From patchwork Thu Nov  3 12:56:15 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jeroen Roovers <jer@airfi.aero>
X-Patchwork-Id: 690820
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3t8lNB1SQGz9t0q
	for <incoming@patchwork.ozlabs.org>;
	Thu,  3 Nov 2016 23:56:42 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by silver.osuosl.org (Postfix) with ESMTP id DCC5C32B88;
	Thu,  3 Nov 2016 12:56:37 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id fVq0xems3dRQ; Thu,  3 Nov 2016 12:56:33 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by silver.osuosl.org (Postfix) with ESMTP id 0138432B56;
	Thu,  3 Nov 2016 12:56:30 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])
	by ash.osuosl.org (Postfix) with ESMTP id 025AD1C16C7
	for <buildroot@lists.busybox.net>;
	Thu,  3 Nov 2016 12:56:28 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by fraxinus.osuosl.org (Postfix) with ESMTP id F3C6A8A00A
	for <buildroot@lists.busybox.net>;
	Thu,  3 Nov 2016 12:56:27 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from fraxinus.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 7t27gHaEg3uZ for <buildroot@lists.busybox.net>;
	Thu,  3 Nov 2016 12:56:27 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from lb3-smtp-cloud6.xs4all.net (lb3-smtp-cloud6.xs4all.net
	[194.109.24.31])
	by fraxinus.osuosl.org (Postfix) with ESMTPS id B3DA189E4F
	for <buildroot@uclibc.org>; Thu,  3 Nov 2016 12:56:26 +0000 (UTC)
Received: from rej.fritz.box ([212.238.182.54])
	by smtp-cloud6.xs4all.net with ESMTP
	id 3QwK1u00v1ApoRw01QwQ2t; Thu, 03 Nov 2016 13:56:24 +0100
From: Jeroen Roovers <jer@airfi.aero>
To: buildroot@uclibc.org
Date: Thu,  3 Nov 2016 13:56:15 +0100
Message-Id: <20161103125615.21592-3-jer@airfi.aero>
X-Mailer: git-send-email 2.10.2
In-Reply-To: <20161103125615.21592-1-jer@airfi.aero>
References: <20161103125615.21592-1-jer@airfi.aero>
Cc: Jeroen Roovers <jer@airfi.aero>
Subject: [Buildroot] [PATCH v2 2/2] libcurl: Use libidn2 instead of libidn
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

CVE-2016-8625 (IDNA 2003 makes curl use wrong host) was fixed by switching from
libidn to libidn2. The advisory[1] does not mention this but the related
commit[2] does.

[1] https://curl.haxx.se/docs/adv_20161102K.html
[2] https://github.com/curl/curl/commit/9c91ec778104ae3b744b39444d544e82d5ee9ece

Signed-off-by: Jeroen Roovers <jer@airfi.aero>
---
 package/libcurl/libcurl.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index d60000a..f5433ef 100644
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -9,7 +9,7 @@ LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.bz2
 LIBCURL_SITE = http://curl.haxx.se/download
 LIBCURL_DEPENDENCIES = host-pkgconf \
 	$(if $(BR2_PACKAGE_ZLIB),zlib) \
-	$(if $(BR2_PACKAGE_LIBIDN),libidn) \
+	$(if $(BR2_PACKAGE_LIBIDN2),libidn2) \
 	$(if $(BR2_PACKAGE_RTMPDUMP),rtmpdump)
 LIBCURL_LICENSE = ISC
 LIBCURL_LICENSE_FILES = COPYING