1 files changed, 0 insertions, 43 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2018-16840.patch b/meta/recipes-support/curl/curl/CVE-2018-16840.patch
deleted file mode 100644
index 3d086c4d90..0000000000
--- a/meta/recipes-support/curl/curl/CVE-2018-16840.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 3c2846bec008e03d456e181d9ab55686da83f140 Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Thu, 1 Nov 2018 15:33:35 +0800
-Subject: [PATCH] Curl_close: clear data->multi_easy on free to avoid
- use-after-free
-Regression from b46cfbc (7.59.0)
-CVE-2018-16840
-Reported-by: Brian Carpenter (Geeknik Labs)
-Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
-Upstream-Status: Backport [https://github.com/curl/curl/commit/
-81d135d67155c5295b1033679c606165d4e28f3f]
-CVE: CVE-2018-16840
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
- lib/url.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-diff --git a/lib/url.c b/lib/url.c
-index 27b2c1e..7ef7c20 100644
--- a/lib/url.c
-+++ b/lib/url.c
-@@ -320,10 +320,12 @@ CURLcode Curl_close(struct Curl_easy *data)
-        and detach this handle from there. */
-     curl_multi_remove_handle(data->multi, data);
- 
-  if(data->multi_easy)
-+  if(data->multi_easy) {
-     /* when curl_easy_perform() is used, it creates its own multi handle to
-        use and this is the one */
-     curl_multi_cleanup(data->multi_easy);
-+    data->multi_easy = NULL;
-+  }
- 
-   /* Destroy the timeout list that is held in the easy handle. It is
-      /normally/ done by curl_multi_remove_handle() but this is "just in
-- 
-2.7.4

diff --git a/meta/recipes-support/curl/curl/CVE-2018-16840.patch b/meta/recipes-support/curl/curl/CVE-2018-16840.patch deleted file mode 100644 index 3d086c4d90..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2018-16840.patch +++ /dev/null
@@ -1,43 +0,0 @@
1	From 3c2846bec008e03d456e181d9ab55686da83f140 Mon Sep 17 00:00:00 2001
2	From: Changqing Li <changqing.li@windriver.com>
3	Date: Thu, 1 Nov 2018 15:33:35 +0800
4	Subject: [PATCH] Curl_close: clear data->multi_easy on free to avoid
5	use-after-free
6
7	Regression from b46cfbc (7.59.0)
8	CVE-2018-16840
9	Reported-by: Brian Carpenter (Geeknik Labs)
10
11	Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
12
13	Upstream-Status: Backport [https://github.com/curl/curl/commit/
14	81d135d67155c5295b1033679c606165d4e28f3f]
15
16	CVE: CVE-2018-16840
17
18	Signed-off-by: Changqing Li <changqing.li@windriver.com>
19	---
20	lib/url.c \| 4 +++-
21	1 file changed, 3 insertions(+), 1 deletion(-)
22
23	diff --git a/lib/url.c b/lib/url.c
24	index 27b2c1e..7ef7c20 100644
25	--- a/lib/url.c
26	+++ b/lib/url.c
27	@@ -320,10 +320,12 @@ CURLcode Curl_close(struct Curl_easy *data)
28	and detach this handle from there. */
29	curl_multi_remove_handle(data->multi, data);
30
31	- if(data->multi_easy)
32	+ if(data->multi_easy) {
33	/* when curl_easy_perform() is used, it creates its own multi handle to
34	use and this is the one */
35	curl_multi_cleanup(data->multi_easy);
36	+ data->multi_easy = NULL;
37	+ }
38
39	/* Destroy the timeout list that is held in the easy handle. It is
40	/normally/ done by curl_multi_remove_handle() but this is "just in
41	--
42	2.7.4
43