Next | Query returned 1 messages, browsing 1 to 10 | previous

History of commit frequency

CVS Commit History:


   2015-04-29 23:25:22 by Matthias Scheler | Files touched by this commit (4) | Package updated
Log message:
Pullup ticket #4705 - requested by spz
www/curl: security update

Revisions pulled up:
- www/curl/Makefile                                             1.147
- www/curl/PLIST                                                1.48
- www/curl/distinfo                                             1.103
- www/curl/patches/patch-aa                                     1.30

---
   Module Name:	pkgsrc
   Committed By:	jperkin
   Date:		Wed Apr 22 14:35:21 UTC 2015

   Modified Files:
   	pkgsrc/www/curl: Makefile PLIST distinfo
   	pkgsrc/www/curl/patches: patch-aa

   Log message:
   Update to curl-7.42.0.

   This release includes the following changes:

    o openssl: show the cipher selection to use in verbose text
    o gtls: implement CURLOPT_CERTINFO
    o add CURLOPT_SSL_FALSESTART option (darwinssl and NSS)
    o curl: add --false-start option
    o add CURLOPT_PATH_AS_IS
    o curl: add --path-as-is option
    o curl: create output file on successful download of an empty file

   This release includes the following bugfixes:

    o ConnectionExists: for NTLM re-use, require credentials to match
    o cookie: cookie parser out of boundary memory access
    o fix_hostname: zero length host name caused -1 index offset
    o http_done: close Negotiate connections when done
    o sws: timeout idle CONNECT connections
    o nss: improve error handling in Curl_nss_random()
    o nss: do not skip Curl_nss_seed() if data is NULL
    o curl-config.in: eliminate double quotes around CURL_CA_BUNDLE
    o http2: move lots of verbose output to be debug-only
    o dist: add extern-scan.pl to the tarball
    o http2: return recv error on unexpected EOF
    o build: Use default RandomizedBaseAddress directive in VC9+ project files
    o build: Removed DataExecutionPrevention directive from VC9+ project files
    o tool: Updated the warnf() function to use the GlobalConfig structure
    o http2: Return error if stream was closed with other than NO_ERROR
    o mprintf.h: remove #ifdef CURLDEBUG
    o libtest: fixed linker errors on msvc
    o tool: use ENABLE_CURLX_PRINTF instead of _MPRINTF_REPLACE
    o curl.1: fix "The the" typo
    o cmake: handle build definitions CURLDEBUG/DEBUGBUILD
    o openssl: remove all uses of USE_SSLEAY
    o multi: fix memory-leak on timeout (regression)
    o curl_easy_setopt.3: added CURLOPT_SSL_VERIFYSTATUS
    o metalink: add some error checks
    o TLS: make it possible to enable ALPN/NPN without HTTP/2
    o http2: use CURL_HTTP_VERSION_* symbols instead of NPN_*
    o conncontrol: only log changes to the connection bit
    o multi: fix *getsock() with CONNECT
    o symbols.pl: handle '-' in the deprecated field
    o MacOSX-Framework: use @rpath instead of @executable_path
    o GnuTLS: add support for CURLOPT_CAPATH
    o GnuTLS: print negotiated TLS version and full cipher suite name
    o GnuTLS: don't print double newline after certificate dates
    o memanalyze.pl: handle free(NULL)
    o proxy: re-use proxy connections (regression)
    o mk-ca-bundle: Don't report SHA1 numbers with "-q"
    o http: always send Host: header as first header
    o openssl: sort ciphers to use based on strength
    o openssl: use colons properly in the ciphers list
    o http2: detect premature close without data transfered
    o hostip: Fix signal race in Curl_resolv_timeout
    o closesocket: call multi socket cb on close even with custom close
    o mksymbolsmanpage.pl: use std header and generate better nroff header
    o connect: Fix happy eyeballs logic for IPv4-only builds
    o curl_easy_perform.3: remove superfluous close brace from example
    o HTTP: don't use Expect: headers when on HTTP/2
    o Curl_sh_entry: remove unused 'timestamp'
    o docs/libcurl: makefile portability fix
    o mkhelp: Remove trailing carriage return from every line of input
    o nss: explicitly tell NSS to disable NPN/ALPN when libcurl disables it
    o curl_easy_setopt.3: added a few missing options
    o metalink: fix resource leak in OOM
    o axtls: version 1.5.2 now requires that config.h be manually included
    o HTTP: don't switch to HTTP/2 from 1.1 until we get the 101
    o cyassl: detect the library as renamed wolfssl
    o CURLOPT_HTTPHEADER.3: add a "SECURITY CONCERNS" section
    o CURLOPT_URL.3: Added "SECURITY CONCERNS
    o openssl: try to avoid accessing OCSP structs when possible
    o test938: added missing closing tags
    o testcurl: Allow '=' in values given on command line
    o tests/certs: added make target to rebuild certificates
    o tests/certs: rebuild certificates with modified key usage bits
    o gtls: avoid uninitialized variable
    o gtls: dereferencing NULL pointer
    o gtls: add check of return code
    o test1513: eliminated race condition in test run
    o dict: rename byte to avoid compiler shadowed declaration warning
    o curl_easy_recv/send: make them work with the multi interface
    o vtls: fix compile with --disable-crypto-auth but with SSL
    o openssl: adapt to ASN1/X509 things gone opaque in 1.1
    o openssl: verifystatus: only use the OCSP work-around <= 1.0.2a
    o curl_memory: make curl_memory.h the second-last header file loaded
    o testcurl.pl: add the --notes option to supply more info about a build
    o cyassl: If wolfSSL then identify as such in version string
    o cyassl: Check for invalid length parameter in Curl_cyassl_random
    o cyassl: default to highest possible TLS version
    o Curl_ssl_md5sum: return CURLcode (fixes OOM)
    o polarssl: remove dead code
    o polarssl: called mbedTLS in 1.3.10 and later
    o globbing: fix step parsing for character globbing ranges
    o globbing: fix url number calculation when using range with step
    o multi: on a request completion, check all CONNECT_PEND transfers
    o build: link curl to openssl libraries when openssl support is enabled
    o url: Don't accept CURLOPT_SSLVERSION unless USE_SSL is defined
    o vtls: Don't accept unknown CURLOPT_SSLVERSION values
    o build: Fix libcurl.sln erroneous mixed configurations
    o cyassl: remove undefined reference to CyaSSL_no_filesystem_verify
    o cyassl: add SSL context callback support for CyaSSL
    o tool: only set SSL options if SSL is enabled
    o multi: remove_handle: move pending connections
    o configure: Use KRB5CONFIG for krb5-config
    o axtls: add timeout within Curl_axtls_connect
    o CURLOPT_HTTP200ALIASES.3: Mainly SHOUTcast servers use "ICY 200"
    o cyassl: Fix library initialization return value
    o cookie: handle spaces after the name in Set-Cookie
    o http2: Fix missing nghttp2_session_send call in Curl_http2_switched
    o cyassl: Fix certificate load check
    o build-openssl.bat: Fix mixed line endings
    o checksrc.bat: Check lib\vtls source
    o DNS: fix refreshing of obsolete dns cache entries
    o CURLOPT_RESOLVE: actually implement removals
    o checksrc.bat: quotes to support an SRC_DIR with spaces
    o cyassl: Remove 'Connecting to' message from cyassl_connect_step2
    o cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size
    o lib/transfer.c: Remove factor of 8 from sleep time calculation
    o lib/makefile.m32: add missing libs to build libcurl.dll
    o build: Generate source prerequisites for Visual Studio in generate.bat
    o cyassl: Include the CyaSSL build config
    o firefox-db2pem: fix wildcard to find Firefox default profile
    o BUGS: refer to the github issue tracker now as primary
    o vtls_openssl: improve several certificate error messages
    o cyassl: Add support for TLS extension SNI
    o parsecfg: do not continue past a zero termination
    o configure --with-nss=PATH: query pkg-config if available
    o configure --with-nss: drop redundant if statement
    o cyassl: Fix include order
    o HTTP: fix PUT regression with Negotiate
    o curl_version_info.3: fixed the 'protocols' variable type

Next | Query returned 1 messages, browsing 1 to 10 | previous