diff options
| author | Sona Sarmadi <sona.sarmadi@enea.com> | 2017-04-21 12:29:17 +0200 |
|---|---|---|
| committer | Adrian Dudau <adrian.dudau@enea.com> | 2017-04-21 13:54:14 +0200 |
| commit | 3fc5d271f554e07c88b1195812e48a0d86291395 (patch) | |
| tree | aa886d608aee07639e7a841d0618ccd0bda97bc7 /meta/recipes-support/curl/curl_7.53.1.bb | |
| parent | 9ee38b3a027470c98f7337dceac67ba06420c075 (diff) | |
| download | poky-3fc5d271f554e07c88b1195812e48a0d86291395.tar.gz | |
curl: Upgrade 7.47.1 -> 7.53.1
Security vulnerabilities fixed between 7.47.1 and 7.53.1 versions:
=================================================================
TLS session resumption client cert bypass (again): CVE-2017-XXXX
--write-out out of buffer read: CVE-2017-7407
SSL_VERIFYSTATUS ignored: CVE-2017-2629
uninitialized random: CVE-2016-9594
printf floating point buffer overflow: CVE-2016-9586
Win CE schannel cert wildcard matches too much: CVE-2016-9952
Win CE schannel cert name out of buffer read: CVE-2016-9953
cookie injection for other servers: CVE-2016-8615
case insensitive password comparison: CVE-2016-8616
OOB write via unchecked multiplication: CVE-2016-8617
double-free in curl_maprintf: CVE-2016-8618
double-free in krb5 code: CVE-2016-8619
glob parser write/read out of bounds: CVE-2016-8620
curl_getdate read out of bounds: CVE-2016-8621
URL unescape heap overflow via integer truncation: CVE-2016-8622
Use-after-free via shared cookies: CVE-2016-8623
invalid URL parsing with '#': CVE-2016-8624
IDNA 2003 makes curl use wrong host: CVE-2016-8625
curl escape and unescape integer overflows: CVE-2016-7167
Incorrect reuse of client certificates: CVE-2016-7141
TLS session resumption client cert bypass: CVE-2016-5419
Re-using connections with wrong client cert: CVE-2016-5420
use of connection struct after free: CVE-2016-5421
Windows DLL hijacking: CVE-2016-4802
TLS certificate check bypass with mbedTLS/PolarSSL: CVE-2016-3739
Reference:
https://curl.haxx.se/docs/security.html
https://curl.haxx.se/changes.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Diffstat (limited to 'meta/recipes-support/curl/curl_7.53.1.bb')
| -rw-r--r-- | meta/recipes-support/curl/curl_7.53.1.bb | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl_7.53.1.bb b/meta/recipes-support/curl/curl_7.53.1.bb new file mode 100644 index 0000000000..9eb9720b6d --- /dev/null +++ b/meta/recipes-support/curl/curl_7.53.1.bb | |||
| @@ -0,0 +1,68 @@ | |||
| 1 | SUMMARY = "Command line tool and library for client-side URL transfers" | ||
| 2 | HOMEPAGE = "http://curl.haxx.se/" | ||
| 3 | BUGTRACKER = "http://curl.haxx.se/mail/list.cgi?list=curl-tracker" | ||
| 4 | SECTION = "console/network" | ||
| 5 | LICENSE = "MIT" | ||
| 6 | LIC_FILES_CHKSUM = "file://COPYING;beginline=8;md5=3a34942f4ae3fbf1a303160714e664ac" | ||
| 7 | |||
| 8 | SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2" | ||
| 9 | |||
| 10 | # curl likes to set -g0 in CFLAGS, so we stop it | ||
| 11 | # from mucking around with debug options | ||
| 12 | # | ||
| 13 | SRC_URI += " file://configure_ac.patch" | ||
| 14 | |||
| 15 | SRC_URI[md5sum] = "fb1f03a142236840c1a77c035fa4c542" | ||
| 16 | SRC_URI[sha256sum] = "1c7207c06d75e9136a944a2e0528337ce76f15b9ec9ae4bb30d703b59bf530e8" | ||
| 17 | |||
| 18 | inherit autotools pkgconfig binconfig multilib_header | ||
| 19 | |||
| 20 | PACKAGECONFIG ??= "${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)} gnutls proxy zlib" | ||
| 21 | PACKAGECONFIG_class-native = "ipv6 proxy ssl zlib" | ||
| 22 | PACKAGECONFIG_class-nativesdk = "ipv6 proxy ssl zlib" | ||
| 23 | |||
| 24 | PACKAGECONFIG[dict] = "--enable-dict,--disable-dict," | ||
| 25 | PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls" | ||
| 26 | PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher," | ||
| 27 | PACKAGECONFIG[imap] = "--enable-imap,--disable-imap," | ||
| 28 | PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," | ||
| 29 | PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap," | ||
| 30 | PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps," | ||
| 31 | PACKAGECONFIG[libidn] = "--with-libidn,--without-libidn,libidn" | ||
| 32 | PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2" | ||
| 33 | PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3," | ||
| 34 | PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy," | ||
| 35 | PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump" | ||
| 36 | PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp," | ||
| 37 | PACKAGECONFIG[smb] = "--enable-smb,--disable-smb," | ||
| 38 | PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp," | ||
| 39 | PACKAGECONFIG[ssl] = "--with-ssl --with-random=/dev/urandom,--without-ssl,openssl" | ||
| 40 | PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet," | ||
| 41 | PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp," | ||
| 42 | PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib" | ||
| 43 | |||
| 44 | EXTRA_OECONF = " \ | ||
| 45 | --enable-crypto-auth \ | ||
| 46 | --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \ | ||
| 47 | --without-libmetalink \ | ||
| 48 | --without-libpsl \ | ||
| 49 | --without-nghttp2 \ | ||
| 50 | " | ||
| 51 | |||
| 52 | do_install_append() { | ||
| 53 | oe_multilib_header curl/curlbuild.h | ||
| 54 | } | ||
| 55 | |||
| 56 | do_install_append_class-target() { | ||
| 57 | # cleanup buildpaths from curl-config | ||
| 58 | sed -i -e 's,${STAGING_DIR_HOST},,g' ${D}${bindir}/curl-config | ||
| 59 | } | ||
| 60 | |||
| 61 | PACKAGES =+ "lib${BPN}" | ||
| 62 | |||
| 63 | FILES_lib${BPN} = "${libdir}/lib*.so.*" | ||
| 64 | RRECOMMENDS_lib${BPN} += "ca-certificates" | ||
| 65 | |||
| 66 | FILES_${PN} += "${datadir}/zsh" | ||
| 67 | |||
| 68 | BBCLASSEXTEND = "native nativesdk" | ||