--- /dev/null
+From 16d5f2a5660c61cc27bd5f1c7f512391d1c927aa Mon Sep 17 00:00:00 2001
+From: Harry Sintonen <sintonen@iki.fi>
+Date: Mon, 29 Dec 2025 16:56:39 +0100
+Subject: [PATCH] libssh: require private key or user-agent for public key auth
+
+Closes #20110
+
+CVE: CVE-2025-15224
+Upstream-Status: Backport [https://github.com/curl/curl/commit/16d5f2a5660c61cc27bd5f1c7f512391d1c927aa]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ lib/vssh/libssh.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c
+index 5d5125b526..bde6355f73 100644
+--- a/lib/vssh/libssh.c
++++ b/lib/vssh/libssh.c
+@@ -741,7 +741,11 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
+ }
+
+ sshc->auth_methods = ssh_userauth_list(sshc->ssh_session, NULL);
+- if(sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) {
++ /* For public key auth we need either the private key or
++ CURLSSH_AUTH_AGENT. */
++ if((sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) &&
++ (data->set.str[STRING_SSH_PRIVATE_KEY] ||
++ (data->set.ssh_auth_types & CURLSSH_AUTH_AGENT))) {
+ state(data, SSH_AUTH_PKEY_INIT);
+ infof(data, "Authentication using SSH public key file");
+ }
file://CVE-2025-9086.patch \
file://CVE-2025-14017.patch \
file://CVE-2025-15079.patch \
+ file://CVE-2025-15224.patch \
"
SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
projects / thirdparty / openembedded / openembedded-core.git / commitdiff
