summaryrefslogtreecommitdiff
path: root/package/network/utils/curl
Commit message (Collapse)AuthorAgeFilesLines
* mbedtls: change libmbedcrypto.so soversion back to 0Hauke Mehrtens2018-04-141-1/+1
| | | | | | | | | | | | | | | | | | mbedtls changed in version 2.7.0 and 2.7.2 the soversion of the libmbedcrypto.so library, use the old version again to be able to use the new library with binaries compiled against the old mbedtls library. Some binaries got rebuild to for the 2.7.0 release and are now using libmbedcrypto.so.1, the older ones are still using libmbedcrypto.so.0. Go back to libmbedcrypto.so.0 and make the system rebuild the binaries which were rebuild for 2.7.0 again. This should make the libmbedcrypto.so library be compatible with the old version shipped with 17.01. Fixes: 3ca1438ae0 ("mbedtls: update to version 2.7.2") Fixes: f609913b5c ("mbedtls: update to version 2.7.0") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to version 2.7.0Hauke Mehrtens2018-03-101-1/+1
| | | | | | | | | | | | | | | | | | | This fixes the following security problems: * CVE-2018-0488: Risk of remote code execution when truncated HMAC is enabled * CVE-2018-0487: Risk of remote code execution when verifying RSASSA-PSS signatures This release is also ABI incompatible with the previous one, but it is API compatible. Some functions used by a lot of other software was renamed and the old function names are provided as a static inline now, but they are only active when deprecated functions are allowed, deactivate the removal of deprecated functions for now. Also increase the PKG_RELEASE version to force a rebuild and update of packages depending on mbedtls to handle the changed ABI. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* curl: fix libcurl/mbedtls async interfaceDarren Tucker2018-01-242-1/+28
| | | | | | | | | | | | When using mbedtls, curl's nonblocking interface will report a request as done immediately after the socket is written to and never read from the connection. This will result in a HTTP status code of 0 and zero length replies. Cherry-pick the patch from curl 7.53.0 to fix this (https://github.com/curl/curl/commit/b993d2cc). Fixes https://bugs.openwrt.org/index.php?do=details&task_id=1285. Signed-off-by: Darren Tucker <dtucker@dtucker.net>
* curl: apply CVE 2017-8816 and 2017-8817 security patchesStijn Segers2017-12-043-1/+209
| | | | | | | | | This commit adds the upstream patches for CVE 2017-8816 and 2017-8817 to the 17.01 Curl package. Compile-tested on ar71xx, ramips and x86. Signed-off-by: Stijn Segers <foss@volatilesystems.org>
* curl: fix security problemsHauke Mehrtens2017-09-303-1/+75
| | | | | | | | This fixes the following security problems: * CVE-2017-1000100 TFTP sends more than buffer size * CVE-2017-1000101 URL globbing out of bounds read Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* curl: fix CVE-2017-7407 and CVE-2017-7468Hauke Mehrtens2017-07-283-1/+430
| | | | | | | | This fixes the following security problems: * CVE-2017-7407: https://curl.haxx.se/docs/adv_20170403.html * CVE-2017-7468: https://curl.haxx.se/docs/adv_20170419.html Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* curl: fix CVE-2017-2629 SSL_VERIFYSTATUS ignoredHauke Mehrtens2017-03-133-5/+36
| | | | | | | This fixes the following security problem: https://curl.haxx.se/docs/adv_20170222.html Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* curl: fix HTTPS network timeouts with OpenSSLStijn Segers2017-01-161-0/+36
| | | | | | | | | Backport an upstream change to fix HTTPS timeouts with OpenSSL. Upstream curl bug #1174. Signed-off-by: Stijn Segers <francesco.borromini@inventati.org> [Jo-Philipp Wich: reword commit message, rename patch to 001-*] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* curl: Remove PolarSSL and adjust default to mbedTLSRosen Penev2017-01-034-30/+14
| | | | | | | luci-ssl has already made the switch since mainline support for PolarSSL is almost over (2016). Signed-off-by: Rosen Penev <rosenp@gmail.com>
* curl: update to version 7.52.1Hauke Mehrtens2017-01-022-4/+4
| | | | | | | | | | | This fixes the folowing security problems: CVE-2016-9586: printf floating point buffer overflow CVE-2016-9952: Win CE schannel cert wildcard matches too much CVE-2016-9953: Win CE schannel cert name out of buffer read CVE-2016-9594: unititialized random Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* treewide: clean up download hashesFelix Fietkau2016-12-161-1/+1
| | | | | | Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* curl: update to version 7.51.0Hauke Mehrtens2016-12-033-6/+6
| | | | | | | | | | | | | | | | | This fixes the following security problems: CVE-2016-8615: cookie injection for other servers CVE-2016-8616: case insensitive password comparison CVE-2016-8617: OOB write via unchecked multiplication CVE-2016-8618: double-free in curl_maprintf CVE-2016-8619: double-free in krb5 code CVE-2016-8620: glob parser write/read out of bounds CVE-2016-8621: curl_getdate read out of bounds CVE-2016-8622: URL unescape heap overflow via integer truncation CVE-2016-8623: Use-after-free via shared cookies CVE-2016-8624: invalid URL parsing with '#' CVE-2016-8625: IDNA 2003 makes curl use wrong host Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* curl: update to version 7.50.3Hauke Mehrtens2016-09-242-3/+3
| | | | | | | | | | | | | | This fixes the following security problems: 7.50.1: CVE-2016-5419 TLS session resumption client cert bypass CVE-2016-5420 Re-using connections with wrong client cert CVE-2016-5421 use of connection struct after free 7.50.2: CVE-2016-7141 Incorrect reuse of client certificates 7.50.3: CVE-2016-7167 curl escape and unescape integer overflows Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* curl: update to version 7.50.0Hauke Mehrtens2016-07-242-4/+4
| | | | | | | | | | | | | | Changelog: https://curl.haxx.se/changes.html old sizes: libcurl_7.49.0-1_mips_34kc_dsp.ipk 97569 curl_7.49.0-1_mips_34kc_dsp.ipk 37925 new sizes: libcurl_7.50.0-1_mips_34kc_dsp.ipk 97578 curl_7.50.0-1_mips_34kc_dsp.ipk 38017 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* curl: remove axtls config option, the library does not exist in our treeFelix Fietkau2016-05-192-6/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* curl: update to 7.49Dirk Neukirchen2016-05-194-40/+14
| | | | | | | | | | | | | | | | fixes: CVE-2016-3739: TLS certificate check bypass with mbedTLS/PolarSSL - remove crypto auth compile fix curl changelog of 7.46 states its fixed - fix mbedtls and cyassl usability #19621 : add path to certificate file (from Mozilla via curl) and provide this in a new package tested on ar71xx w. curl/mbedtls/wolfssl Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
* curl: remove file accidentally committed in r49197Hauke Mehrtens2016-04-191-162/+0
| | | | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 49199
* oxnas: add support for Akitio MyCloud miniHauke Mehrtens2016-04-191-0/+162
| | | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 49197
* curl: fix deprecated 'depends' syntaxHauke Mehrtens2016-04-171-1/+1
| | | | | | | | | This was introduced in r49183 Reported-by: swalker Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 49192
* curl: add flags to allow gc-sections to strip out unused codeHauke Mehrtens2016-04-171-1/+2
| | | | | | | Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 49184
* curl: add config option for NTLM supportHauke Mehrtens2016-04-172-1/+8
| | | | | | | Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 49183
* curl: upstep to latest version 7.48.0Hauke Mehrtens2016-04-174-7/+7
| | | | | | | Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 49182
* curl: add support for mbedtlsHauke Mehrtens2016-02-013-1/+17
| | | | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 48615
* curl: update curl to version 7.47.0Hauke Mehrtens2016-02-013-8/+8
| | | | | | | | | | | | | | This fixes the following security problems: CVE-2016-0754: remote file name path traversal in curl tool for Windows http://curl.haxx.se/docs/adv_20160127A.html CVE-2016-0755: NTLM credentials not-checked for proxy connection re-use http://curl.haxx.se/docs/adv_20160127B.html Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 48614
* curl: update curl to version 7.43.0Hauke Mehrtens2015-07-035-23/+13
| | | | | | | | | | | | | | | | | | | This brings curl to version 7.43.0 and contains fixes for the following security vulnerabilities: CVE-2015-3236: lingering HTTP credentials in connection re-use http://curl.haxx.se/docs/adv_20150617A.html CVE-2015-3237: SMB send off unrelated memory contents http://curl.haxx.se/docs/adv_20150617B.html The 100-check_long_long patch is not needed any more, because the upstream autoconf script already checks for long long when cyassl is selected. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 46169
* curl: replace polarssl run-time version check with a compile-time oneFelix Fietkau2015-05-051-0/+11
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45609
* curl: fix PKG_CONFIG_DEPENDSJohn Crispin2015-03-211-33/+33
| | | | | | Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> SVN-Revision: 44925
* cURL: implement new functionality with cleanup and fixesJohn Crispin2015-02-022-96/+155
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | remove obsolete configuration settings --disable-thread --enable-nonblocking --without-krb4 remove SSPI support only supported on windows correct --with/without-ca-path handling only supported with OpenSSL and PolarSSL correct LDAP/LDAPS protocol add dependency libopenldap added SCP/SFTP protocol default "No" depends on libssh2 added IDN support default "No" depends on libidn added SMB protocol (new in 7.40) default "No" require 'cryptographic authentication' and either 'GnuTLS' or 'OpenSSL' selected added Unix sockets support (new in 7.40) default "No" added error verbose messages default "No" changes to Makefile Increase PKG_RELEASE PKG_CONFIG_DEPENDS and CONFIGURE_ARGS extended for new functionality use "autoconf_bool" for all --enable/--disable options restructure for easier reading changes to Config.in extended for new functionality implement dependencies restructure and grouping for easier reading build tested on XUbuntu 14.10 x86 for x86 (generic) and ar71xx (WNDR3800) Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com> SVN-Revision: 44243
* curl: fix build with --disable-crypto-auth (#18838)Jo-Philipp Wich2015-01-291-0/+25
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 44192
* curl: fix typo in 2 config symbolsNicolas Thill2015-01-291-4/+4
| | | | | | Signed-off-by: Nicolas Thill <nico@openwrt.org> SVN-Revision: 44191
* cURL: Update to version 7.40.0John Crispin2015-01-284-17/+10
| | | | | | | | | | | * Update to version 7.40.0 * remove non existing config options around enable/disable HTTPS protocoll * remove --with-ca-path if ssl support disabled * set proxy support as default like all versions before CC did Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com> SVN-Revision: 44176
* curl: allow enabling https protocolJohn Crispin2015-01-172-0/+6
| | | | | | | | Provide optional --enable-https flag for curl. Signed-off-by: Lars Kruse <devel@sumpfralle.de> SVN-Revision: 43997
* package/*: replace occurences of 'ln -sf' to '$(LN)'Nicolas Thill2014-11-061-1/+1
| | | | | | Signed-off-by: Nicolas Thill <nico@openwrt.org> SVN-Revision: 43205
* curl: only set ca path for opensslFelix Fietkau2014-09-251-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 42662
* curl: use the system certificatesFelix Fietkau2014-09-251-0/+1
| | | | | | Signed-off-by: Cristian Morales Vega <cristian@samknows.com> SVN-Revision: 42661
* curl: 7.36.0 -> 7.38.0Hauke Mehrtens2014-09-135-65/+7
| | | | | | | | | | | | | | | | | | Main changes: - URL parser: IPv6 zone identifiers are now supported - cyassl: Use error-ssl.h when available (drop local patch) - polarssl: support CURLOPT_CAPATH / --capath - mkhelp: generate code for --disable-manual as well (drop local patch) Full release notes: http://curl.haxx.se/changes.html MIPS 34kc binary size: - 7.36.0 before: 82,539 bytes - 7.38.0 after: 83,321 bytes Signed-off-by: Catalin Patulea <cat@vv.carleton.ca> SVN-Revision: 42517
* curl: move to core packagesJo-Philipp Wich2014-06-116-0/+363
SVN-Revision: 41143
generated by cgit v1.1 at 2024-07-09 23:20:05 +0000