[Buildroot] [git commit] package/libcurl: security bump to version 7.84.0
Peter Korsgaard
peter at korsgaard.com
Sat Jul 2 07:52:08 UTC 2022
commit: https://git.buildroot.net/buildroot/commit/?id=b034109dd60a429690acf9c5501c6658c53eae13
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Fixes the following security issues:
- CVE-2022-32205: Set-Cookie denial of service
https://curl.se/docs/CVE-2022-32205.html
- CVE-2022-32206: HTTP compression denial of service
https://curl.se/docs/CVE-2022-32206.html
- CVE-2022-32207: Unpreserved file permissions
https://curl.se/docs/CVE-2022-32207.html
- CVE-2022-32208: FTP-KRB bad message verification
https://curl.se/docs/CVE-2022-32208.html
Changelog: https://curl.se/changes.html
Upstream removed configure option --enable-hidden-symbols:
https://github.com/curl/curl/commit/0c2d3118aa2bc040411203d33ab6034067fd9d62
Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>
[Peter: mark as security bump]
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
package/libcurl/libcurl.hash | 4 ++--
package/libcurl/libcurl.mk | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash
index 8672380f09..672591e470 100644
--- a/package/libcurl/libcurl.hash
+++ b/package/libcurl/libcurl.hash
@@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
-# https://curl.se/download/curl-7.83.1.tar.xz.asc
+# https://curl.se/download/curl-7.84.0.tar.xz.asc
# signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
-sha256 2cb9c2356e7263a1272fd1435ef7cdebf2cd21400ec287b068396deb705c22c4 curl-7.83.1.tar.xz
+sha256 2d118b43f547bfe5bae806d8d47b4e596ea5b25a6c1f080aef49fbcd817c5db8 curl-7.84.0.tar.xz
sha256 321b1a09ebc30410f2e837c072e5521cf7095b757193af4a7dae1086e36ed31a COPYING
diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index 11f1e4de59..e241bd1c88 100644
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBCURL_VERSION = 7.83.1
+LIBCURL_VERSION = 7.84.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
LIBCURL_SITE = https://curl.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
@@ -23,7 +23,7 @@ LIBCURL_INSTALL_STAGING = YES
# Likewise, there is no compiler on the target, so libcurl-option (to
# generate C code) isn't very useful
LIBCURL_CONF_OPTS = --disable-manual --disable-ntlm-wb \
- --enable-hidden-symbols --with-random=/dev/urandom --disable-curldebug \
+ --with-random=/dev/urandom --disable-curldebug \
--disable-libcurl-option --disable-ldap --disable-ldaps
ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y)
More information about the buildroot
mailing list