Path to this page:
Subject: CVS commit: pkgsrc/www/curl
From: Leonardo Taccari
Date: 2019-05-22 10:57:58
Message id: 20190522085758.C80C0FBB7@cvs.NetBSD.org
Log Message:
curl: Update to 7.65.0
pkgsrc changes:
- Remove patch-configure test(1) `==' -> `=' hunk applied upstream
Changes:
7.65.0
------
This release includes the following changes:
o CURLOPT_DNS_USE_GLOBAL_CACHE: removed
o CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse
o pipelining: removed
This release includes the following bugfixes:
o CVE-2019-5435: Integer overflows in curl_url_set
o CVE-2019-5436: tftp: use the current blksize for recvfrom()
o --config: clarify that initial : and = might need quoting
o AppVeyor: enable testing for WinSSL build
o CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk
o CURLOPT_ADDRESS_SCOPE: fix range check and more
o CURLOPT_CAINFO.3: with Schannel, you want Windows 8 or later
o CURLOPT_CHUNK_BGN_FUNCTION.3: document the struct and time value
o CURLOPT_READFUNCTION.3: see also CURLOPT_UPLOAD_BUFFERSIZE
o CURL_MAX_INPUT_LENGTH: largest acceptable string input size
o Curl_disconnect: treat all CONNECT_ONLY connections as "dead"
o INTERNALS: Add code highlighting
o OS400/ccsidcurl: replace use of Curl_vsetopt
o OpenSSL: Report -fips in version if OpenSSL is built with FIPS
o README.md: fix no-consecutive-blank-lines Codacy warning
o VC15 project: remove MinimalRebuild
o VS projects: use Unicode for VC10+
o WRITEFUNCTION: add missing set_in_callback around callback
o altsvc: Fix building with cookies disabled
o auth: Rename the various authentication clean up functions
o base64: build conditionally if there are users
o build-openssl.bat: Fixed support for OpenSSL v1.1.0+
o build: fix "clarify calculation precedence" warnings
o checksrc.bat: ignore snprintf warnings in docs/examples
o cirrus: Customize the disabled tests per FreeBSD version
o cleanup: remove FIXME and TODO comments
o cmake: avoid linking executable for some tests with cmake 3.6+
o cmake: clear CMAKE_REQUIRED_LIBRARIES after each use
o cmake: rename CMAKE_USE_DARWINSSL to CMAKE_USE_SECTRANSP
o cmake: set SSL_BACKENDS
o configure: avoid unportable `==' test(1) operator
o configure: error out if OpenSSL wasn't detected when asked for
o configure: fix default location for fish completions
o cookie: Guard against possible NULL ptr deref
o curl: make code work with protocol-disabled libcurl
o curl: report error for "--no-" on non-boolean options
o curl_easy_getinfo.3: fix minor formatting mistake
o curlver.h: use parenthesis in CURL_VERSION_BITS macro
o docs/BUG-BOUNTY: bug bounty time
o docs/INSTALL: fix broken link
o docs/RELEASE-PROCEDURE: link to live iCalendar
o documentation: Fix several typos
o doh: acknowledge CURL_DISABLE_DOH
o doh: disable DOH for the cases it doesn't work
o examples: remove unused variables
o ftplistparser: fix LGTM alert "Empty block without comment"
o hostip: acknowledge CURL_DISABLE_SHUFFLE_DNS
o http: Ignore HTTP/2 prior knowledge setting for HTTP proxies
o http: acknowledge CURL_DISABLE_HTTP_AUTH
o http: mark bundle as not for multiuse on < HTTP/2 response
o http_digest: Don't expose functions when HTTP and Crypto Auth are disabled
o http_negotiate: do not treat failure of gss_init_sec_context() as fatal
o http_ntlm: Corrected the name of the include guard
o http_ntlm_wb: Handle auth for only a single request
o http_ntlm_wb: Return the correct error on receiving an empty auth message
o lib509: add missing include for strdup
o lib557: initialize variables
o makedebug: Fix ERRORLEVEL detection after running where.exe
o mbedtls: enable use of EC keys
o mime: acknowledge CURL_DISABLE_MIME
o multi: improved HTTP_1_1_REQUIRED handling
o netrc: acknowledge CURL_DISABLE_NETRC
o nss: allow fifos and character devices for certificates
o nss: provide more specific error messages on failed init
o ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup
o ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4
o openssl: mark connection for close on TLS close_notify
o openvms: Remove pre-processor for SecureTransport
o openvms: Remove pre-processors for Windows
o parse_proxy: use the URL parser API
o parsedate: disabled on CURL_DISABLE_PARSEDATE
o pingpong: disable more when no pingpong protocols are enabled
o polarssl_threadlock: remove conditionally unused code
o progress: acknowledge CURL_DISABLE_PROGRESS_METER
o proxy: acknowledge DISABLE_PROXY more
o resolve: apply Happy Eyeballs philosophy to parallel c-ares queries
o revert "multi: support verbose conncache closure handle"
o sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616
o sasl: only enable if there's a protocol enabled using it
o scripts: fix typos
o singleipconnect: show port in the verbose "Trying ..." message
o smtp: fix compiler warning
o socks5: user name and passwords must be shorter than 256
o socks: fix error message
o socksd: new SOCKS 4+5 server for tests
o spnego_gssapi: fix return code on gss_init_sec_context() failure
o ssh-libssh: remove unused variable
o ssh: define USE_SSH if SSH is enabled (any backend)
o ssh: move variable declaration to where it's used
o test1002: correct the name
o test2100: Fix typos in test description
o tests/server/util: fix Windows Unicode build
o tests: Run global cleanup at end of tests
o tests: make Impacket (SMB server) Python 3 compatible
o tool_cb_wrt: fix bad-function-cast warning
o tool_formparse: remove redundant assignment
o tool_help: Warn if curl and libcurl versions do not match
o tool_help: include <strings.h> for strcasecmp
o transfer: fix LGTM alert "Comparison is always true"
o travis: add an osx http-only build
o travis: allow builds on branches named "ci"
o travis: install dependencies only when needed
o travis: update some builds do Xenial
o travis: updated mesalink builds
o url: always clone the CUROPT_CURLU handle
o url: convert the zone id from a IPv6 URL to correct scope id
o urlapi: add CURLUPART_ZONEID to set and get
o urlapi: increase supported scheme length to 40 bytes
o urlapi: require a non-zero host name length when parsing URL
o urlapi: stricter CURLUPART_PORT parsing
o urlapi: strip off zone id from numerical IPv6 addresses
o urlapi: urlencode characters above 0x7f correctly
o vauth/cleartext: update the PLAIN login to match RFC 4616
o vauth/oauth2: Fix OAUTHBEARER token generation
o vauth: Fix incorrect function description for Curl_auth_user_contains_domain
o vtls: fix potential ssl_buffer stack overflow
o wildcard: disable from build when FTP isn't present
o winbuild: Support MultiSSL builds
o xattr: skip unittest on unsupported platforms
Files: