| Age | Commit message (Collapse) | Author |
|---|
|
CVE-2014-3707
CVE-2014-8150
CVE-2015-3153
not affected by: CVE-2014-8151
(From OE-Core rev: cfcda9db45350d03158569c8c01e448cb426de5a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes below listed bugs:
1. CVE-2015-3143
2. CVE-2015-3144
3. CVE-2015-3145
Dropped: 4. CVE-2015-3148
SPNEGO was introduced in 7.39 so this version not affected
(From OE-Core rev: e525ef63ed2b4f3a250caf0748637b7f16b34d90)
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Somehow the patch line endings got messed up during merge. This restores
the delta.
(From OE-Core rev: 5dee4e241d64e6144d74967cca583d249689773a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs), thus
making them apply broader than cookies are allowed. This can allow arbitrary
sites to set cookies that then would get sent to a different and unrelated site
or domain.
(From OE-Core rev: ddbaade8afbc9767583728bfdc220639203d6853)
(From OE-Core rev: db194a3af25a37ff2d6f091ef021894967ca5910)
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
By not detecting and rejecting domain names for partial literal IP addresses
properly when parsing received HTTP cookies, libcurl can be fooled to both
sending cookies to wrong sites and into allowing arbitrary sites to set cookies
for others.
(From OE-Core rev: 985ef933208da1dd1f17645613ce08e6ad27e2c1)
(From OE-Core rev: 7c4dfa64fd88066f2e0fbc917d8660f5b35e00c4)
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The user can enable libssh2 via conf/local.conf or custom distro
configuration, this will pull in libssh2, which is not used by default.
For example, a curl_x.y.z.bbappend file containing the following line:
PACKAGECONFIG += "libssh2"
(From OE-Core rev: d425e005d274cac0ef7160f53c41bda175444f69)
Signed-off-by: Fabrice Coulon <fabrice.coulon@axis.com>
Signed-off-by: Olof Johansson <olof.johansson@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Otherwise this is a non-deterministic build dependency.
(From OE-Core rev: 8521d4d6b73c93ae60cca3d04673cdd02c27446c)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 482493b54d97c455bf4849efed3e543340412d7b)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 3682d661f3b3a6fa7d9ef37968746cbaf1ede078)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add a zlib PACKAGECONFIG control and update PACKAGECONFIG[ssl] to
include the openssl dependency. Older hardcoded DEPENDS can then
be removed.
(From OE-Core rev: e668c79de927eff635f29fb5ff001f6b106ccc81)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This will allow curl run as nativesdk and fixes the following:
fatal: unable to access 'https://...': Protocol https not supported or disabled in libcurl
(From OE-Core rev: 76a702f4cde7ca8dd2946633f489386e43b6be26)
Signed-off-by: João Henrique Ferreira de Freitas <joaohf@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove unused "remove_inappropriate_file_from_rel.patch"
(From OE-Core rev: ad1b9480f2ef5a4450f8b31ef7b3141ee7462b4f)
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 2cd9141c8a8b9639c95cb68496f0392ba26595dc)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This will allow for easier configuration of curl for SSL vs gnutls
[YOCTO #6329]
(From OE-Core rev: 6a8144390eb2dee6e1baf7be75cffcacbb247002)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove patches that are fixed upstream
(From OE-Core rev: d5d169af2b34596deb3997c2bfa7398c447c4fac)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
By default ipv6 is auto detected for native builds but disabled when
cross compiling.
This commit adds a PACKAGECONFIG option, unconditionally enabled for
native and nativesdk builds and controlled by the ipv6 DISTRO feature
for target builds.
(From OE-Core rev: f8377e96b353f8cf4a5812fa14c1c0405f769096)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is the adaptation for the a bugfix upstream
The inappropriate file src/tool_hugehelp.c presence in the curl 7.36 release
interfered with the upstream fix for
https://sourceforge.net/p/curl/bugs/1350/
(From OE-Core rev: c5a52f5b5ae7c5528bc59ee7fb69a2f460a89b81)
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Mostly cosmetic, but entries in PACKAGES should be specified the exact same way as FILES/RRECOMMENDS entries to avoid problems.
(From OE-Core rev: 4d2a7f47a9830788455afe00a7c6a857cebbcb81)
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
mkhelp: generate code for --disable-manual as well
This allows configure --disable-manual to run and build without having
to regenerate the src/tool_hugehelp.c file which otherwise is necessary
since we ship tarballs with that file present.
(From OE-Core rev: 544a96255203a6779d1f0022d003c6680f330511)
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: a4b5173dcba0384589debceebf90e98a2cbadd63)
Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 5223646626693a5783919a600fb080a4c6dff06d)
Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
point CA bundle to /etc/ssl/certs/ca-certificates.crt instead of using the buildhost location, Configure would look at the buildhost and hardcode the bundle location for there into the target. This leads to non-working https support.
Also remove the empty and now useless curl-certs packages since it's empty and no ALLOW_EMPTY has been set.
Apart from making https work again with curl cmdline this also fixes libcurl which means git can fetch https repos as well instead of erroring out.
(From OE-Core rev: 2325c1ee13bc3a8474238e8a6c20b6a3c671bf07)
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
curl/curlbuild.h conflicts between 32-bit and 64-bit versions.
(From OE-Core rev: 8b2e163338331fde05e47a4843f6bd1c9b4f9333)
Signed-off-by: Baogen Shang <baogen.shang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 6c91bbe8d7c03c9f67715c7648d9a83781fcfad3)
Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A lot of our recipes had short one-line DESCRIPTION values and no
SUMMARY value set. In this case it's much better to just set SUMMARY
since DESCRIPTION is defaulted from SUMMARY anyway and then the SUMMARY
is at least useful. I also took the opportunity to fix up a lot of the
new SUMMARY values, making them concisely explain the function of the
recipe / package where possible.
(From OE-Core rev: b8feee3cf21f70ba4ec3b822d2f596d4fc02a292)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 5b7ae85d1de82de0e78f7aaec01c5510445ceb21)
Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 4ec7eeea49be0bddb688b5bda5d423c4c7f4695d)
Signed-off-by: Marko Lindqvist <cazfi74@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: f4a1257c20d3de9969d4cfe2d5240791d0d22d37)
Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add upstream-status to configure_ac.patch.
(From OE-Core rev: 8fc6904fe97438478119db6cd23b7b4eb33b50aa)
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
0001-Fix-NULL-pointer-reference-when-closing-an-unused-mu.patch now
part of upstream.
(From OE-Core rev: 2d79a2f88b6676847ef868d3cc6475bd643b28a3)
Signed-off-by: Marko Lindqvist <cazfi74@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* e.g. ecore, efreet segfault a lot without this patch
(From OE-Core rev: b93011d3e719c46089ccdb39c60d3a9e9cfa5a14)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- obsolete_automake_macros.patch removed as it's part of upstream.
- dont_override_ac_config_macro_dir.patch removed as no longer needed.
- pkgconfig_fix.patch updated to apply cleanly
(From OE-Core rev: b0c541236b4c4670ce77f55886b6ce02c562b8c2)
Signed-off-by: Marko Lindqvist <cazfi74@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add obsolete_automake_macros.patch that replaces automake macros
no longer supported by automake-1.13 with modern constructs.
Remove AC_CONFIG_MACRO_DIR override that caused aclocal to fail
since it didn't get m4-directory information.
(From OE-Core rev: 54a945a5e67c44be3e0b21114b7ca3abf8d99ada)
Signed-off-by: Marko Lindqvist <cazfi74@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 2cb1285195439faa48571acc5346d25b4de214b4)
Signed-off-by: Marko Lindqvist <cazfi74@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: f09b09c96996a9bb30fbad50de957faf0b31389e)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Do not invoke CURL_SET_COMPILER_DEBUG_OPTS in configure.ac.
This will allow debug options set in our CFLAGS to be
used.
(From OE-Core rev: ba151faad47e6874b295ebd9699ce154bc4ff741)
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The overrides virtclass-native and virtclass-nativesdk are deprecated,
which should be replaced by class-native and class-nativesdk.
NOTE:
There were 2 errors in libcap.inc, the BUILD_LDFLAGS_virtclass_native
should be BUILD_LDFLAGS_virtclass-native (the "_" should be "-"),
otherwise it doesn't work, and the value was: "-Wl,rpath=...", this is
incorrect, it shoudl be: "-Wl,-rpath=..." (lacked a - ), but we don't
need this line, since it is already in the default BUILD_LDFLAGS. Remove
it and we don't need to bump the PR since we just removed a unused line.
[YOCTO #3297]
(From OE-Core rev: cafb550fe9034754933f1708446dde155dcc3d51)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
As discussed on the mailing lists, using a suffix to package names is
hard and has lead to many recipes having to do PKGSUFFIX games. Its
looking extremely hard to scale nativesdk much further without hacking
many recipes.
By comparison, using a prefix like multilib does works much better and
doesn't involve "hacking" as many recipes. This change converts nativesdk
to use a prefix using the existing multilib infrastructure.
(From OE-Core rev: 81813c0e322dc04ce4b069117188d8a54dfddb8c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* openldap from meta-oe is autodetected and then libldap-2.4-2 runtime dependency added to curl and almost all meta-efl recipes
(From OE-Core rev: 666b67179d4492e4d950b94457ebf8cac6454f7d)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Config system changed from 7.24.0 and the noldlibpatch
is no longer needed, thus deleted.
(From OE-Core rev: 0d2d59420b5924491ccd5c091c823b9c277a6721)
Signed-off-by: Alexandru DAMIAN <alexandru.damian@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 760ee565b9c29f65e4c019c080274d5144f8c0ff)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since gnutls is available on the target use it, but we do not build gnutls for
the native side as it adds too many dependecies, so use openssl.
(From OE-Core rev: 87610064a435f8b8b5694e4d6627e53b25d8f713)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch enables ssl support for curl to allow git to clone from
https / ssl sites. We do not want to enable gnutls for native or
nativesdk, as it adds additional dependency and increase build time
[YOCTO #2532]
(From OE-Core rev: 653786096cb13560537905410e737e0dd9a9cf57)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: ade51262effbf809c23bcf879ba43b7945e459ff)
Signed-off-by: Shane Wang <shane.wang@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 1da6a2dbd5e7aeea6cd45ca05590bdd50b67bf89)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: cf4b60ef5665809e8b64d5f02082e119966aa3b9)
Signed-off-by: Mei Lei <lei.mei@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
[RP: md5sum checksum fix]
(From OE-Core rev: 3d06166ca2bad8477c06d70e2335edcacc4e4241)
Signed-off-by: Mei Lei <lei.mei@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When supporting multilib, ${PN} will be extended with MLPREFIX. However
if a package name contains ${PN} with styles like lib${PN}, such
extension will cause error. Use BPN in this case.
(From OE-Core rev: 618de3f788a22127def8244c0d6ebd3608ed5577)
Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: a891b42af30fb6de6a600b9a64afc457da3003a2)
Signed-off-by: Mei Lei <lei.mei@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
from 7.21.2
(From OE-Core rev: 7b26788c52136eb6a95507758936756b3dfcbaa4)
Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Armin Kuster
Maxin B. John
Richard Purdie
Chong Lu
Fabrice Coulon
Ross Burton
Andre McCurdy
João Henrique Ferreira de Freitas
Saul Wold
Tudor Florea
Koen Kooi
Cristiana Voicu
Baogen Shang
Paul Eggleton
Marko Lindqvist
Joe Slater
Martin Jansa
Robert Yang
Alexandru DAMIAN
Shane Wang
Mei Lei
Dongxiao Xu
Qing He