From 41dcb36cac7813c0c2a5a7c1c1535a61caaab233 Mon Sep 17 00:00:00 2001 From: Martin Borg Date: Thu, 1 Mar 2018 10:49:49 +0100 Subject: curl: Drop CVE patches The CVEs have been fixed in upstream poky/rocko. Signed-off-by: Martin Borg --- recipes-support/curl/curl/CVE-2017-1000254.patch | 139 ----------- recipes-support/curl/curl/CVE-2017-7407.patch | 200 --------------- recipes-support/curl/curl/CVE-2017-7468.patch | 299 ----------------------- recipes-support/curl/curl/CVE-2017-9502.patch | 69 ------ recipes-support/curl/curl_%.bbappend | 6 +- 5 files changed, 1 insertion(+), 712 deletions(-) delete mode 100644 recipes-support/curl/curl/CVE-2017-1000254.patch delete mode 100644 recipes-support/curl/curl/CVE-2017-7407.patch delete mode 100644 recipes-support/curl/curl/CVE-2017-7468.patch delete mode 100644 recipes-support/curl/curl/CVE-2017-9502.patch diff --git a/recipes-support/curl/curl/CVE-2017-1000254.patch b/recipes-support/curl/curl/CVE-2017-1000254.patch deleted file mode 100644 index d37b859..0000000 --- a/recipes-support/curl/curl/CVE-2017-1000254.patch +++ /dev/null @@ -1,139 +0,0 @@ -From f3be14cc3f3c56f612a0ffe1706fca14fe9eaf53 Mon Sep 17 00:00:00 2001 -From: Sona Sarmadi -Date: Mon, 4 Dec 2017 09:38:43 +0100 -Subject: [PATCH] curl: fix for CVE-2017-1000254 - -FTP: zero terminate the entry path even on bad input - -... a single double quote could leave the entry path buffer without a zero -terminating byte. - -CVE: CVE-2017-1000254 -Upstream-Status: Backport [https://curl.haxx.se/CVE-2017-1000254.patch] - -Test 1152 added to verify. - -Reported-by: Max Dymond -Bug: https://curl.haxx.se/docs/adv_20171004.html -Signed-off-by: Sona Sarmadi ---- - lib/ftp.c | 7 ++++-- - tests/data/Makefile.inc | 1 + - tests/data/test1152 | 61 +++++++++++++++++++++++++++++++++++++++++++++++++ - 3 files changed, 67 insertions(+), 2 deletions(-) - create mode 100644 tests/data/test1152 - -diff --git a/lib/ftp.c b/lib/ftp.c -index aa4d5ac..cab3699 100644 ---- a/lib/ftp.c -+++ b/lib/ftp.c -@@ -2826,6 +2826,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn) - const size_t buf_size = CURL_BUFSIZE(data->set.buffer_size); - char *dir; - char *store; -+ bool entry_extracted = FALSE; - - dir = malloc(nread + 1); - if(!dir) -@@ -2857,7 +2858,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn) - } - else { - /* end of path */ -- *store = '\0'; /* zero terminate */ -+ entry_extracted = TRUE; - break; /* get out of this loop */ - } - } -@@ -2866,7 +2867,9 @@ static CURLcode ftp_statemach_act(struct connectdata *conn) - store++; - ptr++; - } -- -+ *store = '\0'; /* zero terminate */ -+ } -+ if(entry_extracted) { - /* If the path name does not look like an absolute path (i.e.: it - does not start with a '/'), we probably need some server-dependent - adjustments. For example, this is the case when connecting to -diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc -index 8251ab9..01ad40d 100644 ---- a/tests/data/Makefile.inc -+++ b/tests/data/Makefile.inc -@@ -121,6 +121,7 @@ test1120 test1121 test1122 test1123 test1124 test1125 test1126 test1127 \ - test1128 test1129 test1130 test1131 test1132 test1133 test1134 test1135 \ - test1136 test1137 test1138 test1139 test1140 test1141 test1142 test1143 \ - test1144 test1145 test1146 \ -+test1152 \ - test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \ - test1208 test1209 test1210 test1211 test1212 test1213 test1214 test1215 \ - test1216 test1217 test1218 test1219 \ -diff --git a/tests/data/test1152 b/tests/data/test1152 -new file mode 100644 -index 0000000..c55739d ---- /dev/null -+++ b/tests/data/test1152 -@@ -0,0 +1,61 @@ -+ -+ -+ -+FTP -+PASV -+LIST -+ -+ -+# -+# Server-side -+ -+ -+REPLY PWD 257 "just one -+ -+ -+# When doing LIST, we get the default list output hard-coded in the test -+# FTP server -+ -+total 20 -+drwxr-xr-x 8 98 98 512 Oct 22 13:06 . -+drwxr-xr-x 8 98 98 512 Oct 22 13:06 .. -+drwxr-xr-x 2 98 98 512 May 2 1996 curl-releases -+-r--r--r-- 1 0 1 35 Jul 16 1996 README -+lrwxrwxrwx 1 0 1 7 Dec 9 1999 bin -> usr/bin -+dr-xr-xr-x 2 0 1 512 Oct 1 1997 dev -+drwxrwxrwx 2 98 98 512 May 29 16:04 download.html -+dr-xr-xr-x 2 0 1 512 Nov 30 1995 etc -+drwxrwxrwx 2 98 1 512 Oct 30 14:33 pub -+dr-xr-xr-x 5 0 1 512 Oct 1 1997 usr -+ -+ -+ -+# -+# Client-side -+ -+ -+ftp -+ -+ -+FTP with uneven quote in PWD response -+ -+ -+ftp://%HOSTIP:%FTPPORT/test-1152/ -+ -+ -+ -+# -+# Verify data after the test has been "shot" -+ -+ -+USER anonymous -+PASS ftp@example.com -+PWD -+CWD test-1152 -+EPSV -+TYPE A -+LIST -+QUIT -+ -+ -+ --- -1.9.1 - diff --git a/recipes-support/curl/curl/CVE-2017-7407.patch b/recipes-support/curl/curl/CVE-2017-7407.patch deleted file mode 100644 index 6dbe71c..0000000 --- a/recipes-support/curl/curl/CVE-2017-7407.patch +++ /dev/null @@ -1,200 +0,0 @@ -From 6019f1795b4e3b72507b84b0e02dc8c32024f562 Mon Sep 17 00:00:00 2001 -From: Dan Fandrich -Date: Sat, 11 Mar 2017 10:59:34 +0100 -Subject: [PATCH] CVE-2017-7407: fixed - -Bug: https://curl.haxx.se/docs/adv_20170403.html - -CVE: CVE-2017-7407 -Upstream-Status: Backport [https://curl.haxx.se/CVE-2017-7407.patch] - -Reported-by: Brian Carpenter ---- - src/tool_writeout.c | 6 +++--- - tests/data/Makefile.inc | 2 +- - tests/data/test1440 | 31 +++++++++++++++++++++++++++++++ - tests/data/test1441 | 31 +++++++++++++++++++++++++++++++ - tests/data/test1442 | 35 +++++++++++++++++++++++++++++++++++ - 5 files changed, 101 insertions(+), 4 deletions(-) - create mode 100644 tests/data/test1440 - create mode 100644 tests/data/test1441 - create mode 100644 tests/data/test1442 - -diff --git a/src/tool_writeout.c b/src/tool_writeout.c -index 2fb77742a..5d92bd278 100644 ---- a/src/tool_writeout.c -+++ b/src/tool_writeout.c -@@ -3,11 +3,11 @@ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * -- * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. -+ * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.haxx.se/docs/copyright.html. - * -@@ -111,11 +111,11 @@ void ourWriteOut(CURL *curl, struct OutStruct *outs, const char *writeinfo) - char *stringp = NULL; - long longinfo; - double doubleinfo; - - while(ptr && *ptr) { -- if('%' == *ptr) { -+ if('%' == *ptr && ptr[1]) { - if('%' == ptr[1]) { - /* an escaped %-letter */ - fputc('%', stream); - ptr += 2; - } -@@ -339,11 +339,11 @@ void ourWriteOut(CURL *curl, struct OutStruct *outs, const char *writeinfo) - fputc(ptr[1], stream); - ptr += 2; - } - } - } -- else if('\\' == *ptr) { -+ else if('\\' == *ptr && ptr[1]) { - switch(ptr[1]) { - case 'r': - fputc('\r', stream); - break; - case 'n': -diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc -index 8251ab9a4..267ff6aef 100644 ---- a/tests/data/Makefile.inc -+++ b/tests/data/Makefile.inc -@@ -149,11 +149,11 @@ test1396 test1397 test1398 \ - test1400 test1401 test1402 test1403 test1404 test1405 test1406 test1407 \ - test1408 test1409 test1410 test1411 test1412 test1413 test1414 test1415 \ - test1416 test1417 test1418 test1419 test1420 test1421 test1422 test1423 \ - test1424 \ - test1428 test1429 test1430 test1431 test1432 test1433 test1434 test1435 \ --test1436 test1437 test1438 test1439 \ -+test1436 test1437 test1438 test1439 test1440 test1441 test1442 \ - \ - test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \ - test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \ - test1516 test1517 \ - \ -diff --git a/tests/data/test1440 b/tests/data/test1440 -new file mode 100644 -index 000000000..7ed0c4d5f ---- /dev/null -+++ b/tests/data/test1440 -@@ -0,0 +1,31 @@ -+ -+ -+ -+--write-out -+ -+ -+# Server-side -+ -+ -+ -+# Client-side -+ -+ -+file -+ -+ -+ -+Check --write-out with trailing %{ -+ -+ -+file://localhost/%PWD/log/ --write-out '%{' -+ -+ -+ -+# Verify data -+ -+ -+%{ -+ -+ -+ -diff --git a/tests/data/test1441 b/tests/data/test1441 -new file mode 100644 -index 000000000..6e253a690 ---- /dev/null -+++ b/tests/data/test1441 -@@ -0,0 +1,31 @@ -+ -+ -+ -+--write-out -+ -+ -+# Server-side -+ -+ -+ -+# Client-side -+ -+ -+file -+ -+ -+ -+Check --write-out with trailing % -+ -+ -+file://localhost/%PWD/log/ --write-out '%' -+ -+ -+ -+# Verify data -+ -+ -+% -+ -+ -+ -diff --git a/tests/data/test1442 b/tests/data/test1442 -new file mode 100644 -index 000000000..255a4c9ff ---- /dev/null -+++ b/tests/data/test1442 -@@ -0,0 +1,35 @@ -+ -+ -+ -+--write-out -+FILE -+ -+ -+# Server-side -+ -+ -+ -+# Client-side -+ -+ -+file -+ -+ -+ -+Check --write-out with trailing \ -+ -+ -+file://localhost/%PWD/log/non-existent-file.txt --write-out '\' -+ -+ -+ -+# Verify data -+ -+ -+37 -+ -+ -+\ -+ -+ -+ --- -2.11.0 - diff --git a/recipes-support/curl/curl/CVE-2017-7468.patch b/recipes-support/curl/curl/CVE-2017-7468.patch deleted file mode 100644 index 184ed51..0000000 --- a/recipes-support/curl/curl/CVE-2017-7468.patch +++ /dev/null @@ -1,299 +0,0 @@ -From 33cfcfd9f0378625d3bddbd2c8ac5aad4b646f26 Mon Sep 17 00:00:00 2001 -From: Jay Satiro -Date: Wed, 22 Mar 2017 01:59:49 -0400 -Subject: [PATCH] TLS: Fix switching off SSL session id when client cert is - used - -Move the sessionid flag to ssl_primary_config so that ssl and proxy_ssl -will each have their own sessionid flag. - -Regression since HTTPS-Proxy support was added in cb4e2be. Prior to that -this issue had been fixed in 247d890, CVE-2016-5419. - -Bug: https://github.com/curl/curl/issues/1341 -Reported-by: lijian996@users.noreply.github.com - -CVE: CVE-2017-7468 -Upstream-Status: Backport [backport from curl-7_54_1] - -The new incarnation of this bug is called CVE-2017-7468 and is documented -here: https://curl.haxx.se/docs/adv_20170419.html - -Signed-off-by: Sona Sarmadi ---- - lib/url.c | 5 +++-- - lib/urldata.h | 2 +- - lib/vtls/axtls.c | 4 ++-- - lib/vtls/cyassl.c | 4 ++-- - lib/vtls/darwinssl.c | 2 +- - lib/vtls/gtls.c | 4 ++-- - lib/vtls/mbedtls.c | 4 ++-- - lib/vtls/nss.c | 2 +- - lib/vtls/openssl.c | 4 ++-- - lib/vtls/polarssl.c | 4 ++-- - lib/vtls/schannel.c | 4 ++-- - lib/vtls/vtls.c | 9 ++++++--- - 12 files changed, 26 insertions(+), 22 deletions(-) - -diff --git a/lib/url.c b/lib/url.c -index 4609f4f..caa28f5 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -546,7 +546,7 @@ CURLcode Curl_init_userdefined(struct UserDefined *set) - #endif - set->ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth - type */ -- set->general_ssl.sessionid = TRUE; /* session ID caching enabled by -+ set->ssl.primary.sessionid = TRUE; /* session ID caching enabled by - default */ - set->proxy_ssl = set->ssl; - -@@ -2499,8 +2499,9 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option, - break; - - case CURLOPT_SSL_SESSIONID_CACHE: -- data->set.general_ssl.sessionid = (0 != va_arg(param, long)) ? -+ data->set.ssl.primary.sessionid = (0 != va_arg(param, long)) ? - TRUE : FALSE; -+ data->set.proxy_ssl.primary.sessionid = data->set.ssl.primary.sessionid; - break; - - #ifdef USE_LIBSSH2 -diff --git a/lib/urldata.h b/lib/urldata.h -index bd7d25d..3c94553 100644 ---- a/lib/urldata.h -+++ b/lib/urldata.h -@@ -360,6 +360,7 @@ struct ssl_primary_config { - char *random_file; /* path to file containing "random" data */ - char *egdsocket; /* path to file containing the EGD daemon socket */ - char *cipher_list; /* list of ciphers to use */ -+ bool sessionid; /* cache session IDs or not */ - }; - - struct ssl_config_data { -@@ -389,7 +390,6 @@ struct ssl_config_data { - }; - - struct ssl_general_config { -- bool sessionid; /* cache session IDs or not */ - size_t max_ssl_sessions; /* SSL session id cache size */ - }; - -diff --git a/lib/vtls/axtls.c b/lib/vtls/axtls.c -index af01fe3..f0e3766 100644 ---- a/lib/vtls/axtls.c -+++ b/lib/vtls/axtls.c -@@ -262,7 +262,7 @@ static CURLcode connect_prep(struct connectdata *conn, int sockindex) - * 2) setting up callbacks. these seem gnutls specific - */ - -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - const uint8_t *ssl_sessionid; - size_t ssl_idsize; - -@@ -392,7 +392,7 @@ static CURLcode connect_finish(struct connectdata *conn, int sockindex) - conn->send[sockindex] = axtls_send; - - /* Put our freshly minted SSL session in cache */ -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - const uint8_t *ssl_sessionid = ssl_get_session_id(ssl); - size_t ssl_idsize = ssl_get_session_id_size(ssl); - Curl_ssl_sessionid_lock(conn); -diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c -index 2dfd79d..5f51ad5 100644 ---- a/lib/vtls/cyassl.c -+++ b/lib/vtls/cyassl.c -@@ -398,7 +398,7 @@ cyassl_connect_step1(struct connectdata *conn, - #endif /* HAVE_ALPN */ - - /* Check if there's a cached ID we can/should use here! */ -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - void *ssl_sessionid = NULL; - - Curl_ssl_sessionid_lock(conn); -@@ -618,7 +618,7 @@ cyassl_connect_step3(struct connectdata *conn, - - DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); - -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - bool incache; - SSL_SESSION *our_ssl_sessionid; - void *old_ssl_sessionid = NULL; -diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c -index f8697cc..5533dfe 100644 ---- a/lib/vtls/darwinssl.c -+++ b/lib/vtls/darwinssl.c -@@ -1644,7 +1644,7 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn, - #endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */ - - /* Check if there's a cached ID we can/should use here! */ -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - char *ssl_sessionid; - size_t ssl_sessionid_len; - -diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c -index 51a5aa8..0230778 100644 ---- a/lib/vtls/gtls.c -+++ b/lib/vtls/gtls.c -@@ -873,7 +873,7 @@ gtls_connect_step1(struct connectdata *conn, - - /* This might be a reconnect, so we check for a session ID in the cache - to speed up things */ -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - void *ssl_sessionid; - size_t ssl_idsize; - -@@ -1404,7 +1404,7 @@ gtls_connect_step3(struct connectdata *conn, - conn->recv[sockindex] = gtls_recv; - conn->send[sockindex] = gtls_send; - -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - /* we always unconditionally get the session id here, as even if we - already got it from the cache and asked to use it in the connection, it - might've been rejected and then a new one is in use now and we need to -diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c -index edf30db..3ffa957 100644 ---- a/lib/vtls/mbedtls.c -+++ b/lib/vtls/mbedtls.c -@@ -430,7 +430,7 @@ mbed_connect_step1(struct connectdata *conn, - #endif - - /* Check if there's a cached ID we can/should use here! */ -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - void *old_session = NULL; - - Curl_ssl_sessionid_lock(conn); -@@ -684,7 +684,7 @@ mbed_connect_step3(struct connectdata *conn, - - DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); - -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - int ret; - mbedtls_ssl_session *our_ssl_sessionid; - void *old_ssl_sessionid = NULL; -diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c -index 1d7047a..4898511 100644 ---- a/lib/vtls/nss.c -+++ b/lib/vtls/nss.c -@@ -1720,7 +1720,7 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex) - goto error; - - /* do not use SSL cache if disabled or we are not going to verify peer */ -- ssl_no_cache = (data->set.general_ssl.sessionid -+ ssl_no_cache = (SSL_SET_OPTION(primary.sessionid) - && SSL_CONN_CONFIG(verifypeer)) ? PR_FALSE : PR_TRUE; - if(SSL_OptionSet(model, SSL_NO_CACHE, ssl_no_cache) != SECSuccess) - goto error; -diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c -index ee07615..58a014a 100644 ---- a/lib/vtls/openssl.c -+++ b/lib/vtls/openssl.c -@@ -2235,7 +2235,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) - #endif - - /* Check if there's a cached ID we can/should use here! */ -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - void *ssl_sessionid = NULL; - - Curl_ssl_sessionid_lock(conn); -@@ -2965,7 +2965,7 @@ static CURLcode ossl_connect_step3(struct connectdata *conn, int sockindex) - - DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); - -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - bool incache; - SSL_SESSION *our_ssl_sessionid; - void *old_ssl_sessionid = NULL; -diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c -index e6ad525..669091c 100644 ---- a/lib/vtls/polarssl.c -+++ b/lib/vtls/polarssl.c -@@ -375,7 +375,7 @@ polarssl_connect_step1(struct connectdata *conn, - ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites()); - - /* Check if there's a cached ID we can/should use here! */ -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - void *old_session = NULL; - - Curl_ssl_sessionid_lock(conn); -@@ -603,7 +603,7 @@ polarssl_connect_step3(struct connectdata *conn, - - DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); - -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - int ret; - ssl_session *our_ssl_sessionid; - void *old_ssl_sessionid = NULL; -diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c -index e0fb2d5..c9b5132 100644 ---- a/lib/vtls/schannel.c -+++ b/lib/vtls/schannel.c -@@ -188,7 +188,7 @@ schannel_connect_step1(struct connectdata *conn, int sockindex) - connssl->cred = NULL; - - /* check for an existing re-usable credential handle */ -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - Curl_ssl_sessionid_lock(conn); - if(!Curl_ssl_getsessionid(conn, (void **)&old_cred, NULL, sockindex)) { - connssl->cred = old_cred; -@@ -757,7 +757,7 @@ schannel_connect_step3(struct connectdata *conn, int sockindex) - #endif - - /* save the current session data for possible re-use */ -- if(data->set.general_ssl.sessionid) { -+ if(SSL_SET_OPTION(primary.sessionid)) { - bool incache; - struct curl_schannel_cred *old_cred = NULL; - -diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c -index c6935b5..d5d0971 100644 ---- a/lib/vtls/vtls.c -+++ b/lib/vtls/vtls.c -@@ -122,6 +122,9 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source, - CLONE_STRING(egdsocket); - CLONE_STRING(random_file); - CLONE_STRING(clientcert); -+ -+ /* Disable dest sessionid cache if a client cert is used, CVE-2016-5419. */ -+ dest->sessionid = (dest->clientcert ? false : source->sessionid); - return TRUE; - } - -@@ -308,9 +311,9 @@ bool Curl_ssl_getsessionid(struct connectdata *conn, - int port = isProxy ? (int)conn->port : conn->remote_port; - *ssl_sessionid = NULL; - -- DEBUGASSERT(data->set.general_ssl.sessionid); -+ DEBUGASSERT(SSL_SET_OPTION(primary.sessionid)); - -- if(!data->set.general_ssl.sessionid) -+ if(!SSL_SET_OPTION(primary.sessionid)) - /* session ID re-use is disabled */ - return TRUE; - -@@ -412,7 +415,7 @@ CURLcode Curl_ssl_addsessionid(struct connectdata *conn, - &conn->proxy_ssl_config : - &conn->ssl_config; - -- DEBUGASSERT(data->set.general_ssl.sessionid); -+ DEBUGASSERT(SSL_SET_OPTION(primary.sessionid)); - - clone_host = strdup(isProxy ? conn->http_proxy.host.name : conn->host.name); - if(!clone_host) --- -1.9.1 - diff --git a/recipes-support/curl/curl/CVE-2017-9502.patch b/recipes-support/curl/curl/CVE-2017-9502.patch deleted file mode 100644 index c205568..0000000 --- a/recipes-support/curl/curl/CVE-2017-9502.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 5d7952f52e410e1d4a8ff1965e5cc6fc1bde86aa Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Wed, 7 Jun 2017 00:21:04 +0200 -Subject: [PATCH] url: fix buffer overwrite with file protocol (CVE-2017-9502) - -Bug: https://github.com/curl/curl/issues/1540 -Advisory: https://curl.haxx.se/docs/adv_20170614.html - -CVE: CVE-2017-9502 -Upstream-Status: Backport [backport from curl-7_54_1] - -Assisted-by: Ray Satiro -Reported-by: Marcel Raad -Signed-off-by: Sona Sarmadi ---- - lib/url.c | 27 ++++++++++++++++++++++----- - 1 file changed, 22 insertions(+), 5 deletions(-) - -diff --git a/lib/url.c b/lib/url.c -index 84822d9..87446db 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -4466,6 +4466,7 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, - #endif - - protop = "file"; /* protocol string */ -+ *prot_missing = !url_has_scheme; - } - else { - /* clear path */ -@@ -4629,14 +4630,30 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, - - size_t plen = strlen(path); /* new path, should be 1 byte longer than - the original */ -- size_t urllen = strlen(data->change.url); /* original URL length */ -- - size_t prefixlen = strlen(conn->host.name); - -- if(!*prot_missing) -- prefixlen += strlen(protop) + strlen("://"); -+ if(!*prot_missing) { -+ size_t protolen = strlen(protop); -+ -+ if(curl_strnequal(protop, data->change.url, protolen)) -+ prefixlen += protolen; -+ else { -+ failf(data, " malformed"); -+ return CURLE_URL_MALFORMAT; -+ } -+ -+ if(curl_strnequal("://", &data->change.url[protolen], 3)) -+ prefixlen += 3; -+ /* only file: is allowed to omit one or both slashes */ -+ else if(curl_strnequal("file:", data->change.url, 5)) -+ prefixlen += 1 + (data->change.url[5] == '/'); -+ else { -+ failf(data, " malformed"); -+ return CURLE_URL_MALFORMAT; -+ } -+ } - -- reurl = malloc(urllen + 2); /* 2 for zerobyte + slash */ -+ reurl = malloc(prefixlen + plen + 1); - if(!reurl) - return CURLE_OUT_OF_MEMORY; - --- -1.9.1 - diff --git a/recipes-support/curl/curl_%.bbappend b/recipes-support/curl/curl_%.bbappend index 5e642bb..2da58d4 100644 --- a/recipes-support/curl/curl_%.bbappend +++ b/recipes-support/curl/curl_%.bbappend @@ -1,11 +1,7 @@ # look for files in the layer first FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" -SRC_URI += "file://CVE-2017-7407.patch \ - file://CVE-2017-7468.patch \ - file://CVE-2017-9502.patch \ - file://CVE-2017-1000254.patch \ - file://CVE-2017-1000257.patch \ +SRC_URI += "file://CVE-2017-1000257.patch \ file://CVE-2017-8816.patch \ file://CVE-2017-8817.patch \ " -- cgit v1.2.3-54-g00ecf