From 8f50b0761fc4d49fae8d174956052e3ff9024a5e Mon Sep 17 00:00:00 2001 From: Virendra Thakur Date: Sun, 6 Jul 2025 10:28:21 +0530 Subject: [PATCH] curl: set conditional CVE_STATUS for CVE-2025-5025 If openssl packageconfig is enabled, set CVE_STATUS as not-applicable. This CVE is applicable only when curl built with wolfSSL support. Reference: https://curl.se/docs/CVE-2025-5025.html Signed-off-by: Virendra Thakur Signed-off-by: Steve Sakoman --- meta/recipes-support/curl/curl_8.7.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-support/curl/curl_8.7.1.bb b/meta/recipes-support/curl/curl_8.7.1.bb index 2f5bf8c8fd..a21a086f40 100644 --- a/meta/recipes-support/curl/curl_8.7.1.bb +++ b/meta/recipes-support/curl/curl_8.7.1.bb @@ -37,6 +37,8 @@ CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl dan CVE_STATUS[CVE-2024-32928] = "ignored: CURLOPT_SSL_VERIFYPEER was disabled on google cloud services causing a potential man in the middle attack" CVE_STATUS[CVE-2025-0725] = "not-applicable-config: gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, using zlib 1.2.0.3 or older" +CVE_STATUS[CVE-2025-5025] = "${@bb.utils.contains('PACKAGECONFIG', 'openssl', 'not-applicable-config: build with openssl','unpatched',d)}" + inherit autotools pkgconfig binconfig multilib_header ptest -- 2.47.2