This brings curl to version 7.43.0 and contains fixes for the following security vulnerabilities: CVE-2015-3236: lingering HTTP credentials in connection re-use http://curl.haxx.se/docs/adv_20150617A.html CVE-2015-3237: SMB send off unrelated memory contents http://curl.haxx.se/docs/adv_20150617B.html The 100-check_long_long patch is not needed any more, because the upstream autoconf script already checks for long long when cyassl is selected. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 46169master
parent
69a2459c66
commit
97b14fd700
@ -1,10 +0,0 @@ |
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -2885,6 +2885,7 @@ CURL_VERIFY_RUNTIMELIBS
|
||||
|
||||
AC_CHECK_SIZEOF(size_t)
|
||||
AC_CHECK_SIZEOF(long)
|
||||
+AC_CHECK_SIZEOF(long long)
|
||||
AC_CHECK_SIZEOF(int)
|
||||
AC_CHECK_SIZEOF(short)
|
||||
CURL_CONFIGURE_LONG
|
@ -1,11 +1,11 @@ |
||||
--- a/lib/vtls/polarssl.c
|
||||
+++ b/lib/vtls/polarssl.c
|
||||
@@ -591,7 +591,7 @@ void Curl_polarssl_session_free(void *pt
|
||||
@@ -592,7 +592,7 @@ void Curl_polarssl_session_free(void *pt
|
||||
|
||||
size_t Curl_polarssl_version(char *buffer, size_t size)
|
||||
{
|
||||
- unsigned int version = version_get_number();
|
||||
+ unsigned int version = POLARSSL_VERSION_NUMBER;
|
||||
return snprintf(buffer, size, "PolarSSL/%d.%d.%d", version>>24,
|
||||
(version>>16)&0xff, (version>>8)&0xff);
|
||||
}
|
||||
return snprintf(buffer, size, "%s/%d.%d.%d",
|
||||
version >= 0x01030A00?"mbedTLS":"PolarSSL",
|
||||
version>>24, (version>>16)&0xff, (version>>8)&0xff);
|
||||
|
Loading…
Reference in new issue