diff options
| author | Gustavo Zacarias <gustavo@zacarias.com.ar> | 2015-04-29 15:47:56 -0300 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2015-04-29 23:27:02 +0200 |
| commit | 62592bb66036d520f13c8eefc25dca056a186959 (patch) | |
| tree | 9ca4e7939fa26cbfb6b33e09750490596ed52fec /package/libcurl/0001-connectionexists-fix-build-without-NTLM.patch | |
| parent | 87ec20c1f009307f0a1a928d4d4a7f7e67d6230d (diff) | |
| download | buildroot-62592bb66036d520f13c8eefc25dca056a186959.tar.gz buildroot-62592bb66036d520f13c8eefc25dca056a186959.zip | |
libcurl: security bump to version 7.42.1
Fixes:
CVE-2013-3153 - sensitive HTTP server headers also sent to proxies.
And drop upstream patches.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/libcurl/0001-connectionexists-fix-build-without-NTLM.patch')
| -rw-r--r-- | package/libcurl/0001-connectionexists-fix-build-without-NTLM.patch | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/package/libcurl/0001-connectionexists-fix-build-without-NTLM.patch b/package/libcurl/0001-connectionexists-fix-build-without-NTLM.patch deleted file mode 100644 index 4f91372192..0000000000 --- a/package/libcurl/0001-connectionexists-fix-build-without-NTLM.patch +++ /dev/null @@ -1,54 +0,0 @@ -From fd9d3a1ef1f7b1cb5812d04bad07818efc6f3b3a Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <daniel@haxx.se> -Date: Wed, 22 Apr 2015 13:31:35 +0200 -Subject: [PATCH 1/2] connectionexists: fix build without NTLM - -Do not access NTLM-specific struct fields when built without NTLM -enabled! - -bug: http://curl.haxx.se/?i=231 -Reported-by: Patrick Rapin -Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> ---- - lib/url.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/lib/url.c b/lib/url.c -index f033dbc..93f15f1 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -3069,9 +3069,11 @@ ConnectionExists(struct SessionHandle *data, - struct connectdata *check; - struct connectdata *chosen = 0; - bool canPipeline = IsPipeliningPossible(data, needle); -+#ifdef USE_NTLM - bool wantNTLMhttp = ((data->state.authhost.want & CURLAUTH_NTLM) || - (data->state.authhost.want & CURLAUTH_NTLM_WB)) && - (needle->handler->protocol & PROTO_FAMILY_HTTP) ? TRUE : FALSE; -+#endif - struct connectbundle *bundle; - - *force_reuse = FALSE; -@@ -3208,6 +3210,7 @@ ConnectionExists(struct SessionHandle *data, - continue; - } - -+#if defined(USE_NTLM) - if((!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) || - (wantNTLMhttp || check->ntlm.state != NTLMSTATE_NONE)) { - /* This protocol requires credentials per connection or is HTTP+NTLM, -@@ -3217,10 +3220,9 @@ ConnectionExists(struct SessionHandle *data, - /* one of them was different */ - continue; - } --#if defined(USE_NTLM) - credentialsMatch = TRUE; --#endif - } -+#endif - - if(!needle->bits.httpproxy || needle->handler->flags&PROTOPT_SSL || - (needle->bits.httpproxy && check->bits.httpproxy && --- -2.0.5 - |
