]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6747482) | patch
curl: ammend fix for CVE-2023-27534 to fix error when ssh is enabled
authorSiddharth <sdoshi@mvista.com>
Thu, 11 May 2023 22:29:42 +0000 (03:59 +0530)
committerSteve Sakoman <steve@sakoman.com>
Fri, 19 May 2023 23:14:29 +0000 (13:14 -1000)
commitdf489f644e41108cf0e2ff55af7ce5e9bca40471
treea5ddd094d4416a70fb4d30562aea8dfe095ee217tree
parent6747482316b8f7839a09bf041d8c11b559f84b44commit | diff
curl: ammend fix for CVE-2023-27534 to fix error when ssh is enabled

The upstream patch for CVE-2023-27534 does three things:
1) creates new path with dynbuf(dynamic buffer)
2) solves the tilde error which causes CVE-2023-27534
3) modifies the below added functionality to not add a trailing "/" to the user home dir if it already ends with one with dynbuf.

dynbuf functionalities are added in curl in later versions and are not essential to fix the vulnerability but does add extra feature in later versions.
This patch completes the 3rd task of the patch which was implemented without using dynbuf

Upstream-Status: Backport from [https://github.com/curl/curl/commit/6c51adeb71da076c5c40a45e339e06bb4394a86b]

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-support/curl/curl/CVE-2023-27534-pre1.patch [new file with mode: 0644] blob
meta/recipes-support/curl/curl/CVE-2023-27534.patch diff | blob | blame | history
meta/recipes-support/curl/curl_7.69.1.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core