Re: [OE-core] [meta-oe][PATCH v2] gmp: Add security fix for CVE-2021-43618

2021-11-22 Thread Pavel Zhukov 
Hi Ross, Thank you for pointing out the issues. Will do better next time. and you were faster anyway :) -- Pavel   22.11.2021, 13:00, "Ross Burton" :Hi Pavel,Close but you also need Upstream-Status, Signed-off-by, and CVE tagsin the patch. You can see my version of this fix on the list, a fewminutes before yours. :)RossOn Mon, 22 Nov 2021 at 11:54, Pavel Zhukov  wrote: From: Pavel Zhukov  Fix mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms. References: https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e References: https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html References: https://bugs.debian.org/994405 Signed-off-by: Pavel Zhukov  ---  .../gmp/gmp/CVE-2021-43618.patch | 25 +++  meta/recipes-support/gmp/gmp_6.2.1.bb | 1 +  2 files changed, 26 insertions(+)  create mode 100644 meta/recipes-support/gmp/gmp/CVE-2021-43618.patch diff --git a/meta/recipes-support/gmp/gmp/CVE-2021-43618.patch b/meta/recipes-support/gmp/gmp/CVE-2021-43618.patch new file mode 100644 index 00..f741972439 --- /dev/null +++ b/meta/recipes-support/gmp/gmp/CVE-2021-43618.patch @@ -0,0 +1,25 @@ + +# HG changeset patch +# User Marco Bodrato  +# Date 1634836009 -7200 +# Node ID 561a9c25298e17bb01896801ff353546c6923dbd +# Parent e1fd9db13b475209a864577237ea4b9105b3e96e +mpz/inp_raw.c: Avoid bit size overflows + +diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c +--- a/mpz/inp_raw.c Tue Dec 22 23:49:51 2020 +0100  b/mpz/inp_raw.c Thu Oct 21 19:06:49 2021 +0200 +@@ -88,8 +88,11 @@ + + abs_csize = ABS (csize); + ++ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8)) ++ return 0; /* Bit size overflows */ ++ + /* round up to a multiple of limbs */ +- abs_xsize = BITS_TO_LIMBS (abs_csize*8); ++ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8); + + if (abs_xsize != 0) + { + diff --git a/meta/recipes-support/gmp/gmp_6.2.1.bb b/meta/recipes-support/gmp/gmp_6.2.1.bb index d5996abd00..7c12a97228 100644 --- a/meta/recipes-support/gmp/gmp_6.2.1.bb +++ b/meta/recipes-support/gmp/gmp_6.2.1.bb @@ -12,6 +12,7 @@ SRC_URI = "https://gmplib.org/download/${BPN}/${BP}${REVISION}.tar.bz2 \ file://use-includedir.patch \ file://0001-Append-the-user-provided-flags-to-the-auto-detected-.patch \ file://0001-confiure.ac-Believe-the-cflags-from-environment.patch \ + file://CVE-2021-43618.patch \ "  SRC_URI[md5sum] = "28971fc21cf028042d4897f02fd355ea"  SRC_URI[sha256sum] = "eae9326beb4158c386e39a356818031bd28f3124cf915f8c5b1dc4c7a36b4d7c" -- 2.32.0  
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#158567): 
https://lists.openembedded.org/g/openembedded-core/message/158567
Mute This Topic: https://lists.openembedded.org/mt/87233112/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [meta-oe][PATCH v2] gmp: Add security fix for CVE-2021-43618

2021-11-22 Thread Ross Burton 
Hi Pavel,

Close but you also need Upstream-Status, Signed-off-by, and CVE tags
in the patch.  You can see my version of this fix on the list, a few
minutes before yours. :)

Ross

On Mon, 22 Nov 2021 at 11:54, Pavel Zhukov  wrote:
>
> From: Pavel Zhukov 
>
> Fix mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted 
> input,
> leading to a segmentation fault on 32-bit platforms.
>
> References: https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
> References: 
> https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
> References: https://bugs.debian.org/994405
>
> Signed-off-by: Pavel Zhukov 
> ---
>  .../gmp/gmp/CVE-2021-43618.patch  | 25 +++
>  meta/recipes-support/gmp/gmp_6.2.1.bb |  1 +
>  2 files changed, 26 insertions(+)
>  create mode 100644 meta/recipes-support/gmp/gmp/CVE-2021-43618.patch
>
> diff --git a/meta/recipes-support/gmp/gmp/CVE-2021-43618.patch 
> b/meta/recipes-support/gmp/gmp/CVE-2021-43618.patch
> new file mode 100644
> index 00..f741972439
> --- /dev/null
> +++ b/meta/recipes-support/gmp/gmp/CVE-2021-43618.patch
> @@ -0,0 +1,25 @@
> +
> +# HG changeset patch
> +# User Marco Bodrato 
> +# Date 1634836009 -7200
> +# Node ID 561a9c25298e17bb01896801ff353546c6923dbd
> +# Parent  e1fd9db13b475209a864577237ea4b9105b3e96e
> +mpz/inp_raw.c: Avoid bit size overflows
> +
> +diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c
> +--- a/mpz/inp_raw.cTue Dec 22 23:49:51 2020 +0100
>  b/mpz/inp_raw.cThu Oct 21 19:06:49 2021 +0200
> +@@ -88,8 +88,11 @@
> +
> +   abs_csize = ABS (csize);
> +
> ++  if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
> ++return 0; /* Bit size overflows */
> ++
> +   /* round up to a multiple of limbs */
> +-  abs_xsize = BITS_TO_LIMBS (abs_csize*8);
> ++  abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
> +
> +   if (abs_xsize != 0)
> + {
> +
> diff --git a/meta/recipes-support/gmp/gmp_6.2.1.bb 
> b/meta/recipes-support/gmp/gmp_6.2.1.bb
> index d5996abd00..7c12a97228 100644
> --- a/meta/recipes-support/gmp/gmp_6.2.1.bb
> +++ b/meta/recipes-support/gmp/gmp_6.2.1.bb
> @@ -12,6 +12,7 @@ SRC_URI = 
> "https://gmplib.org/download/${BPN}/${BP}${REVISION}.tar.bz2 \
> file://use-includedir.patch \
> 
> file://0001-Append-the-user-provided-flags-to-the-auto-detected-.patch \
> file://0001-confiure.ac-Believe-the-cflags-from-environment.patch 
> \
> +   file://CVE-2021-43618.patch \
> "
>  SRC_URI[md5sum] = "28971fc21cf028042d4897f02fd355ea"
>  SRC_URI[sha256sum] = 
> "eae9326beb4158c386e39a356818031bd28f3124cf915f8c5b1dc4c7a36b4d7c"
> --
> 2.32.0
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#158566): 
https://lists.openembedded.org/g/openembedded-core/message/158566
Mute This Topic: https://lists.openembedded.org/mt/87233112/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core] [meta-oe][PATCH v2] gmp: Add security fix for CVE-2021-43618

2021-11-22 Thread Konrad Weihmann 

Both of your patches don't meet the OE patch guideline [1].
Just look at Ross's patch for an exmaple [2]

So just in case for this one I would prefer picking Ross's patch, which 
seems to me does the very same



[1] 
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines#Patch_Header_Recommendations:_Upstream-Status

[2] https://lists.openembedded.org/g/openembedded-core/message/158561

On 22.11.21 12:54, Pavel Zhukov wrote:

From: Pavel Zhukov 

Fix mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted 
input,
leading to a segmentation fault on 32-bit platforms.

References: https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
References: https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
References: https://bugs.debian.org/994405

Signed-off-by: Pavel Zhukov 
---
  .../gmp/gmp/CVE-2021-43618.patch  | 25 +++
  meta/recipes-support/gmp/gmp_6.2.1.bb |  1 +
  2 files changed, 26 insertions(+)
  create mode 100644 meta/recipes-support/gmp/gmp/CVE-2021-43618.patch

diff --git a/meta/recipes-support/gmp/gmp/CVE-2021-43618.patch 
b/meta/recipes-support/gmp/gmp/CVE-2021-43618.patch
new file mode 100644
index 00..f741972439
--- /dev/null
+++ b/meta/recipes-support/gmp/gmp/CVE-2021-43618.patch
@@ -0,0 +1,25 @@
+
+# HG changeset patch
+# User Marco Bodrato 
+# Date 1634836009 -7200
+# Node ID 561a9c25298e17bb01896801ff353546c6923dbd
+# Parent  e1fd9db13b475209a864577237ea4b9105b3e96e
+mpz/inp_raw.c: Avoid bit size overflows
+
+diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c
+--- a/mpz/inp_raw.cTue Dec 22 23:49:51 2020 +0100
 b/mpz/inp_raw.cThu Oct 21 19:06:49 2021 +0200
+@@ -88,8 +88,11 @@
+
+   abs_csize = ABS (csize);
+
++  if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
++return 0; /* Bit size overflows */
++
+   /* round up to a multiple of limbs */
+-  abs_xsize = BITS_TO_LIMBS (abs_csize*8);
++  abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
+
+   if (abs_xsize != 0)
+ {
+
diff --git a/meta/recipes-support/gmp/gmp_6.2.1.bb 
b/meta/recipes-support/gmp/gmp_6.2.1.bb
index d5996abd00..7c12a97228 100644
--- a/meta/recipes-support/gmp/gmp_6.2.1.bb
+++ b/meta/recipes-support/gmp/gmp_6.2.1.bb
@@ -12,6 +12,7 @@ SRC_URI = 
"https://gmplib.org/download/${BPN}/${BP}${REVISION}.tar.bz2 \
 file://use-includedir.patch \
 
file://0001-Append-the-user-provided-flags-to-the-auto-detected-.patch \
 file://0001-confiure.ac-Believe-the-cflags-from-environment.patch \
+   file://CVE-2021-43618.patch \
 "
  SRC_URI[md5sum] = "28971fc21cf028042d4897f02fd355ea"
  SRC_URI[sha256sum] = 
"eae9326beb4158c386e39a356818031bd28f3124cf915f8c5b1dc4c7a36b4d7c"






-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#158565): 
https://lists.openembedded.org/g/openembedded-core/message/158565
Mute This Topic: https://lists.openembedded.org/mt/87233112/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [meta-oe][PATCH v2] gmp: Add security fix for CVE-2021-43618

2021-11-22 Thread Pavel Zhukov 
From: Pavel Zhukov 

Fix mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted 
input,
leading to a segmentation fault on 32-bit platforms.

References: https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
References: https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
References: https://bugs.debian.org/994405

Signed-off-by: Pavel Zhukov 
---
 .../gmp/gmp/CVE-2021-43618.patch  | 25 +++
 meta/recipes-support/gmp/gmp_6.2.1.bb |  1 +
 2 files changed, 26 insertions(+)
 create mode 100644 meta/recipes-support/gmp/gmp/CVE-2021-43618.patch

diff --git a/meta/recipes-support/gmp/gmp/CVE-2021-43618.patch 
b/meta/recipes-support/gmp/gmp/CVE-2021-43618.patch
new file mode 100644
index 00..f741972439
--- /dev/null
+++ b/meta/recipes-support/gmp/gmp/CVE-2021-43618.patch
@@ -0,0 +1,25 @@
+
+# HG changeset patch
+# User Marco Bodrato 
+# Date 1634836009 -7200
+# Node ID 561a9c25298e17bb01896801ff353546c6923dbd
+# Parent  e1fd9db13b475209a864577237ea4b9105b3e96e
+mpz/inp_raw.c: Avoid bit size overflows
+
+diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c
+--- a/mpz/inp_raw.cTue Dec 22 23:49:51 2020 +0100
 b/mpz/inp_raw.cThu Oct 21 19:06:49 2021 +0200
+@@ -88,8 +88,11 @@
+ 
+   abs_csize = ABS (csize);
+ 
++  if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
++return 0; /* Bit size overflows */
++
+   /* round up to a multiple of limbs */
+-  abs_xsize = BITS_TO_LIMBS (abs_csize*8);
++  abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
+ 
+   if (abs_xsize != 0)
+ {
+
diff --git a/meta/recipes-support/gmp/gmp_6.2.1.bb 
b/meta/recipes-support/gmp/gmp_6.2.1.bb
index d5996abd00..7c12a97228 100644
--- a/meta/recipes-support/gmp/gmp_6.2.1.bb
+++ b/meta/recipes-support/gmp/gmp_6.2.1.bb
@@ -12,6 +12,7 @@ SRC_URI = 
"https://gmplib.org/download/${BPN}/${BP}${REVISION}.tar.bz2 \
file://use-includedir.patch \

file://0001-Append-the-user-provided-flags-to-the-auto-detected-.patch \
file://0001-confiure.ac-Believe-the-cflags-from-environment.patch \
+   file://CVE-2021-43618.patch \
"
 SRC_URI[md5sum] = "28971fc21cf028042d4897f02fd355ea"
 SRC_URI[sha256sum] = 
"eae9326beb4158c386e39a356818031bd28f3124cf915f8c5b1dc4c7a36b4d7c"
-- 
2.32.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#158563): 
https://lists.openembedded.org/g/openembedded-core/message/158563
Mute This Topic: https://lists.openembedded.org/mt/87233112/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-