pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2013Q4] pkgsrc/www/curl

Module Name:    pkgsrc
Committed By:   tron
Date:           Tue Mar 11 12:47:11 UTC 2014

Modified Files:
        pkgsrc/www/curl [pkgsrc-2013Q4]: Makefile PLIST distinfo
        pkgsrc/www/curl/patches [pkgsrc-2013Q4]: patch-aa

Log Message:
Pullup ticket #4338 - requested by taca
www/curl: security update

Revisions pulled up:
- www/curl/Makefile                                             1.133-1.134
- www/curl/PLIST                                                1.43
- www/curl/distinfo                                             1.91-1.92
- www/curl/patches/patch-aa                                     1.25

   Module Name: pkgsrc
   Committed By:        adam
   Date:                Tue Dec 31 11:48:03 UTC 2013

   Modified Files:
        pkgsrc/www/curl: Makefile PLIST distinfo

   Log Message:
   Changes 7.34.0:
   SSL: protocol version can be specified more precisely
   imap/pop3/smtp: Added graceful cancellation of SASL authentication
   Add "Happy Eyeballs" for IPv4/IPv6 dual connect attempts
   base64: Added validation of base64 input strings when decoding
   curl_easy_setopt: Added the ability to set the login options separately
   smtp: Added support for additional SMTP commands
   curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internals
   nss: allow to use TLS > 1.0 if built against recent NSS
   SECURITY: added this document to describe our security processes
   parseconfig: warn if unquoted white spaces are detected

   SECURITY VULNERABILITY: libcurl cert name check ignore with GnuTLS
   darwinssl: un-break iOS build after PKCS/12 feature added
   tool: use XFERFUNCTION to save some casts
   usercertinmem: fix memory leaks
   ssh: Handle successful SSH_USERAUTH_NONE
   NSS: acknowledge the --no-sessionid/CURLOPT_SSL_SESSIONID_CACHE option
   test906: Fixed failing test on some platforms
   sasl: initialize NSS before using NTLM crypto
   sasl: Fixed memory leak in OAUTH2 message creation
   imap/pop3/smtp: Fixed QUIT / LOGOUT being sent when SSL connect fails
   cmake: unbreak for non-Windows platforms
   ssh: initialize per-handle data in ssh_connect()
   glob: fix broken URLs
   configure: check for long long when building with cyassl
   CURLOPT_RESOLVE: mention they don't time-out
   docs/examples/httpput.c: fix build for MSVC
   FTP: make the data connection work when going through proxy
   NSS: support for CERTINFO feature
   curl_multi_wait: accept 0 from multi_timeout() as valid timeout
   glob_range: pass the closing bracket for a-z ranges
   tool_help: Updated --list-only description to include POP3
   Curl_ssl_push_certinfo_len: don't %.*s non-zero-terminated string
   cmake: fix Windows build with IPv6 support
   ares: Fixed compilation under Visual Studio 2012
   curl_easy_setopt.3: clarify CURLOPT_SSL_VERIFYHOST documentation
   curl.1: mention that -O does no URL decoding
   darwinssl: PKCS/12 import feature now requires Lion or later
   darwinssl: check for SSLSetSessionOption() presence when toggling BEAST
   configure: Fix test with -Werror=implicit-function-declaration
   sigpipe: factor out sigpipe_reset from easy.c
   curl_multi_cleanup: ignore SIGPIPE
   globbing: curl glob counter mismatch with {} list use
   parseconfig: dash options can't specified with colon or equals
   digest: fix CURLAUTH_DIGEST_IE
   curl.h: for OpenBSD
   darwinssl: Fix #if 10.6.0 for SecKeychainSearch
   TFTP: fix return codes for connect timeout
   login options: remove the ;[options] support from CURLOPT_USERPWD
   imap: Fixed incorrect fallback to clear text authentication
   parsedate: avoid integer overflow
   curl.1: document -J doesn't %-decode
   multi: add timer inaccuracy margin to timeout/connecttimeout

   Module Name: pkgsrc
   Committed By:        adam
   Date:                Sat Feb  1 11:07:14 UTC 2014

   Modified Files:
        pkgsrc/www/curl: Makefile distinfo
        pkgsrc/www/curl/patches: patch-aa

   Log Message:
   Changes 7.35.0:
   imap/pop3/smtp: Added support for SASL authentication downgrades
   imap/pop3/smtp: Extended the login options to support multiple auth 
   TheArtOfHttpScripting: major update, converted layout and more
   mprintf: Added support for I, I32 and I64 size specifiers
   makefile: Added support for VC7, VC11 and VC12

   SECURITY ADVISORY: re-use of wrong HTTP NTLM connection
   curl_easy_setopt: Fixed OAuth 2.0 Bearer option name
   pop3: Fixed APOP being determined by CAPA response rather than by timestamp
   Curl_pp_readresp: zero terminate line
   docs: mention CURLOPT_MAX_RECV/SEND_SPEED_LARGE don't work for FILE://
   pop3: Fixed auth preference not being honored when CAPA not supported
   imap: Fixed auth preference not being honored when CAPABILITY not supported
   threaded resolver: Use pthread_t * for curl_thread_t
   FILE: we don't support paused transfers using this protocol
   connect: Try all addresses in first connection attempt
   curl_easy_setopt.3: Added SMTP information to CURLOPT_INFILESIZE_LARGE
   OpenSSL: Fix forcing SSLv3 connections
   openssl: allow explicit sslv2 selection
   FTP parselist: fix "total" parser
   conncache: fix possible dereference of null pointer
   multi.c: fix possible dereference of null pointer
   mk-ca-bundle: introduces -d and warns about using this script
   ConnectionExists: fix NTLM check for new connection
   trynextip: fix build for non-IPV6 capable systems
   Curl_updateconninfo: don't do anything for UDP "connections"
   darwinssl: un-break Leopard build after PKCS-12 change
   threaded-resolver: never use NULL hints with getaddrinf
   multi_socket: remind app if timeout didn't run
   OpenSSL: deselect weak ciphers by default
   error message: Sensible message on timeout when transfer size unknown
   curl_easy_setopt.3: mention how to unset CURLOPT_INFILESIZE*
   win32: Fixed use of deprecated function 'GetVersionInfoEx' for VC12
   configure: fix gssapi linking on HP-UX
   chunked-parser: abort on overflows, allow 64 bit chunks
   chunked parsing: relax the CR strictness
   cookie: max-age fixes
   progress bar: always update when at 100%
   progress bar: increase update frequency to 10Hz
   tool: Fixed incorrect return code if command line parser runs out of memory
   tool: Fixed incorrect return code if password prompting runs out of memory
   HTTP POST: omit Content-Length if data size is unknown
   GnuTLS: disable insecure ciphers
   GnuTLS: honor --slv2 and the --tlsv1[.N] switches
   multi: Fixed a memory leak on OOM condition
   netrc: Fixed a memory and file descriptor leak on OOM
   getpass: fix password parsing from console
   TFTP: fix crash on time-out
   hostip: don't remove DNS entries that are in use
   tests: lots of tests fixed to pass the OOM torture tests

To generate a diff of this commit:
cvs rdiff -u -r1.132 -r1.132.2.1 pkgsrc/www/curl/Makefile
cvs rdiff -u -r1.42 -r1.42.2.1 pkgsrc/www/curl/PLIST
cvs rdiff -u -r1.90 -r1.90.2.1 pkgsrc/www/curl/distinfo
cvs rdiff -u -r1.24 -r1.24.2.1 pkgsrc/www/curl/patches/patch-aa

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Home | Main Index | Thread Index | Old Index