Thanks, applied as f24ace8692ba47f0698e4afe81ccffe547184e0a. Michael
[sent from post-receive hook] On Thu, 04 Dec 2025 14:14:35 +0100, Christian Melki <[email protected]> wrote: > https://curl.se/changes.html#8_17_0 > > Plugs CVE: > CVE-2025-10966: missing SFTP host verification with wolfSSH > > * Remove configure option. Was removed by project after CVE. > > Signed-off-by: Christian Melki <[email protected]> > Message-Id: <[email protected]> > [mol: adapt host-libcurl meson options as well] > Signed-off-by: Michael Olbrich <[email protected]> > > diff --git a/rules/host-libcurl.make b/rules/host-libcurl.make > index 8bdcca71aff0..132caadf2661 100644 > --- a/rules/host-libcurl.make > +++ b/rules/host-libcurl.make > @@ -104,7 +104,6 @@ HOST_LIBCURL_CONF_OPT := \ > --without-libgsasl \ > --without-libssh2 \ > --without-libssh \ > - --without-wolfssh \ > --without-librtmp \ > --without-winidn \ > --without-apple-idn \ > diff --git a/rules/libcurl.make b/rules/libcurl.make > index ff9c8b0f3846..e16c30cddcff 100644 > --- a/rules/libcurl.make > +++ b/rules/libcurl.make > @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_LIBCURL) += libcurl > # > # Paths and names > # > -LIBCURL_VERSION := 8.16.0 > -LIBCURL_MD5 := 3b5aae755714b338af0f66726bceb62a > +LIBCURL_VERSION := 8.17.0 > +LIBCURL_MD5 := 7a9d4b772fc56d68479b0416f234105a > LIBCURL := curl-$(LIBCURL_VERSION) > LIBCURL_SUFFIX := tar.xz > LIBCURL_URL := https://curl.se/download/$(LIBCURL).$(LIBCURL_SUFFIX) > @@ -122,7 +122,6 @@ LIBCURL_CONF_OPT := \ > --without-libgsasl \ > --$(call ptx/wwo, PTXCONF_LIBCURL_LIBSSH2)-libssh2 \ > --without-libssh \ > - --without-wolfssh \ > --without-librtmp \ > --without-winidn \ > --without-apple-idn \
