curl: CVE-2023-27538 fix SSH connection too eager reuse

Upstream-Status: Backport from https://github.com/curl/curl/commit/af369db4d3833272b8ed443f7fcc2e757a0872eb (From OE-Core rev: b2740d1ff74b2c55011b5d4230c7b06b5109376d) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Hitendra Prajapati <hprajapati@mvista.com> 2023-04-17 10:30:48 +0530
committer: Steve Sakoman <steve@sakoman.com> 2023-04-26 04:19:06 -1000
commit: e0d5b78c925e416b823fe1ee8a216cefbafa4415 (patch)
tree: 70c5040690cb06c8ef932cbe481cfa37831f5cfb /meta/recipes-support
parent: 00af542d30e27be23c927ad214ffbef368ab3215 (diff)
download: poky-e0d5b78c925e416b823fe1ee8a216cefbafa4415.tar.gz
2 files changed, 32 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2023-27538.patch b/meta/recipes-support/curl/curl/CVE-2023-27538.patch
new file mode 100644
index 0000000000..6c40989d3b
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-27538.patch
@@ -0,0 +1,31 @@
+From af369db4d3833272b8ed443f7fcc2e757a0872eb Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 10 Mar 2023 08:22:51 +0100
+Subject: [PATCH] url: fix the SSH connection reuse check
+Reported-by: Harry Sintonen
+Closes #10735
+CVE: CVE-2023-27538
+Upstream-Status: Backport [https://github.com/curl/curl/commit/af369db4d3833272b8ed443f7fcc2e757a0872eb]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ lib/url.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/lib/url.c b/lib/url.c
+index 8da0245..9f14a7b 100644
+--- a/lib/url.c
+++ b/lib/url.c
+@@ -1266,7 +1266,7 @@ ConnectionExists(struct Curl_easy *data,
+         }
+       }
+ 
+-      if(get_protocol_family(needle->handler->protocol) == PROTO_FAMILY_SSH) {
+      if(get_protocol_family(needle->handler->protocol) & PROTO_FAMILY_SSH) {
+         if(!ssh_config_matches(needle, check))
+           continue;
+       }
+-- 
+2.25.1
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb
index a7f4f5748f..46ee25da3a 100644
--- a/meta/recipes-support/curl/curl_7.69.1.bb
+++ b/meta/recipes-support/curl/curl_7.69.1.bb
@@ -44,6 +44,7 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
           file://CVE-2022-43552.patch \
           file://CVE-2023-23916.patch \
           file://CVE-2023-27534.patch \
+           file://CVE-2023-27538.patch \
 "
 SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42"
author	Hitendra Prajapati <hprajapati@mvista.com>	2023-04-17 10:30:48 +0530
committer	Steve Sakoman <steve@sakoman.com>	2023-04-26 04:19:06 -1000
commit	e0d5b78c925e416b823fe1ee8a216cefbafa4415 (patch)
tree	70c5040690cb06c8ef932cbe481cfa37831f5cfb /meta/recipes-support
parent	00af542d30e27be23c927ad214ffbef368ab3215 (diff)
download	poky-e0d5b78c925e416b823fe1ee8a216cefbafa4415.tar.gz

diff --git a/meta/recipes-support/curl/curl/CVE-2023-27538.patch b/meta/recipes-support/curl/curl/CVE-2023-27538.patch new file mode 100644 index 0000000000..6c40989d3b --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2023-27538.patch
@@ -0,0 +1,31 @@
		1	From af369db4d3833272b8ed443f7fcc2e757a0872eb Mon Sep 17 00:00:00 2001
		2	From: Daniel Stenberg <daniel@haxx.se>
		3	Date: Fri, 10 Mar 2023 08:22:51 +0100
		4	Subject: [PATCH] url: fix the SSH connection reuse check
		5
		6	Reported-by: Harry Sintonen
		7	Closes #10735
		8
		9	CVE: CVE-2023-27538
		10	Upstream-Status: Backport [https://github.com/curl/curl/commit/af369db4d3833272b8ed443f7fcc2e757a0872eb]
		11	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
		12	---
		13	lib/url.c \| 2 +-
		14	1 file changed, 1 insertion(+), 1 deletion(-)
		15
		16	diff --git a/lib/url.c b/lib/url.c
		17	index 8da0245..9f14a7b 100644
		18	--- a/lib/url.c
		19	+++ b/lib/url.c
		20	@@ -1266,7 +1266,7 @@ ConnectionExists(struct Curl_easy *data,
		21	}
		22	}
		23
		24	- if(get_protocol_family(needle->handler->protocol) == PROTO_FAMILY_SSH) {
		25	+ if(get_protocol_family(needle->handler->protocol) & PROTO_FAMILY_SSH) {
		26	if(!ssh_config_matches(needle, check))
		27	continue;
		28	}
		29	--
		30	2.25.1
		31


diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb index a7f4f5748f..46ee25da3a 100644 --- a/meta/recipes-support/curl/curl_7.69.1.bb +++ b/meta/recipes-support/curl/curl_7.69.1.bb
@@ -44,6 +44,7 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
44	file://CVE-2022-43552.patch \	44	file://CVE-2022-43552.patch \
45	file://CVE-2023-23916.patch \	45	file://CVE-2023-23916.patch \
46	file://CVE-2023-27534.patch \	46	file://CVE-2023-27534.patch \
		47	file://CVE-2023-27538.patch \
47	"	48	"
48		49
49	SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42"	50	SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42"