--- - branch: pkgsrc-2022Q3 date: Sat Nov 5 19:09:28 UTC 2022 files: - new: 1.261.2.1 old: '1.261' path: pkgsrc/www/curl/Makefile pathrev: pkgsrc/www/curl/Makefile@1.261.2.1 type: modified - new: 1.91.2.1 old: '1.91' path: pkgsrc/www/curl/PLIST pathrev: pkgsrc/www/curl/PLIST@1.91.2.1 type: modified - new: 1.185.2.1 old: '1.185' path: pkgsrc/www/curl/distinfo pathrev: pkgsrc/www/curl/distinfo@1.185.2.1 type: modified id: 20221105T190928Z.024c69fd29c3be9e487a7705e1ec1ea31f6e0910 log: "Pullup ticket #6697 - requested by taca\nwww/curl: security fix\n\nRevisions pulled up:\n- www/curl/Makefile 1.262\n- www/curl/PLIST 1.92\n- www/curl/distinfo \ 1.186\n\n---\n Module Name:\tpkgsrc\n \ Committed By:\twiz\n Date:\t\tWed Oct 26 07:44:01 UTC 2022\n\n Modified Files:\n \tpkgsrc/www/curl: Makefile PLIST distinfo\n\n Log Message:\n curl: update to 7.86.0.\n\n Changes:\n\n NPN: remove support for and use of\n \ Websockets: initial support\n\n Bugfixes:\n\n altsvc: reject bad port numbers\n altsvc: use 'h3' for h3\n amiga: do not hardcode openssl/zlib into the os config\n amiga: set SIZEOF_CURL_OFF_T=8 by default\n amigaos: add missing curl header\n asyn-ares: set hint flags when calling ares_getaddrinfo\n \ autotools: allow --enable-symbol-hiding with windows\n autotools: allow unix sockets on Windows\n autotools: reduce brute-force when detecting recv/send arg list\n aws_sigv4: fix header computation\n bearssl: make it proper C89 compliant\n CI/GHA: cancel outdated CI runs on new PR changes\n CI/GHA: merge msh3 and openssl3 builds into linux workflow\n cirrus-ci: add macOS build with m1\n cirrus: use make LDFLAGS=-all-static instead of curl_LDFLAGS\n cli tool: do not use disabled protocols\n cmake: add missing inet_ntop check\n cmake: add the check of HAVE_SOCKETPAIR\n cmake: define BUILDING_LIBCURL in lib/CMakeLists, not config.h\n cmake: delete duplicate HAVE_GETADDRINFO test\n cmake: enable more detection on Windows\n \ cmake: fix original MinGW builds\n cmake: improve usability of CMake build as a sub-project\n cmake: set HAVE_GETADDRINFO_THREADSAFE on Windows\n \ cmake: set HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID on Windows\n cmake: sync HAVE_SIGNAL detection with autotools\n cmdline/docs: add a required 'multi' keyword for each option\n configure: correct the wording when checking grep -E\n configure: deprecate builds with small curl_off_t\n configure: fail if '--without-ssl' + explicit parameter for an ssl lib\n configure: the ngtcp2 option should default to 'no'\n connect: change verbose IPv6 address:port to [address]:port\n connect: fix builds without AF_INET6\n \ connect: fix Curl_updateconninfo for TRNSPRT_UNIX\n connect: fix the wrong error message on connect failures\n content_encoding: use writer struct subclasses for different encodings\n cookie: reject cookie names or content with TAB characters\n ctype: remove all use of , use our own versions\n curl-compilers.m4: for gcc + want warnings, set gnu89 standard\n curl-compilers.m4: use -O2 as default optimize for clang\n curl-wolfssl.m4: error out if wolfSSL is not usable\n curl.h: fix mention of wrong error code in comment\n curl/add_file_name_to_url: use the libcurl URL parser\n \ curl/add_parallel_transfers: better error handling\n curl/get_url_file_name: use libcurl URL parser\n curl: warn for --ssl use, considered insecure\n \ curl_ctype: convert to macros-only\n curl_easy_pause.3: unpausing is as fast as possible\n curl_escape.3: fix typo\n curl_setup: disable use of FLOSS for 64-bit NonStop builds\n curl_setup: include curl.h after platform setup headers\n curl_setup: include only system.h instead of curl.h\n \ curl_strequal.3: fix argument typo\n curl_url_set.3: document CURLU_APPENDQUERY proper\n CURLMOPT_PIPELINING.3: dedup manpage xref\n CURLOPT_ACCEPT_ENCODING.3: remove \"four\" as they are five\n CURLOPT_AUTOREFERER.3: highlight the privacy leak risk\n CURLOPT_COOKIEFILE: insist on \"\" for enable-without-file\n \ CURLOPT_COOKIELIST.3: fix formatting mistake\n CURLOPT_DNS_INTERFACE.3: mention it works for almost all protocols\n CURLOPT_MIMEPOST.3: add an (inline) example\n CURLOPT_POSTFIELDS.3: refer to CURLOPT_MIMEPOST\n CURLOPT_PROXY_SSLCERT_BLOB.3: this is for HTTPS proxies\n CURLOPT_WILDCARDMATCH.3: Fix backslash escaping under single quotes\n CURLSHOPT_UNLOCKFUNC.3: the callback has no 'access' argument\n DEPRECATE.md: Support for systems without 64 bit data types\n \ docs/examples: avoid deprecated options in examples where possible\n docs/INSTALL: update Android Instructions for newer NDKs\n docs/libcurl/symbols-in-versions: add several missing symbols\n docs: 100+ spellfixes\n docs: correct missing uppercase in Markdown files\n docs: document more server names for test files\n docs: fix deprecation versions inconsistencies\n docs: make sure libcurl opts examples pass in long arguments\n docs: remove mentions of deprecated '--without-openssl' parameter\n docs: tag curl options better in man pages\n docs: tell about disabled protocols in CURLOPT_*PROTOCOLS_STR.\n \ docs: update sourceforge project links\n easy: fix the #include order\n \ easy: fix the altsvc init for curl_easy_duphandle\n easy_lock: check for HAVE_STDATOMIC_H as well\n examples/chkspeed: improve portability\n \ formdata: fix warning: 'CURLformoption' is promoted to 'int'\n ftp: ignore a 550 response to MDTM\n ftp: remove redundant if\n functypes: provide the recv and send arg and return types\n getparameter: return PARAM_MANUAL_REQUESTED for -M even when disabled\n GHA: build tests in a separate step from the running of them\n GHA: run proselint on markdown files\n github: initial CODEOWNERS setup for CI configuration\n header: define public API functions as extern c\n headers: reset the requests counter at transfer start\n hostip: guard PF_INET6 use\n hostip: lazily wait to figure out if IPv6 works until needed\n http, vauth: always provide Curl_allow_auth_to_host() functionality\n \ http2: make nghttp2 less picky about field whitespace\n HTTP3.md: update Caddy example\n http: try parsing Retry-After: as a number first\n \ http_proxy: restore the protocol pointer on error\n httpput-postfields.c: shorten string for C89 compliance\n ldap: delete stray CURL_HAS_MOZILLA_LDAP reference\n lib1560: extended to verify detect/reject of unknown schemes\n \ lib517: fix C89 constant signedness\n lib: add missing limits.h includes\n \ lib: add required Win32 setup definitions in setup-win32.h\n lib: prepare the incoming of additional protocols\n lib: sanitize conditional exclusion around MIME\n lib: set more flags in config-win32.h\n lib: the number four in a sequence is the \"fourth\"\n libssh: if sftp_init fails, don't get the sftp error code\n Makefile.m32: deduplicate build rules\n \ Makefile.m32: drop CROSSPREFIX and our CC/AR defaults\n Makefile.m32: exclude libs & libpaths for shared mode exes\n Makefile.m32: fix regression with tool_hugehelp\n Makefile.m32: major rework\n Makefile.m32: reintroduce CROSSPREFIX and -W -Wall\n Makefile.m32: support more options\n manpage-syntax.pl: all libcurl option symbols should be \\fI-tagged\n manpages: Fix spelling of \"allows to\" -> \"allows one to\"\n misc: ISSPACE() => ISBLANK()\n misc: use the term \"null-terminate\" consistently\n mprintf: reject two kinds of precision for the same argument\n mprintf: use snprintf if available\n \ mqtt: return error for too long topic\n mqtt: spell out CONNECT in comments\n msh3: change the static_assert to make the code C89\n netrc: compare user name case sensitively\n netrc: replace fgets with Curl_get_line\n \ netrc: use the URL-decoded user\n ngtcp2: fix build errors due to changes in ngtcp2 library\n ngtcp2: fix C89 compliance nit\n noproxy: support proxies specified using cidr notation\n openssl: make certinfo available for QUIC\n README.md: add GHA status badges for Linux and macOS builds\n \ RELEASE-PROCEDURE.md: mention patch releases\n resolve: make forced IPv4 resolve only use A queries\n runtests: fix uninitialized value on ignored tests\n schannel: ban server ALPN change during recv renegotiation\n schannel: don't reset recv/send function pointers on renegotiation\n schannel: when importing PFX, disable key persistence\n scripts: use `grep -E` instead of `egrep`\n setopt: use the handler table for protocol name to number conversions\n \ setopt: when POST is set, reset the 'upload' field\n setup-win32: no longer define UNICODE/_UNICODE implicitly\n single_transfer: use the libcurl URL parser when appending query parts\n smb: replace CURL_WIN32 with WIN32\n strcase: add and use Curl_timestrcmp\n strerror: improve two URL API error messages\n symbol-scan.pl: also check for LIBCURL* symbols\n \ symbol-scan.pl: scan and verify .3 man pages\n symbols-in-versions: add missing LIBCURL* symbols\n symbols-in-versions: CURLOPT_ENCODING is deprecated since 7.21.6\n test1119: scan all public headers\n test1275: verify uppercase after period in markdown\n test972: verify the output without using external tool\n tests/certs/scripts: insert standard curl source headers\n \ tests/Makefile: remove run time stats from ci-test\n tests: avoid CreateThread if _beginthreadex is available\n tests: fix tag syntax errors in test files\n tests: skip mime/form tests when mime is not built-in\n \ tidy-up: delete parallel/unused feature flags\n tidy-up: delete unused HAVE_STRUCT_POLLFD\n TODO: provide the error body from a CONNECT response\n \ tool: avoid generating ambiguous escaped characters in --libcurl\n tool: remove dead code\n tool: reorganize function c_escape around a dynbuf\n \ tool_hugehelp: make hugehelp a blank macro when disabled\n tool_main: exit at once if out of file descriptors\n tool_operate: avoid a few #ifdefs for disabled-libcurl builds\n tool_operate: more transfer cleanup after parallel transfer fail\n tool_operate: prevent over-queuing in parallel mode\n tool_operate: reduce errorbuffer allocs\n tool_paramhelp: asserts verify maximum sizes for string loading\n tool_paramhelp: make the max argument a 'double'\n tool_progress: remove 'Qd' from the parallel progress bar\n \ tool_setopt: use better English in --libcurl source comments\n tool_xattr: save the original URL, not the final redirected one\n unit test 1655: make it C89-compliant\n url: a zero-length userinfo part in the URL is still a (blank) user\n url: allow non-HTTPS HSTS-matching for debug builds\n url: rename function due to name-clash in Watt-32\n url: use IDN decoded names for HSTS checks\n urlapi: detect scheme better when not guessing\n urlapi: fix parsing URL without slash with CURLU_URLENCODE\n urlapi: leaner with fewer allocs\n urlapi: reject more bad characters from the host name field\n \ winbuild/MakefileBuild.vc: handle spaces in libssh(2) include paths\n winbuild: use NMake batch-rules for compilation\n windows: add .rc support to autotools builds\n windows: adjust name of two internal public functions\n windows: autotools .rc warnings fixup\n wolfSSL: fix session management bug.\n" module: pkgsrc subject: 'CVS commit: [pkgsrc-2022Q3] pkgsrc/www/curl' unixtime: '1667675368' user: bsiegert