diff options
Diffstat (limited to 'poky/meta/recipes-connectivity')
| -rw-r--r-- | poky/meta/recipes-connectivity/avahi/avahi_0.8.bb | 3 | ||||
| -rw-r--r-- | poky/meta/recipes-connectivity/bind/bind-9.18.13/0001-avoid-start-failure-with-bind-user.patch (renamed from poky/meta/recipes-connectivity/bind/bind-9.18.12/0001-avoid-start-failure-with-bind-user.patch) | 0 | ||||
| -rw-r--r-- | poky/meta/recipes-connectivity/bind/bind-9.18.13/0001-named-lwresd-V-and-start-log-hide-build-options.patch (renamed from poky/meta/recipes-connectivity/bind/bind-9.18.12/0001-named-lwresd-V-and-start-log-hide-build-options.patch) | 0 | ||||
| -rw-r--r-- | poky/meta/recipes-connectivity/bind/bind-9.18.13/bind-ensure-searching-for-json-headers-searches-sysr.patch (renamed from poky/meta/recipes-connectivity/bind/bind-9.18.12/bind-ensure-searching-for-json-headers-searches-sysr.patch) | 0 | ||||
| -rw-r--r-- | poky/meta/recipes-connectivity/bind/bind-9.18.13/bind9 (renamed from poky/meta/recipes-connectivity/bind/bind-9.18.12/bind9) | 0 | ||||
| -rw-r--r-- | poky/meta/recipes-connectivity/bind/bind-9.18.13/conf.patch (renamed from poky/meta/recipes-connectivity/bind/bind-9.18.12/conf.patch) | 0 | ||||
| -rw-r--r-- | poky/meta/recipes-connectivity/bind/bind-9.18.13/generate-rndc-key.sh (renamed from poky/meta/recipes-connectivity/bind/bind-9.18.12/generate-rndc-key.sh) | 0 | ||||
| -rw-r--r-- | poky/meta/recipes-connectivity/bind/bind-9.18.13/init.d-add-support-for-read-only-rootfs.patch (renamed from poky/meta/recipes-connectivity/bind/bind-9.18.12/init.d-add-support-for-read-only-rootfs.patch) | 0 | ||||
| -rw-r--r-- | poky/meta/recipes-connectivity/bind/bind-9.18.13/make-etc-initd-bind-stop-work.patch (renamed from poky/meta/recipes-connectivity/bind/bind-9.18.12/make-etc-initd-bind-stop-work.patch) | 0 | ||||
| -rw-r--r-- | poky/meta/recipes-connectivity/bind/bind-9.18.13/named.service (renamed from poky/meta/recipes-connectivity/bind/bind-9.18.12/named.service) | 0 | ||||
| -rw-r--r-- | poky/meta/recipes-connectivity/bind/bind_9.18.13.bb (renamed from poky/meta/recipes-connectivity/bind/bind_9.18.12.bb) | 2 | ||||
| -rw-r--r-- | poky/meta/recipes-connectivity/connman/connman/0001-gdhcp-Verify-and-sanitize-packet-length-first.patch | 63 | ||||
| -rw-r--r-- | poky/meta/recipes-connectivity/connman/connman_1.41.bb | 1 | ||||
| -rw-r--r-- | poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb | 7 | ||||
| -rw-r--r-- | poky/meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb (renamed from poky/meta/recipes-connectivity/libpcap/libpcap_1.10.3.bb) | 2 | ||||
| -rw-r--r-- | poky/meta/recipes-connectivity/neard/neard_0.18.bb | 4 |
16 files changed, 72 insertions, 10 deletions
diff --git a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb index bf6835e0d6..8649140a45 100644 --- a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -83,7 +83,6 @@ RRECOMMENDS:${PN}:append:libc-glibc = " libnss-mdns" do_install() { autotools_do_install rm -rf ${D}/run - rm -rf ${D}${datadir}/dbus-1/interfaces test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1 rm -rf ${D}${libdir}/avahi @@ -135,7 +134,7 @@ FILES:avahi-daemon = "${sbindir}/avahi-daemon \ ${sysconfdir}/avahi/services \ ${sysconfdir}/dbus-1 \ ${sysconfdir}/init.d/avahi-daemon \ - ${datadir}/avahi/introspection/*.introspect \ + ${datadir}/dbus-1/interfaces \ ${datadir}/avahi/avahi-service.dtd \ ${datadir}/avahi/service-types \ ${datadir}/dbus-1/system-services" diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.12/0001-avoid-start-failure-with-bind-user.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.13/0001-avoid-start-failure-with-bind-user.patch index ec1bc7b567..ec1bc7b567 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.12/0001-avoid-start-failure-with-bind-user.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.13/0001-avoid-start-failure-with-bind-user.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.12/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.13/0001-named-lwresd-V-and-start-log-hide-build-options.patch index 4c10f33f04..4c10f33f04 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.12/0001-named-lwresd-V-and-start-log-hide-build-options.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.13/0001-named-lwresd-V-and-start-log-hide-build-options.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.12/bind-ensure-searching-for-json-headers-searches-sysr.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.13/bind-ensure-searching-for-json-headers-searches-sysr.patch index f1abd179e8..f1abd179e8 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.12/bind-ensure-searching-for-json-headers-searches-sysr.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.13/bind-ensure-searching-for-json-headers-searches-sysr.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.12/bind9 b/poky/meta/recipes-connectivity/bind/bind-9.18.13/bind9 index 968679ff7f..968679ff7f 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.12/bind9 +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.13/bind9 diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.12/conf.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.13/conf.patch index aa3642acec..aa3642acec 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.12/conf.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.13/conf.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.12/generate-rndc-key.sh b/poky/meta/recipes-connectivity/bind/bind-9.18.13/generate-rndc-key.sh index 633e29c0e6..633e29c0e6 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.12/generate-rndc-key.sh +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.13/generate-rndc-key.sh diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.12/init.d-add-support-for-read-only-rootfs.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.13/init.d-add-support-for-read-only-rootfs.patch index 11db95ede1..11db95ede1 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.12/init.d-add-support-for-read-only-rootfs.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.13/init.d-add-support-for-read-only-rootfs.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.12/make-etc-initd-bind-stop-work.patch b/poky/meta/recipes-connectivity/bind/bind-9.18.13/make-etc-initd-bind-stop-work.patch index 146f3e35db..146f3e35db 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.12/make-etc-initd-bind-stop-work.patch +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.13/make-etc-initd-bind-stop-work.patch diff --git a/poky/meta/recipes-connectivity/bind/bind-9.18.12/named.service b/poky/meta/recipes-connectivity/bind/bind-9.18.13/named.service index cda56ef015..cda56ef015 100644 --- a/poky/meta/recipes-connectivity/bind/bind-9.18.12/named.service +++ b/poky/meta/recipes-connectivity/bind/bind-9.18.13/named.service diff --git a/poky/meta/recipes-connectivity/bind/bind_9.18.12.bb b/poky/meta/recipes-connectivity/bind/bind_9.18.13.bb index 68dad77cdc..8617137e87 100644 --- a/poky/meta/recipes-connectivity/bind/bind_9.18.12.bb +++ b/poky/meta/recipes-connectivity/bind/bind_9.18.13.bb @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "47766bb7b063aabbad054386b190aa7f6c14524427afd427c30ec426512027e7" +SRC_URI[sha256sum] = "3b06b6390c1012dd3956b1479c73b2097c0b22207817e2e8aae352fd20e578c7" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # follow the ESV versions divisible by 2 diff --git a/poky/meta/recipes-connectivity/connman/connman/0001-gdhcp-Verify-and-sanitize-packet-length-first.patch b/poky/meta/recipes-connectivity/connman/connman/0001-gdhcp-Verify-and-sanitize-packet-length-first.patch new file mode 100644 index 0000000000..8e2f47a1d5 --- /dev/null +++ b/poky/meta/recipes-connectivity/connman/connman/0001-gdhcp-Verify-and-sanitize-packet-length-first.patch @@ -0,0 +1,63 @@ +From 99e2c16ea1cced34a5dc450d76287a1c3e762138 Mon Sep 17 00:00:00 2001 +From: Daniel Wagner <wagi@monom.org> +Date: Tue, 11 Apr 2023 08:12:56 +0200 +Subject: [PATCH] gdhcp: Verify and sanitize packet length first + +Avoid overwriting the read packet length after the initial test. Thus +move all the length checks which depends on the total length first +and do not use the total lenght from the IP packet afterwards. + +Fixes CVE-2023-28488 + +Reported by Polina Smirnova <moe.hwr@gmail.com> + +CVE: CVE-2023-28488 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +--- + gdhcp/client.c | 16 +++++++++------- + 1 file changed, 9 insertions(+), 7 deletions(-) + +diff --git a/gdhcp/client.c b/gdhcp/client.c +index 7efa7e45..82017692 100644 +--- a/gdhcp/client.c ++++ b/gdhcp/client.c +@@ -1319,9 +1319,9 @@ static bool sanity_check(struct ip_udp_dhcp_packet *packet, int bytes) + static int dhcp_recv_l2_packet(struct dhcp_packet *dhcp_pkt, int fd, + struct sockaddr_in *dst_addr) + { +- int bytes; + struct ip_udp_dhcp_packet packet; + uint16_t check; ++ int bytes, tot_len; + + memset(&packet, 0, sizeof(packet)); + +@@ -1329,15 +1329,17 @@ static int dhcp_recv_l2_packet(struct dhcp_packet *dhcp_pkt, int fd, + if (bytes < 0) + return -1; + +- if (bytes < (int) (sizeof(packet.ip) + sizeof(packet.udp))) +- return -1; +- +- if (bytes < ntohs(packet.ip.tot_len)) ++ tot_len = ntohs(packet.ip.tot_len); ++ if (bytes > tot_len) { ++ /* ignore any extra garbage bytes */ ++ bytes = tot_len; ++ } else if (bytes < tot_len) { + /* packet is bigger than sizeof(packet), we did partial read */ + return -1; ++ } + +- /* ignore any extra garbage bytes */ +- bytes = ntohs(packet.ip.tot_len); ++ if (bytes < (int) (sizeof(packet.ip) + sizeof(packet.udp))) ++ return -1; + + if (!sanity_check(&packet, bytes)) + return -1; +-- +2.34.1 + diff --git a/poky/meta/recipes-connectivity/connman/connman_1.41.bb b/poky/meta/recipes-connectivity/connman/connman_1.41.bb index 79542b2175..3f2e29820f 100644 --- a/poky/meta/recipes-connectivity/connman/connman_1.41.bb +++ b/poky/meta/recipes-connectivity/connman/connman_1.41.bb @@ -8,6 +8,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ file://CVE-2022-32293_p1.patch \ file://CVE-2022-32293_p2.patch \ file://CVE-2022-32292.patch \ + file://0001-gdhcp-Verify-and-sanitize-packet-length-first.patch \ " SRC_URI:append:libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch" diff --git a/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb b/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb index 579fa95df7..21b2eebbd8 100644 --- a/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb +++ b/poky/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb @@ -9,9 +9,7 @@ HOMEPAGE = "http://roy.marples.name/projects/dhcpcd/" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=d148485768fe85b9f1072b186a7e9b4d" -UPSTREAM_CHECK_URI = "https://roy.marples.name/downloads/dhcpcd/" - -SRC_URI = "https://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \ +SRC_URI = "git://github.com/NetworkConfiguration/dhcpcd;protocol=https;branch=dhcpcd-9 \ file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \ file://0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch \ file://0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch \ @@ -22,7 +20,8 @@ SRC_URI = "https://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \ file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \ " -SRC_URI[sha256sum] = "819357634efed1ea5cf44ec01b24d3d3f8852fec8b4249925dcc5667c54e376c" +SRCREV = "3c458fc7fa4146029a1e4f9e98cd7e7adf03081a" +S = "${WORKDIR}/git" inherit pkgconfig autotools-brokensep systemd useradd diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap_1.10.3.bb b/poky/meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb index eb0a650130..27b167c21f 100644 --- a/poky/meta/recipes-connectivity/libpcap/libpcap_1.10.3.bb +++ b/poky/meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \ DEPENDS = "flex-native bison-native" SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz" -SRC_URI[sha256sum] = "2a8885c403516cf7b0933ed4b14d6caa30e02052489ebd414dc75ac52e7559e6" +SRC_URI[sha256sum] = "ed19a0383fad72e3ad435fd239d7cd80d64916b87269550159d20e47160ebe5f" inherit autotools binconfig-disabled pkgconfig diff --git a/poky/meta/recipes-connectivity/neard/neard_0.18.bb b/poky/meta/recipes-connectivity/neard/neard_0.18.bb index 23e999acc4..362a7615b6 100644 --- a/poky/meta/recipes-connectivity/neard/neard_0.18.bb +++ b/poky/meta/recipes-connectivity/neard/neard_0.18.bb @@ -6,9 +6,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \ file://src/near.h;beginline=1;endline=20;md5=358e4deefef251a4761e1ffacc965d13 \ " -DEPENDS = "dbus glib-2.0 libnl" +DEPENDS = "dbus glib-2.0 libnl autoconf-archive-native" -SRC_URI = "git://git.kernel.org/pub/scm/network/nfc/neard.git;protocol=git;branch=master \ +SRC_URI = "git://git.kernel.org/pub/scm/network/nfc/neard.git;protocol=https;branch=master \ file://neard.in \ file://Makefile.am-fix-parallel-issue.patch \ file://Makefile.am-do-not-ship-version.h.patch \ |