inform users via vuxml about the recent curl vulnerabilities
Created attachment 226583 [details] patch to submit the curl vulnerabilities to vuxml
Thank you for the report ann patch Rob
^Triage: Switch this to cover the update, released today. See also: https://curl.se/news.html
CVE list: https://curl.se/docs/CVE-2021-22922.html https://curl.se/docs/CVE-2021-22923.html https://curl.se/docs/CVE-2021-22924.html https://curl.se/docs/CVE-2021-22925.html https://curl.se/docs/CVE-2021-22926.html
The patch contains a warning for Chrome. Bad copypaste from previous vuxml? > <p>Google is aware of reports that an exploit for CVE-2021-30563 exists in the wild.</p>
brnrd landed the vuxml entry: https://cgit.freebsd.org/ports/commit/?id=ef33c559bad0b10e9427cf64eee4e7036d420f66
(In reply to rob2g2 from comment #1) Oops. Totally failed to check against Bugzilla and committed something of my own...
Created attachment 226588 [details] git diff for ftp/curl ftp/curl: Security update to 7.78.0 * METALINK removed upstream * Removes CFLAGS patching in Configure Security: aa646c01-ea0d-11eb-9b84-d4c9ef517024
Build logs: 13.0 / LibreSSL: https://brnrd.eu/poudriere/data/130libre-default/2021-07-21_10h47m53s/logs/curl-7.78.0.log Running testport against 7.78.0, see the 'Ports - git' builds on https://brnrd.eu/poudriere
Created attachment 226589 [details] git diff for ftp/curl Updated patch to address plist error with default options. Poudriere logs for default FreeBSD options e.g. https://brnrd.eu/poudriere/build.html?mastername=130amd64-git&build=2021-07-21_11h08m49s
Updated to 7.78.0 in ee05a0fbe5a5835ca262c01f28de2f050c0d0da1. Thanks!
What about merge-quarterly? https://cgit.freebsd.org/ports/tree/ftp/curl/Makefile?h=2021Q3 2021Q3 is still 7.77.0.
The branch 2021Q3 has been updated by fluffy: URL: https://cgit.FreeBSD.org/ports/commit/?id=a4ab211f245678b9341a14fdc2ec0a7481078405 commit a4ab211f245678b9341a14fdc2ec0a7481078405 Author: Po-Chuan Hsieh <sunpoet@FreeBSD.org> AuthorDate: 2021-07-21 21:12:52 +0000 Commit: Dima Panov <fluffy@FreeBSD.org> CommitDate: 2021-08-19 19:11:01 +0000 ftp/curl: Update to 7.78.0 - Remove METALINK option: all support removed by upstream - Update NTLM option: it has own configure option now Changes: https://curl.se/changes.html (cherry picked from commit ee05a0fbe5a5835ca262c01f28de2f050c0d0da1) With hat: ports-secteam