curl: update to version 7.74.0 (security fix)
authorJan Pavlinec <jan.pavlinec@nic.cz>
Fri, 11 Dec 2020 12:19:30 +0000 (13:19 +0100)
committerJan Pavlinec <jan.pavlinec@nic.cz>
Fri, 11 Dec 2020 12:20:52 +0000 (13:20 +0100)
Fixes:
CVE-2020-8286
CVE-2020-8285
CVE-2020-8284

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
net/curl/Makefile
net/curl/patches/001-openssl-acknowledge-SRP-disabling-in-configure-properly.patch [deleted file]

index 6023811d99e7385fe2ba00fecf6718b8037a99ae..cf6cdc30f990a2aadbb9b516ea200c94e918f132 100644 (file)
@@ -8,15 +8,15 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=curl
-PKG_VERSION:=7.73.0
-PKG_RELEASE:=2
+PKG_VERSION:=7.74.0
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://dl.uxnr.de/mirror/curl/ \
        https://curl.mirror.anstey.ca/ \
        https://curl.askapache.com/download/ \
        https://curl.haxx.se/download/
-PKG_HASH:=7c4c7ca4ea88abe00fea4740dcf81075c031b1d0bb23aff2d5efde20a3c2408a
+PKG_HASH:=999d5f2c403cf6e25d58319fdd596611e455dd195208746bc6e6d197a77e878b
 
 PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=COPYING
diff --git a/net/curl/patches/001-openssl-acknowledge-SRP-disabling-in-configure-properly.patch b/net/curl/patches/001-openssl-acknowledge-SRP-disabling-in-configure-properly.patch
deleted file mode 100644 (file)
index 1309316..0000000
+++ /dev/null
@@ -1,70 +0,0 @@
-From a3d5b199f96a108f38bd1f6adaf3a7585f721d02 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 15 Oct 2020 22:56:13 +0200
-Subject: [PATCH] openssl: acknowledge SRP disabling in configure properly
-
-Follow-up to 68a513247409
-
-Use a new separate define that is the combination of both
-HAVE_OPENSSL_SRP and USE_TLS_SRP: USE_OPENSSL_SRP
-
-Bug: https://curl.haxx.se/mail/lib-2020-10/0037.html
-
-Closes #6094
----
- lib/vtls/openssl.c | 16 ++++++++++++----
- 1 file changed, 12 insertions(+), 4 deletions(-)
-
---- a/lib/vtls/openssl.c
-+++ b/lib/vtls/openssl.c
-@@ -225,6 +225,14 @@
-   "ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH"
- #endif
-+#ifdef HAVE_OPENSSL_SRP
-+/* the function exists */
-+#ifdef USE_TLS_SRP
-+/* the functionality is not disabled */
-+#define USE_OPENSSL_SRP
-+#endif
-+#endif
-+
- struct ssl_backend_data {
-   /* these ones requires specific SSL-types */
-   SSL_CTX* ctx;
-@@ -2471,7 +2479,7 @@ static CURLcode ossl_connect_step1(struc
- #endif
- #endif
-   const long int ssl_version = SSL_CONN_CONFIG(version);
--#ifdef HAVE_OPENSSL_SRP
-+#ifdef USE_OPENSSL_SRP
-   const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(authtype);
- #endif
-   char * const ssl_cert = SSL_SET_OPTION(primary.clientcert);
-@@ -2516,7 +2524,7 @@ static CURLcode ossl_connect_step1(struc
-     failf(data, OSSL_PACKAGE " was built without SSLv2 support");
-     return CURLE_NOT_BUILT_IN;
- #else
--#ifdef HAVE_OPENSSL_SRP
-+#ifdef USE_OPENSSL_SRP
-     if(ssl_authtype == CURL_TLSAUTH_SRP)
-       return CURLE_SSL_CONNECT_ERROR;
- #endif
-@@ -2529,7 +2537,7 @@ static CURLcode ossl_connect_step1(struc
-     failf(data, OSSL_PACKAGE " was built without SSLv3 support");
-     return CURLE_NOT_BUILT_IN;
- #else
--#ifdef HAVE_OPENSSL_SRP
-+#ifdef USE_OPENSSL_SRP
-     if(ssl_authtype == CURL_TLSAUTH_SRP)
-       return CURLE_SSL_CONNECT_ERROR;
- #endif
-@@ -2797,7 +2805,7 @@ static CURLcode ossl_connect_step1(struc
-   }
- #endif
--#ifdef HAVE_OPENSSL_SRP
-+#ifdef USE_OPENSSL_SRP
-   if(ssl_authtype == CURL_TLSAUTH_SRP) {
-     char * const ssl_username = SSL_SET_OPTION(username);