diff options
author | Robert Joslyn <robert.joslyn@redrectangle.org> | 2022-07-17 11:16:18 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-07-25 15:09:02 +0100 |
commit | 24fc40faefc6b4a498fbe0404d84136af8454f25 (patch) | |
tree | 50c0f7477e1bc6a65ddb7ed0043501764d199a3a | |
parent | 868ebed326f9ce1b2b15c0c804171099db27ab3b (diff) | |
download | poky-24fc40faefc6b4a498fbe0404d84136af8454f25.tar.gz |
curl: Fix CVE-2022-32206, CVE-2022-32207, and CVE-2022-32208
Backport fixes for:
* CVE-2022-32206 - https://curl.se/docs/CVE-2022-32206.html
* CVE-2022-32207 - https://curl.se/docs/CVE-2022-32207.html
* CVE-2022-32208 - https://curl.se/docs/CVE-2022-32208.html
(From OE-Core rev: aad2a330086b3a12aa5469499774fafdc8a21c48)
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2022-32206.patch | 52 | ||||
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2022-32207.patch | 284 | ||||
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2022-32208.patch | 72 | ||||
-rw-r--r-- | meta/recipes-support/curl/curl_7.69.1.bb | 3 |
4 files changed, 411 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2022-32206.patch b/meta/recipes-support/curl/curl/CVE-2022-32206.patch new file mode 100644 index 0000000000..3d76aeb43d --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2022-32206.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | From 25e7be39be5f8ed696b6085ced9cf6c17e6128f4 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Mon, 16 May 2022 16:28:13 +0200 | ||
4 | Subject: [PATCH] content_encoding: return error on too many compression steps | ||
5 | |||
6 | The max allowed steps is arbitrarily set to 5. | ||
7 | |||
8 | Bug: https://curl.se/docs/CVE-2022-32206.html | ||
9 | CVE-2022-32206 | ||
10 | Reported-by: Harry Sintonen | ||
11 | Closes #9049 | ||
12 | |||
13 | Upstream-Status: Backport [https://github.com/curl/curl/commit/3a09fbb7f264c67c43] | ||
14 | Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> | ||
15 | --- | ||
16 | lib/content_encoding.c | 9 +++++++++ | ||
17 | 1 file changed, 9 insertions(+) | ||
18 | |||
19 | diff --git a/lib/content_encoding.c b/lib/content_encoding.c | ||
20 | index 6d47537..91e621f 100644 | ||
21 | --- a/lib/content_encoding.c | ||
22 | +++ b/lib/content_encoding.c | ||
23 | @@ -934,6 +934,9 @@ static const content_encoding *find_encoding(const char *name, size_t len) | ||
24 | return NULL; | ||
25 | } | ||
26 | |||
27 | +/* allow no more than 5 "chained" compression steps */ | ||
28 | +#define MAX_ENCODE_STACK 5 | ||
29 | + | ||
30 | /* Set-up the unencoding stack from the Content-Encoding header value. | ||
31 | * See RFC 7231 section 3.1.2.2. */ | ||
32 | CURLcode Curl_build_unencoding_stack(struct connectdata *conn, | ||
33 | @@ -941,6 +944,7 @@ CURLcode Curl_build_unencoding_stack(struct connectdata *conn, | ||
34 | { | ||
35 | struct Curl_easy *data = conn->data; | ||
36 | struct SingleRequest *k = &data->req; | ||
37 | + int counter = 0; | ||
38 | |||
39 | do { | ||
40 | const char *name; | ||
41 | @@ -975,6 +979,11 @@ CURLcode Curl_build_unencoding_stack(struct connectdata *conn, | ||
42 | if(!encoding) | ||
43 | encoding = &error_encoding; /* Defer error at stack use. */ | ||
44 | |||
45 | + if(++counter >= MAX_ENCODE_STACK) { | ||
46 | + failf(data, "Reject response due to %u content encodings", | ||
47 | + counter); | ||
48 | + return CURLE_BAD_CONTENT_ENCODING; | ||
49 | + } | ||
50 | /* Stack the unencoding stage. */ | ||
51 | writer = new_unencoding_writer(conn, encoding, k->writer_stack); | ||
52 | if(!writer) | ||
diff --git a/meta/recipes-support/curl/curl/CVE-2022-32207.patch b/meta/recipes-support/curl/curl/CVE-2022-32207.patch new file mode 100644 index 0000000000..f75aaecd64 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2022-32207.patch | |||
@@ -0,0 +1,284 @@ | |||
1 | From af92181055d7d64dfc0bc9d5a13c8b98af3196be Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Wed, 25 May 2022 10:09:53 +0200 | ||
4 | Subject: [PATCH] fopen: add Curl_fopen() for better overwriting of files | ||
5 | |||
6 | Bug: https://curl.se/docs/CVE-2022-32207.html | ||
7 | CVE-2022-32207 | ||
8 | Reported-by: Harry Sintonen | ||
9 | Closes #9050 | ||
10 | |||
11 | Upstream-Status: Backport [https://github.com/curl/curl/commit/20f9dd6bae50b] | ||
12 | Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> | ||
13 | --- | ||
14 | CMakeLists.txt | 1 + | ||
15 | configure.ac | 1 + | ||
16 | lib/Makefile.inc | 4 +- | ||
17 | lib/cookie.c | 19 ++----- | ||
18 | lib/curl_config.h.cmake | 3 ++ | ||
19 | lib/fopen.c | 113 ++++++++++++++++++++++++++++++++++++++++ | ||
20 | lib/fopen.h | 30 +++++++++++ | ||
21 | 7 files changed, 155 insertions(+), 16 deletions(-) | ||
22 | create mode 100644 lib/fopen.c | ||
23 | create mode 100644 lib/fopen.h | ||
24 | |||
25 | diff --git a/CMakeLists.txt b/CMakeLists.txt | ||
26 | index 73b053b..cc587b0 100644 | ||
27 | --- a/CMakeLists.txt | ||
28 | +++ b/CMakeLists.txt | ||
29 | @@ -869,6 +869,7 @@ elseif(HAVE_LIBSOCKET) | ||
30 | set(CMAKE_REQUIRED_LIBRARIES socket) | ||
31 | endif() | ||
32 | |||
33 | +check_symbol_exists(fchmod "${CURL_INCLUDES}" HAVE_FCHMOD) | ||
34 | check_symbol_exists(basename "${CURL_INCLUDES}" HAVE_BASENAME) | ||
35 | check_symbol_exists(socket "${CURL_INCLUDES}" HAVE_SOCKET) | ||
36 | check_symbol_exists(select "${CURL_INCLUDES}" HAVE_SELECT) | ||
37 | diff --git a/configure.ac b/configure.ac | ||
38 | index d090622..7071077 100755 | ||
39 | --- a/configure.ac | ||
40 | +++ b/configure.ac | ||
41 | @@ -4059,6 +4059,7 @@ AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Se | ||
42 | |||
43 | |||
44 | AC_CHECK_FUNCS([fnmatch \ | ||
45 | + fchmod \ | ||
46 | geteuid \ | ||
47 | getpass_r \ | ||
48 | getppid \ | ||
49 | diff --git a/lib/Makefile.inc b/lib/Makefile.inc | ||
50 | index 46ded90..79307d8 100644 | ||
51 | --- a/lib/Makefile.inc | ||
52 | +++ b/lib/Makefile.inc | ||
53 | @@ -63,7 +63,7 @@ LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ | ||
54 | curl_multibyte.c hostcheck.c conncache.c dotdot.c \ | ||
55 | x509asn1.c http2.c smb.c curl_endian.c curl_des.c system_win32.c \ | ||
56 | mime.c sha256.c setopt.c curl_path.c curl_ctype.c curl_range.c psl.c \ | ||
57 | - doh.c urlapi.c curl_get_line.c altsvc.c socketpair.c rename.c | ||
58 | + doh.c urlapi.c curl_get_line.c altsvc.c socketpair.c rename.c fopen.c | ||
59 | |||
60 | LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ | ||
61 | formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h \ | ||
62 | @@ -84,7 +84,7 @@ LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ | ||
63 | x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h \ | ||
64 | curl_printf.h system_win32.h rand.h mime.h curl_sha256.h setopt.h \ | ||
65 | curl_path.h curl_ctype.h curl_range.h psl.h doh.h urlapi-int.h \ | ||
66 | - curl_get_line.h altsvc.h quic.h socketpair.h rename.h | ||
67 | + curl_get_line.h altsvc.h quic.h socketpair.h rename.h fopen.h | ||
68 | |||
69 | LIB_RCFILES = libcurl.rc | ||
70 | |||
71 | diff --git a/lib/cookie.c b/lib/cookie.c | ||
72 | index 68054e1..a9ad20a 100644 | ||
73 | --- a/lib/cookie.c | ||
74 | +++ b/lib/cookie.c | ||
75 | @@ -97,8 +97,8 @@ Example set of cookies: | ||
76 | #include "curl_memrchr.h" | ||
77 | #include "inet_pton.h" | ||
78 | #include "parsedate.h" | ||
79 | -#include "rand.h" | ||
80 | #include "rename.h" | ||
81 | +#include "fopen.h" | ||
82 | |||
83 | /* The last 3 #include files should be in this order */ | ||
84 | #include "curl_printf.h" | ||
85 | @@ -1524,18 +1524,9 @@ static int cookie_output(struct Curl_easy *data, | ||
86 | use_stdout = TRUE; | ||
87 | } | ||
88 | else { | ||
89 | - unsigned char randsuffix[9]; | ||
90 | - | ||
91 | - if(Curl_rand_hex(data, randsuffix, sizeof(randsuffix))) | ||
92 | - return 2; | ||
93 | - | ||
94 | - tempstore = aprintf("%s.%s.tmp", filename, randsuffix); | ||
95 | - if(!tempstore) | ||
96 | - return 1; | ||
97 | - | ||
98 | - out = fopen(tempstore, FOPEN_WRITETEXT); | ||
99 | - if(!out) | ||
100 | - goto error; | ||
101 | + error = Curl_fopen(data, filename, &out, &tempstore); | ||
102 | + if(error) | ||
103 | + goto error; | ||
104 | } | ||
105 | |||
106 | fputs("# Netscape HTTP Cookie File\n" | ||
107 | @@ -1581,7 +1572,7 @@ static int cookie_output(struct Curl_easy *data, | ||
108 | if(!use_stdout) { | ||
109 | fclose(out); | ||
110 | out = NULL; | ||
111 | - if(Curl_rename(tempstore, filename)) { | ||
112 | + if(tempstore && Curl_rename(tempstore, filename)) { | ||
113 | unlink(tempstore); | ||
114 | goto error; | ||
115 | } | ||
116 | diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake | ||
117 | index 98cdf51..fe43751 100644 | ||
118 | --- a/lib/curl_config.h.cmake | ||
119 | +++ b/lib/curl_config.h.cmake | ||
120 | @@ -124,6 +124,9 @@ | ||
121 | /* Define to 1 if you have the <assert.h> header file. */ | ||
122 | #cmakedefine HAVE_ASSERT_H 1 | ||
123 | |||
124 | +/* Define to 1 if you have the `fchmod' function. */ | ||
125 | +#cmakedefine HAVE_FCHMOD 1 | ||
126 | + | ||
127 | /* Define to 1 if you have the `basename' function. */ | ||
128 | #cmakedefine HAVE_BASENAME 1 | ||
129 | |||
130 | diff --git a/lib/fopen.c b/lib/fopen.c | ||
131 | new file mode 100644 | ||
132 | index 0000000..ad3691b | ||
133 | --- /dev/null | ||
134 | +++ b/lib/fopen.c | ||
135 | @@ -0,0 +1,113 @@ | ||
136 | +/*************************************************************************** | ||
137 | + * _ _ ____ _ | ||
138 | + * Project ___| | | | _ \| | | ||
139 | + * / __| | | | |_) | | | ||
140 | + * | (__| |_| | _ <| |___ | ||
141 | + * \___|\___/|_| \_\_____| | ||
142 | + * | ||
143 | + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. | ||
144 | + * | ||
145 | + * This software is licensed as described in the file COPYING, which | ||
146 | + * you should have received as part of this distribution. The terms | ||
147 | + * are also available at https://curl.se/docs/copyright.html. | ||
148 | + * | ||
149 | + * You may opt to use, copy, modify, merge, publish, distribute and/or sell | ||
150 | + * copies of the Software, and permit persons to whom the Software is | ||
151 | + * furnished to do so, under the terms of the COPYING file. | ||
152 | + * | ||
153 | + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY | ||
154 | + * KIND, either express or implied. | ||
155 | + * | ||
156 | + * SPDX-License-Identifier: curl | ||
157 | + * | ||
158 | + ***************************************************************************/ | ||
159 | + | ||
160 | +#include "curl_setup.h" | ||
161 | + | ||
162 | +#if !defined(CURL_DISABLE_COOKIES) || !defined(CURL_DISABLE_ALTSVC) || \ | ||
163 | + !defined(CURL_DISABLE_HSTS) | ||
164 | + | ||
165 | +#ifdef HAVE_FCNTL_H | ||
166 | +#include <fcntl.h> | ||
167 | +#endif | ||
168 | + | ||
169 | +#include "urldata.h" | ||
170 | +#include "rand.h" | ||
171 | +#include "fopen.h" | ||
172 | +/* The last 3 #include files should be in this order */ | ||
173 | +#include "curl_printf.h" | ||
174 | +#include "curl_memory.h" | ||
175 | +#include "memdebug.h" | ||
176 | + | ||
177 | +/* | ||
178 | + * Curl_fopen() opens a file for writing with a temp name, to be renamed | ||
179 | + * to the final name when completed. If there is an existing file using this | ||
180 | + * name at the time of the open, this function will clone the mode from that | ||
181 | + * file. if 'tempname' is non-NULL, it needs a rename after the file is | ||
182 | + * written. | ||
183 | + */ | ||
184 | +CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, | ||
185 | + FILE **fh, char **tempname) | ||
186 | +{ | ||
187 | + CURLcode result = CURLE_WRITE_ERROR; | ||
188 | + unsigned char randsuffix[9]; | ||
189 | + char *tempstore = NULL; | ||
190 | + struct_stat sb; | ||
191 | + int fd = -1; | ||
192 | + *tempname = NULL; | ||
193 | + | ||
194 | + if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) { | ||
195 | + /* a non-regular file, fallback to direct fopen() */ | ||
196 | + *fh = fopen(filename, FOPEN_WRITETEXT); | ||
197 | + if(*fh) | ||
198 | + return CURLE_OK; | ||
199 | + goto fail; | ||
200 | + } | ||
201 | + | ||
202 | + result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix)); | ||
203 | + if(result) | ||
204 | + goto fail; | ||
205 | + | ||
206 | + tempstore = aprintf("%s.%s.tmp", filename, randsuffix); | ||
207 | + if(!tempstore) { | ||
208 | + result = CURLE_OUT_OF_MEMORY; | ||
209 | + goto fail; | ||
210 | + } | ||
211 | + | ||
212 | + result = CURLE_WRITE_ERROR; | ||
213 | + fd = open(tempstore, O_WRONLY | O_CREAT | O_EXCL, 0600); | ||
214 | + if(fd == -1) | ||
215 | + goto fail; | ||
216 | + | ||
217 | +#ifdef HAVE_FCHMOD | ||
218 | + { | ||
219 | + struct_stat nsb; | ||
220 | + if((fstat(fd, &nsb) != -1) && | ||
221 | + (nsb.st_uid == sb.st_uid) && (nsb.st_gid == sb.st_gid)) { | ||
222 | + /* if the user and group are the same, clone the original mode */ | ||
223 | + if(fchmod(fd, sb.st_mode) == -1) | ||
224 | + goto fail; | ||
225 | + } | ||
226 | + } | ||
227 | +#endif | ||
228 | + | ||
229 | + *fh = fdopen(fd, FOPEN_WRITETEXT); | ||
230 | + if(!*fh) | ||
231 | + goto fail; | ||
232 | + | ||
233 | + *tempname = tempstore; | ||
234 | + return CURLE_OK; | ||
235 | + | ||
236 | +fail: | ||
237 | + if(fd != -1) { | ||
238 | + close(fd); | ||
239 | + unlink(tempstore); | ||
240 | + } | ||
241 | + | ||
242 | + free(tempstore); | ||
243 | + | ||
244 | + *tempname = NULL; | ||
245 | + return result; | ||
246 | +} | ||
247 | + | ||
248 | +#endif /* ! disabled */ | ||
249 | diff --git a/lib/fopen.h b/lib/fopen.h | ||
250 | new file mode 100644 | ||
251 | index 0000000..289e55f | ||
252 | --- /dev/null | ||
253 | +++ b/lib/fopen.h | ||
254 | @@ -0,0 +1,30 @@ | ||
255 | +#ifndef HEADER_CURL_FOPEN_H | ||
256 | +#define HEADER_CURL_FOPEN_H | ||
257 | +/*************************************************************************** | ||
258 | + * _ _ ____ _ | ||
259 | + * Project ___| | | | _ \| | | ||
260 | + * / __| | | | |_) | | | ||
261 | + * | (__| |_| | _ <| |___ | ||
262 | + * \___|\___/|_| \_\_____| | ||
263 | + * | ||
264 | + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. | ||
265 | + * | ||
266 | + * This software is licensed as described in the file COPYING, which | ||
267 | + * you should have received as part of this distribution. The terms | ||
268 | + * are also available at https://curl.se/docs/copyright.html. | ||
269 | + * | ||
270 | + * You may opt to use, copy, modify, merge, publish, distribute and/or sell | ||
271 | + * copies of the Software, and permit persons to whom the Software is | ||
272 | + * furnished to do so, under the terms of the COPYING file. | ||
273 | + * | ||
274 | + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY | ||
275 | + * KIND, either express or implied. | ||
276 | + * | ||
277 | + * SPDX-License-Identifier: curl | ||
278 | + * | ||
279 | + ***************************************************************************/ | ||
280 | + | ||
281 | +CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, | ||
282 | + FILE **fh, char **tempname); | ||
283 | + | ||
284 | +#endif | ||
diff --git a/meta/recipes-support/curl/curl/CVE-2022-32208.patch b/meta/recipes-support/curl/curl/CVE-2022-32208.patch new file mode 100644 index 0000000000..2939314d09 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2022-32208.patch | |||
@@ -0,0 +1,72 @@ | |||
1 | From 3b90f0b2a7a84645acce151c86b40d25b5de6615 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Thu, 9 Jun 2022 09:27:24 +0200 | ||
4 | Subject: [PATCH] krb5: return error properly on decode errors | ||
5 | |||
6 | Bug: https://curl.se/docs/CVE-2022-32208.html | ||
7 | CVE-2022-32208 | ||
8 | Reported-by: Harry Sintonen | ||
9 | Closes #9051 | ||
10 | |||
11 | Upstream-Status: Backport [https://github.com/curl/curl/commit/6ecdf5136b52af7] | ||
12 | Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> | ||
13 | --- | ||
14 | lib/krb5.c | 5 +---- | ||
15 | lib/security.c | 13 ++++++++++--- | ||
16 | 2 files changed, 11 insertions(+), 7 deletions(-) | ||
17 | |||
18 | diff --git a/lib/krb5.c b/lib/krb5.c | ||
19 | index f50287a..5b77e35 100644 | ||
20 | --- a/lib/krb5.c | ||
21 | +++ b/lib/krb5.c | ||
22 | @@ -86,11 +86,8 @@ krb5_decode(void *app_data, void *buf, int len, | ||
23 | enc.value = buf; | ||
24 | enc.length = len; | ||
25 | maj = gss_unwrap(&min, *context, &enc, &dec, NULL, NULL); | ||
26 | - if(maj != GSS_S_COMPLETE) { | ||
27 | - if(len >= 4) | ||
28 | - strcpy(buf, "599 "); | ||
29 | + if(maj != GSS_S_COMPLETE) | ||
30 | return -1; | ||
31 | - } | ||
32 | |||
33 | memcpy(buf, dec.value, dec.length); | ||
34 | len = curlx_uztosi(dec.length); | ||
35 | diff --git a/lib/security.c b/lib/security.c | ||
36 | index fbfa707..3542210 100644 | ||
37 | --- a/lib/security.c | ||
38 | +++ b/lib/security.c | ||
39 | @@ -192,6 +192,7 @@ static CURLcode read_data(struct connectdata *conn, | ||
40 | { | ||
41 | int len; | ||
42 | CURLcode result; | ||
43 | + int nread; | ||
44 | |||
45 | result = socket_read(fd, &len, sizeof(len)); | ||
46 | if(result) | ||
47 | @@ -200,7 +201,10 @@ static CURLcode read_data(struct connectdata *conn, | ||
48 | if(len) { | ||
49 | /* only realloc if there was a length */ | ||
50 | len = ntohl(len); | ||
51 | - buf->data = Curl_saferealloc(buf->data, len); | ||
52 | + if(len > CURL_MAX_INPUT_LENGTH) | ||
53 | + len = 0; | ||
54 | + else | ||
55 | + buf->data = Curl_saferealloc(buf->data, len); | ||
56 | } | ||
57 | if(!len || !buf->data) | ||
58 | return CURLE_OUT_OF_MEMORY; | ||
59 | @@ -208,8 +212,11 @@ static CURLcode read_data(struct connectdata *conn, | ||
60 | result = socket_read(fd, buf->data, len); | ||
61 | if(result) | ||
62 | return result; | ||
63 | - buf->size = conn->mech->decode(conn->app_data, buf->data, len, | ||
64 | - conn->data_prot, conn); | ||
65 | + nread = buf->size = conn->mech->decode(conn->app_data, buf->data, len, | ||
66 | + conn->data_prot, conn); | ||
67 | + if(nread < 0) | ||
68 | + return CURLE_RECV_ERROR; | ||
69 | + buf->size = (size_t)nread; | ||
70 | buf->index = 0; | ||
71 | return CURLE_OK; | ||
72 | } | ||
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb index 5a597a7dd9..7b67b68f1d 100644 --- a/meta/recipes-support/curl/curl_7.69.1.bb +++ b/meta/recipes-support/curl/curl_7.69.1.bb | |||
@@ -35,6 +35,9 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \ | |||
35 | file://CVE-2022-27781.patch \ | 35 | file://CVE-2022-27781.patch \ |
36 | file://CVE-2022-27782-1.patch \ | 36 | file://CVE-2022-27782-1.patch \ |
37 | file://CVE-2022-27782-2.patch \ | 37 | file://CVE-2022-27782-2.patch \ |
38 | file://CVE-2022-32206.patch \ | ||
39 | file://CVE-2022-32207.patch \ | ||
40 | file://CVE-2022-32208.patch \ | ||
38 | " | 41 | " |
39 | 42 | ||
40 | SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42" | 43 | SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42" |