[Buildroot] [git commit branch/2023.02.x] package/libcurl: security bump to 8.4.0
Peter Korsgaard
peter at korsgaard.com
Fri Oct 13 18:12:57 UTC 2023
commit: https://git.buildroot.net/buildroot/commit/?id=5f56122cd00b023a0c9f97762b8026c4cb86d921
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2023.02.x
Fixes following two vulnerabilities:
* CVE-2023-38545: SOCKS5 heap buffer overflow
https://curl.se/docs/CVE-2023-38545.html
* CVE-2023-38546: cookie injection with none file
https://curl.se/docs/CVE-2023-38546.html
Signed-off-by: Jan Čermák <sairon at sairon.cz>
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
(cherry picked from commit 30dd60ba7eb3e6da4f0ae91b3b08f8aa8fb8d786)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
package/libcurl/libcurl.hash | 4 ++--
package/libcurl/libcurl.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash
index 371d20a632..ecd5d63909 100644
--- a/package/libcurl/libcurl.hash
+++ b/package/libcurl/libcurl.hash
@@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
-# https://curl.se/download/curl-8.3.0.tar.xz.asc
+# https://curl.se/download/curl-8.4.0.tar.xz.asc
# signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
-sha256 376d627767d6c4f05105ab6d497b0d9aba7111770dd9d995225478209c37ea63 curl-8.3.0.tar.xz
+sha256 16c62a9c4af0f703d28bda6d7bbf37ba47055ad3414d70dec63e2e6336f2a82d curl-8.4.0.tar.xz
sha256 b1d7feb949ea5023552029fbe0bf5db4f23c2f85e9b8e51e18536f0ecbf9c524 COPYING
diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index dd4cf43c6a..bd331a55aa 100644
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBCURL_VERSION = 8.3.0
+LIBCURL_VERSION = 8.4.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
LIBCURL_SITE = https://curl.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
More information about the buildroot
mailing list