From 6f8dcde58e2226d5a46f41ab53225134d0e60b4e Mon Sep 17 00:00:00 2001
From: Brad Bishop <bradleyb@fuzziesquirrel.com>
Date: Tue, 16 Oct 2018 10:47:12 +0800
Subject: poky: sumo refresh d240b885f2..eebbc00b25

Update poky to sumo HEAD.

Anuj Mittal (1):
      perl: skip tests that are not useful

Armin Kuster (4):
      tzcode-native: updatet to 2018e
      tzdata: update to 2018e
      tzcode: update to 2018f
      tzdata: update to 2018f

Bruce Ashfield (10):
      kernel-yocto/cfg: configuration warning fixes
      linux-yocto/4.14/4.18: address kernel configuration warnings
      linux-yocto: configuration warning fixes
      linux-yocto: tweak RTC configuration
      linux-yocto/4.14: fix kernel configuration audit warnings
      linux-yocto/4.14: update to v4.14.71
      linux-yocto: enable pci and CRYPTO_DEV_VIRTIO
      linux-yocto/4.14: fix beaglebone configuration warnings
      linux-yocto-rt: fixup 4.14 merge issues
      linux-yocto/4.14: update to v4.14.76

Changqing Li (1):
      apt: update SRC_URI

Chen Qi (2):
      python: backport patch to fix CVE-2018-1000802
      python: backport patch to fix CVE-2018-14647

Dan McGregor (2):
      os-release: move to nonarch_libdir
      base-files: change permissions on /sys and /proc

Derek Straka (1):
      python: update to version 2.7.15

Grygorii Tertychnyi (2):
      cve-check: Allow multiple entries in CVE_PRODUCT
      curl: extend CVE_PRODUCT

Hongxu Jia (2):
      valgrind: fix compile ptest failure on mips32
      nasm: fix CVE-2018-1000667

Hongzhi.Song (1):
      linux-yocto-rt: Add paravirt_kvm support for qemux86-64

Jagadeesh Krishnanjanappa (1):
      valgrind: fix ptest compilation for PowerPC64

Peter Kjellerstedt (1):
      curl: Include the complete license information

Richard Purdie (2):
      yocto-uninative: Upgrade to verson 2.3 which includes glibc 2.28
      oeqa/selftest/runtime_test: Ensure we build/use gnupg-native

Ross Burton (2):
      python: clean up ptest
      python: don't use runtime checks to identify float endianism

Zhixiong Chi (1):
      curl: CVE-2018-14618

Change-Id: I4b7aa481ed2a57c3551c4a45d30350f2376444cc
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
---
 .../recipes-support/curl/curl/CVE-2018-14618.patch | 37 ++++++++++++++++++++++
 poky/meta/recipes-support/curl/curl_7.61.0.bb      |  5 +--
 2 files changed, 40 insertions(+), 2 deletions(-)
 create mode 100644 poky/meta/recipes-support/curl/curl/CVE-2018-14618.patch

(limited to 'poky/meta/recipes-support/curl')

diff --git a/poky/meta/recipes-support/curl/curl/CVE-2018-14618.patch b/poky/meta/recipes-support/curl/curl/CVE-2018-14618.patch
new file mode 100644
index 000000000..db07b436d
--- /dev/null
+++ b/poky/meta/recipes-support/curl/curl/CVE-2018-14618.patch
@@ -0,0 +1,37 @@
+From 57d299a499155d4b327e341c6024e293b0418243 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Mon, 13 Aug 2018 10:35:52 +0200
+Subject: [PATCH] Curl_ntlm_core_mk_nt_hash: return error on too long password
+
+... since it would cause an integer overflow if longer than (max size_t
+/ 2).
+
+This is CVE-2018-14618
+
+Bug: https://curl.haxx.se/docs/CVE-2018-14618.html
+Closes #2756
+Reported-by: Zhaoyang Wu
+
+CVE: CVE-2018-14618
+Upstream-Status: Backport
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ lib/curl_ntlm_core.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c
+index e27cab353c..922e85a926 100644
+--- a/lib/curl_ntlm_core.c
++++ b/lib/curl_ntlm_core.c
+@@ -557,8 +557,11 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data,
+                                    unsigned char *ntbuffer /* 21 bytes */)
+ {
+   size_t len = strlen(password);
+-  unsigned char *pw = len ? malloc(len * 2) : strdup("");
++  unsigned char *pw;
+   CURLcode result;
++  if(len > SIZE_T_MAX/2) /* avoid integer overflow */
++    return CURLE_OUT_OF_MEMORY;
++  pw = len ? malloc(len * 2) : strdup("");
+   if(!pw)
+     return CURLE_OUT_OF_MEMORY;
diff --git a/poky/meta/recipes-support/curl/curl_7.61.0.bb b/poky/meta/recipes-support/curl/curl_7.61.0.bb
index d118c3ff9..31d5d9bda 100644
--- a/poky/meta/recipes-support/curl/curl_7.61.0.bb
+++ b/poky/meta/recipes-support/curl/curl_7.61.0.bb
@@ -3,16 +3,17 @@ HOMEPAGE = "http://curl.haxx.se/"
 BUGTRACKER = "http://curl.haxx.se/mail/list.cgi?list=curl-tracker"
 SECTION = "console/network"
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://COPYING;beginline=8;md5=3a34942f4ae3fbf1a303160714e664ac"
+LIC_FILES_CHKSUM = "file://COPYING;md5=ef889a37a5a874490ac7ce116396f29a"
 
 SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
            file://0001-replace-krb5-config-with-pkg-config.patch \
+           file://CVE-2018-14618.patch \
 "
 
 SRC_URI[md5sum] = "31d0a9f48dc796a7db351898a1e5058a"
 SRC_URI[sha256sum] = "5f6f336921cf5b84de56afbd08dfb70adeef2303751ffb3e570c936c6d656c9c"
 
-CVE_PRODUCT = "libcurl"
+CVE_PRODUCT = "curl libcurl"
 inherit autotools pkgconfig binconfig multilib_header
 
 PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls proxy threaded-resolver zlib"
-- 
cgit v1.2.3