Re: [OE-Core][master][scarthgap][kirkstone][PATCH] systemd-systemctl: Add extra log for easy of debugging

[Ranjitsinh Rathod via lists.openembedded.org]

Hello,

Can this be taken?


Thanks,

Best Regards,

Ranjitsinh Rathod
Technical Leader |  | KPIT Technologies Ltd.
Cellphone: +91-84606 92403
__
KPIT | Follow us on LinkedIn

[cid:d13f4dea-2c1f-4dbf-b67c-75b7c0051437]


From: Ranjitsinh Rathod 
Sent: Wednesday, May 15, 2024 3:15 PM
To: openembedded-core@lists.openembedded.org 

Cc: Ranjitsinh Rathod 
Subject: [OE-Core][master][scarthgap][kirkstone][PATCH] systemd-systemctl: Add 
extra log for easy of debugging

Caution: This email originated from outside of the KPIT. Do not click links or 
open attachments unless you recognize the sender and know the content is safe.

From: Ranjitsinh Rathod 

Signed-off-by: Ranjitsinh Rathod 
Signed-off-by: Ranjitsinh Rathod 
---
 meta/recipes-core/systemd/systemd-systemctl/systemctl | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/meta/recipes-core/systemd/systemd-systemctl/systemctl 
b/meta/recipes-core/systemd/systemd-systemctl/systemctl
index 2229bc7b6d..4389556910 100755
--- a/meta/recipes-core/systemd/systemd-systemctl/systemctl
+++ b/meta/recipes-core/systemd/systemd-systemctl/systemctl
@@ -31,6 +31,7 @@ class SystemdFile():

 def __init__(self, root, path, instance_unit_name):
 self.sections = dict()
+print(f"Parsing unit: {path}", file=sys.stderr)
 self._parse(root, path)
 dirname = os.path.basename(path.name) + ".d"
 for location in locations:
@@ -39,6 +40,7 @@ class SystemdFile():
 inst_dirname = instance_unit_name + ".d"
 files = chain(files, (root / location / "system" / 
inst_dirname).glob("*.conf"))
 for path2 in sorted(files):
+print(f"Parsing unit's override: {path2}", file=sys.stderr)
 self._parse(root, path2)

 def _parse(self, root, path):
@@ -88,6 +90,11 @@ class SystemdFile():
 # forget all preceding assignments. This works because we are
 # processing files in correct parse order.
 if k in self._clearable_keys and not v:
+print(
+f"The directive '{k}' is empty, therefore the values 
'{section[k]}' "
+"are going to be discarded",
+file=sys.stderr,
+)
 del section[k]
 continue

--
2.25.1

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#200054): 
https://lists.openembedded.org/g/openembedded-core/message/200054
Mute This Topic: https://lists.openembedded.org/mt/10619/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-Core][dunfell][PATCH] gnutls: Backport of CVE-2024-0567

[Ranjitsinh Rathod via lists.openembedded.org]

Hi Anuj,

I didn't checked after applying patch if the crash went away or not.


Thanks,

Best Regards,

Ranjitsinh Rathod
Technical Leader |  | KPIT Technologies Ltd.
Cellphone: +91-84606 92403
__
KPIT | Follow us on LinkedIn

[cid:b5864a47-0d77-4ed4-88b7-4211465b5226]


From: openembedded-core@lists.openembedded.org 
 on behalf of Anuj Mittal via 
lists.openembedded.org 
Sent: Friday, February 23, 2024 2:21 PM
To: ranjitsinhrathod1...@gmail.com ; 
openembedded-core@lists.openembedded.org 

Cc: Ranjitsinh Rathod 
Subject: Re: [OE-Core][dunfell][PATCH] gnutls: Backport of CVE-2024-0567

Caution: This email originated from outside of the KPIT. Do not click links or 
open attachments unless you recognize the sender and know the content is safe.

Hi

On Fri, 2024-02-23 at 13:42 +0530, Ranjitsinh Rathod wrote:
> From: Ranjitsinh Rathod 
>
> A vulnerability was found in GnuTLS, where a cockpit (which uses
> gnuTLS)
> rejects a certificate chain with distributed trust. This issue occurs
> when validating a certificate chain with cockpit-certificate-ensure.
> This flaw allows an unauthenticated, remote client or attacker to
> initiate a denial of service attack.
>
> Link: 
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2024-0567=05%7C02%7Cranjitsinh.rathod%40kpit.com%7C3469f6cc73444e4b431508dc344ca848%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638442751081633877%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C=joGRSbtXT4Vqw3ElPAMUGhl0Cib%2FJaFZmyjBOunskuY%3D=0
> Link: 
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitlab.com%2Fgnutls%2Fgnutls%2F-%2Fissues%2F1521=05%7C02%7Cranjitsinh.rathod%40kpit.com%7C3469f6cc73444e4b431508dc344ca848%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638442751081640347%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C=cdib7a%2F6vvTJrC9Yf190DawOxodPO%2FysRQ%2FaRJI9b90%3D=0

Did you check whether the reproducer in this issue crashes for this
version of GnuTLS as well and gets fixed after applying this modified
patch? The code looks different so it'd be good to check if you haven't
already.

It doesn't seem to be reproducible in 3.6.13 for Ubuntu:
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fubuntu.com%2Fsecurity%2FCVE-2024-0567=05%7C02%7Cranjitsinh.rathod%40kpit.com%7C3469f6cc73444e4b431508dc344ca848%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638442751081643577%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C=OpxR0vIp%2B6sSpGm76IluOr%2FMELATaaM391d8cN1tukc%3D=0

Thanks,

Anuj

> Link:
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitlab.com%2Fgnutls%2Fgnutls%2F-%2Fcommit%2F9edbdaa84e38b1bfb53a7d72c1de44f8de373405=05%7C02%7Cranjitsinh.rathod%40kpit.com%7C3469f6cc73444e4b431508dc344ca848%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638442751081646751%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C=7YDtrJZ2GMG7YwOZ78BPAYJiEn5QfVhjQIPo2lsR5PI%3D=0
>
> Signed-off-by: Ranjitsinh Rathod 
> Signed-off-by: Ranjitsinh Rathod 
> ---
>  .../gnutls/gnutls/CVE-2024-0567.patch | 190
> ++
>  meta/recipes-support/gnutls/gnutls_3.6.14.bb  |   1 +
>  2 files changed, 191 insertions(+)
>  create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2024-
> 0567.patch
>
> diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2024-0567.patch
> b/meta/recipes-support/gnutls/gnutls/CVE-2024-0567.patch
> new file mode 100644
> index 00..1580cab277
> --- /dev/null
> +++ b/meta/recipes-support/gnutls/gnutls/CVE-2024-0567.patch
> @@ -0,0 +1,190 @@
> +From 9edbdaa84e38b1bfb53a7d72c1de44f8de373405 Mon Sep 17 00:00:00
> 2001
> +From: Daiki Ueno 
> +Date: Thu, 11 Jan 2024 15:45:11 +0900
> +Subject: [PATCH] x509: detect loop in certificate chain
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +There can be a loop in a certificate chain, when multiple CA
> +certificates are cross-signed with each other, such as A → B, B → C,
> +and C → A.  Previously, the verification logic was not capable of
> +handling this scenario while sorting the certificates in the chain
> in
> +_gnutls_sort_clist, resulting in an assertion failure.  This patch
> +properly detects such loop and aborts further processing in a
> graceful
> +manner.
> +
> +Signed-off-by: Daiki Ueno 
> +
> +CVE: CVE-2024-0567
> +Upstream-Status: Backport
> 

Re: [OE-core] [dunfell][PATCH] openssl: Upgrade 1.1.1v -> 1.1.1w

[Ranjitsinh Rathod via lists.openembedded.org]

On Wed, Oct 11, 2023 at 01:21 PM, Alexander Kanavin wrote:

> 
> Note that with this release, openssl 1.1.1 reaches end of life:

Yes, but this we can take in the dunfell, right?

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188945): 
https://lists.openembedded.org/g/openembedded-core/message/188945
Mute This Topic: https://lists.openembedded.org/mt/101796386/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][kirkstone][PATCH] curl: Correction for CVE-2023-27536

[Ranjitsinh Rathod via lists.openembedded.org]

Hi @Steve Sakoman,

I request to not take this patch in the kirkstone as it seems we are still 
checking on the data type which we changed from long to unsigned char.
It seems that this variable was 'long' only in the curl version which we have 
in the kirkstone.

Of cource the link is wrong and so Sourav will send new patch v2.


Thanks,

Best Regards,

Ranjitsinh Rathod
Technical Leader |  | KPIT Technologies Ltd.
Cellphone: +91-84606 92403
__
KPIT | Follow us on LinkedIn

[cid:ace8ed97-4ea1-4d8e-8315-9e5de4c42502]


From: openembedded-core@lists.openembedded.org 
 on behalf of Sourav Kumar Pramanik 
via lists.openembedded.org 

Sent: Friday, May 26, 2023 2:08 PM
To: openembedded-core@lists.openembedded.org 
; pramanik.souravku...@gmail.com 

Cc: Ranjitsinh Rathod ; Omkar Patil 

Subject: [OE-core][kirkstone][PATCH] curl: Correction for CVE-2023-27536

Caution: This email originated from outside of the KPIT. Do not click links or 
open attachments unless you recognize the sender and know the content is safe.

From: Omkar Patil 

Correction of backport link inside the patch with correct commit link as
below
Link: 
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcurl%2Fcurl%2Fcommit%2Fcb49e67303dbafbab1cebf4086e3ec15b7d56ee5=05%7C01%7Cranjitsinh.rathod%40kpit.com%7C7adc60802fd54cbd9b0c08db5dc4abf2%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638206871527044313%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=NH5veabZDDhqCO2JtlUvnfELKHXLOJFOULlA%2FcZFiBA%3D=0

Variable type change from long to unsigned char as per the original
patch

Signed-off-by: Sourav Kumar Pramanik 
---
 meta/recipes-support/curl/curl/CVE-2023-27536.patch | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-support/curl/curl/CVE-2023-27536.patch 
b/meta/recipes-support/curl/curl/CVE-2023-27536.patch
index fb3ee6a14d..51a5c0eef1 100644
--- a/meta/recipes-support/curl/curl/CVE-2023-27536.patch
+++ b/meta/recipes-support/curl/curl/CVE-2023-27536.patch
@@ -3,7 +3,7 @@ From: Daniel Stenberg 
 Date: Fri, 10 Mar 2023 09:22:43 +0100
 Subject: [PATCH] url: only reuse connections with same GSS delegation

-Upstream-Status: Backport from 
[https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcurl%2Fcurl%2Fcommit%2Faf369db4d3833272b8ed443f7fcc2e757a0872eb=05%7C01%7Cranjitsinh.rathod%40kpit.com%7C7adc60802fd54cbd9b0c08db5dc4abf2%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638206871527200533%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=JxYwhvpTusRONt5yI1HRI4elSpLHpAdcOLNdVAMg2w8%3D=0]
+Upstream-Status: Backport from 
[https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcurl%2Fcurl%2Fcommit%2Fcb49e67303dbafbab1cebf4086e3ec15b7d56ee5=05%7C01%7Cranjitsinh.rathod%40kpit.com%7C7adc60802fd54cbd9b0c08db5dc4abf2%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638206871527200533%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=vu9ivxrR8hez8PSMdXyyJJ7NYu2cUcLc9PD6%2BAEy5KI%3D=0]
 CVE: CVE-2023-27536
 Signed-off-by: Signed-off-by: Mingli Yu 
 Signed-off-by: Siddharth Doshi 
@@ -44,7 +44,7 @@ index 6e6122a..602c735 100644
int socks5_gssapi_enctype;
  #endif
unsigned short localport;
-+  long gssapi_delegation; /* inherited from set.gssapi_delegation */
++  unsigned char gssapi_delegation; /* inherited from set.gssapi_delegation */
  };

  /* The end of connectdata. */
--
2.25.1

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181920): 
https://lists.openembedded.org/g/openembedded-core/message/181920
Mute This Topic: https://lists.openembedded.org/mt/99146414/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][dunfell][PATCH v2] libx11: fix CVE-2022-3555 memory leak in _XFreeX11XCBStructure() of xcb_disp.c

[Ranjitsinh Rathod via lists.openembedded.org]

Hi all,

When I see the below link from NVD, latest analysis shows that this CVE is nota 
security bug.
Link - https://nvd.nist.gov/vuln/detail/CVE-2022-3555

I have a question to all that do we really need to fix this as security issue?

@Steve, What do you suggest?
I have also come across some other CVEs for binutils which were rejected by 
NVD. The thing is NVD rejected these CVEs, but it is still showing as Unpatched 
by cve-tool in Yocto.
https://nvd.nist.gov/vuln/detail/CVE-2022-38126
https://nvd.nist.gov/vuln/detail/CVE-2022-38127
https://nvd.nist.gov/vuln/detail/CVE-2022-38128


Thanks,

Best Regards,

Ranjitsinh Rathod
Technical Leader |  | KPIT Technologies Ltd.
Cellphone: +91-84606 92403
__
KPIT | Follow us on LinkedIn

[cid:e0128951-b618-4505-9e30-df1720772724]


From: openembedded-core@lists.openembedded.org 
 on behalf of vkumbhar via 
lists.openembedded.org 
Sent: Thursday, November 17, 2022 11:55 AM
To: openembedded-core@lists.openembedded.org 

Cc: Vivek Kumbhar 
Subject: [OE-core][dunfell][PATCH v2] libx11: fix CVE-2022-3555 memory leak in 
_XFreeX11XCBStructure() of xcb_disp.c

Caution: This email originated from outside of the KPIT. Do not click links or 
open attachments unless you recognize the sender and know the content is safe.

From: Vivek Kumbhar 

Upstream-Status: Backport 
[https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitlab.freedesktop.org%2Fxorg%2Flib%2Flibx11%2F-%2Fcommit%2F8a368d808fec166b5fb3dfe6312aab22c7ee20afdata=05%7C01%7Cranjitsinh.rathod%40kpit.com%7C3e0855325f3b4933ce4108dac864a287%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638042631831458383%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7Csdata=unGI59Cc2Rqxlr3JY6eu%2BU72w5p%2FmZOpcn5b7WhNlno%3Dreserved=0]

Signed-off-by: Vivek Kumbhar 
---
 .../xorg-lib/libx11/CVE-2022-3555.patch   | 38 +++
 .../recipes-graphics/xorg-lib/libx11_1.6.9.bb |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2022-3555.patch

diff --git a/meta/recipes-graphics/xorg-lib/libx11/CVE-2022-3555.patch 
b/meta/recipes-graphics/xorg-lib/libx11/CVE-2022-3555.patch
new file mode 100644
index 00..82309e7f62
--- /dev/null
+++ b/meta/recipes-graphics/xorg-lib/libx11/CVE-2022-3555.patch
@@ -0,0 +1,38 @@
+From 5f43fbe704d32a6934bb3b3957feb85c20414ad9 Mon Sep 17 00:00:00 2001
+From: Vivek Kumbhar 
+Date: Thu, 17 Nov 2022 11:33:01 +0530
+Subject: [PATCH] CVE-2022-3555
+
+Upstream-Status: Backport 
[https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitlab.freedesktop.org%2Fxorg%2Flib%2Flibx11%2F-%2Fcommit%2F8a368d808fec166b5fb3dfe6312aab22c7ee20afdata=05%7C01%7Cranjitsinh.rathod%40kpit.com%7C3e0855325f3b4933ce4108dac864a287%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638042631831458383%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7Csdata=unGI59Cc2Rqxlr3JY6eu%2BU72w5p%2FmZOpcn5b7WhNlno%3Dreserved=0]
+CVE: CVE-2022-3555
+Signed-off-by: Vivek Kumbhar 
+
+Fix two memory leaks in _XFreeX11XCBStructure()
+
+Even when XCloseDisplay() was called, some memory was leaked.
+
+XCloseDisplay() calls _XFreeDisplayStructure(), which calls
+_XFreeX11XCBStructure().
+
+However, _XFreeX11XCBStructure() did not destroy the condition variables,
+resulting in the leaking of some 40 bytes.
+---
+ src/xcb_disp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/xcb_disp.c b/src/xcb_disp.c
+index 0fa40de..03fa1e8 100644
+--- a/src/xcb_disp.c
 b/src/xcb_disp.c
+@@ -102,6 +102,8 @@ void _XFreeX11XCBStructure(Display *dpy)
+   dpy->xcb->pending_requests = tmp->next;
+   free(tmp);
+   }
++  xcondition_clear(dpy->xcb->event_notify);
++  xcondition_clear(dpy->xcb->reply_notify);
+   xcondition_free(dpy->xcb->event_notify);
+   xcondition_free(dpy->xcb->reply_notify);
+   Xfree(dpy->xcb);
+--
+2.25.1
+
diff --git a/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb 
b/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb
index 72ab1d4150..ad3fab1204 100644
--- a/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb
+++ b/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb
@@ -17,6 +17,7 @@ SRC_URI += "file://Fix-hanging-issue-in-_XReply.patch \
 file://CVE-2020-14363.patch \
 file://CVE-2021-31535.patch \
 file://CVE-2022-3554.patch \
+file://CVE-2022-3555.patch \
 "

 SRC_URI[md5sum] = "55adbfb6d4370ecac5e70598c4e7eed2"
--
2.25.1

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, 

[OE-Core][dunfell][PATCH] systemd: Fix CVE-2022-3821 issue

[Ranjitsinh Rathod via lists.openembedded.org]

Hi Steve,

Please find the attached patch for the fix of CVE-2022-3821 systemd issue.


Thanks,

Best Regards,

Ranjitsinh Rathod
Technical Leader |  | KPIT Technologies Ltd.
Cellphone: +91-84606 92403
__
KPIT | Follow us on LinkedIn

[cid:e288ceda-9a3c-4ca2-9baa-977086c61d5a]

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.
From 73b9368919ed97009ee4c495837cda8ff3fa1b85 Mon Sep 17 00:00:00 2001
From: Ranjitsinh Rathod 
Date: Mon, 14 Nov 2022 20:20:23 +0530
Subject: [PATCH] systemd: Fix CVE-2022-3821 issue

An off-by-one Error issue was discovered in Systemd in format_timespan()
function of time-util.c. An attacker could supply specific values for
time and accuracy that leads to buffer overrun in format_timespan(),
leading to a Denial of Service.
Add a patch to solve above CVE issue
Link: https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e

Signed-off-by: Ranjitsinh Rathod 
---
 .../systemd/systemd/CVE-2022-3821.patch   | 47 +++
 meta/recipes-core/systemd/systemd_244.5.bb|  1 +
 2 files changed, 48 insertions(+)
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2022-3821.patch

diff --git a/meta/recipes-core/systemd/systemd/CVE-2022-3821.patch b/meta/recipes-core/systemd/systemd/CVE-2022-3821.patch
new file mode 100644
index 00..f9c6704cfc
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/CVE-2022-3821.patch
@@ -0,0 +1,47 @@
+From 9102c625a673a3246d7e73d8737f3494446bad4e Mon Sep 17 00:00:00 2001
+From: Yu Watanabe 
+Date: Thu, 7 Jul 2022 18:27:02 +0900
+Subject: [PATCH] time-util: fix buffer-over-run
+
+Fixes #23928.
+
+CVE: CVE-2022-3821
+Upstream-Status: Backport [https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e.patch]
+Signed-off-by: Ranjitsinh Rathod 
+Comment: Both the hunks refreshed to backport
+
+---
+ src/basic/time-util.c | 2 +-
+ src/test/test-time-util.c | 5 +
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/basic/time-util.c b/src/basic/time-util.c
+index abbc4ad5cd70..26d59de12348 100644
+--- a/src/basic/time-util.c
 b/src/basic/time-util.c
+@@ -514,7 +514,7 @@ char *format_timespan(char *buf, size_t
+ t = b;
+ }
+ 
+-n = MIN((size_t) k, l);
++n = MIN((size_t) k, l-1);
+ 
+ l -= n;
+ p += n;
+diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c
+index e8e4e2a67bb1..58c5fa9be40c 100644
+--- a/src/test/test-time-util.c
 b/src/test/test-time-util.c
+@@ -501,6 +501,12 @@ int main(int argc, char *argv[]) {
+ test_format_timespan(1);
+ test_format_timespan(USEC_PER_MSEC);
+ test_format_timespan(USEC_PER_SEC);
++
++/* See issue #23928. */
++_cleanup_free_ char *buf;
++assert_se(buf = new(char, 5));
++assert_se(buf == format_timespan(buf, 5, 15, 1000));
++
+ test_timezone_is_valid();
+ test_get_timezones();
+ test_usec_add();
diff --git a/meta/recipes-core/systemd/systemd_244.5.bb b/meta/recipes-core/systemd/systemd_244.5.bb
index f3e5395465..77ef2bc42f 100644
--- a/meta/recipes-core/systemd/systemd_244.5.bb
+++ b/meta/recipes-core/systemd/systemd_244.5.bb
@@ -33,6 +33,7 @@ SRC_URI += "file://touchscreen.rules \
file://CVE-2021-3997-1.patch \
file://CVE-2021-3997-2.patch \
file://CVE-2021-3997-3.patch \
+   file://CVE-2022-3821.patch \
"
 
 # patches needed by musl
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#173351): 
https://lists.openembedded.org/g/openembedded-core/message/173351
Mute This Topic: https://lists.openembedded.org/mt/95045655/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-Core][dunfell][PATCH] expat: Fix CVE-2022-43680 for expat

[Ranjitsinh Rathod via lists.openembedded.org]

Hi Steve,

I still not figured out why sending patch is corrupting from my company's 
domain and so attaching patch here in the email.


Thanks,

Best Regards,

Ranjitsinh Rathod
Technical Leader |  | KPIT Technologies Ltd.
Cellphone: +91-84606 92403
__
KPIT | Follow us on LinkedIn

[cid:d822f68e-d726-4e5b-aef7-c718b25a6674]

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.
From 151c6079af710b75ed9fb4c1ebfd8e881511864f Mon Sep 17 00:00:00 2001
From: Ranjitsinh Rathod 
Date: Thu, 3 Nov 2022 10:43:20 +0530
Subject: [PATCH] expat: Fix CVE-2022-43680 for expat

Add a patch to fix CVE-2022-43680 issue where use-after free caused by
overeager destruction of a shared DTD in XML_ExternalEntityParserCreate
in out-of-memory situations
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-43680

Signed-off-by: Ranjitsinh Rathod 
---
 .../expat/expat/CVE-2022-43680.patch  | 33 +++
 meta/recipes-core/expat/expat_2.2.9.bb|  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2022-43680.patch

diff --git a/meta/recipes-core/expat/expat/CVE-2022-43680.patch b/meta/recipes-core/expat/expat/CVE-2022-43680.patch
new file mode 100644
index 00..6f93bc3ed7
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2022-43680.patch
@@ -0,0 +1,33 @@
+From 5290462a7ea1278a8d5c0d5b2860d4e244f997e4 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping 
+Date: Tue, 20 Sep 2022 02:44:34 +0200
+Subject: [PATCH] lib: Fix overeager DTD destruction in
+ XML_ExternalEntityParserCreate
+
+CVE: CVE-2022-43680
+Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/5290462a7ea1278a8d5c0d5b2860d4e244f997e4.patch]
+Signed-off-by: Ranjitsinh Rathod 
+Comments: Hunk refreshed
+---
+ lib/xmlparse.c | 8 
+ 1 file changed, 8 insertions(+)
+
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index aacd6e7fc..57bf103cc 100644
+--- a/lib/xmlparse.c
 b/lib/xmlparse.c
+@@ -1035,6 +1035,14 @@ parserCreate(const XML_Char *encodingNam
+   parserInit(parser, encodingName);
+ 
+   if (encodingName && ! parser->m_protocolEncodingName) {
++if (dtd) {
++  // We need to stop the upcoming call to XML_ParserFree from happily
++  // destroying parser->m_dtd because the DTD is shared with the parent
++  // parser and the only guard that keeps XML_ParserFree from destroying
++  // parser->m_dtd is parser->m_isParamEntity but it will be set to
++  // XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all).
++  parser->m_dtd = NULL;
++}
+ XML_ParserFree(parser);
+ return NULL;
+   }
diff --git a/meta/recipes-core/expat/expat_2.2.9.bb b/meta/recipes-core/expat/expat_2.2.9.bb
index 578edfcbff..8a5006e59a 100644
--- a/meta/recipes-core/expat/expat_2.2.9.bb
+++ b/meta/recipes-core/expat/expat_2.2.9.bb
@@ -21,6 +21,7 @@ SRC_URI = "git://github.com/libexpat/libexpat.git;protocol=https;branch=master \
file://CVE-2022-25315.patch \
file://libtool-tag.patch \
file://CVE-2022-40674.patch \
+   file://CVE-2022-43680.patch \
  "
 
 SRCREV = "a7bc26b69768f7fb24f0c7976fae24b157b85b13"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#172720): 
https://lists.openembedded.org/g/openembedded-core/message/172720
Mute This Topic: https://lists.openembedded.org/mt/94808324/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-Core][dunfell][PATCH 1/2] libarchive: Fix CVE-2021-23177 issue

[Ranjitsinh Rathod via lists.openembedded.org]

Hi Steve,

I have tested this and it seems the patch is working fine.
I'm attaching the patch file as an attachment, please use this and let me know 
if that works.

It seems like something went wrong during sending using kpit email ID and 
currently using my gmail account I am facing the issues so I cannot send using 
gamil account.


Also, attaching logs of do_patch task.


Thanks,

Best Regards,

Ranjitsinh Rathod
Technical Leader |  | KPIT Technologies Ltd.
Cellphone: +91-84606 92403
__
KPIT<http://www.kpit.com/> | Follow us on LinkedIn<http://www.kpit.com/linkedin>

[cid:824f139b-dc78-4d88-b54c-19031b89b310]<https://www.kpit.com/TheNewBrand>


From: Steve Sakoman 
Sent: Wednesday, September 7, 2022 4:48 AM
To: Ranjitsinh Rathod 
Cc: openembedded-core@lists.openembedded.org 

Subject: Re: [OE-Core][dunfell][PATCH 1/2] libarchive: Fix CVE-2021-23177 issue

Caution: This email originated from outside of the KPIT. Do not click links or 
open attachments unless you recognize the sender and know the content is safe.

On Mon, Sep 5, 2022 at 3:06 AM Ranjitsinh Rathod via
lists.openembedded.org
 wrote:
>
> Add patch to fix CVE-2021-23177 issue for libarchive
> Link: 
> https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdeb.debian.org%2Fdebian%2Fpool%2Fmain%2Fliba%2Flibarchive%2Flibarchive_3.4.3-2%2Bdeb11u1.debian.tar.xzdata=05%7C01%7Cranjitsinh.rathod%40kpit.com%7Ce7011a052c724605e9c008da905e13f4%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637981031500145401%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7Csdata=TkHxhOMThtixBaY%2FBNYDPPje1vMASk3%2FPNdQAoHQd7o%3Dreserved=0

Fails to build with this patch:

NOTE: Applying patch 'CVE-2021-23177.patch'
(../meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch)
ERROR: Applying patch 'CVE-2021-23177.patch' on target directory
'TOPDIR/tmp/work/x86_64-linux/libarchive-native/3.4.2-r0/libarchive-3.4.2'
Command Error: 'quilt --quiltrc
TOPDIR/tmp/work/x86_64-linux/libarchive-native/3.4.2-r0/recipe-sysroot-native/etc/quiltrc
push' exited with 0  Output:
Applying patch CVE-2021-23177.patch
patching file libarchive/archive_disk_acl_freebsd.c
Hunk #1 succeeded at 319 with fuzz 1.
Hunk #2 FAILED at 364.
Hunk #3 FAILED at 542.
Hunk #4 FAILED at 677.
Hunk #5 FAILED at 693.
4 out of 5 hunks FAILED -- rejects in file libarchive/archive_disk_acl_freebsd.c
patching file libarchive/archive_disk_acl_linux.c
Hunk #1 FAILED at 343.
Hunk #2 succeeded at 455 with fuzz 1.
Hunk #3 FAILED at 488.
Hunk #4 FAILED at 727.
3 out of 4 hunks FAILED -- rejects in file libarchive/archive_disk_acl_linux.c
patching file libarchive/archive_disk_acl_sunos.c
Hunk #1 succeeded at 443 with fuzz 1.
Hunk #2 FAILED at 467.
Hunk #3 FAILED at 492.
Hunk #4 FAILED at 801.
Hunk #5 FAILED at 810.
4 out of 5 hunks FAILED -- rejects in file libarchive/archive_disk_acl_sunos.c
Patch CVE-2021-23177.patch does not apply (enforce with -f)
DEBUG: Python function patch_do_patch finished
DEBUG: Python function do_patch finished

I'm going to drop both patches in the series and await a v2.

Steve

> Signed-off-by: Ranjitsinh Rathod 
> ---
>  .../libarchive/CVE-2021-23177.patch   | 183 ++
>  .../libarchive/libarchive_3.4.2.bb|   1 +
>  2 files changed, 184 insertions(+)
>  create mode 100644 
> meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch
>
> diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch 
> b/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch
> new file mode 100644
> index 00..555c7a47f7
> --- /dev/null
> +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch
> @@ -0,0 +1,183 @@
> +Description: Fix handling of symbolic link ACLs
> + Published as CVE-2021-23177
> +Origin: upstream, 
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Flibarchive%2Flibarchive%2Fcommit%2Ffba4f123cc456d2b2538f811bb831483bf336baddata=05%7C01%7Cranjitsinh.rathod%40kpit.com%7Ce7011a052c724605e9c008da905e13f4%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637981031500145401%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7Csdata=gvioBQMQ2EoCWnEZqMzDGb2QP3Cpe0nyt8nHZXDXbCU%3Dreserved=0
> +Bug-Debian: 
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugs.debian.org%2F1001986data=05%7C01%7Cranjitsinh.rathod%40kpit.com%7Ce7011a052c724605e9c008da905e13f4%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637981031500301630%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7Csdata=AZAP5EPxLqEOTWQrrQqBLKB28h2F%2FzfnHrM9DdecYVo%3Dreserved=0
> +Author: Martin Matuska 
> +Last-Updated: 2021-12-20
> +
> +CVE: CVE-2021-23177
> +U

[OE-Core][dunfell][PATCH 2/2] libarchive: Fix CVE-2021-31566 issue

[Ranjitsinh Rathod via lists.openembedded.org]

Add patch to fix CVE-2021-31566 issue for libarchive
Link: 
http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz

Signed-off-by: Ranjitsinh Rathod 
---
 .../libarchive/CVE-2021-31566-01.patch|  23 +++
 .../libarchive/CVE-2021-31566-02.patch| 172 ++
 .../libarchive/libarchive_3.4.2.bb|   2 +
 3 files changed, 197 insertions(+)
 create mode 100644 
meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch
 create mode 100644 
meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-02.patch

diff --git 
a/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch 
b/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch
new file mode 100644
index 00..c4a2fb612c
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-01.patch
@@ -0,0 +1,23 @@
+Description: Never follow symlinks when setting file flags on Linux
+ Published as CVE-2021-31566
+Origin: upstream, 
https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b
+Bug-Debian: https://bugs.debian.org/1001990
+Author: Martin Matuska 
+Last-Update: 2021-12-20
+
+CVE: CVE-2021-31566
+Upstream-Status: Backport 
[http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz]
+Signed-off-by: Ranjitsinh Rathod 
+
+--- a/libarchive/archive_write_disk_posix.c
 b/libarchive/archive_write_disk_posix.c
+@@ -3927,7 +3927,8 @@
+
+   /* If we weren't given an fd, open it ourselves. */
+   if (myfd < 0) {
+-  myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY | O_CLOEXEC);
++  myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY |
++  O_CLOEXEC | O_NOFOLLOW);
+   __archive_ensure_cloexec_flag(myfd);
+   }
+   if (myfd < 0)
diff --git 
a/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-02.patch 
b/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-02.patch
new file mode 100644
index 00..0dfcd1ac5c
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2021-31566-02.patch
@@ -0,0 +1,172 @@
+Description: Do not follow symlinks when processing the fixup list
+ Published as CVE-2021-31566
+Origin: upstream, 
https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043
+Bug-Debian: https://bugs.debian.org/1001990
+Author: Martin Matuska 
+Last-Update: 2021-12-20
+
+CVE: CVE-2021-31566
+Upstream-Status: Backport 
[http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz]
+Signed-off-by: Ranjitsinh Rathod 
+
+--- a/Makefile.am
 b/Makefile.am
+@@ -556,6 +556,7 @@
+   libarchive/test/test_write_disk.c \
+   libarchive/test/test_write_disk_appledouble.c \
+   libarchive/test/test_write_disk_failures.c \
++  libarchive/test/test_write_disk_fixup.c \
+   libarchive/test/test_write_disk_hardlink.c \
+   libarchive/test/test_write_disk_hfs_compression.c \
+   libarchive/test/test_write_disk_lookup.c \
+--- a/libarchive/archive_write_disk_posix.c
 b/libarchive/archive_write_disk_posix.c
+@@ -2461,6 +2461,7 @@
+ {
+   struct archive_write_disk *a = (struct archive_write_disk *)_a;
+   struct fixup_entry *next, *p;
++  struct stat st;
+   int fd, ret;
+
+   archive_check_magic(>archive, ARCHIVE_WRITE_DISK_MAGIC,
+@@ -2478,6 +2479,20 @@
+   (TODO_TIMES | TODO_MODE_BASE | TODO_ACLS | TODO_FFLAGS)) {
+   fd = open(p->name,
+   O_WRONLY | O_BINARY | O_NOFOLLOW | O_CLOEXEC);
++  if (fd == -1) {
++  /* If we cannot lstat, skip entry */
++  if (lstat(p->name, ) != 0)
++  goto skip_fixup_entry;
++  /*
++   * If we deal with a symbolic link, mark
++   * it in the fixup mode to ensure no
++   * modifications are made to its target.
++   */
++  if (S_ISLNK(st.st_mode)) {
++  p->mode &= ~S_IFMT;
++  p->mode |= S_IFLNK;
++  }
++  }
+   }
+   if (p->fixup & TODO_TIMES) {
+   set_times(a, fd, p->mode, p->name,
+@@ -2492,7 +2507,12 @@
+   fchmod(fd, p->mode);
+   else
+ #endif
+-  chmod(p->name, p->mode);
++#ifdef HAVE_LCHMOD
++  lchmod(p->name, p->mode);
++#else
++  if (!S_ISLNK(p->mode))
++  chmod(p->name, p->mode);
++#endif
+   }
+   if (p->fixup & TODO_ACLS)
+   

[OE-Core][dunfell][PATCH 1/2] libarchive: Fix CVE-2021-23177 issue

[Ranjitsinh Rathod via lists.openembedded.org]

Add patch to fix CVE-2021-23177 issue for libarchive
Link: 
http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz

Signed-off-by: Ranjitsinh Rathod 
---
 .../libarchive/CVE-2021-23177.patch   | 183 ++
 .../libarchive/libarchive_3.4.2.bb|   1 +
 2 files changed, 184 insertions(+)
 create mode 100644 
meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch

diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch 
b/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch
new file mode 100644
index 00..555c7a47f7
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2021-23177.patch
@@ -0,0 +1,183 @@
+Description: Fix handling of symbolic link ACLs
+ Published as CVE-2021-23177
+Origin: upstream, 
https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad
+Bug-Debian: https://bugs.debian.org/1001986
+Author: Martin Matuska 
+Last-Updated: 2021-12-20
+
+CVE: CVE-2021-23177
+Upstream-Status: Backport 
[http://deb.debian.org/debian/pool/main/liba/libarchive/libarchive_3.4.3-2+deb11u1.debian.tar.xz]
+Signed-off-by: Ranjitsinh Rathod 
+
+--- a/libarchive/archive_disk_acl_freebsd.c
 b/libarchive/archive_disk_acl_freebsd.c
+@@ -319,7 +319,7 @@
+
+ static int
+ set_acl(struct archive *a, int fd, const char *name,
+-struct archive_acl *abstract_acl,
++struct archive_acl *abstract_acl, __LA_MODE_T mode,
+ int ae_requested_type, const char *tname)
+ {
+   int  acl_type = 0;
+@@ -364,6 +364,13 @@
+   return (ARCHIVE_FAILED);
+   }
+
++  if (acl_type == ACL_TYPE_DEFAULT && !S_ISDIR(mode)) {
++  errno = EINVAL;
++  archive_set_error(a, errno,
++  "Cannot set default ACL on non-directory");
++  return (ARCHIVE_WARN);
++  }
++
+   acl = acl_init(entries);
+   if (acl == (acl_t)NULL) {
+   archive_set_error(a, errno,
+@@ -542,7 +549,10 @@
+   else if (acl_set_link_np(name, acl_type, acl) != 0)
+ #else
+   /* FreeBSD older than 8.0 */
+-  else if (acl_set_file(name, acl_type, acl) != 0)
++  else if (S_ISLNK(mode)) {
++  /* acl_set_file() follows symbolic links, skip */
++  ret = ARCHIVE_OK;
++  } else if (acl_set_file(name, acl_type, acl) != 0)
+ #endif
+   {
+   if (errno == EOPNOTSUPP) {
+@@ -677,14 +687,14 @@
+   & ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0) {
+   if ((archive_acl_types(abstract_acl)
+   & ARCHIVE_ENTRY_ACL_TYPE_ACCESS) != 0) {
+-  ret = set_acl(a, fd, name, abstract_acl,
++  ret = set_acl(a, fd, name, abstract_acl, mode,
+   ARCHIVE_ENTRY_ACL_TYPE_ACCESS, "access");
+   if (ret != ARCHIVE_OK)
+   return (ret);
+   }
+   if ((archive_acl_types(abstract_acl)
+   & ARCHIVE_ENTRY_ACL_TYPE_DEFAULT) != 0)
+-  ret = set_acl(a, fd, name, abstract_acl,
++  ret = set_acl(a, fd, name, abstract_acl, mode,
+   ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, "default");
+
+   /* Simultaneous POSIX.1e and NFSv4 is not supported */
+@@ -693,7 +703,7 @@
+ #if ARCHIVE_ACL_FREEBSD_NFS4
+   else if ((archive_acl_types(abstract_acl) &
+   ARCHIVE_ENTRY_ACL_TYPE_NFS4) != 0) {
+-  ret = set_acl(a, fd, name, abstract_acl,
++  ret = set_acl(a, fd, name, abstract_acl, mode,
+   ARCHIVE_ENTRY_ACL_TYPE_NFS4, "nfs4");
+   }
+ #endif
+--- a/libarchive/archive_disk_acl_linux.c
 b/libarchive/archive_disk_acl_linux.c
+@@ -343,6 +343,11 @@
+   return (ARCHIVE_FAILED);
+   }
+
++  if (S_ISLNK(mode)) {
++  /* Linux does not support RichACLs on symbolic links */
++  return (ARCHIVE_OK);
++  }
++
+   richacl = richacl_alloc(entries);
+   if (richacl == NULL) {
+   archive_set_error(a, errno,
+@@ -455,7 +460,7 @@
+ #if ARCHIVE_ACL_LIBACL
+ static int
+ set_acl(struct archive *a, int fd, const char *name,
+-struct archive_acl *abstract_acl,
++struct archive_acl *abstract_acl, __LA_MODE_T mode,
+ int ae_requested_type, const char *tname)
+ {
+   int  acl_type = 0;
+@@ -488,6 +493,18 @@
+   return (ARCHIVE_FAILED);
+   }
+
++  if (S_ISLNK(mode)) {
++  /* Linux does not support ACLs on symbolic links */
++  return (ARCHIVE_OK);
++  }
++
++  if (acl_type == ACL_TYPE_DEFAULT && !S_ISDIR(mode)) {
++  errno = EINVAL;
++  archive_set_error(a, errno,
++  "Cannot set default ACL on non-directory");
++  return (ARCHIVE_WARN);
++  }
++
+   acl = acl_init(entries);
+   if (acl == (acl_t)NULL) {
+   

[OE-Core][dunfell][PATCH] cve-extra-exclusions.inc: Use CVE_CHECK_WHITELIST

[Ranjitsinh Rathod via lists.openembedded.org]

Use CVE_CHECK_WHITELIST as CVE_CHECK_IGNORE is not valid on dunfell
branch

Signed-off-by: Ranjitsinh Rathod 
Signed-off-by: Ranjitsinh Rathod 
---
 meta/conf/distro/include/cve-extra-exclusions.inc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc 
b/meta/conf/distro/include/cve-extra-exclusions.inc
index 70442df991..f3490db9dd 100644
--- a/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -57,19 +57,19 @@ CVE-2016-0689 CVE-2016-0692 CVE-2016-0694 CVE-2016-3418 
CVE-2020-2981"
 # There was a proposed patch 
https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
 # qemu maintainers say the patch is incorrect and should not be applied
 # Ignore from OE's perspectivee as the issue is of low impact, at worst 
sitting in an infinite loop rather than exploitable
-CVE_CHECK_IGNORE += "CVE-2021-20255"
+CVE_CHECK_WHITELIST += "CVE-2021-20255"

 # qemu:qemu-native:qemu-system-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067
 # There was a proposed patch but rejected by upstream qemu. It is unclear if 
the issue can
 # still be reproduced or where exactly any bug is.
 # Ignore from OE's perspective as we'll pick up any fix when upstream accepts 
one.
-CVE_CHECK_IGNORE += "CVE-2019-12067"
+CVE_CHECK_WHITELIST += "CVE-2019-12067"

 # nasm:nasm-native 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18974
 # It is a fuzzing related buffer overflow. It is of low impact since most 
devices
 # wouldn't expose an assembler. The upstream is inactive and there is little 
to be
 # done about the bug, ignore from an OE perspective.
-CVE_CHECK_IGNORE += "CVE-2020-18974"
+CVE_CHECK_WHITELIST += "CVE-2020-18974"



--
2.17.1

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#168122): 
https://lists.openembedded.org/g/openembedded-core/message/168122
Mute This Topic: https://lists.openembedded.org/mt/92403999/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-Core][dunfell][PATCH] openssl: Minor security upgrade 1.1.1o to 1.1.1p

[Ranjitsinh Rathod via lists.openembedded.org]

This security upgrade fixes CVE-2022-2068 as per below link
Link: https://www.openssl.org/news/cl111.txt
Also, remove 73db5d82489b3ec09ccc772dfcee14fef0e8e908.patch and
b7ce611887cfac633aacc052b2e71a7f195418b8.patch as these two are part
1.1.1p now

Signed-off-by: Ranjitsinh Rathod 
Signed-off-by: Ranjitsinh Rathod 
---
 ...5d82489b3ec09ccc772dfcee14fef0e8e908.patch | 192 --
 ...611887cfac633aacc052b2e71a7f195418b8.patch |  29 ---
 .../{openssl_1.1.1o.bb => openssl_1.1.1p.bb}  |   4 +-
 3 files changed, 1 insertion(+), 224 deletions(-)
 delete mode 100644 
meta/recipes-connectivity/openssl/openssl/73db5d82489b3ec09ccc772dfcee14fef0e8e908.patch
 delete mode 100644 
meta/recipes-connectivity/openssl/openssl/b7ce611887cfac633aacc052b2e71a7f195418b8.patch
 rename meta/recipes-connectivity/openssl/{openssl_1.1.1o.bb => 
openssl_1.1.1p.bb} (97%)

diff --git 
a/meta/recipes-connectivity/openssl/openssl/73db5d82489b3ec09ccc772dfcee14fef0e8e908.patch
 
b/meta/recipes-connectivity/openssl/openssl/73db5d82489b3ec09ccc772dfcee14fef0e8e908.patch
deleted file mode 100644
index 438ecdcd32..00
--- 
a/meta/recipes-connectivity/openssl/openssl/73db5d82489b3ec09ccc772dfcee14fef0e8e908.patch
+++ /dev/null
@@ -1,192 +0,0 @@
-From 73db5d82489b3ec09ccc772dfcee14fef0e8e908 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz 
-Date: Wed, 1 Jun 2022 12:47:44 +0200
-Subject: [PATCH] Update expired SCT certificates
-
-Reviewed-by: Matt Caswell 
-Reviewed-by: Dmitry Belyavskiy 
-(Merged from https://github.com/openssl/openssl/pull/18446)
-
-Upstream-Status: Backport 
[https://github.com/openssl/openssl/commit/73db5d82489b3ec09ccc772dfcee14fef0e8e908]
-Signed-off-by: Steve Sakoman 
-

- test/certs/embeddedSCTs1-key.pem| 38 -
- test/certs/embeddedSCTs1.pem| 35 ---
- test/certs/embeddedSCTs1.sct| 12 
- test/certs/embeddedSCTs1_issuer-key.pem | 15 ++
- test/certs/embeddedSCTs1_issuer.pem | 30 +--
- 5 files changed, 79 insertions(+), 51 deletions(-)
- create mode 100644 test/certs/embeddedSCTs1_issuer-key.pem
-
-diff --git a/test/certs/embeddedSCTs1-key.pem 
b/test/certs/embeddedSCTs1-key.pem
-index e3e66d55c510..28dd206dbe8d 100644
 a/test/certs/embeddedSCTs1-key.pem
-+++ b/test/certs/embeddedSCTs1-key.pem
-@@ -1,15 +1,27 @@
- -BEGIN RSA PRIVATE KEY-
--MIICWwIBAAKBgQC+75jnwmh3rjhfdTJaDB0ym+3xj6r015a/BH634c4VyVui+A7k
--WL19uG+KSyUhkaeb1wDDjpwDibRc1NyaEgqyHgy0HNDnKAWkEM2cW9tdSSdyba8X
--EPYBhzd+olsaHjnu0LiBGdwVTcaPfajjDK8VijPmyVCfSgWwFAn/Xdh+tQIDAQAB
--AoGAK/daG0vt6Fkqy/hdrtSJSKUVRoGRmS2nnba4Qzlwzh1+x2kdbMFuaOu2a37g
--PvmeQclheKZ3EG1+Jb4yShwLcBCV6pkRJhOKuhvqGnjngr6uBH4gMCjpZVj7GDMf
--flYHhdJCs3Cz/TY0wKN3o1Fldil2DHR/AEOc1nImeSp5/EUCQQDjKS3W957kYtTU
--X5BeRjvg03Ug8tJq6IFuhTFvUJ+XQ5bAc0DmxAbQVKqRS7Wje59zTknVvS+MFdeQ
--pz4dGuV7AkEA1y0X2yarIls+0A/S1uwkvwRTIkfS+QwFJ1zVya8sApRdKAcidIzA
--b70hkKLilU9+LrXg5iZdFp8l752qJiw9jwJAXjItN/7mfH4fExGto+or2kbVQxxt
--9LcFNPc2UJp2ExuL37HrL8YJrUnukOF8KJaSwBWuuFsC5GwKP4maUCdfEQJAUwBR
--83c3DEmmMRvpeH4erpA8gTyzZN3+HvDwhpvLnjMcvBQEdnDUykVqbSBnxrCjO+Fs
--n1qtDczWFVf8Cj2GgQJAQ14Awx32Cn9sF+3M+sEVtlAf6CqiEbkYeYdSCbsplMmZ
--1UoaxiwXY3z+B7epsRnnPR3KaceAlAxw2/zQJMFNOQ==
-+MIIEpQIBAAKCAQEAuIjpA4/iCpDA2mjywI5zG6IBX6bNcRQYDsB7Cv0VonNXtJBw
-+XxMENP4jVpvEmWpJ5iMBknGHV+XWBkngYapczIsY4LGn6aMU6ySABBVQpNOQSRfT
-+48xGGPR9mzOBG/yplmpFOVq1j+b65lskvAXKYaLFpFn3oY/pBSdcCNBP8LypVXAJ
-+b3IqEXsBL/ErgHG9bgIRP8VxBAaryCz77kLzAXkfHL2LfSGIfNONyEKB3xI94S4L
-+eouOSoWL1VkEfJs87vG4G5xoXw3KOHyiueQUUlMnu8p+Bx0xPVKPEsLje3R9k0rG
-+a5ca7dXAn9UypKKp25x4NXpnjGX5txVEYfNvqQIDAQABAoIBAE0zqhh9Z5n3+Vbm
-+tTht4CZdXqm/xQ9b0rzJNjDgtN5j1vuJuhlsgUQSVoJzZIqydvw7BPtZV8AkPagf
-+3Cm/9lb0kpHegVsziRrfCFes+zIZ+LE7sMAKxADIuIvnvkoRKHnvN8rI8lCj16/r
-+zbCD06mJSZp6sSj8ZgZr8wsU63zRGt1TeGM67uVW4agphfzuKGlXstPLsSMwknpF
-+nxFS2TYbitxa9oH76oCpEk5fywYsYgUP4TdzOzfVAgMzNSu0FobvWl0CECB+G3RQ
-+XQ5VWbYkFoj5XbE5kYz6sYHMQWL1NQpglUp+tAQ1T8Nca0CvbSpD77doRGm7UqYw
-+ziVQKokCgYEA6BtHwzyD1PHdAYtOcy7djrpnIMaiisSxEtMhctoxg8Vr2ePEvMpZ
-+S1ka8A1Pa9GzjaUk+VWKWsTf+VkmMHGtpB1sv8S7HjujlEmeQe7p8EltjstvLDmi
-+BhAA7ixvZpXXjQV4GCVdUVu0na6gFGGueZb2FHEXB8j1amVwleJj2lcCgYEAy4f3
-+2wXqJfz15+YdJPpG9BbH9d/plKJm5ID3p2ojAGo5qvVuIJMNJA4elcfHDwzCWVmn
-+MtR/WwtxYVVmy1BAnmk6HPSYc3CStvv1800vqN3fyJWtZ1P+8WBVZWZzIQdjdiaU
-+JSRevPnjQGc+SAZQQIk1yVclbz5790yuXsdIxf8CgYEApqlABC5lsvfga4Vt1UMn
-+j57FAkHe4KmPRCcZ83A88ZNGd/QWhkD9kR7wOsIz7wVqWiDkxavoZnjLIi4jP9HA
-+jwEZ3zER8wl70bRy0IEOtZzj8A6fSzAu6Q+Au4RokU6yse3lZ+EcepjQvhBvnXLu
-+ZxxAojj6AnsHzVf9WYJvlI0CgYEAoATIw/TEgRV/KNHs/BOiEWqP0Co5dVix2Nnk
-+3EVAO6VIrbbE3OuAm2ZWeaBWSujXLHSmVfpoHubCP6prZVI1W9aTkAxmh+xsDV3P
-+o3h+DiBTP1seuGx7tr7spQqFXeR3OH9gXktYCO/W0d3aQ7pjAjpehWv0zJ+ty2MI
-+fQ/lkXUCgYEAgbP+P5UmY7Fqm/mi6TprEJ/eYktji4Ne11GDKGFQCfjF5RdKhdw1
-+5+elGhZes+cpzu5Ak6zBDu4bviT+tRTWJu5lVLEzlHHv4nAU7Ks5Aj67ApH21AnP
-+RtlATdhWOt5Dkdq1WSpDfz5bvWgvyBx9D66dSmQdbKKe2dH327eQll4=
- -END RSA PRIVATE KEY-
-diff --git a/test/certs/embeddedSCTs1.pem 

[OE-Core][master][kirkstone][PATCH] ruby: Add ruby-native dependency for nativesdk class

[Ranjitsinh Rathod via lists.openembedded.org]

We need to add ruby-native dependency for nativesdk class too
to fix the compilation issue
Earlier this dependency is part of DEPENDS variable but the below
commit removes it from DEPENDS and add only for
DEPENDS_append_class-target which triggers the failure in
nativesdk-ruby:do_compile task
Link: 
https://git.yoctoproject.org/poky/commit/?h=dunfell=6060b500b952754c595fdf5de5de35c886e0e1d5

Signed-off-by: Ranjitsinh Rathod 
Signed-off-by: Ranjitsinh Rathod 
---
 meta/recipes-devtools/ruby/ruby.inc  | 1 +
 meta/recipes-devtools/ruby/ruby_3.1.2.bb | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/ruby/ruby.inc 
b/meta/recipes-devtools/ruby/ruby.inc
index ebff5efd1f..efa40331e0 100644
--- a/meta/recipes-devtools/ruby/ruby.inc
+++ b/meta/recipes-devtools/ruby/ruby.inc
@@ -15,6 +15,7 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=5b8c87559868796979806100db3f3805 \

 DEPENDS = "zlib openssl libyaml gdbm readline libffi"
 DEPENDS:append:class-target = " ruby-native"
+DEPENDS:append:class-nativesdk = " ruby-native"

 SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}"
 SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
diff --git a/meta/recipes-devtools/ruby/ruby_3.1.2.bb 
b/meta/recipes-devtools/ruby/ruby_3.1.2.bb
index 38ba46731b..a9e6765939 100644
--- a/meta/recipes-devtools/ruby/ruby_3.1.2.bb
+++ b/meta/recipes-devtools/ruby/ruby_3.1.2.bb
@@ -104,4 +104,4 @@ FILES:${PN}-ptest:append:class-target = "\
 ${libdir}/ruby/${SHRT_VER}.0/*/-test- \
 "

-BBCLASSEXTEND = "native"
+BBCLASSEXTEND = "native nativesdk"
--
2.17.1

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#167373): 
https://lists.openembedded.org/g/openembedded-core/message/167373
Mute This Topic: https://lists.openembedded.org/mt/92062913/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [master][kirkstone] lua: fix CVE-2022-28805

[Ranjitsinh Rathod via lists.openembedded.org]

Hi Steve,

Sure, will send it for meta-openembedded.


Thanks,

Best Regards,

Ranjitsinh Rathod
Technical Leader |  | KPIT Technologies Ltd.
Cellphone: +91-84606 92403
__
KPIT | Follow us on LinkedIn

[cid:021bb66e-f527-4295-80da-cd103cd54e81]


From: openembedded-core@lists.openembedded.org 
 on behalf of Steve Sakoman via 
lists.openembedded.org 
Sent: Monday, April 25, 2022 8:38 PM
To: st...@sakoman.com 
Cc: Ranjitsinh Rathod ; 
openembedded-core@lists.openembedded.org 

Subject: Re: [OE-core] [master][kirkstone] lua: fix CVE-2022-28805

Caution: This email originated from outside of the KPIT. Do not click links or 
open attachments unless you recognize the sender and know the content is safe.

On Mon, Apr 25, 2022 at 3:57 AM Steve Sakoman via
lists.openembedded.org 
wrote:
>
> On Sun, Apr 24, 2022 at 8:15 PM Ranjitsinh Rathod
>  wrote:
> >
> > Hi Steve,
> >
> > Can you please cherry-pick this on the dunfell branch as well for this Lua 
> > CVE? or should I send a patch for this?
>
> Yes, of course!  Thanks for the reminder.

Heh, now I know why I "forgot" to take this patch in dunfell -- there
is no lua recipe in dunfell :-)

It was moved from meta-oe to oe-core post dunfell release. So, you
should probably submit this patch for the meta-openembedded dunfell
branch using the meta-openembedded mailing list!

Steve

Steve
This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#164828): 
https://lists.openembedded.org/g/openembedded-core/message/164828
Mute This Topic: https://lists.openembedded.org/mt/90546402/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [meta-networking][dunfell][PATCH v2] strongswan: Fix for CVE-2021-41990 and CVE-2021-41991

[Ranjitsinh Rathod via lists.openembedded.org]

Hi Virendra,

You need to send this patch to "openembedded-de...@lists.openembedded.org".


Thanks,

Best Regards,

Ranjitsinh Rathod
Technical Leader |  | KPIT Technologies Ltd.
Cellphone: +91-84606 92403
__
KPIT | Follow us on LinkedIn

[cid:f674d8e1-5eb8-4b53-b7b8-2ef5e478309b]


From: openembedded-core@lists.openembedded.org 
 on behalf of virendra thakur via 
lists.openembedded.org 
Sent: Friday, January 7, 2022 1:18 PM
To: openembedded-core@lists.openembedded.org 
; raj.k...@gmail.com 

Cc: akuster...@gmail.com ; Virendra Kumar Thakur 
; Virendra Kumar Thakur 
Subject: [OE-core] [meta-networking][dunfell][PATCH v2] strongswan: Fix for 
CVE-2021-41990 and CVE-2021-41991

Caution: This email originated from outside of the KPIT. Do not click links or 
open attachments unless you recognize the sender and know the content is safe.

From: Virendra Thakur 

Add patch to fix CVE-2021-41990 and CVE-2021-41991

Signed-off-by: Virendra Thakur 
Signed-off-by: virendra thakur 
---
 .../strongswan/files/CVE-2021-41990.patch | 62 +++
 .../strongswan/files/CVE-2021-41991.patch | 41 
 .../strongswan/strongswan_5.8.4.bb|  2 +
 3 files changed, 105 insertions(+)
 create mode 100644 
meta-networking/recipes-support/strongswan/files/CVE-2021-41990.patch
 create mode 100644 
meta-networking/recipes-support/strongswan/files/CVE-2021-41991.patch

diff --git 
a/meta-networking/recipes-support/strongswan/files/CVE-2021-41990.patch 
b/meta-networking/recipes-support/strongswan/files/CVE-2021-41990.patch
new file mode 100644
index 0..b7118ba1f
--- /dev/null
+++ b/meta-networking/recipes-support/strongswan/files/CVE-2021-41990.patch
@@ -0,0 +1,62 @@
+From 423a5d56274a1d343e0d2107dfc4fbf0df2dcca5 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner 
+Date: Tue, 28 Sep 2021 17:52:08 +0200
+Subject: [PATCH] Reject RSASSA-PSS params with negative salt length
+
+The `salt_len` member in the struct is of type `ssize_t` because we use
+negative values for special automatic salt lengths when generating
+signatures.
+
+Not checking this could lead to an integer overflow.  The value is assigned
+to the `len` field of a chunk (`size_t`), which is further used in
+calculations to check the padding structure and (if that is passed by a
+matching crafted signature value) eventually a memcpy() that will result
+in a segmentation fault.
+
+Fixes: a22316520b91 ("signature-params: Add functions to parse/build ASN.1 
RSASSA-PSS params")
+Fixes: 7d6b81648b2d ("gmp: Add support for RSASSA-PSS signature verification")
+Fixes: CVE-2021-41990
+
+Upstream-Status: Backport 
[https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdownload.strongswan.org%2Fsecurity%2FCVE-2021-41990data=04%7C01%7Cranjitsinh.rathod%40kpit.com%7C5abb6260dcf54af2885508d9d1b22a32%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637771385470682075%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=%2BWim%2Bl1Eip2jX8UPUD8QjiTYpau1BJo6SmfH5sqxSAc%3Dreserved=0]
+CVE: CVE-2021-41990
+
+Signed-off-by: Virendra Thakur 
+
+---
+ src/libstrongswan/credentials/keys/signature_params.c | 6 +-
+ src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c| 2 +-
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/libstrongswan/credentials/keys/signature_params.c 
b/src/libstrongswan/credentials/keys/signature_params.c
+index d89bd2c96bb5..837de8443d43 100644
+--- a/src/libstrongswan/credentials/keys/signature_params.c
 b/src/libstrongswan/credentials/keys/signature_params.c
+@@ -322,7 +322,11 @@ bool rsa_pss_params_parse(chunk_t asn1, int level0, 
rsa_pss_params_t *params)
+   case RSASSA_PSS_PARAMS_SALT_LEN:
+   if (object.len)
+   {
+-  params->salt_len = 
(size_t)asn1_parse_integer_uint64(object);
++  params->salt_len = 
(ssize_t)asn1_parse_integer_uint64(object);
++  if (params->salt_len < 0)
++  {
++  goto end;
++  }
+   }
+   break;
+   case RSASSA_PSS_PARAMS_TRAILER:
+diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c 
b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+index f9bd1d314dec..3a775090883e 100644
+--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
 b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+@@ -168,7 +168,7 @@ static bool 
verify_emsa_pss_signature(private_gmp_rsa_public_key_t *this,
+   int i;
+   bool success = FALSE;
+
+-  if (!params)
++  if (!params || 

Re: [OE-core] [PATCH] [master] [dunfell] [hardknott] Revert "db: update CVE_PRODUCT"

[Ranjitsinh Rathod via lists.openembedded.org]

HI Steve,

When do you plan to add these db CVEs in the 
'meta/conf/distro/include/cve-extra-exclusions.inc' file?


Thanks,

Best Regards,

Ranjitsinh Rathod
Technical Leader |  | KPIT Technologies Ltd.
Cellphone: +91-84606 92403
__
KPIT | Follow us on LinkedIn

[cid:bd98461e-3fae-4ae5-bd5d-5abc68f568c4]


From: openembedded-core@lists.openembedded.org 
 on behalf of Steve Sakoman via 
lists.openembedded.org 
Sent: Wednesday, September 15, 2021 12:38 AM
To: Steve Sakoman 
Cc: Patches and discussions about the oe-core layer 

Subject: Re: [OE-core] [PATCH] [master] [dunfell] [hardknott] Revert "db: 
update CVE_PRODUCT"

Caution: This email originated from outside of the KPIT. Do not click links or 
open attachments unless you recognize the sender and know the content is safe.

On Tue, Sep 14, 2021 at 8:41 AM Steve Sakoman via
lists.openembedded.org 
wrote:
>
> On Tue, Sep 14, 2021 at 8:04 AM Steve Sakoman via
> lists.openembedded.org 
> wrote:
> >
> > The CVE database correctly reports CVEs for oracle_berkley_db and
> > berkley_db.  We use the oracle_berkley_db source tree and therefore
> > should only check for oracle_berkely_db CVEs. Otherwise the scanner
> > falsely reports CVEs that are fixed in oracle_berkley_db
>
> Please hold off on taking this patch -- I need to do some more
> research.  I may have confused myself :-(

I did indeed confuse myself, so ignore this patch.

The CVE database is reporting CVEs for the Oracle db code base under
the name berkley_db, so the original patch in question is indeed
correct and the CVEs are valid.

Our CVE reporting has been whitelisting db CVEs.  I'm going to remove
that from the tool and submit a patch to add the db CVEs to the
exclusion list in meta/conf/distro/include/cve-extra-exclusions.inc
since it seems unlikely that we will be moving to a version of db with
these issues fixed.

Steve

> > This reverts commit ad799b109716ccd2f44dcf7a6a4cfcbd622ea661.
> >
> > Signed-off-by: Steve Sakoman 
> > ---
> >  meta/recipes-support/db/db_5.3.28.bb | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/meta/recipes-support/db/db_5.3.28.bb 
> > b/meta/recipes-support/db/db_5.3.28.bb
> > index d5b788a3d7..5e9305ab06 100644
> > --- a/meta/recipes-support/db/db_5.3.28.bb
> > +++ b/meta/recipes-support/db/db_5.3.28.bb
> > @@ -15,7 +15,7 @@ HOMEPAGE = 
> > "https://www.oracle.com/database/technologies/related/berkeleydb.html
> >  LICENSE = "Sleepycat"
> >  RCONFLICTS:${PN} = "db3"
> >
> > -CVE_PRODUCT = "oracle_berkeley_db berkeley_db"
> > +CVE_PRODUCT = "oracle_berkeley_db"
> >  CVE_VERSION = "11.2.${PV}"
> >
> >  PR = "r1"
> > --
> > 2.25.1
> >
> >
> >
> >
>
>
>
This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#159023): 
https://lists.openembedded.org/g/openembedded-core/message/159023
Mute This Topic: https://lists.openembedded.org/mt/85608645/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [meta][dunfell][PATCH] glib-2.0: Add security fixes

[Ranjitsinh Rathod via lists.openembedded.org]

Steve,

I have just sent a patch v2 with added all missing regression patchsets as well 
as patch fuzz removed from CVE-2021-28153-4.patch.
Please check it and let me know if anything else is needed for the same.


Thanks,

Best Regards,

Ranjitsinh Rathod
Technical Leader |  | KPIT Technologies Ltd.
Cellphone: +91-84606 92403
__
KPIT | Follow us on LinkedIn

[cid:81130cd0-5c63-4d3d-871a-f4c078b03904]


From: openembedded-core@lists.openembedded.org 
 on behalf of Steve Sakoman via 
lists.openembedded.org 
Sent: Tuesday, November 30, 2021 8:25 PM
To: Ranjitsinh Rathod 
Cc: openembedded-core@lists.openembedded.org 

Subject: Re: [OE-core] [meta][dunfell][PATCH] glib-2.0: Add security fixes

Caution: This email originated from outside of the KPIT. Do not click links or 
open attachments unless you recognize the sender and know the content is safe.

On Mon, Nov 29, 2021 at 9:12 PM Ranjitsinh Rathod
 wrote:
>
> Adding missing patches and will resent it.

While you are at it you might also want to check
CVE-2021-28153-4.patch, I had to tweak it slightly to get it to apply
cleanly (i.e. without a fuzz warning).

Steve

>
> Thanks,
> Ranjitsinh Rathod
>
>
This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#158978): 
https://lists.openembedded.org/g/openembedded-core/message/158978
Mute This Topic: https://lists.openembedded.org/mt/87373335/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-