diff options
| author | Patrick Williams <patrick@stwcx.xyz> | 2021-08-04 00:10:07 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2021-08-04 00:11:30 +0300 |
| commit | 0d7b32aa69f75b8abd5d5ebdefd473a5b875e470 (patch) | |
| tree | b2d6aff967ae759c2f852799b3e7067de5617dd0 /meta-openembedded/meta-webserver | |
| parent | 9add46f3d21fafcb493e23477eebd415db755095 (diff) | |
| download | openbmc-0d7b32aa69f75b8abd5d5ebdefd473a5b875e470.tar.xz | |
subtree updates
meta-security: 93232ae6d5..6466c6fb02:
Armin Kuster (1):
tpm-tools: fix build issue
poky: dc29017614..7d2f118cb6:
Alexander Kanavin (3):
python3: apply test skipping patch unconditionally
selftest: do not hardcode /tmp/sdk
bootchart2: update 0.14.8 -> 0.14.9
Andrej Valek (1):
busybox: add tmpdir option into mktemp applet
Bruce Ashfield (7):
linux-yocto/5.4: update to v5.4.124
linux-yocto/5.4: update to v5.4.125
linux-yocto/5.4: update to v5.4.128
linux-yocto/5.4: update to v5.4.129
linux-yocto/5.4: update to v5.4.131
linux-yocto/5.4: update to v5.4.132
kernel-devsrc: fix 32bit ARM devsrc builds
Chen Qi (1):
busybox: fix CVE-2021-28831
Denys Dmytriyenko (1):
bitbake: providers: replace newly added logger.warn() with logger.warning()
Florian Amstutz (1):
devtool: deploy-target: Fix preserving attributes when using --strip
Khem Raj (1):
webkitgtk: Upgrade to 2.28.4
Marek Vasut (1):
update-rc.d: update SRCREV to pull in fix for non-bash shell support
Michael Ho (1):
sstate.bbclass: fix errors about read-only sstate mirrors
Minjae Kim (3):
rpm: fix CVE-2021-3421
gstreamer-plugins-base: fix CVE-2021-3522
dhcp: fix CVE-2021-25217
Richard Purdie (16):
kernel: Fix interaction when packaging disabled
kernel-devicetree: Fix interaction when packaging disabled
perf: Use python3targetconfig to ensure we use target libraries
package_pkgdata: Avoid task hash mismatches for generic task changes
oeqa/selftest/runcmd: Tweal test timeouts
sstate/staging: Handle directory creation race issue
oeqa/selftest/archiver: Allow tests to ignore empty directories
webkitgtk: upgrade 2.28.2 -> 2.28.3
dwarfsrcfiles: Avoid races over debug-link files
oeqa/selftest/multiprocesslauch: Fix test race
report-error: Drop pointless inherit
pseudo: Add uninative configuration sanity check
pseudo: Update to latest version including statx fix
sstate: Drop pseudo exclusion
bitbake: data_smart/parse: Allow ':' characters in variable/function names
bitbake: data_smart: Allow colon in variable expansion regex
Steve Sakoman (6):
glibc: update to lastest 2.31 release HEAD
bluez: fix CVE-2021-3588
gstreamer-plugins-base: ignore CVE-2021-3522 since it is fixed
gstreamer-plugins-good: ignore CVE-2021-3497/8 since they are fixed
documentation: prepare for 3.1.10 release
poky.conf: Bump version for 3.1.10 release
Tim Orling (2):
python3: skip tests requiring tools-sdk
python3: upgrade 3.8.10 -> 3.8.11
Tomasz Dziendzielski (1):
bitbake: BBHandler: Don't classify shell functions that names start with "python*" as python function
Zoltán Böszörményi (1):
tzdata: Allow controlling zoneinfo binary format
meta-openembedded: c38d2a74f7..85f8047c71:
Adrian Zaharia (1):
ntp: fix ntpdate to wait for subprocesses
Armin Kuster (4):
dovecot: add CVE-2016-4983 to allowlist
mariadb: update to 10.4.20
hiawatha: fix url.
wireshark: update to 3.2.15
Armin kuster (1):
postgresql: update to 12.7
Bruce Ashfield (1):
vboxguestdrivers: fix build against kernel v5.10+
Changqing Li (2):
nginx: fix CVE-2021-23017
php: allow php as empty
Chen Qi (1):
python3-django: upgrade to 2.2.20
Diego Santa Cruz (1):
php: split out phpdbg into a separate package
Gianfranco (5):
vboxguestdrivers: upgrade 6.1.16 -> 6.1.18
vboxguestdrivers: Add patch proposed upstream to fix a build failure on i386
vboxguestdrivers: upgrade 6.1.18 -> 6.1.20
vboxguestdrivers: upgrade 6.1.20 -> 6.1.22
vboxguestdrivers: add a fix for build failure with kernel 5.13
Gianfranco Costamagna (3):
vboxguestdrivers: upgrade 6.1.6 -> 6.1.12
vboxguestdrivers: upgrade 6.1.12 -> 6.1.14 Drop kernel 5.8 compatibility patch, now part of upstream codebase
vboxguestdrivers: upgrade 6.1.14 -> 6.1.16
Hongxu Jia (1):
vboxguestdrivers: fix failed to compile with kernel 5.8.0
Jate Sujjavanich (1):
ufw: backport patches, update RRECOMMENDS, python3 support, tests
Khem Raj (5):
tracker-miners: Check for commercial license to enable ffmpeg
sysprof: Enable sysprofd/libsysprof only when polkit in DISTRO_FEATURES
vboxguestdrivers: Fix build with kernel 5.8
vboxguestdrivers: Add __divmoddi4 builtin support
libdevmapper,lvm2: Do not inherit license
Li Wang (1):
apache2: fix CVE-2020-13950 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641
Marek Vasut (1):
nss: Fix build on Centos 7
Masaki Ambai (1):
nss: add CVE-2006-5201 to allowlist
Mingli Yu (1):
php: Upgrade to 7.4.16
Nicolas Dechesne (4):
python3-markupsafe: remove recipe
python3-jinja2: remove recipe
python3-{pyyaml,cython,pyparsing}: move from meta-python to meta-oe
ostree: Do not check for meta-python
Sekine Shigeki (1):
add CVE-2011-2411 to allowlist
Stefan Ghinea (1):
python3-django: fix CVE-2021-28658
Trevor Gamblin (5):
python3-django: upgrade 2.2.7 -> 2.2.13
python3-django: upgrade 2.2.13 -> 2.2.16
python3-django: upgrade 2.2.20 -> 2.2.22
python3-django: upgrade 2.2.22 -> 2.2.23
python3-django: upgrade 2.2.23 -> 2.2.24
ito-yuichi@fujitsu.com (1):
cyrus-sasl: add CVE-2020-8032 to allowlist
meta-raspberrypi: f0c75016f0..59c2d6f7a8:
Omer Akram (1):
Update raspberrypi firmware to 20210527
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I2e79fff133f97a0afa01ba390435aa22142bf976
Diffstat (limited to 'meta-openembedded/meta-webserver')
9 files changed, 287 insertions, 1 deletions
diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/CVE-2020-13950.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/CVE-2020-13950.patch new file mode 100644 index 0000000000..4eb6b85b1a --- /dev/null +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/CVE-2020-13950.patch @@ -0,0 +1,45 @@ +From 8c162db8b65b2193e622b780e8c6516d4265f68b Mon Sep 17 00:00:00 2001 +From: Yann Ylavic <ylavic@apache.org> +Date: Mon, 11 May 2015 15:48:58 +0000 +Subject: [PATCH] mod_proxy_http: follow up to r1656259. The proxy connection + may be NULL during prefetch, don't try to dereference it! Still + origin->keepalive will be set according to p_conn->close by the caller + (proxy_http_handler). + +git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1678771 13f79535-47bb-0310-9956-ffa450edef68 + +Upstream-Status: Backport +CVE: CVE-2020-35504 + +Reference to upstream patch: +https://bugzilla.redhat.com/show_bug.cgi?id=1966738 +https://github.com/apache/httpd/commit/8c162db8b65b2193e622b780e8c6516d4265f68b + +Signed-off-by: Li Wang <li.wang@windriver.com> +--- + modules/proxy/mod_proxy_http.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c +index ec1e042..5f507d5 100644 +--- a/modules/proxy/mod_proxy_http.c ++++ b/modules/proxy/mod_proxy_http.c +@@ -570,7 +570,6 @@ static int ap_proxy_http_prefetch(proxy_http_req_t *req, + apr_off_t bytes; + int force10, rv; + apr_read_type_e block; +- conn_rec *origin = p_conn->connection; + + if (apr_table_get(r->subprocess_env, "force-proxy-request-1.0")) { + if (req->expecting_100) { +@@ -630,7 +629,6 @@ static int ap_proxy_http_prefetch(proxy_http_req_t *req, + "chunked body with Content-Length (C-L ignored)", + c->client_ip, c->remote_host ? c->remote_host: ""); + req->old_cl_val = NULL; +- origin->keepalive = AP_CONN_CLOSE; + p_conn->close = 1; + } + +-- +2.7.4 + diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/CVE-2020-35452.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/CVE-2020-35452.patch new file mode 100644 index 0000000000..001ca9252d --- /dev/null +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/CVE-2020-35452.patch @@ -0,0 +1,49 @@ +From 3b6431eb9c9dba603385f70a2131ab4a01bf0d3b Mon Sep 17 00:00:00 2001 +From: Yann Ylavic <ylavic@apache.org> +Date: Mon, 18 Jan 2021 17:39:12 +0000 +Subject: [PATCH] Merge r1885659 from trunk: + +mod_auth_digest: Fast validation of the nonce's base64 to fail early if + the format can't match anyway. + +Submitted by: ylavic +Reviewed by: ylavic, covener, jailletc36 + +git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1885666 13f79535-47bb-0310-9956-ffa450edef68 + +Upstream-Status: Backport +CVE: CVE-2020-35452 + +Reference to upstream patch: +https://security-tracker.debian.org/tracker/CVE-2020-35452 +https://github.com/apache/httpd/commit/3b6431eb9c9dba603385f70a2131ab4a01bf0d3b + +Signed-off-by: Li Wang <li.wang@windriver.com> +--- + modules/aaa/mod_auth_digest.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/modules/aaa/mod_auth_digest.c b/modules/aaa/mod_auth_digest.c +index b760941..0825b1b 100644 +--- a/modules/aaa/mod_auth_digest.c ++++ b/modules/aaa/mod_auth_digest.c +@@ -1422,9 +1422,14 @@ static int check_nonce(request_rec *r, digest_header_rec *resp, + time_rec nonce_time; + char tmp, hash[NONCE_HASH_LEN+1]; + +- if (strlen(resp->nonce) != NONCE_LEN) { ++ /* Since the time part of the nonce is a base64 encoding of an ++ * apr_time_t (8 bytes), it should end with a '=', fail early otherwise. ++ */ ++ if (strlen(resp->nonce) != NONCE_LEN ++ || resp->nonce[NONCE_TIME_LEN - 1] != '=') { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01775) +- "invalid nonce %s received - length is not %d", ++ "invalid nonce '%s' received - length is not %d " ++ "or time encoding is incorrect", + resp->nonce, NONCE_LEN); + note_digest_auth_failure(r, conf, resp, 1); + return HTTP_UNAUTHORIZED; +-- +2.7.4 + diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26690.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26690.patch new file mode 100644 index 0000000000..d3aea9e122 --- /dev/null +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26690.patch @@ -0,0 +1,39 @@ +From 67bd9bfe6c38831e14fe7122f1d84391472498f8 Mon Sep 17 00:00:00 2001 +From: Yann Ylavic <ylavic@apache.org> +Date: Mon, 1 Mar 2021 20:07:08 +0000 +Subject: [PATCH] mod_session: save one apr_strtok() in + session_identity_decode(). + +When the encoding is invalid (missing '='), no need to parse further. + +git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887050 13f79535-47bb-0310-9956-ffa450edef68 + +Upstream-Status: Backport +CVE: CVE-2021-26690 + +Reference to upstream patch: +https://security-tracker.debian.org/tracker/CVE-2021-26690 +https://github.com/apache/httpd/commit/67bd9bfe6c38831e14fe7122f1d84391472498f8 + +Signed-off-by: Li Wang <li.wang@windriver.com> +--- + modules/session/mod_session.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c +index ebd05b0..af70f6b 100644 +--- a/modules/session/mod_session.c ++++ b/modules/session/mod_session.c +@@ -404,8 +404,8 @@ static apr_status_t session_identity_decode(request_rec * r, session_rec * z) + char *plast = NULL; + const char *psep = "="; + char *key = apr_strtok(pair, psep, &plast); +- char *val = apr_strtok(NULL, psep, &plast); + if (key && *key) { ++ char *val = apr_strtok(NULL, sep, &plast); + if (!val || !*val) { + apr_table_unset(z->entries, key); + } +-- +2.7.4 + diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26691.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26691.patch new file mode 100644 index 0000000000..f9cf868d01 --- /dev/null +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26691.patch @@ -0,0 +1,35 @@ +From 7e09dd714fc62c08c5b0319ed7b9702594faf49b Mon Sep 17 00:00:00 2001 +From: Yann Ylavic <ylavic@apache.org> +Date: Mon, 1 Mar 2021 20:13:54 +0000 +Subject: [PATCH] mod_session: account for the '&' in identity_concat(). + +git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887052 13f79535-47bb-0310-9956-ffa450edef68 + +Upstream-Status: Backport +CVE: CVE-2021-26691 + +Reference to upstream patch: +https://bugzilla.redhat.com/show_bug.cgi?id=1966732 +https://github.com/apache/httpd/commit/7e09dd714fc62c08c5b0319ed7b9702594faf49b + +Signed-off-by: Li Wang <li.wang@windriver.com> +--- + modules/session/mod_session.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c +index 7ee477c..ebd05b0 100644 +--- a/modules/session/mod_session.c ++++ b/modules/session/mod_session.c +@@ -317,7 +317,7 @@ static apr_status_t ap_session_set(request_rec * r, session_rec * z, + static int identity_count(void *v, const char *key, const char *val) + { + int *count = v; +- *count += strlen(key) * 3 + strlen(val) * 3 + 1; ++ *count += strlen(key) * 3 + strlen(val) * 3 + 2; + return 1; + } + +-- +2.7.4 + diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-30641.patch b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-30641.patch new file mode 100644 index 0000000000..7f74c85e33 --- /dev/null +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-30641.patch @@ -0,0 +1,66 @@ +From 6141d5aa3f5cf8f1b89472e7fdb66578810d0ae3 Mon Sep 17 00:00:00 2001 +From: Eric Covener <covener@apache.org> +Date: Wed, 21 Apr 2021 01:02:11 +0000 +Subject: [PATCH] legacy default slash-matching behavior w/ 'MergeSlashes OFF' + +git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1889036 13f79535-47bb-0310-9956-ffa450edef68 + +Upstream-Status: Backport +CVE: CVE-2021-30641 + +Reference to upstream patch: +https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641 +https://github.com/apache/httpd/commit/6141d5aa3f5cf8f1b89472e7fdb66578810d0ae3 + +Signed-off-by: Li Wang <li.wang@windriver.com> +--- + server/request.c | 19 ++++++++++++++++--- + 1 file changed, 16 insertions(+), 3 deletions(-) + +diff --git a/server/request.c b/server/request.c +index d5c558a..18625af 100644 +--- a/server/request.c ++++ b/server/request.c +@@ -1419,7 +1419,20 @@ AP_DECLARE(int) ap_location_walk(request_rec *r) + + cache = prep_walk_cache(AP_NOTE_LOCATION_WALK, r); + cached = (cache->cached != NULL); +- entry_uri = r->uri; ++ ++ /* ++ * When merge_slashes is set to AP_CORE_CONFIG_OFF the slashes in r->uri ++ * have not been merged. But for Location walks we always go with merged ++ * slashes no matter what merge_slashes is set to. ++ */ ++ if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) { ++ entry_uri = r->uri; ++ } ++ else { ++ char *uri = apr_pstrdup(r->pool, r->uri); ++ ap_no2slash(uri); ++ entry_uri = uri; ++ } + + /* If we have an cache->cached location that matches r->uri, + * and the vhost's list of locations hasn't changed, we can skip +@@ -1486,7 +1499,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r) + pmatch = apr_palloc(rxpool, nmatch*sizeof(ap_regmatch_t)); + } + +- if (ap_regexec(entry_core->r, entry_uri, nmatch, pmatch, 0)) { ++ if (ap_regexec(entry_core->r, r->uri, nmatch, pmatch, 0)) { + continue; + } + +@@ -1496,7 +1509,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r) + apr_table_setn(r->subprocess_env, + ((const char **)entry_core->refs->elts)[i], + apr_pstrndup(r->pool, +- entry_uri + pmatch[i].rm_so, ++ r->uri + pmatch[i].rm_so, + pmatch[i].rm_eo - pmatch[i].rm_so)); + } + } +-- +2.7.4 + diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.46.bb b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.46.bb index 197cb83e64..4fc1f16317 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.46.bb +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.46.bb @@ -15,6 +15,11 @@ SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \ file://0007-apache2-allow-to-disable-selinux-support.patch \ file://apache-configure_perlbin.patch \ file://0001-support-apxs.in-force-destdir-to-be-empty-string.patch \ + file://CVE-2020-13950.patch \ + file://CVE-2020-35452.patch \ + file://CVE-2021-26690.patch \ + file://CVE-2021-26691.patch \ + file://CVE-2021-30641.patch \ " SRC_URI_append_class-target = " \ diff --git a/meta-openembedded/meta-webserver/recipes-httpd/hiawatha/hiawatha_10.10.bb b/meta-openembedded/meta-webserver/recipes-httpd/hiawatha/hiawatha_10.10.bb index ed3df19390..2503f53166 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/hiawatha/hiawatha_10.10.bb +++ b/meta-openembedded/meta-webserver/recipes-httpd/hiawatha/hiawatha_10.10.bb @@ -6,7 +6,7 @@ DEPENDS = "libxml2 libxslt virtual/crypt" SECTION = "net" -SRC_URI = "http://hiawatha-webserver.org/files/${BP}.tar.gz \ +SRC_URI = "http://hiawatha-webserver.org/files/hiawatha-10/${BP}.tar.gz \ file://hiawatha-init \ file://hiawatha.service " diff --git a/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/CVE-2021-23017.patch b/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/CVE-2021-23017.patch new file mode 100644 index 0000000000..a708033775 --- /dev/null +++ b/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/CVE-2021-23017.patch @@ -0,0 +1,46 @@ +From 7199ebc203f74fd9e44595474de6bdc41740c5cf Mon Sep 17 00:00:00 2001 +From: Maxim Dounin <mdounin@mdounin.ru> +Date: Tue, 25 May 2021 15:17:36 +0300 +Subject: [PATCH] Resolver: fixed off-by-one write in ngx_resolver_copy(). + +Reported by Luis Merino, Markus Vervier, Eric Sesterhenn, X41 D-Sec GmbH. + +Upstream-Status: Backport +CVE: CVE-2021-23017 + +Reference to upstream patch: +https://github.com/nginx/nginx/commit/7199ebc203f74fd9e44595474de6bdc41740c5cf + +Signed-off-by: Catalin Enache <catalin.enache@windriver.com> +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + src/core/ngx_resolver.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c +index 79390701..63b26193 100644 +--- a/src/core/ngx_resolver.c ++++ b/src/core/ngx_resolver.c +@@ -4008,15 +4008,15 @@ done: + n = *src++; + + } else { ++ if (dst != name->data) { ++ *dst++ = '.'; ++ } ++ + ngx_strlow(dst, src, n); + dst += n; + src += n; + + n = *src++; +- +- if (n != 0) { +- *dst++ = '.'; +- } + } + + if (n == 0) { +-- +2.17.1 + diff --git a/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx.inc b/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx.inc index de080a2b01..a4583ed8f8 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx.inc +++ b/meta-openembedded/meta-webserver/recipes-httpd/nginx/nginx.inc @@ -22,6 +22,7 @@ SRC_URI = " \ file://nginx-volatile.conf \ file://nginx.service \ file://nginx-fix-pidfile.patch \ + file://CVE-2021-23017.patch \ " inherit siteinfo update-rc.d useradd systemd |