Re: CVS commit: pkgsrc/www/curl

To: spz%netbsd.org@localhost
Subject: Re: CVS commit: pkgsrc/www/curl
From: Alistair Crooks <alistaircrooks%gmail.com@localhost>
Date: Tue, 30 Jun 2015 09:16:36 -0700
As I sent yesterday, and which I hope made it through to tech-pkg from gmail:

"Despite the fact that the freeze is now over, I've been informed that
there are problems with curl 7.43.0 caching "Content-Length" between
requests on the same connection. Probably best to wait for a fixed
version to come from upstream."

Best,
Alistair

On 29 June 2015 at 22:46, S.P.Zeidler <spz%netbsd.org@localhost> wrote:
> Module Name:    pkgsrc
> Committed By:   spz
> Date:           Tue Jun 30 05:46:56 UTC 2015
>
> Modified Files:
>         pkgsrc/www/curl: Makefile PLIST distinfo
>         pkgsrc/www/curl/patches: patch-aa patch-curl-config.in
>             patch-lib_hostcheck.c
> Removed Files:
>         pkgsrc/www/curl/patches: patch-lib_http2.c
>
> Log Message:
> update of curl to version 7.43.0. Upstream RELEASE_NOTES:
>
> Curl and libcurl 7.43.0
>
>  Public curl releases:         147
>  Command line options:         176
>  curl_easy_setopt() options:   219
>  Public functions in libcurl:  58
>  Contributors:                 1291
>
> This release includes the following changes:
>
>  o Added CURLOPT_PROXY_SERVICE_NAME[11]
>  o Added CURLOPT_SERVICE_NAME[12]
>  o New curl option: --proxy-service-name[13]
>  o Mew curl option: --service-name [14]
>  o New curl option: --data-raw [5]
>  o Added CURLOPT_PIPEWAIT [15]
>  o Added support for multiplexing transfers using HTTP/2, enable this
>    with the new CURLPIPE_MULTIPLEX bit for CURLMOPT_PIPELINING [16]
>  o HTTP/2: requires nghttp2 1.0.0 or later
>  o scripts: add zsh.pl for generating zsh completion
>  o curl.h: add CURL_HTTP_VERSION_2
>
> This release includes the following bugfixes:
>
>  o CVE-2015-3236: lingering HTTP credentials in connection re-use [30]
>  o CVE-2015-3237: SMB send off unrelated memory contents [31]
>  o nss: fix compilation failure with old versions of NSS [1]
>  o curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION
>  o schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error
>  o Curl_ossl_init: load builtin modules [2]
>  o configure: follow-up fix for krb5-config [3]
>  o sasl_sspi: Populate domain from the realm in the challenge [4]
>  o netrc: support 'default' token
>  o README: convert to UTF-8
>  o cyassl: Implement public key pinning
>  o nss: implement public key pinning for NSS backend
>  o mingw build: add arch -m32/-m64 to LDFLAGS
>  o schannel: Fix out of bounds array [6]
>  o configure: remove autogenerated files by autoconf
>  o configure: remove --automake from libtoolize call
>  o acinclude.m4: fix shell test for default CA cert bundle/path
>  o schannel: fix regression in schannel_recv [7]
>  o openssl: skip trace outputs for ssl_ver == 0 [8]
>  o gnutls: properly retrieve certificate status
>  o netrc: Read in text mode when cygwin [9]
>  o winbuild: Document the option used to statically link the CRT [10]
>  o FTP: Make EPSV use the control IP address rather than the original host
>  o FTP: fix dangling conn->ip_addr dereference on verbose EPSV
>  o conncache: keep bundles on host+port bases, not only host names
>  o runtests.pl: use 'h2c' now, no -14 anymore
>  o curlver: introducing new version number (checking) macros
>  o openssl: boringssl build brekage, use SSL_CTX_set_msg_callback [17]
>  o CURLOPT_POSTFIELDS.3: correct variable names [18]
>  o curl_easy_unescape.3: update RFC reference [19]
>  o gnutls: don't fail on non-fatal alerts during handshake
>  o testcurl.pl: allow source to be in an arbitrary directory
>  o CURLOPT_HTTPPROXYTUNNEL.3: only works with a HTTP proxy
>  o SSPI-error: Change SEC_E_ILLEGAL_MESSAGE description [20]
>  o parse_proxy: switch off tunneling if non-HTTP proxy [21]
>  o share_init: fix OOM crash
>  o perl: remove subdir, not touched in 9 years
>  o CURLOPT_COOKIELIST.3: Add example
>  o CURLOPT_COOKIE.3: Explain that the cookies won't be modified [22]
>  o CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain [23]
>  o FAQ: How do I port libcurl to my OS?
>  o openssl: Use TLS_client_method for OpenSSL 1.1.0+
>  o HTTP-NTLM: fail auth on connection close instead of looping [24]
>  o curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT [25]
>  o curl_getdate.3: update RFC reference
>  o curl_multi_info_read.3: added example
>  o curl_multi_perform.3: added example
>  o curl_multi_timeout.3: added example
>  o cookie: Stop exporting any-domain cookies [26]
>  o openssl: remove dummy callback use from SSL_CTX_set_verify()
>  o openssl: remove SSL_get_session()-using code
>  o openssl: removed USERDATA_IN_PWD_CALLBACK kludge
>  o openssl: removed error string #ifdef
>  o openssl: Fix verification of server-sent legacy intermediates [27]
>  o docs: man page indentation and syntax fixes
>  o docs: Spelling fixes
>  o fopen.c: fix a few compiler warnings
>  o CURLOPT_OPENSOCKETFUNCTION: return error at once [28]
>  o schannel: Add support for optional client certificates
>  o build: Properly detect OpenSSL 1.0.2 when using configure
>  o urldata: store POST size in state.infilesize too [29]
>  o security:choose_mech remove dead code
>  o rtsp_do: remove dead code
>  o docs: many HTTP URIs changed to HTTPS
>  o schannel: schannel_recv overhaul [32]
>
> This release includes the following known bugs:
>
>  o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)
>
> This release would not have looked like this without help, code, reports and
> advice from friends like these:
>
>   Alessandro Ghedini, Alexander Dyagilev, Anders Bakken, Anthony Avina,
>   Ashish Shukla, Bert Huijben, Brian Chrisman, Brian Prodoehl, Chris Araman,
>   Dagobert Michelsen, Dan Fandrich, Daniel Melani, Daniel Stenberg,
>   Dmitry Eremin-Solenikov, Drake Arconis, Egon Eckert, Frank Meier, Fred Stluka,
>   Gisle Vanem, Grant Pannell, Isaac Boukris, Jens Rantil, Joel Depooter,
>   Kamil Dudka, Linus Nielsen Feltzing, Linus Nielsen Feltzing Feltzing,
>   Liviu Chircu, Marc Hoersken, Michael Osipov, Oren Souroujon, Orgad Shaneh,
>   Patrick Monnerat, Patrick Rapin, Paul Howarth, Paul Oliver, Rafayel Mkrtchyan,
>   Ray Satiro, Sean Boudreau, Tatsuhiro Tsujikawa, Tomas Tomecek, Viktor Szakáts,
>   Ville Skyttä, Yehezkel Horowitz,
>   (43 contributors)
>
>         Thanks! (and sorry if I forgot to mention someone)
>
> References to bug reports and discussions on issues:
>
>  [1] = http://curl.haxx.se/mail/lib-2015-04/0095.html
>  [2] = https://github.com/bagder/curl/pull/206
>  [3] = https://github.com/bagder/curl/commit/5b668606527613179d0349f21b4ab0df2971e3d2#commitcomment-10473445
>  [4] = https://github.com/bagder/curl/pull/141
>  [5] = https://github.com/bagder/curl/issues/198
>  [6] = http://curl.haxx.se/mail/lib-2015-04/0199.html
>  [7] = https://github.com/bagder/curl/issues/244
>  [8] = https://github.com/bagder/curl/issues/219
>  [9] = https://github.com/bagder/curl/pull/258
>  [10] = https://github.com/bagder/curl/issues/254
>  [11] = http://curl.haxx.se/libcurl/c/CURLOPT_PROXY_SERVICE_NAME.html
>  [12] = http://curl.haxx.se/libcurl/c/CURLOPT_SERVICE_NAME.html
>  [13] = http://curl.haxx.se/docs/manpage.html#--proxy-service-name
>  [14] = http://curl.haxx.se/docs/manpage.html#--service-name
>  [15] = http://curl.haxx.se/libcurl/c/CURLOPT_PIPEWAIT.html
>  [16] = http://curl.haxx.se/libcurl/c/CURLMOPT_PIPELINING.html
>  [17] = https://github.com/bagder/curl/issues/275
>  [18] = https://github.com/bagder/curl/issues/281
>  [19] = https://github.com/bagder/curl/issues/282
>  [20] = https://github.com/bagder/curl/issues/267
>  [21] = http://curl.haxx.se/mail/lib-2015-05/0056.html
>  [22] = http://curl.haxx.se/mail/lib-2015-05/0115.html
>  [23] = http://curl.haxx.se/mail/lib-2015-05/0137.html
>  [24] = https://github.com/bagder/curl/issues/256
>  [25] = https://github.com/bagder/curl/pull/258#issuecomment-107093055
>  [26] = https://github.com/bagder/curl/issues/292
>  [27] = https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
>  [28] = http://curl.haxx.se/mail/lib-2015-06/0047.html
>  [29] = http://curl.haxx.se/mail/lib-2015-06/0019.html
>  [30] = http://curl.haxx.se/docs/adv_20150617A.html
>  [31] = http://curl.haxx.se/docs/adv_20150617B.html
>  [32] = https://github.com/bagder/curl/issues/244
>
>
> To generate a diff of this commit:
> cvs rdiff -u -r1.150 -r1.151 pkgsrc/www/curl/Makefile
> cvs rdiff -u -r1.49 -r1.50 pkgsrc/www/curl/PLIST
> cvs rdiff -u -r1.105 -r1.106 pkgsrc/www/curl/distinfo
> cvs rdiff -u -r1.30 -r1.31 pkgsrc/www/curl/patches/patch-aa
> cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/curl/patches/patch-curl-config.in
> cvs rdiff -u -r1.1 -r1.2 pkgsrc/www/curl/patches/patch-lib_hostcheck.c
> cvs rdiff -u -r1.1 -r0 pkgsrc/www/curl/patches/patch-lib_http2.c
>
> Please note that diffs are not public domain; they are subject to the
> copyright notices on the relevant files.
>
Follow-Ups:
- Re: CVS commit: pkgsrc/www/curl
  - From: Tim Zingelman
References:
- CVS commit: pkgsrc/www/curl
  - From: S.P.Zeidler
Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/lang/ruby22-base
Previous by Thread: CVS commit: pkgsrc/www/curl
Next by Thread: Re: CVS commit: pkgsrc/www/curl
Indexes:
Home | Main Index | Thread Index | Old Index