From patchwork Thu Jan 16 13:45:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peng Zhang X-Patchwork-Id: 55665 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8ECAEC02180 for ; Thu, 16 Jan 2025 13:45:20 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.web11.49357.1737035114694235768 for ; Thu, 16 Jan 2025 05:45:14 -0800 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=3111d49cac=peng.zhang1.cn@windriver.com) Received: from pps.filterd (m0250810.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 50GD2q3R021049 for ; Thu, 16 Jan 2025 05:45:14 -0800 Received: from nam12-mw2-obe.outbound.protection.outlook.com (mail-mw2nam12lp2040.outbound.protection.outlook.com [104.47.66.40]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 443mt75e1q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 16 Jan 2025 05:45:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=DgkjQeCDJ2/59W8OSohPnerZ9LXjy9a1Xy1wugSjmz0DQk/kcKJsDj1rYj53KigwXWeEaXx7Y0ceVCTafbsHURmFejoioZqQIPS8jGnqS2vyolAs/O9/XdI7u6bNHZtg2TiO8MZrZDtGbB70FOHgb8CqaO24FGcZl/He30SHJYpJXWufz5GA6M5HK7muJERuL14s8SDUC0in0AGfMlBYc1cW4wup+l/sAVf8MGBXiNFbTMbymAXm+FAFYs6BQ/B0ezhZKIoBIvexatV79MxHGPZRBveCKy8XGu2joCYBMUpmu/Pol0ZvOALovCD5RHoNfcPT6RzdO+eNqDFNi3qa0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dwrZgxYkC+rgvaxy2Y/woLQqW1jaUDRpTk2pa0zNCiw=; b=M3nDey7Q4IMKOepeYjiza9lCZsnOItZJ+nGnfeYcxqopGCKJwQkdbol3Vxz2rBEza9OVtWIHCoaFc6JNY/lTMmNo95yddpy3R90g2FHaBl+buwI8tSY90xxPsgIgptSy593cgNhfwgSIkqIq+CbQ/rdT6HZkNt13IXd/WJzABkxSrTp2bfi85xCkEbccGCwAOvU443LZ1SjOkjBj3Nn3Elyq0+SFqSH7/Jn4Us+BjdT9Lq0lrl1VCGzceoiDwLwhtOAWngzkgZL6q7aHOg4yNOs30JHho4oX7FbrJcaYKTI5XrKWJfkTRPVIRzUmJtXVnt5d84qK3sRdwLRv7QGXOA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) by DS0PR11MB7444.namprd11.prod.outlook.com (2603:10b6:8:146::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.12; Thu, 16 Jan 2025 13:45:11 +0000 Received: from CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f]) by CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f%7]) with mapi id 15.20.8356.010; Thu, 16 Jan 2025 13:45:11 +0000 From: peng.zhang1.cn@windriver.com To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 1/2] glade: fix CVE-2020-36774 Date: Thu, 16 Jan 2025 21:45:00 +0800 Message-Id: <20250116134501.348974-1-peng.zhang1.cn@windriver.com> X-Mailer: git-send-email 2.34.1 X-ClientProxiedBy: TY2PR06CA0024.apcprd06.prod.outlook.com (2603:1096:404:42::36) To CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PR11MB8562:EE_|DS0PR11MB7444:EE_ X-MS-Office365-Filtering-Correlation-Id: 7d706857-bd25-43b7-b587-08dd3633ff27 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|52116014|366016|376014|1800799024|38350700014; X-Microsoft-Antispam-Message-Info: zvNqPwCibm3lpa1xP3acwsM023Vomm7IpCJsTg9TFkBK0M9H5UxZMZHbTr9lbB0YydGYHgCzn7Ia7fF3fgXwD4HfXiZXjmqC6agjWgMrjx38wS7/K41JzT+HvwOsMeOD+X5cSb0h1UAPBBGQhozSB1ptolF1mBtKRFoVLC0zia64CnwzPuNXRVVtdWiXSPgit1FU9WWUVRnlwsnhU9nPcrAShQjkuj+3JMB+MqFOIz2/e2fCD1nJangDBvyyXOu0z8x696wIWaMsbkTm7C7cAxGuNAJXuB7FCydJzG3Q2xft3yFr0+F++bwLdhY5ogAWcSG3o8gZ087PdXRO6QIFn6nT+e897fDFq3WbBwyckcxQF8FwBf89NiP8DfH85BlCG/rqdfcBHotNmJkWjg/jDgQS9BZfPS4kCnAPVnmtlHNNcJF+/CJuERWezV+px4q3rEQF+yGeOjtZ4/Y9VVjJROtUAylWjdXv/gbT1nfO5bo+5G7Yy0sdsB+360uMRY/d8Xct87urPqPgB3/A15AyvsGWhI9GkKsAtqnOnuVGxP4bDT1O1B4UWoCiEDNutyE4M9S1PP+6ZiVscdaMXkgSLczzHjX0okfD9+QjqnuQZlTv5IvYSoT6Iw3b8I0pGmqETm+sn3dct7q+TktwKC79JlmCoyExYlPnMwlBrsv1aU5Bsf+KwYj6PmmEj6WXpKHFNe2mBLVX9HgQXYujbVVTpLHVrtcSOV48NF+xtMD5Ajqpacx1TU7XVXFdJ6W/6+enmQtPUkrgtGRsp8K5KuppFL5yH1YqdRGyW0ynt/yq6eP2JqPAuoPse6fO7/ZH5WC5YVVxM048ra1bHIcqTJtJBDc/Jnwsh5vWbsjwwLOQlnktE2rKI1fvvxdAOvpJI2Y+bSMn/2+QnotZVWJkp2uocPLkWk8mdU6ER7j2fYod/0syHV+Y+aakvhp9lsc33/qr84L1b/scSFeZS35mQ1rfliSgfeUFMqnDcnrW+Cm5MYXojAYIBXNCGsQ8MZGFbms0AtL3ZGY0CxWtmm6y2YEy1FArNDD7WsQb11xid8/BfZL7iNwZk+LMQ47pCwK02GdBmmLJpBvD1+T2pWXjDcxNBZx9SJ6MYPjGvA5T7oLrbySSpOfmh9LOWLIwI1pljDHTCcTzPIeOIJGm+8j2cLiOQXH0HgQz/9a8jc0WeBsEsoiotvcdwedEdWZHs85w5NJwklgLtKC79nUIQfLsrHC8N7kynY5oaChSXNjI0yRU0uCs1I9iUd8M72cjqLEdYLPm4knmmEga/gnwGi+CHg2WE3gboHIjyuMOwv9xVTLaHz+AhaOW7IpQcQlVg3OenqAZUlxXyAenu6mRSD1BVHiD4XR4Yd2alXznVhgkVG+NSdnk0owvWnMYnRWThc/yaBAxt2KUk8GojMAdC7ONqbFxaQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR11MB8562.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(52116014)(366016)(376014)(1800799024)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: U5/waQF/uqs2NW+4qGbQ0o51vHuMdFWVfs1ttup0o1uG4YCi1VRJ66C8SSIsRlE/I9rsht9mhyNeRqdOo7xBy0tcj3ht/rh/gTJGFBrMbY7AJp7kdUSM+sJJaUkVFsq7NrRU+eEtHHYJiPZV4p6WJttrcFzruf3ECxsCULUwWPy8V/+Lic/+A9HWHmcnPyhxFjR71aNCPEv7eH+i3WTxQRvS956cWATKyfvgQrN3QxV2fRZcBuUZNtyIm8YXyBPiqPPMwCSxpj/QA2yzQnbKz16mcqhTD6PEV13tcREkBV3+aMuwYijDUCfQSjZLleX6JbnwjQe5CXY5huXCUkGsPTV3A0teK8TAInUv3P6as5gWL0NYTPcpI6+7/omdVvwXx37u4z3YWDVGFh1OXYFs52sUsB9MWem7g1rJRmOovlzt7bttB/MTzu091yZ55Q6V87642GYYmRMlTLVGxRmWdQgYjcKFI3Ow7wA4bHS3gSX7H8mx8/X6joPUZCiajZlkcGVlYQF8R+9lVW9SeYDjil7fCKPpZWLHxbYggC9Nb2SL1jAq0LvnrCzgRfxaG7324NhdwLSYF4DZIzLl5o5P0WvOAe7lA//g35fC6+Z3A13M8tFWdf325Q7Zo3en6MyrILIHyY46OWWYcw1om7oksYwKMcJZq7cVMXLS6nPI7OGj8ipfUKKqG0ZsYK25vQUO50unk6AHZDBeBuE9+0rGEXBp4PVq7Wd4EHJ1/MJaAGyPphvMBm9mjpt3kdADf5+pNqOXPDn8kPKI1H4QiGjgWctnadCyOKP95IfmvWbwScT0p6WbFZLwhdyJokzkzkUFIlaGIX8TFQpzCa1wb8cMfcd1TR6/DawlYvX9X9xGMLgqYMlSYUejOAPTm0hV7w1OCM0JwJh89ILdOl8+wwPHubrlhLqtDNYKYlbUmNrLt11N+ZDYxUtmlLQ+VCBIl1CTAC9vVhmf5R/2L+kuxFOb4kLQs2CgHyZE0rDdYb40QJ3i8Vborsefb4LCFN5FVcs2FpYQjROYhP5F0+kXtBNdGWsVAm1i7zxNhFcj47ojEiZhNqiHVJaffdux1KppNLnL5ZLK4qEUu0yn73Q2O0Orf0WULg6+mtnbbLjR06jQqWRwGJzs0oaXA8Sf+7njmDq+XLvYkzkuXweMxkteoOeYZCH7Q15y6AgGT7P+vu45Mb8R4gBUtXVV65G/4Gh6OoeA+s/CtfgBCdXAj0EqJOxzBWzaMak6Q0I48fc0oyWBGQBpPtpTfIuv1Pr4SxbYB1QysztOyD/pOwq0DdppLnYbtfKaUOxsgwnkX0ezX9RzvvaFD4CpRobmttEtIqUH7OqP/u6Zwke/JKGy4uIjTpfpcXDyC1mmUQuHLPetCCkgfbK5856ZmLpRkKpB8Ste4VchU76sQ5cvcCrkErNwqd8/P5h3gVoDN2puT1MinJvNp4CtHfgSJc4LOw9LDCPo3qim4NaHeBZAeCCJts/YvsSqMp99aTG+xj1mwK36Pfkck+DjR6J/QYbgF5pZT9d8DDuWqUR3rzM7hKqXnvIrAIgDiRoJVolyQmY7HUzhcrlK4bWbcxKWr7/T2QEIyqriZpRioc42vwhJiT765GxX+uNP2A== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7d706857-bd25-43b7-b587-08dd3633ff27 X-MS-Exchange-CrossTenant-AuthSource: CH3PR11MB8562.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Jan 2025 13:45:11.0142 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: RIciFZXYp8DspGMKdLJS7fJM3mJr6+wsNVN8KUXMNp17UDz/wkxK+tHDEKdCvRkOckV0npJ5sLP8YArChJdyjIODk9350Gg+VbcFXHcT+LM= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR11MB7444 X-Proofpoint-ORIG-GUID: KBuxbdFoKmKbu9GweMeadHEMiK4ZrdFX X-Authority-Analysis: v=2.4 cv=SeoNduRu c=1 sm=1 tr=0 ts=67890d6a cx=c_pps a=+kc2f53xTGsvuL7uaCOpcA==:117 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19 a=xqWC_Br6kY4A:10 a=VdSt8ZQiCzkA:10 a=bRTqI5nwn0kA:10 a=PYnjg3YJAAAA:8 a=GHR8O2WEAAAA:20 a=n1dRnMMuAAAA:20 a=t7CeM3EgAAAA:8 a=pGLkceISAAAA:8 a=Vw2-W0St5DFLPkctPREA:9 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-GUID: KBuxbdFoKmKbu9GweMeadHEMiK4ZrdFX X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-01-16_05,2025-01-16_01,2024-11-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 clxscore=1015 mlxlogscore=999 mlxscore=0 impostorscore=0 priorityscore=1501 lowpriorityscore=0 bulkscore=0 malwarescore=0 phishscore=0 suspectscore=0 adultscore=0 classifier=spam authscore=0 adjust=0 reason=mlx scancount=1 engine=8.21.0-2411120000 definitions=main-2501160104 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 16 Jan 2025 13:45:20 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/114913 From: Zhang Peng CVE-2020-36774: plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash). Reference: [https://nvd.nist.gov/vuln/detail/CVE-2020-36774] Upstream patches: [https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17] Signed-off-by: Zhang Peng --- .../glade/glade/CVE-2020-36774.patch | 54 +++++++++++++++++++ .../recipes-devtools/glade/glade_3.22.2.bb | 1 + 2 files changed, 55 insertions(+) create mode 100644 meta-oe/recipes-devtools/glade/glade/CVE-2020-36774.patch diff --git a/meta-oe/recipes-devtools/glade/glade/CVE-2020-36774.patch b/meta-oe/recipes-devtools/glade/glade/CVE-2020-36774.patch new file mode 100644 index 000000000..5049b44e5 --- /dev/null +++ b/meta-oe/recipes-devtools/glade/glade/CVE-2020-36774.patch @@ -0,0 +1,54 @@ +From 7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17 Mon Sep 17 00:00:00 2001 +From: Juan Pablo Ugarte +Date: Fri, 2 Oct 2020 16:08:23 -0300 +Subject: [PATCH] GladeGtkBox: fix glade_gtk_box_post_create + +Some widgets with contruct properties like GtkMessageDialog get +rebuilt right after they are created on project loading so we need +to check glade_project_is_loading() intead of GLADE_CREATE_LOAD +and use the object ad the connect data to make sure it gets disconected +if it was the object being rebuilt + +Fix issue #479 "Glade 3.36.0 segfaults when opening a file" + +CVE: CVE-2020-36774 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17] + +Signed-off-by: Peng Zhang +--- + plugins/gtk+/glade-gtk-box.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/plugins/gtk+/glade-gtk-box.c b/plugins/gtk+/glade-gtk-box.c +index 0c157a6d..a0252b6a 100644 +--- a/plugins/gtk+/glade-gtk-box.c ++++ b/plugins/gtk+/glade-gtk-box.c +@@ -58,9 +58,9 @@ glade_gtk_box_create_editable (GladeWidgetAdaptor *adaptor, + } + + static void +-glade_gtk_box_parse_finished (GladeProject * project, GladeWidget *gbox) ++glade_gtk_box_parse_finished (GladeProject *project, GObject *box) + { +- GObject *box = glade_widget_get_object (gbox); ++ GladeWidget *gbox = glade_widget_get_from_gobject (box); + + glade_widget_property_set (gbox, "use-center-child", + gtk_box_get_center_widget (GTK_BOX (box)) != NULL); +@@ -87,11 +87,11 @@ glade_gtk_box_post_create (GladeWidgetAdaptor *adaptor, + g_signal_connect (G_OBJECT (gwidget), "configure-end", + G_CALLBACK (glade_gtk_box_configure_end), container); + +- if (reason == GLADE_CREATE_LOAD) ++ if (glade_project_is_loading (project)) + { + g_signal_connect_object (project, "parse-finished", + G_CALLBACK (glade_gtk_box_parse_finished), +- gwidget, 0); ++ container, 0); + } + } + +-- +GitLab + diff --git a/meta-oe/recipes-devtools/glade/glade_3.22.2.bb b/meta-oe/recipes-devtools/glade/glade_3.22.2.bb index d11751a4b..4a1c5fc8a 100644 --- a/meta-oe/recipes-devtools/glade/glade_3.22.2.bb +++ b/meta-oe/recipes-devtools/glade/glade_3.22.2.bb @@ -17,6 +17,7 @@ ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" SRC_URI = "http://ftp.gnome.org/pub/GNOME/sources/glade/3.22/glade-${PV}.tar.xz \ file://remove-yelp-help-rules-var.patch \ + file://CVE-2020-36774.patch \ " SRC_URI[md5sum] = "c074fa378c8f1ad80d20133c4ae6f42d" SRC_URI[sha256sum] = "edefa6eb24b4d15bd52589121dc109bc08c286157c41288deb74dd9cc3f26a21" From patchwork Thu Jan 16 13:45:01 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peng Zhang X-Patchwork-Id: 55666 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8B7EFC02183 for ; Thu, 16 Jan 2025 13:45:30 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.web10.49031.1737035115114876043 for ; Thu, 16 Jan 2025 05:45:15 -0800 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=3111d49cac=peng.zhang1.cn@windriver.com) Received: from pps.filterd (m0250810.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 50GD2q3S021049 for ; Thu, 16 Jan 2025 05:45:15 -0800 Received: from nam12-mw2-obe.outbound.protection.outlook.com (mail-mw2nam12lp2040.outbound.protection.outlook.com [104.47.66.40]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 443mt75e1q-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 16 Jan 2025 05:45:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=oR8/4DBe0BcSrYVbYEj2QOyjBdZfrBPHWD3OrtwqUrzwIeAyiSLSTnfzm28iKAvwRNlv9rJsLsCBmnPh1gaagm7m7hbWKbRHxHbcLvvtBV3BBt6o5KihRcrf0o05keDaPw4PF+9ocn92sNz5XqnhMMoHxH7As/53QZmgxH6XoaCPs9pVpIUFpu/J2OAjlg1aaIOuECHyUTC9I4LxPgTXWqxB0UFy7sr/no9/YTV1BfiEIezP13y+rHJM7IS1aov1LaiHjjv0Tpyo86v1CUL2Xv/+FGmZMNy0UZHGl7VCR0PRAOt5wai0NnPO7VFcY0aV+LtoLjUkjV8SXD6t1t3EIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dkSrl6++cQBCwkF65TolIb+sYAhhk1otaeN7plFWPg0=; b=yq4z9V04Tq8EX30NPLLztCiqhRU4EFwXJjB055/fxs8y6zBZXT4YR5SfE5lhsIUq5dRVaAUGuPWHXHfm6VPiAg42SyLolG2JndpAFHuVcqwkC3yIKIhf4gSAJv/Wzxd6ydV/eJ5hCQt40PNhzoxKmT0u1QOgVtEE4woRnZOiFMzO34t2i/02pIIy0BrXWa8Zmb5SNEbDiGMXENZSgD6W5EjWH9QQe0PAD1Ic/qESpS9gcik9iLmueF4xyrtIjPp4sRkNpMVJh0LVfaEDRBw6dxfyHBJgZF95i+FX2ac/7OaBRYkwQOm7VIMtlcfRLsJpxQODsA0QQl9ztyXHMp24VQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) by DS0PR11MB7444.namprd11.prod.outlook.com (2603:10b6:8:146::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.12; Thu, 16 Jan 2025 13:45:12 +0000 Received: from CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f]) by CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f%7]) with mapi id 15.20.8356.010; Thu, 16 Jan 2025 13:45:12 +0000 From: peng.zhang1.cn@windriver.com To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 2/2] opensc: fix CVE-2024-8443 Date: Thu, 16 Jan 2025 21:45:01 +0800 Message-Id: <20250116134501.348974-2-peng.zhang1.cn@windriver.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250116134501.348974-1-peng.zhang1.cn@windriver.com> References: <20250116134501.348974-1-peng.zhang1.cn@windriver.com> X-ClientProxiedBy: TY2PR06CA0024.apcprd06.prod.outlook.com (2603:1096:404:42::36) To CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PR11MB8562:EE_|DS0PR11MB7444:EE_ X-MS-Office365-Filtering-Correlation-Id: e406b434-5c3f-450a-b697-08dd3633ffd3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|52116014|366016|376014|1800799024|38350700014; X-Microsoft-Antispam-Message-Info: =?utf-8?q?ZhGgLzxFkCe/RRO1yr04FnKWxqQnnVu?= =?utf-8?q?fou0Zku/IGkrpTSDEvjdLii9ll3xZNMc4zvCauNIGWfa8MsTmQclP4PIMuTsBwo1T?= =?utf-8?q?4U94Wa3DJg2H123j7VjEk1UYG7I49AU9D4QM0Q7W/aAABsjwZHTiN/ikPjvT1XoKH?= =?utf-8?q?PhzMFFy0SkDYNwt8TotprAENwYVRM2KjqmzJ9USOFA3FdZliuy2Dg3Dpk0vQz9xy3?= =?utf-8?q?u0IFrEmQfw2uAM7CjHbt7dg6Qb/64LehBQI1xpJcwzZ+k8u45yjbsd5qar91tonFI?= =?utf-8?q?zIBwISLzG/TCeT11Ac0YjUIBVQTjUyg1hSWpACxIRxaWDLwD5Y3w2j+3UmF1ED51S?= =?utf-8?q?pNv/ZwULJcF10XY4KJaybwrf0HxbeJjpw/aHJlYKP8wm36L22HqxK1tA1oURwwuni?= =?utf-8?q?A2wbsEr8Q4SUwVDlqlaty930qejXv/I8CxP7Fr6VgWtzh46ZVHGL9Im5GYyKnkIqo?= =?utf-8?q?mLpWb8HEfqrpJwKuD0XmCgQueHKMfxUUsZKkx+iDKc9f8lFmR4iAmfLct5QQR2e7f?= =?utf-8?q?04MH579eMfCJgETDHMkUrMgaLG60NJ1iYlC66dV4ipl/NHEsujiHWzLtdzcFuuoFI?= =?utf-8?q?GdWxZ8PK0X56Q609u9HA4aIFAkRM1qgtYcPDBhI+owLq7ecpWmTpVvEFOsG3JZEtP?= =?utf-8?q?cyF6cgl9bMu7yJ/14sAD3XGumP32k7Op1XiwxfBG2S3VOYFv9ItYI6Y3FSZ/OElJt?= =?utf-8?q?VSdjbiluMvU6+RKLJ9fDke92DSEp/cNse8cYxoehbzDgQs3SvHf6Y77CIb0RtBGTT?= =?utf-8?q?5OiYq5q4SD+Z7ZbGyEwYEyk0LqyZDz3U6PEabf+N9KNF6EoT23WC0f0Qo3X73mxEA?= =?utf-8?q?bIzsER3qE/tMVktZZXIOyEHQkVCBcrBr04C47k1hcLA28Li5+g3nRmyyusm+UbiIs?= =?utf-8?q?1eWWn2gtEm2VYRAj9PQlbKvmojkrBnIyZxzbhZhYEStoA6BgnfjuLFczRxw0d2Oni?= =?utf-8?q?VRbhW5AS9Hi4uAdWJiN9z45kJJjEZt+LGgxP8Ml7mB37981hVnvJBfHefKLfOq+ky?= =?utf-8?q?ncLRlfuuR8jfaXbhMyH3eGfC5jp8WGPWOcaC8mJqppPYN+0/3vZ7PDUAzNZpJQs81?= =?utf-8?q?0zb8saxx1mQ16OJ/oylw9yG5eTwnKUelE/kFAsctjUGrrVvCA5w/z9aB/10+pVqpa?= =?utf-8?q?HYSMLD/RoIR4MU6h7Rd9krZnGl1rvFb1MZKKb2i6AQ0Ly1kUqsKjZLmxxQCFZCQ8s?= =?utf-8?q?WONlqfXDFbCZ9f9K3qnBvSXBNwu8GGftAqkGzDPhFglyzRlcG0YmQ7E+b8fvXhngH?= =?utf-8?q?aNHO2ZH0hdOKrMW5tOXe3p69ab8HJehrQMQqg9GbS5U1J8q5F7kDJNroNpCAe868c?= =?utf-8?q?dDACPKNyb1aohV5rGsTS9sqxN2/6YKmNbA=3D=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR11MB8562.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(52116014)(366016)(376014)(1800799024)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?lxEXh8mAOSggMyjdIENKjBt5+/D8?= =?utf-8?q?d7jyK4nMOGwcV+JZO22vxw9HwRN5Rm+ZI4RHz3ScVCee7uc5TbrHgyI2uFKf+wqid?= =?utf-8?q?8swexWlDONveI93eP/SUwfcVtB8r1qGqe6RS9xVMhZ8Z5qgEDpNUfX8JeCfslZATy?= =?utf-8?q?fw+KzqDS0IDBtOpylywswtqBOQvY61CPHqIgKCi1A3WtWwFLXFdGdjx/3iUtlg7AY?= =?utf-8?q?N8tba52P4L7cSL5r9mQbkbKN0zlLR1gYpT+M+7bJtA1bNuPYmten8LWNYTgY+7/BS?= =?utf-8?q?0t+1Qq0S4k0j1OMtTlsBxjKALTTu5HKBuvnGi+UbqGBbhOM53CSid+oBvUacSgZ6l?= =?utf-8?q?itt1pHo/wCQolDFln0yh063505X63Xz+RldtZWiUKrjNO87uWT+l0/cMgmXDYldtg?= =?utf-8?q?wjHvss9ouolqXF8seqwz6r9oaxWtsFraX2dqoh5Z7cRJBj+0ljQkZ4zgGb8fVnit3?= =?utf-8?q?oIWlVuFbyk7pY/A8zPB9k8o+6dB4xZ9t6Ul8zPEUvzRJWf4oqRVL6l+UBFPjSFjHj?= =?utf-8?q?+3p9hlNNqyrj6U8M5LYf/gm5wsIT16KBeRLsiIHM+jHdjN1m/R+009CMUspNxahdf?= =?utf-8?q?3X2zQzjU+Lm3LXDzBsNrPjurYgFcTnLgiP9CvqZ8FYKWDg1h57A+UrAiF7Kym9/NY?= =?utf-8?q?4YuOsdJldcWrBwDaDFsyW+7/bZZzIfTrlpVq4DLMv7r9b3WHDSc3rSry5rzYrWGjU?= =?utf-8?q?c18MNcnLJVFTf9Ig89MPvCCx9cjC8ntBIHlWq0PhvvcFvq2MtNMPYt8QJ5+iihUNL?= =?utf-8?q?Rauq7ZJSwfyD4m8GZw1Lp1+PEmljUGC8u9NQZvd55j7QLjeJAPMwbB9qBRQ18xXsm?= =?utf-8?q?ycGCC8IxrVru+YvYv9iRVHaWxVUlEnS7THZwdiIzpG3WT1ygK1c5k5J2u4BUAfsMu?= =?utf-8?q?y/JYP8L5oVtNyD/zE1d/Ni9kn3GFvuTCYat7KIcUd+Vr8q4TxQadPHUy7k7gojBvy?= =?utf-8?q?l8cKsws/USZsp1Otjqhnm6fDJLdCB8Fl/Zo6hf4Gt4QKj//7Q6rFVa/1XrOsZDOfc?= =?utf-8?q?h2vjwqnE8NUHX00RIEv0PgLSqlz0nUkYRgIbC+aReN8W3qY+SlukrKj74GyyY3NNo?= =?utf-8?q?RZioqYpzsSgsgfKcCQ1kxzC8bRJ3bFT5OOyTblIrjcGweDUPgQ43bglFqYXJ/bNy5?= =?utf-8?q?vIwzblg1uXJQXUzB0+5upA+Y1gybCgffJkYn3CgFOdD5FFOUOUOpXGYZTzxsDa37B?= =?utf-8?q?xl+LsQvXy+4edyw7Wl9Xnt2wIJ2zFSX8IDETzMhF5r1yEBhIcqxZheuufq1W4/Puc?= =?utf-8?q?mg+7WFrtaNDSi6uOuCLOBSUPh3MnC2UcYMa2VMaQTEvC6cmhb0otVmUBGtfLVRlmA?= =?utf-8?q?g3NrCneiEu3ia5+WMfoaOGjjjD2IvIhQkB8TuvE7GMPC+V2siqDByzvarOp6ZiLQg?= =?utf-8?q?8D74Mnx5u6nJ7ZAXne2y5cApeLC9tbOOoy8Me1LnC5EOi+WoclbgplEY6D8wpXbZ9?= =?utf-8?q?5e9xIR4EmZNvpZ8hhv4gxxoCAXd48B5iBhMVi17Q8O1i5lYdvZ87a798fJQauVUWd?= =?utf-8?q?pWG8jtx9yn2Gg8LCrIpKn/1ZnjXKSvL2xw=3D=3D?= X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: e406b434-5c3f-450a-b697-08dd3633ffd3 X-MS-Exchange-CrossTenant-AuthSource: CH3PR11MB8562.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Jan 2025 13:45:12.1404 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 2NRjeunX/39bGClyGkQftpGTXatWOg+776Azxg5YUivAEpgdZyFon+98POftuv0GOQU32fStc0YFAGqvTkoj8iJlN+9384kYxQ1NL7nl1SA= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR11MB7444 X-Proofpoint-ORIG-GUID: 6ndl-s6Lkhe_wcroQeSDBWbi3-Lquh-m X-Authority-Analysis: v=2.4 cv=SeoNduRu c=1 sm=1 tr=0 ts=67890d6a cx=c_pps a=+kc2f53xTGsvuL7uaCOpcA==:117 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19 a=xqWC_Br6kY4A:10 a=IkcTkHD0fZMA:10 a=VdSt8ZQiCzkA:10 a=bRTqI5nwn0kA:10 a=PYnjg3YJAAAA:8 a=NEAV23lmAAAA:8 a=cm27Pg_UAAAA:8 a=t7CeM3EgAAAA:8 a=20KFwNOVAAAA:8 a=7p7RPr-GalsxoHJJx9wA:9 a=3ZKOabzyN94A:10 a=QEXdDO2ut3YA:10 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-GUID: 6ndl-s6Lkhe_wcroQeSDBWbi3-Lquh-m X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-01-16_05,2025-01-16_01,2024-11-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 clxscore=1015 mlxlogscore=999 mlxscore=0 impostorscore=0 priorityscore=1501 lowpriorityscore=0 bulkscore=0 malwarescore=0 phishscore=0 suspectscore=0 adultscore=0 classifier=spam authscore=0 adjust=0 reason=mlx scancount=1 engine=8.21.0-2411120000 definitions=main-2501160104 X-MIME-Autoconverted: from 8bit to quoted-printable by mx0a-0064b401.pphosted.com id 50GD2q3S021049 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 16 Jan 2025 13:45:30 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/114914 From: Zhang Peng CVE-2024-8443: The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunk_megamenu_bg_image' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note that this was partially fixed in 1.1.0 due to the missing authorization protection that was added. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-8433] Upstream patches: [https://github.com/OpenSC/OpenSC/commit/02e847458369c08421fd2d5e9a16a5f272c2de9e] [https://github.com/OpenSC/OpenSC/commit/b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc] Signed-off-by: Zhang Peng --- .../opensc/files/CVE-2024-8443-0001.patch | 60 +++++++++++++++++++ .../opensc/files/CVE-2024-8443-0002.patch | 55 +++++++++++++++++ .../recipes-support/opensc/opensc_0.25.1.bb | 2 + 3 files changed, 117 insertions(+) create mode 100644 meta-oe/recipes-support/opensc/files/CVE-2024-8443-0001.patch create mode 100644 meta-oe/recipes-support/opensc/files/CVE-2024-8443-0002.patch diff --git a/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0001.patch b/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0001.patch new file mode 100644 index 000000000..7d80aba76 --- /dev/null +++ b/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0001.patch @@ -0,0 +1,60 @@ +From b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Mon, 12 Aug 2024 19:02:14 +0200 +Subject: [PATCH] openpgp: Do not accept non-matching key responses + +When generating RSA key pair using PKCS#15 init, the driver could accept +responses relevant to ECC keys, which made further processing in the +pkcs15-init failing/accessing invalid parts of structures. + +Thanks oss-fuzz! + +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=71010 + +Signed-off-by: Jakub Jelen + +CVE: CVE-2024-8443 +Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc] + +Signed-off-by: Zhang Peng +--- + src/libopensc/card-openpgp.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c +index fad32f0ce..f99ec0db9 100644 +--- a/src/libopensc/card-openpgp.c ++++ b/src/libopensc/card-openpgp.c +@@ -2877,6 +2877,9 @@ pgp_parse_and_set_pubkey_output(sc_card_t *card, u8* data, size_t data_len, + + /* RSA modulus */ + if (tag == 0x0081) { ++ if (key_info->algorithm != SC_OPENPGP_KEYALGO_RSA) { ++ LOG_FUNC_RETURN(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED); ++ } + if ((BYTES4BITS(key_info->u.rsa.modulus_len) < len) /* modulus_len is in bits */ + || key_info->u.rsa.modulus == NULL) { + +@@ -2892,6 +2895,9 @@ pgp_parse_and_set_pubkey_output(sc_card_t *card, u8* data, size_t data_len, + } + /* RSA public exponent */ + else if (tag == 0x0082) { ++ if (key_info->algorithm != SC_OPENPGP_KEYALGO_RSA) { ++ LOG_FUNC_RETURN(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED); ++ } + if ((BYTES4BITS(key_info->u.rsa.exponent_len) < len) /* exponent_len is in bits */ + || key_info->u.rsa.exponent == NULL) { + +@@ -2907,6 +2913,10 @@ pgp_parse_and_set_pubkey_output(sc_card_t *card, u8* data, size_t data_len, + } + /* ECC public key */ + else if (tag == 0x0086) { ++ if (key_info->algorithm != SC_OPENPGP_KEYALGO_ECDSA && ++ key_info->algorithm != SC_OPENPGP_KEYALGO_ECDH) { ++ LOG_FUNC_RETURN(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED); ++ } + /* set the output data */ + /* len is ecpoint length + format byte + * see section 7.2.14 of 3.3.1 specs */ +-- +2.34.1 diff --git a/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0002.patch b/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0002.patch new file mode 100644 index 000000000..30a7e63a7 --- /dev/null +++ b/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0002.patch @@ -0,0 +1,55 @@ +From 02e847458369c08421fd2d5e9a16a5f272c2de9e Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Thu, 15 Aug 2024 11:13:47 +0200 +Subject: [PATCH] openpgp: Avoid buffer overflow when writing fingerprint + +Fix also surrounding code to return error (not just log it) +when some step fails. + +Thanks oss-fuzz + +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70933 + +Signed-off-by: Jakub Jelen + +CVE: CVE-2024-8443 +Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/02e847458369c08421fd2d5e9a16a5f272c2de9e] + +Signed-off-by: Zhang Peng +--- + src/libopensc/card-openpgp.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c +index f99ec0db9..3957440de 100644 +--- a/src/libopensc/card-openpgp.c ++++ b/src/libopensc/card-openpgp.c +@@ -2756,14 +2756,21 @@ pgp_calculate_and_store_fingerprint(sc_card_t *card, time_t ctime, + /* update the blob containing fingerprints (00C5) */ + sc_log(card->ctx, "Updating fingerprint blob 00C5."); + fpseq_blob = pgp_find_blob(card, 0x00C5); +- if (fpseq_blob == NULL) +- LOG_TEST_GOTO_ERR(card->ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot find blob 00C5"); ++ if (fpseq_blob == NULL) { ++ r = SC_ERROR_OUT_OF_MEMORY; ++ LOG_TEST_GOTO_ERR(card->ctx, r, "Cannot find blob 00C5"); ++ } ++ if (20 * key_info->key_id > fpseq_blob->len) { ++ r = SC_ERROR_OBJECT_NOT_VALID; ++ LOG_TEST_GOTO_ERR(card->ctx, r, "The 00C5 blob is not large enough"); ++ } + + /* save the fingerprints sequence */ + newdata = malloc(fpseq_blob->len); +- if (newdata == NULL) +- LOG_TEST_GOTO_ERR(card->ctx, SC_ERROR_OUT_OF_MEMORY, +- "Not enough memory to update fingerprint blob 00C5"); ++ if (newdata == NULL) { ++ r = SC_ERROR_OUT_OF_MEMORY; ++ LOG_TEST_GOTO_ERR(card->ctx, r, "Not enough memory to update fingerprint blob 00C5"); ++ } + + memcpy(newdata, fpseq_blob->data, fpseq_blob->len); + /* move p to the portion holding the fingerprint of the current key */ +-- +2.34.1 diff --git a/meta-oe/recipes-support/opensc/opensc_0.25.1.bb b/meta-oe/recipes-support/opensc/opensc_0.25.1.bb index 74738247b..e41c457fa 100644 --- a/meta-oe/recipes-support/opensc/opensc_0.25.1.bb +++ b/meta-oe/recipes-support/opensc/opensc_0.25.1.bb @@ -15,6 +15,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=cb8aedd3bced19bd8026d96a8b6876d7" SRCREV = "0a4b772d6fdab9bfaaa3123775a48a7cb6c5e7c6" SRC_URI = "git://github.com/OpenSC/OpenSC;branch=stable-0.25;protocol=https \ file://0001-PR-Fixes-for-uninitialized-memory-issues.patch \ + file://CVE-2024-8443-0001.patch \ + file://CVE-2024-8443-0002.patch \ " DEPENDS = "virtual/libiconv openssl"