cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
131,168 Commits 1 Branch 0 Tags
Commit Graph

144 Commits

Author SHA1 Message Date
naddy
3d261cf9a8 Update to 7.61.0. Includes a fix for: 
CVE-2018-0500: SMTP send heap buffer overflow
 2018-07-11 16:00:03 +00:00
naddy
54361640ad Update to 7.60.0. Includes fixes for: 
CVE-2018-1000300: FTP shutdown response buffer overflow)
CVE-2018-1000301: RTSP bad headers buffer over-read
 2018-05-16 19:06:05 +00:00
naddy
fbb77801a8 Security update to 7.59.0. Includes fixes for: 
CVE-2018-1000120: FTP path trickery leads to NUL byte out of bounds write
CVE-2018-1000122: RTSP RTP buffer over-read
 2018-03-14 19:16:16 +00:00
sthen
952ef4bcaf Unbreak - OpenSSL_version_num() was added to libressl but cURL has it's 
own alternative for libressl/old openssl which was conflicting. Slightly
annoying because they want to print the LibreSSL version number and
OpenSSL_version_num() gives the fixed 2.0.0 coming from
OPENSSL_VERSION_NUMBER. Discussed with jsing
 2018-02-15 22:13:20 +00:00
naddy
00f4398524 Security update to 7.58.0. Fixes: 
CVE-2018-1000005: HTTP/2 trailer out-of-bounds read
CVE-2018-1000007: HTTP authentication leak in redirects
 2018-01-27 00:10:59 +00:00
naddy
fb96e58d00 Security update to 7.57.0. Fixes: 
CVE-2017-8816: NTLM buffer overflow via integer overflow
CVE-2017-8817: FTP wildcard out of bounds read
CVE-2017-8818: SSL out of buffer access
 2017-12-01 21:02:23 +00:00
naddy
b058533a83 Security update to 7.56.1: 
CVE-2017-1000257: IMAP FETCH response out of bounds read
 2017-10-25 19:31:30 +00:00
naddy
b220038438 Update to 7.56.0: 
- adds a new MIME API
- fix for CVE-2017-1000254 (FTP PWD response parser out of bounds read)
 2017-10-09 15:34:05 +00:00
naddy
fb3dd6c12a Update to 7.55.1. 
Note that this enables the multithreaded resolver by default and now
links with pthread.
 2017-08-31 19:34:16 +00:00
naddy
d5288d6685 Security update to 7.55.0: 
* file: output the correct buffer to the user (CVE-2017-1000099)
* tftp: reject file name lengths that don't fit (CVE-2017-1000100)
* glob: do not parse after a strtoul() overflow range (CVE-2017-1000101)
 2017-08-10 19:46:26 +00:00
naddy
09c9be5d65 Maintenance update to 7.54.1. The security fix does not affect us. 2017-06-27 19:16:40 +00:00
naddy
9268ccac35 Update to 7.54.0. Includes fix for 
CVE-2017-7468: TLS session resumption client cert bypass (again)
 2017-04-24 20:33:58 +00:00
naddy
88f6e1ca3c SECURITY update to 7.53.1: 
CVE-2017-2629: make SSL_VERIFYSTATUS work again
Also numerous other bug fixes.
 2017-02-24 21:08:28 +00:00
naddy
9dfe0e23e9 upstream fix for regression tests 1060 and 1061, where the included test 
server errored out on send(2) returning EAGAIN
 2017-01-09 23:27:20 +00:00
naddy
a991fb7f12 Upstream commit a7b38c9dc98481e4a5fc37e51a8690337c674dfb to fix a problem 
that causes rtorrent to busy loop when announcing to the tracker.  ok tj@
 2017-01-05 20:46:00 +00:00
naddy
faa31e7950 Security update to 7.52.1: 
CVE-2016-9586: printf floating point buffer overflow
 2017-01-04 20:28:56 +00:00
naddy
1db6f36d84 Security update to 7.51.0. 
CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host

Note that this drops support for internationalized domain names.
ok sthen@
 2016-11-04 11:33:33 +00:00
naddy
ed86ce7e26 Security update to 7.50.3: 
CVE-2016-7167: curl escape and unescape integer overflows
 2016-09-17 19:34:35 +00:00
naddy
82b26fbc83 Security update to 7.50.1. 
CVE-2016-5419: TLS session resumption client cert bypass
CVE-2016-5420: Re-using connections with wrong client cert
CVE-2016-5421: use of connection struct after free
 2016-08-03 20:44:08 +00:00
naddy
461ba70d0d maintenance update to 7.49.0 2016-05-28 20:05:21 +00:00
naddy
675973adbb maintenance update to 7.48.0 2016-04-05 19:33:21 +00:00
naddy
ce859edcb4 garbage collect CONFIGURE_SHARED 2016-03-11 20:28:21 +00:00
naddy
f8edcff5b1 update HOMEPAGE and MASTER_SITES 2016-02-27 21:55:51 +00:00
naddy
2f7aa7597e Update to 7.47.0. 
Fixes CVE-2016-0755: NTLM credentials not-checked for proxy connection re-use
 2016-01-29 23:52:24 +00:00
naddy
c61fc915c2 routine update to 7.46.0 2016-01-01 22:17:05 +00:00
sthen
2085dc6286 curl picks up nghttp2 if present at build time; list it as an explicit 
dependency, naddy@ agrees.

The nghttp2 port is careful to avoid additional dependencies that are
known not to build on some arch.
 2015-10-30 00:26:46 +00:00
naddy
2ac63dcb03 update to 7.45.0 2015-10-18 19:16:30 +00:00
naddy
732d3297db maintenance update to 7.44.0 2015-08-19 17:08:48 +00:00
naddy
c1a91acc2e Security update to 7.43.0. Fixes: 
CVE-2015-3236: lingering HTTP credentials in connection re-use
http://curl.haxx.se/docs/adv_20150617A.html

CVE-2015-3237: SMB send off unrelated memory contents
http://curl.haxx.se/docs/adv_20150617B.html
 2015-06-20 19:50:55 +00:00
naddy
232e17bba0 Security update to 7.42.1. Fixes: 
CVE-2015-3153: sensitive HTTP server headers also sent to proxies
 2015-04-30 22:32:24 +00:00
naddy
b94d85eeef Security update to 7.42.0. Fixes: 
CVE-2015-3143: Re-using authenticated connection when unauthenticated
CVE-2015-3144: host name out of boundary memory access
CVE-2015-3145: cookie parser out of boundary memory access
CVE-2015-3148: Negotiate not treated as connection-oriented
 2015-04-28 19:26:36 +00:00
naddy
43718aa8e0 maintenance update to 7.41.0 2015-03-17 22:47:02 +00:00
naddy
213d1bf959 Update to 7.40.0. 
* Fix CVE-2014-8150 (URL request injection)
* Add initial support for the SMB/CIFS protocol
 2015-01-11 12:58:41 +00:00
schwarze
ba9c3d9058 Usually, ports Makefiles should not explicitly call mandoc or groff 
but leave the formatting to pkg_create(1) if needed.  In the special
cases where they do need to call mandoc (for example, like in this
case, to include a formatted manual into a binary program) they
should pass the -Tascii option to avoid depending on the user's
locale, since mandoc -Tlocale will soon be the default.

In this case, it isn't strictly needed because the upstream Makefile
uses "env LC_ALL=C" when calling groff/mandoc.  But let's avoid the
fragility of depending on that, and let's avoid setting a bad example.

No package change, no bump.
ok naddy@ (MAINTAINER)
 2014-11-30 16:44:04 +00:00
naddy
400433d5d2 maintenance update to 7.39.0: SSLv3 is disabled by default 2014-11-15 21:36:18 +00:00
naddy
98c2dcbeed add default support for extracting *.tar.lzma; ok juanfra@ 2014-09-13 15:09:24 +00:00
naddy
e07e686b7c Security update to 7.38.0. Fixes 
CVE-2014-3613 (libcurl cookie leak with IP address as domain)
CVE-2014-3620 (libcurl cookie leak for TLDs)

Also switch to .lzma distfile.
 2014-09-11 18:00:45 +00:00
naddy
120d0da4cf maintenance update to 7.37.1 2014-09-02 19:54:24 +00:00
naddy
c39027ac02 maintenance update to 7.37.0 2014-06-13 20:32:33 +00:00
jasper
3ea3febc52 remove m68k-related workarounds 2014-03-19 13:40:59 +00:00
naddy
70aea747ad maintenance update to 7.35.0 2014-03-10 22:43:38 +00:00
naddy
6fe45ff8b4 Security fix for CVE-2014-0015: re-use of wrong HTTP NTLM connection 
http://curl.haxx.se/docs/adv_20140129.html
From: Donovan Watteau
 2014-02-03 21:52:14 +00:00
naddy
35da062e4b maintenance update to 7.34.0 2014-01-02 22:01:24 +00:00
naddy
d428c829a3 use <sys/select.h> to get select() in a reliable, standards-compliant way 
pointed out by kirby@
 2013-12-04 15:23:55 +00:00
naddy
9dfbb5a40d maintenance update to 7.33.0 2013-10-25 22:21:27 +00:00
naddy
699bc4880a Update to 7.32.0. 
No revolutionary changes; see http://curl.haxx.se/changes.html for
the details.
 2013-10-09 17:25:39 +00:00
jasper
d3c8df5a14 Security fix for CVE-2013-2174, 
libcURL "curl_easy_unescape()" Buffer Overflow Vulnerability

ok naddy@ (MAINTAINER)
 2013-07-16 19:25:38 +00:00
miod
ef50f7eb2f Fix build on m68k. No revision bump 'coz it had been broken for quite a long 
time.
ok naddy@
 2013-07-14 20:20:25 +00:00
jasper
ef222239f0 Security fix for CVE-2013-1944 curl: Cookie domain suffix match vulnerability 
ok naddy@ (MAINTAINER)
 2013-05-07 06:53:26 +00:00
ajacoutot
58f1a6f9f6 USE_LIBTOOL=Yes is the default now. 2013-03-21 08:45:11 +00:00