<pre style='margin:0'>
Ryan Carsten Schmidt (ryandesign) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/4d009a7fcd4fbeae93af3892b9641b972a16f7c1">https://github.com/macports/macports-ports/commit/4d009a7fcd4fbeae93af3892b9641b972a16f7c1</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new 4d009a7fcd4 curl: Fix an SSL-related runtime crash
</span>4d009a7fcd4 is described below
<span style='display:block; white-space:pre;color:#808000;'>commit 4d009a7fcd4fbeae93af3892b9641b972a16f7c1
</span>Author: Ryan Carsten Schmidt <ryandesign@macports.org>
AuthorDate: Sat Feb 8 13:30:40 2025 -0600
<span style='display:block; white-space:pre;color:#404040;'> curl: Fix an SSL-related runtime crash
</span>---
net/curl/Portfile | 4 +-
net/curl/files/ssl-crash.patch | 134 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 137 insertions(+), 1 deletion(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/curl/Portfile b/net/curl/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index 66d4294a7b4..232dd9af8cf 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/curl/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/curl/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -35,12 +35,14 @@ checksums-prepend ${curl_distfile}
</span> if {${name} eq ${subport}} {
PortGroup muniversal 1.0
<span style='display:block; white-space:pre;background:#ffe0e0;'>- revision 0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ revision 1
</span>
depends_build path:bin/pkg-config:pkgconfig
depends_lib port:zlib
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ patchfiles-append ssl-crash.patch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> configure.args --disable-silent-rules \
--enable-ipv6 \
--without-brotli \
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/curl/files/ssl-crash.patch b/net/curl/files/ssl-crash.patch
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 00000000000..eaaf5de0c3d
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/curl/files/ssl-crash.patch
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,134 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Fix a runtime crash in some SSL codepaths. Will be in next release after 8.12.0.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+https://github.com/curl/curl/issues/16236#issuecomment-2645385845
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- lib/setopt.c.orig
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ lib/setopt.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1584,10 +1584,6 @@ static CURLcode setopt_pointers(struct Curl_easy *data, CURLoption option,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if(data->share->hsts == data->hsts)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ data->hsts = NULL;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #endif
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-#ifdef USE_SSL
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- if(data->share->ssl_scache == data->state.ssl_scache)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- data->state.ssl_scache = data->multi ? data->multi->ssl_scache : NULL;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-#endif
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #ifdef USE_LIBPSL
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if(data->psl == &data->share->psl)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ data->psl = data->multi ? &data->multi->psl : NULL;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1628,10 +1624,6 @@ static CURLcode setopt_pointers(struct Curl_easy *data, CURLoption option,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ data->hsts = data->share->hsts;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #endif
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-#ifdef USE_SSL
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- if(data->share->ssl_scache)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- data->state.ssl_scache = data->share->ssl_scache;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-#endif
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #ifdef USE_LIBPSL
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if(data->share->specifier & (1 << CURL_LOCK_DATA_PSL))
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ data->psl = &data->share->psl;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- lib/transfer.c.orig
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ lib/transfer.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -567,12 +567,6 @@ CURLcode Curl_pretransfer(struct Curl_easy *data)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #endif
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ data->state.httpreq = data->set.method;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-#ifdef USE_SSL
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- if(!data->state.ssl_scache)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- /* There was no ssl session cache set via a share, use the multi one */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- data->state.ssl_scache = data->multi->ssl_scache;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-#endif
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ data->state.requests = 0;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ data->state.followlocation = 0; /* reset the location-follow counter */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ data->state.this_is_a_follow = FALSE; /* reset this */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- lib/urldata.h.orig
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ lib/urldata.h
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1199,7 +1199,6 @@ struct UrlState {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ curl_prot_t first_remote_protocol;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ int retrycount; /* number of retries on a new connection */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- struct Curl_ssl_scache *ssl_scache; /* TLS session pool */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ int os_errno; /* filled in with errno whenever an error occurs */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ long followlocation; /* redirect counter */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ int requests; /* request counter: redirects + authentication retakes */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- lib/vtls/vtls_scache.c.orig
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ lib/vtls/vtls_scache.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -82,6 +82,17 @@ struct Curl_ssl_scache {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ long age;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ };
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++static struct Curl_ssl_scache *cf_ssl_scache_get(struct Curl_easy *data)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++{
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ struct Curl_ssl_scache *scache = NULL;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ /* If a share is present, its ssl_scache has preference over the multi */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ if(data->share && data->share->ssl_scache)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ scache = data->share->ssl_scache;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ else if(data->multi && data->multi->ssl_scache)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ scache = data->multi->ssl_scache;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ return scache;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ static void cf_ssl_scache_clear_session(struct Curl_ssl_session *s)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if(s->sdata) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -792,7 +803,7 @@ CURLcode Curl_ssl_scache_put(struct Curl_cfilter *cf,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ const char *ssl_peer_key,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ struct Curl_ssl_session *s)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- struct Curl_ssl_scache *scache = data->state.ssl_scache;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ CURLcode result;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ DEBUGASSERT(ssl_config);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -826,7 +837,7 @@ CURLcode Curl_ssl_scache_take(struct Curl_cfilter *cf,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ const char *ssl_peer_key,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ struct Curl_ssl_session **ps)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- struct Curl_ssl_scache *scache = data->state.ssl_scache;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ struct Curl_ssl_scache_peer *peer = NULL;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ struct Curl_llist_node *n;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -870,7 +881,7 @@ CURLcode Curl_ssl_scache_add_obj(struct Curl_cfilter *cf,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ void *sobj,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Curl_ssl_scache_obj_dtor *sobj_free)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- struct Curl_ssl_scache *scache = data->state.ssl_scache;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ struct Curl_ssl_scache_peer *peer = NULL;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ CURLcode result;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -898,7 +909,7 @@ bool Curl_ssl_scache_get_obj(struct Curl_cfilter *cf,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ const char *ssl_peer_key,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ void **sobj)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- struct Curl_ssl_scache *scache = data->state.ssl_scache;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ struct Curl_ssl_scache_peer *peer = NULL;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ CURLcode result;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -924,7 +935,7 @@ void Curl_ssl_scache_remove_all(struct Curl_cfilter *cf,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ struct Curl_easy *data,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ const char *ssl_peer_key)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- struct Curl_ssl_scache *scache = data->state.ssl_scache;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ struct Curl_ssl_scache_peer *peer = NULL;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ CURLcode result;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1021,7 +1032,7 @@ CURLcode Curl_ssl_session_import(struct Curl_easy *data,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ const unsigned char *shmac, size_t shmac_len,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ const unsigned char *sdata, size_t sdata_len)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- struct Curl_ssl_scache *scache = data->state.ssl_scache;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ struct Curl_ssl_scache_peer *peer = NULL;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ struct Curl_ssl_session *s = NULL;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ bool locked = FALSE;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1092,7 +1103,7 @@ CURLcode Curl_ssl_session_export(struct Curl_easy *data,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ curl_ssls_export_cb *export_fn,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ void *userptr)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- struct Curl_ssl_scache *scache = data->state.ssl_scache;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ struct Curl_ssl_scache_peer *peer;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ struct dynbuf sbuf, hbuf;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ struct Curl_llist_node *n;
</span></pre><pre style='margin:0'>
</pre>