1 files changed, 140 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2020-8169.patch b/meta/recipes-support/curl/curl/CVE-2020-8169.patch
new file mode 100644
index 0000000000..7d1be24a0a
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2020-8169.patch
@@ -0,0 +1,140 @@
+From 600a8cded447cd7118ed50142c576567c0cf5158 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 14 May 2020 14:37:12 +0200
+Subject: [PATCH] url: make the updated credentials URL-encoded in the URL
+Found-by: Gregory Jefferis
+Reported-by: Jeroen Ooms
+Added test 1168 to verify. Bug spotted when doing a redirect.
+Bug: https://github.com/jeroen/curl/issues/224
+Closes #5400
+Upstream-Status: Backport
+https://github.com/curl/curl/commit/600a8cded447cd
+CVE: CVE-2020-8169
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ lib/url.c               |  6 ++--
+ tests/data/Makefile.inc |  1 +
+ tests/data/test1168     | 78 +++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 83 insertions(+), 2 deletions(-)
+ create mode 100644 tests/data/test1168
+Index: curl-7.69.1/lib/url.c
+===================================================================
+--- curl-7.69.1.orig/lib/url.c
+++ curl-7.69.1/lib/url.c
+@@ -2776,12 +2776,14 @@ static CURLcode override_login(struct Cu
+ 
+   /* for updated strings, we update them in the URL */
+   if(user_changed) {
+-    uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, 0);
+    uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp,
+                      CURLU_URLENCODE);
+     if(uc)
+       return Curl_uc_to_curlcode(uc);
+   }
+   if(passwd_changed) {
+-    uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, 0);
+    uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp,
+                      CURLU_URLENCODE);
+     if(uc)
+       return Curl_uc_to_curlcode(uc);
+   }
+Index: curl-7.69.1/tests/data/Makefile.inc
+===================================================================
+--- curl-7.69.1.orig/tests/data/Makefile.inc
+++ curl-7.69.1/tests/data/Makefile.inc
+@@ -133,6 +133,7 @@ test1136 test1137 test1138 test1139 test
+ test1144 test1145 test1146 test1147 test1148 test1149 test1150 test1151 \
+ test1152 test1153 test1154 test1155 test1156 test1157 test1158 test1159 \
+ test1160 test1161 test1162 test1163 test1164 test1165 test1166 test1167 \
+test1168 \
+ \
+ test1170 test1171 test1172 test1173 test1174 test1175 test1176 \
+ \
+Index: curl-7.69.1/tests/data/test1168
+===================================================================
+--- /dev/null
+++ curl-7.69.1/tests/data/test1168
+@@ -0,0 +1,78 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+followlocation
+</keywords>
+</info>
+# Server-side
+<reply>
+<data>
+HTTP/1.1 301 This is a weirdo text message swsclose
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Location: /data/11680002.txt
+Connection: close
+
+This server reply is for testing a simple Location: following
+
+</data>
+<data2>
+HTTP/1.1 200 Followed here fine swsclose
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 52
+
+If this is received, the location following worked
+
+</data2>
+<datacheck>
+HTTP/1.1 301 This is a weirdo text message swsclose
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Location: /data/11680002.txt
+Connection: close
+
+HTTP/1.1 200 Followed here fine swsclose
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 52
+
+If this is received, the location following worked
+
+</datacheck>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP redirect with credentials using # in user and password
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/want/1168 -L -u "catmai#d:#DZaRJYrixKE*gFY"
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /want/1168 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Authorization: Basic Y2F0bWFpI2Q6I0RaYVJKWXJpeEtFKmdGWQ==
+Accept: */*
+
+GET /data/11680002.txt HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Authorization: Basic Y2F0bWFpI2Q6I0RaYVJKWXJpeEtFKmdGWQ==
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>

diff --git a/meta/recipes-support/curl/curl/CVE-2020-8169.patch b/meta/recipes-support/curl/curl/CVE-2020-8169.patch new file mode 100644 index 0000000000..7d1be24a0a --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2020-8169.patch
@@ -0,0 +1,140 @@
	1	From 600a8cded447cd7118ed50142c576567c0cf5158 Mon Sep 17 00:00:00 2001
	2	From: Daniel Stenberg <daniel@haxx.se>
	3	Date: Thu, 14 May 2020 14:37:12 +0200
	4	Subject: [PATCH] url: make the updated credentials URL-encoded in the URL
	5
	6	Found-by: Gregory Jefferis
	7	Reported-by: Jeroen Ooms
	8	Added test 1168 to verify. Bug spotted when doing a redirect.
	9	Bug: https://github.com/jeroen/curl/issues/224
	10	Closes #5400
	11
	12	Upstream-Status: Backport
	13	https://github.com/curl/curl/commit/600a8cded447cd
	14
	15	CVE: CVE-2020-8169
	16	Signed-off-by: Armin Kuster <akuster@mvista.com>
	17
	18	---
	19	lib/url.c \| 6 ++--
	20	tests/data/Makefile.inc \| 1 +
	21	tests/data/test1168 \| 78 +++++++++++++++++++++++++++++++++++++++++
	22	3 files changed, 83 insertions(+), 2 deletions(-)
	23	create mode 100644 tests/data/test1168
	24
	25	Index: curl-7.69.1/lib/url.c
	26	===================================================================
	27	--- curl-7.69.1.orig/lib/url.c
	28	+++ curl-7.69.1/lib/url.c
	29	@@ -2776,12 +2776,14 @@ static CURLcode override_login(struct Cu
	30
	31	/* for updated strings, we update them in the URL */
	32	if(user_changed) {
	33	- uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, 0);
	34	+ uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp,
	35	+ CURLU_URLENCODE);
	36	if(uc)
	37	return Curl_uc_to_curlcode(uc);
	38	}
	39	if(passwd_changed) {
	40	- uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, 0);
	41	+ uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp,
	42	+ CURLU_URLENCODE);
	43	if(uc)
	44	return Curl_uc_to_curlcode(uc);
	45	}
	46	Index: curl-7.69.1/tests/data/Makefile.inc
	47	===================================================================
	48	--- curl-7.69.1.orig/tests/data/Makefile.inc
	49	+++ curl-7.69.1/tests/data/Makefile.inc
	50	@@ -133,6 +133,7 @@ test1136 test1137 test1138 test1139 test
	51	test1144 test1145 test1146 test1147 test1148 test1149 test1150 test1151 \
	52	test1152 test1153 test1154 test1155 test1156 test1157 test1158 test1159 \
	53	test1160 test1161 test1162 test1163 test1164 test1165 test1166 test1167 \
	54	+test1168 \
	55	\
	56	test1170 test1171 test1172 test1173 test1174 test1175 test1176 \
	57	\
	58	Index: curl-7.69.1/tests/data/test1168
	59	===================================================================
	60	--- /dev/null
	61	+++ curl-7.69.1/tests/data/test1168
	62	@@ -0,0 +1,78 @@
	63	+<testcase>
	64	+<info>
	65	+<keywords>
	66	+HTTP
	67	+HTTP GET
	68	+followlocation
	69	+</keywords>
	70	+</info>
	71	+# Server-side
	72	+<reply>
	73	+<data>
	74	+HTTP/1.1 301 This is a weirdo text message swsclose
	75	+Date: Thu, 09 Nov 2010 14:49:00 GMT
	76	+Server: test-server/fake
	77	+Location: /data/11680002.txt
	78	+Connection: close
	79	+
	80	+This server reply is for testing a simple Location: following
	81	+
	82	+</data>
	83	+<data2>
	84	+HTTP/1.1 200 Followed here fine swsclose
	85	+Date: Thu, 09 Nov 2010 14:49:00 GMT
	86	+Server: test-server/fake
	87	+Content-Length: 52
	88	+
	89	+If this is received, the location following worked
	90	+
	91	+</data2>
	92	+<datacheck>
	93	+HTTP/1.1 301 This is a weirdo text message swsclose
	94	+Date: Thu, 09 Nov 2010 14:49:00 GMT
	95	+Server: test-server/fake
	96	+Location: /data/11680002.txt
	97	+Connection: close
	98	+
	99	+HTTP/1.1 200 Followed here fine swsclose
	100	+Date: Thu, 09 Nov 2010 14:49:00 GMT
	101	+Server: test-server/fake
	102	+Content-Length: 52
	103	+
	104	+If this is received, the location following worked
	105	+
	106	+</datacheck>
	107	+</reply>
	108	+
	109	+# Client-side
	110	+<client>
	111	+<server>
	112	+http
	113	+</server>
	114	+ <name>
	115	+HTTP redirect with credentials using # in user and password
	116	+ </name>
	117	+ <command>
	118	+http://%HOSTIP:%HTTPPORT/want/1168 -L -u "catmai#d:#DZaRJYrixKE*gFY"
	119	+</command>
	120	+</client>
	121	+
	122	+# Verify data after the test has been "shot"
	123	+<verify>
	124	+<strip>
	125	+^User-Agent:.*
	126	+</strip>
	127	+<protocol>
	128	+GET /want/1168 HTTP/1.1
	129	+Host: %HOSTIP:%HTTPPORT
	130	+Authorization: Basic Y2F0bWFpI2Q6I0RaYVJKWXJpeEtFKmdGWQ==
	131	+Accept: /
	132	+
	133	+GET /data/11680002.txt HTTP/1.1
	134	+Host: %HOSTIP:%HTTPPORT
	135	+Authorization: Basic Y2F0bWFpI2Q6I0RaYVJKWXJpeEtFKmdGWQ==
	136	+Accept: /
	137	+
	138	+</protocol>
	139	+</verify>
	140	+</testcase>