summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/curl
Commit message (Collapse)AuthorAgeFilesLines
* curl: actually apply latest CVE patchesRoss Burton2018-11-241-0/+3
| | | | | | | | | | | (From OE-Core rev: f0394e80a37f1da47042a1aa0487594f390603f9) (From OE-Core rev: b2ccfeeffc5762648ee6b1f1d05c3cc6f347ed28) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842Changqing Li2018-11-243-0/+113
| | | | | | | | | | | (From OE-Core rev: 0f0db9fc8512a0ecd0cdba3304a195cd925a5029) (From OE-Core rev: b3e92c0c1864cac8c8f6c693ede713a2fc7f2ef5) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Include the complete license informationPeter Kjellerstedt2018-11-161-1/+1
| | | | | | | | | | | | | | | | | For some reason, the copyright part was left out of the license information included in LIC_FILES_CHKSUM, preventing it from being used in, e.g., documentation to satisfy the requirements of the license. License-Update: Include the complete license information (From OE-Core rev: 390becd2dcf4fe791ec3715a74e34a46bd457e7a) (From OE-Core rev: 015f65b5c391c75fe96f927a007a8be04db70a63) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: CVE-2018-14618Zhixiong Chi2018-11-162-0/+38
| | | | | | | | | | | | | | | | | Backport the CVE patch from the upstream https://github.com/curl/curl/commit/57d299a499155d4b327e341c6024e293b0418243.patch https://curl.haxx.se/docs/CVE-2018-14618.html https://nvd.nist.gov/vuln/detail/CVE-2018-14618 (From OE-Core rev: b76903b4b7bfec71be0a8a14e2cab4e2ec852222) (From OE-Core rev: 4c51e82e43cbcc74d9bcabe24b778aae3cf123ca) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: extend CVE_PRODUCTGrygorii Tertychnyi2018-11-161-1/+1
| | | | | | | | | | | | | | | | | There are both "curl" and "libcurl" CPEs in NVD. All "curl" CVEs are now missed in the reports. Hence, switch "CVE_PRODUCT" to a space separated list of the items. (From OE-Core rev: 69ff709c2450c42139fd9705e3a74464221ad754) (From OE-Core rev: 5df0d75fe63a0e1ada396f5ecfa953ac63f65354) Signed-off-by: Grygorii Tertychnyi <gtertych@cisco.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: update 7.60.0 -> 7.61.0Andre McCurdy2018-07-301-2/+2
| | | | | | | | | | | | | | https://curl.haxx.se/changes.html#7_61_0 (From OE-Core rev: b26ca91574a88745910d44777bb17ac0616baf3e) (From OE-Core rev: 99ea485195327fcdd63f682a41a4b340a2fd1dda) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: update 7.59.0 -> 7.60.0Andre McCurdy2018-06-153-32/+13
| | | | | | | | | | | | | | | | | | | | | | | | includes: CVE-2018-1000300 CWE-122: Heap-based Buffer Overflow CVE-2018-1000301 CWE-126: Buffer Over-read https://curl.haxx.se/changes.html#7_60_0 Also refresh 0001-replace-krb5-config-with-pkg-config.patch and drop configure_ac.patch, which we've apparently been dragging along unnecessarily for the past 5 years: https://github.com/curl/curl/commit/c277bd6ce7069819484eb3dc30b5858735fde377 (From OE-Core rev: 4063c1e4b233b28ae14420a83960fd93b437a4a4) (From OE-Core rev: 4decc8ca3bd1b6c1c67182782fe6019dc0efc4fa) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: update to 7.59.0Armin Kuster2018-06-151-2/+2
| | | | | | | | | | | | | | | | | | includes: CVE-2018-1000300 CWE-122: Heap-based Buffer Overflow CVE-2018-1000301 CWE-126: Buffer Over-read CVE-2018-1000122 CWE-126: Buffer Over-read CVE-2018-1000121 CWE-476: NULL Pointer Dereference CVE-2018-1000120 CWE-122: Heap-based Buffer Overflow (From OE-Core rev: 4c1ed0a1a265add8d856a6d2c6f04562b975c180) (From OE-Core rev: 6582a76c990fe068fd37525943403ca9ff9c1d05) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: DEPENDS on libidn2 (not libidn)André Draszik2018-04-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since v7.51.0, libidn2 is the only available option, libidn support was dropped. The configure option was renamed as of v7.53.0 Therefore, curl unconditionally tries to build against libidn2, which in particular is a problem for curl-native, as that might or might not build against the build-machine's libidn2 now, which furthermore causes problems when trying to share sstate between multiple build machines. We therefore see the following in the config log: ... checking whether to build with libidn2... (assumed) yes ... checking for libidn2 options with pkg-config... no configure: IDN_LIBS: "-lidn2" configure: IDN_LDFLAGS: "" configure: IDN_CPPFLAGS: "" configure: IDN_DIR: "" checking if idn2_lookup_ul can be linked... yes checking idn2.h usability... yes checking idn2.h presence... yes checking for idn2.h... yes ... IDN support: enabled (libidn2) ... even though this recipe tries to disable that. While libidn2 isn't available in OE, this change at least: * prevents curl-native to silently build against libidn2 if that is installed on build machine, even if not requested * alerts people who use the PACKAGECONFIG option that it's not actually doing what they intend to do (From OE-Core rev: 705eaea991622bdbb2ee83eefa8df8e665e3efe4) Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.58.0Oleksandr Kravchuk2018-02-241-2/+2
| | | | | | | | (From OE-Core rev: 9763c9d649a22f9024d832eb625bee35b583e717) Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: 7.54.1 -> 7.57.0Huang Qiyu2018-01-266-373/+2
| | | | | | | | | | | | 1.Upgrade curl from 7.54.1 to 7.57.0. 2.Delete CVE-2017-1000099.patch, CVE-2017-1000100.patch, CVE-2017-1000101.patch, CVE-2017-1000254.patch, reproducible-mkhelp.patch, since it is integrated upstream. 3.Remove "do_install_append()" from curl_7.57.0.bb, since curl/curlbuild.h has been removed. (From OE-Core rev: 215d5677004537fc190b5381157ac8b94db6d7e8) Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl_7.54.1.bb: improve reproducibilityJuro Bystricky2017-11-082-1/+41
| | | | | | | | | | | | | Improve reproducible build of curl-dev and curl-dbg packages. curl-dev: Correctly remove build host references from curl-config curl-dbg: Do not generate time stamps in files generated by mkhelp.pl (From OE-Core rev: 6bc323ac9315712e75a0282cddb292bc84afc6f1) Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Security Advisory - curl - CVE-2017-1000254Li Zhou2017-11-052-0/+139
| | | | | | | | | | | Porting patch from <https://github.com/curl/curl/commit/ 5ff2c5ff25750aba1a8f64fbcad8e5b891512584> to solve CVE-2017-1000254. (From OE-Core rev: 08f8d5db06647b94f96d655100c358047682dd2f) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: add 'enable-ares' packageconfig optionJavier Viguera2017-11-051-0/+2
| | | | | | | | | | | | | | | This build time option is needed to use the '--dns-interface' runtime parameter to instruct 'curl' to use a specific interface for DNS resolution. Not enabled by default, as it depends on 'c-ares' package from meta-openembedded (meta-networking). (From OE-Core rev: 4fe0aa3791db0ee6c85e7a068f69def6e7c0da46) Signed-off-by: Javier Viguera <javier.viguera@digi.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Added option to enable http2 protocol.baali2017-09-261-1/+1
| | | | | | | | | | | | With default --without-nghttp2 flag set there was no way to get http2 protocol support using nghttp2 library. Instead moved it to PACKAGECONFIG options (From OE-Core rev: bcc8560300c8b1218b1f3709f5a7732e17fbfa46) Signed-off-by: baali <shantanu@senic.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: fix CVE-2017-1000099, 1000100, 1000101Wenzong Fan2017-09-054-0/+194
| | | | | | | | | | | | | | | | | | | | Backport upstream commits to fix: - CVE-2017-1000099 https://curl.haxx.se/docs/adv_20170809C.html https://curl.haxx.se/CVE-2017-1000099.patch - CVE-2017-1000100 https://curl.haxx.se/docs/adv_20170809B.html https://curl.haxx.se/CVE-2017-1000100.patch - CVE-2017-1000101 https://curl.haxx.se/docs/adv_20170809A.html https://curl.haxx.se/CVE-2017-1000101.patch (From OE-Core rev: 2eb590bbeab4dbf2583a78fcbaf3723757116123) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: enable threaded resolverAndré Draszik2017-09-051-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | Multi-threaded applications using libcurl crash on DNS timeouts when built using OE. The reason is as follows: By default, libcurl implements DNS timeouts using a timer (alarm()) and a pair of setjmp()/longjmp(). This approach is unsafe in multi-threaded applications for various reasons, as e.g. explained in the relevant man-pages. To avoid this, libcurl can be compiled with a built-in threaded resolver, or against the c-ares asynchronous resolver library. To keep extra dependencies to a minimum, and to mimic other distributions (debian at least), and because c-ares is not available in OE-core, add a PACKAGECONFIG to be able to enable use of of the built-in threaded resolver and enable it by default. (From OE-Core rev: 41f1e44fce976c4140cda62a41349e91e69d04ef) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: update to 7.54.1Oleksandr Kravchuk2017-06-281-2/+2
| | | | | | | | (From OE-Core rev: 2f0b593eacf889486a75c715b823a8337bc3b109) Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.54.0Oleksandr Kravchuk2017-05-121-2/+2
| | | | | | | | (From OE-Core rev: cf0fe542b13e2bb64caeebb7d80a7642bbf8416c) Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.53.1Fan Xin2017-03-111-2/+2
| | | | | | | | (From OE-Core rev: f34ab1aae3c9cb2a4068ec684492df1a48f5cd4d) Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.53.0Oleksandr Kravchuk2017-03-011-2/+2
| | | | | | | | (From OE-Core rev: 8889426d822fb403db1c2263e88ed7608202aafa) Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Make use of the new bb.utils.filter() functionPeter Kjellerstedt2017-03-011-1/+1
| | | | | | | (From OE-Core rev: 0a1427bf9aeeda6bee2cc0af8da4ea5fd90aef6f) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.52.1Oleksandr Kravchuk2017-01-091-2/+2
| | | | | | | | (From OE-Core rev: d4218bb468ab9485a0a0cb12b07cb1d96dc6326b) Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: set CVE_PRODUCTRoss Burton2016-12-131-0/+1
| | | | | | | | | This is 'libcurl' in NVD. (From OE-Core rev: f5381da49ac781ef017a1b9816c00b512ca9c7c2) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Update to version 7.51.0Fabio Berton2016-11-151-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | CVE fixed in 7.51.0: CVE-2016-8615: cookie injection for other servers CVE-2016-8616: case insensitive password comparison CVE-2016-8617: OOB write via unchecked multiplication CVE-2016-8618: double-free in curl_maprintf CVE-2016-8619: double-free in krb5 code CVE-2016-8620: glob parser write/read out of bounds CVE-2016-8621: curl_getdate read out of bounds CVE-2016-8622: URL unescape heap overflow via integer truncation CVE-2016-8623: Use-after-free via shared cookies CVE-2016-8624: invalid URL parsing with '#' CVE-2016-8625: IDNA 2003 makes curl use wrong host To see complete log access link bellow: https://curl.haxx.se/changes.html#7_51_0 (From OE-Core rev: 0154ff997db8021f93e6ffe8f7a0627d7a1d9b89) Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.50.1Ross Burton2016-08-171-2/+2
| | | | | | | | | | | | | This fixes 3 CVES: CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 (From OE-Core rev: 62157e2b31c206be40f95574bb205dae5e8e4b68) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.50.0Fan Xin2016-08-101-2/+2
| | | | | | | | (From OE-Core rev: 638e648fdcba2f2a4fdf53747290a9a98ea0a86e) Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.49.1Chen Qi2016-06-151-2/+2
| | | | | | | (From OE-Core rev: 53761f4f2d4b8463bf9f996a87ee0dc61e21a2d0) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: add krb5 to PACKAGECONFIGRoy Li2016-05-062-1/+47
| | | | | | | | | | krb5 is needed to enables GSS-Negotiate authentication (From OE-Core rev: 78811b6e608452a3137df6ed2346c69d42d8fd27) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: remove redundant ac_cv_sizeof_off_t assignmentsRoss Burton2016-04-121-4/+0
| | | | | | | | | | | | | | ac_cv_sizeof_off_t was previously in the site cache files, which was breaking large file support and required a workaround in each recipe that actually wanted to use large files. Now that the entry has been removed from the site cache, we can remove the workarounds. (From OE-Core rev: 1485d7cae88adb3575c6eaa47784fe50820d2740) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: re-enable proxy support by defaultAndre McCurdy2016-02-191-3/+3
| | | | | | | | | | | | Proxy support is a feature, so should not have been disabled in the previous commit (which disabled support for legacy protocols): http://git.openembedded.org/openembedded-core/commit/?id=b26634900d487a22eef41e9e077d35fb347d4c29 (From OE-Core rev: dfb0064fb16eba1446b8f3db13e0b8b3b4764481) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: add PACKAGECONFIG options for less common / legacy protocolsAndre McCurdy2016-02-111-9/+23
| | | | | | | | | | | | | | | As a result of this commit, the following protocols will now be disabled by default: DICT GOPHER IMAP IMAPS POP3 POP3S RTSP SMTP SMTPS TELNET TFTP Also add a PACKAGECONFIG option for libidn (previously disabled unconditionally). (From OE-Core rev: b26634900d487a22eef41e9e077d35fb347d4c29) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: drop obsolete pkgconfig_fix.patchAndre McCurdy2016-02-112-35/+1
| | | | | | | | | | | | This patch has been carried around in oe-core for a long time. It contains two unrelated changes and neither seem to be required any more. Drop the patch. (From OE-Core rev: 27837df35db57f50b8fa7f7c6b3f2e400205deb9) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: update 7.47.0 -> 7.47.1Andre McCurdy2016-02-111-3/+3
| | | | | | | | | | | Adjust LIC_FILES_CHKSUM beginline due to changes to the Copyright to acknowledge additional contributors. No change to the license text. (From OE-Core rev: 0ab2c3b105fe92efbc814a3985879996932878c6) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: update 7.46.0 -> 7.47.0 ( CVE-2016-0754 CVE-2016-0755 )Andre McCurdy2016-01-301-2/+2
| | | | | | | | | | | | | | Full changelog: http://curl.haxx.se/changes.html#7_47_0 Security fixes: http://curl.haxx.se/docs/vulnerabilities.html CVE-2016-0754 : remote file name path traversal in curl tool for Windows CVE-2016-0755 : NTLM credentials not-checked for proxy connection re-use (From OE-Core rev: 6600190d7efb69dd5121b9ca082ad4c0dbc5e17e) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.46Chen Qi2016-01-151-2/+4
| | | | | | | (From OE-Core rev: a7468f7a872f288577f4dc0146a931a4a179e2be) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.45Fan Xin2015-12-161-2/+2
| | | | | | | | (From OE-Core rev: 32076a55fec1f01f84fe84aefc9300fae25f2519) Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: cleanup buildpaths from curl-configWenzong Fan2015-10-011-0/+5
| | | | | | | | | | | curl-config will be installed to target, cleanup buildpaths in it: * remove ${STAGING_DIR_HOST} from CC, CFLAGS ... (From OE-Core rev: 3e4978a534afc7fd4b82a044da8d9774cf09a4f0) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.44Maxin B. John2015-08-161-2/+2
| | | | | | | | | | Bump to version 7.44 (From OE-Core rev: edea6df23692686c8401dea877234072ee117b36) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.43.0Chen Qi2015-07-011-2/+2
| | | | | | | (From OE-Core rev: eb54c29d0566e01c287bdccbdb26c188aac66033) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.42.1Roy Li2015-05-071-2/+2
| | | | | | | | | Upgrade to include a security fixes for CVE-2015-3153 (From OE-Core rev: a99047605020ea76209279e98556687c61e1da0d) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Fix wrong assumption about sizeof off_t on largefile systemsKhem Raj2015-04-301-0/+3
| | | | | | | | | | | This issue was reported on poky ml as well see https://lists.yoctoproject.org/pipermail/poky/2013-December/009435.html Change-Id: Iedf22467889893111fde0433e411fd0546a38546 (From OE-Core rev: 3c58712465494e441c4036a7cf21d2e6d343efab) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.42.0Maxin B. John2015-04-271-2/+2
| | | | | | | | | | | | | Upgrade include these security fixes: 1. CVE-2015-3143 2. CVE-2015-3144 3. CVE-2015-3145 4. CVE-2015-3148 (From OE-Core rev: 9d2cb0e2183c24b4cf42c078d75c10ba1e4b6e56) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: remove extra dev and staticdev from PACKAGESRobert Yang2015-04-211-10/+1
| | | | | | | | | There should be only one dev and dbg package. (From OE-Core rev: eb972e9b4b4210fa1c35fc0fae0ada27264b2e66) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.41.0Chen Qi2015-04-101-2/+2
| | | | | | | (From OE-Core rev: ab2ca0f4e0fc2e644bf248ede350d0c5eec326ed) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: remove samba from PACKAGECONFIG[smb] DEPENDSAndre McCurdy2015-03-161-1/+1
| | | | | | | | | | | Enabling support for the smb protocol does not create a build time dependency on samba. (From OE-Core rev: b4c7921001a30e0162cacbe12b1a5b888b36db57) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Add PACKAGECONFIG for sambaMaxin B. John2015-01-231-0/+1
| | | | | | | | | | | | curl 7.40.0 added support for the SMB/CIFS protocol. So provide a PACKAGECONFIG option for smb. Reported-by: Andre McCurdy <armccurdy@gmail.com> (From OE-Core rev: c776fd463902594e77cf9a8199039714a078437c) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.40Maxin B. John2015-01-161-2/+2
| | | | | | | | | | Bump to version 7.40 (From OE-Core rev: d3704312252c1607883099063151c599cca81cbe) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Ugrade to 7.38Saul Wold2014-12-033-343/+3
| | | | | | | | | Remove backported CVE patches (From OE-Core rev: 257ca2054c907c9c9868ccae57c6e0d750fb1164) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Security Advisory - curl - CVE-2014-3620Chong Lu2014-11-052-0/+70
| | | | | | | | | | | | libcurl wrongly allows cookies to be set for Top Level Domains (TLDs), thus making them apply broader than cookies are allowed. This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain. (From OE-Core rev: ddbaade8afbc9767583728bfdc220639203d6853) Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-26 14:18:21 +0000