diff options
author | Adrian Dudau <adrian.dudau@enea.com> | 2017-11-22 12:45:41 +0100 |
---|---|---|
committer | Adrian Dudau <adrian.dudau@enea.com> | 2017-11-24 15:06:10 +0100 |
commit | 897a7bfe82b0ddc5dee59c1d36fe8cf9fd7ce499 (patch) | |
tree | 590557b28e56c8c974344c25fbd03f9f8bdfc8f4 | |
parent | 1b0e3b30bc27a98468c0f3e19e985e5fd992c650 (diff) | |
download | meta-el-common-897a7bfe82b0ddc5dee59c1d36fe8cf9fd7ce499.tar.gz |
curl: Drop CVE patches
These CVEs have been fixed in upstream poky/pyro.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
-rw-r--r-- | recipes-support/curl/curl/CVE-2017-1000100.patch | 59 | ||||
-rw-r--r-- | recipes-support/curl/curl/CVE-2017-1000101.patch | 97 | ||||
-rw-r--r-- | recipes-support/curl/curl_%.bbappend | 2 |
3 files changed, 0 insertions, 158 deletions
diff --git a/recipes-support/curl/curl/CVE-2017-1000100.patch b/recipes-support/curl/curl/CVE-2017-1000100.patch deleted file mode 100644 index 02ae6cc..0000000 --- a/recipes-support/curl/curl/CVE-2017-1000100.patch +++ /dev/null | |||
@@ -1,59 +0,0 @@ | |||
1 | From 358b2b131ad6c095696f20dcfa62b8305263f898 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Tue, 1 Aug 2017 17:16:46 +0200 | ||
4 | Subject: [PATCH] tftp: reject file name lengths that don't fit | ||
5 | |||
6 | ... and thereby avoid telling send() to send off more bytes than the | ||
7 | size of the buffer! | ||
8 | |||
9 | CVE-2017-1000100 | ||
10 | |||
11 | Bug: https://curl.haxx.se/docs/adv_20170809B.html | ||
12 | Reported-by: Even Rouault | ||
13 | |||
14 | Credit to OSS-Fuzz for the discovery | ||
15 | |||
16 | CVE: CVE-2017-1000100 | ||
17 | Upstream-Status: Backport [https://curl.haxx.se/CVE-2017-1000100.patch] | ||
18 | |||
19 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
20 | --- | ||
21 | lib/tftp.c | 7 ++++++- | ||
22 | 1 file changed, 6 insertions(+), 1 deletion(-) | ||
23 | |||
24 | diff --git a/lib/tftp.c b/lib/tftp.c | ||
25 | index 02bd84242..f6f4bce5b 100644 | ||
26 | --- a/lib/tftp.c | ||
27 | +++ b/lib/tftp.c | ||
28 | @@ -3,11 +3,11 @@ | ||
29 | * Project ___| | | | _ \| | | ||
30 | * / __| | | | |_) | | | ||
31 | * | (__| |_| | _ <| |___ | ||
32 | * \___|\___/|_| \_\_____| | ||
33 | * | ||
34 | - * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. | ||
35 | + * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. | ||
36 | * | ||
37 | * This software is licensed as described in the file COPYING, which | ||
38 | * you should have received as part of this distribution. The terms | ||
39 | * are also available at https://curl.haxx.se/docs/copyright.html. | ||
40 | * | ||
41 | @@ -489,10 +489,15 @@ static CURLcode tftp_send_first(tftp_state_data_t *state, tftp_event_t event) | ||
42 | result = Curl_urldecode(data, &state->conn->data->state.path[1], 0, | ||
43 | &filename, NULL, FALSE); | ||
44 | if(result) | ||
45 | return result; | ||
46 | |||
47 | + if(strlen(filename) > (state->blksize - strlen(mode) - 4)) { | ||
48 | + failf(data, "TFTP file name too long\n"); | ||
49 | + return CURLE_TFTP_ILLEGAL; /* too long file name field */ | ||
50 | + } | ||
51 | + | ||
52 | snprintf((char *)state->spacket.data+2, | ||
53 | state->blksize, | ||
54 | "%s%c%s%c", filename, '\0', mode, '\0'); | ||
55 | sbytes = 4 + strlen(filename) + strlen(mode); | ||
56 | |||
57 | -- | ||
58 | 2.13.3 | ||
59 | |||
diff --git a/recipes-support/curl/curl/CVE-2017-1000101.patch b/recipes-support/curl/curl/CVE-2017-1000101.patch deleted file mode 100644 index 2b25cfd..0000000 --- a/recipes-support/curl/curl/CVE-2017-1000101.patch +++ /dev/null | |||
@@ -1,97 +0,0 @@ | |||
1 | From 7bf8af31fc9eaecd845d59ecb6a0dbe9e2028cf7 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Tue, 1 Aug 2017 17:16:07 +0200 | ||
4 | Subject: [PATCH] glob: do not continue parsing after a strtoul() overflow | ||
5 | range | ||
6 | |||
7 | Added test 1289 to verify. | ||
8 | |||
9 | CVE-2017-1000101 | ||
10 | |||
11 | Bug: https://curl.haxx.se/docs/adv_20170809A.html | ||
12 | Reported-by: Brian Carpenter | ||
13 | |||
14 | CVE: CVE-2017-1000101 | ||
15 | Upstream-Status: Backport [https://curl.haxx.se/CVE-2017-1000101.patch] | ||
16 | |||
17 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
18 | --- | ||
19 | src/tool_urlglob.c | 5 ++++- | ||
20 | tests/data/Makefile.inc | 2 +- | ||
21 | tests/data/test1289 | 35 +++++++++++++++++++++++++++++++++++ | ||
22 | 3 files changed, 40 insertions(+), 2 deletions(-) | ||
23 | create mode 100644 tests/data/test1289 | ||
24 | |||
25 | diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c | ||
26 | index d002f27..caf2385 100644 | ||
27 | --- a/src/tool_urlglob.c | ||
28 | +++ b/src/tool_urlglob.c | ||
29 | @@ -269,7 +269,10 @@ static CURLcode glob_range(URLGlob *glob, char **patternp, | ||
30 | } | ||
31 | errno = 0; | ||
32 | max_n = strtoul(pattern, &endp, 10); | ||
33 | - if(errno || (*endp == ':')) { | ||
34 | + if(errno) | ||
35 | + /* overflow */ | ||
36 | + endp = NULL; | ||
37 | + else if(*endp == ':') { | ||
38 | pattern = endp+1; | ||
39 | errno = 0; | ||
40 | step_n = strtoul(pattern, &endp, 10); | ||
41 | diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc | ||
42 | index 8251ab9..6f41eef 100644 | ||
43 | --- a/tests/data/Makefile.inc | ||
44 | +++ b/tests/data/Makefile.inc | ||
45 | @@ -130,7 +130,7 @@ test1236 test1237 test1238 test1239 test1240 test1241 test1242 test1243 \ | ||
46 | test1244 test1245 test1246 test1247 test1248 test1249 test1250 test1251 \ | ||
47 | test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 \ | ||
48 | \ | ||
49 | -test1280 test1281 test1282 test1283 test1284 test1285 test1286 \ | ||
50 | +test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1289 \ | ||
51 | \ | ||
52 | test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 \ | ||
53 | test1308 test1309 test1310 test1311 test1312 test1313 test1314 test1315 \ | ||
54 | diff --git a/tests/data/test1289 b/tests/data/test1289 | ||
55 | new file mode 100644 | ||
56 | index 0000000..d679cc0 | ||
57 | --- /dev/null | ||
58 | +++ b/tests/data/test1289 | ||
59 | @@ -0,0 +1,35 @@ | ||
60 | +<testcase> | ||
61 | +<info> | ||
62 | +<keywords> | ||
63 | +HTTP | ||
64 | +HTTP GET | ||
65 | +globbing | ||
66 | +</keywords> | ||
67 | +</info> | ||
68 | + | ||
69 | +# | ||
70 | +# Server-side | ||
71 | +<reply> | ||
72 | +</reply> | ||
73 | + | ||
74 | +# Client-side | ||
75 | +<client> | ||
76 | +<server> | ||
77 | +http | ||
78 | +</server> | ||
79 | +<name> | ||
80 | +globbing with overflow and bad syntxx | ||
81 | +</name> | ||
82 | +<command> | ||
83 | +http://ur%20[0-60000000000000000000 | ||
84 | +</command> | ||
85 | +</client> | ||
86 | + | ||
87 | +# Verify data after the test has been "shot" | ||
88 | +<verify> | ||
89 | +# curl: (3) [globbing] bad range in column | ||
90 | +<errorcode> | ||
91 | +3 | ||
92 | +</errorcode> | ||
93 | +</verify> | ||
94 | +</testcase> | ||
95 | -- | ||
96 | 1.9.1 | ||
97 | |||
diff --git a/recipes-support/curl/curl_%.bbappend b/recipes-support/curl/curl_%.bbappend index 6ce316a..ca548e8 100644 --- a/recipes-support/curl/curl_%.bbappend +++ b/recipes-support/curl/curl_%.bbappend | |||
@@ -4,6 +4,4 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" | |||
4 | SRC_URI += "file://CVE-2017-7407.patch \ | 4 | SRC_URI += "file://CVE-2017-7407.patch \ |
5 | file://CVE-2017-7468.patch \ | 5 | file://CVE-2017-7468.patch \ |
6 | file://CVE-2017-9502.patch \ | 6 | file://CVE-2017-9502.patch \ |
7 | file://CVE-2017-1000100.patch \ | ||
8 | file://CVE-2017-1000101.patch \ | ||
9 | " | 7 | " |