diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2017-08-11 08:59:36 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2017-08-14 11:33:55 +0200 |
commit | a51f2d7593706eb38073b80df6192c6730f36c60 (patch) | |
tree | 6d5afd92c47113344cfe1ec9bdf697e39ba4a27c /main/curl/APKBUILD | |
parent | f47ad914acc7b1da2a97b919f2e42ccb8b56af0c (diff) |
main/curl: security upgrade to 7.55.0
Diffstat (limited to 'main/curl/APKBUILD')
-rw-r--r-- | main/curl/APKBUILD | 30 |
1 files changed, 13 insertions, 17 deletions
diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD index e90bd51afec..20ff1cf0b97 100644 --- a/main/curl/APKBUILD +++ b/main/curl/APKBUILD @@ -2,8 +2,8 @@ # Contributor: Sergey Lukin <sergej.lukin@gmail.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=curl -pkgver=7.52.1 -pkgrel=1 +pkgver=7.55.0 +pkgrel=0 pkgdesc="An URL retrival utility and library" url="http://curl.haxx.se" arch="all" @@ -13,14 +13,16 @@ depends_dev="zlib-dev openssl-dev libssh2-dev" makedepends="groff $depends_dev perl" subpackages="$pkgname-doc $pkgname-dev" source="http://curl.haxx.se/download/curl-$pkgver.tar.bz2 - CVE-2017-2629.patch - CVE-2017-7407.patch - CVE-2017-7468.patch + curl-do-bounds-check-using-a-double-comparison.patch " _builddir="$srcdir/$pkgname-$pkgver" # secfixes: +# 7.55.0-r0: +# - CVE-2017-1000099 +# - CVE-2017-1000100 +# - CVE-2017-1000101 # 7.52.1-r1: # - CVE-2017-7468 # - CVE-2017-7407 @@ -62,6 +64,10 @@ prepare() { build() { cd "$_builddir" + + # see https://curl.haxx.se/mail/lib-2017-08/0050.html + rm docs/libcurl/opts/CURLOPT_STRIP_PATH_SLASH.3 + ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -80,15 +86,5 @@ package() { make DESTDIR="$pkgdir" install || return 1 } -md5sums="dd014df06ff1d12e173de86873f9f77a curl-7.52.1.tar.bz2 -d2809e105e897b106428909a2e08bd2b CVE-2017-2629.patch -50cc3a2d1577fc0876aa6baf04a679ff CVE-2017-7407.patch -0e80ef6bc62f62a0d0fd23a03dc54089 CVE-2017-7468.patch" -sha256sums="d16185a767cb2c1ba3d5b9096ec54e5ec198b213f45864a38b3bda4bbf87389b curl-7.52.1.tar.bz2 -33b55a4e4e88c8589e50fa377cad599df80a6841386f8e872d8eff8c8a970585 CVE-2017-2629.patch -a10711694c64ce77b9528d3b5bfefbf0e4083d1046d7c84952f5728bf431ecc0 CVE-2017-7407.patch -9438f2ee4d9542e492bc31ca1e667c7c4dc534e2503f5d8115b0283e75376f40 CVE-2017-7468.patch" -sha512sums="cf36563c77d096f2c6084354ed6d45ccca7c557828ceab21204e4e8be0d4f0d287839c8cfac906174b86d51a1ee816c2769fc78ef88f039c9645bd2c27982a75 curl-7.52.1.tar.bz2 -94b3419b4366f1c404d2f2634485e05d45c9e2ad3bed4a7eba53c17253373ce9b848fc6123b55561f8dac471ab0b2a77f12e22dba8bee9a11d5c531f22fb4b18 CVE-2017-2629.patch -f156c791a8439a4314555ca06c5ee3a23fae77d87d32a19df3c57ea605f9284b66f4a5dcaa5d2c598e93e69bb16c0e51a930c5b39fc8034b517d7b428cdaaf8d CVE-2017-7407.patch -9e620bac1b92d452992df1388c3b93228bcd6db490bc9f0c93480468a9189c85f20b31f27ec1c79e63cd5ee127c40c416542f4b02ed21af490d2938dcd9215b5 CVE-2017-7468.patch" +sha512sums="4975864621219e937585aaf5a9a54bba112b58bbf5a8acd92e1e972ea747a15a5564143548c5d8930b8c0d0e9d27d28225d0c81e52a1ba71e4c6f9e3859c978b curl-7.55.0.tar.bz2 +d0f102fdbc2174169b2fea9248c3187d8c546d3a788447769dceec5fb7e063adbebbc967b88d208af1355cfda600f837abdae6d2e057a096eededc1857d2b8d3 curl-do-bounds-check-using-a-double-comparison.patch" |