---
- branch: pkgsrc-2018Q2
  date: Mon Sep 10 19:44:32 UTC 2018
  files:
  - new: 1.196.2.2
    old: 1.196.2.1
    path: pkgsrc/www/curl/Makefile
    pathrev: pkgsrc/www/curl/Makefile@1.196.2.2
    type: modified
  - new: 1.143.2.2
    old: 1.143.2.1
    path: pkgsrc/www/curl/distinfo
    pathrev: pkgsrc/www/curl/distinfo@1.143.2.2
    type: modified
  id: 20180910T194432Z.a84f75787c009861571e61924ddfdee994bf3b07
  log: "Pullup ticket #5825 - requested by wiz\nwww/curl: security update\n\nRevisions
    pulled up:\n- www/curl/Makefile                                             1.201\n-
    www/curl/distinfo                                             1.146\n- www/curl/patches/patch-src_tool__cb__hdr.c
    \                   deleted\n\n-------------------------------------------------------------------\n
    \  Module Name:\tpkgsrc\n   Committed By:\twiz\n   Date:\t\tWed Sep  5 06:49:26
    UTC 2018\n\n   Modified Files:\n   \tpkgsrc/www/curl: Makefile distinfo\n   Removed
    Files:\n   \tpkgsrc/www/curl/patches: patch-src_tool__cb__hdr.c\n\n   Log Message:\n
    \  curl: update to 7.61.1.\n\n   This release includes the following bugfixes:\n\n
    \   o security advisory (CVE-2018-14618): NTLM password overflow via integer overflow
    [73]\n    o CURLINFO_SIZE_UPLOAD: fix missing counter update [46]\n    o CURLOPT_ACCEPT_ENCODING.3:
    list them comma-separated\n    o CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental
    connection reuse [72]\n    o Curl_getoff_all_pipelines: improved for multiplexed
    [3]\n    o DEPRECATE: remove release date from 7.62.0\n    o HTTP: Don't attempt
    to needlessly decompress redirect body [30]\n    o INTERNALS: require GnuTLS >=
    2.11.3 [62]\n    o README.md: add LGTM.com code quality grade for C/C++ [42]\n
    \   o SSLCERTS: improve the openssl command line\n    o Silence GCC 8 cast-function-type
    warnings [47]\n    o ares: check for NULL in completed-callback [3]\n    o asyn-thread:
    Remove unused macro [40]\n    o auth: only pick CURLAUTH_BEARER if we *have* a
    Bearer token [15]\n    o auth: pick Bearer authentication whenever a token is
    available [15]\n    o cmake: CMake config files are defining CURL_STATICLIB for
    static builds [54]\n    o cmake: Respect BUILD_SHARED_LIBS [35]\n    o cmake:
    Update scripts to use consistent style [9]\n    o cmake: bumped minimum version
    to 3.4 [34]\n    o cmake: link curl to the OpenSSL targets instead of lib absolute
    paths [34]\n    o configure: conditionally enable pedantic-errors [64]\n    o
    configure: fix for -lpthread detection with OpenSSL and pkg-config [38]\n    o
    conn: remove the boolean 'inuse' field [3]\n    o content_encoding: accept up
    to 4 unknown trailer bytes after raw deflate data [5]\n    o cookie tests: treat
    files as text\n    o cookies: support creation-time attribute for cookies [75]\n
    \   o curl: Fix segfault when -H @headerfile is empty [23]\n    o curl: add http
    code 408 to transient list for --retry [78]\n    o curl: fix time-of-check, time-of-use
    race in dir creation [71]\n    o curl: use Content-Disposition before the \"URL
    end\" for -OJ [29]\n    o curl: warn the user if a given file name looks like
    an option [56]\n    o curl_threads: silence bad-function-cast warning [69]\n    o
    darwinssl: add support for ALPN negotiation [7]\n    o docs/CURLOPT_URL: fix indentation
    [20]\n    o docs/CURLOPT_WRITEFUNCTION: size is always 1 [19]\n    o docs/SECURITY-PROCESS:
    mention bounty, drop pre-notify\n    o docs/examples: add hiperfifo example using
    linux epoll/timerfd [21]\n    o docs: add disallow-username-in-url.d and haproxy-protocol.d
    to dist [50]\n    o docs: clarify NO_PROXY env variable functionality [70]\n    o
    docs: improved the manual pages of some callbacks [48]\n    o docs: mention NULL
    is fine input to several functions [43]\n    o formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT
    [40]\n    o gopher: Do not translate `?' to `%09' [67]\n    o header output: switch
    off all styles, not just unbold [8]\n    o hostip: fix unused variable warning\n
    \   o http2: Use correct format identifier for stream_id [77]\n    o http2: abort
    the send_callback if not setup yet [63]\n    o http2: avoid set_stream_user_data()
    before stream is assigned [61]\n    o http2: check nghttp2_session_set_stream_user_data
    return code [55]\n    o http2: clear the drain counter in Curl_http2_done [27]\n
    \   o http2: make sure to send after RST_STREAM [58]\n    o http2: separate easy
    handle from connections better [12]\n    o http: fix for tiny \"HTTP/0.9\" response
    [51]\n    o http_proxy: Remove unused macro SELECT_TIMEOUT [40]\n    o lib/Makefile:
    only do symbol hiding if told to [32]\n    o lib1502: fix memory leak in torture
    test [44]\n    o lib1522: fix curl_easy_setopt argument type\n    o libcurl-thread.3:
    expand somewhat on the NO_SIGNAL motivation [66]\n    o mime: check Curl_rand_hex's
    return code [22]\n    o multi: always do the COMPLETED procedure/state [3]\n    o
    openssl: assume engine support in 1.0.0 or later [2]\n    o openssl: fix debug
    messages [39]\n    o projects: Improve Windows perl detection in batch scripts
    [49]\n    o retry: return error if rewind was necessary but didn't happen [28]\n
    \   o reuse_conn(): memory leak - free old_conn->options [17]\n    o schannel:
    client certificate store opening fix [68]\n    o schannel: enable CALG_TLS1PRF
    for w32api >= 5.1\n    o schannel: fix MinGW compile break [1]\n    o sftp: don't
    send post-qoute sequence when retrying a connection [79]\n    o smb: fix memory
    leak on early failure [26]\n    o smb: fix memory-leak in URL parse error path
    [4]\n    o smb_getsock: always wait for write socket too [11]\n    o ssh-libssh:
    fix infinite connect loop on invalid private key [53]\n    o ssh-libssh: reduce
    excessive verbose output about pubkey auth [53]\n    o ssh-libssh: use FALLTHROUGH
    to silence gcc8 [76]\n    o ssl: set engine implicitly when a PKCS#11 URI is provided
    [36]\n    o sws: handle EINTR when calling select() [24]\n    o system_win32:
    fix version checking [16]\n    o telnet: Remove unused macros TELOPTS and TELCMDS
    [40]\n    o test1143: disable MSYS2's POSIX path conversion [10]\n    o test1148:
    disable if decimal separator is not point [65]\n    o test1307: (fnmatch testing)
    disabled [31]\n    o test1422: add required file feature [6]\n    o test1531:
    Add timeout [41]\n    o test1540: Remove unused macro TEST_HANG_TIMEOUT [40]\n
    \   o test214: disable MSYS2's POSIX path conversion for URL\n    o test320: treat
    curl320.out file as binary [14]\n    o tests/http_pipe.py: Use /usr/bin/env to
    find python\n    o tests: Don't use Windows path %PWD for SSH tests [74]\n    o
    tests: fixes for Windows line endlings [13]\n    o tool_operate: Fix setting proxy
    TLS 1.3 ciphers\n    o travis: build darwinssl on macos 10.12 to fix linker errors
    [33]\n    o travis: execute \"set -eo pipefail\" for coverage build [45]\n    o
    travis: run a 'make checksrc' too [25]\n    o travis: update to GCC-8 [52]\n    o
    travis: verify that man pages can be regenerated [50]\n    o upload: allocate
    upload buffer on-demand [60]\n    o upload: change default UPLOAD_BUFSIZE to 64KB
    [60]\n    o urldata: remove unused pipe_broke struct field [57]\n    o vtls: reinstantiate
    engine on duplicated handles [59]\n    o windows: implement send buffer tuning
    [37]\n    o wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random [18]\n\n   To
    generate a diff of this commit:\n   cvs rdiff -u -r1.200 -r1.201 pkgsrc/www/curl/Makefile\n
    \  cvs rdiff -u -r1.145 -r1.146 pkgsrc/www/curl/distinfo\n   cvs rdiff -u -r1.1
    -r0 pkgsrc/www/curl/patches/patch-src_tool__cb__hdr.c\n"
  module: pkgsrc
  subject: 'CVS commit: [pkgsrc-2018Q2] pkgsrc/www/curl'
  unixtime: '1536608672'
  user: spz