summaryrefslogtreecommitdiff
path: root/recipes-support/curl
diff options
context:
space:
mode:
authorAndrii Davydenko <andrii.davydenko@globallogic.com>2022-12-14 12:08:42 +0200
committerMykyta Dorokhin <mykyta.dorokhin@globallogic.com>2023-01-24 12:41:29 +0200
commit2eaa3fd064097eb221b56d5df0e7136ba705a0cd (patch)
tree2ca46c9a625d6f743933b1ea7e2fc6bd2581e6eb /recipes-support/curl
parent1e52890ac41318d28923787af35541a8f9ee0653 (diff)
downloadmeta-mlinux-2eaa3fd064097eb221b56d5df0e7136ba705a0cd.tar.gz
meta-mlinux-2eaa3fd064097eb221b56d5df0e7136ba705a0cd.tar.bz2
meta-mlinux-2eaa3fd064097eb221b56d5df0e7136ba705a0cd.zip
CVE Packages Update
Move libfastjson to the rsyslog directory rsyslog 8.2002.0 -> 8.2206.0 add ntp4.2.8 recipe with fixed CVEs update cryptsetup to 2.4.3 fix libxml2 CVE-2016-3709 curl 7.75.0 -> 7.86.0 strongswan 5.8.4 -> 5.9.8 libmodbus 3.1.6 -> 3.1.7 libesmtp 1.0.6 -> 1.1.0 cifs-utils 6.1 -> 7.0 update libtirpc to version 1.3.3 update rsync to version 3.2.5 Add zlib 1.2.13 upgrade gnutls to 3.7.8 upgrade openssh to 8.9p1 Add cmake 3.24.2 and cmake-native 3.24.2 to avoid loop dependecies building expat Add expat 2.5.0 to fix CVE-2022-40674 and CVE-2022-43680 openvpn 2.4.9 -> 2.4.12 hostapd 2.9 -> 2.10 [GP-1837] mPower R.6.3.X (Fall'22): CVE Upgrade (after 2022-12-28) Openssh 8.9p1 no longer needed, because all necessary CVE fixes, backports and whitelists are present for current Openssh 8.4p1. There are no new CVE's in report. [GP-1837] mPower R.6.3.X (Fall'22): CVE Upgrade (after 2022-12-28) Backported CVE patches for python3 component. Need to remove after upgrading Yocto to version more than 3.1.21. [GP-1837] mPower R.6.3.X (Fall'22): CVE Upgrade (after 2022-12-28) Backported CVE patch for sudo component. Added 2 CVE's to whitelist for OpenVPN component.
Diffstat (limited to 'recipes-support/curl')
-rw-r--r--recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch30
-rw-r--r--recipes-support/curl/curl_7.86.0.bb92
2 files changed, 122 insertions, 0 deletions
diff --git a/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch b/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch
new file mode 100644
index 0000000..bb07c65
--- /dev/null
+++ b/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch
@@ -0,0 +1,30 @@
+diff -uprN orig/configure.ac new/configure.ac
+--- orig/configure.ac 2021-02-02 10:26:24.000000000 +0200
++++ new/configure.ac 2021-02-10 16:20:17.078630690 +0200
+@@ -1442,7 +1442,7 @@ AC_ARG_WITH(gssapi,
+ fi
+ ])
+
+-: ${KRB5CONFIG:="$GSSAPI_ROOT/bin/krb5-config"}
++KRB5CONFIG=`which pkg-config`
+
+ save_CPPFLAGS="$CPPFLAGS"
+ AC_MSG_CHECKING([if GSS-API support is requested])
+@@ -1453,7 +1453,7 @@ if test x"$want_gss" = xyes; then
+ if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then
+ GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi`
+ elif test -f "$KRB5CONFIG"; then
+- GSSAPI_INCS=`$KRB5CONFIG --cflags gssapi`
++ GSSAPI_INCS=`$KRB5CONFIG --cflags mit-krb5-gssapi`
+ elif test "$GSSAPI_ROOT" != "yes"; then
+ GSSAPI_INCS="-I$GSSAPI_ROOT/include"
+ fi
+@@ -1546,7 +1546,7 @@ if test x"$want_gss" = xyes; then
+ elif test -f "$KRB5CONFIG"; then
+ dnl krb5-config doesn't have --libs-only-L or similar, put everything
+ dnl into LIBS
+- gss_libs=`$KRB5CONFIG --libs gssapi`
++ gss_libs=`$KRB5CONFIG --libs mit-krb5-gssapi`
+ LIBS="$gss_libs $LIBS"
+ else
+ case $host in
diff --git a/recipes-support/curl/curl_7.86.0.bb b/recipes-support/curl/curl_7.86.0.bb
new file mode 100644
index 0000000..01a95fc
--- /dev/null
+++ b/recipes-support/curl/curl_7.86.0.bb
@@ -0,0 +1,92 @@
+SUMMARY = "Command line tool and library for client-side URL transfers"
+HOMEPAGE = "http://curl.haxx.se/"
+BUGTRACKER = "http://curl.haxx.se/mail/list.cgi?list=curl-tracker"
+SECTION = "console/network"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
+ file://0001-replace-krb5-config-with-pkg-config.patch \
+"
+
+SRC_URI[sha256sum] = "f5ca69db03eea17fa8705bdfb1a9f58d76a46c9010518109bb38f313137e0a28"
+
+# Curl has used many names over the years...
+CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
+
+inherit autotools pkgconfig binconfig multilib_header ptest
+
+# Entropy source for random PACKAGECONFIG option
+RANDOM ?= "/dev/urandom"
+
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} libidn openssl proxy random threaded-resolver verbose zlib"
+PACKAGECONFIG_class-native = "ipv6 openssl proxy random threaded-resolver verbose zlib"
+PACKAGECONFIG_class-nativesdk = "ipv6 openssl proxy random threaded-resolver verbose zlib"
+
+# 'ares' and 'threaded-resolver' are mutually exclusive
+PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver"
+PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli"
+PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual"
+PACKAGECONFIG[dict] = "--enable-dict,--disable-dict,"
+PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls"
+PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher,"
+PACKAGECONFIG[imap] = "--enable-imap,--disable-imap,"
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
+PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5"
+PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,"
+PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,"
+PACKAGECONFIG[libgsasl] = "--with-libgsasl,--without-libgsasl,libgsasl"
+PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2"
+PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2"
+PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls"
+PACKAGECONFIG[mqtt] = "--enable-mqtt,--disable-mqtt,"
+PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2"
+PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl,openssl"
+PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3,"
+PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy,"
+PACKAGECONFIG[random] = "--with-random=${RANDOM},--without-random"
+PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump"
+PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp,"
+PACKAGECONFIG[smb] = "--enable-smb,--disable-smb,"
+PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp,"
+PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss"
+PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet,"
+PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp,"
+PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver,,,,ares"
+PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose"
+PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib"
+PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd"
+
+EXTRA_OECONF = " \
+ --disable-libcurl-option \
+ --disable-ntlm-wb \
+ --enable-crypto-auth \
+ --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \
+ --without-libpsl \
+ --enable-debug \
+ --enable-optimize \
+ --disable-curldebug \
+ ${@'--without-ssl' if (bb.utils.filter('PACKAGECONFIG', 'gnutls mbedtls nss openssl', d) == '') else ''} \
+"
+
+do_install_append_class-target() {
+ # cleanup buildpaths from curl-config
+ sed -i \
+ -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
+ -e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \
+ -e 's|${DEBUG_PREFIX_MAP}||g' \
+ -e 's|${@" ".join(d.getVar("DEBUG_PREFIX_MAP").split())}||g' \
+ ${D}${bindir}/curl-config
+}
+
+PACKAGES =+ "lib${BPN}"
+
+FILES_lib${BPN} = "${libdir}/lib*.so.*"
+RRECOMMENDS_lib${BPN} += "ca-certificates"
+
+FILES_${PN} += "${datadir}/zsh"
+
+inherit multilib_script
+MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/curl-config"
+
+BBCLASSEXTEND = "native nativesdk" \ No newline at end of file