diff options
author | Trevor Gamblin <trevor.gamblin@windriver.com> | 2021-06-16 09:02:01 -0400 |
---|---|---|
committer | Anuj Mittal <anuj.mittal@intel.com> | 2021-06-18 13:21:36 +0800 |
commit | 456ba1717fc3ebb9d10cc6a3c916b07f7c4e8a22 (patch) | |
tree | 4e719eaf96f6fbbc39feeedce50d760475fca4e4 /meta/recipes-support/curl/curl/0002-transfer-strip-credentials-from-the-auto-referer-hea.patch | |
parent | bfe25c99e914062b0527a6e74ebb8ce1eaad4ca8 (diff) | |
download | openembedded-core-contrib-456ba1717fc3ebb9d10cc6a3c916b07f7c4e8a22.tar.gz |
curl: cleanup CVE patches for hardknott
The patch backported to address CVE-2021-22890 was missing a bracket to
properly close out the logic in lib/vtls/wolfssl.c. Fix this so to avoid
any surprise failures when using curl with hardknott.
Also fix the CVE designation in the patch descriptions for CVEs
CVE-2021-22890 and CVE-2021-22876 so that CVE checks run with bitbake
correctly detect that they are patched.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Diffstat (limited to 'meta/recipes-support/curl/curl/0002-transfer-strip-credentials-from-the-auto-referer-hea.patch')
-rw-r--r-- | meta/recipes-support/curl/curl/0002-transfer-strip-credentials-from-the-auto-referer-hea.patch | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/meta/recipes-support/curl/curl/0002-transfer-strip-credentials-from-the-auto-referer-hea.patch b/meta/recipes-support/curl/curl/0002-transfer-strip-credentials-from-the-auto-referer-hea.patch index 6c4f6f2f48..c02c9bed68 100644 --- a/meta/recipes-support/curl/curl/0002-transfer-strip-credentials-from-the-auto-referer-hea.patch +++ b/meta/recipes-support/curl/curl/0002-transfer-strip-credentials-from-the-auto-referer-hea.patch @@ -6,7 +6,10 @@ Subject: [PATCH 2/2] transfer: strip credentials from the auto-referer header Added test 2081 to verify. -CVE-2021-22876 +CVE: CVE-2021-22876 + +Upstream-Status: Backport +(https://github.com/curl/curl/commit/7214288898f5625a6cc196e22a74232eada7861c) Bug: https://curl.se/docs/CVE-2021-22876.html |