From 524870aad285debb67f6cd134b6465a06738906e Mon Sep 17 00:00:00 2001
From: Armin Kuster <akuster@mvista.com>
Date: Thu, 7 Jan 2021 17:25:46 +0530
Subject: curl: Security fixes for CVE-2020-{8169/8177}

Source: https://curl.haxx.se/
MR: 104472, 104458
Type: Security Fix
Disposition: Backport from https://github.com/curl/curl/commit/{600a8cded447cd/8236aba58542c5f}
ChangeID: 1300924f7a64b22375b4326daeef0b686481e30c
Description:

- Affected versions: curl 7.20.0 to and including 7.70.0
- Not affected versions: curl < 7.20.0 and curl >= 7.71.0

Fixes both CVE-2020-8169 and CVE-2020-8177

(From OE-Core rev: f42702baee57ab3d1b7ab7833e72c7d56ad4ee94)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Sana Kazi <sanak@kpit.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 meta/recipes-support/curl/curl_7.66.0.bb | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'meta/recipes-support/curl/curl_7.66.0.bb')

diff --git a/meta/recipes-support/curl/curl_7.66.0.bb b/meta/recipes-support/curl/curl_7.66.0.bb
index a54e0536e9..506ae0eade 100644
--- a/meta/recipes-support/curl/curl_7.66.0.bb
+++ b/meta/recipes-support/curl/curl_7.66.0.bb
@@ -8,6 +8,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=be5d9e1419c4363f4b32037a2d3b7ffa"
 SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
            file://0001-replace-krb5-config-with-pkg-config.patch \
            file://CVE-2019-15601.patch \
+           file://CVE-2020-8169.patch \
+           file://CVE-2020-8177.patch \
 "
 
 SRC_URI[md5sum] = "c238aa394e3aa47ca4fcb0491774149f"
-- 
cgit 1.2.3-korg