| Message ID | 20250207202537.2137371-1-peter.marko@siemens.com |
|---|---|
| State | Accepted, archived |
| Commit | dd642c786e9c9eee06a90562e69e70cb37e704df |
| Headers | show |
| Series | curl: upgrade 8.11.1 -> 8.12.0 | expand |
On Fri, 2025-02-07 at 21:25 +0100, Peter Marko via lists.openembedded.org wrote: > From: Peter Marko <peter.marko@siemens.com> > > Solves CVE-2025-0167, CVE-2025-0665 and CVE-2025-0725. > > License-Update: copyright year refreshed > > Signed-off-by: Peter Marko <peter.marko@siemens.com> > --- > meta/recipes-support/curl/{curl_8.11.1.bb => curl_8.12.0.bb} | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > rename meta/recipes-support/curl/{curl_8.11.1.bb => curl_8.12.0.bb} (97%) > > diff --git a/meta/recipes-support/curl/curl_8.11.1.bb b/meta/recipes-support/curl/curl_8.12.0.bb > similarity index 97% > rename from meta/recipes-support/curl/curl_8.11.1.bb > rename to meta/recipes-support/curl/curl_8.12.0.bb > index b4d80e9643..0d9457db93 100644 > --- a/meta/recipes-support/curl/curl_8.11.1.bb > +++ b/meta/recipes-support/curl/curl_8.12.0.bb > @@ -7,7 +7,7 @@ HOMEPAGE = "https://curl.se/" > BUGTRACKER = "https://github.com/curl/curl/issues" > SECTION = "console/network" > LICENSE = "curl" > -LIC_FILES_CHKSUM = "file://COPYING;md5=eed2e5088e1ac619c9a1c747da291d75" > +LIC_FILES_CHKSUM = "file://COPYING;md5=72f4e9890e99e68d77b7e40703d789b8" > > SRC_URI = " \ > https://curl.se/download/${BP}.tar.xz \ > @@ -15,7 +15,7 @@ SRC_URI = " \ > file://disable-tests \ > file://no-test-timeout.patch \ > " > -SRC_URI[sha256sum] = "c7ca7db48b0909743eaef34250da02c19bc61d4f1dcedd6603f109409536ab56" > +SRC_URI[sha256sum] = "9a4628c764be6b1a9909567c13e8e771041609df43b2158fcac4e05ea7097e5d" > > # Curl has used many names over the years... > CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" Thanks for the upgrade. There does look to be a host search path issue on mingw: https://autobuilder.yoctoproject.org/valkyrie/#/builders/7/builds/1003/steps/12/logs/stdio Cheers, Richard
OK, I'll check this. Again something new to learn - mingw... Peter > -----Original Message----- > From: Richard Purdie <richard.purdie@linuxfoundation.org> > Sent: Saturday, February 8, 2025 15:27 > To: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com>; > openembedded-core@lists.openembedded.org > Subject: Re: [OE-core][PATCH] curl: upgrade 8.11.1 -> 8.12.0 > > On Fri, 2025-02-07 at 21:25 +0100, Peter Marko via lists.openembedded.org > wrote: > > From: Peter Marko <peter.marko@siemens.com> > > > > Solves CVE-2025-0167, CVE-2025-0665 and CVE-2025-0725. > > > > License-Update: copyright year refreshed > > > > Signed-off-by: Peter Marko <peter.marko@siemens.com> > > --- > > meta/recipes-support/curl/{curl_8.11.1.bb => curl_8.12.0.bb} | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > rename meta/recipes-support/curl/{curl_8.11.1.bb => curl_8.12.0.bb} (97%) > > > > diff --git a/meta/recipes-support/curl/curl_8.11.1.bb b/meta/recipes- > support/curl/curl_8.12.0.bb > > similarity index 97% > > rename from meta/recipes-support/curl/curl_8.11.1.bb > > rename to meta/recipes-support/curl/curl_8.12.0.bb > > index b4d80e9643..0d9457db93 100644 > > --- a/meta/recipes-support/curl/curl_8.11.1.bb > > +++ b/meta/recipes-support/curl/curl_8.12.0.bb > > @@ -7,7 +7,7 @@ HOMEPAGE = "https://curl.se/" > > BUGTRACKER = "https://github.com/curl/curl/issues" > > SECTION = "console/network" > > LICENSE = "curl" > > -LIC_FILES_CHKSUM = > "file://COPYING;md5=eed2e5088e1ac619c9a1c747da291d75" > > +LIC_FILES_CHKSUM = > "file://COPYING;md5=72f4e9890e99e68d77b7e40703d789b8" > > > > SRC_URI = " \ > > https://curl.se/download/${BP}.tar.xz \ > > @@ -15,7 +15,7 @@ SRC_URI = " \ > > file://disable-tests \ > > file://no-test-timeout.patch \ > > " > > -SRC_URI[sha256sum] = > "c7ca7db48b0909743eaef34250da02c19bc61d4f1dcedd6603f109409536ab56" > > +SRC_URI[sha256sum] = > "9a4628c764be6b1a9909567c13e8e771041609df43b2158fcac4e05ea7097e5d" > > > > # Curl has used many names over the years... > > CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl > daniel_stenberg:curl" > > Thanks for the upgrade. There does look to be a host search path issue on > mingw: > > https://autobuilder.yoctoproject.org/valkyrie/#/builders/7/builds/1003/steps/12/logs > /stdio > > Cheers, > > Richard
On Sat, 2025-02-08 at 14:46 +0000, Marko, Peter wrote: > OK, I'll check this. > Again something new to learn - mingw... Add meta-mingw, set SDKMACHINE = "i686-mingw32" and bitbake nativesdk- curl. Hopefully it is something simple... Cheers, Richard
diff --git a/meta/recipes-support/curl/curl_8.11.1.bb b/meta/recipes-support/curl/curl_8.12.0.bb similarity index 97% rename from meta/recipes-support/curl/curl_8.11.1.bb rename to meta/recipes-support/curl/curl_8.12.0.bb index b4d80e9643..0d9457db93 100644 --- a/meta/recipes-support/curl/curl_8.11.1.bb +++ b/meta/recipes-support/curl/curl_8.12.0.bb @@ -7,7 +7,7 @@ HOMEPAGE = "https://curl.se/" BUGTRACKER = "https://github.com/curl/curl/issues" SECTION = "console/network" LICENSE = "curl" -LIC_FILES_CHKSUM = "file://COPYING;md5=eed2e5088e1ac619c9a1c747da291d75" +LIC_FILES_CHKSUM = "file://COPYING;md5=72f4e9890e99e68d77b7e40703d789b8" SRC_URI = " \ https://curl.se/download/${BP}.tar.xz \ @@ -15,7 +15,7 @@ SRC_URI = " \ file://disable-tests \ file://no-test-timeout.patch \ " -SRC_URI[sha256sum] = "c7ca7db48b0909743eaef34250da02c19bc61d4f1dcedd6603f109409536ab56" +SRC_URI[sha256sum] = "9a4628c764be6b1a9909567c13e8e771041609df43b2158fcac4e05ea7097e5d" # Curl has used many names over the years... CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"