From d19c5b26c70a3055c5d6c7d2f15587f62a33a1fe Mon Sep 17 00:00:00 2001
From: TBK <tbk@jjtc.dk>
Date: Thu, 30 Nov 2017 04:01:54 +0100
Subject: [PATCH] main/curl: upgrade to 7.57.0
---
main/curl/APKBUILD | 20 ++++++------
...unds-check-using-a-double-comparison.patch | 32 -------------------
2 files changed, 11 insertions(+), 41 deletions(-)
delete mode 100644 main/curl/curl-do-bounds-check-using-a-double-comparison.patch
diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD
index 1594b1979dfc..e7b8b5695a9e 100644
--- a/main/curl/APKBUILD
+++ b/main/curl/APKBUILD
@@ -3,19 +3,22 @@
# Contributor: Åukasz Jendrysik <scadu@yandex.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=curl
-pkgver=7.56.1
-pkgrel=1
+pkgver=7.57.0
+pkgrel=0
pkgdesc="An URL retrival utility and library"
url="http://curl.haxx.se"
arch="all"
license="MIT"
depends="ca-certificates"
makedepends="zlib-dev libressl-dev libssh2-dev groff perl"
-source="http://curl.haxx.se/download/$pkgname-$pkgver.tar.bz2
- "
+source="http://curl.haxx.se/download/$pkgname-$pkgver.tar.bz2"
subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev libcurl"
# secfixes:
+# 7.57.0-r0:
+# - CVE-2017-8816
+# - CVE-2017-8817
+# - CVE-2017-8818
# 7.56.1-r0:
# - CVE-2017-1000257
# 7.55.0-r0:
@@ -67,9 +70,8 @@ build() {
--without-libidn \
--without-libidn2 \
--disable-ldap \
- --with-pic \
- || return 1
- make || return 1
+ --with-pic
+ make
}
check() {
@@ -79,7 +81,7 @@ check() {
package() {
make DESTDIR="$pkgdir" \
- -C "$builddir" install || return 1
+ -C "$builddir" install
}
libcurl() {
@@ -88,4 +90,4 @@ libcurl() {
mv "$pkgdir"/usr/lib "$subpkgdir"/usr
}
-sha512sums="f8a602e6890b2791ea9199c80801ffd027980de3733d4ab001ee80b5167f840cc821c6fe7852087c88a471edc9d3f328cf660af3e2c6f7139d6c8de62b0ade68 curl-7.56.1.tar.bz2"
+sha512sums="f366d2e931d7aff63bac0e1f760ced32c849252947d522427ba92124566906a7e6bd081b6d1630df36895dda2a00ac4cf1bed1470740693ef47ab90c6a270377 curl-7.57.0.tar.bz2"
diff --git a/main/curl/curl-do-bounds-check-using-a-double-comparison.patch b/main/curl/curl-do-bounds-check-using-a-double-comparison.patch
deleted file mode 100644
index 34e2b6c71706..000000000000
--- a/main/curl/curl-do-bounds-check-using-a-double-comparison.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 45a560390c4356bcb81d933bbbb229c8ea2acb63 Mon Sep 17 00:00:00 2001
-From: Adam Sampson <ats@offog.org>
-Date: Wed, 9 Aug 2017 14:11:17 +0100
-Subject: [PATCH] curl: do bounds check using a double comparison
-
-The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't
-complete: if the parsed number in num is larger than will fit in a long,
-the conversion is undefined behaviour (causing test1427 to fail for me
-on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7). Getting
-rid of the cast means the comparison will be done using doubles.
-
-It might make more sense for the max argument to also be a double...
-
-Fixes #1750
-Closes #1749
----
- src/tool_paramhlp.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c
-index b9dedc989e..85c5e79a7e 100644
---- a/src/tool_paramhlp.c
-+++ b/src/tool_paramhlp.c
-@@ -218,7 +218,7 @@ static ParameterError str2double(double *val, const char *str, long max)
- num = strtod(str, &endptr);
- if(errno == ERANGE)
- return PARAM_NUMBER_TOO_LARGE;
-- if((long)num > max) {
-+ if(num > max) {
- /* too large */
- return PARAM_NUMBER_TOO_LARGE;
- }
--
GitLab