Wed Feb 6 08:02:48 2019 UTC ()
curl: updated to 7.64.0

curl and libcurl 7.64.0

This release includes the following changes:
* cookies: leave secure cookies alone
* hostip: support wildcard hosts
* http: Implement trailing headers for chunked transfers
* http: added options for allowing HTTP/0.9 responses
* timeval: Use high resolution timestamps on Windows

This release includes the following bugfixes:
* CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
* CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
* CVE-2019-3823: SMTP end-of-response out-of-bounds read
* FAQ: remove mention of sourceforge for github
* OS400: handle memory error in list conversion
* OS400: upgrade ILE/RPG binding.
* README: add codacy code quality badge
* Revert http_negotiate: do not close connection
* THANKS: added several missing names from year <= 2000
* build: make 'tidy' target work for metalink builds
* cmake: added checks for variadic macros
* cmake: updated check for HAVE_POLL_FINE to match autotools
* cmake: use lowercase for function name like the rest of the code
* configure: detect xlclang separately from clang
* configure: fix recv/send/select detection on Android
* configure: rewrite --enable-code-coverage
* conncache_unlock: avoid indirection by changing input argument type
* cookie: fix comment typo
* cookies: allow secure override when done over HTTPS
* cookies: extend domain checks to non psl builds
* cookies: skip custom cookies when redirecting cross-site
* curl --xattr: strip credentials from any URL that is stored
* curl -J: refuse to append to the destination file
* curl/urlapi.h: include "curl.h" first
* curl_multi_remove_handle() don't block terminating c-ares requests
* darwinssl: accept setting max-tls with default min-tls
* disconnect: separate connections and easy handles better
* disconnect: set conn->data for protocol disconnect
* docs/version.d: mention MultiSSL
* docs: fix the --tls-max description
* docs: use $(INSTALL_DATA) to install man page
* docs: use meaningless port number in CURLOPT_LOCALPORT example
* gopher: always include the entire gopher-path in request
* http2: clear pause stream id if it gets closed
* if2ip: remove unused function Curl_if_is_interface_name
* libssh: do not let libssh create socket
* libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
* libssh: free sftp_canonicalize_path() data correctly
* libtest/stub_gssapi: use "real" snprintf
* mbedtls: use VERIFYHOST
* multi: multiplexing improvements
* multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
* ntlm: fix NTMLv2 compliance
* ntlm_sspi: add support for channel binding
* openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
* openssl: fix the SSL_get_tlsext_status_ocsp_resp call
* openvms: fix OpenSSL discovery on VAX
* openvms: fix typos in documentation
* os400: add a missing closing bracket
* os400: fix extra parameter syntax error
* pingpong: change default response timeout to 120 seconds
* pingpong: ignore regular timeout in disconnect phase
* printf: fix format specifiers
* runtests.pl: Fix perl call to include srcdir
* schannel: fix compiler warning
* schannel: preserve original certificate path parameter
* schannel: stop calling it "winssl"
* sigpipe: if mbedTLS is used, ignore SIGPIPE
* smb: fix incorrect path in request if connection reused
* ssh: log the libssh2 error message when ssh session startup fails
* test1558: verify CURLINFO_PROTOCOL on file:// transfer
* test1561: improve test name
* test1653: make it survive torture tests
* tests: allow tests to pass by 2037-02-12
* tests: move objnames-* from lib into tests
* timediff: fix math for unsigned time_t
* timeval: Disable MSVC Analyzer GetTickCount warning
* tool_cb_prg: avoid integer overflow
* travis: added cmake build for osx
* urlapi: Fix port parsing of eol colon
* urlapi: distinguish possibly empty query
* urlapi: fix parsing ipv6 with zone index
* urldata: rename easy_conn to just conn
* winbuild: conditionally use /DZLIB_WINAPI
* wolfssl: fix memory-leak in threaded use
* spnego_sspi: add support for channel binding


(adam)
diff -r1.206 -r1.207 pkgsrc/www/curl/Makefile
diff -r1.72 -r1.73 pkgsrc/www/curl/PLIST
diff -r1.149 -r1.150 pkgsrc/www/curl/distinfo
cvs diff -r1.206 -r1.207 pkgsrc/www/curl/Makefile (expand / switch to unified diff)

--- pkgsrc/www/curl/Makefile 2019/02/01 18:10:21 1.206
+++ pkgsrc/www/curl/Makefile 2019/02/06 08:02:48 1.207
@@ -1,42 +1,38 @@ @@ -1,42 +1,38 @@
1# $NetBSD: Makefile,v 1.206 2019/02/01 18:10:21 gdt Exp $ 1# $NetBSD: Makefile,v 1.207 2019/02/06 08:02:48 adam Exp $
2 2
3DISTNAME= curl-7.63.0 3DISTNAME= curl-7.64.0
4PKGREVISION= 1 
5CATEGORIES= www 4CATEGORIES= www
6MASTER_SITES= https://curl.haxx.se/download/ 5MASTER_SITES= https://curl.haxx.se/download/
7EXTRACT_SUFX= .tar.bz2 6EXTRACT_SUFX= .tar.xz
8 7
9MAINTAINER= pkgsrc-users@NetBSD.org 8MAINTAINER= pkgsrc-users@NetBSD.org
10HOMEPAGE= https://curl.haxx.se/ 9HOMEPAGE= https://curl.haxx.se/
11COMMENT= Client that groks URLs 10COMMENT= Client that groks URLs
12# not completely, but near enough 11# not completely, but near enough
13LICENSE= mit 12LICENSE= mit
14 13
15BUILD_DEFS+= IPV6_READY 14BUILD_DEFS+= IPV6_READY
16 15
17USE_TOOLS+= nroff perl 16USE_TOOLS+= nroff perl
18USE_LIBTOOL= yes 17USE_LIBTOOL= yes
19GNU_CONFIGURE= yes 18GNU_CONFIGURE= yes
20CONFIGURE_ARGS+= --with-ssl=${BUILDLINK_PREFIX.openssl} 19CONFIGURE_ARGS+= --with-ssl=${BUILDLINK_PREFIX.openssl}
21CONFIGURE_ARGS+= --with-ca-path=${SSLCERTS} 20CONFIGURE_ARGS+= --with-ca-path=${SSLCERTS}
22CONFIGURE_ARGS+= --with-zlib=${BUILDLINK_PREFIX.zlib} 21CONFIGURE_ARGS+= --with-zlib=${BUILDLINK_PREFIX.zlib}
23PKGCONFIG_OVERRIDE= libcurl.pc.in 22PKGCONFIG_OVERRIDE= libcurl.pc.in
 23TEST_TARGET= check
24 24
25INSTALLATION_DIRS= share/doc/curl 25INSTALLATION_DIRS= share/doc/curl
26 26
27.include "../../mk/bsd.prefs.mk" 
28 
29TEST_TARGET= check 
30 
31.include "options.mk" 27.include "options.mk"
32 28
33post-install: 29post-install:
34.for f in MANUAL TheArtOfHttpScripting FAQ 30.for f in MANUAL TheArtOfHttpScripting FAQ
35 ${INSTALL_DATA} ${WRKSRC}/docs/${f} ${DESTDIR}${PREFIX}/share/doc/curl/ 31 ${INSTALL_DATA} ${WRKSRC}/docs/${f} ${DESTDIR}${PREFIX}/share/doc/curl/
36.endfor 32.endfor
37 33
38.include "../../mk/pthread.buildlink3.mk" 
39.include "../../devel/gettext-lib/buildlink3.mk" 34.include "../../devel/gettext-lib/buildlink3.mk"
40.include "../../devel/zlib/buildlink3.mk" 35.include "../../devel/zlib/buildlink3.mk"
41.include "../../security/openssl/buildlink3.mk" 36.include "../../security/openssl/buildlink3.mk"
 37.include "../../mk/pthread.buildlink3.mk"
42.include "../../mk/bsd.pkg.mk" 38.include "../../mk/bsd.pkg.mk"
cvs diff -r1.72 -r1.73 pkgsrc/www/curl/PLIST (expand / switch to unified diff)

--- pkgsrc/www/curl/PLIST 2018/12/12 11:09:55 1.72
+++ pkgsrc/www/curl/PLIST 2019/02/06 08:02:48 1.73
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1@comment $NetBSD: PLIST,v 1.72 2018/12/12 11:09:55 leot Exp $ 1@comment $NetBSD: PLIST,v 1.73 2019/02/06 08:02:48 adam Exp $
2bin/curl 2bin/curl
3bin/curl-config 3bin/curl-config
4include/curl/curl.h 4include/curl/curl.h
5include/curl/curlver.h 5include/curl/curlver.h
6include/curl/easy.h 6include/curl/easy.h
7include/curl/mprintf.h 7include/curl/mprintf.h
8include/curl/multi.h 8include/curl/multi.h
9include/curl/stdcheaders.h 9include/curl/stdcheaders.h
10include/curl/system.h 10include/curl/system.h
11include/curl/typecheck-gcc.h 11include/curl/typecheck-gcc.h
12include/curl/urlapi.h 12include/curl/urlapi.h
13lib/libcurl.la 13lib/libcurl.la
14lib/pkgconfig/libcurl.pc 14lib/pkgconfig/libcurl.pc
@@ -156,26 +156,27 @@ man/man3/CURLOPT_FTP_FILEMETHOD.3 @@ -156,26 +156,27 @@ man/man3/CURLOPT_FTP_FILEMETHOD.3
156man/man3/CURLOPT_FTP_RESPONSE_TIMEOUT.3 156man/man3/CURLOPT_FTP_RESPONSE_TIMEOUT.3
157man/man3/CURLOPT_FTP_SKIP_PASV_IP.3 157man/man3/CURLOPT_FTP_SKIP_PASV_IP.3
158man/man3/CURLOPT_FTP_SSL_CCC.3 158man/man3/CURLOPT_FTP_SSL_CCC.3
159man/man3/CURLOPT_FTP_USE_EPRT.3 159man/man3/CURLOPT_FTP_USE_EPRT.3
160man/man3/CURLOPT_FTP_USE_EPSV.3 160man/man3/CURLOPT_FTP_USE_EPSV.3
161man/man3/CURLOPT_FTP_USE_PRET.3 161man/man3/CURLOPT_FTP_USE_PRET.3
162man/man3/CURLOPT_GSSAPI_DELEGATION.3 162man/man3/CURLOPT_GSSAPI_DELEGATION.3
163man/man3/CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.3 163man/man3/CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.3
164man/man3/CURLOPT_HAPROXYPROTOCOL.3 164man/man3/CURLOPT_HAPROXYPROTOCOL.3
165man/man3/CURLOPT_HEADER.3 165man/man3/CURLOPT_HEADER.3
166man/man3/CURLOPT_HEADERDATA.3 166man/man3/CURLOPT_HEADERDATA.3
167man/man3/CURLOPT_HEADERFUNCTION.3 167man/man3/CURLOPT_HEADERFUNCTION.3
168man/man3/CURLOPT_HEADEROPT.3 168man/man3/CURLOPT_HEADEROPT.3
 169man/man3/CURLOPT_HTTP09_ALLOWED.3
169man/man3/CURLOPT_HTTP200ALIASES.3 170man/man3/CURLOPT_HTTP200ALIASES.3
170man/man3/CURLOPT_HTTPAUTH.3 171man/man3/CURLOPT_HTTPAUTH.3
171man/man3/CURLOPT_HTTPGET.3 172man/man3/CURLOPT_HTTPGET.3
172man/man3/CURLOPT_HTTPHEADER.3 173man/man3/CURLOPT_HTTPHEADER.3
173man/man3/CURLOPT_HTTPPOST.3 174man/man3/CURLOPT_HTTPPOST.3
174man/man3/CURLOPT_HTTPPROXYTUNNEL.3 175man/man3/CURLOPT_HTTPPROXYTUNNEL.3
175man/man3/CURLOPT_HTTP_CONTENT_DECODING.3 176man/man3/CURLOPT_HTTP_CONTENT_DECODING.3
176man/man3/CURLOPT_HTTP_TRANSFER_DECODING.3 177man/man3/CURLOPT_HTTP_TRANSFER_DECODING.3
177man/man3/CURLOPT_HTTP_VERSION.3 178man/man3/CURLOPT_HTTP_VERSION.3
178man/man3/CURLOPT_IGNORE_CONTENT_LENGTH.3 179man/man3/CURLOPT_IGNORE_CONTENT_LENGTH.3
179man/man3/CURLOPT_INFILESIZE.3 180man/man3/CURLOPT_INFILESIZE.3
180man/man3/CURLOPT_INFILESIZE_LARGE.3 181man/man3/CURLOPT_INFILESIZE_LARGE.3
181man/man3/CURLOPT_INTERFACE.3 182man/man3/CURLOPT_INTERFACE.3
@@ -326,26 +327,28 @@ man/man3/CURLOPT_TCP_KEEPINTVL.3 @@ -326,26 +327,28 @@ man/man3/CURLOPT_TCP_KEEPINTVL.3
326man/man3/CURLOPT_TCP_NODELAY.3 327man/man3/CURLOPT_TCP_NODELAY.3
327man/man3/CURLOPT_TELNETOPTIONS.3 328man/man3/CURLOPT_TELNETOPTIONS.3
328man/man3/CURLOPT_TFTP_BLKSIZE.3 329man/man3/CURLOPT_TFTP_BLKSIZE.3
329man/man3/CURLOPT_TFTP_NO_OPTIONS.3 330man/man3/CURLOPT_TFTP_NO_OPTIONS.3
330man/man3/CURLOPT_TIMECONDITION.3 331man/man3/CURLOPT_TIMECONDITION.3
331man/man3/CURLOPT_TIMEOUT.3 332man/man3/CURLOPT_TIMEOUT.3
332man/man3/CURLOPT_TIMEOUT_MS.3 333man/man3/CURLOPT_TIMEOUT_MS.3
333man/man3/CURLOPT_TIMEVALUE.3 334man/man3/CURLOPT_TIMEVALUE.3
334man/man3/CURLOPT_TIMEVALUE_LARGE.3 335man/man3/CURLOPT_TIMEVALUE_LARGE.3
335man/man3/CURLOPT_TLS13_CIPHERS.3 336man/man3/CURLOPT_TLS13_CIPHERS.3
336man/man3/CURLOPT_TLSAUTH_PASSWORD.3 337man/man3/CURLOPT_TLSAUTH_PASSWORD.3
337man/man3/CURLOPT_TLSAUTH_TYPE.3 338man/man3/CURLOPT_TLSAUTH_TYPE.3
338man/man3/CURLOPT_TLSAUTH_USERNAME.3 339man/man3/CURLOPT_TLSAUTH_USERNAME.3
 340man/man3/CURLOPT_TRAILERDATA.3
 341man/man3/CURLOPT_TRAILERFUNCTION.3
339man/man3/CURLOPT_TRANSFERTEXT.3 342man/man3/CURLOPT_TRANSFERTEXT.3
340man/man3/CURLOPT_TRANSFER_ENCODING.3 343man/man3/CURLOPT_TRANSFER_ENCODING.3
341man/man3/CURLOPT_UNIX_SOCKET_PATH.3 344man/man3/CURLOPT_UNIX_SOCKET_PATH.3
342man/man3/CURLOPT_UNRESTRICTED_AUTH.3 345man/man3/CURLOPT_UNRESTRICTED_AUTH.3
343man/man3/CURLOPT_UPKEEP_INTERVAL_MS.3 346man/man3/CURLOPT_UPKEEP_INTERVAL_MS.3
344man/man3/CURLOPT_UPLOAD.3 347man/man3/CURLOPT_UPLOAD.3
345man/man3/CURLOPT_UPLOAD_BUFFERSIZE.3 348man/man3/CURLOPT_UPLOAD_BUFFERSIZE.3
346man/man3/CURLOPT_URL.3 349man/man3/CURLOPT_URL.3
347man/man3/CURLOPT_USERAGENT.3 350man/man3/CURLOPT_USERAGENT.3
348man/man3/CURLOPT_USERNAME.3 351man/man3/CURLOPT_USERNAME.3
349man/man3/CURLOPT_USERPWD.3 352man/man3/CURLOPT_USERPWD.3
350man/man3/CURLOPT_USE_SSL.3 353man/man3/CURLOPT_USE_SSL.3
351man/man3/CURLOPT_VERBOSE.3 354man/man3/CURLOPT_VERBOSE.3
cvs diff -r1.149 -r1.150 pkgsrc/www/curl/distinfo (expand / switch to unified diff)

--- pkgsrc/www/curl/distinfo 2018/12/12 11:09:55 1.149
+++ pkgsrc/www/curl/distinfo 2019/02/06 08:02:48 1.150
@@ -1,9 +1,9 @@ @@ -1,9 +1,9 @@
1$NetBSD: distinfo,v 1.149 2018/12/12 11:09:55 leot Exp $ 1$NetBSD: distinfo,v 1.150 2019/02/06 08:02:48 adam Exp $
2 2
3SHA1 (curl-7.63.0.tar.bz2) = 78557209ce20e7283c4407a03c57036ba9242e40 3SHA1 (curl-7.64.0.tar.xz) = 7539acc0742c2fb1472bc2904f0bd58eeebc011a
4RMD160 (curl-7.63.0.tar.bz2) = b4494d189022ae210ed4119a2cf1cba6fb353dd4 4RMD160 (curl-7.64.0.tar.xz) = 40806b3ea50ddab9d2f063dad37e81fdf6b04a17
5SHA512 (curl-7.63.0.tar.bz2) = 2873ef57b15cf12e508626f4546f6e06450cb87b239be1d26d9b3a22f7533d76eebabb5fa00e7b8c5d7fc9854356997ce164afb069411d079b2b9f0bdb00db25 5SHA512 (curl-7.64.0.tar.xz) = 953f1f5336ce5dfd1b9f933624432d401552d91ee02d39ecde6f023c956f99ec6aae8d7746d7c34b6eb2d6452f114e67da4e64d9c8dd90b7644b7844e7b9b423
6Size (curl-7.63.0.tar.bz2) = 3001355 bytes 6Size (curl-7.64.0.tar.xz) = 2398904 bytes
7SHA1 (patch-configure) = 9b65a0b9564b7226942d1d1efef576b381a9755e 7SHA1 (patch-configure) = 9b65a0b9564b7226942d1d1efef576b381a9755e
8SHA1 (patch-curl-config.in) = 363359665985cc14f36ddf47fc3480f1200e3533 8SHA1 (patch-curl-config.in) = 363359665985cc14f36ddf47fc3480f1200e3533
9SHA1 (patch-lib_hostcheck.c) = 8e772d3f91cdafae17281cc19004269ece0cf308 9SHA1 (patch-lib_hostcheck.c) = 8e772d3f91cdafae17281cc19004269ece0cf308