[OE-core] [PATCH] curl: upgrade to 7.40

Maxin B. John maxin.john at enea.com
Fri Jan 16 13:27:22 UTC 2015 

Hi Sona,

On Fri, Jan 16, 2015 at 01:30:53PM +0100, Sona Sarmadi wrote:
> Maxin,
> 
> Is this related to (URL request injection CVE-2014-8150) http://curl.haxx.se/mail/archive-2015-01/0019.html?

curl 7.40 contains fix for below listed CVE bugs:
1. CVE-2014-8150
2. CVE-2014-8151

> If yes, wouldn't it be better to mention this (the CVE) in the commit message? 
Ok, good suggestion. I will update the commit message and resent the patch.
 
> //Sona

Best Regards,
Maxin

> -----Original Message-----
> From: openembedded-core-bounces at lists.openembedded.org [mailto:openembedded-core-bounces at lists.openembedded.org] On Behalf Of Maxin B. John
> Sent: den 9 januari 2015 13:07
> To: openembedded-core at lists.openembedded.org
> Cc: Maxin John
> Subject: [OE-core] [PATCH] curl: upgrade to 7.40
> 
> Bump to version 7.40
> 
> Signed-off-by: Maxin B. John <maxin.john at enea.com>
> ---
>  meta/recipes-support/curl/{curl_7.38.0.bb => curl_7.40.0.bb} | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)  rename meta/recipes-support/curl/{curl_7.38.0.bb => curl_7.40.0.bb} (93%)
> 
> diff --git a/meta/recipes-support/curl/curl_7.38.0.bb b/meta/recipes-support/curl/curl_7.40.0.bb
> similarity index 93%
> rename from meta/recipes-support/curl/curl_7.38.0.bb
> rename to meta/recipes-support/curl/curl_7.40.0.bb
> index 85bd3be..209ed94 100644
> --- a/meta/recipes-support/curl/curl_7.38.0.bb
> +++ b/meta/recipes-support/curl/curl_7.40.0.bb
> @@ -14,8 +14,8 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \  #  SRC_URI += " file://configure_ac.patch"
>  
> -SRC_URI[md5sum] = "af6b3c299bd891f43cb5f76c4091b7b4"
> -SRC_URI[sha256sum] = "035bd41e99aa1a4e64713f4cea5ccdf366ca8199e9be1b53d5a043d5165f9eba"
> +SRC_URI[md5sum] = "8d30594212e65657a5c32030f0998fa9"
> +SRC_URI[sha256sum] = "899109eb3900fa6b8a2f995df7f449964292776a04763e94fae640700f883fba"
>  
>  inherit autotools pkgconfig binconfig multilib_header
>  
> --
> 1.9.1
> 
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core

More information about the Openembedded-core mailing list