summaryrefslogtreecommitdiff
path: root/meta-openembedded/meta-oe/recipes-connectivity
diff options
context:
space:
mode:
authorWilliam A. Kennington III <wak@google.com>2021-09-16 02:19:36 +0300
committerAndrew Geissler <geissonator@yahoo.com>2021-09-19 20:39:58 +0300
commit49e9566eb60669f7b1535f0653aa52a1c9ea8af0 (patch)
treed9b5df56dd979a0d096c11d8b14711c9a7aefe57 /meta-openembedded/meta-oe/recipes-connectivity
parent7f8954e7a7576c28a6773be2f0e306551c0aa754 (diff)
downloadopenbmc-49e9566eb60669f7b1535f0653aa52a1c9ea8af0.tar.xz
meta-openembedded: subtree update:9fdc7960ba..e4a3c66505
Alexander Kanavin (4): msgpack-c: update 3.2.1 -> 4.0.0, add msgpack-cpp can-utils: rrecommend iproute2 to make it possible to configure can interfaces fmt: update 7.1.3 -> 8.0.1 spdlog: update 1.8.2 -> 1.9.2 Changqing Li (3): ndpi: upgrade 3.4 -> 4.0 ntopng: upgrade 4.2 -> 5.0 postgresql: upgrade 13.3 -> 13.4 Jan-Simon Moeller (1): Remove patch that produces a segfault in the ptest of lua Joe Slater (1): redis: advance to version 6.2.5 Khem Raj (10): gjs: Remove valgrind dependency on rv32/rv64 toybox-inittab: Use 0BSD for LIC_FILES_CHKSUM python3-kivy: Remove hardcoded include paths python3-kivy: Check for x11 and opengl before enabling the recipe packagegroup-meta-python: Add python3-kivy packagegroup-meta-python: Add python3-portalocker gst-shark: Define SRCREV_FORMAT android-tools: Define SRCREV_FORMAT packagegroup-meta-oe: Add pahole pahole: Add missing rdep for python Kristian Klausen (1): cryptsetup: Add runtime dependency on lvm2-udevrules for udev Martin Jansa (1): python3-regex: upgrade to 2021.8.28 Matteo Croce (2): recipes-devtools: add pahole libbpf: bump to 0.5.0 Mingli Yu (1): polkit: add the CVE tag Patrick Williams (2): gjs: fix typo in RDEPENDS variable name ndisc6: fix typo in DESCRIPTION variable name Peter Morrow (1): libbpf: remove kernel configuration dependency Samuel Dolt (4): python3-alembic: add native and nativesdk to BBCLASSEXTEND python3-editor: add native and nativesdk to BBCLASSEXTEND python3-sqlalchemy: add native and nativesdk to BBCLASSEXTEND python3-portalocker: add recipe Trevor Gamblin (2): python3-pytest-subtests: add recipe python3-pillow: upgrade 8.3.1 -> 8.3.2 Wang Mingyu (3): python3-cryptography-vectors: upgrade 3.4.7 -> 3.4.8 python3-google-api-python-client: upgrade 2.18.0 -> 2.19.1 dnf-plugin-tui: upgrade 1.2 -> 1.3 William A. Kennington III (1): ndisc6: Upgrade 1.0.4 -> 1.0.5 William Huang (1): recipes-devtools: python: add support for Kivy Yi Zhao (4): krb5: fix CVE-2021-36222 krb5: fix CVE-2021-37750 net-snmp: drop unused patch net-snmp: make sure snmpd always exit after displaying usage wangmy (10): cjson: upgrade 1.7.14 -> 1.7.15 libwebsockets: upgrade 4.2.1 -> 4.2.2 monit: upgrade 5.28.1 -> 5.29.0 nlohmann-json: upgrade 3.9.1 -> 3.10.2 cppzmq: upgrade 4.7.1 -> 4.8.0 dfu-util: upgrade 0.10 -> 0.11 libqmi: upgrade 1.30.0 -> 1.30.2 lockfile-progs: upgrade 0.1.18 -> 0.1.19 poppler-data: upgrade 0.4.10 -> 0.4.11 dnsmasq: upgrade 2.85 -> 2.86 zangrc (11): python3-ipython: upgrade 7.26.0 -> 7.27.0 python3-kiwisolver: upgrade 1.3.1 -> 1.3.2 python3-ruamel-yaml: upgrade 0.17.13 -> 0.17.16 python3-traitlets: upgrade 5.0.5 -> 5.1.0 gsl: upgrade 2.6 -> 2.7 crash: upgrade 7.2.9 -> 7.3.0 dash: upgrade 0.5.11.3 -> 0.5.11.5 python3-bitarray: upgrade 2.3.2 -> 2.3.3 python3-lrparsing: upgrade 1.0.16 -> 1.0.17 python3-transitions: upgrade 0.8.8 -> 0.8.9 libxmlb: upgrade 0.3.1 -> 0.3.2 zhengruoqin (15): wireshark: upgrade 3.4.7 -> 3.4.8 uhubctl: upgrade 2.3.0 -> 2.4.0 unclutter-xfixes: upgrade 1.5 -> 1.6 avro-c: upgrade 1.9.2 -> 1.10.2 ctags: upgrade 5.9.20210815 -> 5.9.20210905 xf86-video-nouveau: upgrade 1.0.16 -> 1.0.17 fuse3: upgrade 3.10.4 -> 3.10.5 mosquitto: upgrade 2.0.11 -> 2.0.12 poppler: upgrade 21.08.0 -> 21.09.0 libbytesize: upgrade 2.4 -> 2.6 libeigen: upgrade 3.3.9 -> 3.4.0 libjcat: upgrade 0.1.7 -> 0.1.8 unbound: upgrade 1.12.0 -> 1.13.2 xterm: upgrade 367 -> 368 zchunk: upgrade 1.1.9 -> 1.1.16 Change-Id: I5a866e7773b8c906bc2bd8a4ddf99f006534bf53 Signed-off-by: William A. Kennington III <wak@google.com>
Diffstat (limited to 'meta-openembedded/meta-oe/recipes-connectivity')
-rw-r--r--meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/CVE-2021-36222.patch121
-rw-r--r--meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/CVE-2021-37750.patch53
-rw-r--r--meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb2
-rw-r--r--meta-openembedded/meta-oe/recipes-connectivity/libqmi/libqmi_1.30.2.bb (renamed from meta-openembedded/meta-oe/recipes-connectivity/libqmi/libqmi_1.30.0.bb)2
-rw-r--r--meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.2.bb (renamed from meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.1.bb)2
-rw-r--r--meta-openembedded/meta-oe/recipes-connectivity/zeromq/cppzmq_git.bb6
6 files changed, 181 insertions, 5 deletions
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/CVE-2021-36222.patch b/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/CVE-2021-36222.patch
new file mode 100644
index 000000000..fee6e64c1
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/CVE-2021-36222.patch
@@ -0,0 +1,121 @@
+From fc98f520caefff2e5ee9a0026fdf5109944b3562 Mon Sep 17 00:00:00 2001
+From: Joseph Sutton <josephsutton@catalyst.net.nz>
+Date: Wed, 7 Jul 2021 11:47:44 +1200
+Subject: [PATCH] Fix KDC null deref on bad encrypted challenge
+
+The function ec_verify() in src/kdc/kdc_preauth_ec.c contains a check
+to avoid further processing if the armor key is NULL. However, this
+check is bypassed by a call to k5memdup0() which overwrites retval
+with 0 if the allocation succeeds. If the armor key is NULL, a call
+to krb5_c_fx_cf2_simple() will then dereference it, resulting in a
+crash. Add a check before the k5memdup0() call to avoid overwriting
+retval.
+
+CVE-2021-36222:
+
+In MIT krb5 releases 1.16 and later, an unauthenticated attacker can
+cause a null dereference in the KDC by sending a request containing a
+PA-ENCRYPTED-CHALLENGE padata element without using FAST.
+
+[ghudson@mit.edu: trimmed patch; added test case; edited commit
+message]
+
+ticket: 9007 (new)
+tags: pullup
+target_version: 1.19-next
+target_version: 1.18-next
+
+CVE: CVE-2021-36222
+
+Upstream-Status: Backport
+[https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ src/kdc/kdc_preauth_ec.c | 3 ++-
+ src/tests/Makefile.in | 1 +
+ src/tests/t_cve-2021-36222.py | 46 +++++++++++++++++++++++++++++++++++
+ 3 files changed, 49 insertions(+), 1 deletion(-)
+ create mode 100644 src/tests/t_cve-2021-36222.py
+
+diff --git a/src/kdc/kdc_preauth_ec.c b/src/kdc/kdc_preauth_ec.c
+index 7e636b3f9..43a9902cc 100644
+--- a/src/kdc/kdc_preauth_ec.c
++++ b/src/kdc/kdc_preauth_ec.c
+@@ -87,7 +87,8 @@ ec_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request,
+ }
+
+ /* Check for a configured FAST ec auth indicator. */
+- realmstr = k5memdup0(realm.data, realm.length, &retval);
++ if (retval == 0)
++ realmstr = k5memdup0(realm.data, realm.length, &retval);
+ if (realmstr != NULL)
+ retval = profile_get_string(context->profile, KRB5_CONF_REALMS,
+ realmstr,
+diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in
+index fc6fcc0c3..1a1938306 100644
+--- a/src/tests/Makefile.in
++++ b/src/tests/Makefile.in
+@@ -166,6 +166,7 @@ check-pytests: unlockiter s4u2self
+ $(RUNPYTEST) $(srcdir)/t_cve-2012-1015.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_cve-2013-1416.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_cve-2013-1417.py $(PYTESTFLAGS)
++ $(RUNPYTEST) $(srcdir)/t_cve-2021-36222.py $(PYTESTFLAGS)
+ $(RM) au.log
+ $(RUNPYTEST) $(srcdir)/t_audit.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/jsonwalker.py -d $(srcdir)/au_dict.json \
+diff --git a/src/tests/t_cve-2021-36222.py b/src/tests/t_cve-2021-36222.py
+new file mode 100644
+index 000000000..57e04993b
+--- /dev/null
++++ b/src/tests/t_cve-2021-36222.py
+@@ -0,0 +1,46 @@
++import socket
++from k5test import *
++
++realm = K5Realm()
++
++# CVE-2021-36222 KDC null dereference on encrypted challenge preauth
++# without FAST
++
++s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
++a = (hostname, realm.portbase)
++
++m = ('6A81A0' '30819D' # [APPLICATION 10] SEQUENCE
++ 'A103' '0201' '05' # [1] pvno = 5
++ 'A203' '0201' '0A' # [2] msg-type = 10
++ 'A30E' '300C' # [3] padata = SEQUENCE OF
++ '300A' # SEQUENCE
++ 'A104' '0202' '008A' # [1] padata-type = PA-ENCRYPTED-CHALLENGE
++ 'A202' '0400' # [2] padata-value = ""
++ 'A48180' '307E' # [4] req-body = SEQUENCE
++ 'A007' '0305' '0000000000' # [0] kdc-options = 0
++ 'A120' '301E' # [1] cname = SEQUENCE
++ 'A003' '0201' '01' # [0] name-type = NT-PRINCIPAL
++ 'A117' '3015' # [1] name-string = SEQUENCE-OF
++ '1B06' '6B7262746774' # krbtgt
++ '1B0B' '4B5242544553542E434F4D'
++ # KRBTEST.COM
++ 'A20D' '1B0B' '4B5242544553542E434F4D'
++ # [2] realm = KRBTEST.COM
++ 'A320' '301E' # [3] sname = SEQUENCE
++ 'A003' '0201' '01' # [0] name-type = NT-PRINCIPAL
++ 'A117' '3015' # [1] name-string = SEQUENCE-OF
++ '1B06' '6B7262746774' # krbtgt
++ '1B0B' '4B5242544553542E434F4D'
++ # KRBTEST.COM
++ 'A511' '180F' '31393934303631303036303331375A'
++ # [5] till = 19940610060317Z
++ 'A703' '0201' '00' # [7] nonce = 0
++ 'A808' '3006' # [8] etype = SEQUENCE OF
++ '020112' '020111') # aes256-cts aes128-cts
++
++s.sendto(bytes.fromhex(m), a)
++
++# Make sure kinit still works.
++realm.kinit(realm.user_princ, password('user'))
++
++success('CVE-2021-36222 regression test')
+--
+2.25.1
+
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/CVE-2021-37750.patch b/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/CVE-2021-37750.patch
new file mode 100644
index 000000000..c67bca32e
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5/CVE-2021-37750.patch
@@ -0,0 +1,53 @@
+From b3999be7ab59a5af4b2f1042ce0d6b03ecb17d4e Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Tue, 3 Aug 2021 01:15:27 -0400
+Subject: [PATCH] Fix KDC null deref on TGS inner body null server
+
+After the KDC decodes a FAST inner body, it does not check for a null
+server. Prior to commit 39548a5b17bbda9eeb63625a201cfd19b9de1c5b this
+would typically result in an error from krb5_unparse_name(), but with
+the addition of get_local_tgt() it results in a null dereference. Add
+a null check.
+
+Reported by Joseph Sutton of Catalyst.
+
+CVE-2021-37750:
+
+In MIT krb5 releases 1.14 and later, an authenticated attacker can
+cause a null dereference in the KDC by sending a FAST TGS request with
+no server field.
+
+ticket: 9008 (new)
+tags: pullup
+target_version: 1.19-next
+target_version: 1.18-next
+
+CVE: CVE-2021-37750
+
+Upstream-Status: Backport
+[https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ src/kdc/do_tgs_req.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
+index 587342a..622b48f 100644
+--- a/src/kdc/do_tgs_req.c
++++ b/src/kdc/do_tgs_req.c
+@@ -201,6 +201,11 @@ process_tgs_req(krb5_kdc_req *request, krb5_data *pkt,
+ status = "FIND_FAST";
+ goto cleanup;
+ }
++ if (sprinc == NULL) {
++ status = "NULL_SERVER";
++ errcode = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
++ goto cleanup;
++ }
+
+ errcode = get_local_tgt(kdc_context, &sprinc->realm, header_server,
+ &local_tgt, &local_tgt_storage);
+--
+2.17.1
+
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb b/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb
index 6c4b4575e..6e0b2fdac 100644
--- a/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb
+++ b/meta-openembedded/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb
@@ -30,6 +30,8 @@ SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}.tar.gz \
file://etc/default/krb5-admin-server \
file://krb5-kdc.service \
file://krb5-admin-server.service \
+ file://CVE-2021-36222.patch;striplevel=2 \
+ file://CVE-2021-37750.patch;striplevel=2 \
"
SRC_URI[md5sum] = "aa4337fffa3b61f22dbd0167f708818f"
SRC_URI[sha256sum] = "1a4bba94df92f6d39a197a10687653e8bfbc9a2076e129f6eb92766974f86134"
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/libqmi/libqmi_1.30.0.bb b/meta-openembedded/meta-oe/recipes-connectivity/libqmi/libqmi_1.30.2.bb
index 61fe0eef8..c337abde3 100644
--- a/meta-openembedded/meta-oe/recipes-connectivity/libqmi/libqmi_1.30.0.bb
+++ b/meta-openembedded/meta-oe/recipes-connectivity/libqmi/libqmi_1.30.2.bb
@@ -14,7 +14,7 @@ inherit autotools pkgconfig bash-completion gobject-introspection
SRC_URI = "http://www.freedesktop.org/software/${BPN}/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "c039cdb5d3522b45a50d2287ab6311cdc9f99d46a719a1ea4beb7591787b8a1b"
+SRC_URI[sha256sum] = "be01ece0ea2c2194cbea5744bf5aaf06c04ba5fb7ec7887a13116c76d114fedd"
PACKAGECONFIG ??= "udev mbim"
PACKAGECONFIG[udev] = ",--without-udev,libgudev"
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.1.bb b/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.2.bb
index 8601a2c04..a5fcb8d72 100644
--- a/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.1.bb
+++ b/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.2.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=c8bea43a2eb5d713c338819a0be07797"
DEPENDS = "zlib"
S = "${WORKDIR}/git"
-SRCREV = "8a580b59b23d204ca72028370e97a8f6aa0c9202"
+SRCREV = "8d605f0649ed1ab6d27a443c7688598ea21fdb75"
SRC_URI = "git://github.com/warmcat/libwebsockets.git;protocol=https;branch=v4.2-stable"
UPSTREAM_CHECK_URI = "https://github.com/warmcat/${BPN}/releases"
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/zeromq/cppzmq_git.bb b/meta-openembedded/meta-oe/recipes-connectivity/zeromq/cppzmq_git.bb
index 61ea68a60..270df6f0e 100644
--- a/meta-openembedded/meta-oe/recipes-connectivity/zeromq/cppzmq_git.bb
+++ b/meta-openembedded/meta-oe/recipes-connectivity/zeromq/cppzmq_git.bb
@@ -4,10 +4,10 @@ LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=db174eaf7b55a34a7c89551197f66e94"
DEPENDS = "zeromq"
-SRCREV = "76bf169fd67b8e99c1b0e6490029d9cd5ef97666"
-PV = "4.7.1"
+SRCREV = "267d300d1c99381a0fbc7e060ae2899e51f5e425"
+PV = "4.8.0"
-SRC_URI = "git://github.com/zeromq/cppzmq.git;branch=bugfix-4-7-1"
+SRC_URI = "git://github.com/zeromq/cppzmq.git;branch=master"
S = "${WORKDIR}/git"
generated by cgit v1.2.3 (git 2.39.0) at 2024-09-30 01:38:44 +0300