diff options
| author | bsiegert <bsiegert@pkgsrc.org> | 2019-02-16 15:59:04 +0000 |
|---|---|---|
| committer | bsiegert <bsiegert@pkgsrc.org> | 2019-02-16 15:59:04 +0000 |
| commit | 2b2bb6e6a7805486c31a623919c3cf268e9e6cd0 (patch) | |
| tree | d00d09f150cf51275eac099a769d486eda29d58b | |
| parent | 77110ff51f7d73efa28948d5b77b4783ab545ba5 (diff) | |
| download | pkgsrc-2b2bb6e6a7805486c31a623919c3cf268e9e6cd0.tar.gz | |
Pullup ticket #5910 - requested by mlelstv
www/curl: security fix
Revisions pulled up:
- www/curl/Makefile 1.207
- www/curl/PLIST 1.73
- www/curl/distinfo 1.150
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Feb 6 08:02:48 UTC 2019
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
Log Message:
curl: updated to 7.64.0
curl and libcurl 7.64.0
This release includes the following changes:
* cookies: leave secure cookies alone
* hostip: support wildcard hosts
* http: Implement trailing headers for chunked transfers
* http: added options for allowing HTTP/0.9 responses
* timeval: Use high resolution timestamps on Windows
This release includes the following bugfixes:
* CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
* CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
* CVE-2019-3823: SMTP end-of-response out-of-bounds read
* FAQ: remove mention of sourceforge for github
* OS400: handle memory error in list conversion
* OS400: upgrade ILE/RPG binding.
* README: add codacy code quality badge
* Revert http_negotiate: do not close connection
* THANKS: added several missing names from year <= 2000
* build: make 'tidy' target work for metalink builds
* cmake: added checks for variadic macros
* cmake: updated check for HAVE_POLL_FINE to match autotools
* cmake: use lowercase for function name like the rest of the code
* configure: detect xlclang separately from clang
* configure: fix recv/send/select detection on Android
* configure: rewrite --enable-code-coverage
* conncache_unlock: avoid indirection by changing input argument type
* cookie: fix comment typo
* cookies: allow secure override when done over HTTPS
* cookies: extend domain checks to non psl builds
* cookies: skip custom cookies when redirecting cross-site
* curl --xattr: strip credentials from any URL that is stored
* curl -J: refuse to append to the destination file
* curl/urlapi.h: include "curl.h" first
* curl_multi_remove_handle() don't block terminating c-ares requests
* darwinssl: accept setting max-tls with default min-tls
* disconnect: separate connections and easy handles better
* disconnect: set conn->data for protocol disconnect
* docs/version.d: mention MultiSSL
* docs: fix the --tls-max description
* docs: use $(INSTALL_DATA) to install man page
* docs: use meaningless port number in CURLOPT_LOCALPORT example
* gopher: always include the entire gopher-path in request
* http2: clear pause stream id if it gets closed
* if2ip: remove unused function Curl_if_is_interface_name
* libssh: do not let libssh create socket
* libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
* libssh: free sftp_canonicalize_path() data correctly
* libtest/stub_gssapi: use "real" snprintf
* mbedtls: use VERIFYHOST
* multi: multiplexing improvements
* multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
* ntlm: fix NTMLv2 compliance
* ntlm_sspi: add support for channel binding
* openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
* openssl: fix the SSL_get_tlsext_status_ocsp_resp call
* openvms: fix OpenSSL discovery on VAX
* openvms: fix typos in documentation
* os400: add a missing closing bracket
* os400: fix extra parameter syntax error
* pingpong: change default response timeout to 120 seconds
* pingpong: ignore regular timeout in disconnect phase
* printf: fix format specifiers
* runtests.pl: Fix perl call to include srcdir
* schannel: fix compiler warning
* schannel: preserve original certificate path parameter
* schannel: stop calling it "winssl"
* sigpipe: if mbedTLS is used, ignore SIGPIPE
* smb: fix incorrect path in request if connection reused
* ssh: log the libssh2 error message when ssh session startup fails
* test1558: verify CURLINFO_PROTOCOL on file:// transfer
* test1561: improve test name
* test1653: make it survive torture tests
* tests: allow tests to pass by 2037-02-12
* tests: move objnames-* from lib into tests
* timediff: fix math for unsigned time_t
* timeval: Disable MSVC Analyzer GetTickCount warning
* tool_cb_prg: avoid integer overflow
* travis: added cmake build for osx
* urlapi: Fix port parsing of eol colon
* urlapi: distinguish possibly empty query
* urlapi: fix parsing ipv6 with zone index
* urldata: rename easy_conn to just conn
* winbuild: conditionally use /DZLIB_WINAPI
* wolfssl: fix memory-leak in threaded use
* spnego_sspi: add support for channel binding
| -rw-r--r-- | www/curl/Makefile | 14 | ||||
| -rw-r--r-- | www/curl/PLIST | 5 | ||||
| -rw-r--r-- | www/curl/distinfo | 10 |
3 files changed, 14 insertions, 15 deletions
diff --git a/www/curl/Makefile b/www/curl/Makefile index 95964c94c7d..4ee064fac84 100644 --- a/www/curl/Makefile +++ b/www/curl/Makefile @@ -1,10 +1,9 @@ -# $NetBSD: Makefile,v 1.205 2018/12/13 19:51:38 adam Exp $ +# $NetBSD: Makefile,v 1.205.2.1 2019/02/16 15:59:04 bsiegert Exp $ -DISTNAME= curl-7.63.0 -PKGREVISION= 1 +DISTNAME= curl-7.64.0 CATEGORIES= www MASTER_SITES= https://curl.haxx.se/download/ -EXTRACT_SUFX= .tar.bz2 +EXTRACT_SUFX= .tar.xz MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= https://curl.haxx.se/ @@ -22,13 +21,10 @@ CONFIGURE_ARGS+= --with-ssl=${BUILDLINK_PREFIX.openssl} CONFIGURE_ARGS+= --with-ca-path=${SSLCERTS} CONFIGURE_ARGS+= --with-zlib=${BUILDLINK_PREFIX.zlib} PKGCONFIG_OVERRIDE= libcurl.pc.in +TEST_TARGET= check INSTALLATION_DIRS= share/doc/curl -.include "../../mk/bsd.prefs.mk" - -TEST_TARGET= check - .include "options.mk" post-install: @@ -36,8 +32,8 @@ post-install: ${INSTALL_DATA} ${WRKSRC}/docs/${f} ${DESTDIR}${PREFIX}/share/doc/curl/ .endfor -.include "../../mk/pthread.buildlink3.mk" .include "../../devel/gettext-lib/buildlink3.mk" .include "../../devel/zlib/buildlink3.mk" .include "../../security/openssl/buildlink3.mk" +.include "../../mk/pthread.buildlink3.mk" .include "../../mk/bsd.pkg.mk" diff --git a/www/curl/PLIST b/www/curl/PLIST index 573f75df460..4711e78744b 100644 --- a/www/curl/PLIST +++ b/www/curl/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.72 2018/12/12 11:09:55 leot Exp $ +@comment $NetBSD: PLIST,v 1.72.2.1 2019/02/16 15:59:04 bsiegert Exp $ bin/curl bin/curl-config include/curl/curl.h @@ -166,6 +166,7 @@ man/man3/CURLOPT_HEADER.3 man/man3/CURLOPT_HEADERDATA.3 man/man3/CURLOPT_HEADERFUNCTION.3 man/man3/CURLOPT_HEADEROPT.3 +man/man3/CURLOPT_HTTP09_ALLOWED.3 man/man3/CURLOPT_HTTP200ALIASES.3 man/man3/CURLOPT_HTTPAUTH.3 man/man3/CURLOPT_HTTPGET.3 @@ -336,6 +337,8 @@ man/man3/CURLOPT_TLS13_CIPHERS.3 man/man3/CURLOPT_TLSAUTH_PASSWORD.3 man/man3/CURLOPT_TLSAUTH_TYPE.3 man/man3/CURLOPT_TLSAUTH_USERNAME.3 +man/man3/CURLOPT_TRAILERDATA.3 +man/man3/CURLOPT_TRAILERFUNCTION.3 man/man3/CURLOPT_TRANSFERTEXT.3 man/man3/CURLOPT_TRANSFER_ENCODING.3 man/man3/CURLOPT_UNIX_SOCKET_PATH.3 diff --git a/www/curl/distinfo b/www/curl/distinfo index 15bdf6cce96..d049ee82519 100644 --- a/www/curl/distinfo +++ b/www/curl/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.149 2018/12/12 11:09:55 leot Exp $ +$NetBSD: distinfo,v 1.149.2.1 2019/02/16 15:59:04 bsiegert Exp $ -SHA1 (curl-7.63.0.tar.bz2) = 78557209ce20e7283c4407a03c57036ba9242e40 -RMD160 (curl-7.63.0.tar.bz2) = b4494d189022ae210ed4119a2cf1cba6fb353dd4 -SHA512 (curl-7.63.0.tar.bz2) = 2873ef57b15cf12e508626f4546f6e06450cb87b239be1d26d9b3a22f7533d76eebabb5fa00e7b8c5d7fc9854356997ce164afb069411d079b2b9f0bdb00db25 -Size (curl-7.63.0.tar.bz2) = 3001355 bytes +SHA1 (curl-7.64.0.tar.xz) = 7539acc0742c2fb1472bc2904f0bd58eeebc011a +RMD160 (curl-7.64.0.tar.xz) = 40806b3ea50ddab9d2f063dad37e81fdf6b04a17 +SHA512 (curl-7.64.0.tar.xz) = 953f1f5336ce5dfd1b9f933624432d401552d91ee02d39ecde6f023c956f99ec6aae8d7746d7c34b6eb2d6452f114e67da4e64d9c8dd90b7644b7844e7b9b423 +Size (curl-7.64.0.tar.xz) = 2398904 bytes SHA1 (patch-configure) = 9b65a0b9564b7226942d1d1efef576b381a9755e SHA1 (patch-curl-config.in) = 363359665985cc14f36ddf47fc3480f1200e3533 SHA1 (patch-lib_hostcheck.c) = 8e772d3f91cdafae17281cc19004269ece0cf308 |