4 files changed, 541 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2014-3707.patch b/meta/recipes-support/curl/curl/CVE-2014-3707.patch
new file mode 100644
index 0000000000..7ff38a65e8
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2014-3707.patch
@@ -0,0 +1,416 @@
+From 3696fc1ba79d9b34660c44150be5e93ecf87dd9e Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 17 Oct 2014 12:59:32 +0200
+Subject: [PATCH] curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of
+ bounds
+When duplicating a handle, the data to post was duplicated using
+strdup() when it could be binary and contain zeroes and it was not even
+zero terminated! This caused read out of bounds crashes/segfaults.
+Since the lib/strdup.c file no longer is easily shared with the curl
+tool with this change, it now uses its own version instead.
+Bug: http://curl.haxx.se/docs/adv_20141105.html
+CVE: CVE-2014-3707
+Reported-By: Symeon Paraschoudis
+---
+ lib/formdata.c    | 52 +++++++++-------------------------------------------
+ lib/strdup.c      | 32 +++++++++++++++++++++++++++-----
+ lib/strdup.h      |  3 ++-
+ lib/url.c         | 22 +++++++++++++++++-----
+ lib/urldata.h     | 11 +++++++++--
+ src/Makefile.inc  |  4 ++--
+ src/tool_setup.h  |  5 ++---
+ src/tool_strdup.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++
+ src/tool_strdup.h | 30 ++++++++++++++++++++++++++++++
+ 9 files changed, 145 insertions(+), 61 deletions(-)
+ create mode 100644 src/tool_strdup.c
+ create mode 100644 src/tool_strdup.h
+Index: curl-7.37.1/lib/formdata.c
+===================================================================
+--- curl-7.37.1.orig/lib/formdata.c
+++ curl-7.37.1/lib/formdata.c
+@@ -36,6 +36,7 @@
+ #include "strequal.h"
+ #include "curl_memory.h"
+ #include "sendf.h"
+#include "strdup.h"
+ 
+ #define _MPRINTF_REPLACE /* use our functions only */
+ #include <curl/mprintf.h>
+@@ -214,46 +215,6 @@ static const char *ContentTypeForFilenam
+ 
+ /***************************************************************************
+  *
+- * memdup()
+- *
+- * Copies the 'source' data to a newly allocated buffer buffer (that is
+- * returned). Uses buffer_length if not null, else uses strlen to determine
+- * the length of the buffer to be copied
+- *
+- * Returns the new pointer or NULL on failure.
+- *
+- ***************************************************************************/
+-static char *memdup(const char *src, size_t buffer_length)
+-{
+-  size_t length;
+-  bool add = FALSE;
+-  char *buffer;
+-
+-  if(buffer_length)
+-    length = buffer_length;
+-  else if(src) {
+-    length = strlen(src);
+-    add = TRUE;
+-  }
+-  else
+-    /* no length and a NULL src pointer! */
+-    return strdup("");
+-
+-  buffer = malloc(length+add);
+-  if(!buffer)
+-    return NULL; /* fail */
+-
+-  memcpy(buffer, src, length);
+-
+-  /* if length unknown do null termination */
+-  if(add)
+-    buffer[length] = '\0';
+-
+-  return buffer;
+-}
+-
+-/***************************************************************************
+- *
+  * FormAdd()
+  *
+  * Stores a formpost parameter and builds the appropriate linked list.
+@@ -682,9 +643,12 @@ CURLFORMcode FormAdd(struct curl_httppos
+            (form == first_form) ) {
+           /* Note that there's small risk that form->name is NULL here if the
+              app passed in a bad combo, so we better check for that first. */
+-          if(form->name)
+          if(form->name) {
+             /* copy name (without strdup; possibly contains null characters) */
+-            form->name = memdup(form->name, form->namelength);
+            form->name = Curl_memdup(form->name, form->namelength?
+                                     form->namelength:
+                                     strlen(form->name)+1);
+          }
+           if(!form->name) {
+             return_value = CURL_FORMADD_MEMORY;
+             break;
+@@ -695,7 +659,7 @@ CURLFORMcode FormAdd(struct curl_httppos
+                             HTTPPOST_PTRCONTENTS | HTTPPOST_PTRBUFFER |
+                             HTTPPOST_CALLBACK)) ) {
+           /* copy value (without strdup; possibly contains null characters) */
+-          form->value = memdup(form->value, form->contentslength);
+          form->value = Curl_memdup(form->value, form->contentslength);
+           if(!form->value) {
+             return_value = CURL_FORMADD_MEMORY;
+             break;
+Index: curl-7.37.1/lib/strdup.c
+===================================================================
+--- curl-7.37.1.orig/lib/strdup.c
+++ curl-7.37.1/lib/strdup.c
+@@ -5,7 +5,7 @@
+  *                            | (__| |_| |  _ <| |___
+  *                             \___|\___/|_| \_\_____|
+  *
+- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+  *
+  * This software is licensed as described in the file COPYING, which
+  * you should have received as part of this distribution. The terms
+@@ -19,12 +19,12 @@
+  * KIND, either express or implied.
+  *
+  ***************************************************************************/
+-/*
+- * This file is 'mem-include-scan' clean. See test 1132.
+- */
+ #include "curl_setup.h"
+-
+ #include "strdup.h"
+#include "curl_memory.h"
+
+/* The last #include file should be: */
+#include "memdebug.h"
+ 
+ #ifndef HAVE_STRDUP
+ char *curlx_strdup(const char *str)
+@@ -50,3 +50,25 @@ char *curlx_strdup(const char *str)
+ 
+ }
+ #endif
+
+/***************************************************************************
+ *
+ * Curl_memdup(source, length)
+ *
+ * Copies the 'source' data to a newly allocated buffer (that is
+ * returned). Copies 'length' bytes.
+ *
+ * Returns the new pointer or NULL on failure.
+ *
+ ***************************************************************************/
+char *Curl_memdup(const char *src, size_t length)
+{
+  char *buffer = malloc(length);
+  if(!buffer)
+    return NULL; /* fail */
+
+  memcpy(buffer, src, length);
+
+  /* if length unknown do null termination */
+  return buffer;
+}
+Index: curl-7.37.1/lib/strdup.h
+===================================================================
+--- curl-7.37.1.orig/lib/strdup.h
+++ curl-7.37.1/lib/strdup.h
+@@ -7,7 +7,7 @@
+  *                            | (__| |_| |  _ <| |___
+  *                             \___|\___/|_| \_\_____|
+  *
+- * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+  *
+  * This software is licensed as described in the file COPYING, which
+  * you should have received as part of this distribution. The terms
+@@ -26,5 +26,6 @@
+ #ifndef HAVE_STRDUP
+ extern char *curlx_strdup(const char *str);
+ #endif
+char *Curl_memdup(const char *src, size_t buffer_length);
+ 
+ #endif /* HEADER_CURL_STRDUP_H */
+Index: curl-7.37.1/lib/url.c
+===================================================================
+--- curl-7.37.1.orig/lib/url.c
+++ curl-7.37.1/lib/url.c
+@@ -125,6 +125,7 @@ int curl_win32_idn_to_ascii(const char *
+ #include "multihandle.h"
+ #include "pipeline.h"
+ #include "dotdot.h"
+#include "strdup.h"
+ 
+ #define _MPRINTF_REPLACE /* use our functions only */
+ #include <curl/mprintf.h>
+@@ -270,8 +271,9 @@ void Curl_freeset(struct SessionHandle *
+ {
+   /* Free all dynamic strings stored in the data->set substructure. */
+   enum dupstring i;
+-  for(i=(enum dupstring)0; i < STRING_LAST; i++)
+  for(i=(enum dupstring)0; i < STRING_LAST; i++) {
+     Curl_safefree(data->set.str[i]);
+  }
+ 
+   if(data->change.referer_alloc) {
+     Curl_safefree(data->change.referer);
+@@ -356,14 +358,24 @@ CURLcode Curl_dupset(struct SessionHandl
+   memset(dst->set.str, 0, STRING_LAST * sizeof(char *));
+ 
+   /* duplicate all strings */
+-  for(i=(enum dupstring)0; i< STRING_LAST; i++) {
+  for(i=(enum dupstring)0; i< STRING_LASTZEROTERMINATED; i++) {
+     r = setstropt(&dst->set.str[i], src->set.str[i]);
+     if(r != CURLE_OK)
+-      break;
+      return r;
+   }
+ 
+-  /* If a failure occurred, freeing has to be performed externally. */
+-  return r;
+  /* duplicate memory areas pointed to */
+  i = STRING_COPYPOSTFIELDS;
+  if(src->set.postfieldsize && src->set.str[i]) {
+    /* postfieldsize is curl_off_t, Curl_memdup() takes a size_t ... */
+    dst->set.str[i] = Curl_memdup(src->set.str[i], src->set.postfieldsize);
+    if(!dst->set.str[i])
+      return CURLE_OUT_OF_MEMORY;
+    /* point to the new copy */
+    dst->set.postfields = dst->set.str[i];
+  }
+
+  return CURLE_OK;
+ }
+ 
+ /*
+Index: curl-7.37.1/lib/urldata.h
+===================================================================
+--- curl-7.37.1.orig/lib/urldata.h
+++ curl-7.37.1/lib/urldata.h
+@@ -1359,7 +1359,6 @@ enum dupstring {
+   STRING_KRB_LEVEL,       /* krb security level */
+   STRING_NETRC_FILE,      /* if not NULL, use this instead of trying to find
+                              $HOME/.netrc */
+-  STRING_COPYPOSTFIELDS,  /* if POST, set the fields' values here */
+   STRING_PROXY,           /* proxy to use */
+   STRING_SET_RANGE,       /* range, if used */
+   STRING_SET_REFERER,     /* custom string for the HTTP referer field */
+@@ -1401,7 +1400,15 @@ enum dupstring {
+ 
+   STRING_BEARER,          /* <bearer>, if used */
+ 
+-  /* -- end of strings -- */
+  /* -- end of zero-terminated strings -- */
+
+  STRING_LASTZEROTERMINATED,
+
+  /* -- below this are pointers to binary data that cannot be strdup'ed.
+     Each such pointer must be added manually to Curl_dupset() --- */
+
+  STRING_COPYPOSTFIELDS,  /* if POST, set the fields' values here */
+
+   STRING_LAST /* not used, just an end-of-list marker */
+ };
+ 
+Index: curl-7.37.1/src/Makefile.inc
+===================================================================
+--- curl-7.37.1.orig/src/Makefile.inc
+++ curl-7.37.1/src/Makefile.inc
+@@ -11,7 +11,6 @@
+ # the official API, but we re-use the code here to avoid duplication.
+ CURLX_CFILES = \
+        ../lib/strtoofft.c \
+-       ../lib/strdup.c \
+        ../lib/rawstr.c \
+        ../lib/nonblock.c \
+        ../lib/warnless.c
+@@ -19,7 +18,6 @@ CURLX_CFILES = \
+ CURLX_HFILES = \
+        ../lib/curl_setup.h \
+        ../lib/strtoofft.h \
+-       ../lib/strdup.h \
+        ../lib/rawstr.h \
+        ../lib/nonblock.h \
+        ../lib/warnless.h
+@@ -55,6 +53,7 @@ CURL_CFILES = \
+        tool_panykey.c \
+        tool_paramhlp.c \
+        tool_parsecfg.c \
+       tool_strdup.c \
+        tool_setopt.c \
+        tool_sleep.c \
+        tool_urlglob.c \
+@@ -99,6 +98,7 @@ CURL_HFILES = \
+        tool_setopt.h \
+        tool_setup.h \
+        tool_sleep.h \
+       tool_strdup.h \
+        tool_urlglob.h \
+        tool_util.h \
+        tool_version.h \
+Index: curl-7.37.1/src/tool_setup.h
+===================================================================
+--- curl-7.37.1.orig/src/tool_setup.h
+++ curl-7.37.1/src/tool_setup.h
+@@ -7,7 +7,7 @@
+  *                            | (__| |_| |  _ <| |___
+  *                             \___|\___/|_| \_\_____|
+  *
+- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+  *
+  * This software is licensed as described in the file COPYING, which
+  * you should have received as part of this distribution. The terms
+@@ -67,8 +67,7 @@
+ #endif
+ 
+ #ifndef HAVE_STRDUP
+-#  include "strdup.h"
+-#  define strdup(ptr) curlx_strdup(ptr)
+#  include "tool_strdup.h"
+ #endif
+ 
+ #endif /* HEADER_CURL_TOOL_SETUP_H */
+Index: curl-7.37.1/src/tool_strdup.c
+===================================================================
+--- /dev/null
+++ curl-7.37.1/src/tool_strdup.c
+@@ -0,0 +1,47 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "strdup.h"
+
+#ifndef HAVE_STRDUP
+char *strdup(const char *str)
+{
+  size_t len;
+  char *newstr;
+
+  if(!str)
+    return (char *)NULL;
+
+  len = strlen(str);
+
+  if(len >= ((size_t)-1) / sizeof(char))
+    return (char *)NULL;
+
+  newstr = malloc((len+1)*sizeof(char));
+  if(!newstr)
+    return (char *)NULL;
+
+  memcpy(newstr,str,(len+1)*sizeof(char));
+
+  return newstr;
+
+}
+#endif
+Index: curl-7.37.1/src/tool_strdup.h
+===================================================================
+--- /dev/null
+++ curl-7.37.1/src/tool_strdup.h
+@@ -0,0 +1,30 @@
+#ifndef HEADER_TOOL_STRDUP_H
+#define HEADER_TOOL_STRDUP_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "tool_setup.h"
+
+#ifndef HAVE_STRDUP
+extern char *strdup(const char *str);
+#endif
+
+#endif /* HEADER_TOOL_STRDUP_H */
diff --git a/meta/recipes-support/curl/curl/CVE-2014-8150.patch b/meta/recipes-support/curl/curl/CVE-2014-8150.patch
new file mode 100644
index 0000000000..9a0828076c
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2014-8150.patch
@@ -0,0 +1,29 @@
+From 4e2ac2afa94f014a2a015c48c678e2367a63ae82 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 25 Dec 2014 23:55:03 +0100
+Subject: [PATCH] url-parsing: reject CRLFs within URLs
+Bug: http://curl.haxx.se/docs/adv_20150108B.html
+Reported-by: Andrey Labunets
+---
+ lib/url.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+Index: curl-7.37.1/lib/url.c
+===================================================================
+--- curl-7.37.1.orig/lib/url.c
+++ curl-7.37.1/lib/url.c
+@@ -3756,6 +3756,13 @@ static CURLcode parseurlandfillconn(stru
+ 
+   *prot_missing = FALSE;
+ 
+  /* We might pass the entire URL into the request so we need to make sure
+   * there are no bad characters in there.*/
+  if(strpbrk(data->change.url, "\r\n")) {
+    failf(data, "Illegal characters found in URL");
+    return CURLE_URL_MALFORMAT;
+  }
+
+   /*************************************************************
+    * Parse the URL.
+    *
diff --git a/meta/recipes-support/curl/curl/CVE-2015-3153.patch b/meta/recipes-support/curl/curl/CVE-2015-3153.patch
new file mode 100644
index 0000000000..089020a842
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2015-3153.patch
@@ -0,0 +1,90 @@
+From 69a2e8d7ec581695a62527cb2252e7350f314ffa Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 23 Apr 2015 15:58:21 +0200
+Subject: [PATCH] CURLOPT_HEADEROPT: default to separate
+Make the HTTP headers separated by default for improved security and
+reduced risk for information leakage.
+Bug: http://curl.haxx.se/docs/adv_20150429.html
+Reported-by: Yehezkel Horowitz, Oren Souroujon
+---
+ docs/libcurl/opts/CURLOPT_HEADEROPT.3 | 12 ++++++------
+ lib/url.c                             |  1 +
+ tests/data/test1527                   |  2 +-
+ tests/data/test287                    |  2 +-
+ tests/libtest/lib1527.c               |  1 +
+ 5 files changed, 10 insertions(+), 8 deletions(-)
+Index: curl-7.37.1/docs/libcurl/opts/CURLOPT_HEADEROPT.3
+===================================================================
+--- curl-7.37.1.orig/docs/libcurl/opts/CURLOPT_HEADEROPT.3
+++ curl-7.37.1/docs/libcurl/opts/CURLOPT_HEADEROPT.3
+@@ -5,7 +5,7 @@
+ .\" *                            | (__| |_| |  _ <| |___
+ .\" *                             \___|\___/|_| \_\_____|
+ .\" *
+-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ .\" *
+ .\" * This software is licensed as described in the file COPYING, which
+ .\" * you should have received as part of this distribution. The terms
+@@ -44,7 +44,7 @@ headers. When doing CONNECT, libcurl wil
+ headers only do the proxy and then \fICURLOPT_HTTPHEADER(3)\fP headers only to
+ the server.
+ .SH DEFAULT
+-CURLHEADER_UNIFIED
+CURLHEADER_SEPARATE (changed in 7.42.1, ased CURLHEADER_UNIFIED before then)
+ .SH PROTOCOLS
+ HTTP
+ .SH EXAMPLE
+Index: curl-7.37.1/tests/data/test1527
+===================================================================
+--- curl-7.37.1.orig/tests/data/test1527
+++ curl-7.37.1/tests/data/test1527
+@@ -45,7 +45,7 @@ http-proxy
+ lib1527
+ </tool>
+  <name>
+-Check same headers are generated without CURLOPT_PROXYHEADER
+Check same headers are generated with CURLOPT_HEADEROPT == CURLHEADER_UNIFIED
+  </name>
+  <command>
+  http://the.old.moo.1527:%HTTPPORT/1527 %HOSTIP:%PROXYPORT
+Index: curl-7.37.1/tests/data/test287
+===================================================================
+--- curl-7.37.1.orig/tests/data/test287
+++ curl-7.37.1/tests/data/test287
+@@ -28,7 +28,7 @@ http
+ HTTP proxy CONNECT with custom User-Agent header
+  </name>
+  <command>
+-http://test.remote.example.com.287:%HTTPPORT/path/287 -H "User-Agent: looser/2007" --proxy http://%HOSTIP:%HTTPPORT --proxytunnel
+http://test.remote.example.com.287:%HTTPPORT/path/287 -H "User-Agent: looser/2015" --proxy http://%HOSTIP:%HTTPPORT --proxytunnel --proxy-header "User-Agent: looser/2007"
+ </command>
+ </client>
+ 
+Index: curl-7.37.1/tests/libtest/lib1527.c
+===================================================================
+--- curl-7.37.1.orig/tests/libtest/lib1527.c
+++ curl-7.37.1/tests/libtest/lib1527.c
+@@ -83,6 +83,7 @@ int test(char *URL)
+   test_setopt(curl, CURLOPT_READFUNCTION, read_callback);
+   test_setopt(curl, CURLOPT_HTTPPROXYTUNNEL, 1L);
+   test_setopt(curl, CURLOPT_INFILESIZE, strlen(data));
+  test_setopt(curl, CURLOPT_HEADEROPT, CURLHEADER_UNIFIED);
+ 
+   res = curl_easy_perform(curl);
+ 
+Index: curl-7.37.1/lib/url.c
+===================================================================
+--- curl-7.37.1.orig/lib/url.c
+++ curl-7.37.1/lib/url.c
+@@ -584,6 +584,7 @@ CURLcode Curl_init_userdefined(struct Us
+   set->ssl_enable_alpn = TRUE;
+ 
+   set->expect_100_timeout = 1000L; /* Wait for a second by default. */
+  set->sep_headers = TRUE; /* separated header lists by default */
+   return res;
+ }
+ 
diff --git a/meta/recipes-support/curl/curl_7.37.1.bb b/meta/recipes-support/curl/curl_7.37.1.bb
index 8b854d7a8c..2f4da9706c 100644
--- a/meta/recipes-support/curl/curl_7.37.1.bb
+++ b/meta/recipes-support/curl/curl_7.37.1.bb
@@ -9,6 +9,12 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
           file://pkgconfig_fix.patch \
           file://CVE-2014-3613.patch \
           file://CVE-2014-3620.patch \
+           file://CVE-2015-3143.patch \
+           file://CVE-2015-3144.patch \
+           file://CVE-2015-3145.patch \
+           file://CVE-2014-3707.patch \
+           file://CVE-2014-8150.patch \
+           file://CVE-2015-3153.patch \
 "
 # curl likes to set -g0 in CFLAGS, so we stop it

diff --git a/meta/recipes-support/curl/curl/CVE-2014-3707.patch b/meta/recipes-support/curl/curl/CVE-2014-3707.patch new file mode 100644 index 0000000000..7ff38a65e8 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2014-3707.patch
@@ -0,0 +1,416 @@
		1	From 3696fc1ba79d9b34660c44150be5e93ecf87dd9e Mon Sep 17 00:00:00 2001
		2	From: Daniel Stenberg <daniel@haxx.se>
		3	Date: Fri, 17 Oct 2014 12:59:32 +0200
		4	Subject: [PATCH] curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of
		5	bounds
		6
		7	When duplicating a handle, the data to post was duplicated using
		8	strdup() when it could be binary and contain zeroes and it was not even
		9	zero terminated! This caused read out of bounds crashes/segfaults.
		10
		11	Since the lib/strdup.c file no longer is easily shared with the curl
		12	tool with this change, it now uses its own version instead.
		13
		14	Bug: http://curl.haxx.se/docs/adv_20141105.html
		15	CVE: CVE-2014-3707
		16	Reported-By: Symeon Paraschoudis
		17	---
		18	lib/formdata.c \| 52 +++++++++-------------------------------------------
		19	lib/strdup.c \| 32 +++++++++++++++++++++++++++-----
		20	lib/strdup.h \| 3 ++-
		21	lib/url.c \| 22 +++++++++++++++++-----
		22	lib/urldata.h \| 11 +++++++++--
		23	src/Makefile.inc \| 4 ++--
		24	src/tool_setup.h \| 5 ++---
		25	src/tool_strdup.c \| 47 +++++++++++++++++++++++++++++++++++++++++++++++
		26	src/tool_strdup.h \| 30 ++++++++++++++++++++++++++++++
		27	9 files changed, 145 insertions(+), 61 deletions(-)
		28	create mode 100644 src/tool_strdup.c
		29	create mode 100644 src/tool_strdup.h
		30
		31	Index: curl-7.37.1/lib/formdata.c
		32	===================================================================
		33	--- curl-7.37.1.orig/lib/formdata.c
		34	+++ curl-7.37.1/lib/formdata.c
		35	@@ -36,6 +36,7 @@
		36	#include "strequal.h"
		37	#include "curl_memory.h"
		38	#include "sendf.h"
		39	+#include "strdup.h"
		40
		41	#define _MPRINTF_REPLACE /* use our functions only */
		42	#include <curl/mprintf.h>
		43	@@ -214,46 +215,6 @@ static const char *ContentTypeForFilenam
		44
		45	/***************************************************************************
		46	*
		47	- * memdup()
		48	- *
		49	- * Copies the 'source' data to a newly allocated buffer buffer (that is
		50	- * returned). Uses buffer_length if not null, else uses strlen to determine
		51	- * the length of the buffer to be copied
		52	- *
		53	- * Returns the new pointer or NULL on failure.
		54	- *
		55	- ***************************************************************************/
		56	-static char memdup(const char src, size_t buffer_length)
		57	-{
		58	- size_t length;
		59	- bool add = FALSE;
		60	- char *buffer;
		61	-
		62	- if(buffer_length)
		63	- length = buffer_length;
		64	- else if(src) {
		65	- length = strlen(src);
		66	- add = TRUE;
		67	- }
		68	- else
		69	- /* no length and a NULL src pointer! */
		70	- return strdup("");
		71	-
		72	- buffer = malloc(length+add);
		73	- if(!buffer)
		74	- return NULL; /* fail */
		75	-
		76	- memcpy(buffer, src, length);
		77	-
		78	- /* if length unknown do null termination */
		79	- if(add)
		80	- buffer[length] = '\0';
		81	-
		82	- return buffer;
		83	-}
		84	-
		85	-/***************************************************************************
		86	- *
		87	* FormAdd()
		88	*
		89	* Stores a formpost parameter and builds the appropriate linked list.
		90	@@ -682,9 +643,12 @@ CURLFORMcode FormAdd(struct curl_httppos
		91	(form == first_form) ) {
		92	/* Note that there's small risk that form->name is NULL here if the
		93	app passed in a bad combo, so we better check for that first. */
		94	- if(form->name)
		95	+ if(form->name) {
		96	/* copy name (without strdup; possibly contains null characters) */
		97	- form->name = memdup(form->name, form->namelength);
		98	+ form->name = Curl_memdup(form->name, form->namelength?
		99	+ form->namelength:
		100	+ strlen(form->name)+1);
		101	+ }
		102	if(!form->name) {
		103	return_value = CURL_FORMADD_MEMORY;
		104	break;
		105	@@ -695,7 +659,7 @@ CURLFORMcode FormAdd(struct curl_httppos
		106	HTTPPOST_PTRCONTENTS \| HTTPPOST_PTRBUFFER \|
		107	HTTPPOST_CALLBACK)) ) {
		108	/* copy value (without strdup; possibly contains null characters) */
		109	- form->value = memdup(form->value, form->contentslength);
		110	+ form->value = Curl_memdup(form->value, form->contentslength);
		111	if(!form->value) {
		112	return_value = CURL_FORMADD_MEMORY;
		113	break;
		114	Index: curl-7.37.1/lib/strdup.c
		115	===================================================================
		116	--- curl-7.37.1.orig/lib/strdup.c
		117	+++ curl-7.37.1/lib/strdup.c
		118	@@ -5,7 +5,7 @@
		119	* \| (__\| \|_\| \| _ <\| \|___
		120	* \___\|\___/\|_\| \_\_____\|
		121	*
		122	- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
		123	+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
		124	*
		125	* This software is licensed as described in the file COPYING, which
		126	* you should have received as part of this distribution. The terms
		127	@@ -19,12 +19,12 @@
		128	* KIND, either express or implied.
		129	*
		130	***************************************************************************/
		131	-/*
		132	- * This file is 'mem-include-scan' clean. See test 1132.
		133	- */
		134	#include "curl_setup.h"
		135	-
		136	#include "strdup.h"
		137	+#include "curl_memory.h"
		138	+
		139	+/* The last #include file should be: */
		140	+#include "memdebug.h"
		141
		142	#ifndef HAVE_STRDUP
		143	char curlx_strdup(const char str)
		144	@@ -50,3 +50,25 @@ char curlx_strdup(const char str)
		145
		146	}
		147	#endif
		148	+
		149	+/***************************************************************************
		150	+ *
		151	+ * Curl_memdup(source, length)
		152	+ *
		153	+ * Copies the 'source' data to a newly allocated buffer (that is
		154	+ * returned). Copies 'length' bytes.
		155	+ *
		156	+ * Returns the new pointer or NULL on failure.
		157	+ *
		158	+ ***************************************************************************/
		159	+char Curl_memdup(const char src, size_t length)
		160	+{
		161	+ char *buffer = malloc(length);
		162	+ if(!buffer)
		163	+ return NULL; /* fail */
		164	+
		165	+ memcpy(buffer, src, length);
		166	+
		167	+ /* if length unknown do null termination */
		168	+ return buffer;
		169	+}
		170	Index: curl-7.37.1/lib/strdup.h
		171	===================================================================
		172	--- curl-7.37.1.orig/lib/strdup.h
		173	+++ curl-7.37.1/lib/strdup.h
		174	@@ -7,7 +7,7 @@
		175	* \| (__\| \|_\| \| _ <\| \|___
		176	* \___\|\___/\|_\| \_\_____\|
		177	*
		178	- * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
		179	+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
		180	*
		181	* This software is licensed as described in the file COPYING, which
		182	* you should have received as part of this distribution. The terms
		183	@@ -26,5 +26,6 @@
		184	#ifndef HAVE_STRDUP
		185	extern char curlx_strdup(const char str);
		186	#endif
		187	+char Curl_memdup(const char src, size_t buffer_length);
		188
		189	#endif /* HEADER_CURL_STRDUP_H */
		190	Index: curl-7.37.1/lib/url.c
		191	===================================================================
		192	--- curl-7.37.1.orig/lib/url.c
		193	+++ curl-7.37.1/lib/url.c
		194	@@ -125,6 +125,7 @@ int curl_win32_idn_to_ascii(const char *
		195	#include "multihandle.h"
		196	#include "pipeline.h"
		197	#include "dotdot.h"
		198	+#include "strdup.h"
		199
		200	#define _MPRINTF_REPLACE /* use our functions only */
		201	#include <curl/mprintf.h>
		202	@@ -270,8 +271,9 @@ void Curl_freeset(struct SessionHandle *
		203	{
		204	/* Free all dynamic strings stored in the data->set substructure. */
		205	enum dupstring i;
		206	- for(i=(enum dupstring)0; i < STRING_LAST; i++)
		207	+ for(i=(enum dupstring)0; i < STRING_LAST; i++) {
		208	Curl_safefree(data->set.str[i]);
		209	+ }
		210
		211	if(data->change.referer_alloc) {
		212	Curl_safefree(data->change.referer);
		213	@@ -356,14 +358,24 @@ CURLcode Curl_dupset(struct SessionHandl
		214	memset(dst->set.str, 0, STRING_LAST * sizeof(char *));
		215
		216	/* duplicate all strings */
		217	- for(i=(enum dupstring)0; i< STRING_LAST; i++) {
		218	+ for(i=(enum dupstring)0; i< STRING_LASTZEROTERMINATED; i++) {
		219	r = setstropt(&dst->set.str[i], src->set.str[i]);
		220	if(r != CURLE_OK)
		221	- break;
		222	+ return r;
		223	}
		224
		225	- /* If a failure occurred, freeing has to be performed externally. */
		226	- return r;
		227	+ /* duplicate memory areas pointed to */
		228	+ i = STRING_COPYPOSTFIELDS;
		229	+ if(src->set.postfieldsize && src->set.str[i]) {
		230	+ /* postfieldsize is curl_off_t, Curl_memdup() takes a size_t ... */
		231	+ dst->set.str[i] = Curl_memdup(src->set.str[i], src->set.postfieldsize);
		232	+ if(!dst->set.str[i])
		233	+ return CURLE_OUT_OF_MEMORY;
		234	+ /* point to the new copy */
		235	+ dst->set.postfields = dst->set.str[i];
		236	+ }
		237	+
		238	+ return CURLE_OK;
		239	}
		240
		241	/*
		242	Index: curl-7.37.1/lib/urldata.h
		243	===================================================================
		244	--- curl-7.37.1.orig/lib/urldata.h
		245	+++ curl-7.37.1/lib/urldata.h
		246	@@ -1359,7 +1359,6 @@ enum dupstring {
		247	STRING_KRB_LEVEL, /* krb security level */
		248	STRING_NETRC_FILE, /* if not NULL, use this instead of trying to find
		249	$HOME/.netrc */
		250	- STRING_COPYPOSTFIELDS, /* if POST, set the fields' values here */
		251	STRING_PROXY, /* proxy to use */
		252	STRING_SET_RANGE, /* range, if used */
		253	STRING_SET_REFERER, /* custom string for the HTTP referer field */
		254	@@ -1401,7 +1400,15 @@ enum dupstring {
		255
		256	STRING_BEARER, /* <bearer>, if used */
		257
		258	- /* -- end of strings -- */
		259	+ /* -- end of zero-terminated strings -- */
		260	+
		261	+ STRING_LASTZEROTERMINATED,
		262	+
		263	+ /* -- below this are pointers to binary data that cannot be strdup'ed.
		264	+ Each such pointer must be added manually to Curl_dupset() --- */
		265	+
		266	+ STRING_COPYPOSTFIELDS, /* if POST, set the fields' values here */
		267	+
		268	STRING_LAST /* not used, just an end-of-list marker */
		269	};
		270
		271	Index: curl-7.37.1/src/Makefile.inc
		272	===================================================================
		273	--- curl-7.37.1.orig/src/Makefile.inc
		274	+++ curl-7.37.1/src/Makefile.inc
		275	@@ -11,7 +11,6 @@
		276	# the official API, but we re-use the code here to avoid duplication.
		277	CURLX_CFILES = \
		278	../lib/strtoofft.c \
		279	- ../lib/strdup.c \
		280	../lib/rawstr.c \
		281	../lib/nonblock.c \
		282	../lib/warnless.c
		283	@@ -19,7 +18,6 @@ CURLX_CFILES = \
		284	CURLX_HFILES = \
		285	../lib/curl_setup.h \
		286	../lib/strtoofft.h \
		287	- ../lib/strdup.h \
		288	../lib/rawstr.h \
		289	../lib/nonblock.h \
		290	../lib/warnless.h
		291	@@ -55,6 +53,7 @@ CURL_CFILES = \
		292	tool_panykey.c \
		293	tool_paramhlp.c \
		294	tool_parsecfg.c \
		295	+ tool_strdup.c \
		296	tool_setopt.c \
		297	tool_sleep.c \
		298	tool_urlglob.c \
		299	@@ -99,6 +98,7 @@ CURL_HFILES = \
		300	tool_setopt.h \
		301	tool_setup.h \
		302	tool_sleep.h \
		303	+ tool_strdup.h \
		304	tool_urlglob.h \
		305	tool_util.h \
		306	tool_version.h \
		307	Index: curl-7.37.1/src/tool_setup.h
		308	===================================================================
		309	--- curl-7.37.1.orig/src/tool_setup.h
		310	+++ curl-7.37.1/src/tool_setup.h
		311	@@ -7,7 +7,7 @@
		312	* \| (__\| \|_\| \| _ <\| \|___
		313	* \___\|\___/\|_\| \_\_____\|
		314	*
		315	- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
		316	+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
		317	*
		318	* This software is licensed as described in the file COPYING, which
		319	* you should have received as part of this distribution. The terms
		320	@@ -67,8 +67,7 @@
		321	#endif
		322
		323	#ifndef HAVE_STRDUP
		324	-# include "strdup.h"
		325	-# define strdup(ptr) curlx_strdup(ptr)
		326	+# include "tool_strdup.h"
		327	#endif
		328
		329	#endif /* HEADER_CURL_TOOL_SETUP_H */
		330	Index: curl-7.37.1/src/tool_strdup.c
		331	===================================================================
		332	--- /dev/null
		333	+++ curl-7.37.1/src/tool_strdup.c
		334	@@ -0,0 +1,47 @@
		335	+/***************************************************************************
		336	+ * _ _ ____ _
		337	+ * Project ___\| \| \| \| _ \\| \|
		338	+ * / __\| \| \| \| \|_) \| \|
		339	+ * \| (__\| \|_\| \| _ <\| \|___
		340	+ * \___\|\___/\|_\| \_\_____\|
		341	+ *
		342	+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
		343	+ *
		344	+ * This software is licensed as described in the file COPYING, which
		345	+ * you should have received as part of this distribution. The terms
		346	+ * are also available at http://curl.haxx.se/docs/copyright.html.
		347	+ *
		348	+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
		349	+ * copies of the Software, and permit persons to whom the Software is
		350	+ * furnished to do so, under the terms of the COPYING file.
		351	+ *
		352	+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
		353	+ * KIND, either express or implied.
		354	+ *
		355	+ ***************************************************************************/
		356	+#include "strdup.h"
		357	+
		358	+#ifndef HAVE_STRDUP
		359	+char strdup(const char str)
		360	+{
		361	+ size_t len;
		362	+ char *newstr;
		363	+
		364	+ if(!str)
		365	+ return (char *)NULL;
		366	+
		367	+ len = strlen(str);
		368	+
		369	+ if(len >= ((size_t)-1) / sizeof(char))
		370	+ return (char *)NULL;
		371	+
		372	+ newstr = malloc((len+1)*sizeof(char));
		373	+ if(!newstr)
		374	+ return (char *)NULL;
		375	+
		376	+ memcpy(newstr,str,(len+1)*sizeof(char));
		377	+
		378	+ return newstr;
		379	+
		380	+}
		381	+#endif
		382	Index: curl-7.37.1/src/tool_strdup.h
		383	===================================================================
		384	--- /dev/null
		385	+++ curl-7.37.1/src/tool_strdup.h
		386	@@ -0,0 +1,30 @@
		387	+#ifndef HEADER_TOOL_STRDUP_H
		388	+#define HEADER_TOOL_STRDUP_H
		389	+/***************************************************************************
		390	+ * _ _ ____ _
		391	+ * Project ___\| \| \| \| _ \\| \|
		392	+ * / __\| \| \| \| \|_) \| \|
		393	+ * \| (__\| \|_\| \| _ <\| \|___
		394	+ * \___\|\___/\|_\| \_\_____\|
		395	+ *
		396	+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
		397	+ *
		398	+ * This software is licensed as described in the file COPYING, which
		399	+ * you should have received as part of this distribution. The terms
		400	+ * are also available at http://curl.haxx.se/docs/copyright.html.
		401	+ *
		402	+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
		403	+ * copies of the Software, and permit persons to whom the Software is
		404	+ * furnished to do so, under the terms of the COPYING file.
		405	+ *
		406	+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
		407	+ * KIND, either express or implied.
		408	+ *
		409	+ ***************************************************************************/
		410	+#include "tool_setup.h"
		411	+
		412	+#ifndef HAVE_STRDUP
		413	+extern char strdup(const char str);
		414	+#endif
		415	+
		416	+#endif /* HEADER_TOOL_STRDUP_H */


diff --git a/meta/recipes-support/curl/curl/CVE-2014-8150.patch b/meta/recipes-support/curl/curl/CVE-2014-8150.patch new file mode 100644 index 0000000000..9a0828076c --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2014-8150.patch
@@ -0,0 +1,29 @@
		1	From 4e2ac2afa94f014a2a015c48c678e2367a63ae82 Mon Sep 17 00:00:00 2001
		2	From: Daniel Stenberg <daniel@haxx.se>
		3	Date: Thu, 25 Dec 2014 23:55:03 +0100
		4	Subject: [PATCH] url-parsing: reject CRLFs within URLs
		5
		6	Bug: http://curl.haxx.se/docs/adv_20150108B.html
		7	Reported-by: Andrey Labunets
		8	---
		9	lib/url.c \| 7 +++++++
		10	1 file changed, 7 insertions(+)
		11
		12	Index: curl-7.37.1/lib/url.c
		13	===================================================================
		14	--- curl-7.37.1.orig/lib/url.c
		15	+++ curl-7.37.1/lib/url.c
		16	@@ -3756,6 +3756,13 @@ static CURLcode parseurlandfillconn(stru
		17
		18	*prot_missing = FALSE;
		19
		20	+ /* We might pass the entire URL into the request so we need to make sure
		21	+ * there are no bad characters in there.*/
		22	+ if(strpbrk(data->change.url, "\r\n")) {
		23	+ failf(data, "Illegal characters found in URL");
		24	+ return CURLE_URL_MALFORMAT;
		25	+ }
		26	+
		27	/*************************************************************
		28	* Parse the URL.
		29	*


diff --git a/meta/recipes-support/curl/curl/CVE-2015-3153.patch b/meta/recipes-support/curl/curl/CVE-2015-3153.patch new file mode 100644 index 0000000000..089020a842 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2015-3153.patch
@@ -0,0 +1,90 @@
		1	From 69a2e8d7ec581695a62527cb2252e7350f314ffa Mon Sep 17 00:00:00 2001
		2	From: Daniel Stenberg <daniel@haxx.se>
		3	Date: Thu, 23 Apr 2015 15:58:21 +0200
		4	Subject: [PATCH] CURLOPT_HEADEROPT: default to separate
		5
		6	Make the HTTP headers separated by default for improved security and
		7	reduced risk for information leakage.
		8
		9	Bug: http://curl.haxx.se/docs/adv_20150429.html
		10	Reported-by: Yehezkel Horowitz, Oren Souroujon
		11	---
		12	docs/libcurl/opts/CURLOPT_HEADEROPT.3 \| 12 ++++++------
		13	lib/url.c \| 1 +
		14	tests/data/test1527 \| 2 +-
		15	tests/data/test287 \| 2 +-
		16	tests/libtest/lib1527.c \| 1 +
		17	5 files changed, 10 insertions(+), 8 deletions(-)
		18
		19	Index: curl-7.37.1/docs/libcurl/opts/CURLOPT_HEADEROPT.3
		20	===================================================================
		21	--- curl-7.37.1.orig/docs/libcurl/opts/CURLOPT_HEADEROPT.3
		22	+++ curl-7.37.1/docs/libcurl/opts/CURLOPT_HEADEROPT.3
		23	@@ -5,7 +5,7 @@
		24	.\" * \| (__\| \|_\| \| _ <\| \|___
		25	.\" * \___\|\___/\|_\| \_\_____\|
		26	.\" *
		27	-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
		28	+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
		29	.\" *
		30	.\" * This software is licensed as described in the file COPYING, which
		31	.\" * you should have received as part of this distribution. The terms
		32	@@ -44,7 +44,7 @@ headers. When doing CONNECT, libcurl wil
		33	headers only do the proxy and then \fICURLOPT_HTTPHEADER(3)\fP headers only to
		34	the server.
		35	.SH DEFAULT
		36	-CURLHEADER_UNIFIED
		37	+CURLHEADER_SEPARATE (changed in 7.42.1, ased CURLHEADER_UNIFIED before then)
		38	.SH PROTOCOLS
		39	HTTP
		40	.SH EXAMPLE
		41	Index: curl-7.37.1/tests/data/test1527
		42	===================================================================
		43	--- curl-7.37.1.orig/tests/data/test1527
		44	+++ curl-7.37.1/tests/data/test1527
		45	@@ -45,7 +45,7 @@ http-proxy
		46	lib1527
		47	</tool>
		48	<name>
		49	-Check same headers are generated without CURLOPT_PROXYHEADER
		50	+Check same headers are generated with CURLOPT_HEADEROPT == CURLHEADER_UNIFIED
		51	</name>
		52	<command>
		53	http://the.old.moo.1527:%HTTPPORT/1527 %HOSTIP:%PROXYPORT
		54	Index: curl-7.37.1/tests/data/test287
		55	===================================================================
		56	--- curl-7.37.1.orig/tests/data/test287
		57	+++ curl-7.37.1/tests/data/test287
		58	@@ -28,7 +28,7 @@ http
		59	HTTP proxy CONNECT with custom User-Agent header
		60	</name>
		61	<command>
		62	-http://test.remote.example.com.287:%HTTPPORT/path/287 -H "User-Agent: looser/2007" --proxy http://%HOSTIP:%HTTPPORT --proxytunnel
		63	+http://test.remote.example.com.287:%HTTPPORT/path/287 -H "User-Agent: looser/2015" --proxy http://%HOSTIP:%HTTPPORT --proxytunnel --proxy-header "User-Agent: looser/2007"
		64	</command>
		65	</client>
		66
		67	Index: curl-7.37.1/tests/libtest/lib1527.c
		68	===================================================================
		69	--- curl-7.37.1.orig/tests/libtest/lib1527.c
		70	+++ curl-7.37.1/tests/libtest/lib1527.c
		71	@@ -83,6 +83,7 @@ int test(char *URL)
		72	test_setopt(curl, CURLOPT_READFUNCTION, read_callback);
		73	test_setopt(curl, CURLOPT_HTTPPROXYTUNNEL, 1L);
		74	test_setopt(curl, CURLOPT_INFILESIZE, strlen(data));
		75	+ test_setopt(curl, CURLOPT_HEADEROPT, CURLHEADER_UNIFIED);
		76
		77	res = curl_easy_perform(curl);
		78
		79	Index: curl-7.37.1/lib/url.c
		80	===================================================================
		81	--- curl-7.37.1.orig/lib/url.c
		82	+++ curl-7.37.1/lib/url.c
		83	@@ -584,6 +584,7 @@ CURLcode Curl_init_userdefined(struct Us
		84	set->ssl_enable_alpn = TRUE;
		85
		86	set->expect_100_timeout = 1000L; /* Wait for a second by default. */
		87	+ set->sep_headers = TRUE; /* separated header lists by default */
		88	return res;
		89	}
		90


diff --git a/meta/recipes-support/curl/curl_7.37.1.bb b/meta/recipes-support/curl/curl_7.37.1.bb index 8b854d7a8c..2f4da9706c 100644 --- a/meta/recipes-support/curl/curl_7.37.1.bb +++ b/meta/recipes-support/curl/curl_7.37.1.bb
@@ -9,6 +9,12 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
9	file://pkgconfig_fix.patch \	9	file://pkgconfig_fix.patch \
10	file://CVE-2014-3613.patch \	10	file://CVE-2014-3613.patch \
11	file://CVE-2014-3620.patch \	11	file://CVE-2014-3620.patch \
		12	file://CVE-2015-3143.patch \
		13	file://CVE-2015-3144.patch \
		14	file://CVE-2015-3145.patch \
		15	file://CVE-2014-3707.patch \
		16	file://CVE-2014-8150.patch \
		17	file://CVE-2015-3153.patch \
12	"	18	"
13		19
14	# curl likes to set -g0 in CFLAGS, so we stop it	20	# curl likes to set -g0 in CFLAGS, so we stop it