* [Buildroot] [git commit] libcurl: security bump to version 7.38.0
@ 2014-09-11 20:45 Peter Korsgaard
0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2014-09-11 20:45 UTC (permalink / raw)
To: buildroot
commit: http://git.buildroot.net/buildroot/commit/?id=9185b64ed5599622cb89ca4ee6ee29440b02ec8a
branch: http://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Fixes:
CVE-2014-3613 cookie leak with IP address as domain
CVE-2014-3620 cookie leak for TLDs
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
...nk-curl-to-NSS-libraries-when-NSS-support.patch | 41 --------------------
package/libcurl/libcurl.mk | 2 +-
2 files changed, 1 insertions(+), 42 deletions(-)
diff --git a/package/libcurl/libcurl-0001-build-link-curl-to-NSS-libraries-when-NSS-support.patch b/package/libcurl/libcurl-0001-build-link-curl-to-NSS-libraries-when-NSS-support.patch
deleted file mode 100644
index a3d579b..0000000
--- a/package/libcurl/libcurl-0001-build-link-curl-to-NSS-libraries-when-NSS-support.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From c6e7cbb94e669b85d3eb8e015ec51d0072112133 Mon Sep 17 00:00:00 2001
-From: Alessandro Ghedini <alessandro@ghedini.me>
-Date: Thu, 17 Jul 2014 14:37:28 +0200
-Subject: [PATCH] build: link curl to NSS libraries when NSS support is enabled
-
-This fixes a build failure on Debian caused by commit
-24c3cdce88f39731506c287cb276e8bf4a1ce393.
-
-Bug: http://curl.haxx.se/mail/lib-2014-07/0209.html
----
-diff --git a/configure.ac b/configure.ac
-index c3cccfb..b78f56d 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -2078,6 +2078,10 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
- if test "x$USE_NSS" = "xyes"; then
- AC_MSG_NOTICE([detected NSS version $version])
-
-+ dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS
-+ NSS_LIBS=$addlib
-+ AC_SUBST([NSS_LIBS])
-+
- dnl when shared libs were found in a path that the run-time
- dnl linker doesn't search through, we need to add it to
- dnl LD_LIBRARY_PATH to prevent further configure tests to fail
-diff --git a/src/Makefile.am b/src/Makefile.am
-index d8c0c7d..f96618e 100644
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -62,7 +62,7 @@ LIBS = $(BLANK_AT_MAKETIME)
- if USE_EXPLICIT_LIB_DEPS
- curl_LDADD = $(top_builddir)/lib/libcurl.la @LIBMETALINK_LIBS@ @LIBCURL_LIBS@
- else
--curl_LDADD = $(top_builddir)/lib/libcurl.la @LIBMETALINK_LIBS@ @ZLIB_LIBS@ @CURL_NETWORK_AND_TIME_LIBS@
-+curl_LDADD = $(top_builddir)/lib/libcurl.la @LIBMETALINK_LIBS@ @NSS_LIBS@ @ZLIB_LIBS@ @CURL_NETWORK_AND_TIME_LIBS@
- endif
-
- curl_LDFLAGS = @LIBMETALINK_LDFLAGS@
---
-1.8.5.5
-
diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index e4ab910..610efc1 100644
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBCURL_VERSION = 7.37.1
+LIBCURL_VERSION = 7.38.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2
LIBCURL_SITE = http://curl.haxx.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2014-09-11 20:45 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-09-11 20:45 [Buildroot] [git commit] libcurl: security bump to version 7.38.0 Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.