1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-16 15:57:04 +00:00

curl: ignore CVE-2025-4947 and CVE-2025-5025

These CVEs are for integration with WolfSSL which is not supported by
this recipe.
Ignore it if openssl packageconfig is enabled as it was done also in
scarthgap branch.

(From OE-Core rev: 93ae0758ef35031c21a29f84e5481d99c218a232)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Peter Marko
2025-07-13 15:30:35 +02:00
committed by Steve Sakoman
parent b7460a996b
commit 9fd2537a3f
+2
View File
@@ -25,6 +25,8 @@ SRC_URI[sha256sum] = "0341f1ed97a26c811abaebd37d62b833956792b7607ea3f15d001613c7
# Curl has used many names over the years...
CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
CVE_STATUS[CVE-2024-32928] = "ignored: CURLOPT_SSL_VERIFYPEER was disabled on google cloud services causing a potential man in the middle attack"
CVE_STATUS[CVE-2025-4947] = "${@bb.utils.contains('PACKAGECONFIG', 'openssl', 'not-applicable-config: applicable only with wolfssl', 'unpatched', d)}"
CVE_STATUS[CVE-2025-5025] = "${@bb.utils.contains('PACKAGECONFIG', 'openssl', 'not-applicable-config: applicable only with wolfssl', 'unpatched', d)}"
inherit autotools pkgconfig binconfig multilib_header ptest