poky: sumo refresh eebbc00b25..64a257fa22
Update poky to sumo HEAD.
Armin Kuster (1):
dhcp: allow for excluding the external bind
Awais Belal (1):
bitbake: bitbake: toaster: allow OE_ROOT to be provided through environment
Changqing Li (2):
unzip: fix for CVE-2018-18384
curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
Fabien Lahoudere (1):
archiver: Drop unwanted directories
Ioan-Adrian Ratiu (1):
wic: isoimage-isohybrid: fix UEFI spec breakage
Kosta Zertsekel (1):
meta: Use double colon for chown OWNER:GROUP
Matthias Schiffer (1):
base.bbclass: avoid 'find -ignore_readdir_race -delete'
Mohamad Noor Alim Hussin (1):
oeqa/selftest/recipetool: Fix problems from changing upstream source
Peter Kjellerstedt (4):
common-licenses: Correct the FreeType license text
apr: Trim license info extracted from apr_lib.h
apr-util: Trim license info extracted from apu_version.h
pixman: Trim license info extracted from pixman-matrix.c
Richard Purdie (4):
oeqa/selftest/wic: Use a subdir of builddir, not /var/
oeqa/selftest/wic: Ensure initramfs exists for test_iso_image
selftest/wic: Improve error message for test_fixed_size
crosssdk: Remove usage of host flags for cross-compilation
Ross Burton (3):
unzip: actually apply CVE-2018-18384
curl: actually apply latest CVE patches
gnupg: patch gnupg-native to allow path relocation
Scott Rifenbark (1):
kernel-dev: Updated phrasing for what a "defconfig" file is.
Change-Id: I08f7fbe91f3f7ed6f00b6ea691c33ee1e0d3205b
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/poky/meta/recipes-support/curl/curl/CVE-2018-16842.patch b/poky/meta/recipes-support/curl/curl/CVE-2018-16842.patch
new file mode 100644
index 0000000..82e7557
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2018-16842.patch
@@ -0,0 +1,35 @@
+From 0e4a6058b130f07cfa52fde8a3cb6f2abfe4c700 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 1 Nov 2018 15:30:56 +0800
+Subject: [PATCH] voutf: fix bad arethmetic when outputting warnings to stderr
+
+CVE-2018-16842
+Reported-by: Brian Carpenter
+Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit
+/d530e92f59ae9bb2d47066c3c460b25d2ffeb211]
+
+CVE: CVE-2018-16842
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ src/tool_msgs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tool_msgs.c b/src/tool_msgs.c
+index 9cce806..05bec39 100644
+--- a/src/tool_msgs.c
++++ b/src/tool_msgs.c
+@@ -67,7 +67,7 @@ static void voutf(struct GlobalConfig *config,
+ (void)fwrite(ptr, cut + 1, 1, config->errors);
+ fputs("\n", config->errors);
+ ptr += cut + 1; /* skip the space too */
+- len -= cut;
++ len -= cut + 1;
+ }
+ else {
+ fputs(ptr, config->errors);
+--
+2.7.4
+