libcurl: bump version to 7.54.0 (security)
Security fixes:
- CVE-2017-7468: switch off SSL session id when client cert is used
Full changelog: https://curl.haxx.se/changes.html
Removing 0001-CVE-2017-7407.patch. It's included in this release:
1890d59905
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit is contained in:
parent
da0cc47c6f
commit
034e95e51e
@ -1,61 +0,0 @@
|
||||
From 6019f1795b4e3b72507b84b0e02dc8c32024f562 Mon Sep 17 00:00:00 2001
|
||||
From: Dan Fandrich <dan@coneharvesters.com>
|
||||
Date: Sat, 11 Mar 2017 10:59:34 +0100
|
||||
Subject: [PATCH] CVE-2017-7407: fixed
|
||||
|
||||
Bug: https://curl.haxx.se/docs/adv_20170403.html
|
||||
|
||||
Reported-by: Brian Carpenter
|
||||
[baruch: remove tests]
|
||||
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
|
||||
---
|
||||
Patch status: based on upstream suggested patch[1] that combines commits
|
||||
1890d59905414ab and 8e65877870c1.
|
||||
|
||||
[1] https://curl.haxx.se/CVE-2017-7407.patch
|
||||
|
||||
diff --git a/src/tool_writeout.c b/src/tool_writeout.c
|
||||
index 2fb77742a..5d92bd278 100644
|
||||
--- a/src/tool_writeout.c
|
||||
+++ b/src/tool_writeout.c
|
||||
@@ -3,11 +3,11 @@
|
||||
* Project ___| | | | _ \| |
|
||||
* / __| | | | |_) | |
|
||||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
* are also available at https://curl.haxx.se/docs/copyright.html.
|
||||
*
|
||||
@@ -111,11 +111,11 @@ void ourWriteOut(CURL *curl, struct OutStruct *outs, const char *writeinfo)
|
||||
char *stringp = NULL;
|
||||
long longinfo;
|
||||
double doubleinfo;
|
||||
|
||||
while(ptr && *ptr) {
|
||||
- if('%' == *ptr) {
|
||||
+ if('%' == *ptr && ptr[1]) {
|
||||
if('%' == ptr[1]) {
|
||||
/* an escaped %-letter */
|
||||
fputc('%', stream);
|
||||
ptr += 2;
|
||||
}
|
||||
@@ -339,11 +339,11 @@ void ourWriteOut(CURL *curl, struct OutStruct *outs, const char *writeinfo)
|
||||
fputc(ptr[1], stream);
|
||||
ptr += 2;
|
||||
}
|
||||
}
|
||||
}
|
||||
- else if('\\' == *ptr) {
|
||||
+ else if('\\' == *ptr && ptr[1]) {
|
||||
switch(ptr[1]) {
|
||||
case 'r':
|
||||
fputc('\r', stream);
|
||||
break;
|
||||
case 'n':
|
||||
-- 2.11.0
|
||||
|
@ -1,2 +1,2 @@
|
||||
# Locally calculated after checking pgp signature
|
||||
sha256 1c7207c06d75e9136a944a2e0528337ce76f15b9ec9ae4bb30d703b59bf530e8 curl-7.53.1.tar.bz2
|
||||
sha256 f50ebaf43c507fa7cc32be4b8108fa8bbd0f5022e90794388f3c7694a302ff06 curl-7.54.0.tar.bz2
|
||||
|
@ -4,7 +4,7 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
LIBCURL_VERSION = 7.53.1
|
||||
LIBCURL_VERSION = 7.54.0
|
||||
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2
|
||||
LIBCURL_SITE = https://curl.haxx.se/download
|
||||
LIBCURL_DEPENDENCIES = host-pkgconf \
|
||||
|
Loading…
Reference in New Issue
Block a user