From 748a483a8f515f7aa0ce999ebeeebed4ed17ae10 Mon Sep 17 00:00:00 2001
From: Andrew Geissler <geissonator@yahoo.com>
Date: Fri, 24 Jul 2020 16:24:21 -0500
Subject: meta-openembedded: subtree update:e93d527a33..76b83194b3
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Alejandro Enedino Hernandez Samaniego (1):
      Remmina: Upgrade to 1.4.7

Alistair Francis (1):
      python3-obd: Add missing setuptools RDEPENDS

Andreas Müller (3):
      xfce4-whiskermenu-plugin: upgrade 2.4.4 -> 2.4.5
      xfce4-time-out-plugin: upgrade 1.1.0 -> 1.1.1
      graphene: upgrade 1.10.0 -> 1.10.2

Andrej Valek (1):
      python3-xlsxwriter: add recipe for v 1.2.9

Aníbal Limón (1):
      recipes-graphics: Add parallel-deqp-runner recipe

Armin Kuster (10):
      python3-flask-babel: update to 1.0.0 and consolidate
      python3-fastnumbers: Add new package
      python3-icu: add new package
      python3-natsort: add new package
      python3-croniter: Fix missing rdep
      python3-gmpy2: add new package
      python3-ecdsa: add package
      python3-rsa: add new package
      python3-gnupg: add new package
      python3-qrcode: add package

Changqing Li (2):
      rsyslog: get alias of syslog back
      radvd: add /etc/radvd.conf

Christian Eggers (2):
      networkmanager: Package nmcli separately
      networkmanager: Fix udev dependency

Colin McAllister (4):
      python3-cantools: Added recipe
      python3-dateparser: Added recipe
      python3-diskcache: Added recipe
      python3-bitstruct: Added recipe

Dmitry Baryshkov (1):
      recipes-graphics: add Khronos OpenGL ES and Vulkan CTS recipes

Julius Hemanth Pitti (1):
      netkit-telnetd: Fix buffer overflow in netoprintf

Kai Kang (1):
      python3-pykickstart: 3.22 -> 3.26

Khem Raj (4):
      ace: Upgrade to 6.5.10
      network-manager-applet: Add missing dependency on libgudev
      memcached: Upgrade to 1.6.6
      samba: Fix conflicts with nss.h from glibc

Leon Anavi (12):
      python3-cbor2: Upgrade 5.1.0 -> 5.1.1
      python3-psutil: Upgrade 5.7.0 -> 5.7.2
      python3-isort: Upgrade 4.3.21 -> 5.1.0
      python3-netaddr: Upgrade 0.7.20 -> 0.8.0
      python3-bitarray: Upgrade 1.2.2 -> 1.4.1
      python3-pymysql: Upgrade 0.9.3 -> 0.10.0
      python3-simplejson: Upgrade 3.17.0 -> 3.17.2
      python3-isort: Upgrade 5.1.0 -> 5.1.4
      python3-stevedore: Upgrade 2.0.1 -> 3.2.0
      python3-mock: Upgrade 4.0.1 -> 4.0.2
      python3-pychromecast: Upgrade 7.1.1 -> 7.1.2
      python3-coverage: Upgrade 5.1 -> 5.2

Matt Hoosier (1):
      glmark2: don't build full OpenGL backends by default

Mingde (Matthew) Zeng (1):
      net-snmp, openjpeg: add proper CVE tags to patches

Mingli Yu (1):
      freeradius: fix the existed certificate error

Ovidiu Panait (1):
      nss: upgrade 3.51.1 -> 3.54

Philip Balister (1):
      python3-pybind11: Use cmake to build and add -native version

Ryan Rowe (2):
      python3-packaging: add -native version
      python3-pint: add setuptools and packaging to RDEPENDS

Sakib Sajal (4):
      python3-mock: add recipe for v4.0.1
      python3-pep8: add recipe for v1.7.1
      python3-mccabe: add recipe for v0.2.1
      python3-requests-toolbelt: add ptest

Slater, Joseph (2):
      lvm2: reproducible binaries
      toybox-inittab: unpack to S

Wang Mingyu (2):
      python3-idna: upgrade 2.9 -> 2.10
      python3-pytz: upgrade 2019.3 -> 2020.1

Zang Ruochen (5):
      python3-requests-file: Enable ptest
      python3-semver: Enable ptest
      python3-smpplib: Enable ptest
      python3-soupsieve: Enable ptest
      python3-typeguard: Enable ptest

Zheng Ruoqin (3):
      babeld: upgrade 1.9.1 -> 1.9.2
      wireguard-module: upgrade 1.0.20200401 -> 1.0.20200712
      wireguard-tools: upgrade 1.0.20200319 -> 1.0.20200513

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I7d02cff7fbd61a6f8e1a96354e169f5f19edf023
---
 ...ility.c-Fix-buffer-overflow-in-netoprintf.patch | 56 ++++++++++++++++++++++
 .../netkit-telnet/netkit-telnet_0.17.bb            |  1 +
 2 files changed, 57 insertions(+)
 create mode 100644 meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch

(limited to 'meta-openembedded/meta-networking/recipes-netkit/netkit-telnet')

diff --git a/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch
new file mode 100644
index 000000000..8f983e40a
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch
@@ -0,0 +1,56 @@
+From 9c81c8e5bc7782e8ae12c078615abc3c896059f2 Mon Sep 17 00:00:00 2001
+From: Julius Hemanth Pitti <jpitti@cisco.com>
+Date: Tue, 14 Jul 2020 22:34:19 -0700
+Subject: [PATCH] telnetd/utility.c: Fix buffer overflow in netoprintf
+
+As per man page of vsnprintf, when formated
+string size is greater than "size"(2nd argument),
+then vsnprintf returns size of formated string,
+not "size"(2nd argument).
+
+netoprintf() was not handling a case where
+return value of vsnprintf is greater than
+"size"(2nd argument), results in buffer overflow
+while adjusting "nfrontp" pointer to point
+beyond "netobuf" buffer.
+
+Here is one such case where "nfrontp"
+crossed boundaries of "netobuf", and
+pointing to another global variable.
+
+(gdb) p &netobuf[8255]
+$5 = 0x55c93afe8b1f <netobuf+8255> ""
+(gdb) p nfrontp
+$6 = 0x55c93afe8c20 <terminaltype> "\377"
+(gdb) p &terminaltype
+$7 = (char **) 0x55c93afe8c20 <terminaltype>
+(gdb)
+
+This resulted in crash of telnetd service
+with segmentation fault.
+
+Though this is DoS security bug, I couldn't
+find any CVE ID for this.
+
+Upstream-Status: Pending
+
+Signed-off-by: Julius Hemanth Pitti <jpitti@cisco.com>
+---
+ telnetd/utility.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/telnetd/utility.c b/telnetd/utility.c
+index b9a46a6..4811f14 100644
+--- a/telnetd/utility.c
++++ b/telnetd/utility.c
+@@ -66,7 +66,7 @@ netoprintf(const char *fmt, ...)
+       len = vsnprintf(nfrontp, maxsize, fmt, ap);
+       va_end(ap);
+ 
+-      if (len<0 || len==maxsize) {
++      if (len<0 || len>=maxsize) {
+ 	 /* didn't fit */
+ 	 netflush();
+       }
+--
+2.19.1
diff --git a/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb
index 0e92add63..08dd532b6 100644
--- a/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb
+++ b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb
@@ -13,6 +13,7 @@ SRC_URI = "http://ftp.linux.org.uk/pub/linux/Networking/netkit/${BP}.tar.gz \
            file://0001-telnet-telnetd-Fix-print-format-strings.patch \
            file://0001-telnet-telnetd-Fix-deadlock-on-cleanup.patch \
            file://CVE-2020-10188.patch \
+           file://0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch \
            "
 
 UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/n/netkit-telnet/"
-- 
cgit v1.2.3