Usual churn of new options and fixes. https://curl.se/changes.html#7_86_0
Notable changes is the addition of the websockets API. https://curl.se/docs/security.html This release plugs CVEs: CVE-2022-42916: HSTS bypass via IDN CVE-2022-42915: HTTP proxy double-free CVE-2022-35260: .netrc parser out-of-bounds access CVE-2022-32221: POST following PUT confusion * Explicitly disable the websockets API for now. Signed-off-by: Christian Melki <christian.me...@t2data.com> --- rules/libcurl.make | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/rules/libcurl.make b/rules/libcurl.make index 4097462c5..c4f528f69 100644 --- a/rules/libcurl.make +++ b/rules/libcurl.make @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_LIBCURL) += libcurl # # Paths and names # -LIBCURL_VERSION := 7.85.0 -LIBCURL_MD5 := 131f76c84016c45806b902330a74164f +LIBCURL_VERSION := 7.86.0 +LIBCURL_MD5 := 19a2165f37941a6f412afc924e750568 LIBCURL := curl-$(LIBCURL_VERSION) LIBCURL_SUFFIX := tar.xz LIBCURL_URL := https://curl.se/download/$(LIBCURL).$(LIBCURL_SUFFIX) @@ -90,6 +90,7 @@ LIBCURL_CONF_OPT := \ --enable-get-easy-options \ --disable-alt-svc \ --enable-hsts \ + --disable-websockets \ --without-schannel \ --without-secure-transport \ --without-amissl \ -- 2.34.1