* [Buildroot] [PATCHv2] libcurl: security bump to version 7.36.0
@ 2014-03-31 22:34 Gustavo Zacarias
2014-04-01 12:45 ` Thomas Petazzoni
0 siblings, 1 reply; 2+ messages in thread
From: Gustavo Zacarias @ 2014-03-31 22:34 UTC (permalink / raw)
To: buildroot
Fixes CVE-2014-0005, CVE-2014-0319, CVE-2014-1263 and CVE-2014-2522.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
package/libcurl/libcurl-01-disable-manual.patch | 31 +++++++++++++++++++++++++
package/libcurl/libcurl.mk | 2 +-
2 files changed, 32 insertions(+), 1 deletion(-)
create mode 100644 package/libcurl/libcurl-01-disable-manual.patch
diff --git a/package/libcurl/libcurl-01-disable-manual.patch b/package/libcurl/libcurl-01-disable-manual.patch
new file mode 100644
index 0000000..4872169
--- /dev/null
+++ b/package/libcurl/libcurl-01-disable-manual.patch
@@ -0,0 +1,31 @@
+Apply fix from 38d582ff541353d738858299d4a2b78bafac03ed to unbreak
+building with --disable-manual.
+We don't use the literal patch since that means re-generating files
+from the tarball that are usually shipped.
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+diff -Nura curl-7.36.0.orig/src/tool_hugehelp.c curl-7.36.0/src/tool_hugehelp.c
+--- curl-7.36.0.orig/src/tool_hugehelp.c 2014-03-31 19:28:23.018515093 -0300
++++ curl-7.36.0/src/tool_hugehelp.c 2014-03-31 19:28:09.994076200 -0300
+@@ -4165,6 +4165,10 @@
+ " these mailing lists instead of mailing any individual.\n"
+ , stdout) ;
+ }
++#else /* !USE_MANUAL */
++/* built-in manual is disabled, blank function */
++#include "tool_hugehelp.h"
++void hugehelp(void) {}
+ #endif /* USE_MANUAL */
+ #else
+ /*
+@@ -8192,5 +8196,9 @@
+ }
+ inflateEnd(&z);
+ }
++#else
++/* built-in manual is disabled, blank function */
++#include "tool_hugehelp.h"
++void hugehelp(void) {}
+ #endif /* USE_MANUAL */
+ #endif /* HAVE_LIBZ */
diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index 458dfb6..ab558fb 100644
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBCURL_VERSION = 7.35.0
+LIBCURL_VERSION = 7.36.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2
LIBCURL_SITE = http://curl.haxx.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
--
1.8.3.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [Buildroot] [PATCHv2] libcurl: security bump to version 7.36.0
2014-03-31 22:34 [Buildroot] [PATCHv2] libcurl: security bump to version 7.36.0 Gustavo Zacarias
@ 2014-04-01 12:45 ` Thomas Petazzoni
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni @ 2014-04-01 12:45 UTC (permalink / raw)
To: buildroot
Dear Gustavo Zacarias,
On Mon, 31 Mar 2014 19:34:58 -0300, Gustavo Zacarias wrote:
> Fixes CVE-2014-0005, CVE-2014-0319, CVE-2014-1263 and CVE-2014-2522.
>
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
> ---
> package/libcurl/libcurl-01-disable-manual.patch | 31 +++++++++++++++++++++++++
> package/libcurl/libcurl.mk | 2 +-
> 2 files changed, 32 insertions(+), 1 deletion(-)
> create mode 100644 package/libcurl/libcurl-01-disable-manual.patch
Applied, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-04-01 12:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-03-31 22:34 [Buildroot] [PATCHv2] libcurl: security bump to version 7.36.0 Gustavo Zacarias
2014-04-01 12:45 ` Thomas Petazzoni
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox