diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2020-04-13 21:39:40 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2020-05-05 16:30:44 +0300 |
commit | 82c905dc58a36aeae40b1b273a12f63fb1973cf4 (patch) | |
tree | 38caf00263451b5036435cdc36e035b25d32e623 /meta-openembedded/meta-networking/recipes-netkit | |
parent | 83ecb75644b3d677c274188f9ac0b2374d6f6925 (diff) | |
download | openbmc-82c905dc58a36aeae40b1b273a12f63fb1973cf4.tar.xz |
meta-openembedded and poky: subtree updates
Squash of the following due to dependencies among them
and OpenBMC changes:
meta-openembedded: subtree update:d0748372d2..9201611135
meta-openembedded: subtree update:9201611135..17fd382f34
poky: subtree update:9052e5b32a..2e11d97b6c
poky: subtree update:2e11d97b6c..a8544811d7
The change log was too large for the jenkins plugin
to handle therefore it has been removed. Here is
the first and last commit of each subtree:
meta-openembedded:d0748372d2
cppzmq: bump to version 4.6.0
meta-openembedded:17fd382f34
mpv: Remove X11 dependency
poky:9052e5b32a
package_ipk: Remove pointless comment to trigger rebuild
poky:a8544811d7
pbzip2: Fix license warning
Change-Id: If0fc6c37629642ee207a4ca2f7aa501a2c673cd6
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Diffstat (limited to 'meta-openembedded/meta-networking/recipes-netkit')
4 files changed, 147 insertions, 5 deletions
diff --git a/meta-openembedded/meta-networking/recipes-netkit/netkit-ftp/netkit-ftp_0.17.bb b/meta-openembedded/meta-networking/recipes-netkit/netkit-ftp/netkit-ftp_0.17.bb index 65c20c0728..cf306ec82e 100644 --- a/meta-openembedded/meta-networking/recipes-netkit/netkit-ftp/netkit-ftp_0.17.bb +++ b/meta-openembedded/meta-networking/recipes-netkit/netkit-ftp/netkit-ftp_0.17.bb @@ -18,6 +18,8 @@ SRC_URI[patch31.sha256sum] = "4edd46a32d70daa7ba00f0ebf0118dc5d17dff23d6e46aa21a inherit autotools-brokensep +CLEANBROKEN = "1" + do_configure () { ./configure --prefix=${prefix} echo "LDFLAGS=${LDFLAGS}" >> MCONFIG diff --git a/meta-openembedded/meta-networking/recipes-netkit/netkit-rwho/netkit-rwho_0.17.bb b/meta-openembedded/meta-networking/recipes-netkit/netkit-rwho/netkit-rwho_0.17.bb index 60a8d95b06..ad543b0fbd 100644 --- a/meta-openembedded/meta-networking/recipes-netkit/netkit-rwho/netkit-rwho_0.17.bb +++ b/meta-openembedded/meta-networking/recipes-netkit/netkit-rwho/netkit-rwho_0.17.bb @@ -5,7 +5,7 @@ LICENSE = "BSD-4-Clause" LIC_FILES_CHKSUM = "file://rwho/rwho.c;beginline=2;endline=3;md5=5a85f13c0142d72fc378e00f15da5b9e" SRC_URI = "${DEBIAN_MIRROR}/main/n/netkit-rwho/netkit-rwho_${PV}.orig.tar.gz;name=archive \ - ${DEBIAN_MIRROR}/main/n/netkit-rwho/netkit-rwho_${PV}-13.debian.tar.gz;name=patch13 \ + ${DEBIAN_MIRROR}/main/n/netkit-rwho/netkit-rwho_${PV}-13.debian.tar.gz;subdir=${BP};name=patch13 \ file://rwhod \ file://rwhod.default \ file://0001-Add-missing-include-path-to-I-options.patch \ @@ -20,13 +20,37 @@ inherit autotools-brokensep useradd update-rc.d update-alternatives CFLAGS += " -D_GNU_SOURCE" -debian_do_patch() { - cd ${S} - while read line; do patch -p1 < ${WORKDIR}/debian/patches/$line; done < ${WORKDIR}/debian/patches/series +# Unlike other Debian packages, net-tools *.diff.gz contains another series of +# patches maintained by quilt. So manually apply them before applying other local +# patches. Also remove all temp files before leaving, because do_patch() will pop +# up all previously applied patches in the start +do_patch[depends] += "quilt-native:do_populate_sysroot" +netkit_do_patch() { + cd ${S} + # it's important that we only pop the existing patches when they've + # been applied, otherwise quilt will climb the directory tree + # and reverse out some completely different set of patches + if [ -d ${S}/patches ]; then + # whilst this is the default directory, doing it like this + # defeats the directory climbing that quilt will otherwise + # do; note the directory must exist to defeat this, hence + # the test inside which we operate + QUILT_PATCHES=${S}/patches quilt pop -a + fi + if [ -d ${S}/.pc-${BPN} ]; then + rm -rf ${S}/.pc + mv ${S}/.pc-${BPN} ${S}/.pc + QUILT_PATCHES=${S}/debian/patches quilt pop -a + rm -rf ${S}/.pc ${S}/debian + fi + QUILT_PATCHES=${S}/debian/patches quilt push -a + mv ${S}/.pc ${S}/.pc-${BPN} } +do_unpack[cleandirs] += "${S}" + python do_patch() { - bb.build.exec_func('debian_do_patch', d) + bb.build.exec_func('netkit_do_patch', d) bb.build.exec_func('patch_do_patch', d) } diff --git a/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/CVE-2020-10188.patch b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/CVE-2020-10188.patch new file mode 100644 index 0000000000..d21c602746 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/CVE-2020-10188.patch @@ -0,0 +1,112 @@ +From 6ab007dbb1958371abff2eaaad2b26da89b3c74e Mon Sep 17 00:00:00 2001 +From: Yi Zhao <yi.zhao@windriver.com> +Date: Fri, 24 Apr 2020 09:43:44 +0800 +Subject: [PATCH] telnetd/utility.c: fix CVE-2020-10188 + +Upstream-Status: Backport +[Fedora: https://src.fedoraproject.org/rpms/telnet/raw/master/f/telnet-0.17-overflow-exploit.patch] + +CVE: CVE-2020-10188 + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + telnetd/utility.c | 32 +++++++++++++++++++++----------- + 1 file changed, 21 insertions(+), 11 deletions(-) + +diff --git a/telnetd/utility.c b/telnetd/utility.c +index 75314cb..b9a46a6 100644 +--- a/telnetd/utility.c ++++ b/telnetd/utility.c +@@ -169,31 +169,38 @@ void ptyflush(void) + */ + static + char * +-nextitem(char *current) ++nextitem(char *current, const char *endp) + { ++ if (current >= endp) { ++ return NULL; ++ } + if ((*current&0xff) != IAC) { + return current+1; + } ++ if (current+1 >= endp) { ++ return NULL; ++ } + switch (*(current+1)&0xff) { + case DO: + case DONT: + case WILL: + case WONT: +- return current+3; ++ return current+3 <= endp ? current+3 : NULL; + case SB: /* loop forever looking for the SE */ + { + register char *look = current+2; + +- for (;;) { ++ while (look < endp) { + if ((*look++&0xff) == IAC) { +- if ((*look++&0xff) == SE) { ++ if (look < endp && (*look++&0xff) == SE) { + return look; + } + } + } ++ return NULL; + } + default: +- return current+2; ++ return current+2 <= endp ? current+2 : NULL; + } + } /* end of nextitem */ + +@@ -219,7 +226,7 @@ void netclear(void) + register char *thisitem, *next; + char *good; + #define wewant(p) ((nfrontp > p) && ((*p&0xff) == IAC) && \ +- ((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL)) ++ (nfrontp > p+1 && (((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL)))) + + #if defined(ENCRYPT) + thisitem = nclearto > netobuf ? nclearto : netobuf; +@@ -227,7 +234,7 @@ void netclear(void) + thisitem = netobuf; + #endif + +- while ((next = nextitem(thisitem)) <= nbackp) { ++ while ((next = nextitem(thisitem, nbackp)) != NULL && next <= nbackp) { + thisitem = next; + } + +@@ -239,20 +246,23 @@ void netclear(void) + good = netobuf; /* where the good bytes go */ + #endif + +- while (nfrontp > thisitem) { ++ while (thisitem != NULL && nfrontp > thisitem) { + if (wewant(thisitem)) { + int length; + + next = thisitem; + do { +- next = nextitem(next); +- } while (wewant(next) && (nfrontp > next)); ++ next = nextitem(next, nfrontp); ++ } while (next != NULL && wewant(next) && (nfrontp > next)); ++ if (next == NULL) { ++ next = nfrontp; ++ } + length = next-thisitem; + bcopy(thisitem, good, length); + good += length; + thisitem = next; + } else { +- thisitem = nextitem(thisitem); ++ thisitem = nextitem(thisitem, nfrontp); + } + } + +-- +2.7.4 + diff --git a/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb index cf9934138d..0e92add633 100644 --- a/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb +++ b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb @@ -12,6 +12,7 @@ SRC_URI = "http://ftp.linux.org.uk/pub/linux/Networking/netkit/${BP}.tar.gz \ file://cross-compile.patch \ file://0001-telnet-telnetd-Fix-print-format-strings.patch \ file://0001-telnet-telnetd-Fix-deadlock-on-cleanup.patch \ + file://CVE-2020-10188.patch \ " UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/n/netkit-telnet/" @@ -57,6 +58,9 @@ ALTERNATIVE_${PN} = "telnet" ALTERNATIVE_LINK_NAME[telnet] = "${bindir}/telnet" ALTERNATIVE_TARGET[telnet] = "${bindir}/telnet.${PN}" +ALTERNATIVE_${PN}-doc = "telnetd.8" +ALTERNATIVE_LINK_NAME[telnetd.8] = "${mandir}/man8/telnetd.8" + SRC_URI[md5sum] = "d6beabaaf53fe6e382c42ce3faa05a36" SRC_URI[sha256sum] = "9c80d5c7838361a328fb6b60016d503def9ce53ad3c589f3b08ff71a2bb88e00" FILES_${PN} += "${sbindir}/in.* ${libdir}/* ${sysconfdir}/xinetd.d/*" |