./www/curl, Client that groks URLs

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 7.61.0, Package name: curl-7.61.0, Maintainer: pkgsrc-users

Curl is a command line tool for transferring files with URL syntax, supporting
HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload,
proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate,
kerberos...), file transfer resume, proxy tunneling and a busload of other
useful tricks.

Required to run:

Required to build:

Package options: gssapi, idn, inet6

Master sites:

SHA1: ddebde47541b514f6ba6ea03a488f053ae95af1a
RMD160: 6101f3a189c5a7cc7b0bdd56fc6e80dc37ccdaa8
Filesize: 2880.229 KB

Version history: (Expand)

CVS history: (Expand)

   2018-07-11 20:13:26 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
curl: updated to 7.61.0

Curl and libcurl 7.61.0

This release includes the following changes:
* getinfo: add microsecond precise timers for seven intervals
* curl: show headers in bold, switch off with --no-styled-output
* httpauth: add support for Bearer tokens
* curl: --tls13-ciphers and --proxy-tls13-ciphers
* curl: --disallow-username-in-url

This release includes the following bugfixes:
* CVE-2018-0500: smtp: fix SMTP send buffer overflow
* schannel: disable client cert option if APIs not available
* schannel: disable manual verify if APIs not available
* tests/libtest/Makefile: Do not unconditionally add gcc-specific flags
* openssl: acknowledge --tls-max for default version too
* stub_gssapi: fix 'unused parameter' warnings
* examples/progressfunc: make it build on both new and old libcurls
* docs: mention it is HA Proxy protocol "version 1"
* curl_fnmatch: only allow two asterisks for matching
* docs: clarify CURLOPT_HTTPGET
* configure: replace a AC_TRY_RUN with CURL_RUN_IFELSE
* configure: do compile-time SIZEOF checks instead of run-time
* checksrc: make sure sizeof() is used *with* parentheses
* CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit
* schannel: make CAinfo parsing resilient to CR/LF
* tftp: make sure error is zero terminated before printfing it
* http resume: skip body if http code 416 (range error) is ignored
* configure: add basic test of --with-ssl prefix
* cmake: set -d postfix for debug builds
* multi: provide a socket to wait for in Curl_protocol_getsock
* content_encoding: handle zlib versions too old for Z_BLOCK
* winbuild: only delete OUTFILE if it exists
* winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST
* schannel: add failf calls for client certificate failures
* cmake: Fix the test for fsetxattr and strerror_r
* curl.1: Fix cmdline-opts reference errors
* cmdline-opts/gen.pl: warn if mutexes: or see-also: list non-existing options
* cmake: check for getpwuid_r
* configure: fix ssh2 linking when built with a static mbedtls
* psl: use latest psl and refresh it periodically
* fnmatch: insist on escaped bracket to match
* KNOWN_BUGS: restore text regarding 2101
* INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib
* configure: override AR_FLAGS to silence warning
* os400: implement mime api EBCDIC wrappers
* curl.rc: embed manifest for correct Windows version detection
* strictness: correct {infof, failf} format specifiers
* tests: update .gitignore for libtests
* configure: check for declaration of getpwuid_r
* fnmatch: use the system one if available
* CURLOPT_RESOLVE: always purge old entry first
* multi: remove a potentially bad DEBUGF()
* curl_addrinfo: use same #ifdef conditions in source as header
* build: remove the Borland specific makefiles
* axTLS: not considered fit for use
* cmdline-opts/cert-type.d: mention "p12" as a recognized type
* system.h: add support for IBM xlc C compiler
* tests/libtest: Add lib1521 to nodist_SOURCES
* mk-ca-bundle.pl: leave certificate name untouched
* boringssl + schannel: undef X509_NAME in lib/schannel.h
* openssl: assume engine support in 1.0.1 or later
* cppcheck: fix warnings
* test 46: make test pass after year 2025
* schannel: support selecting ciphers
* Curl_debug: remove dead printhost code
* test 1455: unflakified
* Curl_init_do: handle NULL connection pointer passed in
* progress: remove a set of unused defines
* mk-ca-bundle.pl: make -u delete certdata.txt if found not changed
* GOVERNANCE.md: explains how this project is run
* configure: use pkg-config for c-ares detection
* configure: enhance ability to build with static openssl
* maketgz: fix sed issues on OSX
* multi: fix memory leak when stopped during name resolve
* CURLOPT_INTERFACE.3: interface names not supported on Windows
* url: fix dangling conn->data pointer
* cmake: allow multiple SSL backends
* system.h: fix for gcc on 32 bit OpenServer
* ConnectionExists: make sure conn->data is set when "taking" a \ 
* multi: fix crash due to dangling entry in connect-pending list
* CURLOPT_SSL_VERIFYPEER.3: Add performance note
* netrc: use a larger buffer to support longer passwords
* url: check Curl_conncache_add_conn return code
* configure: Add dependent libraries after crypto
* easy_perform: faster local name resolves by using *multi_timeout()
* getnameinfo: not used, removed all configure checks
* travis: add a build using the synchronous name resolver
* CURLINFO_TLS_SSL_PTR.3: improve the example
* openssl: allow TLS 1.3 by default
* openssl: make the requested TLS version the *minimum* wanted
* openssl: Remove some dead code
* telnet: fix clang warnings
* DEPRECATE: new doc describing planned item removals
* example/crawler.c: simple crawler based on libxml2
* libssh: goto DISCONNECT state on error, not SESSION_FREE
* CMake: Remove unused functions
* darwinssl: allow High Sierra users to build the code using GCC
* scripts: include _curl as part of CLEANFILES
* examples: fix -Wformat warnings
* curl_setup: include <winerror.h> before <windows.h>
* schannel: make more cipher options conditional
* CMake: remove redundant and old end-of-block syntax
* post303.d: clarify that this is an RFC violation
   2018-05-17 11:59:40 by Leonardo Taccari | Files touched by this commit (3) | Package updated
Log message:
curl: Update www/curl to 7.60.0

This release includes the following changes:

 o Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol
 o Add --haproxy-protocol for the command line tool
 o Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses

This release includes the following bugfixes:

 o FTP: shutdown response buffer overflow CVE-2018-1000300
 o RTSP: bad headers buffer over-read CVE-2018-1000301
 o FTP: fix typo in recursive callback detection for seeking
 o test1208: marked flaky
 o HTTP: make header-less responses still count correct body size
 o user-agent.d:: mention --proxy-header as well
 o http2: fixes typo
 o cleanup: misc typos in strings and comments
 o rate-limit: use three second window to better handle high speeds
 o examples/hiperfifo.c: improved
 o pause: when changing pause state, update socket state
 o multi: improved pending transfers handling => improved performance
 o curl_version_info.3: fix ssl_version description
 o add_handle/easy_perform: clear errorbuffer on start if set
 o darwinssl: fix iOS build
 o cmake: add support for brotli
 o parsedate: support UT timezone
 o vauth/ntlm.h: fix the #ifdef header guard
 o lib/curl_path.h: added #ifdef header guard
 o vauth/cleartext: fix integer overflow check
 o CURLINFO_COOKIELIST.3: made the example not leak memory
 o cookie.d: mention that "-" as filename means stdin
 o CURLINFO_SSL_VERIFYRESULT.3: fixed the example
 o http2: read pending frames (including GOAWAY) in connection-check
 o timeval: remove compilation warning by casting
 o cmake: avoid warn-as-error during config checks
 o travis-ci: enable -Werror for CMake builds
 o openldap: fix for NULL return from ldap_get_attribute_ber()
 o threaded resolver: track resolver time and set suitable timeout values
 o cmake: Add advapi32 as explicit link library for win32
 o docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T
 o test1148: set a fixed locale for the test
 o cookies: when reading from a file, only remove_expired once
 o cookie: store cookies per top-level-domain-specific hash table
 o openssl: fix build with LibreSSL 2.7
 o tls: fix mbedTLS 2.7.0 build + handle sha256 failures
 o openssl: RESTORED verify locations when verifypeer==0
 o file: restore old behavior for file:////foo/bar URLs
 o FTP: allow PASV on IPv6 connections when a proxy is being used
 o build-openssl.bat: allow custom paths for VS and perl
 o winbuild: make the clean target work without build-type
 o build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15
 o curl: retry on FTP 4xx, ignore other protocols
 o configure: detect (and use) sa_family_t
 o examples/sftpuploadresume: Fix Windows large file seek
 o build: cleanup to fix clang warnings/errors
 o winbuild: updated the documentation
 o lib: silence null-dereference warnings
 o travis: bump to clang 6 and gcc 7
 o travis: build libpsl and make builds use it
 o proxy: show getenv proxy use in verbose output
 o duphandle: make sure CURLOPT_RESOLVE is duplicated
 o all: Refactor malloc+memset to use calloc
 o checksrc: Fix typo
 o system.h: Add sparcv8plus to oracle/sunpro 32-bit detection
 o vauth: Fix typo
 o ssh: show libSSH2 error code when closing fails
 o test1148: tolerate progress updates better
 o urldata: make service names unconditional
 o configure: keep LD_LIBRARY_PATH changes local
 o ntlm_sspi: fix authentication using Credential Manager
 o schannel: add client certificate authentication
 o winbuild: Support custom devel paths for each dependency
 o schannel: add support for CURLOPT_CAINFO
 o http2: handle on_begin_headers() called more than once
 o openssl: support OpenSSL 1.1.1 verbose-mode trace messages
 o openssl: fix subjectAltName check on non-ASCII platforms
 o http2: avoid strstr() on data not zero terminated
 o http2: clear the "drain counter" when a stream is closed
 o http2: handle GOAWAY properly
 o tool_help: clarify --max-time unit of time is seconds
 o curl.1: clarify that options and URLs can be mixed
 o http2: convert an assert to run-time check
 o curl_global_sslset: always provide available backends
 o ftplistparser: keep state between invokes
 o Curl_memchr: zero length input can't match
 o examples/sftpuploadresume: typecast fseek argument to long
 o examples/http2-upload: expand buffer to avoid silly warning
 o ctype: restore character classification for non-ASCII platforms
 o mime: avoid NULL pointer dereference risk
 o cookies: ensure that we have cookies before writing jar
 o os400.c: fix checksrc warnings
 o configure: provide --with-wolfssl as an alias for --with-cyassl
 o cyassl: adapt to libraries without TLS 1.0 support built-in
 o http2: get rid of another strstr
 o checksrc: force indentation of lines after an else
 o cookies: remove unused macro
 o CURLINFO_PROTOCOL.3: mention the existing defined names
 o tests: provide 'manual' as a feature to optionally require
 o travis: enable libssh2 on both macos and Linux
 o CURLOPT_URL.3: added ENCODING section
 o wolfssl: Fix non-blocking connect
 o vtls: don't define MD5_DIGEST_LENGTH for wolfssl
 o docs: remove extraneous commas in man pages
 o URL: fix ASCII dependency in strcpy_url and strlen_url
 o ssh-libssh.c: fix left shift compiler warning
 o configure: only check for CA bundle for file-using SSL backends
 o travis: add an mbedtls build
 o http: don't set the "rewind" flag when not uploading anything
 o configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h
 o transfer: don't unset writesockfd on setup of multiplexed conns
 o vtls: use unified "supports" bitfield member in backends
 o URLs: fix one more http url
 o travis: add a build using WolfSSL
 o openssl: change FILE ops to BIO ops
 o travis: add build using NSS
 o smb: reject negative file sizes
 o cookies: accept parameter names as cookie name
 o http2: getsock fix for uploads
 o all over: fixed format specifiers
 o http2: use the correct function pointer typedef

This release would not have looked like this without help, code, reports and
advice from friends like these:

  Adam Brown, Alex Baines, Anders Bakken, Anders Roxell, anshnd on github,
  Bas van Schaik, Bernard Spil, Chris Araman, Christian Schmitz, Cyril B,
  Dagobert Michelsen, Dan Fandrich, Daniel Gustafsson, Daniel Stenberg,
  Dan McNulty, Dario Weisser, dasimx on github, David Garske, David L.,
  Denis Ollier, Dmitry Mikhirev, Dongliang Mu, Don J Olmstead, Eric Gallager,
  Ernst Sjöstrand, Frank Gevaerts, Gaurav Malhotra, Geeknik Labs, Howard Chu,
  iz8mbw on github, Jakub Wilk, Jon DeVree, Kees Dekker, Kobi Gurkan,
  Laurie Clark-Michalek, Lauri Kasanen, Lawrence Matthews, Luz Paz,
  Marcel Raad, Max Dymond, Michael Kaufmann, Michael Kilburn,
  Michał Janiszewski, Michal Trybus, Muz Dima, Nikos Tsipinakis, Ori Avtalion,
  Oumph on github, patelvivekv1993 on github, Patrick Monnerat,
  Philip Prindeville, Ray Satiro, Rick Deist, Rikard Falkeborn, Sergei Nikulov,
  Stefan Agner, steini2000 on github, Stephan Mühlstrasser, Sunny Purushe,
  Terry Wu, Vincas Razma, wncboy on github, Wyatt O'Day, 刘佩东,
  (64 contributors)

        Thanks! (and sorry if I forgot to mention someone)
   2018-04-29 23:32:09 by Adam Ciarcinski | Files touched by this commit (629) | Package updated
Log message:
revbump for boost-libs update
   2018-03-14 08:44:24 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
curl: update to 7.59.0.

Curl and libcurl 7.59.0

This release includes the following changes:

 o curl: add --proxy-pinnedpubkey [10]
 o CURLOPT_RESOLVE: Add support for multiple IP addresses per entry [37]
 o Add new tool option --happy-eyeballs-timeout-ms [37]

This release includes the following bugfixes:

 o openldap: check ldap_get_attribute_ber() results for NULL before using [50]
 o FTP: reject path components with control codes [51]
 o readwrite: make sure excess reads don't go beyond buffer end [52]
 o lib555: drop text conversion and encode data as ascii codes [1]
 o lib517: make variable static to avoid compiler warning
 o lib544: sync ascii code data with textual data [1]
 o GSKit: restore pinnedpubkey functionality [2]
 o darwinssl: Don't import client certificates into Keychain on macOS [3]
 o parsedate: fix date parsing for systems with 32 bit long [4]
 o openssl: fix pinned public key build error in FIPS mode [5]
 o SChannel/WinSSL: Implement public key pinning [6]
 o cookies: remove verbose "cookie size:" output
 o progress-bar: don't use stderr explicitly, use bar->out [7]
 o Fixes for MSDOS
 o build: open VC15 projects with VS 2017
 o curl_ctype: private is*() type macros and functions [8]
 o configure: set PATH_SEPARATOR to colon for PATH w/o separator [9]
 o winbuild: make linker generate proper PDB [11]
 o curl_easy_reset: clear digest auth state [12]
 o curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6 [14]
 o range: commonize FTP and FILE range handling [15]
 o progress-bar docs: update to match implementation [16]
 o fnmatch: do not match the empty string with a character set
 o fnmatch: accept an alphanum to be followed by a non-alphanum in char set [17]
 o build: fix termios issue on android cross-compile [18]
 o getdate: return -1 for out of range [19]
 o formdata: use the mime-content type function [20]
 o time-cond: fix reading the file modification time on Windows [21]
 o build-openssl.bat: Extend VC15 support to include Enterprise and Professional
 o build-wolfssl.bat: Extend VC15 support to include Enterprise and Professional
 o openssl: Don't add verify locations when verifypeer==0
 o fnmatch: optimize processing of consecutive *s and ?s pattern characters [22]
 o schannel: fix compiler warnings [23]
 o content_encoding: Add "none" alias to "identity" [24]
 o get_posix_time: only check for overflows if they can happen
 o http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING [25]
 o README: language fix [26]
 o sha256: build with OpenSSL < 0.9.8 [27]
 o smtp: fix processing of initial dot in data [28]
 o --tlsauthtype: works only if libcurl is built with TLS-SRP support [29]
 o tests: new tests for http raw mode [30]
 o libcurl-security.3: man page discussion security concerns when using libcurl
 o curl_gssapi: make sure this file too uses our *printf()
 o BINDINGS: fix curb link (and remove ruby-curl-multi)
 o nss: use PK11_CreateManagedGenericObject() if available [31]
 o travis: add build with iconv enabled [32]
 o ssh: add two missing state names [33]
 o CURLOPT_HEADERFUNCTION.3: mention folded headers
 o http: fix the max header length detection logic [34]
 o header callback: don't chop headers into smaller pieces [35]
 o CURLOPT_HEADER.3: clarify problems with different data sizes
 o curl --version: show PSL if the run-time lib has it enabled
 o examples/sftpuploadresume: resume upload via CURLOPT_APPEND [36]
 o Return error if called recursively from within callbacks [38]
 o sasl: prefer PLAIN mechanism over LOGIN
 o winbuild: Use CALL to run batch scripts [40]
 o curl_share_setopt.3: connection cache is shared within multi handles
 o winbuild: Use macros for the names of some build utilities [41]
 o projects/README: remove reference to dead IDN link/package [42]
 o lib655: silence compiler warning [43]
 o configure: Fix version check for OpenSSL 1.1.1
 o docs/MANUAL: formfind.pl is not accessible on the site anymore [44]
 o unit1309: fix warning on Windows x64 [45]
 o unit1307: proper cleanup on OOM to fix torture tests
 o curl_ctype: fix macro redefinition warnings
 o build: get CFLAGS (including -werror) used for examples and tests [46]
 o NO_PROXY: fix for IPv6 numericals in the URL [47]
 o krb5: use nondeprecated functions [48]
 o winbuild: prefer documented zlib library names [49]
 o http2: mark the connection for close on GOAWAY [53]
 o limit-rate: kick in even before "limit" data has been received [54]
 o HTTP: allow "header;" to replace an internal header with a blank \ 
one [55]
 o http2: verbose output new MAX_CONCURRENT_STREAMS values
 o SECURITY: distros' max embargo time is 14 days
 o curl tool: accept --compressed also if Brotli is enabled and zlib is not
 o WolfSSL: adding TLSv1.3 [56]
 o checksrc.pl: add -i and -m options
 o CURLOPT_COOKIEFILE.3: "-" as file name means stdin
   2018-01-24 13:17:44 by Leonardo Taccari | Files touched by this commit (1)
Log message:
curl: Delete if-def block regarding TEST_TARGET and test dependencies

Define TEST_TARGET unconditionally and do not add `perl' to USE_TOOLS, `perl'
is already needed as tool.
   2018-01-24 08:57:19 by Thomas Klausner | Files touched by this commit (4) | Package updated
Log message:
curl: update to 7.58.0.

This release includes the following changes:

 o new libssh-powered SSH SCP/SFTP back-end
 o curl-config: add --ssl-backends [10]

This release includes the following bugfixes:

 o http2: fix incorrect trailer buffer size [40]
 o http: prevent custom Authorization headers in redirects [55]
 o travis: add boringssl build [1]
 o examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL [2]
 o SSL: Avoid magic allocation of SSL backend specific data [3]
 o lib: don't export all symbols, just everything curl_* [4]
 o libssh2: send the correct CURLE error code on scp file not found
 o libssh2: return CURLE_UPLOAD_FAILED on failure to upload
 o openssl: enable pkcs12 in boringssl builds [5]
 o libssh2: remove dead code from SSH_SFTP_QUOTE [6]
 o sasl_getmesssage: make sure we have a long enough string to pass [7]
 o conncache: fix several lock issues [8]
 o threaded-shared-conn.c: new example
 o conncache: only allow multiplexing within same multi handle [9]
 o configure: check for netinet/in6.h [11]
 o URL: tolerate backslash after drive letter for FILE: [12]
 o openldap: add commented out debug possibilities [13]
 o include: get netinet/in.h before linux/tcp.h [14]
 o CONNECT: keep close connection flag in http_connect_state struct [15]
 o BINDINGS: another PostgreSQL client
 o curl: limit -# update frequency for unknown total size [16]
 o configure: add AX_CODE_COVERAGE only if using gcc [17]
 o curl.h: remove incorrect comment about ERRORBUFFER
 o openssl: improve data-pending check for https proxy [18]
 o curl: remove __EMX__ #ifdefs [19]
 o CURLOPT_PRIVATE.3: fix grammar [20]
 o sftp: allow quoted commands to use relative paths [21]
 o RESOLVE: output verbose text when trying to set a duplicate name
 o openssl: Disable file buffering for Win32 SSLKEYLOGFILE [22]
 o multi_done: prune DNS cache [23]
 o tests: update .gitignore for libtests
 o tests: mark data files as non-executable in git
 o CURLOPT_DNS_LOCAL_IP4.3: fixed the "SEE ALSO" to not self-reference
 o curl.1: documented two missing valid exit codes
 o curl.1: mention http:// and https:// as valid proxy prefixes
 o vtls: replaced getenv() with curl_getenv() [24]
 o setopt: less *or equal* than INT_MAX/1000 should be fine [25]
 o examples/smtp-mail.c: use separate defines for options and mail
 o curl: support >256 bytes warning messsages [26]
 o conncache: fix a return code
 o krb5: fix a potential access of uninitialized memory
 o rand: add a clang-analyzer work-around
 o CURLOPT_READFUNCTION.3: refer to argument with correct name [27]
 o brotli: allow compiling with version 0.6.0
 o content_encoding: rework zlib_inflate [28]
 o curl_easy_reset: release mime-related data [29]
 o examples/rtsp: fix error handling macros [30]
 o build-openssl.bat: Added support for VC15
 o build-wolfssl.bat: Added support for VC15
 o build: Added Visual Studio 2017 project files
 o winbuild: Added support for VC15
 o curl: Support size modifiers for --max-filesize [32]
 o examples/cacertinmem: ignore cert-already-exists error [33]
 o brotli: data at the end of content can be lost [34]
 o curl_version_info.3: call the argument 'age' [35]
 o openssl: fix memory leak of SSLKEYLOGFILE filename
 o build: remove HAVE_LIMITS_H check [36]
 o --mail-rcpt: fix short-text description
 o scripts: allow all perl scripts to be run directly [37]
 o progress: calculate transfer speed on milliseconds if possible [38]
 o system.h: check __LONG_MAX__ for defining curl_off_t [31]
 o easy: fix connection ownership in curl_easy_pause [39]
 o setopt: reintroduce non-static Curl_vsetopt() for OS400 support [41]
 o setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values [42]
 o configure.ac: append extra linker flags instead of prepending them [43]
 o HTTP: bail out on negative Content-Length: values [44]
 o docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata
 o mime: clone mime tree upon easy handle duplication [45]
 o openssl: enable SSLKEYLOGFILE support by default [46]
 o smtp/pop3/imap_get_message: decrease the data length too... [47]
 o CURLOPT_TCP_NODELAY.3: fix typo [48]
 o SMB: fix numeric constant suffix and variable types [49]
 o ftp-wildcard: fix matching an empty string with "*[^a]" [50]
 o curl_fnmatch: only allow 5 '*' sections in a single pattern
 o openssl: fix potential memory leak in SSLKEYLOGFILE logic
 o SSH: Fix state machine for ssh-agent authentication [51]
 o examples/url2file.c: add missing curl_global_cleanup() call [52]
 o http2: don't close connection when single transfer is stopped [53]
 o libcurl-env.3: first version
 o curl: progress bar refresh, get width using ioctl() [54]
 o CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support [56]
   2018-01-01 22:18:57 by Adam Ciarcinski | Files touched by this commit (629) | Package updated
Log message:
Revbump after boost update
   2017-11-29 14:56:28 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
curl: update to 7.57.0.

Curl and libcurl 7.57.0

 o auth: add support for RFC7616 - HTTP Digest access authentication [12]
 o share: add support for sharing the connection cache [31]
 o HTTP: implement Brotli content encoding [28]

This release includes the following bugfixes:

 o CVE-2017-8816: NTLM buffer overflow via integer overflow [47]
 o CVE-2017-8817: FTP wildcard out of bounds read [48]
 o CVE-2017-8818: SSL out of buffer access [49]
 o curl_mime_filedata.3: fix typos [1]
 o libtest: Add required test libraries for lib1552 and lib1553 [2]
 o fix time diffs for systems using unsigned time_t [3]
 o ftplistparser: memory leak fix: free temporary memory always [4]
 o multi: allow table handle sizes to be overridden [5]
 o wildcards: don't use with non-supported protocols [6]
 o curl_fnmatch: return error on illegal wildcard pattern [7]
 o transfer: Fix chunked-encoding upload too early exit [8]
 o curl_setup: Improve detection of CURL_WINDOWS_APP [9]
 o resolvers: only include anything if needed [10]
 o setopt: fix CURLOPT_SSH_AUTH_TYPES option read
 o appveyor: add a win32 build
 o Curl_timeleft: change return type to timediff_t [11]
 o cmake: Export libcurl and curl targets to use by other cmake projects [13]
 o curl: in -F option arg, comma is a delimiter for files only [14]
 o curl: improved ";type=" handling in -F option arguments
 o timeval: use mach_absolute_time() on MacOS [15]
 o curlx: the timeval functions are no longer provided as curlx_* [16]
 o mkhelp.pl: do not generate comment with current date [17]
 o memdebug: use send/recv signature for curl_dosend/curl_dorecv [18]
 o cookie: avoid NULL dereference [19]
 o url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 [20]
 o include: remove conncache.h inclusion from where its not needed
 o CURLOPT_MAXREDIRS: allow -1 as a value [21]
 o tests: Fixed torture tests on tests 556 and 650
 o http2: Fixed OOM handling in upgrade request
 o url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
 o CURLOPT_INFILESIZE: accept -1 [22]
 o curl: pass through [] in URLs instead of calling globbing error [23]
 o curl: speed up handling of many URLs [24]
 o ntlm: avoid malloc(0) for zero length passwords [25]
 o url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES [26]
 o HTTP: support multiple Content-Encodings [27]
 o travis: add a job with brotli enabled
 o url: remove unncessary NULL-check
 o fnmatch: remove dead code
 o connect: store IPv6 connection status after valid connection [29]
 o imap: deal with commands case insensitively [30]
 o --interface: add support for Linux VRF [32]
 o content_encoding: fix inflate_stream for no bytes available [33]
 o cmake: Correctly include curl.rc in Windows builds [34]
 o cmake: Add missing setmode check [35]
 o connect.c: remove executable bit on file [36]
 o SMB: fix uninitialized local variable
 o zlib/brotli: only include header files in modules needing them [37]
 o URL: return error on malformed URLs with junk after IPv6 bracket [38]
 o openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY [39]
 o macOS: Fix missing connectx function with Xcode version older than 9.0 [40]
 o --resolve: allow IP address within [] brackets [41]
 o examples/curlx: Fix code style [42]
 o ntlm: remove unnecessary NULL-check to please scan-build [43]
 o Curl_llist_remove: fix potential NULL pointer deref [43]
 o mime: fix "Value stored to 'sz' is never read" scan-build error [43]
 o openssl: fix "Value stored to 'rc' is never read" scan-build error [43]
 o http2: fix "Value stored to 'hdbuf' is never read" scan-build error [43]
 o http2: fix "Value stored to 'end' is never read" scan-build error [43]
 o Curl_open: fix OOM return error correctly [43]
 o url: reject ASCII control characters and space in host names [44]
 o examples/rtsp: clear RANGE again after use [45]
 o connect: improve the bind error message [46]
 o make: fix "make distclean" [50]
 o connect: add support for new TCP Fast Open API on Linux [51]
 o metalink: fix memory-leak and NULL pointer dereference [52]
 o URL: update "file:" URL handling [53]
 o ssh: remove check for a NULL pointer [54]
 o global_init: ignore CURL_GLOBAL_SSL's absense [55]