From: Peter Marko <[email protected]> Bugfix release for 8.11.0 regressions.
Solves CVE-2024-11053 Drop patch which was done differently upstream. Signed-off-by: Peter Marko <[email protected]> --- ...pc.in-drop-LDFLAGS-from-Libs.private.patch | 39 ------------------- .../curl/{curl_8.11.0.bb => curl_8.11.1.bb} | 3 +- 2 files changed, 1 insertion(+), 41 deletions(-) delete mode 100644 meta/recipes-support/curl/curl/0001-libcurl.pc.in-drop-LDFLAGS-from-Libs.private.patch rename meta/recipes-support/curl/{curl_8.11.0.bb => curl_8.11.1.bb} (97%) diff --git a/meta/recipes-support/curl/curl/0001-libcurl.pc.in-drop-LDFLAGS-from-Libs.private.patch b/meta/recipes-support/curl/curl/0001-libcurl.pc.in-drop-LDFLAGS-from-Libs.private.patch deleted file mode 100644 index 79fc0b316e7..00000000000 --- a/meta/recipes-support/curl/curl/0001-libcurl.pc.in-drop-LDFLAGS-from-Libs.private.patch +++ /dev/null @@ -1,39 +0,0 @@ -From cfd5d794fdfcc12e386fdbb14161babf54d2a5ee Mon Sep 17 00:00:00 2001 -From: Peter Marko <[email protected]> -Date: Sat, 9 Nov 2024 22:26:58 +0100 -Subject: [PATCH] libcurl.pc.in: drop LDFLAGS from Libs.private - -Stop passing linker flags to pkg-config. - -This was added in v8.11.0 with commit [1]. -There are several problems with this, especially: -* user may want to link curl and application with different flags -* user usually adds the same or similar flags in all components, so this - will double the flags when linking application -* when building components in temporary directories, these directories - are preserved in pkg-config linker flags and are invalid when building - application - -[1] https://github.com/curl/curl/commit/9f56bb608ecfbb8978c6cb72a04d9e8b23162d82 - -Upstream-Status: Submitted [https://github.com/curl/curl/pull/15533] -Signed-off-by: Peter Marko <[email protected]> ---- - libcurl.pc.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libcurl.pc.in b/libcurl.pc.in -index 4c60a7ec7..7898dae35 100644 ---- a/libcurl.pc.in -+++ b/libcurl.pc.in -@@ -36,6 +36,6 @@ Version: @CURLVERSION@ - Requires: @LIBCURL_PC_REQUIRES@ - Requires.private: @LIBCURL_PC_REQUIRES_PRIVATE@ - Libs: -L${libdir} -lcurl @LIBCURL_PC_LIBS@ --Libs.private: @LDFLAGS@ @LIBCURL_PC_LIBS_PRIVATE@ -+Libs.private: @LIBCURL_PC_LIBS_PRIVATE@ - Cflags: -I${includedir} @LIBCURL_PC_CFLAGS@ - Cflags.private: @LIBCURL_PC_CFLAGS_PRIVATE@ --- -2.30.2 - diff --git a/meta/recipes-support/curl/curl_8.11.0.bb b/meta/recipes-support/curl/curl_8.11.1.bb similarity index 97% rename from meta/recipes-support/curl/curl_8.11.0.bb rename to meta/recipes-support/curl/curl_8.11.1.bb index a512aa443c8..b4d80e9643c 100644 --- a/meta/recipes-support/curl/curl_8.11.0.bb +++ b/meta/recipes-support/curl/curl_8.11.1.bb @@ -14,9 +14,8 @@ SRC_URI = " \ file://run-ptest \ file://disable-tests \ file://no-test-timeout.patch \ - file://0001-libcurl.pc.in-drop-LDFLAGS-from-Libs.private.patch \ " -SRC_URI[sha256sum] = "db59cf0d671ca6e7f5c2c5ec177084a33a79e04c97e71cf183a5cdea235054eb" +SRC_URI[sha256sum] = "c7ca7db48b0909743eaef34250da02c19bc61d4f1dcedd6603f109409536ab56" # Curl has used many names over the years... CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" -- 2.30.2
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#208605): https://lists.openembedded.org/g/openembedded-core/message/208605 Mute This Topic: https://lists.openembedded.org/mt/110066429/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
