diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2020-07-25 00:24:21 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2020-07-25 00:26:47 +0300 |
commit | 748a483a8f515f7aa0ce999ebeeebed4ed17ae10 (patch) | |
tree | aeeb8e6537070fade4adb84332cb9d5bc52ed4d2 /meta-openembedded/meta-networking | |
parent | b7d2861976669d4f6decc55762ba83fe0371d6d5 (diff) | |
download | openbmc-748a483a8f515f7aa0ce999ebeeebed4ed17ae10.tar.xz |
meta-openembedded: subtree update:e93d527a33..76b83194b3
Alejandro Enedino Hernandez Samaniego (1):
Remmina: Upgrade to 1.4.7
Alistair Francis (1):
python3-obd: Add missing setuptools RDEPENDS
Andreas Müller (3):
xfce4-whiskermenu-plugin: upgrade 2.4.4 -> 2.4.5
xfce4-time-out-plugin: upgrade 1.1.0 -> 1.1.1
graphene: upgrade 1.10.0 -> 1.10.2
Andrej Valek (1):
python3-xlsxwriter: add recipe for v 1.2.9
Aníbal Limón (1):
recipes-graphics: Add parallel-deqp-runner recipe
Armin Kuster (10):
python3-flask-babel: update to 1.0.0 and consolidate
python3-fastnumbers: Add new package
python3-icu: add new package
python3-natsort: add new package
python3-croniter: Fix missing rdep
python3-gmpy2: add new package
python3-ecdsa: add package
python3-rsa: add new package
python3-gnupg: add new package
python3-qrcode: add package
Changqing Li (2):
rsyslog: get alias of syslog back
radvd: add /etc/radvd.conf
Christian Eggers (2):
networkmanager: Package nmcli separately
networkmanager: Fix udev dependency
Colin McAllister (4):
python3-cantools: Added recipe
python3-dateparser: Added recipe
python3-diskcache: Added recipe
python3-bitstruct: Added recipe
Dmitry Baryshkov (1):
recipes-graphics: add Khronos OpenGL ES and Vulkan CTS recipes
Julius Hemanth Pitti (1):
netkit-telnetd: Fix buffer overflow in netoprintf
Kai Kang (1):
python3-pykickstart: 3.22 -> 3.26
Khem Raj (4):
ace: Upgrade to 6.5.10
network-manager-applet: Add missing dependency on libgudev
memcached: Upgrade to 1.6.6
samba: Fix conflicts with nss.h from glibc
Leon Anavi (12):
python3-cbor2: Upgrade 5.1.0 -> 5.1.1
python3-psutil: Upgrade 5.7.0 -> 5.7.2
python3-isort: Upgrade 4.3.21 -> 5.1.0
python3-netaddr: Upgrade 0.7.20 -> 0.8.0
python3-bitarray: Upgrade 1.2.2 -> 1.4.1
python3-pymysql: Upgrade 0.9.3 -> 0.10.0
python3-simplejson: Upgrade 3.17.0 -> 3.17.2
python3-isort: Upgrade 5.1.0 -> 5.1.4
python3-stevedore: Upgrade 2.0.1 -> 3.2.0
python3-mock: Upgrade 4.0.1 -> 4.0.2
python3-pychromecast: Upgrade 7.1.1 -> 7.1.2
python3-coverage: Upgrade 5.1 -> 5.2
Matt Hoosier (1):
glmark2: don't build full OpenGL backends by default
Mingde (Matthew) Zeng (1):
net-snmp, openjpeg: add proper CVE tags to patches
Mingli Yu (1):
freeradius: fix the existed certificate error
Ovidiu Panait (1):
nss: upgrade 3.51.1 -> 3.54
Philip Balister (1):
python3-pybind11: Use cmake to build and add -native version
Ryan Rowe (2):
python3-packaging: add -native version
python3-pint: add setuptools and packaging to RDEPENDS
Sakib Sajal (4):
python3-mock: add recipe for v4.0.1
python3-pep8: add recipe for v1.7.1
python3-mccabe: add recipe for v0.2.1
python3-requests-toolbelt: add ptest
Slater, Joseph (2):
lvm2: reproducible binaries
toybox-inittab: unpack to S
Wang Mingyu (2):
python3-idna: upgrade 2.9 -> 2.10
python3-pytz: upgrade 2019.3 -> 2020.1
Zang Ruochen (5):
python3-requests-file: Enable ptest
python3-semver: Enable ptest
python3-smpplib: Enable ptest
python3-soupsieve: Enable ptest
python3-typeguard: Enable ptest
Zheng Ruoqin (3):
babeld: upgrade 1.9.1 -> 1.9.2
wireguard-module: upgrade 1.0.20200401 -> 1.0.20200712
wireguard-tools: upgrade 1.0.20200319 -> 1.0.20200513
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I7d02cff7fbd61a6f8e1a96354e169f5f19edf023
Diffstat (limited to 'meta-openembedded/meta-networking')
16 files changed, 329 insertions, 18 deletions
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/0001-raddb-certs-Makefile-fix-the-existed-certificate-err.patch b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/0001-raddb-certs-Makefile-fix-the-existed-certificate-err.patch new file mode 100644 index 000000000..669f363e7 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/0001-raddb-certs-Makefile-fix-the-existed-certificate-err.patch @@ -0,0 +1,55 @@ +From 084f5467672f2ae37003b77e8f8706772f3da3ec Mon Sep 17 00:00:00 2001 +From: Mingli Yu <mingli.yu@windriver.com> +Date: Mon, 13 Jul 2020 07:01:45 +0000 +Subject: [PATCH] raddb/certs/Makefile: fix the existed certificate error + +Fixes: + # ./bootstrap + [snip] +openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key 'whatever' -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf +Using configuration from ./client.cnf +Check that the request matches the signature +Signature ok +ERROR:There is already a certificate for /C=FR/ST=Radius/O=Example Inc./CN=user@example.org/emailAddress=user@example.org +The matching entry has the following details +Type :Valid +Expires on :200908024833Z +Serial Number :02 +File name :unknown +Subject Name :/C=FR/ST=Radius/O=Example Inc./CN=user@example.org/emailAddress=user@example.org +make: *** [Makefile:128: client.crt] Error 1 + +Add the check to fix the above error and it does the same for server.crt. + +Upstream-Status: Pending + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + raddb/certs/Makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/raddb/certs/Makefile b/raddb/certs/Makefile +index 5cbfd467ce..77eec9baa1 100644 +--- a/raddb/certs/Makefile ++++ b/raddb/certs/Makefile +@@ -92,7 +92,7 @@ server.csr server.key: server.cnf + chmod g+r server.key + + server.crt: server.csr ca.key ca.pem +- $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key $(PASSWORD_CA) -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf ++ @[ -f server.crt ] || $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key $(PASSWORD_CA) -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf + + server.p12: server.crt + $(OPENSSL) pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER) +@@ -117,7 +117,7 @@ client.csr client.key: client.cnf + chmod g+r client.key + + client.crt: client.csr ca.pem ca.key +- $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf ++ @[ -f client.crt ] || $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf + + client.p12: client.crt + $(OPENSSL) pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) +-- +2.26.2 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.20.bb b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.20.bb index 005ca47da..d2046d72e 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.20.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.20.bb @@ -27,6 +27,7 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.0.x;lfs=0 file://freeradius-fix-error-for-expansion-of-macro.patch \ file://0001-rlm_mschap-Use-includedir-instead-of-hardcoding-usr-.patch \ file://0001-rlm_python3-add-PY_INC_DIR-in-search-dir.patch \ + file://0001-raddb-certs-Makefile-fix-the-existed-certificate-err.patch \ file://radiusd.service \ file://radiusd-volatiles.conf \ " diff --git a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.22.14.bb b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.22.14.bb index 5eb2aefa7..4e4217c1f 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.22.14.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.22.14.bb @@ -11,7 +11,7 @@ DEPENDS = " \ intltool-native \ libxslt-native \ libnl \ - libgudev \ + udev \ util-linux \ libndp \ libnewt \ @@ -85,6 +85,7 @@ PACKAGECONFIG[qt4-x11-free] = "--enable-qt,--disable-qt,qt4-x11-free" PACKAGECONFIG[cloud-setup] = "--with-nm-cloud-setup=yes,--with-nm-cloud-setup=no" PACKAGES =+ " \ + ${PN}-nmcli ${PN}-nmcli-doc \ ${PN}-nmtui ${PN}-nmtui-doc \ ${PN}-adsl ${PN}-cloud-setup \ " @@ -134,6 +135,14 @@ FILES_${PN}-dev += " \ ${libdir}/NetworkManager/${PV}/*.la \ " +FILES_${PN}-nmcli = " \ + ${bindir}/nmcli \ +" + +FILES_${PN}-nmcli-doc = " \ + ${mandir}/man1/nmcli* \ +" + FILES_${PN}-nmtui = " \ ${bindir}/nmtui \ ${bindir}/nmtui-edit \ diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch new file mode 100644 index 000000000..2dbabdaa4 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch @@ -0,0 +1,96 @@ +From 9aba5ac17bb822f91f6b214f5b82dd1eb8c47616 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 22 Jul 2020 22:42:09 -0700 +Subject: [PATCH] nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h + +glibc 2.32 will define these varibles [1] which results in conflicts +with these static function names, therefore prefix these function names +with samba_ to avoid it + +[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=499a92df8b9fc64a054cf3b7f728f8967fc1da7d + +Upstream-Status: Submitted [https://gitlab.com/samba-team/samba/-/merge_requests/1477] + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + nsswitch/nsstest.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/nsswitch/nsstest.c b/nsswitch/nsstest.c +index 6d92806..46f9679 100644 +--- a/nsswitch/nsstest.c ++++ b/nsswitch/nsstest.c +@@ -137,7 +137,7 @@ static struct passwd *nss_getpwuid(uid_t uid) + return &pwd; + } + +-static void nss_setpwent(void) ++static void samba_nss_setpwent(void) + { + NSS_STATUS (*_nss_setpwent)(void) = + (NSS_STATUS(*)(void))find_fn("setpwent"); +@@ -152,7 +152,7 @@ static void nss_setpwent(void) + } + } + +-static void nss_endpwent(void) ++static void samba_nss_endpwent(void) + { + NSS_STATUS (*_nss_endpwent)(void) = + (NSS_STATUS (*)(void))find_fn("endpwent"); +@@ -284,7 +284,7 @@ again: + return &grp; + } + +-static void nss_setgrent(void) ++static void samba_nss_setgrent(void) + { + NSS_STATUS (*_nss_setgrent)(void) = + (NSS_STATUS (*)(void))find_fn("setgrent"); +@@ -299,7 +299,7 @@ static void nss_setgrent(void) + } + } + +-static void nss_endgrent(void) ++static void samba_nss_endgrent(void) + { + NSS_STATUS (*_nss_endgrent)(void) = + (NSS_STATUS (*)(void))find_fn("endgrent"); +@@ -396,7 +396,7 @@ static void nss_test_users(void) + { + struct passwd *pwd; + +- nss_setpwent(); ++ samba_nss_setpwent(); + /* loop over all users */ + while ((pwd = nss_getpwent())) { + printf("Testing user %s\n", pwd->pw_name); +@@ -418,14 +418,14 @@ static void nss_test_users(void) + printf("initgroups: "); nss_test_initgroups(pwd->pw_name, pwd->pw_gid); + printf("\n"); + } +- nss_endpwent(); ++ samba_nss_endpwent(); + } + + static void nss_test_groups(void) + { + struct group *grp; + +- nss_setgrent(); ++ samba_nss_setgrent(); + /* loop over all groups */ + while ((grp = nss_getgrent())) { + printf("Testing group %s\n", grp->gr_name); +@@ -446,7 +446,7 @@ static void nss_test_groups(void) + printf("getgrgid: "); print_group(grp); + printf("\n"); + } +- nss_endgrent(); ++ samba_nss_endgrent(); + } + + static void nss_test_errors(void) +-- +2.27.0 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.15.bb b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.15.bb index 2c74c27fb..01250cb43 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.15.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.15.bb @@ -27,6 +27,7 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \ file://0001-lib-replace-wscript-Avoid-generating-nested-main-fun.patch \ file://0002-util_sec.c-Move-__thread-variable-to-global-scope.patch \ file://0001-Add-options-to-configure-the-use-of-libbsd.patch \ + file://0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch \ " SRC_URI_append_libc-musl = " \ file://samba-pam.patch \ diff --git a/meta-openembedded/meta-networking/recipes-daemons/radvd/files/radvd.conf b/meta-openembedded/meta-networking/recipes-daemons/radvd/files/radvd.conf new file mode 100644 index 000000000..c006f8631 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-daemons/radvd/files/radvd.conf @@ -0,0 +1,18 @@ +# NOTE: there is no such thing as a working "by-default" configuration file. +# At least the prefix needs to be specified. Please consult the radvd.conf(5) +# man page and/or /usr/share/doc/radvd-*/radvd.conf.example for help. +# +# +#interface eth0 +#{ +# AdvSendAdvert on; +# MinRtrAdvInterval 30; +# MaxRtrAdvInterval 100; +# prefix 2001:db8:1:0::/64 +# { +# AdvOnLink on; +# AdvAutonomous on; +# AdvRouterAddr off; +# }; +# +#}; diff --git a/meta-openembedded/meta-networking/recipes-daemons/radvd/radvd.inc b/meta-openembedded/meta-networking/recipes-daemons/radvd/radvd.inc index 59a07d78d..802dbe34e 100644 --- a/meta-openembedded/meta-networking/recipes-daemons/radvd/radvd.inc +++ b/meta-openembedded/meta-networking/recipes-daemons/radvd/radvd.inc @@ -18,7 +18,8 @@ SRC_URI = "http://v6web.litech.org/radvd/dist/radvd-${PV}.tar.gz \ file://radvd.init \ file://radvd.service \ file://volatiles.03_radvd \ - file://radvd.default" + file://radvd.default \ + file://radvd.conf" inherit autotools useradd pkgconfig systemd @@ -52,6 +53,8 @@ do_install_append () { for i in radvd.conf.example README; do \ install -m 0644 ${S}/$i ${D}${docdir}/radvd; \ done + + install -m 0644 ${WORKDIR}/radvd.conf ${D}${sysconfdir}/radvd.conf } USERADD_PACKAGES = "${PN}" diff --git a/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20200401.bb b/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20200712.bb index 73199592c..bc94e29ea 100644 --- a/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20200401.bb +++ b/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20200712.bb @@ -1,6 +1,6 @@ require wireguard.inc -SRCREV = "43f57dac7b8305024f83addc533c9eede6509129" +SRCREV = "d553aa7c52ac78c1963886afb74ba861b0b7b0fc" SRC_URI = "git://git.zx2c4.com/wireguard-linux-compat" diff --git a/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-tools_1.0.20200319.bb b/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-tools_1.0.20200513.bb index f698b9a9a..c24e3438c 100644 --- a/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-tools_1.0.20200319.bb +++ b/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-tools_1.0.20200513.bb @@ -1,6 +1,6 @@ require wireguard.inc -SRCREV = "a8063adc8ae9b4fc9848500e93f94bee8ad2e585" +SRCREV = "c45d422a93d57f6fdec429640ff7f96b396beed4" SRC_URI = "git://git.zx2c4.com/wireguard-tools" inherit bash-completion systemd pkgconfig diff --git a/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch new file mode 100644 index 000000000..8f983e40a --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch @@ -0,0 +1,56 @@ +From 9c81c8e5bc7782e8ae12c078615abc3c896059f2 Mon Sep 17 00:00:00 2001 +From: Julius Hemanth Pitti <jpitti@cisco.com> +Date: Tue, 14 Jul 2020 22:34:19 -0700 +Subject: [PATCH] telnetd/utility.c: Fix buffer overflow in netoprintf + +As per man page of vsnprintf, when formated +string size is greater than "size"(2nd argument), +then vsnprintf returns size of formated string, +not "size"(2nd argument). + +netoprintf() was not handling a case where +return value of vsnprintf is greater than +"size"(2nd argument), results in buffer overflow +while adjusting "nfrontp" pointer to point +beyond "netobuf" buffer. + +Here is one such case where "nfrontp" +crossed boundaries of "netobuf", and +pointing to another global variable. + +(gdb) p &netobuf[8255] +$5 = 0x55c93afe8b1f <netobuf+8255> "" +(gdb) p nfrontp +$6 = 0x55c93afe8c20 <terminaltype> "\377" +(gdb) p &terminaltype +$7 = (char **) 0x55c93afe8c20 <terminaltype> +(gdb) + +This resulted in crash of telnetd service +with segmentation fault. + +Though this is DoS security bug, I couldn't +find any CVE ID for this. + +Upstream-Status: Pending + +Signed-off-by: Julius Hemanth Pitti <jpitti@cisco.com> +--- + telnetd/utility.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/telnetd/utility.c b/telnetd/utility.c +index b9a46a6..4811f14 100644 +--- a/telnetd/utility.c ++++ b/telnetd/utility.c +@@ -66,7 +66,7 @@ netoprintf(const char *fmt, ...) + len = vsnprintf(nfrontp, maxsize, fmt, ap); + va_end(ap); + +- if (len<0 || len==maxsize) { ++ if (len<0 || len>=maxsize) { + /* didn't fit */ + netflush(); + } +-- +2.19.1 diff --git a/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb index 0e92add63..08dd532b6 100644 --- a/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb +++ b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb @@ -13,6 +13,7 @@ SRC_URI = "http://ftp.linux.org.uk/pub/linux/Networking/netkit/${BP}.tar.gz \ file://0001-telnet-telnetd-Fix-print-format-strings.patch \ file://0001-telnet-telnetd-Fix-deadlock-on-cleanup.patch \ file://CVE-2020-10188.patch \ + file://0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch \ " UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/n/netkit-telnet/" diff --git a/meta-openembedded/meta-networking/recipes-protocols/babeld/babeld_1.9.1.bb b/meta-openembedded/meta-networking/recipes-protocols/babeld/babeld_1.9.2.bb index 6dd15ad9f..a7d7fc81f 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/babeld/babeld_1.9.1.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/babeld/babeld_1.9.2.bb @@ -13,7 +13,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENCE;md5=411a48ac3c2e9e0911b8dd9aed26f754" SRC_URI = "git://github.com/jech/babeld.git;protocol=git" -SRCREV = "0835d5d894ea016ab7b81562466cade2c51a12d4" +SRCREV = "a1043879225ac205614259b480d7f577025d8bb0" UPSTREAM_CHECK_GITTAGREGEX = "babeld-(?P<pver>\d+(\.\d+)+)" diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2019-20892.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2019-20892.patch index 3e2637eaa..ec1b6de8f 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2019-20892.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2019-20892.patch @@ -8,9 +8,11 @@ This patch fixes https://sourceforge.net/p/net-snmp/bugs/2956/. Upstream-Status: Backport [ak: fixup for 5.8 context, changes to library/snmpusm.h] -CVE:CVE-2019-20892 + +CVE: CVE-2019-20892 Signed-off-by: Armin Kuster <akuster@mvista.com> +Signed-off-by: Mingde (Matthew) Zeng <matthew.zeng@windriver.com> --- snmplib/snmp_client.c | 22 +++---------- diff --git a/meta-openembedded/meta-networking/recipes-support/memcached/memcached/0001-Replace-sigignore-with-signal-API.patch b/meta-openembedded/meta-networking/recipes-support/memcached/memcached/0001-Replace-sigignore-with-signal-API.patch new file mode 100644 index 000000000..e4aa8fda3 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/memcached/memcached/0001-Replace-sigignore-with-signal-API.patch @@ -0,0 +1,74 @@ +From b9040acdba1245f8cdf5e94384830e3d04fde98a Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 22 Jul 2020 21:32:14 -0700 +Subject: [PATCH] Replace sigignore with signal API + +sigignore has been deprecated in glibc 2.32+ [1] and eventually it will be +removed, therefore substitute it + +[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=02802fafcf6e11ea3f998f685035ffe568dfddeb + +Upstream-Status: Submitted [https://github.com/memcached/memcached/pull/702] + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + configure.ac | 1 - + memcached.c | 16 ++-------------- + 2 files changed, 2 insertions(+), 15 deletions(-) + +diff --git a/configure.ac b/configure.ac +index ffc98b2..4567b30 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -630,7 +630,6 @@ AC_CHECK_FUNCS(mlockall) + AC_CHECK_FUNCS(getpagesizes) + AC_CHECK_FUNCS(sysconf) + AC_CHECK_FUNCS(memcntl) +-AC_CHECK_FUNCS(sigignore) + AC_CHECK_FUNCS(clock_gettime) + AC_CHECK_FUNCS(preadv) + AC_CHECK_FUNCS(pread) +diff --git a/memcached.c b/memcached.c +index 9cb778d..91ced9e 100644 +--- a/memcached.c ++++ b/memcached.c +@@ -8292,18 +8292,6 @@ static void sig_usrhandler(const int sig) { + stop_main_loop = GRACE_STOP; + } + +-#ifndef HAVE_SIGIGNORE +-static int sigignore(int sig) { +- struct sigaction sa = { .sa_handler = SIG_IGN, .sa_flags = 0 }; +- +- if (sigemptyset(&sa.sa_mask) == -1 || sigaction(sig, &sa, 0) == -1) { +- return -1; +- } +- return 0; +-} +-#endif +- +- + /* + * On systems that supports multiple page sizes we may reduce the + * number of TLB-misses by using the biggest available page size +@@ -9996,7 +9984,7 @@ int main (int argc, char **argv) { + /* daemonize if requested */ + /* if we want to ensure our ability to dump core, don't chdir to / */ + if (do_daemonize) { +- if (sigignore(SIGHUP) == -1) { ++ if (signal(SIGHUP, SIG_IGN) == SIG_ERR) { + perror("Failed to ignore SIGHUP"); + } + if (daemonize(maxcore, settings.verbose) == -1) { +@@ -10146,7 +10134,7 @@ int main (int argc, char **argv) { + * ignore SIGPIPE signals; we can use errno == EPIPE if we + * need that information + */ +- if (sigignore(SIGPIPE) == -1) { ++ if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) { + perror("failed to ignore SIGPIPE; sigaction"); + exit(EX_OSERR); + } +-- +2.27.0 + diff --git a/meta-openembedded/meta-networking/recipes-support/memcached/memcached/memcached-add-hugetlbfs-check.patch b/meta-openembedded/meta-networking/recipes-support/memcached/memcached/memcached-add-hugetlbfs-check.patch index 544b840fe..45428ed23 100644 --- a/meta-openembedded/meta-networking/recipes-support/memcached/memcached/memcached-add-hugetlbfs-check.patch +++ b/meta-openembedded/meta-networking/recipes-support/memcached/memcached/memcached-add-hugetlbfs-check.patch @@ -9,24 +9,19 @@ Signed-off-by: Chong Lu <Chong.Lu@windriver.com> configure.ac | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) -diff --git a/configure.ac b/configure.ac -index 7f22f21..21691b9 100644 --- a/configure.ac +++ b/configure.ac -@@ -314,7 +314,12 @@ fi - dnl ---------------------------------------------------------------------------- +@@ -488,8 +488,12 @@ if test "x$enable_static" = "xyes"; then + fi - AC_SEARCH_LIBS(umem_cache_create, umem) --AC_SEARCH_LIBS(gethugepagesizes, hugetlbfs) + dnl ---------------------------------------------------------------------------- +AC_ARG_ENABLE(hugetlbfs, + [AS_HELP_STRING([--enable-hugetlbfs],[Enable hugetlbfs])]) -+ + +-AC_SEARCH_LIBS(gethugepagesizes, hugetlbfs) +if test "x$enable_hugetlbfs" = "xyes"; then + AC_SEARCH_LIBS(gethugepagesizes, hugetlbfs) +fi AC_HEADER_STDBOOL AH_BOTTOM([#if HAVE_STDBOOL_H --- -1.8.3.4 - diff --git a/meta-openembedded/meta-networking/recipes-support/memcached/memcached_1.5.20.bb b/meta-openembedded/meta-networking/recipes-support/memcached/memcached_1.6.6.bb index feb4f3f14..2eb24db9a 100644 --- a/meta-openembedded/meta-networking/recipes-support/memcached/memcached_1.5.20.bb +++ b/meta-openembedded/meta-networking/recipes-support/memcached/memcached_1.6.6.bb @@ -21,9 +21,9 @@ RDEPENDS_${PN} += "perl perl-module-posix perl-module-autoloader \ SRC_URI = "http://www.memcached.org/files/${BP}.tar.gz \ file://memcached-add-hugetlbfs-check.patch \ + file://0001-Replace-sigignore-with-signal-API.patch \ " -SRC_URI[md5sum] = "4b64296ea0eeccdee9168c035e0488ab" -SRC_URI[sha256sum] = "cfd7b023a9cefe7ae8a67184f51d841dbbf97994ed0e8a55e31ee092320ea1e4" +SRC_URI[sha256sum] = "908f0eecfa559129c9e44edc46f02e73afe8faca355b4efc5c86d902fc3e32f7" # set the same COMPATIBLE_HOST as libhugetlbfs COMPATIBLE_HOST = "(i.86|x86_64|powerpc|powerpc64|aarch64|arm).*-linux*" |