aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJ0WI <J0WI@users.noreply.github.com>2021-07-22 15:17:12 +0200
committerJ0WI <J0WI@users.noreply.github.com>2021-07-25 15:21:46 +0200
commit33c24a34a046bdbd3f12734fbde33215b2e9a8c4 (patch)
treea68bd4ff32391ca34a39d98405a46ff9f96037d8
parent46c3c3b9b94ed251528dd748bc64cc676d6b0f02 (diff)
downloadaports-33c24a34a046bdbd3f12734fbde33215b2e9a8c4.tar.gz
aports-33c24a34a046bdbd3f12734fbde33215b2e9a8c4.tar.bz2
aports-33c24a34a046bdbd3f12734fbde33215b2e9a8c4.tar.xz
-rw-r--r--main/curl/APKBUILD15
-rw-r--r--main/curl/CVE-2021-22925.patch41
-rw-r--r--main/curl/CVE-2021-22926.patch70
3 files changed, 123 insertions, 3 deletions
diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD
index 28c58b5951..d3d5cb0fd5 100644
--- a/main/curl/APKBUILD
+++ b/main/curl/APKBUILD
@@ -4,7 +4,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=curl
pkgver=7.67.0
-pkgrel=4
+pkgrel=5
pkgdesc="URL retrival utility and library"
url="https://curl.haxx.se/"
arch="all"
@@ -21,9 +21,14 @@ source="https://curl.haxx.se/download/$pkgname-$pkgver.tar.xz
CVE-2020-8285.patch
CVE-2020-8286.patch
CVE-2021-22898.patch
+ CVE-2021-22925.patch
+ CVE-2021-22926.patch
"
# secfixes:
+# 7.67.0-r5:
+# - CVE-2021-22925
+# - CVE-2021-22926
# 7.67.0-r4:
# - CVE-2021-22898
# 7.67.0-r3:
@@ -149,10 +154,14 @@ static() {
mv "$pkgdir"/usr/lib/*.a "$subpkgdir"/usr/lib
}
-sha512sums="1d5a344be92dd61b1ba5189eff0fe337e492f2e850794943570fe71c985d0af60bd412082be646e07aaa8639908593e1ce4bb2d07db35394ec377e8ce8b9ae29 curl-7.67.0.tar.xz
+sha512sums="
+1d5a344be92dd61b1ba5189eff0fe337e492f2e850794943570fe71c985d0af60bd412082be646e07aaa8639908593e1ce4bb2d07db35394ec377e8ce8b9ae29 curl-7.67.0.tar.xz
4950975d59bdf8398dd5f4b8338e5f76ae3752247be9054a28753351bcddb46f71a8bd601dba31da1b6b3fbbfbe6192f33a6500144d89f2cfdfb47161e3addba CVE-2020-8169.patch
d43f92378c11824e73204b55a8e0952294e5cb17c89503e6fcd4932f812dda244a66c81e20606b4ececed7198bda37e0ca511631bf2ba91e2e9f336290ba5d4b CVE-2020-8177.patch
d5f4421e5ac6f89220d00fb156c803edbb64679e9064ca8328269eea3582ee7780f77522b5069a1288cc09e968567175c94139249cc337906243c95d0bc3e684 CVE-2020-8231.patch
2765302f147ad29b7187d334edfb66076ab81088583dd681ba37aed96eee6a5108ca8281fe185e60494d4aeda003216319d15e05a341f5796698452816fe0f97 CVE-2020-8285.patch
6c42a589a8bc7b588dcd2c3e656a221000608841b6347c66e640ba818f6ff73fcfaf1ae1948dcbd446689559f54476b0ca5e340fb00f44da1defb7c2573d4a8c CVE-2020-8286.patch
-c52275bc8ce1463b5a05c5387144b743462a2f551853134254317023ad39445eb53119d88bfb58d17aaa6e5f86985c2f2b540980337eaca1f385ac15818546e6 CVE-2021-22898.patch"
+c52275bc8ce1463b5a05c5387144b743462a2f551853134254317023ad39445eb53119d88bfb58d17aaa6e5f86985c2f2b540980337eaca1f385ac15818546e6 CVE-2021-22898.patch
+c033c26e79c773a9e76823d1e03efc9c52151bc5c55667aeea1e5a3625b860ac75fba5cdd60538d7fa49eebfc7fa31e503930d77179a07fd7c5721a6004f2fa9 CVE-2021-22925.patch
+64b3b81e3a67fdb5c7f28ebeda90170b5b50ed44101d70ec6fcf6c3977a63043d4cd5f9e9dd41a94060bcc32483f1c1dd16ef938420ba6a2d8eef31c174450b0 CVE-2021-22926.patch
+"
diff --git a/main/curl/CVE-2021-22925.patch b/main/curl/CVE-2021-22925.patch
new file mode 100644
index 0000000000..f05caaa5a8
--- /dev/null
+++ b/main/curl/CVE-2021-22925.patch
@@ -0,0 +1,41 @@
+From 894f6ec730597eb243618d33cc84d71add8d6a8a Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sat, 12 Jun 2021 18:25:15 +0200
+Subject: [PATCH] telnet: fix option parser to not send uninitialized contents
+
+CVS-2021-22925
+
+Reported-by: Red Hat Product Security
+Bug: https://curl.se/docs/CVE-2021-22925.html
+---
+ lib/telnet.c | 17 +++++++++++------
+ 1 file changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/lib/telnet.c b/lib/telnet.c
+index 1d3024ec4d3e..a81bb81c3675 100644
+--- a/lib/telnet.c
++++ b/lib/telnet.c
+@@ -920,12 +920,17 @@ static void suboption(struct Curl_easy *data)
+ size_t tmplen = (strlen(v->data) + 1);
+ /* Add the variable only if it fits */
+ if(len + tmplen < (int)sizeof(temp)-6) {
+- if(sscanf(v->data, "%127[^,],%127s", varname, varval) == 2) {
+- msnprintf((char *)&temp[len], sizeof(temp) - len,
+- "%c%s%c%s", CURL_NEW_ENV_VAR, varname,
+- CURL_NEW_ENV_VALUE, varval);
+- len += tmplen;
+- }
++ int rv;
++ char sep[2] = "";
++ varval[0] = 0;
++ rv = sscanf(v->data, "%127[^,]%1[,]%127s", varname, sep, varval);
++ if(rv == 1)
++ len += msnprintf((char *)&temp[len], sizeof(temp) - len,
++ "%c%s", CURL_NEW_ENV_VAR, varname);
++ else if(rv >= 2)
++ len += msnprintf((char *)&temp[len], sizeof(temp) - len,
++ "%c%s%c%s", CURL_NEW_ENV_VAR, varname,
++ CURL_NEW_ENV_VALUE, varval);
+ }
+ }
+ msnprintf((char *)&temp[len], sizeof(temp) - len,
diff --git a/main/curl/CVE-2021-22926.patch b/main/curl/CVE-2021-22926.patch
new file mode 100644
index 0000000000..fd8094e07a
--- /dev/null
+++ b/main/curl/CVE-2021-22926.patch
@@ -0,0 +1,70 @@
+From fd9b40bf8dfd43edcbc0d254d613d95a11061c05 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 21 Jun 2021 10:35:09 +0200
+Subject: [PATCH] sectransp: check for client certs by name first, then file
+
+CVE-2021-22926
+
+Bug: https://curl.se/docs/CVE-2021-22926.html
+
+Assisted-by: Daniel Gustafsson
+Reported-by: Harry Sintonen
+---
+ lib/vtls/sectransp.c | 33 +++++++++++++++++++--------------
+ 1 file changed, 19 insertions(+), 14 deletions(-)
+
+diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c
+index 21ca0824bdf6..26b833dd2ac7 100644
+--- a/lib/vtls/sectransp.c
++++ b/lib/vtls/sectransp.c
+@@ -32,6 +32,7 @@
+ #include "curl_base64.h"
+ #include "strtok.h"
+ #include "multiif.h"
++#include "strcase.h"
+
+ #ifdef USE_SECTRANSP
+
+@@ -1869,24 +1870,28 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data,
+ SecIdentityRef cert_and_key = NULL;
+ bool is_cert_file = is_file(ssl_cert);
+
+- /* User wants to authenticate with a client cert. Look for it:
+- If we detect that this is a file on disk, then let's load it.
+- Otherwise, assume that the user wants to use an identity loaded
+- from the Keychain. */
+- if(is_cert_file) {
++ /* User wants to authenticate with a client cert. Look for it. Assume that
++ the user wants to use an identity loaded from the Keychain. If not, try
++ it as a file on disk */
++
++ if(!is_cert_data)
++ err = CopyIdentityWithLabel(ssl_cert, &cert_and_key);
++ else
++ err = !noErr;
++ if((err != noErr) && (is_cert_file || is_cert_data)) {
+ if(!SSL_SET_OPTION(cert_type))
+- infof(data, "WARNING: SSL: Certificate type not set, assuming "
+- "PKCS#12 format.\n");
+- else if(strncmp(SSL_SET_OPTION(cert_type), "P12",
+- strlen(SSL_SET_OPTION(cert_type))) != 0)
+- infof(data, "WARNING: SSL: The Security framework only supports "
+- "loading identities that are in PKCS#12 format.\n");
++ infof(data, "SSL: Certificate type not set, assuming "
++ "PKCS#12 format.\n");
++ else if(!strcasecompare(SSL_SET_OPTION(cert_type), "P12")) {
++ failf(data, "SSL: The Security framework only supports "
++ "loading identities that are in PKCS#12 format.\n");
++ return CURLE_SSL_CERTPROBLEM;
++ }
+
+ err = CopyIdentityFromPKCS12File(ssl_cert,
+- SSL_SET_OPTION(key_passwd), &cert_and_key);
++ SSL_SET_OPTION(key_passwd),
++ &cert_and_key);
+ }
+- else
+- err = CopyIdentityWithLabel(ssl_cert, &cert_and_key);
+
+ if(err == noErr && cert_and_key) {
+ SecCertificateRef cert = NULL;