Path to this page:
Subject: CVS commit: pkgsrc/www/curl
From: Leonardo Taccari
Date: 2019-09-11 10:32:03
Message id: 20190911083203.3DD4AFBF4@cvs.NetBSD.org
Log Message:
curl: Update to 7.66.0
Changes:
7.66.0
------
This release includes the following changes:
o CURLINFO_RETRY_AFTER: parse the Retry-After header value
o HTTP3: initial (experimental still not working) support
o curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool
o curl: support parallel transfers with -Z
o curl_multi_poll: a sister to curl_multi_wait() that waits more
o sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID
This release includes the following bugfixes:
o CVE-2019-5481: FTP-KRB double-free
o CVE-2019-5482: TFTP small blocksize heap buffer overflow
o CI: remove duplicate configure flag for LGTM.com
o CMake: remove needless newlines at end of gss variables
o CMake: use platform dependent name for dlopen() library
o CURLINFO docs: mention that in redirects times are added
o CURLOPT_ALTSVC.3: use a "" file name to not load from a file
o CURLOPT_ALTSVC_CTRL.3: remove CURLALTSVC_ALTUSED
o CURLOPT_HEADERFUNCTION.3: clarify
o CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directly
o CURLOPT_READFUNCTION.3: provide inline example
o CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2
o Curl_addr2string: take an addrlen argument too
o Curl_fillreadbuffer: avoid double-free trailer buf on error
o HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown
o alt-svc: add protocol version selection masking
o alt-svc: fix removal of expired cache entry
o alt-svc: make it use h3-22 with ngtcp2 as well
o alt-svc: more liberal ALPN name parsing
o alt-svc: send Alt-Used: in redirected requests
o alt-svc: with quiche, use the quiche h3 alpn string
o appveyor: pass on -k to make
o asyn-thread: create a socketpair to wait on
o build-openssl: fix build with Visual Studio 2019
o cleanup: move functions out of url.c and make them static
o cleanup: remove the 'numsocks' argument used in many places
o configure: avoid undefined check_for_ca_bundle
o curl.h: add CURL_HTTP_VERSION_3 to the version enum
o curl.h: fix outdated comment
o curl: cap the maximum allowed values for retry time arguments
o curl: handle a libcurl build without netrc support
o curl: make use of CURLINFO_RETRY_AFTER when retrying
o curl: remove outdated comment
o curl: use .curlrc (with a dot) on Windows
o curl: use CURLINFO_PROTOCOL to check for HTTP(s)
o curl_global_init_mem.3: mention it was added in 7.12.0
o curl_version: bump string buffer size to 250
o curl_version_info.3: mentioned ALTSVC and HTTP3
o curl_version_info: offer quic (and h3) library info
o curl_version_info: provide nghttp2 details
o defines: avoid underscore-prefixed defines
o docs/ALTSVC: remove what works and the experimental explanation
o docs/EXPERIMENTAL: explain what it means and what's experimental now
o docs/MANUAL.md: converted to markdown from plain text
o docs/examples/curlx: fix errors
o docs: s/curl_debug/curl_dbg_debug in comments and docs
o easy: resize receive buffer on easy handle reset
o examples: Avoid reserved names in hiperfifo examples
o examples: add http3.c, altsvc.c and http3-present.c
o getenv: support up to 4K environment variable contents on windows
o http09: disable HTTP/0.9 by default in both tool and library
o http2: when marked for closure and wanted to close == OK
o http2_recv: trigger another read when the last data is returned
o http: fix use of credentials from URL when using HTTP proxy
o http_negotiate: improve handling of gss_init_sec_context() failures
o md4: Use our own MD4 when no crypto libraries are available
o multi: call detach_connection before Curl_disconnect
o netrc: make the code try ".netrc" on Windows
o nss: use TLSv1.3 as default if supported
o openssl: build warning free with boringssl
o openssl: use SSL_CTX_set_<min|max>_proto_version() when available
o plan9: add support for running on Plan 9
o progress: reset download/uploaded counter between transfers
o readwrite_data: repair setting the TIMER_STARTTRANSFER stamp
o scp: fix directory name length used in memcpy
o smb: init *msg to NULL in smb_send_and_recv()
o smtp: check for and bail out on too short EHLO response
o source: remove names from source comments
o spnego_sspi: add typecast to fix build warning
o src/makefile: fix uncompressed hugehelp.c generation
o ssh-libssh: do not specify O_APPEND when not in append mode
o ssh: move code into vssh for SSH backends
o sspi: fix memory leaks
o tests: Replace outdated test case numbering documentation
o tftp: return error when packet is too small for options
o timediff: make it 64 bit (if possible) even with 32 bit time_t
o travis: reduce number of torture tests in 'coverage'
o url: make use of new HTTP version if alt-svc has one
o urlapi: verify the IPv6 numerical address
o urldata: avoid 'generic', use dedicated pointers
o vauth: Use CURLE_AUTH_ERROR for auth function errors
Files: