diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2017-12-07 10:59:23 +0100 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2017-12-07 11:02:57 +0100 |
| commit | ae95dcd40f4dd84b6c6cc8c7b1f7dccc38bc103e (patch) | |
| tree | ebc033c338b287244149d6e9bd28f4c2aa08c013 | |
| parent | ed7168b963a5da887d32c26351c87f627a6147b2 (diff) | |
| download | aports-ae95dcd40f4dd84b6c6cc8c7b1f7dccc38bc103e.tar.bz2 aports-ae95dcd40f4dd84b6c6cc8c7b1f7dccc38bc103e.tar.xz | |
main/curl: security upgrade to 7.57.0
| -rw-r--r-- | main/curl/0001-vtls-s-SSLEAY-OPENSSL.patch | 39 | ||||
| -rw-r--r-- | main/curl/APKBUILD | 12 |
2 files changed, 8 insertions, 43 deletions
diff --git a/main/curl/0001-vtls-s-SSLEAY-OPENSSL.patch b/main/curl/0001-vtls-s-SSLEAY-OPENSSL.patch deleted file mode 100644 index 8b0c9baf0b..0000000000 --- a/main/curl/0001-vtls-s-SSLEAY-OPENSSL.patch +++ /dev/null @@ -1,39 +0,0 @@ -From a7b38c9dc98481e4a5fc37e51a8690337c674dfb Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <daniel@haxx.se> -Date: Mon, 26 Dec 2016 00:06:33 +0100 -Subject: [PATCH 1/1] vtls: s/SSLEAY/OPENSSL - -Fixed an old leftover use of the USE_SSLEAY define which would make a -socket get removed from the applications sockets to monitor when the -multi_socket API was used, leading to timeouts. - -Bug: #1174 ---- - lib/vtls/vtls.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c -index b808e1c5f..707f24b02 100644 ---- a/lib/vtls/vtls.c -+++ b/lib/vtls/vtls.c -@@ -484,7 +484,7 @@ void Curl_ssl_close_all(struct Curl_easy *data) - curlssl_close_all(data); - } - --#if defined(USE_SSLEAY) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \ -+#if defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \ - defined(USE_DARWINSSL) || defined(USE_NSS) - /* This function is for OpenSSL, GnuTLS, darwinssl, and schannel only. */ - int Curl_ssl_getsock(struct connectdata *conn, curl_socket_t *socks, -@@ -518,7 +518,7 @@ int Curl_ssl_getsock(struct connectdata *conn, - (void)numsocks; - return GETSOCK_BLANK; - } --/* USE_SSLEAY || USE_GNUTLS || USE_SCHANNEL || USE_DARWINSSL || USE_NSS */ -+/* USE_OPENSSL || USE_GNUTLS || USE_SCHANNEL || USE_DARWINSSL || USE_NSS */ - #endif - - void Curl_ssl_close(struct connectdata *conn, int sockindex) --- -2.11.0 - diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD index 33891dcb66..0f4bf6a7f4 100644 --- a/main/curl/APKBUILD +++ b/main/curl/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Ćukasz Jendrysik <scadu@yandex.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=curl -pkgver=7.56.1 +pkgver=7.57.0 pkgrel=0 pkgdesc="An URL retrival utility and library" url="http://curl.haxx.se" @@ -16,6 +16,10 @@ source="http://curl.haxx.se/download/$pkgname-$pkgver.tar.bz2 subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev libcurl" # secfixes: +# 7.57.0-r0: +# - CVE-2017-8816 +# - CVE-2017-8817 +# - CVE-2017-8818 # 7.56.1-r0: # - CVE-2017-1000257 # 7.56.0-r0: @@ -90,6 +94,6 @@ libcurl() { mv "$pkgdir"/usr/lib "$subpkgdir"/usr } -md5sums="428de25834ef8c04076906d6d5c0498e curl-7.56.1.tar.bz2" -sha256sums="2594670367875e7d87b0f129b5e4690150780884d90244ba0fe3e74a778b5f90 curl-7.56.1.tar.bz2" -sha512sums="f8a602e6890b2791ea9199c80801ffd027980de3733d4ab001ee80b5167f840cc821c6fe7852087c88a471edc9d3f328cf660af3e2c6f7139d6c8de62b0ade68 curl-7.56.1.tar.bz2" +md5sums="dd3e22e923be17663e67f721c2aec054 curl-7.57.0.tar.bz2" +sha256sums="c92fe31a348eae079121b73884065e600c533493eb50f1f6cee9c48a3f454826 curl-7.57.0.tar.bz2" +sha512sums="f366d2e931d7aff63bac0e1f760ced32c849252947d522427ba92124566906a7e6bd081b6d1630df36895dda2a00ac4cf1bed1470740693ef47ab90c6a270377 curl-7.57.0.tar.bz2" |