Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / c4ea075d918124f556619e8e75b7ca38b3f2dac8^! / . / poky / meta / recipes-support / curl / curl / CVE-2018-16842.patch
commitc4ea075d918124f556619e8e75b7ca38b3f2dac8[log] [tgz]
authorBrad Bishop <bradleyb@fuzziesquirrel.com>Thu Nov 15 14:30:15 2018 -0800
committerBrad Bishop <bradleyb@fuzziesquirrel.com>Mon Nov 26 07:46:19 2018 -0500
tree9e2cffe8b1767635307bb0bfef5cbcc432fa4214
parenta7999f57d119bdb9377220db06b8c047fc39d49e [diff] [blame]
poky: sumo refresh eebbc00b25..64a257fa22

Update poky to sumo HEAD.

Armin Kuster (1):
      dhcp: allow for excluding the external bind

Awais Belal (1):
      bitbake: bitbake: toaster: allow OE_ROOT to be provided through environment

Changqing Li (2):
      unzip: fix for CVE-2018-18384
      curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842

Fabien Lahoudere (1):
      archiver: Drop unwanted directories

Ioan-Adrian Ratiu (1):
      wic: isoimage-isohybrid: fix UEFI spec breakage

Kosta Zertsekel (1):
      meta: Use double colon for chown OWNER:GROUP

Matthias Schiffer (1):
      base.bbclass: avoid 'find -ignore_readdir_race -delete'

Mohamad Noor Alim Hussin (1):
      oeqa/selftest/recipetool: Fix problems from changing upstream source

Peter Kjellerstedt (4):
      common-licenses: Correct the FreeType license text
      apr: Trim license info extracted from apr_lib.h
      apr-util: Trim license info extracted from apu_version.h
      pixman: Trim license info extracted from pixman-matrix.c

Richard Purdie (4):
      oeqa/selftest/wic: Use a subdir of builddir, not /var/
      oeqa/selftest/wic: Ensure initramfs exists for test_iso_image
      selftest/wic: Improve error message for test_fixed_size
      crosssdk: Remove usage of host flags for cross-compilation

Ross Burton (3):
      unzip: actually apply CVE-2018-18384
      curl: actually apply latest CVE patches
      gnupg: patch gnupg-native to allow path relocation

Scott Rifenbark (1):
      kernel-dev: Updated phrasing for what a "defconfig" file is.

Change-Id: I08f7fbe91f3f7ed6f00b6ea691c33ee1e0d3205b
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>

diff --git a/poky/meta/recipes-support/curl/curl/CVE-2018-16842.patch b/poky/meta/recipes-support/curl/curl/CVE-2018-16842.patch
new file mode 100644
index 0000000..82e7557
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2018-16842.patch

@@ -0,0 +1,35 @@
+From 0e4a6058b130f07cfa52fde8a3cb6f2abfe4c700 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 1 Nov 2018 15:30:56 +0800
+Subject: [PATCH] voutf: fix bad arethmetic when outputting warnings to stderr
+
+CVE-2018-16842
+Reported-by: Brian Carpenter
+Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit
+/d530e92f59ae9bb2d47066c3c460b25d2ffeb211]
+
+CVE: CVE-2018-16842
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ src/tool_msgs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tool_msgs.c b/src/tool_msgs.c
+index 9cce806..05bec39 100644
+--- a/src/tool_msgs.c
++++ b/src/tool_msgs.c
+@@ -67,7 +67,7 @@ static void voutf(struct GlobalConfig *config,
+         (void)fwrite(ptr, cut + 1, 1, config->errors);
+         fputs("\n", config->errors);
+         ptr += cut + 1; /* skip the space too */
+-        len -= cut;
++        len -= cut + 1;
+       }
+       else {
+         fputs(ptr, config->errors);
+-- 
+2.7.4
+