libcurl: security bump to version 7.42.1

From fd9d3a1ef1f7b1cb5812d04bad07818efc6f3b3a Mon Sep 17 00:00:00 2001

From: Daniel Stenberg <daniel@haxx.se>

Date: Wed, 22 Apr 2015 13:31:35 +0200

Subject: [PATCH 1/2] connectionexists: fix build without NTLM

Do not access NTLM-specific struct fields when built without NTLM

enabled!

bug: http://curl.haxx.se/?i=231

Reported-by: Patrick Rapin

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

---

 lib/url.c | 6 ++++--

 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/url.c b/lib/url.c

index f033dbc..93f15f1 100644

--- a/lib/url.c

+++ b/lib/url.c

@@ -3069,9 +3069,11 @@ ConnectionExists(struct SessionHandle *data,

   struct connectdata *check;

   struct connectdata *chosen = 0;

   bool canPipeline = IsPipeliningPossible(data, needle);

+#ifdef USE_NTLM

   bool wantNTLMhttp = ((data->state.authhost.want & CURLAUTH_NTLM) ||

                        (data->state.authhost.want & CURLAUTH_NTLM_WB)) &&

     (needle->handler->protocol & PROTO_FAMILY_HTTP) ? TRUE : FALSE;

+#endif

   struct connectbundle *bundle;

   *force_reuse = FALSE;

@@ -3208,6 +3210,7 @@ ConnectionExists(struct SessionHandle *data,

           continue;

       }

+#if defined(USE_NTLM)

       if((!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) ||

          (wantNTLMhttp || check->ntlm.state != NTLMSTATE_NONE)) {

         /* This protocol requires credentials per connection or is HTTP+NTLM,

@@ -3217,10 +3220,9 @@ ConnectionExists(struct SessionHandle *data,

           /* one of them was different */

           continue;

         }

-#if defined(USE_NTLM)

         credentialsMatch = TRUE;

-#endif

       }

+#endif

       if(!needle->bits.httpproxy || needle->handler->flags&PROTOPT_SSL ||

          (needle->bits.httpproxy && check->bits.httpproxy &&

-- 

2.0.5

From 85c45d153b901d3f69dd5713924039c011477612 Mon Sep 17 00:00:00 2001

From: Daniel Stenberg <daniel@haxx.se>

Date: Wed, 22 Apr 2015 13:58:10 +0200

Subject: [PATCH 2/2] connectionexists: follow-up to fd9d3a1ef1f

PROTOPT_CREDSPERREQUEST still needs to be checked even when NTLM is not

enabled.

Mistake-caught-by: Kamil Dudka

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

---

 lib/url.c | 11 +++++++----

 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/lib/url.c b/lib/url.c

index 93f15f1..7dc5c45 100644

--- a/lib/url.c

+++ b/lib/url.c

@@ -3210,9 +3210,11 @@ ConnectionExists(struct SessionHandle *data,

           continue;

       }

-#if defined(USE_NTLM)

-      if((!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) ||

-         (wantNTLMhttp || check->ntlm.state != NTLMSTATE_NONE)) {

+      if((!(needle->handler->flags & PROTOPT_CREDSPERREQUEST))

+#ifdef USE_NTLM

+         || (wantNTLMhttp || check->ntlm.state != NTLMSTATE_NONE)

+#endif

+        ) {

         /* This protocol requires credentials per connection or is HTTP+NTLM,

            so verify that we're using the same name and password as well */

         if(!strequal(needle->user, check->user) ||

@@ -3220,9 +3222,10 @@ ConnectionExists(struct SessionHandle *data,

           /* one of them was different */

           continue;

         }

+#if defined(USE_NTLM)

         credentialsMatch = TRUE;

-      }

 #endif

+      }

       if(!needle->bits.httpproxy || needle->handler->flags&PROTOPT_SSL ||

          (needle->bits.httpproxy && check->bits.httpproxy &&

-- 

2.0.5

# Locally calculated after checking pgp signature

sha256	32557d68542f5c6cc8437b5b8a945857b4c5c6b6276da909e35b783d1d66d08f	curl-7.42.0.tar.bz2

sha256	e2905973391ec2dfd7743a8034ad10eeb58dab8b3a297e7892a41a7999cac887	curl-7.42.1.tar.bz2

#

################################################################################

LIBCURL_VERSION = 7.42.0

LIBCURL_VERSION = 7.42.1

LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2

LIBCURL_SITE = http://curl.haxx.se/download

LIBCURL_DEPENDENCIES = host-pkgconf \