mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-01-29 21:08:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Revert "curl: Backport fix CVE-2023-32001"

Browse Source 
This reverts commit 5eab65275d.

CVE-2023-32001 has been marked "REJECT" in the NVD CVE List as
there is no safe measure against it.
These CVEs are stored in the NVD, but do not show up in search results.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-32001

(From OE-Core rev: a3b6216bcb3425b6e30ca73488a5eb6ba58e4836)

Signed-off-by: Poonam Jadhav poonam.jadhav@kpit.com
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Poonam Jadhav
2024-01-12 11:00:14 +05:30
committed by Steve Sakoman
parent f96bd47ea2
commit 33faa4d392
2 changed files with 0 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
meta/recipes-support/curl/curl/CVE-2023-32001.patch
View File

@@ -1,39 +0,0 @@
From 0c667188e0c6cda615a036b8a2b4125f2c404dde Mon Sep 17 00:00:00 2001
From: SaltyMilk <soufiane.elmelcaoui@gmail.com>
Date: Mon, 10 Jul 2023 21:43:28 +0200
Subject: [PATCH] fopen: optimize
Closes #11419
Upstream-Status: Backport [https://github.com/curl/curl/commit/0c667188e0c6cda615a036b8a2b4125f2c404dde]
CVE: CVE-2023-32001
Signed-off-by: Ashish Sharma <asharma@mvista.com>
lib/fopen.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/lib/fopen.c b/lib/fopen.c
index c9c9e3d6e73a2..b6e3cadddef65 100644
--- a/lib/fopen.c
+++ b/lib/fopen.c
@@ -56,13 +56,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename,
int fd = -1;
*tempname = NULL;
- if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) {
- /* a non-regular file, fallback to direct fopen() */
- *fh = fopen(filename, FOPEN_WRITETEXT);
- if(*fh)
- return CURLE_OK;
+ *fh = fopen(filename, FOPEN_WRITETEXT);
+ if(!*fh)
goto fail;
- }
+ if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode))
+ return CURLE_OK;
+ fclose(*fh);
+ *fh = NULL;
result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix));
if(result)

1
meta/recipes-support/curl/curl_7.82.0.bb
View File

@@ -51,7 +51,6 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
file://CVE-2023-28321.patch \
file://CVE-2023-28322-1.patch \
file://CVE-2023-28322-2.patch \
file://CVE-2023-32001.patch \
file://CVE-2023-38545.patch \
file://CVE-2023-38546.patch \
file://CVE-2023-46218.patch \