cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
152,990 Commits 1 Branch 0 Tags
Commit Graph

166 Commits

Author SHA1 Message Date
naddy
7f603d888b Update to 7.74.0. Includes security fixes for: 
CVE-2020-8284: trusting FTP PASV responses
CVE-2020-8285: FTP wildcard stack overflow
CVE-2020-8286: Inferior OCSP verification
 2020-12-10 20:52:25 +00:00
naddy
e0ff172806 Update to 7.73.0. Noteworthy changes: 
* Additional protocol: MQTT
* curl tool: new --output-dir option, reworked --help with categories
 2020-10-18 11:53:40 +00:00
naddy
dac30d08de Update to 7.72.0 after prodding by bket@ 
Includes a security fix for
CVE-2020-8231: libcurl: wrong connect-only connection
 2020-08-21 14:18:07 +00:00
naddy
904ebcec97 maintenance update to 7.71.1 2020-07-10 22:35:45 +00:00
naddy
be5458cfdb Update to 7.71.0. 
Includes security fixes for
CVE-2020-8169: Partial password leak over DNS on HTTP redirect
CVE-2020-8177: curl overwrite local file with -J
 2020-06-24 22:13:11 +00:00
naddy
e0a66f45bc update to 7.70.0 and enable debug package 2020-05-16 21:47:11 +00:00
naddy
af57936ac4 update to bugfix release 7.69.1 2020-03-12 13:30:13 +00:00
naddy
a35d323b59 maintenance update to 7.69.0 2020-03-09 22:11:28 +00:00
naddy
dca02861d3 Maintenance update to 7.68.0. The security fix does not affect us. 2020-01-15 20:12:35 +00:00
naddy
5e4f4db5eb Update to 7.67.0. No known security fixes. 
Adds --no-progress-meter option to curl command.
 2019-11-06 13:51:47 +00:00
naddy
d81ac0f05a Update to 7.66.0. 
Includes security fixes for:
CVE-2019-5481 (not applicable to our port)
CVE-2019-5482: TFTP small blocksize heap buffer overflow

curl command: support parallel transfers with -Z
 2019-09-12 19:51:43 +00:00
naddy
8336d8f346 update to 7.65.3: make the progress meter appear again 2019-07-19 14:42:38 +00:00
naddy
fa2e8e0d43 Maintenance update to 7.65.2. The security fix does not affect us. 2019-07-18 19:35:50 +00:00
sthen
48b0b9660c replace simple PERMIT_PACKAGE_CDROM=Yes with PERMIT_PACKAGE=Yes 2019-07-12 20:48:23 +00:00
naddy
cd4bba880d Update to 7.65.1. No known security fixes. 2019-06-06 21:09:17 +00:00
naddy
2f275c648c Update to 7.65.0. Includes security fixes for: 
CVE-2019-5435: Integer overflows in curl_url_set
CVE-2019-5436: tftp: use the current blksize for recvfrom()
 2019-05-25 16:09:25 +00:00
naddy
0756f1ed82 Maintenance update to curl 7.64.1 for numerous bug fixes. 
No security vulnerabilities have been announced.
 2019-03-30 03:18:12 +00:00
naddy
4e0b2b1c3f Don't interfere with debugging (-g) and optimization (-O) flags. 
The curl configure script wants to take control of the compiler
flags for optimization and debugging.  The actual interactions are
more complex, but the gist is that the flags are stripped from
CFLAGS, and if --enable-optimize or --enable-debug are specified,
an approved optimization or debugging flag is added.

report/ok bentley@
 2019-02-11 20:34:39 +00:00
naddy
3086b11500 Update to 7.64.0. Includes fixes for 
CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
CVE-2019-3823: SMTP end-of-response out-of-bounds read
 2019-02-06 18:14:05 +00:00
naddy
e146d7cecd Update to 7.63.0. No known security fixes. 2018-12-12 20:41:04 +00:00
naddy
ef9f8312a9 Update to 7.62.0. Includes fixes for: 
CVE-2018-16839: SASL password overflow via integer overflow
CVE-2018-16840: use-after-free in handle close
CVE-2018-16842: warning message out-of-buffer read
 2018-11-07 20:34:31 +00:00
naddy
d0653ca416 Update to 7.61.1. Includes a fix for 
CVE-2018-14618: NTLM password overflow via integer overflow

Stop using SEPARATE_BUILD since many regression tests will fail to
find the curl executable otherwise.
 2018-09-07 08:41:56 +00:00
naddy
3d261cf9a8 Update to 7.61.0. Includes a fix for: 
CVE-2018-0500: SMTP send heap buffer overflow
 2018-07-11 16:00:03 +00:00
naddy
54361640ad Update to 7.60.0. Includes fixes for: 
CVE-2018-1000300: FTP shutdown response buffer overflow)
CVE-2018-1000301: RTSP bad headers buffer over-read
 2018-05-16 19:06:05 +00:00
naddy
fbb77801a8 Security update to 7.59.0. Includes fixes for: 
CVE-2018-1000120: FTP path trickery leads to NUL byte out of bounds write
CVE-2018-1000122: RTSP RTP buffer over-read
 2018-03-14 19:16:16 +00:00
sthen
952ef4bcaf Unbreak - OpenSSL_version_num() was added to libressl but cURL has it's 
own alternative for libressl/old openssl which was conflicting. Slightly
annoying because they want to print the LibreSSL version number and
OpenSSL_version_num() gives the fixed 2.0.0 coming from
OPENSSL_VERSION_NUMBER. Discussed with jsing
 2018-02-15 22:13:20 +00:00
naddy
00f4398524 Security update to 7.58.0. Fixes: 
CVE-2018-1000005: HTTP/2 trailer out-of-bounds read
CVE-2018-1000007: HTTP authentication leak in redirects
 2018-01-27 00:10:59 +00:00
naddy
fb96e58d00 Security update to 7.57.0. Fixes: 
CVE-2017-8816: NTLM buffer overflow via integer overflow
CVE-2017-8817: FTP wildcard out of bounds read
CVE-2017-8818: SSL out of buffer access
 2017-12-01 21:02:23 +00:00
naddy
b058533a83 Security update to 7.56.1: 
CVE-2017-1000257: IMAP FETCH response out of bounds read
 2017-10-25 19:31:30 +00:00
naddy
b220038438 Update to 7.56.0: 
- adds a new MIME API
- fix for CVE-2017-1000254 (FTP PWD response parser out of bounds read)
 2017-10-09 15:34:05 +00:00
naddy
fb3dd6c12a Update to 7.55.1. 
Note that this enables the multithreaded resolver by default and now
links with pthread.
 2017-08-31 19:34:16 +00:00
naddy
d5288d6685 Security update to 7.55.0: 
* file: output the correct buffer to the user (CVE-2017-1000099)
* tftp: reject file name lengths that don't fit (CVE-2017-1000100)
* glob: do not parse after a strtoul() overflow range (CVE-2017-1000101)
 2017-08-10 19:46:26 +00:00
naddy
09c9be5d65 Maintenance update to 7.54.1. The security fix does not affect us. 2017-06-27 19:16:40 +00:00
naddy
9268ccac35 Update to 7.54.0. Includes fix for 
CVE-2017-7468: TLS session resumption client cert bypass (again)
 2017-04-24 20:33:58 +00:00
naddy
88f6e1ca3c SECURITY update to 7.53.1: 
CVE-2017-2629: make SSL_VERIFYSTATUS work again
Also numerous other bug fixes.
 2017-02-24 21:08:28 +00:00
naddy
9dfe0e23e9 upstream fix for regression tests 1060 and 1061, where the included test 
server errored out on send(2) returning EAGAIN
 2017-01-09 23:27:20 +00:00
naddy
a991fb7f12 Upstream commit a7b38c9dc98481e4a5fc37e51a8690337c674dfb to fix a problem 
that causes rtorrent to busy loop when announcing to the tracker.  ok tj@
 2017-01-05 20:46:00 +00:00
naddy
faa31e7950 Security update to 7.52.1: 
CVE-2016-9586: printf floating point buffer overflow
 2017-01-04 20:28:56 +00:00
naddy
1db6f36d84 Security update to 7.51.0. 
CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host

Note that this drops support for internationalized domain names.
ok sthen@
 2016-11-04 11:33:33 +00:00
naddy
ed86ce7e26 Security update to 7.50.3: 
CVE-2016-7167: curl escape and unescape integer overflows
 2016-09-17 19:34:35 +00:00
naddy
82b26fbc83 Security update to 7.50.1. 
CVE-2016-5419: TLS session resumption client cert bypass
CVE-2016-5420: Re-using connections with wrong client cert
CVE-2016-5421: use of connection struct after free
 2016-08-03 20:44:08 +00:00
naddy
461ba70d0d maintenance update to 7.49.0 2016-05-28 20:05:21 +00:00
naddy
675973adbb maintenance update to 7.48.0 2016-04-05 19:33:21 +00:00
naddy
ce859edcb4 garbage collect CONFIGURE_SHARED 2016-03-11 20:28:21 +00:00
naddy
f8edcff5b1 update HOMEPAGE and MASTER_SITES 2016-02-27 21:55:51 +00:00
naddy
2f7aa7597e Update to 7.47.0. 
Fixes CVE-2016-0755: NTLM credentials not-checked for proxy connection re-use
 2016-01-29 23:52:24 +00:00
naddy
c61fc915c2 routine update to 7.46.0 2016-01-01 22:17:05 +00:00
sthen
2085dc6286 curl picks up nghttp2 if present at build time; list it as an explicit 
dependency, naddy@ agrees.

The nghttp2 port is careful to avoid additional dependencies that are
known not to build on some arch.
 2015-10-30 00:26:46 +00:00
naddy
2ac63dcb03 update to 7.45.0 2015-10-18 19:16:30 +00:00
naddy
732d3297db maintenance update to 7.44.0 2015-08-19 17:08:48 +00:00