Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id B505084EC5 for ; Fri, 13 Oct 2023 09:38:43 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id 3X1_WCsUT0HS for ; Fri, 13 Oct 2023 09:38:42 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 1CA1C84EA5 for ; Fri, 13 Oct 2023 09:38:42 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 10BE6FADC; Fri, 13 Oct 2023 09:38:42 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1697189922293400" MIME-Version: 1.0 Date: Fri, 13 Oct 2023 09:38:42 +0000 From: "Benny Siegert" Subject: CVS commit: [pkgsrc-2023Q3] pkgsrc/www To: pkgsrc-changes@NetBSD.org Approved: commit_and_comment Reply-To: bsiegert@netbsd.org X-Mailer: log_accum Message-Id: <20231013093842.10BE6FADC@cvs.NetBSD.org> This is a multi-part message in MIME format. --_----------=_1697189922293400 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: bsiegert Date: Fri Oct 13 09:38:41 UTC 2023 Modified Files: pkgsrc/www/curl [pkgsrc-2023Q3]: Makefile.common PLIST distinfo pkgsrc/www/curl/patches [pkgsrc-2023Q3]: patch-configure pkgsrc/www/libcurl-gnutls [pkgsrc-2023Q3]: distinfo Log Message: Pullup ticket #6809 - requested by leot www/curl: security fix Revisions pulled up (via patch): - www/curl/Makefile.common 1.8 - www/curl/PLIST 1.96 - www/curl/distinfo 1.199 - www/curl/patches/patch-configure 1.18 - www/libcurl-gnutls/distinfo 1.6 --- Module Name: pkgsrc Committed By: adam Date: Wed Oct 11 07:16:03 UTC 2023 Modified Files: pkgsrc/www/curl: Makefile.common PLIST distinfo pkgsrc/www/curl/patches: patch-configure pkgsrc/www/libcurl-gnutls: distinfo Log Message: curl libcurl-gnutls: updated to 8.4.0 Fixed in 8.4.0 - October 11 2023 Changes: curl: add support for the IPFS protocols via HTTP gateway curl_multi_get_handles: get easy handles from a multi handle mingw: delete support for legacy mingw.org toolchain Bugfixes: acinclude.m4: Document proper system truststore on FreeBSD appveyor: fix yamlint issues, indent appveyor: rewrite batch in PowerShell + CI improvements autotools: adjust `CURL_CA_PATH` value to CMake autotools: restore `HAVE_IOCTL_*` detections base64: also build for curl bufq: remove Curl_bufq_skip_and_shift (unused) build: delete checks for C89 standard headers build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros cf-socket: simulate slow/blocked receives in debug cmake, configure: also link with CoreServices cmake: add check for suseconds_t cmake: add feature checks for `memrchr` and `getifaddrs` cmake: add missing checks cmake: delete old `HAVE_LDAP_URL_PARSE` logic cmake: detect `HAVE_CLOCK_GETTIME_MONOTONIC_RAW` cmake: detect `HAVE_GETADDRINFO_THREADSAFE` cmake: detect `sys/wait.h` and `netinet/udp.h` cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS cmake: disable unity mode with Windows Unicode + TrackMemory cmake: fix `HAVE_LDAP_SSL`, `HAVE_LDAP_URL_PARSE` on non-Windows cmake: fix `HAVE_WRITABLE_ARGV` detection cmake: fix duplicate symbols when linking tests cmake: fix missing `zlib.h` when compiling `libcurltool` cmake: fix stderr initialization in unity builds cmake: fix the help text to the static build option in CMakeLists.txt cmake: fix unity builds for more build combinations cmake: fix unity symbol collisions in h2 builds cmake: fix unity with Windows Unicode + TrackMemory cmake: improve OpenLDAP builds cmake: lib `CURL_STATICLIB` fixes (Windows) cmake: move global headers to specific checks cmake: pre-cache `HAVE_BASENAME` for mingw-w64 and MSVC cmake: pre-cache `HAVE_POLL_FINE` on Windows cmake: tidy-up `NOT_NEED_LBER_H` detection cmake: validate `CURL_DEFAULT_SSL_BACKEND` config value configure: check for the capath by default configure: remove unused checks configure: replace adhoc domain with `localhost` in tests configure: sort AC_CHECK_FUNCS connect: expire the timeout when trying next connect: only start the happy eyeballs timer when needed cookie: do not store the expire or max-age strings cookie: remove unnecessary struct fields cookie: set ->running in cookie_init even if data is NULL create-dirs.d: clarify it also uses --output-dirs curl.h: mark CURLSSLBACKEND_NSS as deprecated since 8.3.0 curl_easy_pause.3: mention h2/h3 buffering curl_easy_pause.3: mention it works within callbacks curl_easy_pause: set "in callback" true on exit if true CURLOPT_DEBUGFUNCTION.3: warn about internal handles docs/libcurl/opts/Makefile.inc: add missing manpage files docs: adapt SEE ALSO sections to new requirements docs: explain how PINNEDPUBLICKEY is independent of VERIFYPEER docs: replace made up domains with example.com docs: update curl man page references docs: use CURLSSLBACKEND_NONE doh: inherit DEBUGFUNCTION/DATA escape: replace Curl_isunreserved with ISUNRESERVED FAQ: How do I upgrade curl.exe in Windows? GHA/linux: run singleuse to detect single-use global functions GHA: add workflow to compare configure vs cmake outputs h2-proxy: remove left-over mistake in drain_tunnel() h2: testcase and fix for pausing h2 streams h3: add support for ngtcp2 with AWS-LC builds http2: refused stream handling for retry http: fix CURL_DISABLE_BEARER_AUTH breakage http: h1/h2 proxy unification http: remove wrong comment for http_should_fail http: use per-request counter to check too large headers http_aws_sigv4: fix sorting with empty parts idn: fix WinIDN null ptr deref on bad host idn: if idn2_check_version returns NULL, return error inet_ntop: add typecast to silence Coverity lib: disambiguate Curl_client_write flag semantics lib: enable hmac for digest as well lib: failf/infof compiler warnings lib: let the max filesize option stop too big transfers too lib: move handling of `data->req.writer_stack` into Curl_client_write() lib: provide and use Curl_hexencode lib: remove TIME_WITH_SYS_TIME lib: use wrapper for curl_mime_data fseek callback libssh2: fix error message on failed pubkey-from-file libssh: cap SFTP packet size sent Makefile.mk: always set `CURL_STATICLIB` for lib (Windows) MANUAL.md: change domain to example.com misc: better random strings MQTT: improve receive of ACKs multi: do CURLM_CALL_MULTI_PERFORM at two more places multi: fix small timeouts multi: remove Curl_multi_dump multi: round the timeout up to prevent early wakeups multi: set CURLM_CALL_MULTI_PERFORM after switch to DOING_MORE openssl: improve ssl shutdown handling openssl: use X509_ALGOR_get0 instead of reaching into X509_ALGOR pytest: exclude test_03_goaway in CI runs due to timing dependency quic: set ciphers/curves the same way regular TLS does quiche: fix build error with --with-ca-fallback RELEASE-PROCEDURE.md: updated coming release dates runtests: display the test status if tests appear hung runtests: eliminate a warning on old perl versions socks: return error if hostname too long for remote resolve src/mkhelp: make generated code pass `checksrc` test1056: disable on Windows test1474: disable test on NetBSD, OpenBSD and Solaris 10 test1592: greatly increase the maximum test timeout test1903: actually verify the cookies after the test test1906: set a lower timeout since it's hit on Windows test2600: remove special case handling for USE_ALARM_TIMEOUT test650: fix an end tag typo test661: return from test early in case of curl error test: add missing s tests: close the shell used to start sshd tests: fix a race condition in ftp server disconnect tests: fix compiler warnings tests: Fix zombie processes left behind by FTP tests. tests: improve SLOWDOWN test reliability by reducing sent data tests: increase lib571 timeout from 3s to 30s tests: log the test result code after each libtest tests: propagate errors in libtests tests: set --expect100-timeout to improve test reliability tests: show which curl tool `runtests.pl` is using tests: stop overriding the lock timeout tftpd: always use curl's own tftp.h tool: use our own stderr variable tool_cb_wrt: fix debug assertion tool_getparam: accept variable expansion on file names too tool_setopt: remove unused function tool_setopt_flags upload-file.d: describe the file name slash/backslash handling url: fall back to http/https proxy env-variable if ws/wss not set url: fix netrc info message warnless: remove unused functions wolfssh: do cleanup in Curl_ssh_cleanup wolfssl: allow capath with CURLOPT_CAINFO_BLOB wolfssl: if CURLOPT_CAINFO_BLOB is set, ignore the CA files wolfssl: ignore errors in CA path To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.6.2.1 pkgsrc/www/curl/Makefile.common cvs rdiff -u -r1.95 -r1.95.2.1 pkgsrc/www/curl/PLIST cvs rdiff -u -r1.197 -r1.197.2.1 pkgsrc/www/curl/distinfo cvs rdiff -u -r1.16 -r1.16.12.1 pkgsrc/www/curl/patches/patch-configure cvs rdiff -u -r1.5 -r1.5.2.1 pkgsrc/www/libcurl-gnutls/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1697189922293400 Content-Disposition: inline Content-Length: 8443 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/www/curl/Makefile.common diff -u pkgsrc/www/curl/Makefile.common:1.6 pkgsrc/www/curl/Makefile.common:1.6.2.1 --- pkgsrc/www/curl/Makefile.common:1.6 Wed Sep 13 08:15:05 2023 +++ pkgsrc/www/curl/Makefile.common Fri Oct 13 09:38:41 2023 @@ -1,7 +1,7 @@ -# $NetBSD: Makefile.common,v 1.6 2023/09/13 08:15:05 adam Exp $ +# $NetBSD: Makefile.common,v 1.6.2.1 2023/10/13 09:38:41 bsiegert Exp $ # used by www/libcurl-gnutls/Makefile -DISTNAME= curl-8.3.0 +DISTNAME= curl-8.4.0 CATEGORIES= www MASTER_SITES= https://curl.se/download/ EXTRACT_SUFX= .tar.xz Index: pkgsrc/www/curl/PLIST diff -u pkgsrc/www/curl/PLIST:1.95 pkgsrc/www/curl/PLIST:1.95.2.1 --- pkgsrc/www/curl/PLIST:1.95 Wed Sep 13 08:15:05 2023 +++ pkgsrc/www/curl/PLIST Fri Oct 13 09:38:41 2023 @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.95 2023/09/13 08:15:05 adam Exp $ +@comment $NetBSD: PLIST,v 1.95.2.1 2023/10/13 09:38:41 bsiegert Exp $ bin/curl bin/curl-config include/curl/curl.h @@ -26,6 +26,7 @@ man/man3/CURLINFO_CERTINFO.3 man/man3/CURLINFO_CONDITION_UNMET.3 man/man3/CURLINFO_CONNECT_TIME.3 man/man3/CURLINFO_CONNECT_TIME_T.3 +man/man3/CURLINFO_CONN_ID.3 man/man3/CURLINFO_CONTENT_LENGTH_DOWNLOAD.3 man/man3/CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.3 man/man3/CURLINFO_CONTENT_LENGTH_UPLOAD.3 @@ -86,6 +87,7 @@ man/man3/CURLINFO_TLS_SESSION.3 man/man3/CURLINFO_TLS_SSL_PTR.3 man/man3/CURLINFO_TOTAL_TIME.3 man/man3/CURLINFO_TOTAL_TIME_T.3 +man/man3/CURLINFO_XFER_ID.3 man/man3/CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.3 man/man3/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.3 man/man3/CURLMOPT_MAXCONNECTS.3 @@ -297,6 +299,7 @@ man/man3/CURLOPT_PROXY_TLSAUTH_TYPE.3 man/man3/CURLOPT_PROXY_TLSAUTH_USERNAME.3 man/man3/CURLOPT_PROXY_TRANSFER_MODE.3 man/man3/CURLOPT_PUT.3 +man/man3/CURLOPT_QUICK_EXIT.3 man/man3/CURLOPT_QUOTE.3 man/man3/CURLOPT_RANDOM_FILE.3 man/man3/CURLOPT_RANGE.3 @@ -331,6 +334,8 @@ man/man3/CURLOPT_SOCKS5_GSSAPI_NEC.3 man/man3/CURLOPT_SOCKS5_GSSAPI_SERVICE.3 man/man3/CURLOPT_SSH_AUTH_TYPES.3 man/man3/CURLOPT_SSH_COMPRESSION.3 +man/man3/CURLOPT_SSH_HOSTKEYDATA.3 +man/man3/CURLOPT_SSH_HOSTKEYFUNCTION.3 man/man3/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.3 man/man3/CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256.3 man/man3/CURLOPT_SSH_KEYDATA.3 @@ -456,6 +461,7 @@ man/man3/curl_multi_add_handle.3 man/man3/curl_multi_assign.3 man/man3/curl_multi_cleanup.3 man/man3/curl_multi_fdset.3 +man/man3/curl_multi_get_handles.3 man/man3/curl_multi_info_read.3 man/man3/curl_multi_init.3 man/man3/curl_multi_perform.3 @@ -492,6 +498,7 @@ man/man3/curl_ws_meta.3 man/man3/curl_ws_recv.3 man/man3/curl_ws_send.3 man/man3/libcurl-easy.3 +man/man3/libcurl-env-dbg.3 man/man3/libcurl-env.3 man/man3/libcurl-errors.3 man/man3/libcurl-multi.3 Index: pkgsrc/www/curl/distinfo diff -u pkgsrc/www/curl/distinfo:1.197 pkgsrc/www/curl/distinfo:1.197.2.1 --- pkgsrc/www/curl/distinfo:1.197 Wed Sep 13 08:15:05 2023 +++ pkgsrc/www/curl/distinfo Fri Oct 13 09:38:41 2023 @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.197 2023/09/13 08:15:05 adam Exp $ +$NetBSD: distinfo,v 1.197.2.1 2023/10/13 09:38:41 bsiegert Exp $ -BLAKE2s (curl-8.3.0.tar.xz) = f5bf62169d53dffc0fb6b7c1bcfd1c0874a1fafc7afd34d9500a9dd606d8b6d8 -SHA512 (curl-8.3.0.tar.xz) = 6404b4c74fe1185cb482631ca3a143996cb7298d0d8a76bfafd7696e7729c00559999a069bdba782dee3f3eb273fb678a4438cb27d3deca54022878cdff83a51 -Size (curl-8.3.0.tar.xz) = 2641764 bytes -SHA1 (patch-configure) = ae123a94fa84ef99dfc1dadd596ac86ef0d143fe +BLAKE2s (curl-8.4.0.tar.xz) = cdd3a11e796f83496f8299471bcbb6e600919c3677aff50de1121bd05ab8aaaf +SHA512 (curl-8.4.0.tar.xz) = 7027dbf3b759b39d6ec9c4da58fadd254e84bb93bff599541b3bc3135bad4c2955c6237d7ddd60973f9f1a6948bc32d7e312985fb50658bc958b9f22fee74f2b +Size (curl-8.4.0.tar.xz) = 2658376 bytes +SHA1 (patch-configure) = e24042bf5e032bbc5e57a4ef0eb5b651944d9bc8 SHA1 (patch-curl-config.in) = a58c777fc1a0a087776e62ed2e2a1e0a339716df Index: pkgsrc/www/curl/patches/patch-configure diff -u pkgsrc/www/curl/patches/patch-configure:1.16 pkgsrc/www/curl/patches/patch-configure:1.16.12.1 --- pkgsrc/www/curl/patches/patch-configure:1.16 Wed Apr 27 07:51:20 2022 +++ pkgsrc/www/curl/patches/patch-configure Fri Oct 13 09:38:41 2023 @@ -1,4 +1,4 @@ -$NetBSD: patch-configure,v 1.16 2022/04/27 07:51:20 wiz Exp $ +$NetBSD: patch-configure,v 1.16.12.1 2023/10/13 09:38:41 bsiegert Exp $ - Builtin krb5-config in platforms such as solaris do not support the gssapi option, and need an explicit -lgss @@ -6,9 +6,9 @@ $NetBSD: patch-configure,v 1.16 2022/04/ - Do not strip debug flags. - Support Minix. ---- configure.orig 2022-04-25 07:31:45.000000000 +0000 +--- configure.orig 2023-10-09 06:22:20.000000000 +0000 +++ configure -@@ -4246,6 +4246,7 @@ printf "%s\n" "$as_me: $xc_bad_var_msg l +@@ -4282,6 +4282,7 @@ printf "%s\n" "$as_me: $xc_bad_var_msg l ;; esac done @@ -16,7 +16,7 @@ $NetBSD: patch-configure,v 1.16 2022/04/ if test $xc_bad_var_cflags = yes; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: using CFLAGS: $CFLAGS" >&5 printf "%s\n" "$as_me: using CFLAGS: $CFLAGS" >&6;} -@@ -8648,7 +8649,7 @@ else $as_nop +@@ -9167,7 +9168,7 @@ else $as_nop lt_cv_sys_max_cmd_len=8192; ;; @@ -25,7 +25,7 @@ $NetBSD: patch-configure,v 1.16 2022/04/ # This has been around since 386BSD, at least. Likely further. if test -x /sbin/sysctl; then lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` -@@ -9236,12 +9237,8 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu +@@ -9755,12 +9756,8 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu lt_cv_deplibs_check_method=pass_all ;; @@ -40,7 +40,7 @@ $NetBSD: patch-configure,v 1.16 2022/04/ ;; newos6*) -@@ -13520,14 +13517,13 @@ _LT_EOF +@@ -14010,14 +14007,13 @@ _LT_EOF fi ;; @@ -62,7 +62,7 @@ $NetBSD: patch-configure,v 1.16 2022/04/ ;; solaris*) -@@ -14218,15 +14214,13 @@ printf "%s\n" "$lt_cv_irix_exported_symb +@@ -14708,15 +14704,13 @@ printf "%s\n" "$lt_cv_irix_exported_symb esac ;; @@ -83,7 +83,7 @@ $NetBSD: patch-configure,v 1.16 2022/04/ ;; newsos6) -@@ -15337,6 +15331,18 @@ fi +@@ -15827,6 +15821,18 @@ fi dynamic_linker='GNU/Linux ld.so' ;; @@ -102,7 +102,7 @@ $NetBSD: patch-configure,v 1.16 2022/04/ netbsdelf*-gnu) version_type=linux need_lib_prefix=no -@@ -17794,7 +17800,7 @@ squeeze() { +@@ -18465,7 +18471,7 @@ squeeze() { # @@ -111,7 +111,7 @@ $NetBSD: patch-configure,v 1.16 2022/04/ # tmp_save_CPPFLAGS="$CPPFLAGS" tmp_save_CFLAGS="$CFLAGS" -@@ -18087,13 +18093,6 @@ printf %s "checking if compiler accepts +@@ -18760,13 +18766,6 @@ printf %s "checking if compiler accepts tmp_options="$flags_dbg_yes" fi # @@ -125,7 +125,7 @@ $NetBSD: patch-configure,v 1.16 2022/04/ squeeze CPPFLAGS squeeze CFLAGS fi -@@ -20853,7 +20852,7 @@ printf "%s\n" "no" >&6; } +@@ -21480,7 +21479,7 @@ printf "%s\n" "no" >&6; } tst_cflags="no" case $host_os in darwin*) @@ -134,7 +134,7 @@ $NetBSD: patch-configure,v 1.16 2022/04/ ;; esac -@@ -25252,7 +25251,7 @@ printf "%s\n" "found" >&6; } +@@ -25920,7 +25919,7 @@ printf "%s\n" "found" >&6; } LIBS="-lgss $LIBS" ;; *) Index: pkgsrc/www/libcurl-gnutls/distinfo diff -u pkgsrc/www/libcurl-gnutls/distinfo:1.5 pkgsrc/www/libcurl-gnutls/distinfo:1.5.2.1 --- pkgsrc/www/libcurl-gnutls/distinfo:1.5 Wed Sep 13 08:15:05 2023 +++ pkgsrc/www/libcurl-gnutls/distinfo Fri Oct 13 09:38:41 2023 @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.5 2023/09/13 08:15:05 adam Exp $ +$NetBSD: distinfo,v 1.5.2.1 2023/10/13 09:38:41 bsiegert Exp $ -BLAKE2s (curl-8.3.0.tar.xz) = f5bf62169d53dffc0fb6b7c1bcfd1c0874a1fafc7afd34d9500a9dd606d8b6d8 -SHA512 (curl-8.3.0.tar.xz) = 6404b4c74fe1185cb482631ca3a143996cb7298d0d8a76bfafd7696e7729c00559999a069bdba782dee3f3eb273fb678a4438cb27d3deca54022878cdff83a51 -Size (curl-8.3.0.tar.xz) = 2641764 bytes +BLAKE2s (curl-8.4.0.tar.xz) = cdd3a11e796f83496f8299471bcbb6e600919c3677aff50de1121bd05ab8aaaf +SHA512 (curl-8.4.0.tar.xz) = 7027dbf3b759b39d6ec9c4da58fadd254e84bb93bff599541b3bc3135bad4c2955c6237d7ddd60973f9f1a6948bc32d7e312985fb50658bc958b9f22fee74f2b +Size (curl-8.4.0.tar.xz) = 2658376 bytes SHA1 (patch-configure) = ae123a94fa84ef99dfc1dadd596ac86ef0d143fe SHA1 (patch-curl-config.in) = a58c777fc1a0a087776e62ed2e2a1e0a339716df --_----------=_1697189922293400--