From patchwork Tue Dec 21 14:24:57 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ernst_Sj=C3=B6strand?= X-Patchwork-Id: 1772 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 97F40C433F5 for ; Tue, 21 Dec 2021 14:25:03 +0000 (UTC) Received: from mx08-00271601.pphosted.com (mx08-00271601.pphosted.com [185.132.182.208]) by mx.groups.io with SMTP id smtpd.web09.6236.1640096700994911691 for ; Tue, 21 Dec 2021 06:25:02 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@verisure.com header.s=pp16032020 header.b=P3HAxnXW; spf=none, err=permanent DNS error (domain: lists.verisure.com, ip: 185.132.182.208, mailfrom: ernst.sjostrand@lists.verisure.com) Received: from pps.filterd (m0107398.ppops.net [127.0.0.1]) by mx08-00271601.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 1BLDp5Wt030524; Tue, 21 Dec 2021 15:24:59 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=verisure.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=pp16032020; bh=DDhg413yg2SN3bESxXmUtCSdEmMYXyTv6pb/2mwuydk=; b=P3HAxnXWAPFLfndOi5bI6HOW5urjDhStRbbIXVVhntNr1KM5kCmqF3BA14WYseYENY/r gzbdIruM2PGuDZ2hw9zhq3LEn9JjZsvReEf46xQjvPXIYLPEAvU9QYV7Z9wXHRotzM22 pTr9R8pwlcEhEsIunHmaY+FFsUsrrGPAbtBwLn0/ZtXEqs10JtR0ARCwfwNbKcsyiWUD 9JiN04fkaBjM5pHCMNYXMkt9FpDEjr35tg9G/HzHPeBDfgB+6X1PAGvNpgkgbOuG0Izu ECFSaCE//OeGwaEs1ekf+Eff964OtV6paUI+gnMLY1tbGItq2DyiCQxMfgeC3rpmfUG5 cw== Received: from eur05-db8-obe.outbound.protection.outlook.com (mail-db8eur05lp2112.outbound.protection.outlook.com [104.47.17.112]) by mx08-00271601.pphosted.com (PPS) with ESMTPS id 3d39wvm7bf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 21 Dec 2021 15:24:59 +0100 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hPtpnPvK+SLMjd6Ocq1gcHfK3KDxr8bYg2GUFCTjj7nICvfyNQIfMVx9YdCLZm4lBfn5EmR2YLLLiNmBcy3lY/F8vUW2+c3/RZBNXV3Yi1O7qbXB9XPwbwUb/39HilODsyzGSFnTBmftMCobczsWLOILl+uQnoavRmYVJ+5y7t8tTBux19e8kcLZC6T8abxGqwjY/1AuSfWyrVWkjnnu1R7Pt+Z0Yg88bINFusaCEXe3aOx207KWwRB/p3h7hObqRFvwurh06NnQSRpZWFoTtKcpvr/QEjgRsb3pUUqcSWoqMwPEQ/5y6u4TK+7H8CABdIYa+Y181Jpn18J9SIaOZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DDhg413yg2SN3bESxXmUtCSdEmMYXyTv6pb/2mwuydk=; b=kuwnSXRlTNLLYarcMte5JH+mL+iXweixjBkNSTql6jvVkE556GChYkslXE7iXyGsZRoYGuGT5KVLnzu6g7t/nZgwRjyWQ67PIYXuCbhsutfLa2F3aOZkUrZ/kgH5Paa5udooM4KMCQtsePMRO+IOIwkeZvK91jcQp6LQvllCVC1CRbelWOWDZx4HJUoTP8sXESrQFGeSO7qK5Q0opwAHMjf1Nm1H/1TNObmoRM/k+3GAm3aIq1ZweHxkQGWuEHrs/2zsJRcVNWwLEBy1lJDeiNy/TQVkYOFVER7WDXQU1titT1zpFtFKjul56sMOG84YTp9nc2HiRbDz5/wH9A5eAg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=lists.verisure.com; dmarc=pass action=none header.from=lists.verisure.com; dkim=pass header.d=lists.verisure.com; arc=none Received: from AM9PR10MB5132.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:43b::18) by AM9PR10MB4959.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:41e::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4801.17; Tue, 21 Dec 2021 14:24:57 +0000 Received: from AM9PR10MB5132.EURPRD10.PROD.OUTLOOK.COM ([fe80::66:11c9:5d2a:e49c]) by AM9PR10MB5132.EURPRD10.PROD.OUTLOOK.COM ([fe80::66:11c9:5d2a:e49c%4]) with mapi id 15.20.4801.020; Tue, 21 Dec 2021 14:24:57 +0000 From: =?utf-8?q?Ernst_Sj=C3=B6strand?= To: "steve@sakoman.com" CC: "openembedded-core@lists.openembedded.org" Subject: [dunfell][PATCH v3] dropbear: Fix CVE-2020-36254 Thread-Topic: [dunfell][PATCH v3] dropbear: Fix CVE-2020-36254 Thread-Index: AQHX9naHRBV9zE2jC0SE9lIalNTeLA== Date: Tue, 21 Dec 2021 14:24:57 +0000 Message-ID: <9b1ac8d4c0e4faefb2eb36cc9ccfe90f6373991c.camel@lists.verisure.com> References: <16C2B9B88AD918F7.22520@lists.openembedded.org> <0ab160933ee8b84b5d5b0e648a2a20f8ed3367d3.camel@lists.verisure.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4fddae18-d69b-4980-ee32-08d9c48daa6c x-ms-traffictypediagnostic: AM9PR10MB4959:EE_ x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:161; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: gGsD6/ZlxSxNxrU5Nk0aFsKn0ekiPl+MXgJaApckRWa/dbtyYZYdYbL1TZAYUTdFDjS87uXrGTFYt0u9e5LGF8DLAa+7EczwmikqIf7so5L8mwlJhusLLl2cLnjE1UTAzP8dgmq/YzdpAAnXs2LzoH3gDxGmqHpWZ+4C8gmdOrj8d6f+ojz+K+wtet2XnKopvk0UCei+obOBVvxVIsgZdSgySQHhgq1BwKQ4CDAWoQWrg1y2ZUoMBtyIIgYbphBQzf5Cp2ZOMpS4wckUgmBGay/SOBdkxopB2TPWsKSEXG+F5wkWwPaT3VrZhM2YzNy5px7+toE40TP/N97kOGcxSZtOijF+T472uEJev7MPb2D787Odw9RpaWJXbhlK9+zjpLlK2no0uxxRXUk2Sn60s+nv20JBSs9xDwtSoQjFuJuXYKMLg3MkcVn4MnzcdmVBfJ2loHd72R4di0OYSuKoHAmxyb0B/OmZAPhrUdk3yS7X6NfNR2sxx8/CqtXg/OBOavBnnlG1zA0mQ//YRT89NUWNgeqNqLQlrCGAPrKYs8kBxyg7PKIis9QcduZc7kr7ZUVSyImSki5G8ahNvigAQuY6iR1ICnld5cEZ5kLcvwn/j0I4cxytVPfqA8x5KI1VbOWNkxQtzO7C9wsU44C1qs0bQaboeaqZsTkVQUv5adlyatnWmn3vadNJSAvMgh1lJpMIiwUj8IjMhWljyF4nuBQRViPhuXYmxJieq67KOQqScC0g5bHrm5pf5F+T7X8g2fi0w6McN7/pT0z8m7hNf/CPmYo0UsMdIqHM2/ZtMro= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM9PR10MB5132.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(4636009)(366004)(316002)(2906002)(122000001)(38070700005)(4326008)(186003)(83380400001)(8936002)(966005)(8676002)(508600001)(2616005)(66574015)(85182001)(6512007)(6486002)(64756008)(66946007)(76116006)(5660300002)(66556008)(26005)(66476007)(91956017)(6916009)(86362001)(71200400001)(85202003)(66446008)(6506007)(38100700002);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?q?ezdEglj905HCV+oBfqhJ8m9jJFrz?= =?utf-8?q?68hy0bcQOfECbOQ2O1EZNr+1qX0HHTR+4TP5HGljePYXpkUblll6RVWC1NI4U37Pi?= =?utf-8?q?PmSbuLVHV+dECAPQ5zJGKG7f9KqZ8tJau5uhClpJmAmiRqi7jqS5WGFXHyE1MvNIU?= =?utf-8?q?AWjb3vZG3xQI/lIPChBU5ZqgywLF6a6RPt9MV4F7eGlr423ute0JERx4/xuKQtUfG?= =?utf-8?q?5HgLq3EQcVKdR4P3jdNAXmFrnztGRMpOFV6c+vJosQTEob9LK5txmruz0/EwSRnUb?= =?utf-8?q?XYVGgFNTLDdJ+C0ZwGIyyeTFg/qUI2iPHZzTGOkVfGIsPH7UKODhUnz6U4HF8rRGo?= =?utf-8?q?IWMKwYZDNXFgopUO48GHI0Js4xttYJ/wZAWtrPvizJfBMLULKYzIQ1H7Eg7iKjAG3?= =?utf-8?q?zSl44wFtLU+uOOI/5R6Mwizh0unBVeYEjkdT9iDcg18xd4mO2x+YkqgZhQMhqVmdV?= =?utf-8?q?KviR1qGboaoQi2FK8lfq3uOeB6+LrO6PGayQh5MhsOka0XL6ZmlmbKy7qhQWMQMN+?= =?utf-8?q?6v2p2ip0KpDmGm3hVMa0ZE2riBapbuFRQkpCWDw5nRDD777OUZWbXkJkUR4gtEBFE?= =?utf-8?q?I1ypgjjgQDite6N95+A4rQuuypSq4LwdEl3QxcFqtV/KfR0zObBD16Un1t27c2r2n?= =?utf-8?q?dQQSPPBeNOPRxNRsReSBqeX6I8jcm0GM3s4SM5CzYTAcPNZEWWDZczQlOQ0HBUg8k?= =?utf-8?q?v4rEDGUq9IoMn3euDvvlzo1Ohr+lBzqr6nMkej3X50AFLGEZpteibNplrJCpUZ59z?= =?utf-8?q?wTcBbg3cOf1kZWGHJmwi8W3U5Zkm6mf2QD+d1maWKwmrAf39XmUYn++kHDBP4qpH9?= =?utf-8?q?b1o/nbORHZFf7C+EGaNhKV0l3ic8sykdMCOvH+nOZwYUMtKv8RSZaMnDBRifsJ36W?= =?utf-8?q?XdThkLOpuYHYTUEPa95Cq1WGPTro911QY9qeElTRTnsb90MqAKZkK0NCHA/ZN114O?= =?utf-8?q?JS2lCTtKoVj/btrts+rqQJnAG9ZFU4EGMhwn0CkGzXVrtSo8sq2yPCTV8eOp3h0iI?= =?utf-8?q?o5GRQZzZ8HK9Z7TAFMpXlbOrrr+JMKglomOKdtGjtcsXXv/aZrlquc8TGlmIgruDp?= =?utf-8?q?dAUKLcSMLvQ37kKx56c3XeTBNGS6ZuW26JGsIRB81A2vcFcKeA5kn8p4cp3sC/Frn?= =?utf-8?q?94IBBOe6ycy8altOIeDydNPMKRu71oyfhfscbjyH3kk8EiCqsk4ne9Et5xVNeoF3n?= =?utf-8?q?eBzypHCcgz2MXn804NMzoufs1y/Fr0xp3RhuBsJO9l3g/E+9q5kfDkbdEUH784Fjk?= =?utf-8?q?wzbbNvA1hkRd+Mluuvohka6BKQwUiTZQ2YgFiKxxoArwc+I1dNUH4iGfhYOxMlmKm?= =?utf-8?q?hUPBivquKHKssxNMsTmBJxU3ZKJWtcWR9eNae+CbCWygoEa3AsuYK9zvERMCT7+W2?= =?utf-8?q?OgiDCWXukwmaJjT8abeoEu6V84QmhNCP/pc2HmzQXPMyENAXnV/6gqRh1o5nkCG/5?= =?utf-8?q?ZU3GqTiXNhbnBpvxGnZtTU8BHlLkMoJ52uKUOYU9GGb2/DommaPfyHgbOql0NAKCP?= =?utf-8?q?NL/zaZs9um/s5erpMOZ3vE9CBWZcGYU7UmX62V5UgRX33p9zFEOVl2okRXL7ktHOr?= =?utf-8?q?cMPYuvgOu4zwX9zgKWhQmGZuwFCx2sXYxgurcb4xyY7iE5yEEK4y80=3D?= Content-ID: MIME-Version: 1.0 X-OriginatorOrg: lists.verisure.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: AM9PR10MB5132.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 4fddae18-d69b-4980-ee32-08d9c48daa6c X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Dec 2021 14:24:57.7553 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3055fa7f-a944-4927-801e-a62b63119e43 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: h7cmovEPsHJ/3NynRgsxWhAZJlD9PD9yR8J3xhmN2OL3/fPBX6knKgPeB/YXz0ku2T/D0c51WaU0o9O5tc1XRcg/0Pqkaz2257znGTzjtZs= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR10MB4959 X-Proofpoint-GUID: Azuh-pM1jal07N6kPi1aijZPV5fBaVZs X-Proofpoint-ORIG-GUID: Azuh-pM1jal07N6kPi1aijZPV5fBaVZs X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2021-12-21_04,2021-12-21_01,2021-12-02_01 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 21 Dec 2021 14:25:03 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/159922 Dropbear shares a lot of code with other SSH implementations, so this is a port of CVE-2018-20685 to dropbear by the dropbear developers. Reference: https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff CVE: CVE-2020-36254 Upstream-Status: Backport Signed-off-by: Ernst Sjöstrand --- meta/recipes-core/dropbear/dropbear.inc | 4 ++- .../dropbear/dropbear/CVE-2020-36254.patch | 29 +++++++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2020-36254.patch -- 2.34.1 diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc index d41e8b36dcd..b949a9a3372 100644 --- a/meta/recipes-core/dropbear/dropbear.inc +++ b/meta/recipes-core/dropbear/dropbear.inc @@ -22,7 +22,9 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ file://dropbear.socket \ file://dropbear.default \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ - ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} " + ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \ + file://CVE-2020-36254.patch \ + " PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \ file://0006-dropbear-configuration-file.patch \ diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2020-36254.patch b/meta/recipes-core/dropbear/dropbear/CVE-2020-36254.patch new file mode 100644 index 00000000000..64d0d96486c --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/CVE-2020-36254.patch @@ -0,0 +1,29 @@ +From c96c48d62aefc372f2105293ddf8cff2d116dc3a Mon Sep 17 00:00:00 2001 +From: Haelwenn Monnier +Date: Mon, 25 May 2020 14:54:29 +0200 +Subject: [PATCH] scp.c: Port OpenSSH CVE-2018-20685 fix (#80) + +Reference: +https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff + +CVE: CVE-2020-36254 +Upstream-Status: Backport + +--- + scp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/scp.c b/scp.c +index 742ae00..7b8e7d2 100644 +--- a/scp.c ++++ b/scp.c +@@ -935,7 +935,8 @@ sink(int argc, char **argv) + size = size * 10 + (*cp++ - '0'); + if (*cp++ != ' ') + SCREWUP("size not delimited"); +- if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { ++ if (*cp == '\0' || strchr(cp, '/') != NULL || ++ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) { + run_err("error: unexpected filename: %s", cp); + exit(1); + }