Subject: CVS commit: pkgsrc/www/curl
From: Adam Ciarcinski
Date: 2020-12-09 10:05:39
Message id:

Log Message:
curl: updated to 7.74.0

curl and libcurl 7.74.0

This release includes the following changes:
 o hsts: add experimental support for Strict-Transport-Security

This release includes the following bugfixes:
 o CVE-2020-8286: Inferior OCSP verification
 o CVE-2020-8285: FTP wildcard stack overflow
 o CVE-2020-8284: trusting FTP PASV responses
 o acinclude: detect manually set minimum macos/ipod version
 o alt-svc: enable (in the build) by default
 o alt-svc: minimize variable scope and avoid "DEAD_STORE"
 o asyn: use 'struct thread_data *' instead of 'void *'
 o checksrc: warn on empty line before open brace
 o CI/appveyor: disable test 571 in two cmake builds
 o CI/azure: improve on flakiness by avoiding libtool wrappers
 o CI/tests: enable test target on TravisCI for CMake builds
 o CI/travis: add brotli and zstd to the libssh2 build
 o cirrus: build with FreeBSD 12.2 in CirrusCI
 o cmake: call the feature unixsockets without dash
 o cmake: check for linux/tcp.h
 o cmake: correctly handle linker flags for static libs
 o cmake: don't pass -fvisibility=hidden to clang-cl on Windows
 o cmake: don't use reserved target name 'test'
 o cmake: make BUILD_TESTING dependent option
 o cmake: make CURL_ZLIB a tri-state variable
 o cmake: set the unicode feature in curl-config on Windows
 o cmake: store IDN2 information in curl_config.h
 o cmake: use libcurl.rc in all Windows builds
 o configure: pass -pthread to Libs.private for pkg-config
 o configure: use pkgconfig to find openSSL when cross-compiling
 o connect: repair build without ipv6 availability
 o curl.1: add an "OUTPUT" section at the top of the manpage
 o new home
 o curl: add compatibility for Amiga and GCC 6.5
 o curl: only warn not fail, if not finding the home dir
 o curl_easy_escape: limit output string length to 3 * max input
 o Curl_pgrsStartNow: init speed limit time stamps at start
 o curl_setup: USE_RESOLVE_ON_IPS is for Apple native resolver use
 o curl_url_set.3: fix typo in the RETURN VALUE section
 o CURLOPT_HSTS.3: document the file format
 o CURLOPT_NOBODY.3: fix typo
 o CURLOPT_TCP_NODELAY.3: fix comment in example code
 o CURLOPT_URL.3: clarify SCP/SFTP URLs are for uploads as well
 o docs: document the 8MB input string limit
 o docs: fix typos and markup in ETag manpage sections
 o docs: Fix various typos in documentation
 o examples/httpput: remove use of CURLOPT_PUT
 o FAQ: refreshed
 o file: avoid duplicated code sequence
 o ftp: retry getpeername for FTP with TCP_FASTOPEN
 o gnutls: fix memory leaks (certfields memory wasn't released)
 o header.d: mention the "Transfer-Encoding: chunked" handling
 o HISTORY: the new domain
 o http3: fix two build errors, silence warnings
 o http3: use the master branch of GnuTLS for testing
 o http: pass correct header size to debug callback for chunked post
 o http_proxy: use enum with state names for 'keepon'
 o httpput-postfields.c: new example doing PUT with POSTFIELDS
 o infof/failf calls: fix format specifiers
 o libssh2: fix build with disabled proxy support
 o libssh2: fix transport over HTTPS proxy
 o libssh2: require version 1.0 or later
 o Makefile.m32: add support for HTTP/3 via ngtcp2+nghttp3
 o Makefile.m32: add support for UNICODE builds
 o mqttd: fclose test file when done
 o NEW-PROTOCOL: document what needs to be done to add one
 o ngtcp2: adapt to recent nghttp3 updates
 o ngtcp2: advertise h3 ALPN unconditionally
 o ngtcp2: Fix build error due to symbol name change
 o ngtcp2: use the minimal version of QUIC supported by ngtcp2
 o ntlm: avoid malloc(0) on zero length user and domain
 o openssl: acknowledge SRP disabling in configure properly
 o openssl: free mem_buf in error path
 o openssl: guard against OOM on context creation
 o openssl: use OPENSSL_init_ssl() with >= 1.1.0
 o os400: Sync libcurl API options
 o packages/OS400: make the source code-style compliant
 o quiche: close the connection
 o quiche: remove 'static' from local buffer
 o range.d: clarify that curl will not parse multipart responses
 o range.d: fix typo
 o Revert "multi: implement wait using winsock events"
 o rtsp: error out on empty Session ID, unified the code
 o rtsp: fixed Session ID comparison to refuse prefix
 o rtsp: fixed the RTST Session ID mismatch in test 570
 o runtests: return error if no tests ran
 o runtests: revert the mistaken edit of $CURL
 o runtests: show keywords when no tests ran
 o scripts/ parse all opts
 o socks: check for DNS entries with the right port number
 o src/tool_filetime: disable -Wformat on mingw for this file
 o strerror: use 'const' as the string should never be modified
 o test122[12]: remove these two tests
 o test506: make it not run in c-ares builds
 o tests/* close log file after each log line
 o tests/server/tftpd.c: close upload file right after transfer
 o tests/ fix compatibility with Python 2
 o tests: add missing global_init/cleanup calls
 o tests: fix some http/2 tests for older versions of nghttpx
 o tool_debug_cb: do not assume zero-terminated data
 o tool_help: make "output" description less confusing
 o tool_operate: --retry for HTTP 408 responses too
 o tool_operate: bail out proper on errors during parallel transfers
 o tool_operate: fix compiler warning when --libcurl is disabled
 o tool_writeout: use off_t getinfo-types instead of doubles
 o travis: use ninja-build for CMake builds
 o travis: use valgrind when running tests for debug builds
 o urlapi: don't accept blank port number field without scheme
 o urlapi: URL encode a '+' in the query part
 o urldata: remove 'void *protop' and create the union 'p'
 o vquic/ngtcp2.h: define local_addr as sockaddr_storage