aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Baruch Siach <baruch@tkos.co.il>2017-08-10 20:35:45 +0300
committerGravatar Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>2017-08-11 12:42:34 +0200
commitd88c79090add53947dc3290fb61d51f2b630301c (patch)
treeefc572c7018b1390d32659212cd68e9f9b106853
parentff4cccbdcf5417a5a8c251ff302791a306023cc1 (diff)
downloadbuildroot-d88c79090add53947dc3290fb61d51f2b630301c.tar.gz
buildroot-d88c79090add53947dc3290fb61d51f2b630301c.tar.bz2
libcurl: security bump to version 7.55.0
Fixes: glob: do not parse after a strtoul() overflow range (CVE-2017-1000101) tftp: reject file name lengths that don't fit (CVE-2017-1000100) file: output the correct buffer to the user (CVE-2017-1000099) Switch to .tar.xz to save bandwidth. Add reference to tarball signature. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
-rw-r--r--package/libcurl/libcurl.hash3
-rw-r--r--package/libcurl/libcurl.mk4
2 files changed, 4 insertions, 3 deletions
diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash
index 1b8d80fc96..6d49b67428 100644
--- a/package/libcurl/libcurl.hash
+++ b/package/libcurl/libcurl.hash
@@ -1,2 +1,3 @@
# Locally calculated after checking pgp signature
-sha256 fdfc4df2d001ee0c44ec071186e770046249263c491fcae48df0e1a3ca8f25a0 curl-7.54.1.tar.bz2
+# https://curl.haxx.se/download/curl-7.55.0.tar.xz.asc
+sha256 cdd58522f8607fd4e871df79d73acb3155075e2134641e5adab12a0962df059d curl-7.55.0.tar.xz
diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index 684844919e..dd0ccbfa46 100644
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -4,8 +4,8 @@
#
################################################################################
-LIBCURL_VERSION = 7.54.1
-LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2
+LIBCURL_VERSION = 7.55.0
+LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
LIBCURL_SITE = https://curl.haxx.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
$(if $(BR2_PACKAGE_ZLIB),zlib) \