From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 13 May 2022 10:43:40 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1npQtg-00Bmzz-R0 for lore@lore.pengutronix.de; Fri, 13 May 2022 10:43:40 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1npQtg-00088b-96; Fri, 13 May 2022 10:43:40 +0200 Received: from mail-eopbgr70083.outbound.protection.outlook.com ([40.107.7.83] helo=EUR04-HE1-obe.outbound.protection.outlook.com) by metis.ext.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1npQtK-00088N-OR; Fri, 13 May 2022 10:43:19 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iR7hxEeDJKUnmvqQD3rLAvnu9dicnIYw5dJi9uC4cfLh3lwHjiZWOb8SWGy0Su9rA1s9jXNUgizixUr31YxrSABMv1KEVXFos0EFP3nmAJOsaC9o4Ov0xP2Eho0PHa8DWDX9VnqywMALwy/VhsJq3H4gvpm019sFjuwVb16TFNtFhbTmFZM7UYiR+5Vwzhx8IGBtAuv914VN4J4mYZuC8X6GzLks0N7W/ORqJ+3vZ6/0I+S4fxs0Igt35Smo2VE0DuYIlOuBYoHCbOF6FUtTZpSpsSYtBwQg+uWaF3JJ+fbtW4WfkGrDV7poU3t6lsZsVVtHsmxAdhVCGWvTMt5eBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HdF1iof/AS2+2N95DvQuJPo1AxHsy7Pd8D9nkeiuVgY=; b=T/8n1x0G8ZOlcHab98JPBr6QQtbANhbvfhWGN4IMPd1KDbg+ZkiEdi2fOdqqnONX0FxTutzuuQP1TRoPVKBIA6je9QPIYgghjH9iDCClslbPe1XIZgq+y6y1gCtom8roA/5hFlG18UvEyZKMBHiBweqKtBpmM/wbaDEiyEb+b7w7RXRt8fauM3CfuZRgb7JkX30lza3X8UqvoFd+xlqx+c6NTCy3dTJ0j7xfphuyvjtlLNXb1HOGhUJT03ph4kYAu7OBsIoY8rHpBc+oEaIWyRpR1G91FUuD4PJ/9Zb9RMctt1SqB5o/XKCMCuVIsGyGR2ctxUR/UxGVWBfC3b/JkQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HdF1iof/AS2+2N95DvQuJPo1AxHsy7Pd8D9nkeiuVgY=; b=f7hlfcLIaaBT1U+4CciVdmQKVCcG7KuKD+nPWZbCSQJkfvuZRpQ/CIeyiKkqGeLlIPq7nE2JdiGkYfk88V29SC4OITtD1urN87/h72lPn8u5SMRta3SonOlywiw9J21eIGMccMN1PNL9cgGjsfrYvLv1B43Canzt9G61nFVkpFI= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t2data.com; Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by GV1P251MB0857.EURP251.PROD.OUTLOOK.COM (2603:10a6:150:8f::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5250.14; Fri, 13 May 2022 08:43:15 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::1d7f:19a9:18f9:57af]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::1d7f:19a9:18f9:57af%8]) with mapi id 15.20.5250.014; Fri, 13 May 2022 08:43:15 +0000 Message-ID: <00d91654-31ce-1991-3292-88029a6edcca@t2data.com> Date: Fri, 13 May 2022 10:42:51 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.1 Content-Language: en-US To: Michael Olbrich References: <20220511072028.1152041-1-christian.melki@t2data.com> From: Christian Melki In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-ClientProxiedBy: GV3P280CA0065.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:a::23) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 47a523ef-6fc4-46e8-4e54-08da34bc9ed8 X-MS-TrafficTypeDiagnostic: GV1P251MB0857:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: NvZPHFQvtVlFte1RE1OiVAnf+nKenV7JqOFPm7l1SDQgHAVxIBz5vulQ0zQMoQ8nZw27tGgXQuMZ34DZuZYXExJdUU38Ay1Dee9MFoE1IEGq72QfDwFYi2+qJPY6WyLUrhl0EPsvJrrDSpiGShKknoKEH0mweLDK6up7BcDznsDWkRDwvLkO6QYwpUzEmGXb7FPldOIG3HzpTYdX83uQX8T+9xbE8YdFiKYztstYlvHbK5euy1WDp5HyskUqVX4hDFBvO8tY1ieS5gKfEcsJlhg7zQTTzbfP8+dgMf8vpjqQXBCBgt3GmF7LWis0JkuKt9QZI0AhywYNkghEfF7RdzDBqc7ONAjxx+QgzZYBofTfi1QlZbe4r6OzBgkT+CixGdOOeQV7zTXkLfSFYPTLFUld/WdT9we6LgZ7Vdal4L8eQBMGypvEr/e8kpWkA/+T+kKjeIncPIG+7zd58eJta2CfbfI7YFbpR7N4FxBbdy0CzRTL19iK4vksp/ACED+FcJvpQySYddcQ/0f9jxIUTr8z5K2f2nOVX8oH19zddltIieh9+/QV7eaUwAC8eaaEb6KgW9W7gglY7YtHBJiBiYn1Z1w2MqmkOq4rTLMeMAyQ90+3aU2Z9jXpJI/qbgrhnoZUMHxcbG2mmOO04+K4t8pncOtsqMU4olapssNEDCOeoU9gF6xbo1JnVCFbpZ3dyv/Nayl2pF0ZWv8DLGDiUq0pKMPu5qUQx/Y9X64hKOtk9wiRZZVxTEozhWRZq56oURWJf1tVOQLzXdSaUkWMN4IBPxlRygYFivXHBlS8lNXReWyPYGWfxVt1OGDw3bAZm3T4YVjQXFh69W4ZFtEr1T0t5gIu9J+nUvcmkQBPj8Y= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(376002)(136003)(346002)(396003)(366004)(39830400003)(316002)(186003)(36756003)(2906002)(31686004)(8936002)(44832011)(83380400001)(5660300002)(2616005)(966005)(66476007)(53546011)(8676002)(66556008)(450100002)(4326008)(6486002)(508600001)(6506007)(66946007)(6512007)(6666004)(26005)(31696002)(86362001)(38350700002)(38100700002)(6916009)(52116002)(45980500001)(43740500002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?bmRXemp0aThRSXcvb3FuaExmbGJNSXVvczZ1VGJ6Ymc5VzdqY1BHRXRQMkVS?= =?utf-8?B?c09NZFl5VjhjekxOeUNPV0FUZGNnc3BhWm56R2krRXFoaUJlZWcwaGoya1Yy?= =?utf-8?B?dURqd0NsK2tJdnk0dE5Bdkx4aEVGYlkyL0lvV24vSVhWOGoxMFgrTXd6Q0Rw?= =?utf-8?B?QmFvaUJNL2Y2dVdQMmJpS2hEZjBzMjRSZTNMcll1Z3BqL2l4WFBuNmRSSGJi?= =?utf-8?B?dm9yQnRkWXp5M0ZpcCtkRmFncnk4MDBtVVVaaFNmb3htM1hLaHNvcnUwd1Qz?= =?utf-8?B?bFVSRmIyeFpGRU1KY2pJbEpFSHFQM09NT05ad1pWVktLOVVsTUd4Y2YvUTRl?= =?utf-8?B?a0ZRTUw4SFp6N3M4R1VGOGhCd2VZc1JiQ3JBUVZBM2xncHBROEN0VjA5bk5n?= =?utf-8?B?Zmt0a3Y2ZTFENDNHRm5HQmNXenpSZ1FuM2s1dElydWJlZ2haNzg1dDkxNzBS?= =?utf-8?B?WHZoU3BMVURmdnA4RjJQUERRZzdrSDRjWG8rZTYxM1JScHNxK0d2TXNXMERT?= =?utf-8?B?RklzTHF0UDdqcjFOOWk5MEQrd1RkQ2x5elMvLzMwclYwY2dFTktvQW5aeC9q?= =?utf-8?B?aDcySVhxUUdDYVlYQjA3Z3dlQ1hsL1ZIeExERFRJWHJXLzB0bU1lWDVwN3F5?= =?utf-8?B?Nm1VT0ZJMFRFL1o0TkpXSXdMcFd3SXZHSE5OczlHeDFsc2UrU0N6SEsxaUxL?= =?utf-8?B?T1pET3NyeVQ1eDl0WGNLaWFoQjRuOXQ4MC9PbmU4NVo3ekorMU1hZkZBTk8x?= =?utf-8?B?UEY2ajZxY1BreCtnemF3SXdwVWlaVk9VWDJId3JidE5uU3RMTnZBUG9Kcmhi?= =?utf-8?B?dXF5ZE83OU9NVlFHc2h2d2ZOSnNPNDJZaTR0M3NDSHhNaVhMandYT0lINXlQ?= =?utf-8?B?RXlmdDhacjFkdUJmSmRjOGliL3U4K0lWcHlEdlpJSmtZQ09rekY4dWVOaHFM?= =?utf-8?B?d3lJbGVoYnpXKzV5SldiUmx2YTFmQTI4UmU1anRIU041ZFFhQktWTW0zak1a?= =?utf-8?B?bDRRZ3Y1S0Nta3htcEFWSWtvVjRENEFlYXlqUGZ1YjNHSnpBSVkxQkJVSXdZ?= =?utf-8?B?WHIvNVR4Q2luUFFQL05Lc05sNlh3Q2o5NjlaOTFwRFVwekFtL2k2aG9nSUh5?= =?utf-8?B?YW83ay94T1RsMjVSbGtQWU5FRURsdEdteEswT3BtRFZ2dVNzUzJrcXA1VERN?= =?utf-8?B?aWRQdWZqTkNJRWNIakJLSitJL2tSdWNUNDFzU2NXQWR0WE1WN29ETkRjNWta?= =?utf-8?B?NEpMVmdocS95QUZRbVdTK3VLcHZQU2ZDci9ubEc5YnZaQU1xa3NZczBaSFNp?= =?utf-8?B?TkN1Zkc2aU1rMkxJblNZQ1VXR0NCZU4yS3RtVjBRd0hEL0gvRzJOYmFpczBw?= =?utf-8?B?a25UUWFQSGg2cHBNQndBU0hVZUN3NWVBS3NjbFR1Sm13dTljUU40TmxXWnZR?= =?utf-8?B?L2thYXpTK3N0Y0ZoTGJteDdKTmVYb0p6ZHJFQTNBRmQzTkk2dlpZamFnUW1F?= =?utf-8?B?NUkyOWFVTUg0VFBtM3puTDEybmg1dHJDS1I2blFJYjdUekxHcXlDWVZtVklV?= =?utf-8?B?ZlJGS2FnQXY0bHNHTS9RUDhCTXp5NW5DUHR1eXJHWTV6YmJNN1RQZWx1SVVB?= =?utf-8?B?ejFpbC80MW1XY0I4QXJVZm1qNzlFVE9JcGpSTlNiL21VZzBNYlQycjZDSXFF?= =?utf-8?B?Q3MxTkprSXNXQXg2MW5zeVFYdDRmd2FmekV3aVNBaHFvUlNSUDBFazcySjYw?= =?utf-8?B?clFBK1NQNUd5RnpjRkFKcmtENXFnT0JRSTI5ZnJlL0dMOWdWeFZDa0RCQTF5?= =?utf-8?B?Y3R5QWFubjdhbVAvb3hlUG9VUHJNTUgwRjRZVWNLR3U4M0JvVC94bVZFQVBk?= =?utf-8?B?RWpkby9Db0hKS3h3N3JYSVdNQlBQZjNJWmxMTlRrQXB0bjY1dHRSZ0pmWnVl?= =?utf-8?B?WmlIQUx4QzI5eHhOTUtWR2F6cEZaejY2Wi9VOG1qTGl5eU8yZ3RkU1JlblEw?= =?utf-8?B?RWlEZXp0YWFiMFcxTTlHMC9NQ2hVSDFRenRrYi9TbVBqM0k1OUQ3UUN0dWV1?= =?utf-8?B?SmRTalhLWWZuWVpXVmIzTmkzYjZpNGk2UjBob2tEUGlVUXFiWDB4QStGZ0l3?= =?utf-8?B?M21ZbkQ2a3dUNEMyb2E5TjV5K0hPTkJyRzVsYWI5cW5LRTFGcHB6TzdTT3hY?= =?utf-8?B?MkVVdlVtaEpRUDZXSFJiSFBDUWczR3VBWkpLNnowWUQ5aitSME1DSlNJdWFR?= =?utf-8?B?MU01YVJIazVPWGxaV3dvalNOSUFvbnRXSzJJT1dyS1c1c0JhQ0E5RUhmZVFN?= =?utf-8?B?TXVKT2tKYUF5eHZWNjgwTVRBb0pMTjNBdndmMVNZK1ZiUGRFSjNpREtsQWJt?= =?utf-8?Q?k+MzkL2//A6X5Tvk=3D?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: 47a523ef-6fc4-46e8-4e54-08da34bc9ed8 X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 May 2022 08:43:15.1536 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wmpDrXj7cyAX7bSxjgSGtxMPpjDiT9ouPC4nklLB42g0y1i6fcVksrZeAvGeD/+PH16jUU8pU7n9DvCr5x+B0+egPAiXZNeNAUYXxXsUm6c= X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV1P251MB0857 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.ext.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-3.5 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Subject: Re: [ptxdist] [PATCH] libcurl: Version bump. 7.83.0 -> 7.83.1 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false My bad. It needs to be removed. Included in the release. Daniel added it: https://github.com/curl/curl/commit/d7b970e46ba29a7e558e21d19f485977ffed6266 /Christian On 5/13/22 10:35 AM, Michael Olbrich wrote: > On Wed, May 11, 2022 at 09:20:28AM +0200, Christian Melki wrote: >> Usual churn of fixes. >> Curl is seeing an accelerated CVE ticketing. >> Probably due to a functioning bug bounty program. >> https://hackerone.com/curl?type=team >> With 30 reports in the last 90 days. >> So probably expect more CVEs in the near future. >> >> Changelog: https://curl.se/changes.html >> Security: https://curl.se/docs/security.html >> >> Plugs CVEs: CVE-2022-30115, CVE-2022-27782, CVE-2022-27781, >> CVE-2022-27780, CVE-2022-27779, CVE-2022-27778 > > The old version has a patch. It's from upstream, but I'm not sure if it got > applied to the bugfix release. > > Michael > >> Signed-off-by: Christian Melki >> --- >> rules/libcurl.make | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/rules/libcurl.make b/rules/libcurl.make >> index 3840b2abd..8faa948bf 100644 >> --- a/rules/libcurl.make >> +++ b/rules/libcurl.make >> @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_LIBCURL) += libcurl >> # >> # Paths and names >> # >> -LIBCURL_VERSION := 7.83.0 >> -LIBCURL_MD5 := b7924acdea33dedc3150a044789ed0bb >> +LIBCURL_VERSION := 7.83.1 >> +LIBCURL_MD5 := 08c6d9c25d9cf8d17be28363753e42ca >> LIBCURL := curl-$(LIBCURL_VERSION) >> LIBCURL_SUFFIX := tar.xz >> LIBCURL_URL := https://curl.haxx.se/download/$(LIBCURL).$(LIBCURL_SUFFIX) >> -- >> 2.34.1 >> >> >> >