[pkgsrc/trunk]: pkgsrc/www/curl curl: update to 7.61.1.

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/www/curl curl: update to 7.61.1.
From: wiz <wiz%pkgsrc.org@localhost>
Date: Wed, 05 Sep 2018 07:45:02 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/c6a5a154e199
branches:  trunk
changeset: 312499:c6a5a154e199
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Wed Sep 05 06:49:26 2018 +0000

description:
curl: update to 7.61.1.

This release includes the following bugfixes:

 o security advisory (CVE-2018-14618): NTLM password overflow via integer overflow [73]
 o CURLINFO_SIZE_UPLOAD: fix missing counter update [46]
 o CURLOPT_ACCEPT_ENCODING.3: list them comma-separated
 o CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse [72]
 o Curl_getoff_all_pipelines: improved for multiplexed [3]
 o DEPRECATE: remove release date from 7.62.0
 o HTTP: Don't attempt to needlessly decompress redirect body [30]
 o INTERNALS: require GnuTLS >= 2.11.3 [62]
 o README.md: add LGTM.com code quality grade for C/C++ [42]
 o SSLCERTS: improve the openssl command line
 o Silence GCC 8 cast-function-type warnings [47]
 o ares: check for NULL in completed-callback [3]
 o asyn-thread: Remove unused macro [40]
 o auth: only pick CURLAUTH_BEARER if we *have* a Bearer token [15]
 o auth: pick Bearer authentication whenever a token is available [15]
 o cmake: CMake config files are defining CURL_STATICLIB for static builds [54]
 o cmake: Respect BUILD_SHARED_LIBS [35]
 o cmake: Update scripts to use consistent style [9]
 o cmake: bumped minimum version to 3.4 [34]
 o cmake: link curl to the OpenSSL targets instead of lib absolute paths [34]
 o configure: conditionally enable pedantic-errors [64]
 o configure: fix for -lpthread detection with OpenSSL and pkg-config [38]
 o conn: remove the boolean 'inuse' field [3]
 o content_encoding: accept up to 4 unknown trailer bytes after raw deflate data [5]
 o cookie tests: treat files as text
 o cookies: support creation-time attribute for cookies [75]
 o curl: Fix segfault when -H @headerfile is empty [23]
 o curl: add http code 408 to transient list for --retry [78]
 o curl: fix time-of-check, time-of-use race in dir creation [71]
 o curl: use Content-Disposition before the "URL end" for -OJ [29]
 o curl: warn the user if a given file name looks like an option [56]
 o curl_threads: silence bad-function-cast warning [69]
 o darwinssl: add support for ALPN negotiation [7]
 o docs/CURLOPT_URL: fix indentation [20]
 o docs/CURLOPT_WRITEFUNCTION: size is always 1 [19]
 o docs/SECURITY-PROCESS: mention bounty, drop pre-notify
 o docs/examples: add hiperfifo example using linux epoll/timerfd [21]
 o docs: add disallow-username-in-url.d and haproxy-protocol.d to dist [50]
 o docs: clarify NO_PROXY env variable functionality [70]
 o docs: improved the manual pages of some callbacks [48]
 o docs: mention NULL is fine input to several functions [43]
 o formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT [40]
 o gopher: Do not translate `?' to `%09' [67]
 o header output: switch off all styles, not just unbold [8]
 o hostip: fix unused variable warning
 o http2: Use correct format identifier for stream_id [77]
 o http2: abort the send_callback if not setup yet [63]
 o http2: avoid set_stream_user_data() before stream is assigned [61]
 o http2: check nghttp2_session_set_stream_user_data return code [55]
 o http2: clear the drain counter in Curl_http2_done [27]
 o http2: make sure to send after RST_STREAM [58]
 o http2: separate easy handle from connections better [12]
 o http: fix for tiny "HTTP/0.9" response [51]
 o http_proxy: Remove unused macro SELECT_TIMEOUT [40]
 o lib/Makefile: only do symbol hiding if told to [32]
 o lib1502: fix memory leak in torture test [44]
 o lib1522: fix curl_easy_setopt argument type
 o libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation [66]
 o mime: check Curl_rand_hex's return code [22]
 o multi: always do the COMPLETED procedure/state [3]
 o openssl: assume engine support in 1.0.0 or later [2]
 o openssl: fix debug messages [39]
 o projects: Improve Windows perl detection in batch scripts [49]
 o retry: return error if rewind was necessary but didn't happen [28]
 o reuse_conn(): memory leak - free old_conn->options [17]
 o schannel: client certificate store opening fix [68]
 o schannel: enable CALG_TLS1PRF for w32api >= 5.1
 o schannel: fix MinGW compile break [1]
 o sftp: don't send post-qoute sequence when retrying a connection [79]
 o smb: fix memory leak on early failure [26]
 o smb: fix memory-leak in URL parse error path [4]
 o smb_getsock: always wait for write socket too [11]
 o ssh-libssh: fix infinite connect loop on invalid private key [53]
 o ssh-libssh: reduce excessive verbose output about pubkey auth [53]
 o ssh-libssh: use FALLTHROUGH to silence gcc8 [76]
 o ssl: set engine implicitly when a PKCS#11 URI is provided [36]
 o sws: handle EINTR when calling select() [24]
 o system_win32: fix version checking [16]
 o telnet: Remove unused macros TELOPTS and TELCMDS [40]
 o test1143: disable MSYS2's POSIX path conversion [10]
 o test1148: disable if decimal separator is not point [65]
 o test1307: (fnmatch testing) disabled [31]
 o test1422: add required file feature [6]
 o test1531: Add timeout [41]
 o test1540: Remove unused macro TEST_HANG_TIMEOUT [40]
 o test214: disable MSYS2's POSIX path conversion for URL
 o test320: treat curl320.out file as binary [14]
 o tests/http_pipe.py: Use /usr/bin/env to find python
 o tests: Don't use Windows path %PWD for SSH tests [74]
 o tests: fixes for Windows line endlings [13]
 o tool_operate: Fix setting proxy TLS 1.3 ciphers
 o travis: build darwinssl on macos 10.12 to fix linker errors [33]
 o travis: execute "set -eo pipefail" for coverage build [45]
 o travis: run a 'make checksrc' too [25]
 o travis: update to GCC-8 [52]
 o travis: verify that man pages can be regenerated [50]
 o upload: allocate upload buffer on-demand [60]
 o upload: change default UPLOAD_BUFSIZE to 64KB [60]
 o urldata: remove unused pipe_broke struct field [57]
 o vtls: reinstantiate engine on duplicated handles [59]
 o windows: implement send buffer tuning [37]
 o wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random [18]

diffstat:

 www/curl/Makefile                          |   5 ++---
 www/curl/distinfo                          |  11 +++++------
 www/curl/patches/patch-src_tool__cb__hdr.c |  29 -----------------------------
 3 files changed, 7 insertions(+), 38 deletions(-)

diffs (65 lines):

diff -r 915901dc2db6 -r c6a5a154e199 www/curl/Makefile
--- a/www/curl/Makefile Wed Sep 05 05:54:51 2018 +0000
+++ b/www/curl/Makefile Wed Sep 05 06:49:26 2018 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.200 2018/08/22 09:47:24 wiz Exp $
+# $NetBSD: Makefile,v 1.201 2018/09/05 06:49:26 wiz Exp $
 
-DISTNAME=      curl-7.61.0
-PKGREVISION=   3
+DISTNAME=      curl-7.61.1
 CATEGORIES=    www
 MASTER_SITES=  https://curl.haxx.se/download/
 EXTRACT_SUFX=  .tar.bz2
diff -r 915901dc2db6 -r c6a5a154e199 www/curl/distinfo
--- a/www/curl/distinfo Wed Sep 05 05:54:51 2018 +0000
+++ b/www/curl/distinfo Wed Sep 05 06:49:26 2018 +0000
@@ -1,10 +1,9 @@
-$NetBSD: distinfo,v 1.145 2018/07/31 09:34:49 wiz Exp $
+$NetBSD: distinfo,v 1.146 2018/09/05 06:49:26 wiz Exp $
 
-SHA1 (curl-7.61.0.tar.bz2) = ddebde47541b514f6ba6ea03a488f053ae95af1a
-RMD160 (curl-7.61.0.tar.bz2) = 6101f3a189c5a7cc7b0bdd56fc6e80dc37ccdaa8
-SHA512 (curl-7.61.0.tar.bz2) = 4907234c75a9e52a5b81cf895bcc811d7a69f1db84a9ae1adc3af360e8cc4371f58c00925ce6bc5170f2a8072848da47a52c41f4bfedcf14274ec75802afcddd
-Size (curl-7.61.0.tar.bz2) = 2949354 bytes
+SHA1 (curl-7.61.1.tar.bz2) = f0bd08a3c668dabdd4a87a3be15e061638a1599e
+RMD160 (curl-7.61.1.tar.bz2) = a3f5a9af970c74a0dbd72681ecb0420f3c9d8b49
+SHA512 (curl-7.61.1.tar.bz2) = 484d33c0d32109539a95309cdb4404c03c0e7164fdbf7a4724a5b01aa20e2d48fbe6363c7cc53060d4d28050cfa6b43f9ed220ab65d4d389eb00efff5db1bfb5
+Size (curl-7.61.1.tar.bz2) = 2965173 bytes
 SHA1 (patch-configure) = ba8abac55f11a53d07235e57d21ce5b32a421902
 SHA1 (patch-curl-config.in) = 363359665985cc14f36ddf47fc3480f1200e3533
 SHA1 (patch-lib_hostcheck.c) = 8e772d3f91cdafae17281cc19004269ece0cf308
-SHA1 (patch-src_tool__cb__hdr.c) = ac3b75a7d8702e25f4eb0596f615a8d60d4066f7
diff -r 915901dc2db6 -r c6a5a154e199 www/curl/patches/patch-src_tool__cb__hdr.c
--- a/www/curl/patches/patch-src_tool__cb__hdr.c        Wed Sep 05 05:54:51 2018 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,29 +0,0 @@
-$NetBSD: patch-src_tool__cb__hdr.c,v 1.1 2018/07/31 09:34:49 wiz Exp $
-
-curl: use Content-Disposition before the "URL end" for -OJ
-
-Regression introduced in 7.61.0
-
-https://github.com/curl/curl/commit/e78f2cfe56c39a6c32191c207aae683de0e9a042
-
---- src/tool_cb_hdr.c.orig     2018-07-09 06:42:12.000000000 +0000
-+++ src/tool_cb_hdr.c
-@@ -103,9 +103,6 @@ size_t tool_header_cb(char *ptr, size_t 
-      (protocol & (CURLPROTO_HTTPS|CURLPROTO_HTTP))) {
-     const char *p = str + 20;
- 
--    if(!outs->stream && !tool_create_output_file(outs, FALSE))
--      return failure;
--
-     /* look for the 'filename=' parameter
-        (encoded filenames (*=) are not supported) */
-     for(;;) {
-@@ -153,6 +150,8 @@ size_t tool_header_cb(char *ptr, size_t 
-       }
-       break;
-     }
-+    if(!outs->stream && !tool_create_output_file(outs, FALSE))
-+      return failure;
-   }
- 
-   if(hdrcbdata->config->show_headers &&
Prev by Date: [pkgsrc/trunk]: pkgsrc/doc doc: Updated www/curl to 7.61.1
Next by Date: [pkgsrc/trunk]: pkgsrc/devel/py-setuptools_scm_git_archive py-setuptools_scm_...
Previous by Thread: [pkgsrc/trunk]: pkgsrc/doc doc: Updated www/curl to 7.61.1
Next by Thread: [pkgsrc/trunk]: pkgsrc/devel/py-setuptools_scm_git_archive py-setuptools_scm_...
Indexes:
Home | Main Index | Thread Index | Old Index