mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-30 21:32:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
dbb4e8a5ccaa1d2f7c64f656fcce516da78d545c
poky/meta/recipes-support/curl/curl_7.69.1.bb
Vijay Anusuri dbb4e8a5cc curl: backport Debian patch for CVE-2024-2398 
import patch from ubuntu to fix
 CVE-2024-2398

Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/curl/tree/debian/patches/?h=ubuntu%2Ffocal-security
Upstream commit
deca803999]

(From OE-Core rev: ce65f86c55ecf2c0e52564488e0237ba24429c45)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2024-04-05 06:34:42 -07:00

144 lines
6.2 KiB
BlitzBasic
Raw Blame History

SUMMARY = "Command line tool and library for client-side URL transfers"
DESCRIPTION = "It uses URL syntax to transfer data to and from servers. \
curl is a widely used because of its ability to be flexible and complete \
complex tasks. For example, you can use curl for things like user authentication, \
HTTP post, SSL connections, proxy support, FTP uploads, and more!"
HOMEPAGE = "http://curl.haxx.se/"
BUGTRACKER = "http://curl.haxx.se/mail/list.cgi?list=curl-tracker"
SECTION = "console/network"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://COPYING;md5=2e9fb35867314fe31c6a4977ef7dd531"
SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://0001-replace-krb5-config-with-pkg-config.patch \
file://CVE-2020-8169.patch \
file://CVE-2020-8177.patch \
file://CVE-2020-8231.patch \
file://CVE-2020-8284.patch \
file://CVE-2020-8285.patch \
file://CVE-2020-8286.patch \
file://CVE-2021-22876.patch \
file://CVE-2021-22890.patch \
file://CVE-2021-22898.patch \
file://CVE-2021-22924.patch \
file://CVE-2021-22925.patch \
file://CVE-2021-22946-pre1.patch \
file://CVE-2021-22946.patch \
file://CVE-2021-22947.patch \
file://CVE-2022-27776.patch \
file://CVE-2022-27775.patch \
file://CVE-2022-22576.patch \
file://CVE-2022-27774-1.patch \
file://CVE-2022-27774-2.patch \
file://CVE-2022-27774-3.patch \
file://CVE-2022-27774-4.patch \
file://CVE-2022-27781.patch \
file://CVE-2022-27782-1.patch \
file://CVE-2022-27782-2.patch \
file://CVE-2022-32206.patch \
file://CVE-2022-32207.patch \
file://CVE-2022-32208.patch \
file://CVE-2022-35252.patch \
file://CVE-2022-32221.patch \
file://CVE-2022-35260.patch \
file://CVE-2022-43552.patch \
file://CVE-2023-23916.patch \
file://CVE-2023-27534-pre1.patch \
file://CVE-2023-27534.patch \
file://CVE-2023-27538.patch \
file://CVE-2023-27533.patch \
file://CVE-2023-27535-pre1.patch \
file://CVE-2023-27535.patch \
file://CVE-2023-27536.patch \
file://CVE-2023-28320.patch \
file://CVE-2023-28320-fol1.patch \
file://CVE-2023-32001.patch \
file://CVE-2023-38545.patch \
file://CVE-2023-38546.patch \
file://CVE-2023-28321.patch \
file://CVE-2023-28322.patch \
file://CVE-2023-46218.patch \
file://CVE-2024-2398.patch \
"
SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42"
SRC_URI[sha256sum] = "2ff5e5bd507adf6aa88ff4bbafd4c7af464867ffb688be93b9930717a56c4de8"
# Curl has used many names over the years...
CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
CVE_CHECK_WHITELIST = "CVE-2021-22922 CVE-2021-22923 CVE-2021-22926 CVE-2021-22945"
# As per link https://security-tracker.debian.org/tracker/CVE-2021-22897
# and https://ubuntu.com/security/CVE-2021-22897
# This CVE issue affects Windows only Hence whitelisting this CVE
CVE_CHECK_WHITELIST += "CVE-2021-22897"
# This CVE reports that apple had to upgrade curl because of other already reported CVEs
CVE_CHECK_WHITELIST += "CVE-2023-42915"
inherit autotools pkgconfig binconfig multilib_header
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib"
PACKAGECONFIG_class-native = "ipv6 proxy ssl threaded-resolver verbose zlib"
PACKAGECONFIG_class-nativesdk = "ipv6 proxy ssl threaded-resolver verbose zlib"
# 'ares' and 'threaded-resolver' are mutually exclusive
PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver"
PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli"
PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual"
PACKAGECONFIG[dict] = "--enable-dict,--disable-dict,"
PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls"
PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher,"
PACKAGECONFIG[imap] = "--enable-imap,--disable-imap,"
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5"
PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,"
PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,"
PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2"
PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2"
PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls"
PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2"
PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3,"
PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy,"
PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump"
PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp,"
PACKAGECONFIG[smb] = "--enable-smb,--disable-smb,"
PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp,"
PACKAGECONFIG[ssl] = "--with-ssl --with-random=/dev/urandom,--without-ssl,openssl"
PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss"
PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet,"
PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp,"
PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver,,,,ares"
PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose"
PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib"
EXTRA_OECONF = " \
--disable-libcurl-option \
--disable-ntlm-wb \
--enable-crypto-auth \
--with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \
--without-libmetalink \
--without-libpsl \
"
do_install_append_class-target() {
# cleanup buildpaths from curl-config
sed -i \
-e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
-e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \
-e 's|${DEBUG_PREFIX_MAP}||g' \
${D}${bindir}/curl-config
}
PACKAGES =+ "lib${BPN}"
FILES_lib${BPN} = "${libdir}/lib*.so.*"
RRECOMMENDS_lib${BPN} += "ca-certificates"
FILES_${PN} += "${datadir}/zsh"
inherit multilib_script
MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/curl-config"
BBCLASSEXTEND = "native nativesdk"
Reference in New Issue View Git Blame Copy Permalink