curl: 7.54.1 -> 7.57.0
1.Upgrade curl from 7.54.1 to 7.57.0.
2.Delete CVE-2017-
1000099.patch, CVE-2017-
1000100.patch, CVE-2017-
1000101.patch, CVE-2017-
1000254.patch, reproducible-mkhelp.patch, since it is integrated upstream.
3.Remove "do_install_append()" from curl_7.57.0.bb, since curl/curlbuild.h has been removed.
this update include CVE fixes for:
CVE-2018-
1000007 CWE-522: Insufficiently Protected Credentials
CVE-2018-
1000005 CWE-126: Buffer Over-read
CVE-2017-8818 CWE-125: Out-of-bounds Read
CVE-2017-8817 CWE-126: Buffer Over-read
CVE-2017-8816 CWE-131: Incorrect Calculation of Buffer Size
CVE-2017-
1000257 CWE-126: Buffer Over-read
Most of the changes are bug fixes.
https://curl.haxx.se/changes.html
(From OE-Core rev:
215d5677004537fc190b5381157ac8b94db6d7e8)
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Safer to upgrade than to backport CVE-2017-8818. Lots of depends patches]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
