Bug 132358

Summary: ftp/curl: update to 7.19.4 thus fixing CVE-2009-0037
Product: Ports & Packages Reporter: Eygene Ryabinkin <rea-fbsd>
Component: Individual Port(s)Assignee: Peter Pentchev <roam>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
update-to-7.19.4.diff
none
7.19.4-nitpicking-PORTEXAMPLES.diff none

Description Eygene Ryabinkin 2009-03-06 11:20:05 UTC 
cURL 7.19.4 is out [1] and this release fixes security bug with redirection
to other protocols supported by cURL [2] [3].

Fix: The following patch updates the port to 7.19.4.  I had tested both CLI
version of the native client by downloading some files and testing their
integrity and git as the cURL client by cloning some repositories by
HTTP.  Everything works without problems.

One will need to issue 'patch -p3 -E' to get rid of empty files:
patches for 'docs' directory contents were integrated upstream.

Ideally, this patch should supersede the patch in ports/131324.

The following two patches are to compensate portlint whinings about
not very correct usage of some variables.

From bfaacf662b77e649ae40b7dd0d45f49a18ebc63c Mon Sep 17 00:00:00 2001
From: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Date: Fri, 6 Mar 2009 13:31:00 +0300
Subject: [PATCH 3/3] ftp/curl: nitpicking, don't add CFLAGS to the CONFIGURE_ENV

This is redundant: target 'do-configure' from bsd.port.mk sets CFLAGS
to ${CFLAGS} by itself, so manual addition of CFLAGS should not produce
any effect.

Signed-off-by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
---
 ftp/curl/Makefile |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/ftp/curl/Makefile b/ftp/curl/Makefile
index 3343c31..fc695ce 100644
--- a/ftp/curl/Makefile
+++ b/ftp/curl/Makefile
@@ -179,7 +179,7 @@ CONFIGURE_ARGS+=	--disable-proxy
 .endif
 
 .if defined(ADDFLAGS)
-CONFIGURE_ENV+=	CFLAGS="${CFLAGS}" LDFLAGS="${LDFLAGS}"
+CONFIGURE_ENV+=	LDFLAGS="${LDFLAGS}"
 .endif
 
 DOCS=		BINDINGS BUGS CONTRIBUTE DISTRO-DILEMMA FAQ FEATURES \
-- 
1.6.1
--- 7.19.4-nitpicking-CFLAGS ends here ---
How-To-Repeat: 
See the following links.

[1] http://curl.haxx.se/changes.html
[2] http://curl.haxx.se/docs/adv_20090303.html
[3] http://www.vuxml.org/freebsd/5d433534-f41c-402e-ade5-e0a2259a7cb6.html
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2009-03-06 11:20:23 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->roam

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 dfilter service freebsd_committer freebsd_triage 2009-03-07 03:57:50 UTC 
roam        2009-03-07 03:57:38 UTC

  FreeBSD ports repository

  Modified files:
    ftp/curl             Makefile distinfo pkg-plist 
    ftp/curl/files       patch-Makefile.in patch-configure 
                         patch-lib::ftp.c patch-lib::url.c 
                         patch-src::main.c 
                         patch-tests::libtest::lib505.c 
                         patch-tests::libtest::lib541.c 
                         patch-tests::runtests.pl 
                         patch-tests::server::getpart.c 
  Removed files:
    ftp/curl/files       patch-docs::curl.1 patch-docs::curl.html 
  Log:
  Update to curl-7.19.4, which fixes a redirection vulnerability.
  The changes in the patch files are almost the same as in Eugene's PR,
  although I arrived at them mostly independently :)
  Reformat all patch files now that I use quilt to manage them.
  Fix two complaints from portlint: needless use of CFLAGS and differentiation
  between NOPORTDOCS and NOPORTEXAMPLES.  Thanks, Eugene!
  
  PR:             132358
  Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>
  
  Revision  Changes    Path
  1.97      +6 -2      ports/ftp/curl/Makefile
  1.52      +3 -3      ports/ftp/curl/distinfo
  1.3       +4 -3      ports/ftp/curl/files/patch-Makefile.in
  1.11      +11 -11    ports/ftp/curl/files/patch-configure
  1.3       +0 -12     ports/ftp/curl/files/patch-docs::curl.1 (dead)
  1.3       +0 -12     ports/ftp/curl/files/patch-docs::curl.html (dead)
  1.7       +5 -39     ports/ftp/curl/files/patch-lib::ftp.c
  1.5       +4 -3      ports/ftp/curl/files/patch-lib::url.c
  1.6       +5 -39     ports/ftp/curl/files/patch-src::main.c
  1.3       +4 -3      ports/ftp/curl/files/patch-tests::libtest::lib505.c
  1.3       +4 -3      ports/ftp/curl/files/patch-tests::libtest::lib541.c
  1.5       +4 -3      ports/ftp/curl/files/patch-tests::runtests.pl
  1.5       +4 -3      ports/ftp/curl/files/patch-tests::server::getpart.c
  1.26      +47 -46    ports/ftp/curl/pkg-plist
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 3 Peter Pentchev freebsd_committer freebsd_triage 2009-03-07 03:59:17 UTC 
State Changed
From-To: open->closed

I've just committed something very, very similar to your changes, 
and included your two nitpicking fixes.  Thanks!