From: Thomas Petazzoni via buildroot <buildroot@buildroot.org>
To: Baruch Siach via buildroot <buildroot@buildroot.org>
Cc: buildroot@busybox.net, Matt Weber <matthew.weber@collins.com>
Subject: Re: [Buildroot] [PATCH] libcurl: security bump to version 7.86.0
Date: Fri, 28 Oct 2022 08:45:25 +0200 [thread overview]
Message-ID: <20221028084525.2cb0b2a0@windsurf> (raw)
In-Reply-To: <0021c4e4fdf0d97591acc6e0bde64c34b46997ad.1666867037.git.baruch@tkos.co.il>
On Thu, 27 Oct 2022 13:37:17 +0300
Baruch Siach via buildroot <buildroot@buildroot.org> wrote:
> Version 7.85.0 fixes CVE-2022-35252: When curl retrieves and parses
> cookies from an HTTP(S) server, it accepts cookies using control codes
> (byte values below 32). When cookies that contain such control codes are
> later sent back to an HTTP(S) server, it might make the server return a
> 400 response. Effectively allowing a "sister site" to deny service to
> siblings.
>
> Drop upstream patches and autoreconf.
>
> Cc: Matt Weber <matthew.weber@collins.com>
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> ---
> ...de-sched-h-if-available-to-fix-build.patch | 30 --------
> ...for-the-stdatomic.h-header-in-config.patch | 70 -------------------
> package/libcurl/libcurl.hash | 2 +-
> package/libcurl/libcurl.mk | 4 +-
> 4 files changed, 2 insertions(+), 104 deletions(-)
> delete mode 100644 package/libcurl/0001-easy_lock-h-include-sched-h-if-available-to-fix-build.patch
> delete mode 100644 package/libcurl/0002-configure-check-for-the-stdatomic.h-header-in-config.patch
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2022-10-28 6:45 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-27 10:37 [Buildroot] [PATCH] libcurl: security bump to version 7.86.0 Baruch Siach via buildroot
2022-10-28 6:45 ` Thomas Petazzoni via buildroot [this message]
2022-11-08 19:49 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221028084525.2cb0b2a0@windsurf \
--to=buildroot@buildroot.org \
--cc=buildroot@busybox.net \
--cc=matthew.weber@collins.com \
--cc=thomas.petazzoni@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.