Daniel Stenberg [Thu, 19 Dec 2019 08:56:40 +0000 (14:26 +0530)]
disconnect: separate connections and easy handles better
Do not assume/store assocation between a given easy handle and the
connection if it can be avoided.
Long-term, the 'conn->data' pointer should probably be removed as it is a
little too error-prone. Still used very widely though.
Backported patch details:
https://github.com/curl/curl/pull/3400/commits/
fb445a1e18d12f577964c9347bc5bca74b37cd08
Change-Id: I18aa2cb7097b8598c90ddf8c8c68a9fecd86e295
Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
Niraj Kumar Goit [Fri, 13 Dec 2019 13:47:06 +0000 (19:17 +0530)]
Revert "ares: remove fd from multi fd set when ares is about to close the fd"
ares: remove fd from multi fd set when ares is about to close the fd
8dfb92873af9de5d883e191e0097be32c78a7d0f
Change-Id: Ic6ce203ae3609a539f70c5ae4cb1d4b3812ae80d
Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
Seonah Moon [Thu, 12 Dec 2019 04:26:58 +0000 (13:26 +0900)]
Change HAPPY_EYEBALLS_DNS_TIMEOUT to 1 sec for TV profile
Change-Id: I8f29a511322905036005cf8df13640518c6be7bc
Seonah Moon [Thu, 12 Dec 2019 02:18:13 +0000 (11:18 +0900)]
Apply the Happy Eyeballs philosophy to parallel c-ares queries
Change-Id: Ic067a067b2562a1b2b4f978f32f20b269abd0886
Niraj Kumar Goit [Mon, 2 Dec 2019 15:13:52 +0000 (20:43 +0530)]
curl_multi_remove_handle() don't block terminating c-ares requests
Added Curl_resolver_kill() for all three resolver modes, which only
blocks when necessary, along with test 1592 to confirm
curl_multi_remove_handle() doesn't block unless it must.
Backported patch details:
https://github.com/curl/curl/commit/
84a30d0a419ad95c53cbdfc76eb2eb75d2e51835
Change-Id: I40917dbf8262249250942c9dcb71a31e6cf0df90
Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
Niraj Kumar Goit [Mon, 2 Dec 2019 10:04:23 +0000 (15:34 +0530)]
ares: remove fd from multi fd set when ares is about to close the fd
When using c-ares for asyn dns, the dns socket fd was silently closed
by c-ares without curl being aware. curl would then 'realize' the fd
has been removed at next call of Curl_resolver_getsock, and only then
notify the CURLMOPT_SOCKETFUNCTION to remove fd from its poll set with
CURL_POLL_REMOVE. At this point the fd is already closed.
By using ares socket state callback (ARES_OPT_SOCK_STATE_CB), this
patch allows curl to be notified that the fd is not longer needed
for neither for write nor read. At this point by calling
Curl_multi_closed we are able to notify multi with CURL_POLL_REMOVE
before the fd is actually closed by ares.
In asyn-ares.c Curl_resolver_duphandle we can't use ares_dup anymore
since it does not allow passing a different sock_state_cb_data
Backported patch details:
https://github.com/curl/curl/commit/
6765e6d9e6a32bb4fc666d744cb57e2d55d4e13b
Change-Id: I62b2d244cb0f38a4c4a76ad804c7fd69f9222484
Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
Seonah Moon [Wed, 30 Oct 2019 02:34:31 +0000 (11:34 +0900)]
Curl_fillreadbuffer: avoid double-free trailer buf on error
Backported Patch link:
https://github.com/curl/curl/pull/4307
Change-Id: I5b695b661cf946b74e065d1a65697e74d7ef8af6
Seonah Moon [Tue, 8 Oct 2019 06:29:30 +0000 (15:29 +0900)]
Revert "Use openssl-1.1"
This reverts commit
6b333876d2db240bd01e0dcec950b2d12dc8eae5.
Change-Id: Ia687599375fb2953e9df43f7195877726c5ffa29
Seonah Moon [Tue, 24 Sep 2019 06:25:37 +0000 (15:25 +0900)]
http2: Stop drain from being permanently set on
Various functions called within Curl_http2_done() can have the
side-effect of setting the Easy connection into drain mode (by calling
drain_this()). However, the last time we unset this for a transfer (by
calling drained_transfer()) is at the beginning of Curl_http2_done().
If the Curl_easy is reused for another transfer, it is then stuck in
drain mode permanently, which in practice makes it unable to write any
data in the new transfer.
This fix moves the last call to drained_transfer() to later in
Curl_http2_done(), after the functions that could potentially call for a
drain.
Fixes #3966
Reported-by: Josie-H
Change-Id: I83ee02bf9017c9aa3d27d50580a0f89b8ec1d05d
Daniel Stenberg [Tue, 3 Sep 2019 20:59:32 +0000 (22:59 +0200)]
security:read_data fix bad realloc()
... that could end up a double-free
CVE-2019-5481
Bug: https://curl.haxx.se/docs/CVE-2019-5481.html
Change-Id: I4eab9aceba3ad01607eb4f302200e9f949ea4312
Seonah Moon [Thu, 19 Sep 2019 04:56:58 +0000 (13:56 +0900)]
ftp: Alloc maximum blksize, and use default unless OACK is received
Fixes potential buffer overflow from 'recvfrom()', should the server
return an OACK without blksize.
Bug: https://curl.haxx.se/docs/CVE-2019-5482.html
CVE-2019-5482
Change-Id: I6c63f958f4b49aa214ea4adb55c8f85a4b1606cc
Daniel Stenberg [Fri, 3 May 2019 20:20:37 +0000 (22:20 +0200)]
tftp: use the current blksize for recvfrom()
bug: https://curl.haxx.se/docs/CVE-2019-5436.html
Reported-by: l00p3r on hackerone
CVE-2019-5436
link: https://github.com/curl/curl/commit/2576003415625d7b5f0e390902f8097830b82275.patch
Change-Id: Ic6093d1d475ed9ba87e41cff315befdc3aca9c1d
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
Jaehyun Kim [Wed, 24 Jul 2019 06:56:29 +0000 (06:56 +0000)]
Merge "curl_easy_perform: fix timeout handling" into tizen_base
Daniel Stenberg [Sat, 24 Nov 2018 22:20:19 +0000 (23:20 +0100)]
curl_easy_perform: fix timeout handling
curl_multi_wait() was erroneously used from within
curl_easy_perform(). It could lead to it believing there was no socket
to wait for and then instead sleep for a while instead of monitoring the
socket and then miss acting on that activity as swiftly as it should
(causing an up to 1000 ms delay).
Reported-by: Antoni Villalonga
Fixes #3305
Clodes #3306
Backported patch details:
https://github.com/curl/curl/commit/
d04cef9ce1d710902d90b62de01115b9bbe958bf.patch
Change-Id: I08d95e996dd9bab5d9fd7c7fe581fdb40c8a0de8
Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
Seonah Moon [Tue, 23 Jul 2019 08:51:14 +0000 (17:51 +0900)]
CURL_MAX_INPUT_LENGTH: largest acceptable string input size
This limits all accepted input strings passed to libcurl to be less than
CURL_MAX_INPUT_LENGTH (
8000000) bytes, for these API calls:
curl_easy_setopt() and curl_url_set().
The
8000000 number is arbitrary picked and is meant to detect mistakes
or abuse, not to limit actual practical use cases. By limiting the
acceptable string lengths we also reduce the risk of integer overflows
all over.
NOTE: This does not apply to `CURLOPT_POSTFIELDS`.
Test 1559 verifies.
ClosesThis commit closes pull request #3805. #3805
CVE-2019-5435
Change-Id: I0a6d76769e1471352a477a8b1160672757a2de54
cheoleun moon [Thu, 9 May 2019 09:21:00 +0000 (09:21 +0000)]
Merge "Use openssl-1.1" into tizen_base
Seonah Moon [Thu, 9 May 2019 02:27:13 +0000 (11:27 +0900)]
link missed library for DLP
Change-Id: I77ab3d84ffae5851d9a81a8f834dfce08b34bf6f
Seonah Moon [Thu, 9 May 2019 04:26:42 +0000 (13:26 +0900)]
Revert "link missed library for DLP"
This reverts commit
14bcc6b79f4f26ee7821f1809961bddc3a1ae63d.
Change-Id: I2fe882d909e8a4d0669ad4a5a63a856ebd0b6d53
Seonah Moon [Thu, 9 May 2019 02:27:13 +0000 (11:27 +0900)]
link missed library for DLP
Change-Id: If9719a2c13e7d2f37ed1d53b81f070fbfd5bc022
Cheoleun Moon [Tue, 7 May 2019 08:46:36 +0000 (17:46 +0900)]
Use openssl-1.1
Change-Id: I152d19a11c8bd12e63c3e573bba73668262099e8
Signed-off-by: Cheoleun Moon <chleun.moon@samsung.com>
Nishant Chaprana [Sat, 9 Mar 2019 06:51:06 +0000 (12:21 +0530)]
NTLM: fix size check condition for type2 received data
Bug: https://curl.haxx.se/docs/CVE-2018-16890.html
Reported-by: Wenxiang Qian
CVE-2018-16890
Backported patch details:-
Link: https://github.com/curl/curl/commit/b780b30d1377adb10bbe774835f49e9b237fb9bb.patch
Change-Id: I15fc8002280680a7cf194dd02a5d7751cc7dbc71
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
Nishant Chaprana [Sat, 9 Mar 2019 06:45:26 +0000 (12:15 +0530)]
ntlm: fix *_type3_message size check to avoid buffer overflow
Bug: https://curl.haxx.se/docs/CVE-2019-3822.html
Reported-by: Wenxiang Qian
CVE-2019-3822
Backported patch details:-
Link: https://github.com/curl/curl/commit/50c9484278c63b958655a717844f0721263939cc.patch
Change-Id: I40a37af26b81a4cefe4a26f19697e7a73b17eaf6
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
Nishant Chaprana [Sat, 9 Mar 2019 06:41:38 +0000 (12:11 +0530)]
smtp: avoid risk of buffer overflow in strtol
If the incoming len 5, but the buffer does not have a termination
after 5 bytes, the strtol() call may keep reading through the line
buffer until is exceeds its boundary. Fix by ensuring that we are
using a bounded read with a temporary buffer on the stack.
Bug: https://curl.haxx.se/docs/CVE-2019-3823.html
Reported-by: Brian Carpenter (Geeknik Labs)
CVE-2019-3823
Backported patch details:-
Link: https://github.com/curl/curl/commit/39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484.patch
Change-Id: Ie00a759a464e51ded79d2288844053740db055b4
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
cheoleun moon [Tue, 4 Dec 2018 04:39:52 +0000 (04:39 +0000)]
Merge "Force to use getifaddrs() to get interface addresses" into tizen_base
Seonah Moon [Tue, 20 Nov 2018 08:08:13 +0000 (17:08 +0900)]
Force to use getifaddrs() to get interface addresses
Change-Id: I19edb6f0066af959de76d86e75eabfee29ea5c00
Seonah Moon [Thu, 8 Nov 2018 05:10:19 +0000 (14:10 +0900)]
Merge tag 'upstream/7.62.0' into tizen_base
Change-Id: I9fd8d310e211fdeb3b0e60097b6bd81fb8e78e9b
Seonah Moon [Thu, 8 Nov 2018 05:02:01 +0000 (14:02 +0900)]
Imported Upstream version 7.62.0
Change-Id: Ie916d8e445e0cc69e112cee470744a96a9c84799
Seonah Moon [Wed, 19 Sep 2018 04:09:40 +0000 (13:09 +0900)]
Set dns timeout and tries for TV
Change-Id: Id46d468d2dcf15ec39dabf45f5edf077a260f6f7
Seonah Moon [Mon, 17 Sep 2018 06:39:17 +0000 (15:39 +0900)]
Add cipher selection for TV
ipv6 option will be enabled next commit
Change-Id: Ie0e32617cf8140b6267b82548bc9b531de2f09d5
Seonah Moon [Fri, 14 Sep 2018 02:46:56 +0000 (11:46 +0900)]
Enable IPv6 for TV
Change-Id: I409747255d59b5e67716b606ce8c377b652fe72c
Seonah Moon [Fri, 14 Sep 2018 02:45:12 +0000 (11:45 +0900)]
Revert "Enable IPv6 for TV"
This reverts commit
5ca14f8d2be7326d956b3aa61f45102c472b0392.
Seonah Moon [Fri, 14 Sep 2018 02:34:24 +0000 (11:34 +0900)]
Enable IPv6 for TV
Change-Id: I53d34c6604be5cc01583f1b148c8fb4ad9db83e9
Seonah Moon [Mon, 2 Jul 2018 05:04:50 +0000 (14:04 +0900)]
pingpong: fix response cache memcpy overflow
Response data for a handle with a large buffer might be cached and then
used with the "closure" handle when it has a smaller buffer and then the
larger cache will be copied and overflow the new smaller heap based
buffer.
Reported-by: Dario Weisser
CVE: CVE-2018-
1000300
Bug: https://curl.haxx.se/docs/adv_2018-82c2.htm
Change-Id: I02d35b9494356aaec1ca1f8eab0353a58c849e11
Seonah Moon [Mon, 2 Jul 2018 04:54:24 +0000 (13:54 +0900)]
... leaving the k->str could lead to buffer over-reads later on.
CVE: CVE-2018-
1000301
Assisted-by: Max Dymond
Detected by OSS-Fuzz.
Bug: https://curl.haxx.se/docs/adv_2018-b138.html
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7105
Change-Id: I0bd3b891aef2bf08fdb485d135e695c2eeab86a7
chleun.moon [Fri, 27 Apr 2018 02:54:50 +0000 (11:54 +0900)]
Modify macro for tv profile
Change-Id: Idb324c07ce007d1949f790c75cf703ff269e342f
Signed-off-by: Cheoleun Moon <chleun.moon@samsung.com>
Seonah Moon [Wed, 18 Apr 2018 07:52:58 +0000 (16:52 +0900)]
Apply DLP feature
Change-Id: I5d53e6655bb57364d5008a1beab388b7ba53be66
Seonah Moon [Wed, 16 Aug 2017 09:21:40 +0000 (18:21 +0900)]
Use icu library for IDN feature
Change-Id: I13eaf3ca85d8b516dbc091acae9646e705a75f5e
Seonah Moon [Fri, 20 Apr 2018 06:42:40 +0000 (15:42 +0900)]
Update version to 7.59.0
Change-Id: I6be132aa9b0e2b3be821aae3cdac292525a7aa09
Seonah Moon [Thu, 12 Apr 2018 07:25:13 +0000 (16:25 +0900)]
Imported Upstream version 7.59.0
Change-Id: I06221d49da39082f95030ab57617a1e23fbda58b
Seonah Moon [Thu, 25 Jan 2018 05:47:22 +0000 (14:47 +0900)]
Disable the IDN feature temporary
This feature will be enabled after resolving build dependency issue
Change-Id: I6b7d8292015adbe5b488210176cf19c085b0aaf1
taesub kim [Wed, 24 Jan 2018 04:54:47 +0000 (04:54 +0000)]
Merge "Use icu library for IDN feature" into tizen
taesub kim [Wed, 24 Jan 2018 04:48:31 +0000 (04:48 +0000)]
Merge "Use icu library for IDN feature" into tizen
Seonah Moon [Wed, 16 Aug 2017 09:21:40 +0000 (18:21 +0900)]
Use icu library for IDN feature
Change-Id: Ie0cae521c7eacfcd788a32b90adc20ba19ec66da
Abhishek Sansanwal [Mon, 22 Jan 2018 09:27:02 +0000 (14:57 +0530)]
Added hardening compiler flags in the spec file.
Description: Enabled stack protector, relro, PIE,
fortify source and other flags
Change-Id: I2e569da65cec7120f8ed250a06808f5efb408eb9
Signed-off-by: Abhishek Sansanwal <abhishek.s94@samsung.com>
tizen [Wed, 1 Nov 2017 18:08:44 +0000 (16:08 -0200)]
Fix dlclose issue when calling DLP feature
Change-Id: Id84c9f70c250b3798b4c2b730a45f817b5341c2a
Signed-off-by: tizen <s.moraes@samsung.com>
jungkon.kim [Thu, 19 Oct 2017 09:36:59 +0000 (18:36 +0900)]
fix the handle_leak (Svace 302948 and 302613)
Change-Id: Id67c2f7b034ead0a74db4b652a4065dac8e8b4d9
tizen [Wed, 18 Oct 2017 17:08:53 +0000 (15:08 -0200)]
Adding integration with DLP feature from privacy-guard
Change-Id: I2959feebaecfc6acbd87ab483a4f017d48b65de1
Signed-off-by: tizen <s.moraes@samsung.com>
taesub kim [Tue, 17 Oct 2017 05:59:17 +0000 (05:59 +0000)]
Revert "Integration w/ DLP feature from privacy-guard"
This reverts commit
a6b689d7dfbfaab9138d32e148b08bf51b175703.
Change-Id: I7d32406cd7f4368e8ee60e3ad8b068c3d2d86c84
Saulo Moraes [Tue, 12 Sep 2017 21:08:31 +0000 (18:08 -0300)]
Integration w/ DLP feature from privacy-guard
Change-Id: I5ccf039d400dfd5ba0d7bcab7e75bc82aef5b6e8
Seonah Moon [Wed, 16 Aug 2017 09:21:40 +0000 (18:21 +0900)]
Use icu library for IDN feature
Change-Id: I4c00d1921e5ee15f3572af5e5a060049e7815a14
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Wed, 9 Aug 2017 08:19:56 +0000 (17:19 +0900)]
Apply ASLR to curl command tool
Change-Id: Iffcece4c6629c0521545a1e841fe1858687befad
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Tue, 1 Aug 2017 06:57:10 +0000 (15:57 +0900)]
Fixed build error
Change-Id: Ib87d1e5101f430bfdde69d8f1afaddbfefc6c61b
Seonah Moon [Fri, 21 Jul 2017 07:24:55 +0000 (16:24 +0900)]
Remove unnecessary configure file
Change-Id: I84ad19bc5aa63967edc68c7797d524823a962b23
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Fri, 21 Jul 2017 06:54:13 +0000 (15:54 +0900)]
Add glib2 dependency to support IDN
Change-Id: Ie330340da408b1cf57fca5c30c0f7dac88d85eb7
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Daniel Stenberg [Tue, 6 Jun 2017 22:21:04 +0000 (00:21 +0200)]
[CVE-2017-9502] url: fix buffer overwrite with file protocol
https://github.com/curl/curl/issues/1540
Change-Id: Ic0c511886a16d0655e416882ee9719d1ac120be6
Jay Satiro [Wed, 22 Mar 2017 05:59:49 +0000 (01:59 -0400)]
[CVE-2017-7468] TLS: Fix switching off SSL session id when client cert is used
- Move the sessionid flag to ssl_primary_config so that ssl and
proxy_ssl will each have their own sessionid flag.
Regression since HTTPS-Proxy support was added in
cb4e2be. Prior to that
this issue had been fixed in
247d890, CVE-2016-5419.
https://github.com/curl/curl/issues/1341
Change-Id: I3e6e176dafc6e6f103e5d9c077835f620783a3b1
Seonah Moon [Mon, 19 Jun 2017 01:15:46 +0000 (10:15 +0900)]
[CVE-2017-7407] --write-out out of buffer read
https://curl.haxx.se/docs/adv_20170403.html
Change-Id: I3cc866289e8929b52d31914f2f3164e18a2e1b5d
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
taesub kim [Fri, 9 Jun 2017 01:40:59 +0000 (01:40 +0000)]
Revert "Add dependency of nghttp2-devel"
This reverts commit
129a8fb222e334176769a51ab28cdc0923af4ece.
Change-Id: Icc2a618a477fec16c28256a2ea36dd8a10fe114c
Seonah Moon [Thu, 8 Jun 2017 06:15:47 +0000 (15:15 +0900)]
Add dependency of nghttp2-devel
Change-Id: Ib78ccd11318ed885fd19f3b809c1b47c94167b4f
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Tue, 28 Mar 2017 10:07:37 +0000 (19:07 +0900)]
Used %license macro
Change-Id: Ia5c38d98ea11d1e457014f7210913261a59f5b43
Seonah Moon [Thu, 23 Mar 2017 08:02:09 +0000 (17:02 +0900)]
Update version to 7.53.1
Change-Id: I1833883d4e258c60fb93020688eb7e3ff3e2eb47
taesub kim [Thu, 23 Mar 2017 07:45:32 +0000 (16:45 +0900)]
Imported Upstream version 7.53.1
Change-Id: Id0454e17b6cb083c803c5497d34964dd8fa0dbc6
taesub kim [Thu, 23 Mar 2017 07:38:33 +0000 (00:38 -0700)]
Revert "Imported Upstream version 7.53.1"
This reverts commit
e9bdad71c8277e20607fa1eaf0027d53a0dc1f37.
Change-Id: I4a4edd3ce2207a6f13162aaaf92467a7c1dffd72
taesub kim [Thu, 23 Mar 2017 07:35:59 +0000 (00:35 -0700)]
Revert "Changed the path of license by using '%license' macro"
This reverts commit
3487493aece049d88444f96dee3a2d3f4fdfbb9c.
Change-Id: I1e29fb50e16c45d649779de96404adbc184f1f5e
Seonah Moon [Wed, 22 Mar 2017 05:43:30 +0000 (14:43 +0900)]
Changed the path of license by using '%license' macro
Change-Id: I685efdeb2ab23b18d7935a95e42690d723db632c
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
taesub kim [Wed, 22 Mar 2017 05:21:38 +0000 (14:21 +0900)]
Imported Upstream version 7.53.1
Change-Id: I575eb99bf2face4938a57889412327e285116bf3
Daniel Stenberg [Tue, 7 Mar 2017 07:08:55 +0000 (08:08 +0100)]
ares: Curl_resolver_wait_resolv: clear *entry first in function
Change-Id: Ia55a6ca41ba2c75fedd114fcfb8aef8ddb968e4e
Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
Daniel Stenberg [Mon, 6 Mar 2017 21:45:10 +0000 (22:45 +0100)]
ares: better error return on timeouts
Assisted-by: Ray Satiro
Bug: https://curl.haxx.se/mail/lib-2017-03/0009.html
Change-Id: I7779aa144996b539d7a706b776cee09eebae6dcb
Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
Daniel Stenberg [Mon, 6 Mar 2017 08:21:01 +0000 (09:21 +0100)]
ares: return error at once if timed out before name resolve starts
Pointed-out-by: Ray Satiro
Bug: https://curl.haxx.se/mail/lib-2017-03/0004.html
Change-Id: I7c38e9dc6f386001692fa3b02f5bba00b59f4f45
Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
Seonah Moon [Thu, 29 Dec 2016 10:18:45 +0000 (19:18 +0900)]
[P161227-02691, P161220-01444] Force ongoing connections to close in close_all_connections()
Bug: https://curl.haxx.se/mail/lib-2016-10/0011.html
Bug: https://curl.haxx.se/mail/lib-2016-10/0059.html
Change-Id: I6e015569958cc0da3bd9b03f17d4b32d475ebd0e
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Thu, 24 Nov 2016 08:27:17 +0000 (17:27 +0900)]
Remove dependency with ca-certificates
Change-Id: Ic4b50ae08734463d9d1a37f86ec60a8f2459e818
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Tue, 22 Nov 2016 07:53:24 +0000 (16:53 +0900)]
[CVE-2016-7167] curl escape and unescape integer overflows
Change-Id: Iffbaa7823c992cd93b8961ce69e7f6ac3f903e36
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Mon, 14 Nov 2016 06:50:11 +0000 (15:50 +0900)]
Add default CA bundle
Change-Id: Icc8dd83f8ab59cb18e6d9d6a7f732c6d1ba7cfa4
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Thu, 1 Oct 2015 04:27:10 +0000 (13:27 +0900)]
Add default cipher list for TV
Change-Id: Ibe293221f37388b85aed58ec40793baac2cccd14
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Tue, 4 Oct 2016 07:35:59 +0000 (16:35 +0900)]
openssl: fix bad memory free (regression)
The allocation could be made by OpenSSL so the free must be made with OPENSSL_free() to avoid problems.
(https://github.com/curl/curl/issues/1005)
Change-Id: I07527924fe20ed859cbd5d7ade356410c64d71c7
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Fri, 23 Sep 2016 05:12:16 +0000 (14:12 +0900)]
Update to 7.50.2
Change-Id: I1c5ba709c310e2c1735c12102e48f71d3413146b
Seonah Moon [Fri, 23 Sep 2016 04:49:53 +0000 (13:49 +0900)]
Imported Upstream version 7.50.2
Change-Id: I91c6040940a21b2bebab9d6cab11d50767b7bac4
Seonah Moon [Fri, 26 Aug 2016 05:29:23 +0000 (14:29 +0900)]
Change build macro for Tizen TV
This macro is ignored on build.tizen.org
It's only for Tizen TV build system
Change-Id: I0aa69505ddcfc1973d864f260d2b5e3f2fd87a3d
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Thu, 1 Oct 2015 04:27:10 +0000 (13:27 +0900)]
Add default cipher list for TV
Change-Id: I91579c36473a9619d00990c5897831006d89670f
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Wed, 22 Jun 2016 05:43:54 +0000 (14:43 +0900)]
[CVE-2016-4802] Windows DLL hijacking
Change-Id: I52bc7cb34ac493c20588876294d59039af03cbe1
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Wed, 22 Jun 2016 05:23:07 +0000 (14:23 +0900)]
[CVE-2016-3739] TLS certificate check bypass with mbedTLS/PolarSSL
Change-Id: I76d120f5c9e696ecd402a2099b94759cc22a51e2
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Tue, 26 Apr 2016 05:52:32 +0000 (14:52 +0900)]
Merge branch 'upstream' into tizen
Upgrade version 7.48.0
Change-Id: Ibb643307cb5add844a733bb23cb6051bc0fdb100
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
taesubkim [Mon, 25 Apr 2016 01:21:23 +0000 (10:21 +0900)]
Imported Upstream version 7.48.0
Change-Id: Ibca5368d95ef0b73c945bb0df8b7ef9fc3e3bd82
Signed-off-by: Taesub Kim <taesub.kim@samsung.com>
seonah moon [Mon, 11 Apr 2016 11:05:33 +0000 (04:05 -0700)]
Revert "Imported Upstream version 7.44.0"
This reverts commit
8a08705db260779441360e959b97b6c172f8acb0.
Change-Id: Ie319aab9015869b714a03b8aa890a67ccbc9233e
seonah moon [Thu, 7 Apr 2016 06:59:58 +0000 (23:59 -0700)]
Revert "Update to 7.44.0"
This reverts commit
2bc9d6bb53df44a0c5174767de734620c2cdfd9e.
Change-Id: I831001a99b6ad80dc062c84b3877208e1b40b80a
Seonah Moon [Thu, 7 Apr 2016 04:35:45 +0000 (13:35 +0900)]
Update to 7.44.0
Change-Id: I5b1e06765d1fe3c75597ff7db9831228ea0cad05
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Seonah Moon [Thu, 7 Apr 2016 02:41:57 +0000 (11:41 +0900)]
Imported Upstream version 7.44.0
Change-Id: I04e7fac0b620653ff8c174e87039756e98c4fb02
seonah moon [Thu, 7 Apr 2016 02:31:17 +0000 (19:31 -0700)]
Revert "Imported Upstream version 7.44.0"
This reverts commit
31368b6eac8092a307849518e912b4c475c0238a.
Change-Id: I3428294b4931a00ba9684528d3ffb326f92ed4e8
Seonah Moon [Thu, 7 Apr 2016 01:07:19 +0000 (10:07 +0900)]
Imported Upstream version 7.44.0
Change-Id: Iacb2e604edff0cb8e7687289419ad1908a7a9de6
Seonah Moon [Wed, 9 Dec 2015 00:58:55 +0000 (09:58 +0900)]
Replace 'tizen_profile_name' to 'profile' for Tizen 3.0
Change-Id: I92101758608b72134f28d38fc11d01c527d2f05e
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
taesub.kim [Mon, 16 Nov 2015 10:07:08 +0000 (19:07 +0900)]
Upgrade upstream version to 7.40.0
Change-Id: I60df9f32924246f842db1056534bb707e77b431e
taesub.kim [Mon, 16 Nov 2015 08:28:24 +0000 (17:28 +0900)]
Imported Upstream version 7.40.0
Change-Id: I744943f451cb7db8f796a53f10dd6f57c297287d
taesub.kim [Mon, 16 Nov 2015 08:23:25 +0000 (17:23 +0900)]
Base code merged to SPIN 2.4
Change-Id: I345fdf6d033fc695d6f3f3ea0c55e7c8b542e348
taesub kim [Wed, 11 Nov 2015 05:34:24 +0000 (21:34 -0800)]
Revert "Update to 7.40.1"
This reverts commit
32de14ae0782822e9c54c3fbb28cdefc1f4de969.
Change-Id: I955d8a59ce444eac32b74264d98272297ac51b9b
Seonah Moon [Mon, 9 Nov 2015 06:25:57 +0000 (15:25 +0900)]
Update to 7.40.1
Change-Id: I91d61adf7c97502bbc4370c6b095bbe39aa6cb60
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
Kévin THIERRY [Thu, 30 Oct 2014 15:26:04 +0000 (16:26 +0100)]
Bump to version 7.37.1
Use upstream git instead of pristin-tar.
Also use "%__make" and "%make_install" rpm macros.
Bug-Tizen: TC-1807
Change-Id: If52b5604533d6e03826eae8ce35c01184cf208ab
Signed-off-by: Kévin THIERRY <kevin.thierry@open.eurogiciel.org>
Patrick McCarty [Wed, 4 Sep 2013 17:59:11 +0000 (10:59 -0700)]
Packaging cleanups
- Fix whitespace
- Package license for libcurl
- Fix RPM group tags
- Add the upstream URL
Change-Id: I101c1d0272da282dced66d439058d84ead13bd39
Patrick McCarty [Wed, 4 Sep 2013 17:45:38 +0000 (10:45 -0700)]
Update to 7.32.0
This update addresses the following CVEs:
- CVE-2011-2192
- CVE-2012-0036
- CVE-2013-1944
Change-Id: I58ed3c3561cbb670fb49ffc43a5e6b3be7c1a829
Alexandru Cornea [Fri, 28 Jun 2013 20:18:53 +0000 (23:18 +0300)]
resetting manifest requested domain to floor
Change-Id: Ib4fd617379bc46744c4a951b8232fabe30e7e4c1
Anas Nashif [Sat, 16 Feb 2013 06:37:24 +0000 (22:37 -0800)]
Add baselibs
Change-Id: I147e3da210e065be06ee455dd91c6d7548ed7492
projects / platform / upstream / curl.git / log