main/curl: upgrade to 7.57.0

2025-08-05 21:37:15 +02:00 · 2017-11-30 04:01:54 +01:00 · 2017-11-30 04:01:54 +01:00 · d19c5b26c7
commit d19c5b26c7
parent 6791f008cd
2 changed files with 11 additions and 41 deletions
--- a/main/curl/APKBUILD
+++ b/main/curl/APKBUILD
@ -3,19 +3,22 @@
 # Contributor: Łukasz Jendrysik <scadu@yandex.com>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=curl
-pkgver=7.56.1
-pkgrel=1
+pkgver=7.57.0
+pkgrel=0
 pkgdesc="An URL retrival utility and library"
 url="http://curl.haxx.se"
 arch="all"
 license="MIT"
 depends="ca-certificates"
 makedepends="zlib-dev libressl-dev libssh2-dev groff perl"
-source="http://curl.haxx.se/download/$pkgname-$pkgver.tar.bz2
-	"
+source="http://curl.haxx.se/download/$pkgname-$pkgver.tar.bz2"
 subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev libcurl"

 # secfixes:
+#   7.57.0-r0:
+#     - CVE-2017-8816
+#     - CVE-2017-8817
+#     - CVE-2017-8818
 #   7.56.1-r0:
 #     - CVE-2017-1000257
 #   7.55.0-r0:
@ -67,9 +70,8 @@ build() {
 		--without-libidn \
 		--without-libidn2 \
 		--disable-ldap \
-		--with-pic \
-		|| return 1
-	make || return 1
+		--with-pic
+	make
 }

 check() {
@ -79,7 +81,7 @@ check() {

 package() {
 	make DESTDIR="$pkgdir" \
-		-C "$builddir" install || return 1
+		-C "$builddir" install
 }

 libcurl() {
@ -88,4 +90,4 @@ libcurl() {
 	mv "$pkgdir"/usr/lib "$subpkgdir"/usr
 }

-sha512sums="f8a602e6890b2791ea9199c80801ffd027980de3733d4ab001ee80b5167f840cc821c6fe7852087c88a471edc9d3f328cf660af3e2c6f7139d6c8de62b0ade68  curl-7.56.1.tar.bz2"
+sha512sums="f366d2e931d7aff63bac0e1f760ced32c849252947d522427ba92124566906a7e6bd081b6d1630df36895dda2a00ac4cf1bed1470740693ef47ab90c6a270377  curl-7.57.0.tar.bz2"
--- a/main/curl/curl-do-bounds-check-using-a-double-comparison.patch
+++ b/main/curl/curl-do-bounds-check-using-a-double-comparison.patch
@ -1,32 +0,0 @@
-From 45a560390c4356bcb81d933bbbb229c8ea2acb63 Mon Sep 17 00:00:00 2001
-From: Adam Sampson <ats@offog.org>
-Date: Wed, 9 Aug 2017 14:11:17 +0100
-Subject: [PATCH] curl: do bounds check using a double comparison
-
-The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't
-complete: if the parsed number in num is larger than will fit in a long,
-the conversion is undefined behaviour (causing test1427 to fail for me
-on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7).  Getting
-rid of the cast means the comparison will be done using doubles.
-
-It might make more sense for the max argument to also be a double...
-
-Fixes #1750
-Closes #1749
---
- src/tool_paramhlp.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c
-index b9dedc989e..85c5e79a7e 100644
--- a/src/tool_paramhlp.c
-+++ b/src/tool_paramhlp.c
-@@ -218,7 +218,7 @@ static ParameterError str2double(double *val, const char *str, long max)
-     num = strtod(str, &endptr);
-     if(errno == ERANGE)
-       return PARAM_NUMBER_TOO_LARGE;
-    if((long)num > max) {
-+    if(num > max) {
-       /* too large */
-       return PARAM_NUMBER_TOO_LARGE;
-     }