From ddf15f174e9d41729eec4a2a599815b0a7a31bce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= Date: Wed, 5 Jun 2024 15:46:47 +0200 Subject: [PATCH] Backport fix for CVE-2024-24806 --- 0001-Disable-failing-network-tests.patch | 42 +++++++++--- 0002-Fix-for-CVE-2024-24806.patch | 86 ++++++++++++++++++++++++ libuv.spec | 11 ++- 3 files changed, 126 insertions(+), 13 deletions(-) create mode 100644 0002-Fix-for-CVE-2024-24806.patch diff --git a/0001-Disable-failing-network-tests.patch b/0001-Disable-failing-network-tests.patch index 90fcac7..e722131 100644 --- a/0001-Disable-failing-network-tests.patch +++ b/0001-Disable-failing-network-tests.patch @@ -1,8 +1,25 @@ +From a0ea40baa41a201bd3a4777a66c7eae41d2bcbc3 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 5 Jun 2024 14:40:40 +0200 +Subject: [PATCH] Disable failing network tests + +Signed-off-by: rpm-build +--- + Makefile.am | 4 ---- + test/test-list.h | 12 ------------ + 2 files changed, 16 deletions(-) + diff --git a/Makefile.am b/Makefile.am -index 46308eaa..5a3cde05 100644 +index e8bab49..a190637 100644 --- a/Makefile.am +++ b/Makefile.am -@@ -255,7 +255,6 @@ test_run_tests_SOURCES = test/blackhole-server.c \ +@@ -250,13 +250,11 @@ test_run_tests_SOURCES = test/blackhole-server.c \ + test/test-tcp-bind-error.c \ + test/test-tcp-bind6-error.c \ + test/test-tcp-close-accept.c \ +- test/test-tcp-close-while-connecting.c \ + test/test-tcp-close.c \ + test/test-tcp-close-reset.c \ test/test-tcp-create-socket-early.c \ test/test-tcp-connect-error-after-write.c \ test/test-tcp-connect-error.c \ @@ -10,7 +27,7 @@ index 46308eaa..5a3cde05 100644 test/test-tcp-connect6-error.c \ test/test-tcp-flags.c \ test/test-tcp-open.c \ -@@ -292,8 +291,6 @@ test_run_tests_SOURCES = test/blackhole-server.c \ +@@ -293,8 +291,6 @@ test_run_tests_SOURCES = test/blackhole-server.c \ test/test-udp-mmsg.c \ test/test-udp-multicast-interface.c \ test/test-udp-multicast-interface6.c \ @@ -20,20 +37,21 @@ index 46308eaa..5a3cde05 100644 test/test-udp-open.c \ test/test-udp-options.c \ diff --git a/test/test-list.h b/test/test-list.h -index 52b17a69..89903c7e 100644 +index 7458840..5545b2e 100644 --- a/test/test-list.h +++ b/test/test-list.h -@@ -126,9 +126,6 @@ TEST_DECLARE (tcp_bind_invalid_flags) +@@ -127,10 +127,6 @@ TEST_DECLARE (tcp_bind_invalid_flags) TEST_DECLARE (tcp_bind_writable_flags) TEST_DECLARE (tcp_listen_without_bind) TEST_DECLARE (tcp_connect_error_fault) -TEST_DECLARE (tcp_connect_timeout) -TEST_DECLARE (tcp_local_connect_timeout) -TEST_DECLARE (tcp6_local_connect_timeout) - TEST_DECLARE (tcp_close_while_connecting) +-TEST_DECLARE (tcp_close_while_connecting) TEST_DECLARE (tcp_close) TEST_DECLARE (tcp_close_reset_accepted) -@@ -166,8 +163,6 @@ TEST_DECLARE (udp_send_hang_loop) + TEST_DECLARE (tcp_close_reset_accepted_after_shutdown) +@@ -167,8 +163,6 @@ TEST_DECLARE (udp_send_hang_loop) TEST_DECLARE (udp_send_immediate) TEST_DECLARE (udp_send_unreachable) TEST_DECLARE (udp_mmsg) @@ -42,17 +60,18 @@ index 52b17a69..89903c7e 100644 TEST_DECLARE (udp_multicast_ttl) TEST_DECLARE (udp_multicast_interface) TEST_DECLARE (udp_multicast_interface6) -@@ -681,9 +676,6 @@ TASK_LIST_START +@@ -692,10 +686,6 @@ TASK_LIST_START TEST_ENTRY (tcp_bind_writable_flags) TEST_ENTRY (tcp_listen_without_bind) TEST_ENTRY (tcp_connect_error_fault) - TEST_ENTRY (tcp_connect_timeout) - TEST_ENTRY (tcp_local_connect_timeout) - TEST_ENTRY (tcp6_local_connect_timeout) - TEST_ENTRY (tcp_close_while_connecting) +- TEST_ENTRY (tcp_close_while_connecting) TEST_ENTRY (tcp_close) TEST_ENTRY (tcp_close_reset_accepted) -@@ -733,8 +725,6 @@ TASK_LIST_START + TEST_ENTRY (tcp_close_reset_accepted_after_shutdown) +@@ -744,8 +734,6 @@ TASK_LIST_START TEST_ENTRY (udp_mmsg) TEST_ENTRY (udp_multicast_interface) TEST_ENTRY (udp_multicast_interface6) @@ -61,3 +80,6 @@ index 52b17a69..89903c7e 100644 TEST_ENTRY (udp_multicast_ttl) TEST_ENTRY (udp_sendmmsg_error) TEST_ENTRY (udp_try_send) +-- +2.45.1 + diff --git a/0002-Fix-for-CVE-2024-24806.patch b/0002-Fix-for-CVE-2024-24806.patch new file mode 100644 index 0000000..2f21697 --- /dev/null +++ b/0002-Fix-for-CVE-2024-24806.patch @@ -0,0 +1,86 @@ +From 2990b945015b067b3dc2ab95dde9587258552295 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 5 Jun 2024 14:46:35 +0200 +Subject: [PATCH] Fix for CVE-2024-24806 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +- fix: always zero-terminate idna output + Original-Commit: https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629 + +- fix: reject zero-length idna inputs + Original-Commit: https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70 + +- test: empty strings are not valid IDNA + Original-Commit: https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39 + +Signed-off-by: Jan Staněk +Signed-off-by: rpm-build +--- + src/idna.c | 8 ++++++-- + test/test-idna.c | 7 ++++++- + 2 files changed, 12 insertions(+), 3 deletions(-) + +diff --git a/src/idna.c b/src/idna.c +index b44cb16..abbfe87 100644 +--- a/src/idna.c ++++ b/src/idna.c +@@ -273,6 +273,9 @@ long uv__idna_toascii(const char* s, const char* se, char* d, char* de) { + char* ds; + int rc; + ++ if (s == se) ++ return UV_EINVAL; ++ + ds = d; + + si = s; +@@ -307,8 +310,9 @@ long uv__idna_toascii(const char* s, const char* se, char* d, char* de) { + return rc; + } + +- if (d < de) +- *d++ = '\0'; ++ if (d >= de) ++ return UV_EINVAL; + ++ *d++ = '\0'; + return d - ds; /* Number of bytes written. */ + } +diff --git a/test/test-idna.c b/test/test-idna.c +index f4fad96..37da38d 100644 +--- a/test/test-idna.c ++++ b/test/test-idna.c +@@ -99,6 +99,7 @@ TEST_IMPL(utf8_decode1) { + TEST_IMPL(utf8_decode1_overrun) { + const char* p; + char b[1]; ++ char c[1]; + + /* Single byte. */ + p = b; +@@ -112,6 +113,10 @@ TEST_IMPL(utf8_decode1_overrun) { + ASSERT_EQ((unsigned) -1, uv__utf8_decode1(&p, b + 1)); + ASSERT_EQ(p, b + 1); + ++ b[0] = 0x7F; ++ ASSERT_EQ(UV_EINVAL, uv__idna_toascii(b, b + 0, c, c + 1)); ++ ASSERT_EQ(UV_EINVAL, uv__idna_toascii(b, b + 1, c, c + 1)); ++ + return 0; + } + +@@ -145,8 +150,8 @@ TEST_IMPL(idna_toascii) { + /* Illegal inputs. */ + F("\xC0\x80\xC1\x80", UV_EINVAL); /* Overlong UTF-8 sequence. */ + F("\xC0\x80\xC1\x80.com", UV_EINVAL); /* Overlong UTF-8 sequence. */ ++ F("", UV_EINVAL); + /* No conversion. */ +- T("", ""); + T(".", "."); + T(".com", ".com"); + T("example", "example"); +-- +2.45.1 + diff --git a/libuv.spec b/libuv.spec index f8b3965..2e4a897 100644 --- a/libuv.spec +++ b/libuv.spec @@ -6,7 +6,7 @@ Name: libuv Epoch: 1 Version: 1.41.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: libuv is a multi-platform support library with a focus on asynchronous I/O. # the licensing breakdown is described in detail in the LICENSE file @@ -17,14 +17,15 @@ Source2: %{name}.pc.in Source3: libuv.abignore BuildRequires: autoconf automake libtool -BuildRequires: gcc +BuildRequires: gcc make %if %{with tests} # don't remove network tests %else # -- Patches -- # -Patch1: 0001-Disable-failing-network-tests.patch +Patch0001: 0001-Disable-failing-network-tests.patch %endif +Patch0002: 0002-Fix-for-CVE-2024-24806.patch %description libuv is a multi-platform support library with a focus on asynchronous I/O @@ -86,6 +87,10 @@ make check %{_libdir}/%{name}.a %changelog +* Wed Jun 05 2024 Jan Staněk - 1:1.41.1-2 +- Backport fixes for CVE-2024-24806 + Resolves: RHEL-24790 + * Mon Jul 12 2021 Zuzana Svetlikova - 1:1.41.1-1 - Rebase to 1.41.1 - Change description to reflect upstream