@@ -1,10 +1,17 @@
-Set the max-time timeout to 600 so the timeout is 10 minutes instead of 13 seconds.
+From 42cddb52e821cfc2f09f1974742714e5f2f1856e Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Fri, 15 Mar 2024 14:37:37 +0000
+Subject: [PATCH] Set the max-time timeout to 600 so the timeout is 10 minutes
+ instead of 13 seconds.
Upstream-Status: Inappropriate
Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ tests/servers.pm | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/servers.pm b/tests/servers.pm
-index d4472d509..aeab62c47 100644
+index d4472d5..9999938 100644
--- a/tests/servers.pm
+++ b/tests/servers.pm
@@ -120,7 +120,7 @@ my $sshdverstr; # for socks server, ssh daemon version string
similarity index 98%
rename from meta/recipes-support/curl/curl_8.6.0.bb
rename to meta/recipes-support/curl/curl_8.7.1.bb
@@ -15,7 +15,7 @@ SRC_URI = " \
file://disable-tests \
file://no-test-timeout.patch \
"
-SRC_URI[sha256sum] = "3ccd55d91af9516539df80625f818c734dc6f2ecf9bada33c76765e99121db15"
+SRC_URI[sha256sum] = "6fea2aac6a4610fbd0400afb0bcddbe7258a64c63f1f68e5855ebc0c659710cd"
# Curl has used many names over the years...
CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
This includes 4 security fixes: CVE-2024-2466 - TLS certificate check bypass with mbedTLS CVE-2024-2398 - HTTP/2 push headers memory-leak CVE-2024-2379 - QUIC certificate check bypass with wolfSSL CVE-2024-2004 - Usage of disabled protocol Along with many other changes, mostly bugfixes: https://curl.se/changes.html Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> --- meta/recipes-support/curl/curl/no-test-timeout.patch | 11 +++++++++-- .../curl/{curl_8.6.0.bb => curl_8.7.1.bb} | 2 +- 2 files changed, 10 insertions(+), 3 deletions(-) rename meta/recipes-support/curl/{curl_8.6.0.bb => curl_8.7.1.bb} (98%)