Bug 212677
| Summary: | ftp/curl: Update to 7.50.3 / fix vuln | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Bernard Spil <brnrd> | ||||||||||||
| Component: | Individual Port(s) | Assignee: | Mark Felder <feld> | ||||||||||||
| Status: | Closed FIXED | ||||||||||||||
| Severity: | Affects Many People | CC: | brnrd, dewayne, erik, feld, lab, lists, mg, pi | ||||||||||||
| Priority: | --- | Keywords: | needs-qa, patch, security | ||||||||||||
| Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(sunpoet) feld: merge-quarterly+ |
||||||||||||
| Hardware: | Any | ||||||||||||||
| OS: | Any | ||||||||||||||
| URL: | https://curl.haxx.se/docs/adv_20160914.html | ||||||||||||||
| Bug Depends on: | |||||||||||||||
| Bug Blocks: | 212455 | ||||||||||||||
| Attachments: |
|
||||||||||||||
|
Description
Bernard Spil
2016-09-14 07:50:19 UTC
Build log https://brnrd.eu/poudriere/data/110libre-default/2016-09-14_09h36m43s/logs/curl-7.50.3.log Patch does not apply cleanly due to r422012, r422020, r422028 Created attachment 174870 [details]
svn diff for ftp/curl
Update patch after r422012, r422020, r422028
After removing the CR characters, this happened: Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: Makefile |=================================================================== |--- Makefile (revision 422300) |+++ Makefile (working copy) -------------------------- Patching file Makefile using Plan A... Hunk #1 failed at 2. Hunk #2 failed at 61. 2 out of 2 hunks failed--saving rejects to Makefile.rej Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: distinfo |=================================================================== |--- distinfo (revision 422300) |+++ distinfo (working copy) -------------------------- Patching file distinfo using Plan A... Hunk #1 succeeded at 1 with fuzz 1. done Created attachment 174887 [details]
previous patch with fixed tabs/cr/lf
Just fixed formatting
Created attachment 174888 [details]
previous patch with fixed tabs/cr/lf (re-fix)
fixed distinfo too
testbuilds are fine. Is anything holding back this patch? The maintainer seems to be a bit inactive lately. Adding Mark who commited patch for previous curl vulnerability. Mark, would you push it? Created attachment 175038 [details]
Updated patch for Makefile
The previous patch doesn't appear correct to me. It removes documentation files instead of adding an "md" extension that some files now have. Add md file extention to the following DOCS entries:
a) HISTORY
b) CONTRIBUTE
c) INTERNALS
d) LICENSE-MIXING
e) SECURITY
f) SSL-PROBLEMS
g) SSLCERTS
A commit references this bug: Author: feld Date: Wed Sep 21 19:53:33 UTC 2016 New revision: 422575 URL: https://svnweb.freebsd.org/changeset/ports/422575 Log: ftp/curl: Update to 7.50.3 - Update installed docs PR: 212677 MFH: 2016Q3 Security: CVE-2016-7167 Changes: head/ftp/curl/Makefile head/ftp/curl/distinfo Committed, thanks all! A commit references this bug: Author: feld Date: Wed Sep 21 19:54:06 UTC 2016 New revision: 422576 URL: https://svnweb.freebsd.org/changeset/ports/422576 Log: MFH: r422575 ftp/curl: Update to 7.50.3 - Update installed docs PR: 212677 Security: CVE-2016-7167 Approved by: ports-secteam (with hat) Changes: _U branches/2016Q3/ branches/2016Q3/ftp/curl/Makefile branches/2016Q3/ftp/curl/distinfo |