From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Thu, 07 Dec 2023 20:30:43 +0100 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1rBK54-007b1U-1V for lore@lore.pengutronix.de; Thu, 07 Dec 2023 20:30:43 +0100 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1rBK54-0001Tc-R6; Thu, 07 Dec 2023 20:30:42 +0100 Received: from mail-db5eur02on2076.outbound.protection.outlook.com ([40.107.249.76] helo=EUR02-DB5-obe.outbound.protection.outlook.com) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rBK4v-0001Sc-3M for ptxdist@pengutronix.de; Thu, 07 Dec 2023 20:30:33 +0100 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VcQeUJBQr9wEFpqle9o2OpMR1e3DUlrBjY9AZv75bN/+tbQHjHOvkWRmRct3oKFzfvcG6MbveSgZv/5hYO+Et8YFDWbsabX/o+s1hBS/nfjOmPj4NMwZaHb1c28iOMnzBveVFNuzvKnj2iYN6AAr1gVRAuoKwwWtK2y8QK09Goou0nWenE8pLN6i+d8QlWgNalRLt7MIBSp+1YkBP3shv+VMQbzXiRXmmaTRK9Bgy4ldPeUjUKM28b2lQ9sd/VPjWBhS0xkSUZJVTbz+lxkptPdfRsm1tGezgPOB0NsQ1iLbTR4oy72Uk5MOCpDcNJwAWY7vIq08xyw7ft7Ph+tkSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=K/ScsUj8yJ7GlmcQ7HPMEWSzYbsKeYo5ZK4UlZ/ONxo=; b=I0bEdmCY10I8yDFQiJg4dDHw1vw0kURiRn6jY0R7g/P+GCUgKzGFsEvccYxDKTTBoAKQYoERD0hmMrE+vXxge3890E1A0cQEgWplLRuzMkAQDgvyYzdKc0LRX+S8NZc+e1kkPQmFKwcsfCXx1nxEzxgx9a6dbodRV16+CsoO/8nhSxkkHqZQqrG2ED9sWXYkf3IJ9zdRepegwkDeV03uJGjOqvXfzjOLTkWEiaJbD5/AQQpLHMtmFF3tb3GDIX6T5Y8GMciRUclaOGa8Qh0JCqFlTUy8psgPMy1ene/c0i7r19tJPJFcoq5Ypkzn7sVfUw3jvap6w+a4MHZDouWD/g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K/ScsUj8yJ7GlmcQ7HPMEWSzYbsKeYo5ZK4UlZ/ONxo=; b=KFqszz4h5QRXd9o8irt5t41k+ZwzpSyHBT8/Bkn5/GCkcr9NpoCJjvm4z/rWu/tKybXTOzYXos/HE1otHmxf6NC4ShqtGwERA465sgvM6QNKosYFt+n7fdk02G6778AXmN4BCyw0P3cfxnrbECjKGZkGosLKOf83v8/L+51Um40= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t2data.com; Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by PRAP251MB0537.EURP251.PROD.OUTLOOK.COM (2603:10a6:102:294::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7091.15; Thu, 7 Dec 2023 19:30:29 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::534e:22ca:cd9a:a66e]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::534e:22ca:cd9a:a66e%5]) with mapi id 15.20.7091.011; Thu, 7 Dec 2023 19:30:29 +0000 From: Christian Melki To: ptxdist@pengutronix.de Date: Thu, 7 Dec 2023 20:30:22 +0100 Message-Id: <20231207193022.972654-1-christian.melki@t2data.com> X-Mailer: git-send-email 2.34.1 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: GV2PEPF00003853.SWEP280.PROD.OUTLOOK.COM (2603:10a6:144:1:0:9:0:1b) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9P251MB0618:EE_|PRAP251MB0537:EE_ X-MS-Office365-Filtering-Correlation-Id: 65e17dea-b316-4f78-3690-08dbf75af885 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: h3SjFEo5e6DNsmkATHnPvho4nw4axVPqqXJQ7pmTy/y21UfgbvB4kTzF/wQ9UDIbUhR9CnfZRxnIfK0HmyZTCkbqOr8I3O986oIKl2YfCDc4AzeRlirw6bM+Lt/RNv6aVAQuS0UCAUFqvHFPPGZJyvL3++vKu2yPcnc0hi4l2O+KE1fDJheKoGxhr0zfc9Fly9t/vYl8oXcdnkDbcwBDoM1gAaLrXWhPgiAHKsvz0h+CC4sUqxRtVJUvHtzJFULH9hyvjF9trqN/nRJ0L2F4eJH4ba5HEHuEUyiHzrE7cplMrtUCqAhryzlnX1/ciVmFLjDF7JIAmavqans5kHHcbA33hDtuvbyW+1id1xD7v9isQMS568rSCkgVhjvZfcJmzbVJ5TC7o3tR5XCQnIgIH/1KhdCt19w3ztnx0u7T9wSp/GYfZ0zyxAeMS3jspHpVT78nwWoimsudPyiMRxg3PvR72kKYVBD8/GEouOg9om5kkLP73R5xtrnXK7Udvl8L8Y6Utg1XAhjB4ViXT0xp/HsxeHa/ZMHzt8ds6QOef63gLMAAeNG/80Gw/eDaiF3I4Q1lBdp+IMXupH4EUtojUXH4vdjc76ek+qKJ7upGcV4= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(346002)(366004)(376002)(136003)(39830400003)(396003)(230922051799003)(1800799012)(64100799003)(186009)(451199024)(6506007)(6666004)(6512007)(52116002)(478600001)(966005)(6486002)(83380400001)(2616005)(1076003)(26005)(2906002)(4744005)(41300700001)(66476007)(8936002)(66556008)(66946007)(6916009)(316002)(8676002)(5660300002)(44832011)(38350700005)(36756003)(86362001)(38100700002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?2zfv/yfu3vDdJjQggw0CbhTabBmIQqZ07hY+4fORW1YiYXruEcSiUlRV6Tmw?= =?us-ascii?Q?8kWJqlq/5UoJzbwowgrAkCEfxBdsmWRmv21Bp5p34ubTmyxMIYnri2+0Oo5a?= =?us-ascii?Q?iWJCRiLx+a5ieBjx5L9VXM1IDeyLxxcyZ0RE7qms4IKyyv3cZ+SodddRTEcc?= =?us-ascii?Q?nEamp+CrL9c3QAq3YabrXi100LoI3fOmniwttiZbY3MPTYVUGDFM1Dx+KgcQ?= =?us-ascii?Q?UcB7sSyq/vPBtBriTQnfik9LhD71TgywPIvbOQVCX/th4B/gAD2CPkvOYKgb?= =?us-ascii?Q?cSe6Q3rmQAYSoU7FYBQs90PMlP5e/F6sb/BINR158VnKajshb0bPP0CDUOyJ?= =?us-ascii?Q?40g/snGJSJLaY1iBN0QF/u8mCqDBTHrW/bp33FBP0uu5ewpML4bH5of7vFG1?= =?us-ascii?Q?huq3lkDItlZ5pp75Pr6zi7VqCKWAXiT08jHPu5gQ4PWnNRmpuAmvw0ci+vkF?= =?us-ascii?Q?sCBvc7dwWI2x0Jo5f/VCnwSqpVEQifAooj5p8pKtQx650OjL+O3J2RDtZbn4?= =?us-ascii?Q?t9cchzYAOIgvDbHGCDb16g7c3s9HuAXmrw2GfxGLpPiRF1xrUaYhU6VTzUxd?= =?us-ascii?Q?snSlmpwJj7sPSP8ydCcNfRLwFpvGUHTOmYFaIof6Apd4yXi8DRjdGTl8R74f?= =?us-ascii?Q?MvvItQgKAOn+bTua98IceuMLwQudQ5jw5WPhSjPmYbnBwWK0mK6JOHVxU2fb?= =?us-ascii?Q?S+cdBkUBO7uqODLUFs1rr71j80dvq3kzUfwV0scvhQ1GQgy8P2DdTSezYnub?= =?us-ascii?Q?8hPxA4K+DHVVl1JGtiOskc4F8LmKyi8xgchGvFkaQDI4QNVV2cDFv2RPbvsH?= =?us-ascii?Q?BpfWcIgg3ymaCy1TK880z5KHfZ0yQO+IwJGRwox/gSJc3meWCteZN42saWkc?= =?us-ascii?Q?TizGwMYWTtDrPnriPnUgg3qiKWXXnUFWcRgpKaDjIdDa0oGkoLKG5n9JNv05?= =?us-ascii?Q?AHkItWr9xQpXZ6r/sBizDhnzTT1IJ3NmArXSw6ffQLXrW2wM46LlDG7ycG8x?= =?us-ascii?Q?cl8h7v0aBcm5e7zRx2YSrzWZK5mVS1xl3ERUvv0Yr6cPDJMVN5UyuCM4Vn9t?= =?us-ascii?Q?2msku8To0k+BGsy2QQXEUKsGlYELXNWeKRpr7I8q51qmB8Z3+xipfZ7Y9rZU?= =?us-ascii?Q?m7PnKPCMHa307/4WZkrWVln6IH3fr/v85BxpdGsp1IuxqCEs8NCdBp9m1iZ/?= =?us-ascii?Q?SJqFJyO+h2oMX9ZLySlfDXzjd6ewoAaRfHwH9Tzl5tcCKfdX/lbbrp5aSAcV?= =?us-ascii?Q?+vfUUs8D/VXwzvNn7Ryjie5sNuHxck/WG8DGj9xKfTlsbvFQ9prdp0ml0pdV?= =?us-ascii?Q?HWthXDo8IcSmkbtYer3dWoLg+jEdEHMn2sZXQ1fsmTa8cr9zPqtKoIxX3vr2?= =?us-ascii?Q?wZjKPE/hFDndvBsQxq1skY9iKGC2x9QoAS3PuW2v/Jw7nGf8iMAXUYXb+lfu?= =?us-ascii?Q?v1U+z0EmXsdS9nJ0G/ESp55F6JftMJxLun4oIUmljMztHDO0bGV/WlVvSnP7?= =?us-ascii?Q?VVcTwPUfbgDD99gwqpsvaLDNjaYXz0HYNYpxZcQeo2H2pD7/UAbxTPsw7oCX?= =?us-ascii?Q?4FnKR7GY1r72S/gVEDeKWxYmqHdN6PfR8LzqxsKjGOjrrNsA5OLT81/DgIfC?= =?us-ascii?Q?jw=3D=3D?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: 65e17dea-b316-4f78-3690-08dbf75af885 X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Dec 2023 19:30:29.3424 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wUgcvF1w0d6RZAr2ESnDOzNX/xinVzzFu1VCQg5/aVx6vpLupYhKEy2GaeWEpbUNNCMJWj40hXaMgGByQSUJuR3FXcvl20rAwZw31NZycV0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PRAP251MB0537 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.whiteo.stw.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Subject: [ptxdist] [PATCH] libcurl: Version bump. 8.4.0 -> 8.5.0 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false Bunch of fixes. https://curl.se/changes.html#8_5_0 Plugs noncritical CVEs: CVE-2023-46218: cookie mixed case PSL bypass CVE-2023-46219: HSTS long file name clears contents Signed-off-by: Christian Melki --- rules/libcurl.make | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/libcurl.make b/rules/libcurl.make index 61797e9ae..f0c2a74f2 100644 --- a/rules/libcurl.make +++ b/rules/libcurl.make @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_LIBCURL) += libcurl # # Paths and names # -LIBCURL_VERSION := 8.4.0 -LIBCURL_MD5 := 8424597f247da68b6041dd7f9ca367fe +LIBCURL_VERSION := 8.5.0 +LIBCURL_MD5 := 3e9e5c2db494e7dbd4e7024b149021c9 LIBCURL := curl-$(LIBCURL_VERSION) LIBCURL_SUFFIX := tar.xz LIBCURL_URL := https://curl.se/download/$(LIBCURL).$(LIBCURL_SUFFIX) -- 2.34.1