From 6aebc6b16b3e2e7058b8b5ab1ffa7f65920541ff Mon Sep 17 00:00:00 2001 From: Dirk Neukirchen Date: Thu, 19 May 2016 13:27:41 +0200 Subject: curl: update to 7.49 fixes: CVE-2016-3739: TLS certificate check bypass with mbedTLS/PolarSSL - remove crypto auth compile fix curl changelog of 7.46 states its fixed - fix mbedtls and cyassl usability #19621 : add path to certificate file (from Mozilla via curl) and provide this in a new package tested on ar71xx w. curl/mbedtls/wolfssl Signed-off-by: Dirk Neukirchen --- .../curl/patches/300-fix-disable-crypto-auth.patch | 25 ---------------------- 1 file changed, 25 deletions(-) delete mode 100644 package/network/utils/curl/patches/300-fix-disable-crypto-auth.patch (limited to 'package/network/utils/curl/patches/300-fix-disable-crypto-auth.patch') diff --git a/package/network/utils/curl/patches/300-fix-disable-crypto-auth.patch b/package/network/utils/curl/patches/300-fix-disable-crypto-auth.patch deleted file mode 100644 index 5c0a37e..0000000 --- a/package/network/utils/curl/patches/300-fix-disable-crypto-auth.patch +++ /dev/null @@ -1,25 +0,0 @@ ---- a/lib/curl_ntlm_msgs.c -+++ b/lib/curl_ntlm_msgs.c -@@ -573,7 +573,7 @@ CURLcode Curl_sasl_create_ntlm_type3_mes - else - #endif - --#if USE_NTRESPONSES && USE_NTLM2SESSION -+#if USE_NTRESPONSES && USE_NTLM2SESSION && !defined(CURL_DISABLE_CRYPTO_AUTH) - /* We don't support NTLM2 if we don't have USE_NTRESPONSES */ - if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) { - unsigned char ntbuffer[0x18]; ---- a/lib/vtls/vtls.c -+++ b/lib/vtls/vtls.c -@@ -921,9 +921,9 @@ CURLcode Curl_ssl_md5sum(unsigned char * - unsigned char *md5sum, /* output */ - size_t md5len) - { --#ifdef curlssl_md5sum -+#if defined(curlssl_md5sum) - curlssl_md5sum(tmp, tmplen, md5sum, md5len); --#else -+#elif !defined(CURL_DISABLE_CRYPTO_AUTH) - MD5_context *MD5pw; - - (void) md5len; -- cgit v1.1