From: Poonam Jadhav <poonam.jad...@kpit.com>

This reverts commit 5eab65275dc9faa0b9a4371d5bcb6e95cfda61cd.

CVE-2023-32001 has been marked "REJECT" in the NVD CVE List as
there is no safe measure against it.
These CVEs are stored in the NVD, but do not show up in search results.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-32001

Signed-off-by: Poonam Jadhav poonam.jad...@kpit.com
Signed-off-by: Steve Sakoman <st...@sakoman.com>
---
 .../curl/curl/CVE-2023-32001.patch            | 39 -------------------
 meta/recipes-support/curl/curl_7.82.0.bb      |  1 -
 2 files changed, 40 deletions(-)
 delete mode 100644 meta/recipes-support/curl/curl/CVE-2023-32001.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2023-32001.patch 
b/meta/recipes-support/curl/curl/CVE-2023-32001.patch
deleted file mode 100644
index 7ea3073755..0000000000
--- a/meta/recipes-support/curl/curl/CVE-2023-32001.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 0c667188e0c6cda615a036b8a2b4125f2c404dde Mon Sep 17 00:00:00 2001
-From: SaltyMilk <soufiane.elmelca...@gmail.com>
-Date: Mon, 10 Jul 2023 21:43:28 +0200
-Subject: [PATCH] fopen: optimize
-
-Closes #11419
-
-Upstream-Status: Backport 
[https://github.com/curl/curl/commit/0c667188e0c6cda615a036b8a2b4125f2c404dde]
-CVE: CVE-2023-32001
-Signed-off-by: Ashish Sharma <asha...@mvista.com>
-
-
- lib/fopen.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/lib/fopen.c b/lib/fopen.c
-index c9c9e3d6e73a2..b6e3cadddef65 100644
---- a/lib/fopen.c
-+++ b/lib/fopen.c
-@@ -56,13 +56,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char 
*filename,
-   int fd = -1;
-   *tempname = NULL;
- 
--  if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) {
--    /* a non-regular file, fallback to direct fopen() */
--    *fh = fopen(filename, FOPEN_WRITETEXT);
--    if(*fh)
--      return CURLE_OK;
-+  *fh = fopen(filename, FOPEN_WRITETEXT);
-+  if(!*fh)
-     goto fail;
--  }
-+  if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode))
-+    return CURLE_OK;
-+  fclose(*fh);
-+  *fh = NULL;
- 
-   result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix));
-   if(result)
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb 
b/meta/recipes-support/curl/curl_7.82.0.bb
index a36d03f668..9e9ff00bf7 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -51,7 +51,6 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
            file://CVE-2023-28321.patch \
            file://CVE-2023-28322-1.patch \
            file://CVE-2023-28322-2.patch \
-           file://CVE-2023-32001.patch \
            file://CVE-2023-38545.patch \
            file://CVE-2023-38546.patch \
            file://CVE-2023-46218.patch \
-- 
2.34.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193926): 
https://lists.openembedded.org/g/openembedded-core/message/193926
Mute This Topic: https://lists.openembedded.org/mt/103788746/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to