Commit fba3da56 authored by Gustavo Zacarias's avatar Gustavo Zacarias Committed by Peter Korsgaard
Browse files

libcurl: bump to version 7.33.0 



Signed-off-by: default avatarGustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: default avatarPeter Korsgaard <peter@korsgaard.com>
parent 4b9c124a

package/libcurl/libcurl-0001-CVE-2013-4545.patch

deleted100644 → 0
+0 −32
Original line number Diff line number Diff line 
From 3c3622b66221d89509cffaa693fc7dcd5c5b96cf Mon Sep 17 00:00:00 2001

From: Daniel Stenberg <daniel@haxx.se>

Date: Wed, 2 Oct 2013 15:31:10 +0200

Subject: [PATCH] OpenSSL: acknowledge CURLOPT_SSL_VERIFYHOST without

 VERIFYPEER



Setting only CURLOPT_SSL_VERIFYHOST without CURLOPT_SSL_VERIFYPEER set

should still verify that the host name fields in the server certificate

is fine or return failure.



Bug: http://curl.haxx.se/mail/lib-2013-10/0002.html

Reported-by: Ishan SinghLevett

---

 lib/ssluse.c | 2 +-

 1 file changed, 1 insertion(+), 1 deletion(-)



diff --git a/lib/ssluse.c b/lib/ssluse.c

index 4f3c1e1..9974ac8 100644

--- a/lib/ssluse.c

+++ b/lib/ssluse.c

@@ -2351,7 +2351,7 @@ ossl_connect_step3(struct connectdata *conn,

    * operations.

    */

 

-  if(!data->set.ssl.verifypeer)

+  if(!data->set.ssl.verifypeer && !data->set.ssl.verifyhost)

     (void)servercert(conn, connssl, FALSE);

   else

     retcode = servercert(conn, connssl, TRUE);

-- 

1.8.3.2

package/libcurl/libcurl.mk

+1 −1
Original line number Diff line number Diff line
@@ -4,7 +4,7 @@ 
#

################################################################################



LIBCURL_VERSION = 7.32.0

LIBCURL_VERSION = 7.33.0

LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2

LIBCURL_SITE = http://curl.haxx.se/download

LIBCURL_DEPENDENCIES = host-pkgconf \