From: Chong Lu <Chong.Lu@windriver.com>
To: "Burton, Ross" <ross.burton@intel.com>
Cc: OE-core <openembedded-core@lists.openembedded.org>
Subject: Re: [PATCH 1/1] curl: Security Advisory - curl - CVE-2014-3613
Date: Mon, 27 Oct 2014 09:46:59 +0800 [thread overview]
Message-ID: <544DA413.1000704@windriver.com> (raw)
In-Reply-To: <CAJTo0LY-oHnKxUrtGUyhA=jPoK5Dcjs==7+YyVTV=6M5Jufesw@mail.gmail.com>
On 10/25/2014 06:16 AM, Burton, Ross wrote:
>
> On 24 October 2014 10:20, Chong Lu <Chong.Lu@windriver.com
> <mailto:Chong.Lu@windriver.com>> wrote:
>
> meta/recipes-support/curl/curl/CVE-2014-3613.patch | 269
> +++++++++++++++++++++
>
>
> ERROR: Command Error: exit status: 1 Output:
> Applying patch CVE-2014-3613.patch
> patching file lib/cookie.c
> patching file tests/data/test1105
> patching file tests/data/test31
> Hunk #1 FAILED at 49.
> 1 out of 2 hunks FAILED -- rejects in file tests/data/test31
> patching file tests/data/test8
> Patch CVE-2014-3613.patch does not apply (enforce with -f)
>
> Please verify that your patch applies to current git master.
>
> Ross
Hi Ross,
This patch includes windows characters.
+diff --git a/tests/data/test31 b/tests/data/test31
+index 38af83b..dfcac04 100644
+--- a/tests/data/test31
++++ b/tests/data/test31
+@@ -49,11 +49,12 @@ Set-Cookie: nodomainnovalue
+ Set-Cookie: nodomain=value; expires=Fri Feb 2 11:56:27 GMT 2035^M
+ Set-Cookie: novalue; domain=reallysilly^M
+ Set-Cookie: test=yes; domain=foo.com; expires=Sat Feb 2 11:56:27 GMT
2030^M
+ Set-Cookie: test2=yes; domain=se; expires=Sat Feb 2 11:56:27 GMT 2030^M
+ Set-Cookie: magic=yessir; path=/silly/; HttpOnly^M
+-Set-Cookie: blexp=yesyes; domain=.0.0.1; domain=.0.0.1; expiry=totally
bad;^M
++Set-Cookie: blexp=yesyes; domain=127.0.0.1; domain=127.0.0.1;
expiry=totally bad;^M
++Set-Cookie: partialip=nono; domain=.0.0.1;^M
+ ^M
You can apply this patch as following steps:
$ git fetch git://git.pokylinux.org/poky-contrib chonglu/curl
$ git cherry-pick FETCH_HEAD
Best Regards
Chong
next prev parent reply other threads:[~2014-10-27 1:47 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-24 9:20 [PATCH 0/1] curl: Security Advisory - curl - CVE-2014-3613 Chong Lu
2014-10-24 9:20 ` [PATCH 1/1] " Chong Lu
2014-10-24 22:16 ` Burton, Ross
2014-10-27 1:46 ` Chong Lu [this message]
2014-10-27 12:52 ` Burton, Ross
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=544DA413.1000704@windriver.com \
--to=chong.lu@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=ross.burton@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.