From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] curl: Update to 7.64.0
Date: Wed, 13 Feb 2019 17:27:44 +0000
Message-ID: <89D20F80-306E-440E-B517-1CC6B046BEC3@ipfire.org>
In-Reply-To: <20190209093722.11080-1-matthias.fischer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8412720411656459028=="
List-Id: <development.lists.ipfire.org>

--===============8412720411656459028==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Thank you. Merged.

> On 9 Feb 2019, at 09:37, Matthias Fischer <matthias.fischer(a)ipfire.org> w=
rote:
>=20
> Hi,
>=20
> For details see:
> https://curl.haxx.se/changes.html
>=20
> This came rather unexpected - if I'd known, I'd have waited with 7.63.0.
>=20
> "Changes:
> cookies: leave secure cookies alone
> hostip: support wildcard hosts
> http: Implement trailing headers for chunked transfers
> http: added options for allowing HTTP/0.9 responses
> timeval: Use high resolution timestamps on Windows
>=20
> Bugfixes:
> CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
> CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
> CVE-2019-3823: SMTP end-of-response out-of-bounds read
> FAQ: remove mention of sourceforge for github
> OS400: handle memory error in list conversion
> OS400: upgrade ILE/RPG binding.
> README: add codacy code quality badge
> Revert http_negotiate: do not close connection
> THANKS: added several missing names from year <=3D 2000
> build: make 'tidy' target work for metalink builds
> cmake: added checks for variadic macros
> cmake: updated check for HAVE_POLL_FINE to match autotools
> cmake: use lowercase for function name like the rest of the code
> configure: detect xlclang separately from clang
> configure: fix recv/send/select detection on Android
> configure: rewrite --enable-code-coverage
> conncache_unlock: avoid indirection by changing input argument type
> cookie: fix comment typo
> cookies: allow secure override when done over HTTPS
> cookies: extend domain checks to non psl builds
> cookies: skip custom cookies when redirecting cross-site
> curl --xattr: strip credentials from any URL that is stored
> curl -J: refuse to append to the destination file
> curl/urlapi.h: include "curl.h" first
> curl_multi_remove_handle() don't block terminating c-ares requests
> darwinssl: accept setting max-tls with default min-tls
> disconnect: separate connections and easy handles better
> disconnect: set conn->data for protocol disconnect
> docs/version.d: mention MultiSSL
> docs: fix the --tls-max description
> docs: use $(INSTALL_DATA) to install man page
> docs: use meaningless port number in CURLOPT_LOCALPORT example
> gopher: always include the entire gopher-path in request
> http2: clear pause stream id if it gets closed
> if2ip: remove unused function Curl_if_is_interface_name
> libssh: do not let libssh create socket
> libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
> libssh: free sftp_canonicalize_path() data correctly
> libtest/stub_gssapi: use "real" snprintf
> mbedtls: use VERIFYHOST
> multi: multiplexing improvements
> multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
> ntlm: fix NTMLv2 compliance
> ntlm_sspi: add support for channel binding
> openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
> openssl: fix the SSL_get_tlsext_status_ocsp_resp call
> openvms: fix OpenSSL discovery on VAX
> openvms: fix typos in documentation
> os400: add a missing closing bracket
> os400: fix extra parameter syntax error
> pingpong: change default response timeout to 120 seconds
> pingpong: ignore regular timeout in disconnect phase
> printf: fix format specifiers
> runtests.pl: Fix perl call to include srcdir
> schannel: fix compiler warning
> schannel: preserve original certificate path parameter
> schannel: stop calling it "winssl"
> sigpipe: if mbedTLS is used, ignore SIGPIPE
> smb: fix incorrect path in request if connection reused
> ssh: log the libssh2 error message when ssh session startup fails
> test1558: verify CURLINFO_PROTOCOL on file:// transfer
> test1561: improve test name
> test1653: make it survive torture tests
> tests: allow tests to pass by 2037-02-12
> tests: move objnames-* from lib into tests
> timediff: fix math for unsigned time_t
> timeval: Disable MSVC Analyzer GetTickCount warning
> tool_cb_prg: avoid integer overflow
> travis: added cmake build for osx
> urlapi: Fix port parsing of eol colon
> urlapi: distinguish possibly empty query
> urlapi: fix parsing ipv6 with zone index
> urldata: rename easy_conn to just conn
> winbuild: conditionally use /DZLIB_WINAPI
> wolfssl: fix memory-leak in threaded use
> spnego_sspi: add support for channel binding"
>=20
> Best,
> Matthias
>=20
> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
> ---
> config/rootfiles/common/curl | 3 +++
> lfs/curl                     | 4 ++--
> 2 files changed, 5 insertions(+), 2 deletions(-)
>=20
> diff --git a/config/rootfiles/common/curl b/config/rootfiles/common/curl
> index 5c616f8da..1eb9f6f37 100644
> --- a/config/rootfiles/common/curl
> +++ b/config/rootfiles/common/curl
> @@ -170,6 +170,7 @@ usr/lib/libcurl.so.4.5.0
> #usr/share/man/man3/CURLOPT_HEADERDATA.3
> #usr/share/man/man3/CURLOPT_HEADERFUNCTION.3
> #usr/share/man/man3/CURLOPT_HEADEROPT.3
> +#usr/share/man/man3/CURLOPT_HTTP09_ALLOWED.3
> #usr/share/man/man3/CURLOPT_HTTP200ALIASES.3
> #usr/share/man/man3/CURLOPT_HTTPAUTH.3
> #usr/share/man/man3/CURLOPT_HTTPGET.3
> @@ -340,6 +341,8 @@ usr/lib/libcurl.so.4.5.0
> #usr/share/man/man3/CURLOPT_TLSAUTH_PASSWORD.3
> #usr/share/man/man3/CURLOPT_TLSAUTH_TYPE.3
> #usr/share/man/man3/CURLOPT_TLSAUTH_USERNAME.3
> +#usr/share/man/man3/CURLOPT_TRAILERDATA.3
> +#usr/share/man/man3/CURLOPT_TRAILERFUNCTION.3
> #usr/share/man/man3/CURLOPT_TRANSFERTEXT.3
> #usr/share/man/man3/CURLOPT_TRANSFER_ENCODING.3
> #usr/share/man/man3/CURLOPT_UNIX_SOCKET_PATH.3
> diff --git a/lfs/curl b/lfs/curl
> index f00677b5e..e57bbbf45 100644
> --- a/lfs/curl
> +++ b/lfs/curl
> @@ -24,7 +24,7 @@
>=20
> include Config
>=20
> -VER        =3D 7.63.0
> +VER        =3D 7.64.0
>=20
> THISAPP    =3D curl-$(VER)
> DL_FILE    =3D $(THISAPP).tar.gz
> @@ -40,7 +40,7 @@ objects =3D $(DL_FILE)
>=20
> $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
>=20
> -$(DL_FILE)_MD5 =3D 6121427a7199cd6094fc48c9e31e8992
> +$(DL_FILE)_MD5 =3D a026740d599a32bcbbe6e70679397899
>=20
> install : $(TARGET)
>=20
> --=20
> 2.18.0
>=20


--===============8412720411656459028==--