Age | Commit message (Collapse) | Author |
|
Feature and security update. Fixes the following CVEs:
- CVE-2022-32221
- CVE-2022-35260
- CVE-2022-42915
- CVE-2022-42916
Release notes: https://curl.se/changes.html#7_86_0
(From OE-Core rev: df55dced4b4980a8c6746acb2e02b80850d8613e)
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These modules outside of perl-modules are necessary to run curl-ptests
(From OE-Core rev: e885875f2af9cee0e7557ee130d3180492e507dd)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Release notes are available at: https://curl.se/changes.html#7_85_0
Remove backported patches as they are included in the new release.
(From OE-Core rev: 5170b1a6088a623af86ffca635a10bd010d709e5)
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
NROFF can take different values depending on the filesystem layout of the
host system and this leaks onto the target ptest package through the
Makefiles. Since ptest doesn't use them, delete them to resovle that issue.
Also ensure the task can rerun even if it already deleted configurehelp.pm
[YOCTO #14863]
(From OE-Core rev: 0b1e3746478e9ad1800b027ab5dc96495997807e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport a patch from upstream to fix the following build failure.
tmp-glibc/work/riscv64-wrs-linux/curl/7.84.0-r0/recipe-sysroot-native/
usr/bin/riscv64-wrs-linux/../../libexec/riscv64-wrs-linux/gcc/
riscv64-wrs-linux/12.1.0/ld: ../lib/.libs/libcurl.so:
undefined reference to `__atomic_exchange_1'
collect2: error: ld returned 1 exit status
(From OE-Core rev: 13d2bf6a34f4182c5c8bdd280d1ffd4caac3844a)
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- curl-ptest is taking around 200 seconds to execute so
added curl-ptest to PTESTS_SLOW
- This patch is rework on an existing patch provided
by Maxin B. John (maxin.john@intel.com)
https://www.openembedded.org/pipermail/openembedded-core/2017-July/139176.html
- Below is the run log of curl-ptest
START: ptest-runner
2022-07-03T15:52
BEGIN: /usr/lib/curl/ptest
********* System characteristics ********
* curl 7.83.1 (x86_64-poky-linux-gnu)
* libcurl/7.83.1 OpenSSL/3.0.3 zlib/1.2.12 libidn2/2.3.2
* Features: alt-svc AsynchDNS Debug HSTS HTTPS-proxy IDN Largefile libz NTLM SSL TLS-SRP UnixSockets
* Disabled: headers-api
* Host: qemux86-64
* System: Linux qemux86-64 5.15.44-yocto-standard #1 SMP PREEMPT Tue May 31 20:28:59 UTC 2022 x86_64 GNU/Linux
* OS: linux
* Servers: HTTP-unix
* Env:
* Seed: 238593
*****************************************
PASS: test 0001 (1 out of 1466, remaining: 25:07, took 1.029s, duration: 00:01)
PASS: test 0002 (2 out of 1466, remaining: 13:21, took 0.065s, duration: 00:01)
...
...
PASS: test 3019 (1460 out of 1466, remaining: 00:00, took 0.012s, duration: 03:16)
PASS: test 3020 (1461 out of 1466, remaining: 00:00, took 0.011s, duration: 03:16)
test 3025...The tool set in the test case for this: 'lib3025' does not exist
TESTDONE: 1280 tests were considered during 197 seconds.
TESTDONE: 783 tests out of PASS: 783 report: 100%
DURATION: 202
END: /usr/lib/curl/ptest
2022-07-03T15:56
STOP: ptest-runner
TOTAL: 1 FAIL: 0
- disable the curl tests that are expected to fail
- remove the generated file configurehelp.pm from curl test beacuse it is causing reproducible build failure.
this file is used by some curl tests to scan symbols from curl headers. we are anyway not installing curl
headers and already have disabled those tests.
[YOCTO #6707]
(From OE-Core rev: a0ea00daace826129cdec8f714ca7b7c60e9dadf)
Signed-off-by: Yogesh Tyagi <yogesh.tyagi@intel.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is a feature and bugfix update. Release notes are available at:
https://curl.se/changes.html#7_84_0
Backport a patch fixing a compile issue where sched.h was not included
on certain platforms.
(From OE-Core rev: 991a49672a8c45e319dc9d9b0466cf96725c1363)
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: d1ea8cb4e18551f542f783cc88e96c6360b3c134)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is a minor feature and bugfix release. Changes include:
* curl: add %header{name} experimental support in -w handling
* curl: add %{header_json} experimental support in -w handling
* curl: add --no-clobber
* curl: add --remove-on-error
* header api: add curl_easy_header and curl_easy_nextheader
* msh3: add support for QUIC and HTTP/3 using msh3
Full changelog at: https://curl.se/changes.html#7_83_0
(From OE-Core rev: 2e525a64ee945559afaad8b0285ac5d48a2748b4)
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Includes bug fixes and feature updates, such as addition of a --json flag
and the removal of mesalink support. Changelog available at:
https://curl.se/changes.html#7_82_0
LIC_FILES_CHKSUM changed due to copyright year update. Now that the full
SPDX license list is supported, refine the license from MIT to
MIT-open-group. The curl license contains the additional advertising
clause present in the Open Group variant.
Use a weak assignment with the RANDOM variable to make changes via
bbappend easier.
(From OE-Core rev: 5186d399b4e24273a35c9ad8b0c6fac8d626911a)
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
curl requires that at least one SSL implementation or explicitly
'--without-ssl' is specified. This is particularly the case if
PACKAGECONFIG is empty.
| configure: error: select TLS backend(s) or disable TLS with
--without-ssl.
|
| Select from these:
|
| --with-amissl
| --with-bearssl
| --with-gnutls
| --with-mbedtls
| --with-mesalink
| --with-nss
| --with-openssl (also works for BoringSSL and libressl)
| --with-rustls
| --with-schannel
| --with-secure-transport
| --with-wolfssl
|
Fixes: eef6c45fc6ec ("curl: Rework openssl and random PACKAGECONFIGs")
(From OE-Core rev: 6c737396c705e1388aff5f5a599c901a1a1760a2)
Signed-off-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The existing ssl PACKAGECONFIG makes it slightly annoying to use another
crypto provider while removing openssl. Since --with-ssl is just a
deprecated version of --with-openssl, rename the PACKAGECONFIG to use
the newer preferred name. Note that --without-ssl implies no crypto
provider at all, and should only be used when trying to disable all
crypto support.
Move --with-random to it's own option, since it is useful for other
crypto providers, not just openssl.
(From OE-Core rev: eef6c45fc6ec0a496791123e8ba2f400a5d9d468)
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Update URLs to refelct what upstream is presently using and add zstd
PACKAGECONFIG.
(From OE-Core rev: cc029e5e1331b3a8f4181bbfdbe72c547916f458)
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 2c290dee4a1f951a9aa4af7252edace91f61e967)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 9b1dba1a8e56f95bb3ab44130da293795975b67d)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: b4f08791b7652898f398c86db9352b706eeda9e4)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: cff6888f3b2b4bd0a42329b7f7c59b33c9d51265)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If we add DEBUG_PREFIX_MAP into LDFLAGS, curl-dev is no longer reproducible.
Fix this.
(From OE-Core rev: 3a30b7ad413de0e8f60504ba2be76107e4324640)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove libmetalink configure option as this rarely used option is
removed in the new version [1].
[1] https://github.com/curl/curl/commit/265b14d6b37c4298bd5556fabcbc37d36f911693
(From OE-Core rev: a40524a5c5ad441eebd6b751c2fd66637509ae9d)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: f88e16f4e4f77f532502806246dda38dfbc1a1e5)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 3876bb2365be7600951ff27dd055eb52773d032b)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
use openssl instead of gnutls
(From OE-Core rev: c39452bf65a8baa0eac15e6c4d39cc0f88e089d0)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: c1dfe36c5641ce1ddc1424e56037e23fd927c058)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes: [YOCTO #13471]
(From OE-Core rev: 6db24928d62aeb093a0e6da6619713eaca57a96f)
Signed-off-by: Ida Delphine <idadelm@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License-Update: copyright years changed
(From OE-Core rev: c1e278cbcf193fc647557018b8d7ee7997817219)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
update to version 7.74.0
curl 7.74.0 hsts: add experimental support for Strict-Transport-Security with various bug fixes
Reference:
https://curl.se/changes.html#7_74_0
update includes fix for CVE:
CVE-2020-8284
CVE-2020-8285
CVE-2020-8286
(From OE-Core rev: 0461baec8bef003a0bfcc9939e4e40654be36f10)
Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: f9aa9f075674e3908d950c3107be3e6230786f0b)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The official links on:
https://curl.haxx.se/download.html
use https now and we're seeing this warning:
WARNING: curl-native-7.72.0-r0 do_fetch: Failed to fetch URL http://curl.haxx.se/download/curl-7.72.0.tar.bz2, attempting MIRRORS if available
(From OE-Core rev: 0aa24abf6c4d68efa63026d2496b6adc16734d35)
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
To avoid false positives (such as CVE-2010-0734, rubygems:curl), expand
the CVE_PRODUCT list to include all the vendors that have been used.
(From OE-Core rev: bb265122cccea9466405fdd924ad10ce8cda0dec)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: f3fc6de9de6b6a24649864c598d5ee9abfae4af3)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This release includes the following bugfixes:
- cirrus-ci: disable FreeBSD 13 (again)
- Curl_inet_ntop: always check the return code
- CURLOPT_READFUNCTION.3: provide the upload data size up front
- DYNBUF.md: fix a typo: trail => tail
- escape: make the URL decode able to reject only %00-bytes
- escape: zero length input should return a zero length output
- examples/multithread.c: call curl_global_cleanup()
- http2: set the correct URL in pushed transfers
- http: fix proxy auth with blank password
- mbedtls: fix build with disabled proxy support
- ngtcp2: sync with current master
- openssl: Fix compilation on Windows when ngtcp2 is enabled
- Revert "multi: implement wait using winsock events"
- sendf: improve the message on client write errors
- terminology: call them null-terminated strings
- tool_cb_hdr: Fix etag warning output and return code
- url: allow user + password to contain "control codes" for HTTP(S)
- vtls: compare cert blob when finding a connection to reuse
(From OE-Core rev: 4fde94448495a7957bb6ce76c15fda67c73248d3)
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This release includes the following changes:
- CURLOPT_SSL_OPTIONS: optional use of Windows' CA store (with openssl) [10]
- setopt: add CURLOPT_PROXY_ISSUERCERT(_BLOB) for coherency [31]
- setopt: support certificate options in memory with struct curl_blob [41]
- tool: Add option --retry-all-errors to retry on any error [27]
This release includes the following bugfixes:
- CVE-2020-8177: curl overwrite local file with -J [111]
- CVE-2020-8169: Partial password leak over DNS on HTTP redirect [48]
- *_sspi: fix bad uses of CURLE_NOT_BUILT_IN [21]
- all: fix codespell errors [75]
- altsvc: bump to h3-29 [114]
...
See full changelog: https://curl.haxx.se/changes.html#7_71_0
(From OE-Core rev: 63a28e9fc262c8da692d18b38eeb0b85dd597a9b)
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Currently, curl (and libcurl) is built without debug info, making the
curl-dbg package rather useless. Since debug symbols are automatically
stripped and put in that package by the build system, making sure that
curl is built with -g shouldn't hurt anything, but will help those
that try to debug a libcurl-using application and hence explicitly
include curl-dbg in their rootfs.
Unfortunately, setting --enable-debug then changes the default value
of the optimize option from (assume yes) to (assume no), while also
changing the default value of the curldebug option [which is a
separate thing that actually changes generated code to add some memory
tracking] from (assume no) to (assume yes). So explicitly pass the
appropriate options that make those two have the same value as they
used to have by default.
(From OE-Core rev: 278242619eec5f5f143d57e92b109012001f1f91)
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The version 7.70.0 of curl add experimental support for this
protocol.
So, add PACKAGECONFIG for mqtt.
See [1] for more informations.
[1] - https://github.com/curl/curl/blob/master/docs/MQTT.md
(From OE-Core rev: aaf4054cb9e2c73d34e6fab12bf140808b2612ac)
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
See full changelog https://curl.haxx.se/changes.html#7_70_0
(From OE-Core rev: bbb2d451d6290d8ec312890fd5d3bc5c6d0e7468)
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Contains a number of fixes for issues discovered post-7.69.0.
For details, see full changelog:
https://curl.haxx.se/changes.html#7_69_1
(From OE-Core rev: d3af3cf801ab5b235bce427bc73d2e6b29083368)
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Specify exclusive package configs for glew and curl to make sure that
conflict package configs will NOT set at same time.
(From OE-Core rev: 8579673bdb314dbc554f40fc4c4c1db3d0bb0d63)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bugfix release. For details, see full changelog
- https://curl.haxx.se/changes.html#7_69_0
(From OE-Core rev: 2d6a9904a838c5e498c0e2a2e34169cd2877a785)
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
See full changelog https://curl.haxx.se/changes.html#7_68_0
The hash of the license is updated because the copyright year was
updated in COPYING file:
-Copyright (c) 1996 - 2019, Daniel Stenberg, <daniel@haxx.se>, and many
+Copyright (c) 1996 - 2020, Daniel Stenberg, <daniel@haxx.se>, and many
(From OE-Core rev: 887b16b653140b6ce6293863334b1d000ec6a9ed)
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 3fda2e0dda6823623cb6af2ce28bce9569816e95)
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: dec1616af9c2709c2ad78722cc4075b765de332d)
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: e3043b2c86556d91387dfbdf155e9b5547cc20c4)
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changelog:
https://curl.haxx.se/changes.html#7_65_2
(From OE-Core rev: 54b91da2bd07e8c3a40e61d90af251a1bfbf50f4)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
-Upgrade from curl_7.64.1.bb to curl_7.65.1.bb.
(From OE-Core rev: e3b7cb02a86b5040b3dc1439b142f25f0f8df8a0)
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 1d3f15fb928981ea094773c921b6829d6df45e45)
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The license checksum changed as the copyright years changed.
Fixes:
- CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
- CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
- CVE-2019-3823: SMTP end-of-response out-of-bounds read
(From OE-Core rev: 41c3ee4fe87a181786c47da044da700e8f605540)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changes:
curl: add %{stderr} and %{stdout} for --write-out
curl: add undocumented option --dump-module-paths for win32
setopt: add CURLOPT_CURLU
For full list of changes see:
https://curl.haxx.se/changes.html
(From OE-Core rev: 2837266edbe097dcd9ff5fcdf29bb56f38bf564d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 72e542f564691d892d140a69d7fcc6b442897cf8)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop all CVE patches now included in update.
For details see: https://curl.haxx.se/changes.html
(From OE-Core rev: 43a802c2605cd2f6095a7738347338492eafe722)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|