curl — Commit History

- Update OPTIONS_DEFAULT:
  - Change from OPENSSL to OPENSSL
  - Remove LIBSSH2 and TLS_SRP (depends on OPENSSL)

ftp/curl uses OpenSSL by default. However, curl 8.18.0 drops OpenSSL 1.x support
which is used in FreeBSD 13 base system. Therefore, we change the defaults to
wolfSSL instead. This commit can be reverted after FreeBSD 13 EoL (expected Apr
30, 2026).

- Remove CURL_DEBUG option

Changes:	https://curl.se/changes.html
Security:	CVE-2025-13034, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, CVE-2025-15224, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-3805

- build moved from GNU autoconf to CMake
- No MFH as it is a big change/update and new quarterly is coming soon

PR:		293734
Changes:	https://curl.se/changes.html
Security:	CVE-2026-3805
		CVE-2026-3784
		CVE-2026-3783
		CVE-2026-1965
		CVE-2025-15224
		CVE-2025-15079
		CVE-2025-14819
		CVE-2025-14524
		CVE-2025-14017
		CVE-2025-13034
		See https://curl.se/docs/security.html for details
Tested by:	ulassayginim@gmail.com, george@m5p.com,
		freebsd-bugzilla.bugs@kjpetrie.co.uk,
		fabian@wenks.ch, jordan@ostreff.info,
		einar@isnic.is, void@f-m.fm
Approved by: 	ports-secteam (joneum)

Heimdal Kerberos support has been removed in cURL 8.17.0.
The Kerberos in base system will be replaced with MIT.
This option will be re-added when possible.

Reference:	https://www.freebsd.org/status/report-2025-04-2025-06/mit_krb5/
		https://lists.freebsd.org/archives/freebsd-current/2025-June/007867.html

- Remove GSSAPI_HEIMDAL option
- Change OPTIONS_DEFAULT from conditional GSSAPI_BASE to GSSAPI_NONE

Changes:	https://curl.se/changes.html
Security:	CVE-2025-10966

Changes:	https://curl.se/changes.html
Security:	CVE-2025-9086, CVE-2025-10148

Add --with-ca-path=/etc/ssl/certs to CONFIGURE_ARGS so GnuTLS and wolfSSL can
find CA certificates by default.

Remove --with-ca-fallback. It has no effect with GnuTLS and with OpenSSL curl
uses the OpenSSL CA path which should also be /etc/ssl/certs so it is redundant
now.

PR:		288861, 288862

- Adjust default options: enable MQTT and SMB by default

Changes:	https://curl.se/changes.html

Changes:	https://curl.se/changes.html
Security:	CVE-2025-5399

Approved by:	jrm (mentor)
Differential Revision:	https://reviews.freebsd.org/D50742

Changes:	https://curl.se/changes.html
Security:	CVE-2025-4947, CVE-2025-5025

Backport upstream patches 7e0eea7d7b34b81ca02ffb995ebea22c02cb92d2 and
fbdb1e1dbe824a72f41a104fa26e555cb0b6b45a to fix unit tests with ipfs and
alt-svc mode

References:
https://github.com/curl/curl/commit/7e0eea7d7b34b81ca02ffb995ebea22c02cb92d2
https://github.com/curl/curl/commit/fbdb1e1dbe824a72f41a104fa26e555cb0b6b45a

PR:		286233
Approved by:	maintainer timeout, 2+ weeks (including separate mail)

- Use the upstream commit instead of the pull request
- Use = instead of += for PATCHFILES
- Cosmetic change

Approved by:	jrm (mentor), otis (mentor), sunpoet (implicit approval)
Differential Revision:	https://reviews.freebsd.org/D50052
Upstream PR:	https://github.com/curl/curl/issues/16925

Changes:	https://curl.se/changes.html

Changes:	https://curl.se/changes.html

Changes:	https://curl.se/changes.html

- Fix libcurl.pc with GSSAPI_BASE enabled
- Bump PORTREVISION for package change

Do not add heimdal-gssapi to libcurl.pc because we do no provide .pc file base GSSAPI library.

Reported by:	diizzy

Changes:	https://curl.se/changes.html
Security:	CVE-2024-11053

- Bump PORTREVISION for package change

Do not add heimdal-gssapi to libcurl.pc because we do no provide .pc file base GSSAPI library.

- Adjust options:
  - Add IPFS
  - Enable WEBSOCKET by default: It is no longer experimental

Changes:	https://curl.se/changes.html

- Add COMPRESSION group
- Enable BROTLI and ZSTD: Add both compression support
- Enable IDN: libidn2 is already part of the dependencies of libpsl (PSL option)
- Bump PORTREVISION for dependency change

Upstream mentioned that using libuv without debug support enabled is useless.
Therefore, LIBUV option will also enable DEBUG option.

Reported by:	adamw

Changes:	https://curl.se/changes.html

Partially backport upstream commits
70d3a9b6aa69ffdd9435e168463cfabd21e17cd1 and
bef0acaf212a71c782e0b8e8e6c772cc46040356

References:
https://github.com/curl/curl/issues/14923
https://github.com/curl/curl/commit/70d3a9b6aa69ffdd9435e168463cfabd21e17cd1
https://github.com/curl/curl/commit/bef0acaf212a71c782e0b8e8e6c772cc46040356

Approved by:	portmgr (blanket, runtime fix)

Changes:	https://curl.se/changes.html
Security:	CVE-2024-8096

- Bump PORTREVISION for package change

PR:		280653
Obtained from:	https://github.com/curl/curl/commit/3eec5afbd0b6377eca893c392569b2faf094d970

Changes:	https://curl.se/changes.html
Security:	CVE-2024-7264

Changes:	https://curl.se/changes.html
Security:	CVE-2024-6197, CVE-2024-6874

This reverts commit 4a9021c266f4a52b876bd15d3d0d27a72dbeb278.

This reverts commit 710db45d8d10dc6b16f92a7db644a3a99bf482a9.

Reported by:	FreshPorts Sanity Daemon

multimedia/librtmp is removed in 8d01b5458f4660725fcaf562cdbb073debc9b751
RTMP option is removed in ac11b26ab75ddd548c39fe64ccf2e5de66842bd3

Changes:	https://curl.se/changes.html

Remove invalid option as support for librtmp was removed in
8d01b5458f4660725fcaf562cdbb073debc9b751

Approved by:	portmgr (blanket)

Changes:	https://curl.se/changes.html
Security:	CVE-2024-2004, CVE-2024-2398, CVE-2024-2379, CVE-2024-2466

- Update LDAPS_DESC
- Fix CONFIGURE_ARGS
- Clean up patches

USES=autoreconf can be removed after next version update.

ChangeLog:	https://curl.se/changes.html#8_6_0
PR:		276879
Approved by:	maintainer
Exp-run bye:	antoine
MFH:		2024Q1
Security:	02e33cd1-c655-11ee-8613-08002784c58d

Approved by:    portmgr (blanket)

Changes:	https://curl.se/changes.html
Security:	CVE-2023-46218, CVE-2023-46219

Changes:	https://curl.se/changes.html
Security:	CVE-2023-38545, CVE-2023-38546

MFH:		2023Q4
Reviewed by:	sunpoet
Differential Revision:	https://reviews.freebsd.org/D42039

Changes:	https://curl.se/changes.html
Security:	CVE-2023-38039

Changes:	https://curl.se/changes.html

Changes:	https://curl.se/changes.html

Upgrade to 8.1.0 broke the build on recent CURRENT and this version
contains a fix for that

PR:		271526
Reported by:	O. Hartmann <ohartmann@walstatt.org>
Fixes:		5fae3323ed2f9a1d203ccaed617ed49dec9d85ce
Pointy hat to:	garga
MFH:		2023Q2
Sponsored by:	Rubicon Communications, LLC ("Netgate")

PR:		271497
Security:	CVE-2023-28319
		CVE-2023-28320
		CVE-2023-28321
		CVE-2023-28322
Sponsored by:	Rubicon Communications, LLC ("Netgate")

Changes:	https://curl.se/changes.html

ChangeLog:	https://curl.se/changes.html#7_88_1
PR:		269967
Approved by:	maintainer timeout
MFH:		2023Q1
Security:	be233fc6-bae7-11ed-a4fb-080027f5fec9

Convert the USE_LDAP=yes to USES=ldap and adds the following features:

- Adds the argument USES=ldap:server to add openldap2{4|5|6}-server as
  RUN_DEPENDS
- Adds the argument USES=ldap<version> and replaces WANT_OPENLDAP_VER
- Adds OPENLDAP versions in bsd.default-versions.mk
- Adds USE_OPENLDAP/WANT_OPENLDAP_VER in Mk/bsd.sanity.mk
- Changes consumers to use the features

Reviewed by:	delphij
Approved by:	portmgr
Differential Revision: https://reviews.freebsd.org/D38233

Upstream renamed --with-ssl to --with-openssl, and --without-ssl now
means no SSL at all.  This fixes building with SSL libraries other than
OpenSSL.

Approved by:	sunpoet (via email)

With hat:	pkgmgr

- Update WWW
- Disable CA_BUNDLE option by default

ca_root_nss is not needed since we have caroot in the base system.

Changes:	https://curl.se/changes.html
Security:	CVE-2022-43551, CVE-2022-43552

While here,

* Switch to DISTVERSION.
* Pet portlint and portclippy.
* Tidy up Makefile with portfmt.

ChangeLog:	https://curl.se/changes.html#7_86_0
PR:		267802
Approved by:	maintainer timeout
MFH:		2022Q4
Security:	0f99a30c-7b4b-11ed-9168-080027f5fec9

Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.

This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.

Approved by:		portmgr (tcberner)

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.

This commit implements such a proposal and moves one of the WWW: entries
of each pkg-descr file into the respective port's Makefile. A heuristic
attempts to identify the most relevant URL in case there is more than
one WWW: entry in some pkg-descr file. URLs that are not moved into the
Makefile are prefixed with "See also:" instead of "WWW:" in the pkg-descr
files in order to preserve them.

There are 1256 ports that had no WWW: entries in pkg-descr files. These
ports will not be touched in this commit.

The portlint port has been adjusted to expect a WWW entry in each port
Makefile, and to flag any remaining "WWW:" lines in pkg-descr files as
deprecated.

Approved by:		portmgr (tcberner)

Changes:	https://curl.se/changes.html
Security:	CVE-2022-35252

A big Thank You to the original contributors of these ports:

  *  Aaron Dalton <aaron@FreeBSD.org>
  *  Alexander Kriventsov
  *  Anders Nordby <anders@fix.no>
  *  Andreas Fehlner <fehlner@gmx.de>
  *  Andrew Pantyukhin <infofarmer@FreeBSD.org>
  *  Andrey Zakhvatov
  *  Antonio Carlos Venancio Junior (<antonio@inf.ufsc.br>)
  *  Chris Piazza <cpiazza@FreeBSD.org>
  *  Damjan Marion <dmarion@open.hr>
  *  Emanuel Haupt <ehaupt@critical.ch>
  *  Eric Freeman <freebsdports@chillibear.com>
  *  Frank DENIS
  *  Frank Laszlo <laszlof@vonostingroup.com>
  *  Gea-Suan Lin (gslin@ccca.nctu.edu.tw)
  *  Gea-Suan Lin <gslin@ccca.nctu.edu.tw>
  *  George V. Neville-Neil <gnn@FreeBSD.org>
  *  Hye-Shik Chang
  *  Jordan Hubbard <jkh@FreeBSD.org>
  *  Jose Alonso Cardenas Marquez <acardenas@bsd.org.pe>
  *  Joseph Benden <joe@thrallingpenguin.com>
  *  Ju Pengfei <jupengfei@gmail.com>
  *  Jui-Nan Lin <jnlin@freebsd.cs.nctu.edu.tw>
  *  Mark Johnston <markj@FreeBSD.org>
  *  Martin Matuska (mm@FreeBSD.org)
  *  Marwan BURELLE <marwan.burelle@lri.fr>
  *  Maxim Ignatenko
  *  Maxim Sobolev <sobomax@FreeBSD.org>
  *  Neil Blakey-Milner
  *  Neil Blakey-Milner <nbm@rucus.ru.ac.za>
  *  Nick Leuta
  *  Nosov Artem <chip-set@mail.ru>
  *  Petr Holub <hopet@ics.muni.cz>
  *  Philippe Le Berre <philippe@le-berre.com>
  *  Piotr Kubaj <pkubaj@anongoth.pl>
  *  Po-Chuan Hsieh <sunpoet@FreeBSD.org>
  *  Roman Bogorodskiy
  *  Sergey Matveychuk <sem@FreeBSD.org>
  *  Sergey Skvortsov <skv@FreeBSD.org>
  *  Stephane Legrand
  *  Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org>
  *  TAKATSU Tomonari <tota@FreeBSD.org>
  *  Thomas Gellekum <tg@FreeBSD.org>
  *  Tom McLaughlin <tmclaugh@sdf.lonestar.org>
  *  Tomokazu ISHII <t-ishii@tryplanet.com>
  *  Ulrich Spoerlein <uspoerlein@gmail.com>
  *  Wen Heping <wen@FreeBSD.org>
  *  Xavier Beaudouin <kiwi@oav.net>
  *  Yasuhiro Fukuma <yasuf@big.or.jp>
  *  Ying-Chieh Liao <ijliao@FreeBSD.org>
  *  ache
  *  cy@FreeBSD.org
  *  ijliao
  *  ports
  *  torstenb
  *  will

With hat:	portmgr

Changes:	https://curl.se/changes.html
Security:	CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208
Security:	ae5722a6-f5f0-11ec-856e-d4c9ef517024

Changes:	https://curl.se/changes.html
Security:	CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115

Changes:	https://curl.se/changes.html
Security:	CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776
Security:	92a4d881-c6cf-11ec-a06f-d4c9ef517024

- Bump PORTREVISION for dependency change

- Update CA_BUNDLE_DESC: Remove unsupported mbedTLS

PR:		262955
Submitted by:	diizzy

Changes:	https://curl.se/changes.html

Changes:	https://curl.se/changes.html

Changes:	https://curl.se/changes.html

Changes:	https://curl.se/changes.html

Changes:	https://curl.se/changes.html

- Remove METALINK option: all support removed by upstream
- Update NTLM option: it has own configure option now

Changes:	https://curl.se/changes.html

PR:		256627
Requested by:	Michael Osipov <michael.osipov@siemens.com>

PR:		254622
Reported by:	Daniel Engberg <daniel.engberg.lists@pyret.net>

- Bump PORTREVISION for dependency change

PR:		253939
Requested by:	Dennis Clarke <dclarke@blastwave.org>

Changes:	https://curl.se/changes.html

Approved by:	portmgr blanket

- Update MASTER_SITES

Changes:	https://curl.haxx.se/changes.html

Changes:	https://curl.haxx.se/changes.html

Changes:	https://curl.haxx.se/changes.html

- Bump PORTREVISION for package change

Requested by:	Jonathan Simon <info@simonabc.com>
Obtained from:	https://github.com/curl/curl/commit/0936ecd0ee5e3e28c098fefc9e2c0e6847cb7a82

Changes:	https://curl.se/changes.html
PR:		251773
Submitted by:	lwhsu
Security:	3c77f139-3a09-11eb-929d-d4c9ef517024
MFH:		2020Q4

Since August 2020, curl would auto-enable ZSTD if available while
configuring, this would however not propagate to the LIB_DEPENDS.
Make sure to explicitly control ZSTD by introducing an option that
defaults to off.

While here, also mark BROKEN if GSSAPI_BASE is selected while
krb5 is installed when building.

PR:		250414
Approved by:	sunpoet@ (maintainer timeout, 14d)

PR:		250384
Reported by:	Dewayne Geraghty <dewayne@heuristicsystems.com.au>
Obtained from:	https://github.com/curl/curl/commit/a3d5b199f96a108f38bd1f6adaf3a7585f721d02

Changes:	https://curl.haxx.se/changes.html

PR:		248047
Reported by:	Michael Osipov <michael.osipov@siemens.com>
Submitted by:	kevans

Changes:	https://curl.haxx.se/changes.html
Security:	b905dff4-e227-11ea-b0ea-08002728f74c
MFH:		2020Q3

Changes:	https://curl.haxx.se/changes.html

Tests run without error regardless of PROXY option.

PROXY disabled:
TESTDONE: 930 tests out of 930 reported OK: 100%
TESTDONE: 1364 tests were considered during 369 seconds.

PROXY enabled:
TESTDONE: 1052 tests out of 1052 reported OK: 100%
TESTDONE: 1364 tests were considered during 410 seconds.

Changes:	https://curl.haxx.se/changes.html
Security:	6bff5ca6-b61a-11ea-aef4-08002728f74c
MFH:		2020Q2

Changes:	https://curl.haxx.se/changes.html

- Bump PORTREVISION for package change

Obtained from:	https://github.com/curl/curl/commit/3bfda07004a5739fb306e55cb9529ba3de35fbdb
PR:		245237
Reported by:	Michael Osipov <michael.osipov@siemens.com>

PR:		245070
Reported by:	<iron.udjin@gmail.com>

Changes:	https://curl.haxx.se/changes.html

It compiles fine without gmake now.

PR:		244647
Submitted by:	Daniel Engberg <daniel.engberg.lists@pyret.net>

It builds fine with wolfssl 4.3.0.

PR:		242824
Submitted by:	Takefu <takefu@airport.fm>

Changes:	https://curl.haxx.se/changes.html

curl fails to build when OpenSSL is built without DES support, with many
"use of undeclared identifier" errors. For example:

curl_ntlm_core.c:392:3: error: use of undeclared identifier 'DES_key_schedule'
  DES_key_schedule ks;
  ^

An issue was reported back in 2015 [1], requesting support for ./configure
detecting OPENSSL_NO_DES, but the issue was ultimately closed:

"We just don't support very custom OpenSSL builds. I could be talked into
accepting patches that introduce support for this however".

Accordingly and leui of an upstream configure patch, this change adds an
NTLM option, enabled by default, and when disabled, defines
CURL_DISABLE_NTLM, which prevents #define'ing USE_NTLM in
WRKSRC/lib/curl_setup.h, resulting in a successful build.

This allows users the opportunity to easily disable the DES requiring
functionality in curl, if they happen to run custom or stripped down
OpenSSL builds.

Note: This issue may impact builds with other SSL libraries that allow
disabling DES, but I did not investigate this question.

[1] https://sourceforge.net/p/curl/bugs/1439/
[2] Would require a version update, which granted, is mostly bugfixes

Reviewed by:	sunpoet (maintainer)
Approved by:	sunpoet (maintainer)
MFH:		No [2]
Differential Revision: D22498

Approved by:	portmgr blanket

Differential Revision:	https://reviews.freebsd.org/D22176
Submitted by:	swills

Changes:	https://curl.haxx.se/changes.html

Changes:	https://curl.haxx.se/changes.html
Security:	9fb4e57b-d65a-11e9-8a5f-e5c82b486287
MFH:		2019Q3

Changes:	https://curl.haxx.se/changes.html

Changes:	https://curl.haxx.se/changes.html

- Bump PORTREVISION of dependent ports for shlib change
- Fix build of devel/pijul [1]

Changes:	https://git.lysator.liu.se/nettle/nettle/blob/master/NEWS
PR:		238991
Exp-run by:	antoine
Thanks to:	tobik [1]

Changes:	https://curl.haxx.se/changes.html

- Bump PORTREVISION for package change

Obtained from:	https://github.com/curl/curl/commit/0dc9a8019962d31787c4929d36de6817ae3090e7

- Bump PORTREVISION for package change

Obtained from:	https://github.com/curl/curl/commit/f4f485c17b9a8b41c23ad1fa9fbcfc1973172ead

- Bump PORTREVISION for package change

PR:		238137
Reported by:	tobik

Obtained from:	https://github.com/curl/curl/commit/dc0a671213fa94489933755828b26f5807d61a7a
Reported by:	Charlie Li <ml+freebsd@vishwin.info>

Changes:	https://curl.haxx.se/changes.html
Security:	dd343a2b-7ee7-11e9-a290-8ddc52868fa9
MFH:		2019Q2

ALTSVC requires Curl_get_line which is defined in lib/cookie.c inside a #if
check of HTTP and COOKIES. That makes Curl_get_line undefined if COOKIES is
disabled. This is a workaround to define Curl_get_line unconditionally.

PR:             236885, 236890

- Bump PORTREVISION for package change

PR:		236878
Reported by:	Laszlo Karolyi <laszlo@karolyi.hu>

- Add ALTSVC option

Changes:	https://curl.haxx.se/changes.html

- Bump PORTREVISION of dependent ports for shlib change

Changes:	https://gitlab.com/libidn/libidn2/blob/master/NEWS

Changes:	https://curl.haxx.se/changes.html
Security:	714b033a-2b09-11e9-8bc3-610fd6e6cd05
MFH:		2019Q1

- Bump PORTREVISION of dependent ports for shlib change

Changes:	https://gitlab.com/libidn/libidn2/blob/master/NEWS

Changes:	https://curl.haxx.se/changes.html

PR:		233189
Submitted by:	Takefu <takefu@airport.fm>

Changes:	https://curl.haxx.se/changes.html
Security:	e0ab1773-07c1-46c6-9170-4c5e81c00927
MFH:		2018Q4

Changes:	https://curl.haxx.se/changes.html
Security:	f4d638b9-e6e5-4dbe-8c70-571dbc116174
MFH:		2018Q3

- Restore RELEASE-PROCEDURE.md
- Fix CARES option
- Bump PORTREVISION for package change

PR:		229753
Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
Approved by:	maintainer timeout (sunpoet, >2 weeks)
MFH:		2018Q3
Security:	3849e28f-8693-11e8-9610-9c5c8e75236a

nettle for gnutls support in curl is always enabled because it is an unconditional dependency of security/gnutls.

Do not bump PORTREVISION because package-depends-list is unchanged.

Changes:	https://curl.haxx.se/changes.html
Security:	04fe6c8d-2a34-4009-a81e-e7a7e759b5d2
MFH:		2018Q2

Obtained from:	https://github.com/openbsd/ports/blob/master/net/curl/patches/patch-lib_vtls_openssl_c
PR:		226845
Submitted by:	Piotr Kubaj <pkubaj@anongoth.pl>
MFH:		2018Q1

Changes:	https://curl.haxx.se/changes.html

- Bump PORTREVISION of dependent ports for shlib change

Changes:	https://github.com/rockdaboot/libpsl/blob/master/NEWS
		https://github.com/rockdaboot/libpsl/blob/libpsl-0.20.1/NEWS

- Bump PORTREVISION of dependent ports for shlib change

Changes:	https://github.com/rockdaboot/libpsl/blob/master/NEWS

lib/checksrc.pl is run when CURL_DEBUG is enabled.
The build failed due to the long line in patched lib/url.c.

./url.c:593:82: warning: Longer than 79 columns (LONGLINE)
       data->set.no_signal = TRUE; /* different handling of signals and threads */
checksrc: 0 errors and 1 warnings
checksrc: 0 errors and 5 warnings suppressed
gmake[3]: *** [Makefile:3935: checksrc] Error 5

MFH:		2018Q1

- Add DICT, FTP, GOPHER, TELNET and TFTP options to OPTIONS_DEFAULT
- Add HTTP options to OPTIONS_DEFAULT
- Bump PORTREVISION for package change

DICT, FTP, GOPHER, TELNET and TFTP options are enabled by default through configure but not being added to OPTIONS_DEFAULT in r460440.
HTTP option is enabled by default through HTTP2 option.

- Add protocol group
- Convert already-enabled protocols to IMAP, POP3, RTSP and SMTP options
- Add DICT, FTP, GOPHER, HTTP, TELNET and TFP options
- Update CA_BUNDLE_DESC
- Use CA_BUNDLE_CONFIGURE_WITH and OPENSSL_CONFIGURE_WITH
- Merge TLS_SRP check

PR:		223967 (based on)
Submitted by:	brnrd

libssh uses cmake which depends on curl.

- Add BROTLI and LIBSSH options

Changes:	https://curl.haxx.se/changes.html

Brotli support will be added as an option after archivers/brotli being updated
to a newer version.

PR:             224072
Reported by:    mi

Changes:	https://curl.haxx.se/changes.html
		https://curl.haxx.se/docs/security.html
Security:	301a01b7-d50e-11e7-ac58-b499baebfeaf
MFH:		2017Q4

Changes:	https://curl.haxx.se/changes.html
		https://curl.haxx.se/docs/security.html
Security:	143ec3d6-b7cf-11e7-ac58-b499baebfeaf
MFH:		2017Q4

Changes:	https://curl.haxx.se/changes.html
Security:	ccace707-a8d8-11e7-ac58-b499baebfeaf
MFH:		2017Q4

PR:		221724
Submitted by:	xmj

cURL 7.55.1 use the threaded resolver (THREADED_RESOLVER) backend if c-ares
(CARES) is not available. That means you must enable either CARES or
THREADED_RESOLVER (default) option.

Reference:	https://github.com/curl/curl/pull/1647
MFH:		2017Q3

Changes:	https://curl.haxx.se/changes.html
MFH:		2017Q3

Changes:	https://curl.haxx.se/changes.html
Security:	69cfa386-7cd0-11e7-867f-b499baebfeaf
PR:		221362
Submitted by:	brnrd
MFH:		2017Q3

Changes:	https://curl.haxx.se/changes.html
Security:	9314058e-5204-11e7-b712-b1a44a034d72
MFH:		2017Q2

Approved by:	portmgr blanket

Changes:	https://curl.haxx.se/changes.html
Security:	3e2e9b44-25ce-11e7-a175-939b30e0836d
MFH:		2017Q2

PR:		218721
Reported by:	<dewayne@heuristicsystems.com.au>
MFH:		2017Q2

- Bump PORTREVISION for package change

Obtained from:	https://curl.haxx.se/CVE-2017-7407.patch
		https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13
		https://github.com/curl/curl/commit/8e65877870c1fac920b65219adec720df810aab9
Security:	04f29189-1a05-11e7-bc6e-b499baebfeaf
MFH:		2017Q2

Changes:	https://curl.haxx.se/changes.html

Changes:	https://curl.haxx.se/changes.html
Security:	311e4b1c-f8ee-11e6-9940-b499baebfeaf

PR:		215996
Exp-run by:	antoine
Approved by:	portmgr (antoine)

Introduce USE_LOCALE=<locale> that adds LANG=<locale> and LC_ALL=<locale> to
CONFIGURE_ENV and MAKE_ENV so upstream build systems can be executed with a
different locale (e.g. USE_LOCALE=en_US.UTF-8).

PR:		215882
Exp-run by:	antoine
Approved by:	portmgr (antoine)

- Bump PORTREVISION for package change

Reference:	https://github.com/rakshasa/rtorrent/issues/538
Obtained from:	https://github.com/curl/curl/commit/a7b38c9dc98481e4a5fc37e51a8690337c674dfb
MFH:		2017Q1

Changes:	https://curl.haxx.se/changes.html
Security:	c40ca16c-4d9f-4d70-8b6c-4d53aeb8ead4
MFH:		2016Q4

Changes:	https://curl.haxx.se/changes.html
Security:	42880202-c81c-11e6-a9a5-b499baebfeaf
MFH:		2016Q4

Pointed out by:	adamw

PR:		205269
Suggested by:	<bkazemi@users.sf.net>

Changes:	https://github.com/rockdaboot/libpsl/blob/master/NEWS

Changes:	https://github.com/rockdaboot/libpsl/blob/master/NEWS

PR:		210472
Submitted by:	Marcin Gryszkalis <mg@fork.pl>

MFH:		2016Q4

- Update to 7.51.0
- Fixes 11 security vulnerabilities
- Remove docs no longer installed from plist

PR:		214000
MFH:		2016Q4
Security:	765feb7d-a0d1-11e6-a881-b499baebfeaf
Security:	CVE-2016-8615
Security:	CVE-2016-8616
Security:	CVE-2016-8617
Security:	CVE-2016-8618
Security:	CVE-2016-8619
Security:	CVE-2016-8620
Security:	CVE-2016-8621
Security:	CVE-2016-8622
Security:	CVE-2016-8623
Security:	CVE-2016-8624
Security:	CVE-2016-8625

PR:		213195
Submitted by:	mat
Exp-run by:	antoine
Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D8093

No other downstream appends synthetic library version, and doing so
causes underlinking due to fragile build system (see below). Not to
mention being unable to swap out bundled libs from upstream builds.

  $ cc -lplds4 -L/usr/local/lib
  /usr/lib/crt1.o: In function `_start1':
  crt1_c.c:(.text+0xa6): undefined reference to `main'
  /usr/local/lib/libplds4.so: undefined reference to `pthread_set_name_np'
  /usr/local/lib/libplds4.so: undefined reference to `pthread_create'
  /usr/local/lib/libplds4.so: undefined reference to `pthread_condattr_init'
  /usr/local/lib/libplds4.so: undefined reference to `pthread_setschedparam'
  /usr/local/lib/libplds4.so: undefined reference to `pthread_getschedparam'

PR:		213144
Exp-run by:	antoine

- Update installed docs

PR:		212677
MFH:		2016Q3
Security:	CVE-2016-7167

If one tries to use the base gssapi with SSL from ports, gssapi.mk
will add an IGNORE entry.

Suggested by:	mat

If one tries to use the base gssapi with SSL from ports, gssapi.mk
will add an IGNORE entry.

Suggested by:	mat

Approved by:	SSL blanket

PR:		211575
MFH:		2016Q3
Security:	CVE-2016-5419
Security:	CVE-2016-5420
Security:	CVE-2016-5421

Changes:	http://curl.haxx.se/changes.html

Restore the way ftp/curl was working before.

With hat:	portmgr
Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D6921

Sponsored by:	Absolight

Sponsored by:	Absolight

WITH_OPENSSL_* can't be set after bsd.port.pre.mk.
Fold all other usage into using SSL_DEFAULT == foo

PR:		210149
Submitted by:	mat
Exp-run by:	antoine
Sponsored by:	The FreeBSD Foundation, Absolight
Differential Revision:	https://reviews.freebsd.org/D6577

Approved by:	portmgr blanket

Changes:	http://curl.haxx.se/changes.html

Changes:	https://github.com/rockdaboot/libpsl/blob/master/NEWS

With hat:	portmgr
Sponsored by:	Absolight

net-im/jabber: This port used the old API to give users fine grained
control over which crypto algorithms were used via a configuration file.
It's not immediately obvious how to port this to the new API so the port
always uses the defaults now.

www/hydra: Mark BROKEN.  This uses more removed calls than the other ports,
is said to be alpha quality and not fully functional and has been abandoned
10 years ago.

PR:		207768
Exp-run by:	antoine
Approved by:	portmgr (antoine)

Changes:	http://curl.haxx.se/changes.html

PR:		207513
Submitted by:	Alexandr Matveev <timon@timon.net.nz>

Changes:	http://curl.haxx.se/changes.html

PR:		205875
Submitted by:	Matthieu Volat <mazhe@alkumuna.eu>

PR:		206756
Submitted by:	zeising
Approved by:	ports-secteam (miwi)
MFH:		2016Q1
Security:	CVE-2016-0755

Sponsored by:	PortsCamp Taiwan

Differential Revision:	https://reviews.FreeBSD.org/D4757
PR:		205804
Exp-run by:	antoine
Accepted by:	bapt (portmgr)

Changes:	http://curl.haxx.se/changes.html

Changes:	http://curl.haxx.se/changes.html

perl5's do-test: target should only be enabled when USE_PERL5=configure
or USE_PERL5=modbuild* are used, otherwise it'll end up being empty
and will prevent other tests from running.

Remove NO_PERL5_TEST as it isn't really needed after this fix.

Approved by:	mat, sunpoet
Differential Revision:	D3830

Changes:	http://curl.haxx.se/changes.html

Suggested by:	tijl

PR:		201147
Submitted by:	grembo
Obtained from:	https://github.com/bagder/curl/commit/903b6e05565bf826b4194447864288642214b094

PR:		200555

PR:		200555

Without this curl would link to both /usr/lib/libssl.so and /usr/local/lib/libssl.so
resulting in a crash at runtime.

Bump revision as current builds are broken at runtime and need to be rebuilt.

PR:		200555
Submitted by:	truckman
Approved by:	maintainer timeout

Changes:	http://curl.haxx.se/changes.html

PR:		200816

Reported by:	Scott Bennett <bennett@sdf.org>

Changes:	http://curl.haxx.se/changes.html

Notified by:	antoine

Reference:	https://github.com/bagder/curl/commit/fd9d3a1ef1f7b1cb5812d04bad07818efc6f3b3a

Changes:	http://curl.haxx.se/changes.html

PR:		198397 (based on)
Submitted by:	Bernard Spil <spil.oss@gmail.com>

Changes:	http://curl.haxx.se/changes.html

Changes:	http://curl.haxx.se/changes.html
Security:	CVE-2014-8150
Security:	CVE-2014-8151
MFH:		2015Q1

audio/libogg
audio/libvorbis
devel/pcre
ftp/curl
graphics/jpeg
graphics/libart_lgpl
graphics/tiff
textproc/expat2
textproc/libxslt

In these cases the same trick as in the recent gettext update is used.
The ports install a symlink with the old library version.  When enough
of their dependent ports have had regular updates the remaining ones can
get a PORTREVISION bump and the links can be removed.

Also remove the devel/pcre dependency from USE_GNOME=glib20.  It causes
over 2200 packages to depend on devel/pcre while less than 200 actually
link with it.  The glib20 package still depends on devel/pcre so this
should not make a difference for ports with USE_GNOME=glib20.  Also,
libdata/pkgconfig/glib-2.0.pc lists pcre as a private library so
USE_GNOME=glib20 should not propagate it.

PR:		195724
Exp-run by:	antoine
Approved by:	portmgr (antoine)

Changes:	http://curl.haxx.se/changes.html

Changes:	http://curl.haxx.se/changes.html

PR:		ports/193972
Submitted by:	bsduser <local@o2.pl>, mickael.maillot@gmail.com
Obtained by:	https://github.com/bagder/curl/commit/d9762a7cdb35e70f8cb0bf1c2f8019e8391616e1

Changes:	http://curl.haxx.se/changes.html

Approved by:	portmgr (implicit, bump unstaged port)

databases/glom:
- Drop :keepla
- Add INSTALL_TARGET=install-strip

databases/libgda4* databases/libgda5*:
- Convert to USES=libtool and bump dependent ports
- USES=tar:xz
- Use INSTALL_TARGET=install-strip
- Use @sample

databases/libgdamm:
- Drop :keepla
- USES=tar:bzip2
- Use INSTALL_TARGET=install-strip

databases/libgdamm5:
- Add INSTALL_TARGET=install-strip
- Drop --enable-static (inherited from old repocopy)

devel/anjuta x11-toolkits/py-gnome-extras:
- Drop :keepla

dns/powerdns dns/powerdns-devel:
- Convert to USES=libtool
- Add INSTALL_TARGET=install-strip
- Disable static modules
- Stop creating library symlinks with .0 suffix, not needed for dynamically
  opened modules

mail/dovecot2:
- Add USES=libtool

mail/dovecot2-pigeonhole:
- Drop CONFIGURE_TARGET (incorrect for Dragonfly)
- Add USES=libtool and INSTALL_TARGET=install-strip

math/gnumeric:
- USES=libtool tar:xz

Approved by:	portmgr (implicit, bump unstaged ports)

PR:		191274
Exp-run by:	antoine
Approved by:	portmgr (antoine)

Changes:	http://curl.haxx.se/changes.html

Changes:	http://curl.haxx.se/changes.html

Submitted by:	tijl

PR:		ports/189987
Submitted by:	ashish

Reported by:	many

Changes:	http://curl.haxx.se/changes.html

Tested by:	redports

PR:		ports/186902
Submitted by:	Jeremy Chadwick <jdc@koitsu.org>

Changes:	http://curl.haxx.se/changes.html
PR:		ports/186557
Exp-run by:	bdrewery

Changes:	http://curl.haxx.se/changes.html
PR:		ports/185456
Exp-run by:	bdrewery

When SPNEGO option is on, LOCALBASE/include/fbopenssl was added to the search
path of include files. It causes build failure when "#include <gssapi.h>" wants
/usr/include/gssapi/gssapi.h.

PR:		ports/183388 [1]
Submitted by:	avilla [1]
Reported by:	antoine

Changes:	http://curl.haxx.se/changes.html
PR:		ports/183151
Exp-run by:	bdrewery

Reported by:	makc

Note:
- mk-ca-bundle.1 will not be installed. Use http://curl.haxx.se/docs/caextract.html instead

Changes:	http://curl.haxx.se/changes.html
PR:		ports/181510
Exp run by:	drewery

SSP_UNSAFE is added to disable in a port if it fails to build, but
this should only be used in rare circumstances such as kernel modules.
Otherwise, the port may just be failing due to lack of respecting
LDFLAGS.

On FreeBSD 10, this uses an ldscript in /usr/lib/libc.so to pull in
libssp_nonshared.a to address issues linking on i386 [1].

On earlier FreeBSD versions the WITH_SSP knob will add -lssp_nonshared
to LDFLAGS on i386. This is not needed on amd64. However, several hundred
ports do not currently respect LDFLAGS, so this support is disabled currently
as it causes build failures if a dependency is looking for the stack_chk
symbols.

Many thanks to jlh@ for this as he had many years of patience in getting
all of the necessary pieces [1][2] in.

[1] http://svnweb.freebsd.org/base/head/lib/libc/libc.ldscript?revision=251668&view=markup

PR:		ports/138228 [2]
Submitted by:	jlh (bsd.ssp.mk based on)
Reviewed by:	bapt
With hat:	portmgr
exp-runs done:	37 over a month on 91i386,91amd64,10i386,10amd64

PR:		ports/177401 [1], ports/180648 [1], ports/180944 [2]

Approved by:	portmgr (bdrewery)

PR:		ports/177401

Submitted by:	Brett Gmoser <bgmoser@leadbidinc.com>, Sergey Lobanov <wmn@siberianet.ru>
Obtained from:	https://github.com/bagder/curl/commit/8a7a277c086199b
Reference:	http://sourceforge.net/p/curl/bugs/1249/

Submitted by:	Herbert J. Skuhra <hskuhra@eumx.net>

Changes:	http://curl.haxx.se/changes.html
PR:		ports/172325 (-exp run), ports/177369 (based on) [1]
Submitted by:	Hirohisa Yamaguchi <umq@ueo.co.jp> [1], hrs (via email) [2]
Exp run by:	miwi

The upgrade patch found in ports/172325 is currently under
exp-run.  The changes in this commit against ftp/curl can be
safely reverted before applying that patch, as it's shipped
with new curl release.

Approved by:	portmgr (miwi)

Reported by:	miwi

If a port used other USE_GNOME items it was untouched.
The ports that used other USES were fixed by hand.

PR:		ports/177081
Reviewed by:	bapt
Approved by:	portmgr (miwi)

Reported by:	pointyhat (via beat)
Pointyhat to:	swills

PR:		ports/171260
Approved by:	maintainer timeout (sunpoet, >2 weeks)

PR:		ports/169946
Submitted by:	mm

Changes:	http://curl.haxx.se/changes.html

Approved by:	roam (maintainer, implicit)

Approved by:	portmgr (miwi)

PR:		157936
Submitted by:	myself
Exp-runs by:	pav
Approved by:	pav

PR:		150854 (the debug and optimization CFLAGS)
Reported by:	Anonymous <swell.k@gmail.com>

PR:		ports/149368
Submitted by:	pgj
Approved by:	roam (maintainer timeout)

PR:		141459
Submitted by:	garga

Bump the shared lib dependency on ports touched by the c-ares update.

Pointy hat to:	roam (myself)

PR:		ports/133003
Submitted by:	mm
Approved by:	maintainer timeout (roam; 1 month)

PR:		132358
Submitted by:	Eygene Ryabinkin <rea-fbsd@codelabs.ru>

Prompted by:	several PR's and more people (and portmgrs) than I dare admit

To workaround this issue, many ports hack the CONFIGURE_TARGET variable
so that it contains the ``--build='' prefix.

To solve this issue, under the fact that some ports still have
configure script generated by the old autoconf, we use runtime detection
in the do-configure target so that the proper argument can be used.

Changes to Mk/*:
 - Add runtime detection magic in bsd.port.mk
 - Remove CONFIGURE_TARGET hack in various bsd.*.mk
 - USE_GNOME=gnometarget is now an no-op

Changes to individual ports, other than removing the CONFIGURE_TARGET hack:

= pkg-plist changed (due to the ugly CONFIGURE_TARGET prefix in * executables)
  - comms/gnuradio
  - science/abinit
  - science/elmer-fem
  - science/elmer-matc
  - science/elmer-meshgen2d
  - science/elmerfront
  - science/elmerpost

= use x86_64 as ARCH
  - devel/g-wrap

= other changes
  - print/magicfilter
    GNU_CONFIGURE -> HAS_CONFIGURE since it's not generated by autoconf

Total # of ports modified:  1,027
Total # of ports affected: ~7,000 (set GNU_CONFIGURE to yes)

PR:		126524 (obsoletes 52917)
Submitted by:	rafan
Tested on:	two pointyhat 7-amd64 exp runs (by pav)
Approved by:	portmgr (pav)

PR:		123050
Reported by:	Chess Griffin <chess@chessgriffin.com>
Pointy hat to:	roam (myself)

PR:		114215 (the basic update)
Submitted by:	pesho.petrov@gmail.com

PR:		ports/111470
Approved by:	portmgr
Discussed with:	stas (Mk/*), gerald (info related stuffs)
Tested by:	pointyhat exp run

PR:		ports/114474
Submitted by:	Vaclav Haisman <v.haisman@sh.cvut.cz>
Pointy hat to:	lx

PR:		109670
Submitted by:	Eygene Ryabinkin <rea-fbsd@codelabs.ru>

Thanks to everyone who took the time to look over the patch!

Discussed on:	-ports

Reported by:	girgen

PR:		102871, 103126
Submitted by:	pav, vd, Scot Hetzel <swhetzel@gmail.com>

PR:		99050
Submitted by:	vd

PR:		ports/94727
Submitted by:	vd
Approved by:	secteam (simon)
Security:	http://curl.haxx.se/docs/adv_20060320.html

PR:		90079 [1]
Submitted by:	Vasil Dimov <vd@datamax.bg>
Approved by:	maintainer timeout (security 1 day, simon with secteam hat)
Security:	http://curl.haxx.se/docs/adv_20051207.html
		http://secunia.com/advisories/17907/

devel/libidn -> dns/libidn
  devel/p5-Net-LibIDN -> dns/p5-Net-LibIDN

Approved by:	both maintainers
Repocopy by:	marcus

PR:		87393
Submitted by:	Vasil Dimov <vd@datamax.bg>
Security:	http://curl.haxx.se/docs/security.html#BID15102

PR:		ports/81195
Submitted by:	Vasil Dimov <vd@datamax.bg>
Approved by:	maintainer timeout (18 days)

Properly use LC_ALL=C instead of LANG=C to run the test suite
(thanks Fujishima-san!)

Testing paid off on:	ref4 (lib/select.c), sledge (lib/sendf.c)

PR:		64667
Submitted by:	Marius Strobl <marius@alchemy.franken.de>

PR:		60105
Submitted by:	ijliao

Reported by:	naddy (1)

Submitted by:	dinoex

Submitted by:	Phillip Oleson <poleson@verio.net>

PR:		51315
Submitted by:	Jason Harris <jharris@widomaker.com>

Reported by:	Stephen Cravey <clists@www.gotbrains.org>
Submitted by:	Scot Hetzel <hetzels@westbend.net>

Reported by:	David Thiel <lx@redundancy.redundancy.org>

Submitted by:	ijliao, Daniel Stenberg <daniel@haxx.se> (cURL author)

Not functionally tested on:	ia64; there is no spoon.. er.. perl5 on
				pluto1.FreeBSD.org for the present.

For some reason, this segfaults badly on sparc64, or at least on the
only sparc64 machine that I have access to (thanks mike!).  I'll deal
with this later; for the present, let the x86 and Alpha users benefit
from the new cURL features and bugfixes :)

PR:		39873
Submitted by:	Ying-Chih Kuo <yckuo@yckuo.org>

Reported by:	Steve Ames <steve@energistic.com>

While I'm here, change the way SSL header and library paths are handled
to avoid specifically referencing /usr/lib and /usr/include; while
-STABLE's GCC shrugs this off, GCC 3.1 whines loudly about an explicit
-I/usr/include (and rightly so, IMHO).

Bump PORTREVISION for this (definitely package-related) change.

PR:		ports/34491
Submitted by:	Tom Payne <twp20@cam.ac.uk>

PR:		32815
Submitted by:	Joseph Scott <joseph@randomnetworks.com> and naddy
Apologies to:	Joseph Scott and Christian Weisberger <naddy@FreeBSD.org>

Submitted by:	kris

Build with SSL by default, change the knob name to WITHOUT_SSL.

Submitted by:	sf

Submitted by:	sf

Reviewed by:	dirk, knu

PR:		27900
Submitted by:	Jos Backus <josb@cncdsl.com>
Reviewed by:	knu (maintainer of ftp/ruby-curl)
Silence by:	dirk (maintainer of www/mod_php4)

Submitted by:	Daniel Stenberg <daniel@haxx.se>

Submitted by:	olgeni

Submitted by:	olgeni

Approved by:	kris (former maintainer)

Submitted by:	Peter Pentchev <roam@orbitel.bg>

Submitted by:	Peter Pentchev <roam@orbitel.bg>

Submitted by:	bento

No comment by:	ports

Submitted by:	author

PR:		ports/14280
Assisted by:    Jim Bloom <bloom@acm.org>

Prompted by PR:  13476, 13477
Submitted by:  KATO Tsuguru

FWIW, checkout of these things took 5+hrs, staying on the local
.freebsd.org net w/o hitting the 'net at all.

As promised,

$ time cvs ci
real    67m51.701s
user    0m1.250s
sys     0m5.345s

PR:	11837

PR: ports/11527
Submitted by: cpiazza@home.net

PR:		11160
Submitted by:	Chris Piazza cpiazza@home.net

OK'ed by:	Kris Kennaway <kkennawa@physics.adelaide.edu.au> (maintainer)

curl offers a busload of useful tricks like proxy support, user
authentication, ftp upload, HTTP post, SSL (https:) connections, file
transfer resume and more.

PR:		ports/9079
Submitted By:	Neil Blakey-Milner <nbm@rucus.ru.ac.za>
		Kris Kennaway <kkenn@rebel.net.au>

This port replaces ports/www/urlget