summaryrefslogtreecommitdiffstats
path: root/meta/classes/toolchain-scripts.bbclass
diff options
context:
space:
mode:
authorBhabu Bindu <bhabu.bindu@kpit.com>2023-05-29 17:02:44 +0530
committerSteve Sakoman <steve@sakoman.com>2023-06-01 16:24:07 -1000
commitd68f782872c3159630bd3fd34bf942242686e49c (patch)
treebf1efc78709caf74103c5352d50fd8b3b8a787ab /meta/classes/toolchain-scripts.bbclass
parent8f3b0b8e9bbff522c1dd9f1507d71c82d228c46e (diff)
downloadpoky-d68f782872c3159630bd3fd34bf942242686e49c.tar.gz
curl: Fix CVE-2023-28320
Add patch to fix CVE-2023-28320 siglongjmp race condition libcurl provides several different backends for resolving host names, selectedat build time. If it is built to use the synchronous resolver, it allows nameresolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected anda multi-threaded application might therefore crash or otherwise misbehave. Link: https://curl.se/docs/CVE-2023-28320.html (From OE-Core rev: c761d822be5ffc4a88600fbd7282c469b1e9902a) Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/classes/toolchain-scripts.bbclass')
0 files changed, 0 insertions, 0 deletions