Subject: CVS commit: pkgsrc/www/curl
From: Leonardo Taccari
Date: 2019-09-11 10:32:03
Message id:

Log Message:
curl: Update to 7.66.0

This release includes the following changes:

 o CURLINFO_RETRY_AFTER: parse the Retry-After header value
 o HTTP3: initial (experimental still not working) support
 o curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool
 o curl: support parallel transfers with -Z
 o curl_multi_poll: a sister to curl_multi_wait() that waits more
 o sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID

This release includes the following bugfixes:

 o CVE-2019-5481: FTP-KRB double-free
 o CVE-2019-5482: TFTP small blocksize heap buffer overflow
 o CI: remove duplicate configure flag for
 o CMake: remove needless newlines at end of gss variables
 o CMake: use platform dependent name for dlopen() library
 o CURLINFO docs: mention that in redirects times are added
 o CURLOPT_ALTSVC.3: use a "" file name to not load from a file
 o CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directly
 o CURLOPT_READFUNCTION.3: provide inline example
 o CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2
 o Curl_addr2string: take an addrlen argument too
 o Curl_fillreadbuffer: avoid double-free trailer buf on error
 o HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown
 o alt-svc: add protocol version selection masking
 o alt-svc: fix removal of expired cache entry
 o alt-svc: make it use h3-22 with ngtcp2 as well
 o alt-svc: more liberal ALPN name parsing
 o alt-svc: send Alt-Used: in redirected requests
 o alt-svc: with quiche, use the quiche h3 alpn string
 o appveyor: pass on -k to make
 o asyn-thread: create a socketpair to wait on
 o build-openssl: fix build with Visual Studio 2019
 o cleanup: move functions out of url.c and make them static
 o cleanup: remove the 'numsocks' argument used in many places
 o configure: avoid undefined check_for_ca_bundle
 o curl.h: add CURL_HTTP_VERSION_3 to the version enum
 o curl.h: fix outdated comment
 o curl: cap the maximum allowed values for retry time arguments
 o curl: handle a libcurl build without netrc support
 o curl: make use of CURLINFO_RETRY_AFTER when retrying
 o curl: remove outdated comment
 o curl: use .curlrc (with a dot) on Windows
 o curl: use CURLINFO_PROTOCOL to check for HTTP(s)
 o curl_global_init_mem.3: mention it was added in 7.12.0
 o curl_version: bump string buffer size to 250
 o curl_version_info.3: mentioned ALTSVC and HTTP3
 o curl_version_info: offer quic (and h3) library info
 o curl_version_info: provide nghttp2 details
 o defines: avoid underscore-prefixed defines
 o docs/ALTSVC: remove what works and the experimental explanation
 o docs/EXPERIMENTAL: explain what it means and what's experimental now
 o docs/ converted to markdown from plain text
 o docs/examples/curlx: fix errors
 o docs: s/curl_debug/curl_dbg_debug in comments and docs
 o easy: resize receive buffer on easy handle reset
 o examples: Avoid reserved names in hiperfifo examples
 o examples: add http3.c, altsvc.c and http3-present.c
 o getenv: support up to 4K environment variable contents on windows
 o http09: disable HTTP/0.9 by default in both tool and library
 o http2: when marked for closure and wanted to close == OK
 o http2_recv: trigger another read when the last data is returned
 o http: fix use of credentials from URL when using HTTP proxy
 o http_negotiate: improve handling of gss_init_sec_context() failures
 o md4: Use our own MD4 when no crypto libraries are available
 o multi: call detach_connection before Curl_disconnect
 o netrc: make the code try ".netrc" on Windows
 o nss: use TLSv1.3 as default if supported
 o openssl: build warning free with boringssl
 o openssl: use SSL_CTX_set_<min|max>_proto_version() when available
 o plan9: add support for running on Plan 9
 o progress: reset download/uploaded counter between transfers
 o readwrite_data: repair setting the TIMER_STARTTRANSFER stamp
 o scp: fix directory name length used in memcpy
 o smb: init *msg to NULL in smb_send_and_recv()
 o smtp: check for and bail out on too short EHLO response
 o source: remove names from source comments
 o spnego_sspi: add typecast to fix build warning
 o src/makefile: fix uncompressed hugehelp.c generation
 o ssh-libssh: do not specify O_APPEND when not in append mode
 o ssh: move code into vssh for SSH backends
 o sspi: fix memory leaks
 o tests: Replace outdated test case numbering documentation
 o tftp: return error when packet is too small for options
 o timediff: make it 64 bit (if possible) even with 32 bit time_t
 o travis: reduce number of torture tests in 'coverage'
 o url: make use of new HTTP version if alt-svc has one
 o urlapi: verify the IPv6 numerical address
 o urldata: avoid 'generic', use dedicated pointers
 o vauth: Use CURLE_AUTH_ERROR for auth function errors