summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/curl/curl/CVE-2021-22945.patch
Commit message (Collapse)AuthorAgeFilesLines
* curl: Backport CVE fixesRobert Joslyn2022-01-251-0/+35
Backport fixes for CVE-2021-22922, CVE-2021-22923, CVE-2021-22945, CVE-2021-22946, and CVE-2021-22947. * https://curl.se/docs/CVE-2021-22922.html * https://curl.se/docs/CVE-2021-22923.html * https://curl.se/docs/CVE-2021-22945.html * https://curl.se/docs/CVE-2021-22946.html * https://curl.se/docs/CVE-2021-22947.html 22922 and 22923 were fixed by upstream by simply removing metalink support in newer versions. These are mitigated in older versions by disabling metalink support, which was already done by the recipe, so whitelist these CVEs. 22945, 22946, and 22947 are backported with only trivial patch fuzz modifications. (From OE-Core rev: 705718cfe243e05e0975bad3b822666363ef55df) Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>