projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1f1d220) | patch
package/libcurl: security bump to version 7.77.0
authorPeter Korsgaard <peter@korsgaard.com>
Thu, 27 May 2021 21:35:31 +0000 (23:35 +0200)
committerYann E. MORIN <yann.morin.1998@free.fr>
Fri, 28 May 2021 12:19:33 +0000 (14:19 +0200)
commiteae15d62c6a857f43d6f21af9a30f38994b3efc5
treede5410448e734aeb5c0a1c23e15fc8e6f5886a69tree
parent1f1d220419515c44275b21b55ac1382f4192c2f1commit | diff
package/libcurl: security bump to version 7.77.0

Fixes the following security issues:

- CVE-2021-22897: schannel cipher selection surprise
  https://curl.se/docs/CVE-2021-22897.html

- CVE-2021-22898: TELNET stack contents disclosure
  https://curl.se/docs/CVE-2021-22898.html

- CVE-2021-22901: TLS session caching disaster
  https://curl.se/docs/CVE-2021-22901.html

Unconditionally disable the ldap(s) options.  These require external
libraries, but the options were ignored if the needed libraries weren't
available. This is now changed to be a fatal error since

https://github.com/curl/curl/commit/dae382a1a1481a94b708c82d5aa9fa7253084160

Additionally, add a post-7.77.0 upstream patch to fix compilation with
bearssl.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: annotate the patch, that it is a backport]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
package/libcurl/0001-bearssl-remove-incorrect-const-on-variable-that-is-m.patch [new file with mode: 0644] blob
package/libcurl/libcurl.hash diff | blob | history
package/libcurl/libcurl.mk diff | blob | history