OpenPorts.se | The OpenBSD package collection

./net/curl [transfer files with FTP, HTTP, HTTPS, etc.]

[+] Add this package to your ports tracker

[

CVSweb ] [

Homepage ] [

RSS feed ]

Version: 7.84.0, Package name: curl-7.84.0

Maintained by: Christian Weisgerber

Master sites:

https://curl.se/download/ (Download)

Description
curl is a command line tool for transferring data with URL syntax,
supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP,
IMAPS, MQTT, POP3, POP3S, RTSP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP.
curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP
form based upload, proxies, cookies, user+password authentication
(Basic, Digest, NTLM, Negotiate, ...), file transfer resume, proxy
tunneling and a busload of other useful tricks.

Filesize: 2419.867 KB

Version History (View Complete History)

(2022-07-01) Updated to version: curl-7.84.0
(2022-05-12) Updated to version: curl-7.83.1
(2022-04-28) Updated to version: curl-7.83.0
(2022-03-05) Updated to version: curl-7.82.0
(2022-01-06) Updated to version: curl-7.81.0
(2021-11-13) Updated to version: curl-7.80.0
(2021-10-05) Updated to version: curl-7.79.1
(2021-09-18) Updated to version: curl-7.79.0
(2021-07-22) Updated to version: curl-7.78.0
(2021-06-01) Updated to version: curl-7.77.0

[show/hide] View available PLISTS (Can be a lot of data)

CVS Commit History:

2021-11-12 15:44:23 by Christian Weisgerber | Files touched by this commit (3)

Log message:
net/curl: update to 7.80.0

2021-10-05 05:14:37 by Christian Weisgerber | Files touched by this commit (3)

Log message:
net/curl: update to 7.79.1 for some bug fixes

2021-09-17 15:42:06 by Christian Weisgerber | Files touched by this commit (2)

Log message:
net/curl: security update to 7.79.0
Includes fixes for
CVE-2021-22945: UAF and double-free in MQTT sending
CVE-2021-22946: Protocol downgrade required TLS bypassed
CVE-2021-22947: STARTTLS protocol injection via MITM

2021-09-17 15:13:23 by Christian Weisgerber | Files touched by this commit (3)

Log message:
net/curl: security update to 7.79.0
Includes fixes for
CVE-2021-22945: UAF and double-free in MQTT sending
CVE-2021-22946: Protocol downgrade required TLS bypassed
CVE-2021-22947: STARTTLS protocol injection via MITM

2021-07-21 16:43:38 by Christian Weisgerber | Files touched by this commit (4)

Log message:
net/curl: security update to 7.78.0
Includes fixes for
CVE-2021-22924: Bad connection reuse due to flawed path name checks
CVE-2021-22925: TELNET stack contents disclosure again
CVE-2021-22922, CVE-2021-22923, CVE-2021-22926 do not affect us.

2021-07-21 13:28:48 by Christian Weisgerber | Files touched by this commit (1)

Log message:
net/curl: fix inconsequential editing error in patch

2021-07-21 13:17:02 by Christian Weisgerber | Files touched by this commit (5)

Log message:
net/curl: security update to 7.78.0
Includes fixes for
CVE-2021-22924: Bad connection reuse due to flawed path name checks
CVE-2021-22925: TELNET stack contents disclosure again
CVE-2021-22922, CVE-2021-22923, CVE-2021-22926 do not affect us.

2021-06-12 13:57:07 by Christian Weisgerber | Files touched by this commit (3)

Log message:
net/curl: security update to 7.77.0
Includes fixes for
CVE-2021-22897: schannel cipher selection surprise
CVE-2021-22898: TELNET stack contents disclosure
CVE-2021-22901: TLS session caching disaster

2021-06-12 08:15:08 by Christian Weisgerber | Files touched by this commit (1)

Log message:
net/curl: fix regression test suite with the default stack limit
The simple web server (sws) would try to allocate 2*2MB of buffers
on the stack, bump against the default 4MB limit and die, disabling
a large slice of the regression test suite.  Use malloc instead.

2021-05-31 14:10:49 by Christian Weisgerber | Files touched by this commit (3)

Log message:
net/curl: security update to 7.77.0
Includes fixes for
CVE-2021-22897: schannel cipher selection surprise
CVE-2021-22898: TELNET stack contents disclosure
CVE-2021-22901: TLS session caching disaster

2021-04-24 09:17:35 by Christian Weisgerber | Files touched by this commit (2)

Log message:
net/curl: update to 7.76.1

2021-04-02 13:59:10 by Christian Weisgerber | Files touched by this commit (3)

Log message:
net/curl: security fixes
CVE-2021-22876: Automatic referer leaks credentials
CVE-2021-22890: TLS 1.3 session ticket proxy host mixup

2021-03-31 11:57:32 by Christian Weisgerber | Files touched by this commit (3)

Log message:
net/curl: security update to 7.76.0
Includes fixes for
CVE-2021-22876: Automatic referer leaks credentials
CVE-2021-22890: TLS 1.3 session ticket proxy host mixup

2021-02-05 10:08:04 by Christian Weisgerber | Files touched by this commit (3)

Log message:
net/curl: update to 7.75.0

2020-12-11 09:39:19 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Security fixes:
CVE-2020-8284: trusting FTP PASV responses
CVE-2020-8285: FTP wildcard stack overflow
CVE-2020-8286: Inferior OCSP verification

2020-12-10 13:52:26 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Update to 7.74.0.  Includes security fixes for:
CVE-2020-8284: trusting FTP PASV responses
CVE-2020-8285: FTP wildcard stack overflow
CVE-2020-8286: Inferior OCSP verification

2020-10-18 05:53:40 by Christian Weisgerber | Files touched by this commit (5)

Log message:
Update to 7.73.0.  Noteworthy changes:
* Additional protocol: MQTT
* curl tool: new --output-dir option, reworked --help with categories

2020-08-21 08:19:59 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Security fix:
CVE-2020-8231: libcurl: wrong connect-only connection

2020-08-21 08:18:08 by Christian Weisgerber | Files touched by this commit (4)

Log message:
Update to 7.72.0 after prodding by bket@
Includes a security fix for
CVE-2020-8231: libcurl: wrong connect-only connection

2020-07-10 16:35:45 by Christian Weisgerber | Files touched by this commit (2)

Log message:
maintenance update to 7.71.1

2020-06-24 16:14:40 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Security fixes:
CVE-2020-8169: Partial password leak over DNS on HTTP redirect
CVE-2020-8177: curl overwrite local file with -J

2020-06-24 16:13:11 by Christian Weisgerber | Files touched by this commit (4)

Log message:
Update to 7.71.0.
Includes security fixes for
CVE-2020-8169: Partial password leak over DNS on HTTP redirect
CVE-2020-8177: curl overwrite local file with -J

2020-05-16 15:47:11 by Christian Weisgerber | Files touched by this commit (2)

Log message:
update to 7.70.0 and enable debug package

2020-03-12 07:30:13 by Christian Weisgerber | Files touched by this commit (2)

Log message:
update to bugfix release 7.69.1

2020-03-09 16:11:29 by Christian Weisgerber | Files touched by this commit (3)

Log message:
maintenance update to 7.69.0

2020-01-15 13:12:35 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Maintenance update to 7.68.0.  The security fix does not affect us.

2019-11-06 06:51:47 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Update to 7.67.0.  No known security fixes.
Adds --no-progress-meter option to curl command.

2019-09-12 14:40:48 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Security fix:
CVE-2019-5482: TFTP small blocksize heap buffer overflow

2019-09-12 13:51:43 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Update to 7.66.0.
Includes security fixes for:
CVE-2019-5481 (not applicable to our port)
CVE-2019-5482: TFTP small blocksize heap buffer overflow
curl command: support parallel transfers with -Z

2019-07-19 08:42:38 by Christian Weisgerber | Files touched by this commit (2)

Log message:
update to 7.65.3: make the progress meter appear again

2019-07-18 13:35:50 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Maintenance update to 7.65.2.  The security fix does not affect us.

2019-07-12 14:49:09 by Stuart Henderson | Files touched by this commit (854)

Log message:
replace simple PERMIT_PACKAGE_CDROM=Yes with PERMIT_PACKAGE=Yes

2019-06-06 15:09:17 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Update to 7.65.1.  No known security fixes.

2019-05-25 13:39:26 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Security fixes:
CVE-2019-5435: Integer overflows in curl_url_set
CVE-2019-5436: TFTP receive buffer overflow

2019-05-25 10:09:26 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Update to 7.65.0.  Includes security fixes for:
CVE-2019-5435: Integer overflows in curl_url_set
CVE-2019-5436: tftp: use the current blksize for recvfrom()

2019-03-29 21:18:12 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Maintenance update to curl 7.64.1 for numerous bug fixes.
No security vulnerabilities have been announced.

2019-02-11 13:34:39 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Don't interfere with debugging (-g) and optimization (-O) flags.
The curl configure script wants to take control of the compiler
flags for optimization and debugging.  The actual interactions are
more complex, but the gist is that the flags are stripped from
CFLAGS, and if --enable-optimize or --enable-debug are specified,
an approved optimization or debugging flag is added.
report/ok bentley@

2019-02-06 13:02:04 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Security fixes:
CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
CVE-2019-3823: SMTP end-of-response out-of-bounds read

2019-02-06 11:14:05 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Update to 7.64.0.  Includes fixes for
CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
CVE-2019-3823: SMTP end-of-response out-of-bounds read

2018-12-12 13:41:04 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Update to 7.63.0.  No known security fixes.

2018-11-07 14:34:03 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Security fixes:
CVE-2018-16839: SASL password overflow via integer overflow
CVE-2018-16840: use-after-free in handle close
CVE-2018-16842: warning message out-of-buffer read

2018-11-07 13:34:31 by Christian Weisgerber | Files touched by this commit (4)

Log message:
Update to 7.62.0.  Includes fixes for:
CVE-2018-16839: SASL password overflow via integer overflow
CVE-2018-16840: use-after-free in handle close
CVE-2018-16842: warning message out-of-buffer read

2018-09-07 02:43:36 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Security fix:
CVE-2018-14618: NTLM password overflow via integer overflow

2018-09-07 02:41:56 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Update to 7.61.1.  Includes a fix for
CVE-2018-14618: NTLM password overflow via integer overflow
Stop using SEPARATE_BUILD since many regression tests will fail to
find the curl executable otherwise.

2018-07-11 10:50:37 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Security fix:
CVE-2018-0500: SMTP send heap buffer overflow

2018-07-11 10:00:03 by Christian Weisgerber | Files touched by this commit (4)

Log message:
Update to 7.61.0.  Includes a fix for:
CVE-2018-0500: SMTP send heap buffer overflow

2018-05-16 15:08:28 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Security fixes:
CVE-2018-1000300: FTP shutdown response buffer overflow
CVE-2018-1000301: RTSP bad headers buffer over-read

2018-05-16 13:06:05 by Christian Weisgerber | Files touched by this commit (4)

Log message:
Update to 7.60.0.  Includes fixes for:
CVE-2018-1000300: FTP shutdown response buffer overflow)
CVE-2018-1000301: RTSP bad headers buffer over-read

2018-03-14 15:00:35 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Security fixes:
CVE-2018-1000120: FTP path trickery leads to NUL byte out of bounds write
CVE-2018-1000122: RTSP RTP buffer over-read

2018-03-14 13:16:16 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Security update to 7.59.0.  Includes fixes for:
CVE-2018-1000120: FTP path trickery leads to NUL byte out of bounds write
CVE-2018-1000122: RTSP RTP buffer over-read

2018-02-15 15:13:20 by Stuart Henderson | Files touched by this commit (2)

Log message:
Unbreak - OpenSSL_version_num() was added to libressl but cURL has it's
own alternative for libressl/old openssl which was conflicting. Slightly
annoying because they want to print the LibreSSL version number and
OpenSSL_version_num() gives the fixed 2.0.0 coming from
OPENSSL_VERSION_NUMBER. Discussed with jsing

2018-01-26 18:19:45 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Security fixes:
CVE-2018-1000005: HTTP/2 trailer out-of-bounds read
CVE-2018-1000007: HTTP authentication leak in redirects

2018-01-26 17:10:59 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Security update to 7.58.0.  Fixes:
CVE-2018-1000005: HTTP/2 trailer out-of-bounds read
CVE-2018-1000007: HTTP authentication leak in redirects

2017-08-31 13:34:16 by Christian Weisgerber | Files touched by this commit (4)

Log message:
Update to 7.55.1.
Note that this enables the multithreaded resolver by default and now
links with pthread.

2017-08-11 09:17:25 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Security fixes:
* tftp: reject file name lengths that don't fit (CVE-2017-1000100)
* glob: do not parse after a strtoul() overflow range (CVE-2017-1000101)

2017-08-11 09:17:00 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Security fixes:
* tftp: reject file name lengths that don't fit (CVE-2017-1000100)
* glob: do not parse after a strtoul() overflow range (CVE-2017-1000101)

2017-08-10 13:46:26 by Christian Weisgerber | Files touched by this commit (4)

Log message:
Security update to 7.55.0:
* file: output the correct buffer to the user (CVE-2017-1000099)
* tftp: reject file name lengths that don't fit (CVE-2017-1000100)
* glob: do not parse after a strtoul() overflow range (CVE-2017-1000101)

2017-06-27 13:16:40 by Christian Weisgerber | Files touched by this commit (4)

Log message:
Maintenance update to 7.54.1.  The security fix does not affect us.

2017-04-25 13:00:13 by Christian Weisgerber | Files touched by this commit (2)

Log message:
CVE-2017-7468: TLS session resumption client cert bypass (again)

2017-04-25 10:51:23 by Christian Weisgerber | Files touched by this commit (2)

Log message:
CVE-2017-7468: TLS session resumption client cert bypass (again)

2017-04-24 14:33:58 by Christian Weisgerber | Files touched by this commit (5)

Log message:
Update to 7.54.0.  Includes fix for
CVE-2017-7468: TLS session resumption client cert bypass (again)

2017-02-24 14:09:11 by Christian Weisgerber | Files touched by this commit (3)

Log message:
SECURITY update to 7.53.1:
CVE-2017-2629: make SSL_VERIFYSTATUS work again

2017-02-24 14:08:28 by Christian Weisgerber | Files touched by this commit (5)

Log message:
SECURITY update to 7.53.1:
CVE-2017-2629: make SSL_VERIFYSTATUS work again
Also numerous other bug fixes.

2017-01-09 16:27:20 by Christian Weisgerber | Files touched by this commit (1)

Log message:
upstream fix for regression tests 1060 and 1061, where the included test
server errored out on send(2) returning EAGAIN

2017-01-05 14:10:17 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Upstream commit a7b38c9dc98481e4a5fc37e51a8690337c674dfb to fix a problem
that causes rtorrent to busy loop when announcing to the tracker.

2017-01-05 13:46:00 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Upstream commit a7b38c9dc98481e4a5fc37e51a8690337c674dfb to fix a problem
that causes rtorrent to busy loop when announcing to the tracker.  ok tj@

2017-01-04 13:57:54 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Security update to 7.52.1:
CVE-2016-9586: printf floating point buffer overflow

2017-01-04 13:28:56 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Security update to 7.52.1:
CVE-2016-9586: printf floating point buffer overflow

2016-11-04 09:20:53 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Security update to 7.51.0.
CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host
Note that this drops support for internationalized domain names.

2016-11-04 08:09:36 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Security update to 7.51.0.
CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host
Note that this drops support for internationalized domain names.
ok sthen@

2016-11-04 05:33:34 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Security update to 7.51.0.
CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host
Note that this drops support for internationalized domain names.
ok sthen@

2016-09-17 15:39:18 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Security fix:
CVE-2016-7167: curl escape and unescape integer overflows

2016-09-17 15:39:05 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Security fix:
CVE-2016-7167: curl escape and unescape integer overflows

2016-09-17 13:34:35 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Security update to 7.50.3:
CVE-2016-7167: curl escape and unescape integer overflows

2016-08-04 04:48:03 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Security fixes:
CVE-2016-5419: TLS session resumption client cert bypass
CVE-2016-5420: Re-using connections with wrong client cert
CVE-2016-5421: use of connection struct after free

2016-08-03 16:04:40 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Security fixes:
CVE-2016-5419: TLS session resumption client cert bypass
CVE-2016-5420: Re-using connections with wrong client cert
CVE-2016-5421: use of connection struct after free

2016-08-03 14:44:08 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Security update to 7.50.1.
CVE-2016-5419: TLS session resumption client cert bypass
CVE-2016-5420: Re-using connections with wrong client cert
CVE-2016-5421: use of connection struct after free

2016-05-28 14:05:21 by Christian Weisgerber | Files touched by this commit (4)

Log message:
maintenance update to 7.49.0

2016-04-05 13:33:21 by Christian Weisgerber | Files touched by this commit (5)

Log message:
maintenance update to 7.48.0

2016-03-11 13:28:34 by Christian Weisgerber | Files touched by this commit (247)

Log message:
garbage collect CONFIGURE_SHARED

2016-02-27 14:55:52 by Christian Weisgerber | Files touched by this commit (1)

Log message:
update HOMEPAGE and MASTER_SITES

2016-01-29 16:53:07 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Security fix for
CVE-2016-0755: NTLM credentials not-checked for proxy connection re-use

2016-01-29 16:52:24 by Christian Weisgerber | Files touched by this commit (4)

Log message:
Update to 7.47.0.
Fixes CVE-2016-0755: NTLM credentials not-checked for proxy connection re-use

2016-01-01 15:17:05 by Christian Weisgerber | Files touched by this commit (4)

Log message:
routine update to 7.46.0

2015-10-29 18:26:46 by Stuart Henderson | Files touched by this commit (1)

Log message:
curl picks up nghttp2 if present at build time; list it as an explicit
dependency, naddy@ agrees.
The nghttp2 port is careful to avoid additional dependencies that are
known not to build on some arch.

2015-10-18 13:16:30 by Christian Weisgerber | Files touched by this commit (3)

Log message:
update to 7.45.0

2015-08-19 11:08:48 by Christian Weisgerber | Files touched by this commit (3)

Log message:
maintenance update to 7.44.0

2015-06-20 13:52:54 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Security fixes:
CVE-2015-3236: lingering HTTP credentials in connection re-use
CVE-2015-3237: SMB send off unrelated memory contents

2015-06-20 13:50:55 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Security update to 7.43.0.  Fixes:
CVE-2015-3236: lingering HTTP credentials in connection re-use
http://curl.haxx.se/docs/adv_20150617A.html
CVE-2015-3237: SMB send off unrelated memory contents
http://curl.haxx.se/docs/adv_20150617B.html

2015-05-01 14:39:43 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Security fixes:
CVE-2015-3143: Re-using authenticated connection when unauthenticated
CVE-2015-3144: host name out of boundary memory access
CVE-2015-3145: cookie parser out of boundary memory access
CVE-2015-3148: Negotiate not treated as connection-oriented
CVE-2015-3153: sensitive HTTP server headers also sent to proxies
Backport for CVE-2015-3148 from Ubuntu.

2015-04-30 17:18:27 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Security fixes:
CVE-2015-3143: Re-using authenticated connection when unauthenticated
CVE-2015-3144: host name out of boundary memory access
CVE-2015-3145: cookie parser out of boundary memory access
CVE-2015-3148: Negotiate not treated as connection-oriented
CVE-2015-3153: sensitive HTTP server headers also sent to proxies

2015-04-30 16:32:24 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Security update to 7.42.1.  Fixes:
CVE-2015-3153: sensitive HTTP server headers also sent to proxies

2015-04-28 13:26:36 by Christian Weisgerber | Files touched by this commit (4)

Log message:
Security update to 7.42.0.  Fixes:
CVE-2015-3143: Re-using authenticated connection when unauthenticated
CVE-2015-3144: host name out of boundary memory access
CVE-2015-3145: cookie parser out of boundary memory access
CVE-2015-3148: Negotiate not treated as connection-oriented

2015-03-17 16:47:02 by Christian Weisgerber | Files touched by this commit (4)

Log message:
maintenance update to 7.41.0

2015-01-11 19:17:10 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Security fixes for
CVE-2014-3707: libcurl duphandle read out of bounds
CVE-2014-8150: URL request injection

2015-01-11 15:53:15 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Security fixes for
CVE-2014-3707: libcurl duphandle read out of bounds
CVE-2014-8150: URL request injection

2015-01-11 05:58:41 by Christian Weisgerber | Files touched by this commit (4)

Log message:
Update to 7.40.0.
* Fix CVE-2014-8150 (URL request injection)
* Add initial support for the SMB/CIFS protocol

2014-11-30 09:44:04 by Ingo Schwarze | Files touched by this commit (1)

Log message:
Usually, ports Makefiles should not explicitly call mandoc or groff
but leave the formatting to pkg_create(1) if needed.  In the special
cases where they do need to call mandoc (for example, like in this
case, to include a formatted manual into a binary program) they
should pass the -Tascii option to avoid depending on the user's
locale, since mandoc -Tlocale will soon be the default.
In this case, it isn't strictly needed because the upstream Makefile
uses "env LC_ALL=C" when calling groff/mandoc.  But let's avoid the
fragility of depending on that, and let's avoid setting a bad example.
No package change, no bump.
ok naddy@ (MAINTAINER)

2014-11-15 14:36:18 by Christian Weisgerber | Files touched by this commit (3)

Log message:
maintenance update to 7.39.0: SSLv3 is disabled by default

2011-07-05 02:18:11 by Jasper Lievisse Adriaanse | Files touched by this commit (3)

Log message:
- update curl to 7.21.7
tested in a bulk and ok landry@, thanks
ok naddy@ (MAINTAINER)

2011-03-24 15:09:07 by Christian Weisgerber | Files touched by this commit (3)

Log message:
* update to 7.21.4 for various minor bug fixes
* no need for groff anymore

2010-11-19 15:31:39 by Marc Espie | Files touched by this commit (372)

Log message:
new depends

2010-10-18 12:37:00 by Marc Espie | Files touched by this commit (357)

Log message:
USE_GROFF=Yes

2010-10-14 13:44:27 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Update to 7.21.2, which brings back Gopher support.
The security fix announced for this release doesn't concern Unix.

2010-09-26 07:40:12 by Christian Weisgerber | Files touched by this commit (25)

Log message:
remove -Lxxx/.libs workarounds required with GNU libtool

2010-09-19 10:30:26 by Christian Weisgerber | Files touched by this commit (6)

Log message:
keep up with upstream and update to 7.21.1; remove dead mirrors

2010-03-21 12:43:37 by Christian Weisgerber | Files touched by this commit (5)

Log message:
maintenance update to 7.20.0

2010-02-12 21:00:57 by William Yodlowsky | Files touched by this commit (2)

Log message:
MFC:
SECURITY FIX
Resolves the libcurl data callback excessive length bug
ok naddy@ jasper@

2010-02-10 09:27:32 by Christian Weisgerber | Files touched by this commit (2)

Log message:
SECURITY fix for libcurl data callback excessive length bug.
http://curl.haxx.se/docs/adv_20100209.html
ok ajacoutot@, jasper@

2009-11-10 12:13:49 by Christian Weisgerber | Files touched by this commit (4)

Log message:
update to 7.19.7

2009-11-05 18:42:18 by William Yodlowsky | Files touched by this commit (2)

Log message:
SECURITY FIX
Fixes libcurl embedded zero in cert name vulnerability, CVE-2009-2417.
ok naddy@

2009-09-14 20:34:56 by William Yodlowsky | Files touched by this commit (2)

Log message:
SECURITY FIX
Resolve CVE-2009-2417, from upstream
ok jasper@

2009-08-16 11:54:21 by Christian Weisgerber | Files touched by this commit (3)

Log message:
SECURITY update to 7.19.6
Fixes libcurl embedded zero in cert name vulnerability, CVE-2009-2417.

2009-07-14 20:52:09 by William Yodlowsky | Files touched by this commit (2)

Log message:
SECURITY FIX
Resolve CVE-2009-0037:
Rogue servers could trick curl into accessing local files
Patch adapted from debian
ok robert@

2009-05-21 13:58:02 by Christian Weisgerber | Files touched by this commit (5)

Log message:
maintenance update to 7.19.5

2009-03-06 08:04:12 by Christian Weisgerber | Files touched by this commit (2)

Log message:
Security update to 7.19.4.
Rogue servers could trick curl into accessing local files; CVE-2009-0037.

2009-01-21 14:17:27 by Christian Weisgerber | Files touched by this commit (6)

Log message:
maintenance update to 7.19.3

2008-11-20 12:49:40 by Christian Weisgerber | Files touched by this commit (6)

Log message:
update to 7.19.2, which has some bug fixes

2008-10-15 13:36:43 by Christian Weisgerber | Files touched by this commit (3)

Log message:
Update to 7.19.0.  Prodded by robert@.

2008-06-24 12:37:25 by Christian Weisgerber | Files touched by this commit (9)

Log message:
update to 7.18.2

2008-06-09 15:00:57 by Christian Weisgerber | Files touched by this commit (5)

Log message:
Different workaround for link path ordering, keep build path out of
pkgconfig entry.  Problem reported by and ok landry@.

2008-05-13 11:56:29 by Christian Weisgerber | Files touched by this commit (5)

Log message:
* Update to 7.18.1.
* A CA cert bundle is no longer included, so point to /etc/ssl/cert.pem.
* Compile examples during build rather than fake stage.
ok sthen@, additional testing by merdely@

2007-11-14 12:38:58 by Christian Weisgerber | Files touched by this commit (2)

Log message:
- maintenance update to 7.17.1
- libidn pulls in a gettext dependency
- make sure we link against the correct libcurl

2007-10-02 10:52:41 by Christian Weisgerber | Files touched by this commit (2)

Log message:
maintenance update to 7.17.0

2007-09-15 16:37:00 by Michael Erdely | Files touched by this commit (333)

Log message:
Remove surrounding quotes in COMMENT*/PERMIT_*/BROKEN/ERRORS
Add $OpenBSD$ to p5-SNMP-Info/Makefile (ok kili@, simon@)

2007-05-13 11:08:25 by Christian Weisgerber | Files touched by this commit (2)

Log message:
- update to 7.16.2
- enable IDN support

2007-04-05 10:20:19 by Marc Espie | Files touched by this commit (912)

Log message:
base64 checksums.

2006-11-10 08:34:11 by Christian Weisgerber | Files touched by this commit (2)

Log message:
update to 7.16.0

2006-09-19 08:33:13 by Christian Weisgerber | Files touched by this commit (3)

Log message:
update to 7.15.5: various bug fixes

2006-06-20 11:37:42 by Christian Weisgerber | Files touched by this commit (3)

Log message:
maintenance update to 7.15.4

2006-05-01 02:48:28 by Nikolay Sturm | Files touched by this commit (1)

Log message:
MFC:
SECURITY: Update to 7.15.3.
Fixes TFTP packet buffer overflow vulnerability. (CVE-2006-1061)

2006-03-25 10:41:47 by Nikolay Sturm | Files touched by this commit (1)

Log message:
MFC:
SECURITY: Update to 7.15.3.
Fixes TFTP packet buffer overflow vulnerability. (CVE-2006-1061)

2006-03-25 09:26:19 by Nikolay Sturm | Files touched by this commit (1)

Log message:
MFC:
SECURITY: Update to 7.15.3.
Fixes TFTP packet buffer overflow vulnerability. (CVE-2006-1061)

2006-03-20 10:21:28 by Christian Weisgerber | Files touched by this commit (2)

Log message:
SECURITY: Update to 7.15.3.
Fixes TFTP packet buffer overflow vulnerability. (CVE-2006-1061)

2006-01-08 03:27:14 by Steven Mestdagh | Files touched by this commit (2)

Log message:
remove MODGNU_SHARED_LIBS and old -version-info patch

2005-12-23 10:37:03 by Todd T. Fries | Files touched by this commit (2)

Log message:
SHARED_LIBS

2005-12-12 01:50:34 by Nikolay Sturm | Files touched by this commit (3)

Log message:
MFC:
SECURITY:
Update to 7.15.1, which fixes a local buffer overflow.
http://curl.haxx.se/docs/adv_20051207.html

2005-12-12 01:48:35 by Nikolay Sturm | Files touched by this commit (3)

Log message:
MFC:
SECURITY:
Update to 7.15.1, which fixes a local buffer overflow.
http://curl.haxx.se/docs/adv_20051207.html

2005-12-08 10:10:02 by Christian Weisgerber | Files touched by this commit (5)

Log message:
SECURITY:
Update to 7.15.1, which fixes a local buffer overflow.
http://curl.haxx.se/docs/adv_20051207.html

2005-11-01 04:20:12 by Nikolay Sturm | Files touched by this commit (4)

Log message:
MFC:
Update to 7.15.0.
libcurl's NTLM function could overflow a stack-based buffer if given
a too long user name or domain name.  CAN-2005-3185.
ok brad

2005-10-22 00:42:22 by Nikolay Sturm | Files touched by this commit (4)

Log message:
MFC:
Update to 7.15.0.
libcurl's NTLM function could overflow a stack-based buffer if given
a too long user name or domain name.  CAN-2005-3185.
ok brad

2005-10-22 00:41:40 by Nikolay Sturm | Files touched by this commit (4)

Log message:
MFC:
Update to 7.15.0.
libcurl's NTLM function could overflow a stack-based buffer if given
a too long user name or domain name.  CAN-2005-3185.
ok brad

2005-10-16 09:31:39 by Christian Weisgerber | Files touched by this commit (5)

Log message:
SECURITY:
Update to 7.15.0.
libcurl's NTLM function could overflow a stack-based buffer if given
a too long user name or domain name.  CAN-2005-3185.

2005-05-26 17:13:29 by Christian Weisgerber | Files touched by this commit (5)

Log message:
maintenance update to 7.14.0 and take maintainer

2005-03-29 13:25:39 by Nikolay Sturm | Files touched by this commit (2)

Log message:
MFC:
Fix NT LAN Manager (NTLM) authentication handling. By sending a
specially crafted long NTLM reply packet, a remote attacker could
overflow the reply buffer.  This could lead to execution of arbitrary
attacker specified code with the privileges of the application using
the cURL library.  CAN-2005-0490.  From Ubuntu.
ok brad@

2005-03-15 15:20:39 by Robert Nagy | Files touched by this commit (2)

Log message:
SECURITY:
Fix NT LAN Manager (NTLM) authentication handling. By sending a
specially crafted long NTLM reply packet, a remote attacker could
overflow the reply buffer.  This could lead to execution of arbitrary
attacker specified code with the privileges of the application using
the cURL library.
http://www.vuxml.org/openbsd/531c3456-94dc-11d9-a433-080020fe8945.html
ok brad@

2005-03-14 15:52:20 by Christian Weisgerber | Files touched by this commit (2)

Log message:
SECURITY:
Fix NT LAN Manager (NTLM) authentication handling. By sending a
specially crafted long NTLM reply packet, a remote attacker could
overflow the reply buffer.  This could lead to execution of arbitrary
attacker specified code with the privileges of the application using
the cURL library.  CAN-2005-0490.  From Ubuntu.
ok brad@, pval@

2005-01-05 10:15:08 by Christian Weisgerber | Files touched by this commit (250)

Log message:
SIZE

2004-12-15 17:31:27 by Aleksander Piotrowski | Files touched by this commit (179)

Log message:
Add WANTLIB markers

2004-09-15 12:17:48 by Marc Espie | Files touched by this commit (262)

Log message:
new plists, kill a few INSTALL scripts.

2004-05-18 17:30:46 by Brad Smith | Files touched by this commit (4)

Log message:
upgrade to cURL 7.11.2

2004-04-08 00:18:37 by Brad Smith | Files touched by this commit (4)

Log message:
upgrade to cURL 7.11.1

2003-12-15 09:13:25 by Christian Weisgerber | Files touched by this commit (4)

Log message:
maintenance update to 7.10.8; ok brad@

2003-06-01 15:43:49 by Brad Smith | Files touched by this commit (7)

Log message:
upgrade to cURL 7.10.5

2003-05-27 08:35:13 by Brad Smith | Files touched by this commit (2)

Log message:
- bye bye Kerberos FLAVOR
- place curl-mode.el in emacs' site-lisp dir

2003-02-13 19:38:15 by Brad Smith | Files touched by this commit (2)

Log message:
curl-config with cURL 7.10.3 does not output a header path with the
--cflags flag, revert this change for now.

2003-02-06 20:40:25 by Brad Smith | Files touched by this commit (4)

Log message:
upgrade to cURL 7.10.3

2002-11-23 20:40:08 by Brad Smith | Files touched by this commit (4)

Log message:
upgrade to cURL 7.10.2