diff options
author | Baruch Siach <baruch@tkos.co.il> | 2018-07-12 21:15:57 +0300 |
---|---|---|
committer | Peter Korsgaard <peter@korsgaard.com> | 2018-07-12 22:18:54 +0200 |
commit | bf79731153d2739580954161547225acb60f65e8 (patch) | |
tree | ac046e9ea176745975fcd609403f169d5313c5a9 /package/libcurl/libcurl.mk | |
parent | 572c7af8dbcc9539ea54724e88b0850ae47d98ee (diff) | |
download | buildroot-bf79731153d2739580954161547225acb60f65e8.tar.gz buildroot-bf79731153d2739580954161547225acb60f65e8.zip |
libcurl: security bump to version 7.61.0
Fixes CVE-2018-0500: curl might overflow a heap based memory buffer when
sending data over SMTP and using a reduced read buffer.
Drop upstream patch.
Add reference to tarball signature key.
Drop CRYPTO_lock seed. Removed from configure script since 7.45.
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/libcurl/libcurl.mk')
-rw-r--r-- | package/libcurl/libcurl.mk | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk index 00a213cc3c..c9b325c672 100644 --- a/package/libcurl/libcurl.mk +++ b/package/libcurl/libcurl.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBCURL_VERSION = 7.60.0 +LIBCURL_VERSION = 7.61.0 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz LIBCURL_SITE = https://curl.haxx.se/download LIBCURL_DEPENDENCIES = host-pkgconf \ @@ -13,8 +13,6 @@ LIBCURL_DEPENDENCIES = host-pkgconf \ LIBCURL_LICENSE = curl LIBCURL_LICENSE_FILES = COPYING LIBCURL_INSTALL_STAGING = YES -# We're patching configure.ac -LIBCURL_AUTORECONF = YES # We disable NTLM support because it uses fork(), which doesn't work # on non-MMU platforms. Moreover, this authentication method is @@ -39,7 +37,6 @@ LIBCURL_CONFIG_SCRIPTS = curl-config ifeq ($(BR2_PACKAGE_OPENSSL),y) LIBCURL_DEPENDENCIES += openssl -LIBCURL_CONF_ENV += ac_cv_lib_crypto_CRYPTO_lock=yes # configure adds the cross openssl dir to LD_LIBRARY_PATH which screws up # native stuff during the rest of configure when target == host. # Fix it by setting LD_LIBRARY_PATH to something sensible so those libs |