Subject: CVS commit: [pkgsrc-2014Q3] pkgsrc/www/curl
From: Matthias Scheler
Date: 2014-11-27 09:18:54
Message id: 20141127081854.47E1798@cvs.netbsd.org

Log Message:
Pullup ticket #4560 - requested by he
www/curl: security update

Revisions pulled up:
- www/curl/Makefile                                             1.143
- www/curl/PLIST                                                1.45
- www/curl/distinfo                                             1.99

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Fri Nov  7 14:10:16 UTC 2014

   Modified Files:
   	pkgsrc/www/curl: Makefile PLIST distinfo

   Log Message:
   Changes 7.39.0:
   * SSLv3 is disabled by default
   * CURLOPT_COOKIELIST: Added "RELOAD" command [5]
   * build: Added WinIDN build configuration options to Visual Studio projects
   * ssh: improve key file search
   * SSL: public key pinning. Use CURLOPT_PINNEDPUBLICKEY and --pinnedpubkey
   * vtls: remove QsoSSL support, use gskit!
   * mk-ca-bundle: added SHA-384 signature algorithm
   * docs: added many examples for libcurl opts and other doc improvements
   * build: Added VC ssh2 target to main Makefile
   * MinGW: Added support to build with nghttp2
   * NetWare: Added support to build with nghttp2
   * build: added Watcom support to build with WinSSL
   * build: Added optional specific version generation of VC project files

   Bugfixes:
   * curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds [9]
   * openssl: build fix for versions < 0.9.8e [1]
   * newlines: fix mixed newlines to LF-only [2]
   * ntlm: Fixed HTTP proxy authentication when using Windows SSPI [3]
   * sasl_sspi: Fixed Unicode build [4]
   * file: reject paths using embedded %00
   * threaded-resolver: revert Curl_expire_latest() switch [6]
   * configure: allow --with-ca-path with PolarSSL too
   * HTTP/2: Fix busy loop when EOF is encountered
   * CURLOPT_CAPATH: return failure if set without backend support
   * nss: do not fail if a CRL is already cached
   * smtp: Fixed intermittent "SSL3_WRITE_PENDING: bad write retry" error
   * fixed 20+ nits/memory leaks identified by Coverity scans
   * curl_schannel.c: Fixed possible memory or handle leak
   * multi-uv.c: call curl_multi_info_read() better
   * Cmake: Check for OpenSSL before OpenLDAP
   * Cmake: Fix library list provided to cURL tests
   * Cmake: Avoid cycle directory dependencies
   * Cmake: Build with GSS-API libraries (MIT or Heimdal)
   * vtls: provide backend defines for internal source code
   * nss: fix a connection failure when FTPS handle is reused
   * tests/http_pipe.py: Python 3 support
   * cmake: build tool_hugehelp (ENABLE_MANUAL)
   * cmake: enable IPv6 by default if available
   * tests: move TESTCASES to Makefile.inc, add show for cmake
   * ntlm: Avoid unnecessary buffer allocation for SSPI based type-2 token
   * ntlm: Fixed empty/bad base-64 decoded buffer return codes
   * ntlm: Fixed empty type-2 decoded message info text
   * cmake: add CMake/Macros.cmake to the release tarball
   * cmake: add SUPPORT_FEATURES and SUPPORT_PROTOCOLS
   * cmake: use LIBCURL_VERSION from curlver.h
   * cmake: generate pkg-config and curl-config
   * fixed several superfluous variable assignements identified by cppcheck
   * cleanup of 'CURLcode result' return code
   * pipelining: only output "is not blacklisted" in debug builds
   * SSL: Remove SSLv3 from SSL default due to POODLE attack
   * gskit.c: remove SSLv3 from SSL default
   * darwinssl: detect possible future removal of SSLv3 from the framework
   * ntlm: Only define ntlm data structure when USE_NTLM is defined
   * ntlm: Return CURLcode from Curl_ntlm_core_mk_lm_hash()
   * ntlm: Return all errors from Curl_ntlm_core_mk_nt_hash()
   * sspi: Only call CompleteAuthToken() when complete is needed
   * http_negotiate: Fixed missing check for USE_SPNEGO
   * HTTP: return larger than 3 digit response codes too [7]
   * openssl: Check for NPN / ALPN via OpenSSL version number
   * openssl: enable NPN separately from ALPN
   * sasl_sspi: Allow DIGEST-MD5 to use current windows credentials
   * sspi: Return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failure
   * resume: consider a resume from [content-length] to be OK [8]
   * sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used
   * build-openssl.bat: Fix x64 release build
   * cmake: drop _BSD_SOURCE macro usage
   * cmake: fix gethostby{addr,name}_r in CurlTests
   * cmake: clean OtherTests, fixing -Werror
   * cmake: fix struct sockaddr_storage check
   * Curl_single_getsock: fix hold/pause sock handling
   * SSL: PolarSSL default min SSL version TLS 1.0
   * cmake: fix ZLIB_INCLUDE_DIRS use [10]
   * buildconf: stop checking for libtool

Files:
RevisionActionfile
1.141.2.1modifypkgsrc/www/curl/Makefile
1.44.2.1modifypkgsrc/www/curl/PLIST
1.98.2.1modifypkgsrc/www/curl/distinfo