diff options
Diffstat (limited to 'meta/recipes-support/curl')
-rw-r--r-- | meta/recipes-support/curl/curl/0001-sigpipe-init-the-struct-so-that-first-apply-ignores.patch | 38 | ||||
-rw-r--r-- | meta/recipes-support/curl/curl/721941aadf4adf4f6aeb3f4c0ab489bb89610c36.patch | 64 | ||||
-rw-r--r-- | meta/recipes-support/curl/curl/disable-tests | 41 | ||||
-rw-r--r-- | meta/recipes-support/curl/curl/run-ptest | 8 | ||||
-rw-r--r-- | meta/recipes-support/curl/curl_8.9.1.bb (renamed from meta/recipes-support/curl/curl_8.7.1.bb) | 46 |
5 files changed, 71 insertions, 126 deletions
diff --git a/meta/recipes-support/curl/curl/0001-sigpipe-init-the-struct-so-that-first-apply-ignores.patch b/meta/recipes-support/curl/curl/0001-sigpipe-init-the-struct-so-that-first-apply-ignores.patch new file mode 100644 index 0000000000..15c69e1430 --- /dev/null +++ b/meta/recipes-support/curl/curl/0001-sigpipe-init-the-struct-so-that-first-apply-ignores.patch | |||
@@ -0,0 +1,38 @@ | |||
1 | From 3eec5afbd0b6377eca893c392569b2faf094d970 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Mon, 5 Aug 2024 00:17:17 +0200 | ||
4 | Subject: [PATCH] sigpipe: init the struct so that first apply ignores | ||
5 | |||
6 | Initializes 'no_signal' to TRUE, so that a call to sigpipe_apply() after | ||
7 | init ignores the signal (unless CURLOPT_NOSIGNAL) is set. | ||
8 | |||
9 | I have read the existing code multiple times now and I think it gets the | ||
10 | initial state reversed this missing to ignore. | ||
11 | |||
12 | Regression from 17e6f06ea37136c36d27 | ||
13 | |||
14 | Reported-by: Rasmus Thomsen | ||
15 | Fixes #14344 | ||
16 | Closes #14390 | ||
17 | |||
18 | Upstream-Status: Backport [https://github.com/curl/curl/commit/3eec5afbd0b6377eca893c392569b2faf094d970] | ||
19 | Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> | ||
20 | --- | ||
21 | lib/sigpipe.h | 1 + | ||
22 | 1 file changed, 1 insertion(+) | ||
23 | |||
24 | diff --git a/lib/sigpipe.h b/lib/sigpipe.h | ||
25 | index b91a2f513..d78afd905 100644 | ||
26 | --- a/lib/sigpipe.h | ||
27 | +++ b/lib/sigpipe.h | ||
28 | @@ -39,6 +39,7 @@ struct sigpipe_ignore { | ||
29 | static void sigpipe_init(struct sigpipe_ignore *ig) | ||
30 | { | ||
31 | memset(ig, 0, sizeof(*ig)); | ||
32 | + ig->no_signal = TRUE; | ||
33 | } | ||
34 | |||
35 | /* | ||
36 | -- | ||
37 | 2.44.2 | ||
38 | |||
diff --git a/meta/recipes-support/curl/curl/721941aadf4adf4f6aeb3f4c0ab489bb89610c36.patch b/meta/recipes-support/curl/curl/721941aadf4adf4f6aeb3f4c0ab489bb89610c36.patch deleted file mode 100644 index 98f7db93e8..0000000000 --- a/meta/recipes-support/curl/curl/721941aadf4adf4f6aeb3f4c0ab489bb89610c36.patch +++ /dev/null | |||
@@ -1,64 +0,0 @@ | |||
1 | From 721941aadf4adf4f6aeb3f4c0ab489bb89610c36 Mon Sep 17 00:00:00 2001 | ||
2 | From: Stefan Eissing <stefan@eissing.org> | ||
3 | Date: Mon, 1 Apr 2024 15:41:18 +0200 | ||
4 | Subject: [PATCH] http: with chunked POST forced, disable length check on read | ||
5 | callback | ||
6 | |||
7 | - when an application forces HTTP/1.1 chunked transfer encoding | ||
8 | by setting the corresponding header and instructs curl to use | ||
9 | the CURLOPT_READFUNCTION, disregard any POST length information. | ||
10 | - this establishes backward compatibility with previous curl versions | ||
11 | |||
12 | Applications are encouraged to not force "chunked", but rather | ||
13 | set length information for a POST. By setting -1, curl will | ||
14 | auto-select chunked on HTTP/1.1 and work properly on other HTTP | ||
15 | versions. | ||
16 | |||
17 | Reported-by: Jeff King | ||
18 | Fixes #13229 | ||
19 | Closes #13257 | ||
20 | Upstream-Status: Backport | ||
21 | --- | ||
22 | lib/http.c | 22 ++++++++++++++++++++-- | ||
23 | 1 file changed, 20 insertions(+), 2 deletions(-) | ||
24 | |||
25 | diff --git a/lib/http.c b/lib/http.c | ||
26 | index 92c04e69cd8373..a764d3c4403c39 100644 | ||
27 | --- a/lib/http.c | ||
28 | +++ b/lib/http.c | ||
29 | @@ -2046,8 +2046,19 @@ static CURLcode set_reader(struct Curl_easy *data, Curl_HttpReq httpreq) | ||
30 | else | ||
31 | result = Curl_creader_set_null(data); | ||
32 | } | ||
33 | - else { /* we read the bytes from the callback */ | ||
34 | - result = Curl_creader_set_fread(data, postsize); | ||
35 | + else { | ||
36 | + /* we read the bytes from the callback. In case "chunked" encoding | ||
37 | + * is forced by the application, we disregard `postsize`. This is | ||
38 | + * a backward compatibility decision to earlier versions where | ||
39 | + * chunking disregarded this. See issue #13229. */ | ||
40 | + bool chunked = FALSE; | ||
41 | + char *ptr = Curl_checkheaders(data, STRCONST("Transfer-Encoding")); | ||
42 | + if(ptr) { | ||
43 | + /* Some kind of TE is requested, check if 'chunked' is chosen */ | ||
44 | + chunked = Curl_compareheader(ptr, STRCONST("Transfer-Encoding:"), | ||
45 | + STRCONST("chunked")); | ||
46 | + } | ||
47 | + result = Curl_creader_set_fread(data, chunked? -1 : postsize); | ||
48 | } | ||
49 | return result; | ||
50 | |||
51 | @@ -2115,6 +2126,13 @@ CURLcode Curl_http_req_set_reader(struct Curl_easy *data, | ||
52 | data->req.upload_chunky = | ||
53 | Curl_compareheader(ptr, | ||
54 | STRCONST("Transfer-Encoding:"), STRCONST("chunked")); | ||
55 | + if(data->req.upload_chunky && | ||
56 | + Curl_use_http_1_1plus(data, data->conn) && | ||
57 | + (data->conn->httpversion >= 20)) { | ||
58 | + infof(data, "suppressing chunked transfer encoding on connection " | ||
59 | + "using HTTP version 2 or higher"); | ||
60 | + data->req.upload_chunky = FALSE; | ||
61 | + } | ||
62 | } | ||
63 | else { | ||
64 | curl_off_t req_clen = Curl_creader_total_length(data); | ||
diff --git a/meta/recipes-support/curl/curl/disable-tests b/meta/recipes-support/curl/curl/disable-tests index 259576fd01..e69de29bb2 100644 --- a/meta/recipes-support/curl/curl/disable-tests +++ b/meta/recipes-support/curl/curl/disable-tests | |||
@@ -1,41 +0,0 @@ | |||
1 | # Intermittently fails e.g. https://autobuilder.yocto.io/pub/non-release/20231220-28/testresults/qemux86-64-ptest/curl.log | ||
2 | # https://autobuilder.yocto.io/pub/non-release/20231220-27/testresults/qemux86-64-ptest/curl.log | ||
3 | 337 | ||
4 | # These CRL test (alt-avc) are failing | ||
5 | 356 | ||
6 | 412 | ||
7 | 413 | ||
8 | # These CRL tests are scanning docs | ||
9 | 971 | ||
10 | # Intermittently hangs e.g http://autobuilder.yocto.io/pub/non-release/20231228-18/testresults/qemux86-64-ptest/curl.log | ||
11 | 1091 | ||
12 | # Intermittently hangs e.g https://autobuilder.yocto.io/pub/non-release/20231220-27/testresults/qemux86-64-ptest/curl.log | ||
13 | 1096 | ||
14 | # These CRL tests are scanning docs | ||
15 | 1119 | ||
16 | 1132 | ||
17 | 1135 | ||
18 | 1478 | ||
19 | # These CRL tests are scanning headers | ||
20 | 1167 | ||
21 | 1477 | ||
22 | # These CRL tests are scanning man pages | ||
23 | 1139 | ||
24 | 1140 | ||
25 | 1173 | ||
26 | 1177 | ||
27 | # This CRL test is looking for m4 files | ||
28 | 1165 | ||
29 | # This CRL test is looking for src files | ||
30 | 1185 | ||
31 | # This test is scanning the source tree | ||
32 | 1222 | ||
33 | # These CRL tests need --libcurl option to be enabled | ||
34 | 1279 | ||
35 | 1400 | ||
36 | 1401 | ||
37 | 1402 | ||
38 | 1403 | ||
39 | 1404 | ||
40 | 1405 | ||
41 | 1465 | ||
diff --git a/meta/recipes-support/curl/curl/run-ptest b/meta/recipes-support/curl/curl/run-ptest index 579b3f4587..597cf92dbb 100644 --- a/meta/recipes-support/curl/curl/run-ptest +++ b/meta/recipes-support/curl/curl/run-ptest | |||
@@ -10,4 +10,10 @@ cd tests | |||
10 | 10 | ||
11 | # Don't run the flaky or timing dependent tests | 11 | # Don't run the flaky or timing dependent tests |
12 | # Until https://github.com/curl/curl/issues/13350 is resolved, don't run FTP tests | 12 | # Until https://github.com/curl/curl/issues/13350 is resolved, don't run FTP tests |
13 | ./runtests.pl -a -n -am -j4 -p !flaky !timing-dependent !FTP | 13 | # We don't enable --libcurl |
14 | # Don't assume curl-config exists | ||
15 | # We don't have the source tree | ||
16 | ./runtests.pl \ | ||
17 | -a -c curl -vc curl -n -am -j4 -p \ | ||
18 | !flaky !timing-dependent !FTP \ | ||
19 | !--libcurl !curl-config !source\ analysis !checksrc !documentation | ||
diff --git a/meta/recipes-support/curl/curl_8.7.1.bb b/meta/recipes-support/curl/curl_8.9.1.bb index 23b7c50a86..745224929b 100644 --- a/meta/recipes-support/curl/curl_8.7.1.bb +++ b/meta/recipes-support/curl/curl_8.9.1.bb | |||
@@ -11,24 +11,26 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=eed2e5088e1ac619c9a1c747da291d75" | |||
11 | 11 | ||
12 | SRC_URI = " \ | 12 | SRC_URI = " \ |
13 | https://curl.se/download/${BP}.tar.xz \ | 13 | https://curl.se/download/${BP}.tar.xz \ |
14 | file://721941aadf4adf4f6aeb3f4c0ab489bb89610c36.patch \ | ||
15 | file://run-ptest \ | 14 | file://run-ptest \ |
16 | file://disable-tests \ | 15 | file://disable-tests \ |
17 | file://no-test-timeout.patch \ | 16 | file://no-test-timeout.patch \ |
17 | file://0001-sigpipe-init-the-struct-so-that-first-apply-ignores.patch \ | ||
18 | " | 18 | " |
19 | SRC_URI[sha256sum] = "6fea2aac6a4610fbd0400afb0bcddbe7258a64c63f1f68e5855ebc0c659710cd" | 19 | SRC_URI[sha256sum] = "f292f6cc051d5bbabf725ef85d432dfeacc8711dd717ea97612ae590643801e5" |
20 | 20 | ||
21 | # Curl has used many names over the years... | 21 | # Curl has used many names over the years... |
22 | CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" | 22 | CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" |
23 | CVE_STATUS[CVE-2024-32928] = "ignored: CURLOPT_SSL_VERIFYPEER was disabled on google cloud services causing a potential man in the middle attack" | ||
23 | 24 | ||
24 | inherit autotools pkgconfig binconfig multilib_header ptest | 25 | inherit autotools pkgconfig binconfig multilib_header ptest |
25 | 26 | ||
26 | # Entropy source for random PACKAGECONFIG option | 27 | # Entropy source for random PACKAGECONFIG option |
27 | RANDOM ?= "/dev/urandom" | 28 | RANDOM ?= "/dev/urandom" |
28 | 29 | ||
29 | PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} aws basic-auth bearer-auth digest-auth negotiate-auth libidn openssl proxy random threaded-resolver verbose zlib" | 30 | COMMON_PACKAGECONFIG = "basic-auth bearer-auth digest-auth negotiate-auth openssl proxy random threaded-resolver verbose zlib" |
30 | PACKAGECONFIG:class-native = "ipv6 openssl proxy random threaded-resolver verbose zlib" | 31 | PACKAGECONFIG ??= "${COMMON_PACKAGECONFIG} ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} aws libidn" |
31 | PACKAGECONFIG:class-nativesdk = "ipv6 openssl proxy random threaded-resolver verbose zlib" | 32 | PACKAGECONFIG:class-native = "${COMMON_PACKAGECONFIG} ipv6" |
33 | PACKAGECONFIG:class-nativesdk = "${COMMON_PACKAGECONFIG} ipv6" | ||
32 | 34 | ||
33 | # 'ares' and 'threaded-resolver' are mutually exclusive | 35 | # 'ares' and 'threaded-resolver' are mutually exclusive |
34 | PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver" | 36 | PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver" |
@@ -73,7 +75,6 @@ PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd" | |||
73 | 75 | ||
74 | EXTRA_OECONF = " \ | 76 | EXTRA_OECONF = " \ |
75 | --disable-libcurl-option \ | 77 | --disable-libcurl-option \ |
76 | --disable-ntlm-wb \ | ||
77 | --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \ | 78 | --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \ |
78 | --without-libpsl \ | 79 | --without-libpsl \ |
79 | --enable-optimize \ | 80 | --enable-optimize \ |
@@ -103,23 +104,28 @@ do_compile_ptest() { | |||
103 | } | 104 | } |
104 | 105 | ||
105 | do_install_ptest() { | 106 | do_install_ptest() { |
106 | cat ${UNPACKDIR}/disable-tests >> ${S}/tests/data/DISABLED | 107 | install -d ${D}${PTEST_PATH}/tests |
107 | rm -f ${B}/tests/configurehelp.pm | 108 | cp ${S}/tests/*.p[lmy] ${D}${PTEST_PATH}/tests/ |
108 | cp -rf ${B}/tests ${D}${PTEST_PATH} | 109 | |
109 | rm -f ${D}${PTEST_PATH}/tests/libtest/.libs/libhostname.la | 110 | install -d ${D}${PTEST_PATH}/tests/libtest |
110 | rm -f ${D}${PTEST_PATH}/tests/libtest/libhostname.la | 111 | for name in $(makefile-getvar ${B}/tests/libtest/Makefile noinst_PROGRAMS noinst_LTLIBRARIES); do |
111 | mv ${D}${PTEST_PATH}/tests/libtest/.libs/* ${D}${PTEST_PATH}/tests/libtest/ | 112 | ${B}/libtool --mode=install install ${B}/tests/libtest/$name ${D}${PTEST_PATH}/tests/libtest |
112 | mv ${D}${PTEST_PATH}/tests/libtest/libhostname.so ${D}${PTEST_PATH}/tests/libtest/.libs/ | 113 | done |
113 | mv ${D}${PTEST_PATH}/tests/http/clients/.libs/* ${D}${PTEST_PATH}/tests/http/clients/ | 114 | cp ${S}/tests/libtest/notexists.pl ${D}${PTEST_PATH}/tests/libtest |
114 | cp -rf ${S}/tests ${D}${PTEST_PATH} | 115 | rm -f ${D}${PTEST_PATH}/tests/libtest/libhostname.la |
115 | find ${D}${PTEST_PATH}/ -type f -name Makefile.am -o -name Makefile.in -o -name Makefile -delete | 116 | |
116 | install -d ${D}${PTEST_PATH}/src | 117 | install -d ${D}${PTEST_PATH}/tests/server |
117 | ln -sf ${bindir}/curl ${D}${PTEST_PATH}/src/curl | 118 | for name in $(makefile-getvar ${B}/tests/server/Makefile noinst_PROGRAMS); do |
118 | cp -rf ${D}${bindir}/curl-config ${D}${PTEST_PATH} | 119 | ${B}/libtool --mode=install install ${B}/tests/server/$name ${D}${PTEST_PATH}/tests/server |
120 | done | ||
121 | |||
122 | cp -r ${S}/tests/data ${D}${PTEST_PATH}/tests/ | ||
123 | |||
124 | # More tests that we disable for automated QA as they're not reliable | ||
125 | cat ${UNPACKDIR}/disable-tests >>${D}${PTEST_PATH}/tests/data/DISABLED | ||
119 | } | 126 | } |
120 | 127 | ||
121 | RDEPENDS:${PN}-ptest += " \ | 128 | RDEPENDS:${PN}-ptest += " \ |
122 | bash \ | ||
123 | locale-base-en-us \ | 129 | locale-base-en-us \ |
124 | perl-module-b \ | 130 | perl-module-b \ |
125 | perl-module-base \ | 131 | perl-module-base \ |