cURL 7.19.4 is out [1] and this release fixes security bug with redirection to other protocols supported by cURL [2] [3]. Fix: The following patch updates the port to 7.19.4. I had tested both CLI version of the native client by downloading some files and testing their integrity and git as the cURL client by cloning some repositories by HTTP. Everything works without problems. One will need to issue 'patch -p3 -E' to get rid of empty files: patches for 'docs' directory contents were integrated upstream. Ideally, this patch should supersede the patch in ports/131324. The following two patches are to compensate portlint whinings about not very correct usage of some variables. From bfaacf662b77e649ae40b7dd0d45f49a18ebc63c Mon Sep 17 00:00:00 2001 From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> Date: Fri, 6 Mar 2009 13:31:00 +0300 Subject: [PATCH 3/3] ftp/curl: nitpicking, don't add CFLAGS to the CONFIGURE_ENV This is redundant: target 'do-configure' from bsd.port.mk sets CFLAGS to ${CFLAGS} by itself, so manual addition of CFLAGS should not produce any effect. Signed-off-by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> --- ftp/curl/Makefile | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/ftp/curl/Makefile b/ftp/curl/Makefile index 3343c31..fc695ce 100644 --- a/ftp/curl/Makefile +++ b/ftp/curl/Makefile @@ -179,7 +179,7 @@ CONFIGURE_ARGS+= --disable-proxy .endif .if defined(ADDFLAGS) -CONFIGURE_ENV+= CFLAGS="${CFLAGS}" LDFLAGS="${LDFLAGS}" +CONFIGURE_ENV+= LDFLAGS="${LDFLAGS}" .endif DOCS= BINDINGS BUGS CONTRIBUTE DISTRO-DILEMMA FAQ FEATURES \ -- 1.6.1 --- 7.19.4-nitpicking-CFLAGS ends here --- How-To-Repeat: See the following links. [1] http://curl.haxx.se/changes.html [2] http://curl.haxx.se/docs/adv_20090303.html [3] http://www.vuxml.org/freebsd/5d433534-f41c-402e-ade5-e0a2259a7cb6.html
Responsible Changed From-To: freebsd-ports-bugs->roam Over to maintainer (via the GNATS Auto Assign Tool)
roam 2009-03-07 03:57:38 UTC FreeBSD ports repository Modified files: ftp/curl Makefile distinfo pkg-plist ftp/curl/files patch-Makefile.in patch-configure patch-lib::ftp.c patch-lib::url.c patch-src::main.c patch-tests::libtest::lib505.c patch-tests::libtest::lib541.c patch-tests::runtests.pl patch-tests::server::getpart.c Removed files: ftp/curl/files patch-docs::curl.1 patch-docs::curl.html Log: Update to curl-7.19.4, which fixes a redirection vulnerability. The changes in the patch files are almost the same as in Eugene's PR, although I arrived at them mostly independently :) Reformat all patch files now that I use quilt to manage them. Fix two complaints from portlint: needless use of CFLAGS and differentiation between NOPORTDOCS and NOPORTEXAMPLES. Thanks, Eugene! PR: 132358 Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> Revision Changes Path 1.97 +6 -2 ports/ftp/curl/Makefile 1.52 +3 -3 ports/ftp/curl/distinfo 1.3 +4 -3 ports/ftp/curl/files/patch-Makefile.in 1.11 +11 -11 ports/ftp/curl/files/patch-configure 1.3 +0 -12 ports/ftp/curl/files/patch-docs::curl.1 (dead) 1.3 +0 -12 ports/ftp/curl/files/patch-docs::curl.html (dead) 1.7 +5 -39 ports/ftp/curl/files/patch-lib::ftp.c 1.5 +4 -3 ports/ftp/curl/files/patch-lib::url.c 1.6 +5 -39 ports/ftp/curl/files/patch-src::main.c 1.3 +4 -3 ports/ftp/curl/files/patch-tests::libtest::lib505.c 1.3 +4 -3 ports/ftp/curl/files/patch-tests::libtest::lib541.c 1.5 +4 -3 ports/ftp/curl/files/patch-tests::runtests.pl 1.5 +4 -3 ports/ftp/curl/files/patch-tests::server::getpart.c 1.26 +47 -46 ports/ftp/curl/pkg-plist _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed I've just committed something very, very similar to your changes, and included your two nitpicking fixes. Thanks!