[dunfell 0/2] dunfell patch review

[dunfell 0/2] dunfell patch review

[akuster]

Two additional for reveiw. This include reverting the jsoncpp update that may have introduced an abi change.

The following changes since commit 3add820b373564478591e244226704371c1d34d1:

  wireshark: Update to 3.2.5 (2020-07-12 19:20:59 -0700)

are available in the Git repository at:

  git://git.openembedded.org/meta-openembedded-contrib stable/dunfell-nut
  http://cgit.openembedded.org/meta-openembedded-contrib/log/?h=stable/dunfell-nut

Armin Kuster (1):
  Revert "jsoncpp: upgrade 1.9.2 -> 1.9.3"

Ovidiu Panait (1):
  nss: Fix CVE-2020-12399

 .../{jsoncpp_1.9.3.bb => jsoncpp_1.9.2.bb}    |   2 +-
 ...e-a-fixed-length-for-DSA-exponentiat.patch | 110 ++++++++++++++++++
 meta-oe/recipes-support/nss/nss_3.51.1.bb     |   1 +
 3 files changed, 112 insertions(+), 1 deletion(-)
 rename meta-oe/recipes-devtools/jsoncpp/{jsoncpp_1.9.3.bb => jsoncpp_1.9.2.bb} (93%)
 create mode 100644 meta-oe/recipes-support/nss/nss/0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch

-- 
2.17.1

[dunfell 1/2] Revert "jsoncpp: upgrade 1.9.2 -> 1.9.3"

[akuster]

This reverts commit 2b384c59733c437027f9b14cc32da19251efd97b.

It appears that there was a change in soname not noted in the changelog.

https://github.com/open-source-parsers/jsoncpp/commit/8b7ea09b8055df01866a5ce4142b12ed8f9f13eb

ABI change appears to have occured.
https://abi-laboratory.pro/index.php?view=timeline&l=jsoncpp

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../jsoncpp/{jsoncpp_1.9.3.bb => jsoncpp_1.9.2.bb}              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-oe/recipes-devtools/jsoncpp/{jsoncpp_1.9.3.bb => jsoncpp_1.9.2.bb} (93%)

diff --git a/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.3.bb b/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb
similarity index 93%
rename from meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.3.bb
rename to meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb
index 97c6361ad8..a88410f2ff 100644
--- a/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.3.bb
+++ b/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb
@@ -11,7 +11,7 @@ SECTION = "libs"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=fa2a23dd1dc6c139f35105379d76df2b"
 
-SRCREV = "6aba23f4a8628d599a9ef7fa4811c4ff6e4070e2"
+SRCREV = "d2e6a971f4544c55b8e3b25cf96db266971b778f"
 SRC_URI = "git://github.com/open-source-parsers/jsoncpp"
 
 S = "${WORKDIR}/git"
-- 
2.17.1

[dunfell 2/2] nss: Fix CVE-2020-12399

[akuster]

From: Ovidiu Panait <ovidiu.panait@windriver.com>

Master (nss version 3.54) is not affected by this issue. This is a backport
from nss version 3.54.

NSS has shown timing differences when performing DSA signatures, which was
exploitable and could eventually leak private keys. This vulnerability affects
Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

Upstream patch:
https://hg.mozilla.org/projects/nss/rev/daa823a4a29bcef0fec33a379ec83857429aea2e

Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 ...e-a-fixed-length-for-DSA-exponentiat.patch | 110 ++++++++++++++++++
 meta-oe/recipes-support/nss/nss_3.51.1.bb     |   1 +
 2 files changed, 111 insertions(+)
 create mode 100644 meta-oe/recipes-support/nss/nss/0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch

diff --git a/meta-oe/recipes-support/nss/nss/0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch b/meta-oe/recipes-support/nss/nss/0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch
new file mode 100644
index 0000000000..517c277ae0
--- /dev/null
+++ b/meta-oe/recipes-support/nss/nss/0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch
@@ -0,0 +1,110 @@
+From 5942c26888ba12ad5e0d92fb62f23d7cde6dc159 Mon Sep 17 00:00:00 2001
+From: Ovidiu Panait <ovidiu.panait@windriver.com>
+Date: Mon, 13 Jul 2020 06:25:56 +0000
+Subject: [PATCH] Bug 1631576 - Force a fixed length for DSA exponentiation
+ r=pereida,bbrumley
+
+Differential Revision: https://phabricator.services.mozilla.com/D72011
+
+Upstream-Status: Backport [https://hg.mozilla.org/projects/nss/rev/daa823a4a29bcef0fec33a379ec83857429aea2e]
+
+Authored-by: Robert Relyea <rrelyea@redhat.com>
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ nss/lib/freebl/dsa.c | 45 ++++++++++++++++++++++++++++++++++----------
+ 1 file changed, 35 insertions(+), 10 deletions(-)
+
+diff --git a/nss/lib/freebl/dsa.c b/nss/lib/freebl/dsa.c
+index aef3539..389c9de 100644
+--- a/nss/lib/freebl/dsa.c
++++ b/nss/lib/freebl/dsa.c
+@@ -313,13 +313,14 @@ DSA_NewKeyFromSeed(const PQGParams *params,
+ 
+ static SECStatus
+ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
+-               const unsigned char *kb)
++               const unsigned char *kbytes)
+ {
+     mp_int p, q, g; /* PQG parameters */
+     mp_int x, k;    /* private key & pseudo-random integer */
+     mp_int r, s;    /* tuple (r, s) is signature) */
+     mp_int t;       /* holding tmp values */
+     mp_int ar;      /* holding blinding values */
++    mp_digit fuzz;  /* blinding multiplier for q */
+     mp_err err = MP_OKAY;
+     SECStatus rv = SECSuccess;
+     unsigned int dsa_subprime_len, dsa_signature_len, offset;
+@@ -373,6 +374,7 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
+     CHECK_MPI_OK(mp_init(&s));
+     CHECK_MPI_OK(mp_init(&t));
+     CHECK_MPI_OK(mp_init(&ar));
++
+     /*
+     ** Convert stored PQG and private key into MPI integers.
+     */
+@@ -380,14 +382,28 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
+     SECITEM_TO_MPINT(key->params.subPrime, &q);
+     SECITEM_TO_MPINT(key->params.base, &g);
+     SECITEM_TO_MPINT(key->privateValue, &x);
+-    OCTETS_TO_MPINT(kb, &k, dsa_subprime_len);
++    OCTETS_TO_MPINT(kbytes, &k, dsa_subprime_len);
++
++    /* k blinding  create a single value that has the high bit set in
++     * the mp_digit*/
++    if (RNG_GenerateGlobalRandomBytes(&fuzz, sizeof(mp_digit)) != SECSuccess) {
++        PORT_SetError(SEC_ERROR_NEED_RANDOM);
++        rv = SECFailure;
++        goto cleanup;
++    }
++    fuzz |= 1ULL << ((sizeof(mp_digit) * PR_BITS_PER_BYTE - 1));
+     /*
+     ** FIPS 186-1, Section 5, Step 1
+     **
+     ** r = (g**k mod p) mod q
+     */
+-    CHECK_MPI_OK(mp_exptmod(&g, &k, &p, &r)); /* r = g**k mod p */
+-    CHECK_MPI_OK(mp_mod(&r, &q, &r));         /* r = r mod q    */
++    CHECK_MPI_OK(mp_mul_d(&q, fuzz, &t)); /* t = q*fuzz */
++    CHECK_MPI_OK(mp_add(&k, &t, &t));     /* t = k+q*fuzz */
++    /* length of t is now fixed, bits in k have been blinded */
++    CHECK_MPI_OK(mp_exptmod(&g, &t, &p, &r)); /* r = g**t mod p */
++    /* r is now g**(k+q*fuzz) == g**k mod p */
++    CHECK_MPI_OK(mp_mod(&r, &q, &r)); /* r = r mod q    */
++
+     /*
+     ** FIPS 186-1, Section 5, Step 2
+     **
+@@ -411,15 +427,24 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
+     /* Using mp_invmod on k directly would leak bits from k. */
+     CHECK_MPI_OK(mp_mul(&k, &ar, &k));       /* k = k * ar */
+     CHECK_MPI_OK(mp_mulmod(&k, &t, &q, &k)); /* k = k * t mod q */
+-    CHECK_MPI_OK(mp_invmod(&k, &q, &k));     /* k = k**-1 mod q */
++    /* k is now k*t*ar */
++    CHECK_MPI_OK(mp_invmod(&k, &q, &k)); /* k = k**-1 mod q */
++    /* k is now (k*t*ar)**-1 */
+     CHECK_MPI_OK(mp_mulmod(&k, &t, &q, &k)); /* k = k * t mod q */
+-    SECITEM_TO_MPINT(localDigest, &s);       /* s = HASH(M)     */
++    /* k is now (k*ar)**-1 */
++    SECITEM_TO_MPINT(localDigest, &s); /* s = HASH(M)     */
+     /* To avoid leaking secret bits here the addition is blinded. */
+-    CHECK_MPI_OK(mp_mul(&x, &ar, &x));        /* x = x * ar */
+-    CHECK_MPI_OK(mp_mulmod(&x, &r, &q, &x));  /* x = x * r mod q */
++    CHECK_MPI_OK(mp_mul(&x, &ar, &x)); /* x = x * ar */
++    /* x is now x*ar */
++    CHECK_MPI_OK(mp_mulmod(&x, &r, &q, &x)); /* x = x * r mod q */
++    /* x is now x*r*ar */
+     CHECK_MPI_OK(mp_mulmod(&s, &ar, &q, &t)); /* t = s * ar mod q */
+-    CHECK_MPI_OK(mp_add(&t, &x, &s));         /* s = t + x */
+-    CHECK_MPI_OK(mp_mulmod(&s, &k, &q, &s));  /* s = s * k mod q */
++    /* t is now hash(M)*ar */
++    CHECK_MPI_OK(mp_add(&t, &x, &s)); /* s = t + x */
++    /* s is now (HASH(M)+x*r)*ar */
++    CHECK_MPI_OK(mp_mulmod(&s, &k, &q, &s)); /* s = s * k mod q */
++    /* s is now (HASH(M)+x*r)*ar*(k*ar)**-1 = (k**-1)*(HASH(M)+x*r) */
++
+     /*
+     ** verify r != 0 and s != 0
+     ** mentioned as optional in FIPS 186-1.
+-- 
+2.18.1
+
diff --git a/meta-oe/recipes-support/nss/nss_3.51.1.bb b/meta-oe/recipes-support/nss/nss_3.51.1.bb
index 36e6cd8fc5..c00bd34cb2 100644
--- a/meta-oe/recipes-support/nss/nss_3.51.1.bb
+++ b/meta-oe/recipes-support/nss/nss_3.51.1.bb
@@ -34,6 +34,7 @@ SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO
            file://0001-freebl-add-a-configure-option-to-disable-ARM-HW-cryp.patch \
            file://riscv.patch \
            file://0001-Enable-uint128-on-mips64.patch \
+           file://0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch \
            "
 
 SRC_URI[md5sum] = "6acaf1ddff69306ae30a908881c6f233"
-- 
2.17.1

Re: [oe] [dunfell 1/2] Revert "jsoncpp: upgrade 1.9.2 -> 1.9.3"

[Adrian Bunk]

On Fri, Jul 17, 2020 at 08:20:54AM -0700, akuster wrote:
>...
> --- a/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.3.bb
> +++ b/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb
>...

This would make the version going backwards, please add
  PV = "1.9.3+really1.9.2"

cu
Adrian

Re: [oe] [dunfell 1/2] Revert "jsoncpp: upgrade 1.9.2 -> 1.9.3"

[akuster]

On 7/17/20 10:24 AM, Adrian Bunk wrote:
> On Fri, Jul 17, 2020 at 08:20:54AM -0700, akuster wrote:
>> ...
>> --- a/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.3.bb
>> +++ b/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb
>> ...
> This would make the version going backwards, please add
>   PV = "1.9.3+really1.9.2"

right.  Wouldn't EP = "1"  do the same?
>
> cu
> Adrian

Re: [oe] [dunfell 1/2] Revert "jsoncpp: upgrade 1.9.2 -> 1.9.3"

[Adrian Bunk]

On Fri, Jul 17, 2020 at 12:16:10PM -0700, akuster808 wrote:
> 
> 
> On 7/17/20 10:24 AM, Adrian Bunk wrote:
> > On Fri, Jul 17, 2020 at 08:20:54AM -0700, akuster wrote:
> >> ...
> >> --- a/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.3.bb
> >> +++ b/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb
> >> ...
> > This would make the version going backwards, please add
> >   PV = "1.9.3+really1.9.2"
> 
> right.  Wouldn't EP = "1"  do the same?

PE (not EP) would also solve this.

The problem with an epoch is that it is permanent while
a +really version will go away with 1.9.4.

cu
Adrian

Re: [oe] [dunfell 1/2] Revert "jsoncpp: upgrade 1.9.2 -> 1.9.3"

[akuster]

On 7/17/20 12:53 PM, Adrian Bunk wrote:
> On Fri, Jul 17, 2020 at 12:16:10PM -0700, akuster808 wrote:
>>
>> On 7/17/20 10:24 AM, Adrian Bunk wrote:
>>> On Fri, Jul 17, 2020 at 08:20:54AM -0700, akuster wrote:
>>>> ...
>>>> --- a/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.3.bb
>>>> +++ b/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb
>>>> ...
>>> This would make the version going backwards, please add
>>>   PV = "1.9.3+really1.9.2"
>> right.  Wouldn't EP = "1"  do the same?
> PE (not EP) would also solve this.
right.
>
> The problem with an epoch is that it is permanent while
> a +really version will go away with 1.9.4.
I don't expect to every update to 1.9.4 as .3 may have introduced ABI
changes otherwise I would not have reverted this to begin with.

-armin
>
> cu
> Adrian

Re: [oe] [dunfell 1/2] Revert "jsoncpp: upgrade 1.9.2 -> 1.9.3"

[Adrian Bunk]

On Fri, Jul 17, 2020 at 01:57:24PM -0700, akuster808 wrote:
> 
> 
> On 7/17/20 12:53 PM, Adrian Bunk wrote:
> > On Fri, Jul 17, 2020 at 12:16:10PM -0700, akuster808 wrote:
> >>
> >> On 7/17/20 10:24 AM, Adrian Bunk wrote:
> >>> On Fri, Jul 17, 2020 at 08:20:54AM -0700, akuster wrote:
> >>>> ...
> >>>> --- a/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.3.bb
> >>>> +++ b/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb
> >>>> ...
> >>> This would make the version going backwards, please add
> >>>   PV = "1.9.3+really1.9.2"
> >> right.  Wouldn't EP = "1"  do the same?
> > PE (not EP) would also solve this.
> right.
> >
> > The problem with an epoch is that it is permanent while
> > a +really version will go away with 1.9.4.
> I don't expect to every update to 1.9.4 as .3 may have introduced ABI
> changes otherwise I would not have reverted this to begin with.

Not in dunfell.

PE would have to stay forever in master.

cu
Adrian

Re: [oe] [dunfell 1/2] Revert "jsoncpp: upgrade 1.9.2 -> 1.9.3"

[akuster]

On 7/17/20 11:15 PM, Adrian Bunk wrote:
> On Fri, Jul 17, 2020 at 01:57:24PM -0700, akuster808 wrote:
>>
>> On 7/17/20 12:53 PM, Adrian Bunk wrote:
>>> On Fri, Jul 17, 2020 at 12:16:10PM -0700, akuster808 wrote:
>>>> On 7/17/20 10:24 AM, Adrian Bunk wrote:
>>>>> On Fri, Jul 17, 2020 at 08:20:54AM -0700, akuster wrote:
>>>>>> ...
>>>>>> --- a/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.3.bb
>>>>>> +++ b/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb
>>>>>> ...
>>>>> This would make the version going backwards, please add
>>>>>   PV = "1.9.3+really1.9.2"
>>>> right.  Wouldn't EP = "1"  do the same?
>>> PE (not EP) would also solve this.
>> right.
>>> The problem with an epoch is that it is permanent while
>>> a +really version will go away with 1.9.4.
>> I don't expect to every update to 1.9.4 as .3 may have introduced ABI
>> changes otherwise I would not have reverted this to begin with.
> Not in dunfell.
>
> PE would have to stay forever in master.
Master did not change. Dunfell changed.
>
> cu
> Adrian

Re: [oe] [dunfell 1/2] Revert "jsoncpp: upgrade 1.9.2 -> 1.9.3"

[Mikko Rapeli]

Hi,

On Fri, Jul 17, 2020 at 08:24:58PM +0300, Adrian Bunk wrote:
> On Fri, Jul 17, 2020 at 08:20:54AM -0700, akuster wrote:
> >...
> > --- a/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.3.bb
> > +++ b/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.9.2.bb
> >...
> 
> This would make the version going backwards, please add
>   PV = "1.9.3+really1.9.2"

This will break CVE version checks unless CVE_VERSION is set to 1.9.2.
Please increment PE instead.

Cheers,

-Mikko

> cu
> Adrian

>