diff options
Diffstat (limited to 'main')
-rw-r--r-- | main/curl/APKBUILD | 19 | ||||
-rw-r--r-- | main/curl/CVE-2014-0015.patch | 47 |
2 files changed, 7 insertions, 59 deletions
diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD index 35cfac6483..9f24eafc3f 100644 --- a/main/curl/APKBUILD +++ b/main/curl/APKBUILD @@ -1,17 +1,15 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=curl -pkgver=7.33.0 -pkgrel=1 +pkgver=7.36.0 +pkgrel=0 pkgdesc="An URL retrival utility and library" url="http://curl.haxx.se" arch="all" license="MIT" depends= depends_dev="zlib-dev openssl-dev libssh2-dev" -makedepends="$depends_dev" -source="http://curl.haxx.se/download/curl-$pkgver.tar.bz2 - CVE-2014-0015.patch - " +makedepends="groff $depends_dev" +source="http://curl.haxx.se/download/curl-$pkgver.tar.bz2" subpackages="$pkgname-doc $pkgname-dev" _builddir="$srcdir/$pkgname-$pkgver" @@ -41,9 +39,6 @@ package() { rm "$pkgdir"/usr/lib/*.la || return 1 } -md5sums="57409d6bf0bd97053b8378dbe0cadcef curl-7.33.0.tar.bz2 -bab6cc59679fbb496c2c3034418b70d8 CVE-2014-0015.patch" -sha256sums="0afde4cd949e2658eddc3cda675b19b165eea1af48ac5f3e1ec160792255d1b3 curl-7.33.0.tar.bz2 -4d7e468cbd699fe0fc15635ab496d97761976b38f480b38075c7b9646e8e73a0 CVE-2014-0015.patch" -sha512sums="13f61e8255859f3d1138bf7cc935bda90af5f51103f1660b9e9cc6dd63d37b7672752900f3a76f8c80d47a7c02061077c6417d53617576f4030e180552b75076 curl-7.33.0.tar.bz2 -607591592932c317a40bb8fe7c2cab58b97eb08de14bd890c8b56fb49e49274a76fad52af3e29dc529d8537cc782b08d3471f30f7e90e0ff25500019fa961524 CVE-2014-0015.patch" +md5sums="e6d1f9d1b59da5062109ffe14e0569a4 curl-7.36.0.tar.bz2" +sha256sums="1fbe82b89bcd6b7ccda8cb0ff076edc60e911595030e27689f4abd5ef7f3cfcd curl-7.36.0.tar.bz2" +sha512sums="ae471d382c9c8f321a987e7a5a302abe7cb2cae4204ea65234b02c73303abef7c995c50ce8219bd90d762fa63006d50293e4350e78aee2c2086b6f7aec09b01a curl-7.36.0.tar.bz2" diff --git a/main/curl/CVE-2014-0015.patch b/main/curl/CVE-2014-0015.patch deleted file mode 100644 index 745db00e7b..0000000000 --- a/main/curl/CVE-2014-0015.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 8ae35102c43d8d06572c3a1292eb6e27e663c78d Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <daniel@haxx.se> -Date: Tue, 7 Jan 2014 09:33:54 +0100 -Subject: [PATCH] ConnectionExists: fix NTLM check for new connection - -When the requested authentication bitmask includes NTLM, we cannot -re-use a connection for another username/password as we then risk -re-using NTLM (connection-based auth). - -This has the unfortunate downside that if you include NTLM as a possible -auth, you cannot re-use connections for other usernames/passwords even -if NTLM doesn't end up the auth type used. - -Reported-by: Paras S -Patched-by: Paras S -Bug: http://curl.haxx.se/mail/lib-2014-01/0046.html ---- - lib/url.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/lib/url.c b/lib/url.c -index 74d0893..3f85502 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -5,7 +5,7 @@ - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. -+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms -@@ -2886,8 +2886,8 @@ static void signalPipeClose(struct curl_llist *pipeline, bool pipe_broke) - struct connectdata *check; - struct connectdata *chosen = 0; - bool canPipeline = IsPipeliningPossible(data, needle); -- bool wantNTLM = (data->state.authhost.want==CURLAUTH_NTLM) || -- (data->state.authhost.want==CURLAUTH_NTLM_WB) ? TRUE : FALSE; -+ bool wantNTLM = (data->state.authhost.want & CURLAUTH_NTLM) || -+ (data->state.authhost.want & CURLAUTH_NTLM_WB) ? TRUE : FALSE; - struct connectbundle *bundle; - - *force_reuse = FALSE; --- -1.8.5.1 - |