[Astlinux-commits] SF.net SVN: astlinux:[7919] branches/1.0/package/libcurl

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 7919
          http://sourceforge.net/p/astlinux/code/7919
Author:   abelbeck
Date:     2016-11-03 17:18:24 +0000 (Thu, 03 Nov 2016)
Log Message:
-----------
libcurl, version bump to 7.51.0, security fixes, no longer supports libidn:
List of fixed CVEs:

CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host

Modified Paths:
--------------
    branches/1.0/package/libcurl/Config.in
    branches/1.0/package/libcurl/libcurl.mk

Modified: branches/1.0/package/libcurl/Config.in
===================================================================

--- branches/1.0/package/libcurl/Config.in	2016-11-03 16:30:43 UTC (rev 7918)
+++ branches/1.0/package/libcurl/Config.in	2016-11-03 17:18:24 UTC (rev 7919)
@@ -4,7 +4,7 @@
 	  cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet,
 	  and Dict servers, using any of the supported protocols.
 
-	  http://curl.haxx.nu/
+	  https://curl.haxx.se/
 
 config BR2_PACKAGE_CURL
 	bool "curl binary"

Modified: branches/1.0/package/libcurl/libcurl.mk
===================================================================
--- branches/1.0/package/libcurl/libcurl.mk	2016-11-03 16:30:43 UTC (rev 7918)
+++ branches/1.0/package/libcurl/libcurl.mk	2016-11-03 17:18:24 UTC (rev 7919)
@@ -3,14 +3,13 @@
 # libcurl
 #
 #############################################################
-LIBCURL_VERSION = 7.50.3
+LIBCURL_VERSION = 7.51.0
 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.gz
 LIBCURL_SITE = https://curl.haxx.se/download
 LIBCURL_INSTALL_STAGING = YES
 
 LIBCURL_DEPENDENCIES = host-pkg-config \
 	$(if $(BR2_PACKAGE_ZLIB),zlib) \
-	$(if $(BR2_PACKAGE_LIBIDN),libidn) \
 	$(if $(BR2_PACKAGE_OPENLDAP),openldap)
 
 LIBCURL_CONF_OPT = \
@@ -20,6 +19,8 @@
 	--disable-curldebug \
 	--enable-hidden-symbols \
 	--with-random=/dev/urandom \
+	--without-libidn \
+	--without-libidn2 \
 	--enable-ipv6
 
 ifeq ($(BR2_PACKAGE_OPENSSL),y)

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



