diff options
Diffstat (limited to 'harmony/curl')
| -rw-r--r-- | harmony/curl/APKBUILD | 93 | ||||
| -rw-r--r-- | harmony/curl/curl-do-bounds-check-using-a-double-comparison.patch | 32 |
2 files changed, 0 insertions, 125 deletions
diff --git a/harmony/curl/APKBUILD b/harmony/curl/APKBUILD deleted file mode 100644 index fd20e55dd..000000000 --- a/harmony/curl/APKBUILD +++ /dev/null @@ -1,93 +0,0 @@ -# Contributor: Sergei Lukin <sergej.lukin@gmail.com> -# Contributor: Valery Kartel <valery.kartel@gmail.com> -# Contributor: Łukasz Jendrysik <scadu@yandex.com> -# Maintainer: Natanael Copa <ncopa@alpinelinux.org> -pkgname=curl -pkgver=7.56.1 -pkgrel=0 -pkgdesc="An URL retrival utility and library" -url="http://curl.haxx.se" -arch="all" -license="MIT" -depends="ca-certificates" -makedepends_build="groff perl" -makedepends_host="zlib-dev openssl-dev libssh2-dev" -makedepends="$makedepends_build $makedepends_host" -source="http://curl.haxx.se/download/$pkgname-$pkgver.tar.bz2 - " -subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev libcurl" - -# secfixes: -# 7.56.1-r0: -# - CVE-2017-1000257 -# 7.55.0-r0: -# - CVE-2017-1000099 -# - CVE-2017-1000100 -# - CVE-2017-1000101 -# 7.54.0-r0: -# - CVE-2017-7468 -# 7.53.1-r2: -# - CVE-2017-7407 -# 7.53.0: -# - CVE-2017-2629 -# 7.52.1: -# - CVE-2016-9594 -# 7.51.0: -# - CVE-2016-8615 -# - CVE-2016-8616 -# - CVE-2016-8617 -# - CVE-2016-8618 -# - CVE-2016-8619 -# - CVE-2016-8620 -# - CVE-2016-8621 -# - CVE-2016-8622 -# - CVE-2016-8623 -# - CVE-2016-8624 -# - CVE-2016-8625 -# 7.50.3: -# - CVE-2016-7167 -# 7.50.2: -# - CVE-2016-7141 -# 7.50.1: -# - CVE-2016-5419 -# - CVE-2016-5420 -# - CVE-2016-5421 -# 7.36.0: -# - CVE-2014-0138 -# - CVE-2014-0139 - -builddir="$srcdir/$pkgname-$pkgver" - -build() { - cd "$builddir" - ./configure \ - --build=$CBUILD \ - --host=$CHOST \ - --prefix=/usr \ - --enable-ipv6 \ - --enable-unix-sockets \ - --without-libidn \ - --without-libidn2 \ - --disable-ldap \ - --with-pic \ - || return 1 - make || return 1 -} - -check() { - cd "$builddir" - make check -} - -package() { - make DESTDIR="$pkgdir" \ - -C "$builddir" install || return 1 -} - -libcurl() { - pkgdesc="The multiprotocol file transfer library" - mkdir -p "$subpkgdir"/usr - mv "$pkgdir"/usr/lib "$subpkgdir"/usr -} - -sha512sums="f8a602e6890b2791ea9199c80801ffd027980de3733d4ab001ee80b5167f840cc821c6fe7852087c88a471edc9d3f328cf660af3e2c6f7139d6c8de62b0ade68 curl-7.56.1.tar.bz2" diff --git a/harmony/curl/curl-do-bounds-check-using-a-double-comparison.patch b/harmony/curl/curl-do-bounds-check-using-a-double-comparison.patch deleted file mode 100644 index 34e2b6c71..000000000 --- a/harmony/curl/curl-do-bounds-check-using-a-double-comparison.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 45a560390c4356bcb81d933bbbb229c8ea2acb63 Mon Sep 17 00:00:00 2001 -From: Adam Sampson <ats@offog.org> -Date: Wed, 9 Aug 2017 14:11:17 +0100 -Subject: [PATCH] curl: do bounds check using a double comparison - -The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't -complete: if the parsed number in num is larger than will fit in a long, -the conversion is undefined behaviour (causing test1427 to fail for me -on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7). Getting -rid of the cast means the comparison will be done using doubles. - -It might make more sense for the max argument to also be a double... - -Fixes #1750 -Closes #1749 ---- - src/tool_paramhlp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c -index b9dedc989e..85c5e79a7e 100644 ---- a/src/tool_paramhlp.c -+++ b/src/tool_paramhlp.c -@@ -218,7 +218,7 @@ static ParameterError str2double(double *val, const char *str, long max) - num = strtod(str, &endptr); - if(errno == ERANGE) - return PARAM_NUMBER_TOO_LARGE; -- if((long)num > max) { -+ if(num > max) { - /* too large */ - return PARAM_NUMBER_TOO_LARGE; - } |