curl: ignore CVE-2025-4947 and CVE-2025-5025

These CVEs are for integration with WolfSSL which is not supported by this recipe. Ignore it if openssl packageconfig is enabled as it was done also in scarthgap branch. (From OE-Core rev: 93ae0758ef35031c21a29f84e5481d99c218a232) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Peter Marko <peter.marko@siemens.com> 2025-07-13 15:30:35 +0200
committer: Steve Sakoman <steve@sakoman.com> 2025-07-21 09:17:59 -0700
commit: 9fd2537a3fe3137c7ad84c13f145176f3e290dc7 (patch)
tree: 92be5d395dcc6b986165cd9653e73adcfd4d2549 /meta/recipes-support
parent: b7460a996b8d6b218dfc0a5faf4c1a6fde1c3a33 (diff)
download: poky-9fd2537a3fe3137c7ad84c13f145176f3e290dc7.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl_8.12.1.bb b/meta/recipes-support/curl/curl_8.12.1.bb
index 4192693da8..9e279bbad1 100644
--- a/meta/recipes-support/curl/curl_8.12.1.bb
+++ b/meta/recipes-support/curl/curl_8.12.1.bb
@@ -25,6 +25,8 @@ SRC_URI[sha256sum] = "0341f1ed97a26c811abaebd37d62b833956792b7607ea3f15d001613c7
 # Curl has used many names over the years...
 CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
 CVE_STATUS[CVE-2024-32928] = "ignored: CURLOPT_SSL_VERIFYPEER was disabled on google cloud services causing a potential man in the middle attack"
+CVE_STATUS[CVE-2025-4947] = "${@bb.utils.contains('PACKAGECONFIG', 'openssl', 'not-applicable-config: applicable only with wolfssl', 'unpatched', d)}"
+CVE_STATUS[CVE-2025-5025] = "${@bb.utils.contains('PACKAGECONFIG', 'openssl', 'not-applicable-config: applicable only with wolfssl', 'unpatched', d)}"
 inherit autotools pkgconfig binconfig multilib_header ptest
author	Peter Marko <peter.marko@siemens.com>	2025-07-13 15:30:35 +0200
committer	Steve Sakoman <steve@sakoman.com>	2025-07-21 09:17:59 -0700
commit	9fd2537a3fe3137c7ad84c13f145176f3e290dc7 (patch)
tree	92be5d395dcc6b986165cd9653e73adcfd4d2549 /meta/recipes-support
parent	b7460a996b8d6b218dfc0a5faf4c1a6fde1c3a33 (diff)
download	poky-9fd2537a3fe3137c7ad84c13f145176f3e290dc7.tar.gz

diff --git a/meta/recipes-support/curl/curl_8.12.1.bb b/meta/recipes-support/curl/curl_8.12.1.bb index 4192693da8..9e279bbad1 100644 --- a/meta/recipes-support/curl/curl_8.12.1.bb +++ b/meta/recipes-support/curl/curl_8.12.1.bb
@@ -25,6 +25,8 @@ SRC_URI[sha256sum] = "0341f1ed97a26c811abaebd37d62b833956792b7607ea3f15d001613c7
25	# Curl has used many names over the years...	25	# Curl has used many names over the years...
26	CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"	26	CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
27	CVE_STATUS[CVE-2024-32928] = "ignored: CURLOPT_SSL_VERIFYPEER was disabled on google cloud services causing a potential man in the middle attack"	27	CVE_STATUS[CVE-2024-32928] = "ignored: CURLOPT_SSL_VERIFYPEER was disabled on google cloud services causing a potential man in the middle attack"
		28	CVE_STATUS[CVE-2025-4947] = "${@bb.utils.contains('PACKAGECONFIG', 'openssl', 'not-applicable-config: applicable only with wolfssl', 'unpatched', d)}"
		29	CVE_STATUS[CVE-2025-5025] = "${@bb.utils.contains('PACKAGECONFIG', 'openssl', 'not-applicable-config: applicable only with wolfssl', 'unpatched', d)}"
28		30
29	inherit autotools pkgconfig binconfig multilib_header ptest	31	inherit autotools pkgconfig binconfig multilib_header ptest
30		32