[OE-core] [poky][dunfell][PATCH] ffmpeg: Add fix for CVEs
From: Saloni Add fix for below CVE: CVE-2021-3566 Link: [http://git.videolan.org/?p=ffmpeg.git;a=patch;h=3bce9e9b3ea35c54ba793d7da99ea5157532] CVE-2021-38291 Link: [http://git.videolan.org/?p=ffmpeg.git;a=patch;h=e01d306c647b5827102260b885faa223b646d2d1] Signed-off-by: Saloni Jain --- .../ffmpeg/ffmpeg/CVE-2021-3566.patch | 61 +++ .../ffmpeg/ffmpeg/CVE-2021-38291.patch| 53 .../recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb | 4 +- 3 files changed, 117 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-3566.patch create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-38291.patch diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-3566.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-3566.patch new file mode 100644 index 00..abfc024820 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-3566.patch @@ -0,0 +1,61 @@ +From 3bce9e9b3ea35c54ba793d7da99ea5157532 Mon Sep 17 00:00:00 2001 +From: Paul B Mahol +Date: Mon, 27 Jan 2020 21:53:08 +0100 +Subject: [PATCH] avformat/tty: add probe function + +CVE: CVE-2021-3566 +Signed-off-by: Saloni Jain + +Upstream-Status: Backport [http://git.videolan.org/?p=ffmpeg.git;a=patch;h=3bce9e9b3ea35c54ba793d7da99ea5157532] +Comment: No changes/refreshing done. +--- + libavformat/tty.c | 21 - + 1 file changed, 20 insertions(+), 1 deletion(-) + +diff --git a/libavformat/tty.c b/libavformat/tty.c +index 8d48f2c45c12..60f7e9f87ee7 100644 +--- a/libavformat/tty.c b/libavformat/tty.c +@@ -34,6 +34,13 @@ + #include "internal.h" + #include "sauce.h" + ++static int isansicode(int x) ++{ ++return x == 0x1B || x == 0x0A || x == 0x0D || (x >= 0x20 && x < 0x7f); ++} ++ ++static const char tty_extensions[31] = "ans,art,asc,diz,ice,nfo,txt,vt"; ++ + typedef struct TtyDemuxContext { + AVClass *class; + int chars_per_frame; +@@ -42,6 +49,17 @@ typedef struct TtyDemuxContext { + AVRational framerate; /**< Set by a private option. */ + } TtyDemuxContext; + ++static int read_probe(const AVProbeData *p) ++{ ++int cnt = 0; ++ ++for (int i = 0; i < p->buf_size; i++) ++cnt += !!isansicode(p->buf[i]); ++ ++return (cnt * 100LL / p->buf_size) * (cnt > 400) * ++!!av_match_ext(p->filename, tty_extensions); ++} ++ + /** + * Parse EFI header + */ +@@ -153,8 +171,9 @@ AVInputFormat ff_tty_demuxer = { + .name = "tty", + .long_name = NULL_IF_CONFIG_SMALL("Tele-typewriter"), + .priv_data_size = sizeof(TtyDemuxContext), ++.read_probe = read_probe, + .read_header= read_header, + .read_packet= read_packet, +-.extensions = "ans,art,asc,diz,ice,nfo,txt,vt", ++.extensions = tty_extensions, + .priv_class = _demuxer_class, + }; diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-38291.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-38291.patch new file mode 100644 index 00..e5be985fc3 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-38291.patch @@ -0,0 +1,53 @@ +From e01d306c647b5827102260b885faa223b646d2d1 Mon Sep 17 00:00:00 2001 +From: James Almer +Date: Wed, 21 Jul 2021 01:02:44 -0300 +Subject: [PATCH] avcodec/utils: don't return negative values in + av_get_audio_frame_duration() + +In some extrme cases, like with adpcm_ms samples with an extremely high channel +count, get_audio_frame_duration() may return a negative frame duration value. +Don't propagate it, and instead return 0, signaling that a duration could not +be determined. + +CVE: CVE-2021-3566 +Fixes ticket #9312 +Signed-off-by: James Almer +Signed-off-by: Saloni Jain + +Upstream-Status: Backport [http://git.videolan.org/?p=ffmpeg.git;a=patch;h=e01d306c647b5827102260b885faa223b646d2d1] +Comment: No changes/refreshing done. +--- + libavcodec/utils.c | 6 -- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/libavcodec/utils.c b/libavcodec/utils.c +index 5fad782f5a..cfc07cbcb8 100644 +--- a/libavcodec/utils.c b/libavcodec/utils.c +@@ -810,20 +810,22 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba, + + int av_get_audio_frame_duration(AVCodecContext *avctx, int frame_bytes) + { +-return get_audio_frame_duration(avctx->codec_id, avctx->sample_rate, ++int duration = get_audio_frame_duration(avctx->codec_id, avctx->sample_rate, + avctx->channels, avctx->block_align, + avctx->codec_tag, avctx->bits_per_coded_sample, + avctx->bit_rate, avctx->extradata, avctx->frame_size, + frame_bytes); ++return FFMAX(0, duration); + } + + int av_get_audio_frame_duration2(AVCode
Re: [OE-core] [poky][dunfell][PATCH] libxcrypt: Add fix for CVE-2021-33560
Happy to help! I really appreciate you taking time to express gratitude. Thanks & Regards, Saloni Jain From: Steve Sakoman Sent: Monday, September 13, 2021 9:03 PM To: Saloni Jain Cc: Patches and discussions about the oe-core layer ; Khem Raj ; Nisha Parrakat ; Saloni Jain Subject: Re: [OE-core] [poky][dunfell][PATCH] libxcrypt: Add fix for CVE-2021-33560 Caution: This email originated from outside of the KPIT. Do not click links or open attachments unless you recognize the sender and know the content is safe. On Mon, Sep 13, 2021 at 3:16 AM Saloni Jain wrote: > > From: Saloni Jain > > Add fix for below CVE: > CVE-2021-33560 Armin submitted a patch for this CVE last week: https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.openembedded.org%2Fg%2Fopenembedded-core%2Fmessage%2F155935data=04%7C01%7CSaloni.Jain%40kpit.com%7Cab35b176f5054ba2760408d976cbd354%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637671440110080648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=drHkzkMi9PsPKXMK88kMxtc1tPfrCl72UfDLLYlx7yQ%3Dreserved=0 Thanks for helping with CVE's though, I appreciate the effort! Steve > Link: > [https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.gnupg.org%2Fcgi-bin%2Fgitweb.cgi%3Fp%3Dlibgcrypt.git%3Ba%3Dpatch%3Bh%3D3462280f2e23e16adf3ed5176e0f2413d8861320data=04%7C01%7CSaloni.Jain%40kpit.com%7Cab35b176f5054ba2760408d976cbd354%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637671440110080648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=mxW8l7hc7mDiu3UKIXQegIMJsP6kWfWmJ%2FbkQEVL958%3Dreserved=0] > > Signed-off-by: Saloni Jain > --- > .../libgcrypt/files/CVE-2021-33560.patch | 108 ++ > .../libgcrypt/libgcrypt_1.8.5.bb | 1 + > 2 files changed, 109 insertions(+) > create mode 100644 meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch > > diff --git a/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch > b/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch > new file mode 100644 > index 00..ba51af46b3 > --- /dev/null > +++ b/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch > @@ -0,0 +1,108 @@ > +From 3462280f2e23e16adf3ed5176e0f2413d8861320 Mon Sep 17 00:00:00 2001 > +From: NIIBE Yutaka > +Date: Fri, 21 May 2021 11:15:07 +0900 > +Subject: [PATCH] cipher: Fix ElGamal encryption for other implementations. > + > +* cipher/elgamal.c (gen_k): Remove support of smaller K. > +(do_encrypt): Never use smaller K. > +(sign): Folllow the change of gen_k. > + > +-- > + > +Cherry-pick master commit of: > + 632d80ef30e13de6926d503aa697f92b5dbfbc5e > + > +This change basically reverts encryption changes in two commits: > + > + 74386120dad6b3da62db37f7044267c8ef34689b > + 78531373a342aeb847950f404343a05e36022065 > + > +Use of smaller K for ephemeral key in ElGamal encryption is only good, > +when we can guarantee that recipient's key is generated by our > +implementation (or compatible). > + > +For detail, please see: > + > +Luca De Feo, Bertram Poettering, Alessandro Sorniotti, > +"On the (in)security of ElGamal in OpenPGP"; > +in the proceedings of CCS'2021. > + > +CVE: CVE-2021-33560 > +GnuPG-bug-id: 5328 > +Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti > +Signed-off-by: NIIBE Yutaka > +Signed-off-by: Saloni Jain > + > +Upstream-Status: Backport > [https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.gnupg.org%2Fcgi-bin%2Fgitweb.cgi%3Fp%3Dlibgcrypt.git%3Ba%3Dpatch%3Bh%3D3462280f2e23e16adf3ed5176e0f2413d8861320data=04%7C01%7CSaloni.Jain%40kpit.com%7Cab35b176f5054ba2760408d976cbd354%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637671440110090650%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=XEr2AaiwglyGxJRihsQJmNwA5jqW5mO%2FHHNOtWgoI1o%3Dreserved=0] > +Comment: No changes/refreshing done. > +--- > + cipher/elgamal.c | 24 ++-- > + 1 file changed, 6 insertions(+), 18 deletions(-) > + > +diff --git a/cipher/elgamal.c b/cipher/elgamal.c > +index 9835122f..eead4502 100644 > +--- a/cipher/elgamal.c > b/cipher/elgamal.c > +@@ -66,7 +66,7 @@ static const char *elg_names[] = > + > + > + static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie); > +-static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k); > ++static gcry_mpi_t gen_k (gcry_mpi_t p); > + static gcry_err_code_t generate (ELG_secret_key *sk, unsigned nbits, > + gcry_mpi_t **factors); > + static int check_secret_key (ELG_secret_key *sk); > +@@ -18
[OE-core] [poky][dunfell][PATCH] libxcrypt: Add fix for CVE-2021-33560
From: Saloni Jain Add fix for below CVE: CVE-2021-33560 Link: [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=patch;h=3462280f2e23e16adf3ed5176e0f2413d8861320] Signed-off-by: Saloni Jain --- .../libgcrypt/files/CVE-2021-33560.patch | 108 ++ .../libgcrypt/libgcrypt_1.8.5.bb | 1 + 2 files changed, 109 insertions(+) create mode 100644 meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch diff --git a/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch b/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch new file mode 100644 index 00..ba51af46b3 --- /dev/null +++ b/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch @@ -0,0 +1,108 @@ +From 3462280f2e23e16adf3ed5176e0f2413d8861320 Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka +Date: Fri, 21 May 2021 11:15:07 +0900 +Subject: [PATCH] cipher: Fix ElGamal encryption for other implementations. + +* cipher/elgamal.c (gen_k): Remove support of smaller K. +(do_encrypt): Never use smaller K. +(sign): Folllow the change of gen_k. + +-- + +Cherry-pick master commit of: + 632d80ef30e13de6926d503aa697f92b5dbfbc5e + +This change basically reverts encryption changes in two commits: + + 74386120dad6b3da62db37f7044267c8ef34689b + 78531373a342aeb847950f404343a05e36022065 + +Use of smaller K for ephemeral key in ElGamal encryption is only good, +when we can guarantee that recipient's key is generated by our +implementation (or compatible). + +For detail, please see: + +Luca De Feo, Bertram Poettering, Alessandro Sorniotti, +"On the (in)security of ElGamal in OpenPGP"; +in the proceedings of CCS'2021. + +CVE: CVE-2021-33560 +GnuPG-bug-id: 5328 +Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti +Signed-off-by: NIIBE Yutaka +Signed-off-by: Saloni Jain + +Upstream-Status: Backport [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=patch;h=3462280f2e23e16adf3ed5176e0f2413d8861320] +Comment: No changes/refreshing done. +--- + cipher/elgamal.c | 24 ++-- + 1 file changed, 6 insertions(+), 18 deletions(-) + +diff --git a/cipher/elgamal.c b/cipher/elgamal.c +index 9835122f..eead4502 100644 +--- a/cipher/elgamal.c b/cipher/elgamal.c +@@ -66,7 +66,7 @@ static const char *elg_names[] = + + + static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie); +-static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k); ++static gcry_mpi_t gen_k (gcry_mpi_t p); + static gcry_err_code_t generate (ELG_secret_key *sk, unsigned nbits, + gcry_mpi_t **factors); + static int check_secret_key (ELG_secret_key *sk); +@@ -189,11 +189,10 @@ test_keys ( ELG_secret_key *sk, unsigned int nbits, int nodie ) + + / + * Generate a random secret exponent k from prime p, so that k is +- * relatively prime to p-1. With SMALL_K set, k will be selected for +- * better encryption performance - this must never be used signing! ++ * relatively prime to p-1. + */ + static gcry_mpi_t +-gen_k( gcry_mpi_t p, int small_k ) ++gen_k( gcry_mpi_t p ) + { + gcry_mpi_t k = mpi_alloc_secure( 0 ); + gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) ); +@@ -202,18 +201,7 @@ gen_k( gcry_mpi_t p, int small_k ) + unsigned int nbits, nbytes; + char *rndbuf = NULL; + +- if (small_k) +-{ +- /* Using a k much lesser than p is sufficient for encryption and +- * it greatly improves the encryption performance. We use +- * Wiener's table and add a large safety margin. */ +- nbits = wiener_map( orig_nbits ) * 3 / 2; +- if( nbits >= orig_nbits ) +-BUG(); +-} +- else +-nbits = orig_nbits; +- ++ nbits = orig_nbits; + + nbytes = (nbits+7)/8; + if( DBG_CIPHER ) +@@ -492,7 +480,7 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey ) +* error code. +*/ + +- k = gen_k( pkey->p, 1 ); ++ k = gen_k( pkey->p ); + mpi_powm (a, pkey->g, k, pkey->p); + + /* b = (y^k * input) mod p +@@ -608,7 +596,7 @@ sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey ) + * + */ + mpi_sub_ui(p_1, p_1, 1); +-k = gen_k( skey->p, 0 /* no small K ! */ ); ++k = gen_k( skey->p ); + mpi_powm( a, skey->g, k, skey->p ); + mpi_mul(t, skey->x, a ); + mpi_subm(t, input, t, p_1 ); +-- +2.11.0 diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb index 16a58ad9b8..174b087b24 100644 --- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb +++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb @@ -28,6 +28,7 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ file://0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch \ file://0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch \ file://determinism.patch \ + fil
[OE-core] [poky][dunfell][PATCH] db: Whitelist CVEs
From: Saloni Jain Below CVE affects only Oracle Berkeley DB as per upstream. Hence, whitelisted them. 1. CVE-2015-2583 Link: https://security-tracker.debian.org/tracker/CVE-2015-2583 2. CVE-2015-2624 Link: https://security-tracker.debian.org/tracker/CVE-2015-2624 3. CVE-2015-2626 Link: https://security-tracker.debian.org/tracker/CVE-2015-2626 4. CVE-2015-2640 Link: https://security-tracker.debian.org/tracker/CVE-2015-2640 5. CVE-2015-2654 Link: https://security-tracker.debian.org/tracker/CVE-2015-2654 6. CVE-2015-2656 Link: https://security-tracker.debian.org/tracker/CVE-2015-2656 7. CVE-2015-4754 Link: https://security-tracker.debian.org/tracker/CVE-2015-4754 8. CVE-2015-4764 Link: https://security-tracker.debian.org/tracker/CVE-2015-4764 9. CVE-2015-4774 Link: https://security-tracker.debian.org/tracker/CVE-2015-4774 10. CVE-2015-4775 Link: https://security-tracker.debian.org/tracker/CVE-2015-4775 11. CVE-2015-4776 Link: https://security-tracker.debian.org/tracker/CVE-2015-4776 12. CVE-2015-4777 Link: https://security-tracker.debian.org/tracker/CVE-2015-4777 13. CVE-2015-4778 Link: https://security-tracker.debian.org/tracker/CVE-2015-4778 14. CVE-2015-4779 Link: https://security-tracker.debian.org/tracker/CVE-2015-4779 15. CVE-2015-4780 Link: https://security-tracker.debian.org/tracker/CVE-2015-4780 16. CVE-2015-4781 Link: https://security-tracker.debian.org/tracker/CVE-2015-4781 17. CVE-2015-4782 Link: https://security-tracker.debian.org/tracker/CVE-2015-4782 18. CVE-2015-4783 Link: https://security-tracker.debian.org/tracker/CVE-2015-4783 19. CVE-2015-4784 Link: https://security-tracker.debian.org/tracker/CVE-2015-4784 20. CVE-2015-4785 Link: https://security-tracker.debian.org/tracker/CVE-2015-4785 21. CVE-2015-4786 Link: https://security-tracker.debian.org/tracker/CVE-2015-4786 22. CVE-2015-4787 Link: https://security-tracker.debian.org/tracker/CVE-2015-4787 23. CVE-2015-4788 Link: https://security-tracker.debian.org/tracker/CVE-2015-4788 24. CVE-2015-4789 Link: https://security-tracker.debian.org/tracker/CVE-2015-4789 25. CVE-2015-4790 Link: https://security-tracker.debian.org/tracker/CVE-2015-4790 26. CVE-2016-0682 Link: https://security-tracker.debian.org/tracker/CVE-2016-0682 27. CVE-2016-0689 Link: https://security-tracker.debian.org/tracker/CVE-2016-0689 28. CVE-2016-0692 Link: https://security-tracker.debian.org/tracker/CVE-2016-0692 29. CVE-2016-0694 Link: https://security-tracker.debian.org/tracker/CVE-2016-0694 30. CVE-2016-3418 Link: https://security-tracker.debian.org/tracker/CVE-2016-3418 31. CVE-2017-3604 Link: https://security-tracker.debian.org/tracker/CVE-2017-3604 32. CVE-2017-3605 Link: https://security-tracker.debian.org/tracker/CVE-2017-3605 33. CVE-2017-3606 Link: https://security-tracker.debian.org/tracker/CVE-2017-3606 34. CVE-2017-3607 Link: https://security-tracker.debian.org/tracker/CVE-2017-3607 35. CVE-2017-3608 Link: https://security-tracker.debian.org/tracker/CVE-2017-3608 36. CVE-2017-3609 Link: https://security-tracker.debian.org/tracker/CVE-2017-3609 37. CVE-2017-3610 Link: https://security-tracker.debian.org/tracker/CVE-2017-3610 38. CVE-2017-3611 Link: https://security-tracker.debian.org/tracker/CVE-2017-3611 39. CVE-2017-3612 Link: https://security-tracker.debian.org/tracker/CVE-2017-3612 40. CVE-2017-3613 Link: https://security-tracker.debian.org/tracker/CVE-2017-3613 41. CVE-2017-3614 Link: https://security-tracker.debian.org/tracker/CVE-2017-3614 42. CVE-2017-3615 Link: https://security-tracker.debian.org/tracker/CVE-2017-3615 43. CVE-2017-3616 Link: https://security-tracker.debian.org/tracker/CVE-2017-3616 44. CVE-2017-3617 Link: https://security-tracker.debian.org/tracker/CVE-2017-3617 45. CVE-2020-2981 Link: https://security-tracker.debian.org/tracker/CVE-2020-2981 Signed-off-by: Saloni --- meta/recipes-support/db/db_5.3.28.bb | 92 1 file changed, 92 insertions(+) diff --git a/meta/recipes-support/db/db_5.3.28.bb b/meta/recipes-support/db/db_5.3.28.bb index b2ae98f05c..000e9ef468 100644 --- a/meta/recipes-support/db/db_5.3.28.bb +++ b/meta/recipes-support/db/db_5.3.28.bb @@ -39,6 +39,98 @@ SRC_URI[sha256sum] = "e0a992d740709892e81f9d93f06daf305cf73fb81b545afe7247804317 LIC_FILES_CHKSUM = "file://LICENSE;md5=ed1158e31437f4f87cdd4ab2b8613955" +# Below CVEs affects only Oracle Berkeley DB as per upstream. +# https://security-tracker.debian.org/tracker/CVE-2015-2583 +CVE_CHECK_WHITELIST += "CVE-2015-2583" +# https://security-tracker.debian.org/tracker/CVE-2015-2624 +CVE_CHECK_WHITELIST += "CVE-2015-2624" +# https://security-tracker.debian.org/tracker/CVE-2015-2626 +CVE_CHECK_WHITELIST += "CVE-2015-2626" +# https://security-tracker.debian.org/tracker/CVE-2015-2640 +CVE_CHECK_WHITELIST += "CVE-2015-2640" +# https://security-tracker.debian.org/tracker/CVE-2015-2654 +CVE_CHECK_WHITELIST += "CVE-2015-2654" +# https://security-tracker.debian.org/track
Re: [OE-core] [poky][dunfell][PATCH] openssh: Add fixes for CVEs reported for openssh
Hello, Sorry, please ignore the above mail, the changes have already been merged in dunfell branches, Thanks! Thanks & Regards, Saloni From: Saloni Jain Sent: Wednesday, July 14, 2021 6:18 PM To: openembedded-core@lists.openembedded.org ; raj.k...@gmail.com ; nishaparra...@gmail.com Subject: Re: [OE-core] [poky][dunfell][PATCH] openssh: Add fixes for CVEs reported for openssh Hello, Please take the below changes and merge them in upstream dunfell branch. Thanks & Regards, Saloni Thanks & Regards, Saloni From: openembedded-core@lists.openembedded.org on behalf of Nisha Parrakat via lists.openembedded.org Sent: Friday, May 28, 2021 11:54 PM To: openembedded-core@lists.openembedded.org ; raj.k...@gmail.com Cc: Sana Kazi Subject: [OE-core] [poky][dunfell][PATCH] openssh: Add fixes for CVEs reported for openssh From: Sana Kazi Applied patch for CVE-2020-14145 Link: https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanongit.mindrot.org%2Fopenssh.git%2Fpatch%2F%3Fid%3Db3855ff053f5078ec3d3c653cdaedefaa5fc362ddata=04%7C01%7Csaloni.jain%40kpit.com%7C9e4063537db7438df0b708d92205dda0%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637578230901384840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=58nmotzZqm2Po%2BHL7cacUspoI2mp3bigzMX%2B7cXWPcs%3Dreserved=0 Also, whitelisted below CVEs: 1.CVE-2020-15778: As per upstream, because of the way scp is based on a historical protocol called rcp which relies on that style of argument passing and therefore encounters expansion problems. Making changes to how the scp command line works breaks the pattern used by scp consumers. Upstream therefore recommends the use of rsync in the place of scp for better security. https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.redhat.com%2Fshow_bug.cgi%3Fid%3D1860487data=04%7C01%7Csaloni.jain%40kpit.com%7C9e4063537db7438df0b708d92205dda0%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637578230901384840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=D7a5ndV1zxZZoyL1%2FQC4IDm2NfzdhZZqAVL2twU1fyg%3Dreserved=0 2.CVE-2008-3844: It was reported in OpenSSH on Red Hat Enterprise Linux and certain packages may have been compromised. This CVE is not applicable as our source is OpenBSD. Links: https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecuritytracker.com%2Fid%3F1020730data=04%7C01%7Csaloni.jain%40kpit.com%7C9e4063537db7438df0b708d92205dda0%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637578230901384840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=FocRMgY0OzvtyRPecXK2mZEPApTJHBpYj0iLAkhbE3Q%3Dreserved=0 https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.securityfocus.com%2Fbid%2F30794data=04%7C01%7Csaloni.jain%40kpit.com%7C9e4063537db7438df0b708d92205dda0%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637578230901384840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=19HGox5nLLnCLciNmH2%2F7rSXyY8CxeR2JPB14LdpdpY%3Dreserved=0 Also, for CVE-2007-2768 no fix is available yet as it's unavoidable drawback of using one time passwords as per https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.suse.com%2Fshow_bug.cgi%3Fid%3DCVE-2007-2768data=04%7C01%7Csaloni.jain%40kpit.com%7C9e4063537db7438df0b708d92205dda0%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637578230901384840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=kK%2BD5EqSg8Kzy4zwiRjExvJ0twLz4GmObWrZ8tgHkP8%3Dreserved=0 Also it is marked as unimportant on debian https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2007-2768data=04%7C01%7Csaloni.jain%40kpit.com%7C9e4063537db7438df0b708d92205dda0%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637578230901384840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=FyhZJD1IsmrvacTdRJJv6xm3qpsjg7kuA3eIsw9iL48%3Dreserved=0 Mailed to CPE to update database for CVE-2020-15778, CVE-2008-3844 and CVE-2007-2768. We can upstream CVE-2020-14145 till we recieve response from CPE. Signed-off-by: Sana Kazi Signed-off-by: Nisha Parrakat --- .../openssh/openssh/CVE-2020-14145.patch | 97 +++ .../openssh/openssh_8.2p1.bb | 13 ++- 2 files changed, 109 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch new file mode 100644 index 00..3adb981fb4 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch @@ -0,0 +1
Re: [OE-core] [poky][dunfell][PATCH] openssh: Add fixes for CVEs reported for openssh
Hello, Please take the below changes and merge them in upstream dunfell branch. Thanks & Regards, Saloni Thanks & Regards, Saloni From: openembedded-core@lists.openembedded.org on behalf of Nisha Parrakat via lists.openembedded.org Sent: Friday, May 28, 2021 11:54 PM To: openembedded-core@lists.openembedded.org ; raj.k...@gmail.com Cc: Sana Kazi Subject: [OE-core] [poky][dunfell][PATCH] openssh: Add fixes for CVEs reported for openssh From: Sana Kazi Applied patch for CVE-2020-14145 Link: https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanongit.mindrot.org%2Fopenssh.git%2Fpatch%2F%3Fid%3Db3855ff053f5078ec3d3c653cdaedefaa5fc362ddata=04%7C01%7Csaloni.jain%40kpit.com%7C9e4063537db7438df0b708d92205dda0%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637578230901384840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=58nmotzZqm2Po%2BHL7cacUspoI2mp3bigzMX%2B7cXWPcs%3Dreserved=0 Also, whitelisted below CVEs: 1.CVE-2020-15778: As per upstream, because of the way scp is based on a historical protocol called rcp which relies on that style of argument passing and therefore encounters expansion problems. Making changes to how the scp command line works breaks the pattern used by scp consumers. Upstream therefore recommends the use of rsync in the place of scp for better security. https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.redhat.com%2Fshow_bug.cgi%3Fid%3D1860487data=04%7C01%7Csaloni.jain%40kpit.com%7C9e4063537db7438df0b708d92205dda0%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637578230901384840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=D7a5ndV1zxZZoyL1%2FQC4IDm2NfzdhZZqAVL2twU1fyg%3Dreserved=0 2.CVE-2008-3844: It was reported in OpenSSH on Red Hat Enterprise Linux and certain packages may have been compromised. This CVE is not applicable as our source is OpenBSD. Links: https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecuritytracker.com%2Fid%3F1020730data=04%7C01%7Csaloni.jain%40kpit.com%7C9e4063537db7438df0b708d92205dda0%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637578230901384840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=FocRMgY0OzvtyRPecXK2mZEPApTJHBpYj0iLAkhbE3Q%3Dreserved=0 https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.securityfocus.com%2Fbid%2F30794data=04%7C01%7Csaloni.jain%40kpit.com%7C9e4063537db7438df0b708d92205dda0%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637578230901384840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=19HGox5nLLnCLciNmH2%2F7rSXyY8CxeR2JPB14LdpdpY%3Dreserved=0 Also, for CVE-2007-2768 no fix is available yet as it's unavoidable drawback of using one time passwords as per https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.suse.com%2Fshow_bug.cgi%3Fid%3DCVE-2007-2768data=04%7C01%7Csaloni.jain%40kpit.com%7C9e4063537db7438df0b708d92205dda0%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637578230901384840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=kK%2BD5EqSg8Kzy4zwiRjExvJ0twLz4GmObWrZ8tgHkP8%3Dreserved=0 Also it is marked as unimportant on debian https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2007-2768data=04%7C01%7Csaloni.jain%40kpit.com%7C9e4063537db7438df0b708d92205dda0%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637578230901384840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=FyhZJD1IsmrvacTdRJJv6xm3qpsjg7kuA3eIsw9iL48%3Dreserved=0 Mailed to CPE to update database for CVE-2020-15778, CVE-2008-3844 and CVE-2007-2768. We can upstream CVE-2020-14145 till we recieve response from CPE. Signed-off-by: Sana Kazi Signed-off-by: Nisha Parrakat --- .../openssh/openssh/CVE-2020-14145.patch | 97 +++ .../openssh/openssh_8.2p1.bb | 13 ++- 2 files changed, 109 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch new file mode 100644 index 00..3adb981fb4 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch @@ -0,0 +1,97 @@ +From b3855ff053f5078ec3d3c653cdaedefaa5fc362d Mon Sep 17 00:00:00 2001 +From: "d...@openbsd.org" +Date: Fri, 18 Sep 2020 05:23:03 + +Subject: upstream: tweak the client hostkey preference ordering algorithm to + +prefer the default ordering if the user has a key that matches the +best-preference default algorithm. + +feedback and ok markus@ + +OpenBSD-Commit-ID: a92dd7d7520ddd95c0a16786a7519e6d0167d35f + +S
Re: [OE-core] [meta-java][dunfell][PATCH] xerces-j: Whitelisted CVE-2018-2799
Hi, Please take the below changes and merge them in upstream dunfell branch. Thanks & Regards, Saloni From: Saloni Jain Sent: Sunday, May 30, 2021 4:07 PM To: openembedded-core@lists.openembedded.org ; raj.k...@gmail.com Cc: Nisha Parrakat ; Saloni Jain Subject: [meta-java][dunfell][PATCH] xerces-j: Whitelisted CVE-2018-2799 From: Saloni Jain Whitelisted below CVE: CVE-2018-2799: CVE only applies to some Oracle Java SE and Red Hat Enterprise Linux versions which is already fixed with updates and the issue is closed. Link: https://access.redhat.com/security/cve/CVE-2018-2799 Link: https://bugzilla.redhat.com/show_bug.cgi?id=1567542 Signed-off-by: Saloni --- recipes-core/xerces-j/xerces-j_2.11.0.bb | 6 ++ 1 file changed, 6 insertions(+) diff --git a/recipes-core/xerces-j/xerces-j_2.11.0.bb b/recipes-core/xerces-j/xerces-j_2.11.0.bb index 98ef32f..f2a4434 100644 --- a/recipes-core/xerces-j/xerces-j_2.11.0.bb +++ b/recipes-core/xerces-j/xerces-j_2.11.0.bb @@ -14,6 +14,12 @@ LIC_FILES_CHKSUM = " \ SRC_URI = "http://archive.apache.org/dist/xerces/j/Xerces-J-src.${PV}.tar.gz; +# CVE only applies to some Oracle Java SE and Red Hat Enterprise Linux versions. +# Already fixed with updates and closed. +# https://access.redhat.com/security/cve/CVE-2018-2799 +# https://bugzilla.redhat.com/show_bug.cgi?id=1567542 +CVE_CHECK_WHITELIST += "CVE-2018-2799" + S = "${WORKDIR}/xerces-2_11_0" inherit java-library -- 2.17.1 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#153768): https://lists.openembedded.org/g/openembedded-core/message/153768 Mute This Topic: https://lists.openembedded.org/mt/83186189/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [meta-java][dunfell][PATCH] xerces-j: Whitelisted CVE-2018-2799
From: Saloni Jain Whitelisted below CVE: CVE-2018-2799: CVE only applies to some Oracle Java SE and Red Hat Enterprise Linux versions which is already fixed with updates and the issue is closed. Link: https://access.redhat.com/security/cve/CVE-2018-2799 Link: https://bugzilla.redhat.com/show_bug.cgi?id=1567542 Signed-off-by: Saloni --- recipes-core/xerces-j/xerces-j_2.11.0.bb | 6 ++ 1 file changed, 6 insertions(+) diff --git a/recipes-core/xerces-j/xerces-j_2.11.0.bb b/recipes-core/xerces-j/xerces-j_2.11.0.bb index 98ef32f..f2a4434 100644 --- a/recipes-core/xerces-j/xerces-j_2.11.0.bb +++ b/recipes-core/xerces-j/xerces-j_2.11.0.bb @@ -14,6 +14,12 @@ LIC_FILES_CHKSUM = " \ SRC_URI = "http://archive.apache.org/dist/xerces/j/Xerces-J-src.${PV}.tar.gz; +# CVE only applies to some Oracle Java SE and Red Hat Enterprise Linux versions. +# Already fixed with updates and closed. +# https://access.redhat.com/security/cve/CVE-2018-2799 +# https://bugzilla.redhat.com/show_bug.cgi?id=1567542 +CVE_CHECK_WHITELIST += "CVE-2018-2799" + S = "${WORKDIR}/xerces-2_11_0" inherit java-library -- 2.17.1 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#152425): https://lists.openembedded.org/g/openembedded-core/message/152425 Mute This Topic: https://lists.openembedded.org/mt/83186189/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [meta-oe][dunfell][PATCH] fuse: Whitelisted CVE-2019-14860
Hi Anuj, Thankyou for the inputs. Will send another patch with version 2 in devel list. Thanks & Regards, Saloni From: Mittal, Anuj Sent: Friday, April 9, 2021 12:21 PM To: openembedded-core@lists.openembedded.org ; Saloni Jain ; raj.k...@gmail.com Cc: Nisha Parrakat Subject: Re: [OE-core] [meta-oe][dunfell][PATCH] fuse: Whitelisted CVE-2019-14860 This patch should go to openembedded-de...@lists.openembedded.org. I think the correct solution here would be to add CVE_PRODUCT = "fuse_project:fuse" in the recipe to differentiate it from "redhat:fuse". Thanks, Anuj On Fri, 2021-04-09 at 12:04 +0530, saloni wrote: > CVE-2019-14860 is a REDHAT specific issue and > was addressed for REDHAT Fuse products on > Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0. > REDHAT has also released the fix and updated their > security advisories after significant releases. > Hence, whitelited the CVE-2019-14860. > > Link: > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Faccess.redhat.com%2Fsecurity%2Fcve%2Fcve-2019-14860data=04%7C01%7Csaloni.jain%40kpit.com%7C6627a132de1241e7e00908d8fb23f991%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637535479248127831%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=tV7hFBfC9GEyCMZc97AEA%2FNG2VFBXAjh5WdRCiwvJCw%3Dreserved=0 > Link: > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Faccess.redhat.com%2Ferrata%2FRHSA-2019%3A3244data=04%7C01%7Csaloni.jain%40kpit.com%7C6627a132de1241e7e00908d8fb23f991%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637535479248127831%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=LnP1BW%2FvzhT1vFcTwB9nBwqy%2BmsiNN2aX6hSstd1YCA%3Dreserved=0 > Link: > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Faccess.redhat.com%2Ferrata%2FRHSA-2019%3A3892data=04%7C01%7Csaloni.jain%40kpit.com%7C6627a132de1241e7e00908d8fb23f991%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637535479248127831%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=VlLAdm2H%2Fu%2F9rLKV3Wj7hdHeMHJnR7sSovAIRflroqo%3Dreserved=0 > > Signed-off-by: Saloni Jain > --- > meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb | 4 > 1 file changed, 4 insertions(+) > > diff --git a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb > b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb > index 2c272d452..601232c6b 100644 > --- a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb > +++ b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb > @@ -19,6 +19,10 @@ SRC_URI = > "https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Flibfuse%2Flibfuse%2Freleases%2Fdownload%2F%24data=04%7C01%7Csaloni.jain%40kpit.com%7C6627a132de1241e7e00908d8fb23f991%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637535479248127831%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=niPqtkGW3h%2BbJQXXMrM%2Fqm%2F2YB4Fty1oiXniQUyrjI8%3Dreserved=0{BP}/${BP}.tar > . > SRC_URI[md5sum] = "8000410aadc9231fd48495f7642f3312" > SRC_URI[sha256sum] = > "d0e69d5d608cc22ff4843791ad097f554dd32540ddc9bed7638cc6fea7c1b4b5" > > +# CVE-2019-14860 is a REDHAT specific issue and was addressed for > REDHAT Fuse products on Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0. > +# REDHAT has also released the fix and updated their security > advisories after significant releases. > +CVE_CHECK_WHITELIST += "CVE-2019-14860" > + > UPSTREAM_CHECK_URI = > "https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Flibfuse%2Flibfuse%2Freleasesdata=04%7C01%7Csaloni.jain%40kpit.com%7C6627a132de1241e7e00908d8fb23f991%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637535479248127831%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=gjZBj5RhqtOdvvvH0uDpKtHvmpOaNV1%2F1s9RYmgx%2F3c%3Dreserved=0; > UPSTREAM_CHECK_REGEX = "fuse\-(?P2(\.\d+)+).tar.gz" > > -- > 2.17.1 > > This message contains information that may be privileged or > confidential and is the property of the KPIT Technologies Ltd. It is > intended only for the person to whom it is addressed. If you are not > the intended recipient, you are not authorized to read, print, retain > copy, disseminate, distribute, or use this message or any part > thereof. If you receive this message in error, please notify the > sender immediately and delete all copies of this message. KPIT > Technologies Ltd. does not accept any liability for virus infected > mails. > > > This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is
[OE-core] [meta-oe][dunfell][PATCH] fuse: Whitelisted CVE-2019-14860
CVE-2019-14860 is a REDHAT specific issue and was addressed for REDHAT Fuse products on Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0. REDHAT has also released the fix and updated their security advisories after significant releases. Hence, whitelited the CVE-2019-14860. Link: https://access.redhat.com/security/cve/cve-2019-14860 Link: https://access.redhat.com/errata/RHSA-2019:3244 Link: https://access.redhat.com/errata/RHSA-2019:3892 Signed-off-by: Saloni Jain --- meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb | 4 1 file changed, 4 insertions(+) diff --git a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb index 2c272d452..601232c6b 100644 --- a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb +++ b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb @@ -19,6 +19,10 @@ SRC_URI = "https://github.com/libfuse/libfuse/releases/download/${BP}/${BP}.tar. SRC_URI[md5sum] = "8000410aadc9231fd48495f7642f3312" SRC_URI[sha256sum] = "d0e69d5d608cc22ff4843791ad097f554dd32540ddc9bed7638cc6fea7c1b4b5" +# CVE-2019-14860 is a REDHAT specific issue and was addressed for REDHAT Fuse products on Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0. +# REDHAT has also released the fix and updated their security advisories after significant releases. +CVE_CHECK_WHITELIST += "CVE-2019-14860" + UPSTREAM_CHECK_URI = "https://github.com/libfuse/libfuse/releases; UPSTREAM_CHECK_REGEX = "fuse\-(?P2(\.\d+)+).tar.gz" -- 2.17.1 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#150326): https://lists.openembedded.org/g/openembedded-core/message/150326 Mute This Topic: https://lists.openembedded.org/mt/81962404/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [poky][dunfell][PATCH] glibc: Add and modify CVEs
Hello Raj, Yes, checked the discussion and patch on the mailing list in the evening. https://lists.openembedded.org/g/openembedded-core/topic/dunfell_patch_glibc_pull/81482348?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,40,81482348 Updating to latest 2.31 version will make the below patches obsolete and will be whitelisted, hence below changes can be ignored. Thanks & Regards, Saloni Jain From: Khem Raj Sent: Monday, March 22, 2021 9:58 PM To: Saloni Jain ; openembedded-core@lists.openembedded.org Cc: Nisha Parrakat Subject: Re: [poky][dunfell][PATCH] glibc: Add and modify CVEs There is another patch on mailing lists to update to latest 2.31 which should perhaps address these ? On 3/22/21 3:27 AM, Saloni Jain wrote: > Below patch is modified: > 1. CVE-2019-25013 > The previous patch was modified for dunfell > context and causing conflict for CVE-2021-3326. > Hence, the original patch is backported. > Link: > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2020-27618data=04%7C01%7CSaloni.Jain%40kpit.com%7C35f4f714238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637520273080304204%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=6CnKJfxFf4NpxDANqbuB4wcc3tiRRNF5D%2FKBm18Dq%2FA%3Dreserved=0 > Link: > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceware.org%2Fgit%2F%3Fp%3Dglibc.git%3Ba%3Dpatch%3Bh%3D9a99c682144bdbd40792ebf822fe9264e0376fb5data=04%7C01%7CSaloni.Jain%40kpit.com%7C35f4f714238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637520273080314201%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=is4p3gAjo7AJjCtWRldupysJakNlQWLhkxaxNcIPvMI%3Dreserved=0 > > Below patch is added: > 1. CVE-2021-3326 > Link: > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.redhat.com%2Fshow_bug.cgi%3Fid%3D1932589data=04%7C01%7CSaloni.Jain%40kpit.com%7C35f4f714238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637520273080314201%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=QIfO6Z9aDldMkDe4nTGwPJO0bF%2F0ovXj%2FEk3nio62sU%3Dreserved=0 > Link: > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceware.org%2Fgit%2F%3Fp%3Dglibc.git%3Ba%3Dpatch%3Bh%3Ddca565886b5e8bd7966e15f0ca42ee5cff686673data=04%7C01%7CSaloni.Jain%40kpit.com%7C35f4f714238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637520273080314201%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=xNOEDHc6hkgt4hYNZ5pHanGB9bLrpoUSqda33FAoldI%3Dreserved=0 > > Signed-off-by: Saloni Jain > --- > .../glibc/glibc/CVE-2019-25013.patch | 52 +-- > .../glibc/glibc/CVE-2021-3326.patch | 297 ++ > meta/recipes-core/glibc/glibc_2.31.bb | 3 +- > 3 files changed, 328 insertions(+), 24 deletions(-) > create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-3326.patch > > diff --git a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch > b/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch > index 73df1da868..3e446f2818 100644 > --- a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch > +++ b/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch > @@ -8,12 +8,14 @@ area and is not allowed. The from_euc_kr function used to > skip two bytes > when told to skip over the unknown designation, potentially running over > the buffer end. > > -Upstream-Status: Backport > [https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceware.org%2Fgit%2F%3Fp%3Dglibc.git%3Ba%3Dpatch%3Bh%3Dee7a3144c9922808181009b7b3e50e852fb4999bdata=04%7C01%7CSaloni.Jain%40kpit.com%7C35f4f714238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637520273080314201%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=R5euqxZd1HbzdIQR%2FVPoxa7NIHxIVEy1O%2FBQosTcZPo%3Dreserved=0] > CVE: CVE-2019-25013 > -Signed-off-by: Scott Murray > -[Refreshed for Dundell context; Makefile changes] > -Signed-off-by: Armin Kuster > +Upstream Status: Backport > [https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceware.org%2Fgit%2F%3Fp%3Dglibc.git%3Ba%3Dpatch%3Bh%3Dee7a3144c9922808181009b7b3e50e852fb4999bdata=04%7C01%7CSaloni.Jain%40kpit.com%7C35f4f714238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637520273080314201%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=R5euqxZd1HbzdIQR%2FVPoxa7NIHxIVEy1O%2FBQosTcZPo%3Dreserved=0] > +Comment: No change in any hunk > > +The previous change was m
[OE-core] [poky][dunfell][PATCH] glibc: Add and modify CVEs
Below patch is modified: 1. CVE-2019-25013 The previous patch was modified for dunfell context and causing conflict for CVE-2021-3326. Hence, the original patch is backported. Link: https://security-tracker.debian.org/tracker/CVE-2020-27618 Link: https://sourceware.org/git/?p=glibc.git;a=patch;h=9a99c682144bdbd40792ebf822fe9264e0376fb5 Below patch is added: 1. CVE-2021-3326 Link: https://bugzilla.redhat.com/show_bug.cgi?id=1932589 Link: https://sourceware.org/git/?p=glibc.git;a=patch;h=dca565886b5e8bd7966e15f0ca42ee5cff686673 Signed-off-by: Saloni Jain --- .../glibc/glibc/CVE-2019-25013.patch | 52 +-- .../glibc/glibc/CVE-2021-3326.patch | 297 ++ meta/recipes-core/glibc/glibc_2.31.bb | 3 +- 3 files changed, 328 insertions(+), 24 deletions(-) create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-3326.patch diff --git a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch b/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch index 73df1da868..3e446f2818 100644 --- a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch +++ b/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch @@ -8,12 +8,14 @@ area and is not allowed. The from_euc_kr function used to skip two bytes when told to skip over the unknown designation, potentially running over the buffer end. -Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=patch;h=ee7a3144c9922808181009b7b3e50e852fb4999b] CVE: CVE-2019-25013 -Signed-off-by: Scott Murray -[Refreshed for Dundell context; Makefile changes] -Signed-off-by: Armin Kuster +Upstream Status: Backport [https://sourceware.org/git/?p=glibc.git;a=patch;h=ee7a3144c9922808181009b7b3e50e852fb4999b] +Comment: No change in any hunk +The previous change was modified for dunfell context, causing conflict +for CVE-2021-3326. Hence, the original patch is backported. + +Signed-off-by: Saloni Jain --- iconvdata/Makefile | 3 ++- iconvdata/bug-iconv13.c | 53 + @@ -22,23 +24,25 @@ Signed-off-by: Armin Kuster 4 files changed, 59 insertions(+), 9 deletions(-) create mode 100644 iconvdata/bug-iconv13.c -Index: git/iconvdata/Makefile -=== git.orig/iconvdata/Makefile -+++ git/iconvdata/Makefile -@@ -73,7 +73,7 @@ modules.so := $(addsuffix .so, $(modules +diff --git a/iconvdata/Makefile b/iconvdata/Makefile +index 4ec2741cdc..85009f3390 100644 +--- a/iconvdata/Makefile b/iconvdata/Makefile +@@ -73,7 +73,8 @@ ifeq (yes,$(build-shared)) tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \ tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \ - bug-iconv10 bug-iconv11 bug-iconv12 -+ bug-iconv10 bug-iconv11 bug-iconv12 bug-iconv13 ++ bug-iconv10 bug-iconv11 bug-iconv12 tst-iconv-big5-hkscs-to-2ucs4 \ ++ bug-iconv13 ifeq ($(have-thread-library),yes) tests += bug-iconv3 endif -Index: git/iconvdata/bug-iconv13.c -=== +diff --git a/iconvdata/bug-iconv13.c b/iconvdata/bug-iconv13.c +new file mode 100644 +index 00..87aaff398e --- /dev/null -+++ git/iconvdata/bug-iconv13.c b/iconvdata/bug-iconv13.c @@ -0,0 +1,53 @@ +/* bug 24973: Test EUC-KR module + Copyright (C) 2020 Free Software Foundation, Inc. @@ -93,11 +97,11 @@ Index: git/iconvdata/bug-iconv13.c +} + +#include -Index: git/iconvdata/euc-kr.c -=== git.orig/iconvdata/euc-kr.c -+++ git/iconvdata/euc-kr.c -@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned c +diff --git a/iconvdata/euc-kr.c b/iconvdata/euc-kr.c +index b0d56cf3ee..1045bae926 100644 +--- a/iconvdata/euc-kr.c b/iconvdata/euc-kr.c +@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned char *cp) \ if (ch <= 0x9f) \ ++inptr; \ @@ -110,11 +114,11 @@ Index: git/iconvdata/euc-kr.c { \ /* This is illegal. */ \ STANDARD_FROM_LOOP_ERR_HANDLER (1); \ -Index: git/iconvdata/ksc5601.h -=== git.orig/iconvdata/ksc5601.h -+++ git/iconvdata/ksc5601.h -@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s +diff --git a/iconvdata/ksc5601.h b/iconvdata/ksc5601.h +index d3eb3a4ff8..f5cdc72797 100644 +--- a/iconvdata/ksc5601.h b/iconvdata/ksc5601.h +@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s, size_t avail, unsigned char offset) unsigned char ch2; int idx; @@ -133,3 +137,5 @@ Index:
[OE-core] [poky][dunfell][PATCH] glibc: Add and modify CVEs
Below patch is modified: 1. CVE-2019-25013 The previous patch was modified for dunfell context and causing conflict for CVE-2021-3326. Hence, the original patch is backported. Link: https://security-tracker.debian.org/tracker/CVE-2020-27618 Link: https://sourceware.org/git/?p=glibc.git;a=patch;h=9a99c682144bdbd40792ebf822fe9264e0376fb5 Below patch is added: 1. CVE-2021-3326 Link: https://bugzilla.redhat.com/show_bug.cgi?id=1932589 Link: https://sourceware.org/git/?p=glibc.git;a=patch;h=dca565886b5e8bd7966e15f0ca42ee5cff686673 Signed-off-by: Saloni Jain --- .../glibc/glibc/CVE-2019-25013.patch | 52 +-- .../glibc/glibc/CVE-2021-3326.patch | 297 ++ meta/recipes-core/glibc/glibc_2.31.bb | 3 +- 3 files changed, 328 insertions(+), 24 deletions(-) create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-3326.patch diff --git a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch b/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch index 73df1da868..3e446f2818 100644 --- a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch +++ b/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch @@ -8,12 +8,14 @@ area and is not allowed. The from_euc_kr function used to skip two bytes when told to skip over the unknown designation, potentially running over the buffer end. -Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=patch;h=ee7a3144c9922808181009b7b3e50e852fb4999b] CVE: CVE-2019-25013 -Signed-off-by: Scott Murray -[Refreshed for Dundell context; Makefile changes] -Signed-off-by: Armin Kuster +Upstream Status: Backport [https://sourceware.org/git/?p=glibc.git;a=patch;h=ee7a3144c9922808181009b7b3e50e852fb4999b] +Comment: No change in any hunk +The previous change was modified for dunfell context, causing conflict +for CVE-2021-3326. Hence, the original patch is backported. + +Signed-off-by: Saloni Jain --- iconvdata/Makefile | 3 ++- iconvdata/bug-iconv13.c | 53 + @@ -22,23 +24,25 @@ Signed-off-by: Armin Kuster 4 files changed, 59 insertions(+), 9 deletions(-) create mode 100644 iconvdata/bug-iconv13.c -Index: git/iconvdata/Makefile -=== git.orig/iconvdata/Makefile -+++ git/iconvdata/Makefile -@@ -73,7 +73,7 @@ modules.so := $(addsuffix .so, $(modules +diff --git a/iconvdata/Makefile b/iconvdata/Makefile +index 4ec2741cdc..85009f3390 100644 +--- a/iconvdata/Makefile b/iconvdata/Makefile +@@ -73,7 +73,8 @@ ifeq (yes,$(build-shared)) tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \ tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \ - bug-iconv10 bug-iconv11 bug-iconv12 -+ bug-iconv10 bug-iconv11 bug-iconv12 bug-iconv13 ++ bug-iconv10 bug-iconv11 bug-iconv12 tst-iconv-big5-hkscs-to-2ucs4 \ ++ bug-iconv13 ifeq ($(have-thread-library),yes) tests += bug-iconv3 endif -Index: git/iconvdata/bug-iconv13.c -=== +diff --git a/iconvdata/bug-iconv13.c b/iconvdata/bug-iconv13.c +new file mode 100644 +index 00..87aaff398e --- /dev/null -+++ git/iconvdata/bug-iconv13.c b/iconvdata/bug-iconv13.c @@ -0,0 +1,53 @@ +/* bug 24973: Test EUC-KR module + Copyright (C) 2020 Free Software Foundation, Inc. @@ -93,11 +97,11 @@ Index: git/iconvdata/bug-iconv13.c +} + +#include -Index: git/iconvdata/euc-kr.c -=== git.orig/iconvdata/euc-kr.c -+++ git/iconvdata/euc-kr.c -@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned c +diff --git a/iconvdata/euc-kr.c b/iconvdata/euc-kr.c +index b0d56cf3ee..1045bae926 100644 +--- a/iconvdata/euc-kr.c b/iconvdata/euc-kr.c +@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned char *cp) \ if (ch <= 0x9f) \ ++inptr; \ @@ -110,11 +114,11 @@ Index: git/iconvdata/euc-kr.c { \ /* This is illegal. */ \ STANDARD_FROM_LOOP_ERR_HANDLER (1); \ -Index: git/iconvdata/ksc5601.h -=== git.orig/iconvdata/ksc5601.h -+++ git/iconvdata/ksc5601.h -@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s +diff --git a/iconvdata/ksc5601.h b/iconvdata/ksc5601.h +index d3eb3a4ff8..f5cdc72797 100644 +--- a/iconvdata/ksc5601.h b/iconvdata/ksc5601.h +@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s, size_t avail, unsigned char offset) unsigned char ch2; int idx; @@ -133,3 +137,5 @@ Index:
[OE-core] [meta-oe][master][dunfell][gatesgarth][PATCH] neon: use pkg-config instead of xml2-config to configure
From: Nisha Parrakat xml2-config is broken for neon. if packageconfig libxml2, webdav, zlib is enabled for neon we get the following configure error in the yocto build. | configure: WebDAV support is enabled | checking for xml2-config... xml2-config | ERROR: /usr/bin/xml2-config should not be used, use an alternative such as pkg-config | ERROR: /usr/bin/xml2-config should not be used, use an alternative such as pkg-config | ERROR: /usr/bin/xml2-config should not be used, use an alternative such as pkg-config | checking libxml/xmlversion.h usability... no | checking libxml/xmlversion.h presence... no | checking for libxml/xmlversion.h... no | configure: error: could not find parser.h, libxml installation problem? | WARNING: exit code 1 from a shell command. The patch lets configure use pkg-config Signed-off-by: Nisha Parrakat Signed-off-by: Saloni Jain --- .../neon/fix-package-check-for-libxml2.patch | 50 +++ meta-oe/recipes-support/neon/neon_0.30.2.bb | 1 + 2 files changed, 51 insertions(+) create mode 100644 meta-oe/recipes-support/neon/neon/fix-package-check-for-libxml2.patch diff --git a/meta-oe/recipes-support/neon/neon/fix-package-check-for-libxml2.patch b/meta-oe/recipes-support/neon/neon/fix-package-check-for-libxml2.patch new file mode 100644 index 0..9363c6d5e --- /dev/null +++ b/meta-oe/recipes-support/neon/neon/fix-package-check-for-libxml2.patch @@ -0,0 +1,50 @@ +neon: Change the neon configure to use pkg-config instead of xml2-config + +xml2-config is broken for neon +if packageconfig libxml2, webdav, zlib is enabled for neon +we get the following configure error in the yocto build + +| configure: WebDAV support is enabled +| checking for xml2-config... xml2-config +| ERROR: /usr/bin/xml2-config should not be used, use an alternative such as pkg-config +| ERROR: /usr/bin/xml2-config should not be used, use an alternative such as pkg-config +| ERROR: /usr/bin/xml2-config should not be used, use an alternative such as pkg-config +| checking libxml/xmlversion.h usability... no +| checking libxml/xmlversion.h presence... no +| checking for libxml/xmlversion.h... no +| configure: error: could not find parser.h, libxml installation problem? +| WARNING: exit code 1 from a shell command. + +The patch lets configure use pkg-config + +Upstream-Status: inappropriate +(Upstream suggests to use latest 0.31 as per the discussion +https://github.com/notroj/neon/discussions/47) + +Signed-off-by: Nisha Parrakat +--- a/macros/neon-xml-parser.m42008-07-19 23:52:35.0 +0200 b/macros/neon-xml-parser.m42021-02-15 23:56:59.202751257 +0100 +@@ -44,17 +44,17 @@ + + dnl Find libxml2: run $1 if found, else $2 + AC_DEFUN([NE_XML_LIBXML2], [ +-AC_CHECK_PROG(XML2_CONFIG, xml2-config, xml2-config) ++AC_CHECK_PROG(XML2_CONFIG, pkg-config, pkg-config) + if test -n "$XML2_CONFIG"; then +-neon_xml_parser_message="libxml `$XML2_CONFIG --version`" + AC_DEFINE(HAVE_LIBXML, 1, [Define if you have libxml]) +-# xml2-config in some versions erroneously includes -I/include +-# in the --cflags output. +-CPPFLAGS="$CPPFLAGS `$XML2_CONFIG --cflags | sed 's| -I/include||g'`" +-NEON_LIBS="$NEON_LIBS `$XML2_CONFIG --libs | sed 's|-L/usr/lib ||g'`" ++PKG_CHECK_MODULES(XML, libxml-2.0 >= 2.4) ++AC_MSG_NOTICE([libxmlfound CFlags : , ${XML_CFLAGS}]) ++CPPFLAGS="$CPPFLAGS ${XML_CFLAGS}" ++NEON_LIBS="$NEON_LIBS ${XML_LIBS}" + AC_CHECK_HEADERS(libxml/xmlversion.h libxml/parser.h,,[ + AC_MSG_ERROR([could not find parser.h, libxml installation problem?])]) + neon_xml_parser=libxml2 ++neon_xml_parser_message="libxml2" + else + $1 + fi diff --git a/meta-oe/recipes-support/neon/neon_0.30.2.bb b/meta-oe/recipes-support/neon/neon_0.30.2.bb index 00b79f633..63676a98b 100644 --- a/meta-oe/recipes-support/neon/neon_0.30.2.bb +++ b/meta-oe/recipes-support/neon/neon_0.30.2.bb @@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://src/COPYING.LIB;md5=f30a9716ef3762e3467a2f62bf790f0a SRC_URI = "${DEBIAN_MIRROR}/main/n/neon27/neon27_${PV}.orig.tar.gz \ file://pkgconfig.patch \ + file://fix-package-check-for-libxml2.patch \ " SRC_URI[md5sum] = "e28d77bf14032d7f5046b3930704ef41" -- 2.17.1 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. Vi
[OE-core] [poky][master][PATCH] openssl: whitelisted CVE-2018-12433, CVE-2018-12437, CVE-2018-12438
From: "Saloni.Jain" Whitelisted below CVEs: 1. CVE-2018-12433 is disputed and reported for crypt libraries. Link: https://security-tracker.debian.org/tracker/CVE-2018-12433 Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12433 2. CVE-2018-12437 is reported for libtomcrypt and is duplicate of CVE-2018-0495. Link: https://security-tracker.debian.org/tracker/CVE-2018-12437 Link: https://github.com/libtom/libtomcrypt/pull/408 Link: https://access.redhat.com/security/cve/CVE-2018-12437 3. CVE-2018-12438 is also reported for crypt libraries and no details are available for which versions are affected. Link: https://security-tracker.debian.org/tracker/CVE-2018-12438 Link: https://ubuntu.com/security/CVE-2018-12438 Signed-off-by: Saloni Jain --- meta/recipes-connectivity/openssl/openssl_1.1.1j.bb | 10 ++ 1 file changed, 10 insertions(+) diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb index 181790e6ab..3d96533580 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb @@ -241,3 +241,13 @@ CVE_VERSION_SUFFIX = "alphabetical" # Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37 # Apache in meta-webserver is already recent enough CVE_CHECK_WHITELIST += "CVE-2019-0190" + +# CVE-2018-12433 is disputed and reported for crypt libraries +CVE_CHECK_WHITELIST += "CVE-2018-12433" + +# CVE-2018-12437 is reported for libtomcrypt and is duplicate of CVE-2018-0495 +CVE_CHECK_WHITELIST += "CVE-2018-12437" + +# CVE-2018-12438 is also reported for crypt libraries and no details are +# available for which versions are affected. +CVE_CHECK_WHITELIST += "CVE-2018-12438" -- 2.17.1 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#149083): https://lists.openembedded.org/g/openembedded-core/message/149083 Mute This Topic: https://lists.openembedded.org/mt/81154980/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [poky][dunfell][PATCH] openssl: whitelisted CVE-2018-12433, CVE-2018-12437, CVE-2018-12438
From: "Saloni.Jain" Whitelisted below CVEs: 1. CVE-2018-12433 is disputed and reported for crypt libraries. Link: https://security-tracker.debian.org/tracker/CVE-2018-12433 Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12433 2. CVE-2018-12437 is reported for libtomcrypt and is duplicate of CVE-2018-0495. Link: https://security-tracker.debian.org/tracker/CVE-2018-12437 Link: https://github.com/libtom/libtomcrypt/pull/408 Link: https://access.redhat.com/security/cve/CVE-2018-12437 3. CVE-2018-12438 is also reported for crypt libraries and no details are available for which versions are affected. Link: https://security-tracker.debian.org/tracker/CVE-2018-12438 Link: https://ubuntu.com/security/CVE-2018-12438 Signed-off-by: Saloni Jain --- meta/recipes-connectivity/openssl/openssl_1.1.1j.bb | 10 ++ 1 file changed, 10 insertions(+) diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb index 181790e6ab..3d96533580 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb @@ -241,3 +241,13 @@ CVE_VERSION_SUFFIX = "alphabetical" # Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37 # Apache in meta-webserver is already recent enough CVE_CHECK_WHITELIST += "CVE-2019-0190" + +# CVE-2018-12433 is disputed and reported for crypt libraries +CVE_CHECK_WHITELIST += "CVE-2018-12433" + +# CVE-2018-12437 is reported for libtomcrypt and is duplicate of CVE-2018-0495 +CVE_CHECK_WHITELIST += "CVE-2018-12437" + +# CVE-2018-12438 is also reported for crypt libraries and no details are +# available for which versions are affected. +CVE_CHECK_WHITELIST += "CVE-2018-12438" -- 2.17.1 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#148929): https://lists.openembedded.org/g/openembedded-core/message/148929 Mute This Topic: https://lists.openembedded.org/mt/81074022/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][meta-oe][dunfell][PATCH] tcpdump: Added CVE tag inside patch
From: Saloni Jain CVE tag was missing inside the patch file which is the remedy for CVE-2020-8037, hence CVE-2020-8037 will still be reported in CVE checker cycle. Hence, added CVE tag inside patch file to resolve the issue. Signed-off-by: Saloni.Jain --- ...-PPP-When-un-escaping-don-t-allocate-a-too-large-buff.patch | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta-networking/recipes-support/tcpdump/tcpdump/0001-PPP-When-un-escaping-don-t-allocate-a-too-large-buff.patch b/meta-networking/recipes-support/tcpdump/tcpdump/0001-PPP-When-un-escaping-don-t-allocate-a-too-large-buff.patch index 9b74e00c5..0db8854ec 100644 --- a/meta-networking/recipes-support/tcpdump/tcpdump/0001-PPP-When-un-escaping-don-t-allocate-a-too-large-buff.patch +++ b/meta-networking/recipes-support/tcpdump/tcpdump/0001-PPP-When-un-escaping-don-t-allocate-a-too-large-buff.patch @@ -9,9 +9,10 @@ if we haven't captured all of it. (backported from commit e4add0b010ed6f2180dcb05a13026242ed935334) +CVE: CVE-2020-8037 Upstream-Status: Backport Signed-off-by: Stacy Gaikovaia - +Signed-off-by: Saloni Jain --- print-ppp.c | 18 ++ 1 file changed, 14 insertions(+), 4 deletions(-) -- 2.17.1 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#148781): https://lists.openembedded.org/g/openembedded-core/message/148781 Mute This Topic: https://lists.openembedded.org/mt/80990423/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [poky][master][dunfell][gatesgarth][PATCH] strace: Whitelisted CVE-2000-0006
CVE-2000-0006 is not a valid bug number nor an alias to a bug and no remedy for the CVE is available till now. Hence, can be marked whitelisted. Signed-off-by: Saloni Jain --- meta/recipes-devtools/strace/strace_5.10.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-devtools/strace/strace_5.10.bb b/meta/recipes-devtools/strace/strace_5.10.bb index 22572fb..87d1a9c 100644 --- a/meta/recipes-devtools/strace/strace_5.10.bb +++ b/meta/recipes-devtools/strace/strace_5.10.bb @@ -15,6 +15,9 @@ SRC_URI = "https://strace.io/files/${PV}/strace-${PV}.tar.xz \ file://uintptr_t.patch \ file://0001-strace-fix-reproducibilty-issues.patch \ " +#CVE-2000-0006 is not a valid bug number nor an alias to a bug, hence whitelisted. +CVE_CHECK_WHITELIST += "CVE-2000-0006" + SRC_URI[sha256sum] = "fe3982ea4cd9aeb3b4ba35f6279f0b577a37175d3282be24b9a5537b56b8f01c" inherit autotools ptest -- 2.7.4 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#147749): https://lists.openembedded.org/g/openembedded-core/message/147749 Mute This Topic: https://lists.openembedded.org/mt/80457853/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [poky][master][dunfell][gatesgarth][PATCH v2] libcroco: Added CVE
Added below CVE: CVE-2020-12825 Link: CVE-2020-12825 [https://gitlab.gnome.org/Archive/libcroco/-/commit/6eb257e5c731c691eb137fca94e916ca73941a5a] Link: https://gitlab.gnome.org/Archive/libcroco/-/issues/8 Signed-off-by: Saloni Jain --- .../libcroco/files/CVE-2020-12825.patch| 193 + meta/recipes-support/libcroco/libcroco_0.6.13.bb | 3 + 2 files changed, 196 insertions(+) create mode 100644 meta/recipes-support/libcroco/files/CVE-2020-12825.patch diff --git a/meta/recipes-support/libcroco/files/CVE-2020-12825.patch b/meta/recipes-support/libcroco/files/CVE-2020-12825.patch new file mode 100644 index 000..add6f84 --- /dev/null +++ b/meta/recipes-support/libcroco/files/CVE-2020-12825.patch @@ -0,0 +1,193 @@ +From 6eb257e5c731c691eb137fca94e916ca73941a5a Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Fri, 31 Jul 2020 15:21:53 -0500 +Subject: [PATCH] libcroco: Limit recursion in block and any productions + (CVE-2020-12825) + +If we don't have any limits, we can recurse forever and overflow the +stack. + +Fixes #8 +This is per https://gitlab.gnome.org/Archive/libcroco/-/issues/8 + +https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1404 + +CVE: CVE-2020-12825 +Upstream-Status: Backport [https://gitlab.gnome.org/Archive/libcroco/-/commit/6eb257e5c731c691eb137fca94e916ca73941a5a] +Comment: No refreshing changes done. +Signed-off-by: Saloni Jain +--- + src/cr-parser.c | 44 +--- + 1 file changed, 29 insertions(+), 15 deletions(-) + +diff --git a/src/cr-parser.c b/src/cr-parser.c +index 18c9a01..f4a62e3 100644 +--- a/src/cr-parser.c b/src/cr-parser.c +@@ -136,6 +136,8 @@ struct _CRParserPriv { + + #define CHARS_TAB_SIZE 12 + ++#define RECURSIVE_CALLERS_LIMIT 100 ++ + /** + * IS_NUM: + *@a_char: the char to test. +@@ -344,9 +346,11 @@ static enum CRStatus cr_parser_parse_selector_core (CRParser * a_this); + + static enum CRStatus cr_parser_parse_declaration_core (CRParser * a_this); + +-static enum CRStatus cr_parser_parse_any_core (CRParser * a_this); ++static enum CRStatus cr_parser_parse_any_core (CRParser * a_this, ++ guint n_calls); + +-static enum CRStatus cr_parser_parse_block_core (CRParser * a_this); ++static enum CRStatus cr_parser_parse_block_core (CRParser * a_this, ++ guint n_calls); + + static enum CRStatus cr_parser_parse_value_core (CRParser * a_this); + +@@ -784,7 +788,7 @@ cr_parser_parse_atrule_core (CRParser * a_this) + cr_parser_try_to_skip_spaces_and_comments (a_this); + + do { +-status = cr_parser_parse_any_core (a_this); ++status = cr_parser_parse_any_core (a_this, 0); + } while (status == CR_OK); + + status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, +@@ -795,7 +799,7 @@ cr_parser_parse_atrule_core (CRParser * a_this) + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, + token); + token = NULL; +-status = cr_parser_parse_block_core (a_this); ++status = cr_parser_parse_block_core (a_this, 0); + CHECK_PARSING_STATUS (status, + FALSE); + goto done; +@@ -930,11 +934,11 @@ cr_parser_parse_selector_core (CRParser * a_this) + + RECORD_INITIAL_POS (a_this, _pos); + +-status = cr_parser_parse_any_core (a_this); ++status = cr_parser_parse_any_core (a_this, 0); + CHECK_PARSING_STATUS (status, FALSE); + + do { +-status = cr_parser_parse_any_core (a_this); ++status = cr_parser_parse_any_core (a_this, 0); + + } while (status == CR_OK); + +@@ -956,10 +960,12 @@ cr_parser_parse_selector_core (CRParser * a_this) + *in chapter 4.1 of the css2 spec. + *block ::= '{' S* [ any | block | ATKEYWORD S* | ';' ]* '}' S*; + *@param a_this the current instance of #CRParser. ++ *@param n_calls used to limit recursion depth + *FIXME: code this function. + */ + static enum CRStatus +-cr_parser_parse_block_core (CRParser * a_this) ++cr_parser_parse_block_core (CRParser * a_this, ++guint n_calls) + { + CRToken *token = NULL; + CRInputPos init_pos; +@@ -967,6 +973,9 @@ cr_parser_parse_block_core (CRParser * a_this) + + g_return_val_if_fail (a_this && PRIVATE (a_this), CR_BAD_PARAM_ERROR); + ++if (n_calls > RECURSIVE_CALLERS_LIMIT) ++return CR_ERROR; ++ + RECORD_INITIAL_POS (a_this, _pos); + + status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, ); +@@ -996,13 +1005,13 @@ cr_parser_parse_block_core (CRParser * a_this) + } else if (token->type == CBO_TK) { + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token); +
[OE-core] [poky][master][dunfell][gatesgarth][PATCH v3] libgcrypt: Whitelisted CVEs
Whitelisted below CVEs: 1. CVE-2018-12433 Link: https://security-tracker.debian.org/tracker/CVE-2018-12433 Link: https://nvd.nist.gov/vuln/detail/CVE-2018-12433 CVE-2018-12433 is marked disputed and ignored by NVD as it does not impact crypt libraries for any distros and hence, can be safely marked whitelisted. 2. CVE-2018-12438 Link: https://security-tracker.debian.org/tracker/CVE-2018-12438 Link: https://ubuntu.com/security/CVE-2018-12438 CVE-2018-12438 was reported for affecting openjdk crypt libraries but there are no details available on which openjdk versions are affected and does not directly affect libgcrypt or any specific yocto distributions, hence, can be whitelisted. Signed-off-by: Saloni Jain --- meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb index 0cad41d..7db624a 100644 --- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb +++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb @@ -28,6 +28,9 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ " SRC_URI[sha256sum] = "03b70f028299561b7034b8966d7dd77ef16ed139c43440925fe8782561974748" +# Below whitelisted CVEs are disputed and not affecting crypto libraries for any distro. +CVE_CHECK_WHITELIST += "CVE-2018-12433 CVE-2018-12438" + BINCONFIG = "${bindir}/libgcrypt-config" inherit autotools texinfo binconfig-disabled pkgconfig -- 2.7.4 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#147708): https://lists.openembedded.org/g/openembedded-core/message/147708 Mute This Topic: https://lists.openembedded.org/mt/80408157/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [poky][dunfell][PATCH v2] libgcrypt: Whitelisted CVEs
Whitelisted below CVEs: 1. CVE-2018-12433 Link: https://security-tracker.debian.org/tracker/CVE-2018-12433 Link: https://nvd.nist.gov/vuln/detail/CVE-2018-12433 CVE-2018-12433 is marked disputed and ignored by NVD as it does not impact crypt libraries for any distros and hence, can be safely marked whitelisted. 2. CVE-2018-12438 Link: https://security-tracker.debian.org/tracker/CVE-2018-12438 Link: https://ubuntu.com/security/CVE-2018-12438 CVE-2018-12438 was reported for affecting openjdk crypt libraries but there are no details available on which openjdk versions are affected and does not directly affect libgcrypt or any specific yocto distributions, hence, can be whitelisted. Signed-off-by: Saloni Jain --- meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb index 4e0eb0a..ba3666f 100644 --- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb +++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb @@ -29,6 +29,9 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ SRC_URI[md5sum] = "348cc4601ca34307fc6cd6c945467743" SRC_URI[sha256sum] = "3b4a2a94cb637eff5bdebbcaf46f4d95c4f25206f459809339cdada0eb577ac3" +# Below whitelisted CVEs are disputed and not affecting Ubuntu and Debian environments. +CVE_CHECK_WHITELIST += "CVE-2018-12433 CVE-2018-12438" + BINCONFIG = "${bindir}/libgcrypt-config" inherit autotools texinfo binconfig-disabled pkgconfig -- 2.7.4 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#147699): https://lists.openembedded.org/g/openembedded-core/message/147699 Mute This Topic: https://lists.openembedded.org/mt/80405847/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [poky][dunfell][PATCH] libgcrypt: Whitelisted CVEs
Hello Steve, The patches are generic to all Yocto implementations and are not reported for any particular distros. I have re-sent another patch version mentioning in detail why these CVEs can be safely whitelisted. Please review and let me know for any change. Thanks & Regards, Saloni From: Steve Sakoman Sent: Wednesday, February 3, 2021 8:15 PM To: Saloni Jain Cc: Patches and discussions about the oe-core layer ; Khem Raj ; Nisha Parrakat ; Anuj Chougule Subject: Re: [OE-core] [poky][dunfell][PATCH] libgcrypt: Whitelisted CVEs On Tue, Feb 2, 2021 at 8:09 AM saloni wrote: > > Whitelisted below CVEs as their status is disputed > and ignored and not affecting the Ubuntu and Debian > environments. Hence, marked them whitelisted. I'm not sure why you are referencing Ubuntu and Debian environments. We care about whether it is affecting the Yocto implementation. Could you explain your reasoning a bit more? Are you saying that Ubuntu and Debian maintainers don't consider these CVE's to be a serious enough issue to mitigate and thus it is safe for us to do the same? Thanks! Steve > 1. CVE-2018-12433 > Link: > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2018-12433data=04%7C01%7Csaloni.jain%40kpit.com%7C552396efe6014cdf8dbb08d8c8526011%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637479603466304421%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=NBbGFes6ahGsJLIXXcmqnQ%2Fi95ziKHMHnGzD%2F%2FPFEBM%3Dreserved=0 > > 2. CVE-2018-12438 > Link: > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2018-12438data=04%7C01%7Csaloni.jain%40kpit.com%7C552396efe6014cdf8dbb08d8c8526011%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637479603466304421%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=uBYKEgLQ3vY8%2FH0QuBxS2znVtRPJANKv%2FWF0nOGpkI8%3Dreserved=0 > > Signed-off-by: Saloni Jain > --- > meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb > b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb > index 4e0eb0a..ba3666f 100644 > --- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb > +++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb > @@ -29,6 +29,9 @@ SRC_URI = > "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ > SRC_URI[md5sum] = "348cc4601ca34307fc6cd6c945467743" > SRC_URI[sha256sum] = > "3b4a2a94cb637eff5bdebbcaf46f4d95c4f25206f459809339cdada0eb577ac3" > > +# Below whitelisted CVEs are disputed and not affecting Ubuntu and Debian > environments. > +CVE_CHECK_WHITELIST += "CVE-2018-12433 CVE-2018-12438" > + > BINCONFIG = "${bindir}/libgcrypt-config" > > inherit autotools texinfo binconfig-disabled pkgconfig > -- > 2.7.4 > > This message contains information that may be privileged or confidential and > is the property of the KPIT Technologies Ltd. It is intended only for the > person to whom it is addressed. If you are not the intended recipient, you > are not authorized to read, print, retain copy, disseminate, distribute, or > use this message or any part thereof. If you receive this message in error, > please notify the sender immediately and delete all copies of this message. > KPIT Technologies Ltd. does not accept any liability for virus infected mails. > > > This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#147698): https://lists.openembedded.org/g/openembedded-core/message/147698 Mute This Topic: https://lists.openembedded.org/mt/80321678/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [poky][dunfell][PATCH] libcroco: Added CVE-2020-12825
Added below CVE: CVE-2020-12825 Link: CVE-2020-12825 [https://gitlab.gnome.org/Archive/libcroco/-/commit/6eb257e5c731c691eb137fca94e916ca73941a5a] Link: https://gitlab.gnome.org/Archive/libcroco/-/issues/8 Signed-off-by: Saloni Jain --- .../libcroco/files/CVE-2020-12825.patch| 193 + meta/recipes-support/libcroco/libcroco_0.6.13.bb | 3 + 2 files changed, 196 insertions(+) create mode 100644 meta/recipes-support/libcroco/files/CVE-2020-12825.patch diff --git a/meta/recipes-support/libcroco/files/CVE-2020-12825.patch b/meta/recipes-support/libcroco/files/CVE-2020-12825.patch new file mode 100644 index 000..966b812 --- /dev/null +++ b/meta/recipes-support/libcroco/files/CVE-2020-12825.patch @@ -0,0 +1,193 @@ +From 6eb257e5c731c691eb137fca94e916ca73941a5a Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Fri, 31 Jul 2020 15:21:53 -0500 +Subject: [PATCH] libcroco: Limit recursion in block and any productions + (CVE-2020-12825) + +If we don't have any limits, we can recurse forever and overflow the +stack. + +Fixes #8 +This is per https://gitlab.gnome.org/Archive/libcroco/-/issues/8 + +https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1404 + +CVE: CVE-2020-12825 +Upstream-Status: Backport [https://gitlab.gnome.org/Archive/libcroco/-/commit/6eb257e5c731c691eb137fca94e916ca73941a5a] +Comment: No changes done. +Signed-off-by: Saloni Jain +--- + src/cr-parser.c | 44 +--- + 1 file changed, 29 insertions(+), 15 deletions(-) + +diff --git a/src/cr-parser.c b/src/cr-parser.c +index 18c9a01..f4a62e3 100644 +--- a/src/cr-parser.c b/src/cr-parser.c +@@ -136,6 +136,8 @@ struct _CRParserPriv { + + #define CHARS_TAB_SIZE 12 + ++#define RECURSIVE_CALLERS_LIMIT 100 ++ + /** + * IS_NUM: + *@a_char: the char to test. +@@ -344,9 +346,11 @@ static enum CRStatus cr_parser_parse_selector_core (CRParser * a_this); + + static enum CRStatus cr_parser_parse_declaration_core (CRParser * a_this); + +-static enum CRStatus cr_parser_parse_any_core (CRParser * a_this); ++static enum CRStatus cr_parser_parse_any_core (CRParser * a_this, ++ guint n_calls); + +-static enum CRStatus cr_parser_parse_block_core (CRParser * a_this); ++static enum CRStatus cr_parser_parse_block_core (CRParser * a_this, ++ guint n_calls); + + static enum CRStatus cr_parser_parse_value_core (CRParser * a_this); + +@@ -784,7 +788,7 @@ cr_parser_parse_atrule_core (CRParser * a_this) + cr_parser_try_to_skip_spaces_and_comments (a_this); + + do { +-status = cr_parser_parse_any_core (a_this); ++status = cr_parser_parse_any_core (a_this, 0); + } while (status == CR_OK); + + status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, +@@ -795,7 +799,7 @@ cr_parser_parse_atrule_core (CRParser * a_this) + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, + token); + token = NULL; +-status = cr_parser_parse_block_core (a_this); ++status = cr_parser_parse_block_core (a_this, 0); + CHECK_PARSING_STATUS (status, + FALSE); + goto done; +@@ -930,11 +934,11 @@ cr_parser_parse_selector_core (CRParser * a_this) + + RECORD_INITIAL_POS (a_this, _pos); + +-status = cr_parser_parse_any_core (a_this); ++status = cr_parser_parse_any_core (a_this, 0); + CHECK_PARSING_STATUS (status, FALSE); + + do { +-status = cr_parser_parse_any_core (a_this); ++status = cr_parser_parse_any_core (a_this, 0); + + } while (status == CR_OK); + +@@ -956,10 +960,12 @@ cr_parser_parse_selector_core (CRParser * a_this) + *in chapter 4.1 of the css2 spec. + *block ::= '{' S* [ any | block | ATKEYWORD S* | ';' ]* '}' S*; + *@param a_this the current instance of #CRParser. ++ *@param n_calls used to limit recursion depth + *FIXME: code this function. + */ + static enum CRStatus +-cr_parser_parse_block_core (CRParser * a_this) ++cr_parser_parse_block_core (CRParser * a_this, ++guint n_calls) + { + CRToken *token = NULL; + CRInputPos init_pos; +@@ -967,6 +973,9 @@ cr_parser_parse_block_core (CRParser * a_this) + + g_return_val_if_fail (a_this && PRIVATE (a_this), CR_BAD_PARAM_ERROR); + ++if (n_calls > RECURSIVE_CALLERS_LIMIT) ++return CR_ERROR; ++ + RECORD_INITIAL_POS (a_this, _pos); + + status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, ); +@@ -996,13 +1005,13 @@ cr_parser_parse_block_core (CRParser * a_this) + } else if (token->type == CBO_TK) { + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token); + token = NULL
[OE-core] [poky][dunfell][PATCH] libgcrypt: Whitelisted CVEs
Whitelisted below CVEs as their status is disputed and ignored and not affecting the Ubuntu and Debian environments. Hence, marked them whitelisted. 1. CVE-2018-12433 Link: https://security-tracker.debian.org/tracker/CVE-2018-12433 2. CVE-2018-12438 Link: https://security-tracker.debian.org/tracker/CVE-2018-12438 Signed-off-by: Saloni Jain --- meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb index 4e0eb0a..ba3666f 100644 --- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb +++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb @@ -29,6 +29,9 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ SRC_URI[md5sum] = "348cc4601ca34307fc6cd6c945467743" SRC_URI[sha256sum] = "3b4a2a94cb637eff5bdebbcaf46f4d95c4f25206f459809339cdada0eb577ac3" +# Below whitelisted CVEs are disputed and not affecting Ubuntu and Debian environments. +CVE_CHECK_WHITELIST += "CVE-2018-12433 CVE-2018-12438" + BINCONFIG = "${bindir}/libgcrypt-config" inherit autotools texinfo binconfig-disabled pkgconfig -- 2.7.4 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#147584): https://lists.openembedded.org/g/openembedded-core/message/147584 Mute This Topic: https://lists.openembedded.org/mt/80321678/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [poky][dunfell][PATCH] openssh: Added security fix for CVE-2020-14145
Hello Steve, Thankyou for the feedback, I have fixed the comments and sent a v2 for the patch. Please review again. Regards, Saloni Jain From: Steve Sakoman Sent: Wednesday, January 20, 2021, 9:56 PM To: Saloni Jain Cc: Patches and discussions about the oe-core layer; Khem Raj; Nisha Parrakat; Anuj Chougule Subject: Re: [OE-core] [poky][dunfell][PATCH] openssh: Added security fix for CVE-2020-14145 Thanks for helping with CVE's! On Wed, Jan 20, 2021 at 6:14 AM saloni wrote: > > Added security fix for below CVE: > > CVE-2020-14145 > Link: > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2020-14145data=04%7C01%7Csaloni.jain%40kpit.com%7Cf83bbfc7c77f4ad8d8f208d8bd60288e%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637467567996984807%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=ZXW2tuDBsIINaE761xKo4Nmn5jDjMNn8JvTMTw29dmc%3Dreserved=0 > Link: > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanongit.mindrot.org%2Fopenssh.git%2Fcommit%2F%3Fid%3Db3855ff053f5078ec3d3c653cdaedefaa5fc362ddata=04%7C01%7Csaloni.jain%40kpit.com%7Cf83bbfc7c77f4ad8d8f208d8bd60288e%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637467567996984807%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=V%2F8wQlaBwMgj2jUEcgsYDtyDgO%2B2eQmQ4fRCbCSpYEo%3Dreserved=0 > > Signed-off-by: Saloni Jain > --- > .../openssh/openssh/CVE-2020-14145.patch | 87 > ++ > meta/recipes-connectivity/openssh/openssh_8.4p1.bb | 3 +- > 2 files changed, 89 insertions(+), 1 deletion(-) > create mode 100644 > meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch > > diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch > b/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch > new file mode 100644 > index 000..50bf74d > --- /dev/null > +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch > @@ -0,0 +1,87 @@ > +From b3855ff053f5078ec3d3c653cdaedefaa5fc362d Mon Sep 17 00:00:00 2001 > +From: "d...@openbsd.org" > +Date: Fri, 18 Sep 2020 05:23:03 + > +Subject: upstream: tweak the client hostkey preference ordering algorithm to > + > +prefer the default ordering if the user has a key that matches the > +best-preference default algorithm. > + > +feedback and ok markus@ > + > +OpenBSD-Commit-ID: a92dd7d7520ddd95c0a16786a7519e6d0167d35f > +CVE: CVE-2020-14145 > +Upstream-Status: Backport > [https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2020-14145data=04%7C01%7Csaloni.jain%40kpit.com%7Cf83bbfc7c77f4ad8d8f208d8bd60288e%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637467567996984807%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=ZXW2tuDBsIINaE761xKo4Nmn5jDjMNn8JvTMTw29dmc%3Dreserved=0] > +Comment: 1 hunk with comment changes removed. Needs your Signed-off-by here. See "Patch name convention and commit message" section at: https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.yoctoproject.org%2Fwiki%2FSecuritydata=04%7C01%7Csaloni.jain%40kpit.com%7Cf83bbfc7c77f4ad8d8f208d8bd60288e%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637467567996984807%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=YpC3QCRXeKyiwKE9jIUC4BiBjuKNk%2BabN80Fg3AN%2BKo%3Dreserved=0 > +--- > + sshconnect2.c | 39 +-- > + 1 file changed, 37 insertions(+), 2 deletions(-) > + > +diff --git a/sshconnect2.c b/sshconnect2.c > +index 347e348c..f64aae66 100644 > +@@ -102,12 +102,25 @@ verify_host_key_callback(struct sshkey *hostkey, > struct ssh *ssh) > + return 0; > + } > + > ++/* Returns the first item from a comma-separated algorithm list */ > ++static char * > ++first_alg(const char *algs) > ++{ > ++ char *ret, *cp; > ++ > ++ ret = xstrdup(algs); > ++ if ((cp = strchr(ret, ',')) != NULL) > ++ *cp = '\0'; > ++ return ret; > ++} > ++ > + static char * > + order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) > + { > +- char *oavail, *avail, *first, *last, *alg, *hostname, *ret; > ++ char *oavail = NULL, *avail = NULL, *first = NULL, *last = NULL; > ++ char *alg = NULL, *hostname = NULL, *ret = NULL, *best = NULL; > + size_t maxlen; > +- struct hostkeys *hostkeys; > ++ struct hostkeys *hostkeys = NULL; > + int ktype; > + u_int i; > + > +@@ -119,6 +132,26 @@ order_hostkeyalgs(char *host, struct sockaddr > *hostaddr, u
[OE-core] [poky][dunfell][PATCH v2] openssh: Added and whitelisted security fixes for CVEs
Added security fix for below CVE: CVE-2020-14145 Link: CVE-2020-14145 [https://security-tracker.debian.org/tracker/CVE-2020-14145] Link: https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d Whitelisted below CVE due to negligible security impact: CVE-2020-15778 Link: CVE-2020-15778 [https://security-tracker.debian.org/tracker/CVE-2020-15778] Link: https://bugzilla.redhat.com/show_bug.cgi?id=1860487 Signed-off-by: Saloni Jain --- .../openssh/openssh/CVE-2020-14145.patch | 88 ++ meta/recipes-connectivity/openssh/openssh_8.2p1.bb | 3 +- 2 files changed, 90 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch new file mode 100644 index 000..e02e8d0 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch @@ -0,0 +1,88 @@ +From b3855ff053f5078ec3d3c653cdaedefaa5fc362d Mon Sep 17 00:00:00 2001 +From: "d...@openbsd.org" +Date: Fri, 18 Sep 2020 05:23:03 + +Subject: upstream: tweak the client hostkey preference ordering algorithm to + +prefer the default ordering if the user has a key that matches the +best-preference default algorithm. + +feedback and ok markus@ + +OpenBSD-Commit-ID: a92dd7d7520ddd95c0a16786a7519e6d0167d35f +CVE: CVE-2020-14145 +Upstream-Status: Backport [https://security-tracker.debian.org/tracker/CVE-2020-14145] +Comment: 1 hunk with comment changes removed. +Signed-off-by: Saloni Jain +--- + sshconnect2.c | 39 +-- + 1 file changed, 37 insertions(+), 2 deletions(-) + +diff --git a/sshconnect2.c b/sshconnect2.c +index 347e348c..f64aae66 100644 +@@ -102,12 +102,25 @@ verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh) + return 0; + } + ++/* Returns the first item from a comma-separated algorithm list */ ++static char * ++first_alg(const char *algs) ++{ ++ char *ret, *cp; ++ ++ ret = xstrdup(algs); ++ if ((cp = strchr(ret, ',')) != NULL) ++ *cp = '\0'; ++ return ret; ++} ++ + static char * + order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) + { +- char *oavail, *avail, *first, *last, *alg, *hostname, *ret; ++ char *oavail = NULL, *avail = NULL, *first = NULL, *last = NULL; ++ char *alg = NULL, *hostname = NULL, *ret = NULL, *best = NULL; + size_t maxlen; +- struct hostkeys *hostkeys; ++ struct hostkeys *hostkeys = NULL; + int ktype; + u_int i; + +@@ -119,6 +132,26 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) + for (i = 0; i < options.num_system_hostfiles; i++) + load_hostkeys(hostkeys, hostname, options.system_hostfiles[i]); + ++ /* ++ * If a plain public key exists that matches the type of the best ++ * preference HostkeyAlgorithms, then use the whole list as is. ++ * Note that we ignore whether the best preference algorithm is a ++ * certificate type, as sshconnect.c will downgrade certs to ++ * plain keys if necessary. ++ */ ++ best = first_alg(options.hostkeyalgorithms); ++ if (lookup_key_in_hostkeys_by_type(hostkeys, ++ sshkey_type_plain(sshkey_type_from_name(best)), NULL)) { ++ debug3("%s: have matching best-preference key type %s, " ++ "using HostkeyAlgorithms verbatim", __func__, best); ++ ret = xstrdup(options.hostkeyalgorithms); ++ goto out; ++ } ++ ++ /* ++ * Otherwise, prefer the host key algorithms that match known keys ++ * while keeping the ordering of HostkeyAlgorithms as much as possible. ++ */ + oavail = avail = xstrdup(options.hostkeyalgorithms); + maxlen = strlen(avail) + 1; + first = xmalloc(maxlen); +@@ -159,6 +192,8 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) + if (*first != '\0') + debug3("%s: prefer hostkeyalgs: %s", __func__, first); + ++ out: ++ free(best); + free(first); + free(last); + free(hostname); +-- +cgit v1.2.3 + diff --git a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb index fe94f30..c3b3647 100644 --- a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb @@ -24,13 +24,14 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ file://sshd_check_keys \ file://add-test-support-for-busybox.patch \ + file://CVE-2020-14145.patch \ " SRC_URI[md5sum] =
[OE-core] [poky][dunfell][PATCH] openssh: Added security fix for CVE-2020-14145
Added security fix for below CVE: CVE-2020-14145 Link: https://security-tracker.debian.org/tracker/CVE-2020-14145 Link: https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d Signed-off-by: Saloni Jain --- .../openssh/openssh/CVE-2020-14145.patch | 87 ++ meta/recipes-connectivity/openssh/openssh_8.4p1.bb | 3 +- 2 files changed, 89 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch new file mode 100644 index 000..50bf74d --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch @@ -0,0 +1,87 @@ +From b3855ff053f5078ec3d3c653cdaedefaa5fc362d Mon Sep 17 00:00:00 2001 +From: "d...@openbsd.org" +Date: Fri, 18 Sep 2020 05:23:03 + +Subject: upstream: tweak the client hostkey preference ordering algorithm to + +prefer the default ordering if the user has a key that matches the +best-preference default algorithm. + +feedback and ok markus@ + +OpenBSD-Commit-ID: a92dd7d7520ddd95c0a16786a7519e6d0167d35f +CVE: CVE-2020-14145 +Upstream-Status: Backport [https://security-tracker.debian.org/tracker/CVE-2020-14145] +Comment: 1 hunk with comment changes removed. +--- + sshconnect2.c | 39 +-- + 1 file changed, 37 insertions(+), 2 deletions(-) + +diff --git a/sshconnect2.c b/sshconnect2.c +index 347e348c..f64aae66 100644 +@@ -102,12 +102,25 @@ verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh) + return 0; + } + ++/* Returns the first item from a comma-separated algorithm list */ ++static char * ++first_alg(const char *algs) ++{ ++ char *ret, *cp; ++ ++ ret = xstrdup(algs); ++ if ((cp = strchr(ret, ',')) != NULL) ++ *cp = '\0'; ++ return ret; ++} ++ + static char * + order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) + { +- char *oavail, *avail, *first, *last, *alg, *hostname, *ret; ++ char *oavail = NULL, *avail = NULL, *first = NULL, *last = NULL; ++ char *alg = NULL, *hostname = NULL, *ret = NULL, *best = NULL; + size_t maxlen; +- struct hostkeys *hostkeys; ++ struct hostkeys *hostkeys = NULL; + int ktype; + u_int i; + +@@ -119,6 +132,26 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) + for (i = 0; i < options.num_system_hostfiles; i++) + load_hostkeys(hostkeys, hostname, options.system_hostfiles[i]); + ++ /* ++ * If a plain public key exists that matches the type of the best ++ * preference HostkeyAlgorithms, then use the whole list as is. ++ * Note that we ignore whether the best preference algorithm is a ++ * certificate type, as sshconnect.c will downgrade certs to ++ * plain keys if necessary. ++ */ ++ best = first_alg(options.hostkeyalgorithms); ++ if (lookup_key_in_hostkeys_by_type(hostkeys, ++ sshkey_type_plain(sshkey_type_from_name(best)), NULL)) { ++ debug3("%s: have matching best-preference key type %s, " ++ "using HostkeyAlgorithms verbatim", __func__, best); ++ ret = xstrdup(options.hostkeyalgorithms); ++ goto out; ++ } ++ ++ /* ++ * Otherwise, prefer the host key algorithms that match known keys ++ * while keeping the ordering of HostkeyAlgorithms as much as possible. ++ */ + oavail = avail = xstrdup(options.hostkeyalgorithms); + maxlen = strlen(avail) + 1; + first = xmalloc(maxlen); +@@ -159,6 +192,8 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) + if (*first != '\0') + debug3("%s: prefer hostkeyalgs: %s", __func__, first); + ++ out: ++ free(best); + free(first); + free(last); + free(hostname); +-- +cgit v1.2.3 + diff --git a/meta/recipes-connectivity/openssh/openssh_8.4p1.bb b/meta/recipes-connectivity/openssh/openssh_8.4p1.bb index 688fc8a..b71e156 100644 --- a/meta/recipes-connectivity/openssh/openssh_8.4p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_8.4p1.bb @@ -24,12 +24,13 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ file://sshd_check_keys \ file://add-test-support-for-busybox.patch \ + file://CVE-2020-14145.patch \ " SRC_URI[sha256sum] = "5a01d22e407eb1c05ba8a8f7c654d388a13e9f226e4ed33bd38748dafa1d2b24" # This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 # and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded -CVE_CHECK_WHITELIST += "CVE-2014-9278&q
[OE-core] [poky][zeus][PATCH] libpcre: Add fix for CVE-2020-14155
From: Rahul Taya Added below patch in libpcre CVE-2020-14155.patch This patch fixes below error: PCRE could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in libpcre via a large number after (?C substring. By sending a request with a large number, an attacker can execute arbitrary code on the system or cause the application to crash. Tested-by: Rahul Taya Signed-off-by: Saloni Jain Please Note: CVE already fixed in master and dunfell branches, applicable for zeus only. --- .../libpcre/libpcre/CVE-2020-14155.patch | 41 ++ meta/recipes-support/libpcre/libpcre_8.43.bb | 1 + 2 files changed, 42 insertions(+) create mode 100644 meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch diff --git a/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch new file mode 100644 index 000..183512f --- /dev/null +++ b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch @@ -0,0 +1,41 @@ +--- pcre-8.43/pcre_compile.c2020-07-05 22:26:25.310501521 +0530 pcre-8.43/pcre_compile1.c 2020-07-05 22:30:22.254489562 +0530 + +CVE: CVE-2020-14155 +Upstream-Status: Backport [https://vcs.pcre.org/pcre/code/trunk/pcre_compile.c?view=patch=1761=1760=1761] +Signed-off-by: Rahul Taya + +@@ -6,7 +6,7 @@ + and semantics are as close as possible to those of the Perl 5 language. + +Written by Philip Hazel +- Copyright (c) 1997-2018 University of Cambridge ++ Copyright (c) 1997-2020 University of Cambridge + + - + Redistribution and use in source and binary forms, with or without +@@ -7130,17 +7130,19 @@ + int n = 0; + ptr++; + while(IS_DIGIT(*ptr)) ++ { + n = n * 10 + *ptr++ - CHAR_0; ++if (n > 255) ++ { ++ *errorcodeptr = ERR38; ++ goto FAILED; ++ } ++} + if (*ptr != CHAR_RIGHT_PARENTHESIS) + { + *errorcodeptr = ERR39; + goto FAILED; + } +- if (n > 255) +-{ +-*errorcodeptr = ERR38; +-goto FAILED; +-} + *code++ = n; + PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */ + PUT(code, LINK_SIZE, 0); /* Default length */ diff --git a/meta/recipes-support/libpcre/libpcre_8.43.bb b/meta/recipes-support/libpcre/libpcre_8.43.bb index b97af08..60ece64 100644 --- a/meta/recipes-support/libpcre/libpcre_8.43.bb +++ b/meta/recipes-support/libpcre/libpcre_8.43.bb @@ -12,6 +12,7 @@ SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre-${PV}.tar.bz2 \ file://out-of-tree.patch \ file://run-ptest \ file://Makefile \ + file://CVE-2020-14155.patch \ " SRC_URI[md5sum] = "636222e79e392c3d95dcc545f24f98c4" -- 2.7.4 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#141121): https://lists.openembedded.org/g/openembedded-core/message/141121 Mute This Topic: https://lists.openembedded.org/mt/75863890/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [poky][zeus][PATCH] libpcre: Add fix for CVE-2020-14155
From: Rahul Taya Added below patch in libpcre CVE-2020-14155.patch This patch fixes below error: PCRE could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in libpcre via a large number after (?C substring. By sending a request with a large number, an attacker can execute arbitrary code on the system or cause the application to crash. Upstream-Status: Pending Tested-by: Rahul Taya Signed-off-by: Saloni Jain --- .../libpcre/libpcre/CVE-2020-14155.patch | 40 ++ meta/recipes-support/libpcre/libpcre_8.43.bb | 1 + 2 files changed, 41 insertions(+) create mode 100644 meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch diff --git a/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch new file mode 100644 index 000..d6cb9bf --- /dev/null +++ b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch @@ -0,0 +1,40 @@ +--- pcre-8.43/pcre_compile.c2020-07-05 22:26:25.310501521 +0530 pcre-8.43/pcre_compile1.c 2020-07-05 22:30:22.254489562 +0530 + +CVE: CVE-2020-14155 +Upstream-Status: Backport [https://vcs.pcre.org/pcre/code/trunk/pcre_compile.c?view=patch=1761=1760=1761] + +@@ -6,7 +6,7 @@ + and semantics are as close as possible to those of the Perl 5 language. + +Written by Philip Hazel +- Copyright (c) 1997-2018 University of Cambridge ++ Copyright (c) 1997-2020 University of Cambridge + + - + Redistribution and use in source and binary forms, with or without +@@ -7130,17 +7130,19 @@ + int n = 0; + ptr++; + while(IS_DIGIT(*ptr)) ++ { + n = n * 10 + *ptr++ - CHAR_0; ++if (n > 255) ++ { ++ *errorcodeptr = ERR38; ++ goto FAILED; ++ } ++} + if (*ptr != CHAR_RIGHT_PARENTHESIS) + { + *errorcodeptr = ERR39; + goto FAILED; + } +- if (n > 255) +-{ +-*errorcodeptr = ERR38; +-goto FAILED; +-} + *code++ = n; + PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */ + PUT(code, LINK_SIZE, 0); /* Default length */ diff --git a/meta/recipes-support/libpcre/libpcre_8.43.bb b/meta/recipes-support/libpcre/libpcre_8.43.bb index b97af08..60ece64 100644 --- a/meta/recipes-support/libpcre/libpcre_8.43.bb +++ b/meta/recipes-support/libpcre/libpcre_8.43.bb @@ -12,6 +12,7 @@ SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre-${PV}.tar.bz2 \ file://out-of-tree.patch \ file://run-ptest \ file://Makefile \ + file://CVE-2020-14155.patch \ " SRC_URI[md5sum] = "636222e79e392c3d95dcc545f24f98c4" -- 2.7.4 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#141117): https://lists.openembedded.org/g/openembedded-core/message/141117 Mute This Topic: https://lists.openembedded.org/mt/75863890/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [poky][zeus][PATCH] libpcre: Add fix for CVE-2020-14155
From: Rahul Taya Added below patch in libpcre CVE-2020-14155.patch This patch fixes below error: PCRE could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in libpcre via a large number after (?C substring. By sending a request with a large number, an attacker can execute arbitrary code on the system or cause the application to crash. Upstream-Status: Pending Tested-by: Rahul Taya Signed-off-by: Saloni Jain --- .../libpcre/libpcre/CVE-2020-14155.patch | 40 ++ meta/recipes-support/libpcre/libpcre_8.44.bb | 3 +- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch diff --git a/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch new file mode 100644 index 000..d6cb9bf --- /dev/null +++ b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch @@ -0,0 +1,40 @@ +--- pcre-8.43/pcre_compile.c2020-07-05 22:26:25.310501521 +0530 pcre-8.43/pcre_compile1.c 2020-07-05 22:30:22.254489562 +0530 + +CVE: CVE-2020-14155 +Upstream-Status: Backport [https://vcs.pcre.org/pcre/code/trunk/pcre_compile.c?view=patch=1761=1760=1761] + +@@ -6,7 +6,7 @@ + and semantics are as close as possible to those of the Perl 5 language. + +Written by Philip Hazel +- Copyright (c) 1997-2018 University of Cambridge ++ Copyright (c) 1997-2020 University of Cambridge + + - + Redistribution and use in source and binary forms, with or without +@@ -7130,17 +7130,19 @@ + int n = 0; + ptr++; + while(IS_DIGIT(*ptr)) ++ { + n = n * 10 + *ptr++ - CHAR_0; ++if (n > 255) ++ { ++ *errorcodeptr = ERR38; ++ goto FAILED; ++ } ++} + if (*ptr != CHAR_RIGHT_PARENTHESIS) + { + *errorcodeptr = ERR39; + goto FAILED; + } +- if (n > 255) +-{ +-*errorcodeptr = ERR38; +-goto FAILED; +-} + *code++ = n; + PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */ + PUT(code, LINK_SIZE, 0); /* Default length */ diff --git a/meta/recipes-support/libpcre/libpcre_8.44.bb b/meta/recipes-support/libpcre/libpcre_8.44.bb index e5471e8..81b38bb 100644 --- a/meta/recipes-support/libpcre/libpcre_8.44.bb +++ b/meta/recipes-support/libpcre/libpcre_8.44.bb @@ -11,7 +11,8 @@ SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre-${PV}.tar.bz2 \ file://fix-pcre-name-collision.patch \ file://run-ptest \ file://Makefile \ - " + file://CVE-2020-14155.patch \ +" SRC_URI[md5sum] = "cf7326204cc46c755b5b2608033d9d24" SRC_URI[sha256sum] = "19108658b23b3ec5058edc9f66ac545ea19f9537234be1ec62b714c84399366d" -- 2.7.4 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#141086): https://lists.openembedded.org/g/openembedded-core/message/141086 Mute This Topic: https://lists.openembedded.org/mt/75863890/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [meta-oe][master][PATCH] davici: Fix codesonar warnings
Hello, Posting this on behalf of "Amitanand Chikorde mailto:amitanand.chiko...@kpit.com>>" From: "Amitanand.Chikorde" mailto:amitanand.chiko...@kpit.com>> Fixed below codesonar warning: isprint() is invoked here with an argument of signed type char, but only has defined behavior for int arguments that are either representable as unsigned char or equal to the value of macro EOF(-1). As per codesonar report, in a number of libc implementations, isprint() is implemented using lookup tables (arrays): passing in a negative value can result in a read underrun. To avoid this unexpected behaviour, typecasted char type argument to unsigned char type. Upstream-Status: Pending Signed-off-by: Amitanand Chikorde mailto:amitanand.chiko...@kpit.com>> Signed-off-by: Saloni Jain --- .../files/davici_codesonar_warnings_fix.patch | 37 ++ 1 file changed, 37 insertions(+) create mode 100644 recipes-support/strongswan/files/davici_codesonar_warnings_fix.patch diff --git a/recipes-support/strongswan/files/davici_codesonar_warnings_fix.patch b/recipes-support/strongswan/files/davici_codesonar_warnings_fix.patch new file mode 100644 index 000..2318479 --- /dev/null +++ b/recipes-support/strongswan/files/davici_codesonar_warnings_fix.patch @@ -0,0 +1,37 @@ +davici: Fix codesonar warnings + +isprint() is invoked here with an argument of signed type char, +but only has defined behavior for int arguments that are either +representable as unsigned char or equal to the value of macro +EOF(-1). + +As per codesonar report, in a number of libc implementations, +isprint() is implemented using lookup tables (arrays): passing +in a negative value can result in a read underrun. + +To avoid this unexpected behaviour, typecasted char type +argument to unsigned char type. + +Signed-off-by: Amitanand N. Chikorde mailto:amitanand.chiko...@kpit.com>> +Upstream-Status: Pending + +--- a/davici.c 2017-03-30 16:15:15.0 +0530 b/davici.c 2020-05-29 11:40:45.983656217 +0530 +@@ -180,7 +180,7 @@ +} +for (i = 0; i < inlen; i++) +{ +- if (!isprint(in[i])) ++ if (!isprint((unsigned char) in[i])) +{ +return -EINVAL; +} +@@ -1157,7 +1157,7 @@ + +for (i = 0; i < res->buflen; i++) +{ +- if (!isprint(val[i])) ++ if (!isprint((unsigned char) val[i])) +{ +return -EINVAL; +} -- 2.7.4 Regards, Saloni Jain This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#139555): https://lists.openembedded.org/g/openembedded-core/message/139555 Mute This Topic: https://lists.openembedded.org/mt/74913988/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [meta-oe][sumo][PATCH] strongswan: avoid charon crash
From: Anuj Chougule This is a possible fix to charon that crashed early due to invalid memory access. Important frames from Backtraces : 8 0x7f607246e160 in memcpy (__len=1704, __src=, __dest=) at /usr/include/bits/string_fortified.h:34 No locals. 9 memcpy_noop (n=1704, src=, dst=) at /usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/utils/utils/memory.h:47 n = 1704 src = dst = 10 chunk_create_clone (ptr=, chunk=...) at /usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/utils/chunk.c:48 clone = 11 0x7f606ebae810 in load_from_blob (blob=..., type=type@entry=CRED_PRIVATE_KEY, subtype=subtype@entry=1, subject=subject@entry=0x0, flags=flags@entry=X509_NONE) at /usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c:399 x = cred = 0x0 ---Type to continue, or q to quit--- pgp = false 12 0x7f606ebaf0e4 in load_from_file (flags=X509_NONE, subject=0x0, subtype=1, type=CRED_PRIVATE_KEY, file=0x7f6069d21a20 "/var/opt/public/sps/sps_necema/data/public/IPsec/secureboot_on/IPsec-internal_key.pem") at /usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c:452 cred = chunk = 0x7f6054005430 13 pem_load (type=CRED_PRIVATE_KEY, subtype=1, args=) at /usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c:498 file = 0x7f6069d21a20 "/var/opt/public/sps/sps_necema/data/public/IPsec/secureboot_on/IPsec-internal_key.pem" pem = subject = 0x0 flags = 0 Problem lies in frame 12 & 11. (gdb) f 12 12 0x7f606ebaf0e4 in load_from_file (flags=X509_NONE, subject=0x0, subtype=1, type=CRED_PRIVATE_KEY, file=0x7f6069d21a20 "/var/opt/public/sps/sps_necema/data/public/IPsec/secureboot_on/IPsec-internal_key.pem") at /usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c:452 452 in /usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c (gdb) info locals cred = chunk = 0x7f6054005430 (gdb) print *chunk $21 = {ptr = 0x7f60728b7000 , len = 1704} (gdb) f 11 11 0x7f606ebae810 in load_from_blob (blob=..., type=type@entry=CRED_PRIVATE_KEY, subtype=subtype@entry=1, subject=subject@entry=0x0, flags=flags@entry=X509_NONE) at /usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c:399 399 in /usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c (gdb) info args blob = {ptr = 0x7f60728b7000 , len = 140052215328768} type = CRED_PRIVATE_KEY subtype = 1 subject = 0x0 flags = X509_NONE (gdb) print blob $22 = {ptr = 0x7f60728b7000 , len = 140052215328768} Source code snippet : static void *load_from_file(char *file, credential_type_t type, int subtype, identification_t *subject, x509_flag_t flags) { void *cred; chunk_t *chunk; chunk = chunk_map(file, FALSE); if (!chunk) { DBG1(DBG_LIB, " opening '%s' failed: %s", file, strerror(errno)); return NULL; } cred = load_from_blob(*chunk, type, subtype, subject, flags); chunk_unmap(chunk); return cred; } Local variable chunk is an uninitialised pointer in load_from_file() (frame 12 above) which is expected to get initialised through chunk_map() & then passed to load_from_blob() as a parameter. But somehow, the chunk pointer has not got initialised & got passed as it is to load_from_blob() in frame 11 above. As this contains a garbage address, when method load_from_blob() tried cloning the memory regions through chunk_clone() -> chunk_create_clone() -> memcpy() -> memcpy_noop(), it crashed with SIGBUS (frames 10, 9, 8). It could also be that chunk_map() has a bug which does not memmap() the full or correct areas. Upstream-Status: Pending Tested By: Anuj Chougule Signed-off-by: Anuj Chougule Signed-off-by: Saloni Jain --- .../strongswan/files/fix-charon-crash.patch| 23 ++ 1 file changed, 23 insertions(+) create mode 100644 recipes-support/strongswan/files/fix-charon-crash.patch diff --git a/recipes-support/strongswan/files/fix-charon-crash.patch b/recipes-support/strongswan/files/fix-charon-crash.patch new file mode 100644 index 000..95e71a2 --- /dev/null +++ b/recipes-support/strongswan/files/fix-charon-crash.patch @@ -0,0 +1,23 @@ +strongswan: avoid charon crash + +Variable chunk is an uninitialised pointer,which +is expected to get initialised through method chunk_map() +& then passed to load_from_blob() as a parameter. +But somehow, if the chunk pointer did not get initialised & gets +passed as it is to load_from_blob(), it may lead crash
[OE-core] [meta-oe][master][PATCH] strongswan: avoid charon crash
From: Anuj Chougule This is a possible fix to charon that crashed early due to invalid memory access. Important frames from Backtraces : 8 0x7f607246e160 in memcpy (__len=1704, __src=, __dest=) at /usr/include/bits/string_fortified.h:34 No locals. 9 memcpy_noop (n=1704, src=, dst=) at /usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/utils/utils/memory.h:47 n = 1704 src = dst = 10 chunk_create_clone (ptr=, chunk=...) at /usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/utils/chunk.c:48 clone = 11 0x7f606ebae810 in load_from_blob (blob=..., type=type@entry=CRED_PRIVATE_KEY, subtype=subtype@entry=1, subject=subject@entry=0x0, flags=flags@entry=X509_NONE) at /usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c:399 x = cred = 0x0 ---Type to continue, or q to quit--- pgp = false 12 0x7f606ebaf0e4 in load_from_file (flags=X509_NONE, subject=0x0, subtype=1, type=CRED_PRIVATE_KEY, file=0x7f6069d21a20 "/var/opt/public/sps/sps_necema/data/public/IPsec/secureboot_on/IPsec-internal_key.pem") at /usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c:452 cred = chunk = 0x7f6054005430 13 pem_load (type=CRED_PRIVATE_KEY, subtype=1, args=) at /usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c:498 file = 0x7f6069d21a20 "/var/opt/public/sps/sps_necema/data/public/IPsec/secureboot_on/IPsec-internal_key.pem" pem = subject = 0x0 flags = 0 Problem lies in frame 12 & 11. (gdb) f 12 12 0x7f606ebaf0e4 in load_from_file (flags=X509_NONE, subject=0x0, subtype=1, type=CRED_PRIVATE_KEY, file=0x7f6069d21a20 "/var/opt/public/sps/sps_necema/data/public/IPsec/secureboot_on/IPsec-internal_key.pem") at /usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c:452 452 in /usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c (gdb) info locals cred = chunk = 0x7f6054005430 (gdb) print *chunk $21 = {ptr = 0x7f60728b7000 , len = 1704} (gdb) f 11 11 0x7f606ebae810 in load_from_blob (blob=..., type=type@entry=CRED_PRIVATE_KEY, subtype=subtype@entry=1, subject=subject@entry=0x0, flags=flags@entry=X509_NONE) at /usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c:399 399 in /usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c (gdb) info args blob = {ptr = 0x7f60728b7000 , len = 140052215328768} type = CRED_PRIVATE_KEY subtype = 1 subject = 0x0 flags = X509_NONE (gdb) print blob $22 = {ptr = 0x7f60728b7000 , len = 140052215328768} Source code snippet : static void *load_from_file(char *file, credential_type_t type, int subtype, identification_t *subject, x509_flag_t flags) { void *cred; chunk_t *chunk; chunk = chunk_map(file, FALSE); if (!chunk) { DBG1(DBG_LIB, " opening '%s' failed: %s", file, strerror(errno)); return NULL; } cred = load_from_blob(*chunk, type, subtype, subject, flags); chunk_unmap(chunk); return cred; } Local variable chunk is an uninitialised pointer in load_from_file() (frame 12 above) which is expected to get initialised through chunk_map() & then passed to load_from_blob() as a parameter. But somehow, the chunk pointer has not got initialised & got passed as it is to load_from_blob() in frame 11 above. As this contains a garbage address, when method load_from_blob() tried cloning the memory regions through chunk_clone() -> chunk_create_clone() -> memcpy() -> memcpy_noop(), it crashed with SIGBUS (frames 10, 9, 8). It could also be that chunk_map() has a bug which does not memmap() the full or correct areas. Upstream-Status: Pending Tested By: Anuj Chougule Signed-off-by: Anuj Chougule Signed-off-by: Saloni Jain --- .../strongswan/files/fix-charon-crash.patch| 23 ++ 1 file changed, 23 insertions(+) create mode 100644 recipes-support/strongswan/files/fix-charon-crash.patch diff --git a/recipes-support/strongswan/files/fix-charon-crash.patch b/recipes-support/strongswan/files/fix-charon-crash.patch new file mode 100644 index 000..95e71a2 --- /dev/null +++ b/recipes-support/strongswan/files/fix-charon-crash.patch @@ -0,0 +1,23 @@ +strongswan: avoid charon crash + +Variable chunk is an uninitialised pointer,which +is expected to get initialised through method chunk_map() +& then passed to load_from_blob() as a parameter. +But somehow, if the chunk pointer did not get initialised & gets +passed as it is to load_from_blob(), it may lead crash
[OE-core] [poky][sumo][PATCH] bzip2: Fix CVE-2019-12900
From: Sana Kazi Added patch for CVE-2019-12900 as backport from upstream. Fixes out of bound access discovered while fuzzying karchive. Tested by: sana.k...@kpit.com Signed-off-by: Saloni Jain --- .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 36 ++ meta/recipes-extended/bzip2/bzip2_1.0.6.bb | 2 ++ 2 files changed, 38 insertions(+) create mode 100644 meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch new file mode 100644 index 000..c2eb82a --- /dev/null +++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch @@ -0,0 +1,36 @@ +From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Tue, 28 May 2019 19:35:18 +0200 +Subject: [PATCH] Make sure nSelectors is not out of range + +nSelectors is used in a loop from 0 to nSelectors to access selectorMtf +which is +UCharselectorMtf[BZ_MAX_SELECTORS]; +so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory +access +Fixes out of bounds access discovered while fuzzying karchive + +Link: https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc.patch + +Upstream-Status: Backport +CVE: CVE-2019-12900.patch +Signed-off-by: Saloni Jain +--- + decompress.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/decompress.c b/decompress.c +index ab6a624..f3db91d 100644 +--- a/decompress.c b/decompress.c +@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s ) + GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); + if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR); + GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); +- if (nSelectors < 1) RETURN(BZ_DATA_ERROR); ++ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR); + for (i = 0; i < nSelectors; i++) { + j = 0; + while (True) { +-- +2.22.0 diff --git a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb index acbf80a..688e177 100644 --- a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb +++ b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb @@ -8,12 +8,14 @@ LICENSE = "bzip2" LIC_FILES_CHKSUM = "file://LICENSE;beginline=8;endline=37;md5=40d9d1eb05736d1bfc86cfdd9106e6b2" PR = "r5" +FILESEXTRAPATHS_prepend := "${THISDIR}/bzip2-1.0.6:" SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/${BP}.tar.gz \ file://fix-bunzip2-qt-returns-0-for-corrupt-archives.patch \ file://configure.ac;subdir=${BP} \ file://Makefile.am;subdir=${BP} \ file://run-ptest \ file://CVE-2016-3189.patch \ + file://CVE-2019-12900.patch \ " SRC_URI[md5sum] = "00b516f4704d4a7cb50a1d97e6e8e15b" -- 2.7.4 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [poky][zeus][PATCH] bzip2: Fix CVE-2019-12900
From: Sana Kazi Added patch for CVE-2019-12900 as backport from upstream. Fixes out of bound access discovered while fuzzying karchive. Tested by: sana.k...@kpit.com Signed-off-by: Saloni Jain --- .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 36 ++ 1 file changed, 36 insertions(+) create mode 100644 meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch new file mode 100644 index 000..c2eb82a --- /dev/null +++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch @@ -0,0 +1,36 @@ +From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Tue, 28 May 2019 19:35:18 +0200 +Subject: [PATCH] Make sure nSelectors is not out of range + +nSelectors is used in a loop from 0 to nSelectors to access selectorMtf +which is +UCharselectorMtf[BZ_MAX_SELECTORS]; +so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory +access +Fixes out of bounds access discovered while fuzzying karchive + +Link: https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc.patch + +Upstream-Status: Backport +CVE: CVE-2019-12900.patch +Signed-off-by: Saloni Jain +--- + decompress.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/decompress.c b/decompress.c +index ab6a624..f3db91d 100644 +--- a/decompress.c b/decompress.c +@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s ) + GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); + if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR); + GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); +- if (nSelectors < 1) RETURN(BZ_DATA_ERROR); ++ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR); + for (i = 0; i < nSelectors; i++) { + j = 0; + while (True) { +-- +2.22.0 -- 2.7.4 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [poky][master][PATCH] bzip2: Fix CVE-2019-12900
From: Sana Kazi Added patch for CVE-2019-12900 as backport from upstream. Fixes out of bound access discovered while fuzzying karchive. Tested by: sana.k...@kpit.com Signed-off-by: Saloni Jain --- .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 36 ++ 1 file changed, 36 insertions(+) create mode 100644 meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch new file mode 100644 index 000..c2eb82a --- /dev/null +++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch @@ -0,0 +1,36 @@ +From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Tue, 28 May 2019 19:35:18 +0200 +Subject: [PATCH] Make sure nSelectors is not out of range + +nSelectors is used in a loop from 0 to nSelectors to access selectorMtf +which is +UCharselectorMtf[BZ_MAX_SELECTORS]; +so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory +access +Fixes out of bounds access discovered while fuzzying karchive + +Link: https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc.patch + +Upstream-Status: Backport +CVE: CVE-2019-12900.patch +Signed-off-by: Saloni Jain +--- + decompress.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/decompress.c b/decompress.c +index ab6a624..f3db91d 100644 +--- a/decompress.c b/decompress.c +@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s ) + GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); + if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR); + GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); +- if (nSelectors < 1) RETURN(BZ_DATA_ERROR); ++ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR); + for (i = 0; i < nSelectors; i++) { + j = 0; + while (True) { +-- +2.22.0 -- 2.7.4 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [poky][master][PATCH] Added patch for CVE-2019-12900 as backport from upstream.
From: Sana Kazi Fixes out of bound access discovered while fuzzying karchive. Tested by: sana.k...@kpit.com Signed-off-by: Saloni Jain --- .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 36 ++ 1 file changed, 36 insertions(+) create mode 100644 meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch new file mode 100644 index 000..c2eb82a --- /dev/null +++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch @@ -0,0 +1,36 @@ +From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Tue, 28 May 2019 19:35:18 +0200 +Subject: [PATCH] Make sure nSelectors is not out of range + +nSelectors is used in a loop from 0 to nSelectors to access selectorMtf +which is +UCharselectorMtf[BZ_MAX_SELECTORS]; +so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory +access +Fixes out of bounds access discovered while fuzzying karchive + +Link: https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc.patch + +Upstream-Status: Backport +CVE: CVE-2019-12900.patch +Signed-off-by: Saloni Jain +--- + decompress.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/decompress.c b/decompress.c +index ab6a624..f3db91d 100644 +--- a/decompress.c b/decompress.c +@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s ) + GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); + if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR); + GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); +- if (nSelectors < 1) RETURN(BZ_DATA_ERROR); ++ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR); + for (i = 0; i < nSelectors; i++) { + j = 0; + while (True) { +-- +2.22.0 -- 2.7.4 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [poky][master][PATCH] bzip2: Fix CVE-2019-12900
Hi Ross, I have added SOB details and sent another upstreaming request. For warrier and thud we can simply backport from the master release or we can additionally add the fix for both as well. Please suggest. Thanks & Regards, Saloni From: Ross Burton Sent: Wednesday, January 15, 2020 10:00 PM To: openembedded-core@lists.openembedded.org ; Saloni Jain Subject: Re: [OE-core] [poky][master][PATCH] bzip2: Fix CVE-2019-12900 On 15/01/2020 15:47, Saloni Jain wrote: > From: Sana Kazi > > Added patch for CVE-2019-12900 as backport from upstream. > Fixes out of bound access discovered while fuzzying karchive. > > Tested by: sana.k...@kpit.com > > Signed-off-by: Saloni Jain Need a S-o-b in the patch itself alongside a CVE tag, but also why not a backport for Warrior and Thud? Ross This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [poky][zeus][PATCH] bzip2: Fix CVE-2019-12900
From: Sana Kazi Added patch for CVE-2019-12900 as backport from upstream. Fixes out of bound access discovered while fuzzying karchive. Tested by: sana.k...@kpit.com Signed-off-by: Saloni Jain --- .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 35 ++ 1 file changed, 35 insertions(+) create mode 100644 meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch new file mode 100644 index 000..94ddd73 --- /dev/null +++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch @@ -0,0 +1,35 @@ +From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Tue, 28 May 2019 19:35:18 +0200 +Subject: [PATCH] Make sure nSelectors is not out of range + +nSelectors is used in a loop from 0 to nSelectors to access selectorMtf +which is +UCharselectorMtf[BZ_MAX_SELECTORS]; +so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory +access +Fixes out of bounds access discovered while fuzzying karchive + +Link: https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc.patch + +Upstream-Status: Backport +Signed-off-by: Saloni Jain +--- + decompress.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/decompress.c b/decompress.c +index ab6a624..f3db91d 100644 +--- a/decompress.c b/decompress.c +@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s ) + GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); + if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR); + GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); +- if (nSelectors < 1) RETURN(BZ_DATA_ERROR); ++ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR); + for (i = 0; i < nSelectors; i++) { + j = 0; + while (True) { +-- +2.22.0 -- 2.7.4 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [poky][sumo][PATCH] bzip2: Fix CVE-2019-12900
From: Sana Kazi Added patch for CVE-2019-12900 as backport from upstream. Fixes out of bound access discovered while fuzzying karchive. Tested by: sana.k...@kpit.com Signed-off-by: Saloni Jain --- .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 35 ++ meta/recipes-extended/bzip2/bzip2_1.0.6.bb | 2 ++ 2 files changed, 37 insertions(+) create mode 100644 meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch new file mode 100644 index 000..94ddd73 --- /dev/null +++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch @@ -0,0 +1,35 @@ +From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Tue, 28 May 2019 19:35:18 +0200 +Subject: [PATCH] Make sure nSelectors is not out of range + +nSelectors is used in a loop from 0 to nSelectors to access selectorMtf +which is +UCharselectorMtf[BZ_MAX_SELECTORS]; +so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory +access +Fixes out of bounds access discovered while fuzzying karchive + +Link: https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc.patch + +Upstream-Status: Backport +Signed-off-by: Saloni Jain +--- + decompress.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/decompress.c b/decompress.c +index ab6a624..f3db91d 100644 +--- a/decompress.c b/decompress.c +@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s ) + GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); + if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR); + GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); +- if (nSelectors < 1) RETURN(BZ_DATA_ERROR); ++ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR); + for (i = 0; i < nSelectors; i++) { + j = 0; + while (True) { +-- +2.22.0 diff --git a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb index acbf80a..688e177 100644 --- a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb +++ b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb @@ -8,12 +8,14 @@ LICENSE = "bzip2" LIC_FILES_CHKSUM = "file://LICENSE;beginline=8;endline=37;md5=40d9d1eb05736d1bfc86cfdd9106e6b2" PR = "r5" +FILESEXTRAPATHS_prepend := "${THISDIR}/bzip2-1.0.6:" SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/${BP}.tar.gz \ file://fix-bunzip2-qt-returns-0-for-corrupt-archives.patch \ file://configure.ac;subdir=${BP} \ file://Makefile.am;subdir=${BP} \ file://run-ptest \ file://CVE-2016-3189.patch \ + file://CVE-2019-12900.patch \ " SRC_URI[md5sum] = "00b516f4704d4a7cb50a1d97e6e8e15b" -- 2.7.4 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [poky][master][PATCH] bzip2: Fix CVE-2019-12900
From: Sana Kazi Added patch for CVE-2019-12900 as backport from upstream. Fixes out of bound access discovered while fuzzying karchive. Tested by: sana.k...@kpit.com Signed-off-by: Saloni Jain --- .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 35 ++ 1 file changed, 35 insertions(+) create mode 100644 meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch new file mode 100644 index 000..94ddd73 --- /dev/null +++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch @@ -0,0 +1,35 @@ +From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Tue, 28 May 2019 19:35:18 +0200 +Subject: [PATCH] Make sure nSelectors is not out of range + +nSelectors is used in a loop from 0 to nSelectors to access selectorMtf +which is +UCharselectorMtf[BZ_MAX_SELECTORS]; +so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory +access +Fixes out of bounds access discovered while fuzzying karchive + +Link: https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc.patch + +Upstream-Status: Backport +Signed-off-by: Saloni Jain +--- + decompress.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/decompress.c b/decompress.c +index ab6a624..f3db91d 100644 +--- a/decompress.c b/decompress.c +@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s ) + GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); + if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR); + GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); +- if (nSelectors < 1) RETURN(BZ_DATA_ERROR); ++ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR); + for (i = 0; i < nSelectors; i++) { + j = 0; + while (True) { +-- +2.22.0 -- 2.7.4 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [poky][zeus][PATCH] bzip2: Fix CVE-2019-12900
Hello Khem Raj, We have tested the applicability for this patch on master as well and as per analysis it is applicable. I've sent the same patch for master branch as well in a separate mail. Thanks & Regards, Saloni From: Khem Raj Sent: Wednesday, January 15, 2020 10:36 PM To: Saloni Jain Cc: openembedded-core@lists.openembedded.org ; Nisha Parrakat ; Sana Kazi Subject: Re: [poky][zeus][PATCH] bzip2: Fix CVE-2019-12900 On Wed, Jan 15, 2020 at 7:51 AM Saloni Jain wrote: > > From: Sana Kazi > > Added patch for CVE-2019-12900 as backport from upstream. > Fixes out of bound access discovered while fuzzying karchive. > is this fix already present in the bzip2 version we have in master ? > Tested by: sana.k...@kpit.com > > Signed-off-by: Saloni Jain > --- > .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 34 > ++ > 1 file changed, 34 insertions(+) > create mode 100644 > meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch > > diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch > b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch > new file mode 100644 > index 000..cab41e0 > --- /dev/null > +++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch > @@ -0,0 +1,34 @@ > +From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001 > +From: Albert Astals Cid > +Date: Tue, 28 May 2019 19:35:18 +0200 > +Subject: [PATCH] Make sure nSelectors is not out of range > + > +nSelectors is used in a loop from 0 to nSelectors to access selectorMtf > +which is > +UCharselectorMtf[BZ_MAX_SELECTORS]; > +so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory > +access > +Fixes out of bounds access discovered while fuzzying karchive > + > +Link: > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitlab.com%2Ffedericomenaquintero%2Fbzip2%2Fcommit%2F74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc.patchdata=02%7C01%7CSaloni.Jain%40kpit.com%7C370b10dc1f7a4288166208d799dd5023%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637147048150016848sdata=m%2B9a%2FxYEqAA7JLjimmgLtLfvvBV2WtyInZf9a7DCfQg%3Dreserved=0 > + > +Upstream-Status: Backport > +--- > + decompress.c | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/decompress.c b/decompress.c > +index ab6a624..f3db91d 100644 > +--- a/decompress.c > b/decompress.c > +@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s ) > + GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); > + if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR); > + GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); > +- if (nSelectors < 1) RETURN(BZ_DATA_ERROR); > ++ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) > RETURN(BZ_DATA_ERROR); > + for (i = 0; i < nSelectors; i++) { > + j = 0; > + while (True) { > +-- > +2.22.0 > -- > 2.7.4 > > This message contains information that may be privileged or confidential and > is the property of the KPIT Technologies Ltd. It is intended only for the > person to whom it is addressed. If you are not the intended recipient, you > are not authorized to read, print, retain copy, disseminate, distribute, or > use this message or any part thereof. If you receive this message in error, > please notify the sender immediately and delete all copies of this message. > KPIT Technologies Ltd. does not accept any liability for virus infected mails. This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [poky][zeus][PATCH] bzip2: Fix CVE-2019-12900
From: Sana Kazi Added patch for CVE-2019-12900 as backport from upstream. Fixes out of bound access discovered while fuzzying karchive. Tested by: sana.k...@kpit.com Signed-off-by: Saloni Jain --- .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 34 ++ 1 file changed, 34 insertions(+) create mode 100644 meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch new file mode 100644 index 000..cab41e0 --- /dev/null +++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch @@ -0,0 +1,34 @@ +From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Tue, 28 May 2019 19:35:18 +0200 +Subject: [PATCH] Make sure nSelectors is not out of range + +nSelectors is used in a loop from 0 to nSelectors to access selectorMtf +which is +UCharselectorMtf[BZ_MAX_SELECTORS]; +so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory +access +Fixes out of bounds access discovered while fuzzying karchive + +Link: https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc.patch + +Upstream-Status: Backport +--- + decompress.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/decompress.c b/decompress.c +index ab6a624..f3db91d 100644 +--- a/decompress.c b/decompress.c +@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s ) + GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); + if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR); + GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); +- if (nSelectors < 1) RETURN(BZ_DATA_ERROR); ++ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR); + for (i = 0; i < nSelectors; i++) { + j = 0; + while (True) { +-- +2.22.0 -- 2.7.4 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [poky][sumo][PATCH] bzip2: Fix CVE-2019-12900
From: Sana Kazi Added patch for CVE-2019-12900 as backport from upstream. Fixes out of bound access discovered while fuzzying karchive. Tested by: sana.k...@kpit.com Signed-off-by: Saloni Jain --- .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 34 ++ meta/recipes-extended/bzip2/bzip2_1.0.6.bb | 2 ++ 2 files changed, 36 insertions(+) create mode 100644 meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch new file mode 100644 index 000..cab41e0 --- /dev/null +++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch @@ -0,0 +1,34 @@ +From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Tue, 28 May 2019 19:35:18 +0200 +Subject: [PATCH] Make sure nSelectors is not out of range + +nSelectors is used in a loop from 0 to nSelectors to access selectorMtf +which is +UCharselectorMtf[BZ_MAX_SELECTORS]; +so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory +access +Fixes out of bounds access discovered while fuzzying karchive + +Link: https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc.patch + +Upstream-Status: Backport +--- + decompress.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/decompress.c b/decompress.c +index ab6a624..f3db91d 100644 +--- a/decompress.c b/decompress.c +@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s ) + GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); + if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR); + GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); +- if (nSelectors < 1) RETURN(BZ_DATA_ERROR); ++ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR); + for (i = 0; i < nSelectors; i++) { + j = 0; + while (True) { +-- +2.22.0 diff --git a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb index acbf80a..688e177 100644 --- a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb +++ b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb @@ -8,12 +8,14 @@ LICENSE = "bzip2" LIC_FILES_CHKSUM = "file://LICENSE;beginline=8;endline=37;md5=40d9d1eb05736d1bfc86cfdd9106e6b2" PR = "r5" +FILESEXTRAPATHS_prepend := "${THISDIR}/bzip2-1.0.6:" SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/${BP}.tar.gz \ file://fix-bunzip2-qt-returns-0-for-corrupt-archives.patch \ file://configure.ac;subdir=${BP} \ file://Makefile.am;subdir=${BP} \ file://run-ptest \ file://CVE-2016-3189.patch \ + file://CVE-2019-12900.patch \ " SRC_URI[md5sum] = "00b516f4704d4a7cb50a1d97e6e8e15b" -- 2.7.4 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [poky][master][PATCH] bzip2: Fix CVE-2019-12900
From: Sana Kazi Added patch for CVE-2019-12900 as backport from upstream. Fixes out of bound access discovered while fuzzying karchive. Tested by: sana.k...@kpit.com Signed-off-by: Saloni Jain --- .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 34 ++ 1 file changed, 34 insertions(+) create mode 100644 meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch new file mode 100644 index 000..cab41e0 --- /dev/null +++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch @@ -0,0 +1,34 @@ +From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Tue, 28 May 2019 19:35:18 +0200 +Subject: [PATCH] Make sure nSelectors is not out of range + +nSelectors is used in a loop from 0 to nSelectors to access selectorMtf +which is +UCharselectorMtf[BZ_MAX_SELECTORS]; +so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory +access +Fixes out of bounds access discovered while fuzzying karchive + +Link: https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc.patch + +Upstream-Status: Backport +--- + decompress.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/decompress.c b/decompress.c +index ab6a624..f3db91d 100644 +--- a/decompress.c b/decompress.c +@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s ) + GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); + if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR); + GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); +- if (nSelectors < 1) RETURN(BZ_DATA_ERROR); ++ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR); + for (i = 0; i < nSelectors; i++) { + j = 0; + while (True) { +-- +2.22.0 -- 2.7.4 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core