summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/curl
Commit message (Collapse)AuthorAgeFilesLines
* curl: upgrade 7.75.0 -> 7.76.0wangmy37 hours1-1/+2
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes-support: Add missing HOMEPAGE and DESCRIPTION for recipesMeh Mbeh Ida Delphine2021-03-021-0/+4
| | | | | | | Fixes: [YOCTO #13471] Signed-off-by: Ida Delphine <idadelm@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade 7.74.0 -> 7.75.0Anuj Mittal2021-02-191-2/+2
| | | | | | | License-Update: copyright years changed Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Update 7.73.0 -> 7.74.0Khairul Rohaizzat Jamaluddin2020-12-241-1/+1
| | | | | | | | | | | | | | | | | update to version 7.74.0 curl 7.74.0 hsts: add experimental support for Strict-Transport-Security with various bug fixes Reference: https://curl.se/changes.html#7_74_0 update includes fix for CVE: CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade 7.72.0 -> 7.73.0Alexander Kanavin2020-11-031-1/+1
| | | | | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Change SRC_URI from http to httpsRandy MacLeod2020-09-231-1/+1
| | | | | | | | | | The official links on: https://curl.haxx.se/download.html use https now and we're seeing this warning: WARNING: curl-native-7.72.0-r0 do_fetch: Failed to fetch URL http://curl.haxx.se/download/curl-7.72.0.tar.bz2, attempting MIRRORS if available Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: add vendors to CVE_PRODUCT to exclude false positivesRoss Burton2020-09-081-1/+3
| | | | | | | | To avoid false positives (such as CVE-2010-0734, rubygems:curl), expand the CVE_PRODUCT list to include all the vendors that have been used. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Upgrade to 7.72.0uninative-2.9Khem Raj2020-08-211-1/+1
| | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade 7.71.0 -> 7.71.1Pierre-Jean Texier2020-07-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | This release includes the following bugfixes: - cirrus-ci: disable FreeBSD 13 (again) - Curl_inet_ntop: always check the return code - CURLOPT_READFUNCTION.3: provide the upload data size up front - DYNBUF.md: fix a typo: trail => tail - escape: make the URL decode able to reject only %00-bytes - escape: zero length input should return a zero length output - examples/multithread.c: call curl_global_cleanup() - http2: set the correct URL in pushed transfers - http: fix proxy auth with blank password - mbedtls: fix build with disabled proxy support - ngtcp2: sync with current master - openssl: Fix compilation on Windows when ngtcp2 is enabled - Revert "multi: implement wait using winsock events" - sendf: improve the message on client write errors - terminology: call them null-terminated strings - tool_cb_hdr: Fix etag warning output and return code - url: allow user + password to contain "control codes" for HTTP(S) - vtls: compare cert blob when finding a connection to reuse Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade 7.70.0 -> 7.71.0Pierre-Jean Texier2020-06-251-2/+1
| | | | | | | | | | | | | | | | | | | | | | | This release includes the following changes: - CURLOPT_SSL_OPTIONS: optional use of Windows' CA store (with openssl) [10] - setopt: add CURLOPT_PROXY_ISSUERCERT(_BLOB) for coherency [31] - setopt: support certificate options in memory with struct curl_blob [41] - tool: Add option --retry-all-errors to retry on any error [27] This release includes the following bugfixes: - CVE-2020-8177: curl overwrite local file with -J [111] - CVE-2020-8169: Partial password leak over DNS on HTTP redirect [48] - *_sspi: fix bad uses of CURLE_NOT_BUILT_IN [21] - all: fix codespell errors [75] - altsvc: bump to h3-29 [114] ... See full changelog: https://curl.haxx.se/changes.html#7_71_0 Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: add debug infoRasmus Villemoes2020-06-171-0/+3
| | | | | | | | | | | | | | | | | | | | Currently, curl (and libcurl) is built without debug info, making the curl-dbg package rather useless. Since debug symbols are automatically stripped and put in that package by the build system, making sure that curl is built with -g shouldn't hurt anything, but will help those that try to debug a libcurl-using application and hence explicitly include curl-dbg in their rootfs. Unfortunately, setting --enable-debug then changes the default value of the optimize option from (assume yes) to (assume no), while also changing the default value of the curldebug option [which is a separate thing that actually changes generated code to add some memory tracking] from (assume no) to (assume yes). So explicitly pass the appropriate options that make those two have the same value as they used to have by default. Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: support mqtt in PACKAGECONFIGPierre-Jean Texier2020-05-031-0/+1
| | | | | | | | | | | | | | The version 7.70.0 of curl add experimental support for this protocol. So, add PACKAGECONFIG for mqtt. See [1] for more informations. [1] - https://github.com/curl/curl/blob/master/docs/MQTT.md Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade 7.69.1 -> 7.70.0Pierre-Jean Texier2020-05-031-2/+2
| | | | | | | See full changelog https://curl.haxx.se/changes.html#7_70_0 Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade 7.69.0 -> 7.69.1Pierre-Jean Texier2020-03-121-2/+2
| | | | | | | | | | Contains a number of fixes for issues discovered post-7.69.0. For details, see full changelog: https://curl.haxx.se/changes.html#7_69_1 Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glew/curl: specify exclusive package configsKai Kang2020-03-111-2/+2
| | | | | | | | Specify exclusive package configs for glew and curl to make sure that conflict package configs will NOT set at same time. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade 7.68.0 -> 7.69.0Pierre-Jean Texier2020-03-071-2/+2
| | | | | | | | | Bugfix release. For details, see full changelog - https://curl.haxx.se/changes.html#7_69_0 Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade 7.67.0 -> 7.68.0Pierre-Jean Texier2020-01-161-3/+3
| | | | | | | | | | | | | See full changelog https://curl.haxx.se/changes.html#7_68_0 The hash of the license is updated because the copyright year was updated in COPYING file: -Copyright (c) 1996 - 2019, Daniel Stenberg, <daniel@haxx.se>, and many +Copyright (c) 1996 - 2020, Daniel Stenberg, <daniel@haxx.se>, and many Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl:upgrade 7.66.0 -> 7.67.0Zang Ruochen2019-11-141-2/+2
| | | | | Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: update to 7.66.0Oleksandr Kravchuk2019-09-161-2/+2
| | | | | Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade 7.65.2 -> 7.65.3Zang Ruochen2019-07-261-2/+2
| | | | | Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade 7.65.1 -> 7.65.2Anuj Mittal2019-07-181-2/+2
| | | | | | | | Changelog: https://curl.haxx.se/changes.html#7_65_2 Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl:upgrade 7.64.1 -> 7.65.1Zang Ruochen2019-06-191-2/+2
| | | | | | | -Upgrade from curl_7.64.1.bb to curl_7.65.1.bb. Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: update to 7.64.1Oleksandr Kravchuk2019-04-121-2/+2
| | | | | Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade 7.63.0 -> 7.64.0Richard Purdie2019-02-251-3/+3
| | | | | | | | | | | The license checksum changed as the copyright years changed. Fixes: - CVE-2018-16890: NTLM type-2 out-of-bounds buffer read - CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow - CVE-2019-3823: SMTP end-of-response out-of-bounds read Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: update to 7.63Armin Kuster2019-01-031-2/+2
| | | | | | | | | | | | | | Changes: curl: add %{stderr} and %{stdout} for --write-out curl: add undocumented option --dump-module-paths for win32 setopt: add CURLOPT_CURLU For full list of changes see: https://curl.haxx.se/changes.html Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Add PACKAGECONFIG to enable NSS supportOtavio Salvador2018-12-131-0/+1
| | | | | Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: update to 7.62.0Armin Kuster2018-11-205-156/+2
| | | | | | | | | Drop all CVE patches now included in update. For details see: https://curl.haxx.se/changes.html Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: actually apply latest CVE patchesRoss Burton2018-11-091-0/+3
| | | | | Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842Changqing Li2018-11-063-0/+113
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: extend CVE_PRODUCTGrygorii Tertychnyi2018-10-291-1/+1
| | | | | | | | | | | There are both "curl" and "libcurl" CPEs in NVD. All "curl" CVEs are now missed in the reports. Hence, switch "CVE_PRODUCT" to a space separated list of the items. Signed-off-by: Grygorii Tertychnyi <gtertych@cisco.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Include the complete license informationPeter Kjellerstedt2018-10-091-1/+1
| | | | | | | | | | | For some reason, the copyright part was left out of the license information included in LIC_FILES_CHKSUM, preventing it from being used in, e.g., documentation to satisfy the requirements of the license. License-Update: Include the complete license information Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: CVE-2018-14618Zhixiong Chi2018-09-202-0/+38
| | | | | | | | | | Backport the CVE patch from the upstream https://github.com/curl/curl/commit/57d299a499155d4b327e341c6024e293b0418243.patch https://curl.haxx.se/docs/CVE-2018-14618.html https://nvd.nist.gov/vuln/detail/CVE-2018-14618 Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* curl: support multilib installation of curl-configChangqing Li2018-08-141-0/+3
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: enable libidnRoss Burton2018-07-301-1/+1
| | | | | | Now that oe-core has libidn2 we can enable it by default in target curl builds. Signed-off-by: Ross Burton <ross.burton@intel.com>
* curl: disable C source code generatorAndre McCurdy2018-07-261-0/+1
| | | | | | | | | | | | | | | The --libcurl command line option causes curl to generate C source code which, when compiled and linked with libcurl, creates a binary which behaves in the same way as curl when run with the other options passed on the curl command line. https://curl.haxx.se/docs/manpage.html#--libcurl It's a development tool and not generally useful on the target, especially if the target doesn't contain a toolchain etc. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* curl: add PACKAGECONFIG options for brotli, built-in manpages, etcAndre McCurdy2018-07-181-3/+7
| | | | | | | | | | | | | | | | - Add PACKAGECONFIG option for brotli (disable by default) - Add PACKAGECONFIG option for built-in manpages (disabled by default). Embedding a copy of the manpages within the curl binary adds approx 60k of gzipped data and duplicates the contents of the curl-doc package. - Add PACKAGECONFIG option for verbose error messages (enabled by default) - Disable legacy NTLM http authentication via delegation to the external winbind ntlm_auth helper (which isn't going to work without a runtime dependency on samba). Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* curl: update 7.60.0 -> 7.61.0Andre McCurdy2018-07-181-2/+2
| | | | | | | https://curl.haxx.se/changes.html#7_61_0 Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* curl: support mbedtls in PACKAGECONFIGBinghua Guan2018-07-061-0/+1
| | | | | Signed-off-by: Binghua Guan <freebendy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* curl: update 7.59.0 -> 7.60.0Andre McCurdy2018-05-293-32/+13
| | | | | | | | | | | | | https://curl.haxx.se/changes.html#7_60_0 Also refresh 0001-replace-krb5-config-with-pkg-config.patch and drop configure_ac.patch, which we've apparently been dragging along unnecessarily for the past 5 years: https://github.com/curl/curl/commit/c277bd6ce7069819484eb3dc30b5858735fde377 Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* curl: update to 7.59.0Armin Kuster2018-05-041-2/+2
| | | | | Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: DEPENDS on libidn2 (not libidn)André Draszik2018-04-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since v7.51.0, libidn2 is the only available option, libidn support was dropped. The configure option was renamed as of v7.53.0 Therefore, curl unconditionally tries to build against libidn2, which in particular is a problem for curl-native, as that might or might not build against the build-machine's libidn2 now, which furthermore causes problems when trying to share sstate between multiple build machines. We therefore see the following in the config log: ... checking whether to build with libidn2... (assumed) yes ... checking for libidn2 options with pkg-config... no configure: IDN_LIBS: "-lidn2" configure: IDN_LDFLAGS: "" configure: IDN_CPPFLAGS: "" configure: IDN_DIR: "" checking if idn2_lookup_ul can be linked... yes checking idn2.h usability... yes checking idn2.h presence... yes checking for idn2.h... yes ... IDN support: enabled (libidn2) ... even though this recipe tries to disable that. While libidn2 isn't available in OE, this change at least: * prevents curl-native to silently build against libidn2 if that is installed on build machine, even if not requested * alerts people who use the PACKAGECONFIG option that it's not actually doing what they intend to do Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.58.0Oleksandr Kravchuk2018-02-241-2/+2
| | | | | Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* curl: 7.54.1 -> 7.57.0Huang Qiyu2018-01-266-373/+2
| | | | | | | | | 1.Upgrade curl from 7.54.1 to 7.57.0. 2.Delete CVE-2017-1000099.patch, CVE-2017-1000100.patch, CVE-2017-1000101.patch, CVE-2017-1000254.patch, reproducible-mkhelp.patch, since it is integrated upstream. 3.Remove "do_install_append()" from curl_7.57.0.bb, since curl/curlbuild.h has been removed. Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* curl_7.54.1.bb: improve reproducibilityJuro Bystricky2017-11-082-1/+41
| | | | | | | | | | Improve reproducible build of curl-dev and curl-dbg packages. curl-dev: Correctly remove build host references from curl-config curl-dbg: Do not generate time stamps in files generated by mkhelp.pl Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* curl: Security Advisory - curl - CVE-2017-1000254Li Zhou2017-11-052-0/+139
| | | | | | | | Porting patch from <https://github.com/curl/curl/commit/ 5ff2c5ff25750aba1a8f64fbcad8e5b891512584> to solve CVE-2017-1000254. Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* curl: add 'enable-ares' packageconfig optionJavier Viguera2017-11-051-0/+2
| | | | | | | | | | | | This build time option is needed to use the '--dns-interface' runtime parameter to instruct 'curl' to use a specific interface for DNS resolution. Not enabled by default, as it depends on 'c-ares' package from meta-openembedded (meta-networking). Signed-off-by: Javier Viguera <javier.viguera@digi.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* curl: Added option to enable http2 protocol.baali2017-09-261-1/+1
| | | | | | | | | | With default --without-nghttp2 flag set there was no way to get http2 protocol support using nghttp2 library. Instead moved it to PACKAGECONFIG options Signed-off-by: baali <shantanu@senic.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: fix CVE-2017-1000099, 1000100, 1000101Wenzong Fan2017-09-054-0/+194
| | | | | | | | | | | | | | | | | | Backport upstream commits to fix: - CVE-2017-1000099 https://curl.haxx.se/docs/adv_20170809C.html https://curl.haxx.se/CVE-2017-1000099.patch - CVE-2017-1000100 https://curl.haxx.se/docs/adv_20170809B.html https://curl.haxx.se/CVE-2017-1000100.patch - CVE-2017-1000101 https://curl.haxx.se/docs/adv_20170809A.html https://curl.haxx.se/CVE-2017-1000101.patch Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: enable threaded resolverAndré Draszik2017-09-051-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | Multi-threaded applications using libcurl crash on DNS timeouts when built using OE. The reason is as follows: By default, libcurl implements DNS timeouts using a timer (alarm()) and a pair of setjmp()/longjmp(). This approach is unsafe in multi-threaded applications for various reasons, as e.g. explained in the relevant man-pages. To avoid this, libcurl can be compiled with a built-in threaded resolver, or against the c-ares asynchronous resolver library. To keep extra dependencies to a minimum, and to mimic other distributions (debian at least), and because c-ares is not available in OE-core, add a PACKAGECONFIG to be able to enable use of of the built-in threaded resolver and enable it by default. Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: update to 7.54.1Oleksandr Kravchuk2017-06-281-2/+2
| | | | | Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com> Signed-off-by: Ross Burton <ross.burton@intel.com>