diff options
author | Lee Chee Yang <chee.yang.lee@intel.com> | 2023-12-15 17:40:21 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-12-21 13:49:48 +0000 |
commit | 6ad00a5bd634813d7eb356270e5fc08a9b6a9863 (patch) | |
tree | b3e1222e16fae8eb7d97d1cb666c4530fe2d79b6 /meta/recipes-support/curl/curl_8.5.0.bb | |
parent | 4a5ef39d8a6a18dc48f280fb52be1fc8bfac3799 (diff) | |
download | poky-6ad00a5bd634813d7eb356270e5fc08a9b6a9863.tar.gz |
curl: update to 8.5.0
update include fix for CVE-2023-46218.
skip test 1477 which check that libcurl-errors.3 and the public
header files have the same set of error codes.
Notes: This test is not included in the source tarball.
https://github.com/curl/curl/issues/12462
Release Notes:
curl and libcurl 8.5.0
Public curl releases: 253
Command line options: 258
curl_easy_setopt() options: 303
Public functions in libcurl: 93
Contributors: 3039
This release includes the following changes:
o gnutls: support CURLSSLOPT_NATIVE_CA [31]
o HTTP3: ngtcp2 builds are no longer experimental [77]
This release includes the following bugfixes:
o appveyor: make VS2008-built curl tool runnable [93]
o asyn-thread: use pipe instead of socketpair for IPC when available [4]
o autotools: accept linker flags via `CURL_LDFLAGS_{LIB,BIN}` [128]
o autotools: avoid passing `LDFLAGS` twice to libcurl [127]
o autotools: delete LCC compiler support bits [137]
o autotools: fix/improve gcc and Apple clang version detection [136]
o autotools: stop setting `-std=gnu89` with `--enable-warnings` [135]
o autotools: update references to deleted `crypt-auth` option [46]
o BINDINGS: add V binding [54]
o build: add `src/.checksrc` to source tarball [1]
o build: add more picky warnings and fix them [172]
o build: always revert `#pragma GCC diagnostic` after use [143]
o build: delete `HAVE_STDINT_H` and `HAVE_INTTYPES_H` [107]
o build: delete support bits for obsolete Windows compilers [106]
o build: fix 'threadsafe' feature detection for older gcc [19]
o build: fix builds that disable protocols but not digest auth [174]
o build: fix compiler warning with auths disabled [85]
o build: fix libssh2 + `CURL_DISABLE_DIGEST_AUTH` + `CURL_DISABLE_AWS` [120]
o build: picky warning updates [125]
o build: require Windows XP or newer [86]
o cfilter: provide call to tell connection to forget a socket [65]
o checksrc.pl: support #line instructions
o CI: add autotools, out-of-tree, debug build to distro check job [14]
o CI: ignore test 286 on Appveyor gcc 9 build [6]
o cmake: add `CURL_DISABLE_BINDLOCAL` option [146]
o cmake: add test for `DISABLE` options, add `CURL_DISABLE_HEADERS_API` [138]
o cmake: dedupe Windows system libs [114]
o cmake: fix `HAVE_H_ERRNO_ASSIGNABLE` detection [2]
o cmake: fix CURL_DISABLE_GETOPTIONS [12]
o cmake: fix multiple include of CURL package [96]
o cmake: fix OpenSSL quic detection in quiche builds [56]
o cmake: option to disable install & drop `curlu` target when unused [72]
o cmake: pre-fill rest of detection values for Windows [50]
o cmake: replace `check_library_exists_concat()` [23]
o cmake: speed up threads setup for Windows [68]
o cmake: speed up zstd detection [69]
o config-win32: set `HAVE_SNPRINTF` for mingw-w64 [123]
o configure: better --disable-http [80]
o configure: check for the fseeko declaration too [55]
o conncache: use the closure handle when disconnecting surplus connections [173]
o content_encoding: make Curl_all_content_encodings allocless [101]
o cookie: lowercase the domain names before PSL checks [160]
o curl.h: delete Symbian OS references [162]
o curl.h: on FreeBSD include sys/param.h instead of osreldate.h [21]
o curl.rc: switch out the copyright symbol for plain ASCII [167]
o curl: improved IPFS and IPNS URL support [87]
o curl_easy_duphandle.3: clarify how HSTS and alt-svc are duped [99]
o Curl_http_body: cleanup properly when Curl_getformdata errors [152]
o curl_setup: disallow Windows IPv6 builds missing getaddrinfo [57]
o curl_sspi: support more revocation error names in error messages [95]
o CURLINFO_PRETRANSFER_TIME_T.3: fix time explanation [181]
o CURLMOPT_MAX_CONCURRENT_STREAMS: make sure the set value is within range [165]
o CURLOPT_CAINFO_BLOB.3: explain what CURL_BLOB_COPY does [113]
o CURLOPT_WRITEFUNCTION.3: clarify libcurl returns for CURL_WRITEFUNC_ERROR [45]
o CURPOST_POSTFIELDS.3: add CURLOPT_COPYPOSTFIELDS in SEE ALSO
o docs/example/keepalive.c: show TCP keep-alive options [73]
o docs/example/localport.c: show off CURLOPT_LOCALPORT [83]
o docs/examples/interface.c: show CURLOPT_INTERFACE use [84]
o docs/libcurl: fix three minor man page format mistakes [26]
o docs/libcurl: SYNSOPSIS cleanup [150]
o docs: add supported version for the json write-out [92]
o docs: clarify that curl passes on input unfiltered [47]
o docs: fix function typo in curl_easy_option_next.3 [36]
o docs: KNOWN_BUGS cleanup
o docs: make all examples in all libcurl man pages compile [175]
o docs: preserve the modification date when copying the prebuilt man page [89]
o docs: remove bold from some man page SYNOPSIS sections [90]
o docs: use SOURCE_DATE_EPOCH for generated manpages [16]
o doh: provide better return code for responses w/o addresses [133]
o doh: use PIPEWAIT when HTTP/2 is attempted [63]
o duphandle: also free 'outcurl->cookies' in error path [122]
o duphandle: make dupset() not return with pointers to old alloced data [109]
o duphandle: use strdup to clone *COPYPOSTFIELDS if size is not set [132]
o easy: in duphandle, init the cookies for the new handle [131]
o easy: remove duplicate wolfSSH init call [37]
o easy_lock: add a pthread_mutex_t fallback [13]
o examples/rtsp-options.c: add [157]
o fopen: create new file using old file's mode [153]
o fopen: create short(er) temporary file name [155]
o getenv: PlayStation doesn't have getenv() [41]
o GHA: move mod_h2 version in CI to v2.0.25 [43]
o hostip: show the list of IPs when resolving is done [35]
o hostip: silence compiler warning `-Wparentheses-equality` [62]
o hsts: skip single-dot hostname [67]
o HTTP/2, HTTP/3: handle detach of onoing transfers [134]
o http2: header conversion tightening [33]
o http2: provide an error callback and failf the message [53]
o http2: safer invocation of populate_binsettings [8]
o http: allow longer HTTP/2 request method names [112]
o http: avoid Expect: 100-continue if Upgrade: is used [15]
o http: consider resume with CURLOPT_FAILONERRROR and 416 to be fine [81]
o http: fix `-Wunused-parameter` with no auth and no proxy [149]
o http: fix `-Wunused-variable` compiler warning [115]
o http: fix empty-body warning [76]
o http_aws_sigv4: canonicalise valueless query params [88]
o hyper: temporarily remove HTTP/2 support [139]
o INSTALL: update list of ports and CPU archs
o IPFS: fix IPFS_PATH and file parsing [119]
o keylog: disable if unused [145]
o lib: add and use Curl_strndup() [97]
o lib: apache style infof and trace macros/functions [71]
o lib: fix gcc warning in printf call [7]
o libcurl-errors.3: sync with current public headers [156]
o libcurl-thread.3: simplify the TLS section [79]
o Makefile.am: drop vc10, vc11 and vc12 projects from dist [103]
o Makefile.mk: fix `-rtmp` option for non-Windows
o mime: store "form escape" as a single bit [170]
o misc: fix -Walloc-size warnings [118]
o msh3: error when built with CURL_DISABLE_SOCKETPAIR set [61]
o multi: during ratelimit multi_getsock should return no sockets [182]
o multi: use pipe instead of socketpair to *wakeup() [18]
o ngtcp2: fix races in stream handling [178]
o ngtcp2: ignore errors on unknown streams [158]
o ntlm_wb: use pipe instead of socketpair when possible [44]
o openldap: move the alloc of ldapconninfo to *connect() [29]
o openldap: set the callback argument in oldap_do [30]
o openssl: avoid BN_num_bits() NULL pointer derefs [9]
o openssl: fix building with v3 `no-deprecated` + add CI test [161]
o openssl: fix infof() to avoid compiler warning for %s with null [70]
o openssl: identify the "quictls" backend correctly [82]
o openssl: include SIG and KEM algorithms in verbose [52]
o openssl: make CURLSSLOPT_NATIVE_CA import Windows intermediate CAs [58]
o openssl: two multi pointer checks should probably rather be asserts [91]
o openssl: when a session-ID is reused, skip OCSP stapling [142]
o page-footer: clarify exit code 25 [51]
o projects: add VC14.20 project files [104]
o pytest: use lower count in repeat tests [98]
o quic: make eyeballers connect retries stop at weird replies [140]
o quic: manage connection idle timeouts [5]
o quiche: use quiche_conn_peer_transport_params() [116]
o rand: fix build error with autotools + LibreSSL [111]
o resolve.d: drop a multi use-sentence [100]
o RTSP: improved RTP parser [32]
o rustls: implement connect_blocking [154]
o sasl: fix `-Wunused-function` compiler warning [124]
o schannel: add CA cache support for files and memory blobs [121]
o setopt: check CURLOPT_TFTP_BLKSIZE range on set [171]
o setopt: remove outdated cookie comment [64]
o setopt: remove superfluous use of ternary expressions [169]
o socks: better buffer size checks for socks4a user and hostname [20]
o socks: make SOCKS5 use the CURLOPT_IPRESOLVE choice [38]
o symbols-in-versions: the CLOSEPOLICY options are deprecated
o test1683: remove commented-out check alternatives
o test3103: add missing quotes around a test tag attribute
o test613: stop showing an error on missing output file
o tests/README: SOCKS tests are not using OpenSSH, it has its own server [48]
o tests/server: add more SOCKS5 handshake error checking [27]
o tests: Fix Windows test helper tool search & use it for handle64 [17]
o tidy-up: casing typos, delete unused Windows version aliases [144]
o tool: fix --capath when proxy support is disabled [28]
o tool: support bold headers in Windows [117]
o tool_cb_hdr: add an additional parsing check [129]
o tool_cb_prg: make the carriage return fit for wide progress bars [159]
o tool_cb_wrt: fix write output for very old Windows versions [24]
o tool_getparam: limit --rate to be smaller than number of ms [3]
o tool_operate: do not mix memory models [108]
o tool_operate: fix links in ipfs errors [22]
o tool_parsecfg: make warning output propose double-quoting [164]
o tool_urlglob: fix build for old gcc versions [25]
o tool_urlglob: make multiply() bail out on negative values [11]
o tool_writeout_json: fix JSON encoding of non-ascii bytes [179]
o transfer: abort pause send when connection is marked for closing [183]
o transfer: avoid calling the read callback again after EOF [130]
o transfer: only reset the FTP wildcard engine in CLEAR state [42]
o url: don't touch the multi handle when closing internal handles [40]
o url: find scheme with a "perfect hash" [141]
o url: fix `-Wzero-length-array` with no protocols [147]
o url: fix builds with `CURL_DISABLE_HTTP` [148]
o url: protocol handler lookup tidy-up [66]
o url: proxy ssl connection reuse fix [94]
o urlapi: avoid null deref if setting blank host to url encode [75]
o urlapi: skip appending NULL pointer query [74]
o urlapi: when URL encoding the fragment, pass in the right length [59]
o urldata: make maxconnects a 32 bit value [166]
o urldata: move async resolver state from easy handle to connectdata [34]
o urldata: move cookielist from UserDefined to UrlState [126]
o urldata: move hstslist from 'set' to 'state' [105]
o urldata: move the 'internal' boolean to the state struct [39]
o vssh: remove the #ifdef for Curl_ssh_init, use empty macro
o vtls: cleanup SSL config management [78]
o vtls: consistently use typedef names for OpenSSL structs [176]
o vtls: late clone of connection ssl config [60]
o vtls: use ALPN "http/1.1" for HTTP/1.x, including HTTP/1.0 [102]
o VULN-DISCLOSURE-POLICY: escape sequences are not a security flaw [110]
o windows: use built-in `_WIN32` macro to detect Windows [163]
o wolfssh: remove redundant static prototypes [168]
o wolfssl: add default case for wolfssl_connect_step1 switch [49]
o wolfssl: require WOLFSSL_SYS_CA_CERTS for loading system CA [10]
(From OE-Core rev: 44f4e93d25f208d0be4c53d02113b7d0ebfffa4a)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/curl/curl_8.5.0.bb')
-rw-r--r-- | meta/recipes-support/curl/curl_8.5.0.bb | 139 |
1 files changed, 139 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl_8.5.0.bb b/meta/recipes-support/curl/curl_8.5.0.bb new file mode 100644 index 0000000000..115ec7189f --- /dev/null +++ b/meta/recipes-support/curl/curl_8.5.0.bb | |||
@@ -0,0 +1,139 @@ | |||
1 | SUMMARY = "Command line tool and library for client-side URL transfers" | ||
2 | DESCRIPTION = "It uses URL syntax to transfer data to and from servers. \ | ||
3 | curl is a widely used because of its ability to be flexible and complete \ | ||
4 | complex tasks. For example, you can use curl for things like user authentication, \ | ||
5 | HTTP post, SSL connections, proxy support, FTP uploads, and more!" | ||
6 | HOMEPAGE = "https://curl.se/" | ||
7 | BUGTRACKER = "https://github.com/curl/curl/issues" | ||
8 | SECTION = "console/network" | ||
9 | LICENSE = "curl" | ||
10 | LIC_FILES_CHKSUM = "file://COPYING;md5=db8448a1e43eb2125f7740fc397db1f6" | ||
11 | |||
12 | SRC_URI = " \ | ||
13 | https://curl.se/download/${BP}.tar.xz \ | ||
14 | file://run-ptest \ | ||
15 | file://disable-tests \ | ||
16 | " | ||
17 | SRC_URI[sha256sum] = "42ab8db9e20d8290a3b633e7fbb3cec15db34df65fd1015ef8ac1e4723750eeb" | ||
18 | |||
19 | # Curl has used many names over the years... | ||
20 | CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" | ||
21 | |||
22 | inherit autotools pkgconfig binconfig multilib_header ptest | ||
23 | |||
24 | # Entropy source for random PACKAGECONFIG option | ||
25 | RANDOM ?= "/dev/urandom" | ||
26 | |||
27 | PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} aws basic-auth bearer-auth digest-auth negotiate-auth libidn openssl proxy random threaded-resolver verbose zlib" | ||
28 | PACKAGECONFIG:class-native = "ipv6 openssl proxy random threaded-resolver verbose zlib" | ||
29 | PACKAGECONFIG:class-nativesdk = "ipv6 openssl proxy random threaded-resolver verbose zlib" | ||
30 | |||
31 | # 'ares' and 'threaded-resolver' are mutually exclusive | ||
32 | PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver" | ||
33 | PACKAGECONFIG[aws] = "--enable-aws,--disable-aws" | ||
34 | PACKAGECONFIG[basic-auth] = "--enable-basic-auth,--disable-basic-auth" | ||
35 | PACKAGECONFIG[bearer-auth] = "--enable-bearer-auth,--disable-bearer-auth" | ||
36 | PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli" | ||
37 | PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual" | ||
38 | # Don't use this in production | ||
39 | PACKAGECONFIG[debug] = "--enable-debug,--disable-debug" | ||
40 | PACKAGECONFIG[dict] = "--enable-dict,--disable-dict," | ||
41 | PACKAGECONFIG[digest-auth] = "--enable-digest-auth,--disable-digest-auth" | ||
42 | PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls" | ||
43 | PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher," | ||
44 | PACKAGECONFIG[imap] = "--enable-imap,--disable-imap," | ||
45 | PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," | ||
46 | PACKAGECONFIG[kerberos-auth] = "--enable-kerberos-auth,--disable-kerberos-auth" | ||
47 | PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5" | ||
48 | PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,openldap" | ||
49 | PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,openldap" | ||
50 | PACKAGECONFIG[libgsasl] = "--with-libgsasl,--without-libgsasl,libgsasl" | ||
51 | PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2" | ||
52 | PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2" | ||
53 | PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls" | ||
54 | PACKAGECONFIG[mqtt] = "--enable-mqtt,--disable-mqtt," | ||
55 | PACKAGECONFIG[negotiate-auth] = "--enable-negotiate-auth,--disable-negotiate-auth" | ||
56 | PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2" | ||
57 | PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl,openssl" | ||
58 | PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3," | ||
59 | PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy," | ||
60 | PACKAGECONFIG[random] = "--with-random=${RANDOM},--without-random" | ||
61 | PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump" | ||
62 | PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp," | ||
63 | PACKAGECONFIG[smb] = "--enable-smb,--disable-smb," | ||
64 | PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp," | ||
65 | PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet," | ||
66 | PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp," | ||
67 | PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver,,,,ares" | ||
68 | PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose" | ||
69 | PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib" | ||
70 | PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd" | ||
71 | |||
72 | EXTRA_OECONF = " \ | ||
73 | --disable-libcurl-option \ | ||
74 | --disable-ntlm-wb \ | ||
75 | --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \ | ||
76 | --without-libpsl \ | ||
77 | --enable-optimize \ | ||
78 | ${@'--without-ssl' if (bb.utils.filter('PACKAGECONFIG', 'gnutls mbedtls openssl', d) == '') else ''} \ | ||
79 | " | ||
80 | |||
81 | do_install:append:class-target() { | ||
82 | # cleanup buildpaths from curl-config | ||
83 | sed -i \ | ||
84 | -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \ | ||
85 | -e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \ | ||
86 | -e 's|${DEBUG_PREFIX_MAP}||g' \ | ||
87 | -e 's|${@" ".join(d.getVar("DEBUG_PREFIX_MAP").split())}||g' \ | ||
88 | ${D}${bindir}/curl-config | ||
89 | } | ||
90 | |||
91 | do_compile_ptest() { | ||
92 | oe_runmake -C ${B}/tests | ||
93 | } | ||
94 | |||
95 | do_install_ptest() { | ||
96 | cat ${WORKDIR}/disable-tests >> ${S}/tests/data/DISABLED | ||
97 | rm -f ${B}/tests/configurehelp.pm | ||
98 | cp -rf ${B}/tests ${D}${PTEST_PATH} | ||
99 | rm -f ${D}${PTEST_PATH}/tests/libtest/.libs/libhostname.la | ||
100 | rm -f ${D}${PTEST_PATH}/tests/libtest/libhostname.la | ||
101 | mv ${D}${PTEST_PATH}/tests/libtest/.libs/* ${D}${PTEST_PATH}/tests/libtest/ | ||
102 | mv ${D}${PTEST_PATH}/tests/libtest/libhostname.so ${D}${PTEST_PATH}/tests/libtest/.libs/ | ||
103 | mv ${D}${PTEST_PATH}/tests/http/clients/.libs/* ${D}${PTEST_PATH}/tests/http/clients/ | ||
104 | cp -rf ${S}/tests ${D}${PTEST_PATH} | ||
105 | find ${D}${PTEST_PATH}/ -type f -name Makefile.am -o -name Makefile.in -o -name Makefile -delete | ||
106 | install -d ${D}${PTEST_PATH}/src | ||
107 | ln -sf ${bindir}/curl ${D}${PTEST_PATH}/src/curl | ||
108 | cp -rf ${D}${bindir}/curl-config ${D}${PTEST_PATH} | ||
109 | } | ||
110 | |||
111 | RDEPENDS:${PN}-ptest += " \ | ||
112 | bash \ | ||
113 | perl-module-b \ | ||
114 | perl-module-base \ | ||
115 | perl-module-cwd \ | ||
116 | perl-module-digest \ | ||
117 | perl-module-digest-md5 \ | ||
118 | perl-module-file-basename \ | ||
119 | perl-module-file-spec \ | ||
120 | perl-module-file-temp \ | ||
121 | perl-module-io-socket \ | ||
122 | perl-module-ipc-open2 \ | ||
123 | perl-module-list-util \ | ||
124 | perl-module-memoize \ | ||
125 | perl-module-storable \ | ||
126 | perl-module-time-hires \ | ||
127 | " | ||
128 | |||
129 | PACKAGES =+ "lib${BPN}" | ||
130 | |||
131 | FILES:lib${BPN} = "${libdir}/lib*.so.*" | ||
132 | RRECOMMENDS:lib${BPN} += "ca-certificates" | ||
133 | |||
134 | FILES:${PN} += "${datadir}/zsh" | ||
135 | |||
136 | inherit multilib_script | ||
137 | MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/curl-config" | ||
138 | |||
139 | BBCLASSEXTEND = "native nativesdk" | ||