./www/curl, Client that groks URLs

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 7.52.1nb1, Package name: curl-7.52.1nb1, Maintainer: pkgsrc-users

Curl is a command line tool for transferring files with URL syntax, supporting
HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload,
proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate,
kerberos...), file transfer resume, proxy tunneling and a busload of other
useful tricks.

Required to run:

Required to build:

Package options: gssapi, inet6, libidn

Master sites:

SHA1: aa9f2300096d806c68c7ba8c50771853d1b43eb4
RMD160: fa55d67d8a075a49fa3d777bb6c692598886d1f1
Filesize: 2539.527 KB

Version history: (Expand)

CVS history: (Expand)

   2017-01-01 17:06:40 by Adam Ciarcinski | Files touched by this commit (616) | Package updated
Log message:
Revbump after boost update
   2016-12-31 09:31:18 by Jonathan Perkin | Files touched by this commit (1)
Log message:
pkg-config is required when building against nghttp2.
   2016-12-23 10:46:27 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
Updated curl to 7.52.1. Security update.

 Fixed in 7.52.1


    CVE-2016-9594: unititialized random
    lib557: fix checksrc warnings
    lib: fix MSVC compiler warnings
    lib557.c: use a shorter MAXIMIZE representation
    tests: run checksrc on debug builds
   2016-12-21 11:07:37 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
Updated curl to 7.52.0. Security fixes.

Version 7.52.0 (20 Dec 2016)


    nss: map CURL_SSLVERSION_DEFAULT to NSS default
    vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3
    curl: introduce the --tlsv1.3 option to force TLS 1.3
    curl: Add --retry-connrefused
    proxy: Support HTTPS proxy and SOCKS+HTTP(s)
    curl: add --fail-early


    CVE-2016-9586: printf floating point buffer overflow
    CVE-2016-9952: Win CE schannel cert wildcard matches too much
    CVE-2016-9953: Win CE schannel cert name out of buffer read
    msvc: removed a straggling reference to strequal.c
    winbuild: remove strcase.obj from curl build
    examples: bugfixed multi-uv.c
    configure: verify that compiler groks -Werror=partial-availability
    mbedtls: fix build with mbedtls versions < 2.4.0
    dist: add unit test CMakeLists.txt to the tarball
    curl -w: added more decimal digits to timing counters
    easy: Initialize info variables on easy init and duphandle
    cmake: disable poll for macOS
    http2: Don't send header fields prohibited by HTTP/2 spec
    ssh: check md5 fingerprints case insensitively (regression)
    openssl: initial TLS 1.3 adaptions
    curl_formadd.3: *_FILECONTENT and *_FILE need the file to be kept
    printf: fix ".*f" handling
    examples/fileupload.c: fclose the file as well
    SPNEGO: Fix memory leak when authentication fails
    realloc: use Curl_saferealloc to avoid common mistakes
    openssl: make sure to fail in the unlikely event that PRNG seeding fails
    URL-parser: for file://[host]/ URLs, the [host] must be localhost
    timeval: prefer time_t to hold seconds instead of long
    Curl_rand: fixed and moved to rand.c
    glob: fix [a-c] globbing regression
    darwinssl: fix SSL client certificate not found on MacOS Sierra
    curl.1: Clarify --dump-header only writes received headers
    http2: Fix address sanitizer memcpy warning
    http2: Use huge HTTP/2 windows
    connects: Don't mix unix domain sockets with regular ones
    url: Fix conn reuse for local ports and interfaces
    x509: Limit ASN.1 structure sizes to 256K
    checksrc: add more checks
    winbuild: add config option ENABLE_NGHTTP2
    http2: check nghttp2_session_set_local_window_size exists
    http2: Fix crashes when parent stream gets aborted
    CURLOPT_CONNECT_TO: Skip non-matching "connect-to" entries
    URL parser: reject non-numerical port numbers
    CONNECT: reject TE or CL in 2xx responses
    CONNECT: read responses one byte at a time
    curl: support zero-length argument strings in config files
    openssl: don't use OpenSSL's ERR_PACK
    curl.1: generated with the new man page system
    curl_easy_recv: Improve documentation and example program
    Curl_getconnectinfo: avoid checking if the connection is closed
    CIPHERS.md: attempt to document TLS cipher names
   2016-11-02 08:09:39 by Maya Rashish | Files touched by this commit (4) | Package updated
Log message:
curl: update to 7.51.0. security fix

Curl and libcurl 7.51.0

 Public curl releases:         160
 Command line options:         185
 curl_easy_setopt() options:   225
 Public functions in libcurl:  61
 Contributors:                 1467

This release includes the following changes:

 o nss: additional cipher suites are now accepted by CURLOPT_SSL_CIPHER_LIST

This release includes the following bugfixes:

 o CVE-2016-8615: cookie injection for other servers [28]
 o CVE-2016-8616: case insensitive password comparison [29]
 o CVE-2016-8617: OOB write via unchecked multiplication [30]
 o CVE-2016-8618: double-free in curl_maprintf [31]
 o CVE-2016-8619: double-free in krb5 code [32]
 o CVE-2016-8620: glob parser write/read out of bounds [33]
 o CVE-2016-8621: curl_getdate read out of bounds [34]
 o CVE-2016-8622: URL unescape heap overflow via integer truncation [35]
 o CVE-2016-8623: Use-after-free via shared cookies [36]
 o CVE-2016-8624: invalid URL parsing with '#' [37]
 o CVE-2016-8625: IDNA 2003 makes curl use wrong host [38]
 o openssl: fix per-thread memory leak using 1.0.1 or 1.0.2 [1]
 o http: accept "Transfer-Encoding: chunked" for HTTP/2 as well [2]
 o LICENSE-MIXING.md: update with mbedTLS dual licensing [3]
 o examples/imap-append: Set size of data to be uploaded [4]
 o test2048: fix url
 o darwinssl: disable RC4 cipher-suite support
 o openssl: don’t call CRYTPO_cleanup_all_ex_data [5]
 o libressl: fix version output [6]
 o easy: Reset all statistical session info in curl_easy_reset [7]
 o curl_global_cleanup.3: don't unload the lib with sub threads running [8]
 o dist: add CurlSymbolHiding.cmake to the tarball
 o docs: Remove that --proto is just used for initial retrieval [9]
 o configure: Fixed builds with libssh2 in a custom location
 o curl.1: --trace supports % for sending to stderr!
 o cookies: same domain handling changed to match browser behavior [11]
 o formpost: trying to attach a directory no longer crashes [12]
 o CURLOPT_DEBUGFUNCTION.3: fixed unused argument warning [13]
 o formpost: avoid silent snprintf() truncation
 o ftp: fix Curl_ftpsendf
 o mprintf: return error on too many arguments
 o smb: properly check incoming packet boundaries [14]
 o GIT-INFO: remove the Mac 10.1-specific details [15]
 o resolve: add error message when resolving using SIGALRM [16]
 o cmake: add nghttp2 support [17]
 o dist: remove PDF and HTML converted docs from the releases [18]
 o configure: disable poll() in macOS builds [19]
 o vtls: only re-use session-ids using the same scheme
 o pipelining: skip to-be-closed connections when pipelining [20]
 o win: fix Universal Windows Platform build [21]
 o curl: do not set CURLOPT_SSLENGINE to DEFAULT automatically [22]
 o maketgz: make it support "only" generating version info
 o Curl_socket_check: add extra check to avoid integer overflow
 o gopher: properly return error for poll failures
 o curl: set INTERLEAVEDATA too
 o polarssl: clear thread array at init
 o polarssl: fix unaligned SSL session-id lock
 o polarssl: reduce #ifdef madness with a macro
 o curl_multi_add_handle: set timeouts in closure handles [23]
 o configure: set min version flags for builds on mac [24]
 o INSTALL: converted to markdown => INSTALL.md
 o curl_multi_remove_handle: fix a double-free [25]
 o multi: fix inifinte loop in curl_multi_cleanup() [26]
 o nss: fix tight loop in non-blocking TLS handhsake over proxy [27]
 o mk-ca-bundle: Change URL retrieval to HTTPS-only by default [39]
 o mbedtls: stop using deprecated include file [40]
 o docs: fix req->data in multi-uv example [41]
 o configure: Fix test syntax for monotonic clock_gettime
 o CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2 [42]

This release includes the following known bugs:

 o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

  Akshay Vernekar, Alexander Sinditskiy, Anders Bakken, Andreas Streichardt,
  Andrei Sedoi, Bernard Spil, Christian Heimes, Dan Fandrich,
  Daniel Gustafsson, Daniel Stenberg, Darío Hereñú, David Woodhouse,
  Fernando Muñoz, Gregory Szorc, Jeroen Ooms, Kamil Dudka, Luật Nguyễn,
  lukaszgn on github, Marcel Raad, Martin Frodl, Martin Storsjö,
  Michael Kaufmann, Michael Osipov, Miloš Ljumović, Nick Zitzmann,
  nopjmp on github, Paul Joyce, Rainer Müller, Ray Satiro, Remo E,
  Rider Linden, Sebastian Mundry, Sergei Kuzmin, Stephen Brokenshire,
  Tobias Stoeckmann, Toby Peterson, Todd Short, Tony Kelman, Torben Dannhauer,
  Valentin David,
  (40 contributors)

        Thanks! (and sorry if I forgot to mention someone)

References to bug reports and discussions on issues:

 [1] = https://curl.haxx.se/bug/?i=964
 [2] = https://curl.haxx.se/bug/?i=1013
 [3] = https://curl.haxx.se/bug/?i=1019
 [4] = https://curl.haxx.se/bug/?i=1011
 [5] = https://curl.haxx.se/mail/lib-2016-09/0045.html
 [6] = https://curl.haxx.se/bug/?i=1029
 [7] = https://curl.haxx.se/bug/?i=1017
 [8] = https://curl.haxx.se/bug/?i=997
 [9] = https://curl.haxx.se/bug/?i=1031
 [10] = https://curl.haxx.se/libcurl/c/CURLOPT_ … ERROR.html
 [11] = https://curl.haxx.se/bug/?i=1050
 [12] = https://curl.haxx.se/bug/?i=1053
 [13] = https://curl.haxx.se/bug/?i=1056
 [14] = https://curl.haxx.se/bug/?i=1052
 [15] = https://curl.haxx.se/bug/?i=1049
 [16] = https://curl.haxx.se/bug/?i=1066
 [17] = https://curl.haxx.se/bug/?i=922
 [18] = https://curl.haxx.se/mail/lib-2016-10/0040.html
 [19] = https://curl.haxx.se/bug/?i=1057
 [20] = https://curl.haxx.se/bug/?i=1075
 [21] = https://curl.haxx.se/bug/?i=1048
 [22] = https://curl.haxx.se/bug/?i=1042
 [23] = https://curl.haxx.se/bug/?i=739
 [24] = https://curl.haxx.se/bug/?i=1069
 [25] = https://curl.haxx.se/bug/?i=1083
 [26] = https://curl.haxx.se/mail/lib-2016-10/0011.html
 [27] = https://bugzilla.redhat.com/1388162
 [28] = https://curl.haxx.se/docs/adv_20161102A.html
 [29] = https://curl.haxx.se/docs/adv_20161102B.html
 [30] = https://curl.haxx.se/docs/adv_20161102C.html
 [31] = https://curl.haxx.se/docs/adv_20161102D.html
 [32] = https://curl.haxx.se/docs/adv_20161102E.html
 [33] = https://curl.haxx.se/docs/adv_20161102F.html
 [34] = https://curl.haxx.se/docs/adv_20161102G.html
 [35] = https://curl.haxx.se/docs/adv_20161102H.html
 [36] = https://curl.haxx.se/docs/adv_20161102I.html
 [37] = https://curl.haxx.se/docs/adv_20161102J.html
 [38] = https://curl.haxx.se/docs/adv_20161102K.html
 [39] = https://curl.haxx.se/bug/?i=1012
 [40] = https://curl.haxx.se/bug/?i=1087
 [41] = https://curl.haxx.se/bug/?i=1088
 [42] = https://curl.haxx.se/bug/?i=1059
   2016-10-07 20:26:14 by Adam Ciarcinski | Files touched by this commit (611) | Package updated
Log message:
Revbump post boost update
   2016-09-14 09:12:12 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
Updated curl to 7.50.3.

Curl and libcurl 7.50.3

This release includes the following bugfixes:

 o CVE-2016-7167: escape and unescape integer overflows [8]
 o mk-ca-bundle.pl: use SHA256 instead of SHA1
 o checksrc: detect strtok() use
 o errors: new alias CURLE_WEIRD_SERVER_REPLY [1]
 o http2: support > 64bit sized uploads [2]
 o openssl: fix bad memory free (regression) [3]
 o CMake: hide private library symbols [4]
 o http: refuse to pass on response body with NO_NODY was set [5]
 o cmake: fix curl-config --static-libs [6]
 o mbedtls: switch off NTLM in build if md4 isn't available [7]
 o curl: --create-dirs on windows groks both forward and backward slashes [9]
   2016-09-07 09:55:51 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
Fixed in 7.50.2 - September 7 2016

mbedtls: Added support for NTLM
SSH: fixed SFTP/SCP transfer problems
multi: make Curl_expire() work with 0 ms timeouts
mk-ca-bundle.pl: -m keeps ca cert meta data in output
TFTP: Fix upload problem with piped input
CURLOPT_TCP_NODELAY: now enabled by default
mbedtls: set verbose TLS debug when MBEDTLS_DEBUG is defined
http2: always wait for readable socket
cmake: Enable win32 large file support by default
cmake: Enable win32 threaded resolver by default
winbuild: Avoid setting redundant CFLAGS to compile commands
curl.h: make CURL_NO_OLDIES define CURL_STRICTER
docs: make more markdown files use .md extension
docs: CONTRIBUTE and LICENSE-MIXING were converted to markdown
winbuild: Allow changing C compiler via environment variable CC
rtsp: accept any RTSP session id
HTTP: retry failed HEAD requests on reused connections too
configure: add zlib search with pkg-config
openssl: accept subjectAltName iPAddress if no dNSName match
MANUAL: Remove invalid link to LDAP documentation
socks: improved connection procedure
proxy: reject attempts to use unsupported proxy schemes
proxy: bring back use of "Proxy-Connection:"
curl: allow "pkcs11:" prefix for client certificates
spnego_sspi: fix memory leak in case *outlen is zero
SOCKS: improve verbose output of SOCKS5 connection sequence
SOCKS: display the hostname returned by the SOCKS5 proxy server
http/sasl: Query authentication mechanism supported by SSPI before using
sasl: Don't use GSSAPI authentication when domain name not specified
win: Basic support for Universal Windows Platform apps
nss: fix incorrect use of a previously loaded certificate from file
nss: work around race condition in PK11_FindSlotByName()
ftp: fix wrong poll on the secondary socket
openssl: build warning-free with 1.1.0 (again)
HTTP: stop parsing headers when switching to unknown protocols
test219: Add http as a required feature
TLS: random file/egd doesn't have to match for conn reuse
schannel: Disable ALPN for Wine since it is causing problems
http2: make sure stream errors don't needlessly close the connection
http2: return CURLE_HTTP2_STREAM for unexpected stream close
darwinssl: --cainfo is intended for backward compatibility only
speed caps: not based on average speeds anymore
configure: make the cpp -P detection not clobber CPPFLAGS
http2: use named define instead of magic constant in read callback
http2: skip the content-length parsing, detect unknown size
http2: return EOF when done uploading without known size
darwinssl: test for errSecSuccess in PKCS12 import rather than noErr