mirror of
https://git.yoctoproject.org/poky
synced 2026-06-25 05:13:39 +02:00
462de8f86f
curl v7.78 contained fixes for five CVEs: CVE-2021-22922[1] and CVE-2021-22923[2] are only present when support for metalink is enabled. EXTRA_OECONF contains "--without-libmetalink" so these fixes are unnecessary. CVE-2021-22926[3] only affects builds for MacOS. CVE-2021-22924[4] and CVE-2021-22925[5] are both applicable. Take the patches from Ubuntu 20.04 curl_7.68.0-1ubuntu2.6 package which is close enough that the patch for CVE-2021-22924 applies without conflicts.. [1] https://curl.se/docs/CVE-2021-22922.html [2] https://curl.se/docs/CVE-2021-22923.html [3] https://curl.se/docs/CVE-2021-22926.html [4] https://curl.se/docs/CVE-2021-22924.html [5] https://curl.se/docs/CVE-2021-22925.html (From OE-Core rev: 3631da82b3542df1c1e4bbd499fc2dbe67f5f3ec) Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>