Subject: CVS commit: pkgsrc/www/curl
From: Thomas Klausner
Date: 2021-05-26 09:54:17
Message id: 20210526075417.2CFF9FA95@cvs.NetBSD.org

Log Message:
curl: update to 7.77.0.

curl and libcurl 7.77.0

This release includes the following changes:

 o configure: make the TLS library choice(s) explicit [3]
 o curl: ignore options asking for SSLv2 or SSLv3 [10]
 o hsts: enable by default [8]
 o SSL: support in-memory CA certs for some backends [85]
 o vtls: refuse setting any SSL version [9]

This release includes the following bugfixes:

 o CVE-2021-22297: schannel cipher selection surprise [132]
 o CVE-2021-22298: TELNET stack contents disclosure [131]
 o CVE-2021-22901: TLS session caching disaster [130]
 o AmigaOS: add functions definitions for SHA256 [126]
 o build: fix compilation for Windows UWP platform [82]
 o c-hyper: don't write to set.writeheader if null [67]
 o c-hyper: fix handling of zero-byte chunk from hyper [39]
 o c-hyper: handle body on HYPER_TASK_EMPTY [104]
 o checksrc: complain on == NULL or != 0 checks in conditions [20]
 o CI/cirrus: add shared and static Windows release builds [102]
 o cmake: add CURL_ENABLE_EXPORT_TARGET option [133]
 o cmake: check for getppid and utimes [87]
 o cmake: detect CURL_SA_FAMILY_T [124]
 o cmake: fix two invokes result in different curl_config.h [123]
 o cmake: make libcurl output filename configurable [41]
 o cmake: Use multithreaded compilation on VS 2008+ [122]
 o config: remove now-unused macros [107]
 o configure: if asked for, fail if ldap is not found [109]
 o configure: provide --with-openssl, deprecate --with-ssl [15]
 o conn: add 'attach' to protocol handler, make libssh2 use it [119]
 o connect: use CURL_SA_FAMILY_T for portability [34]
 o ConnectionExists: respect requests for h1 connections better
 o cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies [1]
 o curl-wolfssl.m4: without custom include path, assume /usr/include [116]
 o curl: include libmetalink version in --version output [111]
 o Curl_http_header: check for colon when matching Persistent-Auth [51]
 o Curl_http_input_auth: require valid separator after negotiation type [52]
 o Curl_input_digest: require space after Digest [50]
 o curl_mprintf.3: add description [73]
 o curl_setup: provide the shutdown flags wider [33]
 o curl_url_set.3: add memory management information [38]
 o CURLcode: add CURLE_SSL_CLIENTCERT [47]
 o CURLOPT_CAPATH.3: defaults to a path, not NULL [103]
 o CURLOPT_IPRESOLVE: preventing wrong IP version from being used [125]
 o CURLOPT_POSTFIELDS.3: clarify how it gets the size of the data [40]
 o data_pending: check only SECONDARY socket for FTP(S) transfers [117]
 o docs/TheArtOfHttpScripting: fix markdown links [129]
 o docs: camelcase it like GitHub everywhere [62]
 o docs: cookies from HTTP headers need domain set [121]
 o docs: fix typo in fail-with-body doc [63]
 o docs: improve INTERNALS.md regarding getsock cb [105]
 o docs: replace dots with dashes in markdown enums [101]
 o easy: ignore sigpipe in curl_easy_send [69]
 o FILEFORMAT: mention sectransp as a feature [89]
 o GIT-INFO: suggest using autoreconf instead of buildconf [96]
 o github: add a workflow with libssh2 on macOS using cmake [81]
 o github: inhibit deprecated declarations for clang on macOS [118]
 o GnuTLS: don't allow TLS 1.3 for versions that don't support it [77]
 o gnutls: make setting only the MAX TLS allowed version work [83]
 o gskit: fix CURL_DISABLE_PROXY build [57]
 o gskit: fix undefined reference to 'conn' [58]
 o hostip.h: remove declaration of unimplemented function [108]
 o hostip: remove the debug code for LocalHost [113]
 o http2: call the handle-closed function correctly on closed stream [37]
 o http2: fix a resource leak in push_promise() [54]
 o http2: fix resource leaks in set_transfer_url() [55]
 o http2: make sure pause is done on HTTP [120]
 o http2: move the stream error field to the per-transfer storage [36]
 o http2: skip immediate parsing of payload following protocol switch [90]
 o http2: use nghttp2_session_upgrade2 instead of nghttp2_session_upgrade [91]
 o HTTP3.md: fix nghttp2's HTTP/3 server port [21]
 o HTTP3.md: make the ngtcp2 build use the quictls fork [98]
 o http: deal with partial CONNECT sends [97]
 o http: fix the check for 'Authorization' with Bearer [53]
 o http: limit the initial send amount to used upload buffer size [99]
 o http: reset the header buffer when sending the request [61]
 o http: use offsets inst of integer literals for header parsing [95]
 o INSTALL: add IBM i specific quirks [75]
 o krb5/name_to_level: replace checkprefix with curl_strequal [49]
 o krb5: don't use 'static' to store PBSZ size response [23]
 o krb5: remove the unused 'overhead' function [35]
 o lib/hostip6.c: make NAT64 address synthesis on macOS work [135]
 o lib1564.c: enable last wakeup test part on Windows [26]
 o lib: fix 0-length Curl_client_write calls [60]
 o lib: fix some misuse of curlx_convert_UTF8_to_tchar [64]
 o libcurl-security.3: be careful of setuid [66]
 o libcurl-security.3: don't try to filter IPv4 hosts based on the URL [71]
 o libcurl.3: mention the URL API [76]
 o libssh2: fix Value stored to 'sshp' is never read [13]
 o libssh2: ignore timeout during disconnect [45]
 o libssh: fix "empty expression statement has no effect" warnings [7]
 o libtest: remove lib530.c [88]
 o m4: add security frameworks on Mac when compiling rustls [31]
 o multi: don't close connection HTTP_1_1_REQUIRED
 o multi: fix slow write/upload performance on Windows [27]
 o multi: reduce Win32 API calls to improve performance [28]
 o ngtcp2: fix the cb_acked_stream_data_offset proto [46]
 o NSS: add ciphers to map [30]
 o NSS: make colons, commas and spaces valid separators in cipher list [106]
 o nss_set_blocking: avoid static for sock_opt [72]
 o ntlm: precaution against super huge type2 offsets [65]
 o openldap: protect SSL-specific code with proper #ifdef [12]
 o openldap: replace ldap_ prefix on private functions [84]
 o openssl: fix build error with OpenSSL < 1.0.2 [4]
 o openssl: remove unneeded cast for CertOpenSystemStore() [93]
 o os400: additional support for options metadata [24]
 o progress: fix scan-build-11 warnings [92]
 o progress: reset limit_size variables at transfer start [114]
 o progress: when possible, calculate transfer speeds with microseconds [48]
 o README.md: delete Codacy UTM parameters [5]
 o Revert "Revert 'multi: implement wait using winsock events'" [26]
 o rustls: only return CURLE_AGAIN when TLS session is fully drained [2]
 o rustls: use ALPN [56]
 o sasl: use 'unsigned short' to store mechanism [112]
 o schannel: Disable auto credentials; add an option to enable it [18]
 o schannel: Support strong crypto option [44]
 o sectransp: allow cipher name to be specified [29]
 o sectransp: fix EXC_BAD_ACCESS caused by uninitialized buffer [136]
 o sigpipe: ignore SIGPIPE when using wolfSSL as well [70]
 o sockfilt: avoid getting stuck waiting for writable socket [80]
 o sockfilt: fix invalid increment of handles index variable nfd [79]
 o sws: #ifdef S_IFSOCK use [32]
 o sws: allow HTTP requests up to 2MB in size [100]
 o test server: take care of siginterrupt() deprecation [25]
 o test2100: make it run with and require IPv6 [127]
 o tests/disable-scan.pl: also scan all m4 files [17]
 o tests/getpart: generate output URL encoded for better diffs [128]
 o tests: ignore case of chunked hex numbers in tests [86]
 o tls: add USE_HTTP2 define [59]
 o tool_getparam: handle failure of curlx_convert_tchar_to_UTF8() [78]
 o tool_getparam: replace (in-place) '%20' by '+' according to RFC1866 [14]
 o tool_operate: don't discard failed parallel transfer result [16]
 o tool_writeout: fix the HTTP_CODE json output [11]
 o travis: disable the failing libssh build [94]
 o URL-SYNTAX: update IDNA section for WHATWG spec changes [74]
 o urlapi: "normalize" numerical IPv4 host names [6]
 o vauth: factor base64 conversions out of authentication procedures [22]
 o version: add gsasl_version to curl_version_info_data [43]
 o version: add OpenLDAP version in the output [110]
 o vtls: deduplicate some DISABLE_PROXY ifdefs [19]
 o vtls: reset ssl use flag upon negotiation failure [42]
 o wolfssl: handle SSL_write() returns 0 for error [68]
 o wolfssl: remove SSLv3 support leftovers [115]

Files:
RevisionActionfile
1.244modifypkgsrc/www/curl/Makefile
1.86modifypkgsrc/www/curl/PLIST
1.171modifypkgsrc/www/curl/distinfo