diff options
author | TBK <tbk@jjtc.dk> | 2017-11-30 04:01:54 +0100 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2017-11-30 08:20:00 +0000 |
commit | d19c5b26c70a3055c5d6c7d2f15587f62a33a1fe (patch) | |
tree | c76b2975039be3201da3901ccad95ec721b7b858 | |
parent | 6791f008cd52c6ddf0e5e94a564fd0c05e26c0fe (diff) | |
download | alpine_aports-d19c5b26c70a3055c5d6c7d2f15587f62a33a1fe.tar.bz2 alpine_aports-d19c5b26c70a3055c5d6c7d2f15587f62a33a1fe.tar.xz alpine_aports-d19c5b26c70a3055c5d6c7d2f15587f62a33a1fe.zip |
main/curl: upgrade to 7.57.0
-rw-r--r-- | main/curl/APKBUILD | 20 | ||||
-rw-r--r-- | main/curl/curl-do-bounds-check-using-a-double-comparison.patch | 32 |
2 files changed, 11 insertions, 41 deletions
diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD index 1594b1979d..e7b8b5695a 100644 --- a/main/curl/APKBUILD +++ b/main/curl/APKBUILD | |||
@@ -3,19 +3,22 @@ | |||
3 | # Contributor: Łukasz Jendrysik <scadu@yandex.com> | 3 | # Contributor: Łukasz Jendrysik <scadu@yandex.com> |
4 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 4 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
5 | pkgname=curl | 5 | pkgname=curl |
6 | pkgver=7.56.1 | 6 | pkgver=7.57.0 |
7 | pkgrel=1 | 7 | pkgrel=0 |
8 | pkgdesc="An URL retrival utility and library" | 8 | pkgdesc="An URL retrival utility and library" |
9 | url="http://curl.haxx.se" | 9 | url="http://curl.haxx.se" |
10 | arch="all" | 10 | arch="all" |
11 | license="MIT" | 11 | license="MIT" |
12 | depends="ca-certificates" | 12 | depends="ca-certificates" |
13 | makedepends="zlib-dev libressl-dev libssh2-dev groff perl" | 13 | makedepends="zlib-dev libressl-dev libssh2-dev groff perl" |
14 | source="http://curl.haxx.se/download/$pkgname-$pkgver.tar.bz2 | 14 | source="http://curl.haxx.se/download/$pkgname-$pkgver.tar.bz2" |
15 | " | ||
16 | subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev libcurl" | 15 | subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev libcurl" |
17 | 16 | ||
18 | # secfixes: | 17 | # secfixes: |
18 | # 7.57.0-r0: | ||
19 | # - CVE-2017-8816 | ||
20 | # - CVE-2017-8817 | ||
21 | # - CVE-2017-8818 | ||
19 | # 7.56.1-r0: | 22 | # 7.56.1-r0: |
20 | # - CVE-2017-1000257 | 23 | # - CVE-2017-1000257 |
21 | # 7.55.0-r0: | 24 | # 7.55.0-r0: |
@@ -67,9 +70,8 @@ build() { | |||
67 | --without-libidn \ | 70 | --without-libidn \ |
68 | --without-libidn2 \ | 71 | --without-libidn2 \ |
69 | --disable-ldap \ | 72 | --disable-ldap \ |
70 | --with-pic \ | 73 | --with-pic |
71 | || return 1 | 74 | make |
72 | make || return 1 | ||
73 | } | 75 | } |
74 | 76 | ||
75 | check() { | 77 | check() { |
@@ -79,7 +81,7 @@ check() { | |||
79 | 81 | ||
80 | package() { | 82 | package() { |
81 | make DESTDIR="$pkgdir" \ | 83 | make DESTDIR="$pkgdir" \ |
82 | -C "$builddir" install || return 1 | 84 | -C "$builddir" install |
83 | } | 85 | } |
84 | 86 | ||
85 | libcurl() { | 87 | libcurl() { |
@@ -88,4 +90,4 @@ libcurl() { | |||
88 | mv "$pkgdir"/usr/lib "$subpkgdir"/usr | 90 | mv "$pkgdir"/usr/lib "$subpkgdir"/usr |
89 | } | 91 | } |
90 | 92 | ||
91 | sha512sums="f8a602e6890b2791ea9199c80801ffd027980de3733d4ab001ee80b5167f840cc821c6fe7852087c88a471edc9d3f328cf660af3e2c6f7139d6c8de62b0ade68 curl-7.56.1.tar.bz2" | 93 | sha512sums="f366d2e931d7aff63bac0e1f760ced32c849252947d522427ba92124566906a7e6bd081b6d1630df36895dda2a00ac4cf1bed1470740693ef47ab90c6a270377 curl-7.57.0.tar.bz2" |
diff --git a/main/curl/curl-do-bounds-check-using-a-double-comparison.patch b/main/curl/curl-do-bounds-check-using-a-double-comparison.patch deleted file mode 100644 index 34e2b6c717..0000000000 --- a/main/curl/curl-do-bounds-check-using-a-double-comparison.patch +++ /dev/null | |||
@@ -1,32 +0,0 @@ | |||
1 | From 45a560390c4356bcb81d933bbbb229c8ea2acb63 Mon Sep 17 00:00:00 2001 | ||
2 | From: Adam Sampson <ats@offog.org> | ||
3 | Date: Wed, 9 Aug 2017 14:11:17 +0100 | ||
4 | Subject: [PATCH] curl: do bounds check using a double comparison | ||
5 | |||
6 | The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't | ||
7 | complete: if the parsed number in num is larger than will fit in a long, | ||
8 | the conversion is undefined behaviour (causing test1427 to fail for me | ||
9 | on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7). Getting | ||
10 | rid of the cast means the comparison will be done using doubles. | ||
11 | |||
12 | It might make more sense for the max argument to also be a double... | ||
13 | |||
14 | Fixes #1750 | ||
15 | Closes #1749 | ||
16 | --- | ||
17 | src/tool_paramhlp.c | 2 +- | ||
18 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
19 | |||
20 | diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c | ||
21 | index b9dedc989e..85c5e79a7e 100644 | ||
22 | --- a/src/tool_paramhlp.c | ||
23 | +++ b/src/tool_paramhlp.c | ||
24 | @@ -218,7 +218,7 @@ static ParameterError str2double(double *val, const char *str, long max) | ||
25 | num = strtod(str, &endptr); | ||
26 | if(errno == ERANGE) | ||
27 | return PARAM_NUMBER_TOO_LARGE; | ||
28 | - if((long)num > max) { | ||
29 | + if(num > max) { | ||
30 | /* too large */ | ||
31 | return PARAM_NUMBER_TOO_LARGE; | ||
32 | } | ||