From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [git commit] libcurl: security bump to version 7.38.0
Date: Thu, 11 Sep 2014 22:45:20 +0200 [thread overview]
Message-ID: <20140911204621.F03309D66A@busybox.osuosl.org> (raw)
commit: http://git.buildroot.net/buildroot/commit/?id=9185b64ed5599622cb89ca4ee6ee29440b02ec8a
branch: http://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Fixes:
CVE-2014-3613 cookie leak with IP address as domain
CVE-2014-3620 cookie leak for TLDs
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
...nk-curl-to-NSS-libraries-when-NSS-support.patch | 41 --------------------
package/libcurl/libcurl.mk | 2 +-
2 files changed, 1 insertions(+), 42 deletions(-)
diff --git a/package/libcurl/libcurl-0001-build-link-curl-to-NSS-libraries-when-NSS-support.patch b/package/libcurl/libcurl-0001-build-link-curl-to-NSS-libraries-when-NSS-support.patch
deleted file mode 100644
index a3d579b..0000000
--- a/package/libcurl/libcurl-0001-build-link-curl-to-NSS-libraries-when-NSS-support.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From c6e7cbb94e669b85d3eb8e015ec51d0072112133 Mon Sep 17 00:00:00 2001
-From: Alessandro Ghedini <alessandro@ghedini.me>
-Date: Thu, 17 Jul 2014 14:37:28 +0200
-Subject: [PATCH] build: link curl to NSS libraries when NSS support is enabled
-
-This fixes a build failure on Debian caused by commit
-24c3cdce88f39731506c287cb276e8bf4a1ce393.
-
-Bug: http://curl.haxx.se/mail/lib-2014-07/0209.html
----
-diff --git a/configure.ac b/configure.ac
-index c3cccfb..b78f56d 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -2078,6 +2078,10 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
- if test "x$USE_NSS" = "xyes"; then
- AC_MSG_NOTICE([detected NSS version $version])
-
-+ dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS
-+ NSS_LIBS=$addlib
-+ AC_SUBST([NSS_LIBS])
-+
- dnl when shared libs were found in a path that the run-time
- dnl linker doesn't search through, we need to add it to
- dnl LD_LIBRARY_PATH to prevent further configure tests to fail
-diff --git a/src/Makefile.am b/src/Makefile.am
-index d8c0c7d..f96618e 100644
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -62,7 +62,7 @@ LIBS = $(BLANK_AT_MAKETIME)
- if USE_EXPLICIT_LIB_DEPS
- curl_LDADD = $(top_builddir)/lib/libcurl.la @LIBMETALINK_LIBS@ @LIBCURL_LIBS@
- else
--curl_LDADD = $(top_builddir)/lib/libcurl.la @LIBMETALINK_LIBS@ @ZLIB_LIBS@ @CURL_NETWORK_AND_TIME_LIBS@
-+curl_LDADD = $(top_builddir)/lib/libcurl.la @LIBMETALINK_LIBS@ @NSS_LIBS@ @ZLIB_LIBS@ @CURL_NETWORK_AND_TIME_LIBS@
- endif
-
- curl_LDFLAGS = @LIBMETALINK_LDFLAGS@
---
-1.8.5.5
-
diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index e4ab910..610efc1 100644
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBCURL_VERSION = 7.37.1
+LIBCURL_VERSION = 7.38.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2
LIBCURL_SITE = http://curl.haxx.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
reply other threads:[~2014-09-11 20:45 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140911204621.F03309D66A@busybox.osuosl.org \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.