OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2016.02 2016-02-08T20:26:09+00:00 2016-02-08T20:26:09+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-02-08T19:26:42+00:00 urn:sha1:ee467ccd6397995cc0c2a87f7fd5b8f68bcd5b18 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-01-28T21:29:08+00:00 Bernd Kuhls bernd.kuhls@t-online.de 2016-01-28T20:01:26+00:00 urn:sha1:4adae5d2eaa2eda770c1b5873265dfbca908d21f Fixes CVE-2016-0754: remote file name path traversal in curl tool for Windows CVE-2016-0755: NTLM credentials not-checked for proxy connection re-use Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-12-02T20:27:30+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2015-12-02T12:55:50+00:00 urn:sha1:b97525bd613526858074422d5a65ee0b24d2627e Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-10-08T15:06:51+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2015-10-07T11:06:48+00:00 urn:sha1:7f4b13cc526f4004452ed9eac66a27f78da5080f Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-09-04T09:57:05+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-09-02T19:16:13+00:00 urn:sha1:cf0fb42a4260bd215b2ec01f885a1305f7b93272 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-06-18T20:41:32+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2015-06-18T16:44:26+00:00 urn:sha1:fc91ffa2f90b759dfa5f438145f8acf55f6db0d8 - Bump to version 7.43.0 - Update hash file Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-04-29T21:27:02+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-04-29T18:47:56+00:00 urn:sha1:62592bb66036d520f13c8eefc25dca056a186959 Fixes: CVE-2013-3153 - sensitive HTTP server headers also sent to proxies. And drop upstream patches. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-04-23T07:45:03+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-04-23T05:46:07+00:00 urn:sha1:4c8e6796814a03f564cfbab2cb7663d0f598655a Fixes: CVE-2015-3144 - host name out of boundary memory access CVE-2015-3145 - cookie parser out of boundary memory access CVE-2015-3148 - Negotiate not treated as connection-oriented CVE-2015-3143 - Re-using authenticated connection when unauthenticated Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-02-25T16:25:54+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-02-25T12:07:32+00:00 urn:sha1:1f556833c37b170070c39eb3c9e2ab1d14fdff80 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-01-08T18:19:15+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-01-08T17:29:16+00:00 urn:sha1:d71a51d0e5768bcc88e90add609fdb02f72c9fb0 Fixes: CVE-2014-8150 - When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected embedded in the URL. CVE-2014-8151 - libcurl stores TLS Session IDs in its associated Session ID cache when it connects to TLS servers. In subsequent connects it re-uses the entry in the cache to resume the TLS connection faster than when doing a full TLS handshake. The actual implementation for the Session ID caching varies depending on the underlying TLS backend. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>