cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
133,989 Commits 1 Branch 0 Tags
Commit Graph

59 Commits

Author SHA1 Message Date
naddy
e146d7cecd Update to 7.63.0. No known security fixes. 2018-12-12 20:41:04 +00:00
naddy
ef9f8312a9 Update to 7.62.0. Includes fixes for: 
CVE-2018-16839: SASL password overflow via integer overflow
CVE-2018-16840: use-after-free in handle close
CVE-2018-16842: warning message out-of-buffer read
 2018-11-07 20:34:31 +00:00
naddy
3d261cf9a8 Update to 7.61.0. Includes a fix for: 
CVE-2018-0500: SMTP send heap buffer overflow
 2018-07-11 16:00:03 +00:00
naddy
54361640ad Update to 7.60.0. Includes fixes for: 
CVE-2018-1000300: FTP shutdown response buffer overflow)
CVE-2018-1000301: RTSP bad headers buffer over-read
 2018-05-16 19:06:05 +00:00
naddy
fbb77801a8 Security update to 7.59.0. Includes fixes for: 
CVE-2018-1000120: FTP path trickery leads to NUL byte out of bounds write
CVE-2018-1000122: RTSP RTP buffer over-read
 2018-03-14 19:16:16 +00:00
naddy
00f4398524 Security update to 7.58.0. Fixes: 
CVE-2018-1000005: HTTP/2 trailer out-of-bounds read
CVE-2018-1000007: HTTP authentication leak in redirects
 2018-01-27 00:10:59 +00:00
naddy
b220038438 Update to 7.56.0: 
- adds a new MIME API
- fix for CVE-2017-1000254 (FTP PWD response parser out of bounds read)
 2017-10-09 15:34:05 +00:00
naddy
fb3dd6c12a Update to 7.55.1. 
Note that this enables the multithreaded resolver by default and now
links with pthread.
 2017-08-31 19:34:16 +00:00
naddy
d5288d6685 Security update to 7.55.0: 
* file: output the correct buffer to the user (CVE-2017-1000099)
* tftp: reject file name lengths that don't fit (CVE-2017-1000100)
* glob: do not parse after a strtoul() overflow range (CVE-2017-1000101)
 2017-08-10 19:46:26 +00:00
naddy
9268ccac35 Update to 7.54.0. Includes fix for 
CVE-2017-7468: TLS session resumption client cert bypass (again)
 2017-04-24 20:33:58 +00:00
naddy
88f6e1ca3c SECURITY update to 7.53.1: 
CVE-2017-2629: make SSL_VERIFYSTATUS work again
Also numerous other bug fixes.
 2017-02-24 21:08:28 +00:00
naddy
faa31e7950 Security update to 7.52.1: 
CVE-2016-9586: printf floating point buffer overflow
 2017-01-04 20:28:56 +00:00
naddy
1db6f36d84 Security update to 7.51.0. 
CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host

Note that this drops support for internationalized domain names.
ok sthen@
 2016-11-04 11:33:33 +00:00
naddy
82b26fbc83 Security update to 7.50.1. 
CVE-2016-5419: TLS session resumption client cert bypass
CVE-2016-5420: Re-using connections with wrong client cert
CVE-2016-5421: use of connection struct after free
 2016-08-03 20:44:08 +00:00
naddy
461ba70d0d maintenance update to 7.49.0 2016-05-28 20:05:21 +00:00
naddy
675973adbb maintenance update to 7.48.0 2016-04-05 19:33:21 +00:00
naddy
c61fc915c2 routine update to 7.46.0 2016-01-01 22:17:05 +00:00
naddy
2ac63dcb03 update to 7.45.0 2015-10-18 19:16:30 +00:00
naddy
732d3297db maintenance update to 7.44.0 2015-08-19 17:08:48 +00:00
naddy
c1a91acc2e Security update to 7.43.0. Fixes: 
CVE-2015-3236: lingering HTTP credentials in connection re-use
http://curl.haxx.se/docs/adv_20150617A.html

CVE-2015-3237: SMB send off unrelated memory contents
http://curl.haxx.se/docs/adv_20150617B.html
 2015-06-20 19:50:55 +00:00
naddy
232e17bba0 Security update to 7.42.1. Fixes: 
CVE-2015-3153: sensitive HTTP server headers also sent to proxies
 2015-04-30 22:32:24 +00:00
naddy
b94d85eeef Security update to 7.42.0. Fixes: 
CVE-2015-3143: Re-using authenticated connection when unauthenticated
CVE-2015-3144: host name out of boundary memory access
CVE-2015-3145: cookie parser out of boundary memory access
CVE-2015-3148: Negotiate not treated as connection-oriented
 2015-04-28 19:26:36 +00:00
naddy
43718aa8e0 maintenance update to 7.41.0 2015-03-17 22:47:02 +00:00
naddy
213d1bf959 Update to 7.40.0. 
* Fix CVE-2014-8150 (URL request injection)
* Add initial support for the SMB/CIFS protocol
 2015-01-11 12:58:41 +00:00
naddy
400433d5d2 maintenance update to 7.39.0: SSLv3 is disabled by default 2014-11-15 21:36:18 +00:00
naddy
120d0da4cf maintenance update to 7.37.1 2014-09-02 19:54:24 +00:00
naddy
35da062e4b maintenance update to 7.34.0 2014-01-02 22:01:24 +00:00
naddy
699bc4880a Update to 7.32.0. 
No revolutionary changes; see http://curl.haxx.se/changes.html for
the details.
 2013-10-09 17:25:39 +00:00
naddy
a4e4debdb1 update to 7.26.0 and update DESCR 2012-07-11 22:15:00 +00:00
jasper
eae12bf836 - update curl to 7.21.7 
tested in a bulk and ok landry@, thanks
ok naddy@ (MAINTAINER)
 2011-07-05 08:18:11 +00:00
naddy
ec1e0c8d9a maintenance update to 7.19.5 2009-05-21 19:58:02 +00:00
naddy
73dd045d51 Update to 7.19.0. Prodded by robert@. 2008-10-15 19:36:43 +00:00
naddy
bb4bb8c3dc update to 7.18.2 2008-06-24 18:37:25 +00:00
naddy
59ec65981f * Update to 7.18.1. 
* A CA cert bundle is no longer included, so point to /etc/ssl/cert.pem.
* Compile examples during build rather than fake stage.

ok sthen@, additional testing by merdely@
 2008-05-13 17:56:29 +00:00
naddy
1c7e515d22 update to 7.15.5: various bug fixes 2006-09-19 14:33:13 +00:00
naddy
83075241ce maintenance update to 7.15.4 2006-06-20 17:37:42 +00:00
todd
6c3cae0678 SHARED_LIBS 2005-12-23 17:37:03 +00:00
naddy
1c84b1ff09 SECURITY: 
Update to 7.15.1, which fixes a local buffer overflow.
http://curl.haxx.se/docs/adv_20051207.html
 2005-12-08 17:10:02 +00:00
naddy
e7cffc11f6 SECURITY: 
Update to 7.15.0.
libcurl's NTLM function could overflow a stack-based buffer if given
a too long user name or domain name.  CAN-2005-3185.
 2005-10-16 15:31:39 +00:00
naddy
3a235ae797 maintenance update to 7.14.0 and take maintainer 2005-05-26 23:13:28 +00:00
espie
52b24f12ea new plists, kill a few INSTALL scripts. 2004-09-15 18:17:38 +00:00
brad
1fbff106fd upgrade to cURL 7.11.2 2004-05-18 23:30:45 +00:00
brad
68e17c1950 upgrade to cURL 7.11.1 2004-04-08 06:18:37 +00:00
naddy
b61e9b9cfc maintenance update to 7.10.8; ok brad@ 2003-12-15 16:13:24 +00:00
brad
418c26cc59 upgrade to cURL 7.10.5 2003-06-01 21:43:49 +00:00
brad
aa0b141b7d - bye bye Kerberos FLAVOR 
- place curl-mode.el in emacs' site-lisp dir
 2003-05-27 14:35:12 +00:00
brad
d26ea512a2 upgrade to cURL 7.10.3 2003-02-07 03:40:25 +00:00
brad
f84b63dfd2 upgrade to cURL 7.10.2 2002-11-24 03:40:08 +00:00
brad
408644dd26 upgrade to cURL 7.9.6 2002-04-16 22:49:36 +00:00
brad
83782fefff upgrade to cURL 7.9 2001-09-25 15:00:00 +00:00