]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commitdiff
projects / thirdparty / openembedded / openembedded-core-contrib.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c9d0715)
curl: ignore CVE-2025-4947 and CVE-2025-5025
authorPeter Marko <peter.marko@siemens.com>
Sun, 13 Jul 2025 13:30:35 +0000 (15:30 +0200)
committerSteve Sakoman <steve@sakoman.com>
Mon, 14 Jul 2025 16:55:45 +0000 (09:55 -0700)
These CVEs are for integration with WolfSSL which is not supported by
this recipe.
Ignore it if openssl packageconfig is enabled as it was done also in
scarthgap branch.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-support/curl/curl_8.12.1.bb patch | blob | blame | history

diff --git a/meta/recipes-support/curl/curl_8.12.1.bb b/meta/recipes-support/curl/curl_8.12.1.bb
index 4192693da87ce37160c3291bd2cb8497d622fc1d..9e279bbad187f89d29bdf34ac9ad3a57d2843789 100644 (file)
--- a/meta/recipes-support/curl/curl_8.12.1.bb
+++ b/meta/recipes-support/curl/curl_8.12.1.bb
@@ -25,6 +25,8 @@ SRC_URI[sha256sum] = "0341f1ed97a26c811abaebd37d62b833956792b7607ea3f15d001613c7
 # Curl has used many names over the years...
 CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
 CVE_STATUS[CVE-2024-32928] = "ignored: CURLOPT_SSL_VERIFYPEER was disabled on google cloud services causing a potential man in the middle attack"
+CVE_STATUS[CVE-2025-4947] = "${@bb.utils.contains('PACKAGECONFIG', 'openssl', 'not-applicable-config: applicable only with wolfssl', 'unpatched', d)}"
+CVE_STATUS[CVE-2025-5025] = "${@bb.utils.contains('PACKAGECONFIG', 'openssl', 'not-applicable-config: applicable only with wolfssl', 'unpatched', d)}"
 
 inherit autotools pkgconfig binconfig multilib_header ptest
 
Mirror of git://git.openembedded.org/openembedded-core-contrib