Thanks for the update ...!!! On Tue, Jun 13, 2023 at 7:20 PM Steve Sakoman <[email protected]> wrote:
> On Mon, Jun 12, 2023 at 10:24 PM Vijay Anusuri <[email protected]> > wrote: > > > Any update on this ? > > I'm the maintainer for oe-core and this is a meta-oe patch, so I > believe Armin is the right person for an update :-) > > Steve > > > On Mon, Jun 5, 2023 at 12:49 PM Vijay Anusuri via lists.openembedded.org > <[email protected]> wrote: > >> > >> From: Vijay Anusuri <[email protected]> > >> > >> Upstream-Status: Backport > >> [ > https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce > >> & > >> > https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b > ] > >> > >> Signed-off-by: Vijay Anusuri <[email protected]> > >> --- > >> .../openldap/openldap/CVE-2023-2953-1.patch | 30 ++++++++ > >> .../openldap/openldap/CVE-2023-2953-2.patch | 76 +++++++++++++++++++ > >> .../openldap/openldap_2.4.57.bb | 2 + > >> 3 files changed, 108 insertions(+) > >> create mode 100644 > meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch > >> create mode 100644 > meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch > >> > >> diff --git > a/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch > b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch > >> new file mode 100644 > >> index 000000000..f4b4eb95d > >> --- /dev/null > >> +++ b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch > >> @@ -0,0 +1,30 @@ > >> +From 752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce Mon Sep 17 00:00:00 2001 > >> +From: Howard Chu <[email protected]> > >> +Date: Wed, 24 Aug 2022 14:40:51 +0100 > >> +Subject: [PATCH] ITS#9904 ldif_open_url: check for ber_strdup failure > >> + > >> +Code present since 1999, df8f7cbb9b79be3be9205d116d1dd0b263d6861a > >> + > >> +Upstream-Status: Backport [ > https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce > ] > >> +CVE: CVE-2023-2953 > >> +Signed-off-by: Vijay Anusuri <[email protected]> > >> +--- > >> + libraries/libldap/fetch.c | 2 ++ > >> + 1 file changed, 2 insertions(+) > >> + > >> +diff --git a/libraries/libldap/fetch.c b/libraries/libldap/fetch.c > >> +index 9e426dc647..536871bcfe 100644 > >> +--- a/libraries/libldap/fetch.c > >> ++++ b/libraries/libldap/fetch.c > >> +@@ -69,6 +69,8 @@ ldif_open_url( > >> + } > >> + > >> + p = ber_strdup( urlstr ); > >> ++ if ( p == NULL ) > >> ++ return NULL; > >> + > >> + /* But we should convert to LDAP_DIRSEP before use */ > >> + if ( LDAP_DIRSEP[0] != '/' ) { > >> +-- > >> +GitLab > >> + > >> diff --git > a/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch > b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch > >> new file mode 100644 > >> index 000000000..02c43bc44 > >> --- /dev/null > >> +++ b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch > >> @@ -0,0 +1,76 @@ > >> +From 6563fab9e2feccb0a684d0398e78571d09fb808b Mon Sep 17 00:00:00 2001 > >> +From: Howard Chu <[email protected]> > >> +Date: Thu, 25 Aug 2022 16:13:21 +0100 > >> +Subject: [PATCH] ITS#9904 ldap_url_parsehosts: check for strdup failure > >> + > >> +Avoid unnecessary strdup in IPv6 addr parsing, check for strdup > >> +failure when dup'ing scheme. > >> + > >> +Code present since 2000, 8da110a9e726dbc612b302feafe0109271e6bc59 > >> + > >> +Upstream-Status: Backport [ > https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b > ] > >> +CVE: CVE-2023-2953 > >> +Signed-off-by: Vijay Anusuri <[email protected]> > >> +--- > >> + libraries/libldap/url.c | 21 ++++++++++++--------- > >> + 1 file changed, 12 insertions(+), 9 deletions(-) > >> + > >> +diff --git a/libraries/libldap/url.c b/libraries/libldap/url.c > >> +index dcf2aac9e8..493fd7ce47 100644 > >> +--- a/libraries/libldap/url.c > >> ++++ b/libraries/libldap/url.c > >> +@@ -1385,24 +1385,22 @@ ldap_url_parsehosts( > >> + } > >> + ludp->lud_port = port; > >> + ludp->lud_host = specs[i]; > >> +- specs[i] = NULL; > >> + p = strchr(ludp->lud_host, ':'); > >> + if (p != NULL) { > >> + /* more than one :, IPv6 address */ > >> + if ( strchr(p+1, ':') != NULL ) { > >> + /* allow [address] and [address]:port */ > >> + if ( *ludp->lud_host == '[' ) { > >> +- p = > LDAP_STRDUP(ludp->lud_host+1); > >> +- /* copied, make sure we free > source later */ > >> +- specs[i] = ludp->lud_host; > >> +- ludp->lud_host = p; > >> +- p = strchr( ludp->lud_host, ']' > ); > >> ++ p = strchr( ludp->lud_host+1, > ']' ); > >> + if ( p == NULL ) { > >> + LDAP_FREE(ludp); > >> + > ldap_charray_free(specs); > >> + return LDAP_PARAM_ERROR; > >> + } > >> +- *p++ = '\0'; > >> ++ /* Truncate trailing ']' and > shift hostname down 1 char */ > >> ++ *p = '\0'; > >> ++ AC_MEMCPY( ludp->lud_host, > ludp->lud_host+1, p - ludp->lud_host ); > >> ++ p++; > >> + if ( *p != ':' ) { > >> + if ( *p != '\0' ) { > >> + LDAP_FREE(ludp); > >> +@@ -1428,14 +1426,19 @@ ldap_url_parsehosts( > >> + } > >> + } > >> + } > >> +- ldap_pvt_hex_unescape(ludp->lud_host); > >> + ludp->lud_scheme = LDAP_STRDUP("ldap"); > >> ++ if ( ludp->lud_scheme == NULL ) { > >> ++ LDAP_FREE(ludp); > >> ++ ldap_charray_free(specs); > >> ++ return LDAP_NO_MEMORY; > >> ++ } > >> ++ specs[i] = NULL; > >> ++ ldap_pvt_hex_unescape(ludp->lud_host); > >> + ludp->lud_next = *ludlist; > >> + *ludlist = ludp; > >> + } > >> + > >> + /* this should be an array of NULLs now */ > >> +- /* except entries starting with [ */ > >> + ldap_charray_free(specs); > >> + return LDAP_SUCCESS; > >> + } > >> +-- > >> +GitLab > >> + > >> diff --git a/meta-oe/recipes-support/openldap/openldap_2.4.57.bb > b/meta-oe/recipes-support/openldap/openldap_2.4.57.bb > >> index e3e9caa1b..1e7e6b3d7 100644 > >> --- a/meta-oe/recipes-support/openldap/openldap_2.4.57.bb > >> +++ b/meta-oe/recipes-support/openldap/openldap_2.4.57.bb > >> @@ -24,6 +24,8 @@ SRC_URI = " > http://www.openldap.org/software/download/OpenLDAP/openldap-release/$ > >> file://openldap-CVE-2015-3276.patch \ > >> file://remove-user-host-pwd-from-version.patch \ > >> file://CVE-2022-29155.patch \ > >> + file://CVE-2023-2953-1.patch \ > >> + file://CVE-2023-2953-2.patch \ > >> " > >> SRC_URI[md5sum] = "e3349456c3a66e5e6155be7ddc3f042c" > >> SRC_URI[sha256sum] = > "c7ba47e1e6ecb5b436f3d43281df57abeffa99262141aec822628bc220f6b45a" > >> -- > >> 2.25.1 > >> > >> > >> > >> >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#103270): https://lists.openembedded.org/g/openembedded-devel/message/103270 Mute This Topic: https://lists.openembedded.org/mt/99335615/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
