The subject still says [meta-oe] while the patch is for oe-core, that might be what mislead Khem.
On Mon, Mar 29, 2021 at 5:04 PM Neetika.Singh <neetika.si...@kpit.com> wrote: > Hi Raj, > > I have verified locally and these changes are showing to me as up to date > on latest oe-core master branch. > > git log origin/master..HEAD > commit 1abebf8d3ce044609ae29d7dee7a9b268e510ebd > Author: Neetika Singh <neetika.si...@kpit.com> > Date: Fri Nov 20 18:35:15 2020 +0530 > > libcroco: Add fix for CVE-2020-12825 > > Added refreshed patch for CVE issue CVE-2020-12825 > Link: > https://gitlab.com/inkscape/inkscape/-/commit/203d62efefe6f79080863dda61593003b4c31f25 > > Signed-off-by: Neetika.Singh <neetika.si...@kpit.com> > > > Thanks & Regards, > Neetika Singh > Product Engineering Services (PES) > KPIT Technologies Limited > > > ------------------------------ > *From:* Khem Raj <raj.k...@gmail.com> > *Sent:* 29 March 2021 20:18 > *To:* Neetika Singh <neetika.si...@kpit.com> > *Cc:* Patches and discussions about the oe-core layer < > openembedded-core@lists.openembedded.org>; Nisha Parrakat < > nisha.parra...@kpit.com> > *Subject:* Re: [meta-oe][master][PATCH] libcroco: Add fix for > CVE-2020-12825 > > On Mon, Mar 29, 2021 at 7:42 AM Neetika.Singh <neetika.si...@kpit.com> > wrote: > > > > From: Neetika Singh <neetika.si...@kpit.com> > > > > Added refreshed patch for CVE issue CVE-2020-12825 > > Link: > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitlab.com%2Finkscape%2Finkscape%2F-%2Fcommit%2F203d62efefe6f79080863dda61593003b4c31f25&data=04%7C01%7CNeetika.Singh%40kpit.com%7C8e558ea4a71d4cec7dad08d8f2c1d822%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637526261735464157%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=OkTKj7JQfH35aD1GkovrszMEQxQVkATiTjdo6VpiCEk%3D&reserved=0 > > > > Signed-off-by: Neetika.Singh <neetika.si...@kpit.com> > > --- > > .../libcroco/libcroco/CVE-2020-12825.patch | 192 > +++++++++++++++++++++ > > meta/recipes-support/libcroco/libcroco_0.6.13.bb | 22 +++ > > 2 files changed, 214 insertions(+) > > create mode 100644 > meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > > create mode 100644 meta/recipes-support/libcroco/libcroco_0.6.13.bb > > libcroco is already there in oe-core, perhaps you can rebase this > patch on top of latest oe-core master branch and resend. > > > > > diff --git a/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > b/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > > new file mode 100644 > > index 0000000..f813ded > > --- /dev/null > > +++ b/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > > @@ -0,0 +1,192 @@ > > +From 203d62efefe6f79080863dda61593003b4c31f25 Mon Sep 17 00:00:00 2001 > > +From: Michael Catanzaro <mcatanz...@gnome.org> > > +Date: Thu, 13 Aug 2020 20:03:05 -0500 > > +Subject: [PATCH] libcroco parser: limit recursion in block and any > productions > > + > > +If we don't have any limits, we can recurse forever and overflow the > > +stack. > > + > > +This is for CVE-2020-12825: Stack overflow in cr_parser_parse_any_core > > +in cr-parser.c. > > + > > +Bug: > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitlab.gnome.org%2FArchive%2Flibcroco%2F-%2Fissues%2F8&data=04%7C01%7CNeetika.Singh%40kpit.com%7C8e558ea4a71d4cec7dad08d8f2c1d822%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637526261735464157%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=1JQbRwD7xiTrBT1%2F9Kx8Nop84lOd3JT5ImU7eOYAfiU%3D&reserved=0 > > +Patch from > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitlab.gnome.org%2FArchive%2Flibcroco%2F-%2Fmerge_requests%2F5&data=04%7C01%7CNeetika.Singh%40kpit.com%7C8e558ea4a71d4cec7dad08d8f2c1d822%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637526261735474152%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=7jcaMq8meYRVhbA4o%2BN0XZZ1Hxz0jxqg31jxZUVHIV4%3D&reserved=0 > > + > > +CVE: CVE-2020-12825 > > +Upstream Status: Backport [ > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitlab.com%2Finkscape%2Finkscape%2F-%2Fcommit%2F203d62efefe6f79080863dda61593003b4c31f25.patch&data=04%7C01%7CNeetika.Singh%40kpit.com%7C8e558ea4a71d4cec7dad08d8f2c1d822%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637526261735474152%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=HF%2FyBXMAOe4xpTBIMhyc25pEPaLSc2buc4ho910zbxk%3D&reserved=0 > ] > > + > > +Signed-off-by: Neetika Singh <neetika.si...@kpit.com> > > +--- > > + src/cr-parser.c | 44 ++++++++++++++++++++----------- > > + 1 file changed, 29 insertions(+), 15 deletions(-) > > + > > +diff --git a/src/cr-parser.c b/src/cr-parser.c > > +index d85e71f0fc..cd7b6ebd4a 100644 > > +--- a/src/cr-parser.c > > ++++ b/src/cr-parser.c > > +@@ -136,6 +136,8 @@ struct _CRParserPriv { > > + > > + #define CHARS_TAB_SIZE 12 > > + > > ++#define RECURSIVE_CALLERS_LIMIT 100 > > ++ > > + /** > > + * IS_NUM: > > + *@a_char: the char to test. > > +@@ -343,9 +345,11 @@ static enum CRStatus cr_parser_parse_selector_core > (CRParser * a_this); > > + > > + static enum CRStatus cr_parser_parse_declaration_core (CRParser * > a_this); > > + > > +-static enum CRStatus cr_parser_parse_any_core (CRParser * a_this); > > ++static enum CRStatus cr_parser_parse_any_core (CRParser * a_this, > > ++ guint n_calls); > > + > > +-static enum CRStatus cr_parser_parse_block_core (CRParser * a_this); > > ++static enum CRStatus cr_parser_parse_block_core (CRParser * a_this, > > ++ guint n_calls); > > + > > + static enum CRStatus cr_parser_parse_value_core (CRParser * a_this); > > + > > +@@ -783,7 +787,7 @@ cr_parser_parse_atrule_core (CRParser * a_this) > > + cr_parser_try_to_skip_spaces_and_comments (a_this); > > + > > + do { > > +- status = cr_parser_parse_any_core (a_this); > > ++ status = cr_parser_parse_any_core (a_this, 0); > > + } while (status == CR_OK); > > + > > + status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, > > +@@ -794,7 +798,7 @@ cr_parser_parse_atrule_core (CRParser * a_this) > > + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, > > + token); > > + token = NULL; > > +- status = cr_parser_parse_block_core (a_this); > > ++ status = cr_parser_parse_block_core (a_this, 0); > > + CHECK_PARSING_STATUS (status, > > + FALSE); > > + goto done; > > +@@ -929,11 +933,11 @@ cr_parser_parse_selector_core (CRParser * a_this) > > + > > + RECORD_INITIAL_POS (a_this, &init_pos); > > + > > +- status = cr_parser_parse_any_core (a_this); > > ++ status = cr_parser_parse_any_core (a_this, 0); > > + CHECK_PARSING_STATUS (status, FALSE); > > + > > + do { > > +- status = cr_parser_parse_any_core (a_this); > > ++ status = cr_parser_parse_any_core (a_this, 0); > > + > > + } while (status == CR_OK); > > + > > +@@ -955,10 +959,12 @@ cr_parser_parse_selector_core (CRParser * a_this) > > + *in chapter 4.1 of the css2 spec. > > + *block ::= '{' S* [ any | block | ATKEYWORD S* | ';' ]* '}' S*; > > + *@param a_this the current instance of #CRParser. > > ++ *@param n_calls used to limit recursion depth > > + *FIXME: code this function. > > + */ > > + static enum CRStatus > > +-cr_parser_parse_block_core (CRParser * a_this) > > ++cr_parser_parse_block_core (CRParser * a_this, > > ++ guint n_calls) > > + { > > + CRToken *token = NULL; > > + CRInputPos init_pos; > > +@@ -966,6 +972,9 @@ cr_parser_parse_block_core (CRParser * a_this) > > + > > + g_return_val_if_fail (a_this && PRIVATE (a_this), > CR_BAD_PARAM_ERROR); > > + > > ++ if (n_calls > RECURSIVE_CALLERS_LIMIT) > > ++ return CR_ERROR; > > ++ > > + RECORD_INITIAL_POS (a_this, &init_pos); > > + > > + status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, > &token); > > +@@ -995,13 +1004,13 @@ cr_parser_parse_block_core (CRParser * a_this) > > + } else if (token->type == CBO_TK) { > > + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token); > > + token = NULL; > > +- status = cr_parser_parse_block_core (a_this); > > ++ status = cr_parser_parse_block_core (a_this, n_calls + > 1); > > + CHECK_PARSING_STATUS (status, FALSE); > > + goto parse_block_content; > > + } else { > > + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token); > > + token = NULL; > > +- status = cr_parser_parse_any_core (a_this); > > ++ status = cr_parser_parse_any_core (a_this, n_calls + > 1); > > + CHECK_PARSING_STATUS (status, FALSE); > > + goto parse_block_content; > > + } > > +@@ -1108,7 +1117,7 @@ cr_parser_parse_value_core (CRParser * a_this) > > + status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, > > + token); > > + token = NULL; > > +- status = cr_parser_parse_block_core (a_this); > > ++ status = cr_parser_parse_block_core (a_this, 0); > > + CHECK_PARSING_STATUS (status, FALSE); > > + ref++; > > + goto continue_parsing; > > +@@ -1122,7 +1131,7 @@ cr_parser_parse_value_core (CRParser * a_this) > > + status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, > > + token); > > + token = NULL; > > +- status = cr_parser_parse_any_core (a_this); > > ++ status = cr_parser_parse_any_core (a_this, 0); > > + if (status == CR_OK) { > > + ref++; > > + goto continue_parsing; > > +@@ -1162,10 +1162,12 @@ > > + * | FUNCTION | DASHMATCH | '(' any* ')' | '[' any* ']' ] S*; > > + * > > + *@param a_this the current instance of #CRParser. > > ++ *@param n_calls used to limit recursion depth > > + *@return CR_OK upon successfull completion, an error code otherwise. > > + */ > > + static enum CRStatus > > +-cr_parser_parse_any_core (CRParser * a_this) > > ++cr_parser_parse_any_core (CRParser * a_this, > > ++ guint n_calls) > > + { > > + CRToken *token1 = NULL, > > + *token2 = NULL; > > +@@ -1173,6 +1184,9 @@ cr_parser_parse_any_core (CRParser * a_this) > > + > > + g_return_val_if_fail (a_this, CR_BAD_PARAM_ERROR); > > + > > ++ if (n_calls > RECURSIVE_CALLERS_LIMIT) > > ++ return CR_ERROR; > > ++ > > + RECORD_INITIAL_POS (a_this, &init_pos); > > + > > + status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, > &token1); > > +@@ -1211,7 +1225,7 @@ cr_parser_parse_any_core (CRParser * a_this) > > + *We consider parameter as being an "any*" production. > > + */ > > + do { > > +- status = cr_parser_parse_any_core (a_this); > > ++ status = cr_parser_parse_any_core (a_this, > n_calls + 1); > > + } while (status == CR_OK); > > + > > + ENSURE_PARSING_COND (status == CR_PARSING_ERROR); > > +@@ -1236,7 +1250,7 @@ cr_parser_parse_any_core (CRParser * a_this) > > + } > > + > > + do { > > +- status = cr_parser_parse_any_core (a_this); > > ++ status = cr_parser_parse_any_core (a_this, > n_calls + 1); > > + } while (status == CR_OK); > > + > > + ENSURE_PARSING_COND (status == CR_PARSING_ERROR); > > +@@ -1264,7 +1278,7 @@ cr_parser_parse_any_core (CRParser * a_this) > > + } > > + > > + do { > > +- status = cr_parser_parse_any_core (a_this); > > ++ status = cr_parser_parse_any_core (a_this, > n_calls + 1); > > + } while (status == CR_OK); > > + > > + ENSURE_PARSING_COND (status == CR_PARSING_ERROR); > > +-- > > +GitLab > > diff --git a/meta/recipes-support/libcroco/libcroco_0.6.13.bb > b/meta/recipes-support/libcroco/libcroco_0.6.13.bb > > new file mode 100644 > > index 0000000..fd5927e > > --- /dev/null > > +++ b/meta/recipes-support/libcroco/libcroco_0.6.13.bb > > @@ -0,0 +1,22 @@ > > +SUMMARY = "Cascading Style Sheet (CSS) parsing and manipulation toolkit" > > +HOMEPAGE = " > https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.gnome.org%2F&data=04%7C01%7CNeetika.Singh%40kpit.com%7C8e558ea4a71d4cec7dad08d8f2c1d822%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637526261735474152%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Z9wmwFLA%2BuBT243Dv5a666ng67OAfytEYyAVv3sn4GA%3D&reserved=0 > " > > +BUGTRACKER = " > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.gnome.org%2F&data=04%7C01%7CNeetika.Singh%40kpit.com%7C8e558ea4a71d4cec7dad08d8f2c1d822%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C637526261735474152%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ynFHfdJS8RUpg8kqJOBlTsQPz3%2FxMvoBgBiVMLAC0u4%3D&reserved=0 > " > > + > > +LICENSE = "LGPLv2 & LGPLv2.1" > > +LIC_FILES_CHKSUM = "file://COPYING;md5=55ca817ccb7d5b5b66355690e9abc605 > \ > > + > file://src/cr-rgb.c;endline=22;md5=31d5f0944d556c8589d04ea6055fcc66 \ > > + > file://tests/cr-test-utils.c;endline=21;md5=2382c27934cae1d3792fcb17a6142c4e > " > > + > > +SECTION = "x11/utils" > > +DEPENDS = "glib-2.0 libxml2 zlib" > > +BBCLASSEXTEND = "native nativesdk" > > +EXTRA_OECONF += "--enable-Bsymbolic=auto" > > + > > +BINCONFIG = "${bindir}/croco-0.6-config" > > + > > +inherit gnomebase gtk-doc binconfig-disabled > > + > > +SRC_URI += "file://CVE-2020-12825.patch" > > + > > +SRC_URI[archive.md5sum] = "c80c5a8385011a0260dce6bd0da93dce" > > +SRC_URI[archive.sha256sum] = > "767ec234ae7aa684695b3a735548224888132e063f92db585759b422570621d4" > > -- > > 2.7.4 > > > > This message contains information that may be privileged or confidential > and is the property of the KPIT Technologies Ltd. It is intended only for > the person to whom it is addressed. If you are not the intended recipient, > you are not authorized to read, print, retain copy, disseminate, > distribute, or use this message or any part thereof. If you receive this > message in error, please notify the sender immediately and delete all > copies of this message. KPIT Technologies Ltd. does not accept any > liability for virus infected mails. > This message contains information that may be privileged or confidential > and is the property of the KPIT Technologies Ltd. It is intended only for > the person to whom it is addressed. If you are not the intended recipient, > you are not authorized to read, print, retain copy, disseminate, > distribute, or use this message or any part thereof. If you receive this > message in error, please notify the sender immediately and delete all > copies of this message. KPIT Technologies Ltd. does not accept any > liability for virus infected mails. > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#150049): https://lists.openembedded.org/g/openembedded-core/message/150049 Mute This Topic: https://lists.openembedded.org/mt/81697834/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
