CaROS/poky
3
1
Fork 0
mirror of https://git.yoctoproject.org/git/poky synced 2026-01-01 13:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
f0d2110a32
poky/meta/recipes-support/libmicrohttpd/libmicrohttpd_1.0.1.bb
Peter Marko f0d2110a32 libmicrohttpd: disable experimental code by default 
Introduce new packageconfig to explicitly avoid compilation of
experimental code. Note that the code was not compiled by default also
before this patch, this now makes it explicit and makes it possible to
check for the flags in cve-check code.

This is less intrusive change than a patch removing the code which was
rejected in patch review.

This will solve CVE-2025-59777 and CVE-2025-62689 as the vulnerable code
is not compiled by default.
Set appropriate CVE status for these CVEs based on new packageconfig.

(From OE-Core rev: 9e3c0ae261afb7b9ff9528dbc147fb6c89d5a624)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-12-17 08:48:37 -08:00

32 lines
1.3 KiB
BlitzBasic
Raw Blame History

SUMMARY = "A small C library that is supposed to make it easy to run an HTTP server as part of another application"
HOMEPAGE = "http://www.gnu.org/software/libmicrohttpd/"
LICENSE = "LGPL-2.1-or-later"
LIC_FILES_CHKSUM = "file://COPYING;md5=57d09285feac8a64efa878e692b14f36"
SECTION = "net"
DEPENDS = "file"
SRC_URI = "${GNU_MIRROR}/libmicrohttpd/${BPN}-${PV}.tar.gz"
SRC_URI[sha256sum] = "a89e09fc9b4de34dde19f4fcb4faaa1ce10299b9908db1132bbfa1de47882b94"
inherit autotools lib_package pkgconfig gettext
CFLAGS += "-pthread -D_REENTRANT"
EXTRA_OECONF += "--disable-static --with-gnutls=${STAGING_LIBDIR}/../ --enable-largefile"
PACKAGECONFIG ?= "curl https"
PACKAGECONFIG[curl] = "--enable-curl,--disable-curl,curl,"
PACKAGECONFIG[https] = "--enable-https,--disable-https,libgcrypt gnutls,"
PACKAGECONFIG[experimental] = "--enable-experimental,--disable-experimental,"
do_compile:append() {
sed -i s:-L${STAGING_LIBDIR}::g libmicrohttpd.pc
}
BBCLASSEXTEND = "native nativesdk"
CVE_STATUS[CVE-2025-59777] = "${@bb.utils.contains('PACKAGECONFIG', 'experimental', 'unpatched', 'not-applicable-config: experimental code not compiled', d)}"
CVE_STATUS[CVE-2025-62689] = "${@bb.utils.contains('PACKAGECONFIG', 'experimental', 'unpatched', 'not-applicable-config: experimental code not compiled', d)}"
Reference in New Issue View Git Blame Copy Permalink