From 82c905dc58a36aeae40b1b273a12f63fb1973cf4 Mon Sep 17 00:00:00 2001
From: Andrew Geissler <geissonator@yahoo.com>
Date: Mon, 13 Apr 2020 13:39:40 -0500
Subject: meta-openembedded and poky: subtree updates

Squash of the following due to dependencies among them
and OpenBMC changes:

meta-openembedded: subtree update:d0748372d2..9201611135
meta-openembedded: subtree update:9201611135..17fd382f34
poky: subtree update:9052e5b32a..2e11d97b6c
poky: subtree update:2e11d97b6c..a8544811d7

The change log was too large for the jenkins plugin
to handle therefore it has been removed. Here is
the first and last commit of each subtree:

meta-openembedded:d0748372d2
      cppzmq: bump to version 4.6.0
meta-openembedded:17fd382f34
      mpv: Remove X11 dependency
poky:9052e5b32a
      package_ipk: Remove pointless comment to trigger rebuild
poky:a8544811d7
      pbzip2: Fix license warning

Change-Id: If0fc6c37629642ee207a4ca2f7aa501a2c673cd6
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
---
 .../recipes-netkit/netkit-ftp/netkit-ftp_0.17.bb   |   2 +
 .../recipes-netkit/netkit-rwho/netkit-rwho_0.17.bb |  34 ++++++-
 .../netkit-telnet/files/CVE-2020-10188.patch       | 112 +++++++++++++++++++++
 .../netkit-telnet/netkit-telnet_0.17.bb            |   4 +
 4 files changed, 147 insertions(+), 5 deletions(-)
 create mode 100644 meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/CVE-2020-10188.patch

(limited to 'meta-openembedded/meta-networking/recipes-netkit')

diff --git a/meta-openembedded/meta-networking/recipes-netkit/netkit-ftp/netkit-ftp_0.17.bb b/meta-openembedded/meta-networking/recipes-netkit/netkit-ftp/netkit-ftp_0.17.bb
index 65c20c072..cf306ec82 100644
--- a/meta-openembedded/meta-networking/recipes-netkit/netkit-ftp/netkit-ftp_0.17.bb
+++ b/meta-openembedded/meta-networking/recipes-netkit/netkit-ftp/netkit-ftp_0.17.bb
@@ -18,6 +18,8 @@ SRC_URI[patch31.sha256sum] = "4edd46a32d70daa7ba00f0ebf0118dc5d17dff23d6e46aa21a
 
 inherit autotools-brokensep
 
+CLEANBROKEN = "1"
+
 do_configure () {
     ./configure --prefix=${prefix}
     echo "LDFLAGS=${LDFLAGS}" >> MCONFIG
diff --git a/meta-openembedded/meta-networking/recipes-netkit/netkit-rwho/netkit-rwho_0.17.bb b/meta-openembedded/meta-networking/recipes-netkit/netkit-rwho/netkit-rwho_0.17.bb
index 60a8d95b0..ad543b0fb 100644
--- a/meta-openembedded/meta-networking/recipes-netkit/netkit-rwho/netkit-rwho_0.17.bb
+++ b/meta-openembedded/meta-networking/recipes-netkit/netkit-rwho/netkit-rwho_0.17.bb
@@ -5,7 +5,7 @@ LICENSE = "BSD-4-Clause"
 LIC_FILES_CHKSUM = "file://rwho/rwho.c;beginline=2;endline=3;md5=5a85f13c0142d72fc378e00f15da5b9e"
 
 SRC_URI = "${DEBIAN_MIRROR}/main/n/netkit-rwho/netkit-rwho_${PV}.orig.tar.gz;name=archive \
-           ${DEBIAN_MIRROR}/main/n/netkit-rwho/netkit-rwho_${PV}-13.debian.tar.gz;name=patch13 \
+           ${DEBIAN_MIRROR}/main/n/netkit-rwho/netkit-rwho_${PV}-13.debian.tar.gz;subdir=${BP};name=patch13 \
            file://rwhod \
            file://rwhod.default \
            file://0001-Add-missing-include-path-to-I-options.patch \
@@ -20,13 +20,37 @@ inherit autotools-brokensep useradd update-rc.d update-alternatives
 
 CFLAGS += " -D_GNU_SOURCE"
 
-debian_do_patch() {
-    cd ${S}
-    while read line; do patch -p1 < ${WORKDIR}/debian/patches/$line; done < ${WORKDIR}/debian/patches/series
+# Unlike other Debian packages, net-tools *.diff.gz contains another series of
+# patches maintained by quilt. So manually apply them before applying other local
+# patches. Also remove all temp files before leaving, because do_patch() will pop
+# up all previously applied patches in the start
+do_patch[depends] += "quilt-native:do_populate_sysroot"
+netkit_do_patch() {
+        cd ${S}
+        # it's important that we only pop the existing patches when they've
+        # been applied, otherwise quilt will climb the directory tree
+        # and reverse out some completely different set of patches
+        if [ -d ${S}/patches ]; then
+                # whilst this is the default directory, doing it like this
+                # defeats the directory climbing that quilt will otherwise
+                # do; note the directory must exist to defeat this, hence
+                # the test inside which we operate
+                QUILT_PATCHES=${S}/patches quilt pop -a
+        fi
+        if [ -d ${S}/.pc-${BPN} ]; then
+                rm -rf ${S}/.pc
+                mv ${S}/.pc-${BPN} ${S}/.pc
+                QUILT_PATCHES=${S}/debian/patches quilt pop -a
+                rm -rf ${S}/.pc ${S}/debian
+        fi
+        QUILT_PATCHES=${S}/debian/patches quilt push -a
+        mv ${S}/.pc ${S}/.pc-${BPN}
 }
 
+do_unpack[cleandirs] += "${S}"
+
 python do_patch() {
-    bb.build.exec_func('debian_do_patch', d)
+    bb.build.exec_func('netkit_do_patch', d)
     bb.build.exec_func('patch_do_patch', d)
 }
 
diff --git a/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/CVE-2020-10188.patch b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/CVE-2020-10188.patch
new file mode 100644
index 000000000..d21c60274
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/CVE-2020-10188.patch
@@ -0,0 +1,112 @@
+From 6ab007dbb1958371abff2eaaad2b26da89b3c74e Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Fri, 24 Apr 2020 09:43:44 +0800
+Subject: [PATCH] telnetd/utility.c: fix CVE-2020-10188
+
+Upstream-Status: Backport
+[Fedora: https://src.fedoraproject.org/rpms/telnet/raw/master/f/telnet-0.17-overflow-exploit.patch]
+
+CVE: CVE-2020-10188
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ telnetd/utility.c | 32 +++++++++++++++++++++-----------
+ 1 file changed, 21 insertions(+), 11 deletions(-)
+
+diff --git a/telnetd/utility.c b/telnetd/utility.c
+index 75314cb..b9a46a6 100644
+--- a/telnetd/utility.c
++++ b/telnetd/utility.c
+@@ -169,31 +169,38 @@ void 	ptyflush(void)
+  */
+ static
+ char *
+-nextitem(char *current)
++nextitem(char *current, const char *endp)
+ {
++    if (current >= endp) {
++        return NULL;
++    }
+     if ((*current&0xff) != IAC) {
+ 	return current+1;
+     }
++    if (current+1 >= endp) {
++        return NULL;
++    }
+     switch (*(current+1)&0xff) {
+     case DO:
+     case DONT:
+     case WILL:
+     case WONT:
+-	return current+3;
++	return current+3 <= endp ? current+3 : NULL;
+     case SB:		/* loop forever looking for the SE */
+ 	{
+ 	    register char *look = current+2;
+ 
+-	    for (;;) {
++	    while (look < endp) {
+ 		if ((*look++&0xff) == IAC) {
+-		    if ((*look++&0xff) == SE) {
++		    if (look < endp && (*look++&0xff) == SE) {
+ 			return look;
+ 		    }
+ 		}
+ 	    }
++	    return NULL;
+ 	}
+     default:
+-	return current+2;
++	return current+2 <= endp ? current+2 : NULL;
+     }
+ }  /* end of nextitem */
+ 
+@@ -219,7 +226,7 @@ void netclear(void)
+     register char *thisitem, *next;
+     char *good;
+ #define	wewant(p)	((nfrontp > p) && ((*p&0xff) == IAC) && \
+-				((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))
++				(nfrontp > p+1 && (((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))))
+ 
+ #if	defined(ENCRYPT)
+     thisitem = nclearto > netobuf ? nclearto : netobuf;
+@@ -227,7 +234,7 @@ void netclear(void)
+     thisitem = netobuf;
+ #endif
+ 
+-    while ((next = nextitem(thisitem)) <= nbackp) {
++    while ((next = nextitem(thisitem, nbackp)) != NULL && next <= nbackp) {
+ 	thisitem = next;
+     }
+ 
+@@ -239,20 +246,23 @@ void netclear(void)
+     good = netobuf;	/* where the good bytes go */
+ #endif
+ 
+-    while (nfrontp > thisitem) {
++    while (thisitem != NULL && nfrontp > thisitem) {
+ 	if (wewant(thisitem)) {
+ 	    int length;
+ 
+ 	    next = thisitem;
+ 	    do {
+-		next = nextitem(next);
+-	    } while (wewant(next) && (nfrontp > next));
++		next = nextitem(next, nfrontp);
++	    } while (next != NULL && wewant(next) && (nfrontp > next));
++	    if (next == NULL) {
++		next = nfrontp;
++	    }
+ 	    length = next-thisitem;
+ 	    bcopy(thisitem, good, length);
+ 	    good += length;
+ 	    thisitem = next;
+ 	} else {
+-	    thisitem = nextitem(thisitem);
++	    thisitem = nextitem(thisitem, nfrontp);
+ 	}
+     }
+ 
+-- 
+2.7.4
+
diff --git a/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb
index cf9934138..0e92add63 100644
--- a/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb
+++ b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb
@@ -12,6 +12,7 @@ SRC_URI = "http://ftp.linux.org.uk/pub/linux/Networking/netkit/${BP}.tar.gz \
            file://cross-compile.patch \
            file://0001-telnet-telnetd-Fix-print-format-strings.patch \
            file://0001-telnet-telnetd-Fix-deadlock-on-cleanup.patch \
+           file://CVE-2020-10188.patch \
            "
 
 UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/n/netkit-telnet/"
@@ -57,6 +58,9 @@ ALTERNATIVE_${PN} = "telnet"
 ALTERNATIVE_LINK_NAME[telnet] = "${bindir}/telnet"
 ALTERNATIVE_TARGET[telnet] = "${bindir}/telnet.${PN}"
 
+ALTERNATIVE_${PN}-doc = "telnetd.8"
+ALTERNATIVE_LINK_NAME[telnetd.8] = "${mandir}/man8/telnetd.8"
+
 SRC_URI[md5sum] = "d6beabaaf53fe6e382c42ce3faa05a36"
 SRC_URI[sha256sum] = "9c80d5c7838361a328fb6b60016d503def9ce53ad3c589f3b08ff71a2bb88e00"
 FILES_${PN} += "${sbindir}/in.* ${libdir}/* ${sysconfdir}/xinetd.d/*"
-- 
cgit v1.2.3