The NetBSD Project

CVS log for pkgsrc/www/curl/distinfo

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / www / curl

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN
Current tag: pkgsrc-2018Q2


Revision 1.143.2.2: download - view: text, markup, annotated - select for diffs
Mon Sep 10 19:44:31 2018 UTC (6 years, 3 months ago) by spz
Branches: pkgsrc-2018Q2
Diff to: previous 1.143.2.1: preferred, colored; branchpoint 1.143: preferred, colored; next MAIN 1.144: preferred, colored
Changes since revision 1.143.2.1: +5 -5 lines
Pullup ticket #5825 - requested by wiz
www/curl: security update

Revisions pulled up:
- www/curl/Makefile                                             1.201
- www/curl/distinfo                                             1.146
- www/curl/patches/patch-src_tool__cb__hdr.c                    deleted

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Wed Sep  5 06:49:26 UTC 2018

   Modified Files:
   	pkgsrc/www/curl: Makefile distinfo
   Removed Files:
   	pkgsrc/www/curl/patches: patch-src_tool__cb__hdr.c

   Log Message:
   curl: update to 7.61.1.

   This release includes the following bugfixes:

    o security advisory (CVE-2018-14618): NTLM password overflow via integer overflow [73]
    o CURLINFO_SIZE_UPLOAD: fix missing counter update [46]
    o CURLOPT_ACCEPT_ENCODING.3: list them comma-separated
    o CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse [72]
    o Curl_getoff_all_pipelines: improved for multiplexed [3]
    o DEPRECATE: remove release date from 7.62.0
    o HTTP: Don't attempt to needlessly decompress redirect body [30]
    o INTERNALS: require GnuTLS >= 2.11.3 [62]
    o README.md: add LGTM.com code quality grade for C/C++ [42]
    o SSLCERTS: improve the openssl command line
    o Silence GCC 8 cast-function-type warnings [47]
    o ares: check for NULL in completed-callback [3]
    o asyn-thread: Remove unused macro [40]
    o auth: only pick CURLAUTH_BEARER if we *have* a Bearer token [15]
    o auth: pick Bearer authentication whenever a token is available [15]
    o cmake: CMake config files are defining CURL_STATICLIB for static builds [54]
    o cmake: Respect BUILD_SHARED_LIBS [35]
    o cmake: Update scripts to use consistent style [9]
    o cmake: bumped minimum version to 3.4 [34]
    o cmake: link curl to the OpenSSL targets instead of lib absolute paths [34]
    o configure: conditionally enable pedantic-errors [64]
    o configure: fix for -lpthread detection with OpenSSL and pkg-config [38]
    o conn: remove the boolean 'inuse' field [3]
    o content_encoding: accept up to 4 unknown trailer bytes after raw deflate data [5]
    o cookie tests: treat files as text
    o cookies: support creation-time attribute for cookies [75]
    o curl: Fix segfault when -H @headerfile is empty [23]
    o curl: add http code 408 to transient list for --retry [78]
    o curl: fix time-of-check, time-of-use race in dir creation [71]
    o curl: use Content-Disposition before the "URL end" for -OJ [29]
    o curl: warn the user if a given file name looks like an option [56]
    o curl_threads: silence bad-function-cast warning [69]
    o darwinssl: add support for ALPN negotiation [7]
    o docs/CURLOPT_URL: fix indentation [20]
    o docs/CURLOPT_WRITEFUNCTION: size is always 1 [19]
    o docs/SECURITY-PROCESS: mention bounty, drop pre-notify
    o docs/examples: add hiperfifo example using linux epoll/timerfd [21]
    o docs: add disallow-username-in-url.d and haproxy-protocol.d to dist [50]
    o docs: clarify NO_PROXY env variable functionality [70]
    o docs: improved the manual pages of some callbacks [48]
    o docs: mention NULL is fine input to several functions [43]
    o formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT [40]
    o gopher: Do not translate `?' to `%09' [67]
    o header output: switch off all styles, not just unbold [8]
    o hostip: fix unused variable warning
    o http2: Use correct format identifier for stream_id [77]
    o http2: abort the send_callback if not setup yet [63]
    o http2: avoid set_stream_user_data() before stream is assigned [61]
    o http2: check nghttp2_session_set_stream_user_data return code [55]
    o http2: clear the drain counter in Curl_http2_done [27]
    o http2: make sure to send after RST_STREAM [58]
    o http2: separate easy handle from connections better [12]
    o http: fix for tiny "HTTP/0.9" response [51]
    o http_proxy: Remove unused macro SELECT_TIMEOUT [40]
    o lib/Makefile: only do symbol hiding if told to [32]
    o lib1502: fix memory leak in torture test [44]
    o lib1522: fix curl_easy_setopt argument type
    o libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation [66]
    o mime: check Curl_rand_hex's return code [22]
    o multi: always do the COMPLETED procedure/state [3]
    o openssl: assume engine support in 1.0.0 or later [2]
    o openssl: fix debug messages [39]
    o projects: Improve Windows perl detection in batch scripts [49]
    o retry: return error if rewind was necessary but didn't happen [28]
    o reuse_conn(): memory leak - free old_conn->options [17]
    o schannel: client certificate store opening fix [68]
    o schannel: enable CALG_TLS1PRF for w32api >= 5.1
    o schannel: fix MinGW compile break [1]
    o sftp: don't send post-qoute sequence when retrying a connection [79]
    o smb: fix memory leak on early failure [26]
    o smb: fix memory-leak in URL parse error path [4]
    o smb_getsock: always wait for write socket too [11]
    o ssh-libssh: fix infinite connect loop on invalid private key [53]
    o ssh-libssh: reduce excessive verbose output about pubkey auth [53]
    o ssh-libssh: use FALLTHROUGH to silence gcc8 [76]
    o ssl: set engine implicitly when a PKCS#11 URI is provided [36]
    o sws: handle EINTR when calling select() [24]
    o system_win32: fix version checking [16]
    o telnet: Remove unused macros TELOPTS and TELCMDS [40]
    o test1143: disable MSYS2's POSIX path conversion [10]
    o test1148: disable if decimal separator is not point [65]
    o test1307: (fnmatch testing) disabled [31]
    o test1422: add required file feature [6]
    o test1531: Add timeout [41]
    o test1540: Remove unused macro TEST_HANG_TIMEOUT [40]
    o test214: disable MSYS2's POSIX path conversion for URL
    o test320: treat curl320.out file as binary [14]
    o tests/http_pipe.py: Use /usr/bin/env to find python
    o tests: Don't use Windows path %PWD for SSH tests [74]
    o tests: fixes for Windows line endlings [13]
    o tool_operate: Fix setting proxy TLS 1.3 ciphers
    o travis: build darwinssl on macos 10.12 to fix linker errors [33]
    o travis: execute "set -eo pipefail" for coverage build [45]
    o travis: run a 'make checksrc' too [25]
    o travis: update to GCC-8 [52]
    o travis: verify that man pages can be regenerated [50]
    o upload: allocate upload buffer on-demand [60]
    o upload: change default UPLOAD_BUFSIZE to 64KB [60]
    o urldata: remove unused pipe_broke struct field [57]
    o vtls: reinstantiate engine on duplicated handles [59]
    o windows: implement send buffer tuning [37]
    o wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random [18]


   To generate a diff of this commit:
   cvs rdiff -u -r1.200 -r1.201 pkgsrc/www/curl/Makefile
   cvs rdiff -u -r1.145 -r1.146 pkgsrc/www/curl/distinfo
   cvs rdiff -u -r1.1 -r0 pkgsrc/www/curl/patches/patch-src_tool__cb__hdr.c

Revision 1.143.2.1: download - view: text, markup, annotated - select for diffs
Sat Jul 14 16:53:15 2018 UTC (6 years, 5 months ago) by spz
Branches: pkgsrc-2018Q2
Diff to: previous 1.143: preferred, colored
Changes since revision 1.143: +5 -5 lines
Pullup ticket #5784 - requested by bsiegert
www/curl: security update

Revisions pulled up:
- www/curl/Makefile                                             1.197
- www/curl/PLIST                                                1.70
- www/curl/distinfo                                             1.144

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   adam
   Date:           Wed Jul 11 18:13:26 UTC 2018

   Modified Files:
           pkgsrc/www/curl: Makefile PLIST distinfo

   Log Message:
   curl: updated to 7.61.0

   Curl and libcurl 7.61.0

   This release includes the following changes:
   * getinfo: add microsecond precise timers for seven intervals
   * curl: show headers in bold, switch off with --no-styled-output
   * httpauth: add support for Bearer tokens
   * Add CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS
   * curl: --tls13-ciphers and --proxy-tls13-ciphers
   * Add CURLOPT_DISALLOW_USERNAME_IN_URL
   * curl: --disallow-username-in-url

   This release includes the following bugfixes:
   * CVE-2018-0500: smtp: fix SMTP send buffer overflow
   * schannel: disable client cert option if APIs not available
   * schannel: disable manual verify if APIs not available
   * tests/libtest/Makefile: Do not unconditionally add gcc-specific flags
   * openssl: acknowledge --tls-max for default version too
   * stub_gssapi: fix 'unused parameter' warnings
   * examples/progressfunc: make it build on both new and old libcurls
   * docs: mention it is HA Proxy protocol "version 1"
   * curl_fnmatch: only allow two asterisks for matching
   * docs: clarify CURLOPT_HTTPGET
   * configure: replace a AC_TRY_RUN with CURL_RUN_IFELSE
   * configure: do compile-time SIZEOF checks instead of run-time
   * checksrc: make sure sizeof() is used *with* parentheses
   * CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit
   * schannel: make CAinfo parsing resilient to CR/LF
   * tftp: make sure error is zero terminated before printfing it
   * http resume: skip body if http code 416 (range error) is ignored
   * configure: add basic test of --with-ssl prefix
   * cmake: set -d postfix for debug builds
   * multi: provide a socket to wait for in Curl_protocol_getsock
   * content_encoding: handle zlib versions too old for Z_BLOCK
   * winbuild: only delete OUTFILE if it exists
   * winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST
   * schannel: add failf calls for client certificate failures
   * cmake: Fix the test for fsetxattr and strerror_r
   * curl.1: Fix cmdline-opts reference errors
   * cmdline-opts/gen.pl: warn if mutexes: or see-also: list non-existing options
   * cmake: check for getpwuid_r
   * configure: fix ssh2 linking when built with a static mbedtls
   * psl: use latest psl and refresh it periodically
   * fnmatch: insist on escaped bracket to match
   * KNOWN_BUGS: restore text regarding 2101
   * INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib
   * configure: override AR_FLAGS to silence warning
   * os400: implement mime api EBCDIC wrappers
   * curl.rc: embed manifest for correct Windows version detection
   * strictness: correct {infof, failf} format specifiers
   * tests: update .gitignore for libtests
   * configure: check for declaration of getpwuid_r
   * fnmatch: use the system one if available
   * CURLOPT_RESOLVE: always purge old entry first
   * multi: remove a potentially bad DEBUGF()
   * curl_addrinfo: use same #ifdef conditions in source as header
   * build: remove the Borland specific makefiles
   * axTLS: not considered fit for use
   * cmdline-opts/cert-type.d: mention "p12" as a recognized type
   * system.h: add support for IBM xlc C compiler
   * tests/libtest: Add lib1521 to nodist_SOURCES
   * mk-ca-bundle.pl: leave certificate name untouched
   * boringssl + schannel: undef X509_NAME in lib/schannel.h
   * openssl: assume engine support in 1.0.1 or later
   * cppcheck: fix warnings
   * test 46: make test pass after year 2025
   * schannel: support selecting ciphers
   * Curl_debug: remove dead printhost code
   * test 1455: unflakified
   * Curl_init_do: handle NULL connection pointer passed in
   * progress: remove a set of unused defines
   * mk-ca-bundle.pl: make -u delete certdata.txt if found not changed
   * GOVERNANCE.md: explains how this project is run
   * configure: use pkg-config for c-ares detection
   * configure: enhance ability to build with static openssl
   * maketgz: fix sed issues on OSX
   * multi: fix memory leak when stopped during name resolve
   * CURLOPT_INTERFACE.3: interface names not supported on Windows
   * url: fix dangling conn->data pointer
   * cmake: allow multiple SSL backends
   * system.h: fix for gcc on 32 bit OpenServer
   * ConnectionExists: make sure conn->data is set when "taking" a connection
   * multi: fix crash due to dangling entry in connect-pending list
   * CURLOPT_SSL_VERIFYPEER.3: Add performance note
   * netrc: use a larger buffer to support longer passwords
   * url: check Curl_conncache_add_conn return code
   * configure: Add dependent libraries after crypto
   * easy_perform: faster local name resolves by using *multi_timeout()
   * getnameinfo: not used, removed all configure checks
   * travis: add a build using the synchronous name resolver
   * CURLINFO_TLS_SSL_PTR.3: improve the example
   * openssl: allow TLS 1.3 by default
   * openssl: make the requested TLS version the *minimum* wanted
   * openssl: Remove some dead code
   * telnet: fix clang warnings
   * DEPRECATE: new doc describing planned item removals
   * example/crawler.c: simple crawler based on libxml2
   * libssh: goto DISCONNECT state on error, not SESSION_FREE
   * CMake: Remove unused functions
   * darwinssl: allow High Sierra users to build the code using GCC
   * scripts: include _curl as part of CLEANFILES
   * examples: fix -Wformat warnings
   * curl_setup: include <winerror.h> before <windows.h>
   * schannel: make more cipher options conditional
   * CMake: remove redundant and old end-of-block syntax
   * post303.d: clarify that this is an RFC violation


   To generate a diff of this commit:
   cvs rdiff -u -r1.196 -r1.197 pkgsrc/www/curl/Makefile
   cvs rdiff -u -r1.69 -r1.70 pkgsrc/www/curl/PLIST
   cvs rdiff -u -r1.143 -r1.144 pkgsrc/www/curl/distinfo

Revision 1.143: download - view: text, markup, annotated - select for diffs
Thu May 17 09:59:39 2018 UTC (6 years, 6 months ago) by leot
Branches: MAIN
CVS tags: pkgsrc-2018Q2-base
Branch point for: pkgsrc-2018Q2
Diff to: previous 1.142: preferred, colored
Changes since revision 1.142: +5 -5 lines
curl: Update www/curl to 7.60.0

Changes:
7.60.0
------
This release includes the following changes:

 o Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol
 o Add --haproxy-protocol for the command line tool
 o Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses

This release includes the following bugfixes:

 o FTP: shutdown response buffer overflow CVE-2018-1000300
 o RTSP: bad headers buffer over-read CVE-2018-1000301
 o FTP: fix typo in recursive callback detection for seeking
 o test1208: marked flaky
 o HTTP: make header-less responses still count correct body size
 o user-agent.d:: mention --proxy-header as well
 o http2: fixes typo
 o cleanup: misc typos in strings and comments
 o rate-limit: use three second window to better handle high speeds
 o examples/hiperfifo.c: improved
 o pause: when changing pause state, update socket state
 o multi: improved pending transfers handling => improved performance
 o curl_version_info.3: fix ssl_version description
 o add_handle/easy_perform: clear errorbuffer on start if set
 o darwinssl: fix iOS build
 o cmake: add support for brotli
 o parsedate: support UT timezone
 o vauth/ntlm.h: fix the #ifdef header guard
 o lib/curl_path.h: added #ifdef header guard
 o vauth/cleartext: fix integer overflow check
 o CURLINFO_COOKIELIST.3: made the example not leak memory
 o cookie.d: mention that "-" as filename means stdin
 o CURLINFO_SSL_VERIFYRESULT.3: fixed the example
 o http2: read pending frames (including GOAWAY) in connection-check
 o timeval: remove compilation warning by casting
 o cmake: avoid warn-as-error during config checks
 o travis-ci: enable -Werror for CMake builds
 o openldap: fix for NULL return from ldap_get_attribute_ber()
 o threaded resolver: track resolver time and set suitable timeout values
 o cmake: Add advapi32 as explicit link library for win32
 o docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T
 o test1148: set a fixed locale for the test
 o cookies: when reading from a file, only remove_expired once
 o cookie: store cookies per top-level-domain-specific hash table
 o openssl: fix build with LibreSSL 2.7
 o tls: fix mbedTLS 2.7.0 build + handle sha256 failures
 o openssl: RESTORED verify locations when verifypeer==0
 o file: restore old behavior for file:////foo/bar URLs
 o FTP: allow PASV on IPv6 connections when a proxy is being used
 o build-openssl.bat: allow custom paths for VS and perl
 o winbuild: make the clean target work without build-type
 o build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15
 o curl: retry on FTP 4xx, ignore other protocols
 o configure: detect (and use) sa_family_t
 o examples/sftpuploadresume: Fix Windows large file seek
 o build: cleanup to fix clang warnings/errors
 o winbuild: updated the documentation
 o lib: silence null-dereference warnings
 o travis: bump to clang 6 and gcc 7
 o travis: build libpsl and make builds use it
 o proxy: show getenv proxy use in verbose output
 o duphandle: make sure CURLOPT_RESOLVE is duplicated
 o all: Refactor malloc+memset to use calloc
 o checksrc: Fix typo
 o system.h: Add sparcv8plus to oracle/sunpro 32-bit detection
 o vauth: Fix typo
 o ssh: show libSSH2 error code when closing fails
 o test1148: tolerate progress updates better
 o urldata: make service names unconditional
 o configure: keep LD_LIBRARY_PATH changes local
 o ntlm_sspi: fix authentication using Credential Manager
 o schannel: add client certificate authentication
 o winbuild: Support custom devel paths for each dependency
 o schannel: add support for CURLOPT_CAINFO
 o http2: handle on_begin_headers() called more than once
 o openssl: support OpenSSL 1.1.1 verbose-mode trace messages
 o openssl: fix subjectAltName check on non-ASCII platforms
 o http2: avoid strstr() on data not zero terminated
 o http2: clear the "drain counter" when a stream is closed
 o http2: handle GOAWAY properly
 o tool_help: clarify --max-time unit of time is seconds
 o curl.1: clarify that options and URLs can be mixed
 o http2: convert an assert to run-time check
 o curl_global_sslset: always provide available backends
 o ftplistparser: keep state between invokes
 o Curl_memchr: zero length input can't match
 o examples/sftpuploadresume: typecast fseek argument to long
 o examples/http2-upload: expand buffer to avoid silly warning
 o ctype: restore character classification for non-ASCII platforms
 o mime: avoid NULL pointer dereference risk
 o cookies: ensure that we have cookies before writing jar
 o os400.c: fix checksrc warnings
 o configure: provide --with-wolfssl as an alias for --with-cyassl
 o cyassl: adapt to libraries without TLS 1.0 support built-in
 o http2: get rid of another strstr
 o checksrc: force indentation of lines after an else
 o cookies: remove unused macro
 o CURLINFO_PROTOCOL.3: mention the existing defined names
 o tests: provide 'manual' as a feature to optionally require
 o travis: enable libssh2 on both macos and Linux
 o CURLOPT_URL.3: added ENCODING section
 o wolfssl: Fix non-blocking connect
 o vtls: don't define MD5_DIGEST_LENGTH for wolfssl
 o docs: remove extraneous commas in man pages
 o URL: fix ASCII dependency in strcpy_url and strlen_url
 o ssh-libssh.c: fix left shift compiler warning
 o configure: only check for CA bundle for file-using SSL backends
 o travis: add an mbedtls build
 o http: don't set the "rewind" flag when not uploading anything
 o configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h
 o transfer: don't unset writesockfd on setup of multiplexed conns
 o vtls: use unified "supports" bitfield member in backends
 o URLs: fix one more http url
 o travis: add a build using WolfSSL
 o openssl: change FILE ops to BIO ops
 o travis: add build using NSS
 o smb: reject negative file sizes
 o cookies: accept parameter names as cookie name
 o http2: getsock fix for uploads
 o all over: fixed format specifiers
 o http2: use the correct function pointer typedef

This release would not have looked like this without help, code, reports and
advice from friends like these:

  Adam Brown, Alex Baines, Anders Bakken, Anders Roxell, anshnd on github,
  Bas van Schaik, Bernard Spil, Chris Araman, Christian Schmitz, Cyril B,
  Dagobert Michelsen, Dan Fandrich, Daniel Gustafsson, Daniel Stenberg,
  Dan McNulty, Dario Weisser, dasimx on github, David Garske, David L.,
  Denis Ollier, Dmitry Mikhirev, Dongliang Mu, Don J Olmstead, Eric Gallager,
  Ernst Sjöstrand, Frank Gevaerts, Gaurav Malhotra, Geeknik Labs, Howard Chu,
  iz8mbw on github, Jakub Wilk, Jon DeVree, Kees Dekker, Kobi Gurkan,
  Laurie Clark-Michalek, Lauri Kasanen, Lawrence Matthews, Luz Paz,
  Marcel Raad, Max Dymond, Michael Kaufmann, Michael Kilburn,
  Michał Janiszewski, Michal Trybus, Muz Dima, Nikos Tsipinakis, Ori Avtalion,
  Oumph on github, patelvivekv1993 on github, Patrick Monnerat,
  Philip Prindeville, Ray Satiro, Rick Deist, Rikard Falkeborn, Sergei Nikulov,
  Stefan Agner, steini2000 on github, Stephan Mühlstrasser, Sunny Purushe,
  Terry Wu, Vincas Razma, wncboy on github, Wyatt O'Day, 刘佩东,
  (64 contributors)

        Thanks! (and sorry if I forgot to mention someone)

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>