Commit graph

5 commits

Author SHA1 Message Date
Dirk Neukirchen
6aebc6b16b curl: update to 7.49
fixes:
 CVE-2016-3739: TLS certificate check bypass with mbedTLS/PolarSSL

- remove crypto auth compile fix
curl changelog of 7.46 states its fixed

- fix mbedtls and cyassl usability #19621 :
add path to certificate file (from Mozilla via curl) and
provide this in a new package

tested on ar71xx w. curl/mbedtls/wolfssl

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
2016-05-19 16:56:34 +02:00
Hauke Mehrtens
a2b15e6c1d curl: upstep to latest version 7.48.0
Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 49182
2016-04-17 12:51:19 +00:00
Hauke Mehrtens
3a2e25bc77 curl: add support for mbedtls
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 48615
2016-02-01 22:37:41 +00:00
Hauke Mehrtens
97b14fd700 curl: update curl to version 7.43.0
This brings curl to version 7.43.0 and contains fixes for the following
security vulnerabilities:

CVE-2015-3236: lingering HTTP credentials in connection re-use
http://curl.haxx.se/docs/adv_20150617A.html

CVE-2015-3237: SMB send off unrelated memory contents
http://curl.haxx.se/docs/adv_20150617B.html

The 100-check_long_long patch is not needed any more, because the
upstream autoconf script already checks for long long when cyassl is
selected.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 46169
2015-07-03 23:21:01 +00:00
Felix Fietkau
632ba15a56 curl: replace polarssl run-time version check with a compile-time one
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45609
2015-05-05 10:12:49 +00:00