diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-06-14 19:52:03 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-08-28 03:22:11 +0300 |
commit | d5ae7d902a40f26a8c26f4c6d300226689738716 (patch) | |
tree | 85c711404990dd5e37447cd7492c3017815790b7 /poky/meta/recipes-extended | |
parent | 0639c5b2c542e0ed9465cc9d8e5100ac0063038f (diff) | |
download | openbmc-d5ae7d902a40f26a8c26f4c6d300226689738716.tar.xz |
Sumo refresh
Update external subtrees to latest Yocto sumo.
Change-Id: I8364f32bef079841c6e57f1c587f4b1bedf62fef
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-extended')
-rw-r--r-- | poky/meta/recipes-extended/at/at_3.1.20.bb | 6 | ||||
-rw-r--r-- | poky/meta/recipes-extended/bash/bash.inc | 2 | ||||
-rw-r--r-- | poky/meta/recipes-extended/cpio/cpio-2.12/0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch | 346 | ||||
-rw-r--r-- | poky/meta/recipes-extended/cpio/cpio_2.12.bb | 39 | ||||
-rw-r--r-- | poky/meta/recipes-extended/cpio/cpio_v2.inc | 43 | ||||
-rw-r--r-- | poky/meta/recipes-extended/gawk/gawk_4.2.1.bb (renamed from poky/meta/recipes-extended/gawk/gawk_4.2.0.bb) | 6 | ||||
-rw-r--r-- | poky/meta/recipes-extended/ltp/ltp_20180118.bb | 2 | ||||
-rw-r--r-- | poky/meta/recipes-extended/minicom/minicom_2.7.1.bb | 2 | ||||
-rw-r--r-- | poky/meta/recipes-extended/shadow/files/CVE-2017-2616.patch | 64 | ||||
-rw-r--r-- | poky/meta/recipes-extended/shadow/files/pam.d/chpasswd | 2 | ||||
-rw-r--r-- | poky/meta/recipes-extended/shadow/files/pam.d/newusers | 2 | ||||
-rw-r--r-- | poky/meta/recipes-extended/shadow/shadow.inc | 8 | ||||
-rw-r--r-- | poky/meta/recipes-extended/sysklogd/sysklogd.inc | 2 | ||||
-rw-r--r-- | poky/meta/recipes-extended/xinetd/xinetd/xinetd.service | 5 |
14 files changed, 472 insertions, 57 deletions
diff --git a/poky/meta/recipes-extended/at/at_3.1.20.bb b/poky/meta/recipes-extended/at/at_3.1.20.bb index 8fe3b437e6..b76e83d1d4 100644 --- a/poky/meta/recipes-extended/at/at_3.1.20.bb +++ b/poky/meta/recipes-extended/at/at_3.1.20.bb @@ -8,6 +8,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4325afd396febcb659c36b49533135d4" DEPENDS = "flex flex-native bison-native \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" +PACKAGECONFIG ?= "\ + ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)} \ +" + +PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux," + RDEPENDS_${PN} = "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_DEPS}', '', d)} \ " diff --git a/poky/meta/recipes-extended/bash/bash.inc b/poky/meta/recipes-extended/bash/bash.inc index 9c2b065f9f..2e7f261a2e 100644 --- a/poky/meta/recipes-extended/bash/bash.inc +++ b/poky/meta/recipes-extended/bash/bash.inc @@ -7,7 +7,7 @@ DEPENDS = "ncurses bison-native virtual/libiconv" inherit autotools gettext texinfo update-alternatives ptest EXTRA_AUTORECONF += "--exclude=autoheader --exclude=aclocal" -EXTRA_OECONF = "--enable-job-control --without-bash-malloc" +EXTRA_OECONF = "--enable-job-control --without-bash-malloc bash_cv_wexitstatus_offset=8" # If NON_INTERACTIVE_LOGIN_SHELLS is defined, all login shells read the # startup files, even if they are not interactive. diff --git a/poky/meta/recipes-extended/cpio/cpio-2.12/0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch b/poky/meta/recipes-extended/cpio/cpio-2.12/0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch new file mode 100644 index 0000000000..0a3054483c --- /dev/null +++ b/poky/meta/recipes-extended/cpio/cpio-2.12/0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch @@ -0,0 +1,346 @@ +From ebf9a2d776474181936a720ce811d72bbd1da3b6 Mon Sep 17 00:00:00 2001 +From: Pavel Raiskup <praiskup@redhat.com> +Date: Tue, 26 Jan 2016 23:17:54 +0100 +Subject: [PATCH] CVE-2016-2037 - 1 byte out-of-bounds write + +Ensure that cpio_safer_name_suffix always works with dynamically +allocated buffer, and that it has size of at least 32 bytes. +Then, any call to cpio_safer_name_suffix is safe (it requires at +least 2 bytes in the buffer). + +Also ensure that c_namesize is always correctly initialized (by +cpio_set_c_name) to avoid undefined behavior when reading +file_hdr.c_namesize (previously happened for tar archives). + +References: +http://www.mail-archive.com/bug-cpio@gnu.org/msg00545.html + +* src/copyin.c (query_rename): Drop the hack, as we now work with +dynamically allocated buffer. Use cpio_set_c_name. +(create_defered_links_to_skipped): Use cpio_set_c_name rather than +manual assignment. +(read_name_from_file): New function to avoid C&P. +(read_in_old_ascii, read_in_new_ascii, read_in_binary): Use +read_name_from_file. +(process_copy_in): Initialize file_hdr.c_namesize. +* src/copyout.c (process_copy_out): Use cpio_set_c_name. +* src/cpiohdr.h (cpio_set_c_name): New prototype. +* src/tar.c (read_in_tar_header): Use cpio_set_c_name. +* src/util.c (cpio_set_c_name): New function to set +file_hdr->c_name and c_namesize from arbitrary string. +(cpio_safer_name_suffix): Some docs fixes. +* tests/inout.at: Also test copy-in, and try various formats. + +CVE: CVE-2016-2037 + +Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=d36ec5f4e93130efb24fb9678aafd88e8070095b] + +Signed-off-by: Andre McCurdy <armccurdy@gmail.com> +--- + src/copyin.c | 68 +++++++++++++++++++--------------------------------------- + src/copyout.c | 13 +++++------ + src/cpiohdr.h | 1 + + src/tar.c | 10 +++++---- + src/util.c | 32 ++++++++++++++++++++++++++- + tests/inout.at | 19 ++++++++++++++-- + 6 files changed, 82 insertions(+), 61 deletions(-) + +diff --git a/src/copyin.c b/src/copyin.c +index cde911e..972f8a6 100644 +--- a/src/copyin.c ++++ b/src/copyin.c +@@ -76,28 +76,7 @@ query_rename(struct cpio_file_stat* file_hdr, FILE *tty_in, FILE *tty_out, + return -1; + } + else +- /* Debian hack: file_hrd.c_name is sometimes set to +- point to static memory by code in tar.c. This +- causes a segfault. This has been fixed and an +- additional check to ensure that the file name +- is not too long has been added. (Reported by +- Horst Knobloch.) This bug has been reported to +- "bug-gnu-utils@prep.ai.mit.edu". (99/1/6) -BEM */ +- { +- if (archive_format != arf_tar && archive_format != arf_ustar) +- { +- free (file_hdr->c_name); +- file_hdr->c_name = xstrdup (new_name.ds_string); +- } +- else +- { +- if (is_tar_filename_too_long (new_name.ds_string)) +- error (0, 0, _("%s: file name too long"), +- new_name.ds_string); +- else +- strcpy (file_hdr->c_name, new_name.ds_string); +- } +- } ++ cpio_set_c_name (file_hdr, new_name.ds_string); + return 0; + } + +@@ -344,8 +323,7 @@ create_defered_links_to_skipped (struct cpio_file_stat *file_hdr, + d_prev->next = d->next; + else + deferments = d->next; +- free (file_hdr->c_name); +- file_hdr->c_name = xstrdup(d->header.c_name); ++ cpio_set_c_name (file_hdr, d->header.c_name); + free_deferment (d); + copyin_regular_file(file_hdr, in_file_des); + return 0; +@@ -1064,6 +1042,22 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des) + } + } + ++static void ++read_name_from_file (struct cpio_file_stat *file_hdr, int fd, uintmax_t len) ++{ ++ static char *tmp_filename; ++ static size_t buflen; ++ ++ if (buflen < len) ++ { ++ buflen = len; ++ tmp_filename = xrealloc (tmp_filename, buflen); ++ } ++ ++ tape_buffered_read (tmp_filename, fd, len); ++ cpio_set_c_name (file_hdr, tmp_filename); ++} ++ + /* Fill in FILE_HDR by reading an old-format ASCII format cpio header from + file descriptor IN_DES, except for the magic number, which is + already filled in. */ +@@ -1090,14 +1084,8 @@ read_in_old_ascii (struct cpio_file_stat *file_hdr, int in_des) + file_hdr->c_rdev_min = minor (dev); + + file_hdr->c_mtime = FROM_OCTAL (ascii_header.c_mtime); +- file_hdr->c_namesize = FROM_OCTAL (ascii_header.c_namesize); + file_hdr->c_filesize = FROM_OCTAL (ascii_header.c_filesize); +- +- /* Read file name from input. */ +- if (file_hdr->c_name != NULL) +- free (file_hdr->c_name); +- file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize + 1); +- tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize); ++ read_name_from_file (file_hdr, in_des, FROM_OCTAL (ascii_header.c_namesize)); + + /* HP/UX cpio creates archives that look just like ordinary archives, + but for devices it sets major = 0, minor = 1, and puts the +@@ -1152,14 +1140,8 @@ read_in_new_ascii (struct cpio_file_stat *file_hdr, int in_des) + file_hdr->c_dev_min = FROM_HEX (ascii_header.c_dev_min); + file_hdr->c_rdev_maj = FROM_HEX (ascii_header.c_rdev_maj); + file_hdr->c_rdev_min = FROM_HEX (ascii_header.c_rdev_min); +- file_hdr->c_namesize = FROM_HEX (ascii_header.c_namesize); + file_hdr->c_chksum = FROM_HEX (ascii_header.c_chksum); +- +- /* Read file name from input. */ +- if (file_hdr->c_name != NULL) +- free (file_hdr->c_name); +- file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize); +- tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize); ++ read_name_from_file (file_hdr, in_des, FROM_HEX (ascii_header.c_namesize)); + + /* In SVR4 ASCII format, the amount of space allocated for the header + is rounded up to the next long-word, so we might need to drop +@@ -1207,16 +1189,9 @@ read_in_binary (struct cpio_file_stat *file_hdr, + file_hdr->c_rdev_min = minor (short_hdr->c_rdev); + file_hdr->c_mtime = (unsigned long) short_hdr->c_mtimes[0] << 16 + | short_hdr->c_mtimes[1]; +- +- file_hdr->c_namesize = short_hdr->c_namesize; + file_hdr->c_filesize = (unsigned long) short_hdr->c_filesizes[0] << 16 + | short_hdr->c_filesizes[1]; +- +- /* Read file name from input. */ +- if (file_hdr->c_name != NULL) +- free (file_hdr->c_name); +- file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize); +- tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize); ++ read_name_from_file (file_hdr, in_des, short_hdr->c_namesize); + + /* In binary mode, the amount of space allocated in the header for + the filename is `c_namesize' rounded up to the next short-word, +@@ -1297,6 +1272,7 @@ process_copy_in () + read_pattern_file (); + } + file_hdr.c_name = NULL; ++ file_hdr.c_namesize = 0; + + if (rename_batch_file) + { +diff --git a/src/copyout.c b/src/copyout.c +index 1f0987a..bb39559 100644 +--- a/src/copyout.c ++++ b/src/copyout.c +@@ -660,8 +660,7 @@ process_copy_out () + cpio_safer_name_suffix (input_name.ds_string, false, + !no_abs_paths_flag, true); + #ifndef HPUX_CDF +- file_hdr.c_name = input_name.ds_string; +- file_hdr.c_namesize = strlen (input_name.ds_string) + 1; ++ cpio_set_c_name (&file_hdr, input_name.ds_string); + #else + if ( (archive_format != arf_tar) && (archive_format != arf_ustar) ) + { +@@ -670,16 +669,15 @@ process_copy_out () + properly recreate the directory as hidden (in case the + files of a directory go into the archive before the + directory itself (e.g from "find ... -depth ... | cpio")). */ +- file_hdr.c_name = add_cdf_double_slashes (input_name.ds_string); +- file_hdr.c_namesize = strlen (file_hdr.c_name) + 1; ++ cpio_set_c_name (&file_hdr, ++ add_cdf_double_slashes (input_name.ds_string)); + } + else + { + /* We don't mark CDF's in tar files. We assume the "hidden" + directory will always go into the archive before any of + its files. */ +- file_hdr.c_name = input_name.ds_string; +- file_hdr.c_namesize = strlen (input_name.ds_string) + 1; ++ cpio_set_c_name (&file_hdr, input_name.ds_string); + } + #endif + +@@ -866,8 +864,7 @@ process_copy_out () + file_hdr.c_chksum = 0; + + file_hdr.c_filesize = 0; +- file_hdr.c_namesize = 11; +- file_hdr.c_name = CPIO_TRAILER_NAME; ++ cpio_set_c_name (&file_hdr, CPIO_TRAILER_NAME); + if (archive_format != arf_tar && archive_format != arf_ustar) + write_out_header (&file_hdr, out_file_des); + else +diff --git a/src/cpiohdr.h b/src/cpiohdr.h +index b29e6fb..f4c63be 100644 +--- a/src/cpiohdr.h ++++ b/src/cpiohdr.h +@@ -129,5 +129,6 @@ struct cpio_file_stat /* Internal representation of a CPIO header */ + char *c_tar_linkname; + }; + ++void cpio_set_c_name(struct cpio_file_stat *file_hdr, char *name); + + #endif /* cpiohdr.h */ +diff --git a/src/tar.c b/src/tar.c +index a2ce171..e41f89d 100644 +--- a/src/tar.c ++++ b/src/tar.c +@@ -282,7 +282,7 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des) + if (null_block ((long *) &tar_rec, TARRECORDSIZE)) + #endif + { +- file_hdr->c_name = CPIO_TRAILER_NAME; ++ cpio_set_c_name (file_hdr, CPIO_TRAILER_NAME); + return; + } + #if 0 +@@ -316,9 +316,11 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des) + } + + if (archive_format != arf_ustar) +- file_hdr->c_name = stash_tar_filename (NULL, tar_hdr->name); ++ cpio_set_c_name (file_hdr, stash_tar_filename (NULL, tar_hdr->name)); + else +- file_hdr->c_name = stash_tar_filename (tar_hdr->prefix, tar_hdr->name); ++ cpio_set_c_name (file_hdr, stash_tar_filename (tar_hdr->prefix, ++ tar_hdr->name)); ++ + file_hdr->c_nlink = 1; + file_hdr->c_mode = FROM_OCTAL (tar_hdr->mode); + file_hdr->c_mode = file_hdr->c_mode & 07777; +@@ -398,7 +400,7 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des) + case AREGTYPE: + /* Old tar format; if the last char in filename is '/' then it is + a directory, otherwise it's a regular file. */ +- if (file_hdr->c_name[strlen (file_hdr->c_name) - 1] == '/') ++ if (file_hdr->c_name[file_hdr->c_namesize - 1] == '/') + file_hdr->c_mode |= CP_IFDIR; + else + file_hdr->c_mode |= CP_IFREG; +diff --git a/src/util.c b/src/util.c +index 6ff6032..4f3c073 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -1410,8 +1410,34 @@ set_file_times (int fd, + utime_error (name); + } + ++ ++void ++cpio_set_c_name (struct cpio_file_stat *file_hdr, char *name) ++{ ++ static size_t buflen = 0; ++ size_t len = strlen (name) + 1; ++ ++ if (buflen == 0) ++ { ++ buflen = len; ++ if (buflen < 32) ++ buflen = 32; ++ file_hdr->c_name = xmalloc (buflen); ++ } ++ else if (buflen < len) ++ { ++ buflen = len; ++ file_hdr->c_name = xrealloc (file_hdr->c_name, buflen); ++ } ++ ++ file_hdr->c_namesize = len; ++ memmove (file_hdr->c_name, name, len); ++} ++ + /* Do we have to ignore absolute paths, and if so, does the filename +- have an absolute path? */ ++ have an absolute path? Before calling this function make sure that the ++ allocated NAME buffer has capacity at least 2 bytes. */ ++ + void + cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names, + bool strip_leading_dots) +@@ -1426,6 +1452,10 @@ cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names, + ++p; + } + if (p != name) ++ /* The 'p' string is shortened version of 'name' with one exception; when ++ the 'name' points to an empty string (buffer where name[0] == '\0') the ++ 'p' then points to static string ".". So caller needs to ensure there ++ are at least two bytes available in 'name' buffer so memmove succeeds. */ + memmove (name, p, (size_t)(strlen (p) + 1)); + } + +diff --git a/tests/inout.at b/tests/inout.at +index 60c3716..730cbd2 100644 +--- a/tests/inout.at ++++ b/tests/inout.at +@@ -35,7 +35,22 @@ while read NAME LENGTH + do + genfile --length $LENGTH > $NAME + echo $NAME +-done < filelist | +- cpio --quiet -o > archive]) ++done < filelist > filelist_raw ++ ++for format in bin odc newc crc tar ustar hpbin hpodc ++do ++ cpio --format=$format --quiet -o < filelist_raw > archive.$format ++ rm -rf output ++ mkdir output && cd output ++ cpio -i --quiet < ../archive.$format ++ ++ while read file ++ do ++ test -f $file || echo "$file not found" ++ done < ../filelist_raw ++ ++ cd .. ++done ++]) + + AT_CLEANUP +-- +1.9.1 + diff --git a/poky/meta/recipes-extended/cpio/cpio_2.12.bb b/poky/meta/recipes-extended/cpio/cpio_2.12.bb index 405a90e03a..69d36983e3 100644 --- a/poky/meta/recipes-extended/cpio/cpio_2.12.bb +++ b/poky/meta/recipes-extended/cpio/cpio_2.12.bb @@ -1,12 +1,47 @@ -require cpio_v2.inc - +SUMMARY = "GNU cpio is a program to manage archives of files" +DESCRIPTION = "GNU cpio is a tool for creating and extracting archives, or copying files from one place to \ +another. It handles a number of cpio formats as well as reading and writing tar files." +HOMEPAGE = "http://www.gnu.org/software/cpio/" +SECTION = "base" LICENSE = "GPLv3" LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949" SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \ file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ file://0001-Fix-CVE-2015-1197.patch \ + file://0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch \ " SRC_URI[md5sum] = "fc207561a86b63862eea4b8300313e86" SRC_URI[sha256sum] = "08a35e92deb3c85d269a0059a27d4140a9667a6369459299d08c17f713a92e73" + +inherit autotools gettext texinfo + +EXTRA_OECONF += "DEFAULT_RMT_DIR=${base_sbindir}" + +do_install () { + autotools_do_install + if [ "${base_bindir}" != "${bindir}" ]; then + install -d ${D}${base_bindir}/ + mv "${D}${bindir}/cpio" "${D}${base_bindir}/cpio" + rmdir ${D}${bindir}/ + fi +} + +PACKAGES =+ "${PN}-rmt" + +FILES_${PN}-rmt = "${base_sbindir}/rmt*" + +inherit update-alternatives + +ALTERNATIVE_PRIORITY = "100" + +ALTERNATIVE_${PN} = "cpio" +ALTERNATIVE_${PN}-rmt = "rmt" + +ALTERNATIVE_LINK_NAME[cpio] = "${base_bindir}/cpio" + +ALTERNATIVE_PRIORITY[rmt] = "50" +ALTERNATIVE_LINK_NAME[rmt] = "${base_sbindir}/rmt" + +BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-extended/cpio/cpio_v2.inc b/poky/meta/recipes-extended/cpio/cpio_v2.inc deleted file mode 100644 index 31adb717d4..0000000000 --- a/poky/meta/recipes-extended/cpio/cpio_v2.inc +++ /dev/null @@ -1,43 +0,0 @@ -SUMMARY = "GNU cpio is a program to manage archives of files" -DESCRIPTION = "GNU cpio is a tool for creating and extracting archives, or copying files from one place to \ -another. It handles a number of cpio formats as well as reading and writing tar files." -HOMEPAGE = "http://www.gnu.org/software/cpio/" -SECTION = "base" - -DEPENDS = "texinfo-native" - -SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \ - " - -inherit autotools gettext texinfo - -S = "${WORKDIR}/cpio-${PV}" - -EXTRA_OECONF += "DEFAULT_RMT_DIR=${base_sbindir}" - -do_install () { - autotools_do_install - if [ "${base_bindir}" != "${bindir}" ]; then - install -d ${D}${base_bindir}/ - mv "${D}${bindir}/cpio" "${D}${base_bindir}/cpio" - rmdir ${D}${bindir}/ - fi -} - -PACKAGES =+ "${PN}-rmt" - -FILES_${PN}-rmt = "${base_sbindir}/rmt*" - -inherit update-alternatives - -ALTERNATIVE_PRIORITY = "100" - -ALTERNATIVE_${PN} = "cpio" -ALTERNATIVE_${PN}-rmt = "rmt" - -ALTERNATIVE_LINK_NAME[cpio] = "${base_bindir}/cpio" - -ALTERNATIVE_PRIORITY[rmt] = "50" -ALTERNATIVE_LINK_NAME[rmt] = "${base_sbindir}/rmt" - -BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-extended/gawk/gawk_4.2.0.bb b/poky/meta/recipes-extended/gawk/gawk_4.2.1.bb index 27f79a2bed..9663752394 100644 --- a/poky/meta/recipes-extended/gawk/gawk_4.2.0.bb +++ b/poky/meta/recipes-extended/gawk/gawk_4.2.1.bb @@ -19,8 +19,8 @@ SRC_URI = "${GNU_MIRROR}/gawk/gawk-${PV}.tar.gz \ file://run-ptest \ " -SRC_URI[md5sum] = "0b598c31bc703d66082bd958d4189980" -SRC_URI[sha256sum] = "c88046c6e8396ee548bcb941e16def809b7b55b60a1044b5dd254094f347c7d9" +SRC_URI[md5sum] = "0256724a0af50cb83ac92f833488673d" +SRC_URI[sha256sum] = "2b23d51503b2df9a41aa6fddc6002ad7ebf2a386ac19dc1b6be0dd48b0acf6db" inherit autotools gettext texinfo update-alternatives @@ -43,6 +43,8 @@ do_install_ptest() { for i in `grep -vE "@|^$|#|Gt-dummy" ${S}/test/Maketests |awk -F: '{print $1}'` Maketests inclib.awk; \ do cp ${S}/test/$i* ${D}${PTEST_PATH}/test; \ done + sed -i -e 's|/usr/local/bin|${bindir}|g' \ + -e 's|#!${base_bindir}/awk|#!${bindir}/awk|g' ${D}${PTEST_PATH}/test/*.awk } BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-extended/ltp/ltp_20180118.bb b/poky/meta/recipes-extended/ltp/ltp_20180118.bb index 14fb41b3bd..8754fcd9f8 100644 --- a/poky/meta/recipes-extended/ltp/ltp_20180118.bb +++ b/poky/meta/recipes-extended/ltp/ltp_20180118.bb @@ -58,7 +58,7 @@ export exec_prefix = "/opt/ltp" PACKAGECONFIG[numa] = "--with-numa, --without-numa, numactl," EXTRA_AUTORECONF += "-I ${S}/testcases/realtime/m4" -EXTRA_OECONF = " --with-power-management-testsuite --with-realtime-testsuite " +EXTRA_OECONF = " --with-power-management-testsuite --with-realtime-testsuite --with-open-posix-testsuite " # ltp network/rpc test cases ftbfs when libtirpc is found EXTRA_OECONF += " --without-tirpc " diff --git a/poky/meta/recipes-extended/minicom/minicom_2.7.1.bb b/poky/meta/recipes-extended/minicom/minicom_2.7.1.bb index e6afe2b655..be0b48dfdf 100644 --- a/poky/meta/recipes-extended/minicom/minicom_2.7.1.bb +++ b/poky/meta/recipes-extended/minicom/minicom_2.7.1.bb @@ -7,7 +7,7 @@ LICENSE = "GPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=420477abc567404debca0a2a1cb6b645 \ file://src/minicom.h;beginline=1;endline=12;md5=a58838cb709f0db517f4e42730c49e81" -SRC_URI = "https://alioth.debian.org/frs/download.php/latestfile/3/${BP}.tar.gz \ +SRC_URI = "${DEBIAN_MIRROR}/main/m/${BPN}/${BPN}_${PV}.orig.tar.gz \ file://allow.to.disable.lockdev.patch \ file://0001-fix-minicom-h-v-return-value-is-not-0.patch \ file://0001-Fix-build-issus-surfaced-due-to-musl.patch \ diff --git a/poky/meta/recipes-extended/shadow/files/CVE-2017-2616.patch b/poky/meta/recipes-extended/shadow/files/CVE-2017-2616.patch new file mode 100644 index 0000000000..ee728f0952 --- /dev/null +++ b/poky/meta/recipes-extended/shadow/files/CVE-2017-2616.patch @@ -0,0 +1,64 @@ +shadow-4.2.1: Fix CVE-2017-2616 + +[No upstream tracking] -- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855943 + +su: properly clear child PID + +If su is compiled with PAM support, it is possible for any local user +to send SIGKILL to other processes with root privileges. There are +only two conditions. First, the user must be able to perform su with +a successful login. This does NOT have to be the root user, even using +su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL +can only be sent to processes which were executed after the su process. +It is not possible to send SIGKILL to processes which were already +running. I consider this as a security vulnerability, because I was +able to write a proof of concept which unlocked a screen saver of +another user this way. + +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686] +CVE: CVE-2017-2616 +bug: 855943 +Signed-off-by: Andrej Valek <andrej.valek@siemens.com> + +diff --git a/src/su.c b/src/su.c +index 3704217..1efcd61 100644 +--- a/src/su.c ++++ b/src/su.c +@@ -363,20 +363,35 @@ static void prepare_pam_close_session (void) + /* wake child when resumed */ + kill (pid, SIGCONT); + stop = false; ++ } else { ++ pid_child = 0; + } + } while (!stop); + } + +- if (0 != caught) { ++ if (0 != caught && 0 != pid_child) { + (void) fputs ("\n", stderr); + (void) fputs (_("Session terminated, terminating shell..."), + stderr); + (void) kill (-pid_child, caught); + + (void) signal (SIGALRM, kill_child); ++ (void) signal (SIGCHLD, catch_signals); + (void) alarm (2); + +- (void) wait (&status); ++ sigemptyset (&ourset); ++ if ((sigaddset (&ourset, SIGALRM) != 0) ++ || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) { ++ fprintf (stderr, _("%s: signal masking malfunction\n"), Prog); ++ kill_child (0); ++ } else { ++ while (0 == waitpid (pid_child, &status, WNOHANG)) { ++ sigsuspend (&ourset); ++ } ++ pid_child = 0; ++ (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL); ++ } ++ + (void) fputs (_(" ...terminated.\n"), stderr); + } + diff --git a/poky/meta/recipes-extended/shadow/files/pam.d/chpasswd b/poky/meta/recipes-extended/shadow/files/pam.d/chpasswd index 9e3efa68ba..b769d92ba4 100644 --- a/poky/meta/recipes-extended/shadow/files/pam.d/chpasswd +++ b/poky/meta/recipes-extended/shadow/files/pam.d/chpasswd @@ -1,4 +1,6 @@ # The PAM configuration file for the Shadow 'chpasswd' service # +auth sufficient pam_rootok.so +account required pam_permit.so password include common-password diff --git a/poky/meta/recipes-extended/shadow/files/pam.d/newusers b/poky/meta/recipes-extended/shadow/files/pam.d/newusers index 4aa3dde48b..4c59dfa478 100644 --- a/poky/meta/recipes-extended/shadow/files/pam.d/newusers +++ b/poky/meta/recipes-extended/shadow/files/pam.d/newusers @@ -1,4 +1,6 @@ # The PAM configuration file for the Shadow 'newusers' service # +auth sufficient pam_rootok.so +account required pam_permit.so password include common-password diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc index 673207fc9b..6efe4a9119 100644 --- a/poky/meta/recipes-extended/shadow/shadow.inc +++ b/poky/meta/recipes-extended/shadow/shadow.inc @@ -8,7 +8,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \ DEPENDS = "virtual/crypt" -SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \ +UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases" + +SRC_URI = "https://downloads.yoctoproject.org/mirror/sources/${BP}.tar.xz \ file://shadow-4.1.3-dots-in-usernames.patch \ file://usermod-fix-compilation-failure-with-subids-disabled.patch \ file://fix-installation-failure-with-subids-disabled.patch \ @@ -16,6 +18,7 @@ SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \ file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \ file://0001-useradd-copy-extended-attributes-of-home.patch \ file://0001-shadow-CVE-2017-12424 \ + file://CVE-2017-2616.patch \ ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ " @@ -127,7 +130,8 @@ do_install_append() { # Ensure that the image has as a /var/spool/mail dir so shadow can # put mailboxes there if the user reconfigures shadow to its # defaults (see sed below). - install -d ${D}${localstatedir}/spool/mail + install -m 0775 -d ${D}${localstatedir}/spool/mail + chown root:mail ${D}${localstatedir}/spool/mail if [ -e ${WORKDIR}/pam.d ]; then install -d ${D}${sysconfdir}/pam.d/ diff --git a/poky/meta/recipes-extended/sysklogd/sysklogd.inc b/poky/meta/recipes-extended/sysklogd/sysklogd.inc index 1a537fabf4..fc4e67c18e 100644 --- a/poky/meta/recipes-extended/sysklogd/sysklogd.inc +++ b/poky/meta/recipes-extended/sysklogd/sysklogd.inc @@ -33,7 +33,7 @@ SYSTEMD_AUTO_ENABLE = "enable" INITSCRIPT_NAME = "syslog" CONFFILES_${PN} = "${sysconfdir}/syslog.conf" -RCONFLICTS_${PN}-syslog = "rsyslog busybox-syslog syslog-ng" +RCONFLICTS_${PN} = "rsyslog busybox-syslog syslog-ng" CFLAGS += "-DSYSV -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE" diff --git a/poky/meta/recipes-extended/xinetd/xinetd/xinetd.service b/poky/meta/recipes-extended/xinetd/xinetd/xinetd.service index d5fdc5bc29..6da92f2bf5 100644 --- a/poky/meta/recipes-extended/xinetd/xinetd/xinetd.service +++ b/poky/meta/recipes-extended/xinetd/xinetd/xinetd.service @@ -3,11 +3,8 @@ Description=Xinetd A Powerful Replacement For Inetd After=syslog.target network.target [Service] -Type=forking -PIDFile=/var/run/xinetd.pid EnvironmentFile=-/etc/sysconfig/xinetd -ExecStart=@SBINDIR@/xinetd -stayalive -pidfile /var/run/xinetd.pid "$EXTRAOPTIONS" -ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID +ExecStart=@SBINDIR@/xinetd -dontfork "$EXTRAOPTIONS" [Install] WantedBy=multi-user.target |