diff options
Diffstat (limited to 'meta/recipes-support/curl')
10 files changed, 238 insertions, 488 deletions
diff --git a/meta/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch b/meta/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch deleted file mode 100644 index a7db1b3c9e..0000000000 --- a/meta/recipes-support/curl/curl/0001-replace-krb5-config-with-pkg-config.patch +++ /dev/null @@ -1,44 +0,0 @@ -From ed70f0623708b8a6c1f58a5d243d87c5ff45b24d Mon Sep 17 00:00:00 2001 -From: Roy Li <rongqing.li@windriver.com> -Date: Tue, 26 Apr 2016 13:13:01 +0800 -Subject: [PATCH] replace krb5-config with pkg-config - -Upstream-Status: Pending - -Signed-off-by: Roy Li <rongqing.li@windriver.com> - ---- - configure.ac | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 5569a26..56b0380 100755 ---- a/configure.ac -+++ b/configure.ac -@@ -1290,7 +1290,7 @@ AC_ARG_WITH(gssapi, - fi - ]) - --: ${KRB5CONFIG:="$GSSAPI_ROOT/bin/krb5-config"} -+KRB5CONFIG=`which pkg-config` - - save_CPPFLAGS="$CPPFLAGS" - AC_MSG_CHECKING([if GSS-API support is requested]) -@@ -1301,7 +1301,7 @@ if test x"$want_gss" = xyes; then - if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then - GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi` - elif test -f "$KRB5CONFIG"; then -- GSSAPI_INCS=`$KRB5CONFIG --cflags gssapi` -+ GSSAPI_INCS=`$KRB5CONFIG --cflags mit-krb5-gssapi` - elif test "$GSSAPI_ROOT" != "yes"; then - GSSAPI_INCS="-I$GSSAPI_ROOT/include" - fi -@@ -1394,7 +1394,7 @@ if test x"$want_gss" = xyes; then - elif test -f "$KRB5CONFIG"; then - dnl krb5-config doesn't have --libs-only-L or similar, put everything - dnl into LIBS -- gss_libs=`$KRB5CONFIG --libs gssapi` -+ gss_libs=`$KRB5CONFIG --libs mit-krb5-gssapi` - LIBS="$gss_libs $LIBS" - else - case $host in diff --git a/meta/recipes-support/curl/curl/0001-sigpipe-init-the-struct-so-that-first-apply-ignores.patch b/meta/recipes-support/curl/curl/0001-sigpipe-init-the-struct-so-that-first-apply-ignores.patch new file mode 100644 index 0000000000..15c69e1430 --- /dev/null +++ b/meta/recipes-support/curl/curl/0001-sigpipe-init-the-struct-so-that-first-apply-ignores.patch @@ -0,0 +1,38 @@ +From 3eec5afbd0b6377eca893c392569b2faf094d970 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Mon, 5 Aug 2024 00:17:17 +0200 +Subject: [PATCH] sigpipe: init the struct so that first apply ignores + +Initializes 'no_signal' to TRUE, so that a call to sigpipe_apply() after +init ignores the signal (unless CURLOPT_NOSIGNAL) is set. + +I have read the existing code multiple times now and I think it gets the +initial state reversed this missing to ignore. + +Regression from 17e6f06ea37136c36d27 + +Reported-by: Rasmus Thomsen +Fixes #14344 +Closes #14390 + +Upstream-Status: Backport [https://github.com/curl/curl/commit/3eec5afbd0b6377eca893c392569b2faf094d970] +Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> +--- + lib/sigpipe.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/sigpipe.h b/lib/sigpipe.h +index b91a2f513..d78afd905 100644 +--- a/lib/sigpipe.h ++++ b/lib/sigpipe.h +@@ -39,6 +39,7 @@ struct sigpipe_ignore { + static void sigpipe_init(struct sigpipe_ignore *ig) + { + memset(ig, 0, sizeof(*ig)); ++ ig->no_signal = TRUE; + } + + /* +-- +2.44.2 + diff --git a/meta/recipes-support/curl/curl/CVE-2019-5435.patch b/meta/recipes-support/curl/curl/CVE-2019-5435.patch deleted file mode 100644 index f72435f608..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2019-5435.patch +++ /dev/null @@ -1,266 +0,0 @@ -From 756380f74d58d5a877b26dc21be7b1316b617213 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <daniel@haxx.se> -Date: Mon, 29 Apr 2019 08:00:49 +0200 -Subject: [PATCH] CURL_MAX_INPUT_LENGTH: largest acceptable string input size - -This limits all accepted input strings passed to libcurl to be less than -CURL_MAX_INPUT_LENGTH (8000000) bytes, for these API calls: -curl_easy_setopt() and curl_url_set(). - -The 8000000 number is arbitrary picked and is meant to detect mistakes -or abuse, not to limit actual practical use cases. By limiting the -acceptable string lengths we also reduce the risk of integer overflows -all over. - -NOTE: This does not apply to `CURLOPT_POSTFIELDS`. - -Test 1559 verifies. - -Closes #3805 - -Upstream-Status: Backport -CVE: CVE-2019-5435 -Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> - ---- - lib/setopt.c | 7 +++++ - lib/urlapi.c | 8 +++++ - lib/urldata.h | 4 +++ - tests/data/Makefile.inc | 2 +- - tests/data/test1559 | 44 ++++++++++++++++++++++++++ - tests/libtest/Makefile.inc | 6 ++-- - tests/libtest/lib1559.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++ - 7 files changed, 146 insertions(+), 3 deletions(-) - create mode 100644 tests/data/test1559 - create mode 100644 tests/libtest/lib1559.c - -diff --git a/lib/setopt.c b/lib/setopt.c -index b5f74a9..edf7165 100644 ---- a/lib/setopt.c -+++ b/lib/setopt.c -@@ -61,6 +61,13 @@ CURLcode Curl_setstropt(char **charp, const char *s) - if(s) { - char *str = strdup(s); - -+ if(str) { -+ size_t len = strlen(str); -+ if(len > CURL_MAX_INPUT_LENGTH) { -+ free(str); -+ return CURLE_BAD_FUNCTION_ARGUMENT; -+ } -+ } - if(!str) - return CURLE_OUT_OF_MEMORY; - -diff --git a/lib/urlapi.c b/lib/urlapi.c -index a19867e..822e4b3 100644 ---- a/lib/urlapi.c -+++ b/lib/urlapi.c -@@ -642,6 +642,10 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags) - ************************************************************/ - /* allocate scratch area */ - urllen = strlen(url); -+ if(urllen > CURL_MAX_INPUT_LENGTH) -+ /* excessive input length */ -+ return CURLUE_MALFORMED_INPUT; -+ - path = u->scratch = malloc(urllen * 2 + 2); - if(!path) - return CURLUE_OUT_OF_MEMORY; -@@ -1272,6 +1276,10 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what, - const char *newp = part; - size_t nalloc = strlen(part); - -+ if(nalloc > CURL_MAX_INPUT_LENGTH) -+ /* excessive input length */ -+ return CURLUE_MALFORMED_INPUT; -+ - if(urlencode) { - const char *i; - char *o; -diff --git a/lib/urldata.h b/lib/urldata.h -index 24187a4..049a34d 100644 ---- a/lib/urldata.h -+++ b/lib/urldata.h -@@ -79,6 +79,10 @@ - */ - #define RESP_TIMEOUT (120*1000) - -+/* Max string intput length is a precaution against abuse and to detect junk -+ input easier and better. */ -+#define CURL_MAX_INPUT_LENGTH 8000000 -+ - #include "cookie.h" - #include "psl.h" - #include "formdata.h" -diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc -index 2eca9c6..3dd234f 100644 ---- a/tests/data/Makefile.inc -+++ b/tests/data/Makefile.inc -@@ -176,7 +176,7 @@ test1525 test1526 test1527 test1528 test1529 test1530 test1531 test1532 \ - test1533 test1534 test1535 test1536 test1537 test1538 \ - test1540 test1541 \ - test1550 test1551 test1552 test1553 test1554 test1555 test1556 test1557 \ --test1558 test1560 test1561 test1562 \ -+test1558 test1559 test1560 test1561 test1562 \ - \ - test1590 test1591 test1592 \ - \ -diff --git a/tests/data/test1559 b/tests/data/test1559 -new file mode 100644 -index 0000000..cbed6fb ---- /dev/null -+++ b/tests/data/test1559 -@@ -0,0 +1,44 @@ -+<testcase> -+<info> -+<keywords> -+CURLOPT_URL -+</keywords> -+</info> -+ -+<reply> -+</reply> -+ -+<client> -+<server> -+none -+</server> -+ -+# require HTTP so that CURLOPT_POSTFIELDS works as assumed -+<features> -+http -+</features> -+<tool> -+lib1559 -+</tool> -+ -+<name> -+Set excessive URL lengths -+</name> -+</client> -+ -+# -+# Verify that the test runs to completion without crashing -+<verify> -+<errorcode> -+0 -+</errorcode> -+<stdout> -+CURLOPT_URL 10000000 bytes URL == 43 -+CURLOPT_POSTFIELDS 10000000 bytes data == 0 -+CURLUPART_URL 10000000 bytes URL == 3 -+CURLUPART_SCHEME 10000000 bytes scheme == 3 -+CURLUPART_USER 10000000 bytes user == 3 -+</stdout> -+</verify> -+ -+</testcase> -diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc -index e38f481..52b51c5 100644 ---- a/tests/libtest/Makefile.inc -+++ b/tests/libtest/Makefile.inc -@@ -31,8 +31,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect \ - lib1534 lib1535 lib1536 lib1537 lib1538 \ - lib1540 lib1541 \ - lib1550 lib1551 lib1552 lib1553 lib1554 lib1555 lib1556 lib1557 \ -- lib1558 \ -- lib1560 \ -+ lib1558 lib1559 lib1560 \ - lib1591 lib1592 \ - lib1900 lib1905 \ - lib2033 -@@ -529,6 +528,9 @@ lib1557_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1557 - lib1558_SOURCES = lib1558.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) - lib1558_LDADD = $(TESTUTIL_LIBS) - -+lib1559_SOURCES = lib1559.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) -+lib1559_LDADD = $(TESTUTIL_LIBS) -+ - lib1560_SOURCES = lib1560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) - lib1560_LDADD = $(TESTUTIL_LIBS) - -diff --git a/tests/libtest/lib1559.c b/tests/libtest/lib1559.c -new file mode 100644 -index 0000000..2aa3615 ---- /dev/null -+++ b/tests/libtest/lib1559.c -@@ -0,0 +1,78 @@ -+/*************************************************************************** -+ * _ _ ____ _ -+ * Project ___| | | | _ \| | -+ * / __| | | | |_) | | -+ * | (__| |_| | _ <| |___ -+ * \___|\___/|_| \_\_____| -+ * -+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. -+ * -+ * This software is licensed as described in the file COPYING, which -+ * you should have received as part of this distribution. The terms -+ * are also available at https://curl.haxx.se/docs/copyright.html. -+ * -+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell -+ * copies of the Software, and permit persons to whom the Software is -+ * furnished to do so, under the terms of the COPYING file. -+ * -+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -+ * KIND, either express or implied. -+ * -+ ***************************************************************************/ -+#include "test.h" -+ -+#include "testutil.h" -+#include "warnless.h" -+#include "memdebug.h" -+ -+#define EXCESSIVE 10*1000*1000 -+int test(char *URL) -+{ -+ CURLcode res = 0; -+ CURL *curl = NULL; -+ char *longurl = malloc(EXCESSIVE); -+ CURLU *u; -+ (void)URL; -+ -+ memset(longurl, 'a', EXCESSIVE); -+ longurl[EXCESSIVE-1] = 0; -+ -+ global_init(CURL_GLOBAL_ALL); -+ easy_init(curl); -+ -+ res = curl_easy_setopt(curl, CURLOPT_URL, longurl); -+ printf("CURLOPT_URL %d bytes URL == %d\n", -+ EXCESSIVE, (int)res); -+ -+ res = curl_easy_setopt(curl, CURLOPT_POSTFIELDS, longurl); -+ printf("CURLOPT_POSTFIELDS %d bytes data == %d\n", -+ EXCESSIVE, (int)res); -+ -+ u = curl_url(); -+ if(u) { -+ CURLUcode uc = curl_url_set(u, CURLUPART_URL, longurl, 0); -+ printf("CURLUPART_URL %d bytes URL == %d\n", -+ EXCESSIVE, (int)uc); -+ uc = curl_url_set(u, CURLUPART_SCHEME, longurl, CURLU_NON_SUPPORT_SCHEME); -+ printf("CURLUPART_SCHEME %d bytes scheme == %d\n", -+ EXCESSIVE, (int)uc); -+ uc = curl_url_set(u, CURLUPART_USER, longurl, 0); -+ printf("CURLUPART_USER %d bytes user == %d\n", -+ EXCESSIVE, (int)uc); -+ curl_url_cleanup(u); -+ } -+ -+ free(longurl); -+ -+ curl_easy_cleanup(curl); -+ curl_global_cleanup(); -+ -+ return 0; -+ -+test_cleanup: -+ -+ curl_easy_cleanup(curl); -+ curl_global_cleanup(); -+ -+ return res; /* return the final return code */ -+} diff --git a/meta/recipes-support/curl/curl/CVE-2019-5436.patch b/meta/recipes-support/curl/curl/CVE-2019-5436.patch deleted file mode 100644 index eee26ce273..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2019-5436.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 2da531b3068e22cf714f001b493a704b2e9b923f Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <daniel@haxx.se> -Date: Fri, 3 May 2019 22:20:37 +0200 -Subject: [PATCH] tftp: use the current blksize for recvfrom() - -bug: https://curl.haxx.se/docs/CVE-2019-5436.html -Reported-by: l00p3r on hackerone -CVE-2019-5436 - -Upstream-Status: Backport -CVE: CVE-2019-5436 -Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> - ---- - lib/tftp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/tftp.c b/lib/tftp.c -index 8b92b7b..289cda2 100644 ---- a/lib/tftp.c -+++ b/lib/tftp.c -@@ -1009,7 +1009,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done) - state->sockfd = state->conn->sock[FIRSTSOCKET]; - state->state = TFTP_STATE_START; - state->error = TFTP_ERR_NONE; -- state->blksize = TFTP_BLKSIZE_DEFAULT; -+ state->blksize = blksize; - state->requested_blksize = blksize; - - ((struct sockaddr *)&state->local_addr)->sa_family = diff --git a/meta/recipes-support/curl/curl/CVE-2019-5482.patch b/meta/recipes-support/curl/curl/CVE-2019-5482.patch deleted file mode 100644 index 30122d1ae9..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2019-5482.patch +++ /dev/null @@ -1,65 +0,0 @@ -From facb0e4662415b5f28163e853dc6742ac5fafb3d Mon Sep 17 00:00:00 2001 -From: Thomas Vegas <> -Date: Sat, 31 Aug 2019 17:30:51 +0200 -Subject: [PATCH] tftp: Alloc maximum blksize, and use default unless OACK is - received - -Fixes potential buffer overflow from 'recvfrom()', should the server -return an OACK without blksize. - -Bug: https://curl.haxx.se/docs/CVE-2019-5482.html -CVE-2019-5482 - -Upstream-Status: Backport -CVE: CVE-2019-5482 - -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - lib/tftp.c | 12 +++++++++--- - 1 file changed, 9 insertions(+), 3 deletions(-) - -Index: curl-7.64.1/lib/tftp.c -=================================================================== ---- curl-7.64.1.orig/lib/tftp.c -+++ curl-7.64.1/lib/tftp.c -@@ -973,6 +973,7 @@ static CURLcode tftp_connect(struct conn - { - tftp_state_data_t *state; - int blksize; -+ int need_blksize; - - blksize = TFTP_BLKSIZE_DEFAULT; - -@@ -987,15 +988,20 @@ static CURLcode tftp_connect(struct conn - return CURLE_TFTP_ILLEGAL; - } - -+ need_blksize = blksize; -+ /* default size is the fallback when no OACK is received */ -+ if(need_blksize < TFTP_BLKSIZE_DEFAULT) -+ need_blksize = TFTP_BLKSIZE_DEFAULT; -+ - if(!state->rpacket.data) { -- state->rpacket.data = calloc(1, blksize + 2 + 2); -+ state->rpacket.data = calloc(1, need_blksize + 2 + 2); - - if(!state->rpacket.data) - return CURLE_OUT_OF_MEMORY; - } - - if(!state->spacket.data) { -- state->spacket.data = calloc(1, blksize + 2 + 2); -+ state->spacket.data = calloc(1, need_blksize + 2 + 2); - - if(!state->spacket.data) - return CURLE_OUT_OF_MEMORY; -@@ -1009,7 +1015,7 @@ static CURLcode tftp_connect(struct conn - state->sockfd = state->conn->sock[FIRSTSOCKET]; - state->state = TFTP_STATE_START; - state->error = TFTP_ERR_NONE; -- state->blksize = blksize; -+ state->blksize = TFTP_BLKSIZE_DEFAULT; /* Unless updated by OACK response */ - state->requested_blksize = blksize; - - ((struct sockaddr *)&state->local_addr)->sa_family = diff --git a/meta/recipes-support/curl/curl/disable-tests b/meta/recipes-support/curl/curl/disable-tests new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/meta/recipes-support/curl/curl/disable-tests diff --git a/meta/recipes-support/curl/curl/no-test-timeout.patch b/meta/recipes-support/curl/curl/no-test-timeout.patch new file mode 100644 index 0000000000..7122b6f043 --- /dev/null +++ b/meta/recipes-support/curl/curl/no-test-timeout.patch @@ -0,0 +1,25 @@ +From 42cddb52e821cfc2f09f1974742714e5f2f1856e Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Fri, 15 Mar 2024 14:37:37 +0000 +Subject: [PATCH] Set the max-time timeout to 600 so the timeout is 10 minutes + instead of 13 seconds. + +Upstream-Status: Inappropriate +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + tests/servers.pm | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/servers.pm b/tests/servers.pm +index d4472d5..9999938 100644 +--- a/tests/servers.pm ++++ b/tests/servers.pm +@@ -120,7 +120,7 @@ my $sshdverstr; # for socks server, ssh daemon version string + my $sshderror; # for socks server, ssh daemon version error + my %doesntrun; # servers that don't work, identified by pidfile + my %PORT = (nolisten => 47); # port we use for a local non-listening service +-my $server_response_maxtime=13; ++my $server_response_maxtime=600; + my $httptlssrv = find_httptlssrv(); + my %run; # running server + my %runcert; # cert file currently in use by an ssl running server diff --git a/meta/recipes-support/curl/curl/run-ptest b/meta/recipes-support/curl/curl/run-ptest new file mode 100644 index 0000000000..597cf92dbb --- /dev/null +++ b/meta/recipes-support/curl/curl/run-ptest @@ -0,0 +1,19 @@ +#!/bin/sh + +cd tests + +# Run all tests, don't stop on first failure +# Don't use valgrind if it is found +# Use automake-style output +# Run four tests in parallel +# Print log output on failure + +# Don't run the flaky or timing dependent tests +# Until https://github.com/curl/curl/issues/13350 is resolved, don't run FTP tests +# We don't enable --libcurl +# Don't assume curl-config exists +# We don't have the source tree +./runtests.pl \ + -a -c curl -vc curl -n -am -j4 -p \ + !flaky !timing-dependent !FTP \ + !--libcurl !curl-config !source\ analysis !checksrc !documentation diff --git a/meta/recipes-support/curl/curl_7.64.1.bb b/meta/recipes-support/curl/curl_7.64.1.bb deleted file mode 100644 index 151d74a236..0000000000 --- a/meta/recipes-support/curl/curl_7.64.1.bb +++ /dev/null @@ -1,83 +0,0 @@ -SUMMARY = "Command line tool and library for client-side URL transfers" -HOMEPAGE = "http://curl.haxx.se/" -BUGTRACKER = "http://curl.haxx.se/mail/list.cgi?list=curl-tracker" -SECTION = "console/network" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://COPYING;md5=be5d9e1419c4363f4b32037a2d3b7ffa" - -SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ - file://0001-replace-krb5-config-with-pkg-config.patch \ - file://CVE-2019-5435.patch \ - file://CVE-2019-5436.patch \ - file://CVE-2019-5482.patch \ -" - -SRC_URI[md5sum] = "790c101927845208a9d7e8c429ddd1b2" -SRC_URI[sha256sum] = "4cc7c738b35250d0680f29e93e0820c4cb40035f43514ea3ec8d60322d41a45d" - -CVE_PRODUCT = "curl libcurl" -inherit autotools pkgconfig binconfig multilib_header - -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib" -PACKAGECONFIG_class-native = "ipv6 proxy ssl threaded-resolver verbose zlib" -PACKAGECONFIG_class-nativesdk = "ipv6 proxy ssl threaded-resolver verbose zlib" - -# 'ares' and 'threaded-resolver' are mutually exclusive -PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares" -PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli" -PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual" -PACKAGECONFIG[dict] = "--enable-dict,--disable-dict," -PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls" -PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher," -PACKAGECONFIG[imap] = "--enable-imap,--disable-imap," -PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," -PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5" -PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap," -PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps," -PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2" -PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2" -PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls" -PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2" -PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3," -PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy," -PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump" -PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp," -PACKAGECONFIG[smb] = "--enable-smb,--disable-smb," -PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp," -PACKAGECONFIG[ssl] = "--with-ssl --with-random=/dev/urandom,--without-ssl,openssl" -PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss" -PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet," -PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp," -PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver" -PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose" -PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib" - -EXTRA_OECONF = " \ - --disable-libcurl-option \ - --disable-ntlm-wb \ - --enable-crypto-auth \ - --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \ - --without-libmetalink \ - --without-libpsl \ -" - -do_install_append_class-target() { - # cleanup buildpaths from curl-config - sed -i \ - -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \ - -e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \ - -e 's|${DEBUG_PREFIX_MAP}||g' \ - ${D}${bindir}/curl-config -} - -PACKAGES =+ "lib${BPN}" - -FILES_lib${BPN} = "${libdir}/lib*.so.*" -RRECOMMENDS_lib${BPN} += "ca-certificates" - -FILES_${PN} += "${datadir}/zsh" - -inherit multilib_script -MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/curl-config" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-support/curl/curl_8.9.1.bb b/meta/recipes-support/curl/curl_8.9.1.bb new file mode 100644 index 0000000000..745224929b --- /dev/null +++ b/meta/recipes-support/curl/curl_8.9.1.bb @@ -0,0 +1,156 @@ +SUMMARY = "Command line tool and library for client-side URL transfers" +DESCRIPTION = "It uses URL syntax to transfer data to and from servers. \ +curl is a widely used because of its ability to be flexible and complete \ +complex tasks. For example, you can use curl for things like user authentication, \ +HTTP post, SSL connections, proxy support, FTP uploads, and more!" +HOMEPAGE = "https://curl.se/" +BUGTRACKER = "https://github.com/curl/curl/issues" +SECTION = "console/network" +LICENSE = "curl" +LIC_FILES_CHKSUM = "file://COPYING;md5=eed2e5088e1ac619c9a1c747da291d75" + +SRC_URI = " \ + https://curl.se/download/${BP}.tar.xz \ + file://run-ptest \ + file://disable-tests \ + file://no-test-timeout.patch \ + file://0001-sigpipe-init-the-struct-so-that-first-apply-ignores.patch \ +" +SRC_URI[sha256sum] = "f292f6cc051d5bbabf725ef85d432dfeacc8711dd717ea97612ae590643801e5" + +# Curl has used many names over the years... +CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" +CVE_STATUS[CVE-2024-32928] = "ignored: CURLOPT_SSL_VERIFYPEER was disabled on google cloud services causing a potential man in the middle attack" + +inherit autotools pkgconfig binconfig multilib_header ptest + +# Entropy source for random PACKAGECONFIG option +RANDOM ?= "/dev/urandom" + +COMMON_PACKAGECONFIG = "basic-auth bearer-auth digest-auth negotiate-auth openssl proxy random threaded-resolver verbose zlib" +PACKAGECONFIG ??= "${COMMON_PACKAGECONFIG} ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} aws libidn" +PACKAGECONFIG:class-native = "${COMMON_PACKAGECONFIG} ipv6" +PACKAGECONFIG:class-nativesdk = "${COMMON_PACKAGECONFIG} ipv6" + +# 'ares' and 'threaded-resolver' are mutually exclusive +PACKAGECONFIG[ares] = "--enable-ares,--disable-ares,c-ares,,,threaded-resolver" +PACKAGECONFIG[aws] = "--enable-aws,--disable-aws" +PACKAGECONFIG[basic-auth] = "--enable-basic-auth,--disable-basic-auth" +PACKAGECONFIG[bearer-auth] = "--enable-bearer-auth,--disable-bearer-auth" +PACKAGECONFIG[brotli] = "--with-brotli,--without-brotli,brotli" +PACKAGECONFIG[builtinmanual] = "--enable-manual,--disable-manual" +# Don't use this in production +PACKAGECONFIG[debug] = "--enable-debug,--disable-debug" +PACKAGECONFIG[dict] = "--enable-dict,--disable-dict," +PACKAGECONFIG[digest-auth] = "--enable-digest-auth,--disable-digest-auth" +PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls" +PACKAGECONFIG[gopher] = "--enable-gopher,--disable-gopher," +PACKAGECONFIG[imap] = "--enable-imap,--disable-imap," +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," +PACKAGECONFIG[kerberos-auth] = "--enable-kerberos-auth,--disable-kerberos-auth" +PACKAGECONFIG[krb5] = "--with-gssapi,--without-gssapi,krb5" +PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,openldap" +PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,openldap" +PACKAGECONFIG[libgsasl] = "--with-libgsasl,--without-libgsasl,libgsasl" +PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2" +PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2" +PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls" +PACKAGECONFIG[mqtt] = "--enable-mqtt,--disable-mqtt," +PACKAGECONFIG[negotiate-auth] = "--enable-negotiate-auth,--disable-negotiate-auth" +PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2" +PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl,openssl" +PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3," +PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy," +PACKAGECONFIG[random] = "--with-random=${RANDOM},--without-random" +PACKAGECONFIG[rtmpdump] = "--with-librtmp,--without-librtmp,rtmpdump" +PACKAGECONFIG[rtsp] = "--enable-rtsp,--disable-rtsp," +PACKAGECONFIG[smb] = "--enable-smb,--disable-smb," +PACKAGECONFIG[smtp] = "--enable-smtp,--disable-smtp," +PACKAGECONFIG[telnet] = "--enable-telnet,--disable-telnet," +PACKAGECONFIG[tftp] = "--enable-tftp,--disable-tftp," +PACKAGECONFIG[threaded-resolver] = "--enable-threaded-resolver,--disable-threaded-resolver,,,,ares" +PACKAGECONFIG[verbose] = "--enable-verbose,--disable-verbose" +PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/../,--without-zlib,zlib" +PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd" + +EXTRA_OECONF = " \ + --disable-libcurl-option \ + --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \ + --without-libpsl \ + --enable-optimize \ + ${@'--without-ssl' if (bb.utils.filter('PACKAGECONFIG', 'gnutls mbedtls openssl', d) == '') else ''} \ +" + +fix_absolute_paths () { + # cleanup buildpaths from curl-config + sed -i \ + -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \ + -e 's,--with-libtool-sysroot=${STAGING_DIR_TARGET},,g' \ + -e 's|${DEBUG_PREFIX_MAP}||g' \ + -e 's|${@" ".join(d.getVar("DEBUG_PREFIX_MAP").split())}||g' \ + ${D}${bindir}/curl-config +} + +do_install:append:class-target() { + fix_absolute_paths +} + +do_install:append:class-nativesdk() { + fix_absolute_paths +} + +do_compile_ptest() { + oe_runmake -C ${B}/tests +} + +do_install_ptest() { + install -d ${D}${PTEST_PATH}/tests + cp ${S}/tests/*.p[lmy] ${D}${PTEST_PATH}/tests/ + + install -d ${D}${PTEST_PATH}/tests/libtest + for name in $(makefile-getvar ${B}/tests/libtest/Makefile noinst_PROGRAMS noinst_LTLIBRARIES); do + ${B}/libtool --mode=install install ${B}/tests/libtest/$name ${D}${PTEST_PATH}/tests/libtest + done + cp ${S}/tests/libtest/notexists.pl ${D}${PTEST_PATH}/tests/libtest + rm -f ${D}${PTEST_PATH}/tests/libtest/libhostname.la + + install -d ${D}${PTEST_PATH}/tests/server + for name in $(makefile-getvar ${B}/tests/server/Makefile noinst_PROGRAMS); do + ${B}/libtool --mode=install install ${B}/tests/server/$name ${D}${PTEST_PATH}/tests/server + done + + cp -r ${S}/tests/data ${D}${PTEST_PATH}/tests/ + + # More tests that we disable for automated QA as they're not reliable + cat ${UNPACKDIR}/disable-tests >>${D}${PTEST_PATH}/tests/data/DISABLED +} + +RDEPENDS:${PN}-ptest += " \ + locale-base-en-us \ + perl-module-b \ + perl-module-base \ + perl-module-cwd \ + perl-module-digest \ + perl-module-digest-md5 \ + perl-module-file-basename \ + perl-module-file-spec \ + perl-module-file-temp \ + perl-module-io-socket \ + perl-module-ipc-open2 \ + perl-module-list-util \ + perl-module-memoize \ + perl-module-storable \ + perl-module-time-hires \ +" + +PACKAGES =+ "lib${BPN}" + +FILES:lib${BPN} = "${libdir}/lib*.so.*" +RRECOMMENDS:lib${BPN} += "ca-certificates" + +FILES:${PN} += "${datadir}/zsh" + +inherit multilib_script +MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/curl-config" + +BBCLASSEXTEND = "native nativesdk" |