Upgrade curl to 8.3.0 CVE-2023-38039 (#6261)

SPECS/curl/curl.signatures.json

@@ -1,5 +1,5 @@
 {
   "Signatures": {
-    "curl-8.2.1.tar.gz": "f98bdb06c0f52bdd19e63c4a77b5eb19b243bcbbd0f5b002b9f3cba7295a3a42"
+    "curl-8.3.0.tar.gz": "d3a19aeea301085a56c32bc0f7d924a818a7893af253e41505d1e26d7db8e95a"
   }
 }

SPECS/curl/curl.spec

@@ -1,6 +1,6 @@
 Summary:        An URL retrieval utility and library
 Name:           curl
-Version:        8.2.1
+Version:        8.3.0
 Release:        1%{?dist}
 License:        curl
 Vendor:         Microsoft Corporation
@@ -85,6 +85,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %{_libdir}/libcurl.so.*
 
 %changelog
+* Thu Sep 21 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 8.3.0-1
+- Auto-upgrade to 8.3.0 - CVE-2023-38039
+
 * Tue Aug 08 2023 Muhammad Falak <mwani@microsoft.com> - 8.2.1-1
 - Bump curl to 8.2.1 to address CVE-2023-32001
 - Drop un-needed patch

cgmanifest.json

@@ -2397,8 +2397,8 @@
         "type": "other",
         "other": {
           "name": "curl",
-          "version": "8.2.1",
-          "downloadUrl": "https://curl.haxx.se/download/curl-8.2.1.tar.gz"
+          "version": "8.3.0",
+          "downloadUrl": "https://curl.haxx.se/download/curl-8.3.0.tar.gz"
         }
       }
     },

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

@@ -190,9 +190,9 @@ libssh2-1.9.0-3.cm2.aarch64.rpm
 libssh2-devel-1.9.0-3.cm2.aarch64.rpm
 krb5-1.19.4-2.cm2.aarch64.rpm
 nghttp2-1.46.0-3.cm2.aarch64.rpm
-curl-8.2.1-1.cm2.aarch64.rpm
-curl-devel-8.2.1-1.cm2.aarch64.rpm
-curl-libs-8.2.1-1.cm2.aarch64.rpm
+curl-8.3.0-1.cm2.aarch64.rpm
+curl-devel-8.3.0-1.cm2.aarch64.rpm
+curl-libs-8.3.0-1.cm2.aarch64.rpm
 createrepo_c-0.17.5-1.cm2.aarch64.rpm
 libxml2-2.10.4-1.cm2.aarch64.rpm
 libxml2-devel-2.10.4-1.cm2.aarch64.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

@@ -190,9 +190,9 @@ libssh2-1.9.0-3.cm2.x86_64.rpm
 libssh2-devel-1.9.0-3.cm2.x86_64.rpm
 krb5-1.19.4-2.cm2.x86_64.rpm
 nghttp2-1.46.0-3.cm2.x86_64.rpm
-curl-8.2.1-1.cm2.x86_64.rpm
-curl-devel-8.2.1-1.cm2.x86_64.rpm
-curl-libs-8.2.1-1.cm2.x86_64.rpm
+curl-8.3.0-1.cm2.x86_64.rpm
+curl-devel-8.3.0-1.cm2.x86_64.rpm
+curl-libs-8.3.0-1.cm2.x86_64.rpm
 createrepo_c-0.17.5-1.cm2.x86_64.rpm
 libxml2-2.10.4-1.cm2.x86_64.rpm
 libxml2-devel-2.10.4-1.cm2.x86_64.rpm

toolkit/resources/manifests/package/toolchain_aarch64.txt

@@ -46,10 +46,10 @@ cracklib-lang-2.9.7-5.cm2.aarch64.rpm
 createrepo_c-0.17.5-1.cm2.aarch64.rpm
 createrepo_c-debuginfo-0.17.5-1.cm2.aarch64.rpm
 createrepo_c-devel-0.17.5-1.cm2.aarch64.rpm
-curl-8.2.1-1.cm2.aarch64.rpm
-curl-debuginfo-8.2.1-1.cm2.aarch64.rpm
-curl-devel-8.2.1-1.cm2.aarch64.rpm
-curl-libs-8.2.1-1.cm2.aarch64.rpm
+curl-8.3.0-1.cm2.aarch64.rpm
+curl-debuginfo-8.3.0-1.cm2.aarch64.rpm
+curl-devel-8.3.0-1.cm2.aarch64.rpm
+curl-libs-8.3.0-1.cm2.aarch64.rpm
 Cython-debuginfo-0.29.33-1.cm2.aarch64.rpm
 debugedit-5.0-2.cm2.aarch64.rpm
 debugedit-debuginfo-5.0-2.cm2.aarch64.rpm

toolkit/resources/manifests/package/toolchain_x86_64.txt

@@ -46,10 +46,10 @@ cracklib-lang-2.9.7-5.cm2.x86_64.rpm
 createrepo_c-0.17.5-1.cm2.x86_64.rpm
 createrepo_c-debuginfo-0.17.5-1.cm2.x86_64.rpm
 createrepo_c-devel-0.17.5-1.cm2.x86_64.rpm
-curl-8.2.1-1.cm2.x86_64.rpm
-curl-debuginfo-8.2.1-1.cm2.x86_64.rpm
-curl-devel-8.2.1-1.cm2.x86_64.rpm
-curl-libs-8.2.1-1.cm2.x86_64.rpm
+curl-8.3.0-1.cm2.x86_64.rpm
+curl-debuginfo-8.3.0-1.cm2.x86_64.rpm
+curl-devel-8.3.0-1.cm2.x86_64.rpm
+curl-libs-8.3.0-1.cm2.x86_64.rpm
 Cython-debuginfo-0.29.33-1.cm2.x86_64.rpm
 debugedit-5.0-2.cm2.x86_64.rpm
 debugedit-debuginfo-5.0-2.cm2.x86_64.rpm