From patchwork Fri Nov 4 15:37:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ranjitsinh Rathod X-Patchwork-Id: 14824 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A5072C433FE for ; Fri, 4 Nov 2022 15:37:41 +0000 (UTC) Received: from IND01-BMX-obe.outbound.protection.outlook.com (IND01-BMX-obe.outbound.protection.outlook.com [40.107.239.50]) by mx.groups.io with SMTP id smtpd.web10.12851.1667576254046229982 for ; Fri, 04 Nov 2022 08:37:35 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@kpit.com header.s=selector1 header.b=jYI5HtQ7; spf=pass (domain: kpit.com, ip: 40.107.239.50, mailfrom: ranjitsinh.rathod@kpit.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HSFFXXqdyM9gXh301uiRwAYCFy4VEM1CVa7WGxaHIluXAAGGwfRHOmWfE+CwlBi3w5Pegv6n+ycynaHMd4dhfhkN5B++cUPs8tRHjaxxYwL3C/vtXNTE4t0wuph5NSToQG5HM+yn7OkMxEYvUKDEID8mOShczTF8CU7BS5KwjiKzQCFCoqX5zj2qXYoYuhOelf7+1pHfxDvSDyuXJjkpcdqARqFSxiNx6vcimIb8g0vZM6CdBxXn9DWXT9Eb8aXn9FcaegdMiMdXKuGL01QoJHxbDQPUBcbiigQ1JycAH3zDAGJg1xV8mbQs84xNj0+SkGR0h0U8li6Ne6dfUaxvgw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OoKMEN75BQdtZWcIkR+DwEiVK9iKwJYjPNBOEOjsaA0=; b=M7yYJFtA4FyxvKU7i1k0b5IdP064CVhoHQMH25/qOlOZLf8tNqQ2uFKFUixSgVanJQKG39JRfK9B72RioEuFyXy0p3oXXSiMf9vyyM8UpDJutpf1qGZ1lhmgAQW9XWwEzPBr7UyOQ4h6MgaT9RbbjjuYEbIxqib3eYA2YgE82kBNhQ5AXNZ7cKAgI2sUNaaRUC8cNIZFgXcIW4Xx1XIlLlUtmiAZ70tPgxzgI6Ix3FXZumnRqfhfVaE+645B6zzdVamR0sqaGBOSVvjPkRy/qXXx/QFSNhtedIazdw/Mx1tLEAKRlFW95RCXtGW1mPOczzKOfXED8VXntlb8m2eJJg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=kpit.com; dmarc=pass action=none header.from=kpit.com; dkim=pass header.d=kpit.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kpit.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OoKMEN75BQdtZWcIkR+DwEiVK9iKwJYjPNBOEOjsaA0=; b=jYI5HtQ7vWoQRslepC9I+eIiKjoEAXz+IY+2GiuyIM9cm6nYBC6eNDyaN9e8oXTy6vPYdf6YbMcLFMDVv8hhYXafeQdKD26oCPBnp7iqG6+QEsUj83ZZo97brUQKacY4EOaNWuZvRcR8u1T9e0oK6PN8tZLLeXdkqfQNkB+Q44c= Received: from PN3PR01MB7382.INDPRD01.PROD.OUTLOOK.COM (2603:1096:c01:8d::14) by MAZPR01MB7311.INDPRD01.PROD.OUTLOOK.COM (2603:1096:a01:46::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5791.22; Fri, 4 Nov 2022 15:37:27 +0000 Received: from PN3PR01MB7382.INDPRD01.PROD.OUTLOOK.COM ([fe80::44e1:963f:1c4a:577e]) by PN3PR01MB7382.INDPRD01.PROD.OUTLOOK.COM ([fe80::44e1:963f:1c4a:577e%9]) with mapi id 15.20.5791.022; Fri, 4 Nov 2022 15:37:27 +0000 From: Ranjitsinh Rathod To: "Openembedded-core@lists.openembedded.org" , Steve Sakoman Subject: [OE-Core][dunfell][PATCH] expat: Fix CVE-2022-43680 for expat Thread-Topic: [OE-Core][dunfell][PATCH] expat: Fix CVE-2022-43680 for expat Thread-Index: AQHY8GMWH7sv6AbPckKOmnNnavJlwA== Date: Fri, 4 Nov 2022 15:37:26 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: msip_labels: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=kpit.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PN3PR01MB7382:EE_|MAZPR01MB7311:EE_ x-ms-office365-filtering-correlation-id: 1d363999-9ddf-4ef5-0f6c-08dabe7a79b5 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: nLTD/Y0jZLw0G3CZC9QTIiyejxE3PLpg4teq+qN0EzmRLJCbv8Nc+Ga8pqzBG3iogEHRQNx6q8rMahgtnxoyIlNO4rZ4/yWwDwXy2ypzm5xuZNTdjEsHywetWpMpzMCv525Eh48XWugGoqGc5izm15mAz4m4kGXEP9Yac/Hg3pnD8TZDl4qRoj+4jlCqy26ETc4ij0Qz/sewZt4rr+lcfDc/4pgG9gYReo+JsF08UzAyUSaEa3u0/UT22nEKhuBsZM5A+Hvgtfd1r95b8dyyscvDserQvATOTolMl6nutsf4X1v/ne3N6orbr+i4kzMO77is4FH9jzlaidQptnhcRAFs5Mnk350bufpGWfTzRdoWeJTwMrzMBsFDF/rwAWnO3KmGXyLF4uXFm+GmjNxNiU7S2cj0P4l/D6dv6lAYNUQfDtWLoSfvT3fD15UVTrsTMqxdsupNlezDklNJGDNsVogfca/A3nSxXvbW4lxvig6F9qj7QzQolTwWXEvq99fMh5XwIlsGKpxxMw1QfVxEe3ZdJXwcNM+lu0vsqTkacltSOyrrnV1qFOo8b1/PeLpzr9yQrKl/RSm7mKYZEyhE89XWh96AnP6Ad6CRVh504uegXdYkrpBXcRZZiu9MFVmsMMJ6QV+j0J3E2FXgOlqusWEb6muNAzICNbyUMaL64u03D+VD/nTXs6QHl1RK7X6xGyJ0A9/aioWpmRWmlbaWUzszSDC4fdLplEijipmvSWYnXn99fEWFiNXMCOYp/TKbfxILlYMTeak62lxLR06tewyrgG3q8kjyKSXnTZQ/vbMfKeiWz7CKZqfQCXC3kmGe0S0OSfF1gcnKwMv6olqn7Q== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PN3PR01MB7382.INDPRD01.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230022)(4636009)(39860400002)(366004)(346002)(136003)(396003)(376002)(451199015)(166002)(86362001)(52536014)(33656002)(55016003)(9686003)(38070700005)(7066003)(76116006)(8676002)(64756008)(66446008)(66556008)(41300700001)(66946007)(66476007)(26005)(186003)(7696005)(4744005)(45080400002)(8936002)(71200400001)(91956017)(478600001)(6506007)(5660300002)(316002)(122000001)(99936003)(38100700002)(110136005)(66574015)(2906002)(83380400001)(19627405001);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?q?xmQ6aXR9JWzAXooFyxoX2mI?= =?iso-8859-1?q?Ej0WrQJkJ73acW5P96w9g2qmC0CQPOYnYJuMpOivrQvV5yoNQVGR+mVsQVSb?= =?iso-8859-1?q?h0y2KDqE8XEIJw0ARrQHJ25J0j8ptdBwDRjXqmWSnASx9OXGdOHhR38qhXU7?= =?iso-8859-1?q?9gbezuXXWnAsEuYzCGH/7MkZ5//0RxdViBNJ+VA6sfsWfX71xCGUZkYWzL4o?= =?iso-8859-1?q?ePB65bWGwFLginexKa6XLrPqcdafD+JxHQpy5uoeaIAhJtTbnuSY/8OONinv?= =?iso-8859-1?q?xq4L0YfoTmpBBVWWO8MveuLW9GFtVE9aYLSX6vBEXaIowg8fafUFPSulXKPV?= =?iso-8859-1?q?oqBIoLm0f7jjSqid/38XKnupcnT+bfT1WLMMsgl6k2o+GeLGbtR2DaLl3ScE?= =?iso-8859-1?q?KIbgxQAuoKIL5DdRNwuZ7FaU60yypRH0jQg6+2zVAz38oD+ZVHlWSnuywHyI?= =?iso-8859-1?q?NlUJDX4pWaA8N2+L77eDlE2w2yc3VPWl591xL9UnSy1nrQfJn11TBw6ndCJc?= =?iso-8859-1?q?zLXd/zxJyBIB85FWHIMAwnF6ktFARBiNUHtgBcMN1s1jurkSoSMMCSZB5L5F?= =?iso-8859-1?q?0s1lt8cMgY1DBQy7ZStkTjlD4Y+8fe3VTu7HM8gOFvhg1s27gQpxsadmJx+t?= =?iso-8859-1?q?o301HwG9P/ZM5gQo/vNPS3l6LnwFLHJUPKs/Dl2AT0To3hdR8JfVV4EFyAYF?= =?iso-8859-1?q?kLSMDEYKYxGNwKfknRDo9r/xIXuLHAEhAhFSh2dZ6kxT3QrElAg5sdDyZkHJ?= =?iso-8859-1?q?Wy17GkA/UApP09OxDhMrUojyaqwxy5E6aRRgMNJr4E05Z9pGE29MYXEWfs1u?= =?iso-8859-1?q?XVsdbxC8VDKnVfifxRlYheVX/3iJzTgqzaOyTsD2RS9SSeFSiEc/7vE4v9n/?= =?iso-8859-1?q?sKPBJW2oDZRuACsMZYowge+xLsZQZgWeMjkZMZN0vopNA/BPxpqy76Imt3Uq?= =?iso-8859-1?q?wq9ExOD8qrzibd9SRL+zqjzpXPUDu6r4/N4do8OBNJqQ/ZYXU01KItoYSkfm?= =?iso-8859-1?q?T2Zke/xx74By5vqdCtzDQjShFDLBn1Fy0GZwyQEhx3xdYJQKSGQ3+EGuKpJN?= =?iso-8859-1?q?M9K/+Ro6emmedP056nAe5NpY0tW50CX40/jA0jaedPURAp4H0Ywyv/T6cRB7?= =?iso-8859-1?q?aNT3JsXV9gbVU3ju+U6E1XpSifcG3oWa1TD0hjwUPyHW9jixsvKznD6e482d?= =?iso-8859-1?q?oRs776Jpusodjom9kFczdVrMoAyKbkQ3e4aULpU4XvgNgL1e7VcwMnducwc+?= =?iso-8859-1?q?WnDp82KMIxGN6Q5+G5OKbNSckEMywcwYh693QRBqtpZIP20UaHEB1DHdJeHh?= =?iso-8859-1?q?g6i9gFMOfIlLfuI7pQ2JhamHNPiXEl6/W45RsZGvyhwyruAETXvXLcFExb7r?= =?iso-8859-1?q?J5YMvDWLbLQP6qvhgED+JBahYDJfao16O1xBOPfZOnk0WewQfz6AQmSpFDS+?= =?iso-8859-1?q?yOY8HsQAnSQ74BK2Pi+o3XGntrWtZBm1ESrouWLfGO10o3BU+KVspa1B5gmV?= =?iso-8859-1?q?J6ufoJ1Xlqu5W18K6jPjxxcnyNgjYEUxfiOtcgPZPoFY9BVgm9sgh40lBT0j?= =?iso-8859-1?q?1nfAwQyLkEUjtWnCWvXHWbHng0a6jlq/ZnnajGxCxSFsNsMHmOUtd80lHUw2?= =?iso-8859-1?q?LnnIiWG68QZkTzfFF?= MIME-Version: 1.0 X-OriginatorOrg: kpit.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PN3PR01MB7382.INDPRD01.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 1d363999-9ddf-4ef5-0f6c-08dabe7a79b5 X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Nov 2022 15:37:26.2918 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3539451e-b46e-4a26-a242-ff61502855c7 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: oJtPO38W0JgESOtMQhMyY3l0z0UvTja8zP3u5RhGUm7sKpJVwReVl94u6f7q9LgN/cLVkGdxWpnJwD6d1fJzKQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MAZPR01MB7311 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 04 Nov 2022 15:37:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/172720 Hi Steve, I still not figured out why sending patch is corrupting from my company's domain and so attaching patch here in the email. Thanks, Best Regards, Ranjitsinh Rathod Technical Leader | | KPIT Technologies Ltd. Cellphone: +91-84606 92403 From 151c6079af710b75ed9fb4c1ebfd8e881511864f Mon Sep 17 00:00:00 2001 From: Ranjitsinh Rathod Date: Thu, 3 Nov 2022 10:43:20 +0530 Subject: [PATCH] expat: Fix CVE-2022-43680 for expat Add a patch to fix CVE-2022-43680 issue where use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations Link: https://nvd.nist.gov/vuln/detail/CVE-2022-43680 Signed-off-by: Ranjitsinh Rathod --- .../expat/expat/CVE-2022-43680.patch | 33 +++++++++++++++++++ meta/recipes-core/expat/expat_2.2.9.bb | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta/recipes-core/expat/expat/CVE-2022-43680.patch diff --git a/meta/recipes-core/expat/expat/CVE-2022-43680.patch b/meta/recipes-core/expat/expat/CVE-2022-43680.patch new file mode 100644 index 0000000000..6f93bc3ed7 --- /dev/null +++ b/meta/recipes-core/expat/expat/CVE-2022-43680.patch @@ -0,0 +1,33 @@ +From 5290462a7ea1278a8d5c0d5b2860d4e244f997e4 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping +Date: Tue, 20 Sep 2022 02:44:34 +0200 +Subject: [PATCH] lib: Fix overeager DTD destruction in + XML_ExternalEntityParserCreate + +CVE: CVE-2022-43680 +Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/5290462a7ea1278a8d5c0d5b2860d4e244f997e4.patch] +Signed-off-by: Ranjitsinh Rathod +Comments: Hunk refreshed +--- + lib/xmlparse.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/lib/xmlparse.c b/lib/xmlparse.c +index aacd6e7fc..57bf103cc 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -1035,6 +1035,14 @@ parserCreate(const XML_Char *encodingNam + parserInit(parser, encodingName); + + if (encodingName && ! parser->m_protocolEncodingName) { ++ if (dtd) { ++ // We need to stop the upcoming call to XML_ParserFree from happily ++ // destroying parser->m_dtd because the DTD is shared with the parent ++ // parser and the only guard that keeps XML_ParserFree from destroying ++ // parser->m_dtd is parser->m_isParamEntity but it will be set to ++ // XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all). ++ parser->m_dtd = NULL; ++ } + XML_ParserFree(parser); + return NULL; + } diff --git a/meta/recipes-core/expat/expat_2.2.9.bb b/meta/recipes-core/expat/expat_2.2.9.bb index 578edfcbff..8a5006e59a 100644 --- a/meta/recipes-core/expat/expat_2.2.9.bb +++ b/meta/recipes-core/expat/expat_2.2.9.bb @@ -21,6 +21,7 @@ SRC_URI = "git://github.com/libexpat/libexpat.git;protocol=https;branch=master \ file://CVE-2022-25315.patch \ file://libtool-tag.patch \ file://CVE-2022-40674.patch \ + file://CVE-2022-43680.patch \ " SRCREV = "a7bc26b69768f7fb24f0c7976fae24b157b85b13" -- 2.25.1