diff options
Diffstat (limited to 'poky/meta/recipes-connectivity')
-rw-r--r-- | poky/meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 | ||||
-rw-r--r-- | poky/meta/recipes-connectivity/avahi/files/handle-hup.patch | 41 | ||||
-rw-r--r-- | poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch | 10 | ||||
-rw-r--r-- | poky/meta/recipes-connectivity/connman/connman_1.40.bb (renamed from poky/meta/recipes-connectivity/connman/connman_1.39.bb) | 2 | ||||
-rw-r--r-- | poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb (renamed from poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.bb) | 2 | ||||
-rw-r--r-- | poky/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb (renamed from poky/meta/recipes-connectivity/libpcap/libpcap_1.10.0.bb) | 6 | ||||
-rw-r--r-- | poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.4.bb (renamed from poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.3.bb) | 2 |
7 files changed, 52 insertions, 12 deletions
diff --git a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb index 5c46bbf58e..4302310888 100644 --- a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -24,6 +24,7 @@ SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV} file://99avahi-autoipd \ file://initscript.patch \ file://0001-Fix-opening-etc-resolv.conf-error.patch \ + file://handle-hup.patch \ " UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/" diff --git a/poky/meta/recipes-connectivity/avahi/files/handle-hup.patch b/poky/meta/recipes-connectivity/avahi/files/handle-hup.patch new file mode 100644 index 0000000000..26632e5443 --- /dev/null +++ b/poky/meta/recipes-connectivity/avahi/files/handle-hup.patch @@ -0,0 +1,41 @@ +CVE: CVE-2021-3468 +Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/330] +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001 +From: Riccardo Schirone <sirmy15@gmail.com> +Date: Fri, 26 Mar 2021 11:50:24 +0100 +Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in + client_work + +If a client fills the input buffer, client_work() disables the +AVAHI_WATCH_IN event, thus preventing the function from executing the +`read` syscall the next times it is called. However, if the client then +terminates the connection, the socket file descriptor receives a HUP +event, which is not handled, thus the kernel keeps marking the HUP event +as occurring. While iterating over the file descriptors that triggered +an event, the client file descriptor will keep having the HUP event and +the client_work() function is always called with AVAHI_WATCH_HUP but +without nothing being done, thus entering an infinite loop. + +See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938 +--- + avahi-daemon/simple-protocol.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c +index 3e0ebb11..6c0274d6 100644 +--- a/avahi-daemon/simple-protocol.c ++++ b/avahi-daemon/simple-protocol.c +@@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv + } + } + ++ if (events & AVAHI_WATCH_HUP) { ++ client_free(c); ++ return; ++ } ++ + c->server->poll_api->watch_update( + watch, + (c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) | diff --git a/poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch b/poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch index 942b9c97b6..9dca21a02f 100644 --- a/poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch +++ b/poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch @@ -1,4 +1,4 @@ -From c7734e1547db967eccf242fe4b9e8a30b9ff141c Mon Sep 17 00:00:00 2001 +From 01974865e4d331eeaf25248bee1bb96539c450d9 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Mon, 6 Apr 2015 23:02:21 -0700 Subject: [PATCH] resolve: musl does not implement res_ninit @@ -15,7 +15,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> 1 file changed, 13 insertions(+), 21 deletions(-) diff --git a/gweb/gresolv.c b/gweb/gresolv.c -index 38a554e..a9e8740 100644 +index 954e7cf..2a9bc51 100644 --- a/gweb/gresolv.c +++ b/gweb/gresolv.c @@ -36,6 +36,7 @@ @@ -26,7 +26,7 @@ index 38a554e..a9e8740 100644 #include "gresolv.h" -@@ -877,8 +878,6 @@ GResolv *g_resolv_new(int index) +@@ -878,8 +879,6 @@ GResolv *g_resolv_new(int index) resolv->index = index; resolv->nameserver_list = NULL; @@ -35,7 +35,7 @@ index 38a554e..a9e8740 100644 return resolv; } -@@ -918,8 +917,6 @@ void g_resolv_unref(GResolv *resolv) +@@ -919,8 +918,6 @@ void g_resolv_unref(GResolv *resolv) flush_nameservers(resolv); @@ -44,7 +44,7 @@ index 38a554e..a9e8740 100644 g_free(resolv); } -@@ -1022,24 +1019,19 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname, +@@ -1023,24 +1020,19 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname, debug(resolv, "hostname %s", hostname); if (!resolv->nameserver_list) { diff --git a/poky/meta/recipes-connectivity/connman/connman_1.39.bb b/poky/meta/recipes-connectivity/connman/connman_1.40.bb index df42e9ffb8..15d105e2bd 100644 --- a/poky/meta/recipes-connectivity/connman/connman_1.39.bb +++ b/poky/meta/recipes-connectivity/connman/connman_1.40.bb @@ -9,7 +9,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch" -SRC_URI[sha256sum] = "9f62a7169b7491c670a1ff2e335b0d966308fb2f62e285c781105eb90f181af3" +SRC_URI[sha256sum] = "1a57ae7ce234aa3a1744aac3be5c2121d98dce999440ef8ab9cc4edfd5edcb12" RRECOMMENDS_${PN} = "connman-conf" RCONFLICTS_${PN} = "networkmanager" diff --git a/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.bb b/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb index 75e8ba06d9..f3b64174c4 100644 --- a/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.bb +++ b/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb @@ -11,7 +11,7 @@ DEPENDS = "avahi" SRC_URI = "git://github.com/lathiat/nss-mdns \ " -SRCREV = "65ad25563937682ab2770c36d56667a754837102" +SRCREV = "4b3cfe818bf72d99a02b8ca8b8813cb2d6b40633" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap_1.10.0.bb b/poky/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb index 967eabcc13..f528595c94 100644 --- a/poky/meta/recipes-connectivity/libpcap/libpcap_1.10.0.bb +++ b/poky/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb @@ -10,10 +10,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \ file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2" DEPENDS = "flex-native bison-native" -SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \ - " -SRC_URI[md5sum] = "8c12dc19dd7e0d02d2bb6596eb5a71c7" -SRC_URI[sha256sum] = "8d12b42623eeefee872f123bd0dc85d535b00df4d42e865f993c40f7bfc92b1e" +SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz" +SRC_URI[sha256sum] = "ed285f4accaf05344f90975757b3dbfe772ba41d1c401c2648b7fa45b711bdd4" inherit autotools binconfig-disabled pkgconfig diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.3.bb b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.4.bb index d8c6391b3d..5500a9249f 100644 --- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.3.bb +++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.4.bb @@ -31,7 +31,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \ file://clang-warnings.patch \ " -SRC_URI[sha256sum] = "b54d6d8ea2ee62d64111278301ba4631b7bb19174e7f717a724fe5d463900c80" +SRC_URI[sha256sum] = "51997d94e4c8bcef5456dd36a9ccc38e231207c4e9b6a9a2c108841e6aebe3dd" # Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will # pull in the remainder of the dependencies. |