From b0b25f145469a14e3d85becf19aaca0a40fd4e25 Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Fri, 29 Apr 2022 07:12:06 +0200 Subject: [PATCH] package/libcurl: security bump version to 7.83.0 Changelog: https://curl.se/changes.html#7_83_0 Release notes: https://curl.se/news.html Fixes the following CVEs: CVE-2022-22576: OAUTH2 bearer bypass in connection re-use CVE-2022-27774: Credential leak on redirect CVE-2022-27775: Bad local IPv6 connection reuse CVE-2022-27776: Auth/cookie leak on redirect Signed-off-by: Bernd Kuhls Signed-off-by: Yann E. MORIN --- package/libcurl/libcurl.hash | 4 ++-- package/libcurl/libcurl.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash index 4be245041c..64a1129a90 100644 --- a/package/libcurl/libcurl.hash +++ b/package/libcurl/libcurl.hash @@ -1,5 +1,5 @@ # Locally calculated after checking pgp signature -# https://curl.se/download/curl-7.82.0.tar.xz.asc +# https://curl.se/download/curl-7.83.0.tar.xz.asc # signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 -sha256 0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c curl-7.82.0.tar.xz +sha256 bbff0e6b5047e773f3c3b084d80546cc1be4e354c09e419c2d0ef6116253511a curl-7.83.0.tar.xz sha256 321b1a09ebc30410f2e837c072e5521cf7095b757193af4a7dae1086e36ed31a COPYING diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk index 97857954db..ea8529c914 100644 --- a/package/libcurl/libcurl.mk +++ b/package/libcurl/libcurl.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBCURL_VERSION = 7.82.0 +LIBCURL_VERSION = 7.83.0 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz LIBCURL_SITE = https://curl.se/download LIBCURL_DEPENDENCIES = host-pkgconf \