Bunch of fixes + security + minversion OpenSSL >= 3.0.0. https://curl.se/changes.html#8_18_0
Plugs CVEs: CVE-2025-15224: libssh key passphrase bypass without agent set CVE-2025-15079: libssh global known_hosts override CVE-2025-14819: OpenSSL partial chain store policy bypass CVE-2025-14524: bearer token leak on cross-protocol redirect CVE-2025-14017: broken TLS options for threaded LDAPS CVE-2025-13034: No QUIC certificate pinning with GnuTLS Signed-off-by: Christian Melki <[email protected]> --- rules/libcurl.make | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/libcurl.make b/rules/libcurl.make index e16c30cdd..62d9a8ccb 100644 --- a/rules/libcurl.make +++ b/rules/libcurl.make @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_LIBCURL) += libcurl # # Paths and names # -LIBCURL_VERSION := 8.17.0 -LIBCURL_MD5 := 7a9d4b772fc56d68479b0416f234105a +LIBCURL_VERSION := 8.18.0 +LIBCURL_MD5 := dae6088bf7af69d3b0a87c762de92248 LIBCURL := curl-$(LIBCURL_VERSION) LIBCURL_SUFFIX := tar.xz LIBCURL_URL := https://curl.se/download/$(LIBCURL).$(LIBCURL_SUFFIX) -- 2.43.0
