blob: 2ecf03e30acec4b2a9c7c2f40cf241ed2410cb00 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Contributor: Valery Kartel <valery.kartel@gmail.com>
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=curl
pkgver=7.64.0
pkgrel=3
pkgdesc="URL retrival utility and library"
url="https://curl.haxx.se"
arch="all"
license="MIT"
depends="ca-certificates"
depends_dev="openssl-dev libssh2-dev nghttp2-dev zlib-dev"
checkdepends="python2"
makedepends="$depends_dev autoconf automake groff libtool perl"
subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev libcurl"
source="https://curl.haxx.se/download/$pkgname-$pkgver.tar.xz
url-fix-7.64.patch
CVE-2019-5435.patch
CVE-2019-5436.patch
CVE-2019-5481.patch
CVE-2019-5482.patch
"
options="!check" # sftp tests failing
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
# 7.64.0-r3:
# - CVE-2019-5481
# - CVE-2019-5482
# 7.64.0-r2:
# - CVE-2019-5435
# - CVE-2019-5436
# 7.64.0-r0:
# - CVE-2018-16980
# - CVE-2019-3822
# - CVE-2019-3823
# 7.62.0-r0:
# - CVE-2018-16839
# - CVE-2018-16840
# - CVE-2018-16842
# 7.61.1-r0:
# - CVE-2018-14618
# 7.61.0-r0:
# - CVE-2018-0500
# 7.60.0-r0:
# - CVE-2018-1000300
# - CVE-2018-1000301
# 7.59.0-r0:
# - CVE-2018-1000120
# - CVE-2018-1000121
# - CVE-2018-1000122
# 7.57.0-r0:
# - CVE-2017-8816
# - CVE-2017-8817
# - CVE-2017-8818
# 7.56.1-r0:
# - CVE-2017-1000257
# 7.55.0-r0:
# - CVE-2017-1000099
# - CVE-2017-1000100
# - CVE-2017-1000101
# 7.54.0-r0:
# - CVE-2017-7468
# 7.53.1-r2:
# - CVE-2017-7407
# 7.53.0:
# - CVE-2017-2629
# 7.52.1:
# - CVE-2016-9594
# 7.51.0:
# - CVE-2016-8615
# - CVE-2016-8616
# - CVE-2016-8617
# - CVE-2016-8618
# - CVE-2016-8619
# - CVE-2016-8620
# - CVE-2016-8621
# - CVE-2016-8622
# - CVE-2016-8623
# - CVE-2016-8624
# - CVE-2016-8625
# 7.50.3:
# - CVE-2016-7167
# 7.50.2:
# - CVE-2016-7141
# 7.50.1:
# - CVE-2016-5419
# - CVE-2016-5420
# - CVE-2016-5421
# 7.36.0:
# - CVE-2014-0138
# - CVE-2014-0139
build() {
cd "$builddir"
autoreconf -vif
./configure \
--build=$CBUILD \
--host=$CHOST \
--prefix=/usr \
--enable-ipv6 \
--enable-unix-sockets \
--without-libidn \
--without-libidn2 \
--with-libssh2 \
--with-nghttp2 \
--disable-ldap \
--with-pic
make
}
check() {
cd "$builddir"
make check
}
package() {
cd "$builddir"
make install DESTDIR="$pkgdir"
}
libcurl() {
pkgdesc="The multiprotocol file transfer library"
mkdir -p "$subpkgdir"/usr
mv "$pkgdir"/usr/lib "$subpkgdir"/usr
}
sha512sums="953f1f5336ce5dfd1b9f933624432d401552d91ee02d39ecde6f023c956f99ec6aae8d7746d7c34b6eb2d6452f114e67da4e64d9c8dd90b7644b7844e7b9b423 curl-7.64.0.tar.xz
9b0cd3bfb705e804f21b3c87929ec5c3bbd6f17748e82cda75c3edbca5ea66cbcb0260c666635a2cbdaa6d4081008a9c445b4f266e9b970d3deaed21f9b352a1 url-fix-7.64.patch
c629a1b36920a3f8eab3321b0222e203f53f29e5947d39a0c32e0a7de2d8ab2182c3d6bbb0828847f2f353d1d3a15d85203e17ef74018a5c865a854d7a413fc3 CVE-2019-5435.patch
9ccb8d898530f14cf497b4d0ede3b28d6baac5fa0b867636219795cf748f0149a110a386d4212ff48781c2c37e03290f2afe47cc186bd606f569acfd48457a15 CVE-2019-5436.patch
37161e4d94cdb1add2216b031f70d7ae84451229dffe48ca9856bb311e88678f0e11baab6bb4da0386ed31e8467aa51fabaf6122f876ef9bc0003638d07f22cf CVE-2019-5481.patch
6703658d9212bb87de22fabd996e8f8eb8c98aa4c015b1daa4c1a15f503c4a5530dafbcc1817032d973ef94ac29fe7b8ee16426e443b20d0bcdbe5d7f0209ffb CVE-2019-5482.patch"
|
