diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2017-04-21 12:29:17 +0200 |
---|---|---|
committer | Adrian Dudau <adrian.dudau@enea.com> | 2017-04-21 13:54:14 +0200 |
commit | 3fc5d271f554e07c88b1195812e48a0d86291395 (patch) | |
tree | aa886d608aee07639e7a841d0618ccd0bda97bc7 /meta/recipes-support/curl/curl_7.53.1.bb | |
parent | 9ee38b3a027470c98f7337dceac67ba06420c075 (diff) | |
download | poky-3fc5d271f554e07c88b1195812e48a0d86291395.tar.gz |
curl: Upgrade 7.47.1 -> 7.53.1
Security vulnerabilities fixed between 7.47.1 and 7.53.1 versions:
=================================================================
TLS session resumption client cert bypass (again): CVE-2017-XXXX
--write-out out of buffer read: CVE-2017-7407
SSL_VERIFYSTATUS ignored: CVE-2017-2629
uninitialized random: CVE-2016-9594
printf floating point buffer overflow: CVE-2016-9586
Win CE schannel cert wildcard matches too much: CVE-2016-9952
Win CE schannel cert name out of buffer read: CVE-2016-9953
cookie injection for other servers: CVE-2016-8615
case insensitive password comparison: CVE-2016-8616
OOB write via unchecked multiplication: CVE-2016-8617
double-free in curl_maprintf: CVE-2016-8618
double-free in krb5 code: CVE-2016-8619
glob parser write/read out of bounds: CVE-2016-8620
curl_getdate read out of bounds: CVE-2016-8621
URL unescape heap overflow via integer truncation: CVE-2016-8622
Use-after-free via shared cookies: CVE-2016-8623
invalid URL parsing with '#': CVE-2016-8624
IDNA 2003 makes curl use wrong host: CVE-2016-8625
curl escape and unescape integer overflows: CVE-2016-7167
Incorrect reuse of client certificates: CVE-2016-7141
TLS session resumption client cert bypass: CVE-2016-5419
Re-using connections with wrong client cert: CVE-2016-5420
use of connection struct after free: CVE-2016-5421
Windows DLL hijacking: CVE-2016-4802
TLS certificate check bypass with mbedTLS/PolarSSL: CVE-2016-3739
Reference:
https://curl.haxx.se/docs/security.html
https://curl.haxx.se/changes.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Diffstat (limited to 'meta/recipes-support/curl/curl_7.53.1.bb')
-rw-r--r-- | meta/recipes-support/curl/curl_7.53.1.bb | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl_7.53.1.bb b/meta/recipes-support/curl/curl_7.53.1.bb new file mode 100644 index 0000000000..9eb9720b6d --- /dev/null +++ b/meta/recipes-support/curl/curl_7.53.1.bb | |||
@@ -0,0 +1,68 @@ | |||
1 | SUMMARY = "Command line tool and library for client-side URL transfers" | ||
2 | HOMEPAGE = "http://curl.haxx.se/" | ||
3 | BUGTRACKER = "http://curl.haxx.se/mail/list.cgi?list=curl-tracker" | ||
4 | SECTION = "console/network" | ||
5 | LICENSE = "MIT" | ||
6 | LIC_FILES_CHKSUM = "file://COPYING;beginline=8;md5=3a34942f4ae3fbf1a303160714e664ac" | ||
7 | |||
8 | SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2" | ||
9 | |||
10 | # curl likes to set -g0 in CFLAGS, so we stop it | ||
11 | # from mucking around with debug options | ||
12 | # | ||
13 | SRC_URI += " file://configure_ac.patch" | ||
14 | |||
15 | SRC_URI[md5sum] = "fb1f03a142236840c1a77c035fa4c542" | ||
16 | SRC_URI[sha256sum] = "1c7207c06d75e9136a944a2e0528337ce76f15b9ec9ae4bb30d703b59bf530e8" | ||
17 | |||
18 | inherit autotools pkgconfig binconfig multilib_header | ||
19 | |||
20 | PACKAGECONFIG ??= "${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)} gnutls proxy zlib" | ||
21 | PACKAGECONFIG_class-native = "ipv6 proxy ssl zlib" | ||
22 | PACKAGECONFIG_class-nativesdk = "ipv6 proxy ssl zlib" | ||
23 | |||
24 | PACKAGECONFIG[dict] = "--enable-dict,--disable-dict," | ||
25 | PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls" | ||
26 | PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher," | ||
27 | PACKAGECONFIG[imap] = "--enable-imap,--disable-imap," | ||
28 | PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," | ||
29 | PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap," | ||
30 | PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps," | ||
31 | PACKAGECONFIG[libidn] = "--with-libidn,--without-libidn,libidn" | ||
32 | PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2" | ||
33 | PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3," | ||
34 | PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy," | ||
35 | PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump" | ||
36 | PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp," | ||
37 | PACKAGECONFIG[smb] = "--enable-smb,--disable-smb," | ||
38 | PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp," | ||
39 | PACKAGECONFIG[ssl] = "--with-ssl --with-random=/dev/urandom,--without-ssl,openssl" | ||
40 | PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet," | ||
41 | PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp," | ||
42 | PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib" | ||
43 | |||
44 | EXTRA_OECONF = " \ | ||
45 | --enable-crypto-auth \ | ||
46 | --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \ | ||
47 | --without-libmetalink \ | ||
48 | --without-libpsl \ | ||
49 | --without-nghttp2 \ | ||
50 | " | ||
51 | |||
52 | do_install_append() { | ||
53 | oe_multilib_header curl/curlbuild.h | ||
54 | } | ||
55 | |||
56 | do_install_append_class-target() { | ||
57 | # cleanup buildpaths from curl-config | ||
58 | sed -i -e 's,${STAGING_DIR_HOST},,g' ${D}${bindir}/curl-config | ||
59 | } | ||
60 | |||
61 | PACKAGES =+ "lib${BPN}" | ||
62 | |||
63 | FILES_lib${BPN} = "${libdir}/lib*.so.*" | ||
64 | RRECOMMENDS_lib${BPN} += "ca-certificates" | ||
65 | |||
66 | FILES_${PN} += "${datadir}/zsh" | ||
67 | |||
68 | BBCLASSEXTEND = "native nativesdk" | ||