pkgsrc.se | The NetBSD package collection

./www/curl, Client that groks URLs

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2013Q4, Version: 7.35.0, Package name: curl-7.35.0, Maintainer: pkgsrc-users

Curl is a command line tool for transferring files with URL syntax, supporting
FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. Curl supports
HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload,
proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate,
kerberos...), file transfer resume, proxy tunneling and a busload of other
useful tricks.

Required to run:
[devel/libidn]

Package options: gssapi, inet6, libidn

Master sites: (Expand)

SHA1: 14d1bca35f611112da0db098b0469efb4a60c8a9
RMD160: 12844fdfa59538b4daa7d68a57e9d7d680473bf3
Filesize: 2716.279 KB

Version history: (Expand)

(2014-03-11) Updated to version: curl-7.35.0
(2014-01-01) Package added to pkgsrc.se, version curl-7.33.0 (created)

CVS history: (Expand)

2014-03-11 13:47:11 by Matthias Scheler | Files touched by this commit (4) | Package updated

Log message:
Pullup ticket #4338 - requested by taca
www/curl: security update

Revisions pulled up:
- www/curl/Makefile                                             1.133-1.134
- www/curl/PLIST                                                1.43
- www/curl/distinfo                                             1.91-1.92
- www/curl/patches/patch-aa                                     1.25

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Tue Dec 31 11:48:03 UTC 2013

   Modified Files:
   	pkgsrc/www/curl: Makefile PLIST distinfo

   Log message:
   Changes 7.34.0:
   SSL: protocol version can be specified more precisely
   imap/pop3/smtp: Added graceful cancellation of SASL authentication
   Add "Happy Eyeballs" for IPv4/IPv6 dual connect attempts
   base64: Added validation of base64 input strings when decoding
   curl_easy_setopt: Added the ability to set the login options separately
   smtp: Added support for additional SMTP commands
   curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internals
   nss: allow to use TLS > 1.0 if built against recent NSS
   SECURITY: added this document to describe our security processes
   parseconfig: warn if unquoted white spaces are detected

   Bugfixes:
   SECURITY VULNERABILITY: libcurl cert name check ignore with GnuTLS
   darwinssl: un-break iOS build after PKCS/12 feature added
   tool: use XFERFUNCTION to save some casts
   usercertinmem: fix memory leaks
   ssh: Handle successful SSH_USERAUTH_NONE
   NSS: acknowledge the --no-sessionid/CURLOPT_SSL_SESSIONID_CACHE option
   test906: Fixed failing test on some platforms
   sasl: initialize NSS before using NTLM crypto
   sasl: Fixed memory leak in OAUTH2 message creation
   imap/pop3/smtp: Fixed QUIT / LOGOUT being sent when SSL connect fails
   cmake: unbreak for non-Windows platforms
   ssh: initialize per-handle data in ssh_connect()
   glob: fix broken URLs
   configure: check for long long when building with cyassl
   CURLOPT_RESOLVE: mention they don't time-out
   docs/examples/httpput.c: fix build for MSVC
   FTP: make the data connection work when going through proxy
   NSS: support for CERTINFO feature
   curl_multi_wait: accept 0 from multi_timeout() as valid timeout
   glob_range: pass the closing bracket for a-z ranges
   tool_help: Updated --list-only description to include POP3
   Curl_ssl_push_certinfo_len: don't %.*s non-zero-terminated string
   cmake: fix Windows build with IPv6 support
   ares: Fixed compilation under Visual Studio 2012
   curl_easy_setopt.3: clarify CURLOPT_SSL_VERIFYHOST documentation
   curl.1: mention that -O does no URL decoding
   darwinssl: PKCS/12 import feature now requires Lion or later
   darwinssl: check for SSLSetSessionOption() presence when toggling BEAST
   configure: Fix test with -Werror=implicit-function-declaration
   sigpipe: factor out sigpipe_reset from easy.c
   curl_multi_cleanup: ignore SIGPIPE
   globbing: curl glob counter mismatch with {} list use
   parseconfig: dash options can't specified with colon or equals
   digest: fix CURLAUTH_DIGEST_IE
   curl.h: for OpenBSD
   darwinssl: Fix #if 10.6.0 for SecKeychainSearch
   TFTP: fix return codes for connect timeout
   login options: remove the ;[options] support from CURLOPT_USERPWD
   imap: Fixed incorrect fallback to clear text authentication
   parsedate: avoid integer overflow
   curl.1: document -J doesn't %-decode
   multi: add timer inaccuracy margin to timeout/connecttimeout

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Sat Feb  1 11:07:14 UTC 2014

   Modified Files:
   	pkgsrc/www/curl: Makefile distinfo
   	pkgsrc/www/curl/patches: patch-aa

   Log message:
   Changes 7.35.0:
   imap/pop3/smtp: Added support for SASL authentication downgrades
   imap/pop3/smtp: Extended the login options to support multiple auth mechanisms
   TheArtOfHttpScripting: major update, converted layout and more
   mprintf: Added support for I, I32 and I64 size specifiers
   makefile: Added support for VC7, VC11 and VC12

   Bugfixes:
   SECURITY ADVISORY: re-use of wrong HTTP NTLM connection
   curl_easy_setopt: Fixed OAuth 2.0 Bearer option name
   pop3: Fixed APOP being determined by CAPA response rather than by timestamp
   Curl_pp_readresp: zero terminate line
   FILE: don't wait due to CURLOPT_MAX_RECV_SPEED_LARGE
   docs: mention CURLOPT_MAX_RECV/SEND_SPEED_LARGE don't work for FILE://
   pop3: Fixed auth preference not being honored when CAPA not supported
   imap: Fixed auth preference not being honored when CAPABILITY not supported
   threaded resolver: Use pthread_t * for curl_thread_t
   FILE: we don't support paused transfers using this protocol
   connect: Try all addresses in first connection attempt
   curl_easy_setopt.3: Added SMTP information to CURLOPT_INFILESIZE_LARGE
   OpenSSL: Fix forcing SSLv3 connections
   openssl: allow explicit sslv2 selection
   FTP parselist: fix "total" parser
   conncache: fix possible dereference of null pointer
   multi.c: fix possible dereference of null pointer
   mk-ca-bundle: introduces -d and warns about using this script
   ConnectionExists: fix NTLM check for new connection
   trynextip: fix build for non-IPV6 capable systems
   Curl_updateconninfo: don't do anything for UDP "connections"
   darwinssl: un-break Leopard build after PKCS-12 change
   threaded-resolver: never use NULL hints with getaddrinf
   multi_socket: remind app if timeout didn't run
   OpenSSL: deselect weak ciphers by default
   error message: Sensible message on timeout when transfer size unknown
   curl_easy_setopt.3: mention how to unset CURLOPT_INFILESIZE*
   win32: Fixed use of deprecated function 'GetVersionInfoEx' for VC12
   configure: fix gssapi linking on HP-UX
   chunked-parser: abort on overflows, allow 64 bit chunks
   chunked parsing: relax the CR strictness
   cookie: max-age fixes
   progress bar: always update when at 100%
   progress bar: increase update frequency to 10Hz
   tool: Fixed incorrect return code if command line parser runs out of memory
   tool: Fixed incorrect return code if password prompting runs out of memory
   HTTP POST: omit Content-Length if data size is unknown
   GnuTLS: disable insecure ciphers
   GnuTLS: honor --slv2 and the --tlsv1[.N] switches
   multi: Fixed a memory leak on OOM condition
   netrc: Fixed a memory and file descriptor leak on OOM
   getpass: fix password parsing from console
   TFTP: fix crash on time-out
   hostip: don't remove DNS entries that are in use
   tests: lots of tests fixed to pass the OOM torture tests