diff options
| author | Poonam Jadhav <poonam.jadhav@kpit.com> | 2024-01-12 11:00:14 +0530 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2024-01-21 08:50:38 -1000 |
| commit | 33faa4d392e70d417198e4d6a38b1b12531fdd17 (patch) | |
| tree | b3dc57a4fbf9f260ff70c0ea7ac11a4a2f8191a6 | |
| parent | f96bd47ea29321e55904463706d392490640ca0e (diff) | |
| download | poky-33faa4d392e70d417198e4d6a38b1b12531fdd17.tar.gz | |
Revert "curl: Backport fix CVE-2023-32001"
This reverts commit 5eab65275dc9faa0b9a4371d5bcb6e95cfda61cd.
CVE-2023-32001 has been marked "REJECT" in the NVD CVE List as
there is no safe measure against it.
These CVEs are stored in the NVD, but do not show up in search results.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-32001
(From OE-Core rev: a3b6216bcb3425b6e30ca73488a5eb6ba58e4836)
Signed-off-by: Poonam Jadhav poonam.jadhav@kpit.com
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/recipes-support/curl/curl/CVE-2023-32001.patch | 39 | ||||
| -rw-r--r-- | meta/recipes-support/curl/curl_7.82.0.bb | 1 |
2 files changed, 0 insertions, 40 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2023-32001.patch b/meta/recipes-support/curl/curl/CVE-2023-32001.patch deleted file mode 100644 index 7ea3073755..0000000000 --- a/meta/recipes-support/curl/curl/CVE-2023-32001.patch +++ /dev/null | |||
| @@ -1,39 +0,0 @@ | |||
| 1 | From 0c667188e0c6cda615a036b8a2b4125f2c404dde Mon Sep 17 00:00:00 2001 | ||
| 2 | From: SaltyMilk <soufiane.elmelcaoui@gmail.com> | ||
| 3 | Date: Mon, 10 Jul 2023 21:43:28 +0200 | ||
| 4 | Subject: [PATCH] fopen: optimize | ||
| 5 | |||
| 6 | Closes #11419 | ||
| 7 | |||
| 8 | Upstream-Status: Backport [https://github.com/curl/curl/commit/0c667188e0c6cda615a036b8a2b4125f2c404dde] | ||
| 9 | CVE: CVE-2023-32001 | ||
| 10 | Signed-off-by: Ashish Sharma <asharma@mvista.com> | ||
| 11 | |||
| 12 | |||
| 13 | lib/fopen.c | 12 ++++++------ | ||
| 14 | 1 file changed, 6 insertions(+), 6 deletions(-) | ||
| 15 | |||
| 16 | diff --git a/lib/fopen.c b/lib/fopen.c | ||
| 17 | index c9c9e3d6e73a2..b6e3cadddef65 100644 | ||
| 18 | --- a/lib/fopen.c | ||
| 19 | +++ b/lib/fopen.c | ||
| 20 | @@ -56,13 +56,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, | ||
| 21 | int fd = -1; | ||
| 22 | *tempname = NULL; | ||
| 23 | |||
| 24 | - if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) { | ||
| 25 | - /* a non-regular file, fallback to direct fopen() */ | ||
| 26 | - *fh = fopen(filename, FOPEN_WRITETEXT); | ||
| 27 | - if(*fh) | ||
| 28 | - return CURLE_OK; | ||
| 29 | + *fh = fopen(filename, FOPEN_WRITETEXT); | ||
| 30 | + if(!*fh) | ||
| 31 | goto fail; | ||
| 32 | - } | ||
| 33 | + if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode)) | ||
| 34 | + return CURLE_OK; | ||
| 35 | + fclose(*fh); | ||
| 36 | + *fh = NULL; | ||
| 37 | |||
| 38 | result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix)); | ||
| 39 | if(result) | ||
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index a36d03f668..9e9ff00bf7 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb | |||
| @@ -51,7 +51,6 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ | |||
| 51 | file://CVE-2023-28321.patch \ | 51 | file://CVE-2023-28321.patch \ |
| 52 | file://CVE-2023-28322-1.patch \ | 52 | file://CVE-2023-28322-1.patch \ |
| 53 | file://CVE-2023-28322-2.patch \ | 53 | file://CVE-2023-28322-2.patch \ |
| 54 | file://CVE-2023-32001.patch \ | ||
| 55 | file://CVE-2023-38545.patch \ | 54 | file://CVE-2023-38545.patch \ |
| 56 | file://CVE-2023-38546.patch \ | 55 | file://CVE-2023-38546.patch \ |
| 57 | file://CVE-2023-46218.patch \ | 56 | file://CVE-2023-46218.patch \ |