* [ptxdist] [PATCH] libcurl: Version bump. 7.82.0 -> 7.83.0
@ 2022-04-27 10:09 Christian Melki
2022-04-27 10:57 ` Alexander Dahl
0 siblings, 1 reply; 2+ messages in thread
From: Christian Melki @ 2022-04-27 10:09 UTC (permalink / raw)
To: ptxdist
The usual bunch of bugfixes. Curl is very active, as always.
https://curl.se/changes.html#7_83_0
Plugs vulnerabilities: CVE-2022-27776, CVE-2022-27775, CVE-2022-27774 and CVE-2022-22576.
All still in preliminary state @mitre as of writing.
For details about curl security, visit the security page:
https://curl.se/docs/security.html
* Builds without nss per default.
* msh3 is disabled by not selecting ngtcp2.
* lber is disabled by not selecting ldap.
Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
rules/libcurl.make | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/rules/libcurl.make b/rules/libcurl.make
index 3c99caa47..482aa77ab 100644
--- a/rules/libcurl.make
+++ b/rules/libcurl.make
@@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_LIBCURL) += libcurl
#
# Paths and names
#
-LIBCURL_VERSION := 7.82.0
-LIBCURL_MD5 := ce05eb61ef7c398feb7dbe23122d0bd9
+LIBCURL_VERSION := 7.83.0
+LIBCURL_MD5 := b7924acdea33dedc3150a044789ed0bb
LIBCURL := curl-$(LIBCURL_VERSION)
LIBCURL_SUFFIX := tar.xz
LIBCURL_URL := https://curl.haxx.se/download/$(LIBCURL).$(LIBCURL_SUFFIX)
--
2.32.0
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [ptxdist] [PATCH] libcurl: Version bump. 7.82.0 -> 7.83.0
2022-04-27 10:09 [ptxdist] [PATCH] libcurl: Version bump. 7.82.0 -> 7.83.0 Christian Melki
@ 2022-04-27 10:57 ` Alexander Dahl
0 siblings, 0 replies; 2+ messages in thread
From: Alexander Dahl @ 2022-04-27 10:57 UTC (permalink / raw)
To: Christian Melki; +Cc: ptxdist
Hello Christian,
Am Wed, Apr 27, 2022 at 12:09:19PM +0200 schrieb Christian Melki:
> The usual bunch of bugfixes. Curl is very active, as always.
> https://curl.se/changes.html#7_83_0
> Plugs vulnerabilities: CVE-2022-27776, CVE-2022-27775, CVE-2022-27774 and CVE-2022-22576.
> All still in preliminary state @mitre as of writing.
> For details about curl security, visit the security page:
> https://curl.se/docs/security.html
>
> * Builds without nss per default.
> * msh3 is disabled by not selecting ngtcp2.
There's a new option, why not pass --without-msh3 explicitly then?
> * lber is disabled by not selecting ldap.
No change to previous version, right?
>
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> ---
> rules/libcurl.make | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/rules/libcurl.make b/rules/libcurl.make
> index 3c99caa47..482aa77ab 100644
> --- a/rules/libcurl.make
> +++ b/rules/libcurl.make
> @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_LIBCURL) += libcurl
> #
> # Paths and names
> #
> -LIBCURL_VERSION := 7.82.0
> -LIBCURL_MD5 := ce05eb61ef7c398feb7dbe23122d0bd9
> +LIBCURL_VERSION := 7.83.0
> +LIBCURL_MD5 := b7924acdea33dedc3150a044789ed0bb
> LIBCURL := curl-$(LIBCURL_VERSION)
> LIBCURL_SUFFIX := tar.xz
> LIBCURL_URL := https://curl.haxx.se/download/$(LIBCURL).$(LIBCURL_SUFFIX)
Also missing is the switch for the new experimental headers api.
You could add --disable-headers-api to turn it off explicitly.
With --disable-headers-api and --without-msh3 added, builds fine with
OSELAS.Toolchain-2016.06.1/arm-v5te-linux-gnueabi here, no runtime
tests from my side.
Greets
Alex
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-04-27 10:58 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-27 10:09 [ptxdist] [PATCH] libcurl: Version bump. 7.82.0 -> 7.83.0 Christian Melki
2022-04-27 10:57 ` Alexander Dahl
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox