From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 26 May 2023 06:30:27 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1q2P5w-00Ea6a-57 for lore@lore.pengutronix.de; Fri, 26 May 2023 06:30:27 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1q2P5t-0000Us-MS; Fri, 26 May 2023 06:30:25 +0200 Received: from mail-vi1eur05on2062.outbound.protection.outlook.com ([40.107.21.62] helo=EUR05-VI1-obe.outbound.protection.outlook.com) by metis.ext.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1q2P5F-0000UZ-UN for ptxdist@pengutronix.de; Fri, 26 May 2023 06:29:49 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QP9VxRCNt6vWvlPZ0+nyaxsNbIBWkbNBaHkCgUBQENo4/Rkxl9zysJVnmB1ArI9/w7z7gLna8QFH0g7P+oxvY9DxJ+z3Q0/mObh12bqyNjikKK1T749wA/HIXihkeXrpxPKqbTp4m/NGtLZYNvtqR3JxWLUL8Ns6CleDnihhxM88URtl2DS4ztOcwbpfL35E38q9kPOq2SXm7Hr40nwx08DpM1ERsdsI+6JaOmK96zzNcCYzM/caLaa5xIwRAi5/Js9hh/VjsqDuS/2PSJVSVLaIpoK1jHWtVOWCYQq2I5HygJhCFVV6GI6xRAKrdgrrbA7Ux0oStmNly1gjL1LG6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=N7tG7AvO/daSR/mEFeUZhitUzwn2WPY+2U464TFRxec=; b=d2u+slDuINvdjln0w9seXUyeZG5twpt1/OKXqZ1xd5KLh57WccyblCVcb3R+4ojPqbYxcZ+L4JCorB4SM07gigs6zXo0ULIFB1/DuOnxas/vPItat8P5OFjSA2VXz42vEkGcFSt7Woluo2WAoi2pq5CdFTgQcKK3L/Q6VY850tFDHu4+dHeAQefJ9yc5euFtdLnW0/iZBdewPJUku6U9dmFbp63YThErlRMcsjYx0PgTrKsLQsoJkHL0zUYsrh6CKLQhKDj9LzH/SWkM41LMF7u3g0yMVhQsP75Eq4/XF2EHZqfgniUpZAvMtzfUsm43bVcVUFdoqg6W7z2crCCPOw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=N7tG7AvO/daSR/mEFeUZhitUzwn2WPY+2U464TFRxec=; b=KGNDHs5FvEKr63q6wDVcPEM4Z+YDcyEeI/Y5nk5EqmiwbZTbBvf8E/16Xy4cJJ3a51yuyjKB8Gtigiz9nlj8afkA1HebYsIAFAjbn4LT39OjiUVICkVOGYHtDH4mtiYSlDMWRtF1FY0/wx+g2COt3Z8sJB59sQKEG0gqerw6OSA= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t2data.com; Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by AS1P251MB0680.EURP251.PROD.OUTLOOK.COM (2603:10a6:20b:48c::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6433.15; Fri, 26 May 2023 04:29:43 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::8870:34db:67db:6e1f]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::8870:34db:67db:6e1f%7]) with mapi id 15.20.6411.029; Fri, 26 May 2023 04:29:42 +0000 From: Christian Melki To: ptxdist@pengutronix.de Date: Fri, 26 May 2023 06:29:27 +0200 Message-Id: <20230526042927.1858867-1-christian.melki@t2data.com> X-Mailer: git-send-email 2.34.1 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: GV3PEPF000000D4.SWEP280.PROD.OUTLOOK.COM (2603:10a6:144:1:0:2:0:16) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9P251MB0618:EE_|AS1P251MB0680:EE_ X-MS-Office365-Filtering-Correlation-Id: 7f4e2abc-8cd4-4206-d108-08db5da1d36d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: kJv7GwSX7Yovyfu50b1WADvVh6eoZoPLWhMbiqU7xm8CuaH87vNKQB4QORKMQemxk1QHiESXVAY+KIz+mOIditLCyIZ81l+u/v7k/oPUDXH2YGW6+ZV76qVqnV/688wbNBfKKJjcOasabnaQVkVPgKc2qPDsFapm/BHO6dmP1KRhGz31vBr2KW2DwnGRcXhIvigAfbkFMXlexD0xyU6DN4vbEcCcHOOBhrT2H8qL1KN/HV//oSpXfBfNgjxP1ovDHj6/areQHYLW2Ln4K4UFJLL/b7wXu6qHYM5bVDxClAA+6YJ7WYq1mz8H+HzSUaazP4/18402ugLavMKul+UGFjgMf8k+kZfL/bIUemdlegxjxi/rPgxc6L2CnuZj9qfFHFS3R04v2VgK/pGWwMJUynwc12p40J3bjYuOrP+yllJGsL4PgVYrbQSENoFUlolf0b7FZgGcptF6qTPqOQ+M8UgfJaDLeV4Dlz28tzZuls7xlTJHCQ0zJX/EsB4P8LueCOGSeDP/TsDRBdt1VllJlLXSbHNz5bHv/9CpB8b8nCpLBd/Dfaxnm8+6MUR2yPeY9KGZph5AQ8f+LA3+udvZnOAYEfUv2O/da8eauSIhlKo= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230028)(366004)(136003)(376002)(346002)(39830400003)(396003)(451199021)(86362001)(66476007)(66556008)(66946007)(6916009)(316002)(52116002)(41300700001)(6486002)(6666004)(38100700002)(38350700002)(478600001)(966005)(8936002)(5660300002)(8676002)(44832011)(1076003)(26005)(6506007)(6512007)(186003)(36756003)(2906002)(83380400001)(2616005); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?h+QShxyfTMR/gXoR/8pzS8I/rBM8ohmfBna6OWWMhlEn+wNz0Sr4Ow68+RVp?= =?us-ascii?Q?9h1+BtIOWK9dLJcmaQ2RnvOo1OLsy9b2DQfRrbLK3hbvQgb60MR8UGSFS64a?= =?us-ascii?Q?av++A/7kOp2aTDjkimQsQHN6qEd6Xfy3erkSZHd0KffhHsxGXxio4QIZlTas?= =?us-ascii?Q?t5dAcDQ6vNK+2v45kbDzr4A1tXNErneFeWSxa09UlLgOfvQ99/yYiBCtimLn?= =?us-ascii?Q?pgEkC1itB6Q2k4AIz4LCtG89TqBNMLc4yB4yHwLHD9EVQ84YlL3uvjXS0ZHi?= =?us-ascii?Q?9YDb/svIjuyKcmD3NAbjMHqxr9kCj471aGrp1IEOt7pSqO0hbdEa7wdl6gh+?= =?us-ascii?Q?GeGoLBPdJUCECTIF2C9oJ30C6bQo2gF/kKbtY0B1sJ4jy+/Vp+0JBJmbXnbb?= =?us-ascii?Q?CgNfLZ6bKct6AYgcSxxoV2p9w+DKwzygbNjIHe/Ks88ZN2KIiN7xBOT09Uho?= =?us-ascii?Q?ev1tbuZYyXBsHw+dhbqcdzOblXVLEHzAqxjKjlB5oL1mKGbp/FPjcbaQsu3g?= =?us-ascii?Q?80LXrC7SCeGeOOVIdKAu8XCDjzLMWSf+fHL9so6xOmiANhobNO4nrWj6IAWL?= =?us-ascii?Q?wT37le/QLnSik5xFtIolH2Xe+Gi1VgD61ZEmVyWdsTp85CfIjkyzGJt4ZY7L?= =?us-ascii?Q?G0GB1/kd+VC7ORyvs12yHxSONQd8JZGCkSNz8inpDf+3fX2KW2LqgVrqP9VJ?= =?us-ascii?Q?q1epllupGkSh2VeCdOhLSK4NV0ZNXO75o7Hdkoe7DItIJIuM6Y9mxqSw0rf7?= =?us-ascii?Q?wYxDmaUGrN4g/6PHWZ8d1KdrhG5p1XhQ03NRcoeNW+AGbjrzZs7k8rBxbRxA?= =?us-ascii?Q?P9kn8P4xHyOlTLCUfdAHCvoWCZH6ljfinAUPBAe36f1w2AqmSZz0P5VH/oD/?= =?us-ascii?Q?pUuUCTiEmoXfug/WM/YNKtldyigK3rdYNxsVi9Yk8xm15OTBcz2fRrg/W6Gb?= =?us-ascii?Q?BSe9uQPZVL12Tf2PTCAFFE66nhgBtyTtodUACCWlWI3cdygSsGnX/zmyZs5D?= =?us-ascii?Q?o8s6AJKg74Hk70XtSE9FMfK/85XEZMLMK+OhKWdbnwMZ1BMLdgnu3xQ6ki7T?= =?us-ascii?Q?2yoCJB0LHj973oB1z/Cf8xNMnRTUBhvYrP8xdqVHgjUEzFEKkKZ7X6WJ6Ott?= =?us-ascii?Q?qMLQnNmZLrk+EHRYbo5z1/OCkRckTSgF9o79n2fXGNhABzrL8E+67jOugtbc?= =?us-ascii?Q?gj9W25Ht6DD8ADt62pG2bOS/GU8B4D2JChFJtMu0tR2xUh8/gJ6RYhIeyU6e?= =?us-ascii?Q?a0A8AvvpkrMxODh5XlP1mAvq+SbPJwyfsMpeeXrcwgSyVkgKr6rC56m5A+TY?= =?us-ascii?Q?bTTCBdJ53idLKd1zC1pn+L/tNWDwCPVTSitUpUpzSsZvFvmt/elSHMPQCduw?= =?us-ascii?Q?Prneky58tnAqJSMdoifNZBTZO3Xc4zQwX0PhcRfVvA29o26fJo+VD6bDl0CF?= =?us-ascii?Q?1FVB6KgfyNlbWBX49xCKj9mEbpf+FKYrVviNFaHy4RKqbfPGsD8sogDQXguo?= =?us-ascii?Q?D5UFHsD1t34BcWER7NJ+vpROWxm6wL2dGxAzMwj1cxlUaeWJm3uakmss/qmA?= =?us-ascii?Q?IXVjDcG5B1qQWO0kiXugmnmI/SW+oYX1+XxZu9ONPyNtdmrMPu+bPoxUDDFa?= =?us-ascii?Q?cw=3D=3D?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7f4e2abc-8cd4-4206-d108-08db5da1d36d X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2023 04:29:42.4168 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: EQNPiXfwes48D6mRA18daH4Ln3UHjYNQKcaKpFSTLY6LGmaGLvRMPChM4ESNQUXs81NAbkWPvtJ6Y/6ioP6Ziypg4TK1ZvopGcKvjTWvSSM= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS1P251MB0680 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.ext.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Subject: [ptxdist] [PATCH] libcurl: Version bump. 8.0.1 -> 8.1.1 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false A slew of changes, mostly bugfixes. https://curl.se/changes.html#8_1_0 https://curl.se/changes.html#8_1_1 Including plugging four CVE:s. https://curl.se/docs/vuln-8.0.1.html CVE-2023-28319 - UAF in SSH sha256 fingerprint check CVE-2023-28320 - siglongjmp race condition CVE-2023-28321 - IDN wildcard match CVE-2023-28322 - more POST-after-PUT confusion Due to the rather quick regression fixes in 8.1.1 over 8.1.0, this patch superseeds the one I sent previously for 8.0.1 -> 8.1.0. Signed-off-by: Christian Melki --- rules/libcurl.make | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/libcurl.make b/rules/libcurl.make index 76dc732b5..4457fb9d1 100644 --- a/rules/libcurl.make +++ b/rules/libcurl.make @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_LIBCURL) += libcurl # # Paths and names # -LIBCURL_VERSION := 8.0.1 -LIBCURL_MD5 := f6c2fdeb30ad30234378a56c28350845 +LIBCURL_VERSION := 8.1.1 +LIBCURL_MD5 := 229e070c0e3f05ad654a1cf11e0619b7 LIBCURL := curl-$(LIBCURL_VERSION) LIBCURL_SUFFIX := tar.xz LIBCURL_URL := https://curl.se/download/$(LIBCURL).$(LIBCURL_SUFFIX) -- 2.34.1