diff options
author | Leo <thinkabit.ukim@gmail.com> | 2020-09-15 11:10:22 -0300 |
---|---|---|
committer | Leo <thinkabit.ukim@gmail.com> | 2020-09-15 11:37:29 -0300 |
commit | 3e7a2f098769d9aa2865cffcf969b13c9ef56c38 (patch) | |
tree | fcb229a31bfb8f9a82248a4118ab98bdd56a8ca1 | |
parent | 877a2f9d6c5208ca001dbb2bdcf7dcb31450abea (diff) |
main/curl: fix CVE-2020-8169 and CVE-2020-8177
See: #11682
-rw-r--r-- | main/curl/APKBUILD | 14 | ||||
-rw-r--r-- | main/curl/CVE-2020-8169.patch | 21 | ||||
-rw-r--r-- | main/curl/CVE-2020-8177.patch | 50 |
3 files changed, 82 insertions, 3 deletions
diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD index a674002942f..adc14c8de54 100644 --- a/main/curl/APKBUILD +++ b/main/curl/APKBUILD @@ -4,7 +4,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=curl pkgver=7.66.0 -pkgrel=0 +pkgrel=1 pkgdesc="URL retrival utility and library" url="https://curl.haxx.se/" arch="all" @@ -14,9 +14,15 @@ depends_dev="openssl-dev nghttp2-dev zlib-dev" checkdepends="python3" makedepends="$depends_dev autoconf automake groff libtool perl" subpackages="$pkgname-dbg $pkgname-static $pkgname-doc $pkgname-dev libcurl" -source="https://curl.haxx.se/download/$pkgname-$pkgver.tar.xz" +source="https://curl.haxx.se/download/$pkgname-$pkgver.tar.xz + CVE-2020-8169.patch + CVE-2020-8177.patch + " # secfixes: +# 7.66.0-r1: +# - CVE-2020-8169 +# - CVE-2020-8177 # 7.66.0-r0: # - CVE-2019-5481 # - CVE-2019-5482 @@ -123,4 +129,6 @@ libcurl() { mv "$pkgdir"/usr/lib "$subpkgdir"/usr } -sha512sums="81170e7e4fa9d99ee2038d96d7f2ab10dcf52435331c818c7565c1a733891720f845a08029915e52ba532c6a344c346e1678474624aac1cc333aea6d1eacde35 curl-7.66.0.tar.xz" +sha512sums="81170e7e4fa9d99ee2038d96d7f2ab10dcf52435331c818c7565c1a733891720f845a08029915e52ba532c6a344c346e1678474624aac1cc333aea6d1eacde35 curl-7.66.0.tar.xz +4950975d59bdf8398dd5f4b8338e5f76ae3752247be9054a28753351bcddb46f71a8bd601dba31da1b6b3fbbfbe6192f33a6500144d89f2cfdfb47161e3addba CVE-2020-8169.patch +964b6bece2d748ac5dca6afe4689341e677b3c0961237485167157567526a898b8371104a7e075cd3c255ead50ea8658d8760d4a2eab4e5de11558372c4d189c CVE-2020-8177.patch" diff --git a/main/curl/CVE-2020-8169.patch b/main/curl/CVE-2020-8169.patch new file mode 100644 index 00000000000..d89e21f4d79 --- /dev/null +++ b/main/curl/CVE-2020-8169.patch @@ -0,0 +1,21 @@ +diff --git a/lib/url.c b/lib/url.c +index 47fc66a..a826f8a 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -2776,12 +2776,14 @@ static CURLcode override_login(struct Curl_easy *data, + + /* for updated strings, we update them in the URL */ + if(user_changed) { +- uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, 0); ++ uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, ++ CURLU_URLENCODE); + if(uc) + return Curl_uc_to_curlcode(uc); + } + if(passwd_changed) { +- uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, 0); ++ uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, ++ CURLU_URLENCODE); + if(uc) + return Curl_uc_to_curlcode(uc); + } diff --git a/main/curl/CVE-2020-8177.patch b/main/curl/CVE-2020-8177.patch new file mode 100644 index 00000000000..6966d837939 --- /dev/null +++ b/main/curl/CVE-2020-8177.patch @@ -0,0 +1,50 @@ +diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c +index b0880f1..e992bcc 100644 +--- a/src/tool_cb_hdr.c ++++ b/src/tool_cb_hdr.c +@@ -134,25 +134,11 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata) + filename = parse_filename(p, len); + if(filename) { + if(outs->stream) { +- int rc; +- /* already opened and possibly written to */ +- if(outs->fopened) +- fclose(outs->stream); +- outs->stream = NULL; +- +- /* rename the initial file name to the new file name */ +- rc = rename(outs->filename, filename); +- if(rc != 0) { +- warnf(outs->config->global, "Failed to rename %s -> %s: %s\n", +- outs->filename, filename, strerror(errno)); +- } +- if(outs->alloc_filename) +- Curl_safefree(outs->filename); +- if(rc != 0) { +- free(filename); +- return failure; +- } ++ /* indication of problem, get out! */ ++ free(filename); ++ return failure; + } ++ + outs->is_cd_filename = TRUE; + outs->s_isreg = TRUE; + outs->fopened = FALSE; +diff --git a/src/tool_getparam.c b/src/tool_getparam.c +index 2c18683..986172c 100644 +--- a/src/tool_getparam.c ++++ b/src/tool_getparam.c +@@ -1784,6 +1784,11 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ + } + break; + case 'i': ++ if(config->content_disposition) { ++ warnf(global, ++ "--include and --remote-header-name cannot be combined.\n"); ++ return PARAM_BAD_USE; ++ } + config->show_headers = toggle; /* show the headers as well in the + general output stream */ + break; |