mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-01-29 21:08:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

curl: patch CVE-2025-15224

Browse Source 
Pick patch per [1].

[1] https://curl.se/docs/CVE-2025-15224.html

(From OE-Core rev: db87200a8ae19d40e7a8f038d9fe4e426f159ad3)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Peter Marko
2026-01-10 18:36:35 +01:00
committed by Richard Purdie
parent 2bf97e4e41
commit cd8f4444b2
2 changed files with 32 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
meta/recipes-support/curl/curl/CVE-2025-15224.patch Normal file
View File

@@ -0,0 +1,31 @@
From 16d5f2a5660c61cc27bd5f1c7f512391d1c927aa Mon Sep 17 00:00:00 2001
From: Harry Sintonen <sintonen@iki.fi>
Date: Mon, 29 Dec 2025 16:56:39 +0100
Subject: [PATCH] libssh: require private key or user-agent for public key auth
Closes #20110
CVE: CVE-2025-15224
Upstream-Status: Backport [https://github.com/curl/curl/commit/16d5f2a5660c61cc27bd5f1c7f512391d1c927aa]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
lib/vssh/libssh.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c
index 5d5125b526..bde6355f73 100644
--- a/lib/vssh/libssh.c
+++ b/lib/vssh/libssh.c
@@ -741,7 +741,11 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
}
sshc->auth_methods = ssh_userauth_list(sshc->ssh_session, NULL);
- if(sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) {
+ /* For public key auth we need either the private key or
+ CURLSSH_AUTH_AGENT. */
+ if((sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) &&
+ (data->set.str[STRING_SSH_PRIVATE_KEY] ||
+ (data->set.ssh_auth_types & CURLSSH_AUTH_AGENT))) {
state(data, SSH_AUTH_PKEY_INIT);
infof(data, "Authentication using SSH public key file");
}

1
meta/recipes-support/curl/curl_7.82.0.bb
View File

@@ -69,6 +69,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
file://CVE-2025-9086.patch \ file://CVE-2025-9086.patch \
file://CVE-2025-14017.patch \ file://CVE-2025-14017.patch \
file://CVE-2025-15079.patch \ file://CVE-2025-15079.patch \
file://CVE-2025-15224.patch \
" "
SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"