From 5f4aa894fcefaa3c8b0388fe3affe8be6f3d49c9 Mon Sep 17 00:00:00 2001 From: J0WI Date: Wed, 27 Apr 2022 09:21:58 +0200 Subject: [PATCH] main/curl: security upgrade to 7.83.0 --- main/curl/APKBUILD | 14 +++++++----- main/curl/fix-out-of-memory-error.patch | 30 ------------------------- 2 files changed, 9 insertions(+), 35 deletions(-) delete mode 100644 main/curl/fix-out-of-memory-error.patch diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD index 92ac6dbd074..03563ae08a1 100644 --- a/main/curl/APKBUILD +++ b/main/curl/APKBUILD @@ -8,8 +8,8 @@ # this aport from arch=all WILL be reverted. pkgname=curl -pkgver=7.82.0 -pkgrel=1 +pkgver=7.83.0 +pkgrel=0 pkgdesc="URL retrival utility and library" url="https://curl.se/" arch="all" @@ -29,11 +29,16 @@ subpackages=" libcurl" source=" https://curl.se/download/curl-$pkgver.tar.xz - fix-out-of-memory-error.patch" + " options="net" # Required for running tests [ -n "$BOOTSTRAP" ] && options="$options !check" # remove python3 dependency # secfixes: +# 7.83.0-r0: +# - CVE-2022-22576 +# - CVE-2022-27774 +# - CVE-2022-27775 +# - CVE-2022-27776 # 7.79.0-r0: # - CVE-2021-22945 # - CVE-2021-22946 @@ -178,6 +183,5 @@ static() { } sha512sums=" -a977d69360d1793f8872096a21f5c0271e7ad145cd69ad45f4056a0657772f0f298b04bdb41aefd4ea5c4478352c60d80b5a118642280a07a7198aa80ffb1d57 curl-7.82.0.tar.xz -bb2e3d40d65c5c1c07b2623c2d5db11fe232ecf4d9f223ec2bdd8fba32c76c991292b36114b48dd0cad2ed376d127070a65f30fcec7af4b328e4adaab81b4dc1 fix-out-of-memory-error.patch +be02bb2a8a3140eff3a9046f27cd4f872ed9ddaa644af49e56e5ef7dfec84a15b01db133469269437cddc937eda73953fa8c51bb758f7e98873822cd2290d3a9 curl-7.83.0.tar.xz " diff --git a/main/curl/fix-out-of-memory-error.patch b/main/curl/fix-out-of-memory-error.patch deleted file mode 100644 index 5d84f512499..00000000000 --- a/main/curl/fix-out-of-memory-error.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 911714d617c106ed5d553bf003e34ec94ab6a136 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Tue, 8 Mar 2022 13:38:13 +0100 -Subject: [PATCH] openssl: fix CN check error code - -Due to a missing 'else' this returns error too easily. - -Regressed in: d15692ebb - -Reported-by: Kristoffer Gleditsch -Fixes #8559 -Closes #8560 ---- - lib/vtls/openssl.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c -index 0b79fc50a9c5..4618beeb3867 100644 ---- a/lib/vtls/openssl.c -+++ b/lib/vtls/openssl.c -@@ -1817,7 +1817,8 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, - memcpy(peer_CN, ASN1_STRING_get0_data(tmp), peerlen); - peer_CN[peerlen] = '\0'; - } -- result = CURLE_OUT_OF_MEMORY; -+ else -+ result = CURLE_OUT_OF_MEMORY; - } - } - else /* not a UTF8 name */