From: Peter Marko Date: Fri, 27 Sep 2024 21:14:55 +0000 (+0200) Subject: curl: Upgrade 8.9.1 -> 8.10.1 X-Git-Tag: uninative-4.7~1259 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=64c06dd06d747d7b53fb6ae6cf0550e13d63d8f6;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git curl: Upgrade 8.9.1 -> 8.10.1 resolves CVE-2024-8096 possibility to set random was removed in commit https://github.com/curl/curl/commit/269fdd4c6ed5d837d57448ac977f6f300968df15 tests have new perl module dependency removed backported patch present in new version Signed-off-by: Peter Marko Signed-off-by: Richard Purdie --- diff --git a/meta/recipes-support/curl/curl/0001-sigpipe-init-the-struct-so-that-first-apply-ignores.patch b/meta/recipes-support/curl/curl/0001-sigpipe-init-the-struct-so-that-first-apply-ignores.patch deleted file mode 100644 index 15c69e1430a..00000000000 --- a/meta/recipes-support/curl/curl/0001-sigpipe-init-the-struct-so-that-first-apply-ignores.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 3eec5afbd0b6377eca893c392569b2faf094d970 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Mon, 5 Aug 2024 00:17:17 +0200 -Subject: [PATCH] sigpipe: init the struct so that first apply ignores - -Initializes 'no_signal' to TRUE, so that a call to sigpipe_apply() after -init ignores the signal (unless CURLOPT_NOSIGNAL) is set. - -I have read the existing code multiple times now and I think it gets the -initial state reversed this missing to ignore. - -Regression from 17e6f06ea37136c36d27 - -Reported-by: Rasmus Thomsen -Fixes #14344 -Closes #14390 - -Upstream-Status: Backport [https://github.com/curl/curl/commit/3eec5afbd0b6377eca893c392569b2faf094d970] -Signed-off-by: Robert Joslyn ---- - lib/sigpipe.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/lib/sigpipe.h b/lib/sigpipe.h -index b91a2f513..d78afd905 100644 ---- a/lib/sigpipe.h -+++ b/lib/sigpipe.h -@@ -39,6 +39,7 @@ struct sigpipe_ignore { - static void sigpipe_init(struct sigpipe_ignore *ig) - { - memset(ig, 0, sizeof(*ig)); -+ ig->no_signal = TRUE; - } - - /* --- -2.44.2 - diff --git a/meta/recipes-support/curl/curl_8.9.1.bb b/meta/recipes-support/curl/curl_8.10.1.bb similarity index 94% rename from meta/recipes-support/curl/curl_8.9.1.bb rename to meta/recipes-support/curl/curl_8.10.1.bb index 745224929bf..0252d4475ec 100644 --- a/meta/recipes-support/curl/curl_8.9.1.bb +++ b/meta/recipes-support/curl/curl_8.10.1.bb @@ -14,9 +14,8 @@ SRC_URI = " \ file://run-ptest \ file://disable-tests \ file://no-test-timeout.patch \ - file://0001-sigpipe-init-the-struct-so-that-first-apply-ignores.patch \ " -SRC_URI[sha256sum] = "f292f6cc051d5bbabf725ef85d432dfeacc8711dd717ea97612ae590643801e5" +SRC_URI[sha256sum] = "73a4b0e99596a09fa5924a4fb7e4b995a85fda0d18a2c02ab9cf134bebce04ee" # Curl has used many names over the years... CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" @@ -24,10 +23,7 @@ CVE_STATUS[CVE-2024-32928] = "ignored: CURLOPT_SSL_VERIFYPEER was disabled on go inherit autotools pkgconfig binconfig multilib_header ptest -# Entropy source for random PACKAGECONFIG option -RANDOM ?= "/dev/urandom" - -COMMON_PACKAGECONFIG = "basic-auth bearer-auth digest-auth negotiate-auth openssl proxy random threaded-resolver verbose zlib" +COMMON_PACKAGECONFIG = "basic-auth bearer-auth digest-auth negotiate-auth openssl proxy threaded-resolver verbose zlib" PACKAGECONFIG ??= "${COMMON_PACKAGECONFIG} ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} aws libidn" PACKAGECONFIG:class-native = "${COMMON_PACKAGECONFIG} ipv6" PACKAGECONFIG:class-nativesdk = "${COMMON_PACKAGECONFIG} ipv6" @@ -61,7 +57,6 @@ PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2" PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl,openssl" PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3," PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy," -PACKAGECONFIG[random] = "--with-random=${RANDOM},--without-random" PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump" PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp," PACKAGECONFIG[smb] = "--enable-smb,--disable-smb," @@ -132,6 +127,7 @@ RDEPENDS:${PN}-ptest += " \ perl-module-cwd \ perl-module-digest \ perl-module-digest-md5 \ + perl-module-digest-sha \ perl-module-file-basename \ perl-module-file-spec \ perl-module-file-temp \