diff options
Diffstat (limited to 'import-layers/yocto-poky/meta/recipes-support/curl/curl/CVE-2017-1000101.patch')
| -rw-r--r-- | import-layers/yocto-poky/meta/recipes-support/curl/curl/CVE-2017-1000101.patch | 45 |
1 files changed, 26 insertions, 19 deletions
diff --git a/import-layers/yocto-poky/meta/recipes-support/curl/curl/CVE-2017-1000101.patch b/import-layers/yocto-poky/meta/recipes-support/curl/curl/CVE-2017-1000101.patch index 9eef5e2a20..c300fff00c 100644 --- a/import-layers/yocto-poky/meta/recipes-support/curl/curl/CVE-2017-1000101.patch +++ b/import-layers/yocto-poky/meta/recipes-support/curl/curl/CVE-2017-1000101.patch @@ -6,15 +6,17 @@ Subject: [PATCH] glob: do not continue parsing after a strtoul() overflow Added test 1289 to verify. -CVE-2017-1000101 +CVE: CVE-2017-1000101 Bug: https://curl.haxx.se/docs/adv_20170809A.html Reported-by: Brian Carpenter Upstream-Status: Backport -CVE: CVE-2017-1000101 -Signed-off-by: Armin Kuster <akuster@mvista.com> +https://github.com/curl/curl/commit/453e7a7a03a2cec749abd3878a48e728c515cca7 +Rebase the tests/data/Makefile.inc changes for curl 7.54.1. + +Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> --- src/tool_urlglob.c | 5 ++++- tests/data/Makefile.inc | 2 +- @@ -22,11 +24,11 @@ Signed-off-by: Armin Kuster <akuster@mvista.com> 3 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 tests/data/test1289 -Index: curl-7.53.1/src/tool_urlglob.c -=================================================================== ---- curl-7.53.1.orig/src/tool_urlglob.c -+++ curl-7.53.1/src/tool_urlglob.c -@@ -269,7 +269,10 @@ static CURLcode glob_range(URLGlob *glob +diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c +index 6b1ece0..d56dcd9 100644 +--- a/src/tool_urlglob.c ++++ b/src/tool_urlglob.c +@@ -273,7 +273,10 @@ static CURLcode glob_range(URLGlob *glob, char **patternp, } errno = 0; max_n = strtoul(pattern, &endp, 10); @@ -38,22 +40,24 @@ Index: curl-7.53.1/src/tool_urlglob.c pattern = endp+1; errno = 0; step_n = strtoul(pattern, &endp, 10); -Index: curl-7.53.1/tests/data/Makefile.inc -=================================================================== ---- curl-7.53.1.orig/tests/data/Makefile.inc -+++ curl-7.53.1/tests/data/Makefile.inc -@@ -131,6 +131,7 @@ test1244 test1245 test1246 test1247 test - test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 \ +diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc +index 155320a..7adbee6 100644 +--- a/tests/data/Makefile.inc ++++ b/tests/data/Makefile.inc +@@ -132,7 +132,7 @@ test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 \ + test1260 test1261 test1262 \ \ - test1280 test1281 test1282 test1283 test1284 test1285 test1286 \ -+test1289 \ + test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 \ +-test1288 \ ++test1288 test1289 \ \ test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 \ test1308 test1309 test1310 test1311 test1312 test1313 test1314 test1315 \ -Index: curl-7.53.1/tests/data/test1289 -=================================================================== +diff --git a/tests/data/test1289 b/tests/data/test1289 +new file mode 100644 +index 0000000..d679cc0 --- /dev/null -+++ curl-7.53.1/tests/data/test1289 ++++ b/tests/data/test1289 @@ -0,0 +1,35 @@ +<testcase> +<info> @@ -90,3 +94,6 @@ Index: curl-7.53.1/tests/data/test1289 +</errorcode> +</verify> +</testcase> +-- +2.11.0 + |