diff options
author | Huang Qiyu <huangqy.fnst@cn.fujitsu.com> | 2018-01-24 11:01:36 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-05-03 09:53:47 +0100 |
commit | 32a6e809f811e8b3920326330d8225b3dd895f70 (patch) | |
tree | 7c0b032061973eab7b1266a22e295f40326bfff5 /LICENSE | |
parent | 78c773ce2d7bb1f0a36c0e5e26bdf311acfc3af4 (diff) | |
download | poky-32a6e809f811e8b3920326330d8225b3dd895f70.tar.gz |
curl: 7.54.1 -> 7.57.0
1.Upgrade curl from 7.54.1 to 7.57.0.
2.Delete CVE-2017-1000099.patch, CVE-2017-1000100.patch, CVE-2017-1000101.patch, CVE-2017-1000254.patch, reproducible-mkhelp.patch, since it is integrated upstream.
3.Remove "do_install_append()" from curl_7.57.0.bb, since curl/curlbuild.h has been removed.
this update include CVE fixes for:
CVE-2018-1000007 CWE-522: Insufficiently Protected Credentials
CVE-2018-1000005 CWE-126: Buffer Over-read
CVE-2017-8818 CWE-125: Out-of-bounds Read
CVE-2017-8817 CWE-126: Buffer Over-read
CVE-2017-8816 CWE-131: Incorrect Calculation of Buffer Size
CVE-2017-1000257 CWE-126: Buffer Over-read
Most of the changes are bug fixes.
https://curl.haxx.se/changes.html
(From OE-Core rev: 215d5677004537fc190b5381157ac8b94db6d7e8)
(From OE-Core rev: 7f1029aff8abaadb25730fef50c495dcd6fc1e30)
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Safer to upgrade than to backport CVE-2017-8818. Lots of depends patches]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'LICENSE')
0 files changed, 0 insertions, 0 deletions