summaryrefslogtreecommitdiff
path: root/poky/meta/recipes-support/curl/curl/CVE-2023-23914_5-2.patch
blob: 668972cb3f90ddf2967896a5e74c53275127228d (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

From 0bf8b796a0ea98395b390c7807187982215f5c11 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 27 Dec 2022 11:50:23 +0100
Subject: [PATCH] tool_operate: share HSTS between handles

CVE: CVE-2023-23914 CVE-2023-23915
Upstream-Status: Backport [https://github.com/curl/curl/pull/10138/commits/ca17cfed2df001356cfe2841f166569bac0f5e8c]
Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com>
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
---
 src/tool_operate.c | 1 +
 1 file changed, 1 insertion(+)

--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -2722,6 +2722,7 @@ CURLcode operate(struct GlobalConfig *gl
         curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_SSL_SESSION);
         curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_CONNECT);
         curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_PSL);
+        curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_HSTS);

         /* Get the required arguments for each operation */
         do {
generated by cgit v1.2.3 (git 2.39.0) at 2024-06-02 18:23:24 +0300