From dd642c786e9c9eee06a90562e69e70cb37e704df Mon Sep 17 00:00:00 2001 From: Peter Marko Date: Sat, 8 Feb 2025 17:33:00 +0100 Subject: [PATCH] curl: upgrade 8.11.1 -> 8.12.0 Solves CVE-2025-0167, CVE-2025-0665 and CVE-2025-0725. Initialize WATT_ROOT variable to avoid looking in host dirs when autotools are checking available features. License-Update: copyright year refreshed Signed-off-by: Peter Marko Signed-off-by: Richard Purdie --- meta/recipes-support/curl/{curl_8.11.1.bb => curl_8.12.0.bb} | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) rename meta/recipes-support/curl/{curl_8.11.1.bb => curl_8.12.0.bb} (96%) diff --git a/meta/recipes-support/curl/curl_8.11.1.bb b/meta/recipes-support/curl/curl_8.12.0.bb similarity index 96% rename from meta/recipes-support/curl/curl_8.11.1.bb rename to meta/recipes-support/curl/curl_8.12.0.bb index b4d80e9643c..7b5e6350ba1 100644 --- a/meta/recipes-support/curl/curl_8.11.1.bb +++ b/meta/recipes-support/curl/curl_8.12.0.bb @@ -7,7 +7,7 @@ HOMEPAGE = "https://curl.se/" BUGTRACKER = "https://github.com/curl/curl/issues" SECTION = "console/network" LICENSE = "curl" -LIC_FILES_CHKSUM = "file://COPYING;md5=eed2e5088e1ac619c9a1c747da291d75" +LIC_FILES_CHKSUM = "file://COPYING;md5=72f4e9890e99e68d77b7e40703d789b8" SRC_URI = " \ https://curl.se/download/${BP}.tar.xz \ @@ -15,7 +15,7 @@ SRC_URI = " \ file://disable-tests \ file://no-test-timeout.patch \ " -SRC_URI[sha256sum] = "c7ca7db48b0909743eaef34250da02c19bc61d4f1dcedd6603f109409536ab56" +SRC_URI[sha256sum] = "9a4628c764be6b1a9909567c13e8e771041609df43b2158fcac4e05ea7097e5d" # Curl has used many names over the years... CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" @@ -76,6 +76,7 @@ EXTRA_OECONF = " \ --without-libpsl \ --enable-optimize \ ${@'--without-ssl' if (bb.utils.filter('PACKAGECONFIG', 'gnutls mbedtls openssl', d) == '') else ''} \ + WATT_ROOT=${STAGING_DIR_TARGET}${prefix} \ " fix_absolute_paths () { -- 2.47.3