[scarthgap,02/25] curl: patch CVE-2025-14524

Message ID	1a71732df03fda94d0a7f170da3e7f34df7aa780.1770626074.git.yoann.congal@smile.fr
State	RFC
Delegated to:	Yoann Congal
Headers	show Return-Path: <yoann.congal@smile.fr> ip: 209.85.128.44, mailfrom: yoann.congal@smile.fr) From: Yoann Congal <yoann.congal@smile.fr> To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 02/25] curl: patch CVE-2025-14524 Date: Mon, 9 Feb 2026 10:28:45 +0100 Message-ID: <1a71732df03fda94d0a7f170da3e7f34df7aa780.1770626074.git.yoann.congal@smile.fr> In-Reply-To: <cover.1770626074.git.yoann.congal@smile.fr> References: <cover.1770626074.git.yoann.congal@smile.fr> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[scarthgap,01/25] curl: fix CVE-2025-10148 \| expand [scarthgap,01/25] curl: fix CVE-2025-10148 [scarthgap,02/25] curl: patch CVE-2025-14524 [scarthgap,03/25] expat: patch CVE-2026-24515 [scarthgap,04/25] expat: patch CVE-2026-25210 [scarthgap,05/25] glib-2.0: patch CVE-2026-0988 [scarthgap,06/25] inetutils: Fix CVE-2026-24061 [scarthgap,07/25] libpng: patch CVE-2026-22695 [scarthgap,08/25] libpng: patch CVE-2026-22801 [scarthgap,09/25] libtasn1: Fix CVE-2025-13151 [scarthgap,10/25] libxml2: patch CVE-2026-0989 [scarthgap,11/25] libxml2: patch CVE-2026-0990 [scarthgap,12/25] libxml2: patch CVE-2026-0992 [scarthgap,13/25] libxml2: add follow-up patch for CVE-2026-0992 [scarthgap,14/25] python3: patch CVE-2025-13837 [scarthgap,15/25] python-urllib3: Backport fix for CVE-2026-21441 [scarthgap,16/25] zlib: ignore CVE-2026-22184 [scarthgap,17/25] ffmpeg: upgrade 6.1.3 -> 6.1.4 [scarthgap,18/25] ffmpeg: ignore CVE-2025-25469 [scarthgap,19/25] glibc: stable 2.39 branch updates [scarthgap,20/25] meta/classes: fix missing vardeps for CVE status variables [scarthgap,21/25] improve_kernel_cve_report: add script for postprocesing of kernel CVE data [scarthgap,22/25] lighttpd: Fix trailing slash on files in mod_dirlisting [scarthgap,23/25] docbook-xml-dtd4: fix the fetching failure [scarthgap,24/25] pseudo: Update to 1.9.3 release [scarthgap,25/25] libtheora: set CVE_PRODUCT

Message ID

1a71732df03fda94d0a7f170da3e7f34df7aa780.1770626074.git.yoann.congal@smile.fr

State

RFC

Delegated to:

Yoann Congal

Headers

From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 02/25] curl: patch CVE-2025-14524
Date: Mon,  9 Feb 2026 10:28:45 +0100
Message-ID: 
 <1a71732df03fda94d0a7f170da3e7f34df7aa780.1770626074.git.yoann.congal@smile.fr>
In-Reply-To: <cover.1770626074.git.yoann.congal@smile.fr>
References: <cover.1770626074.git.yoann.congal@smile.fr>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[scarthgap,01/25] curl: fix CVE-2025-10148 | expand

Commit Message

Yoann Congal Feb. 9, 2026, 9:28 a.m. UTC

From: Amaury Couderc <amaury.couderc@est.tech>

Signed-off-by: Amaury Couderc <amaury.couderc@est.tech>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../curl/curl/CVE-2025-14524.patch            | 44 +++++++++++++++++++
 meta/recipes-support/curl/curl_8.7.1.bb       |  1 +
 2 files changed, 45 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2025-14524.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2025-14524.patch b/meta/recipes-support/curl/curl/CVE-2025-14524.patch
new file mode 100644
index 00000000000..7692130f6e9
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2025-14524.patch
@@ -0,0 +1,44 @@ 
+From 0bccd8d29c89d70120444088d3893af59f3772bf Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 10 Dec 2025 11:40:47 +0100
+Subject: [PATCH] curl_sasl: if redirected, require permission to use bearer
+
+Closes #19933
+
+CVE: CVE-2025-14524
+Upstream-Status: Backport [https://github.com/curl/curl/commit/1a822275d333dc6da6043497160fd04c8fa48640]
+
+Signed-off-by: Amaury Couderc <amaury.couderc@est.tech>
+---
+ lib/curl_sasl.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c
+index 66639cbacc..fe646548a8 100644
+--- a/lib/curl_sasl.c
++++ b/lib/curl_sasl.c
+@@ -357,7 +357,9 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct Curl_easy *data,
+     data->set.str[STRING_SERVICE_NAME] :
+     sasl->params->service;
+ #endif
+-  const char *oauth_bearer = data->set.str[STRING_BEARER];
++  const char *oauth_bearer =
++    (!data->state.this_is_a_follow || data->set.allow_auth_to_other_hosts) ?
++    data->set.str[STRING_BEARER] : NULL;
+   struct bufref nullmsg;
+ 
+   Curl_conn_get_host(data, FIRSTSOCKET, &hostname, &disp_hostname, &port);
+@@ -544,7 +546,9 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data,
+     data->set.str[STRING_SERVICE_NAME] :
+     sasl->params->service;
+ #endif
+-  const char *oauth_bearer = data->set.str[STRING_BEARER];
++  const char *oauth_bearer =
++    (!data->state.this_is_a_follow || data->set.allow_auth_to_other_hosts) ?
++    data->set.str[STRING_BEARER] : NULL;
+   struct bufref serverdata;
+ 
+   Curl_conn_get_host(data, FIRSTSOCKET, &hostname, &disp_hostname, &port);
+-- 
+2.43.0
+
diff --git a/meta/recipes-support/curl/curl_8.7.1.bb b/meta/recipes-support/curl/curl_8.7.1.bb
index 0d7aea0978b..9e37684b2cc 100644
--- a/meta/recipes-support/curl/curl_8.7.1.bb
+++ b/meta/recipes-support/curl/curl_8.7.1.bb
@@ -27,6 +27,7 @@  SRC_URI = " \
     file://CVE-2025-9086.patch \
     file://CVE-2025-10148.patch \
     file://CVE-2025-14017.patch \
+    file://CVE-2025-14524.patch \
     file://0001-build-enable-Wcast-qual-fix-or-silence-compiler-warn.patch \
     file://CVE-2025-14819.patch \
     file://CVE-2025-15079.patch \

[scarthgap,02/25] curl: patch CVE-2025-14524

Commit Message

Patch