mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-06 23:39:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

curl: upgrade 8.11.0 -> 8.11.1

Browse Source 
Bugfix release for 8.11.0 regressions.

Solves CVE-2024-11053

Drop patch which was done differently upstream.

(From OE-Core rev: 57731284008c18eee566df3412eaf6d13a59d498)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Peter Marko
2024-12-11 19:09:53 +01:00
committed by Richard Purdie
parent d74dd78434
commit b91ed27ab2
2 changed files with 1 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
meta/recipes-support/curl/curl/0001-libcurl.pc.in-drop-LDFLAGS-from-Libs.private.patch
View File

@@ -1,39 +0,0 @@
From cfd5d794fdfcc12e386fdbb14161babf54d2a5ee Mon Sep 17 00:00:00 2001
From: Peter Marko <peter.marko@siemens.com>
Date: Sat, 9 Nov 2024 22:26:58 +0100
Subject: [PATCH] libcurl.pc.in: drop LDFLAGS from Libs.private
Stop passing linker flags to pkg-config.
This was added in v8.11.0 with commit [1].
There are several problems with this, especially:
* user may want to link curl and application with different flags
* user usually adds the same or similar flags in all components, so this
will double the flags when linking application
* when building components in temporary directories, these directories
are preserved in pkg-config linker flags and are invalid when building
application
[1] https://github.com/curl/curl/commit/9f56bb608ecfbb8978c6cb72a04d9e8b23162d82
Upstream-Status: Submitted [https://github.com/curl/curl/pull/15533]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
libcurl.pc.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libcurl.pc.in b/libcurl.pc.in
index 4c60a7ec7..7898dae35 100644
--- a/libcurl.pc.in
+++ b/libcurl.pc.in
@@ -36,6 +36,6 @@ Version: @CURLVERSION@
Requires: @LIBCURL_PC_REQUIRES@
Requires.private: @LIBCURL_PC_REQUIRES_PRIVATE@
Libs: -L${libdir} -lcurl @LIBCURL_PC_LIBS@
-Libs.private: @LDFLAGS@ @LIBCURL_PC_LIBS_PRIVATE@
+Libs.private: @LIBCURL_PC_LIBS_PRIVATE@
Cflags: -I${includedir} @LIBCURL_PC_CFLAGS@
Cflags.private: @LIBCURL_PC_CFLAGS_PRIVATE@
--
2.30.2

3
meta/recipes-support/curl/curl_8.11.0.bb → meta/recipes-support/curl/curl_8.11.1.bb
View File

@@ -14,9 +14,8 @@ SRC_URI = " \
file://run-ptest \
file://disable-tests \
file://no-test-timeout.patch \
file://0001-libcurl.pc.in-drop-LDFLAGS-from-Libs.private.patch \
"
SRC_URI[sha256sum] = "db59cf0d671ca6e7f5c2c5ec177084a33a79e04c97e71cf183a5cdea235054eb"
SRC_URI[sha256sum] = "c7ca7db48b0909743eaef34250da02c19bc61d4f1dcedd6603f109409536ab56"
# Curl has used many names over the years...
CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"