[poky][zeus][PATCH] libpcre: Add fix for CVE-2020-14155

[poky][zeus][PATCH] libpcre: Add fix for CVE-2020-14155

[saloni]

From: Rahul Taya <Rahul.Taya@kpit.com>

Added below patch in libpcre
CVE-2020-14155.patch

This patch fixes below error:
PCRE could allow a remote attacker to execute arbitrary
code on the system, caused by an integer overflow in
libpcre via a large number after (?C substring.
By sending a request with a large number, an attacker
can execute arbitrary code on the system or
cause the application to crash.

Tested-by: Rahul Taya <Rahul.Taya@kpit.com>
Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com>

Please Note: CVE already fixed in master and dunfell branches,
applicable for zeus only.
---
 .../libpcre/libpcre/CVE-2020-14155.patch           | 41 ++++++++++++++++++++++
 meta/recipes-support/libpcre/libpcre_8.43.bb       |  1 +
 2 files changed, 42 insertions(+)
 create mode 100644 meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch

diff --git a/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch
new file mode 100644
index 0000000..183512f
--- /dev/null
+++ b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch
@@ -0,0 +1,41 @@
+--- pcre-8.43/pcre_compile.c    2020-07-05 22:26:25.310501521 +0530
++++ pcre-8.43/pcre_compile1.c   2020-07-05 22:30:22.254489562 +0530
+
+CVE: CVE-2020-14155
+Upstream-Status: Backport [https://vcs.pcre.org/pcre/code/trunk/pcre_compile.c?view=patch&r1=1761&r2=1760&pathrev=1761]
+Signed-off-by: Rahul Taya<Rahul.Taya@kpit.com>
+
+@@ -6,7 +6,7 @@
+ and semantics are as close as possible to those of the Perl 5 language.
+
+                        Written by Philip Hazel
+-           Copyright (c) 1997-2018 University of Cambridge
++           Copyright (c) 1997-2020 University of Cambridge
+
+ -----------------------------------------------------------------------------
+ Redistribution and use in source and binary forms, with or without
+@@ -7130,17 +7130,19 @@
+           int n = 0;
+           ptr++;
+           while(IS_DIGIT(*ptr))
++           {
+             n = n * 10 + *ptr++ - CHAR_0;
++            if (n > 255)
++               {
++               *errorcodeptr = ERR38;
++               goto FAILED;
++               }
++            }
+           if (*ptr != CHAR_RIGHT_PARENTHESIS)
+             {
+             *errorcodeptr = ERR39;
+             goto FAILED;
+             }
+-          if (n > 255)
+-            {
+-            *errorcodeptr = ERR38;
+-            goto FAILED;
+-            }
+           *code++ = n;
+           PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */
+           PUT(code, LINK_SIZE, 0);                          /* Default length */
diff --git a/meta/recipes-support/libpcre/libpcre_8.43.bb b/meta/recipes-support/libpcre/libpcre_8.43.bb
index b97af08..60ece64 100644
--- a/meta/recipes-support/libpcre/libpcre_8.43.bb
+++ b/meta/recipes-support/libpcre/libpcre_8.43.bb
@@ -12,6 +12,7 @@ SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre-${PV}.tar.bz2 \
            file://out-of-tree.patch \
            file://run-ptest \
            file://Makefile \
+           file://CVE-2020-14155.patch \
 "

 SRC_URI[md5sum] = "636222e79e392c3d95dcc545f24f98c4"
--
2.7.4

This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.

[poky][zeus][PATCH] libpcre: Add fix for CVE-2020-14155

[saloni]

From: Rahul Taya <Rahul.Taya@kpit.com>

Added below patch in libpcre
CVE-2020-14155.patch

This patch fixes below error:
PCRE could allow a remote attacker to execute arbitrary
code on the system, caused by an integer overflow in
libpcre via a large number after (?C substring.
By sending a request with a large number, an attacker
can execute arbitrary code on the system or
cause the application to crash.

Upstream-Status: Pending

Tested-by: Rahul Taya <Rahul.Taya@kpit.com>
Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com>
---
 .../libpcre/libpcre/CVE-2020-14155.patch           | 40 ++++++++++++++++++++++
 meta/recipes-support/libpcre/libpcre_8.43.bb       |  1 +
 2 files changed, 41 insertions(+)
 create mode 100644 meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch

diff --git a/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch
new file mode 100644
index 0000000..d6cb9bf
--- /dev/null
+++ b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch
@@ -0,0 +1,40 @@
+--- pcre-8.43/pcre_compile.c    2020-07-05 22:26:25.310501521 +0530
++++ pcre-8.43/pcre_compile1.c   2020-07-05 22:30:22.254489562 +0530
+
+CVE: CVE-2020-14155
+Upstream-Status: Backport [https://vcs.pcre.org/pcre/code/trunk/pcre_compile.c?view=patch&r1=1761&r2=1760&pathrev=1761]
+
+@@ -6,7 +6,7 @@
+ and semantics are as close as possible to those of the Perl 5 language.
+
+                        Written by Philip Hazel
+-           Copyright (c) 1997-2018 University of Cambridge
++           Copyright (c) 1997-2020 University of Cambridge
+
+ -----------------------------------------------------------------------------
+ Redistribution and use in source and binary forms, with or without
+@@ -7130,17 +7130,19 @@
+           int n = 0;
+           ptr++;
+           while(IS_DIGIT(*ptr))
++           {
+             n = n * 10 + *ptr++ - CHAR_0;
++            if (n > 255)
++               {
++               *errorcodeptr = ERR38;
++               goto FAILED;
++               }
++            }
+           if (*ptr != CHAR_RIGHT_PARENTHESIS)
+             {
+             *errorcodeptr = ERR39;
+             goto FAILED;
+             }
+-          if (n > 255)
+-            {
+-            *errorcodeptr = ERR38;
+-            goto FAILED;
+-            }
+           *code++ = n;
+           PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */
+           PUT(code, LINK_SIZE, 0);                          /* Default length */
diff --git a/meta/recipes-support/libpcre/libpcre_8.43.bb b/meta/recipes-support/libpcre/libpcre_8.43.bb
index b97af08..60ece64 100644
--- a/meta/recipes-support/libpcre/libpcre_8.43.bb
+++ b/meta/recipes-support/libpcre/libpcre_8.43.bb
@@ -12,6 +12,7 @@ SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre-${PV}.tar.bz2 \
            file://out-of-tree.patch \
            file://run-ptest \
            file://Makefile \
+           file://CVE-2020-14155.patch \
 "

 SRC_URI[md5sum] = "636222e79e392c3d95dcc545f24f98c4"
--
2.7.4

This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.

Re: [poky][zeus][PATCH] libpcre: Add fix for CVE-2020-14155

[Khem Raj]

On Wed, Jul 29, 2020 at 5:56 AM Saloni Jain <Saloni.Jain@kpit.com> wrote:
>
> From: Rahul Taya <Rahul.Taya@kpit.com>
>
> Added below patch in libpcre
> CVE-2020-14155.patch
>
> This patch fixes below error:
> PCRE could allow a remote attacker to execute arbitrary
> code on the system, caused by an integer overflow in
> libpcre via a large number after (?C substring.
> By sending a request with a large number, an attacker
> can execute arbitrary code on the system or
> cause the application to crash.
>
> Upstream-Status: Pending

you don't need this here. its needed in package patch header which you
already have
secondly do we need this on master and dunfell ?

>
> Tested-by: Rahul Taya <Rahul.Taya@kpit.com>
> Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com>
> ---
>  .../libpcre/libpcre/CVE-2020-14155.patch           | 40 ++++++++++++++++++++++
>  meta/recipes-support/libpcre/libpcre_8.44.bb       |  3 +-
>  2 files changed, 42 insertions(+), 1 deletion(-)
>  create mode 100644 meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch
>
> diff --git a/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch
> new file mode 100644
> index 0000000..d6cb9bf
> --- /dev/null
> +++ b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch
> @@ -0,0 +1,40 @@
> +--- pcre-8.43/pcre_compile.c    2020-07-05 22:26:25.310501521 +0530
> ++++ pcre-8.43/pcre_compile1.c   2020-07-05 22:30:22.254489562 +0530
> +
> +CVE: CVE-2020-14155
> +Upstream-Status: Backport [https://vcs.pcre.org/pcre/code/trunk/pcre_compile.c?view=patch&r1=1761&r2=1760&pathrev=1761]
> +
> +@@ -6,7 +6,7 @@
> + and semantics are as close as possible to those of the Perl 5 language.
> +
> +                        Written by Philip Hazel
> +-           Copyright (c) 1997-2018 University of Cambridge
> ++           Copyright (c) 1997-2020 University of Cambridge
> +
> + -----------------------------------------------------------------------------
> + Redistribution and use in source and binary forms, with or without
> +@@ -7130,17 +7130,19 @@
> +           int n = 0;
> +           ptr++;
> +           while(IS_DIGIT(*ptr))
> ++           {
> +             n = n * 10 + *ptr++ - CHAR_0;
> ++            if (n > 255)
> ++               {
> ++               *errorcodeptr = ERR38;
> ++               goto FAILED;
> ++               }
> ++            }
> +           if (*ptr != CHAR_RIGHT_PARENTHESIS)
> +             {
> +             *errorcodeptr = ERR39;
> +             goto FAILED;
> +             }
> +-          if (n > 255)
> +-            {
> +-            *errorcodeptr = ERR38;
> +-            goto FAILED;
> +-            }
> +           *code++ = n;
> +           PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */
> +           PUT(code, LINK_SIZE, 0);                          /* Default length */
> diff --git a/meta/recipes-support/libpcre/libpcre_8.44.bb b/meta/recipes-support/libpcre/libpcre_8.44.bb
> index e5471e8..81b38bb 100644
> --- a/meta/recipes-support/libpcre/libpcre_8.44.bb
> +++ b/meta/recipes-support/libpcre/libpcre_8.44.bb
> @@ -11,7 +11,8 @@ SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre-${PV}.tar.bz2 \
>             file://fix-pcre-name-collision.patch \
>             file://run-ptest \
>             file://Makefile \
> -           "
> +           file://CVE-2020-14155.patch \
> +"
>
>  SRC_URI[md5sum] = "cf7326204cc46c755b5b2608033d9d24"
>  SRC_URI[sha256sum] = "19108658b23b3ec5058edc9f66ac545ea19f9537234be1ec62b714c84399366d"
> --
> 2.7.4
>
> This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.

[poky][zeus][PATCH] libpcre: Add fix for CVE-2020-14155

[saloni]

From: Rahul Taya <Rahul.Taya@kpit.com>

Added below patch in libpcre
CVE-2020-14155.patch

This patch fixes below error:
PCRE could allow a remote attacker to execute arbitrary
code on the system, caused by an integer overflow in
libpcre via a large number after (?C substring.
By sending a request with a large number, an attacker
can execute arbitrary code on the system or
cause the application to crash.

Upstream-Status: Pending

Tested-by: Rahul Taya <Rahul.Taya@kpit.com>
Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com>
---
 .../libpcre/libpcre/CVE-2020-14155.patch           | 40 ++++++++++++++++++++++
 meta/recipes-support/libpcre/libpcre_8.44.bb       |  3 +-
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch

diff --git a/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch
new file mode 100644
index 0000000..d6cb9bf
--- /dev/null
+++ b/meta/recipes-support/libpcre/libpcre/CVE-2020-14155.patch
@@ -0,0 +1,40 @@
+--- pcre-8.43/pcre_compile.c    2020-07-05 22:26:25.310501521 +0530
++++ pcre-8.43/pcre_compile1.c   2020-07-05 22:30:22.254489562 +0530
+
+CVE: CVE-2020-14155
+Upstream-Status: Backport [https://vcs.pcre.org/pcre/code/trunk/pcre_compile.c?view=patch&r1=1761&r2=1760&pathrev=1761]
+
+@@ -6,7 +6,7 @@
+ and semantics are as close as possible to those of the Perl 5 language.
+
+                        Written by Philip Hazel
+-           Copyright (c) 1997-2018 University of Cambridge
++           Copyright (c) 1997-2020 University of Cambridge
+
+ -----------------------------------------------------------------------------
+ Redistribution and use in source and binary forms, with or without
+@@ -7130,17 +7130,19 @@
+           int n = 0;
+           ptr++;
+           while(IS_DIGIT(*ptr))
++           {
+             n = n * 10 + *ptr++ - CHAR_0;
++            if (n > 255)
++               {
++               *errorcodeptr = ERR38;
++               goto FAILED;
++               }
++            }
+           if (*ptr != CHAR_RIGHT_PARENTHESIS)
+             {
+             *errorcodeptr = ERR39;
+             goto FAILED;
+             }
+-          if (n > 255)
+-            {
+-            *errorcodeptr = ERR38;
+-            goto FAILED;
+-            }
+           *code++ = n;
+           PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */
+           PUT(code, LINK_SIZE, 0);                          /* Default length */
diff --git a/meta/recipes-support/libpcre/libpcre_8.44.bb b/meta/recipes-support/libpcre/libpcre_8.44.bb
index e5471e8..81b38bb 100644
--- a/meta/recipes-support/libpcre/libpcre_8.44.bb
+++ b/meta/recipes-support/libpcre/libpcre_8.44.bb
@@ -11,7 +11,8 @@ SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre-${PV}.tar.bz2 \
            file://fix-pcre-name-collision.patch \
            file://run-ptest \
            file://Makefile \
-           "
+           file://CVE-2020-14155.patch \
+"

 SRC_URI[md5sum] = "cf7326204cc46c755b5b2608033d9d24"
 SRC_URI[sha256sum] = "19108658b23b3ec5058edc9f66ac545ea19f9537234be1ec62b714c84399366d"
--
2.7.4

This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.