From patchwork Wed Nov  2 11:52:31 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
X-Patchwork-Id: 690375
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3t860w61qqz9vDn
	for <incoming@patchwork.ozlabs.org>;
	Wed,  2 Nov 2016 22:52:48 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by fraxinus.osuosl.org (Postfix) with ESMTP id 61411C1BA9;
	Wed,  2 Nov 2016 11:52:45 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from fraxinus.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id ai2tEedlYe-l; Wed,  2 Nov 2016 11:52:44 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by fraxinus.osuosl.org (Postfix) with ESMTP id 84C86C1B8F;
	Wed,  2 Nov 2016 11:52:44 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])
	by ash.osuosl.org (Postfix) with ESMTP id BDAC81C2D62
	for <buildroot@lists.busybox.net>;
	Wed,  2 Nov 2016 11:52:42 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by fraxinus.osuosl.org (Postfix) with ESMTP id B7372C1B2E
	for <buildroot@lists.busybox.net>;
	Wed,  2 Nov 2016 11:52:42 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from fraxinus.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 5RkUXAiVZZ_m for <buildroot@lists.busybox.net>;
	Wed,  2 Nov 2016 11:52:41 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mailapp01.imgtec.com (mailapp01.imgtec.com [195.59.15.196])
	by fraxinus.osuosl.org (Postfix) with ESMTP id 69DA3C1B31
	for <buildroot@buildroot.org>; Wed,  2 Nov 2016 11:52:41 +0000 (UTC)
Received: from HHMAIL01.hh.imgtec.org (unknown [10.100.10.19])
	by Forcepoint Email with ESMTPS id 1EEB3810FDFFD
	for <buildroot@buildroot.org>; Wed,  2 Nov 2016 11:52:36 +0000 (GMT)
Received: from vriera-linux.le.imgtec.org (192.168.154.36) by
	HHMAIL01.hh.imgtec.org (10.100.10.21) with Microsoft SMTP Server
	(TLS) id 14.3.294.0; Wed, 2 Nov 2016 11:52:38 +0000
From: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
To: <buildroot@buildroot.org>
Date: Wed, 2 Nov 2016 11:52:31 +0000
Message-ID: <20161102115231.1289-1-Vincent.Riera@imgtec.com>
X-Mailer: git-send-email 2.10.1
MIME-Version: 1.0
X-Originating-IP: [192.168.154.36]
Subject: [Buildroot] [PATCH] libcurl: bump version to 7.51.0 (security)
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

List of fixed CVEs:

CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host

Full ChangeLog:

https://curl.haxx.se/changes.html#7_51_0

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
---
 package/libcurl/libcurl.hash | 2 +-
 package/libcurl/libcurl.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash
index e2f2ecd..e128335 100644
--- a/package/libcurl/libcurl.hash
+++ b/package/libcurl/libcurl.hash
@@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256 7b7347d976661d02c84a1f4d6daf40dee377efdc45b9e2c77dedb8acf140d8ec  curl-7.50.3.tar.bz2
+sha256 7f8240048907e5030f67be0a6129bc4b333783b9cca1391026d700835a788dde  curl-7.51.0.tar.bz2
diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index 32a3022..d60000a 100644
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBCURL_VERSION = 7.50.3
+LIBCURL_VERSION = 7.51.0
 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2
 LIBCURL_SITE = http://curl.haxx.se/download
 LIBCURL_DEPENDENCIES = host-pkgconf \