From f446d9b9ff1db370d47e068d2a074f2b0830f02d Mon Sep 17 00:00:00 2001 From: Max Rees Date: Thu, 12 Sep 2019 02:15:41 -0500 Subject: system/curl: [CVE] bump to 7.66.0, fix network access violation --- ...do-bounds-check-using-a-double-comparison.patch | 32 ---------------------- 1 file changed, 32 deletions(-) delete mode 100644 system/curl/curl-do-bounds-check-using-a-double-comparison.patch (limited to 'system/curl/curl-do-bounds-check-using-a-double-comparison.patch') diff --git a/system/curl/curl-do-bounds-check-using-a-double-comparison.patch b/system/curl/curl-do-bounds-check-using-a-double-comparison.patch deleted file mode 100644 index 34e2b6c71..000000000 --- a/system/curl/curl-do-bounds-check-using-a-double-comparison.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 45a560390c4356bcb81d933bbbb229c8ea2acb63 Mon Sep 17 00:00:00 2001 -From: Adam Sampson -Date: Wed, 9 Aug 2017 14:11:17 +0100 -Subject: [PATCH] curl: do bounds check using a double comparison - -The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't -complete: if the parsed number in num is larger than will fit in a long, -the conversion is undefined behaviour (causing test1427 to fail for me -on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7). Getting -rid of the cast means the comparison will be done using doubles. - -It might make more sense for the max argument to also be a double... - -Fixes #1750 -Closes #1749 ---- - src/tool_paramhlp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c -index b9dedc989e..85c5e79a7e 100644 ---- a/src/tool_paramhlp.c -+++ b/src/tool_paramhlp.c -@@ -218,7 +218,7 @@ static ParameterError str2double(double *val, const char *str, long max) - num = strtod(str, &endptr); - if(errno == ERANGE) - return PARAM_NUMBER_TOO_LARGE; -- if((long)num > max) { -+ if(num > max) { - /* too large */ - return PARAM_NUMBER_TOO_LARGE; - } -- cgit v1.2.3-70-g09d2