libcurl: security bump to version 7.38.0
authorGustavo Zacarias <gustavo@zacarias.com.ar>
Wed, 10 Sep 2014 15:21:31 +0000 (12:21 -0300)
committerPeter Korsgaard <peter@korsgaard.com>
Thu, 11 Sep 2014 20:45:20 +0000 (22:45 +0200)
Fixes:
CVE-2014-3613 cookie leak with IP address as domain
CVE-2014-3620 cookie leak for TLDs

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/libcurl/libcurl-0001-build-link-curl-to-NSS-libraries-when-NSS-support.patch [deleted file]
package/libcurl/libcurl.mk

diff --git a/package/libcurl/libcurl-0001-build-link-curl-to-NSS-libraries-when-NSS-support.patch b/package/libcurl/libcurl-0001-build-link-curl-to-NSS-libraries-when-NSS-support.patch
deleted file mode 100644 (file)
index a3d579b..0000000
+++ /dev/null
@@ -1,41 +0,0 @@
-From c6e7cbb94e669b85d3eb8e015ec51d0072112133 Mon Sep 17 00:00:00 2001
-From: Alessandro Ghedini <alessandro@ghedini.me>
-Date: Thu, 17 Jul 2014 14:37:28 +0200
-Subject: [PATCH] build: link curl to NSS libraries when NSS support is enabled
-
-This fixes a build failure on Debian caused by commit
-24c3cdce88f39731506c287cb276e8bf4a1ce393.
-
-Bug: http://curl.haxx.se/mail/lib-2014-07/0209.html
----
-diff --git a/configure.ac b/configure.ac
-index c3cccfb..b78f56d 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -2078,6 +2078,10 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
-       if test "x$USE_NSS" = "xyes"; then
-         AC_MSG_NOTICE([detected NSS version $version])
-+        dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS
-+        NSS_LIBS=$addlib
-+        AC_SUBST([NSS_LIBS])
-+
-         dnl when shared libs were found in a path that the run-time
-         dnl linker doesn't search through, we need to add it to
-         dnl LD_LIBRARY_PATH to prevent further configure tests to fail
-diff --git a/src/Makefile.am b/src/Makefile.am
-index d8c0c7d..f96618e 100644
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -62,7 +62,7 @@ LIBS = $(BLANK_AT_MAKETIME)
- if USE_EXPLICIT_LIB_DEPS
- curl_LDADD = $(top_builddir)/lib/libcurl.la @LIBMETALINK_LIBS@ @LIBCURL_LIBS@
- else
--curl_LDADD = $(top_builddir)/lib/libcurl.la @LIBMETALINK_LIBS@ @ZLIB_LIBS@ @CURL_NETWORK_AND_TIME_LIBS@
-+curl_LDADD = $(top_builddir)/lib/libcurl.la @LIBMETALINK_LIBS@ @NSS_LIBS@ @ZLIB_LIBS@ @CURL_NETWORK_AND_TIME_LIBS@
- endif
- curl_LDFLAGS = @LIBMETALINK_LDFLAGS@
--- 
-1.8.5.5
-
index e4ab9108fb30385a5843413172fe75b8dced1950..610efc1a5a2bce067755a9e53f8d355587f0ce38 100644 (file)
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBCURL_VERSION = 7.37.1
+LIBCURL_VERSION = 7.38.0
 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2
 LIBCURL_SITE = http://curl.haxx.se/download
 LIBCURL_DEPENDENCIES = host-pkgconf \