cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
133,109 Commits 1 Branch 0 Tags
Commit Graph

81 Commits

Author SHA1 Message Date
naddy
ef9f8312a9 Update to 7.62.0. Includes fixes for: 
CVE-2018-16839: SASL password overflow via integer overflow
CVE-2018-16840: use-after-free in handle close
CVE-2018-16842: warning message out-of-buffer read
 2018-11-07 20:34:31 +00:00
naddy
d0653ca416 Update to 7.61.1. Includes a fix for 
CVE-2018-14618: NTLM password overflow via integer overflow

Stop using SEPARATE_BUILD since many regression tests will fail to
find the curl executable otherwise.
 2018-09-07 08:41:56 +00:00
naddy
3d261cf9a8 Update to 7.61.0. Includes a fix for: 
CVE-2018-0500: SMTP send heap buffer overflow
 2018-07-11 16:00:03 +00:00
naddy
54361640ad Update to 7.60.0. Includes fixes for: 
CVE-2018-1000300: FTP shutdown response buffer overflow)
CVE-2018-1000301: RTSP bad headers buffer over-read
 2018-05-16 19:06:05 +00:00
naddy
fbb77801a8 Security update to 7.59.0. Includes fixes for: 
CVE-2018-1000120: FTP path trickery leads to NUL byte out of bounds write
CVE-2018-1000122: RTSP RTP buffer over-read
 2018-03-14 19:16:16 +00:00
naddy
00f4398524 Security update to 7.58.0. Fixes: 
CVE-2018-1000005: HTTP/2 trailer out-of-bounds read
CVE-2018-1000007: HTTP authentication leak in redirects
 2018-01-27 00:10:59 +00:00
naddy
fb96e58d00 Security update to 7.57.0. Fixes: 
CVE-2017-8816: NTLM buffer overflow via integer overflow
CVE-2017-8817: FTP wildcard out of bounds read
CVE-2017-8818: SSL out of buffer access
 2017-12-01 21:02:23 +00:00
naddy
b058533a83 Security update to 7.56.1: 
CVE-2017-1000257: IMAP FETCH response out of bounds read
 2017-10-25 19:31:30 +00:00
naddy
b220038438 Update to 7.56.0: 
- adds a new MIME API
- fix for CVE-2017-1000254 (FTP PWD response parser out of bounds read)
 2017-10-09 15:34:05 +00:00
naddy
fb3dd6c12a Update to 7.55.1. 
Note that this enables the multithreaded resolver by default and now
links with pthread.
 2017-08-31 19:34:16 +00:00
naddy
d5288d6685 Security update to 7.55.0: 
* file: output the correct buffer to the user (CVE-2017-1000099)
* tftp: reject file name lengths that don't fit (CVE-2017-1000100)
* glob: do not parse after a strtoul() overflow range (CVE-2017-1000101)
 2017-08-10 19:46:26 +00:00
naddy
09c9be5d65 Maintenance update to 7.54.1. The security fix does not affect us. 2017-06-27 19:16:40 +00:00
naddy
9268ccac35 Update to 7.54.0. Includes fix for 
CVE-2017-7468: TLS session resumption client cert bypass (again)
 2017-04-24 20:33:58 +00:00
naddy
88f6e1ca3c SECURITY update to 7.53.1: 
CVE-2017-2629: make SSL_VERIFYSTATUS work again
Also numerous other bug fixes.
 2017-02-24 21:08:28 +00:00
naddy
faa31e7950 Security update to 7.52.1: 
CVE-2016-9586: printf floating point buffer overflow
 2017-01-04 20:28:56 +00:00
naddy
1db6f36d84 Security update to 7.51.0. 
CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host

Note that this drops support for internationalized domain names.
ok sthen@
 2016-11-04 11:33:33 +00:00
naddy
ed86ce7e26 Security update to 7.50.3: 
CVE-2016-7167: curl escape and unescape integer overflows
 2016-09-17 19:34:35 +00:00
naddy
82b26fbc83 Security update to 7.50.1. 
CVE-2016-5419: TLS session resumption client cert bypass
CVE-2016-5420: Re-using connections with wrong client cert
CVE-2016-5421: use of connection struct after free
 2016-08-03 20:44:08 +00:00
naddy
461ba70d0d maintenance update to 7.49.0 2016-05-28 20:05:21 +00:00
naddy
675973adbb maintenance update to 7.48.0 2016-04-05 19:33:21 +00:00
naddy
2f7aa7597e Update to 7.47.0. 
Fixes CVE-2016-0755: NTLM credentials not-checked for proxy connection re-use
 2016-01-29 23:52:24 +00:00
naddy
c61fc915c2 routine update to 7.46.0 2016-01-01 22:17:05 +00:00
naddy
2ac63dcb03 update to 7.45.0 2015-10-18 19:16:30 +00:00
naddy
732d3297db maintenance update to 7.44.0 2015-08-19 17:08:48 +00:00
naddy
c1a91acc2e Security update to 7.43.0. Fixes: 
CVE-2015-3236: lingering HTTP credentials in connection re-use
http://curl.haxx.se/docs/adv_20150617A.html

CVE-2015-3237: SMB send off unrelated memory contents
http://curl.haxx.se/docs/adv_20150617B.html
 2015-06-20 19:50:55 +00:00
naddy
232e17bba0 Security update to 7.42.1. Fixes: 
CVE-2015-3153: sensitive HTTP server headers also sent to proxies
 2015-04-30 22:32:24 +00:00
naddy
b94d85eeef Security update to 7.42.0. Fixes: 
CVE-2015-3143: Re-using authenticated connection when unauthenticated
CVE-2015-3144: host name out of boundary memory access
CVE-2015-3145: cookie parser out of boundary memory access
CVE-2015-3148: Negotiate not treated as connection-oriented
 2015-04-28 19:26:36 +00:00
naddy
43718aa8e0 maintenance update to 7.41.0 2015-03-17 22:47:02 +00:00
naddy
213d1bf959 Update to 7.40.0. 
* Fix CVE-2014-8150 (URL request injection)
* Add initial support for the SMB/CIFS protocol
 2015-01-11 12:58:41 +00:00
naddy
400433d5d2 maintenance update to 7.39.0: SSLv3 is disabled by default 2014-11-15 21:36:18 +00:00
naddy
e07e686b7c Security update to 7.38.0. Fixes 
CVE-2014-3613 (libcurl cookie leak with IP address as domain)
CVE-2014-3620 (libcurl cookie leak for TLDs)

Also switch to .lzma distfile.
 2014-09-11 18:00:45 +00:00
naddy
120d0da4cf maintenance update to 7.37.1 2014-09-02 19:54:24 +00:00
naddy
c39027ac02 maintenance update to 7.37.0 2014-06-13 20:32:33 +00:00
naddy
70aea747ad maintenance update to 7.35.0 2014-03-10 22:43:38 +00:00
naddy
35da062e4b maintenance update to 7.34.0 2014-01-02 22:01:24 +00:00
naddy
9dfbb5a40d maintenance update to 7.33.0 2013-10-25 22:21:27 +00:00
naddy
699bc4880a Update to 7.32.0. 
No revolutionary changes; see http://curl.haxx.se/changes.html for
the details.
 2013-10-09 17:25:39 +00:00
naddy
a4e4debdb1 update to 7.26.0 and update DESCR 2012-07-11 22:15:00 +00:00
naddy
b08619e247 update to 7.25.0, curl's 14th birthday release 2012-03-24 14:33:06 +00:00
naddy
bfc56fb001 security update to 7.24.0, fixes 
* URL sanitization vulnerability (CVE-2012-0036)
* SSL CBC IV vulnerability
 2012-01-26 20:09:08 +00:00
naddy
9b055313ad maintenance update to 7.23.1 2011-12-06 14:44:46 +00:00
naddy
cd1228bc9d maintenance update to 7.22.0 2011-09-19 10:25:01 +00:00
jasper
eae12bf836 - update curl to 7.21.7 
tested in a bulk and ok landry@, thanks
ok naddy@ (MAINTAINER)
 2011-07-05 08:18:11 +00:00
naddy
18ab75fd08 * update to 7.21.4 for various minor bug fixes 
* no need for groff anymore
 2011-03-24 21:09:07 +00:00
naddy
16490f0b2b Update to 7.21.2, which brings back Gopher support. 
The security fix announced for this release doesn't concern Unix.
 2010-10-14 19:44:26 +00:00
naddy
4d115f4206 keep up with upstream and update to 7.21.1; remove dead mirrors 2010-09-19 16:30:26 +00:00
naddy
2aa0a728ed maintenance update to 7.20.0 2010-03-21 18:43:37 +00:00
naddy
6b17b34739 update to 7.19.7 2009-11-10 19:13:49 +00:00
naddy
1c4a71ff17 SECURITY update to 7.19.6 
Fixes libcurl embedded zero in cert name vulnerability, CVE-2009-2417.
 2009-08-16 17:54:21 +00:00
naddy
ec1e0c8d9a maintenance update to 7.19.5 2009-05-21 19:58:02 +00:00