OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2016.02 2016-02-08T20:26:09+00:00 2016-02-08T20:26:09+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-02-08T19:26:42+00:00 urn:sha1:ee467ccd6397995cc0c2a87f7fd5b8f68bcd5b18 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-01-28T21:29:08+00:00 Bernd Kuhls bernd.kuhls@t-online.de 2016-01-28T20:01:26+00:00 urn:sha1:4adae5d2eaa2eda770c1b5873265dfbca908d21f Fixes CVE-2016-0754: remote file name path traversal in curl tool for Windows CVE-2016-0755: NTLM credentials not-checked for proxy connection re-use Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-12-02T20:27:30+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2015-12-02T12:55:50+00:00 urn:sha1:b97525bd613526858074422d5a65ee0b24d2627e Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-11-17T09:00:26+00:00 Yann E. MORIN yann.morin.1998@free.fr 2015-11-13T21:48:50+00:00 urn:sha1:71b1d39726672160108901c0a1fbd00ee899d0a8 To build libcurl, we need to override LD_LIBRARY and force it to a sane value, otherwise libcurl is confused when target == host (see a51ce319, libcurl: fix configure with openssl when target == host). That is currently OK, since we always set LD_LIBRARY_PATH to a non-empty value. However, we're soon to stop setting it at all. So, if the user has an empty (or no) LD_LIBRARY_PATH in his envirnment, we'd end up adding the current working directory to LD_LIBRARY_PATH (as an empty entry in a colon-separated list is most probably interpreted as meaning the current working directory, which we do know can cause issue, and which we expressely check against in support/dependencies/dependencies.sh Fix that by only using an existing LD_LIBRARY_PATH if it is not empty. Also use a Makefile construct as it is easier to read than a shell one (we can do that, as all variables from the environment are available as make variables). Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Peter Korsgaard <jacmet@uclibc.org> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-10-27T21:50:56+00:00 Ryan Barnett ryan.barnett@rockwellcollins.com 2015-10-27T21:21:08+00:00 urn:sha1:83cd80d580651ec6e7bd68ddcc161ba2f4272102 The license for libcurl is actually 'ISC' not 'ICS'. Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-10-08T15:06:51+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2015-10-07T11:06:48+00:00 urn:sha1:7f4b13cc526f4004452ed9eac66a27f78da5080f Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-09-04T09:57:05+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-09-02T19:16:13+00:00 urn:sha1:cf0fb42a4260bd215b2ec01f885a1305f7b93272 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-06-18T20:41:32+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2015-06-18T16:44:26+00:00 urn:sha1:fc91ffa2f90b759dfa5f438145f8acf55f6db0d8 - Bump to version 7.43.0 - Update hash file Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-05-03T17:25:24+00:00 John Keeping john@keeping.me.uk 2015-05-02T10:58:18+00:00 urn:sha1:ff05e241f877615c127477dcda2ba99667a8d798 By default libcurl uses the C library's DNS resolver which is synchronous, even if an application is using libcurl's non-blocking mode of operation. Configure libcurl to use c-ares if it is selected so that it can resolve addresses asynchronously if required. [Peter: explicitly disable c-ares support if not enabled] Signed-off-by: John Keeping <john@keeping.me.uk> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-04-29T21:27:02+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2015-04-29T18:47:56+00:00 urn:sha1:62592bb66036d520f13c8eefc25dca056a186959 Fixes: CVE-2013-3153 - sensitive HTTP server headers also sent to proxies. And drop upstream patches. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>