| Message ID | 20241112085129.11176-1-peter.marko@siemens.com |
|---|---|
| State | Superseded |
| Delegated to: | Steve Sakoman |
| Headers | show |
| Series | [kirkstone,v2] expat: patch CVE-2024-50602 | expand |
Hi Peter, I think you missed adding the patches to the recipe :-) Steve On Tue, Nov 12, 2024 at 12:52 AM Peter Marko via lists.openembedded.org <peter.marko=siemens.com@lists.openembedded.org> wrote: > > From: Peter Marko <peter.marko@siemens.com> > > Pick commits from https://github.com/libexpat/libexpat/pull/915 > > Not picking test is suboptimal, but test structure was changed meanwhile > so we'd have to invent new code. > Skipping tests was already done in previous expat/kirkstone CVE patches. > > Signed-off-by: Peter Marko <peter.marko@siemens.com> > --- > v2: fixed upstream patch lik in CVE-2024-50602-01.patch > > .../expat/expat/CVE-2024-50602-01.patch | 56 +++++++++++++++++++ > .../expat/expat/CVE-2024-50602-02.patch | 38 +++++++++++++ > 2 files changed, 94 insertions(+) > create mode 100644 meta/recipes-core/expat/expat/CVE-2024-50602-01.patch > create mode 100644 meta/recipes-core/expat/expat/CVE-2024-50602-02.patch > > diff --git a/meta/recipes-core/expat/expat/CVE-2024-50602-01.patch b/meta/recipes-core/expat/expat/CVE-2024-50602-01.patch > new file mode 100644 > index 0000000000..18dc392f67 > --- /dev/null > +++ b/meta/recipes-core/expat/expat/CVE-2024-50602-01.patch > @@ -0,0 +1,56 @@ > +From 51c7019069b862e88d94ed228659e70bddd5de09 Mon Sep 17 00:00:00 2001 > +From: Sebastian Pipping <sebastian@pipping.org> > +Date: Mon, 21 Oct 2024 01:42:54 +0200 > +Subject: [PATCH 1/2] lib: Make XML_StopParser refuse to stop/suspend an > + unstarted parser > + > +CVE: CVE-2024-50602 > +Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/51c7019069b862e88d94ed228659e70bddd5de09] > +Signed-off-by: Peter Marko <peter.marko@siemens.com> > +--- > + expat/lib/expat.h | 4 +++- > + expat/lib/xmlparse.c | 6 ++++++ > + 2 files changed, 9 insertions(+), 1 deletion(-) > + > +diff --git a/expat/lib/expat.h b/expat/lib/expat.h > +index d0d6015a..3ba61304 100644 > +--- a/expat/lib/expat.h > ++++ b/expat/lib/expat.h > +@@ -127,7 +127,9 @@ enum XML_Error { > + /* Added in 2.3.0. */ > + XML_ERROR_NO_BUFFER, > + /* Added in 2.4.0. */ > +- XML_ERROR_AMPLIFICATION_LIMIT_BREACH > ++ XML_ERROR_AMPLIFICATION_LIMIT_BREACH, > ++ /* Added in 2.6.4. */ > ++ XML_ERROR_NOT_STARTED, > + }; > + > + enum XML_Content_Type { > +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c > +index d9285b21..fa02537f 100644 > +--- a/expat/lib/xmlparse.c > ++++ b/expat/lib/xmlparse.c > +@@ -2189,6 +2189,9 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) { > + if (parser == NULL) > + return XML_STATUS_ERROR; > + switch (parser->m_parsingStatus.parsing) { > ++ case XML_INITIALIZED: > ++ parser->m_errorCode = XML_ERROR_NOT_STARTED; > ++ return XML_STATUS_ERROR; > + case XML_SUSPENDED: > + if (resumable) { > + parser->m_errorCode = XML_ERROR_SUSPENDED; > +@@ -2474,6 +2477,9 @@ XML_ErrorString(enum XML_Error code) { > + case XML_ERROR_AMPLIFICATION_LIMIT_BREACH: > + return XML_L( > + "limit on input amplification factor (from DTD and entities) breached"); > ++ /* Added in 2.6.4. */ > ++ case XML_ERROR_NOT_STARTED: > ++ return XML_L("parser not started"); > + } > + return NULL; > + } > +-- > +2.30.2 > + > diff --git a/meta/recipes-core/expat/expat/CVE-2024-50602-02.patch b/meta/recipes-core/expat/expat/CVE-2024-50602-02.patch > new file mode 100644 > index 0000000000..e714daade5 > --- /dev/null > +++ b/meta/recipes-core/expat/expat/CVE-2024-50602-02.patch > @@ -0,0 +1,38 @@ > +From 5fb89e7b3afa1c314b34834fe729cd063f65a4d4 Mon Sep 17 00:00:00 2001 > +From: Sebastian Pipping <sebastian@pipping.org> > +Date: Mon, 21 Oct 2024 01:46:11 +0200 > +Subject: [PATCH 2/2] lib: Be explicit about XML_PARSING in XML_StopParser > + > +CVE: CVE-2024-50602 > +Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/5fb89e7b3afa1c314b34834fe729cd063f65a4d4] > +Signed-off-by: Peter Marko <peter.marko@siemens.com> > +--- > + expat/lib/xmlparse.c | 5 ++++- > + 1 file changed, 4 insertions(+), 1 deletion(-) > + > +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c > +index fa02537f..983f6df0 100644 > +--- a/expat/lib/xmlparse.c > ++++ b/expat/lib/xmlparse.c > +@@ -2202,7 +2202,7 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) { > + case XML_FINISHED: > + parser->m_errorCode = XML_ERROR_FINISHED; > + return XML_STATUS_ERROR; > +- default: > ++ case XML_PARSING: > + if (resumable) { > + #ifdef XML_DTD > + if (parser->m_isParamEntity) { > +@@ -2213,6 +2213,9 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) { > + parser->m_parsingStatus.parsing = XML_SUSPENDED; > + } else > + parser->m_parsingStatus.parsing = XML_FINISHED; > ++ break; > ++ default: > ++ assert(0); > + } > + return XML_STATUS_OK; > + } > +-- > +2.30.2 > + > -- > 2.30.2 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#206987): https://lists.openembedded.org/g/openembedded-core/message/206987 > Mute This Topic: https://lists.openembedded.org/mt/109531698/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Oops, sorry. Will send a v3 later today, I need to re-run my pipeline with the patch actually applied. Peter > -----Original Message----- > From: Steve Sakoman <steve@sakoman.com> > Sent: Tuesday, November 12, 2024 14:53 > To: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com> > Cc: openembedded-core@lists.openembedded.org > Subject: Re: [OE-core][kirkstone][PATCH v2] expat: patch CVE-2024-50602 > > Hi Peter, > > I think you missed adding the patches to the recipe :-) > > Steve > > On Tue, Nov 12, 2024 at 12:52 AM Peter Marko via > lists.openembedded.org > <peter.marko=siemens.com@lists.openembedded.org> wrote: > > > > From: Peter Marko <peter.marko@siemens.com> > > > > Pick commits from https://github.com/libexpat/libexpat/pull/915 > > > > Not picking test is suboptimal, but test structure was changed meanwhile > > so we'd have to invent new code. > > Skipping tests was already done in previous expat/kirkstone CVE patches. > > > > Signed-off-by: Peter Marko <peter.marko@siemens.com> > > --- > > v2: fixed upstream patch lik in CVE-2024-50602-01.patch > > > > .../expat/expat/CVE-2024-50602-01.patch | 56 +++++++++++++++++++ > > .../expat/expat/CVE-2024-50602-02.patch | 38 +++++++++++++ > > 2 files changed, 94 insertions(+) > > create mode 100644 meta/recipes-core/expat/expat/CVE-2024-50602- > 01.patch > > create mode 100644 meta/recipes-core/expat/expat/CVE-2024-50602- > 02.patch > > > > diff --git a/meta/recipes-core/expat/expat/CVE-2024-50602-01.patch > b/meta/recipes-core/expat/expat/CVE-2024-50602-01.patch > > new file mode 100644 > > index 0000000000..18dc392f67 > > --- /dev/null > > +++ b/meta/recipes-core/expat/expat/CVE-2024-50602-01.patch > > @@ -0,0 +1,56 @@ > > +From 51c7019069b862e88d94ed228659e70bddd5de09 Mon Sep 17 00:00:00 > 2001 > > +From: Sebastian Pipping <sebastian@pipping.org> > > +Date: Mon, 21 Oct 2024 01:42:54 +0200 > > +Subject: [PATCH 1/2] lib: Make XML_StopParser refuse to stop/suspend an > > + unstarted parser > > + > > +CVE: CVE-2024-50602 > > +Upstream-Status: Backport > [https://github.com/libexpat/libexpat/commit/51c7019069b862e88d94ed228659 > e70bddd5de09] > > +Signed-off-by: Peter Marko <peter.marko@siemens.com> > > +--- > > + expat/lib/expat.h | 4 +++- > > + expat/lib/xmlparse.c | 6 ++++++ > > + 2 files changed, 9 insertions(+), 1 deletion(-) > > + > > +diff --git a/expat/lib/expat.h b/expat/lib/expat.h > > +index d0d6015a..3ba61304 100644 > > +--- a/expat/lib/expat.h > > ++++ b/expat/lib/expat.h > > +@@ -127,7 +127,9 @@ enum XML_Error { > > + /* Added in 2.3.0. */ > > + XML_ERROR_NO_BUFFER, > > + /* Added in 2.4.0. */ > > +- XML_ERROR_AMPLIFICATION_LIMIT_BREACH > > ++ XML_ERROR_AMPLIFICATION_LIMIT_BREACH, > > ++ /* Added in 2.6.4. */ > > ++ XML_ERROR_NOT_STARTED, > > + }; > > + > > + enum XML_Content_Type { > > +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c > > +index d9285b21..fa02537f 100644 > > +--- a/expat/lib/xmlparse.c > > ++++ b/expat/lib/xmlparse.c > > +@@ -2189,6 +2189,9 @@ XML_StopParser(XML_Parser parser, XML_Bool > resumable) { > > + if (parser == NULL) > > + return XML_STATUS_ERROR; > > + switch (parser->m_parsingStatus.parsing) { > > ++ case XML_INITIALIZED: > > ++ parser->m_errorCode = XML_ERROR_NOT_STARTED; > > ++ return XML_STATUS_ERROR; > > + case XML_SUSPENDED: > > + if (resumable) { > > + parser->m_errorCode = XML_ERROR_SUSPENDED; > > +@@ -2474,6 +2477,9 @@ XML_ErrorString(enum XML_Error code) { > > + case XML_ERROR_AMPLIFICATION_LIMIT_BREACH: > > + return XML_L( > > + "limit on input amplification factor (from DTD and entities) breached"); > > ++ /* Added in 2.6.4. */ > > ++ case XML_ERROR_NOT_STARTED: > > ++ return XML_L("parser not started"); > > + } > > + return NULL; > > + } > > +-- > > +2.30.2 > > + > > diff --git a/meta/recipes-core/expat/expat/CVE-2024-50602-02.patch > b/meta/recipes-core/expat/expat/CVE-2024-50602-02.patch > > new file mode 100644 > > index 0000000000..e714daade5 > > --- /dev/null > > +++ b/meta/recipes-core/expat/expat/CVE-2024-50602-02.patch > > @@ -0,0 +1,38 @@ > > +From 5fb89e7b3afa1c314b34834fe729cd063f65a4d4 Mon Sep 17 00:00:00 > 2001 > > +From: Sebastian Pipping <sebastian@pipping.org> > > +Date: Mon, 21 Oct 2024 01:46:11 +0200 > > +Subject: [PATCH 2/2] lib: Be explicit about XML_PARSING in XML_StopParser > > + > > +CVE: CVE-2024-50602 > > +Upstream-Status: Backport > [https://github.com/libexpat/libexpat/commit/5fb89e7b3afa1c314b34834fe729c > d063f65a4d4] > > +Signed-off-by: Peter Marko <peter.marko@siemens.com> > > +--- > > + expat/lib/xmlparse.c | 5 ++++- > > + 1 file changed, 4 insertions(+), 1 deletion(-) > > + > > +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c > > +index fa02537f..983f6df0 100644 > > +--- a/expat/lib/xmlparse.c > > ++++ b/expat/lib/xmlparse.c > > +@@ -2202,7 +2202,7 @@ XML_StopParser(XML_Parser parser, XML_Bool > resumable) { > > + case XML_FINISHED: > > + parser->m_errorCode = XML_ERROR_FINISHED; > > + return XML_STATUS_ERROR; > > +- default: > > ++ case XML_PARSING: > > + if (resumable) { > > + #ifdef XML_DTD > > + if (parser->m_isParamEntity) { > > +@@ -2213,6 +2213,9 @@ XML_StopParser(XML_Parser parser, XML_Bool > resumable) { > > + parser->m_parsingStatus.parsing = XML_SUSPENDED; > > + } else > > + parser->m_parsingStatus.parsing = XML_FINISHED; > > ++ break; > > ++ default: > > ++ assert(0); > > + } > > + return XML_STATUS_OK; > > + } > > +-- > > +2.30.2 > > + > > -- > > 2.30.2 > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#206987): > https://lists.openembedded.org/g/openembedded-core/message/206987 > > Mute This Topic: https://lists.openembedded.org/mt/109531698/3620601 > > Group Owner: openembedded-core+owner@lists.openembedded.org > > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub > [steve@sakoman.com] > > -=-=-=-=-=-=-=-=-=-=-=- > >
diff --git a/meta/recipes-core/expat/expat/CVE-2024-50602-01.patch b/meta/recipes-core/expat/expat/CVE-2024-50602-01.patch new file mode 100644 index 0000000000..18dc392f67 --- /dev/null +++ b/meta/recipes-core/expat/expat/CVE-2024-50602-01.patch @@ -0,0 +1,56 @@ +From 51c7019069b862e88d94ed228659e70bddd5de09 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebastian@pipping.org> +Date: Mon, 21 Oct 2024 01:42:54 +0200 +Subject: [PATCH 1/2] lib: Make XML_StopParser refuse to stop/suspend an + unstarted parser + +CVE: CVE-2024-50602 +Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/51c7019069b862e88d94ed228659e70bddd5de09] +Signed-off-by: Peter Marko <peter.marko@siemens.com> +--- + expat/lib/expat.h | 4 +++- + expat/lib/xmlparse.c | 6 ++++++ + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/expat/lib/expat.h b/expat/lib/expat.h +index d0d6015a..3ba61304 100644 +--- a/expat/lib/expat.h ++++ b/expat/lib/expat.h +@@ -127,7 +127,9 @@ enum XML_Error { + /* Added in 2.3.0. */ + XML_ERROR_NO_BUFFER, + /* Added in 2.4.0. */ +- XML_ERROR_AMPLIFICATION_LIMIT_BREACH ++ XML_ERROR_AMPLIFICATION_LIMIT_BREACH, ++ /* Added in 2.6.4. */ ++ XML_ERROR_NOT_STARTED, + }; + + enum XML_Content_Type { +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c +index d9285b21..fa02537f 100644 +--- a/expat/lib/xmlparse.c ++++ b/expat/lib/xmlparse.c +@@ -2189,6 +2189,9 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) { + if (parser == NULL) + return XML_STATUS_ERROR; + switch (parser->m_parsingStatus.parsing) { ++ case XML_INITIALIZED: ++ parser->m_errorCode = XML_ERROR_NOT_STARTED; ++ return XML_STATUS_ERROR; + case XML_SUSPENDED: + if (resumable) { + parser->m_errorCode = XML_ERROR_SUSPENDED; +@@ -2474,6 +2477,9 @@ XML_ErrorString(enum XML_Error code) { + case XML_ERROR_AMPLIFICATION_LIMIT_BREACH: + return XML_L( + "limit on input amplification factor (from DTD and entities) breached"); ++ /* Added in 2.6.4. */ ++ case XML_ERROR_NOT_STARTED: ++ return XML_L("parser not started"); + } + return NULL; + } +-- +2.30.2 + diff --git a/meta/recipes-core/expat/expat/CVE-2024-50602-02.patch b/meta/recipes-core/expat/expat/CVE-2024-50602-02.patch new file mode 100644 index 0000000000..e714daade5 --- /dev/null +++ b/meta/recipes-core/expat/expat/CVE-2024-50602-02.patch @@ -0,0 +1,38 @@ +From 5fb89e7b3afa1c314b34834fe729cd063f65a4d4 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebastian@pipping.org> +Date: Mon, 21 Oct 2024 01:46:11 +0200 +Subject: [PATCH 2/2] lib: Be explicit about XML_PARSING in XML_StopParser + +CVE: CVE-2024-50602 +Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/5fb89e7b3afa1c314b34834fe729cd063f65a4d4] +Signed-off-by: Peter Marko <peter.marko@siemens.com> +--- + expat/lib/xmlparse.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c +index fa02537f..983f6df0 100644 +--- a/expat/lib/xmlparse.c ++++ b/expat/lib/xmlparse.c +@@ -2202,7 +2202,7 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) { + case XML_FINISHED: + parser->m_errorCode = XML_ERROR_FINISHED; + return XML_STATUS_ERROR; +- default: ++ case XML_PARSING: + if (resumable) { + #ifdef XML_DTD + if (parser->m_isParamEntity) { +@@ -2213,6 +2213,9 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable) { + parser->m_parsingStatus.parsing = XML_SUSPENDED; + } else + parser->m_parsingStatus.parsing = XML_FINISHED; ++ break; ++ default: ++ assert(0); + } + return XML_STATUS_OK; + } +-- +2.30.2 +