1 files changed, 83 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2022-27774-3.patch b/meta/recipes-support/curl/curl/CVE-2022-27774-3.patch
new file mode 100644
index 0000000000..a585f6a8fa
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2022-27774-3.patch
@@ -0,0 +1,83 @@
+From 5dccf21ad49eed925e8f76b0cb844877239ce23d Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 25 Apr 2022 17:59:15 +0200
+Subject: [PATCH] openssl: don't leak the SRP credentials in redirects either
+Follow-up to 620ea21410030
+Reported-by: Harry Sintonen
+Closes #8751
+Upstream-Status: Backport [https://github.com/curl/curl/commit/139a54ed0a172adaaf1a78d6f4fff50b2c3f9e08]
+Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
+---
+ lib/http.c         | 10 +++++-----
+ lib/http.h         |  6 ++++++
+ lib/vtls/openssl.c |  3 ++-
+ 3 files changed, 13 insertions(+), 6 deletions(-)
+diff --git a/lib/http.c b/lib/http.c
+index 8b16c09..5291c07 100644
+--- a/lib/http.c
+++ b/lib/http.c
+@@ -732,10 +732,10 @@ output_auth_headers(struct connectdata *conn,
+ }
+ 
+ /*
+- * allow_auth_to_host() tells if autentication, cookies or other "sensitive
+- * data" can (still) be sent to this host.
+ * Curl_allow_auth_to_host() tells if authentication, cookies or other
+ * "sensitive data" can (still) be sent to this host.
+  */
+-static bool allow_auth_to_host(struct Curl_easy *data)
+bool Curl_allow_auth_to_host(struct Curl_easy *data)
+ {
+   struct connectdata *conn = data->conn;
+   return (!data->state.this_is_a_follow ||
+@@ -816,7 +816,7 @@ Curl_http_output_auth(struct connectdata *conn,
+ 
+   /* To prevent the user+password to get sent to other than the original host
+      due to a location-follow */
+-  if(allow_auth_to_host(data)
+  if(Curl_allow_auth_to_host(data)
+      || conn->bits.netrc
+     )
+     result = output_auth_headers(conn, authhost, request, path, FALSE);
+@@ -1891,7 +1891,7 @@ CURLcode Curl_add_custom_headers(struct connectdata *conn,
+                    checkprefix("Cookie:", compare)) &&
+                   /* be careful of sending this potentially sensitive header to
+                      other hosts */
+-                  !allow_auth_to_host(data))                     
+                  !Curl_allow_auth_to_host(data))                        
+             ;
+           else {
+             result = Curl_add_bufferf(&req_buffer, "%s\r\n", compare);
+diff --git a/lib/http.h b/lib/http.h
+index 4c1825f..4fbae1d 100644
+--- a/lib/http.h
+++ b/lib/http.h
+@@ -273,4 +273,10 @@ Curl_http_output_auth(struct connectdata *conn,
+                       bool proxytunnel); /* TRUE if this is the request setting
+                                             up the proxy tunnel */
+ 
+/*
+ * Curl_allow_auth_to_host() tells if authentication, cookies or other
+ * "sensitive data" can (still) be sent to this host.
+ */
+bool Curl_allow_auth_to_host(struct Curl_easy *data);
+
+ #endif /* HEADER_CURL_HTTP_H */
+diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
+index 006a8c8..a14cecc 100644
+--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
+@@ -2739,7 +2739,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
+ #endif
+ 
+ #ifdef USE_TLS_SRP
+-  if(ssl_authtype == CURL_TLSAUTH_SRP) {
+  if((ssl_authtype == CURL_TLSAUTH_SRP) &&
+     Curl_allow_auth_to_host(data)) {
+     char * const ssl_username = SSL_SET_OPTION(username);
+ 
+     infof(data, "Using TLS-SRP username: %s\n", ssl_username);

diff --git a/meta/recipes-support/curl/curl/CVE-2022-27774-3.patch b/meta/recipes-support/curl/curl/CVE-2022-27774-3.patch new file mode 100644 index 0000000000..a585f6a8fa --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2022-27774-3.patch
@@ -0,0 +1,83 @@
	1	From 5dccf21ad49eed925e8f76b0cb844877239ce23d Mon Sep 17 00:00:00 2001
	2	From: Daniel Stenberg <daniel@haxx.se>
	3	Date: Mon, 25 Apr 2022 17:59:15 +0200
	4	Subject: [PATCH] openssl: don't leak the SRP credentials in redirects either
	5
	6	Follow-up to 620ea21410030
	7
	8	Reported-by: Harry Sintonen
	9	Closes #8751
	10
	11	Upstream-Status: Backport [https://github.com/curl/curl/commit/139a54ed0a172adaaf1a78d6f4fff50b2c3f9e08]
	12	Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
	13	---
	14	lib/http.c \| 10 +++++-----
	15	lib/http.h \| 6 ++++++
	16	lib/vtls/openssl.c \| 3 ++-
	17	3 files changed, 13 insertions(+), 6 deletions(-)
	18
	19	diff --git a/lib/http.c b/lib/http.c
	20	index 8b16c09..5291c07 100644
	21	--- a/lib/http.c
	22	+++ b/lib/http.c
	23	@@ -732,10 +732,10 @@ output_auth_headers(struct connectdata *conn,
	24	}
	25
	26	/*
	27	- * allow_auth_to_host() tells if autentication, cookies or other "sensitive
	28	- * data" can (still) be sent to this host.
	29	+ * Curl_allow_auth_to_host() tells if authentication, cookies or other
	30	+ * "sensitive data" can (still) be sent to this host.
	31	*/
	32	-static bool allow_auth_to_host(struct Curl_easy *data)
	33	+bool Curl_allow_auth_to_host(struct Curl_easy *data)
	34	{
	35	struct connectdata *conn = data->conn;
	36	return (!data->state.this_is_a_follow \|\|
	37	@@ -816,7 +816,7 @@ Curl_http_output_auth(struct connectdata *conn,
	38
	39	/* To prevent the user+password to get sent to other than the original host
	40	due to a location-follow */
	41	- if(allow_auth_to_host(data)
	42	+ if(Curl_allow_auth_to_host(data)
	43	\|\| conn->bits.netrc
	44	)
	45	result = output_auth_headers(conn, authhost, request, path, FALSE);
	46	@@ -1891,7 +1891,7 @@ CURLcode Curl_add_custom_headers(struct connectdata *conn,
	47	checkprefix("Cookie:", compare)) &&
	48	/* be careful of sending this potentially sensitive header to
	49	other hosts */
	50	- !allow_auth_to_host(data))
	51	+ !Curl_allow_auth_to_host(data))
	52	;
	53	else {
	54	result = Curl_add_bufferf(&req_buffer, "%s\r\n", compare);
	55	diff --git a/lib/http.h b/lib/http.h
	56	index 4c1825f..4fbae1d 100644
	57	--- a/lib/http.h
	58	+++ b/lib/http.h
	59	@@ -273,4 +273,10 @@ Curl_http_output_auth(struct connectdata *conn,
	60	bool proxytunnel); /* TRUE if this is the request setting
	61	up the proxy tunnel */
	62
	63	+/*
	64	+ * Curl_allow_auth_to_host() tells if authentication, cookies or other
	65	+ * "sensitive data" can (still) be sent to this host.
	66	+ */
	67	+bool Curl_allow_auth_to_host(struct Curl_easy *data);
	68	+
	69	#endif /* HEADER_CURL_HTTP_H */
	70	diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
	71	index 006a8c8..a14cecc 100644
	72	--- a/lib/vtls/openssl.c
	73	+++ b/lib/vtls/openssl.c
	74	@@ -2739,7 +2739,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
	75	#endif
	76
	77	#ifdef USE_TLS_SRP
	78	- if(ssl_authtype == CURL_TLSAUTH_SRP) {
	79	+ if((ssl_authtype == CURL_TLSAUTH_SRP) &&
	80	+ Curl_allow_auth_to_host(data)) {
	81	char * const ssl_username = SSL_SET_OPTION(username);
	82
	83	infof(data, "Using TLS-SRP username: %s\n", ssl_username);