diff mbox series

[v1] package/libcurl: bump version to 8.0.1

Message ID 20230322162445.19051-1-ps.report@gmx.net
State Accepted
Headers show
Series [v1] package/libcurl: bump version to 8.0.1 | expand

Commit Message

Peter Seiderer March 22, 2023, 4:24 p.m. UTC 
For details see [1] and [2].

[1] https://curl.se/changes.html#8_0_0
[1] https://curl.se/changes.html#8_0_1

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
---
 package/libcurl/libcurl.hash | 4 ++--
 package/libcurl/libcurl.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

Comments

Baruch Siach March 27, 2023, 6:08 p.m. UTC | #1 
Hi Peter,

On Wed, Mar 22 2023, Peter Seiderer wrote:

> For details see [1] and [2].
>
> [1] https://curl.se/changes.html#8_0_0
> [1] https://curl.se/changes.html#8_0_1

Thanks for the patch.

It is worth noting that this is a security bump fixing CVE-2023-27538,
CVE-2023-27537, CVE-2023-27536, CVE-2023-27535, CVE-2023-27534,
and CVE-2023-27533.

baruch

> Signed-off-by: Peter Seiderer <ps.report@gmx.net>
> ---
>  package/libcurl/libcurl.hash | 4 ++--
>  package/libcurl/libcurl.mk   | 2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash
> index 32b3d0b5e2..8a29e7b977 100644
> --- a/package/libcurl/libcurl.hash
> +++ b/package/libcurl/libcurl.hash
> @@ -1,5 +1,5 @@
>  # Locally calculated after checking pgp signature
> -# https://curl.se/download/curl-7.88.1.tar.xz.asc
> +# https://curl.se/download/curl-8.0.1.tar.xz.asc
>  # signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
> -sha256  1dae31b2a7c1fe269de99c0c31bb488346aab3459b5ffca909d6938249ae415f  curl-7.88.1.tar.xz
> +sha256  0a381cd82f4d00a9a334438b8ca239afea5bfefcfa9a1025f2bf118e79e0b5f0  curl-8.0.1.tar.xz
>  sha256  b1d7feb949ea5023552029fbe0bf5db4f23c2f85e9b8e51e18536f0ecbf9c524  COPYING
> diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
> index 1a1594a45e..1354e526ad 100644
> --- a/package/libcurl/libcurl.mk
> +++ b/package/libcurl/libcurl.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -LIBCURL_VERSION = 7.88.1
> +LIBCURL_VERSION = 8.0.1
>  LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
>  LIBCURL_SITE = https://curl.se/download
>  LIBCURL_DEPENDENCIES = host-pkgconf \
Yann E. MORIN May 6, 2023, 2:47 p.m. UTC | #2 
Peter, All,

Peter K: this is a security fix, maybe candidate for backporting?

On 2023-03-22 17:24 +0100, Peter Seiderer spake thusly:
> For details see [1] and [2].
> 
> [1] https://curl.se/changes.html#8_0_0
> [1] https://curl.se/changes.html#8_0_1
> 
> Signed-off-by: Peter Seiderer <ps.report@gmx.net>

Applied to master, thanks.

Regards,
Yann E. MORIN.

> ---
>  package/libcurl/libcurl.hash | 4 ++--
>  package/libcurl/libcurl.mk   | 2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash
> index 32b3d0b5e2..8a29e7b977 100644
> --- a/package/libcurl/libcurl.hash
> +++ b/package/libcurl/libcurl.hash
> @@ -1,5 +1,5 @@
>  # Locally calculated after checking pgp signature
> -# https://curl.se/download/curl-7.88.1.tar.xz.asc
> +# https://curl.se/download/curl-8.0.1.tar.xz.asc
>  # signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
> -sha256  1dae31b2a7c1fe269de99c0c31bb488346aab3459b5ffca909d6938249ae415f  curl-7.88.1.tar.xz
> +sha256  0a381cd82f4d00a9a334438b8ca239afea5bfefcfa9a1025f2bf118e79e0b5f0  curl-8.0.1.tar.xz
>  sha256  b1d7feb949ea5023552029fbe0bf5db4f23c2f85e9b8e51e18536f0ecbf9c524  COPYING
> diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
> index 1a1594a45e..1354e526ad 100644
> --- a/package/libcurl/libcurl.mk
> +++ b/package/libcurl/libcurl.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -LIBCURL_VERSION = 7.88.1
> +LIBCURL_VERSION = 8.0.1
>  LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
>  LIBCURL_SITE = https://curl.se/download
>  LIBCURL_DEPENDENCIES = host-pkgconf \
> -- 
> 2.39.2
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
Peter Korsgaard May 29, 2023, 7:13 a.m. UTC | #3 
>>>>> "Yann" == Yann E MORIN <yann.morin.1998@free.fr> writes:

 > Peter, All,
 > Peter K: this is a security fix, maybe candidate for backporting?

 > On 2023-03-22 17:24 +0100, Peter Seiderer spake thusly:
 >> For details see [1] and [2].
 >> 
 >> [1] https://curl.se/changes.html#8_0_0
 >> [1] https://curl.se/changes.html#8_0_1
 >> 
 >> Signed-off-by: Peter Seiderer <ps.report@gmx.net>

 > Applied to master, thanks.

Committed to 2023.02.x after marking as a security fix, thanks.
diff mbox series

Patch

diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash
index 32b3d0b5e2..8a29e7b977 100644
--- a/package/libcurl/libcurl.hash
+++ b/package/libcurl/libcurl.hash
@@ -1,5 +1,5 @@ 
 # Locally calculated after checking pgp signature
-# https://curl.se/download/curl-7.88.1.tar.xz.asc
+# https://curl.se/download/curl-8.0.1.tar.xz.asc
 # signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
-sha256  1dae31b2a7c1fe269de99c0c31bb488346aab3459b5ffca909d6938249ae415f  curl-7.88.1.tar.xz
+sha256  0a381cd82f4d00a9a334438b8ca239afea5bfefcfa9a1025f2bf118e79e0b5f0  curl-8.0.1.tar.xz
 sha256  b1d7feb949ea5023552029fbe0bf5db4f23c2f85e9b8e51e18536f0ecbf9c524  COPYING
diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index 1a1594a45e..1354e526ad 100644
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -4,7 +4,7 @@ 
 #
 ################################################################################
 
-LIBCURL_VERSION = 7.88.1
+LIBCURL_VERSION = 8.0.1
 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
 LIBCURL_SITE = https://curl.se/download
 LIBCURL_DEPENDENCIES = host-pkgconf \