Subject: CVS commit: pkgsrc/www/curl
From: Thomas Klausner
Date: 2017-04-19 12:28:07
Message id: 20170419102807.4A574FBE4@cvs.NetBSD.org

Log Message:
Updated curl to 7.54.0.

Curl and libcurl 7.54.0

 Public curl releases:         165
 Command line options:         207
 curl_easy_setopt() options:   245
 Public functions in libcurl:  61
 Contributors:                 1538

This release includes the following changes:
 o Add CURL_SSLVERSION_MAX_* constants to CURLOPT_SSLVERSION [19]
 o Add --max-tls [19]
 o Add CURLOPT_SUPPRESS_CONNECT_HEADERS [24]
 o Add --suppress-connect-headers [24]

This release includes the following bugfixes:

 o CVE-2017-7468: switch off SSL session id when client cert is used [68]
 o cmake: Replace invalid UTF-8 byte sequence [1]
 o tests: use consistent environment variables for setting charset
 o proxy: fixed a memory leak on OOM
 o ftp: removed an erroneous free in an OOM path
 o docs: de-duplicate file lists in the Makefiles [2]
 o ftp: fixed a NULL pointer dereference on OOM
 o gopher: fixed detection of an error condition from Curl_urldecode
 o url: fix unix-socket support for proxy-disabled builds [3]
 o test1139: allow for the possibility that the man page is not rebuilt
 o cyassl: get library version string at runtime
 o digest_sspi: fix compilation warning
 o tests: enable HTTP/2 tests to run with non-default port numbers
 o warnless: suppress compiler warning
 o darwinssl: Warn that disabling host verify also disables SNI [4]
 o configure: fix for --enable-pthreads [5]
 o checksrc.bat: Ignore curl_config.h.in, curl_config.h
 o no-keepalive.d: fix typo [6]
 o configure: fix --with-zlib when a path is specified [7]
 o build: fix gcc7 implicit fallthrough warnings [8]
 o fix potential use of uninitialized variables [9]
 o CURLOPT_SSL_CTX_FUNCTION.3: Fix EXAMPLE formatting errors [10]
 o CMake: Reorganize SSL support, separate WinSSL and SSPI [11]
 o CMake: Add DarwinSSL support [12]
 o CMake: Add mbedTLS support [13]
 o ares: return error at once if timed out before name resolve starts [14]
 o BINDINGS: added C++, perl, go and Scilab bindings
 o URL: return error on malformed URLs with junk after port number
 o KNOWN_BUGS: Add DarwinSSL won't import PKCS#12 without a password [15]
 o http2: Fix assertion error on redirect with CL=0 [16]
 o updatemanpages.pl: Update man pages to use current date and versions [17]
 o --insecure: clarify that this option is for server connections [18]
 o mkhelp: simplified the gzip code
 o build: fixed making man page in out-of-tree tarball builds
 o tests: disabled 1903 due to flakiness
 o openssl: add two /* FALLTHROUGH */ to satisfy coverity
 o cmdline-opts: fixed a few typos
 o authneg: clear auth.multi flag at http_done [20]
 o curl_easy_reset: Also reset the authentication state [21]
 o proxy: skip SSL initialization for closed connections [22]
 o http_proxy: ignore TE and CL in CONNECT 2xx responses [23]
 o tool_writeout: fixed a buffer read overrun on --write-out
 o make: regenerate docs/curl.1 by running make in docs [25]
 o winbuild: add basic support for OpenSSL 1.1.x [26]
 o build: removed redundant DEPENDENCIES from makefiles
 o CURLINFO_LOCAL_PORT.3: added example
 o curl: show HTTPS-Proxy options on CURLE_SSL_CACERT [27]
 o tests: strip more options from non-HTTP --libcurl tests
 o tests: fixed the documented test server port numbers
 o runtests.pl: fixed display of the Gopher IPv6 port number
 o multi: fix streamclose() crash in debug mode [28]
 o cmake: build manual pages [29]
 o cmake: add support for building HTML and PDF docs [30]
 o mbedtls: add support for CURLOPT_SSL_CTX_FUNCTION [31]
 o make: introduce 'test-nonflaky' target
 o CURLINFO_PRIMARY_IP.3: add example
 o tests/README: mention nroff for --manual tests [32]
 o mkhelp: disable compression if the perl gzip module is unavailable
 o openssl: fall back on SSL_ERROR_* string when no error detail [33]
 o asiohiper: make sure socket is open in event_cb [34]
 o tests/README: make "Run" section foolproof [35]
 o curl: check for end of input in writeout backslash handling
 o .gitattributes: turn off CRLF for *.am [36]
 o multi: fix MinGW-w64 compiler warnings
 o schannel: fix variable shadowing warning
 o openssl: exclude DSA code when OPENSSL_NO_DSA is defined [37]
 o http: Fix proxy connection reuse with basic-auth [38]
 o pause: handle mixed types of data when paused [39]
 o http: do not treat FTPS over CONNECT as HTTPS
 o conncache: make hashkey avoid malloc [40]
 o make: use the variable MAKE for recursive calls [41]
 o curl: fix callback argument inconsistency [42]
 o NTLM: check for features with #ifdef instead of #if [43]
 o cmake: add several missing files to the dist
 o select: use correct SIZEOF_ constant [44]
 o connect: fix unreferenced parameter warning
 o schannel: fix unused variable warning
 o gcc7: fix ‘*’ in boolean context [45]
 o http2: silence unused parameter warnings
 o ssh: fix narrowing conversion warning
 o telnet: (win32) fix read callback return variable [46]
 o docs: Explain --fail-early does not imply --fail [47]
 o docs: added examples for CURLINFO_FILETIME.3 and CURLOPT_FILETIME.3
 o tests/server/util: remove in6addr_any for recent MinGW [48]
 o multi: make curl_multi_wait avoid malloc in the typical case [49]
 o include: curl/system.h is a run-time version of curlbuild.h [50]
 o easy: silence compiler warning
 o llist: replace Curl_llist_alloc with Curl_llist_init [51]
 o hash: move key into hash struct to reduce mallocs [52]
 o url: don't free postponed data on connection reuse [53]
 o curl_sasl: declare mechtable static
 o curl: fix Windows Unicode build
 o multi: fix queueing of pending easy handles [54]
 o tool_operate: fix MinGW compiler warning [55]
 o low_speed_limit: improved function for longer time periods [56]
 o gtls: fix compiler warning
 o sspi: print out InitializeSecurityContext() error message [57]
 o schannel: fix compiler warnings [58]
 o vtls: fix unreferenced variable warnings
 o INSTALL.md: fix secure transport configure arguments
 o CURLINFO_SCHEME.3: fix variable type
 o libcurl-thread.3: also mention threaded-resolver [59]
 o nss: load CA certificates even with --insecure [60]
 o openssl: fix this statement may fall through [61]
 o poll: prefer <poll.h> over <sys/poll.h> [62]
 o polarssl: unbreak build with versions < 1.3.8 [63]
 o Curl_expire_latest: ignore already expired timers [64]
 o configure: turn implicit function declarations into errors [65]
 o mbedtls: fix memory leak in error path [66]
 o http2: fix handle leak in error path [67]
 o .gitattributes: force shell scripts to LF [69]
 o configure.ac: ignore CR after version numbers [70]
 o extern-scan.pl: strip trailing CR [71]
 o openssl: make SSL_ERROR_to_str more future-proof [72]
 o openssl: fix thread-safety bugs in error-handling [73]
 o openssl: don't try to print nonexistant peer private keys [74]
 o nss: fix MinGW compiler warnings [75]

Files:
RevisionActionfile
1.180modifypkgsrc/www/curl/Makefile
1.63modifypkgsrc/www/curl/PLIST
1.130modifypkgsrc/www/curl/distinfo