linux/poky.git/meta/recipes-support/curl, branch master-test

curl: Update 7.73.0 -> 7.74.0

2020-12-24T08:25:14+00:00

update to version 7.74.0 curl 7.74.0 hsts: add experimental support for Strict-Transport-Security with various bug fixes Reference: https://curl.se/changes.html#7_74_0 update includes fix for CVE: CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 (From OE-Core rev: 0461baec8bef003a0bfcc9939e4e40654be36f10) Signed-off-by: Khairul Rohaizzat Jamaluddin Signed-off-by: Richard Purdie

curl: upgrade 7.72.0 -> 7.73.0

2020-11-03T08:21:11+00:00

(From OE-Core rev: f9aa9f075674e3908d950c3107be3e6230786f0b) Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie

curl: Change SRC_URI from http to https

2020-09-23T19:54:03+00:00

The official links on: https://curl.haxx.se/download.html use https now and we're seeing this warning: WARNING: curl-native-7.72.0-r0 do_fetch: Failed to fetch URL http://curl.haxx.se/download/curl-7.72.0.tar.bz2, attempting MIRRORS if available (From OE-Core rev: 0aa24abf6c4d68efa63026d2496b6adc16734d35) Signed-off-by: Randy MacLeod Signed-off-by: Richard Purdie

curl: add vendors to CVE_PRODUCT to exclude false positives

2020-09-08T15:43:40+00:00

To avoid false positives (such as CVE-2010-0734, rubygems:curl), expand the CVE_PRODUCT list to include all the vendors that have been used. (From OE-Core rev: bb265122cccea9466405fdd924ad10ce8cda0dec) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie

curl: Upgrade to 7.72.0

2020-08-21T13:29:11+00:00

(From OE-Core rev: f3fc6de9de6b6a24649864c598d5ee9abfae4af3) Signed-off-by: Khem Raj Signed-off-by: Richard Purdie

curl: upgrade 7.71.0 -> 7.71.1

2020-07-02T15:18:03+00:00

This release includes the following bugfixes: - cirrus-ci: disable FreeBSD 13 (again) - Curl_inet_ntop: always check the return code - CURLOPT_READFUNCTION.3: provide the upload data size up front - DYNBUF.md: fix a typo: trail => tail - escape: make the URL decode able to reject only %00-bytes - escape: zero length input should return a zero length output - examples/multithread.c: call curl_global_cleanup() - http2: set the correct URL in pushed transfers - http: fix proxy auth with blank password - mbedtls: fix build with disabled proxy support - ngtcp2: sync with current master - openssl: Fix compilation on Windows when ngtcp2 is enabled - Revert "multi: implement wait using winsock events" - sendf: improve the message on client write errors - terminology: call them null-terminated strings - tool_cb_hdr: Fix etag warning output and return code - url: allow user + password to contain "control codes" for HTTP(S) - vtls: compare cert blob when finding a connection to reuse (From OE-Core rev: 4fde94448495a7957bb6ce76c15fda67c73248d3) Signed-off-by: Pierre-Jean Texier Signed-off-by: Richard Purdie

curl: upgrade 7.70.0 -> 7.71.0

2020-06-25T09:23:37+00:00

This release includes the following changes: - CURLOPT_SSL_OPTIONS: optional use of Windows' CA store (with openssl) [10] - setopt: add CURLOPT_PROXY_ISSUERCERT(_BLOB) for coherency [31] - setopt: support certificate options in memory with struct curl_blob [41] - tool: Add option --retry-all-errors to retry on any error [27] This release includes the following bugfixes: - CVE-2020-8177: curl overwrite local file with -J [111] - CVE-2020-8169: Partial password leak over DNS on HTTP redirect [48] - *_sspi: fix bad uses of CURLE_NOT_BUILT_IN [21] - all: fix codespell errors [75] - altsvc: bump to h3-29 [114] ... See full changelog: https://curl.haxx.se/changes.html#7_71_0 (From OE-Core rev: 63a28e9fc262c8da692d18b38eeb0b85dd597a9b) Signed-off-by: Pierre-Jean Texier Signed-off-by: Richard Purdie

curl: add debug info

2020-06-17T15:31:52+00:00

Currently, curl (and libcurl) is built without debug info, making the curl-dbg package rather useless. Since debug symbols are automatically stripped and put in that package by the build system, making sure that curl is built with -g shouldn't hurt anything, but will help those that try to debug a libcurl-using application and hence explicitly include curl-dbg in their rootfs. Unfortunately, setting --enable-debug then changes the default value of the optimize option from (assume yes) to (assume no), while also changing the default value of the curldebug option [which is a separate thing that actually changes generated code to add some memory tracking] from (assume no) to (assume yes). So explicitly pass the appropriate options that make those two have the same value as they used to have by default. (From OE-Core rev: 278242619eec5f5f143d57e92b109012001f1f91) Signed-off-by: Rasmus Villemoes Signed-off-by: Richard Purdie

curl: support mqtt in PACKAGECONFIG

2020-05-03T14:41:39+00:00

The version 7.70.0 of curl add experimental support for this protocol. So, add PACKAGECONFIG for mqtt. See [1] for more informations. [1] - https://github.com/curl/curl/blob/master/docs/MQTT.md (From OE-Core rev: aaf4054cb9e2c73d34e6fab12bf140808b2612ac) Signed-off-by: Pierre-Jean Texier Signed-off-by: Richard Purdie

curl: upgrade 7.69.1 -> 7.70.0

2020-05-03T14:41:39+00:00

See full changelog https://curl.haxx.se/changes.html#7_70_0 (From OE-Core rev: bbb2d451d6290d8ec312890fd5d3bc5c6d0e7468) Signed-off-by: Pierre-Jean Texier Signed-off-by: Richard Purdie