* [Buildroot] [git commit branch/2022.05.x] package/libcurl: security bump to version 7.84.0
@ 2022-07-22 7:38 Peter Korsgaard
0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2022-07-22 7:38 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=fcd5e110cf286fa9ebd2a38c367a7d85cd25f945
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2022.05.x
Fixes the following security issues:
- CVE-2022-32205: Set-Cookie denial of service
https://curl.se/docs/CVE-2022-32205.html
- CVE-2022-32206: HTTP compression denial of service
https://curl.se/docs/CVE-2022-32206.html
- CVE-2022-32207: Unpreserved file permissions
https://curl.se/docs/CVE-2022-32207.html
- CVE-2022-32208: FTP-KRB bad message verification
https://curl.se/docs/CVE-2022-32208.html
Changelog: https://curl.se/changes.html
Upstream removed configure option --enable-hidden-symbols:
https://github.com/curl/curl/commit/0c2d3118aa2bc040411203d33ab6034067fd9d62
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: mark as security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b034109dd60a429690acf9c5501c6658c53eae13)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/libcurl/libcurl.hash | 4 ++--
package/libcurl/libcurl.mk | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash
index 8672380f09..672591e470 100644
--- a/package/libcurl/libcurl.hash
+++ b/package/libcurl/libcurl.hash
@@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
-# https://curl.se/download/curl-7.83.1.tar.xz.asc
+# https://curl.se/download/curl-7.84.0.tar.xz.asc
# signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
-sha256 2cb9c2356e7263a1272fd1435ef7cdebf2cd21400ec287b068396deb705c22c4 curl-7.83.1.tar.xz
+sha256 2d118b43f547bfe5bae806d8d47b4e596ea5b25a6c1f080aef49fbcd817c5db8 curl-7.84.0.tar.xz
sha256 321b1a09ebc30410f2e837c072e5521cf7095b757193af4a7dae1086e36ed31a COPYING
diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index 11f1e4de59..e241bd1c88 100644
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBCURL_VERSION = 7.83.1
+LIBCURL_VERSION = 7.84.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
LIBCURL_SITE = https://curl.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
@@ -23,7 +23,7 @@ LIBCURL_INSTALL_STAGING = YES
# Likewise, there is no compiler on the target, so libcurl-option (to
# generate C code) isn't very useful
LIBCURL_CONF_OPTS = --disable-manual --disable-ntlm-wb \
- --enable-hidden-symbols --with-random=/dev/urandom --disable-curldebug \
+ --with-random=/dev/urandom --disable-curldebug \
--disable-libcurl-option --disable-ldap --disable-ldaps
ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y)
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2022-07-22 7:42 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-22 7:38 [Buildroot] [git commit branch/2022.05.x] package/libcurl: security bump to version 7.84.0 Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.