From 3fc5d271f554e07c88b1195812e48a0d86291395 Mon Sep 17 00:00:00 2001 From: Sona Sarmadi Date: Fri, 21 Apr 2017 12:29:17 +0200 Subject: curl: Upgrade 7.47.1 -> 7.53.1 Security vulnerabilities fixed between 7.47.1 and 7.53.1 versions: ================================================================= TLS session resumption client cert bypass (again): CVE-2017-XXXX --write-out out of buffer read: CVE-2017-7407 SSL_VERIFYSTATUS ignored: CVE-2017-2629 uninitialized random: CVE-2016-9594 printf floating point buffer overflow: CVE-2016-9586 Win CE schannel cert wildcard matches too much: CVE-2016-9952 Win CE schannel cert name out of buffer read: CVE-2016-9953 cookie injection for other servers: CVE-2016-8615 case insensitive password comparison: CVE-2016-8616 OOB write via unchecked multiplication: CVE-2016-8617 double-free in curl_maprintf: CVE-2016-8618 double-free in krb5 code: CVE-2016-8619 glob parser write/read out of bounds: CVE-2016-8620 curl_getdate read out of bounds: CVE-2016-8621 URL unescape heap overflow via integer truncation: CVE-2016-8622 Use-after-free via shared cookies: CVE-2016-8623 invalid URL parsing with '#': CVE-2016-8624 IDNA 2003 makes curl use wrong host: CVE-2016-8625 curl escape and unescape integer overflows: CVE-2016-7167 Incorrect reuse of client certificates: CVE-2016-7141 TLS session resumption client cert bypass: CVE-2016-5419 Re-using connections with wrong client cert: CVE-2016-5420 use of connection struct after free: CVE-2016-5421 Windows DLL hijacking: CVE-2016-4802 TLS certificate check bypass with mbedTLS/PolarSSL: CVE-2016-3739 Reference: https://curl.haxx.se/docs/security.html https://curl.haxx.se/changes.html Signed-off-by: Sona Sarmadi Signed-off-by: Adrian Dudau --- meta/recipes-support/curl/curl/CVE-2016-5419.patch | 76 --- meta/recipes-support/curl/curl/CVE-2016-5420.patch | 31 -- meta/recipes-support/curl/curl/CVE-2016-5421.patch | 36 -- meta/recipes-support/curl/curl/CVE-2016-7141.patch | 50 -- meta/recipes-support/curl/curl/CVE-2016-8615.patch | 77 --- meta/recipes-support/curl/curl/CVE-2016-8616.patch | 49 -- meta/recipes-support/curl/curl/CVE-2016-8617.patch | 28 - meta/recipes-support/curl/curl/CVE-2016-8618.patch | 52 -- meta/recipes-support/curl/curl/CVE-2016-8619.patch | 52 -- meta/recipes-support/curl/curl/CVE-2016-8620.patch | 44 -- meta/recipes-support/curl/curl/CVE-2016-8621.patch | 120 ---- meta/recipes-support/curl/curl/CVE-2016-8622.patch | 94 ---- meta/recipes-support/curl/curl/CVE-2016-8623.patch | 209 ------- meta/recipes-support/curl/curl/CVE-2016-8624.patch | 51 -- meta/recipes-support/curl/curl/CVE-2016-8625.patch | 615 --------------------- .../url-remove-unconditional-idn2.h-include.patch | 29 - meta/recipes-support/curl/curl_7.47.1.bb | 85 --- meta/recipes-support/curl/curl_7.53.1.bb | 68 +++ 18 files changed, 68 insertions(+), 1698 deletions(-) delete mode 100644 meta/recipes-support/curl/curl/CVE-2016-5419.patch delete mode 100644 meta/recipes-support/curl/curl/CVE-2016-5420.patch delete mode 100644 meta/recipes-support/curl/curl/CVE-2016-5421.patch delete mode 100644 meta/recipes-support/curl/curl/CVE-2016-7141.patch delete mode 100644 meta/recipes-support/curl/curl/CVE-2016-8615.patch delete mode 100644 meta/recipes-support/curl/curl/CVE-2016-8616.patch delete mode 100644 meta/recipes-support/curl/curl/CVE-2016-8617.patch delete mode 100644 meta/recipes-support/curl/curl/CVE-2016-8618.patch delete mode 100644 meta/recipes-support/curl/curl/CVE-2016-8619.patch delete mode 100644 meta/recipes-support/curl/curl/CVE-2016-8620.patch delete mode 100644 meta/recipes-support/curl/curl/CVE-2016-8621.patch delete mode 100644 meta/recipes-support/curl/curl/CVE-2016-8622.patch delete mode 100644 meta/recipes-support/curl/curl/CVE-2016-8623.patch delete mode 100644 meta/recipes-support/curl/curl/CVE-2016-8624.patch delete mode 100755 meta/recipes-support/curl/curl/CVE-2016-8625.patch delete mode 100644 meta/recipes-support/curl/curl/url-remove-unconditional-idn2.h-include.patch delete mode 100644 meta/recipes-support/curl/curl_7.47.1.bb create mode 100644 meta/recipes-support/curl/curl_7.53.1.bb diff --git a/meta/recipes-support/curl/curl/CVE-2016-5419.patch b/meta/recipes-support/curl/curl/CVE-2016-5419.patch deleted file mode 100644 index 2bea362c87..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2016-5419.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 247d890da88f9ee817079e246c59f3d7d12fde5f Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Fri, 1 Jul 2016 13:32:31 +0200 -Subject: [PATCH] TLS: switch off SSL session id when client cert is used - - -Bug: https://curl.haxx.se/docs/adv_20160803A.html -Reported-by: Bru Rom -Contributions-by: Eric Rescorla and Ray Satiro - -Upstream-Status: Backport -https://curl.haxx.se/CVE-2016-5419.patch - -CVE: CVE-2016-5419 -Signed-off-by: Maxin B. John ---- - lib/url.c | 1 + - lib/urldata.h | 1 + - lib/vtls/vtls.c | 10 ++++++++++ - 3 files changed, 12 insertions(+) - -diff --git a/lib/url.c b/lib/url.c -index 258a286..e547e5c 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -6123,6 +6123,7 @@ static CURLcode create_conn(struct Curl_easy *data, - data->set.ssl.random_file = data->set.str[STRING_SSL_RANDOM_FILE]; - data->set.ssl.egdsocket = data->set.str[STRING_SSL_EGDSOCKET]; - data->set.ssl.cipher_list = data->set.str[STRING_SSL_CIPHER_LIST]; -+ data->set.ssl.clientcert = data->set.str[STRING_CERT]; - #ifdef USE_TLS_SRP - data->set.ssl.username = data->set.str[STRING_TLSAUTH_USERNAME]; - data->set.ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD]; -diff --git a/lib/urldata.h b/lib/urldata.h -index 611c5a7..3cf7ed9 100644 ---- a/lib/urldata.h -+++ b/lib/urldata.h -@@ -351,6 +351,7 @@ struct ssl_config_data { - char *CAfile; /* certificate to verify peer against */ - const char *CRLfile; /* CRL to check certificate revocation */ - const char *issuercert;/* optional issuer certificate filename */ -+ char *clientcert; - char *random_file; /* path to file containing "random" data */ - char *egdsocket; /* path to file containing the EGD daemon socket */ - char *cipher_list; /* list of ciphers to use */ -diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c -index d3e41cd..33e209d 100644 ---- a/lib/vtls/vtls.c -+++ b/lib/vtls/vtls.c -@@ -156,6 +156,15 @@ Curl_clone_ssl_config(struct ssl_config_data *source, - else - dest->random_file = NULL; - -+ if(source->clientcert) { -+ dest->clientcert = strdup(source->clientcert); -+ if(!dest->clientcert) -+ return FALSE; -+ dest->sessionid = FALSE; -+ } -+ else -+ dest->clientcert = NULL; -+ - return TRUE; - } - -@@ -166,6 +175,7 @@ void Curl_free_ssl_config(struct ssl_config_data* sslc) - Curl_safefree(sslc->cipher_list); - Curl_safefree(sslc->egdsocket); - Curl_safefree(sslc->random_file); -+ Curl_safefree(sslc->clientcert); - } - - --- -2.4.0 - diff --git a/meta/recipes-support/curl/curl/CVE-2016-5420.patch b/meta/recipes-support/curl/curl/CVE-2016-5420.patch deleted file mode 100644 index 6bfacd7c9d..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2016-5420.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 11ec5ad4352bba384404c56e77c7fab9382fd22d Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Sun, 31 Jul 2016 00:51:48 +0200 -Subject: [PATCH] TLS: only reuse connections with the same client cert - -Bug: https://curl.haxx.se/docs/adv_20160803B.html - -Upstream-Status: Backport -https://curl.haxx.se/CVE-2016-5420.patch - -CVE: CVE-2016-5420 -Signed-off-by: Maxin B. John ---- - lib/vtls/vtls.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c -index 33e209d..3863777 100644 ---- a/lib/vtls/vtls.c -+++ b/lib/vtls/vtls.c -@@ -99,6 +99,7 @@ Curl_ssl_config_matches(struct ssl_config_data* data, - (data->verifyhost == needle->verifyhost) && - safe_strequal(data->CApath, needle->CApath) && - safe_strequal(data->CAfile, needle->CAfile) && -+ safe_strequal(data->clientcert, needle->clientcert) && - safe_strequal(data->random_file, needle->random_file) && - safe_strequal(data->egdsocket, needle->egdsocket) && - safe_strequal(data->cipher_list, needle->cipher_list)) --- -2.4.0 - diff --git a/meta/recipes-support/curl/curl/CVE-2016-5421.patch b/meta/recipes-support/curl/curl/CVE-2016-5421.patch deleted file mode 100644 index 862da757db..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2016-5421.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 75dc096e01ef1e21b6c57690d99371dedb2c0b80 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Sun, 31 Jul 2016 01:09:04 +0200 -Subject: [PATCH] curl_multi_cleanup: clear connection pointer for easy handles -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Bug: https://curl.haxx.se/docs/adv_20160803C.html -Reported-by: Marcelo Echeverria and Fernando Muñoz - -Upstream-Status: Backport -https://curl.haxx.se/CVE-2016-5421.patch - -CVE: CVE-2016-5421 -Signed-off-by: Maxin B. John ---- - lib/multi.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/lib/multi.c b/lib/multi.c -index 9ee3523..8bb9366 100644 ---- a/lib/multi.c -+++ b/lib/multi.c -@@ -2157,6 +2157,8 @@ static void close_all_connections(struct Curl_multi *multi) - conn->data = multi->closure_handle; - - sigpipe_ignore(conn->data, &pipe_st); -+ conn->data->easy_conn = NULL; /* clear the easy handle's connection -+ pointer */ - /* This will remove the connection from the cache */ - (void)Curl_disconnect(conn, FALSE); - sigpipe_restore(&pipe_st); --- -2.4.0 - diff --git a/meta/recipes-support/curl/curl/CVE-2016-7141.patch b/meta/recipes-support/curl/curl/CVE-2016-7141.patch deleted file mode 100644 index eb03afddf8..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2016-7141.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 7700fcba64bf5806de28f6c1c7da3b4f0b38567d Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Mon, 22 Aug 2016 10:24:35 +0200 -Subject: [PATCH] nss: refuse previously loaded certificate from file - -... when we are not asked to use a certificate from file - -Bug: https://curl.haxx.se/docs/adv_20160907.html -Reported-by: kdudka@redhat.com - -Upstream-Status: Backport -https://curl.haxx.se/CVE-2016-5421.patch - -CVE: CVE-2016-7141 -Signed-off-by: Sona Sarmadi ---- - lib/vtls/nss.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c -index 20c4277..cfb2263 100644 ---- a/lib/vtls/nss.c -+++ b/lib/vtls/nss.c -@@ -1002,10 +1002,10 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock, - struct ssl_connect_data *connssl = (struct ssl_connect_data *)arg; - struct Curl_easy *data = connssl->data; - const char *nickname = connssl->client_nickname; -+ static const char pem_slotname[] = "PEM Token #1"; - - if(connssl->obj_clicert) { - /* use the cert/key provided by PEM reader */ -- static const char pem_slotname[] = "PEM Token #1"; - SECItem cert_der = { 0, NULL, 0 }; - void *proto_win = SSL_RevealPinArg(sock); - struct CERTCertificateStr *cert; -@@ -1067,6 +1067,12 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock, - if(NULL == nickname) - nickname = "[unknown]"; - -+ if(!strncmp(nickname, pem_slotname, sizeof(pem_slotname) - 1U)) { -+ failf(data, "NSS: refusing previously loaded certificate from file: %s", -+ nickname); -+ return SECFailure; -+ } -+ - if(NULL == *pRetKey) { - failf(data, "NSS: private key not found for certificate: %s", nickname); - return SECFailure; --- -2.7.4 diff --git a/meta/recipes-support/curl/curl/CVE-2016-8615.patch b/meta/recipes-support/curl/curl/CVE-2016-8615.patch deleted file mode 100644 index 5faa423a2a..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2016-8615.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 1620f552a277ed5b23a48b9c27dbf07663cac068 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Tue, 27 Sep 2016 17:36:19 +0200 -Subject: [PATCH] cookie: replace use of fgets() with custom version - -... that will ignore lines that are too long to fit in the buffer. - -CVE: CVE-2016-8615 -Upstream-Status: Backport - -Bug: https://curl.haxx.se/docs/adv_20161102A.html -Reported-by: Cure53 -Signed-off-by: Sona Sarmadi ---- - lib/cookie.c | 31 ++++++++++++++++++++++++++++++- - 1 file changed, 30 insertions(+), 1 deletion(-) - -diff --git a/lib/cookie.c b/lib/cookie.c -index 0f05da2..e5097d3 100644 ---- a/lib/cookie.c -+++ b/lib/cookie.c -@@ -901,10 +901,39 @@ Curl_cookie_add(struct Curl_easy *data, - } - - return co; - } - -+/* -+ * get_line() makes sure to only return complete whole lines that fit in 'len' -+ * bytes and end with a newline. -+ */ -+static char *get_line(char *buf, int len, FILE *input) -+{ -+ bool partial = FALSE; -+ while(1) { -+ char *b = fgets(buf, len, input); -+ if(b) { -+ size_t rlen = strlen(b); -+ if(rlen && (b[rlen-1] == '\n')) { -+ if(partial) { -+ partial = FALSE; -+ continue; -+ } -+ return b; -+ } -+ else -+ /* read a partial, discard the next piece that ends with newline */ -+ partial = TRUE; -+ } -+ else -+ break; -+ } -+ return NULL; -+} -+ -+ - /***************************************************************************** - * - * Curl_cookie_init() - * - * Inits a cookie struct to read data from a local file. This is always -@@ -957,11 +986,11 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data, - bool headerline; - - line = malloc(MAX_COOKIE_LINE); - if(!line) - goto fail; -- while(fgets(line, MAX_COOKIE_LINE, fp)) { -+ while(get_line(line, MAX_COOKIE_LINE, fp)) { - if(checkprefix("Set-Cookie:", line)) { - /* This is a cookie line, get it! */ - lineptr=&line[11]; - headerline=TRUE; - } --- -2.9.3 - diff --git a/meta/recipes-support/curl/curl/CVE-2016-8616.patch b/meta/recipes-support/curl/curl/CVE-2016-8616.patch deleted file mode 100644 index d5d78fc73f..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2016-8616.patch +++ /dev/null @@ -1,49 +0,0 @@ -From b3ee26c5df75d97f6895e6ec4538894ebaf76e48 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Tue, 27 Sep 2016 18:01:53 +0200 -Subject: [PATCH] connectionexists: use case sensitive user/password - comparisons - -CVE: CVE-2016-8616 -Upstream-Status: Backport - -Bug: https://curl.haxx.se/docs/adv_20161102B.html -Reported-by: Cure53 -Signed-off-by: Sona Sarmadi - -diff -ruN a/lib/url.c b/lib/url.c ---- a/lib/url.c 2016-11-07 08:50:23.030126833 +0100 -+++ b/lib/url.c 2016-11-07 09:16:20.459836564 +0100 -@@ -3305,8 +3305,8 @@ - if(!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) { - /* This protocol requires credentials per connection, - so verify that we're using the same name and password as well */ -- if(!strequal(needle->user, check->user) || -- !strequal(needle->passwd, check->passwd)) { -+ if(strcmp(needle->user, check->user) || -+ strcmp(needle->passwd, check->passwd)) { - /* one of them was different */ - continue; - } -@@ -3369,8 +3369,8 @@ - possible. (Especially we must not reuse the same connection if - partway through a handshake!) */ - if(wantNTLMhttp) { -- if(!strequal(needle->user, check->user) || -- !strequal(needle->passwd, check->passwd)) -+ if(strcmp(needle->user, check->user) || -+ strcmp(needle->passwd, check->passwd)) - continue; - } - else if(check->ntlm.state != NTLMSTATE_NONE) { -@@ -3380,8 +3380,8 @@ - - /* Same for Proxy NTLM authentication */ - if(wantProxyNTLMhttp) { -- if(!strequal(needle->proxyuser, check->proxyuser) || -- !strequal(needle->proxypasswd, check->proxypasswd)) -+ if(strcmp(needle->proxyuser, check->proxyuser) || -+ strcmp(needle->proxypasswd, check->proxypasswd)) - continue; - } - else if(check->proxyntlm.state != NTLMSTATE_NONE) { diff --git a/meta/recipes-support/curl/curl/CVE-2016-8617.patch b/meta/recipes-support/curl/curl/CVE-2016-8617.patch deleted file mode 100644 index d16c2f5a63..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2016-8617.patch +++ /dev/null @@ -1,28 +0,0 @@ -From efd24d57426bd77c9b5860e6b297904703750412 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Wed, 28 Sep 2016 00:05:12 +0200 -Subject: [PATCH] base64: check for integer overflow on large input - -CVE: CVE-2016-8617 -Upstream-Status: Backport - -Bug: https://curl.haxx.se/docs/adv_20161102C.html -Reported-by: Cure53 - -Signed-off-by: Sona Sarmadi ---- -diff -ruN a/lib/base64.c b/lib/base64.c ---- a/lib/base64.c 2016-02-03 00:02:43.000000000 +0100 -+++ b/lib/base64.c 2016-11-07 09:22:07.918167530 +0100 -@@ -190,6 +190,11 @@ - if(0 == insize) - insize = strlen(indata); - -+#if SIZEOF_SIZE_T == 4 -+ if(insize > UINT_MAX/4) -+ return CURLE_OUT_OF_MEMORY; -+#endif -+ - base64data = output = malloc(insize*4/3+4); - if(NULL == output) - return CURLE_OUT_OF_MEMORY; diff --git a/meta/recipes-support/curl/curl/CVE-2016-8618.patch b/meta/recipes-support/curl/curl/CVE-2016-8618.patch deleted file mode 100644 index 2fd4749586..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2016-8618.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 31106a073882656a2a5ab56c4ce2847e9a334c3c Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Wed, 28 Sep 2016 10:15:34 +0200 -Subject: [PATCH] aprintf: detect wrap-around when growing allocation - -On 32bit systems we could otherwise wrap around after 2GB and allocate 0 -bytes and crash. - -CVE: CVE-2016-8618 -Upstream-Status: Backport - -Bug: https://curl.haxx.se/docs/adv_20161102D.html -Reported-by: Cure53 -Signed-off-by: Sona Sarmadi ---- - lib/mprintf.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/lib/mprintf.c b/lib/mprintf.c -index dbedeaa..2c88aa8 100644 ---- a/lib/mprintf.c -+++ b/lib/mprintf.c -@@ -1034,20 +1034,23 @@ static int alloc_addbyter(int output, FILE *data) - } - infop->alloc = 32; - infop->len =0; - } - else if(infop->len+1 >= infop->alloc) { -- char *newptr; -+ char *newptr = NULL; -+ size_t newsize = infop->alloc*2; - -- newptr = realloc(infop->buffer, infop->alloc*2); -+ /* detect wrap-around or other overflow problems */ -+ if(newsize > infop->alloc) -+ newptr = realloc(infop->buffer, newsize); - - if(!newptr) { - infop->fail = 1; - return -1; /* fail */ - } - infop->buffer = newptr; -- infop->alloc *= 2; -+ infop->alloc = newsize; - } - - infop->buffer[ infop->len ] = outc; - - infop->len++; --- -2.9.3 - diff --git a/meta/recipes-support/curl/curl/CVE-2016-8619.patch b/meta/recipes-support/curl/curl/CVE-2016-8619.patch deleted file mode 100644 index fb21cf6b89..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2016-8619.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 91239f7040b1f026d4d15765e7e3f58e92e93761 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Wed, 28 Sep 2016 12:56:02 +0200 -Subject: [PATCH] krb5: avoid realloc(0) - -If the requested size is zero, bail out with error instead of doing a -realloc() that would cause a double-free: realloc(0) acts as a free() -and then there's a second free in the cleanup path. - -CVE: CVE-2016-8619 -Upstream-Status: Backport - -Bug: https://curl.haxx.se/docs/adv_20161102E.html -Reported-by: Cure53 -Signed-off-by: Sona Sarmadi ---- - lib/security.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/lib/security.c b/lib/security.c -index a268d4a..4cef8f8 100644 ---- a/lib/security.c -+++ b/lib/security.c -@@ -190,19 +190,22 @@ socket_write(struct connectdata *conn, curl_socket_t fd, const void *to, - static CURLcode read_data(struct connectdata *conn, - curl_socket_t fd, - struct krb5buffer *buf) - { - int len; -- void* tmp; -+ void *tmp = NULL; - CURLcode result; - - result = socket_read(fd, &len, sizeof(len)); - if(result) - return result; - -- len = ntohl(len); -- tmp = realloc(buf->data, len); -+ if(len) { -+ /* only realloc if there was a length */ -+ len = ntohl(len); -+ tmp = realloc(buf->data, len); -+ } - if(tmp == NULL) - return CURLE_OUT_OF_MEMORY; - - buf->data = tmp; - result = socket_read(fd, buf->data, len); --- -2.9.3 - diff --git a/meta/recipes-support/curl/curl/CVE-2016-8620.patch b/meta/recipes-support/curl/curl/CVE-2016-8620.patch deleted file mode 100644 index 613ace30b8..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2016-8620.patch +++ /dev/null @@ -1,44 +0,0 @@ -From fbb5f1aa0326d485d5a7ac643b48481897ca667f Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Mon, 3 Oct 2016 17:27:16 +0200 -Subject: [PATCH] range: prevent negative end number in a glob range - -CVE: CVE-2016-8620 - -Upstream-Status: Backport - -Bug: https://curl.haxx.se/docs/adv_20161102F.html -Reported-by: Luật Nguyễn -Signed-off-by: Sona Sarmadi ---- - src/tool_urlglob.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c -index a357b8b..64c75ba 100644 ---- a/src/tool_urlglob.c -+++ b/src/tool_urlglob.c -@@ -257,6 +257,12 @@ static CURLcode glob_range(URLGlob *glob, char **patternp, - endp = NULL; - else { - pattern = endp+1; -+ while(*pattern && ISBLANK(*pattern)) -+ pattern++; -+ if(!ISDIGIT(*pattern)) { -+ endp = NULL; -+ goto fail; -+ } - errno = 0; - max_n = strtoul(pattern, &endp, 10); - if(errno || (*endp == ':')) { -@@ -277,6 +283,7 @@ static CURLcode glob_range(URLGlob *glob, char **patternp, - } - } - -+ fail: - *posp += (pattern - *patternp); - - if(!endp || (min_n > max_n) || (step_n > (max_n - min_n)) || !step_n) --- -1.9.1 - diff --git a/meta/recipes-support/curl/curl/CVE-2016-8621.patch b/meta/recipes-support/curl/curl/CVE-2016-8621.patch deleted file mode 100644 index 7345838af7..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2016-8621.patch +++ /dev/null @@ -1,120 +0,0 @@ -From 8a6d9ded5f02f0294ae63a007e26087316c1998e Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Tue, 4 Oct 2016 16:59:38 +0200 -Subject: [PATCH] parsedate: handle cut off numbers better - -... and don't read outside of the given buffer! - -CVE: CVE-2016-8621 -Upstream-Status: Backport - -bug: https://curl.haxx.se/docs/adv_20161102G.html -Reported-by: Luật Nguyễn -Signed-off-by: Sona Sarmadi ---- - lib/parsedate.c | 12 +++++++----- - tests/data/test517 | 6 ++++++ - tests/libtest/lib517.c | 8 +++++++- - 3 files changed, 20 insertions(+), 6 deletions(-) - -diff --git a/lib/parsedate.c b/lib/parsedate.c -index dfcf855..8e932f4 100644 ---- a/lib/parsedate.c -+++ b/lib/parsedate.c -@@ -3,11 +3,11 @@ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. -+ * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.haxx.se/docs/copyright.html. - * -@@ -384,19 +384,21 @@ static int parsedate(const char *date, time_t *output) - } - else if(ISDIGIT(*date)) { - /* a digit */ - int val; - char *end; -+ int len=0; - if((secnum == -1) && -- (3 == sscanf(date, "%02d:%02d:%02d", &hournum, &minnum, &secnum))) { -+ (3 == sscanf(date, "%02d:%02d:%02d%n", -+ &hournum, &minnum, &secnum, &len))) { - /* time stamp! */ -- date += 8; -+ date += len; - } - else if((secnum == -1) && -- (2 == sscanf(date, "%02d:%02d", &hournum, &minnum))) { -+ (2 == sscanf(date, "%02d:%02d%n", &hournum, &minnum, &len))) { - /* time stamp without seconds */ -- date += 5; -+ date += len; - secnum = 0; - } - else { - long lval; - int error; -diff --git a/tests/data/test517 b/tests/data/test517 -index c81a45e..513634f 100644 ---- a/tests/data/test517 -+++ b/tests/data/test517 -@@ -114,10 +114,16 @@ nothing - 79: 20110632 12:34:56 => -1 - 80: 20110623 56:34:56 => -1 - 81: 20111323 12:34:56 => -1 - 82: 20110623 12:34:79 => -1 - 83: Wed, 31 Dec 2008 23:59:60 GMT => 1230768000 -+84: 20110623 12:3 => 1308830580 -+85: 20110623 1:3 => 1308790980 -+86: 20110623 1:30 => 1308792600 -+87: 20110623 12:12:3 => 1308831123 -+88: 20110623 01:12:3 => 1308791523 -+89: 20110623 01:99:30 => -1 - - - # This test case previously tested an overflow case ("2094 Nov 6 => - # 2147483647") for 32bit time_t, but since some systems have 64bit time_t and - # handles this (returning 3939840000), and some 64bit-time_t systems don't -diff --git a/tests/libtest/lib517.c b/tests/libtest/lib517.c -index 2f68ebd..22162ff 100644 ---- a/tests/libtest/lib517.c -+++ b/tests/libtest/lib517.c -@@ -3,11 +3,11 @@ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2011, Daniel Stenberg, , et al. -+ * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.haxx.se/docs/copyright.html. - * -@@ -114,10 +114,16 @@ static const char * const dates[]={ - "20110632 12:34:56", - "20110623 56:34:56", - "20111323 12:34:56", - "20110623 12:34:79", - "Wed, 31 Dec 2008 23:59:60 GMT", /* leap second */ -+ "20110623 12:3", -+ "20110623 1:3", -+ "20110623 1:30", -+ "20110623 12:12:3", -+ "20110623 01:12:3", -+ "20110623 01:99:30", - NULL - }; - - int test(char *URL) - { --- -2.9.3 - diff --git a/meta/recipes-support/curl/curl/CVE-2016-8622.patch b/meta/recipes-support/curl/curl/CVE-2016-8622.patch deleted file mode 100644 index 8edad0184e..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2016-8622.patch +++ /dev/null @@ -1,94 +0,0 @@ -From 53e71e47d6b81650d26ec33a58d0dca24c7ffb2c Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Tue, 4 Oct 2016 18:56:45 +0200 -Subject: [PATCH] unescape: avoid integer overflow - -CVE: CVE-2016-8622 -Upstream-Status: Backport - -Bug: https://curl.haxx.se/docs/adv_20161102H.html -Reported-by: Cure53 - -Signed-off-by: Sona Sarmadi - -diff -ruN a/docs/libcurl/curl_easy_unescape.3 b/docs/libcurl/curl_easy_unescape.3 ---- a/docs/libcurl/curl_easy_unescape.3 2016-02-03 00:08:02.000000000 +0100 -+++ b/docs/libcurl/curl_easy_unescape.3 2016-11-07 09:25:45.999933275 +0100 -@@ -5,7 +5,7 @@ - .\" * | (__| |_| | _ <| |___ - .\" * \___|\___/|_| \_\_____| - .\" * --.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. -+.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. - .\" * - .\" * This software is licensed as described in the file COPYING, which - .\" * you should have received as part of this distribution. The terms -@@ -40,7 +40,10 @@ - - If \fBoutlength\fP is non-NULL, the function will write the length of the - returned string in the integer it points to. This allows an escaped string --containing %00 to still get used properly after unescaping. -+containing %00 to still get used properly after unescaping. Since this is a -+pointer to an \fIint\fP type, it can only return a value up to INT_MAX so no -+longer string can be unescaped if the string length is returned in this -+parameter. - - You must \fIcurl_free(3)\fP the returned string when you're done with it. - .SH AVAILABILITY -diff -ruN a/lib/dict.c b/lib/dict.c ---- a/lib/dict.c 2016-02-03 00:02:44.000000000 +0100 -+++ b/lib/dict.c 2016-11-07 09:25:45.999933275 +0100 -@@ -5,7 +5,7 @@ - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. -+ * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms -@@ -52,7 +52,7 @@ - #include - #include "transfer.h" - #include "sendf.h" -- -+#include "escape.h" - #include "progress.h" - #include "strequal.h" - #include "dict.h" -@@ -96,12 +96,12 @@ - char *newp; - char *dictp; - char *ptr; -- int len; -+ size_t len; - char ch; - int olen=0; - -- newp = curl_easy_unescape(data, inputbuff, 0, &len); -- if(!newp) -+ CURLcode result = Curl_urldecode(data, inputbuff, 0, &newp, &len, FALSE); -+ if(!newp || result) - return NULL; - - dictp = malloc(((size_t)len)*2 + 1); /* add one for terminating zero */ -diff -ruN a/lib/escape.c b/lib/escape.c ---- a/lib/escape.c 2016-02-05 10:02:03.000000000 +0100 -+++ b/lib/escape.c 2016-11-07 09:29:43.073671606 +0100 -@@ -217,8 +217,14 @@ - FALSE); - if(res) - return NULL; -- if(olen) -- *olen = curlx_uztosi(outputlen); -+ -+ if(olen) { -+ if(outputlen <= (size_t) INT_MAX) -+ *olen = curlx_uztosi(outputlen); -+ else -+ /* too large to return in an int, fail! */ -+ Curl_safefree(str); -+ } - return str; - } - diff --git a/meta/recipes-support/curl/curl/CVE-2016-8623.patch b/meta/recipes-support/curl/curl/CVE-2016-8623.patch deleted file mode 100644 index d9ddef6fa8..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2016-8623.patch +++ /dev/null @@ -1,209 +0,0 @@ -From d9d57fe0da6f25d05570fd583520ecd321ed9c3f Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Tue, 4 Oct 2016 23:26:13 +0200 -Subject: [PATCH] cookies: getlist() now holds deep copies of all cookies - -Previously it only held references to them, which was reckless as the -thread lock was released so the cookies could get modified by other -handles that share the same cookie jar over the share interface. - -CVE: CVE-2016-8623 -Upstream-Status: Backport - -Bug: https://curl.haxx.se/docs/adv_20161102I.html -Reported-by: Cure53 -Signed-off-by: Sona Sarmadi ---- - lib/cookie.c | 61 +++++++++++++++++++++++++++++++++++++++--------------------- - lib/cookie.h | 4 ++-- - lib/http.c | 2 +- - 3 files changed, 43 insertions(+), 24 deletions(-) - -diff --git a/lib/cookie.c b/lib/cookie.c -index 0f05da2..8607ce3 100644 ---- a/lib/cookie.c -+++ b/lib/cookie.c -@@ -1022,10 +1022,44 @@ static int cookie_sort(const void *p1, const void *p2) - - /* sorry, can't be more deterministic */ - return 0; - } - -+#define CLONE(field) \ -+ do { \ -+ if(src->field) { \ -+ dup->field = strdup(src->field); \ -+ if(!dup->field) \ -+ goto fail; \ -+ } \ -+ } while(0) -+ -+static struct Cookie *dup_cookie(struct Cookie *src) -+{ -+ struct Cookie *dup = calloc(sizeof(struct Cookie), 1); -+ if(dup) { -+ CLONE(expirestr); -+ CLONE(domain); -+ CLONE(path); -+ CLONE(spath); -+ CLONE(name); -+ CLONE(value); -+ CLONE(maxage); -+ CLONE(version); -+ dup->expires = src->expires; -+ dup->tailmatch = src->tailmatch; -+ dup->secure = src->secure; -+ dup->livecookie = src->livecookie; -+ dup->httponly = src->httponly; -+ } -+ return dup; -+ -+ fail: -+ freecookie(dup); -+ return NULL; -+} -+ - /***************************************************************************** - * - * Curl_cookie_getlist() - * - * For a given host and path, return a linked list of cookies that the -@@ -1077,15 +1111,12 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, - if(!co->spath || pathmatch(co->spath, path) ) { - - /* and now, we know this is a match and we should create an - entry for the return-linked-list */ - -- newco = malloc(sizeof(struct Cookie)); -+ newco = dup_cookie(co); - if(newco) { -- /* first, copy the whole source cookie: */ -- memcpy(newco, co, sizeof(struct Cookie)); -- - /* then modify our next */ - newco->next = mainco; - - /* point the main to us */ - mainco = newco; -@@ -1093,16 +1124,11 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, - matches++; - } - else { - fail: - /* failure, clear up the allocated chain and return NULL */ -- while(mainco) { -- co = mainco->next; -- free(mainco); -- mainco = co; -- } -- -+ Curl_cookie_freelist(mainco); - return NULL; - } - } - } - } -@@ -1150,11 +1176,11 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c, - * - ****************************************************************************/ - void Curl_cookie_clearall(struct CookieInfo *cookies) - { - if(cookies) { -- Curl_cookie_freelist(cookies->cookies, TRUE); -+ Curl_cookie_freelist(cookies->cookies); - cookies->cookies = NULL; - cookies->numcookies = 0; - } - } - -@@ -1162,25 +1188,18 @@ void Curl_cookie_clearall(struct CookieInfo *cookies) - * - * Curl_cookie_freelist() - * - * Free a list of cookies previously returned by Curl_cookie_getlist(); - * -- * The 'cookiestoo' argument tells this function whether to just free the -- * list or actually also free all cookies within the list as well. -- * - ****************************************************************************/ - --void Curl_cookie_freelist(struct Cookie *co, bool cookiestoo) -+void Curl_cookie_freelist(struct Cookie *co) - { - struct Cookie *next; - while(co) { - next = co->next; -- if(cookiestoo) -- freecookie(co); -- else -- free(co); /* we only free the struct since the "members" are all just -- pointed out in the main cookie list! */ -+ freecookie(co); - co = next; - } - } - - -@@ -1231,11 +1250,11 @@ void Curl_cookie_clearsess(struct CookieInfo *cookies) - ****************************************************************************/ - void Curl_cookie_cleanup(struct CookieInfo *c) - { - if(c) { - free(c->filename); -- Curl_cookie_freelist(c->cookies, TRUE); -+ Curl_cookie_freelist(c->cookies); - free(c); /* free the base struct as well */ - } - } - - /* get_netscape_format() -diff --git a/lib/cookie.h b/lib/cookie.h -index cd7c54a..a9a4578 100644 ---- a/lib/cookie.h -+++ b/lib/cookie.h -@@ -5,11 +5,11 @@ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2011, Daniel Stenberg, , et al. -+ * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.haxx.se/docs/copyright.html. - * -@@ -80,11 +80,11 @@ struct Cookie *Curl_cookie_add(struct Curl_easy *data, - struct CookieInfo *, bool header, char *lineptr, - const char *domain, const char *path); - - struct Cookie *Curl_cookie_getlist(struct CookieInfo *, const char *, - const char *, bool); --void Curl_cookie_freelist(struct Cookie *cookies, bool cookiestoo); -+void Curl_cookie_freelist(struct Cookie *cookies); - void Curl_cookie_clearall(struct CookieInfo *cookies); - void Curl_cookie_clearsess(struct CookieInfo *cookies); - - #if defined(CURL_DISABLE_HTTP) || defined(CURL_DISABLE_COOKIES) - #define Curl_cookie_list(x) NULL -diff --git a/lib/http.c b/lib/http.c -index 65c145a..e6e7d37 100644 ---- a/lib/http.c -+++ b/lib/http.c -@@ -2382,11 +2382,11 @@ CURLcode Curl_http(struct connectdata *conn, bool *done) - break; - count++; - } - co = co->next; /* next cookie please */ - } -- Curl_cookie_freelist(store, FALSE); /* free the cookie list */ -+ Curl_cookie_freelist(store); - } - if(addcookies && !result) { - if(!count) - result = Curl_add_bufferf(req_buffer, "Cookie: "); - if(!result) { --- -2.9.3 - diff --git a/meta/recipes-support/curl/curl/CVE-2016-8624.patch b/meta/recipes-support/curl/curl/CVE-2016-8624.patch deleted file mode 100644 index 009f7d0601..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2016-8624.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 3bb273db7e40ebc284cff45f3ce3f0475c8339c2 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Tue, 11 Oct 2016 00:48:35 +0200 -Subject: [PATCH] urlparse: accept '#' as end of host name - -'http://example.com#@127.0.0.1/x.txt' equals a request to example.com -for the '/' document with the rest of the URL being a fragment. - -CVE: CVE-2016-8624 -Upstream-Status: Backport - -Bug: https://curl.haxx.se/docs/adv_20161102J.html -Reported-by: Fernando Muñoz - -Signed-off-by: Sona Sarmadi - -diff -ruN a/lib/url.c b/lib/url.c ---- a/lib/url.c 2016-11-07 08:50:23.030126833 +0100 -+++ b/lib/url.c 2016-11-07 10:16:13.562089428 +0100 -@@ -4086,7 +4086,7 @@ - path[0]=0; - - if(2 > sscanf(data->change.url, -- "%15[^\n:]://%[^\n/?]%[^\n]", -+ "%15[^\n:]://%[^\n/?#]%[^\n]", - protobuf, - conn->host.name, path)) { - -@@ -4094,7 +4094,7 @@ - * The URL was badly formatted, let's try the browser-style _without_ - * protocol specified like 'http://'. - */ -- rc = sscanf(data->change.url, "%[^\n/?]%[^\n]", conn->host.name, path); -+ rc = sscanf(data->change.url, "%[^\n/?#]%[^\n]", conn->host.name, path); - if(1 > rc) { - /* - * We couldn't even get this format. -@@ -4184,10 +4184,10 @@ - } - - /* If the URL is malformatted (missing a '/' after hostname before path) we -- * insert a slash here. The only letter except '/' we accept to start a path -- * is '?'. -+ * insert a slash here. The only letters except '/' that can start a path is -+ * '?' and '#' - as controlled by the two sscanf() patterns above. - */ -- if(path[0] == '?') { -+ if(path[0] != '/') { - /* We need this function to deal with overlapping memory areas. We know - that the memory area 'path' points to is 'urllen' bytes big and that - is bigger than the path. Use +1 to move the zero byte too. */ diff --git a/meta/recipes-support/curl/curl/CVE-2016-8625.patch b/meta/recipes-support/curl/curl/CVE-2016-8625.patch deleted file mode 100755 index b61827729a..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2016-8625.patch +++ /dev/null @@ -1,615 +0,0 @@ -commit 914aae739463ec72340130ea9ad42e04b02a5338 -Author: Daniel Stenberg -Date: Wed Oct 12 09:01:06 2016 +0200 - -idn: switch to libidn2 use and IDNA2008 support - -CVE: CVE-2016-8625 -Upstream-Status: Backport - -Bug: https://curl.haxx.se/docs/adv_20161102K.html -Reported-by: Christian Heimes - -Conflicts: - CMakeLists.txt - lib/url.c - -Signed-off-by: Martin Borg -Signed-off-by: Sona Sarmadi -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 06f18cf..c3e5c7c 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -440,7 +440,7 @@ if(NOT CURL_DISABLE_LDAPS) - endif() - - # Check for idn --check_library_exists_concat("idn" idna_to_ascii_lz HAVE_LIBIDN) -+check_library_exists_concat("idn2" idn2_lookup_ul HAVE_LIBIDN2) - - # Check for symbol dlopen (same as HAVE_LIBDL) - check_library_exists("${CURL_LIBS}" dlopen "" HAVE_DLOPEN) -@@ -608,7 +608,7 @@ check_include_file_concat("des.h" HAVE_DES_H) - check_include_file_concat("err.h" HAVE_ERR_H) - check_include_file_concat("errno.h" HAVE_ERRNO_H) - check_include_file_concat("fcntl.h" HAVE_FCNTL_H) --check_include_file_concat("idn-free.h" HAVE_IDN_FREE_H) -+check_include_file_concat("idn2.h" HAVE_IDN2_H) - check_include_file_concat("ifaddrs.h" HAVE_IFADDRS_H) - check_include_file_concat("io.h" HAVE_IO_H) - check_include_file_concat("krb.h" HAVE_KRB_H) -@@ -638,7 +638,6 @@ check_include_file_concat("stropts.h" HAVE_STROPTS_H) - check_include_file_concat("termio.h" HAVE_TERMIO_H) - check_include_file_concat("termios.h" HAVE_TERMIOS_H) - check_include_file_concat("time.h" HAVE_TIME_H) --check_include_file_concat("tld.h" HAVE_TLD_H) - check_include_file_concat("unistd.h" HAVE_UNISTD_H) - check_include_file_concat("utime.h" HAVE_UTIME_H) - check_include_file_concat("x509.h" HAVE_X509_H) -@@ -652,9 +651,6 @@ check_include_file_concat("netinet/if_ether.h" HAVE_NETINET_IF_ETHER_H) - check_include_file_concat("stdint.h" HAVE_STDINT_H) - check_include_file_concat("sockio.h" HAVE_SOCKIO_H) - check_include_file_concat("sys/utsname.h" HAVE_SYS_UTSNAME_H) --check_include_file_concat("idna.h" HAVE_IDNA_H) -- -- - - check_type_size(size_t SIZEOF_SIZE_T) - check_type_size(ssize_t SIZEOF_SSIZE_T) -@@ -802,9 +798,6 @@ check_symbol_exists(pipe "${CURL_INCLUDES}" HAVE_PIPE) - check_symbol_exists(ftruncate "${CURL_INCLUDES}" HAVE_FTRUNCATE) - check_symbol_exists(getprotobyname "${CURL_INCLUDES}" HAVE_GETPROTOBYNAME) - check_symbol_exists(getrlimit "${CURL_INCLUDES}" HAVE_GETRLIMIT) --check_symbol_exists(idn_free "${CURL_INCLUDES}" HAVE_IDN_FREE) --check_symbol_exists(idna_strerror "${CURL_INCLUDES}" HAVE_IDNA_STRERROR) --check_symbol_exists(tld_strerror "${CURL_INCLUDES}" HAVE_TLD_STRERROR) - check_symbol_exists(setlocale "${CURL_INCLUDES}" HAVE_SETLOCALE) - check_symbol_exists(setrlimit "${CURL_INCLUDES}" HAVE_SETRLIMIT) - check_symbol_exists(fcntl "${CURL_INCLUDES}" HAVE_FCNTL) -@@ -1067,7 +1060,7 @@ _add_if("IPv6" ENABLE_IPV6) - _add_if("unix-sockets" USE_UNIX_SOCKETS) - _add_if("libz" HAVE_LIBZ) - _add_if("AsynchDNS" USE_ARES OR USE_THREADS_POSIX) --_add_if("IDN" HAVE_LIBIDN) -+_add_if("IDN" HAVE_LIBIDN2) - # TODO SSP1 (WinSSL) check is missing - _add_if("SSPI" USE_WINDOWS_SSPI) - _add_if("GSS-API" HAVE_GSSAPI) -diff --git a/configure.ac b/configure.ac -index 4c9862f..c8e2721 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -157,7 +157,7 @@ curl_tls_srp_msg="no (--enable-tls-srp)" - curl_res_msg="default (--enable-ares / --enable-threaded-resolver)" - curl_ipv6_msg="no (--enable-ipv6)" - curl_unix_sockets_msg="no (--enable-unix-sockets)" -- curl_idn_msg="no (--with-{libidn,winidn})" -+ curl_idn_msg="no (--with-{libidn2,winidn})" - curl_manual_msg="no (--enable-manual)" - curl_libcurl_msg="enabled (--disable-libcurl-option)" - curl_verbose_msg="enabled (--disable-verbose)" -@@ -2825,15 +2825,15 @@ dnl ********************************************************************** - dnl Check for the presence of IDN libraries and headers - dnl ********************************************************************** - --AC_MSG_CHECKING([whether to build with libidn]) -+AC_MSG_CHECKING([whether to build with libidn2]) - OPT_IDN="default" - AC_ARG_WITH(libidn, --AC_HELP_STRING([--with-libidn=PATH],[Enable libidn usage]) --AC_HELP_STRING([--without-libidn],[Disable libidn usage]), -+AC_HELP_STRING([--with-libidn2=PATH],[Enable libidn2 usage]) -+AC_HELP_STRING([--without-libidn2],[Disable libidn2 usage]), - [OPT_IDN=$withval]) - case "$OPT_IDN" in - no) -- dnl --without-libidn option used -+ dnl --without-libidn2 option used - want_idn="no" - AC_MSG_RESULT([no]) - ;; -@@ -2844,13 +2844,13 @@ case "$OPT_IDN" in - AC_MSG_RESULT([(assumed) yes]) - ;; - yes) -- dnl --with-libidn option used without path -+ dnl --with-libidn2 option used without path - want_idn="yes" - want_idn_path="default" - AC_MSG_RESULT([yes]) - ;; - *) -- dnl --with-libidn option used with path -+ dnl --with-libidn2 option used with path - want_idn="yes" - want_idn_path="$withval" - AC_MSG_RESULT([yes ($withval)]) -@@ -2867,33 +2867,33 @@ if test "$want_idn" = "yes"; then - if test "$want_idn_path" != "default"; then - dnl path has been specified - IDN_PCDIR="$want_idn_path/lib$libsuff/pkgconfig" -- CURL_CHECK_PKGCONFIG(libidn, [$IDN_PCDIR]) -+ CURL_CHECK_PKGCONFIG(libidn2, [$IDN_PCDIR]) - if test "$PKGCONFIG" != "no"; then - IDN_LIBS=`CURL_EXPORT_PCDIR([$IDN_PCDIR]) dnl -- $PKGCONFIG --libs-only-l libidn 2>/dev/null` -+ $PKGCONFIG --libs-only-l libidn2 2>/dev/null` - IDN_LDFLAGS=`CURL_EXPORT_PCDIR([$IDN_PCDIR]) dnl -- $PKGCONFIG --libs-only-L libidn 2>/dev/null` -+ $PKGCONFIG --libs-only-L libidn2 2>/dev/null` - IDN_CPPFLAGS=`CURL_EXPORT_PCDIR([$IDN_PCDIR]) dnl -- $PKGCONFIG --cflags-only-I libidn 2>/dev/null` -+ $PKGCONFIG --cflags-only-I libidn2 2>/dev/null` - IDN_DIR=`echo $IDN_LDFLAGS | $SED -e 's/-L//'` - else - dnl pkg-config not available or provides no info -- IDN_LIBS="-lidn" -+ IDN_LIBS="-lidn2" - IDN_LDFLAGS="-L$want_idn_path/lib$libsuff" - IDN_CPPFLAGS="-I$want_idn_path/include" - IDN_DIR="$want_idn_path/lib$libsuff" - fi - else - dnl path not specified -- CURL_CHECK_PKGCONFIG(libidn) -+ CURL_CHECK_PKGCONFIG(libidn2) - if test "$PKGCONFIG" != "no"; then -- IDN_LIBS=`$PKGCONFIG --libs-only-l libidn 2>/dev/null` -- IDN_LDFLAGS=`$PKGCONFIG --libs-only-L libidn 2>/dev/null` -- IDN_CPPFLAGS=`$PKGCONFIG --cflags-only-I libidn 2>/dev/null` -+ IDN_LIBS=`$PKGCONFIG --libs-only-l libidn2 2>/dev/null` -+ IDN_LDFLAGS=`$PKGCONFIG --libs-only-L libidn2 2>/dev/null` -+ IDN_CPPFLAGS=`$PKGCONFIG --cflags-only-I libidn2 2>/dev/null` - IDN_DIR=`echo $IDN_LDFLAGS | $SED -e 's/-L//'` - else - dnl pkg-config not available or provides no info -- IDN_LIBS="-lidn" -+ IDN_LIBS="-lidn2" - fi - fi - # -@@ -2913,9 +2913,9 @@ if test "$want_idn" = "yes"; then - LDFLAGS="$IDN_LDFLAGS $LDFLAGS" - LIBS="$IDN_LIBS $LIBS" - # -- AC_MSG_CHECKING([if idna_to_ascii_4i can be linked]) -+ AC_MSG_CHECKING([if idn2_lookup_ul can be linked]) - AC_LINK_IFELSE([ -- AC_LANG_FUNC_LINK_TRY([idna_to_ascii_4i]) -+ AC_LANG_FUNC_LINK_TRY([idn2_lookup_ul]) - ],[ - AC_MSG_RESULT([yes]) - tst_links_libidn="yes" -@@ -2923,37 +2923,19 @@ if test "$want_idn" = "yes"; then - AC_MSG_RESULT([no]) - tst_links_libidn="no" - ]) -- if test "$tst_links_libidn" = "no"; then -- AC_MSG_CHECKING([if idna_to_ascii_lz can be linked]) -- AC_LINK_IFELSE([ -- AC_LANG_FUNC_LINK_TRY([idna_to_ascii_lz]) -- ],[ -- AC_MSG_RESULT([yes]) -- tst_links_libidn="yes" -- ],[ -- AC_MSG_RESULT([no]) -- tst_links_libidn="no" -- ]) -- fi - # -+ AC_CHECK_HEADERS( idn2.h ) -+ - if test "$tst_links_libidn" = "yes"; then -- AC_DEFINE(HAVE_LIBIDN, 1, [Define to 1 if you have the `idn' library (-lidn).]) -+ AC_DEFINE(HAVE_LIBIDN2, 1, [Define to 1 if you have the `idn2' library (-lidn2).]) - dnl different versions of libidn have different setups of these: -- AC_CHECK_FUNCS( idn_free idna_strerror tld_strerror ) -- AC_CHECK_HEADERS( idn-free.h tld.h ) -- if test "x$ac_cv_header_tld_h" = "xyes"; then -- AC_SUBST([IDN_ENABLED], [1]) -- curl_idn_msg="enabled" -- if test -n "$IDN_DIR" -a "x$cross_compiling" != "xyes"; then -- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$IDN_DIR" -- export LD_LIBRARY_PATH -- AC_MSG_NOTICE([Added $IDN_DIR to LD_LIBRARY_PATH]) -- fi -- else -- AC_MSG_WARN([Libraries for IDN support too old: IDN disabled]) -- CPPFLAGS="$clean_CPPFLAGS" -- LDFLAGS="$clean_LDFLAGS" -- LIBS="$clean_LIBS" -+ -+ AC_SUBST([IDN_ENABLED], [1]) -+ curl_idn_msg="enabled (libidn2)" -+ if test -n "$IDN_DIR" -a "x$cross_compiling" != "xyes"; then -+ LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$IDN_DIR" -+ export LD_LIBRARY_PATH -+ AC_MSG_NOTICE([Added $IDN_DIR to LD_LIBRARY_PATH]) - fi - else - AC_MSG_WARN([Cannot find libraries for IDN support: IDN disabled]) -diff --git a/lib/curl_setup.h b/lib/curl_setup.h -index 33ad129..5fb241b 100644 ---- a/lib/curl_setup.h -+++ b/lib/curl_setup.h -@@ -590,10 +590,9 @@ int netware_init(void); - #endif - #endif - --#if defined(HAVE_LIBIDN) && defined(HAVE_TLD_H) --/* The lib was present and the tld.h header (which is missing in libidn 0.3.X -- but we only work with libidn 0.4.1 or later) */ --#define USE_LIBIDN -+#if defined(HAVE_LIBIDN2) && defined(HAVE_IDN2_H) -+/* The lib and header are present */ -+#define USE_LIBIDN2 - #endif - - #ifndef SIZEOF_TIME_T -diff --git a/lib/easy.c b/lib/easy.c -index d529da8..51d57e3 100644 ---- a/lib/easy.c -+++ b/lib/easy.c -@@ -144,28 +144,6 @@ static CURLcode win32_init(void) - return CURLE_OK; - } - --#ifdef USE_LIBIDN --/* -- * Initialise use of IDNA library. -- * It falls back to ASCII if $CHARSET isn't defined. This doesn't work for -- * idna_to_ascii_lz(). -- */ --static void idna_init (void) --{ --#ifdef WIN32 -- char buf[60]; -- UINT cp = GetACP(); -- -- if(!getenv("CHARSET") && cp > 0) { -- snprintf(buf, sizeof(buf), "CHARSET=cp%u", cp); -- putenv(buf); -- } --#else -- /* to do? */ --#endif --} --#endif /* USE_LIBIDN */ -- - /* true globals -- for curl_global_init() and curl_global_cleanup() */ - static unsigned int initialized; - static long init_flags; -@@ -262,10 +240,6 @@ static CURLcode global_init(long flags, bool memoryfuncs) - } - #endif - --#ifdef USE_LIBIDN -- idna_init(); --#endif -- - if(Curl_resolver_global_init()) { - DEBUGF(fprintf(stderr, "Error: resolver_global_init failed\n")); - return CURLE_FAILED_INIT; -diff --git a/lib/strerror.c b/lib/strerror.c -index d222a1f..bf4faae 100644 ---- a/lib/strerror.c -+++ b/lib/strerror.c -@@ -35,8 +35,8 @@ - - #include - --#ifdef USE_LIBIDN --#include -+#ifdef USE_LIBIDN2 -+#include - #endif - - #ifdef USE_WINDOWS_SSPI -@@ -723,83 +723,6 @@ const char *Curl_strerror(struct connectdata *conn, int err) - return buf; - } - --#ifdef USE_LIBIDN --/* -- * Return error-string for libidn status as returned from idna_to_ascii_lz(). -- */ --const char *Curl_idn_strerror (struct connectdata *conn, int err) --{ --#ifdef HAVE_IDNA_STRERROR -- (void)conn; -- return idna_strerror((Idna_rc) err); --#else -- const char *str; -- char *buf; -- size_t max; -- -- DEBUGASSERT(conn); -- -- buf = conn->syserr_buf; -- max = sizeof(conn->syserr_buf)-1; -- *buf = '\0'; -- --#ifndef CURL_DISABLE_VERBOSE_STRINGS -- switch ((Idna_rc)err) { -- case IDNA_SUCCESS: -- str = "No error"; -- break; -- case IDNA_STRINGPREP_ERROR: -- str = "Error in string preparation"; -- break; -- case IDNA_PUNYCODE_ERROR: -- str = "Error in Punycode operation"; -- break; -- case IDNA_CONTAINS_NON_LDH: -- str = "Illegal ASCII characters"; -- break; -- case IDNA_CONTAINS_MINUS: -- str = "Contains minus"; -- break; -- case IDNA_INVALID_LENGTH: -- str = "Invalid output length"; -- break; -- case IDNA_NO_ACE_PREFIX: -- str = "No ACE prefix (\"xn--\")"; -- break; -- case IDNA_ROUNDTRIP_VERIFY_ERROR: -- str = "Round trip verify error"; -- break; -- case IDNA_CONTAINS_ACE_PREFIX: -- str = "Already have ACE prefix (\"xn--\")"; -- break; -- case IDNA_ICONV_ERROR: -- str = "Locale conversion failed"; -- break; -- case IDNA_MALLOC_ERROR: -- str = "Allocation failed"; -- break; -- case IDNA_DLOPEN_ERROR: -- str = "dlopen() error"; -- break; -- default: -- snprintf(buf, max, "error %d", err); -- str = NULL; -- break; -- } --#else -- if((Idna_rc)err == IDNA_SUCCESS) -- str = "No error"; -- else -- str = "Error"; --#endif -- if(str) -- strncpy(buf, str, max); -- buf[max] = '\0'; -- return (buf); --#endif --} --#endif /* USE_LIBIDN */ -- - #ifdef USE_WINDOWS_SSPI - const char *Curl_sspi_strerror (struct connectdata *conn, int err) - { -diff --git a/lib/strerror.h b/lib/strerror.h -index ae8c96b..627273e 100644 ---- a/lib/strerror.h -+++ b/lib/strerror.h -@@ -7,7 +7,7 @@ - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2012, Daniel Stenberg, , et al. -+ * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms -@@ -26,7 +26,7 @@ - - const char *Curl_strerror (struct connectdata *conn, int err); - --#ifdef USE_LIBIDN -+#ifdef USE_LIBIDN2 - const char *Curl_idn_strerror (struct connectdata *conn, int err); - #endif - -diff --git a/lib/url.c b/lib/url.c -index 8832989..8d52152 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -59,24 +59,15 @@ - #include - #endif - --#ifdef USE_LIBIDN --#include --#include --#include --#ifdef HAVE_IDN_FREE_H --#include --#else --/* prototype from idn-free.h, not provided by libidn 0.4.5's make install! */ --void idn_free (void *ptr); --#endif --#ifndef HAVE_IDN_FREE --/* if idn_free() was not found in this version of libidn use free() instead */ --#define idn_free(x) (free)(x) --#endif -+#ifdef USE_LIBIDN2 -+#include -+ - #elif defined(USE_WIN32_IDN) - /* prototype for curl_win32_idn_to_ascii() */ - int curl_win32_idn_to_ascii(const char *in, char **out); --#endif /* USE_LIBIDN */ -+#endif /* USE_LIBIDN2 */ -+ -+#include - - #include "urldata.h" - #include "netrc.h" -@@ -3693,59 +3684,15 @@ static bool is_ASCII_name(const char *hostname) - return TRUE; - } - --#ifdef USE_LIBIDN --/* -- * Check if characters in hostname is allowed in Top Level Domain. -- */ --static bool tld_check_name(struct SessionHandle *data, -- const char *ace_hostname) --{ -- size_t err_pos; -- char *uc_name = NULL; -- int rc; --#ifndef CURL_DISABLE_VERBOSE_STRINGS -- const char *tld_errmsg = ""; --#else -- (void)data; --#endif -- -- /* Convert (and downcase) ACE-name back into locale's character set */ -- rc = idna_to_unicode_lzlz(ace_hostname, &uc_name, 0); -- if(rc != IDNA_SUCCESS) -- return FALSE; -- -- rc = tld_check_lz(uc_name, &err_pos, NULL); --#ifndef CURL_DISABLE_VERBOSE_STRINGS --#ifdef HAVE_TLD_STRERROR -- if(rc != TLD_SUCCESS) -- tld_errmsg = tld_strerror((Tld_rc)rc); --#endif -- if(rc == TLD_INVALID) -- infof(data, "WARNING: %s; pos %u = `%c'/0x%02X\n", -- tld_errmsg, err_pos, uc_name[err_pos], -- uc_name[err_pos] & 255); -- else if(rc != TLD_SUCCESS) -- infof(data, "WARNING: TLD check for %s failed; %s\n", -- uc_name, tld_errmsg); --#endif /* CURL_DISABLE_VERBOSE_STRINGS */ -- if(uc_name) -- idn_free(uc_name); -- if(rc != TLD_SUCCESS) -- return FALSE; -- -- return TRUE; --} --#endif -- - /* - * Perform any necessary IDN conversion of hostname - */ --static void fix_hostname(struct SessionHandle *data, -- struct connectdata *conn, struct hostname *host) -+static void fix_hostname(struct connectdata *conn, struct hostname *host) - { - size_t len; -+ struct Curl_easy *data = conn->data; - --#ifndef USE_LIBIDN -+#ifndef USE_LIBIDN2 - (void)data; - (void)conn; - #elif defined(CURL_DISABLE_VERBOSE_STRINGS) -@@ -3762,26 +3709,18 @@ static void fix_hostname(struct SessionHandle *data, - host->name[len-1]=0; - - if(!is_ASCII_name(host->name)) { --#ifdef USE_LIBIDN -- /************************************************************* -- * Check name for non-ASCII and convert hostname to ACE form. -- *************************************************************/ -- if(stringprep_check_version(LIBIDN_REQUIRED_VERSION)) { -- char *ace_hostname = NULL; -- int rc = idna_to_ascii_lz(host->name, &ace_hostname, 0); -- infof (data, "Input domain encoded as `%s'\n", -- stringprep_locale_charset ()); -- if(rc != IDNA_SUCCESS) -- infof(data, "Failed to convert %s to ACE; %s\n", -- host->name, Curl_idn_strerror(conn, rc)); -- else { -- /* tld_check_name() displays a warning if the host name contains -- "illegal" characters for this TLD */ -- (void)tld_check_name(data, ace_hostname); -- -- host->encalloc = ace_hostname; -- /* change the name pointer to point to the encoded hostname */ -- host->name = host->encalloc; -+#ifdef USE_LIBIDN2 -+ if(idn2_check_version(IDN2_VERSION)) { -+ char *ace_hostname = NULL; -+ int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, 0); -+ if(rc == IDN2_OK) { -+ host->encalloc = (char *)ace_hostname; -+ /* change the name pointer to point to the encoded hostname */ -+ host->name = host->encalloc; -+ } -+ else -+ infof(data, "Failed to convert %s to ACE; %s\n", host->name, -+ idn2_strerror(rc)); - } - } - #elif defined(USE_WIN32_IDN) -@@ -3809,9 +3748,9 @@ static void fix_hostname(struct SessionHandle *data, - */ - static void free_fixed_hostname(struct hostname *host) - { --#if defined(USE_LIBIDN) -+#if defined(USE_LIBIDN2) - if(host->encalloc) { -- idn_free(host->encalloc); /* must be freed with idn_free() since this was -+ idn2_free(host->encalloc); /* must be freed with idn2_free() since this was - allocated by libidn */ - host->encalloc = NULL; - } -@@ -5707,9 +5646,9 @@ static CURLcode create_conn(struct SessionHandle *data, - /************************************************************* - * IDN-fix the hostnames - *************************************************************/ -- fix_hostname(data, conn, &conn->host); -+ fix_hostname(conn, &conn->host); - if(conn->proxy.name && *conn->proxy.name) -- fix_hostname(data, conn, &conn->proxy); -+ fix_hostname(conn, &conn->proxy); - - /************************************************************* - * Setup internals depending on protocol. Needs to be done after -diff --git a/lib/version.c b/lib/version.c -index 7f14fa5..a5c9811 100644 ---- a/lib/version.c -+++ b/lib/version.c -@@ -36,8 +36,8 @@ - # include - #endif - --#ifdef USE_LIBIDN --#include -+#ifdef USE_LIBIDN2 -+#include - #endif - - #ifdef USE_LIBPSL -@@ -97,9 +97,9 @@ char *curl_version(void) - left -= len; - ptr += len; - #endif --#ifdef USE_LIBIDN -- if(stringprep_check_version(LIBIDN_REQUIRED_VERSION)) { -- len = snprintf(ptr, left, " libidn/%s", stringprep_check_version(NULL)); -+#ifdef USE_LIBIDN2 -+ if(idn2_check_version(IDN2_VERSION)) { -+ len = snprintf(ptr, left, " libidn2/%s", idn2_check_version(NULL)); - left -= len; - ptr += len; - } -@@ -344,10 +344,10 @@ curl_version_info_data *curl_version_info(CURLversion stamp) - version_info.ares_num = aresnum; - } - #endif --#ifdef USE_LIBIDN -+#ifdef USE_LIBIDN2 - /* This returns a version string if we use the given version or later, - otherwise it returns NULL */ -- version_info.libidn = stringprep_check_version(LIBIDN_REQUIRED_VERSION); -+ version_info.libidn = idn2_check_version(IDN2_VERSION); - if(version_info.libidn) - version_info.features |= CURL_VERSION_IDN; - #elif defined(USE_WIN32_IDN) diff --git a/meta/recipes-support/curl/curl/url-remove-unconditional-idn2.h-include.patch b/meta/recipes-support/curl/curl/url-remove-unconditional-idn2.h-include.patch deleted file mode 100644 index 3549101020..0000000000 --- a/meta/recipes-support/curl/curl/url-remove-unconditional-idn2.h-include.patch +++ /dev/null @@ -1,29 +0,0 @@ -From c27013c05d99d92370b57e1a7af1b854eef4e7c1 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Mon, 31 Oct 2016 09:49:50 +0100 -Subject: [PATCH] url: remove unconditional idn2.h include - -Mistake brought by 9c91ec778104a [fix to CVE-2016-8625] -Upstream-Status: Backport - -Signed-off-by: Sona Sarmadi ---- - lib/url.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/lib/url.c b/lib/url.c -index c90a1c5..b997f41 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -67,8 +67,6 @@ - bool curl_win32_idn_to_ascii(const char *in, char **out); - #endif /* USE_LIBIDN2 */ - --#include -- - #include "urldata.h" - #include "netrc.h" - --- -1.9.1 - diff --git a/meta/recipes-support/curl/curl_7.47.1.bb b/meta/recipes-support/curl/curl_7.47.1.bb deleted file mode 100644 index 7fab7cf7e8..0000000000 --- a/meta/recipes-support/curl/curl_7.47.1.bb +++ /dev/null @@ -1,85 +0,0 @@ -SUMMARY = "Command line tool and library for client-side URL transfers" -HOMEPAGE = "http://curl.haxx.se/" -BUGTRACKER = "http://curl.haxx.se/mail/list.cgi?list=curl-tracker" -SECTION = "console/network" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://COPYING;beginline=8;md5=3a34942f4ae3fbf1a303160714e664ac" - -SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2" - -# curl likes to set -g0 in CFLAGS, so we stop it -# from mucking around with debug options -# -SRC_URI += " file://configure_ac.patch \ - file://CVE-2016-5419.patch \ - file://CVE-2016-5420.patch \ - file://CVE-2016-5421.patch \ - file://CVE-2016-7141.patch \ - file://CVE-2016-8615.patch \ - file://CVE-2016-8616.patch \ - file://CVE-2016-8617.patch \ - file://CVE-2016-8618.patch \ - file://CVE-2016-8619.patch \ - file://CVE-2016-8620.patch \ - file://CVE-2016-8621.patch \ - file://CVE-2016-8622.patch \ - file://CVE-2016-8623.patch \ - file://CVE-2016-8624.patch \ - file://CVE-2016-8625.patch \ - file://url-remove-unconditional-idn2.h-include.patch \ - " - -SRC_URI[md5sum] = "9ea3123449439bbd960cd25cf98796fb" -SRC_URI[sha256sum] = "ddc643ab9382e24bbe4747d43df189a0a6ce38fcb33df041b9cb0b3cd47ae98f" - -inherit autotools pkgconfig binconfig multilib_header - -PACKAGECONFIG ??= "${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)} gnutls proxy zlib" -PACKAGECONFIG_class-native = "ipv6 proxy ssl zlib" -PACKAGECONFIG_class-nativesdk = "ipv6 proxy ssl zlib" - -PACKAGECONFIG[dict] = "--enable-dict,--disable-dict," -PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls" -PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher," -PACKAGECONFIG[imap] = "--enable-imap,--disable-imap," -PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," -PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap," -PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps," -PACKAGECONFIG[libidn] = "--with-libidn,--without-libidn,libidn" -PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2" -PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3," -PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy," -PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump" -PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp," -PACKAGECONFIG[smb] = "--enable-smb,--disable-smb," -PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp," -PACKAGECONFIG[ssl] = "--with-ssl --with-random=/dev/urandom,--without-ssl,openssl" -PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet," -PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp," -PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib" - -EXTRA_OECONF = " \ - --enable-crypto-auth \ - --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \ - --without-libmetalink \ - --without-libpsl \ - --without-nghttp2 \ -" - -do_install_append() { - oe_multilib_header curl/curlbuild.h -} - -do_install_append_class-target() { - # cleanup buildpaths from curl-config - sed -i -e 's,${STAGING_DIR_HOST},,g' ${D}${bindir}/curl-config -} - -PACKAGES =+ "lib${BPN}" - -FILES_lib${BPN} = "${libdir}/lib*.so.*" -RRECOMMENDS_lib${BPN} += "ca-certificates" - -FILES_${PN} += "${datadir}/zsh" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-support/curl/curl_7.53.1.bb b/meta/recipes-support/curl/curl_7.53.1.bb new file mode 100644 index 0000000000..9eb9720b6d --- /dev/null +++ b/meta/recipes-support/curl/curl_7.53.1.bb @@ -0,0 +1,68 @@ +SUMMARY = "Command line tool and library for client-side URL transfers" +HOMEPAGE = "http://curl.haxx.se/" +BUGTRACKER = "http://curl.haxx.se/mail/list.cgi?list=curl-tracker" +SECTION = "console/network" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://COPYING;beginline=8;md5=3a34942f4ae3fbf1a303160714e664ac" + +SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2" + +# curl likes to set -g0 in CFLAGS, so we stop it +# from mucking around with debug options +# +SRC_URI += " file://configure_ac.patch" + +SRC_URI[md5sum] = "fb1f03a142236840c1a77c035fa4c542" +SRC_URI[sha256sum] = "1c7207c06d75e9136a944a2e0528337ce76f15b9ec9ae4bb30d703b59bf530e8" + +inherit autotools pkgconfig binconfig multilib_header + +PACKAGECONFIG ??= "${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)} gnutls proxy zlib" +PACKAGECONFIG_class-native = "ipv6 proxy ssl zlib" +PACKAGECONFIG_class-nativesdk = "ipv6 proxy ssl zlib" + +PACKAGECONFIG[dict] = "--enable-dict,--disable-dict," +PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls" +PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher," +PACKAGECONFIG[imap] = "--enable-imap,--disable-imap," +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," +PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap," +PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps," +PACKAGECONFIG[libidn] = "--with-libidn,--without-libidn,libidn" +PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2" +PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3," +PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy," +PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump" +PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp," +PACKAGECONFIG[smb] = "--enable-smb,--disable-smb," +PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp," +PACKAGECONFIG[ssl] = "--with-ssl --with-random=/dev/urandom,--without-ssl,openssl" +PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet," +PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp," +PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib" + +EXTRA_OECONF = " \ + --enable-crypto-auth \ + --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \ + --without-libmetalink \ + --without-libpsl \ + --without-nghttp2 \ +" + +do_install_append() { + oe_multilib_header curl/curlbuild.h +} + +do_install_append_class-target() { + # cleanup buildpaths from curl-config + sed -i -e 's,${STAGING_DIR_HOST},,g' ${D}${bindir}/curl-config +} + +PACKAGES =+ "lib${BPN}" + +FILES_lib${BPN} = "${libdir}/lib*.so.*" +RRECOMMENDS_lib${BPN} += "ca-certificates" + +FILES_${PN} += "${datadir}/zsh" + +BBCLASSEXTEND = "native nativesdk" -- cgit v1.2.3-54-g00ecf