package/libcurl: security bump to version 8.3.0

Fixes the following security issue: CVE-2023-38039: HTTP headers eat all memory When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit on the size or quantity of headers it would accept in a response, allowing a malicious server to stream an endless series of headers to a client and eventually cause curl to run out of heap memory. https://curl.se/docs/CVE-2023-38039.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-09-17 12:04:13 +02:00 · 2023-09-17 12:04:13 +02:00 · 56b0667406
commit 56b0667406
parent 01ec478cb6
2 changed files with 3 additions and 3 deletions
--- a/package/libcurl/libcurl.hash
+++ b/package/libcurl/libcurl.hash
@ -1,5 +1,5 @@
 # Locally calculated after checking pgp signature
-# https://curl.se/download/curl-8.2.1.tar.xz.asc
+# https://curl.se/download/curl-8.3.0.tar.xz.asc
 # signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
-sha256  dd322f6bd0a20e6cebdfd388f69e98c3d183bed792cf4713c8a7ef498cba4894  curl-8.2.1.tar.xz
+sha256  376d627767d6c4f05105ab6d497b0d9aba7111770dd9d995225478209c37ea63  curl-8.3.0.tar.xz
 sha256  b1d7feb949ea5023552029fbe0bf5db4f23c2f85e9b8e51e18536f0ecbf9c524  COPYING
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-LIBCURL_VERSION = 8.2.1
+LIBCURL_VERSION = 8.3.0
 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
 LIBCURL_SITE = https://curl.se/download
 LIBCURL_DEPENDENCIES = host-pkgconf \