From 66c92e135745304681cdefb15ee98421c924b161 Mon Sep 17 00:00:00 2001 From: "Pawan.kumar" Date: Wed, 16 Oct 2024 21:12:41 +0530 Subject: [PATCH 01/16] MAGECLOUD-12969: security fix patch --- patches.json | 3 + ...for_CVE_2024_34102_CosmicSting_2.4.7.patch | 55 +++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting_2.4.7.patch diff --git a/patches.json b/patches.json index 7b55679..351632d 100644 --- a/patches.json +++ b/patches.json @@ -280,6 +280,9 @@ }, "Enhanced Layout Cache Efficiency (memory usage reduced)": { ">=2.4.4 <2.4.7": "MCLOUD-11514__enhanced_layout_cache_efficiency__2.4.6-p3.patch" + }, + "Patch for CVE-2024-34102 - CosmicSting": { + ">2.4.6 <=2.4.7": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting_2.4.7.patch" } }, "magento/module-paypal": { diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting_2.4.7.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting_2.4.7.patch new file mode 100644 index 0000000..cf9af8b --- /dev/null +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting_2.4.7.patch @@ -0,0 +1,55 @@ +diff --git a/vendor/magento/theme-adminhtml-backend/i18n/en_US.csv b/vendor/magento/theme-adminhtml-backend/i18n/en_US.csv +index 2708988e731..885d0056d4b 100644 +--- a/vendor/magento/theme-adminhtml-backend/i18n/en_US.csv ++++ b/vendor/magento/theme-adminhtml-backend/i18n/en_US.csv +@@ -547,3 +547,4 @@ Dashboard,Dashboard + "Web Section","Web Section" + "Store Email Addresses Section","Store Email Addresses Section" + "Email to a Friend","Email to a Friend" ++"Invalid data type","Invalid data type" +diff --git a/vendor/magento/theme-frontend-blank/i18n/en_US.csv b/vendor/magento/theme-frontend-blank/i18n/en_US.csv +index 025866f654d..cc02ab5ac90 100644 +--- a/vendor/magento/theme-frontend-blank/i18n/en_US.csv ++++ b/vendor/magento/theme-frontend-blank/i18n/en_US.csv +@@ -439,3 +439,4 @@ Summary,Summary + Test,Test + test,test + Two,Two ++"Invalid data type","Invalid data type" +diff --git a/vendor/magento/theme-frontend-luma/i18n/en_US.csv b/vendor/magento/theme-frontend-luma/i18n/en_US.csv +index e80cb58e679..3d0e8ab2650 100644 +--- a/vendor/magento/theme-frontend-luma/i18n/en_US.csv ++++ b/vendor/magento/theme-frontend-luma/i18n/en_US.csv +@@ -489,3 +489,4 @@ Remove,Remove + Test,Test + test,test + Two,Two ++"Invalid data type","Invalid data type" +diff --git a/vendor/magento/framework/Webapi/ServiceInputProcessor.php b/vendor/magento/framework/Webapi/ServiceInputProcessor.php +index cd7960409e1..df31058ff32 100644 +--- a/vendor/magento/framework/Webapi/ServiceInputProcessor.php ++++ b/vendor/magento/framework/Webapi/ServiceInputProcessor.php +@@ -278,6 +278,12 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface, ResetAf + // convert to string directly to avoid situations when $className is object + // which implements __toString method like \ReflectionObject + $className = (string) $className; ++ if (is_subclass_of($className, \SimpleXMLElement::class) ++ || is_subclass_of($className, \DOMElement::class)) { ++ throw new SerializationException( ++ new Phrase('Invalid data type') ++ ); ++ } + $class = new ClassReflection($className); + if (is_subclass_of($className, self::EXTENSION_ATTRIBUTES_TYPE)) { + $className = substr($className, 0, -strlen('Interface')); +diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php b/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php +--- a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php (revision 022e64b08a88658667bc2d6b922eada2b7910965) ++++ b/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php (revision 8d2b0c1c6b421cdcd7f62a48a5edc9b0211d92a2) +@@ -35,6 +35,7 @@ + public function __construct(DeploymentConfig $deploymentConfig, JwkFactory $jwkFactory) + { + $this->keys = preg_split('/\s+/s', trim((string)$deploymentConfig->get('crypt/key'))); ++ $this->keys = [end($this->keys)]; + //Making sure keys are large enough. + foreach ($this->keys as &$key) { + $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file From d92b1c7b03bb6fbea47277ec33f097d507e5ca9e Mon Sep 17 00:00:00 2001 From: "Pawan.kumar" Date: Wed, 16 Oct 2024 21:28:27 +0530 Subject: [PATCH 02/16] MAGECLOUD-12969: security fix patch --- patches.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/patches.json b/patches.json index 351632d..227df61 100644 --- a/patches.json +++ b/patches.json @@ -282,7 +282,7 @@ ">=2.4.4 <2.4.7": "MCLOUD-11514__enhanced_layout_cache_efficiency__2.4.6-p3.patch" }, "Patch for CVE-2024-34102 - CosmicSting": { - ">2.4.6 <=2.4.7": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting_2.4.7.patch" + ">=2.4.4 <=2.4.8-beta1": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting_2.4.7.patch" } }, "magento/module-paypal": { From 5c5c131d8b7c04b50482b6721ceaa107a8e337bf Mon Sep 17 00:00:00 2001 From: "Pawan.kumar" Date: Thu, 17 Oct 2024 21:12:39 +0530 Subject: [PATCH 03/16] MAGECLOUD-12969: security fix patch --- patches.json | 5 +- ...or_CVE_2024_34102_CosmicSting__2.4.4.patch | 62 +++++++++++++++++++ ...or_CVE_2024_34102_CosmicSting__2.4.5.patch | 62 +++++++++++++++++++ ...or_CVE_2024_34102_CosmicSting__2.4.6.patch | 46 ++++++++++++++ ...r_CVE_2024_34102_CosmicSting__2.4.7.patch} | 0 5 files changed, 174 insertions(+), 1 deletion(-) create mode 100644 patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch create mode 100644 patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch create mode 100644 patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch rename patches/{MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting_2.4.7.patch => MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch} (100%) diff --git a/patches.json b/patches.json index 227df61..4069224 100644 --- a/patches.json +++ b/patches.json @@ -282,7 +282,10 @@ ">=2.4.4 <2.4.7": "MCLOUD-11514__enhanced_layout_cache_efficiency__2.4.6-p3.patch" }, "Patch for CVE-2024-34102 - CosmicSting": { - ">=2.4.4 <=2.4.8-beta1": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting_2.4.7.patch" + ">=2.4.7 <2.4.8": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch", + ">=2.4.6 <2.4.7": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch", + ">=2.4.5 <2.4.6": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch", + ">=2.4.4 <2.4.5": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch" } }, "magento/module-paypal": { diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch new file mode 100644 index 0000000..53317da --- /dev/null +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch @@ -0,0 +1,62 @@ +diff --git a/vendor/magento/theme-frontend-blank/i18n/en_US.csv b/vendor/magento/theme-frontend-blank/i18n/en_US.csv +index a491a567a37..5e8bef787d2 100644 +--- a/vendor/magento/theme-frontend-blank/i18n/en_US.csv ++++ b/vendor/magento/theme-frontend-blank/i18n/en_US.csv +@@ -4,3 +4,4 @@ Summary,Summary + Menu,Menu + Account,Account + Settings,Settings ++"Invalid data type","Invalid data type" +diff --git a/vendor/magento/theme-frontend-luma/i18n/en_US.csv b/vendor/magento/theme-frontend-luma/i18n/en_US.csv +index 7bf9e0afaf0..00493cc05ba 100644 +--- a/vendor/magento/theme-frontend-luma/i18n/en_US.csv ++++ b/vendor/magento/theme-frontend-luma/i18n/en_US.csv +@@ -54,3 +54,4 @@ Footer,Footer + "Update to your %store_name shipment","Update to your %store_name shipment" + "Address Book","Address Book" + "Account Information","Account Information" ++"Invalid data type","Invalid data type" +diff --git a/vendor/magento/framework/Webapi/ServiceInputProcessor.php b/vendor/magento/framework/Webapi/ServiceInputProcessor.php +index 908a4e70140..cc019845b58 100644 +--- a/vendor/magento/framework/Webapi/ServiceInputProcessor.php ++++ b/vendor/magento/framework/Webapi/ServiceInputProcessor.php +@@ -153,6 +153,7 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface + * @return \Magento\Framework\Reflection\NameFinder + * + * @deprecated 100.1.0 ++ * @see nothing + */ + private function getNameFinder() + { +@@ -261,6 +262,7 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface + * @throws \Exception + * @throws SerializationException + * @SuppressWarnings(PHPMD.CyclomaticComplexity) ++ * @SuppressWarnings(PHPMD.NPathComplexity) + */ + protected function _createFromArray($className, $data) + { +@@ -268,6 +270,12 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface + // convert to string directly to avoid situations when $className is object + // which implements __toString method like \ReflectionObject + $className = (string) $className; ++ if (is_subclass_of($className, \SimpleXMLElement::class) ++ || is_subclass_of($className, \DOMElement::class)) { ++ throw new SerializationException( ++ new Phrase('Invalid data type') ++ ); ++ } + $class = new ClassReflection($className); + if (is_subclass_of($className, self::EXTENSION_ATTRIBUTES_TYPE)) { + $className = substr($className, 0, -strlen('Interface')); +diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php b/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php +--- a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php (revision 022e64b08a88658667bc2d6b922eada2b7910965) ++++ b/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php (revision 8d2b0c1c6b421cdcd7f62a48a5edc9b0211d92a2) +@@ -35,6 +35,7 @@ + public function __construct(DeploymentConfig $deploymentConfig, JwkFactory $jwkFactory) + { + $this->keys = preg_split('/\s+/s', trim((string)$deploymentConfig->get('crypt/key'))); ++ $this->keys = [end($this->keys)]; + //Making sure keys are large enough. + foreach ($this->keys as &$key) { + $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch new file mode 100644 index 0000000..3ea35c2 --- /dev/null +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch @@ -0,0 +1,62 @@ +diff --git a/vendor/magento/theme-frontend-blank/i18n/en_US.csv b/vendor/magento/theme-frontend-blank/i18n/en_US.csv +index a491a567a37..5e8bef787d2 100644 +--- a/vendor/magento/theme-frontend-blank/i18n/en_US.csv ++++ b/vendor/magento/theme-frontend-blank/i18n/en_US.csv +@@ -4,3 +4,4 @@ Summary,Summary + Menu,Menu + Account,Account + Settings,Settings ++"Invalid data type","Invalid data type" +diff --git a/vendor/magento/theme-frontend-luma/i18n/en_US.csv b/vendor/magento/theme-frontend-luma/i18n/en_US.csv +index 7bf9e0afaf0..00493cc05ba 100644 +--- a/vendor/magento/theme-frontend-luma/i18n/en_US.csv ++++ b/vendor/magento/theme-frontend-luma/i18n/en_US.csv +@@ -54,3 +54,4 @@ Footer,Footer + "Update to your %store_name shipment","Update to your %store_name shipment" + "Address Book","Address Book" + "Account Information","Account Information" ++"Invalid data type","Invalid data type" +diff --git a/vendor/magento/framework/Webapi/ServiceInputProcessor.php b/vendor/magento/framework/Webapi/ServiceInputProcessor.php +index a5e881f4be5..a60f1dd7ba1 100644 +--- a/vendor/magento/framework/Webapi/ServiceInputProcessor.php ++++ b/vendor/magento/framework/Webapi/ServiceInputProcessor.php +@@ -153,6 +153,7 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface + * @return \Magento\Framework\Reflection\NameFinder + * + * @deprecated 100.1.0 ++ * @see nothing + */ + private function getNameFinder() + { +@@ -261,6 +262,7 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface + * @throws \Exception + * @throws SerializationException + * @SuppressWarnings(PHPMD.CyclomaticComplexity) ++ * @SuppressWarnings(PHPMD.NPathComplexity) + */ + protected function _createFromArray($className, $data) + { +@@ -268,6 +270,12 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface + // convert to string directly to avoid situations when $className is object + // which implements __toString method like \ReflectionObject + $className = (string) $className; ++ if (is_subclass_of($className, \SimpleXMLElement::class) ++ || is_subclass_of($className, \DOMElement::class)) { ++ throw new SerializationException( ++ new Phrase('Invalid data type') ++ ); ++ } + $class = new ClassReflection($className); + if (is_subclass_of($className, self::EXTENSION_ATTRIBUTES_TYPE)) { + $className = substr($className, 0, -strlen('Interface')); +diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php b/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php +--- a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php (revision 022e64b08a88658667bc2d6b922eada2b7910965) ++++ b/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php (revision 8d2b0c1c6b421cdcd7f62a48a5edc9b0211d92a2) +@@ -35,6 +35,7 @@ + public function __construct(DeploymentConfig $deploymentConfig, JwkFactory $jwkFactory) + { + $this->keys = preg_split('/\s+/s', trim((string)$deploymentConfig->get('crypt/key'))); ++ $this->keys = [end($this->keys)]; + //Making sure keys are large enough. + foreach ($this->keys as &$key) { + $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch new file mode 100644 index 0000000..1b7d545 --- /dev/null +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch @@ -0,0 +1,46 @@ +diff --git a/vendor/magento/theme-frontend-blank/i18n/en_US.csv b/vendor/magento/theme-frontend-blank/i18n/en_US.csv +index a491a567a37..5e8bef787d2 100644 +--- a/vendor/magento/theme-frontend-blank/i18n/en_US.csv ++++ b/vendor/magento/theme-frontend-blank/i18n/en_US.csv +@@ -4,3 +4,4 @@ Summary,Summary + Menu,Menu + Account,Account + Settings,Settings ++"Invalid data type","Invalid data type" +diff --git a/vendor/magento/theme-frontend-luma/i18n/en_US.csv b/vendor/magento/theme-frontend-luma/i18n/en_US.csv +index 7bf9e0afaf0..00493cc05ba 100644 +--- a/vendor/magento/theme-frontend-luma/i18n/en_US.csv ++++ b/vendor/magento/theme-frontend-luma/i18n/en_US.csv +@@ -54,3 +54,4 @@ Footer,Footer + "Update to your %store_name shipment","Update to your %store_name shipment" + "Address Book","Address Book" + "Account Information","Account Information" ++"Invalid data type","Invalid data type" +diff --git a/vendor/magento/framework/Webapi/ServiceInputProcessor.php b/vendor/magento/framework/Webapi/ServiceInputProcessor.php +index 9d7fd443508..65987772c23 100644 +--- a/vendor/magento/framework/Webapi/ServiceInputProcessor.php ++++ b/vendor/magento/framework/Webapi/ServiceInputProcessor.php +@@ -275,6 +275,12 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface + // convert to string directly to avoid situations when $className is object + // which implements __toString method like \ReflectionObject + $className = (string) $className; ++ if (is_subclass_of($className, \SimpleXMLElement::class) ++ || is_subclass_of($className, \DOMElement::class)) { ++ throw new SerializationException( ++ new Phrase('Invalid data type') ++ ); ++ } + $class = new ClassReflection($className); + if (is_subclass_of($className, self::EXTENSION_ATTRIBUTES_TYPE)) { + $className = substr($className, 0, -strlen('Interface')); +diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php b/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php +--- a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php (revision 022e64b08a88658667bc2d6b922eada2b7910965) ++++ b/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php (revision 8d2b0c1c6b421cdcd7f62a48a5edc9b0211d92a2) +@@ -35,6 +35,7 @@ + public function __construct(DeploymentConfig $deploymentConfig, JwkFactory $jwkFactory) + { + $this->keys = preg_split('/\s+/s', trim((string)$deploymentConfig->get('crypt/key'))); ++ $this->keys = [end($this->keys)]; + //Making sure keys are large enough. + foreach ($this->keys as &$key) { + $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting_2.4.7.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch similarity index 100% rename from patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting_2.4.7.patch rename to patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch From 62213a5f61c6c8f6ca28e089c55f8333cc5fd5fb Mon Sep 17 00:00:00 2001 From: Sivaram Manijeganathan Date: Thu, 17 Oct 2024 14:09:05 -0500 Subject: [PATCH 04/16] add new line --- ...OUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch | 2 +- ...OUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch | 2 +- ...OUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch | 2 +- ...OUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch index 53317da..5175edb 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch @@ -59,4 +59,4 @@ diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.p + $this->keys = [end($this->keys)]; //Making sure keys are large enough. foreach ($this->keys as &$key) { - $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file + $key = str_pad($key, 2048, '&', STR_PAD_BOTH); diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch index 3ea35c2..e5740c2 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch @@ -59,4 +59,4 @@ diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.p + $this->keys = [end($this->keys)]; //Making sure keys are large enough. foreach ($this->keys as &$key) { - $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file + $key = str_pad($key, 2048, '&', STR_PAD_BOTH); diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch index 1b7d545..1296cc0 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch @@ -43,4 +43,4 @@ diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.p + $this->keys = [end($this->keys)]; //Making sure keys are large enough. foreach ($this->keys as &$key) { - $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file + $key = str_pad($key, 2048, '&', STR_PAD_BOTH); diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch index cf9af8b..4f23fb7 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch @@ -52,4 +52,4 @@ diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.p + $this->keys = [end($this->keys)]; //Making sure keys are large enough. foreach ($this->keys as &$key) { - $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file + $key = str_pad($key, 2048, '&', STR_PAD_BOTH); From ff17f4bc35b07b412810be704d42365005c31f2b Mon Sep 17 00:00:00 2001 From: "Pawan.kumar" Date: Fri, 18 Oct 2024 15:57:40 +0530 Subject: [PATCH 05/16] MAGECLOUD-12969: security fix patch --- patches.json | 5 +- ...or_CVE_2024_34102_CosmicSting__2.4.4.patch | 62 ------------------- ...or_CVE_2024_34102_CosmicSting__2.4.5.patch | 62 ------------------- ...or_CVE_2024_34102_CosmicSting__2.4.6.patch | 46 -------------- 4 files changed, 1 insertion(+), 174 deletions(-) delete mode 100644 patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch delete mode 100644 patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch delete mode 100644 patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch diff --git a/patches.json b/patches.json index 4069224..15f30e2 100644 --- a/patches.json +++ b/patches.json @@ -282,10 +282,7 @@ ">=2.4.4 <2.4.7": "MCLOUD-11514__enhanced_layout_cache_efficiency__2.4.6-p3.patch" }, "Patch for CVE-2024-34102 - CosmicSting": { - ">=2.4.7 <2.4.8": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch", - ">=2.4.6 <2.4.7": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch", - ">=2.4.5 <2.4.6": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch", - ">=2.4.4 <2.4.5": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch" + ">=2.4.4 <2.4.8": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch" } }, "magento/module-paypal": { diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch deleted file mode 100644 index 53317da..0000000 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch +++ /dev/null @@ -1,62 +0,0 @@ -diff --git a/vendor/magento/theme-frontend-blank/i18n/en_US.csv b/vendor/magento/theme-frontend-blank/i18n/en_US.csv -index a491a567a37..5e8bef787d2 100644 ---- a/vendor/magento/theme-frontend-blank/i18n/en_US.csv -+++ b/vendor/magento/theme-frontend-blank/i18n/en_US.csv -@@ -4,3 +4,4 @@ Summary,Summary - Menu,Menu - Account,Account - Settings,Settings -+"Invalid data type","Invalid data type" -diff --git a/vendor/magento/theme-frontend-luma/i18n/en_US.csv b/vendor/magento/theme-frontend-luma/i18n/en_US.csv -index 7bf9e0afaf0..00493cc05ba 100644 ---- a/vendor/magento/theme-frontend-luma/i18n/en_US.csv -+++ b/vendor/magento/theme-frontend-luma/i18n/en_US.csv -@@ -54,3 +54,4 @@ Footer,Footer - "Update to your %store_name shipment","Update to your %store_name shipment" - "Address Book","Address Book" - "Account Information","Account Information" -+"Invalid data type","Invalid data type" -diff --git a/vendor/magento/framework/Webapi/ServiceInputProcessor.php b/vendor/magento/framework/Webapi/ServiceInputProcessor.php -index 908a4e70140..cc019845b58 100644 ---- a/vendor/magento/framework/Webapi/ServiceInputProcessor.php -+++ b/vendor/magento/framework/Webapi/ServiceInputProcessor.php -@@ -153,6 +153,7 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface - * @return \Magento\Framework\Reflection\NameFinder - * - * @deprecated 100.1.0 -+ * @see nothing - */ - private function getNameFinder() - { -@@ -261,6 +262,7 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface - * @throws \Exception - * @throws SerializationException - * @SuppressWarnings(PHPMD.CyclomaticComplexity) -+ * @SuppressWarnings(PHPMD.NPathComplexity) - */ - protected function _createFromArray($className, $data) - { -@@ -268,6 +270,12 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface - // convert to string directly to avoid situations when $className is object - // which implements __toString method like \ReflectionObject - $className = (string) $className; -+ if (is_subclass_of($className, \SimpleXMLElement::class) -+ || is_subclass_of($className, \DOMElement::class)) { -+ throw new SerializationException( -+ new Phrase('Invalid data type') -+ ); -+ } - $class = new ClassReflection($className); - if (is_subclass_of($className, self::EXTENSION_ATTRIBUTES_TYPE)) { - $className = substr($className, 0, -strlen('Interface')); -diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php b/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php ---- a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php (revision 022e64b08a88658667bc2d6b922eada2b7910965) -+++ b/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php (revision 8d2b0c1c6b421cdcd7f62a48a5edc9b0211d92a2) -@@ -35,6 +35,7 @@ - public function __construct(DeploymentConfig $deploymentConfig, JwkFactory $jwkFactory) - { - $this->keys = preg_split('/\s+/s', trim((string)$deploymentConfig->get('crypt/key'))); -+ $this->keys = [end($this->keys)]; - //Making sure keys are large enough. - foreach ($this->keys as &$key) { - $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch deleted file mode 100644 index 3ea35c2..0000000 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch +++ /dev/null @@ -1,62 +0,0 @@ -diff --git a/vendor/magento/theme-frontend-blank/i18n/en_US.csv b/vendor/magento/theme-frontend-blank/i18n/en_US.csv -index a491a567a37..5e8bef787d2 100644 ---- a/vendor/magento/theme-frontend-blank/i18n/en_US.csv -+++ b/vendor/magento/theme-frontend-blank/i18n/en_US.csv -@@ -4,3 +4,4 @@ Summary,Summary - Menu,Menu - Account,Account - Settings,Settings -+"Invalid data type","Invalid data type" -diff --git a/vendor/magento/theme-frontend-luma/i18n/en_US.csv b/vendor/magento/theme-frontend-luma/i18n/en_US.csv -index 7bf9e0afaf0..00493cc05ba 100644 ---- a/vendor/magento/theme-frontend-luma/i18n/en_US.csv -+++ b/vendor/magento/theme-frontend-luma/i18n/en_US.csv -@@ -54,3 +54,4 @@ Footer,Footer - "Update to your %store_name shipment","Update to your %store_name shipment" - "Address Book","Address Book" - "Account Information","Account Information" -+"Invalid data type","Invalid data type" -diff --git a/vendor/magento/framework/Webapi/ServiceInputProcessor.php b/vendor/magento/framework/Webapi/ServiceInputProcessor.php -index a5e881f4be5..a60f1dd7ba1 100644 ---- a/vendor/magento/framework/Webapi/ServiceInputProcessor.php -+++ b/vendor/magento/framework/Webapi/ServiceInputProcessor.php -@@ -153,6 +153,7 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface - * @return \Magento\Framework\Reflection\NameFinder - * - * @deprecated 100.1.0 -+ * @see nothing - */ - private function getNameFinder() - { -@@ -261,6 +262,7 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface - * @throws \Exception - * @throws SerializationException - * @SuppressWarnings(PHPMD.CyclomaticComplexity) -+ * @SuppressWarnings(PHPMD.NPathComplexity) - */ - protected function _createFromArray($className, $data) - { -@@ -268,6 +270,12 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface - // convert to string directly to avoid situations when $className is object - // which implements __toString method like \ReflectionObject - $className = (string) $className; -+ if (is_subclass_of($className, \SimpleXMLElement::class) -+ || is_subclass_of($className, \DOMElement::class)) { -+ throw new SerializationException( -+ new Phrase('Invalid data type') -+ ); -+ } - $class = new ClassReflection($className); - if (is_subclass_of($className, self::EXTENSION_ATTRIBUTES_TYPE)) { - $className = substr($className, 0, -strlen('Interface')); -diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php b/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php ---- a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php (revision 022e64b08a88658667bc2d6b922eada2b7910965) -+++ b/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php (revision 8d2b0c1c6b421cdcd7f62a48a5edc9b0211d92a2) -@@ -35,6 +35,7 @@ - public function __construct(DeploymentConfig $deploymentConfig, JwkFactory $jwkFactory) - { - $this->keys = preg_split('/\s+/s', trim((string)$deploymentConfig->get('crypt/key'))); -+ $this->keys = [end($this->keys)]; - //Making sure keys are large enough. - foreach ($this->keys as &$key) { - $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch deleted file mode 100644 index 1b7d545..0000000 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch +++ /dev/null @@ -1,46 +0,0 @@ -diff --git a/vendor/magento/theme-frontend-blank/i18n/en_US.csv b/vendor/magento/theme-frontend-blank/i18n/en_US.csv -index a491a567a37..5e8bef787d2 100644 ---- a/vendor/magento/theme-frontend-blank/i18n/en_US.csv -+++ b/vendor/magento/theme-frontend-blank/i18n/en_US.csv -@@ -4,3 +4,4 @@ Summary,Summary - Menu,Menu - Account,Account - Settings,Settings -+"Invalid data type","Invalid data type" -diff --git a/vendor/magento/theme-frontend-luma/i18n/en_US.csv b/vendor/magento/theme-frontend-luma/i18n/en_US.csv -index 7bf9e0afaf0..00493cc05ba 100644 ---- a/vendor/magento/theme-frontend-luma/i18n/en_US.csv -+++ b/vendor/magento/theme-frontend-luma/i18n/en_US.csv -@@ -54,3 +54,4 @@ Footer,Footer - "Update to your %store_name shipment","Update to your %store_name shipment" - "Address Book","Address Book" - "Account Information","Account Information" -+"Invalid data type","Invalid data type" -diff --git a/vendor/magento/framework/Webapi/ServiceInputProcessor.php b/vendor/magento/framework/Webapi/ServiceInputProcessor.php -index 9d7fd443508..65987772c23 100644 ---- a/vendor/magento/framework/Webapi/ServiceInputProcessor.php -+++ b/vendor/magento/framework/Webapi/ServiceInputProcessor.php -@@ -275,6 +275,12 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface - // convert to string directly to avoid situations when $className is object - // which implements __toString method like \ReflectionObject - $className = (string) $className; -+ if (is_subclass_of($className, \SimpleXMLElement::class) -+ || is_subclass_of($className, \DOMElement::class)) { -+ throw new SerializationException( -+ new Phrase('Invalid data type') -+ ); -+ } - $class = new ClassReflection($className); - if (is_subclass_of($className, self::EXTENSION_ATTRIBUTES_TYPE)) { - $className = substr($className, 0, -strlen('Interface')); -diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php b/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php ---- a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php (revision 022e64b08a88658667bc2d6b922eada2b7910965) -+++ b/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php (revision 8d2b0c1c6b421cdcd7f62a48a5edc9b0211d92a2) -@@ -35,6 +35,7 @@ - public function __construct(DeploymentConfig $deploymentConfig, JwkFactory $jwkFactory) - { - $this->keys = preg_split('/\s+/s', trim((string)$deploymentConfig->get('crypt/key'))); -+ $this->keys = [end($this->keys)]; - //Making sure keys are large enough. - foreach ($this->keys as &$key) { - $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file From 5650740a821c3d07d75dfa42de473693b3fc2242 Mon Sep 17 00:00:00 2001 From: "Pawan.kumar" Date: Mon, 21 Oct 2024 23:29:56 +0530 Subject: [PATCH 06/16] MAGECLOUD-12969: security fix patch --- patches.json | 11 +- ...or_CVE_2024_34102_CosmicSting__2.4.4.patch | 62 +++++++ ...or_CVE_2024_34102_CosmicSting__2.4.5.patch | 62 +++++++ ...or_CVE_2024_34102_CosmicSting__2.4.6.patch | 46 +++++ ...or_CVE_2024_34102_KeyRotation__2.4.4.patch | 163 ++++++++++++++++++ ...or_CVE_2024_34102_KeyRotation__2.4.5.patch | 162 +++++++++++++++++ ...or_CVE_2024_34102_KeyRotation__2.4.6.patch | 159 +++++++++++++++++ ...or_CVE_2024_34102_KeyRotation__2.4.7.patch | 157 +++++++++++++++++ 8 files changed, 821 insertions(+), 1 deletion(-) create mode 100644 patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch create mode 100644 patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch create mode 100644 patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch create mode 100644 patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.4.patch create mode 100644 patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.5.patch create mode 100644 patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.6.patch create mode 100644 patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.7.patch diff --git a/patches.json b/patches.json index 15f30e2..710ec97 100644 --- a/patches.json +++ b/patches.json @@ -282,7 +282,16 @@ ">=2.4.4 <2.4.7": "MCLOUD-11514__enhanced_layout_cache_efficiency__2.4.6-p3.patch" }, "Patch for CVE-2024-34102 - CosmicSting": { - ">=2.4.4 <2.4.8": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch" + ">=2.4.4 <2.4.5": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch", + ">=2.4.5 <2.4.6": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch", + ">=2.4.6 <2.4.7": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch", + ">=2.4.7 <2.4.8": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch" + }, + "Patch for CVE-2024-34102 - KeyRotation": { + ">=2.4.4 <2.4.5": "MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.4.patch", + ">=2.4.5 <2.4.6": "MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.5.patch", + ">=2.4.6 <2.4.7": "MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.6.patch", + ">=2.4.7 <2.4.8": "MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.7.patch" } }, "magento/module-paypal": { diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch new file mode 100644 index 0000000..53317da --- /dev/null +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch @@ -0,0 +1,62 @@ +diff --git a/vendor/magento/theme-frontend-blank/i18n/en_US.csv b/vendor/magento/theme-frontend-blank/i18n/en_US.csv +index a491a567a37..5e8bef787d2 100644 +--- a/vendor/magento/theme-frontend-blank/i18n/en_US.csv ++++ b/vendor/magento/theme-frontend-blank/i18n/en_US.csv +@@ -4,3 +4,4 @@ Summary,Summary + Menu,Menu + Account,Account + Settings,Settings ++"Invalid data type","Invalid data type" +diff --git a/vendor/magento/theme-frontend-luma/i18n/en_US.csv b/vendor/magento/theme-frontend-luma/i18n/en_US.csv +index 7bf9e0afaf0..00493cc05ba 100644 +--- a/vendor/magento/theme-frontend-luma/i18n/en_US.csv ++++ b/vendor/magento/theme-frontend-luma/i18n/en_US.csv +@@ -54,3 +54,4 @@ Footer,Footer + "Update to your %store_name shipment","Update to your %store_name shipment" + "Address Book","Address Book" + "Account Information","Account Information" ++"Invalid data type","Invalid data type" +diff --git a/vendor/magento/framework/Webapi/ServiceInputProcessor.php b/vendor/magento/framework/Webapi/ServiceInputProcessor.php +index 908a4e70140..cc019845b58 100644 +--- a/vendor/magento/framework/Webapi/ServiceInputProcessor.php ++++ b/vendor/magento/framework/Webapi/ServiceInputProcessor.php +@@ -153,6 +153,7 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface + * @return \Magento\Framework\Reflection\NameFinder + * + * @deprecated 100.1.0 ++ * @see nothing + */ + private function getNameFinder() + { +@@ -261,6 +262,7 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface + * @throws \Exception + * @throws SerializationException + * @SuppressWarnings(PHPMD.CyclomaticComplexity) ++ * @SuppressWarnings(PHPMD.NPathComplexity) + */ + protected function _createFromArray($className, $data) + { +@@ -268,6 +270,12 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface + // convert to string directly to avoid situations when $className is object + // which implements __toString method like \ReflectionObject + $className = (string) $className; ++ if (is_subclass_of($className, \SimpleXMLElement::class) ++ || is_subclass_of($className, \DOMElement::class)) { ++ throw new SerializationException( ++ new Phrase('Invalid data type') ++ ); ++ } + $class = new ClassReflection($className); + if (is_subclass_of($className, self::EXTENSION_ATTRIBUTES_TYPE)) { + $className = substr($className, 0, -strlen('Interface')); +diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php b/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php +--- a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php (revision 022e64b08a88658667bc2d6b922eada2b7910965) ++++ b/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php (revision 8d2b0c1c6b421cdcd7f62a48a5edc9b0211d92a2) +@@ -35,6 +35,7 @@ + public function __construct(DeploymentConfig $deploymentConfig, JwkFactory $jwkFactory) + { + $this->keys = preg_split('/\s+/s', trim((string)$deploymentConfig->get('crypt/key'))); ++ $this->keys = [end($this->keys)]; + //Making sure keys are large enough. + foreach ($this->keys as &$key) { + $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch new file mode 100644 index 0000000..3ea35c2 --- /dev/null +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch @@ -0,0 +1,62 @@ +diff --git a/vendor/magento/theme-frontend-blank/i18n/en_US.csv b/vendor/magento/theme-frontend-blank/i18n/en_US.csv +index a491a567a37..5e8bef787d2 100644 +--- a/vendor/magento/theme-frontend-blank/i18n/en_US.csv ++++ b/vendor/magento/theme-frontend-blank/i18n/en_US.csv +@@ -4,3 +4,4 @@ Summary,Summary + Menu,Menu + Account,Account + Settings,Settings ++"Invalid data type","Invalid data type" +diff --git a/vendor/magento/theme-frontend-luma/i18n/en_US.csv b/vendor/magento/theme-frontend-luma/i18n/en_US.csv +index 7bf9e0afaf0..00493cc05ba 100644 +--- a/vendor/magento/theme-frontend-luma/i18n/en_US.csv ++++ b/vendor/magento/theme-frontend-luma/i18n/en_US.csv +@@ -54,3 +54,4 @@ Footer,Footer + "Update to your %store_name shipment","Update to your %store_name shipment" + "Address Book","Address Book" + "Account Information","Account Information" ++"Invalid data type","Invalid data type" +diff --git a/vendor/magento/framework/Webapi/ServiceInputProcessor.php b/vendor/magento/framework/Webapi/ServiceInputProcessor.php +index a5e881f4be5..a60f1dd7ba1 100644 +--- a/vendor/magento/framework/Webapi/ServiceInputProcessor.php ++++ b/vendor/magento/framework/Webapi/ServiceInputProcessor.php +@@ -153,6 +153,7 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface + * @return \Magento\Framework\Reflection\NameFinder + * + * @deprecated 100.1.0 ++ * @see nothing + */ + private function getNameFinder() + { +@@ -261,6 +262,7 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface + * @throws \Exception + * @throws SerializationException + * @SuppressWarnings(PHPMD.CyclomaticComplexity) ++ * @SuppressWarnings(PHPMD.NPathComplexity) + */ + protected function _createFromArray($className, $data) + { +@@ -268,6 +270,12 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface + // convert to string directly to avoid situations when $className is object + // which implements __toString method like \ReflectionObject + $className = (string) $className; ++ if (is_subclass_of($className, \SimpleXMLElement::class) ++ || is_subclass_of($className, \DOMElement::class)) { ++ throw new SerializationException( ++ new Phrase('Invalid data type') ++ ); ++ } + $class = new ClassReflection($className); + if (is_subclass_of($className, self::EXTENSION_ATTRIBUTES_TYPE)) { + $className = substr($className, 0, -strlen('Interface')); +diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php b/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php +--- a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php (revision 022e64b08a88658667bc2d6b922eada2b7910965) ++++ b/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php (revision 8d2b0c1c6b421cdcd7f62a48a5edc9b0211d92a2) +@@ -35,6 +35,7 @@ + public function __construct(DeploymentConfig $deploymentConfig, JwkFactory $jwkFactory) + { + $this->keys = preg_split('/\s+/s', trim((string)$deploymentConfig->get('crypt/key'))); ++ $this->keys = [end($this->keys)]; + //Making sure keys are large enough. + foreach ($this->keys as &$key) { + $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch new file mode 100644 index 0000000..1b7d545 --- /dev/null +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch @@ -0,0 +1,46 @@ +diff --git a/vendor/magento/theme-frontend-blank/i18n/en_US.csv b/vendor/magento/theme-frontend-blank/i18n/en_US.csv +index a491a567a37..5e8bef787d2 100644 +--- a/vendor/magento/theme-frontend-blank/i18n/en_US.csv ++++ b/vendor/magento/theme-frontend-blank/i18n/en_US.csv +@@ -4,3 +4,4 @@ Summary,Summary + Menu,Menu + Account,Account + Settings,Settings ++"Invalid data type","Invalid data type" +diff --git a/vendor/magento/theme-frontend-luma/i18n/en_US.csv b/vendor/magento/theme-frontend-luma/i18n/en_US.csv +index 7bf9e0afaf0..00493cc05ba 100644 +--- a/vendor/magento/theme-frontend-luma/i18n/en_US.csv ++++ b/vendor/magento/theme-frontend-luma/i18n/en_US.csv +@@ -54,3 +54,4 @@ Footer,Footer + "Update to your %store_name shipment","Update to your %store_name shipment" + "Address Book","Address Book" + "Account Information","Account Information" ++"Invalid data type","Invalid data type" +diff --git a/vendor/magento/framework/Webapi/ServiceInputProcessor.php b/vendor/magento/framework/Webapi/ServiceInputProcessor.php +index 9d7fd443508..65987772c23 100644 +--- a/vendor/magento/framework/Webapi/ServiceInputProcessor.php ++++ b/vendor/magento/framework/Webapi/ServiceInputProcessor.php +@@ -275,6 +275,12 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface + // convert to string directly to avoid situations when $className is object + // which implements __toString method like \ReflectionObject + $className = (string) $className; ++ if (is_subclass_of($className, \SimpleXMLElement::class) ++ || is_subclass_of($className, \DOMElement::class)) { ++ throw new SerializationException( ++ new Phrase('Invalid data type') ++ ); ++ } + $class = new ClassReflection($className); + if (is_subclass_of($className, self::EXTENSION_ATTRIBUTES_TYPE)) { + $className = substr($className, 0, -strlen('Interface')); +diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php b/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php +--- a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php (revision 022e64b08a88658667bc2d6b922eada2b7910965) ++++ b/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php (revision 8d2b0c1c6b421cdcd7f62a48a5edc9b0211d92a2) +@@ -35,6 +35,7 @@ + public function __construct(DeploymentConfig $deploymentConfig, JwkFactory $jwkFactory) + { + $this->keys = preg_split('/\s+/s', trim((string)$deploymentConfig->get('crypt/key'))); ++ $this->keys = [end($this->keys)]; + //Making sure keys are large enough. + foreach ($this->keys as &$key) { + $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.4.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.4.patch new file mode 100644 index 0000000..83b15a8 --- /dev/null +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.4.patch @@ -0,0 +1,163 @@ +diff --git a/vendor/magento/module-encryption-key/Console/Command/UpdateEncryptionKeyCommand.php b/vendor/magento/module-encryption-key/Console/Command/UpdateEncryptionKeyCommand.php +new file mode 100644 +index 0000000000000..8777f99139edc +--- /dev/null ++++ b/vendor/magento/module-encryption-key/Console/Command/UpdateEncryptionKeyCommand.php +@@ -0,0 +1,141 @@ ++encryptor = $encryptor; ++ $this->cache = $cache; ++ $this->writer = $writer; ++ $this->random = $random; ++ ++ parent::__construct(); ++ } ++ ++ /** ++ * @inheritDoc ++ */ ++ protected function configure() ++ { ++ $this->setName('encryption:key:change'); ++ $this->setDescription('Change the encryption key inside the env.php file.'); ++ $this->addOption( ++ 'key', ++ 'k', ++ InputOption::VALUE_OPTIONAL, ++ 'Key has to be a 32 characters long string. If not provided, a random key will be generated.' ++ ); ++ ++ parent::configure(); ++ } ++ ++ /** ++ * @inheritDoc ++ */ ++ protected function execute(InputInterface $input, OutputInterface $output) ++ { ++ try { ++ $key = $input->getOption('key'); ++ ++ if (!empty($key)) { ++ $this->encryptor->validateKey($key); ++ } ++ ++ $this->updateEncryptionKey($key); ++ $this->cache->clean(); ++ ++ $output->writeln('Encryption key has been updated successfully.'); ++ ++ return Cli::RETURN_SUCCESS; ++ } catch (\Exception $e) { ++ $output->writeln('' . $e->getMessage() . ''); ++ return Cli::RETURN_FAILURE; ++ } ++ } ++ ++ /** ++ * Update encryption key ++ * ++ * @param string|null $key ++ * @return void ++ * @throws FileSystemException ++ */ ++ private function updateEncryptionKey(string $key = null): void ++ { ++ // prepare new key, encryptor and new configuration segment ++ if (!$this->writer->checkIfWritable()) { ++ throw new FileSystemException(__('Deployment configuration file is not writable.')); ++ } ++ ++ if (null === $key) { ++ // md5() here is not for cryptographic use. It used for generate encryption key itself ++ // and do not encrypt any passwords ++ // phpcs:ignore Magento2.Security.InsecureFunction ++ $key = md5($this->random->getRandomString(ConfigOptionsListConstants::STORE_KEY_RANDOM_STRING_SIZE)); ++ } ++ ++ $this->encryptor->setNewKey($key); ++ ++ $encryptSegment = new ConfigData(ConfigFilePool::APP_ENV); ++ $encryptSegment->set(ConfigOptionsListConstants::CONFIG_PATH_CRYPT_KEY, $this->encryptor->exportKeys()); ++ ++ $configData = [$encryptSegment->getFileKey() => $encryptSegment->getData()]; ++ ++ $this->writer->saveConfig($configData); ++ } ++} +diff --git a/vendor/magento/module-encryption-key/etc/di.xml b/vendor/magento/module-encryption-key/etc/di.xml +index b4e471f4e40ef..495234759a7f8 100644 +--- a/vendor/magento/module-encryption-key/etc/di.xml ++++ b/vendor/magento/module-encryption-key/etc/di.xml +@@ -11,4 +11,11 @@ + Magento\Config\Model\Config\Structure\Proxy + + ++ ++ ++ ++ Magento\EncryptionKey\Console\Command\UpdateEncryptionKeyCommand ++ ++ ++ + \ No newline at end of file diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.5.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.5.patch new file mode 100644 index 0000000..26c492e --- /dev/null +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.5.patch @@ -0,0 +1,162 @@ +diff --git a/vendor/magento/module-encryption-key/Console/Command/UpdateEncryptionKeyCommand.php b/vendor/magento/module-encryption-key/Console/Command/UpdateEncryptionKeyCommand.php +new file mode 100644 +index 0000000000000..351379552e104 +--- /dev/null ++++ b/vendor/magento/module-encryption-key/Console/Command/UpdateEncryptionKeyCommand.php +@@ -0,0 +1,140 @@ ++encryptor = $encryptor; ++ $this->cache = $cache; ++ $this->writer = $writer; ++ $this->random = $random; ++ ++ parent::__construct(); ++ } ++ ++ /** ++ * @inheritDoc ++ */ ++ protected function configure() ++ { ++ $this->setName('encryption:key:change'); ++ $this->setDescription('Change the encryption key inside the env.php file.'); ++ $this->addOption( ++ 'key', ++ 'k', ++ InputOption::VALUE_OPTIONAL, ++ 'Key has to be a 32 characters long string. If not provided, a random key will be generated.' ++ ); ++ ++ parent::configure(); ++ } ++ ++ /** ++ * @inheritDoc ++ */ ++ protected function execute(InputInterface $input, OutputInterface $output) ++ { ++ try { ++ $key = $input->getOption('key'); ++ ++ if (!empty($key)) { ++ $this->encryptor->validateKey($key); ++ } ++ ++ $this->updateEncryptionKey($key); ++ $this->cache->clean(); ++ ++ $output->writeln('Encryption key has been updated successfully.'); ++ ++ return Cli::RETURN_SUCCESS; ++ } catch (\Exception $e) { ++ $output->writeln('' . $e->getMessage() . ''); ++ return Cli::RETURN_FAILURE; ++ } ++ } ++ ++ /** ++ * Update encryption key ++ * ++ * @param string|null $key ++ * @return void ++ * @throws FileSystemException ++ */ ++ private function updateEncryptionKey(string $key = null): void ++ { ++ // prepare new key, encryptor and new configuration segment ++ if (!$this->writer->checkIfWritable()) { ++ throw new FileSystemException(__('Deployment configuration file is not writable.')); ++ } ++ ++ if (null === $key) { ++ // md5() here is not for cryptographic use. It used for generate encryption key itself ++ // and do not encrypt any passwords ++ // phpcs:ignore Magento2.Security.InsecureFunction ++ $key = md5($this->random->getRandomString(ConfigOptionsListConstants::STORE_KEY_RANDOM_STRING_SIZE)); ++ } ++ $this->encryptor->setNewKey($key); ++ ++ $encryptSegment = new ConfigData(ConfigFilePool::APP_ENV); ++ $encryptSegment->set(ConfigOptionsListConstants::CONFIG_PATH_CRYPT_KEY, $this->encryptor->exportKeys()); ++ ++ $configData = [$encryptSegment->getFileKey() => $encryptSegment->getData()]; ++ ++ $this->writer->saveConfig($configData); ++ } ++} +diff --git a/vendor/magento/module-encryption-key/etc/di.xml b/vendor/magento/module-encryption-key/etc/di.xml +index b4e471f4e40ef..495234759a7f8 100644 +--- a/vendor/magento/module-encryption-key/etc/di.xml ++++ b/vendor/magento/module-encryption-key/etc/di.xml +@@ -11,4 +11,11 @@ + Magento\Config\Model\Config\Structure\Proxy + + ++ ++ ++ ++ Magento\EncryptionKey\Console\Command\UpdateEncryptionKeyCommand ++ ++ ++ + \ No newline at end of file diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.6.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.6.patch new file mode 100644 index 0000000..4f2178b --- /dev/null +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.6.patch @@ -0,0 +1,159 @@ +diff --git a/vendor/magento/module-encryption-key/Console/Command/UpdateEncryptionKeyCommand.php b/vendor/magento/module-encryption-key/Console/Command/UpdateEncryptionKeyCommand.php +new file mode 100644 +index 0000000000000..0e4995b847893 +--- /dev/null ++++ b/vendor/magento/module-encryption-key/Console/Command/UpdateEncryptionKeyCommand.php +@@ -0,0 +1,137 @@ ++encryptor = $encryptor; ++ $this->cache = $cache; ++ $this->writer = $writer; ++ $this->random = $random; ++ ++ parent::__construct(); ++ } ++ ++ /** ++ * @inheritDoc ++ */ ++ protected function configure() ++ { ++ $this->setName('encryption:key:change'); ++ $this->setDescription('Change the encryption key inside the env.php file.'); ++ $this->addOption( ++ 'key', ++ 'k', ++ InputOption::VALUE_OPTIONAL, ++ 'Key has to be a 32 characters long string. If not provided, a random key will be generated.' ++ ); ++ ++ parent::configure(); ++ } ++ ++ /** ++ * @inheritDoc ++ */ ++ protected function execute(InputInterface $input, OutputInterface $output) ++ { ++ try { ++ $key = $input->getOption('key'); ++ ++ if (!empty($key)) { ++ $this->encryptor->validateKey($key); ++ } ++ ++ $this->updateEncryptionKey($key); ++ $this->cache->clean(); ++ ++ $output->writeln('Encryption key has been updated successfully.'); ++ ++ return Command::SUCCESS; ++ } catch (\Exception $e) { ++ $output->writeln('' . $e->getMessage() . ''); ++ return Command::FAILURE; ++ } ++ } ++ ++ /** ++ * Update encryption key ++ * ++ * @param string|null $key ++ * @return void ++ * @throws FileSystemException ++ */ ++ private function updateEncryptionKey(string $key = null): void ++ { ++ // prepare new key, encryptor and new configuration segment ++ if (!$this->writer->checkIfWritable()) { ++ throw new FileSystemException(__('Deployment configuration file is not writable.')); ++ } ++ ++ if (null === $key) { ++ // md5() here is not for cryptographic use. It used for generate encryption key itself ++ // and do not encrypt any passwords ++ // phpcs:ignore Magento2.Security.InsecureFunction ++ $key = md5($this->random->getRandomString(ConfigOptionsListConstants::STORE_KEY_RANDOM_STRING_SIZE)); ++ } ++ ++ $this->encryptor->setNewKey($key); ++ ++ $encryptSegment = new ConfigData(ConfigFilePool::APP_ENV); ++ $encryptSegment->set(ConfigOptionsListConstants::CONFIG_PATH_CRYPT_KEY, $this->encryptor->exportKeys()); ++ ++ $configData = [$encryptSegment->getFileKey() => $encryptSegment->getData()]; ++ ++ $this->writer->saveConfig($configData); ++ } ++} +diff --git a/vendor/magento/module-encryption-key/etc/di.xml b/vendor/magento/module-encryption-key/etc/di.xml +index b4e471f4e40ef..495234759a7f8 100644 +--- a/vendor/magento/module-encryption-key/etc/di.xml ++++ b/vendor/magento/module-encryption-key/etc/di.xml +@@ -11,4 +11,11 @@ + Magento\Config\Model\Config\Structure\Proxy + + ++ ++ ++ ++ Magento\EncryptionKey\Console\Command\UpdateEncryptionKeyCommand ++ ++ ++ + \ No newline at end of file diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.7.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.7.patch new file mode 100644 index 0000000..0c8e1fc --- /dev/null +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.7.patch @@ -0,0 +1,157 @@ +diff --git a/vendor/magento/module-encryption-key/Console/Command/UpdateEncryptionKeyCommand.php b/vendor/magento/module-encryption-key/Console/Command/UpdateEncryptionKeyCommand.php +new file mode 100644 +index 0000000000000..cd6ffb4323163 +--- /dev/null ++++ b/vendor/magento/module-encryption-key/Console/Command/UpdateEncryptionKeyCommand.php +@@ -0,0 +1,135 @@ ++encryptor = $encryptor; ++ $this->cache = $cache; ++ $this->writer = $writer; ++ $this->random = $random; ++ ++ parent::__construct(); ++ } ++ ++ /** ++ * @inheritDoc ++ */ ++ protected function configure() ++ { ++ $this->setName('encryption:key:change'); ++ $this->setDescription('Change the encryption key inside the env.php file.'); ++ $this->addOption( ++ 'key', ++ 'k', ++ InputOption::VALUE_OPTIONAL, ++ 'Key has to be a 32 characters long string. If not provided, a random key will be generated.' ++ ); ++ ++ parent::configure(); ++ } ++ ++ /** ++ * @inheritDoc ++ */ ++ protected function execute(InputInterface $input, OutputInterface $output) ++ { ++ try { ++ $key = $input->getOption('key'); ++ ++ if (!empty($key)) { ++ $this->encryptor->validateKey($key); ++ } ++ ++ $this->updateEncryptionKey($key); ++ $this->cache->clean(); ++ ++ $output->writeln('Encryption key has been updated successfully.'); ++ ++ return Command::SUCCESS; ++ } catch (\Exception $e) { ++ $output->writeln('' . $e->getMessage() . ''); ++ return Command::FAILURE; ++ } ++ } ++ ++ /** ++ * Update encryption key ++ * ++ * @param string|null $key ++ * @return void ++ * @throws FileSystemException ++ */ ++ private function updateEncryptionKey(string $key = null): void ++ { ++ // prepare new key, encryptor and new configuration segment ++ if (!$this->writer->checkIfWritable()) { ++ throw new FileSystemException(__('Deployment configuration file is not writable.')); ++ } ++ ++ if (null === $key) { ++ $key = ConfigOptionsListConstants::STORE_KEY_ENCODED_RANDOM_STRING_PREFIX . ++ $this->random->getRandomBytes(ConfigOptionsListConstants::STORE_KEY_RANDOM_STRING_SIZE); ++ } ++ ++ $this->encryptor->setNewKey($key); ++ ++ $encryptSegment = new ConfigData(ConfigFilePool::APP_ENV); ++ $encryptSegment->set(ConfigOptionsListConstants::CONFIG_PATH_CRYPT_KEY, $this->encryptor->exportKeys()); ++ ++ $configData = [$encryptSegment->getFileKey() => $encryptSegment->getData()]; ++ ++ $this->writer->saveConfig($configData); ++ } ++} +diff --git a/vendor/magento/module-encryption-key/etc/di.xml b/vendor/magento/module-encryption-key/etc/di.xml +index b4e471f4e40ef..495234759a7f8 100644 +--- a/vendor/magento/module-encryption-key/etc/di.xml ++++ b/vendor/magento/module-encryption-key/etc/di.xml +@@ -11,4 +11,11 @@ + Magento\Config\Model\Config\Structure\Proxy + + ++ ++ ++ ++ Magento\EncryptionKey\Console\Command\UpdateEncryptionKeyCommand ++ ++ ++ + From 58ab70821b22be3142128b8b47b4c4ed66fa1afb Mon Sep 17 00:00:00 2001 From: "Pawan.kumar" Date: Wed, 23 Oct 2024 21:12:54 +0530 Subject: [PATCH 07/16] MAGECLOUD-12969: security fix patch --- patches.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/patches.json b/patches.json index 710ec97..9c990f1 100644 --- a/patches.json +++ b/patches.json @@ -282,16 +282,16 @@ ">=2.4.4 <2.4.7": "MCLOUD-11514__enhanced_layout_cache_efficiency__2.4.6-p3.patch" }, "Patch for CVE-2024-34102 - CosmicSting": { - ">=2.4.4 <2.4.5": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch", - ">=2.4.5 <2.4.6": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch", - ">=2.4.6 <2.4.7": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch", - ">=2.4.7 <2.4.8": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch" + ">=2.4.4 <2.4.4-p10": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch", + ">=2.4.5 <2.4.5-p9": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch", + ">=2.4.6 <2.4.6-p7": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch", + ">=2.4.7 <2.4.7-p1": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch" }, "Patch for CVE-2024-34102 - KeyRotation": { - ">=2.4.4 <2.4.5": "MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.4.patch", - ">=2.4.5 <2.4.6": "MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.5.patch", - ">=2.4.6 <2.4.7": "MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.6.patch", - ">=2.4.7 <2.4.8": "MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.7.patch" + ">=2.4.4 <2.4.4-p10": "MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.4.patch", + ">=2.4.5 <2.4.5-p9": "MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.5.patch", + ">=2.4.6 <2.4.6-p7": "MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.6.patch", + ">=2.4.7 <2.4.7-p2": "MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.7.patch" } }, "magento/module-paypal": { From ae324a189aaf527061538421df29da58f7a30c25 Mon Sep 17 00:00:00 2001 From: "Pawan.kumar" Date: Thu, 24 Oct 2024 16:03:13 +0530 Subject: [PATCH 08/16] MAGECLOUD-12969: security fix patch --- ...OUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch index 53317da..5175edb 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch @@ -59,4 +59,4 @@ diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.p + $this->keys = [end($this->keys)]; //Making sure keys are large enough. foreach ($this->keys as &$key) { - $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file + $key = str_pad($key, 2048, '&', STR_PAD_BOTH); From faba20bacdae822f11947490504b0014cbeea92d Mon Sep 17 00:00:00 2001 From: "Pawan.kumar" Date: Thu, 24 Oct 2024 20:07:37 +0530 Subject: [PATCH 09/16] MAGECLOUD-12969: security fix patch --- ...OUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch | 2 +- ...OUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch | 2 +- ...OUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch index 3ea35c2..e5740c2 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch @@ -59,4 +59,4 @@ diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.p + $this->keys = [end($this->keys)]; //Making sure keys are large enough. foreach ($this->keys as &$key) { - $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file + $key = str_pad($key, 2048, '&', STR_PAD_BOTH); diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch index 1b7d545..1296cc0 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch @@ -43,4 +43,4 @@ diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.p + $this->keys = [end($this->keys)]; //Making sure keys are large enough. foreach ($this->keys as &$key) { - $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file + $key = str_pad($key, 2048, '&', STR_PAD_BOTH); diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch index cf9af8b..4f23fb7 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch @@ -52,4 +52,4 @@ diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.p + $this->keys = [end($this->keys)]; //Making sure keys are large enough. foreach ($this->keys as &$key) { - $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file + $key = str_pad($key, 2048, '&', STR_PAD_BOTH); From 2630ec46979af33594d63da8ae3998bf7e301afa Mon Sep 17 00:00:00 2001 From: "Pawan.kumar" Date: Thu, 24 Oct 2024 20:10:01 +0530 Subject: [PATCH 10/16] MAGECLOUD-12969: security fix patch --- ...LOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch | 1 + ...LOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch | 1 + ...LOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch | 1 + ...LOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch | 1 + 4 files changed, 4 insertions(+) diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch index 5175edb..6fbe148 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch @@ -60,3 +60,4 @@ diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.p //Making sure keys are large enough. foreach ($this->keys as &$key) { $key = str_pad($key, 2048, '&', STR_PAD_BOTH); + diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch index e5740c2..40c807a 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch @@ -60,3 +60,4 @@ diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.p //Making sure keys are large enough. foreach ($this->keys as &$key) { $key = str_pad($key, 2048, '&', STR_PAD_BOTH); + diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch index 1296cc0..43c5911 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch @@ -44,3 +44,4 @@ diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.p //Making sure keys are large enough. foreach ($this->keys as &$key) { $key = str_pad($key, 2048, '&', STR_PAD_BOTH); + diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch index 4f23fb7..fd9df08 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch @@ -53,3 +53,4 @@ diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.p //Making sure keys are large enough. foreach ($this->keys as &$key) { $key = str_pad($key, 2048, '&', STR_PAD_BOTH); + From be31084f898f32f68599ac0325deec4655ef035b Mon Sep 17 00:00:00 2001 From: "Pawan.kumar" Date: Thu, 24 Oct 2024 20:17:14 +0530 Subject: [PATCH 11/16] MAGECLOUD-12969: security fix patch --- ...UD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch | 3 +-- ...UD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch | 3 +-- ...UD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch | 3 +-- ...UD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch | 3 +-- 4 files changed, 4 insertions(+), 8 deletions(-) diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch index 6fbe148..53317da 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch @@ -59,5 +59,4 @@ diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.p + $this->keys = [end($this->keys)]; //Making sure keys are large enough. foreach ($this->keys as &$key) { - $key = str_pad($key, 2048, '&', STR_PAD_BOTH); - + $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch index 40c807a..3ea35c2 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch @@ -59,5 +59,4 @@ diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.p + $this->keys = [end($this->keys)]; //Making sure keys are large enough. foreach ($this->keys as &$key) { - $key = str_pad($key, 2048, '&', STR_PAD_BOTH); - + $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch index 43c5911..1b7d545 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch @@ -43,5 +43,4 @@ diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.p + $this->keys = [end($this->keys)]; //Making sure keys are large enough. foreach ($this->keys as &$key) { - $key = str_pad($key, 2048, '&', STR_PAD_BOTH); - + $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch index fd9df08..cf9af8b 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch @@ -52,5 +52,4 @@ diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.p + $this->keys = [end($this->keys)]; //Making sure keys are large enough. foreach ($this->keys as &$key) { - $key = str_pad($key, 2048, '&', STR_PAD_BOTH); - + $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file From b34935af62c9c5897171784f5d67a1ed612042a1 Mon Sep 17 00:00:00 2001 From: "Pawan.kumar" Date: Thu, 24 Oct 2024 20:41:15 +0530 Subject: [PATCH 12/16] MAGECLOUD-12969: security fix patch --- ...OUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch | 2 +- ...OUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch | 2 +- ...OUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch | 2 +- ...OUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch index 53317da..5175edb 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch @@ -59,4 +59,4 @@ diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.p + $this->keys = [end($this->keys)]; //Making sure keys are large enough. foreach ($this->keys as &$key) { - $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file + $key = str_pad($key, 2048, '&', STR_PAD_BOTH); diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch index 3ea35c2..e5740c2 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch @@ -59,4 +59,4 @@ diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.p + $this->keys = [end($this->keys)]; //Making sure keys are large enough. foreach ($this->keys as &$key) { - $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file + $key = str_pad($key, 2048, '&', STR_PAD_BOTH); diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch index 1b7d545..1296cc0 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch @@ -43,4 +43,4 @@ diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.p + $this->keys = [end($this->keys)]; //Making sure keys are large enough. foreach ($this->keys as &$key) { - $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file + $key = str_pad($key, 2048, '&', STR_PAD_BOTH); diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch index cf9af8b..4f23fb7 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch @@ -52,4 +52,4 @@ diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.p + $this->keys = [end($this->keys)]; //Making sure keys are large enough. foreach ($this->keys as &$key) { - $key = str_pad($key, 2048, '&', STR_PAD_BOTH); \ No newline at end of file + $key = str_pad($key, 2048, '&', STR_PAD_BOTH); From 54237977053f6bdf17c9fab20ba4d913c4d92b58 Mon Sep 17 00:00:00 2001 From: "Pawan.kumar" Date: Fri, 25 Oct 2024 13:56:45 +0530 Subject: [PATCH 13/16] MAGECLOUD-12969: security fix patch --- patches.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/patches.json b/patches.json index 50ad2cb..8f41963 100644 --- a/patches.json +++ b/patches.json @@ -282,10 +282,10 @@ ">=2.4.4 <2.4.7": "MCLOUD-11514__enhanced_layout_cache_efficiency__2.4.6-p3.patch" }, "Patch for CVE-2024-34102 - CosmicSting": { - ">=2.4.4 <2.4.4-p10": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch", - ">=2.4.5 <2.4.5-p9": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch", - ">=2.4.6 <2.4.6-p7": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch", - ">=2.4.7 <2.4.7-p1": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch" + ">=2.4.4 <2.4.4-p8": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch", + ">=2.4.5 <2.4.5-p7": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch", + ">=2.4.6 <2.4.6-p5": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch", + "2.4.7": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch" }, "Patch for CVE-2024-34102 - KeyRotation": { ">=2.4.4 <2.4.4-p10": "MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.4.patch", From 8e604537fed98343c22affd990e57015d9ab08cc Mon Sep 17 00:00:00 2001 From: Sivaram Manijeganathan Date: Mon, 28 Oct 2024 09:41:07 -0500 Subject: [PATCH 14/16] add new line --- ...UD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.4.patch | 3 ++- ...UD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.5.patch | 3 ++- ...UD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.6.patch | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.4.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.4.patch index 83b15a8..21ca631 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.4.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.4.patch @@ -160,4 +160,5 @@ index b4e471f4e40ef..495234759a7f8 100644 + + + - \ No newline at end of file + + \ No newline at end of file diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.5.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.5.patch index 26c492e..13cec8e 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.5.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.5.patch @@ -159,4 +159,5 @@ index b4e471f4e40ef..495234759a7f8 100644 + + + - \ No newline at end of file + + \ No newline at end of file diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.6.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.6.patch index 4f2178b..c4f7c72 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.6.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.6.patch @@ -156,4 +156,5 @@ index b4e471f4e40ef..495234759a7f8 100644 + + + - \ No newline at end of file + + \ No newline at end of file From 961f06817e8fe2db47b5fba815d692dfc89f9432 Mon Sep 17 00:00:00 2001 From: Sivaram Manijeganathan Date: Mon, 28 Oct 2024 10:00:43 -0500 Subject: [PATCH 15/16] remove trailing space --- ...LOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.4.patch | 1 - ...LOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.5.patch | 1 - ...LOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.6.patch | 1 - 3 files changed, 3 deletions(-) diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.4.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.4.patch index 21ca631..94adc61 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.4.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.4.patch @@ -161,4 +161,3 @@ index b4e471f4e40ef..495234759a7f8 100644 + + - \ No newline at end of file diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.5.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.5.patch index 13cec8e..29adfc3 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.5.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.5.patch @@ -160,4 +160,3 @@ index b4e471f4e40ef..495234759a7f8 100644 + + - \ No newline at end of file diff --git a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.6.patch b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.6.patch index c4f7c72..c5ba438 100644 --- a/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.6.patch +++ b/patches/MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.6.patch @@ -157,4 +157,3 @@ index b4e471f4e40ef..495234759a7f8 100644 + + - \ No newline at end of file From 34dc1354f59b8456e7b5adb3c771f7932dffba90 Mon Sep 17 00:00:00 2001 From: Sivaram Manijeganathan Date: Thu, 31 Oct 2024 10:31:48 -0500 Subject: [PATCH 16/16] update version for release 1.1.2 --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 636d694..5d90152 100644 --- a/composer.json +++ b/composer.json @@ -2,7 +2,7 @@ "name": "magento/magento-cloud-patches", "description": "Provides critical fixes for Magento 2 Enterprise Edition", "type": "magento2-component", - "version": "1.0.27", + "version": "1.1.2", "license": "OSL-3.0", "repositories": { "repo.magento.com": {