pkgsrc.se | The NetBSD package collection

./www/curl, Client that groks URLs

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2018Q4, Version: 7.64.0, Package name: curl-7.64.0, Maintainer: pkgsrc-users

Curl is a command line tool for transferring files with URL syntax, supporting
FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. Curl supports
HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload,
proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate,
kerberos...), file transfer resume, proxy tunneling and a busload of other
useful tricks.

Required to run:
[devel/libidn2]

Required to build:
[pkgtools/cwrappers]

Package options: gssapi, idn, inet6

Master sites:

https://curl.haxx.se/download/ (Download)

SHA1: 7539acc0742c2fb1472bc2904f0bd58eeebc011a
RMD160: 40806b3ea50ddab9d2f063dad37e81fdf6b04a17
Filesize: 2342.68 KB

Version history: (Expand)

(2019-02-16) Updated to version: curl-7.64.0
(2019-01-02) Package added to pkgsrc.se, version curl-7.63.0nb1 (created)

CVS history: (Expand)

2019-02-16 16:59:04 by Benny Siegert | Files touched by this commit (3) | Package updated

Log message:
Pullup ticket #5910 - requested by mlelstv
www/curl: security fix

Revisions pulled up:
- www/curl/Makefile                                             1.207
- www/curl/PLIST                                                1.73
- www/curl/distinfo                                             1.150

---
   Module Name:    pkgsrc
   Committed By:   adam
   Date:           Wed Feb  6 08:02:48 UTC 2019

   Modified Files:
           pkgsrc/www/curl: Makefile PLIST distinfo

   Log message:
   curl: updated to 7.64.0

   curl and libcurl 7.64.0

   This release includes the following changes:
   * cookies: leave secure cookies alone
   * hostip: support wildcard hosts
   * http: Implement trailing headers for chunked transfers
   * http: added options for allowing HTTP/0.9 responses
   * timeval: Use high resolution timestamps on Windows

   This release includes the following bugfixes:
   * CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
   * CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
   * CVE-2019-3823: SMTP end-of-response out-of-bounds read
   * FAQ: remove mention of sourceforge for github
   * OS400: handle memory error in list conversion
   * OS400: upgrade ILE/RPG binding.
   * README: add codacy code quality badge
   * Revert http_negotiate: do not close connection
   * THANKS: added several missing names from year <= 2000
   * build: make 'tidy' target work for metalink builds
   * cmake: added checks for variadic macros
   * cmake: updated check for HAVE_POLL_FINE to match autotools
   * cmake: use lowercase for function name like the rest of the code
   * configure: detect xlclang separately from clang
   * configure: fix recv/send/select detection on Android
   * configure: rewrite --enable-code-coverage
   * conncache_unlock: avoid indirection by changing input argument type
   * cookie: fix comment typo
   * cookies: allow secure override when done over HTTPS
   * cookies: extend domain checks to non psl builds
   * cookies: skip custom cookies when redirecting cross-site
   * curl --xattr: strip credentials from any URL that is stored
   * curl -J: refuse to append to the destination file
   * curl/urlapi.h: include "curl.h" first
   * curl_multi_remove_handle() don't block terminating c-ares requests
   * darwinssl: accept setting max-tls with default min-tls
   * disconnect: separate connections and easy handles better
   * disconnect: set conn->data for protocol disconnect
   * docs/version.d: mention MultiSSL
   * docs: fix the --tls-max description
   * docs: use $(INSTALL_DATA) to install man page
   * docs: use meaningless port number in CURLOPT_LOCALPORT example
   * gopher: always include the entire gopher-path in request
   * http2: clear pause stream id if it gets closed
   * if2ip: remove unused function Curl_if_is_interface_name
   * libssh: do not let libssh create socket
   * libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
   * libssh: free sftp_canonicalize_path() data correctly
   * libtest/stub_gssapi: use "real" snprintf
   * mbedtls: use VERIFYHOST
   * multi: multiplexing improvements
   * multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
   * ntlm: fix NTMLv2 compliance
   * ntlm_sspi: add support for channel binding
   * openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
   * openssl: fix the SSL_get_tlsext_status_ocsp_resp call
   * openvms: fix OpenSSL discovery on VAX
   * openvms: fix typos in documentation
   * os400: add a missing closing bracket
   * os400: fix extra parameter syntax error
   * pingpong: change default response timeout to 120 seconds
   * pingpong: ignore regular timeout in disconnect phase
   * printf: fix format specifiers
   * runtests.pl: Fix perl call to include srcdir
   * schannel: fix compiler warning
   * schannel: preserve original certificate path parameter
   * schannel: stop calling it "winssl"
   * sigpipe: if mbedTLS is used, ignore SIGPIPE
   * smb: fix incorrect path in request if connection reused
   * ssh: log the libssh2 error message when ssh session startup fails
   * test1558: verify CURLINFO_PROTOCOL on file:// transfer
   * test1561: improve test name
   * test1653: make it survive torture tests
   * tests: allow tests to pass by 2037-02-12
   * tests: move objnames-* from lib into tests
   * timediff: fix math for unsigned time_t
   * timeval: Disable MSVC Analyzer GetTickCount warning
   * tool_cb_prg: avoid integer overflow
   * travis: added cmake build for osx
   * urlapi: Fix port parsing of eol colon
   * urlapi: distinguish possibly empty query
   * urlapi: fix parsing ipv6 with zone index
   * urldata: rename easy_conn to just conn
   * winbuild: conditionally use /DZLIB_WINAPI
   * wolfssl: fix memory-leak in threaded use
   * spnego_sspi: add support for channel binding