Index: head/ftp/curl/Makefile =================================================================== --- head/ftp/curl/Makefile (revision 437807) +++ head/ftp/curl/Makefile (revision 437808) @@ -1,163 +1,164 @@ # Created by: Neil Blakey-Milner # $FreeBSD$ PORTNAME= curl PORTVERSION= 7.53.1 +PORTREVISION= 1 CATEGORIES= ftp net www MASTER_SITES= http://curl.haxx.se/download/ \ LOCAL/sunpoet MAINTAINER= sunpoet@FreeBSD.org COMMENT= Non-interactive tool to get files from FTP, GOPHER, HTTP(S) servers LICENSE= MIT LICENSE_FILE= ${WRKSRC}/COPYING OPTIONS_DEFINE= CA_BUNDLE COOKIES CURL_DEBUG DEBUG DOCS EXAMPLES HTTP2 IDN IPV6 LDAP LDAPS LIBSSH2 METALINK PROXY PSL RTMP SMB TLS_SRP OPTIONS_RADIO= RESOLV SSL OPTIONS_SINGLE= GSSAPI OPTIONS_RADIO_RESOLV= CARES THREADED_RESOLVER OPTIONS_RADIO_SSL= GNUTLS NSS OPENSSL POLARSSL WOLFSSL OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE OPTIONS_DEFAULT= CA_BUNDLE COOKIES GSSAPI_${${SSL_DEFAULT} == base :?BASE :NONE} HTTP2 OPENSSL PROXY RESOLV THREADED_RESOLVER TLS_SRP CA_BUNDLE_DESC= Install CA bundle for OpenSSL CA_BUNDLE_IMPLIES= OPENSSL COOKIES_DESC= Cookies support CURL_DEBUG_DESC= cURL debug memory tracking LDAPS_IMPLIES= LDAP LIBSSH2_DESC= SCP/SFTP support via libssh2 LIBSSH2_IMPLIES= OPENSSL RESOLV_DESC= DNS resolving options SMB_DESC= SMB/CIFS support THREADED_RESOLVER_DESC= Threaded DNS resolver TLS_SRP_DESC= TLS-SRP (Secure Remote Password) support CONFIGURE_ARGS= --disable-werror \ --enable-imap --enable-pop3 --enable-rtsp --enable-smtp \ --with-zsh-functions-dir=${LOCALBASE}/share/zsh/site-functions \ --without-axtls CONFIGURE_ENV= LOCALBASE=${LOCALBASE} \ ac_cv_func_SSLv2_client_method=no GNU_CONFIGURE= yes INSTALL_TARGET= install-strip TEST_TARGET= test USE_LDCONFIG= yes USE_PERL5= build USES= cpe gmake libtool localbase pathfix perl5 shebangfix tar:lzma PORTDOCS= * PORTEXAMPLES= * CPE_VENDOR= haxx DOCS= BUGS CODE_OF_CONDUCT.md CODE_STYLE.md CONTRIBUTE.md FAQ \ FEATURES HISTORY.md HTTP-COOKIES.md HTTP2.md INSTALL \ INTERNALS.md KNOWN_BUGS LICENSE-MIXING.md MAIL-ETIQUETTE \ MANUAL RELEASE-PROCEDURE RESOURCES ROADMAP.md SECURITY.md \ SSL-PROBLEMS.md SSLCERTS.md THANKS TODO TheArtOfHttpScripting \ VERSIONS SHEBANG_FILES= */*.pl CA_BUNDLE_CONFIGURE_OFF=--without-ca-bundle CA_BUNDLE_CONFIGURE_ON= --with-ca-bundle=${LOCALBASE}/share/certs/ca-root-nss.crt CA_BUNDLE_RUN_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss CARES_CONFIGURE_ENABLE= ares CARES_LIB_DEPENDS= libcares.so:dns/c-ares COOKIES_CONFIGURE_ENABLE= cookies CURL_DEBUG_CONFIGURE_ENABLE= curldebug DEBUG_CONFIGURE_ENABLE= debug GNUTLS_CONFIGURE_WITH= gnutls GNUTLS_LIB_DEPENDS= libgnutls.so:security/gnutls GSSAPI_BASE_CONFIGURE_ON= --with-gssapi=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} GSSAPI_BASE_CPPFLAGS= ${GSSAPICPPFLAGS} GSSAPI_BASE_LDFLAGS= ${GSSAPILDFLAGS} GSSAPI_BASE_LIBS= ${GSSAPILIBS} GSSAPI_BASE_USES= gssapi GSSAPI_HEIMDAL_CONFIGURE_ON= --with-gssapi=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} GSSAPI_HEIMDAL_CPPFLAGS=${GSSAPICPPFLAGS} GSSAPI_HEIMDAL_LDFLAGS= ${GSSAPILDFLAGS} GSSAPI_HEIMDAL_LIBS= ${GSSAPILIBS} GSSAPI_HEIMDAL_USES= gssapi:heimdal GSSAPI_MIT_CONFIGURE_ON=--with-gssapi=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} GSSAPI_MIT_CPPFLAGS= ${GSSAPICPPFLAGS} GSSAPI_MIT_LDFLAGS= ${GSSAPILDFLAGS} GSSAPI_MIT_LIBS= ${GSSAPILIBS} GSSAPI_MIT_USES= gssapi:mit GSSAPI_NONE_CONFIGURE_ON= --without-gssapi HTTP2_CONFIGURE_WITH= libnghttp2 HTTP2_LIB_DEPENDS= libnghttp2.so:www/libnghttp2 HTTP2_USES= pkgconfig IDN_CONFIGURE_WITH= libidn2 IDN_LIB_DEPENDS= libidn2.so:dns/libidn2 IPV6_CATEGORIES= ipv6 IPV6_CONFIGURE_ENABLE= ipv6 LDAP_CONFIGURE_ENABLE= ldap LDAP_USE= OPENLDAP=yes LDAPS_CONFIGURE_ENABLE= ldaps LIBSSH2_CONFIGURE_WITH= libssh2 LIBSSH2_LIB_DEPENDS= libssh2.so:security/libssh2 METALINK_CONFIGURE_WITH=libmetalink METALINK_LIB_DEPENDS= libmetalink.so:misc/libmetalink METALINK_LIBS= -lcrypto NSS_CONFIGURE_WITH= nss NSS_LIB_DEPENDS= libnss3.so:security/nss NSS_USES= pkgconfig OPENSSL_CONFIGURE_OFF= --without-ssl OPENSSL_CONFIGURE_ON= --with-ssl=${OPENSSLBASE} OPENSSL_CPPFLAGS= -I${OPENSSLINC} OPENSSL_LDFLAGS= -L${OPENSSLLIB} OPENSSL_USES= ssl POLARSSL_CONFIGURE_WITH=polarssl POLARSSL_LIB_DEPENDS= libmbedtls.so.9:security/polarssl13 PROXY_CONFIGURE_ENABLE= proxy PSL_CONFIGURE_WITH= libpsl PSL_LIB_DEPENDS= libpsl.so:dns/libpsl RTMP_CONFIGURE_WITH= librtmp RTMP_LIB_DEPENDS= librtmp.so:multimedia/librtmp RTMP_USES= pkgconfig SMB_CONFIGURE_ENABLE= smb THREADED_RESOLVER_CONFIGURE_ENABLE= pthreads threaded-resolver TLS_SRP_CONFIGURE_ENABLE= tls-srp WOLFSSL_CONFIGURE_WITH= cyassl WOLFSSL_LIB_DEPENDS= libwolfssl.so:security/wolfssl .include .if !${PORT_OPTIONS:MGNUTLS} && !${PORT_OPTIONS:MOPENSSL} && ${PORT_OPTIONS:MTLS_SRP} IGNORE= only supports TLS-SRP with either OpenSSL or GnuTLS .endif .if ${PORT_OPTIONS:MLDAPS} && !${PORT_OPTIONS:MGNUTLS} && !${PORT_OPTIONS:MNSS} && !${PORT_OPTIONS:MOPENSSL} && !${PORT_OPTIONS:MPOLARSSL} && !${PORT_OPTIONS:MWOLFSSL} IGNORE= only supports LDAPS with SSL .endif .if ${PORT_OPTIONS:MTLS_SRP} && ${SSL_DEFAULT:Mlibressl*} IGNORE= unsupported TLS-SRP in LibreSSL .endif post-patch: @${REINPLACE_CMD} -e '/^SUBDIRS = / s|$$| docs scripts|; /^DIST_SUBDIRS = / s| docs scripts||; /cd docs &&/d' ${WRKSRC}/Makefile.in @${REINPLACE_CMD} -e 's|\(flags_dbg_off=\)".*"|\1""|; s|\(flags_opt_off=\)".*"|\1""|' ${WRKSRC}/configure @${REINPLACE_CMD} -e 's|include |include |' ${WRKSRC}/lib/curl_gssapi.h ${WRKSRC}/lib/urldata.h post-install: ${INSTALL_DATA} ${WRKSRC}/docs/libcurl/libcurl.m4 ${STAGEDIR}${PREFIX}/share/aclocal/ post-install-DOCS-on: ${MKDIR} ${STAGEDIR}${DOCSDIR}/ ${STAGEDIR}${DOCSDIR}/libcurl/ cd ${WRKSRC}/docs/ && ${INSTALL_DATA} ${DOCS} ${STAGEDIR}${DOCSDIR}/ cd ${WRKSRC}/docs/libcurl/ && ${INSTALL_DATA} ABI *.html *.m4 ${STAGEDIR}${DOCSDIR}/libcurl/ post-install-EXAMPLES-on: ${MKDIR} ${STAGEDIR}${EXAMPLESDIR}/ cd ${WRKSRC}/docs/examples/ && ${INSTALL_DATA} README Makefile.example makefile* *.c *.cpp ${STAGEDIR}${EXAMPLESDIR}/ pre-test-PROXY-off: @${ECHO_MSG} "******************************************" @${ECHO_MSG} "* You have disabled curl proxy support. *" @${ECHO_MSG} "* Some tests SHALL FAIL! *" @${ECHO_MSG} "* This is being addressed. *" @${ECHO_MSG} "******************************************" .include Index: head/ftp/curl/files/patch-CVE-2017-7407 =================================================================== --- head/ftp/curl/files/patch-CVE-2017-7407 (nonexistent) +++ head/ftp/curl/files/patch-CVE-2017-7407 (revision 437808) @@ -0,0 +1,164 @@ +From 6019f1795b4e3b72507b84b0e02dc8c32024f562 Mon Sep 17 00:00:00 2001 +From: Dan Fandrich +Date: Sat, 11 Mar 2017 10:59:34 +0100 +Subject: [PATCH] CVE-2017-7407: fixed + +Bug: https://curl.haxx.se/docs/adv_20170403.html + +Reported-by: Brian Carpenter +--- src/tool_writeout.c.orig 2017-01-13 09:55:20 UTC ++++ src/tool_writeout.c +@@ -5,7 +5,7 @@ + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * +- * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. ++ * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms +@@ -113,7 +113,7 @@ void ourWriteOut(CURL *curl, struct OutS + double doubleinfo; + + while(ptr && *ptr) { +- if('%' == *ptr) { ++ if('%' == *ptr && ptr[1]) { + if('%' == ptr[1]) { + /* an escaped %-letter */ + fputc('%', stream); +@@ -341,7 +341,7 @@ void ourWriteOut(CURL *curl, struct OutS + } + } + } +- else if('\\' == *ptr) { ++ else if('\\' == *ptr && ptr[1]) { + switch(ptr[1]) { + case 'r': + fputc('\r', stream); + src/tool_writeout.c | 6 +++--- + tests/data/Makefile.inc | 2 +- + tests/data/test1440 | 31 +++++++++++++++++++++++++++++++ + tests/data/test1441 | 31 +++++++++++++++++++++++++++++++ + tests/data/test1442 | 35 +++++++++++++++++++++++++++++++++++ + 5 files changed, 101 insertions(+), 4 deletions(-) + create mode 100644 tests/data/test1440 + create mode 100644 tests/data/test1441 + create mode 100644 tests/data/test1442 + +--- tests/data/Makefile.inc.orig 2017-02-21 07:09:13 UTC ++++ tests/data/Makefile.inc +@@ -151,7 +151,7 @@ test1408 test1409 test1410 test1411 test + test1416 test1417 test1418 test1419 test1420 test1421 test1422 test1423 \ + test1424 \ + test1428 test1429 test1430 test1431 test1432 test1433 test1434 test1435 \ +-test1436 test1437 test1438 test1439 \ ++test1436 test1437 test1438 test1439 test1440 test1441 test1442 \ + \ + test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \ + test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \ +--- tests/data/test1440.orig 2017-04-05 17:06:44 UTC ++++ tests/data/test1440 +@@ -0,0 +1,31 @@ ++ ++ ++ ++--write-out ++ ++ ++# Server-side ++ ++ ++ ++# Client-side ++ ++ ++file ++ ++ ++ ++Check --write-out with trailing %{ ++ ++ ++file://localhost/%PWD/log/ --write-out '%{' ++ ++ ++ ++# Verify data ++ ++ ++%{ ++ ++ ++ +--- tests/data/test1441.orig 2017-04-05 17:06:44 UTC ++++ tests/data/test1441 +@@ -0,0 +1,31 @@ ++ ++ ++ ++--write-out ++ ++ ++# Server-side ++ ++ ++ ++# Client-side ++ ++ ++file ++ ++ ++ ++Check --write-out with trailing % ++ ++ ++file://localhost/%PWD/log/ --write-out '%' ++ ++ ++ ++# Verify data ++ ++ ++% ++ ++ ++ +--- tests/data/test1442.orig 2017-04-05 17:06:44 UTC ++++ tests/data/test1442 +@@ -0,0 +1,35 @@ ++ ++ ++ ++--write-out ++FILE ++ ++ ++# Server-side ++ ++ ++ ++# Client-side ++ ++ ++file ++ ++ ++ ++Check --write-out with trailing \ ++ ++ ++file://localhost/%PWD/log/non-existent-file.txt --write-out '\' ++ ++ ++ ++# Verify data ++ ++ ++37 ++ ++ ++\ ++ ++ ++ Property changes on: head/ftp/curl/files/patch-CVE-2017-7407 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property