Received: by mail.netbsd.org (Postfix, from userid 605) id CFE2B84D44; Sat, 16 Feb 2019 15:59:05 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 57CCF84D21 for ; Sat, 16 Feb 2019 15:59:05 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id mkVyh7jYT4EI for ; Sat, 16 Feb 2019 15:59:04 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 5D42584D02 for ; Sat, 16 Feb 2019 15:59:04 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 57AB7FB16; Sat, 16 Feb 2019 15:59:04 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1550332744104220" MIME-Version: 1.0 Date: Sat, 16 Feb 2019 15:59:04 +0000 From: "Benny Siegert" Subject: CVS commit: [pkgsrc-2018Q4] pkgsrc/www/curl To: pkgsrc-changes@NetBSD.org Reply-To: bsiegert@netbsd.org X-Mailer: log_accum Message-Id: <20190216155904.57AB7FB16@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1550332744104220 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: bsiegert Date: Sat Feb 16 15:59:04 UTC 2019 Modified Files: pkgsrc/www/curl [pkgsrc-2018Q4]: Makefile PLIST distinfo Log Message: Pullup ticket #5910 - requested by mlelstv www/curl: security fix Revisions pulled up: - www/curl/Makefile 1.207 - www/curl/PLIST 1.73 - www/curl/distinfo 1.150 --- Module Name: pkgsrc Committed By: adam Date: Wed Feb 6 08:02:48 UTC 2019 Modified Files: pkgsrc/www/curl: Makefile PLIST distinfo Log Message: curl: updated to 7.64.0 curl and libcurl 7.64.0 This release includes the following changes: * cookies: leave secure cookies alone * hostip: support wildcard hosts * http: Implement trailing headers for chunked transfers * http: added options for allowing HTTP/0.9 responses * timeval: Use high resolution timestamps on Windows This release includes the following bugfixes: * CVE-2018-16890: NTLM type-2 out-of-bounds buffer read * CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow * CVE-2019-3823: SMTP end-of-response out-of-bounds read * FAQ: remove mention of sourceforge for github * OS400: handle memory error in list conversion * OS400: upgrade ILE/RPG binding. * README: add codacy code quality badge * Revert http_negotiate: do not close connection * THANKS: added several missing names from year <= 2000 * build: make 'tidy' target work for metalink builds * cmake: added checks for variadic macros * cmake: updated check for HAVE_POLL_FINE to match autotools * cmake: use lowercase for function name like the rest of the code * configure: detect xlclang separately from clang * configure: fix recv/send/select detection on Android * configure: rewrite --enable-code-coverage * conncache_unlock: avoid indirection by changing input argument type * cookie: fix comment typo * cookies: allow secure override when done over HTTPS * cookies: extend domain checks to non psl builds * cookies: skip custom cookies when redirecting cross-site * curl --xattr: strip credentials from any URL that is stored * curl -J: refuse to append to the destination file * curl/urlapi.h: include "curl.h" first * curl_multi_remove_handle() don't block terminating c-ares requests * darwinssl: accept setting max-tls with default min-tls * disconnect: separate connections and easy handles better * disconnect: set conn->data for protocol disconnect * docs/version.d: mention MultiSSL * docs: fix the --tls-max description * docs: use $(INSTALL_DATA) to install man page * docs: use meaningless port number in CURLOPT_LOCALPORT example * gopher: always include the entire gopher-path in request * http2: clear pause stream id if it gets closed * if2ip: remove unused function Curl_if_is_interface_name * libssh: do not let libssh create socket * libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh * libssh: free sftp_canonicalize_path() data correctly * libtest/stub_gssapi: use "real" snprintf * mbedtls: use VERIFYHOST * multi: multiplexing improvements * multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time * ntlm: fix NTMLv2 compliance * ntlm_sspi: add support for channel binding * openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated * openssl: fix the SSL_get_tlsext_status_ocsp_resp call * openvms: fix OpenSSL discovery on VAX * openvms: fix typos in documentation * os400: add a missing closing bracket * os400: fix extra parameter syntax error * pingpong: change default response timeout to 120 seconds * pingpong: ignore regular timeout in disconnect phase * printf: fix format specifiers * runtests.pl: Fix perl call to include srcdir * schannel: fix compiler warning * schannel: preserve original certificate path parameter * schannel: stop calling it "winssl" * sigpipe: if mbedTLS is used, ignore SIGPIPE * smb: fix incorrect path in request if connection reused * ssh: log the libssh2 error message when ssh session startup fails * test1558: verify CURLINFO_PROTOCOL on file:// transfer * test1561: improve test name * test1653: make it survive torture tests * tests: allow tests to pass by 2037-02-12 * tests: move objnames-* from lib into tests * timediff: fix math for unsigned time_t * timeval: Disable MSVC Analyzer GetTickCount warning * tool_cb_prg: avoid integer overflow * travis: added cmake build for osx * urlapi: Fix port parsing of eol colon * urlapi: distinguish possibly empty query * urlapi: fix parsing ipv6 with zone index * urldata: rename easy_conn to just conn * winbuild: conditionally use /DZLIB_WINAPI * wolfssl: fix memory-leak in threaded use * spnego_sspi: add support for channel binding To generate a diff of this commit: cvs rdiff -u -r1.205 -r1.205.2.1 pkgsrc/www/curl/Makefile cvs rdiff -u -r1.72 -r1.72.2.1 pkgsrc/www/curl/PLIST cvs rdiff -u -r1.149 -r1.149.2.1 pkgsrc/www/curl/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1550332744104220 Content-Disposition: inline Content-Length: 3636 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/www/curl/Makefile diff -u pkgsrc/www/curl/Makefile:1.205 pkgsrc/www/curl/Makefile:1.205.2.1 --- pkgsrc/www/curl/Makefile:1.205 Thu Dec 13 19:51:38 2018 +++ pkgsrc/www/curl/Makefile Sat Feb 16 15:59:04 2019 @@ -1,10 +1,9 @@ -# $NetBSD: Makefile,v 1.205 2018/12/13 19:51:38 adam Exp $ +# $NetBSD: Makefile,v 1.205.2.1 2019/02/16 15:59:04 bsiegert Exp $ -DISTNAME= curl-7.63.0 -PKGREVISION= 1 +DISTNAME= curl-7.64.0 CATEGORIES= www MASTER_SITES= https://curl.haxx.se/download/ -EXTRACT_SUFX= .tar.bz2 +EXTRACT_SUFX= .tar.xz MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= https://curl.haxx.se/ @@ -22,13 +21,10 @@ CONFIGURE_ARGS+= --with-ssl=${BUILDLINK_ CONFIGURE_ARGS+= --with-ca-path=${SSLCERTS} CONFIGURE_ARGS+= --with-zlib=${BUILDLINK_PREFIX.zlib} PKGCONFIG_OVERRIDE= libcurl.pc.in +TEST_TARGET= check INSTALLATION_DIRS= share/doc/curl -.include "../../mk/bsd.prefs.mk" - -TEST_TARGET= check - .include "options.mk" post-install: @@ -36,8 +32,8 @@ post-install: ${INSTALL_DATA} ${WRKSRC}/docs/${f} ${DESTDIR}${PREFIX}/share/doc/curl/ .endfor -.include "../../mk/pthread.buildlink3.mk" .include "../../devel/gettext-lib/buildlink3.mk" .include "../../devel/zlib/buildlink3.mk" .include "../../security/openssl/buildlink3.mk" +.include "../../mk/pthread.buildlink3.mk" .include "../../mk/bsd.pkg.mk" Index: pkgsrc/www/curl/PLIST diff -u pkgsrc/www/curl/PLIST:1.72 pkgsrc/www/curl/PLIST:1.72.2.1 --- pkgsrc/www/curl/PLIST:1.72 Wed Dec 12 11:09:55 2018 +++ pkgsrc/www/curl/PLIST Sat Feb 16 15:59:04 2019 @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.72 2018/12/12 11:09:55 leot Exp $ +@comment $NetBSD: PLIST,v 1.72.2.1 2019/02/16 15:59:04 bsiegert Exp $ bin/curl bin/curl-config include/curl/curl.h @@ -166,6 +166,7 @@ man/man3/CURLOPT_HEADER.3 man/man3/CURLOPT_HEADERDATA.3 man/man3/CURLOPT_HEADERFUNCTION.3 man/man3/CURLOPT_HEADEROPT.3 +man/man3/CURLOPT_HTTP09_ALLOWED.3 man/man3/CURLOPT_HTTP200ALIASES.3 man/man3/CURLOPT_HTTPAUTH.3 man/man3/CURLOPT_HTTPGET.3 @@ -336,6 +337,8 @@ man/man3/CURLOPT_TLS13_CIPHERS.3 man/man3/CURLOPT_TLSAUTH_PASSWORD.3 man/man3/CURLOPT_TLSAUTH_TYPE.3 man/man3/CURLOPT_TLSAUTH_USERNAME.3 +man/man3/CURLOPT_TRAILERDATA.3 +man/man3/CURLOPT_TRAILERFUNCTION.3 man/man3/CURLOPT_TRANSFERTEXT.3 man/man3/CURLOPT_TRANSFER_ENCODING.3 man/man3/CURLOPT_UNIX_SOCKET_PATH.3 Index: pkgsrc/www/curl/distinfo diff -u pkgsrc/www/curl/distinfo:1.149 pkgsrc/www/curl/distinfo:1.149.2.1 --- pkgsrc/www/curl/distinfo:1.149 Wed Dec 12 11:09:55 2018 +++ pkgsrc/www/curl/distinfo Sat Feb 16 15:59:04 2019 @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.149 2018/12/12 11:09:55 leot Exp $ +$NetBSD: distinfo,v 1.149.2.1 2019/02/16 15:59:04 bsiegert Exp $ -SHA1 (curl-7.63.0.tar.bz2) = 78557209ce20e7283c4407a03c57036ba9242e40 -RMD160 (curl-7.63.0.tar.bz2) = b4494d189022ae210ed4119a2cf1cba6fb353dd4 -SHA512 (curl-7.63.0.tar.bz2) = 2873ef57b15cf12e508626f4546f6e06450cb87b239be1d26d9b3a22f7533d76eebabb5fa00e7b8c5d7fc9854356997ce164afb069411d079b2b9f0bdb00db25 -Size (curl-7.63.0.tar.bz2) = 3001355 bytes +SHA1 (curl-7.64.0.tar.xz) = 7539acc0742c2fb1472bc2904f0bd58eeebc011a +RMD160 (curl-7.64.0.tar.xz) = 40806b3ea50ddab9d2f063dad37e81fdf6b04a17 +SHA512 (curl-7.64.0.tar.xz) = 953f1f5336ce5dfd1b9f933624432d401552d91ee02d39ecde6f023c956f99ec6aae8d7746d7c34b6eb2d6452f114e67da4e64d9c8dd90b7644b7844e7b9b423 +Size (curl-7.64.0.tar.xz) = 2398904 bytes SHA1 (patch-configure) = 9b65a0b9564b7226942d1d1efef576b381a9755e SHA1 (patch-curl-config.in) = 363359665985cc14f36ddf47fc3480f1200e3533 SHA1 (patch-lib_hostcheck.c) = 8e772d3f91cdafae17281cc19004269ece0cf308 --_----------=_1550332744104220--