curl: Update 7.85.0 to 7.86.0

Feature and security update. Fixes the following CVEs:

 - CVE-2022-32221
 - CVE-2022-35260
 - CVE-2022-42915
 - CVE-2022-42916

Release notes: https://curl.se/changes.html#7_86_0

(From OE-Core rev: df55dced4b4980a8c6746acb2e02b80850d8613e)

Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

1 files changed, 116 insertions, 0 deletions

diff --git a/meta/recipes-support/curl/curl_7.86.0.bb b/meta/recipes-support/curl/curl_7.86.0.bb
new file mode 100644
index 0000000000..ec8ce9fd28
--- /dev/null
+++ b/meta/recipes-support/curl/curl_7.86.0.bb
@@ -0,0 +1,116 @@
+SUMMARY = "Command line tool and library for client-side URL transfers"
+DESCRIPTION = "It uses URL syntax to transfer data to and from servers. \
+curl is a widely used because of its ability to be flexible and complete \
+complex tasks. For example, you can use curl for things like user authentication, \
+HTTP post, SSL connections, proxy support, FTP uploads, and more!"
+HOMEPAGE = "https://curl.se/"
+BUGTRACKER = "https://github.com/curl/curl/issues"
+SECTION = "console/network"
+LICENSE = "MIT-open-group"
+LIC_FILES_CHKSUM = "file://COPYING;md5=190c514872597083303371684954f238"
+
+SRC_URI = " \
+    https://curl.se/download/${BP}.tar.xz \
+    file://run-ptest \
+    file://disable-tests \
+"
+SRC_URI[sha256sum] = "2d61116e5f485581f6d59865377df4463f2e788677ac43222b496d4e49fb627b"
+
+# Curl has used many names over the years...
+CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
+
+inherit autotools pkgconfig binconfig multilib_header ptest
+
+# Entropy source for random PACKAGECONFIG option
+RANDOM ?= "/dev/urandom"
+
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} libidn openssl proxy random threaded-resolver verbose zlib"
+PACKAGECONFIG:class-native = "ipv6 openssl proxy random threaded-resolver verbose zlib"
+PACKAGECONFIG:class-nativesdk = "ipv6 openssl proxy random threaded-resolver verbose zlib"
+
+# 'ares' and 'threaded-resolver' are mutually exclusive
+PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver"
+PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli"
+PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual"
+PACKAGECONFIG[dict] = "--enable-dict,--disable-dict,"
+PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls"
+PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher,"
+PACKAGECONFIG[imap] = "--enable-imap,--disable-imap,"
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
+PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5"
+PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,"
+PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,"
+PACKAGECONFIG[libgsasl] = "--with-libgsasl,--without-libgsasl,libgsasl"
+PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2"
+PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2"
+PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls"
+PACKAGECONFIG[mqtt] = "--enable-mqtt,--disable-mqtt,"
+PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2"
+PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl,openssl"
+PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3,"
+PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy,"
+PACKAGECONFIG[random] = "--with-random=${RANDOM},--without-random"
+PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump"
+PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp,"
+PACKAGECONFIG[smb] = "--enable-smb,--disable-smb,"
+PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp,"
+PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss"
+PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet,"
+PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp,"
+PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver,,,,ares"
+PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose"
+PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib"
+PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd"
+
+EXTRA_OECONF = " \
+    --disable-libcurl-option \
+    --disable-ntlm-wb \
+    --enable-crypto-auth \
+    --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \
+    --without-libpsl \
+    --enable-debug \
+    --enable-optimize \
+    --disable-curldebug \
+    ${@'--without-ssl' if (bb.utils.filter('PACKAGECONFIG', 'gnutls mbedtls nss openssl', d) == '') else ''} \
+"
+
+do_install:append:class-target() {
+        # cleanup buildpaths from curl-config
+        sed -i \
+            -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
+            -e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \
+            -e 's|${DEBUG_PREFIX_MAP}||g' \
+            -e 's|${@" ".join(d.getVar("DEBUG_PREFIX_MAP").split())}||g' \
+            ${D}${bindir}/curl-config
+}
+
+do_compile_ptest() {
+        oe_runmake test
+        oe_runmake -C ${B}/tests/server
+}
+
+do_install_ptest() {
+        cat  ${WORKDIR}/disable-tests >> ${S}/tests/data/DISABLED
+        rm -f ${B}/tests/configurehelp.pm
+        cp -rf ${B}/tests ${D}${PTEST_PATH}
+        cp -rf ${S}/tests ${D}${PTEST_PATH}
+        find ${D}${PTEST_PATH}/ -type f -name Makefile.am -o -name Makefile.in -o -name Makefile -delete
+        install -d ${D}${PTEST_PATH}/src
+        ln -sf ${bindir}/curl   ${D}${PTEST_PATH}/src/curl
+        cp -rf ${D}${bindir}/curl-config ${D}${PTEST_PATH}
+}
+
+RDEPENDS:${PN}-ptest += "bash perl-modules perl-module-time-hires perl-module-digest-md5 \
+                         perl-module-digest perl-module-ipc-open2"
+
+PACKAGES =+ "lib${BPN}"
+
+FILES:lib${BPN} = "${libdir}/lib*.so.*"
+RRECOMMENDS:lib${BPN} += "ca-certificates"
+
+FILES:${PN} += "${datadir}/zsh"
+
+inherit multilib_script
+MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/curl-config"
+
+BBCLASSEXTEND = "native nativesdk"