diff options
authortron <tron>2014-03-11 12:47:11 +0000
committertron <tron>2014-03-11 12:47:11 +0000
commite2b96b56fecb5f61e1b3871e4a783865336af88e (patch)
parent3dbe44c1f0b7a3b4e49e37f18544e026f053acc5 (diff)
Pullup ticket #4338 - requested by taca
www/curl: security update Revisions pulled up: - www/curl/Makefile 1.133-1.134 - www/curl/PLIST 1.43 - www/curl/distinfo 1.91-1.92 - www/curl/patches/patch-aa 1.25 --- Module Name: pkgsrc Committed By: adam Date: Tue Dec 31 11:48:03 UTC 2013 Modified Files: pkgsrc/www/curl: Makefile PLIST distinfo Log Message: Changes 7.34.0: SSL: protocol version can be specified more precisely imap/pop3/smtp: Added graceful cancellation of SASL authentication Add "Happy Eyeballs" for IPv4/IPv6 dual connect attempts base64: Added validation of base64 input strings when decoding curl_easy_setopt: Added the ability to set the login options separately smtp: Added support for additional SMTP commands curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internals nss: allow to use TLS > 1.0 if built against recent NSS SECURITY: added this document to describe our security processes parseconfig: warn if unquoted white spaces are detected Bugfixes: SECURITY VULNERABILITY: libcurl cert name check ignore with GnuTLS darwinssl: un-break iOS build after PKCS/12 feature added tool: use XFERFUNCTION to save some casts usercertinmem: fix memory leaks ssh: Handle successful SSH_USERAUTH_NONE NSS: acknowledge the --no-sessionid/CURLOPT_SSL_SESSIONID_CACHE option test906: Fixed failing test on some platforms sasl: initialize NSS before using NTLM crypto sasl: Fixed memory leak in OAUTH2 message creation imap/pop3/smtp: Fixed QUIT / LOGOUT being sent when SSL connect fails cmake: unbreak for non-Windows platforms ssh: initialize per-handle data in ssh_connect() glob: fix broken URLs configure: check for long long when building with cyassl CURLOPT_RESOLVE: mention they don't time-out docs/examples/httpput.c: fix build for MSVC FTP: make the data connection work when going through proxy NSS: support for CERTINFO feature curl_multi_wait: accept 0 from multi_timeout() as valid timeout glob_range: pass the closing bracket for a-z ranges tool_help: Updated --list-only description to include POP3 Curl_ssl_push_certinfo_len: don't %.*s non-zero-terminated string cmake: fix Windows build with IPv6 support ares: Fixed compilation under Visual Studio 2012 curl_easy_setopt.3: clarify CURLOPT_SSL_VERIFYHOST documentation curl.1: mention that -O does no URL decoding darwinssl: PKCS/12 import feature now requires Lion or later darwinssl: check for SSLSetSessionOption() presence when toggling BEAST configure: Fix test with -Werror=implicit-function-declaration sigpipe: factor out sigpipe_reset from easy.c curl_multi_cleanup: ignore SIGPIPE globbing: curl glob counter mismatch with {} list use parseconfig: dash options can't specified with colon or equals digest: fix CURLAUTH_DIGEST_IE curl.h: for OpenBSD darwinssl: Fix #if 10.6.0 for SecKeychainSearch TFTP: fix return codes for connect timeout login options: remove the ;[options] support from CURLOPT_USERPWD imap: Fixed incorrect fallback to clear text authentication parsedate: avoid integer overflow curl.1: document -J doesn't %-decode multi: add timer inaccuracy margin to timeout/connecttimeout --- Module Name: pkgsrc Committed By: adam Date: Sat Feb 1 11:07:14 UTC 2014 Modified Files: pkgsrc/www/curl: Makefile distinfo pkgsrc/www/curl/patches: patch-aa Log Message: Changes 7.35.0: imap/pop3/smtp: Added support for SASL authentication downgrades imap/pop3/smtp: Extended the login options to support multiple auth mechanisms TheArtOfHttpScripting: major update, converted layout and more mprintf: Added support for I, I32 and I64 size specifiers makefile: Added support for VC7, VC11 and VC12 Bugfixes: SECURITY ADVISORY: re-use of wrong HTTP NTLM connection curl_easy_setopt: Fixed OAuth 2.0 Bearer option name pop3: Fixed APOP being determined by CAPA response rather than by timestamp Curl_pp_readresp: zero terminate line FILE: don't wait due to CURLOPT_MAX_RECV_SPEED_LARGE docs: mention CURLOPT_MAX_RECV/SEND_SPEED_LARGE don't work for FILE:// pop3: Fixed auth preference not being honored when CAPA not supported imap: Fixed auth preference not being honored when CAPABILITY not supported threaded resolver: Use pthread_t * for curl_thread_t FILE: we don't support paused transfers using this protocol connect: Try all addresses in first connection attempt curl_easy_setopt.3: Added SMTP information to CURLOPT_INFILESIZE_LARGE OpenSSL: Fix forcing SSLv3 connections openssl: allow explicit sslv2 selection FTP parselist: fix "total" parser conncache: fix possible dereference of null pointer multi.c: fix possible dereference of null pointer mk-ca-bundle: introduces -d and warns about using this script ConnectionExists: fix NTLM check for new connection trynextip: fix build for non-IPV6 capable systems Curl_updateconninfo: don't do anything for UDP "connections" darwinssl: un-break Leopard build after PKCS-12 change threaded-resolver: never use NULL hints with getaddrinf multi_socket: remind app if timeout didn't run OpenSSL: deselect weak ciphers by default error message: Sensible message on timeout when transfer size unknown curl_easy_setopt.3: mention how to unset CURLOPT_INFILESIZE* win32: Fixed use of deprecated function 'GetVersionInfoEx' for VC12 configure: fix gssapi linking on HP-UX chunked-parser: abort on overflows, allow 64 bit chunks chunked parsing: relax the CR strictness cookie: max-age fixes progress bar: always update when at 100% progress bar: increase update frequency to 10Hz tool: Fixed incorrect return code if command line parser runs out of memory tool: Fixed incorrect return code if password prompting runs out of memory HTTP POST: omit Content-Length if data size is unknown GnuTLS: disable insecure ciphers GnuTLS: honor --slv2 and the --tlsv1[.N] switches multi: Fixed a memory leak on OOM condition netrc: Fixed a memory and file descriptor leak on OOM getpass: fix password parsing from console TFTP: fix crash on time-out hostip: don't remove DNS entries that are in use tests: lots of tests fixed to pass the OOM torture tests
4 files changed, 30 insertions, 27 deletions
diff --git a/www/curl/Makefile b/www/curl/Makefile
index 73e6d468220..b4aab47d27d 100644
--- a/www/curl/Makefile
+++ b/www/curl/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.132 2013/10/17 07:56:36 adam Exp $
+# $NetBSD: Makefile,v 2014/03/11 12:47:11 tron Exp $
-DISTNAME= curl-7.33.0
+DISTNAME= curl-7.35.0
diff --git a/www/curl/PLIST b/www/curl/PLIST
index 0231b74038d..cb01525bd0e 100644
--- a/www/curl/PLIST
+++ b/www/curl/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.42 2013/10/17 07:56:36 adam Exp $
+@comment $NetBSD: PLIST,v 2014/03/11 12:47:11 tron Exp $
@@ -68,6 +68,7 @@ man/man3/libcurl-multi.3
diff --git a/www/curl/distinfo b/www/curl/distinfo
index 494b505c21d..c608dcc3644 100644
--- a/www/curl/distinfo
+++ b/www/curl/distinfo
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.90 2013/10/17 07:56:36 adam Exp $
+$NetBSD: distinfo,v 2014/03/11 12:47:11 tron Exp $
-SHA1 (curl-7.33.0.tar.bz2) = b0dc79066f31a000190fd8a15277738e8c1940aa
-RMD160 (curl-7.33.0.tar.bz2) = 8041110d4abd7663ad427f67127010bcf14e05f5
-Size (curl-7.33.0.tar.bz2) = 2747507 bytes
-SHA1 (patch-aa) = 2f7f02985ba2063272a3d39334fd0a74c7db3269
+SHA1 (curl-7.35.0.tar.bz2) = 14d1bca35f611112da0db098b0469efb4a60c8a9
+RMD160 (curl-7.35.0.tar.bz2) = 12844fdfa59538b4daa7d68a57e9d7d680473bf3
+Size (curl-7.35.0.tar.bz2) = 2781470 bytes
+SHA1 (patch-aa) = 4d634a15504a4b5e046161feb8c83b357becf2f2
SHA1 ( = 0dd49de806865c19fbf766ad208f8f2495824442
diff --git a/www/curl/patches/patch-aa b/www/curl/patches/patch-aa
index 88e9e9aeb93..1628763a437 100644
--- a/www/curl/patches/patch-aa
+++ b/www/curl/patches/patch-aa
@@ -1,11 +1,11 @@
-$NetBSD: patch-aa,v 1.24 2013/10/17 07:56:36 adam Exp $
+$NetBSD: patch-aa,v 2014/03/11 12:47:11 tron Exp $
builtin krb5-config in platforms such as solaris do not support
the gssapi option, and need an explicit -lgss
---- configure.orig 2013-10-12 20:24:48.000000000 +0000
+--- configure.orig 2014-01-29 06:54:45.000000000 +0000
+++ configure
-@@ -3642,6 +3642,7 @@ $as_echo "$as_me: $xc_bad_var_msg librar
+@@ -3641,6 +3641,7 @@ $as_echo "$as_me: $xc_bad_var_msg librar
@@ -13,7 +13,7 @@ the gssapi option, and need an explicit -lgss
if test $xc_bad_var_cflags = yes; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: using CFLAGS: $CFLAGS" >&5
$as_echo "$as_me: using CFLAGS: $CFLAGS" >&6;}
-@@ -16614,7 +16615,7 @@ squeeze() {
+@@ -16619,7 +16620,7 @@ squeeze() {
@@ -22,7 +22,7 @@ the gssapi option, and need an explicit -lgss
if test "$compiler_id" = "GNU_C" ||
test "$compiler_id" = "CLANG"; then
-@@ -21072,7 +21073,12 @@ $as_echo "yes" >&6; }
+@@ -21078,7 +21079,12 @@ $as_echo "yes" >&6; }
if test -z "$GSSAPI_INCS"; then
if test -f "$GSSAPI_ROOT/bin/krb5-config"; then
@@ -36,17 +36,17 @@ the gssapi option, and need an explicit -lgss
elif test "$GSSAPI_ROOT" != "yes"; then
-@@ -21214,19 +21220,24 @@ $as_echo "#define HAVE_GSSAPI 1" >>confd
+@@ -21226,13 +21232,18 @@ $as_echo "#define HAVE_GSSAPI 1" >>confd
if test -f "$GSSAPI_ROOT/bin/krb5-config"; then
- gss_libs=`$GSSAPI_ROOT/bin/krb5-config --libs gssapi`
-+ if $GSSAPI_ROOT/bin/krb5-config --libs gssapi 2>&1 | \
-+ grep "Unknown option" > /dev/null ; then
-+ gss_libs="`$GSSAPI_ROOT/bin/krb5-config --libs` -lgss"
-+ else
-+ gss_libs=`$GSSAPI_ROOT/bin/krb5-config --libs gssapi`
-+ fi
++ if $GSSAPI_ROOT/bin/krb5-config --libs gssapi 2>&1 | \
++ grep "Unknown option" > /dev/null ; then
++ gss_libs="`$GSSAPI_ROOT/bin/krb5-config --libs` -lgss"
++ else
++ gss_libs=`$GSSAPI_ROOT/bin/krb5-config --libs gssapi`
++ fi
LIBS="$gss_libs $LIBS"
elif test "$GSSAPI_ROOT" != "yes"; then
@@ -58,14 +58,16 @@ the gssapi option, and need an explicit -lgss
- else
-- LIBS="-lgssapi $LIBS"
-+ LIBS="-lgssapi -lkrb5 $LIBS"
+@@ -21243,7 +21254,7 @@ $as_echo "#define HAVE_GSSAPI 1" >>confd
+ LIBS="-lgss $LIBS"
+ ;;
+ *)
+- LIBS="-lgssapi $LIBS"
++ LIBS="-lgssapi -lkrb5 $LIBS"
+ ;;
+ esac
- else
-@@ -24793,19 +24804,19 @@ $as_echo "$as_me: WARNING: You need an l
+@@ -24834,19 +24845,19 @@ $as_echo "$as_me: WARNING: You need an l
$as_echo "yes" >&6; }
if test "x$OPENSSL_ENABLED" = "x1"; then