diff options
| author | Timo Teräs <timo.teras@iki.fi> | 2014-04-17 07:34:31 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-04-18 09:54:59 +0000 |
| commit | 79b587113081d0b59d896b2c5df8a9fce2b640de (patch) | |
| tree | 90f57bbadcd16ec92a472dffccd0d9b8f18cf27b /main | |
| parent | ad0ffed17c16a068739dacf23ea90c2a50b2f11f (diff) | |
| download | aports-79b587113081d0b59d896b2c5df8a9fce2b640de.tar.bz2 aports-79b587113081d0b59d896b2c5df8a9fce2b640de.tar.xz | |
main/curl: security upgrade to 7.36.0 (CVE-2014-0138 CVE-2014-0139)
groff is now needed to build built-in manual. ref #2816
fixes #2818
(cherry picked from commit d218307c3f5ca3bb714075368f71f8c7332371cb)
Conflicts:
main/curl/APKBUILD
Diffstat (limited to 'main')
| -rw-r--r-- | main/curl/APKBUILD | 13 | ||||
| -rw-r--r-- | main/curl/CVE-2014-0015.patch | 47 |
2 files changed, 5 insertions, 55 deletions
diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD index 6bf4445d33..321337c0c7 100644 --- a/main/curl/APKBUILD +++ b/main/curl/APKBUILD @@ -1,17 +1,15 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=curl -pkgver=7.33.0 -pkgrel=1 +pkgver=7.36.0 +pkgrel=0 pkgdesc="An URL retrival utility and library" url="http://curl.haxx.se" arch="all" license="MIT" depends= depends_dev="zlib-dev openssl-dev libssh2-dev" -makedepends="$depends_dev" -source="http://curl.haxx.se/download/curl-$pkgver.tar.bz2 - CVE-2014-0015.patch - " +makedepends="groff $depends_dev" +source="http://curl.haxx.se/download/curl-$pkgver.tar.bz2" subpackages="$pkgname-doc $pkgname-dev" _builddir="$srcdir/$pkgname-$pkgver" @@ -41,5 +39,4 @@ package() { rm "$pkgdir"/usr/lib/*.la || return 1 } -md5sums="57409d6bf0bd97053b8378dbe0cadcef curl-7.33.0.tar.bz2 -bab6cc59679fbb496c2c3034418b70d8 CVE-2014-0015.patch" +md5sums="e6d1f9d1b59da5062109ffe14e0569a4 curl-7.36.0.tar.bz2" diff --git a/main/curl/CVE-2014-0015.patch b/main/curl/CVE-2014-0015.patch deleted file mode 100644 index 745db00e7b..0000000000 --- a/main/curl/CVE-2014-0015.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 8ae35102c43d8d06572c3a1292eb6e27e663c78d Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <daniel@haxx.se> -Date: Tue, 7 Jan 2014 09:33:54 +0100 -Subject: [PATCH] ConnectionExists: fix NTLM check for new connection - -When the requested authentication bitmask includes NTLM, we cannot -re-use a connection for another username/password as we then risk -re-using NTLM (connection-based auth). - -This has the unfortunate downside that if you include NTLM as a possible -auth, you cannot re-use connections for other usernames/passwords even -if NTLM doesn't end up the auth type used. - -Reported-by: Paras S -Patched-by: Paras S -Bug: http://curl.haxx.se/mail/lib-2014-01/0046.html ---- - lib/url.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/lib/url.c b/lib/url.c -index 74d0893..3f85502 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -5,7 +5,7 @@ - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. -+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms -@@ -2886,8 +2886,8 @@ static void signalPipeClose(struct curl_llist *pipeline, bool pipe_broke) - struct connectdata *check; - struct connectdata *chosen = 0; - bool canPipeline = IsPipeliningPossible(data, needle); -- bool wantNTLM = (data->state.authhost.want==CURLAUTH_NTLM) || -- (data->state.authhost.want==CURLAUTH_NTLM_WB) ? TRUE : FALSE; -+ bool wantNTLM = (data->state.authhost.want & CURLAUTH_NTLM) || -+ (data->state.authhost.want & CURLAUTH_NTLM_WB) ? TRUE : FALSE; - struct connectbundle *bundle; - - *force_reuse = FALSE; --- -1.8.5.1 - |