From patchwork Mon Jun 29 10:47:57 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)" X-Patchwork-Id: 91248 X-Patchwork-Delegate: yoann.congal@smile.fr Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D389EC43602 for ; Mon, 29 Jun 2026 10:48:22 +0000 (UTC) Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.34945.1782730092615112411 for ; Mon, 29 Jun 2026 03:48:13 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: message contains an insecure body length tag" header.i=@cisco.com header.s=iport01 header.b=ASt7JIeF; spf=pass (domain: cisco.com, ip: 173.37.86.72, mailfrom: adongare@cisco.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; i=@cisco.com; l=13154; q=dns/txt; s=iport01; t=1782730092; x=1783939692; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=7zQom62drWAWsHbbsI93zUUjCi3iNWfmeFNy0Zq9qhY=; b=ASt7JIeFePv2TvQ58XWJvo/T+o7cLgypgM3VUWKIIATr3+wYZNFLa+HC XE0lfqBgoCRDSA3YAEIamN3NxgbcjscUjnb+/XTT9ggV8ncTjLsAExVSC mivx8+medLVnTzfUgx9e7lI0y8vz/fDkwx/V3+EhyOvPvuj17Mug444KW pIcnUEu94Gb2Fli9Ql8jJWVlncVkdJxxe0rh1WxvH0RGLm4I/11wfW0G9 J3iza8yfu4RHprpsYsKmA+Z+kPgKm0LSahtKwxgX74xJ/7CHR71WMpNYM t0qxVyXpPfzj/CVvJxAP0AP/6cqPO5l4XfSGxh0oyhGKqPEyh7LBdzS1I w==; X-CSE-ConnectionGUID: RCBODbxNRn2XtFPpDP+RuQ== X-CSE-MsgGUID: 7Oc1xJBgS/+JP9VfWhEUaQ== X-IPAS-Result: A0AaAABFTEJq/5H/Ja1aHAEBAQEBAQcBARIBAQQEAQGBfAcBAQsBglZ0X0JJjHOIbGwDnhsUgWoPAQEBD0QNBAEBgXEBIIJ0Ao1LAiY0CQ4BAgQDAgMBAQEBAQEBAQEBAQsBAQUBAQECAQcFgQ4Thk8NhloBAgEDJwsBGAEtEBwDAQIZFisjCBmDAgGCcwIBEQa2D4F5M4EBgygBMQUJAgJAAVDbLAELFAEFgTMBhT6IH1sYAYNdgR8nGxuBcoEVg2mBBYFcAQEBAYEhAyJohXUEgiKBDIFaHoF6J4Fhiw9IgR4DWSwBVRMNCgsHBYFmAzUSKhVuMh2BIz4XgQwbBwWBHYFpgQSEfSMfAzl/gTB1WGYVMDWBAgERHgqBUicDCxgNSBEsNxQbBD5uB4xeFw+CBTEGATEvASECAQkBKQEBBCtWfQI5DB2SdJAngiGBNZ9aCiiDdYwhlToaM4VbpRGZCI4KlWgYUIRogWg8gUcLB3AVgyIJCQ00GQ+OLQsLg2CBf4JRgXDCECQ1AgkyAQEHAgcOAwuBaJAmgVcBAQ IronPort-Data: A9a23:syyuIqyTdssCWkzbkqZ6t+dmxyrEfRIJ4+MujC+fZmUNrF6WrkUCy jMWC2uOPP2NMDT2cogkb4znoU4F7ZXdmNRnHQc/+1hgHilAwSbn6Xt1DatR0we6dJCroJdPt p1GAjX4BJlqCCea/VH1buSJQUBUjcmgXqD7BPPPJhd/TAplTDZJoR94kobVuKYw6TSCK13L4 4+aT/H3Ygf/hWYqaDJMscpvlTs21BjMkGJA1rABTagjUG/2zxE9EJ8ZLKetGHr0KqE8NvK6X evK0Iai9Wrf+Ro3Yvv9+losWhRXKlJ6FVHmZkt+A8BOsDAbzsAB+vpT2M4nVKtio27hc+adZ zl6ncfYpQ8BZsUgkQmGOvVSO3kW0aZuoNcrLZUj2CCe5xWuTpfi/xlhJHsdF6o08PZRO2cUx eA2ECghVlO5mtvjldpXSsE07igiBNPgMIVavjRryivUSK52B5vCWK7No9Rf2V/chOgXQq2YP JVfM2cyKk2cPnWjOX9PYH46tO6kgX/weidVgFmUvqEwpWPUyWSd1ZCwaIOLJoPXH5w9ckCw+ UXNpnTbKB4hc5+98Wu7/E2sq9LGpHauMG4VPPjinhJwu3WU3mEVBRgcWFe3rPX8gUmkVvpbK lcI4WwptaU0+UmhQ9XxUhH+p2SL1iPwQPJKGOE8rQXIwa3O7kPBVi4PTyVKb5ots8peqSEW6 2JlVujBXVRH2IB5g1rHnltIhVte4RQoEFI= IronPort-HdrOrdr: A9a23:IZsahaOJTZHmOMBcThmjsMiBIKoaSvp037Dk7S9MoHtuA6ulfq +V/cjzuSWYtN9VYgBDpTniAtjlfZq/z/5ICOAqVN/INjUO+lHYSb2KhrGN/9SPIUHDH8dmpM FdmtBFeb7NJGk/q9rm6w+lFNtl6tyG/Ke0wdr69R5WPHhXg2UK1XYDNu5deXcGPDV7OQ== X-Talos-CUID: 9a23:Wnsg225vJZ33UCDzENsszmU+PewvYlvnyi3gP2GAEUpRC4eIcArF X-Talos-MUID: 9a23:kzAieAoZ/wgzteRzftQez25FP554wY6hMwdOs61Xhce7NQFNMg7I2Q== X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="6.24,231,1774310400"; d="scan'208";a="501647521" Received: from rcdn-l-core-08.cisco.com ([173.37.255.145]) by rcdn-iport-1.cisco.com with ESMTP/TLS/TLS_AES_256_GCM_SHA384; 29 Jun 2026 10:48:12 +0000 Received: from sjc-ads-3691.cisco.com (sjc-ads-3691.cisco.com [171.68.250.138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "ciscoit-managed-infra-smtp-auth.cisco.com", Issuer "Internal Private TLS SubCA" (verified OK)) by rcdn-l-core-08.cisco.com (Postfix) with ESMTPS id 0E0AF1800058B; Mon, 29 Jun 2026 10:48:12 +0000 (GMT) Received: by sjc-ads-3691.cisco.com (Postfix, from userid 1870532) id 5B185CC124B; Mon, 29 Jun 2026 03:48:11 -0700 (PDT) From: "Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)" To: openembedded-core@lists.openembedded.org Cc: xe-linux-external@cisco.com, Anil Dongare Subject: [OE-core] [scarthgap] [PATCH 7/7] curl: fix CVE-2026-7168 Date: Mon, 29 Jun 2026 03:47:57 -0700 Message-ID: <20260629104801.972184-7-adongare@cisco.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260629104801.972184-1-adongare@cisco.com> References: <20260629104801.972184-1-adongare@cisco.com> MIME-Version: 1.0 X-Auto-Response-Suppress: DR, OOF, AutoReply X-Outbound-Client-TLS: VERIFIED;sjc-ads-3691.cisco.com [171.68.250.138];TLSv1.3;TLS_AES_256_GCM_SHA384;256;ciscoit-managed-infra-smtp-auth.cisco.com X-Outbound-SMTP-Client: 171.68.250.138, sjc-ads-3691.cisco.com X-Outbound-Node: rcdn-l-core-08.cisco.com List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 29 Jun 2026 10:48:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/239751 From: Anil Dongare Backport the upstream fix [1] for proxy Digest state reuse across proxy switches described in [2] and tracked by [3]. [1] https://github.com/curl/curl/commit/c1cfdf59acbaf9504c4578d4cf56cdd7c8594507 [2] https://curl.se/docs/CVE-2026-7168.html [3] https://nvd.nist.gov/vuln/detail/CVE-2026-7168 Signed-off-by: Anil Dongare --- .../curl/curl/CVE-2026-7168.patch | 389 ++++++++++++++++++ meta/recipes-support/curl/curl_8.7.1.bb | 1 + 2 files changed, 390 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2026-7168.patch diff --git a/meta/recipes-support/curl/curl/CVE-2026-7168.patch b/meta/recipes-support/curl/curl/CVE-2026-7168.patch new file mode 100644 index 0000000000..b3fd04a5c8 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2026-7168.patch @@ -0,0 +1,389 @@ +From 955e8ba9821afde4a7ac22caef794dfffe5b4b5f Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Fri, 5 Jun 2026 01:22:37 -0700 +Subject: [PATCH] setopt: clear proxy auth properties when switching + +Verify with test 1588 + +Closes #21453 + +CVE: CVE-2026-7168 +Upstream-Status: Backport [https://github.com/curl/curl/commit/c1cfdf59acbaf9504c4578d4cf56cdd7c8594507] + +Backport Changes: +- curl-8.7.1 does not expose Curl_auth_digest_cleanup() to setopt.c in the + same way as the newer upstream tree. This backport therefore adds the + vauth/vauth.h include and the CURL_DISABLE_DIGEST_AUTH fallback macro in + lib/vauth/vauth.h before reusing the upstream setproxy() cleanup logic. +- curl-8.7.1 uses tests/data/Makefile.inc and tests/libtest/Makefile.inc + instead of the upstream Automake lists. + +(cherry picked from commit c1cfdf59acbaf9504c4578d4cf56cdd7c8594507) +Signed-off-by: Anil Dongare +--- + lib/setopt.c | 17 ++++- + lib/vauth/vauth.h | 2 + + tests/data/Makefile.inc | 1 + + tests/data/test1588 | 105 ++++++++++++++++++++++++++ + tests/libtest/Makefile.inc | 5 +- + tests/libtest/lib1588.c | 147 +++++++++++++++++++++++++++++++++++++ + 6 files changed, 274 insertions(+), 3 deletions(-) + create mode 100644 tests/data/test1588 + create mode 100644 tests/libtest/lib1588.c + +diff --git a/lib/setopt.c b/lib/setopt.c +index 8a5a5d7..3de3047 100644 +--- a/lib/setopt.c ++++ b/lib/setopt.c +@@ -51,6 +51,7 @@ + #include "altsvc.h" + #include "hsts.h" + #include "tftp.h" ++#include "vauth/vauth.h" + #include "strdup.h" + /* The last 3 #include files should be in this order */ + #include "curl_printf.h" +@@ -76,6 +77,19 @@ CURLcode Curl_setstropt(char **charp, const char *s) + return CURLE_OK; + } + ++#ifndef CURL_DISABLE_PROXY ++static CURLcode setproxy(struct Curl_easy *data, const char *proxy) ++{ ++ if((data->set.str[STRING_PROXY] && proxy) && ++ !strcmp(data->set.str[STRING_PROXY], proxy)) ++ return CURLE_OK; ++ ++ Curl_auth_digest_cleanup(&data->state.proxydigest); ++ memset(&data->state.authproxy, 0, sizeof(data->state.authproxy)); ++ return Curl_setstropt(&data->set.str[STRING_PROXY], proxy); ++} ++#endif ++ + CURLcode Curl_setblobopt(struct curl_blob **blobp, + const struct curl_blob *blob) + { +@@ -1139,8 +1153,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) + * Setting it to NULL, means no proxy but allows the environment variables + * to decide for us (if CURLOPT_SOCKS_PROXY setting it to NULL). + */ +- result = Curl_setstropt(&data->set.str[STRING_PROXY], +- va_arg(param, char *)); ++ result = setproxy(data, va_arg(param, char *)); + break; + + case CURLOPT_PRE_PROXY: +diff --git a/lib/vauth/vauth.h b/lib/vauth/vauth.h +index 9da0540..bf5c7a3 100644 +--- a/lib/vauth/vauth.h ++++ b/lib/vauth/vauth.h +@@ -119,6 +119,8 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, + + /* This is used to clean up the digest specific data */ + void Curl_auth_digest_cleanup(struct digestdata *digest); ++#else ++#define Curl_auth_digest_cleanup(x) + #endif /* !CURL_DISABLE_DIGEST_AUTH */ + + #ifdef USE_GSASL +diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc +index 136b961..aff6a01 100644 +--- a/tests/data/Makefile.inc ++++ b/tests/data/Makefile.inc +@@ -200,6 +200,7 @@ test1540 test1541 test1542 test1543 test1544 test1545 \ + test1550 test1551 test1552 test1553 test1554 test1555 test1556 test1557 \ + test1558 test1559 test1560 test1561 test1562 test1563 test1564 test1565 \ + test1566 test1567 test1568 test1569 test1570 \ ++test1588 \ + \ + test1590 test1591 test1592 test1593 test1594 test1595 test1596 test1597 \ + test1598 \ +diff --git a/tests/data/test1588 b/tests/data/test1588 +new file mode 100644 +index 0000000..0199fa8 +--- /dev/null ++++ b/tests/data/test1588 +@@ -0,0 +1,105 @@ ++ ++ ++ ++ ++HTTP ++HTTP GET ++HTTP proxy ++HTTP proxy Digest auth ++multi ++ ++ ++ ++# Server-side ++ ++ ++# this is returned first since we get no proxy-auth ++ ++HTTP/1.1 407 Authorization Required to proxy me my dear ++Proxy-Authenticate: Digest realm="weirdorealm", nonce="12345" ++Content-Length: 33 ++ ++And you should ignore this data. ++ ++ ++# then this is returned when we get proxy-auth ++ ++HTTP/1.1 200 OK ++Content-Length: 21 ++Server: no ++ ++Nice proxy auth sir! ++ ++ ++ ++HTTP/1.1 407 Authorization Required to proxy me my dear ++Proxy-Authenticate: Digest realm="weirdorealm", nonce="12345" ++Content-Length: 33 ++ ++HTTP/1.1 200 OK ++Content-Length: 21 ++Server: no ++ ++Nice proxy auth sir! ++HTTP/1.1 407 Authorization Required to proxy me my dear ++Proxy-Authenticate: Digest realm="weirdorealm", nonce="12345" ++Content-Length: 33 ++ ++HTTP/1.1 200 OK ++Content-Length: 21 ++Server: no ++ ++Nice proxy auth sir! ++ ++ ++ ++# Client-side ++ ++ ++http ++ ++ ++lib%TESTNUMBER ++ ++ ++!SSPI ++crypto ++proxy ++digest ++ ++ ++HTTP proxy auth Digest, then change proxy and do it again ++ ++ ++http://test.remote.example.com/path/%TESTNUMBER %HOSTIP %HTTPPORT silly:person custom.set.host.name ++ ++ ++ ++# Verify data after the test has been "shot" ++ ++ ++GET http://test.remote.example.com/path/1588 HTTP/1.1 ++Host: test.remote.example.com ++Accept: */* ++Proxy-Connection: Keep-Alive ++ ++GET http://test.remote.example.com/path/1588 HTTP/1.1 ++Host: test.remote.example.com ++Proxy-Authorization: Digest username="silly", realm="weirdorealm", nonce="12345", uri="/path/1588", response="d0b2f000c7e3fca24452b5810713404a" ++Accept: */* ++Proxy-Connection: Keep-Alive ++ ++GET http://test.remote.example.com/path/1588 HTTP/1.1 ++Host: test.remote.example.com ++Accept: */* ++Proxy-Connection: Keep-Alive ++ ++GET http://test.remote.example.com/path/1588 HTTP/1.1 ++Host: test.remote.example.com ++Proxy-Authorization: Digest username="silly", realm="weirdorealm", nonce="12345", uri="/path/1588", response="d0b2f000c7e3fca24452b5810713404a" ++Accept: */* ++Proxy-Connection: Keep-Alive ++ ++ ++ ++ +diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc +index 0f140eb..21f3c44 100644 +--- a/tests/libtest/Makefile.inc ++++ b/tests/libtest/Makefile.inc +@@ -62,7 +62,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect libprereq \ + lib1540 lib1541 lib1542 lib1543 lib1545 \ + lib1550 lib1551 lib1552 lib1553 lib1554 lib1555 lib1556 lib1557 \ + lib1558 lib1559 lib1560 lib1564 lib1565 lib1567 lib1568 lib1569 \ +- lib1591 lib1592 lib1593 lib1594 lib1596 lib1597 lib1598 \ ++ lib1588 lib1591 lib1592 lib1593 lib1594 lib1596 lib1597 lib1598 \ + \ + lib1662 \ + \ +@@ -690,6 +690,9 @@ lib2504_LDADD = $(TESTUTIL_LIBS) + lib2506_SOURCES = lib2506.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) + lib2506_LDADD = $(TESTUTIL_LIBS) + ++lib1588_SOURCES = lib1588.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) ++lib1588_LDADD = $(TESTUTIL_LIBS) ++ + lib3010_SOURCES = lib3010.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) + lib3010_LDADD = $(TESTUTIL_LIBS) + +diff --git a/tests/libtest/lib1588.c b/tests/libtest/lib1588.c +new file mode 100644 +index 0000000..46d6a83 +--- /dev/null ++++ b/tests/libtest/lib1588.c +@@ -0,0 +1,147 @@ ++/*************************************************************************** ++ * _ _ ____ _ ++ * Project ___| | | | _ \| | ++ * / __| | | | |_) | | ++ * | (__| |_| | _ <| |___ ++ * \___|\___/|_| \_\_____| ++ * ++ * Copyright (C) Daniel Stenberg, , et al. ++ * ++ * This software is licensed as described in the file COPYING, which ++ * you should have received as part of this distribution. The terms ++ * are also available at https://curl.se/docs/copyright.html. ++ * ++ * You may opt to use, copy, modify, merge, publish, distribute and/or sell ++ * copies of the Software, and permit persons to whom the Software is ++ * furnished to do so, under the terms of the COPYING file. ++ * ++ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY ++ * KIND, either express or implied. ++ * ++ * SPDX-License-Identifier: curl ++ * ++ ***************************************************************************/ ++/* ++ * argv1 = URL ++ * argv2 = proxy host ++ * argv3 = proxy port ++ * argv4 = proxyuser:password ++ */ ++ ++#include "first.h" ++ ++static CURLcode init1588(CURL *curl, const char *url, ++ const char *userpwd, const char *proxy) ++{ ++ CURLcode result = CURLE_OK; ++ ++ res_easy_setopt(curl, CURLOPT_URL, url); ++ if(result) ++ goto init_failed; ++ ++ res_easy_setopt(curl, CURLOPT_PROXY, proxy); ++ if(result) ++ goto init_failed; ++ ++ res_easy_setopt(curl, CURLOPT_PROXYUSERPWD, userpwd); ++ if(result) ++ goto init_failed; ++ ++ res_easy_setopt(curl, CURLOPT_PROXYAUTH, CURLAUTH_DIGEST); ++ if(result) ++ goto init_failed; ++ ++ res_easy_setopt(curl, CURLOPT_VERBOSE, 1L); ++ if(result) ++ goto init_failed; ++#if 0 ++ res_easy_setopt(curl, CURLOPT_HTTPPROXYTUNNEL, 1L); ++ if(result) ++ goto init_failed; ++#endif ++ ++ res_easy_setopt(curl, CURLOPT_HEADER, 1L); ++ if(result) ++ goto init_failed; ++ ++ return CURLE_OK; /* success */ ++ ++init_failed: ++ return result; /* failure */ ++} ++ ++static CURLcode run1588(CURL *curl, const char *url, const char *userpwd, ++ const char *proxy) ++{ ++ CURLcode result = CURLE_OK; ++ ++ result = init1588(curl, url, userpwd, proxy); ++ if(result) ++ return result; ++ ++ return curl_easy_perform(curl); ++} ++ ++static CURLcode test_lib1588(const char *URL) ++{ ++ CURLcode result = CURLE_OK; ++ CURL *curl = NULL; ++ const char *proxyuserpws = libtest_arg4; ++ struct curl_slist *host = NULL; ++ struct curl_slist *host2 = NULL; ++ char proxy1_resolve[128]; ++ char proxy2_resolve[128]; ++ char proxy1_connect[128]; ++ char proxy2_connect[128]; ++ ++ if(test_argc < 3) ++ return TEST_ERR_MAJOR_BAD; ++ ++ curl_msnprintf(proxy1_resolve, sizeof(proxy1_resolve), ++ "firstproxy:%s:%s", libtest_arg3, libtest_arg2); ++ curl_msnprintf(proxy2_resolve, sizeof(proxy2_resolve), ++ "secondproxy:%s:%s", libtest_arg3, libtest_arg2); ++ ++ /* we connect to the fake host name but the right port number */ ++ curl_msnprintf(proxy1_connect, sizeof(proxy1_connect), ++ "firstproxy:%s", libtest_arg3); ++ curl_msnprintf(proxy2_connect, sizeof(proxy2_connect), ++ "secondproxy:%s", libtest_arg3); ++ ++ res_global_init(CURL_GLOBAL_ALL); ++ if(result) ++ return result; ++ ++ curl = curl_easy_init(); ++ if(!curl) { ++ curl_mfprintf(stderr, "curl_easy_init() failed\n"); ++ curl_global_cleanup(); ++ return TEST_ERR_MAJOR_BAD; ++ } ++ ++ host = curl_slist_append(NULL, proxy1_resolve); ++ if(!host) ++ goto test_cleanup; ++ host2 = curl_slist_append(host, proxy2_resolve); ++ if(!host2) ++ goto test_cleanup; ++ host = host2; ++ ++ start_test_timing(); ++ ++ easy_setopt(curl, CURLOPT_RESOLVE, host); ++ ++ result = run1588(curl, URL, proxyuserpws, proxy1_connect); ++ if(result) ++ goto test_cleanup; ++ ++ curl_mfprintf(stderr, "lib1588: now we do the request again\n"); ++ ++ result = run1588(curl, URL, proxyuserpws, proxy2_connect); ++ ++test_cleanup: ++ curl_easy_cleanup(curl); ++ curl_global_cleanup(); ++ curl_slist_free_all(host); ++ return result; ++} +-- +2.43.7 diff --git a/meta/recipes-support/curl/curl_8.7.1.bb b/meta/recipes-support/curl/curl_8.7.1.bb index c338a532f9..c2c2b6bfc6 100644 --- a/meta/recipes-support/curl/curl_8.7.1.bb +++ b/meta/recipes-support/curl/curl_8.7.1.bb @@ -40,6 +40,7 @@ SRC_URI = " \ file://CVE-2026-6253.patch \ file://CVE-2026-6276.patch \ file://CVE-2026-6429.patch \ + file://CVE-2026-7168.patch \ " SRC_URI:append:class-nativesdk = " \