OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2016.11 2016-11-03T21:31:05+00:00 2016-11-03T21:31:05+00:00 Baruch Siach baruch@tkos.co.il 2016-11-03T07:53:13+00:00 urn:sha1:f9138514d1678415605b75ecfabecbb2f72f9310 Saves a redirect. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-11-02T16:25:20+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-11-02T11:52:31+00:00 urn:sha1:afdb102bd5a9bc35dde2fe0309da88f0d89210d3 List of fixed CVEs: CVE-2016-8615: cookie injection for other servers CVE-2016-8616: case insensitive password comparison CVE-2016-8617: OOB write via unchecked multiplication CVE-2016-8618: double-free in curl_maprintf CVE-2016-8619: double-free in krb5 code CVE-2016-8620: glob parser write/read out of bounds CVE-2016-8621: curl_getdate read out of bounds CVE-2016-8622: URL unescape heap overflow via integer truncation CVE-2016-8623: Use-after-free via shared cookies CVE-2016-8624: invalid URL parsing with '#' CVE-2016-8625: IDNA 2003 makes curl use wrong host Full ChangeLog: https://curl.haxx.se/changes.html#7_51_0 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-09-14T19:45:58+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-09-14T08:52:24+00:00 urn:sha1:28dc7f4adc6e6c7a6d67fab99ef7cb68117b502f Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-09-07T10:17:28+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-09-07T09:16:08+00:00 urn:sha1:475387b43987b73a76b321599fb8da90c6b81c40 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-08-03T18:50:39+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-08-03T10:56:52+00:00 urn:sha1:559c3820f871c8efabb161013b6fb5f5b02981e6 Contains fixes for CVE-2016-5419..5421: https://curl.haxx.se/docs/vuln-7.50.0.html [Peter: extend commit message with CVE info] Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-07-21T11:56:15+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-07-21T11:30:33+00:00 urn:sha1:627dc235ffb12d8d0c1cbb95b46d891160d9e452 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-05-31T10:59:10+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-05-31T09:48:49+00:00 urn:sha1:5c913c17b250ff8e1dc2ffe9a43c5b9496cc1023 Fixes CVE-2016-4802, https://curl.haxx.se/docs/adv_20160530.html Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-05-23T15:05:24+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-05-18T10:14:37+00:00 urn:sha1:4e58fe16b256fee536bad34fde686134d71c852c Fixes CVE-2016-3739, https://curl.haxx.se/docs/adv_20160518.html. Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> [Thomas: add reference to the CVE being fixed, pointed by Gustavo.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-03-25T19:54:27+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-03-25T16:46:47+00:00 urn:sha1:98e28b564e61c9a7d15d6786e2c0629a6d1f9397 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-03-08T20:24:53+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-01-06T18:53:37+00:00 urn:sha1:0af16e3a9231e1df2b661b7bf0949e79ed28cb18 Now that we've got an mbedtls package in the tree we can enable the optional support for it in libcurl. We also remove the comment about polarssl support needing version 1.3.x. Indeed, polarssl was renamed to mbedtls when bought by ARM, which was circa the 1.3.x polarssl release. Due to this referring to polarssl 1.3.x doesn't make a lot of sense, and we'll probably never package polarssl 1.3.x in Buildroot now that mbedtls replaces it. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Tested-by: Luca Ceresoli <luca@lucaceresoli.net> [Thomas: slightly improve commit log as suggested by Luca, using explanations from Gustavo.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>