From: robert.joslyn@redrectangle.org
To: openembedded-core@lists.openembedded.org
Cc: Robert Joslyn <robert.joslyn@redrectangle.org>
Subject: [PATCH] curl: Update to 8.18.0
Date: Fri, 9 Jan 2026 06:33:11 -0800 [thread overview]
Message-ID: <20260109143311.536300-1-robert.joslyn@redrectangle.org> (raw)
From: Robert Joslyn <robert.joslyn@redrectangle.org>
Addresses six CVEs from 8.17.0:
* CVE-2025-13034
* CVE-2025-14017
* CVE-2025-14524
* CVE-2025-14819
* CVE-2025-15079
* CVE-2025-15224
https://curl.se/ch/8.18.0.html
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
---
meta/recipes-support/curl/curl/no-test-timeout.patch | 9 +++++----
.../curl/{curl_8.17.0.bb => curl_8.18.0.bb} | 2 +-
2 files changed, 6 insertions(+), 5 deletions(-)
rename meta/recipes-support/curl/{curl_8.17.0.bb => curl_8.18.0.bb} (98%)
diff --git a/meta/recipes-support/curl/curl/no-test-timeout.patch b/meta/recipes-support/curl/curl/no-test-timeout.patch
index 34e46fed6d..3ece55cab6 100644
--- a/meta/recipes-support/curl/curl/no-test-timeout.patch
+++ b/meta/recipes-support/curl/curl/no-test-timeout.patch
@@ -1,7 +1,8 @@
-From 42cddb52e821cfc2f09f1974742714e5f2f1856e Mon Sep 17 00:00:00 2001
+From 30fb6d1ce4cc721feef5665934f2b7f83fb50efb Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@arm.com>
Date: Fri, 15 Mar 2024 14:37:37 +0000
Subject: [PATCH] Set the max-time timeout to 600 so the timeout is 10 minutes
+
instead of 13 seconds.
Upstream-Status: Inappropriate
@@ -11,12 +12,12 @@ Signed-off-by: Ross Burton <ross.burton@arm.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/servers.pm b/tests/servers.pm
-index d4472d5..9999938 100644
+index 5d5d98b..442cfaf 100644
--- a/tests/servers.pm
+++ b/tests/servers.pm
-@@ -125,7 +125,7 @@ my $sshdverstr; # for socks server, ssh daemon version string
+@@ -124,7 +124,7 @@ my $sshdverstr; # for socks server, ssh daemon version string
my $sshderror; # for socks server, ssh daemon version error
- my %doesntrun; # servers that don't work, identified by pidfile
+ my %doesntrun; # servers that do not work, identified by pidfile
my %PORT = (nolisten => 47); # port we use for a local non-listening service
-my $server_response_maxtime=13;
+my $server_response_maxtime=600;
diff --git a/meta/recipes-support/curl/curl_8.17.0.bb b/meta/recipes-support/curl/curl_8.18.0.bb
similarity index 98%
rename from meta/recipes-support/curl/curl_8.17.0.bb
rename to meta/recipes-support/curl/curl_8.18.0.bb
index 315364902e..b94da348b7 100644
--- a/meta/recipes-support/curl/curl_8.17.0.bb
+++ b/meta/recipes-support/curl/curl_8.18.0.bb
@@ -20,7 +20,7 @@ SRC_URI:append:class-nativesdk = " \
file://environment.d-curl.sh \
"
-SRC_URI[sha256sum] = "955f6e729ad6b3566260e8fef68620e76ba3c31acf0a18524416a185acf77992"
+SRC_URI[sha256sum] = "40df79166e74aa20149365e11ee4c798a46ad57c34e4f68fd13100e2c9a91946"
# Curl has used many names over the years...
CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
--
2.52.0
reply other threads:[~2026-01-09 14:33 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260109143311.536300-1-robert.joslyn@redrectangle.org \
--to=robert.joslyn@redrectangle.org \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox