freetype/libarchive/gnutls: Drop CVE patches

The CVEs have been fixed in upstream poky/rocko. Signed-off-by: Martin Borg <martin.borg@enea.com>
author: Martin Borg <martin.borg@enea.com> 2018-03-01 10:39:47 +0100
committer: Martin Borg <martin.borg@enea.com> 2018-03-01 10:42:05 +0100
commit: b6d4cd74cebeded8a49c06c6d7a52c32769f3ed8 (patch)
tree: a956a4fb98f38e062dcfda04e9aef05f1451bf5c
parent: 2c0b43b3032f9a55edd395ae37f45fffce44fa9d (diff)
download: meta-el-common-b6d4cd74cebeded8a49c06c6d7a52c32769f3ed8.tar.gz
7 files changed, 0 insertions, 220 deletions
diff --git a/recipes-extended/libarchive/libarchive/CVE-2016-10349_CVE-2016-10350.patch b/recipes-extended/libarchive/libarchive/CVE-2016-10349_CVE-2016-10350.patch
deleted file mode 100644
index f2a922d..0000000
--- a/recipes-extended/libarchive/libarchive/CVE-2016-10349_CVE-2016-10350.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 88eb9e1d73fef46f04677c25b1697b8e25777ed3 Mon Sep 17 00:00:00 2001
-From: Joerg Sonnenberger <joerg@bec.de>
-Date: Thu, 1 Dec 2016 19:56:43 +0100
-Subject: [PATCH] Reread the CAB header skipping the self-extracting binary
- code.
-Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15 as found
-by the "OSS-Fuzz" project.
-CVE: CVE-2016-10349 CVE-2016-10350
-Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3]
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
- libarchive/archive_read_support_format_cab.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-diff --git a/libarchive/archive_read_support_format_cab.c b/libarchive/archive_read_support_format_cab.c
-index fc70684..099f4a8 100644
--- a/libarchive/archive_read_support_format_cab.c
-+++ b/libarchive/archive_read_support_format_cab.c
-@@ -645,12 +645,13 @@ cab_read_header(struct archive_read *a)
-        cab = (struct cab *)(a->format->data);
-        if (cab->found_header == 0 &&
-            p[0] == 'M' && p[1] == 'Z') {
-               /* This is an executable?  Must be self-extracting...   */
-+               /* This is an executable?  Must be self-extracting... */
-                err = cab_skip_sfx(a);
-                if (err < ARCHIVE_WARN)
-                        return (err);
- 
-               if ((p = __archive_read_ahead(a, sizeof(*p), NULL)) == NULL)
-+               /* Re-read header after processing the SFX. */
-+               if ((p = __archive_read_ahead(a, 42, NULL)) == NULL)
-                        return (truncated_error(a));
-        }
- 
-- 
-1.9.1
diff --git a/recipes-extended/libarchive/libarchive/CVE-2017-5601.patch b/recipes-extended/libarchive/libarchive/CVE-2017-5601.patch
deleted file mode 100644
index a5298f5..0000000
--- a/recipes-extended/libarchive/libarchive/CVE-2017-5601.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 98dcbbf0bf4854bf987557e55e55fff7abbf3ea9 Mon Sep 17 00:00:00 2001
-From: Martin Matuska <martin@matuska.org>
-Date: Thu, 19 Jan 2017 22:00:18 +0100
-Subject: [PATCH] Fail with negative lha->compsize in lha_read_file_header_1()
- Fixes a heap buffer overflow reported in Secunia SA74169
-CVE: CVE-2017-5601
-Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9.patch]
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
- libarchive/archive_read_support_format_lha.c | 3 +++
- 1 file changed, 3 insertions(+)
-diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c
-index 52a5531b0..d77a7c2e4 100644
--- a/libarchive/archive_read_support_format_lha.c
-+++ b/libarchive/archive_read_support_format_lha.c
-@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha *lha)
-        /* Get a real compressed file size. */
-        lha->compsize -= extdsize - 2;
- 
-+       if (lha->compsize < 0)
-+               goto invalid;   /* Invalid compressed file size */
-+
-        if (sum_calculated != headersum) {
-                archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
-                    "LHa header sum error");
diff --git a/recipes-extended/libarchive/libarchive_%.bbappend b/recipes-extended/libarchive/libarchive_%.bbappend
deleted file mode 100644
index 6c273a6..0000000
--- a/recipes-extended/libarchive/libarchive_%.bbappend
+++ /dev/null
@@ -1,6 +0,0 @@
-# look for files in the layer first
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
-SRC_URI += "file://CVE-2017-5601.patch \
-            file://CVE-2016-10349_CVE-2016-10350.patch \
-           "
diff --git a/recipes-graphics/freetype/freetype/CVE-2017-8105.patch b/recipes-graphics/freetype/freetype/CVE-2017-8105.patch
deleted file mode 100644
index 00c1d9d..0000000
--- a/recipes-graphics/freetype/freetype/CVE-2017-8105.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From 239ef121fed25aa478b740bf52dce4db1a00ba59 Mon Sep 17 00:00:00 2001
-From: Sona Sarmadi <sona.sarmadi@enea.com>
-Date: Mon, 28 Aug 2017 14:12:29 +0200
-Subject: [PATCH] freetype: fix for CVE-2017-8105
-[psaux] Better protect `flex' handling.
-Reported as
-  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
-* src/psaux/t1decode.c (t1_decoder_parse_charstrings)
-<callothersubr>: Since there is not a single flex operator but a
-series of subroutine calls, malformed fonts can call arbitrary other
-operators after the start of a flex, possibly adding points.  For
-this reason we have to check the available number of points before
-inserting a point.
-CVE: CVE-2017-8105
-Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791]
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
- ChangeLog            | 15 +++++++++++++++
- src/psaux/t1decode.c |  9 +++++++++
- 2 files changed, 24 insertions(+)
-diff --git a/ChangeLog b/ChangeLog
-index 23f5748..2f89909 100644
--- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,3 +1,18 @@
-+2017-03-23  Werner Lemberg  <wl@gnu.org>
-+
-+       [psaux] Better protect `flex' handling.
-+
-+       Reported as
-+
-+       https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
-+
-+       * src/psaux/t1decode.c (t1_decoder_parse_charstrings)
-+       <callothersubr>: Since there is not a single flex operator but a
-+       series of subroutine calls, malformed fonts can call arbitrary other
-+       operators after the start of a flex, possibly adding points.  For
-+       this reason we have to check the available number of points before
-+       inserting a point.
-+
- 2016-09-08  Werner Lemberg  <wl@gnu.org>
- 
-        * Version 2.7.1 released.
-diff --git a/src/psaux/t1decode.c b/src/psaux/t1decode.c
-index 1cd9d73..bc5e3d2 100644
--- a/src/psaux/t1decode.c
-+++ b/src/psaux/t1decode.c
-@@ -780,10 +780,19 @@
-             /* point without adding any point to the outline    */
-             idx = decoder->num_flex_vectors++;
-             if ( idx > 0 && idx < 7 )
-+            {
-+              /* in malformed fonts it is possible to have other */
-+              /* opcodes in the middle of a flex (which don't    */
-+              /* increase `num_flex_vectors'); we thus have to   */
-+              /* check whether we can add a point                */
-+              if ( FT_SET_ERROR( t1_builder_check_points( builder, 1 ) ) )
-+                goto Syntax_Error;
-+
-               t1_builder_add_point( builder,
-                                     x,
-                                     y,
-                                     (FT_Byte)( idx == 3 || idx == 6 ) );
-+            }
-           }
-           break;
- 
-- 
-1.9.1
diff --git a/recipes-graphics/freetype/freetype_%.bbappend b/recipes-graphics/freetype/freetype_%.bbappend
deleted file mode 100644
index cd1be4b..0000000
--- a/recipes-graphics/freetype/freetype_%.bbappend
+++ /dev/null
@@ -1,5 +0,0 @@
-# look for files in the layer first
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
-SRC_URI += "file://CVE-2017-8105.patch \
-           "
diff --git a/recipes-support/gnutls/gnutls/CVE-2017-7868.patch b/recipes-support/gnutls/gnutls/CVE-2017-7868.patch
deleted file mode 100644
index dca7861..0000000
--- a/recipes-support/gnutls/gnutls/CVE-2017-7868.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From 51464af713d71802e3c6d5ac15f1a95132a354fe Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@redhat.com>
-Date: Mon, 20 Feb 2017 11:13:08 +0100
-Subject: [PATCH] cdk_pkt_read: enforce packet limits
-That ensures that there are no overflows in the subsequent
-calculations.
-Resolves the oss-fuzz found bug:
-https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
-Relates: #159
-CVE: CVE-2017-7869
-Upstream-Status: Backport
-Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
- lib/opencdk/read-packet.c |  9 +++++++++
- 1 file changed, 9 insertions(+)
-diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
-index 8055a63..ead6480 100644
--- a/lib/opencdk/read-packet.c
-+++ b/lib/opencdk/read-packet.c
-@@ -950,6 +950,7 @@ static cdk_error_t skip_packet(cdk_stream_t inp, size_t pktlen)
-        return 0;
- }
- 
-+#define MAX_PACKET_LEN (1<<24)
- 
- /**
-  * cdk_pkt_read:
-@@ -1002,6 +1003,13 @@ cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt)
-        else
-                read_old_length(inp, ctb, &pktlen, &pktsize);
- 
-+       /* enforce limits to ensure that the following calculations
-+        * do not overflow */
-+       if (pktlen >= MAX_PACKET_LEN || pktsize >= MAX_PACKET_LEN) {
-+               _cdk_log_info("cdk_pkt_read: too long packet\n");
-+               return gnutls_assert_val(CDK_Inv_Packet);
-+       }
-+
-        pkt->pkttype = pkttype;
-        pkt->pktlen = pktlen;
-        pkt->pktsize = pktsize + pktlen;
-@@ -1026,6 +1034,7 @@ cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt)
-                break;
- 
-        case CDK_PKT_USER_ID:
-+
-                pkt->pkt.user_id = cdk_calloc(1, sizeof *pkt->pkt.user_id
-                                              + pkt->pktlen + 1);
-                if (!pkt->pkt.user_id)
--
-libgit2 0.26.0
diff --git a/recipes-support/gnutls/gnutls_%.bbappend b/recipes-support/gnutls/gnutls_%.bbappend
deleted file mode 100644
index d2d927c..0000000
--- a/recipes-support/gnutls/gnutls_%.bbappend
+++ /dev/null
@@ -1,5 +0,0 @@
-# look for files in the layer first
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
-SRC_URI += "file://CVE-2017-7868.patch \
-           "
author	Martin Borg <martin.borg@enea.com>	2018-03-01 10:39:47 +0100
committer	Martin Borg <martin.borg@enea.com>	2018-03-01 10:42:05 +0100
commit	b6d4cd74cebeded8a49c06c6d7a52c32769f3ed8 (patch)
tree	a956a4fb98f38e062dcfda04e9aef05f1451bf5c
parent	2c0b43b3032f9a55edd395ae37f45fffce44fa9d (diff)
download	meta-el-common-b6d4cd74cebeded8a49c06c6d7a52c32769f3ed8.tar.gz

diff --git a/recipes-extended/libarchive/libarchive/CVE-2016-10349_CVE-2016-10350.patch b/recipes-extended/libarchive/libarchive/CVE-2016-10349_CVE-2016-10350.patch deleted file mode 100644 index f2a922d..0000000 --- a/recipes-extended/libarchive/libarchive/CVE-2016-10349_CVE-2016-10350.patch +++ /dev/null
@@ -1,40 +0,0 @@
1	From 88eb9e1d73fef46f04677c25b1697b8e25777ed3 Mon Sep 17 00:00:00 2001
2	From: Joerg Sonnenberger <joerg@bec.de>
3	Date: Thu, 1 Dec 2016 19:56:43 +0100
4	Subject: [PATCH] Reread the CAB header skipping the self-extracting binary
5	code.
6
7	Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15 as found
8	by the "OSS-Fuzz" project.
9
10	CVE: CVE-2016-10349 CVE-2016-10350
11	Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3]
12
13	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
14	---
15	libarchive/archive_read_support_format_cab.c \| 5 +++--
16	1 file changed, 3 insertions(+), 2 deletions(-)
17
18	diff --git a/libarchive/archive_read_support_format_cab.c b/libarchive/archive_read_support_format_cab.c
19	index fc70684..099f4a8 100644
20	--- a/libarchive/archive_read_support_format_cab.c
21	+++ b/libarchive/archive_read_support_format_cab.c
22	@@ -645,12 +645,13 @@ cab_read_header(struct archive_read *a)
23	cab = (struct cab *)(a->format->data);
24	if (cab->found_header == 0 &&
25	p[0] == 'M' && p[1] == 'Z') {
26	- /* This is an executable? Must be self-extracting... */
27	+ /* This is an executable? Must be self-extracting... */
28	err = cab_skip_sfx(a);
29	if (err < ARCHIVE_WARN)
30	return (err);
31
32	- if ((p = __archive_read_ahead(a, sizeof(*p), NULL)) == NULL)
33	+ /* Re-read header after processing the SFX. */
34	+ if ((p = __archive_read_ahead(a, 42, NULL)) == NULL)
35	return (truncated_error(a));
36	}
37
38	--
39	1.9.1
40


diff --git a/recipes-extended/libarchive/libarchive/CVE-2017-5601.patch b/recipes-extended/libarchive/libarchive/CVE-2017-5601.patch deleted file mode 100644 index a5298f5..0000000 --- a/recipes-extended/libarchive/libarchive/CVE-2017-5601.patch +++ /dev/null
@@ -1,28 +0,0 @@
1	From 98dcbbf0bf4854bf987557e55e55fff7abbf3ea9 Mon Sep 17 00:00:00 2001
2	From: Martin Matuska <martin@matuska.org>
3	Date: Thu, 19 Jan 2017 22:00:18 +0100
4	Subject: [PATCH] Fail with negative lha->compsize in lha_read_file_header_1()
5	Fixes a heap buffer overflow reported in Secunia SA74169
6
7	CVE: CVE-2017-5601
8	Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9.patch]
9
10	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
11	---
12	libarchive/archive_read_support_format_lha.c \| 3 +++
13	1 file changed, 3 insertions(+)
14
15	diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c
16	index 52a5531b0..d77a7c2e4 100644
17	--- a/libarchive/archive_read_support_format_lha.c
18	+++ b/libarchive/archive_read_support_format_lha.c
19	@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read a, struct lha lha)
20	/* Get a real compressed file size. */
21	lha->compsize -= extdsize - 2;
22
23	+ if (lha->compsize < 0)
24	+ goto invalid; /* Invalid compressed file size */
25	+
26	if (sum_calculated != headersum) {
27	archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
28	"LHa header sum error");


diff --git a/recipes-extended/libarchive/libarchive_%.bbappend b/recipes-extended/libarchive/libarchive_%.bbappend deleted file mode 100644 index 6c273a6..0000000 --- a/recipes-extended/libarchive/libarchive_%.bbappend +++ /dev/null
@@ -1,6 +0,0 @@
1	# look for files in the layer first
2	FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
3
4	SRC_URI += "file://CVE-2017-5601.patch \
5	file://CVE-2016-10349_CVE-2016-10350.patch \
6	"


diff --git a/recipes-graphics/freetype/freetype/CVE-2017-8105.patch b/recipes-graphics/freetype/freetype/CVE-2017-8105.patch deleted file mode 100644 index 00c1d9d..0000000 --- a/recipes-graphics/freetype/freetype/CVE-2017-8105.patch +++ /dev/null
@@ -1,77 +0,0 @@
1	From 239ef121fed25aa478b740bf52dce4db1a00ba59 Mon Sep 17 00:00:00 2001
2	From: Sona Sarmadi <sona.sarmadi@enea.com>
3	Date: Mon, 28 Aug 2017 14:12:29 +0200
4	Subject: [PATCH] freetype: fix for CVE-2017-8105
5
6	[psaux] Better protect `flex' handling.
7
8	Reported as
9
10	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
11
12	* src/psaux/t1decode.c (t1_decoder_parse_charstrings)
13	<callothersubr>: Since there is not a single flex operator but a
14	series of subroutine calls, malformed fonts can call arbitrary other
15	operators after the start of a flex, possibly adding points. For
16	this reason we have to check the available number of points before
17	inserting a point.
18
19	CVE: CVE-2017-8105
20	Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791]
21
22	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
23	---
24	ChangeLog \| 15 +++++++++++++++
25	src/psaux/t1decode.c \| 9 +++++++++
26	2 files changed, 24 insertions(+)
27
28	diff --git a/ChangeLog b/ChangeLog
29	index 23f5748..2f89909 100644
30	--- a/ChangeLog
31	+++ b/ChangeLog
32	@@ -1,3 +1,18 @@
33	+2017-03-23 Werner Lemberg <wl@gnu.org>
34	+
35	+ [psaux] Better protect `flex' handling.
36	+
37	+ Reported as
38	+
39	+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
40	+
41	+ * src/psaux/t1decode.c (t1_decoder_parse_charstrings)
42	+ <callothersubr>: Since there is not a single flex operator but a
43	+ series of subroutine calls, malformed fonts can call arbitrary other
44	+ operators after the start of a flex, possibly adding points. For
45	+ this reason we have to check the available number of points before
46	+ inserting a point.
47	+
48	2016-09-08 Werner Lemberg <wl@gnu.org>
49
50	* Version 2.7.1 released.
51	diff --git a/src/psaux/t1decode.c b/src/psaux/t1decode.c
52	index 1cd9d73..bc5e3d2 100644
53	--- a/src/psaux/t1decode.c
54	+++ b/src/psaux/t1decode.c
55	@@ -780,10 +780,19 @@
56	/* point without adding any point to the outline */
57	idx = decoder->num_flex_vectors++;
58	if ( idx > 0 && idx < 7 )
59	+ {
60	+ /* in malformed fonts it is possible to have other */
61	+ /* opcodes in the middle of a flex (which don't */
62	+ /* increase `num_flex_vectors'); we thus have to */
63	+ /* check whether we can add a point */
64	+ if ( FT_SET_ERROR( t1_builder_check_points( builder, 1 ) ) )
65	+ goto Syntax_Error;
66	+
67	t1_builder_add_point( builder,
68	x,
69	y,
70	(FT_Byte)( idx == 3 \|\| idx == 6 ) );
71	+ }
72	}
73	break;
74
75	--
76	1.9.1
77


diff --git a/recipes-graphics/freetype/freetype_%.bbappend b/recipes-graphics/freetype/freetype_%.bbappend deleted file mode 100644 index cd1be4b..0000000 --- a/recipes-graphics/freetype/freetype_%.bbappend +++ /dev/null
@@ -1,5 +0,0 @@
1	# look for files in the layer first
2	FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
3
4	SRC_URI += "file://CVE-2017-8105.patch \
5	"


diff --git a/recipes-support/gnutls/gnutls/CVE-2017-7868.patch b/recipes-support/gnutls/gnutls/CVE-2017-7868.patch deleted file mode 100644 index dca7861..0000000 --- a/recipes-support/gnutls/gnutls/CVE-2017-7868.patch +++ /dev/null
@@ -1,59 +0,0 @@
1	From 51464af713d71802e3c6d5ac15f1a95132a354fe Mon Sep 17 00:00:00 2001
2	From: Nikos Mavrogiannopoulos <nmav@redhat.com>
3	Date: Mon, 20 Feb 2017 11:13:08 +0100
4	Subject: [PATCH] cdk_pkt_read: enforce packet limits
5
6	That ensures that there are no overflows in the subsequent
7	calculations.
8
9	Resolves the oss-fuzz found bug:
10	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
11
12	Relates: #159
13
14	CVE: CVE-2017-7869
15	Upstream-Status: Backport
16
17	Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
18	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
19	---
20	lib/opencdk/read-packet.c \| 9 +++++++++
21	1 file changed, 9 insertions(+)
22
23	diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
24	index 8055a63..ead6480 100644
25	--- a/lib/opencdk/read-packet.c
26	+++ b/lib/opencdk/read-packet.c
27	@@ -950,6 +950,7 @@ static cdk_error_t skip_packet(cdk_stream_t inp, size_t pktlen)
28	return 0;
29	}
30
31	+#define MAX_PACKET_LEN (1<<24)
32
33	/**
34	* cdk_pkt_read:
35	@@ -1002,6 +1003,13 @@ cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt)
36	else
37	read_old_length(inp, ctb, &pktlen, &pktsize);
38
39	+ /* enforce limits to ensure that the following calculations
40	+ * do not overflow */
41	+ if (pktlen >= MAX_PACKET_LEN \|\| pktsize >= MAX_PACKET_LEN) {
42	+ _cdk_log_info("cdk_pkt_read: too long packet\n");
43	+ return gnutls_assert_val(CDK_Inv_Packet);
44	+ }
45	+
46	pkt->pkttype = pkttype;
47	pkt->pktlen = pktlen;
48	pkt->pktsize = pktsize + pktlen;
49	@@ -1026,6 +1034,7 @@ cdk_error_t cdk_pkt_read(cdk_stream_t inp, cdk_packet_t pkt)
50	break;
51
52	case CDK_PKT_USER_ID:
53	+
54	pkt->pkt.user_id = cdk_calloc(1, sizeof *pkt->pkt.user_id
55	+ pkt->pktlen + 1);
56	if (!pkt->pkt.user_id)
57	--
58	libgit2 0.26.0
59


diff --git a/recipes-support/gnutls/gnutls_%.bbappend b/recipes-support/gnutls/gnutls_%.bbappend deleted file mode 100644 index d2d927c..0000000 --- a/recipes-support/gnutls/gnutls_%.bbappend +++ /dev/null
@@ -1,5 +0,0 @@
1	# look for files in the layer first
2	FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
3
4	SRC_URI += "file://CVE-2017-7868.patch \
5	"