http-parser: update to 2.9.4.20201223
This is a pseudo-version to integrate upstream changes that haven't been given a version number, as well as a patch from nodejs to fix CVE-2020-8287.
This commit is contained in:
parent
4c3e6cc301
commit
bb614559c3
2 changed files with 63 additions and 4 deletions
56
srcpkgs/http-parser/patches/cve_2020_8287.patch
Normal file
56
srcpkgs/http-parser/patches/cve_2020_8287.patch
Normal file
|
@ -0,0 +1,56 @@
|
|||
Upstream: no
|
||||
Patch from NodeJS's vendored version:
|
||||
https://github.com/nodejs/node/commit/fc70ce08f5818a286fb5899a1bc3aff5965a745e
|
||||
|
||||
--- http_parser.c
|
||||
+++ http_parser.c
|
||||
@@ -1344,6 +1344,13 @@ size_t http_parser_execute (http_parser *parser,
|
||||
} else if (parser->index == sizeof(TRANSFER_ENCODING)-2) {
|
||||
parser->header_state = h_transfer_encoding;
|
||||
parser->uses_transfer_encoding = 1;
|
||||
+
|
||||
+ /* Multiple `Transfer-Encoding` headers should be treated as
|
||||
+ * one, but with values separate by a comma.
|
||||
+ *
|
||||
+ * See: https://tools.ietf.org/html/rfc7230#section-3.2.2
|
||||
+ */
|
||||
+ parser->flags &= ~F_CHUNKED;
|
||||
}
|
||||
break;
|
||||
|
||||
--- test.c
|
||||
+++ test.c
|
||||
@@ -2154,6 +2154,32 @@ const struct message responses[] =
|
||||
,.body= "2\r\nOK\r\n0\r\n\r\n"
|
||||
,.num_chunks_complete= 0
|
||||
}
|
||||
+#define HTTP_200_DUPLICATE_TE_NOT_LAST_CHUNKED 30
|
||||
+, {.name= "HTTP 200 response with `chunked` and duplicate Transfer-Encoding"
|
||||
+ ,.type= HTTP_RESPONSE
|
||||
+ ,.raw= "HTTP/1.1 200 OK\r\n"
|
||||
+ "Transfer-Encoding: chunked\r\n"
|
||||
+ "Transfer-Encoding: identity\r\n"
|
||||
+ "\r\n"
|
||||
+ "2\r\n"
|
||||
+ "OK\r\n"
|
||||
+ "0\r\n"
|
||||
+ "\r\n"
|
||||
+ ,.should_keep_alive= FALSE
|
||||
+ ,.message_complete_on_eof= TRUE
|
||||
+ ,.http_major= 1
|
||||
+ ,.http_minor= 1
|
||||
+ ,.status_code= 200
|
||||
+ ,.response_status= "OK"
|
||||
+ ,.content_length= -1
|
||||
+ ,.num_headers= 2
|
||||
+ ,.headers=
|
||||
+ { { "Transfer-Encoding", "chunked" }
|
||||
+ , { "Transfer-Encoding", "identity" }
|
||||
+ }
|
||||
+ ,.body= "2\r\nOK\r\n0\r\n\r\n"
|
||||
+ ,.num_chunks_complete= 0
|
||||
+ }
|
||||
};
|
||||
|
||||
/* strnlen() is a POSIX.2008 addition. Can't rely on it being available so
|
||||
|
|
@ -1,15 +1,18 @@
|
|||
# Template file for 'http-parser'
|
||||
pkgname=http-parser
|
||||
version=2.9.4
|
||||
# 2.9.4, plus upstream commits through ec8b5ee, plus fc70ce0 from nodejs/node
|
||||
version=2.9.4.20201223
|
||||
revision=1
|
||||
_githash=ec8b5ee63f0e51191ea43bb0c6eac7bfbff3141d
|
||||
wrksrc="${pkgname}-${_githash}"
|
||||
build_style=gnu-makefile
|
||||
make_build_target=library
|
||||
short_desc="HTTP request/response parser for c"
|
||||
maintainer="Enno Boland <gottox@voidlinux.org>"
|
||||
license="MIT"
|
||||
homepage="https://github.com/joyent/http-parser"
|
||||
distfiles="${homepage}/archive/v${version}.tar.gz"
|
||||
checksum=467b9e30fd0979ee301065e70f637d525c28193449e1b13fbcb1b1fab3ad224f
|
||||
homepage="https://github.com/nodejs/http-parser"
|
||||
distfiles="${homepage}/archive/${_githash}.tar.gz"
|
||||
checksum=765a21444322ea2476ca1e3cfeb74d280eeb37f4713cf52d2bf398dabf6e4128
|
||||
|
||||
pre_install() {
|
||||
vmkdir usr/lib/pkgconfig
|
||||
|
|
Loading…
Reference in a new issue