commit: fe5ef09aeaea246f612ce89fa89523f6f6353869 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> AuthorDate: Wed May 18 12:11:33 2016 +0000 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> CommitDate: Wed May 18 12:27:07 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe5ef09a
net-misc/curl: bump for CVE-2016-3739, bug #583394 Package-Manager: portage-2.2.26 net-misc/curl/Manifest | 1 + net-misc/curl/curl-7.49.0.ebuild | 237 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 238 insertions(+) diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest index b63a2a3..0809585 100644 --- a/net-misc/curl/Manifest +++ b/net-misc/curl/Manifest @@ -1,3 +1,4 @@ DIST curl-7.45.0.tar.bz2 3473632 SHA256 65154e66b9f8a442b57c436904639507b4ac37ec13d6f8a48248f1b4012b98ea SHA512 71c557c69eb8d160f74a9b76ef83a46ce33ef4e8a66a261699329583dadf10205b4ba4783f92d4e6c8724f6610ffade5b0a9f189b0a7b9169ff839dfc8980481 WHIRLPOOL afc1627cebb64c9111f943fe63d95c8a998934fd02e3b8d12f061d23b174b7475c48451ecc1713ce54771455a6465238aa3b818b0eb9ba5c86ffd06eb1f2bc76 DIST curl-7.47.1.tar.bz2 3506256 SHA256 ddc643ab9382e24bbe4747d43df189a0a6ce38fcb33df041b9cb0b3cd47ae98f SHA512 e99d94dfdd349df0603de21687039c69765d40ae6bd73bd8ccdb6d046903a94e590a9cc903f378f8d030997a29bf0394ac5e342c9989a815679f9ea4fa79913f WHIRLPOOL d8a77d9c693a7b72066d5289107a5a5afc798b4736795569350840bd41a2166fec700138244ddcb24558fdd94d91b919ff385e1bc8abcdcdad65cba842076b3d DIST curl-7.48.0.tar.bz2 7408757 SHA256 864e7819210b586d42c674a1fdd577ce75a78b3dda64c63565abe5aefd72c753 SHA512 9bb554eaf4ccaced0fa9b38de4f381eab84b96c1aa07a45d83ddfd38a925044d0fe9fac517263f67f009d2294a31c33dedb2267defbab0cb14f96091bbed5f92 WHIRLPOOL ffdc621510f71d039544e7d646f198cd1bcbb96ad114f2a685093d7a6d4431d38949c7a3557c3f4a38f54843ba217a04e3fde8a27a56b40e30d6552ef8c2a02b +DIST curl-7.49.0.tar.bz2 7458465 SHA256 14f44ed7b5207fea769ddb2c31bd9e720d37312e1c02315def67923a4a636078 SHA512 57a82185c082ea872a54c6f5a11ca24fe6131108c16255278671504afca848b9298681de9c9bb5905b9655295edf25c104d1301c4bbdb1f261d952a020d77111 WHIRLPOOL f5c4d15b7072d98e0760d7e5de59c307fb4e7f84125db7ebb2fc9f9d19e3ed35f937244579c00d9fb1e86604df277eab2a1eb14d7b339182e484a4925103dff7 diff --git a/net-misc/curl/curl-7.49.0.ebuild b/net-misc/curl/curl-7.49.0.ebuild new file mode 100644 index 0000000..ae337f1 --- /dev/null +++ b/net-misc/curl/curl-7.49.0.ebuild @@ -0,0 +1,237 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit autotools eutils prefix multilib-minimal + +DESCRIPTION="A Client that groks URLs" +HOMEPAGE="http://curl.haxx.se/"; +SRC_URI="http://curl.haxx.se/download/${P}.tar.bz2"; + +LICENSE="MIT" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="adns http2 idn ipv6 kerberos ldap metalink rtmp samba ssh ssl static-libs test threads" +IUSE+=" curl_ssl_axtls curl_ssl_gnutls curl_ssl_libressl curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_polarssl curl_ssl_winssl" +IUSE+=" elibc_Winnt" + +#lead to lots of false negatives, bug #285669 +RESTRICT="test" + +RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) + ssl? ( + curl_ssl_axtls? ( + net-libs/axtls[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + curl_ssl_gnutls? ( + net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}] + dev-libs/nettle:0=[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + curl_ssl_libressl? ( + dev-libs/libressl:0=[static-libs?,${MULTILIB_USEDEP}] + ) + curl_ssl_mbedtls? ( + net-libs/mbedtls:0=[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + curl_ssl_openssl? ( + dev-libs/openssl:0=[static-libs?,${MULTILIB_USEDEP}] + ) + curl_ssl_nss? ( + dev-libs/nss:0[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + curl_ssl_polarssl? ( + net-libs/polarssl:0=[${MULTILIB_USEDEP}] + app-misc/ca-certificates + ) + ) + http2? ( net-libs/nghttp2[${MULTILIB_USEDEP}] ) + idn? ( net-dns/libidn:0[static-libs?,${MULTILIB_USEDEP}] ) + adns? ( net-dns/c-ares:0[${MULTILIB_USEDEP}] ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + metalink? ( >=media-libs/libmetalink-0.1.1[${MULTILIB_USEDEP}] ) + rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] ) + ssh? ( net-libs/libssh2[static-libs?,${MULTILIB_USEDEP}] ) + sys-libs/zlib[${MULTILIB_USEDEP}] + abi_x86_32? ( + !<=app-emulation/emul-linux-x86-baselibs-20140508-r13 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] + )" + +# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303 +# rtmp? ( +# media-video/rtmpdump +# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] ) +# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] ) +# ) + +# ssl providers to be added: +# fbopenssl $(use_with spnego) + +DEPEND="${RDEPEND} + >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] + test? ( + sys-apps/diffutils + dev-lang/perl + )" + +# c-ares must be disabled for threads +# only one ssl provider can be enabled +REQUIRED_USE=" + curl_ssl_winssl? ( elibc_Winnt ) + threads? ( !adns ) + ssl? ( + ^^ ( + curl_ssl_axtls + curl_ssl_gnutls + curl_ssl_libressl + curl_ssl_mbedtls + curl_ssl_nss + curl_ssl_openssl + curl_ssl_polarssl + curl_ssl_winssl + ) + )" + +DOCS=( CHANGES README docs/FEATURES docs/INTERNALS \ + docs/MANUAL docs/FAQ docs/BUGS docs/CONTRIBUTE ) + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/curl/curlbuild.h +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/curl-config +) + +src_prepare() { + epatch \ + "${FILESDIR}"/${PN}-7.30.0-prefix.patch \ + "${FILESDIR}"/${PN}-respect-cflags-3.patch \ + "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch + + sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241 + + epatch_user + eprefixify curl-config.in + eautoreconf +} + +multilib_src_configure() { + einfo "\033[1;32m**************************************************\033[00m" + + # We make use of the fact that later flags override earlier ones + # So start with all ssl providers off until proven otherwise + local myconf=() + myconf+=( --without-axtls --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl ) + myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt ) + if use ssl ; then + if use curl_ssl_axtls; then + einfo "SSL provided by axtls" + myconf+=( --with-axtls ) + elif use curl_ssl_gnutls; then + einfo "SSL provided by gnutls" + myconf+=( --with-gnutls --with-nettle ) + elif use curl_ssl_libressl; then + einfo "SSL provided by LibreSSL" + myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) + elif use curl_ssl_mbedtls; then + einfo "SSL provided by mbedtls" + myconf+=( --with-mbedtls ) + elif use curl_ssl_nss; then + einfo "SSL provided by nss" + myconf+=( --with-nss ) + elif use curl_ssl_polarssl; then + einfo "SSL provided by polarssl" + myconf+=( --with-polarssl ) + elif use curl_ssl_openssl; then + einfo "SSL provided by openssl" + myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs ) + elif use curl_ssl_winssl; then + einfo "SSL provided by Windows" + myconf+=( --with-winssl ) + else + eerror "We can't be here because of REQUIRED_USE." + fi + else + einfo "SSL disabled" + fi + einfo "\033[1;32m**************************************************\033[00m" + + # These configuration options are organized alphabetically + # within each category. This should make it easier if we + # ever decide to make any of them contingent on USE flags: + # 1) protocols first. To see them all do + # 'grep SUPPORT_PROTOCOLS configure.ac' + # 2) --enable/disable options second. + # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort + # 3) --with/without options third. + # grep -- --with configure | grep Check | awk '{ print $4 }' | sort + ECONF_SOURCE="${S}" \ + econf \ + --enable-crypto-auth \ + --enable-dict \ + --enable-file \ + --enable-ftp \ + --enable-gopher \ + --enable-http \ + --enable-imap \ + $(use_enable ldap) \ + $(use_enable ldap ldaps) \ + --disable-ntlm-wb \ + --enable-pop3 \ + --enable-rt \ + --enable-rtsp \ + $(use_enable samba smb) \ + $(use_with ssh libssh2) \ + --enable-smtp \ + --enable-telnet \ + --enable-tftp \ + --enable-tls-srp \ + $(use_enable adns ares) \ + --enable-cookies \ + --enable-hidden-symbols \ + $(use_enable ipv6) \ + --enable-largefile \ + --without-libpsl \ + --enable-manual \ + --enable-proxy \ + --disable-soname-bump \ + --disable-sspi \ + $(use_enable static-libs static) \ + $(use_enable threads threaded-resolver) \ + --disable-versioned-symbols \ + --without-cyassl \ + --without-darwinssl \ + $(use_with idn libidn) \ + $(use_with kerberos gssapi "${EPREFIX}"/usr) \ + $(use_with metalink libmetalink) \ + $(use_with http2 nghttp2) \ + $(use_with rtmp librtmp) \ + --without-spnego \ + --without-winidn \ + --with-zlib \ + "${myconf[@]}" + + if ! multilib_is_native_abi; then + # avoid building the client + sed -i -e '/SUBDIRS/s:src::' Makefile || die + sed -i -e '/SUBDIRS/s:scripts::' Makefile || die + fi +} + +multilib_src_install_all() { + einstalldocs + prune_libtool_files --all + + rm -rf "${ED}"/etc/ + + # https://sourceforge.net/tracker/index.php?func=detail&aid=1705197&group_id=976&atid=350976 + insinto /usr/share/aclocal + doins docs/libcurl/libcurl.m4 +}
