Navigation:
Browse pkgsrc
(this page) 2017-02-22 11:29:43 by Thomas Klausner | Files touched by this commit (3) |  |
Log message: Updated curl to 7.53.0. Curl and libcurl 7.53.0 This release includes the following changes: o unix_socket: added --abstract-unix-socket and CURLOPT_ABSTRACT_UNIX_SOCKET [25] o CURLOPT_BUFFERSIZE: support enlarging receive buffer [29] This release includes the following bugfixes: o CVE-2017-2629: make SSL_VERIFYSTATUS work again [64] o gnutls-random: check return code for failed random o openssl-random: check return code when asking for random o http: remove "Curl_http_done: called premature" message o cyassl: use time_t instead of long for timeout o build-wolfssl: Sync config with wolfSSL 3.10 o ftp-gss: check for init before use o configure: accept --with-libidn2 instead [1] o ftp: failure to resolve proxy should return that error code o curl.1: add three more exit codes o docs/ciphers: link to our own new page about ciphers o vtls: s/SSLEAY/OPENSSL - fixes multi_socket timeouts with openssl [2] o darwinssl: fix iOS build [3] o darwinssl: fix CFArrayRef leak [4] o cmake: use crypt32.lib when building with OpenSSL on windows [5] o curl_formadd.3: CURLFORM_CONTENTSLENGTH not needed when chunked [6] o digest_sspi: copy terminating NUL as well [7] o curl: fix --remote-time incorrect times on Windows [8] o curl.1: several updates and corrections [11] o content_encoding: change return code on a failure o curl.h: CURLE_FUNCTION_NOT_FOUND is no longer in use o docs: TCP_KEEPALIVE start and interval default to 60 [9] o darwinssl: --insecure overrides --cacert if both settings are in use [10] o TheArtOfHttpScripting: grammar o CIPHERS.md: document GSKit ciphers o wolfssl: support setting cipher list o wolfssl: display negotiated SSL version and cipher o lib506: fix build for Open Watcom [12] o asiohiper: improved socket handling [13] o examples: make the C++ examples follow our code style too o tests/sws: retry send() on EWOULDBLOCK [14] o cmake: Fix passing _WINSOCKAPI_ macro to compiler [15] o smtp: Fix STARTTLS denied error message o imap/pop3: don't print response character in STARTTLS denied messages [16] o rand: make it work without TLS backing [17] o url: fix parsing for when 'file' is the default protocol [18] o url: allow file://X:/path URLs on windows again [19] o gnutls: check for alpn and ocsp in configure [20] o IDN: Use TR46 'non-transitional' for toASCII translations [21] o url: Fix NO_PROXY env var to work properly with --proxy option [22] o CURLOPT_PREQUOTE.3: takes a struct curl_slist*, not a char* [23] o docs: Add note about libcurl copying strings to CURLOPT_* manpages [24] o curl: reset the easy handle at --next o --next docs: --trace and --trace-ascii are also global o --write-out docs: 'time_total' is not always shown with ms precision o http: print correct HTTP string in verbose output when using HTTP/2 o docs: improved language in README.md HISTORY.md CONTRIBUTE.md [26] o http2: disable server push if not requested [27] o nss: use the correct lock in nss_find_slot_by_name() o usercertinmem.c: improve the short description o CURLOPT_CONNECT_TO: Fix compile warnings o docs: non-blocking SSL handshake is now supported with NSS o *.rc: escape non-ASCII/non-UTF-8 character for clarity [28] o mbedTLS: fix multi interface non-blocking handshake [30] o PolarSSL: fix multi interface non-blocking handshake [31] o VC: remove the makefile.vc6 build infra [32] o telnet: fix windows compiler warnings [33] o cookies: do not assume a valid domain has a dot o polarssl: fix hangs o gnutls: disable TLS session tickets [34] o mbedtls: disable TLS session tickets [35] o mbedtls: implement CTR-DRBG and HAVEGE random generators [36] o openssl: Don't use certificate after transferring ownership [37] o cmake: Support curl --xattr when built with cmake [38] o OS400: Fix symbols [39] o docs: Add more HTTPS proxy documentation [40] o docs: use more HTTPS links [41] o cmdline-opts: Fixed build and test in out of source tree builds o CHANGES.0: removed o schannel: Remove incorrect SNI disabled message [42] o darwinssl: Avoid parsing certificates when not in verbose mode [43] o test552: Fix typos [44] o telnet: Fix typos [45] o transfer: only retry nobody-requests for HTTP [46] o http2: reset push header counter fixes crash [47] o nss: make FTPS work with --proxytunnel [48] o test1139: Added the --manual keyword since the manual is required o polarssl, mbedtls: Fix detection of pending data [49] o http_proxy: Fix tiny memory leak upon edge case connecting to proxy [50] o URL: only accept ";options" in SMTP/POP3/IMAP URL schemes [51] o curl.1: ftp.sunet.se is no longer an FTP mirror o tool_operate: Show HTTPS-Proxy options on CURLE_SSL_CACERT [52] o http2: fix memory-leak when denying push streams [53] o configure: Allow disabling pthreads, fall back on Win32 threads [54] o curl: fix typo in time condition warning message [55] o axtls: adapt to API changes [56] o tool_urlglob: Allow a glob range with the same start and stop [57] o winbuild: add note on auto-detection of MACHINE in Makefile.vc [58] o http: fix missing 'Content-Length: 0' while negotiating auth [59] o proxy: fix hostname resolution and IDN conversion [60] o docs: fix timeout handling in multi-uv example o digest_sspi: Fix nonce-count generation in HTTP digest [61] o sftp: improved checks for create dir failures [62] o smb: use getpid replacement for windows UWP builds [63] o digest_sspi: Handle 'stale=TRUE' directive in HTTP digest [65] |
| 2017-01-01 17:06:40 by Adam Ciarcinski | Files touched by this commit (616) | |
Log message: Revbump after boost update |
| 2016-12-31 09:31:18 by Jonathan Perkin | Files touched by this commit (1) |
Log message: pkg-config is required when building against nghttp2. |
| 2016-12-23 10:46:27 by Thomas Klausner | Files touched by this commit (2) | |
Log message:
Updated curl to 7.52.1. Security update.
Fixed in 7.52.1
Bugfixes:
CVE-2016-9594: unititialized random
lib557: fix checksrc warnings
lib: fix MSVC compiler warnings
lib557.c: use a shorter MAXIMIZE representation
tests: run checksrc on debug builds
|
| 2016-12-21 11:07:37 by Thomas Klausner | Files touched by this commit (3) |
Log message:
Updated curl to 7.52.0. Security fixes.
Version 7.52.0 (20 Dec 2016)
Changes:
nss: map CURL_SSLVERSION_DEFAULT to NSS default
vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3
curl: introduce the --tlsv1.3 option to force TLS 1.3
curl: Add --retry-connrefused
proxy: Support HTTPS proxy and SOCKS+HTTP(s)
add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme}
curl: add --fail-early
Bugfixes:
CVE-2016-9586: printf floating point buffer overflow
CVE-2016-9952: Win CE schannel cert wildcard matches too much
CVE-2016-9953: Win CE schannel cert name out of buffer read
msvc: removed a straggling reference to strequal.c
winbuild: remove strcase.obj from curl build
examples: bugfixed multi-uv.c
configure: verify that compiler groks -Werror=partial-availability
mbedtls: fix build with mbedtls versions < 2.4.0
dist: add unit test CMakeLists.txt to the tarball
curl -w: added more decimal digits to timing counters
easy: Initialize info variables on easy init and duphandle
cmake: disable poll for macOS
http2: Don't send header fields prohibited by HTTP/2 spec
ssh: check md5 fingerprints case insensitively (regression)
openssl: initial TLS 1.3 adaptions
curl_formadd.3: *_FILECONTENT and *_FILE need the file to be kept
printf: fix ".*f" handling
examples/fileupload.c: fclose the file as well
SPNEGO: Fix memory leak when authentication fails
realloc: use Curl_saferealloc to avoid common mistakes
openssl: make sure to fail in the unlikely event that PRNG seeding fails
URL-parser: for file://[host]/ URLs, the [host] must be localhost
timeval: prefer time_t to hold seconds instead of long
Curl_rand: fixed and moved to rand.c
glob: fix [a-c] globbing regression
darwinssl: fix SSL client certificate not found on MacOS Sierra
curl.1: Clarify --dump-header only writes received headers
http2: Fix address sanitizer memcpy warning
http2: Use huge HTTP/2 windows
connects: Don't mix unix domain sockets with regular ones
url: Fix conn reuse for local ports and interfaces
x509: Limit ASN.1 structure sizes to 256K
checksrc: add more checks
winbuild: add config option ENABLE_NGHTTP2
http2: check nghttp2_session_set_local_window_size exists
http2: Fix crashes when parent stream gets aborted
CURLOPT_CONNECT_TO: Skip non-matching "connect-to" entries
URL parser: reject non-numerical port numbers
CONNECT: reject TE or CL in 2xx responses
CONNECT: read responses one byte at a time
curl: support zero-length argument strings in config files
openssl: don't use OpenSSL's ERR_PACK
curl.1: generated with the new man page system
curl_easy_recv: Improve documentation and example program
Curl_getconnectinfo: avoid checking if the connection is closed
CIPHERS.md: attempt to document TLS cipher names
|
| 2016-11-02 08:09:39 by Maya Rashish | Files touched by this commit (4) | |
Log message:
curl: update to 7.51.0. security fix
Curl and libcurl 7.51.0
Public curl releases: 160
Command line options: 185
curl_easy_setopt() options: 225
Public functions in libcurl: 61
Contributors: 1467
This release includes the following changes:
o nss: additional cipher suites are now accepted by CURLOPT_SSL_CIPHER_LIST
o New option: CURLOPT_KEEP_SENDING_ON_ERROR [10]
This release includes the following bugfixes:
o CVE-2016-8615: cookie injection for other servers [28]
o CVE-2016-8616: case insensitive password comparison [29]
o CVE-2016-8617: OOB write via unchecked multiplication [30]
o CVE-2016-8618: double-free in curl_maprintf [31]
o CVE-2016-8619: double-free in krb5 code [32]
o CVE-2016-8620: glob parser write/read out of bounds [33]
o CVE-2016-8621: curl_getdate read out of bounds [34]
o CVE-2016-8622: URL unescape heap overflow via integer truncation [35]
o CVE-2016-8623: Use-after-free via shared cookies [36]
o CVE-2016-8624: invalid URL parsing with '#' [37]
o CVE-2016-8625: IDNA 2003 makes curl use wrong host [38]
o openssl: fix per-thread memory leak using 1.0.1 or 1.0.2 [1]
o http: accept "Transfer-Encoding: chunked" for HTTP/2 as well [2]
o LICENSE-MIXING.md: update with mbedTLS dual licensing [3]
o examples/imap-append: Set size of data to be uploaded [4]
o test2048: fix url
o darwinssl: disable RC4 cipher-suite support
o CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting
o openssl: donât call CRYTPO_cleanup_all_ex_data [5]
o libressl: fix version output [6]
o easy: Reset all statistical session info in curl_easy_reset [7]
o curl_global_cleanup.3: don't unload the lib with sub threads running [8]
o dist: add CurlSymbolHiding.cmake to the tarball
o docs: Remove that --proto is just used for initial retrieval [9]
o configure: Fixed builds with libssh2 in a custom location
o curl.1: --trace supports % for sending to stderr!
o cookies: same domain handling changed to match browser behavior [11]
o formpost: trying to attach a directory no longer crashes [12]
o CURLOPT_DEBUGFUNCTION.3: fixed unused argument warning [13]
o formpost: avoid silent snprintf() truncation
o ftp: fix Curl_ftpsendf
o mprintf: return error on too many arguments
o smb: properly check incoming packet boundaries [14]
o GIT-INFO: remove the Mac 10.1-specific details [15]
o resolve: add error message when resolving using SIGALRM [16]
o cmake: add nghttp2 support [17]
o dist: remove PDF and HTML converted docs from the releases [18]
o configure: disable poll() in macOS builds [19]
o vtls: only re-use session-ids using the same scheme
o pipelining: skip to-be-closed connections when pipelining [20]
o win: fix Universal Windows Platform build [21]
o curl: do not set CURLOPT_SSLENGINE to DEFAULT automatically [22]
o maketgz: make it support "only" generating version info
o Curl_socket_check: add extra check to avoid integer overflow
o gopher: properly return error for poll failures
o curl: set INTERLEAVEDATA too
o polarssl: clear thread array at init
o polarssl: fix unaligned SSL session-id lock
o polarssl: reduce #ifdef madness with a macro
o curl_multi_add_handle: set timeouts in closure handles [23]
o configure: set min version flags for builds on mac [24]
o INSTALL: converted to markdown => INSTALL.md
o curl_multi_remove_handle: fix a double-free [25]
o multi: fix inifinte loop in curl_multi_cleanup() [26]
o nss: fix tight loop in non-blocking TLS handhsake over proxy [27]
o mk-ca-bundle: Change URL retrieval to HTTPS-only by default [39]
o mbedtls: stop using deprecated include file [40]
o docs: fix req->data in multi-uv example [41]
o configure: Fix test syntax for monotonic clock_gettime
o CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2 [42]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Akshay Vernekar, Alexander Sinditskiy, Anders Bakken, Andreas Streichardt,
Andrei Sedoi, Bernard Spil, Christian Heimes, Dan Fandrich,
Daniel Gustafsson, Daniel Stenberg, DarÃo Hereñú, David Woodhouse,
Fernando Muñoz, Gregory Szorc, Jeroen Ooms, Kamil Dudka, Luáºt Nguyá»
n,
lukaszgn on github, Marcel Raad, Martin Frodl, Martin Storsjö,
Michael Kaufmann, Michael Osipov, MiloÅ¡ LjumoviÄ, Nick Zitzmann,
nopjmp on github, Paul Joyce, Rainer Müller, Ray Satiro, Remo E,
Rider Linden, Sebastian Mundry, Sergei Kuzmin, Stephen Brokenshire,
Tobias Stoeckmann, Toby Peterson, Todd Short, Tony Kelman, Torben Dannhauer,
Valentin David,
(40 contributors)
Thanks! (and sorry if I forgot to mention someone)
References to bug reports and discussions on issues:
[1] = https://curl.haxx.se/bug/?i=964
[2] = https://curl.haxx.se/bug/?i=1013
[3] = https://curl.haxx.se/bug/?i=1019
[4] = https://curl.haxx.se/bug/?i=1011
[5] = https://curl.haxx.se/mail/lib-2016-09/0045.html
[6] = https://curl.haxx.se/bug/?i=1029
[7] = https://curl.haxx.se/bug/?i=1017
[8] = https://curl.haxx.se/bug/?i=997
[9] = https://curl.haxx.se/bug/?i=1031
[10] = https://curl.haxx.se/libcurl/c/CURLOPT_KEEP_SENDING_ON_ERROR.html
[11] = https://curl.haxx.se/bug/?i=1050
[12] = https://curl.haxx.se/bug/?i=1053
[13] = https://curl.haxx.se/bug/?i=1056
[14] = https://curl.haxx.se/bug/?i=1052
[15] = https://curl.haxx.se/bug/?i=1049
[16] = https://curl.haxx.se/bug/?i=1066
[17] = https://curl.haxx.se/bug/?i=922
[18] = https://curl.haxx.se/mail/lib-2016-10/0040.html
[19] = https://curl.haxx.se/bug/?i=1057
[20] = https://curl.haxx.se/bug/?i=1075
[21] = https://curl.haxx.se/bug/?i=1048
[22] = https://curl.haxx.se/bug/?i=1042
[23] = https://curl.haxx.se/bug/?i=739
[24] = https://curl.haxx.se/bug/?i=1069
[25] = https://curl.haxx.se/bug/?i=1083
[26] = https://curl.haxx.se/mail/lib-2016-10/0011.html
[27] = https://bugzilla.redhat.com/1388162
[28] = https://curl.haxx.se/docs/adv_20161102A.html
[29] = https://curl.haxx.se/docs/adv_20161102B.html
[30] = https://curl.haxx.se/docs/adv_20161102C.html
[31] = https://curl.haxx.se/docs/adv_20161102D.html
[32] = https://curl.haxx.se/docs/adv_20161102E.html
[33] = https://curl.haxx.se/docs/adv_20161102F.html
[34] = https://curl.haxx.se/docs/adv_20161102G.html
[35] = https://curl.haxx.se/docs/adv_20161102H.html
[36] = https://curl.haxx.se/docs/adv_20161102I.html
[37] = https://curl.haxx.se/docs/adv_20161102J.html
[38] = https://curl.haxx.se/docs/adv_20161102K.html
[39] = https://curl.haxx.se/bug/?i=1012
[40] = https://curl.haxx.se/bug/?i=1087
[41] = https://curl.haxx.se/bug/?i=1088
[42] = https://curl.haxx.se/bug/?i=1059
|
| 2016-10-07 20:26:14 by Adam Ciarcinski | Files touched by this commit (611) | |
Log message: Revbump post boost update |
| 2016-09-14 09:12:12 by Thomas Klausner | Files touched by this commit (2) |
Log message: Updated curl to 7.50.3. Curl and libcurl 7.50.3 This release includes the following bugfixes: o CVE-2016-7167: escape and unescape integer overflows [8] o mk-ca-bundle.pl: use SHA256 instead of SHA1 o checksrc: detect strtok() use o errors: new alias CURLE_WEIRD_SERVER_REPLY [1] o http2: support > 64bit sized uploads [2] o openssl: fix bad memory free (regression) [3] o CMake: hide private library symbols [4] o http: refuse to pass on response body with NO_NODY was set [5] o cmake: fix curl-config --static-libs [6] o mbedtls: switch off NTLM in build if md4 isn't available [7] o curl: --create-dirs on windows groks both forward and backward slashes [9] |
| 2016-09-07 09:55:51 by Adam Ciarcinski | Files touched by this commit (2) |
Log message: Fixed in 7.50.2 - September 7 2016 Bugfixes: --------- mbedtls: Added support for NTLM SSH: fixed SFTP/SCP transfer problems multi: make Curl_expire() work with 0 ms timeouts mk-ca-bundle.pl: -m keeps ca cert meta data in output TFTP: Fix upload problem with piped input CURLOPT_TCP_NODELAY: now enabled by default mbedtls: set verbose TLS debug when MBEDTLS_DEBUG is defined http2: always wait for readable socket cmake: Enable win32 large file support by default cmake: Enable win32 threaded resolver by default winbuild: Avoid setting redundant CFLAGS to compile commands curl.h: make CURL_NO_OLDIES define CURL_STRICTER docs: make more markdown files use .md extension docs: CONTRIBUTE and LICENSE-MIXING were converted to markdown winbuild: Allow changing C compiler via environment variable CC rtsp: accept any RTSP session id HTTP: retry failed HEAD requests on reused connections too configure: add zlib search with pkg-config openssl: accept subjectAltName iPAddress if no dNSName match MANUAL: Remove invalid link to LDAP documentation socks: improved connection procedure proxy: reject attempts to use unsupported proxy schemes proxy: bring back use of "Proxy-Connection:" curl: allow "pkcs11:" prefix for client certificates spnego_sspi: fix memory leak in case *outlen is zero SOCKS: improve verbose output of SOCKS5 connection sequence SOCKS: display the hostname returned by the SOCKS5 proxy server http/sasl: Query authentication mechanism supported by SSPI before using sasl: Don't use GSSAPI authentication when domain name not specified win: Basic support for Universal Windows Platform apps nss: fix incorrect use of a previously loaded certificate from file nss: work around race condition in PK11_FindSlotByName() ftp: fix wrong poll on the secondary socket openssl: build warning-free with 1.1.0 (again) HTTP: stop parsing headers when switching to unknown protocols test219: Add http as a required feature TLS: random file/egd doesn't have to match for conn reuse schannel: Disable ALPN for Wine since it is causing problems http2: make sure stream errors don't needlessly close the connection http2: return CURLE_HTTP2_STREAM for unexpected stream close darwinssl: --cainfo is intended for backward compatibility only speed caps: not based on average speeds anymore configure: make the cpp -P detection not clobber CPPFLAGS http2: use named define instead of magic constant in read callback http2: skip the content-length parsing, detect unknown size http2: return EOF when done uploading without known size darwinssl: test for errSecSuccess in PKCS12 import rather than noErr openssl: fix CURLINFO_SSL_VERIFYRESULT |
| 2016-08-03 10:57:51 by Thomas Klausner | Files touched by this commit (3) |
Log message:
Updated curl to 7.50.1.
Bugfixes:
TLS: switch off SSL session id when client cert is used
TLS: only reuse connections with the same client cert
curl_multi_cleanup: clear connection pointer for easy handles
include the CURLINFO_HTTP_VERSION man page into the release tarball
include the http2-server.pl script in the release tarball
test558: fix test by stripping file paths from FD lines
spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration
tests: Fix for http/2 feature
cmake: Fix for schannel support
curl.h: make public types void * again
win32: fix a potential memory leak in Curl_load_library
travis: fix OSX build by re-installing libtool
mbedtls: Fix debug function name
|
New packages: