1 files changed, 0 insertions, 68 deletions

diff --git a/external/poky/meta/recipes-support/curl/curl/CVE-2019-5482.patch b/external/poky/meta/recipes-support/curl/curl/CVE-2019-5482.patch
deleted file mode 100644
index 91b18669..00000000
--- a/external/poky/meta/recipes-support/curl/curl/CVE-2019-5482.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 38319e0717844c32464a6c7630de9be226f1c6f4 Mon Sep 17 00:00:00 2001
-From: Thomas Vegas <>
-Date: Sat, 31 Aug 2019 17:30:51 +0200
-Subject: [PATCH] tftp: Alloc maximum blksize, and use default unless OACK is
- received
-Reply-To: muislam@microsoft.com
-
-Fixes potential buffer overflow from 'recvfrom()', should the server
-return an OACK without blksize.
-
-Bug: https://curl.haxx.se/docs/CVE-2019-5482.html
-
-CVE: CVE-2019-5482
-
-Upstream-Status: Backport
-
-Signed-off-by: Muminul Islam <muislam@microsoft.com>
----
- lib/tftp.c | 12 +++++++++---
- 1 file changed, 9 insertions(+), 3 deletions(-)
-
-diff --git a/lib/tftp.c b/lib/tftp.c
-index 064eef318..2c148e3e1 100644
---- a/lib/tftp.c
-+++ b/lib/tftp.c
-@@ -969,6 +969,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
- {
-   tftp_state_data_t *state;
-   int blksize;
-+  int need_blksize;
- 
-   blksize = TFTP_BLKSIZE_DEFAULT;
- 
-@@ -983,15 +984,20 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
-       return CURLE_TFTP_ILLEGAL;
-   }
- 
-+  need_blksize = blksize;
-+  /* default size is the fallback when no OACK is received */
-+  if(need_blksize < TFTP_BLKSIZE_DEFAULT)
-+    need_blksize = TFTP_BLKSIZE_DEFAULT;
-+
-   if(!state->rpacket.data) {
--    state->rpacket.data = calloc(1, blksize + 2 + 2);
-+    state->rpacket.data = calloc(1, need_blksize + 2 + 2);
- 
-     if(!state->rpacket.data)
-       return CURLE_OUT_OF_MEMORY;
-   }
- 
-   if(!state->spacket.data) {
--    state->spacket.data = calloc(1, blksize + 2 + 2);
-+    state->spacket.data = calloc(1, need_blksize + 2 + 2);
- 
-     if(!state->spacket.data)
-       return CURLE_OUT_OF_MEMORY;
-@@ -1005,7 +1011,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
-   state->sockfd = state->conn->sock[FIRSTSOCKET];
-   state->state = TFTP_STATE_START;
-   state->error = TFTP_ERR_NONE;
--  state->blksize = blksize;
-+  state->blksize = TFTP_BLKSIZE_DEFAULT; /* Unless updated by OACK response */
-   state->requested_blksize = blksize;
- 
-   ((struct sockaddr *)&state->local_addr)->sa_family =
--- 
-2.23.0
-