libcurl: security bump to version 7.61.1

Fixes CVE-2018-14618: NTLM password overflow via integer overflow

For more details, see the advisory:
https://curl.haxx.se/docs/CVE-2018-14618.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash
index 9a57153d2b21ca2a0133d52752d45c5ec4730ef3..395307653d4034f7e47e4c2a97356fd4ed7a6ab2 100644 (file)
--- a/package/libcurl/libcurl.hash
+++ b/package/libcurl/libcurl.hash
@@ -1,5 +1,5 @@
 # Locally calculated after checking pgp signature
-# https://curl.haxx.se/download/curl-7.61.0.tar.xz.asc
+# https://curl.haxx.se/download/curl-7.61.1.tar.xz.asc
 # with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
-sha256 ef6e55192d04713673b4409ccbcb4cb6cd723137d6e10ca45b0c593a454e1720  curl-7.61.0.tar.xz
+sha256 3d5913d6a39bd22e68e34dff697fd6e4c3c81563f580c76fca2009315cd81891  curl-7.61.1.tar.xz
 sha256 5f3849ec38ddb927e79f514bf948890c41b8d1407286a49609b8fb1585931095  COPYING

diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index e0ecb081b7bb4c35308aa8328f74bb103dc91a63..c3da8aa3e5f149b5d23d2d7b158aabaa4c863d53 100644 (file)
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBCURL_VERSION = 7.61.0
+LIBCURL_VERSION = 7.61.1
 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
 LIBCURL_SITE = https://curl.haxx.se/download
 LIBCURL_DEPENDENCIES = host-pkgconf \