diff options
| author | Andrew Geissler <geissonator@yahoo.com> | 2020-05-15 22:13:32 +0300 |
|---|---|---|
| committer | Andrew Geissler <geissonator@yahoo.com> | 2020-05-21 23:43:47 +0300 |
| commit | c182c62dd929fe69b57a12bc04099fcd09b5d436 (patch) | |
| tree | a34e6d5c7dc6d91fc51f43b738099b458764e165 /poky/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch | |
| parent | 7f40b7168b897da48694d6e71fd3fd45861bfb19 (diff) | |
| download | openbmc-c182c62dd929fe69b57a12bc04099fcd09b5d436.tar.xz | |
poky: subtree update:b5763b2f48..f468a73523
Adrian Bunk (13):
iproute2: Remove -fcommon
libxcrypt2: Remove -fcommon
xorg-xserver: Remove -fcommon
mesa: Remove -fcommon
at-spi2-atk: Remove -fcommon
menu-cache: Replace -fcommon with fix
matchbox-wm: Replace -fcommon with fix
llvm: Remove -fcommon
vte: Remove workaround for gcc 4.8
python-numpy: Remove workaround for host gcc < 5
libtasn1: Remove workaround for host gcc < 5
nettle: Remove workaround for gcc < 5
wireless-regdb: Upgrade 2019.06.03 -> 2020.04.29
Alejandro Hernandez (1):
connman: Include vpn-script in FILES
Alexander Kanavin (30):
libinput: add ptest
libinput: update 1.15.2 -> 1.15.5
avahi: merge avahi-ui into the main recipe
avahi: update to 0.8
testsdkext/devtool: initialize the test component's git repo
git: update to 2.26.2
libcap: update to 2.33
libhandy: add a recipe from meta-oe
libdazzle: update to 3.36.0
epiphany: update to 3.36.1
patchelf: switch to git
powertop: switch to Arjan's git
meson: fix upstream version check
rpcsvc-proto: update to 1.4.1
vulkan-headers: upgrade 1.1.126.0 -> 1.2.135.0
vulkan-loader: upgrade 1.1.126.0 -> 1.2.135.0
vulkan-tools: upgrade 1.1.126.0 -> 1.2.135.0
vulkan-demos: upgrade to latest revision
e2fsprogs: update to 1.45.6
build-compare: update to latest revision
ovmf: update to 202002
cdrtools-native: fix upstream version check
re2c: correct upstream location
vte: add icu dependency
mesa: enable x11 for native/nativesdk
runqemu: set host DRI driver path for all instances of virgl usage
libepoxy: do not strip RUNPATH from native/nativesdk
virgl: skip test on Debian 9
runqemu: force software x11 renderer for SDL when GL is not in use
gcr: correct a build race between vapi files
Andrej Valek (1):
icu: upgrade 66.1 -> 67.1
Anton Eliasson (1):
meson.bbclass: Close the log file after reading
Bartosz Golaszewski (1):
busybox: disable i2ctransfer
Changqing Li (2):
rpm: fix file conflicts for MIPS64 N32
lib/oe/package_manager: update default rpm config %_prefer_color
Jacob Kroon (1):
pseudo: Fix enum typedef
Joe Slater (1):
wget: improve reproducible build
Joshua Watt (3):
libnewt: Backport patch to fix reproducibility
bitbake.conf: Prevent git from detecting parent repo in recipe
classes/kernel: Generate reproducible kernel module tarball
Kai Kang (1):
python3-git: 3.0.5 -> 3.1.2
Khem Raj (9):
avahi: Cover gtk packageconfig with x11/wayland distro features
tunes: Add new tune files for cortexa55 and cortexa73-cortexa53
gcc-runtime: Avoid march conflicts with newer cortex-a55 CPUs
gcc10: Update to GCC 10.1 Release
glibc: Update to latest on 2.31 branch
gcc10: Default back to -fcommon
gcc10: Revert using __getauxval in libgcc
glib-2.0: Fix stpcpy detection for mingw
wayland: fix condition for strndup detection
Konrad Weihmann (2):
pypi.bbclass: mind package suffix on version check
file: add PACKAGECONFIG for auto options
Mingli Yu (1):
python3-setuptools: add the missing rdepends
Peter Kjellerstedt (2):
sstate.bbclass: Do not fail if files cannot be touched
file: Remove unneccessary override of PACKAGECONFIG for native
Pierre-Jean Texier (1):
sysklogd: upgrade 2.1.1 -> 2.1.2
Richard Leitner (6):
gdbm: add patch to fix link failure against gcc 10
dtc: update to 1.6.0
libtirpc: remove extra "-fcommon" from CFLAGS
libcomps: update to 0.1.15
binutils: add patch to fix issues with gcc 10
cpio: add patch to fix issues with gcc 10
Richard Purdie (4):
recipes: Remove remaining INC_PR variables
insane: Promote warnings into errors
poky: We now match OE-Core's error/warning config so simplify
poky.conf: Post release version bump
Robert P. J. Day (1):
documentation.conf: Add variables supported by features_check.bbclass
Tim Orling (1):
pypi.bbclass: use new pypi UPSTREAM_CHECK_URI
Wang Mingyu (1):
nettle: upgrade 3.5.1 -> 3.6
Yeoh Ee Peng (1):
selftest/imagefeatures: Enable sanity test for IMAGE_GEN_DEBUGFS
Yi Zhao (1):
opkg-keyrings: check if opkg-key exists before run postinst
Zoltan Boszormenyi (4):
libva: Factor out base parts into an include file
libva-initial: New bootstrap recipe
mesa: Add PACKAGECONFIG knob to enable VAAPI
mesa: Add PACKAGECONFIG knob to enable VDPAU state tracker and drivers
jan (1):
scripts/tiny/ksize: Fix for more recent kernels
wenlin.kang@windriver.com (1):
populate_sdk_base.bbclass: fix warning: name not matched
Change-Id: Icd73153270a6cb7ab63257211350aa564867c2db
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Diffstat (limited to 'poky/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch')
| -rw-r--r-- | poky/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch | 48 |
1 files changed, 0 insertions, 48 deletions
diff --git a/poky/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch b/poky/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch deleted file mode 100644 index 7461fe193..000000000 --- a/poky/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch +++ /dev/null @@ -1,48 +0,0 @@ -Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/e111def] - -CVE: CVE-2017-6519 - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From e111def44a7df4624a4aa3f85fe98054bffb6b4f Mon Sep 17 00:00:00 2001 -From: Trent Lloyd <trent@lloyd.id.au> -Date: Sat, 22 Dec 2018 09:06:07 +0800 -Subject: [PATCH] Drop legacy unicast queries from address not on local link - -When handling legacy unicast queries, ensure that the source IP is -inside a subnet on the local link, otherwise drop the packet. - -Fixes #145 -Fixes #203 -CVE-2017-6519 -CVE-2018-1000845 ---- - avahi-core/server.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/avahi-core/server.c b/avahi-core/server.c -index a2cb19a8..a2580e38 100644 ---- a/avahi-core/server.c -+++ b/avahi-core/server.c -@@ -930,6 +930,7 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres - - if (avahi_dns_packet_is_query(p)) { - int legacy_unicast = 0; -+ char t[AVAHI_ADDRESS_STR_MAX]; - - /* For queries EDNS0 might allow ARCOUNT != 0. We ignore the - * AR section completely here, so far. Until the day we add -@@ -947,6 +948,13 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres - legacy_unicast = 1; - } - -+ if (!is_mdns_mcast_address(dst_address) && -+ !avahi_interface_address_on_link(i, src_address)) { -+ -+ avahi_log_debug("Received non-local unicast query from host %s on interface '%s.%i'.", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol); -+ return; -+ } -+ - if (legacy_unicast) - reflect_legacy_unicast_query_packet(s, p, i, src_address, port); - |