summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/curl
Commit message (Collapse)AuthorAgeFilesLines
* curl: CVE-2016-8617Sona Sarmadi2017-02-102-0/+29
| | | | | | | | | | | | OOB write via unchecked multiplication Affected versions: curl 7.1 to and including 7.50.3 Reference: https://curl.haxx.se/docs/adv_20161102C.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* curl: CVE-2016-8616Sona Sarmadi2017-02-102-0/+50
| | | | | | | | | | | | case insensitive password comparison Affected versions: curl 7.7 to and including 7.50.3 Reference: https://curl.haxx.se/docs/adv_20161102B.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* curl: CVE-2016-8615Sona Sarmadi2017-02-102-0/+78
| | | | | | | | | | | | cookie injection for other servers Affected versions: curl 7.1 to and including 7.50.3 Reference: https://curl.haxx.se/docs/adv_20161102A.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* curl: security fix for CVE-2016-7141Sona Sarmadi2016-09-232-0/+51
| | | | | | | | | | | | | | | Affected versions: Affected versions: libcurl 7.19.6 to and including 7.50.1 Not affected versions: libcurl >= 7.50.2 Reference to upstream patch: https://curl.haxx.se/CVE-2016-7141.patch (From OE-Core rev: fb8f291d9ea2ebc011403f72cb91af372a795091) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: security fix for CVE-2016-5421Maxin B. John2016-09-022-0/+37
| | | | | | | | | Affected versions: libcurl 7.32.0 to and including 7.50.0 (From OE-Core rev: 2a9f4823483b6f5decc6d504858f06f66ab9e06c) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: security fix for CVE-2016-5420Maxin B. John2016-09-022-0/+32
| | | | | | | | | Affected versions: libcurl 7.1 to and including 7.50.0 (From OE-Core rev: cc567d8fb9eca630cd21d40ece99babcc5b7d045) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: security fix for CVE-2016-5419Maxin B. John2016-09-022-1/+79
| | | | | | | | | Affected versions: libcurl 7.1 to and including 7.50.0 (From OE-Core rev: 0b56a2f6174a44495f8a58dc0864c161ffd37b80) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: remove redundant ac_cv_sizeof_off_t assignmentsRoss Burton2016-04-121-4/+0
| | | | | | | | | | | | | | ac_cv_sizeof_off_t was previously in the site cache files, which was breaking large file support and required a workaround in each recipe that actually wanted to use large files. Now that the entry has been removed from the site cache, we can remove the workarounds. (From OE-Core rev: 1485d7cae88adb3575c6eaa47784fe50820d2740) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: re-enable proxy support by defaultAndre McCurdy2016-02-191-3/+3
| | | | | | | | | | | | Proxy support is a feature, so should not have been disabled in the previous commit (which disabled support for legacy protocols): http://git.openembedded.org/openembedded-core/commit/?id=b26634900d487a22eef41e9e077d35fb347d4c29 (From OE-Core rev: dfb0064fb16eba1446b8f3db13e0b8b3b4764481) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: add PACKAGECONFIG options for less common / legacy protocolsAndre McCurdy2016-02-111-9/+23
| | | | | | | | | | | | | | | As a result of this commit, the following protocols will now be disabled by default: DICT GOPHER IMAP IMAPS POP3 POP3S RTSP SMTP SMTPS TELNET TFTP Also add a PACKAGECONFIG option for libidn (previously disabled unconditionally). (From OE-Core rev: b26634900d487a22eef41e9e077d35fb347d4c29) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: drop obsolete pkgconfig_fix.patchAndre McCurdy2016-02-112-35/+1
| | | | | | | | | | | | This patch has been carried around in oe-core for a long time. It contains two unrelated changes and neither seem to be required any more. Drop the patch. (From OE-Core rev: 27837df35db57f50b8fa7f7c6b3f2e400205deb9) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: update 7.47.0 -> 7.47.1Andre McCurdy2016-02-111-3/+3
| | | | | | | | | | | Adjust LIC_FILES_CHKSUM beginline due to changes to the Copyright to acknowledge additional contributors. No change to the license text. (From OE-Core rev: 0ab2c3b105fe92efbc814a3985879996932878c6) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: update 7.46.0 -> 7.47.0 ( CVE-2016-0754 CVE-2016-0755 )Andre McCurdy2016-01-301-2/+2
| | | | | | | | | | | | | | Full changelog: http://curl.haxx.se/changes.html#7_47_0 Security fixes: http://curl.haxx.se/docs/vulnerabilities.html CVE-2016-0754 : remote file name path traversal in curl tool for Windows CVE-2016-0755 : NTLM credentials not-checked for proxy connection re-use (From OE-Core rev: 6600190d7efb69dd5121b9ca082ad4c0dbc5e17e) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.46Chen Qi2016-01-151-2/+4
| | | | | | | (From OE-Core rev: a7468f7a872f288577f4dc0146a931a4a179e2be) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.45Fan Xin2015-12-161-2/+2
| | | | | | | | (From OE-Core rev: 32076a55fec1f01f84fe84aefc9300fae25f2519) Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: cleanup buildpaths from curl-configWenzong Fan2015-10-011-0/+5
| | | | | | | | | | | curl-config will be installed to target, cleanup buildpaths in it: * remove ${STAGING_DIR_HOST} from CC, CFLAGS ... (From OE-Core rev: 3e4978a534afc7fd4b82a044da8d9774cf09a4f0) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.44Maxin B. John2015-08-161-2/+2
| | | | | | | | | | Bump to version 7.44 (From OE-Core rev: edea6df23692686c8401dea877234072ee117b36) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.43.0Chen Qi2015-07-011-2/+2
| | | | | | | (From OE-Core rev: eb54c29d0566e01c287bdccbdb26c188aac66033) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.42.1Roy Li2015-05-071-2/+2
| | | | | | | | | Upgrade to include a security fixes for CVE-2015-3153 (From OE-Core rev: a99047605020ea76209279e98556687c61e1da0d) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Fix wrong assumption about sizeof off_t on largefile systemsKhem Raj2015-04-301-0/+3
| | | | | | | | | | | This issue was reported on poky ml as well see https://lists.yoctoproject.org/pipermail/poky/2013-December/009435.html Change-Id: Iedf22467889893111fde0433e411fd0546a38546 (From OE-Core rev: 3c58712465494e441c4036a7cf21d2e6d343efab) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.42.0Maxin B. John2015-04-271-2/+2
| | | | | | | | | | | | | Upgrade include these security fixes: 1. CVE-2015-3143 2. CVE-2015-3144 3. CVE-2015-3145 4. CVE-2015-3148 (From OE-Core rev: 9d2cb0e2183c24b4cf42c078d75c10ba1e4b6e56) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: remove extra dev and staticdev from PACKAGESRobert Yang2015-04-211-10/+1
| | | | | | | | | There should be only one dev and dbg package. (From OE-Core rev: eb972e9b4b4210fa1c35fc0fae0ada27264b2e66) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.41.0Chen Qi2015-04-101-2/+2
| | | | | | | (From OE-Core rev: ab2ca0f4e0fc2e644bf248ede350d0c5eec326ed) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: remove samba from PACKAGECONFIG[smb] DEPENDSAndre McCurdy2015-03-161-1/+1
| | | | | | | | | | | Enabling support for the smb protocol does not create a build time dependency on samba. (From OE-Core rev: b4c7921001a30e0162cacbe12b1a5b888b36db57) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Add PACKAGECONFIG for sambaMaxin B. John2015-01-231-0/+1
| | | | | | | | | | | | curl 7.40.0 added support for the SMB/CIFS protocol. So provide a PACKAGECONFIG option for smb. Reported-by: Andre McCurdy <armccurdy@gmail.com> (From OE-Core rev: c776fd463902594e77cf9a8199039714a078437c) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.40Maxin B. John2015-01-161-2/+2
| | | | | | | | | | Bump to version 7.40 (From OE-Core rev: d3704312252c1607883099063151c599cca81cbe) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Ugrade to 7.38Saul Wold2014-12-033-343/+3
| | | | | | | | | Remove backported CVE patches (From OE-Core rev: 257ca2054c907c9c9868ccae57c6e0d750fb1164) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Security Advisory - curl - CVE-2014-3620Chong Lu2014-11-052-0/+70
| | | | | | | | | | | | libcurl wrongly allows cookies to be set for Top Level Domains (TLDs), thus making them apply broader than cookies are allowed. This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain. (From OE-Core rev: ddbaade8afbc9767583728bfdc220639203d6853) Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Security Advisory - curl - CVE-2014-3613Chong Lu2014-11-042-0/+270
| | | | | | | | | | | | By not detecting and rejecting domain names for partial literal IP addresses properly when parsing received HTTP cookies, libcurl can be fooled to both sending cookies to wrong sites and into allowing arbitrary sites to set cookies for others. (From OE-Core rev: 985ef933208da1dd1f17645613ce08e6ad27e2c1) Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: add PACKAGECONFIG option to use libssh2Fabrice Coulon2014-10-101-2/+2
| | | | | | | | | | | | | | The user can enable libssh2 via conf/local.conf or custom distro configuration, this will pull in libssh2, which is not used by default. For example, a curl_x.y.z.bbappend file containing the following line: PACKAGECONFIG += "libssh2" (From OE-Core rev: d425e005d274cac0ef7160f53c41bda175444f69) Signed-off-by: Fabrice Coulon <fabrice.coulon@axis.com> Signed-off-by: Olof Johansson <olof.johansson@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: add a PACKAGECONFIG for librtmpRoss Burton2014-09-291-0/+1
| | | | | | | | | Otherwise this is a non-deterministic build dependency. (From OE-Core rev: 8521d4d6b73c93ae60cca3d04673cdd02c27446c) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: --with-random is only applicable with opensslAndre McCurdy2014-08-151-2/+1
| | | | | | | (From OE-Core rev: 482493b54d97c455bf4849efed3e543340412d7b) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: let configure find gnutls via pkg-configAndre McCurdy2014-08-151-5/+1
| | | | | | | (From OE-Core rev: 3682d661f3b3a6fa7d9ef37968746cbaf1ede078) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: add zlib PACKAGECONFIG and remove hardcoded DEPENDSAndre McCurdy2014-08-151-12/+9
| | | | | | | | | | | Add a zlib PACKAGECONFIG control and update PACKAGECONFIG[ssl] to include the openssl dependency. Older hardcoded DEPENDS can then be removed. (From OE-Core rev: e668c79de927eff635f29fb5ff001f6b106ccc81) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: add ssl to PACKAGECONFIGJoão Henrique Ferreira de Freitas2014-08-111-2/+2
| | | | | | | | | | | This will allow curl run as nativesdk and fixes the following: fatal: unable to access 'https://...': Protocol https not supported or disabled in libcurl (From OE-Core rev: 76a702f4cde7ca8dd2946633f489386e43b6be26) Signed-off-by: João Henrique Ferreira de Freitas <joaohf@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: remove unused patchMaxin B. John2014-08-061-8203/+0
| | | | | | | | | | Remove unused "remove_inappropriate_file_from_rel.patch" (From OE-Core rev: ad1b9480f2ef5a4450f8b31ef7b3141ee7462b4f) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Upgrade to 7.37.1Saul Wold2014-07-251-2/+2
| | | | | | | (From OE-Core rev: 2cd9141c8a8b9639c95cb68496f0392ba26595dc) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Convert CURLGNUTL to PACKAGECONFIGSaul Wold2014-06-251-11/+7
| | | | | | | | | | | This will allow for easier configuration of curl for SSL vs gnutls [YOCTO #6329] (From OE-Core rev: 6a8144390eb2dee6e1baf7be75cffcacbb247002) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Update to 7.37Saul Wold2014-06-252-42/+2
| | | | | | | | | Remove patches that are fixed upstream (From OE-Core rev: d5d169af2b34596deb3997c2bfa7398c447c4fac) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: control ipv6 support based on DISTRO featureAndre McCurdy2014-06-141-0/+6
| | | | | | | | | | | | | | | By default ipv6 is auto detected for native builds but disabled when cross compiling. This commit adds a PACKAGECONFIG option, unconditionally enabled for native and nativesdk builds and controlled by the ipv6 DISTRO feature for target builds. (From OE-Core rev: f8377e96b353f8cf4a5812fa14c1c0405f769096) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: remove inapporpriate file from curl releaseTudor Florea2014-05-152-0/+8204
| | | | | | | | | | | | | This is the adaptation for the a bugfix upstream The inappropriate file src/tool_hugehelp.c presence in the curl 7.36 release interfered with the upstream fix for https://sourceforge.net/p/curl/bugs/1350/ (From OE-Core rev: c5a52f5b5ae7c5528bc59ee7fb69a2f460a89b81) Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: make PACKAGES match with FILES/RRECOMMENDSKoen Kooi2014-05-131-1/+1
| | | | | | | | | Mostly cosmetic, but entries in PACKAGES should be specified the exact same way as FILES/RRECOMMENDS entries to avoid problems. (From OE-Core rev: 4d2a7f47a9830788455afe00a7c6a857cebbcb81) Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Backport a fix for a build issueTudor Florea2014-05-032-0/+39
| | | | | | | | | | | | | mkhelp: generate code for --disable-manual as well This allows configure --disable-manual to run and build without having to regenerate the src/tool_hugehelp.c file which otherwise is necessary since we ship tarballs with that file present. (From OE-Core rev: 544a96255203a6779d1f0022d003c6680f330511) Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.36.0Cristiana Voicu2014-04-231-2/+2
| | | | | | | (From OE-Core rev: a4b5173dcba0384589debceebf90e98a2cbadd63) Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.35.0Cristiana Voicu2014-02-251-2/+2
| | | | | | | (From OE-Core rev: 5223646626693a5783919a600fb080a4c6dff06d) Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: fix https certificate problemsKoen Kooi2014-02-111-5/+3
| | | | | | | | | | | | | point CA bundle to /etc/ssl/certs/ca-certificates.crt instead of using the buildhost location, Configure would look at the buildhost and hardcode the bundle location for there into the target. This leads to non-working https support. Also remove the empty and now useless curl-certs packages since it's empty and no ALLOW_EMPTY has been set. Apart from making https work again with curl cmdline this also fixes libcurl which means git can fetch https repos as well instead of erroring out. (From OE-Core rev: 2325c1ee13bc3a8474238e8a6c20b6a3c671bf07) Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl:Fix multilib header conflict - curl/curlbuild.hBaogen Shang2014-02-021-1/+5
| | | | | | | | | | curl/curlbuild.h conflicts between 32-bit and 64-bit versions. (From OE-Core rev: 8b2e163338331fde05e47a4843f6bd1c9b4f9333) Signed-off-by: Baogen Shang <baogen.shang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.34.0Cristiana Voicu2014-01-061-2/+2
| | | | | | | | (From OE-Core rev: 6c91bbe8d7c03c9f67715c7648d9a83781fcfad3) Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Replace one-line DESCRIPTION with SUMMARYPaul Eggleton2014-01-021-1/+1
| | | | | | | | | | | | | | A lot of our recipes had short one-line DESCRIPTION values and no SUMMARY value set. In this case it's much better to just set SUMMARY since DESCRIPTION is defaulted from SUMMARY anyway and then the SUMMARY is at least useful. I also took the opportunity to fix up a lot of the new SUMMARY values, making them concisely explain the function of the recipe / package where possible. (From OE-Core rev: b8feee3cf21f70ba4ec3b822d2f596d4fc02a292) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.33.0Cristiana Voicu2013-10-301-2/+2
| | | | | | | | (From OE-Core rev: 5b7ae85d1de82de0e78f7aaec01c5510445ceb21) Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-22 20:58:42 +0000