It got removed from curl by this commit: https://github.com/curl/curl/commit/d1da545a6881dbeafff86077f696f0dc22d3fc81
as mentioned in curl-7.57.0/CHANGES: Daniel Stenberg (6 Sep 2017) - configure: remove --enable-soname-bump and SONAME_BUMP Back in 2008, (and commit 3f3d6ebe665f3) we changed the logic in how we determine the native type for `curl_off_t`. To really make sure we didn't break ABI without bumping SONAME, we introduced logic that attempted to detect that it would use a different size and thus not be compatible. We also provided a manual switch that allowed users to tell configure to bump SONAME by force. Today, we know of no one who ever got a SONAME bump auto-detected and we don't know of anyone who's using the manual bump feature. The auto- detection is also no longer working since we introduced defining curl_off_t in system.h (7.55.0). Finally, this bumping logic is not present in the cmake build. Closes #1861 On Fri, Jan 26, 2018 at 10:11 PM, Martin Jansa <[email protected]> wrote: > Be aware that this upgrade might change your libcurl5 to libcurl4 > > With Yocto 1.7 Dizzy we used to have libcurl5, because of > different SIZEOF_OFF_T value. > > Then in Yocto 1.8 Fido SIZEOF_OFF_T was changed in oe-core and curl > started to use libcurl4 again automatically. > > Back then I've added simple workaround in our bbappend to keep libcurl5 > (until we can rebuild all prebuilt binaries from 3rd party vendors): > > # Force to use libcurl5 instead of libcurl4 (like we had with Yocto 1.7 > Dizzy) > # The SONAME isn't bumped automatically since oe-core commit > 49c848018484827c433e1bcf9c63416640456f3e > # which changed SIZEOF_OFF_T to 8 > EXTRA_OECONF += "--enable-soname-bump" > > and it was working fine until this upgrade to 7.57.0. I haven't checked > yet why enable-soname-bump stopped working (it's still recognized by > configure script). > > > On Fri, Jan 26, 2018 at 2:10 PM, <[email protected]> wrote: > >> This is an automated email from the git hooks/post-receive script. >> >> rpurdie pushed a commit to branch master >> in repository openembedded-core. >> >> commit 215d5677004537fc190b5381157ac8b94db6d7e8 >> Author: Huang Qiyu <[email protected]> >> AuthorDate: Wed Jan 24 11:01:36 2018 +0800 >> >> curl: 7.54.1 -> 7.57.0 >> >> 1.Upgrade curl from 7.54.1 to 7.57.0. >> 2.Delete CVE-2017-1000099.patch, CVE-2017-1000100.patch, >> CVE-2017-1000101.patch, CVE-2017-1000254.patch, reproducible-mkhelp.patch, >> since it is integrated upstream. >> 3.Remove "do_install_append()" from curl_7.57.0.bb, since >> curl/curlbuild.h has been removed. >> >> Signed-off-by: Huang Qiyu <[email protected]> >> Signed-off-by: Ross Burton <[email protected]> >> --- >> .../curl/curl/CVE-2017-1000099.patch | 41 ------ >> .../curl/curl/CVE-2017-1000100.patch | 51 -------- >> .../curl/curl/CVE-2017-1000101.patch | 99 --------------- >> .../curl/curl/CVE-2017-1000254.patch | 138 >> --------------------- >> .../curl/curl/reproducible-mkhelp.patch | 32 ----- >> .../curl/{curl_7.54.1.bb => curl_7.57.0.bb} | 14 +-- >> 6 files changed, 2 insertions(+), 373 deletions(-) >> >> diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000099.patch >> b/meta/recipes-support/curl/curl/CVE-2017-1000099.patch >> deleted file mode 100644 >> index 96ff1b0..0000000 >> --- a/meta/recipes-support/curl/curl/CVE-2017-1000099.patch >> +++ /dev/null >> @@ -1,41 +0,0 @@ >> -From c9332fa5e84f24da300b42b1a931ade929d3e27d Mon Sep 17 00:00:00 2001 >> -From: Even Rouault <[email protected]> >> -Date: Tue, 1 Aug 2017 17:17:06 +0200 >> -Subject: [PATCH] file: output the correct buffer to the user >> - >> -Regression brought by 7c312f84ea930d8 (April 2017) >> - >> -CVE: CVE-2017-1000099 >> - >> -Bug: https://curl.haxx.se/docs/adv_20170809C.html >> - >> -Credit to OSS-Fuzz for the discovery >> - >> -Upstream-Status: Backport >> -https://github.com/curl/curl/commit/c9332fa5e84f24da300b42b >> 1a931ade929d3e27d >> - >> -Signed-off-by: Wenzong Fan <[email protected]> >> ---- >> - lib/file.c | 2 +- >> - 1 file changed, 1 insertion(+), 1 deletion(-) >> - >> -diff --git a/lib/file.c b/lib/file.c >> -index bd426eac2..666cbe75b 100644 >> ---- a/lib/file.c >> -+++ b/lib/file.c >> -@@ -499,11 +499,11 @@ static CURLcode file_do(struct connectdata *conn, >> bool *done) >> - Curl_month[tm->tm_mon], >> - tm->tm_year + 1900, >> - tm->tm_hour, >> - tm->tm_min, >> - tm->tm_sec); >> -- result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0); >> -+ result = Curl_client_write(conn, CLIENTWRITE_BOTH, header, 0); >> - if(!result) >> - /* set the file size to make it available post transfer */ >> - Curl_pgrsSetDownloadSize(data, expected_size); >> - return result; >> - } >> --- >> -2.13.3 >> - >> diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000100.patch >> b/meta/recipes-support/curl/curl/CVE-2017-1000100.patch >> deleted file mode 100644 >> index f74f1dd..0000000 >> --- a/meta/recipes-support/curl/curl/CVE-2017-1000100.patch >> +++ /dev/null >> @@ -1,51 +0,0 @@ >> -From 358b2b131ad6c095696f20dcfa62b8305263f898 Mon Sep 17 00:00:00 2001 >> -From: Daniel Stenberg <[email protected]> >> -Date: Tue, 1 Aug 2017 17:16:46 +0200 >> -Subject: [PATCH] tftp: reject file name lengths that don't fit >> - >> -... and thereby avoid telling send() to send off more bytes than the >> -size of the buffer! >> - >> -CVE: CVE-2017-1000100 >> - >> -Bug: https://curl.haxx.se/docs/adv_20170809B.html >> -Reported-by: Even Rouault >> - >> -Credit to OSS-Fuzz for the discovery >> - >> -Upstream-Status: Backport >> -https://github.com/curl/curl/commit/358b2b131ad6c095696f20d >> cfa62b8305263f898 >> - >> -Signed-off-by: Wenzong Fan <[email protected]> >> ---- >> - lib/tftp.c | 7 ++++++- >> - 1 file changed, 6 insertions(+), 1 deletion(-) >> - >> -diff --git a/lib/tftp.c b/lib/tftp.c >> -index 02bd842..f6f4bce 100644 >> ---- a/lib/tftp.c >> -+++ b/lib/tftp.c >> -@@ -5,7 +5,7 @@ >> - * | (__| |_| | _ <| |___ >> - * \___|\___/|_| \_\_____| >> - * >> -- * Copyright (C) 1998 - 2016, Daniel Stenberg, <[email protected]>, et al. >> -+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <[email protected]>, et al. >> - * >> - * This software is licensed as described in the file COPYING, which >> - * you should have received as part of this distribution. The terms >> -@@ -491,6 +491,11 @@ static CURLcode tftp_send_first(tftp_state_data_t >> *state, tftp_event_t event) >> - if(result) >> - return result; >> - >> -+ if(strlen(filename) > (state->blksize - strlen(mode) - 4)) { >> -+ failf(data, "TFTP file name too long\n"); >> -+ return CURLE_TFTP_ILLEGAL; /* too long file name field */ >> -+ } >> -+ >> - snprintf((char *)state->spacket.data+2, >> - state->blksize, >> - "%s%c%s%c", filename, '\0', mode, '\0'); >> --- >> -1.7.9.5 >> - >> diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000101.patch >> b/meta/recipes-support/curl/curl/CVE-2017-1000101.patch >> deleted file mode 100644 >> index c300fff..0000000 >> --- a/meta/recipes-support/curl/curl/CVE-2017-1000101.patch >> +++ /dev/null >> @@ -1,99 +0,0 @@ >> -From 453e7a7a03a2cec749abd3878a48e728c515cca7 Mon Sep 17 00:00:00 2001 >> -From: Daniel Stenberg <[email protected]> >> -Date: Tue, 1 Aug 2017 17:16:07 +0200 >> -Subject: [PATCH] glob: do not continue parsing after a strtoul() overflow >> - range >> - >> -Added test 1289 to verify. >> - >> -CVE: CVE-2017-1000101 >> - >> -Bug: https://curl.haxx.se/docs/adv_20170809A.html >> -Reported-by: Brian Carpenter >> - >> -Upstream-Status: Backport >> -https://github.com/curl/curl/commit/453e7a7a03a2cec749abd38 >> 78a48e728c515cca7 >> - >> -Rebase the tests/data/Makefile.inc changes for curl 7.54.1. >> - >> -Signed-off-by: Wenzong Fan <[email protected]> >> ---- >> - src/tool_urlglob.c | 5 ++++- >> - tests/data/Makefile.inc | 2 +- >> - tests/data/test1289 | 35 +++++++++++++++++++++++++++++++++++ >> - 3 files changed, 40 insertions(+), 2 deletions(-) >> - create mode 100644 tests/data/test1289 >> - >> -diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c >> -index 6b1ece0..d56dcd9 100644 >> ---- a/src/tool_urlglob.c >> -+++ b/src/tool_urlglob.c >> -@@ -273,7 +273,10 @@ static CURLcode glob_range(URLGlob *glob, char >> **patternp, >> - } >> - errno = 0; >> - max_n = strtoul(pattern, &endp, 10); >> -- if(errno || (*endp == ':')) { >> -+ if(errno) >> -+ /* overflow */ >> -+ endp = NULL; >> -+ else if(*endp == ':') { >> - pattern = endp+1; >> - errno = 0; >> - step_n = strtoul(pattern, &endp, 10); >> -diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc >> -index 155320a..7adbee6 100644 >> ---- a/tests/data/Makefile.inc >> -+++ b/tests/data/Makefile.inc >> -@@ -132,7 +132,7 @@ test1252 test1253 test1254 test1255 test1256 >> test1257 test1258 test1259 \ >> - test1260 test1261 test1262 \ >> - \ >> - test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 >> \ >> --test1288 \ >> -+test1288 test1289 \ >> - \ >> - test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 >> \ >> - test1308 test1309 test1310 test1311 test1312 test1313 test1314 test1315 >> \ >> -diff --git a/tests/data/test1289 b/tests/data/test1289 >> -new file mode 100644 >> -index 0000000..d679cc0 >> ---- /dev/null >> -+++ b/tests/data/test1289 >> -@@ -0,0 +1,35 @@ >> -+<testcase> >> -+<info> >> -+<keywords> >> -+HTTP >> -+HTTP GET >> -+globbing >> -+</keywords> >> -+</info> >> -+ >> -+# >> -+# Server-side >> -+<reply> >> -+</reply> >> -+ >> -+# Client-side >> -+<client> >> -+<server> >> -+http >> -+</server> >> -+<name> >> -+globbing with overflow and bad syntxx >> -+</name> >> -+<command> >> -+http://ur%20[0-60000000000000000000 >> -+</command> >> -+</client> >> -+ >> -+# Verify data after the test has been "shot" >> -+<verify> >> -+# curl: (3) [globbing] bad range in column >> -+<errorcode> >> -+3 >> -+</errorcode> >> -+</verify> >> -+</testcase> >> --- >> -2.11.0 >> - >> diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000254.patch >> b/meta/recipes-support/curl/curl/CVE-2017-1000254.patch >> deleted file mode 100644 >> index 2b0798b..0000000 >> --- a/meta/recipes-support/curl/curl/CVE-2017-1000254.patch >> +++ /dev/null >> @@ -1,138 +0,0 @@ >> -From 1b2eba6f9745c064f7283e0ada8f46df9d9d6e42 Mon Sep 17 00:00:00 2001 >> -From: Li Zhou <[email protected]> >> -Date: Mon, 23 Oct 2017 00:26:50 -0700 >> -Subject: [PATCH] FTP: zero terminate the entry path even on bad input >> - >> -... a single double quote could leave the entry path buffer without a >> zero >> -terminating byte. CVE-2017-1000254 >> - >> -Test 1152 added to verify. >> - >> -Reported-by: Max Dymond >> -Bug: https://curl.haxx.se/docs/adv_20171004.html >> - >> -Upstream-Status: Backport >> -CVE: CVE-2017-1000254 >> -Signed-off-by: Li Zhou <[email protected]> >> ---- >> - lib/ftp.c | 7 ++++-- >> - tests/data/Makefile.inc | 2 ++ >> - tests/data/test1152 | 61 ++++++++++++++++++++++++++++++ >> +++++++++++++++++++ >> - 3 files changed, 68 insertions(+), 2 deletions(-) >> - create mode 100644 tests/data/test1152 >> - >> -diff --git a/lib/ftp.c b/lib/ftp.c >> -index 5edec37..493dbf9 100644 >> ---- a/lib/ftp.c >> -+++ b/lib/ftp.c >> -@@ -2826,6 +2826,7 @@ static CURLcode ftp_statemach_act(struct >> connectdata *conn) >> - const size_t buf_size = data->set.buffer_size; >> - char *dir; >> - char *store; >> -+ bool entry_extracted = FALSE; >> - >> - dir = malloc(nread + 1); >> - if(!dir) >> -@@ -2857,7 +2858,7 @@ static CURLcode ftp_statemach_act(struct >> connectdata *conn) >> - } >> - else { >> - /* end of path */ >> -- *store = '\0'; /* zero terminate */ >> -+ entry_extracted = TRUE; >> - break; /* get out of this loop */ >> - } >> - } >> -@@ -2866,7 +2867,9 @@ static CURLcode ftp_statemach_act(struct >> connectdata *conn) >> - store++; >> - ptr++; >> - } >> -- >> -+ *store = '\0'; /* zero terminate */ >> -+ } >> -+ if(entry_extracted) { >> - /* If the path name does not look like an absolute path >> (i.e.: it >> - does not start with a '/'), we probably need some >> server-dependent >> - adjustments. For example, this is the case when connecting >> to >> -diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc >> -index 7adbee6..5284654 100644 >> ---- a/tests/data/Makefile.inc >> -+++ b/tests/data/Makefile.inc >> -@@ -121,6 +121,8 @@ test1120 test1121 test1122 test1123 test1124 >> test1125 test1126 test1127 \ >> - test1128 test1129 test1130 test1131 test1132 test1133 test1134 test1135 >> \ >> - test1136 test1137 test1138 test1139 test1140 test1141 test1142 test1143 >> \ >> - test1144 test1145 test1146 \ >> -+test1152 \ >> -+\ >> - test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 >> \ >> - test1208 test1209 test1210 test1211 test1212 test1213 test1214 test1215 >> \ >> - test1216 test1217 test1218 test1219 \ >> -diff --git a/tests/data/test1152 b/tests/data/test1152 >> -new file mode 100644 >> -index 0000000..aa8c0a7 >> ---- /dev/null >> -+++ b/tests/data/test1152 >> -@@ -0,0 +1,61 @@ >> -+<testcase> >> -+<info> >> -+<keywords> >> -+FTP >> -+PASV >> -+LIST >> -+</keywords> >> -+</info> >> -+# >> -+# Server-side >> -+<reply> >> -+<servercmd> >> -+REPLY PWD 257 "just one >> -+</servercmd> >> -+ >> -+# When doing LIST, we get the default list output hard-coded in the test >> -+# FTP server >> -+<data mode="text"> >> -+total 20 >> -+drwxr-xr-x 8 98 98 512 Oct 22 13:06 . >> -+drwxr-xr-x 8 98 98 512 Oct 22 13:06 .. >> -+drwxr-xr-x 2 98 98 512 May 2 1996 curl-releases >> -+-r--r--r-- 1 0 1 35 Jul 16 1996 README >> -+lrwxrwxrwx 1 0 1 7 Dec 9 1999 bin -> usr/bin >> -+dr-xr-xr-x 2 0 1 512 Oct 1 1997 dev >> -+drwxrwxrwx 2 98 98 512 May 29 16:04 download.html >> -+dr-xr-xr-x 2 0 1 512 Nov 30 1995 etc >> -+drwxrwxrwx 2 98 1 512 Oct 30 14:33 pub >> -+dr-xr-xr-x 5 0 1 512 Oct 1 1997 usr >> -+</data> >> -+</reply> >> -+ >> -+# >> -+# Client-side >> -+<client> >> -+<server> >> -+ftp >> -+</server> >> -+ <name> >> -+FTP with uneven quote in PWD response >> -+ </name> >> -+ <command> >> -+ftp://%HOSTIP:%FTPPORT/test-1152/ >> -+</command> >> -+</client> >> -+ >> -+# >> -+# Verify data after the test has been "shot" >> -+<verify> >> -+<protocol> >> -+USER anonymous >> -+PASS [email protected] >> -+PWD >> -+CWD test-1152 >> -+EPSV >> -+TYPE A >> -+LIST >> -+QUIT >> -+</protocol> >> -+</verify> >> -+</testcase> >> --- >> -2.11.0 >> - >> diff --git a/meta/recipes-support/curl/curl/reproducible-mkhelp.patch >> b/meta/recipes-support/curl/curl/reproducible-mkhelp.patch >> deleted file mode 100644 >> index 268bbeb..0000000 >> --- a/meta/recipes-support/curl/curl/reproducible-mkhelp.patch >> +++ /dev/null >> @@ -1,32 +0,0 @@ >> -From 1fe92fd3dd64c7228f6ff41e3fc16c4f2392471a Mon Sep 17 00:00:00 2001 >> -From: Juro Bystricky <[email protected]> >> -Date: Fri, 27 Oct 2017 08:28:25 -0700 >> -Subject: mkhelp.pl: support reproducible build >> - >> -Do not generate line with the current date, such as: >> - >> -* Generation time: Tue Oct-24 18:01:41 2017 >> - >> -This will improve reproducibility. The generated string is only >> -part of a comment, so there should be no adverse consequences. >> - >> -Upstream-Status: Submitted [ https://github.com/curl/curl/pull/2026 ] >> - >> -Signed-off-by: Juro Bystricky <[email protected]> >> - >> -diff --git a/src/mkhelp.pl b/src/mkhelp.pl >> -index 270daa2..757f024 100755 >> ---- a/src/mkhelp.pl >> -+++ b/src/mkhelp.pl >> -@@ -102,11 +102,9 @@ while(<READ>) { >> - } >> - close(READ); >> - >> --$now = localtime; >> - print <<HEAD >> - /* >> - * NEVER EVER edit this manually, fix the mkhelp.pl script instead! >> -- * Generation time: $now >> - */ >> - #ifdef USE_MANUAL >> - #include "tool_hugehelp.h" >> diff --git a/meta/recipes-support/curl/curl_7.54.1.bb >> b/meta/recipes-support/curl/curl_7.57.0.bb >> similarity index 86% >> rename from meta/recipes-support/curl/curl_7.54.1.bb >> rename to meta/recipes-support/curl/curl_7.57.0.bb >> index 58f0531..47e3d45 100644 >> --- a/meta/recipes-support/curl/curl_7.54.1.bb >> +++ b/meta/recipes-support/curl/curl_7.57.0.bb >> @@ -7,23 +7,16 @@ LIC_FILES_CHKSUM = "file://COPYING;beginline=8;md >> 5=3a34942f4ae3fbf1a303160714e66 >> >> SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ >> file://0001-replace-krb5-config-with-pkg-config.patch \ >> - file://CVE-2017-1000099.patch \ >> - file://CVE-2017-1000100.patch \ >> - file://CVE-2017-1000101.patch \ >> - file://CVE-2017-1000254.patch \ >> " >> >> -SRC_URI_append_class-target = " \ >> - file://reproducible-mkhelp.patch \ >> -" >> >> # curl likes to set -g0 in CFLAGS, so we stop it >> # from mucking around with debug options >> # >> SRC_URI += " file://configure_ac.patch" >> >> -SRC_URI[md5sum] = "6b6eb722f512e7a24855ff084f54fe55" >> -SRC_URI[sha256sum] = "fdfc4df2d001ee0c44ec071186e77 >> 0046249263c491fcae48df0e1a3ca8f25a0" >> +SRC_URI[md5sum] = "dd3e22e923be17663e67f721c2aec054" >> +SRC_URI[sha256sum] = "c92fe31a348eae079121b73884065 >> e600c533493eb50f1f6cee9c48a3f454826" >> >> CVE_PRODUCT = "libcurl" >> inherit autotools pkgconfig binconfig multilib_header >> @@ -64,9 +57,6 @@ EXTRA_OECONF = " \ >> --without-libpsl \ >> " >> >> -do_install_append() { >> - oe_multilib_header curl/curlbuild.h >> -} >> >> do_install_append_class-target() { >> # cleanup buildpaths from curl-config >> >> -- >> To stop receiving notification emails like this one, please contact >> the administrator of this repository. >> -- >> _______________________________________________ >> Openembedded-commits mailing list >> [email protected] >> http://lists.openembedded.org/mailman/listinfo/openembedded-commits >> > >
-- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
