From patchwork Tue Dec 24 12:44:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Marko X-Patchwork-Id: 54665 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 802FEE77188 for ; Tue, 24 Dec 2024 12:45:23 +0000 (UTC) Received: from mta-65-225.siemens.flowmailer.net (mta-65-225.siemens.flowmailer.net [185.136.65.225]) by mx.groups.io with SMTP id smtpd.web11.32652.1735044319222209266 for ; Tue, 24 Dec 2024 04:45:19 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=peter.marko@siemens.com header.s=fm1 header.b=g1DR1ZrP; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.225, mailfrom: fm-256628-20241224124516e5e97a6aa392be36df-enqcef@rts-flowmailer.siemens.com) Received: by mta-65-225.siemens.flowmailer.net with ESMTPSA id 20241224124516e5e97a6aa392be36df for ; Tue, 24 Dec 2024 13:45:16 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=peter.marko@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To; bh=OKdaboZj+aXRQ3EfGn96WNAbL5XmV+voFz9eN0BqPZo=; b=g1DR1ZrPA1IKwG5EoLrFxOdT7jdNrb/S/9oSOo4X6nSYIKDhO2t/WVyo9QRlomYmQNsFET PZXTWC5DUP6P9KrmbEpNXStgPqmTQdmnWUGOM+GaQra6xKOSaNkBcHxG62Ie56VKjBKzn2Zt /1Dc/HV0j7iJLTOH6KIzaMHIa40W+XDZSrM281UCMZMb704JWLt5dPIFMtytcOKbV6JvduzF PWnczXNZpBkmPmG0D78oHuEWIfn1t6zN1q1/b2WlBr0gUR9YXh02ndXzfE0vsD2z0fBuJoba gWGjb1Sqq/ehT9ooGeTLsJlX0mtfDytZBTA608vTVWChkDfWLBvHFO/w==; From: Peter Marko To: openembedded-devel@lists.openembedded.org Cc: Peter Marko Subject: [meta-webserver][PATCH 1/6] apache2: ignore CVE-1999-1237 Date: Tue, 24 Dec 2024 13:44:12 +0100 Message-Id: <20241224124417.2547005-2-peter.marko@siemens.com> In-Reply-To: <20241224124417.2547005-1-peter.marko@siemens.com> References: <20241224124417.2547005-1-peter.marko@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-256628:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Dec 2024 12:45:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/114542 From: Peter Marko This vulnerability is for Apache-AuthenSmb module. Fixed in 0.9, current version is 0.72. In any case, not part of Apache2 sources. [1] points to [2], which is archived under [3] [1] https://nvd.nist.gov/vuln/detail/CVE-1999-1237 [2] http://www.securityfocus.com/archive/1/14384 [3] https://web.archive.org/web/20020618143426/http://online.securityfocus.com/archive/1/14384 Signed-off-by: Peter Marko --- meta-webserver/recipes-httpd/apache2/apache2_2.4.62.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.62.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.62.bb index bba00fb95c..4db672c9ab 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.62.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.62.bb @@ -39,6 +39,7 @@ CVE_PRODUCT = "apache:http_server" CVE_STATUS[CVE-1999-0289] = "not-applicable-platform: The current version is not affected. It only applies for Windows" CVE_STATUS[CVE-1999-0678] = "not-applicable-platform: this CVE is for Debian packaging configuration" +CVE_STATUS[CVE-1999-1237] = "cpe-incorrect: This is vulnerability of Apache AuthenSmb module, fixed in 0.9" CVE_STATUS[CVE-1999-1412] = "not-applicable-platform: this CVE is for MAC OS X specific problem" CVE_STATUS[CVE-2007-0086] = "disputed: this CVE is officially disputed by Redhat" CVE_STATUS[CVE-2007-0450] = "not-applicable-platform: The current version is not affected. It only applies for Windows." From patchwork Tue Dec 24 12:44:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Marko X-Patchwork-Id: 54664 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7EB3FE7718D for ; Tue, 24 Dec 2024 12:45:23 +0000 (UTC) Received: from mta-65-225.siemens.flowmailer.net (mta-65-225.siemens.flowmailer.net [185.136.65.225]) by mx.groups.io with SMTP id smtpd.web11.32652.1735044319222209266 for ; Tue, 24 Dec 2024 04:45:21 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=peter.marko@siemens.com header.s=fm1 header.b=bxjZA0qM; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.225, mailfrom: fm-256628-20241224124520bdfdf1e200733c1eed-7cqxig@rts-flowmailer.siemens.com) Received: by mta-65-225.siemens.flowmailer.net with ESMTPSA id 20241224124520bdfdf1e200733c1eed for ; Tue, 24 Dec 2024 13:45:21 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=peter.marko@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To; bh=W7dLWwt83B42kjFz04pFpKycE9J2lbP0uD7YOmCUOuM=; b=bxjZA0qMW4shFVgCrPRpKJ6nFYd9agsMD74R/dYrbYX4TF6vFC7t20NuVaDbg0yUMNgLH7 uF20OOV8FxZ98VsAA4szAHtLhmssfOllY3aTKvFf83ZbFgfnOjyp1K+FheJr5aROhPTOJsWa Ew2u/57hYTeDrQllepjaFTEWe0TEHImYZSUENeyGUeADyP6VNkYq31C2D/5TdWlmGxYmOS1e 5HE8A7xgn9N0PXAtVpPrDvic6Pu5qYHRTHM2QcjVqt4nYhnCovOWDtX70jwyFT9lPUTC5RRB X4+9Uf15tbJv6lvPwRqpLJZAk+lP6tCO3t9oW5H9ajwMPJTGwKcYpYbQ==; From: Peter Marko To: openembedded-devel@lists.openembedded.org Cc: Peter Marko Subject: [meta-multimedia][PATCH 2/6] rtmpdump: mark CVE-2015-8270, CVE-2015-8271 and CVE-2015-8272 as fixed Date: Tue, 24 Dec 2024 13:44:13 +0100 Message-Id: <20241224124417.2547005-3-peter.marko@siemens.com> In-Reply-To: <20241224124417.2547005-1-peter.marko@siemens.com> References: <20241224124417.2547005-1-peter.marko@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-256628:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Dec 2024 12:45:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/114543 From: Peter Marko This CVE is marked as fixed by Debian. Extracting Debian jessie Debian sources [1] shows 4 commits uses for backports. All these commits are already included in current hash ([2]-[5]). ../tmp/work/core2-64-poky-linux/rtmpdump/2.4/git$ git log | grep 'commit \(10b580aabcec1621b25518271ba1ab2b018be88e\|...\|4312322107a94c81d3ec5b98f91bc6b923551dc5\)' commit 530f9bb2a02a78c1198fb2bf0293a12d225e4691 commit 4312322107a94c81d3ec5b98f91bc6b923551dc5 commit 39ec7eda489717d503bc4cbfaa591c93205695b6 commit 10b580aabcec1621b25518271ba1ab2b018be88e [1] https://snapshot.debian.org/archive/debian/20170704T094954Z/pool/main/r/rtmpdump/rtmpdump_2.4%2B20150115.gita107cef-1%2Bdeb8u1.debian.tar.xz [2] https://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/10b580aabcec1621b25518271ba1ab2b018be88e [3] https://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/39ec7eda489717d503bc4cbfaa591c93205695b6 [4] https://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/530f9bb2a02a78c1198fb2bf0293a12d225e4691 [5] https://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/4312322107a94c81d3ec5b98f91bc6b923551dc5 Signed-off-by: Peter Marko --- meta-multimedia/recipes-multimedia/rtmpdump/rtmpdump_2.4.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta-multimedia/recipes-multimedia/rtmpdump/rtmpdump_2.4.bb b/meta-multimedia/recipes-multimedia/rtmpdump/rtmpdump_2.4.bb index aa92c58808..47d04af9c1 100644 --- a/meta-multimedia/recipes-multimedia/rtmpdump/rtmpdump_2.4.bb +++ b/meta-multimedia/recipes-multimedia/rtmpdump/rtmpdump_2.4.bb @@ -14,6 +14,10 @@ SRC_URI = " \ S = "${WORKDIR}/git" +CVE_STATUS_GROUPS += "CVES_2015" +CVES_2015 = "CVE-2015-8270 CVE-2015-8271 CVE-2015-8272" +CVES_2015[status] = "fixed-version: patched in current git hash" + inherit autotools-brokensep EXTRA_OEMAKE = " \ From patchwork Tue Dec 24 12:44:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Marko X-Patchwork-Id: 54666 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 83B3CE77188 for ; Tue, 24 Dec 2024 12:45:33 +0000 (UTC) Received: from mta-65-228.siemens.flowmailer.net (mta-65-228.siemens.flowmailer.net [185.136.65.228]) by mx.groups.io with SMTP id smtpd.web10.32710.1735044327863199482 for ; Tue, 24 Dec 2024 04:45:28 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=peter.marko@siemens.com header.s=fm1 header.b=FIGagQOO; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.228, mailfrom: fm-256628-202412241245268bf65653cd4d306ed4-olh_0l@rts-flowmailer.siemens.com) Received: by mta-65-228.siemens.flowmailer.net with ESMTPSA id 202412241245268bf65653cd4d306ed4 for ; Tue, 24 Dec 2024 13:45:26 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=peter.marko@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To; bh=mFuzjFrZQ67llU4F2Jmlk+652oI2AAJowZmv2TBGrog=; b=FIGagQOOJk/qAXupG37rPNg7uguW8mZIqLdQW4imYyPws/dFNclLlaFhABNHri97BNWLGc t36Gq+0stWaVIPLji08ThypXJWQdgse7+DBmzBIOeoFMZSCH/1tLjopSF8jZDaEMMzjfCLte rh6r95OgoYFK0JA5KkBlYEE5XXd5rkyu6PeQrOiEZLvjwVGqqx877NWZFZRHSQMb0mWIUTiQ 6BGGnXb1hlq0yFPZCEWJn6pePs78EW9GuyvlhXcVvZa3Cv0g+J7D0CWHZ64pw5pEk1pjZGPt RY+6qAfDRjYAbMBiYl4mPXpzS5FrzcG/KIEnMH55BcYs/n/Hi6F4+wzA==; From: Peter Marko To: openembedded-devel@lists.openembedded.org Cc: Peter Marko Subject: [meta-multimedia][PATCH 3/6] rtmpdump: add +git to PV Date: Tue, 24 Dec 2024 13:44:14 +0100 Message-Id: <20241224124417.2547005-4-peter.marko@siemens.com> In-Reply-To: <20241224124417.2547005-1-peter.marko@siemens.com> References: <20241224124417.2547005-1-peter.marko@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-256628:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Dec 2024 12:45:33 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/114544 From: Peter Marko We fetch newer hash than 2.4 version. Signed-off-by: Peter Marko --- meta-multimedia/recipes-multimedia/rtmpdump/rtmpdump_2.4.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-multimedia/recipes-multimedia/rtmpdump/rtmpdump_2.4.bb b/meta-multimedia/recipes-multimedia/rtmpdump/rtmpdump_2.4.bb index 47d04af9c1..ba2e5195e9 100644 --- a/meta-multimedia/recipes-multimedia/rtmpdump/rtmpdump_2.4.bb +++ b/meta-multimedia/recipes-multimedia/rtmpdump/rtmpdump_2.4.bb @@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" DEPENDS = "gnutls zlib" +PV .= "+git" SRCREV = "fa8646daeb19dfd12c181f7d19de708d623704c0" SRC_URI = " \ git://git.ffmpeg.org/rtmpdump;branch=master \ From patchwork Tue Dec 24 12:44:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Marko X-Patchwork-Id: 54667 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 81DB8E77188 for ; Tue, 24 Dec 2024 12:45:53 +0000 (UTC) Received: from mta-64-228.siemens.flowmailer.net (mta-64-228.siemens.flowmailer.net [185.136.64.228]) by mx.groups.io with SMTP id smtpd.web10.32715.1735044346327733638 for ; Tue, 24 Dec 2024 04:45:46 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=peter.marko@siemens.com header.s=fm1 header.b=WraM3iE0; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.228, mailfrom: fm-256628-20241224124543a5e7489e126fc35a78-1fvrdq@rts-flowmailer.siemens.com) Received: by mta-64-228.siemens.flowmailer.net with ESMTPSA id 20241224124543a5e7489e126fc35a78 for ; Tue, 24 Dec 2024 13:45:44 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=peter.marko@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To; bh=iJ4FLbnv6MdjsfgG8hie+aI8epkdDLMHzZURN/RKWKY=; b=WraM3iE0X4T5udDwbc0SPcvncnT4p9zjGGnJvkW+lVjYkMtysJG/0275Fz+EQjqMPbmlt1 +W3qmskQIpnsOig6bp6rMjaqazqf57bSCOLGUxRKC6xn5F6xXD6FzQQsk6f0f48ARLBrfD6P oDbM5DE8FfRzUbpVPxXd5EhpL3ZzQEHxYli8dCsvkkzX5ZXNsok8NVv/BHZxULtq0a7P5RPN J8ONWh3arHTAHja4AtINyapm2z/qU1j6XfR3HzC5sEAvaU8MxXK2Cw22YjyrN0Pys6RB1Mca pIeGn/rFE5mfoSHip74gZsE2x0TacFhSFJq5wW2YftyBIGamCWN7f5rQ==; From: Peter Marko To: openembedded-devel@lists.openembedded.org Cc: Peter Marko Subject: [meta-oe][PATCH 4/6] libconfuse: patch CVE-2022-40320 Date: Tue, 24 Dec 2024 13:44:15 +0100 Message-Id: <20241224124417.2547005-5-peter.marko@siemens.com> In-Reply-To: <20241224124417.2547005-1-peter.marko@siemens.com> References: <20241224124417.2547005-1-peter.marko@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-256628:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Dec 2024 12:45:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/114545 From: Peter Marko Pick patch per [1] poiting to [2] pointing to [3]. [1] https://nvd.nist.gov/vuln/detail/CVE-2022-40320 [2] https://github.com/libconfuse/libconfuse/issues/163 [3] https://github.com/libconfuse/libconfuse/commit/d73777c2c3566fb2647727bb56d9a2295b81669b Signed-off-by: Peter Marko --- .../libconfuse/files/CVE-2022-40320.patch | 42 +++++++++++++++++++ .../libconfuse/libconfuse_3.3.bb | 1 + 2 files changed, 43 insertions(+) create mode 100755 meta-oe/recipes-support/libconfuse/files/CVE-2022-40320.patch diff --git a/meta-oe/recipes-support/libconfuse/files/CVE-2022-40320.patch b/meta-oe/recipes-support/libconfuse/files/CVE-2022-40320.patch new file mode 100755 index 0000000000..52296b9c0f --- /dev/null +++ b/meta-oe/recipes-support/libconfuse/files/CVE-2022-40320.patch @@ -0,0 +1,42 @@ +From d73777c2c3566fb2647727bb56d9a2295b81669b Mon Sep 17 00:00:00 2001 +From: Joachim Wiberg +Date: Fri, 2 Sep 2022 16:12:46 +0200 +Subject: [PATCH] Fix #163: unterminated username used with getpwnam() + +Signed-off-by: Joachim Wiberg + +CVE: CVE-2022-40320 +Upstream-Status: Backport [https://github.com/libconfuse/libconfuse/commit/d73777c2c3566fb2647727bb56d9a2295b81669b] +Signed-off-by: Peter Marko +--- + src/confuse.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/src/confuse.c b/src/confuse.c +index 6d1fdbd..05566b5 100644 +--- a/src/confuse.c ++++ b/src/confuse.c +@@ -1872,17 +1872,20 @@ DLLIMPORT char *cfg_tilde_expand(const char *filename) + file = filename + 1; + } else { + /* ~user or ~user/path */ +- char *user; ++ char *user; /* ~user or ~user/path */ ++ size_t len; + + file = strchr(filename, '/'); + if (file == 0) + file = filename + strlen(filename); + +- user = malloc(file - filename); ++ len = file - filename - 1; ++ user = malloc(len + 1); + if (!user) + return NULL; + +- strncpy(user, filename + 1, file - filename - 1); ++ strncpy(user, &filename[1], len); ++ user[len] = 0; + passwd = getpwnam(user); + free(user); + } diff --git a/meta-oe/recipes-support/libconfuse/libconfuse_3.3.bb b/meta-oe/recipes-support/libconfuse/libconfuse_3.3.bb index e6f28c7b69..0e2f1f27b3 100644 --- a/meta-oe/recipes-support/libconfuse/libconfuse_3.3.bb +++ b/meta-oe/recipes-support/libconfuse/libconfuse_3.3.bb @@ -6,6 +6,7 @@ SRC_URI = "https://github.com/libconfuse/libconfuse/releases/download/v${PV}/con SRC_URI[sha256sum] = "3a59ded20bc652eaa8e6261ab46f7e483bc13dad79263c15af42ecbb329707b8" SRC_URI += "file://0001-only-apply-search-path-logic-to-relative-pathnames.patch" +SRC_URI += "file://CVE-2022-40320.patch" inherit autotools-brokensep pkgconfig gettext From patchwork Tue Dec 24 12:44:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Marko X-Patchwork-Id: 54669 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 84897E7718D for ; Tue, 24 Dec 2024 12:46:03 +0000 (UTC) Received: from mta-65-226.siemens.flowmailer.net (mta-65-226.siemens.flowmailer.net [185.136.65.226]) by mx.groups.io with SMTP id smtpd.web10.32716.1735044349808130286 for ; Tue, 24 Dec 2024 04:45:50 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=peter.marko@siemens.com header.s=fm1 header.b=Ok/CSLmY; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.226, mailfrom: fm-256628-20241224124547b47d3b72d2975927d2-okz_67@rts-flowmailer.siemens.com) Received: by mta-65-226.siemens.flowmailer.net with ESMTPSA id 20241224124547b47d3b72d2975927d2 for ; Tue, 24 Dec 2024 13:45:48 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=peter.marko@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To; bh=C38wmnNuQOLG3TX7vSii6qLDCl6sjEr4b5QFJhlDQP4=; b=Ok/CSLmYHReqLMvT0xCSl0VT01VTyO+68BFzQRdI1DhyH7lA+XVqcSO6yIS2S3cb3ujkWo btAFJJLGMaNIxBRHwF7FvKM09Up+04l/sLh6FXovMijQzTq8q6k1K720jvU4NqmOrpip/AgP vUZIs/MnJSHqRM8a8oICic6BHgOIiher7mXI13xJ06Tk64inyP16pb9WMkcu5hZNUorp7DcA 93Ap8GXVbA14/cj9N2gvKGsCfRsbgmKIOBB2fiOpRYZlAhDwtOWvNZ/mwbFfsx7Ab5aIsLP0 0FhMDnPV4QmHowLvJvJw3907bErb77u9YmUsg58RALcJgQBXRoJ3BoIA==; From: Peter Marko To: openembedded-devel@lists.openembedded.org Cc: Peter Marko Subject: [meta-multimedia][PATCH 5/6] opusfile: patch CVE-2022-47021 Date: Tue, 24 Dec 2024 13:44:16 +0100 Message-Id: <20241224124417.2547005-6-peter.marko@siemens.com> In-Reply-To: <20241224124417.2547005-1-peter.marko@siemens.com> References: <20241224124417.2547005-1-peter.marko@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-256628:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Dec 2024 12:46:03 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/114546 From: Peter Marko This patch is mentioned in [1] and [2]. [1] https://nvd.nist.gov/vuln/detail/CVE-2022-47021 [2] https://github.com/xiph/opusfile/issues/36 Signed-off-by: Peter Marko --- .../opusfile/opusfile/CVE-2022-47021.patch | 44 +++++++++++++++++++ .../opusfile/opusfile_0.12.bb | 2 + 2 files changed, 46 insertions(+) create mode 100644 meta-multimedia/recipes-multimedia/opusfile/opusfile/CVE-2022-47021.patch diff --git a/meta-multimedia/recipes-multimedia/opusfile/opusfile/CVE-2022-47021.patch b/meta-multimedia/recipes-multimedia/opusfile/opusfile/CVE-2022-47021.patch new file mode 100644 index 0000000000..48a7cab3f5 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/opusfile/opusfile/CVE-2022-47021.patch @@ -0,0 +1,44 @@ +From 0a4cd796df5b030cb866f3f4a5e41a4b92caddf5 Mon Sep 17 00:00:00 2001 +From: Ralph Giles +Date: Tue, 6 Sep 2022 19:04:31 -0700 +Subject: [PATCH] Propagate allocation failure from ogg_sync_buffer. + +Instead of segfault, report OP_EFAULT if ogg_sync_buffer returns +a null pointer. This allows more graceful recovery by the caller +in the unlikely event of a fallible ogg_malloc call. + +We do check the return value elsewhere in the code, so the new +checks make the code more consistent. + +Thanks to https://github.com/xiph/opusfile/issues/36 for reporting. + +Signed-off-by: Timothy B. Terriberry +Signed-off-by: Mark Harris + +CVE: CVE-2022-47021 +Upstream-Status: Backport [https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5] +Signed-off-by: Peter Marko +--- + src/opusfile.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/opusfile.c b/src/opusfile.c +index ca219b2..3c3c81e 100644 +--- a/src/opusfile.c ++++ b/src/opusfile.c +@@ -148,6 +148,7 @@ static int op_get_data(OggOpusFile *_of,int _nbytes){ + int nbytes; + OP_ASSERT(_nbytes>0); + buffer=(unsigned char *)ogg_sync_buffer(&_of->oy,_nbytes); ++ if(OP_UNLIKELY(buffer==NULL))return OP_EFAULT; + nbytes=(int)(*_of->callbacks.read)(_of->stream,buffer,_nbytes); + OP_ASSERT(nbytes<=_nbytes); + if(OP_LIKELY(nbytes>0))ogg_sync_wrote(&_of->oy,nbytes); +@@ -1527,6 +1528,7 @@ static int op_open1(OggOpusFile *_of, + if(_initial_bytes>0){ + char *buffer; + buffer=ogg_sync_buffer(&_of->oy,(long)_initial_bytes); ++ if(OP_UNLIKELY(buffer==NULL))return OP_EFAULT; + memcpy(buffer,_initial_data,_initial_bytes*sizeof(*buffer)); + ogg_sync_wrote(&_of->oy,(long)_initial_bytes); + } diff --git a/meta-multimedia/recipes-multimedia/opusfile/opusfile_0.12.bb b/meta-multimedia/recipes-multimedia/opusfile/opusfile_0.12.bb index c775cef5a1..9e1d80e8dd 100644 --- a/meta-multimedia/recipes-multimedia/opusfile/opusfile_0.12.bb +++ b/meta-multimedia/recipes-multimedia/opusfile/opusfile_0.12.bb @@ -11,4 +11,6 @@ SRC_URI = "https://downloads.xiph.org/releases/opus/${BP}.tar.gz" SRC_URI[md5sum] = "45e8c62f6cd413395223c82f06bfa8ec" SRC_URI[sha256sum] = "118d8601c12dd6a44f52423e68ca9083cc9f2bfe72da7a8c1acb22a80ae3550b" +SRC_URI += "file://CVE-2022-47021.patch" + inherit autotools pkgconfig From patchwork Tue Dec 24 12:44:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Marko X-Patchwork-Id: 54668 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 82ABAE77188 for ; Tue, 24 Dec 2024 12:46:03 +0000 (UTC) Received: from mta-65-228.siemens.flowmailer.net (mta-65-228.siemens.flowmailer.net [185.136.65.228]) by mx.groups.io with SMTP id smtpd.web11.32658.1735044355836027423 for ; Tue, 24 Dec 2024 04:45:56 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=peter.marko@siemens.com header.s=fm1 header.b=p78F/NTF; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.228, mailfrom: fm-256628-20241224124554158e2c8e87ce5d2a4f-rsuhra@rts-flowmailer.siemens.com) Received: by mta-65-228.siemens.flowmailer.net with ESMTPSA id 20241224124554158e2c8e87ce5d2a4f for ; Tue, 24 Dec 2024 13:45:54 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=peter.marko@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To; bh=9a2JyBwvFbH5PGDp6NhmS82YtgTQbkgvsZMfZe7aS20=; b=p78F/NTFeKf0tKY+OtSGlwxQspteIdKZc+pJpbtDWq2aQKdQTIr3stfJuQQy05Ii7yRLCb RJ33eClvUQ8Fbr2RXN1n3q1VpGnNp8+YN/ULH/2j4zVPKAjgE3a4bPCleH+lRfQOGSUFbQre A9Lmcnpbf0H66xHe42LuXsAxeABpO2ampogDGM1Ga0hP9EnnM1lINr1NmuO9wWKv1xUSvwF9 yssjJE40i6B6D94HoAjeeI4lfk2VVwAvmdWY17JvARMOsm1tz8+X2KOl29rHlTcOxRVAKKtj pIH5AC1NsCFPyK2AS2t4Wpj8pVLGMs0+TaELg//zL3e2kfuVexFNsh+A==; From: Peter Marko To: openembedded-devel@lists.openembedded.org Cc: Peter Marko Subject: [meta-oe][PATCH 6/6] synergy: patch CVE-2020-15117 Date: Tue, 24 Dec 2024 13:44:17 +0100 Message-Id: <20241224124417.2547005-7-peter.marko@siemens.com> In-Reply-To: <20241224124417.2547005-1-peter.marko@siemens.com> References: <20241224124417.2547005-1-peter.marko@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-256628:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 24 Dec 2024 12:46:03 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/114547 From: Peter Marko Pick commit based on [1]. Note that the pick is node from deskflow, which is open-source successor of synergy. If anyone uses thie recipe, it should be switched. [1] https://github.com/deskflow/deskflow/security/advisories/GHSA-chfm-333q-gfpp Signed-off-by: Peter Marko --- .../synergy/synergy/CVE-2020-15117.patch | 48 +++++++++++++++++++ .../recipes-support/synergy/synergy_git.bb | 1 + 2 files changed, 49 insertions(+) create mode 100644 meta-oe/recipes-support/synergy/synergy/CVE-2020-15117.patch diff --git a/meta-oe/recipes-support/synergy/synergy/CVE-2020-15117.patch b/meta-oe/recipes-support/synergy/synergy/CVE-2020-15117.patch new file mode 100644 index 0000000000..4ad2a45275 --- /dev/null +++ b/meta-oe/recipes-support/synergy/synergy/CVE-2020-15117.patch @@ -0,0 +1,48 @@ +From 79efdb7c617b809e1a2daf17441d7a30f7046aa5 Mon Sep 17 00:00:00 2001 +From: Jnewbon <48688400+Jnewbon@users.noreply.github.com> +Date: Tue, 14 Jul 2020 13:14:40 +0100 +Subject: [PATCH] Merge pull request from GHSA-chfm-333q-gfpp + +Attempts to fis DoS to servers with less then 4GB memory + +CVE: CVE-2020-15117 +Upstream-Status: Backport [https://github.com/deskflow/deskflow/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39] +Signed-off-by: Peter Marko +--- + src/lib/synergy/ProtocolUtil.cpp | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/src/lib/synergy/ProtocolUtil.cpp b/src/lib/synergy/ProtocolUtil.cpp +index d9f5dc324..7d2c37ff8 100644 +--- a/src/lib/synergy/ProtocolUtil.cpp ++++ b/src/lib/synergy/ProtocolUtil.cpp +@@ -61,6 +61,9 @@ ProtocolUtil::readf(synergy::IStream* stream, const char* fmt, ...) + catch (XIO&) { + result = false; + } ++ catch (std::bad_alloc & exception) { ++ result = false; ++ } + va_end(args); + return result; + } +@@ -216,7 +219,15 @@ ProtocolUtil::vreadf(synergy::IStream* stream, const char* fmt, va_list args) + // allocate a buffer to read the data + UInt8* sBuffer = buffer; + if (!useFixed) { +- sBuffer = new UInt8[len]; ++ try{ ++ sBuffer = new UInt8[len]; ++ } ++ catch (std::bad_alloc & exception) { ++ // Added try catch due to GHSA-chfm-333q-gfpp ++ LOG((CLOG_ERR "ALLOC: Unable to allocate memory %d bytes", len)); ++ LOG((CLOG_DEBUG "bad_alloc detected: Do you have enough free memory?")); ++ throw exception; ++ } + } + + // read the data +-- +2.30.2 + diff --git a/meta-oe/recipes-support/synergy/synergy_git.bb b/meta-oe/recipes-support/synergy/synergy_git.bb index fb767942fe..2717320886 100644 --- a/meta-oe/recipes-support/synergy/synergy_git.bb +++ b/meta-oe/recipes-support/synergy/synergy_git.bb @@ -10,6 +10,7 @@ DEPENDS = "virtual/libx11 libxtst libxinerama curl openssl" REQUIRED_DISTRO_FEATURES = "x11" SRC_URI = "git://github.com/symless/synergy-core;protocol=https;nobranch=1" +SRC_URI += "file://CVE-2020-15117.patch" # Version 1.10.1-stable SRCREV ?= "1b4c076127687aceac931d269e898beaac1cad9f"