Subject: CVS commit: pkgsrc/www/curl
From: Leonardo Taccari
Date: 2018-10-31 09:06:24
Message id: 20181031080624.F14E1FBEE@cvs.NetBSD.org

Log Message:
curl: Update www/curl to 7.62.0

Changes:
7.62.0
------
This release includes the following changes:

 o multiplex: enable by default
 o url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
 o setopt: add CURLOPT_DOH_URL
 o curl: --doh-url added
 o setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
 o imap: change from "FETCH" to "UID FETCH"
 o configure: add option to disable automatic OpenSSL config loading
 o upkeep: add a connection upkeep API: curl_easy_upkeep()
 o URL-API: added five new functions
 o vtls: MesaLink is a new TLS backend

This release includes the following bugfixes:

 o CVE-2018-16839: SASL password overflow via integer overflow
 o CVE-2018-16840: use-after-free in handle close
 o CVE-2018-16842: warning message out-of-buffer read
 o CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated
 o Curl_dedotdotify(): always nul terminate returned string
 o Curl_follow: Always free the passed new URL
 o Curl_http2_done: fix memleak in error path
 o Curl_retry_request: fix memory leak
 o Curl_saferealloc: Fixed typo in docblock
 o FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
 o GnutTLS: TLS 1.3 support
 o SECURITY-PROCESS: mention the bountygraph program
 o VS projects: add USE_IPV6:
 o Windows: fixes for MinGW targeting Windows Vista
 o anyauthput: fix compiler warning on 64-bit Windows
 o appveyor: add WinSSL builds
 o appveyor: run test suite (on Windows!)
 o certs: generate tests certs with sha256 digest algorithm
 o checksrc: enable strict mode and warnings
 o checksrc: handle zero scoped ignore commands
 o cmake: Backport to work with CMake 3.0 again
 o cmake: Improve config installation
 o cmake: add support for transitive ZLIB target
 o cmake: disable -Wpedantic-ms-format
 o cmake: don't require OpenSSL if USE_OPENSSL=OFF
 o cmake: fixed path used in generation of docs/tests
 o cmake: remove unused *SOCKLEN_T variables
 o cmake: suppress MSVC warning C4127 for libtest
 o cmake: test and set missed defines during configuration
 o comment: Fix multiple typos in function parameters
 o config: Remove unused SIZEOF_VOIDP
 o config_win32: enable LDAPS
 o configure: force-use -lpthreads on HPUX
 o configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T
 o configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE
 o cookies: Remove redundant expired check
 o cookies: fix leak when writing cookies to file
 o curl-config.in: remove dependency on bc
 o curl.1: --ipv6 mutexes ipv4 (fixed typo)
 o curl: enabled Windows VT Support and UTF-8 output
 o curl: update the documentation of --tlsv1.0
 o curl_multi_wait: call getsock before figuring out timeout
 o curl_ntlm_wb: check aprintf() return codes
 o curl_threads: fix classic MinGW compile break
 o darwinssl: Fix realloc memleak
 o darwinssl: more specific and unified error codes
 o data-binary.d: clarify default content-type is x-www-form-urlencoded
 o docs/BUG-BOUNTY: explain the bounty program
 o docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers
 o docs/CIPHERS: fix the TLS 1.3 cipher names
 o docs/CIPHERS: mention the colon separation for OpenSSL
 o docs/examples: URL updates
 o docs: add "see also" links for SSL options
 o example/asiohiper: insert warning comment about its status
 o example/htmltidy: fix include paths of tidy libraries
 o examples/Makefile.m32: sync with core
 o examples/http2-pushinmemory: receive HTTP/2 pushed files in memory
 o examples/parseurl.c: show off the URL API
 o examples: Fix memory leaks from realloc errors
 o examples: do not wait when no transfers are running
 o ftp: include command in Curl_ftpsend sendbuffer
 o gskit: make sure to terminate version string
 o gtls: Values stored to but never read
 o hostip: fix check on Curl_shuffle_addr return value
 o http2: fix memory leaks on error-path
 o http: fix memleak in rewind error path
 o krb5: fix memory leak in krb_auth
 o ldap: show precise LDAP call in error message on Windows
 o lib: fix gcc8 warning on Windows
 o memory: add missing curl_printf header
 o memory: ensure to check allocation results
 o multi: Fix error handling in the SENDPROTOCONNECT state
 o multi: fix memory leak in content encoding related error path
 o multi: make the closure handle "inherit" CURLOPT_NOSIGNAL
 o netrc: free temporary strings if memory allocation fails
 o nss: fix nssckbi module loading on Windows
 o nss: try to connect even if libnssckbi.so fails to load
 o ntlm_wb: Fix memory leaks in ntlm_wb_response
 o ntlm_wb: bail out if the response gets overly large
 o openssl: assume engine support in 0.9.8 or later
 o openssl: enable TLS 1.3 post-handshake auth
 o openssl: fix gcc8 warning
 o openssl: load built-in engines too
 o openssl: make 'done' a proper boolean
 o openssl: output the correct cipher list on TLS 1.3 error
 o openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
 o openssl: show "proper" version number for libressl builds
 o pipelining: deprecated
 o rand: add comment to skip a clang-tidy false positive
 o rtmp: fix for compiling with lwIP
 o runtests: ignore disabled even when ranges are given
 o runtests: skip ld_preload tests on macOS
 o runtests: use Windows paths for Windows curl
 o schannel: unified error code handling
 o sendf: Fix whitespace in infof/failf concatenation
 o ssh: free the session on init failures
 o ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code
 o system.h: use proper setting with Sun C++ as well
 o test1299: use single quotes around asterisk
 o test1452: mark as flaky
 o test1651: unit test Curl_extract_certinfo()
 o test320: strip out more HTML when comparing
 o tests/negtelnetserver.py: fix Python2-ism in neg TELNET server
 o tests: add unit tests for url.c
 o timeval: fix use of weak symbol clock_gettime() on Apple platforms
 o tool_cb_hdr: handle failure of rename()
 o travis: add a "make tidy" build that runs clang-tidy
 o travis: add build for "configure --disable-verbose"
 o travis: bump the Secure Transport build to use xcode
 o travis: make distcheck scan for BOM markers
 o unit1300: fix stack-use-after-scope AddressSanitizer warning
 o urldata: Fix "connecting" comment
 o urlglob: improve error message on bad globs
 o vtls: fix ssl version "or later" behavior change for many backends
 o x509asn1: Fix SAN IP address verification
 o x509asn1: always check return code from getASN1Element()
 o x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
 o x509asn1: suppress left shift on signed value

Files:
RevisionActionfile
1.202modifypkgsrc/www/curl/Makefile
1.71modifypkgsrc/www/curl/PLIST
1.147modifypkgsrc/www/curl/distinfo