curl: upgrade 8.12.1 -> 8.14.1

Handle CVE-2025-4947 and CVE-2025-5025. CVE-2025-5399 fixed in 8.14.1 was introduced only in 8.13.0, so Yocto never had version vulnerable to it. Rebase patches. Add openssl-native dependency fo ptest to fix following error: Missing or broken 'openssl' tool. openssl 1.0.2+ is required. Without it, this script cannot generate the necessary certificates the curl test suite needs for all its TLS related tests. at ../../../curl-8.14.0/tests/certs/genserv.pl line 33. Install curlinfo for tests required since 8.14.0 https://github.com/curl/curl/commit/7a1211d474afd4e36bfb39f2b870a418bce42138 (From OE-Core rev: d990ee6c49e3fcf969e54688397d47f0d0892ba1) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Peter Marko <peter.marko@siemens.com> 2025-06-07 23:34:17 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2025-06-09 17:43:41 +0100
commit: 140fde4c343963235556c3793e56b51b50f4acb4 (patch)
tree: 19d5d70741734baa21e1e8796b6b3a3f96e17d19
parent: 9ec3fc636abc850262585196e3364e3e65084c3d (diff)
download: poky-140fde4c343963235556c3793e56b51b50f4acb4.tar.gz
2 files changed, 7 insertions, 2 deletions
diff --git a/meta/recipes-support/curl/curl/no-test-timeout.patch b/meta/recipes-support/curl/curl/no-test-timeout.patch
index 677d177302..5b901a6fe9 100644
--- a/meta/recipes-support/curl/curl/no-test-timeout.patch
+++ b/meta/recipes-support/curl/curl/no-test-timeout.patch
@@ -14,7 +14,7 @@ diff --git a/tests/servers.pm b/tests/servers.pm
 index d4472d5..9999938 100644
 --- a/tests/servers.pm
 +++ b/tests/servers.pm
-@@ -123,7 +123,7 @@ my $sshdverstr;  # for socks server, ssh daemon version string
+@@ -124,7 +124,7 @@ my $sshdverstr;  # for socks server, ssh daemon version string
 my $sshderror;   # for socks server, ssh daemon version error
 my %doesntrun;    # servers that don't work, identified by pidfile
 my %PORT = (nolisten => 47); # port we use for a local non-listening service
diff --git a/meta/recipes-support/curl/curl_8.12.1.bb b/meta/recipes-support/curl/curl_8.14.1.bb
index 4192693da8..08ad9cdb17 100644
--- a/meta/recipes-support/curl/curl_8.12.1.bb
+++ b/meta/recipes-support/curl/curl_8.14.1.bb
@@ -20,7 +20,7 @@ SRC_URI:append:class-nativesdk = " \
           file://environment.d-curl.sh \
 "
-SRC_URI[sha256sum] = "0341f1ed97a26c811abaebd37d62b833956792b7607ea3f15d001613c76de202"
+SRC_URI[sha256sum] = "f4619a1e2474c4bbfedc88a7c2191209c8334b48fa1f4e53fd584cc12e9120dd"
 # Curl has used many names over the years...
 CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
@@ -126,12 +126,17 @@ do_install_ptest() {
                ${B}/libtool --mode=install install ${B}/tests/server/$name ${D}${PTEST_PATH}/tests/server
        done
+        install -d ${D}${PTEST_PATH}/src
+        install -m 755 ${B}/src/curlinfo ${D}${PTEST_PATH}/src
        cp -r ${S}/tests/data ${D}${PTEST_PATH}/tests/
        # More tests that we disable for automated QA as they're not reliable
        cat ${UNPACKDIR}/disable-tests >>${D}${PTEST_PATH}/tests/data/DISABLED
 }
+DEPENDS:append:class-target = "${@bb.utils.contains('PTEST_ENABLED', '1', ' openssl-native', '', d)}"
 RDEPENDS:${PN}-ptest += " \
        locale-base-en-us \
        perl-module-b \
author	Peter Marko <peter.marko@siemens.com>	2025-06-07 23:34:17 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2025-06-09 17:43:41 +0100
commit	140fde4c343963235556c3793e56b51b50f4acb4 (patch)
tree	19d5d70741734baa21e1e8796b6b3a3f96e17d19
parent	9ec3fc636abc850262585196e3364e3e65084c3d (diff)
download	poky-140fde4c343963235556c3793e56b51b50f4acb4.tar.gz