mirror of https://github.com/hak5/openwrt.git
curl: update to 7.49
fixes: CVE-2016-3739: TLS certificate check bypass with mbedTLS/PolarSSL - remove crypto auth compile fix curl changelog of 7.46 states its fixed - fix mbedtls and cyassl usability #19621 : add path to certificate file (from Mozilla via curl) and provide this in a new package tested on ar71xx w. curl/mbedtls/wolfssl Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>lede-17.01
parent
9d37095fd0
commit
6aebc6b16b
|
@ -8,7 +8,7 @@
|
||||||
include $(TOPDIR)/rules.mk
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
PKG_NAME:=curl
|
PKG_NAME:=curl
|
||||||
PKG_VERSION:=7.48.0
|
PKG_VERSION:=7.49.0
|
||||||
PKG_RELEASE:=1
|
PKG_RELEASE:=1
|
||||||
|
|
||||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
|
||||||
|
@ -18,7 +18,7 @@ PKG_SOURCE_URL:=http://curl.haxx.se/download/ \
|
||||||
ftp://ftp.planetmirror.com/pub/curl/ \
|
ftp://ftp.planetmirror.com/pub/curl/ \
|
||||||
http://www.mirrormonster.com/curl/download/ \
|
http://www.mirrormonster.com/curl/download/ \
|
||||||
http://curl.mirrors.cyberservers.net/download/
|
http://curl.mirrors.cyberservers.net/download/
|
||||||
PKG_MD5SUM:=d42e0fc34a5cace5739631cc040974fe
|
PKG_MD5SUM:=7416aaff4a9210b43edda7615ffa4169
|
||||||
|
|
||||||
PKG_LICENSE:=MIT
|
PKG_LICENSE:=MIT
|
||||||
PKG_LICENSE_FILES:=COPYING
|
PKG_LICENSE_FILES:=COPYING
|
||||||
|
@ -109,7 +109,6 @@ CONFIGURE_ARGS += \
|
||||||
--enable-shared \
|
--enable-shared \
|
||||||
--enable-static \
|
--enable-static \
|
||||||
--disable-manual \
|
--disable-manual \
|
||||||
--without-ca-bundle \
|
|
||||||
--without-nss \
|
--without-nss \
|
||||||
--without-libmetalink \
|
--without-libmetalink \
|
||||||
--without-librtmp \
|
--without-librtmp \
|
||||||
|
@ -117,11 +116,11 @@ CONFIGURE_ARGS += \
|
||||||
$(call autoconf_bool,CONFIG_IPV6,ipv6) \
|
$(call autoconf_bool,CONFIG_IPV6,ipv6) \
|
||||||
\
|
\
|
||||||
$(if $(CONFIG_LIBCURL_AXTLS),--with-axtls="$(STAGING_DIR)/usr" --without-ca-path,--without-axtls) \
|
$(if $(CONFIG_LIBCURL_AXTLS),--with-axtls="$(STAGING_DIR)/usr" --without-ca-path,--without-axtls) \
|
||||||
$(if $(CONFIG_LIBCURL_CYASSL),--with-cyassl="$(STAGING_DIR)/usr" --without-ca-path,--without-cyassl) \
|
$(if $(CONFIG_LIBCURL_CYASSL),--with-cyassl="$(STAGING_DIR)/usr" --without-ca-path --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt,--without-cyassl) \
|
||||||
$(if $(CONFIG_LIBCURL_GNUTLS),--with-gnutls="$(STAGING_DIR)/usr" --with-ca-path=/etc/ssl/certs,--without-gnutls) \
|
$(if $(CONFIG_LIBCURL_GNUTLS),--with-gnutls="$(STAGING_DIR)/usr" --without-ca-bundle --with-ca-path=/etc/ssl/certs,--without-gnutls) \
|
||||||
$(if $(CONFIG_LIBCURL_OPENSSL),--with-ssl="$(STAGING_DIR)/usr" --with-ca-path=/etc/ssl/certs,--without-ssl) \
|
$(if $(CONFIG_LIBCURL_OPENSSL),--with-ssl="$(STAGING_DIR)/usr" --without-ca-bundle --with-ca-path=/etc/ssl/certs,--without-ssl) \
|
||||||
$(if $(CONFIG_LIBCURL_POLARSSL),--with-polarssl="$(STAGING_DIR)/usr" --with-ca-path=/etc/ssl/certs,--without-polarssl) \
|
$(if $(CONFIG_LIBCURL_POLARSSL),--with-polarssl="$(STAGING_DIR)/usr" --without-ca-bundle --with-ca-path=/etc/ssl/certs,--without-polarssl) \
|
||||||
$(if $(CONFIG_LIBCURL_MBEDTLS),--with-mbedtls="$(STAGING_DIR)/usr" --without-ca-path,--without-mbedtls) \
|
$(if $(CONFIG_LIBCURL_MBEDTLS),--with-mbedtls="$(STAGING_DIR)/usr" --without-ca-path --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt,--without-mbedtls) \
|
||||||
\
|
\
|
||||||
$(if $(CONFIG_LIBCURL_LIBIDN),--with-libidn="$(STAGING_DIR)/usr",--without-libidn) \
|
$(if $(CONFIG_LIBCURL_LIBIDN),--with-libidn="$(STAGING_DIR)/usr",--without-libidn) \
|
||||||
$(if $(CONFIG_LIBCURL_SSH2),--with-libssh2="$(STAGING_DIR)/usr",--without-libssh2) \
|
$(if $(CONFIG_LIBCURL_SSH2),--with-libssh2="$(STAGING_DIR)/usr",--without-libssh2) \
|
||||||
|
|
|
@ -3,8 +3,8 @@
|
||||||
@@ -150,7 +150,7 @@ CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP)
|
@@ -150,7 +150,7 @@ CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP)
|
||||||
bin_SCRIPTS = curl-config
|
bin_SCRIPTS = curl-config
|
||||||
|
|
||||||
SUBDIRS = lib src include scripts
|
SUBDIRS = lib src include
|
||||||
-DIST_SUBDIRS = $(SUBDIRS) tests packages docs
|
-DIST_SUBDIRS = $(SUBDIRS) tests packages docs scripts
|
||||||
+DIST_SUBDIRS = $(SUBDIRS) packages
|
+DIST_SUBDIRS = $(SUBDIRS) packages
|
||||||
|
|
||||||
pkgconfigdir = $(libdir)/pkgconfig
|
pkgconfigdir = $(libdir)/pkgconfig
|
||||||
|
@ -14,9 +14,9 @@
|
||||||
@@ -611,7 +611,7 @@ CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP)
|
@@ -611,7 +611,7 @@ CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP)
|
||||||
|
|
||||||
bin_SCRIPTS = curl-config
|
bin_SCRIPTS = curl-config
|
||||||
SUBDIRS = lib src include scripts
|
SUBDIRS = lib src include
|
||||||
-DIST_SUBDIRS = $(SUBDIRS) tests packages docs
|
-DIST_SUBDIRS = $(SUBDIRS) tests packages docs scripts
|
||||||
+DIST_SUBDIRS = $(SUBDIRS) packages
|
+DIST_SUBDIRS = $(SUBDIRS) packages
|
||||||
pkgconfigdir = $(libdir)/pkgconfig
|
pkgconfigdir = $(libdir)/pkgconfig
|
||||||
pkgconfig_DATA = libcurl.pc
|
pkgconfig_DATA = libcurl.pc
|
||||||
LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c \
|
LIB_VAUTH_CFILES = vauth/vauth.c vauth/cleartext.c vauth/cram.c \
|
||||||
|
|
|
@ -1,25 +0,0 @@
|
||||||
--- a/lib/curl_ntlm_msgs.c
|
|
||||||
+++ b/lib/curl_ntlm_msgs.c
|
|
||||||
@@ -573,7 +573,7 @@ CURLcode Curl_sasl_create_ntlm_type3_mes
|
|
||||||
else
|
|
||||||
#endif
|
|
||||||
|
|
||||||
-#if USE_NTRESPONSES && USE_NTLM2SESSION
|
|
||||||
+#if USE_NTRESPONSES && USE_NTLM2SESSION && !defined(CURL_DISABLE_CRYPTO_AUTH)
|
|
||||||
/* We don't support NTLM2 if we don't have USE_NTRESPONSES */
|
|
||||||
if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) {
|
|
||||||
unsigned char ntbuffer[0x18];
|
|
||||||
--- a/lib/vtls/vtls.c
|
|
||||||
+++ b/lib/vtls/vtls.c
|
|
||||||
@@ -921,9 +921,9 @@ CURLcode Curl_ssl_md5sum(unsigned char *
|
|
||||||
unsigned char *md5sum, /* output */
|
|
||||||
size_t md5len)
|
|
||||||
{
|
|
||||||
-#ifdef curlssl_md5sum
|
|
||||||
+#if defined(curlssl_md5sum)
|
|
||||||
curlssl_md5sum(tmp, tmplen, md5sum, md5len);
|
|
||||||
-#else
|
|
||||||
+#elif !defined(CURL_DISABLE_CRYPTO_AUTH)
|
|
||||||
MD5_context *MD5pw;
|
|
||||||
|
|
||||||
(void) md5len;
|
|
|
@ -1,6 +1,6 @@
|
||||||
--- a/lib/vtls/polarssl.c
|
--- a/lib/vtls/polarssl.c
|
||||||
+++ b/lib/vtls/polarssl.c
|
+++ b/lib/vtls/polarssl.c
|
||||||
@@ -592,7 +592,7 @@ void Curl_polarssl_session_free(void *pt
|
@@ -653,7 +653,7 @@ void Curl_polarssl_session_free(void *pt
|
||||||
|
|
||||||
size_t Curl_polarssl_version(char *buffer, size_t size)
|
size_t Curl_polarssl_version(char *buffer, size_t size)
|
||||||
{
|
{
|
||||||
|
@ -11,7 +11,7 @@
|
||||||
version>>24, (version>>16)&0xff, (version>>8)&0xff);
|
version>>24, (version>>16)&0xff, (version>>8)&0xff);
|
||||||
--- a/lib/vtls/mbedtls.c
|
--- a/lib/vtls/mbedtls.c
|
||||||
+++ b/lib/vtls/mbedtls.c
|
+++ b/lib/vtls/mbedtls.c
|
||||||
@@ -712,7 +712,7 @@ void Curl_mbedtls_session_free(void *ptr
|
@@ -701,7 +701,7 @@ void Curl_mbedtls_session_free(void *ptr
|
||||||
|
|
||||||
size_t Curl_mbedtls_version(char *buffer, size_t size)
|
size_t Curl_mbedtls_version(char *buffer, size_t size)
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue