./www/curl, Client that groks URLs

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 7.50.3, Package name: curl-7.50.3, Maintainer: pkgsrc-users

Curl is a command line tool for transferring files with URL syntax, supporting
HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload,
proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate,
kerberos...), file transfer resume, proxy tunneling and a busload of other
useful tricks.

Required to run:

Package options: gssapi, inet6, libidn

Master sites:

SHA1: 18ae1e5429d5bcf9a35832eda5b4762a1041f715
RMD160: 15db3008862eff79fa7ed472f26054a615a93177
Filesize: 7303.118 KB

Version history: (Expand)

CVS history: (Expand)

   2016-09-14 09:12:12 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
Updated curl to 7.50.3.

Curl and libcurl 7.50.3

This release includes the following bugfixes:

 o CVE-2016-7167: escape and unescape integer overflows [8]
 o mk-ca-bundle.pl: use SHA256 instead of SHA1
 o checksrc: detect strtok() use
 o errors: new alias CURLE_WEIRD_SERVER_REPLY [1]
 o http2: support > 64bit sized uploads [2]
 o openssl: fix bad memory free (regression) [3]
 o CMake: hide private library symbols [4]
 o http: refuse to pass on response body with NO_NODY was set [5]
 o cmake: fix curl-config --static-libs [6]
 o mbedtls: switch off NTLM in build if md4 isn't available [7]
 o curl: --create-dirs on windows groks both forward and backward slashes [9]
   2016-09-07 09:55:51 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
Fixed in 7.50.2 - September 7 2016

mbedtls: Added support for NTLM
SSH: fixed SFTP/SCP transfer problems
multi: make Curl_expire() work with 0 ms timeouts
mk-ca-bundle.pl: -m keeps ca cert meta data in output
TFTP: Fix upload problem with piped input
CURLOPT_TCP_NODELAY: now enabled by default
mbedtls: set verbose TLS debug when MBEDTLS_DEBUG is defined
http2: always wait for readable socket
cmake: Enable win32 large file support by default
cmake: Enable win32 threaded resolver by default
winbuild: Avoid setting redundant CFLAGS to compile commands
curl.h: make CURL_NO_OLDIES define CURL_STRICTER
docs: make more markdown files use .md extension
docs: CONTRIBUTE and LICENSE-MIXING were converted to markdown
winbuild: Allow changing C compiler via environment variable CC
rtsp: accept any RTSP session id
HTTP: retry failed HEAD requests on reused connections too
configure: add zlib search with pkg-config
openssl: accept subjectAltName iPAddress if no dNSName match
MANUAL: Remove invalid link to LDAP documentation
socks: improved connection procedure
proxy: reject attempts to use unsupported proxy schemes
proxy: bring back use of "Proxy-Connection:"
curl: allow "pkcs11:" prefix for client certificates
spnego_sspi: fix memory leak in case *outlen is zero
SOCKS: improve verbose output of SOCKS5 connection sequence
SOCKS: display the hostname returned by the SOCKS5 proxy server
http/sasl: Query authentication mechanism supported by SSPI before using
sasl: Don't use GSSAPI authentication when domain name not specified
win: Basic support for Universal Windows Platform apps
nss: fix incorrect use of a previously loaded certificate from file
nss: work around race condition in PK11_FindSlotByName()
ftp: fix wrong poll on the secondary socket
openssl: build warning-free with 1.1.0 (again)
HTTP: stop parsing headers when switching to unknown protocols
test219: Add http as a required feature
TLS: random file/egd doesn't have to match for conn reuse
schannel: Disable ALPN for Wine since it is causing problems
http2: make sure stream errors don't needlessly close the connection
http2: return CURLE_HTTP2_STREAM for unexpected stream close
darwinssl: --cainfo is intended for backward compatibility only
speed caps: not based on average speeds anymore
configure: make the cpp -P detection not clobber CPPFLAGS
http2: use named define instead of magic constant in read callback
http2: skip the content-length parsing, detect unknown size
http2: return EOF when done uploading without known size
darwinssl: test for errSecSuccess in PKCS12 import rather than noErr
   2016-08-03 10:57:51 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
Updated curl to 7.50.1.


    TLS: switch off SSL session id when client cert is used
    TLS: only reuse connections with the same client cert
    curl_multi_cleanup: clear connection pointer for easy handles
    include the CURLINFO_HTTP_VERSION man page into the release tarball
    include the http2-server.pl script in the release tarball
    test558: fix test by stripping file paths from FD lines
    spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration
    tests: Fix for http/2 feature
    cmake: Fix for schannel support
    curl.h: make public types void * again
    win32: fix a potential memory leak in Curl_load_library
    travis: fix OSX build by re-installing libtool
    mbedtls: Fix debug function name
   2016-07-24 20:38:34 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
Updated curl to 7.50.0.

 Fixed in 7.50.0 - July 21 2016


    http: add CURLINFO_HTTP_VERSION and %{http_version}


    memdebug: fix MSVC crash with -DMEMDEBUG_LOG_SYNC
    openssl: fix build with OPENSSL_NO_COMP
    mbedtls: removed unused variables
    cmake: Added missing mbedTLS support
    URL parser: allow URLs to use one, two or three slashes
    curl: fix -q [regression]
    openssl: Use correct buffer sizes for error messages
    curl: fix SIGSEGV while parsing URL with too many globs
    schannel: add CURLOPT_CERTINFO support
    vtls: fix ssl session cache race condition
    http: Fix HTTP/2 connection reuse [regression]
    checksrc: Add LoadLibrary to the banned functions list
    schannel: Disable ALPN on Windows < 8.1
    configure: occasional ignorance of --enable-symbol-hiding with GCC
    http2: test17xx are the first real HTTP/2 tests
    resolve: add support for IPv6 DNS64/NAT64 Networks on OS X + iOS
    curl_multi_socket_action.3: rewording
    CURLOPT_POSTFIELDS.3: Clarify what happens when set empty
    cmake: Fix build with winldap
    openssl: fix cert check with non-DNS name fields present
    curl.1: mention the units for the progress meter
    openssl: use more 'const' to fix build warnings with 1.1.0 branch
    cmake: now using BUILD_TESTING=ON/OFF
    vtls: Only call add/getsession if session id is enabled
    headers: forward declare CURL, CURLM and CURLSH as structs
    configure: improve detection of CA bundle path on FreeBSD
    SFTP: set a generic error when no SFTP one exists
    curl_global_init.3: expand on the SSL and WIN32 bits purpose
    conn: don't free easy handle data in handler->disconnect
    cookie.c: Fix misleading indentation
    library: Fix memory leaks found during static analysis
    curl_global_init: moved the "IPv6 works" check here
    connect: disable TFO on Linux when using SSL
    vauth: Fixed memory leak due to function returning without free
    winbuild: fix embedded manifest option
   2016-07-09 08:39:18 by Thomas Klausner | Files touched by this commit (1068) | Package updated
Log message:
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.
   2016-05-30 16:25:12 by Patrick Welche | Files touched by this commit (1)
Log message:
dist: include curl_multi_socket_all.3
   2016-05-30 13:42:19 by John Klos | Files touched by this commit (2) | Package updated
Log message:
Update curl to 7.49.1.


Windows: prevent DLL hijacking, CVE-2016-4802
dist: include manpage-scan.pl, nroff-scan.pl and CHECKSRC.md
schannel: fix compile break with MSVC XP toolset
curlbuild.h.dist: check __LP64__ as well to fix MIPS build
dist: include curl_multi_socket_all.3
http2: use HTTP/2 in the HTTP/1.1-alike response
openssl: ERR_remove_thread_state() is deprecated in latest 1.1.0
CURLOPT_CONNECT_TO.3: user must not free the list prematurely
libcurl.m4: Avoid obsolete warning
winbuild/Makefile.vc: Fix check on SSL, MBEDTLS, WINSSL exclusivity
curl_multibyte: fix compiler error
openssl: cleanup must free compression methods (memory leak)
mbedtls: fix includes so snprintf() works
checksrc.pl: Added variants of strcat() & strncat() to banned function list
contributors.sh: better grep pattern and show GitHub username
ssh: fix build for libssh2 before 1.2.6
curl_share_setopt.3: Add min ver needed for ssl session lock
   2016-05-29 22:37:34 by Thomas Klausner | Files touched by this commit (4) | Package updated
Log message:
Updated curl to 7.49.0.

 Fixed in 7.49.0 - May 18 2016


    schannel: Add ALPN support
    SSH: new CURLOPT_QUOTE command "statvfs"
    wolfssl: Add ALPN support
    http2: added --http2-prior-knowledge
    libcurl: added CURLOPT_CONNECT_TO
    curl: added --connect-to
    libcurl: added CURLOPT_TCP_FASTOPEN
    curl: added --tcp-fastopen
    curl: remove support for --ftpport, -http-request and --socks


    CVE-2016-3739: TLS certificate check bypass with mbedTLS/PolarSSL
    checksrc.bat: Updated the help to be consistent with generate.bat
    checksrc.bat: Added support for scanning the tests and examples
    openssl: fix ERR_remove_thread_state() for boringssl/libressl
    openssl: boringssl provides the same numbering as openssl
    multi: fix "Operation timed out after" timer
    url: don't use bad offset in tld_check_name to show error
    sshserver.pl: use quotes for given options
    Makefile.am: skip the scripts dir
    curl: warn for --capath use if not supported by libcurl
    http2: fix connection reuse
    GSS: make Curl_gss_log_error more verbose
    build-wolfssl: Allow a broader range of ciphers (Visual Studio)
    wolfssl: Use ECC supported curves extension
    openssl: Fix compilation warnings
    Curl_add_buffer_send: avoid possible NULL dereference
    SOCKS5_gssapi_negotiate: don't assume little-endian ints
    strerror: don't bit shift a signed integer
    url: Corrected get protocol family for FTP and LDAP
    curl/mprintf.h: remove support for _MPRINTF_REPLACE
    upload: missing rewind call could make libcurl hang
    IMAP: check pointer before dereferencing it
    build: Changed the Visual Studio projects warning level from 3 to 4
    checksrc: now stricter, wider checks, code cleaned up
    checksrc: added docs/CHECKSRC.md
    curl_sasl: Fixed potential null pointer utilisation
    krb5: Fixed missing client response when mutual authentication enabled
    krb5: Only process challenge when present
    krb5: Only generate a SPN when its not known
    formdata: use appropriate fopen() macros
    curl.1: -w filename_effective was introduced in 7.26.0
    http2: make use of the nghttp2 error callback
    http2: fix connection reuse when PING comes after last DATA
    curl.1: change example for -F
    HTTP2: Add a space character after the status code
    curl.1: use example.com more
    mbedtls.c: changed private prefix to mbed_
    mbedtls: implement and provide *_data_pending() to avoid hang
    mbedtls: fix MBEDTLS_DEBUG builds
    ftp/imap/pop3/smtp: Allow the service name to be overridden
    build: include scripts/ in the dist
    http2: Add handling stream level error
    http2: Improve header parsing
    makefile.vc6: use d suffix on debug object
    configure: remove check for libresolve
    scripts/make: use $(EXEEXT) for executables
    checksrc: got rid of the whitelist files
    sendf: added ability to call recv() before send() as workaround
    NTLM: check for NULL pointer before dereferencing
    openssl: builds with OpenSSL 1.1.0-pre5
    configure: ac_cv_ -> curl_cv_ for all cached vars
    winbuild: add mbedtls support
    curl: make --ftp-create-dirs retry on failure
    PolarSSL: implement public key pinning
    multi: accidentally used resolved host name instead of proxy
    CURLINFO_TLS_SESSION.3: clarify TLS library support before 7.48.0
    CONNECT_ONLY: don't close connection on GSS 401/407 reponses
    opts: Fix some syntax errors in example code fragments
    mbedtls: Fix session resume
    test1139: verifies libcurl option man page presence
    CURLINFO_TLS_SSL_PTR.3: Clarify SSL pointer availability
    curl: make --disable work as long form of -q
    curl: use --telnet-option as documented
    curl.1: document --ftp-ssl-reqd, --krb4 and --ntlm-wb
    curl: -h output lacked --proxy-header and --ntlm-wb
    curl -J: make it work even without http:// scheme on URL
    lib: include curl_printf.h as one of the last headers
    tests: handle path properly on Msys/Cygwin
    curl.1: --mail-rcpt can be used multiple times
    docs: fixed lots of broken man page references
    tls: make setting pinnedkey option fail if not supported
    test1140: run nroff-scan to verify man pages
    http: make sure a blank header overrides accept_decoding
    connections: do not reuse non-HTTP proxies on different ports
    connect: fix invalid "Network is unreachable" errors
    TLS: move the ALPN/NPN enable bits to the connection
    TLS: SSL_peek is not a const operation
    http2: Add space between colon and header value
    darwinssl: fix certificate verification disable on OS X 10.8
    mprintf: Fix processing of width and prec args
    ftp wildcard: segfault due to init only in multi_perform