curl: upgrade 8.16.0 -> 8.17.0

Handles CVE-2025-10966 per
https://curl.se/docs/CVE-2025-10966.html

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>

diff --git a/meta/recipes-support/curl/curl/no-test-timeout.patch b/meta/recipes-support/curl/curl/no-test-timeout.patch
index 5b901a6fe9ec0fefff5c1ceeff32a7a05cbb1e2a..34e46fed6ddeaa465a6cc548ab784bdee3f2496d 100644 (file)
--- a/meta/recipes-support/curl/curl/no-test-timeout.patch
+++ b/meta/recipes-support/curl/curl/no-test-timeout.patch
@@ -14,7 +14,7 @@ diff --git a/tests/servers.pm b/tests/servers.pm
 index d4472d5..9999938 100644
 --- a/tests/servers.pm
 +++ b/tests/servers.pm
-@@ -124,7 +124,7 @@ my $sshdverstr;  # for socks server, ssh daemon version string
+@@ -125,7 +125,7 @@ my $sshdverstr;  # for socks server, ssh daemon version string
  my $sshderror;   # for socks server, ssh daemon version error
  my %doesntrun;    # servers that don't work, identified by pidfile
  my %PORT = (nolisten => 47); # port we use for a local non-listening service

diff --git a/meta/recipes-support/curl/curl_8.16.0.bb b/meta/recipes-support/curl/curl_8.17.0.bb
similarity index 98%
rename from meta/recipes-support/curl/curl_8.16.0.bb
rename to meta/recipes-support/curl/curl_8.17.0.bb
index c226670357d514a9503dda3192ac41f8badac5a5..32585070ebd041dd697a1dd55b9363ec0d916868 100644 (file)
--- a/meta/recipes-support/curl/curl_8.16.0.bb
+++ b/meta/recipes-support/curl/curl_8.17.0.bb
@@ -20,7 +20,7 @@ SRC_URI:append:class-nativesdk = " \
            file://environment.d-curl.sh \
 "
 
-SRC_URI[sha256sum] = "40c8cddbcb6cc6251c03dea423a472a6cea4037be654ba5cf5dec6eb2d22ff1d"
+SRC_URI[sha256sum] = "955f6e729ad6b3566260e8fef68620e76ba3c31acf0a18524416a185acf77992"
 
 # Curl has used many names over the years...
 CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"