diff options
author | Hauke Mehrtens <hauke@hauke-m.de> | 2015-07-03 23:21:01 +0000 |
---|---|---|
committer | Hauke Mehrtens <hauke@hauke-m.de> | 2015-07-03 23:21:01 +0000 |
commit | 97b14fd70037aa1d10bbd0b2ed67efd82e160c56 (patch) | |
tree | 68db5d8a98993614e1b6ee5c853c624fd330db09 | |
parent | 69a2459c668e9ddf129bbff94633a621e21aeca8 (diff) | |
download | upstream-97b14fd70037aa1d10bbd0b2ed67efd82e160c56.tar.gz upstream-97b14fd70037aa1d10bbd0b2ed67efd82e160c56.tar.bz2 upstream-97b14fd70037aa1d10bbd0b2ed67efd82e160c56.zip |
curl: update curl to version 7.43.0
This brings curl to version 7.43.0 and contains fixes for the following
security vulnerabilities:
CVE-2015-3236: lingering HTTP credentials in connection re-use
http://curl.haxx.se/docs/adv_20150617A.html
CVE-2015-3237: SMB send off unrelated memory contents
http://curl.haxx.se/docs/adv_20150617B.html
The 100-check_long_long patch is not needed any more, because the
upstream autoconf script already checks for long long when cyassl is
selected.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 46169
5 files changed, 13 insertions, 23 deletions
diff --git a/package/network/utils/curl/Makefile b/package/network/utils/curl/Makefile index 7f6d35575a..82574cd396 100644 --- a/package/network/utils/curl/Makefile +++ b/package/network/utils/curl/Makefile @@ -8,8 +8,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=curl -PKG_VERSION:=7.40.0 -PKG_RELEASE:=3 +PKG_VERSION:=7.43.0 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=http://curl.haxx.se/download/ \ @@ -18,7 +18,7 @@ PKG_SOURCE_URL:=http://curl.haxx.se/download/ \ ftp://ftp.planetmirror.com/pub/curl/ \ http://www.mirrormonster.com/curl/download/ \ http://curl.mirrors.cyberservers.net/download/ -PKG_MD5SUM:=8d30594212e65657a5c32030f0998fa9 +PKG_MD5SUM:=11bddbb452a8b766b932f859aaeeed39 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=COPYING diff --git a/package/network/utils/curl/patches/100-check_long_long.patch b/package/network/utils/curl/patches/100-check_long_long.patch deleted file mode 100644 index 2dd8cc72d8..0000000000 --- a/package/network/utils/curl/patches/100-check_long_long.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- a/configure.ac -+++ b/configure.ac -@@ -2885,6 +2885,7 @@ CURL_VERIFY_RUNTIMELIBS - - AC_CHECK_SIZEOF(size_t) - AC_CHECK_SIZEOF(long) -+AC_CHECK_SIZEOF(long long) - AC_CHECK_SIZEOF(int) - AC_CHECK_SIZEOF(short) - CURL_CONFIGURE_LONG diff --git a/package/network/utils/curl/patches/200-no_docs_tests.patch b/package/network/utils/curl/patches/200-no_docs_tests.patch index 6a1fdf5b6b..2845577f1c 100644 --- a/package/network/utils/curl/patches/200-no_docs_tests.patch +++ b/package/network/utils/curl/patches/200-no_docs_tests.patch @@ -1,6 +1,6 @@ --- a/Makefile.am +++ b/Makefile.am -@@ -129,7 +129,7 @@ CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP) $(VC7_LIBVCPROJ) $(VC7_SRCVCPROJ) \ +@@ -129,7 +129,7 @@ CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP) bin_SCRIPTS = curl-config SUBDIRS = lib src include @@ -11,7 +11,7 @@ pkgconfig_DATA = libcurl.pc --- a/Makefile.in +++ b/Makefile.in -@@ -577,7 +577,7 @@ CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP) $(VC7_LIBVCPROJ) $(VC7_SRCVCPROJ) \ +@@ -577,7 +577,7 @@ CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP) bin_SCRIPTS = curl-config SUBDIRS = lib src include diff --git a/package/network/utils/curl/patches/300-fix-disable-crypto-auth.patch b/package/network/utils/curl/patches/300-fix-disable-crypto-auth.patch index 3f88861e54..1cdb8200e1 100644 --- a/package/network/utils/curl/patches/300-fix-disable-crypto-auth.patch +++ b/package/network/utils/curl/patches/300-fix-disable-crypto-auth.patch @@ -1,6 +1,6 @@ --- a/lib/curl_ntlm_msgs.c +++ b/lib/curl_ntlm_msgs.c -@@ -571,7 +571,7 @@ CURLcode Curl_sasl_create_ntlm_type3_mes +@@ -569,7 +569,7 @@ CURLcode Curl_sasl_create_ntlm_type3_mes else #endif @@ -11,9 +11,9 @@ unsigned char ntbuffer[0x18]; --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c -@@ -835,9 +835,9 @@ void Curl_ssl_md5sum(unsigned char *tmp, - unsigned char *md5sum, /* output */ - size_t md5len) +@@ -852,9 +852,9 @@ CURLcode Curl_ssl_md5sum(unsigned char * + unsigned char *md5sum, /* output */ + size_t md5len) { -#ifdef curlssl_md5sum +#if defined(curlssl_md5sum) diff --git a/package/network/utils/curl/patches/310-polarssl-disable-runtime-version-check.patch b/package/network/utils/curl/patches/310-polarssl-disable-runtime-version-check.patch index d008227509..1b5b63aa69 100644 --- a/package/network/utils/curl/patches/310-polarssl-disable-runtime-version-check.patch +++ b/package/network/utils/curl/patches/310-polarssl-disable-runtime-version-check.patch @@ -1,11 +1,11 @@ --- a/lib/vtls/polarssl.c +++ b/lib/vtls/polarssl.c -@@ -591,7 +591,7 @@ void Curl_polarssl_session_free(void *pt +@@ -592,7 +592,7 @@ void Curl_polarssl_session_free(void *pt size_t Curl_polarssl_version(char *buffer, size_t size) { - unsigned int version = version_get_number(); + unsigned int version = POLARSSL_VERSION_NUMBER; - return snprintf(buffer, size, "PolarSSL/%d.%d.%d", version>>24, - (version>>16)&0xff, (version>>8)&0xff); - } + return snprintf(buffer, size, "%s/%d.%d.%d", + version >= 0x01030A00?"mbedTLS":"PolarSSL", + version>>24, (version>>16)&0xff, (version>>8)&0xff); |