Date
1 - 16 of 16
[meta][kirkstone][PATCH 2/2] curl: Add fix for CVE-2023-23916
Pawan Badganchi
From: Pawan Badganchi <badganchipv@...>
Add below patch to fix CVE-2023-23916
CVE-2023-23916.patch
Link: https://curl.se/docs/CVE-2023-23916.html
Signed-off-by: Pawan Badganchi <Pawan.Badganchi@...>
Signed-off-by: Pawan Badganchi <badganchipv@...>
---
.../curl/curl/CVE-2023-23916.patch | 222 ++++++++++++++++++
meta/recipes-support/curl/curl_7.82.0.bb | 1 +
2 files changed, 223 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-23916.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2023-23916.patch b/meta/recipes-support/curl/curl/CVE-2023-23916.patch
new file mode 100644
index 0000000000..6a1be173cd
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-23916.patch
@@ -0,0 +1,222 @@
+Backport of:
+
+From 119fb187192a9ea13dc90d9d20c215fc82799ab9 Mon Sep 17 00:00:00 2001
+From: Patrick Monnerat <patrick@...>
+Date: Mon, 13 Feb 2023 08:33:09 +0100
+Subject: [PATCH] content_encoding: do not reset stage counter for each header
+
+Test 418 verifies
+
+Closes #10492
+
+CVE: CVE-2023-23916
+Upstream-Status: Backport [https://github.com/curl/curl/commit/119fb187192a9ea13dc.patch]
+Signed-off-by: Pawan Badganchi <Pawan.Badganchi@...>
+---
+ lib/content_encoding.c | 7 +-
+ lib/urldata.h | 1 +
+ tests/data/Makefile.inc | 2 +-
+ tests/data/test387 | 2 +-
+ tests/data/test418 | 152 ++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 158 insertions(+), 6 deletions(-)
+ create mode 100644 tests/data/test418
+
+--- a/lib/content_encoding.c
++++ b/lib/content_encoding.c
+@@ -1035,7 +1035,6 @@ CURLcode Curl_build_unencoding_stack(str
+ const char *enclist, int maybechunked)
+ {
+ struct SingleRequest *k = &data->req;
+- int counter = 0;
+
+ do {
+ const char *name;
+@@ -1070,9 +1069,9 @@ CURLcode Curl_build_unencoding_stack(str
+ if(!encoding)
+ encoding = &error_encoding; /* Defer error at stack use. */
+
+- if(++counter >= MAX_ENCODE_STACK) {
+- failf(data, "Reject response due to %u content encodings",
+- counter);
++ if(k->writer_stack_depth++ >= MAX_ENCODE_STACK) {
++ failf(data, "Reject response due to more than %u content encodings",
++ MAX_ENCODE_STACK);
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+ /* Stack the unencoding stage. */
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -708,6 +708,7 @@ struct SingleRequest {
+ struct dohdata *doh; /* DoH specific data for this request */
+ #endif
+ unsigned char setcookies;
++ unsigned char writer_stack_depth; /* Unencoding stack depth. */
+ BIT(header); /* incoming data has HTTP header */
+ BIT(content_range); /* set TRUE if Content-Range: was found */
+ BIT(upload_done); /* set to TRUE when doing chunked transfer-encoding
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -66,7 +66,7 @@ test370 test371 \
+ test392 test393 test394 test395 test396 test397 \
+ \
+ test400 test401 test402 test403 test404 test405 test406 test407 test408 \
+-test409 test410 \
++test409 test410 test418 \
+ \
+ test430 test431 test432 test433 test434 test435 test446 \
+ \
+--- /dev/null
++++ b/tests/data/test418
+@@ -0,0 +1,152 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++gzip
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<data nocheck="yes">
++HTTP/1.1 200 OK
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++
++-foo-
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++ <name>
++Response with multiple Transfer-Encoding headers
++ </name>
++ <command>
++http://%HOSTIP:%HTTPPORT/%TESTNUMBER -sS
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<protocol crlf="yes">
++GET /%TESTNUMBER HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++User-Agent: curl/%VERSION
++Accept: */*
++
++</protocol>
++
++# CURLE_BAD_CONTENT_ENCODING is 61
++<errorcode>
++61
++</errorcode>
++<stderr mode="text">
++curl: (61) Reject response due to more than 5 content encodings
++</stderr>
++</verify>
++</testcase>
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb
index b583060889..945745cdde 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -39,6 +39,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
file://CVE-2023-23914_5-3.patch \
file://CVE-2023-23914_5-4.patch \
file://CVE-2023-23914_5-5.patch \
+ file://CVE-2023-23916.patch \
"
SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
--
2.38.1
Add below patch to fix CVE-2023-23916
CVE-2023-23916.patch
Link: https://curl.se/docs/CVE-2023-23916.html
Signed-off-by: Pawan Badganchi <Pawan.Badganchi@...>
Signed-off-by: Pawan Badganchi <badganchipv@...>
---
.../curl/curl/CVE-2023-23916.patch | 222 ++++++++++++++++++
meta/recipes-support/curl/curl_7.82.0.bb | 1 +
2 files changed, 223 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-23916.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2023-23916.patch b/meta/recipes-support/curl/curl/CVE-2023-23916.patch
new file mode 100644
index 0000000000..6a1be173cd
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-23916.patch
@@ -0,0 +1,222 @@
+Backport of:
+
+From 119fb187192a9ea13dc90d9d20c215fc82799ab9 Mon Sep 17 00:00:00 2001
+From: Patrick Monnerat <patrick@...>
+Date: Mon, 13 Feb 2023 08:33:09 +0100
+Subject: [PATCH] content_encoding: do not reset stage counter for each header
+
+Test 418 verifies
+
+Closes #10492
+
+CVE: CVE-2023-23916
+Upstream-Status: Backport [https://github.com/curl/curl/commit/119fb187192a9ea13dc.patch]
+Signed-off-by: Pawan Badganchi <Pawan.Badganchi@...>
+---
+ lib/content_encoding.c | 7 +-
+ lib/urldata.h | 1 +
+ tests/data/Makefile.inc | 2 +-
+ tests/data/test387 | 2 +-
+ tests/data/test418 | 152 ++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 158 insertions(+), 6 deletions(-)
+ create mode 100644 tests/data/test418
+
+--- a/lib/content_encoding.c
++++ b/lib/content_encoding.c
+@@ -1035,7 +1035,6 @@ CURLcode Curl_build_unencoding_stack(str
+ const char *enclist, int maybechunked)
+ {
+ struct SingleRequest *k = &data->req;
+- int counter = 0;
+
+ do {
+ const char *name;
+@@ -1070,9 +1069,9 @@ CURLcode Curl_build_unencoding_stack(str
+ if(!encoding)
+ encoding = &error_encoding; /* Defer error at stack use. */
+
+- if(++counter >= MAX_ENCODE_STACK) {
+- failf(data, "Reject response due to %u content encodings",
+- counter);
++ if(k->writer_stack_depth++ >= MAX_ENCODE_STACK) {
++ failf(data, "Reject response due to more than %u content encodings",
++ MAX_ENCODE_STACK);
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+ /* Stack the unencoding stage. */
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -708,6 +708,7 @@ struct SingleRequest {
+ struct dohdata *doh; /* DoH specific data for this request */
+ #endif
+ unsigned char setcookies;
++ unsigned char writer_stack_depth; /* Unencoding stack depth. */
+ BIT(header); /* incoming data has HTTP header */
+ BIT(content_range); /* set TRUE if Content-Range: was found */
+ BIT(upload_done); /* set to TRUE when doing chunked transfer-encoding
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -66,7 +66,7 @@ test370 test371 \
+ test392 test393 test394 test395 test396 test397 \
+ \
+ test400 test401 test402 test403 test404 test405 test406 test407 test408 \
+-test409 test410 \
++test409 test410 test418 \
+ \
+ test430 test431 test432 test433 test434 test435 test446 \
+ \
+--- /dev/null
++++ b/tests/data/test418
+@@ -0,0 +1,152 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++gzip
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<data nocheck="yes">
++HTTP/1.1 200 OK
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++
++-foo-
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++ <name>
++Response with multiple Transfer-Encoding headers
++ </name>
++ <command>
++http://%HOSTIP:%HTTPPORT/%TESTNUMBER -sS
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<protocol crlf="yes">
++GET /%TESTNUMBER HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++User-Agent: curl/%VERSION
++Accept: */*
++
++</protocol>
++
++# CURLE_BAD_CONTENT_ENCODING is 61
++<errorcode>
++61
++</errorcode>
++<stderr mode="text">
++curl: (61) Reject response due to more than 5 content encodings
++</stderr>
++</verify>
++</testcase>
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb
index b583060889..945745cdde 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -39,6 +39,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
file://CVE-2023-23914_5-3.patch \
file://CVE-2023-23914_5-4.patch \
file://CVE-2023-23914_5-5.patch \
+ file://CVE-2023-23916.patch \
"
SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
--
2.38.1
Steve Sakoman
On Thu, Mar 23, 2023 at 9:57 PM Pawan Badganchi <badganchipv@...> wrote:
Applying patch CVE-2023-23916.patch
patching file lib/content_encoding.c
patching file lib/urldata.h
patching file tests/data/Makefile.inc
Hunk #1 succeeded at 68 with fuzz 2 (offset 2 lines).
patching file tests/data/test418
Please send v2 which corrects this.
Thanks!
Steve
I'm getting fuzz errors with this patch:
From: Pawan Badganchi <badganchipv@...>
Add below patch to fix CVE-2023-23916
CVE-2023-23916.patch
Applying patch CVE-2023-23916.patch
patching file lib/content_encoding.c
patching file lib/urldata.h
patching file tests/data/Makefile.inc
Hunk #1 succeeded at 68 with fuzz 2 (offset 2 lines).
patching file tests/data/test418
Please send v2 which corrects this.
Thanks!
Steve
Link: https://curl.se/docs/CVE-2023-23916.html
Signed-off-by: Pawan Badganchi <Pawan.Badganchi@...>
Signed-off-by: Pawan Badganchi <badganchipv@...>
---
.../curl/curl/CVE-2023-23916.patch | 222 ++++++++++++++++++
meta/recipes-support/curl/curl_7.82.0.bb | 1 +
2 files changed, 223 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-23916.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2023-23916.patch b/meta/recipes-support/curl/curl/CVE-2023-23916.patch
new file mode 100644
index 0000000000..6a1be173cd
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-23916.patch
@@ -0,0 +1,222 @@
+Backport of:
+
+From 119fb187192a9ea13dc90d9d20c215fc82799ab9 Mon Sep 17 00:00:00 2001
+From: Patrick Monnerat <patrick@...>
+Date: Mon, 13 Feb 2023 08:33:09 +0100
+Subject: [PATCH] content_encoding: do not reset stage counter for each header
+
+Test 418 verifies
+
+Closes #10492
+
+CVE: CVE-2023-23916
+Upstream-Status: Backport [https://github.com/curl/curl/commit/119fb187192a9ea13dc.patch]
+Signed-off-by: Pawan Badganchi <Pawan.Badganchi@...>
+---
+ lib/content_encoding.c | 7 +-
+ lib/urldata.h | 1 +
+ tests/data/Makefile.inc | 2 +-
+ tests/data/test387 | 2 +-
+ tests/data/test418 | 152 ++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 158 insertions(+), 6 deletions(-)
+ create mode 100644 tests/data/test418
+
+--- a/lib/content_encoding.c
++++ b/lib/content_encoding.c
+@@ -1035,7 +1035,6 @@ CURLcode Curl_build_unencoding_stack(str
+ const char *enclist, int maybechunked)
+ {
+ struct SingleRequest *k = &data->req;
+- int counter = 0;
+
+ do {
+ const char *name;
+@@ -1070,9 +1069,9 @@ CURLcode Curl_build_unencoding_stack(str
+ if(!encoding)
+ encoding = &error_encoding; /* Defer error at stack use. */
+
+- if(++counter >= MAX_ENCODE_STACK) {
+- failf(data, "Reject response due to %u content encodings",
+- counter);
++ if(k->writer_stack_depth++ >= MAX_ENCODE_STACK) {
++ failf(data, "Reject response due to more than %u content encodings",
++ MAX_ENCODE_STACK);
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+ /* Stack the unencoding stage. */
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -708,6 +708,7 @@ struct SingleRequest {
+ struct dohdata *doh; /* DoH specific data for this request */
+ #endif
+ unsigned char setcookies;
++ unsigned char writer_stack_depth; /* Unencoding stack depth. */
+ BIT(header); /* incoming data has HTTP header */
+ BIT(content_range); /* set TRUE if Content-Range: was found */
+ BIT(upload_done); /* set to TRUE when doing chunked transfer-encoding
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -66,7 +66,7 @@ test370 test371 \
+ test392 test393 test394 test395 test396 test397 \
+ \
+ test400 test401 test402 test403 test404 test405 test406 test407 test408 \
+-test409 test410 \
++test409 test410 test418 \
+ \
+ test430 test431 test432 test433 test434 test435 test446 \
+ \
+--- /dev/null
++++ b/tests/data/test418
+@@ -0,0 +1,152 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++gzip
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<data nocheck="yes">
++HTTP/1.1 200 OK
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++Transfer-Encoding: gzip
++
++-foo-
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++ <name>
++Response with multiple Transfer-Encoding headers
++ </name>
++ <command>
++http://%HOSTIP:%HTTPPORT/%TESTNUMBER -sS
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<protocol crlf="yes">
++GET /%TESTNUMBER HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++User-Agent: curl/%VERSION
++Accept: */*
++
++</protocol>
++
++# CURLE_BAD_CONTENT_ENCODING is 61
++<errorcode>
++61
++</errorcode>
++<stderr mode="text">
++curl: (61) Reject response due to more than 5 content encodings
++</stderr>
++</verify>
++</testcase>
diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb
index b583060889..945745cdde 100644
--- a/meta/recipes-support/curl/curl_7.82.0.bb
+++ b/meta/recipes-support/curl/curl_7.82.0.bb
@@ -39,6 +39,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
file://CVE-2023-23914_5-3.patch \
file://CVE-2023-23914_5-4.patch \
file://CVE-2023-23914_5-5.patch \
+ file://CVE-2023-23916.patch \
"
SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
--
2.38.1
Pawan Badganchi
Hello Steve,
Could you please build again including CVE-2023-23914 And CVE-2023-23195.
On Fri, 24 Mar, 2023, 9:10 pm Steve Sakoman, <steve@...> wrote:
On Thu, Mar 23, 2023 at 9:57 PM Pawan Badganchi <badganchipv@...> wrote:
>
> From: Pawan Badganchi <badganchipv@...>
>
> Add below patch to fix CVE-2023-23916
>
> CVE-2023-23916.patch
I'm getting fuzz errors with this patch:
Applying patch CVE-2023-23916.patch
patching file lib/content_encoding.c
patching file lib/urldata.h
patching file tests/data/Makefile.inc
Hunk #1 succeeded at 68 with fuzz 2 (offset 2 lines).
patching file tests/data/test418
Please send v2 which corrects this.
Thanks!
Steve
>
> Link: https://curl.se/docs/CVE-2023-23916.html
>
> Signed-off-by: Pawan Badganchi <Pawan.Badganchi@...>
> Signed-off-by: Pawan Badganchi <badganchipv@...>
> ---
> .../curl/curl/CVE-2023-23916.patch | 222 ++++++++++++++++++
> meta/recipes-support/curl/curl_7.82.0.bb | 1 +
> 2 files changed, 223 insertions(+)
> create mode 100644 meta/recipes-support/curl/curl/CVE-2023-23916.patch
>
> diff --git a/meta/recipes-support/curl/curl/CVE-2023-23916.patch b/meta/recipes-support/curl/curl/CVE-2023-23916.patch
> new file mode 100644
> index 0000000000..6a1be173cd
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/CVE-2023-23916.patch
> @@ -0,0 +1,222 @@
> +Backport of:
> +
> +From 119fb187192a9ea13dc90d9d20c215fc82799ab9 Mon Sep 17 00:00:00 2001
> +From: Patrick Monnerat <patrick@...>
> +Date: Mon, 13 Feb 2023 08:33:09 +0100
> +Subject: [PATCH] content_encoding: do not reset stage counter for each header
> +
> +Test 418 verifies
> +
> +Closes #10492
> +
> +CVE: CVE-2023-23916
> +Upstream-Status: Backport [https://github.com/curl/curl/commit/119fb187192a9ea13dc.patch]
> +Signed-off-by: Pawan Badganchi <Pawan.Badganchi@...>
> +---
> + lib/content_encoding.c | 7 +-
> + lib/urldata.h | 1 +
> + tests/data/Makefile.inc | 2 +-
> + tests/data/test387 | 2 +-
> + tests/data/test418 | 152 ++++++++++++++++++++++++++++++++++++++++
> + 5 files changed, 158 insertions(+), 6 deletions(-)
> + create mode 100644 tests/data/test418
> +
> +--- a/lib/content_encoding.c
> ++++ b/lib/content_encoding.c
> +@@ -1035,7 +1035,6 @@ CURLcode Curl_build_unencoding_stack(str
> + const char *enclist, int maybechunked)
> + {
> + struct SingleRequest *k = &data->req;
> +- int counter = 0;
> +
> + do {
> + const char *name;
> +@@ -1070,9 +1069,9 @@ CURLcode Curl_build_unencoding_stack(str
> + if(!encoding)
> + encoding = &error_encoding; /* Defer error at stack use. */
> +
> +- if(++counter >= MAX_ENCODE_STACK) {
> +- failf(data, "Reject response due to %u content encodings",
> +- counter);
> ++ if(k->writer_stack_depth++ >= MAX_ENCODE_STACK) {
> ++ failf(data, "Reject response due to more than %u content encodings",
> ++ MAX_ENCODE_STACK);
> + return CURLE_BAD_CONTENT_ENCODING;
> + }
> + /* Stack the unencoding stage. */
> +--- a/lib/urldata.h
> ++++ b/lib/urldata.h
> +@@ -708,6 +708,7 @@ struct SingleRequest {
> + struct dohdata *doh; /* DoH specific data for this request */
> + #endif
> + unsigned char setcookies;
> ++ unsigned char writer_stack_depth; /* Unencoding stack depth. */
> + BIT(header); /* incoming data has HTTP header */
> + BIT(content_range); /* set TRUE if Content-Range: was found */
> + BIT(upload_done); /* set to TRUE when doing chunked transfer-encoding
> +--- a/tests/data/Makefile.inc
> ++++ b/tests/data/Makefile.inc
> +@@ -66,7 +66,7 @@ test370 test371 \
> + test392 test393 test394 test395 test396 test397 \
> + \
> + test400 test401 test402 test403 test404 test405 test406 test407 test408 \
> +-test409 test410 \
> ++test409 test410 test418 \
> + \
> + test430 test431 test432 test433 test434 test435 test446 \
> + \
> +--- /dev/null
> ++++ b/tests/data/test418
> +@@ -0,0 +1,152 @@
> ++<testcase>
> ++<info>
> ++<keywords>
> ++HTTP
> ++gzip
> ++</keywords>
> ++</info>
> ++
> ++#
> ++# Server-side
> ++<reply>
> ++<data nocheck="yes">
> ++HTTP/1.1 200 OK
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++Transfer-Encoding: gzip
> ++
> ++-foo-
> ++</data>
> ++</reply>
> ++
> ++#
> ++# Client-side
> ++<client>
> ++<server>
> ++http
> ++</server>
> ++ <name>
> ++Response with multiple Transfer-Encoding headers
> ++ </name>
> ++ <command>
> ++http://%HOSTIP:%HTTPPORT/%TESTNUMBER -sS
> ++</command>
> ++</client>
> ++
> ++#
> ++# Verify data after the test has been "shot"
> ++<verify>
> ++<protocol crlf="yes">
> ++GET /%TESTNUMBER HTTP/1.1
> ++Host: %HOSTIP:%HTTPPORT
> ++User-Agent: curl/%VERSION
> ++Accept: */*
> ++
> ++</protocol>
> ++
> ++# CURLE_BAD_CONTENT_ENCODING is 61
> ++<errorcode>
> ++61
> ++</errorcode>
> ++<stderr mode="text">
> ++curl: (61) Reject response due to more than 5 content encodings
> ++</stderr>
> ++</verify>
> ++</testcase>
> diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb
> index b583060889..945745cdde 100644
> --- a/meta/recipes-support/curl/curl_7.82.0.bb
> +++ b/meta/recipes-support/curl/curl_7.82.0.bb
> @@ -39,6 +39,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
> file://CVE-2023-23914_5-3.patch \
> file://CVE-2023-23914_5-4.patch \
> file://CVE-2023-23914_5-5.patch \
> + file://CVE-2023-23916.patch \
> "
> SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"
>
> --
> 2.38.1
>
>
>
>
Steve Sakoman
On Tue, Mar 28, 2023 at 9:38 PM Pawan Badganchi <badganchipv@...> wrote:
https://git.yoctoproject.org/poky/commit/?h=kirkstone&id=64eba948a9794c4f37d2473ad2bc3a17db2c3766
Once a patch has been merged it is too late to send a new version. At
this point your options are:
1. Send a correction to the above patch with an explanation in the
commit message as to why it is necessary.
2. Send a series which includes a revert of the above patch (again
with explanation as to why it is necessary) along with the revised
patch.
Steve
We have the following patch in kirkstone already:
Hello steve,
Could you please build this patch with below patch. This is the latest version and please ignore previous sent patches.
https://lists.openembedded.org/g/openembedded-core/message/179015
https://git.yoctoproject.org/poky/commit/?h=kirkstone&id=64eba948a9794c4f37d2473ad2bc3a17db2c3766
Once a patch has been merged it is too late to send a new version. At
this point your options are:
1. Send a correction to the above patch with an explanation in the
commit message as to why it is necessary.
2. Send a series which includes a revert of the above patch (again
with explanation as to why it is necessary) along with the revised
patch.
Steve
Pawan Badganchi
On Mon, Apr 3, 2023 at 03:34 AM, Pawan Badganchi wrote:
I am talking about this cve CVE-2023-23916.
Could you please build this patch as CVE-2023-23914, CVE-2023-23915 patches are already present on upstream kirkstone branch.
Hi steve,Hi steve,
I am talking about this cve CVE-2023-23916.
Could you please build this patch
I am talking about this cve CVE-2023-23916.
Could you please build this patch as CVE-2023-23914, CVE-2023-23915 patches are already present on upstream kirkstone branch.
Steve Sakoman
On Mon, Apr 3, 2023 at 12:41 AM Pawan Badganchi <badganchipv@...> wrote:
https://lists.openembedded.org/g/openembedded-core/message/179016
the reason I have not taken this patch is that it has fuzz errors:
WARNING: curl-native-7.82.0-r0 do_patch: Fuzz detected:
Applying patch CVE-2023-23916.patch
patching file lib/content_encoding.c
patching file lib/urldata.h
patching file tests/data/Makefile.inc
Hunk #1 succeeded at 68 with fuzz 2 (offset 2 lines).
patching file tests/data/test418
Please submit a v2 with this fixed and I can then take the patch.
Thanks!
Steve
As I mentioned in:
On Mon, Apr 3, 2023 at 03:34 AM, Pawan Badganchi wrote:
Hi steve,
I am talking about this cve CVE-2023-23916.
Could you please build this patch
Hi steve,
I am talking about this cve CVE-2023-23916.
Could you please build this patch as CVE-2023-23914, CVE-2023-23915 patches are already present on upstream kirkstone branch.
https://lists.openembedded.org/g/openembedded-core/message/179016
the reason I have not taken this patch is that it has fuzz errors:
WARNING: curl-native-7.82.0-r0 do_patch: Fuzz detected:
Applying patch CVE-2023-23916.patch
patching file lib/content_encoding.c
patching file lib/urldata.h
patching file tests/data/Makefile.inc
Hunk #1 succeeded at 68 with fuzz 2 (offset 2 lines).
patching file tests/data/test418
Please submit a v2 with this fixed and I can then take the patch.
Thanks!
Steve
Pawan Badganchi
Hi steve,
This patch is depends on below patch, if u build with this patch it will not give fuzz error.
You no need to take this patch also now because in kirkstone it is already available.
Could you please build once again, i think fuz error will not get.
https://lists.openembedded.org/g/openembedded-core/message/179015
This patch is depends on below patch, if u build with this patch it will not give fuzz error.
You no need to take this patch also now because in kirkstone it is already available.
Could you please build once again, i think fuz error will not get.
https://lists.openembedded.org/g/openembedded-core/message/179015
Steve Sakoman
Hi Pawan,
Please do a fresh clone of kirkstone.
Note that "curl: Add fix for CVE-2023-23914, CVE-2023-23915" is present.
Apply this patch.
Note the fuzz error.
Steve
toggle quoted message
Show quoted text
Please do a fresh clone of kirkstone.
Note that "curl: Add fix for CVE-2023-23914, CVE-2023-23915" is present.
Apply this patch.
Note the fuzz error.
Steve
On Mon, Apr 3, 2023 at 5:22 AM Pawan Badganchi <badganchipv@...> wrote:
Hi steve,
This patch is depends on below patch, if u build with this patch it will not give fuzz error.
You no need to take this patch also now because in kirkstone it is already available.
Could you please build once again, i think fuz error will not get.
https://lists.openembedded.org/g/openembedded-core/message/179015
Steve Sakoman
On Mon, Apr 3, 2023 at 5:45 AM Pawan Badganchi <badganchipv@...> wrote:
you will see the fuzz error.
Steve
You didn't actually try to build curl! Please do a 'bitbake curl' and
Hi Steve,
I have cloned kirkstone and applied this patch. Please find the attached screenshots below.
Could you please build again, it will get build for sure.
you will see the fuzz error.
Steve
Steve Sakoman
Could you please build againOK, but as expected it still fails!
steve@hexa ~/test $ git clone https://git.yoctoproject.org/poky
Cloning into 'poky'...
remote: Enumerating objects: 598292, done.
remote: Counting objects: 100% (607/607), done.
remote: Compressing objects: 100% (329/329), done.
remote: Total 598292 (delta 412), reused 338 (delta 274), pack-reused 597685
Receiving objects: 100% (598292/598292), 190.71 MiB | 11.72 MiB/s, done.
Resolving deltas: 100% (435720/435720), done.
steve@hexa ~/test $ cd poky/
steve@hexa ~/test/poky (master) $ git checkout origin/kirkstone
Note: switching to 'origin/kirkstone'.
<snip>
HEAD is now at 407c3e0237 systemd: fix wrong nobody-group assignment
steve@hexa ~/test/poky ((HEAD detached at origin/kirkstone)) $ git am
-3 ~/Downloads/meta-kirkstone-2-2-curl-Add-fix-for-CVE-2023-23916.patch
Applying: curl: Add fix for CVE-2023-23916
steve@hexa ~/test/poky ((HEAD detached from origin/kirkstone)) $
source oe-init-build-env
<snip>
steve@hexa ~/test/poky/build ((HEAD detached from origin/kirkstone)) $
bitbake curl
Loading cache: 100% |
| ETA: --:--:--
Loaded 0 entries from dependency cache.
Parsing recipes: 100%
|########################################################################################################################################################################################################################################################################################|
Time: 0:00:19
Parsing of 882 .bb files complete (0 cached, 882 parsed). 1642
targets, 44 skipped, 0 masked, 0 errors.
NOTE: Resolving any missing task queue dependencies
Build Configuration:
BB_VERSION = "2.0.0"
BUILD_SYS = "x86_64-linux"
NATIVELSBSTRING = "ubuntu-22.04"
TARGET_SYS = "x86_64-poky-linux"
MACHINE = "qemux86-64"
DISTRO = "poky"
DISTRO_VERSION = "4.0.8"
TUNE_FEATURES = "m64 core2"
TARGET_FPU = ""
meta
meta-poky
meta-yocto-bsp = "HEAD:005e7dbceb28cc9925e5756d8828c898f0761bdc"
NOTE: Fetching uninative binary shim
http://downloads.yoctoproject.org/releases/uninative/3.7/x86_64-nativesdk-libc-3.7.tar.xz;sha256sum=b110bf2e10fe420f5ca2f3ec55f048ee5f0a54c7e34856a3594e51eb2aea0570
(will check PREMIRRORS first)
Initialising tasks: 100%
|#####################################################################################################################################################################################################################################################################################|
Time: 0:00:01
Sstate summary: Wanted 186 Local 0 Mirrors 0 Missed 186 Current 0 (0%
match, 0% complete)
NOTE: Executing Tasks
WARNING: curl-native-7.82.0-r0 do_patch: Fuzz detected:
Applying patch CVE-2023-23916.patch
patching file lib/content_encoding.c
patching file lib/urldata.h
patching file tests/data/Makefile.inc
Hunk #1 succeeded at 68 with fuzz 2 (offset 2 lines).
patching file tests/data/test418
The context lines in the patches can be updated with devtool:
devtool modify curl-native
devtool finish --force-patch-refresh curl-native <layer_path>
Don't forget to review changes done by devtool!
WARNING: curl-native-7.82.0-r0 do_patch: QA Issue: Patch log indicates
that patches do not apply cleanly. [patch-fuzz]
WARNING: curl-7.82.0-r0 do_patch: Fuzz detected:
Applying patch CVE-2023-23916.patch
patching file lib/content_encoding.c
patching file lib/urldata.h
patching file tests/data/Makefile.inc
Hunk #1 succeeded at 68 with fuzz 2 (offset 2 lines).
patching file tests/data/test418
The context lines in the patches can be updated with devtool:
devtool modify curl
devtool finish --force-patch-refresh curl <layer_path>
Don't forget to review changes done by devtool!
WARNING: curl-7.82.0-r0 do_patch: QA Issue: Patch log indicates that
patches do not apply cleanly. [patch-fuzz]
NOTE: Tasks Summary: Attempted 746 tasks of which 0 didn't need to be
rerun and all succeeded.
Summary: There were 4 WARNING messages.
On Mon, Apr 3, 2023 at 7:00 AM Pawan Badganchi <badganchipv@...> wrote:
Hi Steve,
I have built with bitbake curl, it got built with no fuzz warnings.
Could you please build again. Please find the attached screenshot below.
Martin Jansa
FWIW: I was building from contrib/stable/kirkstone-nut today and I'm seeing the same as Steve:
meta = "stable/kirkstone-nut:14a050c06f25ac643582223ea29abee744cf74ea"
...
ERROR: curl-native-7.82.0-r0 do_patch: Fuzz detected:
Applying patch CVE-2023-23916.patch
patching file lib/content_encoding.c
patching file lib/urldata.h
patching file tests/data/Makefile.inc
Hunk #1 succeeded at 68 with fuzz 2 (offset 2 lines).
patching file tests/data/test418
The context lines in the patches can be updated with devtool:
devtool modify curl-native
devtool finish --force-patch-refresh curl-native <layer_path>
Don't forget to review changes done by devtool!
ERROR: curl-native-7.82.0-r0 do_patch: QA Issue: Patch log indicates that patches do not apply cleanly. [patch-fuzz]
Applying patch CVE-2023-23916.patch
patching file lib/content_encoding.c
patching file lib/urldata.h
patching file tests/data/Makefile.inc
Hunk #1 succeeded at 68 with fuzz 2 (offset 2 lines).
patching file tests/data/test418
The context lines in the patches can be updated with devtool:
devtool modify curl-native
devtool finish --force-patch-refresh curl-native <layer_path>
Don't forget to review changes done by devtool!
ERROR: curl-native-7.82.0-r0 do_patch: QA Issue: Patch log indicates that patches do not apply cleanly. [patch-fuzz]
It might be useful if you compare your local MyTopic14 with 14a050c06f25ac643582223ea29abee744cf74ea in oe-core-contrib to see the diff.
On Mon, Apr 3, 2023 at 7:45 PM Steve Sakoman <steve@...> wrote:
> Could you please build again
OK, but as expected it still fails!
steve@hexa ~/test $ git clone https://git.yoctoproject.org/poky
Cloning into 'poky'...
remote: Enumerating objects: 598292, done.
remote: Counting objects: 100% (607/607), done.
remote: Compressing objects: 100% (329/329), done.
remote: Total 598292 (delta 412), reused 338 (delta 274), pack-reused 597685
Receiving objects: 100% (598292/598292), 190.71 MiB | 11.72 MiB/s, done.
Resolving deltas: 100% (435720/435720), done.
steve@hexa ~/test $ cd poky/
steve@hexa ~/test/poky (master) $ git checkout origin/kirkstone
Note: switching to 'origin/kirkstone'.
<snip>
HEAD is now at 407c3e0237 systemd: fix wrong nobody-group assignment
steve@hexa ~/test/poky ((HEAD detached at origin/kirkstone)) $ git am
-3 ~/Downloads/meta-kirkstone-2-2-curl-Add-fix-for-CVE-2023-23916.patch
Applying: curl: Add fix for CVE-2023-23916
steve@hexa ~/test/poky ((HEAD detached from origin/kirkstone)) $
source oe-init-build-env
<snip>
steve@hexa ~/test/poky/build ((HEAD detached from origin/kirkstone)) $
bitbake curl
Loading cache: 100% |
| ETA: --:--:--
Loaded 0 entries from dependency cache.
Parsing recipes: 100%
|########################################################################################################################################################################################################################################################################################|
Time: 0:00:19
Parsing of 882 .bb files complete (0 cached, 882 parsed). 1642
targets, 44 skipped, 0 masked, 0 errors.
NOTE: Resolving any missing task queue dependencies
Build Configuration:
BB_VERSION = "2.0.0"
BUILD_SYS = "x86_64-linux"
NATIVELSBSTRING = "ubuntu-22.04"
TARGET_SYS = "x86_64-poky-linux"
MACHINE = "qemux86-64"
DISTRO = "poky"
DISTRO_VERSION = "4.0.8"
TUNE_FEATURES = "m64 core2"
TARGET_FPU = ""
meta
meta-poky
meta-yocto-bsp = "HEAD:005e7dbceb28cc9925e5756d8828c898f0761bdc"
NOTE: Fetching uninative binary shim
http://downloads.yoctoproject.org/releases/uninative/3.7/x86_64-nativesdk-libc-3.7.tar.xz;sha256sum=b110bf2e10fe420f5ca2f3ec55f048ee5f0a54c7e34856a3594e51eb2aea0570
(will check PREMIRRORS first)
Initialising tasks: 100%
|#####################################################################################################################################################################################################################################################################################|
Time: 0:00:01
Sstate summary: Wanted 186 Local 0 Mirrors 0 Missed 186 Current 0 (0%
match, 0% complete)
NOTE: Executing Tasks
WARNING: curl-native-7.82.0-r0 do_patch: Fuzz detected:
Applying patch CVE-2023-23916.patch
patching file lib/content_encoding.c
patching file lib/urldata.h
patching file tests/data/Makefile.inc
Hunk #1 succeeded at 68 with fuzz 2 (offset 2 lines).
patching file tests/data/test418
The context lines in the patches can be updated with devtool:
devtool modify curl-native
devtool finish --force-patch-refresh curl-native <layer_path>
Don't forget to review changes done by devtool!
WARNING: curl-native-7.82.0-r0 do_patch: QA Issue: Patch log indicates
that patches do not apply cleanly. [patch-fuzz]
WARNING: curl-7.82.0-r0 do_patch: Fuzz detected:
Applying patch CVE-2023-23916.patch
patching file lib/content_encoding.c
patching file lib/urldata.h
patching file tests/data/Makefile.inc
Hunk #1 succeeded at 68 with fuzz 2 (offset 2 lines).
patching file tests/data/test418
The context lines in the patches can be updated with devtool:
devtool modify curl
devtool finish --force-patch-refresh curl <layer_path>
Don't forget to review changes done by devtool!
WARNING: curl-7.82.0-r0 do_patch: QA Issue: Patch log indicates that
patches do not apply cleanly. [patch-fuzz]
NOTE: Tasks Summary: Attempted 746 tasks of which 0 didn't need to be
rerun and all succeeded.
Summary: There were 4 WARNING messages.
On Mon, Apr 3, 2023 at 7:00 AM Pawan Badganchi <badganchipv@...> wrote:
>
> Hi Steve,
> I have built with bitbake curl, it got built with no fuzz warnings.
> Could you please build again. Please find the attached screenshot below.
>
>