libproxy: upgrade 0.4.15 -> 0.4.17

(From OE-Core rev: d7626175069ab113d23fb1cbb85e665984637972) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Anuj Mittal <anuj.mittal@intel.com> 2021-01-19 14:45:37 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-01-20 22:46:17 +0000
commit: a6a49231bfbfc593506c7c3e084729130feaf9c6 (patch)
tree: 5506f601631d8045135ae278d7a832c9ca3a6a2b
parent: 464df4b87d64668137585ace234a10e5c73fa827 (diff)
download: poky-a6a49231bfbfc593506c7c3e084729130feaf9c6.tar.gz
4 files changed, 2 insertions, 197 deletions
diff --git a/meta/recipes-support/libproxy/libproxy/0001-get-pac-test-Fix-build-with-clang-libc.patch b/meta/recipes-support/libproxy/libproxy/0001-get-pac-test-Fix-build-with-clang-libc.patch
deleted file mode 100644
index fedda9dd95..0000000000
--- a/meta/recipes-support/libproxy/libproxy/0001-get-pac-test-Fix-build-with-clang-libc.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 2d73469c7a17ebfe4330ac6643b0c8abdc125d05 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 30 Jan 2019 09:29:44 -0800
-Subject: [PATCH] get-pac-test: Fix build with clang/libc++
-get-pac-test.cpp:55:10: error: assigning to 'int' from incompatible type '__bind<int &, sockaddr *, unsigned int>'
-                        ret = bind(m_sock, (sockaddr*)&addr, sizeof (struct sockaddr_in));                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Upstream-Status: Submitted [https://github.com/libproxy/libproxy/pull/97]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
- libproxy/test/get-pac-test.cpp | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/libproxy/test/get-pac-test.cpp b/libproxy/test/get-pac-test.cpp
-index 0059dfb..911f296 100644
--- a/libproxy/test/get-pac-test.cpp
-+++ b/libproxy/test/get-pac-test.cpp
-@@ -52,7 +52,7 @@ class TestServer {
- 
-                        setsockopt(m_sock, SOL_SOCKET, SO_REUSEADDR, &i, sizeof(i));
- 
-                       ret = bind(m_sock, (sockaddr*)&addr, sizeof (struct sockaddr_in));
-+                       ret = ::bind(m_sock, (sockaddr*)&addr, sizeof (struct sockaddr_in));
-                        assert(!ret);
- 
-                        ret = listen(m_sock, 1);
-- 
-2.20.1
diff --git a/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch b/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch
deleted file mode 100644
index 3ef7f85451..0000000000
--- a/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From a83dae404feac517695c23ff43ce1e116e2bfbe0 Mon Sep 17 00:00:00 2001
-From: Michael Catanzaro <mcatanzaro@gnome.org>
-Date: Wed, 9 Sep 2020 11:12:02 -0500
-Subject: [PATCH] Rewrite url::recvline to be nonrecursive
-This function processes network input. It's semi-trusted, because the
-PAC ought to be trusted. But we still shouldn't allow it to control how
-far we recurse. A malicious PAC can cause us to overflow the stack by
-sending a sufficiently-long line without any '\n' character.
-Also, this function failed to properly handle EINTR, so let's fix that
-too, for good measure.
-Fixes #134
-Upstream-Status: Backport [https://github.com/libproxy/libproxy/commit/836c10b60c65e947ff1e10eb02fbcc676d909ffa]
-CVE: CVE-2020-25219
-Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
---
- libproxy/url.cpp | 28 ++++++++++++++++++----------
- 1 file changed, 18 insertions(+), 10 deletions(-)
-diff --git a/libproxy/url.cpp b/libproxy/url.cpp
-index ee776b2..68d69cd 100644
--- a/libproxy/url.cpp
-+++ b/libproxy/url.cpp
-@@ -388,16 +388,24 @@ string url::to_string() const {
-        return m_orig;
- }
- 
-static inline string recvline(int fd) {
-       // Read a character.
-       // If we don't get a character, return empty string.
-       // If we are at the end of the line, return empty string.
-       char c = '\0';
-       
-       if (recv(fd, &c, 1, 0) != 1 || c == '\n')
-               return "";
-
-       return string(1, c) + recvline(fd);
-+static string recvline(int fd) {
-+       string line;
-+       int ret;
-+
-+       // Reserve arbitrary amount of space to avoid small memory reallocations.
-+       line.reserve(128);
-+
-+       do {
-+               char c;
-+               ret = recv(fd, &c, 1, 0);
-+               if (ret == 1) {
-+                       if (c == '\n')
-+                               return line;
-+                       line += c;
-+               }
-+       } while (ret == 1 || (ret == -1 && errno == EINTR));
-+
-+       return line;
- }
- 
- char* url::get_pac() {
diff --git a/meta/recipes-support/libproxy/libproxy/CVE-2020-26154.patch b/meta/recipes-support/libproxy/libproxy/CVE-2020-26154.patch
deleted file mode 100644
index 0ccb99da81..0000000000
--- a/meta/recipes-support/libproxy/libproxy/CVE-2020-26154.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From 4411b523545b22022b4be7d0cac25aa170ae1d3e Mon Sep 17 00:00:00 2001
-From: Fei Li <lifeibiren@gmail.com>
-Date: Fri, 17 Jul 2020 02:18:37 +0800
-Subject: [PATCH] Fix buffer overflow when PAC is enabled
-The bug was found on Windows 10 (MINGW64) when PAC is enabled. It turned
-out to be the large PAC file (more than 102400 bytes) returned by a
-local proxy program with no content-length present.
-Upstream-Status: Backport [https://github.com/libproxy/libproxy/commit/6d342b50366a048d3d543952e2be271b5742c5f8]
-CVE: CVE-2020-26154
-Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
---
- libproxy/url.cpp | 44 +++++++++++++++++++++++++++++++-------------
- 1 file changed, 31 insertions(+), 13 deletions(-)
-diff --git a/libproxy/url.cpp b/libproxy/url.cpp
-index ee776b2..8684086 100644
--- a/libproxy/url.cpp
-+++ b/libproxy/url.cpp
-@@ -54,7 +54,7 @@ using namespace std;
- #define PAC_MIME_TYPE_FB "text/plain"
- 
- // This is the maximum pac size (to avoid memory attacks)
-#define PAC_MAX_SIZE 102400
-+#define PAC_MAX_SIZE 0x800000
- // This is the default block size to use when receiving via HTTP
- #define PAC_HTTP_BLOCK_SIZE 512
- 
-@@ -478,15 +478,13 @@ char* url::get_pac() {
-                }
- 
-                // Get content
-               unsigned int recvd = 0;
-               buffer = new char[PAC_MAX_SIZE];
-               memset(buffer, 0, PAC_MAX_SIZE);
-+               std::vector<char> dynamic_buffer;
-                do {
-                        unsigned int chunk_length;
- 
-                        if (chunked) {
-                                // Discard the empty line if we received a previous chunk
-                               if (recvd > 0) recvline(sock);
-+                               if (!dynamic_buffer.empty()) recvline(sock);
- 
-                                // Get the chunk-length line as an integer
-                                if (sscanf(recvline(sock).c_str(), "%x", &chunk_length) != 1 || chunk_length == 0) break;
-@@ -498,21 +496,41 @@ char* url::get_pac() {
- 
-                        if (content_length >= PAC_MAX_SIZE) break;
- 
-                       while (content_length == 0 || recvd != content_length) {
-                               int r = recv(sock, buffer + recvd,
-                                            content_length == 0 ? PAC_HTTP_BLOCK_SIZE
-                                                                : content_length - recvd, 0);
-+                       while (content_length == 0 || dynamic_buffer.size() != content_length) {
-+                               // Calculate length to recv
-+                               unsigned int length_to_read = PAC_HTTP_BLOCK_SIZE;
-+                               if (content_length > 0)
-+                                       length_to_read = content_length - dynamic_buffer.size();
-+
-+                               // Prepare buffer
-+                               dynamic_buffer.resize(dynamic_buffer.size() + length_to_read);
-+
-+                               int r = recv(sock, dynamic_buffer.data() + dynamic_buffer.size() - length_to_read, length_to_read, 0);
-+
-+                               // Shrink buffer to fit
-+                               if (r >= 0)
-+                                       dynamic_buffer.resize(dynamic_buffer.size() - length_to_read + r);
-+
-+                               // PAC size too large, discard
-+                               if (dynamic_buffer.size() >= PAC_MAX_SIZE) {
-+                                       chunked = false;
-+                                       dynamic_buffer.clear();
-+                                       break;
-+                               }
-+
-                                if (r <= 0) {
-                                        chunked = false;
-                                        break;
-                                }
-                               recvd += r;
-                        }
-                } while (chunked);
- 
-               if (content_length != 0 && string(buffer).size() != content_length) {
-                       delete[] buffer;
-                       buffer = NULL;
-+               if (content_length == 0 || content_length == dynamic_buffer.size()) {
-+                       buffer = new char[dynamic_buffer.size() + 1];
-+                       if (!dynamic_buffer.empty()) {
-+                               memcpy(buffer, dynamic_buffer.data(), dynamic_buffer.size());
-+                       }
-+                       buffer[dynamic_buffer.size()] = '\0';
-                }
-        }
- 
diff --git a/meta/recipes-support/libproxy/libproxy_0.4.15.bb b/meta/recipes-support/libproxy/libproxy_0.4.17.bb
index 6f704d7a91..ad81cccf52 100644
--- a/meta/recipes-support/libproxy/libproxy_0.4.15.bb
+++ b/meta/recipes-support/libproxy/libproxy_0.4.17.bb
@@ -8,13 +8,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \
 DEPENDS = "glib-2.0"
-SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.xz \
+SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.xz"
-           file://0001-get-pac-test-Fix-build-with-clang-libc.patch \
+SRC_URI[sha256sum] = "bc89f842f654ee1985a31c0ba56dc7e2ce8044a0264ddca84e650f46cd7f8b05"
-           file://CVE-2020-25219.patch \
-           file://CVE-2020-26154.patch \
-          "
-SRC_URI[md5sum] = "f6b1d2a1e17a99cd3debaae6d04ab152"
-SRC_URI[sha256sum] = "654db464120c9534654590b6683c7fa3887b3dad0ca1c4cd412af24fbfca6d4f"
 UPSTREAM_CHECK_URI = "https://github.com/libproxy/libproxy/releases"
 UPSTREAM_CHECK_REGEX = "libproxy-(?P<pver>.*)\.tar"
author	Anuj Mittal <anuj.mittal@intel.com>	2021-01-19 14:45:37 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-01-20 22:46:17 +0000
commit	a6a49231bfbfc593506c7c3e084729130feaf9c6 (patch)
tree	5506f601631d8045135ae278d7a832c9ca3a6a2b
parent	464df4b87d64668137585ace234a10e5c73fa827 (diff)
download	poky-a6a49231bfbfc593506c7c3e084729130feaf9c6.tar.gz

diff --git a/meta/recipes-support/libproxy/libproxy/0001-get-pac-test-Fix-build-with-clang-libc.patch b/meta/recipes-support/libproxy/libproxy/0001-get-pac-test-Fix-build-with-clang-libc.patch deleted file mode 100644 index fedda9dd95..0000000000 --- a/meta/recipes-support/libproxy/libproxy/0001-get-pac-test-Fix-build-with-clang-libc.patch +++ /dev/null
@@ -1,31 +0,0 @@
1	From 2d73469c7a17ebfe4330ac6643b0c8abdc125d05 Mon Sep 17 00:00:00 2001
2	From: Khem Raj <raj.khem@gmail.com>
3	Date: Wed, 30 Jan 2019 09:29:44 -0800
4	Subject: [PATCH] get-pac-test: Fix build with clang/libc++
5
6	get-pac-test.cpp:55:10: error: assigning to 'int' from incompatible type '__bind<int &, sockaddr *, unsigned int>'
7	ret = bind(m_sock, (sockaddr*)&addr, sizeof (struct sockaddr_in)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
8
9	Upstream-Status: Submitted [https://github.com/libproxy/libproxy/pull/97]
10
11	Signed-off-by: Khem Raj <raj.khem@gmail.com>
12	---
13	libproxy/test/get-pac-test.cpp \| 2 +-
14	1 file changed, 1 insertion(+), 1 deletion(-)
15
16	diff --git a/libproxy/test/get-pac-test.cpp b/libproxy/test/get-pac-test.cpp
17	index 0059dfb..911f296 100644
18	--- a/libproxy/test/get-pac-test.cpp
19	+++ b/libproxy/test/get-pac-test.cpp
20	@@ -52,7 +52,7 @@ class TestServer {
21
22	setsockopt(m_sock, SOL_SOCKET, SO_REUSEADDR, &i, sizeof(i));
23
24	- ret = bind(m_sock, (sockaddr*)&addr, sizeof (struct sockaddr_in));
25	+ ret = ::bind(m_sock, (sockaddr*)&addr, sizeof (struct sockaddr_in));
26	assert(!ret);
27
28	ret = listen(m_sock, 1);
29	--
30	2.20.1
31


diff --git a/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch b/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch deleted file mode 100644 index 3ef7f85451..0000000000 --- a/meta/recipes-support/libproxy/libproxy/CVE-2020-25219.patch +++ /dev/null
@@ -1,61 +0,0 @@
1	From a83dae404feac517695c23ff43ce1e116e2bfbe0 Mon Sep 17 00:00:00 2001
2	From: Michael Catanzaro <mcatanzaro@gnome.org>
3	Date: Wed, 9 Sep 2020 11:12:02 -0500
4	Subject: [PATCH] Rewrite url::recvline to be nonrecursive
5
6	This function processes network input. It's semi-trusted, because the
7	PAC ought to be trusted. But we still shouldn't allow it to control how
8	far we recurse. A malicious PAC can cause us to overflow the stack by
9	sending a sufficiently-long line without any '\n' character.
10
11	Also, this function failed to properly handle EINTR, so let's fix that
12	too, for good measure.
13
14	Fixes #134
15
16	Upstream-Status: Backport [https://github.com/libproxy/libproxy/commit/836c10b60c65e947ff1e10eb02fbcc676d909ffa]
17	CVE: CVE-2020-25219
18	Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
19	---
20	libproxy/url.cpp \| 28 ++++++++++++++++++----------
21	1 file changed, 18 insertions(+), 10 deletions(-)
22
23	diff --git a/libproxy/url.cpp b/libproxy/url.cpp
24	index ee776b2..68d69cd 100644
25	--- a/libproxy/url.cpp
26	+++ b/libproxy/url.cpp
27	@@ -388,16 +388,24 @@ string url::to_string() const {
28	return m_orig;
29	}
30
31	-static inline string recvline(int fd) {
32	- // Read a character.
33	- // If we don't get a character, return empty string.
34	- // If we are at the end of the line, return empty string.
35	- char c = '\0';
36	-
37	- if (recv(fd, &c, 1, 0) != 1 \|\| c == '\n')
38	- return "";
39	-
40	- return string(1, c) + recvline(fd);
41	+static string recvline(int fd) {
42	+ string line;
43	+ int ret;
44	+
45	+ // Reserve arbitrary amount of space to avoid small memory reallocations.
46	+ line.reserve(128);
47	+
48	+ do {
49	+ char c;
50	+ ret = recv(fd, &c, 1, 0);
51	+ if (ret == 1) {
52	+ if (c == '\n')
53	+ return line;
54	+ line += c;
55	+ }
56	+ } while (ret == 1 \|\| (ret == -1 && errno == EINTR));
57	+
58	+ return line;
59	}
60
61	char* url::get_pac() {


diff --git a/meta/recipes-support/libproxy/libproxy/CVE-2020-26154.patch b/meta/recipes-support/libproxy/libproxy/CVE-2020-26154.patch deleted file mode 100644 index 0ccb99da81..0000000000 --- a/meta/recipes-support/libproxy/libproxy/CVE-2020-26154.patch +++ /dev/null
@@ -1,98 +0,0 @@
1	From 4411b523545b22022b4be7d0cac25aa170ae1d3e Mon Sep 17 00:00:00 2001
2	From: Fei Li <lifeibiren@gmail.com>
3	Date: Fri, 17 Jul 2020 02:18:37 +0800
4	Subject: [PATCH] Fix buffer overflow when PAC is enabled
5
6	The bug was found on Windows 10 (MINGW64) when PAC is enabled. It turned
7	out to be the large PAC file (more than 102400 bytes) returned by a
8	local proxy program with no content-length present.
9
10	Upstream-Status: Backport [https://github.com/libproxy/libproxy/commit/6d342b50366a048d3d543952e2be271b5742c5f8]
11	CVE: CVE-2020-26154
12	Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
13
14	---
15	libproxy/url.cpp \| 44 +++++++++++++++++++++++++++++++-------------
16	1 file changed, 31 insertions(+), 13 deletions(-)
17
18	diff --git a/libproxy/url.cpp b/libproxy/url.cpp
19	index ee776b2..8684086 100644
20	--- a/libproxy/url.cpp
21	+++ b/libproxy/url.cpp
22	@@ -54,7 +54,7 @@ using namespace std;
23	#define PAC_MIME_TYPE_FB "text/plain"
24
25	// This is the maximum pac size (to avoid memory attacks)
26	-#define PAC_MAX_SIZE 102400
27	+#define PAC_MAX_SIZE 0x800000
28	// This is the default block size to use when receiving via HTTP
29	#define PAC_HTTP_BLOCK_SIZE 512
30
31	@@ -478,15 +478,13 @@ char* url::get_pac() {
32	}
33
34	// Get content
35	- unsigned int recvd = 0;
36	- buffer = new char[PAC_MAX_SIZE];
37	- memset(buffer, 0, PAC_MAX_SIZE);
38	+ std::vector<char> dynamic_buffer;
39	do {
40	unsigned int chunk_length;
41
42	if (chunked) {
43	// Discard the empty line if we received a previous chunk
44	- if (recvd > 0) recvline(sock);
45	+ if (!dynamic_buffer.empty()) recvline(sock);
46
47	// Get the chunk-length line as an integer
48	if (sscanf(recvline(sock).c_str(), "%x", &chunk_length) != 1 \|\| chunk_length == 0) break;
49	@@ -498,21 +496,41 @@ char* url::get_pac() {
50
51	if (content_length >= PAC_MAX_SIZE) break;
52
53	- while (content_length == 0 \|\| recvd != content_length) {
54	- int r = recv(sock, buffer + recvd,
55	- content_length == 0 ? PAC_HTTP_BLOCK_SIZE
56	- : content_length - recvd, 0);
57	+ while (content_length == 0 \|\| dynamic_buffer.size() != content_length) {
58	+ // Calculate length to recv
59	+ unsigned int length_to_read = PAC_HTTP_BLOCK_SIZE;
60	+ if (content_length > 0)
61	+ length_to_read = content_length - dynamic_buffer.size();
62	+
63	+ // Prepare buffer
64	+ dynamic_buffer.resize(dynamic_buffer.size() + length_to_read);
65	+
66	+ int r = recv(sock, dynamic_buffer.data() + dynamic_buffer.size() - length_to_read, length_to_read, 0);
67	+
68	+ // Shrink buffer to fit
69	+ if (r >= 0)
70	+ dynamic_buffer.resize(dynamic_buffer.size() - length_to_read + r);
71	+
72	+ // PAC size too large, discard
73	+ if (dynamic_buffer.size() >= PAC_MAX_SIZE) {
74	+ chunked = false;
75	+ dynamic_buffer.clear();
76	+ break;
77	+ }
78	+
79	if (r <= 0) {
80	chunked = false;
81	break;
82	}
83	- recvd += r;
84	}
85	} while (chunked);
86
87	- if (content_length != 0 && string(buffer).size() != content_length) {
88	- delete[] buffer;
89	- buffer = NULL;
90	+ if (content_length == 0 \|\| content_length == dynamic_buffer.size()) {
91	+ buffer = new char[dynamic_buffer.size() + 1];
92	+ if (!dynamic_buffer.empty()) {
93	+ memcpy(buffer, dynamic_buffer.data(), dynamic_buffer.size());
94	+ }
95	+ buffer[dynamic_buffer.size()] = '\0';
96	}
97	}
98


diff --git a/meta/recipes-support/libproxy/libproxy_0.4.15.bb b/meta/recipes-support/libproxy/libproxy_0.4.17.bb index 6f704d7a91..ad81cccf52 100644 --- a/meta/recipes-support/libproxy/libproxy_0.4.15.bb +++ b/meta/recipes-support/libproxy/libproxy_0.4.17.bb
@@ -8,13 +8,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \
8		8
9	DEPENDS = "glib-2.0"	9	DEPENDS = "glib-2.0"
10		10
11	SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.xz \	11	SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.xz"
12	file://0001-get-pac-test-Fix-build-with-clang-libc.patch \	12	SRC_URI[sha256sum] = "bc89f842f654ee1985a31c0ba56dc7e2ce8044a0264ddca84e650f46cd7f8b05"
13	file://CVE-2020-25219.patch \
14	file://CVE-2020-26154.patch \
15	"
16	SRC_URI[md5sum] = "f6b1d2a1e17a99cd3debaae6d04ab152"
17	SRC_URI[sha256sum] = "654db464120c9534654590b6683c7fa3887b3dad0ca1c4cd412af24fbfca6d4f"
18		13
19	UPSTREAM_CHECK_URI = "https://github.com/libproxy/libproxy/releases"	14	UPSTREAM_CHECK_URI = "https://github.com/libproxy/libproxy/releases"
20	UPSTREAM_CHECK_REGEX = "libproxy-(?P<pver>.*)\.tar"	15	UPSTREAM_CHECK_REGEX = "libproxy-(?P<pver>.*)\.tar"