. Malmberg
Daniel Stenberg (15 Jan 2015)
- [Yun SangHo brought this change]
curl.h: remove extra space
- Curl_pretransfer: reset expected transfer sizes
Reported-by: Mohammad AlSaleh
Bug: http://curl.haxx.se/mail/lib-2015-01/0065.html
Marc Hoersken (12 Jan 2015)
- curl_schannel.c: mark session as removed from cache if not freed
If the session is still used by active SSL/TLS connections, it
cannot be closed yet. Thus we mark the session as not being cached
any longer so that the reference counting mechanism in
Curl_schannel_shutdown is used to close and free the session.
Reported-by: Jean-Francois Durand
Steve Holme (9 Jan 2015)
- RELEASE-NOTES: Synced with d21b66835f
Guenter Knauf (9 Jan 2015)
- Merge pull request #134 from vszakats/mingw-m64
add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS
- Merge pull request #136 from vszakats/mingw-allow-custom-cflags
mingw build: allow to pass custom CFLAGS
Daniel Stenberg (9 Jan 2015)
- NSS: fix compiler error when built http2-enabled
Steve Holme (9 Jan 2015)
- gssapi: Remove need for duplicated GSS_C_NT_HOSTBASED_SERVICE definitions
Better code reuse and consistency in calls to gss_import_name().
Viktor Szakats (9 Jan 2015)
- mingw build: allow to pass custom CFLAGS
Daniel Stenberg (8 Jan 2015)
- FTP: if EPSV fails on IPV6 connections, bail out
... instead of trying PASV, since PASV can't work with IPv6.
Reported-by: Vojtěch Král
- FTP: fix IPv6 host using link-local address
... and make sure we can connect the data connection to a host name that
is longer than 48 bytes.
Also simplifies the code somewhat by re-using the original host name
more, as it is likely still in the DNS cache.
Original-Patch-by: Vojtěch Král
Bug: http://curl.haxx.se/bug/view.cgi?id=1468
Steve Holme (8 Jan 2015)
- [Sam Schanken brought this change]
winbuild: Added option to build with c-ares
Added support for a WITH_CARES option to be used when invoking nmake
via Makefile.vc. This option enables linking against both the DLL and
static versions of the c-ares libraries, as well as the debug and
release varients, depending on the value of DEBUG. The USE_ARES
preprocessor symbol is also defined.
Guenter Knauf (8 Jan 2015)
- NetWare build: added TLS-SRP enabled build.
Steve Holme (8 Jan 2015)
- sasl_gssapi: Fixed build on NetBSD with built-in GSS-API
Bug: http://curl.haxx.se/bug/view.cgi?id=1469
Reported-by: Thomas Klausner
Viktor Szakats (8 Jan 2015)
- add -m64 clags when targeting mingw64, add -m32/-m64 to LDFLAGS
Daniel Stenberg (8 Jan 2015)
- bump: start working towards 7.40.1
- THANKS: 14 new contributors from the 7.40.0 release notes
Pullup ticket #4591 - requested by he www/curl: security patch Add a fix for the security bypass vulnerability reported in CVE-2014-8150.
Update to 7.40.0. Disable gssapi by default on NetBSD, since it doesn't compile any longer, see https://sourceforge.net/p/curl/bugs/1469/ Changes: Curl and libcurl 7.40.0 Public curl releases: 143 Command line options: 162 curl_easy_setopt() options: 208 Public functions in libcurl: 58 Contributors: 1219 This release includes the following changes: o http_digest: Added support for Windows SSPI based authentication o version info: Added Kerberos V5 to the supported features o Makefile: Added VC targets for WinIDN o config-win32: Introduce build targets for VS2012+ o SSL: Add PEM format support for public key pinning o smtp: Added support for the conversion of Unix newlines during mail send [8] o smb: Added initial support for the SMB/CIFS protocol o Added support for HTTP over unix domain sockets, via CURLOPT_UNIX_SOCKET_PATH and --unix-socket o sasl: Added support for GSS-API based Kerberos V5 authentication This release includes the following bugfixes: o darwinssl: fix session ID keys to only reuse identical sessions [18] o url-parsing: reject CRLFs within URLs [19] o OS400: Adjust specific support to last release o THANKS: Remove duplicate names o url.c: Fixed compilation warning o ssh: Fixed build on platforms where R_OK is not defined [1] o tool_strdup.c: include the tool strdup.h o build: Fixed Visual Studio project file generation of strdup.[c|h] o curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY [2] o curl.1: show zone index use in a URL o mk-ca-bundle.vbs: switch to new certdata.txt url o Makefile.dist: Added some missing SSPI configurations o build: Fixed no NTLM support for email when CURL_DISABLE_HTTP is defined o SSH: use the port number as well for known_known checks [3] o libssh2: detect features based on version, not configure checks o http2: Deal with HTTP/2 data inside Upgrade response header buffer [4] o multi: removed Curl_multi_set_easy_connection o symbol-scan.pl: do not require autotools o cmake: add ENABLE_THREADED_RESOLVER, rename ARES o cmake: build libhostname for test suite o cmake: fix HAVE_GETHOSTNAME definition o tests: fix libhostname visibility o tests: fix memleak in server/resolve.c o vtls.h: Fixed compiler warning when compiled without SSL o CMake: Restore order-dependent header checks o CMake: Restore order-dependent library checks o tool: Removed krb4 from the supported features o http2: Don't send Upgrade headers when we already do HTTP/2 o examples: Don't call select() to sleep on windows [6] o win32: Updated some legacy APIs to use the newer extended versions [5] o easy.c: Fixed compilation warning when no verbose string support o connect.c: Fixed compilation warning when no verbose string support o build: in Makefile.m32 pass -F flag to windres o build: in Makefile.m32 add -m32 flag for 32bit o multi: when leaving for timeout, close accordingly o CMake: Simplify if() conditions on check result variables o build: in Makefile.m32 try to detect 64bit target o multi: inform about closed sockets before they are closed o multi-uv.c: close the file handle after download o examples: Wait recommended 100ms when no file descriptors are ready o ntlm: Split the SSPI based messaging code from the native messaging code o cmake: fix NTLM detection when CURL_DISABLE_HTTP defined o cmake: add Kerberos to the supported feature o CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option o http: Disable pipelining for HTTP/2 and upgraded connections o ntlm: Fixed static'ness of local decode function o sasl: Reduced the need for two sets of NTLM messaging functions o multi.c: Fixed compilation warnings when no verbose string support o select.c: fix compilation for VxWorks [7] o multi-single.c: switch to use curl_multi_wait o curl_multi_wait.3: clarify numfds being used if not NULL o http.c: Fixed compilation warnings from features being disabled o NSS: enable the CAPATH option [9] o docs: Fix FAILONERROR typos o HTTP: don't abort connections with pending Negotiate authentication o HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a request o http_perhapsrewind: don't abort CONNECT requests o build: updated dependencies in makefiles o multi.c: Fixed compilation warning o ftp.c: Fixed compilation warnings when proxy support disabled o get_url_file_name: Fixed crash on OOM on debug build o cookie.c: Refactored cleanup code to simplify o OS400: enable NTLM authentication o ntlm: Use Windows Crypt API o http2: avoid logging neg "failure" if h2 was not requested o schannel_recv: return the correct code [10] o VC build: added sspi define for winssl-zlib builds o Curl_client_write(): chop long data, convert data only once o openldap: do not ignore Curl_client_write() return code o ldap: check Curl_client_write() return codes o parsedate.c: Fixed compilation warning o url.c: Fixed compilation warning when USE_NTLM is not defined o ntlm_wb_response: fix "statement not reached" [11] o telnet: fix "cast increases required alignment of target type" o smtp: Fixed dot stuffing when EOL characters at end of input buffers [12] o ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined o ntlm: Disable NTLM v2 when 64-bit integers are not supported o ntlm: Use short integer when decoding 16-bit values o ftp.c: Fixed compilation warning when no verbose string support o synctime.c: fixed timeserver URLs o mk-ca-bundle.pl: restored forced run again o ntlm: Fixed return code for bad type-2 Target Info o curl_schannel.c: Data may be available before connection shutdown o curl_schannel: Improvements to memory re-allocation strategy [13] o darwinssl: aprintf() to allocate the session key o tool_util.c: Use GetTickCount64 if it is available o lib: Fixed multiple code analysis warnings if SAL are available o tool_binmode.c: Explicitly ignore the return code of setmode o tool_urlglob.c: Silence warning C6293: Ill-defined for-loop o opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS o SFTP: work-around servers that return zero size on STAT [14] o connect: singleipconnect(): properly try other address families after failure o IPV6: address scope != scope id [15] o parseurlandfillconn(): fix improper non-numeric scope_id stripping [16] o secureserver.pl: make OpenSSL CApath and cert absolute path values o secureserver.pl: update Windows detection and fix path conversion o secureserver.pl: clean up formatting of config and fix verbose output o tests: Added Windows support using Cygwin-based OpenSSH o sockfilt.c: use non-Ex functions that are available before WinXP o VMS: Updates for 0740-0D1220 o openssl: warn for SRP set if SSLv3 is used, not for TLS version o openssl: make it compile against openssl 1.1.0-DEV master branch o openssl: fix SSL/TLS versions in verbose output o curl: show size of inhibited data when using -v o build: Removed WIN32 definition from the Visual Studio projects o build: Removed WIN64 definition from the libcurl Visual Studio projects o vtls: Use bool for Curl_ssl_getsessionid() return type o sockfilt.c: Replace 100ms sleep with thread throttle o sockfilt.c: Reduce the number of individual memory allocations o vtls: Don't set cert info count until memory allocation is successful o nss: Don't ignore Curl_ssl_init_certinfo() OOM failure o nss: Don't ignore Curl_extract_certinfo() OOM failure o vtls: Fixed compilation warning and an ignored return code o sockfilt.c: Fixed compilation warnings o darwinssl: Fixed compilation warning o vtls: Use '(void) arg' for unused parameters o sepheaders.c: Fixed resource leak on failure o lib1900.c: Fixed cppcheck error [17] o ldap: Fixed Unicode connection details in Win32 initialsation / bind calls o ldap: Fixed Unicode DN, attributes and filter in Win32 search calls
Pullup ticket #4560 - requested by he
www/curl: security update
Revisions pulled up:
- www/curl/Makefile 1.143
- www/curl/PLIST 1.45
- www/curl/distinfo 1.99
---
Module Name: pkgsrc
Committed By: adam
Date: Fri Nov 7 14:10:16 UTC 2014
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
Log Message:
Changes 7.39.0:
* SSLv3 is disabled by default
* CURLOPT_COOKIELIST: Added "RELOAD" command [5]
* build: Added WinIDN build configuration options to Visual Studio projects
* ssh: improve key file search
* SSL: public key pinning. Use CURLOPT_PINNEDPUBLICKEY and --pinnedpubkey
* vtls: remove QsoSSL support, use gskit!
* mk-ca-bundle: added SHA-384 signature algorithm
* docs: added many examples for libcurl opts and other doc improvements
* build: Added VC ssh2 target to main Makefile
* MinGW: Added support to build with nghttp2
* NetWare: Added support to build with nghttp2
* build: added Watcom support to build with WinSSL
* build: Added optional specific version generation of VC project files
Bugfixes:
* curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds [9]
* openssl: build fix for versions < 0.9.8e [1]
* newlines: fix mixed newlines to LF-only [2]
* ntlm: Fixed HTTP proxy authentication when using Windows SSPI [3]
* sasl_sspi: Fixed Unicode build [4]
* file: reject paths using embedded %00
* threaded-resolver: revert Curl_expire_latest() switch [6]
* configure: allow --with-ca-path with PolarSSL too
* HTTP/2: Fix busy loop when EOF is encountered
* CURLOPT_CAPATH: return failure if set without backend support
* nss: do not fail if a CRL is already cached
* smtp: Fixed intermittent "SSL3_WRITE_PENDING: bad write retry" error
* fixed 20+ nits/memory leaks identified by Coverity scans
* curl_schannel.c: Fixed possible memory or handle leak
* multi-uv.c: call curl_multi_info_read() better
* Cmake: Check for OpenSSL before OpenLDAP
* Cmake: Fix library list provided to cURL tests
* Cmake: Avoid cycle directory dependencies
* Cmake: Build with GSS-API libraries (MIT or Heimdal)
* vtls: provide backend defines for internal source code
* nss: fix a connection failure when FTPS handle is reused
* tests/http_pipe.py: Python 3 support
* cmake: build tool_hugehelp (ENABLE_MANUAL)
* cmake: enable IPv6 by default if available
* tests: move TESTCASES to Makefile.inc, add show for cmake
* ntlm: Avoid unnecessary buffer allocation for SSPI based type-2 token
* ntlm: Fixed empty/bad base-64 decoded buffer return codes
* ntlm: Fixed empty type-2 decoded message info text
* cmake: add CMake/Macros.cmake to the release tarball
* cmake: add SUPPORT_FEATURES and SUPPORT_PROTOCOLS
* cmake: use LIBCURL_VERSION from curlver.h
* cmake: generate pkg-config and curl-config
* fixed several superfluous variable assignements identified by cppcheck
* cleanup of 'CURLcode result' return code
* pipelining: only output "is not blacklisted" in debug builds
* SSL: Remove SSLv3 from SSL default due to POODLE attack
* gskit.c: remove SSLv3 from SSL default
* darwinssl: detect possible future removal of SSLv3 from the framework
* ntlm: Only define ntlm data structure when USE_NTLM is defined
* ntlm: Return CURLcode from Curl_ntlm_core_mk_lm_hash()
* ntlm: Return all errors from Curl_ntlm_core_mk_nt_hash()
* sspi: Only call CompleteAuthToken() when complete is needed
* http_negotiate: Fixed missing check for USE_SPNEGO
* HTTP: return larger than 3 digit response codes too [7]
* openssl: Check for NPN / ALPN via OpenSSL version number
* openssl: enable NPN separately from ALPN
* sasl_sspi: Allow DIGEST-MD5 to use current windows credentials
* sspi: Return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failure
* resume: consider a resume from [content-length] to be OK [8]
* sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used
* build-openssl.bat: Fix x64 release build
* cmake: drop _BSD_SOURCE macro usage
* cmake: fix gethostby{addr,name}_r in CurlTests
* cmake: clean OtherTests, fixing -Werror
* cmake: fix struct sockaddr_storage check
* Curl_single_getsock: fix hold/pause sock handling
* SSL: PolarSSL default min SSL version TLS 1.0
* cmake: fix ZLIB_INCLUDE_DIRS use [10]
* buildconf: stop checking for libtool
Changes 7.39.0:
* SSLv3 is disabled by default
* CURLOPT_COOKIELIST: Added "RELOAD" command [5]
* build: Added WinIDN build configuration options to Visual Studio projects
* ssh: improve key file search
* SSL: public key pinning. Use CURLOPT_PINNEDPUBLICKEY and --pinnedpubkey
* vtls: remove QsoSSL support, use gskit!
* mk-ca-bundle: added SHA-384 signature algorithm
* docs: added many examples for libcurl opts and other doc improvements
* build: Added VC ssh2 target to main Makefile
* MinGW: Added support to build with nghttp2
* NetWare: Added support to build with nghttp2
* build: added Watcom support to build with WinSSL
* build: Added optional specific version generation of VC project files
Bugfixes:
* curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds [9]
* openssl: build fix for versions < 0.9.8e [1]
* newlines: fix mixed newlines to LF-only [2]
* ntlm: Fixed HTTP proxy authentication when using Windows SSPI [3]
* sasl_sspi: Fixed Unicode build [4]
* file: reject paths using embedded %00
* threaded-resolver: revert Curl_expire_latest() switch [6]
* configure: allow --with-ca-path with PolarSSL too
* HTTP/2: Fix busy loop when EOF is encountered
* CURLOPT_CAPATH: return failure if set without backend support
* nss: do not fail if a CRL is already cached
* smtp: Fixed intermittent "SSL3_WRITE_PENDING: bad write retry" error
* fixed 20+ nits/memory leaks identified by Coverity scans
* curl_schannel.c: Fixed possible memory or handle leak
* multi-uv.c: call curl_multi_info_read() better
* Cmake: Check for OpenSSL before OpenLDAP
* Cmake: Fix library list provided to cURL tests
* Cmake: Avoid cycle directory dependencies
* Cmake: Build with GSS-API libraries (MIT or Heimdal)
* vtls: provide backend defines for internal source code
* nss: fix a connection failure when FTPS handle is reused
* tests/http_pipe.py: Python 3 support
* cmake: build tool_hugehelp (ENABLE_MANUAL)
* cmake: enable IPv6 by default if available
* tests: move TESTCASES to Makefile.inc, add show for cmake
* ntlm: Avoid unnecessary buffer allocation for SSPI based type-2 token
* ntlm: Fixed empty/bad base-64 decoded buffer return codes
* ntlm: Fixed empty type-2 decoded message info text
* cmake: add CMake/Macros.cmake to the release tarball
* cmake: add SUPPORT_FEATURES and SUPPORT_PROTOCOLS
* cmake: use LIBCURL_VERSION from curlver.h
* cmake: generate pkg-config and curl-config
* fixed several superfluous variable assignements identified by cppcheck
* cleanup of 'CURLcode result' return code
* pipelining: only output "is not blacklisted" in debug builds
* SSL: Remove SSLv3 from SSL default due to POODLE attack
* gskit.c: remove SSLv3 from SSL default
* darwinssl: detect possible future removal of SSLv3 from the framework
* ntlm: Only define ntlm data structure when USE_NTLM is defined
* ntlm: Return CURLcode from Curl_ntlm_core_mk_lm_hash()
* ntlm: Return all errors from Curl_ntlm_core_mk_nt_hash()
* sspi: Only call CompleteAuthToken() when complete is needed
* http_negotiate: Fixed missing check for USE_SPNEGO
* HTTP: return larger than 3 digit response codes too [7]
* openssl: Check for NPN / ALPN via OpenSSL version number
* openssl: enable NPN separately from ALPN
* sasl_sspi: Allow DIGEST-MD5 to use current windows credentials
* sspi: Return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failure
* resume: consider a resume from [content-length] to be OK [8]
* sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used
* build-openssl.bat: Fix x64 release build
* cmake: drop _BSD_SOURCE macro usage
* cmake: fix gethostby{addr,name}_r in CurlTests
* cmake: clean OtherTests, fixing -Werror
* cmake: fix struct sockaddr_storage check
* Curl_single_getsock: fix hold/pause sock handling
* SSL: PolarSSL default min SSL version TLS 1.0
* cmake: fix ZLIB_INCLUDE_DIRS use [10]
* buildconf: stop checking for libtool
Remove pkgviews: don't set PKG_INSTALLATION_TYPES in Makefiles.
Update to 7.38.0:
Changes:
supports HTTP/2 draft-14
CURLE_HTTP2 is a new error code
CURLAUTH_NEGOTIATE is a new auth define
CURL_VERSION_GSSAPI is a new capability bit
no longer use fbopenssl for anything
schannel: use CryptGenRandom for random numbers
axtls: define curlssl_random using axTLS's PRNG
cyassl: use RNG_GenerateBlock to generate a good random number
findprotocol: show unsupported protocol within quotes
version: detect and show LibreSSL
version: detect and show BoringSSL
imap/pop3/smtp: Kerberos (SASL GSSAPI) authentication via Windows SSPI
http2: requires nghttp2 0.6.0 or later
Bugfixes:
SECURITY ADVISORY: cookie leak with IP address as domain
SECURITY ADVISORY: cookie leak for TLDs
fix a build failure on Debian when NSS support is enabled
HTTP/2: fixed compiler warnings when built disabled
cyassl: return the correct error code on no CA cert
http: Deprecate GSS-Negotiate macros due to bad naming
http: Fixed Negotiate: authentication
multi: Improve proxy CONNECT performance (regression)
ntlm_wb: Avoid invoking ntlm_auth helper with empty username
ntlm_wb: Fix hard-coded limit on NTLM auth packet size
url.c: use the preferred symbol name: *READDATA
smtp: fixed a segfault during test 1320 torture test
cyassl: made it compile with version 2.0.6 again
nss: do not check the version of NSS at run time
c-ares: fix build without IPv6 support
HTTP/2: use base64url encoding
SSPI Negotiate: Fix 3 memory leaks
libtest: fixed duplicated line in Makefile
conncache: fix compiler warning
openssl: make ossl_send return CURLE_OK better
HTTP/2: Support expect: 100-continue
HTTP/2: Fix infinite loop in readwrite_data()
parsedate: fix the return code for an overflow edge condition
darwinssl: don't use strtok()
http_negotiate_sspi: Fixed specific username and password not working
openssl: replace call to OPENSSL_config
http2: show the received header for better debugging
HTTP/2: Move :authority before non-pseudo header fields
HTTP/2: Reset promised stream, not its associated stream
HTTP/2: added some more logging for debugging stream problems
ntlm: Added support for SSPI package info query
ntlm: Fixed hard coded buffer for SSPI based auth packet generation
sasl_sspi: Fixed memory leak with not releasing Package Info struct
sasl_sspi: Fixed SPN not being converted to wchar under Unicode builds
sasl: Use a dynamic buffer for DIGEST-MD5 SPN generation
http_negotiate_sspi: Use a dynamic buffer for SPN generation
sasl_sspi: Fixed missing free of challenge buffer on SPN failure
sasl_sspi: Fixed hard coded buffer for response generation
Curl_poll + Curl_wait_ms: fix timeout return value
docs/SSLCERTS: update the section about NSS database
create_conn: prune dead connections
openssl: fix version report for the 0.9.8 branch
mk-ca-bundle.pl: switched to using hg.mozilla.org
http: fix the Content-Range: parser
Curl_disconnect: don't free the URL
win32: Fixed WinSock 2 #if
NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth
curl.1: clarify --limit-rate's effect on both directions
disconnect: don't touch easy-related state on disconnects
Cmake: big cleanup and numerous fixes
HTTP/2: supports draft-14 - moved :headers before the non-psuedo headers
HTTP/2: Reset promised stream, not its associated stream
configure.ac: Add support for recent GSS-API implementations for HP-UX
CONNECT: close proxy connections that fail
CURLOPT_NOBODY.3: clarify this option is for downloads
darwinssl: fix CA certificate checking using PEM format
resolve: cache lookup for async resolvers
low-speed-limit: avoid timeout flood
polarssl: implement CURLOPT_SSLVERSION
multi: convert CURLM_STATE_CONNECT_PEND handling to a list
curl_multi_cleanup: remove superfluous NULL assigns
polarssl: support CURLOPT_CAPATH / --capath
progress: size_dl/size_ul are always >= 0, and clear "KNOWN" properly
Update to 7.37.1:
Changes:
bits.close: introduce connection close tracking
darwinssl: Add support for --cacert
polarssl: add ALPN support
docs: Added new option man pages
Bugfixes:
build: Fixed incorrect reference to curl_setup.h in Visual Studio files
build: Use $(TargetDir) and $(TargetName) macros for .pdb and .lib output
curl.1: clarify that -u can't specify a user with colon
openssl: Fix uninitialized variable use in NPN callback
curl_easy_reset: reset the URL
curl_version_info.3: returns a pointer to a static struct
url-parser: only use if_nametoindex if detected by configure
select: with winsock, avoid passing unsupported arguments to select()
gnutls: don't use deprecated type names anymore
gnutls: allow building with nghttp2 but without ALPN support
tests: Fix portability issue with the tftpd server
curl_sasl_sspi: Fixed corrupt hostname in DIGEST-MD5 SPN
curl_sasl: extended native DIGEST-MD5 cnonce to be a 32-byte hex string
random: use Curl_rand() for proper random data
Curl_ossl_init: call OPENSSL_config for initing engines
config-win32.h: Updated for VC12
winbuild: Don't USE_WINSSL when WITH_SSL is being used
getinfo: HTTP CONNECT code not reset between transfers
Curl_rand: Use a fake entropy for debug builds when CURL_ENTROPY set
http2: avoid segfault when using the plain-text http2
conncache: move the connection counter to the cache struct
http2: better return code error checking
curlbuild: fix GCC build on SPARC systems without configure script
tool_metalink: Support polarssl as digest provider
curl.h: reverse the enum/define setup for old symbols
curl.h: moved two really old deprecated symbols
curl.h: renamed CURLOPT_DEPRECATEDx to CURLOPT_OBSOLETEx
buildconf: do not search tools in current directory.
OS400: make it compilable again. Make RPG binding up to date
nss: do not abort on connection failure (failing tests 305 and 404)
nss: make the fallback to SSLv3 work again
tool: prevent valgrind from reporting possibly lost memory (nss only)
progress callback: skip last callback update on errors
nss: fix a memory leak when CURLOPT_CRLFILE is used
compiler warnings: potentially uninitialized variables
url.c: Fixed memory leak on OOM
gnutls: ignore invalid certificate dates with VERIFYPEER disabled
gnutls: fix SRP support with versions of GnuTLS from 2.99.0
gnutls: fixed a couple of uninitialized variable references
gnutls: fixed compilation against versions < 2.12.0
build: Fixed overridden compiler PDB settings in VC7 to VC12
ntlm_wb: Fixed buffer size not being large enough for NTLMv2 sessions
netrc: don't abort if home dir cannot be found
netrc: fixed thread safety problem by using getpwuid_r if available
cookie: avoid mutex deadlock
configure: respect host tool prefix for krb5-config
gnutls: handle IP address in cert name check
Bump for perl-5.20.0. Do it for all packages that * mention perl, or * have a directory name starting with p5-*, or * depend on a package starting with p5- like last time, for 5.18, where this didn't lead to complaints. Let me know if you have any this time.
Changes 7.37.0: URL parser: IPv6 zone identifiers are now supported CURLOPT_PROXYHEADER: set headers for proxy-only CURLOPT_HEADEROPT: added curl: add --proxy-header sasl: Added support for DIGEST-MD5 via Windows SSPI sasl: Added DIGEST-MD5 qop-option validation in native challange handling imap: Expanded mailbox SEARCH support to use URL query strings imap: Extended FETCH support to include PARTIAL URL specifier nss: implement non-blocking SSL handshake build: Reworked Visual Studio project files poll: enable poll on darwin13 mk-ca-bundle: added -p libtests: add a wait_ms() function
nroff is required for hugehelp() Fix build under OpenBSD 5.5
Upstream release notes:
Fixed in 7.36.0 - March 26 2014
Release contains security-related bug fixes
Changes:
ntlm: Added support for NTLMv2
tool: Added support for URL specific options
openssl: add ALPN support
gtls: add ALPN support
nss: add ALPN and NPN support
added CURLOPT_EXPECT_100_TIMEOUT_MS
tool: add --no-alpn and --no-npn
added CURLOPT_SSL_ENABLE_NPN and CURLOPT_SSL_ENABLE_ALPN
winssl: enable TLSv1.1 and TLSv1.2 by default
winssl: TLSv1.2 disables certificate signatures using MD5 hash
winssl: enable hostname verification of IP address using SAN or CN
darwinssl: Don't omit CN verification when an IP address is used
http2: build with current nghttp2 version
polarssl: dropped support for PolarSSL < 1.3.0
openssl: info message with SSL version used
Bugfixes:
SECURITY ADVISORY: wrong re-use of connections
SECURITY ADVISORY: IP address wildcard certificate validation
SECURITY ADVISORY: not verifying certs for TLS to IP address / Darwinssl
SECURITY ADVISORY: not verifying certs for TLS to IP address / Winssl
nss: allow to use ECC ciphers if NSS implements them
netrc: Fixed a memory leak in an OOM condition
ftp: fixed a memory leak on wildcard error path
pipeline: Fixed a NULL pointer dereference on OOM
nss: prefer highest available TLS version
100-continue: fix timeout condition
ssh: Fixed a NULL pointer dereference on OOM condition
formpost: use semicolon in multipart/mixaed
--help: add missing --tlsv1.x options
formdata: Fixed memory leak on OOM condition
ConnectionExists: reusing possible HTTP+NTLM connections better
mingw32: fix compilation
chunked decoder: track overflows correctly
curl_easy_setopt.3: add CURL_HTTP_VERSION_2_0
dict: fix memory leak in OOM exit path
valgrind: added suppression on optimized code
curl: output protocol headers using binary mode
tool: Added URL index to password prompt for multiple operations
ConnectionExists: re-use non-NTLM connections better
axtls: call ssl_read repeatedly
multi: make MAXCONNECTS default 4 x number of easy handles function
configure: Fix the --disable-crypto-auth option
multi: ignore SIGPIPE internally
curl.1: update the description of --tlsv1
SFTP: skip reading the dir when NOBODY=1
easy: Fixed a memory leak on OOM condition
tool: Fixed incorrect return code when setting HTTP request fails
configure: Tiny fix to honor POSIX
tool: Do not output libcurl source for the information only parameters
Rework Open Watcom make files to use standard Wmake features
x509asn: moved out Curl_verifyhost from NSS builds
configure: call it GSS-API
hostcheck: Curl_cert_hostcheck is not used by NSS builds
multi_runsingle: move timestamp into INIT
remote_port: allow connect to port 0
parse_remote_port: error out on illegal port numbers better
ssh: Pass errors from libssh2_sftp_read up the stack
docs: remove documentation on setting up krb4 support
polarssl: build fixes to work with PolarSSL 1.3.x
polarssl: fix possible handshake timeout issue in multi
nss: allow to enable/disable cipher-suites better
ssh: prevent a logic error that could result in an infinite loop
http2: free resources on disconnect
polarssl: avoid extra newlines in debug messages
rtsp: parse "Session:" header properly
trynextip: don't store 'ai' on failed connects
Curl_cert_hostcheck: strip trailing dots in host name and wildcard
Pullup ticket #4338 - requested by taca
www/curl: security update
Revisions pulled up:
- www/curl/Makefile 1.133-1.134
- www/curl/PLIST 1.43
- www/curl/distinfo 1.91-1.92
- www/curl/patches/patch-aa 1.25
---
Module Name: pkgsrc
Committed By: adam
Date: Tue Dec 31 11:48:03 UTC 2013
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
Log Message:
Changes 7.34.0:
SSL: protocol version can be specified more precisely
imap/pop3/smtp: Added graceful cancellation of SASL authentication
Add "Happy Eyeballs" for IPv4/IPv6 dual connect attempts
base64: Added validation of base64 input strings when decoding
curl_easy_setopt: Added the ability to set the login options separately
smtp: Added support for additional SMTP commands
curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internals
nss: allow to use TLS > 1.0 if built against recent NSS
SECURITY: added this document to describe our security processes
parseconfig: warn if unquoted white spaces are detected
Bugfixes:
SECURITY VULNERABILITY: libcurl cert name check ignore with GnuTLS
darwinssl: un-break iOS build after PKCS/12 feature added
tool: use XFERFUNCTION to save some casts
usercertinmem: fix memory leaks
ssh: Handle successful SSH_USERAUTH_NONE
NSS: acknowledge the --no-sessionid/CURLOPT_SSL_SESSIONID_CACHE option
test906: Fixed failing test on some platforms
sasl: initialize NSS before using NTLM crypto
sasl: Fixed memory leak in OAUTH2 message creation
imap/pop3/smtp: Fixed QUIT / LOGOUT being sent when SSL connect fails
cmake: unbreak for non-Windows platforms
ssh: initialize per-handle data in ssh_connect()
glob: fix broken URLs
configure: check for long long when building with cyassl
CURLOPT_RESOLVE: mention they don't time-out
docs/examples/httpput.c: fix build for MSVC
FTP: make the data connection work when going through proxy
NSS: support for CERTINFO feature
curl_multi_wait: accept 0 from multi_timeout() as valid timeout
glob_range: pass the closing bracket for a-z ranges
tool_help: Updated --list-only description to include POP3
Curl_ssl_push_certinfo_len: don't %.*s non-zero-terminated string
cmake: fix Windows build with IPv6 support
ares: Fixed compilation under Visual Studio 2012
curl_easy_setopt.3: clarify CURLOPT_SSL_VERIFYHOST documentation
curl.1: mention that -O does no URL decoding
darwinssl: PKCS/12 import feature now requires Lion or later
darwinssl: check for SSLSetSessionOption() presence when toggling BEAST
configure: Fix test with -Werror=implicit-function-declaration
sigpipe: factor out sigpipe_reset from easy.c
curl_multi_cleanup: ignore SIGPIPE
globbing: curl glob counter mismatch with {} list use
parseconfig: dash options can't specified with colon or equals
digest: fix CURLAUTH_DIGEST_IE
curl.h: for OpenBSD
darwinssl: Fix #if 10.6.0 for SecKeychainSearch
TFTP: fix return codes for connect timeout
login options: remove the ;[options] support from CURLOPT_USERPWD
imap: Fixed incorrect fallback to clear text authentication
parsedate: avoid integer overflow
curl.1: document -J doesn't %-decode
multi: add timer inaccuracy margin to timeout/connecttimeout
---
Module Name: pkgsrc
Committed By: adam
Date: Sat Feb 1 11:07:14 UTC 2014
Modified Files:
pkgsrc/www/curl: Makefile distinfo
pkgsrc/www/curl/patches: patch-aa
Log Message:
Changes 7.35.0:
imap/pop3/smtp: Added support for SASL authentication downgrades
imap/pop3/smtp: Extended the login options to support multiple auth mechanisms
TheArtOfHttpScripting: major update, converted layout and more
mprintf: Added support for I, I32 and I64 size specifiers
makefile: Added support for VC7, VC11 and VC12
Bugfixes:
SECURITY ADVISORY: re-use of wrong HTTP NTLM connection
curl_easy_setopt: Fixed OAuth 2.0 Bearer option name
pop3: Fixed APOP being determined by CAPA response rather than by timestamp
Curl_pp_readresp: zero terminate line
FILE: don't wait due to CURLOPT_MAX_RECV_SPEED_LARGE
docs: mention CURLOPT_MAX_RECV/SEND_SPEED_LARGE don't work for FILE://
pop3: Fixed auth preference not being honored when CAPA not supported
imap: Fixed auth preference not being honored when CAPABILITY not supported
threaded resolver: Use pthread_t * for curl_thread_t
FILE: we don't support paused transfers using this protocol
connect: Try all addresses in first connection attempt
curl_easy_setopt.3: Added SMTP information to CURLOPT_INFILESIZE_LARGE
OpenSSL: Fix forcing SSLv3 connections
openssl: allow explicit sslv2 selection
FTP parselist: fix "total" parser
conncache: fix possible dereference of null pointer
multi.c: fix possible dereference of null pointer
mk-ca-bundle: introduces -d and warns about using this script
ConnectionExists: fix NTLM check for new connection
trynextip: fix build for non-IPV6 capable systems
Curl_updateconninfo: don't do anything for UDP "connections"
darwinssl: un-break Leopard build after PKCS-12 change
threaded-resolver: never use NULL hints with getaddrinf
multi_socket: remind app if timeout didn't run
OpenSSL: deselect weak ciphers by default
error message: Sensible message on timeout when transfer size unknown
curl_easy_setopt.3: mention how to unset CURLOPT_INFILESIZE*
win32: Fixed use of deprecated function 'GetVersionInfoEx' for VC12
configure: fix gssapi linking on HP-UX
chunked-parser: abort on overflows, allow 64 bit chunks
chunked parsing: relax the CR strictness
cookie: max-age fixes
progress bar: always update when at 100%
progress bar: increase update frequency to 10Hz
tool: Fixed incorrect return code if command line parser runs out of memory
tool: Fixed incorrect return code if password prompting runs out of memory
HTTP POST: omit Content-Length if data size is unknown
GnuTLS: disable insecure ciphers
GnuTLS: honor --slv2 and the --tlsv1[.N] switches
multi: Fixed a memory leak on OOM condition
netrc: Fixed a memory and file descriptor leak on OOM
getpass: fix password parsing from console
TFTP: fix crash on time-out
hostip: don't remove DNS entries that are in use
tests: lots of tests fixed to pass the OOM torture tests
Recursive PKGREVISION bump for OpenSSL API version bump.
Changes 7.35.0: imap/pop3/smtp: Added support for SASL authentication downgrades imap/pop3/smtp: Extended the login options to support multiple auth mechanisms TheArtOfHttpScripting: major update, converted layout and more mprintf: Added support for I, I32 and I64 size specifiers makefile: Added support for VC7, VC11 and VC12 Bugfixes: SECURITY ADVISORY: re-use of wrong HTTP NTLM connection curl_easy_setopt: Fixed OAuth 2.0 Bearer option name pop3: Fixed APOP being determined by CAPA response rather than by timestamp Curl_pp_readresp: zero terminate line FILE: don't wait due to CURLOPT_MAX_RECV_SPEED_LARGE docs: mention CURLOPT_MAX_RECV/SEND_SPEED_LARGE don't work for FILE:// pop3: Fixed auth preference not being honored when CAPA not supported imap: Fixed auth preference not being honored when CAPABILITY not supported threaded resolver: Use pthread_t * for curl_thread_t FILE: we don't support paused transfers using this protocol connect: Try all addresses in first connection attempt curl_easy_setopt.3: Added SMTP information to CURLOPT_INFILESIZE_LARGE OpenSSL: Fix forcing SSLv3 connections openssl: allow explicit sslv2 selection FTP parselist: fix "total" parser conncache: fix possible dereference of null pointer multi.c: fix possible dereference of null pointer mk-ca-bundle: introduces -d and warns about using this script ConnectionExists: fix NTLM check for new connection trynextip: fix build for non-IPV6 capable systems Curl_updateconninfo: don't do anything for UDP "connections" darwinssl: un-break Leopard build after PKCS-12 change threaded-resolver: never use NULL hints with getaddrinf multi_socket: remind app if timeout didn't run OpenSSL: deselect weak ciphers by default error message: Sensible message on timeout when transfer size unknown curl_easy_setopt.3: mention how to unset CURLOPT_INFILESIZE* win32: Fixed use of deprecated function 'GetVersionInfoEx' for VC12 configure: fix gssapi linking on HP-UX chunked-parser: abort on overflows, allow 64 bit chunks chunked parsing: relax the CR strictness cookie: max-age fixes progress bar: always update when at 100% progress bar: increase update frequency to 10Hz tool: Fixed incorrect return code if command line parser runs out of memory tool: Fixed incorrect return code if password prompting runs out of memory HTTP POST: omit Content-Length if data size is unknown GnuTLS: disable insecure ciphers GnuTLS: honor --slv2 and the --tlsv1[.N] switches multi: Fixed a memory leak on OOM condition netrc: Fixed a memory and file descriptor leak on OOM getpass: fix password parsing from console TFTP: fix crash on time-out hostip: don't remove DNS entries that are in use tests: lots of tests fixed to pass the OOM torture tests
Changes 7.34.0:
SSL: protocol version can be specified more precisely
imap/pop3/smtp: Added graceful cancellation of SASL authentication
Add "Happy Eyeballs" for IPv4/IPv6 dual connect attempts
base64: Added validation of base64 input strings when decoding
curl_easy_setopt: Added the ability to set the login options separately
smtp: Added support for additional SMTP commands
curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internals
nss: allow to use TLS > 1.0 if built against recent NSS
SECURITY: added this document to describe our security processes
parseconfig: warn if unquoted white spaces are detected
Bugfixes:
SECURITY VULNERABILITY: libcurl cert name check ignore with GnuTLS
darwinssl: un-break iOS build after PKCS/12 feature added
tool: use XFERFUNCTION to save some casts
usercertinmem: fix memory leaks
ssh: Handle successful SSH_USERAUTH_NONE
NSS: acknowledge the --no-sessionid/CURLOPT_SSL_SESSIONID_CACHE option
test906: Fixed failing test on some platforms
sasl: initialize NSS before using NTLM crypto
sasl: Fixed memory leak in OAUTH2 message creation
imap/pop3/smtp: Fixed QUIT / LOGOUT being sent when SSL connect fails
cmake: unbreak for non-Windows platforms
ssh: initialize per-handle data in ssh_connect()
glob: fix broken URLs
configure: check for long long when building with cyassl
CURLOPT_RESOLVE: mention they don't time-out
docs/examples/httpput.c: fix build for MSVC
FTP: make the data connection work when going through proxy
NSS: support for CERTINFO feature
curl_multi_wait: accept 0 from multi_timeout() as valid timeout
glob_range: pass the closing bracket for a-z ranges
tool_help: Updated --list-only description to include POP3
Curl_ssl_push_certinfo_len: don't %.*s non-zero-terminated string
cmake: fix Windows build with IPv6 support
ares: Fixed compilation under Visual Studio 2012
curl_easy_setopt.3: clarify CURLOPT_SSL_VERIFYHOST documentation
curl.1: mention that -O does no URL decoding
darwinssl: PKCS/12 import feature now requires Lion or later
darwinssl: check for SSLSetSessionOption() presence when toggling BEAST
configure: Fix test with -Werror=implicit-function-declaration
sigpipe: factor out sigpipe_reset from easy.c
curl_multi_cleanup: ignore SIGPIPE
globbing: curl glob counter mismatch with {} list use
parseconfig: dash options can't specified with colon or equals
digest: fix CURLAUTH_DIGEST_IE
curl.h: for OpenBSD
darwinssl: Fix #if 10.6.0 for SecKeychainSearch
TFTP: fix return codes for connect timeout
login options: remove the ;[options] support from CURLOPT_USERPWD
imap: Fixed incorrect fallback to clear text authentication
parsedate: avoid integer overflow
curl.1: document -J doesn't %-decode
multi: add timer inaccuracy margin to timeout/connecttimeout
Changes 7.33.0: * test code for testing the event based API * CURLM_ADDED_ALREADY: new error code * test TFTP server: support "writedelay" within * krb4 support has been removed * imap/pop3/smtp: added basic SASL XOAUTH2 support * darwinssl: add support for PKCS12 files for client authentication * darwinssl: enable BEAST workaround on iOS 7 & later * Pass password to OpenSSL engine by user interface * c-ares: Add support for various DNS binding options * cookies: add expiration * curl: added --oauth2-bearer option
Changes 7.32.0: curl: allow timeouts to accept decimal values OS400: add slist and certinfo EBCDIC support OS400: new SSL backend GSKit CURLOPT_XFERINFOFUNCTION: introducing a new progress callback LIBCURL-STRUCTS: new document Bugfixes: dotdot: introducing dot file path cleanup docs: fix typo in curl_easy_getinfo manpage test1230: avoid using hard-wired port number test1396: invoke the correct test tool SIGPIPE: ignored while inside the library darwinssl: fix crash that started happening in Lion OpenSSL: check for read errors, don't assume c-ares: improve error message on failed resolve printf: make sure %x are treated unsigned formpost: better random boundaries url: restore the functionality of 'curl -u :' curl.1: fix typo in --xattr description digest: improve nonce generation configure: automake 1.14 compatibility tweak curl.1: document the --post303 option in the man page curl.1: document the --sasl-ir option in the man page setup-vms.h: sk_pop symbol tweak tool_paramhlp: try harder to catch negatives cmake: Fix for MSVC2010 project generation asyn-ares: Don't blank ares servers if none configured curl_multi_wait: set revents for extra fds Reinstate "WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() ftp_do_more: consider DO_MORE complete when server connects back curl_easy_perform: gradually increase the delay time curl: fix symbolic names for CURLUSESSL_* enum in --libcurl output curl: fix upload of a zip file in OpenVMS build: fix linking on Solaris 10 curl_formadd: CURLFORM_FILECONTENT wrongly rejected some option combos curl_formadd: fix file upload on VMS curl_easy_pause: on unpause, trigger mulit-socket handling md5 & metalink: use better build macros on Apple operating systems darwinssl: fix build error in crypto authentication under Snow Leopard curl: make --progress-bar update the line less frequently configure: don't error out on variable confusions (CFLAGS, LDFLAGS etc) mk-ca-bundle: skip more untrusted certificates formadd: wrong pointer for file name when CURLFORM_BUFFERPTR used FTP: when EPSV gets a 229 but fails to connect, retry with PASV mk-ca-bundle.1: don't install on make install VMS: lots of updates and fixes of the build procedure global dns cache: didn't work (regression) global dns cache: fix memory leak
update of cURL to the current version. Upstream changelog:
Changes:
--------
darwinssl: add TLS session resumption
darwinssl: add TLS crypto authentication
imap/pop3/smtp: Added support for ;auth= in the URL
imap/pop3/smtp: Added support for ;auth= to CURLOPT_USERPWD
usercertinmem.c: add example showing user cert in memory
url: Added smtp and pop3 hostnames to the protocol detection list
imap/pop3/smtp: Added support for enabling the SASL initial response
curl -E: allow to use ':' in certificate nicknames
Bugfixes:
---------
SECURITY VULNERABILITY: curl_easy_unescape() may parse data beyond
the end of the input buffer [26]
FTP: access files in root dir correctly
configure: try pthread_create without -lpthread
FTP: handle a 230 welcome response
curl-config: don't output static libs when they are disabled
CURL_CHECK_CA_BUNDLE: don't check for paths when cross-compiling
Various documentation updates
getinfo.c: reset timecond when clearing session-info variables
FILE: prevent an artificial timeout event due to stale speed-check data
ftp_state_pasv_resp: connect through proxy also when set by env
sshserver: disable StrictHostKeyChecking
ftpserver: Fixed imap logout confirmation data
curl_easy_init: use less mallocs
smtp: Fixed unknown percentage complete in progress bar
smtp: Fixed sending of double CRLF caused by first in EOB
bindlocal: move brace out of #ifdef
winssl: Fixed invalid memory access during SSL shutdown
OS X framework: fix invalid symbolic link
OpenSSL: allow empty server certificate subject
axtls: prevent memleaks on SSL handshake failures
cookies: only consider full path matches
Revert win32 MemoryTracking: wcsdup() _wcsdup() and _tcsdup()
Curl_cookie_add: handle IPv6 hosts
ossl_send: SSL_write() returning 0 is an error too
ossl_recv: SSL_read() returning 0 is an error too
Digest auth: escape user names with backslash or " in them
curl_formadd.3: fixed wrong "end-marker" syntax
libcurl-tutorial.3: fix incorrect backslash
curl_multi_wait: reduce timeout if the multi handle wants to
tests/Makefile: typo in the perlcheck target
axtls: honor disabled VERIFYHOST
OpenSSL: avoid double free in the PKCS12 certificate code
multi_socket: reduce timeout inaccuracy margin
digest: support auth-int for empty entity body
axtls: now done non-blocking
lib1900: use tutil_tvnow instead of gettimeofday
curl_easy_perform: avoid busy-looping
CURLOPT_COOKIELIST: take cookie share lock
multi_socket: react on socket close immediately
add patch from upstream to fix possible buffer overflow in URL parser (CVE-2013-2174), bump PKGREV
Bump all packages for perl-5.18, that a) refer 'perl' in their Makefile, or b) have a directory name of p5-*, or c) have any dependency on any p5-* package Like last time, where this caused no complaints.
Update to 7.30.0:
Fixed in 7.30.0 - April 12 2013
Release contains security-related bug fix
Changes:
imap: Changed response tag generation to be completely unique
imap: Added support for SASL-IR extension
imap: Added support for the list command
imap: Added support for the append command
imap: Added custom request parsing
imap: Added support to the fetch command for UID and SECTION properties
imap: Added parsing and verification of the UIDVALIDITY mailbox attribute
darwinssl: Make certificate errors less techy
imap/pop3/smtp: Added support for the STARTTLS capability
checksrc: ban use of sprintf, vsprintf, strcat, strncat and gets
curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag
Added CURLMOPT_MAX_HOST_CONNECTIONS, CURLMOPT_MAX_TOTAL_CONNECTIONS for new multi interface connection handling
Added CURLMOPT_MAX_PIPELINE_LENGTH, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, CURLMOPT_PIPELINING_SITE_BL and CURLMOPT_PIPELI NING_SERVER_BL for new pipelining control
Bugfixes:
SECURITY ADVISORY: cookie tailmatching to avoid cross-domain leakage
darwinssl: Fix build under Leopard
DONE: consider callback-aborted transfers premature
ntlm: Fixed memory leaks
smtp: Fixed an issue when processing EHLO failure responses
pop3: Fixed incorrect return value from pop3_endofresp()
pop3: Fixed SASL authentication capability detection
pop3: Fixed blocking SSL connect when connecting via POP3S
imap: Fixed memory leak when performing multiple selects
nss: fix misplaced code enabling non-blocking socket mode
AddFormData: prevent only directories from being posted
darwinssl: fix infinite loop if server disconnected abruptly
metalink: fix improbable crash parsing metalink filename
show proper host name on failed resolve
MacOSX-Framework: Make script work in Xcode 4.0 and later
strlcat: remove function
darwinssl: Fix send glitchiness with data > 32 or so KB
polarssl: better 1.1.x and 1.2.x support
various documentation improvements
multi: NULL pointer reference when closing an unused multi handle
SOCKS: fix socks proxy when noproxy matched
install-sh: updated to support multiple source files as arguments
PolarSSL: added human readable error strings
resolver_error: remove wrong error message output
docs: updates HTML index and general improvements
curlbuild.h.dist: enhance non-configure GCC ABI detection logic
sasl: Fixed null pointer reference when decoding empty digest challenge
easy: do not ignore poll() failures other than EINTR
darwinssl: disable ECC ciphers under Mountain Lion by default
CONNECT: count received headers
build: fixes for VMS
CONNECT: clear 'rewindaftersend' on success
HTTP proxy: insert slash in URL if missing
hiperfifo: updated to use current libevent API
getinmemory.c: abort the transfer nicely if not enough memory
improved win32 memorytracking
corrected proxy header response headers count
FTP quote operations on re-used connection
tcpkeepalive on win32
tcpkeepalive on Mac OS X
easy: acknowledge the CURLOPT_MAXCONNECTS option properly
easy interface: restore default MAXCONNECTS to 5
win32: don't set SO_SNDBUF for windows vista or later versions
HTTP: made cookie sort function more deterministic
winssl: Fixed memory leak if connection was not successful
FTP: wait on both connections during active STOR state
connect: treat a failed local bind of an interface as a non-fatal error
darwinssl: disable insecure ciphers by default
FTP: handle "rubbish" in front of directory name in 257 responses
mk-ca-bundle: Fixed lost OpenSSL output with "-t"
Make "curl-config --libs" return proper ldflags for shared libraries. After curl 7.25.0 update (imported to pkgsrc at 20120417), "curl-config --libs" no longer returns "-Wl,-R/usr/pkg/lib" while "curl-config --static-libs" still returns it. Fixes the root cause of libcurl part of PR pkg/46567, and this is also required to fix openoffice3 issue as mentioned in PR pkg/46983. The problem is tracked and reported by Yasushi Oshima. Bump PKGREVISION.
Fix NULL pointer reference when closing an unused multi handle. (upstream commit da3fc1ee91de656a30f3a12de394bcba55119872) PR pkg/47610 by dieter roelants Bump PKGREVISION.
Pullup ticket #4066 - requested by drochner
www/curl: security patch
Revisions pulled up:
- www/curl/Makefile 1.123 via patch
- www/curl/distinfo 1.81
- www/curl/patches/patch-CVE-2013-0249 1.1
---
Module Name: pkgsrc
Committed By: drochner
Date: Fri Feb 8 15:45:42 UTC 2013
Modified Files:
pkgsrc/www/curl: Makefile distinfo
Added Files:
pkgsrc/www/curl/patches: patch-CVE-2013-0249
Log Message:
add patch from upstream to fix SASL buffer overflow vulnerability
(CVE-2013-0249), bump PKGREV
Update to 7.29.0:
Fixed in 7.29.0 - February 6 2013
Release contains security-related bug fix
(already fixed in pkgsrc)
Changes:
test: offer "automake" output and check for perl better
always-multi: always use non-blocking internals
imap: Added support for sasl digest-md5 authentication
imap: Added support for sasl cram-md5 authentication
imap: Added support for sasl ntlm authentication
imap: Added support for sasl login authentication
imap: Added support for sasl plain text authentication
imap: Added support for login disabled server capability
mk-ca-bundle: add -f, support passing to stdout and more
writeout: -w now supports remote_ip/port and local_ip/port
Bugfixes:
SECURITY ADVISORY: SASL buffer overflow vulnerability
nss: prevent NSS from crashing on client auth hook failure
darwinssl: Fixed inability to disable peer verification on Snow Leopard and Lion
curl_multi_remove_handle: fix memory leak triggered with CURLOPT_RESOLVE
SCP: relative path didn't work as documented
setup_once.h: HP-UX issue workaround
configure: fix cross pkg-config detection
runtests: Do not add undefined values to @INC
build: fix compilation with CURL_DISABLE_CRYPTO_AUTH flag
multi: fix re-sending request on early connection close
HTTP: remove stray CRLF in chunk-encoded content-free request bodies
build: fix AIX compilation and usage of events/revents
VC Makefiles: add missing hostcheck
nss: clear session cache if a client certificate from file is used
nss: fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
fix HTTP CONNECT tunnel establishment upon delayed response
--libcurl: fix for non-zero default options
FTP: reject illegal port numbers in EPSV 229 responses
build: use per-target '_CPPFLAGS' for those currently using default
configure: fix automake 1.13 compatibility
curl: ignore SIGPIPE
pop3: Added support for non-blocking SSL upgrade
pop3: Fixed default authentication detection
imap: Fixed usernames and passwords that contain escape characters
packages/DOS/common.dj: remove COFF debug info generation
imap/pop3/smtp: Fixed failure detection during TLS upgrade
pop3: Fixed no known authentication mechanism when fallback is required
formadd: reject trying to read a directory where a file is expected
formpost: support quotes, commas and semicolon in file names
docs: update the comments about loading CA certs with NSS
docs: fix typos in man pages
darwinssl: Fix bug where packets were sometimes transmitted twice
winbuild: include version info for .dll .exe
schannel: Removed extended error connection setup flag
VMS: fix and generate the VMS build config
add patch from upstream to fix SASL buffer overflow vulnerability (CVE-2013-0249), bump PKGREV
PKGREVISION bumps for the security/openssl 1.0.1d update.
Add a libidn option (defaulting to on) which allows libidn support to be turned off in www/curl. Modify the curl package to be aware of the libidn option. Ensure default is on. No functional change, so no version number bump.
recursive bump from cyrus-sasl libsasl2 shlib major bump.
Changes 7.28.1: This release includes the following changes: o metalink/md5: Use CommonCrypto on Apple operating systems o href_extractor: new example code extracting href elements o NSS can be used for metalink hashing [13] This release includes the following bugfixes: o Fix broken libmetalink-aware OpenSSL build o gnutls: fix the error is fatal logic [1] o darwinssl: un-broke iOS build, fix error on server disconnect o asyn-ares: restore functionality with c-ares < 1.6.1 [2] o tlsauthtype: deal with the string case insensitively [3] o Fixed MSVC libssh2 static build o evhiperfifo: fix the pointer passed to WRITEDATA [6] o BUGS: fix the bug tracker URL [4] o winbuild: Use machine type of development environment o FTP: prevent the multi interface from blocking [5] o uniformly use AM_CPPFLAGS, avoid deprecated INCLUDES o httpcustomheader.c: free the headers after use o fix >2000 bytes POST over NTLM-using proxy [7] o redirects to URLs with fragments [8] o don't send '#' fragments when using proxy [9] o OpenSSL: show full issuer string [10] o fix HTTP auth regression [11] o CURLOPT_SSL_VERIFYHOST: stop supporting the 1 value [12] o ftp: EPSV-disable fix over SOCKS [14] o Digest: Add microseconds into nounce calculation [15] o SCP/SFTP: improve error code used for send failures o SSL: Several SSL-backend related fixes o removed the notorious "additional stuff not fine" debug output o OpenSSL: Disable SSL/TLS compression - avoid the "CRIME" attack o FILE: Make upload-writes unbuffered o custom memory callbacks failure with HTTP proxy (and more) [16] o TFTP: handle resends o autoconf: don't force-disable compiler debug option o winbuild: Fix PDB file output [17] o test2032: spurious failure caused by premature termination [18] o memory leak: CURLOPT_RESOLVE with multi interface [19]
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
Changes 7.28.0: SSH: added agent based authentication ftp: active conn, allow application to set sockopt after accept() call with CURLSOCKTYPE_ACCEPT multi: add curl_multi_wait() metalink: Added support for Microsoft Windows CryptoAPI md5: Added support for Microsoft Windows CryptoAPI parse_proxy: treat "socks://x" as a socks4 proxy socks: Added support for IPv6 connections through SOCKSv5 proxy Bugfixes: WSAPoll disabled on Windows builds due to its bugs segfault on request retries curl-config: parentheses fix VC build: add define for openssl globbing: fix segfault when >9 globs were used fixed a few clang-analyzer warnings metalink: change code order to build with gnutls-nettle gtls: fix build failure by including nettle-specific headers change preferred HTTP auth on a handle previously used for another auth file: use fdopen() to avoid race condition Added DWANT_IDN_PROTOTYPES define for MSVC too verbose: fixed (nil) output of hostnames in re-used connections metalink: Un-broke the build when building --with-darwinssl curl man page cleanup Avoid leak of local device string when reusing connection Curl_socket_check: fix return code for timeout nss: do not print misleading NSS error codes configure: remove the --enable/disable-nonblocking options darwinssl: add TLS 1.1 and 1.2 support, replace deprecated functions NTLM: re-use existing connection better schannel crash on multi and easy handle cleanup SOCKS: truly disable it if CURL_DISABLE_PROXY is defined mk-ca-bundle: detect start of trust section better gnutls: do not fail on non-fatal handshake errors SMTP: only send SIZE if supported ftpserver: respond with a 250 to SMTP EHLO ssh: do not crash if MD5 fingerprint is not provided by libssh2 winbuild: Added support for building with SPNEGO enabled metalink: Fixed validation of binary files containing EOF setup.h: fixed for MS VC10 build cmake: use standard findxxx modules for cmake v2.8+ HTTP_ONLY: disable more protocols Curl_reconnect_request: clear pointer on failure https.c example: remember to call curl_global_init() metalink: Filter resource URLs by type multi interface: CURLOPT_LOW_SPEED_* fix during rate limitation curl_schannel: Removed buffer limit and optimized buffer strategy
Bump all packages that use perl, or depend on a p5-* package, or are called p5-*. I hope that's all of them.
update to 7.27.0 changes: -added --metalink for metalink download support -pop3: added more authentication types -error message improvements -bugfixes
www/curl: Fix TCP_KEEPIDLE unit for DragonFly DragonFly uses millisecond rather than second as the unit of TCP_KEEPIDLE. Patch multiples obtained value by 1000 on DragonFly. Patch will be submitted to curl at SourceForge.
Update to 7.26: This release includes the following changes: o nss: the minimal supported version of NSS bumped to 3.12.x o nss: human-readable names are now provided for NSS errors if available o add a manual page for mk-ca-bundle o added --post303 and the CURL_REDIR_POST_303 option for CURLOPT_POSTREDIR o smtp: Add support for DIGEST-MD5 authentication o pop3: Added support for additional pop3 commands This release includes the following bugfixes: o nss: libcurl now uses NSS_InitContext() to prevent collisions if available [1] o URL parse: reject numerical IPv6 addresses outside brackets [4] o MD5: fix OOM memory leak [5] o OpenSSL cert: provide more details when cert check fails o HTTP: empty chunked POST ended up in two zero size chunks [6] o fixed a regression when curl resolved to multiple addresses and the first isn't supported [7] o -# progress meter: avoid superfluous updates and duplicate lines [8] o headers: surround GCC attribute names with double underscores [9] o PolarSSL: correct return code for CRL matches o PolarSSL: include version number in version string o PolarSSL: add support for asynchronous connect o mk-ca-bundle: revert the LWP usage [12] o IPv6 cookie domain: get rid of the first bracket before the second o connect.c: return changed to CURLE_COULDNT_CONNECT when opensocket fails o OpenSSL: Made cert hostname check conform to RFC 6125 [10] o HTTP: reset expected DL/UL sizes on redirects [11] o CMake: fix Windows LDAP/LDAPS option handling [2] o CMake: fix MS Visual Studio x64 unsigned long long literal suffix [3] o configure: update detection logic of getaddrinfo() thread-safeness o configure: check for gethostbyname in the watt lib o curl-config.1: fix curl-config usage in example [13] o smtp: Fixed non-escaping of dot character at beginning of line o MakefileBuild.vc: use the correct IDN variable o autoconf: improve handling of versioned symbols o curl.1: clarify -x usage o curl: shorten user-agent o smtp: issue with the multi-interface always sending postdata [14] o compile error with GnuTLS+Nettle fixed o winbuild: fix IPv6 enabled build
update to 7.25.0 changes: -new options, minor improvements -bugfixes
Update to 7.24.0:
Fixed in 7.24.0 - January 24 2012
Release contains security-related bug fix
Changes:
* CURLOPT_QUOTE: SFTP supports the '*'-prefix now
* CURLOPT_DNS_SERVERS: set name servers if possible
* Add support for using nettle instead of gcrypt as gnutls backend
* CURLOPT_INTERFACE: avoid resolving interfaces names with magic prefixes
* Added CURLOPT_ACCEPTTIMEOUT_MS
* configure: add symbols versioning option --enable-versioned-symbols
Bugfixes:
* curl was vulnerable to a data injection attack for certain protocols CVE-2012-0036
* curl was vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL
* SSL session share: move the age counter to the share object
* -J -O: use -O name if no Content-Disposition header comes!
* protocol_connect: show verbose connect and set connect time
* query-part: ignore the URI part for given protocols
* gnutls: only translate winsock errors for old versions
* POP3: fix end of body detection
* POP3: detect when LIST returns no mails
* TELNET: improved treatment of options
* configure: add support for pkg-config detection of libidn
* CyaSSL 2.0+ library initialization adjustment
* multi interface: only use non-NULL socker function pointer
* call opensocket callback properly for active FTP
* don't call close socket callback for sockets created with accept()
* differentiate better between host/proxy errors
* SSH: fix CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and --hostpubmd5
* multi: handle timeouts on DNS servers by checking for new sockets
* CURLOPT_DNS_SERVERS: fix return code
* POP3: fixed escaped dot not being stripped out
* OpenSSL: check for the SSLv2 function in configure
* MakefileBuild: fix the static build
* create_conn: don't switch to HTTP protocol if tunneling is enabled
* multi interface: fix block when CONNECT_ONLY option is used
* Fix connection reuse for TLS upgraded connections
* multiple file upload with -F and custom type
* multi interface: active FTP connections are no longer blocking
* Android build fix
* timer: restore PRETRANSFER timing
* libcurl.m4: Fix quoting arguments of AC_LANG_PROGRAM
* appconnect time fixed for non-blocking connect ssl backends
* do not include SSL handshake into time spent waiting for 100-continue
* handle dns cache case insensitive
* use new host name casing for subsequent HTTP requests
* CURLOPT_RESOLVE: avoid adding already present host names
* SFTP mkdir: use correct permission
* resolve: don't leak pre-populated dns entries
* --retry: Retry transfers on timeout and DNS errors
* negotiate with SSPI backend: use the correct buffer for input
* SFTP dir: increase buffer size counter to avoid cut off file names
* TFTP: fix resending (again)
* c-ares: don't include getaddrinfo-using code
* FTP: CURLE_PARTIAL_FILE will not close the control channel
* win32-threaded-resolver: stop using a dummy socket
* OpenSSL: remove reference to openssl internal struct
* OpenSSL: SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option no longer enabled
* OpenSSL: fix PKCS#12 certificate parsing related memory leak
* OpenLDAP: fix LDAP connection phase memory leak
* Telnet: Use correct file descriptor for telnet upload
* Telnet: Remove bogus optimisation of telnet upload
* URL parse: user name with ipv6 numerical address
* polarssl: show cipher suite name correctly with 1.1.0
* polarssl: havege_rand is not present in version 1.1.0 WARNING, we still use the old API which is said to be
insecure
* gnutls: enforced use of SSLv3
Pullup ticket #3663 - requested by drochner
www/curl security update
Revisions pulled up:
- www/curl/Makefile 1.110
- www/curl/distinfo 1.73
- www/curl/patches/patch-ba 1.1
- www/curl/patches/patch-bb 1.1
- www/curl/patches/patch-bc 1.1
- www/curl/patches/patch-bd 1.1
- www/curl/patches/patch-be 1.1
- www/curl/patches/patch-bf 1.1
---
Module Name: pkgsrc
Committed By: drochner
Date: Thu Jan 26 11:25:55 UTC 2012
Modified Files:
pkgsrc/www/curl: Makefile distinfo
Added Files:
pkgsrc/www/curl/patches: patch-ba patch-bb patch-bc patch-bd patch-be
patch-bf
Log Message:
add patches from upstream to fix 2 security problems:
-data injection attack for certain protocols (CVE-2012-0036)
-SSL CBC IV vulnerability (OpenSSL related, CVE-2011-3389)
bump PKGREV
add patches from upstream to fix 2 security problems: -data injection attack for certain protocols (CVE-2012-0036) -SSL CBC IV vulnerability (OpenSSL related, CVE-2011-3389) bump PKGREV
Update to 7.23.1:
Fixed in 7.23.1 - November 17 2011
Bugfixes:
Windows: curl would fail if it found no CA cert, unless -k was used. Even if a non-SSL protocol URL was used
Fixed in 7.23.0 - November 15 2011
Changes:
Empty headers can be sent in HTTP requests by terminating with a semicolon
SSL session sharing support added to curl_share_setopt()
Added support to MAIL FROM for the optional SIZE parameter
smtp: Added support for NTLM authentication
curl tool: code split into tool_*.[ch] files
Bugfixes:
handle HTTP redirects to "//hostname/path"
SMTP without --mail-from caused segfault
prevent extra progress meter headers between multiple files
allow Content-Length to be replaced when sending HTTP requests
curl now always sets postfieldsize to allow --data-binary and --data to be mixed in the same command line
curl_multi_fdset: avoid FD_SET out of bounds
lots of MinGW build tweaks
Curl_gethostname: return un-qualified machine name
fixed the openssl version number configure check
nss: certificates from files are no longer looked up by file base names
returning abort from the progress function when using the multi interface would not properly cancel the transfer and close the connection
fix libcurl.m4 to not fail with modern gcc versions
ftp: improved the failed PORT host name resolved error message
TFTP timeout and unexpected block adjustments
HTTP and GOPHER test server-side connection closing adjustments
fix endless loop upon transport connection timeout
don't clobber errno on failed connect
typecheck: allow NULL to unset CURLOPT_ERRORBUFFER
formdata: ack read callback abort
make --show-error properly position independent
set the ipv6-connection boolean correctly on connect
SMTP: fix end-of-body string escaping
gtls: only call gnutls_transport_set_lowat with HTTP: handle multiple auths in a single WWW-Authenticate line
curl_multi_fdset: correct fdset with FTP PORT use
windbuild: fix the static build
fix builds with GnuTLS version 3
fix calling of OpenSSL's ERR_remove_state(0)
HTTP auth: fix proxy Negotiate bug when Negotiate not requested
ftp PORT: don't hang if bind() fails
-# would crash on terminals wider than 256 columns
Fixed in 7.22.0 - September 13 2011
Changes:
Added CURLOPT_GSSAPI_DELEGATION
Added support for NTLM delegation to Samba's winbind daemon helper ntlm_auth
Display notes from setup file in testcurl.pl
BSD-style lwIP TCP/IP stack experimental support on Windows
OpenSSL: Use SSL_MODE_RELEASE_BUFFERS if available
--delegation was added to set CURLOPT_GSSAPI_DELEGATION
nss: start with no database if the selected database is broken
telnet: allow programatic use on Windows
Bugfixes:
curl_getdate: detect some illegal dates better
when sending a request and an error is received before the (entire) request body is sent, stop sending the request and close the connection after having received the entire response. This is equally true if an Expect: 100-continue header was used.
When using both -J and a single -O with multiple URLs, a missing init could cause a segfault
-J fixed for escaped quotes
-J fixed for file names with semicolons
progress: reset flags at transfer start to avoid wrong CURLINFO_CONTENT_LENGTH_DOWNLOAD
curl_gssapi: Guard files with HAVE_GSSAPI and rename private header
silence picky compilers: mark unused parameters
help output: more gnu like output
libtests: stop checking for CURLM_CALL_MULTI_PERFORM
setting a non-HTTP proxy with an environment variable or with CURLOPT_PROXY / --proxy (without specifying CURLOPT_PROXYTYPE) would still make it do proxy-like HTTP requests
CURLFORM_BUFFER: insert filename as documented (regression)
SOCKS: fix the connect timeout
ftp_doing: bail out on error properly while multi interfacing
improved Content-Encoded decoding error message
asyn-thread: check for dotted addresses before thread starts
cmake: find winsock when building on windows
Curl_retry_request: check return code
cookies: handle 'secure=' as if it was 'secure'
tests: break busy loops in tests 502, 555, and 573
FTP: fix proxy connect race condition with multi interface and SOCKS proxy
RTSP: GET_PARAMETER requests have a body
fixed several memory leaks in OOM situations
bad expire(0) caused multi_socket API to hang
Avoid ftruncate() static define with mingw64
mk-ca-bundle.pl: ignore untrusted certs
builds with PolarSSL 1.0.0
Revert last change per joerg@'s objections.
Avoid deadlock if FETCH_USING is set to wget or curl and we're building one of them.
Update curl 7.21.7. This release includes the following changes: o recognize the [protocol]:// prefix in proxy hosts where the protocol is one of socks4, socks4a, socks5 or socks5h. o Added CURLOPT_CLOSESOCKETFUNCTION and CURLOPT_CLOSESOCKETDATA This release includes the following bugfixes: o SECURITY ADVISORY: inappropriate GSSAPI delegation. Full details at http://curl.haxx.se/docs/adv_20110623.html o NTLM: work with unicode o fix connect with SOCKS proxy when using the multi interface o anyauthput.c: stdint.h must not be included unconditionally o CMake: improved build o SCP/SFTP enable non-blocking earlier o GnuTLS handshake: fix timeout o cyassl: build without filesystem o HTTPS over HTTP proxy using the multi interface o speedcheck: invalid timeout event on a reused handle o Force connection close for HTTP 200 OK when time condition matched o curl_formget: fix FILE * leak o configure: improved OpenSSL detection o Android build: support gingerbread o CURLFORM_STREAM: acknowledge CURLFORM_FILENAME o windows build: use correct MS CRT o pop3: remove extra space in LIST command
Update to 7.21.6:
Fixed in 7.21.6 - April 22 2011
Changes:
Added --tr-encoding and CURLOPT_TRANSFER_ENCODING
Bugfixes:
curl-config: fix --version
curl_easy_setopt.3: CURLOPT_PROXYTYPE clarification
use HTTPS properly after CONNECT
SFTP: close file before post quote operations
Fixed in 7.21.5 - April 17 2011
Changes:
SOCKOPTFUNCTION: callback can say already-connected
Added --netrc-file
Added (new) support for cyassl
TSL-SRP: enabled with OpenSSL
Added CURLE_NOT_BUILT_IN and CURLE_UNKNOWN_OPTION
Bugfixes:
nss: avoid memory leak on SSL connection failure
nss: do not ignore failure of SSL handshake
multi: better failed connect handling when using FTP, SMTP, POP3 and IMAP
runtests.pl: fix pid number concatenation that prevented it from killing the correct process at times
PolarSSL: Return 0 on receiving TLS CLOSE_NOTIFY alert
curl_easy_setopt.3: Removed wrong reference to CURLOPT_USERPASSWORD
multi: close connection on timeout
IMAP in multi mode does SSL connections non-blocking
honours the --disable-ldaps configure option
Force setopt constants written by --libcurl to be long
ssh_connect: treat libssh2 return code better
SFTP upload could stall the state machine when the multi_socket API was used
SFTP and SCP could leak memory when used with the multi interface and the connection was closed
Added missing file to repair the MSVC makefiles
Fixed detection of recvfrom arguments on Android/bionic
GSS: handle reuse fix
transfer: avoid insane conversion of time_t
nss: do not ignore value of CURLOPT_SSL_VERIFYPEER in certain cases
SMTP-multi: non-blocking connect
SFTP-multi: set cselect for sftp and scp to fix "stall" risk
configure: removed wrongly claimed default paths
pop3: fixed torture tests to succeed
symbols-in-versions: many corrections
if a HTTP request gets retried because the connection was dead, rewind if any data was sent as part of it
only probe for working ipv6 once and then re-use that info for further requests
requests that are asked to bound to a local interface/port will no longer wrongly re-use connections that aren't
libcurl.m4: Add missing quotes in AC_LINK_IFELSE
progress output: don't print the last update on a separate line
POP3: the command to send is STLS, not STARTTLS
POP3: PASS command was not sent after upgrade to TLS
configure: fix libtool warning
nss: allow to use multiple client certificates for a single host
HTTP pipelining: Fix handling of zero-length responses
Don't list NTLM in curl-config when HTTP is disabled
curl_easy_setopt.3: CURLOPT_RESOLVE typo version
OpenSSL: build fine with no-sslv2 versions
checkconnection: don't call with NULL pointer with RTSP and multi interface
Borland makefile updates
configure: libssh2 link fix without pkg-config
certinfo crash
CCC crash
recursive bump from gettext-lib shlib bump.
Update to curl 7.21.4 This release includes the following changes: o CURLINFO_FTP_ENTRY_PATH now supports SFTP o introduced new framework for unit-testing o IDN: use win32 API if told to o ares: ask for both IPv4 and IPv6 addresses o HTTP: do Negotiate authentication using SSPI on windows o Windows build: alternative makefile o TLS-SRP: support added when using GnuTLS This release includes the following bugfixes: o SMTP: add brackets for MAIL FROM o ossl_seed: no more RAND_screen (on Windows) o multi: connect fail => use next IP address o use the timeout when using multiple IP addresses similar to how the easy interface does it o cookies: tricked dotcounter fixed o pubkey_show: allocate buffer to fit any-size result o Curl_nss_connect: avoid PATH_MAX o Curl_do: avoid using stale conn pointer o tftpd test server: avoid buffer overflow report from glibc o nss: avoid CURLE_OUT_OF_MEMORY given a file name without any slash o nss: fix a bug in handling of CURLOPT_CAPATH o CMake: Use upstream CheckTypeSize module o OpenSSL get_cert_chain: support larger data sets o SCP/SFTP transfers: acknowledge speedcheck o GnuTLS builds: fix memory leak o connect problem: use UDP correctly o Borland C++ makefile tweaks o OpenSSL: improved error message on SSL_CTX_new failures o HTTP: memory leak on multiple Location: o ares_query_completed_cb: don't touch invalid data o ares: memory leak fix o mk-ca-bundle: use new cacert url o Curl_gmtime: added a portable gmtime and check for NULL o curl.1: typo in -v description o CURLOPT_SOCKOPTFUNCTION: return proper error code o --keepalive-time: warn if not supported properly o file: add support for CURLOPT_TIMECONDITION o nss: avoid memory leaks and failure of NSS shutdown o multi: fix CURLM_STATE_TOOFAST for multi_socket
Reset maintainer for retired developers.
Update to 7.21.3:
Changes:
* Added --noconfigure switch to testcurl.pl
* Added --xattr option
* Added CURLOPT_RESOLVE and --resolve
* Added CURLAUTH_ONLY
* Added version-check.pl to the examples dir
Bugfixes:
* check for libcurl features for some command line options
* Curl_setopt: disallow CURLOPT_USE_SSL without SSL support
* http_chunks: remove debug output
* URL-parsing: consider ? a divider
* SSH: avoid using the libssh2_ prefix
* SSH: use libssh2_session_handshake() to work on win64
* ftp: prevent server from hanging on closed data connection
when stopping a transfer before the end of the full transfer
(ranges)
* LDAP: detect non-binary attributes properly
* ftp: treat server's response 421 as CURLE_OPERATION_TIMEDOUT
* gnutls->handshake: improved timeout handling
* security: Pass the right parameter to init
* krb5: Use GSS_ERROR to check for error
* TFTP: resend the correct data
* configure: fix autoconf 2.68 warning: no AC_LANG_SOURCE call detected
* GnuTLS: now detects socket errors on Windows
* symbols-in-versions: updated en masse
* added a couple examples that were missing from the tar ball
* Curl_send/recv_plain: return errno on failure
* Curl_wait_for_resolv (for c-ares): correct timeout
* ossl_connect_common: detect connection re-use
* configure: Prevent link errors with --librtmp
* openldap: use remote port in URL passed to ldap_init_fd()
* url: provide dead_connection flag in Curl_handler::disconnect
* lots of compiler warning fixes
* ssh: fix a download resume point calculation
* fix getinfo CURLINFO_LOCAL* for reused connections
* multi: the returned running handles conuter could turn negative
* multi: only ever consider pipelining for connections doing HTTP(S)
Update to 7.21.2:
Changes:
* curl -T: ignore file size of special files
* Added GOPHER protocol support
* Added mk-ca-bundle.vbs script
* c-ares build now requires c-ares >= 1.6.0
Bugfixes:
* --remote-header-name security vulnerability fixed
* multi: support the timeouts correctly, fixes known bug #62
* multi: use timeouts properly for MAX_RECV/SEND_SPEED
* negotiation: Wrong proxy authorization
* multi: avoid sending multiple complete messages
* cmdline: make -F type= accept ;charset=
* RESUME_FROM: clarify what ftp uploads do
* http: handle trailer headers in all chunked responses
* Curl_is_connected: use correct errno
* Added SSPI build to Watcom makefile
* progress: callback for POSTs less than MAX_INITIAL_POST_SIZE
* linking problem on Fedora 13
* Link curl and the test apps with -lrt explicitly when necessary
* chunky parser: only rewind stream internally if needed
* remote-header-name: don't output filename when NULL
* Curl_timeleft: avoid returning "no timeout" by mistake
* timeout: use the correct start value as offset
* FTP: fix wrong timeout trigger
* buildconf got better output on failures
* rtsp: avoid SIGSEGV on malformed header
* LDAP: Support for tunnelling queries through HTTP proxy
* configure's --enable-werror had a bashism
* test565: Don't hardcode IP:PORT
* configure: check for gcrypt if using GnuTLS
* configure: don't enable RTMP if the lib detect fails
* curl_easy_duphandle: clone the c-ares handle correctly
* MacOSX-Framework: updates for Snowleopard
* support URL containing colon without trailing port number
* parsedate: allow time specified without seconds
* curl_easy_escape: don't escape "unreserved" characters
* SFTP: avoid downloading negative sizes
* Lots of GSS/KRB FTP fixes
* TFTP: Work around tftpd-hpa upload bug
* libcurl.m4: several fixes
* HTTP: remove special case for 416
* examples: use example.com in example URLs
* globbing: fix crash on unballanced open brace
* cmake: build fixed
update to 7.21.1 changes: bugfixes
update to 7.21.0 changes: added the --proto and -proto-redir options new configure option --enable-threaded-resolver improve TELNET ability with libcurl added support for PolarSSL added support for FTP wildcard matching and downloads added support for RTMP added CURLINFO_PRIMARY_PORT, CURLINFO_LOCAL_IP and CURLINFO_LOCAL_PORT
Added PKGCONFIG_OVERRIDE for other packages to build/configure correctly
Pullup ticket #3026 - requested by spz
curl: security update
Revisions pulled up:
- www/curl/Makefile 1.96
- www/curl/distinfo 1.64
- www/curl/patches/patch-ab delete
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Feb 16 12:51:44 UTC 2010
Modified Files:
pkgsrc/www/curl: Makefile distinfo
Removed Files:
pkgsrc/www/curl/patches: patch-ab
Log Message:
Update to 7.20.0:
Version 7.20.0 (9 February 2010)
Daniel Stenberg (9 Feb 2010)
- When downloading compressed content over HTTP and the app asked libcurl to
automatically uncompress it with the CURLOPT_ENCODING option, libcurl could
wrongly provide the callback with more data than the maximum documented
amount. An application could thus get tricked into badness if the maximum
limit was trusted to be enforced by libcurl itself (as it is documented).
This is further detailed and explained in the libcurl security advisory
20100209 at
http://curl.haxx.se/docs/adv_20100209.html
Daniel Fandrich (3 Feb 2010)
- Changed the Watcom makefiles to make them easier to keep in sync with
Makefile.inc since that can't be included directly.
Yang Tse (2 Feb 2010)
- Symbol CURL_FORMAT_OFF_T now obsoleted, will be removed in a future release,
symbol will not be available when building with CURL_NO_OLDIES defined. Use
of CURL_FORMAT_CURL_OFF_T is preferred since 7.19.0
Daniel Stenberg (1 Feb 2010)
- Using the multi_socket API, it turns out at times it seemed to "forget"
connections (which caused a hang). It turned out to be an existing (7.19.7)
bug in libcurl (that's been around for a long time) and it happened like
this:
The app calls curl_multi_add_handle() to add a new easy handle, libcurl will
then set it to timeout in 1 millisecond so libcurl will tell the app about
it.
The app's timeout fires off that there's a timeout, the app calls libcurl as
we so often document it:
do {
res = curl_multi_socket_action(... TIMEOUT ...);
} while(CURLM_CALL_MULTI_PERFORM == res);
And this is the problem number one:
When curl_multi_socket_action() is called with no specific handle, but only
a timeout-action, it will *only* perform actions within libcurl that are
marked to run at this time. In this case, the request would go from INIT to
CONNECT and return CURLM_CALL_MULTI_PERFORM. When the app then calls libcurl
again, there's no timer set for this handle so it remains in the CONNECT
state. The CONNECT state is a transitional state in libcurl so it reports no
sockets there, and thus libcurl never tells the app anything more about that
easy handle/connection.
libcurl _does_ set a 1ms timeout for the handle at the end of
multi_runsingle() if it returns CURLM_CALL_MULTI_PERFORM, but since the loop
is instant the new job is not ready to run at that point (and there's no
code that makes libcurl call the app to update the timout for this new
timeout). It will simply rely on that some other timeout will trigger later
on or that something else will update the timeout callback. This makes the
bug fairly hard to repeat.
The fix made to adress this issue:
We introduce a loop in lib/multi.c around all calls to multi_runsingle() and
simply check for CURLM_CALL_MULTI_PERFORM internally. This has the added
benefit that this goes in line with my long-term wishes to get rid of the
CURLM_CALL_MULTI_PERFORM all together from the public API.
The downside of this fix, is that the counter we return in 'running_handles'
in several of our public functions then gets a slightly new and possibly
confusing behavior during times:
If an app adds a handle that fails to connect (very quickly) it may just
as well never appear as a 'running_handle' with this fix. Previously it
would first bump the counter only to get it decreased again at next call.
Even I have used that change in handle counter to signal "end of a
transfer". The only *good* way to find the end of a individual transfer
is calling curl_multi_info_read() to see if it returns one.
Of course, if the app previously did the looping before it checked the
counter, it really shouldn't be any new effect.
Yang Tse (26 Jan 2010)
- Constantine Sapuntzakis' and Joshua Kwan's work done in the last four months
relative to the asynchronous DNS lookups, along with with some integration
adjustments I have done are finally committed to CVS.
Currently these enhancements will benefit builds done using c-ares on any
platform as well as Windows builds using the default threaded resolver.
This release does not make generally available POSIX threaded DNS lookups
yet. There is no configure option to enable this feature yet. It is possible
to experimantally try this feature running configure with compiler flags that
make simultaneous definition of preprocessor symbols USE_THREADS_POSIX and
HAVE_PTHREAD_H, as well as whatever reentrancy compiler flags and linker ones
are required to link and properly use pthread_* functions on each platform.
Daniel Stenberg (26 Jan 2010)
- Mike Crowe made libcurl return CURLE_COULDNT_RESOLVE_PROXY when it is the
proxy that cannot be resolved when using c-ares. This matches the behaviour
when not using c-ares.
Bj
- Added a new flag: -J/--remote-header-name. This option tells the
-O/--remote-name option to use the server-specified Content-Disposition
filename instead of extracting a filename from the URL.
Daniel Stenberg (21 Jan 2010)
- Chris Conroy brought support for RTSP transfers, and with it comes 8(!) new
libcurl options for controlling what to get and how to receive posssibly
interleaved RTP data.
Daniel Stenberg (20 Jan 2010)
- As was pointed out on the http-state mailing list, the order of cookies in a
HTTP Cookie: header _needs_ to be sorted on the path length in the cases
where two cookies using the same name are set more than once using
(overlapping) paths. Realizing this, identically named cookies must be
sorted correctly. But detecting only identically named cookies and take care
of them individually is harder than just to blindly and unconditionally sort
all cookies based on their path lengths. All major browsers also already do
this, so this makes our behavior one step closer to them in the cookie area.
Test case 8 was the only one that broke due to this change and I updated it
accordingly.
Daniel Stenberg (19 Jan 2010)
- David McCreedy brought a fix and a new test case (129) to make libcurl work
again when downloading files over FTP using ASCII and it turns out that the
final size of the file is not the same as the initial size the server
reported. This is very common since servers don't take the newline
conversions into account.
Kamil Dudka (14 Jan 2010)
- Suppressed side effect of OpenSSL configure checks, which prevented NSS from
being properly detected under certain circumstances. It had been caused by
strange behavior of pkg-config when handling PKG_CONFIG_LIBDIR. pkg-config
distinguishes among empty and non-existent environment variable in that case.
Daniel Stenberg (12 Jan 2010)
- Gil Weber reported a peculiar flaw with the multi interface when doing SFTP
transfers: curl_multi_fdset() would return -1 and not set and file
descriptors several times during a transfer of a single file. It turned out
to be due to two different flaws now fixed. Gil's excellent recipe helped me
nail this.
Daniel Stenberg (11 Jan 2010)
- Made sure that the progress callback is repeatedly called at a regular
interval even during very slow connects.
- The tests/runtests.pl script now checks to see if the test case that runs is
present in the tests/data/Makefile.am and outputs a notice message on the
screen if not. Each test file has to be included in that Makefile.am to get
included in release archives and forgetting to add files there is a common
mistake. This is an attempt to make it harder to forget.
Daniel Stenberg (9 Jan 2010)
- Johan van Selst found and fixed a OpenSSL session ref count leak:
ossl_connect_step3() increments an SSL session handle reference counter on
each call. When sessions are re-used this reference counter may be
incremented many times, but it will be decremented only once when done (by
Curl_ossl_session_free()); and the internal OpenSSL data will not be freed
if this reference count remains positive. When a session is re-used the
reference counter should be corrected by explicitly calling
SSL_SESSION_free() after each consecutive SSL_get1_session() to avoid
introducing a memory leak.
(http://curl.haxx.se/bug/view.cgi?id=2926284)
Daniel Stenberg (7 Jan 2010)
- Make sure the progress callback is called repeatedly even during very slow
name resolves when c-ares is used for resolving.
Claes Jakobsson (6 Jan 2010)
- Julien Chaffraix fixed so that the fragment part in an URL is not sent
to the server anymore.
Kamil Dudka (3 Jan 2010)
- Julien Chaffraix eliminated a duplicated initialization in singlesocket().
Daniel Stenberg (2 Jan 2010)
- Make curl support --ssl and --ssl-reqd instead of the previous FTP-specific
versions --ftp-ssl and --ftp-ssl-reqd as these options are now used to
control SSL/TLS for IMAP, POP3 and SMTP as well in addition to FTP. The old
option names are still working but the new ones are the ones listed and
documented.
Daniel Stenberg (1 Jan 2010)
- Ingmar Runge enhanced libcurl's FTP engine to support the PRET command. This
command is a special "hack" used by the drftpd server, but even though it is
a custom extension I've deemed it fine to add to libcurl since this server
seems to survive and people keep using it and want libcurl to support
it. The new libcurl option is named CURLOPT_FTP_USE_PRET, and it is also
usable from the curl tool with --ftp-pret. Using this option on a server
that doesn't support this command will make libcurl fail.
I added test cases 1107 and 1108 to verify the functionality.
The PRET command is documented at
http://www.drftpd.org/index.php/Distributed_PASV
Yang Tse (30 Dec 2009)
- Steven M. Schweda improved VMS build system, and Craig A. Berry helped
with the patch and testing.
Daniel Stenberg (26 Dec 2009)
- Renato Botelho and Peter Pentchev brought a patch that makes the libcurl
headers work correctly even on FreeBSD systems before v8.
(http://curl.haxx.se/bug/view.cgi?id=2916915)
Daniel Stenberg (17 Dec 2009)
- David Byron fixed Curl_ossl_cleanup to actually call ENGINE_cleanup when
available.
- Follow-up fix for the proxy fix I did for Jon Nelson's bug. It turned out I
was a bit too quick and broke test case 1101 with that change. The order of
some of the setups is sensitive. I now changed it slightly again to make
sure we do them in this order:
1 - parse URL and figure out what protocol is used in the URL
2 - prepend protocol:// to URL if missing
3 - parse name+password off URL, which needs to know what protocol is used
(since only some allows for name+password in the URL)
4 - figure out if a proxy should be used set by an option
5 - if no proxy option, check proxy environment variables
6 - run the protocol-specific setup function, which needs to have the proxy
already set
Daniel Stenberg (15 Dec 2009)
- Jon Nelson found a regression that turned out to be a flaw in how libcurl
detects and uses proxies based on the environment variables. If the proxy
was given as an explicit option it worked, but due to the setup order
mistake proxies would not be used fine for a few protocols when picked up
from '[protocol]_proxy'. Obviously this broke after 7.19.4. I now also added
test case 1106 that verifies this functionality.
(http://curl.haxx.se/bug/view.cgi?id=2913886)
Daniel Stenberg (12 Dec 2009)
- IMAP, POP3 and SMTP support and their TLS versions (including IMAPS, POP3S
and SMTPS) are now supported. The current state may not yet be solid, but
the foundation is in place and the test suite has some initial support for
these protocols. Work will now persue to make them nice libcurl citizens
until release.
The work with supporting these new protocols was sponsored by
networking4all.com - thanks!
Daniel Stenberg (10 Dec 2009)
- Siegfried Gyuricsko found out that the curl manual said --retry would retry
on FTP errors in the transient 5xx range. Transient FTP errors are in the
4xx range. The code itself only tried on 5xx errors that occured _at login_.
Now the retry code retries on all FTP transfer failures that ended with a
4xx response.
(http://curl.haxx.se/bug/view.cgi?id=2911279)
- Constantine Sapuntzakis figured out a case which would lead to libcurl
accessing alredy freed memory and thus crash when using HTTPS (with
OpenSSL), multi interface and the CURLOPT_DEBUGFUNCTION and a certain order
of cleaning things up. I fixed it.
(http://curl.haxx.se/bug/view.cgi?id=2905220)
Daniel Stenberg (7 Dec 2009)
- Martin Storsjo made libcurl use the Expect: 100-continue header for posts
with unknown size. Previously it was only used for posts with a known size
larger than 1024 bytes.
Daniel Stenberg (1 Dec 2009)
- If the Expect: 100-continue header has been set by the application through
curl_easy_setopt with CURLOPT_HTTPHEADER, the library should set
data->state.expect100header accordingly - the current code (in 7.19.7 at
least) doesn't handle this properly. Martin Storsjo provided the fix!
Yang Tse (28 Nov 2009)
- Added Diffie-Hellman parameters to several test harness certificate files in
PEM format. Required by several stunnel versions used by our test harness.
Daniel Stenberg (28 Nov 2009)
- Markus Koetter provided a polished and updated version of Chad Monroe's TFTP
rework patch that now integrates TFTP properly into libcurl so that it can
be used non-blocking with the multi interface and more. BLKSIZE also works.
The --tftp-blksize option was added to allow setting the TFTP BLKSIZE from
the command line.
Daniel Stenberg (26 Nov 2009)
- Extended and fixed the change I did on Dec 11 for the the progress
meter/callback during FTP command/response sequences. It turned out it was
really lame before and now the progress meter SHOULD get called at least
once per second.
Daniel Stenberg (23 Nov 2009)
- Bjorn Augustsson reported a bug which made curl not report any problems even
though it failed to write a very small download to disk (done in a single
fwrite call). It turned out to be because fwrite() returned success, but
there was insufficient error-checking for the fclose() call which tricked
curl to believe things were fine.
Yang Tse (23 Nov 2009)
- David Byron modified Makefile.dist vc8 and vc9 targets in order to allow
finer granularity control when generating src and lib makefiles.
Yang Tse (22 Nov 2009)
- I modified configure to force removal of the curlbuild.h file included in
distribution tarballs for use by non-configure systems. As intended, this
would get overwriten when doing in-tree builds. But VPATH builds would end
having two curlbuild.h files, one in the source tree and another in the
build tree. With the modification I introduced 5 Nov 2009 this could become
an issue when running libcurl's test suite.
Daniel Stenberg (20 Nov 2009)
- Constantine Sapuntzakis identified a write after close, as the sockets were
closed by libcurl before the SSL lib were shutdown and they may write to its
socket. Detected to at least happen with OpenSSL builds.
- Jad Chamcham pointed out a bug with connection re-use. If a connection had
CURLOPT_HTTPPROXYTUNNEL enabled over a proxy, a subsequent request using the
same proxy with the tunnel option disabled would still wrongly re-use that
previous connection and the outcome would only be badness.
Yang Tse (18 Nov 2009)
- I modified the memory tracking system to make it intolerant with zero sized
malloc(), calloc() and realloc() function calls.
Daniel Stenberg (17 Nov 2009)
- Constantine Sapuntzakis provided another fix for the DNS cache that could
end up with entries that wouldn't time-out:
1. Set up a first web server that redirects (307) to a http://server:port
that's down
2. Have curl connect to the first web server using curl multi
After the curl_easy_cleanup call, there will be curl dns entries hanging
around with in_use != 0.
(http://curl.haxx.se/bug/view.cgi?id=2891591)
- Marc Kleine-Budde fixed: curl saved the LDFLAGS set during configure into
its pkg-config file. So -Wl stuff ended up in the .pc file, which is really
bad, and breaks if there are multiple -Wl in our LDFLAGS (which are in
PTXdist). bug #2893592 (http://curl.haxx.se/bug/view.cgi?id=2893592)
Kamil Dudka (15 Nov 2009)
- David Byron improved the configure script to use pkg-config to find OpenSSL
(and in particular the list of required libraries) even if a path is given
as argument to --with-ssl
Yang Tse (15 Nov 2009)
- I removed enable-thread / disable-thread configure option. These were only
placebo options. The library is always built as thread safe as possible on
every system.
Claes Jakobsson (14 Nov 2009)
- curl-config now accepts '--configure' to see what arguments was
passed to the configure script when building curl.
Daniel Stenberg (14 Nov 2009)
- Claes Jakobsson restored the configure functionality to detect NSS when
--with-nss is set but not "yes".
I think we can still improve that to check for pkg-config in that path etc,
but at least this patch brings back the same functionality we had before.
- Camille Moncelier added support for the file type SSL_FILETYPE_ENGINE for
the client certificate. It also disable the key name test as some engines
can select a private key/cert automatically (When there is only one key
and/or certificate on the hardware device used by the engine)
Yang Tse (14 Nov 2009)
- Constantine Sapuntzakis provided the fix that ensures that an SSL connection
won't be reused unless protection level for peer and host verification match.
I refactored how preprocessor symbol _THREAD_SAFE definition is done.
Kamil Dudka (12 Nov 2009)
- Kevin Baughman provided a fix preventing libcurl-NSS from crash on doubly
closed NSPR descriptor. The issue was hard to find, reported several times
before and always closed unresolved. More info at the RH bug:
https://bugzilla.redhat.com/534176
- libcurl-NSS now tries to reconnect with TLS disabled in case it detects
a broken TLS server. However it does not happen if SSL version is selected
manually. The approach was originally taken from PSM. Kaspar Brand helped me
to complete the patch. Original bug reports:
https://bugzilla.redhat.com/525496
https://bugzilla.redhat.com/527771
Yang Tse (12 Nov 2009)
- I modified configure script to make the getaddrinfo function check also
verify if the function is thread safe.
Yang Tse (11 Nov 2009)
- Marco Maggi reported that compilation failed when configured --with-gssapi
and GNU GSS installed due to a missing mutual exclusion of header files in
the Kerberos 5 code path. He also verified that my patch worked for him.
Daniel Stenberg (11 Nov 2009)
- Constantine Sapuntzakis posted bug #2891595
(http://curl.haxx.se/bug/view.cgi?id=2891595) which identified how an entry
in the DNS cache would linger too long if the request that added it was in
use that long. He also provided the patch that now makes libcurl capable of
still doing a request while the DNS hash entry may get timed out.
- Christian Schmitz noticed that the progress meter/callback was not properly
used during the FTP connection phase (after the actual TCP connect), while
it of course should be. I also made the speed check get called correctly so
that really slow servers will trigger that properly too.
Kamil Dudka (5 Nov 2009)
- Dropped misleading timeouts in libcurl-NSS and made sure the SSL socket works
in non-blocking mode.
Yang Tse (5 Nov 2009)
- I removed leading 'curl' path on the 'curlbuild.h' include statement in
curl.h, adjusting auto-makefiles include path, to enhance portability to
OS's without an orthogonal directory tree structure such as OS/400.
Daniel Stenberg (4 Nov 2009)
- I fixed several problems with the transfer progress meter. It showed the
wrong percentage for small files, most notable for <1000 bytes and could
easily end up showing more than 100% at the end. It also didn't show any
percentage, transfer size or estimated transfer times when transferring
less than 100 bytes.
Update to 7.20.0:
Version 7.20.0 (9 February 2010)
Daniel Stenberg (9 Feb 2010)
- When downloading compressed content over HTTP and the app asked libcurl to
automatically uncompress it with the CURLOPT_ENCODING option, libcurl could
wrongly provide the callback with more data than the maximum documented
amount. An application could thus get tricked into badness if the maximum
limit was trusted to be enforced by libcurl itself (as it is documented).
This is further detailed and explained in the libcurl security advisory
20100209 at
http://curl.haxx.se/docs/adv_20100209.html
Daniel Fandrich (3 Feb 2010)
- Changed the Watcom makefiles to make them easier to keep in sync with
Makefile.inc since that can't be included directly.
Yang Tse (2 Feb 2010)
- Symbol CURL_FORMAT_OFF_T now obsoleted, will be removed in a future release,
symbol will not be available when building with CURL_NO_OLDIES defined. Use
of CURL_FORMAT_CURL_OFF_T is preferred since 7.19.0
Daniel Stenberg (1 Feb 2010)
- Using the multi_socket API, it turns out at times it seemed to "forget"
connections (which caused a hang). It turned out to be an existing (7.19.7)
bug in libcurl (that's been around for a long time) and it happened like
this:
The app calls curl_multi_add_handle() to add a new easy handle, libcurl will
then set it to timeout in 1 millisecond so libcurl will tell the app about
it.
The app's timeout fires off that there's a timeout, the app calls libcurl as
we so often document it:
do {
res = curl_multi_socket_action(... TIMEOUT ...);
} while(CURLM_CALL_MULTI_PERFORM == res);
And this is the problem number one:
When curl_multi_socket_action() is called with no specific handle, but only
a timeout-action, it will *only* perform actions within libcurl that are
marked to run at this time. In this case, the request would go from INIT to
CONNECT and return CURLM_CALL_MULTI_PERFORM. When the app then calls libcurl
again, there's no timer set for this handle so it remains in the CONNECT
state. The CONNECT state is a transitional state in libcurl so it reports no
sockets there, and thus libcurl never tells the app anything more about that
easy handle/connection.
libcurl _does_ set a 1ms timeout for the handle at the end of
multi_runsingle() if it returns CURLM_CALL_MULTI_PERFORM, but since the loop
is instant the new job is not ready to run at that point (and there's no
code that makes libcurl call the app to update the timout for this new
timeout). It will simply rely on that some other timeout will trigger later
on or that something else will update the timeout callback. This makes the
bug fairly hard to repeat.
The fix made to adress this issue:
We introduce a loop in lib/multi.c around all calls to multi_runsingle() and
simply check for CURLM_CALL_MULTI_PERFORM internally. This has the added
benefit that this goes in line with my long-term wishes to get rid of the
CURLM_CALL_MULTI_PERFORM all together from the public API.
The downside of this fix, is that the counter we return in 'running_handles'
in several of our public functions then gets a slightly new and possibly
confusing behavior during times:
If an app adds a handle that fails to connect (very quickly) it may just
as well never appear as a 'running_handle' with this fix. Previously it
would first bump the counter only to get it decreased again at next call.
Even I have used that change in handle counter to signal "end of a
transfer". The only *good* way to find the end of a individual transfer
is calling curl_multi_info_read() to see if it returns one.
Of course, if the app previously did the looping before it checked the
counter, it really shouldn't be any new effect.
Yang Tse (26 Jan 2010)
- Constantine Sapuntzakis' and Joshua Kwan's work done in the last four months
relative to the asynchronous DNS lookups, along with with some integration
adjustments I have done are finally committed to CVS.
Currently these enhancements will benefit builds done using c-ares on any
platform as well as Windows builds using the default threaded resolver.
This release does not make generally available POSIX threaded DNS lookups
yet. There is no configure option to enable this feature yet. It is possible
to experimantally try this feature running configure with compiler flags that
make simultaneous definition of preprocessor symbols USE_THREADS_POSIX and
HAVE_PTHREAD_H, as well as whatever reentrancy compiler flags and linker ones
are required to link and properly use pthread_* functions on each platform.
Daniel Stenberg (26 Jan 2010)
- Mike Crowe made libcurl return CURLE_COULDNT_RESOLVE_PROXY when it is the
proxy that cannot be resolved when using c-ares. This matches the behaviour
when not using c-ares.
Bj
- Added a new flag: -J/--remote-header-name. This option tells the
-O/--remote-name option to use the server-specified Content-Disposition
filename instead of extracting a filename from the URL.
Daniel Stenberg (21 Jan 2010)
- Chris Conroy brought support for RTSP transfers, and with it comes 8(!) new
libcurl options for controlling what to get and how to receive posssibly
interleaved RTP data.
Daniel Stenberg (20 Jan 2010)
- As was pointed out on the http-state mailing list, the order of cookies in a
HTTP Cookie: header _needs_ to be sorted on the path length in the cases
where two cookies using the same name are set more than once using
(overlapping) paths. Realizing this, identically named cookies must be
sorted correctly. But detecting only identically named cookies and take care
of them individually is harder than just to blindly and unconditionally sort
all cookies based on their path lengths. All major browsers also already do
this, so this makes our behavior one step closer to them in the cookie area.
Test case 8 was the only one that broke due to this change and I updated it
accordingly.
Daniel Stenberg (19 Jan 2010)
- David McCreedy brought a fix and a new test case (129) to make libcurl work
again when downloading files over FTP using ASCII and it turns out that the
final size of the file is not the same as the initial size the server
reported. This is very common since servers don't take the newline
conversions into account.
Kamil Dudka (14 Jan 2010)
- Suppressed side effect of OpenSSL configure checks, which prevented NSS from
being properly detected under certain circumstances. It had been caused by
strange behavior of pkg-config when handling PKG_CONFIG_LIBDIR. pkg-config
distinguishes among empty and non-existent environment variable in that case.
Daniel Stenberg (12 Jan 2010)
- Gil Weber reported a peculiar flaw with the multi interface when doing SFTP
transfers: curl_multi_fdset() would return -1 and not set and file
descriptors several times during a transfer of a single file. It turned out
to be due to two different flaws now fixed. Gil's excellent recipe helped me
nail this.
Daniel Stenberg (11 Jan 2010)
- Made sure that the progress callback is repeatedly called at a regular
interval even during very slow connects.
- The tests/runtests.pl script now checks to see if the test case that runs is
present in the tests/data/Makefile.am and outputs a notice message on the
screen if not. Each test file has to be included in that Makefile.am to get
included in release archives and forgetting to add files there is a common
mistake. This is an attempt to make it harder to forget.
Daniel Stenberg (9 Jan 2010)
- Johan van Selst found and fixed a OpenSSL session ref count leak:
ossl_connect_step3() increments an SSL session handle reference counter on
each call. When sessions are re-used this reference counter may be
incremented many times, but it will be decremented only once when done (by
Curl_ossl_session_free()); and the internal OpenSSL data will not be freed
if this reference count remains positive. When a session is re-used the
reference counter should be corrected by explicitly calling
SSL_SESSION_free() after each consecutive SSL_get1_session() to avoid
introducing a memory leak.
(http://curl.haxx.se/bug/view.cgi?id=2926284)
Daniel Stenberg (7 Jan 2010)
- Make sure the progress callback is called repeatedly even during very slow
name resolves when c-ares is used for resolving.
Claes Jakobsson (6 Jan 2010)
- Julien Chaffraix fixed so that the fragment part in an URL is not sent
to the server anymore.
Kamil Dudka (3 Jan 2010)
- Julien Chaffraix eliminated a duplicated initialization in singlesocket().
Daniel Stenberg (2 Jan 2010)
- Make curl support --ssl and --ssl-reqd instead of the previous FTP-specific
versions --ftp-ssl and --ftp-ssl-reqd as these options are now used to
control SSL/TLS for IMAP, POP3 and SMTP as well in addition to FTP. The old
option names are still working but the new ones are the ones listed and
documented.
Daniel Stenberg (1 Jan 2010)
- Ingmar Runge enhanced libcurl's FTP engine to support the PRET command. This
command is a special "hack" used by the drftpd server, but even though it is
a custom extension I've deemed it fine to add to libcurl since this server
seems to survive and people keep using it and want libcurl to support
it. The new libcurl option is named CURLOPT_FTP_USE_PRET, and it is also
usable from the curl tool with --ftp-pret. Using this option on a server
that doesn't support this command will make libcurl fail.
I added test cases 1107 and 1108 to verify the functionality.
The PRET command is documented at
http://www.drftpd.org/index.php/Distributed_PASV
Yang Tse (30 Dec 2009)
- Steven M. Schweda improved VMS build system, and Craig A. Berry helped
with the patch and testing.
Daniel Stenberg (26 Dec 2009)
- Renato Botelho and Peter Pentchev brought a patch that makes the libcurl
headers work correctly even on FreeBSD systems before v8.
(http://curl.haxx.se/bug/view.cgi?id=2916915)
Daniel Stenberg (17 Dec 2009)
- David Byron fixed Curl_ossl_cleanup to actually call ENGINE_cleanup when
available.
- Follow-up fix for the proxy fix I did for Jon Nelson's bug. It turned out I
was a bit too quick and broke test case 1101 with that change. The order of
some of the setups is sensitive. I now changed it slightly again to make
sure we do them in this order:
1 - parse URL and figure out what protocol is used in the URL
2 - prepend protocol:// to URL if missing
3 - parse name+password off URL, which needs to know what protocol is used
(since only some allows for name+password in the URL)
4 - figure out if a proxy should be used set by an option
5 - if no proxy option, check proxy environment variables
6 - run the protocol-specific setup function, which needs to have the proxy
already set
Daniel Stenberg (15 Dec 2009)
- Jon Nelson found a regression that turned out to be a flaw in how libcurl
detects and uses proxies based on the environment variables. If the proxy
was given as an explicit option it worked, but due to the setup order
mistake proxies would not be used fine for a few protocols when picked up
from '[protocol]_proxy'. Obviously this broke after 7.19.4. I now also added
test case 1106 that verifies this functionality.
(http://curl.haxx.se/bug/view.cgi?id=2913886)
Daniel Stenberg (12 Dec 2009)
- IMAP, POP3 and SMTP support and their TLS versions (including IMAPS, POP3S
and SMTPS) are now supported. The current state may not yet be solid, but
the foundation is in place and the test suite has some initial support for
these protocols. Work will now persue to make them nice libcurl citizens
until release.
The work with supporting these new protocols was sponsored by
networking4all.com - thanks!
Daniel Stenberg (10 Dec 2009)
- Siegfried Gyuricsko found out that the curl manual said --retry would retry
on FTP errors in the transient 5xx range. Transient FTP errors are in the
4xx range. The code itself only tried on 5xx errors that occured _at login_.
Now the retry code retries on all FTP transfer failures that ended with a
4xx response.
(http://curl.haxx.se/bug/view.cgi?id=2911279)
- Constantine Sapuntzakis figured out a case which would lead to libcurl
accessing alredy freed memory and thus crash when using HTTPS (with
OpenSSL), multi interface and the CURLOPT_DEBUGFUNCTION and a certain order
of cleaning things up. I fixed it.
(http://curl.haxx.se/bug/view.cgi?id=2905220)
Daniel Stenberg (7 Dec 2009)
- Martin Storsjo made libcurl use the Expect: 100-continue header for posts
with unknown size. Previously it was only used for posts with a known size
larger than 1024 bytes.
Daniel Stenberg (1 Dec 2009)
- If the Expect: 100-continue header has been set by the application through
curl_easy_setopt with CURLOPT_HTTPHEADER, the library should set
data->state.expect100header accordingly - the current code (in 7.19.7 at
least) doesn't handle this properly. Martin Storsjo provided the fix!
Yang Tse (28 Nov 2009)
- Added Diffie-Hellman parameters to several test harness certificate files in
PEM format. Required by several stunnel versions used by our test harness.
Daniel Stenberg (28 Nov 2009)
- Markus Koetter provided a polished and updated version of Chad Monroe's TFTP
rework patch that now integrates TFTP properly into libcurl so that it can
be used non-blocking with the multi interface and more. BLKSIZE also works.
The --tftp-blksize option was added to allow setting the TFTP BLKSIZE from
the command line.
Daniel Stenberg (26 Nov 2009)
- Extended and fixed the change I did on Dec 11 for the the progress
meter/callback during FTP command/response sequences. It turned out it was
really lame before and now the progress meter SHOULD get called at least
once per second.
Daniel Stenberg (23 Nov 2009)
- Bjorn Augustsson reported a bug which made curl not report any problems even
though it failed to write a very small download to disk (done in a single
fwrite call). It turned out to be because fwrite() returned success, but
there was insufficient error-checking for the fclose() call which tricked
curl to believe things were fine.
Yang Tse (23 Nov 2009)
- David Byron modified Makefile.dist vc8 and vc9 targets in order to allow
finer granularity control when generating src and lib makefiles.
Yang Tse (22 Nov 2009)
- I modified configure to force removal of the curlbuild.h file included in
distribution tarballs for use by non-configure systems. As intended, this
would get overwriten when doing in-tree builds. But VPATH builds would end
having two curlbuild.h files, one in the source tree and another in the
build tree. With the modification I introduced 5 Nov 2009 this could become
an issue when running libcurl's test suite.
Daniel Stenberg (20 Nov 2009)
- Constantine Sapuntzakis identified a write after close, as the sockets were
closed by libcurl before the SSL lib were shutdown and they may write to its
socket. Detected to at least happen with OpenSSL builds.
- Jad Chamcham pointed out a bug with connection re-use. If a connection had
CURLOPT_HTTPPROXYTUNNEL enabled over a proxy, a subsequent request using the
same proxy with the tunnel option disabled would still wrongly re-use that
previous connection and the outcome would only be badness.
Yang Tse (18 Nov 2009)
- I modified the memory tracking system to make it intolerant with zero sized
malloc(), calloc() and realloc() function calls.
Daniel Stenberg (17 Nov 2009)
- Constantine Sapuntzakis provided another fix for the DNS cache that could
end up with entries that wouldn't time-out:
1. Set up a first web server that redirects (307) to a http://server:port
that's down
2. Have curl connect to the first web server using curl multi
After the curl_easy_cleanup call, there will be curl dns entries hanging
around with in_use != 0.
(http://curl.haxx.se/bug/view.cgi?id=2891591)
- Marc Kleine-Budde fixed: curl saved the LDFLAGS set during configure into
its pkg-config file. So -Wl stuff ended up in the .pc file, which is really
bad, and breaks if there are multiple -Wl in our LDFLAGS (which are in
PTXdist). bug #2893592 (http://curl.haxx.se/bug/view.cgi?id=2893592)
Kamil Dudka (15 Nov 2009)
- David Byron improved the configure script to use pkg-config to find OpenSSL
(and in particular the list of required libraries) even if a path is given
as argument to --with-ssl
Yang Tse (15 Nov 2009)
- I removed enable-thread / disable-thread configure option. These were only
placebo options. The library is always built as thread safe as possible on
every system.
Claes Jakobsson (14 Nov 2009)
- curl-config now accepts '--configure' to see what arguments was
passed to the configure script when building curl.
Daniel Stenberg (14 Nov 2009)
- Claes Jakobsson restored the configure functionality to detect NSS when
--with-nss is set but not "yes".
I think we can still improve that to check for pkg-config in that path etc,
but at least this patch brings back the same functionality we had before.
- Camille Moncelier added support for the file type SSL_FILETYPE_ENGINE for
the client certificate. It also disable the key name test as some engines
can select a private key/cert automatically (When there is only one key
and/or certificate on the hardware device used by the engine)
Yang Tse (14 Nov 2009)
- Constantine Sapuntzakis provided the fix that ensures that an SSL connection
won't be reused unless protection level for peer and host verification match.
I refactored how preprocessor symbol _THREAD_SAFE definition is done.
Kamil Dudka (12 Nov 2009)
- Kevin Baughman provided a fix preventing libcurl-NSS from crash on doubly
closed NSPR descriptor. The issue was hard to find, reported several times
before and always closed unresolved. More info at the RH bug:
https://bugzilla.redhat.com/534176
- libcurl-NSS now tries to reconnect with TLS disabled in case it detects
a broken TLS server. However it does not happen if SSL version is selected
manually. The approach was originally taken from PSM. Kaspar Brand helped me
to complete the patch. Original bug reports:
https://bugzilla.redhat.com/525496
https://bugzilla.redhat.com/527771
Yang Tse (12 Nov 2009)
- I modified configure script to make the getaddrinfo function check also
verify if the function is thread safe.
Yang Tse (11 Nov 2009)
- Marco Maggi reported that compilation failed when configured --with-gssapi
and GNU GSS installed due to a missing mutual exclusion of header files in
the Kerberos 5 code path. He also verified that my patch worked for him.
Daniel Stenberg (11 Nov 2009)
- Constantine Sapuntzakis posted bug #2891595
(http://curl.haxx.se/bug/view.cgi?id=2891595) which identified how an entry
in the DNS cache would linger too long if the request that added it was in
use that long. He also provided the patch that now makes libcurl capable of
still doing a request while the DNS hash entry may get timed out.
- Christian Schmitz noticed that the progress meter/callback was not properly
used during the FTP connection phase (after the actual TCP connect), while
it of course should be. I also made the speed check get called correctly so
that really slow servers will trigger that properly too.
Kamil Dudka (5 Nov 2009)
- Dropped misleading timeouts in libcurl-NSS and made sure the SSL socket works
in non-blocking mode.
Yang Tse (5 Nov 2009)
- I removed leading 'curl' path on the 'curlbuild.h' include statement in
curl.h, adjusting auto-makefiles include path, to enhance portability to
OS's without an orthogonal directory tree structure such as OS/400.
Daniel Stenberg (4 Nov 2009)
- I fixed several problems with the transfer progress meter. It showed the
wrong percentage for small files, most notable for <1000 bytes and could
easily end up showing more than 100% at the end. It also didn't show any
percentage, transfer size or estimated transfer times when transferring
less than 100 bytes.
add a patch from upstream to fix "data callback excessive length" which is security critical
Recursive PKGREVISION bump for jpeg update to 8.
update to 7.19.7 changes: --T. is now for non-blocking uploading from stdin -SYST handling on FTP for OS/400 FTP server cases -libcurl refuses to read a single HTTP header longer than 100K -added the --crlfile option to curl +bugfices
Set default path for CA certificates. Bump PKGREVISION. From Matthias Pfaller.
Pullup ticket #2877 - requested by wiz curl: security update Revisions pulled up: - www/curl/Makefile 1.91 - www/curl/distinfo 1.60 --- Module Name: pkgsrc Committed By: wiz Date: Sun Aug 16 13:47:35 UTC 2009 Modified Files: pkgsrc/www/curl: Makefile distinfo Log Message: Update to 7.19.6: Version 7.19.6 (12 August 2009) Daniel Stenberg (12 Aug 2009) - Carsten Lange reported a bug and provided a patch for TFTP upload and the sending of the TSIZE option. I don't like fixing bugs just hours before a release, but since it was broken and the patch fixes this for him I decided to get it in anyway. Daniel Stenberg (11 Aug 2009) - Peter Sylvester made the HTTPS test server use specific certificates for each test, so that the test suite can now be used to actually test the verification of cert names etc. This made an error show up in the OpenSSL- specific code where it would attempt to match the CN field even if a subjectAltName exists that doesn't match. This is now fixed and verified in test 311. - Benbuck Nason posted the bug report #2835196 (http://curl.haxx.se/bug/view.cgi?id=2835196), fixing a few compiler warnings when mixing ints and bools. Daniel Fandrich (10 Aug 2009) - Fixed a memory leak in the FTP code and an off-by-one heap buffer overflow. Daniel Fandrich (9 Aug 2009) - Fixed some memory leaks in the command-line tool that caused most of the torture tests to fail. Daniel Stenberg (2 Aug 2009) - Curt Bogmine reported a problem with SNI enabled on a particular server. We should introduce an option to disable SNI, but as we're in feature freeze now I've addressed the obvious bug here (pointed out by Peter Sylvester): we shouldn't try to enable SNI when SSLv2 or SSLv3 is explicitly selected. Code for OpenSSL and GnuTLS was fixed. NSS doesn't seem to have a particular option for SNI, or are we simply not using it? Daniel Stenberg (1 Aug 2009) - Scott Cantor posted the bug report #2829955 (http://curl.haxx.se/bug/view.cgi?id=2829955) mentioning the recent SSL cert verification flaw found and exploited by Moxie Marlinspike. The presentation he did at Black Hat is available here: https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike Apparently at least one CA allowed a subjectAltName or CN that contain a zero byte, and thus clients that assumed they would never have zero bytes were exploited to OK a certificate that didn't actually match the site. Like if the name in the cert was "example.com\0theatualsite.com", libcurl would happily verify that cert for example.com. libcurl now better uses the length of the extracted name, not using the zero termination for getting the string length. This fixing only made and needed in OpenSSL interfacing code. - Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present only in some OpenSSL installs - like on Windows) isn't thread-safe and we agreed that moving it to the global_init() function is a decent way to deal with this situation. - Alexander Beedie provided the patch for a noproxy problem: If I have set CURLOPT_NOPROXY to "*", or to a host that should not use a proxy, I actually could still end up using a proxy if a proxy environment variable was set. Daniel Stenberg (27 Jul 2009) - All the quote options (CURLOPT_QUOTE, CURLOPT_POSTQUOTE and CURLOPT_PREQUOTE) now accept a preceeding asterisk before the command to send when using FTP, as a sign that libcurl shall simply ignore the response from the server instead of treating it as an error. Not treating a 400+ FTP response code as an error means that failed commands will not abort the chain of commands, nor will they cause the connection to get disconnected. Daniel Stenberg (26 Jul 2009) - Johan van Selst posted bug report #2825989 (http://curl.haxx.se/bug/view.cgi?id=2825989) pointing out that OpenSSL-powered libcurl didn't support the SHA-2 digest algorithm, and provided the solution too: to use OpenSSL_add_all_algorithms() in addition to the older SSLeay_* alternative. OpenSSL_add_all_algorithms was added in OpenSSL 0.9.5 Daniel Stenberg (23 Jul 2009) - Added CURLOPT_SSH_KNOWNHOSTS, CURLOPT_SSH_KEYFUNCTION, CURLOPT_SSH_KEYDATA. They introduce known_host support for SSH keys to libcurl. See docs for details. Note that this feature depends on a new enough libssh2 version, to be supported in libssh2 1.2 and later (or current git repo at this time). Michal Marek (22 Jul 2009) - David Binderman found a memory and fd leak in lib/gtls.c:load_file() (https://bugzilla.novell.com/523919). When looking at the code, I found that also the ptr pointer can leak. Kamil Dudka (20 Jul 2009) - Claes Jakobsson improved the support for client certificates handling in NSS-powered libcurl. Now the client certificates can be selected automatically by a NSS built-in hook. Additionally pre-login to all PKCS11 slots is no more performed. It used to cause problems with HW tokens. - Fixed reference counting for NSS client certificates. Now the PEM reader module should be always properly unloaded on Curl_nss_cleanup(). If the unload fails though, libcurl will try to reuse the already loaded instance. Daniel Fandrich (15 Jul 2009) - Added nonblock.c to the non-automake makefiles (note that the dependencies in the Watcom makefiles aren't quite correct). Michal Marek (15 Jul 2009) - Changed the description of CURLINFO_OS_ERRNO to make it clear that the errno is not reset on success. Guenter Knauf (14 Jul 2009) - renamed generated config.h to curl_config.h to avoid any future clashes with config.h from other projects. Daniel Stenberg (9 Jul 2009) - Eric Wong introduced curlx_nonblock() that the curl tool now (re-)uses for setting a file descriptor non-blocking. Used by the functionality Eric himself brough on June 15th. Daniel Stenberg (8 Jul 2009) - Constantine Sapuntzakis posted bug report #2813123 (http://curl.haxx.se/bug/view.cgi?id=2813123) and an a patch that fixes the problem: Url A is accessed using auth. Url A redirects to Url B (on a different server0. Url B reuses a persistent connection. Url B has auth, even though it's on a different server. Note: if Url B does not reuse a persistent connection, auth is not sent. reason: data->state.first_host is not initialized becuase Curl_http_connect is not called when a connection is reused. Solution: move initialization of data->state.first_host to Curl_http. No code before Curl_http uses data->state.first_host anyway. Guenter Knauf (4 Jul 2009) - Markus Koetter provided a patch to avoid getnameinfo() usage which broke a couple of both IPv4 and IPv6 autobuilds. Daniel Stenberg (29 Jun 2009) - Markus Koetter made CURLOPT_FTPPORT (and curl's -P/--ftpport) support a port range if given colon-separated after the host name/address part. Like "192.168.0.1:2000-10000" - Modified the separators used for CURLOPT_CERTINFO in multi-part outputs. I don't know how they got wrong in the first place, but using this output format makes it possible to quite easily separate the string into an array of multiple items. Daniel Fandrich (16 June 2009) - Added a few more compiler warning options for gcc. Daniel Stenberg (16 Jun 2009) - Reuven Wachtfogel made curl -o - properly produce a binary output on windows (no newline translations). Use -B/--use-ascii if you rather get the ascii approach. Michal Marek (16 Jun 2009) - When doing non-anonymous ftp via http proxies and the password is not provided in the url, add it there (squid needs this). Daniel Stenberg (15 Jun 2009) - Eric Wong's patch: This allows curl(1) to be used as a client-side tunnel for arbitrary stream protocols by abusing chunked transfer encoding in both the HTTP request and HTTP response. This requires server support for sending a response while a request is still being read, of course. If attempting to read from stdin returns EAGAIN, then we pause our sender. This leaves curl to attempt to read from the socket while reading from stdin (and thus sending) is paused. This change was needed to allow successfully tunneling the git protocol over HTTP (--no-buffer is needed, as well). Patrick Monnerat (15 Jun 2009) - Replaced use of standard C library rand()/srand() by our own pseudo-random number generator. Yang Tse (11 Jun 2009) - I adapted testcurl script to allow building test harness programs when cross-compiling for a *-*-mingw* host. Daniel Stenberg (10 Jun 2009) - Fabian Keil ran clang on the (lib)curl code, found a bunch of warnings and contributed a range of patches to fix them. Yang Tse (10 Jun 2009) - I introduced configure script option --enable-curldebug which now allows the decoupled enabling or disabling of the curl debug memory tracking feature from the --enable-debug option which no longer controls this. curl --version will list 'Debug' feature for debug enabled builds, and will list 'TrackMemory' feature for curl debug memory tracking capable builds. These features are independent and can be controlled when running the configure script. When --enable-debug is given both features will be enabled, unless some restriction prevents memory tracking from being used. Internally, definition of preprocessor symbol DEBUGBUILD restricts code which is only compiled for debug enabled builds. And symbol CURLDEBUG is used to differentiate code which is _only_ used for memory tracking. Yang Tse (9 Jun 2009) - Daniel Steinberg pointed out that Curl_FormInit() in formdata.c was not initializing the fread callback pointer and this triggered a compiler warning, also provided a friendly suggestion on how to fix it. Daniel Stenberg (8 Jun 2009) - Claes Jakobsson provided a patch for libcurl-NSS that fixed a bad refcount issue with client certs that caused issues like segfaults. http://curl.haxx.se/mail/lib-2009-05/0316.html - Triggered by bug report #2798852 and the patch in there, I fixed configure to detect gnutls build options with pkg-config only and not libgnutls-config anymore since GnuTLS has stopped distributing that tool. If an explicit path is given to configure, we will instead guess on how to link and use that lib. I did not use the patch from the bug report. Yang Tse (8 Jun 2009) - Igor Novoseltsev adjusted Makefile.vxworks to get sources and headers included from Makefile.inc, and provided docs\INSTALL VxWorks section. - I removed buildconf.bat from release and daily snapshot archives. This file is only for CVS tree checkout builds. Daniel Stenberg (8 Jun 2009) - Eric Wong fixed --no-buffer to actually switch off output buffering. Been broken since 7.19.0 Bill Hoffman (6 Jun 2009) - Added some cmake docs and fixed socklen_t in the build. Yang Tse (5 Jun 2009) - John E. Malmberg provided VMS specific patch: "This fixes an existing bug in urlglob.c where it was not converting the Curl Unix exit code to a VMS DCL compatible exit code. This fix required the enhancement described next. This also adds an enhancement to main.c so that when curl is run under a Unix shell like Bash on VMS, it will return the standard Unix exit codes and messages." And another patch for docs/examples. I introduced os-specific.c and os-specific.h for use in curl tool code and adjusted John E. Malmberg's patch placement to use these new files as an effort to prevent main.c from growing ad infinitum. Code already existing in main.c which is OS specific should be moved into these files. Daniel Stenberg (4 June 2009) - Setting the Content-Length: header from your app when you do a POST or PUT is almost always a VERY BAD IDEA. Yet there are still apps out there doing this, and now recently it triggered a bug/side-effect in libcurl as when libcurl sends a POST or PUT with NTLM, it sends an empty post first when it knows it will just get a 401/407 back. If the app then replaced the Content-Length header, it caused the server to wait for input that libcurl wouldn't send. Aaron Oneal reported this problem in bug report #2799008 (http://curl.haxx.se/bug/view.cgi?id=2799008) and helped us verify the fix. Yang Tse (4 Jun 2009) - Igor Novoseltsev provided patches and information, that after some adjustments to better fit curl's way of doing things, have resulted in the posibility of building libcurl for VxWorks. Daniel Fandrich (2 June 2009) - Checked in a Google Android make file. To use it, you must first create a config.h file by running configure in the Android environment, which doesn't seem to be easy to do. If no easy way can be found, a static config-android.h may need to be created and checked in to the libcurl source tree. Daniel Stenberg (1 June 2009) - Claes Jakobsson fixed the configure script to better find and use NSS without pkg-config. Yang Tse (1 Jun 2009) - John E. Malmberg provided a VMS specific clean-up for curl.h, and pointed out that the configure script was failing to detect the timeval struct on VMS when building with _XOPEN_SOURCE_EXTENDED undefined due to definition taking place in socket.h instead of time.h. I have adjusted configure script to also include this header when checking struct timeval. Daniel Stenberg (27 May 2009) - Frank McGeough provided a small OpenSSL #include fix to make libcurl compile fine with Nokia 5th edition 1.0 SDK for Symbian. - Andre Guibert de Bruet found a call to a OpenSSL function that didn't check for a failure properly. - Mike Crowe pointed out that setting CURLOPT_USERPWD to NULL used to clear the auth credentials back in 7.19.0 and earlier while now you have to set "" to get the same effect. His patch brings back the ability to use NULL. - Claes Jakobsson fixed libcurl-NSS to build fine even without the PK11_CreateGenericObject() function. Daniel Stenberg (25 May 2009) - bug report #2796358 (http://curl.haxx.se/bug/view.cgi?id=2796358) pointed out that the cookie parser would leak memory when it parses cookies that are received with domain, path etc set multiple times in the same header. While such a cookie is questionable, they occur in the wild and libcurl no longer leaks memory for them. I added such a header to test case 8. Daniel Fandrich (22 May 2009) - Removed some obsolete digest code that caused a valgrind error in test 551. Daniel Fandrich (20 May 2009) - Added "non-existing host" test keywords to make it easy to skip those tests on machines that have broken DNS configurations (such as those configured to use OpenDNS). Daniel Stenberg (19 May 2009) - Kamil Dudka brought the patch from the Redhat bug entry https://bugzilla.redhat.com/show_bug.cgi?id=427966 which was libcurl closing a bad file descriptor when closing down the FTP data connection. Caolan McNamara seems to be the original author of it.
Update to 7.19.6: Version 7.19.6 (12 August 2009) Daniel Stenberg (12 Aug 2009) - Carsten Lange reported a bug and provided a patch for TFTP upload and the sending of the TSIZE option. I don't like fixing bugs just hours before a release, but since it was broken and the patch fixes this for him I decided to get it in anyway. Daniel Stenberg (11 Aug 2009) - Peter Sylvester made the HTTPS test server use specific certificates for each test, so that the test suite can now be used to actually test the verification of cert names etc. This made an error show up in the OpenSSL- specific code where it would attempt to match the CN field even if a subjectAltName exists that doesn't match. This is now fixed and verified in test 311. - Benbuck Nason posted the bug report #2835196 (http://curl.haxx.se/bug/view.cgi?id=2835196), fixing a few compiler warnings when mixing ints and bools. Daniel Fandrich (10 Aug 2009) - Fixed a memory leak in the FTP code and an off-by-one heap buffer overflow. Daniel Fandrich (9 Aug 2009) - Fixed some memory leaks in the command-line tool that caused most of the torture tests to fail. Daniel Stenberg (2 Aug 2009) - Curt Bogmine reported a problem with SNI enabled on a particular server. We should introduce an option to disable SNI, but as we're in feature freeze now I've addressed the obvious bug here (pointed out by Peter Sylvester): we shouldn't try to enable SNI when SSLv2 or SSLv3 is explicitly selected. Code for OpenSSL and GnuTLS was fixed. NSS doesn't seem to have a particular option for SNI, or are we simply not using it? Daniel Stenberg (1 Aug 2009) - Scott Cantor posted the bug report #2829955 (http://curl.haxx.se/bug/view.cgi?id=2829955) mentioning the recent SSL cert verification flaw found and exploited by Moxie Marlinspike. The presentation he did at Black Hat is available here: https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike Apparently at least one CA allowed a subjectAltName or CN that contain a zero byte, and thus clients that assumed they would never have zero bytes were exploited to OK a certificate that didn't actually match the site. Like if the name in the cert was "example.com\0theatualsite.com", libcurl would happily verify that cert for example.com. libcurl now better uses the length of the extracted name, not using the zero termination for getting the string length. This fixing only made and needed in OpenSSL interfacing code. - Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present only in some OpenSSL installs - like on Windows) isn't thread-safe and we agreed that moving it to the global_init() function is a decent way to deal with this situation. - Alexander Beedie provided the patch for a noproxy problem: If I have set CURLOPT_NOPROXY to "*", or to a host that should not use a proxy, I actually could still end up using a proxy if a proxy environment variable was set. Daniel Stenberg (27 Jul 2009) - All the quote options (CURLOPT_QUOTE, CURLOPT_POSTQUOTE and CURLOPT_PREQUOTE) now accept a preceeding asterisk before the command to send when using FTP, as a sign that libcurl shall simply ignore the response from the server instead of treating it as an error. Not treating a 400+ FTP response code as an error means that failed commands will not abort the chain of commands, nor will they cause the connection to get disconnected. Daniel Stenberg (26 Jul 2009) - Johan van Selst posted bug report #2825989 (http://curl.haxx.se/bug/view.cgi?id=2825989) pointing out that OpenSSL-powered libcurl didn't support the SHA-2 digest algorithm, and provided the solution too: to use OpenSSL_add_all_algorithms() in addition to the older SSLeay_* alternative. OpenSSL_add_all_algorithms was added in OpenSSL 0.9.5 Daniel Stenberg (23 Jul 2009) - Added CURLOPT_SSH_KNOWNHOSTS, CURLOPT_SSH_KEYFUNCTION, CURLOPT_SSH_KEYDATA. They introduce known_host support for SSH keys to libcurl. See docs for details. Note that this feature depends on a new enough libssh2 version, to be supported in libssh2 1.2 and later (or current git repo at this time). Michal Marek (22 Jul 2009) - David Binderman found a memory and fd leak in lib/gtls.c:load_file() (https://bugzilla.novell.com/523919). When looking at the code, I found that also the ptr pointer can leak. Kamil Dudka (20 Jul 2009) - Claes Jakobsson improved the support for client certificates handling in NSS-powered libcurl. Now the client certificates can be selected automatically by a NSS built-in hook. Additionally pre-login to all PKCS11 slots is no more performed. It used to cause problems with HW tokens. - Fixed reference counting for NSS client certificates. Now the PEM reader module should be always properly unloaded on Curl_nss_cleanup(). If the unload fails though, libcurl will try to reuse the already loaded instance. Daniel Fandrich (15 Jul 2009) - Added nonblock.c to the non-automake makefiles (note that the dependencies in the Watcom makefiles aren't quite correct). Michal Marek (15 Jul 2009) - Changed the description of CURLINFO_OS_ERRNO to make it clear that the errno is not reset on success. Guenter Knauf (14 Jul 2009) - renamed generated config.h to curl_config.h to avoid any future clashes with config.h from other projects. Daniel Stenberg (9 Jul 2009) - Eric Wong introduced curlx_nonblock() that the curl tool now (re-)uses for setting a file descriptor non-blocking. Used by the functionality Eric himself brough on June 15th. Daniel Stenberg (8 Jul 2009) - Constantine Sapuntzakis posted bug report #2813123 (http://curl.haxx.se/bug/view.cgi?id=2813123) and an a patch that fixes the problem: Url A is accessed using auth. Url A redirects to Url B (on a different server0. Url B reuses a persistent connection. Url B has auth, even though it's on a different server. Note: if Url B does not reuse a persistent connection, auth is not sent. reason: data->state.first_host is not initialized becuase Curl_http_connect is not called when a connection is reused. Solution: move initialization of data->state.first_host to Curl_http. No code before Curl_http uses data->state.first_host anyway. Guenter Knauf (4 Jul 2009) - Markus Koetter provided a patch to avoid getnameinfo() usage which broke a couple of both IPv4 and IPv6 autobuilds. Daniel Stenberg (29 Jun 2009) - Markus Koetter made CURLOPT_FTPPORT (and curl's -P/--ftpport) support a port range if given colon-separated after the host name/address part. Like "192.168.0.1:2000-10000" - Modified the separators used for CURLOPT_CERTINFO in multi-part outputs. I don't know how they got wrong in the first place, but using this output format makes it possible to quite easily separate the string into an array of multiple items. Daniel Fandrich (16 June 2009) - Added a few more compiler warning options for gcc. Daniel Stenberg (16 Jun 2009) - Reuven Wachtfogel made curl -o - properly produce a binary output on windows (no newline translations). Use -B/--use-ascii if you rather get the ascii approach. Michal Marek (16 Jun 2009) - When doing non-anonymous ftp via http proxies and the password is not provided in the url, add it there (squid needs this). Daniel Stenberg (15 Jun 2009) - Eric Wong's patch: This allows curl(1) to be used as a client-side tunnel for arbitrary stream protocols by abusing chunked transfer encoding in both the HTTP request and HTTP response. This requires server support for sending a response while a request is still being read, of course. If attempting to read from stdin returns EAGAIN, then we pause our sender. This leaves curl to attempt to read from the socket while reading from stdin (and thus sending) is paused. This change was needed to allow successfully tunneling the git protocol over HTTP (--no-buffer is needed, as well). Patrick Monnerat (15 Jun 2009) - Replaced use of standard C library rand()/srand() by our own pseudo-random number generator. Yang Tse (11 Jun 2009) - I adapted testcurl script to allow building test harness programs when cross-compiling for a *-*-mingw* host. Daniel Stenberg (10 Jun 2009) - Fabian Keil ran clang on the (lib)curl code, found a bunch of warnings and contributed a range of patches to fix them. Yang Tse (10 Jun 2009) - I introduced configure script option --enable-curldebug which now allows the decoupled enabling or disabling of the curl debug memory tracking feature from the --enable-debug option which no longer controls this. curl --version will list 'Debug' feature for debug enabled builds, and will list 'TrackMemory' feature for curl debug memory tracking capable builds. These features are independent and can be controlled when running the configure script. When --enable-debug is given both features will be enabled, unless some restriction prevents memory tracking from being used. Internally, definition of preprocessor symbol DEBUGBUILD restricts code which is only compiled for debug enabled builds. And symbol CURLDEBUG is used to differentiate code which is _only_ used for memory tracking. Yang Tse (9 Jun 2009) - Daniel Steinberg pointed out that Curl_FormInit() in formdata.c was not initializing the fread callback pointer and this triggered a compiler warning, also provided a friendly suggestion on how to fix it. Daniel Stenberg (8 Jun 2009) - Claes Jakobsson provided a patch for libcurl-NSS that fixed a bad refcount issue with client certs that caused issues like segfaults. http://curl.haxx.se/mail/lib-2009-05/0316.html - Triggered by bug report #2798852 and the patch in there, I fixed configure to detect gnutls build options with pkg-config only and not libgnutls-config anymore since GnuTLS has stopped distributing that tool. If an explicit path is given to configure, we will instead guess on how to link and use that lib. I did not use the patch from the bug report. Yang Tse (8 Jun 2009) - Igor Novoseltsev adjusted Makefile.vxworks to get sources and headers included from Makefile.inc, and provided docs\INSTALL VxWorks section. - I removed buildconf.bat from release and daily snapshot archives. This file is only for CVS tree checkout builds. Daniel Stenberg (8 Jun 2009) - Eric Wong fixed --no-buffer to actually switch off output buffering. Been broken since 7.19.0 Bill Hoffman (6 Jun 2009) - Added some cmake docs and fixed socklen_t in the build. Yang Tse (5 Jun 2009) - John E. Malmberg provided VMS specific patch: "This fixes an existing bug in urlglob.c where it was not converting the Curl Unix exit code to a VMS DCL compatible exit code. This fix required the enhancement described next. This also adds an enhancement to main.c so that when curl is run under a Unix shell like Bash on VMS, it will return the standard Unix exit codes and messages." And another patch for docs/examples. I introduced os-specific.c and os-specific.h for use in curl tool code and adjusted John E. Malmberg's patch placement to use these new files as an effort to prevent main.c from growing ad infinitum. Code already existing in main.c which is OS specific should be moved into these files. Daniel Stenberg (4 June 2009) - Setting the Content-Length: header from your app when you do a POST or PUT is almost always a VERY BAD IDEA. Yet there are still apps out there doing this, and now recently it triggered a bug/side-effect in libcurl as when libcurl sends a POST or PUT with NTLM, it sends an empty post first when it knows it will just get a 401/407 back. If the app then replaced the Content-Length header, it caused the server to wait for input that libcurl wouldn't send. Aaron Oneal reported this problem in bug report #2799008 (http://curl.haxx.se/bug/view.cgi?id=2799008) and helped us verify the fix. Yang Tse (4 Jun 2009) - Igor Novoseltsev provided patches and information, that after some adjustments to better fit curl's way of doing things, have resulted in the posibility of building libcurl for VxWorks. Daniel Fandrich (2 June 2009) - Checked in a Google Android make file. To use it, you must first create a config.h file by running configure in the Android environment, which doesn't seem to be easy to do. If no easy way can be found, a static config-android.h may need to be created and checked in to the libcurl source tree. Daniel Stenberg (1 June 2009) - Claes Jakobsson fixed the configure script to better find and use NSS without pkg-config. Yang Tse (1 Jun 2009) - John E. Malmberg provided a VMS specific clean-up for curl.h, and pointed out that the configure script was failing to detect the timeval struct on VMS when building with _XOPEN_SOURCE_EXTENDED undefined due to definition taking place in socket.h instead of time.h. I have adjusted configure script to also include this header when checking struct timeval. Daniel Stenberg (27 May 2009) - Frank McGeough provided a small OpenSSL #include fix to make libcurl compile fine with Nokia 5th edition 1.0 SDK for Symbian. - Andre Guibert de Bruet found a call to a OpenSSL function that didn't check for a failure properly. - Mike Crowe pointed out that setting CURLOPT_USERPWD to NULL used to clear the auth credentials back in 7.19.0 and earlier while now you have to set "" to get the same effect. His patch brings back the ability to use NULL. - Claes Jakobsson fixed libcurl-NSS to build fine even without the PK11_CreateGenericObject() function. Daniel Stenberg (25 May 2009) - bug report #2796358 (http://curl.haxx.se/bug/view.cgi?id=2796358) pointed out that the cookie parser would leak memory when it parses cookies that are received with domain, path etc set multiple times in the same header. While such a cookie is questionable, they occur in the wild and libcurl no longer leaks memory for them. I added such a header to test case 8. Daniel Fandrich (22 May 2009) - Removed some obsolete digest code that caused a valgrind error in test 551. Daniel Fandrich (20 May 2009) - Added "non-existing host" test keywords to make it easy to skip those tests on machines that have broken DNS configurations (such as those configured to use OpenDNS). Daniel Stenberg (19 May 2009) - Kamil Dudka brought the patch from the Redhat bug entry https://bugzilla.redhat.com/show_bug.cgi?id=427966 which was libcurl closing a bad file descriptor when closing down the FTP data connection. Caolan McNamara seems to be the original author of it.
Update to 7.19.5:
Version 7.19.5 (18 May 2009)
Daniel Stenberg (17 May 2009)
- James Bursa posted a patch to the mailing list that fixed a problem with
no_proxy which made it not skip the proxy if the URL entered contained a
user name. I added test case 1101 to verify.
Daniel Stenberg (11 May 2009)
- Balint Szilakszi reported a memory leak when libcurl did gzip decompression
of streams that had some parts (legitimately) missing. We now provide and use
a proper cleanup function for the content encoding submodule.
http://curl.haxx.se/mail/lib-2009-05/0092.html
- Kamil Dudka provided a fix for libcurl-NSS reported by Michael Cronenworth
at https://bugzilla.redhat.com/show_bug.cgi?id=453612#c12
If an incorrect password is given while loading a private key, libcurl ends
up in an infinite loop consuming memory. The bug is critical.
- I fixed the problem with doing NTLM, POST and then following a 302 redirect,
as reported by Ebenezer Ikonne (on curl-users) and Laurent Rabret (on
curl-library). The transfer was mistakenly marked to get more data to send
but since it didn't actually have that, it just hung there...
Daniel Stenberg (10 May 2009)
- Andre Guibert de Bruet correctly pointed out an over-alloc with one wasted
byte in the digest code.
Yang Tse (9 May 2009)
- Removed DOS and TPF package's subdirectory Makefile.am, it was only used
to include some files in the distribution tarball serving no other purpose.
Files from the DOS and TPF subdirectories are now included in the EXTRA_DIST
of the Makefile in the parent subdirectory.
Yang Tse (8 May 2009)
- Changed host name literal in several tests to one under the haxx.se domain.
- Renamed vc6 workspace and project files to avoid filename clash when used
for conversion to later VS versions.
Daniel Stenberg (8 May 2009)
- Constantine Sapuntzakis fixed bug report #2784055
(http://curl.haxx.se/bug/view.cgi?id=2784055) identifying a problem to
connect to SOCKS proxies when using the multi interface. It turned out to
almost not work at all previously. We need to wait for the TCP connect to
be properly verified before doing the SOCKS magic.
There's still a flaw in the FTP code for this.
Daniel Stenberg (7 May 2009)
- Made the SO_SNDBUF setting for the data connection socket for ftp uploads as
well. See change 28 Apr 2009.
Yang Tse (7 May 2009)
- Fixed an issue affecting FTP transfers, introduced with the transfer.c
patch committed May 4.
Daniel Stenberg (7 May 2009)
- Man page *roff problems fixed thanks to input from Colin Watson. Problems
reported in the Debian package.
- Vijay G filed bug report #2723236
(http://curl.haxx.se/bug/view.cgi?id=2723236) identifying a problem with
libcurl's TFTP code and its lack of dealing with the OACK packet.
Yang Tse (5 May 2009)
- Fixed the --ftp-port address of test #251 to the CLIENTIP address, and
reverted the change affecting test suite harness committed 4 May.
Daniel Stenberg (5 May 2009)
- Inspired by Michael Smith's session id fix for OpenSSL, I did the
corresponding fix in the GnuTLS code: make sure to store the new session id
in case the previous re-used one is rejected.
Daniel Stenberg (4 May 2009)
- Michael Smith posted bug report #2786255
(http://curl.haxx.se/bug/view.cgi?id=2786255) with a patch, identifying how
libcurl did not deal with SSL session ids properly if the server rejected a
re-use of one. Starting now, it will forget the rejected one and remember
the new. This change was for OpenSSL only, it is likely that other SSL lib
code needs similar fixes.
Yang Tse (4 May 2009)
- Applied David McCreedy's "transfer.c fixes for CURL_DO_LINEEND_CONV and
non-ASCII platform HTTP requests" patch addressing two HTTP PUT problems:
1) On non-ASCII platforms not all of the protocol portions of the PUT are
being translated to ASCII. 2) On all platforms the line endings of part of
the protocol portions are mangled from CRLF to CRCRLF if data->set.crlf or
data->set.prefer_ascii are set (depending on CURL_DO_LINEEND_CONV).
- Applied David McCreedy's patch to fix test suite harness to allow test FTP
server and client on different machines, providing FTP client address when
running the FTP test server.
Daniel Fandrich (3 May 2009)
- Added and disabled test case 563 which shows KNOWN_BUGS #59. The bug
report failed to mention that a proxy must be used to reproduce it.
Yang Tse (2 May 2009)
- Use a build-time configured curl_socklen_t data type instead of socklen_t.
Yang Tse (1 May 2009)
- Applied David McCreedy's patches "TPF-platform specific changes to various
files" and "http.c fix to Curl_proxyCONNECT for non-ASCII platforms", the
former with minor edits.
Daniel Stenberg (30 Apr 2009)
- I was going to fix issue #59 in KNOWN_BUGS
If the CURLOPT_PORT option is used on an FTP URL like
"ftp://example.com/file;type=A" the ";type=A" is stripped off.
I added test case 562 to verify, only to find out that I couldn't repeat
this bug so I hereby consider it not a bug anymore!
Daniel Stenberg (29 Apr 2009)
- Based on bug report #2723219 (http://curl.haxx.se/bug/view.cgi?id=2723219)
I've now made TFTP "connections" not being kept for re-use within libcurl.
TFTP is UDP-based so the benefit was really low (if even existing) to begin
with so instead of tracking down to fix this problem we instead removed the
re-use. I also enabled test case 1099 that I wrote a few days ago to verify
that this change fixes the reported problem.
Daniel Stenberg (28 Apr 2009)
- Constantine Sapuntzakis filed bug report #2783090
(http://curl.haxx.se/bug/view.cgi?id=2783090) pointing out that on windows
we need to grow the SO_SNDBUF buffer somewhat to get really good upload
speeds. http://support.microsoft.com/kb/823764 has the details. Friends
confirmed that simply adding 32 to CURL_MAX_WRITE_SIZE is enough.
- Bug report #2709004 (http://curl.haxx.se/bug/view.cgi?id=2709004) by Tim
Chen pointed out how curl couldn't upload with resume when reading from a
pipe.
This ended up with the introduction of a new return code for the
CURLOPT_SEEKFUNCTION callback that basically says that the seek failed but
that libcurl may try to resolve the situation anyway. In our case this means
libcurl will attempt to instead read that much data from the stream instead
of seeking and that way curl can now upload with resume when data is read
from a stream!
Daniel Stenberg (26 Apr 2009)
- Bug report #2779733 (http://curl.haxx.se/bug/view.cgi?id=2779733) by Sven
Wegener pointed out that CURLINFO_APPCONNECT_TIME didn't work with the multi
interface and provided a patch that fixed the problem!
Daniel Stenberg (24 Apr 2009)
- Kamil Dudka fixed another NSS-related leak when client certs were used.
- Bug report #2779245 (http://curl.haxx.se/bug/view.cgi?id=2779245) by Rainer
Koenig pointed out that the man page didn't tell that the *_proxy
environment variables can be specified lower case or UPPER CASE and the
lower case takes precedence,
Daniel Fandrich (21 Apr 2009)
- Added new libcurl source files to Amiga, RiscOS and VC6 build files.
Yang Tse (21 Apr 2009)
- Moved potential inclusion of system's malloc.h and memory.h header files to
setup_once.h. Inclusion of each header file is based on the definition of
NEED_MALLOC_H and NEED_MEMORY_H respectively.
Renamed libcurl's memory.h to curl_memory.h
Daniel Stenberg (20 Apr 2009)
- Leanic Lefever reported a crash and did some detailed research on why and
how it occurs (http://curl.haxx.se/mail/lib-2009-04/0289.html). The
conclusion was that if an error is detected and Curl_done() is called for
the connection, ftp_done() could at times return another error code that
then would take precedence and that new code confused existing logic that
works for the first error code (CURLE_SEND_ERROR) only.
- Gisle Vanem noticed that --libtool would produce bogus strings at times for
OBJECTPOINT options. Now we've introduced a new function - my_setopt_str -
within the app for setting plain string options to avoid the risk of this
mistake happening.
Daniel Stenberg (17 Apr 2009)
- Pramod Sharma reported and tracked down a bug when doing FTP over a HTTP
proxy. libcurl would then wrongly close the connection after each
request. In his case it had the weird side-effect that it killed NTLM auth
for the proxy causing an inifinite loop!
I added test case 1098 to verify this fix. The test case does however not
properly verify that the transfers are done persistently - as I couldn't
think of a clever way to achieve it right now - but you need to read the
stderr output after a test run to see that it truly did the right thing.
Daniel Stenberg (13 Apr 2009)
- bug report #2727981 (http://curl.haxx.se/bug/view.cgi?id=2727981) by Martin
Storsj
confusing as it set the method to either GET or HEAD. The example he showed
looked like:
curl_easy_setopt(curl, CURLOPT_PUT, 1);
curl_easy_setopt(curl, CURLOPT_NOBODY, 0);
The new way doesn't alter the method until the request is about to start. If
CURLOPT_NOBODY is then 1 the HTTP request will be HEAD. If CURLOPT_NOBODY is
0 and the request happens to have been set to HEAD, it will then instead be
set to GET. I believe this will be less surprising to users, and hopefully
not hit any existing users badly.
- Toshio Kuratomi reported a memory leak problem with libcurl+NSS that turned
out to be leaking cacerts. Kamil Dudka helped me complete the fix. The issue
is found in Redhat's bug tracker:
https://bugzilla.redhat.com/show_bug.cgi?id=453612
There are still memory leaks present, but they seem to have other reasons.
Daniel Fandrich (11 Apr 2009)
- Added new libcurl source files to Symbian OS build files.
- Improved Symbian support for SSL.
Yang Tse (10 Apr 2009)
- Daniel Johnson improved the MacOSX-Framework shell script to now perform all
the steps required to build a Mac OS X four way fat ppc/i386/ppc64/x86_64
libcurl.framework. Four way fat framework requires OS X 10.5 SDK or later.
Yang Tse (8 Apr 2009)
- Removed Sun compilers preprocessor block from curlbuild.h.dist, this also
removes it from the curlbuild.h file originally distributed by the cURL
project as this file is intended for systems not capable of running the
configure script. For those who have been building curl out of the source
code curl distribution tarball provided by curl.haxx.se the change implies
nothing. Previous change in this area committed 2 Apr becomes irrelevant.
Daniel Stenberg (6 Apr 2009)
- I clarified in the docs that CURLOPT_SEEKFUNCTION should return 0 on success
and 1 on fatal errors. Previously it only mentioned non-zero on fatal
errors. This is a slight change in meaning, but it follows what we've done
elsewhere before and it opens up for LOTS of more useful return codes
whenever we can think of them...
Yang Tse (2 Apr 2009)
- Fix curl_off_t definition for builds done using Sun compilers and a
non-configured libcurl. In this case curl_off_t data type was gated
to the off_t data type which depends on the _FILE_OFFSET_BITS. This
configuration is exactly the unwanted configuration for our curl_off_t
data type which must not depend on such setting. This breaks ABI for
libcurl libraries built with Sun compilers which were built without
having run the configure script with _FILE_OFFSET_BITS different than
64 and using the ILP32 data model.
Daniel Stenberg (1 Apr 2009)
- Andre Guibert de Bruet fixed a NULL pointer use in an infof() call if a
strdup() call failed.
Daniel Fandrich (31 Mar 2009)
- Properly return an error code in curl_easy_recv (reported by Jim Freeman).
Daniel Stenberg (18 Mar 2009)
- Kamil Dudka brought a patch that enables 6 additional crypto algorithms when
NSS is used. These ciphers were added in NSS 3.4 and require to be enabled
explicitly.
Daniel Stenberg (13 Mar 2009)
- Use libssh2_version() to present the libssh2 version in case the libssh2
library is found to support it.
Yang Tse (12 Mar 2009)
- Added missing Curl_read() return code checking in TELNET transfers.
- Pierre Brico found and fixed TELNET transfers not being aborted upon
a write callback failure.
Daniel Stenberg (11 Mar 2009)
- Kamil Dudka made the curl tool properly call curl_global_init() before any
other libcurl function.
Yang Tse (11 Mar 2009)
- Added missing TELNET timeout support for Windows builds. This issue was
reported by Pierre Brico.
Daniel Stenberg (9 Mar 2009)
- Frank Hempel found out a bug and provided the fix:
curl_easy_duphandle did not necessarily duplicate the CURLOPT_COOKIEFILE
option. It only enabled the cookie engine in the destination handle if
data->cookies is not NULL (where data is the source handle). In case of a
newly initialized handle which just had the cookie support enabled by a
curl_easy_setopt(handle, CURL_COOKIEFILE, "")-call, handle->cookies was
still NULL because the setopt-call only appends the value to
data->change.cookielist, hence duplicating this handle would not have the
cookie engine switched on.
We also concluded that the slist-functionality would be suitable for being
put in its own module rather than simply hanging out in lib/sendf.c so I
created lib/slist.[ch] for them.
- Andreas Farber made the 'buildconf' script check for the presence of m4
scripts to make it detect a bad checkout earlier. People with older
checkouts who don't do cvs update with the -d option won't get the new dirs
and then will get funny outputs that can be a bit hard to understand and
fix.
Daniel Stenberg (8 Mar 2009)
- Andre Guibert de Bruet found and fixed a code segment in ssluse.c where the
allocation of the memory BIO was not being properly checked.
- Andre Guibert de Bruet fixed the gnutls-using code: There are a few places
in the gnutls code where we were checking for negative values for errors,
when the man pages state that GNUTLS_E_SUCCESS is returned on success and
other values indicate error conditions.
- Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that
curl didn't use sprintf() in a way that is documented to work in POSIX but
since we use our own printf() code (from libcurl) that shouldn't be a
problem. Nonetheless I modified the code to not rely on such particular
features and to not cause further raised eyebrowse with no good reason.
Daniel Fandrich (5 Mar 2009)
- Expanded the security section of the libcurl-tutorial man page to cover
more issues for authors to consider when writing robust libcurl-using
applications.
Yang Tse (5 Mar 2009)
- Fixed NTLM authentication memory leak on SSPI enabled Windows builds. This
issue was noticed by Chris Deidun.
Daniel Fandrich (4 Mar 2009)
- Fixed a problem with m4 quoting in the OpenSSL configure check reported
by Daniel Johnson.
Daniel Stenberg (3 Mar 2009)
- David James brought a patch that make libcurl close (all) dead connections
whenever you attempt to open a new connection.
1. After cleaning up a dead connection, "continue" instead of
returning FALSE. This ensures that we clean up all dead connections,
rather than just cleaning up the first dead connection.
2. Move up the cleanup for dead connections so that it occurs for
all connections, rather than just the connections which have the same
preferences as our current new connection.
Pullup ticket 2722 - requested by bouyer curl: build fix Revisions pulled up: - www/curl/Makefile patch - www/curl/distinfo patch - www/curl/patches/patch-ab patch - www/curl/patches/patch-ac patch - www/curl/patches/patch-ad patch - www/curl/patches/patch-ae patch - www/curl/patches/patch-af patch --- The security patch for CVE-2009-0037 has changed on the master site which changed the checksum and size of "curl-7.18.1-CVE-2009-0037.patch". Update to the latest version and integrate it directly to avoid further build breaks.
pullup ticket #2716 - requested by tron curl: fix for security vulnerability revisions pulled up: pkgsrc/www/curl/Makefile patch provided pkgsrc/www/curl/distinfo patch provided http://curl.haxx.se/docs/adv_20090303.html
Update "curl" package to version 7.19.4. Changes since version 7.19.3: Changes: - Added CURLOPT_NOPROXY and the corresponding --noproxy - the OpenSSL-specific code disables TICKET (rfc5077) which is enabled by default in openssl 0.9.8j - Added CURLOPT_TFTP_BLKSIZE - Added CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC - with the corresponding curl options --socks5-gssapi-service and --socks5-gssapi-nec - Improved IPv6 support when built with with c-ares >= 1.6.1 - Added CURLPROXY_HTTP_1_0 and --proxy1.0 - Added docs/libcurl/symbols-in-versions - Added CURLINFO_CONDITION_UNMET - Added support for Digest and NTLM authentication using GnuTLS - CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 to retry the CWD even when MKD fails - GnuTLS initing moved to curl_global_init() - Added CURLOPT_REDIR_PROTOCOLS and CURLOPT_PROTOCOLS Bugfixes: - missing ssh.obj in VS makefiles - FTP ;type=i URLs now work with CURLOPT_PROXY_TRANSFER_MODE in Turkish locale - realms with quoted quotation marks in HTTP Digest headers - VC9 makefiles are now really included - multi interface memory leak with CURLMOPT_MAXCONNECTS set - CURLINFO_CONTENT_LENGTH_DOWNLOAD size from file:// "transfers" with CURLOPT_NOBODY set true - memory leak on some libz errors for content encodings - NSS-enabled build is repaired - superfluous wait in SFTP downloads removed - FTP with the multi interface no longer kills the control connection as easily on transfer failures - compilation halting when using VS2008 to build a Windows 2000 target - ease creation of libcurl Mac OS X Framework - CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD are -1 if unknown - Negotiate proxy authentication - CURLOPT_INTERFACE and CURLOPT_LOCALPORT used together This update fixes the security problem reported in CVE-2009-0037.
Update to 7.19.3: This release adds CURLAUTH_DIGEST_IE and vc9 makefiles and has around 30 bugfixes.
Some cleanup.
Update to 7.19.2: 7.19.2 Three added regressions in 7.19.1 have been fixed: a build failure when using the MSVC 6 makefile, a crash when using --interface name on Linux, and multi interface downloading HTTPS pages with libcurl built powered by OpenSSL. 7.19.1 CURLOPT_CERTINFO, CURLINFO_CERTINFO, CURLOPT_POSTREDIR, CURLOPT_USERNAME, CURLOPT_PASSWORD, CURLOPT_PROXYUSERNAME, and CURLOPT_PROXYPASSWORD were added. 24 bugs were fixed. 7.19.0 Some new libcurl options, new Boolean options handling in the curl tool, and around 40 bugfixes. 7.18.2 This release adds CURLFORM_STREAM, CURLINFO_REDIRECT_URL, and the two new functions curl_easy_send() and curl_easy_recv(). libcurl now supports CURLOPT_NOBODY over SFTP, and curl now runs on Symbian OS. At least 21 described bugfixes were made. 7.18.1 This release adds support for HttpOnly cookies. It no longer distributes or installs a CA cert bundle. SSLv2 is now disabled by default. Resumed transfers work with SFTP. At least 23 described bugfixes were made.
Set PRIVILEGED_STAGES+=clean for every platform. Some files are generated during install, and cannot be cleaned by an unprivileged user.
Added a LDAP option to curl, so that ldap:// and ldaps:// URL are supported
"make clean" requires the superuser privilege on Darwin.
pullup ticket #2375 - requested by dholland curl: fix broken build on netbsd 3 revisions pulled up: - pkgsrc/www/curl/Makefile 1.82 - pkgsrc/www/curl/distinfo 1.55 - pkgsrc/www/curl/patches/patch-aa 1.12 Module Name: pkgsrc Committed By: dholland Date: Mon May 12 20:37:06 UTC 2008 Modified Files: pkgsrc/www/curl: Makefile distinfo Added Files: pkgsrc/www/curl/patches: patch-aa Log Message: Add explicit -lkrb5 with -lgssapi, when enabled. Fixes broken build on NetBSD 3.x. PR pkg/38331. PKGREVISION++. Ok: joerg
Add explicit -lkrb5 with -lgssapi, when enabled. Fixes broken build on NetBSD 3.x. PR pkg/38331. PKGREVISION++. Ok: joerg
Some files cannot be removed at the clean stage as non-root user, so use the same strategy than python uses: PRIVILEGED_STAGES+=clean.
-make the gssapi option default on NetBSD (where Kerberos comes for free) (suggested by Todd Kover in PR pkg/36144) -propagate the krb dependency through bl3 if necessary -bump PKGREVISION
Update to version 7.18.0 and add SSHv2 support via the newly imported security/libssh2 package. Changes: o --data-urlencode o CURLOPT_PROXY_TRANSFER_MODE o --no-keepalive - now curl does connections with keep-alive enabled by default o --socks4a added (proxy type CURLPROXY_SOCKS4A for libcurl) o --socks5-hostname added (CURLPROXY_SOCKS5_HOSTNAME for libcurl) o curl_easy_pause() o CURLOPT_SEEKFUNCTION and CURLOPT_SEEKDATA o --keepalive-time o curl --help output was re-ordered This release includes the following bugfixes: o curl-config --features and --protocols show the correct output when built with NSS, and also when SCP, SFTP and libz are not available o free problem in the curl tool for users with empty home dir o curl.h version 7.17.1 problem when building C++ apps with MSVC o SFTP and SCP use persistent connections o segfault on bad URL o variable wrapping when using absolutely huge send buffer sizes o variable wrapping when using debug callback and the HTTP request wasn't sent in one go o SSL connections with NSS done with the multi-interface o setting a share no longer activates cookies o Negotiate now works on auth and proxy simultanouesly o support HTTP Digest nonces up to 1023 letters o resumed ftp upload no longer requires the read callback to return full buffers o no longer default-appends ;type= on FTP URLs thru proxies o SSL session id caching o POST with callback over proxy requiring NTLM or Digest o Expect: 100-continue flaw on re-used connection with POSTs o build fix for MSVC 9.0 (VS2008) o Windows curl builds failed file truncation when retry downloading o SSL session ID cache memory leak o bad connection re-use check with environment variable-activated proxy use o --libcurl now generates a return statement as well o socklen_t is no longer used in the public includes o time zone offsets from -1400 to +1400 are now accepted by the date parser o allows more spaces in WWW/Proxy-Authenticate: headers o curl-config --libs skips /usr/lib64 o range support for file:// transfers o libcurl hang with huge POST request and request-body read from callback o removed extra newlines from many error messages o improved pipelining o improved OOM handling for data url encoded HTTP POSTs when read from a file o test suite could pick wrong tool(s) if more than one existed in the PATH o curl_multi_fdset() failed to return socket while doing CONNECT over proxy o curl_multi_remove_handle() on a handle that is in used for a pipeline now break that pipeline o CURLOPT_COOKIELIST memory leaks o progress meter/callback during http proxy CONNECT requests o auth for http proxy when the proxy closes connection after first response
Per the process outlined in revbump(1), perform a recursive revbump on packages that are affected by the switch from the openssl 0.9.7 branch to the 0.9.8 branch. ok jlam@
Remove ftp.rge.com from MASTER_SITES, doesn't resolve. From Zafer Aydogan in PR 37340.
Update to 7.17.1:
Version 7.17.1 (29 October 2007)
Dan F (25 October 2007)
- Added the --static-libs option to curl-config
Daniel S (25 October 2007)
- Made libcurl built with NSS possible to ignore the peer verification.
Previously it would fail if the ca bundle wasn't present, even if the code
ignored the verification results.
Patrick M (25 October 2007)
- Fixed test server to allow null bytes in binary posts.
_ Added tests 35, 544 & 545 to check binary data posts, both static (in place)
and dynamic (copied).
Daniel S (25 October 2007)
- Michal Marek fixed the test script to be able to use valgrind even when the
lib is built shared with libtool.
- Fixed a few memory leaks when the same easy handle is re-used to request
URLs with different protocols. FTP and TFTP related leaks. Caught thanks to
Dan F's new test cases.
Dan F (24 October 2007)
- Fixed the test FTP and TFTP servers to support the >10000 test number
notation
- Added test cases 2000 through 2003 which test multiple protocols using the
same easy handle
- Fixed the filecheck: make target to work outside the source tree
Daniel S (24 October 2007)
- Vladimir Lazarenko pointed out that we should do some 'mt' magic when
building with VC8 to get the "manifest" embedded to make fine stand-alone
binaries. The maketgz and the src/Makefile.vc6 files were adjusted
accordingly.
Daniel S (23 October 2007)
- Bug report #1812190 (http://curl.haxx.se/bug/view.cgi?id=1812190) points out
that libcurl tried to re-use connections a bit too much when using non-SSL
protocols tunneled over a HTTP proxy.
Daniel S (22 October 2007)
- Michal Marek forwarded the bug report
https://bugzilla.novell.com/show_bug.cgi?id=332917 about a HTTP redirect to
FTP that caused memory havoc. His work together with my efforts created two
fixes:
#1 - FTP::file was moved to struct ftp_conn, because is has to be dealt with
at connection cleanup, at which time the struct HandleData could be
used by another connection.
Also, the unused char *urlpath member is removed from struct FTP.
#2 - provide a Curl_reset_reqproto() function that frees
data->reqdata.proto.* on connection setup if needed (that is if the
SessionHandle was used by a different connection).
A long-term goal is of course to somehow get rid of how the reqdata struct
is used, as it is too error-prone.
- Bug report #1815530 (http://curl.haxx.se/bug/view.cgi?id=1815530) points out
that specifying a proxy with a trailing slash didn't work (unless it also
contained a port number).
Patrick M (15 October 2007)
- Fixed the dynamic CURLOPT_POSTFIELDS problem: this option is now static again
and option CURLOPT_COPYPOSTFIELDS has been added to support dynamic mode.
Patrick M (12 October 2007)
- Added per-protocol callback static tables, replacing callback ptr storage
in the connectdata structure by a single handler table ptr.
Dan F (11 October 2007)
- Fixed the -l option of runtests.pl
- Added support for skipping tests based on key words.
Daniel S (9 October 2007)
- Michal Marek removed the no longer existing return codes from the curl.1
man page.
Daniel S (7 October 2007)
- Known bug #47, which confused libcurl if doing NTLM auth over a proxy with
a response that was larger than 16KB is now improved slightly so that now
the restriction at 16KB is for the headers only and it should be a rare
situation where the response-headers exceed 16KB. Thus, I consider #47 fixed
and the header limitation is now known as known bug #48.
Daniel S (5 October 2007)
- Michael Wallner made the CULROPT_COOKIELIST option support a new magic
string: "FLUSH". Using that will cause libcurl to flush its cookies to the
CURLOPT_COOKIEJAR file.
- The new file docs/libcurl/ABI describes how we view ABI breakages, soname
bumps and what the version number's significance to all that is.
Daniel S (4 October 2007)
- I enabled test 1009 and made the --local-port use a wide range to reduce the
risk of failures.
- Kim Rinnewitz reported that --local-port didn't work with TFTP transfers.
This happened because the tftp code always uncondionally did a bind()
without caring if one already had been done and then it failed. I wrote a
test case (1009) to verify this, but it is a bit error-prone since it will
have to pick a fixed local port number and since the tests are run on so
many different hosts in different situations I'll add it in disabled state.
Yang Tse (3 October 2007)
- Fixed issue related with the use of ares_timeout() result.
Daniel S (3 October 2007)
- Alexey Pesternikov introduced CURLOPT_OPENSOCKETFUNCTION and
CURLOPT_OPENSOCKETDATA to set a callback that allows an application to
replace the socket() call used by libcurl. It basically allows the app to
change address, protocol or whatever of the socket.
- I renamed the CURLE_SSL_PEER_CERTIFICATE error code to
CURLE_PEER_FAILED_VERIFICATION (standard CURL_NO_OLDIES style), and made
this return code get used by the previous SSH MD5 fingerprint check in case
it fails.
- Based on a patch brought by Johnny Luong, libcurl now offers
CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and the curl tool --hostpubmd5. They both
make the SCP or SFTP connection verify the remote host's md5 checksum of the
public key before doing a connect, to reduce the risk of a man-in-the-middle
attack.
Daniel S (2 October 2007)
- libcurl now handles chunked-encoded CONNECT responses
Daniel S (1 October 2007)
- Alex Fishman reported a curl_easy_escape() problem that was made the
function do wrong on all input bytes that are >= 0x80 (decimal 128) due to a
signed / unsigned mistake in the code. I fixed it and added test case 543 to
verify.
Daniel S (29 September 2007)
- Immanuel Gregoire fixed a problem with persistent transfers over SFTP.
Daniel S (28 September 2007)
- Adapted the c-ares code to the API change c-ares 1.5.0 brings in the
notifier callback(s).
Dan F (26 September 2007)
- Enabled a few more gcc warnings with --enable-debug. Renamed a few
variables to avoid shadowing global declarations.
Daniel S (26 September 2007)
- Philip Langdale provided the new CURLOPT_POST301 option for
curl_easy_setopt() that alters how libcurl functions when following
redirects. It makes libcurl obey the RFC2616 when a 301 response is received
after a non-GET request is made. Default libcurl behaviour is to change
method to GET in the subsequent request (like it does for response code 302
- because that's what many/most browsers do), but with this CURLOPT_POST301
option enabled it will do what the spec says and do the next request using
the same method again. I.e keep POST after 301.
The curl tool got this option as --post301
Test case 1011 and 1012 were added to verify.
- Max Katsev reported that when doing a libcurl FTP request with
CURLOPT_NOBODY enabled but not CURLOPT_HEADER, libcurl wouldn't do TYPE
before it does SIZE which makes it less useful. I walked over the code and
made it do this properly, and added test case 542 to verify it.
Daniel S (24 September 2007)
- Immanuel Gregoire fixed KNOWN_BUGS #44: --ftp-method nocwd did not handle
URLs ending with a slash properly (it should list the contents of that
directory). Test case 351 brought back and also test 1010 was added.
Daniel S (21 September 2007)
- Mark Davies fixed Negotiate authentication over proxy, and also introduced
the --proxy-negotiate command line option to allow a user to explicitly
select it.
Daniel S (19 September 2007)
- Rob Crittenden provided an NSS update with the following highlights:
o It looks for the NSS database first in the environment variable SSL_DIR,
then in /etc/pki/nssdb, then it initializes with no database if neither of
those exist.
o If the NSS PKCS#11 libnspsem.so driver is available then PEM files may be
loaded, including the ca-bundle. If it is not available then only
certificates already in the NSS database are used.
o Tries to detect whether a file or nickname is being passed in so the right
thing is done
o Added a bit of code to make the output more like the OpenSSL module,
including displaying the certificate information when connecting in
verbose mode
o Improved handling of certificate errors (expired, untrusted, etc)
The libnsspem.so PKCS#11 module is currently only available in Fedora
8/rawhide. Work will be done soon to upstream it. The NSS module will work
with or without it, all that changes is the source of the certificates and
keys.
Daniel S (18 September 2007)
- Immanuel Gregoire pointed out that public key SSH auth failed if no
public/private key was specified and there was no HOME environment variable,
and then it didn't continue to try the other auth methods. Now it will
instead try to get the files id_dsa.pub and id_dsa from the current
directory if none of the two conditions were met.
Dan F (17 September 2007)
- Added hooks to the test suite to make it possible to test a curl running
on a remote host.
- Changed some FTP tests to validate the format of the PORT and EPRT commands
sent by curl, if not the addresses themselves.
Daniel S (15 September 2007)
- Michal Marek made libcurl automatically append ";type=<a|i>" when using HTTP
proxies for FTP urls.
- Günter Knauf fixed LDAP builds in the Windows makefiles and fixed LDAPv3
support on Windows.
Dan F (13 September 2007)
- Added LDAPS, SCP and SFTP to curl-config --protocols. Removed and
fixed some AC_SUBST configure entries.
Update to 7.17.0:
Changes:
* support for OS/400 Secure Sockets Layer library
* curl_easy_setopt() now allocates strings passed to it
* SCP and SFTP support now requires libssh2 0.16 or later
* LDAP libraries are now linked "regularly" and not with dlopen
* HTTP transfers have the download size info "available" earlier
* FTP transfers have the download size info "available" earlier
* builds and runs on OS/400
* several error codes and options were marked as obsolete and subject to future removal (set CURL_NO_OLDIES to see if your application is using them)
* SFTP errors can return more specific error codes
Bugfixes:
* test cases 31, 46, 61, 506, 517 now work in time zones that use leap seconds
* problem with closed proxy connection during HTTP CONNECT auth negotiation
* transfer-encoding skipping didn't ignore the 407 response bodies properly
* CURLOPT_SSL_VERIFYHOST set to 1
* CONNECT endless loop
* krb5 support builds with Heimdal
* added returned error string for connection refused case
* re-use of dead FTP control connections
* login to FTP servers that don't require (nor understand) PASS after the USER command
* bad free of memory from libssh2
* the SFTP PWD command works
* HTTP Digest auth on a re-used connection
* FTPS data connection close
* AIX 4 and 5 get to use non-blocking sockets
* small POST with NTLM
* resumed file:// transfers
* CURLOPT_DNS_CACHE_TIMEOUT and CURLOPT_DNS_USE_GLOBAL_CACHE are 64 bit "clean"
* memory leak when handling compressed data streams from broken servers
* no NTLM unicode response
* resume HTTP PUT using Digest authentication
* FTP NOBODY requests on directories sent "SIZE (null)"
* FTP NOBODY request on file crash
* excessively long FTP server responses and response lines
* file:// upload then FTP:// upload crash
* TFTP error 0 is no longer treated as success
* uploading empty file over FTP on re-used connection
* superfluous CWD command on re-used FTP connections without subdirs used
Convert packages that test and use USE_INET6 to use the options framework and to support the "inet6" option instead. Remaining usage of USE_INET6 was solely for the benefit of the scripts that generate the README.html files. Replace: BUILD_DEFS+= USE_INET6 with BUILD_DEFS+= IPV6_READY and teach the README-generation tools to look for that instead. This nukes USE_INET6 from pkgsrc proper. We leave a tiny bit of code to continue to support USE_INET6 for pkgsrc-wip until it has been nuked from there as well.
Update to 7.16.4: Version 7.16.4 (10 July 2007) Daniel S (10 July 2007) - Kees Cook notified us about a security flaw (http://curl.haxx.se/docs/adv_20070710.html) in which libcurl failed to properly reject some outdated or not yet valid server certificates when built with GnuTLS. Kees also provided the patch. James H (5 July 2007) - Gavrie Philipson provided a patch that will use a more specific error message for an scp:// upload failure. If libssh2 has his matching patch, then the error message return by the server will be used instead of a more generic error. Daniel S (1 July 2007) - Thomas J. Moore provided a patch that introduces Kerberos5 support in libcurl. This also makes the options change name to --krb (from --krb4) and CURLOPT_KRBLEVEL (from CURLOPT_KRB4LEVEL) but the old names are still - Song Ma helped me verify and extend a fix for doing FTP over a SOCKS4/5 proxy. Daniel S (27 June 2007) - James Housley: Add two new options for the SFTP/SCP/FILE protocols: CURLOPT_NEW_FILE_PERMS and CURLOPT_NEW_DIRECTORY_PERMS. These control the premissions for files and directories created on the remote server. CURLOPT_NEW_FILE_PERMS defaults to 0644 and CURLOPT_NEW_DIRECTORY_PERMS defaults to 0755 - I corrected the 10-at-a-time.c example and applied a patch for it by James Bursa. Daniel S (26 June 2007) - Robert Iakobashvili re-arranged the internal hash code to work with a custom hash function for different hashes, and also expanded the default size for the socket hash table used in multi handles to greatly enhance speed when very many connections are added and the socket API is used. - James Housley made the CURLOPT_FTPLISTONLY mode work for SFTP directory listings as well Daniel S (25 June 2007) - Adjusted how libcurl treats HTTP 1.1 responses without content-lenth or chunked encoding (that also lacks "Connection: close"). It now simply assumes that the connection WILL be closed to signal the end, as that is how RFC2616 section 4.4 point #5 says we should behave.
Update to 7.16.3:
Version 7.16.3 (25 June 2007)
Daniel S (23 June 2007)
- As reported by "Tro" in http://curl.haxx.se/mail/lib-2007-06/0161.html and
http://curl.haxx.se/mail/lib-2007-06/0238.html, libcurl didn't properly do
no-body requests on FTP files on re-used connections properly, or at least
it didn't provide the info back in the header callback properly in the
subsequent requests.
Daniel S (21 June 2007)
- Gerrit Bruchhäuser pointed out a warning that the Intel(R) Thread Checker
tool reports and it was indeed a legitimate one and it is one fixed. It was
a use of a share without doing the proper locking first.
Daniel S (20 June 2007)
- Adam Piggott filed bug report #1740263
(http://curl.haxx.se/bug/view.cgi?id=1740263). Adam discovered that when
getting a large amount of URLs with curl, they were fetched slower and
slower... which turned out to be because the --libcurl data collecting which
wrongly always was enabled, but no longer is...
Daniel S (18 June 2007)
- Robson Braga Araujo filed bug report #1739100
(http://curl.haxx.se/bug/view.cgi?id=1739100) that mentioned that libcurl
could not actually list the contents of the root directory of a given FTP
server if the login directory isn't root. I fixed the problem and added
three test cases (one is disabled for now since I identified KNOWN_BUGS #44,
we cannot use --ftp-method nocwd and list ftp directories).
Daniel S (14 June 2007)
- Shmulik Regev:
I've encountered (and hopefully fixed) a problem involving proxy CONNECT
requests and easy handles state management. The problem isn't simple to
reproduce since it depends on socket state. It only manifests itself when
working with non-blocking sockets.
Here is the scenario:
1. in multi_runsingle the easy handle is in the CURLM_STATE_WAITCONNECT and
calls Curl_protocol_connect
2. in Curl_proxyCONNECT, line 1247, if the socket isn't ready the function
returns and conn->bits.tunnel_connecting is TRUE
3. when the call to Curl_protocol_connect returns the protocol_connect flag
is false and the easy state is changed to CURLM_STATE_PROTOCONNECT which
isn't correct if a proxy is used. Rather CURLM_STATE_WAITPROXYCONNECT
should be used.
I discovered this while performing an HTTPS request through a proxy (squid)
on my local network. The problem caused openssl to fail as it read the proxy
response to the CONNECT call ('HTTP/1.0 Established') rather than the SSL
handshake (the exact openssl error was 'wrong ssl version' but this isn't
very important)
- Dave Vasilevsky filed bug report #1736875
(http://curl.haxx.se/bug/view.cgi?id=1736875) almost simultanouesly as Dan
Fandrich mentioned a related build problem on the libcurl mailing list:
http://curl.haxx.se/mail/lib-2007-06/0131.html. Both problems had the same
reason: the definitions of the POLL* defines and the pollfd struct in the
libcurl code was depending on HAVE_POLL instead of HAVE_SYS_POLL_H.
Daniel S (13 June 2007)
- Tom Regner provided a patch and worked together with James Housley, so now
CURLOPT_FTP_CREATE_MISSING_DIRS works for SFTP connections as well as FTP
ones.
- Rich Rauenzahn filed bug report #1733119
(http://curl.haxx.se/bug/view.cgi?id=1733119) and we collaborated on the
fix. The problem is that for 64bit HPUX builds, several socket-related
functions would still assume int (32 bit) arguments and not socklen_t (64
bit) ones.
Daniel S (12 June 2007)
- James Housley brought his revamped SSH code that is state-machine driven to
really take advantage of the now totally non-blocking libssh2 (in CVS).
Dan F (8 June 2007)
- Incorporated Daniel Black's test706 and test707 SOCKS test cases.
- Fixed a few problems when starting the SOCKS server.
- Reverted some recent changes to runtests.pl that weren't compatible with
perl 5.0.
- Fixed the test harness so that it actually kills the ssh being used as
the SOCKS server.
Daniel S (6 June 2007)
- -s/--silent can now be used to toggle off the silence again if used a second
time.
Daniel S (5 June 2007)
- Added Daniel Black's work that adds the first few SOCKS test cases. I also
fixed two minor SOCKS problems to make the test cases run fine.
Daniel S (31 May 2007)
- Feng Tu made (lib)curl support "upload" resuming work for file:// URLs.
Daniel S (30 May 2007)
- I modified the 10-at-a-time.c example to transfer 500 downloads in parallel
with a c-ares enabled build only to find that it crashed miserably, and this
was due to some select()isms left in the code. This was due to API
restrictions in c-ares 1.3.x, but with the upcoming c-ares 1.4.0 this is no
longer the case so now libcurl runs much better with c-ares and the multi
interface with > 1024 file descriptors in use.
Extra note: starting now we require c-ares 1.4.0 for asynchronous name
resolves.
- Added CURLMOPT_MAXCONNECTS which is a curl_multi_setopt() option for setting
the maximum size of the connection cache maximum size of the multi handle.
Daniel S (27 May 2007)
- When working with a problem Stefan Becker had, I found an off-by-one buffer
overwrite in Curl_select(). While fixing it, I also improved its performance
somewhat by changing calloc to malloc and breaking out of a loop earlier
(when possible).
Daniel S (25 May 2007)
- Rob Crittenden fixed bug #1705802
(http://curl.haxx.se/bug/view.cgi?id=1705802), which was filed by Daniel
Black identifying several FTP-SSL test cases fail when we build libcurl with
NSS for TLS/SSL. Listed as #42 in KNOWN_BUGS.
Daniel S (24 May 2007)
- Song Ma filed bug report #1724016
(http://curl.haxx.se/bug/view.cgi?id=1724016) noticing that downloading
glob-ranges for TFTP was broken in CVS. Fixed now.
- 'mytx' in bug report #1723194 (http://curl.haxx.se/bug/view.cgi?id=1723194)
pointed out that the warnf() function in the curl tool didn't properly deal
with the cases when excessively long words were used in the string to chop
up.
Daniel S (22 May 2007)
- Andre Guibert de Bruet fixed a memory leak in the function that verifies the
peer's name in the SSL certificate when built for OpenSSL. The leak happens
for libcurls with CURL_DOES_CONVERSIONS enabled that fail to convert the CN
name from UTF8. He also fixed a leak when PKCS #12 parsing failed.
Daniel S (18 May 2007)
- Feng Tu reported that curl -w did wrong on TFTP transfers in bug report
#1715394 (http://curl.haxx.se/bug/view.cgi?id=1715394), and the
transfer-related info "variables" were indeed overwritten with zeroes
wrongly and have now been adjusted. The upload size still isn't accurate.
Daniel S (17 May 2007)
- Feng Tu pointed out a division by zero error in the TFTP connect timeout
code for timeouts less than five seconds, and also provided a fix for it.
Bug report #1715392 (http://curl.haxx.se/bug/view.cgi?id=1715392)
Dan F (16 May 2007)
- Added support for compiling under Minix 3.1.3 using ACK.
Dan F (14 May 2007)
- Added SFTP directory listing test case 613.
- Added support for quote commands before a transfer using SFTP and test
case 614.
- Changed the post-quote commands to occur after the transferred file is
closed.
- Allow SFTP quote commands chmod, chown, chgrp to set a value of 0.
Dan F (9 May 2007)
- Kristian Gunstone fixed a problem where overwriting an uploaded file with
sftp didn't truncate it first, which would corrupt the file if the new
file was shorter than the old.
Dan F (8 May 2007)
- Added FTPS test cases 406 and 407
Daniel S (8 May 2007)
- CURLE_FTP_COULDNT_STOR_FILE is now known as CURLE_UPLOAD_FAILED. This is
because I just made SCP uploads return this value if the file size of
the upload file isn't given with CURLOPT_INFILESIZE*. Docs updated to
reflect this news, and a define for the old name was added to the public
header file.
Daniel S (7 May 2007)
- James Bursa fixed a bug in the multi handle code that made the connection
cache grow a bit too much, beyond the normal 4 * easy_handles.
Daniel S (2 May 2007)
- Anders Gustafsson remarked that requiring CURLOPT_HTTP_VERSION set to 1.0
when CURLOPT_HTTP200ALIASES is used to avoid the problem mentioned below is
not very nice if the client wants to be able to use _either_ a HTTP 1.1
server or one within the aliases list... so starting now, libcurl will
simply consider 200-alias matches the to be HTTP 1.0 compliant.
- Tobias Rundström reported a problem they experienced with xmms2 and recent
libcurls, which turned out to be the 25-nov-2006 change which treats HTTP
responses without Content-Length or chunked encoding as without bodies. We
now added the conditional that the above mentioned response is only without
body if the response is HTTP 1.1.
- Jeff Pohlmeyer improved the hiperfifo.c example to use the
CURLMOPT_TIMERFUNCTION callback option.
- Set the timeout for easy handles to expire really soon after addition or
when CURLM_CALL_MULTI_PERFORM is returned from curl_multi_socket*/perform,
to make applications using only curl_multi_socket() to properly function
when adding easy handles "on the fly". Bug report and test app provided by
Michael Wallner.
Dan F (30 April 2007)
- Improved the test harness to allow running test servers on other than
the default port numbers, allowing more than one test suite to run
simultaneously on the same host.
Daniel S (28 April 2007)
- Peter O'Gorman fixed libcurl to not init GnuTLS as early as we did before,
since it then inits libgcrypt and libgcrypt is being evil and EXITS the
application if it fails to get a fine random seed. That's really not a nice
thing to do by a library.
- Frank Hempel fixed a curl_easy_duphandle() crash on a handle that had
been removed from a multi handle, and then fixed another flaw that prevented
curl_easy_duphandle() to work even after the first fix - the handle was
still marked as using the multi interface.
Daniel S (26 April 2007)
- Peter O'Gorman found a problem with SCP downloads when the downloaded file
was 16385 bytes (16K+1) and it turned out we didn't properly always "suck
out" all data from libssh2. The effect being that libcurl would hang on the
socket waiting for data when libssh2 had in fact already read it all...
Dan F (25 April 2007)
- Added support in runtests.pl for "!n" test numbers to disable individual
tests. Changed -t to only keep log files around when -k is specified,
to have the same behaviour as without -t.
Daniel S (25 April 2007)
- Sonia Subramanian brought our attention to a problem that happens if you set
the CURLOPT_RESUME_FROM or CURLOPT_RANGE options and an existing connection
in the connection cache is closed to make room for the new one when you call
curl_easy_perform(). It would then wrongly free range-related data in the
connection close funtion.
Yang Tse (25 April 2007)
- Steve Little fixed compilation on VMS 64-bit mode
Daniel S (24 April 2007)
- Robert Iakobashvili made the 'master_buffer' get allocated first once it is
can/will be used as it then makes the common cases save 16KB of data for each
easy handle that isn't used for pipelining.
Dan F (23 April 2007)
- Added <postcheck> support to the test harness.
- Added tests 610-612 to test more SFTP post-quote commands.
Daniel S (22 April 2007)
- Song Ma's warning if -r/--range is given with a "bad" range, also noted in
the man page now.
- Daniel Black filed bug #1705177
(http://curl.haxx.se/bug/view.cgi?id=1705177) where --without-ssl
--with-gnutl outputs a warning about SSL not being enabled even though GnuTLS
was found and used.
Daniel S (21 April 2007)
- Daniel Black filed bug #1704675
(http://curl.haxx.se/bug/view.cgi?id=1704675) identifying a double-free
problem in the SSL-dealing layer, telling GnuTLS to free NULL credentials on
closedown after a failure and a bad #ifdef for NSS when closing down SSL.
Yang Tse (20 April 2007)
- Save one call to curlx_tvnow(), which calls gettimeofday(), in each of
Curl_socket_ready(), Curl_poll() and Curl_select() when these are called
with a zero timeout or a timeout value indicating a blocking call should
be performed.
Daniel S (18 April 2007)
- James Housley made SFTP uploads use libssh2's non-blocking API
- Prevent the internal progress meter from updating more frequently than once
per second.
Dan F (17 April 2007)
- Added test cases 296, 297 and 298 to test --ftp-method handling
Daniel S (16 April 2007)
- Robert Iakobashvil added curl_multi_socket_action() to libcurl, which is a
function that deprecates the curl_multi_socket() function. Using the new
function the application tell libcurl what action that was found in the
socket that it passes in. This gives a significant performance boost as it
allows libcurl to avoid a call to poll()/select() for every call to
curl_multi_socket*().
I added a define in the public curl/multi.h header file that will make your
existing application automatically use curl_multi_socket_action() instead of
curl_multi_socket() when you recompile. But of course you'll get better
performance if you adjust your code manually and actually pass in the
correct action bitmask to this function.
Daniel S (14 April 2007)
- Jay Austin added "DH PARAMETERS" to the stunnel.pem certificate for the test
suite to make stunnel run better in some (most?) environments.
Dan F (13 April 2007)
- Added test cases 294 and 295 to test --ftp-account handling
- Improved handling of out of memory in ftp.
Yang Tse (13 April 2007)
- Fix test case 534 which started to fail 2007-04-13 due to the existance
of a new host on the net with the same silly domain the test was using
for a host which was supposed not to exist.
Daniel S (12 April 2007)
- Song Ma found a memory leak in the if2ip code if you pass in an interface
name longer than the name field of the ifreq struct (typically 6 bytes), as
then it wouldn't close the used dummy socket. Bug #1698974
(http://curl.haxx.se/bug/view.cgi?id=1698974)
Update to 7.16.2:
Version 7.16.2 (11 April 2007)
Yang Tse (10 April 2007)
- Ravi Pratap provided some fixes for HTTP pipelining
- configure script will ignore --enable-sspi option for non-native Windows.
Daniel S (9 April 2007)
- Nick Zitzmann did ssh.c cleanups
Daniel S (3 April 2007)
- Rob Jones fixed better #ifdef'ing for a bunch of #include lines.
Daniel S (2 April 2007)
- Nick Zitzmann made the CURLOPT_POSTQUOTE option work for SFTP as well. The
accepted commands are as follows:
chgrp (gid) (path)
Changes the group ID of the file or directory at (path) to (gid). (gid)
must be a number.
chmod (perms) (path)
Changes the permissions of the file or directory at (path) to
(perms). (perms) must be a number in the format used by the chmod Unix
command.
chown (uid) (path)
Changes the user ID of the file or directory at (path) to (uid). (uid)
must be a number.
ln (source) (dest)
Creates a symbolic link at (dest) that points to the file located at
(source).
mkdir (path)
Creates a new directory at (path).
rename (source) (dest)
Moves the file or directory at (source) to (dest).
rm (path)
Deletes the file located at (path).
rmdir (path)
Deletes the directory located at (path). This command will raise an error
if the directory is not empty.
symlink (source) (dest)
Same as ln.
Daniel S (1 April 2007)
- Robert Iakobashvili made curl_multi_remove_handle() a lot faster when many
easy handles are added to a multi handle, by avoiding the looping over all
the handles to find which one to remove.
- Matt Kraai provided a patch that makes curl build on QNX 6 fine again.
Daniel S (31 March 2007)
- Fixed several minor issues detected by the coverity.com scanner.
- "Pixel" fixed a problem that appeared when you used -f with user+password
embedded in the URL.
Dan F (29 March 2007)
- Don't tear down the ftp connection if the maximum filesize was exceeded
and added tests 290 and 291 to check.
- Added ftps upload and SSL required tests 401 and 402.
- Send an EOF message before closing an SCP channel, as recommended by
RFC4254. Enable libssh2 tracing when ssh debugging is turned on.
Yang Tse (27 March 2007)
- Internal function Curl_select() renamed to Curl_socket_ready()
New Internal wrapper function Curl_select() around select (2), it
uses poll() when a fine poll() is available, so now libcurl can be
built without select() support at all if a fine poll() is available.
Daniel S (25 March 2007)
- Daniel Johnson fixed multi code to traverse the easy handle list properly.
A left-over bug from the February 21 fix.
Dan F (23 March 2007)
- Added --pubkey option to curl and made --key also work for SCP/SFTP,
plus made --pass work on an SSH private key as well.
- Changed the test harness to attempt to gracefully shut down servers
before resorting to the kill -9 hammer.
- Added test harness infrastructure to support scp/sftp tests, using
OpenSSH as the server.
- Fixed a memory leak when specifying a proxy with a file: URL.
Yang Tse (20 March 2007)
- Fixed: When a signal was caught awaiting for an event using Curl_select()
or Curl_poll() with a non-zero timeout both functions would restart the
specified timeout. This could even lead to the extreme case that if a
signal arrived with a frecuency lower to the specified timeout neither
function would ever exit.
Added experimental symbol definition check CURL_ACKNOWLEDGE_EINTR in
Curl_select() and Curl_poll(). When compiled with CURL_ACKNOWLEDGE_EINTR
defined both functions will return as soon as a signal is caught. Use it
at your own risk, all calls to these functions in the library should be
revisited and checked before fully supporting this feature.
Yang Tse (19 March 2007)
- Bryan Henderson fixed the progress function so that it can get called more
frequently allowing same calling frecuency for the client progress callback.
Dan F (15 March 2007)
- Various memory leaks plugged and NULL pointer fixes made in the ssh code.
Daniel (15 March 2007)
- Nick made the curl tool accept globbing ranges that only is one number, i.e
you can now use [1-1] without curl complaining.
Daniel (10 March 2007)
- Eygene Ryabinkin:
The problem is the following: when we're calling Curl_done and it decides to
keep the connection opened ('left intact'), then the caller is not notified
that the connection was done via the NULLifying of the pointer, so some easy
handle is keeping the pointer to this connection.
Later ConnectionExists can select such connection for reuse even if we're
not pipelining: pipeLen is zero, so the (pipeLen > 0 && !canPipeline) is
false and we can reuse this connection for another easy handle. But thus the
connection will be shared between two easy handles if the handle that wants
to take the ownership is not the same as was not notified of the connection
was done in Curl_done. And when some of these easy handles will get their
connection really freed the another one will still keep the pointer.
My fix was rather trivial: I just added the NULLification to the 'else'
branch in the Curl_done. My tests with Git and ElectricFence showed no
problems both for HTTP pulling and cloning. Repository size is about 250 Mb,
so it was a considerable amount of Curl's work.
Dan F (9 March 2007)
- Updated the test harness to add a new "crypto" feature check and updated the
appropriate test case to use it. For now, this is treated the same as the
"SSL" feature because curl doesn't list it separately.
Daniel (9 March 2007)
- Robert Iakobashvili fixed CURLOPT_INTERFACE for IPv6.
- Robert A. Monat improved the maketgz and VC6/8 generating to set the correct
machine type too.
- Justin Fletcher fixed a file descriptor leak in the curl tool when trying to
upload a file it couldn't open. Bug #1676581
(http://curl.haxx.se/bug/view.cgi?id=1676581)
Dan F (9 March 2007)
- Updated the test harness to check for protocol support before running each
test, fixing KNOWN_BUGS #11.
Dan F (7 March 2007)
- Reintroduced (after a 3 year hiatus) an FTPS test case (400) into the test
harness. It is very limited as it supports only ftps:// URLs with
--ftp-ssl-control specified, which implicitly encrypts the control
channel but not the data channels. That allows stunnel to be used with
an unmodified ftp server in exactly the same way that the test https
server is set up.
Dan F (7 March 2007)
- Honour --ftp-ssl-control on ftps:// URLs to allow encrypted control and
unencrypted data connections.
Dan F (6 March 2007)
- Fixed a couple of improper pointer uses detected by valgrind in test
cases 181 & 216.
Daniel (2 March 2007)
- Robert A. Monat and Shmulik Regev helped out to fix the new */Makefile.vc8
makefiles that are included in the source release archives, generated from
the Makefile.vc6 files by the maketgz script. I also modified the root
Makefile to have a VC variable that defaults to vc6 but can be overridden to
allow it to be used for vc8 as well. Like this:
nmake VC=vc8 vc
Daniel (27 February 2007)
- Hang Kin Lau found and fixed: When I use libcurl to connect to an https
server through a proxy and have the remote https server port set using the
CURLOPT_PORT option, protocol gets reset to http from https after the first
request.
User defined URL was modified internally by libcurl and subsequent reuse of
the easy handle may lead to connection using a different protocol (if not
originally http).
I found that libcurl hardcoded the protocol to "http" when it tries to
regenerate the URL if CURLOPT_PORT is set. I tried to fix the problem as
follows and it's working fine so far
Daniel (25 February 2007)
- Adam D. Moss made the HTTP CONNECT procedure less blocking when used from
the multi interface. Note that it still does a part of the connection in a
blocking manner.
Daniel (23 February 2007)
- Added warning outputs if the command line uses more than one of the options
-v, --trace and --trace-ascii, since it could really confuse the user.
Clarified this fact in the man page.
Daniel (21 February 2007)
- Ravi Pratap provided work on libcurl making pipelining more robust and
fixing some bugs:
o Don't mix GET and POST requests in a pipeline
o Fix the order in which requests are dispatched from the pipeline
o Fixed several curl bugs with pipelining when the server is returning
chunked encoding:
* Added states to chunked parsing for final CRLF
* Rewind buffer after parsing chunk with data remaining
* Moved chunked header initializing to a spot just before receiving
headers
Daniel (20 February 2007)
- Linus Nielsen Feltzing changed the CURLOPT_FTP_SSL_CCC option to handle
active and passive CCC shutdown and added the --ftp-ssl-ccc-mode command
line option.
Daniel (19 February 2007)
- Ian Turner fixed the libcurl.m4 macro's support for --with-libcurl.
- Shmulik Regev found a memory leak in re-used HTTPS connections, at least
when the multi interface was used.
- Robson Braga Araujo made passive FTP transfers work with SOCKS (both 4 and
5).
Daniel (18 February 2007)
- Jeff Pohlmeyer identified two problems: first a rather obscure problem with
the multi interface and connection re-use that could make a
curl_multi_remove_handle() ruin a pointer in another handle.
The second problem was less of an actual problem but more of minor quirk:
the re-using of connections wasn't properly checking if the connection was
marked for closure.
Daniel (16 February 2007)
- Duncan Mac-Vicar Prett and Michal Marek reported problems with resetting
CURLOPT_RANGE back to no range on an easy handle when using FTP.
Dan F (14 February 2007)
- Fixed curl-config --libs so it doesn't list unnecessary libraries (and
therefore introduce unnecessary dependencies) when it's not needed.
Also, don't bother adding a library path of /usr/lib
Daniel (13 February 2007)
- The default password for anonymous FTP connections is now changed to be
"ftp@example.com".
- Robert A. Monat made libcurl build fine with VC2005 - it doesn't have
gmtime_r() like the older VC versions. He also made use of some machine-
specific defines to differentiate the "OS" define.
Daniel (12 February 2007)
- Rob Crittenden added support for NSS (Network Security Service) for the
SSL/TLS layer. http://www.mozilla.org/projects/security/pki/nss/
This is the fourth supported library for TLS/SSL that libcurl supports!
- Shmulik Regev fixed so that the final CRLF of HTTP response headers are sent
to the debug callback.
- Shmulik Regev added CURLOPT_HTTP_CONTENT_DECODING and
CURLOPT_HTTP_TRANSFER_DECODING that if set to zero will disable libcurl's
internal decoding of content or transfer encoded content. This may be
preferable in cases where you use libcurl for proxy purposes or similar. The
command line tool got a --raw option to disable both at once.
- release tarballs made with maketgz will from now on have a LIBCURL_TIMESTAMP
define set to hold the exact date and time of when the tarball was built, as
a human readable string using the UTC time zone.
- Jeff Pohlmeyer fixed a flaw in curl_multi_add_handle() when adding a handle
that has an easy handle present in the "closure" list pending closure.
Daniel (6 February 2007)
- Regular file downloads wiht SFTP and SCP are now done using the non-blocking
API of libssh2, if the libssh2 headers seem to support them. This will make
SCP and SFTP much more responsive and better libcurl citizens when used with
the multi interface etc.
Daniel (5 February 2007)
- Michael Wallner added support for CURLOPT_TIMEOUT_MS and
CURLOPT_CONNECTTIMEOUT_MS that, as their names suggest, do the timeouts with
millisecond resolution. The only restriction to that is the alarm()
(sometimes) used to abort name resolves as that uses full seconds. I fixed
the FTP response timeout part of the patch.
Internally we now count and keep the timeouts in milliseconds but it also
means we multiply set timeouts with 1000. The effect of this is that no
timeout can be set to more than 2^31 milliseconds (on 32 bit systems), which
equals 24.86 days. We probably couldn't before either since the code did
*1000 on the timeout values on several places already.
Daniel (3 February 2007)
- Yang Tse fixed the cookie expiry date in several test cases that started to
fail since they used "1 feb 2007"...
- Manfred Schwarb reported that socks5 support was broken and help us pinpoint
the problem. The code now tries harder to use httproxy and proxy where
apppropriate, as not all proxies are HTTP...
Update to 7.16.1:
Package info: scp support not enabled (libssh2 is not packaged).
Version 7.16.1 (29 January 2007)
Daniel (29 January 2007)
- Michael Wallner reported that when doing a CONNECT with a custom User-Agent
header, you got _two_ User-Agent headers in the CONNECT request...! Added
test case 287 to verify the fix.
Daniel (28 January 2007)
- curl_easy_reset() now resets the CA bundle path correctly.
- David McCreedy fixed the Curl command line tool for HTTP on non-ASCII
platforms.
Daniel (25 January 2007)
- Added the --libcurl [file] option to curl. Append this option to any
ordinary curl command line, and you will get a libcurl-using source code
written to the file that does the equivalent operation of what your command
line operation does!
Dan F (24 January 2007)
- Fixed a dangling pointer problem that prevented the http_proxy environment
variable from being properly used in many cases (and caused test case 63
to fail).
Daniel (23 January 2007)
- David McCreedy did NTLM changes mainly for non-ASCII platforms:
#1
There's a compilation error in http_ntlm.c if USE_NTLM2SESSION is NOT
defined. I noticed this while testing various configurations. Line 867 of
the current http_ntlm.c is a closing bracket for an if/else pair that only
gets compiled in if USE_NTLM2SESSION is defined. But this closing bracket
wasn't in an #ifdef so the code fails to compile unless USE_NTLM2SESSION was
defined. Lines 198 and 140 of my patch wraps that closing bracket in an
#ifdef USE_NTLM2SESSION.
#2
I noticed several picky compiler warnings when DEBUG_ME is defined. I've
fixed them with casting. By the way, DEBUG_ME was a huge help in
understanding this code.
#3
Hopefully the last non-ASCII conversion patch for libcurl in a while. I
changed the "NTLMSSP" literal to hex since this signature must always be in
ASCII.
Conversion code was strategically added where necessary. And the
Curl_base64_encode calls were changed so the binary "blobs" http_ntlm.c
creates are NOT translated on non-ASCII platforms.
Dan F (22 January 2007)
- Converted (most of) the test data files into genuine XML. A handful still
are not, due mainly to the lack of support for XML character entities
(e.g. & => & ). This will make it easier to validate test files using
tools like xmllint, as well as to edit and view them using XML tools.
Daniel (16 January 2007)
- Armel Asselin improved libcurl to behave a lot better when an easy handle
doing an FTP transfer is removed from a multi handle before completion. The
fix also fixed the "alive counter" to be correct on "premature removal" for
all protocols.
Dan F (16 January 2007)
- Fixed a small memory leak in tftp uploads discovered by curl's memory leak
detector. Also changed tftp downloads to URL-unescape the downloaded
file name.
Daniel (14 January 2007)
- David McCreedy provided libcurl changes for doing HTTP communication on
non-ASCII platforms. It does add some complexity, most notably with more
#ifdefs, but I want to see this supported added and I can't see how we can
add it without the extra stuff added.
- Setting CURLOPT_COOKIELIST to "ALL" when no cookies at all was present,
libcurl would crash when trying to read a NULL pointer.
Daniel (12 January 2007)
- Toby Peterson found a nasty bug that prevented (lib)curl from properly
downloading (most) things that were larger than 4GB on 32 bit systems. Matt
Witherspoon helped as narrow down the problem.
Daniel (5 January 2007)
- Linus Nielsen Feltzing introduced the --ftp-ssl-ccc command line option to
curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it
will make libcurl shutdown SSL/TLS after the authentication is done on a
FTP-SSL operation.
Daniel (4 January 2007)
- David McCreedy made changes to allow base64 encoding/decoding to work on
non-ASCII platforms.
Daniel (3 January 2007)
- Matt Witherspoon fixed the flaw which made libcurl 7.16.0 always store
downloaded data in two buffers, just to be able to deal with a special HTTP
pipelining case. That is now only activated for pipelined transfers. In
Matt's case, it showed as a considerable performance difference,
Daniel (2 January 2007)
- Victor Snezhko helped us fix bug report #1603712
(http://curl.haxx.se/bug/view.cgi?id=1603712) (known bug #36) --limit-rate
(CURLOPT_MAX_SEND_SPEED_LARGE and CURLOPT_MAX_RECV_SPEED_LARGE) are broken
on Windows (since 7.16.0, but that's when they were introduced as previous
to that the limiting logic was made in the application only and not in the
library). It was actually also broken on select()-based systems (as apposed
to poll()) but we haven't had any such reports. We now use select(), Sleep()
or delay() properly to sleep a while without waiting for anything input or
output when the rate limiting is activated with the easy interface.
- Modified libcurl.pc.in to use Libs.private for the libs libcurl itself needs
to get built static. It has been mentioned before and was again brought to
our attention by Nathanael Nerode who filed debian bug report #405226
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405226).
Daniel (29 December 2006)
- Make curl_easy_duphandle() set the magic number in the new handle.
Daniel (22 December 2006)
- Robert Foreman provided a prime example snippet showing how libcurl would
get confused and not acknowledge the 'no_proxy' variable properly once it
had used the proxy and you re-used the same easy handle. I made sure the
proxy name is properly stored in the connect struct rather than the
sessionhandle/easy struct.
- David McCreedy fixed a bad call to getsockname() that wrongly used a size_t
variable to point to when it should be a socklen_t.
- When setting a proxy with environment variables and (for example) running
'curl [URL]' with a URL without a protocol prefix, curl would not send a
correct request as it failed to add the protocol prefix.
Daniel (21 December 2006)
- Robson Braga Araujo reported bug #1618359
(http://curl.haxx.se/bug/view.cgi?id=1618359) and subsequently provided a
patch for it: when downloading 2 zero byte files in a row, curl 7.16.0
enters an infinite loop, while curl 7.16.1-20061218 does one additional
unnecessary request.
Fix: During the "Major overhaul introducing http pipelining support and
shared connection cache within the multi handle." change, headerbytecount
was moved to live in the Curl_transfer_keeper structure. But that structure
is reset in the Transfer method, losing the information that we had about
the header size. This patch moves it back to the connectdata struct.
Daniel (16 December 2006)
- Brendan Jurd provided a fix that now prevents libcurl from getting a SIGPIPE
during certain conditions when GnuTLS is used.
Daniel (11 December 2006)
- Alexey Simak found out that when doing FTP with the multi interface and
something went wrong like it got a bad response code back from the server,
libcurl would leak memory. Added test case 538 to verify the fix.
I also noted that the connection would get cached in that case, which
doesn't make sense since it cannot be re-use when the authentication has
failed. I fixed that issue too at the same time, and also that the path
would be "remembered" in vain for cases where the connection was about to
get closed.
Daniel (6 December 2006)
- Sebastien Willemijns reported bug #1603712
(http://curl.haxx.se/bug/view.cgi?id=1603712) which is about connections
getting cut off prematurely when --limit-rate is used. While I found no such
problems in my tests nor in my reading of the code, I found that the
--limit-rate code was severly flawed (since it was moved into the lib, since
7.15.5) when used with the easy interface and it didn't work as documented
so I reworked it somewhat and now it works for my tests.
Daniel (5 December 2006)
- Stefan Krause pointed out a compiler warning with a picky MSCV compiler when
passing a curl_off_t argument to the Curl_read_rewind() function which takes
an size_t argument. Curl_read_rewind() also had debug code left in it and it
was put in a different source file with no good reason when only used from
one single spot.
- Sh Diao reported that CURLOPT_CLOSEPOLICY doesn't work, and indeed, there is
no code present in the library that receives the option. Since it was not
possible to use, we know that no current users exist and thus we simply
removed it from the docs and made the code always use the default path of
the code.
- Jared Lundell filed bug report #1604956
(http://curl.haxx.se/bug/view.cgi?id=1604956) which identified setting
CURLOPT_MAXCONNECTS to zero caused libcurl to SIGSEGV. Starting now, libcurl
will always internally use no less than 1 entry in the connection cache.
- Sh Diao reported that CURLOPT_FORBID_REUSE no works, and indeed it broke in
the 7.16.0 release.
- Martin Skinner brought back bug report #1230118 to haunt us once again.
(http://curl.haxx.se/bug/view.cgi?id=1230118) curl_getdate() did not work
properly for all input dates on Windows. It was mostly seen on some TZ time
zones using DST. Luckily, Martin also provided a fix.
- Alexey Simak filed bug report #1600447
(http://curl.haxx.se/bug/view.cgi?id=1600447) in which he noted that active
FTP connections don't work with the multi interface. The problem is here
that the multi interface state machine has a state during which it can wait
for the data connection to connect, but the active connection is not done in
the same step in the sequence as the passive one is so it doesn't quite work
for active. The active FTP code still use a blocking function to allow the
remote server to connect.
The fix (work-around is a better word) for this problem is to set the
boolean prematurely that the data connection is completed, so that the "wait
for connect" phase ends at once.
The proper fix, left for the future, is of course to make the active FTP
case to act in a non-blocking way too.
- Matt Witherspoon fixed a problem case when the CPU load went to 100% when a
HTTP upload was disconnected:
"What appears to be happening is that my system (Linux 2.6.17 and 2.6.13) is
setting *only* POLLHUP on poll() when the conditions in my previous mail
occur. As you can see, select.c:Curl_select() does not check for POLLHUP. So
basically what was happening, is poll() was returning immediately (with
POLLHUP set), but when Curl_select() looked at the bits, neither POLLERR or
POLLOUT was set. This still caused Curl_readwrite() to be called, which
quickly returned. Then the transfer() loop kept continuing at full speed
forever."
Daniel (1 December 2006)
- Toon Verwaest reported that there are servers that send the Content-Range:
header in a third, not suppported by libcurl, format and we agreed that we
could make the parser more forgiving to accept all the three found
variations.
Daniel (25 November 2006)
- Venkat Akella found out that libcurl did not like HTTP responses that simply
responded with a single status line and no headers nor body. Starting now, a
HTTP response on a persistent connection (i.e not set to be closed after the
response has been taken care of) must have Content-Length or chunked
encoding set, or libcurl will simply assume that there is no body.
To my horror I learned that we had no less than 57(!) test cases that did bad
HTTP responses like this, and even the test http server (sws) responded badly
when queried by the test system if it is the test system. So although the
actual fix for the problem was tiny, going through all the newly failing test
cases got really painful and boring.
Daniel (24 November 2006)
- James Housley did lots of work and introduced SFTP downloads.
Daniel (13 November 2006)
- Ron in bug #1595348 (http://curl.haxx.se/bug/view.cgi?id=1595348) pointed
out a stack overwrite (and the corresponding fix) on 64bit Windows when
dealing with HTTP chunked encoding.
Daniel (9 November 2006)
- Nir Soffer updated libcurl.framework.make:
o fix symlinks, should link to Versions, not to ./Versions
o indentation improvments
- Dmitriy Sergeyev found a SIGSEGV with his test04.c example posted on 7 Nov
2006. It turned out we wrongly assumed that the connection cache was present
when tearing down a connection.
- Ciprian Badescu found a SIGSEGV when doing multiple TFTP transfers using the
multi interface, but I could also repeat it doing multiple sequential ones
with the easy interface. Using Ciprian's test case, I could fix it.
Daniel (8 November 2006)
- Bradford Bruce reported that when setting CURLOPT_DEBUGFUNCTION without
CURLOPT_VERBOSE set to non-zero, you still got a few debug messages from the
SSL handshake. This is now stopped.
Daniel (7 November 2006)
- Olaf fixed a leftover problem with the CONNECT fix of his that would leave a
wrong error message in the error message buffer.
Daniel (3 November 2006)
- Olaf Stueben provided a patch that I edited slightly. It fixes the notorious
KNOWN_BUGS #25, which happens when a proxy closes the connection when
libcurl has sent CONNECT, as part of an authentication negotiation. Starting
now, libcurl will re-connect accordingly and continue the authentication as
it should.
Daniel (2 November 2006)
- James Housley brought support for SCP transfers, based on the libssh2 library
for the actual network protocol stuff.
Added these new curl_easy_setopt() options:
CURLOPT_SSH_AUTH_TYPES
CURLOPT_SSH_PUBLIC_KEYFILE
CURLOPT_SSH_PRIVATE_KEYFILE
DESTDIR support.
Update to 7.16.0:
Version 7.16.0 (30 October 2006)
Daniel (25 October 2006)
- Fixed CURLOPT_FAILONERROR to return CURLE_HTTP_RETURNED_ERROR even for the
case when 401 or 407 are returned, *IF* no auth credentials have been given.
The CURLOPT_FAILONERROR option is not possible to make fool-proof for 401
and 407 cases when auth credentials is given, but we've now covered this
somewhat more.
You might get some amounts of headers transferred before this situation is
detected, like for when a "100-continue" is received as a response to a
POST/PUT and a 401 or 407 is received immediately afterwards.
Added test 281 to verify this change.
Daniel (23 October 2006)
- Ravi Pratap provided a major update with pipelining fixes. We also no longer
re-use connections (for pipelining) before the name resolving is done.
Daniel (21 October 2006)
- Nir Soffer made the tests/libtest/Makefile.am use a proper variable for all
the single test applications' link and dependences, so that you easier can
override those from the command line when using make.
- Armel Asselin separated CA cert verification problems from problems with
reading the (local) CA cert file to let users easier pinpoint the actual
problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code.
Daniel (18 October 2006)
- Removed the "protocol-guessing" for URLs with host names starting with FTPS
or TELNET since they are practically non-existant. This leaves us with only
three different prefixes that would assume the protocol is anything but
HTTP, and they are host names starting with "ftp.", "dict." or "ldap.".
Daniel (17 October 2006)
- Bug report #1579171 pointed out code flaws detected with "prefast", and they
were 1 - a too small memory clear with memset() in the threaded resolver and
2 - a range of potentially bad uses of the ctype family of is*() functions
such as isdigit(), isalnum(), isprint() and more. The latter made me switch
to using our own set of these functions/macros using uppercase letters, and
with some extra set of crazy typecasts to avoid mistakingly passing in
negative numbers to the underlying is*() functions.
- With Jeff Pohlmeyer's help, I fixed the expire timer when using
curl_multi_socket() during name resolves with c-ares and the LOW_SPEED
options now work fine with curl_multi_socket() as well.
Daniel (16 October 2006)
- Added a check in configure that simply tries to run a program (not when
cross-compiling) in order to detect problems with run-time libraries that
otherwise would occur when the sizeof tests for curl_off_t would run and
thus be much more confusing to users. The check of course should run after
all lib-checks are done and before any other test is used that would run an
executable built for testing-purposes.
Dan F (13 October 2006)
- The tagging of application/x-www-form-urlencoded POST body data sent
to the CURLOPT_DEBUGFUNCTION callback has been fixed (it was erroneously
included as part of the header). A message was also added to the
command line tool to show when data is being sent, enabled when
--verbose is used.
Daniel (12 October 2006)
- Starting now, adding an easy handle to a multi stack that was already added
to a multi stack will cause CURLM_BAD_EASY_HANDLE to get returned.
- Jeff Pohlmeyer has been working with the hiperfifo.c example source code,
and while doing so it became apparent that the current timeout system for
the socket API really was a bit awkward since it become quite some work to
be sure we have the correct timeout set.
Jeff then provided the new CURLMOPT_TIMERFUNCTION that is yet another
callback the app can set to get to know when the general timeout time
changes and thus for an application like hiperfifo.c it makes everything a
lot easier and nicer. There's a CURLMOPT_TIMERDATA option too of course in
good old libcurl tradition.
Jeff has also updated the hiperfifo.c example code to use this news.
Daniel (9 October 2006)
- Bogdan Nicula's second test case (posted Sun, 08 Oct 2006) converted to test
case 535 and it now runs fine. Again a problem with the pipelining code not
taking all possible (error) conditions into account.
Daniel (6 October 2006)
- Bogdan Nicula's hanging test case (posted Wed, 04 Oct 2006) was converted to
test case 533 and the test now runs fine.
Daniel (4 October 2006)
- Dmitriy Sergeyev provided an example source code that crashed CVS libcurl
but that worked nicely in 7.15.5. I converted it into test case 532 and
fixed the problem.
Daniel (29 September 2006)
- Removed a few other no-longer present options from the header file.
- Support for FTP third party transfers was removed. Here's why:
o The recent multi interface changes broke it and the design of the 3rd party
transfers made it very hard to fix the problems
o It was still blocking and thus nasty for the multi interface
o It was a lot of extra code for a very rarely used feature
o It didn't use the same code as for "plain" FTP transfers, so it didn't work
fine for IPv6 and it didn't properly re-use connections and more
o There's nobody around who's willing to work on and improve the existing
code
This does not mean that third party transfers are banned forever, only that
they need to be done better if they are to be re-added in the future.
The CURLOPT_SOURCE_* options are removed from the lib and so are the --3p*
options from the command line tool. For this reason, I also bumped the
version info for the lib.
Daniel (28 September 2006)
- Reported in #1561470 (http://curl.haxx.se/bug/view.cgi?id=1561470), libcurl
would crash if a bad function sequence was used when shutting down after
using the multi interface (i.e using easy_cleanup after multi_cleanup) so
precautions have been added to make sure it doesn't any more - test case 529
was added to verify.
Daniel (27 September 2006)
- The URL in the cookie jar file is now changed since it was giving a 404.
Reported by Timothy Stone. The new URL will take the visitor to a curl web
site mirror with the document.
Daniel (24 September 2006)
- Bernard Leak fixed configure --with-gssapi-libs.
- Cory Nelson made libcurl use the WSAPoll() function if built for Windows
Vista (_WIN32_WINNT >= 0x0600)
Daniel (23 September 2006)
- Mike Protts added --ftp-ssl-control to make curl use FTP-SSL, but only
encrypt the control connection and use the data connection "plain".
- Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better
as it now will read the full data sent from servers. The SOCKS-related code
was also moved to the new lib/socks.c source file.
Daniel (21 September 2006)
- Added test case 531 in an attempt to repeat bug report #1561470
(http://curl.haxx.se/bug/view.cgi?id=1561470) that is said to crash when an
FTP upload fails with the multi interface. It did not, but I made a failed
upload still assume the control connection to be fine.
Daniel (20 September 2006)
- Armel Asselin fixed problems when you gave a proxy URL with user name and
empty password or no password at all. Test case 278 and 279 were added to
verify.
Daniel (12 September 2006)
- Added docs/examples/10-at-a-time.c by Michael Wallner
- Added docs/examples/hiperfifo.c by Jeff Pohlmeyer
Daniel (11 September 2006)
- Fixed my breakage from earlier today so that doing curl_easy_cleanup() on a
handle that is part of a multi handle first removes the handle from the
stack.
- Added CURLOPT_SSL_SESSIONID_CACHE and --no-sessionid to disable SSL
session-ID re-use on demand since there obviously are broken servers out
there that misbehave with session-IDs used.
- Jeff Pohlmeyer presented a *multi_socket()-using program that exposed a
problem with it (SIGSEGV-style). It clearly showed that the existing
socket-state and state-difference function wasn't good enough so I rewrote
it and could then re-run Jeff's program without any crash. The previous
version clearly could miss to tell the application when a handle changed
from using one socket to using another.
While I was at it (as I could use this as a means to track this problem
down), I've now added a 'magic' number to the easy handle struct that is
inited at curl_easy_init() time and cleared at curl_easy_cleanup() time that
we can use internally to detect that an easy handle seems to be fine, or at
least not closed or freed (freeing in debug builds fill the area with 0x13
bytes but in normal builds we can of course not assume any particular data
in the freed areas).
Daniel (9 September 2006)
- Michele Bini fixed how the hostname is put in NTLM packages. As servers
don't expect fully qualified names we need to cut them off at the first dot.
- Peter Sylvester cleaned up and fixed the getsockname() uses in ftp.c. Some
of them can be completetly removed though...
Daniel (6 September 2006)
- Ravi Pratap and I have implemented HTTP Pipelining support. Enable it for a
multi handle using CURLMOPT_PIPELINING and all HTTP connections done on that
handle will be attempted to get pipelined instead of done in parallell as
they are performed otherwise.
As a side-effect from this work, connections are now shared between all easy
handles within a multi handle, so if you use N easy handles for transfers,
each of them can pick up and re-use a connection that was previously used by
any of the handles, be it the same or one of the others.
This separation of the tight relationship between connections and easy
handles is most noticable when you close easy handles that have been used in
a multi handle and check amount of used memory or watch the debug output, as
there are times when libcurl will keep the easy handle around for a while
longer to be able to close it properly. Like for sending QUIT to close down
an FTP connection.
This is a major change.
Daniel (4 September 2006)
- Dmitry Rechkin (http://curl.haxx.se/bug/view.cgi?id=1551412) provided a
patch that while not fixing things very nicely, it does make the SOCKS5
proxy connection slightly better as it now acknowledges the timeout for
connection and it no longer segfaults in the case when SOCKS requires
authentication and you did not specify username:password.
Daniel (31 August 2006)
- Dmitriy Sergeyev found and fixed a multi interface flaw when using asynch
name resolves. It could get stuck in the wrong state.
Gisle (29 August 2006)
- Added support for other MS-DOS compilers (desides djgpp). All MS-DOS
compiler now uses the same config.dos file (renamed to config.h by
make). libcurl now builds fine using Watcom and Metaware's High-C
using the Watt-32 tcp/ip-stack.
Daniel (29 August 2006)
- David McCreedy added CURLOPT_SOCKOPTFUNCTION and CURLOPT_SOCKOPTDATA to
allow applications to set their own socket options.
Daniel (25 August 2006)
- Armel Asselin reported that the 'running_handles' counter wasn't updated
properly if you removed a "live" handle from a multi handle with
curl_multi_remove_handle().
Daniel (22 August 2006)
- David McCreedy fixed a remaining mistake from the August 19 TYPE change.
- Peter Sylvester pointed out a flaw in the AllowServerConnect() in the FTP
code when doing pure ipv6 EPRT connections.
Daniel (19 August 2006)
- Based on a patch by Armel Asselin, the FTP code no longer re-issues the TYPE
command on subsequent requests on a re-used connection unless it has to.
- Armel Asselin fixed a crash in the FTP code when using SINGLECWD mode and
files in the root directory.
- Andrew Biggs pointed out a "Expect: 100-continue" flaw where libcurl didn't
send the whole request at once, even though the Expect: header was disabled
by the application. An effect of this change is also that small (< 1024
bytes) POSTs are now always sent without Expect: header since we deem it
more costly to bother about that than the risk that we send the data in
vain.
Daniel (9 August 2006)
- Armel Asselin made the CURLOPT_PREQUOTE option work fine even when
CURLOPT_NOBODY is set true. PREQUOTE is then run roughly at the same place
in the command sequence as it would have run if there would've been a
transfer.
Daniel (8 August 2006)
- Fixed a flaw in the "Expect: 100-continue" treatment. If you did two POSTs
on a persistent connection and allowed the first to use that header, you
could not disable it for the second request.
Daniel (7 August 2006)
- Domenico Andreolfound a quick build error which happened because
src/config.h.in was not a proper duplcate of lib/config.h.in which it
should've been and this was due to the maketgz script not doing the cp
properly.
Specifying USE_TOOLS in a comment does not work. (hi wiz!)
Update to 7.15.5, convert to options.mk.
Version 7.15.5 (7 August 2006)
Daniel (2 August 2006)
- Mark Lentczner fixed how libcurl was not properly doing chunked encoding
if the header "Transfer-Encoding: chunked" was set by the application.
http://curl.haxx.se/bug/view.cgi?id=1531838
Daniel (1 August 2006)
- Maciej Karpiuk fixed a crash that would occur if we passed Curl_strerror()
an unknown error number on glibc systems.
http://curl.haxx.se/bug/view.cgi?id=1532289
Daniel (31 July 2006)
- *ALERT* curl_multi_socket() and curl_multi_socket_all() got modified
prototypes: they both now provide the number of running handles back to the
calling function. It makes the functions resemble the good old
curl_multi_perform() more and provides a nice way to know when the multi
handle goes empty.
ALERT2: don't use the curl_multi_socket*() functionality in anything
production-like until I say it's somewhat settled, as I suspect there might
be some further API changes before I'm done...
Daniel (28 July 2006)
- Yves Lejeune fixed so that replacing Content-Type: when doing multipart
formposts work exactly the way you want it (and the way you'd assume it
works).
Daniel (27 July 2006)
- David McCreedy added --ftp-ssl-reqd which makes curl *require* SSL for both
control and data connection, as the existing --ftp-ssl option only requests
it.
- [Hiper-related work] Added a function called curl_multi_assign() that will
set a private pointer added to the internal libcurl hash table for the
particular socket passed in to this function:
CURLMcode curl_multi_assign(CURLM *multi_handle,
curl_socket_t sockfd,
void *sockp);
'sockp' being a custom pointer set by the application to be associated with
this socket. The socket has to be already existing and in-use by libcurl,
like having already called the callback telling about its existance.
The set hashp pointer will then be passed on to the callback in upcoming
calls when this same socket is used (in the brand new 'socketp' argument).
Daniel (26 July 2006)
- Dan Nelson added the CURLOPT_FTP_ALTERNATIVE_TO_USER libcurl option and curl
tool option named --ftp-alternative-to-user. It provides a mean to send a
particular command if the normal USER/PASS approach fails.
- Michael Jerris added magic that builds lib/curllib.vcproj automatically for
newer MSVC.
Daniel (25 July 2006)
- Georg Horn made the transfer timeout error message include more details.
Daniel (20 July 2006)
- David McCreedy fixed a build error when building libcurl with HTTP disabled,
problem added with the curl_formget() patch.
Daniel (17 July 2006)
- Jari Sundell did some excellent research and bug tracking, figured out that
we did wrong and patched it: When nodes were removed from the splay tree,
and we didn't properly remove it from the splay tree when an easy handle was
removed from a multi stack and thus we could wrongly leave a node in the
splay tree pointing to (bad) memory.
Daniel (14 July 2006)
- David McCreedy fixed a flaw where the CRLF counter wasn't properly cleared
for FTP ASCII transfers.
Daniel (8 July 2006)
- Ates Goral pointed out that libcurl's cookie parser did case insensitive
string comparisons on the path which is incorrect and provided a patch that
fixes this. I edited test case 8 to include details that test for this.
- Ingmar Runge provided a source snippet that caused a crash. The reason for
the crash was that libcurl internally was a bit confused about who owned the
DNS cache at all times so if you created an easy handle that uses a shared
DNS cache and added that to a multi handle it would crash. Now we keep more
careful internal track of exactly what kind of DNS cache each easy handle
uses: None, Private (allocated for and used only by this single handle),
Shared (points to a cache held by a shared object), Global (points to the
global cache) or Multi (points to the cache within the multi handle that is
automatically shared between all easy handles that are added with private
caches).
Daniel (4 July 2006)
- Toshiyuki Maezawa fixed a problem where you couldn't override the
Proxy-Connection: header when using a proxy and not doing CONNECT.
Daniel (24 June 2006)
- Michael Wallner added curl_formget(), which allows an application to extract
(serialise) a previously built formpost (as with curl_formadd()).
Daniel (23 June 2006)
- Arve Knudsen found a flaw in curl_multi_fdset() for systems where
curl_socket_t is unsigned (like Windows) that could cause it to wrongly
return a max fd of -1.
Daniel (20 June 2006)
- Peter Silva introduced CURLOPT_MAX_SEND_SPEED_LARGE and
CURLOPT_MAX_RECV_SPEED_LARGE that limit tha maximum rate libcurl is allowed
to send or receive data. This kind of adds the the command line tool's
option --limit-rate to the library.
The rate limiting logic in the curl app is now removed and is instead
provided by libcurl itself. Transfer rate limiting will now also work for -d
and -F, which it didn't before.
Daniel (19 June 2006)
- Made -K on a file that couldn't be read cause a warning to be displayed.
Daniel (13 June 2006)
- Dan Fandrich implemented --enable-hidden-symbols configure option to enable
-fvisibility=hidden on gcc >= 4.0. This reduces the size of the libcurl
binary and speeds up dynamic linking by hiding all the internal symbols from
the symbol table.
Mention (in a comment) that test target needs perl.
Update to 7.15.4:
Version 7.15.4 (12 June 2006)
Daniel (8 June 2006)
- Brian Dessent fixed the code for cygwin in three distinct ways:
The first modifies {lib,src}/setup.h to not include the winsock headers
under Cygwin. This fixes the reported build problem. Cygwin attempts as
much as possible to emulate a posix environment under Windows. This means
that WIN32 is *not* #defined and (to the extent possible) everything is done
as it would be on a *ix type system. Thus <sys/socket.h> is the proper
include, and even though winsock2.h is present, including it just introduces
a whole bunch of incompatible socket API stuff.
The second is a patch I've included in the Cygwin binary packages for a
while. It skips two unnecessary library checks (-lwinmm and -lgdi32). The
checks are innocuous and they do succeed, but they pollute LIBS with
unnecessary stuff which gets recorded as such in the libcurl.la file, which
brings them into the build of any libcurl-downstream. As far as I know
these libs are really only necessary for mingw, so alternatively they could
be designed to only run if $host matches *-*-mingw* but I took the safer
route of skipping them for *-*-cygwin*.
The third patch replaces all uses of the ancient and obsolete __CYGWIN32__
with __CYGWIN__. Ref: <http://cygwin.com/ml/cygwin/2003-09/msg01520.html>.
Daniel (7 June 2006)
- Mikael Sennerholm provided a patch that added NTLM2 session response support
to libcurl. The 21 NTLM test cases were again modified to comply...
Daniel (27 May 2006)
- Óscar Morales Vivó updated the libcurl.framework.make file.
Daniel (26 May 2006)
- Olaf Stüben fixed a bug that caused Digest authentication with md5-sess to
fail. When using the md5-sess, the result was not Md5 encoded and Base64
transformed.
Daniel (25 May 2006)
- Michael Wallner provided a patch that allows "SESS" to be set with
CURLOPT_COOKIELIST, which then makes all session cookies get cleared.
Daniel (24 May 2006)
- Tor Arntsen made test 271 run fine again since the TFTP path fix.
Daniel (23 May 2006)
- Martin Michlmayr filed debian bug report #367954, but the same error also
showed up in the autobuilds. It seems a rather long-since introduced shell
script flaw in the configure script suddenly was detected by the bash
version in Debian Unstable. It had previously passed undetected by all
shells used so far...
- David McCreedy updated lib/config-tpf.h
Daniel (11 May 2006)
- Fixed the configure's check for old-style SSLeay headers since I fell over a
case with a duplicate file name (a krb4 implementation with an err.h
file). I converted the check to manually make sure three of the headers are
present before considering them fine.
- David McCreedy provided a fix for CURLINFO_LASTSOCKET that does extended
checks on the to-be-returned socket to make sure it truly seems to be alive
and well. For SSL connection it (only) uses OpenSSL functions.
Daniel (10 May 2006)
- Fixed DICT in two aspects:
1 - allow properly URL-escaped words, like using %20 for spaces
2 - properly escape certain letters within a word to comply to the RFC2229
Daniel (9 May 2006)
- Andreas Ntaflos reported a bug in libcurl.m4: When configuring my GNU
autotools project, which optionally (default=yes) uses libcurl on a system
without a (usable) libcurl installation, but not specifying
`--without-libcurl', configure determines correctly that no libcurl is
available, however, the LIBCURL variable gets expanded to `LIBCURL = -lcurl'
in the resulting Makefiles.
David Shaw fixed the flaw.
- Robson Braga Araujo fixed two problems in the recently added non-blocking SSL
connects. The state machine was not reset properly so that subsequent
connects using the same handle would fail, and there were two memory leaks.
- Robson Braga Araujo fixed a memory leak when you added an easy handle to a
multi stack and that easy handle had already been used to do one or more
easy interface transfers, as then the code threw away the previously used
DNS cache without properly freeing it.
Daniel (8 May 2006)
- Dan Fandrich went over the TFTP code and he pointed out and fixed numerous
problems:
* The received file is corrupted when a packet is lost and retransmitted
(this is a serious problem!)
* Transmitting a file aborts if a block is lost and retransmitted
* Data is stored in the wrong location in the buffer for uploads, so uploads
always fail (I don't see how it could have ever worked, but it did on x86
at least)
* A number of calls are made to strerror instead of Curl_strerror, making
the code not thread safe
* There are references to errno instead of Curl_sockerrno(), causing
incorrect error messages on Windows
* The file name includes a leading / which violates RFC3617. Doing something
similar to ftp, where two slashes after the host name means an absolute
reference seems a reasonable extension to fix this.
* Failures in EBCDIC conversion are not propagated up to the caller but are
silently ignored
- Fixed known bug #28. The TFTP code no longer assumes a packed struct and
thus works reliably on more platforms.
Daniel (5 May 2006)
- Roland Blom filed bug report #1481217
(http://curl.haxx.se/bug/view.cgi?id=1481217), with follow-ups by Michele
Bini and David Byron. libcurl previously wrongly used GetLastError() on
windows to get error details after socket-related function calls, when it
really should use WSAGetLastError() instead.
When changing to this, the former function Curl_ourerrno() is now instead
called Curl_sockerrno() as it is necessary to only use it to get errno from
socket-related functions as otherwise it won't work as intended on Windows.
Daniel (4 May 2006)
- Mark Eichin submitted bug report #1480821
(http://curl.haxx.se/bug/view.cgi?id=1480821) He found and identified a
problem with how libcurl dealt with GnuTLS and a case where gnutls returned
GNUTLS_E_AGAIN indicating it would block. It would then return an unexpected
return code, making Curl_ssl_send() confuse the upper layer - causing random
28 bytes trash data to get inserted in the transfered stream.
The proper fix was to make the Curl_gtls_send() function return the proper
return codes that the callers would expect. The Curl_ossl_send() function
already did this.
Daniel (2 May 2006)
- Added a --checkfor option to curl-config to allow users to easier
write for example shell scripts that test for the presence of a
new-enough libcurl version. If --checkfor is given a version string
newer than what is currently installed, curl-config will return a
non-zero exit code and output a string about the unfulfilled
requirement.
Daniel (26 April 2006)
- David McCreedy brought initial line end conversions when doing FTP ASCII
transfers. They are done on non-windows systems and translate CRLF to LF.
I modified the 15 LIST-using test cases accordingly. The downside is that now
we'll have even more trouble to get the tests to run on Windows since they
should get CRLF newlines left intact which the *nix versions don't. I figure
the only sane thing to do is to add some kind of [newline] macro for the test
case files and have them expanded to the proper native line ending when the
test cases are run. This is however left to implement.
Daniel (25 April 2006)
- Paul Querna fixed libcurl to better deal with deflate content encoding
when the stream (wrongly) lacks a proper zlib header. This seems to be the
case on too many actual server implementations.
Daniel (21 April 2006)
- Ale Vesely fixed CURLOPT_INTERFACE when using a hostname.
Daniel (19 April 2006)
- Based on previous info from Tor Arntsen, I made configure detect the Intel
ICC compiler to add a compiler option for it, in order for configure to
properly be able to detect function prototypes.
- Robson Braga Araujo provided a patch that makes libcurl less eager to close
the control connection when using FTP, for example when you remove an easy
handle from a multi stack.
- Applied a patch by Ates Goral and Katie Wang that corrected my bad fix
attempt from April 10.
Daniel (11 April 2006)
- #1468330 (http://curl.haxx.se/bug/view.cgi?id=1468330) pointed out a bad
typecast in the curl tool leading to a crash with (64bit?) VS2005 (at least)
since the struct timeval field tv_sec is an int while time_t is 64bit.
Daniel (10 April 2006)
- Ates Goral found out that if you specified both CURLOPT_CONNECTTIMEOUT and
CURLOPT_TIMEOUT, the _longer_ time would wrongly be used for the SSL
connection time-out!
- I merged my hiper patch (http://curl.haxx.se/libcurl/hiper/) into the main
sources. See the lib/README.multi_socket for implementation story with
details. Don't expect it to work fully yet. I don't intend to blow any
whistles or ring any bells about it until I'm more convinced it works at
least somewhat reliably.
Daniel (7 April 2006)
- David McCreedy's EBCDIC and TPF changes. Three new curl_easy_setopt()
options (callbacks) were added:
CONV_FROM_NETWORK_FUNCTION
CONV_TO_NETWORK_FUNCTION
CONV_FROM_UTF8_FUNCTION
Daniel (5 April 2006)
- Michele Bini modified the NTLM code to work for his "weird IIS case"
(http://curl.haxx.se/mail/lib-2006-02/0154.html) by adding the NTLM hash
function in addition to the LM one and making some other adjustments in the
order the different parts of the data block are sent in the Type-2 reply.
Inspiration for this work was taken from the Firefox NTLM implementation.
I edited the existing 21(!) NTLM test cases to run fine with these news. Due
to the fact that we now properly include the host name in the Type-2 message
the test cases now only compare parts of that chunk.
Daniel (28 March 2006)
- #1451929 (http://curl.haxx.se/bug/view.cgi?id=1451929) detailed a bug that
occurred when asking libcurl to follow HTTP redirects and the original URL
had more than one question mark (?). Added test case 276 to verify.
Daniel (27 March 2006)
- David Byron found a problem multiple -d options when libcurl was built with
--enable-debug, as then curl used free() on memory allocated both with
normal malloc() and with libcurl-provided functions, when the latter MUST be
freed with curl_free() in debug builds.
Daniel (26 March 2006)
- Tor Arntsen figured out that TFTP was broken on a lot of systems since we
called bind() with a too big argument in the 3rd parameter and at least
Tru64, AIX and IRIX seem to be very picky about it.
Daniel (21 March 2006)
- David McCreedy added CURLINFO_FTP_ENTRY_PATH.
- Xavier Bouchoux made the SSL connection non-blocking for the multi interface
(when using OpenSSL).
- Tor Arntsen fixed the AIX Toolbox RPM spec
Daniel (20 March 2006)
- David McCreedy fixed libcurl to no longer ignore AUTH failures and now it
reacts properly according to the CURLOPT_FTP_SSL setting.
- Dan Fandrich fixed two TFTP problems: Fixed a bug whereby a received file
whose length was a multiple of 512 bytes could have random garbage
appended. Also, stop processing TFTP packets which are too short to be
legal.
- Ilja van Sprundel reported a possible crash in the curl tool when using
"curl hostwithoutslash -d data -G"
Pullup ticket 1250 - requested by Marc Recht
security update for curl
Revisions pulled up:
- pkgsrc/www/curl/Makefile 1.62, 1.63
- pkgsrc/www/curl/PLIST 1.19
- pkgsrc/www/curl/distinfo 1.43, 1.44
- pkgsrc/www/curl/patches/patch-aa removed
- pkgsrc/www/curl/patches/patch-ac removed
Module Name: pkgsrc
Committed By: wiz
Date: Fri Mar 3 22:26:08 UTC 2006
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
Removed Files:
pkgsrc/www/curl/patches: patch-aa
Log Message:
Update to 7.15.2:
Version 7.15.2 (27 February 2005)
Daniel (22 February 2006)
- Lots of work and analysis by "xbx___" in bug #1431750
(http://curl.haxx.se/bug/view.cgi?id=1431750) helped me identify and fix two
different but related bugs:
1) Removing an easy handle from a multi handle before the transfer is done
could leave a connection in the connection cache for that handle that is
in a state that isn't suitable for re-use. A subsequent re-use could then
read from a NULL pointer and segfault.
2) When an easy handle was removed from the multi handle, there could be an
outstanding c-ares DNS name resolve request. When the response arrived,
it caused havoc since the connection struct it "belonged" to could've
been freed already.
Now Curl_done() is called when an easy handle is removed from a multi handle
pre-maturely (that is, before the transfer was complteted). Curl_done() also
makes sure to cancel all (if any) outstanding c-ares requests.
Daniel (21 February 2006)
- Peter Su added support for SOCKS4 proxies. Enable this by setting the proxy
type to the already provided type CURLPROXY_SOCKS4.
I added a --socks4 option that works like the current --socks5 option but
instead use the socks4 protocol.
Daniel (20 February 2006)
- Shmulik Regev fixed an issue with multi-pass authentication and compressed
content when libcurl didn't honor the internal ignorebody flag.
Daniel (18 February 2006)
- Ulf Härnhammar fixed a format string (printf style) problem in the Negotiate
code. It should however not be the cause of any troubles. He also fixed a
few similar problems in the HTTP test server code.
Daniel (17 February 2006)
- Shmulik Regev provided a fix for the DNS cache when using short life times,
as previously it could be holding on to old cached entries longer than
requested.
Daniel (11 February 2006)
- Karl Moerder added the CURLOPT_CONNECT_ONLY and CURLINFO_LASTSOCKET options
that an app can use to let libcurl only connect to a remote host and then
extract the socket from libcurl. libcurl will then not attempt to do any
transfer at all after the connect is done.
- Kent Boortz improved the configure check for GnuTLS to properly set LIBS
instead of LDFLAGS.
Daniel (8 February 2006)
- Philippe Vaucher provided a brilliant piece of test code that show a problem
with re-used FTP connections. If the second request on the same connection
was set not to fetch a "body", libcurl could get confused and consider it an
attempt to use a dead connection and would go acting mighty strange.
Daniel (2 February 2006)
- Make --limit-rate [num] mean bytes. It used to be that but it broke in my
change done in November 2005.
Daniel (30 January 2006)
- Added CURLOPT_LOCALPORT and CURLOPT_LOCALPORTRANGE to libcurl. Set with the
curl tool with --local-port. Plain and simply set the range of ports to bind
the local end of connections to. Implemented on to popular demand.
- Based on an error report by Philippe Vaucher, we no longer count a retried
connection setup as a follow-redirect. It turns out 1) this fails when a FTP
connection is re-setup and 2) it does make the max-redirs counter behave
wrong.
Daniel (24 January 2006)
- Michal Marek provided a patch for FTP that makes libcurl continue to try
PASV even after EPSV returned a positive response code, if libcurl failed to
connect to the port number the EPSV response said. Obviously some people are
going through protocol-sensitive firewalls (or similar) that don't
understand EPSV and then they don't allow the second connection unless PASV
was used. This also called for a minor fix of test case 238.
Daniel (20 January 2006)
- Duane Cathey was one of our friends who reported that curl -P [IP]
(CURLOPT_FTPPORT) didn't work for ipv6-enabed curls if the IP wasn't a
"native" IP while it works fine for ipv6-disabled builds!
In the process of fixing this, I removed the support for LPRT since I can't
think of many reasons to keep doing it and asking on the mailing list didn't
reveal anyone else that could either. The code that sends EPRT and PORT is
now also a lot simpler than before (IMHO).
Daniel (19 January 2006)
- Jon Turner pointed out that doing -P [hostname] (CURLOPT_FTPPORT) with curl
(built ipv4-only) didn't work.
Daniel (18 January 2006)
- As reported in bug #1408742 (http://curl.haxx.se/bug/view.cgi?id=1408742),
the configure script complained about a missing "missing" script if you ran
configure within a path whose name included one or more spaces. This is due
to a flaw in automake (1.9.6 and earlier). I've now worked around it by
including an "overloaded" version of the AM_MISSING_HAS_RUN script that'll
be used instead of the one automake ships with. This kludge needs to be
removed once we get an automake version with this problem corrected.
Possibly we'll then need to convert this into a kludge depending on what
automake version that is used and that is gonna be painful and I don't even
want to think about that now...!
Daniel (17 January 2006)
- David Shaw: Here is the latest libcurl.m4 autoconf tests. It is updated with
the latest features and protocols that libcurl supports and has a minor fix
to better deal with the obscure case where someone has more than one libcurl
installed at the same time.
Daniel (16 January 2006)
- David Shaw finally removed all traces of Gopher and we are now officially
not supporting it. It hasn't been functioning for years anyway, so this is
just finally stating what already was true. And a cleanup at the same time.
- Bryan Henderson turned the 'initialized' variable for curl_global_init()
into a counter, and thus you can now do multiple curl_global_init() and you
are then supposed to dot of calls to curl_global_cleanup().
Bryan has also updated the docs accordingly.
Daniel (13 January 2006)
- Andrew Benham fixed a race condition in the test suite that could cause the
ript to kill all processes in the current process group!
Daniel (12 January 2006)
- Michael Jahn:
Fixed FTP_SKIP_PASV_IP and FTP_USE_EPSV to "do right" when used on FTP thru
HTTP proxh a proxy. It would
previously overwrite internal memory and cause unpredicted behaviour!
Daniel (11 January 2006)
- I decided to document the "secret option" here now, as I've receivedts from November 2005:
I'm looking for feedback and comments. I added some experimental code the
other day, that allows a libcurl user to select what method libcurl should
use to reality is available in CVS code and in recent daily snapshots.
Let me explain...
The current name for the option is CURLOPT_FTP_FILEMETHOD (--ftp-method for
the command line tool) andt do this:
1 multicwd - like today, curl will do a single CWD operation for each path
part in the given URL. For deep hierarchies this means very many
commands. This is how RFC1738 says it should be done. This is the
- no CWD at all is done, curl will do SIZE, RETR, STOR etc and give
a full path to the server.
3 singlecwd - make one CWD with the full target directory and then operate
on the file "normally".
(With the command line tool you do --ftp-method [METHOD], where [METHOD] is
one of "multicwd", "nocwd" or "singlecwd".)
What feedback I'm interested in:vers where one of these don't work?
2 - What would proper names for the option and its arguments be, if we
consider this feature good enough to get included and documented in
ses?
3 - Should we make libcurl able to "walk through" these options in case of
(path related) failures, or should it fail and let the user redo any
possible retries?
(Thi any man page just yet since I'm not sure
these names will be used or if the functionality will end up exactly like
this. And for the same reasons we have no test cases for these yet.)
Daniel (10 January 2006)
- When using a bad path over FTP, asinto all
given subdirs, libcurl would still "remember" the full path as if it is the
current directory libcurl is in so that the next curl_easy_perform() would
get really confused if
---
Module Name: pkgsrc
Committed By: recht
Date: Tue Mar 21 21:49:47 UTC 2006
Modified Files:
pkgsrc/www/curl: Makefile distinfo
Removed Files:
pkgsrc/www/curl/patches: patch-ac
Log Message:
update to curl 7.15.3
Fixes a TFTP packet buffer overflow vulnerability.
See http://curl.haxx.se/docs/adv_20060320.html for details.
Changes:
- added docs for --ftp-method and CURLOPT_FTP_FILEMETHOD
Bugfixes:
- TFTP Packet Buffer Overflow Vulnerability
- properly detecting problems with sending the FTP command USER
- wrong error message shown when certificate verification failed
- multi-part formpost with multi interface crash
- the CURLFTPSSL_CONTROL setting for CURLOPT_FTP_SSL is acknowledged
- "SSL: couldn't set callback" is now treated as a less serious problem
- Interix build fix
- fixed curl "hang" when out of file handles at start
- prevent FTP uploads to URLs with trailing slash
update to curl 7.15.3 Fixes a TFTP packet buffer overflow vulnerability. See http://curl.haxx.se/docs/adv_20060320.html for details. Changes: - added docs for --ftp-method and CURLOPT_FTP_FILEMETHOD Bugfixes: - TFTP Packet Buffer Overflow Vulnerability - properly detecting problems with sending the FTP command USER - wrong error message shown when certificate verification failed - multi-part formpost with multi interface crash - the CURLFTPSSL_CONTROL setting for CURLOPT_FTP_SSL is acknowledged - "SSL: couldn't set callback" is now treated as a less serious problem - Interix build fix - fixed curl "hang" when out of file handles at start - prevent FTP uploads to URLs with trailing slash
Update to 7.15.2:
Version 7.15.2 (27 February 2005)
Daniel (22 February 2006)
- Lots of work and analysis by "xbx___" in bug #1431750
(http://curl.haxx.se/bug/view.cgi?id=1431750) helped me identify and fix two
different but related bugs:
1) Removing an easy handle from a multi handle before the transfer is done
could leave a connection in the connection cache for that handle that is
in a state that isn't suitable for re-use. A subsequent re-use could then
read from a NULL pointer and segfault.
2) When an easy handle was removed from the multi handle, there could be an
outstanding c-ares DNS name resolve request. When the response arrived,
it caused havoc since the connection struct it "belonged" to could've
been freed already.
Now Curl_done() is called when an easy handle is removed from a multi handle
pre-maturely (that is, before the transfer was complteted). Curl_done() also
makes sure to cancel all (if any) outstanding c-ares requests.
Daniel (21 February 2006)
- Peter Su added support for SOCKS4 proxies. Enable this by setting the proxy
type to the already provided type CURLPROXY_SOCKS4.
I added a --socks4 option that works like the current --socks5 option but
instead use the socks4 protocol.
Daniel (20 February 2006)
- Shmulik Regev fixed an issue with multi-pass authentication and compressed
content when libcurl didn't honor the internal ignorebody flag.
Daniel (18 February 2006)
- Ulf Härnhammar fixed a format string (printf style) problem in the Negotiate
code. It should however not be the cause of any troubles. He also fixed a
few similar problems in the HTTP test server code.
Daniel (17 February 2006)
- Shmulik Regev provided a fix for the DNS cache when using short life times,
as previously it could be holding on to old cached entries longer than
requested.
Daniel (11 February 2006)
- Karl Moerder added the CURLOPT_CONNECT_ONLY and CURLINFO_LASTSOCKET options
that an app can use to let libcurl only connect to a remote host and then
extract the socket from libcurl. libcurl will then not attempt to do any
transfer at all after the connect is done.
- Kent Boortz improved the configure check for GnuTLS to properly set LIBS
instead of LDFLAGS.
Daniel (8 February 2006)
- Philippe Vaucher provided a brilliant piece of test code that show a problem
with re-used FTP connections. If the second request on the same connection
was set not to fetch a "body", libcurl could get confused and consider it an
attempt to use a dead connection and would go acting mighty strange.
Daniel (2 February 2006)
- Make --limit-rate [num] mean bytes. It used to be that but it broke in my
change done in November 2005.
Daniel (30 January 2006)
- Added CURLOPT_LOCALPORT and CURLOPT_LOCALPORTRANGE to libcurl. Set with the
curl tool with --local-port. Plain and simply set the range of ports to bind
the local end of connections to. Implemented on to popular demand.
- Based on an error report by Philippe Vaucher, we no longer count a retried
connection setup as a follow-redirect. It turns out 1) this fails when a FTP
connection is re-setup and 2) it does make the max-redirs counter behave
wrong.
Daniel (24 January 2006)
- Michal Marek provided a patch for FTP that makes libcurl continue to try
PASV even after EPSV returned a positive response code, if libcurl failed to
connect to the port number the EPSV response said. Obviously some people are
going through protocol-sensitive firewalls (or similar) that don't
understand EPSV and then they don't allow the second connection unless PASV
was used. This also called for a minor fix of test case 238.
Daniel (20 January 2006)
- Duane Cathey was one of our friends who reported that curl -P [IP]
(CURLOPT_FTPPORT) didn't work for ipv6-enabed curls if the IP wasn't a
"native" IP while it works fine for ipv6-disabled builds!
In the process of fixing this, I removed the support for LPRT since I can't
think of many reasons to keep doing it and asking on the mailing list didn't
reveal anyone else that could either. The code that sends EPRT and PORT is
now also a lot simpler than before (IMHO).
Daniel (19 January 2006)
- Jon Turner pointed out that doing -P [hostname] (CURLOPT_FTPPORT) with curl
(built ipv4-only) didn't work.
Daniel (18 January 2006)
- As reported in bug #1408742 (http://curl.haxx.se/bug/view.cgi?id=1408742),
the configure script complained about a missing "missing" script if you ran
configure within a path whose name included one or more spaces. This is due
to a flaw in automake (1.9.6 and earlier). I've now worked around it by
including an "overloaded" version of the AM_MISSING_HAS_RUN script that'll
be used instead of the one automake ships with. This kludge needs to be
removed once we get an automake version with this problem corrected.
Possibly we'll then need to convert this into a kludge depending on what
automake version that is used and that is gonna be painful and I don't even
want to think about that now...!
Daniel (17 January 2006)
- David Shaw: Here is the latest libcurl.m4 autoconf tests. It is updated with
the latest features and protocols that libcurl supports and has a minor fix
to better deal with the obscure case where someone has more than one libcurl
installed at the same time.
Daniel (16 January 2006)
- David Shaw finally removed all traces of Gopher and we are now officially
not supporting it. It hasn't been functioning for years anyway, so this is
just finally stating what already was true. And a cleanup at the same time.
- Bryan Henderson turned the 'initialized' variable for curl_global_init()
into a counter, and thus you can now do multiple curl_global_init() and you
are then supposed to do the same amount of calls to curl_global_cleanup().
Bryan has also updated the docs accordingly.
Daniel (13 January 2006)
- Andrew Benham fixed a race condition in the test suite that could cause the
test script to kill all processes in the current process group!
Daniel (12 January 2006)
- Michael Jahn:
Fixed FTP_SKIP_PASV_IP and FTP_USE_EPSV to "do right" when used on FTP thru
HTTP proxy.
Fixed PROXYTUNNEL to work fine when you do ftp through a proxy. It would
previously overwrite internal memory and cause unpredicted behaviour!
Daniel (11 January 2006)
- I decided to document the "secret option" here now, as I've received *NO*
feedback at all on my mailing list requests from November 2005:
I'm looking for feedback and comments. I added some experimental code the
other day, that allows a libcurl user to select what method libcurl should
use to reach a file on a FTP(S) server.
This functionality is available in CVS code and in recent daily snapshots.
Let me explain...
The current name for the option is CURLOPT_FTP_FILEMETHOD (--ftp-method for
the command line tool) and you set it to a long (there are currenly no
defines for the argument values, just plain numericals). You can set three
different "methods" that do this:
1 multicwd - like today, curl will do a single CWD operation for each path
part in the given URL. For deep hierarchies this means very many
commands. This is how RFC1738 says it should be done. This is the
default.
2 nocwd - no CWD at all is done, curl will do SIZE, RETR, STOR etc and give
a full path to the server.
3 singlecwd - make one CWD with the full target directory and then operate
on the file "normally".
(With the command line tool you do --ftp-method [METHOD], where [METHOD] is
one of "multicwd", "nocwd" or "singlecwd".)
What feedback I'm interested in:
1 - Do they work at all? Do you find servers where one of these don't work?
2 - What would proper names for the option and its arguments be, if we
consider this feature good enough to get included and documented in
upcoming releases?
3 - Should we make libcurl able to "walk through" these options in case of
(path related) failures, or should it fail and let the user redo any
possible retries?
(This option is not documented in any man page just yet since I'm not sure
these names will be used or if the functionality will end up exactly like
this. And for the same reasons we have no test cases for these yet.)
Daniel (10 January 2006)
- When using a bad path over FTP, as in when libcurl couldn't CWD into all
given subdirs, libcurl would still "remember" the full path as if it is the
current directory libcurl is in so that the next curl_easy_perform() would
get really confused if it tried the same path again - as it would not issue
any CWD commands at all, assuming it is already in the "proper" dir.
Starting now, a failed CWD command sets a flag that prevents the path to be
"remembered" after returning.
Daniel (7 January 2006)
- Michael Jahn fixed so that the second CONNECT when doing FTP over a HTTP
proxy actually used a new connection and not sent the second request on the
first socket!
Daniel (6 January 2006)
- Alexander Lazic made the buildconf run the buildconf in the ares dir if that
is present instead of trying to mimic that script in curl's buildconf
script.
Daniel (3 January 2006)
- Andres Garcia made the TFTP test server build with mingw.
Daniel (16 December 2005)
- Jean Jacques Drouin pointed out that you could only have a user name or
password of 127 bytes or less embedded in a URL, where actually the code
uses a 255 byte buffer for it! Modified now to use the full buffer size.
Daniel (12 December 2005)
- Dov Murik corrected the HTTP_ONLY define to disable the TFTP support properly
Recursive revision bump / recommended bump for gettext ABI change.
Pullup ticket 949 - requested by Lubomir Sedlacik
security update for curl
Revisions pulled up:
- pkgsrc/www/curl/Makefile 1.60
- pkgsrc/www/curl/PLIST 1.18
- pkgsrc/www/curl/distinfo 1.42
- pkgsrc/www/curl/patches/patch-ab removed
Module Name: pkgsrc
Committed By: salo
Date: Sat Dec 10 17:57:29 UTC 2005
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
Removed Files:
pkgsrc/www/curl/patches: patch-ab
Log Message:
Update to version 7.15.1
Changes:
- the libcurl.pc pkgconfig file now gets installed on make install
- URL globbing now offers "range steps": [1-100:10]
- LDAPv3 is now the preferred LDAP protocol version
- --max-redirs and CURLOPT_MAXREDIRS set to 0 limits redirects
- improved MSVC makefile
Bugfixes:
- URL buffer overflow problem (CVE-2005-4077)
- using file:// on non-existing files are properly handled
- builds fine on DJGPP
- CURLOPT_ERRORBUFFER is now always filled in on errors
- curl outputs error on bad --limit-rate units
- fixed libcurl's use of poll() on cygwin
- the GnuTLS code didn't support client certificates
- TFTP over IPv6 works
- no reverse lookups on IP addresses when ipv6-enabled
- SSPI compatibility fix: using the proper DLLs
- binary LDAP properties are now shown base64 encoded
- Windows uploads from stdin using curl can now contain ctrl-Z bytes
- -r [num] would produce an invalid HTTP Range: header
- multi interface with multi IP hosts could leak socket descriptors
- the GnuTLS code didn't handle rehandshakes
- re-use of a dead FTP connection
- name resolve error codes fixed for Windows builds
- double WWW-Authenticate Digest headers are now handled
- curl-config --vernum fixed
Update to version 7.15.1 Changes: - the libcurl.pc pkgconfig file now gets installed on make install - URL globbing now offers "range steps": [1-100:10] - LDAPv3 is now the preferred LDAP protocol version - --max-redirs and CURLOPT_MAXREDIRS set to 0 limits redirects - improved MSVC makefile Bugfixes: - URL buffer overflow problem (CVE-2005-4077) - using file:// on non-existing files are properly handled - builds fine on DJGPP - CURLOPT_ERRORBUFFER is now always filled in on errors - curl outputs error on bad --limit-rate units - fixed libcurl's use of poll() on cygwin - the GnuTLS code didn't support client certificates - TFTP over IPv6 works - no reverse lookups on IP addresses when ipv6-enabled - SSPI compatibility fix: using the proper DLLs - binary LDAP properties are now shown base64 encoded - Windows uploads from stdin using curl can now contain ctrl-Z bytes - -r [num] would produce an invalid HTTP Range: header - multi interface with multi IP hosts could leak socket descriptors - the GnuTLS code didn't handle rehandshakes - re-use of a dead FTP connection - name resolve error codes fixed for Windows builds - double WWW-Authenticate Digest headers are now handled - curl-config --vernum fixed
Fixed pkglint warnings. The warnings are mostly quoting issues, for
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
Pullup ticket 862 - requested by Min Sik Kim security update for curl Revisions pulled up: - pkgsrc/www/curl/Makefile 1.57, 1.58 - pkgsrc/www/curl/buildlink3.mk 1.9, 1.10 - pkgsrc/www/curl/distinfo 1.39, 1.40 - pkgsrc/www/curl/patches/patch-ab 1.40 Module Name: pkgsrc Committed By: reed Date: Sat Oct 15 15:37:16 UTC 2005 Modified Files: pkgsrc/www/curl: Makefile buildlink3.mk distinfo Log Message: Update to version 7.15.0. This is a security issue. http://curl.haxx.se/mail/lib-2005-10/0061.html Also update BUILDLINK_RECOMMENDED.curl. --- Module Name: pkgsrc Committed By: reed Date: Sat Oct 15 15:39:51 UTC 2005 Modified Files: pkgsrc/www/curl: buildlink3.mk Log Message: Change BUILDLINK_RECOMMENDED.curl from 7.15 to real 7.15.0. --- Module Name: pkgsrc Committed By: minskim Date: Thu Oct 20 16:25:15 UTC 2005 Modified Files: pkgsrc/www/curl: Makefile distinfo Added Files: pkgsrc/www/curl/patches: patch-ab Log Message: Make "curl-config --vernum" work again. It was broken in 7.15.0. Bump PKGREVISION.
Make "curl-config --vernum" work again. It was broken in 7.15.0. Bump PKGREVISION.
Update to version 7.15.0. This is a security issue. http://curl.haxx.se/mail/lib-2005-10/0061.html Also update BUILDLINK_RECOMMENDED.curl.
Changes 7.14.1: * GNU GSS support * --ignore-content-length and CURLOPT_IGNORE_CONTENT_LENGTH added * negotiates data connection SSL earlier when doing FTPS with PASV * CURLOPT_COOKIELIST and CURLINFO_COOKIELIST * trailer support for chunked encoded data streams * -x/CURL_PROXY strings may now contain user+password * --trace-time now outputs the full microsecond, all 6 digits * Bugfixes
Make the include/curl/multi.h self-contained to fix the build of packages using it (such as the new drivel-2.0.0). Bump PKGREVISION to 1. The problem is that this header file requires the fd_set definitions, but it only pulls in <sys/select.h> on AIX and NETWARE systems. Instead, change the inclusion to only happen if configure script detected it during build time.
Changes 7.14.0: - Grigory Entin reported that curl's configure detects a fine poll() for Mac OS X 10.4 (while 10.3 or later detected a "bad" one), but the executable doesn't work as good as if built without poll(). I've adjusted the configure to always skip the fine-poll() test on Mac OS X (darwin). - When doing a second request (after a disconnect) using the same easy handle, over a proxy that uses NTLM authentication, libcurl failed to use NTLM again properly (the auth method was accidentally reset to the same as had been set for host auth, which defaults to Basic). - If -z/--time-cond is used with an invalid date syntax, this is no longer silently discarded. Instead a proper warning message is diplayed that informs about it. But it still continues without the condition.
Chyanges 7.13.2: * Bug-fixes and improvements
Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used.
take maintainership
Update to 7.13.1: Version 7.13.1 (4 March 2005) Daniel (4 March 2005) - Dave Dribin made it possible to set CURLOPT_COOKIEFILE to "" to activate the cookie "engine" without having to provide an empty or non-existing file. - Rene Rebe fixed a -# crash when more data than expected was retrieved. Daniel (22 February 2005) - NTLM and ftp-krb4 buffer overflow fixed, as reported here: http://www.securityfocus.com/archive/1/391042 and the CAN report here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490 If these security guys were serious, we'd been notified in advance and we could've saved a few of you a little surprise, but now we weren't. Daniel (19 February 2005) - Ralph Mitchell reported a flaw when you used a proxy with auth, and you requested data from a host and then followed a redirect to another host. libcurl then didn't use the proxy-auth properly in the second request, due to the host-only check for original host name wrongly being extended to the proxy auth as well. Added test case 233 to verify the flaw and that the fix removed the problem. Daniel (18 February 2005) - Mike Dobbs reported a mingw build failure due to the lack of BUILDING_LIBCURL being defined when libcurl is built. Now this is defined by configure when mingw is used. Daniel (17 February 2005) - David in bug report #1124588 found and fixed a socket leak when libcurl didn't close the socket properly when returning error due to failing localbind Daniel (16 February 2005) - Christopher R. Palmer reported a problem with HTTP-POSTing using "anyauth" that picks NTLM. Thanks to David Byron letting me test NTLM against his servers, I could quickly repeat and fix the problem. It turned out to be: When libcurl POSTs without knowing/using an authentication and it gets back a list of types from which it picks NTLM, it needs to either continue sending its data if it keeps the connection alive, or not send the data but close the connection. Then do the first step in the NTLM auth. libcurl didn't send the data nor close the connection but simply read the response-body and then sent the first negotiation step. Which then failed miserably of course. The fixed version forces a connection if there is more than 2000 bytes left to send. Daniel (14 February 2005) - The configure script didn't check for ENGINE_load_builtin_engines() so it was never used. Daniel (11 February 2005) - Removed all uses of strftime() since it uses the localised version of the week day names and month names and servers don't like that. Daniel (10 February 2005) - Now the test script disables valgrind-testing when the test suite runs if libcurl is built shared. Otherwise valgrind only tests the shell that runs the wrapper-script named 'curl' that is a front-end to curl in this case. This should also fix the huge amount of reports of false positives when valgrind has identified leaks in (ba)sh and not in curl and people report that as curl bugs. Bug report #1116672 is one example. Also, the valgrind report parser has been adapted to check that at least one of the sources in a stack strace is one of (lib)curl's source files or otherwise it will not consider the problem to concern (lib)curl. - Marty Kuhrt streamlined the VMS build. Daniel (9 February 2005) - David Byron fixed his SSL problems, initially mentioned here: http://curl.haxx.se/mail/lib-2005-01/0240.html. It turned out we didn't use SSL_pending() as we should. - Converted lots of FTP code to a statemachine, so that the multi interface doesn't block while communicating commands-responses with an FTP server. I've added a comment like BLOCKING in the code on all spots I could find where we still have blocking operations. When we change curl_easy_perform() to use the multi interface, we'll also be able to simplify the code since there will only be one "internal interface". While doing this, I've now made CURLE_FTP_ACCESS_DENIED separate from the new CURLE_LOGIN_DENIED. The first one is now access denied to a function, like changing directory or retrieving a file, while the second means that we were denied login. The CVS tag 'before_ftp_statemachine' was set just before this went in, in case of future need. - Gisle made the DICT code send CRLF and not just LF as the spec says so. Daniel (8 February 2005) - Gisle fixed problems when libcurl runs out of memory, and worked on making sure the proper error code is returned for those occations. Daniel (7 February 2005) - Maruko pointed out a problem with inflate decompressing exactly 64K contents. Daniel (5 February 2005) - Eric Vergnaud found a use of an uninitialised variable in the ftp when doing PORT on ipv6-enabled hosts. - David Byron pointed out we could use BUFSIZE to read data (in lib/transfer.c) instead of using BUFSIZE -1.
Pullup ticket 311 - requested by Lubomir Sedlacik security fix for curl Apply a manual patch that fixes a buffer overflow in the NTLM authentication code. See http://www.securityfocus.com/archive/1/391042 for more information.
Fix buffer overflow in the NTLM authentication code. Patch from curl cvs. Bump PKGREVISION.
Update to 7.13.0: This release includes the following changes: o added --ftp-account and CURLOPT_FTP_ACCOUNT o added CURLOPT_SOURCE_URL and CURLOPT_SOURCE_QUOTE o obsoleted CURLOPT_SOURCE_HOST, CURLOPT_SOURCE_PATH, CURLOPT_SOURCE_PORT and CURLOPT_PASV_HOST o added --3p-url, --3p-user and --3p-quote o -Q "+[command]" was added o src/getpass.c license issue sorted (code was rewritten) o curl -w now supports 'http_connect' for the proxy's response to CONNECT o introducing "curl-config --protocols" This release includes the following bugfixes: o re-sending a request when retrying on a fresh connection with multi interface o improved valgrind report parser in the test suite o several valgrind reports o CURLOPT_FTPPORT and -P work when built ipv6-enabled o FTP third party transfers was much improved o proxy environment variables are now ignored when built HTTP-disabled o CURLOPT_PROXY can now disable HTTP proxy even when built HTTP-disabled o "curl dictionary.com" no longer assumes DICT protocol o re-invoke some system calls on EINTR o duplicate Host: when failed connection re-use o SOCKS5 version check o memory problem with cleaning up multi interface o SSL certificate name memory leak o -d with -G to multiple URLs crashed o double va_list access crash fixed o minor memory leak when "version" is set in a cookie header o builds fine on BeOS and NetBSD o builds and runs fine on FreeBSD
Add a patch that re-orders inclusion of select.h to avoid compilation errors on NetBSD 1.6. PKGREVISION++. PR#28859 by Gilles Gravier.
Update to 7.12.3. Enable libidn support.
Version 7.12.3 (20 December 2004)
Daniel (19 December 2004)
- I investigated our PKCS12 build problem on Solaris 2.7 with OpenSSL 0.9.7e,
and it turned out to be the fault of the zlib 1.1.4 headers doing a typedef
named 'free_func' and the OpenSSL headers have a prototype that uses
'free_func' in one of its arguments. This is why the compile errors out.
In other words, we need to include the openssl/pkcs12.h header before the
zlib.h header and it builds fine. The configure script now checks for this
file and it then gets included early in lib/urldata.h.
Daniel (18 December 2004)
- Samuel Listopad added support for PKCS12 formatted certificates.
- Samuel Listopad fixed -E to support "C:/path" (with forward slash) as well.
Daniel (16 December 2004)
- Gisle found and fixed a problem in the directory re-use for FTP.
I added test case 215 and 216 to better verify the functionality.
- Dinar in bug report #1086121, found a file handle leak when a multipart
formpost (including a file upload part) was aborted before the whole file
was sent.
Daniel (15 December 2004)
- Tom Lee found out that globbing of strings with backslashes didn't work as
you'd expect. Backslashes are such a central part of windows file names that
forcing backslashes to have to be escaped with backslashes is a bit too
awkward to users. Starting now, you only need to escape globbing characters
such as the five letters: "[]{},". Added test case 214 to verify this.
Daniel (14 December 2004)
- Harshal Pradhan patched a HTTP persistent connection flaw: if the user name
and/or password were modified between two requests on a persistent
connection, the second request were still made with the first setup!
I added test case 519 to verify the fix.
Daniel (13 December 2004)
- Gisle added CURLINFO_SSL_ENGINES to curl_easy_getinfo() to allow an app
to list all available crypto ENGINES.
- Gisle fixed bug report #1083542, which pointed out a problem with resuming
large file (>4GB) file:// transfers on windows.
Daniel (11 December 2004)
- Made the test suite HTTP server (sws) capable of using IPv6, and then
extended the test environment to support that and also added three test
cases (240, 241, 242) that run tests using IPv6. Test 242 uses a URL that
didn't work before the 10 dec fix by Kai Sommerfeld.
- Made a failed file:// resume output an error message
- Corrected the CURLE_BAD_DOWNLOAD_RESUME error message in lib/strerror.c
- Dan Fandrich:
simplified and consolidated the SSL checks in configure and the usage of the
defines in lib/setup.h
provided a first libcurl.pc.in file for pkg-config (but the result is not
installed anywhere at this point)
extended the cross compile section in the docs/INSTALL file
Daniel (10 December 2004)
- When providing user name in the URL and a IPv6-style IP-address (like in
"ftp://user@[::1]/tmp"), the URL parser didn't get the host extracted
properly. Reported and fixed by Kai Sommerfeld.
Daniel (9 December 2004)
- Ton Voon provided a configure fix that should fix the notorious (mostly
reported on Solaris) problem where the size_t check fails due to the SSL
libs being found in a dir not searched through by the run-time linker.
patch-tracker entry #1081707.
- Bryan Henderson pointed out in bug report #1081788 that the curl-config
--vernum output wasn't zero prefixed properly (as claimed in documentation).
This is fixed in maketgz now.
Daniel (8 December 2004)
- Matt Veenstra updated the mach-O framework files for Mac OS X.
- Rene Bernhardt found and fixed a buffer overrun in the NTLM code, where
libcurl always and unconditionally overwrote a stack-based array with 3 zero
bytes. This is not an exploitable buffer overflow. No need to get alarmed.
Daniel (7 December 2004)
- Fixed so that the final error message is sent to the verbose info "stream"
even if no errorbuffer is set.
Daniel (6 December 2004)
- Dan Fandrich added the --disable-cookies option to configure to build
libcurl without cookie support. This is mainly useful if you want to build a
minimalistic libcurl with no cookies support at all. Like for embedded
systems or similar.
- Richard Atterer fixed libcurl's way of dealing with the EPSV
response. Previously, libcurl would re-resolve the host name with the new
port number and attempt to connect to that, while it should use the IP from
the control channel. This bug made it hard to EPSV from an FTP server with
multiple IP addresses!
Daniel (3 December 2004)
- Bug report #1078066: when a chunked transfer was pre-maturely closed exactly
at a chunk boundary it was not considered an error and thus went unnoticed.
Fixed by Maurice Barnum.
Added test case 207 to verify.
Daniel (2 December 2004)
- Fixed the CONNECT loop to default timeout to 3600 seconds.
Added test case 206 that makes CONNECT with Digest.
Fixed a flaw that prepended "(nil)" to the initial CONNECT rqeuest's user-
agent field.
Daniel (30 November 2004)
- Dan Fandrich's fix for libz 1.1 and "extra field" usage in a gzip stream
- Dan also helped me with input data to create three more test cases for the
--compressed option.
Daniel (29 November 2004)
- I improved the test suite to enable binary contents in the tests (by proving
it base64 encoded), like for testing decompress etc. Added test 220 and 221
for this purpose. Tests can now also depend on libz to run.
- As reported by Reinout van Schouwen in Mandrake's bug tracker bug 12285
(http://qa.mandrakesoft.com/show_bug.cgi?id=12285), when connecting to an
IPv6 host with FTP, --disable-epsv (or --disable-eprt) effectively disables
the ability to transfer a file. Now, when connected to an FTP server with
IPv6, these FTP commands can't be disabled even if asked to with the
available libcurl options.
Daniel (26 November 2004)
- As reported in Mandrake's bug tracker bug 12289
(http://qa.mandrakesoft.com/show_bug.cgi?id=12289), curl would print a
newline to "finish" the progress meter after each redirect and not only
after a completed transfer.
Daniel (25 November 2004)
- FTP improvements:
If EPSV, EPRT or LPRT is tried and doesn't work, it will not be retried on
the same server again even if a following request is made using a persistent
connection.
If a second request is made to a server, requesting a file from the same
directory as the previous request operated on, libcurl will no longer make
that long series of CWD commands just to end up on the same spot. Note that
this is only for *exactly* the same dir. There is still room for improvements
to optimize the CWD-sending when the dirs are only slightly different.
Added test 210, 211 and 212 to verify these changes. Had to improve the
test script too and added a new primitive to the test file format.
Daniel (24 November 2004)
- Andrés García fixed the configure script to detect select properly when run
with Msys/Mingw on Windows.
Daniel (22 November 2004)
- Made HTTP PUT and POST requests no longer use HEAD when doing multi-pass
auth negotiation (NTLM, Digest and Negotiate), but instead use the request
keyword "properly". Details in lib/README.httpauth. This also introduces
CURLOPT_IOCTLFUNCTION and CURLOPT_IOCTLDATA, to be used by apps that use the
"any" auth alternative as then libcurl may need to send the PUT/POST data
more than once and thus may need to ask the app to "rewind" the read data
stream to start.
See also the new example using this: docs/examples/anyauthput.c
- David Phillips enhanced test 518. I made it depend on a "feature" so that
systems without getrlimit() won't attempt to test 518. configure now checks
for getrlimit() and setrlimit() for this test case.
Daniel (18 November 2004)
- David Phillips fixed libcurl to not crash anymore when more than FD_SETSIZE
file descriptors are in use. Test case 518 added to verify.
Daniel (15 November 2004)
- To test my fix for the CURLINFO_REDIRECT_TIME bug, I added time_redirect and
num_redirects support to the -w writeout option for the command line tool.
- Wojciech Zwiefka found out that CURLINFO_REDIRECT_TIME didn't work as
documented.
Daniel (12 November 2004)
- Gisle Vanem modigied the MSVC and Netware makefiles to build without
libcurl.def
- Dan Fandrich added the --disable-crypto-auth option to configure to allow
libcurl to build without Digest support. (I figure it should also explicitly
disable Negotiate and NTLM.)
- *** Modified Behaviour Alert ***
Setting CURLOPT_POSTFIELDS to NULL will no longer do a GET.
Setting CURLOPT_POSTFIELDS to "" will send a zero byte POST and setting
CURLOPT_POSTFIELDS to NULL and CURLOPT_POSTFIELDSIZE to zero will also make
a zero byte POST. Added test case 515 to verify this.
Setting CURLOPT_HTTPPOST to NULL makes a zero byte post. Added test case 516
to verify this.
CURLOPT_POSTFIELDSIZE must now be set to -1 to signal "we don't know".
Setting it to zero simply says this is a zero byte POST.
When providing POST data with a read callback, setting the size up front
is now made with CURLOPT_POSTFIELDSIZE and not with CURLOPT_INFILESIZE.
Daniel (11 November 2004)
- Dan Fandrich added --disable-verbose to the configure script to allow builds
without verbose strings in the code, to save some 12KB space. Makes sense
only for systems with very little memory resources.
- Jeff Phillips found out that a date string with a year beyond 2038 could
crash the new date parser on systems with 32bit time_t. We now check for
this case and deal with it.
Daniel (10 November 2004)
- I installed Heimdal on my Debian box (using the debian package) and noticed
that configure --with-gssapi failed to create a nice build. Fixed now.
Daniel (9 November 2004)
- Gisle Vanem marked all external function calls with CURL_EXTERN so that now
the Windows, Netware and other builds no longer need libcurl.def or similar
files.
Daniel (8 November 2004)
- Made the configure script check for tld.h if libidn was detected, since
libidn 0.3.X didn't have such a header and we don't work with anything
before libidn 0.4.1 anyway! Suse 9.1 apparently ships with a 0.3.X version
of libidn which makes the curl 7.12.2 build fail. Jean-Philippe
Barrette-LaPierre helped pointing this out.
- Ian Gulliver reported in debian bug report #278691: if curl is invoked in an
environment where stderr is closed the -v output will still be sent to file
descriptor 2 which then might be the network socket handle! Now we have a
weird hack instead that attempts to make sure that file descriptor 2 is
opened (with a call to pipe()) before libcurl is called to do the transfer.
configure now checks for pipe() and systems without pipe don't get the weird
hack done.
Daniel (5 November 2004)
- Tim Sneddon made libcurl send no more than 64K in a single first chunk when
doing a huge POST on VMS, as this is a system limitation. Default on general
systems is 100K.
Daniel (4 November 2004)
- Andres Garcia made it build on mingw againa, my --retry code broke the build.
Daniel (2 November 2004)
- Added --retry-max-time that allows a maximum time that may not have been
reached for a retry to be made. If not set there is no maximum time, only
the amount of retries set with --retry.
- Paul Nolan provided a patch to make libcurl build nicely on Windows CE.
Daniel (1 November 2004)
- When cross-compiling, the configure script no longer attempts to use
pkg-config on the build host in order to detect OpenSSL compiler options.
Daniel (27 October 2004)
- Dan Fandrich:
An improvement to the gzip handling of libcurl. There were two problems with
the old version: it was possible for a malicious gzip file to cause libcurl
to leak memory, as a buffer was malloced to hold the header and never freed
if the header ended with no file contents. The second problem is that the
64 KiB decompression buffer was allocated on the stack, which caused
unexpectedly high stack usage and overflowed the stack on some systems
(someone complained about that in the mailing list about a year ago).
Both problems are fixed by this patch. The first one is fixed when a recent
(1.2) version of zlib is used, as it takes care of gzip header parsing
itself. A check for the version number is done at run-time and libcurl uses
that feature if it's present. I've created a define OLD_ZLIB_SUPPORT that
can be commented out to save some code space if libcurl is guaranteed to be
using a 1.2 version of zlib.
The second problem is solved by dynamically allocating the memory buffer
instead of storing it on the stack. The allocation/free is done for every
incoming packet, which is suboptimal, but should be dwarfed by the actual
decompression computation.
I've also factored out some common code between deflate and gzip to reduce
the code footprint somewhat. I've tested the gzip code on a few test files
and I tried deflate using the freshmeat.net server, and it all looks OK. I
didn't try running it with valgrind, however.
- Added a --retry option to curl that takes a numerical option for the number
of times the operation should be retried. It is retried if a transient error
is detected or if a timeout occurred. By default, it will first wait one
second between the retries and then double the delay time between each retry
until the delay time is ten minutes which then will be the delay time
between all forthcoming retries. You can set a static delay time with
"--retry-delay [num]" where [num] is the number of seconds to wait between
each retry.
Daniel (25 October 2004)
- Tomas Pospisek filed bug report #1053287 that proved -C - and --fail on a
file that was already completely downloaded caused an error, while it
doesn't if you don't use --fail! I added test case 194 to verify the fix.
Grrr. CURLOPT_FAILONERROR is now added to the list stuff to remove in
libcurl v8 due to all the kludges needed to support it.
- Mohun Biswas found out that formposting a zero-byte file didn't work very
good. I fixed.
Daniel (19 October 2004)
- Alexander Krasnostavsky made it possible to make FTP 3rd party transfers
with both source and destination being the same host. It can be useful if
you want to move a file on a server or similar.
- Guillaume Arluison added CURLINFO_NUM_CONNECTS to allow an app to figure
out how many new connects a previous transfer required.
I added %{num_connects} to the curl tool and added test case 192 and 193
to verify the new code.
Daniel (18 October 2004)
- Peter Wullinger pointed out that curl should call setlocale() properly to
initiate the specific language operations, to make the IDN stuff work
better.
Changes 7.12.2: * the IDN code now verifies that only TLD-legitmate letters are used in the name or a warning is displayed (when verbose is enabled) * provides error texts for IDN errors * file upload parts in formposts now get their directory names cut off * added CURLINFO_OS_ERRNO * added CURLOPT_FTPSSLAUTH to allow ftp connects to attempt "AUTH TLS" instead before "AUTH SSL" * curl_getdate() completely rewritten: may affect rare curl -z use cases * bugfixes
Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10 in the process. (More information on tech-pkg.) Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and installing .la files. Bump PKGREVISION (only) of all packages depending directly on the above via a buildlink3 include.
update to Curl 7.12.1
Changes:
* the version string now only contains info about (sub) package versions,
while for example krb4 and ipv6 now only are available as 'features'
* added curl_easy_reset()
* socks proxy support even when libcurl is built ipv6-enabled
* read callbacks can stop the transfer by returning CURL_READFUNC_ABORT
* libcurl-tutorial.3 is the new man page formerly known as
libcurl-the-guide
* additional SSL trace data might be sent to the debug callback using two
new types: CURLINFO_SSL_DATA_IN and CURLINFO_SSL_DATA_OUT
* multipart formposts can upload files larger than system memory
* the curl tool continues with the next URL even if one transfer fails
* FTP 3rd party transfer support - seven new setopt() options
Bugfixes:
* UTF-8 encoded certificate names can now be verified properly
* krb4 link problem
* HTTP Negotiate service name now provided in uppercase
* no longer accepts any cookies with domain set to just a TLD
* HTTP Digest properties without quotes in the header
* bad Host: header case on re-used connections over proxy
* duplicate Host: header case on re-used connections
* curl -o name#[num] now works when no globbing for [num] exists
* test suite runs fine with valgrind 2.1.x
* negative Content-Length is ignored
* test 505 runs fine on windows
* curl_share_cleanup() crash
* --trace files now get the final info lines too
* multi interface connects fine to multi-IP resolving hosts
* --limit-rate works on Mac OS X (and other systems with bad poll()s)
* cookies can now hold 4999 bytes of content
* HTTP POST/PUT with NTLM/Digest/Negotiate to a URL returning 3XX
* HTTPS POST/PUT over a proxy requiring NTLM/Digest/Negotiate
* less restrictive libidn requirements, 0.4.1 or later is fine
* HTTP POST or PUT with Digest/Negotiate/NTLM selected but the server
didn't require any authentication
* win32 file:// transfer free memory bug
* configure --disable-http builds a libcurl without HTTP support
* CURLOPT_FILETIME had wrong type in curl.h, it expects a long argument
* builds fine with Borland on Windows
* the msvc curllib.dsp now builds the libcurl.lib file
* builds fine on VMS
* builds fine on NetWare
* HTTP Digest authentication with proxies uses correct user name + password
* builds fine with lcc-win32
Enable pkgviews installation.
Changes 7.12.0: o added ability to "upload" to file:// URLs o added curl_global_init_mem() o removed curl_formparse() o the MSVC project file in the release archive is automatically built o curl --proxy-digest is a new command line option o the Windows version of libcurl can use wldap32.dll for LDAP o added curl_easy_strerror(), curl_multi_strerror() and curl_share_strerror() o IPv6-enabled Windows hosts now resolves names threaded/asynch as well o configure --with-libidn can be used to point out the root dir of a libidn installation (version 0.4.5 or later) for curl to use, then libcurl can resolve and use IDNA names (domain names with "international" letters) Bugfixes: o incoming cookies with domains set with a prefixed dot now works better o CURLOPT_COOKIEFILE and CURLOPT_COOKIE can be used in the same request o improved peer certificate name verification o allocation failures cause no leaks nor crashes o the progress meter display now handles file sizes up to full 8 exabytes (which is as high a signed 64 bit number can reach) o general HTTP authentication improvements o HTTP Digest authentication with the proxy works o mulipart formposting with -F and file names with spaces work again o curl_easy_duphandle() now works when ares-enabled o HTTP Digest authentication works a lot more like the RFC says o curl works with telnet and stdin properly on Windows o configure --without-ssl works even when pkg-config has OpenSSL details o src/hugehelp.c builds correct again in non-configure build environments
Changes 7.11.2: * removed maximum user+password+hostname size limit * removed maximum dir depth limit for FTP * the ares build now requires c-ares 1.2.0 or later * --tcp-nodelay and CURLOPT_TCP_NODELAY were added * curl/curlver.h contains the libcurl version info now * bugfixes
Update curl to 7.11.1, provided by Stefan Kruger in PR pkg/24916. This release includes the following changes: o CURLOPT_POSTFIELDSIZE_LARGE added to offer POSTs larger than 2GB o CURL_VERSION_LARGEFILE is a feature bit returned by libcurls that feature large file support o libcurl only requires winsock 1.1 on windows now o when doing FTP, curl now sends QUIT before disconnecting o name resolves can now timeout on windows too o $HOME is now recognized better when looking for .netrc files o now re-uses the ares handle when re-using curl handles o SO_BINDTODEVICE is used for network interface binding o configure --disable-manual disables the built-in huge manual from the command line tool o the default Accept: header used in HTTP requests changed o asynch dns lookups now require the c-ares library o curl --socks can be used to set a SOCKS5 proxy to use o response-headers received after a (proxy) CONNECT request are now passed to the header callback just like other headers This release includes the following bugfixes: o builds and runs on Novell NetWare o Windows builds now report OS as "i386-pc-win32" o received signals during SSL connect is handled better o improved PUT/POST with NTLM/Digest authentication o following redirects and doing NTLM/Digest (where the first connection gets closed) with the multi interface work better now o file: progress meter and getinfo variables work now o CURLOPT_FRESH_CONNECT and CURLAUTH_NTLM now work when set together o share interface usage without (un)lock functions segfaulted o --limit-rate no longer cripples the --speed-limit feature o fixed verbose output problem with ipv6-enabled re-used connections o fixed the socks5 code to check version in the socks response properly o dns cache bug - fixed the 'inuse' counter o large file fix for Content-Length o better docs for the share interface o several configure fixes for mingw/msys o setting a Host: header is no longer affecting the Host: header used when libcurl follows a Location: o fixed numerous compiler warnings on several operating systems and compilers o PUTing from stdin couldn't disable chunked transfer-encoding o corrected the mingw makefiles o improved the configure libz detection o fixed EPRT/PORT use when doing FTP on ipv6-enabled AIX hosts o *nroff commands that only support -mandoc and not -man are now supported (for the built-in manual text in the command line tool) o fixed the unconditional #include of config.h in hugehelp.c o builds fine on MPE/iX o upload using chunked transfer-encoding now sends the last chunk properly teriminated with an extra CRLF o Fixed the progress meter display for files >2GB o persistant connections over a proxy messed up the proxy name/password o the socks5 code segfaulted if no username/password was set o the *_LARGE options now take curl_off_t types as parameters and this will make it possible to handle large files on windows too o builds with large file support even on systems without strtoll()
PKGREVISION bump after openssl-security-fix-update to 0.9.6m. Buildlink files: RECOMMENDED version changed to current version.
Fix build on sparc64 with gcc2. Correct a spelling error.
Convert to buildlink3. While here, add zlib buildlink2.mk to buildlink2.mk file, since libcurl depends on it.
LIBTOOL_OVERRIDE and SHLIBTOOL_OVERRIDE are now lists of shell globs
relative to ${WRKSRC}. Remove redundant LIBTOOL_OVERRIDE settings that
are automatically handled by the default setting in bsd.pkg.mk.
update to curl-7.11.0 Fixed in 7.11.0 Changes: - allows the URL to be set by a callback when using the multi interface - large file support was added. Use one of the new options: INFILESIZE_LARGE, RESUME_FROM_LARGE and MAXFILESIZE_LARGE - the new --ftp-pasv overrides a previous --ftpport - CURLOPT_FTPSSL and ftps:// now do ssl over FTP "The Right Way" (the curl tool now features the --ftp-ssl option) - The Windows DLLs are built with an added "resource file" - New LIBCURL_VERSION_* defines for easier checking version number - Included Mac OS X 'framework' makefile in the release archive - Removed the TRUE and FALSE #defines from the public curl header file - Added CURLOPT_NETRC_FILE For a complete list see the Changelog at http://curl.haxx.se/changes.html
Update to 7.10.8: 7.10.8 SPNEGO support, Negotiate support, multiple -T flags work, IPv6 support on Windows, and more were added. More than 40 bugs were fixed. 7.10.7 This release supports NTLM for proxies, --ftp-create-dirs, and optional support for asynchronous name-resolving calls. It fixes an information leak, minor memory leaks, a 64bit problem, two cookie-related problems, URL globbing output using -o #[num], and more.
If USE_INET6 isn't "yes", explicitly disable building ipv6 support.
PKGREVISION++ after openssl update.
Update to 7.10.6:
Changes:
* CURLOPT_SSL_CTX_FUNCTION allows a custom callback for SSL connections
* multiple patches lets curl build and run on DOS
* libcurl now deals with spaces in Location: redirects and URLifies them
* curl --version shows more detailed info
* curl_version_info() now returns info on NTLM, GSS-Negotiate and Debug
* curl_version() includes "GSS" in the string if built with GSSAPI available
* Pick-best-authentication option added (--anyauth, using the CURLOPT_HTTPAUTH set to CURLAUTH_ANY)
* NTLM authentication support (--ntlm and CURLAUTH_NTLM)
* GSS-Negotiate authentication support (--negotiate and CURLAUTH_GSSNEGOTIATE)
* Digest authentication support added (--digest and CURLAUTH_DIGEST)
* Allow curl to switch (back to) to Basic authentication (--basic)
* libcurl supports name and password in proxy environment variables
Bugs:
* double slash after the host name on a FTP URL again points out the root dir
* obscure and rare DNS cache problem was fixed
* multiple FTP connections to the same host with different user names didn't work properly
* no more CWD commands without arguments for ftp connections
* curl no longer uses setvbuf() due to portability problems
* VMS build fixes
* the curl tool has the -M manual compressed internally if built with libz
* url globbing syntax error could cause segfault
* Huge (>40-60KB) GET requests over HTTPS failed.
* Content-Length now overrides socket-closed as a means of knowing when the response body is
complete.
* --progress-bar takes the initial size into account when doing resumed downloads
* work around SSL bugs better
* libcurl typically issues POST requests with less send() calls
* better main makefile
* external headers improved portability
* Listing FTP directories without contents could leak a socket
* Getting HTTP contents in one line without headers failed
* bugfixed the socks5-proxy usage (twice)
* h_aliases name-lookup rare crash fixed
* improved curl -M output
* curl_unescape() now only unescapes valid %HH codes
COMMENT should start with a capital letter.
s/netbsd.org/NetBSD.org/
Use tech-pkg@ in favor of packages@ as MAINTAINER for orphaned packages. Should anybody feel like they could be the maintainer for any of thewe packages, please adjust.
Update to 7.10.5. Extract of changes: - Changed the order for the in_addr_t testing, as 'unsigned long' seems to be a very common type inet_addr() returns. - George Comninos provided a fix that calls the progress meter when waiting for FTP command responses take >1 second. It'll make applications more "responsive" even when dealing with very slow ftp servers. - George Comninos pointed out that libcurl uploads had two quirks: o when using FTP PORT command, it used blocking sockets! o it could loop a long time without doing progress meter updates Both items are fixed now. - Dan Fandrich changed CURLOPT_ENCODING to select all supported encodings if set to "". This frees the application from having to know which encodings the library supports. - Avery Fay found out that the CURLOPT_INTERFACE way of first checking if the given name is a network interface gave a real performance penalty on Linux, so now we more appropriately first check if it is an IP number and if so we don't check for a network interface with that name. - CURLOPT_FTP_USE_EPRT added. Set this to FALSE to disable libcurl's attempts to use EPRT and LPRT before the traditional PORT command. The command line tool sets this option with '--disable-eprt'. - Added test case 62 and fixed some more on the cookie sending with a custom Host: header set. - Made the "SSL read error: 5" error message more verbose, by adding code that queries the OpenSSL library to fill in the error buffer. - Added sys/select.h include in the curl/multi.h file, after having been reminded about this by Rich Gray. - I made each test set its own server requirements, thus abandoning the previous system where the test number implied what server(s) to use for a specific test. - David Balazic made curl more RFC1738-compliant for FTP URLs, by fixing so that libcurl now uses one CWD command for each path part. A bunch of test cases were fixed to work accordingly. - Cookie fixes. - Peter Kovacs provided a patch that makes the CURLINFO_CONNECT_TIME work fine when using the multi interface (too). - Peter Sylvester pointed out that curl_easy_setopt() will always (wrongly) return CURLE_OK no matter what happens. - Dan Fandrich fixed some gzip decompression bugs and flaws. - Formposting a file using a .html suffix is now properly set to Content-Type: text/html. - Fixed the SSL error handling to return proper SSL error messages again, they broke in 7.10.4. I also attempt to track down CA cert problems and then return the CURLE_SSL_CACERT error code. - The curl tool now intercepts the CURLE_SSL_CACERT error code and displays a fairly big and explanatory error message. Kevin Roth helped me out with the wording. - Nic Hines provided a second patch for gzip decompression, and fixed a bug when deflate or gzip contents were downloaded using chunked encoding. - Dan Fandrich made libcurl support automatic decompression of gzip contents (as an addition to the previous deflate support). - I made the CWD command during FTP session consider all 2xy codes to be OK responses. - Vlad Krupin fixed a URL parsing issue. URLs that were not using a slash after the host name, but still had "?" and parameters appended, as in "http://hostname.com?foobar=moo", were not properly parsed by libcurl. - Made CURLOPT_TIMECONDITION work for FTP transfers, using the same syntax as for HTTP. This then made -z work for ftp transfers too. Added test case 139 and 140 for verifying this. - Getting the file date of an ftp file used the wrong time zone when displayed. It is supposedly always GMT. Added test case 141 for this. - Made the test suite's FTP server support MDTM. - The default DEBUGFUNCTION, as enabled with CURLOPT_VERBOSE now outputs CURLINFO_HEADER_IN data as well. The most notable effect from this is that using curl -v, you get to see the incoming "headers" as well. This is perhaps most useful when doing ftp. - James Bursa fixed a flaw in the Content-Type extraction code, which missed the first letter if no space followed the colon. - Martijn Broenland found another cases where a server application didn't like the boundary string used by curl when foing a multi-part/formpost. We modified the boundary string to look like the one IE uses, as this is probably gonna make curl work with more applications.
Update to 7.10.4:
Changes:
* the curl tool now "clears" sensitive commands line args
* no more emacs local variables in the source files
* script for distributed, automatic, multi-platform testing added. Please join up and help us test
the bleeding edge curl on various platforms!
* the "scratch buffer" is now only allocated when actually needed
* removed the strequal and strnequal macros from curl/curl.h
* added CURLOPT_UNRESTRICTED_AUTH / --location-trusted
Bugs:
* "curl -O" only, now outputs an error message accordingly
* builds fine on Redhat Linux 9 (configure fix)
* the CA cert bundle included a demo cert now removed
* changing some attributes between two transfers when re-using a connection did not "take effect"
properly
* the test suite runs faster and hopefully a bit more reliably
* improved configure check for presence of functions, needed for HPUX
* the curl tool now makes a correct URL escaping when appending to the URL when using -T and the
file name is appended to the URL.
* configure --enable-libgcc now explicitly add -lgcc to the linker
* better configure checks for headers (since some platforms got nasty warnings output previously)
* configure --help looks nicer
* data transfer bug on HP-UX systems
* improved random seeding for systems without a reliable random source
* 64bit Sparc compiler warnings removed
* a case where a connect failure didn't return an error string
* DNS cache problem in AIX 4.3 and later was fixed
* a POST-then-GET problem when re-using the same handle in libcurl
* extra precaution added for FTP servers returning 0 bytes to SIZE commands
* looping issue in the receive function (i.e badly updated progress meter)
* Fixed the 'Expect: 100-continue' behavior
* CURLOPT_MAXCONNECTS segfault fixed
* multi-interface connecting on Windows to non-listening ports fixed
* Curl_base64_encode() now encodes zero-bytes too properly
* fixed the infamous SSL error:00000000 outputs
* zlib build fix in the mingw makefile
* don't check for ca cert env variable if --insecure is used
* always use strict cert name check unless --insecure is used
* content-type extracting fixed
* DEBUGFUNCTION could be called with wrong arguments in uploads
* ftp downloads could wrongly return CURLE_PARTIAL_FILE in some conditions
* the fopen.c example code didn't work
* content-type extracting memory leak fixed
* curl/multi.h was fixed for C++ compiles
* .netrc file scanning for names+passwored fixed
* curl-config --cflags works even when include dirs isn't /usr/include
* CURLINFO_PRIVATE can return NULL properly
Updated to curl-7.10.3 Patches by Adrian Portelli <adrianp@stindustries.net> (PR#20142) Changes : - Steve Oliphant pointed out that test case 105 did not work anymore and this was due to a missing fix for the password prompting. - Bryan Kemp pointed out that curl -u could not provide a blank password without prompting the user. It can now. -u username: makes the password empty, while -u username makes curl prompt the user for a password. - Kjetil Jacobsen found a remaining connect problem in the multi interface on ipv4 systems (Linux only?), that I fixed and Kjetil verified that it fixed his problems. - memanalyze.pl now reads a file name from the command line, and no longer takes the data on stdin as before. - Fixed tests/memanalyze.pl to work with file names that contain colons (as on Windows). - Kjetil Jacobsen quickly pointed out that lib/share.h was missing... * For more, see CHANGES.
Trivially update to curl 7.10.2. Changes since 7.10.1: - Dave Halbakken added curl_version_info to lib/libcurl.def to make libcurl properly build with MSVC on Windows. - Doing HTTP PUT without a specified file size now makes libcurl use Transfer-Encoding: chunked. - Bug report #634625 identified how curl returned timeout immediately when CURLOPT_CONNECTTIMEOUT was used and provided a fix. - Lehel Bernadt found out and fixed. libcurl sent error message to the debug output when it stored the error message. - Avery Fay found some problems with the DNS cache (when the cache time was set to 0 we got a memory leak, but when the leak was fixed he got a crash when he used the CURLOPT_INTERFACE with that) that had me do some real restructuring so that we now have a reference counter in the dns cache entries to prevent an entry to get flushed while still actually in use. I also detected that we previously didn't update the time stamp when we extracted an entry from the cache so that must've been a reason for some very weird dns cache bugs. - Downgraded automake to 1.6.3 in an attempt to fix cygwin problems. (It turned out this didn't help though.) - Disable the DNS cache (by setting the timeout to 0) made libcurl leak memory. Avery Fay brought the example code that proved this. - Upgraded to autoconf 2.54 and automake 1.7 on the release-build host. - Kevin Roth made the command line tool check for a CURL_CA_BUNDLE environment variable (if --cacert isn't used) and if not set, the Windows version will check for a file named "curl-ca-bundle.crt" in the current directory or the directory where curl is located. That file is then used as CA root cert bundle. - Avery Fay pointed out that curl's configure scrip didn't get right if you used autoconf newer than 2.52. This was due to some badly quoted code. - Emiliano Ida confirmed that we now build properly with the Borland C++ compiler too. We needed yet another fix for the ISO cpp check in the curl.h header file. - Yet another fix was needed to get the HTTP download without headers to work. This time it was needed if the first "believed header" was read all in the first read. Test 306 has not run properly since the 11th october fix. - Zvi Har'El pointed out a problem with curl's name resolving on Redhat 8 machines (running IPv6 disabled). Mats Lidell let me use an account on his machine and I could verify that gethostbyname_r() has been changed to return EAGAIN instead of ERANGE when the given buffer size is too small. This is glibc 2.2.93. - Albert Chin helped me get the -no-undefined option corrected in lib/Makefile.am since Cygwin builds want it there while Solaris builds don't want it present. Kevin Roth helped me try it out on cygwin. - Nikita Schmidt provided a bug fix for a FOLLOWLOCATION bug introduced when the ../ support got in (7.10.1). - Fabrizio Ammollo pointed out a remaining problem with FOLLOWLOCATION in the multi interface. - Richard Cooper's experimenting proved that -j (CURLOPT_COOKIESESSION) didn't work quite as supposed. You needed to set it *before* you use CURLOPT_COOKIEFILE, and we dont' want that kind of dependencies. - Andrés García provided corrections for erratas in four libcurl man pages. - Starting now, we generate and include PDF versions of all the docs in the release archives. - Trying to connect to a host on a bad port number caused the multi interface to never return failure and it appeared to keep on trying forever (it just didn't do anything). - Downloading HTTP without headers didn't work 100%, some of the initial data got written twice. Kevin Roth reported. - Kevin Roth found out the "config file" parser in the client code could segfault, like if DOS newlines were used.
Fix documentation installation. Buildlink with zlib. Bump PKGREVISION. XXX Should buildlink2.mk's BUILDLINK_DEPENDS.curl version be bumped to 7.10.1?
Updated to curl-7.10.1 Changes : - Jeff Lawson fixed a few problems with connection re-use that remained when you set CURLOPT_PROXY to "". - Craig Davison found a terrible flaw and Cris Bailiff helped out in the search. Getting HTTP data from servers when the headers are split up in multiple reads, could cause junk data to get inserted among the saved headers. This only concerns HTTP(S) headers. - Vincent Penquerc'h gave us the good suggestion that when the ERRRORBUFFER is set internally, the error text is sent to the debug function as well. - Fixed the telnet code to timeout properly as the option tells it to. On non-windows platforms. - John Crow pointed out that libcurl-the-guide wasn't included in the release tarball! - Kevin Roth pointed out that make install didn't do right if build outside the source tree (ca-bundle wise). - FOLLOW_LOCATION bugfix for the multi interface [trim], more see CHANGES.
Merge packages from the buildlink2 branch back into the main trunk that have been converted to USE_BUILDLINK2.
Merge from pkgsrc-current to buildlink2 branch.
Rename USE_BUILDLINK2_ONLY to USE_BUILDLINK2 for less verbosity. Also convert a few more packages to use the buildlink2 framework.
Updated to curl, from 7.9.6 to 7.9.7 Changes since 7.9.6 : - More -(option) support - Documentation updated - little bug fixed and preformance improved (please see CHANGES for more)
* Convert some more packages to use the buildlink2 framework. * Re-add EVAL_PREFIX lines that I shouldn't have removed from the buildlink2.mk files. * Add several more new buildlink2.mk files to facilitate converting more packages.
Updated to curl-7.9.6 - fmt on DESCR - Regen PLIST - Remove patch since it was applied Changes since curl-7.9.5 (Lots of change, here is the recently changes, see CHANGE for more) - Dirk Manske brought a fix that makes libcurl strip off white spaces from the beginning of cookie contents. - Had to patch include/curl/curl.h since MSVC doesn't set the __STDC__ define. Moonesamy pointed out the problem, Bjorn Reese the solution. - Fixed the TIMER_CONNECT to be more accurate for FTP transfers. Previously FTP transfers got the "connect done" time set after the initial FTP commands and not directly after the TCP/IP connect as it should. - Jean-Philippe Barrette-LaPierre provided his patch that introduces CURLOPT_DEBUGFUNCTION and CURLOPT_DEBUGDATA. They allow a program to a set a callback to receive debug/information data. That includes headers and data that is received and sent. CURLOPT_VERBOSE still controls it. By default, there is an internal debugfunction that will make things look and work as before if not changed. - Sebastien Willemijns found out that -x didn't use the default port number as is documented. It does now. - libcurl-errors.3 is a new man page attempting to document all libcurl error codes
Update to version 7.9.5nb1
LTCONFIG_OVERRIDE changed to LIBTOOL_OVERRIDE.
GNU make no longer needed.
Install some documentation in ${PREFIX}/share/doc/curl, and examples of
libcurl usage in ${PREFIX}/share/examples/curl.
XXX A buildlink.mk would be nice to have...
Bump PKGREVISION for the PLIST additions.
suppress debugging options.
re-enable IPv6.
upgrade to 7.9.5.
---
Version 7.9.5
Daniel (7 March 2002)
- Added docs/KNOWN_BUGS to the release archive.
Daniel (6 March 2002)
- Kevin Roth corrected a flaw in the curl client globbing code that made it
mess up backslashes. This was most notable on windows (cygwin) machines when
using file://.
- Brad provided another fix for building outside the source-tree.
- Ralph Mitchell patched away a few compiler warnings in tests/server/sws.c
Daniel (5 March 2002)
- I noticed that the typedef in curl.h for the progress callback prototype was
wrong and thus applications that used it would not get the proper input
data. It used size_t where the implementation actually uses doubles!
I wish I could blame someone else, but this was my fault. Again.
Version 7.9.5-pre6
Daniel (4 March 2002)
- Cut off the changes done during 2001 from this changelog file and put them
in a separate file (CHANGES.2001), available from CVS of course.
- I removed the multi directory. The example sources were moved to the
docs/examples directory where they belong.
- Wrote 7 new man pages for the current functions in the new multi interface.
They're all still pretty basic, but we can use them as a start and add more
contents to them when we figure out what to write. The large amount of man
pages for libcurl now present made me decide to put them in a new separate
subdirectory in the docs directory. Named libcurl.
- Giuseppe Corbelli provided a template file for the EPM package manager, it
gets generated nicely by the configure script now.
Version 7.9.5-pre5
Daniel (1 March 2002)
- Moved the memanalyze.pl script into the tests/ dir and added it to the
release archives. It was previously only present in the CVS tree.
- Modified the February 17th Host: fix, as bug report #523718 pointed out that
it caused crashes!
- Nico Baggus added more error codes to the VMS stuff.
- Wesley Laxton brought the code that introduced the new CURLOPT_PREQUOTE
option. It is just another FTP quote option that allows the user to specify
a list of FTP commands to issue *just before* the transfer command (RETR or
STOR etc). It has turned up a few systems that really need this.
The curl command line tool can also take advantage of this by prefixing the
quote commands with a plus (+) in similar style that post transfer quote
commands are specified.
This is not yet documented. There is no test case for this yet.
Daniel (28 February 2002)
- Ralph Mitchell made some serious efforts and put a lot of sweat in setting
up scripts and things for me to be able to repeat his problems, and I
finally could. I found a problem with the header byte counter that wasn't
increased properly and thus we could return CURLE_GOT_NOTHING when we in
fact had received data.
Daniel (27 February 2002)
- I had to revert the non-space parsing cookie fix I posted to the mailing
list. Expire dates do have spaces and still need to get parsed properly!
Instead we just ignore trailing white space and it seems to work...
Daniel (26 February 2002)
- Made the cookie property 'Max-Age' work, just since we already tried to
support it, it is better to do it right. No one uses this anyway.
- The cookie parser could crash if a really weird (illegal) cookie line was
received. I also made it better discard really oddly formatted lines better.
Made the cookie jar store the second field from the left using the syntax
that Netscape and Mozilla probably like. Curl itself ignores it.
Added test case 31 for these cases.
Clay Loveless' email regarding some cookie issues started my cleanup.
- Kevin Roth pointed out that my automake fiddles broke the ability to build
outside the source-tree and I posted a patch to the mailing list that brings
this ability back.
Version 7.9.5-pre4
Daniel (25 February 2002)
- Fiddled with the automake files to make all source files in the lib
directory not have ../src in the include path, and the src sources shouldn't
have ../lib!
- All 79 test cases ran OK under Linux and Solaris using the new HTTP server
in the test suite. The new HTTP server was first donated by Georg Horn and
subsequently modified to work with the test suite. It is currently still not
portable enough to run on "all over" but this is a start and I can run all
curl tests on my machines. This is an important requirement for the upcoming
public release.
- Using -d and -I on the same command line now reports an error, as it implies
two different HTTP requests that can't be mixed.
- Jeffrey Pohlmeyer provided a patch that made the -w/--write-out option
support %{content_type} to get the content type of the recent download.
- Kevin Roth reported that pre2 and pre3 didn't compile properly on cygwin,
and this was because I used #ifdef HAVE_WINSOCK_H in lib/multi.h to figure
out if we could include winsock.h which turns out not to be a wise choice to
do on cygwin since it has the file but can't include it!
Daniel (22 February 2002)
- Added src/config-vms.h to the release archive.
- Fixed the connection timeout value again, the change from February 18 wasn't
complete.
Version 7.9.5-pre3
Daniel (21 February 2002)
- Kevin Roth and Andrés García both found out that lib/config.h.in was missing
in the pre-release archive and thus the configure script failed.
Version 7.9.5-pre2
Daniel (20 February 2002)
- Andrés García provided a solution to bug report #515228. the total time
counter was not set correctly when -I was used during some conditions (all
headers were read in one single read).
- Nico Baggus provided a huge patch with minor tweaks all over to make curl
compile nicely on VMS.
Daniel (19 February 2002)
- Rick Richardson found out that by replacing PF_UNSPEC with PF_INET in the
getaddrinfo() calls, he could speed up some name resolving calls with an
order of magnitudes on his Redhat Linux 7.2.
- Philip Gladstone found a second INADDR_NONE problem where we used long
intead of in_addr_t which caused 64bit problemos. We really shouldn't define
that on two different places.
Daniel (18 February 2002)
- Philip Gladstone found a problem in how HTTP requests were sent if the
request couldn't be sent all at once.
- Emil found and corrected a bad connection timeout comparison that made curl
use the longest of connect-timeout and timout as a timeout value, instead of
the shortest as it was supposed to!
- Aron Roberts provided updated information about LDAP URL syntax to go into
the manual as a replacement for the old references.
Daniel (17 February 2002)
- Philip Gladstone pointed out two missing include files that made curl core
dump on 64bit architectures. We need to pay more attention on these details.
It is *lethal* to for example forget the malloc() prototype, as 'int' is
32bit and malloc() must return a 64bit pointer on these platforms.
- Giaslas Georgios fixed a problem with Host: headers on repeated requests on
the same handle using a proxy.
Daniel (8 February 2002)
- Hanno L. Kranzhoff accurately found out that disabling the Expect: header
when doing multipart formposts didn't work very well. It disabled other
parts of the request header too, resulting in a broken header. When I fixed
this, I also noticed that the Content-Type wasn't possible to disable. It is
now, even though it probably is really stupid to try to do this (because of
the boundary string that is included in the internally generated header,
used as form part separator.)
Daniel (7 February 2002)
- I moved the config*.h files from the root directory to the lib/ directory.
- I've added the new test suite HTTP server to the CVS repository, It seems to
work pretty good now, but we must make it get used by the test scripts
properly and then we need to make sure that it compiles, builds and runs on
most operating systems.
Version 7.9.5-pre1
Daniel (6 February 2002)
- Miklos Nemeth provided updated windows makefiles and INSTALL docs.
- Mr Larry Fahnoe found a problem with formposts and I managed to track down
and patch this bug. This was actually two bugs, as the posted size was also
said to be two bytes too large.
- Brent Beardsley found out and brought a correction for the
CURLINFO_CONTENT_TYPE parser that was off one byte. This was my fault, I
accidentaly broke Giaslas Georgios' patch.
Daniel (5 February 2002)
- Kevin Roth found yet another SSL download problem.
Version 7.9.4
- no changes since pre-release
Version 7.9.4-pre2
Daniel (3 February 2002)
- Eric Melville provided a few spelling corrections in the curl man page.
Daniel (1 February 2002)
- Andreas Damm corrected the unconditional use of gmtime() in getdate, it now
uses gmtime_r() on all hosts that have it.
Daniel (31 January 2002)
- An anonymous bug report identified a problem in the DNS caching which made it
sometimes allocate one byte too little to store the cache entry in. This
happened when the port number started with 1!
- Albert Chin provided a patch that improves the gethostbyname_r() configure
check on HP-UX 11.00.
Version 7.9.4-pre1
Daniel (30 January 2002)
- Georg Horn found another way the SSL reading failed due to the non-blocking
state of the sockets! I fixed.
Daniel (29 January 2002)
- Multipart formposts now send the full request properly, including the CRLF.
They were previously treated as part of the post data.
- The upload byte counter bugged.
- T. Bharath pointed out that we seed SSL on every connect, which is a time-
consuming operation that should only be needed to do once. We patched
libcurl to now only seed on the first connect when unseeded. The seeded
status is global so it'll now only happen once during a program's life time.
If the random_file or egdsocket is set, the seed will be re-made though.
- Giaslas Georgios introduced CURLINFO_CONTENT_TYPE that lets
curl_easy_getinfo() read the content-type from the previous request.
Daniel (28 January 2002)
- Kjetil Jacobsen found a way to crash curl and after much debugging, it
turned out it was a IPv4-linux only problem introduced in 7.9.3 related to
name resolving.
- Andreas Damm posted a huge patch that made the curl_getdate() function fully
reentrant!
- Steve Marx pointed out that you couldn't mix CURLOPT_CUSTOMREQUEST with
CURLOPT_POSTFIELDS. You can now!
Daniel (25 January 2002)
- Krishnendu Majumdar pointed out that the header length counter was not reset
between multiple requests on the same handle.
- Pedro Neves rightfully questioned why curl always append \r\n to the data
that is sent in HTTP POST requests. Unfortunately, this broke the test suite
as the test HTTP server is lame enough not to deal with this... :-O
- Following Location: headers when the connection didn't close didn't work as
libcurl didn't properly stop reading. This problem was added in 7.9.3 due to
the restructured internals. 'Frank' posted a bug report about this.
Daniel (24 January 2002)
- Kevin Roth very quickly spotted that we wrongly installed the example
programs that were built in the multi directory, when 'make install' was
used. :-/
Version 7.9.3
Daniel (23 January 2002)
- Andrés García found a persistancy problem when doing HTTP HEAD, that made
curl "hang" until the connection was closed by the server. This problem has
been introduced in 7.9.3 due to internal rewrites, this was not present in
7.9.2.
Version 7.9.3-pre4
Daniel (19 January 2002)
- Antonio filed bug report #505514 and provided a fix! When doing multipart
formposts, libcurl would include an error text in the actual post if a
specified file wasn't found. This is not libcurl's job. Instead we add an
empty part.
Daniel (18 January 2002)
- Played around with stricter compiler warnings for gcc (when ./configure
--enable-debug is used) and changed some minor things to stop the warnings.
- Commented out the 'long long' and 'long double' checks in configure.in, as
we don't currently use them anyway and the code in lib/mprintf.c that use
them causes warnings.
- Saul Good and jonatan pointed out Mac OS X build problems with pre3 and how
to correct them. Two compiler warnings were removed as well.
- Andrés García fixed two minor mingw32 building problems.
Version 7.9.3-pre3
Daniel (17 January 2002)
- docs/libcurl-the-guide is a new tutorial for our libcurl programming
friends.
- Richard Archer brought back the ability to compile and build with OpenSSL
versions before 0.9.5.
[http://sourceforge.net/tracker/?func=detail&atid=100976&aid=504163&group_id=976]
- The DNS cache code didn't take the port number into account, which made it
work rather bad on IPv6-enabled hosts (especially when doing passive
FTP). Sterling fixed it.
Daniel (16 January 2002)
- Georg Horn could make a transfer time-out without error text. I found it and
corrected it.
- SSL writes didn't work, they return an uninitialized value that caused
havoc all over. Georg Horn experienced this.
- Kevin Roth patched the curl_version() function to use the proper OpenSSL
function for version information. This way, curl will report the version of
the SSL library actually running right now, not the one that had its headers
installed when libcurl was built. Mainly intersting when running with shared
OpenSSL libraries.
Version 7.9.3-pre2
Daniel (16 January 2002)
- Mofied the main transfer loop and related stuff to deal with non-blocking
sockets in the upload section. While doing this, I've now separated the
connection oriented buffers to have one for downloads and one for uploads
(as two can happen simultaneously). I also shrunk the buffers to 20K
each. As we have a scratch buffer twice the size of the upload buffer, we
arrived at 80K for buffers compared with the previous 150K.
- Added the --cc option to curl-config command as it enables so very cool
one-liners. Have a go a this one, building the simple.c example:
$ `curl-config --cc --cflags --libs` -o example simple.c
Daniel (14 January 2002)
- I made all socket reads (recv) handle EWOULDBLOCK. I hope nicely. Now we
only need to address all writes (send) too and then I'm ready for another
pre-release...
- Stoned Elipot patched the in_addr_t configure test to make it work better on
more platforms.
Daniel (9 January 2002)
- Cris Bailiff found out that filling up curl's SSL session cache caused a
crash!
- Posted the curl questionnaire on the web site. If you haven't posted your
opinions there yet, go there and do it now while it is still there:
http://curl.haxx.se/q/
- Georg Horn quickly found out that the SSL reading no longer worked as
supposed since the switch to non-blocking sockets. I've made a quick patch
(for reading only) but we should improve it even further.
Version 7.9.3-pre1
Daniel (7 January 2002)
- I made the 'bool' typedef use an "unsigned char". It makes it the same on
all platforms, no matter what the platform thinks the default format for
char is. This was noticed since we made a silly comparison involving such a
bool variable, and only one compiler/platform combination (on Debian Linux)
complained about it (that happened to have its char unsigned by default).
- Bug report #495290 identified a cookie parsing problem that was corrected.
When a Set-Cookie: line is received without a trailing semicolon, libcurl
didn't read the last "name=value" pair of the line, leading to confusions...
- Sterling committed his updated DNS cache code.
- I worked with Georg Horn and comments from Götz Babin-Ebell and switched
curl's socket operations completely over to non-blocking for the entire
operation (previously we used non-blocking only for the connection phase).
We had to do this to make the SSL connection phase timeout properly without
the use of signals. A little extra code to deal with this was added.
- T. Bharath pointed out a slightly obscure cookie engine flaw.
- Pete Su pointed out that libcurl didn't treat HTTP code 204 as it should.
204-replies never provides a response-body. This resulted in bad persistant
behavior when 204 was received.
Daniel (5 January 2002)
- SM updated the VC++ library Makefiles for the new source files.
Daniel (4 January 2002)
- I discovered that we wrongly used inet_ntoa() (instead of inet_ntoa_r() in
two places in the source code). One happened with VERBOSE set on connects,
and the other when VERBOSE was on and krb4 over nat was used... I honestly
don't think anyone has suffered from these mistakes.
- I replaced a lot of silly occurances of printf() to instead use the more
appropriate Curl_infof() or Curl_failf(). The krb4 and telnet code were
affected.
- Philip Gladstone found a few more problems with 64-bit archs (the 64-bit
sparc on solaris 8).
- After discussions on the libcurl list with Raoul Cridlig, I just made FTP
response lines get passed to the header callback if such a one is
registered. It'll make it possible for any application to get all the
responses an FTP server sends to libcurl.
Daniel (3 January 2002)
- Sterling Hughes brought a few buckets of code. Now, libcurl will
automatically cache DNS lookups and re-use the previous results first if any
such is available. It greatly improves speed when doing many repeated
operations to the same host.
- As the test case uses --include and then --head, I had to modify src/main.c
to deal with this situation slightly better than previously. When done, we
have 100% good tests again in the main branch.
Daniel (2 January 2002)
- Made test case 25 run again in the multi-dev branch. But it seems that the
changes done on dec-20 made test case 104 cease to work (in both branches).
- Philip Gladstone pointed out a few portability problems in the source code
that didn't compile on 64-bit sparcs using Sun's native
curl is IPv6 ready.
Added a couple of official mirror sites as per PR 15102.
Update to version 7.9.2. PR 15102 by Shell Hung <shell@shellhung.org> Trivial patch on configure which fixes compilation on NetBSD/!i386 added. Fixed in 7.9.2 - compiles and builds on the good old Mac OS (in addition to Mac OS X) - bugfixed persistant connections over proxy with multiple protocols - --disable-epsv is a new option to the curl command line tool - bugfixed verbose ftp output on Tru64 unix - added CURLOPT_FTP_USE_EPSV - passive ftp download works with IPv6 - always return proper error code on failed connects - bugfixed FTP response reader - bugfixed verbose telnet - added CURLINFO_STARTTRANSFER_TIME - bugfixed conditional HTTP fetches based on time - multiple calls to curl_global_init() is now treated better - bugfixed multiple ftp requests - made -p/--proxytunnel work for plain HTTP as well - "current speed" progress meter bugfix - improved the name resolver configure check - libcurl now restores signal handlers and timeouts properly - improved SSL over HTTP-proxy when using weird proxies(!) - added the -1/--TLSv1 option - bugfixed LDAP transfers
Touch curl-config after configure is run to prevent regeneration.
Upgrade to version 7.9.1 Fixed in 7.9.1 much better connection re-use validity check bugfixed connection re-use for FTP urls containing name and password LDAP transfers no longer "hang" a memory leak in the cookie engine was removed CURLE_GOT_NOTHING is a new possible error code curl_easy_duphandle() now duplicates cookie parser status too --fail now only returns error if HTTP code is >= 400 a possible memory leak when a transfer failed was removed builds better in cygwin "current speed" meter more accurate -c without -b saves the cookies now -0/--http1.0 can now be used to set HTTP 1.0 operations bugfixed libcurl for "thread-hopping" on Windows removed memory leak in IPv6-enabled libcurl 'curl' no longer uses curl_formparse() non-blocking connects bugfixed curl_formadd() bugfixed CURLINFO_FILETIME bugfixed cookiejar
bsd.buildlink.mk will automatically handle the REPLACE_BUILDLINK stuff, so we can remove REPLACE_BUILDLINK settings containing *-config, *Conf.sh, and *.pc.
Upgrade to version 7.9 Fixed in 7.9 now properly returns an error code when connection to an SSL server with a non-legitimate certificate. displays certificate expire date with SSL and verbose output -R sets the timestamp of a downloaded file to the same as the remote file -c writes all cookies to a specified file (based on the new libcurl option CURLOPT_COOKIEJAR) SSL session ID caching is being done for multiple requests to the same hosts CURLOPT_COOKIEFILE can now be specified any number of times fixed portability issue in the SSL code -G improvements, now works with -I and on URLs including question mark. various windows compile, build and makefile fixes multiple curl_easy_perform() invokes when a previous invoke followed a Location: could lead to a crash curl_formadd() is a new function to replace the now deprecated curl_formparse() one, for building rfc1867 form posts. rfc1867-posts are now done including the Expect: 100-continue header. release archive now includes all docs as HTML pages too flushes the progress meter stream to improve look on windows fixed the configure script --with-ssl problem
upgrade to 7.8.1, per PR 14022. Summarized list of changes can be grabbed from http://curl.haxx.se/changes.html
Update www/curl to version 7.8. PR 13704 by Stoned Elipot.
Fixed 7.8
'curl-config --vernum' shows version number as a hexadecimal number
libcurl's got two new functions (for global init/cleanup)
SSL memory leak fixed
new file format for the tests in the test suite
netscape/mozilla cookie file parser bugfix
everything is now built with autoconf 2.50, libtool 1.4
and automake 1.4-p1
libcurl's own version of 'strlcat' no longer pollutes the name space
libcurl now treats an already completed resumed download as a
successful operation, and not as an error like before
https and ftps test cases added to the test suite (depend on stunnel)
better white space awareness when parsing HTTP headers
curl -I now plays ball even if the ftp server doesn't grok SIZE
corrected resumed transfers on re-used persistent connections
FTP PORT works again when libcurl is IPv6-enabled
corrected path usage when doing multiple FTP transfers
several Location: header related bugs corrected
Convert to use buildlink.mk files and mark as USE_BUILDLINK_ONLY.
upgrade to 7.7.1.
Version 7.7.1
Daniel (3 April 2001)
- Puneet Pawaia pointed out two serious problems. Libcurl would attempt to
read bad memory during situations when an (ftp) connection attempt failed.
Also, the lib/Makefile.vc6 was corrected.
- More investigations in the Location: following code made me realize that
it was not clean enough to work transparantly with persistant and non-
persistant connections. I think I've fixed it now.
Daniel (29 March 2001)
- Georg Horn mailed me some corrections for the Curl::easy perl interface.
- Experimental ftps:// support added. It is basically FTP over SSL for the
control connection. It still makes all data transfers going over unencrypted
connections. Rainer Weikusat's ftpd-ssl server hack supports this and I used
that to verify the functionality.
Daniel (27 March 2001)
- Guenole Bescon discovered that if you set a CURLOPT_TIMEOUT and then tried
to get a file from a site and it fails, the SIGALRM would still be sent
after the timeout-time, quite inexpectedly!
- I added an ftp transfer example to docs/examples/ and I also wrote a tiny
example makefile that can be used as a start when building one of the
examples.
Version 7.7.1-beta1
Daniel (26 March 2001)
- Mohamed Lrhazi reported problems with 7.6.1 and persistant HTTP/1.0
connections (when the server replied a Connection: Keep-Alive) and this
problem was not properly dealt with in 7.7 either. A patch was posted to the
curl-and-php mailing list.
Daniel (24 March 2001)
- Colin Watson reported about a problem and brought a patch that corrected it,
which was about the man page and lines starting with a single quote (') in a
way that gnroff doesn't like.
Daniel (23 March 2001)
- Peter Bray reported correctly that the root makefile used make instead of
$(MAKE) for the test target.
- Corrected the Curl::easy perl interface to use curl_easy_setopt() and not
curl_setopt() which was removed in 7.7!
- SM provided updates on three documents (MANUAL, INSTALL and FAQ).
- When following a Location:, libcurl would sometimes write to the URL string
in a way it shouldn't. As the pointer is passed-in to libcurl from an
application, we can't be allowed to write to it. The particular bug report
from 'nk' that brought this up was because he had a read-only URL that then
caused a libcurl crash!
- No longer reads HEAD responses longer than to the last header. Previously,
curl would read the full reply if the connection was a "close" one.
- libcurl did re-use connections way too much. Doing "curl
http://www.{microsoft,ibm}.com" would make it re-use the connection which
made the second request return very odd results.
Daniel (22 March 2001)
- Edin Kadribasic made me aware that curl should not re-send POST requests
when following 302-redirects. I made 302 work like 303 which means curl uses
GET in the following request(s).
- libcurl now reset the "followed-location" counter on each invoke of
curl_easy_perform() as it otherwise would sum up all redirects on the same
connection and thus could reach the maxredirs counter wrongly.
- Jim Drash suggested curl_escape() should not re-encode what already looks
like an encoded sequence and I think that's a fair suggestion.
Version 7.7
Daniel (22 March 2001)
- The configure script now fails with an error message if gethostbyname_r() is
detected but it couldn't figure out how to invoke it (what amount of
arguments it is supposed to get). Reports from Andrés García made me aware
of this need.
- Talking with Jim Drash made me finally put the curl_escape and curl_unescape
functions in the curl.h include file and write man pages for them. The
escape function was modified to use the same interface as the unescape one
had.
- No bug reports at all on the latest betas. Release time coming up.
Version 7.7-beta5
Daniel (19 March 2001)
- Georg Ottinger reported problems with using -C together with -L in the sense
that the -C info got lost when it was redirected. I could not repeat this
problem on the 7.7 branch why I leave this for the moment. Test case 39 was
added to do exactly this, and it seems to do right.
- Christian Robottom Reis reported how his 7.7 beta didn't successfully do
form posts as elegantly as 7.6.1 did. Indeed, this was a flaw in the header
engine, as HTTP 1.1 has introduced a new 100 "transient" return code for PUT
and POST operations that I need to add support for. Section 8.2.3 in RFC2616
has all the details. Seems to work now!
Daniel (16 March 2001)
- After having experienced another machine break-down, we're back.
- Georg Horn's perl interface Curl::easy is now included in the curl release
archive. The perl/ directory is now present. Please help me with docs,
examples and updates you think fit.
- Made a new php/ directory in the release archive and moved the PHP examples
into a subdirectory in there. Not much PHP info yet, but I plan to. Please
help me here as well!
- Made libcurl return error if a transfer is aborted in the middle of a
"chunk". It actually enables libcurl to discover premature transfer aborts
even if the Content-Length: size is unknown.
Daniel (15 March 2001)
- Added --connect-timeout to curl, which sets the new CURLOPT_CONNECTTIMEOUT
option in libcurl. It limits the time curl is allowed to spend in the
connection phase. This differs from -m/--max-time that limits the entire
file transfer operation. Requested by Larry Fahnoe and others.
I also updated the curl.1 and curl_easy_setopt.3 man pages and removed the
item from the TODO.
Version 7.7-beta4
Daniel (14 March 2001)
- Made curl grok IPv6 with HTTP proxies and got everything to compile nicely
again when ENABLE_IPV6 is set.
I need to remake things in the test suite. I can't test the FTP parts with
curl built for IPv6 as it uses a different set of FTP commands then!
- I fell onto a bug report on php.net (posted by Lars Torben Wilson) that was
a report meant for our project. Anyway, it said the .netrc parsing didn't
work as supposed, and as I agreed with Lars, I made the netrc parser use
getpwuid() to figure out the home directory of the effective user and try
that netrc. It still uses the environment variable HOME for those that don't
have that function or if the user doesn't return valid pwd info.
- Edin Kadribaic posted a bug report where he got a crash when a fetch with
user+password in the URL followed a Location: to a second URL (absolute,
without name+password). This bug has been around for a long while and
crashes due to a read at address zero. Fixed now. Wrote test case 38, that
tests this.
- Modified the test suite's httpserver slightly to append all client request
data to its log file so that the test script now better can verify a range
of requests and not only the last one, as it did previously.
- Updated the curl man page with --random-file and --egd-file details.
Version 7.7-beta3
Daniel (14 March 2001)
- Björn Stenberg provided similar fixes as Jörn did and some additional patches
for non-SSL compiles.
- I increased the interface number for libcurl as I've removed the low level
functions from the interface. I also took this opportunity to rename the
Curl_strequal function to curl_strequal and Curl_strnequal to
curl_strnequal, as they're public libcurl functions (even if they're still
undocumented).
This will make older programs not capable of using the new libcurl with
just a drop-in replacement.
- Jörn Hartroth updated stuff for win32 compiles:
o config-win32.h was fixed for socklen_t
o lib/ssluse.c had a bad #endif placement
o lib/file.c was made to compile on win32 again
o lib/Makefile.m32 was updated with the new files
o lib/libcurl.def matches the current interface state
Daniel (13 March 2001)
- It only took an hour or so before Jörn Hartroth found a problem in the
chunked transfer-encoding. Given his fine example-site, I could easily spot
the problem and when I re-read the spec (the part I have pasted in the top
of the http_chunks.h file), I realized I had made my state-machine slightly
wrong and didn't expect/handle the trailing CRLF that comes after the data
in each chunk (and those extra two bytes sure feel wasted).
Had to modify test case 34 to match this as well.
Version 7.7-beta2
Daniel (13 March 2001)
- Added the policy stuff to the curl_easy_setopt man page for the two supported
policies.
- Implemented some support for the CURLOPT_CLOSEPOLICY option. The policies
CURLCLOSEPOLICY_LEAST_RECENTLY_USED and CURLCLOSEPOLICY_OLDEST are now
supported, and the "least recently used" is used as default if no policy
is chosen.
Daniel (12 March 2001)
- Added CURLOPT_RANDOM_FILE and CURLOPT_EGDSOCKET to libcurl for seeding the
SSL random engine. The random seeding support was also brought to the curl
client with the new options --random-file <file> and --egd-file <file>. I
need some people to really test this to know they work as supposed. Remember
that libcurl now informs (if verbose is on) if the random seed is considered
weak (HTTPS connections).
- Made the chunked transfer-encoding engine detected bad formatted data length
and return error if so (we can't possibly extract sensible data if this is
the case). Added a test case that detects this. Number 36. Now there are 60
test cases.
- Added 5 new libcurl options to curl/curl.h that can be used to control the
persistant connection support in libcurl. They're also documented (fairly
thoroughly) in the curl_easy_setopt.3 man page. Three of them are now
implemented, although not really tested at this point... Anyway, the new
implemented options are named CURLOPT_MAXCONNECTS, CURLOPT_FRESH_CONNECT,
CURLOPT_FORBID_REUSE. The ones still left to write code for are:
CURLOPT_CLOSEPOLICY and its related option CURLOPT_CLOSEFUNCTION.
- Made curl (the actual command line tool) use the new libcurl 7.7 persistant
connection support by re-using the same curl handle for every specified file
transfer and after some more test case tweaking we have 100% test case OK.
I made some test cases return HTTP/1.0 now to make sure that works as well.
- Had to add 'Connection: close' to the headers of a bunch of test cases so
that curl behaves "old-style" since the test http server doesn't do multiple
connections... Now I get 100% test case OK.
- The curl.haxx.se site, the main curl mailing list and my personal email are
all dead today due to power blackout in the area where the main servers are
located. Horrible.
- I've made persistance work over a squid HTTP proxy. I find it disturbing
that it uses headers that aren't present in any HTTP standard though
(Proxy-Connection:) and that makes me feel that I'm now on the edge of what
the standard actually defines. I need to get this code excercised on a lot
of different HTTP proxies before I feel safe.
Now I'm facing the problem with my test suite servers (both FTP and HTTP)
not supporting persistant connections and libcurl is doing them now. I have
to fix the test servers to get all the test cases do OK.
Daniel (8 March 2001)
- Guenole Bescon reported that libcurl did output errors to stderr even if
MUTE and NOPROGRESS was set. It turned out to be a bug and happens if
there's an error and no ERRORBUFFER is set. This is now corrected.
Version 7.7-beta1
Daniel (8 March 2001)
- "Transfer-Encoding: chunked" is no longer any trouble for libcurl. I've
added two source files and I've run some test downloads that look fine.
- HTTP HEAD works too, even on 1.1 servers.
Daniel (5 March 2001)
- The current 57 test cases now pass OK. It would suggest that libcurl works
using the old-style with one connection per handle. The test suite doesn't
handle multiple connections yet so there are no test cases for this.
- I patched the telnet.c heavily to not use any global variables anymore. It
should make it a lot nicer library-wise.
- The file:// support was modified slightly to use the internal connect-first-
then-do approach.
Daniel (4 March 2001)
- More bugs erased.
Version 7.7-alpha2
Daniel (4 March 2001)
- Now, there's even a basic check that a re-used connection is still alive
before it is assumed so. A few first tests have proven that libcurl will
then re-connect instead of re-use the dead connection!
Daniel (2 March 2001)
- Now they work intermixed as well. Major coolness!
- More fiddling around, my 'tiny' client I have for testing purposes now has
proved to download both FTP and HTTP with persistant connections. They do
not work intermixed yet though.
Daniel (1 March 2001)
- Wilfredo Sanchez pointed out a minor spelling mistake in a man page and that
curl_slist_append() should take a const char * as second argument. It does
now.
Daniel (22 February 2001)
- The persistant connections start to look good for HTTP. On a subsequent
request, it seems that libcurl now can pick an already existing connection
if a suitable one exists, or it opens a new one.
- Douglas R. Horner mailed me corrections to the curl_formparse() man page
that I applied.
Daniel (20 February 2001)
- Added the docs/examples/win32sockets.c file for our windows friends.
- Linus Nielsen Feltzing provided brand new TELNET functionality and
improvements:
* Negotiation is now passive. Curl does not negotiate until the peer does.
* Possibility to set negotiation options on the command line, currently only
XDISPLOC, TTYPE and NEW_ENVIRON (called NEW_ENV).
* Now sends the USER environment variable if the -u switch is used.
* Use -t to set telnet options (Linus even updated the man page, awesome!)
- Haven't done this big changes to curl for a while. Moved around a lot of
struct fields and stuff to make multiple connections get connection specific
data in separate structs so that they can co-exist in a nice way. See the
mailing lists for discussions around how this is gonna be implemented. Docs
and more will follow.
Studied the HTTP RFC to find out better how persistant connections should
work. Seems cool enough.
Daniel (19 February 2001)
- Bob Schader brought me two files that help set up a MS VC++ libcurl project
easier. He also provided me with an up-to-date libcurl.def file.
- I moved a bunch of prototypes from the public <curl/curl.h> file to the
library private urldata.h. This is because of the upcoming changes. The
low level interface is no longer being planned to become reality.
Daniel (15 February 2001)
- CURLOPT_POST is not required anymore. Just setting the POST string with
CURLOPT_POSTFIELDS will switch on the HTTP POST. Most other things in
libcurl already works this way, i.e they require only the parameter to
switch on a feature so I think this works well with the rest. Setting a NULL
string switches off the POST again.
- Excellent suggestions from Rich Gray, Rick Jones, Johan Nilsson and Bjorn
Reese helped me define a way how to incorporate persistant connections into
libcurl in a very smooth way. If done right, no change may have to be made
to older programs and they will just start using persistant connections when
applicable!
Daniel (13 February 2001)
- Changed the word 'timeouted' to 'timed out' in two different error messages.
Suggested by Larry Fahnoe.
Version 7.6.1
Daniel (9 February 2001)
- Frank Reid and Cain Hopwood provided information and research around a HTTPS
PUT/upload problem we seem to have. No solution found yet.
Daniel (8 February 2001)
- An interesting discussion is how to specify an empty password without having
curl ask for it interactively? The current implmentation takes an empty
password as a request for a password prompt. However, I still want to
support a blank user field. Thus, today if you enter "-u :" (without user
and password) curl will prompt for the password. Tricky. How would you
specify you want the prompt otherwise?
- Made the netrc parse result possible to use for other protocols than FTP and
HTTP (such as the upcoming TELNET fixes).
- The previously mentioned "MSVC++ problems" turned out to be a non-issue.
- Added a HTTP file upload code example in the docs/examples/ section on
request.
- Adjusted the FTP response fix slightly.
Version 7.6.1-pre3
Daniel (7 February 2001)
- SM found a flaw in the response reading function for FTP that could make
libcurl not get out of the loop properly when it should, if libcurl got -1
returned when reading the socket.
- I found a similar mistake in http.c when using a proxy and reading the
results from the proxy connection.
Daniel (6 February 2001)
- A friendly person named "SM" (nntp at iname.com) pointed out that the VC
makefile in src/ needed the libpath set for the debug build to work.
- Daniel Gehriger stepped in to assist with the VC++ stuff Robert Weaver
brought up yesterday.
Daniel (5 February 2001)
- Jun-ichiro itojun Hagino brought a big patch that brings IPv6-awareness to
a bunch of different areas within libcurl.
- Robert Weaver told me about the problems the MS VC++ 6.0 compiler has with
the 'static' keyword on a number of libcurl functions. I might need to add a
patch that redefines static when libcurl is compiled with that compiler.
How do I know when VC++ compiles, anyone?
Daniel (4 February 2001)
- curl_getinfo() was extended with two new options:
CURLINFO_CONTENT_LENGTH_DOWNLOAD and CURLINFO_CONTENT_LENGTH_UPLOAD. They
return the full assumed content length of the transfer in the given
direction. The CURLINFO_CONTENT_LENGTH_DOWNLOAD will be the Content-Length:
size of a HTTP download. Added descriptions to the man page as well. This
was done after discussions with Bob Schader.
Daniel (3 February 2001)
- Ingo Ralf Blum provided another fix that makes curl build under the more
recent cygwin installations. It seems they've changed the preset defines to
not include WIN32 anymore.
Version 7.6.1-pre2
Daniel (31 January 2001)
- Curl_read() and curl_read() now return a ssize_t for the size, as it had to
be able to return -1. The telnet support crashed due to this and there was a
possibility to weird behaviour all over. Linus Nielsen Feltzing helped me
find this.
- Added a configure.in check for a working getaddrinfo() if IPv6 is requested.
I also made the configure script feature --enable-debug which sets a couple
of compiler options when used. It assumes gcc.
Daniel (30 January 2001)
- I finally took a stab at the long-term FIXME item I've had on myself, and
now libcurl will properly work when doing a HTTP range-request that follows
a Location:. Previously that would make libcurl fail saying that the server
doesn't seem to support range requests.
Daniel (29 January 2001)
- I added a test case for the HTTP PUT resume thing (test case 33).
Version 7.6.1-pre1
Daniel (29 January 2001)
- Yet another Content-Range change. Ok now? Bob Schader checks from his end
and it works for him.
Daniel (27 January 2001)
- So the HTTP PUT resume fix wasn't good. There should appearantly be a
Content-Range header when resuming a PUT.
- I noticed I broke the download-check that verifies that a resumed HTTP
download is actually resumed. It got broke because my new 'httpreq' field
in the main curl struct. I should get slapped. I added a test case for
this now, so I won't be able to ruin this again without noticing.
- Added a test case for content-length verifying when downloading HTTP.
- Made the progress meter title say if the transfer is being transfered. It
makes the output slightly better for resumes.
- When dealing with Location: and HTTP return codes, libcurl will not attempt
to follow the spirit of RFC2616 better. It means that when POSTing to a
URL that is being following to a second place, the standard will judge on
what to do. All HTTP codes except 303 and 305 will cause curl to make a
second POST operation. 303 will make a GET and 305 is not yet supported.
I also wrote two test cases for this POST/GET/Location stuff.
Update to new COMMENT style: COMMENT var in Makefile instead of pkg/COMMENT.
curl 7.6, fetch data from an URL (similar to wget)
Initial revision