From 7042250abfa39066b6417aaa880a7d8a839c1987 Mon Sep 17 00:00:00 2001 From: Zach van Rijn Date: Mon, 25 Sep 2023 16:31:33 +0000 Subject: system/curl: add patch for fseek type mismatch. fixes #1060. --- system/curl/APKBUILD | 20 ++++- system/curl/fix-fseek-type-mismatch.patch | 130 ++++++++++++++++++++++++++++++ 2 files changed, 146 insertions(+), 4 deletions(-) create mode 100644 system/curl/fix-fseek-type-mismatch.patch diff --git a/system/curl/APKBUILD b/system/curl/APKBUILD index 700699522..aedaa6e7b 100644 --- a/system/curl/APKBUILD +++ b/system/curl/APKBUILD @@ -4,16 +4,19 @@ # Maintainer: Zach van Rijn pkgname=curl pkgver=8.3.0 -pkgrel=0 +pkgrel=1 pkgdesc="A URL retrival utility and library" url="https://curl.haxx.se" arch="all" license="MIT" depends="ca-certificates" makedepends_build="perl" -makedepends_host="libssh2-dev nghttp2-dev openssl-dev zlib-dev zstd-dev" +makedepends_host="libssh2-dev nghttp2-dev openssl-dev zlib-dev zstd-dev + autoconf automake libtool" makedepends="$makedepends_build $makedepends_host" -source="https://curl.haxx.se/download/$pkgname-$pkgver.tar.xz" +source="https://curl.haxx.se/download/$pkgname-$pkgver.tar.xz + fix-fseek-type-mismatch.patch + " subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev libcurl" # secfixes: @@ -100,6 +103,14 @@ subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev libcurl" # - CVE-2014-0138 # - CVE-2014-0139 +# remove after the upstream release includes +# https://github.com/curl/curl/pull/11918 +prepare() { + default_prepare + + autoreconf -vif +} + build() { ./configure \ --build=$CBUILD \ @@ -132,4 +143,5 @@ libcurl() { mv "$pkgdir"/usr/lib "$subpkgdir"/usr } -sha512sums="6404b4c74fe1185cb482631ca3a143996cb7298d0d8a76bfafd7696e7729c00559999a069bdba782dee3f3eb273fb678a4438cb27d3deca54022878cdff83a51 curl-8.3.0.tar.xz" +sha512sums="6404b4c74fe1185cb482631ca3a143996cb7298d0d8a76bfafd7696e7729c00559999a069bdba782dee3f3eb273fb678a4438cb27d3deca54022878cdff83a51 curl-8.3.0.tar.xz +c89178b8be2f48ba0a25072087d5430ec25293f3b5d5a7eef916656b356609624f679a143f90d28459cc6e669ad028526663934a22ea4c777e86ce154d6c5516 fix-fseek-type-mismatch.patch" diff --git a/system/curl/fix-fseek-type-mismatch.patch b/system/curl/fix-fseek-type-mismatch.patch new file mode 100644 index 000000000..ec83efb41 --- /dev/null +++ b/system/curl/fix-fseek-type-mismatch.patch @@ -0,0 +1,130 @@ +From 40ee445b3b05be4e215be8b5b0f87f7080ceaf26 Mon Sep 17 00:00:00 2001 +From: Natanael Copa +Date: Mon, 25 Sep 2023 13:03:26 +0200 +Subject: [PATCH] configure: sort AC_CHECK_FUNCS + +No functional changes. +--- + configure.ac | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 2fc9f2f01783c..a6f9066a133a4 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -3583,8 +3583,10 @@ AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Se + #include ]]) + + +-AC_CHECK_FUNCS([fnmatch \ ++AC_CHECK_FUNCS([\ ++ arc4random \ + fchmod \ ++ fnmatch \ + fork \ + geteuid \ + getpass_r \ +@@ -3604,7 +3606,6 @@ AC_CHECK_FUNCS([fnmatch \ + snprintf \ + utime \ + utimes \ +- arc4random + ],[ + ],[ + func="$ac_func" +From 60d047b6b238427a7dda916bb00d0a48238e7a27 Mon Sep 17 00:00:00 2001 +From: Natanael Copa +Date: Fri, 22 Sep 2023 13:58:49 +0000 +Subject: [PATCH] lib: use wrapper for curl_mime_data fseek callback + +fseek uses long offset which does not match with curl_off_t. This leads +to undefined behavior when calling the callback and caused failure on +arm 32 bit. + +Use a wrapper to solve this and use fseeko which uses off_t instead of +long. + +Thanks to the nice people at Libera IRC #musl for helping finding this +out. + +Closes #11882 +Closes #11900 +--- + CMakeLists.txt | 3 +++ + configure.ac | 2 ++ + lib/formdata.c | 17 +++++++++++++++-- + 3 files changed, 20 insertions(+), 2 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 0b3aed90627b1..84774dc1db043 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -1037,6 +1037,7 @@ check_include_file_concat("signal.h" HAVE_SIGNAL_H) + check_include_file_concat("stdatomic.h" HAVE_STDATOMIC_H) + check_include_file_concat("stdbool.h" HAVE_STDBOOL_H) + check_include_file_concat("stdint.h" HAVE_STDINT_H) ++check_include_file_concat("stdio.h" HAVE_STDIO_H) + check_include_file_concat("stdlib.h" HAVE_STDLIB_H) + check_include_file_concat("string.h" HAVE_STRING_H) + check_include_file_concat("strings.h" HAVE_STRINGS_H) +@@ -1122,6 +1123,8 @@ endif() + check_symbol_exists(freeaddrinfo "${CURL_INCLUDES}" HAVE_FREEADDRINFO) + check_symbol_exists(pipe "${CURL_INCLUDES}" HAVE_PIPE) + check_symbol_exists(ftruncate "${CURL_INCLUDES}" HAVE_FTRUNCATE) ++check_symbol_exists(fseeko "${CURL_INCLUDES}" HAVE_FSEEKO) ++check_symbol_exists(_fseeki64 "${CURL_INCLUDES}" HAVE__FSEEKI64) + check_symbol_exists(getpeername "${CURL_INCLUDES}" HAVE_GETPEERNAME) + check_symbol_exists(getsockname "${CURL_INCLUDES}" HAVE_GETSOCKNAME) + check_symbol_exists(if_nametoindex "${CURL_INCLUDES}" HAVE_IF_NAMETOINDEX) +diff --git a/configure.ac b/configure.ac +index a6f9066a133a4..5fa7c45c47430 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -3584,10 +3584,12 @@ AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Se + + + AC_CHECK_FUNCS([\ ++ _fseeki64 \ + arc4random \ + fchmod \ + fnmatch \ + fork \ ++ fseeko \ + geteuid \ + getpass_r \ + getppid \ +diff --git a/lib/formdata.c b/lib/formdata.c +index 8984b63223cc0..f370ce6854b5f 100644 +--- a/lib/formdata.c ++++ b/lib/formdata.c +@@ -789,6 +789,20 @@ static CURLcode setname(curl_mimepart *part, const char *name, size_t len) + return res; + } + ++/* wrap call to fseeko so it matches the calling convetion of callback */ ++static int fseeko_wrapper(void *stream, curl_off_t offset, int whence) ++{ ++#if defined(HAVE_FSEEKO) ++ return fseeko(stream, (off_t)offset, whence); ++#elif defined(HAVE__FSEEKI64) ++ return _fseeki64(stream, (__int64)offset, whence); ++#else ++ if(offset > LONG_MAX) ++ return -1; ++ return fseek(stream, (long)offset, whence); ++#endif ++} ++ + /* + * Curl_getformdata() converts a linked list of "meta data" into a mime + * structure. The input list is in 'post', while the output is stored in +@@ -874,8 +888,7 @@ CURLcode Curl_getformdata(struct Curl_easy *data, + compatibility: use of "-" pseudo file name should be avoided. */ + result = curl_mime_data_cb(part, (curl_off_t) -1, + (curl_read_callback) fread, +- CURLX_FUNCTION_CAST(curl_seek_callback, +- fseek), ++ fseeko_wrapper, + NULL, (void *) stdin); + } + else -- cgit v1.2.3-70-g09d2