| Message ID | 20230531223435.2927651-1-nat.bailey@windriver.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-oe] libyang: backport a fix for CVE-2023-26916 | expand |
it does not look like its for master branch. Please prefix subject line with correct release infor to help route it better. On Wed, May 31, 2023 at 3:41 PM Nat Bailey via lists.openembedded.org <nat.bailey=windriver.com@lists.openembedded.org> wrote: > > From: Natasha Bailey <nat.bailey@windriver.com> > > This patch fixes a bug in libyang which could cause a null > pointer dereference from a call to strcmp. > > Since this recipe includes ptests, the tests were run twice > (once before the patch and once after) with the same results: > all tests passing except utest_types, which is skipped. > > Signed-off-by: Natasha Bailey <nat.bailey@windriver.com> > Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> > --- > .../libyang/libyang/CVE-2023-26916.patch | 57 +++++++++++++++++++ > .../libyang/libyang_2.0.164.bb | 1 + > 2 files changed, 58 insertions(+) > create mode 100644 meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch > > diff --git a/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch b/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch > new file mode 100644 > index 000000000..f3af3dbff > --- /dev/null > +++ b/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch > @@ -0,0 +1,57 @@ > +From dc668d296f9f05aeab6315d44cff3208641e3096 Mon Sep 17 00:00:00 2001 > +From: Michal Vasko <mvasko@cesnet.cz> > +Date: Mon, 13 Feb 2023 10:23:13 +0100 > +Subject: [PATCH] schema compile UPDATE do not implement 2 same modules > + > +CVE: CVE-2023-26916 > +Upstream-Status: Backport [https://github.com/CESNET/libyang/commit/dc668d296f9f05aeab6315d44cff3208641e3096] > + > +Refs #1979 > +--- > + src/schema_compile.c | 20 +++++++------------- > + 1 file changed, 7 insertions(+), 13 deletions(-) > + > +diff --git a/src/schema_compile.c b/src/schema_compile.c > +index ed768ba0..68c0d681 100644 > +--- a/src/schema_compile.c > ++++ b/src/schema_compile.c > +@@ -1748,7 +1748,7 @@ lys_has_compiled_import_r(struct lys_module *mod) > + LY_ERR > + lys_implement(struct lys_module *mod, const char **features, struct lys_glob_unres *unres) > + { > +- LY_ERR ret; > ++ LY_ERR r; > + struct lys_module *m; > + > + assert(!mod->implemented); > +@@ -1757,21 +1757,15 @@ lys_implement(struct lys_module *mod, const char **features, struct lys_glob_unr > + m = ly_ctx_get_module_implemented(mod->ctx, mod->name); > + if (m) { > + assert(m != mod); > +- if (!strcmp(mod->name, "yang") && (strcmp(m->revision, mod->revision) > 0)) { > +- /* special case for newer internal module, continue */ > +- LOGVRB("Internal module \"%s@%s\" is already implemented in revision \"%s\", using it instead.", > +- mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>"); > +- } else { > +- LOGERR(mod->ctx, LY_EDENIED, "Module \"%s@%s\" is already implemented in revision \"%s\".", > +- mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>"); > +- return LY_EDENIED; > +- } > ++ LOGERR(mod->ctx, LY_EDENIED, "Module \"%s@%s\" is already implemented in revision \"%s\".", > ++ mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>"); > ++ return LY_EDENIED; > + } > + > + /* set features */ > +- ret = lys_set_features(mod->parsed, features); > +- if (ret && (ret != LY_EEXIST)) { > +- return ret; > ++ r = lys_set_features(mod->parsed, features); > ++ if (r && (r != LY_EEXIST)) { > ++ return r; > + } > + > + /* > +-- > +2.34.1 > + > diff --git a/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb b/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb > index 2817be7c8..7875c1ef7 100644 > --- a/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb > +++ b/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb > @@ -11,6 +11,7 @@ SRCREV = "a0cc89516ab5eca84d01c85309f320a94752a64c" > SRC_URI = "git://github.com/CESNET/libyang.git;branch=master;protocol=https \ > file://libyang-add-stdint-h.patch \ > file://run-ptest \ > + file://CVE-2023-26916.patch \ > " > > S = "${WORKDIR}/git" > -- > 2.34.1 > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#103075): https://lists.openembedded.org/g/openembedded-devel/message/103075 > Mute This Topic: https://lists.openembedded.org/mt/99253028/1997914 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Oops, Nat forgot the branch prefix. Shall she re-send ? ../Randy On 2023-05-31 18:34, Nat Bailey wrote: > From: Natasha Bailey<nat.bailey@windriver.com> > > This patch fixes a bug in libyang which could cause a null > pointer dereference from a call to strcmp. > > Since this recipe includes ptests, the tests were run twice > (once before the patch and once after) with the same results: > all tests passing except utest_types, which is skipped. > > Signed-off-by: Natasha Bailey<nat.bailey@windriver.com> > Signed-off-by: Randy MacLeod<Randy.MacLeod@windriver.com> > --- > .../libyang/libyang/CVE-2023-26916.patch | 57 +++++++++++++++++++ > .../libyang/libyang_2.0.164.bb | 1 + > 2 files changed, 58 insertions(+) > create mode 100644 meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch > > diff --git a/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch b/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch > new file mode 100644 > index 000000000..f3af3dbff > --- /dev/null > +++ b/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch > @@ -0,0 +1,57 @@ > +From dc668d296f9f05aeab6315d44cff3208641e3096 Mon Sep 17 00:00:00 2001 > +From: Michal Vasko<mvasko@cesnet.cz> > +Date: Mon, 13 Feb 2023 10:23:13 +0100 > +Subject: [PATCH] schema compile UPDATE do not implement 2 same modules > + > +CVE: CVE-2023-26916 > +Upstream-Status: Backport [https://github.com/CESNET/libyang/commit/dc668d296f9f05aeab6315d44cff3208641e3096] > + > +Refs #1979 > +--- > + src/schema_compile.c | 20 +++++++------------- > + 1 file changed, 7 insertions(+), 13 deletions(-) > + > +diff --git a/src/schema_compile.c b/src/schema_compile.c > +index ed768ba0..68c0d681 100644 > +--- a/src/schema_compile.c > ++++ b/src/schema_compile.c > +@@ -1748,7 +1748,7 @@ lys_has_compiled_import_r(struct lys_module *mod) > + LY_ERR > + lys_implement(struct lys_module *mod, const char **features, struct lys_glob_unres *unres) > + { > +- LY_ERR ret; > ++ LY_ERR r; > + struct lys_module *m; > + > + assert(!mod->implemented); > +@@ -1757,21 +1757,15 @@ lys_implement(struct lys_module *mod, const char **features, struct lys_glob_unr > + m = ly_ctx_get_module_implemented(mod->ctx, mod->name); > + if (m) { > + assert(m != mod); > +- if (!strcmp(mod->name, "yang") && (strcmp(m->revision, mod->revision) > 0)) { > +- /* special case for newer internal module, continue */ > +- LOGVRB("Internal module \"%s@%s\" is already implemented in revision \"%s\", using it instead.", > +- mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>"); > +- } else { > +- LOGERR(mod->ctx, LY_EDENIED, "Module \"%s@%s\" is already implemented in revision \"%s\".", > +- mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>"); > +- return LY_EDENIED; > +- } > ++ LOGERR(mod->ctx, LY_EDENIED, "Module \"%s@%s\" is already implemented in revision \"%s\".", > ++ mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>"); > ++ return LY_EDENIED; > + } > + > + /* set features */ > +- ret = lys_set_features(mod->parsed, features); > +- if (ret && (ret != LY_EEXIST)) { > +- return ret; > ++ r = lys_set_features(mod->parsed, features); > ++ if (r && (r != LY_EEXIST)) { > ++ return r; > + } > + > + /* > +-- > +2.34.1 > + > diff --git a/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb b/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb > index 2817be7c8..7875c1ef7 100644 > --- a/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb > +++ b/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb > @@ -11,6 +11,7 @@ SRCREV = "a0cc89516ab5eca84d01c85309f320a94752a64c" > SRC_URI = "git://github.com/CESNET/libyang.git;branch=master;protocol=https \ > file://libyang-add-stdint-h.patch \ > file://run-ptest \ > +file://CVE-2023-26916.patch \ > " > > S = "${WORKDIR}/git"
On 6/1/23 1:48 PM, Randy MacLeod wrote: > Oops, Nat forgot the branch prefix. > > Shall she re-send ? No need. I moved it to the correct folder. thanks for highlighting it. -armin > > ../Randy > > On 2023-05-31 18:34, Nat Bailey wrote: >> From: Natasha Bailey<nat.bailey@windriver.com> >> >> This patch fixes a bug in libyang which could cause a null >> pointer dereference from a call to strcmp. >> >> Since this recipe includes ptests, the tests were run twice >> (once before the patch and once after) with the same results: >> all tests passing except utest_types, which is skipped. >> >> Signed-off-by: Natasha Bailey<nat.bailey@windriver.com> >> Signed-off-by: Randy MacLeod<Randy.MacLeod@windriver.com> >> --- >> .../libyang/libyang/CVE-2023-26916.patch | 57 +++++++++++++++++++ >> .../libyang/libyang_2.0.164.bb | 1 + >> 2 files changed, 58 insertions(+) >> create mode 100644 meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch >> >> diff --git a/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch b/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch >> new file mode 100644 >> index 000000000..f3af3dbff >> --- /dev/null >> +++ b/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch >> @@ -0,0 +1,57 @@ >> +From dc668d296f9f05aeab6315d44cff3208641e3096 Mon Sep 17 00:00:00 2001 >> +From: Michal Vasko<mvasko@cesnet.cz> >> +Date: Mon, 13 Feb 2023 10:23:13 +0100 >> +Subject: [PATCH] schema compile UPDATE do not implement 2 same modules >> + >> +CVE: CVE-2023-26916 >> +Upstream-Status: Backport [https://github.com/CESNET/libyang/commit/dc668d296f9f05aeab6315d44cff3208641e3096] >> + >> +Refs #1979 >> +--- >> + src/schema_compile.c | 20 +++++++------------- >> + 1 file changed, 7 insertions(+), 13 deletions(-) >> + >> +diff --git a/src/schema_compile.c b/src/schema_compile.c >> +index ed768ba0..68c0d681 100644 >> +--- a/src/schema_compile.c >> ++++ b/src/schema_compile.c >> +@@ -1748,7 +1748,7 @@ lys_has_compiled_import_r(struct lys_module *mod) >> + LY_ERR >> + lys_implement(struct lys_module *mod, const char **features, struct lys_glob_unres *unres) >> + { >> +- LY_ERR ret; >> ++ LY_ERR r; >> + struct lys_module *m; >> + >> + assert(!mod->implemented); >> +@@ -1757,21 +1757,15 @@ lys_implement(struct lys_module *mod, const char **features, struct lys_glob_unr >> + m = ly_ctx_get_module_implemented(mod->ctx, mod->name); >> + if (m) { >> + assert(m != mod); >> +- if (!strcmp(mod->name, "yang") && (strcmp(m->revision, mod->revision) > 0)) { >> +- /* special case for newer internal module, continue */ >> +- LOGVRB("Internal module \"%s@%s\" is already implemented in revision \"%s\", using it instead.", >> +- mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>"); >> +- } else { >> +- LOGERR(mod->ctx, LY_EDENIED, "Module \"%s@%s\" is already implemented in revision \"%s\".", >> +- mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>"); >> +- return LY_EDENIED; >> +- } >> ++ LOGERR(mod->ctx, LY_EDENIED, "Module \"%s@%s\" is already implemented in revision \"%s\".", >> ++ mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>"); >> ++ return LY_EDENIED; >> + } >> + >> + /* set features */ >> +- ret = lys_set_features(mod->parsed, features); >> +- if (ret && (ret != LY_EEXIST)) { >> +- return ret; >> ++ r = lys_set_features(mod->parsed, features); >> ++ if (r && (r != LY_EEXIST)) { >> ++ return r; >> + } >> + >> + /* >> +-- >> +2.34.1 >> + >> diff --git a/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb b/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb >> index 2817be7c8..7875c1ef7 100644 >> --- a/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb >> +++ b/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb >> @@ -11,6 +11,7 @@ SRCREV = "a0cc89516ab5eca84d01c85309f320a94752a64c" >> SRC_URI = "git://github.com/CESNET/libyang.git;branch=master;protocol=https \ >> file://libyang-add-stdint-h.patch \ >> file://run-ptest \ >> +file://CVE-2023-26916.patch \ >> " >> >> S = "${WORKDIR}/git" > > > -- > # Randy MacLeod > # Wind River Linux
diff --git a/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch b/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch new file mode 100644 index 000000000..f3af3dbff --- /dev/null +++ b/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch @@ -0,0 +1,57 @@ +From dc668d296f9f05aeab6315d44cff3208641e3096 Mon Sep 17 00:00:00 2001 +From: Michal Vasko <mvasko@cesnet.cz> +Date: Mon, 13 Feb 2023 10:23:13 +0100 +Subject: [PATCH] schema compile UPDATE do not implement 2 same modules + +CVE: CVE-2023-26916 +Upstream-Status: Backport [https://github.com/CESNET/libyang/commit/dc668d296f9f05aeab6315d44cff3208641e3096] + +Refs #1979 +--- + src/schema_compile.c | 20 +++++++------------- + 1 file changed, 7 insertions(+), 13 deletions(-) + +diff --git a/src/schema_compile.c b/src/schema_compile.c +index ed768ba0..68c0d681 100644 +--- a/src/schema_compile.c ++++ b/src/schema_compile.c +@@ -1748,7 +1748,7 @@ lys_has_compiled_import_r(struct lys_module *mod) + LY_ERR + lys_implement(struct lys_module *mod, const char **features, struct lys_glob_unres *unres) + { +- LY_ERR ret; ++ LY_ERR r; + struct lys_module *m; + + assert(!mod->implemented); +@@ -1757,21 +1757,15 @@ lys_implement(struct lys_module *mod, const char **features, struct lys_glob_unr + m = ly_ctx_get_module_implemented(mod->ctx, mod->name); + if (m) { + assert(m != mod); +- if (!strcmp(mod->name, "yang") && (strcmp(m->revision, mod->revision) > 0)) { +- /* special case for newer internal module, continue */ +- LOGVRB("Internal module \"%s@%s\" is already implemented in revision \"%s\", using it instead.", +- mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>"); +- } else { +- LOGERR(mod->ctx, LY_EDENIED, "Module \"%s@%s\" is already implemented in revision \"%s\".", +- mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>"); +- return LY_EDENIED; +- } ++ LOGERR(mod->ctx, LY_EDENIED, "Module \"%s@%s\" is already implemented in revision \"%s\".", ++ mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>"); ++ return LY_EDENIED; + } + + /* set features */ +- ret = lys_set_features(mod->parsed, features); +- if (ret && (ret != LY_EEXIST)) { +- return ret; ++ r = lys_set_features(mod->parsed, features); ++ if (r && (r != LY_EEXIST)) { ++ return r; + } + + /* +-- +2.34.1 + diff --git a/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb b/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb index 2817be7c8..7875c1ef7 100644 --- a/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb +++ b/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb @@ -11,6 +11,7 @@ SRCREV = "a0cc89516ab5eca84d01c85309f320a94752a64c" SRC_URI = "git://github.com/CESNET/libyang.git;branch=master;protocol=https \ file://libyang-add-stdint-h.patch \ file://run-ptest \ + file://CVE-2023-26916.patch \ " S = "${WORKDIR}/git"