!139 fix-CVE-2024-28176

From: @duyiwei7w Reviewed-by: @jianli-97 Signed-off-by: @jianli-97
2025-01-15 09:37:27 +00:00 · 2025-01-15 09:37:27 +00:00 · 4ecb889167
commit 4ecb889167
parent 535eda0c6f d7d212fef8
2 changed files with 356 additions and 1 deletions
--- a/0009-fix-CVE-2024-28176.patch
+++ b/0009-fix-CVE-2024-28176.patch
@ -0,0 +1,350 @@
+From b29db6d46b82a782641ed0016ccf53304529afb1 Mon Sep 17 00:00:00 2001
+From: duyiwei <duyiwei@kylinos.cn>
+Date: Wed, 15 Jan 2025 16:46:47 +0800
+Subject: [PATCH] fix CVE-2024-28176
+
+Signed-off-by: duyiwei <duyiwei@kylinos.cn>
+---
+ go.mod                                        |   2 +-
+ go.sum                                        |   4 +-
+ .../gopkg.in/go-jose/go-jose.v2/CHANGELOG.md  |  84 +++++++++++++
+ vendor/gopkg.in/go-jose/go-jose.v2/README.md  | 118 ------------------
+ .../gopkg.in/go-jose/go-jose.v2/asymmetric.go |   3 +
+ vendor/gopkg.in/go-jose/go-jose.v2/crypter.go |   6 +
+ .../gopkg.in/go-jose/go-jose.v2/encoding.go   |   2 +-
+ .../gopkg.in/go-jose/go-jose.v2/symmetric.go  |   5 +
+ vendor/modules.txt                            |   2 +-
+ 9 files changed, 103 insertions(+), 123 deletions(-)
+ create mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/CHANGELOG.md
+ delete mode 100644 vendor/gopkg.in/go-jose/go-jose.v2/README.md
+
+diff --git a/go.mod b/go.mod
+index 4030f24..94524d8 100644
+--- a/go.mod
+++ b/go.mod
+@@ -212,7 +212,7 @@ require (
+ 	google.golang.org/appengine v1.6.8 // indirect
+ 	google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13 // indirect
+ 	google.golang.org/grpc v1.58.3 // indirect
+-	gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect
+	gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect
+ 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
+ 	gopkg.in/yaml.v2 v2.4.0 // indirect
+ 	tags.cncf.io/container-device-interface/specs-go v0.6.0 // indirect
+diff --git a/go.sum b/go.sum
+index 68a83cf..47153a8 100644
+--- a/go.sum
+++ b/go.sum
+@@ -1563,8 +1563,8 @@ gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qS
+ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+ gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
+ gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
+-gopkg.in/go-jose/go-jose.v2 v2.6.1 h1:qEzJlIDmG9q5VO0M/o8tGS65QMHMS1w01TQJB1VPJ4U=
+-gopkg.in/go-jose/go-jose.v2 v2.6.1/go.mod h1:zzZDPkNNw/c9IE7Z9jr11mBZQhKQTMzoEEIoEdZlFBI=
+gopkg.in/go-jose/go-jose.v2 v2.6.3 h1:nt80fvSDlhKWQgSWyHyy5CfmlQr+asih51R8PTWNKKs=
+gopkg.in/go-jose/go-jose.v2 v2.6.3/go.mod h1:zzZDPkNNw/c9IE7Z9jr11mBZQhKQTMzoEEIoEdZlFBI=
+ gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
+ gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+ gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
+diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/CHANGELOG.md b/vendor/gopkg.in/go-jose/go-jose.v2/CHANGELOG.md
+new file mode 100644
+index 0000000..c77b25c
+--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/CHANGELOG.md
+@@ -0,0 +1,84 @@
+# v4.0.1
+
+## Fixed
+
+ - An attacker could send a JWE containing compressed data that used large
+   amounts of memory and CPU when decompressed by `Decrypt` or `DecryptMulti`.
+   Those functions now return an error if the decompressed data would exceed
+   250kB or 10x the compressed size (whichever is larger). Thanks to
+   Enze Wang@Alioth and Jianjun Chen@Zhongguancun Lab (@zer0yu and @chenjj)
+   for reporting.
+
+# v4.0.0
+
+This release makes some breaking changes in order to more thoroughly
+address the vulnerabilities discussed in [Three New Attacks Against JSON Web
+Tokens][1], "Sign/encrypt confusion", "Billion hash attack", and "Polyglot
+token".
+
+## Changed
+
+ - Limit JWT encryption types (exclude password or public key types) (#78)
+ - Enforce minimum length for HMAC keys (#85)
+ - jwt: match any audience in a list, rather than requiring all audiences (#81)
+ - jwt: accept only Compact Serialization (#75)
+ - jws: Add expected algorithms for signatures (#74)
+ - Require specifying expected algorithms for ParseEncrypted,
+   ParseSigned, ParseDetached, jwt.ParseEncrypted, jwt.ParseSigned,
+   jwt.ParseSignedAndEncrypted (#69, #74)
+   - Usually there is a small, known set of appropriate algorithms for a program
+     to use and it's a mistake to allow unexpected algorithms. For instance the
+     "billion hash attack" relies in part on programs accepting the PBES2
+     encryption algorithm and doing the necessary work even if they weren't
+     specifically configured to allow PBES2.
+ - Revert "Strip padding off base64 strings" (#82)
+  - The specs require base64url encoding without padding.
+ - Minimum supported Go version is now 1.21
+
+## Added
+
+ - ParseSignedCompact, ParseSignedJSON, ParseEncryptedCompact, ParseEncryptedJSON.
+   - These allow parsing a specific serialization, as opposed to ParseSigned and
+     ParseEncrypted, which try to automatically detect which serialization was
+     provided. It's common to require a specific serialization for a specific
+     protocol - for instance JWT requires Compact serialization.
+
+[1]: https://i.blackhat.com/BH-US-23/Presentations/US-23-Tervoort-Three-New-Attacks-Against-JSON-Web-Tokens.pdf
+
+# v3.0.3
+
+## Fixed
+
+ - Limit decompression output size to prevent a DoS. Backport from v4.0.1.
+
+# v3.0.2
+
+## Fixed
+
+ - DecryptMulti: handle decompression error (#19)
+
+## Changed
+
+ - jwe/CompactSerialize: improve performance (#67)
+ - Increase the default number of PBKDF2 iterations to 600k (#48)
+ - Return the proper algorithm for ECDSA keys (#45)
+
+## Added
+
+ - Add Thumbprint support for opaque signers (#38)
+
+# v3.0.1
+
+## Fixed
+
+ - Security issue: an attacker specifying a large "p2c" value can cause
+   JSONWebEncryption.Decrypt and JSONWebEncryption.DecryptMulti to consume large
+   amounts of CPU, causing a DoS. Thanks to Matt Schwager (@mschwager) for the
+   disclosure and to Tom Tervoort for originally publishing the category of attack.
+   https://i.blackhat.com/BH-US-23/Presentations/US-23-Tervoort-Three-New-Attacks-Against-JSON-Web-Tokens.pdf
+
+# v2.6.3
+
+## Fixed
+
+ - Limit decompression output size to prevent a DoS. Backport from v4.0.1.
+\ No newline at end of file
+diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/README.md b/vendor/gopkg.in/go-jose/go-jose.v2/README.md
+deleted file mode 100644
+index 46b02d6..0000000
+--- a/vendor/gopkg.in/go-jose/go-jose.v2/README.md
+++ /dev/null
+@@ -1,118 +0,0 @@
+-# Go JOSE 
+-
+-[![godoc](http://img.shields.io/badge/godoc-version_1-blue.svg?style=flat)](https://godoc.org/gopkg.in/go-jose/go-jose.v1)
+-[![godoc](http://img.shields.io/badge/godoc-version_2-blue.svg?style=flat)](https://godoc.org/gopkg.in/go-jose/go-jose.v2)
+-[![license](http://img.shields.io/badge/license-apache_2.0-blue.svg?style=flat)](https://raw.githubusercontent.com/go-jose/go-jose/master/LICENSE)
+-[![build](https://travis-ci.org/go-jose/go-jose.svg?branch=v2)](https://travis-ci.org/go-jose/go-jose)
+-[![coverage](https://coveralls.io/repos/github/go-jose/go-jose/badge.svg?branch=v2)](https://coveralls.io/r/go-jose/go-jose)
+-
+-Package jose aims to provide an implementation of the Javascript Object Signing
+-and Encryption set of standards. This includes support for JSON Web Encryption,
+-JSON Web Signature, and JSON Web Token standards.
+-
+-**Disclaimer**: This library contains encryption software that is subject to
+-the U.S. Export Administration Regulations. You may not export, re-export,
+-transfer or download this code or any part of it in violation of any United
+-States law, directive or regulation. In particular this software may not be
+-exported or re-exported in any form or on any media to Iran, North Sudan,
+-Syria, Cuba, or North Korea, or to denied persons or entities mentioned on any
+-US maintained blocked list.
+-
+-## Overview
+-
+-The implementation follows the
+-[JSON Web Encryption](http://dx.doi.org/10.17487/RFC7516) (RFC 7516),
+-[JSON Web Signature](http://dx.doi.org/10.17487/RFC7515) (RFC 7515), and
+-[JSON Web Token](http://dx.doi.org/10.17487/RFC7519) (RFC 7519).
+-Tables of supported algorithms are shown below. The library supports both
+-the compact and full serialization formats, and has optional support for
+-multiple recipients. It also comes with a small command-line utility
+-([`jose-util`](https://github.com/go-jose/go-jose/tree/v2/jose-util))
+-for dealing with JOSE messages in a shell.
+-
+-**Note**: We use a forked version of the `encoding/json` package from the Go
+-standard library which uses case-sensitive matching for member names (instead
+-of [case-insensitive matching](https://www.ietf.org/mail-archive/web/json/current/msg03763.html)).
+-This is to avoid differences in interpretation of messages between go-jose and
+-libraries in other languages.
+-
+-### Versions
+-
+-We use [gopkg.in](https://gopkg.in) for versioning.
+-
+-[Version 2](https://gopkg.in/go-jose/go-jose.v2)
+-([branch](https://github.com/go-jose/go-jose/tree/v2),
+-[doc](https://godoc.org/gopkg.in/go-jose/go-jose.v2)) is the current version:
+-
+-    import "gopkg.in/go-jose/go-jose.v2"
+-
+-The old `v1` branch ([go-jose.v1](https://gopkg.in/go-jose/go-jose.v1)) will
+-still receive backported bug fixes and security fixes, but otherwise
+-development is frozen. All new feature development takes place on the `v2`
+-branch. Version 2 also contains additional sub-packages such as the
+-[jwt](https://godoc.org/gopkg.in/go-jose/go-jose.v2/jwt) implementation
+-contributed by [@shaxbee](https://github.com/shaxbee).
+-
+-### Supported algorithms
+-
+-See below for a table of supported algorithms. Algorithm identifiers match
+-the names in the [JSON Web Algorithms](http://dx.doi.org/10.17487/RFC7518)
+-standard where possible. The Godoc reference has a list of constants.
+-
+- Key encryption             | Algorithm identifier(s)
+- :------------------------- | :------------------------------
+- RSA-PKCS#1v1.5             | RSA1_5
+- RSA-OAEP                   | RSA-OAEP, RSA-OAEP-256
+- AES key wrap               | A128KW, A192KW, A256KW
+- AES-GCM key wrap           | A128GCMKW, A192GCMKW, A256GCMKW
+- ECDH-ES + AES key wrap     | ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW
+- ECDH-ES (direct)           | ECDH-ES<sup>1</sup>
+- Direct encryption          | dir<sup>1</sup>
+-
+-<sup>1. Not supported in multi-recipient mode</sup>
+-
+- Signing / MAC              | Algorithm identifier(s)
+- :------------------------- | :------------------------------
+- RSASSA-PKCS#1v1.5          | RS256, RS384, RS512
+- RSASSA-PSS                 | PS256, PS384, PS512
+- HMAC                       | HS256, HS384, HS512
+- ECDSA                      | ES256, ES384, ES512
+- Ed25519                    | EdDSA<sup>2</sup>
+-
+-<sup>2. Only available in version 2 of the package</sup>
+-
+- Content encryption         | Algorithm identifier(s)
+- :------------------------- | :------------------------------
+- AES-CBC+HMAC               | A128CBC-HS256, A192CBC-HS384, A256CBC-HS512
+- AES-GCM                    | A128GCM, A192GCM, A256GCM 
+-
+- Compression                | Algorithm identifiers(s)
+- :------------------------- | -------------------------------
+- DEFLATE (RFC 1951)         | DEF
+-
+-### Supported key types
+-
+-See below for a table of supported key types. These are understood by the
+-library, and can be passed to corresponding functions such as `NewEncrypter` or
+-`NewSigner`. Each of these keys can also be wrapped in a JWK if desired, which
+-allows attaching a key id.
+-
+- Algorithm(s)               | Corresponding types
+- :------------------------- | -------------------------------
+- RSA                        | *[rsa.PublicKey](http://golang.org/pkg/crypto/rsa/#PublicKey), *[rsa.PrivateKey](http://golang.org/pkg/crypto/rsa/#PrivateKey)
+- ECDH, ECDSA                | *[ecdsa.PublicKey](http://golang.org/pkg/crypto/ecdsa/#PublicKey), *[ecdsa.PrivateKey](http://golang.org/pkg/crypto/ecdsa/#PrivateKey)
+- EdDSA<sup>1</sup>          | [ed25519.PublicKey](https://godoc.org/golang.org/x/crypto/ed25519#PublicKey), [ed25519.PrivateKey](https://godoc.org/golang.org/x/crypto/ed25519#PrivateKey)
+- AES, HMAC                  | []byte
+-
+-<sup>1. Only available in version 2 of the package</sup>
+-
+-## Examples
+-
+-[![godoc](http://img.shields.io/badge/godoc-version_1-blue.svg?style=flat)](https://godoc.org/gopkg.in/go-jose/go-jose.v1)
+-[![godoc](http://img.shields.io/badge/godoc-version_2-blue.svg?style=flat)](https://godoc.org/gopkg.in/go-jose/go-jose.v2)
+-
+-Examples can be found in the Godoc
+-reference for this package. The
+-[`jose-util`](https://github.com/go-jose/go-jose/tree/v2/jose-util)
+-subdirectory also contains a small command-line utility which might be useful
+-as an example.
+diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/asymmetric.go b/vendor/gopkg.in/go-jose/go-jose.v2/asymmetric.go
+index 3ca79cc..43f9ce2 100644
+--- a/vendor/gopkg.in/go-jose/go-jose.v2/asymmetric.go
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/asymmetric.go
+@@ -285,6 +285,9 @@ func (ctx rsaDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm
+ 
+ 	switch alg {
+ 	case RS256, RS384, RS512:
+		// TODO(https://github.com/go-jose/go-jose/issues/40): As of go1.20, the
+		// random parameter is legacy and ignored, and it can be nil.
+		// https://cs.opensource.google/go/go/+/refs/tags/go1.20:src/crypto/rsa/pkcs1v15.go;l=263;bpv=0;bpt=1
+ 		out, err = rsa.SignPKCS1v15(RandReader, ctx.privateKey, hash, hashed)
+ 	case PS256, PS384, PS512:
+ 		out, err = rsa.SignPSS(RandReader, ctx.privateKey, hash, hashed, &rsa.PSSOptions{
+diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/crypter.go b/vendor/gopkg.in/go-jose/go-jose.v2/crypter.go
+index 73aab0f..0ae2e5e 100644
+--- a/vendor/gopkg.in/go-jose/go-jose.v2/crypter.go
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/crypter.go
+@@ -406,6 +406,9 @@ func (ctx *genericEncrypter) Options() EncrypterOptions {
+ // Decrypt and validate the object and return the plaintext. Note that this
+ // function does not support multi-recipient, if you desire multi-recipient
+ // decryption use DecryptMulti instead.
+//
+// Automatically decompresses plaintext, but returns an error if the decompressed
+// data would be >250kB or >10x the size of the compressed data, whichever is larger.
+ func (obj JSONWebEncryption) Decrypt(decryptionKey interface{}) ([]byte, error) {
+ 	headers := obj.mergedHeaders(nil)
+ 
+@@ -470,6 +473,9 @@ func (obj JSONWebEncryption) Decrypt(decryptionKey interface{}) ([]byte, error)
+ // with support for multiple recipients. It returns the index of the recipient
+ // for which the decryption was successful, the merged headers for that recipient,
+ // and the plaintext.
+//
+// Automatically decompresses plaintext, but returns an error if the decompressed
+// data would be >250kB or >3x the size of the compressed data, whichever is larger.
+ func (obj JSONWebEncryption) DecryptMulti(decryptionKey interface{}) (int, Header, []byte, error) {
+ 	globalHeaders := obj.mergedHeaders(nil)
+ 
+diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/encoding.go b/vendor/gopkg.in/go-jose/go-jose.v2/encoding.go
+index 9111733..636f6c8 100644
+--- a/vendor/gopkg.in/go-jose/go-jose.v2/encoding.go
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/encoding.go
+@@ -21,11 +21,11 @@ import (
+ 	"compress/flate"
+ 	"encoding/base64"
+ 	"encoding/binary"
+	"fmt"
+ 	"io"
+ 	"math/big"
+ 	"strings"
+ 	"unicode"
+-	"fmt"
+ 
+ 	"gopkg.in/go-jose/go-jose.v2/json"
+ )
+diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/symmetric.go b/vendor/gopkg.in/go-jose/go-jose.v2/symmetric.go
+index 2b8076f..52c8b62 100644
+--- a/vendor/gopkg.in/go-jose/go-jose.v2/symmetric.go
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/symmetric.go
+@@ -402,6 +402,11 @@ func (ctx *symmetricKeyCipher) decryptKey(headers rawHeader, recipient *recipien
+ 		if p2c <= 0 {
+ 			return nil, fmt.Errorf("go-jose/go-jose: invalid P2C: must be a positive integer")
+ 		}
+		if p2c > 1000000 {
+			// An unauthenticated attacker can set a high P2C value. Set an upper limit to avoid
+			// DoS attacks.
+			return nil, fmt.Errorf("go-jose/go-jose: invalid P2C: too high")
+		}
+ 
+ 		// salt is UTF8(Alg) || 0x00 || Salt Input
+ 		alg := headers.getAlgorithm()
+diff --git a/vendor/modules.txt b/vendor/modules.txt
+index 79b643e..a80fb52 100644
+--- a/vendor/modules.txt
+++ b/vendor/modules.txt
+@@ -1345,7 +1345,7 @@ google.golang.org/protobuf/types/gofeaturespb
+ google.golang.org/protobuf/types/known/anypb
+ google.golang.org/protobuf/types/known/durationpb
+ google.golang.org/protobuf/types/known/timestamppb
+-# gopkg.in/go-jose/go-jose.v2 v2.6.1
+# gopkg.in/go-jose/go-jose.v2 v2.6.3
+ ## explicit
+ gopkg.in/go-jose/go-jose.v2
+ gopkg.in/go-jose/go-jose.v2/cipher
+-- 
+2.33.0
+
--- a/podman.spec
+++ b/podman.spec
@ -2,7 +2,7 @@

 Name:          podman
 Version:       4.9.4
-Release:       13
+Release:       14
 Summary:       A tool for managing OCI containers and pods.
 Epoch:         1
 License:       Apache-2.0 and MIT
@ -20,6 +20,7 @@ Patch0005:    0005-fix-CVE-2024-28180.patch
 Patch0006:    0006-fix-CVE-2024-9676-CVE-2024-9675-CVE-2024-9407-CVE-2024-9341.patch
 Patch0007:    0007-fix-CVE-2024-37298.patch
 Patch0008:    0008-fix-CVE-2024-6104.patch
+Patch0009:    0009-fix-CVE-2024-28176.patch

 BuildRequires: gcc golang btrfs-progs-devel glib2-devel glibc-devel glibc-static
 BuildRequires: gpgme-devel libassuan-devel libgpg-error-devel libseccomp-devel libselinux-devel
@ -138,6 +139,7 @@ tar zxf %{SOURCE3}
 %patch0006 -p1
 %patch0007 -p1
 %patch0008 -p1
+%patch0009 -p1

 %ifarch loongarch64
 cd dnsname-18822f9a4fb35d1349eb256f4cd2bfd372474d84
@ -312,6 +314,9 @@ cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/
 %{_bindir}/%{name}sh

 %changelog
+* Wed Jan 15 2025 duyiwei <duyiwei@kylinos.cn> - 1:4.9.4-14
+- fix-CVE-2024-28176
+
 * Tue Jan 14 2025 duyiwei <duyiwei@kylinos.cn> - 1:4.9.4-13
 - fix-CVE-2024-6104