| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
IDNA 2003 makes curl use wrong host
Affected versions: curl 7.12.0 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102K.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
invalid URL parsing with '#'
Affected versions: curl 7.1 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102J.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Use-after-free via shared cookies
Affected versions: curl 7.10.7 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102I.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
URL unescape heap overflow via integer truncation
Affected versions: curl 7.24.0 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102H.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
curl_getdate read out of bounds
Affected versions: curl 7.12.2 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102G.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
glob parser write/read out of bounds
Affected versions: curl 7.34.0 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102F.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
double-free in krb5 code
Affected versions: curl 7.3 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102E.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
double-free in curl_maprintf
Affected versions: curl 7.1 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102D.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
OOB write via unchecked multiplication
Affected versions: curl 7.1 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102C.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
case insensitive password comparison
Affected versions: curl 7.7 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102B.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
cookie injection for other servers
Affected versions: curl 7.1 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102A.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Affected versions:
Affected versions: libcurl 7.19.6 to and including 7.50.1
Not affected versions: libcurl >= 7.50.2
Reference to upstream patch:
https://curl.haxx.se/CVE-2016-7141.patch
(From OE-Core rev: fb8f291d9ea2ebc011403f72cb91af372a795091)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
Affected versions: libcurl 7.32.0 to and including 7.50.0
(From OE-Core rev: 2a9f4823483b6f5decc6d504858f06f66ab9e06c)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
Affected versions: libcurl 7.1 to and including 7.50.0
(From OE-Core rev: cc567d8fb9eca630cd21d40ece99babcc5b7d045)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
Affected versions: libcurl 7.1 to and including 7.50.0
(From OE-Core rev: 0b56a2f6174a44495f8a58dc0864c161ffd37b80)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ac_cv_sizeof_off_t was previously in the site cache files, which was breaking
large file support and required a workaround in each recipe that actually wanted
to use large files.
Now that the entry has been removed from the site cache, we can remove the
workarounds.
(From OE-Core rev: 1485d7cae88adb3575c6eaa47784fe50820d2740)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Proxy support is a feature, so should not have been disabled in
the previous commit (which disabled support for legacy protocols):
http://git.openembedded.org/openembedded-core/commit/?id=b26634900d487a22eef41e9e077d35fb347d4c29
(From OE-Core rev: dfb0064fb16eba1446b8f3db13e0b8b3b4764481)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As a result of this commit, the following protocols will now be
disabled by default:
DICT GOPHER IMAP IMAPS POP3 POP3S RTSP SMTP SMTPS TELNET TFTP
Also add a PACKAGECONFIG option for libidn (previously disabled
unconditionally).
(From OE-Core rev: b26634900d487a22eef41e9e077d35fb347d4c29)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch has been carried around in oe-core for a long time.
It contains two unrelated changes and neither seem to be required
any more. Drop the patch.
(From OE-Core rev: 27837df35db57f50b8fa7f7c6b3f2e400205deb9)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Adjust LIC_FILES_CHKSUM beginline due to changes to the Copyright to
acknowledge additional contributors. No change to the license text.
(From OE-Core rev: 0ab2c3b105fe92efbc814a3985879996932878c6)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|