diff mbox series

[kirkstone] Revert "curl: Backport fix CVE-2023-32001"

Message ID 20240112053014.21183-1-ppjadhav456@gmail.com
State Accepted, archived
Commit a3b6216bcb3425b6e30ca73488a5eb6ba58e4836
Headers show
Series [kirkstone] Revert "curl: Backport fix CVE-2023-32001" | expand

Commit Message

Poonam Jadhav Jan. 12, 2024, 5:30 a.m. UTC 
From: Poonam Jadhav <poonam.jadhav@kpit.com>

This reverts commit 5eab65275dc9faa0b9a4371d5bcb6e95cfda61cd.

CVE-2023-32001 has been marked "REJECT" in the NVD CVE List as
there is no safe measure against it.
These CVEs are stored in the NVD, but do not show up in search results.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-32001

Signed-off-by: Poonam Jadhav poonam.jadhav@kpit.com
---
 .../curl/curl/CVE-2023-32001.patch            | 39 -------------------
 meta/recipes-support/curl/curl_7.82.0.bb      |  1 -
 2 files changed, 40 deletions(-)
 delete mode 100644 meta/recipes-support/curl/curl/CVE-2023-32001.patch
diff mbox series

Patch

diff --git a/meta/recipes-support/curl/curl/CVE-2023-32001.patch b/meta/recipes-support/curl/curl/CVE-2023-32001.patch
deleted file mode 100644
index 7ea3073755..0000000000
--- a/meta/recipes-support/curl/curl/CVE-2023-32001.patch
+++ /dev/null
@@ -1,39 +0,0 @@ 
-From 0c667188e0c6cda615a036b8a2b4125f2c404dde Mon Sep 17 00:00:00 2001
-From: SaltyMilk <soufiane.elmelcaoui@gmail.com>
-Date: Mon, 10 Jul 2023 21:43:28 +0200
-Subject: [PATCH] fopen: optimize
-
-Closes #11419
-
-Upstream-Status: Backport [https://github.com/curl/curl/commit/0c667188e0c6cda615a036b8a2b4125f2c404dde]
-CVE: CVE-2023-32001
-Signed-off-by: Ashish Sharma <asharma@mvista.com>
-
-
- lib/fopen.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/lib/fopen.c b/lib/fopen.c
-index c9c9e3d6e73a2..b6e3cadddef65 100644
---- a/lib/fopen.c
-+++ b/lib/fopen.c
-@@ -56,13 +56,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
-   int fd = -1;
-   *tempname = NULL;
- 
--  if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) {
--    /* a non-regular file, fallback to direct fopen() */
--    *fh = fopen(filename, FOPEN_WRITETEXT);
--    if(*fh)
--      return CURLE_OK;
-+  *fh = fopen(filename, FOPEN_WRITETEXT);
-+  if(!*fh)
-     goto fail;
--  }
-+  if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode))
-+    return CURLE_OK;
-+  fclose(*fh);
-+  *fh = NULL;
- 
-   result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix));
-   if(result)
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb
index a36d03f668..9e9ff00bf7 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -51,7 +51,6 @@  SRC_URI = "https://curl.se/download/${BP}.tar.xz \
            file://CVE-2023-28321.patch \
            file://CVE-2023-28322-1.patch \
            file://CVE-2023-28322-2.patch \
-           file://CVE-2023-32001.patch \
            file://CVE-2023-38545.patch \
            file://CVE-2023-38546.patch \
            file://CVE-2023-46218.patch \