1 files changed, 0 insertions, 65 deletions

diff --git a/meta/recipes-support/curl/curl/CVE-2019-5482.patch b/meta/recipes-support/curl/curl/CVE-2019-5482.patch
deleted file mode 100644
index 30122d1ae9..0000000000
--- a/meta/recipes-support/curl/curl/CVE-2019-5482.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From facb0e4662415b5f28163e853dc6742ac5fafb3d Mon Sep 17 00:00:00 2001
-From: Thomas Vegas <>
-Date: Sat, 31 Aug 2019 17:30:51 +0200
-Subject: [PATCH] tftp: Alloc maximum blksize, and use default unless OACK is
- received
-
-Fixes potential buffer overflow from 'recvfrom()', should the server
-return an OACK without blksize.
-
-Bug: https://curl.haxx.se/docs/CVE-2019-5482.html
-CVE-2019-5482
-
-Upstream-Status: Backport
-CVE: CVE-2019-5482
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- lib/tftp.c | 12 +++++++++---
- 1 file changed, 9 insertions(+), 3 deletions(-)
-
-Index: curl-7.64.1/lib/tftp.c
-===================================================================
---- curl-7.64.1.orig/lib/tftp.c
-+++ curl-7.64.1/lib/tftp.c
-@@ -973,6 +973,7 @@ static CURLcode tftp_connect(struct conn
- {
-   tftp_state_data_t *state;
-   int blksize;
-+  int need_blksize;
- 
-   blksize = TFTP_BLKSIZE_DEFAULT;
- 
-@@ -987,15 +988,20 @@ static CURLcode tftp_connect(struct conn
-       return CURLE_TFTP_ILLEGAL;
-   }
- 
-+  need_blksize = blksize;
-+  /* default size is the fallback when no OACK is received */
-+  if(need_blksize < TFTP_BLKSIZE_DEFAULT)
-+    need_blksize = TFTP_BLKSIZE_DEFAULT;
-+
-   if(!state->rpacket.data) {
--    state->rpacket.data = calloc(1, blksize + 2 + 2);
-+    state->rpacket.data = calloc(1, need_blksize + 2 + 2);
- 
-     if(!state->rpacket.data)
-       return CURLE_OUT_OF_MEMORY;
-   }
- 
-   if(!state->spacket.data) {
--    state->spacket.data = calloc(1, blksize + 2 + 2);
-+    state->spacket.data = calloc(1, need_blksize + 2 + 2);
- 
-     if(!state->spacket.data)
-       return CURLE_OUT_OF_MEMORY;
-@@ -1009,7 +1015,7 @@ static CURLcode tftp_connect(struct conn
-   state->sockfd = state->conn->sock[FIRSTSOCKET];
-   state->state = TFTP_STATE_START;
-   state->error = TFTP_ERR_NONE;
--  state->blksize = blksize;
-+  state->blksize = TFTP_BLKSIZE_DEFAULT; /* Unless updated by OACK response */
-   state->requested_blksize = blksize;
- 
-   ((struct sockaddr *)&state->local_addr)->sa_family =