cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
166,033 Commits 1 Branch 0 Tags
Commit Graph

179 Commits

Author SHA1 Message Date
naddy
339fa501b8 net/curl: security update to 7.83.0 
Includes fixes for
CVE-2022-22576: OAUTH2 bearer bypass in connection re-use
CVE-2022-27774: Credential leak on redirect
CVE-2022-27775: Bad local IPv6 connection reuse
CVE-2022-27776: Auth/cookie leak on redirect
 2022-04-27 19:19:14 +00:00
naddy
88b28d2e03 net/curl: update to 7.82.0 
curl tool: new --json option
 2022-03-05 15:57:01 +00:00
naddy
a04421673a net/curl: update to 7.81.0 2022-01-06 15:41:57 +00:00
naddy
1d4944268b net/curl: update to 7.80.0 2021-11-12 22:44:23 +00:00
naddy
d166d9b12e net/curl: update to 7.79.1 for some bug fixes 2021-10-05 11:14:36 +00:00
naddy
a381b9c07f net/curl: security update to 7.79.0 
Includes fixes for
CVE-2021-22945: UAF and double-free in MQTT sending
CVE-2021-22946: Protocol downgrade required TLS bypassed
CVE-2021-22947: STARTTLS protocol injection via MITM
 2021-09-17 21:13:22 +00:00
naddy
e58410a7ef net/curl: fix inconsequential editing error in patch 2021-07-21 19:28:48 +00:00
naddy
6420e8b846 net/curl: security update to 7.78.0 
Includes fixes for
CVE-2021-22924: Bad connection reuse due to flawed path name checks
CVE-2021-22925: TELNET stack contents disclosure again

CVE-2021-22922, CVE-2021-22923, CVE-2021-22926 do not affect us.
 2021-07-21 19:17:02 +00:00
naddy
cde2ef73bf net/curl: fix regression test suite with the default stack limit 
The simple web server (sws) would try to allocate 2*2MB of buffers
on the stack, bump against the default 4MB limit and die, disabling
a large slice of the regression test suite.  Use malloc instead.
 2021-06-12 14:15:08 +00:00
naddy
b015c6e54f net/curl: security update to 7.77.0 
Includes fixes for
CVE-2021-22897: schannel cipher selection surprise
CVE-2021-22898: TELNET stack contents disclosure
CVE-2021-22901: TLS session caching disaster
 2021-05-31 20:10:49 +00:00
naddy
e72253e7cc net/curl: update to 7.76.1 2021-04-24 15:17:34 +00:00
naddy
57ff8d22f1 net/curl: security update to 7.76.0 
Includes fixes for
CVE-2021-22876: Automatic referer leaks credentials
CVE-2021-22890: TLS 1.3 session ticket proxy host mixup
 2021-03-31 17:57:32 +00:00
naddy
f209ad59d5 net/curl: update to 7.75.0 2021-02-05 17:08:03 +00:00
naddy
7f603d888b Update to 7.74.0. Includes security fixes for: 
CVE-2020-8284: trusting FTP PASV responses
CVE-2020-8285: FTP wildcard stack overflow
CVE-2020-8286: Inferior OCSP verification
 2020-12-10 20:52:25 +00:00
naddy
e0ff172806 Update to 7.73.0. Noteworthy changes: 
* Additional protocol: MQTT
* curl tool: new --output-dir option, reworked --help with categories
 2020-10-18 11:53:40 +00:00
naddy
dac30d08de Update to 7.72.0 after prodding by bket@ 
Includes a security fix for
CVE-2020-8231: libcurl: wrong connect-only connection
 2020-08-21 14:18:07 +00:00
naddy
904ebcec97 maintenance update to 7.71.1 2020-07-10 22:35:45 +00:00
naddy
be5458cfdb Update to 7.71.0. 
Includes security fixes for
CVE-2020-8169: Partial password leak over DNS on HTTP redirect
CVE-2020-8177: curl overwrite local file with -J
 2020-06-24 22:13:11 +00:00
naddy
e0a66f45bc update to 7.70.0 and enable debug package 2020-05-16 21:47:11 +00:00
naddy
af57936ac4 update to bugfix release 7.69.1 2020-03-12 13:30:13 +00:00
naddy
a35d323b59 maintenance update to 7.69.0 2020-03-09 22:11:28 +00:00
naddy
dca02861d3 Maintenance update to 7.68.0. The security fix does not affect us. 2020-01-15 20:12:35 +00:00
naddy
5e4f4db5eb Update to 7.67.0. No known security fixes. 
Adds --no-progress-meter option to curl command.
 2019-11-06 13:51:47 +00:00
naddy
d81ac0f05a Update to 7.66.0. 
Includes security fixes for:
CVE-2019-5481 (not applicable to our port)
CVE-2019-5482: TFTP small blocksize heap buffer overflow

curl command: support parallel transfers with -Z
 2019-09-12 19:51:43 +00:00
naddy
8336d8f346 update to 7.65.3: make the progress meter appear again 2019-07-19 14:42:38 +00:00
naddy
fa2e8e0d43 Maintenance update to 7.65.2. The security fix does not affect us. 2019-07-18 19:35:50 +00:00
sthen
48b0b9660c replace simple PERMIT_PACKAGE_CDROM=Yes with PERMIT_PACKAGE=Yes 2019-07-12 20:48:23 +00:00
naddy
cd4bba880d Update to 7.65.1. No known security fixes. 2019-06-06 21:09:17 +00:00
naddy
2f275c648c Update to 7.65.0. Includes security fixes for: 
CVE-2019-5435: Integer overflows in curl_url_set
CVE-2019-5436: tftp: use the current blksize for recvfrom()
 2019-05-25 16:09:25 +00:00
naddy
0756f1ed82 Maintenance update to curl 7.64.1 for numerous bug fixes. 
No security vulnerabilities have been announced.
 2019-03-30 03:18:12 +00:00
naddy
4e0b2b1c3f Don't interfere with debugging (-g) and optimization (-O) flags. 
The curl configure script wants to take control of the compiler
flags for optimization and debugging.  The actual interactions are
more complex, but the gist is that the flags are stripped from
CFLAGS, and if --enable-optimize or --enable-debug are specified,
an approved optimization or debugging flag is added.

report/ok bentley@
 2019-02-11 20:34:39 +00:00
naddy
3086b11500 Update to 7.64.0. Includes fixes for 
CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
CVE-2019-3823: SMTP end-of-response out-of-bounds read
 2019-02-06 18:14:05 +00:00
naddy
e146d7cecd Update to 7.63.0. No known security fixes. 2018-12-12 20:41:04 +00:00
naddy
ef9f8312a9 Update to 7.62.0. Includes fixes for: 
CVE-2018-16839: SASL password overflow via integer overflow
CVE-2018-16840: use-after-free in handle close
CVE-2018-16842: warning message out-of-buffer read
 2018-11-07 20:34:31 +00:00
naddy
d0653ca416 Update to 7.61.1. Includes a fix for 
CVE-2018-14618: NTLM password overflow via integer overflow

Stop using SEPARATE_BUILD since many regression tests will fail to
find the curl executable otherwise.
 2018-09-07 08:41:56 +00:00
naddy
3d261cf9a8 Update to 7.61.0. Includes a fix for: 
CVE-2018-0500: SMTP send heap buffer overflow
 2018-07-11 16:00:03 +00:00
naddy
54361640ad Update to 7.60.0. Includes fixes for: 
CVE-2018-1000300: FTP shutdown response buffer overflow)
CVE-2018-1000301: RTSP bad headers buffer over-read
 2018-05-16 19:06:05 +00:00
naddy
fbb77801a8 Security update to 7.59.0. Includes fixes for: 
CVE-2018-1000120: FTP path trickery leads to NUL byte out of bounds write
CVE-2018-1000122: RTSP RTP buffer over-read
 2018-03-14 19:16:16 +00:00
sthen
952ef4bcaf Unbreak - OpenSSL_version_num() was added to libressl but cURL has it's 
own alternative for libressl/old openssl which was conflicting. Slightly
annoying because they want to print the LibreSSL version number and
OpenSSL_version_num() gives the fixed 2.0.0 coming from
OPENSSL_VERSION_NUMBER. Discussed with jsing
 2018-02-15 22:13:20 +00:00
naddy
00f4398524 Security update to 7.58.0. Fixes: 
CVE-2018-1000005: HTTP/2 trailer out-of-bounds read
CVE-2018-1000007: HTTP authentication leak in redirects
 2018-01-27 00:10:59 +00:00
naddy
fb96e58d00 Security update to 7.57.0. Fixes: 
CVE-2017-8816: NTLM buffer overflow via integer overflow
CVE-2017-8817: FTP wildcard out of bounds read
CVE-2017-8818: SSL out of buffer access
 2017-12-01 21:02:23 +00:00
naddy
b058533a83 Security update to 7.56.1: 
CVE-2017-1000257: IMAP FETCH response out of bounds read
 2017-10-25 19:31:30 +00:00
naddy
b220038438 Update to 7.56.0: 
- adds a new MIME API
- fix for CVE-2017-1000254 (FTP PWD response parser out of bounds read)
 2017-10-09 15:34:05 +00:00
naddy
fb3dd6c12a Update to 7.55.1. 
Note that this enables the multithreaded resolver by default and now
links with pthread.
 2017-08-31 19:34:16 +00:00
naddy
d5288d6685 Security update to 7.55.0: 
* file: output the correct buffer to the user (CVE-2017-1000099)
* tftp: reject file name lengths that don't fit (CVE-2017-1000100)
* glob: do not parse after a strtoul() overflow range (CVE-2017-1000101)
 2017-08-10 19:46:26 +00:00
naddy
09c9be5d65 Maintenance update to 7.54.1. The security fix does not affect us. 2017-06-27 19:16:40 +00:00
naddy
9268ccac35 Update to 7.54.0. Includes fix for 
CVE-2017-7468: TLS session resumption client cert bypass (again)
 2017-04-24 20:33:58 +00:00
naddy
88f6e1ca3c SECURITY update to 7.53.1: 
CVE-2017-2629: make SSL_VERIFYSTATUS work again
Also numerous other bug fixes.
 2017-02-24 21:08:28 +00:00
naddy
9dfe0e23e9 upstream fix for regression tests 1060 and 1061, where the included test 
server errored out on send(2) returning EAGAIN
 2017-01-09 23:27:20 +00:00
naddy
a991fb7f12 Upstream commit a7b38c9dc98481e4a5fc37e51a8690337c674dfb to fix a problem 
that causes rtorrent to busy loop when announcing to the tracker.  ok tj@
 2017-01-05 20:46:00 +00:00