<feed xmlns='http://www.w3.org/2005/Atom'>
<title>buildroot/package/libcurl, branch 2017.08.1</title>
<subtitle>OpenPOWER buildroot sources</subtitle>
<id>https://git.raptorcs.com/git/buildroot/atom?h=2017.08.1</id>
<link rel='self' href='https://git.raptorcs.com/git/buildroot/atom?h=2017.08.1'/>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/'/>
<updated>2017-10-17T08:45:05+00:00</updated>
<entry>
<title>libcurl: security bump to version 7.56.0</title>
<updated>2017-10-17T08:45:05+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2017-10-04T07:35:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=2753d080973b308153b831200f337cbe3257c32c'/>
<id>urn:sha1:2753d080973b308153b831200f337cbe3257c32c</id>
<content type='text'>
Drop upstreamed patch.

Fixes CVE-2017-1000254 - FTP PWD response parser out of bounds read:

https://curl.haxx.se/docs/adv_20171004.html

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
(cherry picked from commit 9d95b93e5d36442979cdff7a9f3ee10b1eb9e0c7)
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>libcurl: fix build without threads</title>
<updated>2017-10-16T21:16:45+00:00</updated>
<author>
<name>Baruch Siach</name>
<email>baruch@tkos.co.il</email>
</author>
<published>2017-09-12T11:43:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=cfbe2b048ebef6cae58bbb6e5f0307a16025b2d2'/>
<id>urn:sha1:cfbe2b048ebef6cae58bbb6e5f0307a16025b2d2</id>
<content type='text'>
When c-ares is not enabled libcurl enables the threaded DNS resolver by
default. Make sure the threaded resolvers is disabled when the toolchain
does not support threads.

Add upstream patch that fixes the configure option for disabling the
threaded resolver.

Fixes:
http://autobuild.buildroot.net/results/39f/39fa63fb2ecb75e4b2521d1ee3dfa357c4e5c594/
http://autobuild.buildroot.net/results/dfd/dfd296086d0d6bed73b92fe2fa4ba5434dddf796/

Signed-off-by: Baruch Siach &lt;baruch@tkos.co.il&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
(cherry picked from commit 10e998e7ccc827c53f3637abb70a06f1521e239e)
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>libcurl: bump to version 7.55.1</title>
<updated>2017-10-16T21:11:53+00:00</updated>
<author>
<name>Baruch Siach</name>
<email>baruch@tkos.co.il</email>
</author>
<published>2017-09-09T20:10:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=eebfc0f3241acf432ea3249b10da982436a30a89'/>
<id>urn:sha1:eebfc0f3241acf432ea3249b10da982436a30a89</id>
<content type='text'>
Drop upstream patch.

Add license hash.

Signed-off-by: Baruch Siach &lt;baruch@tkos.co.il&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
(cherry picked from commit 3f6c10df674b7cc7a854fb0099ebeb926d162975)
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>libcurl: fix build on uncommon architectures</title>
<updated>2017-08-11T20:06:36+00:00</updated>
<author>
<name>Thomas Petazzoni</name>
<email>thomas.petazzoni@free-electrons.com</email>
</author>
<published>2017-08-11T18:32:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=6361a50e3f813c81d49636ee92a427442b9a2160'/>
<id>urn:sha1:6361a50e3f813c81d49636ee92a427442b9a2160</id>
<content type='text'>
Since the bump to 7.55.0, libcurl fails to build on a number of
uncommon architectures (ARC, OpenRISC, etc.). This is due to upstream
commit 73a2fcea0b4adea6ba342cd7ed1149782c214ae3 ("includes: remove
curl/curlbuild.h and curl/curlrules.h"), which makes libcurl rely on
more architecture-specific related defines in include/curl/system.h.

This commit therefore adds a patch that fixes the 32-bit vs. 64-bit
detection for all architecture, using gcc's __SIZEOF_LONG__
definition. It has been tested successfully with test-pkg on all 47
toolchain configurations.

Fixes:

  http://autobuild.buildroot.net/results/bf26c08cf3267214278674472f931603f69951ae/
  (and many similar issues)

Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>libcurl: security bump to version 7.55.0</title>
<updated>2017-08-11T10:42:34+00:00</updated>
<author>
<name>Baruch Siach</name>
<email>baruch@tkos.co.il</email>
</author>
<published>2017-08-10T17:35:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=d88c79090add53947dc3290fb61d51f2b630301c'/>
<id>urn:sha1:d88c79090add53947dc3290fb61d51f2b630301c</id>
<content type='text'>
Fixes:

 glob: do not parse after a strtoul() overflow range (CVE-2017-1000101)
 tftp: reject file name lengths that don't fit (CVE-2017-1000100)
 file: output the correct buffer to the user (CVE-2017-1000099)

Switch to .tar.xz to save bandwidth.

Add reference to tarball signature.

Signed-off-by: Baruch Siach &lt;baruch@tkos.co.il&gt;
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) &lt;arnout@mind.be&gt;
</content>
</entry>
<entry>
<title>package/lib*: fix wrapping of Config.in help text</title>
<updated>2017-07-31T17:10:08+00:00</updated>
<author>
<name>Adam Duskett</name>
<email>Aduskett@gmail.com</email>
</author>
<published>2017-07-31T13:53:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=5dccd7249e7dacceb370b0282592d504876e460e'/>
<id>urn:sha1:5dccd7249e7dacceb370b0282592d504876e460e</id>
<content type='text'>
The check-package script when ran gives warnings on text wrapping
on all of these Config files.  This patch cleans up all warnings
related to the text wrapping for the Config files starting with
lib in the package directory.

The appropriate indentation is: &lt;tab&gt;&lt;2 spaces&gt;&lt;62 chars&gt;
See http://nightly.buildroot.org/#writing-rules-config-in for more
information.

Signed-off-by: Adam Duskett &lt;aduskett@gmail.com&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>libcurl: LICENSE value changes to SPDX</title>
<updated>2017-07-02T21:35:46+00:00</updated>
<author>
<name>Naoki Matsumoto</name>
<email>n-matsumoto@melcoinc.co.jp</email>
</author>
<published>2017-06-26T01:34:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=d80110a635c23aac17dabf2e58b580470749a2c9'/>
<id>urn:sha1:d80110a635c23aac17dabf2e58b580470749a2c9</id>
<content type='text'>
The curl license is a MIT/X derivative license, but
has a distinct identifier in SPDX, so use that:

https://spdx.org/licenses/curl.html

[Peter: reword commit message]
Signed-off-by: Naoki Matsumoto &lt;n-matsumoto@melcoinc.co.jp&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>libcurl: bump version to 7.54.1</title>
<updated>2017-06-21T20:42:54+00:00</updated>
<author>
<name>Adam Duskett</name>
<email>Aduskett@gmail.com</email>
</author>
<published>2017-06-21T20:30:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=c52d50336eb6c51eb9d590cebdee72623d76dd51'/>
<id>urn:sha1:c52d50336eb6c51eb9d590cebdee72623d76dd51</id>
<content type='text'>
Signed-off-by: Adam Duskett &lt;aduskett@codeblue.com&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>libcurl: bump version to 7.54.0 (security)</title>
<updated>2017-04-20T21:13:07+00:00</updated>
<author>
<name>Vicente Olivert Riera</name>
<email>Vincent.Riera@imgtec.com</email>
</author>
<published>2017-04-19T09:07:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=034e95e51e7dbe97a11d708c7762ff64861ec705'/>
<id>urn:sha1:034e95e51e7dbe97a11d708c7762ff64861ec705</id>
<content type='text'>
Security fixes:
 - CVE-2017-7468: switch off SSL session id when client cert is used

Full changelog: https://curl.haxx.se/changes.html

Removing 0001-CVE-2017-7407.patch. It's included in this release:
  https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13

Signed-off-by: Vicente Olivert Riera &lt;Vincent.Riera@imgtec.com&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>libcurl: apply upstream security patch</title>
<updated>2017-04-12T19:14:01+00:00</updated>
<author>
<name>Baruch Siach</name>
<email>baruch@tkos.co.il</email>
</author>
<published>2017-04-11T17:56:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=08bf26bb34f87b6820e07b2858bb4fe49eef9048'/>
<id>urn:sha1:08bf26bb34f87b6820e07b2858bb4fe49eef9048</id>
<content type='text'>
CVE-2017-7407: --write-out out of buffer read

https://curl.haxx.se/docs/adv_20170403.html

Signed-off-by: Baruch Siach &lt;baruch@tkos.co.il&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
</feed>
