From patchwork Thu Mar 21 12:31:36 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 160782 Delivered-To: patch@linaro.org Received: by 2002:a02:c6d8:0:0:0:0:0 with SMTP id r24csp744147jan; Thu, 21 Mar 2019 05:31:41 -0700 (PDT) X-Google-Smtp-Source: APXvYqz5OYF4dY8JZAM1Wfzcx/TM/MS9dygMNEmGvfHxVsr/CejAMaZECM9YoQbw9Pr1gFMneHpI X-Received: by 2002:a17:902:1102:: with SMTP id d2mr3141195pla.329.1553171501445; Thu, 21 Mar 2019 05:31:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553171501; cv=none; d=google.com; s=arc-20160816; b=K71DMAZjEp+6igo6FpSb88nBEtBWNjnrxOzieUKJ30OxkDoOkcpfk/uL2S0nGD7fki m2cDw6Yt3HtovfC1kbDATNfbuhJEBRiLycmMkyufIZF7auUTCzlGk4UAOWqLoM8A2kp7 id67V/4UrGMQvYbGeinRXIXJbYiG9hc6mJ5fAqBSPxfUEQWznJA0cv+68Th0Z3O3gMYS Ec7SUfM/ro4ZLmcNleh/2ZMkTQXTxHOA2AS2sI/sN9Vwx9GHROa5MIBXjpvAEblZyGd3 TDZjXS69YNsQ7lqON5GhAVh3t1JZRPu2mClgLAEs7l9jPP/zUJpxoWHC7K3YmlANPwuz hX1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:message-id:date:to:from:dkim-signature :delivered-to; bh=qS7gL6CFW3zuUUii1cPJYsseymmLMgUKjKojDC+Jnfw=; b=wz99LcLFNjprsX6QHhkxC8jM80oTQd5k6htvMw1HRC/pyIrJf35UERO+TvSz0r5CJS yVf8oo3twzZPqSmuFn93iew8bh6Pzc2p02mz7CwFX51hdT8XueNgTLM1phktiBS/zzgO 7HrTx7CtiHskWuNa+rtsfrOYZIPZTNLAGHa6eIX4QuBJUqybARtpUO0Z5Sdl6ADXBzyd /7YwrB4EzTcA2akS7Oenh8Bd6Oyks/uneRVV+wz+FMwewOwJuXS3McTQPmd5Z/CDpgNx VxVcOrQs6s9QzoXdyPqrciF63lgVfQIMMVE76+pIf79ctdXWok30cGvDg99HJpuYGi9e I15g== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=GOVRAoUQ; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id s14si4016228pgs.98.2019.03.21.05.31.41; Thu, 21 Mar 2019 05:31:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=GOVRAoUQ; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 448987CF4A; Thu, 21 Mar 2019 12:31:39 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-wm1-f68.google.com (mail-wm1-f68.google.com [209.85.128.68]) by mail.openembedded.org (Postfix) with ESMTP id AA0B77CEA2 for ; Thu, 21 Mar 2019 12:31:38 +0000 (UTC) Received: by mail-wm1-f68.google.com with SMTP id h18so2509898wml.1 for ; Thu, 21 Mar 2019 05:31:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id; bh=R4qNOEVoiI75ayWRVQC/gC4e1zrzMHr2O9X7394eP6I=; b=GOVRAoUQTp+Kf/Vp8dTQ3RdKqeZBwgzMG3KwchHHmCrp25GQ3oHvsl2DAS64Oxhvfx Ur161wT/lPfWb0wW0hLUQPbjkGutB6IotIU/Mlk8V2SEBZb5rhzwrrqxCBtMrB3a7x3M cbc83Kps9GX7vqTxUlLQMY9qK0UY4jaTL/Cx6vYLwgA9rLOGCzn3lB7qpLbV8SOdlIYO TqLQe3cIBMRFkDUQ/fSC3/lcPFAn4FZMIqV0mV/R1xAY/YDwyV76BEqk26JgEprxyOMw AE1DSKIz/ngkYo/OlVO2QGif4o0zgmOwoji8suyYYGwJQMlrDhI+Ap+1Za2QbylLdpSo klpw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=R4qNOEVoiI75ayWRVQC/gC4e1zrzMHr2O9X7394eP6I=; b=UfLBZsQ0Wmnl2I3nK7v3toPYSBh66vxwZDwiSyfJHkkKz+9qUukELNZVCHF57YG4CN VihxfFzKNFXSd+jIn7rN4By8RqgwypAC/uyRz8VNeSL8WuZW7hnwyIkGt+KtCvGSJYbf sPXExZZMA8QM/NHE1cjbLia3zM7pqs+OmyhwUWd9nBTLgbRXkzSHHedLxIo8ROpQu/YK OFZTWWM4dBt/ZwjhdvQKoedBEenf3M1Xp4s8HrQRgQn3fBy8Y7/MP+m8oovache/iE0m g5v/VpFevBEYBoqZdN/TGTxOCRE7FiLRsNUk5PTbILPdxJgr2MbCMgY4IjBGnwrCVhgI wYRQ== X-Gm-Message-State: APjAAAVz7ursZb92qvSPG/i4j7po/5mmqKN1+7rY7YsyBdJvIIB9baXA q7qdg7SXhYKQXIeoXBObNYBRn8YFMH0= X-Received: by 2002:a7b:c92b:: with SMTP id h11mr2331192wml.33.1553171499193; Thu, 21 Mar 2019 05:31:39 -0700 (PDT) Received: from flashheart.burtonini.com (35.106.2.81.in-addr.arpa. [81.2.106.35]) by smtp.gmail.com with ESMTPSA id d11sm3732939wmb.19.2019.03.21.05.31.38 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 21 Mar 2019 05:31:38 -0700 (PDT) From: Ross Burton To: openembedded-core@lists.openembedded.org Date: Thu, 21 Mar 2019 12:31:36 +0000 Message-Id: <20190321123136.3178-1-ross.burton@intel.com> X-Mailer: git-send-email 2.11.0 Subject: [OE-core] [PATCH] libcroco: fix CVE-2017-7961 X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org Signed-off-by: Ross Burton --- .../libcroco/libcroco/CVE-2017-7961.patch | 45 ++++++++++++++++++++++ meta/recipes-support/libcroco/libcroco_0.6.12.bb | 4 +- 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-support/libcroco/libcroco/CVE-2017-7961.patch -- 2.11.0 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-support/libcroco/libcroco/CVE-2017-7961.patch b/meta/recipes-support/libcroco/libcroco/CVE-2017-7961.patch new file mode 100644 index 00000000000..35471ec7ee3 --- /dev/null +++ b/meta/recipes-support/libcroco/libcroco/CVE-2017-7961.patch @@ -0,0 +1,45 @@ +CVE: CVE-2017-7961 +Upstream-Status: Backport +Signed-off-by: Ross Burton + +From 9ad72875e9f08e4c519ef63d44cdbd94aa9504f7 Mon Sep 17 00:00:00 2001 +From: Ignacio Casal Quinteiro +Date: Sun, 16 Apr 2017 13:56:09 +0200 +Subject: [PATCH] tknzr: support only max long rgb values + +This fixes a possible out of bound when reading rgbs which +are longer than the support MAXLONG +--- + src/cr-tknzr.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/cr-tknzr.c b/src/cr-tknzr.c +index 1a7cfeb..1548c35 100644 +--- a/src/cr-tknzr.c ++++ b/src/cr-tknzr.c +@@ -1279,6 +1279,11 @@ cr_tknzr_parse_rgb (CRTknzr * a_this, CRRgb ** a_rgb) + status = cr_tknzr_parse_num (a_this, &num); + ENSURE_PARSING_COND ((status == CR_OK) && (num != NULL)); + ++ if (num->val > G_MAXLONG) { ++ status = CR_PARSING_ERROR; ++ goto error; ++ } ++ + red = num->val; + cr_num_destroy (num); + num = NULL; +@@ -1298,6 +1303,11 @@ cr_tknzr_parse_rgb (CRTknzr * a_this, CRRgb ** a_rgb) + status = cr_tknzr_parse_num (a_this, &num); + ENSURE_PARSING_COND ((status == CR_OK) && (num != NULL)); + ++ if (num->val > G_MAXLONG) { ++ status = CR_PARSING_ERROR; ++ goto error; ++ } ++ + PEEK_BYTE (a_this, 1, &next_bytes[0]); + if (next_bytes[0] == '%') { + SKIP_CHARS (a_this, 1); +-- +2.18.1 diff --git a/meta/recipes-support/libcroco/libcroco_0.6.12.bb b/meta/recipes-support/libcroco/libcroco_0.6.12.bb index 5b962ee738d..f95a583134c 100644 --- a/meta/recipes-support/libcroco/libcroco_0.6.12.bb +++ b/meta/recipes-support/libcroco/libcroco_0.6.12.bb @@ -16,7 +16,9 @@ BINCONFIG = "${bindir}/croco-0.6-config" inherit gnomebase gtk-doc binconfig-disabled -SRC_URI += "file://CVE-2017-7960.patch" +SRC_URI += "file://CVE-2017-7960.patch \ + file://CVE-2017-7961.patch \ + " SRC_URI[archive.md5sum] = "bc0984fce078ba2ce29f9500c6b9ddce" SRC_URI[archive.sha256sum] = "ddc4b5546c9fb4280a5017e2707fbd4839034ed1aba5b7d4372212f34f84f860"