curl: upgrade 8.11.0 -> 8.11.1

Bugfix release for 8.11.0 regressions. Solves CVE-2024-11053 Drop patch which was done differently upstream. (From OE-Core rev: 57731284008c18eee566df3412eaf6d13a59d498) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Peter Marko <peter.marko@siemens.com> 2024-12-11 19:09:53 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2024-12-13 12:26:01 +0000
commit: b91ed27ab24499e5ee8489c9957148f1717f1e4c (patch)
tree: 9c952552fbb202dd7fb1df41d94a5f452898b894
parent: d74dd7843428d6c39bb0ef7bc63d3c381705535f (diff)
download: poky-b91ed27ab24499e5ee8489c9957148f1717f1e4c.tar.gz
2 files changed, 1 insertions, 41 deletions
diff --git a/meta/recipes-support/curl/curl/0001-libcurl.pc.in-drop-LDFLAGS-from-Libs.private.patch b/meta/recipes-support/curl/curl/0001-libcurl.pc.in-drop-LDFLAGS-from-Libs.private.patch
deleted file mode 100644
index 79fc0b316e..0000000000
--- a/meta/recipes-support/curl/curl/0001-libcurl.pc.in-drop-LDFLAGS-from-Libs.private.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From cfd5d794fdfcc12e386fdbb14161babf54d2a5ee Mon Sep 17 00:00:00 2001
-From: Peter Marko <peter.marko@siemens.com>
-Date: Sat, 9 Nov 2024 22:26:58 +0100
-Subject: [PATCH] libcurl.pc.in: drop LDFLAGS from Libs.private
-Stop passing linker flags to pkg-config.
-This was added in v8.11.0 with commit [1].
-There are several problems with this, especially:
-* user may want to link curl and application with different flags
-* user usually adds the same or similar flags in all components, so this
-  will double the flags when linking application
-* when building components in temporary directories, these directories
-  are preserved in pkg-config linker flags and are invalid when building
-  application
-[1] https://github.com/curl/curl/commit/9f56bb608ecfbb8978c6cb72a04d9e8b23162d82
-Upstream-Status: Submitted [https://github.com/curl/curl/pull/15533]
-Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
- libcurl.pc.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/libcurl.pc.in b/libcurl.pc.in
-index 4c60a7ec7..7898dae35 100644
--- a/libcurl.pc.in
-+++ b/libcurl.pc.in
-@@ -36,6 +36,6 @@ Version: @CURLVERSION@
- Requires: @LIBCURL_PC_REQUIRES@
- Requires.private: @LIBCURL_PC_REQUIRES_PRIVATE@
- Libs: -L${libdir} -lcurl @LIBCURL_PC_LIBS@
-Libs.private: @LDFLAGS@ @LIBCURL_PC_LIBS_PRIVATE@
-+Libs.private: @LIBCURL_PC_LIBS_PRIVATE@
- Cflags: -I${includedir} @LIBCURL_PC_CFLAGS@
- Cflags.private: @LIBCURL_PC_CFLAGS_PRIVATE@
-- 
-2.30.2
diff --git a/meta/recipes-support/curl/curl_8.11.0.bb b/meta/recipes-support/curl/curl_8.11.1.bb
index a512aa443c..b4d80e9643 100644
--- a/meta/recipes-support/curl/curl_8.11.0.bb
+++ b/meta/recipes-support/curl/curl_8.11.1.bb
@@ -14,9 +14,8 @@ SRC_URI = " \
    file://run-ptest \
    file://disable-tests \
    file://no-test-timeout.patch \
-    file://0001-libcurl.pc.in-drop-LDFLAGS-from-Libs.private.patch \
 "
-SRC_URI[sha256sum] = "db59cf0d671ca6e7f5c2c5ec177084a33a79e04c97e71cf183a5cdea235054eb"
+SRC_URI[sha256sum] = "c7ca7db48b0909743eaef34250da02c19bc61d4f1dcedd6603f109409536ab56"
 # Curl has used many names over the years...
 CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
author	Peter Marko <peter.marko@siemens.com>	2024-12-11 19:09:53 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2024-12-13 12:26:01 +0000
commit	b91ed27ab24499e5ee8489c9957148f1717f1e4c (patch)
tree	9c952552fbb202dd7fb1df41d94a5f452898b894
parent	d74dd7843428d6c39bb0ef7bc63d3c381705535f (diff)
download	poky-b91ed27ab24499e5ee8489c9957148f1717f1e4c.tar.gz

diff --git a/meta/recipes-support/curl/curl/0001-libcurl.pc.in-drop-LDFLAGS-from-Libs.private.patch b/meta/recipes-support/curl/curl/0001-libcurl.pc.in-drop-LDFLAGS-from-Libs.private.patch deleted file mode 100644 index 79fc0b316e..0000000000 --- a/meta/recipes-support/curl/curl/0001-libcurl.pc.in-drop-LDFLAGS-from-Libs.private.patch +++ /dev/null
@@ -1,39 +0,0 @@
1	From cfd5d794fdfcc12e386fdbb14161babf54d2a5ee Mon Sep 17 00:00:00 2001
2	From: Peter Marko <peter.marko@siemens.com>
3	Date: Sat, 9 Nov 2024 22:26:58 +0100
4	Subject: [PATCH] libcurl.pc.in: drop LDFLAGS from Libs.private
5
6	Stop passing linker flags to pkg-config.
7
8	This was added in v8.11.0 with commit [1].
9	There are several problems with this, especially:
10	* user may want to link curl and application with different flags
11	* user usually adds the same or similar flags in all components, so this
12	will double the flags when linking application
13	* when building components in temporary directories, these directories
14	are preserved in pkg-config linker flags and are invalid when building
15	application
16
17	[1] https://github.com/curl/curl/commit/9f56bb608ecfbb8978c6cb72a04d9e8b23162d82
18
19	Upstream-Status: Submitted [https://github.com/curl/curl/pull/15533]
20	Signed-off-by: Peter Marko <peter.marko@siemens.com>
21	---
22	libcurl.pc.in \| 2 +-
23	1 file changed, 1 insertion(+), 1 deletion(-)
24
25	diff --git a/libcurl.pc.in b/libcurl.pc.in
26	index 4c60a7ec7..7898dae35 100644
27	--- a/libcurl.pc.in
28	+++ b/libcurl.pc.in
29	@@ -36,6 +36,6 @@ Version: @CURLVERSION@
30	Requires: @LIBCURL_PC_REQUIRES@
31	Requires.private: @LIBCURL_PC_REQUIRES_PRIVATE@
32	Libs: -L${libdir} -lcurl @LIBCURL_PC_LIBS@
33	-Libs.private: @LDFLAGS@ @LIBCURL_PC_LIBS_PRIVATE@
34	+Libs.private: @LIBCURL_PC_LIBS_PRIVATE@
35	Cflags: -I${includedir} @LIBCURL_PC_CFLAGS@
36	Cflags.private: @LIBCURL_PC_CFLAGS_PRIVATE@
37	--
38	2.30.2
39


diff --git a/meta/recipes-support/curl/curl_8.11.0.bb b/meta/recipes-support/curl/curl_8.11.1.bb index a512aa443c..b4d80e9643 100644 --- a/meta/recipes-support/curl/curl_8.11.0.bb +++ b/meta/recipes-support/curl/curl_8.11.1.bb
@@ -14,9 +14,8 @@ SRC_URI = " \
14	file://run-ptest \	14	file://run-ptest \
15	file://disable-tests \	15	file://disable-tests \
16	file://no-test-timeout.patch \	16	file://no-test-timeout.patch \
17	file://0001-libcurl.pc.in-drop-LDFLAGS-from-Libs.private.patch \
18	"	17	"
19	SRC_URI[sha256sum] = "db59cf0d671ca6e7f5c2c5ec177084a33a79e04c97e71cf183a5cdea235054eb"	18	SRC_URI[sha256sum] = "c7ca7db48b0909743eaef34250da02c19bc61d4f1dcedd6603f109409536ab56"
20		19
21	# Curl has used many names over the years...	20	# Curl has used many names over the years...
22	CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"	21	CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"