aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJ0WI <J0WI@users.noreply.github.com>2021-07-21 11:39:29 +0200
committerLeo <thinkabit.ukim@gmail.com>2021-07-21 16:39:46 +0000
commit47c8ea6e6275b6cf2838ef6148cb381d8cad3ae3 (patch)
tree77a4c7b22e7f805809269c0857066e036fe37a33
parentae4a3101a61132190726b166683a0ce1373bed1b (diff)
downloadaports-47c8ea6e6275b6cf2838ef6148cb381d8cad3ae3.tar.gz
aports-47c8ea6e6275b6cf2838ef6148cb381d8cad3ae3.tar.bz2
aports-47c8ea6e6275b6cf2838ef6148cb381d8cad3ae3.tar.xz
main/curl: security upgrade to 7.78.0
-rw-r--r--main/curl/APKBUILD16
-rw-r--r--main/curl/conn_shutdown-if-closed-during-CONNECT-cleanup-properly.patch97
2 files changed, 9 insertions, 104 deletions
diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD
index b1708ac084..ee3d654bb2 100644
--- a/main/curl/APKBUILD
+++ b/main/curl/APKBUILD
@@ -8,8 +8,8 @@
# this aport from arch=all WILL be reverted.
pkgname=curl
-pkgver=7.77.0
-pkgrel=1
+pkgver=7.78.0
+pkgrel=0
pkgdesc="URL retrival utility and library"
url="https://curl.se/"
arch="all"
@@ -20,12 +20,15 @@ checkdepends="nghttp2 python3"
makedepends_host="$depends_dev"
makedepends_build="autoconf automake groff libtool perl"
subpackages="$pkgname-dbg $pkgname-static $pkgname-doc $pkgname-dev libcurl"
-source="https://curl.se/download/curl-$pkgver.tar.xz
- conn_shutdown-if-closed-during-CONNECT-cleanup-properly.patch
- "
+source="https://curl.se/download/curl-$pkgver.tar.xz"
options="net" # Required for running tests
# secfixes:
+# 7.78.0-r0:
+# - CVE-2021-22922
+# - CVE-2021-22923
+# - CVE-2021-22924
+# - CVE-2021-22925
# 7.77.0-r0:
# - CVE-2021-22898
# - CVE-2021-22901
@@ -156,6 +159,5 @@ static() {
}
sha512sums="
-aef92a0e3f8ce8491b258a9a1c4dcea3c07c29b139a1f68f08619caa0295cfde76335d2dfb9cdf434525daea7dd05d8acd22f203f5ccc7735bd317964ec1da76 curl-7.77.0.tar.xz
-bcf90547f574dd79c2dabdbc16a17426dbc6f7699799368b0b6d39d8ac6c044b027ceb484160d1e6aa7a1044834f568b94facadfa9430e720296c3103e14d3f0 conn_shutdown-if-closed-during-CONNECT-cleanup-properly.patch
+f72e822a0b5e28320ef547c7a441c07f3b4870579a70ab4c428751baba435a1385cb89a22b9ed4b84a7fafecf620f155911e4131e3463ec1bdad80ecde47bb7a curl-7.78.0.tar.xz
"
diff --git a/main/curl/conn_shutdown-if-closed-during-CONNECT-cleanup-properly.patch b/main/curl/conn_shutdown-if-closed-during-CONNECT-cleanup-properly.patch
deleted file mode 100644
index bc43227686..0000000000
--- a/main/curl/conn_shutdown-if-closed-during-CONNECT-cleanup-properly.patch
+++ /dev/null
@@ -1,97 +0,0 @@
-From 14a2ca85ecb8478772a30d8c2521e5e1d1d98b3d Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Wed, 9 Jun 2021 08:38:07 +0200
-Subject: [PATCH] conn_shutdown: if closed during CONNECT cleanup properly
-
-Reported-by: Alex Xu
-Reported-by: Phil E. Taylor
-
-Fixes #7236
-Closes #7237
----
- lib/http_proxy.c | 19 +++++++++++--------
- lib/http_proxy.h | 7 ++++---
- lib/url.c | 9 +++++++++
- 3 files changed, 24 insertions(+), 11 deletions(-)
-
-diff --git a/lib/http_proxy.c b/lib/http_proxy.c
-index a67d9d3b4115..e0a4987063d7 100644
---- a/lib/http_proxy.c
-+++ b/lib/http_proxy.c
-@@ -129,13 +129,13 @@ CURLcode Curl_proxy_connect(struct Curl_easy *data, int sockindex)
- bool Curl_connect_complete(struct connectdata *conn)
- {
- return !conn->connect_state ||
-- (conn->connect_state->tunnel_state == TUNNEL_COMPLETE);
-+ (conn->connect_state->tunnel_state >= TUNNEL_COMPLETE);
- }
-
- bool Curl_connect_ongoing(struct connectdata *conn)
- {
- return conn->connect_state &&
-- (conn->connect_state->tunnel_state != TUNNEL_COMPLETE);
-+ (conn->connect_state->tunnel_state <= TUNNEL_COMPLETE);
- }
-
- /* when we've sent a CONNECT to a proxy, we should rather either wait for the
-@@ -202,13 +202,16 @@ static void connect_done(struct Curl_easy *data)
- {
- struct connectdata *conn = data->conn;
- struct http_connect_state *s = conn->connect_state;
-- s->tunnel_state = TUNNEL_COMPLETE;
-- Curl_dyn_free(&s->rcvbuf);
-- Curl_dyn_free(&s->req);
-+ if(s->tunnel_state != TUNNEL_EXIT) {
-+ s->tunnel_state = TUNNEL_EXIT;
-+ Curl_dyn_free(&s->rcvbuf);
-+ Curl_dyn_free(&s->req);
-
-- /* retore the protocol pointer */
-- data->req.p.http = s->prot_save;
-- infof(data, "CONNECT phase completed!\n");
-+ /* retore the protocol pointer */
-+ data->req.p.http = s->prot_save;
-+ s->prot_save = NULL;
-+ infof(data, "CONNECT phase completed!\n");
-+ }
- }
-
- static CURLcode CONNECT_host(struct Curl_easy *data,
-diff --git a/lib/http_proxy.h b/lib/http_proxy.h
-index f5a4cb07cf1b..cdf8de4fba86 100644
---- a/lib/http_proxy.h
-+++ b/lib/http_proxy.h
-@@ -65,9 +65,10 @@ struct http_connect_state {
- } keepon;
- curl_off_t cl; /* size of content to read and ignore */
- enum {
-- TUNNEL_INIT, /* init/default/no tunnel state */
-- TUNNEL_CONNECT, /* CONNECT has been sent off */
-- TUNNEL_COMPLETE /* CONNECT response received completely */
-+ TUNNEL_INIT, /* init/default/no tunnel state */
-+ TUNNEL_CONNECT, /* CONNECT has been sent off */
-+ TUNNEL_COMPLETE, /* CONNECT response received completely */
-+ TUNNEL_EXIT
- } tunnel_state;
- BIT(chunked_encoding);
- BIT(close_connection);
-diff --git a/lib/url.c b/lib/url.c
-index 84d37a560eaf..27ba7d6b52ce 100644
---- a/lib/url.c
-+++ b/lib/url.c
-@@ -727,6 +727,15 @@ static void conn_shutdown(struct Curl_easy *data, struct connectdata *conn)
- DEBUGASSERT(data);
- infof(data, "Closing connection %ld\n", conn->connection_id);
-
-+#ifndef USE_HYPER
-+ if(conn->connect_state && conn->connect_state->prot_save) {
-+ /* If this was closed with a CONNECT in progress, cleanup this temporary
-+ struct arrangement */
-+ data->req.p.http = NULL;
-+ Curl_safefree(conn->connect_state->prot_save);
-+ }
-+#endif
-+
- /* possible left-overs from the async name resolvers */
- Curl_resolver_cancel(data);
-