[Buildroot] [PATCH 1/2] package/ofono: mark CPE as valid

[Buildroot] [PATCH 1/2] package/ofono: mark CPE as valid

[Titouan Christophe via buildroot]

The default ofono_project:ofono is a valid CPE, see
https://nvd.nist.gov/products/cpe/detail/734A0A32-DA21-49B8-86BD-1A60C7CDF864

Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
---
 package/ofono/ofono.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package/ofono/ofono.mk b/package/ofono/ofono.mk
index 1ff43092c4..ba0846e823 100644
--- a/package/ofono/ofono.mk
+++ b/package/ofono/ofono.mk
@@ -9,6 +9,7 @@ OFONO_SOURCE = ofono-$(OFONO_VERSION).tar.xz
 OFONO_SITE = $(BR2_KERNEL_MIRROR)/linux/network/ofono
 OFONO_LICENSE = GPL-2.0
 OFONO_LICENSE_FILES = COPYING
+OFONO_CPE_ID_VALID = YES
 OFONO_DEPENDENCIES = \
 	host-pkgconf \
 	dbus \
-- 
2.50.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

[Buildroot] [PATCH 2/2] package/ofono: security bump to v2.18

[Titouan Christophe via buildroot]

This fixes the following vulnerabilities:

- CVE-2023-2794:
    A flaw was found in ofono, an Open Source Telephony on Linux. A stack
    overflow bug is triggered within the decode_deliver() function during
    the SMS decoding. It is assumed that the attack scenario is accessible
    from a compromised modem, a malicious base station, or just SMS. There
    is a bound check for this memcpy length in decode_submit(), but it was
    forgotten in decode_deliver().
    https://www.cve.org/CVERecord?id=CVE-2023-2794

- CVE-2024-7537:
    oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure
    Vulnerability. This vulnerability allows local attackers to disclose
    sensitive information on affected installations of oFono.
    Authentication is not required to exploit this vulnerability.  The
    specific flaw exists within the processing of SMS message lists. The
    issue results from the lack of proper validation of user-supplied
    data, which can result in a read past the end of an allocated buffer.
    An attacker can leverage this in conjunction with other
    vulnerabilities to execute arbitrary code in the context of root. Was
    ZDI-CAN-23157.
    https://www.cve.org/CVERecord?id=CVE-2024-7537

- CVE-2024-7539:
    oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability.
    This vulnerability allows local attackers to execute arbitrary code on
    affected installations of oFono. An attacker must first obtain the
    ability to execute code on the target modem in order to exploit this
    vulnerability.  The specific flaw exists within the parsing of
    responses from AT+CUSD commands. The issue results from the lack of
    proper validation of the length of user-supplied data prior to copying
    it to a stack-based buffer. An attacker can leverage this
    vulnerability to execute code in the context of root. Was ZDI-
    CAN-23195.
    https://www.cve.org/CVERecord?id=CVE-2024-7539

- CVE-2024-7540:
    oFono AT CMGL Command Uninitialized Variable Information Disclosure
    Vulnerability. This vulnerability allows local attackers to disclose
    sensitive information on affected installations of oFono. An attacker
    must first obtain the ability to execute code on the target modem in
    order to exploit this vulnerability.  The specific flaw exists within
    the parsing of responses from AT+CMGL commands. The issue results from
    the lack of proper initialization of memory prior to accessing it. An
    attacker can leverage this in conjunction with other vulnerabilities
    to execute arbitrary code in the context of root. Was ZDI-CAN-23307.
    https://www.cve.org/CVERecord?id=CVE-2024-7540

- CVE-2024-7541:
    oFono AT CMT Command Uninitialized Variable Information Disclosure
    Vulnerability. This vulnerability allows local attackers to disclose
    sensitive information on affected installations of oFono. An attacker
    must first obtain the ability to execute code on the target modem in
    order to exploit this vulnerability.  The specific flaw exists within
    the parsing of responses from AT+CMT commands. The issue results from
    the lack of proper initialization of memory prior to accessing it. An
    attacker can leverage this in conjunction with other vulnerabilities
    to execute arbitrary code in the context of root. Was ZDI-CAN-23308.
    https://www.cve.org/CVERecord?id=CVE-2024-7541

- CVE-2024-7542:
    oFono AT CMGR Command Uninitialized Variable Information Disclosure
    Vulnerability. This vulnerability allows local attackers to disclose
    sensitive information on affected installations of oFono. An attacker
    must first obtain the ability to execute code on the target modem in
    order to exploit this vulnerability.  The specific flaw exists within
    the parsing of responses from AT+CMGR commands. The issue results from
    the lack of proper initialization of memory prior to accessing it. An
    attacker can leverage this in conjunction with other vulnerabilities
    to execute arbitrary code in the context of root. Was ZDI-CAN-23309.
    https://www.cve.org/CVERecord?id=CVE-2024-7542

Also drop local patch that is no longer applicable, since upstream now
relies on HAS_BACKTRACE as well

Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
---
 package/ofono/0001-uclibc-backtrace.patch | 49 -----------------------
 package/ofono/ofono.hash                  |  2 +-
 package/ofono/ofono.mk                    |  2 +-
 3 files changed, 2 insertions(+), 51 deletions(-)
 delete mode 100644 package/ofono/0001-uclibc-backtrace.patch

diff --git a/package/ofono/0001-uclibc-backtrace.patch b/package/ofono/0001-uclibc-backtrace.patch
deleted file mode 100644
index 3fa2414978..0000000000
--- a/package/ofono/0001-uclibc-backtrace.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-[PATCH] fix build on uClibc without UCLIBC_HAS_BACKTRACE
-
-Backtrace support is only used for logging on signal errors, which
-isn't really critical, so simply remove backtrace info if not
-available in uClibc.
-
-NOTE: based on patch from Peter Korsgaard <jacmet@sunsite.dk>
-
-Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
----
---- ofono-1.7.orig/src/log.c
-+++ ofono-1.7/src/log.c
-@@ -30,7 +30,8 @@
- #include <stdlib.h>
- #include <string.h>
- #include <syslog.h>
--#ifdef __GLIBC__
-+#if defined(__GLIBC__) && !(defined(__UCLIBC__) && !defined (__UCLIBC_HAS_BACKTRACE__))
-+#define HAVE_BACKTRACE
- #include <execinfo.h>
- #endif
- #include <dlfcn.h>
-@@ -115,7 +116,7 @@
-	va_end(ap);
- }
- 
--#ifdef __GLIBC__
-+#ifdef HAVE_BACKTRACE
- static void print_backtrace(unsigned int offset)
- {
- 	void *frames[99];
-@@ -312,7 +313,7 @@
-	if (detach == FALSE)
-		option |= LOG_PERROR;
- 
--#ifdef __GLIBC__
-+#ifdef HAVE_BACKTRACE
-	signal_setup(signal_handler);
- #endif
-
-@@ -329,7 +330,7 @@
-
-	closelog();
-
--#ifdef __GLIBC__
-+#ifdef HAVE_BACKTRACE
-	signal_setup(SIG_DFL);
- #endif
- 
diff --git a/package/ofono/ofono.hash b/package/ofono/ofono.hash
index 9e2fd413f9..31fae82eb9 100644
--- a/package/ofono/ofono.hash
+++ b/package/ofono/ofono.hash
@@ -1,4 +1,4 @@
 # From https://www.kernel.org/pub/linux/network/ofono/sha256sums.asc
-sha256  5e13121c0f885a81ad882db065549ea13477abbcc219f150b38a8d2ac92521de  ofono-2.2.tar.xz
+sha256  f74c3bba7ebac488fed7bcfa6113b0e39e723d2e1a24b53f79c9f18a1c85dd00  ofono-2.18.tar.xz
 # Locally computed
 sha256  e6d6a009505e345fe949e1310334fcb0747f28dae2856759de102ab66b722cb4  COPYING
diff --git a/package/ofono/ofono.mk b/package/ofono/ofono.mk
index ba0846e823..ee6020ab2e 100644
--- a/package/ofono/ofono.mk
+++ b/package/ofono/ofono.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-OFONO_VERSION = 2.2
+OFONO_VERSION = 2.18
 OFONO_SOURCE = ofono-$(OFONO_VERSION).tar.xz
 OFONO_SITE = $(BR2_KERNEL_MIRROR)/linux/network/ofono
 OFONO_LICENSE = GPL-2.0
-- 
2.50.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 2/2] package/ofono: security bump to v2.18

[Petr Vorel]

Hi Titouan,

Thanks a lot!

For the patchset:
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>

Kind regards,
Petr
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 1/2] package/ofono: mark CPE as valid

[Julien Olivain via buildroot]

On 11/08/2025 14:08, Titouan Christophe via buildroot wrote:
> The default ofono_project:ofono is a valid CPE, see
> https://nvd.nist.gov/products/cpe/detail/734A0A32-DA21-49B8-86BD-1A60C7CDF864
> 
> Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>

Series applied to master, thanks.

For info, I removed the ofono package patch entry in 
.checkpackageignore,
to fix a check-package error. See:
https://gitlab.com/buildroot.org/buildroot/-/commit/611a795cfc3c39c5603be467ff98ca0839721ea6

Best regards,

Julien.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 1/2] package/ofono: mark CPE as valid

[Thomas Perale via buildroot]

In reply of:
> The default ofono_project:ofono is a valid CPE, see
> https://nvd.nist.gov/products/cpe/detail/734A0A32-DA21-49B8-86BD-1A60C7CDF864
> 
> Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>

Applied to 2025.02.x & 2025.05.x. Thanks

> ---
>  package/ofono/ofono.mk | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/package/ofono/ofono.mk b/package/ofono/ofono.mk
> index 1ff43092c4..ba0846e823 100644
> --- a/package/ofono/ofono.mk
> +++ b/package/ofono/ofono.mk
> @@ -9,6 +9,7 @@ OFONO_SOURCE = ofono-$(OFONO_VERSION).tar.xz
>  OFONO_SITE = $(BR2_KERNEL_MIRROR)/linux/network/ofono
>  OFONO_LICENSE = GPL-2.0
>  OFONO_LICENSE_FILES = COPYING
> +OFONO_CPE_ID_VALID = YES
>  OFONO_DEPENDENCIES = \
>  	host-pkgconf \
>  	dbus \
> -- 
> 2.50.1
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 2/2] package/ofono: security bump to v2.18

[Thomas Perale via buildroot]

In reply of:
> This fixes the following vulnerabilities:
> 
> - CVE-2023-2794:
>     A flaw was found in ofono, an Open Source Telephony on Linux. A stack
>     overflow bug is triggered within the decode_deliver() function during
>     the SMS decoding. It is assumed that the attack scenario is accessible
>     from a compromised modem, a malicious base station, or just SMS. There
>     is a bound check for this memcpy length in decode_submit(), but it was
>     forgotten in decode_deliver().
>     https://www.cve.org/CVERecord?id=CVE-2023-2794
> 
> - CVE-2024-7537:
>     oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure
>     Vulnerability. This vulnerability allows local attackers to disclose
>     sensitive information on affected installations of oFono.
>     Authentication is not required to exploit this vulnerability.  The
>     specific flaw exists within the processing of SMS message lists. The
>     issue results from the lack of proper validation of user-supplied
>     data, which can result in a read past the end of an allocated buffer.
>     An attacker can leverage this in conjunction with other
>     vulnerabilities to execute arbitrary code in the context of root. Was
>     ZDI-CAN-23157.
>     https://www.cve.org/CVERecord?id=CVE-2024-7537
> 
> - CVE-2024-7539:
>     oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability.
>     This vulnerability allows local attackers to execute arbitrary code on
>     affected installations of oFono. An attacker must first obtain the
>     ability to execute code on the target modem in order to exploit this
>     vulnerability.  The specific flaw exists within the parsing of
>     responses from AT+CUSD commands. The issue results from the lack of
>     proper validation of the length of user-supplied data prior to copying
>     it to a stack-based buffer. An attacker can leverage this
>     vulnerability to execute code in the context of root. Was ZDI-
>     CAN-23195.
>     https://www.cve.org/CVERecord?id=CVE-2024-7539
> 
> - CVE-2024-7540:
>     oFono AT CMGL Command Uninitialized Variable Information Disclosure
>     Vulnerability. This vulnerability allows local attackers to disclose
>     sensitive information on affected installations of oFono. An attacker
>     must first obtain the ability to execute code on the target modem in
>     order to exploit this vulnerability.  The specific flaw exists within
>     the parsing of responses from AT+CMGL commands. The issue results from
>     the lack of proper initialization of memory prior to accessing it. An
>     attacker can leverage this in conjunction with other vulnerabilities
>     to execute arbitrary code in the context of root. Was ZDI-CAN-23307.
>     https://www.cve.org/CVERecord?id=CVE-2024-7540
> 
> - CVE-2024-7541:
>     oFono AT CMT Command Uninitialized Variable Information Disclosure
>     Vulnerability. This vulnerability allows local attackers to disclose
>     sensitive information on affected installations of oFono. An attacker
>     must first obtain the ability to execute code on the target modem in
>     order to exploit this vulnerability.  The specific flaw exists within
>     the parsing of responses from AT+CMT commands. The issue results from
>     the lack of proper initialization of memory prior to accessing it. An
>     attacker can leverage this in conjunction with other vulnerabilities
>     to execute arbitrary code in the context of root. Was ZDI-CAN-23308.
>     https://www.cve.org/CVERecord?id=CVE-2024-7541
> 
> - CVE-2024-7542:
>     oFono AT CMGR Command Uninitialized Variable Information Disclosure
>     Vulnerability. This vulnerability allows local attackers to disclose
>     sensitive information on affected installations of oFono. An attacker
>     must first obtain the ability to execute code on the target modem in
>     order to exploit this vulnerability.  The specific flaw exists within
>     the parsing of responses from AT+CMGR commands. The issue results from
>     the lack of proper initialization of memory prior to accessing it. An
>     attacker can leverage this in conjunction with other vulnerabilities
>     to execute arbitrary code in the context of root. Was ZDI-CAN-23309.
>     https://www.cve.org/CVERecord?id=CVE-2024-7542
> 
> Also drop local patch that is no longer applicable, since upstream now
> relies on HAS_BACKTRACE as well
> 
> Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>

Applied to 2025.02.x & 2025.05.x. Thanks

> ---
>  package/ofono/0001-uclibc-backtrace.patch | 49 -----------------------
>  package/ofono/ofono.hash                  |  2 +-
>  package/ofono/ofono.mk                    |  2 +-
>  3 files changed, 2 insertions(+), 51 deletions(-)
>  delete mode 100644 package/ofono/0001-uclibc-backtrace.patch
> 
> diff --git a/package/ofono/0001-uclibc-backtrace.patch b/package/ofono/0001-uclibc-backtrace.patch
> deleted file mode 100644
> index 3fa2414978..0000000000
> --- a/package/ofono/0001-uclibc-backtrace.patch
> +++ /dev/null
> @@ -1,49 +0,0 @@
> -[PATCH] fix build on uClibc without UCLIBC_HAS_BACKTRACE
> -
> -Backtrace support is only used for logging on signal errors, which
> -isn't really critical, so simply remove backtrace info if not
> -available in uClibc.
> -
> -NOTE: based on patch from Peter Korsgaard <jacmet@sunsite.dk>
> -
> -Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
> ----
> ---- ofono-1.7.orig/src/log.c
> -+++ ofono-1.7/src/log.c
> -@@ -30,7 +30,8 @@
> - #include <stdlib.h>
> - #include <string.h>
> - #include <syslog.h>
> --#ifdef __GLIBC__
> -+#if defined(__GLIBC__) && !(defined(__UCLIBC__) && !defined (__UCLIBC_HAS_BACKTRACE__))
> -+#define HAVE_BACKTRACE
> - #include <execinfo.h>
> - #endif
> - #include <dlfcn.h>
> -@@ -115,7 +116,7 @@
> -	va_end(ap);
> - }
> - 
> --#ifdef __GLIBC__
> -+#ifdef HAVE_BACKTRACE
> - static void print_backtrace(unsigned int offset)
> - {
> - 	void *frames[99];
> -@@ -312,7 +313,7 @@
> -	if (detach == FALSE)
> -		option |= LOG_PERROR;
> - 
> --#ifdef __GLIBC__
> -+#ifdef HAVE_BACKTRACE
> -	signal_setup(signal_handler);
> - #endif
> -
> -@@ -329,7 +330,7 @@
> -
> -	closelog();
> -
> --#ifdef __GLIBC__
> -+#ifdef HAVE_BACKTRACE
> -	signal_setup(SIG_DFL);
> - #endif
> - 
> diff --git a/package/ofono/ofono.hash b/package/ofono/ofono.hash
> index 9e2fd413f9..31fae82eb9 100644
> --- a/package/ofono/ofono.hash
> +++ b/package/ofono/ofono.hash
> @@ -1,4 +1,4 @@
>  # From https://www.kernel.org/pub/linux/network/ofono/sha256sums.asc
> -sha256  5e13121c0f885a81ad882db065549ea13477abbcc219f150b38a8d2ac92521de  ofono-2.2.tar.xz
> +sha256  f74c3bba7ebac488fed7bcfa6113b0e39e723d2e1a24b53f79c9f18a1c85dd00  ofono-2.18.tar.xz
>  # Locally computed
>  sha256  e6d6a009505e345fe949e1310334fcb0747f28dae2856759de102ab66b722cb4  COPYING
> diff --git a/package/ofono/ofono.mk b/package/ofono/ofono.mk
> index ba0846e823..ee6020ab2e 100644
> --- a/package/ofono/ofono.mk
> +++ b/package/ofono/ofono.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -OFONO_VERSION = 2.2
> +OFONO_VERSION = 2.18
>  OFONO_SOURCE = ofono-$(OFONO_VERSION).tar.xz
>  OFONO_SITE = $(BR2_KERNEL_MIRROR)/linux/network/ofono
>  OFONO_LICENSE = GPL-2.0
> -- 
> 2.50.1
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot