7 files changed, 52 insertions, 12 deletions

diff --git a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb
index 5c46bbf58e..4302310888 100644
--- a/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ b/poky/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -24,6 +24,7 @@ SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}
            file://99avahi-autoipd \
            file://initscript.patch \
            file://0001-Fix-opening-etc-resolv.conf-error.patch \
+           file://handle-hup.patch \
            "
 
 UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/"
diff --git a/poky/meta/recipes-connectivity/avahi/files/handle-hup.patch b/poky/meta/recipes-connectivity/avahi/files/handle-hup.patch
new file mode 100644
index 0000000000..26632e5443
--- /dev/null
+++ b/poky/meta/recipes-connectivity/avahi/files/handle-hup.patch
@@ -0,0 +1,41 @@
+CVE: CVE-2021-3468
+Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/330]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001
+From: Riccardo Schirone <sirmy15@gmail.com>
+Date: Fri, 26 Mar 2021 11:50:24 +0100
+Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in
+ client_work
+
+If a client fills the input buffer, client_work() disables the
+AVAHI_WATCH_IN event, thus preventing the function from executing the
+`read` syscall the next times it is called. However, if the client then
+terminates the connection, the socket file descriptor receives a HUP
+event, which is not handled, thus the kernel keeps marking the HUP event
+as occurring. While iterating over the file descriptors that triggered
+an event, the client file descriptor will keep having the HUP event and
+the client_work() function is always called with AVAHI_WATCH_HUP but
+without nothing being done, thus entering an infinite loop.
+
+See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938
+---
+ avahi-daemon/simple-protocol.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c
+index 3e0ebb11..6c0274d6 100644
+--- a/avahi-daemon/simple-protocol.c
++++ b/avahi-daemon/simple-protocol.c
+@@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv
+         }
+     }
+ 
++    if (events & AVAHI_WATCH_HUP) {
++        client_free(c);
++        return;
++    }
++
+     c->server->poll_api->watch_update(
+         watch,
+         (c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) |
diff --git a/poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch b/poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch
index 942b9c97b6..9dca21a02f 100644
--- a/poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch
+++ b/poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch
@@ -1,4 +1,4 @@
-From c7734e1547db967eccf242fe4b9e8a30b9ff141c Mon Sep 17 00:00:00 2001
+From 01974865e4d331eeaf25248bee1bb96539c450d9 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Mon, 6 Apr 2015 23:02:21 -0700
 Subject: [PATCH] resolve: musl does not implement res_ninit
@@ -15,7 +15,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
  1 file changed, 13 insertions(+), 21 deletions(-)
 
 diff --git a/gweb/gresolv.c b/gweb/gresolv.c
-index 38a554e..a9e8740 100644
+index 954e7cf..2a9bc51 100644
 --- a/gweb/gresolv.c
 +++ b/gweb/gresolv.c
 @@ -36,6 +36,7 @@
@@ -26,7 +26,7 @@ index 38a554e..a9e8740 100644
  
  #include "gresolv.h"
  
-@@ -877,8 +878,6 @@ GResolv *g_resolv_new(int index)
+@@ -878,8 +879,6 @@ GResolv *g_resolv_new(int index)
  	resolv->index = index;
  	resolv->nameserver_list = NULL;
  
@@ -35,7 +35,7 @@ index 38a554e..a9e8740 100644
  	return resolv;
  }
  
-@@ -918,8 +917,6 @@ void g_resolv_unref(GResolv *resolv)
+@@ -919,8 +918,6 @@ void g_resolv_unref(GResolv *resolv)
  
  	flush_nameservers(resolv);
  
@@ -44,7 +44,7 @@ index 38a554e..a9e8740 100644
  	g_free(resolv);
  }
  
-@@ -1022,24 +1019,19 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname,
+@@ -1023,24 +1020,19 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname,
  	debug(resolv, "hostname %s", hostname);
  
  	if (!resolv->nameserver_list) {
diff --git a/poky/meta/recipes-connectivity/connman/connman_1.39.bb b/poky/meta/recipes-connectivity/connman/connman_1.40.bb
index df42e9ffb8..15d105e2bd 100644
--- a/poky/meta/recipes-connectivity/connman/connman_1.39.bb
+++ b/poky/meta/recipes-connectivity/connman/connman_1.40.bb
@@ -9,7 +9,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
 
 SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"
 
-SRC_URI[sha256sum] = "9f62a7169b7491c670a1ff2e335b0d966308fb2f62e285c781105eb90f181af3"
+SRC_URI[sha256sum] = "1a57ae7ce234aa3a1744aac3be5c2121d98dce999440ef8ab9cc4edfd5edcb12"
 
 RRECOMMENDS_${PN} = "connman-conf"
 RCONFLICTS_${PN} = "networkmanager"
diff --git a/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.bb b/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb
index 75e8ba06d9..f3b64174c4 100644
--- a/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.bb
+++ b/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb
@@ -11,7 +11,7 @@ DEPENDS = "avahi"
 SRC_URI = "git://github.com/lathiat/nss-mdns \
            "
 
-SRCREV = "65ad25563937682ab2770c36d56667a754837102"
+SRCREV = "4b3cfe818bf72d99a02b8ca8b8813cb2d6b40633"
 
 S = "${WORKDIR}/git"
 
diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap_1.10.0.bb b/poky/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb
index 967eabcc13..f528595c94 100644
--- a/poky/meta/recipes-connectivity/libpcap/libpcap_1.10.0.bb
+++ b/poky/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb
@@ -10,10 +10,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \
                     file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2"
 DEPENDS = "flex-native bison-native"
 
-SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \
-           "
-SRC_URI[md5sum] = "8c12dc19dd7e0d02d2bb6596eb5a71c7"
-SRC_URI[sha256sum] = "8d12b42623eeefee872f123bd0dc85d535b00df4d42e865f993c40f7bfc92b1e"
+SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz"
+SRC_URI[sha256sum] = "ed285f4accaf05344f90975757b3dbfe772ba41d1c401c2648b7fa45b711bdd4"
 
 inherit autotools binconfig-disabled pkgconfig
 
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.3.bb b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.4.bb
index d8c6391b3d..5500a9249f 100644
--- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.3.bb
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.4.bb
@@ -31,7 +31,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x
            file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \
            file://clang-warnings.patch \
            "
-SRC_URI[sha256sum] = "b54d6d8ea2ee62d64111278301ba4631b7bb19174e7f717a724fe5d463900c80"
+SRC_URI[sha256sum] = "51997d94e4c8bcef5456dd36a9ccc38e231207c4e9b6a9a2c108841e6aebe3dd"
 
 # Only kernel-module-nfsd is required here (but can be built-in)  - the nfsd module will
 # pull in the remainder of the dependencies.