From: Poonam Jadhav <poonam.jad...@kpit.com> This reverts commit 5eab65275dc9faa0b9a4371d5bcb6e95cfda61cd.
CVE-2023-32001 has been marked "REJECT" in the NVD CVE List as there is no safe measure against it. These CVEs are stored in the NVD, but do not show up in search results. Link: https://nvd.nist.gov/vuln/detail/CVE-2023-32001 Signed-off-by: Poonam Jadhav poonam.jad...@kpit.com Signed-off-by: Steve Sakoman <st...@sakoman.com> --- .../curl/curl/CVE-2023-32001.patch | 39 ------------------- meta/recipes-support/curl/curl_7.82.0.bb | 1 - 2 files changed, 40 deletions(-) delete mode 100644 meta/recipes-support/curl/curl/CVE-2023-32001.patch diff --git a/meta/recipes-support/curl/curl/CVE-2023-32001.patch b/meta/recipes-support/curl/curl/CVE-2023-32001.patch deleted file mode 100644 index 7ea3073755..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2023-32001.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 0c667188e0c6cda615a036b8a2b4125f2c404dde Mon Sep 17 00:00:00 2001 -From: SaltyMilk <soufiane.elmelca...@gmail.com> -Date: Mon, 10 Jul 2023 21:43:28 +0200 -Subject: [PATCH] fopen: optimize - -Closes #11419 - -Upstream-Status: Backport [https://github.com/curl/curl/commit/0c667188e0c6cda615a036b8a2b4125f2c404dde] -CVE: CVE-2023-32001 -Signed-off-by: Ashish Sharma <asha...@mvista.com> - - - lib/fopen.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/lib/fopen.c b/lib/fopen.c -index c9c9e3d6e73a2..b6e3cadddef65 100644 ---- a/lib/fopen.c -+++ b/lib/fopen.c -@@ -56,13 +56,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, - int fd = -1; - *tempname = NULL; - -- if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) { -- /* a non-regular file, fallback to direct fopen() */ -- *fh = fopen(filename, FOPEN_WRITETEXT); -- if(*fh) -- return CURLE_OK; -+ *fh = fopen(filename, FOPEN_WRITETEXT); -+ if(!*fh) - goto fail; -- } -+ if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode)) -+ return CURLE_OK; -+ fclose(*fh); -+ *fh = NULL; - - result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix)); - if(result) diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index a36d03f668..9e9ff00bf7 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -51,7 +51,6 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2023-28321.patch \ file://CVE-2023-28322-1.patch \ file://CVE-2023-28322-2.patch \ - file://CVE-2023-32001.patch \ file://CVE-2023-38545.patch \ file://CVE-2023-38546.patch \ file://CVE-2023-46218.patch \ -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193926): https://lists.openembedded.org/g/openembedded-core/message/193926 Mute This Topic: https://lists.openembedded.org/mt/103788746/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
