diff options
Diffstat (limited to 'meta')
33 files changed, 3894 insertions, 45 deletions
diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc index eaa3e9b31c..4ac66fd506 100644 --- a/meta/conf/distro/include/yocto-uninative.inc +++ b/meta/conf/distro/include/yocto-uninative.inc @@ -6,10 +6,10 @@ # to the distro running on the build machine. # -UNINATIVE_MAXGLIBCVERSION = "2.38" -UNINATIVE_VERSION = "4.3" +UNINATIVE_MAXGLIBCVERSION = "2.39" +UNINATIVE_VERSION = "4.4" UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/" -UNINATIVE_CHECKSUM[aarch64] ?= "8df05f4a41455018b4303b2e0ea4eac5c960b5a13713f6dbb33dfdb3e32753ec" -UNINATIVE_CHECKSUM[i686] ?= "bea76b4a97c9ba0077c0dd1295f519cd599dbf71f0ca1c964471c4cdb043addd" -UNINATIVE_CHECKSUM[x86_64] ?= "1c35f09a75c4096749bbe1e009df4e3968cde151424062cf4aa3ed89db22b030" +UNINATIVE_CHECKSUM[aarch64] ?= "b61876130f494f75092f21086b4a64ea5fb064045769bf1d32e9cb6af17ea8ec" +UNINATIVE_CHECKSUM[i686] ?= "9f28627828f0082cc0344eede4d9a861a9a064bfa8f36e072e46212f0fe45fcc" +UNINATIVE_CHECKSUM[x86_64] ?= "d81c54284be2bb886931fc87281d58177a2cd381cf99d1981f8923039a72a302" diff --git a/meta/conf/licenses.conf b/meta/conf/licenses.conf index d14c365977..c78823e847 100644 --- a/meta/conf/licenses.conf +++ b/meta/conf/licenses.conf @@ -37,6 +37,7 @@ SPDXLICENSEMAP[GPL-3.0-only] = "GPL-3.0" SPDXLICENSEMAP[LGPLv2] = "LGPL-2.0" SPDXLICENSEMAP[LGPLv2+] = "LGPL-2.0+" SPDXLICENSEMAP[LGPLv2.0] = "LGPL-2.0" +SPDXLICENSEMAP[LGPLv2.0+] = "LGPL-2.0+" SPDXLICENSEMAP[LGPL-2.0-only] = "LGPL-2.0" SPDXLICENSEMAP[LGPL2.1] = "LGPL-2.1" SPDXLICENSEMAP[LGPLv2.1] = "LGPL-2.1" diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2024-0727.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2024-0727.patch new file mode 100644 index 0000000000..3da6879ccb --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2024-0727.patch @@ -0,0 +1,122 @@ +Backport of: + +From 09df4395b5071217b76dc7d3d2e630eb8c5a79c2 Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Fri, 19 Jan 2024 11:28:58 +0000 +Subject: [PATCH] Add NULL checks where ContentInfo data can be NULL + +PKCS12 structures contain PKCS7 ContentInfo fields. These fields are +optional and can be NULL even if the "type" is a valid value. OpenSSL +was not properly accounting for this and a NULL dereference can occur +causing a crash. + +CVE-2024-0727 + +Reviewed-by: Tomas Mraz <tomas@openssl.org> +Reviewed-by: Hugo Landau <hlandau@openssl.org> +Reviewed-by: Neil Horman <nhorman@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/23362) + +(cherry picked from commit d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c) + +Upstream-Status: Backport [https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c] + +CVE: CVE-2024-0727 + +Signed-off-by: virendra thakur <virendrak@kpit.com> +--- + crypto/pkcs12/p12_add.c | 18 ++++++++++++++++++ + crypto/pkcs12/p12_mutl.c | 5 +++++ + crypto/pkcs12/p12_npas.c | 5 +++-- + crypto/pkcs7/pk7_mime.c | 7 +++++-- + 4 files changed, 31 insertions(+), 4 deletions(-) + +--- a/crypto/pkcs12/p12_add.c ++++ b/crypto/pkcs12/p12_add.c +@@ -76,6 +76,13 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_ + PKCS12_R_CONTENT_TYPE_NOT_DATA); + return NULL; + } ++ ++ if (p7->d.data == NULL) { ++ PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA, ++ PKCS12_R_DECODE_ERROR); ++ return NULL; ++ } ++ + return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS)); + } + +@@ -132,6 +139,12 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_ + { + if (!PKCS7_type_is_encrypted(p7)) + return NULL; ++ ++ if (p7->d.encrypted == NULL) { ++ PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA, PKCS12_R_DECODE_ERROR); ++ return NULL; ++ } ++ + return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm, + ASN1_ITEM_rptr(PKCS12_SAFEBAGS), + pass, passlen, +@@ -159,6 +172,13 @@ STACK_OF(PKCS7) *PKCS12_unpack_authsafes + PKCS12_R_CONTENT_TYPE_NOT_DATA); + return NULL; + } ++ ++ if (p12->authsafes->d.data == NULL) { ++ PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES, ++ PKCS12_R_DECODE_ERROR); ++ return NULL; ++ } ++ + return ASN1_item_unpack(p12->authsafes->d.data, + ASN1_ITEM_rptr(PKCS12_AUTHSAFES)); + } +--- a/crypto/pkcs12/p12_mutl.c ++++ b/crypto/pkcs12/p12_mutl.c +@@ -93,6 +93,11 @@ static int pkcs12_gen_mac(PKCS12 *p12, c + return 0; + } + ++ if (p12->authsafes->d.data == NULL) { ++ PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_DECODE_ERROR); ++ return 0; ++ } ++ + salt = p12->mac->salt->data; + saltlen = p12->mac->salt->length; + if (!p12->mac->iter) +--- a/crypto/pkcs12/p12_npas.c ++++ b/crypto/pkcs12/p12_npas.c +@@ -78,8 +78,9 @@ static int newpass_p12(PKCS12 *p12, cons + bags = PKCS12_unpack_p7data(p7); + } else if (bagnid == NID_pkcs7_encrypted) { + bags = PKCS12_unpack_p7encdata(p7, oldpass, -1); +- if (!alg_get(p7->d.encrypted->enc_data->algorithm, +- &pbe_nid, &pbe_iter, &pbe_saltlen)) ++ if (p7->d.encrypted == NULL ++ || !alg_get(p7->d.encrypted->enc_data->algorithm, ++ &pbe_nid, &pbe_iter, &pbe_saltlen)) + goto err; + } else { + continue; +--- a/crypto/pkcs7/pk7_mime.c ++++ b/crypto/pkcs7/pk7_mime.c +@@ -30,10 +30,13 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p + { + STACK_OF(X509_ALGOR) *mdalgs; + int ctype_nid = OBJ_obj2nid(p7->type); +- if (ctype_nid == NID_pkcs7_signed) ++ if (ctype_nid == NID_pkcs7_signed) { ++ if (p7->d.sign == NULL) ++ return 0; + mdalgs = p7->d.sign->md_algs; +- else ++ } else { + mdalgs = NULL; ++ } + + flags ^= SMIME_OLDMIME; + diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1w.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1w.bb index 8a53b06862..0e490eabc3 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1w.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1w.bb @@ -20,6 +20,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://reproducibility.patch \ file://0001-Configure-add-2-missing-key-sorts.patch \ file://0001-Configure-do-not-tweak-mips-cflags.patch \ + file://CVE-2024-0727.patch \ " SRC_URI_append_class-nativesdk = " \ diff --git a/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/meta/recipes-core/images/build-appliance-image_15.0.0.bb index 35c096bc14..035312f4d9 100644 --- a/meta/recipes-core/images/build-appliance-image_15.0.0.bb +++ b/meta/recipes-core/images/build-appliance-image_15.0.0.bb @@ -24,7 +24,7 @@ IMAGE_FSTYPES = "wic.vmdk" inherit core-image setuptools3 -SRCREV ?= "593cbdf6c3d340b5408e699bc33f5ac419297104" +SRCREV ?= "77442211926cbe93d60108f6df4abda3bc06b735" SRC_URI = "git://git.yoctoproject.org/poky;branch=dunfell \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ diff --git a/meta/recipes-core/ncurses/files/CVE-2023-50495.patch b/meta/recipes-core/ncurses/files/CVE-2023-50495.patch new file mode 100644 index 0000000000..58c23866d1 --- /dev/null +++ b/meta/recipes-core/ncurses/files/CVE-2023-50495.patch @@ -0,0 +1,79 @@ +Fix for CVE-2023-50495 from upstream: +https://github.com/ThomasDickey/ncurses-snapshots/commit/efe9674ee14b14b788f9618941f97d31742f0adc + +Reference: +https://invisible-island.net/archives/ncurses/6.4/ncurses-6.4-20230424.patch.gz + +Upstream-Status: Backport [import from suse ftp.pbone.net/mirror/ftp.opensuse.org/update/leap-micro/5.3/sle/src/ncurses-6.1-150000.5.20.1.src.rpm +Upstream commit https://github.com/ThomasDickey/ncurses-snapshots/commit/efe9674ee14b14b788f9618941f97d31742f0adc] +CVE: CVE-2023-50495 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + ncurses/tinfo/parse_entry.c | 23 ++++++++++++++++------- + 1 file changed, 16 insertions(+), 7 deletions(-) + +diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c +index 23574b66..56ba9ae6 100644 +--- a/ncurses/tinfo/parse_entry.c ++++ b/ncurses/tinfo/parse_entry.c +@@ -110,7 +110,7 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type) + /* Well, we are given a cancel for a name that we don't recognize */ + return _nc_extend_names(entryp, name, STRING); + default: +- return 0; ++ return NULL; + } + + /* Adjust the 'offset' (insertion-point) to keep the lists of extended +@@ -142,6 +142,11 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type) + for (last = (unsigned) (max - 1); last > tindex; last--) + + if (!found) { ++ char *saved; ++ ++ if ((saved = _nc_save_str(name)) == NULL) ++ return NULL; ++ + switch (token_type) { + case BOOLEAN: + tp->ext_Booleans++; +@@ -169,7 +174,7 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type) + TYPE_REALLOC(char *, actual, tp->ext_Names); + while (--actual > offset) + tp->ext_Names[actual] = tp->ext_Names[actual - 1]; +- tp->ext_Names[offset] = _nc_save_str(name); ++ tp->ext_Names[offset] = saved; + } + + temp.nte_name = tp->ext_Names[offset]; +@@ -337,6 +342,8 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent) + bool is_use = (strcmp(_nc_curr_token.tk_name, "use") == 0); + bool is_tc = !is_use && (strcmp(_nc_curr_token.tk_name, "tc") == 0); + if (is_use || is_tc) { ++ char *saved; ++ + if (!VALID_STRING(_nc_curr_token.tk_valstring) + || _nc_curr_token.tk_valstring[0] == '\0') { + _nc_warning("missing name for use-clause"); +@@ -350,11 +357,13 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent) + _nc_curr_token.tk_valstring); + continue; + } +- entryp->uses[entryp->nuses].name = _nc_save_str(_nc_curr_token.tk_valstring); +- entryp->uses[entryp->nuses].line = _nc_curr_line; +- entryp->nuses++; +- if (entryp->nuses > 1 && is_tc) { +- BAD_TC_USAGE ++ if ((saved = _nc_save_str(_nc_curr_token.tk_valstring)) != NULL) { ++ entryp->uses[entryp->nuses].name = saved; ++ entryp->uses[entryp->nuses].line = _nc_curr_line; ++ entryp->nuses++; ++ if (entryp->nuses > 1 && is_tc) { ++ BAD_TC_USAGE ++ } + } + } else { + /* normal token lookup */ +-- +2.25.1 + diff --git a/meta/recipes-core/ncurses/ncurses_6.2.bb b/meta/recipes-core/ncurses/ncurses_6.2.bb index 33285bcb5b..dbff149f55 100644 --- a/meta/recipes-core/ncurses/ncurses_6.2.bb +++ b/meta/recipes-core/ncurses/ncurses_6.2.bb @@ -6,6 +6,7 @@ SRC_URI += "file://0001-tic-hang.patch \ file://CVE-2021-39537.patch \ file://CVE-2022-29458.patch \ file://CVE-2023-29491.patch \ + file://CVE-2023-50495.patch \ " # commit id corresponds to the revision in package version SRCREV = "a669013cd5e9d6434e5301348ea51baf306c93c4" diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index 4fbf9d7590..9c7ceda891 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -88,6 +88,10 @@ SRC_URI += "\ file://CVE-2023-45287-pre2.patch \ file://CVE-2023-45287-pre3.patch \ file://CVE-2023-45287.patch \ + file://CVE-2023-45289.patch \ + file://CVE-2023-45290.patch \ + file://CVE-2024-24785.patch \ + file://CVE-2024-24784.patch \ " SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2023-45289.patch b/meta/recipes-devtools/go/go-1.14/CVE-2023-45289.patch new file mode 100644 index 0000000000..13d3510504 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2023-45289.patch @@ -0,0 +1,121 @@ +From 20586c0dbe03d144f914155f879fa5ee287591a1 Mon Sep 17 00:00:00 2001 +From: Damien Neil <dneil@google.com> +Date: Thu, 11 Jan 2024 11:31:57 -0800 +Subject: [PATCH] [release-branch.go1.21] net/http, net/http/cookiejar: avoid + subdomain matches on IPv6 zones + +When deciding whether to forward cookies or sensitive headers +across a redirect, do not attempt to interpret an IPv6 address +as a domain name. + +Avoids a case where a maliciously-crafted redirect to an +IPv6 address with a scoped addressing zone could be +misinterpreted as a within-domain redirect. For example, +we could interpret "::1%.www.example.com" as a subdomain +of "www.example.com". + +Thanks to Juho Nurminen of Mattermost for reporting this issue. + +Fixes CVE-2023-45289 +Fixes #65385 +For #65065 + +Change-Id: I8f463f59f0e700c8a18733d2b264a8bcb3a19599 +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2131938 +Reviewed-by: Tatiana Bradley <tatianabradley@google.com> +Reviewed-by: Roland Shoemaker <bracewell@google.com> +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2173775 +Reviewed-by: Carlos Amedee <amedee@google.com> +Reviewed-on: https://go-review.googlesource.com/c/go/+/569239 +Reviewed-by: Carlos Amedee <carlos@golang.org> +Auto-Submit: Michael Knyszek <mknyszek@google.com> +TryBot-Bypass: Michael Knyszek <mknyszek@google.com> + +Upstream-Status: Backport [https://github.com/golang/go/commit/20586c0dbe03d144f914155f879fa5ee287591a1] +CVE: CVE-2023-45289 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + src/net/http/client.go | 6 ++++++ + src/net/http/client_test.go | 1 + + src/net/http/cookiejar/jar.go | 7 +++++++ + src/net/http/cookiejar/jar_test.go | 10 ++++++++++ + 4 files changed, 24 insertions(+) + +diff --git a/src/net/http/client.go b/src/net/http/client.go +index a496f1c..2031834 100644 +--- a/src/net/http/client.go ++++ b/src/net/http/client.go +@@ -973,6 +973,12 @@ func isDomainOrSubdomain(sub, parent string) bool { + if sub == parent { + return true + } ++ // If sub contains a :, it's probably an IPv6 address (and is definitely not a hostname). ++ // Don't check the suffix in this case, to avoid matching the contents of a IPv6 zone. ++ // For example, "::1%.www.example.com" is not a subdomain of "www.example.com". ++ if strings.ContainsAny(sub, ":%") { ++ return false ++ } + // If sub is "foo.example.com" and parent is "example.com", + // that means sub must end in "."+parent. + // Do it without allocating. +diff --git a/src/net/http/client_test.go b/src/net/http/client_test.go +index 2b4f53f..442fe35 100644 +--- a/src/net/http/client_test.go ++++ b/src/net/http/client_test.go +@@ -1703,6 +1703,7 @@ func TestShouldCopyHeaderOnRedirect(t *testing.T) { + {"cookie2", "http://foo.com/", "http://bar.com/", false}, + {"authorization", "http://foo.com/", "http://bar.com/", false}, + {"www-authenticate", "http://foo.com/", "http://bar.com/", false}, ++ {"authorization", "http://foo.com/", "http://[::1%25.foo.com]/", false}, + + // But subdomains should work: + {"www-authenticate", "http://foo.com/", "http://foo.com/", true}, +diff --git a/src/net/http/cookiejar/jar.go b/src/net/http/cookiejar/jar.go +index 9f19917..18cbfc2 100644 +--- a/src/net/http/cookiejar/jar.go ++++ b/src/net/http/cookiejar/jar.go +@@ -356,6 +356,13 @@ func jarKey(host string, psl PublicSuffixList) string { + + // isIP reports whether host is an IP address. + func isIP(host string) bool { ++ if strings.ContainsAny(host, ":%") { ++ // Probable IPv6 address. ++ // Hostnames can't contain : or %, so this is definitely not a valid host. ++ // Treating it as an IP is the more conservative option, and avoids the risk ++ // of interpeting ::1%.www.example.com as a subtomain of www.example.com. ++ return true ++ } + return net.ParseIP(host) != nil + } + +diff --git a/src/net/http/cookiejar/jar_test.go b/src/net/http/cookiejar/jar_test.go +index 47fb1ab..fd8d40e 100644 +--- a/src/net/http/cookiejar/jar_test.go ++++ b/src/net/http/cookiejar/jar_test.go +@@ -251,6 +251,7 @@ var isIPTests = map[string]bool{ + "127.0.0.1": true, + "1.2.3.4": true, + "2001:4860:0:2001::68": true, ++ "::1%zone": true, + "example.com": false, + "1.1.1.300": false, + "www.foo.bar.net": false, +@@ -613,6 +614,15 @@ var basicsTests = [...]jarTest{ + {"http://www.host.test:1234/", "a=1"}, + }, + }, ++ { ++ "IPv6 zone is not treated as a host.", ++ "https://example.com/", ++ []string{"a=1"}, ++ "a=1", ++ []query{ ++ {"https://[::1%25.example.com]:80/", ""}, ++ }, ++ }, + } + + func TestBasics(t *testing.T) { +-- +2.25.1 + diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2023-45290.patch b/meta/recipes-devtools/go/go-1.14/CVE-2023-45290.patch new file mode 100644 index 0000000000..ddc2f67c96 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2023-45290.patch @@ -0,0 +1,271 @@ +From bf80213b121074f4ad9b449410a4d13bae5e9be0 Mon Sep 17 00:00:00 2001 +From: Damien Neil <dneil@google.com> +Date: Tue, 16 Jan 2024 15:37:52 -0800 +Subject: [PATCH] [release-branch.go1.21] net/textproto, mime/multipart: avoid + unbounded read in MIME header + +mime/multipart.Reader.ReadForm allows specifying the maximum amount +of memory that will be consumed by the form. While this limit is +correctly applied to the parsed form data structure, it was not +being applied to individual header lines in a form. + +For example, when presented with a form containing a header line +that never ends, ReadForm will continue to read the line until it +runs out of memory. + +Limit the amount of data consumed when reading a header. + +Fixes CVE-2023-45290 +Fixes #65389 +For #65383 + +Change-Id: I7f9264d25752009e95f6b2c80e3d76aaf321d658 +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2134435 +Reviewed-by: Roland Shoemaker <bracewell@google.com> +Reviewed-by: Tatiana Bradley <tatianabradley@google.com> +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2173776 +Reviewed-by: Carlos Amedee <amedee@google.com> +Reviewed-on: https://go-review.googlesource.com/c/go/+/569240 +Auto-Submit: Michael Knyszek <mknyszek@google.com> +LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> +Reviewed-by: Carlos Amedee <carlos@golang.org> + +Upstream-Status: Backport [https://github.com/golang/go/commit/bf80213b121074f4ad9b449410a4d13bae5e9be0] +CVE: CVE-2023-45290 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + src/mime/multipart/formdata_test.go | 42 +++++++++++++++++++++++++ + src/net/textproto/reader.go | 48 ++++++++++++++++++++--------- + src/net/textproto/reader_test.go | 12 ++++++++ + 3 files changed, 87 insertions(+), 15 deletions(-) + +diff --git a/src/mime/multipart/formdata_test.go b/src/mime/multipart/formdata_test.go +index c78eeb7..f729da6 100644 +--- a/src/mime/multipart/formdata_test.go ++++ b/src/mime/multipart/formdata_test.go +@@ -421,6 +421,48 @@ func TestReadFormLimits(t *testing.T) { + } + } + ++func TestReadFormEndlessHeaderLine(t *testing.T) { ++ for _, test := range []struct { ++ name string ++ prefix string ++ }{{ ++ name: "name", ++ prefix: "X-", ++ }, { ++ name: "value", ++ prefix: "X-Header: ", ++ }, { ++ name: "continuation", ++ prefix: "X-Header: foo\r\n ", ++ }} { ++ t.Run(test.name, func(t *testing.T) { ++ const eol = "\r\n" ++ s := `--boundary` + eol ++ s += `Content-Disposition: form-data; name="a"` + eol ++ s += `Content-Type: text/plain` + eol ++ s += test.prefix ++ fr := io.MultiReader( ++ strings.NewReader(s), ++ neverendingReader('X'), ++ ) ++ r := NewReader(fr, "boundary") ++ _, err := r.ReadForm(1 << 20) ++ if err != ErrMessageTooLarge { ++ t.Fatalf("ReadForm(1 << 20): %v, want ErrMessageTooLarge", err) ++ } ++ }) ++ } ++} ++ ++type neverendingReader byte ++ ++func (r neverendingReader) Read(p []byte) (n int, err error) { ++ for i := range p { ++ p[i] = byte(r) ++ } ++ return len(p), nil ++} ++ + func BenchmarkReadForm(b *testing.B) { + for _, test := range []struct { + name string +diff --git a/src/net/textproto/reader.go b/src/net/textproto/reader.go +index ad2d777..cea6613 100644 +--- a/src/net/textproto/reader.go ++++ b/src/net/textproto/reader.go +@@ -17,6 +17,10 @@ import ( + "sync" + ) + ++// TODO: This should be a distinguishable error (ErrMessageTooLarge) ++// to allow mime/multipart to detect it. ++var errMessageTooLarge = errors.New("message too large") ++ + // A Reader implements convenience methods for reading requests + // or responses from a text protocol network connection. + type Reader struct { +@@ -38,13 +42,13 @@ func NewReader(r *bufio.Reader) *Reader { + // ReadLine reads a single line from r, + // eliding the final \n or \r\n from the returned string. + func (r *Reader) ReadLine() (string, error) { +- line, err := r.readLineSlice() ++ line, err := r.readLineSlice(-1) + return string(line), err + } + + // ReadLineBytes is like ReadLine but returns a []byte instead of a string. + func (r *Reader) ReadLineBytes() ([]byte, error) { +- line, err := r.readLineSlice() ++ line, err := r.readLineSlice(-1) + if line != nil { + buf := make([]byte, len(line)) + copy(buf, line) +@@ -53,7 +57,10 @@ func (r *Reader) ReadLineBytes() ([]byte, error) { + return line, err + } + +-func (r *Reader) readLineSlice() ([]byte, error) { ++// readLineSlice reads a single line from r, ++// up to lim bytes long (or unlimited if lim is less than 0), ++// eliding the final \r or \r\n from the returned string. ++func (r *Reader) readLineSlice(lim int64) ([]byte, error) { + r.closeDot() + var line []byte + for { +@@ -61,6 +68,9 @@ func (r *Reader) readLineSlice() ([]byte, error) { + if err != nil { + return nil, err + } ++ if lim >= 0 && int64(len(line))+int64(len(l)) > lim { ++ return nil, errMessageTooLarge ++ } + // Avoid the copy if the first call produced a full line. + if line == nil && !more { + return l, nil +@@ -93,7 +103,7 @@ func (r *Reader) readLineSlice() ([]byte, error) { + // A line consisting of only white space is never continued. + // + func (r *Reader) ReadContinuedLine() (string, error) { +- line, err := r.readContinuedLineSlice(noValidation) ++ line, err := r.readContinuedLineSlice(-1, noValidation) + return string(line), err + } + +@@ -114,7 +124,7 @@ func trim(s []byte) []byte { + // ReadContinuedLineBytes is like ReadContinuedLine but + // returns a []byte instead of a string. + func (r *Reader) ReadContinuedLineBytes() ([]byte, error) { +- line, err := r.readContinuedLineSlice(noValidation) ++ line, err := r.readContinuedLineSlice(-1, noValidation) + if line != nil { + buf := make([]byte, len(line)) + copy(buf, line) +@@ -127,13 +137,14 @@ func (r *Reader) ReadContinuedLineBytes() ([]byte, error) { + // returning a byte slice with all lines. The validateFirstLine function + // is run on the first read line, and if it returns an error then this + // error is returned from readContinuedLineSlice. +-func (r *Reader) readContinuedLineSlice(validateFirstLine func([]byte) error) ([]byte, error) { ++// It reads up to lim bytes of data (or unlimited if lim is less than 0). ++func (r *Reader) readContinuedLineSlice(lim int64, validateFirstLine func([]byte) error) ([]byte, error) { + if validateFirstLine == nil { + return nil, fmt.Errorf("missing validateFirstLine func") + } + + // Read the first line. +- line, err := r.readLineSlice() ++ line, err := r.readLineSlice(lim) + if err != nil { + return nil, err + } +@@ -161,13 +172,21 @@ func (r *Reader) readContinuedLineSlice(validateFirstLine func([]byte) error) ([ + // copy the slice into buf. + r.buf = append(r.buf[:0], trim(line)...) + ++ if lim < 0 { ++ lim = math.MaxInt64 ++ } ++ lim -= int64(len(r.buf)) ++ + // Read continuation lines. + for r.skipSpace() > 0 { +- line, err := r.readLineSlice() ++ r.buf = append(r.buf, ' ') ++ if int64(len(r.buf)) >= lim { ++ return nil, errMessageTooLarge ++ } ++ line, err := r.readLineSlice(lim - int64(len(r.buf))) + if err != nil { + break + } +- r.buf = append(r.buf, ' ') + r.buf = append(r.buf, trim(line)...) + } + return r.buf, nil +@@ -512,7 +531,8 @@ func readMIMEHeader(r *Reader, maxMemory, maxHeaders int64) (MIMEHeader, error) + + // The first line cannot start with a leading space. + if buf, err := r.R.Peek(1); err == nil && (buf[0] == ' ' || buf[0] == '\t') { +- line, err := r.readLineSlice() ++ const errorLimit = 80 // arbitrary limit on how much of the line we'll quote ++ line, err := r.readLineSlice(errorLimit) + if err != nil { + return m, err + } +@@ -520,7 +540,7 @@ func readMIMEHeader(r *Reader, maxMemory, maxHeaders int64) (MIMEHeader, error) + } + + for { +- kv, err := r.readContinuedLineSlice(mustHaveFieldNameColon) ++ kv, err := r.readContinuedLineSlice(maxMemory, mustHaveFieldNameColon) + if len(kv) == 0 { + return m, err + } +@@ -541,7 +561,7 @@ func readMIMEHeader(r *Reader, maxMemory, maxHeaders int64) (MIMEHeader, error) + + maxHeaders-- + if maxHeaders < 0 { +- return nil, errors.New("message too large") ++ return nil, errMessageTooLarge + } + + // backport 5c55ac9bf1e5f779220294c843526536605f42ab +@@ -567,9 +587,7 @@ func readMIMEHeader(r *Reader, maxMemory, maxHeaders int64) (MIMEHeader, error) + } + maxMemory -= int64(len(value)) + if maxMemory < 0 { +- // TODO: This should be a distinguishable error (ErrMessageTooLarge) +- // to allow mime/multipart to detect it. +- return m, errors.New("message too large") ++ return m, errMessageTooLarge + } + if vv == nil && len(strs) > 0 { + // More than likely this will be a single-element key. +diff --git a/src/net/textproto/reader_test.go b/src/net/textproto/reader_test.go +index 3ae0de1..db1ed91 100644 +--- a/src/net/textproto/reader_test.go ++++ b/src/net/textproto/reader_test.go +@@ -34,6 +34,18 @@ func TestReadLine(t *testing.T) { + } + } + ++func TestReadLineLongLine(t *testing.T) { ++ line := strings.Repeat("12345", 10000) ++ r := reader(line + "\r\n") ++ s, err := r.ReadLine() ++ if err != nil { ++ t.Fatalf("Line 1: %v", err) ++ } ++ if s != line { ++ t.Fatalf("%v-byte line does not match expected %v-byte line", len(s), len(line)) ++ } ++} ++ + func TestReadContinuedLine(t *testing.T) { + r := reader("line1\nline\n 2\nline3\n") + s, err := r.ReadContinuedLine() +-- +2.25.1 + diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2024-24784.patch b/meta/recipes-devtools/go/go-1.14/CVE-2024-24784.patch new file mode 100644 index 0000000000..e9d9d972b9 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2024-24784.patch @@ -0,0 +1,205 @@ +From 5330cd225ba54c7dc78c1b46dcdf61a4671a632c Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker <bracewell@google.com> +Date: Wed, 10 Jan 2024 11:02:14 -0800 +Subject: [PATCH] [release-branch.go1.22] net/mail: properly handle special + characters in phrase and obs-phrase + +Fixes a couple of misalignments with RFC 5322 which introduce +significant diffs between (mostly) conformant parsers. + +This change reverts the changes made in CL50911, which allowed certain +special RFC 5322 characters to appear unquoted in the "phrase" syntax. +It is unclear why this change was made in the first place, and created +a divergence from comformant parsers. In particular this resulted in +treating comments in display names incorrectly. + +Additionally properly handle trailing malformed comments in the group +syntax. + +For #65083 +Fixed #65849 + +Change-Id: I00dddc044c6ae3381154e43236632604c390f672 +Reviewed-on: https://go-review.googlesource.com/c/go/+/555596 +Reviewed-by: Damien Neil <dneil@google.com> +LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> +Reviewed-on: https://go-review.googlesource.com/c/go/+/566215 +Reviewed-by: Carlos Amedee <carlos@golang.org> + +Upstream-Status: Backport [https://github.com/golang/go/commit/5330cd225ba54c7dc78c1b46dcdf61a4671a632c] +CVE: CVE-2024-24784 +Signed-off-by: Ashish Sharma <asharma@mvista.com> + + src/net/mail/message.go | 30 +++++++++++++++------------ + src/net/mail/message_test.go | 40 ++++++++++++++++++++++++++---------- + 2 files changed, 46 insertions(+), 24 deletions(-) + +diff --git a/src/net/mail/message.go b/src/net/mail/message.go +index af516fc30f470..fc2a9e46f811b 100644 +--- a/src/net/mail/message.go ++++ b/src/net/mail/message.go +@@ -280,7 +280,7 @@ func (a *Address) String() string { + // Add quotes if needed + quoteLocal := false + for i, r := range local { +- if isAtext(r, false, false) { ++ if isAtext(r, false) { + continue + } + if r == '.' { +@@ -444,7 +444,7 @@ func (p *addrParser) parseAddress(handleGroup bool) ([]*Address, error) { + if !p.consume('<') { + atext := true + for _, r := range displayName { +- if !isAtext(r, true, false) { ++ if !isAtext(r, true) { + atext = false + break + } +@@ -479,7 +479,9 @@ func (p *addrParser) consumeGroupList() ([]*Address, error) { + // handle empty group. + p.skipSpace() + if p.consume(';') { +- p.skipCFWS() ++ if !p.skipCFWS() { ++ return nil, errors.New("mail: misformatted parenthetical comment") ++ } + return group, nil + } + +@@ -496,7 +498,9 @@ func (p *addrParser) consumeGroupList() ([]*Address, error) { + return nil, errors.New("mail: misformatted parenthetical comment") + } + if p.consume(';') { +- p.skipCFWS() ++ if !p.skipCFWS() { ++ return nil, errors.New("mail: misformatted parenthetical comment") ++ } + break + } + if !p.consume(',') { +@@ -566,6 +570,12 @@ func (p *addrParser) consumePhrase() (phrase string, err error) { + var words []string + var isPrevEncoded bool + for { ++ // obs-phrase allows CFWS after one word ++ if len(words) > 0 { ++ if !p.skipCFWS() { ++ return "", errors.New("mail: misformatted parenthetical comment") ++ } ++ } + // word = atom / quoted-string + var word string + p.skipSpace() +@@ -661,7 +671,6 @@ Loop: + // If dot is true, consumeAtom parses an RFC 5322 dot-atom instead. + // If permissive is true, consumeAtom will not fail on: + // - leading/trailing/double dots in the atom (see golang.org/issue/4938) +-// - special characters (RFC 5322 3.2.3) except '<', '>', ':' and '"' (see golang.org/issue/21018) + func (p *addrParser) consumeAtom(dot bool, permissive bool) (atom string, err error) { + i := 0 + +@@ -672,7 +681,7 @@ Loop: + case size == 1 && r == utf8.RuneError: + return "", fmt.Errorf("mail: invalid utf-8 in address: %q", p.s) + +- case size == 0 || !isAtext(r, dot, permissive): ++ case size == 0 || !isAtext(r, dot): + break Loop + + default: +@@ -850,18 +859,13 @@ func (e charsetError) Error() string { + + // isAtext reports whether r is an RFC 5322 atext character. + // If dot is true, period is included. +-// If permissive is true, RFC 5322 3.2.3 specials is included, +-// except '<', '>', ':' and '"'. +-func isAtext(r rune, dot, permissive bool) bool { ++func isAtext(r rune, dot bool) bool { + switch r { + case '.': + return dot + + // RFC 5322 3.2.3. specials +- case '(', ')', '[', ']', ';', '@', '\\', ',': +- return permissive +- +- case '<', '>', '"', ':': ++ case '(', ')', '<', '>', '[', ']', ':', ';', '@', '\\', ',', '"': // RFC 5322 3.2.3. specials + return false + } + return isVchar(r) +diff --git a/src/net/mail/message_test.go b/src/net/mail/message_test.go +index 1e1bb4092f659..1f2f62afbf406 100644 +--- a/src/net/mail/message_test.go ++++ b/src/net/mail/message_test.go +@@ -385,8 +385,11 @@ func TestAddressParsingError(t *testing.T) { + 13: {"group not closed: null@example.com", "expected comma"}, + 14: {"group: first@example.com, second@example.com;", "group with multiple addresses"}, + 15: {"john.doe", "missing '@' or angle-addr"}, +- 16: {"john.doe@", "no angle-addr"}, ++ 16: {"john.doe@", "missing '@' or angle-addr"}, + 17: {"John Doe@foo.bar", "no angle-addr"}, ++ 18: {" group: null@example.com; (asd", "misformatted parenthetical comment"}, ++ 19: {" group: ; (asd", "misformatted parenthetical comment"}, ++ 20: {`(John) Doe <jdoe@machine.example>`, "missing word in phrase:"}, + } + + for i, tc := range mustErrTestCases { +@@ -436,24 +439,19 @@ func TestAddressParsing(t *testing.T) { + Address: "john.q.public@example.com", + }}, + }, +- { +- `"John (middle) Doe" <jdoe@machine.example>`, +- []*Address{{ +- Name: "John (middle) Doe", +- Address: "jdoe@machine.example", +- }}, +- }, ++ // Comment in display name + { + `John (middle) Doe <jdoe@machine.example>`, + []*Address{{ +- Name: "John (middle) Doe", ++ Name: "John Doe", + Address: "jdoe@machine.example", + }}, + }, ++ // Display name is quoted string, so comment is not a comment + { +- `John !@M@! Doe <jdoe@machine.example>`, ++ `"John (middle) Doe" <jdoe@machine.example>`, + []*Address{{ +- Name: "John !@M@! Doe", ++ Name: "John (middle) Doe", + Address: "jdoe@machine.example", + }}, + }, +@@ -788,6 +786,26 @@ func TestAddressParsing(t *testing.T) { + }, + }, + }, ++ // Comment in group display name ++ { ++ `group (comment:): a@example.com, b@example.com;`, ++ []*Address{ ++ { ++ Address: "a@example.com", ++ }, ++ { ++ Address: "b@example.com", ++ }, ++ }, ++ }, ++ { ++ `x(:"):"@a.example;("@b.example;`, ++ []*Address{ ++ { ++ Address: `@a.example;(@b.example`, ++ }, ++ }, ++ }, + } + for _, test := range tests { + if len(test.exp) == 1 { diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2024-24785.patch b/meta/recipes-devtools/go/go-1.14/CVE-2024-24785.patch new file mode 100644 index 0000000000..1398a2ca48 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2024-24785.patch @@ -0,0 +1,197 @@ +From 3643147a29352ca2894fd5d0d2069bc4b4335a7e Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker <roland@golang.org> +Date: Wed, 14 Feb 2024 17:18:36 -0800 +Subject: [PATCH] [release-branch.go1.21] html/template: escape additional + tokens in MarshalJSON errors + +Escape "</script" and "<!--" in errors returned from MarshalJSON errors +when attempting to marshal types in script blocks. This prevents any +user controlled content from prematurely terminating the script block. + +Updates #65697 +Fixes #65968 + +Change-Id: Icf0e26c54ea7d9c1deed0bff11b6506c99ddef1b +Reviewed-on: https://go-review.googlesource.com/c/go/+/564196 +LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> +Reviewed-by: Damien Neil <dneil@google.com> +(cherry picked from commit ccbc725f2d678255df1bd326fa511a492aa3a0aa) +Reviewed-on: https://go-review.googlesource.com/c/go/+/567515 +Reviewed-by: Carlos Amedee <carlos@golang.org> + +Upstream-Status: Backport [https://github.com/golang/go/commit/3643147a29352ca2894fd5d0d2069bc4b4335a7e] +CVE: CVE-2024-24785 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + src/html/template/js.go | 22 ++++++++- + src/html/template/js_test.go | 96 ++++++++++++++++++++---------------- + 2 files changed, 74 insertions(+), 44 deletions(-) + +diff --git a/src/html/template/js.go b/src/html/template/js.go +index 35994f0..4d3b25d 100644 +--- a/src/html/template/js.go ++++ b/src/html/template/js.go +@@ -171,13 +171,31 @@ func jsValEscaper(args ...interface{}) string { + // cyclic data. This may be an unacceptable DoS risk. + b, err := json.Marshal(a) + if err != nil { +- // Put a space before comment so that if it is flush against ++ // While the standard JSON marshaller does not include user controlled ++ // information in the error message, if a type has a MarshalJSON method, ++ // the content of the error message is not guaranteed. Since we insert ++ // the error into the template, as part of a comment, we attempt to ++ // prevent the error from either terminating the comment, or the script ++ // block itself. ++ // ++ // In particular we: ++ // * replace "*/" comment end tokens with "* /", which does not ++ // terminate the comment ++ // * replace "</script" with "\x3C/script", and "<!--" with ++ // "\x3C!--", which prevents confusing script block termination ++ // semantics ++ // ++ // We also put a space before the comment so that if it is flush against + // a division operator it is not turned into a line comment: + // x/{{y}} + // turning into + // x//* error marshaling y: + // second line of error message */null +- return fmt.Sprintf(" /* %s */null ", strings.ReplaceAll(err.Error(), "*/", "* /")) ++ errStr := err.Error() ++ errStr = strings.ReplaceAll(errStr, "*/", "* /") ++ errStr = strings.ReplaceAll(errStr, "</script", `\x3C/script`) ++ errStr = strings.ReplaceAll(errStr, "<!--", `\x3C!--`) ++ return fmt.Sprintf(" /* %s */null ", errStr) + } + + // TODO: maybe post-process output to prevent it from containing +diff --git a/src/html/template/js_test.go b/src/html/template/js_test.go +index de9ef28..3fc3baf 100644 +--- a/src/html/template/js_test.go ++++ b/src/html/template/js_test.go +@@ -5,6 +5,7 @@ + package template + + import ( ++ "errors" + "bytes" + "math" + "strings" +@@ -104,61 +105,72 @@ func TestNextJsCtx(t *testing.T) { + } + } + ++type jsonErrType struct{} ++ ++func (e *jsonErrType) MarshalJSON() ([]byte, error) { ++ return nil, errors.New("beep */ boop </script blip <!--") ++} ++ + func TestJSValEscaper(t *testing.T) { + tests := []struct { +- x interface{} +- js string ++ x interface{} ++ js string ++ skipNest bool + }{ +- {int(42), " 42 "}, +- {uint(42), " 42 "}, +- {int16(42), " 42 "}, +- {uint16(42), " 42 "}, +- {int32(-42), " -42 "}, +- {uint32(42), " 42 "}, +- {int16(-42), " -42 "}, +- {uint16(42), " 42 "}, +- {int64(-42), " -42 "}, +- {uint64(42), " 42 "}, +- {uint64(1) << 53, " 9007199254740992 "}, ++ {int(42), " 42 ", false}, ++ {uint(42), " 42 ", false}, ++ {int16(42), " 42 ", false}, ++ {uint16(42), " 42 ", false}, ++ {int32(-42), " -42 ", false}, ++ {uint32(42), " 42 ", false}, ++ {int16(-42), " -42 ", false}, ++ {uint16(42), " 42 ", false}, ++ {int64(-42), " -42 ", false}, ++ {uint64(42), " 42 ", false}, ++ {uint64(1) << 53, " 9007199254740992 ", false}, + // ulp(1 << 53) > 1 so this loses precision in JS + // but it is still a representable integer literal. +- {uint64(1)<<53 + 1, " 9007199254740993 "}, +- {float32(1.0), " 1 "}, +- {float32(-1.0), " -1 "}, +- {float32(0.5), " 0.5 "}, +- {float32(-0.5), " -0.5 "}, +- {float32(1.0) / float32(256), " 0.00390625 "}, +- {float32(0), " 0 "}, +- {math.Copysign(0, -1), " -0 "}, +- {float64(1.0), " 1 "}, +- {float64(-1.0), " -1 "}, +- {float64(0.5), " 0.5 "}, +- {float64(-0.5), " -0.5 "}, +- {float64(0), " 0 "}, +- {math.Copysign(0, -1), " -0 "}, +- {"", `""`}, +- {"foo", `"foo"`}, ++ {uint64(1)<<53 + 1, " 9007199254740993 ", false}, ++ {float32(1.0), " 1 ", false}, ++ {float32(-1.0), " -1 ", false}, ++ {float32(0.5), " 0.5 ", false}, ++ {float32(-0.5), " -0.5 ", false}, ++ {float32(1.0) / float32(256), " 0.00390625 ", false}, ++ {float32(0), " 0 ", false}, ++ {math.Copysign(0, -1), " -0 ", false}, ++ {float64(1.0), " 1 ", false}, ++ {float64(-1.0), " -1 ", false}, ++ {float64(0.5), " 0.5 ", false}, ++ {float64(-0.5), " -0.5 ", false}, ++ {float64(0), " 0 ", false}, ++ {math.Copysign(0, -1), " -0 ", false}, ++ {"", `""`, false}, ++ {"foo", `"foo"`, false}, + // Newlines. +- {"\r\n\u2028\u2029", `"\r\n\u2028\u2029"`}, ++ {"\r\n\u2028\u2029", `"\r\n\u2028\u2029"`, false}, + // "\v" == "v" on IE 6 so use "\u000b" instead. +- {"\t\x0b", `"\t\u000b"`}, +- {struct{ X, Y int }{1, 2}, `{"X":1,"Y":2}`}, +- {[]interface{}{}, "[]"}, +- {[]interface{}{42, "foo", nil}, `[42,"foo",null]`}, +- {[]string{"<!--", "</script>", "-->"}, `["\u003c!--","\u003c/script\u003e","--\u003e"]`}, +- {"<!--", `"\u003c!--"`}, +- {"-->", `"--\u003e"`}, +- {"<![CDATA[", `"\u003c![CDATA["`}, +- {"]]>", `"]]\u003e"`}, +- {"</script", `"\u003c/script"`}, +- {"\U0001D11E", "\"\U0001D11E\""}, // or "\uD834\uDD1E" +- {nil, " null "}, ++ {"\t\x0b", `"\t\u000b"`, false}, ++ {struct{ X, Y int }{1, 2}, `{"X":1,"Y":2}`, false}, ++ {[]interface{}{}, "[]", false}, ++ {[]interface{}{42, "foo", nil}, `[42,"foo",null]`, false}, ++ {[]string{"<!--", "</script>", "-->"}, `["\u003c!--","\u003c/script\u003e","--\u003e"]`, false}, ++ {"<!--", `"\u003c!--"`, false}, ++ {"-->", `"--\u003e"`, false}, ++ {"<![CDATA[", `"\u003c![CDATA["`, false}, ++ {"]]>", `"]]\u003e"`, false}, ++ {"</script", `"\u003c/script"`, false}, ++ {"\U0001D11E", "\"\U0001D11E\"", false}, // or "\uD834\uDD1E" ++ {nil, " null ", false}, ++ {&jsonErrType{}, " /* json: error calling MarshalJSON for type *template.jsonErrType: beep * / boop \\x3C/script blip \\x3C!-- */null ", true}, + } + + for _, test := range tests { + if js := jsValEscaper(test.x); js != test.js { + t.Errorf("%+v: want\n\t%q\ngot\n\t%q", test.x, test.js, js) + } ++ if test.skipNest { ++ continue ++ } + // Make sure that escaping corner cases are not broken + // by nesting. + a := []interface{}{test.x} +-- +2.25.1 + diff --git a/meta/recipes-devtools/valgrind/valgrind/remove-for-all b/meta/recipes-devtools/valgrind/valgrind/remove-for-all index 9b8db093df..88a11ca332 100644 --- a/meta/recipes-devtools/valgrind/valgrind/remove-for-all +++ b/meta/recipes-devtools/valgrind/valgrind/remove-for-all @@ -1,3 +1,4 @@ drd/tests/bar_bad drd/tests/bar_bad_xml gdbserver_tests/hginfo +memcheck/tests/linux/timerfd-syscall diff --git a/meta/recipes-extended/shadow/files/CVE-2023-4641.patch b/meta/recipes-extended/shadow/files/CVE-2023-4641.patch new file mode 100644 index 0000000000..75dbbad299 --- /dev/null +++ b/meta/recipes-extended/shadow/files/CVE-2023-4641.patch @@ -0,0 +1,146 @@ +From 51731b01fd9a608397da22b7b9164e4996f3d4c6 Mon Sep 17 00:00:00 2001 +From: Alejandro Colomar <alx@kernel.org> +Date: Sat, 10 Jun 2023 16:20:05 +0200 +Subject: [PATCH] gpasswd(1): Fix password leak + +CVE: CVE-2023-4641 +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904] + +How to trigger this password leak? +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +When gpasswd(1) asks for the new password, it asks twice (as is usual +for confirming the new password). Each of those 2 password prompts +uses agetpass() to get the password. If the second agetpass() fails, +the first password, which has been copied into the 'static' buffer +'pass' via STRFCPY(), wasn't being zeroed. + +agetpass() is defined in <./libmisc/agetpass.c> (around line 91), and +can fail for any of the following reasons: + +- malloc(3) or readpassphrase(3) failure. + + These are going to be difficult to trigger. Maybe getting the system + to the limits of memory utilization at that exact point, so that the + next malloc(3) gets ENOMEM, and possibly even the OOM is triggered. + About readpassphrase(3), ENFILE and EINTR seem the only plausible + ones, and EINTR probably requires privilege or being the same user; + but I wouldn't discard ENFILE so easily, if a process starts opening + files. + +- The password is longer than PASS_MAX. + + The is plausible with physical access. However, at that point, a + keylogger will be a much simpler attack. + +And, the attacker must be able to know when the second password is being +introduced, which is not going to be easy. + +How to read the password after the leak? +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Provoking the leak yourself at the right point by entering a very long +password is easy, and inspecting the process stack at that point should +be doable. Try to find some consistent patterns. + +Then, search for those patterns in free memory, right after the victim +leaks their password. + +Once you get the leak, a program should read all the free memory +searching for patterns that gpasswd(1) leaves nearby the leaked +password. + +On 6/10/23 03:14, Seth Arnold wrote: +> An attacker process wouldn't be able to use malloc(3) for this task. +> There's a handful of tools available for userspace to allocate memory: +> +> - brk / sbrk +> - mmap MAP_ANONYMOUS +> - mmap /dev/zero +> - mmap some other file +> - shm_open +> - shmget +> +> Most of these return only pages of zeros to a process. Using mmap of an +> existing file, you can get some of the contents of the file demand-loaded +> into the memory space on the first use. +> +> The MAP_UNINITIALIZED flag only works if the kernel was compiled with +> CONFIG_MMAP_ALLOW_UNINITIALIZED. This is rare. +> +> malloc(3) doesn't zero memory, to our collective frustration, but all the +> garbage in the allocations is from previous allocations in the current +> process. It isn't leftover from other processes. +> +> The avenues available for reading the memory: +> - /dev/mem and /dev/kmem (requires root, not available with Secure Boot) +> - /proc/pid/mem (requires ptrace privileges, mediated by YAMA) +> - ptrace (requires ptrace privileges, mediated by YAMA) +> - causing memory to be swapped to disk, and then inspecting the swap +> +> These all require a certain amount of privileges. + +How to fix it? +~~~~~~~~~~~~~~ + +memzero(), which internally calls explicit_bzero(3), or whatever +alternative the system provides with a slightly different name, will +make sure that the buffer is zeroed in memory, and optimizations are not +allowed to impede this zeroing. + +This is not really 100% effective, since compilers may place copies of +the string somewhere hidden in the stack. Those copies won't get zeroed +by explicit_bzero(3). However, that's arguably a compiler bug, since +compilers should make everything possible to avoid optimizing strings +that are later passed to explicit_bzero(3). But we all know that +sometimes it's impossible to have perfect knowledge in the compiler, so +this is plausible. Nevertheless, there's nothing we can do against such +issues, except minimizing the time such passwords are stored in plain +text. + +Security concerns +~~~~~~~~~~~~~~~~~ + +We believe this isn't easy to exploit. Nevertheless, and since the fix +is trivial, this fix should probably be applied soon, and backported to +all supported distributions, to prevent someone else having more +imagination than us to find a way. + +Affected versions +~~~~~~~~~~~~~~~~~ + +All. Bug introduced in shadow 19990709. That's the second commit in +the git history. + +Fixes: 45c6603cc86c ("[svn-upgrade] Integrating new upstream version, shadow (19990709)") +Reported-by: Alejandro Colomar <alx@kernel.org> +Cc: Serge Hallyn <serge@hallyn.com> +Cc: Iker Pedrosa <ipedrosa@redhat.com> +Cc: Seth Arnold <seth.arnold@canonical.com> +Cc: Christian Brauner <christian@brauner.io> +Cc: Balint Reczey <rbalint@debian.org> +Cc: Sam James <sam@gentoo.org> +Cc: David Runge <dvzrv@archlinux.org> +Cc: Andreas Jaeger <aj@suse.de> +Cc: <~hallyn/shadow@lists.sr.ht> +Signed-off-by: Alejandro Colomar <alx@kernel.org> +Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com> +--- + src/gpasswd.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/gpasswd.c b/src/gpasswd.c +index 4d75af96..a698b32a 100644 +--- a/src/gpasswd.c ++++ b/src/gpasswd.c +@@ -918,6 +918,7 @@ static void change_passwd (struct group *gr) + strzero (cp); + cp = getpass (_("Re-enter new password: ")); + if (NULL == cp) { ++ memzero (pass, sizeof pass); + exit (1); + } + +-- +2.42.0 + diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index 2ecab5073d..c16292c38a 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -16,6 +16,7 @@ SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/${PV}/${BP}. file://shadow-relaxed-usernames.patch \ file://CVE-2023-29383.patch \ file://0001-Overhaul-valid_field.patch \ + file://CVE-2023-4641.patch \ " SRC_URI_append_class-target = " \ diff --git a/meta/recipes-extended/tar/tar/CVE-2023-39804.patch b/meta/recipes-extended/tar/tar/CVE-2023-39804.patch new file mode 100644 index 0000000000..f550928540 --- /dev/null +++ b/meta/recipes-extended/tar/tar/CVE-2023-39804.patch @@ -0,0 +1,64 @@ +From a339f05cd269013fa133d2f148d73f6f7d4247e4 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <gray@gnu.org> +Date: Sat, 28 Aug 2021 16:02:12 +0300 +Subject: Fix handling of extended header prefixes + +* src/xheader.c (locate_handler): Recognize prefix keywords only +when followed by a dot. +(xattr_decoder): Use xmalloc/xstrdup instead of alloc + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4] +CVE: CVE-2023-39804 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + src/xheader.c | 17 +++++++++-------- + 1 file changed, 9 insertions(+), 8 deletions(-) + +diff --git a/src/xheader.c b/src/xheader.c +index 4f8b2b2..3cd694d 100644 +--- a/src/xheader.c ++++ b/src/xheader.c +@@ -637,11 +637,11 @@ static struct xhdr_tab const * + locate_handler (char const *keyword) + { + struct xhdr_tab const *p; +- + for (p = xhdr_tab; p->keyword; p++) + if (p->prefix) + { +- if (strncmp (p->keyword, keyword, strlen(p->keyword)) == 0) ++ size_t kwlen = strlen (p->keyword); ++ if (keyword[kwlen] == '.' && strncmp (p->keyword, keyword, kwlen) == 0) + return p; + } + else +@@ -1716,19 +1716,20 @@ xattr_decoder (struct tar_stat_info *st, + char const *keyword, char const *arg, size_t size) + { + char *xstr, *xkey; +- ++ + /* copy keyword */ +- size_t klen_raw = strlen (keyword); +- xkey = alloca (klen_raw + 1); +- memcpy (xkey, keyword, klen_raw + 1) /* including null-terminating */; ++ xkey = xstrdup (keyword); + + /* copy value */ +- xstr = alloca (size + 1); ++ xstr = xmalloc (size + 1); + memcpy (xstr, arg, size + 1); /* separator included, for GNU tar '\n' */; + + xattr_decode_keyword (xkey); + +- xheader_xattr_add (st, xkey + strlen("SCHILY.xattr."), xstr, size); ++ xheader_xattr_add (st, xkey + strlen ("SCHILY.xattr."), xstr, size); ++ ++ free (xkey); ++ free (xstr); + } + + static void +-- +cgit v1.1 + diff --git a/meta/recipes-extended/tar/tar_1.32.bb b/meta/recipes-extended/tar/tar_1.32.bb index 1246f01256..9297480e85 100644 --- a/meta/recipes-extended/tar/tar_1.32.bb +++ b/meta/recipes-extended/tar/tar_1.32.bb @@ -6,10 +6,13 @@ SECTION = "base" LICENSE = "GPLv3" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" +PR = "r1" + SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \ file://musl_dirent.patch \ file://CVE-2021-20193.patch \ file://CVE-2022-48303.patch \ + file://CVE-2023-39804.patch \ " SRC_URI[md5sum] = "17917356fff5cb4bd3cd5a6c3e727b05" diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31080.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31080.patch new file mode 100644 index 0000000000..da735efb2b --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31080.patch @@ -0,0 +1,49 @@ +From 96798fc1967491c80a4d0c8d9e0a80586cb2152b Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith <alan.coopersmith@oracle.com> +Date: Fri, 22 Mar 2024 18:51:45 -0700 +Subject: [PATCH] Xi: ProcXIGetSelectedEvents needs to use unswapped length to + send reply + +CVE-2024-31080 + +Reported-by: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=69762 +Fixes: 53e821ab4 ("Xi: add request processing for XIGetSelectedEvents.") +Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> +Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1463> + +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/96798fc1967491c80a4d0c8d9e0a80586cb2152b] +CVE: CVE-2024-31080 +Signed-off-by: Ashish Sharma <asharma@mvista.com> + + Xi/xiselectev.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/Xi/xiselectev.c b/Xi/xiselectev.c +index edcb8a0d36..ac14949871 100644 +--- a/Xi/xiselectev.c ++++ b/Xi/xiselectev.c +@@ -349,6 +349,7 @@ ProcXIGetSelectedEvents(ClientPtr client) + InputClientsPtr others = NULL; + xXIEventMask *evmask = NULL; + DeviceIntPtr dev; ++ uint32_t length; + + REQUEST(xXIGetSelectedEventsReq); + REQUEST_SIZE_MATCH(xXIGetSelectedEventsReq); +@@ -418,10 +419,12 @@ ProcXIGetSelectedEvents(ClientPtr client) + } + } + ++ /* save the value before SRepXIGetSelectedEvents swaps it */ ++ length = reply.length; + WriteReplyToClient(client, sizeof(xXIGetSelectedEventsReply), &reply); + + if (reply.num_masks) +- WriteToClient(client, reply.length * 4, buffer); ++ WriteToClient(client, length * 4, buffer); + + free(buffer); + return Success; +-- +GitLab + diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31081.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31081.patch new file mode 100644 index 0000000000..d2c551a0e5 --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2024-31081.patch @@ -0,0 +1,47 @@ +From 3e77295f888c67fc7645db5d0c00926a29ffecee Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith <alan.coopersmith@oracle.com> +Date: Fri, 22 Mar 2024 18:56:27 -0700 +Subject: [PATCH] Xi: ProcXIPassiveGrabDevice needs to use unswapped length to + send reply + +CVE-2024-31081 + +Fixes: d220d6907 ("Xi: add GrabButton and GrabKeysym code.") +Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> +Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1463> + +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/3e77295f888c67fc7645db5d0c00926a29ffecee] +CVE: CVE-2024-31081 +Signed-off-by: Ashish Sharma <asharma@mvista.com> + + Xi/xipassivegrab.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/Xi/xipassivegrab.c b/Xi/xipassivegrab.c +index c9ac2f8553..896233bec2 100644 +--- a/Xi/xipassivegrab.c ++++ b/Xi/xipassivegrab.c +@@ -93,6 +93,7 @@ ProcXIPassiveGrabDevice(ClientPtr client) + GrabParameters param; + void *tmp; + int mask_len; ++ uint32_t length; + + REQUEST(xXIPassiveGrabDeviceReq); + REQUEST_FIXED_SIZE(xXIPassiveGrabDeviceReq, +@@ -247,9 +248,11 @@ ProcXIPassiveGrabDevice(ClientPtr client) + } + } + ++ /* save the value before SRepXIPassiveGrabDevice swaps it */ ++ length = rep.length; + WriteReplyToClient(client, sizeof(rep), &rep); + if (rep.num_modifiers) +- WriteToClient(client, rep.length * 4, modifiers_failed); ++ WriteToClient(client, length * 4, modifiers_failed); + + out: + free(modifiers_failed); +-- +GitLab + diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb index d6c6c5bd45..04a6e734ef 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb @@ -30,6 +30,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://CVE-2024-21886-2.patch \ file://CVE-2024-0408.patch \ file://CVE-2024-0409.patch \ + file://CVE-2024-31081.patch \ + file://CVE-2024-31080.patch \ " SRC_URI[md5sum] = "453fc86aac8c629b3a5b77e8dcca30bf" SRC_URI[sha256sum] = "54b199c9280ff8bf0f73a54a759645bd0eeeda7255d1c99310d5b7595f3ac066" diff --git a/meta/recipes-kernel/linux/cve-exclusion_5.4.inc b/meta/recipes-kernel/linux/cve-exclusion_5.4.inc index 79caff7c6c..b0b33bcc1d 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_5.4.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_5.4.inc @@ -1,9 +1,9 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2024-02-21 03:40:25.997343 for version 5.4.268 +# Generated at 2024-04-14 04:45:05.585211 for version 5.4.273 python check_kernel_cve_status_version() { - this_version = "5.4.268" + this_version = "5.4.273" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) @@ -4296,6 +4296,12 @@ CVE_CHECK_WHITELIST += "CVE-2019-25044" # fixed-version: Fixed after version 5.1 CVE_CHECK_WHITELIST += "CVE-2019-25045" +# fixed-version: Fixed after version 5.0 +CVE_CHECK_WHITELIST += "CVE-2019-25160" + +# cpe-stable-backport: Backported in 5.4.211 +CVE_CHECK_WHITELIST += "CVE-2019-25162" + # cpe-stable-backport: Backported in 5.4.19 CVE_CHECK_WHITELIST += "CVE-2019-3016" @@ -4972,6 +4978,43 @@ CVE_CHECK_WHITELIST += "CVE-2020-36694" # cpe-stable-backport: Backported in 5.4.62 CVE_CHECK_WHITELIST += "CVE-2020-36766" +# cpe-stable-backport: Backported in 5.4.189 +CVE_CHECK_WHITELIST += "CVE-2020-36775" + +# fixed-version: only affects 5.8rc4 onwards +CVE_CHECK_WHITELIST += "CVE-2020-36776" + +# cpe-stable-backport: Backported in 5.4.118 +CVE_CHECK_WHITELIST += "CVE-2020-36777" + +# fixed-version: only affects 5.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2020-36778" + +# fixed-version: only affects 5.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2020-36779" + +# cpe-stable-backport: Backported in 5.4.119 +CVE_CHECK_WHITELIST += "CVE-2020-36780" + +# CVE-2020-36781 needs backporting (fixed from 5.13rc1) + +# cpe-stable-backport: Backported in 5.4.119 +CVE_CHECK_WHITELIST += "CVE-2020-36782" + +# cpe-stable-backport: Backported in 5.4.119 +CVE_CHECK_WHITELIST += "CVE-2020-36783" + +# CVE-2020-36784 needs backporting (fixed from 5.13rc1) + +# fixed-version: only affects 5.8rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2020-36785" + +# fixed-version: only affects 5.10rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2020-36786" + +# cpe-stable-backport: Backported in 5.4.119 +CVE_CHECK_WHITELIST += "CVE-2020-36787" + # cpe-stable-backport: Backported in 5.4.143 CVE_CHECK_WHITELIST += "CVE-2020-3702" @@ -5674,6 +5717,765 @@ CVE_CHECK_WHITELIST += "CVE-2021-45868" # fixed-version: only affects 5.7rc1 onwards CVE_CHECK_WHITELIST += "CVE-2021-46283" +# cpe-stable-backport: Backported in 5.4.112 +CVE_CHECK_WHITELIST += "CVE-2021-46904" + +# fixed-version: only affects 5.12rc7 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46905" + +# cpe-stable-backport: Backported in 5.4.127 +CVE_CHECK_WHITELIST += "CVE-2021-46906" + +# CVE-2021-46908 needs backporting (fixed from 5.12rc8) + +# cpe-stable-backport: Backported in 5.4.114 +CVE_CHECK_WHITELIST += "CVE-2021-46909" + +# fixed-version: only affects 5.11rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46910" + +# fixed-version: only affects 5.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46911" + +# fixed-version: only affects 5.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46912" + +# fixed-version: only affects 5.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46913" + +# fixed-version: only affects 5.9rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46914" + +# cpe-stable-backport: Backported in 5.4.114 +CVE_CHECK_WHITELIST += "CVE-2021-46915" + +# fixed-version: only affects 5.11rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46916" + +# fixed-version: only affects 5.8rc6 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46917" + +# fixed-version: only affects 5.11rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46918" + +# fixed-version: only affects 5.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46919" + +# fixed-version: only affects 5.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46920" + +# cpe-stable-backport: Backported in 5.4.115 +CVE_CHECK_WHITELIST += "CVE-2021-46921" + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46922" + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46923" + +# cpe-stable-backport: Backported in 5.4.170 +CVE_CHECK_WHITELIST += "CVE-2021-46924" + +# CVE-2021-46925 needs backporting (fixed from 5.16rc8) + +# CVE-2021-46926 needs backporting (fixed from 5.16rc7) + +# fixed-version: only affects 5.15rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46927" + +# CVE-2021-46928 needs backporting (fixed from 5.16rc7) + +# cpe-stable-backport: Backported in 5.4.170 +CVE_CHECK_WHITELIST += "CVE-2021-46929" + +# cpe-stable-backport: Backported in 5.4.170 +CVE_CHECK_WHITELIST += "CVE-2021-46930" + +# fixed-version: only affects 5.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46931" + +# cpe-stable-backport: Backported in 5.4.170 +CVE_CHECK_WHITELIST += "CVE-2021-46932" + +# cpe-stable-backport: Backported in 5.4.170 +CVE_CHECK_WHITELIST += "CVE-2021-46933" + +# cpe-stable-backport: Backported in 5.4.170 +CVE_CHECK_WHITELIST += "CVE-2021-46934" + +# cpe-stable-backport: Backported in 5.4.170 +CVE_CHECK_WHITELIST += "CVE-2021-46935" + +# cpe-stable-backport: Backported in 5.4.170 +CVE_CHECK_WHITELIST += "CVE-2021-46936" + +# fixed-version: only affects 5.15rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46937" + +# cpe-stable-backport: Backported in 5.4.118 +CVE_CHECK_WHITELIST += "CVE-2021-46938" + +# cpe-stable-backport: Backported in 5.4.118 +CVE_CHECK_WHITELIST += "CVE-2021-46939" + +# fixed-version: only affects 5.10rc4 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46940" + +# CVE-2021-46941 needs backporting (fixed from 5.13rc1) + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46942" + +# cpe-stable-backport: Backported in 5.4.118 +CVE_CHECK_WHITELIST += "CVE-2021-46943" + +# cpe-stable-backport: Backported in 5.4.118 +CVE_CHECK_WHITELIST += "CVE-2021-46944" + +# fixed-version: only affects 5.11rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46945" + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46947" + +# fixed-version: only affects 5.10rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46948" + +# fixed-version: only affects 5.10rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46949" + +# cpe-stable-backport: Backported in 5.4.118 +CVE_CHECK_WHITELIST += "CVE-2021-46950" + +# cpe-stable-backport: Backported in 5.4.118 +CVE_CHECK_WHITELIST += "CVE-2021-46951" + +# CVE-2021-46952 needs backporting (fixed from 5.13rc1) + +# cpe-stable-backport: Backported in 5.4.118 +CVE_CHECK_WHITELIST += "CVE-2021-46953" + +# fixed-version: only affects 5.11rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46954" + +# cpe-stable-backport: Backported in 5.4.118 +CVE_CHECK_WHITELIST += "CVE-2021-46955" + +# cpe-stable-backport: Backported in 5.4.118 +CVE_CHECK_WHITELIST += "CVE-2021-46956" + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46957" + +# fixed-version: only affects 5.7rc4 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46958" + +# CVE-2021-46959 needs backporting (fixed from 5.13rc1) + +# cpe-stable-backport: Backported in 5.4.118 +CVE_CHECK_WHITELIST += "CVE-2021-46960" + +# cpe-stable-backport: Backported in 5.4.118 +CVE_CHECK_WHITELIST += "CVE-2021-46961" + +# cpe-stable-backport: Backported in 5.4.118 +CVE_CHECK_WHITELIST += "CVE-2021-46962" + +# fixed-version: only affects 5.5rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46963" + +# fixed-version: only affects 5.11rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46964" + +# CVE-2021-46965 needs backporting (fixed from 5.13rc1) + +# cpe-stable-backport: Backported in 5.4.118 +CVE_CHECK_WHITELIST += "CVE-2021-46966" + +# fixed-version: only affects 5.8rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46967" + +# fixed-version: only affects 5.10rc3 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46968" + +# CVE-2021-46969 needs backporting (fixed from 5.13rc1) + +# CVE-2021-46970 needs backporting (fixed from 5.13rc1) + +# cpe-stable-backport: Backported in 5.4.117 +CVE_CHECK_WHITELIST += "CVE-2021-46971" + +# fixed-version: only affects 5.8rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46972" + +# fixed-version: only affects 5.8rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46973" + +# cpe-stable-backport: Backported in 5.4.117 +CVE_CHECK_WHITELIST += "CVE-2021-46974" + +# fixed-version: only affects 5.8rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46976" + +# fixed-version: only affects 5.5rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46977" + +# fixed-version: only affects 5.11rc3 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46978" + +# fixed-version: only affects 5.11rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46979" + +# fixed-version: only affects 5.8rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46980" + +# cpe-stable-backport: Backported in 5.4.120 +CVE_CHECK_WHITELIST += "CVE-2021-46981" + +# CVE-2021-46982 needs backporting (fixed from 5.13rc2) + +# fixed-version: only affects 5.9rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46983" + +# cpe-stable-backport: Backported in 5.4.120 +CVE_CHECK_WHITELIST += "CVE-2021-46984" + +# fixed-version: only affects 5.12rc5 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46985" + +# fixed-version: only affects 5.10rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46986" + +# fixed-version: only affects 5.9rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46987" + +# cpe-stable-backport: Backported in 5.4.120 +CVE_CHECK_WHITELIST += "CVE-2021-46988" + +# cpe-stable-backport: Backported in 5.4.120 +CVE_CHECK_WHITELIST += "CVE-2021-46989" + +# fixed-version: only affects 5.10rc5 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46990" + +# cpe-stable-backport: Backported in 5.4.120 +CVE_CHECK_WHITELIST += "CVE-2021-46991" + +# cpe-stable-backport: Backported in 5.4.120 +CVE_CHECK_WHITELIST += "CVE-2021-46992" + +# cpe-stable-backport: Backported in 5.4.120 +CVE_CHECK_WHITELIST += "CVE-2021-46993" + +# fixed-version: only affects 5.5rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46994" + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46995" + +# fixed-version: only affects 5.10rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46996" + +# fixed-version: only affects 5.10rc7 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46997" + +# cpe-stable-backport: Backported in 5.4.120 +CVE_CHECK_WHITELIST += "CVE-2021-46998" + +# fixed-version: only affects 5.7rc3 onwards +CVE_CHECK_WHITELIST += "CVE-2021-46999" + +# fixed-version: only affects 5.8rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47000" + +# fixed-version: only affects 5.5rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47001" + +# fixed-version: only affects 5.11rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47002" + +# fixed-version: only affects 5.11 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47003" + +# CVE-2021-47004 needs backporting (fixed from 5.13rc1) + +# CVE-2021-47005 needs backporting (fixed from 5.13rc1) + +# cpe-stable-backport: Backported in 5.4.120 +CVE_CHECK_WHITELIST += "CVE-2021-47006" + +# fixed-version: only affects 5.8rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47007" + +# fixed-version: only affects 5.11rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47008" + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47009" + +# cpe-stable-backport: Backported in 5.4.119 +CVE_CHECK_WHITELIST += "CVE-2021-47010" + +# fixed-version: only affects 5.11rc5 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47011" + +# cpe-stable-backport: Backported in 5.4.119 +CVE_CHECK_WHITELIST += "CVE-2021-47012" + +# cpe-stable-backport: Backported in 5.4.119 +CVE_CHECK_WHITELIST += "CVE-2021-47013" + +# fixed-version: only affects 5.8rc7 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47014" + +# cpe-stable-backport: Backported in 5.4.119 +CVE_CHECK_WHITELIST += "CVE-2021-47015" + +# cpe-stable-backport: Backported in 5.4.119 +CVE_CHECK_WHITELIST += "CVE-2021-47016" + +# fixed-version: only affects 5.8rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47017" + +# fixed-version: only affects 5.5rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47018" + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47019" + +# cpe-stable-backport: Backported in 5.4.119 +CVE_CHECK_WHITELIST += "CVE-2021-47020" + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47021" + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47022" + +# fixed-version: only affects 5.10rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47023" + +# CVE-2021-47024 needs backporting (fixed from 5.13rc1) + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47025" + +# fixed-version: only affects 5.8rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47026" + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47027" + +# CVE-2021-47028 needs backporting (fixed from 5.13rc1) + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47029" + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47030" + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47031" + +# fixed-version: only affects 5.10rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47032" + +# fixed-version: only affects 5.10rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47033" + +# cpe-stable-backport: Backported in 5.4.119 +CVE_CHECK_WHITELIST += "CVE-2021-47034" + +# fixed-version: only affects 5.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47035" + +# fixed-version: only affects 5.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47036" + +# fixed-version: only affects 5.10rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47037" + +# fixed-version: only affects 5.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47038" + +# fixed-version: only affects 5.11rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47039" + +# fixed-version: only affects 5.8rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47040" + +# cpe-stable-backport: Backported in 5.4.119 +CVE_CHECK_WHITELIST += "CVE-2021-47041" + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47042" + +# fixed-version: only affects 5.5rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47043" + +# fixed-version: only affects 5.10rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47044" + +# fixed-version: only affects 5.11rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47045" + +# CVE-2021-47046 needs backporting (fixed from 5.13rc1) + +# fixed-version: only affects 5.10rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47047" + +# fixed-version: only affects 5.10rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47048" + +# CVE-2021-47049 needs backporting (fixed from 5.13rc1) + +# fixed-version: only affects 5.9rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47050" + +# cpe-stable-backport: Backported in 5.4.119 +CVE_CHECK_WHITELIST += "CVE-2021-47051" + +# CVE-2021-47052 needs backporting (fixed from 5.13rc1) + +# fixed-version: only affects 5.10rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47053" + +# cpe-stable-backport: Backported in 5.4.119 +CVE_CHECK_WHITELIST += "CVE-2021-47054" + +# fixed-version: only affects 5.9rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47055" + +# cpe-stable-backport: Backported in 5.4.119 +CVE_CHECK_WHITELIST += "CVE-2021-47056" + +# fixed-version: only affects 5.10rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47057" + +# fixed-version: only affects 5.11rc3 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47058" + +# CVE-2021-47059 needs backporting (fixed from 5.13rc1) + +# fixed-version: only affects 5.9rc5 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47060" + +# fixed-version: only affects 5.9rc5 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47061" + +# fixed-version: only affects 5.11rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47062" + +# CVE-2021-47063 needs backporting (fixed from 5.13rc1) + +# fixed-version: only affects 5.10rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47064" + +# cpe-stable-backport: Backported in 5.4.119 +CVE_CHECK_WHITELIST += "CVE-2021-47065" + +# fixed-version: only affects 5.10rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47066" + +# fixed-version: only affects 5.5rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47067" + +# fixed-version: only affects 5.12rc7 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47068" + +# fixed-version: only affects 5.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47069" + +# CVE-2021-47070 needs backporting (fixed from 5.13rc3) + +# cpe-stable-backport: Backported in 5.4.122 +CVE_CHECK_WHITELIST += "CVE-2021-47071" + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47072" + +# cpe-stable-backport: Backported in 5.4.122 +CVE_CHECK_WHITELIST += "CVE-2021-47073" + +# CVE-2021-47074 needs backporting (fixed from 5.13rc3) + +# CVE-2021-47075 needs backporting (fixed from 5.13rc3) + +# CVE-2021-47076 needs backporting (fixed from 5.13rc3) + +# CVE-2021-47077 needs backporting (fixed from 5.13rc3) + +# cpe-stable-backport: Backported in 5.4.122 +CVE_CHECK_WHITELIST += "CVE-2021-47078" + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47079" + +# fixed-version: only affects 5.10rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47080" + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47081" + +# cpe-stable-backport: Backported in 5.4.240 +CVE_CHECK_WHITELIST += "CVE-2021-47082" + +# cpe-stable-backport: Backported in 5.4.169 +CVE_CHECK_WHITELIST += "CVE-2021-47083" + +# cpe-stable-backport: Backported in 5.4.169 +CVE_CHECK_WHITELIST += "CVE-2021-47086" + +# fixed-version: only affects 5.14rc5 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47087" + +# fixed-version: only affects 5.15rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47088" + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47089" + +# fixed-version: only affects 5.10rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47090" + +# fixed-version: only affects 5.10rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47091" + +# fixed-version: only affects 5.15rc4 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47092" + +# fixed-version: only affects 5.9 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47093" + +# fixed-version: only affects 5.10rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47094" + +# cpe-stable-backport: Backported in 5.4.169 +CVE_CHECK_WHITELIST += "CVE-2021-47095" + +# fixed-version: only affects 5.15rc4 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47096" + +# fixed-version: only affects 5.11rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47097" + +# fixed-version: only affects 5.14rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47098" + +# fixed-version: only affects 5.13rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47099" + +# cpe-stable-backport: Backported in 5.4.169 +CVE_CHECK_WHITELIST += "CVE-2021-47100" + +# CVE-2021-47101 needs backporting (fixed from 5.16rc7) + +# fixed-version: only affects 5.14rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47102" + +# cpe-stable-backport: Backported in 5.4.220 +CVE_CHECK_WHITELIST += "CVE-2021-47103" + +# fixed-version: only affects 5.15 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47104" + +# fixed-version: only affects 5.5rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47105" + +# fixed-version: only affects 5.13rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47106" + +# fixed-version: only affects 5.13rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47107" + +# fixed-version: only affects 5.14rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47108" + +# cpe-stable-backport: Backported in 5.4.125 +CVE_CHECK_WHITELIST += "CVE-2021-47109" + +# cpe-stable-backport: Backported in 5.4.125 +CVE_CHECK_WHITELIST += "CVE-2021-47110" + +# fixed-version: only affects 5.5rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47111" + +# cpe-stable-backport: Backported in 5.4.125 +CVE_CHECK_WHITELIST += "CVE-2021-47112" + +# CVE-2021-47113 needs backporting (fixed from 5.13rc5) + +# cpe-stable-backport: Backported in 5.4.125 +CVE_CHECK_WHITELIST += "CVE-2021-47114" + +# CVE-2021-47116 needs backporting (fixed from 5.13rc5) + +# cpe-stable-backport: Backported in 5.4.125 +CVE_CHECK_WHITELIST += "CVE-2021-47117" + +# cpe-stable-backport: Backported in 5.4.125 +CVE_CHECK_WHITELIST += "CVE-2021-47118" + +# CVE-2021-47119 needs backporting (fixed from 5.13rc5) + +# cpe-stable-backport: Backported in 5.4.125 +CVE_CHECK_WHITELIST += "CVE-2021-47120" + +# cpe-stable-backport: Backported in 5.4.125 +CVE_CHECK_WHITELIST += "CVE-2021-47121" + +# cpe-stable-backport: Backported in 5.4.125 +CVE_CHECK_WHITELIST += "CVE-2021-47122" + +# fixed-version: only affects 5.11rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47123" + +# CVE-2021-47124 needs backporting (fixed from 5.13rc2) + +# CVE-2021-47125 needs backporting (fixed from 5.13rc5) + +# cpe-stable-backport: Backported in 5.4.125 +CVE_CHECK_WHITELIST += "CVE-2021-47126" + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47127" + +# CVE-2021-47128 needs backporting (fixed from 5.13rc5) + +# cpe-stable-backport: Backported in 5.4.125 +CVE_CHECK_WHITELIST += "CVE-2021-47129" + +# fixed-version: only affects 5.8rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47130" + +# CVE-2021-47131 needs backporting (fixed from 5.13rc5) + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47132" + +# CVE-2021-47133 needs backporting (fixed from 5.13rc5) + +# fixed-version: only affects 5.10rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47134" + +# CVE-2021-47135 needs backporting (fixed from 5.13rc5) + +# CVE-2021-47136 needs backporting (fixed from 5.13rc4) + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47137" + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47138" + +# fixed-version: only affects 5.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47139" + +# CVE-2021-47140 needs backporting (fixed from 5.13rc4) + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47141" + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47142" + +# CVE-2021-47143 needs backporting (fixed from 5.13rc4) + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47144" + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47145" + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47146" + +# CVE-2021-47147 needs backporting (fixed from 5.13rc4) + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47148" + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47149" + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47150" + +# CVE-2021-47151 needs backporting (fixed from 5.13rc4) + +# fixed-version: only affects 5.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47152" + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47153" + +# CVE-2021-47158 needs backporting (fixed from 5.13rc4) + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47159" + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47160" + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47161" + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47162" + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47163" + +# fixed-version: only affects 5.8rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47164" + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47165" + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47166" + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47167" + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47168" + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47169" + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47170" + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47171" + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47172" + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47173" + +# fixed-version: only affects 5.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47174" + +# CVE-2021-47175 needs backporting (fixed from 5.13rc4) + +# fixed-version: only affects 5.11rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47176" + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47177" + +# fixed-version: only affects 5.11rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2021-47178" + +# cpe-stable-backport: Backported in 5.4.124 +CVE_CHECK_WHITELIST += "CVE-2021-47179" + +# cpe-stable-backport: Backported in 5.4.123 +CVE_CHECK_WHITELIST += "CVE-2021-47180" + # cpe-stable-backport: Backported in 5.4.184 CVE_CHECK_WHITELIST += "CVE-2022-0001" @@ -6595,6 +7397,19 @@ CVE_CHECK_WHITELIST += "CVE-2022-48502" # cpe-stable-backport: Backported in 5.4.196 CVE_CHECK_WHITELIST += "CVE-2022-48619" +# cpe-stable-backport: Backported in 5.4.179 +CVE_CHECK_WHITELIST += "CVE-2022-48626" + +# CVE-2022-48627 needs backporting (fixed from 5.19rc7) + +# CVE-2022-48628 needs backporting (fixed from 6.6rc1) + +# cpe-stable-backport: Backported in 5.4.187 +CVE_CHECK_WHITELIST += "CVE-2022-48629" + +# fixed-version: only affects 5.17 onwards +CVE_CHECK_WHITELIST += "CVE-2022-48630" + # fixed-version: Fixed after version 5.0rc1 CVE_CHECK_WHITELIST += "CVE-2023-0030" @@ -6940,6 +7755,8 @@ CVE_CHECK_WHITELIST += "CVE-2023-28466" # cpe-stable-backport: Backported in 5.4.213 CVE_CHECK_WHITELIST += "CVE-2023-2860" +# CVE-2023-28746 needs backporting (fixed from 6.9rc1) + # cpe-stable-backport: Backported in 5.4.133 CVE_CHECK_WHITELIST += "CVE-2023-28772" @@ -7339,7 +8156,7 @@ CVE_CHECK_WHITELIST += "CVE-2023-46838" # fixed-version: only affects 5.10rc1 onwards CVE_CHECK_WHITELIST += "CVE-2023-46862" -# CVE-2023-47233 has no known resolution +# CVE-2023-47233 needs backporting (fixed from 6.9rc1) # fixed-version: only affects 5.7rc1 onwards CVE_CHECK_WHITELIST += "CVE-2023-4732" @@ -7383,6 +8200,471 @@ CVE_CHECK_WHITELIST += "CVE-2023-5197" # cpe-stable-backport: Backported in 5.4.267 CVE_CHECK_WHITELIST += "CVE-2023-52340" +# CVE-2023-52429 needs backporting (fixed from 6.8rc3) + +# fixed-version: only affects 6.5rc6 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52433" + +# CVE-2023-52434 needs backporting (fixed from 6.7rc6) + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2023-52435" + +# cpe-stable-backport: Backported in 5.4.268 +CVE_CHECK_WHITELIST += "CVE-2023-52436" + +# cpe-stable-backport: Backported in 5.4.268 +CVE_CHECK_WHITELIST += "CVE-2023-52438" + +# cpe-stable-backport: Backported in 5.4.268 +CVE_CHECK_WHITELIST += "CVE-2023-52439" + +# fixed-version: only affects 5.17rc4 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52440" + +# fixed-version: only affects 5.15rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52441" + +# CVE-2023-52442 needs backporting (fixed from 6.5rc4) + +# cpe-stable-backport: Backported in 5.4.268 +CVE_CHECK_WHITELIST += "CVE-2023-52443" + +# cpe-stable-backport: Backported in 5.4.268 +CVE_CHECK_WHITELIST += "CVE-2023-52444" + +# cpe-stable-backport: Backported in 5.4.268 +CVE_CHECK_WHITELIST += "CVE-2023-52445" + +# fixed-version: only affects 6.2rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52446" + +# fixed-version: only affects 5.9rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52447" + +# cpe-stable-backport: Backported in 5.4.268 +CVE_CHECK_WHITELIST += "CVE-2023-52448" + +# cpe-stable-backport: Backported in 5.4.268 +CVE_CHECK_WHITELIST += "CVE-2023-52449" + +# fixed-version: only affects 6.2rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52450" + +# cpe-stable-backport: Backported in 5.4.268 +CVE_CHECK_WHITELIST += "CVE-2023-52451" + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52452" + +# fixed-version: only affects 6.2rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52453" + +# cpe-stable-backport: Backported in 5.4.268 +CVE_CHECK_WHITELIST += "CVE-2023-52454" + +# fixed-version: only affects 6.3rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52455" + +# fixed-version: only affects 5.9rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52456" + +# fixed-version: only affects 6.1rc6 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52457" + +# CVE-2023-52458 needs backporting (fixed from 6.8rc1) + +# fixed-version: only affects 6.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52459" + +# fixed-version: only affects 6.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52460" + +# fixed-version: only affects 6.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52461" + +# fixed-version: only affects 5.16rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52462" + +# fixed-version: only affects 5.8rc7 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52463" + +# cpe-stable-backport: Backported in 5.4.268 +CVE_CHECK_WHITELIST += "CVE-2023-52464" + +# fixed-version: only affects 6.5rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52465" + +# fixed-version: only affects 5.9rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52467" + +# fixed-version: only affects 6.4rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52468" + +# cpe-stable-backport: Backported in 5.4.268 +CVE_CHECK_WHITELIST += "CVE-2023-52469" + +# cpe-stable-backport: Backported in 5.4.268 +CVE_CHECK_WHITELIST += "CVE-2023-52470" + +# fixed-version: only affects 6.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52471" + +# fixed-version: only affects 6.5rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52472" + +# fixed-version: only affects 6.4rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52473" + +# CVE-2023-52474 needs backporting (fixed from 6.4rc1) + +# cpe-stable-backport: Backported in 5.4.259 +CVE_CHECK_WHITELIST += "CVE-2023-52475" + +# CVE-2023-52476 needs backporting (fixed from 6.6rc6) + +# cpe-stable-backport: Backported in 5.4.259 +CVE_CHECK_WHITELIST += "CVE-2023-52477" + +# cpe-stable-backport: Backported in 5.4.259 +CVE_CHECK_WHITELIST += "CVE-2023-52478" + +# CVE-2023-52479 needs backporting (fixed from 6.6rc5) + +# CVE-2023-52480 needs backporting (fixed from 6.6rc5) + +# CVE-2023-52481 needs backporting (fixed from 6.6rc5) + +# CVE-2023-52482 needs backporting (fixed from 6.6rc4) + +# fixed-version: only affects 5.15rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52483" + +# CVE-2023-52484 needs backporting (fixed from 6.6rc5) + +# CVE-2023-52485 needs backporting (fixed from 6.8rc1) + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2023-52486" + +# fixed-version: only affects 6.5rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52487" + +# CVE-2023-52488 needs backporting (fixed from 6.8rc1) + +# CVE-2023-52489 needs backporting (fixed from 6.8rc1) + +# fixed-version: only affects 6.3rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52490" + +# CVE-2023-52491 needs backporting (fixed from 6.8rc1) + +# fixed-version: only affects 5.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52492" + +# fixed-version: only affects 5.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52493" + +# fixed-version: only affects 5.13rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52494" + +# fixed-version: only affects 6.3rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52495" + +# CVE-2023-52497 needs backporting (fixed from 6.8rc1) + +# CVE-2023-52498 needs backporting (fixed from 6.8rc1) + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52499" + +# CVE-2023-52500 needs backporting (fixed from 6.6rc2) + +# CVE-2023-52501 needs backporting (fixed from 6.6rc2) + +# cpe-stable-backport: Backported in 5.4.259 +CVE_CHECK_WHITELIST += "CVE-2023-52502" + +# fixed-version: only affects 5.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52503" + +# cpe-stable-backport: Backported in 5.4.270 +CVE_CHECK_WHITELIST += "CVE-2023-52504" + +# fixed-version: only affects 5.18rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52505" + +# CVE-2023-52506 needs backporting (fixed from 6.6rc3) + +# cpe-stable-backport: Backported in 5.4.259 +CVE_CHECK_WHITELIST += "CVE-2023-52507" + +# CVE-2023-52508 needs backporting (fixed from 6.6rc2) + +# cpe-stable-backport: Backported in 5.4.259 +CVE_CHECK_WHITELIST += "CVE-2023-52509" + +# cpe-stable-backport: Backported in 5.4.259 +CVE_CHECK_WHITELIST += "CVE-2023-52510" + +# CVE-2023-52511 needs backporting (fixed from 6.6rc1) + +# fixed-version: only affects 5.18rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52512" + +# cpe-stable-backport: Backported in 5.4.258 +CVE_CHECK_WHITELIST += "CVE-2023-52513" + +# CVE-2023-52515 needs backporting (fixed from 6.6rc5) + +# CVE-2023-52516 needs backporting (fixed from 6.6rc1) + +# CVE-2023-52517 needs backporting (fixed from 6.6rc1) + +# fixed-version: only affects 5.16rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52518" + +# CVE-2023-52519 needs backporting (fixed from 6.6rc5) + +# fixed-version: only affects 5.14rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52520" + +# cpe-stable-backport: Backported in 5.4.258 +CVE_CHECK_WHITELIST += "CVE-2023-52522" + +# fixed-version: only affects 5.13rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52523" + +# fixed-version: only affects 6.5rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52524" + +# fixed-version: only affects 6.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52525" + +# fixed-version: only affects 6.1rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52526" + +# cpe-stable-backport: Backported in 5.4.258 +CVE_CHECK_WHITELIST += "CVE-2023-52527" + +# cpe-stable-backport: Backported in 5.4.258 +CVE_CHECK_WHITELIST += "CVE-2023-52528" + +# fixed-version: only affects 5.14rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52529" + +# CVE-2023-52530 needs backporting (fixed from 6.6rc5) + +# CVE-2023-52531 needs backporting (fixed from 6.6rc5) + +# CVE-2023-52532 needs backporting (fixed from 6.6rc5) + +# CVE-2023-52559 needs backporting (fixed from 6.6rc5) + +# fixed-version: only affects 5.16rc5 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52560" + +# CVE-2023-52561 needs backporting (fixed from 6.6rc1) + +# fixed-version: only affects 6.0rc4 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52562" + +# CVE-2023-52563 needs backporting (fixed from 6.6rc3) + +# fixed-version: only affects 6.5rc4 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52564" + +# CVE-2023-52565 needs backporting (fixed from 6.6rc3) + +# cpe-stable-backport: Backported in 5.4.258 +CVE_CHECK_WHITELIST += "CVE-2023-52566" + +# fixed-version: only affects 6.4rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52567" + +# CVE-2023-52568 needs backporting (fixed from 6.6rc4) + +# CVE-2023-52569 needs backporting (fixed from 6.6rc2) + +# fixed-version: only affects 6.1rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52570" + +# CVE-2023-52571 needs backporting (fixed from 6.6rc4) + +# CVE-2023-52572 needs backporting (fixed from 6.6rc3) + +# cpe-stable-backport: Backported in 5.4.258 +CVE_CHECK_WHITELIST += "CVE-2023-52573" + +# cpe-stable-backport: Backported in 5.4.258 +CVE_CHECK_WHITELIST += "CVE-2023-52574" + +# fixed-version: only affects 6.5rc6 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52575" + +# fixed-version: only affects 5.13rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52576" + +# fixed-version: only affects 6.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52577" + +# cpe-stable-backport: Backported in 5.4.258 +CVE_CHECK_WHITELIST += "CVE-2023-52578" + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52580" + +# fixed-version: only affects 6.5rc6 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52581" + +# fixed-version: only affects 5.13rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52582" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2023-52583" + +# CVE-2023-52584 needs backporting (fixed from 6.8rc1) + +# CVE-2023-52585 needs backporting (fixed from 6.8rc1) + +# CVE-2023-52586 needs backporting (fixed from 6.8rc1) + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2023-52587" + +# CVE-2023-52588 needs backporting (fixed from 6.8rc1) + +# CVE-2023-52589 needs backporting (fixed from 6.8rc1) + +# CVE-2023-52590 needs backporting (fixed from 6.8rc1) + +# CVE-2023-52591 needs backporting (fixed from 6.8rc1) + +# CVE-2023-52593 needs backporting (fixed from 6.8rc1) + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2023-52594" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2023-52595" + +# CVE-2023-52596 needs backporting (fixed from 6.8rc1) + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2023-52597" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2023-52598" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2023-52599" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2023-52600" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2023-52601" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2023-52602" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2023-52603" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2023-52604" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2023-52606" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2023-52607" + +# fixed-version: only affects 5.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52608" + +# cpe-stable-backport: Backported in 5.4.268 +CVE_CHECK_WHITELIST += "CVE-2023-52609" + +# CVE-2023-52610 needs backporting (fixed from 6.8rc1) + +# fixed-version: only affects 6.4rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52611" + +# cpe-stable-backport: Backported in 5.4.268 +CVE_CHECK_WHITELIST += "CVE-2023-52612" + +# fixed-version: only affects 6.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52613" + +# CVE-2023-52614 needs backporting (fixed from 6.8rc1) + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2023-52615" + +# fixed-version: only affects 5.10rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52616" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2023-52617" + +# CVE-2023-52618 needs backporting (fixed from 6.8rc1) + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2023-52619" + +# CVE-2023-52620 needs backporting (fixed from 6.4) + +# CVE-2023-52621 needs backporting (fixed from 6.8rc1) + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2023-52622" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2023-52623" + +# CVE-2023-52624 needs backporting (fixed from 6.8rc1) + +# CVE-2023-52625 needs backporting (fixed from 6.8rc1) + +# fixed-version: only affects 6.7rc2 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52626" + +# fixed-version: only affects 5.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52627" + +# CVE-2023-52628 needs backporting (fixed from 6.6rc1) + +# CVE-2023-52629 needs backporting (fixed from 6.6rc1) + +# fixed-version: only affects 5.10rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52630" + +# fixed-version: only affects 5.15rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52631" + +# CVE-2023-52632 needs backporting (fixed from 6.8rc1) + +# CVE-2023-52633 needs backporting (fixed from 6.8rc1) + +# CVE-2023-52634 needs backporting (fixed from 6.8rc1) + +# CVE-2023-52635 needs backporting (fixed from 6.8rc1) + +# fixed-version: only affects 6.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2023-52636" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2023-52637" + +# CVE-2023-52638 needs backporting (fixed from 6.8rc5) + +# CVE-2023-52639 needs backporting (fixed from 6.8rc4) + +# CVE-2023-52640 needs backporting (fixed from 6.8rc4) + +# CVE-2023-52641 needs backporting (fixed from 6.8rc4) + # fixed-version: only affects 6.1rc1 onwards CVE_CHECK_WHITELIST += "CVE-2023-5345" @@ -7417,16 +8699,19 @@ CVE_CHECK_WHITELIST += "CVE-2023-6200" # CVE-2023-6240 has no known resolution -# CVE-2023-6270 has no known resolution +# cpe-stable-backport: Backported in 5.4.273 +CVE_CHECK_WHITELIST += "CVE-2023-6270" -# CVE-2023-6356 has no known resolution +# cpe-stable-backport: Backported in 5.4.268 +CVE_CHECK_WHITELIST += "CVE-2023-6356" # fixed-version: only affects 6.1rc1 onwards CVE_CHECK_WHITELIST += "CVE-2023-6531" # CVE-2023-6535 has no known resolution -# CVE-2023-6536 has no known resolution +# cpe-stable-backport: Backported in 5.4.268 +CVE_CHECK_WHITELIST += "CVE-2023-6536" # CVE-2023-6546 needs backporting (fixed from 6.5rc7) @@ -7455,7 +8740,8 @@ CVE_CHECK_WHITELIST += "CVE-2023-6931" # cpe-stable-backport: Backported in 5.4.263 CVE_CHECK_WHITELIST += "CVE-2023-6932" -# CVE-2023-7042 has no known resolution +# cpe-stable-backport: Backported in 5.4.273 +CVE_CHECK_WHITELIST += "CVE-2023-7042" # cpe-stable-backport: Backported in 5.4.235 CVE_CHECK_WHITELIST += "CVE-2023-7192" @@ -7463,7 +8749,8 @@ CVE_CHECK_WHITELIST += "CVE-2023-7192" # fixed-version: only affects 6.5rc6 onwards CVE_CHECK_WHITELIST += "CVE-2024-0193" -# CVE-2024-0340 needs backporting (fixed from 6.4rc6) +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-0340" # fixed-version: only affects 6.2rc1 onwards CVE_CHECK_WHITELIST += "CVE-2024-0443" @@ -7481,7 +8768,8 @@ CVE_CHECK_WHITELIST += "CVE-2024-0582" # cpe-stable-backport: Backported in 5.4.263 CVE_CHECK_WHITELIST += "CVE-2024-0584" -# CVE-2024-0607 needs backporting (fixed from 6.7rc2) +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-0607" # fixed-version: only affects 5.13rc1 onwards CVE_CHECK_WHITELIST += "CVE-2024-0639" @@ -7495,37 +8783,47 @@ CVE_CHECK_WHITELIST += "CVE-2024-0646" # cpe-stable-backport: Backported in 5.4.243 CVE_CHECK_WHITELIST += "CVE-2024-0775" -# CVE-2024-0841 has no known resolution +# cpe-stable-backport: Backported in 5.4.271 +CVE_CHECK_WHITELIST += "CVE-2024-0841" # fixed-version: only affects 5.13rc1 onwards CVE_CHECK_WHITELIST += "CVE-2024-1085" -# CVE-2024-1086 needs backporting (fixed from 6.8rc2) +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-1086" + +# CVE-2024-1151 needs backporting (fixed from 6.8rc5) # CVE-2024-1312 needs backporting (fixed from 6.5rc4) # CVE-2024-21803 has no known resolution -# CVE-2024-22099 has no known resolution +# CVE-2024-2193 has no known resolution + +# cpe-stable-backport: Backported in 5.4.273 +CVE_CHECK_WHITELIST += "CVE-2024-22099" # CVE-2024-22386 has no known resolution # fixed-version: only affects 5.15rc1 onwards CVE_CHECK_WHITELIST += "CVE-2024-22705" -# CVE-2024-23196 has no known resolution +# cpe-stable-backport: Backported in 5.4.255 +CVE_CHECK_WHITELIST += "CVE-2024-23196" -# CVE-2024-23307 has no known resolution +# CVE-2024-23307 needs backporting (fixed from 6.9rc1) # CVE-2024-23848 has no known resolution -# CVE-2024-23849 needs backporting (fixed from 6.8rc2) +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-23849" -# CVE-2024-23850 has no known resolution +# fixed-version: only affects 5.9rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-23850" -# CVE-2024-23851 has no known resolution +# CVE-2024-23851 needs backporting (fixed from 6.8rc3) -# CVE-2024-24855 has no known resolution +# CVE-2024-24855 needs backporting (fixed from 6.5rc2) # CVE-2024-24857 has no known resolution @@ -7533,9 +8831,615 @@ CVE_CHECK_WHITELIST += "CVE-2024-22705" # CVE-2024-24859 has no known resolution -# CVE-2024-24860 has no known resolution +# CVE-2024-24860 needs backporting (fixed from 6.8rc1) -# CVE-2024-24861 has no known resolution +# CVE-2024-24861 needs backporting (fixed from 6.9rc1) # CVE-2024-24864 has no known resolution +# CVE-2024-25739 has no known resolution + +# CVE-2024-25740 has no known resolution + +# CVE-2024-25741 has no known resolution + +# CVE-2024-25744 needs backporting (fixed from 6.7rc5) + +# fixed-version: only affects 6.5rc4 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26581" + +# fixed-version: only affects 6.0rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26582" + +# fixed-version: only affects 5.7 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26583" + +# CVE-2024-26584 needs backporting (fixed from 6.8rc5) + +# CVE-2024-26585 needs backporting (fixed from 6.8rc5) + +# CVE-2024-26586 needs backporting (fixed from 6.8rc1) + +# fixed-version: only affects 6.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26587" + +# fixed-version: only affects 6.1rc3 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26588" + +# CVE-2024-26589 needs backporting (fixed from 6.8rc1) + +# fixed-version: only affects 5.16rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26590" + +# fixed-version: only affects 5.13rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26591" + +# CVE-2024-26592 needs backporting (fixed from 6.8rc1) + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-26593" + +# CVE-2024-26594 needs backporting (fixed from 6.8rc1) + +# CVE-2024-26595 needs backporting (fixed from 6.8rc1) + +# fixed-version: only affects 6.1rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26596" + +# cpe-stable-backport: Backported in 5.4.268 +CVE_CHECK_WHITELIST += "CVE-2024-26597" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-26598" + +# fixed-version: only affects 5.17rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26599" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-26600" + +# fixed-version: only affects 5.11rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26601" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-26602" + +# fixed-version: only affects 5.14rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26603" + +# fixed-version: only affects 6.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26604" + +# fixed-version: only affects 6.7 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26605" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-26606" + +# CVE-2024-26607 needs backporting (fixed from 6.8rc2) + +# fixed-version: only affects 5.15rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26608" + +# fixed-version: only affects 5.5rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26610" + +# fixed-version: only affects 6.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26611" + +# fixed-version: only affects 5.17rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26612" + +# CVE-2024-26614 needs backporting (fixed from 6.8rc2) + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-26615" + +# fixed-version: only affects 6.4rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26616" + +# fixed-version: only affects 6.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26617" + +# fixed-version: only affects 6.5rc7 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26618" + +# fixed-version: only affects 6.7rc5 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26619" + +# fixed-version: only affects 6.0rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26620" + +# fixed-version: only affects 6.7 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26621" + +# CVE-2024-26622 needs backporting (fixed from 6.8rc7) + +# CVE-2024-26623 needs backporting (fixed from 6.8rc3) + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-26625" + +# fixed-version: only affects 6.8rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26626" + +# CVE-2024-26627 needs backporting (fixed from 6.8rc3) + +# fixed-version: only affects 5.19rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26629" + +# fixed-version: only affects 6.5rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26630" + +# fixed-version: only affects 5.13rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26631" + +# fixed-version: only affects 5.17rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26632" + +# cpe-stable-backport: Backported in 5.4.268 +CVE_CHECK_WHITELIST += "CVE-2024-26633" + +# fixed-version: only affects 6.6rc7 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26634" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-26635" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-26636" + +# fixed-version: only affects 6.7 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26637" + +# fixed-version: only affects 5.19rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26638" + +# fixed-version: only affects 6.8rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26639" + +# CVE-2024-26640 needs backporting (fixed from 6.8rc3) + +# CVE-2024-26641 needs backporting (fixed from 6.8rc3) + +# CVE-2024-26642 needs backporting (fixed from 6.8) + +# fixed-version: only affects 6.5rc6 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26643" + +# CVE-2024-26644 needs backporting (fixed from 6.8rc2) + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-26645" + +# CVE-2024-26646 needs backporting (fixed from 6.8rc1) + +# CVE-2024-26647 needs backporting (fixed from 6.8rc1) + +# CVE-2024-26648 needs backporting (fixed from 6.8rc1) + +# fixed-version: only affects 6.3rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26649" + +# CVE-2024-26650 needs backporting (fixed from 6.8rc2) + +# cpe-stable-backport: Backported in 5.4.273 +CVE_CHECK_WHITELIST += "CVE-2024-26651" + +# fixed-version: only affects 6.4rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26652" + +# fixed-version: only affects 6.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26653" + +# CVE-2024-26654 needs backporting (fixed from 6.9rc2) + +# CVE-2024-26655 needs backporting (fixed from 6.9rc2) + +# CVE-2024-26656 needs backporting (fixed from 6.9rc1) + +# fixed-version: only affects 6.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26657" + +# CVE-2024-26658 needs backporting (fixed from 6.8rc1) + +# CVE-2024-26659 needs backporting (fixed from 6.8rc3) + +# fixed-version: only affects 5.11rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26660" + +# fixed-version: only affects 5.9rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26661" + +# fixed-version: only affects 5.9rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26662" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-26663" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-26664" + +# fixed-version: only affects 5.9rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26665" + +# fixed-version: only affects 6.5rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26666" + +# fixed-version: only affects 5.19rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26667" + +# CVE-2024-26668 needs backporting (fixed from 6.8rc2) + +# CVE-2024-26669 needs backporting (fixed from 6.8rc2) + +# fixed-version: only affects 6.6rc5 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26670" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-26671" + +# CVE-2024-26672 needs backporting (fixed from 6.8rc1) + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-26673" + +# fixed-version: only affects 6.4rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26674" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-26675" + +# CVE-2024-26676 needs backporting (fixed from 6.8rc4) + +# CVE-2024-26677 needs backporting (fixed from 6.8rc4) + +# fixed-version: only affects 6.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26678" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-26679" + +# fixed-version: only affects 5.5rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26680" + +# fixed-version: only affects 6.0rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26681" + +# fixed-version: only affects 6.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26682" + +# fixed-version: only affects 6.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26683" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-26684" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-26685" + +# CVE-2024-26686 needs backporting (fixed from 6.8rc4) + +# CVE-2024-26687 needs backporting (fixed from 6.8rc5) + +# cpe-stable-backport: Backported in 5.4.271 +CVE_CHECK_WHITELIST += "CVE-2024-26688" + +# CVE-2024-26689 needs backporting (fixed from 6.8rc4) + +# fixed-version: only affects 6.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26690" + +# CVE-2024-26691 needs backporting (fixed from 6.8rc5) + +# fixed-version: only affects 6.3rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26692" + +# fixed-version: only affects 6.4rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26693" + +# fixed-version: only affects 6.4rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26694" + +# fixed-version: only affects 6.0rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26695" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-26696" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-26697" + +# fixed-version: only affects 5.8rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26698" + +# CVE-2024-26699 needs backporting (fixed from 6.8rc5) + +# CVE-2024-26700 needs backporting (fixed from 6.8rc4) + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-26702" + +# fixed-version: only affects 6.5rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26703" + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-26704" + +# fixed-version: only affects 6.6rc2 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26705" + +# CVE-2024-26706 needs backporting (fixed from 6.8rc3) + +# fixed-version: only affects 5.9rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26707" + +# fixed-version: only affects 6.2rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26708" + +# fixed-version: only affects 6.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26709" + +# fixed-version: only affects 6.8rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26710" + +# fixed-version: only affects 6.2rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26711" + +# CVE-2024-26712 needs backporting (fixed from 6.8rc5) + +# CVE-2024-26713 needs backporting (fixed from 6.8rc5) + +# fixed-version: only affects 5.15rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26714" + +# CVE-2024-26715 needs backporting (fixed from 6.8rc3) + +# fixed-version: only affects 6.5rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26716" + +# fixed-version: only affects 5.12rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26717" + +# fixed-version: only affects 5.9rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26718" + +# CVE-2024-26719 needs backporting (fixed from 6.8rc3) + +# cpe-stable-backport: Backported in 5.4.269 +CVE_CHECK_WHITELIST += "CVE-2024-26720" + +# fixed-version: only affects 6.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26721" + +# fixed-version: only affects 6.7rc5 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26722" + +# fixed-version: only affects 6.1rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26723" + +# fixed-version: only affects 6.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26724" + +# fixed-version: only affects 6.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26725" + +# CVE-2024-26726 needs backporting (fixed from 6.8rc5) + +# fixed-version: only affects 5.9rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26727" + +# fixed-version: only affects 6.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26728" + +# fixed-version: only affects 6.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26729" + +# fixed-version: only affects 6.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26730" + +# fixed-version: only affects 6.4rc4 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26731" + +# fixed-version: only affects 6.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26732" + +# CVE-2024-26733 needs backporting (fixed from 6.8rc6) + +# fixed-version: only affects 6.3rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26734" + +# cpe-stable-backport: Backported in 5.4.270 +CVE_CHECK_WHITELIST += "CVE-2024-26735" + +# cpe-stable-backport: Backported in 5.4.270 +CVE_CHECK_WHITELIST += "CVE-2024-26736" + +# fixed-version: only affects 5.15rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26737" + +# CVE-2024-26738 needs backporting (fixed from 6.8rc6) + +# CVE-2024-26739 needs backporting (fixed from 6.8rc6) + +# CVE-2024-26740 needs backporting (fixed from 6.8rc6) + +# fixed-version: only affects 6.1rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26741" + +# fixed-version: only affects 6.0rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26742" + +# CVE-2024-26743 needs backporting (fixed from 6.8rc6) + +# CVE-2024-26744 needs backporting (fixed from 6.8rc6) + +# CVE-2024-26745 needs backporting (fixed from 6.8rc7) + +# fixed-version: only affects 6.4rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26746" + +# CVE-2024-26747 needs backporting (fixed from 6.8rc6) + +# cpe-stable-backport: Backported in 5.4.270 +CVE_CHECK_WHITELIST += "CVE-2024-26748" + +# cpe-stable-backport: Backported in 5.4.270 +CVE_CHECK_WHITELIST += "CVE-2024-26749" + +# fixed-version: only affects 6.8rc5 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26750" + +# cpe-stable-backport: Backported in 5.4.270 +CVE_CHECK_WHITELIST += "CVE-2024-26751" + +# cpe-stable-backport: Backported in 5.4.270 +CVE_CHECK_WHITELIST += "CVE-2024-26752" + +# fixed-version: only affects 5.18rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26753" + +# cpe-stable-backport: Backported in 5.4.270 +CVE_CHECK_WHITELIST += "CVE-2024-26754" + +# fixed-version: only affects 6.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26755" + +# CVE-2024-26756 needs backporting (fixed from 6.8rc6) + +# CVE-2024-26757 needs backporting (fixed from 6.8rc6) + +# CVE-2024-26758 needs backporting (fixed from 6.8rc6) + +# CVE-2024-26759 needs backporting (fixed from 6.8rc6) + +# fixed-version: only affects 5.19rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26760" + +# fixed-version: only affects 5.19rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26761" + +# fixed-version: only affects 6.7rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26762" + +# cpe-stable-backport: Backported in 5.4.270 +CVE_CHECK_WHITELIST += "CVE-2024-26763" + +# cpe-stable-backport: Backported in 5.4.270 +CVE_CHECK_WHITELIST += "CVE-2024-26764" + +# CVE-2024-26765 needs backporting (fixed from 6.8rc6) + +# cpe-stable-backport: Backported in 5.4.270 +CVE_CHECK_WHITELIST += "CVE-2024-26766" + +# CVE-2024-26767 needs backporting (fixed from 6.8rc5) + +# CVE-2024-26768 needs backporting (fixed from 6.8rc4) + +# CVE-2024-26769 needs backporting (fixed from 6.8rc3) + +# CVE-2024-26770 needs backporting (fixed from 6.8rc3) + +# CVE-2024-26771 needs backporting (fixed from 6.8rc3) + +# cpe-stable-backport: Backported in 5.4.270 +CVE_CHECK_WHITELIST += "CVE-2024-26772" + +# cpe-stable-backport: Backported in 5.4.270 +CVE_CHECK_WHITELIST += "CVE-2024-26773" + +# CVE-2024-26774 needs backporting (fixed from 6.8rc3) + +# CVE-2024-26775 needs backporting (fixed from 6.8rc2) + +# CVE-2024-26776 needs backporting (fixed from 6.8rc2) + +# cpe-stable-backport: Backported in 5.4.270 +CVE_CHECK_WHITELIST += "CVE-2024-26777" + +# cpe-stable-backport: Backported in 5.4.270 +CVE_CHECK_WHITELIST += "CVE-2024-26778" + +# cpe-stable-backport: Backported in 5.4.270 +CVE_CHECK_WHITELIST += "CVE-2024-26779" + +# fixed-version: only affects 6.8rc4 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26780" + +# fixed-version: only affects 6.8rc6 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26781" + +# fixed-version: only affects 5.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26782" + +# fixed-version: only affects 5.18rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26783" + +# CVE-2024-26784 needs backporting (fixed from 6.8rc7) + +# fixed-version: only affects 6.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26785" + +# fixed-version: only affects 6.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26786" + +# CVE-2024-26787 needs backporting (fixed from 6.8rc7) + +# cpe-stable-backport: Backported in 5.4.271 +CVE_CHECK_WHITELIST += "CVE-2024-26788" + +# CVE-2024-26789 needs backporting (fixed from 6.8rc7) + +# cpe-stable-backport: Backported in 5.4.271 +CVE_CHECK_WHITELIST += "CVE-2024-26790" + +# cpe-stable-backport: Backported in 5.4.271 +CVE_CHECK_WHITELIST += "CVE-2024-26791" + +# fixed-version: only affects 6.8rc4 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26792" + +# cpe-stable-backport: Backported in 5.4.271 +CVE_CHECK_WHITELIST += "CVE-2024-26793" + +# fixed-version: only affects 6.8rc6 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26794" + +# CVE-2024-26795 needs backporting (fixed from 6.8rc7) + +# fixed-version: only affects 6.6rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26796" + +# CVE-2024-26797 needs backporting (fixed from 6.8rc7) + +# CVE-2024-26798 needs backporting (fixed from 6.8rc7) + +# fixed-version: only affects 5.18rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26799" + +# fixed-version: only affects 6.8rc5 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26800" + +# cpe-stable-backport: Backported in 5.4.271 +CVE_CHECK_WHITELIST += "CVE-2024-26801" + +# CVE-2024-26802 needs backporting (fixed from 6.8rc7) + +# CVE-2024-26803 needs backporting (fixed from 6.8rc7) + +# cpe-stable-backport: Backported in 5.4.271 +CVE_CHECK_WHITELIST += "CVE-2024-26804" + +# cpe-stable-backport: Backported in 5.4.271 +CVE_CHECK_WHITELIST += "CVE-2024-26805" + +# CVE-2024-26806 needs backporting (fixed from 6.8rc7) + +# fixed-version: only affects 6.4rc1 onwards +CVE_CHECK_WHITELIST += "CVE-2024-26807" + +# CVE-2024-26808 needs backporting (fixed from 6.8rc2) + +# CVE-2024-26809 needs backporting (fixed from 6.9rc1) + diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb index e3a971cbe3..f912304858 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_5.4.bb @@ -11,13 +11,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "1a529c784c773e07e2e7a743cf92d99d5f64b175" -SRCREV_meta ?= "c841eec84cf56e6b837f12a359c35c5dfb26da5f" +SRCREV_machine ?= "c93e75bc334ba00df2d66411a0d79c4378cf4af8" +SRCREV_meta ?= "ecd382f3477fae022ad1881e4c39e810cdc3c760" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}" -LINUX_VERSION ?= "5.4.268" +LINUX_VERSION ?= "5.4.273" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb index 00a32019d9..2f94782471 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_5.4.bb @@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc -LINUX_VERSION ?= "5.4.268" +LINUX_VERSION ?= "5.4.273" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine_qemuarm ?= "19870769466f545dbfacc448a212acb0dd1324a4" -SRCREV_machine ?= "b0ebc762e3ecbc4f0338456767a5901fce805155" -SRCREV_meta ?= "c841eec84cf56e6b837f12a359c35c5dfb26da5f" +SRCREV_machine_qemuarm ?= "d29f3f3a932319053ad24d84b087b0a57908c1bc" +SRCREV_machine ?= "b6480d09d84d09e7560daa5c1d73917292ae30c0" +SRCREV_meta ?= "ecd382f3477fae022ad1881e4c39e810cdc3c760" PV = "${LINUX_VERSION}+git${SRCPV}" diff --git a/meta/recipes-kernel/linux/linux-yocto_5.4.bb b/meta/recipes-kernel/linux/linux-yocto_5.4.bb index 2a30cf6a4d..108043bd98 100644 --- a/meta/recipes-kernel/linux/linux-yocto_5.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto_5.4.bb @@ -13,16 +13,16 @@ KBRANCH_qemux86 ?= "v5.4/standard/base" KBRANCH_qemux86-64 ?= "v5.4/standard/base" KBRANCH_qemumips64 ?= "v5.4/standard/mti-malta64" -SRCREV_machine_qemuarm ?= "a1fa03030adf951abcd2fc5c44f6133352e452da" -SRCREV_machine_qemuarm64 ?= "31006b756f0b4b686b0fe4fad0f122ad427756de" -SRCREV_machine_qemumips ?= "199be2c0b3869c13ea32737a316e51eca1a3cd6f" -SRCREV_machine_qemuppc ?= "f1575e20066e5f61c363e7fccdcdf8b8ae23a8f3" -SRCREV_machine_qemuriscv64 ?= "698e12267b8f334a5f6a2024e4b9b1f8a95a05ac" -SRCREV_machine_qemux86 ?= "698e12267b8f334a5f6a2024e4b9b1f8a95a05ac" -SRCREV_machine_qemux86-64 ?= "698e12267b8f334a5f6a2024e4b9b1f8a95a05ac" -SRCREV_machine_qemumips64 ?= "a9c1d19cd3d1d0df846cd419cd75cf59995f89eb" -SRCREV_machine ?= "698e12267b8f334a5f6a2024e4b9b1f8a95a05ac" -SRCREV_meta ?= "c841eec84cf56e6b837f12a359c35c5dfb26da5f" +SRCREV_machine_qemuarm ?= "b7e0891bf4b281c4e29b86f708e10a3339670acc" +SRCREV_machine_qemuarm64 ?= "ff75f0c7beb167391f0285dd2993394cd143a8a7" +SRCREV_machine_qemumips ?= "650e43a19e625d1db9d8245cda27db7b86990398" +SRCREV_machine_qemuppc ?= "0fb6546a09f90befecb11cd0f10274276e8a3021" +SRCREV_machine_qemuriscv64 ?= "fe901e2f4b156e9cf7ddb03f479f7339d28e398b" +SRCREV_machine_qemux86 ?= "fe901e2f4b156e9cf7ddb03f479f7339d28e398b" +SRCREV_machine_qemux86-64 ?= "fe901e2f4b156e9cf7ddb03f479f7339d28e398b" +SRCREV_machine_qemumips64 ?= "f59947f338319b1741db5dfac34f08399561ab25" +SRCREV_machine ?= "fe901e2f4b156e9cf7ddb03f479f7339d28e398b" +SRCREV_meta ?= "ecd382f3477fae022ad1881e4c39e810cdc3c760" # remap qemuarm to qemuarma15 for the 5.4 kernel # KMACHINE_qemuarm ?= "qemuarma15" @@ -31,7 +31,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}" LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" -LINUX_VERSION ?= "5.4.268" +LINUX_VERSION ?= "5.4.273" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" DEPENDS += "openssl-native util-linux-native" diff --git a/meta/recipes-kernel/perf/perf.bb b/meta/recipes-kernel/perf/perf.bb index 91bf648caa..42621e47d3 100644 --- a/meta/recipes-kernel/perf/perf.bb +++ b/meta/recipes-kernel/perf/perf.bb @@ -9,7 +9,7 @@ HOMEPAGE = "https://perf.wiki.kernel.org/index.php/Main_Page" LICENSE = "GPLv2" -PR = "r9" +PR = "r10" PACKAGECONFIG ??= "scripting tui libunwind" PACKAGECONFIG[dwarf] = ",NO_DWARF=1" diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-52356.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-52356.patch new file mode 100644 index 0000000000..1b651e6529 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-52356.patch @@ -0,0 +1,53 @@ +[Ubuntu note: Backport of the following patch from upstream, with a few changes +to match the current version of the file in the present Ubuntu release: + . using TIFFErrorExt instead of TIFFErrorExtR (the latter did not exist yet); +-- Rodrigo Figueiredo Zaiden] + +Backport of: + +From 51558511bdbbcffdce534db21dbaf5d54b31638a Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Tue, 31 Oct 2023 15:58:41 +0100 +Subject: [PATCH] TIFFReadRGBAStrip/TIFFReadRGBATile: add more validation of + col/row (fixes #622) + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/tiff/tree/debian/patches/CVE-2023-52356.patch?h=ubuntu/focal-security +Upstream commit https://gitlab.com/libtiff/libtiff/-/commit/51558511bdbbcffdce534db21dbaf5d54b31638a] +CVE: CVE-2023-52356 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + libtiff/tif_getimage.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + + +--- tiff-4.1.0+git191117.orig/libtiff/tif_getimage.c ++++ tiff-4.1.0+git191117/libtiff/tif_getimage.c +@@ -2926,6 +2926,13 @@ TIFFReadRGBAStripExt(TIFF* tif, uint32 r + } + + if (TIFFRGBAImageOK(tif, emsg) && TIFFRGBAImageBegin(&img, tif, stop_on_error, emsg)) { ++ if (row >= img.height) ++ { ++ TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), ++ "Invalid row passed to TIFFReadRGBAStrip()."); ++ TIFFRGBAImageEnd(&img); ++ return (0); ++ } + + img.row_offset = row; + img.col_offset = 0; +@@ -3002,6 +3009,14 @@ TIFFReadRGBATileExt(TIFF* tif, uint32 co + return( 0 ); + } + ++ if (col >= img.width || row >= img.height) ++ { ++ TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), ++ "Invalid row/col passed to TIFFReadRGBATile()."); ++ TIFFRGBAImageEnd(&img); ++ return (0); ++ } ++ + /* + * The TIFFRGBAImageGet() function doesn't allow us to get off the + * edge of the image, even to fill an otherwise valid tile. So we diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-6277-1.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-6277-1.patch new file mode 100644 index 0000000000..e955b3f2e4 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-6277-1.patch @@ -0,0 +1,191 @@ +[Ubuntu note: Backport of the following patch from upstream, with a few changes +to match the current version of the file in the present Ubuntu release: + . included inttypes.h header to support PRIu32 and PRIu64; + . using TIFFWarningExt instead of TIFFWarningExtR (the latter did not exist yet); + . using uint64 instead of uint64_t to preserve the current code usage; + . calling _TIFFfree(data) instead of _TIFFfreeExt(tif, data) (the latter did not exist yet); + . calls to the check size, that is the idea of the patch, were added before + _TIFFCheckMalloc and may note match the original patch methods; +-- Rodrigo Figueiredo Zaiden] + +Backport of: + +From 5320c9d89c054fa805d037d84c57da874470b01a Mon Sep 17 00:00:00 2001 +From: Su Laus <sulau@freenet.de> +Date: Tue, 31 Oct 2023 15:43:29 +0000 +Subject: [PATCH] Prevent some out-of-memory attacks + +Some small fuzzer files fake large amounts of data and provoke out-of-memory situations. For non-compressed data content / tags, out-of-memory can be prevented by comparing with the file size. + +At image reading, data size of some tags / data structures (StripByteCounts, StripOffsets, StripArray, TIFF directory) is compared with file size to prevent provoked out-of-memory attacks. + +See issue https://gitlab.com/libtiff/libtiff/-/issues/614#note_1602683857 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/tiff/tree/debian/patches/CVE-2023-6277-1.patch?h=ubuntu/focal-security +Upstream commit https://gitlab.com/libtiff/libtiff/-/commit/5320c9d89c054fa805d037d84c57da874470b01a] +CVE: CVE-2023-6277 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + libtiff/tif_dirread.c | 92 ++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 90 insertions(+), 2 deletions(-) + +--- tiff-4.1.0+git191117.orig/libtiff/tif_dirread.c ++++ tiff-4.1.0+git191117/libtiff/tif_dirread.c +@@ -37,6 +37,7 @@ + #include "tiffiop.h" + #include <float.h> + #include <stdlib.h> ++#include <inttypes.h> + + #define FAILED_FII ((uint32) -1) + +@@ -863,6 +864,21 @@ static enum TIFFReadDirEntryErr TIFFRead + datasize=(*count)*typesize; + assert((tmsize_t)datasize>0); + ++ /* Before allocating a huge amount of memory for corrupted files, check if ++ * size of requested memory is not greater than file size. ++ */ ++ uint64 filesize = TIFFGetFileSize(tif); ++ if (datasize > filesize) ++ { ++ TIFFWarningExt(tif->tif_clientdata, "ReadDirEntryArray", ++ "Requested memory size for tag %d (0x%x) %" PRIu32 ++ " is greather than filesize %" PRIu64 ++ ". Memory not allocated, tag not read", ++ direntry->tdir_tag, direntry->tdir_tag, datasize, ++ filesize); ++ return (TIFFReadDirEntryErrAlloc); ++ } ++ + if( isMapped(tif) && datasize > (uint32)tif->tif_size ) + return TIFFReadDirEntryErrIo; + +@@ -4534,6 +4550,20 @@ EstimateStripByteCounts(TIFF* tif, TIFFD + if( !_TIFFFillStrilesInternal( tif, 0 ) ) + return -1; + ++ /* Before allocating a huge amount of memory for corrupted files, check if ++ * size of requested memory is not greater than file size. */ ++ uint64 filesize = TIFFGetFileSize(tif); ++ uint64 allocsize = (uint64)td->td_nstrips * sizeof(uint64); ++ if (allocsize > filesize) ++ { ++ TIFFWarningExt(tif->tif_clientdata, module, ++ "Requested memory size for StripByteCounts of %" PRIu64 ++ " is greather than filesize %" PRIu64 ++ ". Memory not allocated", ++ allocsize, filesize); ++ return -1; ++ } ++ + if (td->td_stripbytecount_p) + _TIFFfree(td->td_stripbytecount_p); + td->td_stripbytecount_p = (uint64*) +@@ -4544,9 +4574,7 @@ EstimateStripByteCounts(TIFF* tif, TIFFD + + if (td->td_compression != COMPRESSION_NONE) { + uint64 space; +- uint64 filesize; + uint16 n; +- filesize = TIFFGetFileSize(tif); + if (!(tif->tif_flags&TIFF_BIGTIFF)) + space=sizeof(TIFFHeaderClassic)+2+dircount*12+4; + else +@@ -4854,6 +4882,20 @@ TIFFFetchDirectory(TIFF* tif, uint64 dir + dircount16 = (uint16)dircount64; + dirsize = 20; + } ++ /* Before allocating a huge amount of memory for corrupted files, check ++ * if size of requested memory is not greater than file size. */ ++ uint64 filesize = TIFFGetFileSize(tif); ++ uint64 allocsize = (uint64)dircount16 * dirsize; ++ if (allocsize > filesize) ++ { ++ TIFFWarningExt( ++ tif->tif_clientdata, module, ++ "Requested memory size for TIFF directory of %" PRIu64 ++ " is greather than filesize %" PRIu64 ++ ". Memory not allocated, TIFF directory not read", ++ allocsize, filesize); ++ return 0; ++ } + origdir = _TIFFCheckMalloc(tif, dircount16, + dirsize, "to read TIFF directory"); + if (origdir == NULL) +@@ -4957,6 +4999,20 @@ TIFFFetchDirectory(TIFF* tif, uint64 dir + "Sanity check on directory count failed, zero tag directories not supported"); + return 0; + } ++ /* Before allocating a huge amount of memory for corrupted files, check ++ * if size of requested memory is not greater than file size. */ ++ uint64 filesize = TIFFGetFileSize(tif); ++ uint64 allocsize = (uint64)dircount16 * dirsize; ++ if (allocsize > filesize) ++ { ++ TIFFWarningExt( ++ tif->tif_clientdata, module, ++ "Requested memory size for TIFF directory of %" PRIu64 ++ " is greather than filesize %" PRIu64 ++ ". Memory not allocated, TIFF directory not read", ++ allocsize, filesize); ++ return 0; ++ } + origdir = _TIFFCheckMalloc(tif, dircount16, + dirsize, + "to read TIFF directory"); +@@ -5000,6 +5056,8 @@ TIFFFetchDirectory(TIFF* tif, uint64 dir + } + } + } ++ /* No check against filesize needed here because "dir" should have same size ++ * than "origdir" checked above. */ + dir = (TIFFDirEntry*)_TIFFCheckMalloc(tif, dircount16, + sizeof(TIFFDirEntry), + "to read TIFF directory"); +@@ -5769,7 +5827,20 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEn + _TIFFfree(data); + return(0); + } +- ++ /* Before allocating a huge amount of memory for corrupted files, check ++ * if size of requested memory is not greater than file size. */ ++ uint64 filesize = TIFFGetFileSize(tif); ++ uint64 allocsize = (uint64)nstrips * sizeof(uint64); ++ if (allocsize > filesize) ++ { ++ TIFFWarningExt(tif->tif_clientdata, module, ++ "Requested memory size for StripArray of %" PRIu64 ++ " is greather than filesize %" PRIu64 ++ ". Memory not allocated", ++ allocsize, filesize); ++ _TIFFfree(data); ++ return (0); ++ } + resizeddata=(uint64*)_TIFFCheckMalloc(tif,nstrips,sizeof(uint64),"for strip array"); + if (resizeddata==0) { + _TIFFfree(data); +@@ -5865,6 +5936,23 @@ static void allocChoppedUpStripArrays(TI + } + bytecount = last_offset + last_bytecount - offset; + ++ /* Before allocating a huge amount of memory for corrupted files, check if ++ * size of StripByteCount and StripOffset tags is not greater than ++ * file size. ++ */ ++ uint64 allocsize = (uint64)nstrips * sizeof(uint64) * 2; ++ uint64 filesize = TIFFGetFileSize(tif); ++ if (allocsize > filesize) ++ { ++ TIFFWarningExt(tif->tif_clientdata, "allocChoppedUpStripArrays", ++ "Requested memory size for StripByteCount and " ++ "StripOffsets %" PRIu64 ++ " is greather than filesize %" PRIu64 ++ ". Memory not allocated", ++ allocsize, filesize); ++ return; ++ } ++ + newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64), + "for chopped \"StripByteCounts\" array"); + newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64), diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-6277-2.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-6277-2.patch new file mode 100644 index 0000000000..644b3fdb3f --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-6277-2.patch @@ -0,0 +1,152 @@ +[Ubuntu note: Backport of the following patch from upstream, with a few changes +to match the current version of the file in the present Ubuntu release: + . using TIFFWarningExt instead of TIFFWarningExtR (the latter did not exist yet); + . using uint64 instead of uint64_t to preserve the current code usage; +-- Rodrigo Figueiredo Zaiden] + +Backport of: + +From 0b025324711213a75e38b52f7e7ba60235f108aa Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Tue, 31 Oct 2023 19:47:22 +0100 +Subject: [PATCH] tif_dirread.c: only issue TIFFGetFileSize() for large enough + RAM requests + +Ammends 5320c9d89c054fa805d037d84c57da874470b01a + +This fixes a performance regression caught by the GDAL regression test +suite. + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/tiff/tree/debian/patches/CVE-2023-6277-2.patch?h=ubuntu/focal-security +Upstream commit https://gitlab.com/libtiff/libtiff/-/commit/0b025324711213a75e38b52f7e7ba60235f108aa] +CVE: CVE-2023-6277 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + libtiff/tif_dirread.c | 83 +++++++++++++++++++++++++------------------ + 1 file changed, 48 insertions(+), 35 deletions(-) + +--- tiff-4.1.0+git191117.orig/libtiff/tif_dirread.c ++++ tiff-4.1.0+git191117/libtiff/tif_dirread.c +@@ -864,19 +864,22 @@ static enum TIFFReadDirEntryErr TIFFRead + datasize=(*count)*typesize; + assert((tmsize_t)datasize>0); + +- /* Before allocating a huge amount of memory for corrupted files, check if +- * size of requested memory is not greater than file size. +- */ +- uint64 filesize = TIFFGetFileSize(tif); +- if (datasize > filesize) ++ if (datasize > 100 * 1024 * 1024) + { +- TIFFWarningExt(tif->tif_clientdata, "ReadDirEntryArray", +- "Requested memory size for tag %d (0x%x) %" PRIu32 +- " is greather than filesize %" PRIu64 +- ". Memory not allocated, tag not read", +- direntry->tdir_tag, direntry->tdir_tag, datasize, +- filesize); +- return (TIFFReadDirEntryErrAlloc); ++ /* Before allocating a huge amount of memory for corrupted files, check ++ * if size of requested memory is not greater than file size. ++ */ ++ const uint64 filesize = TIFFGetFileSize(tif); ++ if (datasize > filesize) ++ { ++ TIFFWarningExt(tif->tif_clientdata, "ReadDirEntryArray", ++ "Requested memory size for tag %d (0x%x) %" PRIu32 ++ " is greater than filesize %" PRIu64 ++ ". Memory not allocated, tag not read", ++ direntry->tdir_tag, direntry->tdir_tag, datasize, ++ filesize); ++ return (TIFFReadDirEntryErrAlloc); ++ } + } + + if( isMapped(tif) && datasize > (uint32)tif->tif_size ) +@@ -4550,18 +4553,22 @@ EstimateStripByteCounts(TIFF* tif, TIFFD + if( !_TIFFFillStrilesInternal( tif, 0 ) ) + return -1; + +- /* Before allocating a huge amount of memory for corrupted files, check if +- * size of requested memory is not greater than file size. */ +- uint64 filesize = TIFFGetFileSize(tif); +- uint64 allocsize = (uint64)td->td_nstrips * sizeof(uint64); +- if (allocsize > filesize) ++ const uint64 allocsize = (uint64)td->td_nstrips * sizeof(uint64); ++ uint64 filesize = 0; ++ if (allocsize > 100 * 1024 * 1024) + { +- TIFFWarningExt(tif->tif_clientdata, module, +- "Requested memory size for StripByteCounts of %" PRIu64 +- " is greather than filesize %" PRIu64 +- ". Memory not allocated", +- allocsize, filesize); +- return -1; ++ /* Before allocating a huge amount of memory for corrupted files, check ++ * if size of requested memory is not greater than file size. */ ++ filesize = TIFFGetFileSize(tif); ++ if (allocsize > filesize) ++ { ++ TIFFWarningExt( ++ tif->tif_clientdata, module, ++ "Requested memory size for StripByteCounts of %" PRIu64 ++ " is greater than filesize %" PRIu64 ". Memory not allocated", ++ allocsize, filesize); ++ return -1; ++ } + } + + if (td->td_stripbytecount_p) +@@ -4608,11 +4615,13 @@ EstimateStripByteCounts(TIFF* tif, TIFFD + return -1; + space+=datasize; + } ++ if (filesize == 0) ++ filesize = TIFFGetFileSize(tif); + if( filesize < space ) +- /* we should perhaps return in error ? */ +- space = filesize; +- else +- space = filesize - space; ++ /* we should perhaps return in error ? */ ++ space = filesize; ++ else ++ space = filesize - space; + if (td->td_planarconfig == PLANARCONFIG_SEPARATE) + space /= td->td_samplesperpixel; + for (strip = 0; strip < td->td_nstrips; strip++) +@@ -4882,19 +4891,23 @@ TIFFFetchDirectory(TIFF* tif, uint64 dir + dircount16 = (uint16)dircount64; + dirsize = 20; + } +- /* Before allocating a huge amount of memory for corrupted files, check +- * if size of requested memory is not greater than file size. */ +- uint64 filesize = TIFFGetFileSize(tif); +- uint64 allocsize = (uint64)dircount16 * dirsize; +- if (allocsize > filesize) ++ const uint64 allocsize = (uint64)dircount16 * dirsize; ++ if (allocsize > 100 * 1024 * 1024) + { +- TIFFWarningExt( +- tif->tif_clientdata, module, +- "Requested memory size for TIFF directory of %" PRIu64 +- " is greather than filesize %" PRIu64 +- ". Memory not allocated, TIFF directory not read", +- allocsize, filesize); +- return 0; ++ /* Before allocating a huge amount of memory for corrupted files, ++ * check if size of requested memory is not greater than file size. ++ */ ++ const uint64 filesize = TIFFGetFileSize(tif); ++ if (allocsize > filesize) ++ { ++ TIFFWarningExt( ++ tif->tif_clientdata, module, ++ "Requested memory size for TIFF directory of %" PRIu64 ++ " is greater than filesize %" PRIu64 ++ ". Memory not allocated, TIFF directory not read", ++ allocsize, filesize); ++ return 0; ++ } + } + origdir = _TIFFCheckMalloc(tif, dircount16, + dirsize, "to read TIFF directory"); diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-6277-3.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-6277-3.patch new file mode 100644 index 0000000000..ed7d7e7b96 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-6277-3.patch @@ -0,0 +1,46 @@ +Backport of: + +From de7bfd7d4377c266f81849579f696fa1ad5ba6c3 Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Tue, 31 Oct 2023 20:13:45 +0100 +Subject: [PATCH] TIFFFetchDirectory(): remove useless allocsize vs filesize + check + +CoverityScan rightly points that the max value for dircount16 * dirsize +is 4096 * 20. That's small enough not to do any check + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/tiff/tree/debian/patches/CVE-2023-6277-3.patch?h=ubuntu/focal-security +Upstream commit https://gitlab.com/libtiff/libtiff/-/commit/de7bfd7d4377c266f81849579f696fa1ad5ba6c3] +CVE: CVE-2023-6277 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + libtiff/tif_dirread.c | 18 ------------------ + 1 file changed, 18 deletions(-) + +--- tiff-4.1.0+git191117.orig/libtiff/tif_dirread.c ++++ tiff-4.1.0+git191117/libtiff/tif_dirread.c +@@ -4891,24 +4891,6 @@ TIFFFetchDirectory(TIFF* tif, uint64 dir + dircount16 = (uint16)dircount64; + dirsize = 20; + } +- const uint64 allocsize = (uint64)dircount16 * dirsize; +- if (allocsize > 100 * 1024 * 1024) +- { +- /* Before allocating a huge amount of memory for corrupted files, +- * check if size of requested memory is not greater than file size. +- */ +- const uint64 filesize = TIFFGetFileSize(tif); +- if (allocsize > filesize) +- { +- TIFFWarningExt( +- tif->tif_clientdata, module, +- "Requested memory size for TIFF directory of %" PRIu64 +- " is greater than filesize %" PRIu64 +- ". Memory not allocated, TIFF directory not read", +- allocsize, filesize); +- return 0; +- } +- } + origdir = _TIFFCheckMalloc(tif, dircount16, + dirsize, "to read TIFF directory"); + if (origdir == NULL) diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-6277-4.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-6277-4.patch new file mode 100644 index 0000000000..1a43fd3230 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-6277-4.patch @@ -0,0 +1,94 @@ +[Ubuntu note: Backport of the following patch from upstream, with a few changes +to match the current version of the file in the present Ubuntu release: + . using TIFFWarningExt instead of TIFFWarningExtR (the latter did not exist yet); + . using uint64 instead of uint64_t to preserve the current code usage; + . calling _TIFFfree(data) instead of _TIFFfreeExt(tif, data) (the latter did not exist yet); +-- Rodrigo Figueiredo Zaiden] + +Backport of: + +From dbb825a8312f30e63a06c272010967d51af5c35a Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Tue, 31 Oct 2023 21:30:58 +0100 +Subject: [PATCH] tif_dirread.c: only issue TIFFGetFileSize() for large enough + RAM requests + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/tiff/tree/debian/patches/CVE-2023-6277-4.patch?h=ubuntu/focal-security +Upstream commit https://gitlab.com/libtiff/libtiff/-/commit/dbb825a8312f30e63a06c272010967d51af5c35a] +CVE: CVE-2023-6277 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + libtiff/tif_dirread.c | 54 +++++++++++++++++++++++++------------------ + 1 file changed, 31 insertions(+), 23 deletions(-) + +--- tiff-4.1.0+git191117.orig/libtiff/tif_dirread.c ++++ tiff-4.1.0+git191117/libtiff/tif_dirread.c +@@ -5822,19 +5822,24 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEn + _TIFFfree(data); + return(0); + } +- /* Before allocating a huge amount of memory for corrupted files, check +- * if size of requested memory is not greater than file size. */ +- uint64 filesize = TIFFGetFileSize(tif); +- uint64 allocsize = (uint64)nstrips * sizeof(uint64); +- if (allocsize > filesize) ++ const uint64 allocsize = (uint64)nstrips * sizeof(uint64); ++ if (allocsize > 100 * 1024 * 1024) + { +- TIFFWarningExt(tif->tif_clientdata, module, +- "Requested memory size for StripArray of %" PRIu64 +- " is greather than filesize %" PRIu64 +- ". Memory not allocated", +- allocsize, filesize); +- _TIFFfree(data); +- return (0); ++ /* Before allocating a huge amount of memory for corrupted files, ++ * check if size of requested memory is not greater than file size. ++ */ ++ const uint64 filesize = TIFFGetFileSize(tif); ++ if (allocsize > filesize) ++ { ++ TIFFWarningExt( ++ tif->tif_clientdata, module, ++ "Requested memory size for StripArray of %" PRIu64 ++ " is greater than filesize %" PRIu64 ++ ". Memory not allocated", ++ allocsize, filesize); ++ _TIFFfree(data); ++ return (0); ++ } + } + resizeddata=(uint64*)_TIFFCheckMalloc(tif,nstrips,sizeof(uint64),"for strip array"); + if (resizeddata==0) { +@@ -5935,17 +5940,20 @@ static void allocChoppedUpStripArrays(TI + * size of StripByteCount and StripOffset tags is not greater than + * file size. + */ +- uint64 allocsize = (uint64)nstrips * sizeof(uint64) * 2; +- uint64 filesize = TIFFGetFileSize(tif); +- if (allocsize > filesize) +- { +- TIFFWarningExt(tif->tif_clientdata, "allocChoppedUpStripArrays", +- "Requested memory size for StripByteCount and " +- "StripOffsets %" PRIu64 +- " is greather than filesize %" PRIu64 +- ". Memory not allocated", +- allocsize, filesize); +- return; ++ const uint64 allocsize = (uint64)nstrips * sizeof(uint64) * 2; ++ if (allocsize > 100 * 1024 * 1024) ++ { ++ const uint64 filesize = TIFFGetFileSize(tif); ++ if (allocsize > filesize) ++ { ++ TIFFWarningExt(tif->tif_clientdata, "allocChoppedUpStripArrays", ++ "Requested memory size for StripByteCount and " ++ "StripOffsets %" PRIu64 ++ " is greater than filesize %" PRIu64 ++ ". Memory not allocated", ++ allocsize, filesize); ++ return; ++ } + } + + newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64), diff --git a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb index c739f3a7fa..7efaba3a38 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb @@ -49,6 +49,11 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ file://CVE-2023-41175.patch \ file://CVE-2022-40090.patch \ file://CVE-2023-6228.patch \ + file://CVE-2023-6277-1.patch \ + file://CVE-2023-6277-2.patch \ + file://CVE-2023-6277-3.patch \ + file://CVE-2023-6277-4.patch \ + file://CVE-2023-52356.patch \ " SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424" SRC_URI[sha256sum] = "5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634" diff --git a/meta/recipes-support/curl/curl/CVE-2024-2398.patch b/meta/recipes-support/curl/curl/CVE-2024-2398.patch new file mode 100644 index 0000000000..a3840336f0 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2024-2398.patch @@ -0,0 +1,88 @@ +Backport of: + +From deca8039991886a559b67bcd6701db800a5cf764 Mon Sep 17 00:00:00 2001 +From: Stefan Eissing <stefan@eissing.org> +Date: Wed, 6 Mar 2024 09:36:08 +0100 +Subject: [PATCH] http2: push headers better cleanup + +- provide common cleanup method for push headers + +Closes #13054 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/curl/tree/debian/patches/CVE-2024-2398.patch?h=ubuntu/focal-security +Upstream commit https://github.com/curl/curl/commit/deca8039991886a559b67bcd6701db800a5cf764] +CVE: CVE-2024-2398 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + lib/http2.c | 34 +++++++++++++++------------------- + 1 file changed, 15 insertions(+), 19 deletions(-) + +--- a/lib/http2.c ++++ b/lib/http2.c +@@ -515,6 +515,15 @@ static struct Curl_easy *duphandle(struc + } + + ++static void free_push_headers(struct HTTP *stream) ++{ ++ size_t i; ++ for(i = 0; i<stream->push_headers_used; i++) ++ free(stream->push_headers[i]); ++ Curl_safefree(stream->push_headers); ++ stream->push_headers_used = 0; ++} ++ + static int push_promise(struct Curl_easy *data, + struct connectdata *conn, + const nghttp2_push_promise *frame) +@@ -528,7 +537,6 @@ static int push_promise(struct Curl_easy + struct curl_pushheaders heads; + CURLMcode rc; + struct http_conn *httpc; +- size_t i; + /* clone the parent */ + struct Curl_easy *newhandle = duphandle(data); + if(!newhandle) { +@@ -557,11 +565,7 @@ static int push_promise(struct Curl_easy + Curl_set_in_callback(data, false); + + /* free the headers again */ +- for(i = 0; i<stream->push_headers_used; i++) +- free(stream->push_headers[i]); +- free(stream->push_headers); +- stream->push_headers = NULL; +- stream->push_headers_used = 0; ++ free_push_headers(stream); + + if(rv) { + /* denied, kill off the new handle again */ +@@ -995,10 +999,10 @@ static int on_header(nghttp2_session *se + stream->push_headers_alloc) { + char **headp; + stream->push_headers_alloc *= 2; +- headp = Curl_saferealloc(stream->push_headers, +- stream->push_headers_alloc * sizeof(char *)); ++ headp = realloc(stream->push_headers, ++ stream->push_headers_alloc * sizeof(char *)); + if(!headp) { +- stream->push_headers = NULL; ++ free_push_headers(stream); + return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; + } + stream->push_headers = headp; +@@ -1179,14 +1183,7 @@ void Curl_http2_done(struct Curl_easy *d + if(http->header_recvbuf) { + Curl_add_buffer_free(&http->header_recvbuf); + Curl_add_buffer_free(&http->trailer_recvbuf); +- if(http->push_headers) { +- /* if they weren't used and then freed before */ +- for(; http->push_headers_used > 0; --http->push_headers_used) { +- free(http->push_headers[http->push_headers_used - 1]); +- } +- free(http->push_headers); +- http->push_headers = NULL; +- } ++ free_push_headers(http); + } + + if(!httpc->h2) /* not HTTP/2 ? */ diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb index 980b4224a8..2f351d585a 100644 --- a/meta/recipes-support/curl/curl_7.69.1.bb +++ b/meta/recipes-support/curl/curl_7.69.1.bb @@ -58,6 +58,7 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://CVE-2023-28321.patch \ file://CVE-2023-28322.patch \ file://CVE-2023-46218.patch \ + file://CVE-2024-2398.patch \ " SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42" |