[OE-core] [PATCH 1/1] curl: Security Advisory - curl - CVE-2014-3613

[Chong Lu]

On 10/25/2014 06:16 AM, Burton, Ross wrote:
>
> On 24 October 2014 10:20, Chong Lu <Chong.Lu at windriver.com 
> <mailto:Chong.Lu at windriver.com>> wrote:
>
>      meta/recipes-support/curl/curl/CVE-2014-3613.patch | 269
>     +++++++++++++++++++++
>
>
> ERROR: Command Error: exit status: 1  Output:
> Applying patch CVE-2014-3613.patch
> patching file lib/cookie.c
> patching file tests/data/test1105
> patching file tests/data/test31
> Hunk #1 FAILED at 49.
> 1 out of 2 hunks FAILED -- rejects in file tests/data/test31
> patching file tests/data/test8
> Patch CVE-2014-3613.patch does not apply (enforce with -f)
>
> Please verify that your patch applies to current git master.
>
> Ross

Hi Ross,

This patch includes windows characters.

+diff --git a/tests/data/test31 b/tests/data/test31
+index 38af83b..dfcac04 100644
+--- a/tests/data/test31
++++ b/tests/data/test31
+@@ -49,11 +49,12 @@ Set-Cookie: nodomainnovalue
+ Set-Cookie:   nodomain=value; expires=Fri Feb 2 11:56:27 GMT 2035^M
+ Set-Cookie: novalue; domain=reallysilly^M
+ Set-Cookie: test=yes; domain=foo.com; expires=Sat Feb 2 11:56:27 GMT 
2030^M
+ Set-Cookie: test2=yes; domain=se; expires=Sat Feb 2 11:56:27 GMT 2030^M
+ Set-Cookie: magic=yessir; path=/silly/; HttpOnly^M
+-Set-Cookie: blexp=yesyes; domain=.0.0.1; domain=.0.0.1; expiry=totally 
bad;^M
++Set-Cookie: blexp=yesyes; domain=127.0.0.1; domain=127.0.0.1; 
expiry=totally bad;^M
++Set-Cookie: partialip=nono; domain=.0.0.1;^M
+ ^M

You can apply this patch as following steps:
$ git fetch git://git.pokylinux.org/poky-contrib chonglu/curl
$ git cherry-pick FETCH_HEAD

Best Regards
Chong