package/libcurl: security bump to version 7.65.0

Fixes the following security vulnerabilities:

- CVE-2019-5435: Integer overflows in curl_url_set()
  https://curl.haxx.se/docs/CVE-2019-5435.html

- CVE-2019-5436: TFTP receive buffer overflow
  https://curl.haxx.se/docs/CVE-2019-5436.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

diff --git a/package/libcurl/libcurl.hash b/package/libcurl/libcurl.hash
index d321adcd62b50cbf99712617b3680965b34b3e80..bece16dc0d2366901c21d7d1419dd8ae17b1d181 100644 (file)
--- a/package/libcurl/libcurl.hash
+++ b/package/libcurl/libcurl.hash
@@ -1,5 +1,5 @@
 # Locally calculated after checking pgp signature
-# https://curl.haxx.se/download/curl-7.64.1.tar.xz.asc
+# https://curl.haxx.se/download/curl-7.65.0.tar.xz.asc
 # with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
-sha256 9252332a7f871ce37bfa7f78bdd0a0e3924d8187cc27cb57c76c9474a7168fb3  curl-7.64.1.tar.xz
+sha256 7766d263929404f693905b5e5222aa0f2bdf8c66ab4b8758f0c0820a42b966cd  curl-7.65.0.tar.xz
 sha256 8c8824f50e73a021f5dde1fccbf69685939247399a33a32abab1fa448c9ddabb  COPYING

diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index 852054a4bdfd91d01f2f525cb74582ed48a11645..80bf2dd245c188c1637a900af46b07d6b612887a 100644 (file)
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBCURL_VERSION = 7.64.1
+LIBCURL_VERSION = 7.65.0
 LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
 LIBCURL_SITE = https://curl.haxx.se/download
 LIBCURL_DEPENDENCIES = host-pkgconf \