* [PR PATCH] curl: update to 7.77.0.
@ 2021-05-26 15:34 sgn
2021-05-26 15:53 ` ericonr
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: sgn @ 2021-05-26 15:34 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1599 bytes --]
There is a new pull request by sgn against master on the void-packages repository
https://github.com/sgn/void-packages curl-update
https://github.com/void-linux/void-packages/pull/31132
curl: update to 7.77.0.
CVE-2021-22901
<!-- Mark items with [x] where applicable -->
#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)
#### Have the results of the proposed changes been tested?
- [ ] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR
<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!--
#### Does it build and run successfully?
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
- [ ] aarch64-musl
- [ ] armv7l
- [ ] armv6l-musl
-->
A patch file from https://github.com/void-linux/void-packages/pull/31132.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-curl-update-31132.patch --]
[-- Type: text/x-diff, Size: 1384 bytes --]
From 69adf1773097f777aa2b6d53f2937bd20098c873 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
<congdanhqx@gmail.com>
Date: Wed, 26 May 2021 15:26:42 +0700
Subject: [PATCH] curl: update to 7.77.0.
CVE-2021-22901
---
srcpkgs/curl/template | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/srcpkgs/curl/template b/srcpkgs/curl/template
index 7a9d588d9ecb..46a1388c000c 100644
--- a/srcpkgs/curl/template
+++ b/srcpkgs/curl/template
@@ -1,6 +1,6 @@
# Template file for 'curl'
pkgname=curl
-version=7.76.1
+version=7.77.0
revision=1
build_style=gnu-configure
configure_args="ac_cv_sizeof_off_t=8 --enable-threaded-resolver --enable-ipv6
@@ -21,7 +21,7 @@ license="MIT"
homepage="https://curl.haxx.se"
changelog="https://curl.haxx.se/changes.html#${version//./_}"
distfiles="${homepage}/download/${pkgname}-${version}.tar.bz2"
-checksum=7a8e184d7d31312c4ebf6a8cb59cd757e61b2b2833a9ed4f9bf708066e7695e9
+checksum=6c0c28868cb82593859fc43b9c8fdb769314c855c05cf1b56b023acf855df8ea
patch_args="-Np1"
build_options="gnutls gssapi ldap rtmp ssh ssl zstd"
build_options_default="ssh ssl zstd"
@@ -33,6 +33,10 @@ pre_configure() {
export CPPFLAGS="-D_FORTIFY_SOURCE=2"
}
+pre_check() {
+ export USER=nobody
+}
+
post_install() {
# Fix linker search paths when necessary
if [ -n "$XBPS_CROSS_BASE" ]; then
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: curl: update to 7.77.0.
2021-05-26 15:34 [PR PATCH] curl: update to 7.77.0 sgn
@ 2021-05-26 15:53 ` ericonr
2021-05-26 16:40 ` sgn
2021-05-26 16:40 ` [PR PATCH] [Merged]: " sgn
2 siblings, 0 replies; 4+ messages in thread
From: ericonr @ 2021-05-26 15:53 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 172 bytes --]
New comment by ericonr on void-packages repository
https://github.com/void-linux/void-packages/pull/31132#issuecomment-848892418
Comment:
Fixes CVE-2021-22898 too. LGTM.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: curl: update to 7.77.0.
2021-05-26 15:34 [PR PATCH] curl: update to 7.77.0 sgn
2021-05-26 15:53 ` ericonr
@ 2021-05-26 16:40 ` sgn
2021-05-26 16:40 ` [PR PATCH] [Merged]: " sgn
2 siblings, 0 replies; 4+ messages in thread
From: sgn @ 2021-05-26 16:40 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 190 bytes --]
New comment by sgn on void-packages repository
https://github.com/void-linux/void-packages/pull/31132#issuecomment-848935300
Comment:
telnet is not that common, and it's medium anyway :-p
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PR PATCH] [Merged]: curl: update to 7.77.0.
2021-05-26 15:34 [PR PATCH] curl: update to 7.77.0 sgn
2021-05-26 15:53 ` ericonr
2021-05-26 16:40 ` sgn
@ 2021-05-26 16:40 ` sgn
2 siblings, 0 replies; 4+ messages in thread
From: sgn @ 2021-05-26 16:40 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1452 bytes --]
There's a merged pull request on the void-packages repository
curl: update to 7.77.0.
https://github.com/void-linux/void-packages/pull/31132
Description:
CVE-2021-22901
<!-- Mark items with [x] where applicable -->
#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)
#### Have the results of the proposed changes been tested?
- [ ] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR
<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!--
#### Does it build and run successfully?
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
- [ ] aarch64-musl
- [ ] armv7l
- [ ] armv6l-musl
-->
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-05-26 16:40 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-26 15:34 [PR PATCH] curl: update to 7.77.0 sgn
2021-05-26 15:53 ` ericonr
2021-05-26 16:40 ` sgn
2021-05-26 16:40 ` [PR PATCH] [Merged]: " sgn
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).