diff options
Diffstat (limited to 'poky/meta/recipes-core/util-linux')
3 files changed, 64 insertions, 1 deletions
diff --git a/poky/meta/recipes-core/util-linux/util-linux.inc b/poky/meta/recipes-core/util-linux/util-linux.inc index a76fb9e50..0f17c73e8 100644 --- a/poky/meta/recipes-core/util-linux/util-linux.inc +++ b/poky/meta/recipes-core/util-linux/util-linux.inc @@ -35,6 +35,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin file://run-ptest \ file://display_testname_for_subtest.patch \ file://avoid_parallel_tests.patch \ + file://CVE-2021-37600.patch \ " SRC_URI[sha256sum] = "8e4bd42053b726cf86eb4d13a73bc1d9225a2c2e1a2e0d2a891f1020f83e6b76" diff --git a/poky/meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch b/poky/meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch new file mode 100644 index 000000000..2b306c435 --- /dev/null +++ b/poky/meta/recipes-core/util-linux/util-linux/CVE-2021-37600.patch @@ -0,0 +1,33 @@ +From 1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c Mon Sep 17 00:00:00 2001 +From: Karel Zak <kzak@redhat.com> +Date: Tue, 27 Jul 2021 11:58:31 +0200 +Subject: [PATCH] sys-utils/ipcutils: be careful when call calloc() for uint64 + nmembs + +Fix: https://github.com/karelzak/util-linux/issues/1395 +Signed-off-by: Karel Zak <kzak@redhat.com> + +CVE: CVE-2021-37600 +Upstream-Status: Backport [1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c] + +Signed-off-by: Dragos-Marian Panait <dragos.panait@windriver.com> +--- + sys-utils/ipcutils.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sys-utils/ipcutils.c b/sys-utils/ipcutils.c +index e784c4dcb..18868cfd3 100644 +--- a/sys-utils/ipcutils.c ++++ b/sys-utils/ipcutils.c +@@ -218,7 +218,7 @@ static void get_sem_elements(struct sem_data *p) + { + size_t i; + +- if (!p || !p->sem_nsems || p->sem_perm.id < 0) ++ if (!p || !p->sem_nsems || p->sem_nsems > SIZE_MAX || p->sem_perm.id < 0) + return; + + p->elements = xcalloc(p->sem_nsems, sizeof(struct sem_elem)); +-- +2.25.1 + diff --git a/poky/meta/recipes-core/util-linux/util-linux_2.37.1.bb b/poky/meta/recipes-core/util-linux/util-linux_2.37.1.bb index b67c3dcb5..935159514 100644 --- a/poky/meta/recipes-core/util-linux/util-linux_2.37.1.bb +++ b/poky/meta/recipes-core/util-linux/util-linux_2.37.1.bb @@ -1,7 +1,7 @@ require util-linux.inc #gtk-doc is not enabled as it requires xmlto which requires util-linux -inherit autotools gettext pkgconfig systemd update-alternatives python3-dir bash-completion ptest +inherit autotools gettext manpages pkgconfig systemd update-alternatives python3-dir bash-completion ptest DEPENDS = "libcap-ng ncurses virtual/crypt zlib util-linux-libuuid" PACKAGES =+ "${PN}-swaponoff" @@ -92,6 +92,9 @@ EXTRA_OECONF:append = " --disable-hwclock-gplv3" # PACKAGECONFIG ?= "pcre2" PACKAGECONFIG:class-target ?= "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'chfn-chsh pam', '', d)}" +# inherit manpages requires this to be present, however util-linux does not have +# configuration options, and installs manpages always +PACKAGECONFIG[manpages] = "" PACKAGECONFIG[pam] = "--enable-su --enable-runuser,--disable-su --disable-runuser, libpam," # Respect the systemd feature for uuidd PACKAGECONFIG[systemd] = "--with-systemd --with-systemdsystemunitdir=${systemd_system_unitdir}, --without-systemd --without-systemdsystemunitdir,systemd" @@ -263,6 +266,32 @@ ALTERNATIVE_LINK_NAME[utmpdump] = "${bindir}/utmpdump" ALTERNATIVE_LINK_NAME[uuidgen] = "${bindir}/uuidgen" ALTERNATIVE_LINK_NAME[wall] = "${bindir}/wall" +ALTERNATIVE:${PN}-doc = "\ +blkid.8 eject.1 findfs.8 fsck.8 kill.1 last.1 lastb.1 libblkid.3 logger.1 mesg.1 \ +mountpoint.1 nologin.8 rfkill.8 sulogin.8 utmpdump.1 uuid.3 wall.1\ +" +ALTERNATIVE:${PN}-doc += "${@bb.utils.contains('PACKAGECONFIG', 'pam', 'su.1', '', d)}" + +ALTERNATIVE_LINK_NAME[blkid.8] = "${mandir}/man8/blkid.8" +ALTERNATIVE_LINK_NAME[eject.1] = "${mandir}/man1/eject.1" +ALTERNATIVE_LINK_NAME[findfs.8] = "${mandir}/man8/findfs.8" +ALTERNATIVE_LINK_NAME[fsck.8] = "${mandir}/man8/fsck.8" +ALTERNATIVE_LINK_NAME[kill.1] = "${mandir}/man1/kill.1" +ALTERNATIVE_LINK_NAME[last.1] = "${mandir}/man1/last.1" +ALTERNATIVE_LINK_NAME[lastb.1] = "${mandir}/man1/lastb.1" +ALTERNATIVE_LINK_NAME[libblkid.3] = "${mandir}/man3/libblkid.3" +ALTERNATIVE_LINK_NAME[logger.1] = "${mandir}/man1/logger.1" +ALTERNATIVE_LINK_NAME[mesg.1] = "${mandir}/man1/mesg.1" +ALTERNATIVE_LINK_NAME[mountpoint.1] = "${mandir}/man1/mountpoint.1" +ALTERNATIVE_LINK_NAME[nologin.8] = "${mandir}/man8/nologin.8" +ALTERNATIVE_LINK_NAME[rfkill.8] = "${mandir}/man8/rfkill.8" +ALTERNATIVE_LINK_NAME[setpriv.1] = "${mandir}/man1/setpriv.1" +ALTERNATIVE_LINK_NAME[su.1] = "${mandir}/man1/su.1" +ALTERNATIVE_LINK_NAME[sulogin.8] = "${mandir}/man8/sulogin.8" +ALTERNATIVE_LINK_NAME[utmpdump.1] = "${mandir}/man1/utmpdump.1" +ALTERNATIVE_LINK_NAME[uuid.3] = "${mandir}/man3/uuid.3" +ALTERNATIVE_LINK_NAME[wall.1] = "${mandir}/man1/wall.1" + BBCLASSEXTEND = "native nativesdk" PTEST_BINDIR = "1" |