Re: [OE-core] [PATCH] bind: Whitelist CVE-2019-6470
On 11/15/19 1:46 PM, Adrian Bunk wrote: > On Thu, Nov 14, 2019 at 07:18:28AM -0800, akuster808 wrote: >> >> On 11/14/19 4:51 AM, Adrian Bunk wrote: >>> On Thu, Nov 14, 2019 at 12:04:40PM +, Ross Burton wrote: On 13/11/2019 08:19, Adrian Bunk wrote: > +# Affects: Builds of dhcpd versions prior to version 4.4.1 when using > BIND versions 9.11.2 or later > +CVE_CHECK_WHITELIST += "CVE-2019-6470" Can you be a bit more explicit about why this is whitelisted? >>> Something like >>> BIND >= 9.11.2 need dhcpd >= 4.4.1, don't report it here since >>> dhcpd is already recent enough. >> Actual. checking isc dhcp sources, it appears the fix is sitting in >> master and has not been merged to any of the stable branches. I have not >> had the time to unpack and check in an OE env ti validate that. >> >> Have you done that? > At what commit are you looking? https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=abacf8ad0d8844685e5cd76645a34ef2b8da3253 An like I said "it appears" and I alway verify with what sources get unpacked. I finally got around to it doing that this morning and the dhcp does have this fix. -armin > > rt46719 was merged in 2017, actually before 4.4.0. > >> - Armin > cu > Adrian > -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [warrior 00/28] merge request
cover letter only Please merge this series into warrior mainline The following changes since commit 726c3b92298981f5aa2f2449ceeec7b4bf84ed29: build-appliance-image: Update to warrior head revision (2019-10-30 13:55:57 +) are available in the git repository at: git://git.openembedded.org/openembedded-core-contrib stable/warrior-next http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/warrior-next Adrian Bunk (2): go: Upgrade 1.12.5 -> 1.12.6 python3: Upgrade 3.7.4 -> 3.7.5 Alexander Kanavin (1): go: update 1.12.1->1.12.5 Changqing Li (1): python3: fix do_install fail for parallel buiild Chen Qi (1): python3: CVE-2019-16056 Jason Wessel (1): pseudo: Fix openat() with a symlink pointing to a directory Joe Slater (2): libtiff: fix CVE-2019-17546 libxslt: fix CVE-2019-18197 Joshua Watt (2): python3: Reformat sysconfig python3: Fix .pyc file reproduciblility Khem Raj (1): go-1.12: update to 1.12.9 minor release Matthias Schoepfer via Openembedded-core (1): python3: fix build on softfloat mips Mingli Yu (1): python3: fix the test_locale output format Niclas Svensson (1): devtool: finish: Keep patches ordered when updating bbappend Peter Kjellerstedt (8): meson: Backport patch to handle strings in cross file args meson.bbclass: Remove the MESON_*_ARGS variables nativesdk-meson: Remove some unused variables devtool: Avoid failure for recipes with S == WORKDIR and no local files package_rpm.bbclass: Remove a misleading bb.note() tzdata: Correct the packaging of /etc/localtime and /etc/timezone devtool: finish: Add suppport for the --no-clean option lib/oe/lsb: Make sure the distro ID is always lowercased Ricardo Ribalda Delgado (1): python3: python3: Fix build error x86->x86 Richard Purdie (2): pseudo: Drop static linking to sqlite3 pseudo: Add statx support to fix fedora30 issues Ross Burton (2): patch: the CVE-2019-13638 fix also handles CVE-2018-20969 file: fix CVE-2019-18218 Trevor Gamblin (1): tiff: fix CVE-2019-14973 meta/classes/meson.bbclass | 15 +- meta/classes/package_rpm.bbclass | 5 +- meta/conf/distro/include/no-static-libs.inc| 4 - meta/lib/oe/lsb.py | 8 +- .../file/file/CVE-2019-18218.patch | 55 +++ meta/recipes-devtools/file/file_5.36.bb| 3 +- meta/recipes-devtools/go/go-1.12.inc | 6 +- meta/recipes-devtools/meson/meson.inc | 1 + ...e-strings-in-cross-file-args.-Closes-4671.patch | 87 + .../meson/nativesdk-meson_0.49.2.bb| 5 - ...ke-ed-directly-instead-of-using-the-shell.patch | 4 +- .../pseudo/files/0001-Add-statx.patch | 106 ++ meta/recipes-devtools/pseudo/pseudo.inc| 19 +- meta/recipes-devtools/pseudo/pseudo_git.bb | 3 +- ...code-lib-as-location-for-site-packages-an.patch | 2 +- ...ix-Issue36464-parallel-build-race-problem.patch | 34 ++ ...-Use-FLAG_REF-always-for-interned-strings.patch | 35 ++ ...roper-detection-of-mips-architecture-for-.patch | 201 ++ ...-cc_basename-to-replace-CC-for-checking-c.patch | 2 +- ..._locale.py-correct-the-test-output-format.patch | 46 +++ .../python/python3/crosspythonpath.patch | 25 ++ .../python/python3/reformat_sysconfig.py | 21 ++ .../python/{python3_3.7.4.bb => python3_3.7.5.bb} | 17 +- meta/recipes-extended/timezone/tzdata.bb | 5 +- .../libtiff/tiff/CVE-2019-14973.patch | 415 + .../libtiff/tiff/CVE-2019-17546.patch | 103 + meta/recipes-multimedia/libtiff/tiff_4.0.10.bb | 4 +- .../libxslt/files/CVE-2019-18197.patch | 33 ++ meta/recipes-support/libxslt/libxslt_1.1.33.bb | 1 + scripts/lib/devtool/standard.py| 17 +- 30 files changed, 1218 insertions(+), 64 deletions(-) create mode 100644 meta/recipes-devtools/file/file/CVE-2019-18218.patch create mode 100644 meta/recipes-devtools/meson/meson/0001-Handle-strings-in-cross-file-args.-Closes-4671.patch create mode 100644 meta/recipes-devtools/pseudo/files/0001-Add-statx.patch create mode 100644 meta/recipes-devtools/python/python3/0001-Makefile-fix-Issue36464-parallel-build-race-problem.patch create mode 100644 meta/recipes-devtools/python/python3/0001-Use-FLAG_REF-always-for-interned-strings.patch create mode 100644 meta/recipes-devtools/python/python3/0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch create mode 100644 meta/recipes-devtools/python/python3/0001-test_locale.py-correct-the-test-output-format.patch create mode 100644 meta/recipes-devtools/python/python3/crosspythonpath.patch create mode 100644 meta/recipes-devtools/python/python3/reformat_sysconfig.py rename meta/recipes-devtools/python/{python3_3.7.4.bb => python3_3.7.5.bb} (93%) create mode 100644
[OE-core] Status of thud
Hello, Now that thud has release 2.6.4, I plan on backporting and testing the outstanding patches. Getting them into mainline should not be an issue. I have no idea if there are plans for a 2.6.5 or when it will switch to community support. I will have to wait for the Yocto Project TSC to determine what stable process changes they propose. - Armin -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [AUH] Upgrade status: 2019-11-17
Recipe upgrade statistics: * Failed(do_compile): 22 qemu, 4.1.1, Richard Purdie libdnf, 0.38.1, Alexander Kanavin python3-setuptools, 41.6.0, Oleksandr Kravchuk orc, 0.4.31, Anuj Mittal vulkan-tools, 1.1.126.0, Anuj Mittal libxcrypt, 4.4.10, Khem Raj libxkbcommon, 0.9.1, Armin Kuster mkfontscale, 1.2.1, Armin Kuster assimp, 5.0.0, Anuj Mittal at-spi2-atk, 2.34.1, Anuj Mittal vulkan-headers, 1.1.126.0, Anuj Mittal openssh, 8.1p1, Armin Kuster alsa-utils, 1.2.1, Tanu Kaskinen glib-2.0, 2.62.2, Anuj Mittal prelink, 1.0-new-commits-available, Mark Hatle libxml-parser-perl, 2.46, Tim Orling python-setuptools, 41.6.0, Oleksandr Kravchuk alsa-lib, 1.2.1, Tanu Kaskinen kexec-tools, 2.0.20, Armin Kuster vulkan-loader, 1.1.126.0, Anuj Mittal cmake, 3.15.5, Pascal Bach shadow, 4.7, Chen Qi * Succeeded: 36 vim, 8.1.2300, Tom Rini alsa-plugins, 1.2.1, Tanu Kaskinen linux-firmware, 20190815-new-commits-available, Otavio Salvador subversion, 1.13.0, Richard Purdie adwaita-icon-theme, 3.34.3, Ross Burton nss, 3.46.1, Armin Kuster dnf, 4.2.16, Alexander Kanavin vim-tiny, 8.1.2300, Tom Rini busybox, 1.31.1, Andrej Valek pango, 1.44.7, Ross Burton python3-git, 3.0.5, Oleksandr Kravchuk sqlite3, 3.30.1, Anuj Mittal librepo, 1.11.0, Alexander Kanavin stress-ng, 0.10.10, Anuj Mittal kmscube, git-new-commits-available, Carlos Rafael Giani python3-gitdb, 2.0.6, Oleksandr Kravchuk ncurses, 6.1+20191019, Hongxu Jia man-pages, 5.05D5D5D3, Hongxu Jia btrfs-tools, 5.3.1, Alexander Kanavin libsolv, 0.7.8, Anuj Mittal xkeyboard-config, 2.28, Armin Kuster gnutls, 3.6.10, Armin Kuster gnu-config, 20190501-new-commits-available, Robert Yang harfbuzz, 2.6.4, Anuj Mittal at-spi2-core, 2.34.0, Anuj Mittal eudev, 3.2.9, Anuj Mittal vala, 0.46.4, Alexander Kanavin python3-pycairo, 1.18.2, Oleksandr Kravchuk mpg123, 1.25.13, Alexander Kanavin libidn2, 2.3.0, Ross Burton gdk-pixbuf, 2.40.0, Ross Burton ccache, 3.7.5, Robert Yang liberror-perl, 0.17028, Tim Orling rng-tools, 6.8, Anuj Mittal piglit, 1.0-new-commits-available, Ross Burton mmc-utils, 0.1-new-commits-available, Anuj Mittal * Failed(other errors): 1 binutils, 2.33.1, Khem Raj * Failed (devtool error): 51 vulkan-demos, git-new-commits-available, Ross Burton dos2unix, 7.4.1, Khem Raj sysprof, 3.34.1, Alexander Kanavin sysvinit, 2.96, Ross Burton gettext, 0.20.1, Robert Yang debianutils, 4.9, Yi Zhao glide, 0.13.3, Otavio Salvador kbd, 2.2.0, Alexander Kanavin libxcrypt-compat, 4.4.10, Khem Raj tiff, 4.1.0, Alexander Kanavin libsoup-2.4, 2.68.2, Anuj Mittal puzzles, 0.0-new-commits-available, Anuj Mittal ifupdown, 0.8.35, Anuj Mittal apt, 1.9.4, Aníbal Limón libxml2, 2.9.10, Hongxu Jia lttng-modules, 2.11.0, Richard Purdie mesa, 19.2.4, Otavio Salvador llvm, 10, Khem Raj texinfo, 6.7, Anuj Mittal go, 1.13.4, Khem Raj psmisc, 23.3, Alexander Kanavin ovmf, edk2-stable201908, Ricardo Neri parted, 3.3, Hongxu Jia attr, 2.4.48, Chen Qi cups, 2.3.0, Chen Qi cronie, 1.5.5, Anuj Mittal bluez5, 5.52, Anuj Mittal lttng-ust, 2.11.0, Richard Purdie man-db, 2.9.0, Hongxu Jia perl, 5.30.1, Alexander Kanavin python, 2.7.17, Oleksandr Kravchuk libxslt, 1.1.34, Alexander Kanavin sysklogd, 2.0, Chen Qi python3, 3.8.0, Oleksandr Kravchuk atk, 2.34.1, Anuj Mittal ltp, 20190930, Yi Zhao lttng-tools, 2.11.0, Richard Purdie python3-numpy, 1.17.4, Oleksandr Kravchuk ghostscript, 9.50, Hongxu Jia cpio, 2.13, Denys Dmytriyenko sudo, 1.8.29, Chen Qi gtk+3, 3.24.12, Ross Burton nfs-utils, 2.4.2, Robert Yang acl, 2.2.53, Chen Qi pulseaudio, 13.0, Tanu Kaskinen rpm, 4.15.0, Mark Hatle sed, 4.7, Chen Qi libjitterentropy, 2.2.0, Ross Burton bind, 9.11.12, Armin Kuster go-runtime, 1.13.4, Khem Raj flex, 2.6.4, Chen Qi TOTAL: attempted=110 succeeded=36(32.73%) failed=74(67.27%) Recipe upgrade statistics per Maintainer: Chen Qi -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org
Re: [OE-core] How to add build date? (was: ... basehash value changed...)
I'd write the date into the file at image creation, via ROOTFS_POSTPROCESS_COMMAND. Having it in a recipe means that you either force the recipe to not be a part of sstate cache, always rebuilding it and its dependencies (bad idea), or accept that the date comes from a previously built cache object, which means it will mismatch the actual image creation date. A bit of context would help: why would you want that info in os-release? Who would use that information and how? Alex On Sat, 16 Nov 2019 at 23:14, Joseph Reynolds wrote: > > Is there a best practice for folks who want to put the build date into > their generated os-release file? I've seen this question come up at > least 3 times in my brief involvement with OE. I could perhaps add > comment to the OpenBMC os-release.bbappend file to provide the proper > guidance. I would like to hear your ideas. > > - Joseph > > > Forwarded Message > Subject:Re: how to solve the error that basehash value changed > from > 'xxx' to '' ? > Date: Sat, 16 Nov 2019 15:50:38 -0600 > From: Joseph Reynolds > To: www , open...@lists.ozlabs.org > > > > > Byron, > > What modification did you put into the os-release recipe? It would help > us help you if you put that in your email. > > > Are you adding the build date to the generated os-release file? If so, > be aware that might cause the issues with the shared state cache you are > experiencing. Also be aware this practice wrecks reproducible builds. > > A better way to get the same effect might be to create a git tag with > the information you want to appear in the generated os-release file. > When you buld with this tag is then picked up by the OpenBMC > meta-phosphor os-release.bbappend (via `git describe`) and included in > the genersted os-release file as the BUILD_ID. See: > > https://github.com/ibm-openbmc/openbmc/blob/d1c59b7a36c10c18838c07af10b18080174cd61d/meta-phosphor/recipes-core/os-release/os-release.bbappend > (But I have not tried that.) > > A way to work around the hash change is to add a line to your recipe > like: PR[vardepsxeclude]="DATETIME" > As suggested by: > https://forums.openpli.org/topic/41447-how-to-get-rid-of-taskhash-mismatch/ > > > My apologies for top posting -- my email reader was not quoting the > message properly, so I cut/pasted it below. > > - Joseph > > > On 11/13/19 1:38 AM, www wrote: > > When I modify the os-release file in my yocto project, it appear some > error, and how can I solve it ? Who can give me some help or advice? > Thank you! > I execute the recommended command on the console and it didn't work. > > ERROR: os-release-1.0-r0 do_compile: Taskhash mismatch > ce133f0458608e03aa55224df28156e523e54903115efbbcd62946f84a867201 versus > 7269881f0eb1759ed420a2db4c04fb477cd8c1288bc5f82df5c8161bb926ea1f > > for > /home/temp/xxx/wsp/obmc-source/entity_xxx/meta/recipes-core/os-release/os-release.bb.do_compile > ERROR: Taskhash mismatch > ce133f0458608e03aa55224df28156e523e54903115efbbcd62946f84a867201 versus > 7269881f0eb1759ed420a2db4c04fb477cd8c1288bc5f82df5c8161bb926ea1f > > for > /home/temp/xxx/wsp/obmc-source/entity_xxx/meta/recipes-core/os-release/os-release.bb.do_compile > ERROR: When reparsing > /home/temp/xxx/wsp/obmc-source/entity_xxx/meta/recipes-core/os-release/os-release.bb.do_compile, > the > > basehash value changed from > 99a42a1a3b1a151de604267b159558ecaf1031a3bec8917df132c81302e729a5 to > 4f3288a8763e2e1af78e4b3cdd9c0c0ccb3b0d5c78a3073c188b22200df2a9b0. The > metadata is not deterministic and this needs to be fixed. > ERROR: The following commands may help: > ERROR: $ bitbake os-release -cdo_compile -Snone > ERROR: Then: > ERROR: $ bitbake os-release -cdo_compile -Sprintdiff > > ERROR: When > reparsing > /home/temp/xxx/wsp/obmc-source/entity_xxx/meta/recipes-core/os-release/os-release.bb.do_compile, > the > > basehash value changed from > 99a42a1a3b1a151de604267b159558ecaf1031a3bec8917df132c81302e729a5 to > 47c30012daa6aa77be09a93fe21e66995361ef26b4487111005617db8cb4de59. The > metadata is not deterministic and this needs to be fixed. > ERROR: The following commands may help: > ERROR: $ bitbake os-release -cdo_compile -Snone > ERROR: Then: > ERROR: $ bitbake os-release -cdo_compile -Sprintdiff > > thanks, > Byron > > -- > ___ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core > -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] ✗ patchtest: failure for zeus pull request
== Series Details == Series: zeus pull request Revision: 1 URL : https://patchwork.openembedded.org/series/21187/ State : failure == Summary == Thank you for submitting this patch series to OpenEmbedded Core. This is an automated response. Several tests have been executed on the proposed series by patchtest resulting in the following failures: * Patch[zeus,7/7] iputils: Whitelist CVE-2000-1213 CVE-2000-1214 Issue Missing or incorrectly formatted CVE tag in included patch file [test_cve_tag_format] Suggested fixCorrect or include the CVE tag on cve patch with format: "CVE: CVE--" If you believe any of these test results are incorrect, please reply to the mailing list (openembedded-core@lists.openembedded.org) raising your concerns. Otherwise we would appreciate you correcting the issues and submitting a new version of the patchset if applicable. Please ensure you add/increment the version number when sending the new version (i.e. [PATCH] -> [PATCH v2] -> [PATCH v3] -> ...). --- Guidelines: https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [zeus][PATCH 3/7] wpa-supplicant: fix CVE-2019-16275
From: Ross Burton (From OE-Core rev: d7b5a2ebdb6e74a21059ac2496b5dbea4597eb87) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Signed-off-by: Anuj Mittal --- ...re-management-frame-from-unexpected-.patch | 82 +++ .../wpa-supplicant/wpa-supplicant_2.9.bb | 1 + 2 files changed, 83 insertions(+) create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch new file mode 100644 index 00..7b0713cf6d --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch @@ -0,0 +1,82 @@ +hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication +of disconnection in certain situations because source address validation is +mishandled. This is a denial of service that should have been prevented by PMF +(aka management frame protection). The attacker must send a crafted 802.11 frame +from a location that is within the 802.11 communications range. + +CVE: CVE-2019-16275 +Upstream-Status: Backport +Signed-off-by: Ross Burton + +From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Thu, 29 Aug 2019 11:52:04 +0300 +Subject: [PATCH] AP: Silently ignore management frame from unexpected source + address + +Do not process any received Management frames with unexpected/invalid SA +so that we do not add any state for unexpected STA addresses or end up +sending out frames to unexpected destination. This prevents unexpected +sequences where an unprotected frame might end up causing the AP to send +out a response to another device and that other device processing the +unexpected response. + +In particular, this prevents some potential denial of service cases +where the unexpected response frame from the AP might result in a +connected station dropping its association. + +Signed-off-by: Jouni Malinen +--- + src/ap/drv_callbacks.c | 13 + + src/ap/ieee802_11.c| 12 + 2 files changed, 25 insertions(+) + +diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c +index 31587685fe3b..34ca379edc3d 100644 +--- a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c +@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, + "hostapd_notif_assoc: Skip event with no address"); + return -1; + } ++ ++ if (is_multicast_ether_addr(addr) || ++ is_zero_ether_addr(addr) || ++ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) { ++ /* Do not process any frames with unexpected/invalid SA so that ++ * we do not add any state for unexpected STA addresses or end ++ * up sending out frames to unexpected destination. */ ++ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR ++ " in received indication - ignore this indication silently", ++ __func__, MAC2STR(addr)); ++ return 0; ++ } ++ + random_add_randomness(addr, ETH_ALEN); + + hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, +diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +index c85a28db44b7..e7065372e158 100644 +--- a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, + fc = le_to_host16(mgmt->frame_control); + stype = WLAN_FC_GET_STYPE(fc); + ++ if (is_multicast_ether_addr(mgmt->sa) || ++ is_zero_ether_addr(mgmt->sa) || ++ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { ++ /* Do not process any frames with unexpected/invalid SA so that ++ * we do not add any state for unexpected STA addresses or end ++ * up sending out frames to unexpected destination. */ ++ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR ++ " in received frame - ignore this frame silently", ++ MAC2STR(mgmt->sa)); ++ return 0; ++ } ++ + if (stype == WLAN_FC_STYPE_BEACON) { + handle_beacon(hapd, mgmt, len, fi); + return 1; +-- +2.20.1 diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb index c16978cfe8..2db09ad2c6 100644 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb @@ -25,6 +25,7 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
[OE-core] [zeus][PATCH 4/7] python: fix CVE-2019-16935
From: Chen Qi (From OE-Core rev: 1a7593bcdaf8a8cf15259aee8a0e2686247f2987) Signed-off-by: Chen Qi Signed-off-by: Richard Purdie Signed-off-by: Anuj Mittal --- ...cape-the-server-title-of-DocXMLRPCSe.patch | 101 ++ meta/recipes-devtools/python/python_2.7.16.bb | 1 + 2 files changed, 102 insertions(+) create mode 100644 meta/recipes-devtools/python/python/0001-2.7-bpo-38243-Escape-the-server-title-of-DocXMLRPCSe.patch diff --git a/meta/recipes-devtools/python/python/0001-2.7-bpo-38243-Escape-the-server-title-of-DocXMLRPCSe.patch b/meta/recipes-devtools/python/python/0001-2.7-bpo-38243-Escape-the-server-title-of-DocXMLRPCSe.patch new file mode 100644 index 00..3025cf7bc8 --- /dev/null +++ b/meta/recipes-devtools/python/python/0001-2.7-bpo-38243-Escape-the-server-title-of-DocXMLRPCSe.patch @@ -0,0 +1,101 @@ +From b161c89c8bd66fe928192e21364678c8e9b8fcc0 Mon Sep 17 00:00:00 2001 +From: Dong-hee Na +Date: Tue, 1 Oct 2019 19:58:01 +0900 +Subject: [PATCH] [2.7] bpo-38243: Escape the server title of DocXMLRPCServer + (GH-16447) + +Escape the server title of DocXMLRPCServer.DocXMLRPCServer +when rendering the document page as HTML. + +CVE: CVE-2019-16935 + +Upstream-Status: Backport [https://github.com/python/cpython/pull/16447/commits/b41cde823d026f2adc21ef14b1c2e92b1006de06] + +Signed-off-by: Chen Qi +--- + Lib/DocXMLRPCServer.py| 13 +++- + Lib/test/test_docxmlrpc.py| 20 +++ + .../2019-09-25-13-21-09.bpo-38243.1pfz24.rst | 3 +++ + 3 files changed, 35 insertions(+), 1 deletion(-) + create mode 100644 Misc/NEWS.d/next/Security/2019-09-25-13-21-09.bpo-38243.1pfz24.rst + +diff --git a/Lib/DocXMLRPCServer.py b/Lib/DocXMLRPCServer.py +index 4064ec2e48..90b037dd35 100644 +--- a/Lib/DocXMLRPCServer.py b/Lib/DocXMLRPCServer.py +@@ -20,6 +20,16 @@ from SimpleXMLRPCServer import (SimpleXMLRPCServer, + CGIXMLRPCRequestHandler, + resolve_dotted_attribute) + ++ ++def _html_escape_quote(s): ++s = s.replace("&", "") # Must be done first! ++s = s.replace("<", "") ++s = s.replace(">", "") ++s = s.replace('"', "") ++s = s.replace('\'', "") ++return s ++ ++ + class ServerHTMLDoc(pydoc.HTMLDoc): + """Class used to generate pydoc HTML document for a server""" + +@@ -210,7 +220,8 @@ class XMLRPCDocGenerator: + methods + ) + +-return documenter.page(self.server_title, documentation) ++title = _html_escape_quote(self.server_title) ++return documenter.page(title, documentation) + + class DocXMLRPCRequestHandler(SimpleXMLRPCRequestHandler): + """XML-RPC and documentation request handler class. +diff --git a/Lib/test/test_docxmlrpc.py b/Lib/test/test_docxmlrpc.py +index 4dff4159e2..c45b892b8b 100644 +--- a/Lib/test/test_docxmlrpc.py b/Lib/test/test_docxmlrpc.py +@@ -1,5 +1,6 @@ + from DocXMLRPCServer import DocXMLRPCServer + import httplib ++import re + import sys + from test import test_support + threading = test_support.import_module('threading') +@@ -176,6 +177,25 @@ class DocXMLRPCHTTPGETServer(unittest.TestCase): + self.assertIn("""Tryself.add,too.""", + response.read()) + ++def test_server_title_escape(self): ++"""Test that the server title and documentation ++are escaped for HTML. ++""" ++
[OE-core] [zeus][PATCH 7/7] iputils: Whitelist CVE-2000-1213 CVE-2000-1214
From: Adrian Bunk (From OE-Core rev: 9fea7c3fae30bb1eecb31ec3bf777db981dc1eed) Signed-off-by: Adrian Bunk Signed-off-by: Richard Purdie Signed-off-by: Anuj Mittal --- meta/recipes-extended/iputils/iputils_s20190709.bb | 4 1 file changed, 4 insertions(+) diff --git a/meta/recipes-extended/iputils/iputils_s20190709.bb b/meta/recipes-extended/iputils/iputils_s20190709.bb index d8f2470d0c..3f9e9917f0 100644 --- a/meta/recipes-extended/iputils/iputils_s20190709.bb +++ b/meta/recipes-extended/iputils/iputils_s20190709.bb @@ -17,6 +17,10 @@ S = "${WORKDIR}/git" UPSTREAM_CHECK_GITTAGREGEX = "(?Ps\d+)" +# Fixed in 2000-10-10, but the versioning of iputils +# breaks the version order. +CVE_CHECK_WHITELIST += "CVE-2000-1213 CVE-2000-1214" + PACKAGECONFIG ??= "libcap libgcrypt rarpd traceroute6" PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false, libcap" PACKAGECONFIG[libgcrypt] = "-DUSE_CRYPTO=gcrypt, -DUSE_CRYPTO=none, libgcrypt" -- 2.21.0 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [zeus][PATCH 2/7] binutils: fix CVE-2019-17451
From: Trevor Gamblin Backport upstream fix. No upstream release version of binutils it yet, so backport the fix independently. (From OE-Core rev: 3693a0a8b9461521b95613a76b7fd79c86a3bf8f) Signed-off-by: Trevor Gamblin Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Signed-off-by: Anuj Mittal --- .../binutils/binutils-2.32.inc| 1 + .../binutils/binutils/CVE-2019-17451.patch| 51 +++ 2 files changed, 52 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.32.inc b/meta/recipes-devtools/binutils/binutils-2.32.inc index 1e96cf494d..349c3e1154 100644 --- a/meta/recipes-devtools/binutils/binutils-2.32.inc +++ b/meta/recipes-devtools/binutils/binutils-2.32.inc @@ -50,6 +50,7 @@ SRC_URI = "\ file://CVE-2019-14250.patch \ file://CVE-2019-1.patch \ file://CVE-2019-17450.patch \ + file://CVE-2019-17451.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch new file mode 100644 index 00..b36a532668 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch @@ -0,0 +1,51 @@ +From 0192438051a7e781585647d5581a2a6f62fda362 Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Wed, 9 Oct 2019 10:47:13 +1030 +Subject: [PATCH] PR25070, SEGV in function _bfd_dwarf2_find_nearest_line + +Selectively backporting fix for bfd/dwarf2.c, but not the ChangeLog +file. There are newer versions of binutils, but none of them contain the +commit fixing CVE-2019-17451, so backport it to master and zeus. + +Upstream-Status: Backport +[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=336bfbeb1848] +CVE: CVE-2019-17451 +Signed-off-by: Trevor Gamblin + + +Evil testcase with two debug info sections, with sizes of 2bac4ec1 +and d453b140 result in a total size of 1. Reading the first +section of course overflows the buffer and tramples on other memory. + + PR 25070 + * dwarf2.c (_bfd_dwarf2_slurp_debug_info): Catch overflow of + total_size calculation. +--- + bfd/dwarf2.c | 11 ++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c +index 0b4e485582..a91597b1d0 100644 +--- a/bfd/dwarf2.c b/bfd/dwarf2.c +@@ -4426,7 +4426,16 @@ _bfd_dwarf2_slurp_debug_info (bfd *abfd, bfd *debug_bfd, + for (total_size = 0; + msec; + msec = find_debug_info (debug_bfd, debug_sections, msec)) +- total_size += msec->size; ++ { ++/* Catch PR25070 testcase overflowing size calculation here. */ ++if (total_size + msec->size < total_size ++|| total_size + msec->size < msec->size) ++ { ++bfd_set_error (bfd_error_no_memory); ++return FALSE; ++ } ++total_size += msec->size; ++ } + + stash->info_ptr_memory = (bfd_byte *) bfd_malloc (total_size); + if (stash->info_ptr_memory == NULL) +-- +2.23.0 + -- 2.21.0 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [zeus][PATCH 0/7] zeus pull request
a-full passing on autobuilder. Patches can be pulled from anujm/zeus. Thanks, Anuj Adrian Bunk (1): iputils: Whitelist CVE-2000-1213 CVE-2000-1214 Chen Qi (1): python: fix CVE-2019-16935 Peter Kjellerstedt (2): sysstat: Correct our systemd unit file sysstat: Correct when to use the package provided systemd unit files Ross Burton (1): wpa-supplicant: fix CVE-2019-16275 Trevor Gamblin (2): binutils: fix CVE-2019-17450 binutils: fix CVE-2019-17451 ...re-management-frame-from-unexpected-.patch | 82 ++ .../wpa-supplicant/wpa-supplicant_2.9.bb | 1 + .../binutils/binutils-2.32.inc| 2 + .../binutils/binutils/CVE-2019-17450.patch| 99 + .../binutils/binutils/CVE-2019-17451.patch| 51 + ...cape-the-server-title-of-DocXMLRPCSe.patch | 101 ++ meta/recipes-devtools/python/python_2.7.16.bb | 1 + .../iputils/iputils_s20190709.bb | 4 + meta/recipes-extended/sysstat/sysstat.inc | 10 +- .../sysstat/sysstat/sysstat.service | 2 +- 10 files changed, 348 insertions(+), 5 deletions(-) create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch create mode 100644 meta/recipes-devtools/python/python/0001-2.7-bpo-38243-Escape-the-server-title-of-DocXMLRPCSe.patch -- 2.21.0 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [zeus][PATCH 1/7] binutils: fix CVE-2019-17450
From: Trevor Gamblin Backport upstream fix. No upstream release version of binutils it yet, so backport the fix independently. (From OE-Core rev: a4ead72b958ded4941f96741029f4955930ba758) Signed-off-by: Trevor Gamblin Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Signed-off-by: Anuj Mittal --- .../binutils/binutils-2.32.inc| 1 + .../binutils/binutils/CVE-2019-17450.patch| 99 +++ 2 files changed, 100 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.32.inc b/meta/recipes-devtools/binutils/binutils-2.32.inc index 19baf8a883..1e96cf494d 100644 --- a/meta/recipes-devtools/binutils/binutils-2.32.inc +++ b/meta/recipes-devtools/binutils/binutils-2.32.inc @@ -49,6 +49,7 @@ SRC_URI = "\ file://CVE-2019-12972.patch \ file://CVE-2019-14250.patch \ file://CVE-2019-1.patch \ + file://CVE-2019-17450.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch new file mode 100644 index 00..a6ce0b9a8a --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch @@ -0,0 +1,99 @@ +From 09dd135df9ebc7a4b640537e23e26a03a288a789 Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Wed, 9 Oct 2019 00:07:29 +1030 +Subject: [PATCH] PR25078, stack overflow in function find_abstract_instance + +Selectively backporting fix for bfd/dwarf2.c, but not the ChangeLog +file. There are newer versions of binutils, but none of them contain the +commit fixing CVE-2019-17450, so backport it to master and zeus. + +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=063c511bd79] +CVE: CVE-2019-17450 +Signed-off-by: Trevor Gamblin + + PR 25078 + * dwarf2.c (find_abstract_instance): Delete orig_info_ptr, add + recur_count. Error on recur_count reaching 100 rather than + info_ptr matching orig_info_ptr. Adjust calls. + +--- + bfd/dwarf2.c | 35 +-- + 1 file changed, 17 insertions(+), 18 deletions(-) + +diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c +index 0b4e485582..20ec9e2e56 100644 +--- a/bfd/dwarf2.c b/bfd/dwarf2.c +@@ -2803,13 +2803,13 @@ lookup_symbol_in_variable_table (struct comp_unit *unit, + } + + static bfd_boolean +-find_abstract_instance (struct comp_unit * unit, +- bfd_byte * orig_info_ptr, +- struct attribute * attr_ptr, +- const char **pname, +- bfd_boolean *is_linkage, +- char ** filename_ptr, +- int *linenumber_ptr) ++find_abstract_instance (struct comp_unit *unit, ++ struct attribute *attr_ptr, ++ unsigned int recur_count, ++ const char **pname, ++ bfd_boolean *is_linkage, ++ char **filename_ptr, ++ int *linenumber_ptr) + { + bfd *abfd = unit->abfd; + bfd_byte *info_ptr; +@@ -2820,6 +2820,14 @@ find_abstract_instance (struct comp_unit * unit, + struct attribute attr; + const char *name = NULL; + ++ if (recur_count == 100) ++{ ++ _bfd_error_handler ++ (_("DWARF error: abstract instance recursion detected")); ++ bfd_set_error (bfd_error_bad_value); ++ return FALSE; ++} ++ + /* DW_FORM_ref_addr can reference an entry in a different CU. It + is an offset from the .debug_info section, not the current CU. */ + if (attr_ptr->form == DW_FORM_ref_addr) +@@ -2939,15 +2947,6 @@ find_abstract_instance (struct comp_unit * unit, +info_ptr, info_ptr_end); + if (info_ptr == NULL) + break; +-/* It doesn't ever make sense for DW_AT_specification to +- refer to the same DIE. Stop simple recursion. */ +-if (info_ptr == orig_info_ptr) +- { +-_bfd_error_handler +- (_("DWARF error: abstract instance recursion detected")); +-bfd_set_error (bfd_error_bad_value); +-return FALSE; +- } + switch (attr.name) + { + case DW_AT_name: +@@ -2961,7 +2960,7 @@ find_abstract_instance (struct comp_unit * unit, + } + break; + case DW_AT_specification: +-if (!find_abstract_instance (unit, info_ptr, , ++if (!find_abstract_instance (unit, , recur_count + 1, + , is_linkage, + filename_ptr, linenumber_ptr)) + return FALSE; +@@ -3175,7 +3174,7 @@ scan_unit_for_symbols (struct comp_unit
[OE-core] [zeus][PATCH 5/7] sysstat: Correct our systemd unit file
From: Peter Kjellerstedt In commit 8862f21e (sysstat: 12.1.3 -> 12.1.6), sa_lib_dir was changed from "${libdir}/sa" to "${libexecdir}/sa" to avoid problems with multilib. However, the systemd unit file was not changed accordingly, which lead to the following error when trying to start the service: systemd[4698]: sysstat.service: Failed at step EXEC spawning /usr/lib/sa/sa1: No such file or directory (From OE-Core rev: 0fd691b9801b5313ff2e2c2cd5ca13fd50063235) Signed-off-by: Peter Kjellerstedt Signed-off-by: Richard Purdie Signed-off-by: Anuj Mittal --- meta/recipes-extended/sysstat/sysstat.inc | 4 ++-- meta/recipes-extended/sysstat/sysstat/sysstat.service | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-extended/sysstat/sysstat.inc b/meta/recipes-extended/sysstat/sysstat.inc index 5a7d2114ca..9394090136 100644 --- a/meta/recipes-extended/sysstat/sysstat.inc +++ b/meta/recipes-extended/sysstat/sysstat.inc @@ -49,7 +49,7 @@ do_install() { if ${@bb.utils.contains('PACKAGECONFIG', 'cron', 'false', 'true', d)}; then install -d ${D}${systemd_unitdir}/system install -m 0644 ${WORKDIR}/sysstat.service ${D}${systemd_unitdir}/system - sed -i -e 's#@LIBDIR@#${libdir}#g' ${D}${systemd_unitdir}/system/sysstat.service + sed -i -e 's#@LIBEXECDIR@#${libexecdir}#g' ${D}${systemd_unitdir}/system/sysstat.service fi fi } @@ -62,6 +62,6 @@ pkg_postinst_${PN} () { fi } -FILES_${PN} += "${libdir}/sa ${systemd_system_unitdir}" +FILES_${PN} += "${systemd_system_unitdir}" TARGET_CC_ARCH += "${LDFLAGS}" diff --git a/meta/recipes-extended/sysstat/sysstat/sysstat.service b/meta/recipes-extended/sysstat/sysstat/sysstat.service index aff07109f5..ca46befb99 100644 --- a/meta/recipes-extended/sysstat/sysstat/sysstat.service +++ b/meta/recipes-extended/sysstat/sysstat/sysstat.service @@ -5,7 +5,7 @@ Description=Resets System Activity Logs Type=oneshot RemainAfterExit=yes User=root -ExecStart=@LIBDIR@/sa/sa1 --boot +ExecStart=@LIBEXECDIR@/sa/sa1 --boot [Install] WantedBy=multi-user.target -- 2.21.0 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [zeus][PATCH 6/7] sysstat: Correct when to use the package provided systemd unit files
From: Peter Kjellerstedt There have been a number of changes back and forth as to when and how to use the systemd unit files provided by the package. The correct condition is actually that both cron and systemd need to be enabled for them to be installed. (From OE-Core rev: d6c975160197f67937dfbe91b08100b0f597c589) Signed-off-by: Peter Kjellerstedt Signed-off-by: Richard Purdie Signed-off-by: Anuj Mittal --- meta/recipes-extended/sysstat/sysstat.inc | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/meta/recipes-extended/sysstat/sysstat.inc b/meta/recipes-extended/sysstat/sysstat.inc index 9394090136..62de36b44b 100644 --- a/meta/recipes-extended/sysstat/sysstat.inc +++ b/meta/recipes-extended/sysstat/sysstat.inc @@ -17,7 +17,7 @@ DEPENDS += "base-passwd" # autotools-brokensep as this package doesn't use automake inherit autotools-brokensep gettext systemd upstream-version-is-even -PACKAGECONFIG ??= "" +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" PACKAGECONFIG[lm-sensors] = "--enable-sensors,--disable-sensors,lmsensors,lmsensors-libsensors" PACKAGECONFIG[cron] = "--enable-install-cron --enable-copy-only,--disable-install-cron --disable-copy-only" PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}" @@ -46,7 +46,9 @@ do_install() { echo "d ${localstatedir}/log/sa - - - -" \ > ${D}${sysconfdir}/tmpfiles.d/sysstat.conf - if ${@bb.utils.contains('PACKAGECONFIG', 'cron', 'false', 'true', d)}; then + # Unless both cron and systemd are enabled, install our own + # systemd unit file. Otherwise the package will install one. + if ${@bb.utils.contains('PACKAGECONFIG', 'cron systemd', 'false', 'true', d)}; then install -d ${D}${systemd_unitdir}/system install -m 0644 ${WORKDIR}/sysstat.service ${D}${systemd_unitdir}/system sed -i -e 's#@LIBEXECDIR@#${libexecdir}#g' ${D}${systemd_unitdir}/system/sysstat.service -- 2.21.0 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core