From bb3fc991ea84d5e9d37aad62a76487a8c3f071be Mon Sep 17 00:00:00 2001
From: thomas <kreitler@molgen.mpg.de>
Date: Fri, 24 May 2019 13:09:16 +0200
Subject: [PATCH] curl: disable some features

These features are removed since they have caused trouble
in the past (conflicting imports of libldap), or are
considered as unneeded.
- libbrotli, a rather new and uncommon compression lib
- lber/ldap, using curl for ldap access is rather exotic

The update also fixes two issues,
- Integer overflows in curl_url_set
- tftp: use the current blksize for recvfrom()

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436
---
 curl.be0 | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/curl.be0 b/curl.be0
index bc3f92eaf..ae0382491 100755
--- a/curl.be0
+++ b/curl.be0
@@ -55,9 +55,12 @@ SRCURL[0]="https://curl.haxx.se/download/curl-${PKGVERSION}.tar.bz2"
 #    bee_patch "${@}"
 #}
 
-#mee_configure() {
-#    bee_configure
-#}
+mee_configure() {
+    bee_configure \
+      --without-brotli \
+      --disable-lber \
+      --disable-ldap
+}
 
 mee_build() {
     bee_build