diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-08-23 11:11:46 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-09-27 14:47:44 +0300 |
commit | bba38f38e7e41525c30116a2fe990d113b8157da (patch) | |
tree | 14a0d015f4b144a97c51c896e7a3135b600760a6 /poky/meta/recipes-core | |
parent | 36b84cde8facab568630eec811e483cf1fc50848 (diff) | |
download | openbmc-bba38f38e7e41525c30116a2fe990d113b8157da.tar.xz |
poky: sumo refresh 51872d3f99..3b8dc3a88e
Update poky to sumo HEAD.
Andrej Valek (1):
wpa-supplicant: fix CVE-2018-14526
Armin Kuster (2):
xserver-xorg: config: fix NULL value detection for ID_INPUT being unset
binutils: Change the ARM assembler's ADR and ADRl pseudo-ops so that they will only set the bottom bit of imported thumb function symbols if the -mthumb-interwork option is active.
Bruce Ashfield (3):
linux-yocto/4.12: update to v4.12.28
linux-yocto/4.14: update to v4.14.62
linux-yocto/4.14: update to v4.14.67
Changqing Li (6):
libexif: patch for CVE-2017-7544
squashfs-tools: patch for CVE-2015-4645(4646)
libcroco: patch for CVE-2017-7960
libid3tag: patch for CVE-2004-2779
libice: patch for CVE-2017-2626
apr-util: fix ptest fail problem
Chen Qi (2):
util-linux: upgrade 2.32 -> 2.32.1
busybox: move init related configs to init.cfg
Jagadeesh Krishnanjanappa (2):
libarchive: CVE-2017-14501
libcgroup: CVE-2018-14348
Jon Szymaniak (1):
cve-check.bbclass: detect CVE IDs listed on multiple lines
Joshua Lock (1):
os-release: fix to install in the expected location
Khem Raj (1):
serf: Fix Sconstruct build with python 3.7
Konstantin Shemyak (1):
cve-check.bbclass: do not download the CVE DB in package-specific tasks
Mike Looijmans (1):
busybox/mdev-mount.sh: Fix partition detect and cleanup mountpoint on fail
Ross Burton (1):
lrzsz: fix CVE-2018-10195
Sinan Kaya (3):
busybox: CVE-2017-15874
libpng: CVE-2018-13785
sqlite3: CVE-2018-8740
Yadi.hu (1):
busybox: handle syslog
Yi Zhao (2):
blktrace: Security fix CVE-2018-10689
taglib: Security fix CVE-2018-11439
Zheng Ruoqin (1):
glibc: fix CVE-2018-11237
Change-Id: I2eb1fe6574638de745e4bfc106b86fe797b977c8
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-core')
-rw-r--r-- | poky/meta/recipes-core/busybox/busybox.inc | 14 | ||||
-rw-r--r-- | poky/meta/recipes-core/busybox/busybox/CVE-2017-15874.patch | 30 | ||||
-rw-r--r-- | poky/meta/recipes-core/busybox/busybox/defconfig | 12 | ||||
-rw-r--r-- | poky/meta/recipes-core/busybox/busybox/init.cfg | 7 | ||||
-rw-r--r-- | poky/meta/recipes-core/busybox/busybox_1.27.2.bb | 1 | ||||
-rw-r--r-- | poky/meta/recipes-core/busybox/files/mdev-mount.sh | 4 | ||||
-rw-r--r-- | poky/meta/recipes-core/glibc/glibc/CVE-2018-11237.patch | 82 | ||||
-rw-r--r-- | poky/meta/recipes-core/glibc/glibc_2.27.bb | 1 | ||||
-rw-r--r-- | poky/meta/recipes-core/libcgroup/libcgroup/CVE-2018-14348.patch | 37 | ||||
-rw-r--r-- | poky/meta/recipes-core/libcgroup/libcgroup_0.41.bb | 3 | ||||
-rw-r--r-- | poky/meta/recipes-core/os-release/os-release.bb | 9 | ||||
-rw-r--r-- | poky/meta/recipes-core/util-linux/util-linux_2.32.1.bb (renamed from poky/meta/recipes-core/util-linux/util-linux_2.32.bb) | 4 |
12 files changed, 184 insertions, 20 deletions
diff --git a/poky/meta/recipes-core/busybox/busybox.inc b/poky/meta/recipes-core/busybox/busybox.inc index d1675c37a..8c6dbbaf9 100644 --- a/poky/meta/recipes-core/busybox/busybox.inc +++ b/poky/meta/recipes-core/busybox/busybox.inc @@ -315,20 +315,24 @@ do_install () { fi if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + if grep -q "CONFIG_KLOGD=y" ${B}/.config; then + install -d ${D}${systemd_unitdir}/system + sed 's,@base_sbindir@,${base_sbindir},g' < ${WORKDIR}/busybox-klogd.service.in \ + > ${D}${systemd_unitdir}/system/busybox-klogd.service + fi + if grep -q "CONFIG_SYSLOGD=y" ${B}/.config; then install -d ${D}${systemd_unitdir}/system sed 's,@base_sbindir@,${base_sbindir},g' < ${WORKDIR}/busybox-syslog.service.in \ > ${D}${systemd_unitdir}/system/busybox-syslog.service + if [ ! -e ${D}${systemd_unitdir}/system/busybox-klogd.service ] ; then + sed -i '/klog/d' ${D}${systemd_unitdir}/system/busybox-syslog.service + fi if [ -f ${WORKDIR}/busybox-syslog.default ] ; then install -d ${D}${sysconfdir}/default install -m 0644 ${WORKDIR}/busybox-syslog.default ${D}${sysconfdir}/default/busybox-syslog fi fi - if grep -q "CONFIG_KLOGD=y" ${B}/.config; then - install -d ${D}${systemd_unitdir}/system - sed 's,@base_sbindir@,${base_sbindir},g' < ${WORKDIR}/busybox-klogd.service.in \ - > ${D}${systemd_unitdir}/system/busybox-klogd.service - fi fi # Remove the sysvinit specific configuration file for systemd systems to avoid confusion diff --git a/poky/meta/recipes-core/busybox/busybox/CVE-2017-15874.patch b/poky/meta/recipes-core/busybox/busybox/CVE-2017-15874.patch new file mode 100644 index 000000000..67b4ed7e1 --- /dev/null +++ b/poky/meta/recipes-core/busybox/busybox/CVE-2017-15874.patch @@ -0,0 +1,30 @@ +From e75c01bb3249df16201b482b79bb24bec3b58188 Mon Sep 17 00:00:00 2001 +From: Denys Vlasenko <vda.linux@googlemail.com> +Date: Fri, 27 Oct 2017 15:37:03 +0200 +Subject: [PATCH] unlzma: fix SEGV, closes 10436 + +Upstream-Status: Backport [ https://git.busybox.net/busybox/commit/?id=9ac42c500586fa5f10a1f6d22c3f797df11b1f6b] +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> +Signed-off-by: Sinan Kaya <okaya@kernel.org> +--- + archival/libarchive/decompress_unlzma.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c +index 29eee2a..41e492f 100644 +--- a/archival/libarchive/decompress_unlzma.c ++++ b/archival/libarchive/decompress_unlzma.c +@@ -353,6 +353,10 @@ unpack_lzma_stream(transformer_state_t *xstate) + pos = buffer_pos - rep0; + if ((int32_t)pos < 0) { + pos += header.dict_size; ++ /* bug 10436 has an example file where this triggers: */ ++ if ((int32_t)pos < 0) ++ goto bad; ++ + /* see unzip_bad_lzma_2.zip: */ + if (pos >= buffer_size) + goto bad; +-- +2.19.0 + diff --git a/poky/meta/recipes-core/busybox/busybox/defconfig b/poky/meta/recipes-core/busybox/busybox/defconfig index fbb5fd852..59d93c707 100644 --- a/poky/meta/recipes-core/busybox/busybox/defconfig +++ b/poky/meta/recipes-core/busybox/busybox/defconfig @@ -468,21 +468,21 @@ CONFIG_FEATURE_XARGS_SUPPORT_REPL_STR=y # CONFIG_BOOTCHARTD is not set # CONFIG_FEATURE_BOOTCHARTD_BLOATED_HEADER is not set # CONFIG_FEATURE_BOOTCHARTD_CONFIG_FILE is not set -CONFIG_HALT=y -CONFIG_POWEROFF=y -CONFIG_REBOOT=y +# CONFIG_HALT is not set +# CONFIG_POWEROFF is not set +# CONFIG_REBOOT is not set # CONFIG_FEATURE_CALL_TELINIT is not set -CONFIG_TELINIT_PATH="" +# CONFIG_TELINIT_PATH is not set # CONFIG_INIT is not set # CONFIG_LINUXRC is not set # CONFIG_FEATURE_USE_INITTAB is not set # CONFIG_FEATURE_KILL_REMOVED is not set -CONFIG_FEATURE_KILL_DELAY=0 +# CONFIG_FEATURE_KILL_DELAY is not set # CONFIG_FEATURE_INIT_SCTTY is not set # CONFIG_FEATURE_INIT_SYSLOG is not set # CONFIG_FEATURE_INIT_QUIET is not set # CONFIG_FEATURE_INIT_COREDUMPS is not set -CONFIG_INIT_TERMINAL_TYPE="" +# CONFIG_INIT_TERMINAL_TYPE is not set # CONFIG_FEATURE_INIT_MODIFY_CMDLINE is not set # diff --git a/poky/meta/recipes-core/busybox/busybox/init.cfg b/poky/meta/recipes-core/busybox/busybox/init.cfg index 006d4c633..3c1fdd42b 100644 --- a/poky/meta/recipes-core/busybox/busybox/init.cfg +++ b/poky/meta/recipes-core/busybox/busybox/init.cfg @@ -1,3 +1,8 @@ CONFIG_INIT=y CONFIG_FEATURE_USE_INITTAB=y - +CONFIG_HALT=y +CONFIG_POWEROFF=y +CONFIG_REBOOT=y +CONFIG_FEATURE_KILL_DELAY=0 +CONFIG_TELINIT_PATH="" +CONFIG_INIT_TERMINAL_TYPE="" diff --git a/poky/meta/recipes-core/busybox/busybox_1.27.2.bb b/poky/meta/recipes-core/busybox/busybox_1.27.2.bb index 1ce4823d4..bab29728e 100644 --- a/poky/meta/recipes-core/busybox/busybox_1.27.2.bb +++ b/poky/meta/recipes-core/busybox/busybox_1.27.2.bb @@ -47,6 +47,7 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ file://busybox-CVE-2017-16544.patch \ file://busybox-fix-lzma-segfaults.patch \ file://umount-ignore-c.patch \ + file://CVE-2017-15874.patch \ " SRC_URI_append_libc-musl = " file://musl.cfg " diff --git a/poky/meta/recipes-core/busybox/files/mdev-mount.sh b/poky/meta/recipes-core/busybox/files/mdev-mount.sh index b4385a157..130e9472f 100644 --- a/poky/meta/recipes-core/busybox/files/mdev-mount.sh +++ b/poky/meta/recipes-core/busybox/files/mdev-mount.sh @@ -25,7 +25,7 @@ case "$ACTION" in fi # check for full-disk partition if [ "${DEVBASE}" = "${MDEV}" ] ; then - if [ -d /sys/block/${DEVBASE}/${DEVBASE}*1 ] ; then + if [ -f /sys/block/${DEVBASE}/${DEVBASE}*1/partition ] ; then # Partition detected, just quit exit 0 fi @@ -43,7 +43,7 @@ case "$ACTION" in then MOUNTPOINT="${MDEV_AUTOMOUNT_ROOT}/$MDEV" mkdir -p "$MOUNTPOINT" - mount -t auto /dev/$MDEV "$MOUNTPOINT" + mount -t auto /dev/$MDEV "$MOUNTPOINT" || rmdir "$MOUNTPOINT" fi ;; remove) diff --git a/poky/meta/recipes-core/glibc/glibc/CVE-2018-11237.patch b/poky/meta/recipes-core/glibc/glibc/CVE-2018-11237.patch new file mode 100644 index 000000000..632aa565e --- /dev/null +++ b/poky/meta/recipes-core/glibc/glibc/CVE-2018-11237.patch @@ -0,0 +1,82 @@ +From 9aaaab7c6e4176e61c59b0a63c6ba906d875dc0e Mon Sep 17 00:00:00 2001 +From: Andreas Schwab <schwab@suse.de> +Date: Tue, 22 May 2018 10:37:59 +0200 +Subject: [PATCH] Don't write beyond destination in + __mempcpy_avx512_no_vzeroupper (bug 23196) + +When compiled as mempcpy, the return value is the end of the destination +buffer, thus it cannot be used to refer to the start of it. + +2018-05-23 Andreas Schwab <schwab@suse.de> + + [BZ #23196] + CVE-2018-11237 + * sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S + (L(preloop_large)): Save initial destination pointer in %r11 and + use it instead of %rax after the loop. + * string/test-mempcpy.c (MIN_PAGE_SIZE): Define. + +CVE: CVE-2018-11237 +Upstream-Status: Backport +Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> +--- + ChangeLog | 9 +++++++++ + string/test-mempcpy.c | 1 + + sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S | 5 +++-- + 3 files changed, 13 insertions(+), 2 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index fa0a07c..bc09dec 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,12 @@ ++2018-05-23 Andreas Schwab <schwab@suse.de> ++ ++ [BZ #23196] ++ CVE-2018-11237 ++ * sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S ++ (L(preloop_large)): Save initial destination pointer in %r11 and ++ use it instead of %rax after the loop. ++ * string/test-mempcpy.c (MIN_PAGE_SIZE): Define. ++ + 2018-05-09 Paul Pluzhnikov <ppluzhnikov@google.com> + + [BZ #22786] +diff --git a/string/test-mempcpy.c b/string/test-mempcpy.c +index c08fba8..d98ecdd 100644 +--- a/string/test-mempcpy.c ++++ b/string/test-mempcpy.c +@@ -18,6 +18,7 @@ + <http://www.gnu.org/licenses/>. */ + + #define MEMCPY_RESULT(dst, len) (dst) + (len) ++#define MIN_PAGE_SIZE 131072 + #define TEST_MAIN + #define TEST_NAME "mempcpy" + #include "test-string.h" +diff --git a/sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S b/sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S +index 23c0f7a..a55cf6f 100644 +--- a/sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S ++++ b/sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S +@@ -335,6 +335,7 @@ L(preloop_large): + ja L(preloop_large_bkw) + vmovups (%rsi), %zmm4 + vmovups 0x40(%rsi), %zmm5 ++ mov %rdi, %r11 + + /* Align destination for access with non-temporal stores in the loop. */ + mov %rdi, %r8 +@@ -366,8 +367,8 @@ L(gobble_256bytes_nt_loop): + cmp $256, %rdx + ja L(gobble_256bytes_nt_loop) + sfence +- vmovups %zmm4, (%rax) +- vmovups %zmm5, 0x40(%rax) ++ vmovups %zmm4, (%r11) ++ vmovups %zmm5, 0x40(%r11) + jmp L(check) + + L(preloop_large_bkw): +-- +2.7.4 + diff --git a/poky/meta/recipes-core/glibc/glibc_2.27.bb b/poky/meta/recipes-core/glibc/glibc_2.27.bb index 22a9881ea..adee494c2 100644 --- a/poky/meta/recipes-core/glibc/glibc_2.27.bb +++ b/poky/meta/recipes-core/glibc/glibc_2.27.bb @@ -47,6 +47,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://0030-plural_c_no_preprocessor_lines.patch \ file://CVE-2017-18269.patch \ file://CVE-2018-11236.patch \ + file://CVE-2018-11237.patch \ " NATIVESDKFIXES ?= "" diff --git a/poky/meta/recipes-core/libcgroup/libcgroup/CVE-2018-14348.patch b/poky/meta/recipes-core/libcgroup/libcgroup/CVE-2018-14348.patch new file mode 100644 index 000000000..d133703de --- /dev/null +++ b/poky/meta/recipes-core/libcgroup/libcgroup/CVE-2018-14348.patch @@ -0,0 +1,37 @@ +From 0d88b73d189ea3440ccaab00418d6469f76fa590 Mon Sep 17 00:00:00 2001 +From: Michal Hocko <mhocko@suse.com> +Date: Wed, 18 Jul 2018 11:24:29 +0200 +Subject: [PATCH] cgrulesengd: remove umask(0) + +One of our partners has noticed that cgred daemon is creating a log file +(/var/log/cgred) with too wide permissions (0666) and that is seen as +a security bug because an untrusted user can write to otherwise +restricted area. CVE-2018-14348 has been assigned to this issue. + +CVE: CVE-2018-14348 +Upstream-Status: Backport [https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590] + +Signed-off-by: Michal Hocko <mhocko@suse.com> +Acked-by: Balbir Singh <bsingharora@gmail.com> +Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> +--- + src/daemon/cgrulesengd.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c +index ea51f11..0d288f3 100644 +--- a/src/daemon/cgrulesengd.c ++++ b/src/daemon/cgrulesengd.c +@@ -889,9 +889,6 @@ int cgre_start_daemon(const char *logp, const int logf, + } else if (pid > 0) { + exit(EXIT_SUCCESS); + } +- +- /* Change the file mode mask. */ +- umask(0); + } else { + flog(LOG_DEBUG, "Not using daemon mode\n"); + pid = getpid(); +-- +2.13.3 + diff --git a/poky/meta/recipes-core/libcgroup/libcgroup_0.41.bb b/poky/meta/recipes-core/libcgroup/libcgroup_0.41.bb index 7ddc81e9b..92d7261b0 100644 --- a/poky/meta/recipes-core/libcgroup/libcgroup_0.41.bb +++ b/poky/meta/recipes-core/libcgroup/libcgroup_0.41.bb @@ -11,7 +11,8 @@ inherit autotools pkgconfig DEPENDS = "bison-native flex-native" -SRC_URI = "${SOURCEFORGE_MIRROR}/project/libcg/${BPN}/v0.41/${BPN}-${PV}.tar.bz2" +SRC_URI = "${SOURCEFORGE_MIRROR}/project/libcg/${BPN}/v0.41/${BPN}-${PV}.tar.bz2 \ + file://CVE-2018-14348.patch" SRC_URI_append_libc-musl = " file://musl-decls-compat.patch" SRC_URI[md5sum] = "3dea9d50b8a5b73ff0bf1cdcb210f63f" diff --git a/poky/meta/recipes-core/os-release/os-release.bb b/poky/meta/recipes-core/os-release/os-release.bb index f98870475..bf4f815a1 100644 --- a/poky/meta/recipes-core/os-release/os-release.bb +++ b/poky/meta/recipes-core/os-release/os-release.bb @@ -1,7 +1,7 @@ inherit allarch SUMMARY = "Operating system identification" -DESCRIPTION = "The /etc/os-release file contains operating system identification data." +DESCRIPTION = "The /usr/lib/os-release file contains operating system identification data." LICENSE = "MIT" INHIBIT_DEFAULT_DEPS = "1" @@ -42,6 +42,9 @@ python do_compile () { do_compile[vardeps] += "${OS_RELEASE_FIELDS}" do_install () { - install -d ${D}${sysconfdir} - install -m 0644 os-release ${D}${sysconfdir}/ + install -d ${D}${libdir} ${D}${sysconfdir} + install -m 0644 os-release ${D}${libdir}/ + lnr ${D}${libdir}/os-release ${D}${sysconfdir}/os-release } + +FILES_${PN} += "${libdir}/os-release" diff --git a/poky/meta/recipes-core/util-linux/util-linux_2.32.bb b/poky/meta/recipes-core/util-linux/util-linux_2.32.1.bb index 55cc98c20..455b9377b 100644 --- a/poky/meta/recipes-core/util-linux/util-linux_2.32.bb +++ b/poky/meta/recipes-core/util-linux/util-linux_2.32.1.bb @@ -15,8 +15,8 @@ SRC_URI += "file://configure-sbindir.patch \ file://display_testname_for_subtest.patch \ file://avoid_parallel_tests.patch \ " -SRC_URI[md5sum] = "e0d8a25853f88cd15ff557e5d8cb4ea7" -SRC_URI[sha256sum] = "6c7397abc764e32e8159c2e96042874a190303e77adceb4ac5bd502a272a4734" +SRC_URI[md5sum] = "9e5b1b8c1dc99455bdb6b462cf9436d9" +SRC_URI[sha256sum] = "86e6707a379c7ff5489c218cfaf1e3464b0b95acf7817db0bc5f179e356a67b2" CACHED_CONFIGUREVARS += "scanf_cv_alloc_modifier=ms" |