curl: upgrade 8.5.0 -> 8.8.0 to address CVE-2024-2398 (#9832)

Changelog: https://curl.se/changes.html#8_8_0
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>

Author: mfrw

SPECS/curl/curl.signatures.json

@@ -1,5 +1,5 @@
 {
-  "Signatures": {
-    "curl-8.5.0.tar.gz": "05fc17ff25b793a437a0906e0484b82172a9f4de02be5ed447e0cab8c3475add"
-  }
+ "Signatures": {
+  "curl-8.8.0.tar.gz": "77c0e1cd35ab5b45b659645a93b46d660224d0024f1185e8a95cdb27ae3d787d"
+ }
 }

SPECS/curl/curl.spec

@@ -1,7 +1,7 @@
 Summary:        An URL retrieval utility and library
 Name:           curl
-Version:        8.5.0
-Release:        2%{?dist}
+Version:        8.8.0
+Release:        1%{?dist}
 License:        curl
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -85,6 +85,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %{_libdir}/libcurl.so.*
 
 %changelog
+* Mon Jul 15 2024 Muhammad Falak <mwani@microsoft.com> - 8.8.0-1
+- Bump version to 8.8.0 to address CVE-2024-2398
+
 * Wed Jan 17 2024 Harshit Gupta <guptaharshit@microsoft.com> - 8.5.0-2
 - Release bump with no changes to force a rebuild and consume new libssh2 build
 

cgmanifest.json

@@ -2387,8 +2387,8 @@
         "type": "other",
         "other": {
           "name": "curl",
-          "version": "8.5.0",
-          "downloadUrl": "https://curl.haxx.se/download/curl-8.5.0.tar.gz"
+          "version": "8.8.0",
+          "downloadUrl": "https://curl.haxx.se/download/curl-8.8.0.tar.gz"
         }
       }
     },

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

@@ -190,9 +190,9 @@ libssh2-1.9.0-4.cm2.aarch64.rpm
 libssh2-devel-1.9.0-4.cm2.aarch64.rpm
 krb5-1.21.3-1.cm2.aarch64.rpm
 nghttp2-1.57.0-1.cm2.aarch64.rpm
-curl-8.5.0-2.cm2.aarch64.rpm
-curl-devel-8.5.0-2.cm2.aarch64.rpm
-curl-libs-8.5.0-2.cm2.aarch64.rpm
+curl-8.8.0-1.cm2.aarch64.rpm
+curl-devel-8.8.0-1.cm2.aarch64.rpm
+curl-libs-8.8.0-1.cm2.aarch64.rpm
 createrepo_c-0.17.5-1.cm2.aarch64.rpm
 libxml2-2.10.4-3.cm2.aarch64.rpm
 libxml2-devel-2.10.4-3.cm2.aarch64.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

@@ -190,9 +190,9 @@ libssh2-1.9.0-4.cm2.x86_64.rpm
 libssh2-devel-1.9.0-4.cm2.x86_64.rpm
 krb5-1.21.3-1.cm2.x86_64.rpm
 nghttp2-1.57.0-1.cm2.x86_64.rpm
-curl-8.5.0-2.cm2.x86_64.rpm
-curl-devel-8.5.0-2.cm2.x86_64.rpm
-curl-libs-8.5.0-2.cm2.x86_64.rpm
+curl-8.8.0-1.cm2.x86_64.rpm
+curl-devel-8.8.0-1.cm2.x86_64.rpm
+curl-libs-8.8.0-1.cm2.x86_64.rpm
 createrepo_c-0.17.5-1.cm2.x86_64.rpm
 libxml2-2.10.4-3.cm2.x86_64.rpm
 libxml2-devel-2.10.4-3.cm2.x86_64.rpm

toolkit/resources/manifests/package/toolchain_aarch64.txt

@@ -46,10 +46,10 @@ cracklib-lang-2.9.7-5.cm2.aarch64.rpm
 createrepo_c-0.17.5-1.cm2.aarch64.rpm
 createrepo_c-debuginfo-0.17.5-1.cm2.aarch64.rpm
 createrepo_c-devel-0.17.5-1.cm2.aarch64.rpm
-curl-8.5.0-2.cm2.aarch64.rpm
-curl-debuginfo-8.5.0-2.cm2.aarch64.rpm
-curl-devel-8.5.0-2.cm2.aarch64.rpm
-curl-libs-8.5.0-2.cm2.aarch64.rpm
+curl-8.8.0-1.cm2.aarch64.rpm
+curl-debuginfo-8.8.0-1.cm2.aarch64.rpm
+curl-devel-8.8.0-1.cm2.aarch64.rpm
+curl-libs-8.8.0-1.cm2.aarch64.rpm
 Cython-debuginfo-0.29.33-2.cm2.aarch64.rpm
 debugedit-5.0-2.cm2.aarch64.rpm
 debugedit-debuginfo-5.0-2.cm2.aarch64.rpm

toolkit/resources/manifests/package/toolchain_x86_64.txt

@@ -49,10 +49,10 @@ createrepo_c-debuginfo-0.17.5-1.cm2.x86_64.rpm
 createrepo_c-devel-0.17.5-1.cm2.x86_64.rpm
 cross-binutils-common-2.37-8.cm2.noarch.rpm
 cross-gcc-common-11.2.0-8.cm2.noarch.rpm
-curl-8.5.0-2.cm2.x86_64.rpm
-curl-debuginfo-8.5.0-2.cm2.x86_64.rpm
-curl-devel-8.5.0-2.cm2.x86_64.rpm
-curl-libs-8.5.0-2.cm2.x86_64.rpm
+curl-8.8.0-1.cm2.x86_64.rpm
+curl-debuginfo-8.8.0-1.cm2.x86_64.rpm
+curl-devel-8.8.0-1.cm2.x86_64.rpm
+curl-libs-8.8.0-1.cm2.x86_64.rpm
 Cython-debuginfo-0.29.33-2.cm2.x86_64.rpm
 debugedit-5.0-2.cm2.x86_64.rpm
 debugedit-debuginfo-5.0-2.cm2.x86_64.rpm