Subject: CVS commit: pkgsrc/www/curl
From: Leonardo Taccari
Date: 2019-05-22 10:57:58
Message id: 20190522085758.C80C0FBB7@cvs.NetBSD.org

Log Message:
curl: Update to 7.65.0

pkgsrc changes:
 - Remove patch-configure test(1) `==' -> `=' hunk applied upstream

Changes:
7.65.0
------
This release includes the following changes:

 o CURLOPT_DNS_USE_GLOBAL_CACHE: removed
 o CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse
 o pipelining: removed

This release includes the following bugfixes:

 o CVE-2019-5435: Integer overflows in curl_url_set
 o CVE-2019-5436: tftp: use the current blksize for recvfrom()
 o --config: clarify that initial : and = might need quoting
 o AppVeyor: enable testing for WinSSL build
 o CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk
 o CURLOPT_ADDRESS_SCOPE: fix range check and more
 o CURLOPT_CAINFO.3: with Schannel, you want Windows 8 or later
 o CURLOPT_CHUNK_BGN_FUNCTION.3: document the struct and time value
 o CURLOPT_READFUNCTION.3: see also CURLOPT_UPLOAD_BUFFERSIZE
 o CURL_MAX_INPUT_LENGTH: largest acceptable string input size
 o Curl_disconnect: treat all CONNECT_ONLY connections as "dead"
 o INTERNALS: Add code highlighting
 o OS400/ccsidcurl: replace use of Curl_vsetopt
 o OpenSSL: Report -fips in version if OpenSSL is built with FIPS
 o README.md: fix no-consecutive-blank-lines Codacy warning
 o VC15 project: remove MinimalRebuild
 o VS projects: use Unicode for VC10+
 o WRITEFUNCTION: add missing set_in_callback around callback
 o altsvc: Fix building with cookies disabled
 o auth: Rename the various authentication clean up functions
 o base64: build conditionally if there are users
 o build-openssl.bat: Fixed support for OpenSSL v1.1.0+
 o build: fix "clarify calculation precedence" warnings
 o checksrc.bat: ignore snprintf warnings in docs/examples
 o cirrus: Customize the disabled tests per FreeBSD version
 o cleanup: remove FIXME and TODO comments
 o cmake: avoid linking executable for some tests with cmake 3.6+
 o cmake: clear CMAKE_REQUIRED_LIBRARIES after each use
 o cmake: rename CMAKE_USE_DARWINSSL to CMAKE_USE_SECTRANSP
 o cmake: set SSL_BACKENDS
 o configure: avoid unportable `==' test(1) operator
 o configure: error out if OpenSSL wasn't detected when asked for
 o configure: fix default location for fish completions
 o cookie: Guard against possible NULL ptr deref
 o curl: make code work with protocol-disabled libcurl
 o curl: report error for "--no-" on non-boolean options
 o curl_easy_getinfo.3: fix minor formatting mistake
 o curlver.h: use parenthesis in CURL_VERSION_BITS macro
 o docs/BUG-BOUNTY: bug bounty time
 o docs/INSTALL: fix broken link
 o docs/RELEASE-PROCEDURE: link to live iCalendar
 o documentation: Fix several typos
 o doh: acknowledge CURL_DISABLE_DOH
 o doh: disable DOH for the cases it doesn't work
 o examples: remove unused variables
 o ftplistparser: fix LGTM alert "Empty block without comment"
 o hostip: acknowledge CURL_DISABLE_SHUFFLE_DNS
 o http: Ignore HTTP/2 prior knowledge setting for HTTP proxies
 o http: acknowledge CURL_DISABLE_HTTP_AUTH
 o http: mark bundle as not for multiuse on < HTTP/2 response
 o http_digest: Don't expose functions when HTTP and Crypto Auth are disabled
 o http_negotiate: do not treat failure of gss_init_sec_context() as fatal
 o http_ntlm: Corrected the name of the include guard
 o http_ntlm_wb: Handle auth for only a single request
 o http_ntlm_wb: Return the correct error on receiving an empty auth message
 o lib509: add missing include for strdup
 o lib557: initialize variables
 o makedebug: Fix ERRORLEVEL detection after running where.exe
 o mbedtls: enable use of EC keys
 o mime: acknowledge CURL_DISABLE_MIME
 o multi: improved HTTP_1_1_REQUIRED handling
 o netrc: acknowledge CURL_DISABLE_NETRC
 o nss: allow fifos and character devices for certificates
 o nss: provide more specific error messages on failed init
 o ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup
 o ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4
 o openssl: mark connection for close on TLS close_notify
 o openvms: Remove pre-processor for SecureTransport
 o openvms: Remove pre-processors for Windows
 o parse_proxy: use the URL parser API
 o parsedate: disabled on CURL_DISABLE_PARSEDATE
 o pingpong: disable more when no pingpong protocols are enabled
 o polarssl_threadlock: remove conditionally unused code
 o progress: acknowledge CURL_DISABLE_PROGRESS_METER
 o proxy: acknowledge DISABLE_PROXY more
 o resolve: apply Happy Eyeballs philosophy to parallel c-ares queries
 o revert "multi: support verbose conncache closure handle"
 o sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616
 o sasl: only enable if there's a protocol enabled using it
 o scripts: fix typos
 o singleipconnect: show port in the verbose "Trying ..." message
 o smtp: fix compiler warning
 o socks5: user name and passwords must be shorter than 256
 o socks: fix error message
 o socksd: new SOCKS 4+5 server for tests
 o spnego_gssapi: fix return code on gss_init_sec_context() failure
 o ssh-libssh: remove unused variable
 o ssh: define USE_SSH if SSH is enabled (any backend)
 o ssh: move variable declaration to where it's used
 o test1002: correct the name
 o test2100: Fix typos in test description
 o tests/server/util: fix Windows Unicode build
 o tests: Run global cleanup at end of tests
 o tests: make Impacket (SMB server) Python 3 compatible
 o tool_cb_wrt: fix bad-function-cast warning
 o tool_formparse: remove redundant assignment
 o tool_help: Warn if curl and libcurl versions do not match
 o tool_help: include <strings.h> for strcasecmp
 o transfer: fix LGTM alert "Comparison is always true"
 o travis: add an osx http-only build
 o travis: allow builds on branches named "ci"
 o travis: install dependencies only when needed
 o travis: update some builds do Xenial
 o travis: updated mesalink builds
 o url: always clone the CUROPT_CURLU handle
 o url: convert the zone id from a IPv6 URL to correct scope id
 o urlapi: add CURLUPART_ZONEID to set and get
 o urlapi: increase supported scheme length to 40 bytes
 o urlapi: require a non-zero host name length when parsing URL
 o urlapi: stricter CURLUPART_PORT parsing
 o urlapi: strip off zone id from numerical IPv6 addresses
 o urlapi: urlencode characters above 0x7f correctly
 o vauth/cleartext: update the PLAIN login to match RFC 4616
 o vauth/oauth2: Fix OAUTHBEARER token generation
 o vauth: Fix incorrect function description for Curl_auth_user_contains_domain
 o vtls: fix potential ssl_buffer stack overflow
 o wildcard: disable from build when FTP isn't present
 o winbuild: Support MultiSSL builds
 o xattr: skip unittest on unsupported platforms

Files:
RevisionActionfile
1.209modifypkgsrc/www/curl/Makefile
1.75modifypkgsrc/www/curl/PLIST
1.152modifypkgsrc/www/curl/distinfo
1.6modifypkgsrc/www/curl/patches/patch-configure