1 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2015-3143.patch b/meta/recipes-support/curl/curl/CVE-2015-3143.patch
new file mode 100644
index 0000000000..745e9456f3
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2015-3143.patch
@@ -0,0 +1,38 @@
+From d7d1bc8f08eea1a85ab0d794bc1561659462d937 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 16 Apr 2015 13:26:46 +0200
+Subject: [PATCH] ConnectionExists: for NTLM re-use, require credentials to
+ match
+Upstream-Status: Backport
+CVE-2015-3143
+Bug: http://curl.haxx.se/docs/adv_20150422A.html
+Reported-by: Paras Sethia
+Signed-off-by: Daniel Stenberg <daniel@haxx.se>
+Signed-off-by: Maxin B. John <maxin.john@enea.com>
+---
+ lib/url.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/lib/url.c b/lib/url.c
+index 018bb88..ee3d176 100644
+--- a/lib/url.c
+++ b/lib/url.c
+@@ -3207,11 +3207,11 @@ ConnectionExists(struct SessionHandle *data,
+            strcmp(check->localdev, needle->localdev))
+           continue;
+       }
+ 
+       if((!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) ||
+-         wantNTLMhttp) {
+         (wantNTLMhttp || check->ntlm.state != NTLMSTATE_NONE)) {
+         /* This protocol requires credentials per connection or is HTTP+NTLM,
+            so verify that we're using the same name and password as well */
+         if(!strequal(needle->user, check->user) ||
+            !strequal(needle->passwd, check->passwd)) {
+           /* one of them was different */
+-- 
+2.1.4

diff --git a/meta/recipes-support/curl/curl/CVE-2015-3143.patch b/meta/recipes-support/curl/curl/CVE-2015-3143.patch new file mode 100644 index 0000000000..745e9456f3 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2015-3143.patch
@@ -0,0 +1,38 @@
	1	From d7d1bc8f08eea1a85ab0d794bc1561659462d937 Mon Sep 17 00:00:00 2001
	2	From: Daniel Stenberg <daniel@haxx.se>
	3	Date: Thu, 16 Apr 2015 13:26:46 +0200
	4	Subject: [PATCH] ConnectionExists: for NTLM re-use, require credentials to
	5	match
	6
	7	Upstream-Status: Backport
	8
	9	CVE-2015-3143
	10
	11	Bug: http://curl.haxx.se/docs/adv_20150422A.html
	12	Reported-by: Paras Sethia
	13	Signed-off-by: Daniel Stenberg <daniel@haxx.se>
	14	Signed-off-by: Maxin B. John <maxin.john@enea.com>
	15	---
	16	lib/url.c \| 2 +-
	17	1 file changed, 1 insertion(+), 1 deletion(-)
	18
	19	diff --git a/lib/url.c b/lib/url.c
	20	index 018bb88..ee3d176 100644
	21	--- a/lib/url.c
	22	+++ b/lib/url.c
	23	@@ -3207,11 +3207,11 @@ ConnectionExists(struct SessionHandle *data,
	24	strcmp(check->localdev, needle->localdev))
	25	continue;
	26	}
	27
	28	if((!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) \|\|
	29	- wantNTLMhttp) {
	30	+ (wantNTLMhttp \|\| check->ntlm.state != NTLMSTATE_NONE)) {
	31	/* This protocol requires credentials per connection or is HTTP+NTLM,
	32	so verify that we're using the same name and password as well */
	33	if(!strequal(needle->user, check->user) \|\|
	34	!strequal(needle->passwd, check->passwd)) {
	35	/* one of them was different */
	36	--
	37	2.1.4
	38