diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2020-06-27 08:28:28 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2020-06-27 08:32:13 +0300 |
commit | d25ed3241ddffad58c7a52e45e388e6c48d5123a (patch) | |
tree | b097477c5b9204689d35c06f5761b1767093b338 /poky/meta/recipes-core/systemd | |
parent | c87764fefff10735006a31fab72d76c243a3eb40 (diff) | |
download | openbmc-d25ed3241ddffad58c7a52e45e388e6c48d5123a.tar.xz |
poky: subtree update:26ae42ded7..5951cbcabe
Alex Kiernan (1):
recipetool: Fix list concatenation when using edit
Alexander Kanavin (4):
apr-util: make gdbm optional
gobject-introspection: add a patch to fix a build race
icu: merge .inc into main recipe
icu: make filtered data generation optional, serial and off by default
Alexandru N. Onea (3):
bitbake: perforce: add basic progress handler for perforce
bitbake: perforce: add local path handling SRC_URI options
bitbake: bitbake-user-manual: update perforce fetcher docs
Andreas M?ller (1):
meson.bbclass: avoid unexpected operating-system names
Andreas Müller (6):
boost: Add upstream patch to fix build on depending projects
libinput: upgrade 1.15.5 -> 1.15.6
sqlite3: upgrade 3.32.2 -> 3.32.3
desktop-file-utils: upgrade 0.24 -> 0.26
file: upgrade 5.38 -> 5.39
ffmpeg: upgrade 4.2.3 -> 4.3
Andrej Valek (1):
oeqa/runtime/cases/ptest: Make output content path absolute
Andrew Geissler (1):
meson: backport library ordering fix
Armin Kuster (1):
libuv: move from meta-oe to core for bind update
Arthur She (1):
igt-gpu-tools: add new package
Changqing Li (1):
mime.bbclass: fix post install scriptlet error
Chen Qi (1):
systemd-serialgetty: do not use BindsTo
Daniel McGregor (3):
sign_rpm.bbclass: ignore thread count
systemd-conf: Accept MTU from DHCP
buildhistory-collect-srcrevs: sort directories
He Zhe (1):
ltp: Fix copy_file_rang02 for 32-bit arches
Hongxu Jia (1):
libmodulemd: switch branch master -> main
Jacob Kroon (5):
bitbake: lib/bb/utils.py: Do not preserve TERM in the environment
bitbake: bitbake-user-manual: Remove TERM from BB_HASHBASE_WHITELIST example
bitbake.conf: Remove TERM from default BB_HASHBASE_WHITELIST
grub: Remove native version of grub-efi
distro_alias: Remove unused grub-efi distro aliases
Jens Rehsack (1):
u-boot: avoid blind merging all *.cfg
Joe Slater (1):
systemd: fix CVE-2020-13776
Joshua Watt (5):
sstatesig: Account for all dataCaches being passed
bitbake: bitbake: cache: Fix error message with bad multiconfig
wic: Fix error message when reporting invalid offset
classes/archiver: Create patched archive before configuring
bitbake: cache: Bump cache version
Konrad Weihmann (3):
oeqa/runtime: Add OERequirePackage decorator
bitbake: cookerdata: Add BBFILES_DYNAMIC inverse mode
bitbake: bitbake-user-manual: Add BBFILES_DYNAMIC
Mark Morton (2):
New source files and Makefile update for Test Manual
test-manual: Fixed codeblock formatting
Martin Jansa (1):
net-tools: backport a patch from upstream to use the same ifconfig format as debian/ubuntu
Mingli Yu (3):
python3: add the rdepends for python3-misc
python3: add rdepends for python3-idle
python3-dbusmock: add the missing rdepends
Otavio Salvador (2):
systemd: Sync systemd-serialgetty@.service with upstream
mtd-utils: Fix return value of ubiformat
Ovidiu Panait (2):
dbus-test: Remove EXTRA_OECONF_X configs
dbus,dbus-test: Move common parts to dbus.inc
Paul Barker (2):
bitbake: fetch2/gitsm: Mark srcrev as fetched once all submodules are processed
bitbake: fetch2/gitsm: Make need_update() process submodules
Paul Eggleton (5):
graph-tool: switch to argparse
graph-tool: add filter subcommand
dpkg-native: rebase and reinstate fix for "tar: file changed as we read it"
shadow-sysroot: drop unused SRC_URI checksums
devtool: fix typo
Peter Kjellerstedt (1):
relocatable.bbclass: Avoid an exception if an empty pkgconfig dir exist
Pierre-Jean Texier (3):
diffoscope: upgrade 146 -> 147
ell: upgrade 0.31 -> 0.32
curl: upgrade 7.70.0 -> 7.71.0
Rasmus Villemoes (1):
curl: add debug info
Richard Purdie (15):
buildhistory: Add simplistic file move detection
bitbake: bin/bitbake: Update to next series release version
perl: Fix host specific modules problems
sanity.conf: Require bitbake 1.47.0 as the minimum version
patchelf: Upgrade 0.10 -> 0.11
test-manual: Add SPDX license headers
Makefile: Drop obsolete edison/denzil branch conditionals
bitbake: tests/fetch: Switch from git.infradead.org to a YP mirror
pseudo: Fix attr errors due to incorrect library resolution issues
oeqa/selftest/runcmd: Add better debug for thread count mismatch failures
oeqa/utils/command: Improve stdin handling in runCmd
vulkan-headers: Fix upstream branch deletion issue
recipes: Fix Upstream-Status Accepted -> Backport
scripts/install-buildtools: Update to 3.2 M1 buildtools
scripts/install-buildtools: Handle new format checksum files
Robert P. J. Day (1):
python: use official "pypi.org" URLs for HOMEPAGE
Ross Burton (8):
install-buildtools: fail if an error occurs
install-buildtools: remove hardcoded x86-64 architecture
install-buildtools: add option to disable checksum validation
common-licenses: add BSD-2-Clause-Patent
gstreamer1.0-plugins-bad: add support for vdpau
go-binary-native: add binary Go to bootstrap
tcmode-default: use go-binary-native by default
go-native: merge bb/inc and add comment
Ryan Rowe (1):
python3: fix PGO for non-reproducible biniaries
Sakib Sajal (1):
qemu: uprev v4.2.0 -> v5.0.0
Samuli Piippo (2):
cmake: allow chainloading of the toolchain file
perl: use relative paths in the perl wrapper
Steve Sakoman (1):
buildtools-tarball: export OPENSSL_CONF in environment setup
Tanu Kaskinen (1):
pulseaudio: remove unnecessary libltdl copying
Trevor Gamblin (1):
python3-setuptools: patch entrypoints for faster initialization
Tuomas Salokanto (1):
recipetool: create: fix SRCBRANCH not being passed to params
Valentin Longchamp (2):
tools-profile: disable valgrind for powerpc soft-float
valgrind: disable it for powerpc soft-float
Wang Mingyu (5):
powertop: upgrade 2.12 -> 2.13
man-db: upgrade 2.9.2 -> 2.9.3
valgrind: upgrade 3.16.0 -> 3.16.1
man-pages: upgrade 5.06 -> 5.07
harfbuzz: upgrade 2.6.7 -> 2.6.8
Yi Zhao (2):
iptables: fix invalid symbolic link for ip6tables-apply
iptables: split iptables-apply to its own package
Yongxin Liu (1):
linux-firmware: add ice for Intel E800 series driver
Yuki Hoshino (1):
sysvinit-inittab: Add support for tty devices with 10 or more number.
akuster (9):
bind: update to 9.11.19
adt-manual: Add SPDX license headers
bsp-guide: Add SPDX license headers
brief-yoctoprojectsqa: Add SPDX license headers
dev-manual: Add SPDX License headers
kernel-dev: Add SPDX license headers
profile-manual: Add SPDX licence headers
sdk-manual: Add SPDX license headers
toaster-manaul: Add SPDX license headers
haiqing (1):
libpam: Remove option 'obscure' from common-password
hongxu (1):
kmod: add nativesdk support
zangrc (1):
ethtool:upgrade 5.6 -> 5.7
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I1190ca17297b1167286cfc06033e8485396c7cce
Diffstat (limited to 'poky/meta/recipes-core/systemd')
4 files changed, 107 insertions, 2 deletions
diff --git a/poky/meta/recipes-core/systemd/systemd-conf/wired.network b/poky/meta/recipes-core/systemd/systemd-conf/wired.network index ff807ba31..dcf353459 100644 --- a/poky/meta/recipes-core/systemd/systemd-conf/wired.network +++ b/poky/meta/recipes-core/systemd/systemd-conf/wired.network @@ -6,5 +6,6 @@ KernelCommandLine=!nfsroot DHCP=yes [DHCP] +UseMTU=yes RouteMetric=10 ClientIdentifier=mac diff --git a/poky/meta/recipes-core/systemd/systemd-serialgetty/serial-getty@.service b/poky/meta/recipes-core/systemd/systemd-serialgetty/serial-getty@.service index 15af16a9f..549d56600 100644 --- a/poky/meta/recipes-core/systemd/systemd-serialgetty/serial-getty@.service +++ b/poky/meta/recipes-core/systemd/systemd-serialgetty/serial-getty@.service @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: LGPL-2.1+ +# # This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it @@ -11,7 +13,7 @@ Documentation=man:agetty(8) man:systemd-getty-generator(8) Documentation=http://0pointer.de/blog/projects/serial-console.html PartOf=dev-%i.device ConditionPathExists=/dev/%i -After=dev-%i.device systemd-user-sessions.service plymouth-quit-wait.service +After=dev-%i.device systemd-user-sessions.service plymouth-quit-wait.service getty-pre.target After=rc-local.service # If additional gettys are spawned during boot then we should make @@ -20,12 +22,17 @@ After=rc-local.service Before=getty.target IgnoreOnIsolate=yes +# IgnoreOnIsolate causes issues with sulogin, if someone isolates +# rescue.target or starts rescue.service from multi-user.target or +# graphical.target. +Conflicts=rescue.service +Before=rescue.service + [Service] Environment="TERM=xterm" ExecStart=-/sbin/agetty -8 -L %I @BAUDRATE@ $TERM Type=idle Restart=always -RestartSec=0 UtmpIdentifier=%I TTYPath=/dev/%I TTYReset=yes diff --git a/poky/meta/recipes-core/systemd/systemd/CVE-2020-13776.patch b/poky/meta/recipes-core/systemd/systemd/CVE-2020-13776.patch new file mode 100644 index 000000000..7b5e3e7f7 --- /dev/null +++ b/poky/meta/recipes-core/systemd/systemd/CVE-2020-13776.patch @@ -0,0 +1,96 @@ +From 156a5fd297b61bce31630d7a52c15614bf784843 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Sun, 31 May 2020 18:21:09 +0200 +Subject: [PATCH 1/1] basic/user-util: always use base 10 for user/group + numbers + +We would parse numbers with base prefixes as user identifiers. For example, +"0x2b3bfa0" would be interpreted as UID==45334432 and "01750" would be +interpreted as UID==1000. This parsing was used also in cases where either a +user/group name or number may be specified. This means that names like +0x2b3bfa0 would be ambiguous: they are a valid user name according to our +documented relaxed rules, but they would also be parsed as numeric uids. + +This behaviour is definitely not expected by users, since tools generally only +accept decimal numbers (e.g. id, getent passwd), while other tools only accept +user names and thus will interpret such strings as user names without even +attempting to convert them to numbers (su, ssh). So let's follow suit and only +accept numbers in decimal notation. Effectively this means that we will reject +such strings as a username/uid/groupname/gid where strict mode is used, and try +to look up a user/group with such a name in relaxed mode. + +Since the function changed is fairly low-level and fairly widely used, this +affects multiple tools: loginctl show-user/enable-linger/disable-linger foo', +the third argument in sysusers.d, fourth and fifth arguments in tmpfiles.d, +etc. + +Fixes #15985. +--- + src/basic/user-util.c | 2 +- + src/test/test-user-util.c | 10 ++++++++++ + 2 files changed, 11 insertions(+), 1 deletion(-) + +--- end of commit 156a5fd297b61bce31630d7a52c15614bf784843 --- + + +Add definition of safe_atou32_full() from commit b934ac3d6e7dcad114776ef30ee9098693e7ab7e + +CVE: CVE-2020-13776 + +Upstream-Status: Backport [https://github.com/systemd/systemd.git] + +Signed-off-by: Joe Slater <joe.slater@windriver.com> + + + +--- git.orig/src/basic/user-util.c ++++ git/src/basic/user-util.c +@@ -49,7 +49,7 @@ int parse_uid(const char *s, uid_t *ret) + assert(s); + + assert_cc(sizeof(uid_t) == sizeof(uint32_t)); +- r = safe_atou32(s, &uid); ++ r = safe_atou32_full(s, 10, &uid); + if (r < 0) + return r; + +--- git.orig/src/test/test-user-util.c ++++ git/src/test/test-user-util.c +@@ -48,9 +48,19 @@ static void test_parse_uid(void) { + + r = parse_uid("65535", &uid); + assert_se(r == -ENXIO); ++ assert_se(uid == 100); ++ ++ r = parse_uid("0x1234", &uid); ++ assert_se(r == -EINVAL); ++ assert_se(uid == 100); ++ ++ r = parse_uid("01234", &uid); ++ assert_se(r == 0); ++ assert_se(uid == 1234); + + r = parse_uid("asdsdas", &uid); + assert_se(r == -EINVAL); ++ assert_se(uid == 1234); + } + + static void test_uid_ptr(void) { +--- git.orig/src/basic/parse-util.h ++++ git/src/basic/parse-util.h +@@ -45,9 +45,13 @@ static inline int safe_atoux16(const cha + + int safe_atoi16(const char *s, int16_t *ret); + +-static inline int safe_atou32(const char *s, uint32_t *ret_u) { ++static inline int safe_atou32_full(const char *s, unsigned base, uint32_t *ret_u) { + assert_cc(sizeof(uint32_t) == sizeof(unsigned)); +- return safe_atou(s, (unsigned*) ret_u); ++ return safe_atou_full(s, base, (unsigned*) ret_u); ++} ++ ++static inline int safe_atou32(const char *s, uint32_t *ret_u) { ++ return safe_atou32_full(s, 0, (unsigned*) ret_u); + } + + static inline int safe_atoi32(const char *s, int32_t *ret_i) { diff --git a/poky/meta/recipes-core/systemd/systemd_245.6.bb b/poky/meta/recipes-core/systemd/systemd_245.6.bb index ece422098..b6681b206 100644 --- a/poky/meta/recipes-core/systemd/systemd_245.6.bb +++ b/poky/meta/recipes-core/systemd/systemd_245.6.bb @@ -20,6 +20,7 @@ SRC_URI += "file://touchscreen.rules \ file://99-default.preset \ file://0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch \ file://0003-implment-systemd-sysv-install-for-OE.patch \ + file://CVE-2020-13776.patch \ " # patches needed by musl |