diff options
author | Maxin B. John <maxin.john@intel.com> | 2016-08-22 11:39:33 +0300 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-09-02 08:48:35 +0100 |
commit | 37eb21b2b1d5977a028a448e52551607fae99bf7 (patch) | |
tree | 9785a66372f80e7a5d51e4133778ff508edb780d /meta/recipes-support | |
parent | 72ea3c272ccddcde88c47d4aaea128384f412c74 (diff) | |
download | poky-37eb21b2b1d5977a028a448e52551607fae99bf7.tar.gz |
curl: security fix for CVE-2016-5421
Affected versions: libcurl 7.32.0 to and including 7.50.0
(From OE-Core rev: f6999fa952c7db980cfc97f6e5a971e4f34cc0a3)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support')
-rw-r--r-- | meta/recipes-support/curl/curl/CVE-2016-5421.patch | 36 | ||||
-rw-r--r-- | meta/recipes-support/curl/curl_7.44.0.bb | 1 |
2 files changed, 37 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2016-5421.patch b/meta/recipes-support/curl/curl/CVE-2016-5421.patch new file mode 100644 index 0000000000..862da757db --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2016-5421.patch | |||
@@ -0,0 +1,36 @@ | |||
1 | From 75dc096e01ef1e21b6c57690d99371dedb2c0b80 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Sun, 31 Jul 2016 01:09:04 +0200 | ||
4 | Subject: [PATCH] curl_multi_cleanup: clear connection pointer for easy handles | ||
5 | MIME-Version: 1.0 | ||
6 | Content-Type: text/plain; charset=UTF-8 | ||
7 | Content-Transfer-Encoding: 8bit | ||
8 | |||
9 | Bug: https://curl.haxx.se/docs/adv_20160803C.html | ||
10 | Reported-by: Marcelo Echeverria and Fernando Muñoz | ||
11 | |||
12 | Upstream-Status: Backport | ||
13 | https://curl.haxx.se/CVE-2016-5421.patch | ||
14 | |||
15 | CVE: CVE-2016-5421 | ||
16 | Signed-off-by: Maxin B. John <maxin.john@intel.com> | ||
17 | --- | ||
18 | lib/multi.c | 2 ++ | ||
19 | 1 file changed, 2 insertions(+) | ||
20 | |||
21 | diff --git a/lib/multi.c b/lib/multi.c | ||
22 | index 9ee3523..8bb9366 100644 | ||
23 | --- a/lib/multi.c | ||
24 | +++ b/lib/multi.c | ||
25 | @@ -2157,6 +2157,8 @@ static void close_all_connections(struct Curl_multi *multi) | ||
26 | conn->data = multi->closure_handle; | ||
27 | |||
28 | sigpipe_ignore(conn->data, &pipe_st); | ||
29 | + conn->data->easy_conn = NULL; /* clear the easy handle's connection | ||
30 | + pointer */ | ||
31 | /* This will remove the connection from the cache */ | ||
32 | (void)Curl_disconnect(conn, FALSE); | ||
33 | sigpipe_restore(&pipe_st); | ||
34 | -- | ||
35 | 2.4.0 | ||
36 | |||
diff --git a/meta/recipes-support/curl/curl_7.44.0.bb b/meta/recipes-support/curl/curl_7.44.0.bb index 917bd2742f..dfb7142df4 100644 --- a/meta/recipes-support/curl/curl_7.44.0.bb +++ b/meta/recipes-support/curl/curl_7.44.0.bb | |||
@@ -13,6 +13,7 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ | |||
13 | # from mucking around with debug options | 13 | # from mucking around with debug options |
14 | # | 14 | # |
15 | SRC_URI += " file://configure_ac.patch \ | 15 | SRC_URI += " file://configure_ac.patch \ |
16 | file://CVE-2016-5421.patch \ | ||
16 | file://CVE-2016-5420.patch \ | 17 | file://CVE-2016-5420.patch \ |
17 | file://CVE-2016-5419.patch \ | 18 | file://CVE-2016-5419.patch \ |
18 | file://CVE-2016-0754.patch \ | 19 | file://CVE-2016-0754.patch \ |