drop patch for CVE-2018-14618 now included Notable: INTERNALS: require GnuTLS >= 2.11.3
See: https://curl.haxx.se/changes.html#7_61_0 Signed-off-by: Armin Kuster <akuster...@gmail.com> --- .../recipes-support/curl/curl/CVE-2018-14618.patch | 37 ---------------------- .../curl/{curl_7.61.0.bb => curl_7.61.1.bb} | 5 ++- 2 files changed, 2 insertions(+), 40 deletions(-) delete mode 100644 meta/recipes-support/curl/curl/CVE-2018-14618.patch rename meta/recipes-support/curl/{curl_7.61.0.bb => curl_7.61.1.bb} (94%) diff --git a/meta/recipes-support/curl/curl/CVE-2018-14618.patch b/meta/recipes-support/curl/curl/CVE-2018-14618.patch deleted file mode 100644 index db07b43..0000000 --- a/meta/recipes-support/curl/curl/CVE-2018-14618.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 57d299a499155d4b327e341c6024e293b0418243 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg <dan...@haxx.se> -Date: Mon, 13 Aug 2018 10:35:52 +0200 -Subject: [PATCH] Curl_ntlm_core_mk_nt_hash: return error on too long password - -... since it would cause an integer overflow if longer than (max size_t -/ 2). - -This is CVE-2018-14618 - -Bug: https://curl.haxx.se/docs/CVE-2018-14618.html -Closes #2756 -Reported-by: Zhaoyang Wu - -CVE: CVE-2018-14618 -Upstream-Status: Backport -Signed-off-by: Zhixiong Chi <zhixiong....@windriver.com> ---- - lib/curl_ntlm_core.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c -index e27cab353c..922e85a926 100644 ---- a/lib/curl_ntlm_core.c -+++ b/lib/curl_ntlm_core.c -@@ -557,8 +557,11 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data, - unsigned char *ntbuffer /* 21 bytes */) - { - size_t len = strlen(password); -- unsigned char *pw = len ? malloc(len * 2) : strdup(""); -+ unsigned char *pw; - CURLcode result; -+ if(len > SIZE_T_MAX/2) /* avoid integer overflow */ -+ return CURLE_OUT_OF_MEMORY; -+ pw = len ? malloc(len * 2) : strdup(""); - if(!pw) - return CURLE_OUT_OF_MEMORY; diff --git a/meta/recipes-support/curl/curl_7.61.0.bb b/meta/recipes-support/curl/curl_7.61.1.bb similarity index 94% rename from meta/recipes-support/curl/curl_7.61.0.bb rename to meta/recipes-support/curl/curl_7.61.1.bb index 9b6406b..7a51bfa 100644 --- a/meta/recipes-support/curl/curl_7.61.0.bb +++ b/meta/recipes-support/curl/curl_7.61.1.bb @@ -7,11 +7,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ef889a37a5a874490ac7ce116396f29a" SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://0001-replace-krb5-config-with-pkg-config.patch \ - file://CVE-2018-14618.patch \ " -SRC_URI[md5sum] = "31d0a9f48dc796a7db351898a1e5058a" -SRC_URI[sha256sum] = "5f6f336921cf5b84de56afbd08dfb70adeef2303751ffb3e570c936c6d656c9c" +SRC_URI[md5sum] = "593432e5ff863474d8d880f74b705d6d" +SRC_URI[sha256sum] = "a308377dbc9a16b2e994abd55455e5f9edca4e31666f8f8fcfe7a1a4aea419b9" CVE_PRODUCT = "libcurl" inherit autotools pkgconfig binconfig multilib_header -- 2.7.4 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
