Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
aports
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Johannes Müller
aports
Commits
45a89031
Commit
45a89031
authored
Nov 06, 2018
by
Leonardo Arena
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
main/curl: security fixes
(CVE-2018-16839, CVE-2018-16840, CVE-2018-16842) Fixes #9613
parent
eb86d760
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
95 additions
and
2 deletions
+95
-2
main/curl/APKBUILD
main/curl/APKBUILD
+12
-2
main/curl/CVE-2018-16839.patch
main/curl/CVE-2018-16839.patch
+25
-0
main/curl/CVE-2018-16840.patch
main/curl/CVE-2018-16840.patch
+33
-0
main/curl/CVE-2018-16842.patch
main/curl/CVE-2018-16842.patch
+25
-0
No files found.
main/curl/APKBUILD
View file @
45a89031
...
...
@@ -4,7 +4,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname
=
curl
pkgver
=
7.61.1
pkgrel
=
0
pkgrel
=
1
pkgdesc
=
"URL retrival utility and library"
url
=
"https://curl.haxx.se"
arch
=
"all"
...
...
@@ -15,10 +15,17 @@ source="http://curl.haxx.se/download/$pkgname-$pkgver.tar.xz"
subpackages
=
"
$pkgname
-dbg
$pkgname
-doc
$pkgname
-dev libcurl"
source
=
"https://curl.haxx.se/download/
$pkgname
-
$pkgver
.tar.xz
use-OPENSSL_config.patch
CVE-2018-16839.patch
CVE-2018-16840.patch
CVE-2018-16842.patch
"
builddir
=
"
$srcdir
/
$pkgname
-
$pkgver
"
# secfixes:
# 7.61.1-r1:
# - CVE-2018-16839
# - CVE-2018-16840
# - CVE-2018-16842
# 7.61.1-r0:
# - CVE-2018-14618
# 7.61.0-r0:
...
...
@@ -107,4 +114,7 @@ libcurl() {
}
sha512sums
=
"e6f82a7292c70841162480c8880d25046bcfa64058f4ff76f7d398c85da569af1c244442c9c58a3478d59264365ff8e39eed2fb564cb137118588f7862e64e9a curl-7.61.1.tar.xz
708527e73f9512c50e2250ca26786ba8994dc05fd2e362c1feb274e251219fb4bfc97e7e7722aa12424ccaf4c511d90d8820561c82a24f103b9ee2b743f4be28 use-OPENSSL_config.patch"
708527e73f9512c50e2250ca26786ba8994dc05fd2e362c1feb274e251219fb4bfc97e7e7722aa12424ccaf4c511d90d8820561c82a24f103b9ee2b743f4be28 use-OPENSSL_config.patch
4a28e4dcf36bf8e2fc5658d7fcee311d29452f4bed1479bad02772a8b7969c9dc653480b85715a5fe2bd2c2a8ae59e94fe72ffc6d0fe765131010d8f64bdfaee CVE-2018-16839.patch
c1a684f17267b08f77625064ac62e4f06989c552d6d501565f8bebf31d3a96a613f0683376ec7cc16f6489554dcca4dcb1d428461159b82434c076df44ef5b38 CVE-2018-16840.patch
dcaca036eafaaae66eba99808d00ff6bed3c9e59c2c1239ca1ddcf54c9e1c53edabd543dc6925ded3cdf9efd39c0968353527ae5ed0b986cefba333fbc7fd1af CVE-2018-16842.patch"
main/curl/CVE-2018-16839.patch
0 → 100644
View file @
45a89031
From f3a24d7916b9173c69a3e0ee790102993833d6c5 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 28 Sep 2018 16:08:16 +0200
Subject: [PATCH] Curl_auth_create_plain_message: fix too-large-input-check
CVE-2018-16839
Reported-by: Harry Sintonen
Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
---
lib/vauth/cleartext.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c
index a10edbdc74..be6d6111e2 100644
--- a/lib/vauth/cleartext.c
+++ b/lib/vauth/cleartext.c
@@ -74,7 +74,7 @@
CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
plen = strlen(passwdp);
/* Compute binary message length. Check for overflows. */
- if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2)))
+ if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2)))
return CURLE_OUT_OF_MEMORY;
plainlen = 2 * ulen + plen + 2;
main/curl/CVE-2018-16840.patch
0 → 100644
View file @
45a89031
From 81d135d67155c5295b1033679c606165d4e28f3f Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 18 Oct 2018 15:07:15 +0200
Subject: [PATCH] Curl_close: clear data->multi_easy on free to avoid
use-after-free
Regression from b46cfbc068 (7.59.0)
CVE-2018-16840
Reported-by: Brian Carpenter (Geeknik Labs)
Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
---
lib/url.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/url.c b/lib/url.c
index 723b898065..0d5a13f996 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -331,10 +331,12 @@
CURLcode Curl_close(struct Curl_easy *data)
and detach this handle from there. */
curl_multi_remove_handle(data->multi, data);
- if(data->multi_easy)
+ if(data->multi_easy) {
/* when curl_easy_perform() is used, it creates its own multi handle to
use and this is the one */
curl_multi_cleanup(data->multi_easy);
+ data->multi_easy = NULL;
+ }
/* Destroy the timeout list that is held in the easy handle. It is
/normally/ done by curl_multi_remove_handle() but this is "just in
main/curl/CVE-2018-16842.patch
0 → 100644
View file @
45a89031
From d530e92f59ae9bb2d47066c3c460b25d2ffeb211 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 28 Oct 2018 01:33:23 +0200
Subject: [PATCH] voutf: fix bad arethmetic when outputting warnings to stderr
CVE-2018-16842
Reported-by: Brian Carpenter
Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
---
src/tool_msgs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tool_msgs.c b/src/tool_msgs.c
index 832ed8147b..f5e1df25fb 100644
--- a/src/tool_msgs.c
+++ b/src/tool_msgs.c
@@ -67,7 +67,7 @@
static void voutf(struct GlobalConfig *config,
(void)fwrite(ptr, cut + 1, 1, config->errors);
fputs("\n", config->errors);
ptr += cut + 1; /* skip the space too */
- len -= cut;
+ len -= cut + 1;
}
else {
fputs(ptr, config->errors);
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment