1 files changed, 0 insertions, 50 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2016-7141.patch b/meta/recipes-support/curl/curl/CVE-2016-7141.patch
deleted file mode 100644
index eb03afddf8..0000000000
--- a/meta/recipes-support/curl/curl/CVE-2016-7141.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 7700fcba64bf5806de28f6c1c7da3b4f0b38567d Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Mon, 22 Aug 2016 10:24:35 +0200
-Subject: [PATCH] nss: refuse previously loaded certificate from file
-... when we are not asked to use a certificate from file
-Bug: https://curl.haxx.se/docs/adv_20160907.html
-Reported-by: kdudka@redhat.com
-Upstream-Status: Backport
-https://curl.haxx.se/CVE-2016-5421.patch
-CVE: CVE-2016-7141
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
- lib/vtls/nss.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
-index 20c4277..cfb2263 100644
--- a/lib/vtls/nss.c
-+++ b/lib/vtls/nss.c
-@@ -1002,10 +1002,10 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
-   struct ssl_connect_data *connssl = (struct ssl_connect_data *)arg;
-   struct Curl_easy *data = connssl->data;
-   const char *nickname = connssl->client_nickname;
-+  static const char pem_slotname[] = "PEM Token #1";
-   if(connssl->obj_clicert) {
-     /* use the cert/key provided by PEM reader */
-    static const char pem_slotname[] = "PEM Token #1";
-     SECItem cert_der = { 0, NULL, 0 };
-     void *proto_win = SSL_RevealPinArg(sock);
-     struct CERTCertificateStr *cert;
-@@ -1067,6 +1067,12 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
-   if(NULL == nickname)
-     nickname = "[unknown]";
-+  if(!strncmp(nickname, pem_slotname, sizeof(pem_slotname) - 1U)) {
-+    failf(data, "NSS: refusing previously loaded certificate from file: %s",
-+          nickname);
-+    return SECFailure;
-+  }
-+
-   if(NULL == *pRetKey) {
-     failf(data, "NSS: private key not found for certificate: %s", nickname);
-     return SECFailure;
--
-2.7.4

diff --git a/meta/recipes-support/curl/curl/CVE-2016-7141.patch b/meta/recipes-support/curl/curl/CVE-2016-7141.patch deleted file mode 100644 index eb03afddf8..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2016-7141.patch +++ /dev/null
@@ -1,50 +0,0 @@
1	From 7700fcba64bf5806de28f6c1c7da3b4f0b38567d Mon Sep 17 00:00:00 2001
2	From: Kamil Dudka <kdudka@redhat.com>
3	Date: Mon, 22 Aug 2016 10:24:35 +0200
4	Subject: [PATCH] nss: refuse previously loaded certificate from file
5
6	... when we are not asked to use a certificate from file
7
8	Bug: https://curl.haxx.se/docs/adv_20160907.html
9	Reported-by: kdudka@redhat.com
10
11	Upstream-Status: Backport
12	https://curl.haxx.se/CVE-2016-5421.patch
13
14	CVE: CVE-2016-7141
15	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
16	---
17	lib/vtls/nss.c \| 8 +++++++-
18	1 file changed, 7 insertions(+), 1 deletion(-)
19
20	diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
21	index 20c4277..cfb2263 100644
22	--- a/lib/vtls/nss.c
23	+++ b/lib/vtls/nss.c
24	@@ -1002,10 +1002,10 @@ static SECStatus SelectClientCert(void arg, PRFileDesc sock,
25	struct ssl_connect_data connssl = (struct ssl_connect_data )arg;
26	struct Curl_easy *data = connssl->data;
27	const char *nickname = connssl->client_nickname;
28	+ static const char pem_slotname[] = "PEM Token #1";
29
30	if(connssl->obj_clicert) {
31	/* use the cert/key provided by PEM reader */
32	- static const char pem_slotname[] = "PEM Token #1";
33	SECItem cert_der = { 0, NULL, 0 };
34	void *proto_win = SSL_RevealPinArg(sock);
35	struct CERTCertificateStr *cert;
36	@@ -1067,6 +1067,12 @@ static SECStatus SelectClientCert(void arg, PRFileDesc sock,
37	if(NULL == nickname)
38	nickname = "[unknown]";
39
40	+ if(!strncmp(nickname, pem_slotname, sizeof(pem_slotname) - 1U)) {
41	+ failf(data, "NSS: refusing previously loaded certificate from file: %s",
42	+ nickname);
43	+ return SECFailure;
44	+ }
45	+
46	if(NULL == *pRetKey) {
47	failf(data, "NSS: private key not found for certificate: %s", nickname);
48	return SECFailure;
49	--
50	2.7.4