Summary: | <net-misc/curl-7.86.0: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | blueness, correabuscar+gentoo_bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 878751, 880123 | ||
Bug Blocks: |
Description
John Helmert III
2022-10-26 13:59:21 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=650c8a2155508ae7ebed1dc543b53e0d0470b8c4 commit 650c8a2155508ae7ebed1dc543b53e0d0470b8c4 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-10-28 10:28:59 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-10-28 10:38:25 +0000 net-misc/curl: add 7.86.0 Bug: https://bugs.gentoo.org/878365 Signed-off-by: Sam James <sam@gentoo.org> net-misc/curl/Manifest | 2 + net-misc/curl/curl-7.86.0.ebuild | 287 +++++++++++++++++++++++++++++++++++++++ net-misc/curl/metadata.xml | 1 + 3 files changed, 290 insertions(+) Note that 7.86.0 introduced problems with proxy exception handling and is kind of very broken if you have to deal with proxies. https://github.com/curl/curl/issues/9821 https://github.com/curl/curl/issues/9813 There might be a new release soon to fix those. https://curl.se/mail/lib-2022-10/0079.html The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cc9e19d913994302ce2aff803013cd2be7dc3ce4 commit cc9e19d913994302ce2aff803013cd2be7dc3ce4 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-10-28 17:18:11 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-10-28 17:18:33 +0000 net-misc/curl: backport proxy handling regression fixes to 7.86.0 Bug: https://bugs.gentoo.org/878365 Thanks-to: Henning Schild <henning@hennsch.de> Signed-off-by: Sam James <sam@gentoo.org> net-misc/curl/curl-7.86.0-r1.ebuild | 289 +++++++++++++++++++++ .../curl-7.86.0-proxy-noproxy-match-comma.patch | 86 ++++++ .../curl-7.86.0-proxy-noproxy-tailmatching.patch | 66 +++++ 3 files changed, 441 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=93404ce48ebc3346b1d0a45e5b313f25bec02e5f commit 93404ce48ebc3346b1d0a45e5b313f25bec02e5f Author: Henning Schild <henning@hennsch.de> AuthorDate: 2022-11-16 13:09:30 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-11-17 00:58:35 +0000 net-misc/curl: backport one more noproxy regression patch to 7.86.0 Bug: https://bugs.gentoo.org/878365 Signed-off-by: Henning Schild <henning@hennsch.de> Closes: https://github.com/gentoo/gentoo/pull/28295 Signed-off-by: Sam James <sam@gentoo.org> net-misc/curl/curl-7.86.0-r3.ebuild | 292 +++++++++++++++++++++ ...roxy-tailmatch-like-in-7.85.0-and-earlier.patch | 84 ++++++ 2 files changed, 376 insertions(+) GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=d4066956acc3f238eef20bbbad18f982301dd80b commit d4066956acc3f238eef20bbbad18f982301dd80b Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-12-19 01:59:44 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-12-19 02:04:27 +0000 [ GLSA 202212-01 ] curl: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/803308 Bug: https://bugs.gentoo.org/813270 Bug: https://bugs.gentoo.org/841302 Bug: https://bugs.gentoo.org/843824 Bug: https://bugs.gentoo.org/854708 Bug: https://bugs.gentoo.org/867679 Bug: https://bugs.gentoo.org/878365 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202212-01.xml | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f92fca8369ead410f65536b53ab6f7c83c1d9c35 commit f92fca8369ead410f65536b53ab6f7c83c1d9c35 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-12-19 02:47:48 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-12-19 02:48:01 +0000 net-misc/curl: drop 7.84.0, 7.85.0-r2, 7.86.0-r2 Bug: https://bugs.gentoo.org/867679 Bug: https://bugs.gentoo.org/878365 Signed-off-by: John Helmert III <ajak@gentoo.org> net-misc/curl/Manifest | 4 - net-misc/curl/curl-7.84.0.ebuild | 290 ----------------------------------- net-misc/curl/curl-7.85.0-r2.ebuild | 287 ----------------------------------- net-misc/curl/curl-7.86.0-r2.ebuild | 291 ------------------------------------ 4 files changed, 872 deletions(-) Tree is clean, all done. |