package/libcurl: security bump to 8.4.0

Fixes following two vulnerabilities: * CVE-2023-38545: SOCKS5 heap buffer overflow https://curl.se/docs/CVE-2023-38545.html * CVE-2023-38546: cookie injection with none file https://curl.se/docs/CVE-2023-38546.html Signed-off-by: Jan Čermák <sairon@sairon.cz> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-10-11 09:35:05 +02:00 · 2023-10-11 09:35:05 +02:00 · 30dd60ba7e
commit 30dd60ba7e
parent 33b9225dff
2 changed files with 3 additions and 3 deletions
--- a/package/libcurl/libcurl.hash
+++ b/package/libcurl/libcurl.hash
@ -1,5 +1,5 @@
 # Locally calculated after checking pgp signature
-# https://curl.se/download/curl-8.3.0.tar.xz.asc
+# https://curl.se/download/curl-8.4.0.tar.xz.asc
 # signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
-sha256  376d627767d6c4f05105ab6d497b0d9aba7111770dd9d995225478209c37ea63  curl-8.3.0.tar.xz
+sha256  16c62a9c4af0f703d28bda6d7bbf37ba47055ad3414d70dec63e2e6336f2a82d  curl-8.4.0.tar.xz
 sha256  b1d7feb949ea5023552029fbe0bf5db4f23c2f85e9b8e51e18536f0ecbf9c524  COPYING
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-LIBCURL_VERSION = 8.3.0
+LIBCURL_VERSION = 8.4.0
 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
 LIBCURL_SITE = https://curl.se/download
 LIBCURL_DEPENDENCIES = host-pkgconf \