From 6aebc6b16b3e2e7058b8b5ab1ffa7f65920541ff Mon Sep 17 00:00:00 2001
From: Dirk Neukirchen <dirkneukirchen@web.de>
Date: Thu, 19 May 2016 13:27:41 +0200
Subject: curl: update to 7.49

fixes:
 CVE-2016-3739: TLS certificate check bypass with mbedTLS/PolarSSL

- remove crypto auth compile fix
curl changelog of 7.46 states its fixed

- fix mbedtls and cyassl usability #19621 :
add path to certificate file (from Mozilla via curl) and
provide this in a new package

tested on ar71xx w. curl/mbedtls/wolfssl

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
---
 .../curl/patches/300-fix-disable-crypto-auth.patch | 25 ----------------------
 1 file changed, 25 deletions(-)
 delete mode 100644 package/network/utils/curl/patches/300-fix-disable-crypto-auth.patch

(limited to 'package/network/utils/curl/patches/300-fix-disable-crypto-auth.patch')

diff --git a/package/network/utils/curl/patches/300-fix-disable-crypto-auth.patch b/package/network/utils/curl/patches/300-fix-disable-crypto-auth.patch
deleted file mode 100644
index 5c0a37e..0000000
--- a/package/network/utils/curl/patches/300-fix-disable-crypto-auth.patch
+++ /dev/null
@@ -1,25 +0,0 @@
---- a/lib/curl_ntlm_msgs.c
-+++ b/lib/curl_ntlm_msgs.c
-@@ -573,7 +573,7 @@ CURLcode Curl_sasl_create_ntlm_type3_mes
-   else
- #endif
- 
--#if USE_NTRESPONSES && USE_NTLM2SESSION
-+#if USE_NTRESPONSES && USE_NTLM2SESSION && !defined(CURL_DISABLE_CRYPTO_AUTH)
-   /* We don't support NTLM2 if we don't have USE_NTRESPONSES */
-   if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) {
-     unsigned char ntbuffer[0x18];
---- a/lib/vtls/vtls.c
-+++ b/lib/vtls/vtls.c
-@@ -921,9 +921,9 @@ CURLcode Curl_ssl_md5sum(unsigned char *
-                          unsigned char *md5sum, /* output */
-                          size_t md5len)
- {
--#ifdef curlssl_md5sum
-+#if defined(curlssl_md5sum)
-   curlssl_md5sum(tmp, tmplen, md5sum, md5len);
--#else
-+#elif !defined(CURL_DISABLE_CRYPTO_AUTH)
-   MD5_context *MD5pw;
- 
-   (void) md5len;
-- 
cgit v1.1