Re: CVS commit: pkgsrc/www/curl

To: alistaircrooks%gmail.com@localhost
Subject: Re: CVS commit: pkgsrc/www/curl
From: Tim Zingelman <tez%netbsd.org@localhost>
Date: Wed, 5 Aug 2015 16:38:39 -0500
It looks like this has been found and fixed... details & patches
linked from the FreeBSD bug here
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201147

 - Tim

On Tue, Jun 30, 2015 at 11:16 AM, Alistair Crooks
<alistaircrooks%gmail.com@localhost> wrote:
> As I sent yesterday, and which I hope made it through to tech-pkg from gmail:
>
> "Despite the fact that the freeze is now over, I've been informed that
> there are problems with curl 7.43.0 caching "Content-Length" between
> requests on the same connection. Probably best to wait for a fixed
> version to come from upstream."
>
> Best,
> Alistair
>
> On 29 June 2015 at 22:46, S.P.Zeidler <spz%netbsd.org@localhost> wrote:
>> Module Name:    pkgsrc
>> Committed By:   spz
>> Date:           Tue Jun 30 05:46:56 UTC 2015
>>
>> Modified Files:
>>         pkgsrc/www/curl: Makefile PLIST distinfo
>>         pkgsrc/www/curl/patches: patch-aa patch-curl-config.in
>>             patch-lib_hostcheck.c
>> Removed Files:
>>         pkgsrc/www/curl/patches: patch-lib_http2.c
>>
>> Log Message:
>> update of curl to version 7.43.0. Upstream RELEASE_NOTES:
>>
>> Curl and libcurl 7.43.0
>>
>>  Public curl releases:         147
>>  Command line options:         176
>>  curl_easy_setopt() options:   219
>>  Public functions in libcurl:  58
>>  Contributors:                 1291
>>
>> This release includes the following changes:
>>
>>  o Added CURLOPT_PROXY_SERVICE_NAME[11]
>>  o Added CURLOPT_SERVICE_NAME[12]
>>  o New curl option: --proxy-service-name[13]
>>  o Mew curl option: --service-name [14]
>>  o New curl option: --data-raw [5]
>>  o Added CURLOPT_PIPEWAIT [15]
>>  o Added support for multiplexing transfers using HTTP/2, enable this
>>    with the new CURLPIPE_MULTIPLEX bit for CURLMOPT_PIPELINING [16]
>>  o HTTP/2: requires nghttp2 1.0.0 or later
>>  o scripts: add zsh.pl for generating zsh completion
>>  o curl.h: add CURL_HTTP_VERSION_2
>>
>> This release includes the following bugfixes:
>>
>>  o CVE-2015-3236: lingering HTTP credentials in connection re-use [30]
>>  o CVE-2015-3237: SMB send off unrelated memory contents [31]
>>  o nss: fix compilation failure with old versions of NSS [1]
>>  o curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION
>>  o schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error
>>  o Curl_ossl_init: load builtin modules [2]
>>  o configure: follow-up fix for krb5-config [3]
>>  o sasl_sspi: Populate domain from the realm in the challenge [4]
>>  o netrc: support 'default' token
>>  o README: convert to UTF-8
>>  o cyassl: Implement public key pinning
>>  o nss: implement public key pinning for NSS backend
>>  o mingw build: add arch -m32/-m64 to LDFLAGS
>>  o schannel: Fix out of bounds array [6]
>>  o configure: remove autogenerated files by autoconf
>>  o configure: remove --automake from libtoolize call
>>  o acinclude.m4: fix shell test for default CA cert bundle/path
>>  o schannel: fix regression in schannel_recv [7]
>>  o openssl: skip trace outputs for ssl_ver == 0 [8]
>>  o gnutls: properly retrieve certificate status
>>  o netrc: Read in text mode when cygwin [9]
>>  o winbuild: Document the option used to statically link the CRT [10]
>>  o FTP: Make EPSV use the control IP address rather than the original host
>>  o FTP: fix dangling conn->ip_addr dereference on verbose EPSV
>>  o conncache: keep bundles on host+port bases, not only host names
>>  o runtests.pl: use 'h2c' now, no -14 anymore
>>  o curlver: introducing new version number (checking) macros
>>  o openssl: boringssl build brekage, use SSL_CTX_set_msg_callback [17]
>>  o CURLOPT_POSTFIELDS.3: correct variable names [18]
>>  o curl_easy_unescape.3: update RFC reference [19]
>>  o gnutls: don't fail on non-fatal alerts during handshake
>>  o testcurl.pl: allow source to be in an arbitrary directory
>>  o CURLOPT_HTTPPROXYTUNNEL.3: only works with a HTTP proxy
>>  o SSPI-error: Change SEC_E_ILLEGAL_MESSAGE description [20]
>>  o parse_proxy: switch off tunneling if non-HTTP proxy [21]
>>  o share_init: fix OOM crash
>>  o perl: remove subdir, not touched in 9 years
>>  o CURLOPT_COOKIELIST.3: Add example
>>  o CURLOPT_COOKIE.3: Explain that the cookies won't be modified [22]
>>  o CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain [23]
>>  o FAQ: How do I port libcurl to my OS?
>>  o openssl: Use TLS_client_method for OpenSSL 1.1.0+
>>  o HTTP-NTLM: fail auth on connection close instead of looping [24]
>>  o curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT [25]
>>  o curl_getdate.3: update RFC reference
>>  o curl_multi_info_read.3: added example
>>  o curl_multi_perform.3: added example
>>  o curl_multi_timeout.3: added example
>>  o cookie: Stop exporting any-domain cookies [26]
>>  o openssl: remove dummy callback use from SSL_CTX_set_verify()
>>  o openssl: remove SSL_get_session()-using code
>>  o openssl: removed USERDATA_IN_PWD_CALLBACK kludge
>>  o openssl: removed error string #ifdef
>>  o openssl: Fix verification of server-sent legacy intermediates [27]
>>  o docs: man page indentation and syntax fixes
>>  o docs: Spelling fixes
>>  o fopen.c: fix a few compiler warnings
>>  o CURLOPT_OPENSOCKETFUNCTION: return error at once [28]
>>  o schannel: Add support for optional client certificates
>>  o build: Properly detect OpenSSL 1.0.2 when using configure
>>  o urldata: store POST size in state.infilesize too [29]
>>  o security:choose_mech remove dead code
>>  o rtsp_do: remove dead code
>>  o docs: many HTTP URIs changed to HTTPS
>>  o schannel: schannel_recv overhaul [32]
>>
>> This release includes the following known bugs:
>>
>>  o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)
>>
>> This release would not have looked like this without help, code, reports and
>> advice from friends like these:
>>
>>   Alessandro Ghedini, Alexander Dyagilev, Anders Bakken, Anthony Avina,
>>   Ashish Shukla, Bert Huijben, Brian Chrisman, Brian Prodoehl, Chris Araman,
>>   Dagobert Michelsen, Dan Fandrich, Daniel Melani, Daniel Stenberg,
>>   Dmitry Eremin-Solenikov, Drake Arconis, Egon Eckert, Frank Meier, Fred Stluka,
>>   Gisle Vanem, Grant Pannell, Isaac Boukris, Jens Rantil, Joel Depooter,
>>   Kamil Dudka, Linus Nielsen Feltzing, Linus Nielsen Feltzing Feltzing,
>>   Liviu Chircu, Marc Hoersken, Michael Osipov, Oren Souroujon, Orgad Shaneh,
>>   Patrick Monnerat, Patrick Rapin, Paul Howarth, Paul Oliver, Rafayel Mkrtchyan,
>>   Ray Satiro, Sean Boudreau, Tatsuhiro Tsujikawa, Tomas Tomecek, Viktor Szakáts,
>>   Ville Skyttä, Yehezkel Horowitz,
>>   (43 contributors)
>>
>>         Thanks! (and sorry if I forgot to mention someone)
>>
>> References to bug reports and discussions on issues:
>>
>>  [1] = http://curl.haxx.se/mail/lib-2015-04/0095.html
>>  [2] = https://github.com/bagder/curl/pull/206
>>  [3] = https://github.com/bagder/curl/commit/5b668606527613179d0349f21b4ab0df2971e3d2#commitcomment-10473445
>>  [4] = https://github.com/bagder/curl/pull/141
>>  [5] = https://github.com/bagder/curl/issues/198
>>  [6] = http://curl.haxx.se/mail/lib-2015-04/0199.html
>>  [7] = https://github.com/bagder/curl/issues/244
>>  [8] = https://github.com/bagder/curl/issues/219
>>  [9] = https://github.com/bagder/curl/pull/258
>>  [10] = https://github.com/bagder/curl/issues/254
>>  [11] = http://curl.haxx.se/libcurl/c/CURLOPT_PROXY_SERVICE_NAME.html
>>  [12] = http://curl.haxx.se/libcurl/c/CURLOPT_SERVICE_NAME.html
>>  [13] = http://curl.haxx.se/docs/manpage.html#--proxy-service-name
>>  [14] = http://curl.haxx.se/docs/manpage.html#--service-name
>>  [15] = http://curl.haxx.se/libcurl/c/CURLOPT_PIPEWAIT.html
>>  [16] = http://curl.haxx.se/libcurl/c/CURLMOPT_PIPELINING.html
>>  [17] = https://github.com/bagder/curl/issues/275
>>  [18] = https://github.com/bagder/curl/issues/281
>>  [19] = https://github.com/bagder/curl/issues/282
>>  [20] = https://github.com/bagder/curl/issues/267
>>  [21] = http://curl.haxx.se/mail/lib-2015-05/0056.html
>>  [22] = http://curl.haxx.se/mail/lib-2015-05/0115.html
>>  [23] = http://curl.haxx.se/mail/lib-2015-05/0137.html
>>  [24] = https://github.com/bagder/curl/issues/256
>>  [25] = https://github.com/bagder/curl/pull/258#issuecomment-107093055
>>  [26] = https://github.com/bagder/curl/issues/292
>>  [27] = https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
>>  [28] = http://curl.haxx.se/mail/lib-2015-06/0047.html
>>  [29] = http://curl.haxx.se/mail/lib-2015-06/0019.html
>>  [30] = http://curl.haxx.se/docs/adv_20150617A.html
>>  [31] = http://curl.haxx.se/docs/adv_20150617B.html
>>  [32] = https://github.com/bagder/curl/issues/244
>>
>>
>> To generate a diff of this commit:
>> cvs rdiff -u -r1.150 -r1.151 pkgsrc/www/curl/Makefile
>> cvs rdiff -u -r1.49 -r1.50 pkgsrc/www/curl/PLIST
>> cvs rdiff -u -r1.105 -r1.106 pkgsrc/www/curl/distinfo
>> cvs rdiff -u -r1.30 -r1.31 pkgsrc/www/curl/patches/patch-aa
>> cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/curl/patches/patch-curl-config.in
>> cvs rdiff -u -r1.1 -r1.2 pkgsrc/www/curl/patches/patch-lib_hostcheck.c
>> cvs rdiff -u -r1.1 -r0 pkgsrc/www/curl/patches/patch-lib_http2.c
>>
>> Please note that diffs are not public domain; they are subject to the
>> copyright notices on the relevant files.
>>
References:
- CVS commit: pkgsrc/www/curl
  - From: S.P.Zeidler
- Re: CVS commit: pkgsrc/www/curl
  - From: Alistair Crooks
Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/math
Previous by Thread: Re: CVS commit: pkgsrc/www/curl
Next by Thread: CVS commit: pkgsrc/devel/p5-strictures
Indexes:
Home | Main Index | Thread Index | Old Index