curl: Security fix CVE-2016-0754

CVE-2016-0754 curl: remote file name path traversal in curl tool for Windows Signed-off-by: Armin Kuster <akuster@mvista.com>
author: Armin Kuster <akuster@mvista.com> 2016-02-05 08:57:11 -0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-02-07 22:47:10 +0000
commit: b2c9b48dea2fd968c307a809ff95f2e686435222 (patch)
tree: f9b6887b23010cc76d2da489774785adb71d952c /meta/recipes-support/curl/curl_7.44.0.bb
parent: 7474c7dbf98c1a068bfd9b14627b604da5d79b67 (diff)
download: openembedded-core-contrib-b2c9b48dea2fd968c307a809ff95f2e686435222.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/meta/recipes-support/curl/curl_7.44.0.bb b/meta/recipes-support/curl/curl_7.44.0.bb
index f6d350e86a..852c4dd472 100644
--- a/meta/recipes-support/curl/curl_7.44.0.bb
+++ b/meta/recipes-support/curl/curl_7.44.0.bb
@@ -12,7 +12,8 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
 # curl likes to set -g0 in CFLAGS, so we stop it
 # from mucking around with debug options
 #
-SRC_URI += " file://configure_ac.patch"
+SRC_URI += " file://configure_ac.patch \
+             file://CVE-2016-0754.patch"
 
 SRC_URI[md5sum] = "6b952ca00e5473b16a11f05f06aa8dae"
 SRC_URI[sha256sum] = "1e2541bae6582bb697c0fbae49e1d3e6fad5d05d5aa80dbd6f072e0a44341814"
author	Armin Kuster <akuster@mvista.com>	2016-02-05 08:57:11 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 22:47:10 +0000
commit	b2c9b48dea2fd968c307a809ff95f2e686435222 (patch)
tree	f9b6887b23010cc76d2da489774785adb71d952c /meta/recipes-support/curl/curl_7.44.0.bb
parent	7474c7dbf98c1a068bfd9b14627b604da5d79b67 (diff)
download	openembedded-core-contrib-b2c9b48dea2fd968c307a809ff95f2e686435222.tar.gz