| Message ID | 20240822182050.65230-5-bernd@kuhls.net |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [PATCH/next,01/13] package/exfatprogs: bump version to 1.2.5 | expand |
Hi Bernd, On Thu, Aug 22 2024, Bernd Kuhls wrote: > Changelog: https://curl.se/changes.html#8_9_1 Thanks for the patch. This release also fixes CVE-2024-7264. https://curl.se/docs/CVE-2024-7264.html baruch > > Signed-off-by: Bernd Kuhls <bernd@kuhls.net> > --- > package/libcurl/libcurl.hash | 4 ++-- > package/libcurl/libcurl.mk | 2 +- > 2 files changed, 3 insertions(+), 3 deletions(-) > > diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash > index fa325efd7d..1d01935501 100644 > --- a/package/libcurl/libcurl.hash > +++ b/package/libcurl/libcurl.hash > @@ -1,5 +1,5 @@ > # Locally calculated after checking pgp signature > -# https://curl.se/download/curl-8.9.0.tar.xz.asc > +# https://curl.se/download/curl-8.9.1.tar.xz.asc > # signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 > -sha256 ff09b2791ca56d25fd5c3f3a4927dce7c8a9dc4182200c487ca889fba1fdd412 curl-8.9.0.tar.xz > +sha256 f292f6cc051d5bbabf725ef85d432dfeacc8711dd717ea97612ae590643801e5 curl-8.9.1.tar.xz > sha256 adb1fc06547fd136244179809f7b7c2d2ae6c4534f160aa513af9b6a12866a32 COPYING > diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk > index 966885aeda..3661cbf5bd 100644 > --- a/package/libcurl/libcurl.mk > +++ b/package/libcurl/libcurl.mk > @@ -4,7 +4,7 @@ > # > ################################################################################ > > -LIBCURL_VERSION = 8.9.0 > +LIBCURL_VERSION = 8.9.1 > LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz > LIBCURL_SITE = https://curl.se/download > LIBCURL_DEPENDENCIES = host-pkgconf \
Hi Bernd,
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
+1 for Baruch's note about CVE-2024-7264 (the commit message could be amended
merging the commit).
https://curl.se/docs/CVE-2024-7264.html
Kind regards,
Petr
On Thu, 22 Aug 2024 20:20:42 +0200 Bernd Kuhls <bernd@kuhls.net> wrote: > Changelog: https://curl.se/changes.html#8_9_1 > > Signed-off-by: Bernd Kuhls <bernd@kuhls.net> > --- > package/libcurl/libcurl.hash | 4 ++-- > package/libcurl/libcurl.mk | 2 +- > 2 files changed, 3 insertions(+), 3 deletions(-) Applied to master because it's a security bump, as noted by Baruch and Petr. I've amended the commit title and log accordingly. Thanks Baruch and Petr for noticing! Best regards, Thomas
diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash index fa325efd7d..1d01935501 100644 --- a/package/libcurl/libcurl.hash +++ b/package/libcurl/libcurl.hash @@ -1,5 +1,5 @@ # Locally calculated after checking pgp signature -# https://curl.se/download/curl-8.9.0.tar.xz.asc +# https://curl.se/download/curl-8.9.1.tar.xz.asc # signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 -sha256 ff09b2791ca56d25fd5c3f3a4927dce7c8a9dc4182200c487ca889fba1fdd412 curl-8.9.0.tar.xz +sha256 f292f6cc051d5bbabf725ef85d432dfeacc8711dd717ea97612ae590643801e5 curl-8.9.1.tar.xz sha256 adb1fc06547fd136244179809f7b7c2d2ae6c4534f160aa513af9b6a12866a32 COPYING diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk index 966885aeda..3661cbf5bd 100644 --- a/package/libcurl/libcurl.mk +++ b/package/libcurl/libcurl.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBCURL_VERSION = 8.9.0 +LIBCURL_VERSION = 8.9.1 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz LIBCURL_SITE = https://curl.se/download LIBCURL_DEPENDENCIES = host-pkgconf \
Changelog: https://curl.se/changes.html#8_9_1 Signed-off-by: Bernd Kuhls <bernd@kuhls.net> --- package/libcurl/libcurl.hash | 4 ++-- package/libcurl/libcurl.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)