2 files changed, 202 insertions, 1 deletions
diff --git a/recipes-support/curl/curl/CVE-2017-7407.patch b/recipes-support/curl/curl/CVE-2017-7407.patch
new file mode 100644
index 0000000..6dbe71c
--- /dev/null
+++ b/recipes-support/curl/curl/CVE-2017-7407.patch
@@ -0,0 +1,200 @@
+From 6019f1795b4e3b72507b84b0e02dc8c32024f562 Mon Sep 17 00:00:00 2001
+From: Dan Fandrich <dan@coneharvesters.com>
+Date: Sat, 11 Mar 2017 10:59:34 +0100
+Subject: [PATCH] CVE-2017-7407: fixed
+Bug: https://curl.haxx.se/docs/adv_20170403.html
+CVE: CVE-2017-7407
+Upstream-Status: Backport [https://curl.haxx.se/CVE-2017-7407.patch]
+Reported-by: Brian Carpenter
+---
+ src/tool_writeout.c     |  6 +++---
+ tests/data/Makefile.inc |  2 +-
+ tests/data/test1440     | 31 +++++++++++++++++++++++++++++++
+ tests/data/test1441     | 31 +++++++++++++++++++++++++++++++
+ tests/data/test1442     | 35 +++++++++++++++++++++++++++++++++++
+ 5 files changed, 101 insertions(+), 4 deletions(-)
+ create mode 100644 tests/data/test1440
+ create mode 100644 tests/data/test1441
+ create mode 100644 tests/data/test1442
+diff --git a/src/tool_writeout.c b/src/tool_writeout.c
+index 2fb77742a..5d92bd278 100644
+--- a/src/tool_writeout.c
+++ b/src/tool_writeout.c
+@@ -3,11 +3,11 @@
+  *  Project                     ___| | | |  _ \| |
+  *                             / __| | | | |_) | |
+  *                            | (__| |_| |  _ <| |___
+  *                             \___|\___/|_| \_\_____|
+  *
+- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+  *
+  * This software is licensed as described in the file COPYING, which
+  * you should have received as part of this distribution. The terms
+  * are also available at https://curl.haxx.se/docs/copyright.html.
+  *
+@@ -111,11 +111,11 @@ void ourWriteOut(CURL *curl, struct OutStruct *outs, const char *writeinfo)
+   char *stringp = NULL;
+   long longinfo;
+   double doubleinfo;
+ 
+   while(ptr && *ptr) {
+-    if('%' == *ptr) {
+    if('%' == *ptr && ptr[1]) {
+       if('%' == ptr[1]) {
+         /* an escaped %-letter */
+         fputc('%', stream);
+         ptr += 2;
+       }
+@@ -339,11 +339,11 @@ void ourWriteOut(CURL *curl, struct OutStruct *outs, const char *writeinfo)
+           fputc(ptr[1], stream);
+           ptr += 2;
+         }
+       }
+     }
+-    else if('\\' == *ptr) {
+    else if('\\' == *ptr && ptr[1]) {
+       switch(ptr[1]) {
+       case 'r':
+         fputc('\r', stream);
+         break;
+       case 'n':
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index 8251ab9a4..267ff6aef 100644
+--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
+@@ -149,11 +149,11 @@ test1396 test1397 test1398 \
+ test1400 test1401 test1402 test1403 test1404 test1405 test1406 test1407 \
+ test1408 test1409 test1410 test1411 test1412 test1413 test1414 test1415 \
+ test1416 test1417 test1418 test1419 test1420 test1421 test1422 test1423 \
+ test1424 \
+ test1428 test1429 test1430 test1431 test1432 test1433 test1434 test1435 \
+-test1436 test1437 test1438 test1439 \
+test1436 test1437 test1438 test1439 test1440 test1441 test1442 \
+ \
+ test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
+ test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
+ test1516 test1517 \
+ \
+diff --git a/tests/data/test1440 b/tests/data/test1440
+new file mode 100644
+index 000000000..7ed0c4d5f
+--- /dev/null
+++ b/tests/data/test1440
+@@ -0,0 +1,31 @@
+<testcase>
+<info>
+<keywords>
+--write-out
+</keywords>
+</info>
+# Server-side
+<reply>
+</reply>
+
+# Client-side
+<client>
+<server>
+file
+</server>
+
+<name>
+Check --write-out with trailing %{
+</name>
+<command>
+file://localhost/%PWD/log/ --write-out '%{'
+</command>
+</client>
+
+# Verify data
+<verify>
+<stdout nonewline="yes">
+%{
+</stdout>
+</verify>
+</testcase>
+diff --git a/tests/data/test1441 b/tests/data/test1441
+new file mode 100644
+index 000000000..6e253a690
+--- /dev/null
+++ b/tests/data/test1441
+@@ -0,0 +1,31 @@
+<testcase>
+<info>
+<keywords>
+--write-out
+</keywords>
+</info>
+# Server-side
+<reply>
+</reply>
+
+# Client-side
+<client>
+<server>
+file
+</server>
+
+<name>
+Check --write-out with trailing %
+</name>
+<command>
+file://localhost/%PWD/log/ --write-out '%'
+</command>
+</client>
+
+# Verify data
+<verify>
+<stdout nonewline="yes">
+%
+</stdout>
+</verify>
+</testcase>
+diff --git a/tests/data/test1442 b/tests/data/test1442
+new file mode 100644
+index 000000000..255a4c9ff
+--- /dev/null
+++ b/tests/data/test1442
+@@ -0,0 +1,35 @@
+<testcase>
+<info>
+<keywords>
+--write-out
+FILE
+</keywords>
+</info>
+# Server-side
+<reply>
+</reply>
+
+# Client-side
+<client>
+<server>
+file
+</server>
+
+<name>
+Check --write-out with trailing \
+</name>
+<command>
+file://localhost/%PWD/log/non-existent-file.txt --write-out '\'
+</command>
+</client>
+
+# Verify data
+<verify>
+<errorcode>
+37
+</errorcode>
+<stdout nonewline="yes">
+\
+</stdout>
+</verify>
+</testcase>
+-- 
+2.11.0
diff --git a/recipes-support/curl/curl_%.bbappend b/recipes-support/curl/curl_%.bbappend
index 72cd405..6ce316a 100644
--- a/recipes-support/curl/curl_%.bbappend
+++ b/recipes-support/curl/curl_%.bbappend
@@ -1,7 +1,8 @@
 # look for files in the layer first
 FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
-SRC_URI += "file://CVE-2017-7468.patch \
+SRC_URI += "file://CVE-2017-7407.patch \
+            file://CVE-2017-7468.patch \
            file://CVE-2017-9502.patch \
            file://CVE-2017-1000100.patch \
            file://CVE-2017-1000101.patch \

diff --git a/recipes-support/curl/curl/CVE-2017-7407.patch b/recipes-support/curl/curl/CVE-2017-7407.patch new file mode 100644 index 0000000..6dbe71c --- /dev/null +++ b/recipes-support/curl/curl/CVE-2017-7407.patch
@@ -0,0 +1,200 @@
		1	From 6019f1795b4e3b72507b84b0e02dc8c32024f562 Mon Sep 17 00:00:00 2001
		2	From: Dan Fandrich <dan@coneharvesters.com>
		3	Date: Sat, 11 Mar 2017 10:59:34 +0100
		4	Subject: [PATCH] CVE-2017-7407: fixed
		5
		6	Bug: https://curl.haxx.se/docs/adv_20170403.html
		7
		8	CVE: CVE-2017-7407
		9	Upstream-Status: Backport [https://curl.haxx.se/CVE-2017-7407.patch]
		10
		11	Reported-by: Brian Carpenter
		12	---
		13	src/tool_writeout.c \| 6 +++---
		14	tests/data/Makefile.inc \| 2 +-
		15	tests/data/test1440 \| 31 +++++++++++++++++++++++++++++++
		16	tests/data/test1441 \| 31 +++++++++++++++++++++++++++++++
		17	tests/data/test1442 \| 35 +++++++++++++++++++++++++++++++++++
		18	5 files changed, 101 insertions(+), 4 deletions(-)
		19	create mode 100644 tests/data/test1440
		20	create mode 100644 tests/data/test1441
		21	create mode 100644 tests/data/test1442
		22
		23	diff --git a/src/tool_writeout.c b/src/tool_writeout.c
		24	index 2fb77742a..5d92bd278 100644
		25	--- a/src/tool_writeout.c
		26	+++ b/src/tool_writeout.c
		27	@@ -3,11 +3,11 @@
		28	* Project ___\| \| \| \| _ \\| \|
		29	* / __\| \| \| \| \|_) \| \|
		30	* \| (__\| \|_\| \| _ <\| \|___
		31	* \___\|\___/\|_\| \_\_____\|
		32	*
		33	- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
		34	+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
		35	*
		36	* This software is licensed as described in the file COPYING, which
		37	* you should have received as part of this distribution. The terms
		38	* are also available at https://curl.haxx.se/docs/copyright.html.
		39	*
		40	@@ -111,11 +111,11 @@ void ourWriteOut(CURL curl, struct OutStruct outs, const char *writeinfo)
		41	char *stringp = NULL;
		42	long longinfo;
		43	double doubleinfo;
		44
		45	while(ptr && *ptr) {
		46	- if('%' == *ptr) {
		47	+ if('%' == *ptr && ptr[1]) {
		48	if('%' == ptr[1]) {
		49	/* an escaped %-letter */
		50	fputc('%', stream);
		51	ptr += 2;
		52	}
		53	@@ -339,11 +339,11 @@ void ourWriteOut(CURL curl, struct OutStruct outs, const char *writeinfo)
		54	fputc(ptr[1], stream);
		55	ptr += 2;
		56	}
		57	}
		58	}
		59	- else if('\\' == *ptr) {
		60	+ else if('\\' == *ptr && ptr[1]) {
		61	switch(ptr[1]) {
		62	case 'r':
		63	fputc('\r', stream);
		64	break;
		65	case 'n':
		66	diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
		67	index 8251ab9a4..267ff6aef 100644
		68	--- a/tests/data/Makefile.inc
		69	+++ b/tests/data/Makefile.inc
		70	@@ -149,11 +149,11 @@ test1396 test1397 test1398 \
		71	test1400 test1401 test1402 test1403 test1404 test1405 test1406 test1407 \
		72	test1408 test1409 test1410 test1411 test1412 test1413 test1414 test1415 \
		73	test1416 test1417 test1418 test1419 test1420 test1421 test1422 test1423 \
		74	test1424 \
		75	test1428 test1429 test1430 test1431 test1432 test1433 test1434 test1435 \
		76	-test1436 test1437 test1438 test1439 \
		77	+test1436 test1437 test1438 test1439 test1440 test1441 test1442 \
		78	\
		79	test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
		80	test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
		81	test1516 test1517 \
		82	\
		83	diff --git a/tests/data/test1440 b/tests/data/test1440
		84	new file mode 100644
		85	index 000000000..7ed0c4d5f
		86	--- /dev/null
		87	+++ b/tests/data/test1440
		88	@@ -0,0 +1,31 @@
		89	+<testcase>
		90	+<info>
		91	+<keywords>
		92	+--write-out
		93	+</keywords>
		94	+</info>
		95	+# Server-side
		96	+<reply>
		97	+</reply>
		98	+
		99	+# Client-side
		100	+<client>
		101	+<server>
		102	+file
		103	+</server>
		104	+
		105	+<name>
		106	+Check --write-out with trailing %{
		107	+</name>
		108	+<command>
		109	+file://localhost/%PWD/log/ --write-out '%{'
		110	+</command>
		111	+</client>
		112	+
		113	+# Verify data
		114	+<verify>
		115	+<stdout nonewline="yes">
		116	+%{
		117	+</stdout>
		118	+</verify>
		119	+</testcase>
		120	diff --git a/tests/data/test1441 b/tests/data/test1441
		121	new file mode 100644
		122	index 000000000..6e253a690
		123	--- /dev/null
		124	+++ b/tests/data/test1441
		125	@@ -0,0 +1,31 @@
		126	+<testcase>
		127	+<info>
		128	+<keywords>
		129	+--write-out
		130	+</keywords>
		131	+</info>
		132	+# Server-side
		133	+<reply>
		134	+</reply>
		135	+
		136	+# Client-side
		137	+<client>
		138	+<server>
		139	+file
		140	+</server>
		141	+
		142	+<name>
		143	+Check --write-out with trailing %
		144	+</name>
		145	+<command>
		146	+file://localhost/%PWD/log/ --write-out '%'
		147	+</command>
		148	+</client>
		149	+
		150	+# Verify data
		151	+<verify>
		152	+<stdout nonewline="yes">
		153	+%
		154	+</stdout>
		155	+</verify>
		156	+</testcase>
		157	diff --git a/tests/data/test1442 b/tests/data/test1442
		158	new file mode 100644
		159	index 000000000..255a4c9ff
		160	--- /dev/null
		161	+++ b/tests/data/test1442
		162	@@ -0,0 +1,35 @@
		163	+<testcase>
		164	+<info>
		165	+<keywords>
		166	+--write-out
		167	+FILE
		168	+</keywords>
		169	+</info>
		170	+# Server-side
		171	+<reply>
		172	+</reply>
		173	+
		174	+# Client-side
		175	+<client>
		176	+<server>
		177	+file
		178	+</server>
		179	+
		180	+<name>
		181	+Check --write-out with trailing \
		182	+</name>
		183	+<command>
		184	+file://localhost/%PWD/log/non-existent-file.txt --write-out '\'
		185	+</command>
		186	+</client>
		187	+
		188	+# Verify data
		189	+<verify>
		190	+<errorcode>
		191	+37
		192	+</errorcode>
		193	+<stdout nonewline="yes">
		194	+\
		195	+</stdout>
		196	+</verify>
		197	+</testcase>
		198	--
		199	2.11.0
		200


diff --git a/recipes-support/curl/curl_%.bbappend b/recipes-support/curl/curl_%.bbappend index 72cd405..6ce316a 100644 --- a/recipes-support/curl/curl_%.bbappend +++ b/recipes-support/curl/curl_%.bbappend
@@ -1,7 +1,8 @@
1	# look for files in the layer first	1	# look for files in the layer first
2	FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"	2	FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
3		3
4	SRC_URI += "file://CVE-2017-7468.patch \	4	SRC_URI += "file://CVE-2017-7407.patch \
		5	file://CVE-2017-7468.patch \
5	file://CVE-2017-9502.patch \	6	file://CVE-2017-9502.patch \
6	file://CVE-2017-1000100.patch \	7	file://CVE-2017-1000100.patch \
7	file://CVE-2017-1000101.patch \	8	file://CVE-2017-1000101.patch \