pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/www/curl
Module Name: pkgsrc
Committed By: maya
Date: Wed Nov 2 07:09:39 UTC 2016
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
pkgsrc/www/curl/patches: patch-aa
Log Message:
curl: update to 7.51.0. security fix
Curl and libcurl 7.51.0
Public curl releases: 160
Command line options: 185
curl_easy_setopt() options: 225
Public functions in libcurl: 61
Contributors: 1467
This release includes the following changes:
o nss: additional cipher suites are now accepted by CURLOPT_SSL_CIPHER_LIST
o New option: CURLOPT_KEEP_SENDING_ON_ERROR [10]
This release includes the following bugfixes:
o CVE-2016-8615: cookie injection for other servers [28]
o CVE-2016-8616: case insensitive password comparison [29]
o CVE-2016-8617: OOB write via unchecked multiplication [30]
o CVE-2016-8618: double-free in curl_maprintf [31]
o CVE-2016-8619: double-free in krb5 code [32]
o CVE-2016-8620: glob parser write/read out of bounds [33]
o CVE-2016-8621: curl_getdate read out of bounds [34]
o CVE-2016-8622: URL unescape heap overflow via integer truncation [35]
o CVE-2016-8623: Use-after-free via shared cookies [36]
o CVE-2016-8624: invalid URL parsing with '#' [37]
o CVE-2016-8625: IDNA 2003 makes curl use wrong host [38]
o openssl: fix per-thread memory leak using 1.0.1 or 1.0.2 [1]
o http: accept "Transfer-Encoding: chunked" for HTTP/2 as well [2]
o LICENSE-MIXING.md: update with mbedTLS dual licensing [3]
o examples/imap-append: Set size of data to be uploaded [4]
o test2048: fix url
o darwinssl: disable RC4 cipher-suite support
o CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting
o openssl: don’t call CRYTPO_cleanup_all_ex_data [5]
o libressl: fix version output [6]
o easy: Reset all statistical session info in curl_easy_reset [7]
o curl_global_cleanup.3: don't unload the lib with sub threads running [8]
o dist: add CurlSymbolHiding.cmake to the tarball
o docs: Remove that --proto is just used for initial retrieval [9]
o configure: Fixed builds with libssh2 in a custom location
o curl.1: --trace supports % for sending to stderr!
o cookies: same domain handling changed to match browser behavior [11]
o formpost: trying to attach a directory no longer crashes [12]
o CURLOPT_DEBUGFUNCTION.3: fixed unused argument warning [13]
o formpost: avoid silent snprintf() truncation
o ftp: fix Curl_ftpsendf
o mprintf: return error on too many arguments
o smb: properly check incoming packet boundaries [14]
o GIT-INFO: remove the Mac 10.1-specific details [15]
o resolve: add error message when resolving using SIGALRM [16]
o cmake: add nghttp2 support [17]
o dist: remove PDF and HTML converted docs from the releases [18]
o configure: disable poll() in macOS builds [19]
o vtls: only re-use session-ids using the same scheme
o pipelining: skip to-be-closed connections when pipelining [20]
o win: fix Universal Windows Platform build [21]
o curl: do not set CURLOPT_SSLENGINE to DEFAULT automatically [22]
o maketgz: make it support "only" generating version info
o Curl_socket_check: add extra check to avoid integer overflow
o gopher: properly return error for poll failures
o curl: set INTERLEAVEDATA too
o polarssl: clear thread array at init
o polarssl: fix unaligned SSL session-id lock
o polarssl: reduce #ifdef madness with a macro
o curl_multi_add_handle: set timeouts in closure handles [23]
o configure: set min version flags for builds on mac [24]
o INSTALL: converted to markdown => INSTALL.md
o curl_multi_remove_handle: fix a double-free [25]
o multi: fix inifinte loop in curl_multi_cleanup() [26]
o nss: fix tight loop in non-blocking TLS handhsake over proxy [27]
o mk-ca-bundle: Change URL retrieval to HTTPS-only by default [39]
o mbedtls: stop using deprecated include file [40]
o docs: fix req->data in multi-uv example [41]
o configure: Fix test syntax for monotonic clock_gettime
o CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2 [42]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Akshay Vernekar, Alexander Sinditskiy, Anders Bakken, Andreas Streichardt,
Andrei Sedoi, Bernard Spil, Christian Heimes, Dan Fandrich,
Daniel Gustafsson, Daniel Stenberg, Darío Hereñú, David Woodhouse,
Fernando Muñoz, Gregory Szorc, Jeroen Ooms, Kamil Dudka, Luật Nguyễn,
lukaszgn on github, Marcel Raad, Martin Frodl, Martin Storsjö,
Michael Kaufmann, Michael Osipov, Miloš Ljumović, Nick Zitzmann,
nopjmp on github, Paul Joyce, Rainer Müller, Ray Satiro, Remo E,
Rider Linden, Sebastian Mundry, Sergei Kuzmin, Stephen Brokenshire,
Tobias Stoeckmann, Toby Peterson, Todd Short, Tony Kelman, Torben Dannhauer,
Valentin David,
(40 contributors)
Thanks! (and sorry if I forgot to mention someone)
References to bug reports and discussions on issues:
[1] = https://curl.haxx.se/bug/?i=964
[2] = https://curl.haxx.se/bug/?i=1013
[3] = https://curl.haxx.se/bug/?i=1019
[4] = https://curl.haxx.se/bug/?i=1011
[5] = https://curl.haxx.se/mail/lib-2016-09/0045.html
[6] = https://curl.haxx.se/bug/?i=1029
[7] = https://curl.haxx.se/bug/?i=1017
[8] = https://curl.haxx.se/bug/?i=997
[9] = https://curl.haxx.se/bug/?i=1031
[10] = https://curl.haxx.se/libcurl/c/CURLOPT_KEEP_SENDING_ON_ERROR.html
[11] = https://curl.haxx.se/bug/?i=1050
[12] = https://curl.haxx.se/bug/?i=1053
[13] = https://curl.haxx.se/bug/?i=1056
[14] = https://curl.haxx.se/bug/?i=1052
[15] = https://curl.haxx.se/bug/?i=1049
[16] = https://curl.haxx.se/bug/?i=1066
[17] = https://curl.haxx.se/bug/?i=922
[18] = https://curl.haxx.se/mail/lib-2016-10/0040.html
[19] = https://curl.haxx.se/bug/?i=1057
[20] = https://curl.haxx.se/bug/?i=1075
[21] = https://curl.haxx.se/bug/?i=1048
[22] = https://curl.haxx.se/bug/?i=1042
[23] = https://curl.haxx.se/bug/?i=739
[24] = https://curl.haxx.se/bug/?i=1069
[25] = https://curl.haxx.se/bug/?i=1083
[26] = https://curl.haxx.se/mail/lib-2016-10/0011.html
[27] = https://bugzilla.redhat.com/1388162
[28] = https://curl.haxx.se/docs/adv_20161102A.html
[29] = https://curl.haxx.se/docs/adv_20161102B.html
[30] = https://curl.haxx.se/docs/adv_20161102C.html
[31] = https://curl.haxx.se/docs/adv_20161102D.html
[32] = https://curl.haxx.se/docs/adv_20161102E.html
[33] = https://curl.haxx.se/docs/adv_20161102F.html
[34] = https://curl.haxx.se/docs/adv_20161102G.html
[35] = https://curl.haxx.se/docs/adv_20161102H.html
[36] = https://curl.haxx.se/docs/adv_20161102I.html
[37] = https://curl.haxx.se/docs/adv_20161102J.html
[38] = https://curl.haxx.se/docs/adv_20161102K.html
[39] = https://curl.haxx.se/bug/?i=1012
[40] = https://curl.haxx.se/bug/?i=1087
[41] = https://curl.haxx.se/bug/?i=1088
[42] = https://curl.haxx.se/bug/?i=1059
To generate a diff of this commit:
cvs rdiff -u -r1.172 -r1.173 pkgsrc/www/curl/Makefile
cvs rdiff -u -r1.59 -r1.60 pkgsrc/www/curl/PLIST
cvs rdiff -u -r1.123 -r1.124 pkgsrc/www/curl/distinfo
cvs rdiff -u -r1.34 -r1.35 pkgsrc/www/curl/patches/patch-aa
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/www/curl/Makefile
diff -u pkgsrc/www/curl/Makefile:1.172 pkgsrc/www/curl/Makefile:1.173
--- pkgsrc/www/curl/Makefile:1.172 Fri Oct 7 18:25:35 2016
+++ pkgsrc/www/curl/Makefile Wed Nov 2 07:09:38 2016
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.172 2016/10/07 18:25:35 adam Exp $
+# $NetBSD: Makefile,v 1.173 2016/11/02 07:09:38 maya Exp $
-DISTNAME= curl-7.50.3
-PKGREVISION= 1
+DISTNAME= curl-7.51.0
CATEGORIES= www
MASTER_SITES= https://curl.haxx.se/download/
EXTRACT_SUFX= .tar.bz2
Index: pkgsrc/www/curl/PLIST
diff -u pkgsrc/www/curl/PLIST:1.59 pkgsrc/www/curl/PLIST:1.60
--- pkgsrc/www/curl/PLIST:1.59 Wed Aug 3 08:57:51 2016
+++ pkgsrc/www/curl/PLIST Wed Nov 2 07:09:38 2016
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.59 2016/08/03 08:57:51 wiz Exp $
+@comment $NetBSD: PLIST,v 1.60 2016/11/02 07:09:38 maya Exp $
bin/curl
bin/curl-config
include/curl/curl.h
@@ -161,6 +161,7 @@ man/man3/CURLOPT_IOCTLDATA.3
man/man3/CURLOPT_IOCTLFUNCTION.3
man/man3/CURLOPT_IPRESOLVE.3
man/man3/CURLOPT_ISSUERCERT.3
+man/man3/CURLOPT_KEEP_SENDING_ON_ERROR.3
man/man3/CURLOPT_KEYPASSWD.3
man/man3/CURLOPT_KRBLEVEL.3
man/man3/CURLOPT_LOCALPORT.3
Index: pkgsrc/www/curl/distinfo
diff -u pkgsrc/www/curl/distinfo:1.123 pkgsrc/www/curl/distinfo:1.124
--- pkgsrc/www/curl/distinfo:1.123 Wed Sep 14 07:12:12 2016
+++ pkgsrc/www/curl/distinfo Wed Nov 2 07:09:38 2016
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.123 2016/09/14 07:12:12 wiz Exp $
+$NetBSD: distinfo,v 1.124 2016/11/02 07:09:38 maya Exp $
-SHA1 (curl-7.50.3.tar.bz2) = 18ae1e5429d5bcf9a35832eda5b4762a1041f715
-RMD160 (curl-7.50.3.tar.bz2) = 15db3008862eff79fa7ed472f26054a615a93177
-SHA512 (curl-7.50.3.tar.bz2) = 59012f0d9abd38d00e0b2db0cd5d8b513c08000354d31e7318007b688dc1eb71a0ac71a13acd40b0becc6199299091697b448d2e6895f90e103a23cd23f7f621
-Size (curl-7.50.3.tar.bz2) = 7478393 bytes
-SHA1 (patch-aa) = 793701d5ecc3343170fb437906c9adb74763cd13
+SHA1 (curl-7.51.0.tar.bz2) = f02a14bbe580d2a8cf3bf45a79d39eb595220ac7
+RMD160 (curl-7.51.0.tar.bz2) = 234ca5a35fb911ad8428799c7186f07ae5df5965
+SHA512 (curl-7.51.0.tar.bz2) = f4da06a5ea8ef1553130cec9c162ecf51153208106473b52924dc75d57b564ef845347eb252942c138db4b5ccbc17b4fb3d026afc2d1cbec2ee1566046d11cbf
+Size (curl-7.51.0.tar.bz2) = 2570046 bytes
+SHA1 (patch-aa) = d79a8d6c15863848f2328553cbc273bbc941f749
SHA1 (patch-curl-config.in) = d0cc7bb6a5bf0b9257f40dcffce7093cc0098eb7
SHA1 (patch-lib_hostcheck.c) = 8e772d3f91cdafae17281cc19004269ece0cf308
Index: pkgsrc/www/curl/patches/patch-aa
diff -u pkgsrc/www/curl/patches/patch-aa:1.34 pkgsrc/www/curl/patches/patch-aa:1.35
--- pkgsrc/www/curl/patches/patch-aa:1.34 Mon Aug 17 15:43:27 2015
+++ pkgsrc/www/curl/patches/patch-aa Wed Nov 2 07:09:39 2016
@@ -1,11 +1,11 @@
-$NetBSD: patch-aa,v 1.34 2015/08/17 15:43:27 wiz Exp $
+$NetBSD: patch-aa,v 1.35 2016/11/02 07:09:39 maya Exp $
builtin krb5-config in platforms such as solaris do not support
the gssapi option, and need an explicit -lgss
---- configure.orig 2015-08-10 12:54:00.000000000 +0000
+--- configure.orig 2016-10-31 09:41:43.000000000 +0000
+++ configure
-@@ -3737,6 +3737,7 @@ $as_echo "$as_me: $xc_bad_var_msg librar
+@@ -3817,6 +3817,7 @@ $as_echo "$as_me: $xc_bad_var_msg librar
;;
esac
done
@@ -13,7 +13,7 @@ the gssapi option, and need an explicit
if test $xc_bad_var_cflags = yes; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: using CFLAGS: $CFLAGS" >&5
$as_echo "$as_me: using CFLAGS: $CFLAGS" >&6;}
-@@ -16723,7 +16724,7 @@ squeeze() {
+@@ -17278,7 +17279,7 @@ squeeze() {
#
@@ -22,16 +22,7 @@ the gssapi option, and need an explicit
#
if test "$compiler_id" = "GNU_C" ||
test "$compiler_id" = "CLANG"; then
-@@ -19971,7 +19972,7 @@ done
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for monotonic clock_gettime" >&5
- $as_echo_n "checking for monotonic clock_gettime... " >&6; }
- #
-- if test "x$dontwant_rt" == "xno" ; then
-+ if test "x$dontwant_rt" = "xno" ; then
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
-
-@@ -21174,7 +21175,11 @@ $as_echo "yes" >&6; }
+@@ -21820,7 +21821,11 @@ $as_echo "yes" >&6; }
if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then
GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi`
elif test -f "$KRB5CONFIG"; then
@@ -44,7 +35,7 @@ the gssapi option, and need an explicit
elif test "$GSSAPI_ROOT" != "yes"; then
GSSAPI_INCS="-I$GSSAPI_ROOT/include"
fi
-@@ -21347,7 +21352,7 @@ $as_echo "#define HAVE_GSSAPI 1" >>confd
+@@ -21993,7 +21998,7 @@ $as_echo "#define HAVE_GSSAPI 1" >>confd
LIBS="-lgss $LIBS"
;;
*)
Home |
Main Index |
Thread Index |
Old Index