summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2016-10-14 10:06:05 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2016-10-14 10:09:47 +0000
commit0b9606c74e0669bf33b6218fa17b9c1e765eb79a (patch)
treebd27a49b1cdd6e60aaaee8af74add26901c92549
parent7a08dd0335631987f7d96c246bc226dc514ab5ab (diff)
main/curl: security fix (CVE-2016-7141). Fixes #6137
(cherry picked from commit 5d819a073fb59aa30d6f4614784fef677bb39a49)
-rw-r--r--main/curl/APKBUILD16
-rw-r--r--main/curl/CVE-2016-7141.patch42
2 files changed, 53 insertions, 5 deletions
diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD
index 319b6e311b7..7b5ba898994 100644
--- a/main/curl/APKBUILD
+++ b/main/curl/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=curl
pkgver=7.49.1
-pkgrel=1
+pkgrel=2
pkgdesc="An URL retrival utility and library"
url="http://curl.haxx.se"
arch="all"
@@ -15,15 +15,18 @@ source="http://curl.haxx.se/download/curl-$pkgver.tar.bz2
CVE-2016-5419.patch
CVE-2016-5420.patch
CVE-2016-5421.patch
+ CVE-2016-7141.patch
"
_builddir="$srcdir/$pkgname-$pkgver"
-# security fixes:
+# secfixes:
# 7.49.1-r1:
# - CVE-2016-5419
# - CVE-2016-5420
# - CVE-2016-5421
+# 7.49.1-r-2:
+# - CVE-2016-7141
prepare() {
local i
@@ -57,12 +60,15 @@ package() {
md5sums="6bb1f7af5b58b30e4e6414b8c1abccab curl-7.49.1.tar.bz2
290f6b37d95c9731849fc805a2ece53b CVE-2016-5419.patch
150e3c110d6eb85187e109d04317b9e3 CVE-2016-5420.patch
-0524664bc926374f6a7b057046924bd2 CVE-2016-5421.patch"
+0524664bc926374f6a7b057046924bd2 CVE-2016-5421.patch
+7eada1e3745e3cfe8f4057dec273d820 CVE-2016-7141.patch"
sha256sums="eb63cec4bef692eab9db459033f409533e6d10e20942f4b060b32819e81885f1 curl-7.49.1.tar.bz2
d3499aaf331fca2303749bdffbedf5677a555a37ada187c1a734926c7cb718e5 CVE-2016-5419.patch
23e1fbd27860c6f46bec094c06b5618da2ab71b091945f587c0d7e8d143472f7 CVE-2016-5420.patch
-bca78667ac9110920c5ce31c8d82a784fe327eb184460c1b87fab4de004e6692 CVE-2016-5421.patch"
+bca78667ac9110920c5ce31c8d82a784fe327eb184460c1b87fab4de004e6692 CVE-2016-5421.patch
+f097d6e5c75ebdaf532aef59e31790a657814bbb7e501dfb2eb6686ddca4f1eb CVE-2016-7141.patch"
sha512sums="665ef178c282c14f429498547b3711ef79faf85f6db7f4ec24259e2c6247f6ee234dda158ebc207d03f08b5198c5844480e054f24f054b2de6c6a15d4f1ce6e6 curl-7.49.1.tar.bz2
a596e489b0b566d9dcc8292ccec4d90dfbeae7cb11e250871217ff90d1c9525d602f40e112eb0d47a0a597e5768c105423d1cb0cb2825c39a319ea9d582269d0 CVE-2016-5419.patch
9578f13c5d8e5a5d184b5b08dd7d59de596644084f2de04c025ad8cd78e11dadcff45bf4fab02b8942d7ed19977dec4d220893f675d64ed13b27284d63dfa5f1 CVE-2016-5420.patch
-2b5e77dda11dbb77cbfe760da5377c94a1664b04f254c9fa642f49da119d93123ef6ee27e4c08d0ba9094240791ac09273c8be23fa8ca5982f8ed14d6b29ad7e CVE-2016-5421.patch"
+2b5e77dda11dbb77cbfe760da5377c94a1664b04f254c9fa642f49da119d93123ef6ee27e4c08d0ba9094240791ac09273c8be23fa8ca5982f8ed14d6b29ad7e CVE-2016-5421.patch
+7eae8b37fb9ba8dfc0d6658b37191560668914a84aba411cfdac155bd1749b980514124c0653e85823a8a0e770f47ccc2a4177810b02cfc641c90f008639879e CVE-2016-7141.patch"
diff --git a/main/curl/CVE-2016-7141.patch b/main/curl/CVE-2016-7141.patch
new file mode 100644
index 00000000000..dab2cc4bd76
--- /dev/null
+++ b/main/curl/CVE-2016-7141.patch
@@ -0,0 +1,42 @@
+From 7700fcba64bf5806de28f6c1c7da3b4f0b38567d Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Mon, 22 Aug 2016 10:24:35 +0200
+Subject: [PATCH] nss: refuse previously loaded certificate from file
+
+... when we are not asked to use a certificate from file
+---
+ lib/vtls/nss.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
+index 20c4277..cfb2263 100644
+--- a/lib/vtls/nss.c
++++ b/lib/vtls/nss.c
+@@ -1002,10 +1002,10 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
+ struct ssl_connect_data *connssl = (struct ssl_connect_data *)arg;
+ struct Curl_easy *data = connssl->data;
+ const char *nickname = connssl->client_nickname;
++ static const char pem_slotname[] = "PEM Token #1";
+
+ if(connssl->obj_clicert) {
+ /* use the cert/key provided by PEM reader */
+- static const char pem_slotname[] = "PEM Token #1";
+ SECItem cert_der = { 0, NULL, 0 };
+ void *proto_win = SSL_RevealPinArg(sock);
+ struct CERTCertificateStr *cert;
+@@ -1067,6 +1067,12 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
+ if(NULL == nickname)
+ nickname = "[unknown]";
+
++ if(!strncmp(nickname, pem_slotname, sizeof(pem_slotname) - 1U)) {
++ failf(data, "NSS: refusing previously loaded certificate from file: %s",
++ nickname);
++ return SECFailure;
++ }
++
+ if(NULL == *pRetKey) {
+ failf(data, "NSS: private key not found for certificate: %s", nickname);
+ return SECFailure;
+--
+2.7.4
+