diff options
| author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-09-16 14:44:26 +0300 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-09-16 14:44:31 +0300 |
| commit | 7e36d53b0e80af58191fd2680577e6d766af55c7 (patch) | |
| tree | 44d45604599adc5b9d025802e6a3b527a34f9325 /meta-openembedded/meta-networking | |
| parent | 7ec1d679d1961f22e47bcec8d7e79101edd6a131 (diff) | |
| download | openbmc-7e36d53b0e80af58191fd2680577e6d766af55c7.tar.xz | |
meta-openembedded: subtree update:a2928764c2..19528ba2a6
Adrian Bunk (1):
libqmi: Replace clang patch with configure option
Bartosz Golaszewski (3):
yad: new package
zenity: new package
unclutter-xfixes: new package
Khem Raj (2):
mycroft: Remove alsa-oss from rdeps
bigbuckbunny: Use faster download mirrors
Oleksandr Kravchuk (21):
capnproto: update to 0.7.0
ddrescue: update to 1.24
fmt: update to 6.0.0
jsonrpc: update to 1.2.0
libburn: update to 1.5.0
libdvdread: update to 6.0.1
libev: update to 4.27
libmodplug: update to 0.8.9.0
libnice: update to 0.1.16
libopus: update to 1.3.1
libsass: update to 3.6.1
libuv: update to 1.32.0
libsocketcan: update to 0.0.11
tree: update to 1.8.0
xclock: update to 1.0.9
xcursorgen: update to 1.0.7
xfontsel: update to 1.0.6
xmag: update to 1.0.6
xmessage: update to 1.0.5
xorg-sgml-doctools: update to 1.11
evtest: update to 1.34
Peiran Hong (1):
tcpdump: Fix CVE-2017-16808
Change-Id: I4f2f575382cd34404d10470ece0aae7620487902
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'meta-openembedded/meta-networking')
2 files changed, 62 insertions, 0 deletions
diff --git a/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump/0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump/0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch new file mode 100644 index 000000000..919f2b009 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump/0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch @@ -0,0 +1,61 @@ +From c45443a0d3e16b92622bea6b589e5930e8f0d815 Mon Sep 17 00:00:00 2001 +From: Peiran Hong <peiran.hong@windriver.com> +Date: Fri, 13 Sep 2019 17:02:57 -0400 +Subject: [PATCH] CVE-2017-16808/AoE: Add a missing bounds check. + +--- + netdissect.h | 12 ++++++++++++ + print-aoe.c | 1 + + 2 files changed, 13 insertions(+) + +diff --git a/netdissect.h b/netdissect.h +index 089b0406..cd05fdb9 100644 +--- a/netdissect.h ++++ b/netdissect.h +@@ -69,6 +69,11 @@ typedef struct { + typedef unsigned char nd_uint8_t; + typedef signed char nd_int8_t; + ++/* ++ * Use this for MAC addresses. ++ */ ++#define MAC_ADDR_LEN 6 /* length of MAC addresses */ ++ + /* snprintf et al */ + + #include <stdarg.h> +@@ -309,12 +314,19 @@ struct netdissect_options { + ((uintptr_t)ndo->ndo_snapend - (l) <= (uintptr_t)ndo->ndo_snapend && \ + (uintptr_t)&(var) <= (uintptr_t)ndo->ndo_snapend - (l))) + ++#define ND_TTEST_LEN(p, l) \ ++ (IS_NOT_NEGATIVE(l) && \ ++ ((uintptr_t)ndo->ndo_snapend - (l) <= (uintptr_t)ndo->ndo_snapend && \ ++ (uintptr_t)(p) <= (uintptr_t)ndo->ndo_snapend - (l))) ++ + /* True if "var" was captured */ + #define ND_TTEST(var) ND_TTEST2(var, sizeof(var)) + + /* Bail if "l" bytes of "var" were not captured */ + #define ND_TCHECK2(var, l) if (!ND_TTEST2(var, l)) goto trunc + ++#define ND_TCHECK_LEN(p, l) if (!ND_TTEST_LEN(p, l)) goto trunc ++ + /* Bail if "var" was not captured */ + #define ND_TCHECK(var) ND_TCHECK2(var, sizeof(var)) + +diff --git a/print-aoe.c b/print-aoe.c +index 97e93df2..ac097a04 100644 +--- a/print-aoe.c ++++ b/print-aoe.c +@@ -325,6 +325,7 @@ aoev1_reserve_print(netdissect_options *ndo, + goto invalid; + /* addresses */ + for (i = 0; i < nmacs; i++) { ++ ND_TCHECK_LEN(cp, MAC_ADDR_LEN); + ND_PRINT((ndo, "\n\tEthernet Address %u: %s", i, etheraddr_string(ndo, cp))); + cp += ETHER_ADDR_LEN; + } +-- +2.21.0 + diff --git a/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump_4.9.2.bb b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump_4.9.2.bb index 038c1617f..9bd861cd4 100644 --- a/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump_4.9.2.bb +++ b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump_4.9.2.bb @@ -12,6 +12,7 @@ SRC_URI = " \ file://avoid-absolute-path-when-searching-for-libdlpi.patch \ file://add-ptest.patch \ file://run-ptest \ + file://0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch \ " SRC_URI[md5sum] = "9bbc1ee33dab61302411b02dd0515576" |