From 0bbd1f0e097988b55e302c832343174325b95662 Mon Sep 17 00:00:00 2001 From: Amit Karsale Date: Tue, 8 Oct 2024 14:30:26 +0530 Subject: [PATCH] (PA-6962) update curl to address CVE-2024-8096 --- configs/components/curl.rb | 6 +++--- configs/projects/agent-runtime-main.rb | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/configs/components/curl.rb b/configs/components/curl.rb index ed9fefd99..9b83c1008 100644 --- a/configs/components/curl.rb +++ b/configs/components/curl.rb @@ -6,8 +6,8 @@ case version when '7.88.1' pkg.sha256sum 'cdb38b72e36bc5d33d5b8810f8018ece1baa29a8f215b4495e495ded82bbf3c7' - when '8.9.1' - pkg.sha256sum '291124a007ee5111997825940b3876b3048f7d31e73e9caa681b80fe48b2dcd5' + when '8.10.1' + pkg.sha256sum 'd15ebab765d793e2e96db090f0e172d127859d78ca6f6391d7eafecfd894bbc0' else raise "curl version #{version} has not been configured; Cannot continue." end @@ -53,7 +53,7 @@ end configure_options = [] - configure_options << "--with-ssl=#{settings[:prefix]}" + configure_options << "--with-ssl=#{settings[:prefix]} --without-libpsl" # OpenSSL version 3.0 & up no longer ships by default the insecure algorithms # that curl's ntlm module depends on (md4 & des). diff --git a/configs/projects/agent-runtime-main.rb b/configs/projects/agent-runtime-main.rb index 4f3e8398e..975baf4be 100644 --- a/configs/projects/agent-runtime-main.rb +++ b/configs/projects/agent-runtime-main.rb @@ -14,7 +14,7 @@ proj.setting :augeas_version, '1.14.1' end - proj.setting :curl_version, '8.9.1' + proj.setting :curl_version, '8.10.1' ######## # Load shared agent settings