curl: Upgrade 7.47.1 -> 7.53.1

Security vulnerabilities fixed between 7.47.1 and 7.53.1 versions:
=================================================================
TLS session resumption client cert bypass (again): CVE-2017-XXXX
--write-out out of buffer read: CVE-2017-7407
SSL_VERIFYSTATUS ignored: CVE-2017-2629
uninitialized random: CVE-2016-9594
printf floating point buffer overflow: CVE-2016-9586
Win CE schannel cert wildcard matches too much: CVE-2016-9952
Win CE schannel cert name out of buffer read: CVE-2016-9953
cookie injection for other servers: CVE-2016-8615
case insensitive password comparison: CVE-2016-8616
OOB write via unchecked multiplication: CVE-2016-8617
double-free in curl_maprintf: CVE-2016-8618
double-free in krb5 code: CVE-2016-8619
glob parser write/read out of bounds: CVE-2016-8620
curl_getdate read out of bounds: CVE-2016-8621
URL unescape heap overflow via integer truncation: CVE-2016-8622
Use-after-free via shared cookies: CVE-2016-8623
invalid URL parsing with '#': CVE-2016-8624
IDNA 2003 makes curl use wrong host: CVE-2016-8625
curl escape and unescape integer overflows: CVE-2016-7167
Incorrect reuse of client certificates: CVE-2016-7141
TLS session resumption client cert bypass: CVE-2016-5419
Re-using connections with wrong client cert: CVE-2016-5420
use of connection struct after free: CVE-2016-5421
Windows DLL hijacking: CVE-2016-4802
TLS certificate check bypass with mbedTLS/PolarSSL: CVE-2016-3739

Reference:
https://curl.haxx.se/docs/security.html
https://curl.haxx.se/changes.html

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>

1 files changed, 0 insertions, 50 deletions

diff --git a/meta/recipes-support/curl/curl/CVE-2016-7141.patch b/meta/recipes-support/curl/curl/CVE-2016-7141.patch
deleted file mode 100644
index eb03afddf8..0000000000
--- a/meta/recipes-support/curl/curl/CVE-2016-7141.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 7700fcba64bf5806de28f6c1c7da3b4f0b38567d Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Mon, 22 Aug 2016 10:24:35 +0200
-Subject: [PATCH] nss: refuse previously loaded certificate from file
-
-... when we are not asked to use a certificate from file
-
-Bug: https://curl.haxx.se/docs/adv_20160907.html
-Reported-by: kdudka@redhat.com
-
-Upstream-Status: Backport
-https://curl.haxx.se/CVE-2016-5421.patch
-
-CVE: CVE-2016-7141
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
- lib/vtls/nss.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
-index 20c4277..cfb2263 100644
---- a/lib/vtls/nss.c
-+++ b/lib/vtls/nss.c
-@@ -1002,10 +1002,10 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
-   struct ssl_connect_data *connssl = (struct ssl_connect_data *)arg;
-   struct Curl_easy *data = connssl->data;
-   const char *nickname = connssl->client_nickname;
-+  static const char pem_slotname[] = "PEM Token #1";
-
-   if(connssl->obj_clicert) {
-     /* use the cert/key provided by PEM reader */
--    static const char pem_slotname[] = "PEM Token #1";
-     SECItem cert_der = { 0, NULL, 0 };
-     void *proto_win = SSL_RevealPinArg(sock);
-     struct CERTCertificateStr *cert;
-@@ -1067,6 +1067,12 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
-   if(NULL == nickname)
-     nickname = "[unknown]";
-
-+  if(!strncmp(nickname, pem_slotname, sizeof(pem_slotname) - 1U)) {
-+    failf(data, "NSS: refusing previously loaded certificate from file: %s",
-+          nickname);
-+    return SECFailure;
-+  }
-+
-   if(NULL == *pRetKey) {
-     failf(data, "NSS: private key not found for certificate: %s", nickname);
-     return SECFailure;
---
-2.7.4