From 094a36886f2ac3e8e67220ffc938973879b3762a Mon Sep 17 00:00:00 2001
From: "Maxin B. John" <maxin.john@intel.com>
Date: Mon, 22 Aug 2016 14:15:39 +0300
Subject: curl: security fix for CVE-2016-5419

Affected versions: libcurl 7.1 to and including 7.50.0

(From OE-Core rev: 0b56a2f6174a44495f8a58dc0864c161ffd37b80)

Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-support/curl/curl_7.47.1.bb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'meta/recipes-support/curl/curl_7.47.1.bb')

diff --git a/meta/recipes-support/curl/curl_7.47.1.bb b/meta/recipes-support/curl/curl_7.47.1.bb
index c2173d8a06..945840b1a9 100644
--- a/meta/recipes-support/curl/curl_7.47.1.bb
+++ b/meta/recipes-support/curl/curl_7.47.1.bb
@@ -10,7 +10,9 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2"
 # curl likes to set -g0 in CFLAGS, so we stop it
 # from mucking around with debug options
 #
-SRC_URI += " file://configure_ac.patch"
+SRC_URI += " file://configure_ac.patch \
+             file://CVE-2016-5419.patch \
+           "
 
 SRC_URI[md5sum] = "9ea3123449439bbd960cd25cf98796fb"
 SRC_URI[sha256sum] = "ddc643ab9382e24bbe4747d43df189a0a6ce38fcb33df041b9cb0b3cd47ae98f"
-- 
cgit v1.2.3-54-g00ecf