1 files changed, 0 insertions, 61 deletions
diff --git a/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch b/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch
deleted file mode 100644
index 3ef7f85451..0000000000
--- a/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From a83dae404feac517695c23ff43ce1e116e2bfbe0 Mon Sep 17 00:00:00 2001
-From: Michael Catanzaro <mcatanzaro@gnome.org>
-Date: Wed, 9 Sep 2020 11:12:02 -0500
-Subject: [PATCH] Rewrite url::recvline to be nonrecursive
-This function processes network input. It's semi-trusted, because the
-PAC ought to be trusted. But we still shouldn't allow it to control how
-far we recurse. A malicious PAC can cause us to overflow the stack by
-sending a sufficiently-long line without any '\n' character.
-Also, this function failed to properly handle EINTR, so let's fix that
-too, for good measure.
-Fixes #134
-Upstream-Status: Backport [https://github.com/libproxy/libproxy/commit/836c10b60c65e947ff1e10eb02fbcc676d909ffa]
-CVE: CVE-2020-25219
-Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
---
- libproxy/url.cpp | 28 ++++++++++++++++++----------
- 1 file changed, 18 insertions(+), 10 deletions(-)
-diff --git a/libproxy/url.cpp b/libproxy/url.cpp
-index ee776b2..68d69cd 100644
--- a/libproxy/url.cpp
-+++ b/libproxy/url.cpp
-@@ -388,16 +388,24 @@ string url::to_string() const {
-        return m_orig;
- }
- 
-static inline string recvline(int fd) {
-       // Read a character.
-       // If we don't get a character, return empty string.
-       // If we are at the end of the line, return empty string.
-       char c = '\0';
-       
-       if (recv(fd, &c, 1, 0) != 1 || c == '\n')
-               return "";
-
-       return string(1, c) + recvline(fd);
-+static string recvline(int fd) {
-+       string line;
-+       int ret;
-+
-+       // Reserve arbitrary amount of space to avoid small memory reallocations.
-+       line.reserve(128);
-+
-+       do {
-+               char c;
-+               ret = recv(fd, &c, 1, 0);
-+               if (ret == 1) {
-+                       if (c == '\n')
-+                               return line;
-+                       line += c;
-+               }
-+       } while (ret == 1 || (ret == -1 && errno == EINTR));
-+
-+       return line;
- }
- 
- char* url::get_pac() {

diff --git a/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch b/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch deleted file mode 100644 index 3ef7f85451..0000000000 --- a/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch +++ /dev/null
@@ -1,61 +0,0 @@
1	From a83dae404feac517695c23ff43ce1e116e2bfbe0 Mon Sep 17 00:00:00 2001
2	From: Michael Catanzaro <mcatanzaro@gnome.org>
3	Date: Wed, 9 Sep 2020 11:12:02 -0500
4	Subject: [PATCH] Rewrite url::recvline to be nonrecursive
5
6	This function processes network input. It's semi-trusted, because the
7	PAC ought to be trusted. But we still shouldn't allow it to control how
8	far we recurse. A malicious PAC can cause us to overflow the stack by
9	sending a sufficiently-long line without any '\n' character.
10
11	Also, this function failed to properly handle EINTR, so let's fix that
12	too, for good measure.
13
14	Fixes #134
15
16	Upstream-Status: Backport [https://github.com/libproxy/libproxy/commit/836c10b60c65e947ff1e10eb02fbcc676d909ffa]
17	CVE: CVE-2020-25219
18	Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
19	---
20	libproxy/url.cpp \| 28 ++++++++++++++++++----------
21	1 file changed, 18 insertions(+), 10 deletions(-)
22
23	diff --git a/libproxy/url.cpp b/libproxy/url.cpp
24	index ee776b2..68d69cd 100644
25	--- a/libproxy/url.cpp
26	+++ b/libproxy/url.cpp
27	@@ -388,16 +388,24 @@ string url::to_string() const {
28	return m_orig;
29	}
30
31	-static inline string recvline(int fd) {
32	- // Read a character.
33	- // If we don't get a character, return empty string.
34	- // If we are at the end of the line, return empty string.
35	- char c = '\0';
36	-
37	- if (recv(fd, &c, 1, 0) != 1 \|\| c == '\n')
38	- return "";
39	-
40	- return string(1, c) + recvline(fd);
41	+static string recvline(int fd) {
42	+ string line;
43	+ int ret;
44	+
45	+ // Reserve arbitrary amount of space to avoid small memory reallocations.
46	+ line.reserve(128);
47	+
48	+ do {
49	+ char c;
50	+ ret = recv(fd, &c, 1, 0);
51	+ if (ret == 1) {
52	+ if (c == '\n')
53	+ return line;
54	+ line += c;
55	+ }
56	+ } while (ret == 1 \|\| (ret == -1 && errno == EINTR));
57	+
58	+ return line;
59	}
60
61	char* url::get_pac() {