Pullup ticket #5657 - requested by he

www/curl: security update

Revisions pulled up:
- www/curl/Makefile                                             1.190
- www/curl/distinfo                                             1.140,1.139
- www/curl/patches/patch-configure                              1.3

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Wed Nov 29 13:56:28 UTC 2017

   Modified Files:
   	pkgsrc/www/curl: Makefile distinfo

   Log Message:
   curl: update to 7.57.0.

   Curl and libcurl 7.57.0

    o auth: add support for RFC7616 - HTTP Digest access authentication [12]
    o share: add support for sharing the connection cache [31]
    o HTTP: implement Brotli content encoding [28]

   This release includes the following bugfixes:

    o CVE-2017-8816: NTLM buffer overflow via integer overflow [47]
    o CVE-2017-8817: FTP wildcard out of bounds read [48]
    o CVE-2017-8818: SSL out of buffer access [49]
    o curl_mime_filedata.3: fix typos [1]
    o libtest: Add required test libraries for lib1552 and lib1553 [2]
    o fix time diffs for systems using unsigned time_t [3]
    o ftplistparser: memory leak fix: free temporary memory always [4]
    o multi: allow table handle sizes to be overridden [5]
    o wildcards: don't use with non-supported protocols [6]
    o curl_fnmatch: return error on illegal wildcard pattern [7]
    o transfer: Fix chunked-encoding upload too early exit [8]
    o curl_setup: Improve detection of CURL_WINDOWS_APP [9]
    o resolvers: only include anything if needed [10]
    o setopt: fix CURLOPT_SSH_AUTH_TYPES option read
    o appveyor: add a win32 build
    o Curl_timeleft: change return type to timediff_t [11]
    o cmake: Export libcurl and curl targets to use by other cmake projects [13]
    o curl: in -F option arg, comma is a delimiter for files only [14]
    o curl: improved ";type=" handling in -F option arguments
    o timeval: use mach_absolute_time() on MacOS [15]
    o curlx: the timeval functions are no longer provided as curlx_* [16]
    o mkhelp.pl: do not generate comment with current date [17]
    o memdebug: use send/recv signature for curl_dosend/curl_dorecv [18]
    o cookie: avoid NULL dereference [19]
    o url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 [20]
    o include: remove conncache.h inclusion from where its not needed
    o CURLOPT_MAXREDIRS: allow -1 as a value [21]
    o tests: Fixed torture tests on tests 556 and 650
    o http2: Fixed OOM handling in upgrade request
    o url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
    o CURLOPT_INFILESIZE: accept -1 [22]
    o curl: pass through [] in URLs instead of calling globbing error [23]
    o curl: speed up handling of many URLs [24]
    o ntlm: avoid malloc(0) for zero length passwords [25]
    o url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES [26]
    o HTTP: support multiple Content-Encodings [27]
    o travis: add a job with brotli enabled
    o url: remove unncessary NULL-check
    o fnmatch: remove dead code
    o connect: store IPv6 connection status after valid connection [29]
    o imap: deal with commands case insensitively [30]
    o --interface: add support for Linux VRF [32]
    o content_encoding: fix inflate_stream for no bytes available [33]
    o cmake: Correctly include curl.rc in Windows builds [34]
    o cmake: Add missing setmode check [35]
    o connect.c: remove executable bit on file [36]
    o SMB: fix uninitialized local variable
    o zlib/brotli: only include header files in modules needing them [37]
    o URL: return error on malformed URLs with junk after IPv6 bracket [38]
    o openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY [39]
    o macOS: Fix missing connectx function with Xcode version older than 9.0 [40]
    o --resolve: allow IP address within [] brackets [41]
    o examples/curlx: Fix code style [42]
    o ntlm: remove unnecessary NULL-check to please scan-build [43]
    o Curl_llist_remove: fix potential NULL pointer deref [43]
    o mime: fix "Value stored to 'sz' is never read" scan-build error [43]
    o openssl: fix "Value stored to 'rc' is never read" scan-build error [43]
    o http2: fix "Value stored to 'hdbuf' is never read" scan-build error [43]
    o http2: fix "Value stored to 'end' is never read" scan-build error [43]
    o Curl_open: fix OOM return error correctly [43]
    o url: reject ASCII control characters and space in host names [44]
    o examples/rtsp: clear RANGE again after use [45]
    o connect: improve the bind error message [46]
    o make: fix "make distclean" [50]
    o connect: add support for new TCP Fast Open API on Linux [51]
    o metalink: fix memory-leak and NULL pointer dereference [52]
    o URL: update "file:" URL handling [53]
    o ssh: remove check for a NULL pointer [54]
    o global_init: ignore CURL_GLOBAL_SSL's absense [55]


   To generate a diff of this commit:
   cvs rdiff -u -r1.189 -r1.190 pkgsrc/www/curl/Makefile
   cvs rdiff -u -r1.139 -r1.140 pkgsrc/www/curl/distinfo

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   jperkin
   Date:           Fri Nov  3 09:40:37 UTC 2017

   Modified Files:
           pkgsrc/www/curl: distinfo
           pkgsrc/www/curl/patches: patch-configure

   Log Message:
   curl: Don't strip out user-supplied debug flags.


   To generate a diff of this commit:
   cvs rdiff -u -r1.138 -r1.139 pkgsrc/www/curl/distinfo
   cvs rdiff -u -r1.2 -r1.3 pkgsrc/www/curl/patches/patch-configure

3 files changed, 31 insertions, 15 deletions

diff --git a/www/curl/Makefile b/www/curl/Makefile
index a22664066cf..6dfd488a08f 100644
--- a/www/curl/Makefile
+++ b/www/curl/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.187.4.1 2017/11/12 12:13:32 spz Exp $
+# $NetBSD: Makefile,v 1.187.4.2 2017/12/27 18:34:01 spz Exp $
 
-DISTNAME=	curl-7.56.1
+DISTNAME=	curl-7.57.0
 CATEGORIES=	www
 MASTER_SITES=	https://curl.haxx.se/download/
 EXTRACT_SUFX=	.tar.bz2
diff --git a/www/curl/distinfo b/www/curl/distinfo
index 750e17406eb..37256c2f3ff 100644
--- a/www/curl/distinfo
+++ b/www/curl/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.136.4.1 2017/11/12 12:13:32 spz Exp $
+$NetBSD: distinfo,v 1.136.4.2 2017/12/27 18:34:01 spz Exp $
 
-SHA1 (curl-7.56.1.tar.bz2) = f17b8f71f801b266828067f6f7c0e950509890b9
-RMD160 (curl-7.56.1.tar.bz2) = ee08c268c414be3d2c9a0bbcb9b7fbcfb33f48e9
-SHA512 (curl-7.56.1.tar.bz2) = f8a602e6890b2791ea9199c80801ffd027980de3733d4ab001ee80b5167f840cc821c6fe7852087c88a471edc9d3f328cf660af3e2c6f7139d6c8de62b0ade68
-Size (curl-7.56.1.tar.bz2) = 2824548 bytes
-SHA1 (patch-configure) = fac0071bbb22cb379f36477e0e806a8f9f4d43eb
+SHA1 (curl-7.57.0.tar.bz2) = 7f47469324bf22cc9ffd1d3a201aa3c76ab626b8
+RMD160 (curl-7.57.0.tar.bz2) = e50c4ff25b6208187c5a3a10a5c8675faf75f64f
+SHA512 (curl-7.57.0.tar.bz2) = f366d2e931d7aff63bac0e1f760ced32c849252947d522427ba92124566906a7e6bd081b6d1630df36895dda2a00ac4cf1bed1470740693ef47ab90c6a270377
+Size (curl-7.57.0.tar.bz2) = 2849283 bytes
+SHA1 (patch-configure) = ba8abac55f11a53d07235e57d21ce5b32a421902
 SHA1 (patch-curl-config.in) = d0cc7bb6a5bf0b9257f40dcffce7093cc0098eb7
 SHA1 (patch-lib_hostcheck.c) = 8e772d3f91cdafae17281cc19004269ece0cf308
diff --git a/www/curl/patches/patch-configure b/www/curl/patches/patch-configure
index bb7b1e38f5a..8074f145ba7 100644
--- a/www/curl/patches/patch-configure
+++ b/www/curl/patches/patch-configure
@@ -1,13 +1,15 @@
-$NetBSD: patch-configure,v 1.2 2017/07/05 10:34:12 adam Exp $
+$NetBSD: patch-configure,v 1.2.4.1 2017/12/27 18:34:01 spz Exp $
 
 builtin krb5-config in platforms such as solaris do not support
 the gssapi option, and need an explicit -lgss
 
 On Darwin, do not append custom CFLAGS.
 
---- configure.orig	2017-06-14 06:10:57.000000000 +0000
+Do not strip debug flags.
+
+--- configure.orig	2017-10-17 14:31:48.000000000 +0000
 +++ configure
-@@ -4241,6 +4241,7 @@ $as_echo "$as_me: $xc_bad_var_msg librar
+@@ -4272,6 +4272,7 @@ $as_echo "$as_me: $xc_bad_var_msg librar
          ;;
      esac
    done
@@ -15,7 +17,7 @@ On Darwin, do not append custom CFLAGS.
    if test $xc_bad_var_cflags = yes; then
      { $as_echo "$as_me:${as_lineno-$LINENO}: using CFLAGS: $CFLAGS" >&5
  $as_echo "$as_me: using CFLAGS: $CFLAGS" >&6;}
-@@ -17702,7 +17703,7 @@ squeeze() {
+@@ -17159,7 +17160,7 @@ squeeze() {
  
  
        #
@@ -24,7 +26,21 @@ On Darwin, do not append custom CFLAGS.
      #
      if test "$compiler_id" = "GNU_C" ||
        test "$compiler_id" = "CLANG"; then
-@@ -19639,7 +19640,7 @@ $as_echo "no" >&6; }
+@@ -17482,13 +17483,6 @@ $as_echo_n "checking if compiler accepts
+       tmp_options="$flags_dbg_off"
+     fi
+     #
+-    if test "$flags_prefer_cppflags" = "yes"; then
+-      CPPFLAGS="$tmp_CPPFLAGS $tmp_options"
+-      CFLAGS="$tmp_CFLAGS"
+-    else
+-      CPPFLAGS="$tmp_CPPFLAGS"
+-      CFLAGS="$tmp_CFLAGS $tmp_options"
+-    fi
+     squeeze CPPFLAGS
+     squeeze CFLAGS
+ 
+@@ -19122,7 +19116,7 @@ $as_echo "no" >&6; }
    tst_cflags="no"
    case $host_os in
      darwin*)
@@ -33,7 +49,7 @@ On Darwin, do not append custom CFLAGS.
        ;;
    esac
  
-@@ -22272,7 +22273,11 @@ $as_echo "yes" >&6; }
+@@ -21788,7 +21782,11 @@ $as_echo "yes" >&6; }
       if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then
          GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi`
       elif test -f "$KRB5CONFIG"; then
@@ -46,7 +62,7 @@ On Darwin, do not append custom CFLAGS.
       elif test "$GSSAPI_ROOT" != "yes"; then
          GSSAPI_INCS="-I$GSSAPI_ROOT/include"
       fi
-@@ -22445,7 +22450,7 @@ $as_echo "#define HAVE_GSSAPI 1" >>confd
+@@ -21961,7 +21959,7 @@ $as_echo "#define HAVE_GSSAPI 1" >>confd
          LIBS="-lgss $LIBS"
          ;;
       *)