From a00ca26adb557430b8fd5771820c47e1e2469e11 Mon Sep 17 00:00:00 2001 From: Armin Kuster Date: Mon, 19 Nov 2018 06:41:53 -0800 Subject: curl: update to 7.62.0 Drop all CVE patches now included in update. For details see: https://curl.haxx.se/changes.html (From OE-Core rev: 43a802c2605cd2f6095a7738347338492eafe722) Signed-off-by: Armin Kuster Signed-off-by: Richard Purdie --- .../recipes-support/curl/curl/CVE-2018-16839.patch | 35 ---------------------- 1 file changed, 35 deletions(-) delete mode 100644 meta/recipes-support/curl/curl/CVE-2018-16839.patch (limited to 'meta/recipes-support/curl/curl/CVE-2018-16839.patch') diff --git a/meta/recipes-support/curl/curl/CVE-2018-16839.patch b/meta/recipes-support/curl/curl/CVE-2018-16839.patch deleted file mode 100644 index bf972d2ed7..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2018-16839.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 55b90532f9190dce40a325b3312d014c66dc3ae1 Mon Sep 17 00:00:00 2001 -From: Changqing Li -Date: Thu, 1 Nov 2018 15:27:35 +0800 -Subject: [PATCH] Curl_auth_create_plain_message: fix too-large-input-check - -CVE-2018-16839 -Reported-by: Harry Sintonen -Bug: https://curl.haxx.se/docs/CVE-2018-16839.html - -Upstream-Status: Backport [https://github.com/curl/curl/commit -/f3a24d7916b9173c69a3e0ee790102993833d6c5?diff=unified] - -CVE: CVE-2018-16839 - -Signed-off-by: Changqing Li ---- - lib/vauth/cleartext.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c -index 5d61ce6..1367143 100644 ---- a/lib/vauth/cleartext.c -+++ b/lib/vauth/cleartext.c -@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data, - plen = strlen(passwdp); - - /* Compute binary message length. Check for overflows. */ -- if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2))) -+ if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2))) - return CURLE_OUT_OF_MEMORY; - plainlen = 2 * ulen + plen + 2; - --- -2.7.4 - -- cgit v1.2.3-54-g00ecf