./www/curl, Client that groks URLs

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 7.41.0nb1, Package name: curl-7.41.0nb1, Maintainer: pkgsrc-users

Curl is a command line tool for transferring files with URL syntax, supporting
HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload,
proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate,
kerberos...), file transfer resume, proxy tunneling and a busload of other
useful tricks.

Required to run:

Package options: gssapi, inet6, libidn

Master sites: (Expand)

SHA1: 6784591ed7dc3452a8ef6fba050777c50775c4f1
RMD160: 8aa31d13947a9f0c13d7445e1da70554555fe67a
Filesize: 3227.059 KB

Version history: (Expand)

CVS history: (Expand)

   2015-03-23 10:38:50 by Niclas Rosenvik | Files touched by this commit (1) | Package updated
Log message:
Revbump because of security/libssh2 update.
   2015-03-01 16:01:01 by Thomas Klausner | Files touched by this commit (5) | Package updated
Log message:
Update to 7.41.0:

Version 7.41.0 (25 Feb 2015)

Daniel Stenberg (25 Feb 2015)
- THANKS: added contributors from the 7.41.0 RELEASE-NOTES

- RELEASE-NOTES: sync with ffc2aeec6e (7.41.0 release time!)

Marc Hoersken (25 Feb 2015)
- Revert "telnet.c: fix handling of 0 being returned from custom read \ 

  This reverts commit 03fa576833643c67579ae216c4e7350fa9b5f2fe.

- telnet.c: fix invalid use of custom read function if not being set

  obj_count can be 1 if the custom read function is set or the stdin
  handle is a reference to a pipe. Since the pipe should be handled
  using the PeekNamedPipe-check below, the custom read function should
  only be used if it is actually enabled.

- telnet.c: fix handling of 0 being returned from custom read function

  According to [1]: "Returning 0 will signal end-of-file to the library
  and cause it to stop the current transfer."
  This change makes the Windows telnet code handle this case accordingly.

   [1] http://curl.haxx.se/libcurl/c/CURLOPT_READFUNCTION.html

Daniel Stenberg (24 Feb 2015)
- sws: stop logging about TPC_NODELAY nonsense

- lib530: make it less timing sensible

  ... by making sure the first request is completed before doing the

Kamil Dudka (23 Feb 2015)
- connect: wait for IPv4 connection attempts

  ... even if the last IPv6 connection attempt has failed.

  Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c4

- connect: avoid skipping an IPv4 address

  ... in case the protocol versions are mixed in a DNS response
  (IPv6 -> IPv4 -> IPv6).

  Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c3

Daniel Stenberg (23 Feb 2015)
- RELEASE-NOTES: synced with 5e4395eab839d

- ROADMAP: curl_easy_setopt.3 has already been split up

  Remove cmake as marked for removal. It is in much better state now.

- ROADMAP: extend the HTTP/2 stuff, remove SPDY

- [Julian Ospald brought this change]

  configure: allow both --with-ca-bundle and --with-ca-path

  SSL_CTX_load_verify_locations by default (and if given non-Null
  parameters) searches the CAfile first and falls back to CApath.  This
  allows for CAfile to be a basis (e.g. installed by the package manager)
  and CApath to be a user configured directory.

  This wasn't reflected by the previous configure constraint which this
  patch fixes.

  Bug: https://github.com/bagder/curl/pull/139

- [Ben Boeckel brought this change]

  cmake: install the dll file to the correct directory

- [Alessandro Ghedini brought this change]

  nss: fix NPN/ALPN protocol negotiation

  Correctly check for memcmp() return value (it returns 0 if the strings match).

  This is not really important, since curl is going to use http/1.1 anyway, but
  it's still a bug I guess.

- [Alessandro Ghedini brought this change]

  polarssl: fix ALPN protocol negotiation

  Correctly check for strncmp() return value (it returns 0 if the strings

- [Sergei Nikulov brought this change]

  CMake: Fix generation of tool_hugehelp.c on windows

  Use "cmake -E echo" instead of "echo".

  Reviewed-by: Brad King <brad.king@kitware.com>

- [Sergei Nikulov brought this change]

  CMake: fix winsock2 detection on windows

  Set CMAKE_REQUIRED_DEFINITIONS to include definitions needed to get
  the winsock2 API from windows.h.  Simplify the order of checks to
  avoid extra conditions.

  Use check_include_file instead of check_include_file_concat to look
  for OpenSSL headers.  They do not need to participate in a sequence
  of dependent system headers.  Also they may cause winsock.h to be
  included before ws2tcpip.h, causing the latter to not be detected
  in the sequence.

  Reviewed-by: Brad King <brad.king@kitware.com>

- [Alessandro Ghedini brought this change]

  gtls: fix build with HTTP2

Steve Holme (16 Feb 2015)
- Makefile.vc6: Corrected typos in rename of darwinssl.obj

Nick Zitzmann (15 Feb 2015)
- By request, change the name of "curl_darwinssl.[ch]" to \ 

Steve Holme (14 Feb 2015)
- RELEASE-NOTES: Synced with 6f89f86c3d

- tests/README: Updated to reflect email test ranges

- [Alessandro Ghedini brought this change]

  curl.1: --cert-status is also supported by OpenSSL now

- build: Removed Visual Studio SuppressStartupBanner directive for VC8+

  Visual Studio 2005 and above defaults to disabling the startup banner
  for the Compiler, Linker and MIDL tools (with /NOLOGO). As such there
  is no need to explicitly set the SuppressStartupBanner directive, as
  this is a leftover from the VC7 and VC7.1 projects being upgraded to
  VC8 and above.

Kamil Dudka (12 Feb 2015)
- openssl: fix a compile-time warning

  lib/vtls/openssl.c:1450:7: warning: extra tokens at end of #endif directive

Steve Holme (11 Feb 2015)
- openssl: Use OPENSSL_IS_BORINGSSL for BoringSSL detection

  For consistency with other conditionally compiled code in openssl.c,
  use OPENSSL_IS_BORINGSSL rather than HAVE_BORINGSSL and try to use
  HAVE_BORINGSSL outside of openssl.c when the OpenSSL header files are
  not included.

Patrick Monnerat (11 Feb 2015)
- ftp: accept all 2xx responses to the PORT command

Steve Holme (9 Feb 2015)
- openssl: Disable OCSP in old versions of OpenSSL

  Versions of OpenSSL prior to v0.9.8h do not support the necessary
  functions for OCSP stapling.

Daniel Stenberg (9 Feb 2015)
- [Tatsuhiro Tsujikawa brought this change]

  http2: Fix bug that associated stream canceled on PUSH_PROMISE

  Previously we don't ignore PUSH_PROMISE header fields in on_header
  callback.  It makes header values mixed with following HEADERS,
  resulting protocol error.

- [Jay Satiro brought this change]

  polarssl: Fix exclusive SSL protocol version options

  Prior to this change the options for exclusive SSL protocol versions did
  not actually set the protocol exclusive.

  Reported-by: Dan Fandrich

- [Jay Satiro brought this change]

  gskit: Fix exclusive SSLv3 option

- curl.1: clarify that -X is used for all requests

  Reported-by: Jon Seymour

- curl.1: add warning when using -H and redirects

Steve Holme (7 Feb 2015)
- schannel: Removed curl_ prefix from source files

  Removed the curl_ prefix from the schannel source files as discussed
  with Marc and Daniel at FOSDEM.

Daniel Stenberg (6 Feb 2015)
- md5: use axTLS's own MD5 functions when available

- MD(4|5): make the MD4_* and MD5_* functions static

- axtls: fix conversion from size_t to int warning

Steve Holme (5 Feb 2015)
- ftp: Use 'CURLcode result' for curl result codes

Daniel Stenberg (5 Feb 2015)
- openssl: SSL_SESSION->ssl_version no longer exist

  The struct went private in 1.0.2 so we cannot read the version number
  from there anymore. Use SSL_version() instead!

  Reported-by: Gisle Vanem
  Bug: http://curl.haxx.se/mail/lib-2015-02/0034.html

Dan Fandrich (4 Feb 2015)
- unit1600: Fix compilation when NTLM is disabled

Daniel Stenberg (4 Feb 2015)
- MD5: fix compiler warnings and code style nits

- MD5: replace implementation

  The previous one was "encumbered" by RSA Inc - to avoid the licensing
  restrictions it has being replaced. This is the initial import,
  inserting the md5.c and md5.h files from
  http://openwall.info/wiki/people/solar/ … e-code/md5

  Code-by: Alexander Peslyak

- MD4: fix compiler warnings and code style nits

- MD4: replace implementation

  The previous one was "encumbered" by RSA Inc - to avoid the licensing
  restrictions it has being replaced. This is the initial import,
  inserting the md4.c and md4.h files from
  http://openwall.info/wiki/people/solar/ … e-code/md4

  Code-by: Alexander Peslyak

Steve Holme (4 Feb 2015)
- telnet: Prefer 'CURLcode result' for curl result codes

- hostasyn: Prefer 'CURLcode result' for curl result codes

- schannel: Prefer 'CURLcode result' for curl result codes

Daniel Stenberg (3 Feb 2015)
- unit1601: MD5 unit tests

- unit1600: unit test for Curl_ntlm_core_mk_nt_hash

- unit1600: NTLM unit test

- tests/README: add a new range, clean up some language

- [Jay Satiro brought this change]

  opts: CURLOPT_CAINFO availability depends on SSL engine

- getpass: protect include with proper #ifdef

  Reported-by: Tamir

- getpass_r: read from stdin, not stdout!

  The file number used was wrong. This bug was introduced over 10 years
  ago, proving this function isn't used much...

  Bug: http://curl.haxx.se/bug/view.cgi?id=1476
  Reported-by: Tamir

- test1135: verify the CURL_EXTERN order in header files

- Makefile.am: fix 'make distcheck'

  ... by removing generated files from the *_DIST variable [*] and instead
  generate them with a .dist suffix, since that is then handled and put
  into the release archive by our generic dist-hook.

  [*] = 'make distcheck' fails with non-existing files listed there

Steve Holme (2 Feb 2015)
- curl_sasl.c: More code policing

  Better use of 80 character line limit, comment corrections and line
  spacing preferences.

Daniel Stenberg (2 Feb 2015)
- libcurl-symbols: first basic shot for autogenerated docs

- FAQ: minor edit of 3.22

Steve Holme (2 Feb 2015)
- build: Added removal of Visual Studio project files

  Added the removal of the locally generated project files so one
  may revert to a clean repository.

- build: Renamed top level Visual Studio solution files

  In preparation for adding the test suite and examples projects renamed
  the top level "all" solution files to better describe what they are.

  This will also enable us to use "curl" rather than \ 
"curlsrc" for the
  command line tool solution and project files, which will simplify some
  of the configuration.

- build: Enabled DEBUGBUILD in Visual Studio debug builds

  Defined the DEBUGBUILD pre-processor variable to allow extra logging,
  which is particularly useful in debug builds, as we use this and Visual
  Studio typically uses _DEBUG.

  We could define DEBUBBUILD, in curl_setup.h, when _MSC_VER and _DEBUG is
  defined but that would also affect the makefile based builds which we
  probably don't want to do.

- build: Removed unused Visual Studio bscmake settings

Daniel Stenberg (2 Feb 2015)

  And modify the text to refer to HTTP 2 as it isn't called "2.0".

  Reported-By: Michael Wallner

Marc Hoersken (31 Jan 2015)
- TODO: moved WinSSL/SChannel todo items into docs

Daniel Stenberg (29 Jan 2015)
- [Michael Kaufmann brought this change]

  CURLOPT_SEEKFUNCTION.3: also when server closes a connection

Steve Holme (29 Jan 2015)
- curl_sasl.c: Fixed compilation warning when cryptography is disabled

  curl_sasl.c:1506: warning: unused variable 'chlg'

- curl_sasl.c: Fixed compilation warning when verbose debug output disabled

  curl_sasl.c:1317: warning: unused parameter 'conn'

- ntlm_core: Use own odd parity function when crypto engine doesn't have one

- ntlm_core: Prefer sizeof(key) rather than hard coded sizes

- ntlm_core: Added consistent comments to DES functions

- des: Added Curl_des_set_odd_parity()

  Added Curl_des_set_odd_parity() for use when cryptography engines
  don't include this functionality.

- tests: Grouped SMTP SASL EXTERNAL tests with other SMTP tests

- tests: Grouped POP3 SASL EXTERNAL tests with other POP3 tests

- tests: Grouped IMAP SASL EXTERNAL tests with other IMAP tests

- sasl: Minor code policing and grammar corrections

Daniel Stenberg (28 Jan 2015)
- [Gisle Vanem brought this change]

  ldap: build with BoringSSL

- security: avoid compiler warning

  Possible access to uninitialised memory '&nread' at line 140 of
  lib/security.c in function 'ftp_send_command'.

  Reported-by: Rich Burridge

- runtests: identify BoringSSL and libressl

Patrick Monnerat (27 Jan 2015)
- docs: cite SASL external authentication.

- sasl: remove XOAUTH2 from default enabled authentication mechanism.

- test: add test cases for sasl external authentication (imap/pop3/smtp).

- imap: remove automatic password setting: it breaks external sasl authentication

- sasl: implement EXTERNAL authentication mechanism.
    Its use is only enabled by explicit requirement in URL (;AUTH=EXTERNAL) and
  by not setting the password.

Steve Holme (27 Jan 2015)
- openssl: Fixed Curl_ossl_cert_status_request() not returning FALSE

  Modified the Curl_ossl_cert_status_request() function to return FALSE
  when built with BoringSSL or when OpenSSL is missing the necessary TLS

- openssl: Fixed compilation errors when OpenSSL built with 'no-tlsext'

  Fixed the build of openssl.c when OpenSSL is built without the necessary
  TLS extensions for OCSP stapling.

  Reported-by: John E. Malmberg

- [Brad Spencer brought this change]

  curl_setup: Disable SMB/CIFS support when HTTP only

- RELEASE-NOTES: Synced with 37824498a3

Daniel Stenberg (22 Jan 2015)
- configure: remove detection of the old yassl emulation API

  ... as that is ancient history and not used.

- OCSP stapling: disabled when build with BoringSSL

- [Alessandro Ghedini brought this change]

  openssl: add support for the Certificate Status Request TLS extension

  Also known as "status_request" or OCSP stapling, defined in RFC6066
  section 8.

  Thanks-to: Joe Mason
  - for the work-around for the OpenSSL bug.

- BoringSSL: fix build for non-configure builds

  HAVE_BORINGSSL gets defined now by configure and should be defined by
  other build systems in case a BoringSSL build is desired.

- configure: fix BoringSSL detection and detect libresssl

Steve Holme (22 Jan 2015)
- curl_sasl: Reinstate the sasl_ prefix for locally scoped functions

  Commit 7a8b2885e2 made some functions static and removed the public
  Curl_ prefix. Unfortunately, it also removed the sasl_ prefix, which
  is the naming convention we use in this source file.

- curl_sasl: Minor code policing following recent commits

Daniel Stenberg (22 Jan 2015)
- [John Malmberg brought this change]

  openvms: Handle openssl/0.8.9zb version parsing

  packages/vms/gnv_link_curl.com was assuming only a single letter suffix
  in the openssl version.  That assumption has been fixed for 7.40.

- BoringSSL: detected by configure, switches off NTLM

- BoringSSL: no PKCS12 support nor ERR_remove_state

- [Leith Bade brought this change]

  BoringSSL: fix build

Steve Holme (20 Jan 2015)
- curl_sasl.c: chlglen is not used when cryptography is disabled

- curl_sasl.c: Fixed compilation warning when cyptography is disabled

  curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local

- curl_sasl.c: Fixed compilation error when USE_WINDOWS_SSPI defined

  curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier

  This error could also happen for non-SSPI builds when cryptography is
  disabled (CURL_DISABLE_CRYPTO_AUTH is defined).

Patrick Monnerat (20 Jan 2015)
- SASL: make some procedures local-scoped

- SASL: common state engine for imap/pop3/smtp

- SASL: common URL option and auth capabilities decoders for all protocols

- IMAP/POP3/SMTP: use a per-connection sub-structure for SASL parameters.

Daniel Stenberg (20 Jan 2015)
- ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6

  Reported-by: Chris Young

- [Chris Young brought this change]

  timeval: typecast for better type (on Amiga)

  There is an issue with conflicting "struct timeval" definitions with
  certain AmigaOS releases and C libraries, depending on what gets
  included when.  It's a minor difference - the OS one is unsigned,
  whereas the common structure has signed elements.  If the OS one ends up
  getting defined, this causes a timing calculation error in curl.

  It's easy enough to resolve this at the curl end, by casting the
  potentially errorneous calculation to a signed long.

- openssl: do public key pinning check independently

  ... of the other cert verification checks so that you can set verifyhost
  and verifypeer to FALSE and still check the public key.

  Bug: http://curl.haxx.se/bug/view.cgi?id=1471
  Reported-by: Kyle J. McKay

Patrick Monnerat (19 Jan 2015)

Steve Holme (18 Jan 2015)
- ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP

  For consistency with other USE_WIN32_ defines as well as the
  USE_OPENLDAP define.

- http_negotiate: Use dynamic buffer for SPN generation

  Use a dynamicly allocated buffer for the temporary SPN variable similar
  to how the SASL GSS-API code does, rather than using a fixed buffer of
  2048 characters.

- sasl_gssapi: Make Curl_sasl_build_gssapi_spn() public

- sasl_gssapi: Fixed memory leak with local SPN variable

Daniel Stenberg (17 Jan 2015)
- http_negotiate.c: unused variable 'ret'

Steve Holme (17 Jan 2015)
- gskit.h: Code policing of function pointer arguments

- vtls: Removed unimplemented overrides of curlssl_close_all()

  Carrying on from commit 037cd0d991, removed the following unimplemented
  instances of curlssl_close_all():


- vtls: Separate the SSL backend definition from the API setup

  Slight code cleanup as the SSL backend #define is mixed up with the API
  function setup.

- vtls: Fixed compilation errors when SSL not used

  Fixed the following warning and error from commit 3af90a6e19 when SSL
  is not being used:

  url.c:2004: warning C4013: 'Curl_ssl_cert_status_request' undefined;
              assuming extern returning int

  error LNK2019: unresolved external symbol Curl_ssl_cert_status_request
                 referenced in function Curl_setopt

- http_negotiate: Added empty decoded challenge message info text

- http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int

- http_negotiate_sspi: Prefer use of 'attrs' for context attributes

  Use the same variable name as other areas of SSPI code.

- http_negotiate_sspi: Use correct return type for QuerySecurityPackageInfo()

  Use the SECURITY_STATUS typedef rather than a unsigned long for the
  QuerySecurityPackageInfo() return and rename the variable as per other
  areas of SSPI code.

- http_negotiate_sspi: Use 'CURLcode result' for CURL result code

- curl_endian: Fixed build when 64-bit integers are not supported (Part 2)

  Missed Curl_read64_be() in commit bb12d44471 :(

Daniel Stenberg (16 Jan 2015)
- CURLOPT_SSL_VERIFYSTATUS.3: mention it is added in version 7.41.0

- curlver.h: next release is 7.41.0 due to the changes

- RELEASE-NOTES: mention the new OCSP stapling options, bump version

- opts: add CURLOPT_SSL_VERIFYSTATUS* to docs/Makefile

- help: add --cert-status to --help output

- copyright years: after OCSP stapling changes

- [Alessandro Ghedini brought this change]

  curl: add --cert-status option

  This enables the CURLOPT_SSL_VERIFYSTATUS functionality.

- [Alessandro Ghedini brought this change]

  nss: add support for the Certificate Status Request TLS extension

  Also known as "status_request" or OCSP stapling, defined in RFC6066 \ 
section 8.

  This requires NSS 3.15 or higher.

- [Alessandro Ghedini brought this change]

  gtls: add support for the Certificate Status Request TLS extension

  Also known as "status_request" or OCSP stapling, defined in RFC6066 \ 
section 8.

  This requires GnuTLS 3.1.3 or higher to build, however it's recommended to use
  at least GnuTLS 3.3.11 since previous versions had a bug that caused the OCSP
  response verfication to fail even on valid responses.

- [Alessandro Ghedini brought this change]


  This option can be used to enable/disable certificate status verification using
  the "Certificate Status Request" TLS extension defined in RFC6066 \ 
section 8.

  This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the
  certificate status verification fails, and the Curl_ssl_cert_status_request()
  function, used to check whether the SSL backend supports the status_request

- TheArtOfHttpScripting: skip the date at the top, we have git

- TheArtOfHttpScripting: phrase it TLS lib agnostic

Steve Holme (16 Jan 2015)
- TODO: Added some SMB ideas

- RELEASE-NOTES: Synced with 5f09947d28

- build-openssl.bat: Added check for Perl installation

- checksrc.bat: Better detection of Perl installation

- curl_endian: Fixed build when 64-bit integers are not supported

  Bug: http://curl.haxx.se/mail/lib-2015-01/0094.html
  Reported-by: John E. Malmberg

Daniel Stenberg (15 Jan 2015)
- [Yun SangHo brought this change]

  curl.h: remove extra space

- Curl_pretransfer: reset expected transfer sizes

  Reported-by: Mohammad AlSaleh
  Bug: http://curl.haxx.se/mail/lib-2015-01/0065.html

Marc Hoersken (12 Jan 2015)
- curl_schannel.c: mark session as removed from cache if not freed

  If the session is still used by active SSL/TLS connections, it
  cannot be closed yet. Thus we mark the session as not being cached
  any longer so that the reference counting mechanism in
  Curl_schannel_shutdown is used to close and free the session.

  Reported-by: Jean-Francois Durand

Steve Holme (9 Jan 2015)
- RELEASE-NOTES: Synced with d21b66835f

Guenter Knauf (9 Jan 2015)
- Merge pull request #134 from vszakats/mingw-m64

  add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS

- Merge pull request #136 from vszakats/mingw-allow-custom-cflags

  mingw build: allow to pass custom CFLAGS

Daniel Stenberg (9 Jan 2015)
- NSS: fix compiler error when built http2-enabled

Steve Holme (9 Jan 2015)
- gssapi: Remove need for duplicated GSS_C_NT_HOSTBASED_SERVICE definitions

  Better code reuse and consistency in calls to gss_import_name().

Viktor Szakats (9 Jan 2015)
- mingw build: allow to pass custom CFLAGS

Daniel Stenberg (8 Jan 2015)
- FTP: if EPSV fails on IPV6 connections, bail out

  ... instead of trying PASV, since PASV can't work with IPv6.

  Reported-by: Vojtěch Král

- FTP: fix IPv6 host using link-local address

  ... and make sure we can connect the data connection to a host name that
  is longer than 48 bytes.

  Also simplifies the code somewhat by re-using the original host name
  more, as it is likely still in the DNS cache.

  Original-Patch-by: Vojtěch Král
  Bug: http://curl.haxx.se/bug/view.cgi?id=1468

Steve Holme (8 Jan 2015)
- [Sam Schanken brought this change]

  winbuild: Added option to build with c-ares

  Added support for a WITH_CARES option to be used when invoking nmake
  via Makefile.vc. This option enables linking against both the DLL and
  static versions of the c-ares libraries, as well as the debug and
  release varients, depending on the value of DEBUG. The USE_ARES
  preprocessor symbol is also defined.

Guenter Knauf (8 Jan 2015)
- NetWare build: added TLS-SRP enabled build.

Steve Holme (8 Jan 2015)
- sasl_gssapi: Fixed build on NetBSD with built-in GSS-API

  Bug: http://curl.haxx.se/bug/view.cgi?id=1469
  Reported-by: Thomas Klausner

Viktor Szakats (8 Jan 2015)
- add -m64 clags when targeting mingw64, add -m32/-m64 to LDFLAGS

Daniel Stenberg (8 Jan 2015)
- bump: start working towards 7.40.1

- THANKS: 14 new contributors from the 7.40.0 release notes
   2015-01-08 20:23:53 by Thomas Klausner | Files touched by this commit (3)
Log message:
Fix build with GSSAPI on NetBSD. Enable gssapi again.
   2015-01-08 18:23:07 by Thomas Klausner | Files touched by this commit (4) | Package updated
Log message:
Update to 7.40.0. Disable gssapi by default on NetBSD, since it doesn't
compile any longer, see


Curl and libcurl 7.40.0

 Public curl releases:         143
 Command line options:         162
 curl_easy_setopt() options:   208
 Public functions in libcurl:  58
 Contributors:                 1219

This release includes the following changes:

 o http_digest: Added support for Windows SSPI based authentication
 o version info: Added Kerberos V5 to the supported features
 o Makefile: Added VC targets for WinIDN
 o config-win32: Introduce build targets for VS2012+
 o SSL: Add PEM format support for public key pinning
 o smtp: Added support for the conversion of Unix newlines during mail send [8]
 o smb: Added initial support for the SMB/CIFS protocol
 o Added support for HTTP over unix domain sockets, via
   CURLOPT_UNIX_SOCKET_PATH and --unix-socket
 o sasl: Added support for GSS-API based Kerberos V5 authentication

This release includes the following bugfixes:

 o darwinssl: fix session ID keys to only reuse identical sessions [18]
 o url-parsing: reject CRLFs within URLs [19]
 o OS400: Adjust specific support to last release
 o THANKS: Remove duplicate names
 o url.c: Fixed compilation warning
 o ssh: Fixed build on platforms where R_OK is not defined [1]
 o tool_strdup.c: include the tool strdup.h
 o build: Fixed Visual Studio project file generation of strdup.[c|h]
 o curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY [2]
 o curl.1: show zone index use in a URL
 o mk-ca-bundle.vbs: switch to new certdata.txt url
 o Makefile.dist: Added some missing SSPI configurations
 o build: Fixed no NTLM support for email when CURL_DISABLE_HTTP is defined
 o SSH: use the port number as well for known_known checks [3]
 o libssh2: detect features based on version, not configure checks
 o http2: Deal with HTTP/2 data inside Upgrade response header buffer [4]
 o multi: removed Curl_multi_set_easy_connection
 o symbol-scan.pl: do not require autotools
 o cmake: build libhostname for test suite
 o cmake: fix HAVE_GETHOSTNAME definition
 o tests: fix libhostname visibility
 o tests: fix memleak in server/resolve.c
 o vtls.h: Fixed compiler warning when compiled without SSL
 o CMake: Restore order-dependent header checks
 o CMake: Restore order-dependent library checks
 o tool: Removed krb4 from the supported features
 o http2: Don't send Upgrade headers when we already do HTTP/2
 o examples: Don't call select() to sleep on windows [6]
 o win32: Updated some legacy APIs to use the newer extended versions [5]
 o easy.c: Fixed compilation warning when no verbose string support
 o connect.c: Fixed compilation warning when no verbose string support
 o build: in Makefile.m32 pass -F flag to windres
 o build: in Makefile.m32 add -m32 flag for 32bit
 o multi: when leaving for timeout, close accordingly
 o CMake: Simplify if() conditions on check result variables
 o build: in Makefile.m32 try to detect 64bit target
 o multi: inform about closed sockets before they are closed
 o multi-uv.c: close the file handle after download
 o examples: Wait recommended 100ms when no file descriptors are ready
 o ntlm: Split the SSPI based messaging code from the native messaging code
 o cmake: fix NTLM detection when CURL_DISABLE_HTTP defined
 o cmake: add Kerberos to the supported feature
 o http: Disable pipelining for HTTP/2 and upgraded connections
 o ntlm: Fixed static'ness of local decode function
 o sasl: Reduced the need for two sets of NTLM messaging functions
 o multi.c: Fixed compilation warnings when no verbose string support
 o select.c: fix compilation for VxWorks [7]
 o multi-single.c: switch to use curl_multi_wait
 o curl_multi_wait.3: clarify numfds being used if not NULL
 o http.c: Fixed compilation warnings from features being disabled
 o NSS: enable the CAPATH option [9]
 o docs: Fix FAILONERROR typos
 o HTTP: don't abort connections with pending Negotiate authentication
 o HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a request
 o http_perhapsrewind: don't abort CONNECT requests
 o build: updated dependencies in makefiles
 o multi.c: Fixed compilation warning
 o ftp.c: Fixed compilation warnings when proxy support disabled
 o get_url_file_name: Fixed crash on OOM on debug build
 o cookie.c: Refactored cleanup code to simplify
 o OS400: enable NTLM authentication
 o ntlm: Use Windows Crypt API
 o http2: avoid logging neg "failure" if h2 was not requested
 o schannel_recv: return the correct code [10]
 o VC build: added sspi define for winssl-zlib builds
 o Curl_client_write(): chop long data, convert data only once
 o openldap: do not ignore Curl_client_write() return code
 o ldap: check Curl_client_write() return codes
 o parsedate.c: Fixed compilation warning
 o url.c: Fixed compilation warning when USE_NTLM is not defined
 o ntlm_wb_response: fix "statement not reached" [11]
 o telnet: fix "cast increases required alignment of target type"
 o smtp: Fixed dot stuffing when EOL characters at end of input buffers [12]
 o ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined
 o ntlm: Disable NTLM v2 when 64-bit integers are not supported
 o ntlm: Use short integer when decoding 16-bit values
 o ftp.c: Fixed compilation warning when no verbose string support
 o synctime.c: fixed timeserver URLs
 o mk-ca-bundle.pl: restored forced run again
 o ntlm: Fixed return code for bad type-2 Target Info
 o curl_schannel.c: Data may be available before connection shutdown
 o curl_schannel: Improvements to memory re-allocation strategy [13]
 o darwinssl: aprintf() to allocate the session key
 o tool_util.c: Use GetTickCount64 if it is available
 o lib: Fixed multiple code analysis warnings if SAL are available
 o tool_binmode.c: Explicitly ignore the return code of setmode
 o tool_urlglob.c: Silence warning C6293: Ill-defined for-loop
 o opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS
 o SFTP: work-around servers that return zero size on STAT [14]
 o connect: singleipconnect(): properly try other address families after failure
 o IPV6: address scope != scope id [15]
 o parseurlandfillconn(): fix improper non-numeric scope_id stripping [16]
 o secureserver.pl: make OpenSSL CApath and cert absolute path values
 o secureserver.pl: update Windows detection and fix path conversion
 o secureserver.pl: clean up formatting of config and fix verbose output
 o tests: Added Windows support using Cygwin-based OpenSSH
 o sockfilt.c: use non-Ex functions that are available before WinXP
 o VMS: Updates for 0740-0D1220
 o openssl: warn for SRP set if SSLv3 is used, not for TLS version
 o openssl: make it compile against openssl 1.1.0-DEV master branch
 o openssl: fix SSL/TLS versions in verbose output
 o curl: show size of inhibited data when using -v
 o build: Removed WIN32 definition from the Visual Studio projects
 o build: Removed WIN64 definition from the libcurl Visual Studio projects
 o vtls: Use bool for Curl_ssl_getsessionid() return type
 o sockfilt.c: Replace 100ms sleep with thread throttle
 o sockfilt.c: Reduce the number of individual memory allocations
 o vtls: Don't set cert info count until memory allocation is successful
 o nss: Don't ignore Curl_ssl_init_certinfo() OOM failure
 o nss: Don't ignore Curl_extract_certinfo() OOM failure
 o vtls: Fixed compilation warning and an ignored return code
 o sockfilt.c: Fixed compilation warnings
 o darwinssl: Fixed compilation warning
 o vtls: Use '(void) arg' for unused parameters
 o sepheaders.c: Fixed resource leak on failure
 o lib1900.c: Fixed cppcheck error [17]
 o ldap: Fixed Unicode connection details in Win32 initialsation / bind calls
 o ldap: Fixed Unicode DN, attributes and filter in Win32 search calls
   2014-11-07 15:10:16 by Adam Ciarcinski | Files touched by this commit (3)
Log message:
Changes 7.39.0:
* SSLv3 is disabled by default
* CURLOPT_COOKIELIST: Added "RELOAD" command [5]
* build: Added WinIDN build configuration options to Visual Studio projects
* ssh: improve key file search
* SSL: public key pinning. Use CURLOPT_PINNEDPUBLICKEY and --pinnedpubkey
* vtls: remove QsoSSL support, use gskit!
* mk-ca-bundle: added SHA-384 signature algorithm
* docs: added many examples for libcurl opts and other doc improvements
* build: Added VC ssh2 target to main Makefile
* MinGW: Added support to build with nghttp2
* NetWare: Added support to build with nghttp2
* build: added Watcom support to build with WinSSL
* build: Added optional specific version generation of VC project files

* curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds [9]
* openssl: build fix for versions < 0.9.8e [1]
* newlines: fix mixed newlines to LF-only [2]
* ntlm: Fixed HTTP proxy authentication when using Windows SSPI [3]
* sasl_sspi: Fixed Unicode build [4]
* file: reject paths using embedded %00
* threaded-resolver: revert Curl_expire_latest() switch [6]
* configure: allow --with-ca-path with PolarSSL too
* HTTP/2: Fix busy loop when EOF is encountered
* CURLOPT_CAPATH: return failure if set without backend support
* nss: do not fail if a CRL is already cached
* smtp: Fixed intermittent "SSL3_WRITE_PENDING: bad write retry" error
* fixed 20+ nits/memory leaks identified by Coverity scans
* curl_schannel.c: Fixed possible memory or handle leak
* multi-uv.c: call curl_multi_info_read() better
* Cmake: Check for OpenSSL before OpenLDAP
* Cmake: Fix library list provided to cURL tests
* Cmake: Avoid cycle directory dependencies
* Cmake: Build with GSS-API libraries (MIT or Heimdal)
* vtls: provide backend defines for internal source code
* nss: fix a connection failure when FTPS handle is reused
* tests/http_pipe.py: Python 3 support
* cmake: build tool_hugehelp (ENABLE_MANUAL)
* cmake: enable IPv6 by default if available
* tests: move TESTCASES to Makefile.inc, add show for cmake
* ntlm: Avoid unnecessary buffer allocation for SSPI based type-2 token
* ntlm: Fixed empty/bad base-64 decoded buffer return codes
* ntlm: Fixed empty type-2 decoded message info text
* cmake: add CMake/Macros.cmake to the release tarball
* cmake: use LIBCURL_VERSION from curlver.h
* cmake: generate pkg-config and curl-config
* fixed several superfluous variable assignements identified by cppcheck
* cleanup of 'CURLcode result' return code
* pipelining: only output "is not blacklisted" in debug builds
* SSL: Remove SSLv3 from SSL default due to POODLE attack
* gskit.c: remove SSLv3 from SSL default
* darwinssl: detect possible future removal of SSLv3 from the framework
* ntlm: Only define ntlm data structure when USE_NTLM is defined
* ntlm: Return CURLcode from Curl_ntlm_core_mk_lm_hash()
* ntlm: Return all errors from Curl_ntlm_core_mk_nt_hash()
* sspi: Only call CompleteAuthToken() when complete is needed
* http_negotiate: Fixed missing check for USE_SPNEGO
* HTTP: return larger than 3 digit response codes too [7]
* openssl: Check for NPN / ALPN via OpenSSL version number
* openssl: enable NPN separately from ALPN
* sasl_sspi: Allow DIGEST-MD5 to use current windows credentials
* sspi: Return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failure
* resume: consider a resume from [content-length] to be OK [8]
* sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used
* build-openssl.bat: Fix x64 release build
* cmake: drop _BSD_SOURCE macro usage
* cmake: fix gethostby{addr,name}_r in CurlTests
* cmake: clean OtherTests, fixing -Werror
* cmake: fix struct sockaddr_storage check
* Curl_single_getsock: fix hold/pause sock handling
* SSL: PolarSSL default min SSL version TLS 1.0
* cmake: fix ZLIB_INCLUDE_DIRS use [10]
* buildconf: stop checking for libtool
   2014-10-09 16:07:17 by Thomas Klausner | Files touched by this commit (1163)
Log message:
Remove pkgviews: don't set PKG_INSTALLATION_TYPES in Makefiles.
   2014-09-14 18:43:44 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
Update to 7.38.0:


    supports HTTP/2 draft-14
    CURLE_HTTP2 is a new error code
    CURLAUTH_NEGOTIATE is a new auth define
    CURL_VERSION_GSSAPI is a new capability bit
    no longer use fbopenssl for anything
    schannel: use CryptGenRandom for random numbers
    axtls: define curlssl_random using axTLS's PRNG
    cyassl: use RNG_GenerateBlock to generate a good random number
    findprotocol: show unsupported protocol within quotes
    version: detect and show LibreSSL
    version: detect and show BoringSSL
    imap/pop3/smtp: Kerberos (SASL GSSAPI) authentication via Windows SSPI
    http2: requires nghttp2 0.6.0 or later


    SECURITY ADVISORY: cookie leak with IP address as domain
    SECURITY ADVISORY: cookie leak for TLDs
    fix a build failure on Debian when NSS support is enabled
    HTTP/2: fixed compiler warnings when built disabled
    cyassl: return the correct error code on no CA cert
    http: Deprecate GSS-Negotiate macros due to bad naming
    http: Fixed Negotiate: authentication
    multi: Improve proxy CONNECT performance (regression)
    ntlm_wb: Avoid invoking ntlm_auth helper with empty username
    ntlm_wb: Fix hard-coded limit on NTLM auth packet size
    url.c: use the preferred symbol name: *READDATA
    smtp: fixed a segfault during test 1320 torture test
    cyassl: made it compile with version 2.0.6 again
    nss: do not check the version of NSS at run time
    c-ares: fix build without IPv6 support
    HTTP/2: use base64url encoding
    SSPI Negotiate: Fix 3 memory leaks
    libtest: fixed duplicated line in Makefile
    conncache: fix compiler warning
    openssl: make ossl_send return CURLE_OK better
    HTTP/2: Support expect: 100-continue
    HTTP/2: Fix infinite loop in readwrite_data()
    parsedate: fix the return code for an overflow edge condition
    darwinssl: don't use strtok()
    http_negotiate_sspi: Fixed specific username and password not working
    openssl: replace call to OPENSSL_config
    http2: show the received header for better debugging
    HTTP/2: Move :authority before non-pseudo header fields
    HTTP/2: Reset promised stream, not its associated stream
    HTTP/2: added some more logging for debugging stream problems
    ntlm: Added support for SSPI package info query
    ntlm: Fixed hard coded buffer for SSPI based auth packet generation
    sasl_sspi: Fixed memory leak with not releasing Package Info struct
    sasl_sspi: Fixed SPN not being converted to wchar under Unicode builds
    sasl: Use a dynamic buffer for DIGEST-MD5 SPN generation
    http_negotiate_sspi: Use a dynamic buffer for SPN generation
    sasl_sspi: Fixed missing free of challenge buffer on SPN failure
    sasl_sspi: Fixed hard coded buffer for response generation
    Curl_poll + Curl_wait_ms: fix timeout return value
    docs/SSLCERTS: update the section about NSS database
    create_conn: prune dead connections
    openssl: fix version report for the 0.9.8 branch
    mk-ca-bundle.pl: switched to using hg.mozilla.org
    http: fix the Content-Range: parser
    Curl_disconnect: don't free the URL
    win32: Fixed WinSock 2 #if
    curl.1: clarify --limit-rate's effect on both directions
    disconnect: don't touch easy-related state on disconnects
    Cmake: big cleanup and numerous fixes
    HTTP/2: supports draft-14 - moved :headers before the non-psuedo headers
    HTTP/2: Reset promised stream, not its associated stream
    configure.ac: Add support for recent GSS-API implementations for HP-UX
    CONNECT: close proxy connections that fail
    CURLOPT_NOBODY.3: clarify this option is for downloads
    darwinssl: fix CA certificate checking using PEM format
    resolve: cache lookup for async resolvers
    low-speed-limit: avoid timeout flood
    polarssl: implement CURLOPT_SSLVERSION
    multi: convert CURLM_STATE_CONNECT_PEND handling to a list
    curl_multi_cleanup: remove superfluous NULL assigns
    polarssl: support CURLOPT_CAPATH / --capath
    progress: size_dl/size_ul are always >= 0, and clear "KNOWN" \ 
   2014-07-22 13:38:26 by Thomas Klausner | Files touched by this commit (5) | Package updated
Log message:
Update to 7.37.1:


    bits.close: introduce connection close tracking
    darwinssl: Add support for --cacert
    polarssl: add ALPN support
    docs: Added new option man pages


    build: Fixed incorrect reference to curl_setup.h in Visual Studio files
    build: Use $(TargetDir) and $(TargetName) macros for .pdb and .lib output
    curl.1: clarify that -u can't specify a user with colon
    openssl: Fix uninitialized variable use in NPN callback
    curl_easy_reset: reset the URL
    curl_version_info.3: returns a pointer to a static struct
    url-parser: only use if_nametoindex if detected by configure
    select: with winsock, avoid passing unsupported arguments to select()
    gnutls: don't use deprecated type names anymore
    gnutls: allow building with nghttp2 but without ALPN support
    tests: Fix portability issue with the tftpd server
    curl_sasl_sspi: Fixed corrupt hostname in DIGEST-MD5 SPN
    curl_sasl: extended native DIGEST-MD5 cnonce to be a 32-byte hex string
    random: use Curl_rand() for proper random data
    Curl_ossl_init: call OPENSSL_config for initing engines
    config-win32.h: Updated for VC12
    winbuild: Don't USE_WINSSL when WITH_SSL is being used
    getinfo: HTTP CONNECT code not reset between transfers
    Curl_rand: Use a fake entropy for debug builds when CURL_ENTROPY set
    http2: avoid segfault when using the plain-text http2
    conncache: move the connection counter to the cache struct
    http2: better return code error checking
    curlbuild: fix GCC build on SPARC systems without configure script
    tool_metalink: Support polarssl as digest provider
    curl.h: reverse the enum/define setup for old symbols
    curl.h: moved two really old deprecated symbols
    buildconf: do not search tools in current directory.
    OS400: make it compilable again. Make RPG binding up to date
    nss: do not abort on connection failure (failing tests 305 and 404)
    nss: make the fallback to SSLv3 work again
    tool: prevent valgrind from reporting possibly lost memory (nss only)
    progress callback: skip last callback update on errors
    nss: fix a memory leak when CURLOPT_CRLFILE is used
    compiler warnings: potentially uninitialized variables
    url.c: Fixed memory leak on OOM
    gnutls: ignore invalid certificate dates with VERIFYPEER disabled
    gnutls: fix SRP support with versions of GnuTLS from 2.99.0
    gnutls: fixed a couple of uninitialized variable references
    gnutls: fixed compilation against versions < 2.12.0
    build: Fixed overridden compiler PDB settings in VC7 to VC12
    ntlm_wb: Fixed buffer size not being large enough for NTLMv2 sessions
    netrc: don't abort if home dir cannot be found
    netrc: fixed thread safety problem by using getpwuid_r if available
    cookie: avoid mutex deadlock
    configure: respect host tool prefix for krb5-config
    gnutls: handle IP address in cert name check