[Subtree] Removing import-layers directory

As part of the move to subtrees, need to bring all the import layers
content to the top level.

Change-Id: I4a163d10898cbc6e11c27f776f60e1a470049d8f
Signed-off-by: Dave Cobbley <david.j.cobbley@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>

5 files changed, 172 insertions, 0 deletions

diff --git a/meta-security/recipes-security/libgssglue/files/libgssglue-canon-name.patch b/meta-security/recipes-security/libgssglue/files/libgssglue-canon-name.patch
new file mode 100644
index 000000000..cb7c47b3f
--- /dev/null
+++ b/meta-security/recipes-security/libgssglue/files/libgssglue-canon-name.patch
@@ -0,0 +1,60 @@
+fix the bug:
+g_canon_name.c:125:5: warning: passing argument 2 of '__gss_copy_namebuf' from incompatible pointer type [enabled by default]
+
+the 2nd argument of __gss_copy_namebuf should be address of *gss_buffer_t, \
+but a *gss_buffer_t is assigned.
+
+what __gss_copy_namebuf does is to alloc memory for a gss_buffer_desc and \
+copy from src and return its address.
+
+if following code failed, gss_release_name will free \
+union_canon_name->external_name.value if it is not NULL.
+
+OM_uint32 __gss_copy_namebuf(src, dest)
+    gss_buffer_t   src;
+    gss_buffer_t   *dest;
+
+typedef struct gss_union_name_t {
+	gss_mechanism		gss_mech;
+	gss_OID			name_type;
+	gss_buffer_desc		external_name;
+	/*
+	 * These last two fields are only filled in for mechanism
+	 * names.
+	 */
+	gss_OID			mech_type;
+	gss_name_t		mech_name;
+} gss_union_name_desc, *gss_union_name_t;
+
+typedef struct gss_buffer_desc_struct {
+      size_t length;
+      void FAR *value;
+} gss_buffer_desc, FAR *gss_buffer_t;
+
+Upstream-Status: Pending
+Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
+
+--- a/src/g_canon_name.c
++++ b/src/g_canon_name.c
+@@ -121,11 +121,17 @@ gss_canonicalize_name (OM_uint32 *minor_
+ 
+     union_canon_name->mech_name = mech_name;
+ 
+-    status = __gss_copy_namebuf(&union_input_name->external_name,
+-				&union_canon_name->external_name);
+-    if (status != GSS_S_COMPLETE)
+-	goto failure;
++    union_canon_name->external_name.value = (void*) malloc(
++                      union_input_name->external_name.length + 1);
++    if (!union_canon_name->external_name.value)
++        goto failure;
+ 
++    memcpy(union_canon_name->external_name.value, 
++           union_input_name->external_name.value, 
++           union_input_name->external_name.length);
++    union_canon_name->external_name.length = 
++                      union_input_name->external_name.length; 
++   
+     if (union_input_name->name_type != GSS_C_NO_OID) {
+ 	status = generic_gss_copy_oid(minor_status,
+ 				      union_input_name->name_type,
diff --git a/meta-security/recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch b/meta-security/recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch
new file mode 100644
index 000000000..6aa1a657a
--- /dev/null
+++ b/meta-security/recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch
@@ -0,0 +1,43 @@
+Use secure_getenv instead of getenv for setuid programs
+
+(bnc#694598 CVE-2011-2709 bnc#831805)
+
+import from:
+https://build.opensuse.org/package/view_file/openSUSE:Factory/libgssglue/secure-getenv.patch
+
+Upstream-Status: Pending
+
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+
+diff --git a/src/g_initialize.c b/src/g_initialize.c
+index 200f173..935a9fa 100644
+--- a/src/g_initialize.c
++++ b/src/g_initialize.c
+@@ -26,6 +26,7 @@
+  * This function will initialize the gssapi mechglue library
+  */
+ 
++#define _GNU_SOURCE
+ #include "mglueP.h"
+ #include <stdlib.h>
+ 
+@@ -197,8 +198,7 @@ static void solaris_initialize ()
+     void *dl;
+     gss_mechanism (*sym)(void), mech;
+ 
+-    if ((getuid() != geteuid()) ||
+-        ((filename = getenv("GSSAPI_MECH_CONF")) == NULL))
++    if ((filename = secure_getenv("GSSAPI_MECH_CONF")) == NULL)
+ 	filename = MECH_CONF;
+ 
+     if ((conffile = fopen(filename, "r")) == NULL) {
+@@ -274,8 +274,7 @@ static void linux_initialize ()
+     void *dl;
+     gss_mechanism (*sym)(void), mech;
+ 
+-    if ((getuid() != geteuid()) ||
+-        ((filename = getenv("GSSAPI_MECH_CONF")) == NULL))
++    if ((filename = secure_getenv("GSSAPI_MECH_CONF")) == NULL)
+ 	filename = MECH_CONF;
+ 
+     if ((conffile = fopen(filename, "r")) == NULL) {
diff --git a/meta-security/recipes-security/libgssglue/files/libgssglue-g-initialize.patch b/meta-security/recipes-security/libgssglue/files/libgssglue-g-initialize.patch
new file mode 100644
index 000000000..4a9ba3322
--- /dev/null
+++ b/meta-security/recipes-security/libgssglue/files/libgssglue-g-initialize.patch
@@ -0,0 +1,21 @@
+Fix the warning for getuid, geteuid
+g_initialize.c: In function 'linux_initialize':
+g_initialize.c:275:5: warning: implicit declaration of function 'getuid' [-Wimplicit-function-declaration]
+g_initialize.c:275:5: warning: implicit declaration of function 'geteuid' [-Wimplicit-function-declaration]
+
+Upstream-Status: Pending
+Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
+
+diff --git a/src/g_initialize.c b/src1/g_initialize.c
+index 82fcce1..200f173 100644
+--- a/src/g_initialize.c
++++ b/src/g_initialize.c
+@@ -29,6 +29,8 @@
+ #include "mglueP.h"
+ #include <stdlib.h>
+ 
++#include <unistd.h>   /*getuid, geteuid */
++#include <sys/types.h>
+ #include <stdio.h>
+ #include <string.h>
+ #include <ctype.h>
diff --git a/meta-security/recipes-security/libgssglue/files/libgssglue-gss-inq-cred.patch b/meta-security/recipes-security/libgssglue/files/libgssglue-gss-inq-cred.patch
new file mode 100644
index 000000000..6dce3e737
--- /dev/null
+++ b/meta-security/recipes-security/libgssglue/files/libgssglue-gss-inq-cred.patch
@@ -0,0 +1,27 @@
+1) add free if malloc failed for (*mechanisms)->elements
+2) g_inq_cred.c: In function 'gss_inquire_cred':
+g_inq_cred.c:161:8: warning: passing argument 3 of 'generic_gss_copy_oid' from incompatible pointer type [enabled by default]
+
+Upstream-Status: Pending
+Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
+
+--- a/src/g_inq_cred.c
++++ b/src/g_inq_cred.c
+@@ -152,13 +152,15 @@ gss_OID_set *		mechanisms;
+ 			     union_cred->count);
+ 	if ((*mechanisms)->elements == NULL) {
+ 	    *minor_status = ENOMEM;
++	    free(*mechanisms);
++	    *mechanisms = GSS_C_NO_OID_SET;
+ 	    return (GSS_S_FAILURE);
+ 	}
+ 
+ 	for (i=0; i < union_cred->count; i++) {
+-	    status = generic_gss_copy_oid(minor_status,
++	    status = generic_gss_add_oid_set_member(minor_status,
+ 	    				  &union_cred->mechs_array[i],
+-					  &((*mechanisms)->elements[i]));
++					  mechanisms);
+ 	    if (status != GSS_S_COMPLETE)
+ 	        break;
+ 	}
diff --git a/meta-security/recipes-security/libgssglue/files/libgssglue-mglueP.patch b/meta-security/recipes-security/libgssglue/files/libgssglue-mglueP.patch
new file mode 100644
index 000000000..6c9ebf05c
--- /dev/null
+++ b/meta-security/recipes-security/libgssglue/files/libgssglue-mglueP.patch
@@ -0,0 +1,21 @@
+fix the warning:
+warning: implicit declaration of function 'generic_gss_copy_oid_set' [-Wimplicit-function-declaration]
+
+Upstream-Status: Pending
+Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
+
+--- a/src/mglueP.h
++++ b/src/mglueP.h
+@@ -447,6 +447,12 @@ OM_uint32 generic_gss_copy_oid
+ 	    gss_OID *		/* new_oid */
+ 	    );
+ 
++OM_uint32 generic_gss_copy_oid_set
++	   (OM_uint32 *minor_status,	/* minor_status */
++	    const gss_OID_set_desc * const oidset,	/* oid */
++	    gss_OID_set *new_oidset			/* new_oid */
++	   );
++
+ OM_uint32 generic_gss_create_empty_oid_set
+ 	   (OM_uint32 *,	/* minor_status */
+ 	    gss_OID_set *	/* oid_set */