projects / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4651c60)
package/libcurl: security bump version to 7.47.0
authorBernd Kuhls <bernd.kuhls@t-online.de>
Thu, 28 Jan 2016 20:01:26 +0000 (21:01 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Thu, 28 Jan 2016 21:29:08 +0000 (22:29 +0100)
Fixes
CVE-2016-0754: remote file name path traversal in curl tool for Windows
CVE-2016-0755: NTLM credentials not-checked for proxy connection re-use

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/libcurl/libcurl.hash patch | blob | history
package/libcurl/libcurl.mk patch | blob | history

diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash
index eb5bab1e30253be496a129697133c8e5c0281fb1..cd35d4cc82726f4b81b0ef12ef6f6344521815e4 100644 (file)
--- a/package/libcurl/libcurl.hash
+++ b/package/libcurl/libcurl.hash
@@ -1,2 +1,2 @@
-# Locally calculated after checking pgp signature
-sha256 b7d726cdd8ed4b6db0fa1b474a3c59ebbbe4dcd4c61ac5e7ade0e0270d3195ad  curl-7.46.0.tar.bz2
+# Locally calculated
+sha256 2b096f9387fb9b2be08d17e518c62b6537b1f4d4bb59111d5b4fa0272f383f66        curl-7.47.0.tar.bz2
diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index e64014ddc95ae8a5ff9dc99f0219156f965f8a04..db9ef3f1bcb1515a08fb99d9330f3ddf8cc6e937 100644 (file)
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBCURL_VERSION = 7.46.0
+LIBCURL_VERSION = 7.47.0
 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2
 LIBCURL_SITE = http://curl.haxx.se/download
 LIBCURL_DEPENDENCIES = host-pkgconf \