Commit d19c5b26 authored by TBK's avatar TBK Committed by Natanael Copa

main/curl: upgrade to 7.57.0

parent 6791f008
......@@ -3,19 +3,22 @@
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=curl
pkgver=7.56.1
pkgrel=1
pkgver=7.57.0
pkgrel=0
pkgdesc="An URL retrival utility and library"
url="http://curl.haxx.se"
arch="all"
license="MIT"
depends="ca-certificates"
makedepends="zlib-dev libressl-dev libssh2-dev groff perl"
source="http://curl.haxx.se/download/$pkgname-$pkgver.tar.bz2
"
source="http://curl.haxx.se/download/$pkgname-$pkgver.tar.bz2"
subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev libcurl"
# secfixes:
# 7.57.0-r0:
# - CVE-2017-8816
# - CVE-2017-8817
# - CVE-2017-8818
# 7.56.1-r0:
# - CVE-2017-1000257
# 7.55.0-r0:
......@@ -67,9 +70,8 @@ build() {
--without-libidn \
--without-libidn2 \
--disable-ldap \
--with-pic \
|| return 1
make || return 1
--with-pic
make
}
check() {
......@@ -79,7 +81,7 @@ check() {
package() {
make DESTDIR="$pkgdir" \
-C "$builddir" install || return 1
-C "$builddir" install
}
libcurl() {
......@@ -88,4 +90,4 @@ libcurl() {
mv "$pkgdir"/usr/lib "$subpkgdir"/usr
}
sha512sums="f8a602e6890b2791ea9199c80801ffd027980de3733d4ab001ee80b5167f840cc821c6fe7852087c88a471edc9d3f328cf660af3e2c6f7139d6c8de62b0ade68 curl-7.56.1.tar.bz2"
sha512sums="f366d2e931d7aff63bac0e1f760ced32c849252947d522427ba92124566906a7e6bd081b6d1630df36895dda2a00ac4cf1bed1470740693ef47ab90c6a270377 curl-7.57.0.tar.bz2"
From 45a560390c4356bcb81d933bbbb229c8ea2acb63 Mon Sep 17 00:00:00 2001
From: Adam Sampson <ats@offog.org>
Date: Wed, 9 Aug 2017 14:11:17 +0100
Subject: [PATCH] curl: do bounds check using a double comparison
The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't
complete: if the parsed number in num is larger than will fit in a long,
the conversion is undefined behaviour (causing test1427 to fail for me
on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7). Getting
rid of the cast means the comparison will be done using doubles.
It might make more sense for the max argument to also be a double...
Fixes #1750
Closes #1749
---
src/tool_paramhlp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c
index b9dedc989e..85c5e79a7e 100644
--- a/src/tool_paramhlp.c
+++ b/src/tool_paramhlp.c
@@ -218,7 +218,7 @@ static ParameterError str2double(double *val, const char *str, long max)
num = strtod(str, &endptr);
if(errno == ERANGE)
return PARAM_NUMBER_TOO_LARGE;
- if((long)num > max) {
+ if(num > max) {
/* too large */
return PARAM_NUMBER_TOO_LARGE;
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment