From 90a3fc02edd69fe26aee440e853cb0db5d03adfd Mon Sep 17 00:00:00 2001
From: Maqsood Ahmad <MaqsoodAhmad.ulde@perforce.com>
Date: Mon, 19 Aug 2024 16:58:51 +0530
Subject: [PATCH 1/2] (PA-6872) Upgrade Curl to address CVE-2024-6874 and
 CVE-2024-6197

---
 configs/components/curl.rb             | 4 ++--
 configs/projects/agent-runtime-main.rb | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/configs/components/curl.rb b/configs/components/curl.rb
index b7100d54e..3de1b95e2 100644
--- a/configs/components/curl.rb
+++ b/configs/components/curl.rb
@@ -6,8 +6,8 @@
   case version
   when '7.88.1'
     pkg.sha256sum 'cdb38b72e36bc5d33d5b8810f8018ece1baa29a8f215b4495e495ded82bbf3c7'
-  when '8.7.1'
-    pkg.sha256sum 'f91249c87f68ea00cf27c44fdfa5a78423e41e71b7d408e5901a9896d905c495'
+  when '8.9.1'
+    pkg.sha256sum '291124a007ee5111997825940b3876b3048f7d31e73e9caa681b80fe48b2dcd5'
   else
     raise "curl version #{version} has not been configured; Cannot continue."
   end
diff --git a/configs/projects/agent-runtime-main.rb b/configs/projects/agent-runtime-main.rb
index 1d062e8f9..4f3e8398e 100644
--- a/configs/projects/agent-runtime-main.rb
+++ b/configs/projects/agent-runtime-main.rb
@@ -14,7 +14,7 @@
     proj.setting :augeas_version, '1.14.1'
   end
 
-  proj.setting :curl_version, '8.7.1'
+  proj.setting :curl_version, '8.9.1'
 
   ########
   # Load shared agent settings

From a20ef9232a3ed9b732e5e2c3d12df12015d68864 Mon Sep 17 00:00:00 2001
From: Maqsood Ahmad <MaqsoodAhmad.ulde@perforce.com>
Date: Wed, 21 Aug 2024 14:54:56 +0530
Subject: [PATCH 2/2] (PA-6889) Bump puppet-agent's bundled openssl 1.1.1v to
 1.1.1w and address CVE-2024-5535

---
 configs/components/openssl-1.1.1.rb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/configs/components/openssl-1.1.1.rb b/configs/components/openssl-1.1.1.rb
index d22afd819..113d3324c 100644
--- a/configs/components/openssl-1.1.1.rb
+++ b/configs/components/openssl-1.1.1.rb
@@ -1,6 +1,6 @@
 component 'openssl' do |pkg, settings, platform|
-  pkg.version '1.1.1v'
-  pkg.sha256sum 'd6697e2871e77238460402e9362d47d18382b15ef9f246aba6c7bd780d38a6b0'
+  pkg.version '1.1.1w'
+  pkg.sha256sum 'cf3098950cb4d853ad95c0841f1f9c6d3dc102dccfcacd521d93925208b76ac8'
   pkg.url "https://openssl.org/source/openssl-#{pkg.get_version}.tar.gz"
   pkg.mirror "#{settings[:buildsources_url]}/openssl-#{pkg.get_version}.tar.gz"
 
@@ -89,6 +89,7 @@
 
   pkg.apply_patch 'resources/patches/openssl/CVE-2023-5678.patch'
   pkg.apply_patch 'resources/patches/openssl/CVE-2024-0727.patch'
+  pkg.apply_patch 'resources/patches/openssl/CVE-2024-5535.patch'
   pkg.apply_patch 'resources/patches/openssl/openssl-1.1.1-CVE-2024-2511.patch'
   pkg.apply_patch 'resources/patches/openssl/openssl-1.1.1-CVE-2024-4741.patch'