./www/curl, Client that groks URLs

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 7.59.0, Package name: curl-7.59.0, Maintainer: pkgsrc-users

Curl is a command line tool for transferring files with URL syntax, supporting
HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload,
proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate,
kerberos...), file transfer resume, proxy tunneling and a busload of other
useful tricks.

Required to run:

Required to build:

Package options: gssapi, idn, inet6

Master sites:

SHA1: 0dd78aa857342b85b90bd6b0a53f6aee3516cb13
RMD160: 48e5c291285d46753e4bab1c720c98dc91a0a16f
Filesize: 2836.092 KB

Version history: (Expand)

CVS history: (Expand)

   2018-03-14 08:44:24 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
curl: update to 7.59.0.

Curl and libcurl 7.59.0

This release includes the following changes:

 o curl: add --proxy-pinnedpubkey [10]
 o CURLOPT_RESOLVE: Add support for multiple IP addresses per entry [37]
 o Add new tool option --happy-eyeballs-timeout-ms [37]

This release includes the following bugfixes:

 o openldap: check ldap_get_attribute_ber() results for NULL before using [50]
 o FTP: reject path components with control codes [51]
 o readwrite: make sure excess reads don't go beyond buffer end [52]
 o lib555: drop text conversion and encode data as ascii codes [1]
 o lib517: make variable static to avoid compiler warning
 o lib544: sync ascii code data with textual data [1]
 o GSKit: restore pinnedpubkey functionality [2]
 o darwinssl: Don't import client certificates into Keychain on macOS [3]
 o parsedate: fix date parsing for systems with 32 bit long [4]
 o openssl: fix pinned public key build error in FIPS mode [5]
 o SChannel/WinSSL: Implement public key pinning [6]
 o cookies: remove verbose "cookie size:" output
 o progress-bar: don't use stderr explicitly, use bar->out [7]
 o Fixes for MSDOS
 o build: open VC15 projects with VS 2017
 o curl_ctype: private is*() type macros and functions [8]
 o configure: set PATH_SEPARATOR to colon for PATH w/o separator [9]
 o winbuild: make linker generate proper PDB [11]
 o curl_easy_reset: clear digest auth state [12]
 o curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6 [14]
 o range: commonize FTP and FILE range handling [15]
 o progress-bar docs: update to match implementation [16]
 o fnmatch: do not match the empty string with a character set
 o fnmatch: accept an alphanum to be followed by a non-alphanum in char set [17]
 o build: fix termios issue on android cross-compile [18]
 o getdate: return -1 for out of range [19]
 o formdata: use the mime-content type function [20]
 o time-cond: fix reading the file modification time on Windows [21]
 o build-openssl.bat: Extend VC15 support to include Enterprise and Professional
 o build-wolfssl.bat: Extend VC15 support to include Enterprise and Professional
 o openssl: Don't add verify locations when verifypeer==0
 o fnmatch: optimize processing of consecutive *s and ?s pattern characters [22]
 o schannel: fix compiler warnings [23]
 o content_encoding: Add "none" alias to "identity" [24]
 o get_posix_time: only check for overflows if they can happen
 o http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING [25]
 o README: language fix [26]
 o sha256: build with OpenSSL < 0.9.8 [27]
 o smtp: fix processing of initial dot in data [28]
 o --tlsauthtype: works only if libcurl is built with TLS-SRP support [29]
 o tests: new tests for http raw mode [30]
 o libcurl-security.3: man page discussion security concerns when using libcurl
 o curl_gssapi: make sure this file too uses our *printf()
 o BINDINGS: fix curb link (and remove ruby-curl-multi)
 o nss: use PK11_CreateManagedGenericObject() if available [31]
 o travis: add build with iconv enabled [32]
 o ssh: add two missing state names [33]
 o CURLOPT_HEADERFUNCTION.3: mention folded headers
 o http: fix the max header length detection logic [34]
 o header callback: don't chop headers into smaller pieces [35]
 o CURLOPT_HEADER.3: clarify problems with different data sizes
 o curl --version: show PSL if the run-time lib has it enabled
 o examples/sftpuploadresume: resume upload via CURLOPT_APPEND [36]
 o Return error if called recursively from within callbacks [38]
 o sasl: prefer PLAIN mechanism over LOGIN
 o winbuild: Use CALL to run batch scripts [40]
 o curl_share_setopt.3: connection cache is shared within multi handles
 o winbuild: Use macros for the names of some build utilities [41]
 o projects/README: remove reference to dead IDN link/package [42]
 o lib655: silence compiler warning [43]
 o configure: Fix version check for OpenSSL 1.1.1
 o docs/MANUAL: formfind.pl is not accessible on the site anymore [44]
 o unit1309: fix warning on Windows x64 [45]
 o unit1307: proper cleanup on OOM to fix torture tests
 o curl_ctype: fix macro redefinition warnings
 o build: get CFLAGS (including -werror) used for examples and tests [46]
 o NO_PROXY: fix for IPv6 numericals in the URL [47]
 o krb5: use nondeprecated functions [48]
 o winbuild: prefer documented zlib library names [49]
 o http2: mark the connection for close on GOAWAY [53]
 o limit-rate: kick in even before "limit" data has been received [54]
 o HTTP: allow "header;" to replace an internal header with a blank \ 
one [55]
 o http2: verbose output new MAX_CONCURRENT_STREAMS values
 o SECURITY: distros' max embargo time is 14 days
 o curl tool: accept --compressed also if Brotli is enabled and zlib is not
 o WolfSSL: adding TLSv1.3 [56]
 o checksrc.pl: add -i and -m options
 o CURLOPT_COOKIEFILE.3: "-" as file name means stdin
   2018-01-24 13:17:44 by Leonardo Taccari | Files touched by this commit (1)
Log message:
curl: Delete if-def block regarding TEST_TARGET and test dependencies

Define TEST_TARGET unconditionally and do not add `perl' to USE_TOOLS, `perl'
is already needed as tool.
   2018-01-24 08:57:19 by Thomas Klausner | Files touched by this commit (4) | Package updated
Log message:
curl: update to 7.58.0.

This release includes the following changes:

 o new libssh-powered SSH SCP/SFTP back-end
 o curl-config: add --ssl-backends [10]

This release includes the following bugfixes:

 o http2: fix incorrect trailer buffer size [40]
 o http: prevent custom Authorization headers in redirects [55]
 o travis: add boringssl build [1]
 o examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL [2]
 o SSL: Avoid magic allocation of SSL backend specific data [3]
 o lib: don't export all symbols, just everything curl_* [4]
 o libssh2: send the correct CURLE error code on scp file not found
 o libssh2: return CURLE_UPLOAD_FAILED on failure to upload
 o openssl: enable pkcs12 in boringssl builds [5]
 o libssh2: remove dead code from SSH_SFTP_QUOTE [6]
 o sasl_getmesssage: make sure we have a long enough string to pass [7]
 o conncache: fix several lock issues [8]
 o threaded-shared-conn.c: new example
 o conncache: only allow multiplexing within same multi handle [9]
 o configure: check for netinet/in6.h [11]
 o URL: tolerate backslash after drive letter for FILE: [12]
 o openldap: add commented out debug possibilities [13]
 o include: get netinet/in.h before linux/tcp.h [14]
 o CONNECT: keep close connection flag in http_connect_state struct [15]
 o BINDINGS: another PostgreSQL client
 o curl: limit -# update frequency for unknown total size [16]
 o configure: add AX_CODE_COVERAGE only if using gcc [17]
 o curl.h: remove incorrect comment about ERRORBUFFER
 o openssl: improve data-pending check for https proxy [18]
 o curl: remove __EMX__ #ifdefs [19]
 o CURLOPT_PRIVATE.3: fix grammar [20]
 o sftp: allow quoted commands to use relative paths [21]
 o RESOLVE: output verbose text when trying to set a duplicate name
 o openssl: Disable file buffering for Win32 SSLKEYLOGFILE [22]
 o multi_done: prune DNS cache [23]
 o tests: update .gitignore for libtests
 o tests: mark data files as non-executable in git
 o CURLOPT_DNS_LOCAL_IP4.3: fixed the "SEE ALSO" to not self-reference
 o curl.1: documented two missing valid exit codes
 o curl.1: mention http:// and https:// as valid proxy prefixes
 o vtls: replaced getenv() with curl_getenv() [24]
 o setopt: less *or equal* than INT_MAX/1000 should be fine [25]
 o examples/smtp-mail.c: use separate defines for options and mail
 o curl: support >256 bytes warning messsages [26]
 o conncache: fix a return code
 o krb5: fix a potential access of uninitialized memory
 o rand: add a clang-analyzer work-around
 o CURLOPT_READFUNCTION.3: refer to argument with correct name [27]
 o brotli: allow compiling with version 0.6.0
 o content_encoding: rework zlib_inflate [28]
 o curl_easy_reset: release mime-related data [29]
 o examples/rtsp: fix error handling macros [30]
 o build-openssl.bat: Added support for VC15
 o build-wolfssl.bat: Added support for VC15
 o build: Added Visual Studio 2017 project files
 o winbuild: Added support for VC15
 o curl: Support size modifiers for --max-filesize [32]
 o examples/cacertinmem: ignore cert-already-exists error [33]
 o brotli: data at the end of content can be lost [34]
 o curl_version_info.3: call the argument 'age' [35]
 o openssl: fix memory leak of SSLKEYLOGFILE filename
 o build: remove HAVE_LIMITS_H check [36]
 o --mail-rcpt: fix short-text description
 o scripts: allow all perl scripts to be run directly [37]
 o progress: calculate transfer speed on milliseconds if possible [38]
 o system.h: check __LONG_MAX__ for defining curl_off_t [31]
 o easy: fix connection ownership in curl_easy_pause [39]
 o setopt: reintroduce non-static Curl_vsetopt() for OS400 support [41]
 o setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values [42]
 o configure.ac: append extra linker flags instead of prepending them [43]
 o HTTP: bail out on negative Content-Length: values [44]
 o docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata
 o mime: clone mime tree upon easy handle duplication [45]
 o openssl: enable SSLKEYLOGFILE support by default [46]
 o smtp/pop3/imap_get_message: decrease the data length too... [47]
 o CURLOPT_TCP_NODELAY.3: fix typo [48]
 o SMB: fix numeric constant suffix and variable types [49]
 o ftp-wildcard: fix matching an empty string with "*[^a]" [50]
 o curl_fnmatch: only allow 5 '*' sections in a single pattern
 o openssl: fix potential memory leak in SSLKEYLOGFILE logic
 o SSH: Fix state machine for ssh-agent authentication [51]
 o examples/url2file.c: add missing curl_global_cleanup() call [52]
 o http2: don't close connection when single transfer is stopped [53]
 o libcurl-env.3: first version
 o curl: progress bar refresh, get width using ioctl() [54]
 o CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support [56]
   2018-01-01 22:18:57 by Adam Ciarcinski | Files touched by this commit (629) | Package updated
Log message:
Revbump after boost update
   2017-11-29 14:56:28 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
curl: update to 7.57.0.

Curl and libcurl 7.57.0

 o auth: add support for RFC7616 - HTTP Digest access authentication [12]
 o share: add support for sharing the connection cache [31]
 o HTTP: implement Brotli content encoding [28]

This release includes the following bugfixes:

 o CVE-2017-8816: NTLM buffer overflow via integer overflow [47]
 o CVE-2017-8817: FTP wildcard out of bounds read [48]
 o CVE-2017-8818: SSL out of buffer access [49]
 o curl_mime_filedata.3: fix typos [1]
 o libtest: Add required test libraries for lib1552 and lib1553 [2]
 o fix time diffs for systems using unsigned time_t [3]
 o ftplistparser: memory leak fix: free temporary memory always [4]
 o multi: allow table handle sizes to be overridden [5]
 o wildcards: don't use with non-supported protocols [6]
 o curl_fnmatch: return error on illegal wildcard pattern [7]
 o transfer: Fix chunked-encoding upload too early exit [8]
 o curl_setup: Improve detection of CURL_WINDOWS_APP [9]
 o resolvers: only include anything if needed [10]
 o setopt: fix CURLOPT_SSH_AUTH_TYPES option read
 o appveyor: add a win32 build
 o Curl_timeleft: change return type to timediff_t [11]
 o cmake: Export libcurl and curl targets to use by other cmake projects [13]
 o curl: in -F option arg, comma is a delimiter for files only [14]
 o curl: improved ";type=" handling in -F option arguments
 o timeval: use mach_absolute_time() on MacOS [15]
 o curlx: the timeval functions are no longer provided as curlx_* [16]
 o mkhelp.pl: do not generate comment with current date [17]
 o memdebug: use send/recv signature for curl_dosend/curl_dorecv [18]
 o cookie: avoid NULL dereference [19]
 o url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 [20]
 o include: remove conncache.h inclusion from where its not needed
 o CURLOPT_MAXREDIRS: allow -1 as a value [21]
 o tests: Fixed torture tests on tests 556 and 650
 o http2: Fixed OOM handling in upgrade request
 o url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
 o CURLOPT_INFILESIZE: accept -1 [22]
 o curl: pass through [] in URLs instead of calling globbing error [23]
 o curl: speed up handling of many URLs [24]
 o ntlm: avoid malloc(0) for zero length passwords [25]
 o url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES [26]
 o HTTP: support multiple Content-Encodings [27]
 o travis: add a job with brotli enabled
 o url: remove unncessary NULL-check
 o fnmatch: remove dead code
 o connect: store IPv6 connection status after valid connection [29]
 o imap: deal with commands case insensitively [30]
 o --interface: add support for Linux VRF [32]
 o content_encoding: fix inflate_stream for no bytes available [33]
 o cmake: Correctly include curl.rc in Windows builds [34]
 o cmake: Add missing setmode check [35]
 o connect.c: remove executable bit on file [36]
 o SMB: fix uninitialized local variable
 o zlib/brotli: only include header files in modules needing them [37]
 o URL: return error on malformed URLs with junk after IPv6 bracket [38]
 o openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY [39]
 o macOS: Fix missing connectx function with Xcode version older than 9.0 [40]
 o --resolve: allow IP address within [] brackets [41]
 o examples/curlx: Fix code style [42]
 o ntlm: remove unnecessary NULL-check to please scan-build [43]
 o Curl_llist_remove: fix potential NULL pointer deref [43]
 o mime: fix "Value stored to 'sz' is never read" scan-build error [43]
 o openssl: fix "Value stored to 'rc' is never read" scan-build error [43]
 o http2: fix "Value stored to 'hdbuf' is never read" scan-build error [43]
 o http2: fix "Value stored to 'end' is never read" scan-build error [43]
 o Curl_open: fix OOM return error correctly [43]
 o url: reject ASCII control characters and space in host names [44]
 o examples/rtsp: clear RANGE again after use [45]
 o connect: improve the bind error message [46]
 o make: fix "make distclean" [50]
 o connect: add support for new TCP Fast Open API on Linux [51]
 o metalink: fix memory-leak and NULL pointer dereference [52]
 o URL: update "file:" URL handling [53]
 o ssh: remove check for a NULL pointer [54]
 o global_init: ignore CURL_GLOBAL_SSL's absense [55]
   2017-11-03 10:40:37 by Jonathan Perkin | Files touched by this commit (2)
Log message:
curl: Don't strip out user-supplied debug flags.
   2017-10-23 08:59:36 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
curl: update to 7.56.1

Curl and libcurl 7.56.1

This release includes the following bugfixes:

 o imap: if a FETCH response has no size, don't call write callback
 o ftp: UBsan fixup 'pointer index expression overflowed
 o failf: skip the sprintf() if there are no consumers
 o fuzzer: move to using external curl-fuzzer
 o lib/Makefile.m32: allow customizing dll suffixes
 o docs: fix typo in curl_mime_data_cb man page
 o darwinssl: add support for TLSv1.3
 o build: fix --disable-crypto-auth
 o lib/config-win32.h: let SMB/SMBS be enabled with OpenSSL/NSS
 o openssl: fix build without HAVE_OPAQUE_EVP_PKEY
 o strtoofft: Remove extraneous null check
 o multi_cleanup: call DONE on handles that never got that
 o tests: added flaky keyword to tests 587 and 644
 o pingpong: return error when trying to send without connection
 o remove_handle: call multi_done() first, then clear dns cache pointer
 o mime: be tolerant about setting twice the same header list in a part.
 o mime: improve unbinding top multipart from easy handle.
 o mime: avoid resetting a part's encoder when part's contents change.
 o mime: refuse to add subparts to one of their own descendants
 o RTSP: avoid integer overflow on funny RTSP responses
 o curl: don't pass semicolons when parsing Content-Disposition
 o openssl: enable PKCS12 support for !BoringSSL
 o CURLOPT_NOPROGRESS.3: also refer to xferinfofunction
 o CURLOPT_XFERINFODATA.3: fix duplicate see also
 o test298: verify --ftp-method nowcwd with URL encoded path
 o FTP: URL decode path for dir listing in nocwd mode
 o smtp_done: fix memory leak on send failure
 o ftpserver: support case insensitive commands
 o test950; verify SMTP with custom request
 o openssl: don't use old BORINGSSL_YYYYMM macros
 o setopt: update current connection SSL verify params
 o winbuild/BUILD.WINDOWS.txt: mention WITH_NGHTTP2
 o curl: reimplement stdin buffering in -F option
 o mime: keep "text/plain" content type if user-specified
 o mime: fix the content reader to handle >16K data properly
 o configure: remove the C++ compiler check
 o memdebug: trace send, recv and socket
 o runtests: use valgrind for torture as well
 o ldap: silence clang warning
 o makefile.m32: allow to override gcc, ar and ranlib
 o setopt: avoid integer overflows when setting millsecond values
 o setopt: range check most long options
 o ftp: reject illegal IP/port in PASV 227 response
 o mime: do not reuse previously computed multipart size
 o vtls: change struct Curl_ssl `close' field name to `close_one'
 o os400: add missing symbols in config file
 o mime: limit bas64-encoded lines length to 76 characters
 o mk-ca-bundle: Remove URL for aurora
 o mk-ca-bundle: Fix URL for NSS
   2017-10-04 08:32:58 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
curl: update to 7.56.0.

Curl and libcurl 7.56.0

This release includes the following changes:

 o curl: enable compression for SCP/SFTP with --compressed-ssh  [11]
 o libcurl: enable compression for SCP/SFTP with CURLOPT_SSH_COMPRESSION [11]
 o vtls: added dynamic changing SSL backend with curl_global_sslset() [28]
 o new MIME API, curl_mime_init() and friends [32]
 o openssl: initial SSLKEYLOGFILE implementation [36]

This release includes the following bugfixes:

 o FTP: zero terminate the entry path even on bad input [67]
 o examples/ftpuploadresume.c: use portable code
 o runtests: match keywords case insensitively
 o travis: build the examples too [1]
 o strtoofft: reduce integer overflow risks globally [2]
 o zsh.pl: produce a working completion script again [3]
 o cmake: remove dead code for CURL_DISABLE_RTMP [4]
 o progress: Track total times following redirects [5]
 o configure: fix --disable-threaded-resolver [6]
 o cmake: remove dead code for DISABLED_THREADSAFE [7]
 o configure: fix clang version detection
 o darwinssi: fix error: variable length array used
 o travis: add metalink to some osx builds [8]
 o configure: check for __builtin_available() availability [9]
 o http_proxy: fix build error for CURL_DOES_CONVERSIONS [10]
 o examples/ftpuploadresume: checksrc compliance
 o ftp: fix CWD when doing multicwd then nocwd on same connection [12]
 o system.h: remove all CURL_SIZEOF_* defines [13]
 o http: Don't wait on CONNECT when there is no proxy [14]
 o system.h: check for __ppc__ as well [15]
 o http2_recv: return error better on fatal h2 errors [16]
 o scripts/contri*sh: use "git log --use-mailmap"
 o tftp: fix memory leak on too long filename [17]
 o system.h: fix build for hppa [18]
 o cmake: enable picky compiler options with clang and gcc [19]
 o makefile.m32: add support for libidn2 [20]
 o curl: turn off MinGW CRT's globbing [21]
 o request-target.d: mention added in 7.55.0
 o curl: shorten and clean up CA cert verification error message [22]
 o imap: support PREAUTH [23]
 o examples/threaded-ssl: mention that this is for openssl before 1.1
 o winbuild: fix embedded manifest option [24]
 o tests: Make sure libtests & unittests call curl_global_cleanup()
 o system.h: include sys/poll.h for AIX [25]
 o darwinssl: handle long strings in TLS certs [26]
 o strtooff: fix build for systems with long long but no strtoll [27]
 o asyn-thread: Improved cleanup after OOM situations
 o HELP-US.md: "How to get started helping out in the curl project" [29]
 o curl.h: CURLSSLBACKEND_WOLFSSL used wrong value [30]
 o unit1301: fix error message on first test
 o ossfuzz: moving towards the ideal integration [31]
 o http: fix a memory leakage in checkrtspprefix()
 o examples/post-callback: stop returning one byte at a time
 o schannel: return CURLE_SSL_CACERT on failed verification [33]
 o MAIL-ETIQUETTE: added "1.9 Your emails are public"
 o http-proxy: treat all 2xx as CONNECT success [34]
 o openssl: use OpenSSL's default ciphers by default [35]
 o runtests.pl: support attribute "nonewline" in part verify/upload
 o configure: remove --enable-soname-bump and SONAME_BUMP [37]
 o travis: add c-ares enabled builds linux + osx [38]
 o vtls: fix WolfSSL 3.12 build problems [39]
 o http-proxy: when not doing CONNECT, that phase is done immediately [40]
 o configure: fix curl_off_t check's include order [41]
 o configure: use -Wno-varargs on clang 3.9[.X] debug builds
 o rtsp: do not call fwrite() with NULL pointer FILE * [42]
 o mbedtls: enable CA path processing [43]
 o travis: add build without HTTP/SMTP/IMAP
 o checksrc: verify more code style rules [44]
 o HTTP proxy: on connection re-use, still use the new remote port [45]
 o tests: add initial gssapi test using stub implementation [46]
 o rtsp: Segfault when using WRITEDATA [47]
 o docs: clarify the CURLOPT_INTERLEAVE* options behavior
 o non-ascii: use iconv() with 'char **' argument [48]
 o server/getpart: provide dummy function to build conversion enabled
 o conversions: fix several compiler warnings
 o openssl: add missing includes [49]
 o schannel: Support partial send for when data is too large [50]
 o socks: fix incorrect port number in SOCKS4 error message [51]
 o curl: fix integer overflow in timeout options [52]
 o travis: on mac, don't install openssl or libidn [53]
 o cookies: reject oversized cookies instead of truncating [54]
 o cookies: use lock when using CURLINFO_COOKIELIST [55]
 o curl: check fseek() return code and bail on error
 o examples/post-callback: use long for CURLOPT_POSTFIELDSIZE
 o openssl: only verify RSA private key if supported [56]
 o tests: make the imap server not verify user+password [57]
 o imap: quote atoms properly when escaping characters [58]
 o tests: fix a compiler warning in test 643
 o file_range: avoid integer overflow when figuring out byte range [59]
 o curl.h: include <sys/select.h> on cygwin too [60]
 o reuse_conn: don't copy flags that are known to be equal [61]
 o http: fix adding custom empty headers to repeated requests [62]
 o docs: clarify the use of environment variables for proxy [63]
 o connect: fix race condition with happy eyeballs timeout [65]
 o cookie: fix memory leak if path was set twice in header [66]
 o vtls: compare and clone ssl configs properly [68]
 o proxy: read the "no_proxy" variable only if necessary [69]