pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2017Q1]: pkgsrc/www/curl Pullup ticket #5327 - requested by wiz



details:   https://anonhg.NetBSD.org/pkgsrc/rev/56098e685630
branches:  pkgsrc-2017Q1
changeset: 360284:56098e685630
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Sun Apr 23 09:15:48 2017 +0000

description:
Pullup ticket #5327 - requested by wiz
www/curl: security fix

Revisions pulled up:
- www/curl/Makefile                                             1.180
- www/curl/PLIST                                                1.63
- www/curl/distinfo                                             1.130-1.131
- www/curl/patches/patch-src_Makefile.in                        1.1

---
   Module Name: pkgsrc
   Committed By:        wiz
   Date:                Wed Apr 19 10:28:07 UTC 2017

   Modified Files:
        pkgsrc/www/curl: Makefile PLIST distinfo

   Log Message:
   Updated curl to 7.54.0.

   Curl and libcurl 7.54.0

    Public curl releases:         165
    Command line options:         207
    curl_easy_setopt() options:   245
    Public functions in libcurl:  61
    Contributors:                 1538

   This release includes the following changes:
    o Add CURL_SSLVERSION_MAX_* constants to CURLOPT_SSLVERSION [19]
    o Add --max-tls [19]
    o Add CURLOPT_SUPPRESS_CONNECT_HEADERS [24]
    o Add --suppress-connect-headers [24]

   This release includes the following bugfixes:

    o CVE-2017-7468: switch off SSL session id when client cert is used [68]
    o cmake: Replace invalid UTF-8 byte sequence [1]
    o tests: use consistent environment variables for setting charset
    o proxy: fixed a memory leak on OOM
    o ftp: removed an erroneous free in an OOM path
    o docs: de-duplicate file lists in the Makefiles [2]
    o ftp: fixed a NULL pointer dereference on OOM
    o gopher: fixed detection of an error condition from Curl_urldecode
    o url: fix unix-socket support for proxy-disabled builds [3]
    o test1139: allow for the possibility that the man page is not rebuilt
    o cyassl: get library version string at runtime
    o digest_sspi: fix compilation warning
    o tests: enable HTTP/2 tests to run with non-default port numbers
    o warnless: suppress compiler warning
    o darwinssl: Warn that disabling host verify also disables SNI [4]
    o configure: fix for --enable-pthreads [5]
    o checksrc.bat: Ignore curl_config.h.in, curl_config.h
    o no-keepalive.d: fix typo [6]
    o configure: fix --with-zlib when a path is specified [7]
    o build: fix gcc7 implicit fallthrough warnings [8]
    o fix potential use of uninitialized variables [9]
    o CURLOPT_SSL_CTX_FUNCTION.3: Fix EXAMPLE formatting errors [10]
    o CMake: Reorganize SSL support, separate WinSSL and SSPI [11]
    o CMake: Add DarwinSSL support [12]
    o CMake: Add mbedTLS support [13]
    o ares: return error at once if timed out before name resolve starts [14]
    o BINDINGS: added C++, perl, go and Scilab bindings
    o URL: return error on malformed URLs with junk after port number
    o KNOWN_BUGS: Add DarwinSSL won't import PKCS#12 without a password [15]
    o http2: Fix assertion error on redirect with CL=0 [16]
    o updatemanpages.pl: Update man pages to use current date and versions [17]
    o --insecure: clarify that this option is for server connections [18]
    o mkhelp: simplified the gzip code
    o build: fixed making man page in out-of-tree tarball builds
    o tests: disabled 1903 due to flakiness
    o openssl: add two /* FALLTHROUGH */ to satisfy coverity
    o cmdline-opts: fixed a few typos
    o authneg: clear auth.multi flag at http_done [20]
    o curl_easy_reset: Also reset the authentication state [21]
    o proxy: skip SSL initialization for closed connections [22]
    o http_proxy: ignore TE and CL in CONNECT 2xx responses [23]
    o tool_writeout: fixed a buffer read overrun on --write-out
    o make: regenerate docs/curl.1 by running make in docs [25]
    o winbuild: add basic support for OpenSSL 1.1.x [26]
    o build: removed redundant DEPENDENCIES from makefiles
    o CURLINFO_LOCAL_PORT.3: added example
    o curl: show HTTPS-Proxy options on CURLE_SSL_CACERT [27]
    o tests: strip more options from non-HTTP --libcurl tests
    o tests: fixed the documented test server port numbers
    o runtests.pl: fixed display of the Gopher IPv6 port number
    o multi: fix streamclose() crash in debug mode [28]
    o cmake: build manual pages [29]
    o cmake: add support for building HTML and PDF docs [30]
    o mbedtls: add support for CURLOPT_SSL_CTX_FUNCTION [31]
    o make: introduce 'test-nonflaky' target
    o CURLINFO_PRIMARY_IP.3: add example
    o tests/README: mention nroff for --manual tests [32]
    o mkhelp: disable compression if the perl gzip module is unavailable
    o openssl: fall back on SSL_ERROR_* string when no error detail [33]
    o asiohiper: make sure socket is open in event_cb [34]
    o tests/README: make "Run" section foolproof [35]
    o curl: check for end of input in writeout backslash handling
    o .gitattributes: turn off CRLF for *.am [36]
    o multi: fix MinGW-w64 compiler warnings
    o schannel: fix variable shadowing warning
    o openssl: exclude DSA code when OPENSSL_NO_DSA is defined [37]
    o http: Fix proxy connection reuse with basic-auth [38]
    o pause: handle mixed types of data when paused [39]
    o http: do not treat FTPS over CONNECT as HTTPS
    o conncache: make hashkey avoid malloc [40]
    o make: use the variable MAKE for recursive calls [41]
    o curl: fix callback argument inconsistency [42]
    o NTLM: check for features with #ifdef instead of #if [43]
    o cmake: add several missing files to the dist
    o select: use correct SIZEOF_ constant [44]
    o connect: fix unreferenced parameter warning
    o schannel: fix unused variable warning
    o gcc7: fix * in boolean context [45]
    o http2: silence unused parameter warnings
    o ssh: fix narrowing conversion warning
    o telnet: (win32) fix read callback return variable [46]
    o docs: Explain --fail-early does not imply --fail [47]
    o docs: added examples for CURLINFO_FILETIME.3 and CURLOPT_FILETIME.3
    o tests/server/util: remove in6addr_any for recent MinGW [48]
    o multi: make curl_multi_wait avoid malloc in the typical case [49]
    o include: curl/system.h is a run-time version of curlbuild.h [50]
    o easy: silence compiler warning
    o llist: replace Curl_llist_alloc with Curl_llist_init [51]
    o hash: move key into hash struct to reduce mallocs [52]
    o url: don't free postponed data on connection reuse [53]
    o curl_sasl: declare mechtable static
    o curl: fix Windows Unicode build
    o multi: fix queueing of pending easy handles [54]
    o tool_operate: fix MinGW compiler warning [55]
    o low_speed_limit: improved function for longer time periods [56]
    o gtls: fix compiler warning
    o sspi: print out InitializeSecurityContext() error message [57]
    o schannel: fix compiler warnings [58]
    o vtls: fix unreferenced variable warnings
    o INSTALL.md: fix secure transport configure arguments
    o CURLINFO_SCHEME.3: fix variable type
    o libcurl-thread.3: also mention threaded-resolver [59]
    o nss: load CA certificates even with --insecure [60]
    o openssl: fix this statement may fall through [61]
    o poll: prefer <poll.h> over <sys/poll.h> [62]
    o polarssl: unbreak build with versions < 1.3.8 [63]
    o Curl_expire_latest: ignore already expired timers [64]
    o configure: turn implicit function declarations into errors [65]
    o mbedtls: fix memory leak in error path [66]
    o http2: fix handle leak in error path [67]
    o .gitattributes: force shell scripts to LF [69]
    o configure.ac: ignore CR after version numbers [70]
    o extern-scan.pl: strip trailing CR [71]
    o openssl: make SSL_ERROR_to_str more future-proof [72]
    o openssl: fix thread-safety bugs in error-handling [73]
    o openssl: don't try to print nonexistant peer private keys [74]
    o nss: fix MinGW compiler warnings [75]

---
   Module Name:    pkgsrc
   Committed By:   ryoon
   Date:           Wed Apr 19 16:37:33 UTC 2017

   Modified Files:
           pkgsrc/www/curl: distinfo
   Added Files:
           pkgsrc/www/curl/patches: patch-src_Makefile.in

   Log Message:
   Do not use GNU make syntax. Fix build with bmake

diffstat:

 www/curl/Makefile                      |   9 ++-------
 www/curl/PLIST                         |   4 +++-
 www/curl/distinfo                      |  15 ++++++---------
 www/curl/patches/patch-src_Makefile.in |  22 ++++++++++++++++++++++
 4 files changed, 33 insertions(+), 17 deletions(-)

diffs (95 lines):

diff -r 70ca39e05ecd -r 56098e685630 www/curl/Makefile
--- a/www/curl/Makefile Thu Apr 20 18:27:26 2017 +0000
+++ b/www/curl/Makefile Sun Apr 23 09:15:48 2017 +0000
@@ -1,15 +1,10 @@
-# $NetBSD: Makefile,v 1.178.2.1 2017/04/05 21:16:45 spz Exp $
+# $NetBSD: Makefile,v 1.178.2.2 2017/04/23 09:15:48 bsiegert Exp $
 
-DISTNAME=      curl-7.53.1
-PKGREVISION=   1
+DISTNAME=      curl-7.54.0
 CATEGORIES=    www
 MASTER_SITES=  https://curl.haxx.se/download/
 EXTRACT_SUFX=  .tar.bz2
 
-PATCH_SITES=           https://curl.haxx.se/
-PATCHFILES=            CVE-2017-7407.patch
-PATCH_DIST_STRIP=      -p1
-
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
 HOMEPAGE=      https://curl.haxx.se/
 COMMENT=       Client that groks URLs
diff -r 70ca39e05ecd -r 56098e685630 www/curl/PLIST
--- a/www/curl/PLIST    Thu Apr 20 18:27:26 2017 +0000
+++ b/www/curl/PLIST    Sun Apr 23 09:15:48 2017 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.62 2017/02/22 10:29:43 wiz Exp $
+@comment $NetBSD: PLIST,v 1.62.2.1 2017/04/23 09:15:48 bsiegert Exp $
 bin/curl
 bin/curl-config
 include/curl/curl.h
@@ -9,6 +9,7 @@
 include/curl/mprintf.h
 include/curl/multi.h
 include/curl/stdcheaders.h
+include/curl/system.h
 include/curl/typecheck-gcc.h
 lib/libcurl.la
 lib/pkgconfig/libcurl.pc
@@ -291,6 +292,7 @@
 man/man3/CURLOPT_STREAM_DEPENDS.3
 man/man3/CURLOPT_STREAM_DEPENDS_E.3
 man/man3/CURLOPT_STREAM_WEIGHT.3
+man/man3/CURLOPT_SUPPRESS_CONNECT_HEADERS.3
 man/man3/CURLOPT_TCP_FASTOPEN.3
 man/man3/CURLOPT_TCP_KEEPALIVE.3
 man/man3/CURLOPT_TCP_KEEPIDLE.3
diff -r 70ca39e05ecd -r 56098e685630 www/curl/distinfo
--- a/www/curl/distinfo Thu Apr 20 18:27:26 2017 +0000
+++ b/www/curl/distinfo Sun Apr 23 09:15:48 2017 +0000
@@ -1,13 +1,10 @@
-$NetBSD: distinfo,v 1.128.2.1 2017/04/05 21:16:45 spz Exp $
+$NetBSD: distinfo,v 1.128.2.2 2017/04/23 09:15:48 bsiegert Exp $
 
-SHA1 (CVE-2017-7407.patch) = 46a1e234f2db11032696260630c1e51ecf525002
-RMD160 (CVE-2017-7407.patch) = 21c9a12c15f1774a336c00956348260669a36089
-SHA512 (CVE-2017-7407.patch) = 05ab29bef14abef013f2df9dee9ad5a449a0b24838f1376d4f53db9bb428c3769e264302ac9098563e9a2cc57b56c6fba9805581cae7f4a115d8be9f623714e3
-Size (CVE-2017-7407.patch) = 4652 bytes
-SHA1 (curl-7.53.1.tar.bz2) = ae4a14778ef9ac3aaeaa022243d6e26c0bf1362b
-RMD160 (curl-7.53.1.tar.bz2) = 9b8bee9e4833d65a4531c86a34011817aa1fea36
-SHA512 (curl-7.53.1.tar.bz2) = c668494d0e795f34b00505ca68ab41fbb475a1bccbcac1d0bbacbbbafa40a994472e100be18a0c10f8fa21b5b9bd3f4e66c1e68ff5423b13b82d829cbaefcd52
-Size (curl-7.53.1.tar.bz2) = 2609559 bytes
+SHA1 (curl-7.54.0.tar.bz2) = e1cc251508e98bc5a8b9d5c40d8a4f6e48465d1c
+RMD160 (curl-7.54.0.tar.bz2) = 853ff262182b071c5cf93ffecaf6ee049c3fffc7
+SHA512 (curl-7.54.0.tar.bz2) = 2ed8d32a6803ecddcb587495107d9ebce724d34dae5cad1f8be241e93340e913bb8ce9b69259cb84b3d53c2e672e142c3aad471c4a251bd1d42fc06eb9d8f650
+Size (curl-7.54.0.tar.bz2) = 2602286 bytes
 SHA1 (patch-configure) = 0f065d05cdf9b36e49253481b90ee7c057e87998
 SHA1 (patch-curl-config.in) = d0cc7bb6a5bf0b9257f40dcffce7093cc0098eb7
 SHA1 (patch-lib_hostcheck.c) = 8e772d3f91cdafae17281cc19004269ece0cf308
+SHA1 (patch-src_Makefile.in) = 74a11ec9bfcdba9fb07bd4338fb3025f24bafe0e
diff -r 70ca39e05ecd -r 56098e685630 www/curl/patches/patch-src_Makefile.in
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/curl/patches/patch-src_Makefile.in    Sun Apr 23 09:15:48 2017 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-src_Makefile.in,v 1.2.2.2 2017/04/23 09:15:48 bsiegert Exp $
+
+--- src/Makefile.in.orig       2017-04-18 11:42:47.000000000 +0000
++++ src/Makefile.in
+@@ -2039,14 +2039,14 @@ uninstall-am: uninstall-binPROGRAMS
+ @HAVE_LIBZ_TRUE@@USE_MANUAL_TRUE@$(HUGE): $(MANPAGE) $(README) $(MKHELP)
+ @HAVE_LIBZ_TRUE@@USE_MANUAL_TRUE@     echo '#include "tool_setup.h"' > $(HUGE)
+ @HAVE_LIBZ_TRUE@@USE_MANUAL_TRUE@     echo '#ifndef HAVE_LIBZ' >> $(HUGE)
+-@HAVE_LIBZ_TRUE@@USE_MANUAL_TRUE@     $(NROFF) $< | $(PERL) $(MKHELP) $(README) >> $(HUGE)
++@HAVE_LIBZ_TRUE@@USE_MANUAL_TRUE@     $(NROFF) $(MANPAGE) | $(PERL) $(MKHELP) $(README) >> $(HUGE)
+ @HAVE_LIBZ_TRUE@@USE_MANUAL_TRUE@     echo '#else' >> $(HUGE)
+-@HAVE_LIBZ_TRUE@@USE_MANUAL_TRUE@     $(NROFF) $< | $(PERL) $(MKHELP) -c $(README) >> $(HUGE)
++@HAVE_LIBZ_TRUE@@USE_MANUAL_TRUE@     $(NROFF) $(MANPAGE) | $(PERL) $(MKHELP) -c $(README) >> $(HUGE)
+ @HAVE_LIBZ_TRUE@@USE_MANUAL_TRUE@     echo '#endif /* HAVE_LIBZ */' >> $(HUGE)
+ # This generates the tool_hugehelp.c file uncompressed only
+ @HAVE_LIBZ_FALSE@@USE_MANUAL_TRUE@$(HUGE): $(MANPAGE) $(README) mkhelp.pl
+ @HAVE_LIBZ_FALSE@@USE_MANUAL_TRUE@    echo '#include "tool_setup.h"' > $(HUGE)
+-@HAVE_LIBZ_FALSE@@USE_MANUAL_TRUE@    $(NROFF) $< | $(PERL) $(MKHELP) $(README) >> $(HUGE)
++@HAVE_LIBZ_FALSE@@USE_MANUAL_TRUE@    $(NROFF) $(MANPAGE) | $(PERL) $(MKHELP) $(README) >> $(HUGE)
+ 
+ # built-in manual has been disabled, make a blank file
+ @USE_MANUAL_FALSE@$(HUGE):



Home | Main Index | Thread Index | Old Index