| Message ID | 20241109222058.1949835-1-peter.marko@siemens.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-oe] curl: upgrade 8.10.1 -> 8.11.0 | expand |
curl 8.11.0 is known to have some regressions in, for example from the curl-distros list: “”" As you probably know, there were some regressions in the latest release 8.11.0. These are the patches we decided to pull in order to package it on Debian: netrc: support large file, longer lines, longer tokens https://github.com/curl/curl/commit/0cdde0fdfbeb8c35420f6d03fa4b77ed73497694 setopt: fix CURLOPT_HTTP_CONTENT_DECODING https://github.com/curl/curl/commit/878bc429f26c27294787dc59d7b53345d9edc5aa duphandle: also init netrc https://github.com/curl/curl/commit/f5c616930b5cf148b1b2632da4f5963ff48bdf88 cmdline/ech.md: formatting cleanups https://github.com/curl/curl/commit/f4ee7bafda8d451255e935a3c585220dd3cf58c4 libssh: when using IPv6 numerical address, add brackets https://github.com/curl/curl/commit/93c65c00e52c4c8cdc09b2d9194ce63763c7349e “”” We should either hold off until there’s a point release, or carry those patches too. Ross > On 9 Nov 2024, at 22:20, Peter Marko via lists.openembedded.org <peter.marko=siemens.com@lists.openembedded.org> wrote: > > From: Peter Marko <peter.marko@siemens.com> > > Solves CVE-2024-9681 > > * refresh patch > * add patch for buildpaths issue > * add new options for ipfs and websockets, keep them configure as they > were previously configures > * drop notexists.pl from ptest install as it was removed and code was > integrated into the test framework in [1] > * add ptest dependency on perl-module-i18n-langinfo due to [2] > > [1] https://github.com/curl/curl/commit/56183c1d6f7f4d0c18d9065cf870c4cd3fc329eb > [2] https://github.com/curl/curl/commit/0b70b23ef4d007031bc2ae4fc63d5ed9136bc2b5 > > Signed-off-by: Peter Marko <peter.marko@siemens.com> > --- > ...pc.in-drop-LDFLAGS-from-Libs.private.patch | 39 +++++++++++++++++++ > .../curl/curl/no-test-timeout.patch | 2 +- > .../curl/{curl_8.10.1.bb => curl_8.11.0.bb} | 9 +++-- > 3 files changed, 46 insertions(+), 4 deletions(-) > create mode 100644 meta/recipes-support/curl/curl/0001-libcurl.pc.in-drop-LDFLAGS-from-Libs.private.patch > rename meta/recipes-support/curl/{curl_8.10.1.bb => curl_8.11.0.bb} (93%) > > diff --git a/meta/recipes-support/curl/curl/0001-libcurl.pc.in-drop-LDFLAGS-from-Libs.private.patch b/meta/recipes-support/curl/curl/0001-libcurl.pc.in-drop-LDFLAGS-from-Libs.private.patch > new file mode 100644 > index 0000000000..79fc0b316e > --- /dev/null > +++ b/meta/recipes-support/curl/curl/0001-libcurl.pc.in-drop-LDFLAGS-from-Libs.private.patch > @@ -0,0 +1,39 @@ > +From cfd5d794fdfcc12e386fdbb14161babf54d2a5ee Mon Sep 17 00:00:00 2001 > +From: Peter Marko <peter.marko@siemens.com> > +Date: Sat, 9 Nov 2024 22:26:58 +0100 > +Subject: [PATCH] libcurl.pc.in: drop LDFLAGS from Libs.private > + > +Stop passing linker flags to pkg-config. > + > +This was added in v8.11.0 with commit [1]. > +There are several problems with this, especially: > +* user may want to link curl and application with different flags > +* user usually adds the same or similar flags in all components, so this > + will double the flags when linking application > +* when building components in temporary directories, these directories > + are preserved in pkg-config linker flags and are invalid when building > + application > + > +[1] https://github.com/curl/curl/commit/9f56bb608ecfbb8978c6cb72a04d9e8b23162d82 > + > +Upstream-Status: Submitted [https://github.com/curl/curl/pull/15533] > +Signed-off-by: Peter Marko <peter.marko@siemens.com> > +--- > + libcurl.pc.in | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/libcurl.pc.in b/libcurl.pc.in > +index 4c60a7ec7..7898dae35 100644 > +--- a/libcurl.pc.in > ++++ b/libcurl.pc.in > +@@ -36,6 +36,6 @@ Version: @CURLVERSION@ > + Requires: @LIBCURL_PC_REQUIRES@ > + Requires.private: @LIBCURL_PC_REQUIRES_PRIVATE@ > + Libs: -L${libdir} -lcurl @LIBCURL_PC_LIBS@ > +-Libs.private: @LDFLAGS@ @LIBCURL_PC_LIBS_PRIVATE@ > ++Libs.private: @LIBCURL_PC_LIBS_PRIVATE@ > + Cflags: -I${includedir} @LIBCURL_PC_CFLAGS@ > + Cflags.private: @LIBCURL_PC_CFLAGS_PRIVATE@ > +-- > +2.30.2 > + > diff --git a/meta/recipes-support/curl/curl/no-test-timeout.patch b/meta/recipes-support/curl/curl/no-test-timeout.patch > index 7122b6f043..fe8efbe612 100644 > --- a/meta/recipes-support/curl/curl/no-test-timeout.patch > +++ b/meta/recipes-support/curl/curl/no-test-timeout.patch > @@ -14,7 +14,7 @@ diff --git a/tests/servers.pm b/tests/servers.pm > index d4472d5..9999938 100644 > --- a/tests/servers.pm > +++ b/tests/servers.pm > -@@ -120,7 +120,7 @@ my $sshdverstr; # for socks server, ssh daemon version string > +@@ -122,7 +122,7 @@ my $sshdverstr; # for socks server, ssh daemon version string > my $sshderror; # for socks server, ssh daemon version error > my %doesntrun; # servers that don't work, identified by pidfile > my %PORT = (nolisten => 47); # port we use for a local non-listening service > diff --git a/meta/recipes-support/curl/curl_8.10.1.bb b/meta/recipes-support/curl/curl_8.11.0.bb > similarity index 93% > rename from meta/recipes-support/curl/curl_8.10.1.bb > rename to meta/recipes-support/curl/curl_8.11.0.bb > index 0252d4475e..a512aa443c 100644 > --- a/meta/recipes-support/curl/curl_8.10.1.bb > +++ b/meta/recipes-support/curl/curl_8.11.0.bb > @@ -14,8 +14,9 @@ SRC_URI = " \ > file://run-ptest \ > file://disable-tests \ > file://no-test-timeout.patch \ > + file://0001-libcurl.pc.in-drop-LDFLAGS-from-Libs.private.patch \ > " > -SRC_URI[sha256sum] = "73a4b0e99596a09fa5924a4fb7e4b995a85fda0d18a2c02ab9cf134bebce04ee" > +SRC_URI[sha256sum] = "db59cf0d671ca6e7f5c2c5ec177084a33a79e04c97e71cf183a5cdea235054eb" > > # Curl has used many names over the years... > CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" > @@ -23,7 +24,7 @@ CVE_STATUS[CVE-2024-32928] = "ignored: CURLOPT_SSL_VERIFYPEER was disabled on go > > inherit autotools pkgconfig binconfig multilib_header ptest > > -COMMON_PACKAGECONFIG = "basic-auth bearer-auth digest-auth negotiate-auth openssl proxy threaded-resolver verbose zlib" > +COMMON_PACKAGECONFIG = "basic-auth bearer-auth digest-auth ipfs negotiate-auth openssl proxy threaded-resolver verbose zlib" > PACKAGECONFIG ??= "${COMMON_PACKAGECONFIG} ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} aws libidn" > PACKAGECONFIG:class-native = "${COMMON_PACKAGECONFIG} ipv6" > PACKAGECONFIG:class-nativesdk = "${COMMON_PACKAGECONFIG} ipv6" > @@ -43,6 +44,7 @@ PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls" > PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher," > PACKAGECONFIG[imap] = "--enable-imap,--disable-imap," > PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," > +PACKAGECONFIG[ipfs] = "--enable-ipfs,--disable-ipfs," > PACKAGECONFIG[kerberos-auth] = "--enable-kerberos-auth,--disable-kerberos-auth" > PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5" > PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,openldap" > @@ -65,6 +67,7 @@ PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet," > PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp," > PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver,,,,ares" > PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose" > +PACKAGECONFIG[websockets] = "--enable-websockets,--disable-websockets" > PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib" > PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd" > > @@ -106,7 +109,6 @@ do_install_ptest() { > for name in $(makefile-getvar ${B}/tests/libtest/Makefile noinst_PROGRAMS noinst_LTLIBRARIES); do > ${B}/libtool --mode=install install ${B}/tests/libtest/$name ${D}${PTEST_PATH}/tests/libtest > done > - cp ${S}/tests/libtest/notexists.pl ${D}${PTEST_PATH}/tests/libtest > rm -f ${D}${PTEST_PATH}/tests/libtest/libhostname.la > > install -d ${D}${PTEST_PATH}/tests/server > @@ -131,6 +133,7 @@ RDEPENDS:${PN}-ptest += " \ > perl-module-file-basename \ > perl-module-file-spec \ > perl-module-file-temp \ > + perl-module-i18n-langinfo \ > perl-module-io-socket \ > perl-module-ipc-open2 \ > perl-module-list-util \ > -- > 2.30.2 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#206909): https://lists.openembedded.org/g/openembedded-core/message/206909 > Mute This Topic: https://lists.openembedded.org/mt/109489294/6875888 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ross.burton@arm.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On Mon, Nov 11, 2024 at 12:14:48PM +0000, Ross Burton via lists.openembedded.org wrote: > curl 8.11.0 is known to have some regressions in, for example from the curl-distros list: > > “”" > As you probably know, there were some regressions in the latest release 8.11.0. > Hi, Yes, I confirm we are affected by these kind of issues if we do merge the patch: fatal: unable to access 'https://git.yoctoproject.org/git/dbus-wait/': .netrc parser error https://valkyrie.yoctoproject.org/#/builders/31/builds/410
OK, I'll wait a bit with this, I don't like backporting many random patches. Also my patch for buildpaths is evolving upstream, maybe we can get something cleaner. I think I'll just backport the CVE patch for now later this week. Similarly, also for openssl where the upgrade is blocked by python3 compatibility issue. Peter > -----Original Message----- > From: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> > Sent: Tuesday, November 12, 2024 20:55 > To: ross.burton@arm.com > Cc: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com>; > openembedded-core@lists.openembedded.org > Subject: Re: [OE-core] [meta-oe][PATCH] curl: upgrade 8.10.1 -> 8.11.0 > > On Mon, Nov 11, 2024 at 12:14:48PM +0000, Ross Burton via > lists.openembedded.org wrote: > > curl 8.11.0 is known to have some regressions in, for example from the curl- > distros list: > > > > “”" > > As you probably know, there were some regressions in the latest release 8.11.0. > > > > Hi, > > Yes, I confirm we are affected by these kind of issues if we do merge > the patch: > > fatal: unable to access 'https://git.yoctoproject.org/git/dbus-wait/': > .netrc parser error > > https://valkyrie.yoctoproject.org/#/builders/31/builds/410 > > -- > Mathieu Dubois-Briand, Bootlin > Embedded Linux and Kernel engineering > https://bootlin.com
diff --git a/meta/recipes-support/curl/curl/0001-libcurl.pc.in-drop-LDFLAGS-from-Libs.private.patch b/meta/recipes-support/curl/curl/0001-libcurl.pc.in-drop-LDFLAGS-from-Libs.private.patch new file mode 100644 index 0000000000..79fc0b316e --- /dev/null +++ b/meta/recipes-support/curl/curl/0001-libcurl.pc.in-drop-LDFLAGS-from-Libs.private.patch @@ -0,0 +1,39 @@ +From cfd5d794fdfcc12e386fdbb14161babf54d2a5ee Mon Sep 17 00:00:00 2001 +From: Peter Marko <peter.marko@siemens.com> +Date: Sat, 9 Nov 2024 22:26:58 +0100 +Subject: [PATCH] libcurl.pc.in: drop LDFLAGS from Libs.private + +Stop passing linker flags to pkg-config. + +This was added in v8.11.0 with commit [1]. +There are several problems with this, especially: +* user may want to link curl and application with different flags +* user usually adds the same or similar flags in all components, so this + will double the flags when linking application +* when building components in temporary directories, these directories + are preserved in pkg-config linker flags and are invalid when building + application + +[1] https://github.com/curl/curl/commit/9f56bb608ecfbb8978c6cb72a04d9e8b23162d82 + +Upstream-Status: Submitted [https://github.com/curl/curl/pull/15533] +Signed-off-by: Peter Marko <peter.marko@siemens.com> +--- + libcurl.pc.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libcurl.pc.in b/libcurl.pc.in +index 4c60a7ec7..7898dae35 100644 +--- a/libcurl.pc.in ++++ b/libcurl.pc.in +@@ -36,6 +36,6 @@ Version: @CURLVERSION@ + Requires: @LIBCURL_PC_REQUIRES@ + Requires.private: @LIBCURL_PC_REQUIRES_PRIVATE@ + Libs: -L${libdir} -lcurl @LIBCURL_PC_LIBS@ +-Libs.private: @LDFLAGS@ @LIBCURL_PC_LIBS_PRIVATE@ ++Libs.private: @LIBCURL_PC_LIBS_PRIVATE@ + Cflags: -I${includedir} @LIBCURL_PC_CFLAGS@ + Cflags.private: @LIBCURL_PC_CFLAGS_PRIVATE@ +-- +2.30.2 + diff --git a/meta/recipes-support/curl/curl/no-test-timeout.patch b/meta/recipes-support/curl/curl/no-test-timeout.patch index 7122b6f043..fe8efbe612 100644 --- a/meta/recipes-support/curl/curl/no-test-timeout.patch +++ b/meta/recipes-support/curl/curl/no-test-timeout.patch @@ -14,7 +14,7 @@ diff --git a/tests/servers.pm b/tests/servers.pm index d4472d5..9999938 100644 --- a/tests/servers.pm +++ b/tests/servers.pm -@@ -120,7 +120,7 @@ my $sshdverstr; # for socks server, ssh daemon version string +@@ -122,7 +122,7 @@ my $sshdverstr; # for socks server, ssh daemon version string my $sshderror; # for socks server, ssh daemon version error my %doesntrun; # servers that don't work, identified by pidfile my %PORT = (nolisten => 47); # port we use for a local non-listening service diff --git a/meta/recipes-support/curl/curl_8.10.1.bb b/meta/recipes-support/curl/curl_8.11.0.bb similarity index 93% rename from meta/recipes-support/curl/curl_8.10.1.bb rename to meta/recipes-support/curl/curl_8.11.0.bb index 0252d4475e..a512aa443c 100644 --- a/meta/recipes-support/curl/curl_8.10.1.bb +++ b/meta/recipes-support/curl/curl_8.11.0.bb @@ -14,8 +14,9 @@ SRC_URI = " \ file://run-ptest \ file://disable-tests \ file://no-test-timeout.patch \ + file://0001-libcurl.pc.in-drop-LDFLAGS-from-Libs.private.patch \ " -SRC_URI[sha256sum] = "73a4b0e99596a09fa5924a4fb7e4b995a85fda0d18a2c02ab9cf134bebce04ee" +SRC_URI[sha256sum] = "db59cf0d671ca6e7f5c2c5ec177084a33a79e04c97e71cf183a5cdea235054eb" # Curl has used many names over the years... CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" @@ -23,7 +24,7 @@ CVE_STATUS[CVE-2024-32928] = "ignored: CURLOPT_SSL_VERIFYPEER was disabled on go inherit autotools pkgconfig binconfig multilib_header ptest -COMMON_PACKAGECONFIG = "basic-auth bearer-auth digest-auth negotiate-auth openssl proxy threaded-resolver verbose zlib" +COMMON_PACKAGECONFIG = "basic-auth bearer-auth digest-auth ipfs negotiate-auth openssl proxy threaded-resolver verbose zlib" PACKAGECONFIG ??= "${COMMON_PACKAGECONFIG} ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} aws libidn" PACKAGECONFIG:class-native = "${COMMON_PACKAGECONFIG} ipv6" PACKAGECONFIG:class-nativesdk = "${COMMON_PACKAGECONFIG} ipv6" @@ -43,6 +44,7 @@ PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls" PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher," PACKAGECONFIG[imap] = "--enable-imap,--disable-imap," PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," +PACKAGECONFIG[ipfs] = "--enable-ipfs,--disable-ipfs," PACKAGECONFIG[kerberos-auth] = "--enable-kerberos-auth,--disable-kerberos-auth" PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5" PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,openldap" @@ -65,6 +67,7 @@ PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet," PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp," PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver,,,,ares" PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose" +PACKAGECONFIG[websockets] = "--enable-websockets,--disable-websockets" PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib" PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd" @@ -106,7 +109,6 @@ do_install_ptest() { for name in $(makefile-getvar ${B}/tests/libtest/Makefile noinst_PROGRAMS noinst_LTLIBRARIES); do ${B}/libtool --mode=install install ${B}/tests/libtest/$name ${D}${PTEST_PATH}/tests/libtest done - cp ${S}/tests/libtest/notexists.pl ${D}${PTEST_PATH}/tests/libtest rm -f ${D}${PTEST_PATH}/tests/libtest/libhostname.la install -d ${D}${PTEST_PATH}/tests/server @@ -131,6 +133,7 @@ RDEPENDS:${PN}-ptest += " \ perl-module-file-basename \ perl-module-file-spec \ perl-module-file-temp \ + perl-module-i18n-langinfo \ perl-module-io-socket \ perl-module-ipc-open2 \ perl-module-list-util \