Path to this page:
./
www/curl,
Client that groks URLs
Branch: pkgsrc-2021Q1,
Version: 7.76.0,
Package name: curl-7.76.0,
Maintainer: leotCurl is a command line tool for transferring files with URL syntax, supporting
FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. Curl supports
HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload,
proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate,
kerberos...), file transfer resume, proxy tunneling and a busload of other
useful tricks.
Package options: gssapi, http2, idn, inet6
Master sites:
SHA1: b4e7ee3c9b9d086a116c2f37f0969fc47cbf3ad0
RMD160: a24268c5c860c374c892fa6ae2e9426da922484e
Filesize: 2371.633 KB
Version history: (Expand)
- (2021-04-04) Updated to version: curl-7.76.0
- (2021-03-30) Package added to pkgsrc.se, version curl-7.75.0 (created)
CVS history: (Expand)
2021-04-04 15:22:06 by S.P.Zeidler | Files touched by this commit (3) | |
Log message:
Pullup ticket #6435 - requested by leot
www/curl: security update
Revisions pulled up:
- www/curl/Makefile 1.240
- www/curl/PLIST 1.85
- www/curl/distinfo 1.169
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: leot
Date: Wed Mar 31 09:52:31 UTC 2021
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
Log message:
curl: Update to 7.76.0
Changes:
7.76.0
===
This release includes the following changes:
o cookies: Support multiple -b parameters
o curl: add --fail-with-body
o doh: add options to disable ssl verification
o http: add support to read and store the referrer header
o sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl
o vtls: initial implementation of rustls backend
This release includes the following bugfixes:
o CVE-2021-22876: strip credentials from the auto-referer header field
o CVE-2021-22890: add 'isproxy' argument to Curl_ssl_get/addsessionid()
o asyn-ares: use consistent resolve error message
o BUG-BOUNTY: removed the cooperation mention
o build: delete unused feature guards
o build: fix --disable-dateparse
o build: fix --disable-http-auth
o build: remove all traces of USE_BLOCKING_SOCKETS
o c-hyper: Remove superfluous pointer check
o c-hyper: support automatic content-encoding
o CI/azure: disable test 433 on azure-ubuntu
o CI/azure: replace python-impacket with python3-impacket
o ci: stop building on freebsd-12-1
o cmake: fix import library name for non-MS compiler on Windows
o cmake: use CMAKE_INSTALL_INCLUDEDIR indirection
o cmake: support WinIDN
o config: fix building SMB with configure using Win32 Crypto
o config: fix detection of restricted Windows App environment
o configure: fail if --with-quiche is used and quiche isn't found
o configure: make AC_TRY_* into AC_*_IFELSE
o configure: make hyper opt-in, and fail if missing
o configure: only add OpenSSL paths if they are defined
o configure: provide Largefile feature for curl-config
o configure: remove use of deprecated macros
o configure: s/AC_HELP_STRING/AS_HELP_STRING
o cookies: Fix potential NULL pointer deref with PSL
o curl: set CURLOPT_NEW_FILE_PERMS if requested
o curl_easy_setopt.3: add curl_easy_option* functions to SEE ALSO
o curl_multibyte: always return a heap-allocated copy of string
o curl_multibyte: fall back to local code page stat/access on Windows
o Curl_timeleft: check both timeouts during connect
o curl_url_set.3: mention CURLU_PATH_AS_IS
o CURLOPT_QUOTE.3: clarify that libcurl doesn't parse what's sent
o docs/HTTP2: remove the outdated remark about multiplexing for the tool
o docs/Makefile.inc: format to be update-friendly
o docs: add CURLOPT_CURLU to 'See also' in curl_url_ functions
o docs: add missing Arg tag to --stderr
o docs: Add SSL backend names to CURL_SSL_BACKEND
o docs: clarify timeouts for queued transfers in multi API
o docs: Explain DOH transfers inherit some SSL settings
o docs: fix FILE example url in --metalink documentation
o docs: make gen.pl support *italic* and **bold**
o doh: Fix sharing user's resolve list with DOH handles
o doh: Inherit CURLOPT_STDERR from user's easy handle
o dynbuf: bump the max HTTP request to 1MB
o examples: Remove threaded-shared-conn.c due to bug
o file: Support unicode urls on windows
o ftp: add 'list_only' to the transfer state struct
o ftp: add 'prefer_ascii' to the transfer state struct
o FTP: allow SIZE to fail when doing (resumed) upload
o ftp: avoid SIZE when asking for a TYPE A file
o ftp: fix Codacy/cppcheck warning about null pointer arithmetic
o ftp: fix memory leak in ftp_done
o ftp: never set data->set.ftp_append outside setopt
o gen.pl: quote "bare" minuses in the nroff curl.1
o github: add torture-ftp for FTP-only torture testing
o gnutls: assume nettle crypto support
o gskit: correct the gskit_send() prototype
o hostip: fix build with sync resolver
o hostip: fix crash in sync resolver builds that use DOH
o hsts: remove unused defines
o http2: don't set KEEP_SEND when there's no more data to be sent
o http2: fail if connection terminated without END_STREAM
o http: cap body data amount during send speed limiting
o http: do not add a referrer header with empty value
o http: make 416 not fail with resume + CURLOPT_FAILONERRROR
o http: remove superfluous NULL assign
o http: strip default port from URL sent to proxy
o http: use credentials from transfer, not connection
o ldap: use correct memory free function
o lib1536: check ptr against NULL before dereferencing it
o lib1537: check ptr against NULL before dereferencing it
o lib: remove 'conn->data' completely
o libssh2: kdb_callback: get the right struct pointer
o libssh2:ssh_connect: clear session pointer after free
o memdebug: close debug logfile explicitly on exit
o mingw: enable using strcasecmp()
o multi: close the connection when h2=>h1 downgrading
o multi: do once-per-transfer inits in before_perform in DID state
o multi: rename the multi transfer states
o multi: update pending list when removing handle
o ngtcp2: adapt to the new recv_datagram callback
o ngtcp2: clarify calculation precedence
o ngtcp2: Fix build error due to change in ngtcp2_addr_init
o ngtcp2: sync with recent API updates
o openldap: avoid NULL pointer dereferences
o openssl: adapt to v3's new const for a few API calls
o openssl: ensure to check SSL_CTX_set_alpn_protos return values
o openssl: remove get_ssl_version_txt in favor of SSL_get_version
o openssl: set the transfer pointer for logging early
o OS400: update for CURLOPT_AWS_SIGV4
o parse_proxy: fix a memory leak in the OOM path
o pathhelp.pm: fix use of pwd -L in Msys environment
o projects: Update VS projects for OpenSSL 1.1.x
o quiche: fix build error: use 'int' for port number
o quiche: fix crash when failing to connect
o retry-all-errors.d: Explain curl errors versus HTTP response errors
o retry.d: Clarify transient 5xx HTTP response codes
o runtests.pl: add %TESTNUMBER variable to make copying tests more convenient
o runtests.pl: add a -P option to specify an external proxy
o runtests.pl: kill processes locking test log files
o setopt: error on CURLOPT_HTTP09_ALLOWED set true with Hyper
o test1188: change error to check for: --fail HTTP status
o test220/314: adjust to run with Hyper
o test304: header CRLF cleanup to work with Hyper
o test306: make it not run with Hyper
o tests: disable .curlrc in more environments
o tests: use %TESTNUMBER instead of fixed number
o tftp: remove the 3600 second default timeout
o time: enable 64-bit time_t in supported mingw environments
o tool_help: add missing argument for --create-file-mode
o tool_help: Increase space between option and description
o tool_operate: bail if set CURLOPT_HTTP09_ALLOWED returns error
o travis: add a rustls build
o travis: bump wolfssl to 4.7.0
o travis: only build wolfssl when needed
o travis: split "torture" into a separate "events" build
o travis: switch ngtcp2 build over to quictls
o travis: use ubuntu nghttp2 package instead of build our own
o url.c: use consistent error message for failed resolve
o url: fix memory leak if OOM in the HSTS handling
o url: fix possible use-after-free in default protocol
o urldata: don't touch data->set.httpversion at run-time
o urldata: fix build without HTTP and MQTT
o urldata: make 'actions[]' use unsigned char instead of int
o urldata: merge "struct DynamicStatic" into "struct \
UrlState"
o urldata: remove the 'rtspversion' field
o urldata: remove the _ORIG suffix from string names
o version.d: Add missing features to the features list
o wolfssl: don't store a NULL sessionid
To generate a diff of this commit:
cvs rdiff -u -r1.239 -r1.240 pkgsrc/www/curl/Makefile
cvs rdiff -u -r1.84 -r1.85 pkgsrc/www/curl/PLIST
cvs rdiff -u -r1.168 -r1.169 pkgsrc/www/curl/distinfo
|