cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
107,775 Commits 1 Branch 0 Tags 544 MiB
d148dd7700
Commit Graph

120 Commits

Author SHA1 Message Date
naddy
c61fc915c2 routine update to 7.46.0 2016-01-01 22:17:05 +00:00
sthen
2085dc6286 curl picks up nghttp2 if present at build time; list it as an explicit 
dependency, naddy@ agrees.

The nghttp2 port is careful to avoid additional dependencies that are
known not to build on some arch.
 2015-10-30 00:26:46 +00:00
naddy
2ac63dcb03 update to 7.45.0 2015-10-18 19:16:30 +00:00
naddy
732d3297db maintenance update to 7.44.0 2015-08-19 17:08:48 +00:00
naddy
c1a91acc2e Security update to 7.43.0. Fixes: 
CVE-2015-3236: lingering HTTP credentials in connection re-use
http://curl.haxx.se/docs/adv_20150617A.html

CVE-2015-3237: SMB send off unrelated memory contents
http://curl.haxx.se/docs/adv_20150617B.html
 2015-06-20 19:50:55 +00:00
naddy
232e17bba0 Security update to 7.42.1. Fixes: 
CVE-2015-3153: sensitive HTTP server headers also sent to proxies
 2015-04-30 22:32:24 +00:00
naddy
b94d85eeef Security update to 7.42.0. Fixes: 
CVE-2015-3143: Re-using authenticated connection when unauthenticated
CVE-2015-3144: host name out of boundary memory access
CVE-2015-3145: cookie parser out of boundary memory access
CVE-2015-3148: Negotiate not treated as connection-oriented
 2015-04-28 19:26:36 +00:00
naddy
43718aa8e0 maintenance update to 7.41.0 2015-03-17 22:47:02 +00:00
naddy
213d1bf959 Update to 7.40.0. 
* Fix CVE-2014-8150 (URL request injection)
* Add initial support for the SMB/CIFS protocol
 2015-01-11 12:58:41 +00:00
schwarze
ba9c3d9058 Usually, ports Makefiles should not explicitly call mandoc or groff 
but leave the formatting to pkg_create(1) if needed.  In the special
cases where they do need to call mandoc (for example, like in this
case, to include a formatted manual into a binary program) they
should pass the -Tascii option to avoid depending on the user's
locale, since mandoc -Tlocale will soon be the default.

In this case, it isn't strictly needed because the upstream Makefile
uses "env LC_ALL=C" when calling groff/mandoc.  But let's avoid the
fragility of depending on that, and let's avoid setting a bad example.

No package change, no bump.
ok naddy@ (MAINTAINER)
 2014-11-30 16:44:04 +00:00
naddy
400433d5d2 maintenance update to 7.39.0: SSLv3 is disabled by default 2014-11-15 21:36:18 +00:00
naddy
98c2dcbeed add default support for extracting *.tar.lzma; ok juanfra@ 2014-09-13 15:09:24 +00:00
naddy
e07e686b7c Security update to 7.38.0. Fixes 
CVE-2014-3613 (libcurl cookie leak with IP address as domain)
CVE-2014-3620 (libcurl cookie leak for TLDs)

Also switch to .lzma distfile.
 2014-09-11 18:00:45 +00:00
naddy
120d0da4cf maintenance update to 7.37.1 2014-09-02 19:54:24 +00:00
naddy
c39027ac02 maintenance update to 7.37.0 2014-06-13 20:32:33 +00:00
jasper
3ea3febc52 remove m68k-related workarounds 2014-03-19 13:40:59 +00:00
naddy
70aea747ad maintenance update to 7.35.0 2014-03-10 22:43:38 +00:00
naddy
6fe45ff8b4 Security fix for CVE-2014-0015: re-use of wrong HTTP NTLM connection 
http://curl.haxx.se/docs/adv_20140129.html
From: Donovan Watteau
 2014-02-03 21:52:14 +00:00
naddy
35da062e4b maintenance update to 7.34.0 2014-01-02 22:01:24 +00:00
naddy
d428c829a3 use <sys/select.h> to get select() in a reliable, standards-compliant way 
pointed out by kirby@
 2013-12-04 15:23:55 +00:00
naddy
9dfbb5a40d maintenance update to 7.33.0 2013-10-25 22:21:27 +00:00
naddy
699bc4880a Update to 7.32.0. 
No revolutionary changes; see http://curl.haxx.se/changes.html for
the details.
 2013-10-09 17:25:39 +00:00
jasper
d3c8df5a14 Security fix for CVE-2013-2174, 
libcURL "curl_easy_unescape()" Buffer Overflow Vulnerability

ok naddy@ (MAINTAINER)
 2013-07-16 19:25:38 +00:00
miod
ef50f7eb2f Fix build on m68k. No revision bump 'coz it had been broken for quite a long 
time.
ok naddy@
 2013-07-14 20:20:25 +00:00
jasper
ef222239f0 Security fix for CVE-2013-1944 curl: Cookie domain suffix match vulnerability 
ok naddy@ (MAINTAINER)
 2013-05-07 06:53:26 +00:00
ajacoutot
58f1a6f9f6 USE_LIBTOOL=Yes is the default now. 2013-03-21 08:45:11 +00:00
espie
eae66e4a7b PERMIT_* / REGRESS->TEST sweep 2013-03-11 11:35:43 +00:00
naddy
dbc1294a3d include the built-in manual, as intended 2013-02-08 16:45:25 +00:00
jasper
d3be0ce8b6 Security fix for CVE-2013-0249, smtp_state_authdigest_resp() 
buffer overflow vulnerability.

Backported from upstream git.

ok naddy@ (MAINTAINER)
 2013-02-08 16:27:12 +00:00
naddy
a4e4debdb1 update to 7.26.0 and update DESCR 2012-07-11 22:15:00 +00:00
naddy
b08619e247 update to 7.25.0, curl's 14th birthday release 2012-03-24 14:33:06 +00:00
ajacoutot
a89a75cd04 Garbage collect the /dev/arandom patches. 
from Brad
ok landry@ sthen@
 2012-03-08 12:13:00 +00:00
naddy
bfc56fb001 security update to 7.24.0, fixes 
* URL sanitization vulnerability (CVE-2012-0036)
* SSL CBC IV vulnerability
 2012-01-26 20:09:08 +00:00
stsp
a450bb4c9e Speed up some time-consuming configure tests. ok naddy 2011-12-10 17:28:13 +00:00
naddy
9b055313ad maintenance update to 7.23.1 2011-12-06 14:44:46 +00:00
naddy
cd1228bc9d maintenance update to 7.22.0 2011-09-19 10:25:01 +00:00
jasper
eae12bf836 - update curl to 7.21.7 
tested in a bulk and ok landry@, thanks
ok naddy@ (MAINTAINER)
 2011-07-05 08:18:11 +00:00
naddy
18ab75fd08 * update to 7.21.4 for various minor bug fixes 
* no need for groff anymore
 2011-03-24 21:09:07 +00:00
espie
0397d65db0 new depends 2010-11-19 22:31:32 +00:00
espie
47ff75aa46 USE_GROFF=Yes 2010-10-18 18:36:45 +00:00
naddy
16490f0b2b Update to 7.21.2, which brings back Gopher support. 
The security fix announced for this release doesn't concern Unix.
 2010-10-14 19:44:26 +00:00
naddy
8d07663180 remove -Lxxx/.libs workarounds required with GNU libtool 2010-09-26 13:40:11 +00:00
naddy
4d115f4206 keep up with upstream and update to 7.21.1; remove dead mirrors 2010-09-19 16:30:26 +00:00
naddy
2aa0a728ed maintenance update to 7.20.0 2010-03-21 18:43:37 +00:00
naddy
3510a6604a SECURITY fix for libcurl data callback excessive length bug. 
http://curl.haxx.se/docs/adv_20100209.html

ok ajacoutot@, jasper@
 2010-02-10 16:27:32 +00:00
naddy
6b17b34739 update to 7.19.7 2009-11-10 19:13:49 +00:00
naddy
1c4a71ff17 SECURITY update to 7.19.6 
Fixes libcurl embedded zero in cert name vulnerability, CVE-2009-2417.
 2009-08-16 17:54:21 +00:00
naddy
ec1e0c8d9a maintenance update to 7.19.5 2009-05-21 19:58:02 +00:00
naddy
c0afd9d0b5 Security update to 7.19.4. 
Rogue servers could trick curl into accessing local files; CVE-2009-0037.
 2009-03-06 15:04:12 +00:00
naddy
8a38b54d7e maintenance update to 7.19.3 2009-01-21 21:17:27 +00:00