pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2018Q3]: pkgsrc/www/curl Pullup ticket #5872 - requested by leot



details:   https://anonhg.NetBSD.org/pkgsrc/rev/60c8b793bad8
branches:  pkgsrc-2018Q3
changeset: 334129:60c8b793bad8
user:      spz <spz%pkgsrc.org@localhost>
date:      Fri Nov 02 06:32:59 2018 +0000

description:
Pullup ticket #5872 - requested by leot
www/curl: security update

Revisions pulled up:
- www/curl/Makefile                                             1.202
- www/curl/PLIST                                                1.71
- www/curl/distinfo                                             1.147

-------------------------------------------------------------------
   Module Name: pkgsrc
   Committed By:        leot
   Date:                Wed Oct 31 08:06:24 UTC 2018

   Modified Files:
        pkgsrc/www/curl: Makefile PLIST distinfo

   Log Message:
   curl: Update www/curl to 7.62.0

   Changes:
   7.62.0
   ------
   This release includes the following changes:

    o multiplex: enable by default
    o url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
    o setopt: add CURLOPT_DOH_URL
    o curl: --doh-url added
    o setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
    o imap: change from "FETCH" to "UID FETCH"
    o configure: add option to disable automatic OpenSSL config loading
    o upkeep: add a connection upkeep API: curl_easy_upkeep()
    o URL-API: added five new functions
    o vtls: MesaLink is a new TLS backend

   This release includes the following bugfixes:

    o CVE-2018-16839: SASL password overflow via integer overflow
    o CVE-2018-16840: use-after-free in handle close
    o CVE-2018-16842: warning message out-of-buffer read
    o CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated
    o Curl_dedotdotify(): always nul terminate returned string
    o Curl_follow: Always free the passed new URL
    o Curl_http2_done: fix memleak in error path
    o Curl_retry_request: fix memory leak
    o Curl_saferealloc: Fixed typo in docblock
    o FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
    o GnutTLS: TLS 1.3 support
    o SECURITY-PROCESS: mention the bountygraph program
    o VS projects: add USE_IPV6:
    o Windows: fixes for MinGW targeting Windows Vista
    o anyauthput: fix compiler warning on 64-bit Windows
    o appveyor: add WinSSL builds
    o appveyor: run test suite (on Windows!)
    o certs: generate tests certs with sha256 digest algorithm
    o checksrc: enable strict mode and warnings
    o checksrc: handle zero scoped ignore commands
    o cmake: Backport to work with CMake 3.0 again
    o cmake: Improve config installation
    o cmake: add support for transitive ZLIB target
    o cmake: disable -Wpedantic-ms-format
    o cmake: don't require OpenSSL if USE_OPENSSL=OFF
    o cmake: fixed path used in generation of docs/tests
    o cmake: remove unused *SOCKLEN_T variables
    o cmake: suppress MSVC warning C4127 for libtest
    o cmake: test and set missed defines during configuration
    o comment: Fix multiple typos in function parameters
    o config: Remove unused SIZEOF_VOIDP
    o config_win32: enable LDAPS
    o configure: force-use -lpthreads on HPUX
    o configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T
    o configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE
    o cookies: Remove redundant expired check
    o cookies: fix leak when writing cookies to file
    o curl-config.in: remove dependency on bc
    o curl.1: --ipv6 mutexes ipv4 (fixed typo)
    o curl: enabled Windows VT Support and UTF-8 output
    o curl: update the documentation of --tlsv1.0
    o curl_multi_wait: call getsock before figuring out timeout
    o curl_ntlm_wb: check aprintf() return codes
    o curl_threads: fix classic MinGW compile break
    o darwinssl: Fix realloc memleak
    o darwinssl: more specific and unified error codes
    o data-binary.d: clarify default content-type is x-www-form-urlencoded
    o docs/BUG-BOUNTY: explain the bounty program
    o docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers
    o docs/CIPHERS: fix the TLS 1.3 cipher names
    o docs/CIPHERS: mention the colon separation for OpenSSL
    o docs/examples: URL updates
    o docs: add "see also" links for SSL options
    o example/asiohiper: insert warning comment about its status
    o example/htmltidy: fix include paths of tidy libraries
    o examples/Makefile.m32: sync with core
    o examples/http2-pushinmemory: receive HTTP/2 pushed files in memory
    o examples/parseurl.c: show off the URL API
    o examples: Fix memory leaks from realloc errors
    o examples: do not wait when no transfers are running
    o ftp: include command in Curl_ftpsend sendbuffer
    o gskit: make sure to terminate version string
    o gtls: Values stored to but never read
    o hostip: fix check on Curl_shuffle_addr return value
    o http2: fix memory leaks on error-path
    o http: fix memleak in rewind error path
    o krb5: fix memory leak in krb_auth
    o ldap: show precise LDAP call in error message on Windows
    o lib: fix gcc8 warning on Windows
    o memory: add missing curl_printf header
    o memory: ensure to check allocation results
    o multi: Fix error handling in the SENDPROTOCONNECT state
    o multi: fix memory leak in content encoding related error path
    o multi: make the closure handle "inherit" CURLOPT_NOSIGNAL
    o netrc: free temporary strings if memory allocation fails
    o nss: fix nssckbi module loading on Windows
    o nss: try to connect even if libnssckbi.so fails to load
    o ntlm_wb: Fix memory leaks in ntlm_wb_response
    o ntlm_wb: bail out if the response gets overly large
    o openssl: assume engine support in 0.9.8 or later
    o openssl: enable TLS 1.3 post-handshake auth
    o openssl: fix gcc8 warning
    o openssl: load built-in engines too
    o openssl: make 'done' a proper boolean
    o openssl: output the correct cipher list on TLS 1.3 error
    o openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
    o openssl: show "proper" version number for libressl builds
    o pipelining: deprecated
    o rand: add comment to skip a clang-tidy false positive
    o rtmp: fix for compiling with lwIP
    o runtests: ignore disabled even when ranges are given
    o runtests: skip ld_preload tests on macOS
    o runtests: use Windows paths for Windows curl
    o schannel: unified error code handling
    o sendf: Fix whitespace in infof/failf concatenation
    o ssh: free the session on init failures
    o ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code
    o system.h: use proper setting with Sun C++ as well
    o test1299: use single quotes around asterisk
    o test1452: mark as flaky
    o test1651: unit test Curl_extract_certinfo()
    o test320: strip out more HTML when comparing
    o tests/negtelnetserver.py: fix Python2-ism in neg TELNET server
    o tests: add unit tests for url.c
    o timeval: fix use of weak symbol clock_gettime() on Apple platforms
    o tool_cb_hdr: handle failure of rename()
    o travis: add a "make tidy" build that runs clang-tidy
    o travis: add build for "configure --disable-verbose"
    o travis: bump the Secure Transport build to use xcode
    o travis: make distcheck scan for BOM markers
    o unit1300: fix stack-use-after-scope AddressSanitizer warning
    o urldata: Fix "connecting" comment
    o urlglob: improve error message on bad globs
    o vtls: fix ssl version "or later" behavior change for many backends
    o x509asn1: Fix SAN IP address verification
    o x509asn1: always check return code from getASN1Element()
    o x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
    o x509asn1: suppress left shift on signed value


   To generate a diff of this commit:
   cvs rdiff -u -r1.201 -r1.202 pkgsrc/www/curl/Makefile
   cvs rdiff -u -r1.70 -r1.71 pkgsrc/www/curl/PLIST
   cvs rdiff -u -r1.146 -r1.147 pkgsrc/www/curl/distinfo

diffstat:

 www/curl/Makefile |   4 ++--
 www/curl/PLIST    |  13 ++++++++++++-
 www/curl/distinfo |  10 +++++-----
 3 files changed, 19 insertions(+), 8 deletions(-)

diffs (93 lines):

diff -r bd2cc7e29f42 -r 60c8b793bad8 www/curl/Makefile
--- a/www/curl/Makefile Mon Oct 29 20:24:08 2018 +0000
+++ b/www/curl/Makefile Fri Nov 02 06:32:59 2018 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.201 2018/09/05 06:49:26 wiz Exp $
+# $NetBSD: Makefile,v 1.201.2.1 2018/11/02 06:32:59 spz Exp $
 
-DISTNAME=      curl-7.61.1
+DISTNAME=      curl-7.62.0
 CATEGORIES=    www
 MASTER_SITES=  https://curl.haxx.se/download/
 EXTRACT_SUFX=  .tar.bz2
diff -r bd2cc7e29f42 -r 60c8b793bad8 www/curl/PLIST
--- a/www/curl/PLIST    Mon Oct 29 20:24:08 2018 +0000
+++ b/www/curl/PLIST    Fri Nov 02 06:32:59 2018 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.70 2018/07/11 18:13:26 adam Exp $
+@comment $NetBSD: PLIST,v 1.70.2.1 2018/11/02 06:32:59 spz Exp $
 bin/curl
 bin/curl-config
 include/curl/curl.h
@@ -9,6 +9,7 @@
 include/curl/stdcheaders.h
 include/curl/system.h
 include/curl/typecheck-gcc.h
+include/curl/urlapi.h
 lib/libcurl.la
 lib/pkgconfig/libcurl.pc
 man/man1/curl-config.1
@@ -134,6 +135,7 @@
 man/man3/CURLOPT_DNS_SERVERS.3
 man/man3/CURLOPT_DNS_SHUFFLE_ADDRESSES.3
 man/man3/CURLOPT_DNS_USE_GLOBAL_CACHE.3
+man/man3/CURLOPT_DOH_URL.3
 man/man3/CURLOPT_EGDSOCKET.3
 man/man3/CURLOPT_ERRORBUFFER.3
 man/man3/CURLOPT_EXPECT_100_TIMEOUT_MS.3
@@ -337,7 +339,9 @@
 man/man3/CURLOPT_TRANSFER_ENCODING.3
 man/man3/CURLOPT_UNIX_SOCKET_PATH.3
 man/man3/CURLOPT_UNRESTRICTED_AUTH.3
+man/man3/CURLOPT_UPKEEP_INTERVAL_MS.3
 man/man3/CURLOPT_UPLOAD.3
+man/man3/CURLOPT_UPLOAD_BUFFERSIZE.3
 man/man3/CURLOPT_URL.3
 man/man3/CURLOPT_USERAGENT.3
 man/man3/CURLOPT_USERNAME.3
@@ -363,6 +367,7 @@
 man/man3/curl_easy_setopt.3
 man/man3/curl_easy_strerror.3
 man/man3/curl_easy_unescape.3
+man/man3/curl_easy_upkeep.3
 man/man3/curl_escape.3
 man/man3/curl_formadd.3
 man/man3/curl_formfree.3
@@ -411,6 +416,11 @@
 man/man3/curl_strequal.3
 man/man3/curl_strnequal.3
 man/man3/curl_unescape.3
+man/man3/curl_url.3
+man/man3/curl_url_cleanup.3
+man/man3/curl_url_dup.3
+man/man3/curl_url_get.3
+man/man3/curl_url_set.3
 man/man3/curl_version.3
 man/man3/curl_version_info.3
 man/man3/libcurl-easy.3
@@ -422,6 +432,7 @@
 man/man3/libcurl-symbols.3
 man/man3/libcurl-thread.3
 man/man3/libcurl-tutorial.3
+man/man3/libcurl-url.3
 man/man3/libcurl.3
 share/aclocal/libcurl.m4
 share/doc/curl/FAQ
diff -r bd2cc7e29f42 -r 60c8b793bad8 www/curl/distinfo
--- a/www/curl/distinfo Mon Oct 29 20:24:08 2018 +0000
+++ b/www/curl/distinfo Fri Nov 02 06:32:59 2018 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.146 2018/09/05 06:49:26 wiz Exp $
+$NetBSD: distinfo,v 1.146.2.1 2018/11/02 06:32:59 spz Exp $
 
-SHA1 (curl-7.61.1.tar.bz2) = f0bd08a3c668dabdd4a87a3be15e061638a1599e
-RMD160 (curl-7.61.1.tar.bz2) = a3f5a9af970c74a0dbd72681ecb0420f3c9d8b49
-SHA512 (curl-7.61.1.tar.bz2) = 484d33c0d32109539a95309cdb4404c03c0e7164fdbf7a4724a5b01aa20e2d48fbe6363c7cc53060d4d28050cfa6b43f9ed220ab65d4d389eb00efff5db1bfb5
-Size (curl-7.61.1.tar.bz2) = 2965173 bytes
+SHA1 (curl-7.62.0.tar.bz2) = 062a9f50723970cdbf9864781efedeef71e9d68e
+RMD160 (curl-7.62.0.tar.bz2) = 8a9cd8b4d0c3e156226f8829912cec77600c077e
+SHA512 (curl-7.62.0.tar.bz2) = 83ca5c2757745f763316eefdd4c3f0e8a211a7f0db6a708b67ae2133ad41fdf17dd2230f9283a4778c9c866126d407454a090291cd2bf274371d0a214c1c13f5
+Size (curl-7.62.0.tar.bz2) = 3014762 bytes
 SHA1 (patch-configure) = ba8abac55f11a53d07235e57d21ce5b32a421902
 SHA1 (patch-curl-config.in) = 363359665985cc14f36ddf47fc3480f1200e3533
 SHA1 (patch-lib_hostcheck.c) = 8e772d3f91cdafae17281cc19004269ece0cf308



Home | Main Index | Thread Index | Old Index