Created attachment 174769 [details] svn diff for ftp/curl Current version of ftp/curl in ports has an integer overflow vulnerability. Patch updates to 7.50.3 which fixes the vuln. > ftp/curl: Update 7.50.3 (Fixes 1 Security Vulnerability) > > - Update to 7.50.3 > - Update installed docs > > PR: > Security: b018121b-7a4b-11e6-bf52-b499baebfeaf > Security: CVE-2016-7167 > MFH: 2016Q3
Build log https://brnrd.eu/poudriere/data/110libre-default/2016-09-14_09h36m43s/logs/curl-7.50.3.log
Patch does not apply cleanly due to r422012, r422020, r422028
Created attachment 174870 [details] svn diff for ftp/curl Update patch after r422012, r422020, r422028
After removing the CR characters, this happened: Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: Makefile |=================================================================== |--- Makefile (revision 422300) |+++ Makefile (working copy) -------------------------- Patching file Makefile using Plan A... Hunk #1 failed at 2. Hunk #2 failed at 61. 2 out of 2 hunks failed--saving rejects to Makefile.rej Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: distinfo |=================================================================== |--- distinfo (revision 422300) |+++ distinfo (working copy) -------------------------- Patching file distinfo using Plan A... Hunk #1 succeeded at 1 with fuzz 1. done
Created attachment 174887 [details] previous patch with fixed tabs/cr/lf Just fixed formatting
Created attachment 174888 [details] previous patch with fixed tabs/cr/lf (re-fix) fixed distinfo too
testbuilds are fine.
Is anything holding back this patch?
The maintainer seems to be a bit inactive lately. Adding Mark who commited patch for previous curl vulnerability. Mark, would you push it?
Created attachment 175038 [details] Updated patch for Makefile The previous patch doesn't appear correct to me. It removes documentation files instead of adding an "md" extension that some files now have. Add md file extention to the following DOCS entries: a) HISTORY b) CONTRIBUTE c) INTERNALS d) LICENSE-MIXING e) SECURITY f) SSL-PROBLEMS g) SSLCERTS
A commit references this bug: Author: feld Date: Wed Sep 21 19:53:33 UTC 2016 New revision: 422575 URL: https://svnweb.freebsd.org/changeset/ports/422575 Log: ftp/curl: Update to 7.50.3 - Update installed docs PR: 212677 MFH: 2016Q3 Security: CVE-2016-7167 Changes: head/ftp/curl/Makefile head/ftp/curl/distinfo
Committed, thanks all!
A commit references this bug: Author: feld Date: Wed Sep 21 19:54:06 UTC 2016 New revision: 422576 URL: https://svnweb.freebsd.org/changeset/ports/422576 Log: MFH: r422575 ftp/curl: Update to 7.50.3 - Update installed docs PR: 212677 Security: CVE-2016-7167 Approved by: ports-secteam (with hat) Changes: _U branches/2016Q3/ branches/2016Q3/ftp/curl/Makefile branches/2016Q3/ftp/curl/distinfo