curl: backport fix for CVE-2019-15601
authorPetr Štetiar <ynezz@true.cz>
Fri, 1 May 2020 08:12:11 +0000 (10:12 +0200)
committerPetr Štetiar <ynezz@true.cz>
Fri, 1 May 2020 09:12:31 +0000 (11:12 +0200)
commit55591e63bcb21e9bd2327f9a2bc0fd55f14734d6
tree7331c679a96bdea92ea0843a00fcaabe0adceba7
parent35ea808b97e062eb0deb8dda5a05e95e612de34c
curl: backport fix for CVE-2019-15601

On Windows, refuse paths that start with \\ ... as that might cause an
unexpected SMB connection to a given host name.

Ref: PR#2730
Ref: https://curl.haxx.se/docs/CVE-2019-15601.html
Suggested-by: Jerome Benoit <jerome.benoit@sap.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
package/network/utils/curl/Makefile
package/network/utils/curl/patches/100-file-on-Windows-refuse-paths-that-start-with.patch [new file with mode: 0644]