from:"saloni"

[OE-core] [poky][dunfell][PATCH] ffmpeg: Add fix for CVEs

2021-10-05 Thread Saloni Jain

From: Saloni 

Add fix for below CVE:
CVE-2021-3566
Link: 
[http://git.videolan.org/?p=ffmpeg.git;a=patch;h=3bce9e9b3ea35c54ba793d7da99ea5157532]

CVE-2021-38291
Link: 
[http://git.videolan.org/?p=ffmpeg.git;a=patch;h=e01d306c647b5827102260b885faa223b646d2d1]

Signed-off-by: Saloni Jain 
---
 .../ffmpeg/ffmpeg/CVE-2021-3566.patch | 61 +++
 .../ffmpeg/ffmpeg/CVE-2021-38291.patch| 53 
 .../recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb |  4 +-
 3 files changed, 117 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-3566.patch
 create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-38291.patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-3566.patch 
b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-3566.patch
new file mode 100644
index 00..abfc024820
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-3566.patch
@@ -0,0 +1,61 @@
+From 3bce9e9b3ea35c54ba793d7da99ea5157532 Mon Sep 17 00:00:00 2001
+From: Paul B Mahol 
+Date: Mon, 27 Jan 2020 21:53:08 +0100
+Subject: [PATCH] avformat/tty: add probe function
+
+CVE: CVE-2021-3566
+Signed-off-by: Saloni Jain 
+
+Upstream-Status: Backport 
[http://git.videolan.org/?p=ffmpeg.git;a=patch;h=3bce9e9b3ea35c54ba793d7da99ea5157532]
+Comment: No changes/refreshing done.
+---
+ libavformat/tty.c | 21 -
+ 1 file changed, 20 insertions(+), 1 deletion(-)
+
+diff --git a/libavformat/tty.c b/libavformat/tty.c
+index 8d48f2c45c12..60f7e9f87ee7 100644
+--- a/libavformat/tty.c
 b/libavformat/tty.c
+@@ -34,6 +34,13 @@
+ #include "internal.h"
+ #include "sauce.h"
+ 
++static int isansicode(int x)
++{
++return x == 0x1B || x == 0x0A || x == 0x0D || (x >= 0x20 && x < 0x7f);
++}
++
++static const char tty_extensions[31] = "ans,art,asc,diz,ice,nfo,txt,vt";
++
+ typedef struct TtyDemuxContext {
+ AVClass *class;
+ int chars_per_frame;
+@@ -42,6 +49,17 @@ typedef struct TtyDemuxContext {
+ AVRational framerate; /**< Set by a private option. */
+ } TtyDemuxContext;
+ 
++static int read_probe(const AVProbeData *p)
++{
++int cnt = 0;
++
++for (int i = 0; i < p->buf_size; i++)
++cnt += !!isansicode(p->buf[i]);
++
++return (cnt * 100LL / p->buf_size) * (cnt > 400) *
++!!av_match_ext(p->filename, tty_extensions);
++}
++
+ /**
+  * Parse EFI header
+  */
+@@ -153,8 +171,9 @@ AVInputFormat ff_tty_demuxer = {
+ .name   = "tty",
+ .long_name  = NULL_IF_CONFIG_SMALL("Tele-typewriter"),
+ .priv_data_size = sizeof(TtyDemuxContext),
++.read_probe = read_probe,
+ .read_header= read_header,
+ .read_packet= read_packet,
+-.extensions = "ans,art,asc,diz,ice,nfo,txt,vt",
++.extensions = tty_extensions,
+ .priv_class = _demuxer_class,
+ };
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-38291.patch 
b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-38291.patch
new file mode 100644
index 00..e5be985fc3
--- /dev/null
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2021-38291.patch
@@ -0,0 +1,53 @@
+From e01d306c647b5827102260b885faa223b646d2d1 Mon Sep 17 00:00:00 2001
+From: James Almer 
+Date: Wed, 21 Jul 2021 01:02:44 -0300
+Subject: [PATCH] avcodec/utils: don't return negative values in
+ av_get_audio_frame_duration()
+
+In some extrme cases, like with adpcm_ms samples with an extremely high channel
+count, get_audio_frame_duration() may return a negative frame duration value.
+Don't propagate it, and instead return 0, signaling that a duration could not
+be determined.
+
+CVE: CVE-2021-3566
+Fixes ticket #9312
+Signed-off-by: James Almer 
+Signed-off-by: Saloni Jain 
+
+Upstream-Status: Backport 
[http://git.videolan.org/?p=ffmpeg.git;a=patch;h=e01d306c647b5827102260b885faa223b646d2d1]
+Comment: No changes/refreshing done.
+---
+ libavcodec/utils.c | 6 --
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/libavcodec/utils.c b/libavcodec/utils.c
+index 5fad782f5a..cfc07cbcb8 100644
+--- a/libavcodec/utils.c
 b/libavcodec/utils.c
+@@ -810,20 +810,22 @@ static int get_audio_frame_duration(enum AVCodecID id, 
int sr, int ch, int ba,
+ 
+ int av_get_audio_frame_duration(AVCodecContext *avctx, int frame_bytes)
+ {
+-return get_audio_frame_duration(avctx->codec_id, avctx->sample_rate,
++int duration = get_audio_frame_duration(avctx->codec_id, 
avctx->sample_rate,
+ avctx->channels, avctx->block_align,
+ avctx->codec_tag, 
avctx->bits_per_coded_sample,
+ avctx->bit_rate, avctx->extradata, 
avctx->frame_size,
+ frame_bytes);
++return FFMAX(0, duration);
+ }
+ 
+ int av_get_audio_frame_duration2(AVCode

Re: [OE-core] [poky][dunfell][PATCH] libxcrypt: Add fix for CVE-2021-33560

2021-09-13 Thread saloni

Happy to help!  
I really appreciate you taking time to express gratitude.


Thanks & Regards,
Saloni Jain

From: Steve Sakoman 
Sent: Monday, September 13, 2021 9:03 PM
To: Saloni Jain 
Cc: Patches and discussions about the oe-core layer 
; Khem Raj ; 
Nisha Parrakat ; Saloni Jain 
Subject: Re: [OE-core] [poky][dunfell][PATCH] libxcrypt: Add fix for 
CVE-2021-33560

Caution: This email originated from outside of the KPIT. Do not click links or 
open attachments unless you recognize the sender and know the content is safe.

On Mon, Sep 13, 2021 at 3:16 AM Saloni Jain  wrote:
>
> From: Saloni Jain 
>
> Add fix for below CVE:
> CVE-2021-33560

Armin submitted a patch for this CVE last week:

https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.openembedded.org%2Fg%2Fopenembedded-core%2Fmessage%2F155935data=04%7C01%7CSaloni.Jain%40kpit.com%7Cab35b176f5054ba2760408d976cbd354%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637671440110080648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=drHkzkMi9PsPKXMK88kMxtc1tPfrCl72UfDLLYlx7yQ%3Dreserved=0

Thanks for helping with CVE's though, I appreciate the effort!

Steve

> Link: 
> [https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.gnupg.org%2Fcgi-bin%2Fgitweb.cgi%3Fp%3Dlibgcrypt.git%3Ba%3Dpatch%3Bh%3D3462280f2e23e16adf3ed5176e0f2413d8861320data=04%7C01%7CSaloni.Jain%40kpit.com%7Cab35b176f5054ba2760408d976cbd354%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637671440110080648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=mxW8l7hc7mDiu3UKIXQegIMJsP6kWfWmJ%2FbkQEVL958%3Dreserved=0]
>
> Signed-off-by: Saloni Jain
> ---
>  .../libgcrypt/files/CVE-2021-33560.patch  | 108 ++
>  .../libgcrypt/libgcrypt_1.8.5.bb  |   1 +
>  2 files changed, 109 insertions(+)
>  create mode 100644 meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch
>
> diff --git a/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch 
> b/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch
> new file mode 100644
> index 00..ba51af46b3
> --- /dev/null
> +++ b/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch
> @@ -0,0 +1,108 @@
> +From 3462280f2e23e16adf3ed5176e0f2413d8861320 Mon Sep 17 00:00:00 2001
> +From: NIIBE Yutaka 
> +Date: Fri, 21 May 2021 11:15:07 +0900
> +Subject: [PATCH] cipher: Fix ElGamal encryption for other implementations.
> +
> +* cipher/elgamal.c (gen_k): Remove support of smaller K.
> +(do_encrypt): Never use smaller K.
> +(sign): Folllow the change of gen_k.
> +
> +--
> +
> +Cherry-pick master commit of:
> +   632d80ef30e13de6926d503aa697f92b5dbfbc5e
> +
> +This change basically reverts encryption changes in two commits:
> +
> +   74386120dad6b3da62db37f7044267c8ef34689b
> +   78531373a342aeb847950f404343a05e36022065
> +
> +Use of smaller K for ephemeral key in ElGamal encryption is only good,
> +when we can guarantee that recipient's key is generated by our
> +implementation (or compatible).
> +
> +For detail, please see:
> +
> +Luca De Feo, Bertram Poettering, Alessandro Sorniotti,
> +"On the (in)security of ElGamal in OpenPGP";
> +in the proceedings of  CCS'2021.
> +
> +CVE: CVE-2021-33560
> +GnuPG-bug-id: 5328
> +Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti
> +Signed-off-by: NIIBE Yutaka 
> +Signed-off-by: Saloni Jain 
> +
> +Upstream-Status: Backport 
> [https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.gnupg.org%2Fcgi-bin%2Fgitweb.cgi%3Fp%3Dlibgcrypt.git%3Ba%3Dpatch%3Bh%3D3462280f2e23e16adf3ed5176e0f2413d8861320data=04%7C01%7CSaloni.Jain%40kpit.com%7Cab35b176f5054ba2760408d976cbd354%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637671440110090650%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=XEr2AaiwglyGxJRihsQJmNwA5jqW5mO%2FHHNOtWgoI1o%3Dreserved=0]
> +Comment: No changes/refreshing done.
> +---
> + cipher/elgamal.c | 24 ++--
> + 1 file changed, 6 insertions(+), 18 deletions(-)
> +
> +diff --git a/cipher/elgamal.c b/cipher/elgamal.c
> +index 9835122f..eead4502 100644
> +--- a/cipher/elgamal.c
>  b/cipher/elgamal.c
> +@@ -66,7 +66,7 @@ static const char *elg_names[] =
> +
> +
> + static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie);
> +-static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k);
> ++static gcry_mpi_t gen_k (gcry_mpi_t p);
> + static gcry_err_code_t generate (ELG_secret_key *sk, unsigned nbits,
> +  gcry_mpi_t **factors);
> + static int  check_secret_key (ELG_secret_key *sk);
> +@@ -18

[OE-core] [poky][dunfell][PATCH] libxcrypt: Add fix for CVE-2021-33560

2021-09-13 Thread Saloni Jain

From: Saloni Jain 

Add fix for below CVE:
CVE-2021-33560
Link: 
[https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=patch;h=3462280f2e23e16adf3ed5176e0f2413d8861320]

Signed-off-by: Saloni Jain
---
 .../libgcrypt/files/CVE-2021-33560.patch  | 108 ++
 .../libgcrypt/libgcrypt_1.8.5.bb  |   1 +
 2 files changed, 109 insertions(+)
 create mode 100644 meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch

diff --git a/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch 
b/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch
new file mode 100644
index 00..ba51af46b3
--- /dev/null
+++ b/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch
@@ -0,0 +1,108 @@
+From 3462280f2e23e16adf3ed5176e0f2413d8861320 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka 
+Date: Fri, 21 May 2021 11:15:07 +0900
+Subject: [PATCH] cipher: Fix ElGamal encryption for other implementations.
+
+* cipher/elgamal.c (gen_k): Remove support of smaller K.
+(do_encrypt): Never use smaller K.
+(sign): Folllow the change of gen_k.
+
+--
+
+Cherry-pick master commit of:
+   632d80ef30e13de6926d503aa697f92b5dbfbc5e
+
+This change basically reverts encryption changes in two commits:
+
+   74386120dad6b3da62db37f7044267c8ef34689b
+   78531373a342aeb847950f404343a05e36022065
+
+Use of smaller K for ephemeral key in ElGamal encryption is only good,
+when we can guarantee that recipient's key is generated by our
+implementation (or compatible).
+
+For detail, please see:
+
+Luca De Feo, Bertram Poettering, Alessandro Sorniotti,
+"On the (in)security of ElGamal in OpenPGP";
+in the proceedings of  CCS'2021.
+
+CVE: CVE-2021-33560
+GnuPG-bug-id: 5328
+Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti
+Signed-off-by: NIIBE Yutaka 
+Signed-off-by: Saloni Jain 
+
+Upstream-Status: Backport 
[https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=patch;h=3462280f2e23e16adf3ed5176e0f2413d8861320]
+Comment: No changes/refreshing done.
+---
+ cipher/elgamal.c | 24 ++--
+ 1 file changed, 6 insertions(+), 18 deletions(-)
+
+diff --git a/cipher/elgamal.c b/cipher/elgamal.c
+index 9835122f..eead4502 100644
+--- a/cipher/elgamal.c
 b/cipher/elgamal.c
+@@ -66,7 +66,7 @@ static const char *elg_names[] =
+ 
+ 
+ static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie);
+-static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k);
++static gcry_mpi_t gen_k (gcry_mpi_t p);
+ static gcry_err_code_t generate (ELG_secret_key *sk, unsigned nbits,
+  gcry_mpi_t **factors);
+ static int  check_secret_key (ELG_secret_key *sk);
+@@ -189,11 +189,10 @@ test_keys ( ELG_secret_key *sk, unsigned int nbits, int 
nodie )
+ 
+ /
+  * Generate a random secret exponent k from prime p, so that k is
+- * relatively prime to p-1.  With SMALL_K set, k will be selected for
+- * better encryption performance - this must never be used signing!
++ * relatively prime to p-1.
+  */
+ static gcry_mpi_t
+-gen_k( gcry_mpi_t p, int small_k )
++gen_k( gcry_mpi_t p )
+ {
+   gcry_mpi_t k = mpi_alloc_secure( 0 );
+   gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) );
+@@ -202,18 +201,7 @@ gen_k( gcry_mpi_t p, int small_k )
+   unsigned int nbits, nbytes;
+   char *rndbuf = NULL;
+ 
+-  if (small_k)
+-{
+-  /* Using a k much lesser than p is sufficient for encryption and
+-   * it greatly improves the encryption performance.  We use
+-   * Wiener's table and add a large safety margin. */
+-  nbits = wiener_map( orig_nbits ) * 3 / 2;
+-  if( nbits >= orig_nbits )
+-BUG();
+-}
+-  else
+-nbits = orig_nbits;
+-
++  nbits = orig_nbits;
+ 
+   nbytes = (nbits+7)/8;
+   if( DBG_CIPHER )
+@@ -492,7 +480,7 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, 
ELG_public_key *pkey )
+* error code.
+*/
+ 
+-  k = gen_k( pkey->p, 1 );
++  k = gen_k( pkey->p );
+   mpi_powm (a, pkey->g, k, pkey->p);
+ 
+   /* b = (y^k * input) mod p
+@@ -608,7 +596,7 @@ sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, 
ELG_secret_key *skey )
+ *
+ */
+ mpi_sub_ui(p_1, p_1, 1);
+-k = gen_k( skey->p, 0 /* no small K ! */ );
++k = gen_k( skey->p );
+ mpi_powm( a, skey->g, k, skey->p );
+ mpi_mul(t, skey->x, a );
+ mpi_subm(t, input, t, p_1 );
+-- 
+2.11.0
diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb 
b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
index 16a58ad9b8..174b087b24 100644
--- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
+++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
@@ -28,6 +28,7 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \

file://0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch \

file://0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch \
file://determinism.patch \
+   fil

[OE-core] [poky][dunfell][PATCH] db: Whitelist CVEs

2021-09-13 Thread Saloni Jain

From: Saloni Jain 

Below CVE affects only Oracle Berkeley DB as per upstream.
Hence, whitelisted them.

1. CVE-2015-2583
Link: https://security-tracker.debian.org/tracker/CVE-2015-2583
2. CVE-2015-2624
Link: https://security-tracker.debian.org/tracker/CVE-2015-2624
3. CVE-2015-2626
Link: https://security-tracker.debian.org/tracker/CVE-2015-2626
4. CVE-2015-2640
Link: https://security-tracker.debian.org/tracker/CVE-2015-2640
5. CVE-2015-2654
Link: https://security-tracker.debian.org/tracker/CVE-2015-2654
6. CVE-2015-2656
Link: https://security-tracker.debian.org/tracker/CVE-2015-2656
7. CVE-2015-4754
Link: https://security-tracker.debian.org/tracker/CVE-2015-4754
8. CVE-2015-4764
Link: https://security-tracker.debian.org/tracker/CVE-2015-4764
9. CVE-2015-4774
Link: https://security-tracker.debian.org/tracker/CVE-2015-4774
10. CVE-2015-4775
Link: https://security-tracker.debian.org/tracker/CVE-2015-4775
11. CVE-2015-4776
Link: https://security-tracker.debian.org/tracker/CVE-2015-4776
12. CVE-2015-4777
Link: https://security-tracker.debian.org/tracker/CVE-2015-4777
13. CVE-2015-4778
Link: https://security-tracker.debian.org/tracker/CVE-2015-4778
14. CVE-2015-4779
Link: https://security-tracker.debian.org/tracker/CVE-2015-4779
15. CVE-2015-4780
Link: https://security-tracker.debian.org/tracker/CVE-2015-4780
16. CVE-2015-4781
Link: https://security-tracker.debian.org/tracker/CVE-2015-4781
17. CVE-2015-4782
Link: https://security-tracker.debian.org/tracker/CVE-2015-4782
18. CVE-2015-4783
Link: https://security-tracker.debian.org/tracker/CVE-2015-4783
19. CVE-2015-4784
Link: https://security-tracker.debian.org/tracker/CVE-2015-4784
20. CVE-2015-4785
Link: https://security-tracker.debian.org/tracker/CVE-2015-4785
21. CVE-2015-4786
Link: https://security-tracker.debian.org/tracker/CVE-2015-4786
22. CVE-2015-4787
Link: https://security-tracker.debian.org/tracker/CVE-2015-4787
23. CVE-2015-4788
Link: https://security-tracker.debian.org/tracker/CVE-2015-4788
24. CVE-2015-4789
Link: https://security-tracker.debian.org/tracker/CVE-2015-4789
25. CVE-2015-4790
Link: https://security-tracker.debian.org/tracker/CVE-2015-4790
26. CVE-2016-0682
Link: https://security-tracker.debian.org/tracker/CVE-2016-0682
27. CVE-2016-0689
Link: https://security-tracker.debian.org/tracker/CVE-2016-0689
28. CVE-2016-0692
Link: https://security-tracker.debian.org/tracker/CVE-2016-0692
29. CVE-2016-0694
Link: https://security-tracker.debian.org/tracker/CVE-2016-0694
30. CVE-2016-3418
Link: https://security-tracker.debian.org/tracker/CVE-2016-3418
31. CVE-2017-3604
Link: https://security-tracker.debian.org/tracker/CVE-2017-3604
32. CVE-2017-3605
Link: https://security-tracker.debian.org/tracker/CVE-2017-3605
33. CVE-2017-3606
Link: https://security-tracker.debian.org/tracker/CVE-2017-3606
34. CVE-2017-3607
Link: https://security-tracker.debian.org/tracker/CVE-2017-3607
35. CVE-2017-3608
Link: https://security-tracker.debian.org/tracker/CVE-2017-3608
36. CVE-2017-3609
Link: https://security-tracker.debian.org/tracker/CVE-2017-3609
37. CVE-2017-3610
Link: https://security-tracker.debian.org/tracker/CVE-2017-3610
38. CVE-2017-3611
Link: https://security-tracker.debian.org/tracker/CVE-2017-3611
39. CVE-2017-3612
Link: https://security-tracker.debian.org/tracker/CVE-2017-3612
40. CVE-2017-3613
Link: https://security-tracker.debian.org/tracker/CVE-2017-3613
41. CVE-2017-3614
Link: https://security-tracker.debian.org/tracker/CVE-2017-3614
42. CVE-2017-3615
Link: https://security-tracker.debian.org/tracker/CVE-2017-3615
43. CVE-2017-3616
Link: https://security-tracker.debian.org/tracker/CVE-2017-3616
44. CVE-2017-3617
Link: https://security-tracker.debian.org/tracker/CVE-2017-3617
45. CVE-2020-2981
Link: https://security-tracker.debian.org/tracker/CVE-2020-2981

Signed-off-by: Saloni 
---
 meta/recipes-support/db/db_5.3.28.bb | 92 
 1 file changed, 92 insertions(+)

diff --git a/meta/recipes-support/db/db_5.3.28.bb 
b/meta/recipes-support/db/db_5.3.28.bb
index b2ae98f05c..000e9ef468 100644
--- a/meta/recipes-support/db/db_5.3.28.bb
+++ b/meta/recipes-support/db/db_5.3.28.bb
@@ -39,6 +39,98 @@ SRC_URI[sha256sum] = 
"e0a992d740709892e81f9d93f06daf305cf73fb81b545afe7247804317
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=ed1158e31437f4f87cdd4ab2b8613955"
 
+# Below CVEs affects only Oracle Berkeley DB as per upstream.
+# https://security-tracker.debian.org/tracker/CVE-2015-2583
+CVE_CHECK_WHITELIST += "CVE-2015-2583"
+# https://security-tracker.debian.org/tracker/CVE-2015-2624
+CVE_CHECK_WHITELIST += "CVE-2015-2624"
+# https://security-tracker.debian.org/tracker/CVE-2015-2626
+CVE_CHECK_WHITELIST += "CVE-2015-2626"
+# https://security-tracker.debian.org/tracker/CVE-2015-2640
+CVE_CHECK_WHITELIST += "CVE-2015-2640"
+# https://security-tracker.debian.org/tracker/CVE-2015-2654
+CVE_CHECK_WHITELIST += "CVE-2015-2654"
+# https://security-tracker.debian.org/track

Re: [OE-core] [poky][dunfell][PATCH] openssh: Add fixes for CVEs reported for openssh

2021-07-14 Thread saloni

Hello,

Sorry, please ignore the above mail, the changes have already been merged in 
dunfell branches, Thanks!

Thanks & Regards,
Saloni

From: Saloni Jain 
Sent: Wednesday, July 14, 2021 6:18 PM
To: openembedded-core@lists.openembedded.org 
; raj.k...@gmail.com 
; nishaparra...@gmail.com 
Subject: Re: [OE-core] [poky][dunfell][PATCH] openssh: Add fixes for CVEs 
reported for openssh

Hello,

Please take the below changes and merge them in upstream dunfell branch.

Thanks & Regards,
Saloni



Thanks & Regards,
Saloni

From: openembedded-core@lists.openembedded.org 
 on behalf of Nisha Parrakat via 
lists.openembedded.org 
Sent: Friday, May 28, 2021 11:54 PM
To: openembedded-core@lists.openembedded.org 
; raj.k...@gmail.com 

Cc: Sana Kazi 
Subject: [OE-core] [poky][dunfell][PATCH] openssh: Add fixes for CVEs reported 
for openssh

From: Sana Kazi 

Applied patch for CVE-2020-14145
Link: 
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanongit.mindrot.org%2Fopenssh.git%2Fpatch%2F%3Fid%3Db3855ff053f5078ec3d3c653cdaedefaa5fc362ddata=04%7C01%7Csaloni.jain%40kpit.com%7C9e4063537db7438df0b708d92205dda0%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637578230901384840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=58nmotzZqm2Po%2BHL7cacUspoI2mp3bigzMX%2B7cXWPcs%3Dreserved=0

Also, whitelisted below CVEs:

1.CVE-2020-15778:
As per upstream, because of the way scp is based on a historical
protocol called rcp which relies on that style of argument passing
and therefore encounters expansion problems. Making changes to how
the scp command line works breaks the pattern used by scp consumers.
Upstream therefore recommends the use of rsync in the place of
scp for better security. 
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.redhat.com%2Fshow_bug.cgi%3Fid%3D1860487data=04%7C01%7Csaloni.jain%40kpit.com%7C9e4063537db7438df0b708d92205dda0%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637578230901384840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=D7a5ndV1zxZZoyL1%2FQC4IDm2NfzdhZZqAVL2twU1fyg%3Dreserved=0

2.CVE-2008-3844: It was reported in OpenSSH on Red Hat Enterprise Linux
and certain packages may have been compromised. This CVE is not
applicable as our source is OpenBSD.
Links:
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecuritytracker.com%2Fid%3F1020730data=04%7C01%7Csaloni.jain%40kpit.com%7C9e4063537db7438df0b708d92205dda0%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637578230901384840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=FocRMgY0OzvtyRPecXK2mZEPApTJHBpYj0iLAkhbE3Q%3Dreserved=0
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.securityfocus.com%2Fbid%2F30794data=04%7C01%7Csaloni.jain%40kpit.com%7C9e4063537db7438df0b708d92205dda0%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637578230901384840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=19HGox5nLLnCLciNmH2%2F7rSXyY8CxeR2JPB14LdpdpY%3Dreserved=0

Also, for CVE-2007-2768 no fix is available yet as it's unavoidable
drawback of using one time passwords as per
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.suse.com%2Fshow_bug.cgi%3Fid%3DCVE-2007-2768data=04%7C01%7Csaloni.jain%40kpit.com%7C9e4063537db7438df0b708d92205dda0%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637578230901384840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=kK%2BD5EqSg8Kzy4zwiRjExvJ0twLz4GmObWrZ8tgHkP8%3Dreserved=0
Also it is marked as unimportant on debian
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2007-2768data=04%7C01%7Csaloni.jain%40kpit.com%7C9e4063537db7438df0b708d92205dda0%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637578230901384840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=FyhZJD1IsmrvacTdRJJv6xm3qpsjg7kuA3eIsw9iL48%3Dreserved=0

Mailed to CPE to update database for CVE-2020-15778, CVE-2008-3844
and CVE-2007-2768. We can upstream CVE-2020-14145 till we recieve
response from CPE.

Signed-off-by: Sana Kazi 
Signed-off-by: Nisha Parrakat 
---
 .../openssh/openssh/CVE-2020-14145.patch  | 97 +++
 .../openssh/openssh_8.2p1.bb  | 13 ++-
 2 files changed, 109 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch

diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch 
b/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch
new file mode 100644
index 00..3adb981fb4
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch
@@ -0,0 +1

Re: [OE-core] [poky][dunfell][PATCH] openssh: Add fixes for CVEs reported for openssh

2021-07-14 Thread saloni

Hello,

Please take the below changes and merge them in upstream dunfell branch.

Thanks & Regards,
Saloni



Thanks & Regards,
Saloni

From: openembedded-core@lists.openembedded.org 
 on behalf of Nisha Parrakat via 
lists.openembedded.org 
Sent: Friday, May 28, 2021 11:54 PM
To: openembedded-core@lists.openembedded.org 
; raj.k...@gmail.com 

Cc: Sana Kazi 
Subject: [OE-core] [poky][dunfell][PATCH] openssh: Add fixes for CVEs reported 
for openssh

From: Sana Kazi 

Applied patch for CVE-2020-14145
Link: 
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanongit.mindrot.org%2Fopenssh.git%2Fpatch%2F%3Fid%3Db3855ff053f5078ec3d3c653cdaedefaa5fc362ddata=04%7C01%7Csaloni.jain%40kpit.com%7C9e4063537db7438df0b708d92205dda0%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637578230901384840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=58nmotzZqm2Po%2BHL7cacUspoI2mp3bigzMX%2B7cXWPcs%3Dreserved=0

Also, whitelisted below CVEs:

1.CVE-2020-15778:
As per upstream, because of the way scp is based on a historical
protocol called rcp which relies on that style of argument passing
and therefore encounters expansion problems. Making changes to how
the scp command line works breaks the pattern used by scp consumers.
Upstream therefore recommends the use of rsync in the place of
scp for better security. 
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.redhat.com%2Fshow_bug.cgi%3Fid%3D1860487data=04%7C01%7Csaloni.jain%40kpit.com%7C9e4063537db7438df0b708d92205dda0%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637578230901384840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=D7a5ndV1zxZZoyL1%2FQC4IDm2NfzdhZZqAVL2twU1fyg%3Dreserved=0

2.CVE-2008-3844: It was reported in OpenSSH on Red Hat Enterprise Linux
and certain packages may have been compromised. This CVE is not
applicable as our source is OpenBSD.
Links:
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecuritytracker.com%2Fid%3F1020730data=04%7C01%7Csaloni.jain%40kpit.com%7C9e4063537db7438df0b708d92205dda0%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637578230901384840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=FocRMgY0OzvtyRPecXK2mZEPApTJHBpYj0iLAkhbE3Q%3Dreserved=0
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.securityfocus.com%2Fbid%2F30794data=04%7C01%7Csaloni.jain%40kpit.com%7C9e4063537db7438df0b708d92205dda0%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637578230901384840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=19HGox5nLLnCLciNmH2%2F7rSXyY8CxeR2JPB14LdpdpY%3Dreserved=0

Also, for CVE-2007-2768 no fix is available yet as it's unavoidable
drawback of using one time passwords as per
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.suse.com%2Fshow_bug.cgi%3Fid%3DCVE-2007-2768data=04%7C01%7Csaloni.jain%40kpit.com%7C9e4063537db7438df0b708d92205dda0%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637578230901384840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=kK%2BD5EqSg8Kzy4zwiRjExvJ0twLz4GmObWrZ8tgHkP8%3Dreserved=0
Also it is marked as unimportant on debian
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2007-2768data=04%7C01%7Csaloni.jain%40kpit.com%7C9e4063537db7438df0b708d92205dda0%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637578230901384840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=FyhZJD1IsmrvacTdRJJv6xm3qpsjg7kuA3eIsw9iL48%3Dreserved=0

Mailed to CPE to update database for CVE-2020-15778, CVE-2008-3844
and CVE-2007-2768. We can upstream CVE-2020-14145 till we recieve
response from CPE.

Signed-off-by: Sana Kazi 
Signed-off-by: Nisha Parrakat 
---
 .../openssh/openssh/CVE-2020-14145.patch  | 97 +++
 .../openssh/openssh_8.2p1.bb  | 13 ++-
 2 files changed, 109 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch

diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch 
b/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch
new file mode 100644
index 00..3adb981fb4
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch
@@ -0,0 +1,97 @@
+From b3855ff053f5078ec3d3c653cdaedefaa5fc362d Mon Sep 17 00:00:00 2001
+From: "d...@openbsd.org" 
+Date: Fri, 18 Sep 2020 05:23:03 +
+Subject: upstream: tweak the client hostkey preference ordering algorithm to
+
+prefer the default ordering if the user has a key that matches the
+best-preference default algorithm.
+
+feedback and ok markus@
+
+OpenBSD-Commit-ID: a92dd7d7520ddd95c0a16786a7519e6d0167d35f
+
+S

Re: [OE-core] [meta-java][dunfell][PATCH] xerces-j: Whitelisted CVE-2018-2799

2021-07-12 Thread saloni

Hi,

Please take the below changes and merge them in upstream dunfell branch.

Thanks & Regards,
Saloni

From: Saloni Jain 
Sent: Sunday, May 30, 2021 4:07 PM
To: openembedded-core@lists.openembedded.org 
; raj.k...@gmail.com 

Cc: Nisha Parrakat ; Saloni Jain 
Subject: [meta-java][dunfell][PATCH] xerces-j: Whitelisted CVE-2018-2799

From: Saloni Jain 

Whitelisted below CVE:
CVE-2018-2799:
CVE only applies to some Oracle Java SE and Red Hat
Enterprise Linux versions which is already fixed with
updates and the issue is closed.
Link: https://access.redhat.com/security/cve/CVE-2018-2799
Link: https://bugzilla.redhat.com/show_bug.cgi?id=1567542

Signed-off-by: Saloni 
---
 recipes-core/xerces-j/xerces-j_2.11.0.bb | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/recipes-core/xerces-j/xerces-j_2.11.0.bb 
b/recipes-core/xerces-j/xerces-j_2.11.0.bb
index 98ef32f..f2a4434 100644
--- a/recipes-core/xerces-j/xerces-j_2.11.0.bb
+++ b/recipes-core/xerces-j/xerces-j_2.11.0.bb
@@ -14,6 +14,12 @@ LIC_FILES_CHKSUM = " \

 SRC_URI = "http://archive.apache.org/dist/xerces/j/Xerces-J-src.${PV}.tar.gz;

+# CVE only applies to some Oracle Java SE and Red Hat Enterprise Linux 
versions.
+# Already fixed with updates and closed.
+# https://access.redhat.com/security/cve/CVE-2018-2799
+# https://bugzilla.redhat.com/show_bug.cgi?id=1567542
+CVE_CHECK_WHITELIST += "CVE-2018-2799"
+
 S = "${WORKDIR}/xerces-2_11_0"

 inherit java-library
--
2.17.1

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#153768): 
https://lists.openembedded.org/g/openembedded-core/message/153768
Mute This Topic: https://lists.openembedded.org/mt/83186189/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [meta-java][dunfell][PATCH] xerces-j: Whitelisted CVE-2018-2799

2021-05-30 Thread saloni

From: Saloni Jain 

Whitelisted below CVE:
CVE-2018-2799:
CVE only applies to some Oracle Java SE and Red Hat
Enterprise Linux versions which is already fixed with
updates and the issue is closed.
Link: https://access.redhat.com/security/cve/CVE-2018-2799
Link: https://bugzilla.redhat.com/show_bug.cgi?id=1567542

Signed-off-by: Saloni 
---
 recipes-core/xerces-j/xerces-j_2.11.0.bb | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/recipes-core/xerces-j/xerces-j_2.11.0.bb 
b/recipes-core/xerces-j/xerces-j_2.11.0.bb
index 98ef32f..f2a4434 100644
--- a/recipes-core/xerces-j/xerces-j_2.11.0.bb
+++ b/recipes-core/xerces-j/xerces-j_2.11.0.bb
@@ -14,6 +14,12 @@ LIC_FILES_CHKSUM = " \

 SRC_URI = "http://archive.apache.org/dist/xerces/j/Xerces-J-src.${PV}.tar.gz;

+# CVE only applies to some Oracle Java SE and Red Hat Enterprise Linux 
versions.
+# Already fixed with updates and closed.
+# https://access.redhat.com/security/cve/CVE-2018-2799
+# https://bugzilla.redhat.com/show_bug.cgi?id=1567542
+CVE_CHECK_WHITELIST += "CVE-2018-2799"
+
 S = "${WORKDIR}/xerces-2_11_0"

 inherit java-library
--
2.17.1

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#152425): 
https://lists.openembedded.org/g/openembedded-core/message/152425
Mute This Topic: https://lists.openembedded.org/mt/83186189/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [meta-oe][dunfell][PATCH] fuse: Whitelisted CVE-2019-14860

2021-04-09 Thread saloni

Hi Anuj,

Thankyou for the inputs. Will send another patch with version 2 in devel list.

Thanks & Regards,
Saloni

From: Mittal, Anuj 
Sent: Friday, April 9, 2021 12:21 PM
To: openembedded-core@lists.openembedded.org 
; Saloni Jain ; 
raj.k...@gmail.com 
Cc: Nisha Parrakat 
Subject: Re: [OE-core] [meta-oe][dunfell][PATCH] fuse: Whitelisted 
CVE-2019-14860

This patch should go to openembedded-de...@lists.openembedded.org.

I think the correct solution here would be to add CVE_PRODUCT =
"fuse_project:fuse" in the recipe to differentiate it from
"redhat:fuse".

Thanks,

Anuj

On Fri, 2021-04-09 at 12:04 +0530, saloni wrote:
> CVE-2019-14860 is a REDHAT specific issue and
> was addressed for REDHAT Fuse products on
> Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0.
> REDHAT has also released the fix and updated their
> security advisories after significant releases.
> Hence, whitelited the CVE-2019-14860.
>
> Link: 
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Faccess.redhat.com%2Fsecurity%2Fcve%2Fcve-2019-14860data=04%7C01%7Csaloni.jain%40kpit.com%7C6627a132de1241e7e00908d8fb23f991%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637535479248127831%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=tV7hFBfC9GEyCMZc97AEA%2FNG2VFBXAjh5WdRCiwvJCw%3Dreserved=0
> Link: 
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Faccess.redhat.com%2Ferrata%2FRHSA-2019%3A3244data=04%7C01%7Csaloni.jain%40kpit.com%7C6627a132de1241e7e00908d8fb23f991%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637535479248127831%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=LnP1BW%2FvzhT1vFcTwB9nBwqy%2BmsiNN2aX6hSstd1YCA%3Dreserved=0
> Link: 
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Faccess.redhat.com%2Ferrata%2FRHSA-2019%3A3892data=04%7C01%7Csaloni.jain%40kpit.com%7C6627a132de1241e7e00908d8fb23f991%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637535479248127831%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=VlLAdm2H%2Fu%2F9rLKV3Wj7hdHeMHJnR7sSovAIRflroqo%3Dreserved=0
>
> Signed-off-by: Saloni Jain 
> ---
>  meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb | 4 
>  1 file changed, 4 insertions(+)
>
> diff --git a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
> b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
> index 2c272d452..601232c6b 100644
> --- a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
> +++ b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
> @@ -19,6 +19,10 @@ SRC_URI =
> "https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Flibfuse%2Flibfuse%2Freleases%2Fdownload%2F%24data=04%7C01%7Csaloni.jain%40kpit.com%7C6627a132de1241e7e00908d8fb23f991%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637535479248127831%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=niPqtkGW3h%2BbJQXXMrM%2Fqm%2F2YB4Fty1oiXniQUyrjI8%3Dreserved=0{BP}/${BP}.tar
> .
>  SRC_URI[md5sum] = "8000410aadc9231fd48495f7642f3312"
>  SRC_URI[sha256sum] =
> "d0e69d5d608cc22ff4843791ad097f554dd32540ddc9bed7638cc6fea7c1b4b5"
>
> +# CVE-2019-14860 is a REDHAT specific issue and was addressed for
> REDHAT Fuse products on Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0.
> +# REDHAT has also released the fix and updated their security
> advisories after significant releases.
> +CVE_CHECK_WHITELIST += "CVE-2019-14860"
> +
>  UPSTREAM_CHECK_URI = 
> "https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Flibfuse%2Flibfuse%2Freleasesdata=04%7C01%7Csaloni.jain%40kpit.com%7C6627a132de1241e7e00908d8fb23f991%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637535479248127831%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=gjZBj5RhqtOdvvvH0uDpKtHvmpOaNV1%2F1s9RYmgx%2F3c%3Dreserved=0;
>  UPSTREAM_CHECK_REGEX = "fuse\-(?P2(\.\d+)+).tar.gz"
>
> --
> 2.17.1
>
> This message contains information that may be privileged or
> confidential and is the property of the KPIT Technologies Ltd. It is
> intended only for the person to whom it is addressed. If you are not
> the intended recipient, you are not authorized to read, print, retain
> copy, disseminate, distribute, or use this message or any part
> thereof. If you receive this message in error, please notify the
> sender immediately and delete all copies of this message. KPIT
> Technologies Ltd. does not accept any liability for virus infected
> mails.
>
> 
>

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is

[OE-core] [meta-oe][dunfell][PATCH] fuse: Whitelisted CVE-2019-14860

2021-04-09 Thread saloni

CVE-2019-14860 is a REDHAT specific issue and
was addressed for REDHAT Fuse products on
Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0.
REDHAT has also released the fix and updated their
security advisories after significant releases.
Hence, whitelited the CVE-2019-14860.

Link: https://access.redhat.com/security/cve/cve-2019-14860
Link: https://access.redhat.com/errata/RHSA-2019:3244
Link: https://access.redhat.com/errata/RHSA-2019:3892

Signed-off-by: Saloni Jain 
---
 meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb | 4 
 1 file changed, 4 insertions(+)

diff --git a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb 
b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
index 2c272d452..601232c6b 100644
--- a/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
+++ b/meta-filesystems/recipes-support/fuse/fuse_2.9.9.bb
@@ -19,6 +19,10 @@ SRC_URI = 
"https://github.com/libfuse/libfuse/releases/download/${BP}/${BP}.tar.
 SRC_URI[md5sum] = "8000410aadc9231fd48495f7642f3312"
 SRC_URI[sha256sum] = 
"d0e69d5d608cc22ff4843791ad097f554dd32540ddc9bed7638cc6fea7c1b4b5"

+# CVE-2019-14860 is a REDHAT specific issue and was addressed for REDHAT Fuse 
products on Red Hat Fuse 7.4.1 and Red Hat Fuse 7.5.0.
+# REDHAT has also released the fix and updated their security advisories after 
significant releases.
+CVE_CHECK_WHITELIST += "CVE-2019-14860"
+
 UPSTREAM_CHECK_URI = "https://github.com/libfuse/libfuse/releases;
 UPSTREAM_CHECK_REGEX = "fuse\-(?P2(\.\d+)+).tar.gz"

--
2.17.1

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#150326): 
https://lists.openembedded.org/g/openembedded-core/message/150326
Mute This Topic: https://lists.openembedded.org/mt/81962404/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [poky][dunfell][PATCH] glibc: Add and modify CVEs

2021-03-22 Thread saloni

Hello Raj,

Yes, checked the discussion and patch on the mailing list in the evening.
https://lists.openembedded.org/g/openembedded-core/topic/dunfell_patch_glibc_pull/81482348?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,40,81482348

Updating to latest 2.31 version will make the below patches obsolete and will 
be whitelisted, hence below changes can be ignored.

Thanks & Regards,
Saloni Jain

From: Khem Raj 
Sent: Monday, March 22, 2021 9:58 PM
To: Saloni Jain ; 
openembedded-core@lists.openembedded.org 

Cc: Nisha Parrakat 
Subject: Re: [poky][dunfell][PATCH] glibc: Add and modify CVEs

There is another patch on mailing lists to update to latest 2.31 which
should perhaps address these ?

On 3/22/21 3:27 AM, Saloni Jain wrote:
> Below patch is modified:
> 1. CVE-2019-25013
> The previous patch was modified for dunfell
> context and causing conflict for CVE-2021-3326.
> Hence, the original patch is backported.
> Link: 
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2020-27618data=04%7C01%7CSaloni.Jain%40kpit.com%7C35f4f714238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637520273080304204%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=6CnKJfxFf4NpxDANqbuB4wcc3tiRRNF5D%2FKBm18Dq%2FA%3Dreserved=0
> Link: 
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceware.org%2Fgit%2F%3Fp%3Dglibc.git%3Ba%3Dpatch%3Bh%3D9a99c682144bdbd40792ebf822fe9264e0376fb5data=04%7C01%7CSaloni.Jain%40kpit.com%7C35f4f714238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637520273080314201%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=is4p3gAjo7AJjCtWRldupysJakNlQWLhkxaxNcIPvMI%3Dreserved=0
>
> Below patch is added:
> 1. CVE-2021-3326
> Link: 
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.redhat.com%2Fshow_bug.cgi%3Fid%3D1932589data=04%7C01%7CSaloni.Jain%40kpit.com%7C35f4f714238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637520273080314201%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=QIfO6Z9aDldMkDe4nTGwPJO0bF%2F0ovXj%2FEk3nio62sU%3Dreserved=0
> Link: 
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceware.org%2Fgit%2F%3Fp%3Dglibc.git%3Ba%3Dpatch%3Bh%3Ddca565886b5e8bd7966e15f0ca42ee5cff686673data=04%7C01%7CSaloni.Jain%40kpit.com%7C35f4f714238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637520273080314201%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=xNOEDHc6hkgt4hYNZ5pHanGB9bLrpoUSqda33FAoldI%3Dreserved=0
>
> Signed-off-by: Saloni Jain 
> ---
>   .../glibc/glibc/CVE-2019-25013.patch  |  52 +--
>   .../glibc/glibc/CVE-2021-3326.patch   | 297 ++
>   meta/recipes-core/glibc/glibc_2.31.bb |   3 +-
>   3 files changed, 328 insertions(+), 24 deletions(-)
>   create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-3326.patch
>
> diff --git a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch 
> b/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch
> index 73df1da868..3e446f2818 100644
> --- a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch
> +++ b/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch
> @@ -8,12 +8,14 @@ area and is not allowed.  The from_euc_kr function used to 
> skip two bytes
>   when told to skip over the unknown designation, potentially running over
>   the buffer end.
>
> -Upstream-Status: Backport 
> [https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceware.org%2Fgit%2F%3Fp%3Dglibc.git%3Ba%3Dpatch%3Bh%3Dee7a3144c9922808181009b7b3e50e852fb4999bdata=04%7C01%7CSaloni.Jain%40kpit.com%7C35f4f714238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637520273080314201%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=R5euqxZd1HbzdIQR%2FVPoxa7NIHxIVEy1O%2FBQosTcZPo%3Dreserved=0]
>   CVE: CVE-2019-25013
> -Signed-off-by: Scott Murray 
> -[Refreshed for Dundell context; Makefile changes]
> -Signed-off-by: Armin Kuster 
> +Upstream Status: Backport 
> [https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceware.org%2Fgit%2F%3Fp%3Dglibc.git%3Ba%3Dpatch%3Bh%3Dee7a3144c9922808181009b7b3e50e852fb4999bdata=04%7C01%7CSaloni.Jain%40kpit.com%7C35f4f714238c416aff5c08d8ed4f7e7a%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637520273080314201%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=R5euqxZd1HbzdIQR%2FVPoxa7NIHxIVEy1O%2FBQosTcZPo%3Dreserved=0]
> +Comment: No change in any hunk
>
> +The previous change was m

[OE-core] [poky][dunfell][PATCH] glibc: Add and modify CVEs

2021-03-22 Thread saloni

Below patch is modified:
1. CVE-2019-25013
The previous patch was modified for dunfell
context and causing conflict for CVE-2021-3326.
Hence, the original patch is backported.
Link: https://security-tracker.debian.org/tracker/CVE-2020-27618
Link: 
https://sourceware.org/git/?p=glibc.git;a=patch;h=9a99c682144bdbd40792ebf822fe9264e0376fb5

Below patch is added:
1. CVE-2021-3326
Link: https://bugzilla.redhat.com/show_bug.cgi?id=1932589
Link: 
https://sourceware.org/git/?p=glibc.git;a=patch;h=dca565886b5e8bd7966e15f0ca42ee5cff686673

Signed-off-by: Saloni Jain 
---
 .../glibc/glibc/CVE-2019-25013.patch  |  52 +--
 .../glibc/glibc/CVE-2021-3326.patch   | 297 ++
 meta/recipes-core/glibc/glibc_2.31.bb |   3 +-
 3 files changed, 328 insertions(+), 24 deletions(-)
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-3326.patch

diff --git a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch 
b/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch
index 73df1da868..3e446f2818 100644
--- a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch
+++ b/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch
@@ -8,12 +8,14 @@ area and is not allowed.  The from_euc_kr function used to 
skip two bytes
 when told to skip over the unknown designation, potentially running over
 the buffer end.

-Upstream-Status: Backport 
[https://sourceware.org/git/?p=glibc.git;a=patch;h=ee7a3144c9922808181009b7b3e50e852fb4999b]
 CVE: CVE-2019-25013
-Signed-off-by: Scott Murray 
-[Refreshed for Dundell context; Makefile changes]
-Signed-off-by: Armin Kuster 
+Upstream Status: Backport 
[https://sourceware.org/git/?p=glibc.git;a=patch;h=ee7a3144c9922808181009b7b3e50e852fb4999b]
+Comment: No change in any hunk

+The previous change was modified for dunfell context, causing conflict
+for CVE-2021-3326. Hence, the original patch is backported.
+
+Signed-off-by: Saloni Jain 
 ---
  iconvdata/Makefile  |  3 ++-
  iconvdata/bug-iconv13.c | 53 +
@@ -22,23 +24,25 @@ Signed-off-by: Armin Kuster 
  4 files changed, 59 insertions(+), 9 deletions(-)
  create mode 100644 iconvdata/bug-iconv13.c

-Index: git/iconvdata/Makefile
-===
 git.orig/iconvdata/Makefile
-+++ git/iconvdata/Makefile
-@@ -73,7 +73,7 @@ modules.so := $(addsuffix .so, $(modules
+diff --git a/iconvdata/Makefile b/iconvdata/Makefile
+index 4ec2741cdc..85009f3390 100644
+--- a/iconvdata/Makefile
 b/iconvdata/Makefile
+@@ -73,7 +73,8 @@
  ifeq (yes,$(build-shared))
  tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \
tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \
 -  bug-iconv10 bug-iconv11 bug-iconv12
-+  bug-iconv10 bug-iconv11 bug-iconv12 bug-iconv13
++  bug-iconv10 bug-iconv11 bug-iconv12 tst-iconv-big5-hkscs-to-2ucs4 \
++   bug-iconv13
  ifeq ($(have-thread-library),yes)
  tests += bug-iconv3
  endif
-Index: git/iconvdata/bug-iconv13.c
-===
+diff --git a/iconvdata/bug-iconv13.c b/iconvdata/bug-iconv13.c
+new file mode 100644
+index 00..87aaff398e
 --- /dev/null
-+++ git/iconvdata/bug-iconv13.c
 b/iconvdata/bug-iconv13.c
 @@ -0,0 +1,53 @@
 +/* bug 24973: Test EUC-KR module
 +   Copyright (C) 2020 Free Software Foundation, Inc.
@@ -93,11 +97,11 @@ Index: git/iconvdata/bug-iconv13.c
 +}
 +
 +#include 
-Index: git/iconvdata/euc-kr.c
-===
 git.orig/iconvdata/euc-kr.c
-+++ git/iconvdata/euc-kr.c
-@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned c
+diff --git a/iconvdata/euc-kr.c b/iconvdata/euc-kr.c
+index b0d56cf3ee..1045bae926 100644
+--- a/iconvdata/euc-kr.c
 b/iconvdata/euc-kr.c
+@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned char *cp)
  \
  if (ch <= 0x9f) \
++inptr;
  \
@@ -110,11 +114,11 @@ Index: git/iconvdata/euc-kr.c
{   
  \
/* This is illegal.  */   \
STANDARD_FROM_LOOP_ERR_HANDLER (1);   \
-Index: git/iconvdata/ksc5601.h
-===
 git.orig/iconvdata/ksc5601.h
-+++ git/iconvdata/ksc5601.h
-@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s
+diff --git a/iconvdata/ksc5601.h b/iconvdata/ksc5601.h
+index d3eb3a4ff8..f5cdc72797 100644
+--- a/iconvdata/ksc5601.h
 b/iconvdata/ksc5601.h
+@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s, size_t avail, 
unsigned char offset)
unsigned char ch2;
int idx;

@@ -133,3 +137,5 @@ Index:

[OE-core] [poky][dunfell][PATCH] glibc: Add and modify CVEs

2021-03-22 Thread saloni

Below patch is modified:
1. CVE-2019-25013
The previous patch was modified for dunfell
context and causing conflict for CVE-2021-3326.
Hence, the original patch is backported.
Link: https://security-tracker.debian.org/tracker/CVE-2020-27618
Link: 
https://sourceware.org/git/?p=glibc.git;a=patch;h=9a99c682144bdbd40792ebf822fe9264e0376fb5

Below patch is added:
1. CVE-2021-3326
Link: https://bugzilla.redhat.com/show_bug.cgi?id=1932589
Link: 
https://sourceware.org/git/?p=glibc.git;a=patch;h=dca565886b5e8bd7966e15f0ca42ee5cff686673

Signed-off-by: Saloni Jain 
---
 .../glibc/glibc/CVE-2019-25013.patch  |  52 +--
 .../glibc/glibc/CVE-2021-3326.patch   | 297 ++
 meta/recipes-core/glibc/glibc_2.31.bb |   3 +-
 3 files changed, 328 insertions(+), 24 deletions(-)
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-3326.patch

diff --git a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch 
b/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch
index 73df1da868..3e446f2818 100644
--- a/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch
+++ b/meta/recipes-core/glibc/glibc/CVE-2019-25013.patch
@@ -8,12 +8,14 @@ area and is not allowed.  The from_euc_kr function used to 
skip two bytes
 when told to skip over the unknown designation, potentially running over
 the buffer end.

-Upstream-Status: Backport 
[https://sourceware.org/git/?p=glibc.git;a=patch;h=ee7a3144c9922808181009b7b3e50e852fb4999b]
 CVE: CVE-2019-25013
-Signed-off-by: Scott Murray 
-[Refreshed for Dundell context; Makefile changes]
-Signed-off-by: Armin Kuster 
+Upstream Status: Backport 
[https://sourceware.org/git/?p=glibc.git;a=patch;h=ee7a3144c9922808181009b7b3e50e852fb4999b]
+Comment: No change in any hunk

+The previous change was modified for dunfell context, causing conflict
+for CVE-2021-3326. Hence, the original patch is backported.
+
+Signed-off-by: Saloni Jain 
 ---
  iconvdata/Makefile  |  3 ++-
  iconvdata/bug-iconv13.c | 53 +
@@ -22,23 +24,25 @@ Signed-off-by: Armin Kuster 
  4 files changed, 59 insertions(+), 9 deletions(-)
  create mode 100644 iconvdata/bug-iconv13.c

-Index: git/iconvdata/Makefile
-===
 git.orig/iconvdata/Makefile
-+++ git/iconvdata/Makefile
-@@ -73,7 +73,7 @@ modules.so := $(addsuffix .so, $(modules
+diff --git a/iconvdata/Makefile b/iconvdata/Makefile
+index 4ec2741cdc..85009f3390 100644
+--- a/iconvdata/Makefile
 b/iconvdata/Makefile
+@@ -73,7 +73,8 @@
  ifeq (yes,$(build-shared))
  tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \
tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \
 -  bug-iconv10 bug-iconv11 bug-iconv12
-+  bug-iconv10 bug-iconv11 bug-iconv12 bug-iconv13
++  bug-iconv10 bug-iconv11 bug-iconv12 tst-iconv-big5-hkscs-to-2ucs4 \
++   bug-iconv13
  ifeq ($(have-thread-library),yes)
  tests += bug-iconv3
  endif
-Index: git/iconvdata/bug-iconv13.c
-===
+diff --git a/iconvdata/bug-iconv13.c b/iconvdata/bug-iconv13.c
+new file mode 100644
+index 00..87aaff398e
 --- /dev/null
-+++ git/iconvdata/bug-iconv13.c
 b/iconvdata/bug-iconv13.c
 @@ -0,0 +1,53 @@
 +/* bug 24973: Test EUC-KR module
 +   Copyright (C) 2020 Free Software Foundation, Inc.
@@ -93,11 +97,11 @@ Index: git/iconvdata/bug-iconv13.c
 +}
 +
 +#include 
-Index: git/iconvdata/euc-kr.c
-===
 git.orig/iconvdata/euc-kr.c
-+++ git/iconvdata/euc-kr.c
-@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned c
+diff --git a/iconvdata/euc-kr.c b/iconvdata/euc-kr.c
+index b0d56cf3ee..1045bae926 100644
+--- a/iconvdata/euc-kr.c
 b/iconvdata/euc-kr.c
+@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned char *cp)
  \
  if (ch <= 0x9f) \
++inptr;
  \
@@ -110,11 +114,11 @@ Index: git/iconvdata/euc-kr.c
{   
  \
/* This is illegal.  */   \
STANDARD_FROM_LOOP_ERR_HANDLER (1);   \
-Index: git/iconvdata/ksc5601.h
-===
 git.orig/iconvdata/ksc5601.h
-+++ git/iconvdata/ksc5601.h
-@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s
+diff --git a/iconvdata/ksc5601.h b/iconvdata/ksc5601.h
+index d3eb3a4ff8..f5cdc72797 100644
+--- a/iconvdata/ksc5601.h
 b/iconvdata/ksc5601.h
+@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s, size_t avail, 
unsigned char offset)
unsigned char ch2;
int idx;

@@ -133,3 +137,5 @@ Index:

[OE-core] [meta-oe][master][dunfell][gatesgarth][PATCH] neon: use pkg-config instead of xml2-config to configure

2021-03-08 Thread saloni

From: Nisha Parrakat 

xml2-config is broken for neon.
if packageconfig libxml2, webdav, zlib is enabled for neon
we get the following configure error in the yocto build.

| configure: WebDAV support is enabled
| checking for xml2-config... xml2-config
| ERROR: /usr/bin/xml2-config should not be used, use an alternative such as 
pkg-config
| ERROR: /usr/bin/xml2-config should not be used, use an alternative such as 
pkg-config
| ERROR: /usr/bin/xml2-config should not be used, use an alternative such as 
pkg-config
| checking libxml/xmlversion.h usability... no
| checking libxml/xmlversion.h presence... no
| checking for libxml/xmlversion.h... no
| configure: error: could not find parser.h, libxml installation problem?
| WARNING: exit code 1 from a shell command.

The patch lets configure use pkg-config

Signed-off-by: Nisha Parrakat 
Signed-off-by: Saloni Jain 
---
 .../neon/fix-package-check-for-libxml2.patch  | 50 +++
 meta-oe/recipes-support/neon/neon_0.30.2.bb   |  1 +
 2 files changed, 51 insertions(+)
 create mode 100644 
meta-oe/recipes-support/neon/neon/fix-package-check-for-libxml2.patch

diff --git 
a/meta-oe/recipes-support/neon/neon/fix-package-check-for-libxml2.patch 
b/meta-oe/recipes-support/neon/neon/fix-package-check-for-libxml2.patch
new file mode 100644
index 0..9363c6d5e
--- /dev/null
+++ b/meta-oe/recipes-support/neon/neon/fix-package-check-for-libxml2.patch
@@ -0,0 +1,50 @@
+neon: Change the neon configure to use pkg-config instead of xml2-config
+
+xml2-config is broken for neon
+if packageconfig libxml2, webdav, zlib is enabled for neon
+we get the following configure error in the yocto build
+
+| configure: WebDAV support is enabled
+| checking for xml2-config... xml2-config
+| ERROR: /usr/bin/xml2-config should not be used, use an alternative such as 
pkg-config
+| ERROR: /usr/bin/xml2-config should not be used, use an alternative such as 
pkg-config
+| ERROR: /usr/bin/xml2-config should not be used, use an alternative such as 
pkg-config
+| checking libxml/xmlversion.h usability... no
+| checking libxml/xmlversion.h presence... no
+| checking for libxml/xmlversion.h... no
+| configure: error: could not find parser.h, libxml installation problem?
+| WARNING: exit code 1 from a shell command.
+
+The patch lets configure use pkg-config
+
+Upstream-Status: inappropriate
+(Upstream suggests to use latest 0.31 as per the discussion
+https://github.com/notroj/neon/discussions/47)
+
+Signed-off-by: Nisha Parrakat 
+--- a/macros/neon-xml-parser.m42008-07-19 23:52:35.0 +0200
 b/macros/neon-xml-parser.m42021-02-15 23:56:59.202751257 +0100
+@@ -44,17 +44,17 @@
+
+ dnl Find libxml2: run $1 if found, else $2
+ AC_DEFUN([NE_XML_LIBXML2], [
+-AC_CHECK_PROG(XML2_CONFIG, xml2-config, xml2-config)
++AC_CHECK_PROG(XML2_CONFIG, pkg-config, pkg-config)
+ if test -n "$XML2_CONFIG"; then
+-neon_xml_parser_message="libxml `$XML2_CONFIG --version`"
+ AC_DEFINE(HAVE_LIBXML, 1, [Define if you have libxml])
+-# xml2-config in some versions erroneously includes -I/include
+-# in the --cflags output.
+-CPPFLAGS="$CPPFLAGS `$XML2_CONFIG --cflags | sed 's| -I/include||g'`"
+-NEON_LIBS="$NEON_LIBS `$XML2_CONFIG --libs | sed 's|-L/usr/lib ||g'`"
++PKG_CHECK_MODULES(XML, libxml-2.0 >= 2.4)
++AC_MSG_NOTICE([libxmlfound CFlags : , ${XML_CFLAGS}])
++CPPFLAGS="$CPPFLAGS ${XML_CFLAGS}"
++NEON_LIBS="$NEON_LIBS ${XML_LIBS}"
+ AC_CHECK_HEADERS(libxml/xmlversion.h libxml/parser.h,,[
+   AC_MSG_ERROR([could not find parser.h, libxml installation problem?])])
+ neon_xml_parser=libxml2
++neon_xml_parser_message="libxml2"
+ else
+ $1
+ fi
diff --git a/meta-oe/recipes-support/neon/neon_0.30.2.bb 
b/meta-oe/recipes-support/neon/neon_0.30.2.bb
index 00b79f633..63676a98b 100644
--- a/meta-oe/recipes-support/neon/neon_0.30.2.bb
+++ b/meta-oe/recipes-support/neon/neon_0.30.2.bb
@@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = 
"file://src/COPYING.LIB;md5=f30a9716ef3762e3467a2f62bf790f0a

 SRC_URI = "${DEBIAN_MIRROR}/main/n/neon27/neon27_${PV}.orig.tar.gz \
file://pkgconfig.patch \
+   file://fix-package-check-for-libxml2.patch \
   "

 SRC_URI[md5sum] = "e28d77bf14032d7f5046b3930704ef41"
--
2.17.1

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
Vi

[OE-core] [poky][master][PATCH] openssl: whitelisted CVE-2018-12433, CVE-2018-12437, CVE-2018-12438

2021-03-07 Thread saloni

From: "Saloni.Jain" 

Whitelisted below CVEs:
1. CVE-2018-12433 is disputed and reported for
crypt libraries.
Link: https://security-tracker.debian.org/tracker/CVE-2018-12433
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12433

2. CVE-2018-12437 is reported for libtomcrypt and
is duplicate of CVE-2018-0495.
Link: https://security-tracker.debian.org/tracker/CVE-2018-12437
Link: https://github.com/libtom/libtomcrypt/pull/408
Link: https://access.redhat.com/security/cve/CVE-2018-12437

3. CVE-2018-12438 is also reported for crypt libraries and
no details are available for which versions are affected.
Link: https://security-tracker.debian.org/tracker/CVE-2018-12438
Link: https://ubuntu.com/security/CVE-2018-12438

Signed-off-by: Saloni Jain 
---
 meta/recipes-connectivity/openssl/openssl_1.1.1j.bb | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb 
b/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb
index 181790e6ab..3d96533580 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb
@@ -241,3 +241,13 @@ CVE_VERSION_SUFFIX = "alphabetical"
 # Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
 # Apache in meta-webserver is already recent enough
 CVE_CHECK_WHITELIST += "CVE-2019-0190"
+
+# CVE-2018-12433 is disputed and reported for crypt libraries
+CVE_CHECK_WHITELIST += "CVE-2018-12433"
+
+# CVE-2018-12437 is reported for libtomcrypt and is duplicate of CVE-2018-0495
+CVE_CHECK_WHITELIST += "CVE-2018-12437"
+
+# CVE-2018-12438 is also reported for crypt libraries and no details are
+# available for which versions are affected.
+CVE_CHECK_WHITELIST += "CVE-2018-12438"
--
2.17.1

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#149083): 
https://lists.openembedded.org/g/openembedded-core/message/149083
Mute This Topic: https://lists.openembedded.org/mt/81154980/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [poky][dunfell][PATCH] openssl: whitelisted CVE-2018-12433, CVE-2018-12437, CVE-2018-12438

2021-03-04 Thread saloni

From: "Saloni.Jain" 

Whitelisted below CVEs:
1. CVE-2018-12433 is disputed and reported for
crypt libraries.
Link: https://security-tracker.debian.org/tracker/CVE-2018-12433
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12433

2. CVE-2018-12437 is reported for libtomcrypt and
is duplicate of CVE-2018-0495.
Link: https://security-tracker.debian.org/tracker/CVE-2018-12437
Link: https://github.com/libtom/libtomcrypt/pull/408
Link: https://access.redhat.com/security/cve/CVE-2018-12437

3. CVE-2018-12438 is also reported for crypt libraries and
no details are available for which versions are affected.
Link: https://security-tracker.debian.org/tracker/CVE-2018-12438
Link: https://ubuntu.com/security/CVE-2018-12438

Signed-off-by: Saloni Jain 
---
 meta/recipes-connectivity/openssl/openssl_1.1.1j.bb | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb 
b/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb
index 181790e6ab..3d96533580 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1j.bb
@@ -241,3 +241,13 @@ CVE_VERSION_SUFFIX = "alphabetical"
 # Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
 # Apache in meta-webserver is already recent enough
 CVE_CHECK_WHITELIST += "CVE-2019-0190"
+
+# CVE-2018-12433 is disputed and reported for crypt libraries
+CVE_CHECK_WHITELIST += "CVE-2018-12433"
+
+# CVE-2018-12437 is reported for libtomcrypt and is duplicate of CVE-2018-0495
+CVE_CHECK_WHITELIST += "CVE-2018-12437"
+
+# CVE-2018-12438 is also reported for crypt libraries and no details are
+# available for which versions are affected.
+CVE_CHECK_WHITELIST += "CVE-2018-12438"
--
2.17.1

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#148929): 
https://lists.openembedded.org/g/openembedded-core/message/148929
Mute This Topic: https://lists.openembedded.org/mt/81074022/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][meta-oe][dunfell][PATCH] tcpdump: Added CVE tag inside patch

2021-02-28 Thread saloni

From: Saloni Jain 

CVE tag was missing inside the patch file
which is the remedy for CVE-2020-8037,
hence CVE-2020-8037 will still be reported
in CVE checker cycle.
Hence, added CVE tag inside patch file to
resolve the issue.

Signed-off-by: Saloni.Jain 
---
 ...-PPP-When-un-escaping-don-t-allocate-a-too-large-buff.patch | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git 
a/meta-networking/recipes-support/tcpdump/tcpdump/0001-PPP-When-un-escaping-don-t-allocate-a-too-large-buff.patch
 
b/meta-networking/recipes-support/tcpdump/tcpdump/0001-PPP-When-un-escaping-don-t-allocate-a-too-large-buff.patch
index 9b74e00c5..0db8854ec 100644
--- 
a/meta-networking/recipes-support/tcpdump/tcpdump/0001-PPP-When-un-escaping-don-t-allocate-a-too-large-buff.patch
+++ 
b/meta-networking/recipes-support/tcpdump/tcpdump/0001-PPP-When-un-escaping-don-t-allocate-a-too-large-buff.patch
@@ -9,9 +9,10 @@ if we haven't captured all of it.

 (backported from commit e4add0b010ed6f2180dcb05a13026242ed935334)

+CVE: CVE-2020-8037
 Upstream-Status: Backport
 Signed-off-by: Stacy Gaikovaia 
-
+Signed-off-by: Saloni Jain 
 ---
  print-ppp.c | 18 ++
  1 file changed, 14 insertions(+), 4 deletions(-)
--
2.17.1

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#148781): 
https://lists.openembedded.org/g/openembedded-core/message/148781
Mute This Topic: https://lists.openembedded.org/mt/80990423/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [poky][master][dunfell][gatesgarth][PATCH] strace: Whitelisted CVE-2000-0006

2021-02-07 Thread saloni

CVE-2000-0006 is not a valid bug number nor an alias to a bug
and no remedy for the CVE is available till now. Hence, can be
marked whitelisted.

Signed-off-by: Saloni Jain 
---
 meta/recipes-devtools/strace/strace_5.10.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-devtools/strace/strace_5.10.bb 
b/meta/recipes-devtools/strace/strace_5.10.bb
index 22572fb..87d1a9c 100644
--- a/meta/recipes-devtools/strace/strace_5.10.bb
+++ b/meta/recipes-devtools/strace/strace_5.10.bb
@@ -15,6 +15,9 @@ SRC_URI = "https://strace.io/files/${PV}/strace-${PV}.tar.xz \
file://uintptr_t.patch \
file://0001-strace-fix-reproducibilty-issues.patch \
"
+#CVE-2000-0006 is not a valid bug number nor an alias to a bug, hence 
whitelisted.
+CVE_CHECK_WHITELIST += "CVE-2000-0006"
+
 SRC_URI[sha256sum] = 
"fe3982ea4cd9aeb3b4ba35f6279f0b577a37175d3282be24b9a5537b56b8f01c"

 inherit autotools ptest
--
2.7.4

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#147749): 
https://lists.openembedded.org/g/openembedded-core/message/147749
Mute This Topic: https://lists.openembedded.org/mt/80457853/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [poky][master][dunfell][gatesgarth][PATCH v2] libcroco: Added CVE

2021-02-05 Thread saloni

Added below CVE:
CVE-2020-12825
Link: CVE-2020-12825 
[https://gitlab.gnome.org/Archive/libcroco/-/commit/6eb257e5c731c691eb137fca94e916ca73941a5a]
Link: https://gitlab.gnome.org/Archive/libcroco/-/issues/8

Signed-off-by: Saloni Jain 
---
 .../libcroco/files/CVE-2020-12825.patch| 193 +
 meta/recipes-support/libcroco/libcroco_0.6.13.bb   |   3 +
 2 files changed, 196 insertions(+)
 create mode 100644 meta/recipes-support/libcroco/files/CVE-2020-12825.patch

diff --git a/meta/recipes-support/libcroco/files/CVE-2020-12825.patch 
b/meta/recipes-support/libcroco/files/CVE-2020-12825.patch
new file mode 100644
index 000..add6f84
--- /dev/null
+++ b/meta/recipes-support/libcroco/files/CVE-2020-12825.patch
@@ -0,0 +1,193 @@
+From 6eb257e5c731c691eb137fca94e916ca73941a5a Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro 
+Date: Fri, 31 Jul 2020 15:21:53 -0500
+Subject: [PATCH] libcroco: Limit recursion in block and any productions
+ (CVE-2020-12825)
+
+If we don't have any limits, we can recurse forever and overflow the
+stack.
+
+Fixes #8
+This is per https://gitlab.gnome.org/Archive/libcroco/-/issues/8
+
+https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1404
+
+CVE: CVE-2020-12825
+Upstream-Status: Backport 
[https://gitlab.gnome.org/Archive/libcroco/-/commit/6eb257e5c731c691eb137fca94e916ca73941a5a]
+Comment: No refreshing changes done.
+Signed-off-by: Saloni Jain 
+---
+ src/cr-parser.c | 44 +---
+ 1 file changed, 29 insertions(+), 15 deletions(-)
+
+diff --git a/src/cr-parser.c b/src/cr-parser.c
+index 18c9a01..f4a62e3 100644
+--- a/src/cr-parser.c
 b/src/cr-parser.c
+@@ -136,6 +136,8 @@ struct _CRParserPriv {
+
+ #define CHARS_TAB_SIZE 12
+
++#define RECURSIVE_CALLERS_LIMIT 100
++
+ /**
+  * IS_NUM:
+  *@a_char: the char to test.
+@@ -344,9 +346,11 @@ static enum CRStatus cr_parser_parse_selector_core 
(CRParser * a_this);
+
+ static enum CRStatus cr_parser_parse_declaration_core (CRParser * a_this);
+
+-static enum CRStatus cr_parser_parse_any_core (CRParser * a_this);
++static enum CRStatus cr_parser_parse_any_core (CRParser * a_this,
++   guint  n_calls);
+
+-static enum CRStatus cr_parser_parse_block_core (CRParser * a_this);
++static enum CRStatus cr_parser_parse_block_core (CRParser * a_this,
++ guint  n_calls);
+
+ static enum CRStatus cr_parser_parse_value_core (CRParser * a_this);
+
+@@ -784,7 +788,7 @@ cr_parser_parse_atrule_core (CRParser * a_this)
+ cr_parser_try_to_skip_spaces_and_comments (a_this);
+
+ do {
+-status = cr_parser_parse_any_core (a_this);
++status = cr_parser_parse_any_core (a_this, 0);
+ } while (status == CR_OK);
+
+ status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr,
+@@ -795,7 +799,7 @@ cr_parser_parse_atrule_core (CRParser * a_this)
+ cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
+   token);
+ token = NULL;
+-status = cr_parser_parse_block_core (a_this);
++status = cr_parser_parse_block_core (a_this, 0);
+ CHECK_PARSING_STATUS (status,
+   FALSE);
+ goto done;
+@@ -930,11 +934,11 @@ cr_parser_parse_selector_core (CRParser * a_this)
+
+ RECORD_INITIAL_POS (a_this, _pos);
+
+-status = cr_parser_parse_any_core (a_this);
++status = cr_parser_parse_any_core (a_this, 0);
+ CHECK_PARSING_STATUS (status, FALSE);
+
+ do {
+-status = cr_parser_parse_any_core (a_this);
++status = cr_parser_parse_any_core (a_this, 0);
+
+ } while (status == CR_OK);
+
+@@ -956,10 +960,12 @@ cr_parser_parse_selector_core (CRParser * a_this)
+  *in chapter 4.1 of the css2 spec.
+  *block ::= '{' S* [ any | block | ATKEYWORD S* | ';' ]* '}' S*;
+  *@param a_this the current instance of #CRParser.
++ *@param n_calls used to limit recursion depth
+  *FIXME: code this function.
+  */
+ static enum CRStatus
+-cr_parser_parse_block_core (CRParser * a_this)
++cr_parser_parse_block_core (CRParser * a_this,
++guint  n_calls)
+ {
+ CRToken *token = NULL;
+ CRInputPos init_pos;
+@@ -967,6 +973,9 @@ cr_parser_parse_block_core (CRParser * a_this)
+
+ g_return_val_if_fail (a_this && PRIVATE (a_this), CR_BAD_PARAM_ERROR);
+
++if (n_calls > RECURSIVE_CALLERS_LIMIT)
++return CR_ERROR;
++
+ RECORD_INITIAL_POS (a_this, _pos);
+
+ status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, );
+@@ -996,13 +1005,13 @@ cr_parser_parse_block_core (CRParser * a_this)
+ } else if (token->type == CBO_TK) {
+ cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token);
+

[OE-core] [poky][master][dunfell][gatesgarth][PATCH v3] libgcrypt: Whitelisted CVEs

2021-02-05 Thread saloni

Whitelisted below CVEs:

1. CVE-2018-12433
Link: https://security-tracker.debian.org/tracker/CVE-2018-12433
Link: https://nvd.nist.gov/vuln/detail/CVE-2018-12433
CVE-2018-12433 is marked disputed and ignored by NVD as it does
not impact crypt libraries for any distros and hence, can be safely
marked whitelisted.

2. CVE-2018-12438
Link: https://security-tracker.debian.org/tracker/CVE-2018-12438
Link: https://ubuntu.com/security/CVE-2018-12438
CVE-2018-12438 was reported for affecting openjdk crypt libraries
but there are no details available on which openjdk versions are
affected and does not directly affect libgcrypt or any specific
yocto distributions, hence, can be whitelisted.

Signed-off-by: Saloni Jain 
---
 meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb 
b/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb
index 0cad41d..7db624a 100644
--- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb
+++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.7.bb
@@ -28,6 +28,9 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
 "
 SRC_URI[sha256sum] = 
"03b70f028299561b7034b8966d7dd77ef16ed139c43440925fe8782561974748"

+# Below whitelisted CVEs are disputed and not affecting crypto libraries for 
any distro.
+CVE_CHECK_WHITELIST += "CVE-2018-12433 CVE-2018-12438"
+
 BINCONFIG = "${bindir}/libgcrypt-config"

 inherit autotools texinfo binconfig-disabled pkgconfig
--
2.7.4

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#147708): 
https://lists.openembedded.org/g/openembedded-core/message/147708
Mute This Topic: https://lists.openembedded.org/mt/80408157/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [poky][dunfell][PATCH v2] libgcrypt: Whitelisted CVEs

2021-02-05 Thread saloni

Whitelisted below CVEs:

1. CVE-2018-12433
Link: https://security-tracker.debian.org/tracker/CVE-2018-12433
Link: https://nvd.nist.gov/vuln/detail/CVE-2018-12433
CVE-2018-12433 is marked disputed and ignored by NVD as it does
not impact crypt libraries for any distros and hence, can be safely
marked whitelisted.

2. CVE-2018-12438
Link: https://security-tracker.debian.org/tracker/CVE-2018-12438
Link: https://ubuntu.com/security/CVE-2018-12438
CVE-2018-12438 was reported for affecting openjdk crypt libraries
but there are no details available on which openjdk versions are
affected and does not directly affect libgcrypt or any specific
yocto distributions, hence, can be whitelisted.

Signed-off-by: Saloni Jain 
---
 meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb 
b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
index 4e0eb0a..ba3666f 100644
--- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
+++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
@@ -29,6 +29,9 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
 SRC_URI[md5sum] = "348cc4601ca34307fc6cd6c945467743"
 SRC_URI[sha256sum] = 
"3b4a2a94cb637eff5bdebbcaf46f4d95c4f25206f459809339cdada0eb577ac3"

+# Below whitelisted CVEs are disputed and not affecting Ubuntu and Debian 
environments.
+CVE_CHECK_WHITELIST += "CVE-2018-12433 CVE-2018-12438"
+
 BINCONFIG = "${bindir}/libgcrypt-config"

 inherit autotools texinfo binconfig-disabled pkgconfig
--
2.7.4

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#147699): 
https://lists.openembedded.org/g/openembedded-core/message/147699
Mute This Topic: https://lists.openembedded.org/mt/80405847/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [poky][dunfell][PATCH] libgcrypt: Whitelisted CVEs

2021-02-05 Thread saloni

Hello Steve,

The patches are generic to all Yocto implementations and are not reported for 
any particular distros.

I have re-sent another patch version mentioning in detail why these CVEs can be 
safely whitelisted. Please review and let me know for any change.

Thanks & Regards,
Saloni

From: Steve Sakoman 
Sent: Wednesday, February 3, 2021 8:15 PM
To: Saloni Jain 
Cc: Patches and discussions about the oe-core layer 
; Khem Raj ; 
Nisha Parrakat ; Anuj Chougule 
Subject: Re: [OE-core] [poky][dunfell][PATCH] libgcrypt: Whitelisted CVEs

On Tue, Feb 2, 2021 at 8:09 AM saloni  wrote:
>
> Whitelisted below CVEs as their status is disputed
> and ignored and not affecting the Ubuntu and Debian
> environments. Hence, marked them whitelisted.

I'm not sure why you are referencing Ubuntu and Debian environments.
We care about whether it is affecting the Yocto implementation.

Could you explain your reasoning a bit more?  Are you saying that
Ubuntu and Debian maintainers don't consider these CVE's to be a
serious enough issue to mitigate and thus it is safe for us to do the
same?

Thanks!

Steve

> 1. CVE-2018-12433
> Link: 
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2018-12433data=04%7C01%7Csaloni.jain%40kpit.com%7C552396efe6014cdf8dbb08d8c8526011%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637479603466304421%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=NBbGFes6ahGsJLIXXcmqnQ%2Fi95ziKHMHnGzD%2F%2FPFEBM%3Dreserved=0
>
> 2. CVE-2018-12438
> Link: 
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2018-12438data=04%7C01%7Csaloni.jain%40kpit.com%7C552396efe6014cdf8dbb08d8c8526011%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637479603466304421%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=uBYKEgLQ3vY8%2FH0QuBxS2znVtRPJANKv%2FWF0nOGpkI8%3Dreserved=0
>
> Signed-off-by: Saloni Jain 
> ---
>  meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb 
> b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
> index 4e0eb0a..ba3666f 100644
> --- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
> +++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
> @@ -29,6 +29,9 @@ SRC_URI = 
> "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
>  SRC_URI[md5sum] = "348cc4601ca34307fc6cd6c945467743"
>  SRC_URI[sha256sum] = 
> "3b4a2a94cb637eff5bdebbcaf46f4d95c4f25206f459809339cdada0eb577ac3"
>
> +# Below whitelisted CVEs are disputed and not affecting Ubuntu and Debian 
> environments.
> +CVE_CHECK_WHITELIST += "CVE-2018-12433 CVE-2018-12438"
> +
>  BINCONFIG = "${bindir}/libgcrypt-config"
>
>  inherit autotools texinfo binconfig-disabled pkgconfig
> --
> 2.7.4
>
> This message contains information that may be privileged or confidential and 
> is the property of the KPIT Technologies Ltd. It is intended only for the 
> person to whom it is addressed. If you are not the intended recipient, you 
> are not authorized to read, print, retain copy, disseminate, distribute, or 
> use this message or any part thereof. If you receive this message in error, 
> please notify the sender immediately and delete all copies of this message. 
> KPIT Technologies Ltd. does not accept any liability for virus infected mails.
>
> 
>
This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#147698): 
https://lists.openembedded.org/g/openembedded-core/message/147698
Mute This Topic: https://lists.openembedded.org/mt/80321678/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [poky][dunfell][PATCH] libcroco: Added CVE-2020-12825

2021-02-05 Thread saloni

Added below CVE:
CVE-2020-12825
Link: CVE-2020-12825 
[https://gitlab.gnome.org/Archive/libcroco/-/commit/6eb257e5c731c691eb137fca94e916ca73941a5a]
Link: https://gitlab.gnome.org/Archive/libcroco/-/issues/8

Signed-off-by: Saloni Jain 
---
 .../libcroco/files/CVE-2020-12825.patch| 193 +
 meta/recipes-support/libcroco/libcroco_0.6.13.bb   |   3 +
 2 files changed, 196 insertions(+)
 create mode 100644 meta/recipes-support/libcroco/files/CVE-2020-12825.patch

diff --git a/meta/recipes-support/libcroco/files/CVE-2020-12825.patch 
b/meta/recipes-support/libcroco/files/CVE-2020-12825.patch
new file mode 100644
index 000..966b812
--- /dev/null
+++ b/meta/recipes-support/libcroco/files/CVE-2020-12825.patch
@@ -0,0 +1,193 @@
+From 6eb257e5c731c691eb137fca94e916ca73941a5a Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro 
+Date: Fri, 31 Jul 2020 15:21:53 -0500
+Subject: [PATCH] libcroco: Limit recursion in block and any productions
+ (CVE-2020-12825)
+
+If we don't have any limits, we can recurse forever and overflow the
+stack.
+
+Fixes #8
+This is per https://gitlab.gnome.org/Archive/libcroco/-/issues/8
+
+https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1404
+
+CVE: CVE-2020-12825
+Upstream-Status: Backport 
[https://gitlab.gnome.org/Archive/libcroco/-/commit/6eb257e5c731c691eb137fca94e916ca73941a5a]
+Comment: No changes done.
+Signed-off-by: Saloni Jain 
+---
+ src/cr-parser.c | 44 +---
+ 1 file changed, 29 insertions(+), 15 deletions(-)
+
+diff --git a/src/cr-parser.c b/src/cr-parser.c
+index 18c9a01..f4a62e3 100644
+--- a/src/cr-parser.c
 b/src/cr-parser.c
+@@ -136,6 +136,8 @@ struct _CRParserPriv {
+
+ #define CHARS_TAB_SIZE 12
+
++#define RECURSIVE_CALLERS_LIMIT 100
++
+ /**
+  * IS_NUM:
+  *@a_char: the char to test.
+@@ -344,9 +346,11 @@ static enum CRStatus cr_parser_parse_selector_core 
(CRParser * a_this);
+
+ static enum CRStatus cr_parser_parse_declaration_core (CRParser * a_this);
+
+-static enum CRStatus cr_parser_parse_any_core (CRParser * a_this);
++static enum CRStatus cr_parser_parse_any_core (CRParser * a_this,
++   guint  n_calls);
+
+-static enum CRStatus cr_parser_parse_block_core (CRParser * a_this);
++static enum CRStatus cr_parser_parse_block_core (CRParser * a_this,
++ guint  n_calls);
+
+ static enum CRStatus cr_parser_parse_value_core (CRParser * a_this);
+
+@@ -784,7 +788,7 @@ cr_parser_parse_atrule_core (CRParser * a_this)
+ cr_parser_try_to_skip_spaces_and_comments (a_this);
+
+ do {
+-status = cr_parser_parse_any_core (a_this);
++status = cr_parser_parse_any_core (a_this, 0);
+ } while (status == CR_OK);
+
+ status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr,
+@@ -795,7 +799,7 @@ cr_parser_parse_atrule_core (CRParser * a_this)
+ cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
+   token);
+ token = NULL;
+-status = cr_parser_parse_block_core (a_this);
++status = cr_parser_parse_block_core (a_this, 0);
+ CHECK_PARSING_STATUS (status,
+   FALSE);
+ goto done;
+@@ -930,11 +934,11 @@ cr_parser_parse_selector_core (CRParser * a_this)
+
+ RECORD_INITIAL_POS (a_this, _pos);
+
+-status = cr_parser_parse_any_core (a_this);
++status = cr_parser_parse_any_core (a_this, 0);
+ CHECK_PARSING_STATUS (status, FALSE);
+
+ do {
+-status = cr_parser_parse_any_core (a_this);
++status = cr_parser_parse_any_core (a_this, 0);
+
+ } while (status == CR_OK);
+
+@@ -956,10 +960,12 @@ cr_parser_parse_selector_core (CRParser * a_this)
+  *in chapter 4.1 of the css2 spec.
+  *block ::= '{' S* [ any | block | ATKEYWORD S* | ';' ]* '}' S*;
+  *@param a_this the current instance of #CRParser.
++ *@param n_calls used to limit recursion depth
+  *FIXME: code this function.
+  */
+ static enum CRStatus
+-cr_parser_parse_block_core (CRParser * a_this)
++cr_parser_parse_block_core (CRParser * a_this,
++guint  n_calls)
+ {
+ CRToken *token = NULL;
+ CRInputPos init_pos;
+@@ -967,6 +973,9 @@ cr_parser_parse_block_core (CRParser * a_this)
+
+ g_return_val_if_fail (a_this && PRIVATE (a_this), CR_BAD_PARAM_ERROR);
+
++if (n_calls > RECURSIVE_CALLERS_LIMIT)
++return CR_ERROR;
++
+ RECORD_INITIAL_POS (a_this, _pos);
+
+ status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, );
+@@ -996,13 +1005,13 @@ cr_parser_parse_block_core (CRParser * a_this)
+ } else if (token->type == CBO_TK) {
+ cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token);
+ token = NULL

[OE-core] [poky][dunfell][PATCH] libgcrypt: Whitelisted CVEs

2021-02-02 Thread saloni

Whitelisted below CVEs as their status is disputed
and ignored and not affecting the Ubuntu and Debian
environments. Hence, marked them whitelisted.

1. CVE-2018-12433
Link: https://security-tracker.debian.org/tracker/CVE-2018-12433

2. CVE-2018-12438
Link: https://security-tracker.debian.org/tracker/CVE-2018-12438

Signed-off-by: Saloni Jain 
---
 meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb 
b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
index 4e0eb0a..ba3666f 100644
--- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
+++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
@@ -29,6 +29,9 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
 SRC_URI[md5sum] = "348cc4601ca34307fc6cd6c945467743"
 SRC_URI[sha256sum] = 
"3b4a2a94cb637eff5bdebbcaf46f4d95c4f25206f459809339cdada0eb577ac3"

+# Below whitelisted CVEs are disputed and not affecting Ubuntu and Debian 
environments.
+CVE_CHECK_WHITELIST += "CVE-2018-12433 CVE-2018-12438"
+
 BINCONFIG = "${bindir}/libgcrypt-config"

 inherit autotools texinfo binconfig-disabled pkgconfig
--
2.7.4

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#147584): 
https://lists.openembedded.org/g/openembedded-core/message/147584
Mute This Topic: https://lists.openembedded.org/mt/80321678/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [poky][dunfell][PATCH] openssh: Added security fix for CVE-2020-14145

2021-01-20 Thread saloni

Hello Steve,

Thankyou for the feedback, I have fixed the comments and sent a v2 for the 
patch. Please review again.

Regards,
Saloni Jain

From: Steve Sakoman 
Sent: Wednesday, January 20, 2021, 9:56 PM
To: Saloni Jain
Cc: Patches and discussions about the oe-core layer; Khem Raj; Nisha Parrakat; 
Anuj Chougule
Subject: Re: [OE-core] [poky][dunfell][PATCH] openssh: Added security fix for 
CVE-2020-14145

Thanks for helping with CVE's!

On Wed, Jan 20, 2021 at 6:14 AM saloni  wrote:
>
> Added security fix for below CVE:
>
> CVE-2020-14145
> Link: 
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2020-14145data=04%7C01%7Csaloni.jain%40kpit.com%7Cf83bbfc7c77f4ad8d8f208d8bd60288e%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637467567996984807%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=ZXW2tuDBsIINaE761xKo4Nmn5jDjMNn8JvTMTw29dmc%3Dreserved=0
> Link: 
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanongit.mindrot.org%2Fopenssh.git%2Fcommit%2F%3Fid%3Db3855ff053f5078ec3d3c653cdaedefaa5fc362ddata=04%7C01%7Csaloni.jain%40kpit.com%7Cf83bbfc7c77f4ad8d8f208d8bd60288e%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637467567996984807%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=V%2F8wQlaBwMgj2jUEcgsYDtyDgO%2B2eQmQ4fRCbCSpYEo%3Dreserved=0
>
> Signed-off-by: Saloni Jain 
> ---
>  .../openssh/openssh/CVE-2020-14145.patch   | 87 
> ++
>  meta/recipes-connectivity/openssh/openssh_8.4p1.bb |  3 +-
>  2 files changed, 89 insertions(+), 1 deletion(-)
>  create mode 100644 
> meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch
>
> diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch 
> b/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch
> new file mode 100644
> index 000..50bf74d
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch
> @@ -0,0 +1,87 @@
> +From b3855ff053f5078ec3d3c653cdaedefaa5fc362d Mon Sep 17 00:00:00 2001
> +From: "d...@openbsd.org" 
> +Date: Fri, 18 Sep 2020 05:23:03 +
> +Subject: upstream: tweak the client hostkey preference ordering algorithm to
> +
> +prefer the default ordering if the user has a key that matches the
> +best-preference default algorithm.
> +
> +feedback and ok markus@
> +
> +OpenBSD-Commit-ID: a92dd7d7520ddd95c0a16786a7519e6d0167d35f
> +CVE: CVE-2020-14145
> +Upstream-Status: Backport 
> [https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity-tracker.debian.org%2Ftracker%2FCVE-2020-14145data=04%7C01%7Csaloni.jain%40kpit.com%7Cf83bbfc7c77f4ad8d8f208d8bd60288e%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637467567996984807%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=ZXW2tuDBsIINaE761xKo4Nmn5jDjMNn8JvTMTw29dmc%3Dreserved=0]
> +Comment: 1 hunk with comment changes removed.

Needs your Signed-off-by here.  See "Patch name convention and commit
message" section at:

https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.yoctoproject.org%2Fwiki%2FSecuritydata=04%7C01%7Csaloni.jain%40kpit.com%7Cf83bbfc7c77f4ad8d8f208d8bd60288e%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637467567996984807%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=YpC3QCRXeKyiwKE9jIUC4BiBjuKNk%2BabN80Fg3AN%2BKo%3Dreserved=0

> +---
> + sshconnect2.c | 39 +--
> + 1 file changed, 37 insertions(+), 2 deletions(-)
> +
> +diff --git a/sshconnect2.c b/sshconnect2.c
> +index 347e348c..f64aae66 100644
> +@@ -102,12 +102,25 @@ verify_host_key_callback(struct sshkey *hostkey, 
> struct ssh *ssh)
> +   return 0;
> + }
> +
> ++/* Returns the first item from a comma-separated algorithm list */
> ++static char *
> ++first_alg(const char *algs)
> ++{
> ++  char *ret, *cp;
> ++
> ++  ret = xstrdup(algs);
> ++  if ((cp = strchr(ret, ',')) != NULL)
> ++  *cp = '\0';
> ++  return ret;
> ++}
> ++
> + static char *
> + order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
> + {
> +-  char *oavail, *avail, *first, *last, *alg, *hostname, *ret;
> ++  char *oavail = NULL, *avail = NULL, *first = NULL, *last = NULL;
> ++  char *alg = NULL, *hostname = NULL, *ret = NULL, *best = NULL;
> +   size_t maxlen;
> +-  struct hostkeys *hostkeys;
> ++  struct hostkeys *hostkeys = NULL;
> +   int ktype;
> +   u_int i;
> +
> +@@ -119,6 +132,26 @@ order_hostkeyalgs(char *host, struct sockaddr 
> *hostaddr, u

[OE-core] [poky][dunfell][PATCH v2] openssh: Added and whitelisted security fixes for CVEs

2021-01-20 Thread saloni

Added security fix for below CVE:
CVE-2020-14145
Link: CVE-2020-14145 
[https://security-tracker.debian.org/tracker/CVE-2020-14145]
Link: 
https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d

Whitelisted below CVE due to negligible security impact:
CVE-2020-15778
Link: CVE-2020-15778 
[https://security-tracker.debian.org/tracker/CVE-2020-15778]
Link: https://bugzilla.redhat.com/show_bug.cgi?id=1860487

Signed-off-by: Saloni Jain 
---
 .../openssh/openssh/CVE-2020-14145.patch   | 88 ++
 meta/recipes-connectivity/openssh/openssh_8.2p1.bb |  3 +-
 2 files changed, 90 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch

diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch 
b/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch
new file mode 100644
index 000..e02e8d0
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch
@@ -0,0 +1,88 @@
+From b3855ff053f5078ec3d3c653cdaedefaa5fc362d Mon Sep 17 00:00:00 2001
+From: "d...@openbsd.org" 
+Date: Fri, 18 Sep 2020 05:23:03 +
+Subject: upstream: tweak the client hostkey preference ordering algorithm to
+
+prefer the default ordering if the user has a key that matches the
+best-preference default algorithm.
+
+feedback and ok markus@
+
+OpenBSD-Commit-ID: a92dd7d7520ddd95c0a16786a7519e6d0167d35f
+CVE: CVE-2020-14145
+Upstream-Status: Backport 
[https://security-tracker.debian.org/tracker/CVE-2020-14145]
+Comment: 1 hunk with comment changes removed.
+Signed-off-by: Saloni Jain 
+---
+ sshconnect2.c | 39 +--
+ 1 file changed, 37 insertions(+), 2 deletions(-)
+
+diff --git a/sshconnect2.c b/sshconnect2.c
+index 347e348c..f64aae66 100644
+@@ -102,12 +102,25 @@ verify_host_key_callback(struct sshkey *hostkey, struct 
ssh *ssh)
+   return 0;
+ }
+
++/* Returns the first item from a comma-separated algorithm list */
++static char *
++first_alg(const char *algs)
++{
++  char *ret, *cp;
++
++  ret = xstrdup(algs);
++  if ((cp = strchr(ret, ',')) != NULL)
++  *cp = '\0';
++  return ret;
++}
++
+ static char *
+ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
+ {
+-  char *oavail, *avail, *first, *last, *alg, *hostname, *ret;
++  char *oavail = NULL, *avail = NULL, *first = NULL, *last = NULL;
++  char *alg = NULL, *hostname = NULL, *ret = NULL, *best = NULL;
+   size_t maxlen;
+-  struct hostkeys *hostkeys;
++  struct hostkeys *hostkeys = NULL;
+   int ktype;
+   u_int i;
+
+@@ -119,6 +132,26 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, 
u_short port)
+   for (i = 0; i < options.num_system_hostfiles; i++)
+   load_hostkeys(hostkeys, hostname, options.system_hostfiles[i]);
+
++  /*
++   * If a plain public key exists that matches the type of the best
++   * preference HostkeyAlgorithms, then use the whole list as is.
++   * Note that we ignore whether the best preference algorithm is a
++   * certificate type, as sshconnect.c will downgrade certs to
++   * plain keys if necessary.
++   */
++  best = first_alg(options.hostkeyalgorithms);
++  if (lookup_key_in_hostkeys_by_type(hostkeys,
++  sshkey_type_plain(sshkey_type_from_name(best)), NULL)) {
++  debug3("%s: have matching best-preference key type %s, "
++  "using HostkeyAlgorithms verbatim", __func__, best);
++  ret = xstrdup(options.hostkeyalgorithms);
++  goto out;
++  }
++
++  /*
++   * Otherwise, prefer the host key algorithms that match known keys
++   * while keeping the ordering of HostkeyAlgorithms as much as possible.
++   */
+   oavail = avail = xstrdup(options.hostkeyalgorithms);
+   maxlen = strlen(avail) + 1;
+   first = xmalloc(maxlen);
+@@ -159,6 +192,8 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, 
u_short port)
+   if (*first != '\0')
+   debug3("%s: prefer hostkeyalgs: %s", __func__, first);
+
++ out:
++  free(best);
+   free(first);
+   free(last);
+   free(hostname);
+--
+cgit v1.2.3
+
diff --git a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb 
b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
index fe94f30..c3b3647 100644
--- a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb
@@ -24,13 +24,14 @@ SRC_URI = 
"http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
file://sshd_check_keys \
file://add-test-support-for-busybox.patch \
+   file://CVE-2020-14145.patch \
"
 SRC_URI[md5sum] =

[OE-core] [poky][dunfell][PATCH] openssh: Added security fix for CVE-2020-14145

2021-01-20 Thread saloni

Added security fix for below CVE:

CVE-2020-14145
Link: https://security-tracker.debian.org/tracker/CVE-2020-14145
Link: 
https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d

Signed-off-by: Saloni Jain 
---
 .../openssh/openssh/CVE-2020-14145.patch   | 87 ++
 meta/recipes-connectivity/openssh/openssh_8.4p1.bb |  3 +-
 2 files changed, 89 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch

diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch 
b/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch
new file mode 100644
index 000..50bf74d
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2020-14145.patch
@@ -0,0 +1,87 @@
+From b3855ff053f5078ec3d3c653cdaedefaa5fc362d Mon Sep 17 00:00:00 2001
+From: "d...@openbsd.org" 
+Date: Fri, 18 Sep 2020 05:23:03 +
+Subject: upstream: tweak the client hostkey preference ordering algorithm to
+
+prefer the default ordering if the user has a key that matches the
+best-preference default algorithm.
+
+feedback and ok markus@
+
+OpenBSD-Commit-ID: a92dd7d7520ddd95c0a16786a7519e6d0167d35f
+CVE: CVE-2020-14145
+Upstream-Status: Backport 
[https://security-tracker.debian.org/tracker/CVE-2020-14145]
+Comment: 1 hunk with comment changes removed.
+---
+ sshconnect2.c | 39 +--
+ 1 file changed, 37 insertions(+), 2 deletions(-)
+
+diff --git a/sshconnect2.c b/sshconnect2.c
+index 347e348c..f64aae66 100644
+@@ -102,12 +102,25 @@ verify_host_key_callback(struct sshkey *hostkey, struct 
ssh *ssh)
+   return 0;
+ }
+
++/* Returns the first item from a comma-separated algorithm list */
++static char *
++first_alg(const char *algs)
++{
++  char *ret, *cp;
++
++  ret = xstrdup(algs);
++  if ((cp = strchr(ret, ',')) != NULL)
++  *cp = '\0';
++  return ret;
++}
++
+ static char *
+ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
+ {
+-  char *oavail, *avail, *first, *last, *alg, *hostname, *ret;
++  char *oavail = NULL, *avail = NULL, *first = NULL, *last = NULL;
++  char *alg = NULL, *hostname = NULL, *ret = NULL, *best = NULL;
+   size_t maxlen;
+-  struct hostkeys *hostkeys;
++  struct hostkeys *hostkeys = NULL;
+   int ktype;
+   u_int i;
+
+@@ -119,6 +132,26 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, 
u_short port)
+   for (i = 0; i < options.num_system_hostfiles; i++)
+   load_hostkeys(hostkeys, hostname, options.system_hostfiles[i]);
+
++  /*
++   * If a plain public key exists that matches the type of the best
++   * preference HostkeyAlgorithms, then use the whole list as is.
++   * Note that we ignore whether the best preference algorithm is a
++   * certificate type, as sshconnect.c will downgrade certs to
++   * plain keys if necessary.
++   */
++  best = first_alg(options.hostkeyalgorithms);
++  if (lookup_key_in_hostkeys_by_type(hostkeys,
++  sshkey_type_plain(sshkey_type_from_name(best)), NULL)) {
++  debug3("%s: have matching best-preference key type %s, "
++  "using HostkeyAlgorithms verbatim", __func__, best);
++  ret = xstrdup(options.hostkeyalgorithms);
++  goto out;
++  }
++
++  /*
++   * Otherwise, prefer the host key algorithms that match known keys
++   * while keeping the ordering of HostkeyAlgorithms as much as possible.
++   */
+   oavail = avail = xstrdup(options.hostkeyalgorithms);
+   maxlen = strlen(avail) + 1;
+   first = xmalloc(maxlen);
+@@ -159,6 +192,8 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, 
u_short port)
+   if (*first != '\0')
+   debug3("%s: prefer hostkeyalgs: %s", __func__, first);
+
++ out:
++  free(best);
+   free(first);
+   free(last);
+   free(hostname);
+--
+cgit v1.2.3
+
diff --git a/meta/recipes-connectivity/openssh/openssh_8.4p1.bb 
b/meta/recipes-connectivity/openssh/openssh_8.4p1.bb
index 688fc8a..b71e156 100644
--- a/meta/recipes-connectivity/openssh/openssh_8.4p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.4p1.bb
@@ -24,12 +24,13 @@ SRC_URI = 
"http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
file://sshd_check_keys \
file://add-test-support-for-busybox.patch \
+   file://CVE-2020-14145.patch \
"
 SRC_URI[sha256sum] = 
"5a01d22e407eb1c05ba8a8f7c654d388a13e9f226e4ed33bd38748dafa1d2b24"

 # This CVE is specific to OpenSSH server, as used in Fedora and Red Hat 
Enterprise Linux 7
 # and when running in a Kerberos environment. As such it is not relevant to 
OpenEmbedded
-CVE_CHECK_WHITELIST += "CVE-2014-9278&q

[OE-core] [poky][zeus][PATCH] libpcre: Add fix for CVE-2020-14155

2020-07-30 Thread saloni

From: Rahul Taya 

Added below patch in libpcre
CVE-2020-14155.patch

This patch fixes below error:
PCRE could allow a remote attacker to execute arbitrary
code on the system, caused by an integer overflow in
libpcre via a large number after (?C substring.
By sending a request with a large number, an attacker
can execute arbitrary code on the system or
cause the application to crash.

Tested-by: Rahul Taya 
Signed-off-by: Saloni Jain 

Please Note: CVE already fixed in master and dunfell branches,
applicable for zeus only.
---
 .../libpcre/libpcre/CVE-2020-14155.patch   | 41 ++
 meta/recipes-support/libpcre/libpcre_8.43.bb   |  1 +
 2 files changed, 42 insertions(+)
 create mode 100644 meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch

diff --git a/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch 
b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch
new file mode 100644
index 000..183512f
--- /dev/null
+++ b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch
@@ -0,0 +1,41 @@
+--- pcre-8.43/pcre_compile.c2020-07-05 22:26:25.310501521 +0530
 pcre-8.43/pcre_compile1.c   2020-07-05 22:30:22.254489562 +0530
+
+CVE: CVE-2020-14155
+Upstream-Status: Backport 
[https://vcs.pcre.org/pcre/code/trunk/pcre_compile.c?view=patch=1761=1760=1761]
+Signed-off-by: Rahul Taya
+
+@@ -6,7 +6,7 @@
+ and semantics are as close as possible to those of the Perl 5 language.
+
+Written by Philip Hazel
+-   Copyright (c) 1997-2018 University of Cambridge
++   Copyright (c) 1997-2020 University of Cambridge
+
+ -
+ Redistribution and use in source and binary forms, with or without
+@@ -7130,17 +7130,19 @@
+   int n = 0;
+   ptr++;
+   while(IS_DIGIT(*ptr))
++   {
+ n = n * 10 + *ptr++ - CHAR_0;
++if (n > 255)
++   {
++   *errorcodeptr = ERR38;
++   goto FAILED;
++   }
++}
+   if (*ptr != CHAR_RIGHT_PARENTHESIS)
+ {
+ *errorcodeptr = ERR39;
+ goto FAILED;
+ }
+-  if (n > 255)
+-{
+-*errorcodeptr = ERR38;
+-goto FAILED;
+-}
+   *code++ = n;
+   PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset 
*/
+   PUT(code, LINK_SIZE, 0);  /* Default length 
*/
diff --git a/meta/recipes-support/libpcre/libpcre_8.43.bb 
b/meta/recipes-support/libpcre/libpcre_8.43.bb
index b97af08..60ece64 100644
--- a/meta/recipes-support/libpcre/libpcre_8.43.bb
+++ b/meta/recipes-support/libpcre/libpcre_8.43.bb
@@ -12,6 +12,7 @@ SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre-${PV}.tar.bz2 \
file://out-of-tree.patch \
file://run-ptest \
file://Makefile \
+   file://CVE-2020-14155.patch \
 "

 SRC_URI[md5sum] = "636222e79e392c3d95dcc545f24f98c4"
--
2.7.4

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#141121): 
https://lists.openembedded.org/g/openembedded-core/message/141121
Mute This Topic: https://lists.openembedded.org/mt/75863890/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [poky][zeus][PATCH] libpcre: Add fix for CVE-2020-14155

2020-07-30 Thread saloni

From: Rahul Taya 

Added below patch in libpcre
CVE-2020-14155.patch

This patch fixes below error:
PCRE could allow a remote attacker to execute arbitrary
code on the system, caused by an integer overflow in
libpcre via a large number after (?C substring.
By sending a request with a large number, an attacker
can execute arbitrary code on the system or
cause the application to crash.

Upstream-Status: Pending

Tested-by: Rahul Taya 
Signed-off-by: Saloni Jain 
---
 .../libpcre/libpcre/CVE-2020-14155.patch   | 40 ++
 meta/recipes-support/libpcre/libpcre_8.43.bb   |  1 +
 2 files changed, 41 insertions(+)
 create mode 100644 meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch

diff --git a/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch 
b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch
new file mode 100644
index 000..d6cb9bf
--- /dev/null
+++ b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch
@@ -0,0 +1,40 @@
+--- pcre-8.43/pcre_compile.c2020-07-05 22:26:25.310501521 +0530
 pcre-8.43/pcre_compile1.c   2020-07-05 22:30:22.254489562 +0530
+
+CVE: CVE-2020-14155
+Upstream-Status: Backport 
[https://vcs.pcre.org/pcre/code/trunk/pcre_compile.c?view=patch=1761=1760=1761]
+
+@@ -6,7 +6,7 @@
+ and semantics are as close as possible to those of the Perl 5 language.
+
+Written by Philip Hazel
+-   Copyright (c) 1997-2018 University of Cambridge
++   Copyright (c) 1997-2020 University of Cambridge
+
+ -
+ Redistribution and use in source and binary forms, with or without
+@@ -7130,17 +7130,19 @@
+   int n = 0;
+   ptr++;
+   while(IS_DIGIT(*ptr))
++   {
+ n = n * 10 + *ptr++ - CHAR_0;
++if (n > 255)
++   {
++   *errorcodeptr = ERR38;
++   goto FAILED;
++   }
++}
+   if (*ptr != CHAR_RIGHT_PARENTHESIS)
+ {
+ *errorcodeptr = ERR39;
+ goto FAILED;
+ }
+-  if (n > 255)
+-{
+-*errorcodeptr = ERR38;
+-goto FAILED;
+-}
+   *code++ = n;
+   PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset 
*/
+   PUT(code, LINK_SIZE, 0);  /* Default length 
*/
diff --git a/meta/recipes-support/libpcre/libpcre_8.43.bb 
b/meta/recipes-support/libpcre/libpcre_8.43.bb
index b97af08..60ece64 100644
--- a/meta/recipes-support/libpcre/libpcre_8.43.bb
+++ b/meta/recipes-support/libpcre/libpcre_8.43.bb
@@ -12,6 +12,7 @@ SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre-${PV}.tar.bz2 \
file://out-of-tree.patch \
file://run-ptest \
file://Makefile \
+   file://CVE-2020-14155.patch \
 "

 SRC_URI[md5sum] = "636222e79e392c3d95dcc545f24f98c4"
--
2.7.4

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#141117): 
https://lists.openembedded.org/g/openembedded-core/message/141117
Mute This Topic: https://lists.openembedded.org/mt/75863890/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [poky][zeus][PATCH] libpcre: Add fix for CVE-2020-14155

2020-07-29 Thread saloni

From: Rahul Taya 

Added below patch in libpcre
CVE-2020-14155.patch

This patch fixes below error:
PCRE could allow a remote attacker to execute arbitrary
code on the system, caused by an integer overflow in
libpcre via a large number after (?C substring.
By sending a request with a large number, an attacker
can execute arbitrary code on the system or
cause the application to crash.

Upstream-Status: Pending

Tested-by: Rahul Taya 
Signed-off-by: Saloni Jain 
---
 .../libpcre/libpcre/CVE-2020-14155.patch   | 40 ++
 meta/recipes-support/libpcre/libpcre_8.44.bb   |  3 +-
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch

diff --git a/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch 
b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch
new file mode 100644
index 000..d6cb9bf
--- /dev/null
+++ b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch
@@ -0,0 +1,40 @@
+--- pcre-8.43/pcre_compile.c2020-07-05 22:26:25.310501521 +0530
 pcre-8.43/pcre_compile1.c   2020-07-05 22:30:22.254489562 +0530
+
+CVE: CVE-2020-14155
+Upstream-Status: Backport 
[https://vcs.pcre.org/pcre/code/trunk/pcre_compile.c?view=patch=1761=1760=1761]
+
+@@ -6,7 +6,7 @@
+ and semantics are as close as possible to those of the Perl 5 language.
+
+Written by Philip Hazel
+-   Copyright (c) 1997-2018 University of Cambridge
++   Copyright (c) 1997-2020 University of Cambridge
+
+ -
+ Redistribution and use in source and binary forms, with or without
+@@ -7130,17 +7130,19 @@
+   int n = 0;
+   ptr++;
+   while(IS_DIGIT(*ptr))
++   {
+ n = n * 10 + *ptr++ - CHAR_0;
++if (n > 255)
++   {
++   *errorcodeptr = ERR38;
++   goto FAILED;
++   }
++}
+   if (*ptr != CHAR_RIGHT_PARENTHESIS)
+ {
+ *errorcodeptr = ERR39;
+ goto FAILED;
+ }
+-  if (n > 255)
+-{
+-*errorcodeptr = ERR38;
+-goto FAILED;
+-}
+   *code++ = n;
+   PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset 
*/
+   PUT(code, LINK_SIZE, 0);  /* Default length 
*/
diff --git a/meta/recipes-support/libpcre/libpcre_8.44.bb 
b/meta/recipes-support/libpcre/libpcre_8.44.bb
index e5471e8..81b38bb 100644
--- a/meta/recipes-support/libpcre/libpcre_8.44.bb
+++ b/meta/recipes-support/libpcre/libpcre_8.44.bb
@@ -11,7 +11,8 @@ SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre-${PV}.tar.bz2 \
file://fix-pcre-name-collision.patch \
file://run-ptest \
file://Makefile \
-   "
+   file://CVE-2020-14155.patch \
+"

 SRC_URI[md5sum] = "cf7326204cc46c755b5b2608033d9d24"
 SRC_URI[sha256sum] = 
"19108658b23b3ec5058edc9f66ac545ea19f9537234be1ec62b714c84399366d"
--
2.7.4

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#141086): 
https://lists.openembedded.org/g/openembedded-core/message/141086
Mute This Topic: https://lists.openembedded.org/mt/75863890/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [meta-oe][master][PATCH] davici: Fix codesonar warnings

2020-06-16 Thread saloni

Hello,



Posting this on behalf of "Amitanand Chikorde 
mailto:amitanand.chiko...@kpit.com>>"



From: "Amitanand.Chikorde" 
mailto:amitanand.chiko...@kpit.com>>

Fixed below codesonar warning:
isprint() is invoked here with an argument of signed type char, but
only has defined behavior for int arguments that are either
representable as unsigned char or equal to the value of macro EOF(-1).

As per codesonar report, in a number of libc implementations, isprint()
is implemented using lookup tables (arrays): passing in a negative
value can result in a read underrun.

To avoid this unexpected behaviour, typecasted char type argument to
unsigned char type.

Upstream-Status: Pending
Signed-off-by: Amitanand Chikorde 
mailto:amitanand.chiko...@kpit.com>>
Signed-off-by: Saloni Jain 
---
 .../files/davici_codesonar_warnings_fix.patch  | 37 ++
 1 file changed, 37 insertions(+)
 create mode 100644 
recipes-support/strongswan/files/davici_codesonar_warnings_fix.patch

diff --git 
a/recipes-support/strongswan/files/davici_codesonar_warnings_fix.patch 
b/recipes-support/strongswan/files/davici_codesonar_warnings_fix.patch
new file mode 100644
index 000..2318479
--- /dev/null
+++ b/recipes-support/strongswan/files/davici_codesonar_warnings_fix.patch
@@ -0,0 +1,37 @@
+davici: Fix codesonar warnings
+
+isprint() is invoked here with an argument of signed type char,
+but only has defined behavior for int arguments that are either
+representable as unsigned char or equal to the value of macro
+EOF(-1).
+
+As per codesonar report, in a number of libc implementations,
+isprint() is implemented using lookup tables (arrays): passing
+in a negative value can result in a read underrun.
+
+To avoid this unexpected behaviour, typecasted char type
+argument to unsigned char type.
+
+Signed-off-by: Amitanand N. Chikorde 
mailto:amitanand.chiko...@kpit.com>>
+Upstream-Status: Pending
+
+--- a/davici.c 2017-03-30 16:15:15.0 +0530
 b/davici.c 2020-05-29 11:40:45.983656217 +0530
+@@ -180,7 +180,7 @@
+}
+for (i = 0; i < inlen; i++)
+{
+-  if (!isprint(in[i]))
++  if (!isprint((unsigned char) in[i]))
+{
+return -EINVAL;
+}
+@@ -1157,7 +1157,7 @@
+
+for (i = 0; i < res->buflen; i++)
+{
+-  if (!isprint(val[i]))
++  if (!isprint((unsigned char) val[i]))
+{
+return -EINVAL;
+}
--
2.7.4





Regards,

Saloni Jain

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#139555): 
https://lists.openembedded.org/g/openembedded-core/message/139555
Mute This Topic: https://lists.openembedded.org/mt/74913988/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [meta-oe][sumo][PATCH] strongswan: avoid charon crash

2020-02-20 Thread Saloni Jain

From: Anuj Chougule 

This is a possible fix to charon that crashed early due to invalid
memory access.
Important frames from Backtraces :
8  0x7f607246e160 in memcpy (__len=1704, __src=, 
__dest=)
at /usr/include/bits/string_fortified.h:34
No locals.
9  memcpy_noop (n=1704, src=, dst=)
at 
/usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/utils/utils/memory.h:47
n = 1704
src = 
dst = 
10 chunk_create_clone (ptr=, chunk=...)
at 
/usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/utils/chunk.c:48
clone = 
11 0x7f606ebae810 in load_from_blob (blob=..., 
type=type@entry=CRED_PRIVATE_KEY, subtype=subtype@entry=1,
subject=subject@entry=0x0, flags=flags@entry=X509_NONE)
at 
/usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c:399
x = 
cred = 0x0
---Type  to continue, or q  to quit---
pgp = false
12 0x7f606ebaf0e4 in load_from_file (flags=X509_NONE, subject=0x0, 
subtype=1, type=CRED_PRIVATE_KEY,
file=0x7f6069d21a20 
"/var/opt/public/sps/sps_necema/data/public/IPsec/secureboot_on/IPsec-internal_key.pem")
at 
/usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c:452
cred = 
chunk = 0x7f6054005430
13 pem_load (type=CRED_PRIVATE_KEY, subtype=1, args=)
at 
/usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c:498
file = 0x7f6069d21a20 
"/var/opt/public/sps/sps_necema/data/public/IPsec/secureboot_on/IPsec-internal_key.pem"
pem = 
subject = 0x0
flags = 0

Problem lies in frame 12 & 11.
(gdb) f 12
12 0x7f606ebaf0e4 in load_from_file (flags=X509_NONE, subject=0x0, 
subtype=1, type=CRED_PRIVATE_KEY,
file=0x7f6069d21a20 
"/var/opt/public/sps/sps_necema/data/public/IPsec/secureboot_on/IPsec-internal_key.pem")
at 
/usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c:452
452 in 
/usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c
(gdb) info locals
cred = 
chunk = 0x7f6054005430
(gdb) print *chunk
$21 = {ptr = 0x7f60728b7000 , len = 1704}
(gdb) f 11
11 0x7f606ebae810 in load_from_blob (blob=..., 
type=type@entry=CRED_PRIVATE_KEY, subtype=subtype@entry=1, 
subject=subject@entry=0x0,
flags=flags@entry=X509_NONE) at 
/usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c:399
399 in 
/usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c
(gdb) info args
blob = {ptr = 0x7f60728b7000 , len = 140052215328768}
type = CRED_PRIVATE_KEY
subtype = 1
subject = 0x0
flags = X509_NONE
(gdb) print blob
$22 = {ptr = 0x7f60728b7000 , len = 140052215328768}

Source code snippet :
static void *load_from_file(char *file, credential_type_t type, int subtype,
identification_t *subject, x509_flag_t 
flags)
{
void *cred;
chunk_t *chunk;

chunk = chunk_map(file, FALSE);
if (!chunk)
{
DBG1(DBG_LIB, "  opening '%s' failed: %s", file, 
strerror(errno));
return NULL;
}
cred = load_from_blob(*chunk, type, subtype, subject, flags);
chunk_unmap(chunk);
return cred;
}

Local variable chunk is an uninitialised pointer in load_from_file()
(frame 12 above) which is expected to get initialised through
chunk_map() & then passed to load_from_blob() as a parameter.
But somehow, the chunk pointer has not got initialised &
got passed as it is to load_from_blob() in frame 11 above.
As this contains a garbage address, when method load_from_blob()
tried cloning the memory regions through chunk_clone() ->
chunk_create_clone() -> memcpy() -> memcpy_noop(), it crashed with
SIGBUS (frames 10, 9, 8).
It could also be that chunk_map() has a bug which does not memmap()
the full or correct areas.

Upstream-Status: Pending
Tested By: Anuj Chougule 
Signed-off-by: Anuj Chougule 
Signed-off-by: Saloni Jain 
---
 .../strongswan/files/fix-charon-crash.patch| 23 ++
 1 file changed, 23 insertions(+)
 create mode 100644 recipes-support/strongswan/files/fix-charon-crash.patch

diff --git a/recipes-support/strongswan/files/fix-charon-crash.patch 
b/recipes-support/strongswan/files/fix-charon-crash.patch
new file mode 100644
index 000..95e71a2
--- /dev/null
+++ b/recipes-support/strongswan/files/fix-charon-crash.patch
@@ -0,0 +1,23 @@
+strongswan: avoid charon crash
+
+Variable chunk is an uninitialised pointer,which
+is expected to get initialised through method chunk_map()
+& then passed to load_from_blob() as a parameter.
+But somehow, if the chunk pointer did not get initialised & gets
+passed as it is to load_from_blob(), it may lead crash

[OE-core] [meta-oe][master][PATCH] strongswan: avoid charon crash

2020-02-20 Thread Saloni Jain

From: Anuj Chougule 

This is a possible fix to charon that crashed early due to invalid
memory access.
Important frames from Backtraces :
8  0x7f607246e160 in memcpy (__len=1704, __src=, 
__dest=)
at /usr/include/bits/string_fortified.h:34
No locals.
9  memcpy_noop (n=1704, src=, dst=)
at 
/usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/utils/utils/memory.h:47
n = 1704
src = 
dst = 
10 chunk_create_clone (ptr=, chunk=...)
at 
/usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/utils/chunk.c:48
clone = 
11 0x7f606ebae810 in load_from_blob (blob=..., 
type=type@entry=CRED_PRIVATE_KEY, subtype=subtype@entry=1,
subject=subject@entry=0x0, flags=flags@entry=X509_NONE)
at 
/usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c:399
x = 
cred = 0x0
---Type  to continue, or q  to quit---
pgp = false
12 0x7f606ebaf0e4 in load_from_file (flags=X509_NONE, subject=0x0, 
subtype=1, type=CRED_PRIVATE_KEY,
file=0x7f6069d21a20 
"/var/opt/public/sps/sps_necema/data/public/IPsec/secureboot_on/IPsec-internal_key.pem")
at 
/usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c:452
cred = 
chunk = 0x7f6054005430
13 pem_load (type=CRED_PRIVATE_KEY, subtype=1, args=)
at 
/usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c:498
file = 0x7f6069d21a20 
"/var/opt/public/sps/sps_necema/data/public/IPsec/secureboot_on/IPsec-internal_key.pem"
pem = 
subject = 0x0
flags = 0

Problem lies in frame 12 & 11.
(gdb) f 12
12 0x7f606ebaf0e4 in load_from_file (flags=X509_NONE, subject=0x0, 
subtype=1, type=CRED_PRIVATE_KEY,
file=0x7f6069d21a20 
"/var/opt/public/sps/sps_necema/data/public/IPsec/secureboot_on/IPsec-internal_key.pem")
at 
/usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c:452
452 in 
/usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c
(gdb) info locals
cred = 
chunk = 0x7f6054005430
(gdb) print *chunk
$21 = {ptr = 0x7f60728b7000 , len = 1704}
(gdb) f 11
11 0x7f606ebae810 in load_from_blob (blob=..., 
type=type@entry=CRED_PRIVATE_KEY, subtype=subtype@entry=1, 
subject=subject@entry=0x0,
flags=flags@entry=X509_NONE) at 
/usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c:399
399 in 
/usr/src/debug/strongswan/5.7.2-r0/strongswan-5.7.2/src/libstrongswan/plugins/pem/pem_builder.c
(gdb) info args
blob = {ptr = 0x7f60728b7000 , len = 140052215328768}
type = CRED_PRIVATE_KEY
subtype = 1
subject = 0x0
flags = X509_NONE
(gdb) print blob
$22 = {ptr = 0x7f60728b7000 , len = 140052215328768}

Source code snippet :
static void *load_from_file(char *file, credential_type_t type, int subtype,
identification_t *subject, x509_flag_t 
flags)
{
void *cred;
chunk_t *chunk;

chunk = chunk_map(file, FALSE);
if (!chunk)
{
DBG1(DBG_LIB, "  opening '%s' failed: %s", file, 
strerror(errno));
return NULL;
}
cred = load_from_blob(*chunk, type, subtype, subject, flags);
chunk_unmap(chunk);
return cred;
}

Local variable chunk is an uninitialised pointer in load_from_file()
(frame 12 above) which is expected to get initialised through
chunk_map() & then passed to load_from_blob() as a parameter.
But somehow, the chunk pointer has not got initialised &
got passed as it is to load_from_blob() in frame 11 above.
As this contains a garbage address, when method load_from_blob()
tried cloning the memory regions through chunk_clone() ->
chunk_create_clone() -> memcpy() -> memcpy_noop(), it crashed with
SIGBUS (frames 10, 9, 8).
It could also be that chunk_map() has a bug which does not memmap()
the full or correct areas.

Upstream-Status: Pending
Tested By: Anuj Chougule 
Signed-off-by: Anuj Chougule 
Signed-off-by: Saloni Jain 
---
 .../strongswan/files/fix-charon-crash.patch| 23 ++
 1 file changed, 23 insertions(+)
 create mode 100644 recipes-support/strongswan/files/fix-charon-crash.patch

diff --git a/recipes-support/strongswan/files/fix-charon-crash.patch 
b/recipes-support/strongswan/files/fix-charon-crash.patch
new file mode 100644
index 000..95e71a2
--- /dev/null
+++ b/recipes-support/strongswan/files/fix-charon-crash.patch
@@ -0,0 +1,23 @@
+strongswan: avoid charon crash
+
+Variable chunk is an uninitialised pointer,which
+is expected to get initialised through method chunk_map()
+& then passed to load_from_blob() as a parameter.
+But somehow, if the chunk pointer did not get initialised & gets
+passed as it is to load_from_blob(), it may lead crash

[OE-core] [poky][sumo][PATCH] bzip2: Fix CVE-2019-12900

2020-01-20 Thread Saloni Jain

From: Sana Kazi 

Added patch for CVE-2019-12900 as backport from upstream.
Fixes out of bound access discovered while fuzzying karchive.

Tested by: sana.k...@kpit.com

Signed-off-by: Saloni Jain 
---
 .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 36 ++
 meta/recipes-extended/bzip2/bzip2_1.0.6.bb |  2 ++
 2 files changed, 38 insertions(+)
 create mode 100644 meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch

diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch 
b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
new file mode 100644
index 000..c2eb82a
--- /dev/null
+++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
@@ -0,0 +1,36 @@
+From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid 
+Date: Tue, 28 May 2019 19:35:18 +0200
+Subject: [PATCH] Make sure nSelectors is not out of range
+
+nSelectors is used in a loop from 0 to nSelectors to access selectorMtf
+which is
+UCharselectorMtf[BZ_MAX_SELECTORS];
+so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory
+access
+Fixes out of bounds access discovered while fuzzying karchive
+
+Link: 
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc.patch
+
+Upstream-Status: Backport
+CVE: CVE-2019-12900.patch
+Signed-off-by: Saloni Jain 
+---
+ decompress.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/decompress.c b/decompress.c
+index ab6a624..f3db91d 100644
+--- a/decompress.c
 b/decompress.c
+@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s )
+   GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
+   if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
+   GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
+-  if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
++  if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) 
RETURN(BZ_DATA_ERROR);
+   for (i = 0; i < nSelectors; i++) {
+  j = 0;
+  while (True) {
+--
+2.22.0
diff --git a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb 
b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb
index acbf80a..688e177 100644
--- a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb
+++ b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb
@@ -8,12 +8,14 @@ LICENSE = "bzip2"
 LIC_FILES_CHKSUM = 
"file://LICENSE;beginline=8;endline=37;md5=40d9d1eb05736d1bfc86cfdd9106e6b2"
 PR = "r5"

+FILESEXTRAPATHS_prepend := "${THISDIR}/bzip2-1.0.6:"
 SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/${BP}.tar.gz \
file://fix-bunzip2-qt-returns-0-for-corrupt-archives.patch \
file://configure.ac;subdir=${BP} \
file://Makefile.am;subdir=${BP} \
file://run-ptest \
file://CVE-2016-3189.patch \
+   file://CVE-2019-12900.patch \
"

 SRC_URI[md5sum] = "00b516f4704d4a7cb50a1d97e6e8e15b"
--
2.7.4

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [poky][zeus][PATCH] bzip2: Fix CVE-2019-12900

2020-01-20 Thread Saloni Jain

From: Sana Kazi 

Added patch for CVE-2019-12900 as backport from upstream.
Fixes out of bound access discovered while fuzzying karchive.

Tested by: sana.k...@kpit.com

Signed-off-by: Saloni Jain 
---
 .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 36 ++
 1 file changed, 36 insertions(+)
 create mode 100644 meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch

diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch 
b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
new file mode 100644
index 000..c2eb82a
--- /dev/null
+++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
@@ -0,0 +1,36 @@
+From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid 
+Date: Tue, 28 May 2019 19:35:18 +0200
+Subject: [PATCH] Make sure nSelectors is not out of range
+
+nSelectors is used in a loop from 0 to nSelectors to access selectorMtf
+which is
+UCharselectorMtf[BZ_MAX_SELECTORS];
+so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory
+access
+Fixes out of bounds access discovered while fuzzying karchive
+
+Link: 
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc.patch
+
+Upstream-Status: Backport
+CVE: CVE-2019-12900.patch
+Signed-off-by: Saloni Jain 
+---
+ decompress.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/decompress.c b/decompress.c
+index ab6a624..f3db91d 100644
+--- a/decompress.c
 b/decompress.c
+@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s )
+   GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
+   if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
+   GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
+-  if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
++  if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) 
RETURN(BZ_DATA_ERROR);
+   for (i = 0; i < nSelectors; i++) {
+  j = 0;
+  while (True) {
+--
+2.22.0
--
2.7.4

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [poky][master][PATCH] bzip2: Fix CVE-2019-12900

2020-01-20 Thread Saloni Jain

From: Sana Kazi 

Added patch for CVE-2019-12900 as backport from upstream.
Fixes out of bound access discovered while fuzzying karchive.

Tested by: sana.k...@kpit.com

Signed-off-by: Saloni Jain 
---
 .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 36 ++
 1 file changed, 36 insertions(+)
 create mode 100644 meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch

diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch 
b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
new file mode 100644
index 000..c2eb82a
--- /dev/null
+++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
@@ -0,0 +1,36 @@
+From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid 
+Date: Tue, 28 May 2019 19:35:18 +0200
+Subject: [PATCH] Make sure nSelectors is not out of range
+
+nSelectors is used in a loop from 0 to nSelectors to access selectorMtf
+which is
+UCharselectorMtf[BZ_MAX_SELECTORS];
+so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory
+access
+Fixes out of bounds access discovered while fuzzying karchive
+
+Link: 
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc.patch
+
+Upstream-Status: Backport
+CVE: CVE-2019-12900.patch
+Signed-off-by: Saloni Jain 
+---
+ decompress.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/decompress.c b/decompress.c
+index ab6a624..f3db91d 100644
+--- a/decompress.c
 b/decompress.c
+@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s )
+   GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
+   if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
+   GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
+-  if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
++  if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) 
RETURN(BZ_DATA_ERROR);
+   for (i = 0; i < nSelectors; i++) {
+  j = 0;
+  while (True) {
+--
+2.22.0
--
2.7.4

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [poky][master][PATCH] Added patch for CVE-2019-12900 as backport from upstream.

2020-01-20 Thread Saloni Jain

From: Sana Kazi 

Fixes out of bound access discovered while fuzzying karchive.

Tested by: sana.k...@kpit.com

Signed-off-by: Saloni Jain 
---
 .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 36 ++
 1 file changed, 36 insertions(+)
 create mode 100644 meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch

diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch 
b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
new file mode 100644
index 000..c2eb82a
--- /dev/null
+++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
@@ -0,0 +1,36 @@
+From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid 
+Date: Tue, 28 May 2019 19:35:18 +0200
+Subject: [PATCH] Make sure nSelectors is not out of range
+
+nSelectors is used in a loop from 0 to nSelectors to access selectorMtf
+which is
+UCharselectorMtf[BZ_MAX_SELECTORS];
+so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory
+access
+Fixes out of bounds access discovered while fuzzying karchive
+
+Link: 
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc.patch
+
+Upstream-Status: Backport
+CVE: CVE-2019-12900.patch
+Signed-off-by: Saloni Jain 
+---
+ decompress.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/decompress.c b/decompress.c
+index ab6a624..f3db91d 100644
+--- a/decompress.c
 b/decompress.c
+@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s )
+   GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
+   if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
+   GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
+-  if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
++  if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) 
RETURN(BZ_DATA_ERROR);
+   for (i = 0; i < nSelectors; i++) {
+  j = 0;
+  while (True) {
+--
+2.22.0
--
2.7.4

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [poky][master][PATCH] bzip2: Fix CVE-2019-12900

2020-01-17 Thread Saloni Jain

Hi Ross,

I have added SOB details and sent another upstreaming request.
For warrier and thud we can simply backport from the master release or we can 
additionally add the fix for both as well. Please suggest.


Thanks & Regards,
Saloni

From: Ross Burton 
Sent: Wednesday, January 15, 2020 10:00 PM
To: openembedded-core@lists.openembedded.org 
; Saloni Jain 
Subject: Re: [OE-core] [poky][master][PATCH] bzip2: Fix CVE-2019-12900

On 15/01/2020 15:47, Saloni Jain wrote:
> From: Sana Kazi 
>
> Added patch for CVE-2019-12900 as backport from upstream.
> Fixes out of bound access discovered while fuzzying karchive.
>
> Tested by: sana.k...@kpit.com
>
> Signed-off-by: Saloni Jain 

Need a S-o-b in the patch itself alongside a CVE tag, but also why not a
backport for Warrior and Thud?

Ross

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [poky][zeus][PATCH] bzip2: Fix CVE-2019-12900

2020-01-17 Thread Saloni Jain

From: Sana Kazi 

Added patch for CVE-2019-12900 as backport from upstream.
Fixes out of bound access discovered while fuzzying karchive.

Tested by: sana.k...@kpit.com

Signed-off-by: Saloni Jain 
---
 .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 35 ++
 1 file changed, 35 insertions(+)
 create mode 100644 meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch

diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch 
b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
new file mode 100644
index 000..94ddd73
--- /dev/null
+++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
@@ -0,0 +1,35 @@
+From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid 
+Date: Tue, 28 May 2019 19:35:18 +0200
+Subject: [PATCH] Make sure nSelectors is not out of range
+
+nSelectors is used in a loop from 0 to nSelectors to access selectorMtf
+which is
+UCharselectorMtf[BZ_MAX_SELECTORS];
+so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory
+access
+Fixes out of bounds access discovered while fuzzying karchive
+
+Link: 
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc.patch
+
+Upstream-Status: Backport
+Signed-off-by: Saloni Jain 
+---
+ decompress.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/decompress.c b/decompress.c
+index ab6a624..f3db91d 100644
+--- a/decompress.c
 b/decompress.c
+@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s )
+   GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
+   if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
+   GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
+-  if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
++  if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) 
RETURN(BZ_DATA_ERROR);
+   for (i = 0; i < nSelectors; i++) {
+  j = 0;
+  while (True) {
+--
+2.22.0
--
2.7.4

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [poky][sumo][PATCH] bzip2: Fix CVE-2019-12900

2020-01-17 Thread Saloni Jain

From: Sana Kazi 

Added patch for CVE-2019-12900 as backport from upstream.
Fixes out of bound access discovered while fuzzying karchive.

Tested by: sana.k...@kpit.com

Signed-off-by: Saloni Jain 
---
 .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 35 ++
 meta/recipes-extended/bzip2/bzip2_1.0.6.bb |  2 ++
 2 files changed, 37 insertions(+)
 create mode 100644 meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch

diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch 
b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
new file mode 100644
index 000..94ddd73
--- /dev/null
+++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
@@ -0,0 +1,35 @@
+From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid 
+Date: Tue, 28 May 2019 19:35:18 +0200
+Subject: [PATCH] Make sure nSelectors is not out of range
+
+nSelectors is used in a loop from 0 to nSelectors to access selectorMtf
+which is
+UCharselectorMtf[BZ_MAX_SELECTORS];
+so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory
+access
+Fixes out of bounds access discovered while fuzzying karchive
+
+Link: 
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc.patch
+
+Upstream-Status: Backport
+Signed-off-by: Saloni Jain 
+---
+ decompress.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/decompress.c b/decompress.c
+index ab6a624..f3db91d 100644
+--- a/decompress.c
 b/decompress.c
+@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s )
+   GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
+   if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
+   GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
+-  if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
++  if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) 
RETURN(BZ_DATA_ERROR);
+   for (i = 0; i < nSelectors; i++) {
+  j = 0;
+  while (True) {
+--
+2.22.0
diff --git a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb 
b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb
index acbf80a..688e177 100644
--- a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb
+++ b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb
@@ -8,12 +8,14 @@ LICENSE = "bzip2"
 LIC_FILES_CHKSUM = 
"file://LICENSE;beginline=8;endline=37;md5=40d9d1eb05736d1bfc86cfdd9106e6b2"
 PR = "r5"

+FILESEXTRAPATHS_prepend := "${THISDIR}/bzip2-1.0.6:"
 SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/${BP}.tar.gz \
file://fix-bunzip2-qt-returns-0-for-corrupt-archives.patch \
file://configure.ac;subdir=${BP} \
file://Makefile.am;subdir=${BP} \
file://run-ptest \
file://CVE-2016-3189.patch \
+   file://CVE-2019-12900.patch \
"

 SRC_URI[md5sum] = "00b516f4704d4a7cb50a1d97e6e8e15b"
--
2.7.4

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [poky][master][PATCH] bzip2: Fix CVE-2019-12900

2020-01-17 Thread Saloni Jain

From: Sana Kazi 

Added patch for CVE-2019-12900 as backport from upstream.
Fixes out of bound access discovered while fuzzying karchive.

Tested by: sana.k...@kpit.com

Signed-off-by: Saloni Jain 
---
 .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 35 ++
 1 file changed, 35 insertions(+)
 create mode 100644 meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch

diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch 
b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
new file mode 100644
index 000..94ddd73
--- /dev/null
+++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
@@ -0,0 +1,35 @@
+From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid 
+Date: Tue, 28 May 2019 19:35:18 +0200
+Subject: [PATCH] Make sure nSelectors is not out of range
+
+nSelectors is used in a loop from 0 to nSelectors to access selectorMtf
+which is
+UCharselectorMtf[BZ_MAX_SELECTORS];
+so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory
+access
+Fixes out of bounds access discovered while fuzzying karchive
+
+Link: 
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc.patch
+
+Upstream-Status: Backport
+Signed-off-by: Saloni Jain 
+---
+ decompress.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/decompress.c b/decompress.c
+index ab6a624..f3db91d 100644
+--- a/decompress.c
 b/decompress.c
+@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s )
+   GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
+   if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
+   GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
+-  if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
++  if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) 
RETURN(BZ_DATA_ERROR);
+   for (i = 0; i < nSelectors; i++) {
+  j = 0;
+  while (True) {
+--
+2.22.0
--
2.7.4

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [poky][zeus][PATCH] bzip2: Fix CVE-2019-12900

2020-01-15 Thread Saloni Jain

Hello Khem Raj,

We have tested the applicability for this patch on master as well and as per 
analysis it is applicable.
I've sent the same patch for master branch as well in a separate mail.

Thanks & Regards,
Saloni

From: Khem Raj 
Sent: Wednesday, January 15, 2020 10:36 PM
To: Saloni Jain 
Cc: openembedded-core@lists.openembedded.org 
; Nisha Parrakat 
; Sana Kazi 
Subject: Re: [poky][zeus][PATCH] bzip2: Fix CVE-2019-12900

On Wed, Jan 15, 2020 at 7:51 AM Saloni Jain  wrote:
>
> From: Sana Kazi 
>
> Added patch for CVE-2019-12900 as backport from upstream.
> Fixes out of bound access discovered while fuzzying karchive.
>

is this fix already present in the bzip2 version we have in master ?

> Tested by: sana.k...@kpit.com
>
> Signed-off-by: Saloni Jain 
> ---
>  .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 34 
> ++
>  1 file changed, 34 insertions(+)
>  create mode 100644 
> meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
>
> diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch 
> b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
> new file mode 100644
> index 000..cab41e0
> --- /dev/null
> +++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
> @@ -0,0 +1,34 @@
> +From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001
> +From: Albert Astals Cid 
> +Date: Tue, 28 May 2019 19:35:18 +0200
> +Subject: [PATCH] Make sure nSelectors is not out of range
> +
> +nSelectors is used in a loop from 0 to nSelectors to access selectorMtf
> +which is
> +UCharselectorMtf[BZ_MAX_SELECTORS];
> +so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory
> +access
> +Fixes out of bounds access discovered while fuzzying karchive
> +
> +Link: 
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitlab.com%2Ffedericomenaquintero%2Fbzip2%2Fcommit%2F74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc.patchdata=02%7C01%7CSaloni.Jain%40kpit.com%7C370b10dc1f7a4288166208d799dd5023%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637147048150016848sdata=m%2B9a%2FxYEqAA7JLjimmgLtLfvvBV2WtyInZf9a7DCfQg%3Dreserved=0
> +
> +Upstream-Status: Backport
> +---
> + decompress.c | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/decompress.c b/decompress.c
> +index ab6a624..f3db91d 100644
> +--- a/decompress.c
>  b/decompress.c
> +@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s )
> +   GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
> +   if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
> +   GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
> +-  if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
> ++  if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) 
> RETURN(BZ_DATA_ERROR);
> +   for (i = 0; i < nSelectors; i++) {
> +  j = 0;
> +  while (True) {
> +--
> +2.22.0
> --
> 2.7.4
>
> This message contains information that may be privileged or confidential and 
> is the property of the KPIT Technologies Ltd. It is intended only for the 
> person to whom it is addressed. If you are not the intended recipient, you 
> are not authorized to read, print, retain copy, disseminate, distribute, or 
> use this message or any part thereof. If you receive this message in error, 
> please notify the sender immediately and delete all copies of this message. 
> KPIT Technologies Ltd. does not accept any liability for virus infected mails.
This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [poky][zeus][PATCH] bzip2: Fix CVE-2019-12900

2020-01-15 Thread Saloni Jain

From: Sana Kazi 

Added patch for CVE-2019-12900 as backport from upstream.
Fixes out of bound access discovered while fuzzying karchive.

Tested by: sana.k...@kpit.com

Signed-off-by: Saloni Jain 
---
 .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 34 ++
 1 file changed, 34 insertions(+)
 create mode 100644 meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch

diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch 
b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
new file mode 100644
index 000..cab41e0
--- /dev/null
+++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
@@ -0,0 +1,34 @@
+From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid 
+Date: Tue, 28 May 2019 19:35:18 +0200
+Subject: [PATCH] Make sure nSelectors is not out of range
+
+nSelectors is used in a loop from 0 to nSelectors to access selectorMtf
+which is
+UCharselectorMtf[BZ_MAX_SELECTORS];
+so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory
+access
+Fixes out of bounds access discovered while fuzzying karchive
+
+Link: 
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc.patch
+
+Upstream-Status: Backport
+---
+ decompress.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/decompress.c b/decompress.c
+index ab6a624..f3db91d 100644
+--- a/decompress.c
 b/decompress.c
+@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s )
+   GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
+   if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
+   GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
+-  if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
++  if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) 
RETURN(BZ_DATA_ERROR);
+   for (i = 0; i < nSelectors; i++) {
+  j = 0;
+  while (True) {
+--
+2.22.0
--
2.7.4

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [poky][sumo][PATCH] bzip2: Fix CVE-2019-12900

2020-01-15 Thread Saloni Jain

From: Sana Kazi 

Added patch for CVE-2019-12900 as backport from upstream.
Fixes out of bound access discovered while fuzzying karchive.

Tested by: sana.k...@kpit.com

Signed-off-by: Saloni Jain 
---
 .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 34 ++
 meta/recipes-extended/bzip2/bzip2_1.0.6.bb |  2 ++
 2 files changed, 36 insertions(+)
 create mode 100644 meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch

diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch 
b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
new file mode 100644
index 000..cab41e0
--- /dev/null
+++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
@@ -0,0 +1,34 @@
+From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid 
+Date: Tue, 28 May 2019 19:35:18 +0200
+Subject: [PATCH] Make sure nSelectors is not out of range
+
+nSelectors is used in a loop from 0 to nSelectors to access selectorMtf
+which is
+UCharselectorMtf[BZ_MAX_SELECTORS];
+so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory
+access
+Fixes out of bounds access discovered while fuzzying karchive
+
+Link: 
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc.patch
+
+Upstream-Status: Backport
+---
+ decompress.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/decompress.c b/decompress.c
+index ab6a624..f3db91d 100644
+--- a/decompress.c
 b/decompress.c
+@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s )
+   GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
+   if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
+   GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
+-  if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
++  if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) 
RETURN(BZ_DATA_ERROR);
+   for (i = 0; i < nSelectors; i++) {
+  j = 0;
+  while (True) {
+--
+2.22.0
diff --git a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb 
b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb
index acbf80a..688e177 100644
--- a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb
+++ b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb
@@ -8,12 +8,14 @@ LICENSE = "bzip2"
 LIC_FILES_CHKSUM = 
"file://LICENSE;beginline=8;endline=37;md5=40d9d1eb05736d1bfc86cfdd9106e6b2"
 PR = "r5"

+FILESEXTRAPATHS_prepend := "${THISDIR}/bzip2-1.0.6:"
 SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/${BP}.tar.gz \
file://fix-bunzip2-qt-returns-0-for-corrupt-archives.patch \
file://configure.ac;subdir=${BP} \
file://Makefile.am;subdir=${BP} \
file://run-ptest \
file://CVE-2016-3189.patch \
+   file://CVE-2019-12900.patch \
"

 SRC_URI[md5sum] = "00b516f4704d4a7cb50a1d97e6e8e15b"
--
2.7.4

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [poky][master][PATCH] bzip2: Fix CVE-2019-12900

2020-01-15 Thread Saloni Jain

From: Sana Kazi 

Added patch for CVE-2019-12900 as backport from upstream.
Fixes out of bound access discovered while fuzzying karchive.

Tested by: sana.k...@kpit.com

Signed-off-by: Saloni Jain 
---
 .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 34 ++
 1 file changed, 34 insertions(+)
 create mode 100644 meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch

diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch 
b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
new file mode 100644
index 000..cab41e0
--- /dev/null
+++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
@@ -0,0 +1,34 @@
+From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid 
+Date: Tue, 28 May 2019 19:35:18 +0200
+Subject: [PATCH] Make sure nSelectors is not out of range
+
+nSelectors is used in a loop from 0 to nSelectors to access selectorMtf
+which is
+UCharselectorMtf[BZ_MAX_SELECTORS];
+so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory
+access
+Fixes out of bounds access discovered while fuzzying karchive
+
+Link: 
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc.patch
+
+Upstream-Status: Backport
+---
+ decompress.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/decompress.c b/decompress.c
+index ab6a624..f3db91d 100644
+--- a/decompress.c
 b/decompress.c
+@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s )
+   GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
+   if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
+   GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
+-  if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
++  if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) 
RETURN(BZ_DATA_ERROR);
+   for (i = 0; i < nSelectors; i++) {
+  j = 0;
+  while (True) {
+--
+2.22.0
--
2.7.4

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

45 matches

Mail list logo