From patchwork Mon Jan 20 17:50:45 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 55854 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2BEA4C02181 for ; Mon, 20 Jan 2025 17:51:15 +0000 (UTC) Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) by mx.groups.io with SMTP id smtpd.web11.42122.1737395471869925951 for ; Mon, 20 Jan 2025 09:51:11 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=y8NuDBHW; spf=softfail (domain: sakoman.com, ip: 209.85.214.177, mailfrom: steve@sakoman.com) Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-216728b1836so79586335ad.0 for ; Mon, 20 Jan 2025 09:51:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737395471; x=1738000271; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=DNDmXefuGj4dvqZDMDsaSLUcVcmXdGiWKUyKTBgqdTM=; b=y8NuDBHWXCkfb8N0erzRwvB5cGZLBET61f2ZjMUvcFP2m9jO/UbWDoL5HvaOEnGrEo 3JXbPwFwMOf3sqvBQBHbP8yIo7r5Of0+o8Z6/k9bk9Oxu8xUZ5RZmmBiidimrMroATg2 TAZrTfVzYfJYMtH+1LAJHron6lVQ8/NymyApjhuTxCV64GfBpUVEMnjcnjUGPlo909Vd zMj0lnZJo3HIz1KvSKoJB6MvIKAyjarHQv3FE8QPydh4fwaLe76gE/IJTjYspO2ukW/c 3/65mGzGfsY6Fcp5fFZdx0PBNZS6Htzn+AAhMHMCiSpHirwSi+H37Sn93AkyzOJhRqKO yb7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737395471; x=1738000271; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DNDmXefuGj4dvqZDMDsaSLUcVcmXdGiWKUyKTBgqdTM=; b=AY6YOHciFXCuSLTWXxmz+SMblxJBjY+8nZ3LC2ohoU63FZwUqHyWr8DM0IGnfqbOxG tCle7/NInIxUI3pI0J77spNH/8pLltgEC6aWQgNzNB9OomlMKWc5mUPLCHr74z7E4vaO uWZ7E1JA3kJx7vhOpCGDGSocL3ZLrAO0vcmLUQJm0+73zL3vhBxV9+tAu4Ho7VycnvcF esWRWom9KQ4cssNf9t6kHa8AmspkTGa+sRhuVziGIhy4hWXD7Q/jBXyuUQ7SJ/09MUUR Xatw9EjqCZ4bxmm9nGr6ow5MfwHxD3Z7KO3U3CdEQExyYFQSpCnSW4S7k2wLbb3GtjmW Ql0g== X-Gm-Message-State: AOJu0YzEUJayAV4vh8es9vlgKTgtH4rhkiKmi0xkgwe08lAOgBuuPzzp acY0zvdf+50L7CEqQB5REMt9vS7LhuCr9djwO/D2aQKyjP7f+DQqTlJ6aQWpC9fKFPlOtTkAgkD paiw= X-Gm-Gg: ASbGncsIh+s3jhpaDOh2ERZQ5hMxF6W2msQgiUr6nDTjZg9o65P6v7EGau6GFk+FJ6m GCibgeocUaoqdqTalhcZgTQF2fMwfze30C/E4cWfR5YX+8cptz5Dl448eXOTJ2TI72iTN/HkfLP 3OjJmkFoA+ItT2sKHu5FCdkY6SOY9UsaUV+Ht48Wz4j5kSqVQmjckdbAhpNjaMyqSjPjDjpV6KU zhWMAI8M9BF4hlTY+qPpWPxOgXW/K9SAopBLCIZAzDNcF47EcldNVciBHk= X-Google-Smtp-Source: AGHT+IHfE/g6bF7z8n60+TuX6p3KwWNOI8eonv4/yTAvYgZCZIK+hgg3FRRH9TeeLAEfcV320mMSYg== X-Received: by 2002:a05:6a21:3388:b0:1e1:a8b7:b45d with SMTP id adf61e73a8af0-1eb2145ffc2mr21467629637.4.1737395471075; Mon, 20 Jan 2025 09:51:11 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-a9bcdcf643esm6155565a12.38.2025.01.20.09.51.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jan 2025 09:51:10 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 01/16] avahi: fix CVE-2024-52616 Date: Mon, 20 Jan 2025 09:50:45 -0800 Message-ID: <7708d0c346b23ab3e687e2a2ca464d77d55cebd7.1737395091.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Jan 2025 17:51:15 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/210045 From: Zhang Peng CVE-2024-52616: A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-52616] [https://github.com/avahi/avahi/security/advisories/GHSA-r9j3-vjjh-p8vm] Upstream patches: [https://github.com/avahi/avahi/commit/f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7] Signed-off-by: Zhang Peng Signed-off-by: Steve Sakoman --- meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 + .../avahi/files/CVE-2024-52616.patch | 104 ++++++++++++++++++ 2 files changed, 105 insertions(+) create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb index 5d1c86978a..b3739ad2c0 100644 --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -35,6 +35,7 @@ SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV} file://CVE-2023-38471-2.patch \ file://CVE-2023-38472.patch \ file://CVE-2023-38473.patch \ + file://CVE-2024-52616.patch \ " UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/" diff --git a/meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch b/meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch new file mode 100644 index 0000000000..a156f98728 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2024-52616.patch @@ -0,0 +1,104 @@ +From f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Mon, 11 Nov 2024 00:56:09 +0100 +Subject: [PATCH] Properly randomize query id of DNS packets + +CVE: CVE-2024-52616 +Upstream-Status: Backport [https://github.com/avahi/avahi/commit/f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7] + +Signed-off-by: Zhang Peng +--- + avahi-core/wide-area.c | 36 ++++++++++++++++++++++++++++-------- + configure.ac | 3 ++- + 2 files changed, 30 insertions(+), 9 deletions(-) + +diff --git a/avahi-core/wide-area.c b/avahi-core/wide-area.c +index 971f5e714..00a15056e 100644 +--- a/avahi-core/wide-area.c ++++ b/avahi-core/wide-area.c +@@ -40,6 +40,13 @@ + #include "addr-util.h" + #include "rr-util.h" + ++#ifdef HAVE_SYS_RANDOM_H ++#include ++#endif ++#ifndef HAVE_GETRANDOM ++# define getrandom(d, len, flags) (-1) ++#endif ++ + #define CACHE_ENTRIES_MAX 500 + + typedef struct AvahiWideAreaCacheEntry AvahiWideAreaCacheEntry; +@@ -84,8 +91,6 @@ struct AvahiWideAreaLookupEngine { + int fd_ipv4, fd_ipv6; + AvahiWatch *watch_ipv4, *watch_ipv6; + +- uint16_t next_id; +- + /* Cache */ + AVAHI_LLIST_HEAD(AvahiWideAreaCacheEntry, cache); + AvahiHashmap *cache_by_key; +@@ -201,6 +206,26 @@ static void sender_timeout_callback(AvahiTimeEvent *e, void *userdata) { + avahi_time_event_update(e, avahi_elapse_time(&tv, 1000, 0)); + } + ++static uint16_t get_random_uint16(void) { ++ uint16_t next_id; ++ ++ if (getrandom(&next_id, sizeof(next_id), 0) == -1) ++ next_id = (uint16_t) rand(); ++ return next_id; ++} ++ ++static uint16_t avahi_wide_area_next_id(AvahiWideAreaLookupEngine *e) { ++ uint16_t next_id; ++ ++ next_id = get_random_uint16(); ++ while (find_lookup(e, next_id)) { ++ /* This ID is already used, get new. */ ++ next_id = get_random_uint16(); ++ } ++ return next_id; ++} ++ ++ + AvahiWideAreaLookup *avahi_wide_area_lookup_new( + AvahiWideAreaLookupEngine *e, + AvahiKey *key, +@@ -227,11 +252,7 @@ AvahiWideAreaLookup *avahi_wide_area_lookup_new( + /* If more than 65K wide area quries are issued simultaneously, + * this will break. This should be limited by some higher level */ + +- for (;; e->next_id++) +- if (!find_lookup(e, e->next_id)) +- break; /* This ID is not yet used. */ +- +- l->id = e->next_id++; ++ l->id = avahi_wide_area_next_id(e); + + /* We keep the packet around in case we need to repeat our query */ + l->packet = avahi_dns_packet_new(0); +@@ -604,7 +625,6 @@ AvahiWideAreaLookupEngine *avahi_wide_area_engine_new(AvahiServer *s) { + e->watch_ipv6 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv6, AVAHI_WATCH_IN, socket_event, e); + + e->n_dns_servers = e->current_dns_server = 0; +- e->next_id = (uint16_t) rand(); + + /* Initialize cache */ + AVAHI_LLIST_HEAD_INIT(AvahiWideAreaCacheEntry, e->cache); +diff --git a/configure.ac b/configure.ac +index a3211b80e..31bce3d76 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -367,7 +367,8 @@ AC_FUNC_SELECT_ARGTYPES + # whether libc's malloc does too. (Same for realloc.) + #AC_FUNC_MALLOC + #AC_FUNC_REALLOC +-AC_CHECK_FUNCS([gethostname memchr memmove memset mkdir select socket strchr strcspn strdup strerror strrchr strspn strstr uname setresuid setreuid setresgid setregid strcasecmp gettimeofday putenv strncasecmp strlcpy gethostbyname seteuid setegid setproctitle getprogname]) ++AC_CHECK_FUNCS([gethostname memchr memmove memset mkdir select socket strchr strcspn strdup strerror strrchr strspn strstr uname setresuid setreuid setresgid setregid strcasecmp gettimeofday putenv strncasecmp strlcpy gethostbyname seteuid setegid setproctitle getprogname getrandom]) ++AC_CHECK_HEADERS([sys/random.h]) + + AC_FUNC_CHOWN + AC_FUNC_STAT + From patchwork Mon Jan 20 17:50:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 55853 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 25964C02182 for ; Mon, 20 Jan 2025 17:51:15 +0000 (UTC) Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) by mx.groups.io with SMTP id smtpd.web10.42239.1737395473432689958 for ; Mon, 20 Jan 2025 09:51:13 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=DkRU/8Dt; spf=softfail (domain: sakoman.com, ip: 209.85.214.175, mailfrom: steve@sakoman.com) Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-2163b0c09afso85540565ad.0 for ; Mon, 20 Jan 2025 09:51:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737395473; x=1738000273; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=isaZ67ycp3pXabfYFTxWCslCZFn4kQUPK4GQeViT6do=; b=DkRU/8Dt+tq4GAMIhGlBWKqj8NCZyyXBZSczHAwM/QG96N1BeSfZZ0Z4cXbiHlg5Ju 8KKrHkPawQGRChAxRBh5dR2aLxDxUTiFfHHatwjP4u4HYyNBLDLvMmZP0Yq7yh52R+16 g8WLV43ljbwLllV9xi4MIFQnPndNLcfYzJJcnaSSQT95azYr5fksWJqw3qhjQJBk28jm n8+/hUkBSbb4YGwFdr5AhiOkKad+kS/a9ujeDgzZLwVhLqjLjWdM7LDgNltmElEIGuA/ 928L5GKE2dLEWZFpbf8YMLIOQfce8pu7Y3IllarxlpVTxGrboUHD+KZ6uk9F9hXDv1qr eNrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737395473; x=1738000273; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=isaZ67ycp3pXabfYFTxWCslCZFn4kQUPK4GQeViT6do=; b=bE5TUjVvzsg2OqIq9WE0+BZdm7SIL5JYPNZuVF5Adk+SnsgcBaW1oOUjdXC23bbjmu 29MsYAPpvYE3NhpaqYwumxQV+1hZSj9fXqSOQazUJiWMIUVp0Cj0/CMGuc1ytTxig44W ghMBcnwY7jYMzlQixwTXP1QT230IEbQQmuzRtbf2TqjmaW5a49084Szmn1ujATl8yzyH rps2PmJdfMsyPlTbadhliSe0VQxBCzzbjkLWgbX9Nw8fhFJT7BRykQ1R0+HrME116Wkj /NXFh7dI/NlZnrB/3pwm90YdGrqSMiYLnM0Z/qB2eCHHT7KyO5Gom+QMEtRO/KoR3CJn APjw== X-Gm-Message-State: AOJu0YzXgDPkZk+mY1+IwLpTGQXIKIhbgfaIfsfl66paXkYsbg+43jm2 RyvqhEqPo43KriZFWEj0fY0NmIZZASAdAoEYxBizcQJ1+URY95jmQISsnyo0NGN5sQr4RbJ2zGQ 0oHU= X-Gm-Gg: ASbGncuh1aXPSy6imV7qKul4EMVRyup9jSRYImohX0nXCZJG41gUeIfuxv1Tbc/hst7 RcHPbKZnm2ckmzVyxh714DyjSBuC/k7grim0O+VUVZwCA2KPs6M+wUu+ldDodO3WKflLcBMoTYI DtGkRM6l3sm9nwffJCY2lHCG1RjGpYpqCzwvIHTWSBlW3632HxKQa93OqDhTn04knhomYoKPfpC aqiNyhi01j5SuId8tYsFnb+Y+YlUsnR1V+Dj8wGnatJf9HIC2PEvSrNhL0= X-Google-Smtp-Source: AGHT+IGcSIVSpOQGB5Np8nFGyqO7m9VBg4EWag2ve0DTIgJyjU993d4N6R+loiz+2E1T0NCkB7HpKw== X-Received: by 2002:a05:6a00:882:b0:725:e057:c3de with SMTP id d2e1a72fcca58-72dafab0376mr20239377b3a.23.1737395472611; Mon, 20 Jan 2025 09:51:12 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-a9bcdcf643esm6155565a12.38.2025.01.20.09.51.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jan 2025 09:51:12 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/16] socat: patch CVE-2024-54661 Date: Mon, 20 Jan 2025 09:50:46 -0800 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Jan 2025 17:51:15 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/210046 From: Peter Marko Picked upstream commit https://repo.or.cz/socat.git/commitdiff/4ee1f31cf80019c5907876576d6dfd49368d660f Since this was the only commit in 1.8.0.2 it also contained release changes which were dropped. Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../socat/socat/CVE-2024-54661.patch | 113 ++++++++++++++++++ .../socat/socat_1.7.4.4.bb | 4 +- 2 files changed, 116 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-connectivity/socat/socat/CVE-2024-54661.patch diff --git a/meta/recipes-connectivity/socat/socat/CVE-2024-54661.patch b/meta/recipes-connectivity/socat/socat/CVE-2024-54661.patch new file mode 100644 index 0000000000..d1ac148cbd --- /dev/null +++ b/meta/recipes-connectivity/socat/socat/CVE-2024-54661.patch @@ -0,0 +1,113 @@ +From 4ee1f31cf80019c5907876576d6dfd49368d660f Mon Sep 17 00:00:00 2001 +From: Gerhard Rieger +Date: Fri, 6 Dec 2024 11:42:09 +0100 +Subject: [PATCH] Version 1.8.0.2 - CVE-2024-54661: Arbitrary file overwrite in + readline.sh + +CVE: CVE-2024-54661 +Upstream-Status: Backport [https://repo.or.cz/socat.git/commitdiff/4ee1f31cf80019c5907876576d6dfd49368d660f] +Signed-off-by: Peter Marko +--- + readline.sh | 10 +++++++-- + test.sh | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 71 insertions(+), 2 deletions(-) + +diff --git a/readline.sh b/readline.sh +index b6f8438..1045303 100755 +--- a/readline.sh ++++ b/readline.sh +@@ -22,9 +22,15 @@ if [ "$withhistfile" ]; then + else + HISTOPT= + fi +-mkdir -p /tmp/$USER || exit 1 + # + # + +-exec socat -d readline"$HISTOPT",noecho='[Pp]assword:' exec:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>/tmp/$USER/stderr2 ++if test -w .; then ++ STDERR=./socat-readline.${1##*/}.log ++ rm -f $STDERR ++else ++ STDERR=/dev/null ++fi ++ ++exec socat -d readline"$HISTOPT",noecho='[Pp]assword:' exec:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>$STDERR + +diff --git a/test.sh b/test.sh +index 46bebf8..5204ac7 100755 +--- a/test.sh ++++ b/test.sh +@@ -15657,6 +15657,69 @@ esac + N=$((N+1)) + + ++# Test the readline.sh file overwrite vulnerability ++NAME=READLINE_SH_OVERWRITE ++case "$TESTS" in ++*%$N%*|*%functions%*|*%bugs%*|*%readline%*|*%security%*|*%$NAME%*) ++TEST="$NAME: Test the readline.sh file overwrite vulnerability" ++# Create a symlink /tmp/$USER/stderr2 pointing to a temporary file, ++# run readline.sh ++# When the temporary file is kept the test succeeded ++if ! eval $NUMCOND; then : ++elif ! cond=$(checkconds \ ++ "" \ ++ "" \ ++ "readline.sh" \ ++ "" \ ++ "" \ ++ "" \ ++ "" ); then ++ $PRINTF "test $F_n $TEST... ${YELLOW}$cond${NORMAL}\n" $N ++ numCANT=$((numCANT+1)) ++ listCANT="$listCANT $N" ++ namesCANT="$namesCANT $NAME" ++else ++ tf="$td/test$N.file" ++ te="$td/test$N.stderr" ++ tdiff="$td/test$N.diff" ++ da="test$N $(date) $RANDOM" ++ echo "$da" >"$tf" ++ ln -sf "$tf" /tmp/$USER/stderr2 ++ CMD0="readline.sh cat" ++ printf "test $F_n $TEST... " $N ++ $CMD0 /dev/null 2>"${te}0" ++ rc0=$? ++# if [ "$rc0" -ne 0 ]; then ++# $PRINTF "$CANT (rc0=$rc0)\n" ++# echo "$CMD0" ++# cat "${te}0" >&2 ++# numCANT=$((numCANT+1)) ++# listCANT="$listCANT $N" ++# namesCANT="$namesCANT $NAME" ++# elif ! echo "$da" |diff - "$tf" >$tdiff; then ++ if ! echo "$da" |diff - "$tf" >$tdiff; then ++ $PRINTF "$FAILED (diff)\n" ++ echo "$CMD0 &" ++ cat "${te}0" >&2 ++ echo "// diff:" >&2 ++ cat "$tdiff" >&2 ++ numFAIL=$((numFAIL+1)) ++ listFAIL="$listFAIL $N" ++ namesFAIL="$namesFAIL $NAME" ++ else ++ $PRINTF "$OK\n" ++ if [ "$VERBOSE" ]; then echo "$CMD0 &"; fi ++ if [ "$DEBUG" ]; then cat "${te}0" >&2; fi ++ if [ "$VERBOSE" ]; then echo "$CMD1"; fi ++ if [ "$DEBUG" ]; then cat "${te}1" >&2; fi ++ numOK=$((numOK+1)) ++ listOK="$listOK $N" ++ fi ++fi # NUMCOND ++ ;; ++esac ++N=$((N+1)) ++ + # end of common tests + + ################################################################################## +-- +2.30.2 + diff --git a/meta/recipes-connectivity/socat/socat_1.7.4.4.bb b/meta/recipes-connectivity/socat/socat_1.7.4.4.bb index 5a379380d1..86ca5879be 100644 --- a/meta/recipes-connectivity/socat/socat_1.7.4.4.bb +++ b/meta/recipes-connectivity/socat/socat_1.7.4.4.bb @@ -9,7 +9,9 @@ LICENSE = "GPL-2.0-with-OpenSSL-exception" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://README;beginline=257;endline=287;md5=82520b052f322ac2b5b3dfdc7c7eea86" -SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2" +SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \ + file://CVE-2024-54661.patch \ + " SRC_URI[sha256sum] = "fbd42bd2f0e54a3af6d01bdf15385384ab82dbc0e4f1a5e153b3e0be1b6380ac" From patchwork Mon Jan 20 17:50:47 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 55856 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0568CC02181 for ; Mon, 20 Jan 2025 17:51:25 +0000 (UTC) Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) by mx.groups.io with SMTP id smtpd.web10.42240.1737395474851321030 for ; Mon, 20 Jan 2025 09:51:14 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=jLmNHsBp; spf=softfail (domain: sakoman.com, ip: 209.85.216.43, mailfrom: steve@sakoman.com) Received: by mail-pj1-f43.google.com with SMTP id 98e67ed59e1d1-2ee51f8c47dso6414873a91.1 for ; Mon, 20 Jan 2025 09:51:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737395474; x=1738000274; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=UbVCHgsmjCFvelc7YSw6+1i6yBvoV4kSEUvC3kJWTSI=; b=jLmNHsBpUyl4tWtMqjuPkLIqLr9gny2KDn4CJ5VfnMNuWzJby0Zoc/y95LMwo6QK8j 3KsBKCCoYZx2BsUnhfZ3Dd5Ly5AdAWPPNLsz4tcNm/nvvOWmMyJzMBbpucSHJCYaVJam QYLk5QYWc/myTGKFqrg1yh9F5JwP+M6xXn1CkybIzrvm0A/AxhzLoQ5ZWxWTBlQAFC8i pBEIxOhfHUdTWzmwxTdJB1f0tX69zesQ4U134GJbIc7pD+z7r4CoPhUbvvML7GF/I7RR tkwuiCXM+sD4Fh8+iHKDsJQOfI2ViUpVM2h3K1Ptw3TbE3Vzp/I/LuwZLrG0cmCsxYdD 6g2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737395474; x=1738000274; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UbVCHgsmjCFvelc7YSw6+1i6yBvoV4kSEUvC3kJWTSI=; b=is5gQZZiLfabjt38k+xCVfqVUDA5AH2/oZ3q607jbqZtjffm0DxYulJuKpF4dcq3yS bkSUfSZNof7zjoqbbVwoUDsxZ9QFhuZVx1KElOL8hgSHfcgzcvR4GHyI4A08U+3CnWfQ xBIpjW3A2osHaSpwIyQCu4vzBQV5o6RaPvBbg/lzTvZW71h/soKXh+M5WQFmDb8uDITe H5/xKY2o2khBSvX/DjJL+rAV1ffnCGEpM4kNQakZ3B4HRJemb7dfJpb3ZybQC847vEdu J85lyKHdJLec7hhbuqGfijX0nusLZNytVKGsT29lDn81AiXJ6By1iSfe8WEKNlZ/YTOJ WPig== X-Gm-Message-State: AOJu0YxAJIylnCMN5D5SXFrKJuMMfIx+A+U4d2mjWQgm5AwusGvds6ga 4k/Zb4flgrYs6gXjF0+0g4Eirz79VSgNt150RXomsC9IR+IVttlb3HnyhW9XO4WbcCNsZAj7k1D tPFQ= X-Gm-Gg: ASbGncvVFQAyq19L2nrMtLy7Jc3XMKooQFoxw3rnYsqdhF5dNlhXWtXzqc4lMyUReUM ry24DglGnr8RJhqtHYFiY0MQOUVP6aPcuTc5yl6ETlhKTFDgUtSrXqRS7GJTCvpoeq63lsnQw4g A7lLEXFyX0xsWl6jepcM2eGN0jox46WMizDC1njJH6VwNhH5wZlZCRfTKs4y0W0IfHtG9kXLyQW OyG3HqCPcmfUqa2VCYdf5o52YTViS+PS+VCEdfsIPpj82a1OSDBPWJyNio= X-Google-Smtp-Source: AGHT+IH5Qx7bfbjp8zc1aEE5Htrxp9CcynNSgDBdkxC41PMitxW6X/TMXUrdaA1aPx17UW8GUKhzhw== X-Received: by 2002:a17:90a:c88c:b0:2ef:e0bb:1ef2 with SMTP id 98e67ed59e1d1-2f782cbdfefmr19191316a91.19.1737395473913; Mon, 20 Jan 2025 09:51:13 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-a9bcdcf643esm6155565a12.38.2025.01.20.09.51.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jan 2025 09:51:13 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 03/16] wget: fix CVE-2024-10524 Date: Mon, 20 Jan 2025 09:50:47 -0800 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Jan 2025 17:51:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/210047 From: Divya Chellam Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-10524 Upstream-patch: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778 Signed-off-by: Divya Chellam Signed-off-by: Steve Sakoman --- .../wget/wget/CVE-2024-10524.patch | 197 ++++++++++++++++++ meta/recipes-extended/wget/wget_1.21.4.bb | 1 + 2 files changed, 198 insertions(+) create mode 100644 meta/recipes-extended/wget/wget/CVE-2024-10524.patch diff --git a/meta/recipes-extended/wget/wget/CVE-2024-10524.patch b/meta/recipes-extended/wget/wget/CVE-2024-10524.patch new file mode 100644 index 0000000000..21f990ee73 --- /dev/null +++ b/meta/recipes-extended/wget/wget/CVE-2024-10524.patch @@ -0,0 +1,197 @@ +From c419542d956a2607bbce5df64b9d378a8588d778 Mon Sep 17 00:00:00 2001 +From: Tim Rühsen +Date: Sun, 27 Oct 2024 19:53:14 +0100 +Subject: [PATCH] Fix CVE-2024-10524 (drop support for shorthand URLs) + +* doc/wget.texi: Add documentation for removed support for shorthand URLs. +* src/html-url.c (src/html-url.c): Call maybe_prepend_scheme. +* src/main.c (main): Likewise. +* src/retr.c (getproxy): Likewise. +* src/url.c: Rename definition of rewrite_shorthand_url to maybe_prepend_scheme, + add new function is_valid_port. +* src/url.h: Rename declaration of rewrite_shorthand_url to maybe_prepend_scheme. + +Reported-by: Goni Golan + +CVE: CVE-2024-10524 + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778] + +Signed-off-by: Divya Chellam +--- + doc/wget.texi | 12 ++++------- + src/html-url.c | 2 +- + src/main.c | 2 +- + src/retr.c | 2 +- + src/url.c | 57 ++++++++++++++++---------------------------------- + src/url.h | 2 +- + 6 files changed, 26 insertions(+), 51 deletions(-) + +diff --git a/doc/wget.texi b/doc/wget.texi +index 3c24de2..503a03d 100644 +--- a/doc/wget.texi ++++ b/doc/wget.texi +@@ -314,8 +314,8 @@ for text files. Here is an example: + ftp://host/directory/file;type=a + @end example + +-Two alternative variants of @sc{url} specification are also supported, +-because of historical (hysterical?) reasons and their widespreaded use. ++The two alternative variants of @sc{url} specifications are no longer ++supported because of security considerations: + + @sc{ftp}-only syntax (supported by @code{NcFTP}): + @example +@@ -327,12 +327,8 @@ host:/dir/file + host[:port]/dir/file + @end example + +-These two alternative forms are deprecated, and may cease being +-supported in the future. +- +-If you do not understand the difference between these notations, or do +-not know which one to use, just use the plain ordinary format you use +-with your favorite browser, like @code{Lynx} or @code{Netscape}. ++These two alternative forms have been deprecated long time ago, ++and support is removed with version 1.22.0. + + @c man begin OPTIONS + +diff --git a/src/html-url.c b/src/html-url.c +index 896d6fc..3deea9c 100644 +--- a/src/html-url.c ++++ b/src/html-url.c +@@ -931,7 +931,7 @@ get_urls_file (const char *file) + url_text = merged; + } + +- new_url = rewrite_shorthand_url (url_text); ++ new_url = maybe_prepend_scheme (url_text); + if (new_url) + { + xfree (url_text); +diff --git a/src/main.c b/src/main.c +index d1c3c3e..f1d7792 100644 +--- a/src/main.c ++++ b/src/main.c +@@ -2126,7 +2126,7 @@ only if outputting to a regular file.\n")); + struct iri *iri = iri_new (); + struct url *url_parsed; + +- t = rewrite_shorthand_url (argv[optind]); ++ t = maybe_prepend_scheme (argv[optind]); + if (!t) + t = argv[optind]; + +diff --git a/src/retr.c b/src/retr.c +index 38c9fcf..a124046 100644 +--- a/src/retr.c ++++ b/src/retr.c +@@ -1493,7 +1493,7 @@ getproxy (struct url *u) + + /* Handle shorthands. `rewritten_storage' is a kludge to allow + getproxy() to return static storage. */ +- rewritten_url = rewrite_shorthand_url (proxy); ++ rewritten_url = maybe_prepend_scheme (proxy); + if (rewritten_url) + return rewritten_url; + +diff --git a/src/url.c b/src/url.c +index 0acd3f3..6868825 100644 +--- a/src/url.c ++++ b/src/url.c +@@ -594,60 +594,39 @@ parse_credentials (const char *beg, const char *end, char **user, char **passwd) + return true; + } + +-/* Used by main.c: detect URLs written using the "shorthand" URL forms +- originally popularized by Netscape and NcFTP. HTTP shorthands look +- like this: +- +- www.foo.com[:port]/dir/file -> http://www.foo.com[:port]/dir/file +- www.foo.com[:port] -> http://www.foo.com[:port] +- +- FTP shorthands look like this: +- +- foo.bar.com:dir/file -> ftp://foo.bar.com/dir/file +- foo.bar.com:/absdir/file -> ftp://foo.bar.com//absdir/file ++static bool is_valid_port(const char *p) ++{ ++ unsigned port = (unsigned) atoi (p); ++ if (port == 0 || port > 65535) ++ return false; + +- If the URL needs not or cannot be rewritten, return NULL. */ ++ int digits = strspn (p, "0123456789"); ++ return digits && (p[digits] == '/' || p[digits] == '\0'); ++} + ++/* Prepend "http://" to url if scheme is missing, otherwise return NULL. */ + char * +-rewrite_shorthand_url (const char *url) ++maybe_prepend_scheme (const char *url) + { +- const char *p; +- char *ret; +- + if (url_scheme (url) != SCHEME_INVALID) + return NULL; + +- /* Look for a ':' or '/'. The former signifies NcFTP syntax, the +- latter Netscape. */ +- p = strpbrk (url, ":/"); ++ const char *p = strchr (url, ':'); + if (p == url) + return NULL; + + /* If we're looking at "://", it means the URL uses a scheme we + don't support, which may include "https" when compiled without +- SSL support. Don't bogusly rewrite such URLs. */ ++ SSL support. Don't bogusly prepend "http://" to such URLs. */ + if (p && p[0] == ':' && p[1] == '/' && p[2] == '/') + return NULL; + +- if (p && *p == ':') +- { +- /* Colon indicates ftp, as in foo.bar.com:path. Check for +- special case of http port number ("localhost:10000"). */ +- int digits = strspn (p + 1, "0123456789"); +- if (digits && (p[1 + digits] == '/' || p[1 + digits] == '\0')) +- goto http; +- +- /* Turn "foo.bar.com:path" to "ftp://foo.bar.com/path". */ +- if ((ret = aprintf ("ftp://%s", url)) != NULL) +- ret[6 + (p - url)] = '/'; +- } +- else +- { +- http: +- /* Just prepend "http://" to URL. */ +- ret = aprintf ("http://%s", url); +- } +- return ret; ++ if (p && p[0] == ':' && !is_valid_port (p + 1)) ++ return NULL; ++ ++ ++ fprintf(stderr, "Prepended http:// to '%s'\n", url); ++ return aprintf ("http://%s", url); + } + + static void split_path (const char *, char **, char **); +diff --git a/src/url.h b/src/url.h +index fb9da33..5f99b0a 100644 +--- a/src/url.h ++++ b/src/url.h +@@ -128,7 +128,7 @@ char *uri_merge (const char *, const char *); + + int mkalldirs (const char *); + +-char *rewrite_shorthand_url (const char *); ++char *maybe_prepend_scheme (const char *); + bool schemes_are_similar_p (enum url_scheme a, enum url_scheme b); + + bool are_urls_equal (const char *u1, const char *u2); +-- +2.40.0 + diff --git a/meta/recipes-extended/wget/wget_1.21.4.bb b/meta/recipes-extended/wget/wget_1.21.4.bb index bc65a8f7c8..b5f50f6c84 100644 --- a/meta/recipes-extended/wget/wget_1.21.4.bb +++ b/meta/recipes-extended/wget/wget_1.21.4.bb @@ -1,6 +1,7 @@ SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \ file://0002-improve-reproducibility.patch \ file://CVE-2024-38428.patch \ + file://CVE-2024-10524.patch \ " SRC_URI[sha256sum] = "81542f5cefb8faacc39bbbc6c82ded80e3e4a88505ae72ea51df27525bcde04c" From patchwork Mon Jan 20 17:50:48 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 55855 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 056CBC02182 for ; Mon, 20 Jan 2025 17:51:25 +0000 (UTC) Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.web11.42126.1737395476368047327 for ; Mon, 20 Jan 2025 09:51:16 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=bXrpDPBb; spf=softfail (domain: sakoman.com, ip: 209.85.214.173, mailfrom: steve@sakoman.com) Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-21628b3fe7dso82313355ad.3 for ; Mon, 20 Jan 2025 09:51:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737395476; x=1738000276; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=orU2ezzlNn+4qcuH4MnBXBJELFH3/jnt5jXK8EDLSlQ=; b=bXrpDPBbJScP4Hh4coP4LvPrDSTSGfBsyl1WywICkJzYDKsSLjEQivfYfAc0RCwa4O +9AHjHspgxxlCP728Iqa68csfaoh09zMztPH8aGM2w7mZK6lS5zLsfN6TQPte47tVIhT tMmLS1L/mSiY6VWZu2xsU4B1YwGpPRgbD6znOOP8w7/8rU/x7nnI9w655OGruGUA+pbd PUnRxMJh8SH+FRqxxh7HZuWG1wsJPvwhk1v28um8+ox5A4YX5RU5MPTX2RQtpmeRddZ4 7SEVOD55+sFDRzBs3wbZCYhuei9tGSG46oFWjvIUejzQWL019ndKbtB73Kk/7GZNo6Ux o0/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737395476; x=1738000276; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=orU2ezzlNn+4qcuH4MnBXBJELFH3/jnt5jXK8EDLSlQ=; b=Ck/42R2s/d4SLMhbrXo93fhkELbHzicUgsEXogIKLZ+pK1UVhNizkd6673Ylb/dS/p KDS2MC81JFjBVfSceksazFHEYOgpKO2lwyIEBZSgr2/F+76GelYYfT9pun+uCVYVfZ2S vw2phTd/cqnI6KlGI9eOWnzGJgCpH9IjgVA0+ZKP6mbzrynCneb8x2g+8GztnKk3AJ+7 UR64yTE+98Is4i/VeM6JwvE8MIPyFc7iCKTLbVS3UCB/8kH+S+eSBRydQHSaDA0RNLEd FBzaKu6jK9/ERnAppoykUfslUe3RHZzBqSHE6QChyxKTE5f93KqDYGc6vybHS8oLyBLS iruQ== X-Gm-Message-State: AOJu0YwJ1lJ5AmNJrAa+52eogndPnd86b1YkIhB575q4Rix8fgvEK6U6 EIB3rCo7gBSv5ERm/spIejuhpxbI7tr1xEuFgAVh73phv7fRQIRxFqTJ1ZjUBsZAhpYef37RvQj 5wKg= X-Gm-Gg: ASbGncuYbC5Ek/PhCuX/vQ3jJUzQjvVbkPnb4q+EfaXxzhg40MMzr3s58PmcJOWuNNi ZyaoNOwzuRV5YBjsun5FsN9/pO9q4YLb8EvTTuf0eWSsKOViHAmX81amENxskjm3WOs8Fp44ciD K+XC1kBPBZo6ANEYu0WjXGYDklLp1xNQfk6DlAunNezW3H79Tu3wguKjN5qyxwiArGHwzv0M2td aPqo7k2pYKJeV/TJeAoQir1jvG+axXSGBhQT/sKHq6PY9uEEA3ttFukPSI= X-Google-Smtp-Source: AGHT+IFj36hZr7Ij5ighOi6FQCSWi6+OhRyJpdvvLz4T94k47AT0Q2wCOvjMcwjZzR5/nAC4iA8qmw== X-Received: by 2002:a05:6a20:3d83:b0:1e1:bf3d:a191 with SMTP id adf61e73a8af0-1eb21590339mr21190973637.33.1737395475298; Mon, 20 Jan 2025 09:51:15 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-a9bcdcf643esm6155565a12.38.2025.01.20.09.51.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jan 2025 09:51:15 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 04/16] vte: fix CVE-2024-37535 Date: Mon, 20 Jan 2025 09:50:48 -0800 Message-ID: <132a5168b125d6f4fb9391d982bc64d73429ab8f.1737395091.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Jan 2025 17:51:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/210048 From: Zhang Peng CVE-2024-37535: GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-37535] Upstream patches: [https://gitlab.gnome.org/GNOME/vte/-/commit/036bc3ddcbb56f05c6ca76712a53b89dee1369e2] [https://gitlab.gnome.org/GNOME/vte/-/commit/c313849c2e5133802e21b13fa0b141b360171d39] Signed-off-by: Zhang Peng Signed-off-by: Steve Sakoman --- .../vte/vte/CVE-2024-37535-0001.patch | 63 ++++++++++++++ .../vte/vte/CVE-2024-37535-0002.patch | 85 +++++++++++++++++++ meta/recipes-support/vte/vte_0.66.2.bb | 9 +- 3 files changed, 155 insertions(+), 2 deletions(-) create mode 100644 meta/recipes-support/vte/vte/CVE-2024-37535-0001.patch create mode 100644 meta/recipes-support/vte/vte/CVE-2024-37535-0002.patch diff --git a/meta/recipes-support/vte/vte/CVE-2024-37535-0001.patch b/meta/recipes-support/vte/vte/CVE-2024-37535-0001.patch new file mode 100644 index 0000000000..f7c84323fb --- /dev/null +++ b/meta/recipes-support/vte/vte/CVE-2024-37535-0001.patch @@ -0,0 +1,63 @@ +From 036bc3ddcbb56f05c6ca76712a53b89dee1369e2 Mon Sep 17 00:00:00 2001 +From: Christian Persch +Date: Sun, 2 Jun 2024 19:19:35 +0200 +Subject: [PATCH] emulation: Restrict resize request to sane numbers + +Fixes: https://gitlab.gnome.org/GNOME/vte/-/issues/2786 +(cherry picked from commit fd5511f24b7269195a7083f409244e9787c705dc) + +CVE: CVE-2024-37535 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/vte/-/commit/036bc3ddcbb56f05c6ca76712a53b89dee1369e2] + +Signed-off-by: Zhang Peng +--- + src/vteseq.cc | 20 ++++++++++++-------- + 1 file changed, 12 insertions(+), 8 deletions(-) + +diff --git a/src/vteseq.cc b/src/vteseq.cc +index 2c5b1e128..5b3f398e2 100644 +--- a/src/vteseq.cc ++++ b/src/vteseq.cc +@@ -213,9 +213,18 @@ Terminal::emit_bell() + /* Emit a "resize-window" signal. (Grid size.) */ + void + Terminal::emit_resize_window(guint columns, +- guint rows) +-{ +- _vte_debug_print(VTE_DEBUG_SIGNALS, "Emitting `resize-window'.\n"); ++ guint rows) ++{ ++ // Ignore resizes with excessive number of rows or columns, ++ // see https://gitlab.gnome.org/GNOME/vte/-/issues/2786 ++ if (columns < VTE_MIN_GRID_WIDTH || ++ columns > 511 || ++ rows < VTE_MIN_GRID_HEIGHT || ++ rows > 511) ++ return; ++ ++ _vte_debug_print(VTE_DEBUG_SIGNALS, "Emitting `resize-window' %d columns %d rows.\n", ++ columns, rows); + g_signal_emit(m_terminal, signals[SIGNAL_RESIZE_WINDOW], 0, columns, rows); + } + +@@ -4467,8 +4476,6 @@ Terminal::DECSLPP(vte::parser::Sequence const& seq) + else if (param < 24) + return; + +- _vte_debug_print(VTE_DEBUG_EMULATION, "Resizing to %d rows.\n", param); +- + emit_resize_window(m_column_count, param); + } + +@@ -8990,9 +8997,6 @@ Terminal::XTERM_WM(vte::parser::Sequence const& seq) + seq.collect(1, {&height, &width}); + + if (width != -1 && height != -1) { +- _vte_debug_print(VTE_DEBUG_EMULATION, +- "Resizing window to %d columns, %d rows.\n", +- width, height); + emit_resize_window(width, height); + } + break; +-- +GitLab diff --git a/meta/recipes-support/vte/vte/CVE-2024-37535-0002.patch b/meta/recipes-support/vte/vte/CVE-2024-37535-0002.patch new file mode 100644 index 0000000000..c396817060 --- /dev/null +++ b/meta/recipes-support/vte/vte/CVE-2024-37535-0002.patch @@ -0,0 +1,85 @@ +From c313849c2e5133802e21b13fa0b141b360171d39 Mon Sep 17 00:00:00 2001 +From: Christian Persch +Date: Sun, 2 Jun 2024 19:19:35 +0200 +Subject: [PATCH] widget: Add safety limit to widget size requests + +https://gitlab.gnome.org/GNOME/vte/-/issues/2786 +(cherry picked from commit 1803ba866053a3d7840892b9d31fe2944a183eda) + +CVE: CVE-2024-37535 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/vte/-/commit/c313849c2e5133802e21b13fa0b141b360171d39] + +Signed-off-by: Zhang Peng +--- + src/vtegtk.cc | 35 +++++++++++++++++++++++++++++++++++ + 1 file changed, 35 insertions(+) + +diff --git a/src/vtegtk.cc b/src/vtegtk.cc +index 24bdd7184..48cae79c1 100644 +--- a/src/vtegtk.cc ++++ b/src/vtegtk.cc +@@ -91,6 +91,38 @@ + template + constexpr bool check_enum_value(T value) noexcept; + ++static inline void ++sanitise_widget_size_request(int* minimum, ++ int* natural) noexcept ++{ ++ // Overly large size requests will make gtk happily allocate ++ // a window size over the window system's limits (see ++ // e.g. https://gitlab.gnome.org/GNOME/vte/-/issues/2786), ++ // leading to aborting the whole process. ++ // The toolkit should be in a better position to know about ++ // these limits and not exceed them (which here is certainly ++ // possible since our minimum sizes are very small), let's ++ // limit the widget's size request to some large value ++ // that hopefully is within the absolute limits of ++ // the window system (assumed here to be int16 range, ++ // and leaving some space for the widgets that contain ++ // the terminal). ++ auto const limit = (1 << 15) - (1 << 12); ++ ++ if (*minimum > limit || *natural > limit) { ++ static auto warned = false; ++ ++ if (!warned) { ++ g_warning("Widget size request (minimum %d, natural %d) exceeds limits\n", ++ *minimum, *natural); ++ warned = true; ++ } ++ } ++ ++ *minimum = std::min(*minimum, limit); ++ *natural = std::clamp(*natural, *minimum, limit); ++} ++ + struct _VteTerminalClassPrivate { + GtkStyleProvider *style_provider; + }; +@@ -510,6 +542,7 @@ try + { + VteTerminal *terminal = VTE_TERMINAL(widget); + WIDGET(terminal)->get_preferred_width(minimum_width, natural_width); ++ sanitise_widget_size_request(minimum_width, natural_width); + } + catch (...) + { +@@ -524,6 +557,7 @@ try + { + VteTerminal *terminal = VTE_TERMINAL(widget); + WIDGET(terminal)->get_preferred_height(minimum_height, natural_height); ++ sanitise_widget_size_request(minimum_height, natural_height); + } + catch (...) + { +@@ -781,6 +815,7 @@ try + WIDGET(terminal)->measure(orientation, for_size, + minimum, natural, + minimum_baseline, natural_baseline); ++ sanitise_widget_size_request(minimum, natural); + } + catch (...) + { +-- +GitLab diff --git a/meta/recipes-support/vte/vte_0.66.2.bb b/meta/recipes-support/vte/vte_0.66.2.bb index af1c47cf80..365e4361cb 100644 --- a/meta/recipes-support/vte/vte_0.66.2.bb +++ b/meta/recipes-support/vte/vte_0.66.2.bb @@ -19,8 +19,13 @@ GIR_MESON_OPTION = 'gir' inherit gnomebase gtk-doc features_check upstream-version-is-even gobject-introspection # vapigen.m4 is required when vala is not present (but the one from vala should be used normally) -SRC_URI += "file://0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch \ - file://0001-Makefile.docs-correctly-substitute-gtkdoc-qemu-wrapp.patch" +SRC_URI += " \ + file://0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch \ + file://0001-Makefile.docs-correctly-substitute-gtkdoc-qemu-wrapp.patch \ + file://CVE-2024-37535-0001.patch \ + file://CVE-2024-37535-0002.patch \ + " + SRC_URI[archive.sha256sum] = "e89974673a72a0a06edac6d17830b82bb124decf0cb3b52cebc92ec3ff04d976" ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" From patchwork Mon Jan 20 17:50:49 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 55860 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2A91CC0218F for ; Mon, 20 Jan 2025 17:51:25 +0000 (UTC) Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.web10.42241.1737395477563402845 for ; Mon, 20 Jan 2025 09:51:17 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=cYbQ5cqR; spf=softfail (domain: sakoman.com, ip: 209.85.214.173, mailfrom: steve@sakoman.com) Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-21a7ed0155cso73325655ad.3 for ; Mon, 20 Jan 2025 09:51:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737395477; x=1738000277; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ttB9RYd4etyuN9fSjrMwqoPf0dqvdgXtVB7RyhHxVcg=; b=cYbQ5cqRHz7uRkY1FXDhsd0x8ANQ059M75MOjbrDFQu4zwnvV2BEJRh76cdv1zsWD2 643SNCJ7hALFhd1YzAHeicM33jLt27eWDpBcY9kGB7HsyZVvUULfYVpagNM0Kqhvf1GE NCwm5PFWAljv7sqqWueh33gpuWb2nc8YcC7Byks+Wl8GKJ1dqNgPDERYjNqLkXpm+gZH MB7V+F9B1AsAZacqcK1+3RDy11isyKxNV48ZVI92cCLKe7Xwg5IllaO6OvFGOWxRCeZw cU6pvaphmGSjBk9GQBqeogRVx0WfEfNQTKh2s4KThm6htkphIDIqnEGVhYeOQ85P0k2Q Nl8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737395477; x=1738000277; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ttB9RYd4etyuN9fSjrMwqoPf0dqvdgXtVB7RyhHxVcg=; b=iBm0UPARCfitAR8P5nR/wHCPRZq/MTDgcb+Ta8crFe51wRf4bcXtYhQ3Ax1FBJ9NZg BPq+LS9luTF4pwFRp3yvN0qfEW8seqbs9psbKTLuZhSke/dLNpGjweXJHlyhhTuxrTnI 1/kLBvcJkX82O/iozagJvn9yMJyDYuGbfPW7XqaNNaEWCLXYFeSRPYo+69HUvni512Lq oN8alilVqK29NwEP/UtwIXcRlF8jrA/Vux7tsGdTA8ExJMH5R0QY4X/x8kvyIszOqf+6 AMhyBiT02ZWiHTeyIlsK/AsbDCSEK4cUUi9r7BZ5Rla9VH2CWHo4bCW9JNwbv7RzrkzA auQQ== X-Gm-Message-State: AOJu0Yxp+SoQ6MMXioRHxSHnadzgg93blKAq8ny33BowFxNbHjN7i9An 7Io3jOEo11zpCDAiy/efgb+CL5R5ns/MnLpaOfFLRKrlXzsCgGi6LpSCtOygGw/gwKcuksTBATF UIzo= X-Gm-Gg: ASbGncvuMoVT87m0Et4weCx8TwsXlY0M2pLE23nUEDQFrIh3BoiOkqTgpkD5IAoWd2A roPMlndM8IbDvuD8j55Tas2+7aay6+fSi5GWNutcB5gJD2/ajYRFp7W021X7DTQvP9abMRaQLXN HRkmE92PmMoZcw0uiqsHajfCo16WtW8q3klAg6nBIGJ4HiwAo1jh2lXBZK3ryzzoc0s0tpfr4Gx +ylGlffjTy7NhhENb877Gg/4O2BsqpMFrXNvbOCBLkH698sxqFZ3kPz0OU= X-Google-Smtp-Source: AGHT+IEuqsyUBt15PhPnULeBk4YObEEV+1gH52K+oU1H+0ZvB9skbprmEVoU4M6dWo3xxdH0Ukj7Qg== X-Received: by 2002:a17:903:2282:b0:21c:fb6:7c52 with SMTP id d9443c01a7336-21c356080e1mr208957335ad.45.1737395476776; Mon, 20 Jan 2025 09:51:16 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-a9bcdcf643esm6155565a12.38.2025.01.20.09.51.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jan 2025 09:51:16 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 05/16] rsync: update 3.2.5 -> 3.2.7 Date: Mon, 20 Jan 2025 09:50:49 -0800 Message-ID: <798009f46f2044aaa0bac753430cca1964677741.1737395091.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Jan 2025 17:51:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/210049 From: Alexander Kanavin Rebase patches. (From OE-Core rev: 827c787893caa973c509acf7cac9e17fec5692a4) Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- ...-prototypes-to-function-declarations.patch | 28 +++++++-------- ...antic-errors-at-the-end-of-configure.patch | 36 ++++--------------- .../rsync/{rsync_3.2.5.bb => rsync_3.2.7.bb} | 2 +- 3 files changed, 20 insertions(+), 46 deletions(-) rename meta/recipes-devtools/rsync/{rsync_3.2.5.bb => rsync_3.2.7.bb} (97%) diff --git a/meta/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch b/meta/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch index 474d82db22..8895adad74 100644 --- a/meta/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch +++ b/meta/recipes-devtools/rsync/files/0001-Add-missing-prototypes-to-function-declarations.patch @@ -1,4 +1,4 @@ -From 785c0072c80c2f6e0839478453cf65fdeac15da0 Mon Sep 17 00:00:00 2001 +From 651425fced0691d9063fe417388ba6ca1c38c40b Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Mon, 29 Aug 2022 19:53:28 -0700 Subject: [PATCH] Add missing prototypes to function declarations @@ -15,6 +15,7 @@ Fixes errors like Upstream-Status: Submitted [https://lists.samba.org/archive/rsync/2022-August/032858.html] Signed-off-by: Khem Raj + --- checksum.c | 2 +- exclude.c | 2 +- @@ -29,23 +30,23 @@ Signed-off-by: Khem Raj 10 files changed, 12 insertions(+), 13 deletions(-) diff --git a/checksum.c b/checksum.c -index fb8c0a0..174c28c 100644 +index 60de365..67a9e16 100644 --- a/checksum.c +++ b/checksum.c -@@ -629,7 +629,7 @@ int sum_end(char *sum) - return csum_len_for_type(cursum_type, 0); +@@ -778,7 +778,7 @@ static void verify_digest(struct name_num_item *nni, BOOL check_auth_list) } + #endif -void init_checksum_choices() +void init_checksum_choices(void) { - #ifdef SUPPORT_XXH3 - char buf[32816]; + #if defined SUPPORT_XXH3 || defined USE_OPENSSL + struct name_num_item *nni; diff --git a/exclude.c b/exclude.c -index adc82e2..79f5a82 100644 +index ffe55b1..a85ea76 100644 --- a/exclude.c +++ b/exclude.c -@@ -358,7 +358,7 @@ void implied_include_partial_string(const char *s_start, const char *s_end) +@@ -363,7 +363,7 @@ void implied_include_partial_string(const char *s_start, const char *s_end) memcpy(partial_string_buf, s_start, partial_string_len); } @@ -53,9 +54,9 @@ index adc82e2..79f5a82 100644 +void free_implied_include_partial_string(void) { if (partial_string_buf) { - free(partial_string_buf); + if (partial_string_len) diff --git a/hlink.c b/hlink.c -index 66810a3..6511dfb 100644 +index 20291f2..5c26a6b 100644 --- a/hlink.c +++ b/hlink.c @@ -117,8 +117,7 @@ static void match_gnums(int32 *ndx_list, int ndx_count) @@ -82,7 +83,7 @@ index a1a7245..4eae062 100644 /* statistical data */ diff --git a/log.c b/log.c -index 44344e2..991e359 100644 +index e4ba1cc..8482b71 100644 --- a/log.c +++ b/log.c @@ -131,7 +131,7 @@ static void logit(int priority, const char *buf) @@ -95,7 +96,7 @@ index 44344e2..991e359 100644 int options = LOG_PID; diff --git a/main.c b/main.c -index 9ebfbea..affa244 100644 +index d2a7b9b..c50af45 100644 --- a/main.c +++ b/main.c @@ -244,7 +244,7 @@ void read_del_stats(int f) @@ -168,6 +169,3 @@ index bbba7b2..61f8dc9 100644 { uLong flags; --- -2.37.2 - diff --git a/meta/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch b/meta/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch index 1d9c4bfe48..f11f13dd48 100644 --- a/meta/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch +++ b/meta/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch @@ -1,4 +1,4 @@ -From e64a58387db46239902b610871a0eb81626e99ff Mon Sep 17 00:00:00 2001 +From e6321b0b456fca987b48d5ec7aba7e2826128e5f Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Thu, 18 Aug 2022 07:46:28 -0700 Subject: [PATCH] Turn on -pedantic-errors at the end of 'configure' @@ -6,37 +6,16 @@ Subject: [PATCH] Turn on -pedantic-errors at the end of 'configure' Problem reported by Khem Raj in: https://lists.gnu.org/r/autoconf-patches/2022-08/msg00009.html Upstream-Status: Submitted [https://lists.samba.org/archive/rsync/2022-August/032862.html] + --- - configure.ac | 35 ++++++++++++++++++++--------------- - 1 file changed, 20 insertions(+), 15 deletions(-) + configure.ac | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) diff --git a/configure.ac b/configure.ac -index d185b2d3..7e9514f7 100644 +index a2c9955..afabef0 100644 --- a/configure.ac +++ b/configure.ac -@@ -1071,21 +1071,6 @@ elif test x"$ac_cv_header_popt_h" != x"yes"; then - with_included_popt=yes - fi - --if test x"$GCC" = x"yes"; then -- if test x"$with_included_popt" != x"yes"; then -- # Turn pedantic warnings into errors to ensure an array-init overflow is an error. -- CFLAGS="$CFLAGS -pedantic-errors" -- else -- # Our internal popt code cannot be compiled with pedantic warnings as errors, so try to -- # turn off pedantic warnings (which will not lose the error for array-init overflow). -- # Older gcc versions don't understand -Wno-pedantic, so check if --help=warnings lists -- # -Wpedantic and use that as a flag. -- case `$CC --help=warnings 2>/dev/null | grep Wpedantic` in -- *-Wpedantic*) CFLAGS="$CFLAGS -pedantic-errors -Wno-pedantic" ;; -- esac -- fi --fi -- - AC_MSG_CHECKING([whether to use included libpopt]) - if test x"$with_included_popt" = x"yes"; then - AC_MSG_RESULT($srcdir/popt) -@@ -1444,6 +1429,26 @@ case "$CC" in +@@ -1437,6 +1437,26 @@ case "$CC" in ;; esac @@ -63,6 +42,3 @@ index d185b2d3..7e9514f7 100644 AC_CONFIG_FILES([Makefile lib/dummy zlib/dummy popt/dummy shconfig]) AC_OUTPUT --- -2.37.1 - diff --git a/meta/recipes-devtools/rsync/rsync_3.2.5.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb similarity index 97% rename from meta/recipes-devtools/rsync/rsync_3.2.5.bb rename to meta/recipes-devtools/rsync/rsync_3.2.7.bb index 983bdd5ab0..84052d0ff1 100644 --- a/meta/recipes-devtools/rsync/rsync_3.2.5.bb +++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb @@ -18,7 +18,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ file://0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch \ " -SRC_URI[sha256sum] = "2ac4d21635cdf791867bc377c35ca6dda7f50d919a58be45057fd51600c69aba" +SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb" # -16548 required for v3.1.3pre1. Already in v3.1.3. CVE_CHECK_IGNORE += " CVE-2017-16548 " From patchwork Mon Jan 20 17:50:50 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 55859 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2A847C0218C for ; Mon, 20 Jan 2025 17:51:25 +0000 (UTC) Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com [209.85.216.54]) by mx.groups.io with SMTP id smtpd.web10.42242.1737395478889554133 for ; Mon, 20 Jan 2025 09:51:18 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=idSsID3a; spf=softfail (domain: sakoman.com, ip: 209.85.216.54, mailfrom: steve@sakoman.com) Received: by mail-pj1-f54.google.com with SMTP id 98e67ed59e1d1-2f43d17b0e3so8472312a91.0 for ; Mon, 20 Jan 2025 09:51:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737395478; x=1738000278; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=2I3e2C/8Y2jI7mUPRLVmLDaJUyR+uFsK/v0OHPyTaA8=; b=idSsID3anWvqluKLNq7p2VCWHNbILuNA0HjdJiJJkcombODEe16PvGN6BGqBqXE0hV vLbsjzla47caBVQXXX3w799gUAIGZ+iw77R2WqY4EjymKGHjDr4R9rKjP7vXlsY3dUoi XsJhMw05cin0i2+RezC6hxQOq0DC3H35uutF1HKXSvqtmXgJ+cXtqeqKeO0yKPhyVEtc zep2O2kyZBxSvyNLmQyfNfp5CQJle6dmdl39kj2yYChiUgYe7u1rzCnvKHEp1hwiNSm+ r1LUOYanWWQYdUoCNR6RP9Wt1plvotzhtvoolrYPTq6pG5xabCY3uAkd2an215zlPBhz XD5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737395478; x=1738000278; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2I3e2C/8Y2jI7mUPRLVmLDaJUyR+uFsK/v0OHPyTaA8=; b=oZsCKGJEJkgrxmej+ibLhrJ2mdv24Cwj1TBmZ69t1HzUoArbV7/DNMkRLiQsFzHzG7 A/1qqD8cPUwHfWMdEASyAxGyfvKtHCJfC81fBIycfK89eqfcb/JoPEMhPJyopcCeAIo3 R/uEdBwveCTN1U7iZVMFJQyuphOOdnbjGvS6Cl5xd4QZkeS7TIo6EBkkPFImovB1PZ+L CaqW3P2jn0nRqNF3eN9mi2lLBzEKdeH3sSe5qol0HaGbpQmBo+r7QGOuA7RjMLNsJMYG TcZuSRGYP1tGBozf83/oj3etarHMpaUnC4IvNLESCHia6skfzuvHR3e7ztmOmApErFJ3 7dXQ== X-Gm-Message-State: AOJu0Yx6PYhvg4iM6GdpUwgeAECFOAZ9Fi1uTByxnP4JQ8jXlNbstLLc dTGEdUwa1WOlb6pakskxf9pyME59ldXiSqmBlrN8AmASmkA+4QO3JwV2y8/KsT6uPLseza/RkI5 HCOA= X-Gm-Gg: ASbGncuUWNfHF0fCEBDaAekIQGOyqxwHHppDB49+NOYnZ7BMvZamGXAUZlvWnmNmXNH A8TfcflFW+t00u/R+T1QUuTO6TU4ZNCMTgHBPLIgetC4qB4gPIEm6B7DBSLE7xLz6pCM3MEpoAH zK5n/pBR20fDJpw5EMdwbqysYWJnFj4nrDEWUoiJFt59LiAvvHEsugB9ut082HGcxb/XOKqa3ls X31gNBzNDeN9Oi5R1/ugRfBKNs+6spWvY70O39I94+9nL0MBo2ClmMMJ1g= X-Google-Smtp-Source: AGHT+IGlwW93La+Jfqdw4jeA2dJMHDSJDxxNfGBh8y+nj5bWXFBj6fBO2H1iV3ZE5RmBhoSvFHPuwA== X-Received: by 2002:a17:90a:c883:b0:2ee:f46f:4d5f with SMTP id 98e67ed59e1d1-2f782c669admr18616169a91.6.1737395478065; Mon, 20 Jan 2025 09:51:18 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-a9bcdcf643esm6155565a12.38.2025.01.20.09.51.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jan 2025 09:51:17 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 06/16] rsync: Delete pedantic errors re-ordering patch Date: Mon, 20 Jan 2025 09:50:50 -0800 Message-ID: <3746c60f38a6cf99f293131b8b1bfed7c73a1944.1737395091.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Jan 2025 17:51:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/210050 From: Khem Raj It has been fixed by removing the check upstream see https://github.com/WayneD/rsync/commit/9a3449a3980421f84ac55498ba565bc112b20d6c (From OE-Core rev: c6228b8371ea5c3c452db7b536948ae96d83844b) Signed-off-by: Khem Raj Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- ...antic-errors-at-the-end-of-configure.patch | 44 ------------------- meta/recipes-devtools/rsync/rsync_3.2.7.bb | 1 - 2 files changed, 45 deletions(-) delete mode 100644 meta/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch diff --git a/meta/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch b/meta/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch deleted file mode 100644 index f11f13dd48..0000000000 --- a/meta/recipes-devtools/rsync/files/0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch +++ /dev/null @@ -1,44 +0,0 @@ -From e6321b0b456fca987b48d5ec7aba7e2826128e5f Mon Sep 17 00:00:00 2001 -From: Paul Eggert -Date: Thu, 18 Aug 2022 07:46:28 -0700 -Subject: [PATCH] Turn on -pedantic-errors at the end of 'configure' - -Problem reported by Khem Raj in: -https://lists.gnu.org/r/autoconf-patches/2022-08/msg00009.html -Upstream-Status: Submitted [https://lists.samba.org/archive/rsync/2022-August/032862.html] - ---- - configure.ac | 20 ++++++++++++++++++++ - 1 file changed, 20 insertions(+) - -diff --git a/configure.ac b/configure.ac -index a2c9955..afabef0 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1437,6 +1437,26 @@ case "$CC" in - ;; - esac - -+# Enable -pedantic-errors last, so that it doesn't mess up other -+# 'configure' tests. For example, Autoconf uses empty function -+# prototypes like 'int main () {}' which Clang 15's -pedantic-errors -+# would reject. Generally it's not a good idea to try to run -+# 'configure' itself with strict compiler checking. -+if test x"$GCC" = x"yes"; then -+ if test x"$with_included_popt" != x"yes"; then -+ # Turn pedantic warnings into errors to ensure an array-init overflow is an error. -+ CFLAGS="$CFLAGS -pedantic-errors" -+ else -+ # Our internal popt code cannot be compiled with pedantic warnings as errors, so try to -+ # turn off pedantic warnings (which will not lose the error for array-init overflow). -+ # Older gcc versions don't understand -Wno-pedantic, so check if --help=warnings lists -+ # -Wpedantic and use that as a flag. -+ case `$CC --help=warnings 2>/dev/null | grep Wpedantic` in -+ *-Wpedantic*) CFLAGS="$CFLAGS -pedantic-errors -Wno-pedantic" ;; -+ esac -+ fi -+fi -+ - AC_CONFIG_FILES([Makefile lib/dummy zlib/dummy popt/dummy shconfig]) - AC_OUTPUT - diff --git a/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb index 84052d0ff1..53c2136f4d 100644 --- a/meta/recipes-devtools/rsync/rsync_3.2.7.bb +++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb @@ -15,7 +15,6 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ file://makefile-no-rebuild.patch \ file://determism.patch \ file://0001-Add-missing-prototypes-to-function-declarations.patch \ - file://0001-Turn-on-pedantic-errors-at-the-end-of-configure.patch \ " SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb" From patchwork Mon Jan 20 17:50:51 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 55858 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 17928C0218D for ; Mon, 20 Jan 2025 17:51:25 +0000 (UTC) Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) by mx.groups.io with SMTP id smtpd.web10.42244.1737395480413271389 for ; Mon, 20 Jan 2025 09:51:20 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=wKcqJE8V; spf=softfail (domain: sakoman.com, ip: 209.85.214.181, mailfrom: steve@sakoman.com) Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-2165cb60719so78420405ad.0 for ; Mon, 20 Jan 2025 09:51:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737395480; x=1738000280; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=pkxh7LYo9GbfmnJXVs4NGBdIPi3cJ1MRzrXAoNEpOpk=; b=wKcqJE8V+oS5NKRniHKRZdnwQDVHjaZNlkb2qW0ATFpvT38Njma4mvhYZpj+KtPSRj 3D7xMcWHCJfovpDvfOMXsbrZ/RaR7rrTJj2RcsBy44V/6RAMAHWM02XSFDeAsUoIK+VE JLU7CwnYP1rES9nChnlPvyejAn8XP4Gco48+21ahXDacgT/dyn7we/hIe4YUM/GbNj9x FdaB0mwigA70iOqQu5aNVU3wivnyb1VB8k7W58x+0iwNGej3k0U9Szo2TZKBuxCQqxOZ zviNvyzofmENncexEIRH/BefqOdOlkmtc+Gaus4BdVr9jaHZsHtbCyzFW5ZSuapXaN/J sbKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737395480; x=1738000280; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pkxh7LYo9GbfmnJXVs4NGBdIPi3cJ1MRzrXAoNEpOpk=; b=D3vQHlkxbv8FPyByl0Z/6K/Las4WTc/lnXfe4fSOsMbtP4XDEgAZsNd8aD0corWMpT DXQVVkjXuD9zA4P1ElFy8VTEulkKPiaRadokIuUusLMNaVkIgrShkON/bfG0MI4iSqUw TC+KvRYb0cxvazDtGOov3PsWtPMDN4EHVAtrQXNsYWhCv8eb6+hE4ezgrXyR7KuRL/h5 IaAdf1NK0FqbGV8ga+9cVO7op7NacV8XyA8uxP24ud5XcaCxEMWdt05K6I0uT1jZHJVG ZfvarDZvQ4FbnvAkwF784hxDJBCteJPaEz6zJK6dVRL3QPoF38iu6PrRe2JLew965Uo6 9dWA== X-Gm-Message-State: AOJu0YzYcbZNMITe6wNmnilhGSZeHeUUqs6BrUiTOiriGGJYNLOiQHZI fsA0rXMrAXufzqbX7VeGbcWxYXYfwbkqBItxndCuB+XqPlGw980V991U7dM3W7RcW43+SIW+qe0 3znk= X-Gm-Gg: ASbGnctHyeNNC5ykGifb4tL3C3FzW2SzT3GNrJfTfLPy+KUUo8t6xaJCmPw071qoPBy r1VIqkiePcz3+WBn2mK9VeJ2LrGQLJ563EUCEb3ErcwAxBOvNmJ5eYq2q9ybHTOgaVhfUmFV4kn PLBAIJWCQymVGpDDBEBL6gKCdZDrh97mRrnWMgnEtFoJhaCH/TBCkC8+1cdtlgOztH4Gv7Wk5MV Zwv3QnrMp237sQY8OVJebQgcuwIN8Qxsbcwp5UKVATdC2w3HCkagD05oW0= X-Google-Smtp-Source: AGHT+IEMbAJ9nAKB5a+ReLlWpDxh/61RqwU4rf0fmHCpvtRPRLn8oMPuq/6KZZdqFnN1YbFn+sVGvA== X-Received: by 2002:a05:6a20:1582:b0:1e0:c56f:7db4 with SMTP id adf61e73a8af0-1eb21470d9dmr24425535637.2.1737395479591; Mon, 20 Jan 2025 09:51:19 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-a9bcdcf643esm6155565a12.38.2025.01.20.09.51.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jan 2025 09:51:19 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 07/16] rsync: fix CVE-2024-12084 Date: Mon, 20 Jan 2025 09:50:51 -0800 Message-ID: <17fac276e27af19b00b6263f22156a55bae6a5c9.1737395091.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Jan 2025 17:51:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/210051 From: Archana Polampalli A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer. Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../rsync/files/CVE-2024-12084-0001.patch | 156 ++++++++++++++++++ .../rsync/files/CVE-2024-12084-0002.patch | 43 +++++ meta/recipes-devtools/rsync/rsync_3.2.7.bb | 2 + 3 files changed, 201 insertions(+) create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12084-0001.patch create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12084-0002.patch diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12084-0001.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12084-0001.patch new file mode 100644 index 0000000000..d654067fab --- /dev/null +++ b/meta/recipes-devtools/rsync/files/CVE-2024-12084-0001.patch @@ -0,0 +1,156 @@ +From 0902b52f6687b1f7952422080d50b93108742e53 Mon Sep 17 00:00:00 2001 +From: Wayne Davison +Date: Tue, 29 Oct 2024 22:55:29 -0700 +Subject: [PATCH] Some checksum buffer fixes. + +- Put sum2_array into sum_struct to hold an array of sum2 checksums + that are each xfer_sum_len bytes. +- Remove sum2 buf from sum_buf. +- Add macro sum2_at() to access each sum2 array element. +- Throw an error if a sums header has an s2length larger than + xfer_sum_len. + +CVE: CVE-2024-12084 + +Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=0902b52f6687b1f7952422080d50b93108742e53] + +Signed-off-by: Archana Polampalli +--- + io.c | 3 ++- + match.c | 8 ++++---- + rsync.c | 5 ++++- + rsync.h | 4 +++- + sender.c | 4 +++- + 5 files changed, 16 insertions(+), 8 deletions(-) + +diff --git a/io.c b/io.c +index a99ac0ec..bb60eeca 100644 +--- a/io.c ++++ b/io.c +@@ -55,6 +55,7 @@ extern int read_batch; + extern int compat_flags; + extern int protect_args; + extern int checksum_seed; ++extern int xfer_sum_len; + extern int daemon_connection; + extern int protocol_version; + extern int remove_source_files; +@@ -1977,7 +1978,7 @@ void read_sum_head(int f, struct sum_struct *sum) + exit_cleanup(RERR_PROTOCOL); + } + sum->s2length = protocol_version < 27 ? csum_length : (int)read_int(f); +- if (sum->s2length < 0 || sum->s2length > MAX_DIGEST_LEN) { ++ if (sum->s2length < 0 || sum->s2length > xfer_sum_len) { + rprintf(FERROR, "Invalid checksum length %d [%s]\n", + sum->s2length, who_am_i()); + exit_cleanup(RERR_PROTOCOL); +diff --git a/match.c b/match.c +index cdb30a15..36e78ed2 100644 +--- a/match.c ++++ b/match.c +@@ -232,7 +232,7 @@ static void hash_search(int f,struct sum_struct *s, + done_csum2 = 1; + } + +- if (memcmp(sum2,s->sums[i].sum2,s->s2length) != 0) { ++ if (memcmp(sum2, sum2_at(s, i), s->s2length) != 0) { + false_alarms++; + continue; + } +@@ -252,7 +252,7 @@ static void hash_search(int f,struct sum_struct *s, + if (i != aligned_i) { + if (sum != s->sums[aligned_i].sum1 + || l != s->sums[aligned_i].len +- || memcmp(sum2, s->sums[aligned_i].sum2, s->s2length) != 0) ++ || memcmp(sum2, sum2_at(s, aligned_i), s->s2length) != 0) + goto check_want_i; + i = aligned_i; + } +@@ -271,7 +271,7 @@ static void hash_search(int f,struct sum_struct *s, + if (sum != s->sums[i].sum1) + goto check_want_i; + get_checksum2((char *)map, l, sum2); +- if (memcmp(sum2, s->sums[i].sum2, s->s2length) != 0) ++ if (memcmp(sum2, sum2_at(s, i), s->s2length) != 0) + goto check_want_i; + /* OK, we have a re-alignment match. Bump the offset + * forward to the new match point. */ +@@ -290,7 +290,7 @@ static void hash_search(int f,struct sum_struct *s, + && (!updating_basis_file || s->sums[want_i].offset >= offset + || s->sums[want_i].flags & SUMFLG_SAME_OFFSET) + && sum == s->sums[want_i].sum1 +- && memcmp(sum2, s->sums[want_i].sum2, s->s2length) == 0) { ++ && memcmp(sum2, sum2_at(s, want_i), s->s2length) == 0) { + /* we've found an adjacent match - the RLL coder + * will be happy */ + i = want_i; +diff --git a/rsync.c b/rsync.c +index cd288f57..b130aba5 100644 +--- a/rsync.c ++++ b/rsync.c +@@ -437,7 +437,10 @@ int read_ndx_and_attrs(int f_in, int f_out, int *iflag_ptr, uchar *type_ptr, cha + */ + void free_sums(struct sum_struct *s) + { +- if (s->sums) free(s->sums); ++ if (s->sums) { ++ free(s->sums); ++ free(s->sum2_array); ++ } + free(s); + } + +diff --git a/rsync.h b/rsync.h +index d3709fe0..8ddbe702 100644 +--- a/rsync.h ++++ b/rsync.h +@@ -958,12 +958,12 @@ struct sum_buf { + uint32 sum1; /**< simple checksum */ + int32 chain; /**< next hash-table collision */ + short flags; /**< flag bits */ +- char sum2[SUM_LENGTH]; /**< checksum */ + }; + + struct sum_struct { + OFF_T flength; /**< total file length */ + struct sum_buf *sums; /**< points to info for each chunk */ ++ char *sum2_array; /**< checksums of length xfer_sum_len */ + int32 count; /**< how many chunks */ + int32 blength; /**< block_length */ + int32 remainder; /**< flength % block_length */ +@@ -982,6 +982,8 @@ struct map_struct { + int status; /* first errno from read errors */ + }; + ++#define sum2_at(s, i) ((s)->sum2_array + ((OFF_T)(i) * xfer_sum_len)) ++ + #define NAME_IS_FILE (0) /* filter name as a file */ + #define NAME_IS_DIR (1<<0) /* filter name as a dir */ + #define NAME_IS_XATTR (1<<2) /* filter name as an xattr */ +diff --git a/sender.c b/sender.c +index 3d4f052e..ab205341 100644 +--- a/sender.c ++++ b/sender.c +@@ -31,6 +31,7 @@ extern int log_before_transfer; + extern int stdout_format_has_i; + extern int logfile_format_has_i; + extern int want_xattr_optim; ++extern int xfer_sum_len; + extern int csum_length; + extern int append_mode; + extern int copy_links; +@@ -94,10 +95,11 @@ static struct sum_struct *receive_sums(int f) + return(s); + + s->sums = new_array(struct sum_buf, s->count); ++ s->sum2_array = new_array(char, s->count * xfer_sum_len); + + for (i = 0; i < s->count; i++) { + s->sums[i].sum1 = read_int(f); +- read_buf(f, s->sums[i].sum2, s->s2length); ++ read_buf(f, sum2_at(s, i), s->s2length); + + s->sums[i].offset = offset; + s->sums[i].flags = 0; +-- +2.40.0 diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12084-0002.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12084-0002.patch new file mode 100644 index 0000000000..266b80c241 --- /dev/null +++ b/meta/recipes-devtools/rsync/files/CVE-2024-12084-0002.patch @@ -0,0 +1,43 @@ +From 42e2b56c4ede3ab164f9a5c6dae02aa84606a6c1 Mon Sep 17 00:00:00 2001 +From: Wayne Davison +Date: Tue, 5 Nov 2024 11:01:03 -0800 +Subject: [PATCH] Another cast when multiplying integers. + +CVE: CVE-2024-12084 + +Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=42e2b56c4ede3ab164f9a5c6dae02aa84606a6c1] + +Signed-off-by: Archana Polampalli +--- + rsync.h | 2 +- + sender.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/rsync.h b/rsync.h +index 8ddbe702..0f9e277f 100644 +--- a/rsync.h ++++ b/rsync.h +@@ -982,7 +982,7 @@ struct map_struct { + int status; /* first errno from read errors */ + }; + +-#define sum2_at(s, i) ((s)->sum2_array + ((OFF_T)(i) * xfer_sum_len)) ++#define sum2_at(s, i) ((s)->sum2_array + ((size_t)(i) * xfer_sum_len)) + + #define NAME_IS_FILE (0) /* filter name as a file */ + #define NAME_IS_DIR (1<<0) /* filter name as a dir */ +diff --git a/sender.c b/sender.c +index ab205341..2bbff2fa 100644 +--- a/sender.c ++++ b/sender.c +@@ -95,7 +95,7 @@ static struct sum_struct *receive_sums(int f) + return(s); + + s->sums = new_array(struct sum_buf, s->count); +- s->sum2_array = new_array(char, s->count * xfer_sum_len); ++ s->sum2_array = new_array(char, (size_t)s->count * xfer_sum_len); + + for (i = 0; i < s->count; i++) { + s->sums[i].sum1 = read_int(f); +-- +2.40.0 diff --git a/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb index 53c2136f4d..749d44948d 100644 --- a/meta/recipes-devtools/rsync/rsync_3.2.7.bb +++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb @@ -15,6 +15,8 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ file://makefile-no-rebuild.patch \ file://determism.patch \ file://0001-Add-missing-prototypes-to-function-declarations.patch \ + file://CVE-2024-12084-0001.patch \ + file://CVE-2024-12084-0002.patch \ " SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb" From patchwork Mon Jan 20 17:50:52 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 55857 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 16A46C02185 for ; Mon, 20 Jan 2025 17:51:25 +0000 (UTC) Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) by mx.groups.io with SMTP id smtpd.web10.42246.1737395481574814529 for ; Mon, 20 Jan 2025 09:51:21 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=VHbzrSNZ; spf=softfail (domain: sakoman.com, ip: 209.85.214.179, mailfrom: steve@sakoman.com) Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-21680814d42so76918065ad.2 for ; Mon, 20 Jan 2025 09:51:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737395481; x=1738000281; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=xEvEX0kAC+Ypa3s3SEafmlMytcX9xgDlWiE6OToSukI=; b=VHbzrSNZ9Cb0AW+G/DrkQHNdt0C3D52SC8nIYfWdmvk+vD7h8I72mxMU0izHa+qabf 5+xwUHcD96bnXv7gOH0MYZ50eP2x/T3ea9VyRGMDT9S253OlE1Cw8JL+qjav4cZMM8QI LqA6lz1P6WMEr6a2Lv5Xzl2dsAwudgZcI/3dx4eiseM5syCyzJuDxaSNkxstKPCJWfb6 jCVTLOqA4u4jVweM4I8b9Eh7R29RSsubWBHi+DOojgBLtVO49fDmOX2t/EM90RCcIsUE lvJPPulUXqAU9Ksh5x2fIgV/0QJ+UHxA0Fr3Vlfkz10OfNr2aVR+QKzjdyh5fvkj2k/T xByA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737395481; x=1738000281; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xEvEX0kAC+Ypa3s3SEafmlMytcX9xgDlWiE6OToSukI=; b=vni244lp2yBQH+At6DZc/TMq4Xd2j6Wvo0ggJCoZqVyPR8LflQ6QUgHUyw1lhgUA5n kg/YgWbTDm9Xt17yt3V72GBQIPtqlx9dQhQw6RbUUCoNwhAOgvePTxGVimucIHfP9y3a Jra9MKeSKQDEzc3zWKfOZeFoXlaD421I/BwrYD3sMfLZrmW7ParrO2FXPThC+H9IQ2mM NC62x/ZXHXqwrfd7HL73dT7fKOEzoHDujjnP+76G/TkG/oeLhbDCy5nRmyGEmaL0TkKP fHT4aPmN/VqTkwUus7uXug5u/7VjWXAm7UOyWYkAucz+lu97bb1Sw7bKqpobcxhz/D/5 90TA== X-Gm-Message-State: AOJu0YzKQirEHggwmYJEFoMyoDjxrZz+c/Fc7Zn8azFtjbINy5JN4cRr Zx2EQfZrIBunuCt6iLkZ8Q6kEyUSfnMRaKfe+A5RxYeie2l/6VfEgk/DO6SUIYaMpYkJekld6WE 30wU= X-Gm-Gg: ASbGncuVskbxyHBMSnsNabr4aEbUKuOVdLeHKtLCxZwPZJySxhazjhYOU3iEvk7I045 sP6ChyP3eCHhpd+SBAhBsGQ0nQfJPjUtEurjRxpdBqP5G2rIoxdmWG3u5gz8YpA9KhML0AYguK7 86KRdU6lq12TZIOv67VPfio6TvoATnFppcD7XPuJAL+gLCwcCTkV1mhmL0tUzfnrxdYSpuQXm75 ZcnYy7HwB+jfJcJXKZagCfH+cqw2W0E7Zn1wlg9CNsKLcr09up08OGVdiI= X-Google-Smtp-Source: AGHT+IHHgKt45yqSNSRzuv5jUcd3aHGvJwuMRYE0uvLpvQdtMGck+HV/Gg9wZyVq6lKNz7ye+cxCvw== X-Received: by 2002:a05:6a20:72ab:b0:1e5:b0d6:5496 with SMTP id adf61e73a8af0-1eb21481796mr22129958637.15.1737395480803; Mon, 20 Jan 2025 09:51:20 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-a9bcdcf643esm6155565a12.38.2025.01.20.09.51.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jan 2025 09:51:20 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 08/16] rsync: fix CVE-2024-12085 Date: Mon, 20 Jan 2025 09:50:52 -0800 Message-ID: <3fd8bea3e72573cca03cd3f6f4fc077cd2fd45a3.1737395091.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Jan 2025 17:51:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/210052 From: Archana Polampalli A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time. Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../rsync/files/CVE-2024-12085.patch | 32 +++++++++++++++++++ meta/recipes-devtools/rsync/rsync_3.2.7.bb | 1 + 2 files changed, 33 insertions(+) create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12085.patch diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch new file mode 100644 index 0000000000..165d5a62f9 --- /dev/null +++ b/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch @@ -0,0 +1,32 @@ +From 589b0691e59f761ccb05ddb8e1124991440db2c7 Mon Sep 17 00:00:00 2001 +From: Andrew Tridgell +Date: Thu, 14 Nov 2024 09:57:08 +1100 +Subject: [PATCH] prevent information leak off the stack + +prevent leak of uninitialised stack data in hash_search + +CVE: CVE-2024-12085 + +Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=589b0691e59f761ccb05ddb8e1124991440db2c7] + +Signed-off-by: Archana Polampalli +--- + match.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/match.c b/match.c +index 36e78ed2..dfd6af2c 100644 +--- a/match.c ++++ b/match.c +@@ -147,6 +147,9 @@ static void hash_search(int f,struct sum_struct *s, + int more; + schar *map; + ++ // prevent possible memory leaks ++ memset(sum2, 0, sizeof sum2); ++ + /* want_i is used to encourage adjacent matches, allowing the RLL + * coding of the output to work more efficiently. */ + want_i = 0; +-- +2.40.0 diff --git a/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb index 749d44948d..6f4d539e4a 100644 --- a/meta/recipes-devtools/rsync/rsync_3.2.7.bb +++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb @@ -17,6 +17,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ file://0001-Add-missing-prototypes-to-function-declarations.patch \ file://CVE-2024-12084-0001.patch \ file://CVE-2024-12084-0002.patch \ + file://CVE-2024-12085.patch \ " SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb" From patchwork Mon Jan 20 17:50:53 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 55861 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0AD7EC0218B for ; Mon, 20 Jan 2025 17:51:25 +0000 (UTC) Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) by mx.groups.io with SMTP id smtpd.web10.42248.1737395483089778840 for ; Mon, 20 Jan 2025 09:51:23 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=vl30uKWb; spf=softfail (domain: sakoman.com, ip: 209.85.216.43, mailfrom: steve@sakoman.com) Received: by mail-pj1-f43.google.com with SMTP id 98e67ed59e1d1-2ef760a1001so8116707a91.0 for ; Mon, 20 Jan 2025 09:51:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737395482; x=1738000282; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=fOn2+f2n6RMyqpnImCXW6tCKzhhJdOCr0jboslUA1Bo=; b=vl30uKWbiIVT5RP+WY5Z8g+Q35CjYr2Z+2+px7aGePAYYlRmGYbc6TkMeObJtMjuvp g/zwLg8ApzerFhqNfc9tY07BZ81HMmIejabgZ7tbYOoqY5oHDGvwOGsKZ/7jkRvCrNOZ x1fZ/KmMdk0qsqsToI2DrCSAD6BK7Nj9Fj/TxlA2IzGBHOscbqi6Cad+fu7saagMHQhS iJLVtbpIdg/7kODQHi/1C5Xay9XYsO+xTqd1x845wxPRApDWfJRjnMgqnijWysxwTH/9 oygs7Ub817K4yz5VYOq5PBlsOfnBEJ5xB/L8pIfzM3OPn4m77afh9chCVf1YybZVPvya g54g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737395482; x=1738000282; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fOn2+f2n6RMyqpnImCXW6tCKzhhJdOCr0jboslUA1Bo=; b=UAlBcPtGsPLQFztQz2GA8y3pmAh30rV94HlW+QBXHBDWhxHpt4MPx1gl1qhdY4gfoU 6PtshZ6bIDTdBDAsBSVXCKuV0Jj7fYxB+TyvxNnHqT3GE5Ao6yU2HRVlHT2cuvOC78zg OWB1emlwD3MmZS21kBOy0//3wsEP9neW6GxlEOlAOzZqdfWCJWJRtufwUx7ZN9kq0ul+ piqIkpGbQAq+AshuAAF1uzvktOWgFMfRkbmONU5uZbaYzH0kHDaDPzt40d/tlNLt3p1C BGdtTOCVDljd/Pa0gjNBUTf1yZ9HvXHoVPAY6uQaLFNg+KbvidnLJBdEu/BspCw5lLt1 NN7A== X-Gm-Message-State: AOJu0YwvNLvncjDqoWQmkyBBblOXi8MjKcDD6OVRGrSM/AHGGaHBV4VV dtlQksiQu1W/AZuNq8XOQ2wH/M8TE7pH1eZLFa76aagU/UAYEG/upRcwTRH5g9NDaYKrRd4ynm0 cSJE= X-Gm-Gg: ASbGnctPplDnBrzq0MlIHzxvi8kjp2SpjvatUEqCIl14KnTmTTVut/bXRnc1gL2IabO OJCOvCxTG/sLjZqmgl+WBk/fYcV7F9iZYBiQWgLofC6PB7VvBvOZFCXF6PQEhNN401KhXmNYjTn vhRhTyusEL4UR3CkIdnWJGtNBT10WXQh9ZJM4T+klH0GV46c+yf1QmHgeKZYEz+rEX5ieSZhiEc z1t+aMyTFUu9HYIk3yipCdYb5HDTgN7qNcQj0TlyxoiaCFlh0RDCGeZR70= X-Google-Smtp-Source: AGHT+IGMLskGGsbNdJIbZnqaqyXwPHE75scv2RcicvKbi4hV/lydd9KuoWlxeL9X4h1FEBi6cQpmIw== X-Received: by 2002:a17:90b:2750:b0:2ee:aef4:2c5d with SMTP id 98e67ed59e1d1-2f782d32bdcmr17888054a91.26.1737395482293; Mon, 20 Jan 2025 09:51:22 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-a9bcdcf643esm6155565a12.38.2025.01.20.09.51.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jan 2025 09:51:21 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 09/16] rsync: fix CVE-2024-12086 Date: Mon, 20 Jan 2025 09:50:53 -0800 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Jan 2025 17:51:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/210053 From: Archana Polampalli A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client. Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../rsync/files/CVE-2024-12086-0001.patch | 42 +++++++ .../rsync/files/CVE-2024-12086-0002.patch | 108 ++++++++++++++++++ .../rsync/files/CVE-2024-12086-0003.patch | 108 ++++++++++++++++++ .../rsync/files/CVE-2024-12086-0004.patch | 41 +++++++ meta/recipes-devtools/rsync/rsync_3.2.7.bb | 4 + 5 files changed, 303 insertions(+) create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12086-0001.patch create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12086-0002.patch create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12086-0003.patch create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12086-0004.patch diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12086-0001.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12086-0001.patch new file mode 100644 index 0000000000..958a25a37b --- /dev/null +++ b/meta/recipes-devtools/rsync/files/CVE-2024-12086-0001.patch @@ -0,0 +1,42 @@ +From 8ad4b5d912fad1df29717dddaa775724da77d299 Mon Sep 17 00:00:00 2001 +From: Andrew Tridgell +Date: Sat, 23 Nov 2024 11:08:03 +1100 +Subject: [PATCH] refuse fuzzy options when fuzzy not selected + +this prevents a malicious server providing a file to compare to when +the user has not given the fuzzy option + +CVE: CVE-2024-12086 + +Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=8ad4b5d912fad1df29717dddaa775724da77d299] + +Signed-off-by: Archana Polampalli +--- + receiver.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/receiver.c b/receiver.c +index 6b4b369e..2d7f6033 100644 +--- a/receiver.c ++++ b/receiver.c +@@ -66,6 +66,7 @@ extern char sender_file_sum[MAX_DIGEST_LEN]; + extern struct file_list *cur_flist, *first_flist, *dir_flist; + extern filter_rule_list daemon_filter_list; + extern OFF_T preallocated_len; ++extern int fuzzy_basis; + + extern struct name_num_item *xfer_sum_nni; + extern int xfer_sum_len; +@@ -716,6 +717,10 @@ int recv_files(int f_in, int f_out, char *local_name) + fnamecmp = get_backup_name(fname); + break; + case FNAMECMP_FUZZY: ++ if (fuzzy_basis == 0) { ++ rprintf(FERROR_XFER, "rsync: refusing malicious fuzzy operation for %s\n", xname); ++ exit_cleanup(RERR_PROTOCOL); ++ } + if (file->dirname) { + pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, file->dirname, xname); + fnamecmp = fnamecmpbuf; +-- +2.40.0 diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12086-0002.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12086-0002.patch new file mode 100644 index 0000000000..5d25f12dd8 --- /dev/null +++ b/meta/recipes-devtools/rsync/files/CVE-2024-12086-0002.patch @@ -0,0 +1,108 @@ +From b4a27ca25d0abb6fcf14f41b7e11f3a6e1d8a4ff Mon Sep 17 00:00:00 2001 +From: Andrew Tridgell +Date: Sat, 23 Nov 2024 12:26:10 +1100 +Subject: [PATCH] added secure_relative_open() + +this is an open that enforces no symlink following for all path +components in a relative path + +CVE: CVE-2024-12086 + +Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=b4a27ca25d0abb6fcf14f41b7e11f3a6e1d8a4ff] + +Signed-off-by: Archana Polampalli +--- + syscall.c | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 74 insertions(+) + +diff --git a/syscall.c b/syscall.c +index b4b0f1f1..cffc814b 100644 +--- a/syscall.c ++++ b/syscall.c +@@ -33,6 +33,8 @@ + #include + #endif + ++#include "ifuncs.h" ++ + extern int dry_run; + extern int am_root; + extern int am_sender; +@@ -707,3 +709,75 @@ int do_open_nofollow(const char *pathname, int flags) + + return fd; + } ++ ++/* ++ open a file relative to a base directory. The basedir can be NULL, ++ in which case the current working directory is used. The relpath ++ must be a relative path, and the relpath must not contain any ++ elements in the path which follow symlinks (ie. like O_NOFOLLOW, but ++ applies to all path components, not just the last component) ++*/ ++int secure_relative_open(const char *basedir, const char *relpath, int flags, mode_t mode) ++{ ++ if (!relpath || relpath[0] == '/') { ++ // must be a relative path ++ errno = EINVAL; ++ return -1; ++ } ++ ++#if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY) ++ // really old system, all we can do is live with the risks ++ if (!basedir) { ++ return open(relpath, flags, mode); ++ } ++ char fullpath[MAXPATHLEN]; ++ pathjoin(fullpath, sizeof fullpath, basedir, relpath); ++ return open(fullpath, flags, mode); ++#else ++ int dirfd = AT_FDCWD; ++ if (basedir != NULL) { ++ dirfd = openat(AT_FDCWD, basedir, O_RDONLY | O_DIRECTORY); ++ if (dirfd == -1) { ++ return -1; ++ } ++ } ++ int retfd = -1; ++ ++ char *path_copy = my_strdup(relpath, __FILE__, __LINE__); ++ if (!path_copy) { ++ return -1; ++ } ++ ++ for (const char *part = strtok(path_copy, "/"); ++ part != NULL; ++ part = strtok(NULL, "/")) ++ { ++ int next_fd = openat(dirfd, part, O_RDONLY | O_DIRECTORY | O_NOFOLLOW); ++ if (next_fd == -1 && errno == ENOTDIR) { ++ if (strtok(NULL, "/") != NULL) { ++ // this is not the last component of the path ++ errno = ELOOP; ++ goto cleanup; ++ } ++ // this could be the last component of the path, try as a file ++ retfd = openat(dirfd, part, flags | O_NOFOLLOW, mode); ++ goto cleanup; ++ } ++ if (next_fd == -1) { ++ goto cleanup; ++ } ++ if (dirfd != AT_FDCWD) close(dirfd); ++ dirfd = next_fd; ++ } ++ ++ // the path must be a directory ++ errno = EINVAL; ++ ++cleanup: ++ free(path_copy); ++ if (dirfd != AT_FDCWD) { ++ close(dirfd); ++ } ++ return retfd; ++#endif // O_NOFOLLOW, O_DIRECTORY ++} +-- +2.40.0 diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12086-0003.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12086-0003.patch new file mode 100644 index 0000000000..de1747adf2 --- /dev/null +++ b/meta/recipes-devtools/rsync/files/CVE-2024-12086-0003.patch @@ -0,0 +1,108 @@ +From c35e28331f10ba6eba370611abd78bde32d54da7 Mon Sep 17 00:00:00 2001 +From: Andrew Tridgell +Date: Sat, 23 Nov 2024 12:28:13 +1100 +Subject: [PATCH] receiver: use secure_relative_open() for basis file + +this prevents attacks where the basis file is manipulated by a +malicious sender to gain information about files outside the +destination tree + +CVE: CVE-2024-12086 + +Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=c35e28331f10ba6eba370611abd78bde32d54da7] + +Signed-off-by: Archana Polampalli +--- + receiver.c | 42 ++++++++++++++++++++++++++---------------- + 1 file changed, 26 insertions(+), 16 deletions(-) + +diff --git a/receiver.c b/receiver.c +index 2d7f6033..8031b8f4 100644 +--- a/receiver.c ++++ b/receiver.c +@@ -552,6 +552,8 @@ int recv_files(int f_in, int f_out, char *local_name) + progress_init(); + + while (1) { ++ const char *basedir = NULL; ++ + cleanup_disable(); + + /* This call also sets cur_flist. */ +@@ -722,27 +724,29 @@ int recv_files(int f_in, int f_out, char *local_name) + exit_cleanup(RERR_PROTOCOL); + } + if (file->dirname) { +- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, file->dirname, xname); +- fnamecmp = fnamecmpbuf; +- } else +- fnamecmp = xname; ++ basedir = file->dirname; ++ } ++ fnamecmp = xname; + break; + default: + if (fnamecmp_type > FNAMECMP_FUZZY && fnamecmp_type-FNAMECMP_FUZZY <= basis_dir_cnt) { + fnamecmp_type -= FNAMECMP_FUZZY + 1; + if (file->dirname) { +- stringjoin(fnamecmpbuf, sizeof fnamecmpbuf, +- basis_dir[fnamecmp_type], "/", file->dirname, "/", xname, NULL); +- } else +- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], xname); ++ pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], file->dirname); ++ basedir = fnamecmpbuf; ++ } else { ++ basedir = basis_dir[fnamecmp_type]; ++ } ++ fnamecmp = xname; + } else if (fnamecmp_type >= basis_dir_cnt) { + rprintf(FERROR, + "invalid basis_dir index: %d.\n", + fnamecmp_type); + exit_cleanup(RERR_PROTOCOL); +- } else +- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], fname); +- fnamecmp = fnamecmpbuf; ++ } else { ++ basedir = basis_dir[fnamecmp_type]; ++ fnamecmp = fname; ++ } + break; + } + if (!fnamecmp || (daemon_filter_list.head +@@ -765,7 +769,7 @@ int recv_files(int f_in, int f_out, char *local_name) + } + + /* open the file */ +- fd1 = do_open(fnamecmp, O_RDONLY, 0); ++ fd1 = secure_relative_open(basedir, fnamecmp, O_RDONLY, 0); + + if (fd1 == -1 && protocol_version < 29) { + if (fnamecmp != fname) { +@@ -776,14 +780,20 @@ int recv_files(int f_in, int f_out, char *local_name) + + if (fd1 == -1 && basis_dir[0]) { + /* pre-29 allowed only one alternate basis */ +- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, +- basis_dir[0], fname); +- fnamecmp = fnamecmpbuf; ++ basedir = basis_dir[0]; ++ fnamecmp = fname; + fnamecmp_type = FNAMECMP_BASIS_DIR_LOW; +- fd1 = do_open(fnamecmp, O_RDONLY, 0); ++ fd1 = secure_relative_open(basedir, fnamecmp, O_RDONLY, 0); + } + } + ++ if (basedir) { ++ // for the following code we need the full ++ // path name as a single string ++ pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basedir, fnamecmp); ++ fnamecmp = fnamecmpbuf; ++ } ++ + one_inplace = inplace_partial && fnamecmp_type == FNAMECMP_PARTIAL_DIR; + updating_basis_or_equiv = one_inplace + || (inplace && (fnamecmp == fname || fnamecmp_type == FNAMECMP_BACKUP)); +-- +2.40.0 diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12086-0004.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12086-0004.patch new file mode 100644 index 0000000000..b85e1dfae4 --- /dev/null +++ b/meta/recipes-devtools/rsync/files/CVE-2024-12086-0004.patch @@ -0,0 +1,41 @@ +From 9f86ddc9652247233f32b241a79d5aa4fb9d4afa Mon Sep 17 00:00:00 2001 +From: Andrew Tridgell +Date: Tue, 26 Nov 2024 09:16:31 +1100 +Subject: [PATCH] disallow ../ elements in relpath for secure_relative_open + +CVE: CVE-2024-12086 + +Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=9f86ddc9652247233f32b241a79d5aa4fb9d4afa] + +Signed-off-by: Archana Polampalli +--- + syscall.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/syscall.c b/syscall.c +index cffc814b..081357bb 100644 +--- a/syscall.c ++++ b/syscall.c +@@ -716,6 +716,8 @@ int do_open_nofollow(const char *pathname, int flags) + must be a relative path, and the relpath must not contain any + elements in the path which follow symlinks (ie. like O_NOFOLLOW, but + applies to all path components, not just the last component) ++ ++ The relpath must also not contain any ../ elements in the path + */ + int secure_relative_open(const char *basedir, const char *relpath, int flags, mode_t mode) + { +@@ -724,6 +726,11 @@ int secure_relative_open(const char *basedir, const char *relpath, int flags, mo + errno = EINVAL; + return -1; + } ++ if (strncmp(relpath, "../", 3) == 0 || strstr(relpath, "/../")) { ++ // no ../ elements allowed in the relpath ++ errno = EINVAL; ++ return -1; ++ } + + #if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY) + // really old system, all we can do is live with the risks +-- +2.40.0 diff --git a/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb index 6f4d539e4a..b6baec63a2 100644 --- a/meta/recipes-devtools/rsync/rsync_3.2.7.bb +++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb @@ -18,6 +18,10 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ file://CVE-2024-12084-0001.patch \ file://CVE-2024-12084-0002.patch \ file://CVE-2024-12085.patch \ + file://CVE-2024-12086-0001.patch \ + file://CVE-2024-12086-0002.patch \ + file://CVE-2024-12086-0003.patch \ + file://CVE-2024-12086-0004.patch \ " SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb" From patchwork Mon Jan 20 17:50:54 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 55862 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3460FC0218E for ; Mon, 20 Jan 2025 17:51:25 +0000 (UTC) Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.web10.42250.1737395484554309546 for ; Mon, 20 Jan 2025 09:51:24 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=vpaNk5s4; spf=softfail (domain: sakoman.com, ip: 209.85.214.173, mailfrom: steve@sakoman.com) Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-2156e078563so60578355ad.2 for ; Mon, 20 Jan 2025 09:51:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737395484; x=1738000284; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=NsuCAIsiZoI3gKcWncGgvSftL8Fs/aMYdTyM8ft6BVY=; b=vpaNk5s4TVXoLErjJi9VTeS6sSDPeIX2gdp1bqd4+7QAoARR/ssEcSabMJ0NeVc1J+ YPiPEQ7spsfl/7wmeUNAc36U9L5XZLReZyxkSgRCsmTUZdz/3QXAuJJbK0OSa17N9eZ4 oj5Zu+OqhHfAE2ef7IISDyWsAMzkK4s+CKH6X+Bs0e2VpQMF+P5pykaO3g+K8yzCHMdp sAEp03KdTlWFlN3lcDssSIPoMNAkNlv9CzwEqElYjpZsVkOIjt3SLPlbgbcYsyeNHIc7 ji/SWAnRx8AuxcoDPViSaS9CQv1kp2EJyQcAiNpLeaYWkkGNE14Q4DrmxtfH/PdwA5Kc MIyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737395484; x=1738000284; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NsuCAIsiZoI3gKcWncGgvSftL8Fs/aMYdTyM8ft6BVY=; b=Zeue3uhYzMz0ojMQWn/g1tJReNq3at2YJBPk015mYtAaKr9tDrp+EgU7umknB/879G sXn9D8lkHAjCz33O7c/RCDTga5yjssoDcaHr6coW2Da9x9cDvoAsZsH7Jr/CnPAXLy1i RX0Zdc5nJYQm5TQIW9fdKQtcDlEskUnZxHElgDAo/U/KM0S/kRZB9geLMBIzprWQZxlA 7/xRqpBVsgPOqGTPMhaxSPdO41F7QeOliOrh+8dlZafJ1iUyOcXVC11mFHV4UFEL6jIW PvXOrH1JMPe/zAZOOhWN3U4tABtcp5BwQ+Qc7Ro41BeCDi5eoo0AP7p2Za1WRsdpoQQ3 hQ0g== X-Gm-Message-State: AOJu0Yz1z+6ZKH3bxq4cxeRarNmTByzkFXhgC4+O6boZhuQVfkdAJPhW O1yDOkHAAxJnk4mtuXTYidJ8y192xBR7tJnAbYIu2ferJes0Ih+VxRg1xmej5uOPf4IEY04dg+4 Apsc= X-Gm-Gg: ASbGncuEj6kTktLoEHlyviaYz1pf+wbdLjssTvrhsE0vavfEaVr3cTNnyT8Cqsvdkzu NK3Nr/o+vQvCShBPnjRrPElJ4W+lwDAjTVGCkdSA6rfzWVUV21CCMuSPLzJ6J2Z1QwCGFRmVTsp i2IWty/Lprkq3obVprY14akYNbBMa7xA8vUqhaQhQSy3/lrdGfaPOyGTpwMrsVS2tsLlbVLG/lZ gITHpC4b0Cl7YgySDn9qUTtBCBwrum7N8J+cTlJpGqFec2tWT5ysyyDBnc= X-Google-Smtp-Source: AGHT+IEVgPD+PHHbj+kwTLDCAnC038ZONHGFVujdoc2Roz1uXs0DAeY3th1PuFHNI5oEYNfOiLxwsw== X-Received: by 2002:a05:6a20:7494:b0:1db:eecb:f7a1 with SMTP id adf61e73a8af0-1eb2148dfe2mr19480125637.17.1737395483717; Mon, 20 Jan 2025 09:51:23 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-a9bcdcf643esm6155565a12.38.2025.01.20.09.51.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jan 2025 09:51:23 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 10/16] rsync: fix CVE-2024-12087 Date: Mon, 20 Jan 2025 09:50:54 -0800 Message-ID: <12328df8dfcdc73ef70af299e9ebdc1d8ae73f37.1737395091.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Jan 2025 17:51:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/210054 From: Archana Polampalli A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client. Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../rsync/files/CVE-2024-12087-0001.patch | 49 +++++++++++++++++++ .../rsync/files/CVE-2024-12087-0002.patch | 31 ++++++++++++ .../rsync/files/CVE-2024-12087-0003.patch | 40 +++++++++++++++ meta/recipes-devtools/rsync/rsync_3.2.7.bb | 3 ++ 4 files changed, 123 insertions(+) create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12087-0001.patch create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12087-0002.patch create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12087-0003.patch diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12087-0001.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12087-0001.patch new file mode 100644 index 0000000000..67abc64a62 --- /dev/null +++ b/meta/recipes-devtools/rsync/files/CVE-2024-12087-0001.patch @@ -0,0 +1,49 @@ +From 688f5c379a433038bde36897a156d589be373a98 Mon Sep 17 00:00:00 2001 +From: Wayne Davison +Date: Thu, 14 Nov 2024 15:46:50 -0800 +Subject: [PATCH] Refuse a duplicate dirlist. + +CVE: CVE-2024-12087 + +Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=688f5c379a433038bde36897a156d589be373a98] + +Signed-off-by: Archana Polampalli +--- + flist.c | 9 +++++++++ + rsync.h | 1 + + 2 files changed, 10 insertions(+) + +diff --git a/flist.c b/flist.c +index 464d556e..847b1054 100644 +--- a/flist.c ++++ b/flist.c +@@ -2584,6 +2584,15 @@ struct file_list *recv_file_list(int f, int dir_ndx) + init_hard_links(); + #endif + ++ if (inc_recurse && dir_ndx >= 0) { ++ struct file_struct *file = dir_flist->files[dir_ndx]; ++ if (file->flags & FLAG_GOT_DIR_FLIST) { ++ rprintf(FERROR_XFER, "rsync: refusing malicious duplicate flist for dir %d\n", dir_ndx); ++ exit_cleanup(RERR_PROTOCOL); ++ } ++ file->flags |= FLAG_GOT_DIR_FLIST; ++ } ++ + flist = flist_new(0, "recv_file_list"); + flist_expand(flist, FLIST_START_LARGE); + +diff --git a/rsync.h b/rsync.h +index 0f9e277f..b9a7101a 100644 +--- a/rsync.h ++++ b/rsync.h +@@ -84,6 +84,7 @@ + #define FLAG_DUPLICATE (1<<4) /* sender */ + #define FLAG_MISSING_DIR (1<<4) /* generator */ + #define FLAG_HLINKED (1<<5) /* receiver/generator (checked on all types) */ ++#define FLAG_GOT_DIR_FLIST (1<<5)/* sender/receiver/generator - dir_flist only */ + #define FLAG_HLINK_FIRST (1<<6) /* receiver/generator (w/FLAG_HLINKED) */ + #define FLAG_IMPLIED_DIR (1<<6) /* sender/receiver/generator (dirs only) */ + #define FLAG_HLINK_LAST (1<<7) /* receiver/generator */ +-- +2.40.0 diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12087-0002.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12087-0002.patch new file mode 100644 index 0000000000..8a22e0c371 --- /dev/null +++ b/meta/recipes-devtools/rsync/files/CVE-2024-12087-0002.patch @@ -0,0 +1,31 @@ +From 344327385fa47fa5bb67a32c237735e6240cfb93 Mon Sep 17 00:00:00 2001 +From: Andrew Tridgell +Date: Tue, 26 Nov 2024 16:12:45 +1100 +Subject: [PATCH] range check dir_ndx before use + +CVE: CVE-2024-12087 + +Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=344327385fa47fa5bb67a32c237735e6240cfb93] + +Signed-off-by: Archana Polampalli +--- + flist.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/flist.c b/flist.c +index 847b1054..087f9da6 100644 +--- a/flist.c ++++ b/flist.c +@@ -2585,6 +2585,10 @@ struct file_list *recv_file_list(int f, int dir_ndx) + #endif + + if (inc_recurse && dir_ndx >= 0) { ++ if (dir_ndx >= dir_flist->used) { ++ rprintf(FERROR_XFER, "rsync: refusing invalid dir_ndx %u >= %u\n", dir_ndx, dir_flist->used); ++ exit_cleanup(RERR_PROTOCOL); ++ } + struct file_struct *file = dir_flist->files[dir_ndx]; + if (file->flags & FLAG_GOT_DIR_FLIST) { + rprintf(FERROR_XFER, "rsync: refusing malicious duplicate flist for dir %d\n", dir_ndx); +-- +2.40.0 diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12087-0003.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12087-0003.patch new file mode 100644 index 0000000000..0ece69c4e7 --- /dev/null +++ b/meta/recipes-devtools/rsync/files/CVE-2024-12087-0003.patch @@ -0,0 +1,40 @@ +From 996af4a79f9afe4d7158ecdd87c78cee382c6b39 Mon Sep 17 00:00:00 2001 +From: Natanael Copa +Date: Wed, 15 Jan 2025 15:10:24 +0100 +Subject: [PATCH] Fix FLAG_GOT_DIR_FLIST collission with FLAG_HLINKED + +fixes commit 688f5c379a43 (Refuse a duplicate dirlist.) + +Fixes: https://github.com/RsyncProject/rsync/issues/702 +Fixes: https://github.com/RsyncProject/rsync/issues/697 +CVE: CVE-2024-12087 + +Upstream-Status: Backport [https://github.com/RsyncProject/rsync/commit/996af4a79f9afe4d7158ecdd87c78cee382c6b39] + +Signed-off-by: Archana Polampalli +--- + rsync.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/rsync.h b/rsync.h +index 9be1297b..479ac484 100644 +--- a/rsync.h ++++ b/rsync.h +@@ -84,7 +84,6 @@ + #define FLAG_DUPLICATE (1<<4) /* sender */ + #define FLAG_MISSING_DIR (1<<4) /* generator */ + #define FLAG_HLINKED (1<<5) /* receiver/generator (checked on all types) */ +-#define FLAG_GOT_DIR_FLIST (1<<5)/* sender/receiver/generator - dir_flist only */ + #define FLAG_HLINK_FIRST (1<<6) /* receiver/generator (w/FLAG_HLINKED) */ + #define FLAG_IMPLIED_DIR (1<<6) /* sender/receiver/generator (dirs only) */ + #define FLAG_HLINK_LAST (1<<7) /* receiver/generator */ +@@ -93,6 +92,7 @@ + #define FLAG_SKIP_GROUP (1<<10) /* receiver/generator */ + #define FLAG_TIME_FAILED (1<<11)/* generator */ + #define FLAG_MOD_NSEC (1<<12) /* sender/receiver/generator */ ++#define FLAG_GOT_DIR_FLIST (1<<13)/* sender/receiver/generator - dir_flist only */ + + /* These flags are passed to functions but not stored. */ + +-- +2.40.0 diff --git a/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb index b6baec63a2..bfbe97c57d 100644 --- a/meta/recipes-devtools/rsync/rsync_3.2.7.bb +++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb @@ -22,6 +22,9 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ file://CVE-2024-12086-0002.patch \ file://CVE-2024-12086-0003.patch \ file://CVE-2024-12086-0004.patch \ + file://CVE-2024-12087-0001.patch \ + file://CVE-2024-12087-0002.patch \ + file://CVE-2024-12087-0003.patch \ " SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb" From patchwork Mon Jan 20 17:50:55 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 55867 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2DD54C02181 for ; Mon, 20 Jan 2025 17:51:35 +0000 (UTC) Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by mx.groups.io with SMTP id smtpd.web11.42132.1737395485818586029 for ; Mon, 20 Jan 2025 09:51:25 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=DJ6IsQvD; spf=softfail (domain: sakoman.com, ip: 209.85.214.171, mailfrom: steve@sakoman.com) Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-2164b1f05caso85816805ad.3 for ; Mon, 20 Jan 2025 09:51:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737395485; x=1738000285; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=sqzcdHiKPCMe6V21jdHMT1VWdvGkO6G2gfjMwG2C5u8=; b=DJ6IsQvDtf5qEJ4gaBNI4Lcz4R3aliCMAZpn9ZSqv1+i48WYdGBTk8Bgaib6IEoUAe B5dOzT0+rQaNwRxh2DniByV6hR6GFFmkuTSf05ZhgIkDgVGx8Pq+4YzGTViccdXhXGt7 /euBrKu45e3HgYcZ1Bdu1ad9nTb5mwGN5K6nZc9/ywI//iRJfVg6p7QPyHCoYzbXvaGw XD1aBA1k0i82O92nlgyDQiKh+BQs49jTzc8fThUEl7XObgiJlDVUdKK4PuFblI0ko14i dJdP4QXfSzh3sKBHv/FkW4pR3u/WTbrTlgrNW9+T8VHn3u+jtYj77OKWVfsgkRBk5BzG ppDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737395485; x=1738000285; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sqzcdHiKPCMe6V21jdHMT1VWdvGkO6G2gfjMwG2C5u8=; b=gUz84YahD2EcBJ8CSEcNkffgRrAagbd+svwuniK3tRfeNwOs5YceUSHlJwjrL9eZNo kzBoheLu/XrjQAU9354ln8OkuLNkOu8IXQ08B0Qe4mSSnN6FmDphALIdrPijlFAUf9Sb TexzTcvKpqoW71UfPiqEyyfg0ytQvsTpoXjyYgFnt8E2jKQefZDvPQsI4euTOxHafH2d OGPbJnVg0DU/sBOMsex+clGhfxlelbaBRO+wqkn4MQnuP8P1LTfDgcE6In/BWytHb7kv QyETyRoYJ4j4s1iaJNjY5HpqSAZmbfQyC6fRLCWP/jYvtJWUOAUyQcalJiCC8ga/b/LT e6yQ== X-Gm-Message-State: AOJu0YwGeS/ee5Yn8fPvvPPrWLLm6CO9mH0hnd9bliiWhyQxqFyr7LOE c6iNRDHjnthb2cTgDJc9hlgo4fQJj9oQCn/Bs26qmrWHQRgPCbaTL4Pi8Q1t1pKynMqHprN/wSP tp8U= X-Gm-Gg: ASbGnctHIH4ISIHUVskprIgFr/rnyJ0yGOSydnKAsuxnXrmZ9uKxP8EvGnwc+E/HnXC sqCKPyeavyDyBQddVMCbwMKHd7qnM4JgrIki/nGDoJtoRlehp8Rm5PIBlyQB5reP8nVceF8+59m ezryka+NLT0Pe4Sn0caGiDkVv2NnVBKCG+oIrIpq82MgBi1kNVT1zWb1OZv0yX3A0MkV+zW0xUY zFCwfO7RXw1nvcx/LeHVHITWS+v1UWqIFLK5ewJI4OTUejW51wONtyPUPM= X-Google-Smtp-Source: AGHT+IEl8AIHqeF2eNUDIFFUZTa085V3flStGogaa6yDK4ztiPCI1mHfK2f6DvfbLuDIyTC/P8aPSw== X-Received: by 2002:a05:6a21:7882:b0:1ea:ddd1:2fda with SMTP id adf61e73a8af0-1eb215683b7mr22668480637.26.1737395485044; Mon, 20 Jan 2025 09:51:25 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-a9bcdcf643esm6155565a12.38.2025.01.20.09.51.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jan 2025 09:51:24 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 11/16] rsync: fix CVE-2024-12088 Date: Mon, 20 Jan 2025 09:50:55 -0800 Message-ID: <741200c41a19ef5b4876d9a80667dfde2e5f4a9d.1737395091.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Jan 2025 17:51:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/210055 From: Archana Polampalli A flaw was found in rsync. When using the `--safe-links` option, rsync fails to properly verify if a symbolic link destination contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../rsync/files/CVE-2024-12088.patch | 141 ++++++++++++++++++ meta/recipes-devtools/rsync/rsync_3.2.7.bb | 1 + 2 files changed, 142 insertions(+) create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12088.patch diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12088.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12088.patch new file mode 100644 index 0000000000..b2a3a86e1a --- /dev/null +++ b/meta/recipes-devtools/rsync/files/CVE-2024-12088.patch @@ -0,0 +1,141 @@ +From 407c71c7ce562137230e8ba19149c81ccc47c387 Mon Sep 17 00:00:00 2001 +From: Andrew Tridgell +Date: Sat, 23 Nov 2024 15:15:53 +1100 +Subject: [PATCH] make --safe-links stricter + +when --safe-links is used also reject links where a '../' component is +included in the destination as other than the leading part of the +filename + +CVE: CVE-2024-12088 + +Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=407c71c7ce562137230e8ba19149c81ccc47c387] + +Signed-off-by: Archana Polampalli +--- + testsuite/safe-links.test | 55 ++++++++++++++++++++++++++++++++++++ + testsuite/unsafe-byname.test | 2 +- + util1.c | 26 ++++++++++++++++- + 3 files changed, 81 insertions(+), 2 deletions(-) + create mode 100644 testsuite/safe-links.test + +diff --git a/testsuite/safe-links.test b/testsuite/safe-links.test +new file mode 100644 +index 00000000..6e95a4b9 +--- /dev/null ++++ b/testsuite/safe-links.test +@@ -0,0 +1,55 @@ ++#!/bin/sh ++ ++. "$suitedir/rsync.fns" ++ ++test_symlink() { ++ is_a_link "$1" || test_fail "File $1 is not a symlink" ++} ++ ++test_regular() { ++ if [ ! -f "$1" ]; then ++ test_fail "File $1 is not regular file or not exists" ++ fi ++} ++ ++test_notexist() { ++ if [ -e "$1" ]; then ++ test_fail "File $1 exists" ++ fi ++ if [ -h "$1" ]; then ++ test_fail "File $1 exists as a symlink" ++ fi ++} ++ ++cd "$tmpdir" ++ ++mkdir from ++ ++mkdir "from/safe" ++mkdir "from/unsafe" ++ ++mkdir "from/safe/files" ++mkdir "from/safe/links" ++ ++touch "from/safe/files/file1" ++touch "from/safe/files/file2" ++touch "from/unsafe/unsafefile" ++ ++ln -s ../files/file1 "from/safe/links/" ++ln -s ../files/file2 "from/safe/links/" ++ln -s ../../unsafe/unsafefile "from/safe/links/" ++ln -s a/a/a/../../../unsafe2 "from/safe/links/" ++ ++#echo "LISTING FROM" ++#ls -lR from ++ ++echo "rsync with relative path and just -a" ++$RSYNC -avv --safe-links from/safe/ to ++ ++#echo "LISTING TO" ++#ls -lR to ++ ++test_symlink to/links/file1 ++test_symlink to/links/file2 ++test_notexist to/links/unsafefile ++test_notexist to/links/unsafe2 +diff --git a/testsuite/unsafe-byname.test b/testsuite/unsafe-byname.test +index 75e72014..d2e318ef 100644 +--- a/testsuite/unsafe-byname.test ++++ b/testsuite/unsafe-byname.test +@@ -40,7 +40,7 @@ test_unsafe ..//../dest from/dir unsafe + test_unsafe .. from/file safe + test_unsafe ../.. from/file unsafe + test_unsafe ..//.. from//file unsafe +-test_unsafe dir/.. from safe ++test_unsafe dir/.. from unsafe + test_unsafe dir/../.. from unsafe + test_unsafe dir/..//.. from unsafe + +diff --git a/util1.c b/util1.c +index da50ff1e..f260d398 100644 +--- a/util1.c ++++ b/util1.c +@@ -1318,7 +1318,14 @@ int handle_partial_dir(const char *fname, int create) + * + * "src" is the top source directory currently applicable at the level + * of the referenced symlink. This is usually the symlink's full path +- * (including its name), as referenced from the root of the transfer. */ ++ * (including its name), as referenced from the root of the transfer. ++ * ++ * NOTE: this also rejects dest names with a .. component in other ++ * than the first component of the name ie. it rejects names such as ++ * a/b/../x/y. This needs to be done as the leading subpaths 'a' or ++ * 'b' could later be replaced with symlinks such as a link to '.' ++ * resulting in the link being transferred now becoming unsafe ++ */ + int unsafe_symlink(const char *dest, const char *src) + { + const char *name, *slash; +@@ -1328,6 +1335,23 @@ int unsafe_symlink(const char *dest, const char *src) + if (!dest || !*dest || *dest == '/') + return 1; + ++ // reject destinations with /../ in the name other than at the start of the name ++ const char *dest2 = dest; ++ while (strncmp(dest2, "../", 3) == 0) { ++ dest2 += 3; ++ while (*dest2 == '/') { ++ // allow for ..//..///../foo ++ dest2++; ++ } ++ } ++ if (strstr(dest2, "/../")) ++ return 1; ++ ++ // reject if the destination ends in /.. ++ const size_t dlen = strlen(dest); ++ if (dlen > 3 && strcmp(&dest[dlen-3], "/..") == 0) ++ return 1; ++ + /* find out what our safety margin is */ + for (name = src; (slash = strchr(name, '/')) != 0; name = slash+1) { + /* ".." segment starts the count over. "." segment is ignored. */ +-- +2.40.0 diff --git a/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb index bfbe97c57d..df3627ed53 100644 --- a/meta/recipes-devtools/rsync/rsync_3.2.7.bb +++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb @@ -25,6 +25,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ file://CVE-2024-12087-0001.patch \ file://CVE-2024-12087-0002.patch \ file://CVE-2024-12087-0003.patch \ + file://CVE-2024-12088.patch \ " SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb" From patchwork Mon Jan 20 17:50:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 55866 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3AB64C0218C for ; Mon, 20 Jan 2025 17:51:35 +0000 (UTC) Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) by mx.groups.io with SMTP id smtpd.web10.42252.1737395487540887087 for ; Mon, 20 Jan 2025 09:51:27 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=QV+2/ii3; spf=softfail (domain: sakoman.com, ip: 209.85.214.179, mailfrom: steve@sakoman.com) Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-2164b1f05caso85817035ad.3 for ; Mon, 20 Jan 2025 09:51:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737395487; x=1738000287; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=sMZlwOEpUnjmaA+u19KbEtXQ7GcA9wYP2kjgXfyxSUQ=; b=QV+2/ii3yETQzfJcmvA5IKnGDGX8NLC9yIwP//mEXKFfB1Fz/acuBt4fBtbmIgv8pE 6sYkKk/wD6ctNPSZVaW8Fi/qvz9DCEvFRWgbEmby5HV9kMTe1z/A4FhwdgvFwSTBJ6kp cdc5Nwx2+A3BLcNIEZmSrFaY+hN3bH+1euR3sUflwWR79qz3tJ+AZ5sQfQblhCNS+1Rp KgJcionGl+TTomfwsGZMnRLE5GZhmFrQFXZXWsXT1oYnSu1+Cyfrz/ScutoQEs1ci0KB Eo/fjKkTAwI8wgCYPO9UFvJh1e17exSa9CnCMS6C5tvhkpShc9b4mFQMzpNTDOa717Gr VpyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737395487; x=1738000287; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sMZlwOEpUnjmaA+u19KbEtXQ7GcA9wYP2kjgXfyxSUQ=; b=rjAeeTjui5rAEX0iz+mTmrcl0cNXVHTaGk54im6eH/HjsoKvsJp4z5RsIohmXUPOyu LNrTk1EaS0hZjPqxwWblBny+GjyLnithMP3COFQw+CriEBO/haboxmZjD1M6/vicxEHV 9NrHwRz3w87fMBoDH2ppnDSXxZ8bTrV38qLAfq6ej3ZeYWJDdkCCZlB9QG4+37YodNYy fZwSIQE7+rui0UqEijEA8/ElsQEg0O4YR+jwHv6jLqFfAtV0OhjBDs7zJlHM/TbROL+O EIX4IKpxD0RIOsuBvkspj0aEYBGsdc9NxOq89DK1+hD0dcLz4US0k+d0kI6gKBTZyfpl S1Wg== X-Gm-Message-State: AOJu0Yx+bofYv28rlfViV9s7LMaxAGfK8/6+K7KyjwdppyYkf/4YO1yG 9nVX4ra7Uee34P+mEFpRgXEGF05h3pmVH1f1NCDRVhQ0dov9/XEnhXvn9KkPbpk0v9sViES5SWO XGU0= X-Gm-Gg: ASbGncv6bikqkbdm1583ZNVCyN5QdBsQDXProrVb9Q5Keop+v08P5zIpIcVuWk4N+aj LbftEY2VoMa7cczIklDqzr16iHqydiI3iTMpfy7LlnBcjtw54qbwYHaIYxNQezHFDhUIBvEZZxy fWOPALrj8NCSQh/lRpUCbd9cnjizjB8j2Pey4HVZJ03hwnMSjDP5WxxcDliA9LDqQSzglurCU9Z +BOJTi1uZ7lsw+gpMXw9aBFIhObi7h1MBX0Gdfi+88bGFwZfygp2x6PJNM= X-Google-Smtp-Source: AGHT+IEx8rauFBS8nXTxBYURiVu3wUWdX7z/q50AmRe/LIrreoc1Iq0llG4MYRVvqQae3QiG4qI6kg== X-Received: by 2002:a05:6a20:7491:b0:1e3:cf57:5f5f with SMTP id adf61e73a8af0-1eb21568535mr21562463637.27.1737395486775; Mon, 20 Jan 2025 09:51:26 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-a9bcdcf643esm6155565a12.38.2025.01.20.09.51.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jan 2025 09:51:26 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 12/16] rsync: fix CVE-2024-12747 Date: Mon, 20 Jan 2025 09:50:56 -0800 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Jan 2025 17:51:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/210056 From: Archana Polampalli A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation. Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../rsync/files/CVE-2024-12747.patch | 192 ++++++++++++++++++ meta/recipes-devtools/rsync/rsync_3.2.7.bb | 1 + 2 files changed, 193 insertions(+) create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12747.patch diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12747.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12747.patch new file mode 100644 index 0000000000..b1dd0a03b9 --- /dev/null +++ b/meta/recipes-devtools/rsync/files/CVE-2024-12747.patch @@ -0,0 +1,192 @@ +From 0590b09d9a34ae72741b91ec0708a820650198b0 Mon Sep 17 00:00:00 2001 +From: Andrew Tridgell +Date: Wed, 18 Dec 2024 08:59:42 +1100 +Subject: [PATCH] fixed symlink race condition in sender + +when we open a file that we don't expect to be a symlink use +O_NOFOLLOW to prevent a race condition where an attacker could change +a file between being a normal file and a symlink + +CVE: CVE-2024-12747 + +Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=0590b09d9a34ae72741b91ec0708a820650198b0] + +Signed-off-by: Archana Polampalli +--- + checksum.c | 2 +- + flist.c | 2 +- + generator.c | 4 ++-- + receiver.c | 2 +- + sender.c | 2 +- + syscall.c | 20 ++++++++++++++++++++ + t_unsafe.c | 3 +++ + tls.c | 3 +++ + trimslash.c | 2 ++ + util1.c | 2 +- + 10 files changed, 35 insertions(+), 7 deletions(-) + +diff --git a/checksum.c b/checksum.c +index cb21882c..66e80896 100644 +--- a/checksum.c ++++ b/checksum.c +@@ -406,7 +406,7 @@ void file_checksum(const char *fname, const STRUCT_STAT *st_p, char *sum) + int32 remainder; + int fd; + +- fd = do_open(fname, O_RDONLY, 0); ++ fd = do_open_checklinks(fname); + if (fd == -1) { + memset(sum, 0, file_sum_len); + return; +diff --git a/flist.c b/flist.c +index 087f9da6..17832533 100644 +--- a/flist.c ++++ b/flist.c +@@ -1390,7 +1390,7 @@ struct file_struct *make_file(const char *fname, struct file_list *flist, + + if (copy_devices && am_sender && IS_DEVICE(st.st_mode)) { + if (st.st_size == 0) { +- int fd = do_open(fname, O_RDONLY, 0); ++ int fd = do_open_checklinks(fname); + if (fd >= 0) { + st.st_size = get_device_size(fd, fname); + close(fd); +diff --git a/generator.c b/generator.c +index 110db28f..3f13bb95 100644 +--- a/generator.c ++++ b/generator.c +@@ -1798,7 +1798,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx, + + if (write_devices && IS_DEVICE(sx.st.st_mode) && sx.st.st_size == 0) { + /* This early open into fd skips the regular open below. */ +- if ((fd = do_open(fnamecmp, O_RDONLY, 0)) >= 0) ++ if ((fd = do_open_nofollow(fnamecmp, O_RDONLY)) >= 0) + real_sx.st.st_size = sx.st.st_size = get_device_size(fd, fnamecmp); + } + +@@ -1867,7 +1867,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx, + } + + /* open the file */ +- if (fd < 0 && (fd = do_open(fnamecmp, O_RDONLY, 0)) < 0) { ++ if (fd < 0 && (fd = do_open_checklinks(fnamecmp)) < 0) { + rsyserr(FERROR, errno, "failed to open %s, continuing", + full_fname(fnamecmp)); + pretend_missing: +diff --git a/receiver.c b/receiver.c +index 8031b8f4..edfbb210 100644 +--- a/receiver.c ++++ b/receiver.c +@@ -775,7 +775,7 @@ int recv_files(int f_in, int f_out, char *local_name) + if (fnamecmp != fname) { + fnamecmp = fname; + fnamecmp_type = FNAMECMP_FNAME; +- fd1 = do_open(fnamecmp, O_RDONLY, 0); ++ fd1 = do_open_nofollow(fnamecmp, O_RDONLY); + } + + if (fd1 == -1 && basis_dir[0]) { +diff --git a/sender.c b/sender.c +index 2bbff2fa..a4d46c39 100644 +--- a/sender.c ++++ b/sender.c +@@ -350,7 +350,7 @@ void send_files(int f_in, int f_out) + exit_cleanup(RERR_PROTOCOL); + } + +- fd = do_open(fname, O_RDONLY, 0); ++ fd = do_open_checklinks(fname); + if (fd == -1) { + if (errno == ENOENT) { + enum logcode c = am_daemon && protocol_version < 28 ? FERROR : FWARNING; +diff --git a/syscall.c b/syscall.c +index 081357bb..8cea2900 100644 +--- a/syscall.c ++++ b/syscall.c +@@ -45,6 +45,8 @@ extern int preallocate_files; + extern int preserve_perms; + extern int preserve_executability; + extern int open_noatime; ++extern int copy_links; ++extern int copy_unsafe_links; + + #ifndef S_BLKSIZE + # if defined hpux || defined __hpux__ || defined __hpux +@@ -788,3 +790,21 @@ cleanup: + return retfd; + #endif // O_NOFOLLOW, O_DIRECTORY + } ++ ++/* ++ varient of do_open/do_open_nofollow which does do_open() if the ++ copy_links or copy_unsafe_links options are set and does ++ do_open_nofollow() otherwise ++ ++ This is used to prevent a race condition where an attacker could be ++ switching a file between being a symlink and being a normal file ++ ++ The open is always done with O_RDONLY flags ++ */ ++int do_open_checklinks(const char *pathname) ++{ ++ if (copy_links || copy_unsafe_links) { ++ return do_open(pathname, O_RDONLY, 0); ++ } ++ return do_open_nofollow(pathname, O_RDONLY); ++} +diff --git a/t_unsafe.c b/t_unsafe.c +index 010cac50..e10619a2 100644 +--- a/t_unsafe.c ++++ b/t_unsafe.c +@@ -28,6 +28,9 @@ int am_root = 0; + int am_sender = 1; + int read_only = 0; + int list_only = 0; ++int copy_links = 0; ++int copy_unsafe_links = 0; ++ + short info_levels[COUNT_INFO], debug_levels[COUNT_DEBUG]; + + int +diff --git a/tls.c b/tls.c +index e6b0708a..858f8f10 100644 +--- a/tls.c ++++ b/tls.c +@@ -49,6 +49,9 @@ int list_only = 0; + int link_times = 0; + int link_owner = 0; + int nsec_times = 0; ++int safe_symlinks = 0; ++int copy_links = 0; ++int copy_unsafe_links = 0; + + #ifdef SUPPORT_XATTRS + +diff --git a/trimslash.c b/trimslash.c +index 1ec928ca..f2774cd7 100644 +--- a/trimslash.c ++++ b/trimslash.c +@@ -26,6 +26,8 @@ int am_root = 0; + int am_sender = 1; + int read_only = 1; + int list_only = 0; ++int copy_links = 0; ++int copy_unsafe_links = 0; + + int + main(int argc, char **argv) +diff --git a/util1.c b/util1.c +index f260d398..d84bc414 100644 +--- a/util1.c ++++ b/util1.c +@@ -365,7 +365,7 @@ int copy_file(const char *source, const char *dest, int tmpfilefd, mode_t mode) + int len; /* Number of bytes read into `buf'. */ + OFF_T prealloc_len = 0, offset = 0; + +- if ((ifd = do_open(source, O_RDONLY, 0)) < 0) { ++ if ((ifd = do_open_nofollow(source, O_RDONLY)) < 0) { + int save_errno = errno; + rsyserr(FERROR_XFER, errno, "open %s", full_fname(source)); + errno = save_errno; +-- +2.40.0 diff --git a/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb index df3627ed53..37e79e1e56 100644 --- a/meta/recipes-devtools/rsync/rsync_3.2.7.bb +++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb @@ -26,6 +26,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ file://CVE-2024-12087-0002.patch \ file://CVE-2024-12087-0003.patch \ file://CVE-2024-12088.patch \ + file://CVE-2024-12747.patch \ " SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb" From patchwork Mon Jan 20 17:50:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 55865 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4242AC02185 for ; Mon, 20 Jan 2025 17:51:35 +0000 (UTC) Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by mx.groups.io with SMTP id smtpd.web10.42255.1737395489912071203 for ; Mon, 20 Jan 2025 09:51:29 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=SorMqnLp; spf=softfail (domain: sakoman.com, ip: 209.85.214.171, mailfrom: steve@sakoman.com) Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-2162c0f6a39so106866385ad.0 for ; Mon, 20 Jan 2025 09:51:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737395489; x=1738000289; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=PvTq3bQpfOD5kAD7Y0hMV9V98ISPNgg174lKPsPBvQ8=; b=SorMqnLp25ZSeRZQr/j9C4F2uJ7s+1LmuV1XFgWeN/w9Qmms/zzOx0D3ZfLvXDLMao uG4Nfo1RKNSMXr4ukh8enhMGtNAhcquDaSuOC6pK8SP8SwgPyTMEuXpl5BULa/BZocnS 5ApdIr0ds9Lnxqeqyi1VTa+l7u54jCvKq7N46oSGq+RY2JVabh1u07TNvDLnf+2/+xiT ohC1L3x4UevF9/fH+FGYjETc12Itjq12dDhSD+Uva5MRn7z7kD19Aq6rfLbZ1qUNbrXC gNvdBURxVINwfncMYg3JtLSitt6yrMRnYn1RQgdcEJ/1EFvrLbmNr1zilJFS7Y3wcKZZ /NWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737395489; x=1738000289; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PvTq3bQpfOD5kAD7Y0hMV9V98ISPNgg174lKPsPBvQ8=; b=Q5Zecrg8lQecbJ3A0+/BxiGj1wthTrQELnJVZ+dMbjnC/Ed5u+/bD3HGz96/BD4hz9 bm6seg6CuKAxFH4u3GM5G1PCIf7uUNx46o99864biy8nRy+XdFUxYMFBEV6sAetlDfkh 0UEIBtY5nxgJScriUWT37wfVHUVvlWrUtxu+UgieYNrpNCrypwdLAWQ5VyfPWyF72gWk uF4tEF1aG7quOCxZPJxfGI0Et0Bi2XS1OU+1fq7MdC2mAvxAF5J9jGkSVEOlfiYzw8IW sKdrgJ1b6xDGQVvMQFcewN4eqArCnC3+0Z+yu+Ub+0UORW/DXVVPZXh8CB3FouCG7c0z SuAQ== X-Gm-Message-State: AOJu0YzkJxFT9AS5mFNvECSDyLo0I5nb+KdryXx17kdp+Syna/DnqSN1 UwiX1Wm/+tYTzXTWk6sr7IFeHQwIno/W8ooOa9kMHtCC41HvswURRrZjVUe/8+AhFkbtAxszBYI cVoA= X-Gm-Gg: ASbGncvb99BLk0LjotTE4QnqhXueLGvA9Rjp4dVGu/jkmUovDulxu99YhlQZ9CAWbEJ NnEEwgLq/aWbuPxaBo7wK1GZ5qsDrI1izyevhr3cghxv3gblm8cK+caFwQ+jRiC4RLMFVklq2/E rMPtFGydOkgTVdOzlhLjb3lH36vrkQxD5kiezN7zGH9bRkEvfaM6YZpNNLTW1wtY4l0PdzZMvig Iwe2isKMuswFvb7nMeJDgqR2vLn3sLPOWKF374msUMnrMEQXTmZ6JGMGw0= X-Google-Smtp-Source: AGHT+IGQrgqv8fMZ58RNzX51lKxMYQ9OGBpX4uUY8KYo/M+3SvZ1p4XEivl4Sj4oStrRBAg9hQIQxQ== X-Received: by 2002:a05:6a21:3389:b0:1e0:cc01:43da with SMTP id adf61e73a8af0-1eb2131a4e8mr19749739637.0.1737395488111; Mon, 20 Jan 2025 09:51:28 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-a9bcdcf643esm6155565a12.38.2025.01.20.09.51.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jan 2025 09:51:27 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 13/16] ofono: patch CVE-2024-7540, CVE-2024-7541, CVE-2024-7542 Date: Mon, 20 Jan 2025 09:50:57 -0800 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Jan 2025 17:51:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/210057 From: Peter Marko Cherry-pick commit https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=29ff6334b492504ace101be748b256e6953d2c2f Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- ...024-7540_CVE-2024-7541_CVE-2024-7542.patch | 52 +++++++++++++++++++ meta/recipes-connectivity/ofono/ofono_1.34.bb | 1 + 2 files changed, 53 insertions(+) create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch new file mode 100644 index 0000000000..0b06e057e5 --- /dev/null +++ b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch @@ -0,0 +1,52 @@ +From 29ff6334b492504ace101be748b256e6953d2c2f Mon Sep 17 00:00:00 2001 +From: "Sicelo A. Mhlongo" +Date: Tue, 17 Dec 2024 11:31:28 +0200 +Subject: [PATCH] atmodem: sms: ensure buffer is initialized before use + +Fixes: CVE-2024-7540 +Fixes: CVE-2024-7541 +Fixes: CVE-2024-7542 + +CVE: CVE-2024-7540 +CVE: CVE-2024-7541 +CVE: CVE-2024-7542 +Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=29ff6334b492504ace101be748b256e6953d2c2f] +Signed-off-by: Peter Marko +--- + drivers/atmodem/sms.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/atmodem/sms.c b/drivers/atmodem/sms.c +index d994856b..0668c631 100644 +--- a/drivers/atmodem/sms.c ++++ b/drivers/atmodem/sms.c +@@ -412,7 +412,7 @@ static void at_cmt_notify(GAtResult *result, gpointer user_data) + struct sms_data *data = ofono_sms_get_data(sms); + GAtResultIter iter; + const char *hexpdu; +- unsigned char pdu[176]; ++ unsigned char pdu[176] = {0}; + long pdu_len; + int tpdu_len; + +@@ -479,7 +479,7 @@ static void at_cmgr_notify(GAtResult *result, gpointer user_data) + struct sms_data *data = ofono_sms_get_data(sms); + GAtResultIter iter; + const char *hexpdu; +- unsigned char pdu[176]; ++ unsigned char pdu[176] = {0}; + long pdu_len; + int tpdu_len; + +@@ -661,7 +661,7 @@ static void at_cmgl_notify(GAtResult *result, gpointer user_data) + struct sms_data *data = ofono_sms_get_data(sms); + GAtResultIter iter; + const char *hexpdu; +- unsigned char pdu[176]; ++ unsigned char pdu[176] = {0}; + long pdu_len; + int tpdu_len; + int index; +-- +2.30.2 + diff --git a/meta/recipes-connectivity/ofono/ofono_1.34.bb b/meta/recipes-connectivity/ofono/ofono_1.34.bb index 8205ea683d..1083b91d56 100644 --- a/meta/recipes-connectivity/ofono/ofono_1.34.bb +++ b/meta/recipes-connectivity/ofono/ofono_1.34.bb @@ -24,6 +24,7 @@ SRC_URI = "\ file://CVE-2024-7545.patch \ file://CVE-2024-7546.patch \ file://CVE-2024-7547.patch \ + file://CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch \ " SRC_URI[sha256sum] = "c0b96d3013447ec2bcb74579bef90e4e59c68dbfa4b9c6fbce5d12401a43aac7" From patchwork Mon Jan 20 17:50:58 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 55868 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 47E48C0218D for ; Mon, 20 Jan 2025 17:51:35 +0000 (UTC) Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) by mx.groups.io with SMTP id smtpd.web10.42256.1737395489986043084 for ; Mon, 20 Jan 2025 09:51:30 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=wOKflXYs; spf=softfail (domain: sakoman.com, ip: 209.85.214.181, mailfrom: steve@sakoman.com) Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-2165448243fso102750315ad.1 for ; Mon, 20 Jan 2025 09:51:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737395489; x=1738000289; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=KKSYajtgORApz/ZIaAd+NvoyPUvcm3sCNJ071flUq40=; b=wOKflXYszJhK3+5+YmYPKhSEyQ4nUK27btBqExFjqC/nLKe2CcnJtEAGCMqjMnJq2v acc2Dtai3XwIoL/ETmnmv3W07+N6akYOR8RFB9LdIDcqPloAnLOcq0zNXzGfALtdpplF 1nERRlhlF5IDGewRz6/r4zftt3dbLGDBQJNi3yKKTQI6e1YrR76NnYtBkHXPheZ9aNp6 K8nW15JhXlrhzkuheoQeJSCzjlv1YXTlqFS8xPtLtPEDZEw6ExcE+++1TGaGxgY6r5iW F+Abkbp8lIjNTxUyxz07VetK1k+3e1Aj9pCziQt+p3RvuaV0+63BdgA+Wfc+VEPqENZO Q/Cg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737395489; x=1738000289; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KKSYajtgORApz/ZIaAd+NvoyPUvcm3sCNJ071flUq40=; b=TVYflQ9LW21TSvWoyZHu82ZgWNovi9TeMQU2BYAIlZ4LKxO4CwB3k0k08MVY354dy8 wW4SBSr2vkgVQc9ft2YR0+x/u7lhvHCOzptkS+FAwGWil2mLd95XHVS8QLoirOZf4LeN KLkaAFHFS0PUjd2jx+pH+KVhxQlgWrthoxVr+8AxuSYqiCrtyDle8S/jY60xD6baipdS nDaO4nbc1X6GYEteitZnGzjSUzpeFir6B4jOPfevCQWwMQCRPBGihtCFevvhoF2rM91X I2HQ67CZ/fXNpemfy3IdjUtGYa8bsjRrrhYVHs3FXMn62bsIGcta/kYx1NqvjbWMj8+j H1Bg== X-Gm-Message-State: AOJu0Yzv/1H0zozuxFslRl3wWlDwo3ILwMEA0CyTCiWNIwzSHcqZlCgf /4v+2dF5nNu8Y8OrFWPirmCp8ft2kVXR3EFMEbRZo0u+pXGLKhsjY0lGm7CksTDirgfFBboCjqw ZG3w= X-Gm-Gg: ASbGncvFAD5NvfesBsTeemwyDgwxoenX2RI5skkSpvV4WUaPSSurMxi4IBAawnxwSJc rZket8wyhXHRXH3zzLpD6lLR9gQEm6sqWqtcQA5wPgO3YIEvwScGg5TnQrcwhyT5nHXOqME2CO+ J32qcYBUjzTDXEHfPzDiTpN6H/WhHYEL/+4GLMKbLmqbe6fPdFmUv9wgRQZiu8cENxBqJldjB+d K9kvB8wsxGq8wEzyAYyWbQK7xei2Tr/VtIn1GUha6U2iziGmuyoMLK6eOQ= X-Google-Smtp-Source: AGHT+IGYzwBEffZX+VjMEr9g7PZhNPRFnDDnua9PN/fWd9jYAV6SEfxak+d1HulBwqUL7p/YaMDA+g== X-Received: by 2002:a17:902:f548:b0:20c:9936:f0ab with SMTP id d9443c01a7336-21c35637a1cmr168386515ad.47.1737395489283; Mon, 20 Jan 2025 09:51:29 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-a9bcdcf643esm6155565a12.38.2025.01.20.09.51.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jan 2025 09:51:29 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 14/16] scripts/install-buildtools: Update to 4.0.23 Date: Mon, 20 Jan 2025 09:50:58 -0800 Message-ID: <2effc054b1484dd3c87652267bf590c17d2d6f76.1737395091.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Jan 2025 17:51:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/210058 From: Aleksandar Nikolic Update to the 4.0.23 release of the 4.0 series for buildtools. Signed-off-by: Aleksandar Nikolic Signed-off-by: Steve Sakoman --- scripts/install-buildtools | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install-buildtools b/scripts/install-buildtools index 616330dfdc..01253e5f95 100755 --- a/scripts/install-buildtools +++ b/scripts/install-buildtools @@ -57,8 +57,8 @@ logger = scriptutils.logger_create(PROGNAME, stream=sys.stdout) DEFAULT_INSTALL_DIR = os.path.join(os.path.split(scripts_path)[0],'buildtools') DEFAULT_BASE_URL = 'https://downloads.yoctoproject.org/releases/yocto' -DEFAULT_RELEASE = 'yocto-4.0.22' -DEFAULT_INSTALLER_VERSION = '4.0.22' +DEFAULT_RELEASE = 'yocto-4.0.23' +DEFAULT_INSTALLER_VERSION = '4.0.23' DEFAULT_BUILDDATE = '202110XX' # Python version sanity check From patchwork Mon Jan 20 17:50:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 55863 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 34A95C0218B for ; Mon, 20 Jan 2025 17:51:35 +0000 (UTC) Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) by mx.groups.io with SMTP id smtpd.web11.42136.1737395491318681417 for ; Mon, 20 Jan 2025 09:51:31 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=im7MRGaU; spf=softfail (domain: sakoman.com, ip: 209.85.214.179, mailfrom: steve@sakoman.com) Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-2166651f752so109922535ad.3 for ; Mon, 20 Jan 2025 09:51:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737395490; x=1738000290; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=9h+9MmWp3+oZwmNNf3Zs/xibifjh0JVNklscZp8XifU=; b=im7MRGaUAKa2aiBOXkgKgv7XfwVVlinK76n59ukB5/T5UqGhw7b5m0WZgslL07NDq9 iCcYnSjvBjxe3kROefUSn1ANgvU1QSA4/Sm8CmQznnrhnDGizx3JRVyiBl1t+TaESbEZ oodPa0ausyfhW8up2W5i8Q0ZgN1fADmIDg6oW2fLvVDZ8OSsTD1b220n5FtLo1IJOONL OeEjEHeKcFNHXFFp0ZShYzmhnkKgGZMgA/EZOn3DpfqqG0bCRlXp6WlEQ899FNn/qQ4L OmA7n7X00OwH9txnuHGUuymX3HOcfTKWDuFfjHzqziEW/qSznyCoWqIK9QUUi10ig8VE lijA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737395490; x=1738000290; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9h+9MmWp3+oZwmNNf3Zs/xibifjh0JVNklscZp8XifU=; b=rkgFWP7kAQA1TtX8Szd4OK8ZnCc5c/Er0wTGciEd0ZZDWzWoLFutHv1z+3+AC9VyeG 1rU/tiK9JOri70v2fa8Fr9vJGnz1H4dPKLWlbtTG3nq9T0JDLqK9+NqAL84iAGGAAD1t xFxETd5m84st9HdeiYWMTJ3G2aQldNJM5jCJHA3CJkzbRw1xQ8jeumI9eDCBkIsyXrki Nb+QZCAEUkYaatDOWAIePskC7oaO9F1eLGXrk+4IjH14U+4MBKP6ocQrrUHR/azEt4Lz 7HAxGFwQKr5HQu0HcRgXUsXkAfBTbX0LvgiHiG9wEca8QBLKeK8weEEc1m0L1Epsi2g2 KPwQ== X-Gm-Message-State: AOJu0YyPmNQwtCtj0PZWcRnzVoC5UksLkA82kMLDPpswteo9J4ovCpCa YkQNgACCSQGyeupKBzpPF4vnsJHCqM5Ff/a7z/PJe4dJznLu4/qygk3DLh21amFAcNGGdndz8Hz owEM= X-Gm-Gg: ASbGncuYfzzfJjAIhZgZJL6Q0eIHd+igoCL2ZYaSl7PwTEpnhMSB5gZb+L7nFwjWX/L zL69smMUp9NsXoue8d+1hfSf4uSteA+j1HG6fIopleuklVRNM3qgTnP/D+VaNI8oYNF3MzGYzvY ypVeiIsgsPbmgZhbipAIE2s2dDK7+RAxja6j0y6771Bis30yZB3TLKzFWb/GhN34/he5Lr2npYT nsSeOXeVNbIRM05QBNfJyUHRPv0ZwCw+Xy1pvaBcLcauQ06oVtuCo3DOu0= X-Google-Smtp-Source: AGHT+IEnMbnXwBqGBsSDtkDeWtMTzmy1IlTWRBKuDMe3IB1qxmlXX/RlqqdNh/NXLM2j5I2NXtQC7g== X-Received: by 2002:a05:6a21:9990:b0:1e3:e836:8aea with SMTP id adf61e73a8af0-1eb2147cfafmr21773045637.14.1737395490654; Mon, 20 Jan 2025 09:51:30 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-a9bcdcf643esm6155565a12.38.2025.01.20.09.51.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jan 2025 09:51:30 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 15/16] classes/nativesdk: also override TUNE_PKGARCH Date: Mon, 20 Jan 2025 09:50:59 -0800 Message-ID: <38b4992329459f2200817a848e8888b9284b4917.1737395091.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Jan 2025 17:51:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/210059 From: Ross Burton The nativesdk class overrides PACKAGE_ARCH and unsets TUNE_FEATURES, but as recipes might want to look at TUNE_PKGARCH too (for example, when setting QEMU_EXTRAOPTIONS) we should also override that variable. Otherwise, a nativesdk recipe will have the TUNE_PKGARCH of the target, which leads to errors (eg passing mips arguments to an arm qemu). Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 05322beb290e1db30bef49b4364f8a8e6e9f7408) Signed-off-by: Steve Sakoman --- meta/classes/nativesdk.bbclass | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/classes/nativesdk.bbclass b/meta/classes/nativesdk.bbclass index e46739e325..39bd5a7224 100644 --- a/meta/classes/nativesdk.bbclass +++ b/meta/classes/nativesdk.bbclass @@ -23,6 +23,7 @@ RECIPE_SYSROOT = "${WORKDIR}/recipe-sysroot" # PACKAGE_ARCH = "${SDK_ARCH}-${SDKPKGSUFFIX}" PACKAGE_ARCHS = "${SDK_PACKAGE_ARCHS}" +TUNE_PKGARCH = "${SDK_ARCH}" # # We need chrpath >= 0.14 to ensure we can deal with 32 and 64 bit From patchwork Mon Jan 20 17:51:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 55864 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2DD8DC02182 for ; Mon, 20 Jan 2025 17:51:35 +0000 (UTC) Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) by mx.groups.io with SMTP id smtpd.web11.42139.1737395494404212248 for ; Mon, 20 Jan 2025 09:51:34 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=sIbbGpn/; spf=softfail (domain: sakoman.com, ip: 209.85.214.182, mailfrom: steve@sakoman.com) Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-2166360285dso89478045ad.1 for ; Mon, 20 Jan 2025 09:51:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1737395494; x=1738000294; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=pZXQ6TUsE8OSVCgq+8L2o1GL29kDKEhGCkMVpGRWnww=; b=sIbbGpn/elBXlRH2mx6WMGkGtV7mvQUiDLLxOhqX7DQYBImRvPuWIC8ms5Tot0AkaX kQ9rxia6Ktqxo3FWtjYDceAyi97bF84PzC5DuemuMufLzPqmG6GCTn3LY3wvcqRt2LcU EWIEOv+dGN6OqWQ635ZEZ50YRIOVEnLK2SpqbNoOhDf+gszKXG10drsvW5/GhEqbwufy kDkUk8NTlJqAxp3uDmYURfOsFzpBCbllkfnU9OxJFP1sgEd767Sk3pxGVuaDP2eqQY+n FOjXfzlg5wea4Z3cDTXRkafRU4CEicTsEEUT6ZtEMwE0/4CR8MPYYZxAidklQ0rqjcB4 SkhQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737395494; x=1738000294; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pZXQ6TUsE8OSVCgq+8L2o1GL29kDKEhGCkMVpGRWnww=; b=VIAcOaxsxwUGHKSMizWcI3Om0NBIkbiwXCWf8BketLOHmggzf0MlZEv8GmK70Zwm+P 0QjZ/sew3Azya08k9WHooeBS/nREmo5e3U99XaT+uGl/tKAG6ftBkjp4G5lS9eyBh9Tu AyrB12+aItbUMdgP7y/T3Tzd+bzF8KvgSfU1ilq3suc+XoJ8F+FtXZe9MVAo3f9M+QD+ dV3UIl4Gg43s9cXKSiqQKDwViPLCHDFbgGVBrZfqNQX9SlTskoj7pge+PRS2Jx4akc8K PQWnCQRvgjfDrpgBO9HLBuWLfgLhmn1HmBS73N0T0Wlm/O4RQ5ApbIDoArzFD4uzQGzx 3NpA== X-Gm-Message-State: AOJu0Yw9xxHSXt3kIqivcREkprhePOGHm+qxiZdZEocpcUpMjWQRTcJP PjOwpXSJuKm0X1fnSpCAifUTXl9ROknBCI2a7rvQRBUdpKn2hz+26EzEJz4rNE17jgKGZtTFuBe +A1g= X-Gm-Gg: ASbGncuzyfD5EkAvgwEmZ9W7VNVk9tfhUAQdOj0EgJbsGcHuBVDecQUHRkPVoplWMGi Xnklv0RfXUROAO5BTqKm9WZp4/EI5Jfk2PYxXSsdSFzJqaTC8nIDkJPSHw2ujFRPwr2kx6zj4ux uL0WPLLBkgmj7VLVmNNhfKdRN2aN7gAi7m3W3wrBgfPND9jEG/WrvGHLXji70pnYRqOWtbfZpdw iOQ1MI7gJd7CL6Zs8VypB0pgF3+le3qMVhxDrpkQMLd03Wc5+01efx56iY= X-Google-Smtp-Source: AGHT+IG5U8CCdFeTHtw4Dr5xuN/sMQFbPS265NfOIPrFeuCpTsBIcekaHXKl2fYH9h5cIuaVWK9G6g== X-Received: by 2002:a05:6a20:2591:b0:1e1:e2d9:3f31 with SMTP id adf61e73a8af0-1eb2148df72mr20131790637.16.1737395493615; Mon, 20 Jan 2025 09:51:33 -0800 (PST) Received: from hexa.. ([98.142.47.158]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-a9bcdcf643esm6155565a12.38.2025.01.20.09.51.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jan 2025 09:51:33 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 16/16] classes/qemu: use tune to select QEMU_EXTRAOPTIONS, not package architecture Date: Mon, 20 Jan 2025 09:51:00 -0800 Message-ID: <077aab43f2c928eb8da71934405c62327010f552.1737395091.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 20 Jan 2025 17:51:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/210060 From: Ross Burton Using the package architecture to select the right qemu options to pass to qemu-user is incorrect, and fails for recipes that set PACKAGE_ARCH to MACHINE_ARCH (as the qemuppc workarounds suggest) because there are not typically any options set for the machine name. Solve this by using TUNE_PKGARCH instead: for the majority of recipes this is the same value, but for machine-specific recipes it remains the same instead of changing to the machine name. This means we can remove the qemuppc workarounds, as they're obsolete. Also update the gcc-testsuite recipe which uses the same pattern to use TUNE_PKGARCH, and generalise the else codepath to avoid needing to update the list of architectures. [ YOCTO #15647 ] Signed-off-by: Ross Burton Signed-off-by: Steve Sakoman --- meta/classes/qemu.bbclass | 8 ++------ meta/recipes-devtools/gcc/gcc-testsuite.inc | 6 ++++-- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/meta/classes/qemu.bbclass b/meta/classes/qemu.bbclass index 7493ac34d4..1b888f4699 100644 --- a/meta/classes/qemu.bbclass +++ b/meta/classes/qemu.bbclass @@ -54,8 +54,8 @@ def qemu_run_binary(data, rootfs_path, binary): # this dance). For others (e.g. arm) a -cpu option is not necessary, since the # qemu-arm default CPU supports all required architecture levels. -QEMU_OPTIONS = "-r ${OLDEST_KERNEL} ${@d.getVar("QEMU_EXTRAOPTIONS_%s" % d.getVar('PACKAGE_ARCH')) or ""}" -QEMU_OPTIONS[vardeps] += "QEMU_EXTRAOPTIONS_${PACKAGE_ARCH}" +QEMU_OPTIONS = "-r ${OLDEST_KERNEL} ${@d.getVar("QEMU_EXTRAOPTIONS_%s" % d.getVar('TUNE_PKGARCH')) or ""}" +QEMU_OPTIONS[vardeps] += "QEMU_EXTRAOPTIONS_${TUNE_PKGARCH}" QEMU_EXTRAOPTIONS_ppce500v2 = " -cpu e500v2" QEMU_EXTRAOPTIONS_ppce500mc = " -cpu e500mc" @@ -65,7 +65,3 @@ QEMU_EXTRAOPTIONS_ppce6500 = " -cpu e500mc" QEMU_EXTRAOPTIONS_ppc64e6500 = " -cpu e500mc" QEMU_EXTRAOPTIONS_ppc7400 = " -cpu 7400" QEMU_EXTRAOPTIONS_powerpc64le = " -cpu POWER9" -# Some packages e.g. fwupd sets PACKAGE_ARCH = MACHINE_ARCH and uses meson which -# needs right options to usermode qemu -QEMU_EXTRAOPTIONS_qemuppc = " -cpu 7400" -QEMU_EXTRAOPTIONS_qemuppc64 = " -cpu POWER9" diff --git a/meta/recipes-devtools/gcc/gcc-testsuite.inc b/meta/recipes-devtools/gcc/gcc-testsuite.inc index 64f60c730f..eaac98f9ba 100644 --- a/meta/recipes-devtools/gcc/gcc-testsuite.inc +++ b/meta/recipes-devtools/gcc/gcc-testsuite.inc @@ -53,8 +53,10 @@ python check_prepare() { # - valid for x86*, powerpc, arm, arm64 if qemu_binary.lstrip("qemu-") in ["x86_64", "i386", "arm", "aarch64"]: args += ["-cpu", "max"] - elif qemu_binary.lstrip("qemu-") in ["ppc"]: - args += d.getVar("QEMU_EXTRAOPTIONS_%s" % d.getVar('PACKAGE_ARCH')).split() + else: + extra = d.getVar("QEMU_EXTRAOPTIONS_%s" % d.getVar('TUNE_PKGARCH')) + if extra: + args += extra.split() sysroot = d.getVar("RECIPE_SYSROOT") args += ["-L", sysroot] # lib paths are static here instead of using $libdir since this is used by a -cross recipe