Age | Commit message (Collapse) | Author |
|
Backport fixes for CVE-2021-22922, CVE-2021-22923, CVE-2021-22945,
CVE-2021-22946, and CVE-2021-22947.
* https://curl.se/docs/CVE-2021-22922.html
* https://curl.se/docs/CVE-2021-22923.html
* https://curl.se/docs/CVE-2021-22945.html
* https://curl.se/docs/CVE-2021-22946.html
* https://curl.se/docs/CVE-2021-22947.html
22922 and 22923 were fixed by upstream by simply removing metalink
support in newer versions. These are mitigated in older versions by
disabling metalink support, which was already done by the recipe, so
whitelist these CVEs.
22945, 22946, and 22947 are backported with only trivial patch fuzz
modifications.
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Backport patches to fix below CVEs:
CVE-2021-22901
CVE-2021-22924
CVE-2021-22926
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
CVE-2021-22925
Reported-by: Red Hat Product Security
Bug: https://curl.se/docs/CVE-2021-22925.html
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
CVE:
CVE-2021-22897
Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
CVE:
CVE-2021-22898
Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Backport upstream patches to fix issues introduced by a backported CVE
patch. Fixes:
| ../../curl-7.75.0/lib/vtls/vtls.c: In function ‘Curl_ssl_addsessionid’:
| ../../curl-7.75.0/lib/vtls/vtls.c:508:14: error: ‘isProxy’ redeclared as different kind of symbol
| 508 | const bool isProxy = FALSE;
| | ^~~~~~~
| ../../curl-7.75.0/lib/vtls/vtls.c:488:37: note: previous definition of ‘isProxy’ with type ‘_Bool’
| 488 | bool isProxy,
| | ^
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Backport and modify the patch for CVE-2021-22876 from curl 7.76 to
make it apply cleanly on 7.75.
CVE: CVE-2021-22876
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport and modify the patch for CVE-2021-22890 from curl 7.76 to make
it apply cleanly on 7.75.
CVE: CVE-2021-22890
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes: [YOCTO #13471]
Signed-off-by: Ida Delphine <idadelm@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License-Update: copyright years changed
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|