diff options
author | Mike Crowe <mac@mcrowe.com> | 2021-08-04 18:05:52 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-08-10 11:14:11 +0100 |
commit | 462de8f86f25b482145853ccbb5601fde28ab7da (patch) | |
tree | 829dd3c1769f12e6c058d21726d0377e08072562 /meta-yocto-bsp | |
parent | 02476f72f47b328ce53734da11baf4d68a0b44f2 (diff) | |
download | poky-462de8f86f25b482145853ccbb5601fde28ab7da.tar.gz |
curl: Fix CVE-2021-22924 and CVE-2021-22925
curl v7.78 contained fixes for five CVEs:
CVE-2021-22922[1] and CVE-2021-22923[2] are only present when support
for metalink is enabled. EXTRA_OECONF contains "--without-libmetalink"
so these fixes are unnecessary.
CVE-2021-22926[3] only affects builds for MacOS.
CVE-2021-22924[4] and CVE-2021-22925[5] are both applicable. Take the
patches from Ubuntu 20.04 curl_7.68.0-1ubuntu2.6 package which is close
enough that the patch for CVE-2021-22924 applies without conflicts..
[1] https://curl.se/docs/CVE-2021-22922.html
[2] https://curl.se/docs/CVE-2021-22923.html
[3] https://curl.se/docs/CVE-2021-22926.html
[4] https://curl.se/docs/CVE-2021-22924.html
[5] https://curl.se/docs/CVE-2021-22925.html
(From OE-Core rev: 3631da82b3542df1c1e4bbd499fc2dbe67f5f3ec)
Signed-off-by: Mike Crowe <mac@mcrowe.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta-yocto-bsp')
0 files changed, 0 insertions, 0 deletions