diff options
| author | Patrick Williams <patrick@stwcx.xyz> | 2021-08-30 23:17:28 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2021-08-30 23:18:26 +0300 |
| commit | d767d3fb1ba70f03e0e212c24f41404f1248f660 (patch) | |
| tree | 4d4edb47d2feadc58ecb1556be3ef484b8559ac8 /meta-openembedded/meta-networking/recipes-support | |
| parent | 8c7c9f834fb9bcc6eaf21e509c7627f13086b5a7 (diff) | |
| download | openbmc-hardknott.tar.xz | |
subtree updateshardknott
poky: 14c5392fde..b89bb2651d:
Alexander Kanavin (3):
devtool: correctly handle non-standard source tree locations in upgrades
devtool: print a warning on upgrades if PREFERRED_VERSION is set
nettle: update 3.7.2 -> 3.7.3
Alexandre Belloni (1):
oeqa/runtime/cases: make date.DateTest.test_date more reliable
Anton Blanchard (1):
kmod: use nonarch_base_libdir for depmod.d and modprobe.d
Armin Kuster (1):
gnutls: Enable seccomp if FEATURE is set
Bruce Ashfield (17):
linux-yocto: add vfat KERNEL_FEATURE when MACHINE_FEATURES include vfat
linux-yocto/5.10: update to v5.10.49
linux-yocto/5.4: update to v5.4.131
linux-yocto/5.10: update to v5.10.50
linux-yocto/5.4: update to v5.4.132
linux-yocto/5.10: update to v5.10.52
linux-yocto/5.4: update to v5.4.134
linux-yocto/5.10: update to v5.10.53
linux-yocto/5.4: update to v5.4.135
linux-yocto-rt/5.10: update to -rt47
linux-yocto/5.10: enable TYPEC_TCPCI in usbc fragment
linux-yocto/5.10: update to v5.10.55
linux-yocto/5.4: update to v5.4.137
linux-yocto/5.4: update to v5.4.139
linux-yocto/5.10: update to v5.10.57
kernel-devsrc: 5.14+ updates
kernel-devsrc: fix 5.14+ objtool compilation
Changqing Li (1):
archiver.bbclass: fix do_ar_configured failure for kernel
Chen Qi (2):
systemd: fix CVE-2020-13529
zstd: fix CVE_PRODUCT
Damian Wrobel (1):
gobject-introspection: Fix the license (add MIT)
Dmitry Baryshkov (1):
linux-firmware: add more Qualcomm firmware packages
Joe Slater (2):
util-linux: fix CVE 2021-37600
terminal.bbclass: force bash for devshell
Jon Mason (1):
parselogs.py: qemuarm should be qemuarmv5
Jose Quaresma (1):
sstate.bbclass: fix error handling when sstate mirrors is ro
Khairul Rohaizzat Jamaluddin (1):
glibc: Fix CVE-2021-33574
Khem Raj (4):
ovmf: Fix VLA warnings with GCC 11
stress-ng: Drop defining daddr_t
gnutls: Point to staging area for finding seccomp libs and includes
sdk: Enable do_populate_sdk with multilibs
Lee Chee Yang (2):
aspell: fix CVE-2019-25051
qemu: fix CVE-2021-3527
Marek Vasut (1):
update-rc.d: update SRCREV to pull in fix for non-bash shell support
Marta Rybczynska (1):
lzo: add CVE_PRODUCT
Matthias Klein (1):
runqemu: Fix typo in error message
Matthias Schiffer (1):
initscripts: fix creation order for /var/log with VOLATILE_LOG_DIR=true
Michael Opdenacker (4):
oe-setup-builddir: update YP docs and OE URLs
cve-check: fix comments
cve-check: update link to NVD website for CVE details
cve-check: improve comment about CVE patch file names
Mingli Yu (3):
netbase: use git fetcher
curl: fix CVE-2021-22925
curl: fix CVES
Nicolas Dechesne (4):
yocto-check-layer: improve missed dependencies
checklayer: new function get_layer_dependencies()
checklayer: rename _find_layer_depends
yocto-check-layer: ensure that all layer dependencies are tested too
Oleksandr Kravchuk (1):
bitbake.conf: change GNOME_MIRROR to new one
Oleksandr Popovych (1):
utils: Reduce the number of calls to the "dirname" command
Patrick Williams (1):
pixman: re-disable iwmmxt
Ralph Siemsen (1):
oeqa/manual/toaster: fix small typo
Richard Purdie (6):
pseudo: Add uninative configuration sanity check
pseudo: Update to latest version including statx fix
sstate: Drop pseudo exclusion
sstate: Fix rebuilds when changing layer config
license: Exclude COPYING.MIT from pseudo
oeqa/runtime/cases/ptest: Increase test timeout from 300s to 450s
Ross Burton (9):
parted: improve ptest execution
parted: fix ptest RRECOMMENDS
parted: skip tests that need vfat support
avahi: fix CVE-2021-36217, crash on pinging '.local'
glew: fix Makefile race
qemu: fix virtio vhost-user-gpu CVEs
tar: ignore node-tar CVEs
e2fsprogs: ensure small images have 256-byte inodes
wic: don't forcibly pass -T default
Sakib Sajal (5):
go: fix CVE-2020-29509, CVE-2020-29511
qemu: fix CVE-2021-3582
qemu: fix CVE-2021-3607
qemu: fix CVE-2021-3608
go: upgrade 1.16.5 -> 1.16.7
Tony Tascioglu (6):
valgrind: skip flaky ptest fb_test_amd64
ffmpeg: fix CVE-2020-20446
ffmpeg: fix CVE-2020-20453
ffmpeg: fix CVE-2020-22015
ffmpeg: fix CVE-2020-22021
ffmpeg: fix CVE-2020-22019 and CVE-2020-22033
Trevor Gamblin (1):
python3-pip: fix CVE-2021-3572
Ulrich Ölmann (2):
initramfs-framework: fix whitespace issue
initramfs-framework/setup-live: fix shebang
Vinay Kumar (2):
glibc: Fix CVE-2021-35942
glibc: Fix CVE-2021-38604
hongxu (2):
createrepo-c: fix createrepo-c failed in nativesdk
sdk: fix relocate symlink failed
leimaohui (1):
archiver.bbclass: Fix patch error for recipes that inherit dos2unix.
wangmy (1):
gnutls: upgrade 3.7.1 -> 3.7.2
meta-openembedded: 5a4b2ab29d..5741b949a8:
Anastasios Kavoukis (1):
pm-qa: fix paths for shell scripts
Armin Kuster (1):
wireshark: update to 3.4.7
Changqing Li (2):
ndpi: fix CVE-2021-36082
linuxptp: upgrade 3.1 -> 3.1.1
Devendra Tewari (1):
Suppress eol in functionfs setup scripts (#147)
Gianfranco (1):
vboxguestdrivers: upgrade 6.1.22 -> 6.1.24
Joe Slater (1):
php: move to version 7.4.21
Kai Kang (1):
libdbi-perl: fix CVE-2014-10402
Khem Raj (2):
fvwm: Package extra files and man pages
fvwm: Fix build time paths in target perl/python scripts
Li Wang (1):
openlldp: fix segfault
Michael Opdenacker (1):
bigbuckbunny-1080p: fix sample video URL
Mingli Yu (3):
mariadb: redefine log-error item
mariadb: Update SRC_URI
polkit: fix CVE-2021-3560
Paulo Neves (1):
htop: Add ncurses-terminfo-base to RDEPENDS
Roland Hieber (2):
curlpp: fix override syntax
ldns: fix override syntax
Sakib Sajal (1):
gd: fix CVE-2021-38115
Tony Battersby (3):
net-snmp: fix QA Issue after LDFLAGS change
curlpp: fix QA Issue after LDFLAGS change
ldns: fix QA Issue after LDFLAGS change
Tony Tascioglu (1):
redis: fix CVE-2021-32625
wangmy (2):
nghttp2: upgrade 1.43.0 -> 1.44.0
libtalloc: upgrade 2.3.2 -> 2.3.3
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I12cf9ce6cd256bd08bd4e97856ba45ccb993ddc4
Diffstat (limited to 'meta-openembedded/meta-networking/recipes-support')
| -rw-r--r-- | meta-openembedded/meta-networking/recipes-support/curlpp/curlpp_0.8.1.bb | 7 | ||||
| -rw-r--r-- | meta-openembedded/meta-networking/recipes-support/libtalloc/libtalloc_2.3.3.bb (renamed from meta-openembedded/meta-networking/recipes-support/libtalloc/libtalloc_2.3.2.bb) | 6 | ||||
| -rw-r--r-- | meta-openembedded/meta-networking/recipes-support/nghttp2/nghttp2_1.44.0.bb (renamed from meta-openembedded/meta-networking/recipes-support/nghttp2/nghttp2_1.43.0.bb) | 2 | ||||
| -rw-r--r-- | meta-openembedded/meta-networking/recipes-support/ntopng/files/CVE-2021-36082.patch | 116 | ||||
| -rw-r--r-- | meta-openembedded/meta-networking/recipes-support/ntopng/ndpi_3.4.bb | 1 | ||||
| -rw-r--r-- | meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.7.bb (renamed from meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.6.bb) | 2 |
6 files changed, 129 insertions, 5 deletions
diff --git a/meta-openembedded/meta-networking/recipes-support/curlpp/curlpp_0.8.1.bb b/meta-openembedded/meta-networking/recipes-support/curlpp/curlpp_0.8.1.bb index 799cf8611c..bb1ee7d7ae 100644 --- a/meta-openembedded/meta-networking/recipes-support/curlpp/curlpp_0.8.1.bb +++ b/meta-openembedded/meta-networking/recipes-support/curlpp/curlpp_0.8.1.bb @@ -16,3 +16,10 @@ S = "${WORKDIR}/git" inherit cmake pkgconfig binconfig BBCLASSEXTEND = "native nativesdk" + +do_install_append() { + sed -e 's@[^ ]*-ffile-prefix-map=[^ "]*@@g' \ + -e 's@[^ ]*-fdebug-prefix-map=[^ "]*@@g' \ + -e 's@[^ ]*-fmacro-prefix-map=[^ "]*@@g' \ + -i ${D}${libdir}/pkgconfig/*.pc +} diff --git a/meta-openembedded/meta-networking/recipes-support/libtalloc/libtalloc_2.3.2.bb b/meta-openembedded/meta-networking/recipes-support/libtalloc/libtalloc_2.3.3.bb index ae92de2db3..1d227dac6c 100644 --- a/meta-openembedded/meta-networking/recipes-support/libtalloc/libtalloc_2.3.2.bb +++ b/meta-openembedded/meta-networking/recipes-support/libtalloc/libtalloc_2.3.3.bb @@ -3,14 +3,14 @@ HOMEPAGE = "http://talloc.samba.org" SECTION = "libs" LICENSE = "LGPL-3.0+ & GPL-3.0+" LIC_FILES_CHKSUM = "file://talloc.h;beginline=3;endline=27;md5=a301712782cad6dd6d5228bfa7825249 \ - file://pytalloc.h;beginline=1;endline=18;md5=2c498cc6f2263672483237b20f46b43d" + file://pytalloc.h;beginline=1;endline=18;md5=21ab13bd853679d7d47a1739cb3b7db6 \ + " SRC_URI = "https://www.samba.org/ftp/talloc/talloc-${PV}.tar.gz \ file://options-2.2.0.patch \ " -SRC_URI[md5sum] = "3376a86bdf9dd4abc6b8d8d645390902" -SRC_URI[sha256sum] = "27a03ef99e384d779124df755deb229cd1761f945eca6d200e8cfd9bf5297bd7" +SRC_URI[sha256sum] = "6be95b2368bd0af1c4cd7a88146eb6ceea18e46c3ffc9330bf6262b40d1d8aaa" inherit waf-samba diff --git a/meta-openembedded/meta-networking/recipes-support/nghttp2/nghttp2_1.43.0.bb b/meta-openembedded/meta-networking/recipes-support/nghttp2/nghttp2_1.44.0.bb index 959cccf357..32a9307c3f 100644 --- a/meta-openembedded/meta-networking/recipes-support/nghttp2/nghttp2_1.43.0.bb +++ b/meta-openembedded/meta-networking/recipes-support/nghttp2/nghttp2_1.44.0.bb @@ -11,7 +11,7 @@ SRC_URI = "\ https://github.com/nghttp2/nghttp2/releases/download/v${PV}/nghttp2-${PV}.tar.xz \ file://0001-fetch-ocsp-response-use-python3.patch \ " -SRC_URI[sha256sum] = "f7d54fa6f8aed29f695ca44612136fa2359013547394d5dffeffca9e01a26b0f" +SRC_URI[sha256sum] = "5699473b29941e8dafed10de5c8cb37a3581edf62ba7d04b911ca247d4de3c5d" inherit cmake manpages python3native PACKAGECONFIG[manpages] = "" diff --git a/meta-openembedded/meta-networking/recipes-support/ntopng/files/CVE-2021-36082.patch b/meta-openembedded/meta-networking/recipes-support/ntopng/files/CVE-2021-36082.patch new file mode 100644 index 0000000000..8fdd62d186 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/ntopng/files/CVE-2021-36082.patch @@ -0,0 +1,116 @@ +From 1ec621c85b9411cc611652fd57a892cfef478af3 Mon Sep 17 00:00:00 2001 +From: Luca Deri <deri@ntop.org> +Date: Sat, 15 May 2021 19:53:46 +0200 +Subject: [PATCH] Added further checks + +Upstream-Status: Backport [https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3] +CVE: CVE-2021-36082 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> + +--- + src/lib/protocols/netbios.c | 2 +- + src/lib/protocols/tls.c | 32 +++++++++++++++++--------------- + 2 files changed, 18 insertions(+), 16 deletions(-) + +diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c +index 1f3850cb..0d3b705f 100644 +--- a/src/lib/protocols/netbios.c ++++ b/src/lib/protocols/netbios.c +@@ -42,7 +42,7 @@ int ndpi_netbios_name_interpret(char *in, size_t inlen, char *out, u_int out_len + int ret = 0, len, idx = inlen; + char *b; + +- len = (*in++)/2; ++ len = (*in++)/2, inlen--; + b = out; + *out = 0; + +diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c +index 5b572cae..c115ac08 100644 +--- a/src/lib/protocols/tls.c ++++ b/src/lib/protocols/tls.c +@@ -994,21 +994,23 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, + i += 4 + extension_len, offset += 4 + extension_len; + } + +- ja3_str_len = snprintf(ja3_str, sizeof(ja3_str), "%u,", ja3.tls_handshake_version); ++ ja3_str_len = snprintf(ja3_str, JA3_STR_LEN, "%u,", ja3.tls_handshake_version); + +- for(i=0; i<ja3.num_cipher; i++) { +- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.cipher[i]); ++ for(i=0; (i<ja3.num_cipher) && (JA3_STR_LEN > ja3_str_len); i++) { ++ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.cipher[i]); + + if(rc <= 0) break; else ja3_str_len += rc; + } + +- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ","); +- if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; ++ if(JA3_STR_LEN > ja3_str_len) { ++ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ","); ++ if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; ++ } + + /* ********** */ + +- for(i=0; i<ja3.num_tls_extension; i++) { +- int rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.tls_extension[i]); ++ for(i=0; (i<ja3.num_tls_extension) && (JA3_STR_LEN-ja3_str_len); i++) { ++ int rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.tls_extension[i]); + + if(rc <= 0) break; else ja3_str_len += rc; + } +@@ -1443,41 +1445,41 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, + int rc; + + compute_ja3c: +- ja3_str_len = snprintf(ja3_str, sizeof(ja3_str), "%u,", ja3.tls_handshake_version); ++ ja3_str_len = snprintf(ja3_str, JA3_STR_LEN, "%u,", ja3.tls_handshake_version); + + for(i=0; i<ja3.num_cipher; i++) { +- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", ++ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", + (i > 0) ? "-" : "", ja3.cipher[i]); + if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break; + } + +- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ","); ++ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ","); + if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; + + /* ********** */ + + for(i=0; i<ja3.num_tls_extension; i++) { +- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", ++ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", + (i > 0) ? "-" : "", ja3.tls_extension[i]); + if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break; + } + +- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ","); ++ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ","); + if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; + + /* ********** */ + + for(i=0; i<ja3.num_elliptic_curve; i++) { +- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", ++ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", + (i > 0) ? "-" : "", ja3.elliptic_curve[i]); + if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break; + } + +- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ","); ++ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ","); + if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; + + for(i=0; i<ja3.num_elliptic_curve_point_format; i++) { +- rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", ++ rc = snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u", + (i > 0) ? "-" : "", ja3.elliptic_curve_point_format[i]); + if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; else break; + } +-- +2.17.1 + diff --git a/meta-openembedded/meta-networking/recipes-support/ntopng/ndpi_3.4.bb b/meta-openembedded/meta-networking/recipes-support/ntopng/ndpi_3.4.bb index 22e4d8e9ae..b90f575b93 100644 --- a/meta-openembedded/meta-networking/recipes-support/ntopng/ndpi_3.4.bb +++ b/meta-openembedded/meta-networking/recipes-support/ntopng/ndpi_3.4.bb @@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b52f2d57d10c4f7ee67a7eb9615d5d24" SRCREV = "64929a75e0a7a60d864bd25a9fd97fdf9ac892a2" SRC_URI = "git://github.com/ntop/nDPI.git;branch=3.4-stable \ file://0001-autogen.sh-not-generate-configure.patch \ + file://CVE-2021-36082.patch \ " S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.6.bb b/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.7.bb index 6acd849f89..2e0fdae63b 100644 --- a/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.6.bb +++ b/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.4.7.bb @@ -19,7 +19,7 @@ SRC_URI += " \ UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" -SRC_URI[sha256sum] = "12a678208f8cb009e6b9d96026e41a6ef03c7ad086b9e1029f42053b249b4628" +SRC_URI[sha256sum] = "6c4cee51ef997cb9d9aaee84113525a5629157d3c743d7c4e320000de804a09d" PE = "1" |