From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Thu, 18 May 2023 20:35:55 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1pziTk-005pHM-Kr for lore@lore.pengutronix.de; Thu, 18 May 2023 20:35:55 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1pziTi-0006Bc-5G; Thu, 18 May 2023 20:35:54 +0200 Received: from mail-he1eur04on2073.outbound.protection.outlook.com ([40.107.7.73] helo=EUR04-HE1-obe.outbound.protection.outlook.com) by metis.ext.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pziTP-0006Ay-7r for ptxdist@pengutronix.de; Thu, 18 May 2023 20:35:37 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FKxVcIX2Hb5BoNyjo0jzR3G0j4qXlJ22Eoj0NDFW0fvlQIMGlQGxTOw7o7OTIkzbM/NzOXwk9QTKulQUIJrjweiHryPjODkmx+HW/k3uGN9QFhxLyR/s5dERo1OQuR66SCE7pMOykz6Rh5fpMmX98kcK/CSXw66jIQ/T2bjVSsrfRtPmlVXBdYUvW5+opMz/hokrdJ3VpfHDoCg/H0UW5FJSqL92u+VMXYb3oxCdotQT8o3wVen75Pj0yMUOHP3wDoKfX7uQwXYuJiyUErpI/zuDF6SxfWPGwASNJV+23oHlCO3KVzrtwESZlWxptLFOdU9CvNRDP13d+pIqOwTrhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=URAQVuMwgm8M3OcJCJTQrp1EmJZhE42IFGlUomlS6qU=; b=igtXwR+7wKNxiu8294J7ORU0HyCIbWiqh8ri8xrB/ZKBPfwrfS1mvgB6M+3pduwTuapo7KgcFcuAYFWDehqB1mhgSYHdpwz7AwI9pkv3Bth+vHORMG7A7Z5VZwlGRY1aeiCghq9nLPnPBokogM3fpwVpxfiWhLHvs+WzQ8kunikN8ugUxFbgBkD11KtgYjQn75RqLYLKMjEUVIIas6N/xoDccZtbB55XT/sY30xLv6ZVrFKt91hlW3EolsMyPX086l03hCXyp3/p4WrJ2Ys3HqcjfYyNmH+IvAkZkNK294at96ugat5dsa9j0CRdOFySENOjF/Bs5bdNxQYPXH+FHg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=URAQVuMwgm8M3OcJCJTQrp1EmJZhE42IFGlUomlS6qU=; b=jTnJggbIEQaFkQiYeKhx41z1Gh5X+10wxvTBXtqN5AayBIJoKjVa9L9gl0Fpq9+sMSwbVVveEMzsEQ1opUY2gHAnzadNwqwXf3h7yCiwtvS7rNwPZLTOVYVKb+D+pPGSoSdXRWAAH/upjVKp++mFJf3emwvXpnw3XZP5CdYqFks= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t2data.com; Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by AS4P251MB0712.EURP251.PROD.OUTLOOK.COM (2603:10a6:20b:4bd::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.19; Thu, 18 May 2023 18:35:32 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::8870:34db:67db:6e1f]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::8870:34db:67db:6e1f%7]) with mapi id 15.20.6387.034; Thu, 18 May 2023 18:35:32 +0000 From: Christian Melki To: ptxdist@pengutronix.de Date: Thu, 18 May 2023 20:35:24 +0200 Message-Id: <20230518183524.693274-1-christian.melki@t2data.com> X-Mailer: git-send-email 2.34.1 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: GV2PEPF00000100.SWEP280.PROD.OUTLOOK.COM (2603:10a6:144:1:0:1:0:c) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9P251MB0618:EE_|AS4P251MB0712:EE_ X-MS-Office365-Filtering-Correlation-Id: 3f997f45-6735-471e-38f5-08db57cea99b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: rrjCKo14O2l7wAHQ1rqSELkzlSXiZ5qC9zgP6dfmsVLKyCySDKDibrJ8uxIn+dGJ6j032YOb84wvoParzhEp9RNPOuMMViOc4JTD/AbKlE9NoaKntjNjzWALYGjzurMGmH4cYjQ9AnyrbWs7CnojVTWOV0TgeVJELrbKum7KTWY1kvpSi2nXWLkD7U3UNotQfglRuCkRKIhKc54/WQGMrwlbYqvb417slDHBcds7zx7pQVW3QOgHj5lFCxt87bv7LrCg9PZ2V0AzJDzhTI98SlmG5fum8X6Bl3zvwWxiK2UpyHRZ0ZktY31ZIhfERSKkGRBKhNsSLdfcfr8eijFhnsKU1AtNI2gL8M2qvZPqlGEa9KiF/pwREQ4vYr46sLpSwqMNVNJU0vuu/bg11rDv88QHIpnNwqVQ2JoiKzOUGbqRxSmWp9o3NR+FdvZgjVEVhRZrIeWEnbqC0E5yrpxzTBYfMcRyJgmN4iTXjRSCxGx//bBE/xloqnsDy8xuzpjMn6Y7Q3aZ9xokFjq7rLxxbHS7CsOC7HHWXMrS1oc9Q5QjkVuOpkOkT71lH1YKizjkNga9fNhTKKrGqsrj3J2nDjcnDxUMxSoYxGtMDoOFnZM= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230028)(136003)(366004)(376002)(346002)(396003)(39830400003)(451199021)(8676002)(4744005)(2906002)(478600001)(8936002)(316002)(41300700001)(6916009)(44832011)(6486002)(66476007)(66556008)(66946007)(5660300002)(6666004)(966005)(52116002)(36756003)(6506007)(1076003)(26005)(6512007)(186003)(83380400001)(86362001)(38350700002)(2616005)(38100700002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?2Kd3DlwzRlw/Rzp9IZYhaBv1CKdDuvz65jMIRJYFT01pJsm6z2cMPjFLDMNb?= =?us-ascii?Q?PZCeea+CZPfH6qtN1XUMAaWVojJU5FA+RVn45IWkhm0QqZKayLo1hjQhUYzm?= =?us-ascii?Q?7xKVdjAIvWLWIq9Sb57De1jB9VYRvHKHi9lc2Xfh6seO71wIFhZQXSHVVQW1?= =?us-ascii?Q?wFOpnR0cMqfE2QOy+tPTJ3xWqwFNhXygOChw8GeET03z2qKNNhrtQ5n2JWaH?= =?us-ascii?Q?DK2ikuyf14ek7jmW7wInWsdtxoUKNIJMHXFe6XbMiQiN7IbrbbOgi0+egTGT?= =?us-ascii?Q?uXjUBa+kqNsNNVqlvtzNZqVaBAkar99HT/Ow5DB/PN3bQY6/dcIUURNwFMiK?= =?us-ascii?Q?qyO9tM7ezZIetBBdcwPo67c00kwfL4V+HGGDhu00Phn0d70hjrGFMb4RvksS?= =?us-ascii?Q?cNXnapDWPHpENnVCvN9SfPr4CSvJTOM84ib58Rq/41Dfk0x0VfksERwkgeJ5?= =?us-ascii?Q?IRK9BkDLaGHtosdZP/0MYMnu5mmF3DOJAUVGcBJPr3BeaOedWtm3h5YsJjTg?= =?us-ascii?Q?NM1DRPv/eznDr8ahdwYpTohyhaU+abS9Por+H9GPnnGYbz3eyWS/uBwQqmV1?= =?us-ascii?Q?z99srhaiIx6bsim/+JZZ34FW7u6g2dkoQHEXDENO6SuMTvmAmSwkCLE2/N7i?= =?us-ascii?Q?XlGpErTEiozwhyOsEsKi/iiHludK8zAtnR/5BJU5Twu/A30Im/QqInZz4wAm?= =?us-ascii?Q?cOBDmQhHOYwOtnouDCZWw2mCB7mBc4+5WoNaJDwNuLEyAn+TYshuaQ2KkuuI?= =?us-ascii?Q?azPIWUzzri//qTY+HshioBMaz99QFh1zQgbkwipYITb8vMoFvamL6z+vL+r4?= =?us-ascii?Q?H8j+PD8zoGhF0nYH5zBdfNVKoM+u8WWojX2c36HBn+lVdFtdlFZQUEOKYOb7?= =?us-ascii?Q?JAQE+1wK2A1hq4ZXt6rwTDcqDBAEwrPkHLpvwyBYnlE7jf6ciKi+dITIBa0m?= =?us-ascii?Q?XareGiMSIhCQ0yEwt2OVMPT5gz/3nY6F9mwZWHftaqjdYpid5azE2aLXUbwy?= =?us-ascii?Q?FMk/eEqvdWJIsL4zvt3RCBr2iuZiIygtIvfT04QJ37+i85Ny0gx/352+ht1J?= =?us-ascii?Q?ykckF1rz0JUDvApe9K0hrdPmECLiRwpLte97jZ2j79LDrtLoNr+2pnjrCvCP?= =?us-ascii?Q?tH47ND9fKRtVHfPDjL7SXf1FB49zBX1Hr6lCrF1veqciu9+56YaKqNUZcMJ9?= =?us-ascii?Q?P9aA8QvnWXEhcoF3l8Sye34b5MqbgRg/Au0Gsar9QVIG7lAIkR5CGWStd1qY?= =?us-ascii?Q?uLZAxy1OCSVceK+DLDJG57UCgT+ZDpVHF8DtdMLFxnkuMsCWv/wfQvhfIi7y?= =?us-ascii?Q?vH+kVMEAjBunGUeoGnXpImfUZG/P3zoPokxUQHn3UihAtEyqaxADpeNbvGNU?= =?us-ascii?Q?qwHDcLLu63mE9qAX0g062oceC70A8/+sQVbh7Su90aj3g8LAdqNL682ZBXTk?= =?us-ascii?Q?chogVtzw47vOIIFo7EBzhyt96rIJvIURosHGg2dmXuaOpFzTReXVhQruMUYT?= =?us-ascii?Q?BSCebyRIodw3xaAkTXRUiHa19PR+Fi2FJ4YhOP2Twm4106JxNrgA7GpeRomy?= =?us-ascii?Q?ih8K4+zqyIRpGWbtAERh7VXN73ZRQqYxjZqJAD2Zw4ha2jJQSmW/8PiZ4hOy?= =?us-ascii?Q?3w=3D=3D?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3f997f45-6735-471e-38f5-08db57cea99b X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 May 2023 18:35:32.5434 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: uUkuAB+K4E/gRokXri/+S042wZcXTU+h+HsqTD/huOGsJnarRS6LF2EtaDUdRJOLy15eKCgyWP9i8MPznYlpJVzTvQ5Xxx+oIT2heh2P/F0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4P251MB0712 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.ext.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Subject: [ptxdist] [PATCH] libcurl: Version bump. 8.0.1 -> 8.1.0 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false A slew of changes, mostly bugfixes. https://curl.se/changes.html#8_1_0 Including plugging four CVE:s. https://curl.se/docs/vuln-8.0.1.html CVE-2023-28319 - UAF in SSH sha256 fingerprint check CVE-2023-28320 - siglongjmp race condition CVE-2023-28321 - IDN wildcard match CVE-2023-28322 - more POST-after-PUT confusion Signed-off-by: Christian Melki --- rules/libcurl.make | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/libcurl.make b/rules/libcurl.make index 76dc732b5..72f80e365 100644 --- a/rules/libcurl.make +++ b/rules/libcurl.make @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_LIBCURL) += libcurl # # Paths and names # -LIBCURL_VERSION := 8.0.1 -LIBCURL_MD5 := f6c2fdeb30ad30234378a56c28350845 +LIBCURL_VERSION := 8.1.0 +LIBCURL_MD5 := 229e070c0e3f05ad654a1cf11e0619b7 LIBCURL := curl-$(LIBCURL_VERSION) LIBCURL_SUFFIX := tar.xz LIBCURL_URL := https://curl.se/download/$(LIBCURL).$(LIBCURL_SUFFIX) -- 2.34.1