From: Anil Dongare <[email protected]> Backport the upstream fix [1] for the Negotiate-authenticated connection reuse issue described in [2] and tracked by [3].
[1] https://github.com/curl/curl/commit/33e43985b8f3b9e66691d06e70be0395849856cd [2] https://curl.se/docs/CVE-2026-5545.html [3] https://nvd.nist.gov/vuln/detail/CVE-2026-5545 Signed-off-by: Anil Dongare <[email protected]> --- .../curl/curl/CVE-2026-5545.patch | 46 +++++++++++++++++++ meta/recipes-support/curl/curl_8.19.0.bb | 1 + 2 files changed, 47 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2026-5545.patch diff --git a/meta/recipes-support/curl/curl/CVE-2026-5545.patch b/meta/recipes-support/curl/curl/CVE-2026-5545.patch new file mode 100644 index 0000000000..86a63c6738 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2026-5545.patch @@ -0,0 +1,46 @@ +From 33e43985b8f3b9e66691d06e70be0395849856cd Mon Sep 17 00:00:00 2001 +From: Stefan Eissing <[email protected]> +Date: Thu, 2 Apr 2026 11:33:39 +0200 +Subject: [PATCH] url: improve connection reuse on negotiate + +Check state of negotiate to allow proper connection reuse. + +Closes #21203 + +CVE: CVE-2026-5545 +Upstream-Status: Backport [https://github.com/curl/curl/commit/33e43985b8f3b9e66691d06e70be0395849856cd] + +(cherry picked from commit 33e43985b8f3b9e66691d06e70be0395849856cd) +Signed-off-by: Anil Dongare <[email protected]> +--- + lib/url.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/lib/url.c b/lib/url.c +index b9e308a..7c24f1a 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -1110,11 +1110,17 @@ static bool url_match_auth_ntlm(struct connectdata *conn, + if(m->want_ntlm_http) { + if(Curl_timestrcmp(m->needle->user, conn->user) || + Curl_timestrcmp(m->needle->passwd, conn->passwd)) { +- + /* we prefer a credential match, but this is at least a connection +- that can be reused and "upgraded" to NTLM */ +- if(conn->http_ntlm_state == NTLMSTATE_NONE) ++ that can be reused and "upgraded" to NTLM if it does ++ not have any auth ongoing. */ ++#ifdef USE_SPNEGO ++ if((conn->http_ntlm_state == NTLMSTATE_NONE) ++ && (conn->http_negotiate_state == GSS_AUTHNONE)) { ++#else ++ if(conn->http_ntlm_state == NTLMSTATE_NONE) { ++#endif + m->found = conn; ++ } + return FALSE; + } + } +-- +2.43.7 + diff --git a/meta/recipes-support/curl/curl_8.19.0.bb b/meta/recipes-support/curl/curl_8.19.0.bb index 41e6888977..2b1bc40e37 100644 --- a/meta/recipes-support/curl/curl_8.19.0.bb +++ b/meta/recipes-support/curl/curl_8.19.0.bb @@ -15,6 +15,7 @@ SRC_URI = " \ file://disable-tests \ file://no-test-timeout.patch \ file://CVE-2026-6276.patch \ + file://CVE-2026-5545.patch \ file://mbedtls.patch \ " -- 2.51.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#239778): https://lists.openembedded.org/g/openembedded-core/message/239778 Mute This Topic: https://lists.openembedded.org/mt/120029892/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
