On Fri, May 26, 2023 at 06:29:27AM +0200, Christian Melki wrote: > A slew of changes, mostly bugfixes. > https://curl.se/changes.html#8_1_0 > https://curl.se/changes.html#8_1_1 > > Including plugging four CVE:s. > https://curl.se/docs/vuln-8.0.1.html > CVE-2023-28319 - UAF in SSH sha256 fingerprint check > CVE-2023-28320 - siglongjmp race condition > CVE-2023-28321 - IDN wildcard match > CVE-2023-28322 - more POST-after-PUT confusion > > Due to the rather quick regression fixes in > 8.1.1 over 8.1.0, this patch superseeds the > one I sent previously for 8.0.1 -> 8.1.0. > > Signed-off-by: Christian Melki <christian.me...@t2data.com> > --- > rules/libcurl.make | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/rules/libcurl.make b/rules/libcurl.make > index 76dc732b5..4457fb9d1 100644 > --- a/rules/libcurl.make > +++ b/rules/libcurl.make > @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_LIBCURL) += libcurl > # > # Paths and names > # > -LIBCURL_VERSION := 8.0.1 > -LIBCURL_MD5 := f6c2fdeb30ad30234378a56c28350845 > +LIBCURL_VERSION := 8.1.1 > +LIBCURL_MD5 := 229e070c0e3f05ad654a1cf11e0619b7
That's the md5 for 8.1.0. I'll fix it while applying the patch. Michael > LIBCURL := curl-$(LIBCURL_VERSION) > LIBCURL_SUFFIX := tar.xz > LIBCURL_URL := https://curl.se/download/$(LIBCURL).$(LIBCURL_SUFFIX) > -- > 2.34.1 > > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |