From 04eee95515735c0f14e99b0d989d8fc85a1f06b5 Mon Sep 17 00:00:00 2001 From: Robert Joslyn Date: Sun, 30 Oct 2022 20:06:26 -0700 Subject: curl: Update 7.85.0 to 7.86.0 Feature and security update. Fixes the following CVEs: - CVE-2022-32221 - CVE-2022-35260 - CVE-2022-42915 - CVE-2022-42916 Release notes: https://curl.se/changes.html#7_86_0 (From OE-Core rev: df55dced4b4980a8c6746acb2e02b80850d8613e) Signed-off-by: Robert Joslyn Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie --- meta/recipes-support/curl/curl_7.85.0.bb | 116 ------------------------------- meta/recipes-support/curl/curl_7.86.0.bb | 116 +++++++++++++++++++++++++++++++ 2 files changed, 116 insertions(+), 116 deletions(-) delete mode 100644 meta/recipes-support/curl/curl_7.85.0.bb create mode 100644 meta/recipes-support/curl/curl_7.86.0.bb (limited to 'meta/recipes-support/curl') diff --git a/meta/recipes-support/curl/curl_7.85.0.bb b/meta/recipes-support/curl/curl_7.85.0.bb deleted file mode 100644 index ad6a5175bc..0000000000 --- a/meta/recipes-support/curl/curl_7.85.0.bb +++ /dev/null @@ -1,116 +0,0 @@ -SUMMARY = "Command line tool and library for client-side URL transfers" -DESCRIPTION = "It uses URL syntax to transfer data to and from servers. \ -curl is a widely used because of its ability to be flexible and complete \ -complex tasks. For example, you can use curl for things like user authentication, \ -HTTP post, SSL connections, proxy support, FTP uploads, and more!" -HOMEPAGE = "https://curl.se/" -BUGTRACKER = "https://github.com/curl/curl/issues" -SECTION = "console/network" -LICENSE = "MIT-open-group" -LIC_FILES_CHKSUM = "file://COPYING;md5=190c514872597083303371684954f238" - -SRC_URI = " \ - https://curl.se/download/${BP}.tar.xz \ - file://run-ptest \ - file://disable-tests \ -" -SRC_URI[sha256sum] = "88b54a6d4b9a48cb4d873c7056dcba997ddd5b7be5a2d537a4acb55c20b04be6" - -# Curl has used many names over the years... -CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" - -inherit autotools pkgconfig binconfig multilib_header ptest - -# Entropy source for random PACKAGECONFIG option -RANDOM ?= "/dev/urandom" - -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} libidn openssl proxy random threaded-resolver verbose zlib" -PACKAGECONFIG:class-native = "ipv6 openssl proxy random threaded-resolver verbose zlib" -PACKAGECONFIG:class-nativesdk = "ipv6 openssl proxy random threaded-resolver verbose zlib" - -# 'ares' and 'threaded-resolver' are mutually exclusive -PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver" -PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli" -PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual" -PACKAGECONFIG[dict] = "--enable-dict,--disable-dict," -PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls" -PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher," -PACKAGECONFIG[imap] = "--enable-imap,--disable-imap," -PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," -PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5" -PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap," -PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps," -PACKAGECONFIG[libgsasl] = "--with-libgsasl,--without-libgsasl,libgsasl" -PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2" -PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2" -PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls" -PACKAGECONFIG[mqtt] = "--enable-mqtt,--disable-mqtt," -PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2" -PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl,openssl" -PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3," -PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy," -PACKAGECONFIG[random] = "--with-random=${RANDOM},--without-random" -PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump" -PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp," -PACKAGECONFIG[smb] = "--enable-smb,--disable-smb," -PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp," -PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss" -PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet," -PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp," -PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver,,,,ares" -PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose" -PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib" -PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd" - -EXTRA_OECONF = " \ - --disable-libcurl-option \ - --disable-ntlm-wb \ - --enable-crypto-auth \ - --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \ - --without-libpsl \ - --enable-debug \ - --enable-optimize \ - --disable-curldebug \ - ${@'--without-ssl' if (bb.utils.filter('PACKAGECONFIG', 'gnutls mbedtls nss openssl', d) == '') else ''} \ -" - -do_install:append:class-target() { - # cleanup buildpaths from curl-config - sed -i \ - -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \ - -e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \ - -e 's|${DEBUG_PREFIX_MAP}||g' \ - -e 's|${@" ".join(d.getVar("DEBUG_PREFIX_MAP").split())}||g' \ - ${D}${bindir}/curl-config -} - -do_compile_ptest() { - oe_runmake test - oe_runmake -C ${B}/tests/server -} - -do_install_ptest() { - cat ${WORKDIR}/disable-tests >> ${S}/tests/data/DISABLED - rm -f ${B}/tests/configurehelp.pm - cp -rf ${B}/tests ${D}${PTEST_PATH} - cp -rf ${S}/tests ${D}${PTEST_PATH} - find ${D}${PTEST_PATH}/ -type f -name Makefile.am -o -name Makefile.in -o -name Makefile -delete - install -d ${D}${PTEST_PATH}/src - ln -sf ${bindir}/curl ${D}${PTEST_PATH}/src/curl - cp -rf ${D}${bindir}/curl-config ${D}${PTEST_PATH} -} - -RDEPENDS:${PN}-ptest += "bash perl-modules perl-module-time-hires perl-module-digest-md5 \ - perl-module-digest perl-module-ipc-open2" - -PACKAGES =+ "lib${BPN}" - -FILES:lib${BPN} = "${libdir}/lib*.so.*" -RRECOMMENDS:lib${BPN} += "ca-certificates" - -FILES:${PN} += "${datadir}/zsh" - -inherit multilib_script -MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/curl-config" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-support/curl/curl_7.86.0.bb b/meta/recipes-support/curl/curl_7.86.0.bb new file mode 100644 index 0000000000..ec8ce9fd28 --- /dev/null +++ b/meta/recipes-support/curl/curl_7.86.0.bb @@ -0,0 +1,116 @@ +SUMMARY = "Command line tool and library for client-side URL transfers" +DESCRIPTION = "It uses URL syntax to transfer data to and from servers. \ +curl is a widely used because of its ability to be flexible and complete \ +complex tasks. For example, you can use curl for things like user authentication, \ +HTTP post, SSL connections, proxy support, FTP uploads, and more!" +HOMEPAGE = "https://curl.se/" +BUGTRACKER = "https://github.com/curl/curl/issues" +SECTION = "console/network" +LICENSE = "MIT-open-group" +LIC_FILES_CHKSUM = "file://COPYING;md5=190c514872597083303371684954f238" + +SRC_URI = " \ + https://curl.se/download/${BP}.tar.xz \ + file://run-ptest \ + file://disable-tests \ +" +SRC_URI[sha256sum] = "2d61116e5f485581f6d59865377df4463f2e788677ac43222b496d4e49fb627b" + +# Curl has used many names over the years... +CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" + +inherit autotools pkgconfig binconfig multilib_header ptest + +# Entropy source for random PACKAGECONFIG option +RANDOM ?= "/dev/urandom" + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} libidn openssl proxy random threaded-resolver verbose zlib" +PACKAGECONFIG:class-native = "ipv6 openssl proxy random threaded-resolver verbose zlib" +PACKAGECONFIG:class-nativesdk = "ipv6 openssl proxy random threaded-resolver verbose zlib" + +# 'ares' and 'threaded-resolver' are mutually exclusive +PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver" +PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli" +PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual" +PACKAGECONFIG[dict] = "--enable-dict,--disable-dict," +PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls" +PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher," +PACKAGECONFIG[imap] = "--enable-imap,--disable-imap," +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," +PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5" +PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap," +PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps," +PACKAGECONFIG[libgsasl] = "--with-libgsasl,--without-libgsasl,libgsasl" +PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2" +PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2" +PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls" +PACKAGECONFIG[mqtt] = "--enable-mqtt,--disable-mqtt," +PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2" +PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl,openssl" +PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3," +PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy," +PACKAGECONFIG[random] = "--with-random=${RANDOM},--without-random" +PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump" +PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp," +PACKAGECONFIG[smb] = "--enable-smb,--disable-smb," +PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp," +PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss" +PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet," +PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp," +PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver,,,,ares" +PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose" +PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib" +PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd" + +EXTRA_OECONF = " \ + --disable-libcurl-option \ + --disable-ntlm-wb \ + --enable-crypto-auth \ + --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \ + --without-libpsl \ + --enable-debug \ + --enable-optimize \ + --disable-curldebug \ + ${@'--without-ssl' if (bb.utils.filter('PACKAGECONFIG', 'gnutls mbedtls nss openssl', d) == '') else ''} \ +" + +do_install:append:class-target() { + # cleanup buildpaths from curl-config + sed -i \ + -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \ + -e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \ + -e 's|${DEBUG_PREFIX_MAP}||g' \ + -e 's|${@" ".join(d.getVar("DEBUG_PREFIX_MAP").split())}||g' \ + ${D}${bindir}/curl-config +} + +do_compile_ptest() { + oe_runmake test + oe_runmake -C ${B}/tests/server +} + +do_install_ptest() { + cat ${WORKDIR}/disable-tests >> ${S}/tests/data/DISABLED + rm -f ${B}/tests/configurehelp.pm + cp -rf ${B}/tests ${D}${PTEST_PATH} + cp -rf ${S}/tests ${D}${PTEST_PATH} + find ${D}${PTEST_PATH}/ -type f -name Makefile.am -o -name Makefile.in -o -name Makefile -delete + install -d ${D}${PTEST_PATH}/src + ln -sf ${bindir}/curl ${D}${PTEST_PATH}/src/curl + cp -rf ${D}${bindir}/curl-config ${D}${PTEST_PATH} +} + +RDEPENDS:${PN}-ptest += "bash perl-modules perl-module-time-hires perl-module-digest-md5 \ + perl-module-digest perl-module-ipc-open2" + +PACKAGES =+ "lib${BPN}" + +FILES:lib${BPN} = "${libdir}/lib*.so.*" +RRECOMMENDS:lib${BPN} += "ca-certificates" + +FILES:${PN} += "${datadir}/zsh" + +inherit multilib_script +MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/curl-config" + +BBCLASSEXTEND = "native nativesdk" -- cgit v1.2.3-54-g00ecf