Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
aports
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Johannes Müller
aports
Commits
13ee88b0
Commit
13ee88b0
authored
Aug 11, 2017
by
Natanael Copa
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
main/curl: security upgrade to 7.55.0
CVE-2017-1000099 CVE-2017-1000100 CVE-2017-1000101 fixes #7653
parent
c4181213
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
44 additions
and
199 deletions
+44
-199
main/curl/APKBUILD
main/curl/APKBUILD
+12
-2
main/curl/CVE-2017-7407.patch
main/curl/CVE-2017-7407.patch
+0
-197
main/curl/curl-do-bounds-check-using-a-double-comparison.patch
...curl/curl-do-bounds-check-using-a-double-comparison.patch
+32
-0
No files found.
main/curl/APKBUILD
View file @
13ee88b0
...
...
@@ -3,7 +3,7 @@
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname
=
curl
pkgver
=
7.5
4.1
pkgver
=
7.5
5.0
pkgrel
=
0
pkgdesc
=
"An URL retrival utility and library"
url
=
"http://curl.haxx.se"
...
...
@@ -12,10 +12,15 @@ license="MIT"
depends
=
"ca-certificates"
makedepends
=
"zlib-dev libressl-dev libssh2-dev groff perl"
source
=
"http://curl.haxx.se/download/
$pkgname
-
$pkgver
.tar.bz2
curl-do-bounds-check-using-a-double-comparison.patch
"
subpackages
=
"
$pkgname
-dbg
$pkgname
-doc
$pkgname
-dev libcurl"
# secfixes:
# 7.55.0-r0:
# - CVE-2017-1000099
# - CVE-2017-1000100
# - CVE-2017-1000101
# 7.54.0-r0:
# - CVE-2017-7468
# 7.53.1-r2:
...
...
@@ -52,6 +57,10 @@ builddir="$srcdir/$pkgname-$pkgver"
build
()
{
cd
"
$builddir
"
# see https://curl.haxx.se/mail/lib-2017-08/0050.html
rm
docs/libcurl/opts/CURLOPT_STRIP_PATH_SLASH.3
./configure
\
--build
=
$CBUILD
\
--host
=
$CHOST
\
...
...
@@ -82,4 +91,5 @@ libcurl() {
mv
"
$pkgdir
"
/usr/lib
"
$subpkgdir
"
/usr
}
sha512sums
=
"eb9639677f0ca1521ca631c520ab83ad071c52b31690e5e7f31546f6a44b2f11d1bb62282056cffb570eb290bf1e7830e87cb536295ac6a54a904663e795f2da curl-7.54.1.tar.bz2"
sha512sums
=
"4975864621219e937585aaf5a9a54bba112b58bbf5a8acd92e1e972ea747a15a5564143548c5d8930b8c0d0e9d27d28225d0c81e52a1ba71e4c6f9e3859c978b curl-7.55.0.tar.bz2
d0f102fdbc2174169b2fea9248c3187d8c546d3a788447769dceec5fb7e063adbebbc967b88d208af1355cfda600f837abdae6d2e057a096eededc1857d2b8d3 curl-do-bounds-check-using-a-double-comparison.patch"
main/curl/CVE-2017-7407.patch
deleted
100644 → 0
View file @
c4181213
From 6019f1795b4e3b72507b84b0e02dc8c32024f562 Mon Sep 17 00:00:00 2001
From: Dan Fandrich <dan@coneharvesters.com>
Date: Sat, 11 Mar 2017 10:59:34 +0100
Subject: [PATCH] CVE-2017-7407: fixed
Bug: https://curl.haxx.se/docs/adv_20170403.html
Reported-by: Brian Carpenter
---
src/tool_writeout.c | 6 +++---
tests/data/Makefile.inc | 2 +-
tests/data/test1440 | 31 +++++++++++++++++++++++++++++++
tests/data/test1441 | 31 +++++++++++++++++++++++++++++++
tests/data/test1442 | 35 +++++++++++++++++++++++++++++++++++
5 files changed, 101 insertions(+), 4 deletions(-)
create mode 100644 tests/data/test1440
create mode 100644 tests/data/test1441
create mode 100644 tests/data/test1442
diff --git a/src/tool_writeout.c b/src/tool_writeout.c
index 2fb77742a..5d92bd278 100644
--- a/src/tool_writeout.c
+++ b/src/tool_writeout.c
@@ -3,11 +3,11 @@
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at https://curl.haxx.se/docs/copyright.html.
*
@@ -111,11 +111,11 @@
void ourWriteOut(CURL *curl, struct OutStruct *outs, const char *writeinfo)
char *stringp = NULL;
long longinfo;
double doubleinfo;
while(ptr && *ptr) {
- if('%' == *ptr) {
+ if('%' == *ptr && ptr[1]) {
if('%' == ptr[1]) {
/* an escaped %-letter */
fputc('%', stream);
ptr += 2;
}
@@ -339,11 +339,11 @@
void ourWriteOut(CURL *curl, struct OutStruct *outs, const char *writeinfo)
fputc(ptr[1], stream);
ptr += 2;
}
}
}
- else if('\\' == *ptr) {
+ else if('\\' == *ptr && ptr[1]) {
switch(ptr[1]) {
case 'r':
fputc('\r', stream);
break;
case 'n':
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 8251ab9a4..267ff6aef 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -149,11 +149,11 @@
test1396 test1397 test1398 \
test1400 test1401 test1402 test1403 test1404 test1405 test1406 test1407 \
test1408 test1409 test1410 test1411 test1412 test1413 test1414 test1415 \
test1416 test1417 test1418 test1419 test1420 test1421 test1422 test1423 \
test1424 \
test1428 test1429 test1430 test1431 test1432 test1433 test1434 test1435 \
-test1436 test1437 test1438 test1439 \
+test1436 test1437 test1438 test1439 test1440 test1441 test1442 \
\
test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
test1516 test1517 \
\
diff --git a/tests/data/test1440 b/tests/data/test1440
new file mode 100644
index 000000000..7ed0c4d5f
--- /dev/null
+++ b/tests/data/test1440
@@ -0,0 +1,31 @@
+<testcase>
+<info>
+<keywords>
+--write-out
+</keywords>
+</info>
+# Server-side
+<reply>
+</reply>
+
+# Client-side
+<client>
+<server>
+file
+</server>
+
+<name>
+Check --write-out with trailing %{
+</name>
+<command>
+file://localhost/%PWD/log/ --write-out '%{'
+</command>
+</client>
+
+# Verify data
+<verify>
+<stdout nonewline="yes">
+%{
+</stdout>
+</verify>
+</testcase>
diff --git a/tests/data/test1441 b/tests/data/test1441
new file mode 100644
index 000000000..6e253a690
--- /dev/null
+++ b/tests/data/test1441
@@ -0,0 +1,31 @@
+<testcase>
+<info>
+<keywords>
+--write-out
+</keywords>
+</info>
+# Server-side
+<reply>
+</reply>
+
+# Client-side
+<client>
+<server>
+file
+</server>
+
+<name>
+Check --write-out with trailing %
+</name>
+<command>
+file://localhost/%PWD/log/ --write-out '%'
+</command>
+</client>
+
+# Verify data
+<verify>
+<stdout nonewline="yes">
+%
+</stdout>
+</verify>
+</testcase>
diff --git a/tests/data/test1442 b/tests/data/test1442
new file mode 100644
index 000000000..255a4c9ff
--- /dev/null
+++ b/tests/data/test1442
@@ -0,0 +1,35 @@
+<testcase>
+<info>
+<keywords>
+--write-out
+FILE
+</keywords>
+</info>
+# Server-side
+<reply>
+</reply>
+
+# Client-side
+<client>
+<server>
+file
+</server>
+
+<name>
+Check --write-out with trailing \
+</name>
+<command>
+file://localhost/%PWD/log/non-existent-file.txt --write-out '\'
+</command>
+</client>
+
+# Verify data
+<verify>
+<errorcode>
+37
+</errorcode>
+<stdout nonewline="yes">
+\
+</stdout>
+</verify>
+</testcase>
--
2.11.0
main/curl/curl-do-bounds-check-using-a-double-comparison.patch
0 → 100644
View file @
13ee88b0
From 45a560390c4356bcb81d933bbbb229c8ea2acb63 Mon Sep 17 00:00:00 2001
From: Adam Sampson <ats@offog.org>
Date: Wed, 9 Aug 2017 14:11:17 +0100
Subject: [PATCH] curl: do bounds check using a double comparison
The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't
complete: if the parsed number in num is larger than will fit in a long,
the conversion is undefined behaviour (causing test1427 to fail for me
on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7). Getting
rid of the cast means the comparison will be done using doubles.
It might make more sense for the max argument to also be a double...
Fixes #1750
Closes #1749
---
src/tool_paramhlp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c
index b9dedc989e..85c5e79a7e 100644
--- a/src/tool_paramhlp.c
+++ b/src/tool_paramhlp.c
@@ -218,7 +218,7 @@
static ParameterError str2double(double *val, const char *str, long max)
num = strtod(str, &endptr);
if(errno == ERANGE)
return PARAM_NUMBER_TOO_LARGE;
- if((long)num > max) {
+ if(num > max) {
/* too large */
return PARAM_NUMBER_TOO_LARGE;
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment