All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/libcurl: security bump to version 7.78.0
@ 2021-07-26  5:52 Bernd Kuhls
  2021-07-26  6:54 ` Baruch Siach
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Bernd Kuhls @ 2021-07-26  5:52 UTC (permalink / raw)
  To: buildroot; +Cc: Matt Weber

Fixes CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925 &
CVE-2021-22926: https://curl.se/news.html

Changelog: https://curl.se/changes.html

Removed patch which is included in upstream release.
Switched _SITE to curl.se.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
 ...ncorrect-const-on-variable-that-is-m.patch | 32 -------------------
 package/libcurl/Config.in                     |  2 +-
 package/libcurl/libcurl.hash                  |  4 +--
 package/libcurl/libcurl.mk                    |  6 ++--
 4 files changed, 6 insertions(+), 38 deletions(-)
 delete mode 100644 package/libcurl/0001-bearssl-remove-incorrect-const-on-variable-that-is-m.patch

diff --git a/package/libcurl/0001-bearssl-remove-incorrect-const-on-variable-that-is-m.patch b/package/libcurl/0001-bearssl-remove-incorrect-const-on-variable-that-is-m.patch
deleted file mode 100644
index b88791fa45..0000000000
--- a/package/libcurl/0001-bearssl-remove-incorrect-const-on-variable-that-is-m.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From a03ea6223950002eba8b1ef0df3133c62f387d6b Mon Sep 17 00:00:00 2001
-From: Michael Forney <mforney@mforney.org>
-Date: Tue, 25 May 2021 23:42:07 -0700
-Subject: [PATCH] bearssl: remove incorrect const on variable that is modified
-
-hostname may be set to NULL later on in this function if it is an
-IP address.
-
-Closes #7133
-
-[peter@korsgaard.com: backported from upstream]
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- lib/vtls/bearssl.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/vtls/bearssl.c b/lib/vtls/bearssl.c
-index 7f729713d..40a5e7879 100644
---- a/lib/vtls/bearssl.c
-+++ b/lib/vtls/bearssl.c
-@@ -300,7 +300,7 @@ static CURLcode bearssl_connect_step1(struct Curl_easy *data,
-   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
-   struct ssl_backend_data *backend = connssl->backend;
-   const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
--  const char * const hostname = SSL_HOST_NAME();
-+  const char *hostname = SSL_HOST_NAME();
-   const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
-   const bool verifyhost = SSL_CONN_CONFIG(verifyhost);
-   CURLcode ret;
--- 
-2.20.1
-
diff --git a/package/libcurl/Config.in b/package/libcurl/Config.in
index 466f9ee3a1..afe6c7b9e7 100644
--- a/package/libcurl/Config.in
+++ b/package/libcurl/Config.in
@@ -5,7 +5,7 @@ config BR2_PACKAGE_LIBCURL
 	  Telnet, and Dict servers, using any of the supported
 	  protocols.
 
-	  http://curl.haxx.se/
+	  https://curl.se/
 
 if BR2_PACKAGE_LIBCURL
 
diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash
index 183321588f..5e5776d1e3 100644
--- a/package/libcurl/libcurl.hash
+++ b/package/libcurl/libcurl.hash
@@ -1,5 +1,5 @@
 # Locally calculated after checking pgp signature
-# https://curl.haxx.se/download/curl-7.77.0.tar.xz.asc
+# https://curl.se/download/curl-7.78.0.tar.xz.asc
 # signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
-sha256  0f64582c54282f31c0de9f0a1a596b182776bd4df9a4c4a2a41bbeb54f62594b  curl-7.77.0.tar.xz
+sha256  be42766d5664a739c3974ee3dfbbcbe978a4ccb1fe628bb1d9b59ac79e445fb5  curl-7.78.0.tar.xz
 sha256  6fd1a1c008b5ef4c4741dd188c3f8af6944c14c25afa881eb064f98fb98358e7  COPYING
diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index 53ff9836c1..4e3c6d4523 100644
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -4,9 +4,9 @@
 #
 ################################################################################
 
-LIBCURL_VERSION = 7.77.0
+LIBCURL_VERSION = 7.78.0
 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
-LIBCURL_SITE = https://curl.haxx.se/download
+LIBCURL_SITE = https://curl.se/download
 LIBCURL_DEPENDENCIES = host-pkgconf \
 	$(if $(BR2_PACKAGE_ZLIB),zlib) \
 	$(if $(BR2_PACKAGE_RTMPDUMP),rtmpdump)
@@ -19,7 +19,7 @@ LIBCURL_INSTALL_STAGING = YES
 # We disable NTLM support because it uses fork(), which doesn't work
 # on non-MMU platforms. Moreover, this authentication method is
 # probably almost never used. See
-# http://curl.haxx.se/docs/manpage.html#--ntlm.
+# http://curl.se/docs/manpage.html#--ntlm.
 # Likewise, there is no compiler on the target, so libcurl-option (to
 # generate C code) isn't very useful
 LIBCURL_CONF_OPTS = --disable-manual --disable-ntlm-wb \
-- 
2.30.2

_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libcurl: security bump to version 7.78.0
  2021-07-26  5:52 [Buildroot] [PATCH 1/1] package/libcurl: security bump to version 7.78.0 Bernd Kuhls
@ 2021-07-26  6:54 ` Baruch Siach
  2021-07-26 21:12 ` Thomas Petazzoni
  2021-08-05 20:20 ` Peter Korsgaard
  2 siblings, 0 replies; 4+ messages in thread
From: Baruch Siach @ 2021-07-26  6:54 UTC (permalink / raw)
  To: Bernd Kuhls; +Cc: Matt Weber, buildroot

Hi Bernd,

On Mon, Jul 26 2021, Bernd Kuhls wrote:
> Fixes CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925 &
> CVE-2021-22926: https://curl.se/news.html
>
> Changelog: https://curl.se/changes.html
>
> Removed patch which is included in upstream release.
> Switched _SITE to curl.se.
>
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>

Acked-by: Baruch Siach <baruch@tkos.co.il>

Thanks,
baruch

-- 
                                                     ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libcurl: security bump to version 7.78.0
  2021-07-26  5:52 [Buildroot] [PATCH 1/1] package/libcurl: security bump to version 7.78.0 Bernd Kuhls
  2021-07-26  6:54 ` Baruch Siach
@ 2021-07-26 21:12 ` Thomas Petazzoni
  2021-08-05 20:20 ` Peter Korsgaard
  2 siblings, 0 replies; 4+ messages in thread
From: Thomas Petazzoni @ 2021-07-26 21:12 UTC (permalink / raw)
  To: Bernd Kuhls; +Cc: Matt Weber, buildroot

On Mon, 26 Jul 2021 07:52:13 +0200
Bernd Kuhls <bernd.kuhls@t-online.de> wrote:

> Fixes CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925 &
> CVE-2021-22926: https://curl.se/news.html
> 
> Changelog: https://curl.se/changes.html
> 
> Removed patch which is included in upstream release.
> Switched _SITE to curl.se.
> 
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
> ---
>  ...ncorrect-const-on-variable-that-is-m.patch | 32 -------------------
>  package/libcurl/Config.in                     |  2 +-
>  package/libcurl/libcurl.hash                  |  4 +--
>  package/libcurl/libcurl.mk                    |  6 ++--
>  4 files changed, 6 insertions(+), 38 deletions(-)
>  delete mode 100644 package/libcurl/0001-bearssl-remove-incorrect-const-on-variable-that-is-m.patch

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libcurl: security bump to version 7.78.0
  2021-07-26  5:52 [Buildroot] [PATCH 1/1] package/libcurl: security bump to version 7.78.0 Bernd Kuhls
  2021-07-26  6:54 ` Baruch Siach
  2021-07-26 21:12 ` Thomas Petazzoni
@ 2021-08-05 20:20 ` Peter Korsgaard
  2 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2021-08-05 20:20 UTC (permalink / raw)
  To: Bernd Kuhls; +Cc: Matt Weber, buildroot

>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:

 > Fixes CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925 &
 > CVE-2021-22926: https://curl.se/news.html

 > Changelog: https://curl.se/changes.html

 > Removed patch which is included in upstream release.
 > Switched _SITE to curl.se.

 > Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>

Committed to 2021.02.x and 2021.05.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-08-05 20:21 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-26  5:52 [Buildroot] [PATCH 1/1] package/libcurl: security bump to version 7.78.0 Bernd Kuhls
2021-07-26  6:54 ` Baruch Siach
2021-07-26 21:12 ` Thomas Petazzoni
2021-08-05 20:20 ` Peter Korsgaard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.