summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2016-05-18 08:11:33 -0400
committerAnthony G. Basile <blueness@gentoo.org>2016-05-18 08:27:07 -0400
commitfe5ef09aeaea246f612ce89fa89523f6f6353869 (patch)
treef25de83b2d9803f5210c2aabbfe07d266dae1319
parentsys-freebsd/freebsd-sources: Merge multiple Security Advisory fix (diff)
downloadgentoo-fe5ef09aeaea246f612ce89fa89523f6f6353869.tar.gz
gentoo-fe5ef09aeaea246f612ce89fa89523f6f6353869.tar.bz2
gentoo-fe5ef09aeaea246f612ce89fa89523f6f6353869.zip
net-misc/curl: bump for CVE-2016-3739, bug #583394
Package-Manager: portage-2.2.26
-rw-r--r--net-misc/curl/Manifest1
-rw-r--r--net-misc/curl/curl-7.49.0.ebuild237
2 files changed, 238 insertions, 0 deletions
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index b63a2a3a685f..08095859e126 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -1,3 +1,4 @@
DIST curl-7.45.0.tar.bz2 3473632 SHA256 65154e66b9f8a442b57c436904639507b4ac37ec13d6f8a48248f1b4012b98ea SHA512 71c557c69eb8d160f74a9b76ef83a46ce33ef4e8a66a261699329583dadf10205b4ba4783f92d4e6c8724f6610ffade5b0a9f189b0a7b9169ff839dfc8980481 WHIRLPOOL afc1627cebb64c9111f943fe63d95c8a998934fd02e3b8d12f061d23b174b7475c48451ecc1713ce54771455a6465238aa3b818b0eb9ba5c86ffd06eb1f2bc76
DIST curl-7.47.1.tar.bz2 3506256 SHA256 ddc643ab9382e24bbe4747d43df189a0a6ce38fcb33df041b9cb0b3cd47ae98f SHA512 e99d94dfdd349df0603de21687039c69765d40ae6bd73bd8ccdb6d046903a94e590a9cc903f378f8d030997a29bf0394ac5e342c9989a815679f9ea4fa79913f WHIRLPOOL d8a77d9c693a7b72066d5289107a5a5afc798b4736795569350840bd41a2166fec700138244ddcb24558fdd94d91b919ff385e1bc8abcdcdad65cba842076b3d
DIST curl-7.48.0.tar.bz2 7408757 SHA256 864e7819210b586d42c674a1fdd577ce75a78b3dda64c63565abe5aefd72c753 SHA512 9bb554eaf4ccaced0fa9b38de4f381eab84b96c1aa07a45d83ddfd38a925044d0fe9fac517263f67f009d2294a31c33dedb2267defbab0cb14f96091bbed5f92 WHIRLPOOL ffdc621510f71d039544e7d646f198cd1bcbb96ad114f2a685093d7a6d4431d38949c7a3557c3f4a38f54843ba217a04e3fde8a27a56b40e30d6552ef8c2a02b
+DIST curl-7.49.0.tar.bz2 7458465 SHA256 14f44ed7b5207fea769ddb2c31bd9e720d37312e1c02315def67923a4a636078 SHA512 57a82185c082ea872a54c6f5a11ca24fe6131108c16255278671504afca848b9298681de9c9bb5905b9655295edf25c104d1301c4bbdb1f261d952a020d77111 WHIRLPOOL f5c4d15b7072d98e0760d7e5de59c307fb4e7f84125db7ebb2fc9f9d19e3ed35f937244579c00d9fb1e86604df277eab2a1eb14d7b339182e484a4925103dff7
diff --git a/net-misc/curl/curl-7.49.0.ebuild b/net-misc/curl/curl-7.49.0.ebuild
new file mode 100644
index 000000000000..ae337f15af7e
--- /dev/null
+++ b/net-misc/curl/curl-7.49.0.ebuild
@@ -0,0 +1,237 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit autotools eutils prefix multilib-minimal
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="http://curl.haxx.se/"
+SRC_URI="http://curl.haxx.se/download/${P}.tar.bz2"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="adns http2 idn ipv6 kerberos ldap metalink rtmp samba ssh ssl static-libs test threads"
+IUSE+=" curl_ssl_axtls curl_ssl_gnutls curl_ssl_libressl curl_ssl_mbedtls curl_ssl_nss +curl_ssl_openssl curl_ssl_polarssl curl_ssl_winssl"
+IUSE+=" elibc_Winnt"
+
+#lead to lots of false negatives, bug #285669
+RESTRICT="test"
+
+RDEPEND="ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] )
+ ssl? (
+ curl_ssl_axtls? (
+ net-libs/axtls[${MULTILIB_USEDEP}]
+ app-misc/ca-certificates
+ )
+ curl_ssl_gnutls? (
+ net-libs/gnutls:0=[static-libs?,${MULTILIB_USEDEP}]
+ dev-libs/nettle:0=[${MULTILIB_USEDEP}]
+ app-misc/ca-certificates
+ )
+ curl_ssl_libressl? (
+ dev-libs/libressl:0=[static-libs?,${MULTILIB_USEDEP}]
+ )
+ curl_ssl_mbedtls? (
+ net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
+ app-misc/ca-certificates
+ )
+ curl_ssl_openssl? (
+ dev-libs/openssl:0=[static-libs?,${MULTILIB_USEDEP}]
+ )
+ curl_ssl_nss? (
+ dev-libs/nss:0[${MULTILIB_USEDEP}]
+ app-misc/ca-certificates
+ )
+ curl_ssl_polarssl? (
+ net-libs/polarssl:0=[${MULTILIB_USEDEP}]
+ app-misc/ca-certificates
+ )
+ )
+ http2? ( net-libs/nghttp2[${MULTILIB_USEDEP}] )
+ idn? ( net-dns/libidn:0[static-libs?,${MULTILIB_USEDEP}] )
+ adns? ( net-dns/c-ares:0[${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ metalink? ( >=media-libs/libmetalink-0.1.1[${MULTILIB_USEDEP}] )
+ rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+ ssh? ( net-libs/libssh2[static-libs?,${MULTILIB_USEDEP}] )
+ sys-libs/zlib[${MULTILIB_USEDEP}]
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r13
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+
+# Do we need to enforce the same ssl backend for curl and rtmpdump? Bug #423303
+# rtmp? (
+# media-video/rtmpdump
+# curl_ssl_gnutls? ( media-video/rtmpdump[gnutls] )
+# curl_ssl_openssl? ( media-video/rtmpdump[-gnutls,ssl] )
+# )
+
+# ssl providers to be added:
+# fbopenssl $(use_with spnego)
+
+DEPEND="${RDEPEND}
+ >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+ test? (
+ sys-apps/diffutils
+ dev-lang/perl
+ )"
+
+# c-ares must be disabled for threads
+# only one ssl provider can be enabled
+REQUIRED_USE="
+ curl_ssl_winssl? ( elibc_Winnt )
+ threads? ( !adns )
+ ssl? (
+ ^^ (
+ curl_ssl_axtls
+ curl_ssl_gnutls
+ curl_ssl_libressl
+ curl_ssl_mbedtls
+ curl_ssl_nss
+ curl_ssl_openssl
+ curl_ssl_polarssl
+ curl_ssl_winssl
+ )
+ )"
+
+DOCS=( CHANGES README docs/FEATURES docs/INTERNALS \
+ docs/MANUAL docs/FAQ docs/BUGS docs/CONTRIBUTE )
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/curl-config
+)
+
+src_prepare() {
+ epatch \
+ "${FILESDIR}"/${PN}-7.30.0-prefix.patch \
+ "${FILESDIR}"/${PN}-respect-cflags-3.patch \
+ "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch
+
+ sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241
+
+ epatch_user
+ eprefixify curl-config.in
+ eautoreconf
+}
+
+multilib_src_configure() {
+ einfo "\033[1;32m**************************************************\033[00m"
+
+ # We make use of the fact that later flags override earlier ones
+ # So start with all ssl providers off until proven otherwise
+ local myconf=()
+ myconf+=( --without-axtls --without-gnutls --without-mbedtls --without-nss --without-polarssl --without-ssl --without-winssl )
+ myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt )
+ if use ssl ; then
+ if use curl_ssl_axtls; then
+ einfo "SSL provided by axtls"
+ myconf+=( --with-axtls )
+ elif use curl_ssl_gnutls; then
+ einfo "SSL provided by gnutls"
+ myconf+=( --with-gnutls --with-nettle )
+ elif use curl_ssl_libressl; then
+ einfo "SSL provided by LibreSSL"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ elif use curl_ssl_mbedtls; then
+ einfo "SSL provided by mbedtls"
+ myconf+=( --with-mbedtls )
+ elif use curl_ssl_nss; then
+ einfo "SSL provided by nss"
+ myconf+=( --with-nss )
+ elif use curl_ssl_polarssl; then
+ einfo "SSL provided by polarssl"
+ myconf+=( --with-polarssl )
+ elif use curl_ssl_openssl; then
+ einfo "SSL provided by openssl"
+ myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+ elif use curl_ssl_winssl; then
+ einfo "SSL provided by Windows"
+ myconf+=( --with-winssl )
+ else
+ eerror "We can't be here because of REQUIRED_USE."
+ fi
+ else
+ einfo "SSL disabled"
+ fi
+ einfo "\033[1;32m**************************************************\033[00m"
+
+ # These configuration options are organized alphabetically
+ # within each category. This should make it easier if we
+ # ever decide to make any of them contingent on USE flags:
+ # 1) protocols first. To see them all do
+ # 'grep SUPPORT_PROTOCOLS configure.ac'
+ # 2) --enable/disable options second.
+ # 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+ # 3) --with/without options third.
+ # grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+ ECONF_SOURCE="${S}" \
+ econf \
+ --enable-crypto-auth \
+ --enable-dict \
+ --enable-file \
+ --enable-ftp \
+ --enable-gopher \
+ --enable-http \
+ --enable-imap \
+ $(use_enable ldap) \
+ $(use_enable ldap ldaps) \
+ --disable-ntlm-wb \
+ --enable-pop3 \
+ --enable-rt \
+ --enable-rtsp \
+ $(use_enable samba smb) \
+ $(use_with ssh libssh2) \
+ --enable-smtp \
+ --enable-telnet \
+ --enable-tftp \
+ --enable-tls-srp \
+ $(use_enable adns ares) \
+ --enable-cookies \
+ --enable-hidden-symbols \
+ $(use_enable ipv6) \
+ --enable-largefile \
+ --without-libpsl \
+ --enable-manual \
+ --enable-proxy \
+ --disable-soname-bump \
+ --disable-sspi \
+ $(use_enable static-libs static) \
+ $(use_enable threads threaded-resolver) \
+ --disable-versioned-symbols \
+ --without-cyassl \
+ --without-darwinssl \
+ $(use_with idn libidn) \
+ $(use_with kerberos gssapi "${EPREFIX}"/usr) \
+ $(use_with metalink libmetalink) \
+ $(use_with http2 nghttp2) \
+ $(use_with rtmp librtmp) \
+ --without-spnego \
+ --without-winidn \
+ --with-zlib \
+ "${myconf[@]}"
+
+ if ! multilib_is_native_abi; then
+ # avoid building the client
+ sed -i -e '/SUBDIRS/s:src::' Makefile || die
+ sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ prune_libtool_files --all
+
+ rm -rf "${ED}"/etc/
+
+ # https://sourceforge.net/tracker/index.php?func=detail&aid=1705197&group_id=976&atid=350976
+ insinto /usr/share/aclocal
+ doins docs/libcurl/libcurl.m4
+}