Message ID | 20230322162445.19051-1-ps.report@gmx.net |
---|---|
State | Accepted |
Headers | show |
Series | [v1] package/libcurl: bump version to 8.0.1 | expand |
Hi Peter, On Wed, Mar 22 2023, Peter Seiderer wrote: > For details see [1] and [2]. > > [1] https://curl.se/changes.html#8_0_0 > [1] https://curl.se/changes.html#8_0_1 Thanks for the patch. It is worth noting that this is a security bump fixing CVE-2023-27538, CVE-2023-27537, CVE-2023-27536, CVE-2023-27535, CVE-2023-27534, and CVE-2023-27533. baruch > Signed-off-by: Peter Seiderer <ps.report@gmx.net> > --- > package/libcurl/libcurl.hash | 4 ++-- > package/libcurl/libcurl.mk | 2 +- > 2 files changed, 3 insertions(+), 3 deletions(-) > > diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash > index 32b3d0b5e2..8a29e7b977 100644 > --- a/package/libcurl/libcurl.hash > +++ b/package/libcurl/libcurl.hash > @@ -1,5 +1,5 @@ > # Locally calculated after checking pgp signature > -# https://curl.se/download/curl-7.88.1.tar.xz.asc > +# https://curl.se/download/curl-8.0.1.tar.xz.asc > # signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 > -sha256 1dae31b2a7c1fe269de99c0c31bb488346aab3459b5ffca909d6938249ae415f curl-7.88.1.tar.xz > +sha256 0a381cd82f4d00a9a334438b8ca239afea5bfefcfa9a1025f2bf118e79e0b5f0 curl-8.0.1.tar.xz > sha256 b1d7feb949ea5023552029fbe0bf5db4f23c2f85e9b8e51e18536f0ecbf9c524 COPYING > diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk > index 1a1594a45e..1354e526ad 100644 > --- a/package/libcurl/libcurl.mk > +++ b/package/libcurl/libcurl.mk > @@ -4,7 +4,7 @@ > # > ################################################################################ > > -LIBCURL_VERSION = 7.88.1 > +LIBCURL_VERSION = 8.0.1 > LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz > LIBCURL_SITE = https://curl.se/download > LIBCURL_DEPENDENCIES = host-pkgconf \
Peter, All, Peter K: this is a security fix, maybe candidate for backporting? On 2023-03-22 17:24 +0100, Peter Seiderer spake thusly: > For details see [1] and [2]. > > [1] https://curl.se/changes.html#8_0_0 > [1] https://curl.se/changes.html#8_0_1 > > Signed-off-by: Peter Seiderer <ps.report@gmx.net> Applied to master, thanks. Regards, Yann E. MORIN. > --- > package/libcurl/libcurl.hash | 4 ++-- > package/libcurl/libcurl.mk | 2 +- > 2 files changed, 3 insertions(+), 3 deletions(-) > > diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash > index 32b3d0b5e2..8a29e7b977 100644 > --- a/package/libcurl/libcurl.hash > +++ b/package/libcurl/libcurl.hash > @@ -1,5 +1,5 @@ > # Locally calculated after checking pgp signature > -# https://curl.se/download/curl-7.88.1.tar.xz.asc > +# https://curl.se/download/curl-8.0.1.tar.xz.asc > # signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 > -sha256 1dae31b2a7c1fe269de99c0c31bb488346aab3459b5ffca909d6938249ae415f curl-7.88.1.tar.xz > +sha256 0a381cd82f4d00a9a334438b8ca239afea5bfefcfa9a1025f2bf118e79e0b5f0 curl-8.0.1.tar.xz > sha256 b1d7feb949ea5023552029fbe0bf5db4f23c2f85e9b8e51e18536f0ecbf9c524 COPYING > diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk > index 1a1594a45e..1354e526ad 100644 > --- a/package/libcurl/libcurl.mk > +++ b/package/libcurl/libcurl.mk > @@ -4,7 +4,7 @@ > # > ################################################################################ > > -LIBCURL_VERSION = 7.88.1 > +LIBCURL_VERSION = 8.0.1 > LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz > LIBCURL_SITE = https://curl.se/download > LIBCURL_DEPENDENCIES = host-pkgconf \ > -- > 2.39.2 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
>>>>> "Yann" == Yann E MORIN <yann.morin.1998@free.fr> writes: > Peter, All, > Peter K: this is a security fix, maybe candidate for backporting? > On 2023-03-22 17:24 +0100, Peter Seiderer spake thusly: >> For details see [1] and [2]. >> >> [1] https://curl.se/changes.html#8_0_0 >> [1] https://curl.se/changes.html#8_0_1 >> >> Signed-off-by: Peter Seiderer <ps.report@gmx.net> > Applied to master, thanks. Committed to 2023.02.x after marking as a security fix, thanks.
diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash index 32b3d0b5e2..8a29e7b977 100644 --- a/package/libcurl/libcurl.hash +++ b/package/libcurl/libcurl.hash @@ -1,5 +1,5 @@ # Locally calculated after checking pgp signature -# https://curl.se/download/curl-7.88.1.tar.xz.asc +# https://curl.se/download/curl-8.0.1.tar.xz.asc # signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 -sha256 1dae31b2a7c1fe269de99c0c31bb488346aab3459b5ffca909d6938249ae415f curl-7.88.1.tar.xz +sha256 0a381cd82f4d00a9a334438b8ca239afea5bfefcfa9a1025f2bf118e79e0b5f0 curl-8.0.1.tar.xz sha256 b1d7feb949ea5023552029fbe0bf5db4f23c2f85e9b8e51e18536f0ecbf9c524 COPYING diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk index 1a1594a45e..1354e526ad 100644 --- a/package/libcurl/libcurl.mk +++ b/package/libcurl/libcurl.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBCURL_VERSION = 7.88.1 +LIBCURL_VERSION = 8.0.1 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz LIBCURL_SITE = https://curl.se/download LIBCURL_DEPENDENCIES = host-pkgconf \
For details see [1] and [2]. [1] https://curl.se/changes.html#8_0_0 [1] https://curl.se/changes.html#8_0_1 Signed-off-by: Peter Seiderer <ps.report@gmx.net> --- package/libcurl/libcurl.hash | 4 ++-- package/libcurl/libcurl.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)