summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/curl/curl
Commit message (Collapse)AuthorAgeFilesLines
* curl: Upgrade 7.47.1 -> 7.53.1Sona Sarmadi2017-04-2116-1613/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Security vulnerabilities fixed between 7.47.1 and 7.53.1 versions: ================================================================= TLS session resumption client cert bypass (again): CVE-2017-XXXX --write-out out of buffer read: CVE-2017-7407 SSL_VERIFYSTATUS ignored: CVE-2017-2629 uninitialized random: CVE-2016-9594 printf floating point buffer overflow: CVE-2016-9586 Win CE schannel cert wildcard matches too much: CVE-2016-9952 Win CE schannel cert name out of buffer read: CVE-2016-9953 cookie injection for other servers: CVE-2016-8615 case insensitive password comparison: CVE-2016-8616 OOB write via unchecked multiplication: CVE-2016-8617 double-free in curl_maprintf: CVE-2016-8618 double-free in krb5 code: CVE-2016-8619 glob parser write/read out of bounds: CVE-2016-8620 curl_getdate read out of bounds: CVE-2016-8621 URL unescape heap overflow via integer truncation: CVE-2016-8622 Use-after-free via shared cookies: CVE-2016-8623 invalid URL parsing with '#': CVE-2016-8624 IDNA 2003 makes curl use wrong host: CVE-2016-8625 curl escape and unescape integer overflows: CVE-2016-7167 Incorrect reuse of client certificates: CVE-2016-7141 TLS session resumption client cert bypass: CVE-2016-5419 Re-using connections with wrong client cert: CVE-2016-5420 use of connection struct after free: CVE-2016-5421 Windows DLL hijacking: CVE-2016-4802 TLS certificate check bypass with mbedTLS/PolarSSL: CVE-2016-3739 Reference: https://curl.haxx.se/docs/security.html https://curl.haxx.se/changes.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* curl: CVE-2016-8625Sona Sarmadi2017-02-102-0/+644
| | | | | | | | | | | IDNA 2003 makes curl use wrong host Affected versions: curl 7.12.0 to and including 7.50.3 Reference: https://curl.haxx.se/docs/adv_20161102K.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* curl: CVE-2016-8624Sona Sarmadi2017-02-101-0/+51
| | | | | | | | | | | invalid URL parsing with '#' Affected versions: curl 7.1 to and including 7.50.3 Reference: https://curl.haxx.se/docs/adv_20161102J.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* curl: CVE-2016-8623Sona Sarmadi2017-02-101-0/+209
| | | | | | | | | | | Use-after-free via shared cookies Affected versions: curl 7.10.7 to and including 7.50.3 Reference: https://curl.haxx.se/docs/adv_20161102I.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* curl: CVE-2016-8622Sona Sarmadi2017-02-101-0/+94
| | | | | | | | | | | URL unescape heap overflow via integer truncation Affected versions: curl 7.24.0 to and including 7.50.3 Reference: https://curl.haxx.se/docs/adv_20161102H.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* curl: CVE-2016-8621Sona Sarmadi2017-02-101-0/+120
| | | | | | | | | | | curl_getdate read out of bounds Affected versions: curl 7.12.2 to and including 7.50.3 Reference: https://curl.haxx.se/docs/adv_20161102G.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* curl: CVE-2016-8620Sona Sarmadi2017-02-101-0/+44
| | | | | | | | | | | glob parser write/read out of bounds Affected versions: curl 7.34.0 to and including 7.50.3 Reference: https://curl.haxx.se/docs/adv_20161102F.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* curl: CVE-2016-8619Sona Sarmadi2017-02-101-0/+52
| | | | | | | | | | | double-free in krb5 code Affected versions: curl 7.3 to and including 7.50.3 Reference: https://curl.haxx.se/docs/adv_20161102E.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* curl: CVE-2016-8618Sona Sarmadi2017-02-101-0/+52
| | | | | | | | | | | double-free in curl_maprintf Affected versions: curl 7.1 to and including 7.50.3 Reference: https://curl.haxx.se/docs/adv_20161102D.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* curl: CVE-2016-8617Sona Sarmadi2017-02-101-0/+28
| | | | | | | | | | | | OOB write via unchecked multiplication Affected versions: curl 7.1 to and including 7.50.3 Reference: https://curl.haxx.se/docs/adv_20161102C.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* curl: CVE-2016-8616Sona Sarmadi2017-02-101-0/+49
| | | | | | | | | | | | case insensitive password comparison Affected versions: curl 7.7 to and including 7.50.3 Reference: https://curl.haxx.se/docs/adv_20161102B.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* curl: CVE-2016-8615Sona Sarmadi2017-02-101-0/+77
| | | | | | | | | | | | cookie injection for other servers Affected versions: curl 7.1 to and including 7.50.3 Reference: https://curl.haxx.se/docs/adv_20161102A.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* curl: security fix for CVE-2016-7141Sona Sarmadi2016-09-231-0/+50
| | | | | | | | | | | | | | | Affected versions: Affected versions: libcurl 7.19.6 to and including 7.50.1 Not affected versions: libcurl >= 7.50.2 Reference to upstream patch: https://curl.haxx.se/CVE-2016-7141.patch (From OE-Core rev: fb8f291d9ea2ebc011403f72cb91af372a795091) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: security fix for CVE-2016-5421Maxin B. John2016-09-021-0/+36
| | | | | | | | | Affected versions: libcurl 7.32.0 to and including 7.50.0 (From OE-Core rev: 2a9f4823483b6f5decc6d504858f06f66ab9e06c) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: security fix for CVE-2016-5420Maxin B. John2016-09-021-0/+31
| | | | | | | | | Affected versions: libcurl 7.1 to and including 7.50.0 (From OE-Core rev: cc567d8fb9eca630cd21d40ece99babcc5b7d045) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: security fix for CVE-2016-5419Maxin B. John2016-09-021-0/+76
| | | | | | | | | Affected versions: libcurl 7.1 to and including 7.50.0 (From OE-Core rev: 0b56a2f6174a44495f8a58dc0864c161ffd37b80) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: drop obsolete pkgconfig_fix.patchAndre McCurdy2016-02-111-32/+0
| | | | | | | | | | | | This patch has been carried around in oe-core for a long time. It contains two unrelated changes and neither seem to be required any more. Drop the patch. (From OE-Core rev: 27837df35db57f50b8fa7f7c6b3f2e400205deb9) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Ugrade to 7.38Saul Wold2014-12-032-338/+0
| | | | | | | | | Remove backported CVE patches (From OE-Core rev: 257ca2054c907c9c9868ccae57c6e0d750fb1164) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Security Advisory - curl - CVE-2014-3620Chong Lu2014-11-051-0/+69
| | | | | | | | | | | | libcurl wrongly allows cookies to be set for Top Level Domains (TLDs), thus making them apply broader than cookies are allowed. This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain. (From OE-Core rev: ddbaade8afbc9767583728bfdc220639203d6853) Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Security Advisory - curl - CVE-2014-3613Chong Lu2014-11-041-0/+269
| | | | | | | | | | | | By not detecting and rejecting domain names for partial literal IP addresses properly when parsing received HTTP cookies, libcurl can be fooled to both sending cookies to wrong sites and into allowing arbitrary sites to set cookies for others. (From OE-Core rev: 985ef933208da1dd1f17645613ce08e6ad27e2c1) Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: remove unused patchMaxin B. John2014-08-061-8203/+0
| | | | | | | | | | Remove unused "remove_inappropriate_file_from_rel.patch" (From OE-Core rev: ad1b9480f2ef5a4450f8b31ef7b3141ee7462b4f) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Update to 7.37Saul Wold2014-06-251-38/+0
| | | | | | | | | Remove patches that are fixed upstream (From OE-Core rev: d5d169af2b34596deb3997c2bfa7398c447c4fac) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: remove inapporpriate file from curl releaseTudor Florea2014-05-151-0/+8203
| | | | | | | | | | | | | This is the adaptation for the a bugfix upstream The inappropriate file src/tool_hugehelp.c presence in the curl 7.36 release interfered with the upstream fix for https://sourceforge.net/p/curl/bugs/1350/ (From OE-Core rev: c5a52f5b5ae7c5528bc59ee7fb69a2f460a89b81) Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Backport a fix for a build issueTudor Florea2014-05-031-0/+38
| | | | | | | | | | | | | mkhelp: generate code for --disable-manual as well This allows configure --disable-manual to run and build without having to regenerate the src/tool_hugehelp.c file which otherwise is necessary since we ship tarballs with that file present. (From OE-Core rev: 544a96255203a6779d1f0022d003c6680f330511) Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: add upstream status to patchJoe Slater2013-07-181-0/+2
| | | | | | | | | | Add upstream-status to configure_ac.patch. (From OE-Core rev: 8fc6904fe97438478119db6cd23b7b4eb33b50aa) Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: update to upstream version 7.30.0Marko Lindqvist2013-05-291-170/+0
| | | | | | | | | | | 0001-Fix-NULL-pointer-reference-when-closing-an-unused-mu.patch now part of upstream. (From OE-Core rev: 2d79a2f88b6676847ef868d3cc6475bd643b28a3) Signed-off-by: Marko Lindqvist <cazfi74@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: backport patch to fix segfaultsMartin Jansa2013-04-051-0/+170
| | | | | | | | | * e.g. ecore, efreet segfault a lot without this patch (From OE-Core rev: b93011d3e719c46089ccdb39c60d3a9e9cfa5a14) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: update to upstream version 7.29.0Marko Lindqvist2013-02-221-14/+11
| | | | | | | | | | | | - obsolete_automake_macros.patch removed as it's part of upstream. - dont_override_ac_config_macro_dir.patch removed as no longer needed. - pkgconfig_fix.patch updated to apply cleanly (From OE-Core rev: b0c541236b4c4670ce77f55886b6ce02c562b8c2) Signed-off-by: Marko Lindqvist <cazfi74@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: update to upstream version 7.28.1Marko Lindqvist2012-12-311-24/+21
| | | | | | | | (From OE-Core rev: 2cb1285195439faa48571acc5346d25b4de214b4) Signed-off-by: Marko Lindqvist <cazfi74@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: eliminate forced setting of -g0 when compilingJoe Slater2012-11-241-0/+11
| | | | | | | | | | | | Do not invoke CURL_SET_COMPILER_DEBUG_OPTS in configure.ac. This will allow debug options set in our CFLAGS to be used. (From OE-Core rev: ba151faad47e6874b295ebd9699ce154bc4ff741) Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.26.0Alexandru DAMIAN2012-07-091-76/+0
| | | | | | | | | | Config system changed from 7.24.0 and the noldlibpatch is no longer needed, thus deleted. (From OE-Core rev: 0d2d59420b5924491ccd5c091c823b9c277a6721) Signed-off-by: Alexandru DAMIAN <alexandru.damian@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to version 7.21.6Qing He2011-05-042-1/+6
| | | | | | | | | from 7.21.2 (From OE-Core rev: 7b26788c52136eb6a95507758936756b3dfcbaa4) Signed-off-by: Qing He <qing.he@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* packages: Separate out most of the remaining packages into recipesRichard Purdie2010-09-012-0/+109
Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-10 11:22:59 +0000