Re: [OE-core][dunfell][PATCH v2] go: Backport fix for CVE-2023-45287
V2 also has issues, as flagged by patchtest and my local testing: Applying: go: Backport fix for CVE-2023-45287 error: corrupt patch at line 2273 error: could not build fake ancestor Patch failed at 0001 go: Backport fix for CVE-2023-45287 Steve On Thu, Jan 4, 2024 at 9:33 PM Vijay Anusuri via lists.openembedded.org wrote: > > From: Vijay Anusuri > > Upstream-Status: Backport > [https://github.com/golang/go/commit/9baafabac9a84813a336f068862207d2bb06d255 > & > https://github.com/golang/go/commit/c9d5f60eaa4450ccf1ce878d55b4c6a12843f2f3 > & > https://github.com/golang/go/commit/8f676144ad7b7c91adb0c6e1ec89aaa6283c6807 > & > https://github.com/golang/go/commit/8a81fdf165facdcefa06531de5af98a4db343035] > > Signed-off-by: Vijay Anusuri > --- > meta/recipes-devtools/go/go-1.14.inc |4 + > .../go/go-1.14/CVE-2023-45287-pre1.patch | 393 > .../go/go-1.14/CVE-2023-45287-pre2.patch | 401 > .../go/go-1.14/CVE-2023-45287-pre3.patch | 86 + > .../go/go-1.14/CVE-2023-45287.patch | 1697 + > 5 files changed, 2581 insertions(+) > create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre1.patch > create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre2.patch > create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre3.patch > create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287.patch > > diff --git a/meta/recipes-devtools/go/go-1.14.inc > b/meta/recipes-devtools/go/go-1.14.inc > index b827a3606d..42a9ac8435 100644 > --- a/meta/recipes-devtools/go/go-1.14.inc > +++ b/meta/recipes-devtools/go/go-1.14.inc > @@ -83,6 +83,10 @@ SRC_URI += "\ > file://CVE-2023-39318.patch \ > file://CVE-2023-39319.patch \ > file://CVE-2023-39326.patch \ > +file://CVE-2023-45287-pre1.patch \ > +file://CVE-2023-45287-pre2.patch \ > +file://CVE-2023-45287-pre3.patch \ > +file://CVE-2023-45287.patch \ > " > > SRC_URI_append_libc-musl = " > file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" > diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre1.patch > b/meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre1.patch > new file mode 100644 > index 00..4d65180253 > --- /dev/null > +++ b/meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre1.patch > @@ -0,0 +1,393 @@ > +From 9baafabac9a84813a336f068862207d2bb06d255 Mon Sep 17 00:00:00 2001 > +From: Filippo Valsorda > +Date: Wed, 1 Apr 2020 17:25:40 -0400 > +Subject: [PATCH] crypto/rsa: refactor RSA-PSS signing and verification > + > +Cleaned up for readability and consistency. > + > +There is one tiny behavioral change: when PSSSaltLengthEqualsHash is > +used and both hash and opts.Hash were set, hash.Size() was used for the > +salt length instead of opts.Hash.Size(). That's clearly wrong because > +opts.Hash is documented to override hash. > + > +Change-Id: I3e25dad933961eac827c6d2e3bbfe45fc5a6fb0e > +Reviewed-on: https://go-review.googlesource.com/c/go/+/226937 > +Run-TryBot: Filippo Valsorda > +TryBot-Result: Gobot Gobot > +Reviewed-by: Katie Hockman > + > +Upstream-Status: Backport > [https://github.com/golang/go/commit/9baafabac9a84813a336f068862207d2bb06d255] > +CVE: CVE-2023-45287 #Dependency Patch1 > +Signed-off-by: Vijay Anusuri > +--- > + src/crypto/rsa/pss.go | 173 ++ > + src/crypto/rsa/rsa.go | 9 ++- > + 2 files changed, 96 insertions(+), 86 deletions(-) > + > +diff --git a/src/crypto/rsa/pss.go b/src/crypto/rsa/pss.go > +index 3ff0c2f4d0076..f9844d87329a8 100644 > +--- a/src/crypto/rsa/pss.go > b/src/crypto/rsa/pss.go > +@@ -4,9 +4,7 @@ > + > + package rsa > + > +-// This file implements the PSS signature scheme [1]. > +-// > +-// [1] > https://www.emc.com/collateral/white-papers/h11300-pkcs-1v2-2-rsa-cryptography-standard-wp.pdf > ++// This file implements the RSASSA-PSS signature scheme according to RFC > 8017. > + > + import ( > + "bytes" > +@@ -17,8 +15,22 @@ import ( > + "math/big" > + ) > + > ++// Per RFC 8017, Section 9.1 > ++// > ++// EM = MGF1 xor DB || H( 8*0x00 || mHash || salt ) || 0xbc > ++// > ++// where > ++// > ++// DB = PS || 0x01 || salt > ++// > ++// and PS can be empty so > ++// > ++// emLen = dbLen + hLen + 1 = psLen + sLen + hLen + 2 > ++// > ++ > + func emsaPSSEncode(mHash []byte, emBits int, salt []byte, hash hash.Hash) > ([]byte, error) { > +- // See [1], section 9.1.1 > ++ // See RFC 8017, Section 9.1.1. > ++ > + hLen := hash.Size() > + sLen := len(salt) > + emLen := (emBits + 7) / 8 > +@@ -30,7 +42,7 @@ func emsaPSSEncode(mHash []byte, emBits int, salt []byte, > hash hash.Hash) ([]byt > + // 2. Let mHash = Hash(M), an octet string of length hLen. > + > + if len(mHash) != hLen { > +- return nil, errors.New("crypto/rsa: input must be hashed > message") > ++ return nil, errors.New("crypto/rsa: input must be hashed with >
Patchtest results for [OE-core][dunfell][PATCH v2] go: Backport fix for CVE-2023-45287
Thank you for your submission. Patchtest identified one or more issues with the patch. Please see the log below for more information: --- Testing patch /home/patchtest/share/mboxes/dunfell-v2-go-Backport-fix-for-CVE-2023-45287.patch FAIL: test mbox format: Series has malformed diff lines. Create the series again using git-format-patch and ensure it applies using git am (test_mbox.TestMbox.test_mbox_format) PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence) PASS: test author valid (test_mbox.TestMbox.test_author_valid) PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence) PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade) PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format) PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length) PASS: test target mailing list (test_mbox.TestMbox.test_target_mailing_list) SKIP: test CVE tag format: Parse error Hunk is shorter than expected (test_patch.TestPatch.test_cve_tag_format) SKIP: test Signed-off-by presence: Parse error Hunk is shorter than expected (test_patch.TestPatch.test_signed_off_by_presence) SKIP: test Upstream-Status presence: Parse error Hunk is shorter than expected (test_patch.TestPatch.test_upstream_status_presence_format) SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format) SKIP: test pylint: Python-unidiff parse error (test_python_pylint.PyLint.test_pylint) SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head) --- Please address the issues identified and submit a new revision of the patch, or alternatively, reply to this email with an explanation of why the patch should be accepted. If you believe these results are due to an error in patchtest, please submit a bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category under 'Yocto Project Subprojects'). For more information on specific failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank you! -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#193345): https://lists.openembedded.org/g/openembedded-core/message/193345 Mute This Topic: https://lists.openembedded.org/mt/103539189/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][dunfell][PATCH v2] go: Backport fix for CVE-2023-45287
From: Vijay Anusuri Upstream-Status: Backport [https://github.com/golang/go/commit/9baafabac9a84813a336f068862207d2bb06d255 & https://github.com/golang/go/commit/c9d5f60eaa4450ccf1ce878d55b4c6a12843f2f3 & https://github.com/golang/go/commit/8f676144ad7b7c91adb0c6e1ec89aaa6283c6807 & https://github.com/golang/go/commit/8a81fdf165facdcefa06531de5af98a4db343035] Signed-off-by: Vijay Anusuri --- meta/recipes-devtools/go/go-1.14.inc |4 + .../go/go-1.14/CVE-2023-45287-pre1.patch | 393 .../go/go-1.14/CVE-2023-45287-pre2.patch | 401 .../go/go-1.14/CVE-2023-45287-pre3.patch | 86 + .../go/go-1.14/CVE-2023-45287.patch | 1697 + 5 files changed, 2581 insertions(+) create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre1.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre2.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre3.patch create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-45287.patch diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index b827a3606d..42a9ac8435 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -83,6 +83,10 @@ SRC_URI += "\ file://CVE-2023-39318.patch \ file://CVE-2023-39319.patch \ file://CVE-2023-39326.patch \ +file://CVE-2023-45287-pre1.patch \ +file://CVE-2023-45287-pre2.patch \ +file://CVE-2023-45287-pre3.patch \ +file://CVE-2023-45287.patch \ " SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre1.patch b/meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre1.patch new file mode 100644 index 00..4d65180253 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre1.patch @@ -0,0 +1,393 @@ +From 9baafabac9a84813a336f068862207d2bb06d255 Mon Sep 17 00:00:00 2001 +From: Filippo Valsorda +Date: Wed, 1 Apr 2020 17:25:40 -0400 +Subject: [PATCH] crypto/rsa: refactor RSA-PSS signing and verification + +Cleaned up for readability and consistency. + +There is one tiny behavioral change: when PSSSaltLengthEqualsHash is +used and both hash and opts.Hash were set, hash.Size() was used for the +salt length instead of opts.Hash.Size(). That's clearly wrong because +opts.Hash is documented to override hash. + +Change-Id: I3e25dad933961eac827c6d2e3bbfe45fc5a6fb0e +Reviewed-on: https://go-review.googlesource.com/c/go/+/226937 +Run-TryBot: Filippo Valsorda +TryBot-Result: Gobot Gobot +Reviewed-by: Katie Hockman + +Upstream-Status: Backport [https://github.com/golang/go/commit/9baafabac9a84813a336f068862207d2bb06d255] +CVE: CVE-2023-45287 #Dependency Patch1 +Signed-off-by: Vijay Anusuri +--- + src/crypto/rsa/pss.go | 173 ++ + src/crypto/rsa/rsa.go | 9 ++- + 2 files changed, 96 insertions(+), 86 deletions(-) + +diff --git a/src/crypto/rsa/pss.go b/src/crypto/rsa/pss.go +index 3ff0c2f4d0076..f9844d87329a8 100644 +--- a/src/crypto/rsa/pss.go b/src/crypto/rsa/pss.go +@@ -4,9 +4,7 @@ + + package rsa + +-// This file implements the PSS signature scheme [1]. +-// +-// [1] https://www.emc.com/collateral/white-papers/h11300-pkcs-1v2-2-rsa-cryptography-standard-wp.pdf ++// This file implements the RSASSA-PSS signature scheme according to RFC 8017. + + import ( + "bytes" +@@ -17,8 +15,22 @@ import ( + "math/big" + ) + ++// Per RFC 8017, Section 9.1 ++// ++// EM = MGF1 xor DB || H( 8*0x00 || mHash || salt ) || 0xbc ++// ++// where ++// ++// DB = PS || 0x01 || salt ++// ++// and PS can be empty so ++// ++// emLen = dbLen + hLen + 1 = psLen + sLen + hLen + 2 ++// ++ + func emsaPSSEncode(mHash []byte, emBits int, salt []byte, hash hash.Hash) ([]byte, error) { +- // See [1], section 9.1.1 ++ // See RFC 8017, Section 9.1.1. ++ + hLen := hash.Size() + sLen := len(salt) + emLen := (emBits + 7) / 8 +@@ -30,7 +42,7 @@ func emsaPSSEncode(mHash []byte, emBits int, salt []byte, hash hash.Hash) ([]byt + // 2. Let mHash = Hash(M), an octet string of length hLen. + + if len(mHash) != hLen { +- return nil, errors.New("crypto/rsa: input must be hashed message") ++ return nil, errors.New("crypto/rsa: input must be hashed with given hash") + } + + // 3. If emLen < hLen + sLen + 2, output "encoding error" and stop. +@@ -40,8 +52,9 @@ func emsaPSSEncode(mHash []byte, emBits int, salt []byte, hash hash.Hash) ([]byt + } + + em := make([]byte, emLen) +- db := em[:emLen-sLen-hLen-2+1+sLen] +- h := em[emLen-sLen-hLen-2+1+sLen : emLen-1] ++ psLen := emLen - sLen - hLen - 2 ++ db := em[:psLen+1+sLen] ++ h := em[psLen+1+sLen : emLen-1] + + // 4. Generate a random octet string salt of length sLen; if sLen = 0, + // then salt is the