Navigation:
Browse pkgsrc
(this page)
www curl
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ] 2017-12-27 19:34:01 by S.P.Zeidler | Files touched by this commit (3) |  |
Log message:
Pullup ticket #5657 - requested by he
www/curl: security update
Revisions pulled up:
- www/curl/Makefile 1.190
- www/curl/distinfo 1.140,1.139
- www/curl/patches/patch-configure 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Wed Nov 29 13:56:28 UTC 2017
Modified Files:
pkgsrc/www/curl: Makefile distinfo
Log message:
curl: update to 7.57.0.
Curl and libcurl 7.57.0
o auth: add support for RFC7616 - HTTP Digest access authentication [12]
o share: add support for sharing the connection cache [31]
o HTTP: implement Brotli content encoding [28]
This release includes the following bugfixes:
o CVE-2017-8816: NTLM buffer overflow via integer overflow [47]
o CVE-2017-8817: FTP wildcard out of bounds read [48]
o CVE-2017-8818: SSL out of buffer access [49]
o curl_mime_filedata.3: fix typos [1]
o libtest: Add required test libraries for lib1552 and lib1553 [2]
o fix time diffs for systems using unsigned time_t [3]
o ftplistparser: memory leak fix: free temporary memory always [4]
o multi: allow table handle sizes to be overridden [5]
o wildcards: don't use with non-supported protocols [6]
o curl_fnmatch: return error on illegal wildcard pattern [7]
o transfer: Fix chunked-encoding upload too early exit [8]
o curl_setup: Improve detection of CURL_WINDOWS_APP [9]
o resolvers: only include anything if needed [10]
o setopt: fix CURLOPT_SSH_AUTH_TYPES option read
o appveyor: add a win32 build
o Curl_timeleft: change return type to timediff_t [11]
o cmake: Export libcurl and curl targets to use by other cmake projects [13]
o curl: in -F option arg, comma is a delimiter for files only [14]
o curl: improved ";type=" handling in -F option arguments
o timeval: use mach_absolute_time() on MacOS [15]
o curlx: the timeval functions are no longer provided as curlx_* [16]
o mkhelp.pl: do not generate comment with current date [17]
o memdebug: use send/recv signature for curl_dosend/curl_dorecv [18]
o cookie: avoid NULL dereference [19]
o url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 [20]
o include: remove conncache.h inclusion from where its not needed
o CURLOPT_MAXREDIRS: allow -1 as a value [21]
o tests: Fixed torture tests on tests 556 and 650
o http2: Fixed OOM handling in upgrade request
o url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
o CURLOPT_INFILESIZE: accept -1 [22]
o curl: pass through [] in URLs instead of calling globbing error [23]
o curl: speed up handling of many URLs [24]
o ntlm: avoid malloc(0) for zero length passwords [25]
o url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES [26]
o HTTP: support multiple Content-Encodings [27]
o travis: add a job with brotli enabled
o url: remove unncessary NULL-check
o fnmatch: remove dead code
o connect: store IPv6 connection status after valid connection [29]
o imap: deal with commands case insensitively [30]
o --interface: add support for Linux VRF [32]
o content_encoding: fix inflate_stream for no bytes available [33]
o cmake: Correctly include curl.rc in Windows builds [34]
o cmake: Add missing setmode check [35]
o connect.c: remove executable bit on file [36]
o SMB: fix uninitialized local variable
o zlib/brotli: only include header files in modules needing them [37]
o URL: return error on malformed URLs with junk after IPv6 bracket [38]
o openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY [39]
o macOS: Fix missing connectx function with Xcode version older than 9.0 [40]
o --resolve: allow IP address within [] brackets [41]
o examples/curlx: Fix code style [42]
o ntlm: remove unnecessary NULL-check to please scan-build [43]
o Curl_llist_remove: fix potential NULL pointer deref [43]
o mime: fix "Value stored to 'sz' is never read" scan-build error [43]
o openssl: fix "Value stored to 'rc' is never read" scan-build \
error [43]
o http2: fix "Value stored to 'hdbuf' is never read" scan-build \
error [43]
o http2: fix "Value stored to 'end' is never read" scan-build \
error [43]
o Curl_open: fix OOM return error correctly [43]
o url: reject ASCII control characters and space in host names [44]
o examples/rtsp: clear RANGE again after use [45]
o connect: improve the bind error message [46]
o make: fix "make distclean" [50]
o connect: add support for new TCP Fast Open API on Linux [51]
o metalink: fix memory-leak and NULL pointer dereference [52]
o URL: update "file:" URL handling [53]
o ssh: remove check for a NULL pointer [54]
o global_init: ignore CURL_GLOBAL_SSL's absense [55]
To generate a diff of this commit:
cvs rdiff -u -r1.189 -r1.190 pkgsrc/www/curl/Makefile
cvs rdiff -u -r1.139 -r1.140 pkgsrc/www/curl/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: jperkin
Date: Fri Nov 3 09:40:37 UTC 2017
Modified Files:
pkgsrc/www/curl: distinfo
pkgsrc/www/curl/patches: patch-configure
Log message:
curl: Don't strip out user-supplied debug flags.
To generate a diff of this commit:
cvs rdiff -u -r1.138 -r1.139 pkgsrc/www/curl/distinfo
cvs rdiff -u -r1.2 -r1.3 pkgsrc/www/curl/patches/patch-configure
|
| 2017-11-12 13:13:32 by S.P.Zeidler | Files touched by this commit (3) | |
Log message:
Pullup ticket #5641 - requested by he
www/curl: security update
Revisions pulled up:
- www/curl/Makefile 1.188-1.189
- www/curl/PLIST 1.66
- www/curl/distinfo 1.137-1.138
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Wed Oct 4 06:32:58 UTC 2017
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
Log message:
curl: update to 7.56.0.
Curl and libcurl 7.56.0
This release includes the following changes:
o curl: enable compression for SCP/SFTP with --compressed-ssh [11]
o libcurl: enable compression for SCP/SFTP with CURLOPT_SSH_COMPRESSION [11]
o vtls: added dynamic changing SSL backend with curl_global_sslset() [28]
o new MIME API, curl_mime_init() and friends [32]
o openssl: initial SSLKEYLOGFILE implementation [36]
This release includes the following bugfixes:
o FTP: zero terminate the entry path even on bad input [67]
o examples/ftpuploadresume.c: use portable code
o runtests: match keywords case insensitively
o travis: build the examples too [1]
o strtoofft: reduce integer overflow risks globally [2]
o zsh.pl: produce a working completion script again [3]
o cmake: remove dead code for CURL_DISABLE_RTMP [4]
o progress: Track total times following redirects [5]
o configure: fix --disable-threaded-resolver [6]
o cmake: remove dead code for DISABLED_THREADSAFE [7]
o configure: fix clang version detection
o darwinssi: fix error: variable length array used
o travis: add metalink to some osx builds [8]
o configure: check for __builtin_available() availability [9]
o http_proxy: fix build error for CURL_DOES_CONVERSIONS [10]
o examples/ftpuploadresume: checksrc compliance
o ftp: fix CWD when doing multicwd then nocwd on same connection [12]
o system.h: remove all CURL_SIZEOF_* defines [13]
o http: Don't wait on CONNECT when there is no proxy [14]
o system.h: check for __ppc__ as well [15]
o http2_recv: return error better on fatal h2 errors [16]
o scripts/contri*sh: use "git log --use-mailmap"
o tftp: fix memory leak on too long filename [17]
o system.h: fix build for hppa [18]
o cmake: enable picky compiler options with clang and gcc [19]
o makefile.m32: add support for libidn2 [20]
o curl: turn off MinGW CRT's globbing [21]
o request-target.d: mention added in 7.55.0
o curl: shorten and clean up CA cert verification error message [22]
o imap: support PREAUTH [23]
o CURLOPT_USERPWD.3: see also CURLOPT_PROXYUSERPWD
o examples/threaded-ssl: mention that this is for openssl before 1.1
o winbuild: fix embedded manifest option [24]
o tests: Make sure libtests & unittests call curl_global_cleanup()
o system.h: include sys/poll.h for AIX [25]
o darwinssl: handle long strings in TLS certs [26]
o strtooff: fix build for systems with long long but no strtoll [27]
o asyn-thread: Improved cleanup after OOM situations
o HELP-US.md: "How to get started helping out in the curl project" [29]
o curl.h: CURLSSLBACKEND_WOLFSSL used wrong value [30]
o unit1301: fix error message on first test
o ossfuzz: moving towards the ideal integration [31]
o http: fix a memory leakage in checkrtspprefix()
o examples/post-callback: stop returning one byte at a time
o schannel: return CURLE_SSL_CACERT on failed verification [33]
o MAIL-ETIQUETTE: added "1.9 Your emails are public"
o http-proxy: treat all 2xx as CONNECT success [34]
o openssl: use OpenSSL's default ciphers by default [35]
o runtests.pl: support attribute "nonewline" in part verify/upload
o configure: remove --enable-soname-bump and SONAME_BUMP [37]
o travis: add c-ares enabled builds linux + osx [38]
o vtls: fix WolfSSL 3.12 build problems [39]
o http-proxy: when not doing CONNECT, that phase is done immediately [40]
o configure: fix curl_off_t check's include order [41]
o configure: use -Wno-varargs on clang 3.9[.X] debug builds
o rtsp: do not call fwrite() with NULL pointer FILE * [42]
o mbedtls: enable CA path processing [43]
o travis: add build without HTTP/SMTP/IMAP
o checksrc: verify more code style rules [44]
o HTTP proxy: on connection re-use, still use the new remote port [45]
o tests: add initial gssapi test using stub implementation [46]
o rtsp: Segfault when using WRITEDATA [47]
o docs: clarify the CURLOPT_INTERLEAVE* options behavior
o non-ascii: use iconv() with 'char **' argument [48]
o server/getpart: provide dummy function to build conversion enabled
o conversions: fix several compiler warnings
o openssl: add missing includes [49]
o schannel: Support partial send for when data is too large [50]
o socks: fix incorrect port number in SOCKS4 error message [51]
o curl: fix integer overflow in timeout options [52]
o travis: on mac, don't install openssl or libidn [53]
o cookies: reject oversized cookies instead of truncating [54]
o cookies: use lock when using CURLINFO_COOKIELIST [55]
o curl: check fseek() return code and bail on error
o examples/post-callback: use long for CURLOPT_POSTFIELDSIZE
o openssl: only verify RSA private key if supported [56]
o tests: make the imap server not verify user+password [57]
o imap: quote atoms properly when escaping characters [58]
o tests: fix a compiler warning in test 643
o file_range: avoid integer overflow when figuring out byte range [59]
o curl.h: include <sys/select.h> on cygwin too [60]
o reuse_conn: don't copy flags that are known to be equal [61]
o http: fix adding custom empty headers to repeated requests [62]
o docs: clarify the use of environment variables for proxy [63]
o docs: link CURLOPT_CONNECTTIMEOUT and CURLOPT_CONNECTTIMEOUT_MS [64]
o connect: fix race condition with happy eyeballs timeout [65]
o cookie: fix memory leak if path was set twice in header [66]
o vtls: compare and clone ssl configs properly [68]
o proxy: read the "no_proxy" variable only if necessary [69]
To generate a diff of this commit:
cvs rdiff -u -r1.187 -r1.188 pkgsrc/www/curl/Makefile
cvs rdiff -u -r1.65 -r1.66 pkgsrc/www/curl/PLIST
cvs rdiff -u -r1.136 -r1.137 pkgsrc/www/curl/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: adam
Date: Mon Oct 23 06:59:36 UTC 2017
Modified Files:
pkgsrc/www/curl: Makefile distinfo
Log message:
curl: update to 7.56.1
Curl and libcurl 7.56.1
This release includes the following bugfixes:
o imap: if a FETCH response has no size, don't call write callback
o ftp: UBsan fixup 'pointer index expression overflowed
o failf: skip the sprintf() if there are no consumers
o fuzzer: move to using external curl-fuzzer
o lib/Makefile.m32: allow customizing dll suffixes
o docs: fix typo in curl_mime_data_cb man page
o darwinssl: add support for TLSv1.3
o build: fix --disable-crypto-auth
o lib/config-win32.h: let SMB/SMBS be enabled with OpenSSL/NSS
o openssl: fix build without HAVE_OPAQUE_EVP_PKEY
o strtoofft: Remove extraneous null check
o multi_cleanup: call DONE on handles that never got that
o tests: added flaky keyword to tests 587 and 644
o pingpong: return error when trying to send without connection
o remove_handle: call multi_done() first, then clear dns cache pointer
o mime: be tolerant about setting twice the same header list in a part.
o mime: improve unbinding top multipart from easy handle.
o mime: avoid resetting a part's encoder when part's contents change.
o mime: refuse to add subparts to one of their own descendants
o RTSP: avoid integer overflow on funny RTSP responses
o curl: don't pass semicolons when parsing Content-Disposition
o openssl: enable PKCS12 support for !BoringSSL
o FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION
o CURLOPT_NOPROGRESS.3: also refer to xferinfofunction
o CURLOPT_XFERINFODATA.3: fix duplicate see also
o test298: verify --ftp-method nowcwd with URL encoded path
o FTP: URL decode path for dir listing in nocwd mode
o smtp_done: fix memory leak on send failure
o ftpserver: support case insensitive commands
o test950; verify SMTP with custom request
o openssl: don't use old BORINGSSL_YYYYMM macros
o setopt: update current connection SSL verify params
o winbuild/BUILD.WINDOWS.txt: mention WITH_NGHTTP2
o curl: reimplement stdin buffering in -F option
o mime: keep "text/plain" content type if user-specified
o mime: fix the content reader to handle >16K data properly
o configure: remove the C++ compiler check
o memdebug: trace send, recv and socket
o runtests: use valgrind for torture as well
o ldap: silence clang warning
o makefile.m32: allow to override gcc, ar and ranlib
o setopt: avoid integer overflows when setting millsecond values
o setopt: range check most long options
o ftp: reject illegal IP/port in PASV 227 response
o mime: do not reuse previously computed multipart size
o vtls: change struct Curl_ssl `close' field name to `close_one'
o os400: add missing symbols in config file
o mime: limit bas64-encoded lines length to 76 characters
o mk-ca-bundle: Remove URL for aurora
o mk-ca-bundle: Fix URL for NSS
To generate a diff of this commit:
cvs rdiff -u -r1.188 -r1.189 pkgsrc/www/curl/Makefile
cvs rdiff -u -r1.137 -r1.138 pkgsrc/www/curl/distinfo
|
New packages: