diff options
| -rw-r--r-- | package/libcurl/0001-CVE-2017-7407.patch | 61 | ||||
| -rw-r--r-- | package/libcurl/libcurl.hash | 2 | ||||
| -rw-r--r-- | package/libcurl/libcurl.mk | 2 |
3 files changed, 2 insertions, 63 deletions
diff --git a/package/libcurl/0001-CVE-2017-7407.patch b/package/libcurl/0001-CVE-2017-7407.patch deleted file mode 100644 index 3a9fa487a8..0000000000 --- a/package/libcurl/0001-CVE-2017-7407.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 6019f1795b4e3b72507b84b0e02dc8c32024f562 Mon Sep 17 00:00:00 2001 -From: Dan Fandrich <dan@coneharvesters.com> -Date: Sat, 11 Mar 2017 10:59:34 +0100 -Subject: [PATCH] CVE-2017-7407: fixed - -Bug: https://curl.haxx.se/docs/adv_20170403.html - -Reported-by: Brian Carpenter -[baruch: remove tests] -Signed-off-by: Baruch Siach <baruch@tkos.co.il> ---- -Patch status: based on upstream suggested patch[1] that combines commits -1890d59905414ab and 8e65877870c1. - -[1] https://curl.haxx.se/CVE-2017-7407.patch - -diff --git a/src/tool_writeout.c b/src/tool_writeout.c -index 2fb77742a..5d92bd278 100644 ---- a/src/tool_writeout.c -+++ b/src/tool_writeout.c -@@ -3,11 +3,11 @@ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. -+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.haxx.se/docs/copyright.html. - * -@@ -111,11 +111,11 @@ void ourWriteOut(CURL *curl, struct OutStruct *outs, const char *writeinfo) - char *stringp = NULL; - long longinfo; - double doubleinfo; - - while(ptr && *ptr) { -- if('%' == *ptr) { -+ if('%' == *ptr && ptr[1]) { - if('%' == ptr[1]) { - /* an escaped %-letter */ - fputc('%', stream); - ptr += 2; - } -@@ -339,11 +339,11 @@ void ourWriteOut(CURL *curl, struct OutStruct *outs, const char *writeinfo) - fputc(ptr[1], stream); - ptr += 2; - } - } - } -- else if('\\' == *ptr) { -+ else if('\\' == *ptr && ptr[1]) { - switch(ptr[1]) { - case 'r': - fputc('\r', stream); - break; - case 'n': --- 2.11.0 - diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash index 9c521e9501..f8885e0488 100644 --- a/package/libcurl/libcurl.hash +++ b/package/libcurl/libcurl.hash @@ -1,2 +1,2 @@ # Locally calculated after checking pgp signature -sha256 1c7207c06d75e9136a944a2e0528337ce76f15b9ec9ae4bb30d703b59bf530e8 curl-7.53.1.tar.bz2 +sha256 f50ebaf43c507fa7cc32be4b8108fa8bbd0f5022e90794388f3c7694a302ff06 curl-7.54.0.tar.bz2 diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk index 0249f5c53d..6f4803e0c1 100644 --- a/package/libcurl/libcurl.mk +++ b/package/libcurl/libcurl.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBCURL_VERSION = 7.53.1 +LIBCURL_VERSION = 7.54.0 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2 LIBCURL_SITE = https://curl.haxx.se/download LIBCURL_DEPENDENCIES = host-pkgconf \ |
