diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2017-11-29 09:25:55 -0500 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2017-11-29 09:26:11 -0500 |
commit | 724b6dffc5efac27514ac29e5158416f464fed55 (patch) | |
tree | c089535902b892e94b651d4bc730689c70ce21bb /net-misc | |
parent | dev-ada/asis: Defaulting some use flags (diff) | |
download | gentoo-724b6dffc5efac27514ac29e5158416f464fed55.tar.gz gentoo-724b6dffc5efac27514ac29e5158416f464fed55.tar.bz2 gentoo-724b6dffc5efac27514ac29e5158416f464fed55.zip |
net-misc/curl: security bump to 7.57.0, bug #638734
This addresses CVE-2017-{8816,8817,8818}.
Package-Manager: Portage-2.3.13, Repoman-2.3.3
Diffstat (limited to 'net-misc')
-rw-r--r-- | net-misc/curl/Manifest | 7 | ||||
-rw-r--r-- | net-misc/curl/curl-7.57.0.ebuild | 248 |
2 files changed, 252 insertions, 3 deletions
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest index 7ec3c89966be..7a2b8c59206d 100644 --- a/net-misc/curl/Manifest +++ b/net-misc/curl/Manifest @@ -1,3 +1,4 @@ -DIST curl-7.55.1.tar.bz2 2786830 SHA256 e5b1a92ed3b0c11f149886458fa063419500819f1610c020d62f25b8e4b16cfb SHA512 bfeb39e94b8378519b2efba0a476636b80dbee3434104b98464ee81ce3871eb134e065f52abe8bedb69681b43576cb30655c8be0be6115386859d0cb426d745b WHIRLPOOL 287f6f4f5464a780c338755e4e9870381937768c9f4c9545436856ea690ae6bf4d3f886dd816cf080d2ee84e2a3fbf1a0a5a78e5fbc9d9d18bde428458819a8e -DIST curl-7.56.0.tar.bz2 2838517 SHA256 de60a4725a3d461c70aa571d7d69c788f1816d9d1a8a2ef05f864ce8f01279df SHA512 ba17a9fdc4b540d6053fa542bd875f321d009b9ba0cb56b16fe6c217f3856ab061f2a6c735771a0eadc28338889d071884680b4d4c243b4179872abb29915e3b WHIRLPOOL 89bdd5fdf4c99fd30bd7a63ad19d2285591b19134911160c94bf46bb4cdf6156544142b47e29d7c0c9cf06536215604cfc6bc59a5ba570dc16b23626fd1b44b2 -DIST curl-7.56.1.tar.bz2 2824548 SHA256 2594670367875e7d87b0f129b5e4690150780884d90244ba0fe3e74a778b5f90 SHA512 f8a602e6890b2791ea9199c80801ffd027980de3733d4ab001ee80b5167f840cc821c6fe7852087c88a471edc9d3f328cf660af3e2c6f7139d6c8de62b0ade68 WHIRLPOOL 428a2f90657cbe3fdc8a837b28f7ad7d80a1c1321a6976e885f79bc3a428c187e1fbc2c6ec48ffa99773aecb27647a46867c35b2fc0c29dbb6fb7f4e7d13f442 +DIST curl-7.55.1.tar.bz2 2786830 BLAKE2B 8de6a383b0ad850c88dce78ef68ec320001b6dd20749293395872d8c87ba79a16b4c0da91299afb0368ebff83c1becb360b402cfe3308374eeeb5e71e443f39b SHA512 bfeb39e94b8378519b2efba0a476636b80dbee3434104b98464ee81ce3871eb134e065f52abe8bedb69681b43576cb30655c8be0be6115386859d0cb426d745b +DIST curl-7.56.0.tar.bz2 2838517 BLAKE2B efe2c213f27ffd1f80a45eed67898b2d9c01192fd3abbe65436fd74afe5235e645905a32dd9b3a01872742b152bdb43ff785ea20f317503d634fd68d31449c89 SHA512 ba17a9fdc4b540d6053fa542bd875f321d009b9ba0cb56b16fe6c217f3856ab061f2a6c735771a0eadc28338889d071884680b4d4c243b4179872abb29915e3b +DIST curl-7.56.1.tar.bz2 2824548 BLAKE2B 8c191db379dc3f66d03b46158bf9da936c12b72c7361f4c36ff12a3af818322bb777b6f23eb9b95cfd576704f2e9b73ca87d7327734b2d3e6268b9079d718a7a SHA512 f8a602e6890b2791ea9199c80801ffd027980de3733d4ab001ee80b5167f840cc821c6fe7852087c88a471edc9d3f328cf660af3e2c6f7139d6c8de62b0ade68 +DIST curl-7.57.0.tar.bz2 2849283 BLAKE2B 05bf62df8908a7c2b00abbc31067b8e12e8f8527594597e0c92e950a83e359e3ad430930face01057e0d2e6af8e8d759a9e078bd179cdbd69bc7fe2d10c5c5e3 SHA512 f366d2e931d7aff63bac0e1f760ced32c849252947d522427ba92124566906a7e6bd081b6d1630df36895dda2a00ac4cf1bed1470740693ef47ab90c6a270377 diff --git a/net-misc/curl/curl-7.57.0.ebuild b/net-misc/curl/curl-7.57.0.ebuild new file mode 100644 index 000000000000..12b2d138ba77 --- /dev/null +++ b/net-misc/curl/curl-7.57.0.ebuild @@ -0,0 +1,248 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit autotools eutils prefix multilib-minimal + +DESCRIPTION="A Client that groks URLs" +HOMEPAGE="https://curl.haxx.se/" +SRC_URI="https://curl.haxx.se/download/${P}.tar.bz2" + +LICENSE="MIT" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="adns http2 idn ipv6 kerberos ldap metalink rtmp samba ssh ssl static-libs test threads" +IUSE+=" curl_ssl_axtls curl_ssl_gnutls curl_ssl_libressl curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl" +IUSE+=" elibc_Winnt" + +#lead to lots of false negatives, bug #285669 +RESTRICT="test" + +RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) + ssl? ( + curl_ssl_axtls? ( + net-libs/axtls:0=[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + curl_ssl_gnutls? ( + net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}] + dev-libs/nettle:0=[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + curl_ssl_libressl? ( + dev-libs/libressl:0=[static-libs?,${MULTILIB_USEDEP}] + ) + curl_ssl_mbedtls? ( + net-libs/mbedtls:0=[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + curl_ssl_openssl? ( + dev-libs/openssl:0=[static-libs?,${MULTILIB_USEDEP}] + ) + curl_ssl_nss? ( + dev-libs/nss:0[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + ) + http2? ( net-libs/nghttp2[${MULTILIB_USEDEP}] ) + idn? ( net-dns/libidn2:0[static-libs?,${MULTILIB_USEDEP}] ) + adns? ( net-dns/c-ares:0[${MULTILIB_USEDEP}] ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + metalink? ( >=media-libs/libmetalink-0.1.1[${MULTILIB_USEDEP}] ) + rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) + ssh? ( net-libs/libssh2[static-libs?,${MULTILIB_USEDEP}] ) + sys-libs/zlib[${MULTILIB_USEDEP}] + abi_x86_32? ( + !<=app-emulation/emul-linux-x86-baselibs-20140508-r13 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] + )" + +# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303 +# rtmp? ( +# media-video/rtmpdump +# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] ) +# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] ) +# ) + +# ssl providers to be added: +# fbopenssl $(use_with spnego) + +DEPEND="${RDEPEND} + >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] + test? ( + sys-apps/diffutils + dev-lang/perl + )" + +# c-ares must be disabled for threads +# only one ssl provider can be enabled +REQUIRED_USE=" + curl_ssl_winssl? ( elibc_Winnt ) + threads? ( !adns ) + ssl? ( + ^^ ( + curl_ssl_axtls + curl_ssl_gnutls + curl_ssl_libressl + curl_ssl_mbedtls + curl_ssl_nss + curl_ssl_openssl + curl_ssl_winssl + ) + )" + +DOCS=( CHANGES README docs/FEATURES docs/INTERNALS.md \ + docs/MANUAL docs/FAQ docs/BUGS docs/CONTRIBUTE.md ) + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/curl/curlbuild.h +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/curl-config +) + +src_prepare() { + eapply "${FILESDIR}"/${PN}-7.30.0-prefix.patch + eapply "${FILESDIR}"/${PN}-respect-cflags-3.patch + eapply "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch + + sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241 + + eapply_user + eprefixify curl-config.in + eautoreconf + + if [[ ${CHOST} == *-darwin17 ]] ; then + # https://bugs.gentoo.org/show_bug.cgi?id=637252 + sed -i -e '/-Werror=partial-availability/s/Werror/Wno-error/g' \ + configure || die + fi +} + +multilib_src_configure() { + # We make use of the fact that later flags override earlier ones + # So start with all ssl providers off until proven otherwise + local myconf=() + myconf+=( --without-axtls --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl ) + myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) + if use ssl ; then + if use curl_ssl_axtls; then + einfo "SSL provided by axtls" + myconf+=( --with-axtls ) + elif use curl_ssl_gnutls; then + einfo "SSL provided by gnutls" + myconf+=( --with-gnutls --with-nettle ) + elif use curl_ssl_libressl; then + einfo "SSL provided by LibreSSL" + myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) + elif use curl_ssl_mbedtls; then + einfo "SSL provided by mbedtls" + myconf+=( --with-mbedtls ) + elif use curl_ssl_nss; then + einfo "SSL provided by nss" + myconf+=( --with-nss ) + elif use curl_ssl_openssl; then + einfo "SSL provided by openssl" + myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) + elif use curl_ssl_winssl; then + einfo "SSL provided by Windows" + myconf+=( --with-winssl ) + else + eerror "We can't be here because of REQUIRED_USE." + fi + else + einfo "SSL disabled" + fi + + # These configuration options are organized alphabetically + # within each category. This should make it easier if we + # ever decide to make any of them contingent on USE flags: + # 1) protocols first. To see them all do + # 'grep SUPPORT_PROTOCOLS configure.ac' + # 2) --enable/disable options second. + # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort + # 3) --with/without options third. + # grep -- --with configure | grep Check | awk '{ print $4 }' | sort + ECONF_SOURCE="${S}" \ + econf \ + --enable-crypto-auth \ + --enable-dict \ + --enable-file \ + --enable-ftp \ + --enable-gopher \ + --enable-http \ + --enable-imap \ + $(use_enable ldap) \ + $(use_enable ldap ldaps) \ + --disable-ntlm-wb \ + --enable-pop3 \ + --enable-rt \ + --enable-rtsp \ + $(use_enable samba smb) \ + $(use_with ssh libssh2) \ + --enable-smtp \ + --enable-telnet \ + --enable-tftp \ + --enable-tls-srp \ + $(use_enable adns ares) \ + --enable-cookies \ + --enable-hidden-symbols \ + $(use_enable ipv6) \ + --enable-largefile \ + --without-libpsl \ + --enable-manual \ + --enable-proxy \ + --disable-sspi \ + $(use_enable static-libs static) \ + $(use_enable threads threaded-resolver) \ + $(use_enable threads pthreads) \ + --disable-versioned-symbols \ + --without-cyassl \ + --without-darwinssl \ + $(use_with idn libidn2) \ + $(use_with kerberos gssapi "${EPREFIX}"/usr) \ + $(use_with metalink libmetalink) \ + $(use_with http2 nghttp2) \ + $(use_with rtmp librtmp) \ + --without-brotli \ + --without-spnego \ + --without-winidn \ + --with-zlib \ + "${myconf[@]}" + + if ! multilib_is_native_abi; then + # avoid building the client + sed -i -e '/SUBDIRS/s:src::' Makefile || die + sed -i -e '/SUBDIRS/s:scripts::' Makefile || die + fi + + # Fix up the pkg-config file to be more robust. + # https://github.com/curl/curl/issues/864 + local priv=() libs=() + # We always enable zlib. + libs+=( "-lz" ) + priv+=( "zlib" ) + if use http2; then + libs+=( "-lnghttp2" ) + priv+=( "libnghttp2" ) + fi + if use curl_ssl_openssl; then + libs+=( "-lssl" "-lcrypto" ) + priv+=( "openssl" ) + fi + grep -q Requires.private libcurl.pc && die "need to update ebuild" + libs=$(printf '|%s' "${libs[@]}") + sed -i -r \ + -e "/^Libs.private/s:(${libs#|})( |$)::g" \ + libcurl.pc || die + echo "Requires.private: ${priv[*]}" >> libcurl.pc +} + +multilib_src_install_all() { + einstalldocs + prune_libtool_files --all + + rm -rf "${ED}"/etc/ +} |