diff options
| author | Leonardo Arena <rnalrd@alpinelinux.org> | 2018-11-05 08:16:46 +0000 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2018-11-05 08:17:04 +0000 |
| commit | 8776c8cc044196f8f87d6fbc51e38dfa0f5aa438 (patch) | |
| tree | 1ac9907186d277b85c51bdc54f23863e0ab27c38 /main/curl | |
| parent | 1964690b93f83ee4a6edf1f52614739e368ae85c (diff) | |
main/curl: security upgrade to 7.62.0
Diffstat (limited to 'main/curl')
| -rw-r--r-- | main/curl/0001-openssl-fix-build-with-libressl-2.7.patch | 41 | ||||
| -rw-r--r-- | main/curl/APKBUILD | 15 | ||||
| -rw-r--r-- | main/curl/use-OPENSSL_config.patch | 41 |
3 files changed, 7 insertions, 90 deletions
diff --git a/main/curl/0001-openssl-fix-build-with-libressl-2.7.patch b/main/curl/0001-openssl-fix-build-with-libressl-2.7.patch deleted file mode 100644 index 407357bd94f..00000000000 --- a/main/curl/0001-openssl-fix-build-with-libressl-2.7.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 0941757feba839f22f26985ae1a23dc02a878f50 Mon Sep 17 00:00:00 2001 -From: Natanael Copa <ncopa@alpinelinux.org> -Date: Mon, 2 Apr 2018 20:55:52 +0000 -Subject: [PATCH] openssl: fix build with libressl 2.7 - -LibreSSL 2.7 introduced some of the OpenSSL 1.1 API. - -Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> ---- - configure.ac | 1 + - lib/vtls/openssl.c | 2 +- - 2 files changed, 2 insertions(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 798fa5f1e..9033165c1 100755 ---- a/configure.ac -+++ b/configure.ac -@@ -1789,6 +1789,7 @@ if test -z "$ssl_backends" -o "x$OPT_SSL" != xno && - AC_MSG_RESULT([no]) - ]) - -+ AC_CHECK_FUNCS( OpenSSL_version_num ) - AC_MSG_CHECKING([for libressl]) - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c -index 2a6b3cfac..9ae5313e1 100644 ---- a/lib/vtls/openssl.c -+++ b/lib/vtls/openssl.c -@@ -126,7 +126,7 @@ - #define X509_get0_notBefore(x) X509_get_notBefore(x) - #define X509_get0_notAfter(x) X509_get_notAfter(x) - #define CONST_EXTS /* nope */ --#ifdef LIBRESSL_VERSION_NUMBER -+#ifndef HAVE_OPENSSL_VERSION_NUM && defined(LIBRESSL_VERSION_NUMBER) - static unsigned long OpenSSL_version_num(void) - { - return LIBRESSL_VERSION_NUMBER; --- -2.16.3 - diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD index cb77c6f405a..a836afb4fa7 100644 --- a/main/curl/APKBUILD +++ b/main/curl/APKBUILD @@ -3,7 +3,7 @@ # Contributor: Ćukasz Jendrysik <scadu@yandex.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=curl -pkgver=7.61.1 +pkgver=7.62.0 pkgrel=0 pkgdesc="URL retrival utility and library" url="https://curl.haxx.se" @@ -14,13 +14,14 @@ depends_dev="libressl-dev libssh2-dev nghttp2-dev zlib-dev" checkdepends="python2" makedepends="$depends_dev autoconf automake groff libtool perl" subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev libcurl" -source="https://curl.haxx.se/download/$pkgname-$pkgver.tar.xz - 0001-openssl-fix-build-with-libressl-2.7.patch - use-OPENSSL_config.patch - " +source="https://curl.haxx.se/download/$pkgname-$pkgver.tar.xz" builddir="$srcdir/$pkgname-$pkgver" # secfixes: +# 7.62.0-r0: +# - CVE-2018-16839 +# - CVE-2018-16840 +# - CVE-2018-16842 # 7.61.1-r0: # - CVE-2018-14618 # 7.61.0-r0: @@ -109,6 +110,4 @@ libcurl() { mv "$pkgdir"/usr/lib "$subpkgdir"/usr } -sha512sums="e6f82a7292c70841162480c8880d25046bcfa64058f4ff76f7d398c85da569af1c244442c9c58a3478d59264365ff8e39eed2fb564cb137118588f7862e64e9a curl-7.61.1.tar.xz -16c9b54cfa996a61278c0a899840be9e42477661ff6d69d6a772671aeb50a597e9de9328ba3c0a5cb71fa073e4a58db5f3962aab7636a9f1327cad343ff05ae9 0001-openssl-fix-build-with-libressl-2.7.patch -708527e73f9512c50e2250ca26786ba8994dc05fd2e362c1feb274e251219fb4bfc97e7e7722aa12424ccaf4c511d90d8820561c82a24f103b9ee2b743f4be28 use-OPENSSL_config.patch" +sha512sums="3aace2fc85e1d5ac06a3208980f887b5f1de5e2a1460e130b15cff3f7e5700b958cbb8f296483290961ef41f550245590067f86558dbba25e3d3ac10cec1adcd curl-7.62.0.tar.xz" diff --git a/main/curl/use-OPENSSL_config.patch b/main/curl/use-OPENSSL_config.patch deleted file mode 100644 index 925a90349f6..00000000000 --- a/main/curl/use-OPENSSL_config.patch +++ /dev/null @@ -1,41 +0,0 @@ -Fix symbol conflict with OpenSSL 1.0 / LibreSSL. - -This basically reverts https://github.com/curl/curl/commit/7d2f61f66ab4e047fc9aefc2effc1ac6d340a66a - -Issue: https://bugs.alpinelinux.org/issues/8923 -Patch-Source: https://build.opensuse.org/package/view_file/devel:libraries:c_c++/curl/curl-use_OPENSSL_config.patch - -diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c -index 80e9bf940..ba227891f 100644 ---- a/lib/vtls/openssl.c -+++ b/lib/vtls/openssl.c -@@ -935,26 +935,12 @@ - ENGINE_load_builtin_engines(); - #endif - -- /* OPENSSL_config(NULL); is "strongly recommended" to use but unfortunately -- that function makes an exit() call on wrongly formatted config files -- which makes it hard to use in some situations. OPENSSL_config() itself -- calls CONF_modules_load_file() and we use that instead and we ignore -- its return code! */ -- -- /* CONF_MFLAGS_DEFAULT_SECTION introduced some time between 0.9.8b and -- 0.9.8e */ --#ifndef CONF_MFLAGS_DEFAULT_SECTION --#define CONF_MFLAGS_DEFAULT_SECTION 0x0 --#endif -- -- CONF_modules_load_file(NULL, NULL, -- CONF_MFLAGS_DEFAULT_SECTION| -- CONF_MFLAGS_IGNORE_MISSING_FILE); -- - #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \ - !defined(LIBRESSL_VERSION_NUMBER) -- /* OpenSSL 1.1.0+ takes care of initialization itself */ -+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); - #else -+ OPENSSL_config(NULL); -+ - /* Lets get nice error messages */ - SSL_load_error_strings(); - |