./www/curl, Client that groks URLs

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 7.51.0, Package name: curl-7.51.0, Maintainer: pkgsrc-users

Curl is a command line tool for transferring files with URL syntax, supporting
FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. Curl supports
HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload,
proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate,
kerberos...), file transfer resume, proxy tunneling and a busload of other
useful tricks.


Required to run:
[devel/libidn]

Required to build:
[pkgtools/cwrappers]

Package options: gssapi, inet6, libidn

Master sites:

SHA1: f02a14bbe580d2a8cf3bf45a79d39eb595220ac7
RMD160: 234ca5a35fb911ad8428799c7186f07ae5df5965
Filesize: 2509.811 KB

Version history: (Expand)


CVS history: (Expand)


   2016-11-02 08:09:39 by Maya Rashish | Files touched by this commit (4) | Package updated
Log message:
curl: update to 7.51.0. security fix

Curl and libcurl 7.51.0

 Public curl releases:         160
 Command line options:         185
 curl_easy_setopt() options:   225
 Public functions in libcurl:  61
 Contributors:                 1467

This release includes the following changes:

 o nss: additional cipher suites are now accepted by CURLOPT_SSL_CIPHER_LIST
 o New option: CURLOPT_KEEP_SENDING_ON_ERROR [10]

This release includes the following bugfixes:

 o CVE-2016-8615: cookie injection for other servers [28]
 o CVE-2016-8616: case insensitive password comparison [29]
 o CVE-2016-8617: OOB write via unchecked multiplication [30]
 o CVE-2016-8618: double-free in curl_maprintf [31]
 o CVE-2016-8619: double-free in krb5 code [32]
 o CVE-2016-8620: glob parser write/read out of bounds [33]
 o CVE-2016-8621: curl_getdate read out of bounds [34]
 o CVE-2016-8622: URL unescape heap overflow via integer truncation [35]
 o CVE-2016-8623: Use-after-free via shared cookies [36]
 o CVE-2016-8624: invalid URL parsing with '#' [37]
 o CVE-2016-8625: IDNA 2003 makes curl use wrong host [38]
 o openssl: fix per-thread memory leak using 1.0.1 or 1.0.2 [1]
 o http: accept "Transfer-Encoding: chunked" for HTTP/2 as well [2]
 o LICENSE-MIXING.md: update with mbedTLS dual licensing [3]
 o examples/imap-append: Set size of data to be uploaded [4]
 o test2048: fix url
 o darwinssl: disable RC4 cipher-suite support
 o CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting
 o openssl: don’t call CRYTPO_cleanup_all_ex_data [5]
 o libressl: fix version output [6]
 o easy: Reset all statistical session info in curl_easy_reset [7]
 o curl_global_cleanup.3: don't unload the lib with sub threads running [8]
 o dist: add CurlSymbolHiding.cmake to the tarball
 o docs: Remove that --proto is just used for initial retrieval [9]
 o configure: Fixed builds with libssh2 in a custom location
 o curl.1: --trace supports % for sending to stderr!
 o cookies: same domain handling changed to match browser behavior [11]
 o formpost: trying to attach a directory no longer crashes [12]
 o CURLOPT_DEBUGFUNCTION.3: fixed unused argument warning [13]
 o formpost: avoid silent snprintf() truncation
 o ftp: fix Curl_ftpsendf
 o mprintf: return error on too many arguments
 o smb: properly check incoming packet boundaries [14]
 o GIT-INFO: remove the Mac 10.1-specific details [15]
 o resolve: add error message when resolving using SIGALRM [16]
 o cmake: add nghttp2 support [17]
 o dist: remove PDF and HTML converted docs from the releases [18]
 o configure: disable poll() in macOS builds [19]
 o vtls: only re-use session-ids using the same scheme
 o pipelining: skip to-be-closed connections when pipelining [20]
 o win: fix Universal Windows Platform build [21]
 o curl: do not set CURLOPT_SSLENGINE to DEFAULT automatically [22]
 o maketgz: make it support "only" generating version info
 o Curl_socket_check: add extra check to avoid integer overflow
 o gopher: properly return error for poll failures
 o curl: set INTERLEAVEDATA too
 o polarssl: clear thread array at init
 o polarssl: fix unaligned SSL session-id lock
 o polarssl: reduce #ifdef madness with a macro
 o curl_multi_add_handle: set timeouts in closure handles [23]
 o configure: set min version flags for builds on mac [24]
 o INSTALL: converted to markdown => INSTALL.md
 o curl_multi_remove_handle: fix a double-free [25]
 o multi: fix inifinte loop in curl_multi_cleanup() [26]
 o nss: fix tight loop in non-blocking TLS handhsake over proxy [27]
 o mk-ca-bundle: Change URL retrieval to HTTPS-only by default [39]
 o mbedtls: stop using deprecated include file [40]
 o docs: fix req->data in multi-uv example [41]
 o configure: Fix test syntax for monotonic clock_gettime
 o CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2 [42]

This release includes the following known bugs:

 o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

  Akshay Vernekar, Alexander Sinditskiy, Anders Bakken, Andreas Streichardt,
  Andrei Sedoi, Bernard Spil, Christian Heimes, Dan Fandrich,
  Daniel Gustafsson, Daniel Stenberg, Darío Hereñú, David Woodhouse,
  Fernando Muñoz, Gregory Szorc, Jeroen Ooms, Kamil Dudka, Luật Nguyễn,
  lukaszgn on github, Marcel Raad, Martin Frodl, Martin Storsjö,
  Michael Kaufmann, Michael Osipov, Miloš Ljumović, Nick Zitzmann,
  nopjmp on github, Paul Joyce, Rainer Müller, Ray Satiro, Remo E,
  Rider Linden, Sebastian Mundry, Sergei Kuzmin, Stephen Brokenshire,
  Tobias Stoeckmann, Toby Peterson, Todd Short, Tony Kelman, Torben Dannhauer,
  Valentin David,
  (40 contributors)

        Thanks! (and sorry if I forgot to mention someone)

References to bug reports and discussions on issues:

 [1] = https://curl.haxx.se/bug/?i=964
 [2] = https://curl.haxx.se/bug/?i=1013
 [3] = https://curl.haxx.se/bug/?i=1019
 [4] = https://curl.haxx.se/bug/?i=1011
 [5] = https://curl.haxx.se/mail/lib-2016-09/0045.html
 [6] = https://curl.haxx.se/bug/?i=1029
 [7] = https://curl.haxx.se/bug/?i=1017
 [8] = https://curl.haxx.se/bug/?i=997
 [9] = https://curl.haxx.se/bug/?i=1031
 [10] = https://curl.haxx.se/libcurl/c/CURLOPT_ … ERROR.html
 [11] = https://curl.haxx.se/bug/?i=1050
 [12] = https://curl.haxx.se/bug/?i=1053
 [13] = https://curl.haxx.se/bug/?i=1056
 [14] = https://curl.haxx.se/bug/?i=1052
 [15] = https://curl.haxx.se/bug/?i=1049
 [16] = https://curl.haxx.se/bug/?i=1066
 [17] = https://curl.haxx.se/bug/?i=922
 [18] = https://curl.haxx.se/mail/lib-2016-10/0040.html
 [19] = https://curl.haxx.se/bug/?i=1057
 [20] = https://curl.haxx.se/bug/?i=1075
 [21] = https://curl.haxx.se/bug/?i=1048
 [22] = https://curl.haxx.se/bug/?i=1042
 [23] = https://curl.haxx.se/bug/?i=739
 [24] = https://curl.haxx.se/bug/?i=1069
 [25] = https://curl.haxx.se/bug/?i=1083
 [26] = https://curl.haxx.se/mail/lib-2016-10/0011.html
 [27] = https://bugzilla.redhat.com/1388162
 [28] = https://curl.haxx.se/docs/adv_20161102A.html
 [29] = https://curl.haxx.se/docs/adv_20161102B.html
 [30] = https://curl.haxx.se/docs/adv_20161102C.html
 [31] = https://curl.haxx.se/docs/adv_20161102D.html
 [32] = https://curl.haxx.se/docs/adv_20161102E.html
 [33] = https://curl.haxx.se/docs/adv_20161102F.html
 [34] = https://curl.haxx.se/docs/adv_20161102G.html
 [35] = https://curl.haxx.se/docs/adv_20161102H.html
 [36] = https://curl.haxx.se/docs/adv_20161102I.html
 [37] = https://curl.haxx.se/docs/adv_20161102J.html
 [38] = https://curl.haxx.se/docs/adv_20161102K.html
 [39] = https://curl.haxx.se/bug/?i=1012
 [40] = https://curl.haxx.se/bug/?i=1087
 [41] = https://curl.haxx.se/bug/?i=1088
 [42] = https://curl.haxx.se/bug/?i=1059
   2016-10-07 20:26:14 by Adam Ciarcinski | Files touched by this commit (611) | Package updated
Log message:
Revbump post boost update
   2016-09-14 09:12:12 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
Updated curl to 7.50.3.

Curl and libcurl 7.50.3

This release includes the following bugfixes:

 o CVE-2016-7167: escape and unescape integer overflows [8]
 o mk-ca-bundle.pl: use SHA256 instead of SHA1
 o checksrc: detect strtok() use
 o errors: new alias CURLE_WEIRD_SERVER_REPLY [1]
 o http2: support > 64bit sized uploads [2]
 o openssl: fix bad memory free (regression) [3]
 o CMake: hide private library symbols [4]
 o http: refuse to pass on response body with NO_NODY was set [5]
 o cmake: fix curl-config --static-libs [6]
 o mbedtls: switch off NTLM in build if md4 isn't available [7]
 o curl: --create-dirs on windows groks both forward and backward slashes [9]
   2016-09-07 09:55:51 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
Fixed in 7.50.2 - September 7 2016

Bugfixes:
---------
mbedtls: Added support for NTLM
SSH: fixed SFTP/SCP transfer problems
multi: make Curl_expire() work with 0 ms timeouts
mk-ca-bundle.pl: -m keeps ca cert meta data in output
TFTP: Fix upload problem with piped input
CURLOPT_TCP_NODELAY: now enabled by default
mbedtls: set verbose TLS debug when MBEDTLS_DEBUG is defined
http2: always wait for readable socket
cmake: Enable win32 large file support by default
cmake: Enable win32 threaded resolver by default
winbuild: Avoid setting redundant CFLAGS to compile commands
curl.h: make CURL_NO_OLDIES define CURL_STRICTER
docs: make more markdown files use .md extension
docs: CONTRIBUTE and LICENSE-MIXING were converted to markdown
winbuild: Allow changing C compiler via environment variable CC
rtsp: accept any RTSP session id
HTTP: retry failed HEAD requests on reused connections too
configure: add zlib search with pkg-config
openssl: accept subjectAltName iPAddress if no dNSName match
MANUAL: Remove invalid link to LDAP documentation
socks: improved connection procedure
proxy: reject attempts to use unsupported proxy schemes
proxy: bring back use of "Proxy-Connection:"
curl: allow "pkcs11:" prefix for client certificates
spnego_sspi: fix memory leak in case *outlen is zero
SOCKS: improve verbose output of SOCKS5 connection sequence
SOCKS: display the hostname returned by the SOCKS5 proxy server
http/sasl: Query authentication mechanism supported by SSPI before using
sasl: Don't use GSSAPI authentication when domain name not specified
win: Basic support for Universal Windows Platform apps
nss: fix incorrect use of a previously loaded certificate from file
nss: work around race condition in PK11_FindSlotByName()
ftp: fix wrong poll on the secondary socket
openssl: build warning-free with 1.1.0 (again)
HTTP: stop parsing headers when switching to unknown protocols
test219: Add http as a required feature
TLS: random file/egd doesn't have to match for conn reuse
schannel: Disable ALPN for Wine since it is causing problems
http2: make sure stream errors don't needlessly close the connection
http2: return CURLE_HTTP2_STREAM for unexpected stream close
darwinssl: --cainfo is intended for backward compatibility only
speed caps: not based on average speeds anymore
configure: make the cpp -P detection not clobber CPPFLAGS
http2: use named define instead of magic constant in read callback
http2: skip the content-length parsing, detect unknown size
http2: return EOF when done uploading without known size
darwinssl: test for errSecSuccess in PKCS12 import rather than noErr
openssl: fix CURLINFO_SSL_VERIFYRESULT
   2016-08-03 10:57:51 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
Updated curl to 7.50.1.

 Bugfixes:

    TLS: switch off SSL session id when client cert is used
    TLS: only reuse connections with the same client cert
    curl_multi_cleanup: clear connection pointer for easy handles
    include the CURLINFO_HTTP_VERSION man page into the release tarball
    include the http2-server.pl script in the release tarball
    test558: fix test by stripping file paths from FD lines
    spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration
    tests: Fix for http/2 feature
    cmake: Fix for schannel support
    curl.h: make public types void * again
    win32: fix a potential memory leak in Curl_load_library
    travis: fix OSX build by re-installing libtool
    mbedtls: Fix debug function name
   2016-07-24 20:38:34 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
Updated curl to 7.50.0.

 Fixed in 7.50.0 - July 21 2016

Changes:

    http: add CURLINFO_HTTP_VERSION and %{http_version}

Bugfixes:

    memdebug: fix MSVC crash with -DMEMDEBUG_LOG_SYNC
    openssl: fix build with OPENSSL_NO_COMP
    mbedtls: removed unused variables
    cmake: Added missing mbedTLS support
    URL parser: allow URLs to use one, two or three slashes
    curl: fix -q [regression]
    openssl: Use correct buffer sizes for error messages
    curl: fix SIGSEGV while parsing URL with too many globs
    schannel: add CURLOPT_CERTINFO support
    vtls: fix ssl session cache race condition
    http: Fix HTTP/2 connection reuse [regression]
    checksrc: Add LoadLibrary to the banned functions list
    schannel: Disable ALPN on Windows < 8.1
    configure: occasional ignorance of --enable-symbol-hiding with GCC
    http2: test17xx are the first real HTTP/2 tests
    resolve: add support for IPv6 DNS64/NAT64 Networks on OS X + iOS
    curl_multi_socket_action.3: rewording
    CURLOPT_POSTFIELDS.3: Clarify what happens when set empty
    cmake: Fix build with winldap
    openssl: fix cert check with non-DNS name fields present
    curl.1: mention the units for the progress meter
    openssl: use more 'const' to fix build warnings with 1.1.0 branch
    cmake: now using BUILD_TESTING=ON/OFF
    vtls: Only call add/getsession if session id is enabled
    headers: forward declare CURL, CURLM and CURLSH as structs
    configure: improve detection of CA bundle path on FreeBSD
    SFTP: set a generic error when no SFTP one exists
    curl_global_init.3: expand on the SSL and WIN32 bits purpose
    conn: don't free easy handle data in handler->disconnect
    cookie.c: Fix misleading indentation
    library: Fix memory leaks found during static analysis
    CURLMOPT_SOCKETFUNCTION.3: fix typo
    curl_global_init: moved the "IPv6 works" check here
    connect: disable TFO on Linux when using SSL
    vauth: Fixed memory leak due to function returning without free
    winbuild: fix embedded manifest option
   2016-07-09 08:39:18 by Thomas Klausner | Files touched by this commit (1068) | Package updated
Log message:
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.
   2016-05-30 16:25:12 by Patrick Welche | Files touched by this commit (1)
Log message:
dist: include curl_multi_socket_all.3