Update to 7.19.5:

Version 7.19.5 (18 May 2009)

Daniel Stenberg (17 May 2009)
- James Bursa posted a patch to the mailing list that fixed a problem with
  no_proxy which made it not skip the proxy if the URL entered contained a
  user name. I added test case 1101 to verify.

Daniel Stenberg (11 May 2009)
- Balint Szilakszi reported a memory leak when libcurl did gzip decompression
  of streams that had some parts (legitimately) missing. We now provide and use
  a proper cleanup function for the content encoding submodule.
  http://curl.haxx.se/mail/lib-2009-05/0092.html

- Kamil Dudka provided a fix for libcurl-NSS reported by Michael Cronenworth
  at https://bugzilla.redhat.com/show_bug.cgi?id=453612#c12

  If an incorrect password is given while loading a private key, libcurl ends
  up in an infinite loop consuming memory. The bug is critical.

- I fixed the problem with doing NTLM, POST and then following a 302 redirect,
  as reported by Ebenezer Ikonne (on curl-users) and Laurent Rabret (on
  curl-library). The transfer was mistakenly marked to get more data to send
  but since it didn't actually have that, it just hung there...

Daniel Stenberg (10 May 2009)
- Andre Guibert de Bruet correctly pointed out an over-alloc with one wasted
  byte in the digest code.

Yang Tse (9 May 2009)
- Removed DOS and TPF package's subdirectory Makefile.am, it was only used
  to include some files in the distribution tarball serving no other purpose.
  Files from the DOS and TPF subdirectories are now included in the EXTRA_DIST
  of the Makefile in the parent subdirectory.

Yang Tse (8 May 2009)
- Changed host name literal in several tests to one under the haxx.se domain.

- Renamed vc6 workspace and project files to avoid filename clash when used
  for conversion to later VS versions.

Daniel Stenberg (8 May 2009)
- Constantine Sapuntzakis fixed bug report #2784055
  (http://curl.haxx.se/bug/view.cgi?id=2784055) identifying a problem to
  connect to SOCKS proxies when using the multi interface. It turned out to
  almost not work at all previously. We need to wait for the TCP connect to
  be properly verified before doing the SOCKS magic.

  There's still a flaw in the FTP code for this.

Daniel Stenberg (7 May 2009)
- Made the SO_SNDBUF setting for the data connection socket for ftp uploads as
  well. See change 28 Apr 2009.

Yang Tse (7 May 2009)
- Fixed an issue affecting FTP transfers, introduced with the transfer.c
  patch committed May 4.

Daniel Stenberg (7 May 2009)
- Man page *roff problems fixed thanks to input from Colin Watson. Problems
  reported in the Debian package.

- Vijay G filed bug report #2723236
  (http://curl.haxx.se/bug/view.cgi?id=2723236) identifying a problem with
  libcurl's TFTP code and its lack of dealing with the OACK packet.

Yang Tse (5 May 2009)
- Fixed the --ftp-port address of test #251 to the CLIENTIP address, and
  reverted the change affecting test suite harness committed 4 May.

Daniel Stenberg (5 May 2009)
- Inspired by Michael Smith's session id fix for OpenSSL, I did the
  corresponding fix in the GnuTLS code: make sure to store the new session id
  in case the previous re-used one is rejected.

Daniel Stenberg (4 May 2009)
- Michael Smith posted bug report #2786255
  (http://curl.haxx.se/bug/view.cgi?id=2786255) with a patch, identifying how
  libcurl did not deal with SSL session ids properly if the server rejected a
  re-use of one. Starting now, it will forget the rejected one and remember
  the new. This change was for OpenSSL only, it is likely that other SSL lib
  code needs similar fixes.

Yang Tse (4 May 2009)
- Applied David McCreedy's "transfer.c fixes for CURL_DO_LINEEND_CONV and
  non-ASCII platform HTTP requests" patch addressing two HTTP PUT problems:
  1) On non-ASCII platforms not all of the protocol portions of the PUT are
  being translated to ASCII.  2) On all platforms the line endings of part of
  the protocol portions are mangled from CRLF to CRCRLF if data->set.crlf or
  data->set.prefer_ascii are set (depending on CURL_DO_LINEEND_CONV).

- Applied David McCreedy's patch to fix test suite harness to allow test FTP
  server and client on different machines, providing FTP client address when
  running the FTP test server.

Daniel Fandrich (3 May 2009)
- Added and disabled test case 563 which shows KNOWN_BUGS #59.  The bug
  report failed to mention that a proxy must be used to reproduce it.

Yang Tse (2 May 2009)
- Use a build-time configured curl_socklen_t data type instead of socklen_t.

Yang Tse (1 May 2009)
- Applied David McCreedy's patches "TPF-platform specific changes to various
  files" and "http.c fix to Curl_proxyCONNECT for non-ASCII platforms", the
  former with minor edits.

Daniel Stenberg (30 Apr 2009)
- I was going to fix issue #59 in KNOWN_BUGS

  If the CURLOPT_PORT option is used on an FTP URL like
  "ftp://example.com/file;type=A" the ";type=A" is stripped off.

  I added test case 562 to verify, only to find out that I couldn't repeat
  this bug so I hereby consider it not a bug anymore!

Daniel Stenberg (29 Apr 2009)
- Based on bug report #2723219 (http://curl.haxx.se/bug/view.cgi?id=2723219)
  I've now made TFTP "connections" not being kept for re-use within libcurl.
  TFTP is UDP-based so the benefit was really low (if even existing) to begin
  with so instead of tracking down to fix this problem we instead removed the
  re-use. I also enabled test case 1099 that I wrote a few days ago to verify
  that this change fixes the reported problem.

Daniel Stenberg (28 Apr 2009)
- Constantine Sapuntzakis filed bug report #2783090
  (http://curl.haxx.se/bug/view.cgi?id=2783090) pointing out that on windows
  we need to grow the SO_SNDBUF buffer somewhat to get really good upload
  speeds. http://support.microsoft.com/kb/823764 has the details. Friends
  confirmed that simply adding 32 to CURL_MAX_WRITE_SIZE is enough.

- Bug report #2709004 (http://curl.haxx.se/bug/view.cgi?id=2709004) by Tim
  Chen pointed out how curl couldn't upload with resume when reading from a
  pipe.

  This ended up with the introduction of a new return code for the
  CURLOPT_SEEKFUNCTION callback that basically says that the seek failed but
  that libcurl may try to resolve the situation anyway. In our case this means
  libcurl will attempt to instead read that much data from the stream instead
  of seeking and that way curl can now upload with resume when data is read
  from a stream!

Daniel Stenberg (26 Apr 2009)
- Bug report #2779733 (http://curl.haxx.se/bug/view.cgi?id=2779733) by Sven
  Wegener pointed out that CURLINFO_APPCONNECT_TIME didn't work with the multi
  interface and provided a patch that fixed the problem!

Daniel Stenberg (24 Apr 2009)
- Kamil Dudka fixed another NSS-related leak when client certs were used.

- Bug report #2779245 (http://curl.haxx.se/bug/view.cgi?id=2779245) by Rainer
  Koenig pointed out that the man page didn't tell that the *_proxy
  environment variables can be specified lower case or UPPER CASE and the
  lower case takes precedence,

Daniel Fandrich (21 Apr 2009)
- Added new libcurl source files to Amiga, RiscOS and VC6 build files.

Yang Tse (21 Apr 2009)
- Moved potential inclusion of system's malloc.h and memory.h header files to
  setup_once.h.  Inclusion of each header file is based on the definition of
  NEED_MALLOC_H and NEED_MEMORY_H respectively.

  Renamed libcurl's memory.h to curl_memory.h

Daniel Stenberg (20 Apr 2009)
- Leanic Lefever reported a crash and did some detailed research on why and
  how it occurs (http://curl.haxx.se/mail/lib-2009-04/0289.html). The
  conclusion was that if an error is detected and Curl_done() is called for
  the connection, ftp_done() could at times return another error code that
  then would take precedence and that new code confused existing logic that
  works for the first error code (CURLE_SEND_ERROR) only.

- Gisle Vanem noticed that --libtool would produce bogus strings at times for
  OBJECTPOINT options. Now we've introduced a new function - my_setopt_str -
  within the app for setting plain string options to avoid the risk of this
  mistake happening.

Daniel Stenberg (17 Apr 2009)
- Pramod Sharma reported and tracked down a bug when doing FTP over a HTTP
  proxy. libcurl would then wrongly close the connection after each
  request. In his case it had the weird side-effect that it killed NTLM auth
  for the proxy causing an inifinite loop!

  I added test case 1098 to verify this fix. The test case does however not
  properly verify that the transfers are done persistently - as I couldn't
  think of a clever way to achieve it right now - but you need to read the
  stderr output after a test run to see that it truly did the right thing.

Daniel Stenberg (13 Apr 2009)
- bug report #2727981 (http://curl.haxx.se/bug/view.cgi?id=2727981) by Martin
  Storsj
  confusing as it set the method to either GET or HEAD. The example he showed
  looked like:

   curl_easy_setopt(curl, CURLOPT_PUT, 1);
   curl_easy_setopt(curl, CURLOPT_NOBODY, 0);

  The new way doesn't alter the method until the request is about to start. If
  CURLOPT_NOBODY is then 1 the HTTP request will be HEAD. If CURLOPT_NOBODY is
  0 and the request happens to have been set to HEAD, it will then instead be
  set to GET. I believe this will be less surprising to users, and hopefully
  not hit any existing users badly.

- Toshio Kuratomi reported a memory leak problem with libcurl+NSS that turned
  out to be leaking cacerts. Kamil Dudka helped me complete the fix. The issue
  is found in Redhat's bug tracker:
  https://bugzilla.redhat.com/show_bug.cgi?id=453612

  There are still memory leaks present, but they seem to have other reasons.

Daniel Fandrich (11 Apr 2009)
- Added new libcurl source files to Symbian OS build files.
- Improved Symbian support for SSL.

Yang Tse (10 Apr 2009)
- Daniel Johnson improved the MacOSX-Framework shell script to now perform all
  the steps required to build a Mac OS X four way fat ppc/i386/ppc64/x86_64
  libcurl.framework.  Four way fat framework requires OS X 10.5 SDK or later.

Yang Tse (8 Apr 2009)
- Removed Sun compilers preprocessor block from curlbuild.h.dist, this also
  removes it from the curlbuild.h file originally distributed by the cURL
  project as this file is intended for systems not capable of running the
  configure script.  For those who have been building curl out of the source
  code curl distribution tarball provided by curl.haxx.se the change implies
  nothing.  Previous change in this area committed 2 Apr becomes irrelevant.

Daniel Stenberg (6 Apr 2009)
- I clarified in the docs that CURLOPT_SEEKFUNCTION should return 0 on success
  and 1 on fatal errors. Previously it only mentioned non-zero on fatal
  errors. This is a slight change in meaning, but it follows what we've done
  elsewhere before and it opens up for LOTS of more useful return codes
  whenever we can think of them...

Yang Tse (2 Apr 2009)
- Fix curl_off_t definition for builds done using Sun compilers and a
  non-configured libcurl. In this case curl_off_t data type was gated
  to the off_t data type which depends on the _FILE_OFFSET_BITS. This
  configuration is exactly the unwanted configuration for our curl_off_t
  data type which must not depend on such setting. This breaks ABI for
  libcurl libraries built with Sun compilers which were built without
  having run the configure script with _FILE_OFFSET_BITS different than
  64 and using the ILP32 data model.

Daniel Stenberg (1 Apr 2009)
- Andre Guibert de Bruet fixed a NULL pointer use in an infof() call if a
  strdup() call failed.

Daniel Fandrich (31 Mar 2009)
- Properly return an error code in curl_easy_recv (reported by Jim Freeman).

Daniel Stenberg (18 Mar 2009)
- Kamil Dudka brought a patch that enables 6 additional crypto algorithms when
  NSS is used. These ciphers were added in NSS 3.4 and require to be enabled
  explicitly.

Daniel Stenberg (13 Mar 2009)
- Use libssh2_version() to present the libssh2 version in case the libssh2
  library is found to support it.

Yang Tse (12 Mar 2009)
- Added missing Curl_read() return code checking in TELNET transfers.

- Pierre Brico found and fixed TELNET transfers not being aborted upon
  a write callback failure.

Daniel Stenberg (11 Mar 2009)
- Kamil Dudka made the curl tool properly call curl_global_init() before any
  other libcurl function.

Yang Tse (11 Mar 2009)
- Added missing TELNET timeout support for Windows builds. This issue was
  reported by Pierre Brico.

Daniel Stenberg (9 Mar 2009)
- Frank Hempel found out a bug and provided the fix:

  curl_easy_duphandle did not necessarily duplicate the CURLOPT_COOKIEFILE
  option. It only enabled the cookie engine in the destination handle if
  data->cookies is not NULL (where data is the source handle). In case of a
  newly initialized handle which just had the cookie support enabled by a
  curl_easy_setopt(handle, CURL_COOKIEFILE, "")-call, handle->cookies was
  still NULL because the setopt-call only appends the value to
  data->change.cookielist, hence duplicating this handle would not have the
  cookie engine switched on.

  We also concluded that the slist-functionality would be suitable for being
  put in its own module rather than simply hanging out in lib/sendf.c so I
  created lib/slist.[ch] for them.

- Andreas Farber made the 'buildconf' script check for the presence of m4
  scripts to make it detect a bad checkout earlier. People with older
  checkouts who don't do cvs update with the -d option won't get the new dirs
  and then will get funny outputs that can be a bit hard to understand and
  fix.

Daniel Stenberg (8 Mar 2009)
- Andre Guibert de Bruet found and fixed a code segment in ssluse.c where the
  allocation of the memory BIO was not being properly checked.

- Andre Guibert de Bruet fixed the gnutls-using code: There are a few places
  in the gnutls code where we were checking for negative values for errors,
  when the man pages state that GNUTLS_E_SUCCESS is returned on success and
  other values indicate error conditions.

- Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that
  curl didn't use sprintf() in a way that is documented to work in POSIX but
  since we use our own printf() code (from libcurl) that shouldn't be a
  problem. Nonetheless I modified the code to not rely on such particular
  features and to not cause further raised eyebrowse with no good reason.

Daniel Fandrich (5 Mar 2009)
- Expanded the security section of the libcurl-tutorial man page to cover
  more issues for authors to consider when writing robust libcurl-using
  applications.

Yang Tse (5 Mar 2009)
- Fixed NTLM authentication memory leak on SSPI enabled Windows builds. This
  issue was noticed by Chris Deidun.

Daniel Fandrich (4 Mar 2009)
- Fixed a problem with m4 quoting in the OpenSSL configure check reported
  by Daniel Johnson.

Daniel Stenberg (3 Mar 2009)
- David James brought a patch that make libcurl close (all) dead connections
  whenever you attempt to open a new connection.

  1. After cleaning up a dead connection, "continue" instead of
     returning FALSE. This ensures that we clean up all dead connections,
     rather than just cleaning up the first dead connection.
  2. Move up the cleanup for dead connections so that it occurs for
     all connections, rather than just the connections which have the same
     preferences as our current new connection.

3 files changed, 10 insertions, 7 deletions

diff --git a/www/curl/Makefile b/www/curl/Makefile
index 0a975e7cf30..bae8947c656 100644
--- a/www/curl/Makefile
+++ b/www/curl/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.89 2009/03/04 14:47:01 tron Exp $
+# $NetBSD: Makefile,v 1.90 2009/06/09 18:31:35 wiz Exp $
 
-DISTNAME=	curl-7.19.4
+DISTNAME=	curl-7.19.5
 CATEGORIES=	www
 MASTER_SITES=	http://curl.haxx.se/download/ \
 		ftp://ftp.sunet.se/pub/www/utilities/curl/
@@ -9,6 +9,8 @@ EXTRACT_SUFX=	.tar.bz2
 MAINTAINER=	recht@NetBSD.org
 HOMEPAGE=	http://curl.haxx.se/
 COMMENT=	Client that groks URLs
+# not completely, but near enough
+LICENSE=	mit
 
 PKG_INSTALLATION_TYPES=	overwrite pkgviews
 PKG_DESTDIR_SUPPORT=	user-destdir
diff --git a/www/curl/PLIST b/www/curl/PLIST
index 97aaf640944..69914e5ec99 100644
--- a/www/curl/PLIST
+++ b/www/curl/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.26 2009/02/21 13:38:37 wiz Exp $
+@comment $NetBSD: PLIST,v 1.27 2009/06/09 18:31:35 wiz Exp $
 bin/curl
 bin/curl-config
 include/curl/curl.h
@@ -49,6 +49,7 @@ man/man3/curl_multi_perform.3
 man/man3/curl_multi_remove_handle.3
 man/man3/curl_multi_setopt.3
 man/man3/curl_multi_socket.3
+man/man3/curl_multi_socket_action.3
 man/man3/curl_multi_strerror.3
 man/man3/curl_multi_timeout.3
 man/man3/curl_share_cleanup.3
diff --git a/www/curl/distinfo b/www/curl/distinfo
index 11ec8c80643..30fc4ef7128 100644
--- a/www/curl/distinfo
+++ b/www/curl/distinfo
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.58 2009/03/04 14:47:01 tron Exp $
+$NetBSD: distinfo,v 1.59 2009/06/09 18:31:35 wiz Exp $
 
-SHA1 (curl-7.19.4.tar.bz2) = 6b8cb206990cd68d8653cea16a47bd0febd5c50d
-RMD160 (curl-7.19.4.tar.bz2) = 91f46c421e0f23f268640d39f45a74621e951245
-Size (curl-7.19.4.tar.bz2) = 2296879 bytes
+SHA1 (curl-7.19.5.tar.bz2) = e9256f93f5a8c7f40a3c8696c2841a6c5c2b1bf7
+RMD160 (curl-7.19.5.tar.bz2) = a6c1ca2962c2372ede310a508f36a06205eb8fb0
+Size (curl-7.19.5.tar.bz2) = 2298238 bytes
 SHA1 (patch-aa) = 2f9651c723ed91efecc7e565e74bc7740628163f