* [PATCH] curl: Update to 8.18.0
@ 2026-01-09 14:33 robert.joslyn
0 siblings, 0 replies; only message in thread
From: robert.joslyn @ 2026-01-09 14:33 UTC (permalink / raw)
To: openembedded-core; +Cc: Robert Joslyn
From: Robert Joslyn <robert.joslyn@redrectangle.org>
Addresses six CVEs from 8.17.0:
* CVE-2025-13034
* CVE-2025-14017
* CVE-2025-14524
* CVE-2025-14819
* CVE-2025-15079
* CVE-2025-15224
https://curl.se/ch/8.18.0.html
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
---
meta/recipes-support/curl/curl/no-test-timeout.patch | 9 +++++----
.../curl/{curl_8.17.0.bb => curl_8.18.0.bb} | 2 +-
2 files changed, 6 insertions(+), 5 deletions(-)
rename meta/recipes-support/curl/{curl_8.17.0.bb => curl_8.18.0.bb} (98%)
diff --git a/meta/recipes-support/curl/curl/no-test-timeout.patch b/meta/recipes-support/curl/curl/no-test-timeout.patch
index 34e46fed6d..3ece55cab6 100644
--- a/meta/recipes-support/curl/curl/no-test-timeout.patch
+++ b/meta/recipes-support/curl/curl/no-test-timeout.patch
@@ -1,7 +1,8 @@
-From 42cddb52e821cfc2f09f1974742714e5f2f1856e Mon Sep 17 00:00:00 2001
+From 30fb6d1ce4cc721feef5665934f2b7f83fb50efb Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@arm.com>
Date: Fri, 15 Mar 2024 14:37:37 +0000
Subject: [PATCH] Set the max-time timeout to 600 so the timeout is 10 minutes
+
instead of 13 seconds.
Upstream-Status: Inappropriate
@@ -11,12 +12,12 @@ Signed-off-by: Ross Burton <ross.burton@arm.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/servers.pm b/tests/servers.pm
-index d4472d5..9999938 100644
+index 5d5d98b..442cfaf 100644
--- a/tests/servers.pm
+++ b/tests/servers.pm
-@@ -125,7 +125,7 @@ my $sshdverstr; # for socks server, ssh daemon version string
+@@ -124,7 +124,7 @@ my $sshdverstr; # for socks server, ssh daemon version string
my $sshderror; # for socks server, ssh daemon version error
- my %doesntrun; # servers that don't work, identified by pidfile
+ my %doesntrun; # servers that do not work, identified by pidfile
my %PORT = (nolisten => 47); # port we use for a local non-listening service
-my $server_response_maxtime=13;
+my $server_response_maxtime=600;
diff --git a/meta/recipes-support/curl/curl_8.17.0.bb b/meta/recipes-support/curl/curl_8.18.0.bb
similarity index 98%
rename from meta/recipes-support/curl/curl_8.17.0.bb
rename to meta/recipes-support/curl/curl_8.18.0.bb
index 315364902e..b94da348b7 100644
--- a/meta/recipes-support/curl/curl_8.17.0.bb
+++ b/meta/recipes-support/curl/curl_8.18.0.bb
@@ -20,7 +20,7 @@ SRC_URI:append:class-nativesdk = " \
file://environment.d-curl.sh \
"
-SRC_URI[sha256sum] = "955f6e729ad6b3566260e8fef68620e76ba3c31acf0a18524416a185acf77992"
+SRC_URI[sha256sum] = "40df79166e74aa20149365e11ee4c798a46ad57c34e4f68fd13100e2c9a91946"
# Curl has used many names over the years...
CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
--
2.52.0
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-01-09 14:33 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-01-09 14:33 [PATCH] curl: Update to 8.18.0 robert.joslyn
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox