From b6d4cd74cebeded8a49c06c6d7a52c32769f3ed8 Mon Sep 17 00:00:00 2001
From: Martin Borg <martin.borg@enea.com>
Date: Thu, 1 Mar 2018 10:39:47 +0100
Subject: freetype/libarchive/gnutls: Drop CVE patches

The CVEs have been fixed in upstream poky/rocko.

Signed-off-by: Martin Borg <martin.borg@enea.com>
---
 .../libarchive/CVE-2016-10349_CVE-2016-10350.patch | 40 ----------------------
 .../libarchive/libarchive/CVE-2017-5601.patch      | 28 ---------------
 recipes-extended/libarchive/libarchive_%.bbappend  |  6 ----
 3 files changed, 74 deletions(-)
 delete mode 100644 recipes-extended/libarchive/libarchive/CVE-2016-10349_CVE-2016-10350.patch
 delete mode 100644 recipes-extended/libarchive/libarchive/CVE-2017-5601.patch
 delete mode 100644 recipes-extended/libarchive/libarchive_%.bbappend

(limited to 'recipes-extended')

diff --git a/recipes-extended/libarchive/libarchive/CVE-2016-10349_CVE-2016-10350.patch b/recipes-extended/libarchive/libarchive/CVE-2016-10349_CVE-2016-10350.patch
deleted file mode 100644
index f2a922d..0000000
--- a/recipes-extended/libarchive/libarchive/CVE-2016-10349_CVE-2016-10350.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 88eb9e1d73fef46f04677c25b1697b8e25777ed3 Mon Sep 17 00:00:00 2001
-From: Joerg Sonnenberger <joerg@bec.de>
-Date: Thu, 1 Dec 2016 19:56:43 +0100
-Subject: [PATCH] Reread the CAB header skipping the self-extracting binary
- code.
-
-Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15 as found
-by the "OSS-Fuzz" project.
-
-CVE: CVE-2016-10349 CVE-2016-10350
-Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3]
-
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
- libarchive/archive_read_support_format_cab.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/libarchive/archive_read_support_format_cab.c b/libarchive/archive_read_support_format_cab.c
-index fc70684..099f4a8 100644
---- a/libarchive/archive_read_support_format_cab.c
-+++ b/libarchive/archive_read_support_format_cab.c
-@@ -645,12 +645,13 @@ cab_read_header(struct archive_read *a)
- 	cab = (struct cab *)(a->format->data);
- 	if (cab->found_header == 0 &&
- 	    p[0] == 'M' && p[1] == 'Z') {
--		/* This is an executable?  Must be self-extracting... 	*/
-+		/* This is an executable?  Must be self-extracting... */
- 		err = cab_skip_sfx(a);
- 		if (err < ARCHIVE_WARN)
- 			return (err);
- 
--		if ((p = __archive_read_ahead(a, sizeof(*p), NULL)) == NULL)
-+		/* Re-read header after processing the SFX. */
-+		if ((p = __archive_read_ahead(a, 42, NULL)) == NULL)
- 			return (truncated_error(a));
- 	}
- 
--- 
-1.9.1
-
diff --git a/recipes-extended/libarchive/libarchive/CVE-2017-5601.patch b/recipes-extended/libarchive/libarchive/CVE-2017-5601.patch
deleted file mode 100644
index a5298f5..0000000
--- a/recipes-extended/libarchive/libarchive/CVE-2017-5601.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 98dcbbf0bf4854bf987557e55e55fff7abbf3ea9 Mon Sep 17 00:00:00 2001
-From: Martin Matuska <martin@matuska.org>
-Date: Thu, 19 Jan 2017 22:00:18 +0100
-Subject: [PATCH] Fail with negative lha->compsize in lha_read_file_header_1()
- Fixes a heap buffer overflow reported in Secunia SA74169
-
-CVE: CVE-2017-5601
-Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9.patch]
-
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
- libarchive/archive_read_support_format_lha.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c
-index 52a5531b0..d77a7c2e4 100644
---- a/libarchive/archive_read_support_format_lha.c
-+++ b/libarchive/archive_read_support_format_lha.c
-@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha *lha)
- 	/* Get a real compressed file size. */
- 	lha->compsize -= extdsize - 2;
- 
-+	if (lha->compsize < 0)
-+		goto invalid;	/* Invalid compressed file size */
-+
- 	if (sum_calculated != headersum) {
- 		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
- 		    "LHa header sum error");
diff --git a/recipes-extended/libarchive/libarchive_%.bbappend b/recipes-extended/libarchive/libarchive_%.bbappend
deleted file mode 100644
index 6c273a6..0000000
--- a/recipes-extended/libarchive/libarchive_%.bbappend
+++ /dev/null
@@ -1,6 +0,0 @@
-# look for files in the layer first
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
-
-SRC_URI += "file://CVE-2017-5601.patch \
-            file://CVE-2016-10349_CVE-2016-10350.patch \
-           "
-- 
cgit v1.2.3-54-g00ecf