From: Peter Korsgaard Date: Fri, 23 Dec 2016 10:16:05 +0000 (+0100) Subject: libcurl: security bump to 7.52.1 X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=72b6bf8f57569c14238d223bb6cc6fec7fd3af4d;p=buildroot.git libcurl: security bump to 7.52.1 Fixes CVE-2016-9594 - Unitilized random Libcurl's (new) internal function that returns a good 32bit random value was implemented poorly and overwrote the pointer instead of writing the value into the buffer the pointer pointed to. Signed-off-by: Peter Korsgaard --- diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash index 2b68c6a7b4..7a942f238b 100644 --- a/package/libcurl/libcurl.hash +++ b/package/libcurl/libcurl.hash @@ -1,2 +1,2 @@ # Locally calculated after checking pgp signature -sha256 b9a2e18b4785eb75ad84598720e1559e1c53550ea011c0e00becdb94e2df5cc6 curl-7.52.0.tar.bz2 +sha256 d16185a767cb2c1ba3d5b9096ec54e5ec198b213f45864a38b3bda4bbf87389b curl-7.52.1.tar.bz2 diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk index b2a1b241dc..ea37309d82 100644 --- a/package/libcurl/libcurl.mk +++ b/package/libcurl/libcurl.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBCURL_VERSION = 7.52.0 +LIBCURL_VERSION = 7.52.1 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2 LIBCURL_SITE = https://curl.haxx.se/download LIBCURL_DEPENDENCIES = host-pkgconf \