Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

curl: update to version 7.74.0 (security fix)

Browse source 
Fixes:
CVE-2020-8286
CVE-2020-8285
CVE-2020-8284

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
This commit is contained in:
Jan Pavlinec 2020-12-11 13:19:30 +01:00
parent 3292d24cfe
commit 9e2dc1e51e
No known key found for this signature in database
GPG key ID: 60244CCEFB39E584
2 changed files with 3 additions and 73 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
net/curl/Makefile
View file

@ -8,15 +8,15 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=curl PKG_NAME:=curl
PKG_VERSION:=7.73.0 PKG_VERSION:=7.74.0
PKG_RELEASE:=2 PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://dl.uxnr.de/mirror/curl/ \ PKG_SOURCE_URL:=https://dl.uxnr.de/mirror/curl/ \
https://curl.mirror.anstey.ca/ \ https://curl.mirror.anstey.ca/ \
https://curl.askapache.com/download/ \ https://curl.askapache.com/download/ \
https://curl.haxx.se/download/ https://curl.haxx.se/download/
PKG_HASH:=7c4c7ca4ea88abe00fea4740dcf81075c031b1d0bb23aff2d5efde20a3c2408a PKG_HASH:=999d5f2c403cf6e25d58319fdd596611e455dd195208746bc6e6d197a77e878b
PKG_LICENSE:=MIT PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=COPYING PKG_LICENSE_FILES:=COPYING

70
net/curl/patches/001-openssl-acknowledge-SRP-disabling-in-configure-properly.patch
View file

@ -1,70 +0,0 @@
From a3d5b199f96a108f38bd1f6adaf3a7585f721d02 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 15 Oct 2020 22:56:13 +0200
Subject: [PATCH] openssl: acknowledge SRP disabling in configure properly
Follow-up to 68a513247409
Use a new separate define that is the combination of both
HAVE_OPENSSL_SRP and USE_TLS_SRP: USE_OPENSSL_SRP
Bug: https://curl.haxx.se/mail/lib-2020-10/0037.html
Closes #6094
---
lib/vtls/openssl.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -225,6 +225,14 @@
"ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH"
#endif
+#ifdef HAVE_OPENSSL_SRP
+/* the function exists */
+#ifdef USE_TLS_SRP
+/* the functionality is not disabled */
+#define USE_OPENSSL_SRP
+#endif
+#endif
+
struct ssl_backend_data {
/* these ones requires specific SSL-types */
SSL_CTX* ctx;
@@ -2471,7 +2479,7 @@ static CURLcode ossl_connect_step1(struc
#endif
#endif
const long int ssl_version = SSL_CONN_CONFIG(version);
-#ifdef HAVE_OPENSSL_SRP
+#ifdef USE_OPENSSL_SRP
const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(authtype);
#endif
char * const ssl_cert = SSL_SET_OPTION(primary.clientcert);
@@ -2516,7 +2524,7 @@ static CURLcode ossl_connect_step1(struc
failf(data, OSSL_PACKAGE " was built without SSLv2 support");
return CURLE_NOT_BUILT_IN;
#else
-#ifdef HAVE_OPENSSL_SRP
+#ifdef USE_OPENSSL_SRP
if(ssl_authtype == CURL_TLSAUTH_SRP)
return CURLE_SSL_CONNECT_ERROR;
#endif
@@ -2529,7 +2537,7 @@ static CURLcode ossl_connect_step1(struc
failf(data, OSSL_PACKAGE " was built without SSLv3 support");
return CURLE_NOT_BUILT_IN;
#else
-#ifdef HAVE_OPENSSL_SRP
+#ifdef USE_OPENSSL_SRP
if(ssl_authtype == CURL_TLSAUTH_SRP)
return CURLE_SSL_CONNECT_ERROR;
#endif
@@ -2797,7 +2805,7 @@ static CURLcode ossl_connect_step1(struc
}
#endif
-#ifdef HAVE_OPENSSL_SRP
+#ifdef USE_OPENSSL_SRP
if(ssl_authtype == CURL_TLSAUTH_SRP) {
char * const ssl_username = SSL_SET_OPTION(username);