summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--system/curl/APKBUILD20
-rw-r--r--system/curl/fix-fseek-type-mismatch.patch130
2 files changed, 146 insertions, 4 deletions
diff --git a/system/curl/APKBUILD b/system/curl/APKBUILD
index 700699522..aedaa6e7b 100644
--- a/system/curl/APKBUILD
+++ b/system/curl/APKBUILD
@@ -4,16 +4,19 @@
# Maintainer: Zach van Rijn <me@zv.io>
pkgname=curl
pkgver=8.3.0
-pkgrel=0
+pkgrel=1
pkgdesc="A URL retrival utility and library"
url="https://curl.haxx.se"
arch="all"
license="MIT"
depends="ca-certificates"
makedepends_build="perl"
-makedepends_host="libssh2-dev nghttp2-dev openssl-dev zlib-dev zstd-dev"
+makedepends_host="libssh2-dev nghttp2-dev openssl-dev zlib-dev zstd-dev
+ autoconf automake libtool"
makedepends="$makedepends_build $makedepends_host"
-source="https://curl.haxx.se/download/$pkgname-$pkgver.tar.xz"
+source="https://curl.haxx.se/download/$pkgname-$pkgver.tar.xz
+ fix-fseek-type-mismatch.patch
+ "
subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev libcurl"
# secfixes:
@@ -100,6 +103,14 @@ subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev libcurl"
# - CVE-2014-0138
# - CVE-2014-0139
+# remove after the upstream release includes
+# https://github.com/curl/curl/pull/11918
+prepare() {
+ default_prepare
+
+ autoreconf -vif
+}
+
build() {
./configure \
--build=$CBUILD \
@@ -132,4 +143,5 @@ libcurl() {
mv "$pkgdir"/usr/lib "$subpkgdir"/usr
}
-sha512sums="6404b4c74fe1185cb482631ca3a143996cb7298d0d8a76bfafd7696e7729c00559999a069bdba782dee3f3eb273fb678a4438cb27d3deca54022878cdff83a51 curl-8.3.0.tar.xz"
+sha512sums="6404b4c74fe1185cb482631ca3a143996cb7298d0d8a76bfafd7696e7729c00559999a069bdba782dee3f3eb273fb678a4438cb27d3deca54022878cdff83a51 curl-8.3.0.tar.xz
+c89178b8be2f48ba0a25072087d5430ec25293f3b5d5a7eef916656b356609624f679a143f90d28459cc6e669ad028526663934a22ea4c777e86ce154d6c5516 fix-fseek-type-mismatch.patch"
diff --git a/system/curl/fix-fseek-type-mismatch.patch b/system/curl/fix-fseek-type-mismatch.patch
new file mode 100644
index 000000000..ec83efb41
--- /dev/null
+++ b/system/curl/fix-fseek-type-mismatch.patch
@@ -0,0 +1,130 @@
+From 40ee445b3b05be4e215be8b5b0f87f7080ceaf26 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Mon, 25 Sep 2023 13:03:26 +0200
+Subject: [PATCH] configure: sort AC_CHECK_FUNCS
+
+No functional changes.
+---
+ configure.ac | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 2fc9f2f01783c..a6f9066a133a4 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -3583,8 +3583,10 @@ AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Se
+ #include <sys/types.h>]])
+
+
+-AC_CHECK_FUNCS([fnmatch \
++AC_CHECK_FUNCS([\
++ arc4random \
+ fchmod \
++ fnmatch \
+ fork \
+ geteuid \
+ getpass_r \
+@@ -3604,7 +3606,6 @@ AC_CHECK_FUNCS([fnmatch \
+ snprintf \
+ utime \
+ utimes \
+- arc4random
+ ],[
+ ],[
+ func="$ac_func"
+From 60d047b6b238427a7dda916bb00d0a48238e7a27 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Fri, 22 Sep 2023 13:58:49 +0000
+Subject: [PATCH] lib: use wrapper for curl_mime_data fseek callback
+
+fseek uses long offset which does not match with curl_off_t. This leads
+to undefined behavior when calling the callback and caused failure on
+arm 32 bit.
+
+Use a wrapper to solve this and use fseeko which uses off_t instead of
+long.
+
+Thanks to the nice people at Libera IRC #musl for helping finding this
+out.
+
+Closes #11882
+Closes #11900
+---
+ CMakeLists.txt | 3 +++
+ configure.ac | 2 ++
+ lib/formdata.c | 17 +++++++++++++++--
+ 3 files changed, 20 insertions(+), 2 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 0b3aed90627b1..84774dc1db043 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -1037,6 +1037,7 @@ check_include_file_concat("signal.h" HAVE_SIGNAL_H)
+ check_include_file_concat("stdatomic.h" HAVE_STDATOMIC_H)
+ check_include_file_concat("stdbool.h" HAVE_STDBOOL_H)
+ check_include_file_concat("stdint.h" HAVE_STDINT_H)
++check_include_file_concat("stdio.h" HAVE_STDIO_H)
+ check_include_file_concat("stdlib.h" HAVE_STDLIB_H)
+ check_include_file_concat("string.h" HAVE_STRING_H)
+ check_include_file_concat("strings.h" HAVE_STRINGS_H)
+@@ -1122,6 +1123,8 @@ endif()
+ check_symbol_exists(freeaddrinfo "${CURL_INCLUDES}" HAVE_FREEADDRINFO)
+ check_symbol_exists(pipe "${CURL_INCLUDES}" HAVE_PIPE)
+ check_symbol_exists(ftruncate "${CURL_INCLUDES}" HAVE_FTRUNCATE)
++check_symbol_exists(fseeko "${CURL_INCLUDES}" HAVE_FSEEKO)
++check_symbol_exists(_fseeki64 "${CURL_INCLUDES}" HAVE__FSEEKI64)
+ check_symbol_exists(getpeername "${CURL_INCLUDES}" HAVE_GETPEERNAME)
+ check_symbol_exists(getsockname "${CURL_INCLUDES}" HAVE_GETSOCKNAME)
+ check_symbol_exists(if_nametoindex "${CURL_INCLUDES}" HAVE_IF_NAMETOINDEX)
+diff --git a/configure.ac b/configure.ac
+index a6f9066a133a4..5fa7c45c47430 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -3584,10 +3584,12 @@ AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Se
+
+
+ AC_CHECK_FUNCS([\
++ _fseeki64 \
+ arc4random \
+ fchmod \
+ fnmatch \
+ fork \
++ fseeko \
+ geteuid \
+ getpass_r \
+ getppid \
+diff --git a/lib/formdata.c b/lib/formdata.c
+index 8984b63223cc0..f370ce6854b5f 100644
+--- a/lib/formdata.c
++++ b/lib/formdata.c
+@@ -789,6 +789,20 @@ static CURLcode setname(curl_mimepart *part, const char *name, size_t len)
+ return res;
+ }
+
++/* wrap call to fseeko so it matches the calling convetion of callback */
++static int fseeko_wrapper(void *stream, curl_off_t offset, int whence)
++{
++#if defined(HAVE_FSEEKO)
++ return fseeko(stream, (off_t)offset, whence);
++#elif defined(HAVE__FSEEKI64)
++ return _fseeki64(stream, (__int64)offset, whence);
++#else
++ if(offset > LONG_MAX)
++ return -1;
++ return fseek(stream, (long)offset, whence);
++#endif
++}
++
+ /*
+ * Curl_getformdata() converts a linked list of "meta data" into a mime
+ * structure. The input list is in 'post', while the output is stored in
+@@ -874,8 +888,7 @@ CURLcode Curl_getformdata(struct Curl_easy *data,
+ compatibility: use of "-" pseudo file name should be avoided. */
+ result = curl_mime_data_cb(part, (curl_off_t) -1,
+ (curl_read_callback) fread,
+- CURLX_FUNCTION_CAST(curl_seek_callback,
+- fseek),
++ fseeko_wrapper,
+ NULL, (void *) stdin);
+ }
+ else