aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2017-08-11 08:59:36 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2017-08-11 10:54:20 +0000
commit13ee88b017ecd8c894a60178235598a526d5e4a6 (patch)
tree8f8272361b2eb26c3254285005206438949292a7
parentc41812134d11c0ab6c6f0258de05de85638d996b (diff)
downloadaports-13ee88b017ecd8c894a60178235598a526d5e4a6.tar.bz2
main/curl: security upgrade to 7.55.0
-rw-r--r--main/curl/APKBUILD14
-rw-r--r--main/curl/CVE-2017-7407.patch197
-rw-r--r--main/curl/curl-do-bounds-check-using-a-double-comparison.patch32
3 files changed, 44 insertions, 199 deletions
diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD
index 5b86edc..e348036 100644
--- a/main/curl/APKBUILD
+++ b/main/curl/APKBUILD
@@ -3,7 +3,7 @@
# Contributor: Ɓukasz Jendrysik <scadu@yandex.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=curl
-pkgver=7.54.1
+pkgver=7.55.0
pkgrel=0
pkgdesc="An URL retrival utility and library"
url="http://curl.haxx.se"
@@ -12,10 +12,15 @@ license="MIT"
depends="ca-certificates"
makedepends="zlib-dev libressl-dev libssh2-dev groff perl"
source="http://curl.haxx.se/download/$pkgname-$pkgver.tar.bz2
+ curl-do-bounds-check-using-a-double-comparison.patch
"
subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev libcurl"
# secfixes:
+# 7.55.0-r0:
+# - CVE-2017-1000099
+# - CVE-2017-1000100
+# - CVE-2017-1000101
# 7.54.0-r0:
# - CVE-2017-7468
# 7.53.1-r2:
@@ -52,6 +57,10 @@ builddir="$srcdir/$pkgname-$pkgver"
build() {
cd "$builddir"
+
+ # see https://curl.haxx.se/mail/lib-2017-08/0050.html
+ rm docs/libcurl/opts/CURLOPT_STRIP_PATH_SLASH.3
+
./configure \
--build=$CBUILD \
--host=$CHOST \
@@ -82,4 +91,5 @@ libcurl() {
mv "$pkgdir"/usr/lib "$subpkgdir"/usr
}
-sha512sums="eb9639677f0ca1521ca631c520ab83ad071c52b31690e5e7f31546f6a44b2f11d1bb62282056cffb570eb290bf1e7830e87cb536295ac6a54a904663e795f2da curl-7.54.1.tar.bz2"
+sha512sums="4975864621219e937585aaf5a9a54bba112b58bbf5a8acd92e1e972ea747a15a5564143548c5d8930b8c0d0e9d27d28225d0c81e52a1ba71e4c6f9e3859c978b curl-7.55.0.tar.bz2
+d0f102fdbc2174169b2fea9248c3187d8c546d3a788447769dceec5fb7e063adbebbc967b88d208af1355cfda600f837abdae6d2e057a096eededc1857d2b8d3 curl-do-bounds-check-using-a-double-comparison.patch"
diff --git a/main/curl/CVE-2017-7407.patch b/main/curl/CVE-2017-7407.patch
deleted file mode 100644
index d3cdf0a..0000000
--- a/main/curl/CVE-2017-7407.patch
+++ /dev/null
@@ -1,197 +0,0 @@
-From 6019f1795b4e3b72507b84b0e02dc8c32024f562 Mon Sep 17 00:00:00 2001
-From: Dan Fandrich <dan@coneharvesters.com>
-Date: Sat, 11 Mar 2017 10:59:34 +0100
-Subject: [PATCH] CVE-2017-7407: fixed
-
-Bug: https://curl.haxx.se/docs/adv_20170403.html
-
-Reported-by: Brian Carpenter
----
- src/tool_writeout.c | 6 +++---
- tests/data/Makefile.inc | 2 +-
- tests/data/test1440 | 31 +++++++++++++++++++++++++++++++
- tests/data/test1441 | 31 +++++++++++++++++++++++++++++++
- tests/data/test1442 | 35 +++++++++++++++++++++++++++++++++++
- 5 files changed, 101 insertions(+), 4 deletions(-)
- create mode 100644 tests/data/test1440
- create mode 100644 tests/data/test1441
- create mode 100644 tests/data/test1442
-
-diff --git a/src/tool_writeout.c b/src/tool_writeout.c
-index 2fb77742a..5d92bd278 100644
---- a/src/tool_writeout.c
-+++ b/src/tool_writeout.c
-@@ -3,11 +3,11 @@
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
-- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
-+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at https://curl.haxx.se/docs/copyright.html.
- *
-@@ -111,11 +111,11 @@ void ourWriteOut(CURL *curl, struct OutStruct *outs, const char *writeinfo)
- char *stringp = NULL;
- long longinfo;
- double doubleinfo;
-
- while(ptr && *ptr) {
-- if('%' == *ptr) {
-+ if('%' == *ptr && ptr[1]) {
- if('%' == ptr[1]) {
- /* an escaped %-letter */
- fputc('%', stream);
- ptr += 2;
- }
-@@ -339,11 +339,11 @@ void ourWriteOut(CURL *curl, struct OutStruct *outs, const char *writeinfo)
- fputc(ptr[1], stream);
- ptr += 2;
- }
- }
- }
-- else if('\\' == *ptr) {
-+ else if('\\' == *ptr && ptr[1]) {
- switch(ptr[1]) {
- case 'r':
- fputc('\r', stream);
- break;
- case 'n':
-diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
-index 8251ab9a4..267ff6aef 100644
---- a/tests/data/Makefile.inc
-+++ b/tests/data/Makefile.inc
-@@ -149,11 +149,11 @@ test1396 test1397 test1398 \
- test1400 test1401 test1402 test1403 test1404 test1405 test1406 test1407 \
- test1408 test1409 test1410 test1411 test1412 test1413 test1414 test1415 \
- test1416 test1417 test1418 test1419 test1420 test1421 test1422 test1423 \
- test1424 \
- test1428 test1429 test1430 test1431 test1432 test1433 test1434 test1435 \
--test1436 test1437 test1438 test1439 \
-+test1436 test1437 test1438 test1439 test1440 test1441 test1442 \
- \
- test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
- test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
- test1516 test1517 \
- \
-diff --git a/tests/data/test1440 b/tests/data/test1440
-new file mode 100644
-index 000000000..7ed0c4d5f
---- /dev/null
-+++ b/tests/data/test1440
-@@ -0,0 +1,31 @@
-+<testcase>
-+<info>
-+<keywords>
-+--write-out
-+</keywords>
-+</info>
-+# Server-side
-+<reply>
-+</reply>
-+
-+# Client-side
-+<client>
-+<server>
-+file
-+</server>
-+
-+<name>
-+Check --write-out with trailing %{
-+</name>
-+<command>
-+file://localhost/%PWD/log/ --write-out '%{'
-+</command>
-+</client>
-+
-+# Verify data
-+<verify>
-+<stdout nonewline="yes">
-+%{
-+</stdout>
-+</verify>
-+</testcase>
-diff --git a/tests/data/test1441 b/tests/data/test1441
-new file mode 100644
-index 000000000..6e253a690
---- /dev/null
-+++ b/tests/data/test1441
-@@ -0,0 +1,31 @@
-+<testcase>
-+<info>
-+<keywords>
-+--write-out
-+</keywords>
-+</info>
-+# Server-side
-+<reply>
-+</reply>
-+
-+# Client-side
-+<client>
-+<server>
-+file
-+</server>
-+
-+<name>
-+Check --write-out with trailing %
-+</name>
-+<command>
-+file://localhost/%PWD/log/ --write-out '%'
-+</command>
-+</client>
-+
-+# Verify data
-+<verify>
-+<stdout nonewline="yes">
-+%
-+</stdout>
-+</verify>
-+</testcase>
-diff --git a/tests/data/test1442 b/tests/data/test1442
-new file mode 100644
-index 000000000..255a4c9ff
---- /dev/null
-+++ b/tests/data/test1442
-@@ -0,0 +1,35 @@
-+<testcase>
-+<info>
-+<keywords>
-+--write-out
-+FILE
-+</keywords>
-+</info>
-+# Server-side
-+<reply>
-+</reply>
-+
-+# Client-side
-+<client>
-+<server>
-+file
-+</server>
-+
-+<name>
-+Check --write-out with trailing \
-+</name>
-+<command>
-+file://localhost/%PWD/log/non-existent-file.txt --write-out '\'
-+</command>
-+</client>
-+
-+# Verify data
-+<verify>
-+<errorcode>
-+37
-+</errorcode>
-+<stdout nonewline="yes">
-+\
-+</stdout>
-+</verify>
-+</testcase>
---
-2.11.0
-
diff --git a/main/curl/curl-do-bounds-check-using-a-double-comparison.patch b/main/curl/curl-do-bounds-check-using-a-double-comparison.patch
new file mode 100644
index 0000000..34e2b6c
--- /dev/null
+++ b/main/curl/curl-do-bounds-check-using-a-double-comparison.patch
@@ -0,0 +1,32 @@
+From 45a560390c4356bcb81d933bbbb229c8ea2acb63 Mon Sep 17 00:00:00 2001
+From: Adam Sampson <ats@offog.org>
+Date: Wed, 9 Aug 2017 14:11:17 +0100
+Subject: [PATCH] curl: do bounds check using a double comparison
+
+The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't
+complete: if the parsed number in num is larger than will fit in a long,
+the conversion is undefined behaviour (causing test1427 to fail for me
+on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7). Getting
+rid of the cast means the comparison will be done using doubles.
+
+It might make more sense for the max argument to also be a double...
+
+Fixes #1750
+Closes #1749
+---
+ src/tool_paramhlp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c
+index b9dedc989e..85c5e79a7e 100644
+--- a/src/tool_paramhlp.c
++++ b/src/tool_paramhlp.c
+@@ -218,7 +218,7 @@ static ParameterError str2double(double *val, const char *str, long max)
+ num = strtod(str, &endptr);
+ if(errno == ERANGE)
+ return PARAM_NUMBER_TOO_LARGE;
+- if((long)num > max) {
++ if(num > max) {
+ /* too large */
+ return PARAM_NUMBER_TOO_LARGE;
+ }