* [ptxdist] [PATCH 1/2] libcurl: Version bump. 8.19.0 -> 8.20.0
@ 2026-05-02 20:16 Christian Melki
2026-05-02 20:16 ` [ptxdist] [PATCH 2/2] host-libcurl: Follow target libcurl bump " Christian Melki
2026-05-18 7:53 ` [ptxdist] [APPLIED] libcurl: Version bump. " Michael Olbrich
0 siblings, 2 replies; 4+ messages in thread
From: Christian Melki @ 2026-05-02 20:16 UTC (permalink / raw)
To: ptxdist
Mostly bugfixes.
https://curl.se/ch/8.20.0.html
Plugs CVEs:
CVE-2026-7168: cross-proxy Digest auth state leak
CVE-2026-7009: OCSP stapling bypass with Apple SecTrust
CVE-2026-6429: netrc credential leak with reused proxy connection
CVE-2026-6276: stale custom cookie host causes cookie leak
CVE-2026-6253: proxy credentials leak over redirect-to proxy
CVE-2026-5773: wrong reuse of SMB connection
CVE-2026-5545: wrong reuse of HTTP Negotiate connection
CVE-2026-4873: connection reuse ignores TLS requirement
* Adjust options.
Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
rules/libcurl.make | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/rules/libcurl.make b/rules/libcurl.make
index d15ea064f..9a05e7deb 100644
--- a/rules/libcurl.make
+++ b/rules/libcurl.make
@@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_LIBCURL) += libcurl
#
# Paths and names
#
-LIBCURL_VERSION := 8.19.0
-LIBCURL_MD5 := d5d3581ba4b4df1140a26a6efcf13e61
+LIBCURL_VERSION := 8.20.0
+LIBCURL_MD5 := b91d9edf299e693ced85db203206e1d4
LIBCURL := curl-$(LIBCURL_VERSION)
LIBCURL_SUFFIX := tar.xz
LIBCURL_URL := https://curl.se/download/$(LIBCURL).$(LIBCURL_SUFFIX)
@@ -122,7 +122,6 @@ LIBCURL_CONF_OPT := \
--without-libgsasl \
--$(call ptx/wwo, PTXCONF_LIBCURL_LIBSSH2)-libssh2 \
--without-libssh \
- --without-librtmp \
--without-winidn \
--without-apple-idn \
--without-libidn2 \
--
2.43.0
^ permalink raw reply [flat|nested] 4+ messages in thread
* [ptxdist] [PATCH 2/2] host-libcurl: Follow target libcurl bump 8.19.0 -> 8.20.0
2026-05-02 20:16 [ptxdist] [PATCH 1/2] libcurl: Version bump. 8.19.0 -> 8.20.0 Christian Melki
@ 2026-05-02 20:16 ` Christian Melki
2026-05-18 7:53 ` [ptxdist] [APPLIED] " Michael Olbrich
2026-05-18 7:53 ` [ptxdist] [APPLIED] libcurl: Version bump. " Michael Olbrich
1 sibling, 1 reply; 4+ messages in thread
From: Christian Melki @ 2026-05-02 20:16 UTC (permalink / raw)
To: ptxdist
* Adjust options.
Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
rules/host-libcurl.make | 1 -
1 file changed, 1 deletion(-)
diff --git a/rules/host-libcurl.make b/rules/host-libcurl.make
index 82ea79077..b25e3d329 100644
--- a/rules/host-libcurl.make
+++ b/rules/host-libcurl.make
@@ -104,7 +104,6 @@ HOST_LIBCURL_CONF_OPT := \
--without-libgsasl \
--without-libssh2 \
--without-libssh \
- --without-librtmp \
--without-winidn \
--without-apple-idn \
--without-libidn2 \
--
2.43.0
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [ptxdist] [APPLIED] libcurl: Version bump. 8.19.0 -> 8.20.0
2026-05-02 20:16 [ptxdist] [PATCH 1/2] libcurl: Version bump. 8.19.0 -> 8.20.0 Christian Melki
2026-05-02 20:16 ` [ptxdist] [PATCH 2/2] host-libcurl: Follow target libcurl bump " Christian Melki
@ 2026-05-18 7:53 ` Michael Olbrich
1 sibling, 0 replies; 4+ messages in thread
From: Michael Olbrich @ 2026-05-18 7:53 UTC (permalink / raw)
To: ptxdist; +Cc: Christian Melki
Thanks, applied as e697833eb6867674229eb5500b18ededbeeed89f.
Michael
[sent from post-receive hook]
On Mon, 18 May 2026 09:53:35 +0200, Christian Melki <christian.melki@t2data.com> wrote:
> Mostly bugfixes.
> https://curl.se/ch/8.20.0.html
>
> Plugs CVEs:
> CVE-2026-7168: cross-proxy Digest auth state leak
> CVE-2026-7009: OCSP stapling bypass with Apple SecTrust
> CVE-2026-6429: netrc credential leak with reused proxy connection
> CVE-2026-6276: stale custom cookie host causes cookie leak
> CVE-2026-6253: proxy credentials leak over redirect-to proxy
> CVE-2026-5773: wrong reuse of SMB connection
> CVE-2026-5545: wrong reuse of HTTP Negotiate connection
> CVE-2026-4873: connection reuse ignores TLS requirement
>
> * Adjust options.
>
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> Message-Id: <20260502201631.4003064-1-christian.melki@t2data.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>
> diff --git a/rules/libcurl.make b/rules/libcurl.make
> index d15ea064ff6e..9a05e7deb475 100644
> --- a/rules/libcurl.make
> +++ b/rules/libcurl.make
> @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_LIBCURL) += libcurl
> #
> # Paths and names
> #
> -LIBCURL_VERSION := 8.19.0
> -LIBCURL_MD5 := d5d3581ba4b4df1140a26a6efcf13e61
> +LIBCURL_VERSION := 8.20.0
> +LIBCURL_MD5 := b91d9edf299e693ced85db203206e1d4
> LIBCURL := curl-$(LIBCURL_VERSION)
> LIBCURL_SUFFIX := tar.xz
> LIBCURL_URL := https://curl.se/download/$(LIBCURL).$(LIBCURL_SUFFIX)
> @@ -122,7 +122,6 @@ LIBCURL_CONF_OPT := \
> --without-libgsasl \
> --$(call ptx/wwo, PTXCONF_LIBCURL_LIBSSH2)-libssh2 \
> --without-libssh \
> - --without-librtmp \
> --without-winidn \
> --without-apple-idn \
> --without-libidn2 \
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [ptxdist] [APPLIED] host-libcurl: Follow target libcurl bump 8.19.0 -> 8.20.0
2026-05-02 20:16 ` [ptxdist] [PATCH 2/2] host-libcurl: Follow target libcurl bump " Christian Melki
@ 2026-05-18 7:53 ` Michael Olbrich
0 siblings, 0 replies; 4+ messages in thread
From: Michael Olbrich @ 2026-05-18 7:53 UTC (permalink / raw)
To: ptxdist; +Cc: Christian Melki
Thanks, applied as 0174f777e6cbdd5ecc0640dc6e44da1e19cafef2.
Michael
[sent from post-receive hook]
On Mon, 18 May 2026 09:53:36 +0200, Christian Melki <christian.melki@t2data.com> wrote:
> * Adjust options.
>
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> Message-Id: <20260502201631.4003064-2-christian.melki@t2data.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>
> diff --git a/rules/host-libcurl.make b/rules/host-libcurl.make
> index 82ea79077a1e..b25e3d329f2d 100644
> --- a/rules/host-libcurl.make
> +++ b/rules/host-libcurl.make
> @@ -104,7 +104,6 @@ HOST_LIBCURL_CONF_OPT := \
> --without-libgsasl \
> --without-libssh2 \
> --without-libssh \
> - --without-librtmp \
> --without-winidn \
> --without-apple-idn \
> --without-libidn2 \
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2026-05-18 7:54 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-05-02 20:16 [ptxdist] [PATCH 1/2] libcurl: Version bump. 8.19.0 -> 8.20.0 Christian Melki
2026-05-02 20:16 ` [ptxdist] [PATCH 2/2] host-libcurl: Follow target libcurl bump " Christian Melki
2026-05-18 7:53 ` [ptxdist] [APPLIED] " Michael Olbrich
2026-05-18 7:53 ` [ptxdist] [APPLIED] libcurl: Version bump. " Michael Olbrich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox