diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2014-02-04 15:34:13 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-02-04 15:47:07 +0000 |
commit | 1e27a0849ea60751372631fcc67912ba730269de (patch) | |
tree | 6e1fcfb99a03d467a2c0d86620dfde5add74be00 | |
parent | abd942163463a6ba3dc12fc83b16b85181537a2b (diff) | |
download | aports-1e27a0849ea60751372631fcc67912ba730269de.tar.bz2 aports-1e27a0849ea60751372631fcc67912ba730269de.tar.xz |
main/curl: fix CVE-2014-0015
fixes #2672
-rw-r--r-- | main/curl/APKBUILD | 9 | ||||
-rw-r--r-- | main/curl/CVE-2014-0015-7-27.patch | 13 |
2 files changed, 19 insertions, 3 deletions
diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD index 13d073efa8..a95a38eb50 100644 --- a/main/curl/APKBUILD +++ b/main/curl/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=curl pkgver=7.25.0 -pkgrel=2 +pkgrel=3 pkgdesc="An URL retrival utility and library" url="http://curl.haxx.se" arch="all" @@ -11,7 +11,9 @@ depends_dev="zlib-dev openssl-dev libssh2-dev" makedepends="$depends_dev" source="http://curl.haxx.se/download/curl-$pkgver.tar.bz2 CVE-2013-1944.patch - CVE-2013-4545.patch" + CVE-2013-4545.patch + CVE-2014-0015-7-27.patch + " subpackages="$pkgname-doc $pkgname-dev" _builddir="$srcdir/$pkgname-$pkgver" @@ -43,4 +45,5 @@ package() { md5sums="f0303d47d9d3e6e4f08c2863c6504823 curl-7.25.0.tar.bz2 89747e560198704ab25c21eade95cbd2 CVE-2013-1944.patch -8bc90390d1cd0d1b7b2cad513ed7e953 CVE-2013-4545.patch" +8bc90390d1cd0d1b7b2cad513ed7e953 CVE-2013-4545.patch +236ff7d867165b536049dc13f81c5315 CVE-2014-0015-7-27.patch" diff --git a/main/curl/CVE-2014-0015-7-27.patch b/main/curl/CVE-2014-0015-7-27.patch new file mode 100644 index 0000000000..d6e0708050 --- /dev/null +++ b/main/curl/CVE-2014-0015-7-27.patch @@ -0,0 +1,13 @@ +--- ./lib/url.c.orig 2014-01-14 16:21:29.832088000 +0200 ++++ ./lib/url.c 2014-01-14 16:32:43.074018000 +0200 +@@ -3103,8 +3103,8 @@ ConnectionExists(struct SessionHandle *d + } + if((needle->handler->protocol & CURLPROTO_FTP) || + ((needle->handler->protocol & CURLPROTO_HTTP) && +- ((data->state.authhost.want==CURLAUTH_NTLM) || +- (data->state.authhost.want==CURLAUTH_NTLM_WB)))) { ++ ((data->state.authhost.want & CURLAUTH_NTLM) || ++ (data->state.authhost.want & CURLAUTH_NTLM_WB)))) { + /* This is FTP or HTTP+NTLM, verify that we're using the same name + and password as well */ + if(!strequal(needle->user, check->user) || |