diff options
author | Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com> | 2021-01-07 16:51:05 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-01-18 23:51:07 +0000 |
commit | dbde0900459ce06a7b6de340a115e31275c8f6a2 (patch) | |
tree | 3149424a3fb4bf7a60619203cfcb947957bd5446 /meta/recipes-support/curl/curl_7.72.0.bb | |
parent | d8a902440c14539b404ac9808a5c0f835184f983 (diff) | |
download | poky-dbde0900459ce06a7b6de340a115e31275c8f6a2.tar.gz |
curl: Fix CVE-2020-8284, CVE-2020-8285, CVE-2020-8286
Backport the CVE patches from upstream
https://github.com/curl/curl/commit/ec9cc725d598ac
https://github.com/curl/curl/commit/a95a6ce6b809693a1195e3b4347a6cfa0fbc2ee7
https://github.com/curl/curl/commit/69a358f2186e04
https://github.com/curl/curl/commit/d9d01672785b.patch
0002-remove-void-protop-create-union-p.patch is added because the CVE-2020-8285 fix is
dependent on it.
CVE:
CVE-2020-8284
CVE-2020-8285
CVE-2020-8286
(From OE-Core rev: f1a0ea55c0ae2cce7f7c3c6c73f57c5b8222c860)
Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/curl/curl_7.72.0.bb')
-rw-r--r-- | meta/recipes-support/curl/curl_7.72.0.bb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl_7.72.0.bb b/meta/recipes-support/curl/curl_7.72.0.bb index 7d0268253d..a9b52a8a1d 100644 --- a/meta/recipes-support/curl/curl_7.72.0.bb +++ b/meta/recipes-support/curl/curl_7.72.0.bb | |||
@@ -7,6 +7,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=2e9fb35867314fe31c6a4977ef7dd531" | |||
7 | 7 | ||
8 | SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \ | 8 | SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \ |
9 | file://0001-replace-krb5-config-with-pkg-config.patch \ | 9 | file://0001-replace-krb5-config-with-pkg-config.patch \ |
10 | file://0002-remove-void-protop-create-union-p.patch \ | ||
11 | file://CVE-2020-8284.patch \ | ||
12 | file://CVE-2020-8285.patch \ | ||
13 | file://CVE-2020-8286.patch \ | ||
10 | " | 14 | " |
11 | 15 | ||
12 | SRC_URI[sha256sum] = "ad91970864102a59765e20ce16216efc9d6ad381471f7accceceab7d905703ef" | 16 | SRC_URI[sha256sum] = "ad91970864102a59765e20ce16216efc9d6ad381471f7accceceab7d905703ef" |