curl: update 7.59.0 -> 7.60.0

includes: CVE-2018-1000300 CWE-122: Heap-based Buffer Overflow CVE-2018-1000301 CWE-126: Buffer Over-read https://curl.haxx.se/changes.html#7_60_0 Also refresh 0001-replace-krb5-config-with-pkg-config.patch and drop configure_ac.patch, which we've apparently been dragging along unnecessarily for the past 5 years: https://github.com/curl/curl/commit/c277bd6ce7069819484eb3dc30b5858735fde377 (From OE-Core rev: 4063c1e4b233b28ae14420a83960fd93b437a4a4) (From OE-Core rev: 4decc8ca3bd1b6c1c67182782fe6019dc0efc4fa) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Andre McCurdy <armccurdy@gmail.com> 2018-05-18 17:42:34 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-06-15 17:56:57 +0100
commit: 664b1d5379425d69efa3b0ed05e8278855b442b5 (patch)
tree: 77a0b6197698e90d1fb66428c6c8756816e2d8b2 /meta/recipes-support
parent: 3fc84130ca27d143171bb1939c70b6305f5eb2e2 (diff)
download: poky-664b1d5379425d69efa3b0ed05e8278855b442b5.tar.gz
3 files changed, 13 insertions, 32 deletions
diff --git a/meta/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch b/meta/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch
index 74e5d99cf2..a7db1b3c9e 100644
--- a/meta/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch
+++ b/meta/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch
@@ -1,17 +1,21 @@
-[PATCH] replace krb5-config with pkg-config
+From ed70f0623708b8a6c1f58a5d243d87c5ff45b24d Mon Sep 17 00:00:00 2001
+From: Roy Li <rongqing.li@windriver.com>
+Date: Tue, 26 Apr 2016 13:13:01 +0800
+Subject: [PATCH] replace krb5-config with pkg-config
 Upstream-Status:  Pending
 Signed-off-by: Roy Li <rongqing.li@windriver.com>
 ---
 configure.ac | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 diff --git a/configure.ac b/configure.ac
-index e99b303..dc93f39 100644
+index 5569a26..56b0380 100755
 --- a/configure.ac
 +++ b/configure.ac
-@@ -1196,7 +1196,7 @@ AC_ARG_WITH(gssapi,
+@@ -1290,7 +1290,7 @@ AC_ARG_WITH(gssapi,
   fi
 ])
 
@@ -20,7 +24,7 @@ index e99b303..dc93f39 100644
 
 save_CPPFLAGS="$CPPFLAGS"
 AC_MSG_CHECKING([if GSS-API support is requested])
-@@ -1207,7 +1207,7 @@ if test x"$want_gss" = xyes; then
+@@ -1301,7 +1301,7 @@ if test x"$want_gss" = xyes; then
      if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then
         GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi`
      elif test -f "$KRB5CONFIG"; then
@@ -29,7 +33,7 @@ index e99b303..dc93f39 100644
      elif test "$GSSAPI_ROOT" != "yes"; then
         GSSAPI_INCS="-I$GSSAPI_ROOT/include"
      fi
-@@ -1300,7 +1300,7 @@ if test x"$want_gss" = xyes; then
+@@ -1394,7 +1394,7 @@ if test x"$want_gss" = xyes; then
         elif test -f "$KRB5CONFIG"; then
            dnl krb5-config doesn't have --libs-only-L or similar, put everything
            dnl into LIBS
@@ -38,6 +42,3 @@ index e99b303..dc93f39 100644
            LIBS="$gss_libs $LIBS"
         else
            case $host in
-- 
-1.9.1
diff --git a/meta/recipes-support/curl/curl/configure_ac.patch b/meta/recipes-support/curl/curl/configure_ac.patch
deleted file mode 100644
index b8bd304d71..0000000000
--- a/meta/recipes-support/curl/curl/configure_ac.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Upstream-Status:  Pending
--- a/configure.ac
-+++ b/configure.ac
-@@ -281,7 +281,7 @@ dnl ************************************
- 
- CURL_CHECK_COMPILER
- CURL_SET_COMPILER_BASIC_OPTS
-CURL_SET_COMPILER_DEBUG_OPTS
-+dnl CURL_SET_COMPILER_DEBUG_OPTS
- CURL_SET_COMPILER_OPTIMIZE_OPTS
- CURL_SET_COMPILER_WARNING_OPTS
- 
diff --git a/meta/recipes-support/curl/curl_7.59.0.bb b/meta/recipes-support/curl/curl_7.60.0.bb
index c244c60d69..fe04fa63c9 100644
--- a/meta/recipes-support/curl/curl_7.59.0.bb
+++ b/meta/recipes-support/curl/curl_7.60.0.bb
@@ -9,14 +9,8 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
           file://0001-replace-krb5-config-with-pkg-config.patch \
 "
+SRC_URI[md5sum] = "bd2aabf78ded6a9aec8a54532fd6b5d7"
-# curl likes to set -g0 in CFLAGS, so we stop it
+SRC_URI[sha256sum] = "897dfb2204bd99be328279f88f55b7c61592216b0542fcbe995c60aa92871e9b"
-# from mucking around with debug options
-#
-SRC_URI += " file://configure_ac.patch"
-SRC_URI[md5sum] = "a2192804f7c2636a09320416afcf888e"
-SRC_URI[sha256sum] = "b5920ffd6a8c95585fb95070e0ced38322790cb335c39d0dab852d12e157b5a0"
 CVE_PRODUCT = "libcurl"
 inherit autotools pkgconfig binconfig multilib_header
@@ -32,10 +26,12 @@ PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls"
 PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher,"
 PACKAGECONFIG[imap] = "--enable-imap,--disable-imap,"
 PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
+PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5"
 PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,"
 PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,"
 PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2"
 PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2"
+PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2"
 PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3,"
 PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy,"
 PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump"
@@ -47,8 +43,6 @@ PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet,"
 PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp,"
 PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver"
 PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib"
-PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5"
-PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2"
 EXTRA_OECONF = " \
    --enable-crypto-auth \
@@ -57,7 +51,6 @@ EXTRA_OECONF = " \
    --without-libpsl \
 "
 do_install_append_class-target() {
        # cleanup buildpaths from curl-config
        sed -i \
author	Andre McCurdy <armccurdy@gmail.com>	2018-05-18 17:42:34 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-06-15 17:56:57 +0100
commit	664b1d5379425d69efa3b0ed05e8278855b442b5 (patch)
tree	77a0b6197698e90d1fb66428c6c8756816e2d8b2 /meta/recipes-support
parent	3fc84130ca27d143171bb1939c70b6305f5eb2e2 (diff)
download	poky-664b1d5379425d69efa3b0ed05e8278855b442b5.tar.gz

diff --git a/meta/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch b/meta/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch index 74e5d99cf2..a7db1b3c9e 100644 --- a/meta/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch +++ b/meta/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch
@@ -1,17 +1,21 @@
1	[PATCH] replace krb5-config with pkg-config	1	From ed70f0623708b8a6c1f58a5d243d87c5ff45b24d Mon Sep 17 00:00:00 2001
		2	From: Roy Li <rongqing.li@windriver.com>
		3	Date: Tue, 26 Apr 2016 13:13:01 +0800
		4	Subject: [PATCH] replace krb5-config with pkg-config
2		5
3	Upstream-Status: Pending	6	Upstream-Status: Pending
4		7
5	Signed-off-by: Roy Li <rongqing.li@windriver.com>	8	Signed-off-by: Roy Li <rongqing.li@windriver.com>
		9
6	---	10	---
7	configure.ac \| 6 +++---	11	configure.ac \| 6 +++---
8	1 file changed, 3 insertions(+), 3 deletions(-)	12	1 file changed, 3 insertions(+), 3 deletions(-)
9		13
10	diff --git a/configure.ac b/configure.ac	14	diff --git a/configure.ac b/configure.ac
11	index e99b303..dc93f39 100644	15	index 5569a26..56b0380 100755
12	--- a/configure.ac	16	--- a/configure.ac
13	+++ b/configure.ac	17	+++ b/configure.ac
14	@@ -1196,7 +1196,7 @@ AC_ARG_WITH(gssapi,	18	@@ -1290,7 +1290,7 @@ AC_ARG_WITH(gssapi,
15	fi	19	fi
16	])	20	])
17		21
@@ -20,7 +24,7 @@ index e99b303..dc93f39 100644
20		24
21	save_CPPFLAGS="$CPPFLAGS"	25	save_CPPFLAGS="$CPPFLAGS"
22	AC_MSG_CHECKING([if GSS-API support is requested])	26	AC_MSG_CHECKING([if GSS-API support is requested])
23	@@ -1207,7 +1207,7 @@ if test x"$want_gss" = xyes; then	27	@@ -1301,7 +1301,7 @@ if test x"$want_gss" = xyes; then
24	if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then	28	if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then
25	GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi`	29	GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi`
26	elif test -f "$KRB5CONFIG"; then	30	elif test -f "$KRB5CONFIG"; then
@@ -29,7 +33,7 @@ index e99b303..dc93f39 100644
29	elif test "$GSSAPI_ROOT" != "yes"; then	33	elif test "$GSSAPI_ROOT" != "yes"; then
30	GSSAPI_INCS="-I$GSSAPI_ROOT/include"	34	GSSAPI_INCS="-I$GSSAPI_ROOT/include"
31	fi	35	fi
32	@@ -1300,7 +1300,7 @@ if test x"$want_gss" = xyes; then	36	@@ -1394,7 +1394,7 @@ if test x"$want_gss" = xyes; then
33	elif test -f "$KRB5CONFIG"; then	37	elif test -f "$KRB5CONFIG"; then
34	dnl krb5-config doesn't have --libs-only-L or similar, put everything	38	dnl krb5-config doesn't have --libs-only-L or similar, put everything
35	dnl into LIBS	39	dnl into LIBS
@@ -38,6 +42,3 @@ index e99b303..dc93f39 100644
38	LIBS="$gss_libs $LIBS"	42	LIBS="$gss_libs $LIBS"
39	else	43	else
40	case $host in	44	case $host in
41	--
42	1.9.1
43


diff --git a/meta/recipes-support/curl/curl/configure_ac.patch b/meta/recipes-support/curl/curl/configure_ac.patch deleted file mode 100644 index b8bd304d71..0000000000 --- a/meta/recipes-support/curl/curl/configure_ac.patch +++ /dev/null
@@ -1,13 +0,0 @@
1	Upstream-Status: Pending
2
3	--- a/configure.ac
4	+++ b/configure.ac
5	@@ -281,7 +281,7 @@ dnl ************************************
6
7	CURL_CHECK_COMPILER
8	CURL_SET_COMPILER_BASIC_OPTS
9	-CURL_SET_COMPILER_DEBUG_OPTS
10	+dnl CURL_SET_COMPILER_DEBUG_OPTS
11	CURL_SET_COMPILER_OPTIMIZE_OPTS
12	CURL_SET_COMPILER_WARNING_OPTS
13


diff --git a/meta/recipes-support/curl/curl_7.59.0.bb b/meta/recipes-support/curl/curl_7.60.0.bb index c244c60d69..fe04fa63c9 100644 --- a/meta/recipes-support/curl/curl_7.59.0.bb +++ b/meta/recipes-support/curl/curl_7.60.0.bb
@@ -9,14 +9,8 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
9	file://0001-replace-krb5-config-with-pkg-config.patch \	9	file://0001-replace-krb5-config-with-pkg-config.patch \
10	"	10	"
11		11
12		12	SRC_URI[md5sum] = "bd2aabf78ded6a9aec8a54532fd6b5d7"
13	# curl likes to set -g0 in CFLAGS, so we stop it	13	SRC_URI[sha256sum] = "897dfb2204bd99be328279f88f55b7c61592216b0542fcbe995c60aa92871e9b"
14	# from mucking around with debug options
15	#
16	SRC_URI += " file://configure_ac.patch"
17
18	SRC_URI[md5sum] = "a2192804f7c2636a09320416afcf888e"
19	SRC_URI[sha256sum] = "b5920ffd6a8c95585fb95070e0ced38322790cb335c39d0dab852d12e157b5a0"
20		14
21	CVE_PRODUCT = "libcurl"	15	CVE_PRODUCT = "libcurl"
22	inherit autotools pkgconfig binconfig multilib_header	16	inherit autotools pkgconfig binconfig multilib_header
@@ -32,10 +26,12 @@ PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls"
32	PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher,"	26	PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher,"
33	PACKAGECONFIG[imap] = "--enable-imap,--disable-imap,"	27	PACKAGECONFIG[imap] = "--enable-imap,--disable-imap,"
34	PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"	28	PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
		29	PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5"
35	PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,"	30	PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,"
36	PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,"	31	PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,"
37	PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2"	32	PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2"
38	PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2"	33	PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2"
		34	PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2"
39	PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3,"	35	PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3,"
40	PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy,"	36	PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy,"
41	PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump"	37	PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump"
@@ -47,8 +43,6 @@ PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet,"
47	PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp,"	43	PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp,"
48	PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver"	44	PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver"
49	PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib"	45	PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib"
50	PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5"
51	PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2"
52		46
53	EXTRA_OECONF = " \	47	EXTRA_OECONF = " \
54	--enable-crypto-auth \	48	--enable-crypto-auth \
@@ -57,7 +51,6 @@ EXTRA_OECONF = " \
57	--without-libpsl \	51	--without-libpsl \
58	"	52	"
59		53
60
61	do_install_append_class-target() {	54	do_install_append_class-target() {
62	# cleanup buildpaths from curl-config	55	# cleanup buildpaths from curl-config
63	sed -i \	56	sed -i \