diff options
Diffstat (limited to 'poky/meta/recipes-extended')
5 files changed, 206 insertions, 112 deletions
diff --git a/poky/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch b/poky/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch index 95728bcd3f..628db42136 100644 --- a/poky/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch +++ b/poky/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch @@ -1,124 +1,52 @@ -From 30a3906a0a21120fa6bbc918b6258ab9303fbeaa Mon Sep 17 00:00:00 2001 -From: Scott Garman <scott.a.garman@intel.com> -Date: Thu, 14 Apr 2016 12:28:57 +0200 -Subject: [PATCH] Disable use of syslog for sysroot +From 8b845fff891798a03bdf21354b52e4487c2c0200 Mon Sep 17 00:00:00 2001 +From: Richard Purdie <richard.purdie@linuxfoundation.org> +Date: Thu, 14 Apr 2022 23:11:53 +0000 +Subject: [PATCH] Disable use of syslog for shadow-native tools Disable use of syslog to prevent sysroot user and group additions from writing entries to the host's syslog. This patch should only be used with the shadow-native recipe. -Upstream-Status: Inappropriate [disable feature] - -Signed-off-by: Scott Garman <scott.a.garman@intel.com> +Upstream-Status: Inappropriate [OE specific configuration] +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> --- - src/groupadd.c | 3 +++ - src/groupdel.c | 3 +++ - src/groupmems.c | 3 +++ - src/groupmod.c | 3 +++ - src/useradd.c | 3 +++ - src/userdel.c | 4 ++++ - src/usermod.c | 3 +++ - 7 files changed, 22 insertions(+) + configure.ac | 2 +- + src/login_nopam.c | 3 ++- + 2 files changed, 3 insertions(+), 2 deletions(-) -diff --git a/src/groupadd.c b/src/groupadd.c -index d7f68b1..5fe5f43 100644 ---- a/src/groupadd.c -+++ b/src/groupadd.c -@@ -34,6 +34,9 @@ - - #ident "$Id$" - -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include <ctype.h> - #include <fcntl.h> - #include <getopt.h> -diff --git a/src/groupdel.c b/src/groupdel.c -index 5c89312..2aefc5a 100644 ---- a/src/groupdel.c -+++ b/src/groupdel.c -@@ -34,6 +34,9 @@ - +diff --git a/configure.ac b/configure.ac +index 5dcae19..b2c58f5 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -204,7 +204,7 @@ AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd", + [Path to passwd program.]) + + dnl XXX - quick hack, should disappear before anyone notices :). +-AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) ++#AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) + if test "$ac_cv_func_ruserok" = "yes"; then + AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.]) + AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).]) +diff --git a/src/login_nopam.c b/src/login_nopam.c +index df6ba88..fc24e13 100644 +--- a/src/login_nopam.c ++++ b/src/login_nopam.c +@@ -29,7 +29,6 @@ + #ifndef USE_PAM #ident "$Id$" -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include <ctype.h> - #include <fcntl.h> - #include <grp.h> -diff --git a/src/groupmems.c b/src/groupmems.c -index 654a8f3..6b2026b 100644 ---- a/src/groupmems.c -+++ b/src/groupmems.c -@@ -32,6 +32,9 @@ - - #include <config.h> - -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include <fcntl.h> - #include <getopt.h> - #include <grp.h> -diff --git a/src/groupmod.c b/src/groupmod.c -index acd6f35..a2c5247 100644 ---- a/src/groupmod.c -+++ b/src/groupmod.c -@@ -34,6 +34,9 @@ - - #ident "$Id$" - -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include <ctype.h> - #include <fcntl.h> - #include <getopt.h> -diff --git a/src/useradd.c b/src/useradd.c -index 127177e..b80e505 100644 ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -34,6 +34,9 @@ - - #ident "$Id$" - -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include <assert.h> - #include <ctype.h> - #include <errno.h> -diff --git a/src/userdel.c b/src/userdel.c -index 79a7c89..c1e010a 100644 ---- a/src/userdel.c -+++ b/src/userdel.c -@@ -31,6 +31,10 @@ - */ - - #include <config.h> -+ -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include <assert.h> - #include <dirent.h> - #include <errno.h> -diff --git a/src/usermod.c b/src/usermod.c -index 03bb9b9..e15fdd4 100644 ---- a/src/usermod.c -+++ b/src/usermod.c -@@ -34,6 +34,9 @@ - - #ident "$Id$" +-#include "prototypes.h" + /* + * This module implements a simple but effective form of login access + * control based on login names and on host (or domain) names, internet +@@ -57,6 +56,8 @@ + #include <netinet/in.h> + #include <arpa/inet.h> /* for inet_ntoa() */ -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG ++#include "prototypes.h" + - #include <assert.h> - #include <ctype.h> - #include <errno.h> + #if !defined(MAXHOSTNAMELEN) || (MAXHOSTNAMELEN < 64) + #undef MAXHOSTNAMELEN + #define MAXHOSTNAMELEN 256 diff --git a/poky/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch b/poky/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch new file mode 100644 index 0000000000..6ba2b879a3 --- /dev/null +++ b/poky/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch @@ -0,0 +1,67 @@ +From 731d698377dbd1f5b1b90efeb8094602ed59fc40 Mon Sep 17 00:00:00 2001 +From: Nils Bars <nils.bars@t-online.de> +Date: Mon, 17 Jan 2022 16:53:16 +0000 +Subject: [PATCH] Fix null pointer dereference and use of uninitialized data + +This fixes a bug that causes use of uninitialized heap data if `readbuf` fails +to read as many bytes as indicated by the extra field length attribute. +Furthermore, this fixes a null pointer dereference if an archive contains an +`EF_UNIPATH` extra field but does not have a filename set. +--- + fileio.c | 5 ++++- + process.c | 6 +++++- + 2 files changed, 9 insertions(+), 2 deletions(-) +--- + +Patch from: +https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077 +https://launchpadlibrarian.net/580782282/0001-Fix-null-pointer-dereference-and-use-of-uninitialized-data.patch +Regenerated to apply without offsets. + +CVE: CVE-2021-4217 + +Upstream-Status: Pending [infozip upstream inactive] + +Signed-off-by: Joe Slater <joe.slater@windriver.com> + + +diff --git a/fileio.c b/fileio.c +index 14460f3..1dc319e 100644 +--- a/fileio.c ++++ b/fileio.c +@@ -2301,8 +2301,11 @@ int do_string(__G__ length, option) /* return PK-type error code */ + seek_zipf(__G__ G.cur_zipfile_bufstart - G.extra_bytes + + (G.inptr-G.inbuf) + length); + } else { +- if (readbuf(__G__ (char *)G.extra_field, length) == 0) ++ unsigned bytes_read = readbuf(__G__ (char *)G.extra_field, length); ++ if (bytes_read == 0) + return PK_EOF; ++ if (bytes_read != length) ++ return PK_ERR; + /* Looks like here is where extra fields are read */ + if (getZip64Data(__G__ G.extra_field, length) != PK_COOL) + { +diff --git a/process.c b/process.c +index 5f8f6c6..de843a5 100644 +--- a/process.c ++++ b/process.c +@@ -2058,10 +2058,14 @@ int getUnicodeData(__G__ ef_buf, ef_len) + G.unipath_checksum = makelong(offset + ef_buf); + offset += 4; + ++ if (!G.filename_full) { ++ /* Check if we have a unicode extra section but no filename set */ ++ return PK_ERR; ++ } ++ + /* + * Compute 32-bit crc + */ +- + chksum = crc32(chksum, (uch *)(G.filename_full), + strlen(G.filename_full)); + +-- +2.32.0 + diff --git a/poky/meta/recipes-extended/unzip/unzip_6.0.bb b/poky/meta/recipes-extended/unzip/unzip_6.0.bb index 0bc6abcd4b..d074db37b4 100644 --- a/poky/meta/recipes-extended/unzip/unzip_6.0.bb +++ b/poky/meta/recipes-extended/unzip/unzip_6.0.bb @@ -27,6 +27,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/ file://CVE-2019-13232_p2.patch \ file://CVE-2019-13232_p3.patch \ file://unzip_optimization.patch \ + file://CVE-2021-4217.patch \ " UPSTREAM_VERSION_UNKNOWN = "1" diff --git a/poky/meta/recipes-extended/xz/xz/CVE-2022-1271.patch b/poky/meta/recipes-extended/xz/xz/CVE-2022-1271.patch new file mode 100644 index 0000000000..e43e73cf12 --- /dev/null +++ b/poky/meta/recipes-extended/xz/xz/CVE-2022-1271.patch @@ -0,0 +1,96 @@ +From dc932a1e9c0d9f1db71be11a9b82496e3a72f112 Mon Sep 17 00:00:00 2001 +From: Lasse Collin <lasse.collin@tukaani.org> +Date: Tue, 29 Mar 2022 19:19:12 +0300 +Subject: [PATCH] xzgrep: Fix escaping of malicious filenames (ZDI-CAN-16587). + +Malicious filenames can make xzgrep to write to arbitrary files +or (with a GNU sed extension) lead to arbitrary code execution. + +xzgrep from XZ Utils versions up to and including 5.2.5 are +affected. 5.3.1alpha and 5.3.2alpha are affected as well. +This patch works for all of them. + +This bug was inherited from gzip's zgrep. gzip 1.12 includes +a fix for zgrep. + +The issue with the old sed script is that with multiple newlines, +the N-command will read the second line of input, then the +s-commands will be skipped because it's not the end of the +file yet, then a new sed cycle starts and the pattern space +is printed and emptied. So only the last line or two get escaped. + +One way to fix this would be to read all lines into the pattern +space first. However, the included fix is even simpler: All lines +except the last line get a backslash appended at the end. To ensure +that shell command substitution doesn't eat a possible trailing +newline, a colon is appended to the filename before escaping. +The colon is later used to separate the filename from the grep +output so it is fine to add it here instead of a few lines later. + +The old code also wasn't POSIX compliant as it used \n in the +replacement section of the s-command. Using \<newline> is the +POSIX compatible method. + +LC_ALL=C was added to the two critical sed commands. POSIX sed +manual recommends it when using sed to manipulate pathnames +because in other locales invalid multibyte sequences might +cause issues with some sed implementations. In case of GNU sed, +these particular sed scripts wouldn't have such problems but some +other scripts could have, see: + + info '(sed)Locale Considerations' + +This vulnerability was discovered by: +cleemy desu wayo working with Trend Micro Zero Day Initiative + +Thanks to Jim Meyering and Paul Eggert discussing the different +ways to fix this and for coordinating the patch release schedule +with gzip. + +Upstream-Status: Backport [https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch] +CVE: CVE-2022-1271 + +Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> +--- + src/scripts/xzgrep.in | 20 ++++++++++++-------- + 1 file changed, 12 insertions(+), 8 deletions(-) + +diff --git a/src/scripts/xzgrep.in b/src/scripts/xzgrep.in +index 9db5c3a..f64dddb 100644 +--- a/src/scripts/xzgrep.in ++++ b/src/scripts/xzgrep.in +@@ -179,22 +179,26 @@ for i; do + { test $# -eq 1 || test $no_filename -eq 1; }; then + eval "$grep" + else ++ # Append a colon so that the last character will never be a newline ++ # which would otherwise get lost in shell command substitution. ++ i="$i:" ++ ++ # Escape & \ | and newlines only if such characters are present ++ # (speed optimization). + case $i in + (*' + '* | *'&'* | *'\'* | *'|'*) +- i=$(printf '%s\n' "$i" | +- sed ' +- $!N +- $s/[&\|]/\\&/g +- $s/\n/\\n/g +- ');; ++ i=$(printf '%s\n' "$i" | LC_ALL=C sed 's/[&\|]/\\&/g; $!s/$/\\/');; + esac +- sed_script="s|^|$i:|" ++ ++ # $i already ends with a colon so don't add it here. ++ sed_script="s|^|$i|" + + # Fail if grep or sed fails. + r=$( + exec 4>&1 +- (eval "$grep" 4>&-; echo $? >&4) 3>&- | sed "$sed_script" >&3 4>&- ++ (eval "$grep" 4>&-; echo $? >&4) 3>&- | ++ LC_ALL=C sed "$sed_script" >&3 4>&- + ) || r=2 + exit $r + fi >&3 5>&- diff --git a/poky/meta/recipes-extended/xz/xz_5.2.5.bb b/poky/meta/recipes-extended/xz/xz_5.2.5.bb index 8021ebd9bc..200af0e672 100644 --- a/poky/meta/recipes-extended/xz/xz_5.2.5.bb +++ b/poky/meta/recipes-extended/xz/xz_5.2.5.bb @@ -23,7 +23,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=97d554a32881fee0aa283d96e47cb24a \ file://lib/getopt.c;endline=23;md5=2069b0ee710572c03bb3114e4532cd84 \ " -SRC_URI = "https://tukaani.org/xz/xz-${PV}.tar.gz" +SRC_URI = "https://tukaani.org/xz/xz-${PV}.tar.gz \ + file://CVE-2022-1271.patch \ + " SRC_URI[md5sum] = "0d270c997aff29708c74d53f599ef717" SRC_URI[sha256sum] = "f6f4910fd033078738bd82bfba4f49219d03b17eb0794eb91efbae419f4aba10" UPSTREAM_CHECK_REGEX = "xz-(?P<pver>\d+(\.\d+)+)\.tar" |