./www/curl, Client that groks URLs

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 7.44.0, Package name: curl-7.44.0, Maintainer: pkgsrc-users

Curl is a command line tool for transferring files with URL syntax, supporting
FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. Curl supports
HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload,
proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate,
kerberos...), file transfer resume, proxy tunneling and a busload of other
useful tricks.


Required to run:
[devel/libidn]


Package options: gssapi, inet6, libidn

Master sites: (Expand)

SHA1: 879a186944e7b06e619a2eb07cef729b5702345c
RMD160: d7e4a2406c5fea9445c13e725dd421d7198389a6
Filesize: 3319.154 KB

Version history: (Expand)


CVS history: (Expand)


   2015-08-17 17:43:27 by Thomas Klausner | Files touched by this commit (6) | Package updated
Log message:
Update to 7.44.0:

Curl and libcurl 7.44.0

 Public curl releases:         148
 Command line options:         176
 curl_easy_setopt() options:   219
 Public functions in libcurl:  58
 Contributors:                 1291

This release includes the following changes:

 o http2: added CURLMOPT_PUSHFUNCTION and CURLMOPT_PUSHDATA [6]
 o examples: added http2-serverpush.c [7]
 o http2: added curl_pushheader_byname() and curl_pushheader_bynum()
 o docs: added CODE_OF_CONDUCT.md [8]
 o curl: Add --ssl-no-revoke to disable certificate revocation checks [5]
 o libcurl: New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS [9]
 o makefile: Added support for VC14
 o build: Added Visual Studio 2015 (VC14) project files
 o build: Added wolfSSL configurations to VC10+ project files [18]

This release includes the following bugfixes:

 o FTP: fix HTTP CONNECT logic regression [1]
 o openssl: Fix build with openssl < ~ 0.9.8f
 o openssl: fix build with BoringSSL
 o curl_easy_setopt.3: option order doesn't matter
 o openssl: fix use of uninitialized buffer [2]
 o RTSP: removed dead code
 o Makefile.m32: add support for CURL_LDFLAG_EXTRAS
 o curl: always provide negotiate/kerberos options
 o cookie: Fix bug in export if any-domain cookie is present
 o curl_easy_setopt.3: mention CURLOPT_PIPEWAIT
 o INSTALL: Advise use of non-native SSL for Windows <= XP
 o tool_help: fix --tlsv1 help text to use >= for TLSv1
 o HTTP: POSTFIELDSIZE set after added to multi handle [3]
 o SSL-PROBLEMS: mention WinSSL problems in WinXP
 o setup-vms.h: Symbol case fixups
 o SSL: Pinned public key hash support
 o libtest: call PR_Cleanup() on exit if NSPR is used
 o ntlm_wb: Fix theoretical memory leak
 o runtests: Allow for spaces in curl custom path
 o http2: add stream != NULL checks for reliability
 o schannel: Replace deprecated GetVersion with VerifyVersionInfo
 o http2: verify success of strchr() in http2_send()
 o configure: add --disable-rt option
 o openssl: work around MSVC warning
 o HTTP: ignore "Content-Encoding: compress"
 o configure: check if OpenSSL linking wants -ldl
 o build-openssl.bat: Show syntax if required args are missing
 o test1902: attempt to make the test more reliable
 o libcurl-thread.3: Consolidate thread safety info
 o maketgz: Fixed some VC makefiles missing from the release tarball
 o libcurl-multi.3: mention curl_multi_wait [10]
 o ABI doc: use secure URL
 o http: move HTTP/2 cleanup code off http_disconnect() [11]
 o libcurl-thread.3: Warn memory functions must be thread safe [12]
 o curl_global_init_mem.3: Warn threaded resolver needs thread safe funcs [13]
 o docs: formpost needs the full size at start of upload [14]
 o curl_gssapi: remove 'const' to fix compiler warnings
 o SSH: three state machine fixups [15]
 o libcurl.3: fix a single typo [16]
 o generate.bat: Only clean prerequisite files when in ALL mode
 o curl_slist_append.3: add error checking to the example
 o buildconf.bat: Added support for file clean-up via -clean
 o generate.bat: Use buildconf.bat for prerequisite file clean-up
 o NTLM: handle auth for only a single request [17]
 o curl_multi_remove_handle.3: fix formatting [19]
 o checksrc.bat: Fixed error when [directory] isn't a curl source directory
 o checksrc.bat: Fixed error when missing *.c and *.h files
 o CURLOPT_RESOLVE.3: Note removal support was added in 7.42 [20]
 o test46: update cookie expire time
 o SFTP: fix range request off-by-one in size check [21]
 o CMake: fix GSSAPI builds [22]
 o build: refer to fixed libidn versions [4]
 o http2: discard frames with no SessionHandle [23]
 o curl_easy_recv.3: fix formatting
 o libcurl-tutorial.3: fix formatting [24]
 o curl_formget.3: correct return code [25]
   2015-08-08 04:44:16 by S.P.Zeidler | Files touched by this commit (9)
Log message:
reanimate curl-7.43.0 and add the upstream fix for
http://curl.haxx.se/mail/lib-2015-06/0122.html found in
https://github.com/bagder/curl/commit/9 … 642214b094
   2015-07-01 01:00:21 by S.P.Zeidler | Files touched by this commit (7)
Log message:
rollback to previous version of curl. See
http://mail-index.netbsd.org/tech-pkg/2 … 15105.html
   2015-06-30 07:46:56 by S.P.Zeidler | Files touched by this commit (7) | Package updated
Log message:
update of curl to version 7.43.0. Upstream RELEASE_NOTES:

Curl and libcurl 7.43.0

 Public curl releases:         147
 Command line options:         176
 curl_easy_setopt() options:   219
 Public functions in libcurl:  58
 Contributors:                 1291

This release includes the following changes:

 o Added CURLOPT_PROXY_SERVICE_NAME[11]
 o Added CURLOPT_SERVICE_NAME[12]
 o New curl option: --proxy-service-name[13]
 o Mew curl option: --service-name [14]
 o New curl option: --data-raw [5]
 o Added CURLOPT_PIPEWAIT [15]
 o Added support for multiplexing transfers using HTTP/2, enable this
   with the new CURLPIPE_MULTIPLEX bit for CURLMOPT_PIPELINING [16]
 o HTTP/2: requires nghttp2 1.0.0 or later
 o scripts: add zsh.pl for generating zsh completion
 o curl.h: add CURL_HTTP_VERSION_2

This release includes the following bugfixes:

 o CVE-2015-3236: lingering HTTP credentials in connection re-use [30]
 o CVE-2015-3237: SMB send off unrelated memory contents [31]
 o nss: fix compilation failure with old versions of NSS [1]
 o curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION
 o schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error
 o Curl_ossl_init: load builtin modules [2]
 o configure: follow-up fix for krb5-config [3]
 o sasl_sspi: Populate domain from the realm in the challenge [4]
 o netrc: support 'default' token
 o README: convert to UTF-8
 o cyassl: Implement public key pinning
 o nss: implement public key pinning for NSS backend
 o mingw build: add arch -m32/-m64 to LDFLAGS
 o schannel: Fix out of bounds array [6]
 o configure: remove autogenerated files by autoconf
 o configure: remove --automake from libtoolize call
 o acinclude.m4: fix shell test for default CA cert bundle/path
 o schannel: fix regression in schannel_recv [7]
 o openssl: skip trace outputs for ssl_ver == 0 [8]
 o gnutls: properly retrieve certificate status
 o netrc: Read in text mode when cygwin [9]
 o winbuild: Document the option used to statically link the CRT [10]
 o FTP: Make EPSV use the control IP address rather than the original host
 o FTP: fix dangling conn->ip_addr dereference on verbose EPSV
 o conncache: keep bundles on host+port bases, not only host names
 o runtests.pl: use 'h2c' now, no -14 anymore
 o curlver: introducing new version number (checking) macros
 o openssl: boringssl build brekage, use SSL_CTX_set_msg_callback [17]
 o CURLOPT_POSTFIELDS.3: correct variable names [18]
 o curl_easy_unescape.3: update RFC reference [19]
 o gnutls: don't fail on non-fatal alerts during handshake
 o testcurl.pl: allow source to be in an arbitrary directory
 o CURLOPT_HTTPPROXYTUNNEL.3: only works with a HTTP proxy
 o SSPI-error: Change SEC_E_ILLEGAL_MESSAGE description [20]
 o parse_proxy: switch off tunneling if non-HTTP proxy [21]
 o share_init: fix OOM crash
 o perl: remove subdir, not touched in 9 years
 o CURLOPT_COOKIELIST.3: Add example
 o CURLOPT_COOKIE.3: Explain that the cookies won't be modified [22]
 o CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain [23]
 o FAQ: How do I port libcurl to my OS?
 o openssl: Use TLS_client_method for OpenSSL 1.1.0+
 o HTTP-NTLM: fail auth on connection close instead of looping [24]
 o curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT [25]
 o curl_getdate.3: update RFC reference
 o curl_multi_info_read.3: added example
 o curl_multi_perform.3: added example
 o curl_multi_timeout.3: added example
 o cookie: Stop exporting any-domain cookies [26]
 o openssl: remove dummy callback use from SSL_CTX_set_verify()
 o openssl: remove SSL_get_session()-using code
 o openssl: removed USERDATA_IN_PWD_CALLBACK kludge
 o openssl: removed error string #ifdef
 o openssl: Fix verification of server-sent legacy intermediates [27]
 o docs: man page indentation and syntax fixes
 o docs: Spelling fixes
 o fopen.c: fix a few compiler warnings
 o CURLOPT_OPENSOCKETFUNCTION: return error at once [28]
 o schannel: Add support for optional client certificates
 o build: Properly detect OpenSSL 1.0.2 when using configure
 o urldata: store POST size in state.infilesize too [29]
 o security:choose_mech remove dead code
 o rtsp_do: remove dead code
 o docs: many HTTP URIs changed to HTTPS
 o schannel: schannel_recv overhaul [32]

This release includes the following known bugs:

 o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

  Alessandro Ghedini, Alexander Dyagilev, Anders Bakken, Anthony Avina,
  Ashish Shukla, Bert Huijben, Brian Chrisman, Brian Prodoehl, Chris Araman,
  Dagobert Michelsen, Dan Fandrich, Daniel Melani, Daniel Stenberg,
  Dmitry Eremin-Solenikov, Drake Arconis, Egon Eckert, Frank Meier, Fred Stluka,
  Gisle Vanem, Grant Pannell, Isaac Boukris, Jens Rantil, Joel Depooter,
  Kamil Dudka, Linus Nielsen Feltzing, Linus Nielsen Feltzing Feltzing,
  Liviu Chircu, Marc Hoersken, Michael Osipov, Oren Souroujon, Orgad Shaneh,
  Patrick Monnerat, Patrick Rapin, Paul Howarth, Paul Oliver, Rafayel Mkrtchyan,
  Ray Satiro, Sean Boudreau, Tatsuhiro Tsujikawa, Tomas Tomecek, Viktor Szakáts,
  Ville Skyttä, Yehezkel Horowitz,
  (43 contributors)

        Thanks! (and sorry if I forgot to mention someone)

References to bug reports and discussions on issues:

 [1] = http://curl.haxx.se/mail/lib-2015-04/0095.html
 [2] = https://github.com/bagder/curl/pull/206
 [3] = \ 
https://github.com/bagder/curl/commit/5 … t-10473445
 [4] = https://github.com/bagder/curl/pull/141
 [5] = https://github.com/bagder/curl/issues/198
 [6] = http://curl.haxx.se/mail/lib-2015-04/0199.html
 [7] = https://github.com/bagder/curl/issues/244
 [8] = https://github.com/bagder/curl/issues/219
 [9] = https://github.com/bagder/curl/pull/258
 [10] = https://github.com/bagder/curl/issues/254
 [11] = http://curl.haxx.se/libcurl/c/CURLOPT_P … _NAME.html
 [12] = http://curl.haxx.se/libcurl/c/CURLOPT_SERVICE_NAME.html
 [13] = http://curl.haxx.se/docs/manpage.html#- … rvice-name
 [14] = http://curl.haxx.se/docs/manpage.html#--service-name
 [15] = http://curl.haxx.se/libcurl/c/CURLOPT_PIPEWAIT.html
 [16] = http://curl.haxx.se/libcurl/c/CURLMOPT_PIPELINING.html
 [17] = https://github.com/bagder/curl/issues/275
 [18] = https://github.com/bagder/curl/issues/281
 [19] = https://github.com/bagder/curl/issues/282
 [20] = https://github.com/bagder/curl/issues/267
 [21] = http://curl.haxx.se/mail/lib-2015-05/0056.html
 [22] = http://curl.haxx.se/mail/lib-2015-05/0115.html
 [23] = http://curl.haxx.se/mail/lib-2015-05/0137.html
 [24] = https://github.com/bagder/curl/issues/256
 [25] = https://github.com/bagder/curl/pull/258 … -107093055
 [26] = https://github.com/bagder/curl/issues/292
 [27] = \ 
https://rt.openssl.org/Ticket/Display.h … pass=guest
 [28] = http://curl.haxx.se/mail/lib-2015-06/0047.html
 [29] = http://curl.haxx.se/mail/lib-2015-06/0019.html
 [30] = http://curl.haxx.se/docs/adv_20150617A.html
 [31] = http://curl.haxx.se/docs/adv_20150617B.html
 [32] = https://github.com/bagder/curl/issues/244
   2015-06-12 12:52:19 by Thomas Klausner | Files touched by this commit (3152)
Log message:
Recursive PKGREVISION bump for all packages mentioning 'perl',
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
   2015-06-03 14:00:06 by Filip Hajny | Files touched by this commit (4) | Package updated
Log message:
Add optional support for HTTP/2 via www/nghttp2. Patch nghttp2 support
until the curl interface is updated in 7.43. Bump PKGREVISION.
   2015-05-03 12:11:55 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
Update to 7.42.1:

Version 7.42.1 (28 Apr 2015)

Daniel Stenberg (28 Apr 2015)
- RELEASE-NOTES: 7.42.1 ready

- CURLOPT_HEADEROPT: default to separate

  Make the HTTP headers separated by default for improved security and
  reduced risk for information leakage.

  Bug: http://curl.haxx.se/docs/adv_20150429.html
  Reported-by: Yehezkel Horowitz, Oren Souroujon

- RELEASE-NOTES: synced with a6e0270e

- sws: init http2 state properly

  It would otherwise cause problems when running tests after 1801 etc.

- curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION

  ... as it was previouly undocumented what the pointer was.

- openssl: fix serial number output

  The code extracting the cert serial number was broken and didn't display
  it properly.

  Bug: https://github.com/bagder/curl/issues/235
  Reported-by: dkjjr89

- [Alessandro Ghedini brought this change]

  curl.1: fix typo

- RELEASE-NOTES: toward 7.42.1, synced with 097460a

- [Kamil Dudka brought this change]

  curl -z: do not write empty file on unmet condition

  This commit fixes a regression introduced in curl-7_41_0-186-g261a0fe.
  It also introduces a regression test 1424 based on tests 78 and 1423.

  Reported-by: Viktor Szakats
  Bug: https://github.com/bagder/curl/issues/237

- [Kamil Dudka brought this change]

  docs: distribute the CURLOPT_PINNEDPUBLICKEY(3) man page, too

- connectionexists: follow-up to fd9d3a1ef1f

  PROTOPT_CREDSPERREQUEST still needs to be checked even when NTLM is not
  enabled.

  Mistake-caught-by: Kamil Dudka

- connectionexists: fix build without NTLM

  Do not access NTLM-specific struct fields when built without NTLM
  enabled!

  bug: http://curl.haxx.se/?i=231
  Reported-by: Patrick Rapin

- dist: include {src,lib}/checksrc.whitelist
   2015-04-22 16:35:21 by Jonathan Perkin | Files touched by this commit (4) | Package updated
Log message:
Update to curl-7.42.0.

This release includes the following changes:

 o openssl: show the cipher selection to use in verbose text
 o gtls: implement CURLOPT_CERTINFO
 o add CURLOPT_SSL_FALSESTART option (darwinssl and NSS)
 o curl: add --false-start option
 o add CURLOPT_PATH_AS_IS
 o curl: add --path-as-is option
 o curl: create output file on successful download of an empty file

This release includes the following bugfixes:

 o ConnectionExists: for NTLM re-use, require credentials to match
 o cookie: cookie parser out of boundary memory access
 o fix_hostname: zero length host name caused -1 index offset
 o http_done: close Negotiate connections when done
 o sws: timeout idle CONNECT connections
 o nss: improve error handling in Curl_nss_random()
 o nss: do not skip Curl_nss_seed() if data is NULL
 o curl-config.in: eliminate double quotes around CURL_CA_BUNDLE
 o http2: move lots of verbose output to be debug-only
 o dist: add extern-scan.pl to the tarball
 o http2: return recv error on unexpected EOF
 o build: Use default RandomizedBaseAddress directive in VC9+ project files
 o build: Removed DataExecutionPrevention directive from VC9+ project files
 o tool: Updated the warnf() function to use the GlobalConfig structure
 o http2: Return error if stream was closed with other than NO_ERROR
 o mprintf.h: remove #ifdef CURLDEBUG
 o libtest: fixed linker errors on msvc
 o tool: use ENABLE_CURLX_PRINTF instead of _MPRINTF_REPLACE
 o curl.1: fix "The the" typo
 o cmake: handle build definitions CURLDEBUG/DEBUGBUILD
 o openssl: remove all uses of USE_SSLEAY
 o multi: fix memory-leak on timeout (regression)
 o curl_easy_setopt.3: added CURLOPT_SSL_VERIFYSTATUS
 o metalink: add some error checks
 o TLS: make it possible to enable ALPN/NPN without HTTP/2
 o http2: use CURL_HTTP_VERSION_* symbols instead of NPN_*
 o conncontrol: only log changes to the connection bit
 o multi: fix *getsock() with CONNECT
 o symbols.pl: handle '-' in the deprecated field
 o MacOSX-Framework: use @rpath instead of @executable_path
 o GnuTLS: add support for CURLOPT_CAPATH
 o GnuTLS: print negotiated TLS version and full cipher suite name
 o GnuTLS: don't print double newline after certificate dates
 o memanalyze.pl: handle free(NULL)
 o proxy: re-use proxy connections (regression)
 o mk-ca-bundle: Don't report SHA1 numbers with "-q"
 o http: always send Host: header as first header
 o openssl: sort ciphers to use based on strength
 o openssl: use colons properly in the ciphers list
 o http2: detect premature close without data transfered
 o hostip: Fix signal race in Curl_resolv_timeout
 o closesocket: call multi socket cb on close even with custom close
 o mksymbolsmanpage.pl: use std header and generate better nroff header
 o connect: Fix happy eyeballs logic for IPv4-only builds
 o curl_easy_perform.3: remove superfluous close brace from example
 o HTTP: don't use Expect: headers when on HTTP/2
 o Curl_sh_entry: remove unused 'timestamp'
 o docs/libcurl: makefile portability fix
 o mkhelp: Remove trailing carriage return from every line of input
 o nss: explicitly tell NSS to disable NPN/ALPN when libcurl disables it
 o curl_easy_setopt.3: added a few missing options
 o metalink: fix resource leak in OOM
 o axtls: version 1.5.2 now requires that config.h be manually included
 o HTTP: don't switch to HTTP/2 from 1.1 until we get the 101
 o cyassl: detect the library as renamed wolfssl
 o CURLOPT_HTTPHEADER.3: add a "SECURITY CONCERNS" section
 o CURLOPT_URL.3: Added "SECURITY CONCERNS
 o openssl: try to avoid accessing OCSP structs when possible
 o test938: added missing closing tags
 o testcurl: Allow '=' in values given on command line
 o tests/certs: added make target to rebuild certificates
 o tests/certs: rebuild certificates with modified key usage bits
 o gtls: avoid uninitialized variable
 o gtls: dereferencing NULL pointer
 o gtls: add check of return code
 o test1513: eliminated race condition in test run
 o dict: rename byte to avoid compiler shadowed declaration warning
 o curl_easy_recv/send: make them work with the multi interface
 o vtls: fix compile with --disable-crypto-auth but with SSL
 o openssl: adapt to ASN1/X509 things gone opaque in 1.1
 o openssl: verifystatus: only use the OCSP work-around <= 1.0.2a
 o curl_memory: make curl_memory.h the second-last header file loaded
 o testcurl.pl: add the --notes option to supply more info about a build
 o cyassl: If wolfSSL then identify as such in version string
 o cyassl: Check for invalid length parameter in Curl_cyassl_random
 o cyassl: default to highest possible TLS version
 o Curl_ssl_md5sum: return CURLcode (fixes OOM)
 o polarssl: remove dead code
 o polarssl: called mbedTLS in 1.3.10 and later
 o globbing: fix step parsing for character globbing ranges
 o globbing: fix url number calculation when using range with step
 o multi: on a request completion, check all CONNECT_PEND transfers
 o build: link curl to openssl libraries when openssl support is enabled
 o url: Don't accept CURLOPT_SSLVERSION unless USE_SSL is defined
 o vtls: Don't accept unknown CURLOPT_SSLVERSION values
 o build: Fix libcurl.sln erroneous mixed configurations
 o cyassl: remove undefined reference to CyaSSL_no_filesystem_verify
 o cyassl: add SSL context callback support for CyaSSL
 o tool: only set SSL options if SSL is enabled
 o multi: remove_handle: move pending connections
 o configure: Use KRB5CONFIG for krb5-config
 o axtls: add timeout within Curl_axtls_connect
 o CURLOPT_HTTP200ALIASES.3: Mainly SHOUTcast servers use "ICY 200"
 o cyassl: Fix library initialization return value
 o cookie: handle spaces after the name in Set-Cookie
 o http2: Fix missing nghttp2_session_send call in Curl_http2_switched
 o cyassl: Fix certificate load check
 o build-openssl.bat: Fix mixed line endings
 o checksrc.bat: Check lib\vtls source
 o DNS: fix refreshing of obsolete dns cache entries
 o CURLOPT_RESOLVE: actually implement removals
 o checksrc.bat: quotes to support an SRC_DIR with spaces
 o cyassl: Remove 'Connecting to' message from cyassl_connect_step2
 o cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size
 o lib/transfer.c: Remove factor of 8 from sleep time calculation
 o lib/makefile.m32: add missing libs to build libcurl.dll
 o build: Generate source prerequisites for Visual Studio in generate.bat
 o cyassl: Include the CyaSSL build config
 o firefox-db2pem: fix wildcard to find Firefox default profile
 o BUGS: refer to the github issue tracker now as primary
 o vtls_openssl: improve several certificate error messages
 o cyassl: Add support for TLS extension SNI
 o parsecfg: do not continue past a zero termination
 o configure --with-nss=PATH: query pkg-config if available
 o configure --with-nss: drop redundant if statement
 o cyassl: Fix include order
 o HTTP: fix PUT regression with Negotiate
 o curl_version_info.3: fixed the 'protocols' variable type