Bug 257306 - ftp/curl: Update to 7.78.0 (security and bugfix release)
Summary: ftp/curl: Update to 7.78.0 (security and bugfix release)
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Po-Chuan Hsieh
URL: https://curl.se/changes.html#7_78_0
Keywords: needs-patch, needs-qa, security
Depends on:
Blocks:
 
Reported: 2021-07-21 08:54 UTC by rob2g2
Modified: 2021-07-22 16:08 UTC (History)
5 users (show)

See Also:
koobs: maintainer-feedback? (ports-secteam)
koobs: maintainer-feedback? (sunpoet)
koobs: merge-quarterly?


Attachments
patch to submit the curl vulnerabilities to vuxml (1.50 KB, patch)
2021-07-21 08:55 UTC, rob2g2
no flags Details | Diff
git diff for ftp/curl (2.56 KB, patch)
2021-07-21 11:00 UTC, Bernard Spil
no flags Details | Diff
git diff for ftp/curl (3.13 KB, patch)
2021-07-21 11:11 UTC, Bernard Spil
brnrd: maintainer-approval?
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description rob2g2 2021-07-21 08:54:01 UTC
inform users via vuxml about the recent curl vulnerabilities
Comment 1 rob2g2 2021-07-21 08:55:27 UTC
Created attachment 226583 [details]
patch to submit the curl vulnerabilities to vuxml
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2021-07-21 09:02:41 UTC
Thank you for the report ann patch Rob
Comment 3 Kubilay Kocak freebsd_committer freebsd_triage 2021-07-21 09:09:08 UTC
^Triage: Switch this to cover the update, released today. 

See also: https://curl.se/news.html
Comment 5 Toni Viemerö 2021-07-21 10:05:47 UTC
The patch contains a warning for Chrome.

Bad copypaste from previous vuxml?

> <p>Google is aware of reports that an exploit for CVE-2021-30563 exists in the wild.</p>
Comment 6 Kubilay Kocak freebsd_committer freebsd_triage 2021-07-21 10:39:37 UTC
brnrd landed the vuxml entry: 

https://cgit.freebsd.org/ports/commit/?id=ef33c559bad0b10e9427cf64eee4e7036d420f66
Comment 7 Bernard Spil freebsd_committer 2021-07-21 10:55:36 UTC
(In reply to rob2g2 from comment #1)
Oops. Totally failed to check against Bugzilla and committed something of my own...
Comment 8 Bernard Spil freebsd_committer 2021-07-21 11:00:31 UTC
Created attachment 226588 [details]
git diff for ftp/curl

ftp/curl: Security update to 7.78.0

 * METALINK removed upstream
 * Removes CFLAGS patching in Configure

Security:    aa646c01-ea0d-11eb-9b84-d4c9ef517024
Comment 9 Bernard Spil freebsd_committer 2021-07-21 11:04:02 UTC
Build logs:

13.0 / LibreSSL: https://brnrd.eu/poudriere/data/130libre-default/2021-07-21_10h47m53s/logs/curl-7.78.0.log

Running testport against 7.78.0, see the 'Ports - git' builds on https://brnrd.eu/poudriere
Comment 10 Bernard Spil freebsd_committer 2021-07-21 11:11:17 UTC
Created attachment 226589 [details]
git diff for ftp/curl

Updated patch to address plist error with default options.

Poudriere logs for default FreeBSD options e.g. https://brnrd.eu/poudriere/build.html?mastername=130amd64-git&build=2021-07-21_11h08m49s