ports/core (3.4): [notify] curl: updated to 7.59.0. Fix for CVE-2018-1000120, CVE-2018-1000121 and CVE-2018-1000122

crux at crux.nu crux at crux.nu
Wed Mar 14 10:26:42 UTC 2018


commit 8e0b6f0641977e7e13d84367d48eebf9853c8f23
Author: Fredrik Rinnestam <fredrik at crux.nu>
Date:   Wed Mar 14 11:26:06 2018 +0100

    [notify] curl: updated to 7.59.0. Fix for CVE-2018-1000120, CVE-2018-1000121 and CVE-2018-1000122
    
    https://curl.haxx.se/docs/adv_2018-9cd6.html
    https://curl.haxx.se/docs/adv_2018-97a2.html
    https://curl.haxx.se/docs/adv_2018-b047.html

diff --git a/curl/.footprint b/curl/.footprint
index 7bdfd068..17bec230 100644
--- a/curl/.footprint
+++ b/curl/.footprint
@@ -41,6 +41,7 @@ drwxr-xr-x	root/root	usr/share/man/man3/
 -rw-r--r--	root/root	usr/share/man/man3/CURLINFO_COOKIELIST.3.gz
 -rw-r--r--	root/root	usr/share/man/man3/CURLINFO_EFFECTIVE_URL.3.gz
 -rw-r--r--	root/root	usr/share/man/man3/CURLINFO_FILETIME.3.gz
+-rw-r--r--	root/root	usr/share/man/man3/CURLINFO_FILETIME_T.3.gz
 -rw-r--r--	root/root	usr/share/man/man3/CURLINFO_FTP_ENTRY_PATH.3.gz
 -rw-r--r--	root/root	usr/share/man/man3/CURLINFO_HEADER_SIZE.3.gz
 -rw-r--r--	root/root	usr/share/man/man3/CURLINFO_HTTPAUTH_AVAIL.3.gz
@@ -162,6 +163,7 @@ drwxr-xr-x	root/root	usr/share/man/man3/
 -rw-r--r--	root/root	usr/share/man/man3/CURLOPT_FTP_USE_EPSV.3.gz
 -rw-r--r--	root/root	usr/share/man/man3/CURLOPT_FTP_USE_PRET.3.gz
 -rw-r--r--	root/root	usr/share/man/man3/CURLOPT_GSSAPI_DELEGATION.3.gz
+-rw-r--r--	root/root	usr/share/man/man3/CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.3.gz
 -rw-r--r--	root/root	usr/share/man/man3/CURLOPT_HEADER.3.gz
 -rw-r--r--	root/root	usr/share/man/man3/CURLOPT_HEADERDATA.3.gz
 -rw-r--r--	root/root	usr/share/man/man3/CURLOPT_HEADERFUNCTION.3.gz
@@ -267,6 +269,8 @@ drwxr-xr-x	root/root	usr/share/man/man3/
 -rw-r--r--	root/root	usr/share/man/man3/CURLOPT_REFERER.3.gz
 -rw-r--r--	root/root	usr/share/man/man3/CURLOPT_REQUEST_TARGET.3.gz
 -rw-r--r--	root/root	usr/share/man/man3/CURLOPT_RESOLVE.3.gz
+-rw-r--r--	root/root	usr/share/man/man3/CURLOPT_RESOLVER_START_DATA.3.gz
+-rw-r--r--	root/root	usr/share/man/man3/CURLOPT_RESOLVER_START_FUNCTION.3.gz
 -rw-r--r--	root/root	usr/share/man/man3/CURLOPT_RESUME_FROM.3.gz
 -rw-r--r--	root/root	usr/share/man/man3/CURLOPT_RESUME_FROM_LARGE.3.gz
 -rw-r--r--	root/root	usr/share/man/man3/CURLOPT_RTSP_CLIENT_CSEQ.3.gz
@@ -328,6 +332,7 @@ drwxr-xr-x	root/root	usr/share/man/man3/
 -rw-r--r--	root/root	usr/share/man/man3/CURLOPT_TIMEOUT.3.gz
 -rw-r--r--	root/root	usr/share/man/man3/CURLOPT_TIMEOUT_MS.3.gz
 -rw-r--r--	root/root	usr/share/man/man3/CURLOPT_TIMEVALUE.3.gz
+-rw-r--r--	root/root	usr/share/man/man3/CURLOPT_TIMEVALUE_LARGE.3.gz
 -rw-r--r--	root/root	usr/share/man/man3/CURLOPT_TLSAUTH_PASSWORD.3.gz
 -rw-r--r--	root/root	usr/share/man/man3/CURLOPT_TLSAUTH_TYPE.3.gz
 -rw-r--r--	root/root	usr/share/man/man3/CURLOPT_TLSAUTH_USERNAME.3.gz
@@ -415,6 +420,7 @@ drwxr-xr-x	root/root	usr/share/man/man3/
 -rw-r--r--	root/root	usr/share/man/man3/libcurl-env.3.gz
 -rw-r--r--	root/root	usr/share/man/man3/libcurl-errors.3.gz
 -rw-r--r--	root/root	usr/share/man/man3/libcurl-multi.3.gz
+-rw-r--r--	root/root	usr/share/man/man3/libcurl-security.3.gz
 -rw-r--r--	root/root	usr/share/man/man3/libcurl-share.3.gz
 -rw-r--r--	root/root	usr/share/man/man3/libcurl-symbols.3.gz
 -rw-r--r--	root/root	usr/share/man/man3/libcurl-thread.3.gz
diff --git a/curl/.md5sum b/curl/.md5sum
index bf0ccccb..dff1f0b0 100644
--- a/curl/.md5sum
+++ b/curl/.md5sum
@@ -1 +1 @@
-fcf429f28adddf9295ed0c42e79cb097  curl-7.58.0.tar.xz
+04c00832fa62d443b8745b056464fb30  curl-7.59.0.tar.xz
diff --git a/curl/.signature b/curl/.signature
index 0d94e0a0..65ec88b5 100644
--- a/curl/.signature
+++ b/curl/.signature
@@ -1,5 +1,5 @@
 untrusted comment: verify with /etc/ports/core.pub
-RWRJc1FUaeVeqtovKo/5qhk7EuRCaiglZLDoYG5XmF9StyBRpfHfTzEZTMvO3RFHtE6O5edWQGTL7MK/nc/8Ioe6UlMOkNmlnQ0=
-SHA256 (Pkgfile) = 2fcc7d9aeae8a149d6b9bc1d4db6ea1e257ee8a8d75ef9cae251e8e8fa257f95
-SHA256 (.footprint) = e4dfe8196873c99ef4dd89dfff06f32e09bfbaaef8498b4d609bf4d2d3aa51be
-SHA256 (curl-7.58.0.tar.xz) = 6a813875243609eb75f37fa72044e4ad618b55ec15a4eafdac2df6a7e800e3e3
+RWRJc1FUaeVeqk1W4buE/ntVrifeLbeZ/H6qAUb1ghtF+n71lqA8Oy7DrR1xrCM9GQRcxVxW1G+0db8KTJzgD06p1mmR4x1DWAM=
+SHA256 (Pkgfile) = 3591496e8b682530b56315714ee3c7cae3dfc6dcf3fc72694dbabc8e489a42d2
+SHA256 (.footprint) = 7ba79448c1a11140b642471755499f211f14ee65d40a4f53a2e8e99824a1637a
+SHA256 (curl-7.59.0.tar.xz) = e44eaabdf916407585bf5c7939ff1161e6242b6b015d3f2f5b758b2a330461fc
diff --git a/curl/Pkgfile b/curl/Pkgfile
index f8dde337..b75c7dc2 100644
--- a/curl/Pkgfile
+++ b/curl/Pkgfile
@@ -4,7 +4,7 @@
 # Depends on:  openssl, zlib
 
 name=curl
-version=7.58.0
+version=7.59.0
 release=1
 source=(http://curl.haxx.se/download/$name-$version.tar.xz)
 


More information about the CRUX mailing list