mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-01-29 21:08:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

curl: patch CVE-2025-15224

Browse Source 
Pick patch per [1].

[1] https://curl.se/docs/CVE-2025-15224.html

(From OE-Core rev: 83c7d4acc5da661b44055db95355c3c420f7afac)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Peter Marko
2026-01-10 18:36:27 +01:00
committed by Richard Purdie
parent 41c8c7c5c5
commit 4581b795c6
2 changed files with 32 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
meta/recipes-support/curl/curl/CVE-2025-15224.patch Normal file
View File

@@ -0,0 +1,31 @@
From 16d5f2a5660c61cc27bd5f1c7f512391d1c927aa Mon Sep 17 00:00:00 2001
From: Harry Sintonen <sintonen@iki.fi>
Date: Mon, 29 Dec 2025 16:56:39 +0100
Subject: [PATCH] libssh: require private key or user-agent for public key auth
Closes #20110
CVE: CVE-2025-15224
Upstream-Status: Backport [https://github.com/curl/curl/commit/16d5f2a5660c61cc27bd5f1c7f512391d1c927aa]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
lib/vssh/libssh.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c
index 5d5125b526..bde6355f73 100644
--- a/lib/vssh/libssh.c
+++ b/lib/vssh/libssh.c
@@ -751,7 +751,11 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
"keyboard-interactive, " : "",
sshc->auth_methods & SSH_AUTH_METHOD_PASSWORD ?
"password": "");
- if(sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) {
+ /* For public key auth we need either the private key or
+ CURLSSH_AUTH_AGENT. */
+ if((sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) &&
+ (data->set.str[STRING_SSH_PRIVATE_KEY] ||
+ (data->set.ssh_auth_types & CURLSSH_AUTH_AGENT))) {
state(data, SSH_AUTH_PKEY_INIT);
infof(data, "Authentication using SSH public key file");
}

1
meta/recipes-support/curl/curl_8.7.1.bb
View File

@@ -29,6 +29,7 @@ SRC_URI = " \
file://0001-build-enable-Wcast-qual-fix-or-silence-compiler-warn.patch \ file://0001-build-enable-Wcast-qual-fix-or-silence-compiler-warn.patch \
file://CVE-2025-14819.patch \ file://CVE-2025-14819.patch \
file://CVE-2025-15079.patch \ file://CVE-2025-15079.patch \
file://CVE-2025-15224.patch \
" "
SRC_URI:append:class-nativesdk = " \ SRC_URI:append:class-nativesdk = " \