From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Wed, 11 Oct 2023 20:03:28 +0200 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1qqdYO-004nSr-ME for lore@lore.pengutronix.de; Wed, 11 Oct 2023 20:03:28 +0200 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1qqdYM-0006eS-VW; Wed, 11 Oct 2023 20:03:26 +0200 Received: from mail-db5eur01on2057.outbound.protection.outlook.com ([40.107.15.57] helo=EUR01-DB5-obe.outbound.protection.outlook.com) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1qqdXw-0006dM-Ng for ptxdist@pengutronix.de; Wed, 11 Oct 2023 20:03:01 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EIGaMxy4TIPKgSaXUyq8M8/0Jvn7MPrxgHbOJht3KLt1fe9h4Coz5dukysSU363TfnQp908e/rPnewj7aebsjzCeYyqXkdYC/zaN0Xphs3gU1XQQsvb/1U7z5uFBcnAYF78aO4Op/bzh1Bq033wF++SCJ0uBjV2SH33EVpCUxpKgqfVpFoy5jqtgCLILenoBzqBhvs+qCqU8iH63MmUWnIzCeMJFkdkfRXEOWANj2HPLNoKoMHZhUlny44DWyIddQjEk+fkNokRdAKnRbT9atkxr0GzM4ycnbAS86ocxWY20/nNj0ilc1cVhr68ArL3PmlVFULtp/1+WTVxdzkIN2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=f4SEDyR8zm2ecqijtCj7DSivJ1gtHZpFrfZWO19QtuE=; b=VrDtiKvEZiYP/Z+UnsrW1Jvb6OMV9hhOwr26ZJ2//r8r2X15SQPSlpPUnbEYyuj5dTpS5C+XMR0xHnRt/5Wq2kbmcYmaas/9Te7W5L8zM77FRxcjPkufswep4YBL7dOE8NQ2rEKiciF8xJk7OXYQNJTWS97BRb8WxpW3TvyuOmnF3Vyivm4EXltCNrr1alW0gF9DK6w3gwk1zM7pTbHh4dHJ6wjdEQgDWOW3DffVzsPphTGnoEyrfRAyCqFf+cOG1HVJ/UPrMIP9EBjn3H2IkcHKfu1yILIblwNltl2yVdvnL8mhLfKG+i5fJ9LJQS7JYn1LiMN2LmSSMePO6kcgMA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=f4SEDyR8zm2ecqijtCj7DSivJ1gtHZpFrfZWO19QtuE=; b=Q3StBOr6LcSu35FU0SZeypXhzan3eVIMtiyEnTvQaVIE96A0P6hHC+foBsp0wDDBPtI3obkZapr2HkZj9QzEY5D+ymSA2v2XJsfgffWggVAtcorQg18Cl5h5qr8IY6QhgCr18shnqGMmtciGjJ+/gCR+c1Cb9AaEA5REllifBlk= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t2data.com; Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by DU0P251MB0890.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:3ca::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.38; Wed, 11 Oct 2023 18:02:58 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::ba2b:f72d:8ac5:b2c1]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::ba2b:f72d:8ac5:b2c1%7]) with mapi id 15.20.6863.032; Wed, 11 Oct 2023 18:02:57 +0000 From: Christian Melki To: ptxdist@pengutronix.de Date: Wed, 11 Oct 2023 20:02:36 +0200 Message-Id: <20231011180236.1768772-1-christian.melki@t2data.com> X-Mailer: git-send-email 2.34.1 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: GVYP280CA0048.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:f9::17) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9P251MB0618:EE_|DU0P251MB0890:EE_ X-MS-Office365-Filtering-Correlation-Id: a7935cca-3ada-490b-ad8a-08dbca844ce6 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 9UACh4vUdua95aYp32uSzEBFBrL6Uls4F1/c5PjzkMPkXWrqAyE0bBR2MhXCBx7Zj7MDscoYjrpt8ckxNiVTUfltxyoZJGxT6Iwl84Wwdg+ox0NrjYcSp2+WVKVfyQ9JxHebSc4GHmEKvtN+rcKISFlO9VgQ9L7s0Yj11m1gPuFCXgBNFKSXE10uYse3/yHure5Dq+rJryZNRO86DdMmj5S81/XwSYKd2TE0xR1ucmkNoiA9W1hNDLpvanC1AHvusGXZ12kRb9GL56jgo69RIaOWPaUCB3NiTl0BG5K2uHwTUPzyvAy0tK8SZIwnSirG99zQTuz6z85tJtgxq+PYJmlhnS/T+i+VZpYdt2xrvut88XNgSHhbOmQyjpc779gJZCbwDqdEUlAtd3gJCTOux6hVL790aC3G6bXR+lTFKE7nFImW7VvNAqGzFfi2rze2HDnlwVxHZegdUEiAG9O4J+FTVrSU2n7aH2v2SLP32AB6V/IrdtErQ70p9RPW/mYyrzP4E1s3v1xjsM0+gucmnBZakiT/YFuJeOw9CYESVA7VbP7hrf8QgW/Ivx/np3BqjYhkw2pw0cjV4TwcqJG+EgzPE6/eHRl4J6GS128uNt0= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(136003)(376002)(346002)(39830400003)(396003)(366004)(230922051799003)(1800799009)(186009)(451199024)(64100799003)(4744005)(6666004)(36756003)(26005)(478600001)(1076003)(52116002)(2616005)(86362001)(6512007)(2906002)(6506007)(83380400001)(6486002)(38350700002)(38100700002)(966005)(5660300002)(44832011)(41300700001)(66946007)(316002)(66556008)(8936002)(66476007)(8676002)(6916009); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?cmUy++4Hy9kDgktgK3QcOnSJPerpbwgHxosppvcgkZhSmSub7tHYhrSu/7l4?= =?us-ascii?Q?YvmK39bVVp8QxZw96v/kq73mWGXZWhHr0e2xcvj+KKfxdnOXLNYpzKf1pPJ6?= =?us-ascii?Q?nWcCSIvc1gUA5lQs6HQQQS/lECb1RbeF8koMFttJRYLFbRfIiUb1OIeErA5L?= =?us-ascii?Q?/z98XMx+XbVy+lv7fOwa5A0R9JPXruSXB3xy94d0QcT3QiSKoG7rU6vyfyXy?= =?us-ascii?Q?mrgSuhDdn79fYECg2oV2o3Y71XX6SgmeK7fThFXvfSdloTJ7NmwEu/jShHZS?= =?us-ascii?Q?7IoOoglsmkoubTgSWcU+BKwNZoOD6quKiq1TUoyy4m+TM8LaFHO4hG8VwBxe?= =?us-ascii?Q?VH4r033C2VcFluuND03L40QkJIqEdzOgUmeXgSNKIE84UXuZX6ccg/v3I8k8?= =?us-ascii?Q?Fc5p47Dqn0/6mdBCR0o5fwbEncC4Z4onARjh1Pfn2KaRxF5KTurHfHkL7XX2?= =?us-ascii?Q?0zy0btXjsk9xzO8EUurzRSHsRQOlcVaWq0aKYSSu6qo7Mr0fP2M6Oyv6OQsh?= =?us-ascii?Q?W2bF74kcIYVE/Hd27gMPfn4quFnxYZQFax41wgV4i9lbCxBbqqGNV0xuk9v6?= =?us-ascii?Q?G6UB+XixCrGMmQNe3jipQ2pQ5KYCv7K4fipOkEv2jAonDsdxh+LqPRVPj0LH?= =?us-ascii?Q?H6BjNZGMZoVTPUOvxfgv3ELC8YaS+HqXq68GfbnftaBbb3u7By8uEkz+arI/?= =?us-ascii?Q?KQVjmkWZHzKPaR1HM/0I1u3Bm4O/g9Gps6R0i4C0LrVBVUrJUgOAVnDAoEig?= =?us-ascii?Q?1jYsKNRcG2eAy0cEq5vFUFCqrpDKAAdR6rmFEOoiZkoyfV/RHh/MO1k3ns7x?= =?us-ascii?Q?aOysCNbutJxHk785d6o9PvZWtSzgNlezqK1AMgxGoWk/lIgwLuCI4QOJaV37?= =?us-ascii?Q?LmUK9zSRlu/KnAdBBWhEyFZ3X5+f6+SO2Q7tF/TgQFmQJ6UliWye8oXOJN+4?= =?us-ascii?Q?awS4rB6hmQS82cVyioH2tuDGsmmIokpL2NbNWg78fTwbsROA5sqn2lqixdNz?= =?us-ascii?Q?QOgBTLyxta32aEPcxooUG8p/NTAF+mklzpEwFQFuqlrk5GuOatLVcVreEzrG?= =?us-ascii?Q?7VWXjHPNvznN697gJ6ZtI+ERD8Yx/Q83EdPtD4aLYIPimfGj3lY4RoiM1IAY?= =?us-ascii?Q?mrJLA0+UB4J09g4n2P5MKB11NjwcVltzfqlymqY+DThcLcsCeFeGPsxFa5jH?= =?us-ascii?Q?F56BI2OZP+TUgJle0FnEADkdbYuo6fe46b89/8XFAuHQO43u5fqmcSKmfJnH?= =?us-ascii?Q?srg6SdhJIdSDU4bIv32PjY0FZRtJVFtgP3Hd3i3H2Ge/QtAaFUkuhdEfS59s?= =?us-ascii?Q?v+P8DLjifMKsoJwpi2UD+Xh8NEx9biRSZkxsKpN0D85Xda9p/nY7ATu8EH4u?= =?us-ascii?Q?VrexgZVZPWsdIF65mAQ5TC+A8zsDDvKif3pu9TB9P0yopET8X6xIp69uqRxz?= =?us-ascii?Q?BM0q97hzNbz14yhB8IIu4D7RHdQCbBfG3u4SBGiH+wQMjGIYW7waZ1TXHTNw?= =?us-ascii?Q?T5UyTY84xyxAJNn7xQzip7CMUZ/xKW1P95G1YCr+ibCkhENAah3BtlN7K5GF?= =?us-ascii?Q?LIUUzOBgVNiDVxY5PsMu4mIfTf/U9TyzE7VSqt6dgglwdg7kjvOTuSDVEvr2?= =?us-ascii?Q?Ew=3D=3D?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: a7935cca-3ada-490b-ad8a-08dbca844ce6 X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Oct 2023 18:02:57.9605 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: BomU4YXoHZzfPtoPrJxatyxpYZFAEyqkQ8Z2uen+UUyNXyKIBqGomKdkgd4y3RC2Tw1c9Hl71jZYLbpdUkovKnnEMkavFTnDSctMUv/7dos= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0P251MB0890 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.whiteo.stw.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Subject: [ptxdist] [PATCH] libcurl: Version bump. 8.3.0 -> 8.4.0 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false Mostly smaller fixes. https://curl.se/changes.html#8_4_0 Plugs two CVEs: CVE-2023-38546 cookie injection with none file CVE-2023-38545 SOCKS5 heap buffer overflow Signed-off-by: Christian Melki --- rules/libcurl.make | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/libcurl.make b/rules/libcurl.make index ad615bd87..61797e9ae 100644 --- a/rules/libcurl.make +++ b/rules/libcurl.make @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_LIBCURL) += libcurl # # Paths and names # -LIBCURL_VERSION := 8.3.0 -LIBCURL_MD5 := 2fc6cf5cefa8b73e3826aa24befdccff +LIBCURL_VERSION := 8.4.0 +LIBCURL_MD5 := 8424597f247da68b6041dd7f9ca367fe LIBCURL := curl-$(LIBCURL_VERSION) LIBCURL_SUFFIX := tar.xz LIBCURL_URL := https://curl.se/download/$(LIBCURL).$(LIBCURL_SUFFIX) -- 2.34.1