Update to 7.16.2:

Version 7.16.2 (11 April 2007)

Yang Tse (10 April 2007)
- Ravi Pratap provided some fixes for HTTP pipelining

- configure script will ignore --enable-sspi option for non-native Windows.

Daniel S (9 April 2007)
- Nick Zitzmann did ssh.c cleanups

Daniel S (3 April 2007)
- Rob Jones fixed better #ifdef'ing for a bunch of #include lines.

Daniel S (2 April 2007)
- Nick Zitzmann made the CURLOPT_POSTQUOTE option work for SFTP as well. The
  accepted commands are as follows:

  chgrp (gid) (path)
    Changes the group ID of the file or directory at (path) to (gid). (gid)
    must be a number.

  chmod (perms) (path)
    Changes the permissions of the file or directory at (path) to
    (perms). (perms) must be a number in the format used by the chmod Unix
    command.

  chown (uid) (path)
    Changes the user ID of the file or directory at (path) to (uid). (uid)
    must be a number.

  ln (source) (dest)
    Creates a symbolic link at (dest) that points to the file located at
    (source).

  mkdir (path)
    Creates a new directory at (path).

  rename (source) (dest)
    Moves the file or directory at (source) to (dest).

  rm (path)
    Deletes the file located at (path).

  rmdir (path)
    Deletes the directory located at (path). This command will raise an error
    if the directory is not empty.

  symlink (source) (dest)
    Same as ln.

Daniel S (1 April 2007)
- Robert Iakobashvili made curl_multi_remove_handle() a lot faster when many
  easy handles are added to a multi handle, by avoiding the looping over all
  the handles to find which one to remove.

- Matt Kraai provided a patch that makes curl build on QNX 6 fine again.

Daniel S (31 March 2007)
- Fixed several minor issues detected by the coverity.com scanner.

- "Pixel" fixed a problem that appeared when you used -f with user+password
  embedded in the URL.

Dan F (29 March 2007)
- Don't tear down the ftp connection if the maximum filesize was exceeded
  and added tests 290 and 291 to check.

- Added ftps upload and SSL required tests 401 and 402.

- Send an EOF message before closing an SCP channel, as recommended by
  RFC4254. Enable libssh2 tracing when ssh debugging is turned on.

Yang Tse (27 March 2007)
- Internal function Curl_select() renamed to Curl_socket_ready()

  New Internal wrapper function Curl_select() around select (2), it
  uses poll() when a fine poll() is available, so now libcurl can be
  built without select() support at all if a fine poll() is available.

Daniel S (25 March 2007)
- Daniel Johnson fixed multi code to traverse the easy handle list properly.
  A left-over bug from the February 21 fix.

Dan F (23 March 2007)
- Added --pubkey option to curl and made --key also work for SCP/SFTP,
  plus made --pass work on an SSH private key as well.

- Changed the test harness to attempt to gracefully shut down servers
  before resorting to the kill -9 hammer.

- Added test harness infrastructure to support scp/sftp tests, using
  OpenSSH as the server.

- Fixed a memory leak when specifying a proxy with a file: URL.

Yang Tse (20 March 2007)
- Fixed: When a signal was caught awaiting for an event using Curl_select()
  or Curl_poll() with a non-zero timeout both functions would restart the
  specified timeout. This could even lead to the extreme case that if a
  signal arrived with a frecuency lower to the specified timeout neither
  function would ever exit.

  Added experimental symbol definition check CURL_ACKNOWLEDGE_EINTR in
  Curl_select() and Curl_poll(). When compiled with CURL_ACKNOWLEDGE_EINTR
  defined both functions will return as soon as a signal is caught. Use it
  at your own risk, all calls to these functions in the library should be
  revisited and checked before fully supporting this feature.

Yang Tse (19 March 2007)
- Bryan Henderson fixed the progress function so that it can get called more
  frequently allowing same calling frecuency for the client progress callback.

Dan F (15 March 2007)
- Various memory leaks plugged and NULL pointer fixes made in the ssh code.

Daniel (15 March 2007)
- Nick made the curl tool accept globbing ranges that only is one number, i.e
  you can now use [1-1] without curl complaining.

Daniel (10 March 2007)
- Eygene Ryabinkin:

  The problem is the following: when we're calling Curl_done and it decides to
  keep the connection opened ('left intact'), then the caller is not notified
  that the connection was done via the NULLifying of the pointer, so some easy
  handle is keeping the pointer to this connection.

  Later ConnectionExists can select such connection for reuse even if we're
  not pipelining: pipeLen is zero, so the (pipeLen > 0 && !canPipeline) is
  false and we can reuse this connection for another easy handle. But thus the
  connection will be shared between two easy handles if the handle that wants
  to take the ownership is not the same as was not notified of the connection
  was done in Curl_done. And when some of these easy handles will get their
  connection really freed the another one will still keep the pointer.

  My fix was rather trivial: I just added the NULLification to the 'else'
  branch in the Curl_done. My tests with Git and ElectricFence showed no
  problems both for HTTP pulling and cloning. Repository size is about 250 Mb,
  so it was a considerable amount of Curl's work.

Dan F (9 March 2007)
- Updated the test harness to add a new "crypto" feature check and updated the
  appropriate test case to use it.  For now, this is treated the same as the
  "SSL" feature because curl doesn't list it separately.

Daniel (9 March 2007)
- Robert Iakobashvili fixed CURLOPT_INTERFACE for IPv6.

- Robert A. Monat improved the maketgz and VC6/8 generating to set the correct
  machine type too.

- Justin Fletcher fixed a file descriptor leak in the curl tool when trying to
  upload a file it couldn't open. Bug #1676581
  (http://curl.haxx.se/bug/view.cgi?id=1676581)

Dan F (9 March 2007)
- Updated the test harness to check for protocol support before running each
  test, fixing KNOWN_BUGS #11.

Dan F (7 March 2007)
- Reintroduced (after a 3 year hiatus) an FTPS test case (400) into the test
  harness.  It is very limited as it supports only ftps:// URLs with
  --ftp-ssl-control specified, which implicitly encrypts the control
  channel but not the data channels.  That allows stunnel to be used with
  an unmodified ftp server in exactly the same way that the test https
  server is set up.

Dan F (7 March 2007)
- Honour --ftp-ssl-control on ftps:// URLs to allow encrypted control and
  unencrypted data connections.

Dan F (6 March 2007)
- Fixed a couple of improper pointer uses detected by valgrind in test
  cases 181 & 216.

Daniel (2 March 2007)
- Robert A. Monat and Shmulik Regev helped out to fix the new */Makefile.vc8
  makefiles that are included in the source release archives, generated from
  the Makefile.vc6 files by the maketgz script. I also modified the root
  Makefile to have a VC variable that defaults to vc6 but can be overridden to
  allow it to be used for vc8 as well. Like this:

    nmake VC=vc8 vc

Daniel (27 February 2007)
- Hang Kin Lau found and fixed: When I use libcurl to connect to an https
  server through a proxy and have the remote https server port set using the
  CURLOPT_PORT option, protocol gets reset to http from https after the first
  request.

  User defined URL was modified internally by libcurl and subsequent reuse of
  the easy handle may lead to connection using a different protocol (if not
  originally http).

  I found that libcurl hardcoded the protocol to "http" when it tries to
  regenerate the URL if CURLOPT_PORT is set. I tried to fix the problem as
  follows and it's working fine so far

Daniel (25 February 2007)
- Adam D. Moss made the HTTP CONNECT procedure less blocking when used from
  the multi interface. Note that it still does a part of the connection in a
  blocking manner.

Daniel (23 February 2007)
- Added warning outputs if the command line uses more than one of the options
  -v, --trace and --trace-ascii, since it could really confuse the user.
  Clarified this fact in the man page.

Daniel (21 February 2007)
- Ravi Pratap provided work on libcurl making pipelining more robust and
  fixing some bugs:
  o Don't mix GET and POST requests in a pipeline
  o Fix the order in which requests are dispatched from the pipeline
  o Fixed several curl bugs with pipelining when the server is returning
    chunked encoding:
    * Added states to chunked parsing for final CRLF
    * Rewind buffer after parsing chunk with data remaining
    * Moved chunked header initializing to a spot just before receiving
      headers

Daniel (20 February 2007)
- Linus Nielsen Feltzing changed the CURLOPT_FTP_SSL_CCC option to handle
  active and passive CCC shutdown and added the --ftp-ssl-ccc-mode command
  line option.

Daniel (19 February 2007)
- Ian Turner fixed the libcurl.m4 macro's support for --with-libcurl.

- Shmulik Regev found a memory leak in re-used HTTPS connections, at least
  when the multi interface was used.

- Robson Braga Araujo made passive FTP transfers work with SOCKS (both 4 and
  5).

Daniel (18 February 2007)
- Jeff Pohlmeyer identified two problems: first a rather obscure problem with
  the multi interface and connection re-use that could make a
  curl_multi_remove_handle() ruin a pointer in another handle.

  The second problem was less of an actual problem but more of minor quirk:
  the re-using of connections wasn't properly checking if the connection was
  marked for closure.

Daniel (16 February 2007)
- Duncan Mac-Vicar Prett and Michal Marek reported problems with resetting
  CURLOPT_RANGE back to no range on an easy handle when using FTP.

Dan F (14 February 2007)
- Fixed curl-config --libs so it doesn't list unnecessary libraries (and
  therefore introduce unnecessary dependencies) when it's not needed.
  Also, don't bother adding a library path of /usr/lib

Daniel (13 February 2007)
- The default password for anonymous FTP connections is now changed to be
  "ftp@example.com".

- Robert A. Monat made libcurl build fine with VC2005 - it doesn't have
  gmtime_r() like the older VC versions. He also made use of some machine-
  specific defines to differentiate the "OS" define.

Daniel (12 February 2007)
- Rob Crittenden added support for NSS (Network Security Service) for the
  SSL/TLS layer. http://www.mozilla.org/projects/security/pki/nss/

  This is the fourth supported library for TLS/SSL that libcurl supports!

- Shmulik Regev fixed so that the final CRLF of HTTP response headers are sent
  to the debug callback.

- Shmulik Regev added CURLOPT_HTTP_CONTENT_DECODING and
  CURLOPT_HTTP_TRANSFER_DECODING that if set to zero will disable libcurl's
  internal decoding of content or transfer encoded content. This may be
  preferable in cases where you use libcurl for proxy purposes or similar. The
  command line tool got a --raw option to disable both at once.

- release tarballs made with maketgz will from now on have a LIBCURL_TIMESTAMP
  define set to hold the exact date and time of when the tarball was built, as
  a human readable string using the UTC time zone.

- Jeff Pohlmeyer fixed a flaw in curl_multi_add_handle() when adding a handle
  that has an easy handle present in the "closure" list pending closure.

Daniel (6 February 2007)
- Regular file downloads wiht SFTP and SCP are now done using the non-blocking
  API of libssh2, if the libssh2 headers seem to support them. This will make
  SCP and SFTP much more responsive and better libcurl citizens when used with
  the multi interface etc.

Daniel (5 February 2007)
- Michael Wallner added support for CURLOPT_TIMEOUT_MS and
  CURLOPT_CONNECTTIMEOUT_MS that, as their names suggest, do the timeouts with
  millisecond resolution. The only restriction to that is the alarm()
  (sometimes) used to abort name resolves as that uses full seconds. I fixed
  the FTP response timeout part of the patch.

  Internally we now count and keep the timeouts in milliseconds but it also
  means we multiply set timeouts with 1000. The effect of this is that no
  timeout can be set to more than 2^31 milliseconds (on 32 bit systems), which
  equals 24.86 days.  We probably couldn't before either since the code did
  *1000 on the timeout values on several places already.

Daniel (3 February 2007)
- Yang Tse fixed the cookie expiry date in several test cases that started to
  fail since they used "1 feb 2007"...

- Manfred Schwarb reported that socks5 support was broken and help us pinpoint
  the problem. The code now tries harder to use httproxy and proxy where
  apppropriate, as not all proxies are HTTP...

2 files changed, 6 insertions, 6 deletions

diff --git a/www/curl/Makefile b/www/curl/Makefile
index ce1c3f9013d..9a646924ed0 100644
--- a/www/curl/Makefile
+++ b/www/curl/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.70 2007/02/02 19:14:24 wiz Exp $
+# $NetBSD: Makefile,v 1.71 2007/04/15 13:29:23 wiz Exp $
 
-DISTNAME=	curl-7.16.1
+DISTNAME=	curl-7.16.2
 CATEGORIES=	www
 MASTER_SITES=	http://curl.haxx.se/download/ \
 		ftp://ftp.sunet.se/pub/www/utilities/curl/ \
diff --git a/www/curl/distinfo b/www/curl/distinfo
index d773d0b5f8b..e2688c2e98a 100644
--- a/www/curl/distinfo
+++ b/www/curl/distinfo
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.48 2007/02/02 19:14:24 wiz Exp $
+$NetBSD: distinfo,v 1.49 2007/04/15 13:29:23 wiz Exp $
 
-SHA1 (curl-7.16.1.tar.bz2) = 645f87f63d29f71dced74869450d52f84a75c2b6
-RMD160 (curl-7.16.1.tar.bz2) = 8251efba8f4bde512b7cf68ad0acb5efb4302d9b
-Size (curl-7.16.1.tar.bz2) = 1592074 bytes
+SHA1 (curl-7.16.2.tar.bz2) = b23d35b5af7b75e53c6632cd4c9d0cb0c08cafe5
+RMD160 (curl-7.16.2.tar.bz2) = 28edfab5659d410bf00725a0ac7228583fc171b6
+Size (curl-7.16.2.tar.bz2) = 1664414 bytes