Commit c30e017a authored by Gustavo Zacarias's avatar Gustavo Zacarias Committed by Peter Korsgaard
Browse files

libcurl: security bump to version 7.39.0 



Fixes:
CVE-2014-3707 - libcurl's function curl_easy_duphandle() has a bug that
can lead to libcurl eventually sending off sensitive data that was not
intended for sending.

Removed patch that was upstream and now in the release.

Signed-off-by: default avatarGustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: default avatarVicente Olivert Riera <Vincent.Riera@imgtec.com>
Tested-by: default avatarVicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: default avatarPeter Korsgaard <peter@korsgaard.com>
parent 395c8805

package/libcurl/libcurl-0001-fixtimeout.patch

deleted100644 → 0
+0 −37
Original line number Diff line number Diff line 
This fixes a timeout problem with xbmc.



Backported from upstream:

https://github.com/bagder/curl/commit/d9762a7cdb35e70f8cb0bf1c2f8019e8391616e1



Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>





From d9762a7cdb35e70f8cb0bf1c2f8019e8391616e1 Mon Sep 17 00:00:00 2001

From: Daniel Stenberg <daniel@haxx.se>

Date: Tue, 23 Sep 2014 11:44:03 +0200

Subject: [PATCH] threaded-resolver: revert Curl_expire_latest() switch



The switch to using Curl_expire_latest() in commit cacdc27f52b was a

mistake and was against the advice even mentioned in that commit. The

comparison in asyn-thread.c:Curl_resolver_is_resolved() makes

Curl_expire() the suitable function to use.



Bug: http://curl.haxx.se/bug/view.cgi?id=1426

Reported-By: graysky

---

 lib/asyn-thread.c | 2 +-

 1 file changed, 1 insertion(+), 1 deletion(-)



diff --git a/lib/asyn-thread.c b/lib/asyn-thread.c

index e4ad32b..6cdc9ad 100644

--- a/lib/asyn-thread.c

+++ b/lib/asyn-thread.c

@@ -541,7 +541,7 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn,

       td->poll_interval = 250;

 

     td->interval_end = elapsed + td->poll_interval;

-    Curl_expire_latest(conn->data, td->poll_interval);

+    Curl_expire(conn->data, td->poll_interval);

   }

 

   return CURLE_OK;

package/libcurl/libcurl.hash

+1 −1
Original line number Diff line number Diff line 
# Locally calculated after checking pgp signature

sha256	035bd41e99aa1a4e64713f4cea5ccdf366ca8199e9be1b53d5a043d5165f9eba	curl-7.38.0.tar.bz2
 
sha256	b222566e7087cd9701b301dd6634b360ae118cc1cbc7697e534dc451102ea4e0	curl-7.39.0.tar.bz2

package/libcurl/libcurl.mk

+1 −1
Original line number Diff line number Diff line
@@ -4,7 +4,7 @@ 
#

################################################################################



LIBCURL_VERSION = 7.38.0

LIBCURL_VERSION = 7.39.0

LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2

LIBCURL_SITE = http://curl.haxx.se/download

LIBCURL_DEPENDENCIES = host-pkgconf \