From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Wed, 26 Oct 2022 11:44:03 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1oncx9-002oIW-ND for lore@lore.pengutronix.de; Wed, 26 Oct 2022 11:44:03 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1oncx7-0000KH-MF; Wed, 26 Oct 2022 11:44:01 +0200 Received: from mail-vi1eur03on2078.outbound.protection.outlook.com ([40.107.103.78] helo=EUR03-VI1-obe.outbound.protection.outlook.com) by metis.ext.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oncwV-0000K7-Tj for ptxdist@pengutronix.de; Wed, 26 Oct 2022 11:43:24 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GxeOiLVWvB02s4RTtdJiWu02DJ2/4ZAC+dAMqMc5VL0LLQBXN7usUJVfwH1IGhjhrIUMkCH7eIOgos0yguE0HJJF06c54Emd1P76G9RvR702SvFHLkyE0RKEklbCZm7XxzbPQ+fHkPY7R6NBrE9CwOhBc25osNm8nkpd2rE7foYVEHff3DqiIF3BuqqFbmxRDwfqN54KAsioElqnAgRzSL2Z4g47sx/HKLWbabC1tWg2jco4OlZfBnznwcLorFglSeQPL32n3vyfQy4Xiv6dTg6HpQZJgSarT6w/KuuxR4LfNAfbeb13cTakIaqCSSwbaM303TJuGAVRcjaFcABmHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=cJJMWdISyHZaIE74IKwFSX+TQWTKrR1iELUT040tla4=; b=Nhxnxm3BaJwJ1ky1aecxG6eaRSt00RcsVDqNIl/Dg/vRzibkLpb6/r4SxYXpZnxUjPer38SCsjr4alLG0Yjb6PnGlT+U+D4VsfT+I+VE5bpiBDfAd9FE5PY2u45Xx0xBwXexaMM4MpbD9sUkPk2wkNfuVxkOuC4PSluAp/guvnYpzfrbqQO+4bDOj8NYVhhwZaxnYh1SQ+yr/ZAY8NZ0rJTudnQJ8+hGjDBpT7qOXyneIaA1zbdwtujOKcrZGTAAGgAjIKhCg6RK23hFMzkqfTNBjV/s4sdb6g4d08Kj454FzVm0fYyx6iR0JqRYCOnw9t1/o/ASz9xlb09xKJkWFQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cJJMWdISyHZaIE74IKwFSX+TQWTKrR1iELUT040tla4=; b=h3I7Je0LdjOr5ImtV5Ci2nkJK+sKCqa/05Exo3Azdi3a7qK+yAn4J//IoIdZE1/KC2jeTKQ9ue4U0H3vH1GuUSfCEfBOvq9B+JDY1J5QJ6qWxHa2IjD+98SYSrpwghcfj1zEB1iHR6oJthsZrL1fTbSmfSLvLGDGQJEuP04EvOY= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t2data.com; Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by PRAP251MB0732.EURP251.PROD.OUTLOOK.COM (2603:10a6:102:27a::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.28; Wed, 26 Oct 2022 09:43:20 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::e75a:4c4e:8faa:99ae]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::e75a:4c4e:8faa:99ae%7]) with mapi id 15.20.5746.021; Wed, 26 Oct 2022 09:43:20 +0000 From: Christian Melki To: ptxdist@pengutronix.de Date: Wed, 26 Oct 2022 11:43:09 +0200 Message-Id: <20221026094309.767626-1-christian.melki@t2data.com> X-Mailer: git-send-email 2.34.1 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: DUZPR01CA0067.eurprd01.prod.exchangelabs.com (2603:10a6:10:3c2::6) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9P251MB0618:EE_|PRAP251MB0732:EE_ X-MS-Office365-Filtering-Correlation-Id: eda60039-24ee-4195-35ba-08dab7368446 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 6pLvcycnnlDTyIw+2yIeRLi46COEfmAsmF5sSTc+6dsiYcawtqZq7BmlJqKX2/HAzMSS+80bOnoa2ySaV5dPHVteYh2xnNtRUCxzUqNLePio6RePt4Be65f0uAZVg8kyrz8HqeY80NPJvzkSCUC4Kh8IRVCF0ku+vd/AqzNjx3slU9ybsVhxLb7VswInJlRBkZKdT4UDw+XtQzc40rNnjIOeBKTW6oT2uYUgLBg5z9IcZcu/WqRsmelu49zdBKLxscc72VK3+fgqjcGUL8WqDB66aSOTydPOiT1PrpeEOO/QihhEdqZ/bYS0eQ8AFqFSlc+yGphTzLQ1zPs4vI4/ed3uDGkXkLwwy2fk76Qg8gkZIHRPUHVL3EXnV/Hm9qBfYtZVHHF1tbYqKyIy9c9fiJvyzPCCyEC1AX1BJuqc2r8TA1ODmhLeJCeb8fU7wNAq5HEvydOPB8WzHk+ei6d2H6IK4ipJNcPO8we6a3aQJKShpNt3xjV4lfls5azzjXamYjvxQ4tlsBuQjHicyMry0+TBf8dejGAPhy00nDhR6Eu/hECxA2+HKdjDHtIaW5JcvLr56BxOsY6CE/UGczD8/qQgrxEWjhYam8IFQIJFltN9ohVqHghWfQWoInhW6rMY7jAbYItP3Srj4i/k5FKn1OIrjDBXaGDYPMgdIevL68od0lj3uBME1TSelWd7Fq1zsrWTjSYEYjTzzaTx00BRTvg4SuJXZ9kKZPTNFRmp8N2gbhUj+KlE2oml2SuTk2qVuQvlywafAVjIg3rOHvUNIVvx2SelTp1e7Y6/GsCYPTk= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230022)(346002)(366004)(376002)(39830400003)(396003)(136003)(451199015)(316002)(52116002)(6666004)(6506007)(86362001)(8936002)(41300700001)(38100700002)(6916009)(5660300002)(44832011)(38350700002)(66556008)(66946007)(8676002)(66476007)(2906002)(478600001)(1076003)(36756003)(2616005)(6486002)(966005)(83380400001)(186003)(26005)(6512007); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?54PCDDVKVk4WIhutIVgqG2nQ+TvFah/L839a9V0VehXhTQoMGmrU37j9flEG?= =?us-ascii?Q?cD7sjVwoLqRkRzbct1QFrSZbZ5mTXg8P3E88tecA7ehAa+65KW/J+ekSS7jT?= =?us-ascii?Q?BqAZFk5nfGTOm5FIjc7S67GhlBSt+k7PH851y2lDTz2m81Jk9o/gUL23LWyR?= =?us-ascii?Q?mQQRgwrFGkVuiWH9TLtf/48znQyqCQ/JYGH5gXgwEcRjpW4Clde4D2wiedWY?= =?us-ascii?Q?E4VX0abEZ0zWTrPiXvn8OorvXwytQrUdXB5onlw6iRhNt3vRXaIqR6jLLxrA?= =?us-ascii?Q?254gGvzJKRdGYoW7s/++Dhf+8KNw65xkr4/79Mz1DNx3NbI1SbbuUJu9HT2M?= =?us-ascii?Q?/FLpI+uZ49KbGGWwgPZ+tl6hd38SnUj4zNoEbAYsOwIdIPwUOp59NDkIhfxE?= =?us-ascii?Q?SjEgQD5MugFWLM1XVjMBjwogZrh62MndjGtE4S1Cnw2eWl5TuIgXFc/tKExd?= =?us-ascii?Q?rCqy8dFWZFIYWISDeDgeDjoWSpNB2vW3tM7d2RhR8G4FEeuaQFa7fqaOm5dV?= =?us-ascii?Q?boQRB7EBkVOcSsTwAgR2USr7b5OlLHOahmUvVRzyrbGsfBQ7u8eFpjKvC1LR?= =?us-ascii?Q?It2/6vBGvD4HqZ5COzVvOhpHAOB1Ne/OiP+cYCVtr6KvP7zqhInvt7Fh/MH/?= =?us-ascii?Q?DOdTsBOa8Duq+T1l5DncnVKD7kTdqAXrJPIKbCxCVAS/sm6TFpqdjHxU18H1?= =?us-ascii?Q?/bUMTXT4oKbgSFRDl+vAfDotDRS4YHAnN07ABpcEZqEfA0+x0z4vYex59FK6?= =?us-ascii?Q?ITe9kXj7JVVKYSNxclXUbrIk7z2MFBMxctQvv+ACrzYa3dM9U9pftOCHAkcI?= =?us-ascii?Q?Aahyj70Tna/6BNKbcjNHTnS7De8MrBA9nLquBamZrWBZCoQoWGjsUSCFeXtf?= =?us-ascii?Q?ief2AtY1vzmBjusRca5MGNthkk5xWiLKKRWKKZrtkI2RdQ11L8vLDux6Lt+b?= =?us-ascii?Q?23ax+ZTTelX49I6jYpmyluqxWAEHrIJsP5O9fAnV34M+PpGpHDbQ5JWjgTPw?= =?us-ascii?Q?D0HphzvJA/KpQUOHZE2SqV4TaOteLyykUi7igckr0QJsDedgIDQhbeTlSsqw?= =?us-ascii?Q?D1mhZM12iQGgk/56XYStREm+fmiDxCIpsCzi6WIImQ+xIwCk8EzbWe/XQv0B?= =?us-ascii?Q?Ej8RUMcjxhn3OxN3hPyx6vLSJjft3qXucrd+o7Kl+GQK8IW9WjPnP1nhCT7X?= =?us-ascii?Q?m7UdEhsz70ChaVqUvjTGY8+VV0cc3uwFJ3mH6Siiipj5CFgrtzNcuBod24dC?= =?us-ascii?Q?X4SoXtEJK/VuKJlKlz+q6xa9L8tV2fB6bstvkZM67+YNINxzWeOa20CPrdrq?= =?us-ascii?Q?eCrIpIPg80Lq4DeiRgau4Ls9J7yYjM8ixs3bW4RXG65aVRcMm2P3H8NGG8Py?= =?us-ascii?Q?bN3G/PW2UvrSK1vHKxE2m7sbOKBgf+rDJuTfRwosZJar2qYeSNy4U4BOv10O?= =?us-ascii?Q?6jOygNl8TxSINHrnU7E1HcV0IpnsjCRVRJB3HX1R5/dX1lmQdkssQa3LuFsr?= =?us-ascii?Q?q0JaKM4ZO2jvpPCKRIGm2LrjM1qogJcO5t/LkPA6isQEIYP9hKrziCnYlIsZ?= =?us-ascii?Q?16M5hKdQUURbVERha+VV2p4FZ5fJqCAd7eXhITFoRYhZxe5VkeXzZO0Hj5Wr?= =?us-ascii?Q?qg=3D=3D?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: eda60039-24ee-4195-35ba-08dab7368446 X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Oct 2022 09:43:20.3375 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 5BHd0QHJidC1dmWlL0Nyw8PeL7N0m0Cj7f13NppMFZMCdXi0QNT3MS5MJD12g9LCmqdzpe5OGkfInLLbxqzd7epzX+BtjpYcgk40WS1/mn8= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PRAP251MB0732 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.ext.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Subject: [ptxdist] [PATCH] libcurl: Version bump. 7.85.0 -> 7.86.0 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false Usual churn of new options and fixes. https://curl.se/changes.html#7_86_0 Notable changes is the addition of the websockets API. https://curl.se/docs/security.html This release plugs CVEs: CVE-2022-42916: HSTS bypass via IDN CVE-2022-42915: HTTP proxy double-free CVE-2022-35260: .netrc parser out-of-bounds access CVE-2022-32221: POST following PUT confusion * Explicitly disable the websockets API for now. Signed-off-by: Christian Melki --- rules/libcurl.make | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/rules/libcurl.make b/rules/libcurl.make index 4097462c5..c4f528f69 100644 --- a/rules/libcurl.make +++ b/rules/libcurl.make @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_LIBCURL) += libcurl # # Paths and names # -LIBCURL_VERSION := 7.85.0 -LIBCURL_MD5 := 131f76c84016c45806b902330a74164f +LIBCURL_VERSION := 7.86.0 +LIBCURL_MD5 := 19a2165f37941a6f412afc924e750568 LIBCURL := curl-$(LIBCURL_VERSION) LIBCURL_SUFFIX := tar.xz LIBCURL_URL := https://curl.se/download/$(LIBCURL).$(LIBCURL_SUFFIX) @@ -90,6 +90,7 @@ LIBCURL_CONF_OPT := \ --enable-get-easy-options \ --disable-alt-svc \ --enable-hsts \ + --disable-websockets \ --without-schannel \ --without-secure-transport \ --without-amissl \ -- 2.34.1