From 3fc5d271f554e07c88b1195812e48a0d86291395 Mon Sep 17 00:00:00 2001
From: Sona Sarmadi <sona.sarmadi@enea.com>
Date: Fri, 21 Apr 2017 12:29:17 +0200
Subject: curl: Upgrade 7.47.1 -> 7.53.1

Security vulnerabilities fixed between 7.47.1 and 7.53.1 versions:
=================================================================
TLS session resumption client cert bypass (again): CVE-2017-XXXX
--write-out out of buffer read: CVE-2017-7407
SSL_VERIFYSTATUS ignored: CVE-2017-2629
uninitialized random: CVE-2016-9594
printf floating point buffer overflow: CVE-2016-9586
Win CE schannel cert wildcard matches too much: CVE-2016-9952
Win CE schannel cert name out of buffer read: CVE-2016-9953
cookie injection for other servers: CVE-2016-8615
case insensitive password comparison: CVE-2016-8616
OOB write via unchecked multiplication: CVE-2016-8617
double-free in curl_maprintf: CVE-2016-8618
double-free in krb5 code: CVE-2016-8619
glob parser write/read out of bounds: CVE-2016-8620
curl_getdate read out of bounds: CVE-2016-8621
URL unescape heap overflow via integer truncation: CVE-2016-8622
Use-after-free via shared cookies: CVE-2016-8623
invalid URL parsing with '#': CVE-2016-8624
IDNA 2003 makes curl use wrong host: CVE-2016-8625
curl escape and unescape integer overflows: CVE-2016-7167
Incorrect reuse of client certificates: CVE-2016-7141
TLS session resumption client cert bypass: CVE-2016-5419
Re-using connections with wrong client cert: CVE-2016-5420
use of connection struct after free: CVE-2016-5421
Windows DLL hijacking: CVE-2016-4802
TLS certificate check bypass with mbedTLS/PolarSSL: CVE-2016-3739

Reference:
https://curl.haxx.se/docs/security.html
https://curl.haxx.se/changes.html

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
---
 meta/recipes-support/curl/curl_7.53.1.bb | 68 ++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl_7.53.1.bb

(limited to 'meta/recipes-support/curl/curl_7.53.1.bb')

diff --git a/meta/recipes-support/curl/curl_7.53.1.bb b/meta/recipes-support/curl/curl_7.53.1.bb
new file mode 100644
index 0000000000..9eb9720b6d
--- /dev/null
+++ b/meta/recipes-support/curl/curl_7.53.1.bb
@@ -0,0 +1,68 @@
+SUMMARY = "Command line tool and library for client-side URL transfers"
+HOMEPAGE = "http://curl.haxx.se/"
+BUGTRACKER = "http://curl.haxx.se/mail/list.cgi?list=curl-tracker"
+SECTION = "console/network"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://COPYING;beginline=8;md5=3a34942f4ae3fbf1a303160714e664ac"
+
+SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2"
+
+# curl likes to set -g0 in CFLAGS, so we stop it
+# from mucking around with debug options
+#
+SRC_URI += " file://configure_ac.patch"
+
+SRC_URI[md5sum] = "fb1f03a142236840c1a77c035fa4c542"
+SRC_URI[sha256sum] = "1c7207c06d75e9136a944a2e0528337ce76f15b9ec9ae4bb30d703b59bf530e8"
+
+inherit autotools pkgconfig binconfig multilib_header
+
+PACKAGECONFIG ??= "${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)} gnutls proxy zlib"
+PACKAGECONFIG_class-native = "ipv6 proxy ssl zlib"
+PACKAGECONFIG_class-nativesdk = "ipv6 proxy ssl zlib"
+
+PACKAGECONFIG[dict] = "--enable-dict,--disable-dict,"
+PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls"
+PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher,"
+PACKAGECONFIG[imap] = "--enable-imap,--disable-imap,"
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
+PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,"
+PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,"
+PACKAGECONFIG[libidn] = "--with-libidn,--without-libidn,libidn"
+PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2"
+PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3,"
+PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy,"
+PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump"
+PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp,"
+PACKAGECONFIG[smb] = "--enable-smb,--disable-smb,"
+PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp,"
+PACKAGECONFIG[ssl] = "--with-ssl --with-random=/dev/urandom,--without-ssl,openssl"
+PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet,"
+PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp,"
+PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib"
+
+EXTRA_OECONF = " \
+    --enable-crypto-auth \
+    --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \
+    --without-libmetalink \
+    --without-libpsl \
+    --without-nghttp2 \
+"
+
+do_install_append() {
+	oe_multilib_header curl/curlbuild.h
+}
+
+do_install_append_class-target() {
+	# cleanup buildpaths from curl-config
+	sed -i -e 's,${STAGING_DIR_HOST},,g' ${D}${bindir}/curl-config
+}
+
+PACKAGES =+ "lib${BPN}"
+
+FILES_lib${BPN} = "${libdir}/lib*.so.*"
+RRECOMMENDS_lib${BPN} += "ca-certificates"
+
+FILES_${PN} += "${datadir}/zsh"
+
+BBCLASSEXTEND = "native nativesdk"
-- 
cgit v1.2.3-54-g00ecf