NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

libcurl: security bump to version 7.55.0

Browse Source 
Fixes:

 glob: do not parse after a strtoul() overflow range (CVE-2017-1000101)
 tftp: reject file name lengths that don't fit (CVE-2017-1000100)
 file: output the correct buffer to the user (CVE-2017-1000099)

Switch to .tar.xz to save bandwidth.

Add reference to tarball signature.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d88c79090a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Baruch Siach 2017-08-10 20:35:45 +03:00 committed by Peter Korsgaard
parent 9c0d97c701
commit 57fa665847
2 changed files with 4 additions and 3 deletions
package/libcurl
libcurl.hashlibcurl.mk

3
package/libcurl/libcurl.hash
View File

@ -1,2 +1,3 @@
# Locally calculated after checking pgp signature
sha256 fdfc4df2d001ee0c44ec071186e770046249263c491fcae48df0e1a3ca8f25a0 curl-7.54.1.tar.bz2
# https://curl.haxx.se/download/curl-7.55.0.tar.xz.asc
sha256 cdd58522f8607fd4e871df79d73acb3155075e2134641e5adab12a0962df059d curl-7.55.0.tar.xz

4
package/libcurl/libcurl.mk
View File

@ -4,8 +4,8 @@
#
################################################################################
LIBCURL_VERSION = 7.54.1
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2
LIBCURL_VERSION = 7.55.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
LIBCURL_SITE = https://curl.haxx.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
$(if $(BR2_PACKAGE_ZLIB),zlib) \