1 |
commit: 724b6dffc5efac27514ac29e5158416f464fed55 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Nov 29 14:25:55 2017 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Nov 29 14:26:11 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=724b6dff |
7 |
|
8 |
net-misc/curl: security bump to 7.57.0, bug #638734 |
9 |
|
10 |
This addresses CVE-2017-{8816,8817,8818}. |
11 |
|
12 |
Package-Manager: Portage-2.3.13, Repoman-2.3.3 |
13 |
|
14 |
net-misc/curl/Manifest | 7 +- |
15 |
net-misc/curl/curl-7.57.0.ebuild | 248 +++++++++++++++++++++++++++++++++++++++ |
16 |
2 files changed, 252 insertions(+), 3 deletions(-) |
17 |
|
18 |
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest |
19 |
index 7ec3c89966b..7a2b8c59206 100644 |
20 |
--- a/net-misc/curl/Manifest |
21 |
+++ b/net-misc/curl/Manifest |
22 |
@@ -1,3 +1,4 @@ |
23 |
-DIST curl-7.55.1.tar.bz2 2786830 SHA256 e5b1a92ed3b0c11f149886458fa063419500819f1610c020d62f25b8e4b16cfb SHA512 bfeb39e94b8378519b2efba0a476636b80dbee3434104b98464ee81ce3871eb134e065f52abe8bedb69681b43576cb30655c8be0be6115386859d0cb426d745b WHIRLPOOL 287f6f4f5464a780c338755e4e9870381937768c9f4c9545436856ea690ae6bf4d3f886dd816cf080d2ee84e2a3fbf1a0a5a78e5fbc9d9d18bde428458819a8e |
24 |
-DIST curl-7.56.0.tar.bz2 2838517 SHA256 de60a4725a3d461c70aa571d7d69c788f1816d9d1a8a2ef05f864ce8f01279df SHA512 ba17a9fdc4b540d6053fa542bd875f321d009b9ba0cb56b16fe6c217f3856ab061f2a6c735771a0eadc28338889d071884680b4d4c243b4179872abb29915e3b WHIRLPOOL 89bdd5fdf4c99fd30bd7a63ad19d2285591b19134911160c94bf46bb4cdf6156544142b47e29d7c0c9cf06536215604cfc6bc59a5ba570dc16b23626fd1b44b2 |
25 |
-DIST curl-7.56.1.tar.bz2 2824548 SHA256 2594670367875e7d87b0f129b5e4690150780884d90244ba0fe3e74a778b5f90 SHA512 f8a602e6890b2791ea9199c80801ffd027980de3733d4ab001ee80b5167f840cc821c6fe7852087c88a471edc9d3f328cf660af3e2c6f7139d6c8de62b0ade68 WHIRLPOOL 428a2f90657cbe3fdc8a837b28f7ad7d80a1c1321a6976e885f79bc3a428c187e1fbc2c6ec48ffa99773aecb27647a46867c35b2fc0c29dbb6fb7f4e7d13f442 |
26 |
+DIST curl-7.55.1.tar.bz2 2786830 BLAKE2B 8de6a383b0ad850c88dce78ef68ec320001b6dd20749293395872d8c87ba79a16b4c0da91299afb0368ebff83c1becb360b402cfe3308374eeeb5e71e443f39b SHA512 bfeb39e94b8378519b2efba0a476636b80dbee3434104b98464ee81ce3871eb134e065f52abe8bedb69681b43576cb30655c8be0be6115386859d0cb426d745b |
27 |
+DIST curl-7.56.0.tar.bz2 2838517 BLAKE2B efe2c213f27ffd1f80a45eed67898b2d9c01192fd3abbe65436fd74afe5235e645905a32dd9b3a01872742b152bdb43ff785ea20f317503d634fd68d31449c89 SHA512 ba17a9fdc4b540d6053fa542bd875f321d009b9ba0cb56b16fe6c217f3856ab061f2a6c735771a0eadc28338889d071884680b4d4c243b4179872abb29915e3b |
28 |
+DIST curl-7.56.1.tar.bz2 2824548 BLAKE2B 8c191db379dc3f66d03b46158bf9da936c12b72c7361f4c36ff12a3af818322bb777b6f23eb9b95cfd576704f2e9b73ca87d7327734b2d3e6268b9079d718a7a SHA512 f8a602e6890b2791ea9199c80801ffd027980de3733d4ab001ee80b5167f840cc821c6fe7852087c88a471edc9d3f328cf660af3e2c6f7139d6c8de62b0ade68 |
29 |
+DIST curl-7.57.0.tar.bz2 2849283 BLAKE2B 05bf62df8908a7c2b00abbc31067b8e12e8f8527594597e0c92e950a83e359e3ad430930face01057e0d2e6af8e8d759a9e078bd179cdbd69bc7fe2d10c5c5e3 SHA512 f366d2e931d7aff63bac0e1f760ced32c849252947d522427ba92124566906a7e6bd081b6d1630df36895dda2a00ac4cf1bed1470740693ef47ab90c6a270377 |
30 |
|
31 |
diff --git a/net-misc/curl/curl-7.57.0.ebuild b/net-misc/curl/curl-7.57.0.ebuild |
32 |
new file mode 100644 |
33 |
index 00000000000..12b2d138ba7 |
34 |
--- /dev/null |
35 |
+++ b/net-misc/curl/curl-7.57.0.ebuild |
36 |
@@ -0,0 +1,248 @@ |
37 |
+# Copyright 1999-2017 Gentoo Foundation |
38 |
+# Distributed under the terms of the GNU General Public License v2 |
39 |
+ |
40 |
+EAPI="6" |
41 |
+ |
42 |
+inherit autotools eutils prefix multilib-minimal |
43 |
+ |
44 |
+DESCRIPTION="A Client that groks URLs" |
45 |
+HOMEPAGE="https://curl.haxx.se/" |
46 |
+SRC_URI="https://curl.haxx.se/download/${P}.tar.bz2" |
47 |
+ |
48 |
+LICENSE="MIT" |
49 |
+SLOT="0" |
50 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" |
51 |
+IUSE="adns http2 idn ipv6 kerberos ldap metalink rtmp samba ssh ssl static-libs test threads" |
52 |
+IUSE+=" curl_ssl_axtls curl_ssl_gnutls curl_ssl_libressl curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_winssl" |
53 |
+IUSE+=" elibc_Winnt" |
54 |
+ |
55 |
+#lead to lots of false negatives, bug #285669 |
56 |
+RESTRICT="test" |
57 |
+ |
58 |
+RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) |
59 |
+ ssl? ( |
60 |
+ curl_ssl_axtls? ( |
61 |
+ net-libs/axtls:0=[${MULTILIB_USEDEP}] |
62 |
+ app-misc/ca-certificates |
63 |
+ ) |
64 |
+ curl_ssl_gnutls? ( |
65 |
+ net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}] |
66 |
+ dev-libs/nettle:0=[${MULTILIB_USEDEP}] |
67 |
+ app-misc/ca-certificates |
68 |
+ ) |
69 |
+ curl_ssl_libressl? ( |
70 |
+ dev-libs/libressl:0=[static-libs?,${MULTILIB_USEDEP}] |
71 |
+ ) |
72 |
+ curl_ssl_mbedtls? ( |
73 |
+ net-libs/mbedtls:0=[${MULTILIB_USEDEP}] |
74 |
+ app-misc/ca-certificates |
75 |
+ ) |
76 |
+ curl_ssl_openssl? ( |
77 |
+ dev-libs/openssl:0=[static-libs?,${MULTILIB_USEDEP}] |
78 |
+ ) |
79 |
+ curl_ssl_nss? ( |
80 |
+ dev-libs/nss:0[${MULTILIB_USEDEP}] |
81 |
+ app-misc/ca-certificates |
82 |
+ ) |
83 |
+ ) |
84 |
+ http2? ( net-libs/nghttp2[${MULTILIB_USEDEP}] ) |
85 |
+ idn? ( net-dns/libidn2:0[static-libs?,${MULTILIB_USEDEP}] ) |
86 |
+ adns? ( net-dns/c-ares:0[${MULTILIB_USEDEP}] ) |
87 |
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) |
88 |
+ metalink? ( >=media-libs/libmetalink-0.1.1[${MULTILIB_USEDEP}] ) |
89 |
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) |
90 |
+ ssh? ( net-libs/libssh2[static-libs?,${MULTILIB_USEDEP}] ) |
91 |
+ sys-libs/zlib[${MULTILIB_USEDEP}] |
92 |
+ abi_x86_32? ( |
93 |
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r13 |
94 |
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] |
95 |
+ )" |
96 |
+ |
97 |
+# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303 |
98 |
+# rtmp? ( |
99 |
+# media-video/rtmpdump |
100 |
+# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] ) |
101 |
+# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] ) |
102 |
+# ) |
103 |
+ |
104 |
+# ssl providers to be added: |
105 |
+# fbopenssl $(use_with spnego) |
106 |
+ |
107 |
+DEPEND="${RDEPEND} |
108 |
+ >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] |
109 |
+ test? ( |
110 |
+ sys-apps/diffutils |
111 |
+ dev-lang/perl |
112 |
+ )" |
113 |
+ |
114 |
+# c-ares must be disabled for threads |
115 |
+# only one ssl provider can be enabled |
116 |
+REQUIRED_USE=" |
117 |
+ curl_ssl_winssl? ( elibc_Winnt ) |
118 |
+ threads? ( !adns ) |
119 |
+ ssl? ( |
120 |
+ ^^ ( |
121 |
+ curl_ssl_axtls |
122 |
+ curl_ssl_gnutls |
123 |
+ curl_ssl_libressl |
124 |
+ curl_ssl_mbedtls |
125 |
+ curl_ssl_nss |
126 |
+ curl_ssl_openssl |
127 |
+ curl_ssl_winssl |
128 |
+ ) |
129 |
+ )" |
130 |
+ |
131 |
+DOCS=( CHANGES README docs/FEATURES docs/INTERNALS.md \ |
132 |
+ docs/MANUAL docs/FAQ docs/BUGS docs/CONTRIBUTE.md ) |
133 |
+ |
134 |
+MULTILIB_WRAPPED_HEADERS=( |
135 |
+ /usr/include/curl/curlbuild.h |
136 |
+) |
137 |
+ |
138 |
+MULTILIB_CHOST_TOOLS=( |
139 |
+ /usr/bin/curl-config |
140 |
+) |
141 |
+ |
142 |
+src_prepare() { |
143 |
+ eapply "${FILESDIR}"/${PN}-7.30.0-prefix.patch |
144 |
+ eapply "${FILESDIR}"/${PN}-respect-cflags-3.patch |
145 |
+ eapply "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch |
146 |
+ |
147 |
+ sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241 |
148 |
+ |
149 |
+ eapply_user |
150 |
+ eprefixify curl-config.in |
151 |
+ eautoreconf |
152 |
+ |
153 |
+ if [[ ${CHOST} == *-darwin17 ]] ; then |
154 |
+ # https://bugs.gentoo.org/show_bug.cgi?id=637252 |
155 |
+ sed -i -e '/-Werror=partial-availability/s/Werror/Wno-error/g' \ |
156 |
+ configure || die |
157 |
+ fi |
158 |
+} |
159 |
+ |
160 |
+multilib_src_configure() { |
161 |
+ # We make use of the fact that later flags override earlier ones |
162 |
+ # So start with all ssl providers off until proven otherwise |
163 |
+ local myconf=() |
164 |
+ myconf+=( --without-axtls --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl ) |
165 |
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) |
166 |
+ if use ssl ; then |
167 |
+ if use curl_ssl_axtls; then |
168 |
+ einfo "SSL provided by axtls" |
169 |
+ myconf+=( --with-axtls ) |
170 |
+ elif use curl_ssl_gnutls; then |
171 |
+ einfo "SSL provided by gnutls" |
172 |
+ myconf+=( --with-gnutls --with-nettle ) |
173 |
+ elif use curl_ssl_libressl; then |
174 |
+ einfo "SSL provided by LibreSSL" |
175 |
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) |
176 |
+ elif use curl_ssl_mbedtls; then |
177 |
+ einfo "SSL provided by mbedtls" |
178 |
+ myconf+=( --with-mbedtls ) |
179 |
+ elif use curl_ssl_nss; then |
180 |
+ einfo "SSL provided by nss" |
181 |
+ myconf+=( --with-nss ) |
182 |
+ elif use curl_ssl_openssl; then |
183 |
+ einfo "SSL provided by openssl" |
184 |
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) |
185 |
+ elif use curl_ssl_winssl; then |
186 |
+ einfo "SSL provided by Windows" |
187 |
+ myconf+=( --with-winssl ) |
188 |
+ else |
189 |
+ eerror "We can't be here because of REQUIRED_USE." |
190 |
+ fi |
191 |
+ else |
192 |
+ einfo "SSL disabled" |
193 |
+ fi |
194 |
+ |
195 |
+ # These configuration options are organized alphabetically |
196 |
+ # within each category. This should make it easier if we |
197 |
+ # ever decide to make any of them contingent on USE flags: |
198 |
+ # 1) protocols first. To see them all do |
199 |
+ # 'grep SUPPORT_PROTOCOLS configure.ac' |
200 |
+ # 2) --enable/disable options second. |
201 |
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort |
202 |
+ # 3) --with/without options third. |
203 |
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort |
204 |
+ ECONF_SOURCE="${S}" \ |
205 |
+ econf \ |
206 |
+ --enable-crypto-auth \ |
207 |
+ --enable-dict \ |
208 |
+ --enable-file \ |
209 |
+ --enable-ftp \ |
210 |
+ --enable-gopher \ |
211 |
+ --enable-http \ |
212 |
+ --enable-imap \ |
213 |
+ $(use_enable ldap) \ |
214 |
+ $(use_enable ldap ldaps) \ |
215 |
+ --disable-ntlm-wb \ |
216 |
+ --enable-pop3 \ |
217 |
+ --enable-rt \ |
218 |
+ --enable-rtsp \ |
219 |
+ $(use_enable samba smb) \ |
220 |
+ $(use_with ssh libssh2) \ |
221 |
+ --enable-smtp \ |
222 |
+ --enable-telnet \ |
223 |
+ --enable-tftp \ |
224 |
+ --enable-tls-srp \ |
225 |
+ $(use_enable adns ares) \ |
226 |
+ --enable-cookies \ |
227 |
+ --enable-hidden-symbols \ |
228 |
+ $(use_enable ipv6) \ |
229 |
+ --enable-largefile \ |
230 |
+ --without-libpsl \ |
231 |
+ --enable-manual \ |
232 |
+ --enable-proxy \ |
233 |
+ --disable-sspi \ |
234 |
+ $(use_enable static-libs static) \ |
235 |
+ $(use_enable threads threaded-resolver) \ |
236 |
+ $(use_enable threads pthreads) \ |
237 |
+ --disable-versioned-symbols \ |
238 |
+ --without-cyassl \ |
239 |
+ --without-darwinssl \ |
240 |
+ $(use_with idn libidn2) \ |
241 |
+ $(use_with kerberos gssapi "${EPREFIX}"/usr) \ |
242 |
+ $(use_with metalink libmetalink) \ |
243 |
+ $(use_with http2 nghttp2) \ |
244 |
+ $(use_with rtmp librtmp) \ |
245 |
+ --without-brotli \ |
246 |
+ --without-spnego \ |
247 |
+ --without-winidn \ |
248 |
+ --with-zlib \ |
249 |
+ "${myconf[@]}" |
250 |
+ |
251 |
+ if ! multilib_is_native_abi; then |
252 |
+ # avoid building the client |
253 |
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die |
254 |
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die |
255 |
+ fi |
256 |
+ |
257 |
+ # Fix up the pkg-config file to be more robust. |
258 |
+ # https://github.com/curl/curl/issues/864 |
259 |
+ local priv=() libs=() |
260 |
+ # We always enable zlib. |
261 |
+ libs+=( "-lz" ) |
262 |
+ priv+=( "zlib" ) |
263 |
+ if use http2; then |
264 |
+ libs+=( "-lnghttp2" ) |
265 |
+ priv+=( "libnghttp2" ) |
266 |
+ fi |
267 |
+ if use curl_ssl_openssl; then |
268 |
+ libs+=( "-lssl" "-lcrypto" ) |
269 |
+ priv+=( "openssl" ) |
270 |
+ fi |
271 |
+ grep -q Requires.private libcurl.pc && die "need to update ebuild" |
272 |
+ libs=$(printf '|%s' "${libs[@]}") |
273 |
+ sed -i -r \ |
274 |
+ -e "/^Libs.private/s:(${libs#|})( |$)::g" \ |
275 |
+ libcurl.pc || die |
276 |
+ echo "Requires.private: ${priv[*]}" >> libcurl.pc |
277 |
+} |
278 |
+ |
279 |
+multilib_src_install_all() { |
280 |
+ einstalldocs |
281 |
+ prune_libtool_files --all |
282 |
+ |
283 |
+ rm -rf "${ED}"/etc/ |
284 |
+} |