NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/libcurl: security bump to version 7.84.0

Browse Source 
Fixes the following security issues:

- CVE-2022-32205: Set-Cookie denial of service
  https://curl.se/docs/CVE-2022-32205.html

- CVE-2022-32206: HTTP compression denial of service
  https://curl.se/docs/CVE-2022-32206.html

- CVE-2022-32207: Unpreserved file permissions
  https://curl.se/docs/CVE-2022-32207.html

- CVE-2022-32208: FTP-KRB bad message verification
  https://curl.se/docs/CVE-2022-32208.html

Changelog: https://curl.se/changes.html

Upstream removed configure option --enable-hidden-symbols:
0c2d3118aa

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: mark as security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b034109dd6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Bernd Kuhls 2022-06-28 19:15:56 +02:00 committed by Peter Korsgaard
parent 89c216dd6e
commit fcd5e110cf
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
package/libcurl/libcurl.hash
View File

@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
# https://curl.se/download/curl-7.83.1.tar.xz.asc
# https://curl.se/download/curl-7.84.0.tar.xz.asc
# signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
sha256 2cb9c2356e7263a1272fd1435ef7cdebf2cd21400ec287b068396deb705c22c4 curl-7.83.1.tar.xz
sha256 2d118b43f547bfe5bae806d8d47b4e596ea5b25a6c1f080aef49fbcd817c5db8 curl-7.84.0.tar.xz
sha256 321b1a09ebc30410f2e837c072e5521cf7095b757193af4a7dae1086e36ed31a COPYING

4
package/libcurl/libcurl.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
LIBCURL_VERSION = 7.83.1
LIBCURL_VERSION = 7.84.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
LIBCURL_SITE = https://curl.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
@ -23,7 +23,7 @@ LIBCURL_INSTALL_STAGING = YES
# Likewise, there is no compiler on the target, so libcurl-option (to
# generate C code) isn't very useful
LIBCURL_CONF_OPTS = --disable-manual --disable-ntlm-wb \
--enable-hidden-symbols --with-random=/dev/urandom --disable-curldebug \
--with-random=/dev/urandom --disable-curldebug \
--disable-libcurl-option --disable-ldap --disable-ldaps
ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y)