libcurl: security bump to version 7.38.0

Fixes: CVE-2014-3613 cookie leak with IP address as domain CVE-2014-3620 cookie leak for TLDs Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-09-10 12:21:31 -03:00 · 2014-09-10 12:21:31 -03:00 · 9185b64ed5
parent c37ad31697
commit 9185b64ed5
2 changed files with 1 additions and 42 deletions
--- a/package/libcurl/libcurl-0001-build-link-curl-to-NSS-libraries-when-NSS-support.patch
+++ b/package/libcurl/libcurl-0001-build-link-curl-to-NSS-libraries-when-NSS-support.patch
@ -1,41 +0,0 @@
-From c6e7cbb94e669b85d3eb8e015ec51d0072112133 Mon Sep 17 00:00:00 2001
-From: Alessandro Ghedini <alessandro@ghedini.me>
-Date: Thu, 17 Jul 2014 14:37:28 +0200
-Subject: [PATCH] build: link curl to NSS libraries when NSS support is enabled
-
-This fixes a build failure on Debian caused by commit
-24c3cdce88f39731506c287cb276e8bf4a1ce393.
-
-Bug: http://curl.haxx.se/mail/lib-2014-07/0209.html
---
-diff --git a/configure.ac b/configure.ac
-index c3cccfb..b78f56d 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -2078,6 +2078,10 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
-       if test "x$USE_NSS" = "xyes"; then
-         AC_MSG_NOTICE([detected NSS version $version])
- 
-+        dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS
-+        NSS_LIBS=$addlib
-+        AC_SUBST([NSS_LIBS])
-+
-         dnl when shared libs were found in a path that the run-time
-         dnl linker doesn't search through, we need to add it to
-         dnl LD_LIBRARY_PATH to prevent further configure tests to fail
-diff --git a/src/Makefile.am b/src/Makefile.am
-index d8c0c7d..f96618e 100644
--- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -62,7 +62,7 @@ LIBS = $(BLANK_AT_MAKETIME)
- if USE_EXPLICIT_LIB_DEPS
- curl_LDADD = $(top_builddir)/lib/libcurl.la @LIBMETALINK_LIBS@ @LIBCURL_LIBS@
- else
-curl_LDADD = $(top_builddir)/lib/libcurl.la @LIBMETALINK_LIBS@ @ZLIB_LIBS@ @CURL_NETWORK_AND_TIME_LIBS@
-+curl_LDADD = $(top_builddir)/lib/libcurl.la @LIBMETALINK_LIBS@ @NSS_LIBS@ @ZLIB_LIBS@ @CURL_NETWORK_AND_TIME_LIBS@
- endif
- 
- curl_LDFLAGS = @LIBMETALINK_LDFLAGS@
-- 
-1.8.5.5
-
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-LIBCURL_VERSION = 7.37.1
+LIBCURL_VERSION = 7.38.0
 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2
 LIBCURL_SITE = http://curl.haxx.se/download
 LIBCURL_DEPENDENCIES = host-pkgconf \