http-parser: update to 2.9.4.20201223
This is a pseudo-version to integrate upstream changes that haven't been given a version number, as well as a patch from nodejs to fix CVE-2020-8287.
This commit is contained in:
Morgan Thomas
Érico Nogueira Rolim
parent
4c3e6cc301
commit
bb614559c3
2 changed files with 63 additions and 4 deletions
56
srcpkgs/http-parser/patches/cve_2020_8287.patch
Normal file
56
srcpkgs/http-parser/patches/cve_2020_8287.patch
Normal file
|
|
@ -0,0 +1,56 @@
|
||||||
|
Upstream: no
|
||||||
|
Patch from NodeJS's vendored version:
|
||||||
|
https://github.com/nodejs/node/commit/fc70ce08f5818a286fb5899a1bc3aff5965a745e
|
||||||
|
|
||||||
|
--- http_parser.c
|
||||||
|
+++ http_parser.c
|
||||||
|
@@ -1344,6 +1344,13 @@ size_t http_parser_execute (http_parser *parser,
|
||||||
|
} else if (parser->index == sizeof(TRANSFER_ENCODING)-2) {
|
||||||
|
parser->header_state = h_transfer_encoding;
|
||||||
|
parser->uses_transfer_encoding = 1;
|
||||||
|
+
|
||||||
|
+ /* Multiple `Transfer-Encoding` headers should be treated as
|
||||||
|
+ * one, but with values separate by a comma.
|
||||||
|
+ *
|
||||||
|
+ * See: https://tools.ietf.org/html/rfc7230#section-3.2.2
|
||||||
|
+ */
|
||||||
|
+ parser->flags &= ~F_CHUNKED;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
--- test.c
|
||||||
|
+++ test.c
|
||||||
|
@@ -2154,6 +2154,32 @@ const struct message responses[] =
|
||||||
|
,.body= "2\r\nOK\r\n0\r\n\r\n"
|
||||||
|
,.num_chunks_complete= 0
|
||||||
|
}
|
||||||
|
+#define HTTP_200_DUPLICATE_TE_NOT_LAST_CHUNKED 30
|
||||||
|
+, {.name= "HTTP 200 response with `chunked` and duplicate Transfer-Encoding"
|
||||||
|
+ ,.type= HTTP_RESPONSE
|
||||||
|
+ ,.raw= "HTTP/1.1 200 OK\r\n"
|
||||||
|
+ "Transfer-Encoding: chunked\r\n"
|
||||||
|
+ "Transfer-Encoding: identity\r\n"
|
||||||
|
+ "\r\n"
|
||||||
|
+ "2\r\n"
|
||||||
|
+ "OK\r\n"
|
||||||
|
+ "0\r\n"
|
||||||
|
+ "\r\n"
|
||||||
|
+ ,.should_keep_alive= FALSE
|
||||||
|
+ ,.message_complete_on_eof= TRUE
|
||||||
|
+ ,.http_major= 1
|
||||||
|
+ ,.http_minor= 1
|
||||||
|
+ ,.status_code= 200
|
||||||
|
+ ,.response_status= "OK"
|
||||||
|
+ ,.content_length= -1
|
||||||
|
+ ,.num_headers= 2
|
||||||
|
+ ,.headers=
|
||||||
|
+ { { "Transfer-Encoding", "chunked" }
|
||||||
|
+ , { "Transfer-Encoding", "identity" }
|
||||||
|
+ }
|
||||||
|
+ ,.body= "2\r\nOK\r\n0\r\n\r\n"
|
||||||
|
+ ,.num_chunks_complete= 0
|
||||||
|
+ }
|
||||||
|
};
|
||||||
|
|
||||||
|
/* strnlen() is a POSIX.2008 addition. Can't rely on it being available so
|
||||||
|
|
||||||
|
|
@ -1,15 +1,18 @@
|
||||||
# Template file for 'http-parser'
|
# Template file for 'http-parser'
|
||||||
pkgname=http-parser
|
pkgname=http-parser
|
||||||
version=2.9.4
|
# 2.9.4, plus upstream commits through ec8b5ee, plus fc70ce0 from nodejs/node
|
||||||
|
version=2.9.4.20201223
|
||||||
revision=1
|
revision=1
|
||||||
|
_githash=ec8b5ee63f0e51191ea43bb0c6eac7bfbff3141d
|
||||||
|
wrksrc="${pkgname}-${_githash}"
|
||||||
build_style=gnu-makefile
|
build_style=gnu-makefile
|
||||||
make_build_target=library
|
make_build_target=library
|
||||||
short_desc="HTTP request/response parser for c"
|
short_desc="HTTP request/response parser for c"
|
||||||
maintainer="Enno Boland <gottox@voidlinux.org>"
|
maintainer="Enno Boland <gottox@voidlinux.org>"
|
||||||
license="MIT"
|
license="MIT"
|
||||||
homepage="https://github.com/joyent/http-parser"
|
homepage="https://github.com/nodejs/http-parser"
|
||||||
distfiles="${homepage}/archive/v${version}.tar.gz"
|
distfiles="${homepage}/archive/${_githash}.tar.gz"
|
||||||
checksum=467b9e30fd0979ee301065e70f637d525c28193449e1b13fbcb1b1fab3ad224f
|
checksum=765a21444322ea2476ca1e3cfeb74d280eeb37f4713cf52d2bf398dabf6e4128
|
||||||
|
|
||||||
pre_install() {
|
pre_install() {
|
||||||
vmkdir usr/lib/pkgconfig
|
vmkdir usr/lib/pkgconfig
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue