Bug 276879 - ftp/curl: Update to 8.6.0
Summary: ftp/curl: Update to 8.6.0
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Yasuhiro Kimura
URL: https://curl.se/changes.html#8_6_0
Keywords:
Depends on:
Blocks:
 
Reported: 2024-02-08 06:32 UTC by Yasuhiro Kimura
Modified: 2024-02-28 01:11 UTC (History)
3 users (show)

See Also:
sunpoet: maintainer-feedback+
yasu: merge-quarterly?
antoine: exp-run+

Attachments
Patch file (11.38 KB, patch)
2024-02-08 06:32 UTC, Yasuhiro Kimura 		no flags Details | Diff
Patch file (1.67 KB, patch)
2024-02-08 07:49 UTC, Yasuhiro Kimura 		no flags Details | Diff
Updated patch file (11.39 KB, patch)
2024-02-22 08:51 UTC, Yasuhiro Kimura 		no flags Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Yasuhiro Kimura freebsd_committer freebsd_triage 2024-02-08 06:32:04 UTC 
Created attachment 248243 [details]
Patch file

Update to 8.6.0

ChangeLog:      https://curl.se/changes.html#8_6_0
MFH:            2024Q1
Security:       CVE-2024-0853
Comment 1 Yasuhiro Kimura freebsd_committer freebsd_triage 2024-02-08 07:49:33 UTC 
Created attachment 248252 [details]
Patch file

Patch to add entry of the vulnerability to VuXML database.
Comment 2 Daniel Engberg freebsd_committer freebsd_triage 2024-02-09 00:54:10 UTC 
Hi,

I have a mini-exp running, it'll likely take somewhere between 12 to 24h to complete.

Best regards,
Daniel
Comment 3 Daniel Engberg freebsd_committer freebsd_triage 2024-02-09 22:05:38 UTC 
Looks fine, it would be nice if we could upstream our local patches...
Comment 4 Daniel Engberg freebsd_committer freebsd_triage 2024-02-21 18:50:23 UTC 
Hi,

Since this will likely pass maintainer timeout and given it covers a CVE please consider requesting an exp-run.

Best regards,
Daniel
Comment 5 Yasuhiro Kimura freebsd_committer freebsd_triage 2024-02-22 05:29:42 UTC 
Request exp-run by suggestion of diizzy@.
Comment 6 Antoine Brodin freebsd_committer freebsd_triage 2024-02-22 08:38:49 UTC 
The patch fails to apply
Comment 7 Yasuhiro Kimura freebsd_committer freebsd_triage 2024-02-22 08:51:24 UTC 
Created attachment 248678 [details]
Updated patch file

Chase update of ports tree.
Comment 8 Yasuhiro Kimura freebsd_committer freebsd_triage 2024-02-22 08:54:16 UTC 
(In reply to Antoine Brodin from comment #6)

Patch is updated. Please try with it.

Regards.
Comment 9 Po-Chuan Hsieh freebsd_committer freebsd_triage 2024-02-23 01:59:37 UTC 
(In reply to Yasuhiro Kimura from comment #7)

I'm OK with the updated patch. Thanks.
Comment 10 Antoine Brodin freebsd_committer freebsd_triage 2024-02-27 08:06:05 UTC 
Exp-run looks fine
Comment 11 commit-hook freebsd_committer freebsd_triage 2024-02-28 00:54:03 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=ed937bd9ad8fab202fbbc82fff0964eb7e715086

commit ed937bd9ad8fab202fbbc82fff0964eb7e715086
Author:     Yasuhiro Kimura <yasu@FreeBSD.org>
AuthorDate: 2024-02-08 00:24:41 +0000
Commit:     Yasuhiro Kimura <yasu@FreeBSD.org>
CommitDate: 2024-02-28 00:50:40 +0000

    ftp/curl: Update to 8.6.0

    ChangeLog:      https://curl.se/changes.html#8_6_0
    PR:             276879
    Approved by:    maintainer
    Exp-run bye:    antoine
    MFH:            2024Q1
    Security:       02e33cd1-c655-11ee-8613-08002784c58d

 ftp/curl/Makefile                |  6 ++++--
 ftp/curl/distinfo                |  8 +++++---
 ftp/curl/files/patch-Makefile.in | 11 -----------
 ftp/curl/files/patch-configure   | 41 ++++++++++++++++------------------------
 ftp/curl/pkg-plist               | 11 +++++++++++
 5 files changed, 36 insertions(+), 41 deletions(-)
Comment 12 commit-hook freebsd_committer freebsd_triage 2024-02-28 00:54:05 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=16f370e33f0cdd303de5a28f598d67b40091e307

commit 16f370e33f0cdd303de5a28f598d67b40091e307
Author:     Yasuhiro Kimura <yasu@FreeBSD.org>
AuthorDate: 2024-02-08 07:45:33 +0000
Commit:     Yasuhiro Kimura <yasu@FreeBSD.org>
CommitDate: 2024-02-28 00:50:29 +0000

    security/vuxml: Document OCSP verification bypass vulnerability in curl

    PR:             276879

 security/vuxml/vuln/2024.xml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
Comment 13 commit-hook freebsd_committer freebsd_triage 2024-02-28 01:10:08 UTC 
A commit in branch 2024Q1 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=85ae1dbb1a6e4bdfae53d745dbdba5af8db5e11a

commit 85ae1dbb1a6e4bdfae53d745dbdba5af8db5e11a
Author:     Yasuhiro Kimura <yasu@FreeBSD.org>
AuthorDate: 2024-02-08 00:24:41 +0000
Commit:     Yasuhiro Kimura <yasu@FreeBSD.org>
CommitDate: 2024-02-28 01:07:37 +0000

    ftp/curl: Update to 8.6.0

    ChangeLog:      https://curl.se/changes.html#8_6_0
    PR:             276879
    Approved by:    maintainer
    Exp-run bye:    antoine
    MFH:            2024Q1
    Security:       02e33cd1-c655-11ee-8613-08002784c58d

    (cherry picked from commit ed937bd9ad8fab202fbbc82fff0964eb7e715086)

 ftp/curl/Makefile                |  5 ++++-
 ftp/curl/distinfo                |  8 +++++---
 ftp/curl/files/patch-Makefile.in | 11 -----------
 ftp/curl/files/patch-configure   | 41 ++++++++++++++++------------------------
 ftp/curl/pkg-plist               | 11 +++++++++++
 5 files changed, 36 insertions(+), 40 deletions(-)