diff options
author | Sakib Sajal <sakib.sajal@windriver.com> | 2021-07-30 15:54:39 -0400 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-08-06 09:59:14 +0100 |
commit | a21c4c48b84a01453c252ab19b9d50ad257f348f (patch) | |
tree | 04955d9148b511df2d387162303f222ea90a34dc /meta/recipes-devtools | |
parent | ad768575b136ace44690145c2ec2a0b9551b1d48 (diff) | |
download | poky-a21c4c48b84a01453c252ab19b9d50ad257f348f.tar.gz |
go: fix CVE-2020-29509, CVE-2020-29511
Backport patch to fix CVE-2020-29509, CVE-2020-29511
(From OE-Core rev: db6dc9aa669d1f41fb52685754c07fe5c9feec86)
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools')
-rw-r--r-- | meta/recipes-devtools/go/go-1.16.5.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/go/go-1.16/0001-encoding-xml-handle-leading-trailing-or-double-colon.patch | 123 |
2 files changed, 124 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.16.5.inc b/meta/recipes-devtools/go/go-1.16.5.inc index bd928e44f8..b693315917 100644 --- a/meta/recipes-devtools/go/go-1.16.5.inc +++ b/meta/recipes-devtools/go/go-1.16.5.inc | |||
@@ -16,5 +16,6 @@ SRC_URI += "\ | |||
16 | file://0007-cmd-go-make-GOROOT-precious-by-default.patch \ | 16 | file://0007-cmd-go-make-GOROOT-precious-by-default.patch \ |
17 | file://0008-use-GOBUILDMODE-to-set-buildmode.patch \ | 17 | file://0008-use-GOBUILDMODE-to-set-buildmode.patch \ |
18 | file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \ | 18 | file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \ |
19 | file://0001-encoding-xml-handle-leading-trailing-or-double-colon.patch \ | ||
19 | " | 20 | " |
20 | SRC_URI[main.sha256sum] = "7bfa7e5908c7cc9e75da5ddf3066d7cbcf3fd9fa51945851325eebc17f50ba80" | 21 | SRC_URI[main.sha256sum] = "7bfa7e5908c7cc9e75da5ddf3066d7cbcf3fd9fa51945851325eebc17f50ba80" |
diff --git a/meta/recipes-devtools/go/go-1.16/0001-encoding-xml-handle-leading-trailing-or-double-colon.patch b/meta/recipes-devtools/go/go-1.16/0001-encoding-xml-handle-leading-trailing-or-double-colon.patch new file mode 100644 index 0000000000..3c47157d1a --- /dev/null +++ b/meta/recipes-devtools/go/go-1.16/0001-encoding-xml-handle-leading-trailing-or-double-colon.patch | |||
@@ -0,0 +1,123 @@ | |||
1 | From 4d014e723165f28b34458edb4aa9136e0fb4c702 Mon Sep 17 00:00:00 2001 | ||
2 | From: Filippo Valsorda <filippo@golang.org> | ||
3 | Date: Tue, 27 Oct 2020 00:17:15 +0100 | ||
4 | Subject: [PATCH] encoding/xml: handle leading, trailing, or double colons in | ||
5 | names | ||
6 | |||
7 | Before this change, <:name> would parse as <name>, which could cause | ||
8 | issues in applications that rely on the parse-encode cycle to | ||
9 | round-trip. Similarly, <x name:=""> would parse as expected but then | ||
10 | have the attribute dropped when serializing because its name was empty. | ||
11 | Finally, <a:b:c> would parse and get serialized incorrectly. All these | ||
12 | values are invalid XML, but to minimize the impact of this change, we | ||
13 | parse them whole into Name.Local. | ||
14 | |||
15 | This issue was reported by Juho Nurminen of Mattermost as it leads to | ||
16 | round-trip mismatches. See #43168. It's not being fixed in a security | ||
17 | release because round-trip stability is not a currently supported | ||
18 | security property of encoding/xml, and we don't believe these fixes | ||
19 | would be sufficient to reliably guarantee it in the future. | ||
20 | |||
21 | Fixes CVE-2020-29509 | ||
22 | Fixes CVE-2020-29511 | ||
23 | Updates #43168 | ||
24 | |||
25 | Change-Id: I68321c4d867305046f664347192948a889af3c7f | ||
26 | Reviewed-on: https://go-review.googlesource.com/c/go/+/277892 | ||
27 | Run-TryBot: Filippo Valsorda <filippo@golang.org> | ||
28 | TryBot-Result: Go Bot <gobot@golang.org> | ||
29 | Trust: Filippo Valsorda <filippo@golang.org> | ||
30 | Reviewed-by: Katie Hockman <katie@golang.org> | ||
31 | |||
32 | CVE: CVE-2020-29509 CVE-2020-29511 | ||
33 | Upstream-Status: Backport [4d014e723165f28b34458edb4aa9136e0fb4c702] | ||
34 | |||
35 | Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> | ||
36 | --- | ||
37 | src/encoding/xml/xml.go | 5 ++-- | ||
38 | src/encoding/xml/xml_test.go | 56 ++++++++++++++++++++++++++++++++++++ | ||
39 | 2 files changed, 59 insertions(+), 2 deletions(-) | ||
40 | |||
41 | diff --git a/src/encoding/xml/xml.go b/src/encoding/xml/xml.go | ||
42 | index 384d6ad4b8..c902f1295a 100644 | ||
43 | --- a/src/encoding/xml/xml.go | ||
44 | +++ b/src/encoding/xml/xml.go | ||
45 | @@ -1156,8 +1156,9 @@ func (d *Decoder) nsname() (name Name, ok bool) { | ||
46 | if !ok { | ||
47 | return | ||
48 | } | ||
49 | - i := strings.Index(s, ":") | ||
50 | - if i < 0 { | ||
51 | + if strings.Count(s, ":") > 1 { | ||
52 | + name.Local = s | ||
53 | + } else if i := strings.Index(s, ":"); i < 1 || i > len(s)-2 { | ||
54 | name.Local = s | ||
55 | } else { | ||
56 | name.Space = s[0:i] | ||
57 | diff --git a/src/encoding/xml/xml_test.go b/src/encoding/xml/xml_test.go | ||
58 | index 5a10f5309d..47d0c39167 100644 | ||
59 | --- a/src/encoding/xml/xml_test.go | ||
60 | +++ b/src/encoding/xml/xml_test.go | ||
61 | @@ -1003,3 +1003,59 @@ func TestTokenUnmarshaler(t *testing.T) { | ||
62 | d := NewTokenDecoder(tokReader{}) | ||
63 | d.Decode(&Failure{}) | ||
64 | } | ||
65 | + | ||
66 | +func testRoundTrip(t *testing.T, input string) { | ||
67 | + d := NewDecoder(strings.NewReader(input)) | ||
68 | + var tokens []Token | ||
69 | + var buf bytes.Buffer | ||
70 | + e := NewEncoder(&buf) | ||
71 | + for { | ||
72 | + tok, err := d.Token() | ||
73 | + if err == io.EOF { | ||
74 | + break | ||
75 | + } | ||
76 | + if err != nil { | ||
77 | + t.Fatalf("invalid input: %v", err) | ||
78 | + } | ||
79 | + if err := e.EncodeToken(tok); err != nil { | ||
80 | + t.Fatalf("failed to re-encode input: %v", err) | ||
81 | + } | ||
82 | + tokens = append(tokens, CopyToken(tok)) | ||
83 | + } | ||
84 | + if err := e.Flush(); err != nil { | ||
85 | + t.Fatal(err) | ||
86 | + } | ||
87 | + | ||
88 | + d = NewDecoder(&buf) | ||
89 | + for { | ||
90 | + tok, err := d.Token() | ||
91 | + if err == io.EOF { | ||
92 | + break | ||
93 | + } | ||
94 | + if err != nil { | ||
95 | + t.Fatalf("failed to decode output: %v", err) | ||
96 | + } | ||
97 | + if len(tokens) == 0 { | ||
98 | + t.Fatalf("unexpected token: %#v", tok) | ||
99 | + } | ||
100 | + a, b := tokens[0], tok | ||
101 | + if !reflect.DeepEqual(a, b) { | ||
102 | + t.Fatalf("token mismatch: %#v vs %#v", a, b) | ||
103 | + } | ||
104 | + tokens = tokens[1:] | ||
105 | + } | ||
106 | + if len(tokens) > 0 { | ||
107 | + t.Fatalf("lost tokens: %#v", tokens) | ||
108 | + } | ||
109 | +} | ||
110 | + | ||
111 | +func TestRoundTrip(t *testing.T) { | ||
112 | + tests := map[string]string{ | ||
113 | + "leading colon": `<::Test ::foo="bar"><:::Hello></:::Hello><Hello></Hello></::Test>`, | ||
114 | + "trailing colon": `<foo abc:="x"></foo>`, | ||
115 | + "double colon": `<x:y:foo></x:y:foo>`, | ||
116 | + } | ||
117 | + for name, input := range tests { | ||
118 | + t.Run(name, func(t *testing.T) { testRoundTrip(t, input) }) | ||
119 | + } | ||
120 | +} | ||
121 | -- | ||
122 | 2.25.1 | ||
123 | |||