[mickledore,01/10] curl: Add CVE-2023-28320 follow-up fix

Message ID	5d6d4768693f9baa9b801e87d4d2aed0d9792613.1695764457.git.steve@sakoman.com
State	New
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.214.175, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][mickledore 01/10] curl: Add CVE-2023-28320 follow-up fix Date: Tue, 26 Sep 2023 11:43:10 -1000 Message-Id: <5d6d4768693f9baa9b801e87d4d2aed0d9792613.1695764457.git.steve@sakoman.com> In-Reply-To: <cover.1695764457.git.steve@sakoman.com> References: <cover.1695764457.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[mickledore,01/10] curl: Add CVE-2023-28320 follow-up fix \| expand [mickledore,01/10] curl: Add CVE-2023-28320 follow-up fix [mickledore,02/10] linux-yocto: update CVE exclusions [mickledore,03/10] glibc: fix CVE-2023-4527 [mickledore,04/10] python3-git: upgrade 3.1.32 -> 3.1.37 [mickledore,05/10] bind: upgrade 9.18.17 -> 9.18.18 [mickledore,06/10] bind: update to 9.18.19 [mickledore,07/10] ffmpeg: 5.1.2 -> 5.1.3 [mickledore,08/10] multilib.conf: explicitly make MULTILIB_VARIANTS vardeps on MULTILIBS [mickledore,09/10] gcc-crosssdk: ignore MULTILIB_VARIANTS in signature computation [mickledore,10/10] cml1: Fix KCONFIG_CONFIG_COMMAND not conveyed fully in do_menuconfig

Message ID

5d6d4768693f9baa9b801e87d4d2aed0d9792613.1695764457.git.steve@sakoman.com

State

New

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][mickledore 01/10] curl: Add CVE-2023-28320 follow-up fix
Date: Tue, 26 Sep 2023 11:43:10 -1000
Message-Id: 
 <5d6d4768693f9baa9b801e87d4d2aed0d9792613.1695764457.git.steve@sakoman.com>
In-Reply-To: <cover.1695764457.git.steve@sakoman.com>
References: <cover.1695764457.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[mickledore,01/10] curl: Add CVE-2023-28320 follow-up fix | expand

Commit Message

Steve Sakoman Sept. 26, 2023, 9:43 p.m. UTC

From: Sanjay Chitroda <sanjay.chitroda@einfochips.com>

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-28320
https://security-tracker.debian.org/tracker/CVE-2023-28320

Upstream Patch:
Introduced by: https://github.com/curl/curl/commit/3c49b405de4f (curl-7_9_8)
Fixed by: https://github.com/curl/curl/commit/13718030ad4b (curl-8_1_0)
Follow-up: https://github.com/curl/curl/commit/f446258f0269 (curl-8_1_0)

Signed-off-by: Sanjay Chitroda <sanjay.chitroda@einfochips.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../curl/curl/CVE-2023-28320-fol1.patch       | 80 +++++++++++++++++++
 meta/recipes-support/curl/curl_8.0.1.bb       |  1 +
 2 files changed, 81 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch b/meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch
new file mode 100644
index 0000000000..3c06d8c518
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-28320-fol1.patch
@@ -0,0 +1,80 @@ 
+From e442feb37ba25c80b8480b908d1c570fd9f41c5e Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 16 May 2023 23:40:42 +0200
+Subject: [PATCH] hostip: include easy_lock.h before using
+ GLOBAL_INIT_IS_THREADSAFE
+
+Since that header file is the only place that define can be defined.
+
+Reported-by: Marc Deslauriers
+
+Follow-up to 13718030ad4b3209
+
+Closes #11121
+
+CVE: CVE-2023-28320
+Upstream-Status: Backport [https://github.com/curl/curl/commit/f446258f0269]
+
+(cherry picked from commit f446258f0269a62289cca0210157cb8558d0edc3)
+Signed-off-by: Sanjay Chitroda <sanjay.chitroda@einfochips.com>
+
+---
+ lib/hostip.c | 10 ++++------
+ lib/hostip.h |  9 ---------
+ 2 files changed, 4 insertions(+), 15 deletions(-)
+
+diff --git a/lib/hostip.c b/lib/hostip.c
+index d6906a2e8..2d26b5628 100644
+--- a/lib/hostip.c
++++ b/lib/hostip.c
+@@ -70,6 +70,8 @@
+ #include <SystemConfiguration/SCDynamicStoreCopySpecific.h>
+ #endif
+ 
++#include "easy_lock.h"
++
+ #if defined(CURLRES_SYNCH) &&                   \
+   defined(HAVE_ALARM) &&                        \
+   defined(SIGALRM) &&                           \
+@@ -79,10 +81,6 @@
+ #define USE_ALARM_TIMEOUT
+ #endif
+ 
+-#ifdef USE_ALARM_TIMEOUT
+-#include "easy_lock.h"
+-#endif
+-
+ #define MAX_HOSTCACHE_LEN (255 + 7) /* max FQDN + colon + port number + zero */
+ 
+ /*
+@@ -265,8 +263,8 @@ void Curl_hostcache_prune(struct Curl_easy *data)
+ /* Beware this is a global and unique instance. This is used to store the
+    return address that we can jump back to from inside a signal handler. This
+    is not thread-safe stuff. */
+-sigjmp_buf curl_jmpenv;
+-curl_simple_lock curl_jmpenv_lock;
++static sigjmp_buf curl_jmpenv;
++static curl_simple_lock curl_jmpenv_lock;
+ #endif
+ 
+ /* lookup address, returns entry if found and not stale */
+diff --git a/lib/hostip.h b/lib/hostip.h
+index 4b5481f65..0dd19e87c 100644
+--- a/lib/hostip.h
++++ b/lib/hostip.h
+@@ -186,15 +186,6 @@ Curl_cache_addr(struct Curl_easy *data, struct Curl_addrinfo *addr,
+ #define CURL_INADDR_NONE INADDR_NONE
+ #endif
+ 
+-#ifdef HAVE_SIGSETJMP
+-/* Forward-declaration of variable defined in hostip.c. Beware this
+- * is a global and unique instance. This is used to store the return
+- * address that we can jump back to from inside a signal handler.
+- * This is not thread-safe stuff.
+- */
+-extern sigjmp_buf curl_jmpenv;
+-#endif
+-
+ /*
+  * Function provided by the resolver backend to set DNS servers to use.
+  */
diff --git a/meta/recipes-support/curl/curl_8.0.1.bb b/meta/recipes-support/curl/curl_8.0.1.bb
index bcfe4a6088..708f622fe1 100644
--- a/meta/recipes-support/curl/curl_8.0.1.bb
+++ b/meta/recipes-support/curl/curl_8.0.1.bb
@@ -18,6 +18,7 @@  SRC_URI = " \
     file://CVE-2023-28320.patch \
     file://CVE-2023-28321.patch \
     file://CVE-2023-32001.patch \
+    file://CVE-2023-28320-fol1.patch \
 "
 SRC_URI[sha256sum] = "0a381cd82f4d00a9a334438b8ca239afea5bfefcfa9a1025f2bf118e79e0b5f0"