diff options
| author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-08-23 11:11:46 +0300 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-09-27 14:47:44 +0300 |
| commit | bba38f38e7e41525c30116a2fe990d113b8157da (patch) | |
| tree | 14a0d015f4b144a97c51c896e7a3135b600760a6 /poky/meta/recipes-core/libcgroup | |
| parent | 36b84cde8facab568630eec811e483cf1fc50848 (diff) | |
| download | openbmc-bba38f38e7e41525c30116a2fe990d113b8157da.tar.xz | |
poky: sumo refresh 51872d3f99..3b8dc3a88e
Update poky to sumo HEAD.
Andrej Valek (1):
wpa-supplicant: fix CVE-2018-14526
Armin Kuster (2):
xserver-xorg: config: fix NULL value detection for ID_INPUT being unset
binutils: Change the ARM assembler's ADR and ADRl pseudo-ops so that they will only set the bottom bit of imported thumb function symbols if the -mthumb-interwork option is active.
Bruce Ashfield (3):
linux-yocto/4.12: update to v4.12.28
linux-yocto/4.14: update to v4.14.62
linux-yocto/4.14: update to v4.14.67
Changqing Li (6):
libexif: patch for CVE-2017-7544
squashfs-tools: patch for CVE-2015-4645(4646)
libcroco: patch for CVE-2017-7960
libid3tag: patch for CVE-2004-2779
libice: patch for CVE-2017-2626
apr-util: fix ptest fail problem
Chen Qi (2):
util-linux: upgrade 2.32 -> 2.32.1
busybox: move init related configs to init.cfg
Jagadeesh Krishnanjanappa (2):
libarchive: CVE-2017-14501
libcgroup: CVE-2018-14348
Jon Szymaniak (1):
cve-check.bbclass: detect CVE IDs listed on multiple lines
Joshua Lock (1):
os-release: fix to install in the expected location
Khem Raj (1):
serf: Fix Sconstruct build with python 3.7
Konstantin Shemyak (1):
cve-check.bbclass: do not download the CVE DB in package-specific tasks
Mike Looijmans (1):
busybox/mdev-mount.sh: Fix partition detect and cleanup mountpoint on fail
Ross Burton (1):
lrzsz: fix CVE-2018-10195
Sinan Kaya (3):
busybox: CVE-2017-15874
libpng: CVE-2018-13785
sqlite3: CVE-2018-8740
Yadi.hu (1):
busybox: handle syslog
Yi Zhao (2):
blktrace: Security fix CVE-2018-10689
taglib: Security fix CVE-2018-11439
Zheng Ruoqin (1):
glibc: fix CVE-2018-11237
Change-Id: I2eb1fe6574638de745e4bfc106b86fe797b977c8
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-core/libcgroup')
| -rw-r--r-- | poky/meta/recipes-core/libcgroup/libcgroup/CVE-2018-14348.patch | 37 | ||||
| -rw-r--r-- | poky/meta/recipes-core/libcgroup/libcgroup_0.41.bb | 3 |
2 files changed, 39 insertions, 1 deletions
diff --git a/poky/meta/recipes-core/libcgroup/libcgroup/CVE-2018-14348.patch b/poky/meta/recipes-core/libcgroup/libcgroup/CVE-2018-14348.patch new file mode 100644 index 000000000..d133703de --- /dev/null +++ b/poky/meta/recipes-core/libcgroup/libcgroup/CVE-2018-14348.patch @@ -0,0 +1,37 @@ +From 0d88b73d189ea3440ccaab00418d6469f76fa590 Mon Sep 17 00:00:00 2001 +From: Michal Hocko <mhocko@suse.com> +Date: Wed, 18 Jul 2018 11:24:29 +0200 +Subject: [PATCH] cgrulesengd: remove umask(0) + +One of our partners has noticed that cgred daemon is creating a log file +(/var/log/cgred) with too wide permissions (0666) and that is seen as +a security bug because an untrusted user can write to otherwise +restricted area. CVE-2018-14348 has been assigned to this issue. + +CVE: CVE-2018-14348 +Upstream-Status: Backport [https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590] + +Signed-off-by: Michal Hocko <mhocko@suse.com> +Acked-by: Balbir Singh <bsingharora@gmail.com> +Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> +--- + src/daemon/cgrulesengd.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c +index ea51f11..0d288f3 100644 +--- a/src/daemon/cgrulesengd.c ++++ b/src/daemon/cgrulesengd.c +@@ -889,9 +889,6 @@ int cgre_start_daemon(const char *logp, const int logf, + } else if (pid > 0) { + exit(EXIT_SUCCESS); + } +- +- /* Change the file mode mask. */ +- umask(0); + } else { + flog(LOG_DEBUG, "Not using daemon mode\n"); + pid = getpid(); +-- +2.13.3 + diff --git a/poky/meta/recipes-core/libcgroup/libcgroup_0.41.bb b/poky/meta/recipes-core/libcgroup/libcgroup_0.41.bb index 7ddc81e9b..92d7261b0 100644 --- a/poky/meta/recipes-core/libcgroup/libcgroup_0.41.bb +++ b/poky/meta/recipes-core/libcgroup/libcgroup_0.41.bb @@ -11,7 +11,8 @@ inherit autotools pkgconfig DEPENDS = "bison-native flex-native" -SRC_URI = "${SOURCEFORGE_MIRROR}/project/libcg/${BPN}/v0.41/${BPN}-${PV}.tar.bz2" +SRC_URI = "${SOURCEFORGE_MIRROR}/project/libcg/${BPN}/v0.41/${BPN}-${PV}.tar.bz2 \ + file://CVE-2018-14348.patch" SRC_URI_append_libc-musl = " file://musl-decls-compat.patch" SRC_URI[md5sum] = "3dea9d50b8a5b73ff0bf1cdcb210f63f" |