From 9fd2537a3fe3137c7ad84c13f145176f3e290dc7 Mon Sep 17 00:00:00 2001 From: Peter Marko Date: Sun, 13 Jul 2025 15:30:35 +0200 Subject: [PATCH] curl: ignore CVE-2025-4947 and CVE-2025-5025 These CVEs are for integration with WolfSSL which is not supported by this recipe. Ignore it if openssl packageconfig is enabled as it was done also in scarthgap branch. (From OE-Core rev: 93ae0758ef35031c21a29f84e5481d99c218a232) Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- meta/recipes-support/curl/curl_8.12.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-support/curl/curl_8.12.1.bb b/meta/recipes-support/curl/curl_8.12.1.bb index 4192693da8..9e279bbad1 100644 --- a/meta/recipes-support/curl/curl_8.12.1.bb +++ b/meta/recipes-support/curl/curl_8.12.1.bb @@ -25,6 +25,8 @@ SRC_URI[sha256sum] = "0341f1ed97a26c811abaebd37d62b833956792b7607ea3f15d001613c7 # Curl has used many names over the years... CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" CVE_STATUS[CVE-2024-32928] = "ignored: CURLOPT_SSL_VERIFYPEER was disabled on google cloud services causing a potential man in the middle attack" +CVE_STATUS[CVE-2025-4947] = "${@bb.utils.contains('PACKAGECONFIG', 'openssl', 'not-applicable-config: applicable only with wolfssl', 'unpatched', d)}" +CVE_STATUS[CVE-2025-5025] = "${@bb.utils.contains('PACKAGECONFIG', 'openssl', 'not-applicable-config: applicable only with wolfssl', 'unpatched', d)}" inherit autotools pkgconfig binconfig multilib_header ptest