On Thu, May 5, 2022 at 7:15 AM Steve Sakoman via lists.openembedded.org <[email protected]> wrote: > > On Thu, May 5, 2022 at 6:16 AM Steve Sakoman via > lists.openembedded.org <[email protected]> > wrote: > > > > Thanks for this CVE patch (and the one for libinput) > > > > However this is the wrong mailing list! In the future please tag with > > [OE-core][dunfell] and send to > > [email protected] - otherwise I might miss > > seeing them. > > > > No need to resend this time, I've got them. > > And one, hopefully final comment! Do these vulnerabilities also exist > for the versions in master/kirkstone? If so, you'll need to submit a > patch for master too before I can take them in dunfell and kirkstone.
Well, I guess it wasn't my final comment. Your CVE patches don't apply: ERROR: fribidi-1.0.9-r0 do_patch: Applying patch 'CVE-2022-25308.patch' on target directory '/home/steve/builds/poky-contrib/build/tmp/work/core2-64-poky-linux/fribidi/1.0.9-r0/fribidi-1.0.9' Command Error: 'quilt --quiltrc /home/steve/builds/poky-contrib/build/tmp/work/core2-64-poky-linux/fribidi/1.0.9-r0/recipe-sysroot-native/etc/quiltrc push' exited with 0 Output: Applying patch CVE-2022-25308.patch patching file bin/fribidi-main.c Hunk #1 FAILED at 390. 1 out of 1 hunk FAILED -- rejects in file bin/fribidi-main.c Patch CVE-2022-25308.patch does not apply (enforce with -f) Steve > > On Thu, May 5, 2022 at 2:03 AM Pawan via lists.yoctoproject.org > > <[email protected]> wrote: > > > > > > From: Pawan Badganchi <[email protected]> > > > > > > Add below patches to fix CVE-2022-25308, CVE-2022-25309 and CVE-2022-25310 > > > > > > CVE-2022-25308.patch > > > Link: > > > https://github.com/fribidi/fribidi/commit/ad3a19e6372b1e667128ed1ea2f49919884587e1 > > > > > > CVE-2022-25309.patch > > > Link: > > > https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3 > > > > > > CVE-2022-25310.patch > > > Link:https://github.com/fribidi/fribidi/commit/175850b03e1af251d705c1d04b2b9b3c1c06e48f > > > > > > Signed-off-by: pawan badganchi <[email protected]> > > > --- > > > .../fribidi/fribidi/CVE-2022-25308.patch | 50 +++++++++++++++++++ > > > .../fribidi/fribidi/CVE-2022-25309.patch | 31 ++++++++++++ > > > .../fribidi/fribidi/CVE-2022-25310.patch | 30 +++++++++++ > > > meta/recipes-support/fribidi/fribidi_1.0.9.bb | 3 ++ > > > 4 files changed, 114 insertions(+) > > > create mode 100644 > > > meta/recipes-support/fribidi/fribidi/CVE-2022-25308.patch > > > create mode 100644 > > > meta/recipes-support/fribidi/fribidi/CVE-2022-25309.patch > > > create mode 100644 > > > meta/recipes-support/fribidi/fribidi/CVE-2022-25310.patch > > > > > > diff --git a/meta/recipes-support/fribidi/fribidi/CVE-2022-25308.patch > > > b/meta/recipes-support/fribidi/fribidi/CVE-2022-25308.patch > > > new file mode 100644 > > > index 0000000000..8f2c2ade0e > > > --- /dev/null > > > +++ b/meta/recipes-support/fribidi/fribidi/CVE-2022-25308.patch > > > @@ -0,0 +1,50 @@ > > > +From ad3a19e6372b1e667128ed1ea2f49919884587e1 Mon Sep 17 00:00:00 2001 > > > +From: Akira TAGOH <[email protected]> > > > +Date: Thu, 17 Feb 2022 17:30:12 +0900 > > > +Subject: [PATCH] Fix the stack buffer overflow issue > > > + > > > +strlen() could returns 0. Without a conditional check for len, > > > +accessing S_ pointer with len - 1 may causes a stack buffer overflow. > > > + > > > +AddressSanitizer reports this like: > > > +==1219243==ERROR: AddressSanitizer: stack-buffer-overflow on address > > > 0x7ffdce043c1f at pc 0x000000403547 bp 0x7ffdce0 > > > +43b30 sp 0x7ffdce043b28 > > > +READ of size 1 at 0x7ffdce043c1f thread T0 > > > + #0 0x403546 in main ../bin/fribidi-main.c:393 > > > + #1 0x7f226804e58f in __libc_start_call_main > > > (/lib64/libc.so.6+0x2d58f) > > > + #2 0x7f226804e648 in __libc_start_main_impl > > > (/lib64/libc.so.6+0x2d648) > > > + #3 0x4036f4 in _start (/tmp/fribidi/build/bin/fribidi+0x4036f4) > > > + > > > +Address 0x7ffdce043c1f is located in stack of thread T0 at offset 63 in > > > frame > > > + #0 0x4022bf in main ../bin/fribidi-main.c:193 > > > + > > > + This frame has 5 object(s): > > > + [32, 36) 'option_index' (line 233) > > > + [48, 52) 'base' (line 386) > > > + [64, 65064) 'S_' (line 375) <== Memory access at offset 63 > > > underflows this variable > > > + [65328, 130328) 'outstring' (line 385) > > > + [130592, 390592) 'logical' (line 384) > > > + > > > +This fixes https://github.com/fribidi/fribidi/issues/181 > > > + > > > +CVE: CVE-2022-25308 > > > +Upstream-Status: Backport > > > [https://github.com/fribidi/fribidi/commit/ad3a19e6372b1e667128ed1ea2f49919884587e1] > > > +Signed-off-by: Pawan Badganchi <[email protected]> > > > + > > > +--- > > > + bin/fribidi-main.c | 2 +- > > > + 1 file changed, 1 insertion(+), 1 deletion(-) > > > + > > > +diff --git a/bin/fribidi-main.c b/bin/fribidi-main.c > > > +index 3cf9fe1..3ae4fb6 100644 > > > +--- a/bin/fribidi-main.c > > > ++++ b/bin/fribidi-main.c > > > +@@ -390,7 +390,7 @@ FRIBIDI_END_IGNORE_DEPRECATIONS > > > + S_[sizeof (S_) - 1] = 0; > > > + len = strlen (S_); > > > + /* chop */ > > > +- if (S_[len - 1] == '\n') > > > ++ if (len > 0 && S_[len - 1] == '\n') > > > + { > > > + len--; > > > + S_[len] = '\0'; > > > diff --git a/meta/recipes-support/fribidi/fribidi/CVE-2022-25309.patch > > > b/meta/recipes-support/fribidi/fribidi/CVE-2022-25309.patch > > > new file mode 100644 > > > index 0000000000..0efba3d05c > > > --- /dev/null > > > +++ b/meta/recipes-support/fribidi/fribidi/CVE-2022-25309.patch > > > @@ -0,0 +1,31 @@ > > > +From f22593b82b5d1668d1997dbccd10a9c31ffea3b3 Mon Sep 17 00:00:00 2001 > > > +From: Dov Grobgeld <[email protected]> > > > +Date: Fri, 25 Mar 2022 09:09:49 +0300 > > > +Subject: [PATCH] Protected against garbage in the CapRTL encoder > > > + > > > +CVE: CVE-2022-25309 > > > +Upstream-Status: Backport > > > [https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3] > > > +Signed-off-by: Pawan Badganchi <[email protected]> > > > + > > > +--- > > > + lib/fribidi-char-sets-cap-rtl.c | 7 ++++++- > > > + 1 file changed, 6 insertions(+), 1 deletion(-) > > > + > > > +diff --git a/lib/fribidi-char-sets-cap-rtl.c > > > b/lib/fribidi-char-sets-cap-rtl.c > > > +index b0c0e4a..f74e010 100644 > > > +--- a/lib/fribidi-char-sets-cap-rtl.c > > > ++++ b/lib/fribidi-char-sets-cap-rtl.c > > > +@@ -232,7 +232,12 @@ fribidi_cap_rtl_to_unicode ( > > > + } > > > + } > > > + else > > > +- us[j++] = caprtl_to_unicode[(int) s[i]]; > > > ++ { > > > ++ if ((int)s[i] < 0) > > > ++ us[j++] = '?'; > > > ++ else > > > ++ us[j++] = caprtl_to_unicode[(int) s[i]]; > > > ++ } > > > + } > > > + > > > + return j; > > > diff --git a/meta/recipes-support/fribidi/fribidi/CVE-2022-25310.patch > > > b/meta/recipes-support/fribidi/fribidi/CVE-2022-25310.patch > > > new file mode 100644 > > > index 0000000000..d79a82d648 > > > --- /dev/null > > > +++ b/meta/recipes-support/fribidi/fribidi/CVE-2022-25310.patch > > > @@ -0,0 +1,30 @@ > > > +From 175850b03e1af251d705c1d04b2b9b3c1c06e48f Mon Sep 17 00:00:00 2001 > > > +From: Akira TAGOH <[email protected]> > > > +Date: Thu, 17 Feb 2022 19:06:10 +0900 > > > +Subject: [PATCH] Fix SEGV issue in fribidi_remove_bidi_marks > > > + > > > +Escape from fribidi_remove_bidi_marks() immediately if str is null. > > > + > > > +This fixes https://github.com/fribidi/fribidi/issues/183 > > > + > > > +CVE: CVE-2022-25310 > > > +Upstream-Status: Backport > > > [https://github.com/fribidi/fribidi/commit/175850b03e1af251d705c1d04b2b9b3c1c06e48f] > > > +Signed-off-by: Pawan Badganchi <[email protected]> > > > + > > > +--- > > > + lib/fribidi.c | 2 +- > > > + 1 file changed, 1 insertion(+), 1 deletion(-) > > > + > > > +diff --git a/lib/fribidi.c b/lib/fribidi.c > > > +index f5da0da..70bdab2 100644 > > > +--- a/lib/fribidi.c > > > ++++ b/lib/fribidi.c > > > +@@ -74,7 +74,7 @@ fribidi_remove_bidi_marks ( > > > + fribidi_boolean status = false; > > > + > > > + if UNLIKELY > > > +- (len == 0) > > > ++ (len == 0 || str == NULL) > > > + { > > > + status = true; > > > + goto out; > > > diff --git a/meta/recipes-support/fribidi/fribidi_1.0.9.bb > > > b/meta/recipes-support/fribidi/fribidi_1.0.9.bb > > > index ac9ef88e27..62b7d72812 100644 > > > --- a/meta/recipes-support/fribidi/fribidi_1.0.9.bb > > > +++ b/meta/recipes-support/fribidi/fribidi_1.0.9.bb > > > @@ -10,6 +10,9 @@ LICENSE = "LGPLv2.1+" > > > LIC_FILES_CHKSUM = "file://COPYING;md5=a916467b91076e631dd8edb7424769c7" > > > > > > SRC_URI = > > > "https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.xz \ > > > + file://CVE-2022-25308.patch \ > > > + file://CVE-2022-25309.patch \ > > > + file://CVE-2022-25310.patch \ > > > " > > > SRC_URI[md5sum] = "1b767c259c3cd8e0c8496970f63c22dc" > > > SRC_URI[sha256sum] = > > > "c5e47ea9026fb60da1944da9888b4e0a18854a0e2410bbfe7ad90a054d36e0c7" > > > -- > > > 2.17.1 > > > > > > This message contains information that may be privileged or confidential > > > and is the property of the KPIT Technologies Ltd. It is intended only for > > > the person to whom it is addressed. If you are not the intended > > > recipient, you are not authorized to read, print, retain copy, > > > disseminate, distribute, or use this message or any part thereof. If you > > > receive this message in error, please notify the sender immediately and > > > delete all copies of this message. KPIT Technologies Ltd. does not accept > > > any liability for virus infected mails. > > > > > > > > > > > > > > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#165307): https://lists.openembedded.org/g/openembedded-core/message/165307 Mute This Topic: https://lists.openembedded.org/mt/90914655/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
