buildroot/package/libcurl, branch 2016.08

libcurl: security bump version to 7.50.1

2016-08-03T18:50:39+00:00

Contains fixes for CVE-2016-5419..5421: https://curl.haxx.se/docs/vuln-7.50.0.html [Peter: extend commit message with CVE info] Signed-off-by: Vicente Olivert Riera Signed-off-by: Peter Korsgaard

libcurl: bump version to 7.50.0

2016-07-21T11:56:15+00:00

Signed-off-by: Vicente Olivert Riera Signed-off-by: Thomas Petazzoni

libcurl: security bump version to 7.49.1

2016-05-31T10:59:10+00:00

Fixes CVE-2016-4802, https://curl.haxx.se/docs/adv_20160530.html Signed-off-by: Vicente Olivert Riera Signed-off-by: Peter Korsgaard

libcurl: bump version to 7.49.0

2016-05-23T15:05:24+00:00

Fixes CVE-2016-3739, https://curl.haxx.se/docs/adv_20160518.html. Signed-off-by: Vicente Olivert Riera [Thomas: add reference to the CVE being fixed, pointed by Gustavo.] Signed-off-by: Thomas Petazzoni

libcurl: bump to version 7.48.0

2016-03-25T19:54:27+00:00

Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard

libcurl: enable mbedtls support

2016-03-08T20:24:53+00:00

Now that we've got an mbedtls package in the tree we can enable the optional support for it in libcurl. We also remove the comment about polarssl support needing version 1.3.x. Indeed, polarssl was renamed to mbedtls when bought by ARM, which was circa the 1.3.x polarssl release. Due to this referring to polarssl 1.3.x doesn't make a lot of sense, and we'll probably never package polarssl 1.3.x in Buildroot now that mbedtls replaces it. Signed-off-by: Gustavo Zacarias Tested-by: Luca Ceresoli [Thomas: slightly improve commit log as suggested by Luca, using explanations from Gustavo.] Signed-off-by: Thomas Petazzoni

libcurl: bump to version 7.47.1

2016-02-08T20:26:09+00:00

Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni

package/libcurl: security bump version to 7.47.0

2016-01-28T21:29:08+00:00

Fixes CVE-2016-0754: remote file name path traversal in curl tool for Windows CVE-2016-0755: NTLM credentials not-checked for proxy connection re-use Signed-off-by: Bernd Kuhls Signed-off-by: Peter Korsgaard

libcurl: bump version to 7.46.0

2015-12-02T20:27:30+00:00

Signed-off-by: Vicente Olivert Riera Signed-off-by: Peter Korsgaard

package/libcurl: carefully override LD_LIBRARY_PATH

2015-11-17T09:00:26+00:00

To build libcurl, we need to override LD_LIBRARY and force it to a sane value, otherwise libcurl is confused when target == host (see a51ce319, libcurl: fix configure with openssl when target == host). That is currently OK, since we always set LD_LIBRARY_PATH to a non-empty value. However, we're soon to stop setting it at all. So, if the user has an empty (or no) LD_LIBRARY_PATH in his envirnment, we'd end up adding the current working directory to LD_LIBRARY_PATH (as an empty entry in a colon-separated list is most probably interpreted as meaning the current working directory, which we do know can cause issue, and which we expressely check against in support/dependencies/dependencies.sh Fix that by only using an existing LD_LIBRARY_PATH if it is not empty. Also use a Makefile construct as it is easier to read than a shell one (we can do that, as all variables from the environment are available as make variables). Signed-off-by: "Yann E. MORIN" Cc: Peter Korsgaard Cc: Thomas Petazzoni Reviewed-by: Arnout Vandecappelle (Essensium/Mind) Signed-off-by: Peter Korsgaard