From: Peter Marko <[email protected]> Pick patch per [1].
[1] https://curl.se/docs/CVE-2025-14524.html Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Yoann Congal <[email protected]> --- .../curl/curl/CVE-2025-14524.patch | 40 +++++++++++++++++++ meta/recipes-support/curl/curl_8.17.0.bb | 1 + 2 files changed, 41 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2025-14524.patch diff --git a/meta/recipes-support/curl/curl/CVE-2025-14524.patch b/meta/recipes-support/curl/curl/CVE-2025-14524.patch new file mode 100644 index 0000000000..c70dd0a04d --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2025-14524.patch @@ -0,0 +1,40 @@ +From 1a822275d333dc6da6043497160fd04c8fa48640 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <[email protected]> +Date: Wed, 10 Dec 2025 11:40:47 +0100 +Subject: [PATCH] curl_sasl: if redirected, require permission to use bearer + +Closes #19933 + +CVE: CVE-2025-14524 +Upstream-Status: Backport [https://github.com/curl/curl/commit/1a822275d333dc6da6043497160fd04c8fa48640] +Signed-off-by: Peter Marko <[email protected]> +--- + lib/curl_sasl.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c +index 3e4bafc19a..b93bafbefa 100644 +--- a/lib/curl_sasl.c ++++ b/lib/curl_sasl.c +@@ -456,7 +456,9 @@ static bool sasl_choose_ntlm(struct Curl_easy *data, struct sasl_ctx *sctx) + + static bool sasl_choose_oauth(struct Curl_easy *data, struct sasl_ctx *sctx) + { +- const char *oauth_bearer = data->set.str[STRING_BEARER]; ++ const char *oauth_bearer = ++ (!data->state.this_is_a_follow || data->set.allow_auth_to_other_hosts) ? ++ data->set.str[STRING_BEARER] : NULL; + + if(sctx->user && oauth_bearer && + (sctx->enabledmechs & SASL_MECH_OAUTHBEARER)) { +@@ -481,7 +483,9 @@ static bool sasl_choose_oauth(struct Curl_easy *data, struct sasl_ctx *sctx) + + static bool sasl_choose_oauth2(struct Curl_easy *data, struct sasl_ctx *sctx) + { +- const char *oauth_bearer = data->set.str[STRING_BEARER]; ++ const char *oauth_bearer = ++ (!data->state.this_is_a_follow || data->set.allow_auth_to_other_hosts) ? ++ data->set.str[STRING_BEARER] : NULL; + + if(sctx->user && oauth_bearer && + (sctx->enabledmechs & SASL_MECH_XOAUTH2)) { diff --git a/meta/recipes-support/curl/curl_8.17.0.bb b/meta/recipes-support/curl/curl_8.17.0.bb index e0a9bae23d..ad9b7c9ab7 100644 --- a/meta/recipes-support/curl/curl_8.17.0.bb +++ b/meta/recipes-support/curl/curl_8.17.0.bb @@ -16,6 +16,7 @@ SRC_URI = " \ file://no-test-timeout.patch \ file://CVE-2025-13034.patch \ file://CVE-2025-14017.patch \ + file://CVE-2025-14524.patch \ " SRC_URI:append:class-nativesdk = " \
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#229671): https://lists.openembedded.org/g/openembedded-core/message/229671 Mute This Topic: https://lists.openembedded.org/mt/117361357/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
