mirror of
https://git.yoctoproject.org/poky
synced 2026-04-20 00:32:13 +02:00
d68f782872
Add patch to fix CVE-2023-28320 siglongjmp race condition libcurl provides several different backends for resolving host names, selectedat build time. If it is built to use the synchronous resolver, it allows nameresolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected anda multi-threaded application might therefore crash or otherwise misbehave. Link: https://curl.se/docs/CVE-2023-28320.html (From OE-Core rev: c761d822be5ffc4a88600fbd7282c469b1e9902a) Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>