Commit 40880457 authored by Leo's avatar Leo

main/curl: fix CVE-2020-8169 and CVE-2020-8177

See: #11682
parent 4b4c2fd7
......@@ -4,7 +4,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=curl
pkgver=7.69.1
pkgrel=0
pkgrel=1
pkgdesc="URL retrival utility and library"
url="https://curl.haxx.se/"
arch="all"
......@@ -14,9 +14,15 @@ depends_dev="openssl-dev nghttp2-dev zlib-dev"
checkdepends="python3"
makedepends="$depends_dev autoconf automake groff libtool perl"
subpackages="$pkgname-dbg $pkgname-static $pkgname-doc $pkgname-dev libcurl"
source="https://curl.haxx.se/download/curl-$pkgver.tar.xz"
source="https://curl.haxx.se/download/curl-$pkgver.tar.xz
CVE-2020-8169.patch
CVE-2020-8177.patch
"
# secfixes:
# 7.69.1-r1:
# - CVE-2020-8169
# - CVE-2020-8177
# 7.66.0-r0:
# - CVE-2019-5481
# - CVE-2019-5482
......@@ -128,4 +134,6 @@ static() {
mv "$pkgdir"/usr/lib/*.a "$subpkgdir"/usr/lib
}
sha512sums="dcb917ce9a6f34b30adae10e2e635d7a8c67781d69789cc5617ab2b49e898394ecfeee546453b14ab168d4b3b52baf974b2ec07e7a4b199addbc1ba57274d8fa curl-7.69.1.tar.xz"
sha512sums="dcb917ce9a6f34b30adae10e2e635d7a8c67781d69789cc5617ab2b49e898394ecfeee546453b14ab168d4b3b52baf974b2ec07e7a4b199addbc1ba57274d8fa curl-7.69.1.tar.xz
4950975d59bdf8398dd5f4b8338e5f76ae3752247be9054a28753351bcddb46f71a8bd601dba31da1b6b3fbbfbe6192f33a6500144d89f2cfdfb47161e3addba CVE-2020-8169.patch
7b69b82eee160561b27c273e143bae0592273697d73971c85df9fb51dd37de5f06a2884b770cf016563f1e5364c46dd42139423e67fef16a822bbb95fb607698 CVE-2020-8177.patch"
diff --git a/lib/url.c b/lib/url.c
index 47fc66a..a826f8a 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2776,12 +2776,14 @@ static CURLcode override_login(struct Curl_easy *data,
/* for updated strings, we update them in the URL */
if(user_changed) {
- uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, 0);
+ uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp,
+ CURLU_URLENCODE);
if(uc)
return Curl_uc_to_curlcode(uc);
}
if(passwd_changed) {
- uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, 0);
+ uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp,
+ CURLU_URLENCODE);
if(uc)
return Curl_uc_to_curlcode(uc);
}
diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c
index 3b10238..b80707f 100644
--- a/src/tool_cb_hdr.c
+++ b/src/tool_cb_hdr.c
@@ -186,25 +186,11 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata)
filename = parse_filename(p, len);
if(filename) {
if(outs->stream) {
- int rc;
- /* already opened and possibly written to */
- if(outs->fopened)
- fclose(outs->stream);
- outs->stream = NULL;
-
- /* rename the initial file name to the new file name */
- rc = rename(outs->filename, filename);
- if(rc != 0) {
- warnf(per->config->global, "Failed to rename %s -> %s: %s\n",
- outs->filename, filename, strerror(errno));
- }
- if(outs->alloc_filename)
- Curl_safefree(outs->filename);
- if(rc != 0) {
- free(filename);
- return failure;
- }
+ /* indication of problem, get out! */
+ free(filename);
+ return failure;
}
+
outs->is_cd_filename = TRUE;
outs->s_isreg = TRUE;
outs->fopened = FALSE;
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 764caa2..c5c7429 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -1807,6 +1807,11 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
}
break;
case 'i':
+ if(config->content_disposition) {
+ warnf(global,
+ "--include and --remote-header-name cannot be combined.\n");
+ return PARAM_BAD_USE;
+ }
config->show_headers = toggle; /* show the headers as well in the
general output stream */
break;
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment