subject:"Re\: \[OE\-core\]\[langdale\]\[PATCH\] openssl\: fix CVE\-2022\-3996 double locking leads to denial of service"

Re: [OE-core][langdale][PATCH] openssl: fix CVE-2022-3996 double locking leads to denial of service

2023-01-23 Thread vkumbhar

Yes, It was intended for the master.

Kind regards,
Vivek

On Mon, 23 Jan 2023 at 10:19 PM, Steve Sakoman  wrote:

> Hi Vivek,
>
> You sent two seemingly identical patches for langdale.  Was one
> perhaps intended for master?
>
> Steve
>
> On Mon, Jan 23, 2023 at 6:34 AM vkumbhar  wrote:
> >
> > From: Vivek Kumbhar 
> >
> > Signed-off-by: Vivek Kumbhar 
> > ---
> >  .../openssl/openssl/CVE-2022-3996.patch   | 43 +++
> >  .../openssl/openssl_3.0.7.bb  |  1 +
> >  2 files changed, 44 insertions(+)
> >  create mode 100644
> meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> >
> > diff --git
> a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> > new file mode 100644
> > index 00..6d70b323d1
> > --- /dev/null
> > +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> > @@ -0,0 +1,43 @@
> > +From 7725e7bfe6f2ce8146b6552b44e0d226be7638e7 Mon Sep 17 00:00:00 2001
> > +From: Pauli 
> > +Date: Fri, 11 Nov 2022 09:40:19 +1100
> > +Subject: [PATCH] x509: fix double locking problem
> > +
> > +This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and
> removed the
> > +redundant flag setting.
> > +
> > +Fixes #19643
> > +
> > +Fixes LOW CVE-2022-3996
> > +
> > +Reviewed-by: Dmitry Belyavskiy 
> > +Reviewed-by: Tomas Mraz 
> > +(Merged from https://github.com/openssl/openssl/pull/19652)
> > +
> > +(cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5)
> > +
> > +Upstream-Status: Backport [
> https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7
> ]
> > +CVE: CVE-2022-3996
> > +Signed-off-by: Vivek Kumbhar 
> > +---
> > + crypto/x509/pcy_map.c | 4 
> > + 1 file changed, 4 deletions(-)
> > +
> > +diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c
> > +index 05406c6493..60dfd1e320 100644
> > +--- a/crypto/x509/pcy_map.c
> >  b/crypto/x509/pcy_map.c
> > +@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x,
> POLICY_MAPPINGS *maps)
> > +
> > + ret = 1;
> > +  bad_mapping:
> > +-if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) {
> > +-x->ex_flags |= EXFLAG_INVALID_POLICY;
> > +-CRYPTO_THREAD_unlock(x->lock);
> > +-}
> > + sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
> > + return ret;
> > +
> > +--
> > +2.30.2
> > +
> > diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> b/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> > index 45fd1de2fd..1842148592 100644
> > --- a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> > +++ b/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> > @@ -12,6 +12,7 @@ SRC_URI = "
> http://www.openssl.org/source/openssl-${PV}.tar.gz \
> >
>  file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
> > file://afalg.patch \
> > file://0001-Configure-do-not-tweak-mips-cflags.patch \
> > +   file://CVE-2022-3996.patch \
> > "
> >
> >  SRC_URI:append:class-nativesdk = " \
> > --
> > 2.30.2
> >
> >
> > 
> >
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176313): 
https://lists.openembedded.org/g/openembedded-core/message/176313
Mute This Topic: https://lists.openembedded.org/mt/96477598/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][langdale][PATCH] openssl: fix CVE-2022-3996 double locking leads to denial of service

2023-01-23 Thread Steve Sakoman

Hi Vivek,

You sent two seemingly identical patches for langdale.  Was one
perhaps intended for master?

Steve

On Mon, Jan 23, 2023 at 6:34 AM vkumbhar  wrote:
>
> From: Vivek Kumbhar 
>
> Signed-off-by: Vivek Kumbhar 
> ---
>  .../openssl/openssl/CVE-2022-3996.patch   | 43 +++
>  .../openssl/openssl_3.0.7.bb  |  1 +
>  2 files changed, 44 insertions(+)
>  create mode 100644 
> meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
>
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch 
> b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> new file mode 100644
> index 00..6d70b323d1
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> @@ -0,0 +1,43 @@
> +From 7725e7bfe6f2ce8146b6552b44e0d226be7638e7 Mon Sep 17 00:00:00 2001
> +From: Pauli 
> +Date: Fri, 11 Nov 2022 09:40:19 +1100
> +Subject: [PATCH] x509: fix double locking problem
> +
> +This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the
> +redundant flag setting.
> +
> +Fixes #19643
> +
> +Fixes LOW CVE-2022-3996
> +
> +Reviewed-by: Dmitry Belyavskiy 
> +Reviewed-by: Tomas Mraz 
> +(Merged from https://github.com/openssl/openssl/pull/19652)
> +
> +(cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5)
> +
> +Upstream-Status: Backport 
> [https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7]
> +CVE: CVE-2022-3996
> +Signed-off-by: Vivek Kumbhar 
> +---
> + crypto/x509/pcy_map.c | 4 
> + 1 file changed, 4 deletions(-)
> +
> +diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c
> +index 05406c6493..60dfd1e320 100644
> +--- a/crypto/x509/pcy_map.c
>  b/crypto/x509/pcy_map.c
> +@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x, 
> POLICY_MAPPINGS *maps)
> +
> + ret = 1;
> +  bad_mapping:
> +-if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) {
> +-x->ex_flags |= EXFLAG_INVALID_POLICY;
> +-CRYPTO_THREAD_unlock(x->lock);
> +-}
> + sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
> + return ret;
> +
> +--
> +2.30.2
> +
> diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb 
> b/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> index 45fd1de2fd..1842148592 100644
> --- a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> @@ -12,6 +12,7 @@ SRC_URI = 
> "http://www.openssl.org/source/openssl-${PV}.tar.gz \
> 
> file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
> file://afalg.patch \
> file://0001-Configure-do-not-tweak-mips-cflags.patch \
> +   file://CVE-2022-3996.patch \
> "
>
>  SRC_URI:append:class-nativesdk = " \
> --
> 2.30.2
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#176312): 
https://lists.openembedded.org/g/openembedded-core/message/176312
Mute This Topic: https://lists.openembedded.org/mt/96477598/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][langdale][PATCH] openssl: fix CVE-2022-3996 double locking leads to denial of service

Re: [OE-core][langdale][PATCH] openssl: fix CVE-2022-3996 double locking leads to denial of service

2 matches

Site Navigation

Mail list logo

Footer information