From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Tue, 30 Jun 2026 21:07:24 +0200 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wedno-00BZ5t-0F for lore@lore.pengutronix.de; Tue, 30 Jun 2026 21:07:24 +0200 Received: from [127.0.0.1] (helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1wednn-0003SM-Us; Tue, 30 Jun 2026 21:07:23 +0200 Received: from mx1.white.stw.pengutronix.de ([185.203.200.13]) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1wednY-0003S9-Lh for ptxdist@pengutronix.de; Tue, 30 Jun 2026 21:07:09 +0200 Received: from OSPPR02CU001.outbound.protection.outlook.com (mail-norwayeastazlp170130007.outbound.protection.outlook.com [IPv6:2a01:111:f403:c20f::7]) by mx1.white.stw.pengutronix.de (Postfix) with ESMTPS id F11C7202596 for ; Tue, 30 Jun 2026 21:07:07 +0200 (CEST) Authentication-Results: mx1.white.stw.pengutronix.de; dkim=pass header.d=t2datacom.onmicrosoft.com header.s=selector1-t2datacom-onmicrosoft-com header.b=iHahQW4Q; spf=pass (mx1.white.stw.pengutronix.de: domain of christian.melki@t2data.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=christian.melki@t2data.com; dmarc=pass (policy=none) header.from=t2data.com; arc=pass ("microsoft.com:s=arcselector10001:i=1") ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=GTuqRQENgFpzTHuOCVYBgOqSrzFeR2t/mfvi1B0zO0fgyfuiECuo/opVMbzL2xLV2w8muHE4udxlzN9CLKeqwQQ6O11LDhEq/7p+XTHagRjpVvA9dCgmGofA3AuGEL0dyK4nZj+dXeNr1iy5oJ9B41qNDqrT8COdCcHxJ+5XyukiCSzw6icuGBbTDW66Gwj/yUtK0udlx7QCfi8equTyNl81dfQ6g9tipA6WG8+UmvxMV1gxAW2Yp4e25qtmCsWfhHNvjgU4vHH4zt24Lw/Y9jUiQMM/l4D5AyWJKo+jPpluv7MWWo6hYUnm5o/rO57SPEXtYqMVIZEMS3YBx7K0Og== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4M5E4ravco20aypLBxSMt/ir1w2fCOkEQwAcQn/V8DM=; b=DDFmWYXANkzybV/+5JzzfdgVjpMDkhPm4m42yJih2gZ3eFDXPT8ydyssOhQiERQMVbvGeK+/YjsoK2RT1bSjE3wdS/6hdWEwtONEnmfKV3cncvk0VhC9NyN/JgG+vTSBuv1AGe6r8PTb4Xc+p4FGPh8VcT18FdKudvM80XK9PjkbNEGEv+mlvTScss4+XdteHs+sCq8fgfQkfWJ5k3p2DfW6hqwjjN9bVpLiIbNy704PI2la903cnkhXxVJbxpi4R13U7UQVR6LRBiF9/eprexe0Ib7IKc8+b2rXb3bJylTAoM1GNqvO1daYVq9hBH2kENX0qCBFP2vS1Q6EBwfeTw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4M5E4ravco20aypLBxSMt/ir1w2fCOkEQwAcQn/V8DM=; b=iHahQW4QTjErd2GXLwFpFnFvmQi4csFBaqYj2BJbxcPrqo2wh37gW0TmjGuXn+5v2ue0BVTc6Ry0g0Y5NR5sIAqu8ipr6hundNnmwylmvubW+sszkg4Iw+2jyUD3gVIMGnL9+yMxZK1JKF+OYEgU2pyHZQ7bnk4l3RSTLDqp2xs= Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by AM7PPFA9C5487C4.EURP251.PROD.OUTLOOK.COM (2603:10a6:20f:fff1::866) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.14; Tue, 30 Jun 2026 19:07:05 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::a4b2:58d7:8549:4b19]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::a4b2:58d7:8549:4b19%3]) with mapi id 15.21.0159.018; Tue, 30 Jun 2026 19:07:05 +0000 From: Christian Melki To: ptxdist@pengutronix.de Date: Tue, 30 Jun 2026 21:06:58 +0200 Message-ID: <20260630190658.3665025-1-christian.melki@t2data.com> X-Mailer: git-send-email 2.43.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: GVZP280CA0004.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:273::9) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9P251MB0618:EE_|AM7PPFA9C5487C4:EE_ X-MS-Office365-Filtering-Correlation-Id: 166afcb5-3a85-4fb4-6862-08ded6dac63b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|1800799024|23010399003|376014|366016|52116014|18002099003|56012099006|38350700014; X-Microsoft-Antispam-Message-Info: UYl32rXxDhfFGJjB7V8yGwOcAClyHodfmHfBGNgWQxxaY7QsFhDlI7+5XT52LPdefhea84EIU0Gj9P2p8oIf0KGymjS9Fa+QlZdldadxUOerwA+w19T4WOz7l8ugGWQrCnNO9ipcHoz5MuDdyuuntP3C9R8xSZhvsxM+pHIDNmlbRkrCEP46OEgplWSmx0lDpKrg/7yp+c1WMaZJa+lgHjuE7QxRvBYM1UBp+R5cJcWgvlGZtSjfmu87xT9EcktpJBIowDb872LY9psrDbhpv1AX4xBNjfy8y0LKDNhjtmPfHuGwj74LTKBweYgXMHrGi0TP5MUBTrW70PUtohfa4bBLtp6bMFkwXuLQE2Kjn7Bl51yqUyc2Tgajq2WJ2PGWplOb787CVv/M/+MHu+Qg7CNwCrTs3Gu1xEu6bif+y5hXM9txd+Ubx5jlOZrktnWsW8FVUSlgAXB1HwoZV+Os8dTn5PosZpigLEPB/r48h9USDaJA3iahXJxrZ6mDzOm3GOD4PL6bVFNJxkr6MGpVmwtjyqZ5JZCIKSgqcUNAYhVIpX5cbp24JXVjEtVsiH/RtuCC3CX1RyxajEdXwWaWVP9Po0H9YOke560zB7XYFQc67r+MkCFyA1gYYZpS606oMnVAQ1LF/YJ3wVOZwWRbdgYE6Z6I+w3KzYzZ6bgi9g0= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230040)(1800799024)(23010399003)(376014)(366016)(52116014)(18002099003)(56012099006)(38350700014); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?lkFcRBDGP37gGzYiPn9lVTg99o8XdcdJ1+xc8LQwuiaNRTelJWKCL7yduMmT?= =?us-ascii?Q?F/2Pq4+zEqt9b1Tsgi+7qZHILsUN7qiXzT1WlCOB3is4eDopMkkmWd5r/TQK?= =?us-ascii?Q?JOGw4iypGSiutN22nkc7J8q6z00uBgjrg+N3UWZ0XmQMTQDLnTkyUOXbELYe?= =?us-ascii?Q?YBieRvP6VocQtZLxqcIyyLD3whbWGLPnt7fZqon/bpqFylqDCtDs5/5UItqt?= =?us-ascii?Q?t2E3x0WAmyKdm5Jfd+wHggp1dnRiTam/Q+yhySPJmYu1lRcBOP3Rt6RR+sZ5?= =?us-ascii?Q?Ikdo+hzXyxH4scNFE9RHhG6XKuqLhNeIjT4DBgtUZRa9M5HxuiFKQROk7/sz?= =?us-ascii?Q?JfuM4rjMyOV1awrahIMpVUYw7eAWBT5LXb1hltLowFIR4xmqBZ0oK9cdnSNv?= =?us-ascii?Q?pj/eETpQtS4RjFUmE3f+7YoloUPIKaoUn7yt6NvQU/6sGe3scg5CGa1U3mVz?= =?us-ascii?Q?8mkj9E2QVFqFzjByOtRZ8vdQvPjI4HBvcCNluaf2d46J9FjSo+81oo1KhI8P?= =?us-ascii?Q?Ni4DkGedHoS+OeqsqDJiZHOy6CjkL9GlyJNS4mIuHZAzYECcyjKrVP6VW4Af?= =?us-ascii?Q?KytfI1z6Xl9zIo6gPVgZxDa5/fFwl5pJwm/QC3cxJfOySxWvzYhNWFYFqiaM?= =?us-ascii?Q?5S1P4hNRNkAZTFEdg0XfWx5SFqVxOGEOda9wV9uPUaR+wDXUhbFOb8zGsoIT?= =?us-ascii?Q?U5nzL0fv3rAGA8dD/M9BC5IxbZzeHi2pkVoXfipXUx76wZ4Os1YTh98tS9F5?= =?us-ascii?Q?I0okJM7K0xVPNtqyYEhNGIK4z8lGwxw9iI/9vGIzvLUKrXLdbZYcYv9oXwOy?= =?us-ascii?Q?Qw28RyqPOvZ6pw11dFwn7Eo1mr9wCqNXj7/8ONIRQMzmYi9I9xXA3RZfwG3Z?= =?us-ascii?Q?hDzXKAxWylRtugIFsKgk1Pmw88h5uVWh2eulnhn5myb/LZl/awnoAZ3QbQZz?= =?us-ascii?Q?d4B8gFG61b7Tgealwap8eqe0xRAX4gK6sFlxELmSJc2+M4BRpUHlKzJybJBS?= =?us-ascii?Q?gsRIsDegN2VtatfE3G0DjK1zWn17tBtiZpcBNKFCKN+O4MHYBz/he+kf6HMa?= =?us-ascii?Q?kLQ3SHM73OcngJQVmXWfsiCxYj1oPubV4ay+ax50YlmWsC+UpgNkDw58t4nJ?= =?us-ascii?Q?TmYWC8owE0gzWMmnwKBGkrfKmARXVsZBt+uFqI5Q8CtMpMEQmZn6rM/0rRWw?= =?us-ascii?Q?kFeTDfpLahZQRpLeaT4Fo+Vy0iaK9oYWNoNVkFVLSomdzmezCbLSzoqZ0oJs?= =?us-ascii?Q?qVB3qO+hmgNhLP3knIeOZaewvJQqrXDFwcYs624bLSSgoc25VrFCikI9IuS3?= =?us-ascii?Q?zAWh89a10wThLwCNJkGxH/CdkJFFMWYZPqMrfhpBQmtAXHqGbBb+jmTztGHQ?= =?us-ascii?Q?UKBr0Kb+7x0en/8pr7LLV+EE7Ud5ivLPpvXUQRhGErrwjUWvJ48rFO8IbUoI?= =?us-ascii?Q?JGnWGJp3H1HJ6vS632lyrZ7VjKajue0/Y8mML/0eCSssvXQwQmN7P/VDjCwX?= =?us-ascii?Q?A6MlIgh5vzWw68T0ZFaMu1c1m4aWYH3t6cGXthDCRWN3q4nVT4SONkUCZecW?= =?us-ascii?Q?LKxDF1cYr0Ojntax7DUXiEipjQ1ChFj3Od9rQGS5dSD2gdlbtzud9tJMt4Ul?= =?us-ascii?Q?4KlAt9d9o1l1ORJrhz7q5fDYONptdpKgI3L0Q4vXBnRuQRLpmSSTma8ueArG?= =?us-ascii?Q?3H04aO4qEsmfwf0SqUT1x8eBmWzp5StzQN299Y5nMNBebRwRnsWdPr32YHMG?= =?us-ascii?Q?DCCHHKHMwirlvxIvYvZKlQB6Ep4sMN0=3D?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: 166afcb5-3a85-4fb4-6862-08ded6dac63b X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Jun 2026 19:07:05.2321 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: FqIya7s7HO5WwI/+A0QbP3bjboDz9RPdpw1EErZ1fudkCyKwS7GaQ9SCVEuzIDHbG1i704T8YyJReCImTT6EZmYARce4E8Kx93pBzPqSOjo= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PPFA9C5487C4 X-Rspamd-Queue-Id: F11C7202596 X-Spamd-Result: default: False [-3.50 / 15.00]; BAYES_HAM(-3.00)[99.99%]; MID_CONTAINS_FROM(1.00)[]; ARC_ALLOW(-1.00)[microsoft.com:s=arcselector10001:i=1]; R_MISSING_CHARSET(0.50)[]; DMARC_POLICY_ALLOW(-0.50)[t2data.com,none]; R_SPF_ALLOW(-0.20)[+ip6:2a01:111:f403:c000::/51]; R_DKIM_ALLOW(-0.20)[t2datacom.onmicrosoft.com:s=selector1-t2datacom-onmicrosoft-com]; MIME_GOOD(-0.10)[text/plain]; TO_MATCH_ENVRCPT_ALL(0.00)[]; ASN(0.00)[asn:8075, ipnet:2a01:111:f000::/36, country:US]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; NEURAL_HAM(-0.00)[-1.000]; RCVD_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[2a01:111:f403:c20f::7:from]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[t2datacom.onmicrosoft.com:+] X-Rspamd-Action: no action X-Stat-Signature: 94abj3kszdnj5r6rmga77agks8sukt1f X-Rspamd-Server: mx1 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.whiteo.stw.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,FORGED_SPF_HELO,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS autolearn=no autolearn_force=no version=3.4.2 Subject: [ptxdist] [PATCH] libcurl: Version bump. 8.20.0 -> 8.21.0 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false Security fix galore. And the slew of bugfixes. https://curl.se/ch/8.21.0.html Plugs CVEs: CVE-2026-12064: proto-default skips SSH verification CVE-2026-11856: cross-origin Digest auth state leak CVE-2026-11586: WS Auto-PONG memory exhaustion CVE-2026-11564: Native CA trust persist CVE-2026-11352: QUIC zero-length UDP datagrams busy-loop CVE-2026-10536: HTTP/2 stream-dependency tree UAF CVE-2026-9547: SSH improper host validation CVE-2026-9546: sending old referer CVE-2026-9545: exposing HTTP/3 early data CVE-2026-9080: UAF after pause in socket callback CVE-2026-9079: stale proxy password leak CVE-2026-8932: incomplete mTLS config matching in conn reuse CVE-2026-8927: env-set cross-proxy Digest auth state leak CVE-2026-8926: password leak with netrc and user in URL CVE-2026-8925: SASL double-free CVE-2026-8924: trailing dot domain super cookie CVE-2026-8458: wrong reuse for different services CVE-2026-8286: wrong STARTTLS connection reuse Signed-off-by: Christian Melki --- rules/libcurl.make | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/libcurl.make b/rules/libcurl.make index 918dc71b6..3c5b00adb 100644 --- a/rules/libcurl.make +++ b/rules/libcurl.make @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_LIBCURL) += libcurl # # Paths and names # -LIBCURL_VERSION := 8.20.0 -LIBCURL_SHA256 := 63fe2dc148ba0ceae89922ef838f7e5c946272c2e78b7c59fab4b79d3ce2b896 +LIBCURL_VERSION := 8.21.0 +LIBCURL_SHA256 := aa1b66a70eace83dc624508745646c08ae561de512ab403adffb93ac87fc72e6 LIBCURL := curl-$(LIBCURL_VERSION) LIBCURL_SUFFIX := tar.xz LIBCURL_URL := https://curl.se/download/$(LIBCURL).$(LIBCURL_SUFFIX) -- 2.43.0