Expat (aka libexpat) before 2.4.4 has an integer overflow in the
doProlog function.
Backport patch from:
ede41d1e18
CVE: CVE-2021-23990
(From OE-Core rev: 6a0c9607656970c669ff12cdafd39f4fb7082f6c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
(From OE-Core rev: 91cd1ef01a3f3883c04bac67af2672ec60e20fb8)
(From OE-Core rev: 12d4f5f2453fa314e2b374bee8fe86bdc99f837c)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Nisha Parrakat <nisha.m.parrakat@bmw.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add patches to fix CVE-2021-3995 and CVE-2021-3996
Also, add support include-strutils-cleanup-strto-functions.patch to
solve compilation error where `ul_strtou64` function not found which is
used in CVE-2021-3995.patch
(From OE-Core rev: c8c29e8927474f32343b1f6d47595df95f743cd2)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer
for configurations with a nonzero XML_CONTEXT_BYTES.
Backport patch from:
847a645152
CVE: CVE-2022-23852
(From OE-Core rev: 37b618d44ebd965ba17bb61ddf6428cdaea876e5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Includes the following fixes:
3ef8be9b89 CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug 28768)
e5c8da9826 <shlib-compat.h>: Support compat_symbol_reference for _ISOMAC
412aaf1522 sunrpc: Test case for clnt_create "unix" buffer overflow (bug 22542)
c4c833d3dd CVE-2022-23219: Buffer overflow in sunrpc clnt_create for "unix" (bug 22542)
547b63bf6d socket: Add the __sockaddr_un_set function
b061e95277 Revert "Fix __minimal_malloc segfaults in __mmap due to stack-protector"
95e206b67f Fix __minimal_malloc segfaults in __mmap due to stack-protector
e26a2db141 gconv: Do not emit spurious NUL character in ISO-2022-JP-3 (bug 28524)
094618d401 x86_64: Remove unneeded static PIE check for undefined weak diagnostic
Also add CVE-2022-23218 and CVE-2022-23219 to ignore list since they are fixed
by the above changes.
(From OE-Core rev: dc1aa22cf7287f574e32920cf9fdd4342d171ed1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an
integer overflow exists for m_groupSize.
Backport patch from:
85ae9a2d7d
CVE: CVE-2021-46143
(From OE-Core rev: 41a65d27e4ecdc11977e2944d8af2f51c48f32ec)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more)
places in the storeAtts function in xmlparse.c can lead to realloc
misbehavior (e.g., allocating too few bytes, or only freeing memory).
Backport patch from:
0adcb34c49
CVE: CVE-2021-45960
(From OE-Core rev: 22fe1dea3164a5cd4d5636376f3671641ada1da9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream pointed out we were using an old url for HOMEPAGE. Update it to the
current url.
(From OE-Core rev: 022750aaa128189f23063b741bf8396a527713d7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f3a7e2ba247efe72154c263d1d680aaf3da5b609)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Instead of inventing a new task to fetch the CVE data, use the existing
fetch task.
(From OE-Core rev: 1ed53d5cfc2be40b2d57b5392ec4d30313209934)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f5f97d33a1703d75b9fd9760f2c7767081538e00)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Dropbear shares a lot of code with other SSH implementations, so this is
a port of CVE-2018-20685 to dropbear by the dropbear developers.
Reference:
8f8a3dff70
CVE: CVE-2020-36254
Upstream-Status: Backport
(From OE-Core rev: 10712b736d7cbde897c5aab30e969c04740dce34)
Signed-off-by: Ernst Sjöstrand <ernst.sjostrand@verisure.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A NULL pointer dereference in Busybox's hush applet leads to denial of service
when processing a crafted shell command, due to missing validation after
a \x03 delimiter character.
This may be used for DoS under very rare conditions of filtered command input.
Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42376
(From OE-Core rev: 58e49c94d5305875188110aecdefe77c0afdfcb7)
Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If the distro does not include the group 'wheel' systemd will
complain when trying to parse ACL rules for tmpfiles.d.
systemd-tmpfiles[273]: Failed to parse ACL "d:group:adm:r-x,d:group:wheel:r-x": Invalid argument. Ignoring
Systemd has a configuration parameter to avoid using 'wheel'
group in the standard config files for tmpfiles. Add this as
a PACKAGECONFIG and enable it by default to keep default.
(From OE-Core rev: 1b5648e6aeb9837cb807ce086c26fbfaa16f6f8b)
(From OE-Core rev: 88d2c3d807a5f6bdd858de39506762aaca834aa9)
Signed-off-by: Peter Bergin <peter@berginkonsult.se>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 457cc45f51)
Upstream-Status: Backport
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
DISTRO_CODENAME is part of VERSION variable but not used as dependency
for do_compile task. Append it to the vardeps list to rebuild in case it
changes.
(From OE-Core rev: f73a0fbe29434e26285b220964a0d0567c87dbf0)
Signed-off-by: Daniel Gomez <daniel@qtec.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ee0345057459c6d77fb64902a955e836c6c1e8e4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
GLIBC_GIT_URI is used along with branch=${SRCBRANCH} so no need to add
it here.
(From OE-Core rev: e62e0f6757078cef5c793d8fb107b09362db783d)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4c9cfe326913d28f82e6a91d1eeae55a6651f0f7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This update was made with the convert-scruri.py script in scripts/contrib
This script handles two emerging issues:
1. There is uncertainty about the default branch name in git going forward.
To try and cover the different possible outcomes, add branch names to all
git:// and gitsm:// SRC_URI entries.
2. Github are dropping support for git:// protocol fetching, so remap github
urls as needed. For more details see:
https://github.blog/2021-09-01-improving-git-protocol-security-github/
(From OE-Core rev: 827a805349f9732b2a5fa9184dc7922af36de327)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We're seeing pthread being linked sometimes and not others leading to
non-reproducible target binaries. The reason is mixing the native python
config with the target one. We should use the target one.
(From OE-Core rev: e570efa43d5655afa041bd4ab52fec2de2216e4d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1bc5378db760963e2ad46542f2907dd6a592eb66)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Sort the list of files to ensure the pkgdata output is deterministic.
(From OE-Core rev: c6a5c4a72de7590b4ac8f5e1bd4c1e83567ef468)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3a55194f90e11da5671b24391a4aaf2b86a8e1e6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
raw.h has been dropped in linux-libc-headers-5.14 leading to:
configure: error: raw selected, but required raw.h header file not available
WARNING: exit code 1 from a shell command.
(From OE-Core rev: 7c2de7211d8c8790851a87d949d29c6e0e140dc2)
Signed-off-by: MarkusVolk <f_l_k@t-online.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7f577c10913104860121f682b9b3754870c4db23)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We are observing systemd-network service crash during link down
while freeing link->ifname pointer
Backtrace:
(gdb) bt
0 __GI_abort () at abort.c:107
1 0x0000007f861d32b4 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f8628d500 "%s\n") at ../sysdeps/posix/libc_fatal.c:155
2 0x0000007f861da51c in malloc_printerr (str=str@entry=0x7f86289070 "free(): invalid next size (fast)") at malloc.c:5347
3 0x0000007f861dbd58 in _int_free (av=0x7f862c9a28 <main_arena>, p=0x558aa28eb0, have_lock=0) at malloc.c:4249
4 0x0000005569249cf0 in link_free (link=0x558aa1c0d0) at ../git/src/network/networkd-link.c:715
5 link_unref (p=0x558aa1c0d0) at ../git/src/network/networkd-link.c:734
6 0x000000556920f34c in manager_rtnl_process_link (rtnl=<optimized out>, message=0x558aa2a430, userdata=0x558a9fc630)
While checking upstream code change with regards to link->ifname
memory allocation and free, we found below PR which also fixes
random systemd-networkd crash:
https://github.com/systemd/systemd/pull/19631https://github.com/systemd/systemd/issues/19629
(From OE-Core rev: adca61c61d84f022fdedd2d616e7c2df00661af8)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
dbus and dbus-test share the same source code and base configuration options,
so factor out the common parts into dbus.inc.
This way we can eliminate the need to keep the two recipes in sync. When they
are not properly in sync (e.g. when dbus recipe has extra patches/config
options that are not duplicated in dbus-test) ptest testsuite will actually
test a slightly different codebase. This is due to the fact that dbus-test does
not run the testsuite against the system libdbus library, but instead it
generates a local libdbus.so that needs to configured/compiled as close as
possible to the system one.
(From OE-Core rev: 1cde2935526d2eec7d6b17a6c622647b0c132439)
(From OE-Core rev: 6c90e4dd59eb06058d14deeb9aa87717fd88ab09)
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 44ae5d8d6f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: 8d33a2a4e4b6ff8f831523e5b1b16ead6b29cc79)
(From OE-Core rev: 7337d7e4faf20a513c065c44d7d9d472334452b2)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a62471f064)
[Bug fix only update, drop cve patch now included
a0926ef86f (tag: dbus-1.12.18) Prepare 1.12.18
8bc1381819 fdpass test: Assert that we don't leak file descriptors
272d484283 sysdeps-unix: On MSG_CTRUNC, close the fds we did receive <- cve fix
31297172f1 Update NEWS
041d579139 dbus-daemon test: Don't test fd limits if in an unprivileged container
55b3f71376 Update NEWS
ced04aabc7 doxygen: fix example for dbus_message_append_args
3e40637b10 Update NEWS
3e0ea34966 cmake: Add X11 include path for tools
d0992805d7 doc: replace dbus-send's --address with --peer and --bus
dd32f6b617 Update NEWS
d251fe7850 Merge branch 'cherry-pick-b034b83b' into 'dbus-1.12'
2c6b0ad7f6 bus: Don't explicitly clear BusConnections.monitors
df0c675b93 Merge branch 'cherry-pick-bf71a58e' into 'dbus-1.12'
beb79b94fb doc: Fix environment variable name in dbus-daemon(1)
eab5d4a420 Start 1.12.18 development]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The OVMF target binaries are (currently) x86-specific, but the native
tools to build them are not.
Make the COMPATIBLE_HOST assignment target-specific, so that the native
tools can be built on an arm64 build server.
(From OE-Core rev: 94f5c2d51ec8033e00b52ef2d4e0e4c334c14163)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 58ebb47688fc98fdaeb78b4033bd31100218d5d6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This CVE is fixed in the upstream glibc-2.31 branch, and dunfell already
includes an update to this version in commit e1e89ff7d7 ("glibc:
update to lastest 2.31 release HEAD")
(From OE-Core rev: c1d49cee0a3a7391708b19647889f48036d7e4e8)
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When dhclient is used with ifupdown and in the /etc/network/interfaces
file is something like e.g. "iface eth0 inet6 dhcp" the system does not
boot but hangs at the after dhcp configuration of IPv4 at the stage
where IPv6 should be configured.
The reason seems to be, that ifupdown calls the dhclient in a blocking
way which leads to a permanent block of the boot when no DHCPv6 server
is available.
A similar bug in Redhat:
https://bugzilla.redhat.com/show_bug.cgi?id=585047
[YOCTO #14117]
(From OE-Core rev: 6d8bf12bffa146cb51153a79a4b96b05298c4fbf)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A flaw was found in libxml2. Exponential entity expansion attack
is possible bypassing all existing protection mechanisms and leading
to denial of service.
https://nvd.nist.gov/vuln/detail/CVE-2021-3541
CVE: 2021-3541
(From OE-Core rev: 1699293a7011797895c284d6ad664c66badba426)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
