From: Christian Melki <christian.melki@t2data.com>
To: ptxdist@pengutronix.de
Subject: [ptxdist] [PATCH 1/2] libcurl: Version bump. 8.19.0 -> 8.20.0
Date: Sat, 2 May 2026 22:16:29 +0200 [thread overview]
Message-ID: <20260502201631.4003064-1-christian.melki@t2data.com> (raw)
Mostly bugfixes.
https://curl.se/ch/8.20.0.html
Plugs CVEs:
CVE-2026-7168: cross-proxy Digest auth state leak
CVE-2026-7009: OCSP stapling bypass with Apple SecTrust
CVE-2026-6429: netrc credential leak with reused proxy connection
CVE-2026-6276: stale custom cookie host causes cookie leak
CVE-2026-6253: proxy credentials leak over redirect-to proxy
CVE-2026-5773: wrong reuse of SMB connection
CVE-2026-5545: wrong reuse of HTTP Negotiate connection
CVE-2026-4873: connection reuse ignores TLS requirement
* Adjust options.
Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
rules/libcurl.make | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/rules/libcurl.make b/rules/libcurl.make
index d15ea064f..9a05e7deb 100644
--- a/rules/libcurl.make
+++ b/rules/libcurl.make
@@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_LIBCURL) += libcurl
#
# Paths and names
#
-LIBCURL_VERSION := 8.19.0
-LIBCURL_MD5 := d5d3581ba4b4df1140a26a6efcf13e61
+LIBCURL_VERSION := 8.20.0
+LIBCURL_MD5 := b91d9edf299e693ced85db203206e1d4
LIBCURL := curl-$(LIBCURL_VERSION)
LIBCURL_SUFFIX := tar.xz
LIBCURL_URL := https://curl.se/download/$(LIBCURL).$(LIBCURL_SUFFIX)
@@ -122,7 +122,6 @@ LIBCURL_CONF_OPT := \
--without-libgsasl \
--$(call ptx/wwo, PTXCONF_LIBCURL_LIBSSH2)-libssh2 \
--without-libssh \
- --without-librtmp \
--without-winidn \
--without-apple-idn \
--without-libidn2 \
--
2.43.0
next reply other threads:[~2026-05-02 20:16 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-02 20:16 Christian Melki [this message]
2026-05-02 20:16 ` [ptxdist] [PATCH 2/2] host-libcurl: Follow target libcurl bump " Christian Melki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260502201631.4003064-1-christian.melki@t2data.com \
--to=christian.melki@t2data.com \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox