On 1/21/26 14:02, Piotr Smyrak wrote: > On Wed, 21 Jan 2026 21:08:16 +0100 > Daniel Engberg <[email protected]> wrote: > >> On 2026-01-21 08:49, Andrea Venturoli wrote: >>> Hello. >>> >>> Curl 8.18 was released a couple of weeks ago and it closes multiple >>> vulnerabilities. >>> >>> I see no upgrade, no Bugzilla issue, no VuXML entry, etc... >>> >>> Sorry for the noise if you were already aware. >>> >>> bye >>> av. >>> >> Hi, >> >> I have an overlay with curl 8.18 if that's an option, it's best >> effort but it works for me on my boxes... >> https://github.com/diizzyy/ports-overlay/tree/main/ftp/curl > > It's also possible to update one's curl installment old school: > * download the patch from the PR [1] > * apply to the port files: > # cd /usr/ports/ftp/curl > # patch -p3 < /tmp/curl.diff > * rebuild the package from ports.
I will note that poudriere(-devel) has a way to use a null mounted port tree. So, for those that prefer such a style of build, that too is a possibility for a locally patched ports tree. > > 1. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292624 > > HTH, -- === Mark Millard marklmi at yahoo.com
