mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed
* [ptxdist] [PATCH] libcurl: Version bump. 8.0.1 -> 8.1.1
@ 2023-05-26  4:29 Christian Melki
  2023-05-26  6:57 ` Michael Olbrich
  2023-06-02  7:17 ` [ptxdist] [APPLIED] " Michael Olbrich
  0 siblings, 2 replies; 3+ messages in thread
From: Christian Melki @ 2023-05-26  4:29 UTC (permalink / raw)
  To: ptxdist

A slew of changes, mostly bugfixes.
https://curl.se/changes.html#8_1_0
https://curl.se/changes.html#8_1_1

Including plugging four CVE:s.
https://curl.se/docs/vuln-8.0.1.html
CVE-2023-28319 - UAF in SSH sha256 fingerprint check
CVE-2023-28320 - siglongjmp race condition
CVE-2023-28321 - IDN wildcard match
CVE-2023-28322 - more POST-after-PUT confusion

Due to the rather quick regression fixes in
8.1.1 over 8.1.0, this patch superseeds the
one I sent previously for 8.0.1 -> 8.1.0.

Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
 rules/libcurl.make | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/libcurl.make b/rules/libcurl.make
index 76dc732b5..4457fb9d1 100644
--- a/rules/libcurl.make
+++ b/rules/libcurl.make
@@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_LIBCURL) += libcurl
 #
 # Paths and names
 #
-LIBCURL_VERSION	:= 8.0.1
-LIBCURL_MD5	:= f6c2fdeb30ad30234378a56c28350845
+LIBCURL_VERSION	:= 8.1.1
+LIBCURL_MD5	:= 229e070c0e3f05ad654a1cf11e0619b7
 LIBCURL		:= curl-$(LIBCURL_VERSION)
 LIBCURL_SUFFIX	:= tar.xz
 LIBCURL_URL	:= https://curl.se/download/$(LIBCURL).$(LIBCURL_SUFFIX)
-- 
2.34.1




^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [ptxdist] [PATCH] libcurl: Version bump. 8.0.1 -> 8.1.1
  2023-05-26  4:29 [ptxdist] [PATCH] libcurl: Version bump. 8.0.1 -> 8.1.1 Christian Melki
@ 2023-05-26  6:57 ` Michael Olbrich
  2023-06-02  7:17 ` [ptxdist] [APPLIED] " Michael Olbrich
  1 sibling, 0 replies; 3+ messages in thread
From: Michael Olbrich @ 2023-05-26  6:57 UTC (permalink / raw)
  To: Christian Melki; +Cc: ptxdist

On Fri, May 26, 2023 at 06:29:27AM +0200, Christian Melki wrote:
> A slew of changes, mostly bugfixes.
> https://curl.se/changes.html#8_1_0
> https://curl.se/changes.html#8_1_1
> 
> Including plugging four CVE:s.
> https://curl.se/docs/vuln-8.0.1.html
> CVE-2023-28319 - UAF in SSH sha256 fingerprint check
> CVE-2023-28320 - siglongjmp race condition
> CVE-2023-28321 - IDN wildcard match
> CVE-2023-28322 - more POST-after-PUT confusion
> 
> Due to the rather quick regression fixes in
> 8.1.1 over 8.1.0, this patch superseeds the
> one I sent previously for 8.0.1 -> 8.1.0.
> 
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> ---
>  rules/libcurl.make | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/rules/libcurl.make b/rules/libcurl.make
> index 76dc732b5..4457fb9d1 100644
> --- a/rules/libcurl.make
> +++ b/rules/libcurl.make
> @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_LIBCURL) += libcurl
>  #
>  # Paths and names
>  #
> -LIBCURL_VERSION	:= 8.0.1
> -LIBCURL_MD5	:= f6c2fdeb30ad30234378a56c28350845
> +LIBCURL_VERSION	:= 8.1.1
> +LIBCURL_MD5	:= 229e070c0e3f05ad654a1cf11e0619b7

That's the md5 for 8.1.0. I'll fix it while applying the patch.

Michael

>  LIBCURL		:= curl-$(LIBCURL_VERSION)
>  LIBCURL_SUFFIX	:= tar.xz
>  LIBCURL_URL	:= https://curl.se/download/$(LIBCURL).$(LIBCURL_SUFFIX)
> -- 
> 2.34.1
> 
> 
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [ptxdist] [APPLIED] libcurl: Version bump. 8.0.1 -> 8.1.1
  2023-05-26  4:29 [ptxdist] [PATCH] libcurl: Version bump. 8.0.1 -> 8.1.1 Christian Melki
  2023-05-26  6:57 ` Michael Olbrich
@ 2023-06-02  7:17 ` Michael Olbrich
  1 sibling, 0 replies; 3+ messages in thread
From: Michael Olbrich @ 2023-06-02  7:17 UTC (permalink / raw)
  To: ptxdist; +Cc: Christian Melki

Thanks, applied as 0864a6b4e634f71531c21001bd9e61fa83a854c3.

Michael

[sent from post-receive hook]

On Fri, 02 Jun 2023 09:17:45 +0200, Christian Melki <christian.melki@t2data.com> wrote:
> A slew of changes, mostly bugfixes.
> https://curl.se/changes.html#8_1_0
> https://curl.se/changes.html#8_1_1
> 
> Including plugging four CVE:s.
> https://curl.se/docs/vuln-8.0.1.html
> CVE-2023-28319 - UAF in SSH sha256 fingerprint check
> CVE-2023-28320 - siglongjmp race condition
> CVE-2023-28321 - IDN wildcard match
> CVE-2023-28322 - more POST-after-PUT confusion
> 
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> Message-Id: <20230526042927.1858867-1-christian.melki@t2data.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> 
> diff --git a/rules/libcurl.make b/rules/libcurl.make
> index 76dc732b5770..0216a9e231c3 100644
> --- a/rules/libcurl.make
> +++ b/rules/libcurl.make
> @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_LIBCURL) += libcurl
>  #
>  # Paths and names
>  #
> -LIBCURL_VERSION	:= 8.0.1
> -LIBCURL_MD5	:= f6c2fdeb30ad30234378a56c28350845
> +LIBCURL_VERSION	:= 8.1.1
> +LIBCURL_MD5	:= 624f8f7eb4b4699c5e69f081c17c7049
>  LIBCURL		:= curl-$(LIBCURL_VERSION)
>  LIBCURL_SUFFIX	:= tar.xz
>  LIBCURL_URL	:= https://curl.se/download/$(LIBCURL).$(LIBCURL_SUFFIX)



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2023-06-02  7:18 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-26  4:29 [ptxdist] [PATCH] libcurl: Version bump. 8.0.1 -> 8.1.1 Christian Melki
2023-05-26  6:57 ` Michael Olbrich
2023-06-02  7:17 ` [ptxdist] [APPLIED] " Michael Olbrich

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox