curl: patch CVE-2025-15224

Pick patch per [1]. [1] https://curl.se/docs/CVE-2025-15224.html (From OE-Core rev: db87200a8ae19d40e7a8f038d9fe4e426f159ad3) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Peter Marko <peter.marko@siemens.com> 2026-01-10 18:36:35 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2026-01-26 09:49:25 +0000
commit: cd8f4444b207778a91c1a027c149dfd05dae867b (patch)
tree: e718c1211d2aa0786e707b388104baba5dc4127d /meta/recipes-support
parent: 2bf97e4e41378595fb72c878e095fa2ed1d09ac6 (diff)
download: poky-cd8f4444b207778a91c1a027c149dfd05dae867b.tar.gz
2 files changed, 32 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2025-15224.patch b/meta/recipes-support/curl/curl/CVE-2025-15224.patch
new file mode 100644
index 0000000000..36f5f1b93a
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2025-15224.patch
@@ -0,0 +1,31 @@
+From 16d5f2a5660c61cc27bd5f1c7f512391d1c927aa Mon Sep 17 00:00:00 2001
+From: Harry Sintonen <sintonen@iki.fi>
+Date: Mon, 29 Dec 2025 16:56:39 +0100
+Subject: [PATCH] libssh: require private key or user-agent for public key auth
+Closes #20110
+CVE: CVE-2025-15224
+Upstream-Status: Backport [https://github.com/curl/curl/commit/16d5f2a5660c61cc27bd5f1c7f512391d1c927aa]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/vssh/libssh.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c
+index 5d5125b526..bde6355f73 100644
+--- a/lib/vssh/libssh.c
+++ b/lib/vssh/libssh.c
+@@ -741,7 +741,11 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
+         }
+ 
+         sshc->auth_methods = ssh_userauth_list(sshc->ssh_session, NULL);
+-        if(sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) {
+  /* For public key auth we need either the private key or
+     CURLSSH_AUTH_AGENT. */
+  if((sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) &&
+    (data->set.str[STRING_SSH_PRIVATE_KEY] ||
+     (data->set.ssh_auth_types & CURLSSH_AUTH_AGENT))) {
+           state(data, SSH_AUTH_PKEY_INIT);
+           infof(data, "Authentication using SSH public key file");
+         }
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb
index 9c1a90e191..72bd1a2088 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -69,6 +69,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
           file://CVE-2025-9086.patch \
           file://CVE-2025-14017.patch \
           file://CVE-2025-15079.patch \
+           file://CVE-2025-15224.patch \
           "
 SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
author	Peter Marko <peter.marko@siemens.com>	2026-01-10 18:36:35 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2026-01-26 09:49:25 +0000
commit	cd8f4444b207778a91c1a027c149dfd05dae867b (patch)
tree	e718c1211d2aa0786e707b388104baba5dc4127d /meta/recipes-support
parent	2bf97e4e41378595fb72c878e095fa2ed1d09ac6 (diff)
download	poky-cd8f4444b207778a91c1a027c149dfd05dae867b.tar.gz

diff --git a/meta/recipes-support/curl/curl/CVE-2025-15224.patch b/meta/recipes-support/curl/curl/CVE-2025-15224.patch new file mode 100644 index 0000000000..36f5f1b93a --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2025-15224.patch
@@ -0,0 +1,31 @@
		1	From 16d5f2a5660c61cc27bd5f1c7f512391d1c927aa Mon Sep 17 00:00:00 2001
		2	From: Harry Sintonen <sintonen@iki.fi>
		3	Date: Mon, 29 Dec 2025 16:56:39 +0100
		4	Subject: [PATCH] libssh: require private key or user-agent for public key auth
		5
		6	Closes #20110
		7
		8	CVE: CVE-2025-15224
		9	Upstream-Status: Backport [https://github.com/curl/curl/commit/16d5f2a5660c61cc27bd5f1c7f512391d1c927aa]
		10	Signed-off-by: Peter Marko <peter.marko@siemens.com>
		11	---
		12	lib/vssh/libssh.c \| 6 +++++-
		13	1 file changed, 5 insertions(+), 1 deletion(-)
		14
		15	diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c
		16	index 5d5125b526..bde6355f73 100644
		17	--- a/lib/vssh/libssh.c
		18	+++ b/lib/vssh/libssh.c
		19	@@ -741,7 +741,11 @@ static CURLcode myssh_statemach_act(struct Curl_easy data, bool block)
		20	}
		21
		22	sshc->auth_methods = ssh_userauth_list(sshc->ssh_session, NULL);
		23	- if(sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) {
		24	+ /* For public key auth we need either the private key or
		25	+ CURLSSH_AUTH_AGENT. */
		26	+ if((sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) &&
		27	+ (data->set.str[STRING_SSH_PRIVATE_KEY] \|\|
		28	+ (data->set.ssh_auth_types & CURLSSH_AUTH_AGENT))) {
		29	state(data, SSH_AUTH_PKEY_INIT);
		30	infof(data, "Authentication using SSH public key file");
		31	}


diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index 9c1a90e191..72bd1a2088 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -69,6 +69,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
69	file://CVE-2025-9086.patch \	69	file://CVE-2025-9086.patch \
70	file://CVE-2025-14017.patch \	70	file://CVE-2025-14017.patch \
71	file://CVE-2025-15079.patch \	71	file://CVE-2025-15079.patch \
		72	file://CVE-2025-15224.patch \
72	"	73	"
73	SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"	74	SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
74		75