curl: Fix CVE-2021-22924 and CVE-2021-22925 - linux/poky.git

diff options

author	Mike Crowe <mac@mcrowe.com>	2021-08-04 18:05:52 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-08-10 11:14:11 +0100
commit	462de8f86f25b482145853ccbb5601fde28ab7da (patch)
tree	829dd3c1769f12e6c058d21726d0377e08072562 /meta-yocto-bsp
parent	02476f72f47b328ce53734da11baf4d68a0b44f2 (diff)
download	poky-462de8f86f25b482145853ccbb5601fde28ab7da.tar.gz

curl: Fix CVE-2021-22924 and CVE-2021-22925

curl v7.78 contained fixes for five CVEs: CVE-2021-22922[1] and CVE-2021-22923[2] are only present when support for metalink is enabled. EXTRA_OECONF contains "--without-libmetalink" so these fixes are unnecessary. CVE-2021-22926[3] only affects builds for MacOS. CVE-2021-22924[4] and CVE-2021-22925[5] are both applicable. Take the patches from Ubuntu 20.04 curl_7.68.0-1ubuntu2.6 package which is close enough that the patch for CVE-2021-22924 applies without conflicts.. [1] https://curl.se/docs/CVE-2021-22922.html [2] https://curl.se/docs/CVE-2021-22923.html [3] https://curl.se/docs/CVE-2021-22926.html [4] https://curl.se/docs/CVE-2021-22924.html [5] https://curl.se/docs/CVE-2021-22925.html (From OE-Core rev: 3631da82b3542df1c1e4bbd499fc2dbe67f5f3ec) Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta-yocto-bsp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: