NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

libcurl: security bump to version 7.39.0

Browse Source 
Fixes:
CVE-2014-3707 - libcurl's function curl_easy_duphandle() has a bug that
can lead to libcurl eventually sending off sensitive data that was not
intended for sending.

Removed patch that was upstream and now in the release.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Gustavo Zacarias 2014-11-05 11:31:32 -03:00 committed by Peter Korsgaard
parent 395c88051e
commit c30e017a1a
3 changed files with 2 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
package/libcurl/libcurl-0001-fixtimeout.patch
View File

@ -1,37 +0,0 @@
This fixes a timeout problem with xbmc.
Backported from upstream:
https://github.com/bagder/curl/commit/d9762a7cdb35e70f8cb0bf1c2f8019e8391616e1
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
From d9762a7cdb35e70f8cb0bf1c2f8019e8391616e1 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 23 Sep 2014 11:44:03 +0200
Subject: [PATCH] threaded-resolver: revert Curl_expire_latest() switch
The switch to using Curl_expire_latest() in commit cacdc27f52b was a
mistake and was against the advice even mentioned in that commit. The
comparison in asyn-thread.c:Curl_resolver_is_resolved() makes
Curl_expire() the suitable function to use.
Bug: http://curl.haxx.se/bug/view.cgi?id=1426
Reported-By: graysky
---
lib/asyn-thread.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/asyn-thread.c b/lib/asyn-thread.c
index e4ad32b..6cdc9ad 100644
--- a/lib/asyn-thread.c
+++ b/lib/asyn-thread.c
@@ -541,7 +541,7 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
td->poll_interval = 250;
td->interval_end = elapsed + td->poll_interval;
- Curl_expire_latest(conn->data, td->poll_interval);
+ Curl_expire(conn->data, td->poll_interval);
}
return CURLE_OK;

2
package/libcurl/libcurl.hash
View File

@ -1,2 +1,2 @@
# Locally calculated after checking pgp signature
sha256 035bd41e99aa1a4e64713f4cea5ccdf366ca8199e9be1b53d5a043d5165f9eba curl-7.38.0.tar.bz2
sha256 b222566e7087cd9701b301dd6634b360ae118cc1cbc7697e534dc451102ea4e0 curl-7.39.0.tar.bz2

2
package/libcurl/libcurl.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
LIBCURL_VERSION = 7.38.0
LIBCURL_VERSION = 7.39.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2
LIBCURL_SITE = http://curl.haxx.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \