Log Message:
Pullup ticket #5641 - requested by he
www/curl: security update

Revisions pulled up:
- www/curl/Makefile                                             1.188-1.189
- www/curl/PLIST                                                1.66
- www/curl/distinfo                                             1.137-1.138

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Wed Oct  4 06:32:58 UTC 2017

   Modified Files:
   	pkgsrc/www/curl: Makefile PLIST distinfo

   Log Message:
   curl: update to 7.56.0.

   Curl and libcurl 7.56.0

   This release includes the following changes:

    o curl: enable compression for SCP/SFTP with --compressed-ssh  [11]
    o libcurl: enable compression for SCP/SFTP with CURLOPT_SSH_COMPRESSION [11]
    o vtls: added dynamic changing SSL backend with curl_global_sslset() [28]
    o new MIME API, curl_mime_init() and friends [32]
    o openssl: initial SSLKEYLOGFILE implementation [36]

   This release includes the following bugfixes:

    o FTP: zero terminate the entry path even on bad input [67]
    o examples/ftpuploadresume.c: use portable code
    o runtests: match keywords case insensitively
    o travis: build the examples too [1]
    o strtoofft: reduce integer overflow risks globally [2]
    o zsh.pl: produce a working completion script again [3]
    o cmake: remove dead code for CURL_DISABLE_RTMP [4]
    o progress: Track total times following redirects [5]
    o configure: fix --disable-threaded-resolver [6]
    o cmake: remove dead code for DISABLED_THREADSAFE [7]
    o configure: fix clang version detection
    o darwinssi: fix error: variable length array used
    o travis: add metalink to some osx builds [8]
    o configure: check for __builtin_available() availability [9]
    o http_proxy: fix build error for CURL_DOES_CONVERSIONS [10]
    o examples/ftpuploadresume: checksrc compliance
    o ftp: fix CWD when doing multicwd then nocwd on same connection [12]
    o system.h: remove all CURL_SIZEOF_* defines [13]
    o http: Don't wait on CONNECT when there is no proxy [14]
    o system.h: check for __ppc__ as well [15]
    o http2_recv: return error better on fatal h2 errors [16]
    o scripts/contri*sh: use "git log --use-mailmap"
    o tftp: fix memory leak on too long filename [17]
    o system.h: fix build for hppa [18]
    o cmake: enable picky compiler options with clang and gcc [19]
    o makefile.m32: add support for libidn2 [20]
    o curl: turn off MinGW CRT's globbing [21]
    o request-target.d: mention added in 7.55.0
    o curl: shorten and clean up CA cert verification error message [22]
    o imap: support PREAUTH [23]
    o CURLOPT_USERPWD.3: see also CURLOPT_PROXYUSERPWD
    o examples/threaded-ssl: mention that this is for openssl before 1.1
    o winbuild: fix embedded manifest option [24]
    o tests: Make sure libtests & unittests call curl_global_cleanup()
    o system.h: include sys/poll.h for AIX [25]
    o darwinssl: handle long strings in TLS certs [26]
    o strtooff: fix build for systems with long long but no strtoll [27]
    o asyn-thread: Improved cleanup after OOM situations
    o HELP-US.md: "How to get started helping out in the curl project" [29]
    o curl.h: CURLSSLBACKEND_WOLFSSL used wrong value [30]
    o unit1301: fix error message on first test
    o ossfuzz: moving towards the ideal integration [31]
    o http: fix a memory leakage in checkrtspprefix()
    o examples/post-callback: stop returning one byte at a time
    o schannel: return CURLE_SSL_CACERT on failed verification [33]
    o MAIL-ETIQUETTE: added "1.9 Your emails are public"
    o http-proxy: treat all 2xx as CONNECT success [34]
    o openssl: use OpenSSL's default ciphers by default [35]
    o runtests.pl: support attribute "nonewline" in part verify/upload
    o configure: remove --enable-soname-bump and SONAME_BUMP [37]
    o travis: add c-ares enabled builds linux + osx [38]
    o vtls: fix WolfSSL 3.12 build problems [39]
    o http-proxy: when not doing CONNECT, that phase is done immediately [40]
    o configure: fix curl_off_t check's include order [41]
    o configure: use -Wno-varargs on clang 3.9[.X] debug builds
    o rtsp: do not call fwrite() with NULL pointer FILE * [42]
    o mbedtls: enable CA path processing [43]
    o travis: add build without HTTP/SMTP/IMAP
    o checksrc: verify more code style rules [44]
    o HTTP proxy: on connection re-use, still use the new remote port [45]
    o tests: add initial gssapi test using stub implementation [46]
    o rtsp: Segfault when using WRITEDATA [47]
    o docs: clarify the CURLOPT_INTERLEAVE* options behavior
    o non-ascii: use iconv() with 'char **' argument [48]
    o server/getpart: provide dummy function to build conversion enabled
    o conversions: fix several compiler warnings
    o openssl: add missing includes [49]
    o schannel: Support partial send for when data is too large [50]
    o socks: fix incorrect port number in SOCKS4 error message [51]
    o curl: fix integer overflow in timeout options [52]
    o travis: on mac, don't install openssl or libidn [53]
    o cookies: reject oversized cookies instead of truncating [54]
    o cookies: use lock when using CURLINFO_COOKIELIST [55]
    o curl: check fseek() return code and bail on error
    o examples/post-callback: use long for CURLOPT_POSTFIELDSIZE
    o openssl: only verify RSA private key if supported [56]
    o tests: make the imap server not verify user+password [57]
    o imap: quote atoms properly when escaping characters [58]
    o tests: fix a compiler warning in test 643
    o file_range: avoid integer overflow when figuring out byte range [59]
    o curl.h: include <sys/select.h> on cygwin too [60]
    o reuse_conn: don't copy flags that are known to be equal [61]
    o http: fix adding custom empty headers to repeated requests [62]
    o docs: clarify the use of environment variables for proxy [63]
    o docs: link CURLOPT_CONNECTTIMEOUT and CURLOPT_CONNECTTIMEOUT_MS [64]
    o connect: fix race condition with happy eyeballs timeout [65]
    o cookie: fix memory leak if path was set twice in header [66]
    o vtls: compare and clone ssl configs properly [68]
    o proxy: read the "no_proxy" variable only if necessary [69]

   To generate a diff of this commit:
   cvs rdiff -u -r1.187 -r1.188 pkgsrc/www/curl/Makefile
   cvs rdiff -u -r1.65 -r1.66 pkgsrc/www/curl/PLIST
   cvs rdiff -u -r1.136 -r1.137 pkgsrc/www/curl/distinfo

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Mon Oct 23 06:59:36 UTC 2017

   Modified Files:
   	pkgsrc/www/curl: Makefile distinfo

   Log Message:
   curl: update to 7.56.1

   Curl and libcurl 7.56.1

   This release includes the following bugfixes:

    o imap: if a FETCH response has no size, don't call write callback
    o ftp: UBsan fixup 'pointer index expression overflowed
    o failf: skip the sprintf() if there are no consumers
    o fuzzer: move to using external curl-fuzzer
    o lib/Makefile.m32: allow customizing dll suffixes
    o docs: fix typo in curl_mime_data_cb man page
    o darwinssl: add support for TLSv1.3
    o build: fix --disable-crypto-auth
    o lib/config-win32.h: let SMB/SMBS be enabled with OpenSSL/NSS
    o openssl: fix build without HAVE_OPAQUE_EVP_PKEY
    o strtoofft: Remove extraneous null check
    o multi_cleanup: call DONE on handles that never got that
    o tests: added flaky keyword to tests 587 and 644
    o pingpong: return error when trying to send without connection
    o remove_handle: call multi_done() first, then clear dns cache pointer
    o mime: be tolerant about setting twice the same header list in a part.
    o mime: improve unbinding top multipart from easy handle.
    o mime: avoid resetting a part's encoder when part's contents change.
    o mime: refuse to add subparts to one of their own descendants
    o RTSP: avoid integer overflow on funny RTSP responses
    o curl: don't pass semicolons when parsing Content-Disposition
    o openssl: enable PKCS12 support for !BoringSSL
    o FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION
    o CURLOPT_NOPROGRESS.3: also refer to xferinfofunction
    o CURLOPT_XFERINFODATA.3: fix duplicate see also
    o test298: verify --ftp-method nowcwd with URL encoded path
    o FTP: URL decode path for dir listing in nocwd mode
    o smtp_done: fix memory leak on send failure
    o ftpserver: support case insensitive commands
    o test950; verify SMTP with custom request
    o openssl: don't use old BORINGSSL_YYYYMM macros
    o setopt: update current connection SSL verify params
    o winbuild/BUILD.WINDOWS.txt: mention WITH_NGHTTP2
    o curl: reimplement stdin buffering in -F option
    o mime: keep "text/plain" content type if user-specified
    o mime: fix the content reader to handle >16K data properly
    o configure: remove the C++ compiler check
    o memdebug: trace send, recv and socket
    o runtests: use valgrind for torture as well
    o ldap: silence clang warning
    o makefile.m32: allow to override gcc, ar and ranlib
    o setopt: avoid integer overflows when setting millsecond values
    o setopt: range check most long options
    o ftp: reject illegal IP/port in PASV 227 response
    o mime: do not reuse previously computed multipart size
    o vtls: change struct Curl_ssl `close' field name to `close_one'
    o os400: add missing symbols in config file
    o mime: limit bas64-encoded lines length to 76 characters
    o mk-ca-bundle: Remove URL for aurora
    o mk-ca-bundle: Fix URL for NSS

   To generate a diff of this commit:
   cvs rdiff -u -r1.188 -r1.189 pkgsrc/www/curl/Makefile
   cvs rdiff -u -r1.137 -r1.138 pkgsrc/www/curl/distinfo