diff options
| author | Patrick Williams <patrick@stwcx.xyz> | 2021-01-30 17:17:16 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2021-01-30 17:19:34 +0300 |
| commit | bf91d30bc84e7159f13d32da1bc4007fbfdb8a6e (patch) | |
| tree | 25a46ba775bf2e8d4aab4c329446eefc6d326551 /meta-openembedded | |
| parent | 94a70a0f73533c9af5a5a15942539e8eda1a6a5e (diff) | |
| download | openbmc-bf91d30bc84e7159f13d32da1bc4007fbfdb8a6e.tar.xz | |
subtree updates
poky: 424296bf9b..7ea41de137:
Adrian Herrera (1):
scripts: oe-run-native, fix *-native directories
Alexander Kanavin (8):
meta/lib/oe/reproducible.py: gitsm:// works just as fine as git:// for timestamps
llvm: fix reproducibility
ruby: fix reproducibility
webkitgtk: fix reproducibility
ffmpeg: fix reproducibility
serf: do not install the static library
llvm: sort the lists in generated source reproducibibly
valgrind: exclude bar_bad/bar_bad_xml from ptests
Andrej Valek (2):
kernel-dummy: fix executing unexpected tasks
python3: fix CVE-2019-20907
Andrey Mozzhuhin (1):
toolchain-shar-extract.sh: Handle special characters in script path
Anuj Mittal (2):
distutils-common-base: fix LINKSHARED expansion
mesa: add more details to elf-tls patch
Armin Kuster (2):
xorg: Security fix for CVE-2020-14345
glibc: Security fix for CVE-2020-29573
Brett Warren (1):
libffi: add patch to revert clang VFP workaround
Bruce Ashfield (20):
kernel: provide module.lds for out of tree builds in v5.10+
kernel: relocate copy of module.lds to module compilation task
linux-yocto/5.4: update to v5.4.71
linux-yocto/5.4: update to v5.4.72
linux-yocto/5.4: update to v5.4.73
linux-yocto/5.4: config cleanup / warnings
linux-yocto/5.4: update to v5.4.75
linux-yocto/5.4: perf: Alias SYS_futex with SYS_futex_time64 on 32-bit arches with 64bit time_t
linux-yocto/5.4: update to v5.4.78
lttng-modules: add post 2.11.6 patches
linux-yocto-rt/5.4: update to -rt44
linux-yocto/5.4: update to v5.4.80
linux-yocto/cfg: qemuppc: set CONFIG_SCSI to '=y'
linux-yocto/5.4: update to v5.4.82
linux-yocto/cfg: qemuarm64-gfx.cfg: add CONFIG_INPUT_UINPUT
linux-yocto/5.4: update to v5.4.83
linux-yocto/5.4/cfg: fix -tiny warnings
linux-yocto/5.4/cfg: fix FIRMWARE_LOADER warnings
linux-yocto/5.4: update to v5.4.85
linux-yocto/5.4: update to v5.4.87
Changqing Li (2):
buildtools-tarball: add wic dependency into extended buildtools
libexif: fix CVE-2020-0198; CVE-2020-0452
Chris Laplante (1):
systemd.bbclass: improve error message when a service unit specified in SYSTEMD_SERVICE is not found
Christopher Larson (2):
grub-efi-cfg: exclude OVERRIDES from build_efi_cfg vardeps
uboot-extlinux-config: exclude OVERRIDES from do_create_extlinux_config vardeps
Daniel Ammann (1):
wic: fix typo
Diego Sueiro (1):
modutils-initscripts: Use depmod -a when modules.dep is empty
Dmitry Baryshkov (5):
linux-firmware: upgrade 20201022 -> 20201118
linux-firmware: package ath11k firmware
linux-firmware: upgrade 20201118 -> 20201218
linux-firmware: package firmware for Lontium lt9611uxc bridge
perl: fix installation failure because of shell issue
Fedor Ross (2):
sysvinit: remove bashism to be compatible with dash
eudev: remove bashism to be compatible with dash
Gratian Crisan (1):
kernel-module-split.bbclass: fix kernel modules getting marked as CONFFILES
Hongxu Jia (1):
glib-networking/btrfs-tools/dosfstools/parted/bmap-tools/libsoup-2.4: add nativesdk support
Joshua Watt (4):
ref-variables: Given example for naming sources
ref-manual: Document wic --offset option
documentation: Add Pipenv support
classes/waf: Add build and install arguments
Khem Raj (1):
initscripts: use quotes for shell variable comparision
Lee Chee Yang (7):
go: update to 1.14.12
glibc: fix CVE-2020-29562
qemu: fix CVE-2020-25723
binutils: fix CVE-2020-16592/16598
wic/direct/kparser: ensure fsuuid for vfat and msdos align with format
gdk-pixbuf: fix CVE-2020-29385
curl: fix CVE-2020-8231/8284/8285/8286
Loic Domaigne (1):
roofs_*.bbclass: fix missing vardeps for do_rootfs
Mans Rullgard (1):
boost: drop arm-intrinsics.patch
Marek Vasut (2):
meta: toolchain-shar-relocate.sh: Do not use $target_sdk_dir as regex
meta: toolchain-shar-relocate.sh: Filter out post-relocate-setup script
Mark Jonas (1):
libsdl2: Add directfb to PACKAGECONFIG rdepends
Max Krummenacher (1):
linux-firmware: rdepend on license for all nvidia packages
Maxime Roussin-Bélanger (1):
meta: add missing descriptions in some support recipes
Mert Kirpici (1):
bitbake: doc/conf.py: add missing import sys
Michael Ho (1):
license_image.bbclass: fix missing recipeinfo on self
Mikko Rapeli (4):
glibc: update to 2.31 stable tree head
glib-2.0: add patch for CVE-2020-35457
systemd: update from 244.3 to 244.5 stable release
zip: whitelist CVE-2018-13410 and CVE-2018-13684
Milan Shah (1):
oe-pkgdata-util: Added a test to verify oe-pkgdata-util without parameters
Naoki Hayama (1):
dev/test/ref-manual: Fix typos
Nathan Rossi (2):
ncurses: Prevent LDFLAGS being emitted in .pc files
coreutils: enable xattrs by default for nativesdk
Nicolas Dechesne (16):
bitbake: sphinx: import sphinx docs
bitbake: sphinx: undo (bitbake-user-manual: Remove TERM from BB_HASHBASE_WHITELIST example)
bitbake: sphinx: partial undo (bitbake-user-manual: update perforce fetcher docs)
sphinx: import docs
sphinx: undo (ref-system-requirements: update supported hosts lists)
sphinx: reintroduce changes for 3.1.1, 3.1.2, 3.1.3 and 3.1.4
sphinx: remove test-manual
sphinx: fix up some trademark and branding issues
sphinx: remove DocBook files
sphinx: rename Makefile.sphinx
sdk-manual: use built-in footnotes
sphinx: add 3.1.3 and 3.0.4 release in the switcher
poky.yaml: remove unused variables
Makefile: enable parallel build
conf.py: set version to 3.1.4
sphinx: update link to bitbake docs
Ovidiu Panait (2):
timezone: upgrade to 2020e
timezone: upgrade to 2020f
Paul Barker (2):
conf.py: Improve TOC and Outline depth in PDF output
selftest: Add argument to keep build dir
Paul Eggleton (5):
ref-manual: add reference anchors for each QA check
ref-manual: fix for features_check class change
ref-manual: add IMAGE_VERSION_SUFFIX variable
ref-manual: add IMAGE_NAME_SUFFIX variable
ref-manual: add IMAGE_LINK_NAME
Peter Kjellerstedt (1):
apr-util: Only specify --with-dbm=gdbm if gdbm support is enabled
Quentin Schulz (20):
docs: ref-manual: ref-variables: fix one-letter pointer links in glossary
docs: ref-manual: ref-variables: fix alphabetical order in glossary
docs: ref-manual: ref-variables: add links to terms in glossary
docs: poky.yaml: use HTTPS for links
docs: ref-manual: indentation, links and highlights fixes
docs: remove OE_INIT_FILE variable
docs: ref-manual: fix typos
docs: ref-manual: migration-2.3: specify 2.3 version instead of DISTRO
docs: ref-manual: ref-classes: remove dropped tinderclient class
docs: ref-manual: ref-system-requirements: update requirements to build Sphinx docs
docs: sphinx: yocto-vars: rebuild files when poky.yaml has changed
docs: poky.yaml: fix identation in host packages variables
docs: dev-manual-common-tasks: remove paragraph about race when missing DEPENDS
docs: dev-manual-common-tasks: update python webserver example to python3
docs: dev-manual: fix typos, highlights, indentation and links
docs: ref-manual: ref-terms: add links to terms in glossary
docs: bsp-guide: bsp: fix typos, highlights and links
docs: kernel-dev: fix typos, highlights and links
docs: kernel-dev-common: add .patch file extension to SRC_URI files
docs: kernel-dev-faq: update outdated RDEPENDS_kernel-base
Richard Purdie (20):
fs-perms: Ensure /usr/src/debug/ file modes are correct
e2fsprogs: Fix a ptest permissions determinism issue
lz4: Use the new branch naming from upstream
metadata_scm: Fix signature handling of METADATA_REVISION and METADATA_BRANCH
grub: Fix build reproducibility issue
grub: Add second fix for determinism issue
u-boot-tools: Fix reproducibility issue
groff: Fix reproducibility issue
man-db: Avoid reproducibility failures after fixing groff-native
cups: Mark CVE-2009-0032 as a non-issue
cups: Mark CVE-2008-1033 as a non-issue
docs: Fix license CC-BY-2.0-UK -> CC-BY-SA-2.0-UK
ref-manual/faq: Add entry for why binaries are changed in images
dev-manual: Add a note about prelink changing prebuild binaries
oeqa/commands: Ensure sync can be found regardless of PATH
grub: Further reproducibility fix
man-db: Fix reproducibility issue
gcc: Fix mangled patch
bitbake: data_smart: Ensure hash reflects vardepvalue flags correctly
linuxloader: Avoid confusing string concat errors
Robert Joslyn (2):
openssl: Update to 1.1.1i
ppp: Whitelist CVE-2020-15704
Robert P. J. Day (3):
ref-manual/ref-variables: "PACKAGE_FEEDS_ARCHS" -> "PACKAGE_FEED_ARCHS"
README: "yocto-project-qs" -> "brief-yoctoprojectqs"
adt-manual: delete obsolete ADT manual, and related content
Robert Yang (5):
buildtools-tarball.bb: Fix PATH for environment setup script
ncurses: Make ncurses-tools depend on ncurses-terminfo-base
minicom: RDEPENDS on ncurses-terminfo-base
archiver.bbclass: Fix --runall=deploy_archives for images
weston: Fix PACKAGECONFIG for remoting
Ross Burton (17):
bitbake: taskexp: update for GTK API changes
cve-check: show real PN/PV
python3: add CVE-2007-4559 to whitelist
gstreamer1.0-rtsp-server: set CVE_PRODUCT
gstreamer1.0-plugins-base: set CVE_PRODUCT
oeqa/devtool: use Yocto mirror for pv-1.5.3 tarball
devtool: remove unused variable
image_types: sort tarball file listings
cve-update-db-native: handle all-wildcard versions
coreutils: add SUSE-specific issues to CVE whitelist
kernel: set COMPATIBLE_HOST to *-linux
ncurses: remove config.cache
wic-image-minimal: only depend on syslinux on x86 targets
lib/oe/qa: handle the 'no specific instruction set' ELF e_machine value
diffstat: point the license checksum at the license
ruby: remove tcl DEPENDS
waf: don't assume the waf intepretter is good
Scott Murray (3):
grub: fix "CVE:" line in one of the patches
patch: fix CVE-2019-20633
glibc: CVE-2019-25013
Steve Sakoman (5):
sqlite3: add CVE-2015-3717 to whitelist
oeqa/selftest/cases/devtool.py: fix typo in ignore_patterns call
cups: whitelist CVE-2018-6553
documentation: prepare for 3.1.5 release
poky.conf: Bump version for 3.1.5 release
Tanu Kaskinen (1):
pulseaudio: Remove OE_LT_RPATH_ALLOW
Thomas Perrot (1):
go.bbclass: don't stage test data with sources of dependencies
Tomasz Dziendzielski (2):
populate_sdk_base: Fix condition syntax if SDK_RELOCATE_AFTER_INSTALL is disabled
lib/oe/utils: Return empty string in parallel_make
Vyacheslav Yurkov (1):
license_image.bbclass: use canonical name for license files
Wang Mingyu (1):
mobile-broadband-provider-info: upgrade 20190618 ->20201225
Wonmin Jung (1):
kernel: Set proper LD in KERNEL_KCONFIG_COMMAND
sangeeta jain (1):
meta/lib/oeqa/manual/oe-core.json: Update test_bitbake_devshell
zangrc (2):
wireless-regdb: upgrade 2020.04.29 -> 2020.11.20
bash: Rename patch name
meta-openembedded: f2d02cb71e..5bba79488b:
Armin Kuster (5):
wireguard-module: fix build issue with 5.4 kernel
mariadb: update to 10.4.17 for cve fixes
lua: update to 5.3.6
nss: Security fix CVE-2020-12401
wireshark: Several securtiy fixes
Chenxi Mao (1):
geoclue: select avahi-daemon if nmea enabled
Diego Santa Cruz (2):
gssdp: Upgrade to 1.2.2 -> 1.2.3
gupnp: Upgrade to 1.2.2 -> 1.2.4
Gianfranco (1):
dlt-daemon: add upstream patch to fix CVE-2020-29394
Khem Raj (4):
nodejs: Fix build with icu 67.1
nodejs: Upgrade to 12.18.3
nodejs: Fix arm32/thumb builds with clang
nodejs: Update to 12.19.0
Leon Anavi (1):
php: Upgrade 7.4.4 -> 7.4.9
Max Kellermann (1):
php: remove the failing ${D}/${TMPDIR} code
Robert Joslyn (1):
postgresql: Update to 12.5
Roland Hieber (1):
pcsc-lite: provide pcsc-lite-lib-native explicitly for native build
Sakib Sajal (1):
apache2: upgrade v2.4.43 -> v2.4.46
Sean Nyekjaer (1):
nodejs: 12.19.1 -> 12.20.1
Stacy Gaikovaia (1):
nodejs: 12.19.0 -> 12.19.1
Wang Mingyu (1):
zabbix: CVE-2020-15803 Security Advisory
Wenlin Kang (2):
lua: fix CVE-2020-15945
lua: fix CVE-2020-24371
Zang Ruochen (1):
mcpp: Normalize the patch format of CVE
Zheng Ruoqin (4):
samba: CVE-2020-14318 Security Advisory
samba: CVE-2020-14383 Security Advisory
php: CVE-2020-7070
php: CVE-2020-7069
jabdoa2 (2):
libsdl2-mixer: Fix ogg/vorbis support in libsdl2-mixer
libsdl2-mixer: set --disable-music-ogg-shared to link statically
viatsk (1):
tcpdump: Patch for CVE-2020-8037
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I6e3b58075efc33fcfd6e9e1aa697f8763b5a89aa
Diffstat (limited to 'meta-openembedded')
47 files changed, 1116 insertions, 290 deletions
diff --git a/meta-openembedded/meta-multimedia/recipes-connectivity/gupnp/gssdp_1.2.2.bb b/meta-openembedded/meta-multimedia/recipes-connectivity/gupnp/gssdp_1.2.3.bb index ddaddd2094..7d82c3e2e6 100644 --- a/meta-openembedded/meta-multimedia/recipes-connectivity/gupnp/gssdp_1.2.2.bb +++ b/meta-openembedded/meta-multimedia/recipes-connectivity/gupnp/gssdp_1.2.3.bb @@ -5,8 +5,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=3bf50002aefd002f49e7bb854063f7e7" DEPENDS = "glib-2.0 libsoup-2.4" SRC_URI = "${GNOME_MIRROR}/${BPN}/1.2/${BPN}-${PV}.tar.xz" -SRC_URI[md5sum] = "f00a470ebcba96f34def8f83ac5891ed" -SRC_URI[sha256sum] = "cabb9e3b456b8354a55e23eb0207545d974643cda6d623523470ebbc4188b0a4" +SRC_URI[md5sum] = "ef3295a965c06ce0f683522391fbb910" +SRC_URI[sha256sum] = "a263dcb6730e3b3dc4bbbff80cf3fab4cd364021981d419db6dd5a8e148aa7e8" GTKDOC_MESON_OPTION = 'gtk_doc' diff --git a/meta-openembedded/meta-multimedia/recipes-connectivity/gupnp/gupnp_1.2.2.bb b/meta-openembedded/meta-multimedia/recipes-connectivity/gupnp/gupnp_1.2.4.bb index e603497161..c7b330fa00 100644 --- a/meta-openembedded/meta-multimedia/recipes-connectivity/gupnp/gupnp_1.2.2.bb +++ b/meta-openembedded/meta-multimedia/recipes-connectivity/gupnp/gupnp_1.2.4.bb @@ -1,8 +1,8 @@ require gupnp.inc SRC_URI = "${GNOME_MIRROR}/${BPN}/1.2/${BPN}-${PV}.tar.xz" -SRC_URI[md5sum] = "2ade3d29c624ad98d70113e6e93908a5" -SRC_URI[sha256sum] = "9a80bd953e5c8772ad26b72f8da01cbe7241a113edd6084903f413ce751c9989" +SRC_URI[md5sum] = "7c9c7cd80e36d9fb1e5b0267571fc17d" +SRC_URI[sha256sum] = "f7a0307ea51f5e44d1b832f493dd9045444a3a4e211ef85dfd9aa5dd6eaea7d1" LIC_FILES_CHKSUM = "file://COPYING;md5=3bf50002aefd002f49e7bb854063f7e7 \ file://libgupnp/gupnp.h;beginline=1;endline=20;md5=d78a69d9b6e63ee2dc72e7b674d97520" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14318.patch b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14318.patch new file mode 100644 index 0000000000..ff1225db07 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14318.patch @@ -0,0 +1,142 @@ +From ccf53dfdcd39f3526dbc2f20e1245674155380ff Mon Sep 17 00:00:00 2001 +From: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> +Date: Fri, 11 Dec 2020 11:32:44 +0900 +Subject: [PATCH] s4: torture: Add smb2.notify.handle-permissions test. + +s3: smbd: Ensure change notifies can't get set unless the + directory handle is open for SEC_DIR_LIST. + +CVE-2020-14318 + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14434 + +Signed-off-by: Jeremy Allison <jra@samba.org> + +Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> +--- + source3/smbd/notify.c | 8 ++++ + source4/torture/smb2/notify.c | 82 ++++++++++++++++++++++++++++++++++- + 2 files changed, 89 insertions(+), 1 deletion(-) + +diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c +index 44c0b09..d23c03b 100644 +--- a/source3/smbd/notify.c ++++ b/source3/smbd/notify.c +@@ -283,6 +283,14 @@ NTSTATUS change_notify_create(struct files_struct *fsp, uint32_t filter, + char fullpath[len+1]; + NTSTATUS status = NT_STATUS_NOT_IMPLEMENTED; + ++ /* ++ * Setting a changenotify needs READ/LIST access ++ * on the directory handle. ++ */ ++ if (!(fsp->access_mask & SEC_DIR_LIST)) { ++ return NT_STATUS_ACCESS_DENIED; ++ } ++ + if (fsp->notify != NULL) { + DEBUG(1, ("change_notify_create: fsp->notify != NULL, " + "fname = %s\n", fsp->fsp_name->base_name)); +diff --git a/source4/torture/smb2/notify.c b/source4/torture/smb2/notify.c +index ebb4f8a..a5c9b94 100644 +--- a/source4/torture/smb2/notify.c ++++ b/source4/torture/smb2/notify.c +@@ -2569,6 +2569,83 @@ done: + return ok; + } + ++/* ++ Test asking for a change notify on a handle without permissions. ++*/ ++ ++#define BASEDIR_HPERM BASEDIR "_HPERM" ++ ++static bool torture_smb2_notify_handle_permissions( ++ struct torture_context *torture, ++ struct smb2_tree *tree) ++{ ++ bool ret = true; ++ NTSTATUS status; ++ union smb_notify notify; ++ union smb_open io; ++ struct smb2_handle h1 = {{0}}; ++ struct smb2_request *req; ++ ++ smb2_deltree(tree, BASEDIR_HPERM); ++ smb2_util_rmdir(tree, BASEDIR_HPERM); ++ ++ torture_comment(torture, ++ "TESTING CHANGE NOTIFY " ++ "ON A HANDLE WITHOUT PERMISSIONS\n"); ++ ++ /* ++ get a handle on the directory ++ */ ++ ZERO_STRUCT(io.smb2); ++ io.generic.level = RAW_OPEN_SMB2; ++ io.smb2.in.create_flags = 0; ++ io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE; ++ io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY; ++ io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL; ++ io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ | ++ NTCREATEX_SHARE_ACCESS_WRITE; ++ io.smb2.in.alloc_size = 0; ++ io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE; ++ io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS; ++ io.smb2.in.security_flags = 0; ++ io.smb2.in.fname = BASEDIR_HPERM; ++ ++ status = smb2_create(tree, torture, &io.smb2); ++ CHECK_STATUS(status, NT_STATUS_OK); ++ h1 = io.smb2.out.file.handle; ++ ++ /* ask for a change notify, ++ on file or directory name changes */ ++ ZERO_STRUCT(notify.smb2); ++ notify.smb2.level = RAW_NOTIFY_SMB2; ++ notify.smb2.in.buffer_size = 1000; ++ notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME; ++ notify.smb2.in.file.handle = h1; ++ notify.smb2.in.recursive = true; ++ ++ req = smb2_notify_send(tree, ¬ify.smb2); ++ torture_assert_goto(torture, ++ req != NULL, ++ ret, ++ done, ++ "smb2_notify_send failed\n"); ++ ++ /* ++ * Cancel it, we don't really want to wait. ++ */ ++ smb2_cancel(req); ++ status = smb2_notify_recv(req, torture, ¬ify.smb2); ++ /* Handle h1 doesn't have permissions for ChangeNotify. */ ++ CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); ++ ++done: ++ if (!smb2_util_handle_empty(h1)) { ++ smb2_util_close(tree, h1); ++ } ++ smb2_deltree(tree, BASEDIR_HPERM); ++ return ret; ++} ++ + /* + basic testing of SMB2 change notify + */ +@@ -2602,7 +2679,10 @@ struct torture_suite *torture_smb2_notify_init(TALLOC_CTX *ctx) + torture_smb2_notify_rmdir3); + torture_suite_add_2smb2_test(suite, "rmdir4", + torture_smb2_notify_rmdir4); +- ++ torture_suite_add_1smb2_test(suite, ++ "handle-permissions", ++ torture_smb2_notify_handle_permissions); ++ + suite->description = talloc_strdup(suite, "SMB2-NOTIFY tests"); + + return suite; +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14383.patch b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14383.patch new file mode 100644 index 0000000000..3341b80a38 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba/CVE-2020-14383.patch @@ -0,0 +1,112 @@ +From ff17443fe761eda864d13957bec45f5bac478fe3 Mon Sep 17 00:00:00 2001 +From: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> +Date: Fri, 11 Dec 2020 14:34:31 +0900 +Subject: [PATCH] CVE-2020-14383: s4/dns: Ensure variable initialization with + NULL. do not crash when additional data not found +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Found by Francis Brosnan Blázquez <francis@aspl.es>. +Based on patches from Francis Brosnan Blázquez <francis@aspl.es> +and Jeremy Allison <jra@samba.org> + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14472 +BUG: https://bugzilla.samba.org/show_bug.cgi?id=12795 + +Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> +Reviewed-by: Jeremy Allison <jra@samba.org> + +Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> +Autobuild-Date(master): Mon Aug 24 00:21:41 UTC 2020 on sn-devel-184 + +(based on commit df98e7db04c901259dd089e20cd557bdbdeaf379) +(based on commit 7afe449e7201be92bed8e53cbb37b74af720ef4e + +Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> +--- + .../rpc_server/dnsserver/dcerpc_dnsserver.c | 31 ++++++++++--------- + 1 file changed, 17 insertions(+), 14 deletions(-) + +diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c +index 910de9a1..618c7096 100644 +--- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c ++++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c +@@ -1754,15 +1754,17 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate, + TALLOC_CTX *tmp_ctx; + char *name; + const char * const attrs[] = { "name", "dnsRecord", NULL }; +- struct ldb_result *res; +- struct DNS_RPC_RECORDS_ARRAY *recs; ++ struct ldb_result *res = NULL; ++ struct DNS_RPC_RECORDS_ARRAY *recs = NULL; + char **add_names = NULL; +- char *rname; ++ char *rname = NULL; + const char *preference_name = NULL; + int add_count = 0; + int i, ret, len; + WERROR status; +- struct dns_tree *tree, *base, *node; ++ struct dns_tree *tree = NULL; ++ struct dns_tree *base = NULL; ++ struct dns_tree *node = NULL; + + tmp_ctx = talloc_new(mem_ctx); + W_ERROR_HAVE_NO_MEMORY(tmp_ctx); +@@ -1845,15 +1847,15 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate, + } + } + +- talloc_free(res); +- talloc_free(tree); +- talloc_free(name); ++ TALLOC_FREE(res); ++ TALLOC_FREE(tree); ++ TALLOC_FREE(name); + + /* Add any additional records */ + if (select_flag & DNS_RPC_VIEW_ADDITIONAL_DATA) { + for (i=0; i<add_count; i++) { +- struct dnsserver_zone *z2; +- ++ struct dnsserver_zone *z2 = NULL; ++ struct ldb_message *msg = NULL; + /* Search all the available zones for additional name */ + for (z2 = dsstate->zones; z2; z2 = z2->next) { + char *encoded_name; +@@ -1865,14 +1867,15 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate, + LDB_SCOPE_ONELEVEL, attrs, + "(&(objectClass=dnsNode)(name=%s)(!(dNSTombstoned=TRUE)))", + encoded_name); +- talloc_free(name); ++ TALLOC_FREE(name); + if (ret != LDB_SUCCESS) { + continue; + } + if (res->count == 1) { ++ msg = res->msgs[0]; + break; + } else { +- talloc_free(res); ++ TALLOC_FREE(res); + continue; + } + } +@@ -1885,10 +1888,10 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate, + } + status = dns_fill_records_array(tmp_ctx, NULL, DNS_TYPE_A, + select_flag, rname, +- res->msgs[0], 0, recs, ++ msg, 0, recs, + NULL, NULL); +- talloc_free(rname); +- talloc_free(res); ++ TALLOC_FREE(rname); ++ TALLOC_FREE(res); + } + } + +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb index b5085c913b..1a982368ec 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb +++ b/meta-openembedded/meta-networking/recipes-connectivity/samba/samba_4.10.18.bb @@ -28,6 +28,8 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \ file://0002-util_sec.c-Move-__thread-variable-to-global-scope.patch \ file://0001-Add-options-to-configure-the-use-of-libbsd.patch \ file://0001-nsswitch-nsstest.c-Avoid-nss-function-conflicts-with.patch \ + file://CVE-2020-14318.patch \ + file://CVE-2020-14383.patch \ " SRC_URI_append_libc-musl = " \ file://samba-pam.patch \ diff --git a/meta-openembedded/meta-networking/recipes-kernel/wireguard/files/0001-compat-SYM_FUNC_-START-END-were-backported-to-5.4.patch b/meta-openembedded/meta-networking/recipes-kernel/wireguard/files/0001-compat-SYM_FUNC_-START-END-were-backported-to-5.4.patch new file mode 100644 index 0000000000..a9dc9dc2b7 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-kernel/wireguard/files/0001-compat-SYM_FUNC_-START-END-were-backported-to-5.4.patch @@ -0,0 +1,29 @@ +From ce8faa3ee266ea69431805e6ed4bd7102d982508 Mon Sep 17 00:00:00 2001 +From: "Jason A. Donenfeld" <Jason@zx2c4.com> +Date: Thu, 12 Nov 2020 09:43:38 +0100 +Subject: [PATCH] compat: SYM_FUNC_{START,END} were backported to 5.4 + +Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> + +Upstream-Status: Backport +Fixes build failure in Dunfell. + +Signed-off-by: Armin Kuster <akuster808@gmail.com> + +--- + compat/compat-asm.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: src/compat/compat-asm.h +=================================================================== +--- src.orig/compat/compat-asm.h ++++ src/compat/compat-asm.h +@@ -40,7 +40,7 @@ + #undef pull + #endif + +-#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 5, 0) ++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 76) + #define SYM_FUNC_START ENTRY + #define SYM_FUNC_END ENDPROC + #endif diff --git a/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20200401.bb b/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20200401.bb index 73199592c8..45324c02a1 100644 --- a/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20200401.bb +++ b/meta-openembedded/meta-networking/recipes-kernel/wireguard/wireguard-module_1.0.20200401.bb @@ -2,7 +2,8 @@ require wireguard.inc SRCREV = "43f57dac7b8305024f83addc533c9eede6509129" -SRC_URI = "git://git.zx2c4.com/wireguard-linux-compat" +SRC_URI = "git://git.zx2c4.com/wireguard-linux-compat \ + file://0001-compat-SYM_FUNC_-START-END-were-backported-to-5.4.patch" inherit module kernel-module-split diff --git a/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump/0001-PPP-When-un-escaping-don-t-allocate-a-too-large-buff.patch b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump/0001-PPP-When-un-escaping-don-t-allocate-a-too-large-buff.patch new file mode 100644 index 0000000000..9b74e00c5b --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump/0001-PPP-When-un-escaping-don-t-allocate-a-too-large-buff.patch @@ -0,0 +1,70 @@ +From 32027e199368dad9508965aae8cd8de5b6ab5231 Mon Sep 17 00:00:00 2001 +From: Guy Harris <guy@alum.mit.edu> +Date: Sat, 18 Apr 2020 14:04:59 -0700 +Subject: [PATCH] PPP: When un-escaping, don't allocate a too-large buffer. + +The buffer should be big enough to hold the captured data, but it +doesn't need to be big enough to hold the entire on-the-network packet, +if we haven't captured all of it. + +(backported from commit e4add0b010ed6f2180dcb05a13026242ed935334) + +Upstream-Status: Backport +Signed-off-by: Stacy Gaikovaia <stacy.gaikovaia@windriver.com> + +--- + print-ppp.c | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +diff --git a/print-ppp.c b/print-ppp.c +index 89176172..33fb0341 100644 +--- a/print-ppp.c ++++ b/print-ppp.c +@@ -1367,19 +1367,29 @@ trunc: + return 0; + } + ++/* ++ * Un-escape RFC 1662 PPP in HDLC-like framing, with octet escapes. ++ * The length argument is the on-the-wire length, not the captured ++ * length; we can only un-escape the captured part. ++ */ + static void + ppp_hdlc(netdissect_options *ndo, + const u_char *p, int length) + { ++ u_int caplen = ndo->ndo_snapend - p; + u_char *b, *t, c; + const u_char *s; +- int i, proto; ++ u_int i; ++ int proto; + const void *se; + ++ if (caplen == 0) ++ return; ++ + if (length <= 0) + return; + +- b = (u_char *)malloc(length); ++ b = (u_char *)malloc(caplen); + if (b == NULL) + return; + +@@ -1388,10 +1398,10 @@ ppp_hdlc(netdissect_options *ndo, + * Do this so that we dont overwrite the original packet + * contents. + */ +- for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) { ++ for (s = p, t = b, i = caplen; i != 0; i--) { + c = *s++; + if (c == 0x7d) { +- if (i <= 1 || !ND_TTEST(*s)) ++ if (i <= 1) + break; + i--; + c = *s++ ^ 0x20; +-- +2.17.1 + diff --git a/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump_4.9.3.bb b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump_4.9.3.bb index 94543dd1da..8f7bd59f18 100644 --- a/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump_4.9.3.bb +++ b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump_4.9.3.bb @@ -17,6 +17,7 @@ SRC_URI = " \ file://avoid-absolute-path-when-searching-for-libdlpi.patch \ file://add-ptest.patch \ file://run-ptest \ + file://0001-PPP-When-un-escaping-don-t-allocate-a-too-large-buff.patch \ " SRC_URI[md5sum] = "a4ead41d371f91aa0a2287f589958bae" diff --git a/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.2.7.bb b/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.2.10.bb index 65f925ce1f..d284824149 100644 --- a/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.2.7.bb +++ b/meta-openembedded/meta-networking/recipes-support/wireshark/wireshark_3.2.10.bb @@ -12,7 +12,7 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" -SRC_URI[sha256sum] = "be832fb86d9c455c5be8b225a755cdc77cb0e92356bdfc1fe4b000d93f7d70da" +SRC_URI[sha256sum] = "1e9e239f2449f240a7910ed598084ccaf8ea308b2b46b196c5adbec59612226c" PE = "1" diff --git a/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2020-15803.patch b/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2020-15803.patch new file mode 100644 index 0000000000..2eec4bf327 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2020-15803.patch @@ -0,0 +1,36 @@ +From 4943334fd9bf7dffd49f9e86251ad40b3efe2135 Mon Sep 17 00:00:00 2001 +From: Wang Mingyu <wangmy@cn.fujitsu.com> +Date: Fri, 11 Dec 2020 17:02:20 +0900 +Subject: [PATCH] Fix bug for CVE-2020-15803 + +Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> +--- + frontends/php/include/classes/html/CIFrame.php | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/frontends/php/include/classes/html/CIFrame.php b/frontends/php/include/classes/html/CIFrame.php +index 32220cd..70f2ab5 100644 +--- a/frontends/php/include/classes/html/CIFrame.php ++++ b/frontends/php/include/classes/html/CIFrame.php +@@ -29,6 +29,7 @@ class CIFrame extends CTag { + $this->setHeight($height); + $this->setScrolling($scrolling); + $this->setId($id); ++ $this->setSandbox(); + } + + public function setSrc($value = null) { +@@ -69,4 +70,10 @@ class CIFrame extends CTag { + $this->setAttribute('scrolling', $value); + return $this; + } ++ ++ private function setSandbox() { ++ if (ZBX_IFRAME_SANDBOX !== false) { ++ $this->setAttribute('sandbox', ZBX_IFRAME_SANDBOX); ++ } ++ } + } +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix_4.4.6.bb b/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix_4.4.6.bb index 0e0ddd5779..98a31879c4 100644 --- a/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix_4.4.6.bb +++ b/meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix_4.4.6.bb @@ -26,6 +26,7 @@ PACKAGE_ARCH = "${MACHINE_ARCH}" SRC_URI = "http://jaist.dl.sourceforge.net/project/zabbix/ZABBIX%20Latest%20Stable/${PV}/${BPN}-${PV}.tar.gz \ file://0001-Fix-configure.ac.patch \ file://zabbix-agent.service \ + file://CVE-2020-15803.patch \ " SRC_URI[md5sum] = "e666539220be93b1af38e40f5fbb1f79" diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb-native_10.4.12.bb b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb-native_10.4.17.bb index e1a038dfa3..e1a038dfa3 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb-native_10.4.12.bb +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb-native_10.4.17.bb diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb.inc b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb.inc index 95f5acba1f..1a86bc0446 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb.inc +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb.inc @@ -18,11 +18,9 @@ SRC_URI = "https://downloads.mariadb.org/interstitial/${BP}/source/${BP}.tar.gz file://c11_atomics.patch \ file://clang_version_header_conflict.patch \ file://fix-arm-atomic.patch \ - file://0001-Fix-build-breakage-from-lock_guard-error-6161.patch \ - file://0001-Fix-library-LZ4-lookup.patch \ " -SRC_URI[md5sum] = "97d7c0f508c04a31c138fdb24e95dbc4" -SRC_URI[sha256sum] = "fef1e1d38aa253dd8a51006bd15aad184912fce31c446bb69434fcde735aa208" +SRC_URI[md5sum] = "e8193b9cd008b6d7f177f5a5c44c7a9f" +SRC_URI[sha256sum] = "a7b104e264311cd46524ae546ff0c5107978373e4a01cf7fd8a241454548d16e" UPSTREAM_CHECK_URI = "https://github.com/MariaDB/server/releases" diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/0001-Fix-build-breakage-from-lock_guard-error-6161.patch b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/0001-Fix-build-breakage-from-lock_guard-error-6161.patch deleted file mode 100644 index 87c70617a1..0000000000 --- a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/0001-Fix-build-breakage-from-lock_guard-error-6161.patch +++ /dev/null @@ -1,32 +0,0 @@ -Subject: [PATCH] Fix build breakage from lock_guard error (#6161) - -Summary: -This change fixes a source issue that caused compile time error which -breaks build for many fbcode services in that setup. The size() member -function of channel is a const member, so member variables accessed -within it are implicitly const as well. This caused error when clang -fails to resolve to a constructor that takes std::mutex because the -suitable constructor got rejected due to loss of constness for its -argument. The fix is to add mutable modifier to the lock_ member of -channel. - -Pull Request resolved: https://github.com/facebook/rocksdb/pull/6161 - -Differential Revision: D18967685 - -Pulled By: maysamyabandeh - -Upstream-Status: Backport - -fbshipit-source-id:698b6a5153c3c92eeacb842c467aa28cc350d432 ---- a/storage/rocksdb/rocksdb/util/channel.h -+++ b/storage/rocksdb/rocksdb/util/channel.h -@@ -60,7 +60,7 @@ class channel { - - private: - std::condition_variable cv_; -- std::mutex lock_; -+ mutable std::mutex lock_; - std::queue<T> buffer_; - bool eof_; - }; diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/0001-Fix-library-LZ4-lookup.patch b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/0001-Fix-library-LZ4-lookup.patch index 574dfd317a..4b90d280ac 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/0001-Fix-library-LZ4-lookup.patch +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/0001-Fix-library-LZ4-lookup.patch @@ -8,15 +8,15 @@ Signed-off-by: Sumit Garg <sumit.garg@linaro.org> cmake/FindLZ4.cmake | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) -diff --git a/cmake/FindLZ4.cmake b/cmake/FindLZ4.cmake -index e97dd63e2b0..2f4694e727c 100644 ---- a/cmake/FindLZ4.cmake -+++ b/cmake/FindLZ4.cmake -@@ -1,5 +1,10 @@ --find_path(LZ4_INCLUDE_DIR NAMES lz4.h) --find_library(LZ4_LIBRARY NAMES lz4) +Index: mariadb-10.4.17/cmake/FindLZ4.cmake +=================================================================== +--- mariadb-10.4.17.orig/cmake/FindLZ4.cmake ++++ mariadb-10.4.17/cmake/FindLZ4.cmake +@@ -1,5 +1,11 @@ + find_path(LZ4_INCLUDE_DIR NAMES lz4.h) +-find_library(LZ4_LIBRARIES NAMES lz4) +find_path(LZ4_INCLUDE_DIR -+ NAMES lz4.h ++ NAMES lz4.h + NO_DEFAULT_PATH NO_CMAKE_FIND_ROOT_PATH) + +find_library(LZ4_LIBRARY @@ -25,6 +25,3 @@ index e97dd63e2b0..2f4694e727c 100644 include(FindPackageHandleStandardArgs) FIND_PACKAGE_HANDLE_STANDARD_ARGS( --- -2.17.1 - diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/c11_atomics.patch b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/c11_atomics.patch index 169986130c..b1ce963602 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/c11_atomics.patch +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/c11_atomics.patch @@ -10,9 +10,11 @@ Date: Fri Dec 21 19:14:04 2018 +0200 Upstream-Status: Pending Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- a/configure.cmake -+++ b/configure.cmake -@@ -926,7 +926,25 @@ int main() +Index: mariadb-10.4.17/configure.cmake +=================================================================== +--- mariadb-10.4.17.orig/configure.cmake ++++ mariadb-10.4.17/configure.cmake +@@ -863,7 +863,25 @@ int main() long long int *ptr= &var; return (int)__atomic_load_n(ptr, __ATOMIC_SEQ_CST); }" @@ -39,10 +41,12 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> IF(WITH_VALGRIND) SET(HAVE_valgrind 1) ---- a/mysys/CMakeLists.txt -+++ b/mysys/CMakeLists.txt +Index: mariadb-10.4.17/mysys/CMakeLists.txt +=================================================================== +--- mariadb-10.4.17.orig/mysys/CMakeLists.txt ++++ mariadb-10.4.17/mysys/CMakeLists.txt @@ -78,6 +78,10 @@ TARGET_LINK_LIBRARIES(mysys dbug strings - ${LIBNSL} ${LIBM} ${LIBRT} ${LIBDL} ${LIBSOCKET} ${LIBEXECINFO} ${CRC32_LIBRARY}) + ${LIBNSL} ${LIBM} ${LIBRT} ${CMAKE_DL_LIBS} ${LIBSOCKET} ${LIBEXECINFO} ${CRC32_LIBRARY}) DTRACE_INSTRUMENT(mysys) +IF (HAVE_GCC_C11_ATOMICS_WITH_LIBATOMIC) @@ -52,9 +56,11 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> IF(HAVE_BFD_H) TARGET_LINK_LIBRARIES(mysys bfd) ENDIF(HAVE_BFD_H) ---- a/sql/CMakeLists.txt -+++ b/sql/CMakeLists.txt -@@ -178,6 +178,10 @@ ELSE() +Index: mariadb-10.4.17/sql/CMakeLists.txt +=================================================================== +--- mariadb-10.4.17.orig/sql/CMakeLists.txt ++++ mariadb-10.4.17/sql/CMakeLists.txt +@@ -196,6 +196,10 @@ ELSE() SET(MYSQLD_SOURCE main.cc ${DTRACE_PROBES_ALL}) ENDIF() diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/configure.cmake-fix-valgrind.patch b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/configure.cmake-fix-valgrind.patch index ac94279585..162b1e295b 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/configure.cmake-fix-valgrind.patch +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/configure.cmake-fix-valgrind.patch @@ -21,11 +21,11 @@ Signed-off-by: Mingli Yu <mingli.yu@windriver.com> configure.cmake | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) -diff --git a/configure.cmake b/configure.cmake -index 3cfc4b31..d017b3b3 100644 ---- a/configure.cmake -+++ b/configure.cmake -@@ -930,10 +930,9 @@ HAVE_GCC_C11_ATOMICS) +Index: mariadb-10.4.17/configure.cmake +=================================================================== +--- mariadb-10.4.17.orig/configure.cmake ++++ mariadb-10.4.17/configure.cmake +@@ -867,10 +867,9 @@ HAVE_GCC_C11_ATOMICS) IF(WITH_VALGRIND) SET(HAVE_valgrind 1) diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/fix-a-building-failure.patch b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/fix-a-building-failure.patch index 9149ee21f2..5fc94835ea 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/fix-a-building-failure.patch +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/fix-a-building-failure.patch @@ -14,11 +14,11 @@ Signed-off-by: Mingli Yu <mingli.yu@windriver.com> CMakeLists.txt | 5 ----- 1 file changed, 5 deletions(-) -diff --git a/CMakeLists.txt b/CMakeLists.txt -index fc30750..4f9110e 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -347,11 +347,6 @@ CHECK_PCRE() +Index: mariadb-10.4.17/CMakeLists.txt +=================================================================== +--- mariadb-10.4.17.orig/CMakeLists.txt ++++ mariadb-10.4.17/CMakeLists.txt +@@ -376,11 +376,6 @@ CHECK_PCRE() CHECK_SYSTEMD() @@ -30,6 +30,3 @@ index fc30750..4f9110e 100644 # # Setup maintainer mode options. Platform checks are # not run with the warning options as to not perturb fragile checks --- -2.17.1 - diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/fix-arm-atomic.patch b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/fix-arm-atomic.patch index 05b0cf8ff7..db72709439 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/fix-arm-atomic.patch +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/fix-arm-atomic.patch @@ -15,11 +15,11 @@ Signed-off-by: Mingli Yu <mingli.yu@windriver.com> storage/rocksdb/build_rocksdb.cmake | 3 +++ 1 file changed, 3 insertions(+) -diff --git a/storage/rocksdb/build_rocksdb.cmake b/storage/rocksdb/build_rocksdb.cmake -index d7895b0..3bcd52a 100644 ---- a/storage/rocksdb/build_rocksdb.cmake -+++ b/storage/rocksdb/build_rocksdb.cmake -@@ -470,6 +470,9 @@ list(APPEND SOURCES ${CMAKE_CURRENT_BINARY_DIR}/build_version.cc) +Index: mariadb-10.4.17/storage/rocksdb/build_rocksdb.cmake +=================================================================== +--- mariadb-10.4.17.orig/storage/rocksdb/build_rocksdb.cmake ++++ mariadb-10.4.17/storage/rocksdb/build_rocksdb.cmake +@@ -498,6 +498,9 @@ list(APPEND SOURCES ${CMAKE_CURRENT_BINA ADD_CONVENIENCE_LIBRARY(rocksdblib ${SOURCES}) target_link_libraries(rocksdblib ${THIRDPARTY_LIBS} ${SYSTEM_LIBS}) @@ -29,6 +29,3 @@ index d7895b0..3bcd52a 100644 IF(CMAKE_CXX_COMPILER_ID MATCHES "GNU" OR CMAKE_CXX_COMPILER_ID MATCHES "Clang") set_target_properties(rocksdblib PROPERTIES COMPILE_FLAGS "-fPIC -fno-builtin-memcmp -Wno-error") endif() --- -2.7.4 - diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch index afc1be47b5..16cd584da9 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch @@ -15,11 +15,11 @@ Signed-off-by: Mingli Yu <mingli.yu@windriver.com> sql/CMakeLists.txt | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) -diff --git a/sql/CMakeLists.txt b/sql/CMakeLists.txt -index c6910f46..bf51f4cb 100644 ---- a/sql/CMakeLists.txt -+++ b/sql/CMakeLists.txt -@@ -50,11 +50,16 @@ ${WSREP_INCLUDES} +Index: mariadb-10.4.17/sql/CMakeLists.txt +=================================================================== +--- mariadb-10.4.17.orig/sql/CMakeLists.txt ++++ mariadb-10.4.17/sql/CMakeLists.txt +@@ -55,11 +55,16 @@ ${CMAKE_BINARY_DIR}/sql @@ -41,7 +41,7 @@ index c6910f46..bf51f4cb 100644 ADD_DEFINITIONS(-DMYSQL_SERVER -DHAVE_EVENT_SCHEDULER) -@@ -370,11 +375,16 @@ IF(NOT CMAKE_CROSSCOMPILING) +@@ -364,11 +369,16 @@ IF(NOT CMAKE_CROSSCOMPILING) ADD_EXECUTABLE(gen_lex_hash gen_lex_hash.cc) ENDIF() diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/support-files-CMakeLists.txt-fix-do_populate_sysroot.patch b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/support-files-CMakeLists.txt-fix-do_populate_sysroot.patch index 4f9a4e9b0e..937d13da31 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/support-files-CMakeLists.txt-fix-do_populate_sysroot.patch +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb/support-files-CMakeLists.txt-fix-do_populate_sysroot.patch @@ -15,11 +15,11 @@ Signed-off-by: Mingli Yu <mingli.yu@windriver.com> support-files/CMakeLists.txt | 7 ------- 1 file changed, 7 deletions(-) -diff --git a/support-files/CMakeLists.txt b/support-files/CMakeLists.txt -index b5767432..56733de1 100644 ---- a/support-files/CMakeLists.txt -+++ b/support-files/CMakeLists.txt -@@ -165,12 +165,5 @@ IF(UNIX) +Index: mariadb-10.4.17/support-files/CMakeLists.txt +=================================================================== +--- mariadb-10.4.17.orig/support-files/CMakeLists.txt ++++ mariadb-10.4.17/support-files/CMakeLists.txt +@@ -192,12 +192,5 @@ IF(UNIX) INSTALL(FILES rpm/enable_encryption.preset DESTINATION ${INSTALL_SYSCONF2DIR} COMPONENT IniFiles) ENDIF() diff --git a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb_10.4.12.bb b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb_10.4.17.bb index c0b53379d9..c0b53379d9 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb_10.4.12.bb +++ b/meta-openembedded/meta-oe/recipes-dbs/mysql/mariadb_10.4.17.bb diff --git a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_12.4.bb b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_12.5.bb index 6ea9acc000..047509510f 100644 --- a/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_12.4.bb +++ b/meta-openembedded/meta-oe/recipes-dbs/postgresql/postgresql_12.5.bb @@ -8,4 +8,4 @@ SRC_URI += "\ file://0001-Improve-reproducibility.patch \ " -SRC_URI[sha256sum] = "bee93fbe2c32f59419cb162bcc0145c58da9a8644ee154a30b9a5ce47de606cc" +SRC_URI[sha256sum] = "bd0d25341d9578b5473c9506300022de26370879581f5fddd243a886ce79ff95" diff --git a/meta-openembedded/meta-oe/recipes-devtools/lua/lua/0001-Fixed-bug-barriers-cannot-be-active-during-sweep.patch b/meta-openembedded/meta-oe/recipes-devtools/lua/lua/0001-Fixed-bug-barriers-cannot-be-active-during-sweep.patch new file mode 100644 index 0000000000..a302874d76 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/lua/lua/0001-Fixed-bug-barriers-cannot-be-active-during-sweep.patch @@ -0,0 +1,90 @@ +From 1e6df25ac28dcd89f0324177bb55019422404b44 Mon Sep 17 00:00:00 2001 +From: Roberto Ierusalimschy <roberto@inf.puc-rio.br> +Date: Thu, 3 Sep 2020 15:32:17 +0800 +Subject: [PATCH] Fixed bug: barriers cannot be active during sweep + +Barriers cannot be active during sweep, even in generational mode. +(Although gen. mode is not incremental, it can hit a barrier when +deleting a thread and closing its upvalues.) The colors of objects are +being changed during sweep and, therefore, cannot be trusted. + +Upstream-Status: Backport [https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110] +CVE: CVE-2020-24371 + +[Adjust code KGC_INC -> KGC_NORMAL, refer 69371c4b84becac09c445aae01d005b49658ef82] +Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> +--- + src/lgc.c | 33 ++++++++++++++++++++++++--------- + 1 file changed, 24 insertions(+), 9 deletions(-) + +diff --git a/src/lgc.c b/src/lgc.c +index 973c269..7af23d5 100644 +--- a/src/lgc.c ++++ b/src/lgc.c +@@ -142,10 +142,17 @@ static int iscleared (global_State *g, const TValue *o) { + + + /* +-** barrier that moves collector forward, that is, mark the white object +-** being pointed by a black object. (If in sweep phase, clear the black +-** object to white [sweep it] to avoid other barrier calls for this +-** same object.) ++** Barrier that moves collector forward, that is, marks the white object ++** 'v' being pointed by the black object 'o'. In the generational ++** mode, 'v' must also become old, if 'o' is old; however, it cannot ++** be changed directly to OLD, because it may still point to non-old ++** objects. So, it is marked as OLD0. In the next cycle it will become ++** OLD1, and in the next it will finally become OLD (regular old). By ++** then, any object it points to will also be old. If called in the ++** incremental sweep phase, it clears the black object to white (sweep ++** it) to avoid other barrier calls for this same object. (That cannot ++** be done is generational mode, as its sweep does not distinguish ++** whites from deads.) + */ + void luaC_barrier_ (lua_State *L, GCObject *o, GCObject *v) { + global_State *g = G(L); +@@ -154,7 +161,8 @@ void luaC_barrier_ (lua_State *L, GCObject *o, GCObject *v) { + reallymarkobject(g, v); /* restore invariant */ + else { /* sweep phase */ + lua_assert(issweepphase(g)); +- makewhite(g, o); /* mark main obj. as white to avoid other barriers */ ++ if (g->gckind == KGC_NORMAL) /* incremental mode? */ ++ makewhite(g, o); /* mark 'o' as white to avoid other barriers */ + } + } + +@@ -299,10 +307,15 @@ static void markbeingfnz (global_State *g) { + + + /* +-** Mark all values stored in marked open upvalues from non-marked threads. +-** (Values from marked threads were already marked when traversing the +-** thread.) Remove from the list threads that no longer have upvalues and +-** not-marked threads. ++** For each non-marked thread, simulates a barrier between each open ++** upvalue and its value. (If the thread is collected, the value will be ++** assigned to the upvalue, but then it can be too late for the barrier ++** to act. The "barrier" does not need to check colors: A non-marked ++** thread must be young; upvalues cannot be older than their threads; so ++** any visited upvalue must be young too.) Also removes the thread from ++** the list, as it was already visited. Removes also threads with no ++** upvalues, as they have nothing to be checked. (If the thread gets an ++** upvalue later, it will be linked in the list again.) + */ + static void remarkupvals (global_State *g) { + lua_State *thread; +@@ -313,9 +326,11 @@ static void remarkupvals (global_State *g) { + p = &thread->twups; /* keep marked thread with upvalues in the list */ + else { /* thread is not marked or without upvalues */ + UpVal *uv; ++ lua_assert(!isold(thread) || thread->openupval == NULL); + *p = thread->twups; /* remove thread from the list */ + thread->twups = thread; /* mark that it is out of list */ + for (uv = thread->openupval; uv != NULL; uv = uv->u.open.next) { ++ lua_assert(getage(uv) <= getage(thread)); + if (uv->u.open.touched) { + markvalue(g, uv->v); /* remark upvalue's value */ + uv->u.open.touched = 0; +-- +1.9.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/lua/lua/CVE-2020-15945.patch b/meta-openembedded/meta-oe/recipes-devtools/lua/lua/CVE-2020-15945.patch new file mode 100644 index 0000000000..89ce491487 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/lua/lua/CVE-2020-15945.patch @@ -0,0 +1,167 @@ +From d8d344365945a534f700c82c5dd26f704f89fef3 Mon Sep 17 00:00:00 2001 +From: Roberto Ierusalimschy <roberto@inf.puc-rio.br> +Date: Wed, 5 Aug 2020 16:59:58 +0800 +Subject: [PATCH] Fixed bug: invalid 'oldpc' when returning to a function + +The field 'L->oldpc' is not always updated when control returns to a +function; an invalid value can seg. fault when computing 'changedline'. +(One example is an error in a finalizer; control can return to +'luaV_execute' without executing 'luaD_poscall'.) Instead of trying to +fix all possible corner cases, it seems safer to be resilient to invalid +values for 'oldpc'. Valid but wrong values at most cause an extra call +to a line hook. + +CVE: CVE-2020-15945 + +[Adjust the code to be applicable to the tree] + +Upstream-Status: Backport [https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3] + +Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> +Signed-off-by: Joe Slater <joe.slater@@windriver.com> + +--- + src/ldebug.c | 30 +++++++++++++++--------------- + src/ldebug.h | 4 ++++ + src/ldo.c | 2 +- + src/lstate.c | 1 + + src/lstate.h | 2 +- + 5 files changed, 22 insertions(+), 17 deletions(-) + +diff --git a/src/ldebug.c b/src/ldebug.c +index 239affb..832b16c 100644 +--- a/src/ldebug.c ++++ b/src/ldebug.c +@@ -34,9 +34,8 @@ + #define noLuaClosure(f) ((f) == NULL || (f)->c.tt == LUA_TCCL) + + +-/* Active Lua function (given call info) */ +-#define ci_func(ci) (clLvalue((ci)->func)) +- ++/* inverse of 'pcRel' */ ++#define invpcRel(pc, p) ((p)->code + (pc) + 1) + + static const char *funcnamefromcode (lua_State *L, CallInfo *ci, + const char **name); +@@ -71,20 +70,18 @@ static void swapextra (lua_State *L) { + + /* + ** This function can be called asynchronously (e.g. during a signal). +-** Fields 'oldpc', 'basehookcount', and 'hookcount' (set by +-** 'resethookcount') are for debug only, and it is no problem if they +-** get arbitrary values (causes at most one wrong hook call). 'hookmask' +-** is an atomic value. We assume that pointers are atomic too (e.g., gcc +-** ensures that for all platforms where it runs). Moreover, 'hook' is +-** always checked before being called (see 'luaD_hook'). ++** Fields 'basehookcount' and 'hookcount' (set by 'resethookcount') ++** are for debug only, and it is no problem if they get arbitrary ++** values (causes at most one wrong hook call). 'hookmask' is an atomic ++** value. We assume that pointers are atomic too (e.g., gcc ensures that ++** for all platforms where it runs). Moreover, 'hook' is always checked ++** before being called (see 'luaD_hook'). + */ + LUA_API void lua_sethook (lua_State *L, lua_Hook func, int mask, int count) { + if (func == NULL || mask == 0) { /* turn off hooks? */ + mask = 0; + func = NULL; + } +- if (isLua(L->ci)) +- L->oldpc = L->ci->u.l.savedpc; + L->hook = func; + L->basehookcount = count; + resethookcount(L); +@@ -665,7 +662,10 @@ l_noret luaG_runerror (lua_State *L, const char *fmt, ...) { + void luaG_traceexec (lua_State *L) { + CallInfo *ci = L->ci; + lu_byte mask = L->hookmask; ++ const Proto *p = ci_func(ci)->p; + int counthook = (--L->hookcount == 0 && (mask & LUA_MASKCOUNT)); ++ /* 'L->oldpc' may be invalid; reset it in this case */ ++ int oldpc = (L->oldpc < p->sizecode) ? L->oldpc : 0; + if (counthook) + resethookcount(L); /* reset count */ + else if (!(mask & LUA_MASKLINE)) +@@ -677,15 +677,15 @@ void luaG_traceexec (lua_State *L) { + if (counthook) + luaD_hook(L, LUA_HOOKCOUNT, -1); /* call count hook */ + if (mask & LUA_MASKLINE) { +- Proto *p = ci_func(ci)->p; + int npc = pcRel(ci->u.l.savedpc, p); + int newline = getfuncline(p, npc); + if (npc == 0 || /* call linehook when enter a new function, */ +- ci->u.l.savedpc <= L->oldpc || /* when jump back (loop), or when */ +- newline != getfuncline(p, pcRel(L->oldpc, p))) /* enter a new line */ ++ ci->u.l.savedpc <= invpcRel(oldpc, p) || /* when jump back (loop), or when */ ++ newline != getfuncline(p, oldpc)) /* enter a new line */ + luaD_hook(L, LUA_HOOKLINE, newline); /* call line hook */ ++ ++ L->oldpc = npc; /* 'pc' of last call to line hook */ + } +- L->oldpc = ci->u.l.savedpc; + if (L->status == LUA_YIELD) { /* did hook yield? */ + if (counthook) + L->hookcount = 1; /* undo decrement to zero */ +diff --git a/src/ldebug.h b/src/ldebug.h +index 0e31546..c224cc4 100644 +--- a/src/ldebug.h ++++ b/src/ldebug.h +@@ -13,6 +13,10 @@ + + #define pcRel(pc, p) (cast(int, (pc) - (p)->code) - 1) + ++/* Active Lua function (given call info) */ ++#define ci_func(ci) (clLvalue((ci)->func)) ++ ++ + #define getfuncline(f,pc) (((f)->lineinfo) ? (f)->lineinfo[pc] : -1) + + #define resethookcount(L) (L->hookcount = L->basehookcount) +diff --git a/src/ldo.c b/src/ldo.c +index 90b695f..f66ac1a 100644 +--- a/src/ldo.c ++++ b/src/ldo.c +@@ -382,7 +382,7 @@ int luaD_poscall (lua_State *L, CallInfo *ci, StkId firstResult, int nres) { + luaD_hook(L, LUA_HOOKRET, -1); + firstResult = restorestack(L, fr); + } +- L->oldpc = ci->previous->u.l.savedpc; /* 'oldpc' for caller function */ ++ L->oldpc = pcRel(ci->u.l.savedpc, ci_func(ci)->p); /* 'oldpc' for caller function */ + } + res = ci->func; /* res == final position of 1st result */ + L->ci = ci->previous; /* back to caller */ +diff --git a/src/lstate.c b/src/lstate.c +index 9194ac3..3573e36 100644 +--- a/src/lstate.c ++++ b/src/lstate.c +@@ -236,6 +236,7 @@ static void preinit_thread (lua_State *L, global_State *g) { + L->nny = 1; + L->status = LUA_OK; + L->errfunc = 0; ++ L->oldpc = 0; + } + + +diff --git a/src/lstate.h b/src/lstate.h +index a469466..d75eadf 100644 +--- a/src/lstate.h ++++ b/src/lstate.h +@@ -164,7 +164,6 @@ struct lua_State { + StkId top; /* first free slot in the stack */ + global_State *l_G; + CallInfo *ci; /* call info for current function */ +- const Instruction *oldpc; /* last pc traced */ + StkId stack_last; /* last free slot in the stack */ + StkId stack; /* stack base */ + UpVal *openupval; /* list of open upvalues in this stack */ +@@ -174,6 +173,7 @@ struct lua_State { + CallInfo base_ci; /* CallInfo for first level (C calling Lua) */ + volatile lua_Hook hook; + ptrdiff_t errfunc; /* current error handling function (stack index) */ ++ int oldpc; /* last pc traced */ + int stacksize; + int basehookcount; + int hookcount; +-- +2.13.3 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/lua/lua_5.3.5.bb b/meta-openembedded/meta-oe/recipes-devtools/lua/lua_5.3.6.bb index d3461b06de..342ed1b547 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/lua/lua_5.3.5.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/lua/lua_5.3.6.bb @@ -1,13 +1,15 @@ DESCRIPTION = "Lua is a powerful light-weight programming language designed \ for extending applications." LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://doc/readme.html;beginline=318;endline=352;md5=60aa5cfdbd40086501778d9b6ebf29ee" +LIC_FILES_CHKSUM = "file://doc/readme.html;beginline=318;endline=352;md5=f43d8ee6bc4df18ef8b276439cc4a153" HOMEPAGE = "http://www.lua.org/" SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \ file://lua.pc.in \ file://0001-Allow-building-lua-without-readline-on-Linux.patch \ file://CVE-2020-15888.patch \ + file://CVE-2020-15945.patch \ + file://0001-Fixed-bug-barriers-cannot-be-active-during-sweep.patch \ " # if no test suite matches PV release of Lua exactly, download the suite for the closest Lua release. @@ -18,8 +20,8 @@ SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', \ file://run-ptest \ ', '', d)}" -SRC_URI[tarballsrc.md5sum] = "4f4b4f323fd3514a68e0ab3da8ce3455" -SRC_URI[tarballsrc.sha256sum] = "0c2eed3f960446e1a3e4b9a1ca2f3ff893b6ce41942cf54d5dd59ab4b3b058ac" +SRC_URI[tarballsrc.md5sum] = "83f23dbd5230140a3770d5f54076948d" +SRC_URI[tarballsrc.sha256sum] = "fc5fd69bb8736323f026672b1b7235da613d7177e72558893a0bdcd320466d60" SRC_URI[tarballtest.md5sum] = "b14fe3748c1cb2d74e3acd1943629ba3" SRC_URI[tarballtest.sha256sum] = "b80771238271c72565e5a1183292ef31bd7166414cd0d43a8eb79845fa7f599f" diff --git a/meta-openembedded/meta-oe/recipes-devtools/mcpp/files/CVE-2019-14274.patch b/meta-openembedded/meta-oe/recipes-devtools/mcpp/files/CVE-2019-14274.patch new file mode 100644 index 0000000000..a0c6584ecb --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/mcpp/files/CVE-2019-14274.patch @@ -0,0 +1,34 @@ +From ea453aca2742be6ac43ba4ce0da6f938a7e5a5d8 Mon Sep 17 00:00:00 2001 +From: He Liu <liulonnie@gmail.com> +Date: Tue, 4 Feb 2014 11:00:40 -0800 +Subject: [PATCH] line comment bug + +--- + src/support.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/support.c b/src/support.c +index c57eaef..e3357e4 100644 +--- a/src/support.c ++++ b/src/support.c +@@ -188,7 +188,7 @@ static char * append_to_buffer( + size_t length + ) + { +- if (mem_buf_p->bytes_avail < length) { /* Need to allocate more memory */ ++ if (mem_buf_p->bytes_avail < length + 1) { /* Need to allocate more memory */ + size_t size = MAX( BUF_INCR_SIZE, length); + + if (mem_buf_p->buffer == NULL) { /* 1st append */ +@@ -1722,6 +1722,8 @@ com_start: + sp -= 2; + while (*sp != '\n') /* Until end of line */ + mcpp_fputc( *sp++, OUT); ++ mcpp_fputc('\n', OUT); ++ wrong_line = TRUE; + } + goto end_line; + default: /* Not a comment */ +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/mcpp/files/ice-mcpp.patch b/meta-openembedded/meta-oe/recipes-devtools/mcpp/files/ice-mcpp.patch index 8103cf0920..1df3ae55bc 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/mcpp/files/ice-mcpp.patch +++ b/meta-openembedded/meta-oe/recipes-devtools/mcpp/files/ice-mcpp.patch @@ -114,37 +114,6 @@ diff -r -c -N ../mcpp-2.7.2-old/src/main.c ./src/main.c } int mcpp_lib_main -diff -r -c -N ../mcpp-2.7.2-old/src/support.c ./src/support.c -*** ../mcpp-2.7.2-old/src/support.c Tue Jun 10 06:02:33 2008 ---- ./src/support.c Fri May 14 12:40:56 2010 -*************** -*** 188,194 **** - size_t length - ) - { -! if (mem_buf_p->bytes_avail < length) { /* Need to allocate more memory */ - size_t size = MAX( BUF_INCR_SIZE, length); - - if (mem_buf_p->buffer == NULL) { /* 1st append */ ---- 188,194 ---- - size_t length - ) - { -! if (mem_buf_p->bytes_avail < length + 1) { /* Need to allocate more memory */ - size_t size = MAX( BUF_INCR_SIZE, length); - - if (mem_buf_p->buffer == NULL) { /* 1st append */ -*************** -*** 1722,1727 **** ---- 1722,1729 ---- - sp -= 2; - while (*sp != '\n') /* Until end of line */ - mcpp_fputc( *sp++, OUT); -+ mcpp_fputc( '\n', OUT); -+ wrong_line = TRUE; - } - goto end_line; - default: /* Not a comment */ diff -r -c -N ../mcpp-2.7.2-old/src/system.c ./src/system.c *** ../mcpp-2.7.2-old/src/system.c 2008-11-26 10:53:51.000000000 +0100 --- ./src/system.c 2011-02-21 16:18:05.678058106 +0100 diff --git a/meta-openembedded/meta-oe/recipes-devtools/mcpp/mcpp_2.7.2.bb b/meta-openembedded/meta-oe/recipes-devtools/mcpp/mcpp_2.7.2.bb index b5ca495663..f8125f72d9 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/mcpp/mcpp_2.7.2.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/mcpp/mcpp_2.7.2.bb @@ -4,7 +4,8 @@ LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=5ca370b75ec890321888a00cea9bc1d5" SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \ - file://ice-mcpp.patch " + file://ice-mcpp.patch \ + file://CVE-2019-14274.patch" SRC_URI[md5sum] = "512de48c87ab023a69250edc7a0c7b05" SRC_URI[sha256sum] = "3b9b4421888519876c4fc68ade324a3bbd81ceeb7092ecdbbc2055099fcb8864" diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Remove-use-of-register-r7-because-llvm-now-issues-an.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Remove-use-of-register-r7-because-llvm-now-issues-an.patch new file mode 100644 index 0000000000..a23f1c243e --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-Remove-use-of-register-r7-because-llvm-now-issues-an.patch @@ -0,0 +1,53 @@ +From be8d3cd6eab4b8f9849133060abb1aba4400276b Mon Sep 17 00:00:00 2001 +From: Amy Huang <akhuang@google.com> +Date: Thu, 23 Apr 2020 11:25:53 -0700 +Subject: [PATCH] Remove use of register r7 because llvm now issues an error + when "r7" is used (starting in commit d85b3877) + +Bug: chromium:1073270 +Change-Id: I7ec8112f170b98d2edaf92bc9341e738f8de07a3 +Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2163435 +Reviewed-by: Nico Weber <thakis@chromium.org> +Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> +Commit-Queue: Nico Weber <thakis@chromium.org> +Cr-Commit-Position: refs/heads/master@{#67371} +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- +Upstream-Status: Backport [https://chromium.googlesource.com/v8/v8/+/00604cd2806b5d26bef592dd19989a234bd07a4b%5E%21/] + deps/v8/src/codegen/arm/cpu-arm.cc | 13 ------------- + 1 file changed, 13 deletions(-) + +diff --git a/deps/v8/src/codegen/arm/cpu-arm.cc b/deps/v8/src/codegen/arm/cpu-arm.cc +index 868f360..654d68f 100644 +--- a/deps/v8/src/codegen/arm/cpu-arm.cc ++++ b/deps/v8/src/codegen/arm/cpu-arm.cc +@@ -30,18 +30,6 @@ V8_NOINLINE void CpuFeatures::FlushICache(void* start, size_t size) { + register uint32_t end asm("r1") = beg + size; + register uint32_t flg asm("r2") = 0; + +-#ifdef __clang__ +- // This variant of the asm avoids a constant pool entry, which can be +- // problematic when LTO'ing. It is also slightly shorter. +- register uint32_t scno asm("r7") = __ARM_NR_cacheflush; +- +- asm volatile("svc 0\n" +- : +- : "r"(beg), "r"(end), "r"(flg), "r"(scno) +- : "memory"); +-#else +- // Use a different variant of the asm with GCC because some versions doesn't +- // support r7 as an asm input. + asm volatile( + // This assembly works for both ARM and Thumb targets. + +@@ -59,7 +47,6 @@ V8_NOINLINE void CpuFeatures::FlushICache(void* start, size_t size) { + : "r"(beg), "r"(end), "r"(flg), [scno] "i"(__ARM_NR_cacheflush) + : "memory"); + #endif +-#endif + #endif // !USE_SIMULATOR + } + +-- +2.29.2 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-build-allow-passing-multiple-libs-to-pkg_config.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-build-allow-passing-multiple-libs-to-pkg_config.patch deleted file mode 100644 index 13edf229b3..0000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0001-build-allow-passing-multiple-libs-to-pkg_config.patch +++ /dev/null @@ -1,41 +0,0 @@ -From fdaa0e3bef93c5c72a7258b5f1e30718e7d81f9b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <git@andred.net> -Date: Mon, 2 Mar 2020 12:17:09 +0000 -Subject: [PATCH 1/2] build: allow passing multiple libs to pkg_config -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Sometimes it's necessary to pass multiple library names to pkg-config, -e.g. the brotli shared libraries can be pulled in with - pkg-config libbrotlienc libbrotlidec - -Update the code to handle both, strings (as used so far), and lists -of strings. - -Signed-off-by: André Draszik <git@andred.net> ---- -Upstream-Status: Submitted [https://github.com/nodejs/node/pull/32046] - configure.py | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/configure.py b/configure.py -index beb08df088..e3f78f2fed 100755 ---- a/configure.py -+++ b/configure.py -@@ -680,7 +680,11 @@ def pkg_config(pkg): - retval = () - for flag in ['--libs-only-l', '--cflags-only-I', - '--libs-only-L', '--modversion']: -- args += [flag, pkg] -+ args += [flag] -+ if isinstance(pkg, list): -+ args += pkg -+ else: -+ args += [pkg] - try: - proc = subprocess.Popen(shlex.split(pkg_config) + args, - stdout=subprocess.PIPE) --- -2.25.0 - diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-build-allow-use-of-system-installed-brotli.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-build-allow-use-of-system-installed-brotli.patch deleted file mode 100644 index fc038f3aae..0000000000 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0002-build-allow-use-of-system-installed-brotli.patch +++ /dev/null @@ -1,66 +0,0 @@ -From f0f927feee8cb1fb173835d5c3f6beb6bf7d5e54 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <git@andred.net> -Date: Mon, 2 Mar 2020 12:17:35 +0000 -Subject: [PATCH 2/2] build: allow use of system-installed brotli -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -brotli is available as a shared library since 2016, so it makes sense -to allow its use as a system-installed version. - -Some of the infrastructure was in place already (node.gyp and -node.gypi), but some bits in the configure script here were missing. - -Add them, keeping the default as before, to use the bundled version. - -Refs: https://github.com/google/brotli/pull/421 -Signed-off-by: André Draszik <git@andred.net> ---- -Upstream-Status: Submitted [https://github.com/nodejs/node/pull/32046] - configure.py | 22 ++++++++++++++++++++++ - 1 file changed, 22 insertions(+) - -diff --git a/configure.py b/configure.py -index e3f78f2fed..0190e31b41 100755 ---- a/configure.py -+++ b/configure.py -@@ -301,6 +301,27 @@ shared_optgroup.add_option('--shared-zlib-libpath', - dest='shared_zlib_libpath', - help='a directory to search for the shared zlib DLL') - -+shared_optgroup.add_option('--shared-brotli', -+ action='store_true', -+ dest='shared_brotli', -+ help='link to a shared brotli DLL instead of static linking') -+ -+shared_optgroup.add_option('--shared-brotli-includes', -+ action='store', -+ dest='shared_brotli_includes', -+ help='directory containing brotli header files') -+ -+shared_optgroup.add_option('--shared-brotli-libname', -+ action='store', -+ dest='shared_brotli_libname', -+ default='brotlidec,brotlienc', -+ help='alternative lib name to link to [default: %default]') -+ -+shared_optgroup.add_option('--shared-brotli-libpath', -+ action='store', -+ dest='shared_brotli_libpath', -+ help='a directory to search for the shared brotli DLL') -+ - shared_optgroup.add_option('--shared-cares', - action='store_true', - dest='shared_cares', -@@ -1692,6 +1713,7 @@ configure_napi(output) - configure_library('zlib', output) - configure_library('http_parser', output) - configure_library('libuv', output) -+configure_library('brotli', output, pkgname=['libbrotlidec', 'libbrotlienc']) - configure_library('cares', output, pkgname='libcares') - configure_library('nghttp2', output, pkgname='libnghttp2') - configure_v8(output) --- -2.25.0 - diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0003-Install-both-binaries-and-use-libdir.patch b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0003-Install-both-binaries-and-use-libdir.patch index 599f742b2f..92386fa779 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0003-Install-both-binaries-and-use-libdir.patch +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs/0003-Install-both-binaries-and-use-libdir.patch @@ -20,11 +20,9 @@ Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> tools/install.py | 31 ++++++++++++++----------------- 2 files changed, 21 insertions(+), 17 deletions(-) -diff --git a/configure.py b/configure.py -index 20cce214db..e2d78a2a51 100755 --- a/configure.py +++ b/configure.py -@@ -559,6 +559,12 @@ parser.add_option('--shared', +@@ -602,6 +602,12 @@ parser.add_option('--shared', help='compile shared library for embedding node in another project. ' + '(This mode is not officially supported for regular applications)') @@ -37,16 +35,14 @@ index 20cce214db..e2d78a2a51 100755 parser.add_option('--without-v8-platform', action='store_true', dest='without_v8_platform', -@@ -1103,6 +1109,7 @@ def configure_node(o): - if o['variables']['want_separate_host_toolset'] == 0: - o['variables']['node_code_cache'] = 'yes' # For testing +@@ -1168,6 +1174,7 @@ def configure_node(o): + o['variables']['node_no_browser_globals'] = b(options.no_browser_globals) + o['variables']['node_shared'] = b(options.shared) + o['variables']['libdir'] = options.libdir node_module_version = getmoduleversion.get_version() - if sys.platform == 'darwin': -diff --git a/tools/install.py b/tools/install.py -index 655802980a..fe4723bf15 100755 + if options.dest_os == 'android': --- a/tools/install.py +++ b/tools/install.py @@ -121,26 +121,23 @@ def subdir_files(path, dest, action): @@ -72,24 +68,20 @@ index 655802980a..fe4723bf15 100755 - # in its source - see the _InstallableTargetInstallPath function. - if sys.platform != 'darwin': - output_prefix += 'lib.target/' -- -- if 'false' == variables.get('node_shared'): -- action([output_prefix + output_file], 'bin/' + output_file) -- else: -- action([output_prefix + output_file], 'lib/' + output_file) + output_bin = 'node' + output_lib = 'libnode.' + variables.get('shlib_suffix') + # GYP will output to lib.target except on OS X, this is hardcoded + # in its source - see the _InstallableTargetInstallPath function. + if sys.platform != 'darwin': + output_libprefix += 'lib.target/' -+ + +- if 'false' == variables.get('node_shared'): +- action([output_prefix + output_file], 'bin/' + output_file) +- else: +- action([output_prefix + output_file], 'lib/' + output_file) + action([output_prefix + output_bin], 'bin/' + output_bin) + if 'true' == variables.get('node_shared'): + action([output_libprefix + output_lib], variables.get('libdir') + '/' + output_lib) if 'true' == variables.get('node_use_dtrace'): action(['out/Release/node.d'], 'lib/dtrace/node.d') --- -2.20.1 - diff --git a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.14.1.bb b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.20.1.bb index d468fb3ffa..0673a3202d 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.14.1.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_12.20.1.bb @@ -1,7 +1,7 @@ DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript" HOMEPAGE = "http://nodejs.org" LICENSE = "MIT & BSD & Artistic-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=be4d5107c64dc3d7c57e3797e1a0674b" +LIC_FILES_CHKSUM = "file://LICENSE;md5=8c66ff8861d9f96076a7cb61e3d75f54" DEPENDS = "openssl" DEPENDS_append_class-target = " nodejs-native" @@ -20,16 +20,13 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ file://0003-Install-both-binaries-and-use-libdir.patch \ file://0004-v8-don-t-override-ARM-CFLAGS.patch \ file://big-endian.patch \ - file://0001-build-allow-passing-multiple-libs-to-pkg_config.patch \ - file://0002-build-allow-use-of-system-installed-brotli.patch \ file://mips-warnings.patch \ + file://0001-Remove-use-of-register-r7-because-llvm-now-issues-an.patch \ " SRC_URI_append_class-target = " \ file://0002-Using-native-binaries.patch \ " - -SRC_URI[md5sum] = "1c78a75f5c95321f533ecccca695e814" -SRC_URI[sha256sum] = "877b4b842318b0e09bc754faf7343f2f097f0fc4f88ab9ae57cf9944e88e7adb" +SRC_URI[sha256sum] = "e00eee325d705b2bfa9929b7d061eb2315402d7e8548945eac9870bf84321853" S = "${WORKDIR}/node-v${PV}" @@ -54,7 +51,8 @@ ARCHFLAGS_arm = "${@bb.utils.contains('TUNE_FEATURES', 'callconvention-hard', '- GYP_DEFINES_append_mipsel = " mips_arch_variant='r1' " ARCHFLAGS ?= "" -PACKAGECONFIG ??= "ares brotli icu libuv zlib" +PACKAGECONFIG ??= "ares brotli icu zlib" + PACKAGECONFIG[ares] = "--shared-cares,,c-ares" PACKAGECONFIG[brotli] = "--shared-brotli,,brotli" PACKAGECONFIG[icu] = "--with-intl=system-icu,--without-intl,icu" diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php/CVE-2020-7069.patch b/meta-openembedded/meta-oe/recipes-devtools/php/php/CVE-2020-7069.patch new file mode 100644 index 0000000000..0cf4d5ed60 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/php/php/CVE-2020-7069.patch @@ -0,0 +1,158 @@ +Subject: Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption + for a 12 bytes IV) + +--- + ext/openssl/openssl.c | 10 ++++----- + ext/openssl/tests/cipher_tests.inc | 21 +++++++++++++++++ + ext/openssl/tests/openssl_decrypt_ccm.phpt | 22 +++++++++++------- + ext/openssl/tests/openssl_encrypt_ccm.phpt | 26 ++++++++++++++-------- + 4 files changed, 57 insertions(+), 22 deletions(-) + +diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c +index 04cb9b0f..fdad2c3b 100644 +--- a/ext/openssl/openssl.c ++++ b/ext/openssl/openssl.c +@@ -6521,11 +6521,6 @@ static int php_openssl_validate_iv(char **piv, size_t *piv_len, size_t iv_requir + { + char *iv_new; + +- /* Best case scenario, user behaved */ +- if (*piv_len == iv_required_len) { +- return SUCCESS; +- } +- + if (mode->is_aead) { + if (EVP_CIPHER_CTX_ctrl(cipher_ctx, mode->aead_ivlen_flag, *piv_len, NULL) != 1) { + php_error_docref(NULL, E_WARNING, "Setting of IV length for AEAD mode failed"); +@@ -6534,6 +6529,11 @@ static int php_openssl_validate_iv(char **piv, size_t *piv_len, size_t iv_requir + return SUCCESS; + } + ++ /* Best case scenario, user behaved */ ++ if (*piv_len == iv_required_len) { ++ return SUCCESS; ++ } ++ + iv_new = ecalloc(1, iv_required_len + 1); + + if (*piv_len == 0) { +diff --git a/ext/openssl/tests/cipher_tests.inc b/ext/openssl/tests/cipher_tests.inc +index b1e46b41..779bfa85 100644 +--- a/ext/openssl/tests/cipher_tests.inc ++++ b/ext/openssl/tests/cipher_tests.inc +@@ -1,5 +1,26 @@ + <?php + $php_openssl_cipher_tests = array( ++ 'aes-128-ccm' => array( ++ array( ++ 'key' => '404142434445464748494a4b4c4d4e4f', ++ 'iv' => '1011121314151617', ++ 'aad' => '000102030405060708090a0b0c0d0e0f', ++ 'tag' => '1fc64fbfaccd', ++ 'pt' => '202122232425262728292a2b2c2d2e2f', ++ 'ct' => 'd2a1f0e051ea5f62081a7792073d593d', ++ ), ++ array( ++ 'key' => '404142434445464748494a4b4c4d4e4f', ++ 'iv' => '101112131415161718191a1b', ++ 'aad' => '000102030405060708090a0b0c0d0e0f' . ++ '10111213', ++ 'tag' => '484392fbc1b09951', ++ 'pt' => '202122232425262728292a2b2c2d2e2f' . ++ '3031323334353637', ++ 'ct' => 'e3b201a9f5b71a7a9b1ceaeccd97e70b' . ++ '6176aad9a4428aa5', ++ ), ++ ), + 'aes-256-ccm' => array( + array( + 'key' => '1bde3251d41a8b5ea013c195ae128b21' . +diff --git a/ext/openssl/tests/openssl_decrypt_ccm.phpt b/ext/openssl/tests/openssl_decrypt_ccm.phpt +index a5f01b87..08ef5bb7 100644 +--- a/ext/openssl/tests/openssl_decrypt_ccm.phpt ++++ b/ext/openssl/tests/openssl_decrypt_ccm.phpt +@@ -10,14 +10,16 @@ if (!in_array('aes-256-ccm', openssl_get_cipher_methods())) + --FILE-- + <?php + require_once __DIR__ . "/cipher_tests.inc"; +-$method = 'aes-256-ccm'; +-$tests = openssl_get_cipher_tests($method); ++$methods = ['aes-128-ccm', 'aes-256-ccm']; + +-foreach ($tests as $idx => $test) { +- echo "TEST $idx\n"; +- $pt = openssl_decrypt($test['ct'], $method, $test['key'], OPENSSL_RAW_DATA, +- $test['iv'], $test['tag'], $test['aad']); +- var_dump($test['pt'] === $pt); ++foreach ($methods as $method) { ++ $tests = openssl_get_cipher_tests($method); ++ foreach ($tests as $idx => $test) { ++ echo "$method - TEST $idx\n"; ++ $pt = openssl_decrypt($test['ct'], $method, $test['key'], OPENSSL_RAW_DATA, ++ $test['iv'], $test['tag'], $test['aad']); ++ var_dump($test['pt'] === $pt); ++ } + } + + // no IV +@@ -32,7 +34,11 @@ var_dump(openssl_decrypt($test['ct'], $method, $test['key'], OPENSSL_RAW_DATA, + + ?> + --EXPECTF-- +-TEST 0 ++aes-128-ccm - TEST 0 ++bool(true) ++aes-128-ccm - TEST 1 ++bool(true) ++aes-256-ccm - TEST 0 + bool(true) + + Warning: openssl_decrypt(): Setting of IV length for AEAD mode failed in %s on line %d +diff --git a/ext/openssl/tests/openssl_encrypt_ccm.phpt b/ext/openssl/tests/openssl_encrypt_ccm.phpt +index fb5dbbc8..8c4c41f8 100644 +--- a/ext/openssl/tests/openssl_encrypt_ccm.phpt ++++ b/ext/openssl/tests/openssl_encrypt_ccm.phpt +@@ -10,15 +10,17 @@ if (!in_array('aes-256-ccm', openssl_get_cipher_methods())) + --FILE-- + <?php + require_once __DIR__ . "/cipher_tests.inc"; +-$method = 'aes-256-ccm'; +-$tests = openssl_get_cipher_tests($method); ++$methods = ['aes-128-ccm', 'aes-256-ccm']; + +-foreach ($tests as $idx => $test) { +- echo "TEST $idx\n"; +- $ct = openssl_encrypt($test['pt'], $method, $test['key'], OPENSSL_RAW_DATA, +- $test['iv'], $tag, $test['aad'], strlen($test['tag'])); +- var_dump($test['ct'] === $ct); +- var_dump($test['tag'] === $tag); ++foreach ($methods as $method) { ++ $tests = openssl_get_cipher_tests($method); ++ foreach ($tests as $idx => $test) { ++ echo "$method - TEST $idx\n"; ++ $ct = openssl_encrypt($test['pt'], $method, $test['key'], OPENSSL_RAW_DATA, ++ $test['iv'], $tag, $test['aad'], strlen($test['tag'])); ++ var_dump($test['ct'] === $ct); ++ var_dump($test['tag'] === $tag); ++ } + } + + // Empty IV error +@@ -32,7 +34,13 @@ var_dump(strlen($tag)); + var_dump(openssl_encrypt('data', $method, 'password', 0, str_repeat('x', 16), $tag, '', 1024)); + ?> + --EXPECTF-- +-TEST 0 ++aes-128-ccm - TEST 0 ++bool(true) ++bool(true) ++aes-128-ccm - TEST 1 ++bool(true) ++bool(true) ++aes-256-ccm - TEST 0 + bool(true) + bool(true) + +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php/CVE-2020-7070.patch b/meta-openembedded/meta-oe/recipes-devtools/php/php/CVE-2020-7070.patch new file mode 100644 index 0000000000..e5b527f989 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/php/php/CVE-2020-7070.patch @@ -0,0 +1,24 @@ +Subject: Patch fix-urldecode for HTTP related Bug #79699 + +--- + main/php_variables.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/main/php_variables.c b/main/php_variables.c +index 1a40c2a1..cbdc7cf1 100644 +--- a/main/php_variables.c ++++ b/main/php_variables.c +@@ -514,7 +514,9 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data) + } + + val = estrndup(val, val_len); +- php_url_decode(var, strlen(var)); ++ if (arg != PARSE_COOKIE) { ++ php_url_decode(var, strlen(var)); ++ } + if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) { + php_register_variable_safe(var, val, new_val_len, &array); + } +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php/debian-php-fixheader.patch b/meta-openembedded/meta-oe/recipes-devtools/php/php/debian-php-fixheader.patch index 21050f7605..a4804d1849 100755..100644 --- a/meta-openembedded/meta-oe/recipes-devtools/php/php/debian-php-fixheader.patch +++ b/meta-openembedded/meta-oe/recipes-devtools/php/php/debian-php-fixheader.patch @@ -1,31 +1,32 @@ -php: remove host specific info from header file +From 1234a8ef7c5ab88e24bc5908f0ccfd55af21aa39 Mon Sep 17 00:00:00 2001 +From: Leon Anavi <leon.anavi@konsulko.com> +Date: Mon, 31 Aug 2020 16:03:27 +0300 +Subject: [PATCH] php: remove host specific info from header file +Based on: https://sources.debian.org/data/main/p/php7.3/7.3.6-1/debian/patches/ 0036-php-5.4.9-fixheader.patch Upstream-Status: Inappropriate [not author] Signed-off-by: Joe Slater <joe.slater@windriver.com> - ---- -From: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org> -Date: Sat, 2 May 2015 10:26:56 +0200 -Subject: php-5.4.9-fixheader - -Make generated php_config.h constant across rebuilds. +Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 433d7e6..41893d7 100644 +index 2a474ba36d..6d22a21630 100644 --- a/configure.ac +++ b/configure.ac -@@ -1357,7 +1357,7 @@ PHP_BUILD_DATE=`date -u +%Y-%m-%d` +@@ -1323,7 +1323,7 @@ PHP_BUILD_DATE=`date -u +%Y-%m-%d` fi AC_DEFINE_UNQUOTED(PHP_BUILD_DATE,"$PHP_BUILD_DATE",[PHP build date]) --PHP_UNAME=`uname -a | xargs` -+PHP_UNAME=`uname | xargs` +-UNAME=`uname -a | xargs` ++UNAME=`uname | xargs` + PHP_UNAME=${PHP_UNAME:-$UNAME} AC_DEFINE_UNQUOTED(PHP_UNAME,"$PHP_UNAME",[uname -a output]) PHP_OS=`uname | xargs` - AC_DEFINE_UNQUOTED(PHP_OS,"$PHP_OS",[uname output]) +-- +2.17.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/php/php_7.4.4.bb b/meta-openembedded/meta-oe/recipes-devtools/php/php_7.4.9.bb index 1d93902e72..16fc311b0e 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/php/php_7.4.4.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/php/php_7.4.9.bb @@ -30,10 +30,13 @@ SRC_URI_append_class-target = " \ file://phar-makefile.patch \ file://0001-opcache-config.m4-enable-opcache.patch \ file://xfail_two_bug_tests.patch \ + file://CVE-2020-7070.patch \ + file://CVE-2020-7069.patch \ " + S = "${WORKDIR}/php-${PV}" -SRC_URI[md5sum] = "262c258a3b8b5699fcca89a64e58758c" -SRC_URI[sha256sum] = "308e8f4182ec8a2767b0b1b8e1e7c69fb149b37cfb98ee4a37475e082fa9829f" +SRC_URI[md5sum] = "e68a66c54b080d108831f6dc2e1e403d" +SRC_URI[sha256sum] = "2e270958a4216480da7886743438ccc92b6acf32ea96fefda88d07e0a5095deb" inherit autotools pkgconfig python3native gettext @@ -153,7 +156,6 @@ do_install_prepend_class-target() { # fixme do_install_append_class-target() { install -d ${D}${sysconfdir}/ - rm -rf ${D}/${TMPDIR} rm -rf ${D}/.registry rm -rf ${D}/.channels rm -rf ${D}/.[a-z]* @@ -177,14 +179,6 @@ do_install_append_class-target() { ${D}${systemd_unitdir}/system/php-fpm.service fi - TMP=`dirname ${D}/${TMPDIR}` - while test ${TMP} != ${D}; do - if [ -d ${TMP} ]; then - rmdir ${TMP} - fi - TMP=`dirname ${TMP}`; - done - if ${@bb.utils.contains('PACKAGECONFIG', 'apache2', 'true', 'false', d)}; then install -d ${D}${sysconfdir}/apache2/modules.d install -d ${D}${sysconfdir}/php/apache2-php${PHP_MAJOR_VERSION} diff --git a/meta-openembedded/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/275.patch b/meta-openembedded/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/275.patch new file mode 100644 index 0000000000..75065eb054 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/275.patch @@ -0,0 +1,38 @@ +Upstream-status: Backport +CVE: CVE-2020-29394 +From 7f5cd5404a03fa330e192084f6bdafb2dc9bdcb7 Mon Sep 17 00:00:00 2001 +From: GwanYeong Kim <gy741.kim@gmail.com> +Date: Sat, 28 Nov 2020 12:24:46 +0900 +Subject: [PATCH] dlt_common: Fix buffer overflow in dlt_filter_load + +A buffer overflow in the dlt_filter_load function in dlt_common.c in dlt-daemon allows arbitrary code execution via an unsafe usage of fscanf, because it does not limit the number of characters to be read in a format argument. + +Fixed: #274 + +Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> +--- + src/shared/dlt_common.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/shared/dlt_common.c b/src/shared/dlt_common.c +index 254f4ce4..d15b1cec 100644 +--- a/src/shared/dlt_common.c ++++ b/src/shared/dlt_common.c +@@ -404,7 +404,7 @@ DltReturnValue dlt_filter_load(DltFilter *filter, const char *filename, int verb + while (!feof(handle)) { + str1[0] = 0; + +- if (fscanf(handle, "%s", str1) != 1) ++ if (fscanf(handle, "%254s", str1) != 1) + break; + + if (str1[0] == 0) +@@ -419,7 +419,7 @@ DltReturnValue dlt_filter_load(DltFilter *filter, const char *filename, int verb + + str1[0] = 0; + +- if (fscanf(handle, "%s", str1) != 1) ++ if (fscanf(handle, "%254s", str1) != 1) + break; + + if (str1[0] == 0) diff --git a/meta-openembedded/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.4.bb b/meta-openembedded/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.4.bb index 35c638bc78..45724e98ac 100644 --- a/meta-openembedded/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.4.bb +++ b/meta-openembedded/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.4.bb @@ -18,6 +18,7 @@ SRC_URI = "git://github.com/GENIVI/${BPN}.git;protocol=https \ file://0002-Don-t-execute-processes-as-a-specific-user.patch \ file://0004-Modify-systemd-config-directory.patch \ file://204.patch \ + file://275.patch \ " SRCREV = "14ea971be7e808b9c5099c7f404ed3cf341873c4" diff --git a/meta-openembedded/meta-oe/recipes-graphics/libsdl/libsdl2-mixer_2.0.4.bb b/meta-openembedded/meta-oe/recipes-graphics/libsdl/libsdl2-mixer_2.0.4.bb index aa246f9995..8f1960d8ad 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/libsdl/libsdl2-mixer_2.0.4.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/libsdl/libsdl2-mixer_2.0.4.bb @@ -14,7 +14,7 @@ S = "${WORKDIR}/SDL2_mixer-${PV}" inherit autotools-brokensep pkgconfig EXTRA_AUTORECONF += "--include=acinclude" -EXTRA_OECONF = "--disable-music-mp3 --enable-music-ogg --enable-music-ogg-tremor LIBS=-L${STAGING_LIBDIR}" +EXTRA_OECONF = "--disable-music-mp3 --enable-music-ogg --disable-music-ogg-shared LIBS=-L${STAGING_LIBDIR}" PACKAGECONFIG[mad] = "--enable-music-mp3-mad-gpl,--disable-music-mp3-mad-gpl,libmad" diff --git a/meta-openembedded/meta-oe/recipes-navigation/geoclue/geoclue_2.5.3.bb b/meta-openembedded/meta-oe/recipes-navigation/geoclue/geoclue_2.5.3.bb index b46445a2ba..e57e7a7209 100644 --- a/meta-openembedded/meta-oe/recipes-navigation/geoclue/geoclue_2.5.3.bb +++ b/meta-openembedded/meta-oe/recipes-navigation/geoclue/geoclue_2.5.3.bb @@ -31,7 +31,7 @@ PACKAGECONFIG ??= "3g modem-gps cdma nmea lib" PACKAGECONFIG[3g] = "-D3g-source=true,-D3g-source=false,modemmanager" PACKAGECONFIG[modem-gps] = "-Dmodem-gps-source=true,-Dmodem-gps-source=false,modemmanager" PACKAGECONFIG[cdma] = "-Dcdma-source=true,-Dcdma-source=false,modemmanager" -PACKAGECONFIG[nmea] = "-Dnmea-source=true,-Dnmea-source=false,avahi" +PACKAGECONFIG[nmea] = "-Dnmea-source=true,-Dnmea-source=false,avahi,avahi-daemon" PACKAGECONFIG[lib] = "-Dlibgeoclue=true,-Dlibgeoclue=false,gobject-introspection" GTKDOC_MESON_OPTION = "gtk-doc" diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss/CVE-2020-12401.patch b/meta-openembedded/meta-oe/recipes-support/nss/nss/CVE-2020-12401.patch new file mode 100644 index 0000000000..e67926fe50 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/nss/nss/CVE-2020-12401.patch @@ -0,0 +1,52 @@ +# HG changeset patch +# User Billy Brumley <bbrumley@gmail.com> +# Date 1595283525 0 +# Node ID aeb2e583ee957a699d949009c7ba37af76515c20 +# Parent ca207655b4b7cb1d3a5e438c1fb9b90d45596da6 +Bug 1631573: Remove unnecessary scalar padding in ec.c r=kjacobs,bbeurdouche + +Subsequent calls to ECPoints_mul and ECPoint_mul remove this padding. + +Timing attack countermeasures are now applied more generally deeper in +the call stack. + +Differential Revision: https://phabricator.services.mozilla.com/D82011 + + +Upstream-Status: Backport + +CVE: CVE-2020-1240 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +Index: nss-3.51.1/nss/lib/freebl/ec.c +=================================================================== +--- nss-3.51.1.orig/nss/lib/freebl/ec.c ++++ nss-3.51.1/nss/lib/freebl/ec.c +@@ -724,27 +724,6 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *k + } + + /* +- ** We do not want timing information to leak the length of k, +- ** so we compute k*G using an equivalent scalar of fixed +- ** bit-length. +- ** Fix based on patch for ECDSA timing attack in the paper +- ** by Billy Bob Brumley and Nicola Tuveri at +- ** http://eprint.iacr.org/2011/232 +- ** +- ** How do we convert k to a value of a fixed bit-length? +- ** k starts off as an integer satisfying 0 <= k < n. Hence, +- ** n <= k+n < 2n, which means k+n has either the same number +- ** of bits as n or one more bit than n. If k+n has the same +- ** number of bits as n, the second addition ensures that the +- ** final value has exactly one more bit than n. Thus, we +- ** always end up with a value that exactly one more bit than n. +- */ +- CHECK_MPI_OK(mp_add(&k, &n, &k)); +- if (mpl_significant_bits(&k) <= mpl_significant_bits(&n)) { +- CHECK_MPI_OK(mp_add(&k, &n, &k)); +- } +- +- /* + ** ANSI X9.62, Section 5.3.2, Step 2 + ** + ** Compute kG diff --git a/meta-openembedded/meta-oe/recipes-support/nss/nss_3.51.1.bb b/meta-openembedded/meta-oe/recipes-support/nss/nss_3.51.1.bb index c00bd34cb2..3e3c3a3fdf 100644 --- a/meta-openembedded/meta-oe/recipes-support/nss/nss_3.51.1.bb +++ b/meta-openembedded/meta-oe/recipes-support/nss/nss_3.51.1.bb @@ -35,6 +35,7 @@ SRC_URI = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO file://riscv.patch \ file://0001-Enable-uint128-on-mips64.patch \ file://0001-Bug-1631576-Force-a-fixed-length-for-DSA-exponentiat.patch \ + file://CVE-2020-12401.patch \ " SRC_URI[md5sum] = "6acaf1ddff69306ae30a908881c6f233" diff --git a/meta-openembedded/meta-oe/recipes-support/pcsc-lite/pcsc-lite_1.8.26.bb b/meta-openembedded/meta-oe/recipes-support/pcsc-lite/pcsc-lite_1.8.26.bb index 91d77ac938..04989fb740 100644 --- a/meta-openembedded/meta-oe/recipes-support/pcsc-lite/pcsc-lite_1.8.26.bb +++ b/meta-openembedded/meta-oe/recipes-support/pcsc-lite/pcsc-lite_1.8.26.bb @@ -36,6 +36,7 @@ PACKAGES = "${PN} ${PN}-dbg ${PN}-dev ${PN}-lib ${PN}-doc ${PN}-spy ${PN}-spy-de RRECOMMENDS_${PN} = "ccid" RRECOMMENDS_${PN}_class-native = "" +RPROVIDES_${PN}_class-native += "pcsc-lite-lib-native" FILES_${PN} = "${sbindir}/pcscd" FILES_${PN}-lib = "${libdir}/libpcsclite*${SOLIBS}" diff --git a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.43.bb b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.46.bb index a7083d80e9..197cb83e64 100644 --- a/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.43.bb +++ b/meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2_2.4.46.bb @@ -26,8 +26,8 @@ SRC_URI_append_class-target = " \ " LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3" -SRC_URI[md5sum] = "791c986b1e70fe61eb44060aacc89a64" -SRC_URI[sha256sum] = "a497652ab3fc81318cdc2a203090a999150d86461acff97c1065dc910fe10f43" +SRC_URI[md5sum] = "7d661ea5e736dac5e2761d9f49fe8361" +SRC_URI[sha256sum] = "740eddf6e1c641992b22359cabc66e6325868c3c5e2e3f98faf349b61ecf41ea" S = "${WORKDIR}/httpd-${PV}" |