pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2018Q4]: pkgsrc/www/curl Pullup ticket #5910 - requested by ml...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/ecafe85d2990
branches:  pkgsrc-2018Q4
changeset: 408315:ecafe85d2990
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Sat Feb 16 15:59:04 2019 +0000

description:
Pullup ticket #5910 - requested by mlelstv
www/curl: security fix

Revisions pulled up:
- www/curl/Makefile                                             1.207
- www/curl/PLIST                                                1.73
- www/curl/distinfo                                             1.150

---
   Module Name:    pkgsrc
   Committed By:   adam
   Date:           Wed Feb  6 08:02:48 UTC 2019

   Modified Files:
           pkgsrc/www/curl: Makefile PLIST distinfo

   Log Message:
   curl: updated to 7.64.0

   curl and libcurl 7.64.0

   This release includes the following changes:
   * cookies: leave secure cookies alone
   * hostip: support wildcard hosts
   * http: Implement trailing headers for chunked transfers
   * http: added options for allowing HTTP/0.9 responses
   * timeval: Use high resolution timestamps on Windows

   This release includes the following bugfixes:
   * CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
   * CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
   * CVE-2019-3823: SMTP end-of-response out-of-bounds read
   * FAQ: remove mention of sourceforge for github
   * OS400: handle memory error in list conversion
   * OS400: upgrade ILE/RPG binding.
   * README: add codacy code quality badge
   * Revert http_negotiate: do not close connection
   * THANKS: added several missing names from year <= 2000
   * build: make 'tidy' target work for metalink builds
   * cmake: added checks for variadic macros
   * cmake: updated check for HAVE_POLL_FINE to match autotools
   * cmake: use lowercase for function name like the rest of the code
   * configure: detect xlclang separately from clang
   * configure: fix recv/send/select detection on Android
   * configure: rewrite --enable-code-coverage
   * conncache_unlock: avoid indirection by changing input argument type
   * cookie: fix comment typo
   * cookies: allow secure override when done over HTTPS
   * cookies: extend domain checks to non psl builds
   * cookies: skip custom cookies when redirecting cross-site
   * curl --xattr: strip credentials from any URL that is stored
   * curl -J: refuse to append to the destination file
   * curl/urlapi.h: include "curl.h" first
   * curl_multi_remove_handle() don't block terminating c-ares requests
   * darwinssl: accept setting max-tls with default min-tls
   * disconnect: separate connections and easy handles better
   * disconnect: set conn->data for protocol disconnect
   * docs/version.d: mention MultiSSL
   * docs: fix the --tls-max description
   * docs: use $(INSTALL_DATA) to install man page
   * docs: use meaningless port number in CURLOPT_LOCALPORT example
   * gopher: always include the entire gopher-path in request
   * http2: clear pause stream id if it gets closed
   * if2ip: remove unused function Curl_if_is_interface_name
   * libssh: do not let libssh create socket
   * libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
   * libssh: free sftp_canonicalize_path() data correctly
   * libtest/stub_gssapi: use "real" snprintf
   * mbedtls: use VERIFYHOST
   * multi: multiplexing improvements
   * multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
   * ntlm: fix NTMLv2 compliance
   * ntlm_sspi: add support for channel binding
   * openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
   * openssl: fix the SSL_get_tlsext_status_ocsp_resp call
   * openvms: fix OpenSSL discovery on VAX
   * openvms: fix typos in documentation
   * os400: add a missing closing bracket
   * os400: fix extra parameter syntax error
   * pingpong: change default response timeout to 120 seconds
   * pingpong: ignore regular timeout in disconnect phase
   * printf: fix format specifiers
   * runtests.pl: Fix perl call to include srcdir
   * schannel: fix compiler warning
   * schannel: preserve original certificate path parameter
   * schannel: stop calling it "winssl"
   * sigpipe: if mbedTLS is used, ignore SIGPIPE
   * smb: fix incorrect path in request if connection reused
   * ssh: log the libssh2 error message when ssh session startup fails
   * test1558: verify CURLINFO_PROTOCOL on file:// transfer
   * test1561: improve test name
   * test1653: make it survive torture tests
   * tests: allow tests to pass by 2037-02-12
   * tests: move objnames-* from lib into tests
   * timediff: fix math for unsigned time_t
   * timeval: Disable MSVC Analyzer GetTickCount warning
   * tool_cb_prg: avoid integer overflow
   * travis: added cmake build for osx
   * urlapi: Fix port parsing of eol colon
   * urlapi: distinguish possibly empty query
   * urlapi: fix parsing ipv6 with zone index
   * urldata: rename easy_conn to just conn
   * winbuild: conditionally use /DZLIB_WINAPI
   * wolfssl: fix memory-leak in threaded use
   * spnego_sspi: add support for channel binding

diffstat:

 www/curl/Makefile |  14 +++++---------
 www/curl/PLIST    |   5 ++++-
 www/curl/distinfo |  10 +++++-----
 3 files changed, 14 insertions(+), 15 deletions(-)

diffs (86 lines):

diff -r 67ed833fec46 -r ecafe85d2990 www/curl/Makefile
--- a/www/curl/Makefile Sat Feb 16 11:43:16 2019 +0000
+++ b/www/curl/Makefile Sat Feb 16 15:59:04 2019 +0000
@@ -1,10 +1,9 @@
-# $NetBSD: Makefile,v 1.205 2018/12/13 19:51:38 adam Exp $
+# $NetBSD: Makefile,v 1.205.2.1 2019/02/16 15:59:04 bsiegert Exp $
 
-DISTNAME=      curl-7.63.0
-PKGREVISION=   1
+DISTNAME=      curl-7.64.0
 CATEGORIES=    www
 MASTER_SITES=  https://curl.haxx.se/download/
-EXTRACT_SUFX=  .tar.bz2
+EXTRACT_SUFX=  .tar.xz
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
 HOMEPAGE=      https://curl.haxx.se/
@@ -22,13 +21,10 @@
 CONFIGURE_ARGS+=       --with-ca-path=${SSLCERTS}
 CONFIGURE_ARGS+=       --with-zlib=${BUILDLINK_PREFIX.zlib}
 PKGCONFIG_OVERRIDE=    libcurl.pc.in
+TEST_TARGET=           check
 
 INSTALLATION_DIRS=     share/doc/curl
 
-.include "../../mk/bsd.prefs.mk"
-
-TEST_TARGET=           check
-
 .include "options.mk"
 
 post-install:
@@ -36,8 +32,8 @@
        ${INSTALL_DATA} ${WRKSRC}/docs/${f} ${DESTDIR}${PREFIX}/share/doc/curl/
 .endfor
 
-.include "../../mk/pthread.buildlink3.mk"
 .include "../../devel/gettext-lib/buildlink3.mk"
 .include "../../devel/zlib/buildlink3.mk"
 .include "../../security/openssl/buildlink3.mk"
+.include "../../mk/pthread.buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"
diff -r 67ed833fec46 -r ecafe85d2990 www/curl/PLIST
--- a/www/curl/PLIST    Sat Feb 16 11:43:16 2019 +0000
+++ b/www/curl/PLIST    Sat Feb 16 15:59:04 2019 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.72 2018/12/12 11:09:55 leot Exp $
+@comment $NetBSD: PLIST,v 1.72.2.1 2019/02/16 15:59:04 bsiegert Exp $
 bin/curl
 bin/curl-config
 include/curl/curl.h
@@ -166,6 +166,7 @@
 man/man3/CURLOPT_HEADERDATA.3
 man/man3/CURLOPT_HEADERFUNCTION.3
 man/man3/CURLOPT_HEADEROPT.3
+man/man3/CURLOPT_HTTP09_ALLOWED.3
 man/man3/CURLOPT_HTTP200ALIASES.3
 man/man3/CURLOPT_HTTPAUTH.3
 man/man3/CURLOPT_HTTPGET.3
@@ -336,6 +337,8 @@
 man/man3/CURLOPT_TLSAUTH_PASSWORD.3
 man/man3/CURLOPT_TLSAUTH_TYPE.3
 man/man3/CURLOPT_TLSAUTH_USERNAME.3
+man/man3/CURLOPT_TRAILERDATA.3
+man/man3/CURLOPT_TRAILERFUNCTION.3
 man/man3/CURLOPT_TRANSFERTEXT.3
 man/man3/CURLOPT_TRANSFER_ENCODING.3
 man/man3/CURLOPT_UNIX_SOCKET_PATH.3
diff -r 67ed833fec46 -r ecafe85d2990 www/curl/distinfo
--- a/www/curl/distinfo Sat Feb 16 11:43:16 2019 +0000
+++ b/www/curl/distinfo Sat Feb 16 15:59:04 2019 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.149 2018/12/12 11:09:55 leot Exp $
+$NetBSD: distinfo,v 1.149.2.1 2019/02/16 15:59:04 bsiegert Exp $
 
-SHA1 (curl-7.63.0.tar.bz2) = 78557209ce20e7283c4407a03c57036ba9242e40
-RMD160 (curl-7.63.0.tar.bz2) = b4494d189022ae210ed4119a2cf1cba6fb353dd4
-SHA512 (curl-7.63.0.tar.bz2) = 2873ef57b15cf12e508626f4546f6e06450cb87b239be1d26d9b3a22f7533d76eebabb5fa00e7b8c5d7fc9854356997ce164afb069411d079b2b9f0bdb00db25
-Size (curl-7.63.0.tar.bz2) = 3001355 bytes
+SHA1 (curl-7.64.0.tar.xz) = 7539acc0742c2fb1472bc2904f0bd58eeebc011a
+RMD160 (curl-7.64.0.tar.xz) = 40806b3ea50ddab9d2f063dad37e81fdf6b04a17
+SHA512 (curl-7.64.0.tar.xz) = 953f1f5336ce5dfd1b9f933624432d401552d91ee02d39ecde6f023c956f99ec6aae8d7746d7c34b6eb2d6452f114e67da4e64d9c8dd90b7644b7844e7b9b423
+Size (curl-7.64.0.tar.xz) = 2398904 bytes
 SHA1 (patch-configure) = 9b65a0b9564b7226942d1d1efef576b381a9755e
 SHA1 (patch-curl-config.in) = 363359665985cc14f36ddf47fc3480f1200e3533
 SHA1 (patch-lib_hostcheck.c) = 8e772d3f91cdafae17281cc19004269ece0cf308



Home | Main Index | Thread Index | Old Index