openRuyi-tutorials/buildroot
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/libcurl: security bump to version 8.14.1

Browse Source 
Fixes the following security issues:
- CVE-2025-5025:
  No QUIC certificate pinning with wolfSSL.
  https://curl.se/docs/CVE-2025-5025.html

- CVE-2025-4947:
  QUIC certificate check skip with wolfSSL.
  https://curl.se/docs/CVE-2025-4947.html

- CVE-2025-5399:
  WebSocket endless loop
  https://curl.se/docs/CVE-2025-5399.html

Changelog:
https://curl.se/ch/8.14.0.html
https://curl.se/ch/8.14.1.html

Signed-off-by: Kadambini Nema <kadambini.nema@gmail.com>
[Peter: bump to 8.14.1 instead]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1dfe081a19)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This commit is contained in:
Kadambini Nema
2025-06-02 13:03:30 -07:00
committed by Thomas Perale
parent ded7391ea6
commit fd8aa43dcb
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
package/libcurl/libcurl.hash
View File

@@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
# https://curl.se/download/curl-8.13.0.tar.xz.asc
# https://curl.se/download/curl-8.14.1.tar.xz.asc
# signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
sha256 4a093979a3c2d02de2fbc00549a32771007f2e78032c6faa5ecd2f7a9e152025 curl-8.13.0.tar.xz
sha256 f4619a1e2474c4bbfedc88a7c2191209c8334b48fa1f4e53fd584cc12e9120dd curl-8.14.1.tar.xz
sha256 e18f1989333b70044b2adfb7dc2f905d0119dbdcac3bc9f4bc9d540e3a29de5b COPYING

3
package/libcurl/libcurl.mk
View File

@@ -4,7 +4,7 @@
#
################################################################################
LIBCURL_VERSION = 8.13.0
LIBCURL_VERSION = 8.14.1
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
LIBCURL_SITE = https://curl.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
@@ -14,6 +14,7 @@ LIBCURL_LICENSE = curl
LIBCURL_LICENSE_FILES = COPYING
LIBCURL_CPE_ID_VENDOR = haxx
LIBCURL_INSTALL_STAGING = YES
LIBCURL_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -D_GNU_SOURCE"
# We disable NTLM delegation to winbinds ntlm_auth ('--disable-ntlm-wb')
# support because it uses fork(), which doesn't work on non-MMU platforms.