* [PATCH] connman: Backports for security fixes (2) #poky
@ 2023-03-15 13:31 VAUTRIN Emmanuel (Canal Plus Prestataire)
2023-03-15 14:19 ` [OE-core] " Alexandre Belloni
0 siblings, 1 reply; 3+ messages in thread
From: VAUTRIN Emmanuel (Canal Plus Prestataire) @ 2023-03-15 13:31 UTC (permalink / raw)
To: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 3771 bytes --]
Fixes
CVE: CVE-2022-32293
Commit b33cf2d113d0 ("connman: Backports for security fixes")
---
.../connman/connman/CVE-2022-32293_p3.patch | 67 +++++++++++++++++++
.../connman/connman_1.41.bb | 1 +
2 files changed, 68 insertions(+)
create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2022-32293_p3.patch
diff --git a/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p3.patch b/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p3.patch
new file mode 100644
index 000000000000..0fefe3e45408
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p3.patch
@@ -0,0 +1,67 @@
+From e6523511d736667e45877d588a64988e818a06fe Mon Sep 17 00:00:00 2001
+From: Daniel Wagner <wagi@monom.org>
+Date: Wed, 7 Sep 2022 20:52:20 +0200
+Subject: [PATCH] wispr: Fix context refcounting in
+ wispr_portal_request_portal()
+
+The wispr_portal_request_portal() function is expected to read until
+there is no data. Hence, the wp_context refcount is supposed to be
+hold on while reading.
+
+Furthermore, we should not return early when we read the
+X-ConnMan-Status header. Instead we are supposed to go through the
+normal return path so that we cleanup any added routing entries. Thus,
+we also don't need to update the refcount in this code path as we
+handle it at the main return path.
+
+Fixes: 416bfaff9888 ("wispr: Update portal context references")
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e6523511d736667e45877d588a64988e818a06fe]
+---
+ src/wispr.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/wispr.c b/src/wispr.c
+index 9b27af5fff55..a7562e8462f3 100644
+--- a/src/wispr.c
++++ b/src/wispr.c
+@@ -537,7 +537,8 @@ static bool wispr_route_request(const char *address, int ai_family,
+ static void wispr_portal_request_portal(
+ struct connman_wispr_portal_context *wp_context)
+ {
+- DBG("");
++ DBG("wp_context %p %s", wp_context,
++ __connman_ipconfig_type2string(wp_context->type));
+
+ wispr_portal_context_ref(wp_context);
+ wp_context->request_id = g_web_request_get(wp_context->web,
+@@ -753,7 +754,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
+ if (length > 0) {
+ g_web_parser_feed_data(wp_context->wispr_parser,
+ chunk, length);
+- wispr_portal_context_unref(wp_context);
++ /* read more data */
+ return true;
+ }
+
+@@ -783,8 +784,6 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
+ if (g_web_result_get_header(result, "X-ConnMan-Status",
+ &str)) {
+ portal_manage_status(result, wp_context);
+- wispr_portal_context_unref(wp_context);
+- return false;
+ } else {
+ wispr_portal_context_ref(wp_context);
+ __connman_agent_request_browser(wp_context->service,
+@@ -996,7 +995,8 @@ int __connman_wispr_start(struct connman_service *service,
+ struct connman_wispr_portal *wispr_portal = NULL;
+ int index, err;
+
+- DBG("service %p", service);
++ DBG("service %p %s", service,
++ __connman_ipconfig_type2string(type));
+
+ if (!wispr_portal_hash)
+ return -EINVAL;
+--
+2.25.1
+
diff --git a/meta/recipes-connectivity/connman/connman_1.41.bb b/meta/recipes-connectivity/connman/connman_1.41.bb
index 79542b2175dc..73ba673fd0a4 100644
--- a/meta/recipes-connectivity/connman/connman_1.41.bb
+++ b/meta/recipes-connectivity/connman/connman_1.41.bb
@@ -7,6 +7,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
file://no-version-scripts.patch \
file://CVE-2022-32293_p1.patch \
file://CVE-2022-32293_p2.patch \
+ file://CVE-2022-32293_p3.patch \
file://CVE-2022-32292.patch \
"
--
2.25.1
[-- Attachment #2: Type: text/html, Size: 6359 bytes --]
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [OE-core] [PATCH] connman: Backports for security fixes (2) #poky
2023-03-15 13:31 [PATCH] connman: Backports for security fixes (2) #poky VAUTRIN Emmanuel (Canal Plus Prestataire)
@ 2023-03-15 14:19 ` Alexandre Belloni
2023-03-15 14:30 ` VAUTRIN Emmanuel (Canal Plus Prestataire)
0 siblings, 1 reply; 3+ messages in thread
From: Alexandre Belloni @ 2023-03-15 14:19 UTC (permalink / raw)
To: VAUTRIN Emmanuel (Canal Plus Prestataire); +Cc: openembedded-core
Hello,
On 15/03/2023 06:31:36-0700, VAUTRIN Emmanuel (Canal Plus Prestataire) wrote:
> Fixes
> CVE: CVE-2022-32293
>
> Commit b33cf2d113d0 ("connman: Backports for security fixes")
Your SoB is required here.
> ---
> .../connman/connman/CVE-2022-32293_p3.patch� �| 67 +++++++++++++++++++
> .../connman/connman_1.41.bb� � � � � � � � � �|� 1 +
> 2 files changed, 68 insertions(+)
> create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2022-32293_p3.patch
>
> diff --git a/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p3.patch b/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p3.patch
> new file mode 100644
> index 000000000000..0fefe3e45408
> --- /dev/null
> +++ b/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p3.patch
> @@ -0,0 +1,67 @@
> +From e6523511d736667e45877d588a64988e818a06fe Mon Sep 17 00:00:00 2001
> +From: Daniel Wagner <wagi@monom.org>
> +Date: Wed, 7 Sep 2022 20:52:20 +0200
> +Subject: [PATCH] wispr: Fix context refcounting in
> + wispr_portal_request_portal()
> +
> +The wispr_portal_request_portal() function is expected to read until
> +there is no data. Hence, the wp_context refcount is supposed to be
> +hold on while reading.
> +
> +Furthermore, we should not return early when we read the
> +X-ConnMan-Status header. Instead we are supposed to go through the
> +normal return path so that we cleanup any added routing entries. Thus,
> +we also don't need to update the refcount in this code path as we
> +handle it at the main return path.
> +
> +Fixes: 416bfaff9888 ("wispr: Update portal context references")
> +Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e6523511d736667e45877d588a64988e818a06fe]
> +---
> + src/wispr.c | 10 +++++-----
> + 1 file changed, 5 insertions(+), 5 deletions(-)
> +
> +diff --git a/src/wispr.c b/src/wispr.c
> +index 9b27af5fff55..a7562e8462f3 100644
> +--- a/src/wispr.c
> ++++ b/src/wispr.c
> +@@ -537,7 +537,8 @@ static bool wispr_route_request(const char *address, int ai_family,
> + static void wispr_portal_request_portal(
> + struct connman_wispr_portal_context *wp_context)
> + {
> +- DBG("");
> ++ DBG("wp_context %p %s", wp_context,
> ++ __connman_ipconfig_type2string(wp_context->type));
> +
> + wispr_portal_context_ref(wp_context);
> + wp_context->request_id = g_web_request_get(wp_context->web,
> +@@ -753,7 +754,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
> + if (length > 0) {
> + g_web_parser_feed_data(wp_context->wispr_parser,
> + chunk, length);
> +- wispr_portal_context_unref(wp_context);
> ++ /* read more data */
> + return true;
> + }
> +
> +@@ -783,8 +784,6 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
> + if (g_web_result_get_header(result, "X-ConnMan-Status",
> + &str)) {
> + portal_manage_status(result, wp_context);
> +- wispr_portal_context_unref(wp_context);
> +- return false;
> + } else {
> + wispr_portal_context_ref(wp_context);
> + __connman_agent_request_browser(wp_context->service,
> +@@ -996,7 +995,8 @@ int __connman_wispr_start(struct connman_service *service,
> + struct connman_wispr_portal *wispr_portal = NULL;
> + int index, err;
> +
> +- DBG("service %p", service);
> ++ DBG("service %p %s", service,
> ++ __connman_ipconfig_type2string(type));
> +
> + if (!wispr_portal_hash)
> + return -EINVAL;
> +--
> +2.25.1
> +
> diff --git a/meta/recipes-connectivity/connman/connman_1.41.bb b/meta/recipes-connectivity/connman/connman_1.41.bb
> index 79542b2175dc..73ba673fd0a4 100644
> --- a/meta/recipes-connectivity/connman/connman_1.41.bb
> +++ b/meta/recipes-connectivity/connman/connman_1.41.bb
> @@ -7,6 +7,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
> file://no-version-scripts.patch \
> file://CVE-2022-32293_p1.patch \
> file://CVE-2022-32293_p2.patch \
> +� � � � � �file://CVE-2022-32293_p3.patch \
> file://CVE-2022-32292.patch \
> "
>
> --
> 2.25.1
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#178547): https://lists.openembedded.org/g/openembedded-core/message/178547
> Mute This Topic: https://lists.openembedded.org/mt/97627289/3617179
> Mute #poky:https://lists.openembedded.org/g/openembedded-core/mutehashtag/poky
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alexandre.belloni@bootlin.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
--
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] connman: Backports for security fixes (2) #poky
2023-03-15 14:19 ` [OE-core] " Alexandre Belloni
@ 2023-03-15 14:30 ` VAUTRIN Emmanuel (Canal Plus Prestataire)
0 siblings, 0 replies; 3+ messages in thread
From: VAUTRIN Emmanuel (Canal Plus Prestataire) @ 2023-03-15 14:30 UTC (permalink / raw)
To: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 3837 bytes --]
Fixes
CVE: CVE-2022-32293
Commit b33cf2d113d0 ("connman: Backports for security fixes")
Signed-off-by: Emmanuel Vautrin <Emmanuel.VAUTRIN@cpexterne.org>
---
.../connman/connman/CVE-2022-32293_p3.patch | 67 +++++++++++++++++++
.../connman/connman_1.41.bb | 1 +
2 files changed, 68 insertions(+)
create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2022-32293_p3.patch
diff --git a/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p3.patch b/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p3.patch
new file mode 100644
index 000000000000..0fefe3e45408
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p3.patch
@@ -0,0 +1,67 @@
+From e6523511d736667e45877d588a64988e818a06fe Mon Sep 17 00:00:00 2001
+From: Daniel Wagner <wagi@monom.org>
+Date: Wed, 7 Sep 2022 20:52:20 +0200
+Subject: [PATCH] wispr: Fix context refcounting in
+ wispr_portal_request_portal()
+
+The wispr_portal_request_portal() function is expected to read until
+there is no data. Hence, the wp_context refcount is supposed to be
+hold on while reading.
+
+Furthermore, we should not return early when we read the
+X-ConnMan-Status header. Instead we are supposed to go through the
+normal return path so that we cleanup any added routing entries. Thus,
+we also don't need to update the refcount in this code path as we
+handle it at the main return path.
+
+Fixes: 416bfaff9888 ("wispr: Update portal context references")
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e6523511d736667e45877d588a64988e818a06fe]
+---
+ src/wispr.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/wispr.c b/src/wispr.c
+index 9b27af5fff55..a7562e8462f3 100644
+--- a/src/wispr.c
++++ b/src/wispr.c
+@@ -537,7 +537,8 @@ static bool wispr_route_request(const char *address, int ai_family,
+ static void wispr_portal_request_portal(
+ struct connman_wispr_portal_context *wp_context)
+ {
+- DBG("");
++ DBG("wp_context %p %s", wp_context,
++ __connman_ipconfig_type2string(wp_context->type));
+
+ wispr_portal_context_ref(wp_context);
+ wp_context->request_id = g_web_request_get(wp_context->web,
+@@ -753,7 +754,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
+ if (length > 0) {
+ g_web_parser_feed_data(wp_context->wispr_parser,
+ chunk, length);
+- wispr_portal_context_unref(wp_context);
++ /* read more data */
+ return true;
+ }
+
+@@ -783,8 +784,6 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data)
+ if (g_web_result_get_header(result, "X-ConnMan-Status",
+ &str)) {
+ portal_manage_status(result, wp_context);
+- wispr_portal_context_unref(wp_context);
+- return false;
+ } else {
+ wispr_portal_context_ref(wp_context);
+ __connman_agent_request_browser(wp_context->service,
+@@ -996,7 +995,8 @@ int __connman_wispr_start(struct connman_service *service,
+ struct connman_wispr_portal *wispr_portal = NULL;
+ int index, err;
+
+- DBG("service %p", service);
++ DBG("service %p %s", service,
++ __connman_ipconfig_type2string(type));
+
+ if (!wispr_portal_hash)
+ return -EINVAL;
+--
+2.25.1
+
diff --git a/meta/recipes-connectivity/connman/connman_1.41.bb b/meta/recipes-connectivity/connman/connman_1.41.bb
index 79542b2175dc..73ba673fd0a4 100644
--- a/meta/recipes-connectivity/connman/connman_1.41.bb
+++ b/meta/recipes-connectivity/connman/connman_1.41.bb
@@ -7,6 +7,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
file://no-version-scripts.patch \
file://CVE-2022-32293_p1.patch \
file://CVE-2022-32293_p2.patch \
+ file://CVE-2022-32293_p3.patch \
file://CVE-2022-32292.patch \
"
--
2.25.1
[-- Attachment #2: Type: text/html, Size: 6442 bytes --]
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-03-15 14:30 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-15 13:31 [PATCH] connman: Backports for security fixes (2) #poky VAUTRIN Emmanuel (Canal Plus Prestataire)
2023-03-15 14:19 ` [OE-core] " Alexandre Belloni
2023-03-15 14:30 ` VAUTRIN Emmanuel (Canal Plus Prestataire)
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.