Pullup ticket #6697 - requested by taca

www/curl: security fix

Revisions pulled up:
- www/curl/Makefile                                             1.262
- www/curl/PLIST                                                1.92
- www/curl/distinfo                                             1.186

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Wed Oct 26 07:44:01 UTC 2022

   Modified Files:
   	pkgsrc/www/curl: Makefile PLIST distinfo

   Log Message:
   curl: update to 7.86.0.

   Changes:

       NPN: remove support for and use of
       Websockets: initial support

   Bugfixes:

       altsvc: reject bad port numbers
       altsvc: use 'h3' for h3
       amiga: do not hardcode openssl/zlib into the os config
       amiga: set SIZEOF_CURL_OFF_T=8 by default
       amigaos: add missing curl header
       asyn-ares: set hint flags when calling ares_getaddrinfo
       autotools: allow --enable-symbol-hiding with windows
       autotools: allow unix sockets on Windows
       autotools: reduce brute-force when detecting recv/send arg list
       aws_sigv4: fix header computation
       bearssl: make it proper C89 compliant
       CI/GHA: cancel outdated CI runs on new PR changes
       CI/GHA: merge msh3 and openssl3 builds into linux workflow
       cirrus-ci: add macOS build with m1
       cirrus: use make LDFLAGS=-all-static instead of curl_LDFLAGS
       cli tool: do not use disabled protocols
       cmake: add missing inet_ntop check
       cmake: add the check of HAVE_SOCKETPAIR
       cmake: define BUILDING_LIBCURL in lib/CMakeLists, not config.h
       cmake: delete duplicate HAVE_GETADDRINFO test
       cmake: enable more detection on Windows
       cmake: fix original MinGW builds
       cmake: improve usability of CMake build as a sub-project
       cmake: set HAVE_GETADDRINFO_THREADSAFE on Windows
       cmake: set HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID on Windows
       cmake: sync HAVE_SIGNAL detection with autotools
       cmdline/docs: add a required 'multi' keyword for each option
       configure: correct the wording when checking grep -E
       configure: deprecate builds with small curl_off_t
       configure: fail if '--without-ssl' + explicit parameter for an ssl lib
       configure: the ngtcp2 option should default to 'no'
       connect: change verbose IPv6 address:port to [address]:port
       connect: fix builds without AF_INET6
       connect: fix Curl_updateconninfo for TRNSPRT_UNIX
       connect: fix the wrong error message on connect failures
       content_encoding: use writer struct subclasses for different encodings
       cookie: reject cookie names or content with TAB characters
       ctype: remove all use of <ctype.h>, use our own versions
       curl-compilers.m4: for gcc + want warnings, set gnu89 standard
       curl-compilers.m4: use -O2 as default optimize for clang
       curl-wolfssl.m4: error out if wolfSSL is not usable
       curl.h: fix mention of wrong error code in comment
       curl/add_file_name_to_url: use the libcurl URL parser
       curl/add_parallel_transfers: better error handling
       curl/get_url_file_name: use libcurl URL parser
       curl: warn for --ssl use, considered insecure
       curl_ctype: convert to macros-only
       curl_easy_pause.3: unpausing is as fast as possible
       curl_escape.3: fix typo
       curl_setup: disable use of FLOSS for 64-bit NonStop builds
       curl_setup: include curl.h after platform setup headers
       curl_setup: include only system.h instead of curl.h
       curl_strequal.3: fix argument typo
       curl_url_set.3: document CURLU_APPENDQUERY proper
       CURLMOPT_PIPELINING.3: dedup manpage xref
       CURLOPT_ACCEPT_ENCODING.3: remove "four" as they are five
       CURLOPT_AUTOREFERER.3: highlight the privacy leak risk
       CURLOPT_COOKIEFILE: insist on "" for enable-without-file
       CURLOPT_COOKIELIST.3: fix formatting mistake
       CURLOPT_DNS_INTERFACE.3: mention it works for almost all protocols
       CURLOPT_MIMEPOST.3: add an (inline) example
       CURLOPT_POSTFIELDS.3: refer to CURLOPT_MIMEPOST
       CURLOPT_PROXY_SSLCERT_BLOB.3: this is for HTTPS proxies
       CURLOPT_WILDCARDMATCH.3: Fix backslash escaping under single quotes
       CURLSHOPT_UNLOCKFUNC.3: the callback has no 'access' argument
       DEPRECATE.md: Support for systems without 64 bit data types
       docs/examples: avoid deprecated options in examples where possible
       docs/INSTALL: update Android Instructions for newer NDKs
       docs/libcurl/symbols-in-versions: add several missing symbols
       docs: 100+ spellfixes
       docs: correct missing uppercase in Markdown files
       docs: document more server names for test files
       docs: fix deprecation versions inconsistencies
       docs: make sure libcurl opts examples pass in long arguments
       docs: remove mentions of deprecated '--without-openssl' parameter
       docs: tag curl options better in man pages
       docs: tell about disabled protocols in CURLOPT_*PROTOCOLS_STR.
       docs: update sourceforge project links
       easy: fix the #include order
       easy: fix the altsvc init for curl_easy_duphandle
       easy_lock: check for HAVE_STDATOMIC_H as well
       examples/chkspeed: improve portability
       formdata: fix warning: 'CURLformoption' is promoted to 'int'
       ftp: ignore a 550 response to MDTM
       ftp: remove redundant if
       functypes: provide the recv and send arg and return types
       getparameter: return PARAM_MANUAL_REQUESTED for -M even when disabled
       GHA: build tests in a separate step from the running of them
       GHA: run proselint on markdown files
       github: initial CODEOWNERS setup for CI configuration
       header: define public API functions as extern c
       headers: reset the requests counter at transfer start
       hostip: guard PF_INET6 use
       hostip: lazily wait to figure out if IPv6 works until needed
       http, vauth: always provide Curl_allow_auth_to_host() functionality
       http2: make nghttp2 less picky about field whitespace
       HTTP3.md: update Caddy example
       http: try parsing Retry-After: as a number first
       http_proxy: restore the protocol pointer on error
       httpput-postfields.c: shorten string for C89 compliance
       ldap: delete stray CURL_HAS_MOZILLA_LDAP reference
       lib1560: extended to verify detect/reject of unknown schemes
       lib517: fix C89 constant signedness
       lib: add missing limits.h includes
       lib: add required Win32 setup definitions in setup-win32.h
       lib: prepare the incoming of additional protocols
       lib: sanitize conditional exclusion around MIME
       lib: set more flags in config-win32.h
       lib: the number four in a sequence is the "fourth"
       libssh: if sftp_init fails, don't get the sftp error code
       Makefile.m32: deduplicate build rules
       Makefile.m32: drop CROSSPREFIX and our CC/AR defaults
       Makefile.m32: exclude libs & libpaths for shared mode exes
       Makefile.m32: fix regression with tool_hugehelp
       Makefile.m32: major rework
       Makefile.m32: reintroduce CROSSPREFIX and -W -Wall
       Makefile.m32: support more options
       manpage-syntax.pl: all libcurl option symbols should be \fI-tagged
       manpages: Fix spelling of "allows to" -> "allows one to"
       misc: ISSPACE() => ISBLANK()
       misc: use the term "null-terminate" consistently
       mprintf: reject two kinds of precision for the same argument
       mprintf: use snprintf if available
       mqtt: return error for too long topic
       mqtt: spell out CONNECT in comments
       msh3: change the static_assert to make the code C89
       netrc: compare user name case sensitively
       netrc: replace fgets with Curl_get_line
       netrc: use the URL-decoded user
       ngtcp2: fix build errors due to changes in ngtcp2 library
       ngtcp2: fix C89 compliance nit
       noproxy: support proxies specified using cidr notation
       openssl: make certinfo available for QUIC
       README.md: add GHA status badges for Linux and macOS builds
       RELEASE-PROCEDURE.md: mention patch releases
       resolve: make forced IPv4 resolve only use A queries
       runtests: fix uninitialized value on ignored tests
       schannel: ban server ALPN change during recv renegotiation
       schannel: don't reset recv/send function pointers on renegotiation
       schannel: when importing PFX, disable key persistence
       scripts: use `grep -E` instead of `egrep`
       setopt: use the handler table for protocol name to number conversions
       setopt: when POST is set, reset the 'upload' field
       setup-win32: no longer define UNICODE/_UNICODE implicitly
       single_transfer: use the libcurl URL parser when appending query parts
       smb: replace CURL_WIN32 with WIN32
       strcase: add and use Curl_timestrcmp
       strerror: improve two URL API error messages
       symbol-scan.pl: also check for LIBCURL* symbols
       symbol-scan.pl: scan and verify .3 man pages
       symbols-in-versions: add missing LIBCURL* symbols
       symbols-in-versions: CURLOPT_ENCODING is deprecated since 7.21.6
       test1119: scan all public headers
       test1275: verify uppercase after period in markdown
       test972: verify the output without using external tool
       tests/certs/scripts: insert standard curl source headers
       tests/Makefile: remove run time stats from ci-test
       tests: avoid CreateThread if _beginthreadex is available
       tests: fix tag syntax errors in test files
       tests: skip mime/form tests when mime is not built-in
       tidy-up: delete parallel/unused feature flags
       tidy-up: delete unused HAVE_STRUCT_POLLFD
       TODO: provide the error body from a CONNECT response
       tool: avoid generating ambiguous escaped characters in --libcurl
       tool: remove dead code
       tool: reorganize function c_escape around a dynbuf
       tool_hugehelp: make hugehelp a blank macro when disabled
       tool_main: exit at once if out of file descriptors
       tool_operate: avoid a few #ifdefs for disabled-libcurl builds
       tool_operate: more transfer cleanup after parallel transfer fail
       tool_operate: prevent over-queuing in parallel mode
       tool_operate: reduce errorbuffer allocs
       tool_paramhelp: asserts verify maximum sizes for string loading
       tool_paramhelp: make the max argument a 'double'
       tool_progress: remove 'Qd' from the parallel progress bar
       tool_setopt: use better English in --libcurl source comments
       tool_xattr: save the original URL, not the final redirected one
       unit test 1655: make it C89-compliant
       url: a zero-length userinfo part in the URL is still a (blank) user
       url: allow non-HTTPS HSTS-matching for debug builds
       url: rename function due to name-clash in Watt-32
       url: use IDN decoded names for HSTS checks
       urlapi: detect scheme better when not guessing
       urlapi: fix parsing URL without slash with CURLU_URLENCODE
       urlapi: leaner with fewer allocs
       urlapi: reject more bad characters from the host name field
       winbuild/MakefileBuild.vc: handle spaces in libssh(2) include paths
       winbuild: use NMake batch-rules for compilation
       windows: add .rc support to autotools builds
       windows: adjust name of two internal public functions
       windows: autotools .rc warnings fixup
       wolfSSL: fix session management bug.

3 files changed, 12 insertions, 7 deletions

diff --git a/www/curl/Makefile b/www/curl/Makefile
index 830f66f8330..0bb3f027b95 100644
--- a/www/curl/Makefile
+++ b/www/curl/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.261 2022/09/01 07:05:39 adam Exp $
+# $NetBSD: Makefile,v 1.261.2.1 2022/11/05 19:09:28 bsiegert Exp $
 
-DISTNAME=	curl-7.85.0
+DISTNAME=	curl-7.86.0
 CATEGORIES=	www
 MASTER_SITES=	https://curl.se/download/
 EXTRACT_SUFX=	.tar.xz
diff --git a/www/curl/PLIST b/www/curl/PLIST
index df71eaa3d55..6d110fb977e 100644
--- a/www/curl/PLIST
+++ b/www/curl/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.91 2022/09/01 07:05:39 adam Exp $
+@comment $NetBSD: PLIST,v 1.91.2.1 2022/11/05 19:09:28 bsiegert Exp $
 bin/curl
 bin/curl-config
 include/curl/curl.h
@@ -12,6 +12,7 @@ include/curl/stdcheaders.h
 include/curl/system.h
 include/curl/typecheck-gcc.h
 include/curl/urlapi.h
+include/curl/websockets.h
 lib/libcurl.la
 lib/pkgconfig/libcurl.pc
 man/man1/curl-config.1
@@ -396,6 +397,7 @@ man/man3/CURLOPT_VERBOSE.3
 man/man3/CURLOPT_WILDCARDMATCH.3
 man/man3/CURLOPT_WRITEDATA.3
 man/man3/CURLOPT_WRITEFUNCTION.3
+man/man3/CURLOPT_WS_OPTIONS.3
 man/man3/CURLOPT_XFERINFODATA.3
 man/man3/CURLOPT_XFERINFOFUNCTION.3
 man/man3/CURLOPT_XOAUTH2_BEARER.3
@@ -481,6 +483,9 @@ man/man3/curl_url_set.3
 man/man3/curl_url_strerror.3
 man/man3/curl_version.3
 man/man3/curl_version_info.3
+man/man3/curl_ws_meta.3
+man/man3/curl_ws_recv.3
+man/man3/curl_ws_send.3
 man/man3/libcurl-easy.3
 man/man3/libcurl-env.3
 man/man3/libcurl-errors.3
diff --git a/www/curl/distinfo b/www/curl/distinfo
index 9d79a3ac64c..ebc2d85f0d4 100644
--- a/www/curl/distinfo
+++ b/www/curl/distinfo
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.185 2022/09/01 07:05:39 adam Exp $
+$NetBSD: distinfo,v 1.185.2.1 2022/11/05 19:09:28 bsiegert Exp $
 
-BLAKE2s (curl-7.85.0.tar.xz) = fe70715667bca9e040dec4765fa2cfffd95c7e435e493d5ef4104daf1206f034
-SHA512 (curl-7.85.0.tar.xz) = b57cc31649a4f47cc4b482f56a85c86c8e8aaeaf01bc1b51b065fdb9145a9092bc52535e52a85a66432eb163605b2edbf5bc5c33ea6e40e50f26a69ad1365cbd
-Size (curl-7.85.0.tar.xz) = 2480648 bytes
+BLAKE2s (curl-7.86.0.tar.xz) = 19f11c1920d9f6472e66a71bfb759a385df3a191123e87b783e0e3046cc431cb
+SHA512 (curl-7.86.0.tar.xz) = 18e03a3c00f22125e07bddb18becbf5acdca22baeb7b29f45ef189a5c56f95b2d51247813f7a9a90f04eb051739e9aa7d3a1c5be397bae75d763a2b918d1b656
+Size (curl-7.86.0.tar.xz) = 2518356 bytes
 SHA1 (patch-configure) = ae123a94fa84ef99dfc1dadd596ac86ef0d143fe
 SHA1 (patch-curl-config.in) = a58c777fc1a0a087776e62ed2e2a1e0a339716df