diff options
| author | Trevor Gamblin <trevor.gamblin@windriver.com> | 2021-06-16 09:02:01 -0400 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-06-26 15:24:08 +0100 |
| commit | 35f5ce1fbd90bfc58e6c7aea649c07bd15e770f8 (patch) | |
| tree | 9e19e206fe6aab2375bfa3e0fbb70b1db147a83b /meta | |
| parent | 74dbb08c3709fec6563ee65a3661f66fdcbb3e2f (diff) | |
| download | poky-35f5ce1fbd90bfc58e6c7aea649c07bd15e770f8.tar.gz | |
curl: cleanup CVE patches for hardknott
The patch backported to address CVE-2021-22890 was missing a bracket to
properly close out the logic in lib/vtls/wolfssl.c. Fix this so to avoid
any surprise failures when using curl with hardknott.
Also fix the CVE designation in the patch descriptions for CVEs
CVE-2021-22890 and CVE-2021-22876 so that CVE checks run with bitbake
correctly detect that they are patched.
(From OE-Core rev: 456ba1717fc3ebb9d10cc6a3c916b07f7c4e8a22)
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
2 files changed, 12 insertions, 9 deletions
diff --git a/meta/recipes-support/curl/curl/0001-vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch b/meta/recipes-support/curl/curl/0001-vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch index a0c7d68f33..1e0e18cf12 100644 --- a/meta/recipes-support/curl/curl/0001-vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch +++ b/meta/recipes-support/curl/curl/0001-vtls-add-isproxy-argument-to-Curl_ssl_get-addsession.patch | |||
| @@ -1,15 +1,14 @@ | |||
| 1 | From a2d3885223db9616283bfe33435fbe9b3140eac7 Mon Sep 17 00:00:00 2001 | 1 | From e499142d377b56c7606437d14c99d3cb27aba9fd Mon Sep 17 00:00:00 2001 |
| 2 | From: Trevor Gamblin <trevor.gamblin@windriver.com> | 2 | From: Trevor Gamblin <trevor.gamblin@windriver.com> |
| 3 | Date: Tue, 1 Jun 2021 09:50:20 -0400 | 3 | Date: Tue, 1 Jun 2021 09:50:20 -0400 |
| 4 | Subject: [PATCH 1/2] vtls: add 'isproxy' argument to | 4 | Subject: [PATCH] vtls: add 'isproxy' argument to Curl_ssl_get/addsessionid() |
| 5 | Curl_ssl_get/addsessionid() | ||
| 6 | 5 | ||
| 7 | To make sure we set and extract the correct session. | 6 | To make sure we set and extract the correct session. |
| 8 | 7 | ||
| 9 | Reported-by: Mingtao Yang | 8 | Reported-by: Mingtao Yang |
| 10 | Bug: https://curl.se/docs/CVE-2021-22890.html | 9 | Bug: https://curl.se/docs/CVE-2021-22890.html |
| 11 | 10 | ||
| 12 | CVE-2021-22890 | 11 | CVE: CVE-2021-22890 |
| 13 | 12 | ||
| 14 | Upstream-Status: Backport | 13 | Upstream-Status: Backport |
| 15 | (https://github.com/curl/curl/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844) | 14 | (https://github.com/curl/curl/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844) |
| @@ -25,8 +24,8 @@ Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> | |||
| 25 | lib/vtls/sectransp.c | 10 ++++---- | 24 | lib/vtls/sectransp.c | 10 ++++---- |
| 26 | lib/vtls/vtls.c | 12 +++++++--- | 25 | lib/vtls/vtls.c | 12 +++++++--- |
| 27 | lib/vtls/vtls.h | 2 ++ | 26 | lib/vtls/vtls.h | 2 ++ |
| 28 | lib/vtls/wolfssl.c | 28 +++++++++++++---------- | 27 | lib/vtls/wolfssl.c | 29 ++++++++++++++---------- |
| 29 | 10 files changed, 111 insertions(+), 51 deletions(-) | 28 | 10 files changed, 112 insertions(+), 51 deletions(-) |
| 30 | 29 | ||
| 31 | diff --git a/lib/vtls/bearssl.c b/lib/vtls/bearssl.c | 30 | diff --git a/lib/vtls/bearssl.c b/lib/vtls/bearssl.c |
| 32 | index 29b08c0e6..0432dfadc 100644 | 31 | index 29b08c0e6..0432dfadc 100644 |
| @@ -463,7 +462,7 @@ index 9666682ec..4dc29794c 100644 | |||
| 463 | size_t idsize, | 462 | size_t idsize, |
| 464 | int sockindex); | 463 | int sockindex); |
| 465 | diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c | 464 | diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c |
| 466 | index e1fa45926..e4c70877f 100644 | 465 | index e1fa45926..f1b12b1d8 100644 |
| 467 | --- a/lib/vtls/wolfssl.c | 466 | --- a/lib/vtls/wolfssl.c |
| 468 | +++ b/lib/vtls/wolfssl.c | 467 | +++ b/lib/vtls/wolfssl.c |
| 469 | @@ -516,7 +516,9 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn, | 468 | @@ -516,7 +516,9 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn, |
| @@ -477,7 +476,7 @@ index e1fa45926..e4c70877f 100644 | |||
| 477 | /* we got a session id, use it! */ | 476 | /* we got a session id, use it! */ |
| 478 | if(!SSL_set_session(backend->handle, ssl_sessionid)) { | 477 | if(!SSL_set_session(backend->handle, ssl_sessionid)) { |
| 479 | char error_buffer[WOLFSSL_MAX_ERROR_SZ]; | 478 | char error_buffer[WOLFSSL_MAX_ERROR_SZ]; |
| 480 | @@ -774,21 +776,23 @@ wolfssl_connect_step3(struct Curl_easy *data, struct connectdata *conn, | 479 | @@ -774,21 +776,24 @@ wolfssl_connect_step3(struct Curl_easy *data, struct connectdata *conn, |
| 481 | void *old_ssl_sessionid = NULL; | 480 | void *old_ssl_sessionid = NULL; |
| 482 | 481 | ||
| 483 | our_ssl_sessionid = SSL_get_session(backend->handle); | 482 | our_ssl_sessionid = SSL_get_session(backend->handle); |
| @@ -501,6 +500,7 @@ index e1fa45926..e4c70877f 100644 | |||
| 501 | + infof(data, "old SSL session ID is stale, removing\n"); | 500 | + infof(data, "old SSL session ID is stale, removing\n"); |
| 502 | + Curl_ssl_delsessionid(data, old_ssl_sessionid); | 501 | + Curl_ssl_delsessionid(data, old_ssl_sessionid); |
| 503 | + incache = FALSE; | 502 | + incache = FALSE; |
| 503 | + } | ||
| 504 | } | 504 | } |
| 505 | } | 505 | } |
| 506 | 506 | ||
diff --git a/meta/recipes-support/curl/curl/0002-transfer-strip-credentials-from-the-auto-referer-hea.patch b/meta/recipes-support/curl/curl/0002-transfer-strip-credentials-from-the-auto-referer-hea.patch index 6c4f6f2f48..c02c9bed68 100644 --- a/meta/recipes-support/curl/curl/0002-transfer-strip-credentials-from-the-auto-referer-hea.patch +++ b/meta/recipes-support/curl/curl/0002-transfer-strip-credentials-from-the-auto-referer-hea.patch | |||
| @@ -6,7 +6,10 @@ Subject: [PATCH 2/2] transfer: strip credentials from the auto-referer header | |||
| 6 | 6 | ||
| 7 | Added test 2081 to verify. | 7 | Added test 2081 to verify. |
| 8 | 8 | ||
| 9 | CVE-2021-22876 | 9 | CVE: CVE-2021-22876 |
| 10 | |||
| 11 | Upstream-Status: Backport | ||
| 12 | (https://github.com/curl/curl/commit/7214288898f5625a6cc196e22a74232eada7861c) | ||
| 10 | 13 | ||
| 11 | Bug: https://curl.se/docs/CVE-2021-22876.html | 14 | Bug: https://curl.se/docs/CVE-2021-22876.html |
| 12 | 15 | ||