Update to 7.17.1:

Version 7.17.1 (29 October 2007)

Dan F (25 October 2007)
- Added the --static-libs option to curl-config

Daniel S (25 October 2007)
- Made libcurl built with NSS possible to ignore the peer verification.
  Previously it would fail if the ca bundle wasn't present, even if the code
  ignored the verification results.

Patrick M (25 October 2007)
- Fixed test server to allow null bytes in binary posts.
_ Added tests 35, 544 & 545 to check binary data posts, both static (in place)
  and dynamic (copied).

Daniel S (25 October 2007)
- Michal Marek fixed the test script to be able to use valgrind even when the
  lib is built shared with libtool.

- Fixed a few memory leaks when the same easy handle is re-used to request
  URLs with different protocols. FTP and TFTP related leaks. Caught thanks to
  Dan F's new test cases.

Dan F (24 October 2007)
- Fixed the test FTP and TFTP servers to support the >10000 test number
  notation

- Added test cases 2000 through 2003 which test multiple protocols using the
  same easy handle

- Fixed the filecheck: make target to work outside the source tree

Daniel S (24 October 2007)
- Vladimir Lazarenko pointed out that we should do some 'mt' magic when
  building with VC8 to get the "manifest" embedded to make fine stand-alone
  binaries. The maketgz and the src/Makefile.vc6 files were adjusted
  accordingly.

Daniel S (23 October 2007)
- Bug report #1812190 (http://curl.haxx.se/bug/view.cgi?id=1812190) points out
  that libcurl tried to re-use connections a bit too much when using non-SSL
  protocols tunneled over a HTTP proxy.

Daniel S (22 October 2007)
- Michal Marek forwarded the bug report
  https://bugzilla.novell.com/show_bug.cgi?id=332917 about a HTTP redirect to
  FTP that caused memory havoc. His work together with my efforts created two
  fixes:

  #1 - FTP::file was moved to struct ftp_conn, because is has to be dealt with
       at connection cleanup, at which time the struct HandleData could be
       used by another connection.
       Also, the unused char *urlpath member is removed from struct FTP.

  #2 - provide a Curl_reset_reqproto() function that frees
       data->reqdata.proto.* on connection setup if needed (that is if the
       SessionHandle was used by a different connection).

  A long-term goal is of course to somehow get rid of how the reqdata struct
  is used, as it is too error-prone.

- Bug report #1815530 (http://curl.haxx.se/bug/view.cgi?id=1815530) points out
  that specifying a proxy with a trailing slash didn't work (unless it also
  contained a port number).

Patrick M (15 October 2007)
- Fixed the dynamic CURLOPT_POSTFIELDS problem: this option is now static again
  and option CURLOPT_COPYPOSTFIELDS has been added to support dynamic mode.

Patrick M (12 October 2007)
- Added per-protocol callback static tables, replacing callback ptr storage
  in the connectdata structure by a single handler table ptr.

Dan F (11 October 2007)
- Fixed the -l option of runtests.pl

- Added support for skipping tests based on key words.

Daniel S (9 October 2007)
- Michal Marek removed the no longer existing return codes from the curl.1
  man page.

Daniel S (7 October 2007)
- Known bug #47, which confused libcurl if doing NTLM auth over a proxy with
  a response that was larger than 16KB is now improved slightly so that now
  the restriction at 16KB is for the headers only and it should be a rare
  situation where the response-headers exceed 16KB. Thus, I consider #47 fixed
  and the header limitation is now known as known bug #48.

Daniel S (5 October 2007)
- Michael Wallner made the CULROPT_COOKIELIST option support a new magic
  string: "FLUSH". Using that will cause libcurl to flush its cookies to the
  CURLOPT_COOKIEJAR file.

- The new file docs/libcurl/ABI describes how we view ABI breakages, soname
  bumps and what the version number's significance to all that is.

Daniel S (4 October 2007)
- I enabled test 1009 and made the --local-port use a wide range to reduce the
  risk of failures.

- Kim Rinnewitz reported that --local-port didn't work with TFTP transfers.
  This happened because the tftp code always uncondionally did a bind()
  without caring if one already had been done and then it failed. I wrote a
  test case (1009) to verify this, but it is a bit error-prone since it will
  have to pick a fixed local port number and since the tests are run on so
  many different hosts in different situations I'll add it in disabled state.

Yang Tse (3 October 2007)
- Fixed issue related with the use of ares_timeout() result.

Daniel S (3 October 2007)
- Alexey Pesternikov introduced CURLOPT_OPENSOCKETFUNCTION and
  CURLOPT_OPENSOCKETDATA to set a callback that allows an application to
  replace the socket() call used by libcurl. It basically allows the app to
  change address, protocol or whatever of the socket.

- I renamed the CURLE_SSL_PEER_CERTIFICATE error code to
  CURLE_PEER_FAILED_VERIFICATION (standard CURL_NO_OLDIES style), and made
  this return code get used by the previous SSH MD5 fingerprint check in case
  it fails.

- Based on a patch brought by Johnny Luong, libcurl now offers
  CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and the curl tool --hostpubmd5. They both
  make the SCP or SFTP connection verify the remote host's md5 checksum of the
  public key before doing a connect, to reduce the risk of a man-in-the-middle
  attack.

Daniel S (2 October 2007)
- libcurl now handles chunked-encoded CONNECT responses

Daniel S (1 October 2007)
- Alex Fishman reported a curl_easy_escape() problem that was made the
  function do wrong on all input bytes that are >= 0x80 (decimal 128) due to a
  signed / unsigned mistake in the code. I fixed it and added test case 543 to
  verify.

Daniel S (29 September 2007)
- Immanuel Gregoire fixed a problem with persistent transfers over SFTP.

Daniel S (28 September 2007)
- Adapted the c-ares code to the API change c-ares 1.5.0 brings in the
  notifier callback(s).

Dan F (26 September 2007)
- Enabled a few more gcc warnings with --enable-debug.  Renamed a few
  variables to avoid shadowing global declarations.

Daniel S (26 September 2007)
- Philip Langdale provided the new CURLOPT_POST301 option for
  curl_easy_setopt() that alters how libcurl functions when following
  redirects. It makes libcurl obey the RFC2616 when a 301 response is received
  after a non-GET request is made. Default libcurl behaviour is to change
  method to GET in the subsequent request (like it does for response code 302
  - because that's what many/most browsers do), but with this CURLOPT_POST301
  option enabled it will do what the spec says and do the next request using
  the same method again. I.e keep POST after 301.

  The curl tool got this option as --post301

  Test case 1011 and 1012 were added to verify.

- Max Katsev reported that when doing a libcurl FTP request with
  CURLOPT_NOBODY enabled but not CURLOPT_HEADER, libcurl wouldn't do TYPE
  before it does SIZE which makes it less useful. I walked over the code and
  made it do this properly, and added test case 542 to verify it.

Daniel S (24 September 2007)
- Immanuel Gregoire fixed KNOWN_BUGS #44: --ftp-method nocwd did not handle
  URLs ending with a slash properly (it should list the contents of that
  directory). Test case 351 brought back and also test 1010 was added.

Daniel S (21 September 2007)
- Mark Davies fixed Negotiate authentication over proxy, and also introduced
  the --proxy-negotiate command line option to allow a user to explicitly
  select it.

Daniel S (19 September 2007)
- Rob Crittenden provided an NSS update with the following highlights:

  o It looks for the NSS database first in the environment variable SSL_DIR,
    then in /etc/pki/nssdb, then it initializes with no database if neither of
    those exist.

  o If the NSS PKCS#11 libnspsem.so driver is available then PEM files may be
    loaded, including the ca-bundle. If it is not available then only
    certificates already in the NSS database are used.

  o Tries to detect whether a file or nickname is being passed in so the right
    thing is done

  o Added a bit of code to make the output more like the OpenSSL module,
    including displaying the certificate information when connecting in
    verbose mode

  o Improved handling of certificate errors (expired, untrusted, etc)

  The libnsspem.so PKCS#11 module is currently only available in Fedora
  8/rawhide. Work will be done soon to upstream it. The NSS module will work
  with or without it, all that changes is the source of the certificates and
  keys.

Daniel S (18 September 2007)
- Immanuel Gregoire pointed out that public key SSH auth failed if no
  public/private key was specified and there was no HOME environment variable,
  and then it didn't continue to try the other auth methods. Now it will
  instead try to get the files id_dsa.pub and id_dsa from the current
  directory if none of the two conditions were met.

Dan F (17 September 2007)
- Added hooks to the test suite to make it possible to test a curl running
  on a remote host.

- Changed some FTP tests to validate the format of the PORT and EPRT commands
  sent by curl, if not the addresses themselves.

Daniel S (15 September 2007)
- Michal Marek made libcurl automatically append ";type=<a|i>" when using HTTP
  proxies for FTP urls.

- Günter Knauf fixed LDAP builds in the Windows makefiles and fixed LDAPv3
  support on Windows.

Dan F (13 September 2007)
- Added LDAPS, SCP and SFTP to curl-config --protocols. Removed and
  fixed some AC_SUBST configure entries.

2 files changed, 6 insertions, 6 deletions

diff --git a/www/curl/Makefile b/www/curl/Makefile
index 7d7d4144c5a..c3049ffb283 100644
--- a/www/curl/Makefile
+++ b/www/curl/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.75 2007/09/15 09:29:11 wiz Exp $
+# $NetBSD: Makefile,v 1.76 2007/11/01 08:37:09 wiz Exp $
 
-DISTNAME=	curl-7.17.0
+DISTNAME=	curl-7.17.1
 CATEGORIES=	www
 MASTER_SITES=	http://curl.haxx.se/download/ \
 		ftp://ftp.sunet.se/pub/www/utilities/curl/ \
diff --git a/www/curl/distinfo b/www/curl/distinfo
index 1908ed32c03..9df6d325618 100644
--- a/www/curl/distinfo
+++ b/www/curl/distinfo
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.52 2007/09/15 09:29:11 wiz Exp $
+$NetBSD: distinfo,v 1.53 2007/11/01 08:37:10 wiz Exp $
 
-SHA1 (curl-7.17.0.tar.bz2) = 78e08bac74952e2af612f20759a330f580c122b3
-RMD160 (curl-7.17.0.tar.bz2) = 12141ad0f5de32e9d496f3d499bf6fda80a4308e
-Size (curl-7.17.0.tar.bz2) = 1698728 bytes
+SHA1 (curl-7.17.1.tar.bz2) = ad34b9386e7fd1c8f2a8025e2716a8047b194970
+RMD160 (curl-7.17.1.tar.bz2) = 8ab8dc7a33a5265dfe25eb0725248c3cd6519510
+Size (curl-7.17.1.tar.bz2) = 1721551 bytes