Re: [OE-core] [PATCH] libcroco: CVE-2020-12825 Security Advisory
On Fri, 2021-02-05 at 22:44 -0800, Khem Raj wrote: > I am also seeing > > ERROR: libcroco-native-0.6.13-r0 do_patch: Fuzz detected: > > Applying patch CVE-2020-12825.patch > patching file src/cr-parser.c > Hunk #4 succeeded at 799 with fuzz 1. > > > The context lines in the patches can be updated with devtool: > > devtool modify libcroco-native > devtool finish --force-patch-refresh libcroco-native There was a more recently submitted version of this. I've refreshed it, in master-next it looks like it was whitespace damaged somehow. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#147720): https://lists.openembedded.org/g/openembedded-core/message/147720 Mute This Topic: https://lists.openembedded.org/mt/79998594/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] libcroco: CVE-2020-12825 Security Advisory
I am also seeing ERROR: libcroco-native-0.6.13-r0 do_patch: Fuzz detected: Applying patch CVE-2020-12825.patch patching file src/cr-parser.c Hunk #4 succeeded at 799 with fuzz 1. The context lines in the patches can be updated with devtool: devtool modify libcroco-native devtool finish --force-patch-refresh libcroco-native On Thu, Jan 21, 2021 at 3:53 AM Ross Burton wrote: > > And a CVE: CVE-2020-12825 tag alongside that too would be good. > > Ross > > On Thu, 21 Jan 2021 at 10:50, Richard Purdie > wrote: > > > > On Thu, 2021-01-21 at 14:59 +0800, Wang Mingyu wrote: > > > References > > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12825 > > > > > > Signed-off-by: Wang Mingyu > > > --- > > > .../libcroco/libcroco/CVE-2020-12825.patch| 170 ++ > > > .../libcroco/libcroco_0.6.13.bb | 2 + > > > 2 files changed, 172 insertions(+) > > > create mode 100644 > > > meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > > > > > > diff --git a/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > > > b/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > > > new file mode 100644 > > > index 00..cde0abd676 > > > --- /dev/null > > > +++ b/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > > > @@ -0,0 +1,170 @@ > > > +Subject: [PATCH] libcroco: Limit recursion in block and any productions > > > + > > > +Signed-off-by:Michael Catanzaro @mcatanzaro > > > > Thanks for this, the patch has no Upstream-Status set though? Could you > > resend with one please? > > > > Cheers, > > > > Richard > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#147718): https://lists.openembedded.org/g/openembedded-core/message/147718 Mute This Topic: https://lists.openembedded.org/mt/79998594/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] libcroco: CVE-2020-12825 Security Advisory
And a CVE: CVE-2020-12825 tag alongside that too would be good. Ross On Thu, 21 Jan 2021 at 10:50, Richard Purdie wrote: > > On Thu, 2021-01-21 at 14:59 +0800, Wang Mingyu wrote: > > References > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12825 > > > > Signed-off-by: Wang Mingyu > > --- > > .../libcroco/libcroco/CVE-2020-12825.patch| 170 ++ > > .../libcroco/libcroco_0.6.13.bb | 2 + > > 2 files changed, 172 insertions(+) > > create mode 100644 > > meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > > > > diff --git a/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > > b/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > > new file mode 100644 > > index 00..cde0abd676 > > --- /dev/null > > +++ b/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > > @@ -0,0 +1,170 @@ > > +Subject: [PATCH] libcroco: Limit recursion in block and any productions > > + > > +Signed-off-by:Michael Catanzaro @mcatanzaro > > Thanks for this, the patch has no Upstream-Status set though? Could you > resend with one please? > > Cheers, > > Richard > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#147058): https://lists.openembedded.org/g/openembedded-core/message/147058 Mute This Topic: https://lists.openembedded.org/mt/79998594/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH] libcroco: CVE-2020-12825 Security Advisory
On Thu, 2021-01-21 at 14:59 +0800, Wang Mingyu wrote: > References > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12825 > > Signed-off-by: Wang Mingyu > --- > .../libcroco/libcroco/CVE-2020-12825.patch| 170 ++ > .../libcroco/libcroco_0.6.13.bb | 2 + > 2 files changed, 172 insertions(+) > create mode 100644 > meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > > diff --git a/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > b/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > new file mode 100644 > index 00..cde0abd676 > --- /dev/null > +++ b/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch > @@ -0,0 +1,170 @@ > +Subject: [PATCH] libcroco: Limit recursion in block and any productions > + > +Signed-off-by:Michael Catanzaro @mcatanzaro Thanks for this, the patch has no Upstream-Status set though? Could you resend with one please? Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#147057): https://lists.openembedded.org/g/openembedded-core/message/147057 Mute This Topic: https://lists.openembedded.org/mt/79998594/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH] libcroco: CVE-2020-12825 Security Advisory
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12825
Signed-off-by: Wang Mingyu
---
.../libcroco/libcroco/CVE-2020-12825.patch| 170 ++
.../libcroco/libcroco_0.6.13.bb | 2 +
2 files changed, 172 insertions(+)
create mode 100644 meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch
diff --git a/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch
b/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch
new file mode 100644
index 00..cde0abd676
--- /dev/null
+++ b/meta/recipes-support/libcroco/libcroco/CVE-2020-12825.patch
@@ -0,0 +1,170 @@
+Subject: [PATCH] libcroco: Limit recursion in block and any productions
+
+Signed-off-by:Michael Catanzaro @mcatanzaro
+---
+ src/cr-parser.c | 42 +++---
+ 1 file changed, 27 insertions(+), 15 deletions(-)
+
+diff --git a/src/cr-parser.c b/src/cr-parser.c
+index 18c9a01..4e5b424 100644
+--- a/src/cr-parser.c
b/src/cr-parser.c
+@@ -136,6 +136,8 @@ struct _CRParserPriv {
+
+ #define CHARS_TAB_SIZE 12
+
++#define RECURSIVE_CALLERS_LIMIT 100
++
+ /**
+ * IS_NUM:
+ *@a_char: the char to test.
+@@ -344,9 +346,11 @@ static enum CRStatus cr_parser_parse_selector_core
(CRParser * a_this);
+
+ static enum CRStatus cr_parser_parse_declaration_core (CRParser * a_this);
+
+-static enum CRStatus cr_parser_parse_any_core (CRParser * a_this);
++static enum CRStatus cr_parser_parse_any_core (CRParser * a_this,
++ guint n_calls);
+
+-static enum CRStatus cr_parser_parse_block_core (CRParser * a_this);
++static enum CRStatus cr_parser_parse_block_core (CRParser * a_this,
++ guint n_calls);
+
+ static enum CRStatus cr_parser_parse_value_core (CRParser * a_this);
+
+@@ -784,7 +788,7 @@ cr_parser_parse_atrule_core (CRParser * a_this)
+ cr_parser_try_to_skip_spaces_and_comments (a_this);
+
+ do {
+-status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, 0);
+ } while (status == CR_OK);
+
+ status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr,
+@@ -795,7 +799,7 @@ cr_parser_parse_atrule_core (CRParser * a_this)
+ cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
+ token);
+ token = NULL;
+-status = cr_parser_parse_block_core (a_this);
++ status = cr_parser_parse_block_core (a_this, 0);
+ CHECK_PARSING_STATUS (status,
+ FALSE);
+ goto done;
+@@ -930,11 +934,11 @@ cr_parser_parse_selector_core (CRParser * a_this)
+
+ RECORD_INITIAL_POS (a_this, _pos);
+
+-status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, 0);
+ CHECK_PARSING_STATUS (status, FALSE);
+
+ do {
+-status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, 0);
+
+ } while (status == CR_OK);
+
+@@ -959,7 +963,8 @@ cr_parser_parse_selector_core (CRParser * a_this)
+ *FIXME: code this function.
+ */
+ static enum CRStatus
+-cr_parser_parse_block_core (CRParser * a_this)
++cr_parser_parse_block_core (CRParser * a_this,
++guint n_calls)
+ {
+ CRToken *token = NULL;
+ CRInputPos init_pos;
+@@ -967,6 +972,9 @@ cr_parser_parse_block_core (CRParser * a_this)
+
+ g_return_val_if_fail (a_this && PRIVATE (a_this), CR_BAD_PARAM_ERROR);
+
++ if (n_calls > RECURSIVE_CALLERS_LIMIT)
++return CR_ERROR;
++
+ RECORD_INITIAL_POS (a_this, _pos);
+
+ status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, );
+@@ -996,13 +1004,13 @@ cr_parser_parse_block_core (CRParser * a_this)
+ } else if (token->type == CBO_TK) {
+ cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token);
+ token = NULL;
+-status = cr_parser_parse_block_core (a_this);
++ status = cr_parser_parse_block_core (a_this, n_calls + 1);
+ CHECK_PARSING_STATUS (status, FALSE);
+ goto parse_block_content;
+ } else {
+ cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token);
+ token = NULL;
+-status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, n_calls + 1);
+ CHECK_PARSING_STATUS (status, FALSE);
+ goto parse_block_content;
+ }
+@@ -1109,7 +1117,7 @@ cr_parser_parse_value_core (CRParser * a_this)
+ status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
+token);
+ token = NULL;
+-status = cr_parser_parse_block_core
