Commit Graph

59 Commits

Author SHA1 Message Date
Vicente Olivert Riera
fc91ffa2f9 libcurl: bump to version 7.43.0
- Bump to version 7.43.0
- Update hash file

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-06-18 22:41:32 +02:00
John Keeping
ff05e241f8 libcurl: use c-ares if available
By default libcurl uses the C library's DNS resolver which is
synchronous, even if an application is using libcurl's non-blocking mode
of operation.

Configure libcurl to use c-ares if it is selected so that it can resolve
addresses asynchronously if required.

[Peter: explicitly disable c-ares support if not enabled]
Signed-off-by: John Keeping <john@keeping.me.uk>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-05-03 19:25:24 +02:00
Gustavo Zacarias
62592bb660 libcurl: security bump to version 7.42.1
Fixes:
CVE-2013-3153 - sensitive HTTP server headers also sent to proxies.

And drop upstream patches.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-04-29 23:27:02 +02:00
Gustavo Zacarias
63b1fa81ec libcurl: disable curldebug
curldebug is a more advanced form of debugging for curl which audits
source code with the checksource.pl tool, and treats warnings as errors.
Normally users won't want/need this so disable it since it leads to
failed builds when debug info is enabled (which is what people normally
want).
When buildroot does --enable-debug curl inherently enables curldebug too.

Solves bug #8041.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-04-23 22:59:05 +02:00
Gustavo Zacarias
4c8e679681 libcurl: security bump to version 7.42.0
Fixes:
CVE-2015-3144 - host name out of boundary memory access
CVE-2015-3145 - cookie parser out of boundary memory access
CVE-2015-3148 - Negotiate not treated as connection-oriented
CVE-2015-3143 - Re-using authenticated connection when unauthenticated

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-04-23 09:45:03 +02:00
Gustavo Zacarias
1f556833c3 libcurl: bump to version 7.41.0
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-25 17:25:54 +01:00
Gustavo Zacarias
4073d1515f libcurl: drop curl* aliases
They're unused hence not useful.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-01-12 12:31:55 +01:00
Gustavo Zacarias
d71a51d0e5 libcurl: security bump to version 7.40.0
Fixes:
CVE-2014-8150 - When libcurl sends a request to a server via a HTTP
proxy, it copies the entire URL into the request and sends if off.
If the given URL contains line feeds and carriage returns those will be
sent along to the proxy too, which allows the program to for example
send a separate HTTP request injected embedded in the URL.

CVE-2014-8151 - libcurl stores TLS Session IDs in its associated Session
ID cache when it connects to TLS servers. In subsequent connects it
re-uses the entry in the cache to resume the TLS connection faster than
when doing a full TLS handshake. The actual implementation for the
Session ID caching varies depending on the underlying TLS backend.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-01-08 19:19:15 +01:00
Gustavo Zacarias
c30e017a1a libcurl: security bump to version 7.39.0
Fixes:
CVE-2014-3707 - libcurl's function curl_easy_duphandle() has a bug that
can lead to libcurl eventually sending off sensitive data that was not
intended for sending.

Removed patch that was upstream and now in the release.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-11-06 09:09:20 +01:00
Gustavo Zacarias
dbf74f631d libcurl: add hash file
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-19 17:35:17 +02:00
Thomas De Schampheleire
aaffd209fa packages: rename FOO_CONF_OPT into FOO_CONF_OPTS
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.

Sed command used:
   find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-04 18:54:16 +02:00
Bernd Kuhls
e15cb988e7 package/libcurl: Backport patch to fix xbmc-related timeout bug
For details see
82d923895a (commitcomment-7952726)

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-09-28 21:54:48 +02:00
Bernd Kuhls
48849055b9 package/libcurl: Remove autoreconf
When libcurl-0001-build-link-curl-to-NSS-libraries-when-NSS-support.patch
was removed the corresponding autoreconf was left behind:
http://git.buildroot.net/buildroot/commit/?id=9185b64ed5599622cb89ca4ee6ee29440b02ec8a

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-09-28 21:53:39 +02:00
Gustavo Zacarias
9185b64ed5 libcurl: security bump to version 7.38.0
Fixes:
CVE-2014-3613 cookie leak with IP address as domain
CVE-2014-3620 cookie leak for TLDs

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-09-11 22:45:20 +02:00
Gustavo Zacarias
c8da1bce78 libcurl: fix nss related build failure
Patch is a reduced set from upstream (removed RELEASE-NOTES chunk or it
doesn't apply, cosmetic only). Fixes:
http://autobuild.buildroot.net/results/d0b/d0bf614006e7c7de749dcea7abd584f0aa142418/

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-07-21 21:51:53 +02:00
Gustavo Zacarias
57c303f624 libcurl: bump to version 7.37.1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-07-18 19:51:27 +02:00
Gustavo Zacarias
3ea2555944 libcurl: bump to version 7.37.0
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-05-23 22:07:13 +02:00
Gustavo Zacarias
f475b9fc8e libcurl: drop polarssl support
As of curl 7.36.0 it doesn't support polarssl < 1.3 any longer. Fixes:
http://autobuild.buildroot.net/results/d82/d82c3618e9dde3da7e36ba2b58545a9a8de5e442/

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-04-15 21:54:47 +02:00
Gustavo Zacarias
71878d2972 libcurl: security bump to version 7.36.0
Fixes CVE-2014-0005, CVE-2014-0319, CVE-2014-1263 and CVE-2014-2522.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-04-01 14:45:20 +02:00
Gustavo Zacarias
8abdd5fa3e libcurl: security bump to version 7.35.0
Fixes CVE-2014-0015.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-01-29 21:44:00 +01:00
Maxime Hadjinlian
f873de877d libcurl: Add rtmp support
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Bernd Kuhls <berndkuhls@hotmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-01-26 21:24:19 +01:00
Thomas De Schampheleire
35eaed8d07 Config.in files: use if/endif instead of 'depends on' for main symbol
In the Config.in file of package foo, it often happens that there are other
symbols besides BR2_PACKAGE_FOO. Typically, these symbols only make sense
when foo itself is enabled. There are two ways to express this: with
    depends on BR2_PACKAGE_FOO
in each extra symbol, or with
    if BR2_PACKAGE_FOO
        ...
    endif
around the entire set of extra symbols.

The if/endif approach avoids the repetition of 'depends on' statements on
multiple symbols, so this is clearly preferred. But even when there is only
one extra symbol, if/endif is a more logical choice:
- it is future-proof for when extra symbols are added
- it allows to have just one strategy instead of two (less confusion)

This patch modifies the Config.in files accordingly.

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2013-12-25 12:21:39 +01:00
Gustavo Zacarias
cbb6cdc69c libcurl: security bump to version 7.34.0
Fixes CVE-2013-4545.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-12-19 23:17:25 +01:00
Gustavo Zacarias
fba3da5638 libcurl: bump to version 7.33.0
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-12-02 08:42:38 +01:00
Gustavo Zacarias
6b8aa11205 libcurl: add security patch for CVE-2013-4545
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-11-18 13:42:42 +01:00
Gustavo Zacarias
62ebea18be curl: fix homepage
cURL's homepage is curl.haxx.se and not curl.haxx.nu

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-11-06 11:59:46 +01:00
Ryan Barnett
d45db95633 libcurl: add support for compiling with libssh2
Adding configuration options that if libssh2 is selected, compile libcurl
with --with-ssh config flag.

Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-09-08 21:53:11 +02:00
Gustavo Zacarias
9834bf533e libcurl: extend package support
Add support for gnutls, nss and polarssl backends.
Add support for libidn and zlib.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-09-04 23:50:08 +02:00
Ryan Barnett
9093cc451c libcurl: up revision to 7.32.0
Updating revision of libcurl to version 7.32.0

Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-09-02 21:42:41 +02:00
Gustavo Zacarias
6772d5f2f5 curl: add security patch for CVE-2013-2174
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-25 09:47:28 +02:00
Alexandre Belloni
8dfd59d114 Normalize separator size to 80
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-06 22:30:24 +02:00
Gustavo Zacarias
0a442d05cf libcurl: add security patch for CVE-2013-1944
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-05-11 21:26:42 +02:00
Shawn J. Goff
4f3c8cf94b libcurl: specify capath
Since openssl's path is '/etc/ssl/' (specified in our openssl package),
we should also make sure that's what curl is using.

Previously, it's hasn't been specified, which means it changes depending
on the host system where it's compiled.

Signed-off-by: Shawn J. Goff <shawn7400@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-04-21 23:15:08 +02:00
Gustavo Zacarias
f167245f60 libcurl: add SASL security patch
Fixes CVE-2013-0249, see http://curl.haxx.se/docs/adv_20130206.html

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-02-18 13:47:52 +01:00
Thomas Petazzoni
e32c29a098 libcurl: re-enable on non-MMU platforms
In 9229b82d63 ('libcurl: needs MMU'),
the libcurl package was disabled on non-MMU systems, due to the usage
of the fork() function in the library.

However, a deeper inspection reveals that fork() is only used in the
implementation of NTLM, an obscure, undocumented, Microsoft specific
authentication method that apparently isn't common anymore. See
http://curl.haxx.se/docs/manpage.html#--ntlm.

Therefore, this commit re-enables libcurl on non-MMU systems by
explicitly disabling the NTLM support. If someone ever needs NTLM
support in Buildroot's libcurl package, it will always be time to add
a libcurl sub-option to enable it.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-02-17 23:02:01 +01:00
Thomas Petazzoni
a5ce857674 package: use <pkg>_CONFIG_SCRIPTS wherever possible
Use the <pkg>_CONFIG_SCRIPTS mechanism in all packages for which it
does all what the package was doing. A few packages, like libxslt, are
for now left out, since they need some additional fixup (for example a
fixup of includedir).

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-02-08 22:34:26 +01:00
Maxime Ripard
9229b82d63 libcurl: needs MMU
Fixes
http://autobuild.buildroot.org/results/5a502f16ad94a410ca21c9a7f223d6c12086bbb5/build-end.log

Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-12-19 09:52:06 +01:00
Gustavo Zacarias
c0170428f9 libcurl: bump to version 7.28.1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-12-05 00:40:33 -08:00
Yann E. MORIN
61d322c3d2 package/cURL: fix static link whith openSSL
When openSSL is selected, cURL is configured to use it.

But in this case, the libcurl.pc file /forgets/ to require link
against -ldl.

This can happen, for example, when BR2_PREFER_STATIC_LIB is not set,
but an executable wants to be linked statically (for various reasons
which are irrelevant here).

Fix that by appending a 'Requires: openssl' line to libcurl.pc.in,
but only if openSSL is enabled.

As suggested by Arnout, do it in a post-patch hook, rather as a
post-install hook.

Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-12-02 23:21:00 -08:00
Gustavo Zacarias
2737d9edf8 libcurl: bump to version 7.27.0
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-10-09 14:43:16 +02:00
Danomi Manchego
a393477289 libcurl: add license info
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-08-15 12:03:12 +02:00
Arnout Vandecappelle (Essensium/Mind)
e1502ebc0c all packages: rename XXXTARGETS to xxx-package
Also remove the redundant $(call ...).

This is a purely mechanical change, performed with
find package linux toolchain boot -name \*.mk | \
  xargs sed -i -e 's/$(eval $(call GENTARGETS))/$(eval $(generic-package))/' \
               -e 's/$(eval $(call AUTOTARGETS))/$(eval $(autotools-package))/' \
               -e 's/$(eval $(call CMAKETARGETS))/$(eval $(cmake-package))/'

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-07-17 20:23:05 +02:00
Thomas Petazzoni
f83cd59890 libcurl: fix up prefix in curl-config
While most packages that rely on libcurl use pkg-config, a few
packages (such as libxmlrpc) still use curl-config. So we need to fix
up the prefix locations in the curl-config script installed in
STAGING_DIR.

[Peter: only fixup if prefix=/usr]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-06-11 22:35:45 +02:00
Gustavo Zacarias
357322934d libcurl: bump to version 7.25.0
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-05-18 22:26:37 +02:00
Gustavo Zacarias
d88a3cc40d libcurl: security bump to version 7.24.0
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-03-11 23:00:50 +01:00
Thomas Petazzoni
300f9c9c9d package: remove useless arguments from AUTOTARGETS
Thanks to the pkgparentdir and pkgname functions, we can rewrite the
AUTOTARGETS macro in a way that avoids the need for each package to
repeat its name and the directory in which it is present.

[Peter: pkgdir->pkgparentdir]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-09-29 23:12:27 +02:00
Gustavo Zacarias
d1a7e85170 libcurl: bump to version 7.21.7
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-09-11 22:04:22 +02:00
Gustavo Zacarias
1d6b9bcf9e libcurl: security bump to 7.21.2
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-11-19 15:46:06 +01:00
Thomas Petazzoni
fa6c7989ac libcurl: convert old-style hook to new-style
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-09-12 19:25:00 +02:00
Thomas Petazzoni
28ac3c6785 libcurl: bump version to fix build issue
The ./configure script of libcurl includes <arpa_inet.h> instead of
<arpa/inet.h> when testing for inet_pton(). The test fails, but it
doesn't prevent libcurl to build as it can work without inet_pton().

However, it fills the configure cache with the fact that inet_pton()
does not exist. And later, tcpreplay reads this from the configure
cache and fails to build, because tcpreplay really need inet_pton().

Unfortunately, just fixing the .m4 file doesn't work because the
autoreconfiguration of the package fails. Since the fix for this
problem is already upstream, the easiest solution is therefore to bump
libcurl.

The libcurl-7.19.2-fix-ssl-no-verbose.patch patch is no longer needed.

Since we're patching a m4 file, we must autoreconfigure the package.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-07-29 22:18:58 +02:00