From patchwork Fri Apr 11 20:33:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 61190 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7B40DC369A2 for ; Fri, 11 Apr 2025 20:33:53 +0000 (UTC) Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by mx.groups.io with SMTP id smtpd.web11.36474.1744403626872850984 for ; Fri, 11 Apr 2025 13:33:46 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=VNv91RRQ; spf=softfail (domain: sakoman.com, ip: 209.85.210.169, mailfrom: steve@sakoman.com) Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-7359aca7ef2so3495763b3a.2 for ; Fri, 11 Apr 2025 13:33:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1744403626; x=1745008426; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=oZPOQ6++7jmbL7hA3ae1qZfJPEsyon8vk8OmxQC3nXw=; b=VNv91RRQJ4dftUjbfePDlitNsgzaEYuTispheVyMXXACU0MzZOgMKecMDiLuwD+5zR x/gMkueC1eRLR7ibVwpcjYFh7FErXgqZsQj44DiZWDMyRu+u5AFEjmpj0hTpGI4GiUo1 MqBhqqanJiiB9tlxQtgbBqVv3+dxXHdqOeZ7cULtVMK05nzg0yvsTqxm2nrlss14E+QY h7sibBhsrcyJBFLwF6ZqCVuMSNFIG7K5j45GUilhBPhMcttJwwM/SYic5EWeLiokvgY+ QkVmvT3KvBI6jPnAsi27LuvdtoTIKjL6icug5Ik8gdsxrXegPCV/9/eRLQDND5I2TE8b Iwng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744403626; x=1745008426; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=oZPOQ6++7jmbL7hA3ae1qZfJPEsyon8vk8OmxQC3nXw=; b=KPkq/2u2IJdh/UFMcwd4rZMZyWm3B16K9KBvM3+3H6RzeQ1odIYDXvNRnsAquXRstQ vYY/seM003QPXLRTuq/SAcab82mycs0bvF373GgsYkB0EC3/VT4n8+abEYA6F5kl554l K3e55Fyl5hV6Vi4kWp5a3CaZvkI1rsBQlnPHxwDY/vfx5l/MKdA5G8Gq2RhrbID9zEka jKqnWtpDvnvd5wtxbk7mao/6xdfqLJjQyaw58Fn4070C4lJ7YEwPJUc0z/bldYQ9edrg oZ+bJ9kNgMV4b+uRI72lWJRGcAVdFTCGfGuyJa3oe10I+1Q+AnrhLRBzxqfOxsZAYJRY OKaQ== X-Gm-Message-State: AOJu0Ywm2qWtQL+PCHywnOeyaoKkTxaU+EhfC3N0TXBU1gAX2YM0iRxA CpLMXnJ2MXObK2OswCu45QVIHM69msFUy4hIn2S+BFKZaNUkbbBK37VbDYEHH/oT9bBelzaDx95 F X-Gm-Gg: ASbGncuDYEkYq0o+zfq528nRwalRd5s1iNYOkTmdJC0bx+wsVNEkSmFKl87iVreJsA/ HjY4DtfPuCq9EyrJbRG/ObJKaTvZlbExoh/zt2+2sS/wXagnxaNvxSfVBVUfl7xdPF7r7ntddPO WKgmomQuH1masUt1a40NS3aZpCttYXY1XwQaAMANJzgpqEqaSbfyL2kZr2CuG/lnp651iTJZ1Jl TBHxDQSSMSFVsgbNiKHDThBXo29cF30qjyjhSTAbmZ0G2OkSmCzIRofhmwmcuf638ZTwNez24LO kgeNTRRdgPJLqYd8jjBc+JPJPr2R+Qyc X-Google-Smtp-Source: AGHT+IFlRmKDdvoCmPpO9Bhm/ICxCOemNh4xDZy0E0tNc4r4S+THJW7Jb82RcwCswhMtp8IWpgM3MA== X-Received: by 2002:a05:6a20:6f88:b0:1f5:64fd:68ea with SMTP id adf61e73a8af0-2017978c6b3mr6296488637.4.1744403626044; Fri, 11 Apr 2025 13:33:46 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:c93f:3642:a7d6:27ed]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-73bd230d697sm2067498b3a.123.2025.04.11.13.33.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Apr 2025 13:33:45 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 1/8] ofono: patch CVE-2024-7537 Date: Fri, 11 Apr 2025 13:33:27 -0700 Message-ID: <54ce53f7c2daf4f9d536e4e1f721035064c57b30.1744403103.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 11 Apr 2025 20:33:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214754 From: Peter Marko Pick commit https://web.git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=e6d8d526d5077c0b6ab459efeb6b882c28e0fdeb Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../ofono/ofono/CVE-2024-7537.patch | 59 +++++++++++++++++++ meta/recipes-connectivity/ofono/ofono_2.4.bb | 1 + 2 files changed, 60 insertions(+) create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2024-7537.patch diff --git a/meta/recipes-connectivity/ofono/ofono/CVE-2024-7537.patch b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7537.patch new file mode 100644 index 0000000000..6e131121f2 --- /dev/null +++ b/meta/recipes-connectivity/ofono/ofono/CVE-2024-7537.patch @@ -0,0 +1,59 @@ +From e6d8d526d5077c0b6ab459efeb6b882c28e0fdeb Mon Sep 17 00:00:00 2001 +From: Ivaylo Dimitrov +Date: Sun, 16 Mar 2025 12:26:42 +0200 +Subject: [PATCH] qmi: sms: Fix possible out-of-bounds read + +Fixes: CVE-2024-7537 + +CVE: CVE-2024-7537 +Upstream-Status: Backport [https://web.git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=e6d8d526d5077c0b6ab459efeb6b882c28e0fdeb] +Signed-off-by: Peter Marko +--- + drivers/qmimodem/sms.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/drivers/qmimodem/sms.c b/drivers/qmimodem/sms.c +index 3e2bef6e..75863480 100644 +--- a/drivers/qmimodem/sms.c ++++ b/drivers/qmimodem/sms.c +@@ -467,6 +467,8 @@ static void get_msg_list_cb(struct qmi_result *result, void *user_data) + const struct qmi_wms_result_msg_list *list; + uint32_t cnt = 0; + uint16_t tmp; ++ uint16_t length; ++ size_t msg_size; + + DBG(""); + +@@ -476,7 +478,7 @@ static void get_msg_list_cb(struct qmi_result *result, void *user_data) + goto done; + } + +- list = qmi_result_get(result, QMI_WMS_RESULT_MSG_LIST, NULL); ++ list = qmi_result_get(result, QMI_WMS_RESULT_MSG_LIST, &length); + if (list == NULL) { + DBG("Err: get msg list empty"); + goto done; +@@ -485,6 +487,13 @@ static void get_msg_list_cb(struct qmi_result *result, void *user_data) + cnt = GUINT32_FROM_LE(list->cnt); + DBG("msgs found %d", cnt); + ++ msg_size = cnt * sizeof(list->msg[0]); ++ ++ if (length != sizeof(list->cnt) + msg_size) { ++ DBG("Err: invalid msg list count"); ++ goto done; ++ } ++ + for (tmp = 0; tmp < cnt; tmp++) { + DBG("unread type %d ndx %d", list->msg[tmp].type, + GUINT32_FROM_LE(list->msg[tmp].ndx)); +@@ -498,8 +507,6 @@ static void get_msg_list_cb(struct qmi_result *result, void *user_data) + + /* save list and get 1st msg */ + if (cnt) { +- int msg_size = cnt * sizeof(list->msg[0]); +- + data->msg_list = g_try_malloc0(sizeof(list->cnt) + msg_size); + if (data->msg_list == NULL) + goto done; diff --git a/meta/recipes-connectivity/ofono/ofono_2.4.bb b/meta/recipes-connectivity/ofono/ofono_2.4.bb index 5ae63e6ef6..2cf6438117 100644 --- a/meta/recipes-connectivity/ofono/ofono_2.4.bb +++ b/meta/recipes-connectivity/ofono/ofono_2.4.bb @@ -25,6 +25,7 @@ SRC_URI = "\ file://CVE-2024-7540_CVE-2024-7541_CVE-2024-7542.patch \ file://CVE-2023-4232.patch \ file://CVE-2023-4235.patch \ + file://CVE-2024-7537.patch \ " SRC_URI[sha256sum] = "93580adc1afd1890dc516efb069de0c5cdfef014415256ddfb28ab172df2d11d" From patchwork Fri Apr 11 20:33:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 61189 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7E15DC369B1 for ; Fri, 11 Apr 2025 20:33:53 +0000 (UTC) Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by mx.groups.io with SMTP id smtpd.web11.36476.1744403628927350817 for ; Fri, 11 Apr 2025 13:33:48 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=pRbUN4Ax; spf=softfail (domain: sakoman.com, ip: 209.85.210.180, mailfrom: steve@sakoman.com) Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-739be717eddso1926434b3a.2 for ; Fri, 11 Apr 2025 13:33:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1744403628; x=1745008428; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Tt0J4OEvJBu+13S7af/y15Hrbjl0vCqGV/+c+dcH4I4=; b=pRbUN4AxRkV5P+zRZ+myenwwXNX1jOxnr/Bu9eakMjreqEYf0mXb92JgnlyNd5R3te ChTkQmGrp3XV0E6TMTIibYyqQuhkv/nBBlkXaoFID0e2ZV97V3AKf9P2Z9vpUcfaf8mE 4RcbR2P6Miu+Y1xgEvpXmTFCqt+jpy7sPge0K/k6tnzA12fuN9nkAYuRz+WIkWUldcQz GbcnQYPWUAvzn08MS5J4CTTiZl73b/bs34kjnq7fOLbE7+xxyZg3fVQrI132NaeHp3B4 qBIgEZZlAevtMqTJEBZ1oR058nK3u5g3OF45+LfgKlq4TdsyKekwK8j5L0pkZsIzE1TQ Kd1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744403628; x=1745008428; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Tt0J4OEvJBu+13S7af/y15Hrbjl0vCqGV/+c+dcH4I4=; b=lGw236aTcm06pDz2e67nEtNSILoGVhle1Arg/G8DNu4FtYVOCu6gzwV4kXV7HMrUd1 cvnYDnEhmUjqJAlWDW7YO+D8tfh1yXwfjXxOzohTW0CDDYC3fWcHhcyPPyA9XMAHv6AM bnmJ5XPlrB7p4gRJEd5Nlscp9b12AYcW9TJ0+EV6q4UXzu02Xl3Zky0ov1/bCmQ32Q3t l55x3VxgHRTF6h0yOpKNy1AsdY/LvQeemuPo9YdTCi+jaJBEQQ2xypUY9PNJbkr4xJgq 0d6WD+SHV9Kxwdo+YubfEpczKA9/6QCVilE3WhGV+sl49w2Bn3J7VrQregmOJk/AeaiN QvHA== X-Gm-Message-State: AOJu0YxPW3+mypKPxLQQThMnPPkLPy/8YySyY+iPXuf8T6EGPh467j1d QRr1RAG1W9MDzCI44Wes9RJWiMRC9DbwYKE56rVhVEyHghmVs+8UkENxkt6K4PEnpEw1WNq9ylu C X-Gm-Gg: ASbGncvzYxqZKCN1NHoDFhqQn52olGxxu0xaFkZfglb5X+TFka12JXccBD4L/o19d7C cr2VFCk1PsRFMxW4uRmykdh8YBwrppmVPDREj34Dw7Kas8/DLB0Ys6mQouOXiQQ+ECBeyswTIeN Z/CZw5tkMu+T1mfWw1pfOony0vvYOF63ILi1/D9/dCwANMbQkAQt2Y6SXupHZNVgybHXVw8cPc4 4lo3CH1wWiKifcuI4T55J1Up85nFQiA9gZ/ZAQmcuilZwE4PRiD0ut8k6LyaJ3MNEDj1luPmuhZ qB4Af6jqDHKAmBnhdqWzxMZIX9Ppiz60 X-Google-Smtp-Source: AGHT+IF8C3KzCFw585R20cviGAOWnJNoOIRTHa9hEKEKkc2RxpzapDlMiwnmEtgYtupWv082z0uF3g== X-Received: by 2002:a05:6a00:2405:b0:736:5544:7ad7 with SMTP id d2e1a72fcca58-73bd1203c12mr4399204b3a.14.1744403627945; Fri, 11 Apr 2025 13:33:47 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:c93f:3642:a7d6:27ed]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-73bd230d697sm2067498b3a.123.2025.04.11.13.33.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Apr 2025 13:33:47 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 2/8] go: fix CVE-2025-22870 Date: Fri, 11 Apr 2025 13:33:28 -0700 Message-ID: <88e79f915137edc5a37a110abdc79f5800404e45.1744403103.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 11 Apr 2025 20:33:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214755 From: Archana Polampalli Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied. Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/go-1.22.12.inc | 1 + .../go/go/CVE-2025-22870.patch | 80 +++++++++++++++++++ 2 files changed, 81 insertions(+) create mode 100644 meta/recipes-devtools/go/go/CVE-2025-22870.patch diff --git a/meta/recipes-devtools/go/go-1.22.12.inc b/meta/recipes-devtools/go/go-1.22.12.inc index 05aa3a95b6..df77794506 100644 --- a/meta/recipes-devtools/go/go-1.22.12.inc +++ b/meta/recipes-devtools/go/go-1.22.12.inc @@ -14,5 +14,6 @@ SRC_URI += "\ file://0007-exec.go-filter-out-build-specific-paths-from-linker-.patch \ file://0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \ file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \ + file://CVE-2025-22870.patch \ " SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71" diff --git a/meta/recipes-devtools/go/go/CVE-2025-22870.patch b/meta/recipes-devtools/go/go/CVE-2025-22870.patch new file mode 100644 index 0000000000..6ed394c8e5 --- /dev/null +++ b/meta/recipes-devtools/go/go/CVE-2025-22870.patch @@ -0,0 +1,80 @@ +From 25177ecde0922c50753c043579d17828b7ee88e7 Mon Sep 17 00:00:00 2001 +From: Damien Neil +Date: Wed, 26 Feb 2025 16:08:57 -0800 +Subject: [PATCH] all: updated vendored x/net with security fix + +0b6d719 [internal-branch.go1.23-vendor] proxy, http/httpproxy: do not mismatch IPv6 zone ids against hosts + +Fixes CVE-2025-22870 +For #71985 + +Change-Id: Ib72c96bd0ab44d9ed2ac1428e0a9fc245464b3fc +Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2141 +Commit-Queue: Damien Neil +Reviewed-by: Roland Shoemaker +Reviewed-by: Neal Patel +Reviewed-on: https://go-review.googlesource.com/c/go/+/654695 +Reviewed-by: Damien Neil +Reviewed-by: Michael Pratt +LUCI-TryBot-Result: Go LUCI +Auto-Submit: Junyang Shao + +CVE: CVE-2025-22870 + +Upstream-Status: Backport [https://github.com/golang/go/commit/25177ecde0922c50753c043579d17828b7ee88e7] + +Signed-off-by: Archana Polampalli +--- + src/cmd/internal/moddeps/moddeps_test.go | 1 + + src/vendor/golang.org/x/net/http/httpproxy/proxy.go | 10 ++++++++-- + 2 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/src/cmd/internal/moddeps/moddeps_test.go b/src/cmd/internal/moddeps/moddeps_test.go +index 3d4c99e..ffaa16c 100644 +--- a/src/cmd/internal/moddeps/moddeps_test.go ++++ b/src/cmd/internal/moddeps/moddeps_test.go +@@ -33,6 +33,7 @@ import ( + // See issues 36852, 41409, and 43687. + // (Also see golang.org/issue/27348.) + func TestAllDependencies(t *testing.T) { ++ t.Skip("TODO(#71985) 1.23.7 contains unreleased changes from vendored modules") + goBin := testenv.GoToolPath(t) + + // Ensure that all packages imported within GOROOT +diff --git a/src/vendor/golang.org/x/net/http/httpproxy/proxy.go b/src/vendor/golang.org/x/net/http/httpproxy/proxy.go +index c3bd9a1..864961c 100644 +--- a/src/vendor/golang.org/x/net/http/httpproxy/proxy.go ++++ b/src/vendor/golang.org/x/net/http/httpproxy/proxy.go +@@ -14,6 +14,7 @@ import ( + "errors" + "fmt" + "net" ++ "net/netip" + "net/url" + "os" + "strings" +@@ -180,8 +181,10 @@ func (cfg *config) useProxy(addr string) bool { + if host == "localhost" { + return false + } +- ip := net.ParseIP(host) +- if ip != nil { ++ nip, err := netip.ParseAddr(host) ++ var ip net.IP ++ if err == nil { ++ ip = net.IP(nip.AsSlice()) + if ip.IsLoopback() { + return false + } +@@ -363,6 +366,9 @@ type domainMatch struct { + } + + func (m domainMatch) match(host, port string, ip net.IP) bool { ++ if ip != nil { ++ return false ++ } + if strings.HasSuffix(host, m.host) || (m.matchHost && host == m.host[1:]) { + return m.port == "" || m.port == port + } +-- +2.40.0 From patchwork Fri Apr 11 20:33:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 61191 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 880FEC369B4 for ; Fri, 11 Apr 2025 20:33:53 +0000 (UTC) Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) by mx.groups.io with SMTP id smtpd.web10.36732.1744403631889852750 for ; Fri, 11 Apr 2025 13:33:51 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=KXT1j/q7; spf=softfail (domain: sakoman.com, ip: 209.85.210.181, mailfrom: steve@sakoman.com) Received: by mail-pf1-f181.google.com with SMTP id d2e1a72fcca58-7369ce5d323so2150733b3a.1 for ; Fri, 11 Apr 2025 13:33:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1744403631; x=1745008431; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=KdDjzkGwECAFAs5DMFiRPzMyGQClDhMXtipjV03Ew68=; b=KXT1j/q7laN9aY4RwMekvtm+l7fKgEGBhnmQKuGqz1Z4JUQs49uvGS8XMOeXH1Xwhx h0aOBT22tKsWIgERUcTxKDZ+mcULz2i0THrS5O/wH42y1Kt4l2RQ3wymmJ/b7xITLe2s fUkdFmwIaBda/oc7mb3dj2PNy7gR4JBaQAVaLDkne94Bly1rSqin1J1Nb20j81P084GV z6ofa60xwZdidyElqJ++1vAPUFD4CAWAxRZeffhKjKc4KBhu66W3jLx2/3AXDbgrmGzy ue7n5b/zbbZWfk9MzdwOuOTPnkxYXgJlrH8l6PI+WYEnRQd/xJvrbE6Fo2ttjH9DbxXt sHEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744403631; x=1745008431; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KdDjzkGwECAFAs5DMFiRPzMyGQClDhMXtipjV03Ew68=; b=IXqy0e4YMzBobtmKusdyY6HeMy36DWGgoLkFTCKTaIyB9yNvEvIAzXaXSPA5TBDGX3 oYxJ/PDOga0k35F24cHU1P/Vn2LZD/bTLR+TvodRPrBc1y1ksczQlSHU6vtm90ItitFJ QCvSOo+EDM67wNh/A0L4yJQGVP+jsZ7qJQC4O0TPiLdvlJpyNhW/UhS39IiIX9pQJbxz +sNIgb69CTEedtM3TH5gss3pRcA0/TY+IdN5aY4y2NnlYk2vyFNz3oKpPumuGAb7EgGP pCsS3K9wyxnpZCRQuRBn+RPVNdcl9KKcnOXRXh3nOwMXTK5slm9sJQqU8JoqDHrJHBJO tbHg== X-Gm-Message-State: AOJu0Yyw43NTlfCG3t7xUxKpG7JKHeBzU/3eHT4pe4uas8ClLrDnr1/Y g5QXtbiCdsmZ6QJxzNAlegHtmRE+9sFjo8tQ5UfeRhJ47dpoJsZDf884tgIot/11LGDqOiqHmVb J X-Gm-Gg: ASbGncspDZ7Blsa2HgMzlB0w3+ipX3I138cL9AGFTNRwUmwEXHVCX91tQv4YRsM2mGu zaibyGI2GCwzsC2yFyUMATo/mbeq20MYYW5+kSsKoZDemIzreo0aDXpFnarXN70PlNUocJ9R56w 7owC2P4hf54PFvK4O6OoBnM0XJPnn+ukDmMJNOYkZIqPKSzZJGZnBs/3dWb1l8jq5/0N+atTl7r En8oT54NXE2FvsXbkBwbtRSh6+HotQZYCGH5aqv4tJO+CRQq4EBHEEbE/341O2g2nTAIFnul1vN wXRnqxVpllCtSPyOdaqt69GjudajxV6ipacodYh6tpQ= X-Google-Smtp-Source: AGHT+IGVUHEh5ZrjCY2bikbvk1yugBYdKfdoFsUTOiYyzS8kN+UM2MvN+EpLrbPLrvkYubZddhrqYw== X-Received: by 2002:a05:6a00:390a:b0:736:fff2:9ac with SMTP id d2e1a72fcca58-73bd12a82dbmr5435192b3a.23.1744403630871; Fri, 11 Apr 2025 13:33:50 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:c93f:3642:a7d6:27ed]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-73bd230d697sm2067498b3a.123.2025.04.11.13.33.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Apr 2025 13:33:50 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 3/8] cve-update-nvd2-native: add workaround for json5 style list Date: Fri, 11 Apr 2025 13:33:29 -0700 Message-ID: <4358fdfdd7a8908df98f7c4def2c8c1a6efb7256.1744403103.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 11 Apr 2025 20:33:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214756 From: Peter Marko NVD responses changed to an invalid json between: * April 5, 2025 at 3:03:44 AM GMT+2 * April 5, 2025 at 4:19:48 AM GMT+2 The last response is since then in format { "resultsPerPage": 625, "startIndex": 288000, "totalResults": 288625, "format": "NVD_CVE", "version": "2.0", "timestamp": "2025-04-07T07:17:17.534", "vulnerabilities": [ {...}, ... {...}, ] } Json does not allow trailing , in responses, that is json5 format. So cve-update-nvd2-native do_Fetch task fails with log backtrace ending: ... File: '/builds/ccp/meta-siemens/projects/ccp/../../poky/meta/recipes-core/meta/cve-update-nvd2-native.bb', lineno: 234, function: update_db_file 0230: if raw_data is None: 0231: # We haven't managed to download data 0232: return False 0233: *** 0234: data = json.loads(raw_data) 0235: 0236: index = data["startIndex"] 0237: total = data["totalResults"] 0238: per_page = data["resultsPerPage"] ... File: '/usr/lib/python3.11/json/decoder.py', lineno: 355, function: raw_decode 0351: """ 0352: try: 0353: obj, end = self.scan_once(s, idx) 0354: except StopIteration as err: *** 0355: raise JSONDecodeError("Expecting value", s, err.value) from None 0356: return obj, end Exception: json.decoder.JSONDecodeError: Expecting value: line 1 column 1442633 (char 1442632) ... There was no announcement about json format of API v2.0 by nvd. Also this happens only if whole database is queried (database update is fine, even when multiple pages as queried). And lastly it's only the cve list, all other lists inside are fine. So this looks like a bug in NVD 2.0 introduced with some update. Patch this with simple character deletion for now and let's monitor the situation and possibly switch to json5 in the future. Note that there is no native json5 support in python, we'd have to use one of external libraries for it. Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 6e526327f5c9e739ac7981e4a43a4ce53a908945) Signed-off-by: Steve Sakoman --- meta/recipes-core/meta/cve-update-nvd2-native.bb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 99acead18d..74c780493d 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -231,6 +231,11 @@ def update_db_file(db_tmp_file, d, database_time): # We haven't managed to download data return False + # hack for json5 style responses + if raw_data[-3:] == ',]}': + bb.note("Removing trailing ',' from nvd response") + raw_data = raw_data[:-3] + ']}' + data = json.loads(raw_data) index = data["startIndex"] From patchwork Fri Apr 11 20:33:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 61192 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7701CC369A2 for ; Fri, 11 Apr 2025 20:34:03 +0000 (UTC) Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by mx.groups.io with SMTP id smtpd.web10.36735.1744403633978270762 for ; Fri, 11 Apr 2025 13:33:54 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=zKUuhUxd; spf=softfail (domain: sakoman.com, ip: 209.85.214.171, mailfrom: steve@sakoman.com) Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-224341bbc1dso24203635ad.3 for ; Fri, 11 Apr 2025 13:33:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1744403633; x=1745008433; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=bB6fe66xb3MqVI1kfHQxW0rXQytbJiZ8vBF4MrLcMuc=; b=zKUuhUxdsr6tF+1LNx9yN/4nwQeT7YghSIarAUvaKGcMKfAA4tnRcbxKFUS/5mXNBo pMePxe9HYcSbjTzbDGs/PyyL4t0DcUdVDQAOCf1OWz9/+veDoSId7VVw3zKrXFgsCiup Q2v75odVbte2z/kNc/62L4Vv+YQqJep2iHBnDdnE1inqZZgKDJh614u7ME6/n07rW+SW dgSC/r08Ro/BjctrjBUnbfgWwYfZwDtSly5ZcHU9l8+gaYzaakRpdpRd1Zs/DjB8zPsO Kvn4NNtu58WaF/j+Yd0rdaUDlMMrax3q6c4moFChYbYMMcL1tyleXsIE4WAn7P3/D/Rj yR6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744403633; x=1745008433; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bB6fe66xb3MqVI1kfHQxW0rXQytbJiZ8vBF4MrLcMuc=; b=C9fGdbJnUySnlWZH9faiX/qEGEh6ZRAr66BNsQiUDyR4VBEPuCqcfm0Cgzr3Y09wrg FACY4MClpQYmYEZvhLdQ+oOumxtDmwOXX6eIy5EYFyctBtldZIgoJ2BB0sUEd7qKDja0 U4+DZNjPjG76YgVI5iS8sPFiO5OnhZ/2rvAYCAasnPwxmTj20n6g2g4dVwtzI8VaY6u/ 8X89jrV9ObDmlrqamMeGC91gMKxruYnhYok6g0EgqW4tTfqz+Ri7XRFF2nckq4dUSad+ vTRTZoR/DLi5lXSc0bYt7lvoyJGmYQpWakEAby7w8tBQJ7QIKiPOBHIcutDcONmVG9HG Wa8w== X-Gm-Message-State: AOJu0YzKyZZ9E0y6Se4U2RZATrYPApdkhbpsQ5odV5PT7jlnk9kaC6Xo Gp1tOpyoN6hoe9+pDNQuFARqFBnbDO4eYlY694kNW6KZXrvSDXwf7qUEsgHPT0eFfzcO6RvhHFQ H X-Gm-Gg: ASbGncuj/e2EbmsKSE77AyeUOMXtIqhei8jhtjc5LjjLyQpbuU6BZJ6I4ypMhrJjQmE ekYngf+pK66GJ7HSqBTi2i67QQouYiTbcihZPEd6d/Xqju0aII1PdLkbD17//rGmskgx1Fhyh3Q 4TnF7V4JE0TducMjSytnvxkyPXBRjt2zOZHX6yysT6My66rqcWX4VqeSxY8ZbjfmV0eyfwbSG48 KqCGVYIZfYlTw1pkOqxC70UEaoS9pHsm6Su0iaNZ4P/hpM+JExYMAxNeH1KRmrEMEhiyTWb1sdd 8kMTzzFffzKLJZpTXvSlddx8R1JzJ5LJ X-Google-Smtp-Source: AGHT+IHRVU0aZUg4d92Suw0TGquLXXRA2c9HFSAGmoMCqzSBu+JHP24QPwKqDb35smuDwmnhUuuchQ== X-Received: by 2002:a17:902:d4c5:b0:220:c63b:d93c with SMTP id d9443c01a7336-22bea4fee9amr56339315ad.44.1744403633129; Fri, 11 Apr 2025 13:33:53 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:c93f:3642:a7d6:27ed]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-73bd230d697sm2067498b3a.123.2025.04.11.13.33.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Apr 2025 13:33:52 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 4/8] xz: upgrade 5.4.6 -> 5.4.7 Date: Fri, 11 Apr 2025 13:33:30 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 11 Apr 2025 20:34:03 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214757 From: Peter Marko License-Update: homepage update in [1] [1] https://github.com/tukaani-project/xz/commit/c5c091332c6953a0ce940cb355ea9e99491429fc Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- meta/recipes-extended/xz/{xz_5.4.6.bb => xz_5.4.7.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-extended/xz/{xz_5.4.6.bb => xz_5.4.7.bb} (94%) diff --git a/meta/recipes-extended/xz/xz_5.4.6.bb b/meta/recipes-extended/xz/xz_5.4.7.bb similarity index 94% rename from meta/recipes-extended/xz/xz_5.4.6.bb rename to meta/recipes-extended/xz/xz_5.4.7.bb index 3f82e476bf..53e5276951 100644 --- a/meta/recipes-extended/xz/xz_5.4.6.bb +++ b/meta/recipes-extended/xz/xz_5.4.7.bb @@ -17,7 +17,7 @@ LICENSE:${PN}-dbg = "GPL-2.0-or-later" LICENSE:${PN}-locale = "GPL-2.0-or-later" LICENSE:liblzma = "PD" -LIC_FILES_CHKSUM = "file://COPYING;md5=d4378ea9d5d1fc9ab0ae10d7948827d9 \ +LIC_FILES_CHKSUM = "file://COPYING;md5=c8ea84ebe7b93cce676b54355dc6b2c0 \ file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://COPYING.GPLv3;md5=1ebbd3e34237af26da5dc08a4e440464 \ file://COPYING.LGPLv2.1;md5=4fbd65380cdd255951079008b364516c \ @@ -27,7 +27,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d4378ea9d5d1fc9ab0ae10d7948827d9 \ SRC_URI = "https://github.com/tukaani-project/xz/releases/download/v${PV}/xz-${PV}.tar.gz \ file://run-ptest \ " -SRC_URI[sha256sum] = "aeba3e03bf8140ddedf62a0a367158340520f6b384f75ca6045ccc6c0d43fd5c" +SRC_URI[sha256sum] = "8db6664c48ca07908b92baedcfe7f3ba23f49ef2476864518ab5db6723836e71" UPSTREAM_CHECK_REGEX = "releases/tag/v(?P\d+(\.\d+)+)" UPSTREAM_CHECK_URI = "https://github.com/tukaani-project/xz/releases/" From patchwork Fri Apr 11 20:33:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 61195 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7DA32C369AB for ; Fri, 11 Apr 2025 20:34:03 +0000 (UTC) Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) by mx.groups.io with SMTP id smtpd.web10.36736.1744403636524925818 for ; Fri, 11 Apr 2025 13:33:56 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=BIngT51B; spf=softfail (domain: sakoman.com, ip: 209.85.210.181, mailfrom: steve@sakoman.com) Received: by mail-pf1-f181.google.com with SMTP id d2e1a72fcca58-736ad42dfd6so2047993b3a.3 for ; Fri, 11 Apr 2025 13:33:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1744403636; x=1745008436; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Jwq3fajsBQvZvpLS2FOwVpLjZlqDtyP3IrDZvLO4qj8=; b=BIngT51B7qqJqQ2J6Oom+7E9hWJC3cYcH939koXdp2ltTPnah8XC1cu54+px1qE4TU yFD34RO2ssMxobxtfZyvtSxX87pL7CK158GjXZMw3QEO54CQneuKj3kvPn9yVRC1iwCg 1v0+WvHIdmWEyHOXJIqk+nt0n7Peny4F8Q+AkZ7Wrz4tiMy01MEC+p1UM+LTpS/rj50+ x2tny1Zn50YZr91nY2sB/LIR3w3Qa0uG9Fn74r8LNr/gkOUIxCq1rQWkVM65vGR9VNBL RYFAlTJrXm+uMugUZHZTz2o765KJtOEviKncioZy1ZfuHacWHUhjgXy8RNrs2AXaE547 IPpg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744403636; x=1745008436; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Jwq3fajsBQvZvpLS2FOwVpLjZlqDtyP3IrDZvLO4qj8=; b=cKDmvEbrfd5zqJ48ivqtLvLJzaoYGgLLCl5bJaOfvp/mHY1MKq/2sc2YpOA+1A7aNr 2QP1XS7FKZcMqKmuHAnQuwezRYU9HlY+N5/1lh/mzSs/5zcDBx3BkGQnYHx7wt7CuoEI 7ATL+ImxkR1Ol+Hcz831Jl7b6q4QgmUv+KkurTsgTqLsOSDKEaSvqf5RIem7XauLEF7q 90Z8OD52tldCLhVDzpP1qDHhSvIMztabjRTpRFfecvoXOc/prhzoK5kwHqCkvIaG2k/c RkFYy5HuJE13zATQAUQtrNMc8JiamRXTHOdTMu4fAy9YhGKTXWS9U6zqPXqJOx7K/W87 vU2g== X-Gm-Message-State: AOJu0YxQOR2Ia7bge9pk66fruV20o04HMyw8byJj3GvszNpbPaAIc4bF LiNgHGyfLCC3unlsH7kMtTP1OvYgai6WhtGaDdFQ3QTLIxOLkpb8ax5PFEHWHGka4x8A1QcJQ7E A X-Gm-Gg: ASbGncstHDLjPwPKRFzt7rfjTDPgQpeHpwzd8o/Fv4aOKere18m8dQJgYwxSHZfMtsG O/GVJeI/dOgnYlTlG1zfuwSC29RXOH7AFVU3pjnCIEhaq24yyL2bYwoL/i23sAMM94t3ZeKLtOx R0Tx/I8f/hqPh/drkMSu8AwjdM7CmvUGOhTQ7OWrgtkqbNb1d15jjyBKbn3SRl2GbX0tgoZ6d7K IbQoE6ZiZfF4FU/7sLPC9Hzolz5hbtuM15sdejN5kj0DvPJCc56E9yipsi6Wot30nGzr036Ik4C HzzdFv1TSEGTkWsahIjnQlxr1AZO/h6M X-Google-Smtp-Source: AGHT+IG0jGu6SL9PyVyNEU+8P4GeJdxt8xsqokV3wGP9Xj4QmGvkVm7JJv3UBjDhcsj4pfIDnhXTXQ== X-Received: by 2002:a05:6a00:13a1:b0:736:a540:c9ad with SMTP id d2e1a72fcca58-73bd12a9f67mr5095995b3a.20.1744403635367; Fri, 11 Apr 2025 13:33:55 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:c93f:3642:a7d6:27ed]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-73bd230d697sm2067498b3a.123.2025.04.11.13.33.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Apr 2025 13:33:55 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 5/8] xz: patch CVE-2025-31115 Date: Fri, 11 Apr 2025 13:33:31 -0700 Message-ID: <952ea12f08a4e42f787a21fb98adaf4b17d0aee1.1744403103.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 11 Apr 2025 20:34:03 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214758 From: Peter Marko Cherry-pick commits from [1] linked from [2] from branch v5.4 [1] https://tukaani.org/xz/xz-cve-2025-31115.patch [2] https://tukaani.org/xz/threaded-decoder-early-free.html Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../xz/xz/CVE-2025-31115-01.patch | 29 ++++ .../xz/xz/CVE-2025-31115-02.patch | 152 ++++++++++++++++++ .../xz/xz/CVE-2025-31115-03.patch | 98 +++++++++++ .../xz/xz/CVE-2025-31115-04.patch | 56 +++++++ meta/recipes-extended/xz/xz_5.4.7.bb | 4 + 5 files changed, 339 insertions(+) create mode 100644 meta/recipes-extended/xz/xz/CVE-2025-31115-01.patch create mode 100644 meta/recipes-extended/xz/xz/CVE-2025-31115-02.patch create mode 100644 meta/recipes-extended/xz/xz/CVE-2025-31115-03.patch create mode 100644 meta/recipes-extended/xz/xz/CVE-2025-31115-04.patch diff --git a/meta/recipes-extended/xz/xz/CVE-2025-31115-01.patch b/meta/recipes-extended/xz/xz/CVE-2025-31115-01.patch new file mode 100644 index 0000000000..efbb9b1e12 --- /dev/null +++ b/meta/recipes-extended/xz/xz/CVE-2025-31115-01.patch @@ -0,0 +1,29 @@ +From bdb788137e1f1d967e0c9d885b859e5b95c1b5bf Mon Sep 17 00:00:00 2001 +From: Lasse Collin +Date: Thu, 3 Apr 2025 14:34:42 +0300 +Subject: [PATCH 1/4] liblzma: mt dec: Fix a comment + +Reviewed-by: Sebastian Andrzej Siewior +Thanks-to: Sam James +(cherry picked from commit 831b55b971cf579ee16a854f177c36b20d3c6999) + +CVE: CVE-2025-31115 +Upstream-Status: Backport [https://github.com/tukaani-project/xz/commit/bdb788137e1f1d967e0c9d885b859e5b95c1b5bf] +Signed-off-by: Peter Marko +--- + src/liblzma/common/stream_decoder_mt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/liblzma/common/stream_decoder_mt.c b/src/liblzma/common/stream_decoder_mt.c +index 76212b46..8b378852 100644 +--- a/src/liblzma/common/stream_decoder_mt.c ++++ b/src/liblzma/common/stream_decoder_mt.c +@@ -348,7 +348,7 @@ worker_enable_partial_update(void *thr_ptr) + + + /// Things do to at THR_STOP or when finishing a Block. +-/// This is called with thr->mutex locked. ++/// This is called with thr->coder->mutex locked. + static void + worker_stop(struct worker_thread *thr) + { diff --git a/meta/recipes-extended/xz/xz/CVE-2025-31115-02.patch b/meta/recipes-extended/xz/xz/CVE-2025-31115-02.patch new file mode 100644 index 0000000000..9a1351961d --- /dev/null +++ b/meta/recipes-extended/xz/xz/CVE-2025-31115-02.patch @@ -0,0 +1,152 @@ +From 2ce9ab6588a94cbf04a9c174e562ea5feb00cfb3 Mon Sep 17 00:00:00 2001 +From: Lasse Collin +Date: Thu, 3 Apr 2025 14:34:42 +0300 +Subject: [PATCH 2/4] liblzma: mt dec: Simplify by removing the THR_STOP state + +The main thread can directly set THR_IDLE in threads_stop() which is +called when errors are detected. threads_stop() won't return the stopped +threads to the pool or free the memory pointed by thr->in anymore, but +it doesn't matter because the existing workers won't be reused after +an error. The resources will be cleaned up when threads_end() is +called (reinitializing the decoder always calls threads_end()). + +Reviewed-by: Sebastian Andrzej Siewior +Thanks-to: Sam James +(cherry picked from commit c0c835964dfaeb2513a3c0bdb642105152fe9f34) + +CVE: CVE-2025-31115 +Upstream-Status: Backport [https://github.com/tukaani-project/xz/commit/2ce9ab6588a94cbf04a9c174e562ea5feb00cfb3] +Signed-off-by: Peter Marko +--- + src/liblzma/common/stream_decoder_mt.c | 75 ++++++++++---------------- + 1 file changed, 29 insertions(+), 46 deletions(-) + +diff --git a/src/liblzma/common/stream_decoder_mt.c b/src/liblzma/common/stream_decoder_mt.c +index 8b378852..e8e53587 100644 +--- a/src/liblzma/common/stream_decoder_mt.c ++++ b/src/liblzma/common/stream_decoder_mt.c +@@ -24,15 +24,10 @@ typedef enum { + THR_IDLE, + + /// Decoding is in progress. +- /// Main thread may change this to THR_STOP or THR_EXIT. ++ /// Main thread may change this to THR_IDLE or THR_EXIT. + /// The worker thread may change this to THR_IDLE. + THR_RUN, + +- /// The main thread wants the thread to stop whatever it was doing +- /// but not exit. Main thread may change this to THR_EXIT. +- /// The worker thread may change this to THR_IDLE. +- THR_STOP, +- + /// The main thread wants the thread to exit. + THR_EXIT, + +@@ -347,27 +342,6 @@ worker_enable_partial_update(void *thr_ptr) + } + + +-/// Things do to at THR_STOP or when finishing a Block. +-/// This is called with thr->coder->mutex locked. +-static void +-worker_stop(struct worker_thread *thr) +-{ +- // Update memory usage counters. +- thr->coder->mem_in_use -= thr->in_size; +- thr->in_size = 0; // thr->in was freed above. +- +- thr->coder->mem_in_use -= thr->mem_filters; +- thr->coder->mem_cached += thr->mem_filters; +- +- // Put this thread to the stack of free threads. +- thr->next = thr->coder->threads_free; +- thr->coder->threads_free = thr; +- +- mythread_cond_signal(&thr->coder->cond); +- return; +-} +- +- + static MYTHREAD_RET_TYPE + worker_decoder(void *thr_ptr) + { +@@ -398,17 +372,6 @@ next_loop_unlocked: + return MYTHREAD_RET_VALUE; + } + +- if (thr->state == THR_STOP) { +- thr->state = THR_IDLE; +- mythread_mutex_unlock(&thr->mutex); +- +- mythread_sync(thr->coder->mutex) { +- worker_stop(thr); +- } +- +- goto next_loop_lock; +- } +- + assert(thr->state == THR_RUN); + + // Update progress info for get_progress(). +@@ -511,7 +474,22 @@ next_loop_unlocked: + && thr->coder->thread_error == LZMA_OK) + thr->coder->thread_error = ret; + +- worker_stop(thr); ++ // Return the worker thread to the stack of available ++ // threads. ++ { ++ // Update memory usage counters. ++ thr->coder->mem_in_use -= thr->in_size; ++ thr->in_size = 0; // thr->in was freed above. ++ ++ thr->coder->mem_in_use -= thr->mem_filters; ++ thr->coder->mem_cached += thr->mem_filters; ++ ++ // Put this thread to the stack of free threads. ++ thr->next = thr->coder->threads_free; ++ thr->coder->threads_free = thr; ++ } ++ ++ mythread_cond_signal(&thr->coder->cond); + } + + goto next_loop_lock; +@@ -545,17 +523,22 @@ threads_end(struct lzma_stream_coder *coder, const lzma_allocator *allocator) + } + + ++/// Tell worker threads to stop without doing any cleaning up. ++/// The clean up will be done when threads_exit() is called; ++/// it's not possible to reuse the threads after threads_stop(). ++/// ++/// This is called before returning an unrecoverable error code ++/// to the application. It would be waste of processor time ++/// to keep the threads running in such a situation. + static void + threads_stop(struct lzma_stream_coder *coder) + { + for (uint32_t i = 0; i < coder->threads_initialized; ++i) { ++ // The threads that are in the THR_RUN state will stop ++ // when they check the state the next time. There's no ++ // need to signal coder->threads[i].cond. + mythread_sync(coder->threads[i].mutex) { +- // The state must be changed conditionally because +- // THR_IDLE -> THR_STOP is not a valid state change. +- if (coder->threads[i].state != THR_IDLE) { +- coder->threads[i].state = THR_STOP; +- mythread_cond_signal(&coder->threads[i].cond); +- } ++ coder->threads[i].state = THR_IDLE; + } + } + +@@ -1949,7 +1932,7 @@ stream_decoder_mt_init(lzma_next_coder *next, const lzma_allocator *allocator, + // accounting from scratch, too. Changes in filter and block sizes may + // affect number of threads. + // +- // FIXME? Reusing should be easy but unlike the single-threaded ++ // Reusing threads doesn't seem worth it. Unlike the single-threaded + // decoder, with some types of input file combinations reusing + // could leave quite a lot of memory allocated but unused (first + // file could allocate a lot, the next files could use fewer diff --git a/meta/recipes-extended/xz/xz/CVE-2025-31115-03.patch b/meta/recipes-extended/xz/xz/CVE-2025-31115-03.patch new file mode 100644 index 0000000000..a40a024cb0 --- /dev/null +++ b/meta/recipes-extended/xz/xz/CVE-2025-31115-03.patch @@ -0,0 +1,98 @@ +From 9a9c17712bd2a070581d9239692e527a2fe13845 Mon Sep 17 00:00:00 2001 +From: Lasse Collin +Date: Thu, 3 Apr 2025 14:34:42 +0300 +Subject: [PATCH 3/4] liblzma: mt dec: Don't free the input buffer too early + (CVE-2025-31115) + +The input buffer must be valid as long as the main thread is writing +to the worker-specific input buffer. Fix it by making the worker +thread not free the buffer on errors and not return the worker thread to +the pool. The input buffer will be freed when threads_end() is called. + +With invalid input, the bug could at least result in a crash. The +effects include heap use after free and writing to an address based +on the null pointer plus an offset. + +The bug has been there since the first committed version of the threaded +decoder and thus affects versions from 5.3.3alpha to 5.8.0. + +As the commit message in 4cce3e27f529 says, I had made significant +changes on top of Sebastian's patch. This bug was indeed introduced +by my changes; it wasn't in Sebastian's version. + +Thanks to Harri K. Koskinen for discovering and reporting this issue. + +Fixes: 4cce3e27f529 ("liblzma: Add threaded .xz decompressor.") +Reported-by: Harri K. Koskinen +Reviewed-by: Sebastian Andrzej Siewior +Thanks-to: Sam James +(cherry picked from commit d5a2ffe41bb77b918a8c96084885d4dbe4bf6480) + +CVE: CVE-2025-31115 +Upstream-Status: Backport [https://github.com/tukaani-project/xz/commit/9a9c17712bd2a070581d9239692e527a2fe13845] +Signed-off-by: Peter Marko +--- + src/liblzma/common/stream_decoder_mt.c | 31 ++++++++++++++++++-------- + 1 file changed, 22 insertions(+), 9 deletions(-) + +diff --git a/src/liblzma/common/stream_decoder_mt.c b/src/liblzma/common/stream_decoder_mt.c +index e8e53587..259c4c65 100644 +--- a/src/liblzma/common/stream_decoder_mt.c ++++ b/src/liblzma/common/stream_decoder_mt.c +@@ -436,8 +436,7 @@ next_loop_unlocked: + } + + // Either we finished successfully (LZMA_STREAM_END) or an error +- // occurred. Both cases are handled almost identically. The error +- // case requires updating thr->coder->thread_error. ++ // occurred. + // + // The sizes are in the Block Header and the Block decoder + // checks that they match, thus we know these: +@@ -445,16 +444,30 @@ next_loop_unlocked: + assert(ret != LZMA_STREAM_END + || thr->out_pos == thr->block_options.uncompressed_size); + +- // Free the input buffer. Don't update in_size as we need +- // it later to update thr->coder->mem_in_use. +- lzma_free(thr->in, thr->allocator); +- thr->in = NULL; +- + mythread_sync(thr->mutex) { ++ // Block decoder ensures this, but do a sanity check anyway ++ // because thr->in_filled < thr->in_size means that the main ++ // thread is still writing to thr->in. ++ if (ret == LZMA_STREAM_END && thr->in_filled != thr->in_size) { ++ assert(0); ++ ret = LZMA_PROG_ERROR; ++ } ++ + if (thr->state != THR_EXIT) + thr->state = THR_IDLE; + } + ++ // Free the input buffer. Don't update in_size as we need ++ // it later to update thr->coder->mem_in_use. ++ // ++ // This step is skipped if an error occurred because the main thread ++ // might still be writing to thr->in. The memory will be freed after ++ // threads_end() sets thr->state = THR_EXIT. ++ if (ret == LZMA_STREAM_END) { ++ lzma_free(thr->in, thr->allocator); ++ thr->in = NULL; ++ } ++ + mythread_sync(thr->coder->mutex) { + // Move our progress info to the main thread. + thr->coder->progress_in += thr->in_pos; +@@ -475,8 +488,8 @@ next_loop_unlocked: + thr->coder->thread_error = ret; + + // Return the worker thread to the stack of available +- // threads. +- { ++ // threads only if no errors occurred. ++ if (ret == LZMA_STREAM_END) { + // Update memory usage counters. + thr->coder->mem_in_use -= thr->in_size; + thr->in_size = 0; // thr->in was freed above. diff --git a/meta/recipes-extended/xz/xz/CVE-2025-31115-04.patch b/meta/recipes-extended/xz/xz/CVE-2025-31115-04.patch new file mode 100644 index 0000000000..8dea412281 --- /dev/null +++ b/meta/recipes-extended/xz/xz/CVE-2025-31115-04.patch @@ -0,0 +1,56 @@ +From c8bb46c5a16ed02401f4a0b46c74f0f46c1b6434 Mon Sep 17 00:00:00 2001 +From: Lasse Collin +Date: Thu, 3 Apr 2025 14:34:42 +0300 +Subject: [PATCH 4/4] liblzma: mt dec: Don't modify thr->in_size in the worker + thread + +Don't set thr->in_size = 0 when returning the thread to the stack of +available threads. Not only is it useless, but the main thread may +read the value in SEQ_BLOCK_THR_RUN. With valid inputs, it made +no difference if the main thread saw the original value or 0. With +invalid inputs (when worker thread stops early), thr->in_size was +no longer modified after the previous commit with the security fix +("Don't free the input buffer too early"). + +So while the bug appears harmless now, it's important to fix it because +the variable was being modified without proper locking. It's trivial +to fix because there is no need to change the value. Only main thread +needs to set the value in (in SEQ_BLOCK_THR_INIT) when starting a new +Block before the worker thread is activated. + +Fixes: 4cce3e27f529 ("liblzma: Add threaded .xz decompressor.") +Reviewed-by: Sebastian Andrzej Siewior +Thanks-to: Sam James +(cherry picked from commit 8188048854e8d11071b8a50d093c74f4c030acc9) + +CVE: CVE-2025-31115 +Upstream-Status: Backport [https://github.com/tukaani-project/xz/commit/c8bb46c5a16ed02401f4a0b46c74f0f46c1b6434] +Signed-off-by: Peter Marko +--- + src/liblzma/common/stream_decoder_mt.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/liblzma/common/stream_decoder_mt.c b/src/liblzma/common/stream_decoder_mt.c +index 259c4c65..6bbbe53b 100644 +--- a/src/liblzma/common/stream_decoder_mt.c ++++ b/src/liblzma/common/stream_decoder_mt.c +@@ -492,8 +492,6 @@ next_loop_unlocked: + if (ret == LZMA_STREAM_END) { + // Update memory usage counters. + thr->coder->mem_in_use -= thr->in_size; +- thr->in_size = 0; // thr->in was freed above. +- + thr->coder->mem_in_use -= thr->mem_filters; + thr->coder->mem_cached += thr->mem_filters; + +@@ -1558,6 +1556,10 @@ stream_decode_mt(void *coder_ptr, const lzma_allocator *allocator, + } + + // Return if the input didn't contain the whole Block. ++ // ++ // NOTE: When we updated coder->thr->in_filled a few lines ++ // above, the worker thread might by now have finished its ++ // work and returned itself back to the stack of free threads. + if (coder->thr->in_filled < coder->thr->in_size) { + assert(*in_pos == in_size); + return LZMA_OK; diff --git a/meta/recipes-extended/xz/xz_5.4.7.bb b/meta/recipes-extended/xz/xz_5.4.7.bb index 53e5276951..563643d4d9 100644 --- a/meta/recipes-extended/xz/xz_5.4.7.bb +++ b/meta/recipes-extended/xz/xz_5.4.7.bb @@ -26,6 +26,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=c8ea84ebe7b93cce676b54355dc6b2c0 \ SRC_URI = "https://github.com/tukaani-project/xz/releases/download/v${PV}/xz-${PV}.tar.gz \ file://run-ptest \ + file://CVE-2025-31115-01.patch \ + file://CVE-2025-31115-02.patch \ + file://CVE-2025-31115-03.patch \ + file://CVE-2025-31115-04.patch \ " SRC_URI[sha256sum] = "8db6664c48ca07908b92baedcfe7f3ba23f49ef2476864518ab5db6723836e71" UPSTREAM_CHECK_REGEX = "releases/tag/v(?P\d+(\.\d+)+)" From patchwork Fri Apr 11 20:33:32 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 61193 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7E7DAC3DA4A for ; Fri, 11 Apr 2025 20:34:03 +0000 (UTC) Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by mx.groups.io with SMTP id smtpd.web11.36481.1744403638957529038 for ; Fri, 11 Apr 2025 13:33:59 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=leYKG04D; spf=softfail (domain: sakoman.com, ip: 209.85.210.174, mailfrom: steve@sakoman.com) Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-730517040a9so3154551b3a.0 for ; Fri, 11 Apr 2025 13:33:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1744403638; x=1745008438; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=xU3UhxeMhVIG1ewtWRmeM7y61hc+mjH9diDgi8orcXo=; b=leYKG04DJITrPCDRiEPIC20Ou/E/LrcJgwY7HXYKMMibWxOcQ5HSbNtQFd0fn7x9Kz jQ0g6dC+/FkNCg68ByxztIge7wClrFeV0G0CpbyKJK0Z/kT0pHcaQlxn2MUli+9j6xpC +xzxu3Xwshb35qiOuUDjTMUcR4KSWdFJ5eIS/wsZPOCkh/IuebDJlwsShG6i8NdiLOFx 2/jpjRotslqrfxPVkqtfqrnKjPDvjyCERpBntUXFiU7HbyenPkJ/0XRNTcaA86TcS3zz q9b5XJ7KlPYd6T6WlFPK0L1VvRuZmmFDk5QqrQh6IJ2j5Nl1yix8otOLlpsAzU4iOLv6 38Dg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744403638; x=1745008438; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xU3UhxeMhVIG1ewtWRmeM7y61hc+mjH9diDgi8orcXo=; b=DsaWL2cl/Kl4WdLHr9NhHb/CeQXe0Qyjgx9o+po4Gsk6za1NYxg9y8JoLlPsN+QsZI Y50HXUw4MeMlg1/vyghYy/oN8kG7cYU2zGM7LGK15evP3kAxY+nl5gUbtsZv4GrJ74yl qvITsW14Xgn5baBEC3nTww7zbJocAmQn8T/ZL0RuC/xLMaABqAvjn+WPuvDtWYtvZbDN ddcc7/b7E/5Dh5zc5IufOu/tdIHyGv+7S+Ou5CmcJ657N5FgmzqhRvhovH47HGTeP8kg hXavOaxfot/yQAAKtNv0OitKPdMZnrwQp/8zLcviObliwhph18uZXociszZgaONiNWFS dnPw== X-Gm-Message-State: AOJu0Yw6AYg8nKUCDY1AH0RQuHkbZHqFlNH9ieX19ZfH2+tITByXbAuR VemcoUHaLbCJZ2Ztb4ikO6cfE6WL3F5nB3nmWCY4wd5EgN5i0je4/loeqDBRs/SEZNr6z/HiRWS 4 X-Gm-Gg: ASbGncuoIBUxsXami3G12HChSAY+1dUmQHnA8gc/skFVp+hTN3UEahsACegpkytl/RX 0Ygr61OoNojy702fBcEqguOku/wY9+2zK/sPiVvcB632s8FrOSQmkJ057aSAGQxdG0VelZKYecl wgDzcbfWOlo+jlL/o2scLOgL4lrZAuBA/ra5r7XqQ/gdiWuiNlUmXLH6ciN6joZ5Rg7Aw0mdAUb wuEsI2ozYC259vP55QuChS2VpbClAM/y/voAg0akhjug1oKZiRelKOuiKI1U2Mr9MngTHDS4dqo Rgnu2zGmu5omk2+FpqXLU6/dlWpy3QRa X-Google-Smtp-Source: AGHT+IE/hGKf+aPxqb8enZZr62kgwbqOsquq/T5Ep/iPpNn3RMwLvZlBbp7F5O4/shUXuTGWVWmkSA== X-Received: by 2002:a05:6a21:32a3:b0:1f5:9208:3ac7 with SMTP id adf61e73a8af0-20179995dcbmr7676868637.41.1744403638086; Fri, 11 Apr 2025 13:33:58 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:c93f:3642:a7d6:27ed]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-73bd230d697sm2067498b3a.123.2025.04.11.13.33.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Apr 2025 13:33:57 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 6/8] go: fix CVE-2025-22871 Date: Fri, 11 Apr 2025 13:33:32 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 11 Apr 2025 20:34:03 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214759 From: Hitendra Prajapati Upstream-Status: Backport from https://github.com/golang/go/commit/15e01a2e43ecb8c7e15ff7e9d62fe3f10dcac931 Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/go-1.22.12.inc | 1 + .../go/go/CVE-2025-22871.patch | 172 ++++++++++++++++++ 2 files changed, 173 insertions(+) create mode 100644 meta/recipes-devtools/go/go/CVE-2025-22871.patch diff --git a/meta/recipes-devtools/go/go-1.22.12.inc b/meta/recipes-devtools/go/go-1.22.12.inc index df77794506..b154aa3984 100644 --- a/meta/recipes-devtools/go/go-1.22.12.inc +++ b/meta/recipes-devtools/go/go-1.22.12.inc @@ -15,5 +15,6 @@ SRC_URI += "\ file://0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \ file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \ file://CVE-2025-22870.patch \ + file://CVE-2025-22871.patch \ " SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71" diff --git a/meta/recipes-devtools/go/go/CVE-2025-22871.patch b/meta/recipes-devtools/go/go/CVE-2025-22871.patch new file mode 100644 index 0000000000..2750178a42 --- /dev/null +++ b/meta/recipes-devtools/go/go/CVE-2025-22871.patch @@ -0,0 +1,172 @@ +From 15e01a2e43ecb8c7e15ff7e9d62fe3f10dcac931 Mon Sep 17 00:00:00 2001 +From: Damien Neil +Date: Wed, 26 Feb 2025 13:40:00 -0800 +Subject: [PATCH] [release-branch.go1.23] net/http: reject newlines in + chunk-size lines + +Unlike request headers, where we are allowed to leniently accept +a bare LF in place of a CRLF, chunked bodies must always use CRLF +line terminators. We were already enforcing this for chunk-data lines; +do so for chunk-size lines as well. Also reject bare CRs anywhere +other than as part of the CRLF terminator. + +Fixes CVE-2025-22871 +Fixes #72010 +For #71988 + +Change-Id: Ib0e21af5a8ba28c2a1ca52b72af8e2265ec79e4a +Reviewed-on: https://go-review.googlesource.com/c/go/+/652998 +Reviewed-by: Jonathan Amsterdam +LUCI-TryBot-Result: Go LUCI +(cherry picked from commit d31c805535f3fde95646ee4d87636aaaea66847b) +Reviewed-on: https://go-review.googlesource.com/c/go/+/657216 + +Upstream-Status: Backport [https://github.com/golang/go/commit/15e01a2e43ecb8c7e15ff7e9d62fe3f10dcac931] +CVE: CVE-2025-22871 +Signed-off-by: Hitendra Prajapati +--- + src/net/http/internal/chunked.go | 19 +++++++++-- + src/net/http/internal/chunked_test.go | 27 +++++++++++++++ + src/net/http/serve_test.go | 49 +++++++++++++++++++++++++++ + 3 files changed, 92 insertions(+), 3 deletions(-) + +diff --git a/src/net/http/internal/chunked.go b/src/net/http/internal/chunked.go +index 196b5d8..0b08a97 100644 +--- a/src/net/http/internal/chunked.go ++++ b/src/net/http/internal/chunked.go +@@ -164,6 +164,19 @@ func readChunkLine(b *bufio.Reader) ([]byte, error) { + } + return nil, err + } ++ ++ // RFC 9112 permits parsers to accept a bare \n as a line ending in headers, ++ // but not in chunked encoding lines. See https://www.rfc-editor.org/errata/eid7633, ++ // which explicitly rejects a clarification permitting \n as a chunk terminator. ++ // ++ // Verify that the line ends in a CRLF, and that no CRs appear before the end. ++ if idx := bytes.IndexByte(p, '\r'); idx == -1 { ++ return nil, errors.New("chunked line ends with bare LF") ++ } else if idx != len(p)-2 { ++ return nil, errors.New("invalid CR in chunked line") ++ } ++ p = p[:len(p)-2] // trim CRLF ++ + if len(p) >= maxLineLength { + return nil, ErrLineTooLong + } +@@ -171,14 +184,14 @@ func readChunkLine(b *bufio.Reader) ([]byte, error) { + } + + func trimTrailingWhitespace(b []byte) []byte { +- for len(b) > 0 && isASCIISpace(b[len(b)-1]) { ++ for len(b) > 0 && isOWS(b[len(b)-1]) { + b = b[:len(b)-1] + } + return b + } + +-func isASCIISpace(b byte) bool { +- return b == ' ' || b == '\t' || b == '\n' || b == '\r' ++func isOWS(b byte) bool { ++ return b == ' ' || b == '\t' + } + + var semi = []byte(";") +diff --git a/src/net/http/internal/chunked_test.go b/src/net/http/internal/chunked_test.go +index af79711..312f173 100644 +--- a/src/net/http/internal/chunked_test.go ++++ b/src/net/http/internal/chunked_test.go +@@ -280,6 +280,33 @@ func TestChunkReaderByteAtATime(t *testing.T) { + } + } + ++func TestChunkInvalidInputs(t *testing.T) { ++ for _, test := range []struct { ++ name string ++ b string ++ }{{ ++ name: "bare LF in chunk size", ++ b: "1\na\r\n0\r\n", ++ }, { ++ name: "extra LF in chunk size", ++ b: "1\r\r\na\r\n0\r\n", ++ }, { ++ name: "bare LF in chunk data", ++ b: "1\r\na\n0\r\n", ++ }, { ++ name: "bare LF in chunk extension", ++ b: "1;\na\r\n0\r\n", ++ }} { ++ t.Run(test.name, func(t *testing.T) { ++ r := NewChunkedReader(strings.NewReader(test.b)) ++ got, err := io.ReadAll(r) ++ if err == nil { ++ t.Fatalf("unexpectedly parsed invalid chunked data:\n%q", got) ++ } ++ }) ++ } ++} ++ + type funcReader struct { + f func(iteration int) ([]byte, error) + i int +diff --git a/src/net/http/serve_test.go b/src/net/http/serve_test.go +index 0c76f1b..0e8af02 100644 +--- a/src/net/http/serve_test.go ++++ b/src/net/http/serve_test.go +@@ -6980,3 +6980,52 @@ func testDisableContentLength(t *testing.T, mode testMode) { + t.Fatal(err) + } + } ++ ++func TestInvalidChunkedBodies(t *testing.T) { ++ for _, test := range []struct { ++ name string ++ b string ++ }{{ ++ name: "bare LF in chunk size", ++ b: "1\na\r\n0\r\n\r\n", ++ }, { ++ name: "bare LF at body end", ++ b: "1\r\na\r\n0\r\n\n", ++ }} { ++ t.Run(test.name, func(t *testing.T) { ++ reqc := make(chan error) ++ ts := newClientServerTest(t, http1Mode, HandlerFunc(func(w ResponseWriter, r *Request) { ++ got, err := io.ReadAll(r.Body) ++ if err == nil { ++ t.Logf("read body: %q", got) ++ } ++ reqc <- err ++ })).ts ++ ++ serverURL, err := url.Parse(ts.URL) ++ if err != nil { ++ t.Fatal(err) ++ } ++ ++ conn, err := net.Dial("tcp", serverURL.Host) ++ if err != nil { ++ t.Fatal(err) ++ } ++ ++ if _, err := conn.Write([]byte( ++ "POST / HTTP/1.1\r\n" + ++ "Host: localhost\r\n" + ++ "Transfer-Encoding: chunked\r\n" + ++ "Connection: close\r\n" + ++ "\r\n" + ++ test.b)); err != nil { ++ t.Fatal(err) ++ } ++ conn.(*net.TCPConn).CloseWrite() ++ ++ if err := <-reqc; err == nil { ++ t.Errorf("server handler: io.ReadAll(r.Body) succeeded, want error") ++ } ++ }) ++ } ++} +-- +2.25.1 + From patchwork Fri Apr 11 20:33:33 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 61194 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89731C369B1 for ; Fri, 11 Apr 2025 20:34:03 +0000 (UTC) Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by mx.groups.io with SMTP id smtpd.web10.36740.1744403641928727388 for ; Fri, 11 Apr 2025 13:34:01 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=l7sRWXLD; spf=softfail (domain: sakoman.com, ip: 209.85.210.169, mailfrom: steve@sakoman.com) Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-7370a2d1981so2008941b3a.2 for ; Fri, 11 Apr 2025 13:34:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1744403641; x=1745008441; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=6buF+Vd28RQOKVbHuwbrvxhlyzmDoUg0/rB/3BjYaVs=; b=l7sRWXLDYP0SwRQk81GkSxcy5Lwr+JgLmiH3zReYQWxvUk3S/jpvKtlwDLnSneKQVI l+iLIuvqiFaFl4rEu8hBA2FxT23JoRT192idbnNL7mvSH5NbjnUpFdj9SRCDBy8YpgHk IAWY0Fe2FXGFB3f6Xy2W46b5+v8G5M7TWSTr4rrg6LGgqp9zdIiHEczaWHxcwvk7bomW T4/RG6dPdo5kTnlrCb2VoO7ntc3++Id87/4etQArzRrMOx6NiProCSkLHrNd9ASiYo+3 zjwvgTycVFpYkThZ1OsO6QdXcFsgBDPxJIGW8F5m+y8yt+OpQ1yFy8iy82H/vXQnhfF5 9KFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744403641; x=1745008441; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6buF+Vd28RQOKVbHuwbrvxhlyzmDoUg0/rB/3BjYaVs=; b=Lp7+abgypSNDhs/NlEDztJljLWsmnMoyulRfQrufJ0yWeZFxzepxYEMA6Z/alyUI+h LsKfVhKwn0iltRgKptO+K2Gpnn/6uvnZJ/Jh8VDHl76PVLXEWzxwP8eL9s/4JZ7fOpnx +X+kjoKlhSf7SQV+tGUn5vxzC8BpnCAOqQUocYD8fgyhX+zo85hprmyIQoJ3ssWpoHb5 K+ZXEN8SRFa5ty1ROqDyj5bdCuLyq3rKDA6XB7pVclVaLkuWx/lSwCyGrQ+0Jyghcw+h 2QUjGQW7z6whTm9CQSvNfOmjoYOYT/FbD67QVPgzgKygGg/p6+q/ZKM3IdbY2D/M8hcS WT1g== X-Gm-Message-State: AOJu0YzOmjyeuQe9Cyp/fl+Q1NKDepBPxCg/MgxqBfE9SvSmVrjhveHy 4YbE+56IhYKk9ddGX/azaQZcSO0EmwPcMH4YkDvCsyW2m5eKA2gkily6GQnV0LcbrdR+hfoaPLn 1 X-Gm-Gg: ASbGncte25ZcgBnllY+30pg1mvL1MDvZ5PA4W8DIoTb9a+rHnzXtXoIIRoh1Z9fjeUh AzYdOumYBSSVifOZGg8R8/oHwtc4VHpRN1stMw9g2QQG+a+6NpPPaSPPvmv5YKhtuXr6BkdkG9V pwEkmlVo7WVszJ7dsHMBfezYkRRCxpnO99kUz/8vN3PzwdXScdQuli6KtDJ/9a1zGNP/vGhHRXq 48Q2ODuLc7GlGRXd7bcCEsqTYN096eEDol5lzG7v9QazAwWoo4EwXm99otClIwTG+DeS125ZXlp 3JacD8UcGdpXBh2A6fu0crokmck/hVqx X-Google-Smtp-Source: AGHT+IENdbN7NkKeiaUvpIE2EXycTKjF0IXBwn/ey7h35uUbmM8nTB9+7aponG0W8kGt8Q2Watr+aQ== X-Received: by 2002:a05:6a00:1414:b0:736:57cb:f2b6 with SMTP id d2e1a72fcca58-73bd11fe7d1mr5668038b3a.12.1744403641107; Fri, 11 Apr 2025 13:34:01 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:c93f:3642:a7d6:27ed]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-73bd230d697sm2067498b3a.123.2025.04.11.13.34.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Apr 2025 13:34:00 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 7/8] ghostscript: upgrade 10.04.0 -> 10.05.0 Date: Fri, 11 Apr 2025 13:33:33 -0700 Message-ID: <2c851f74fa72c30d447d59d450eb9bc036404f55.1744403103.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 11 Apr 2025 20:34:03 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214760 From: Archana Polampalli This upgrade addresses CVEs: CVE-2025-27835 CVE-2025-27832 CVE-2025-27831 CVE-2025-27836 CVE-2025-27830 CVE-2025-27833 CVE-2025-27833 CVE-2025-27834 Changelog: https://ghostscript.readthedocs.io/en/gs10.05.0/News.html Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../{ghostscript_10.04.0.bb => ghostscript_10.05.0.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-extended/ghostscript/{ghostscript_10.04.0.bb => ghostscript_10.05.0.bb} (97%) diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.04.0.bb b/meta/recipes-extended/ghostscript/ghostscript_10.05.0.bb similarity index 97% rename from meta/recipes-extended/ghostscript/ghostscript_10.04.0.bb rename to meta/recipes-extended/ghostscript/ghostscript_10.05.0.bb index 546d734333..1d05945c30 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_10.04.0.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_10.05.0.bb @@ -27,7 +27,7 @@ SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/downlo file://avoid-host-contamination.patch \ " -SRC_URI[sha256sum] = "c764dfbb7b13fc71a7a05c634e014f9bb1fb83b899fe39efc0b6c3522a9998b1" +SRC_URI[sha256sum] = "56e77833de683825c420d0af8cb90aa8ba7da71ea6fb5624290cbc1b53fe7942" PACKAGECONFIG ??= "" PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+3" From patchwork Fri Apr 11 20:33:34 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 61196 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 79BD8C369A2 for ; Fri, 11 Apr 2025 20:34:13 +0000 (UTC) Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by mx.groups.io with SMTP id smtpd.web10.36743.1744403645453645498 for ; Fri, 11 Apr 2025 13:34:05 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=q5BIgr6S; spf=softfail (domain: sakoman.com, ip: 209.85.210.169, mailfrom: steve@sakoman.com) Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-739525d4e12so2361026b3a.3 for ; Fri, 11 Apr 2025 13:34:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1744403645; x=1745008445; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=we3BNMR7i6CgBbiytHEEC3qnPSOYJa/ilDDoChPn6bc=; b=q5BIgr6SdB4k/Q8zvVqZ7L71xGV6KRAKyf6piX3SWgplVyLi/bu5KlGQg24lmzJbbv NX2A8sTqGofLcSPPsoarYSHY9q5mqGFfqutdi8mq1Nv3ZQH7ebK+F9W/ltmTUuUkS6a+ LUnD9E/xrzEVls8+3Ks3qSynNRDF6Wcqy+I9OMBncZE7f+rSvnS8GvpPVQfcVkEuOiFt A5mf9/knF33C0rSAkAYC9Ol6JxNqt7cTp/dk+5EJTbgeETl9VNnF+i8x5VYbKgT43CHn GmX9u/WgYyFs+lC666oYOWoiRC5IfMbUKFwP8xPfasTt94G7JLtzaYuYFpfFHnBKUXk2 KqdA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744403645; x=1745008445; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=we3BNMR7i6CgBbiytHEEC3qnPSOYJa/ilDDoChPn6bc=; b=qkbs4wZ4YBrGFhN8XoKttRgdOVHiPUmvE5wstQGzfXUNHspSTR1f76lDK+9wPRwufo GRf2VkOw3QyQ8/gwMHJdw+yVyAwx8/rp3aJcsG7bTio96ZOFovdL9p1Zq/QRPJvXhNBr Dm+BI5XL9CL2qZLYHGMXhMV0fcf1woVNBWql4L2yk7AobcbCFvKiyOBPVnuujw6eS4Yt o1/MFcnPmlYn3ljVeB2gs13Pj2onZBFHA0UlE7egX+bk07Ws60MkM+EZbGYDSEy65VaH PDBbL61wSomWlHF30C4uTOr3p88cdN5d434T4NCnKtTtiGZk1G+YpM92UGGXpWx1ZNVE +HuQ== X-Gm-Message-State: AOJu0YxRWbeiRfwt1h4oLJHxIyWW7YpTp2G0E6Kjxmby3UvZiExxPkMp EzYrTxNXAktTf2g0qhvjIlv2zne5Lfg9Vj4LO7hx7jTEusS6AYTEl/nm1wjxQQ5e/vWXEz4+sOU Y X-Gm-Gg: ASbGncsz/XHH7uCT2Lc+Fd9q18q3+Sr1jdd8yeZndawqeqxskOKFj5a8qxH40/9+gAf MaC+Vk6f0FQZo1b9PhBukjMpBKtzJeEc9m+TMFsPlpcc9G6v1fBrC1r084OJHauf9WghFP72F1x +uv8xSCDhS05ZoI7JcMCDBpsAum9sQBLXPSEk+LoX796h91SxPbUkSLupsHqbQDQzWHP20acC0Y fPBlp96Vt/gSMb87nkpbPtChWY4jm7ZBDC9D/YEwiH/aQsHcL1v9+VB3OeYbKdqXgNNts+EicHo v+zoDWuMULobCDI635aGwXH6Z8WUcjfZ X-Google-Smtp-Source: AGHT+IFIa9hNBrvv9qXr4x6YwKGtiNa3Hv8ryj5H3e4nvw+gFtFlInWom2lzMeAA7VQ6EReFxjlUGQ== X-Received: by 2002:a05:6a00:2285:b0:736:7270:4d18 with SMTP id d2e1a72fcca58-73bd1209efdmr5336933b3a.14.1744403644591; Fri, 11 Apr 2025 13:34:04 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:c93f:3642:a7d6:27ed]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-73bd230d697sm2067498b3a.123.2025.04.11.13.34.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Apr 2025 13:34:04 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 8/8] patch.py: set commituser and commitemail for addNote Date: Fri, 11 Apr 2025 13:33:34 -0700 Message-ID: <9de38ac99c2b19f549c00ea5277faf621c6f4e65.1744403103.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 11 Apr 2025 20:34:13 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214761 From: Changqing Li When PATCHTOOL is set to 'git', and user don't setup user.name and user.email for git, do_patch fail with the following error, fix by passing -c options. CmdError("git notes --ref refs/notes/devtool append -m 'original patch: 0001-PATCH-increase-to-cpp17-version.patch' HEAD", 0, 'stdout: stderr: Author identity unknown *** Please tell me who you are. Run git config --global user.email "you@example.com" git config --global user.name "Your Name" Signed-off-by: Changqing Li Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- meta/lib/oe/patch.py | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/meta/lib/oe/patch.py b/meta/lib/oe/patch.py index 60a0cc8291..417333e431 100644 --- a/meta/lib/oe/patch.py +++ b/meta/lib/oe/patch.py @@ -462,21 +462,23 @@ class GitApplyTree(PatchTree): return (tmpfile, cmd) @staticmethod - def addNote(repo, ref, key, value=None): + def addNote(repo, ref, key, value=None, commituser=None, commitemail=None): note = key + (": %s" % value if value else "") notes_ref = GitApplyTree.notes_ref runcmd(["git", "config", "notes.rewriteMode", "ignore"], repo) runcmd(["git", "config", "notes.displayRef", notes_ref, notes_ref], repo) runcmd(["git", "config", "notes.rewriteRef", notes_ref, notes_ref], repo) - runcmd(["git", "notes", "--ref", notes_ref, "append", "-m", note, ref], repo) + cmd = ["git"] + GitApplyTree.gitCommandUserOptions(cmd, commituser, commitemail) + runcmd(cmd + ["notes", "--ref", notes_ref, "append", "-m", note, ref], repo) @staticmethod - def removeNote(repo, ref, key): + def removeNote(repo, ref, key, commituser=None, commitemail=None): notes = GitApplyTree.getNotes(repo, ref) notes = {k: v for k, v in notes.items() if k != key and not k.startswith(key + ":")} runcmd(["git", "notes", "--ref", GitApplyTree.notes_ref, "remove", "--ignore-missing", ref], repo) for note, value in notes.items(): - GitApplyTree.addNote(repo, ref, note, value) + GitApplyTree.addNote(repo, ref, note, value, commituser, commitemail) @staticmethod def getNotes(repo, ref): @@ -507,7 +509,7 @@ class GitApplyTree(PatchTree): GitApplyTree.gitCommandUserOptions(cmd, d=d) cmd += ["commit", "-m", subject, "--no-verify"] runcmd(cmd, dir) - GitApplyTree.addNote(dir, "HEAD", GitApplyTree.ignore_commit) + GitApplyTree.addNote(dir, "HEAD", GitApplyTree.ignore_commit, d.getVar('PATCH_GIT_USER_NAME'), d.getVar('PATCH_GIT_USER_EMAIL')) @staticmethod def extractPatches(tree, startcommits, outdir, paths=None): @@ -654,7 +656,7 @@ class GitApplyTree(PatchTree): raise finally: if patch_applied: - GitApplyTree.addNote(self.dir, "HEAD", GitApplyTree.original_patch, os.path.basename(patch['file'])) + GitApplyTree.addNote(self.dir, "HEAD", GitApplyTree.original_patch, os.path.basename(patch['file']), self.commituser, self.commitemail) class QuiltTree(PatchSet):