cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
118,367 Commits 1 Branch 0 Tags
Commit Graph

132 Commits

Author SHA1 Message Date
naddy
88f6e1ca3c SECURITY update to 7.53.1: 
CVE-2017-2629: make SSL_VERIFYSTATUS work again
Also numerous other bug fixes.
 2017-02-24 21:08:28 +00:00
naddy
9dfe0e23e9 upstream fix for regression tests 1060 and 1061, where the included test 
server errored out on send(2) returning EAGAIN
 2017-01-09 23:27:20 +00:00
naddy
a991fb7f12 Upstream commit a7b38c9dc98481e4a5fc37e51a8690337c674dfb to fix a problem 
that causes rtorrent to busy loop when announcing to the tracker.  ok tj@
 2017-01-05 20:46:00 +00:00
naddy
faa31e7950 Security update to 7.52.1: 
CVE-2016-9586: printf floating point buffer overflow
 2017-01-04 20:28:56 +00:00
naddy
1db6f36d84 Security update to 7.51.0. 
CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host

Note that this drops support for internationalized domain names.
ok sthen@
 2016-11-04 11:33:33 +00:00
naddy
ed86ce7e26 Security update to 7.50.3: 
CVE-2016-7167: curl escape and unescape integer overflows
 2016-09-17 19:34:35 +00:00
naddy
82b26fbc83 Security update to 7.50.1. 
CVE-2016-5419: TLS session resumption client cert bypass
CVE-2016-5420: Re-using connections with wrong client cert
CVE-2016-5421: use of connection struct after free
 2016-08-03 20:44:08 +00:00
naddy
461ba70d0d maintenance update to 7.49.0 2016-05-28 20:05:21 +00:00
naddy
675973adbb maintenance update to 7.48.0 2016-04-05 19:33:21 +00:00
naddy
ce859edcb4 garbage collect CONFIGURE_SHARED 2016-03-11 20:28:21 +00:00
naddy
f8edcff5b1 update HOMEPAGE and MASTER_SITES 2016-02-27 21:55:51 +00:00
naddy
2f7aa7597e Update to 7.47.0. 
Fixes CVE-2016-0755: NTLM credentials not-checked for proxy connection re-use
 2016-01-29 23:52:24 +00:00
naddy
c61fc915c2 routine update to 7.46.0 2016-01-01 22:17:05 +00:00
sthen
2085dc6286 curl picks up nghttp2 if present at build time; list it as an explicit 
dependency, naddy@ agrees.

The nghttp2 port is careful to avoid additional dependencies that are
known not to build on some arch.
 2015-10-30 00:26:46 +00:00
naddy
2ac63dcb03 update to 7.45.0 2015-10-18 19:16:30 +00:00
naddy
732d3297db maintenance update to 7.44.0 2015-08-19 17:08:48 +00:00
naddy
c1a91acc2e Security update to 7.43.0. Fixes: 
CVE-2015-3236: lingering HTTP credentials in connection re-use
http://curl.haxx.se/docs/adv_20150617A.html

CVE-2015-3237: SMB send off unrelated memory contents
http://curl.haxx.se/docs/adv_20150617B.html
 2015-06-20 19:50:55 +00:00
naddy
232e17bba0 Security update to 7.42.1. Fixes: 
CVE-2015-3153: sensitive HTTP server headers also sent to proxies
 2015-04-30 22:32:24 +00:00
naddy
b94d85eeef Security update to 7.42.0. Fixes: 
CVE-2015-3143: Re-using authenticated connection when unauthenticated
CVE-2015-3144: host name out of boundary memory access
CVE-2015-3145: cookie parser out of boundary memory access
CVE-2015-3148: Negotiate not treated as connection-oriented
 2015-04-28 19:26:36 +00:00
naddy
43718aa8e0 maintenance update to 7.41.0 2015-03-17 22:47:02 +00:00
naddy
213d1bf959 Update to 7.40.0. 
* Fix CVE-2014-8150 (URL request injection)
* Add initial support for the SMB/CIFS protocol
 2015-01-11 12:58:41 +00:00
schwarze
ba9c3d9058 Usually, ports Makefiles should not explicitly call mandoc or groff 
but leave the formatting to pkg_create(1) if needed.  In the special
cases where they do need to call mandoc (for example, like in this
case, to include a formatted manual into a binary program) they
should pass the -Tascii option to avoid depending on the user's
locale, since mandoc -Tlocale will soon be the default.

In this case, it isn't strictly needed because the upstream Makefile
uses "env LC_ALL=C" when calling groff/mandoc.  But let's avoid the
fragility of depending on that, and let's avoid setting a bad example.

No package change, no bump.
ok naddy@ (MAINTAINER)
 2014-11-30 16:44:04 +00:00
naddy
400433d5d2 maintenance update to 7.39.0: SSLv3 is disabled by default 2014-11-15 21:36:18 +00:00
naddy
98c2dcbeed add default support for extracting *.tar.lzma; ok juanfra@ 2014-09-13 15:09:24 +00:00
naddy
e07e686b7c Security update to 7.38.0. Fixes 
CVE-2014-3613 (libcurl cookie leak with IP address as domain)
CVE-2014-3620 (libcurl cookie leak for TLDs)

Also switch to .lzma distfile.
 2014-09-11 18:00:45 +00:00
naddy
120d0da4cf maintenance update to 7.37.1 2014-09-02 19:54:24 +00:00
naddy
c39027ac02 maintenance update to 7.37.0 2014-06-13 20:32:33 +00:00
jasper
3ea3febc52 remove m68k-related workarounds 2014-03-19 13:40:59 +00:00
naddy
70aea747ad maintenance update to 7.35.0 2014-03-10 22:43:38 +00:00
naddy
6fe45ff8b4 Security fix for CVE-2014-0015: re-use of wrong HTTP NTLM connection 
http://curl.haxx.se/docs/adv_20140129.html
From: Donovan Watteau
 2014-02-03 21:52:14 +00:00
naddy
35da062e4b maintenance update to 7.34.0 2014-01-02 22:01:24 +00:00
naddy
d428c829a3 use <sys/select.h> to get select() in a reliable, standards-compliant way 
pointed out by kirby@
 2013-12-04 15:23:55 +00:00
naddy
9dfbb5a40d maintenance update to 7.33.0 2013-10-25 22:21:27 +00:00
naddy
699bc4880a Update to 7.32.0. 
No revolutionary changes; see http://curl.haxx.se/changes.html for
the details.
 2013-10-09 17:25:39 +00:00
jasper
d3c8df5a14 Security fix for CVE-2013-2174, 
libcURL "curl_easy_unescape()" Buffer Overflow Vulnerability

ok naddy@ (MAINTAINER)
 2013-07-16 19:25:38 +00:00
miod
ef50f7eb2f Fix build on m68k. No revision bump 'coz it had been broken for quite a long 
time.
ok naddy@
 2013-07-14 20:20:25 +00:00
jasper
ef222239f0 Security fix for CVE-2013-1944 curl: Cookie domain suffix match vulnerability 
ok naddy@ (MAINTAINER)
 2013-05-07 06:53:26 +00:00
ajacoutot
58f1a6f9f6 USE_LIBTOOL=Yes is the default now. 2013-03-21 08:45:11 +00:00
espie
eae66e4a7b PERMIT_* / REGRESS->TEST sweep 2013-03-11 11:35:43 +00:00
naddy
dbc1294a3d include the built-in manual, as intended 2013-02-08 16:45:25 +00:00
jasper
d3be0ce8b6 Security fix for CVE-2013-0249, smtp_state_authdigest_resp() 
buffer overflow vulnerability.

Backported from upstream git.

ok naddy@ (MAINTAINER)
 2013-02-08 16:27:12 +00:00
naddy
a4e4debdb1 update to 7.26.0 and update DESCR 2012-07-11 22:15:00 +00:00
naddy
b08619e247 update to 7.25.0, curl's 14th birthday release 2012-03-24 14:33:06 +00:00
ajacoutot
a89a75cd04 Garbage collect the /dev/arandom patches. 
from Brad
ok landry@ sthen@
 2012-03-08 12:13:00 +00:00
naddy
bfc56fb001 security update to 7.24.0, fixes 
* URL sanitization vulnerability (CVE-2012-0036)
* SSL CBC IV vulnerability
 2012-01-26 20:09:08 +00:00
stsp
a450bb4c9e Speed up some time-consuming configure tests. ok naddy 2011-12-10 17:28:13 +00:00
naddy
9b055313ad maintenance update to 7.23.1 2011-12-06 14:44:46 +00:00
naddy
cd1228bc9d maintenance update to 7.22.0 2011-09-19 10:25:01 +00:00
jasper
eae12bf836 - update curl to 7.21.7 
tested in a bulk and ok landry@, thanks
ok naddy@ (MAINTAINER)
 2011-07-05 08:18:11 +00:00
naddy
18ab75fd08 * update to 7.21.4 for various minor bug fixes 
* no need for groff anymore
 2011-03-24 21:09:07 +00:00