mirror of
https://git.yoctoproject.org/poky
synced 2026-03-24 08:01:43 +01:00
Compare commits
94 Commits
krogoth-15
...
krogoth
| Author | SHA1 | Date | |
|---|---|---|---|
|
73cc31c11a | ||
|
|
444dc2e99b | ||
|
|
bddb60b101 | ||
|
|
1083d90888 | ||
|
|
54e3f82bd7 | ||
|
|
426bc4c357 | ||
|
|
3ca9f90dff | ||
|
|
ccc964cf9f | ||
|
|
50fdd78423 | ||
|
|
3cf0e09348 | ||
|
|
4515fc9529 | ||
|
|
628aea354d | ||
|
|
3565a9697f | ||
|
|
fe7fb00221 | ||
|
|
7241042b70 | ||
|
|
546c0cffca | ||
|
|
224e04d6ce | ||
|
|
172105c1ef | ||
|
|
0fa93e1412 | ||
|
|
d54e1f4ff5 | ||
|
|
b24988bec7 | ||
|
|
a220e2ca34 | ||
|
|
3ac7c847e8 | ||
|
|
80b35ed1a2 | ||
|
|
7b9e031355 | ||
|
|
cb5649cbb8 | ||
|
|
dd20601980 | ||
|
|
d3c0a560a8 | ||
|
|
62685cbff5 | ||
|
|
3d9f6dc163 | ||
|
|
8aea6ad597 | ||
|
|
051883f877 | ||
|
|
0c78f81485 | ||
|
|
98f3e83884 | ||
|
|
819f7c3d03 | ||
|
|
4245995f76 | ||
|
|
0e8fcf8c9c | ||
|
|
13f0eee08d | ||
|
|
6eb266a365 | ||
|
|
577eb635ab | ||
|
|
553d5f65e8 | ||
|
|
47ef871649 | ||
|
|
db0832ead6 | ||
|
|
863bfa81af | ||
|
|
014af27dcb | ||
|
|
ca4703b6cf | ||
|
|
98e368e4b6 | ||
|
|
3c61ee2f68 | ||
|
|
ec00137169 | ||
|
|
11b217d60b | ||
|
|
c71ea3831a | ||
|
|
3428c1db71 | ||
|
|
4cd7b56228 | ||
|
|
5dd02c6db1 | ||
|
|
0ed07f2658 | ||
|
|
c33bac8883 | ||
|
|
c76d565ce2 | ||
|
|
04f04d0d17 | ||
|
|
d8cbc618cc | ||
|
|
1c73e41159 | ||
|
|
212ca3bee1 | ||
|
|
384801e827 | ||
|
|
5c9148ff6a | ||
|
|
cec5e508ec | ||
|
|
ddc6a9f5cd | ||
|
|
8b50a8676b | ||
|
|
12afe3c057 | ||
|
|
f5e807efc7 | ||
|
|
cf7507f8c4 | ||
|
|
eb0dff0c98 | ||
|
|
9a72d46aed | ||
|
|
ad2cce0f1e | ||
|
|
c96936cfd9 | ||
|
|
047e58b4ba | ||
|
|
485e244db8 | ||
|
|
e8676b4f1a | ||
|
|
cef5f86f43 | ||
|
|
1a2ec16ec0 | ||
|
|
035c33c405 | ||
|
|
8aaffcd59a | ||
|
|
73274f258a | ||
|
|
b291829cfc | ||
|
|
1bccc216ee | ||
|
|
8f4b7758b5 | ||
|
|
95dae8b598 | ||
|
|
129060f0b7 | ||
|
|
f69b958176 | ||
|
|
c3c14808dc | ||
|
|
c60a0a51d7 | ||
|
|
e59717e80f | ||
|
|
b4df9df462 | ||
|
|
ae9b341ecf | ||
|
|
3bf928a3b6 | ||
|
|
0742e8a43b |
@@ -134,7 +134,7 @@
|
||||
<ulink url="http://www.mail-archive.com/yocto@yoctoproject.org/msg09379.html">Mailing List post - The BitBake equivalent of "Hello, World!"</ulink>
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
<ulink url="http://hambedded.org/blog/2012/11/24/from-bitbake-hello-world-to-an-image/">Hambedded Linux blog post - From Bitbake Hello World to an Image</ulink>
|
||||
<ulink url="https://web.archive.org/web/20150325165911/http://hambedded.org/blog/2012/11/24/from-bitbake-hello-world-to-an-image/">Hambedded Linux blog post - From Bitbake Hello World to an Image</ulink>
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
</note>
|
||||
@@ -269,7 +269,7 @@
|
||||
and define some key BitBake variables.
|
||||
For more information on the <filename>bitbake.conf</filename>,
|
||||
see
|
||||
<ulink url='http://hambedded.org/blog/2012/11/24/from-bitbake-hello-world-to-an-image/#an-overview-of-bitbakeconf'></ulink>
|
||||
<ulink url='https://web.archive.org/web/20150325165911/http://hambedded.org/blog/2012/11/24/from-bitbake-hello-world-to-an-image/#an-overview-of-bitbakeconf'></ulink>
|
||||
</para>
|
||||
<para>Use the following commands to create the <filename>conf</filename>
|
||||
directory in the project directory:
|
||||
@@ -354,7 +354,7 @@ ERROR: Unable to parse base: ParseError in configuration INHERITs: Could not inh
|
||||
supporting.
|
||||
For more information on the <filename>base.bbclass</filename> file,
|
||||
you can look at
|
||||
<ulink url='http://hambedded.org/blog/2012/11/24/from-bitbake-hello-world-to-an-image/#tasks'></ulink>.
|
||||
<ulink url='https://web.archive.org/web/20150325165911/http://hambedded.org/blog/2012/11/24/from-bitbake-hello-world-to-an-image/#tasks'></ulink>.
|
||||
</para></listitem>
|
||||
<listitem><para><emphasis>Run Bitbake:</emphasis>
|
||||
After making sure that the <filename>classes/base.bbclass</filename>
|
||||
@@ -376,7 +376,7 @@ ERROR: Unable to parse base: ParseError in configuration INHERITs: Could not inh
|
||||
Thus, this example creates and uses a layer called "mylayer".
|
||||
<note>
|
||||
You can find additional information on adding a layer at
|
||||
<ulink url='http://hambedded.org/blog/2012/11/24/from-bitbake-hello-world-to-an-image/#adding-an-example-layer'></ulink>.
|
||||
<ulink url='https://web.archive.org/web/20150325165911/http://hambedded.org/blog/2012/11/24/from-bitbake-hello-world-to-an-image/#adding-an-example-layer'></ulink>.
|
||||
</note>
|
||||
</para>
|
||||
<para>Minimally, you need a recipe file and a layer configuration
|
||||
|
||||
@@ -646,7 +646,7 @@ def make_stamp(task, d, file_name = None):
|
||||
for mask in cleanmask:
|
||||
for name in glob.glob(mask):
|
||||
# Preserve sigdata files in the stamps directory
|
||||
if "sigdata" in name:
|
||||
if "sigdata" in name or "sigbasedata" in name:
|
||||
continue
|
||||
# Preserve taint files in the stamps directory
|
||||
if name.endswith('.taint'):
|
||||
|
||||
@@ -127,13 +127,15 @@ class FileChecksumCache(MultiProcessCache):
|
||||
checksums.extend(checksum_dir(f))
|
||||
else:
|
||||
checksum = checksum_file(f)
|
||||
checksums.append((f, checksum))
|
||||
if checksum:
|
||||
checksums.append((f, checksum))
|
||||
elif os.path.isdir(pth):
|
||||
if not os.path.islink(pth):
|
||||
checksums.extend(checksum_dir(pth))
|
||||
else:
|
||||
checksum = checksum_file(pth)
|
||||
checksums.append((pth, checksum))
|
||||
if checksum:
|
||||
checksums.append((pth, checksum))
|
||||
|
||||
checksums.sort(key=operator.itemgetter(1))
|
||||
return checksums
|
||||
|
||||
@@ -274,7 +274,7 @@ class Git(FetchMethod):
|
||||
branchname = ud.branches[ud.names[0]]
|
||||
runfetchcmd("%s checkout -B %s %s" % (ud.basecmd, branchname, \
|
||||
ud.revisions[ud.names[0]]), d)
|
||||
runfetchcmd("%s branch --set-upstream %s origin/%s" % (ud.basecmd, branchname, \
|
||||
runfetchcmd("%s branch %s --set-upstream-to origin/%s" % (ud.basecmd, branchname, \
|
||||
branchname), d)
|
||||
else:
|
||||
runfetchcmd("%s checkout %s" % (ud.basecmd, ud.revisions[ud.names[0]]), d)
|
||||
|
||||
@@ -104,7 +104,7 @@ class Wget(FetchMethod):
|
||||
|
||||
return True
|
||||
|
||||
def checkstatus(self, fetch, ud, d):
|
||||
def checkstatus(self, fetch, ud, d, try_again=True):
|
||||
import urllib2, socket, httplib
|
||||
from urllib import addinfourl
|
||||
from bb.fetch2 import FetchConnectionCache
|
||||
@@ -278,9 +278,13 @@ class Wget(FetchMethod):
|
||||
r.get_method = lambda: "HEAD"
|
||||
opener.open(r)
|
||||
except urllib2.URLError as e:
|
||||
# debug for now to avoid spamming the logs in e.g. remote sstate searches
|
||||
logger.debug(2, "checkstatus() urlopen failed: %s" % e)
|
||||
return False
|
||||
if try_again:
|
||||
logger.debug(2, "checkstatus: trying again")
|
||||
return self.checkstatus(fetch, ud, d, False)
|
||||
else:
|
||||
# debug for now to avoid spamming the logs in e.g. remote sstate searches
|
||||
logger.debug(2, "checkstatus() urlopen failed: %s" % e)
|
||||
return False
|
||||
return True
|
||||
|
||||
def _parse_path(self, regex, s):
|
||||
|
||||
@@ -35,6 +35,7 @@ class SignatureGenerator(object):
|
||||
name = "noop"
|
||||
|
||||
def __init__(self, data):
|
||||
self.basehash = {}
|
||||
self.taskhash = {}
|
||||
self.runtaskdeps = {}
|
||||
self.file_checksum_values = {}
|
||||
@@ -66,11 +67,10 @@ class SignatureGenerator(object):
|
||||
return
|
||||
|
||||
def get_taskdata(self):
|
||||
return (self.runtaskdeps, self.taskhash, self.file_checksum_values, self.taints)
|
||||
return (self.runtaskdeps, self.taskhash, self.file_checksum_values, self.taints, self.basehash)
|
||||
|
||||
def set_taskdata(self, data):
|
||||
self.runtaskdeps, self.taskhash, self.file_checksum_values, self.taints = data
|
||||
|
||||
self.runtaskdeps, self.taskhash, self.file_checksum_values, self.taints, self.basehash = data
|
||||
|
||||
class SignatureGeneratorBasic(SignatureGenerator):
|
||||
"""
|
||||
@@ -138,7 +138,11 @@ class SignatureGeneratorBasic(SignatureGenerator):
|
||||
var = lookupcache[dep]
|
||||
if var is not None:
|
||||
data = data + str(var)
|
||||
self.basehash[fn + "." + task] = hashlib.md5(data).hexdigest()
|
||||
datahash = hashlib.md5(data).hexdigest()
|
||||
k = fn + "." + task
|
||||
if k in self.basehash and self.basehash[k] != datahash:
|
||||
bb.error("When reparsing %s, the basehash value changed from %s to %s. The metadata is not deterministic and this needs to be fixed." % (k, self.basehash[k], datahash))
|
||||
self.basehash[k] = datahash
|
||||
taskdeps[task] = alldeps
|
||||
|
||||
self.taskdeps[fn] = taskdeps
|
||||
@@ -186,6 +190,7 @@ class SignatureGeneratorBasic(SignatureGenerator):
|
||||
def get_taskhash(self, fn, task, deps, dataCache):
|
||||
k = fn + "." + task
|
||||
data = dataCache.basetaskhash[k]
|
||||
self.basehash[k] = data
|
||||
self.runtaskdeps[k] = []
|
||||
self.file_checksum_values[k] = []
|
||||
recipename = dataCache.pkg_fn[fn]
|
||||
@@ -282,6 +287,15 @@ class SignatureGeneratorBasic(SignatureGenerator):
|
||||
if 'nostamp:' in self.taints[k]:
|
||||
data['taint'] = self.taints[k]
|
||||
|
||||
computed_basehash = calc_basehash(data)
|
||||
if computed_basehash != self.basehash[k]:
|
||||
bb.error("Basehash mismatch %s versus %s for %s" % (computed_basehash, self.basehash[k], k))
|
||||
if runtime and k in self.taskhash:
|
||||
computed_taskhash = calc_taskhash(data)
|
||||
if computed_taskhash != self.taskhash[k]:
|
||||
bb.error("Taskhash mismatch %s versus %s for %s" % (computed_taskhash, self.taskhash[k], k))
|
||||
sigfile = sigfile.replace(self.taskhash[k], computed_taskhash)
|
||||
|
||||
fd, tmpfile = tempfile.mkstemp(dir=os.path.dirname(sigfile), prefix="sigtask.")
|
||||
try:
|
||||
with os.fdopen(fd, "wb") as stream:
|
||||
@@ -296,15 +310,6 @@ class SignatureGeneratorBasic(SignatureGenerator):
|
||||
pass
|
||||
raise err
|
||||
|
||||
computed_basehash = calc_basehash(data)
|
||||
if computed_basehash != self.basehash[k]:
|
||||
bb.error("Basehash mismatch %s verses %s for %s" % (computed_basehash, self.basehash[k], k))
|
||||
if k in self.taskhash:
|
||||
computed_taskhash = calc_taskhash(data)
|
||||
if computed_taskhash != self.taskhash[k]:
|
||||
bb.error("Taskhash mismatch %s verses %s for %s" % (computed_taskhash, self.taskhash[k], k))
|
||||
|
||||
|
||||
def dump_sigs(self, dataCache, options):
|
||||
for fn in self.taskdeps:
|
||||
for task in self.taskdeps[fn]:
|
||||
@@ -545,7 +550,8 @@ def calc_taskhash(sigdata):
|
||||
data = data + sigdata['runtaskhashes'][dep]
|
||||
|
||||
for c in sigdata['file_checksum_values']:
|
||||
data = data + c[1]
|
||||
if c[1]:
|
||||
data = data + c[1]
|
||||
|
||||
if 'taint' in sigdata:
|
||||
if 'nostamp:' in sigdata['taint']:
|
||||
|
||||
@@ -11,7 +11,14 @@ from bs4.builder import (
|
||||
)
|
||||
from bs4.element import NamespacedAttribute
|
||||
import html5lib
|
||||
try:
|
||||
# html5lib >= 0.99999999/1.0b9
|
||||
from html5lib.treebuilders import base as treebuildersbase
|
||||
except ImportError:
|
||||
# html5lib <= 0.9999999/1.0b8
|
||||
from html5lib.treebuilders import _base as treebuildersbase
|
||||
from html5lib.constants import namespaces
|
||||
|
||||
from bs4.element import (
|
||||
Comment,
|
||||
Doctype,
|
||||
@@ -54,7 +61,7 @@ class HTML5TreeBuilder(HTMLTreeBuilder):
|
||||
return u'<html><head></head><body>%s</body></html>' % fragment
|
||||
|
||||
|
||||
class TreeBuilderForHtml5lib(html5lib.treebuilders._base.TreeBuilder):
|
||||
class TreeBuilderForHtml5lib(treebuildersbase.TreeBuilder):
|
||||
|
||||
def __init__(self, soup, namespaceHTMLElements):
|
||||
self.soup = soup
|
||||
@@ -92,7 +99,7 @@ class TreeBuilderForHtml5lib(html5lib.treebuilders._base.TreeBuilder):
|
||||
return self.soup
|
||||
|
||||
def getFragment(self):
|
||||
return html5lib.treebuilders._base.TreeBuilder.getFragment(self).element
|
||||
return treebuildersbase.TreeBuilder.getFragment(self).element
|
||||
|
||||
class AttrList(object):
|
||||
def __init__(self, element):
|
||||
@@ -115,9 +122,9 @@ class AttrList(object):
|
||||
return name in list(self.attrs.keys())
|
||||
|
||||
|
||||
class Element(html5lib.treebuilders._base.Node):
|
||||
class Element(treebuildersbase.Node):
|
||||
def __init__(self, element, soup, namespace):
|
||||
html5lib.treebuilders._base.Node.__init__(self, element.name)
|
||||
treebuildersbase.Node.__init__(self, element.name)
|
||||
self.element = element
|
||||
self.soup = soup
|
||||
self.namespace = namespace
|
||||
@@ -277,7 +284,7 @@ class Element(html5lib.treebuilders._base.Node):
|
||||
|
||||
class TextNode(Element):
|
||||
def __init__(self, element, soup):
|
||||
html5lib.treebuilders._base.Node.__init__(self, None)
|
||||
treebuildersbase.Node.__init__(self, None)
|
||||
self.element = element
|
||||
self.soup = soup
|
||||
|
||||
|
||||
@@ -107,9 +107,19 @@ def getDATABASE_URL():
|
||||
|
||||
|
||||
|
||||
# Hosts/domain names that are valid for this site; required if DEBUG is False
|
||||
# See https://docs.djangoproject.com/en/1.5/ref/settings/#allowed-hosts
|
||||
ALLOWED_HOSTS = []
|
||||
# Update as of django 1.8.16 release, the '*' is needed to allow us to connect while running
|
||||
# on hosts without explicitly setting the fqdn for the toaster server.
|
||||
# See https://docs.djangoproject.com/en/dev/ref/settings/ for info on ALLOWED_HOSTS
|
||||
# Previously this setting was not enforced if DEBUG was set but it is now.
|
||||
# The previous behavior was such that ALLOWED_HOSTS defaulted to ['localhost','127.0.0.1','::1']
|
||||
# and if you bound to 0.0.0.0:<port #> then accessing toaster as localhost or fqdn would both work.
|
||||
# To have that same behavior, with a fqdn explicitly enabled you would set
|
||||
# ALLOWED_HOSTS= ['localhost','127.0.0.1','::1','myserver.mycompany.com'] for
|
||||
# Django >= 1.8.16. By default, we are not enforcing this restriction in
|
||||
# DEBUG mode.
|
||||
if DEBUG is True:
|
||||
# this will allow connection via localhost,hostname, or fqdn
|
||||
ALLOWED_HOSTS = ['*']
|
||||
|
||||
# Local time zone for this installation. Choices can be found here:
|
||||
# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
|
||||
|
||||
@@ -115,9 +115,14 @@
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>2.1.2</revnumber>
|
||||
<date>October 2016</date>
|
||||
<date>December 2016</date>
|
||||
<revremark>Released with the Yocto Project 2.1.2 Release.</revremark>
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>2.1.3</revnumber>
|
||||
<date>June 2017</date>
|
||||
<revremark>Released with the Yocto Project 2.1.3 Release.</revremark>
|
||||
</revision>
|
||||
</revhistory>
|
||||
|
||||
<copyright>
|
||||
@@ -130,12 +135,46 @@
|
||||
Permission is granted to copy, distribute and/or modify this document under
|
||||
the terms of the <ulink type="http" url="http://creativecommons.org/licenses/by-nc-sa/2.0/uk/">Creative Commons Attribution-Share Alike 2.0 UK: England & Wales</ulink> as published by Creative Commons.
|
||||
</para>
|
||||
<note>
|
||||
For the latest version of this manual associated with this
|
||||
Yocto Project release, see the
|
||||
<ulink url='&YOCTO_DOCS_BSP_URL;'>Yocto Project Board Support Package (BSP) Developer's Guide</ulink>
|
||||
from the Yocto Project website.
|
||||
</note>
|
||||
<note><title>Manual Notes</title>
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
This version of the
|
||||
<emphasis>Yocto Project Board Support Package (BSP) Developer's Guide</emphasis>
|
||||
is for the &YOCTO_DOC_VERSION; release of the
|
||||
Yocto Project.
|
||||
To be sure you have the latest version of the manual
|
||||
for this release, go to the
|
||||
<ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
|
||||
and select the manual from that site.
|
||||
Manuals from the site are more up-to-date than manuals
|
||||
derived from the Yocto Project released TAR files.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
If you located this manual through a web search, the
|
||||
version of the manual might not be the one you want
|
||||
(e.g. the search might have returned a manual much
|
||||
older than the Yocto Project version with which you
|
||||
are working).
|
||||
You can see all Yocto Project major releases by
|
||||
visiting the
|
||||
<ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink>
|
||||
page.
|
||||
If you need a version of this manual for a different
|
||||
Yocto Project release, visit the
|
||||
<ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
|
||||
and select the manual set by using the
|
||||
"ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE"
|
||||
pull-down menus.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
To report any inaccuracies or problems with this
|
||||
manual, send an email to the Yocto Project
|
||||
discussion group at
|
||||
<filename>yocto@yoctoproject.com</filename> or log into
|
||||
the freenode <filename>#yocto</filename> channel.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
</note>
|
||||
</legalnotice>
|
||||
|
||||
</bookinfo>
|
||||
|
||||
@@ -7160,26 +7160,29 @@
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If a committed change results in changing the package output,
|
||||
then the value of the PR variable needs to be increased
|
||||
(or "bumped") as part of that commit.
|
||||
If a committed change results in changing the package
|
||||
output, then the value of the PR variable needs to be
|
||||
increased (or "bumped") as part of that commit.
|
||||
For new recipes you should add the <filename>PR</filename>
|
||||
variable and set its initial value equal to "r0", which is the default.
|
||||
Even though the default value is "r0", the practice of adding it to a new recipe makes
|
||||
it harder to forget to bump the variable when you make changes
|
||||
to the recipe in future.
|
||||
variable and set its initial value equal to "r0", which is
|
||||
the default.
|
||||
Even though the default value is "r0", the practice of
|
||||
adding it to a new recipe makes it harder to forget to bump
|
||||
the variable when you make changes to the recipe in future.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you are sharing a common <filename>.inc</filename> file with multiple recipes,
|
||||
you can also use the
|
||||
If you are sharing a common <filename>.inc</filename> file
|
||||
with multiple recipes, you can also use the
|
||||
<filename><ulink url='&YOCTO_DOCS_REF_URL;#var-INC_PR'>INC_PR</ulink></filename>
|
||||
variable to ensure that
|
||||
the recipes sharing the <filename>.inc</filename> file are rebuilt when the
|
||||
variable to ensure that the recipes sharing the
|
||||
<filename>.inc</filename> file are rebuilt when the
|
||||
<filename>.inc</filename> file itself is changed.
|
||||
The <filename>.inc</filename> file must set <filename>INC_PR</filename>
|
||||
(initially to "r0"), and all recipes referring to it should set <filename>PR</filename>
|
||||
to "$(INC_PR).0" initially, incrementing the last number when the recipe is changed.
|
||||
The <filename>.inc</filename> file must set
|
||||
<filename>INC_PR</filename> (initially to "r0"), and all
|
||||
recipes referring to it should set <filename>PR</filename>
|
||||
to "${INC_PR}.0" initially, incrementing the last number
|
||||
when the recipe is changed.
|
||||
If the <filename>.inc</filename> file is changed then its
|
||||
<filename>INC_PR</filename> should be incremented.
|
||||
</para>
|
||||
@@ -7188,14 +7191,14 @@
|
||||
When upgrading the version of a package, assuming the
|
||||
<filename><ulink url='&YOCTO_DOCS_REF_URL;#var-PV'>PV</ulink></filename>
|
||||
changes, the <filename>PR</filename> variable should be
|
||||
reset to "r0" (or "$(INC_PR).0" if you are using
|
||||
reset to "r0" (or "${INC_PR}.0" if you are using
|
||||
<filename>INC_PR</filename>).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Usually, version increases occur only to packages.
|
||||
However, if for some reason <filename>PV</filename> changes but does not
|
||||
increase, you can increase the
|
||||
However, if for some reason <filename>PV</filename> changes
|
||||
but does not increase, you can increase the
|
||||
<filename><ulink url='&YOCTO_DOCS_REF_URL;#var-PE'>PE</ulink></filename>
|
||||
variable (Package Epoch).
|
||||
The <filename>PE</filename> variable defaults to "0".
|
||||
@@ -7205,7 +7208,8 @@
|
||||
Version numbering strives to follow the
|
||||
<ulink url='http://www.debian.org/doc/debian-policy/ch-controlfields.html'>
|
||||
Debian Version Field Policy Guidelines</ulink>.
|
||||
These guidelines define how versions are compared and what "increasing" a version means.
|
||||
These guidelines define how versions are compared and what
|
||||
"increasing" a version means.
|
||||
</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
@@ -93,9 +93,14 @@
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>2.1.2</revnumber>
|
||||
<date>October 2016</date>
|
||||
<date>December 2016</date>
|
||||
<revremark>Released with the Yocto Project 2.1.2 Release.</revremark>
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>2.1.3</revnumber>
|
||||
<date>June 2017</date>
|
||||
<revremark>Released with the Yocto Project 2.1.3 Release.</revremark>
|
||||
</revision>
|
||||
</revhistory>
|
||||
|
||||
<copyright>
|
||||
@@ -111,12 +116,46 @@
|
||||
Creative Commons.
|
||||
</para>
|
||||
|
||||
<note>
|
||||
For the latest version of this manual associated with this
|
||||
Yocto Project release, see the
|
||||
<ulink url='&YOCTO_DOCS_DEV_URL;'>Yocto Project Development Manual</ulink>
|
||||
from the Yocto Project website.
|
||||
</note>
|
||||
<note><title>Manual Notes</title>
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
This version of the
|
||||
<emphasis>Yocto Project Development Manual</emphasis>
|
||||
is for the &YOCTO_DOC_VERSION; release of the
|
||||
Yocto Project.
|
||||
To be sure you have the latest version of the manual
|
||||
for this release, go to the
|
||||
<ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
|
||||
and select the manual from that site.
|
||||
Manuals from the site are more up-to-date than manuals
|
||||
derived from the Yocto Project released TAR files.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
If you located this manual through a web search, the
|
||||
version of the manual might not be the one you want
|
||||
(e.g. the search might have returned a manual much
|
||||
older than the Yocto Project version with which you
|
||||
are working).
|
||||
You can see all Yocto Project major releases by
|
||||
visiting the
|
||||
<ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink>
|
||||
page.
|
||||
If you need a version of this manual for a different
|
||||
Yocto Project release, visit the
|
||||
<ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
|
||||
and select the manual set by using the
|
||||
"ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE"
|
||||
pull-down menus.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
To report any inaccuracies or problems with this
|
||||
manual, send an email to the Yocto Project
|
||||
discussion group at
|
||||
<filename>yocto@yoctoproject.com</filename> or log into
|
||||
the freenode <filename>#yocto</filename> channel.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
</note>
|
||||
</legalnotice>
|
||||
|
||||
</bookinfo>
|
||||
|
||||
@@ -78,9 +78,14 @@
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>2.1.2</revnumber>
|
||||
<date>October 2016</date>
|
||||
<date>December 2016</date>
|
||||
<revremark>Released with the Yocto Project 2.1.2 Release.</revremark>
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>2.1.3</revnumber>
|
||||
<date>June 2017</date>
|
||||
<revremark>Released with the Yocto Project 2.1.3 Release.</revremark>
|
||||
</revision>
|
||||
</revhistory>
|
||||
|
||||
<copyright>
|
||||
@@ -93,12 +98,46 @@
|
||||
Permission is granted to copy, distribute and/or modify this document under
|
||||
the terms of the <ulink type="http" url="http://creativecommons.org/licenses/by-sa/2.0/uk/">Creative Commons Attribution-Share Alike 2.0 UK: England & Wales</ulink> as published by Creative Commons.
|
||||
</para>
|
||||
<note>
|
||||
For the latest version of this manual associated with this
|
||||
Yocto Project release, see the
|
||||
<ulink url='&YOCTO_DOCS_KERNEL_DEV_URL;'>Yocto Project Linux Kernel Development Manual</ulink>
|
||||
from the Yocto Project website.
|
||||
</note>
|
||||
<note><title>Manual Notes</title>
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
This version of the
|
||||
<emphasis>Yocto Project Linux Kernel Development Manual</emphasis>
|
||||
is for the &YOCTO_DOC_VERSION; release of the
|
||||
Yocto Project.
|
||||
To be sure you have the latest version of the manual
|
||||
for this release, go to the
|
||||
<ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
|
||||
and select the manual from that site.
|
||||
Manuals from the site are more up-to-date than manuals
|
||||
derived from the Yocto Project released TAR files.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
If you located this manual through a web search, the
|
||||
version of the manual might not be the one you want
|
||||
(e.g. the search might have returned a manual much
|
||||
older than the Yocto Project version with which you
|
||||
are working).
|
||||
You can see all Yocto Project major releases by
|
||||
visiting the
|
||||
<ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink>
|
||||
page.
|
||||
If you need a version of this manual for a different
|
||||
Yocto Project release, visit the
|
||||
<ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
|
||||
and select the manual set by using the
|
||||
"ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE"
|
||||
pull-down menus.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
To report any inaccuracies or problems with this
|
||||
manual, send an email to the Yocto Project
|
||||
discussion group at
|
||||
<filename>yocto@yoctoproject.com</filename> or log into
|
||||
the freenode <filename>#yocto</filename> channel.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
</note>
|
||||
</legalnotice>
|
||||
|
||||
</bookinfo>
|
||||
|
||||
@@ -62,9 +62,14 @@
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>2.1.2</revnumber>
|
||||
<date>October 2016</date>
|
||||
<date>December 2016</date>
|
||||
<revremark>Released with the Yocto Project 2.1.2 Release.</revremark>
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>2.1.3</revnumber>
|
||||
<date>June 2017</date>
|
||||
<revremark>Released with the Yocto Project 2.1.3 Release.</revremark>
|
||||
</revision>
|
||||
</revhistory>
|
||||
|
||||
<copyright>
|
||||
@@ -77,12 +82,46 @@
|
||||
Permission is granted to copy, distribute and/or modify this document under
|
||||
the terms of the <ulink type="http" url="http://creativecommons.org/licenses/by-sa/2.0/uk/">Creative Commons Attribution-Share Alike 2.0 UK: England & Wales</ulink> as published by Creative Commons.
|
||||
</para>
|
||||
<note>
|
||||
For the latest version of this manual associated with this
|
||||
Yocto Project release, see the
|
||||
<ulink url='&YOCTO_DOCS_MM_URL;'>Yocto Project Mega-Manual</ulink>
|
||||
from the Yocto Project website.
|
||||
</note>
|
||||
<note><title>Manual Notes</title>
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
This version of the
|
||||
<emphasis>Yocto Project Mega-Manual</emphasis>
|
||||
is for the &YOCTO_DOC_VERSION; release of the
|
||||
Yocto Project.
|
||||
To be sure you have the latest version of the manual
|
||||
for this release, go to the
|
||||
<ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
|
||||
and select the manual from that site.
|
||||
Manuals from the site are more up-to-date than manuals
|
||||
derived from the Yocto Project released TAR files.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
If you located this manual through a web search, the
|
||||
version of the manual might not be the one you want
|
||||
(e.g. the search might have returned a manual much
|
||||
older than the Yocto Project version with which you
|
||||
are working).
|
||||
You can see all Yocto Project major releases by
|
||||
visiting the
|
||||
<ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink>
|
||||
page.
|
||||
If you need a version of this manual for a different
|
||||
Yocto Project release, visit the
|
||||
<ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
|
||||
and select the manual set by using the
|
||||
"ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE"
|
||||
pull-down menus.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
To report any inaccuracies or problems with this
|
||||
manual, send an email to the Yocto Project
|
||||
discussion group at
|
||||
<filename>yocto@yoctoproject.com</filename> or log into
|
||||
the freenode <filename>#yocto</filename> channel.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
</note>
|
||||
|
||||
</legalnotice>
|
||||
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
<!ENTITY DISTRO "2.1.2">
|
||||
<!ENTITY DISTRO_COMPRESSED "212">
|
||||
<!ENTITY DISTRO "2.1.3">
|
||||
<!ENTITY DISTRO_COMPRESSED "213">
|
||||
<!ENTITY DISTRO_NAME_NO_CAP "krogoth">
|
||||
<!ENTITY DISTRO_NAME "Krogoth">
|
||||
<!ENTITY YOCTO_DOC_VERSION "2.1.2">
|
||||
<!ENTITY POKYVERSION "15.0.2">
|
||||
<!ENTITY POKYVERSION_COMPRESSED "1502">
|
||||
<!ENTITY YOCTO_DOC_VERSION "2.1.3">
|
||||
<!ENTITY POKYVERSION "15.0.3">
|
||||
<!ENTITY POKYVERSION_COMPRESSED "1503">
|
||||
<!ENTITY YOCTO_POKY "poky-&DISTRO_NAME_NO_CAP;-&POKYVERSION;">
|
||||
<!ENTITY COPYRIGHT_YEAR "2010-2016">
|
||||
<!ENTITY COPYRIGHT_YEAR "2010-2017">
|
||||
<!ENTITY YOCTO_DL_URL "http://downloads.yoctoproject.org">
|
||||
<!ENTITY YOCTO_HOME_URL "http://www.yoctoproject.org">
|
||||
<!ENTITY YOCTO_LISTS_URL "http://lists.yoctoproject.org">
|
||||
|
||||
@@ -78,9 +78,14 @@
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>2.1.2</revnumber>
|
||||
<date>October 2016</date>
|
||||
<date>December 2016</date>
|
||||
<revremark>Released with the Yocto Project 2.1.2 Release.</revremark>
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>2.1.3</revnumber>
|
||||
<date>June 2017</date>
|
||||
<revremark>Released with the Yocto Project 2.1.3 Release.</revremark>
|
||||
</revision>
|
||||
</revhistory>
|
||||
|
||||
<copyright>
|
||||
@@ -96,12 +101,46 @@
|
||||
Creative Commons.
|
||||
</para>
|
||||
|
||||
<note>
|
||||
For the latest version of this manual associated with this
|
||||
Yocto Project release, see the
|
||||
<ulink url='&YOCTO_DOCS_PROF_URL;'>Yocto Project Profiling and Tracing Manual</ulink>
|
||||
from the Yocto Project website.
|
||||
</note>
|
||||
<note><title>Manual Notes</title>
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
This version of the
|
||||
<emphasis>Yocto Project Profiling and Tracing Manual</emphasis>
|
||||
is for the &YOCTO_DOC_VERSION; release of the
|
||||
Yocto Project.
|
||||
To be sure you have the latest version of the manual
|
||||
for this release, go to the
|
||||
<ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
|
||||
and select the manual from that site.
|
||||
Manuals from the site are more up-to-date than manuals
|
||||
derived from the Yocto Project released TAR files.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
If you located this manual through a web search, the
|
||||
version of the manual might not be the one you want
|
||||
(e.g. the search might have returned a manual much
|
||||
older than the Yocto Project version with which you
|
||||
are working).
|
||||
You can see all Yocto Project major releases by
|
||||
visiting the
|
||||
<ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink>
|
||||
page.
|
||||
If you need a version of this manual for a different
|
||||
Yocto Project release, visit the
|
||||
<ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
|
||||
and select the manual set by using the
|
||||
"ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE"
|
||||
pull-down menus.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
To report any inaccuracies or problems with this
|
||||
manual, send an email to the Yocto Project
|
||||
discussion group at
|
||||
<filename>yocto@yoctoproject.com</filename> or log into
|
||||
the freenode <filename>#yocto</filename> channel.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
</note>
|
||||
</legalnotice>
|
||||
|
||||
</bookinfo>
|
||||
|
||||
@@ -109,9 +109,14 @@
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>2.1.2</revnumber>
|
||||
<date>October 2016</date>
|
||||
<date>December 2016</date>
|
||||
<revremark>Released with the Yocto Project 2.1.2 Release.</revremark>
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>2.1.3</revnumber>
|
||||
<date>June 2017</date>
|
||||
<revremark>Released with the Yocto Project 2.1.3 Release.</revremark>
|
||||
</revision>
|
||||
</revhistory>
|
||||
|
||||
<copyright>
|
||||
@@ -124,12 +129,46 @@
|
||||
Permission is granted to copy, distribute and/or modify this document under
|
||||
the terms of the <ulink type="http" url="http://creativecommons.org/licenses/by-sa/2.0/uk/">Creative Commons Attribution-Share Alike 2.0 UK: England & Wales</ulink> as published by Creative Commons.
|
||||
</para>
|
||||
<note>
|
||||
For the latest version of this manual associated with this
|
||||
Yocto Project release, see the
|
||||
<ulink url='&YOCTO_DOCS_REF_URL;'>Yocto Project Reference Manual</ulink>
|
||||
from the Yocto Project website.
|
||||
</note>
|
||||
<note><title>Manual Notes</title>
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
This version of the
|
||||
<emphasis>Yocto Project Reference Manual</emphasis>
|
||||
is for the &YOCTO_DOC_VERSION; release of the
|
||||
Yocto Project.
|
||||
To be sure you have the latest version of the manual
|
||||
for this release, go to the
|
||||
<ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
|
||||
and select the manual from that site.
|
||||
Manuals from the site are more up-to-date than manuals
|
||||
derived from the Yocto Project released TAR files.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
If you located this manual through a web search, the
|
||||
version of the manual might not be the one you want
|
||||
(e.g. the search might have returned a manual much
|
||||
older than the Yocto Project version with which you
|
||||
are working).
|
||||
You can see all Yocto Project major releases by
|
||||
visiting the
|
||||
<ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink>
|
||||
page.
|
||||
If you need a version of this manual for a different
|
||||
Yocto Project release, visit the
|
||||
<ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
|
||||
and select the manual set by using the
|
||||
"ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE"
|
||||
pull-down menus.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
To report any inaccuracies or problems with this
|
||||
manual, send an email to the Yocto Project
|
||||
discussion group at
|
||||
<filename>yocto@yoctoproject.com</filename> or log into
|
||||
the freenode <filename>#yocto</filename> channel.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
</note>
|
||||
</legalnotice>
|
||||
|
||||
</bookinfo>
|
||||
|
||||
@@ -43,9 +43,14 @@
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>2.1.2</revnumber>
|
||||
<date>October 2016</date>
|
||||
<date>December 2016</date>
|
||||
<revremark>Released with the Yocto Project 2.1.2 Release.</revremark>
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>2.1.3</revnumber>
|
||||
<date>June 2017</date>
|
||||
<revremark>Released with the Yocto Project 2.1.3 Release.</revremark>
|
||||
</revision>
|
||||
</revhistory>
|
||||
|
||||
<copyright>
|
||||
@@ -58,12 +63,46 @@
|
||||
Permission is granted to copy, distribute and/or modify this document under
|
||||
the terms of the <ulink type="http" url="http://creativecommons.org/licenses/by-sa/2.0/uk/">Creative Commons Attribution-Share Alike 2.0 UK: England & Wales</ulink> as published by Creative Commons.
|
||||
</para>
|
||||
<note>
|
||||
For the latest version of this manual associated with this
|
||||
Yocto Project release, see the
|
||||
<ulink url='&YOCTO_DOCS_SDK_URL;'>Yocto Project Software Development Kit (SDK) Developer's Guide</ulink>
|
||||
from the Yocto Project website.
|
||||
</note>
|
||||
<note><title>Manual Notes</title>
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
This version of the
|
||||
<emphasis>Yocto Project Software Development Kit (SDK) Developer's Guide</emphasis>
|
||||
is for the &YOCTO_DOC_VERSION; release of the
|
||||
Yocto Project.
|
||||
To be sure you have the latest version of the manual
|
||||
for this release, go to the
|
||||
<ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
|
||||
and select the manual from that site.
|
||||
Manuals from the site are more up-to-date than manuals
|
||||
derived from the Yocto Project released TAR files.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
If you located this manual through a web search, the
|
||||
version of the manual might not be the one you want
|
||||
(e.g. the search might have returned a manual much
|
||||
older than the Yocto Project version with which you
|
||||
are working).
|
||||
You can see all Yocto Project major releases by
|
||||
visiting the
|
||||
<ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink>
|
||||
page.
|
||||
If you need a version of this manual for a different
|
||||
Yocto Project release, visit the
|
||||
<ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
|
||||
and select the manual set by using the
|
||||
"ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE"
|
||||
pull-down menus.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
To report any inaccuracies or problems with this
|
||||
manual, send an email to the Yocto Project
|
||||
discussion group at
|
||||
<filename>yocto@yoctoproject.com</filename> or log into
|
||||
the freenode <filename>#yocto</filename> channel.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
</note>
|
||||
|
||||
</legalnotice>
|
||||
|
||||
|
||||
@@ -53,9 +53,14 @@
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>2.1.2</revnumber>
|
||||
<date>October 2016</date>
|
||||
<date>December 2016</date>
|
||||
<revremark>Released with the Yocto Project 2.1.2 Release.</revremark>
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>2.1.3</revnumber>
|
||||
<date>June 2017</date>
|
||||
<revremark>Released with the Yocto Project 2.1.3 Release.</revremark>
|
||||
</revision>
|
||||
</revhistory>
|
||||
|
||||
<copyright>
|
||||
@@ -68,12 +73,46 @@
|
||||
Permission is granted to copy, distribute and/or modify this document under
|
||||
the terms of the <ulink type="http" url="http://creativecommons.org/licenses/by-sa/2.0/uk/">Creative Commons Attribution-Share Alike 2.0 UK: England & Wales</ulink> as published by Creative Commons.
|
||||
</para>
|
||||
<note>
|
||||
For the latest version of this manual associated with this
|
||||
Yocto Project release, see the
|
||||
<ulink url='&YOCTO_DOCS_TOAST_URL;'>Toaster User Manual</ulink>
|
||||
from the Yocto Project website.
|
||||
</note>
|
||||
<note><title>Manual Notes</title>
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
This version of the
|
||||
<emphasis>Toaster User Manual</emphasis>
|
||||
is for the &YOCTO_DOC_VERSION; release of the
|
||||
Yocto Project.
|
||||
To be sure you have the latest version of the manual
|
||||
for this release, go to the
|
||||
<ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
|
||||
and select the manual from that site.
|
||||
Manuals from the site are more up-to-date than manuals
|
||||
derived from the Yocto Project released TAR files.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
If you located this manual through a web search, the
|
||||
version of the manual might not be the one you want
|
||||
(e.g. the search might have returned a manual much
|
||||
older than the Yocto Project version with which you
|
||||
are working).
|
||||
You can see all Yocto Project major releases by
|
||||
visiting the
|
||||
<ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink>
|
||||
page.
|
||||
If you need a version of this manual for a different
|
||||
Yocto Project release, visit the
|
||||
<ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
|
||||
and select the manual set by using the
|
||||
"ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE"
|
||||
pull-down menus.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
To report any inaccuracies or problems with this
|
||||
manual, send an email to the Yocto Project
|
||||
discussion group at
|
||||
<filename>yocto@yoctoproject.com</filename> or log into
|
||||
the freenode <filename>#yocto</filename> channel.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
</note>
|
||||
|
||||
</legalnotice>
|
||||
|
||||
|
||||
@@ -2,32 +2,32 @@
|
||||
# This style is for manual folders like "yocto-project-qs" and "poky-ref-manual".
|
||||
# This is the old way that did it. Can't do that now that we have "bitbake-user-manual" strings
|
||||
# in the mega-manual.
|
||||
# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.2\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.2\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.2\/poky-ref-manual\/poky-ref-manual.html#/\"link\" href=\"#/g
|
||||
# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.3\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.3\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.3\/poky-ref-manual\/poky-ref-manual.html#/\"link\" href=\"#/g
|
||||
|
||||
# Processes all other manuals (<word>-<word> style) except for the BitBake User Manual because
|
||||
# it is not included in the mega-manual.
|
||||
# This style is for manual folders that use two word, which is the standard now (e.g. "ref-manual").
|
||||
# This was the one-liner that worked before we introduced the BitBake User Manual, which is
|
||||
# not in the mega-manual.
|
||||
# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.2\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
|
||||
# s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.3\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g
|
||||
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.2\/sdk-manual\/sdk-manual.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.2\/bsp-guide\/bsp-guide.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.2\/dev-manual\/dev-manual.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.2\/kernel-dev\/kernel-dev.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.2\/profile-manual\/profile-manual.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.2\/ref-manual\/ref-manual.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.2\/toaster-manual\/toaster-manual.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.2\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.3\/sdk-manual\/sdk-manual.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.3\/bsp-guide\/bsp-guide.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.3\/dev-manual\/dev-manual.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.3\/kernel-dev\/kernel-dev.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.3\/profile-manual\/profile-manual.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.3\/ref-manual\/ref-manual.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.3\/toaster-manual\/toaster-manual.html#/\"link\" href=\"#/g
|
||||
s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.3\/yocto-project-qs\/yocto-project-qs.html#/\"link\" href=\"#/g
|
||||
|
||||
# Process cases where just an external manual is referenced without an id anchor
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.2\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.2\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.2\/sdk-manual\/sdk-manual.html\" target=\"_top\">Yocto Project Software Development Kit (SDK) Developer's Guide<\/a>/Yocto Project Software Development Kit (SDK) Developer's Guide/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.2\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.2\/profile-manual\/profile-manual.html\" target=\"_top\">Yocto Project Profiling and Tracing Manual<\/a>/Yocto Project Profiling and Tracing Manual/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.2\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.2\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.2\/toaster-manual\/toaster-manual.html\" target=\"_top\">Toaster User Manual<\/a>/Toaster User Manual/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.3\/yocto-project-qs\/yocto-project-qs.html\" target=\"_top\">Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.3\/dev-manual\/dev-manual.html\" target=\"_top\">Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.3\/sdk-manual\/sdk-manual.html\" target=\"_top\">Yocto Project Software Development Kit (SDK) Developer's Guide<\/a>/Yocto Project Software Development Kit (SDK) Developer's Guide/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.3\/bsp-guide\/bsp-guide.html\" target=\"_top\">Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.3\/profile-manual\/profile-manual.html\" target=\"_top\">Yocto Project Profiling and Tracing Manual<\/a>/Yocto Project Profiling and Tracing Manual/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.3\/kernel-dev\/kernel-dev.html\" target=\"_top\">Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.3\/ref-manual\/ref-manual.html\" target=\"_top\">Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g
|
||||
s/<a class=\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/2.1.3\/toaster-manual\/toaster-manual.html\" target=\"_top\">Toaster User Manual<\/a>/Toaster User Manual/g
|
||||
|
||||
@@ -16,12 +16,46 @@
|
||||
Permission is granted to copy, distribute and/or modify this document under
|
||||
the terms of the <ulink type="http" url="http://creativecommons.org/licenses/by-sa/2.0/uk/">Creative Commons Attribution-Share Alike 2.0 UK: England & Wales</ulink> as published by Creative Commons.
|
||||
</para>
|
||||
<note>
|
||||
For the latest version of this manual associated with this
|
||||
Yocto Project release, see the
|
||||
<ulink url='&YOCTO_DOCS_QS_URL;'>Yocto Project Quick Start</ulink>
|
||||
from the Yocto Project website.
|
||||
</note>
|
||||
<note><title>Manual Notes</title>
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
This version of the
|
||||
<emphasis>Yocto Project Quick Start</emphasis>
|
||||
is for the &YOCTO_DOC_VERSION; release of the
|
||||
Yocto Project.
|
||||
To be sure you have the latest version of the manual
|
||||
for this release, go to the
|
||||
<ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
|
||||
and select the manual from that site.
|
||||
Manuals from the site are more up-to-date than manuals
|
||||
derived from the Yocto Project released TAR files.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
If you located this manual through a web search, the
|
||||
version of the manual might not be the one you want
|
||||
(e.g. the search might have returned a manual much
|
||||
older than the Yocto Project version with which you
|
||||
are working).
|
||||
You can see all Yocto Project major releases by
|
||||
visiting the
|
||||
<ulink url='&YOCTO_WIKI_URL;/wiki/Releases'>Releases</ulink>
|
||||
page.
|
||||
If you need a version of this manual for a different
|
||||
Yocto Project release, visit the
|
||||
<ulink url='&YOCTO_HOME_URL;/documentation'>Yocto Project documentation page</ulink>
|
||||
and select the manual set by using the
|
||||
"ACTIVE RELEASES DOCUMENTATION" or "DOCUMENTS ARCHIVE"
|
||||
pull-down menus.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
To report any inaccuracies or problems with this
|
||||
manual, send an email to the Yocto Project
|
||||
discussion group at
|
||||
<filename>yocto@yoctoproject.com</filename> or log into
|
||||
the freenode <filename>#yocto</filename> channel.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
</note>
|
||||
</legalnotice>
|
||||
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
DISTRO = "poky"
|
||||
DISTRO_NAME = "Poky (Yocto Project Reference Distro)"
|
||||
DISTRO_VERSION = "2.1.2"
|
||||
DISTRO_VERSION = "2.1.3"
|
||||
DISTRO_CODENAME = "krogoth"
|
||||
SDK_VENDOR = "-pokysdk"
|
||||
SDK_VERSION := "${@'${DISTRO_VERSION}'.replace('snapshot-${DATE}','snapshot')}"
|
||||
|
||||
@@ -192,7 +192,7 @@ PATCHRESOLVE = "noop"
|
||||
# files and damages the build in ways which may not be easily recoverable.
|
||||
# It's necesary to monitor /tmp, if there is no space left the build will fail
|
||||
# with very exotic errors.
|
||||
BB_DISKMON_DIRS = "\
|
||||
BB_DISKMON_DIRS ??= "\
|
||||
STOPTASKS,${TMPDIR},1G,100K \
|
||||
STOPTASKS,${DL_DIR},1G,100K \
|
||||
STOPTASKS,${SSTATE_DIR},1G,100K \
|
||||
|
||||
@@ -17,6 +17,8 @@ HOST_CC_ARCH = "${BUILD_CC_ARCH}"
|
||||
HOST_LD_ARCH = "${BUILD_LD_ARCH}"
|
||||
HOST_AS_ARCH = "${BUILD_AS_ARCH}"
|
||||
|
||||
export lt_cv_sys_lib_dlsearch_path_spec = "${libdir} ${base_libdir} /lib /lib64 /usr/lib /usr/lib64"
|
||||
|
||||
STAGING_DIR_HOST = "${STAGING_DIR}/${HOST_ARCH}${HOST_VENDOR}-${HOST_OS}"
|
||||
|
||||
PACKAGE_ARCH = "${BUILD_ARCH}"
|
||||
|
||||
@@ -87,8 +87,7 @@ datadir = "${STAGING_DATADIR_NATIVE}"
|
||||
|
||||
baselib = "lib"
|
||||
|
||||
# Libtool's default paths are correct for the native machine
|
||||
lt_cv_sys_lib_dlsearch_path_spec[unexport] = "1"
|
||||
export lt_cv_sys_lib_dlsearch_path_spec = "${libdir} ${base_libdir} /lib /lib64 /usr/lib /usr/lib64"
|
||||
|
||||
NATIVE_PACKAGE_PATH_SUFFIX ?= ""
|
||||
bindir .= "${NATIVE_PACKAGE_PATH_SUFFIX}"
|
||||
|
||||
@@ -45,6 +45,8 @@ python do_package_ipk () {
|
||||
if os.path.exists(p):
|
||||
bb.utils.prunedir(p)
|
||||
|
||||
recipesource = os.path.basename(d.getVar('FILE', True))
|
||||
|
||||
for pkg in packages.split():
|
||||
localdata = bb.data.createCopy(d)
|
||||
root = "%s/%s" % (pkgdest, pkg)
|
||||
@@ -208,10 +210,7 @@ python do_package_ipk () {
|
||||
ctrlfile.write("Replaces: %s\n" % bb.utils.join_deps(rreplaces))
|
||||
if rconflicts:
|
||||
ctrlfile.write("Conflicts: %s\n" % bb.utils.join_deps(rconflicts))
|
||||
src_uri = localdata.getVar("SRC_URI", True).strip() or "None"
|
||||
if src_uri:
|
||||
src_uri = re.sub("\s+", " ", src_uri)
|
||||
ctrlfile.write("Source: %s\n" % " ".join(src_uri.split()))
|
||||
ctrlfile.write("Source: %s\n" % recipesource)
|
||||
ctrlfile.close()
|
||||
|
||||
for script in ["preinst", "postinst", "prerm", "postrm"]:
|
||||
|
||||
@@ -223,8 +223,14 @@ python copy_buildsystem () {
|
||||
# the sig computed from the metadata.
|
||||
f.write('SIGGEN_LOCKEDSIGS_TASKSIG_CHECK = "warn"\n\n')
|
||||
|
||||
# Set up whitelist for run on install
|
||||
f.write('BB_SETSCENE_ENFORCE_WHITELIST = "%:* *:do_shared_workdir *:do_rm_work *:do_package"\n\n')
|
||||
|
||||
# Hide the config information from bitbake output (since it's fixed within the SDK)
|
||||
f.write('BUILDCFG_HEADER = ""\n')
|
||||
f.write('BUILDCFG_HEADER = ""\n\n')
|
||||
|
||||
# Map gcc-dependent uninative sstate cache for installer usage
|
||||
f.write('SSTATE_MIRRORS = "file://universal/(.*) file://universal-4.9/\\1\\nfile://universal-4.9/(.*) file://universal-4.8/\\1"\n\n')
|
||||
|
||||
# Allow additional config through sdk-extra.conf
|
||||
fn = bb.cookerdata.findConfigFile('sdk-extra.conf', d)
|
||||
|
||||
@@ -55,7 +55,7 @@ do_rm_work () {
|
||||
*do_setscene*)
|
||||
break
|
||||
;;
|
||||
*sigdata*)
|
||||
*sigdata*|*sigbasedata*)
|
||||
i=dummy
|
||||
break
|
||||
;;
|
||||
|
||||
@@ -5,8 +5,8 @@
|
||||
ROOTFS_PKGMANAGE = "rpm smartpm"
|
||||
ROOTFS_PKGMANAGE_BOOTSTRAP = "run-postinsts"
|
||||
|
||||
# Add 50Meg of extra space for Smart
|
||||
IMAGE_ROOTFS_EXTRA_SPACE_append = "${@bb.utils.contains("PACKAGE_INSTALL", "smartpm", " + 51200", "" ,d)}"
|
||||
# Add 100Meg of extra space for Smart
|
||||
IMAGE_ROOTFS_EXTRA_SPACE_append = "${@bb.utils.contains("PACKAGE_INSTALL", "smartpm", " + 102400", "" ,d)}"
|
||||
|
||||
# Smart is python based, so be sure python-native is available to us.
|
||||
EXTRANATIVEPATH += "python-native"
|
||||
|
||||
@@ -442,7 +442,7 @@ def sstate_clean(ss, d):
|
||||
rm_nohash = ".do_%s" % ss['task']
|
||||
for stfile in glob.glob(wildcard_stfile):
|
||||
# Keep the sigdata
|
||||
if ".sigdata." in stfile:
|
||||
if ".sigdata." in stfile or ".sigbasedata." in stfile:
|
||||
continue
|
||||
# Preserve taint files in the stamps directory
|
||||
if stfile.endswith('.taint'):
|
||||
|
||||
@@ -58,14 +58,24 @@ class oeTest(unittest.TestCase):
|
||||
|
||||
@classmethod
|
||||
def hasPackage(self, pkg):
|
||||
for item in oeTest.tc.pkgmanifest.split('\n'):
|
||||
if re.match(pkg, item):
|
||||
"""
|
||||
True if the full package name exists in the manifest, False otherwise.
|
||||
"""
|
||||
return pkg in oeTest.tc.pkgmanifest
|
||||
|
||||
@classmethod
|
||||
def hasPackageMatch(self, match):
|
||||
"""
|
||||
True if match exists in the manifest as a regular expression substring,
|
||||
False otherwise.
|
||||
"""
|
||||
for s in oeTest.tc.pkgmanifest:
|
||||
if re.match(match, s):
|
||||
return True
|
||||
return False
|
||||
|
||||
@classmethod
|
||||
def hasFeature(self,feature):
|
||||
|
||||
if feature in oeTest.tc.imagefeatures or \
|
||||
feature in oeTest.tc.distrofeatures:
|
||||
return True
|
||||
@@ -340,17 +350,18 @@ class ImageTestContext(TestContext):
|
||||
self.target = target
|
||||
self.host_dumper = host_dumper
|
||||
|
||||
self.pkgmanifest = {}
|
||||
manifest = os.path.join(d.getVar("DEPLOY_DIR_IMAGE", True),
|
||||
d.getVar("IMAGE_LINK_NAME", True) + ".manifest")
|
||||
nomanifest = d.getVar("IMAGE_NO_MANIFEST", True)
|
||||
if nomanifest is None or nomanifest != "1":
|
||||
try:
|
||||
with open(manifest) as f:
|
||||
self.pkgmanifest = f.read()
|
||||
for line in f:
|
||||
(pkg, arch, version) = line.strip().split()
|
||||
self.pkgmanifest[pkg] = (version, arch)
|
||||
except IOError as e:
|
||||
bb.fatal("No package manifest file found. Did you build the image?\n%s" % e)
|
||||
else:
|
||||
self.pkgmanifest = ""
|
||||
|
||||
self.sigterm = False
|
||||
self.origsigtermhandler = signal.getsignal(signal.SIGTERM)
|
||||
@@ -396,8 +407,11 @@ class SDKTestContext(TestContext):
|
||||
if not hasattr(self, 'target_manifest'):
|
||||
self.target_manifest = d.getVar("SDK_TARGET_MANIFEST", True)
|
||||
try:
|
||||
self.pkgmanifest = {}
|
||||
with open(self.target_manifest) as f:
|
||||
self.pkgmanifest = f.read()
|
||||
for line in f:
|
||||
(pkg, arch, version) = line.strip().split()
|
||||
self.pkgmanifest[pkg] = (version, arch)
|
||||
except IOError as e:
|
||||
bb.fatal("No package manifest file found. Did you build the sdk image?\n%s" % e)
|
||||
|
||||
|
||||
@@ -11,7 +11,7 @@ import subprocess
|
||||
def setUpModule():
|
||||
if not oeRuntimeTest.hasFeature("package-management"):
|
||||
skipModule("Image doesn't have package management feature")
|
||||
if not oeRuntimeTest.hasPackage("smart"):
|
||||
if not oeRuntimeTest.hasPackage("smartpm"):
|
||||
skipModule("Image doesn't have smart installed")
|
||||
if "package_rpm" != oeRuntimeTest.tc.d.getVar("PACKAGE_CLASSES", True).split()[0]:
|
||||
skipModule("Rpm is not the primary package manager")
|
||||
@@ -105,7 +105,7 @@ class PtestRunnerTest(oeRuntimeTest):
|
||||
def test_ptestrunner(self):
|
||||
self.add_smart_channel()
|
||||
(runnerstatus, result) = self.target.run('which ptest-runner', 0)
|
||||
cond = oeRuntimeTest.hasPackage("ptest-runner") and oeRuntimeTest.hasFeature("ptest") and oeRuntimeTest.hasPackage("-ptest") and (runnerstatus != 0)
|
||||
cond = oeRuntimeTest.hasPackage("ptest-runner") and oeRuntimeTest.hasFeature("ptest") and oeRuntimeTest.hasPackageMatch("-ptest") and (runnerstatus != 0)
|
||||
if cond:
|
||||
self.install_packages(self.install_complementary("*-ptest"))
|
||||
self.install_packages(['ptest-runner'])
|
||||
|
||||
@@ -4,7 +4,7 @@ from oeqa.oetest import oeRuntimeTest, skipModule
|
||||
from oeqa.utils.decorators import *
|
||||
|
||||
def setUpModule():
|
||||
if not oeRuntimeTest.hasPackage("python"):
|
||||
if not oeRuntimeTest.hasPackage("python-core"):
|
||||
skipModule("No python package in the image")
|
||||
|
||||
|
||||
|
||||
@@ -53,9 +53,9 @@ class RpmInstallRemoveTest(oeRuntimeTest):
|
||||
def test_rpm_query_nonroot(self):
|
||||
(status, output) = self.target.run('useradd test1')
|
||||
self.assertTrue(status == 0, msg="Failed to create new user: " + output)
|
||||
(status, output) = self.target.run('sudo -u test1 id')
|
||||
(status, output) = self.target.run('su -c id test1')
|
||||
self.assertTrue('(test1)' in output, msg="Failed to execute as new user")
|
||||
(status, output) = self.target.run('sudo -u test1 rpm -qa')
|
||||
(status, output) = self.target.run('su -c "rpm -qa" test1 ')
|
||||
self.assertEqual(status, 0, msg="status: %s. Cannot run rpm -qa: %s" % (status, output))
|
||||
|
||||
@testcase(195)
|
||||
@@ -98,4 +98,3 @@ class RpmInstallRemoveTest(oeRuntimeTest):
|
||||
@classmethod
|
||||
def tearDownClass(self):
|
||||
oeRuntimeTest.tc.target.run('rm -f /tmp/rpm-doc.rpm')
|
||||
|
||||
|
||||
@@ -7,7 +7,7 @@ from oeqa.utils.httpserver import HTTPService
|
||||
def setUpModule():
|
||||
if not oeRuntimeTest.hasFeature("package-management"):
|
||||
skipModule("Image doesn't have package management feature")
|
||||
if not oeRuntimeTest.hasPackage("smart"):
|
||||
if not oeRuntimeTest.hasPackage("smartpm"):
|
||||
skipModule("Image doesn't have smart installed")
|
||||
if "package_rpm" != oeRuntimeTest.tc.d.getVar("PACKAGE_CLASSES", True).split()[0]:
|
||||
skipModule("Rpm is not the primary package manager")
|
||||
|
||||
@@ -3,7 +3,7 @@ from oeqa.utils.decorators import *
|
||||
from oeqa.utils.targetbuild import SDKBuildProject
|
||||
|
||||
def setUpModule():
|
||||
if not oeSDKTest.hasPackage("gtk\+"):
|
||||
if not oeSDKTest.hasPackage("gtk+"):
|
||||
skipModule("Image doesn't have gtk+ in manifest")
|
||||
|
||||
class SudokuTest(oeSDKTest):
|
||||
|
||||
@@ -447,8 +447,8 @@ class RecipetoolTests(RecipetoolBase):
|
||||
temprecipe = os.path.join(self.tempdir, 'recipe')
|
||||
os.makedirs(temprecipe)
|
||||
recipefile = os.path.join(temprecipe, 'meson_git.bb')
|
||||
srcuri = 'https://github.com/mesonbuild/meson'
|
||||
result = runCmd('recipetool create -o %s %s' % (temprecipe, srcuri))
|
||||
srcuri = 'https://github.com/mesonbuild/meson;rev=0.32.0'
|
||||
result = runCmd(['recipetool', 'create', '-o', recipefile, srcuri])
|
||||
self.assertTrue(os.path.isfile(recipefile))
|
||||
checkvars = {}
|
||||
checkvars['LICENSE'] = set(['Apache-2.0'])
|
||||
|
||||
@@ -0,0 +1,45 @@
|
||||
From 6186bcf1bcaaa0f16e79339e07c64c841d4d957d Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Kanavin <alex.kanavin@gmail.com>
|
||||
Date: Fri, 2 Dec 2016 20:52:40 +0200
|
||||
Subject: [PATCH] Enforce -no-pie, if the compiler supports it.
|
||||
|
||||
Add a -no-pie as recent (2 Dec 2016) Debian testing compiler
|
||||
seems to default to enabling PIE when linking. See
|
||||
https://wiki.ubuntu.com/SecurityTeam/PIE
|
||||
|
||||
Upstream-Status: Pending
|
||||
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
|
||||
---
|
||||
acinclude.m4 | 2 +-
|
||||
configure.ac | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/acinclude.m4 b/acinclude.m4
|
||||
index 19200b0..a713923 100644
|
||||
--- a/acinclude.m4
|
||||
+++ b/acinclude.m4
|
||||
@@ -416,7 +416,7 @@ int main() {
|
||||
|
||||
[# `$CC -c -o ...' might not be portable. But, oh, well... Is calling
|
||||
# `ac_compile' like this correct, after all?
|
||||
-if eval "$ac_compile -S -o conftest.s" 2> /dev/null; then]
|
||||
+if eval "$ac_compile -S -o conftest.s" 2> /dev/null && eval "$CC -dumpspecs 2>/dev/null | grep -e no-pie" ; then]
|
||||
AC_MSG_RESULT([yes])
|
||||
[# Should we clear up other files as well, having called `AC_LANG_CONFTEST'?
|
||||
rm -f conftest.s
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index df20991..506c6b4 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -603,7 +603,7 @@ grub_CHECK_PIE
|
||||
[# Need that, because some distributions ship compilers that include
|
||||
# `-fPIE' in the default specs.
|
||||
if [ x"$pie_possible" = xyes ]; then
|
||||
- TARGET_CFLAGS="$TARGET_CFLAGS -fno-PIE"
|
||||
+ TARGET_CFLAGS="$TARGET_CFLAGS -fno-PIE -no-pie"
|
||||
fi]
|
||||
|
||||
# Position independent executable.
|
||||
--
|
||||
2.10.2
|
||||
|
||||
@@ -31,6 +31,7 @@ SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \
|
||||
file://0001-Remove-direct-_llseek-code-and-require-long-filesyst.patch \
|
||||
file://fix-texinfo.patch \
|
||||
file://0001-grub-core-gettext-gettext.c-main_context-secondary_c.patch \
|
||||
file://0001-Enforce-no-pie-if-the-compiler-supports-it.patch \
|
||||
"
|
||||
|
||||
DEPENDS = "flex-native bison-native"
|
||||
|
||||
@@ -8,7 +8,7 @@ SECTION = "libs/network"
|
||||
LICENSE = "openssl"
|
||||
LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
|
||||
|
||||
DEPENDS = "hostperl-runtime-native"
|
||||
DEPENDS = "makedepend-native hostperl-runtime-native"
|
||||
DEPENDS_append_class-target = " openssl-native"
|
||||
|
||||
SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
|
||||
@@ -36,15 +36,15 @@ PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf"
|
||||
FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
|
||||
FILES_libssl = "${libdir}/libssl${SOLIBS}"
|
||||
FILES_${PN} =+ " ${libdir}/ssl/*"
|
||||
FILES_${PN}-misc = "${libdir}/ssl/misc ${bindir}/c_rehash"
|
||||
FILES_${PN}-misc = "${libdir}/ssl/misc"
|
||||
RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}"
|
||||
|
||||
# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
|
||||
# package RRECOMMENDS on this package. This will enable the configuration
|
||||
# file to be installed for both the base openssl package and the libcrypto
|
||||
# package since the base openssl package depends on the libcrypto package.
|
||||
FILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
|
||||
CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
|
||||
FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
|
||||
CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
|
||||
RRECOMMENDS_libcrypto += "openssl-conf"
|
||||
RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
|
||||
|
||||
@@ -114,7 +114,10 @@ do_configure () {
|
||||
target=debian-mipsel
|
||||
;;
|
||||
linux-*-mips64 | linux-mips64)
|
||||
target=linux-mips
|
||||
target=debian-mips64
|
||||
;;
|
||||
linux-*-mips64el | linux-mips64el)
|
||||
target=debian-mips64el
|
||||
;;
|
||||
linux-microblaze*|linux-nios2*)
|
||||
target=linux-generic32
|
||||
@@ -149,10 +152,14 @@ do_compile_prepend_class-target () {
|
||||
}
|
||||
|
||||
do_compile () {
|
||||
oe_runmake depend
|
||||
oe_runmake
|
||||
}
|
||||
|
||||
do_compile_ptest () {
|
||||
# build dependencies for test directory too
|
||||
export DIRS="$DIRS test"
|
||||
oe_runmake depend
|
||||
oe_runmake buildtest
|
||||
}
|
||||
|
||||
@@ -168,17 +175,27 @@ do_install () {
|
||||
install -d ${D}${includedir}
|
||||
cp --dereference -R include/openssl ${D}${includedir}
|
||||
|
||||
install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
|
||||
sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
|
||||
|
||||
oe_multilib_header openssl/opensslconf.h
|
||||
if [ "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then
|
||||
install -m 0755 ${S}/tools/c_rehash ${D}${bindir}
|
||||
sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${bindir}/c_rehash
|
||||
sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
|
||||
sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
|
||||
# The c_rehash utility isn't installed by the normal installation process.
|
||||
else
|
||||
rm -f ${D}${bindir}/c_rehash
|
||||
rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
|
||||
fi
|
||||
|
||||
# Create SSL structure
|
||||
install -d ${D}${sysconfdir}/ssl/
|
||||
mv ${D}${libdir}/ssl/openssl.cnf \
|
||||
${D}${libdir}/ssl/certs \
|
||||
${D}${libdir}/ssl/private \
|
||||
\
|
||||
${D}${sysconfdir}/ssl/
|
||||
ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs
|
||||
ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private
|
||||
ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf
|
||||
}
|
||||
|
||||
do_install_ptest () {
|
||||
@@ -192,12 +209,25 @@ do_install_ptest () {
|
||||
cp -r certs ${D}${PTEST_PATH}
|
||||
mkdir -p ${D}${PTEST_PATH}/apps
|
||||
ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps
|
||||
ln -sf ${libdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
|
||||
ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
|
||||
ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps
|
||||
cp apps/server2.pem ${D}${PTEST_PATH}/apps
|
||||
mkdir -p ${D}${PTEST_PATH}/util
|
||||
install util/opensslwrap.sh ${D}${PTEST_PATH}/util
|
||||
install util/shlib_wrap.sh ${D}${PTEST_PATH}/util
|
||||
# Time stamps are relevant for "make alltests", otherwise
|
||||
# make may try to recompile binaries. Not only must the
|
||||
# binary files be newer than the sources, they also must
|
||||
# be more recent than the header files in /usr/include.
|
||||
#
|
||||
# Using "cp -a" is not sufficient, because do_install
|
||||
# does not preserve the original time stamps.
|
||||
#
|
||||
# So instead of using the original file stamps, we set
|
||||
# the current time for all files. Binaries will get
|
||||
# modified again later when stripping them, but that's okay.
|
||||
touch ${D}${PTEST_PATH}
|
||||
find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH}
|
||||
}
|
||||
|
||||
do_install_append_class-native() {
|
||||
|
||||
286
meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch
Normal file
286
meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch
Normal file
@@ -0,0 +1,286 @@
|
||||
From a004e72b95835136d3f1ea90517f706c24c03da7 Mon Sep 17 00:00:00 2001
|
||||
From: Matt Caswell <matt@openssl.org>
|
||||
Date: Thu, 5 May 2016 11:10:26 +0100
|
||||
Subject: [PATCH] Avoid some undefined pointer arithmetic
|
||||
|
||||
A common idiom in the codebase is:
|
||||
|
||||
if (p + len > limit)
|
||||
{
|
||||
return; /* Too long */
|
||||
}
|
||||
|
||||
Where "p" points to some malloc'd data of SIZE bytes and
|
||||
limit == p + SIZE
|
||||
|
||||
"len" here could be from some externally supplied data (e.g. from a TLS
|
||||
message).
|
||||
|
||||
The rules of C pointer arithmetic are such that "p + len" is only well
|
||||
defined where len <= SIZE. Therefore the above idiom is actually
|
||||
undefined behaviour.
|
||||
|
||||
For example this could cause problems if some malloc implementation
|
||||
provides an address for "p" such that "p + len" actually overflows for
|
||||
values of len that are too big and therefore p + len < limit!
|
||||
|
||||
Issue reported by Guido Vranken.
|
||||
|
||||
CVE-2016-2177
|
||||
|
||||
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
||||
|
||||
Upstream-Status: Backport
|
||||
CVE: CVE-2016-2177
|
||||
|
||||
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||
|
||||
|
||||
---
|
||||
ssl/s3_srvr.c | 14 +++++++-------
|
||||
ssl/ssl_sess.c | 2 +-
|
||||
ssl/t1_lib.c | 56 ++++++++++++++++++++++++++++++--------------------------
|
||||
3 files changed, 38 insertions(+), 34 deletions(-)
|
||||
|
||||
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
|
||||
index ab28702..ab7f690 100644
|
||||
--- a/ssl/s3_srvr.c
|
||||
+++ b/ssl/s3_srvr.c
|
||||
@@ -980,7 +980,7 @@ int ssl3_get_client_hello(SSL *s)
|
||||
|
||||
session_length = *(p + SSL3_RANDOM_SIZE);
|
||||
|
||||
- if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) {
|
||||
+ if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p) {
|
||||
al = SSL_AD_DECODE_ERROR;
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
|
||||
goto f_err;
|
||||
@@ -998,7 +998,7 @@ int ssl3_get_client_hello(SSL *s)
|
||||
/* get the session-id */
|
||||
j = *(p++);
|
||||
|
||||
- if (p + j > d + n) {
|
||||
+ if ((d + n) - p < j) {
|
||||
al = SSL_AD_DECODE_ERROR;
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
|
||||
goto f_err;
|
||||
@@ -1054,14 +1054,14 @@ int ssl3_get_client_hello(SSL *s)
|
||||
|
||||
if (SSL_IS_DTLS(s)) {
|
||||
/* cookie stuff */
|
||||
- if (p + 1 > d + n) {
|
||||
+ if ((d + n) - p < 1) {
|
||||
al = SSL_AD_DECODE_ERROR;
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
|
||||
goto f_err;
|
||||
}
|
||||
cookie_len = *(p++);
|
||||
|
||||
- if (p + cookie_len > d + n) {
|
||||
+ if ((d + n ) - p < cookie_len) {
|
||||
al = SSL_AD_DECODE_ERROR;
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
|
||||
goto f_err;
|
||||
@@ -1131,7 +1131,7 @@ int ssl3_get_client_hello(SSL *s)
|
||||
}
|
||||
}
|
||||
|
||||
- if (p + 2 > d + n) {
|
||||
+ if ((d + n ) - p < 2) {
|
||||
al = SSL_AD_DECODE_ERROR;
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
|
||||
goto f_err;
|
||||
@@ -1145,7 +1145,7 @@ int ssl3_get_client_hello(SSL *s)
|
||||
}
|
||||
|
||||
/* i bytes of cipher data + 1 byte for compression length later */
|
||||
- if ((p + i + 1) > (d + n)) {
|
||||
+ if ((d + n) - p < i + 1) {
|
||||
/* not enough data */
|
||||
al = SSL_AD_DECODE_ERROR;
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
|
||||
@@ -1211,7 +1211,7 @@ int ssl3_get_client_hello(SSL *s)
|
||||
|
||||
/* compression */
|
||||
i = *(p++);
|
||||
- if ((p + i) > (d + n)) {
|
||||
+ if ((d + n) - p < i) {
|
||||
/* not enough data */
|
||||
al = SSL_AD_DECODE_ERROR;
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
|
||||
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
|
||||
index b182998..54ee783 100644
|
||||
--- a/ssl/ssl_sess.c
|
||||
+++ b/ssl/ssl_sess.c
|
||||
@@ -573,7 +573,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
|
||||
int r;
|
||||
#endif
|
||||
|
||||
- if (session_id + len > limit) {
|
||||
+ if (limit - session_id < len) {
|
||||
fatal = 1;
|
||||
goto err;
|
||||
}
|
||||
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
|
||||
index fb64607..cdac011 100644
|
||||
--- a/ssl/t1_lib.c
|
||||
+++ b/ssl/t1_lib.c
|
||||
@@ -1867,11 +1867,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
|
||||
0x02, 0x03, /* SHA-1/ECDSA */
|
||||
};
|
||||
|
||||
- if (data >= (limit - 2))
|
||||
+ if (limit - data <= 2)
|
||||
return;
|
||||
data += 2;
|
||||
|
||||
- if (data > (limit - 4))
|
||||
+ if (limit - data < 4)
|
||||
return;
|
||||
n2s(data, type);
|
||||
n2s(data, size);
|
||||
@@ -1879,7 +1879,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
|
||||
if (type != TLSEXT_TYPE_server_name)
|
||||
return;
|
||||
|
||||
- if (data + size > limit)
|
||||
+ if (limit - data < size)
|
||||
return;
|
||||
data += size;
|
||||
|
||||
@@ -1887,7 +1887,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
|
||||
const size_t len1 = sizeof(kSafariExtensionsBlock);
|
||||
const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
|
||||
|
||||
- if (data + len1 + len2 != limit)
|
||||
+ if (limit - data != (int)(len1 + len2))
|
||||
return;
|
||||
if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
|
||||
return;
|
||||
@@ -1896,7 +1896,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
|
||||
} else {
|
||||
const size_t len = sizeof(kSafariExtensionsBlock);
|
||||
|
||||
- if (data + len != limit)
|
||||
+ if (limit - data != (int)(len))
|
||||
return;
|
||||
if (memcmp(data, kSafariExtensionsBlock, len) != 0)
|
||||
return;
|
||||
@@ -2053,19 +2053,19 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
|
||||
if (data == limit)
|
||||
goto ri_check;
|
||||
|
||||
- if (data > (limit - 2))
|
||||
+ if (limit - data < 2)
|
||||
goto err;
|
||||
|
||||
n2s(data, len);
|
||||
|
||||
- if (data + len != limit)
|
||||
+ if (limit - data != len)
|
||||
goto err;
|
||||
|
||||
- while (data <= (limit - 4)) {
|
||||
+ while (limit - data >= 4) {
|
||||
n2s(data, type);
|
||||
n2s(data, size);
|
||||
|
||||
- if (data + size > (limit))
|
||||
+ if (limit - data < size)
|
||||
goto err;
|
||||
# if 0
|
||||
fprintf(stderr, "Received extension type %d size %d\n", type, size);
|
||||
@@ -2472,18 +2472,18 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s,
|
||||
if (s->hit || s->cert->srv_ext.meths_count == 0)
|
||||
return 1;
|
||||
|
||||
- if (data >= limit - 2)
|
||||
+ if (limit - data <= 2)
|
||||
return 1;
|
||||
n2s(data, len);
|
||||
|
||||
- if (data > limit - len)
|
||||
+ if (limit - data < len)
|
||||
return 1;
|
||||
|
||||
- while (data <= limit - 4) {
|
||||
+ while (limit - data >= 4) {
|
||||
n2s(data, type);
|
||||
n2s(data, size);
|
||||
|
||||
- if (data + size > limit)
|
||||
+ if (limit - data < size)
|
||||
return 1;
|
||||
if (custom_ext_parse(s, 1 /* server */ , type, data, size, al) <= 0)
|
||||
return 0;
|
||||
@@ -2569,20 +2569,20 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
|
||||
SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
|
||||
# endif
|
||||
|
||||
- if (data >= (d + n - 2))
|
||||
+ if ((d + n) - data <= 2)
|
||||
goto ri_check;
|
||||
|
||||
n2s(data, length);
|
||||
- if (data + length != d + n) {
|
||||
+ if ((d + n) - data != length) {
|
||||
*al = SSL_AD_DECODE_ERROR;
|
||||
return 0;
|
||||
}
|
||||
|
||||
- while (data <= (d + n - 4)) {
|
||||
+ while ((d + n) - data >= 4) {
|
||||
n2s(data, type);
|
||||
n2s(data, size);
|
||||
|
||||
- if (data + size > (d + n))
|
||||
+ if ((d + n) - data < size)
|
||||
goto ri_check;
|
||||
|
||||
if (s->tlsext_debug_cb)
|
||||
@@ -3307,29 +3307,33 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
|
||||
/* Skip past DTLS cookie */
|
||||
if (SSL_IS_DTLS(s)) {
|
||||
i = *(p++);
|
||||
- p += i;
|
||||
- if (p >= limit)
|
||||
+
|
||||
+ if (limit - p <= i)
|
||||
return -1;
|
||||
+
|
||||
+ p += i;
|
||||
}
|
||||
/* Skip past cipher list */
|
||||
n2s(p, i);
|
||||
- p += i;
|
||||
- if (p >= limit)
|
||||
+ if (limit - p <= i)
|
||||
return -1;
|
||||
+ p += i;
|
||||
+
|
||||
/* Skip past compression algorithm list */
|
||||
i = *(p++);
|
||||
- p += i;
|
||||
- if (p > limit)
|
||||
+ if (limit - p < i)
|
||||
return -1;
|
||||
+ p += i;
|
||||
+
|
||||
/* Now at start of extensions */
|
||||
- if ((p + 2) >= limit)
|
||||
+ if (limit - p <= 2)
|
||||
return 0;
|
||||
n2s(p, i);
|
||||
- while ((p + 4) <= limit) {
|
||||
+ while (limit - p >= 4) {
|
||||
unsigned short type, size;
|
||||
n2s(p, type);
|
||||
n2s(p, size);
|
||||
- if (p + size > limit)
|
||||
+ if (limit - p < size)
|
||||
return 0;
|
||||
if (type == TLSEXT_TYPE_session_ticket) {
|
||||
int r;
|
||||
--
|
||||
2.3.5
|
||||
|
||||
124
meta/recipes-connectivity/openssl/openssl/CVE-2016-8610.patch
Normal file
124
meta/recipes-connectivity/openssl/openssl/CVE-2016-8610.patch
Normal file
@@ -0,0 +1,124 @@
|
||||
From 22646a075e75991b4e8f5d67171e45a6aead5b48 Mon Sep 17 00:00:00 2001
|
||||
From: Matt Caswell <matt@openssl.org>
|
||||
Date: Wed, 21 Sep 2016 14:48:16 +0100
|
||||
Subject: [PATCH] Don't allow too many consecutive warning alerts
|
||||
|
||||
Certain warning alerts are ignored if they are received. This can mean that
|
||||
no progress will be made if one peer continually sends those warning alerts.
|
||||
Implement a count so that we abort the connection if we receive too many.
|
||||
|
||||
Issue reported by Shi Lei.
|
||||
|
||||
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
||||
|
||||
Upstream-Status: Backport
|
||||
CVE: CVE-2016-8610
|
||||
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||
|
||||
---
|
||||
ssl/d1_pkt.c | 15 +++++++++++++++
|
||||
ssl/s3_pkt.c | 15 +++++++++++++++
|
||||
ssl/ssl.h | 1 +
|
||||
ssl/ssl_locl.h | 4 ++++
|
||||
4 files changed, 35 insertions(+)
|
||||
|
||||
Index: openssl-1.0.2h/ssl/d1_pkt.c
|
||||
===================================================================
|
||||
--- openssl-1.0.2h.orig/ssl/d1_pkt.c
|
||||
+++ openssl-1.0.2h/ssl/d1_pkt.c
|
||||
@@ -928,6 +928,13 @@ int dtls1_read_bytes(SSL *s, int type, u
|
||||
goto start;
|
||||
}
|
||||
|
||||
+ /*
|
||||
+ * Reset the count of consecutive warning alerts if we've got a non-empty
|
||||
+ * record that isn't an alert.
|
||||
+ */
|
||||
+ if (rr->type != SSL3_RT_ALERT && rr->length != 0)
|
||||
+ s->cert->alert_count = 0;
|
||||
+
|
||||
/* we now have a packet which can be read and processed */
|
||||
|
||||
if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
|
||||
@@ -1194,6 +1201,14 @@ int dtls1_read_bytes(SSL *s, int type, u
|
||||
|
||||
if (alert_level == SSL3_AL_WARNING) {
|
||||
s->s3->warn_alert = alert_descr;
|
||||
+
|
||||
+ s->cert->alert_count++;
|
||||
+ if (s->cert->alert_count == MAX_WARN_ALERT_COUNT) {
|
||||
+ al = SSL_AD_UNEXPECTED_MESSAGE;
|
||||
+ SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
|
||||
+ goto f_err;
|
||||
+ }
|
||||
+
|
||||
if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
|
||||
#ifndef OPENSSL_NO_SCTP
|
||||
/*
|
||||
Index: openssl-1.0.2h/ssl/s3_pkt.c
|
||||
===================================================================
|
||||
--- openssl-1.0.2h.orig/ssl/s3_pkt.c
|
||||
+++ openssl-1.0.2h/ssl/s3_pkt.c
|
||||
@@ -1229,6 +1229,13 @@ int ssl3_read_bytes(SSL *s, int type, un
|
||||
return (ret);
|
||||
}
|
||||
|
||||
+ /*
|
||||
+ * Reset the count of consecutive warning alerts if we've got a non-empty
|
||||
+ * record that isn't an alert.
|
||||
+ */
|
||||
+ if (rr->type != SSL3_RT_ALERT && rr->length != 0)
|
||||
+ s->cert->alert_count = 0;
|
||||
+
|
||||
/* we now have a packet which can be read and processed */
|
||||
|
||||
if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
|
||||
@@ -1443,6 +1450,14 @@ int ssl3_read_bytes(SSL *s, int type, un
|
||||
|
||||
if (alert_level == SSL3_AL_WARNING) {
|
||||
s->s3->warn_alert = alert_descr;
|
||||
+
|
||||
+ s->cert->alert_count++;
|
||||
+ if (s->cert->alert_count == MAX_WARN_ALERT_COUNT) {
|
||||
+ al = SSL_AD_UNEXPECTED_MESSAGE;
|
||||
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
|
||||
+ goto f_err;
|
||||
+ }
|
||||
+
|
||||
if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
|
||||
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
|
||||
return (0);
|
||||
Index: openssl-1.0.2h/ssl/ssl.h
|
||||
===================================================================
|
||||
--- openssl-1.0.2h.orig/ssl/ssl.h
|
||||
+++ openssl-1.0.2h/ssl/ssl.h
|
||||
@@ -3115,6 +3115,7 @@ void ERR_load_SSL_strings(void);
|
||||
# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157
|
||||
# define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
|
||||
# define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
|
||||
+# define SSL_R_TOO_MANY_WARN_ALERTS 409
|
||||
# define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
|
||||
# define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
|
||||
# define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313
|
||||
Index: openssl-1.0.2h/ssl/ssl_locl.h
|
||||
===================================================================
|
||||
--- openssl-1.0.2h.orig/ssl/ssl_locl.h
|
||||
+++ openssl-1.0.2h/ssl/ssl_locl.h
|
||||
@@ -585,6 +585,8 @@ typedef struct {
|
||||
*/
|
||||
# define SSL_EXT_FLAG_SENT 0x2
|
||||
|
||||
+# define MAX_WARN_ALERT_COUNT 5
|
||||
+
|
||||
typedef struct {
|
||||
custom_ext_method *meths;
|
||||
size_t meths_count;
|
||||
@@ -692,6 +694,8 @@ typedef struct cert_st {
|
||||
unsigned char *alpn_proposed; /* server */
|
||||
unsigned int alpn_proposed_len;
|
||||
int alpn_sent; /* client */
|
||||
+ /* Count of the number of consecutive warning alerts received */
|
||||
+ unsigned int alert_count;
|
||||
} CERT;
|
||||
|
||||
typedef struct sess_cert_st {
|
||||
210
meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
Normal file
210
meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
Normal file
@@ -0,0 +1,210 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Ben Secrest <blsecres@gmail.com>
|
||||
#
|
||||
# sh c_rehash script, scan all files in a directory
|
||||
# and add symbolic links to their hash values.
|
||||
#
|
||||
# based on the c_rehash perl script distributed with openssl
|
||||
#
|
||||
# LICENSE: See OpenSSL license
|
||||
# ^^acceptable?^^
|
||||
#
|
||||
|
||||
# default certificate location
|
||||
DIR=/etc/openssl
|
||||
|
||||
# for filetype bitfield
|
||||
IS_CERT=$(( 1 << 0 ))
|
||||
IS_CRL=$(( 1 << 1 ))
|
||||
|
||||
|
||||
# check to see if a file is a certificate file or a CRL file
|
||||
# arguments:
|
||||
# 1. the filename to be scanned
|
||||
# returns:
|
||||
# bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
|
||||
#
|
||||
check_file()
|
||||
{
|
||||
local IS_TYPE=0
|
||||
|
||||
# make IFS a newline so we can process grep output line by line
|
||||
local OLDIFS=${IFS}
|
||||
IFS=$( printf "\n" )
|
||||
|
||||
# XXX: could be more efficient to have two 'grep -m' but is -m portable?
|
||||
for LINE in $( grep '^-----BEGIN .*-----' ${1} )
|
||||
do
|
||||
if echo ${LINE} \
|
||||
| grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
|
||||
then
|
||||
IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
|
||||
|
||||
if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
|
||||
then
|
||||
break
|
||||
fi
|
||||
elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
|
||||
then
|
||||
IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
|
||||
|
||||
if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
|
||||
then
|
||||
break
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
# restore IFS
|
||||
IFS=${OLDIFS}
|
||||
|
||||
return ${IS_TYPE}
|
||||
}
|
||||
|
||||
|
||||
#
|
||||
# use openssl to fingerprint a file
|
||||
# arguments:
|
||||
# 1. the filename to fingerprint
|
||||
# 2. the method to use (x509, crl)
|
||||
# returns:
|
||||
# none
|
||||
# assumptions:
|
||||
# user will capture output from last stage of pipeline
|
||||
#
|
||||
fingerprint()
|
||||
{
|
||||
${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
|
||||
}
|
||||
|
||||
|
||||
#
|
||||
# link_hash - create links to certificate files
|
||||
# arguments:
|
||||
# 1. the filename to create a link for
|
||||
# 2. the type of certificate being linked (x509, crl)
|
||||
# returns:
|
||||
# 0 on success, 1 otherwise
|
||||
#
|
||||
link_hash()
|
||||
{
|
||||
local FINGERPRINT=$( fingerprint ${1} ${2} )
|
||||
local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
|
||||
local SUFFIX=0
|
||||
local LINKFILE=''
|
||||
local TAG=''
|
||||
|
||||
if [ ${2} = "crl" ]
|
||||
then
|
||||
TAG='r'
|
||||
fi
|
||||
|
||||
LINKFILE=${HASH}.${TAG}${SUFFIX}
|
||||
|
||||
while [ -f ${LINKFILE} ]
|
||||
do
|
||||
if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
|
||||
then
|
||||
echo "NOTE: Skipping duplicate file ${1}" >&2
|
||||
return 1
|
||||
fi
|
||||
|
||||
SUFFIX=$(( ${SUFFIX} + 1 ))
|
||||
LINKFILE=${HASH}.${TAG}${SUFFIX}
|
||||
done
|
||||
|
||||
echo "${1} => ${LINKFILE}"
|
||||
|
||||
# assume any system with a POSIX shell will either support symlinks or
|
||||
# do something to handle this gracefully
|
||||
ln -s ${1} ${LINKFILE}
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
# hash_dir create hash links in a given directory
|
||||
hash_dir()
|
||||
{
|
||||
echo "Doing ${1}"
|
||||
|
||||
cd ${1}
|
||||
|
||||
ls -1 * 2>/dev/null | while read FILE
|
||||
do
|
||||
if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
|
||||
&& [ -h "${FILE}" ]
|
||||
then
|
||||
rm ${FILE}
|
||||
fi
|
||||
done
|
||||
|
||||
ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE
|
||||
do
|
||||
check_file ${FILE}
|
||||
local FILE_TYPE=${?}
|
||||
local TYPE_STR=''
|
||||
|
||||
if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
|
||||
then
|
||||
TYPE_STR='x509'
|
||||
elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
|
||||
then
|
||||
TYPE_STR='crl'
|
||||
else
|
||||
echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2
|
||||
continue
|
||||
fi
|
||||
|
||||
link_hash ${FILE} ${TYPE_STR}
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
# choose the name of an ssl application
|
||||
if [ -n "${OPENSSL}" ]
|
||||
then
|
||||
SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
|
||||
else
|
||||
SSL_CMD=/usr/bin/openssl
|
||||
OPENSSL=${SSL_CMD}
|
||||
export OPENSSL
|
||||
fi
|
||||
|
||||
# fix paths
|
||||
PATH=${PATH}:${DIR}/bin
|
||||
export PATH
|
||||
|
||||
# confirm existance/executability of ssl command
|
||||
if ! [ -x ${SSL_CMD} ]
|
||||
then
|
||||
echo "${0}: rehashing skipped ('openssl' program not available)" >&2
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# determine which directories to process
|
||||
old_IFS=$IFS
|
||||
if [ ${#} -gt 0 ]
|
||||
then
|
||||
IFS=':'
|
||||
DIRLIST=${*}
|
||||
elif [ -n "${SSL_CERT_DIR}" ]
|
||||
then
|
||||
DIRLIST=$SSL_CERT_DIR
|
||||
else
|
||||
DIRLIST=${DIR}/certs
|
||||
fi
|
||||
|
||||
IFS=':'
|
||||
|
||||
# process directories
|
||||
for CERT_DIR in ${DIRLIST}
|
||||
do
|
||||
if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
|
||||
then
|
||||
IFS=$old_IFS
|
||||
hash_dir ${CERT_DIR}
|
||||
IFS=':'
|
||||
fi
|
||||
done
|
||||
@@ -0,0 +1,34 @@
|
||||
From e427748f3bb5d37e78dc8d70a558c373aa8ababb Mon Sep 17 00:00:00 2001
|
||||
From: Robert Yang <liezhi.yang@windriver.com>
|
||||
Date: Mon, 19 Sep 2016 22:06:28 -0700
|
||||
Subject: [PATCH] util/perlpath.pl: make it work when cwd is not in @INC
|
||||
|
||||
Fixed when building on Debian-testing:
|
||||
| Can't locate find.pl in @INC (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.2 /usr/local/share/perl/5.22.2 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at perlpath.pl line 7.
|
||||
|
||||
The find.pl is added by oe-core, so once openssl/find.pl is removed,
|
||||
then this patch can be dropped.
|
||||
|
||||
Upstream-Status: Inappropriate [OE-Specific]
|
||||
|
||||
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
||||
---
|
||||
util/perlpath.pl | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/util/perlpath.pl b/util/perlpath.pl
|
||||
index a1f236b..5599892 100755
|
||||
--- a/util/perlpath.pl
|
||||
+++ b/util/perlpath.pl
|
||||
@@ -4,6 +4,8 @@
|
||||
# line in all scripts that rely on perl.
|
||||
#
|
||||
|
||||
+BEGIN { unshift @INC, "."; }
|
||||
+
|
||||
require "find.pl";
|
||||
|
||||
$#ARGV == 0 || print STDERR "usage: perlpath newpath (eg /usr/bin)\n";
|
||||
--
|
||||
2.9.0
|
||||
|
||||
@@ -13,6 +13,7 @@ export OE_LDFLAGS="${LDFLAGS}"
|
||||
|
||||
SRC_URI += "file://find.pl;subdir=${BP}/util/ \
|
||||
file://run-ptest \
|
||||
file://openssl-c_rehash.sh \
|
||||
file://configure-targets.patch \
|
||||
file://shared-libs.patch \
|
||||
file://oe-ldflags.patch \
|
||||
@@ -49,6 +50,9 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
|
||||
file://CVE-2016-6303.patch \
|
||||
file://CVE-2016-6304.patch \
|
||||
file://CVE-2016-6306.patch \
|
||||
file://CVE-2016-8610.patch \
|
||||
file://CVE-2016-2177.patch \
|
||||
file://openssl-util-perlpath.pl-cwd.patch \
|
||||
"
|
||||
SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0"
|
||||
SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"
|
||||
|
||||
@@ -0,0 +1,939 @@
|
||||
The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
|
||||
result in unauthenticated clients gaining access to the network.
|
||||
|
||||
Backport a number of patches from upstream to fix this.
|
||||
|
||||
CVE: CVE-2017-13077
|
||||
CVE: CVE-2017-13078
|
||||
CVE: CVE-2017-13079
|
||||
CVE: CVE-2017-13080
|
||||
CVE: CVE-2017-13081
|
||||
CVE: CVE-2017-13082
|
||||
CVE: CVE-2017-13086
|
||||
CVE: CVE-2017-13087
|
||||
CVE: CVE-2017-13088
|
||||
|
||||
Thanks to Wind River for the backport from upstream master to wpa_supplicant
|
||||
2.5.
|
||||
|
||||
Upstream-Status: Backport
|
||||
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
||||
|
||||
From 9a4a0f78bb2ad516d4a295fb5d042f8a61bd3f47 Mon Sep 17 00:00:00 2001
|
||||
From: Haiqing Bai <Haiqing.Bai@windriver.com>
|
||||
Date: Thu, 12 Oct 2017 10:13:17 +0800
|
||||
Subject: [PATCH 1/7] hostapd: Avoid key reinstallation in FT handshake
|
||||
|
||||
Do not reinstall TK to the driver during Reassociation Response frame
|
||||
processing if the first attempt of setting the TK succeeded. This avoids
|
||||
issues related to clearing the TX/RX PN that could result in reusing
|
||||
same PN values for transmitted frames (e.g., due to CCM nonce reuse and
|
||||
also hitting replay protection on the receiver) and accepting replayed
|
||||
frames on RX side.
|
||||
|
||||
This issue was introduced by the commit
|
||||
0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
|
||||
authenticator') which allowed wpa_ft_install_ptk() to be called multiple
|
||||
times with the same PTK. While the second configuration attempt is
|
||||
needed with some drivers, it must be done only if the first attempt
|
||||
failed.
|
||||
|
||||
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
|
||||
---
|
||||
src/ap/wpa_auth.c | 9 +++++++++
|
||||
src/ap/wpa_auth.h | 3 ++-
|
||||
src/ap/wpa_auth_ft.c | 10 ++++++++++
|
||||
src/ap/wpa_auth_i.h | 1 +
|
||||
4 files changed, 22 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
|
||||
index 2760a3f..b38a64d 100644
|
||||
--- a/src/ap/wpa_auth.c
|
||||
+++ b/src/ap/wpa_auth.c
|
||||
@@ -1740,6 +1740,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
|
||||
#else /* CONFIG_IEEE80211R */
|
||||
break;
|
||||
#endif /* CONFIG_IEEE80211R */
|
||||
+ case WPA_DRV_STA_REMOVED:
|
||||
+ sm->tk_already_set = FALSE;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_IEEE80211R
|
||||
@@ -3208,6 +3211,12 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
|
||||
return sm->wpa;
|
||||
}
|
||||
|
||||
+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
|
||||
+{
|
||||
+ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
|
||||
+ return 0;
|
||||
+ return sm->tk_already_set;
|
||||
+}
|
||||
|
||||
int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
|
||||
struct rsn_pmksa_cache_entry *entry)
|
||||
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
|
||||
index fd04f16..3e53461 100644
|
||||
--- a/src/ap/wpa_auth.h
|
||||
+++ b/src/ap/wpa_auth.h
|
||||
@@ -258,7 +258,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
|
||||
u8 *data, size_t data_len);
|
||||
enum wpa_event {
|
||||
WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
|
||||
- WPA_REAUTH_EAPOL, WPA_ASSOC_FT
|
||||
+ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
|
||||
};
|
||||
void wpa_remove_ptk(struct wpa_state_machine *sm);
|
||||
int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
|
||||
@@ -271,6 +271,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
|
||||
int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
|
||||
int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
|
||||
int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
|
||||
+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
|
||||
int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
|
||||
struct rsn_pmksa_cache_entry *entry);
|
||||
struct rsn_pmksa_cache_entry *
|
||||
diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
|
||||
index eeaffbf..f8f5dbe 100644
|
||||
--- a/src/ap/wpa_auth_ft.c
|
||||
+++ b/src/ap/wpa_auth_ft.c
|
||||
@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
|
||||
return;
|
||||
}
|
||||
|
||||
+ if (sm->tk_already_set) {
|
||||
+ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
|
||||
+ * PN in the driver */
|
||||
+ wpa_printf(MSG_DEBUG,
|
||||
+ "FT: Do not re-install same PTK to the driver");
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
/* FIX: add STA entry to kernel/driver here? The set_key will fail
|
||||
* most likely without this.. At the moment, STA entry is added only
|
||||
* after association has been completed. This function will be called
|
||||
@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
|
||||
|
||||
/* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
|
||||
sm->pairwise_set = TRUE;
|
||||
+ sm->tk_already_set = TRUE;
|
||||
}
|
||||
|
||||
|
||||
@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
|
||||
|
||||
sm->pairwise = pairwise;
|
||||
sm->PTK_valid = TRUE;
|
||||
+ sm->tk_already_set = FALSE;
|
||||
wpa_ft_install_ptk(sm);
|
||||
|
||||
buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
|
||||
diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
|
||||
index 57b098f..234d84c 100644
|
||||
--- a/src/ap/wpa_auth_i.h
|
||||
+++ b/src/ap/wpa_auth_i.h
|
||||
@@ -64,6 +64,7 @@ struct wpa_state_machine {
|
||||
struct wpa_ptk PTK;
|
||||
Boolean PTK_valid;
|
||||
Boolean pairwise_set;
|
||||
+ Boolean tk_already_set;
|
||||
int keycount;
|
||||
Boolean Pair;
|
||||
struct wpa_key_replay_counter {
|
||||
--
|
||||
1.9.1
|
||||
|
||||
From d0d1adad8792ae948743031543db8839f83db829 Mon Sep 17 00:00:00 2001
|
||||
From: Haiqing Bai <Haiqing.Bai@windriver.com>
|
||||
Date: Thu, 12 Oct 2017 13:18:59 +0800
|
||||
Subject: [PATCH 2/7] Prevent reinstallation of an already in-use group key
|
||||
|
||||
Track the current GTK and IGTK that is in use and when receiving a
|
||||
(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
|
||||
not install the given key if it is already in use. This prevents an
|
||||
attacker from trying to trick the client into resetting or lowering the
|
||||
sequence counter associated to the group key.
|
||||
|
||||
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
|
||||
---
|
||||
src/common/wpa_common.h | 11 +++++
|
||||
src/rsn_supp/wpa.c | 119 +++++++++++++++++++++++++++++-------------------
|
||||
src/rsn_supp/wpa_i.h | 4 ++
|
||||
3 files changed, 88 insertions(+), 46 deletions(-)
|
||||
|
||||
diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
|
||||
index c08f651..21e13da 100644
|
||||
--- a/src/common/wpa_common.h
|
||||
+++ b/src/common/wpa_common.h
|
||||
@@ -215,6 +215,17 @@ struct wpa_ptk {
|
||||
size_t tk_len;
|
||||
};
|
||||
|
||||
+struct wpa_gtk {
|
||||
+ u8 gtk[WPA_GTK_MAX_LEN];
|
||||
+ size_t gtk_len;
|
||||
+};
|
||||
+
|
||||
+#ifdef CONFIG_IEEE80211W
|
||||
+struct wpa_igtk {
|
||||
+ u8 igtk[WPA_IGTK_MAX_LEN];
|
||||
+ size_t igtk_len;
|
||||
+};
|
||||
+#endif /* CONFIG_IEEE80211W */
|
||||
|
||||
/* WPA IE version 1
|
||||
* 00-50-f2:1 (OUI:OUI type)
|
||||
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
|
||||
index a9f255e..eab7151 100644
|
||||
--- a/src/rsn_supp/wpa.c
|
||||
+++ b/src/rsn_supp/wpa.c
|
||||
@@ -697,6 +697,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
|
||||
const u8 *_gtk = gd->gtk;
|
||||
u8 gtk_buf[32];
|
||||
|
||||
+ /* Detect possible key reinstallation */
|
||||
+ if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
|
||||
+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
|
||||
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
|
||||
+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
|
||||
+ gd->keyidx, gd->tx, gd->gtk_len);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
|
||||
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
|
||||
"WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
|
||||
@@ -731,6 +740,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
|
||||
}
|
||||
os_memset(gtk_buf, 0, sizeof(gtk_buf));
|
||||
|
||||
+ sm->gtk.gtk_len = gd->gtk_len;
|
||||
+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -801,6 +813,47 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
|
||||
return 0;
|
||||
}
|
||||
|
||||
+#ifdef CONFIG_IEEE80211W
|
||||
+static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
|
||||
+ const struct wpa_igtk_kde *igtk)
|
||||
+{
|
||||
+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
|
||||
+ u16 keyidx = WPA_GET_LE16(igtk->keyid);
|
||||
+
|
||||
+ /* Detect possible key reinstallation */
|
||||
+ if (sm->igtk.igtk_len == len &&
|
||||
+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
|
||||
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
|
||||
+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
|
||||
+ keyidx);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
|
||||
+ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
|
||||
+ keyidx, MAC2STR(igtk->pn));
|
||||
+ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
|
||||
+ if (keyidx > 4095) {
|
||||
+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
|
||||
+ "WPA: Invalid IGTK KeyID %d", keyidx);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
|
||||
+ broadcast_ether_addr,
|
||||
+ keyidx, 0, igtk->pn, sizeof(igtk->pn),
|
||||
+ igtk->igtk, len) < 0) {
|
||||
+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
|
||||
+ "WPA: Failed to configure IGTK to the driver");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ sm->igtk.igtk_len = len;
|
||||
+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+#endif /* CONFIG_IEEE80211W */
|
||||
+
|
||||
|
||||
static int ieee80211w_set_keys(struct wpa_sm *sm,
|
||||
struct wpa_eapol_ie_parse *ie)
|
||||
@@ -812,30 +865,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
|
||||
if (ie->igtk) {
|
||||
size_t len;
|
||||
const struct wpa_igtk_kde *igtk;
|
||||
- u16 keyidx;
|
||||
+
|
||||
len = wpa_cipher_key_len(sm->mgmt_group_cipher);
|
||||
if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
|
||||
return -1;
|
||||
+
|
||||
igtk = (const struct wpa_igtk_kde *) ie->igtk;
|
||||
- keyidx = WPA_GET_LE16(igtk->keyid);
|
||||
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
|
||||
- "pn %02x%02x%02x%02x%02x%02x",
|
||||
- keyidx, MAC2STR(igtk->pn));
|
||||
- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
|
||||
- igtk->igtk, len);
|
||||
- if (keyidx > 4095) {
|
||||
- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
|
||||
- "WPA: Invalid IGTK KeyID %d", keyidx);
|
||||
- return -1;
|
||||
- }
|
||||
- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
|
||||
- broadcast_ether_addr,
|
||||
- keyidx, 0, igtk->pn, sizeof(igtk->pn),
|
||||
- igtk->igtk, len) < 0) {
|
||||
- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
|
||||
- "WPA: Failed to configure IGTK to the driver");
|
||||
- return -1;
|
||||
- }
|
||||
+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
|
||||
+ return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
@@ -2251,7 +2288,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
|
||||
*/
|
||||
void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
|
||||
{
|
||||
- int clear_ptk = 1;
|
||||
+ int clear_keys = 1;
|
||||
|
||||
if (sm == NULL)
|
||||
return;
|
||||
@@ -2277,11 +2314,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
|
||||
/* Prepare for the next transition */
|
||||
wpa_ft_prepare_auth_request(sm, NULL);
|
||||
|
||||
- clear_ptk = 0;
|
||||
+ clear_keys = 0;
|
||||
}
|
||||
#endif /* CONFIG_IEEE80211R */
|
||||
|
||||
- if (clear_ptk) {
|
||||
+ if (clear_keys) {
|
||||
/*
|
||||
* IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
|
||||
* this is not part of a Fast BSS Transition.
|
||||
@@ -2291,6 +2328,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
|
||||
os_memset(&sm->ptk, 0, sizeof(sm->ptk));
|
||||
sm->tptk_set = 0;
|
||||
os_memset(&sm->tptk, 0, sizeof(sm->tptk));
|
||||
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
|
||||
+#ifdef CONFIG_IEEE80211W
|
||||
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
|
||||
+#endif /* CONFIG_IEEE80211W */
|
||||
}
|
||||
|
||||
#ifdef CONFIG_TDLS
|
||||
@@ -2807,6 +2848,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
|
||||
os_memset(sm->pmk, 0, sizeof(sm->pmk));
|
||||
os_memset(&sm->ptk, 0, sizeof(sm->ptk));
|
||||
os_memset(&sm->tptk, 0, sizeof(sm->tptk));
|
||||
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
|
||||
+#ifdef CONFIG_IEEE80211W
|
||||
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
|
||||
+#endif /* CONFIG_IEEE80211W */
|
||||
#ifdef CONFIG_IEEE80211R
|
||||
os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
|
||||
os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
|
||||
@@ -2879,29 +2924,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
|
||||
os_memset(&gd, 0, sizeof(gd));
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
} else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
|
||||
- struct wpa_igtk_kde igd;
|
||||
- u16 keyidx;
|
||||
-
|
||||
- os_memset(&igd, 0, sizeof(igd));
|
||||
- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
|
||||
- os_memcpy(igd.keyid, buf + 2, 2);
|
||||
- os_memcpy(igd.pn, buf + 4, 6);
|
||||
-
|
||||
- keyidx = WPA_GET_LE16(igd.keyid);
|
||||
- os_memcpy(igd.igtk, buf + 10, keylen);
|
||||
-
|
||||
- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
|
||||
- igd.igtk, keylen);
|
||||
- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
|
||||
- broadcast_ether_addr,
|
||||
- keyidx, 0, igd.pn, sizeof(igd.pn),
|
||||
- igd.igtk, keylen) < 0) {
|
||||
- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
|
||||
- "WNM mode");
|
||||
- os_memset(&igd, 0, sizeof(igd));
|
||||
- return -1;
|
||||
- }
|
||||
- os_memset(&igd, 0, sizeof(igd));
|
||||
+ const struct wpa_igtk_kde *igtk;
|
||||
+
|
||||
+ igtk = (const struct wpa_igtk_kde *) (buf + 2);
|
||||
+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
|
||||
+ return -1;
|
||||
#endif /* CONFIG_IEEE80211W */
|
||||
} else {
|
||||
wpa_printf(MSG_DEBUG, "Unknown element id");
|
||||
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
|
||||
index 965a9c1..27b6123 100644
|
||||
--- a/src/rsn_supp/wpa_i.h
|
||||
+++ b/src/rsn_supp/wpa_i.h
|
||||
@@ -30,6 +30,10 @@ struct wpa_sm {
|
||||
u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
|
||||
int rx_replay_counter_set;
|
||||
u8 request_counter[WPA_REPLAY_COUNTER_LEN];
|
||||
+ struct wpa_gtk gtk;
|
||||
+#ifdef CONFIG_IEEE80211W
|
||||
+ struct wpa_igtk igtk;
|
||||
+#endif /* CONFIG_IEEE80211W */
|
||||
|
||||
struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
|
||||
|
||||
--
|
||||
1.9.1
|
||||
|
||||
From 76c0d1a21f0ebf00119e50bc57776d393ee4a30d Mon Sep 17 00:00:00 2001
|
||||
From: Haiqing Bai <Haiqing.Bai@windriver.com>
|
||||
Date: Thu, 12 Oct 2017 17:31:46 +0800
|
||||
Subject: [PATCH 3/7] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
|
||||
Mode cases
|
||||
|
||||
This extends the protection to track last configured GTK/IGTK value
|
||||
separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
|
||||
corner case where these two different mechanisms may get used when the
|
||||
GTK/IGTK has changed and tracking a single value is not sufficient to
|
||||
detect a possible key reconfiguration.
|
||||
|
||||
Signed-off-by: Jouni Malinen <j@w1.fi>
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
|
||||
---
|
||||
src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++---------------
|
||||
src/rsn_supp/wpa_i.h | 2 ++
|
||||
2 files changed, 40 insertions(+), 15 deletions(-)
|
||||
|
||||
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
|
||||
index eab7151..e7b5ca8 100644
|
||||
--- a/src/rsn_supp/wpa.c
|
||||
+++ b/src/rsn_supp/wpa.c
|
||||
@@ -692,14 +692,17 @@ struct wpa_gtk_data {
|
||||
|
||||
static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
|
||||
const struct wpa_gtk_data *gd,
|
||||
- const u8 *key_rsc)
|
||||
+ const u8 *key_rsc, int wnm_sleep)
|
||||
{
|
||||
const u8 *_gtk = gd->gtk;
|
||||
u8 gtk_buf[32];
|
||||
|
||||
/* Detect possible key reinstallation */
|
||||
- if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
|
||||
- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
|
||||
+ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
|
||||
+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
|
||||
+ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
|
||||
+ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
|
||||
+ sm->gtk_wnm_sleep.gtk_len) == 0)) {
|
||||
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
|
||||
"WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
|
||||
gd->keyidx, gd->tx, gd->gtk_len);
|
||||
@@ -740,8 +743,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
|
||||
}
|
||||
os_memset(gtk_buf, 0, sizeof(gtk_buf));
|
||||
|
||||
- sm->gtk.gtk_len = gd->gtk_len;
|
||||
- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
|
||||
+ if (wnm_sleep) {
|
||||
+ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
|
||||
+ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
|
||||
+ sm->gtk_wnm_sleep.gtk_len);
|
||||
+ } else {
|
||||
+ sm->gtk.gtk_len = gd->gtk_len;
|
||||
+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
|
||||
+ }
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -800,7 +809,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
|
||||
(wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
|
||||
gtk_len, gtk_len,
|
||||
&gd.key_rsc_len, &gd.alg) ||
|
||||
- wpa_supplicant_install_gtk(sm, &gd, key->key_rsc))) {
|
||||
+ wpa_supplicant_install_gtk(sm, &gd, key->key_rsc, 0))) {
|
||||
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
|
||||
"RSN: Failed to install GTK");
|
||||
os_memset(&gd, 0, sizeof(gd));
|
||||
@@ -815,14 +824,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
|
||||
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
|
||||
- const struct wpa_igtk_kde *igtk)
|
||||
+ const struct wpa_igtk_kde *igtk,
|
||||
+ int wnm_sleep)
|
||||
{
|
||||
size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
|
||||
u16 keyidx = WPA_GET_LE16(igtk->keyid);
|
||||
|
||||
/* Detect possible key reinstallation */
|
||||
- if (sm->igtk.igtk_len == len &&
|
||||
- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
|
||||
+ if ((sm->igtk.igtk_len == len &&
|
||||
+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
|
||||
+ (sm->igtk_wnm_sleep.igtk_len == len &&
|
||||
+ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
|
||||
+ sm->igtk_wnm_sleep.igtk_len) == 0)) {
|
||||
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
|
||||
"WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
|
||||
keyidx);
|
||||
@@ -847,8 +860,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
|
||||
return -1;
|
||||
}
|
||||
|
||||
- sm->igtk.igtk_len = len;
|
||||
- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
|
||||
+ if (wnm_sleep) {
|
||||
+ sm->igtk_wnm_sleep.igtk_len = len;
|
||||
+ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
|
||||
+ sm->igtk_wnm_sleep.igtk_len);
|
||||
+ } else {
|
||||
+ sm->igtk.igtk_len = len;
|
||||
+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
|
||||
+ }
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -871,7 +890,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
|
||||
return -1;
|
||||
|
||||
igtk = (const struct wpa_igtk_kde *) ie->igtk;
|
||||
- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
|
||||
+ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -1520,7 +1539,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
|
||||
if (ret)
|
||||
goto failed;
|
||||
|
||||
- if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) ||
|
||||
+ if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc, 0) ||
|
||||
wpa_supplicant_send_2_of_2(sm, key, ver, key_info))
|
||||
goto failed;
|
||||
os_memset(&gd, 0, sizeof(gd));
|
||||
@@ -2329,8 +2348,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
|
||||
sm->tptk_set = 0;
|
||||
os_memset(&sm->tptk, 0, sizeof(sm->tptk));
|
||||
os_memset(&sm->gtk, 0, sizeof(sm->gtk));
|
||||
+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
os_memset(&sm->igtk, 0, sizeof(sm->igtk));
|
||||
+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
|
||||
#endif /* CONFIG_IEEE80211W */
|
||||
}
|
||||
|
||||
@@ -2849,8 +2870,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
|
||||
os_memset(&sm->ptk, 0, sizeof(sm->ptk));
|
||||
os_memset(&sm->tptk, 0, sizeof(sm->tptk));
|
||||
os_memset(&sm->gtk, 0, sizeof(sm->gtk));
|
||||
+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
os_memset(&sm->igtk, 0, sizeof(sm->igtk));
|
||||
+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
|
||||
#endif /* CONFIG_IEEE80211W */
|
||||
#ifdef CONFIG_IEEE80211R
|
||||
os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
|
||||
@@ -2915,7 +2938,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
|
||||
|
||||
wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
|
||||
gd.gtk, gd.gtk_len);
|
||||
- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
|
||||
+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
|
||||
os_memset(&gd, 0, sizeof(gd));
|
||||
wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
|
||||
"WNM mode");
|
||||
@@ -2927,7 +2950,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
|
||||
const struct wpa_igtk_kde *igtk;
|
||||
|
||||
igtk = (const struct wpa_igtk_kde *) (buf + 2);
|
||||
- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
|
||||
+ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
|
||||
return -1;
|
||||
#endif /* CONFIG_IEEE80211W */
|
||||
} else {
|
||||
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
|
||||
index 27b6123..51753ee 100644
|
||||
--- a/src/rsn_supp/wpa_i.h
|
||||
+++ b/src/rsn_supp/wpa_i.h
|
||||
@@ -31,8 +31,10 @@ struct wpa_sm {
|
||||
int rx_replay_counter_set;
|
||||
u8 request_counter[WPA_REPLAY_COUNTER_LEN];
|
||||
struct wpa_gtk gtk;
|
||||
+ struct wpa_gtk gtk_wnm_sleep;
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
struct wpa_igtk igtk;
|
||||
+ struct wpa_igtk igtk_wnm_sleep;
|
||||
#endif /* CONFIG_IEEE80211W */
|
||||
|
||||
struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
|
||||
--
|
||||
1.9.1
|
||||
|
||||
From dc0d33ee697d016f14d0b6f3330720de2dfa9ad8 Mon Sep 17 00:00:00 2001
|
||||
From: Haiqing Bai <Haiqing.Bai@windriver.com>
|
||||
Date: Thu, 12 Oct 2017 17:55:19 +0800
|
||||
Subject: [PATCH 4/7] Prevent installation of an all-zero TK
|
||||
|
||||
Properly track whether a PTK has already been installed to the driver
|
||||
and the TK part cleared from memory. This prevents an attacker from
|
||||
trying to trick the client into installing an all-zero TK.
|
||||
|
||||
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
|
||||
---
|
||||
src/common/wpa_common.h | 1 +
|
||||
src/rsn_supp/wpa.c | 7 +++++++
|
||||
2 files changed, 8 insertions(+)
|
||||
|
||||
diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
|
||||
index 21e13da..a04e759 100644
|
||||
--- a/src/common/wpa_common.h
|
||||
+++ b/src/common/wpa_common.h
|
||||
@@ -213,6 +213,7 @@ struct wpa_ptk {
|
||||
size_t kck_len;
|
||||
size_t kek_len;
|
||||
size_t tk_len;
|
||||
+ int installed; /* 1 if key has already been installed to driver */
|
||||
};
|
||||
|
||||
struct wpa_gtk {
|
||||
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
|
||||
index e7b5ca8..cb69b67 100644
|
||||
--- a/src/rsn_supp/wpa.c
|
||||
+++ b/src/rsn_supp/wpa.c
|
||||
@@ -605,6 +605,12 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
|
||||
const u8 *key_rsc;
|
||||
u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
|
||||
|
||||
+ if (sm->ptk.installed) {
|
||||
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
|
||||
+ "WPA: Do not re-install same PTK to the driver");
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
|
||||
"WPA: Installing PTK to the driver");
|
||||
|
||||
@@ -643,6 +649,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
|
||||
|
||||
/* TK is not needed anymore in supplicant */
|
||||
os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
|
||||
+ sm->ptk.installed = 1;
|
||||
|
||||
if (sm->wpa_ptk_rekey) {
|
||||
eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
|
||||
--
|
||||
1.9.1
|
||||
|
||||
From 9831007c38f18cd70a077fccc22c836100867138 Mon Sep 17 00:00:00 2001
|
||||
From: Haiqing Bai <Haiqing.Bai@windriver.com>
|
||||
Date: Thu, 12 Oct 2017 19:45:13 +0800
|
||||
Subject: [PATCH 5/7] Fix PTK rekeying to generate a new ANonce
|
||||
|
||||
The Authenticator state machine path for PTK rekeying ended up bypassing
|
||||
the AUTHENTICATION2 state where a new ANonce is generated when going
|
||||
directly to the PTKSTART state since there is no need to try to
|
||||
determine the PMK again in such a case. This is far from ideal since the
|
||||
new PTK would depend on a new nonce only from the supplicant.
|
||||
|
||||
Fix this by generating a new ANonce when moving to the PTKSTART state
|
||||
for the purpose of starting new 4-way handshake to rekey PTK.
|
||||
|
||||
Signed-off-by: Jouni Malinen <j@w1.fi>
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
|
||||
---
|
||||
src/ap/wpa_auth.c | 23 ++++++++++++++++++++---
|
||||
1 file changed, 20 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
|
||||
index b38a64d..c603b1b 100644
|
||||
--- a/src/ap/wpa_auth.c
|
||||
+++ b/src/ap/wpa_auth.c
|
||||
@@ -1895,6 +1895,20 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
|
||||
sm->TimeoutCtr = 0;
|
||||
}
|
||||
|
||||
+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
|
||||
+{
|
||||
+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
|
||||
+ wpa_printf(MSG_ERROR,
|
||||
+ "WPA: Failed to get random data for ANonce");
|
||||
+ sm->Disconnect = TRUE;
|
||||
+ return -1;
|
||||
+ }
|
||||
+ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
|
||||
+ WPA_NONCE_LEN);
|
||||
+ sm->TimeoutCtr = 0;
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
|
||||
SM_STATE(WPA_PTK, INITPMK)
|
||||
{
|
||||
@@ -2417,9 +2431,12 @@ SM_STEP(WPA_PTK)
|
||||
SM_ENTER(WPA_PTK, AUTHENTICATION);
|
||||
else if (sm->ReAuthenticationRequest)
|
||||
SM_ENTER(WPA_PTK, AUTHENTICATION2);
|
||||
- else if (sm->PTKRequest)
|
||||
- SM_ENTER(WPA_PTK, PTKSTART);
|
||||
- else switch (sm->wpa_ptk_state) {
|
||||
+ else if (sm->PTKRequest) {
|
||||
+ if (wpa_auth_sm_ptk_update(sm) < 0)
|
||||
+ SM_ENTER(WPA_PTK, DISCONNECTED);
|
||||
+ else
|
||||
+ SM_ENTER(WPA_PTK, PTKSTART);
|
||||
+ } else switch (sm->wpa_ptk_state) {
|
||||
case WPA_PTK_INITIALIZE:
|
||||
break;
|
||||
case WPA_PTK_DISCONNECT:
|
||||
--
|
||||
1.9.1
|
||||
|
||||
From 7ec70b3c5a5e32f7687999ef21c608524dcf35b9 Mon Sep 17 00:00:00 2001
|
||||
From: Haiqing Bai <Haiqing.Bai@windriver.com>
|
||||
Date: Thu, 12 Oct 2017 20:09:26 +0800
|
||||
Subject: [PATCH 6/7] TDLS: Reject TPK-TK reconfiguration
|
||||
|
||||
Do not try to reconfigure the same TPK-TK to the driver after it has
|
||||
been successfully configured. This is an explicit check to avoid issues
|
||||
related to resetting the TX/RX packet number. There was already a check
|
||||
for this for TPK M2 (retries of that message are ignored completely), so
|
||||
that behavior does not get modified.
|
||||
|
||||
For TPK M3, the TPK-TK could have been reconfigured, but that was
|
||||
followed by immediate teardown of the link due to an issue in updating
|
||||
the STA entry. Furthermore, for TDLS with any real security (i.e.,
|
||||
ignoring open/WEP), the TPK message exchange is protected on the AP path
|
||||
and simple replay attacks are not feasible.
|
||||
|
||||
As an additional corner case, make sure the local nonce gets updated if
|
||||
the peer uses a very unlikely "random nonce" of all zeros.
|
||||
|
||||
Signed-off-by: Jouni Malinen <j@w1.fi>
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
|
||||
---
|
||||
src/rsn_supp/tdls.c | 36 ++++++++++++++++++++++++++++++++++--
|
||||
1 file changed, 34 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
|
||||
index 722c20a..0878c62 100644
|
||||
--- a/src/rsn_supp/tdls.c
|
||||
+++ b/src/rsn_supp/tdls.c
|
||||
@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
|
||||
u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
|
||||
} tpk;
|
||||
int tpk_set;
|
||||
+ int tk_set; /* TPK-TK configured to the driver */
|
||||
int tpk_success;
|
||||
int tpk_in_progress;
|
||||
|
||||
@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
|
||||
u8 rsc[6];
|
||||
enum wpa_alg alg;
|
||||
|
||||
+ if (peer->tk_set) {
|
||||
+ /*
|
||||
+ * This same TPK-TK has already been configured to the driver
|
||||
+ * and this new configuration attempt (likely due to an
|
||||
+ * unexpected retransmitted frame) would result in clearing
|
||||
+ * the TX/RX sequence number which can break security, so must
|
||||
+ * not allow that to happen.
|
||||
+ */
|
||||
+ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
|
||||
+ " has already been configured to the driver - do not reconfigure",
|
||||
+ MAC2STR(peer->addr));
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
os_memset(rsc, 0, 6);
|
||||
|
||||
switch (peer->cipher) {
|
||||
@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
|
||||
+ MAC2STR(peer->addr));
|
||||
if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
|
||||
rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
|
||||
wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
|
||||
"driver");
|
||||
return -1;
|
||||
}
|
||||
+ peer->tk_set = 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -690,7 +708,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
|
||||
peer->cipher = 0;
|
||||
peer->qos_info = 0;
|
||||
peer->wmm_capable = 0;
|
||||
- peer->tpk_set = peer->tpk_success = 0;
|
||||
+ peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
|
||||
peer->chan_switch_enabled = 0;
|
||||
os_memset(&peer->tpk, 0, sizeof(peer->tpk));
|
||||
os_memset(peer->inonce, 0, WPA_NONCE_LEN);
|
||||
@@ -1153,6 +1171,7 @@ skip_rsnie:
|
||||
wpa_tdls_peer_free(sm, peer);
|
||||
return -1;
|
||||
}
|
||||
+ peer->tk_set = 0; /* A new nonce results in a new TK */
|
||||
wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
|
||||
peer->inonce, WPA_NONCE_LEN);
|
||||
os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
|
||||
@@ -1744,6 +1763,17 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
|
||||
peer->supp_oper_classes_len);
|
||||
}
|
||||
|
||||
+static int tdls_nonce_set(const u8 *nonce)
|
||||
+{
|
||||
+ int i;
|
||||
+
|
||||
+ for (i = 0; i < WPA_NONCE_LEN; i++) {
|
||||
+ if (nonce[i])
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
|
||||
static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
|
||||
const u8 *buf, size_t len)
|
||||
@@ -1998,7 +2028,8 @@ skip_rsn:
|
||||
peer->rsnie_i_len = kde.rsn_ie_len;
|
||||
peer->cipher = cipher;
|
||||
|
||||
- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
|
||||
+ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
|
||||
+ !tdls_nonce_set(peer->inonce)) {
|
||||
/*
|
||||
* There is no point in updating the RNonce for every obtained
|
||||
* TPK M1 frame (e.g., retransmission due to timeout) with the
|
||||
@@ -2014,6 +2045,7 @@ skip_rsn:
|
||||
"TDLS: Failed to get random data for responder nonce");
|
||||
goto error;
|
||||
}
|
||||
+ peer->tk_set = 0; /* A new nonce results in a new TK */
|
||||
}
|
||||
|
||||
#if 0
|
||||
--
|
||||
1.9.1
|
||||
|
||||
From 642f5eadf775b41bf3ddd8ffe77c33e785bda48f Mon Sep 17 00:00:00 2001
|
||||
From: Haiqing Bai <Haiqing.Bai@windriver.com>
|
||||
Date: Thu, 12 Oct 2017 20:36:56 +0800
|
||||
Subject: [PATCH 7/7] FT: Do not allow multiple Reassociation Response frames
|
||||
|
||||
The driver is expected to not report a second association event without
|
||||
the station having explicitly request a new association. As such, this
|
||||
case should not be reachable. However, since reconfiguring the same
|
||||
pairwise or group keys to the driver could result in nonce reuse issues,
|
||||
be extra careful here and do an additional state check to avoid this
|
||||
even if the local driver ends up somehow accepting an unexpected
|
||||
Reassociation Response frame.
|
||||
|
||||
Signed-off-by: Jouni Malinen <j@w1.fi>
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
|
||||
---
|
||||
src/rsn_supp/wpa.c | 3 +++
|
||||
src/rsn_supp/wpa_ft.c | 8 ++++++++
|
||||
src/rsn_supp/wpa_i.h | 1 +
|
||||
3 files changed, 12 insertions(+)
|
||||
|
||||
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
|
||||
index cb69b67..05e5168 100644
|
||||
--- a/src/rsn_supp/wpa.c
|
||||
+++ b/src/rsn_supp/wpa.c
|
||||
@@ -2391,6 +2391,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
|
||||
#ifdef CONFIG_TDLS
|
||||
wpa_tdls_disassoc(sm);
|
||||
#endif /* CONFIG_TDLS */
|
||||
+#ifdef CONFIG_IEEE80211R
|
||||
+ sm->ft_reassoc_completed = 0;
|
||||
+#endif /* CONFIG_IEEE80211R */
|
||||
|
||||
/* Keys are not needed in the WPA state machine anymore */
|
||||
wpa_sm_drop_sa(sm);
|
||||
diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
|
||||
index 205793e..d45bb45 100644
|
||||
--- a/src/rsn_supp/wpa_ft.c
|
||||
+++ b/src/rsn_supp/wpa_ft.c
|
||||
@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
|
||||
u16 capab;
|
||||
|
||||
sm->ft_completed = 0;
|
||||
+ sm->ft_reassoc_completed = 0;
|
||||
|
||||
buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
|
||||
2 + sm->r0kh_id_len + ric_ies_len + 100;
|
||||
@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ if (sm->ft_reassoc_completed) {
|
||||
+ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
|
||||
wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
|
||||
return -1;
|
||||
@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ sm->ft_reassoc_completed = 1;
|
||||
+
|
||||
if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
|
||||
return -1;
|
||||
|
||||
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
|
||||
index 51753ee..85cc862 100644
|
||||
--- a/src/rsn_supp/wpa_i.h
|
||||
+++ b/src/rsn_supp/wpa_i.h
|
||||
@@ -127,6 +127,7 @@ struct wpa_sm {
|
||||
size_t r0kh_id_len;
|
||||
u8 r1kh_id[FT_R1KH_ID_LEN];
|
||||
int ft_completed;
|
||||
+ int ft_reassoc_completed;
|
||||
int over_the_ds_in_progress;
|
||||
u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
|
||||
int set_ptk_after_assoc;
|
||||
--
|
||||
1.9.1
|
||||
|
||||
@@ -29,6 +29,7 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
|
||||
file://0001-Reject-psk-parameter-set-with-invalid-passphrase-cha.patch \
|
||||
file://0002-Reject-SET_CRED-commands-with-newline-characters-in-.patch \
|
||||
file://0003-Reject-SET-commands-with-newline-characters-in-the-s.patch \
|
||||
file://key-replay-cve-multiple.patch \
|
||||
"
|
||||
SRC_URI[md5sum] = "96ff75c3a514f1f324560a2376f13110"
|
||||
SRC_URI[sha256sum] = "cce55bae483b364eae55c35ba567c279be442ed8bab5b80a3c7fb0d057b9b316"
|
||||
|
||||
@@ -0,0 +1,123 @@
|
||||
From cb31522769d11a375078a073cba94e7176cb48a4 Mon Sep 17 00:00:00 2001
|
||||
From: Sebastian Pipping <sebastian@pipping.org>
|
||||
Date: Wed, 16 Mar 2016 15:30:12 +0100
|
||||
Subject: [PATCH] Resolve call to srand, use more entropy (patch version 1.0)
|
||||
|
||||
Squashed backport against vanilla Expat 2.1.1, addressing:
|
||||
* CVE-2012-6702 -- unanticipated internal calls to srand
|
||||
* CVE-2016-5300 -- use of too little entropy
|
||||
|
||||
Since commit e3e81a6d9f0885ea02d3979151c358f314bf3d6d
|
||||
(released with Expat 2.1.0) Expat called srand by itself
|
||||
from inside generate_hash_secret_salt for an instance
|
||||
of XML_Parser if XML_SetHashSalt was either (a) not called
|
||||
for that instance or if (b) salt 0 was passed to XML_SetHashSalt
|
||||
prior to parsing. That call to srand passed (rather litle)
|
||||
entropy extracted from the current time as a seed for srand.
|
||||
|
||||
That call to srand (1) broke repeatability for code calling
|
||||
srand with a non-random seed prior to parsing with Expat,
|
||||
and (2) resulted in a rather small set of hashing salts in
|
||||
Expat in total.
|
||||
|
||||
For a short- to mid-term fix, the new approach avoids calling
|
||||
srand altogether, extracts more entropy out of the clock and
|
||||
other sources, too.
|
||||
|
||||
For a long term fix, we may want to read sizeof(long) bytes
|
||||
from a source like getrandom(..) on Linux, and from similar
|
||||
sources on other supported architectures.
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1197087
|
||||
|
||||
CVE: CVE-2012-6702
|
||||
CVE: CVE-2016-5300
|
||||
Upstream-Status: Backport
|
||||
|
||||
Removed changes from CMakeLists.txt from original patch, since that code is
|
||||
not part of fix for these CVEs.
|
||||
Reference to the commit for CMakeLists.txt changes:
|
||||
https://sourceforge.net/p/expat/code_git/ci/37f7efb878660d55ff5fd67ad2cda1c103297df6
|
||||
|
||||
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
||||
---
|
||||
diff -Nurp a/lib/xmlparse.c b/lib/xmlparse.c
|
||||
--- a/lib/xmlparse.c 2017-01-13 10:16:35.570784710 +0100
|
||||
+++ b/lib/xmlparse.c 2017-01-13 11:22:20.522433486 +0100
|
||||
@@ -6,7 +6,14 @@
|
||||
#include <string.h> /* memset(), memcpy() */
|
||||
#include <assert.h>
|
||||
#include <limits.h> /* UINT_MAX */
|
||||
-#include <time.h> /* time() */
|
||||
+
|
||||
+#ifdef COMPILED_FROM_DSP
|
||||
+#define getpid GetCurrentProcessId
|
||||
+#else
|
||||
+#include <sys/time.h> /* gettimeofday() */
|
||||
+#include <sys/types.h> /* getpid() */
|
||||
+#include <unistd.h> /* getpid() */
|
||||
+#endif
|
||||
|
||||
#define XML_BUILDING_EXPAT 1
|
||||
|
||||
@@ -432,7 +439,7 @@ static ELEMENT_TYPE *
|
||||
getElementType(XML_Parser parser, const ENCODING *enc,
|
||||
const char *ptr, const char *end);
|
||||
|
||||
-static unsigned long generate_hash_secret_salt(void);
|
||||
+static unsigned long generate_hash_secret_salt(XML_Parser parser);
|
||||
static XML_Bool startParsing(XML_Parser parser);
|
||||
|
||||
static XML_Parser
|
||||
@@ -691,11 +698,38 @@ static const XML_Char implicitContext[]
|
||||
};
|
||||
|
||||
static unsigned long
|
||||
-generate_hash_secret_salt(void)
|
||||
+gather_time_entropy(void)
|
||||
+{
|
||||
+#ifdef COMPILED_FROM_DSP
|
||||
+ FILETIME ft;
|
||||
+ GetSystemTimeAsFileTime(&ft); /* never fails */
|
||||
+ return ft.dwHighDateTime ^ ft.dwLowDateTime;
|
||||
+#else
|
||||
+ struct timeval tv;
|
||||
+ int gettimeofday_res;
|
||||
+
|
||||
+ gettimeofday_res = gettimeofday(&tv, NULL);
|
||||
+ assert (gettimeofday_res == 0);
|
||||
+
|
||||
+ /* Microseconds time is <20 bits entropy */
|
||||
+ return tv.tv_usec;
|
||||
+#endif
|
||||
+}
|
||||
+
|
||||
+static unsigned long
|
||||
+generate_hash_secret_salt(XML_Parser parser)
|
||||
{
|
||||
- unsigned int seed = time(NULL) % UINT_MAX;
|
||||
- srand(seed);
|
||||
- return rand();
|
||||
+ /* Process ID is 0 bits entropy if attacker has local access
|
||||
+ * XML_Parser address is few bits of entropy if attacker has local access */
|
||||
+ const unsigned long entropy =
|
||||
+ gather_time_entropy() ^ getpid() ^ (unsigned long)parser;
|
||||
+
|
||||
+ /* Factors are 2^31-1 and 2^61-1 (Mersenne primes M31 and M61) */
|
||||
+ if (sizeof(unsigned long) == 4) {
|
||||
+ return entropy * 2147483647;
|
||||
+ } else {
|
||||
+ return entropy * 2305843009213693951;
|
||||
+ }
|
||||
}
|
||||
|
||||
static XML_Bool /* only valid for root parser */
|
||||
@@ -703,7 +737,7 @@ startParsing(XML_Parser parser)
|
||||
{
|
||||
/* hash functions must be initialized before setContext() is called */
|
||||
if (hash_secret_salt == 0)
|
||||
- hash_secret_salt = generate_hash_secret_salt();
|
||||
+ hash_secret_salt = generate_hash_secret_salt(parser);
|
||||
if (ns) {
|
||||
/* implicit context only set for root parser, since child
|
||||
parsers (i.e. external entity parsers) will inherit it
|
||||
@@ -1,5 +1,9 @@
|
||||
require expat.inc
|
||||
|
||||
FILESEXTRAPATHS_prepend := "${THISDIR}/expat-2.1.0:"
|
||||
LIC_FILES_CHKSUM = "file://COPYING;md5=1b71f681713d1256e1c23b0890920874"
|
||||
|
||||
SRC_URI += "file://CVE-2016-5300_CVE-2012-6702.patch \
|
||||
"
|
||||
SRC_URI[md5sum] = "dd7dab7a5fea97d2a6a43f511449b7cd"
|
||||
SRC_URI[sha256sum] = "823705472f816df21c8f6aa026dd162b280806838bb55b3432b0fb1fcca7eb86"
|
||||
|
||||
@@ -21,7 +21,7 @@ IMAGE_FSTYPES = "vmdk"
|
||||
|
||||
inherit core-image module-base
|
||||
|
||||
SRCREV ?= "8e4188e274596f8ca61109b53e75cbc74d012307"
|
||||
SRCREV ?= "7241042b708b415a25b6ef469ea21688fe3d6dc5"
|
||||
SRC_URI = "git://git.yoctoproject.org/poky;branch=krogoth \
|
||||
file://Yocto_Build_Appliance.vmx \
|
||||
file://Yocto_Build_Appliance.vmxf \
|
||||
|
||||
@@ -138,6 +138,12 @@ if [ ! "${device#/dev/mmcblk}" = "${device}" ]; then
|
||||
part_prefix="p"
|
||||
rootwait="rootwait"
|
||||
fi
|
||||
|
||||
# USB devices also require rootwait
|
||||
if [ -n `readlink /dev/disk/by-id/usb* | grep $TARGET_DEVICE_NAME` ]; then
|
||||
rootwait="rootwait"
|
||||
fi
|
||||
|
||||
bootfs=${device}${part_prefix}1
|
||||
rootfs=${device}${part_prefix}2
|
||||
swap=${device}${part_prefix}3
|
||||
|
||||
@@ -146,6 +146,11 @@ if [ ! "${device#/dev/mmcblk}" = "${device}" ]; then
|
||||
rootwait="rootwait"
|
||||
fi
|
||||
|
||||
# USB devices also require rootwait
|
||||
if [ -n `readlink /dev/disk/by-id/usb* | grep $TARGET_DEVICE_NAME` ]; then
|
||||
rootwait="rootwait"
|
||||
fi
|
||||
|
||||
if [ $grub_version -eq 0 ] ; then
|
||||
bios_boot=''
|
||||
bootfs=${device}${part_prefix}1
|
||||
|
||||
@@ -6,7 +6,7 @@ SECTION = "libs"
|
||||
LICENSE = "Zlib"
|
||||
LIC_FILES_CHKSUM = "file://zlib.h;beginline=4;endline=23;md5=fde612df1e5933c428b73844a0c494fd"
|
||||
|
||||
SRC_URI = "http://www.zlib.net/${BPN}-${PV}.tar.xz \
|
||||
SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/${BPN}/${PV}/${BPN}-${PV}.tar.xz \
|
||||
file://remove.ldconfig.call.patch \
|
||||
file://Makefile-runtests.patch \
|
||||
file://ldflags-tests.patch \
|
||||
|
||||
@@ -37,6 +37,7 @@ SRC_URI = "\
|
||||
file://0015-allow-zero-length-elements.patch \
|
||||
file://aarch64-tls.patch \
|
||||
file://0015-Refine-.cfi_sections-check-to-only-consider-compact-.patch \
|
||||
file://0014-libtool-remove-rpath.patch \
|
||||
"
|
||||
S = "${WORKDIR}/git"
|
||||
|
||||
|
||||
@@ -16451,7 +16451,7 @@ index 9503ec8..70e856e 100644
|
||||
case "$perm_rpath " in
|
||||
*" $libdir "*) ;;
|
||||
- *) perm_rpath="$perm_rpath $libdir" ;;
|
||||
+ *) func_apped perm_rpath " $libdir" ;;
|
||||
+ *) func_append perm_rpath " $libdir" ;;
|
||||
esac
|
||||
fi
|
||||
done
|
||||
@@ -21291,5 +21291,4 @@ index 8378857..7584940 100755
|
||||
chmod +x "$ofile"
|
||||
|
||||
--
|
||||
2.7.1
|
||||
|
||||
2.9.0
|
||||
|
||||
@@ -0,0 +1,100 @@
|
||||
Apply these patches from our libtool patches as not only are redundant RPATHs a
|
||||
waste of space but they can cause incorrect linking when native packages are
|
||||
restored from sstate.
|
||||
|
||||
fix-rpath.patch:
|
||||
We don't want to add RPATHS which match default linker
|
||||
search paths, they're a waste of space. This patch
|
||||
filters libtools list and removes the ones we don't need.
|
||||
|
||||
norm-rpath.patch:
|
||||
Libtool may be passed link paths of the form "/usr/lib/../lib", which
|
||||
fool its detection code into thinking it should be included as an
|
||||
RPATH in the generated binary. Normalize before comparision.
|
||||
|
||||
Upstream-Status: Inappropriate
|
||||
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
||||
|
||||
diff --git a/ltmain.sh b/ltmain.sh
|
||||
index 683317c..860a16a 100644
|
||||
--- a/ltmain.sh
|
||||
+++ b/ltmain.sh
|
||||
@@ -8053,8 +8053,14 @@ EOF
|
||||
esac
|
||||
fi
|
||||
else
|
||||
- eval flag=\"$hardcode_libdir_flag_spec\"
|
||||
- func_append dep_rpath " $flag"
|
||||
+ # We only want to hardcode in an rpath if it isn't in the
|
||||
+ # default dlsearch path.
|
||||
+ case " $sys_lib_dlsearch_path " in
|
||||
+ *" $libdir "*) ;;
|
||||
+ *) eval flag=\"$hardcode_libdir_flag_spec\"
|
||||
+ func_append dep_rpath " $flag"
|
||||
+ ;;
|
||||
+ esac
|
||||
fi
|
||||
elif test -n "$runpath_var"; then
|
||||
case "$perm_rpath " in
|
||||
@@ -8790,8 +8796,14 @@ EOF
|
||||
esac
|
||||
fi
|
||||
else
|
||||
- eval flag=\"$hardcode_libdir_flag_spec\"
|
||||
- func_append rpath " $flag"
|
||||
+ # We only want to hardcode in an rpath if it isn't in the
|
||||
+ # default dlsearch path.
|
||||
+ case " $sys_lib_dlsearch_path " in
|
||||
+ *" $libdir "*) ;;
|
||||
+ *) eval flag=\"$hardcode_libdir_flag_spec\"
|
||||
+ rpath+=" $flag"
|
||||
+ ;;
|
||||
+ esac
|
||||
fi
|
||||
elif test -n "$runpath_var"; then
|
||||
case "$perm_rpath " in
|
||||
@@ -8841,8 +8853,14 @@ EOF
|
||||
esac
|
||||
fi
|
||||
else
|
||||
- eval flag=\"$hardcode_libdir_flag_spec\"
|
||||
- func_append rpath " $flag"
|
||||
+ # We only want to hardcode in an rpath if it isn't in the
|
||||
+ # default dlsearch path.
|
||||
+ case " $sys_lib_dlsearch_path " in
|
||||
+ *" $libdir "*) ;;
|
||||
+ *) eval flag=\"$hardcode_libdir_flag_spec\"
|
||||
+ func_append rpath " $flag"
|
||||
+ ;;
|
||||
+ esac
|
||||
fi
|
||||
elif test -n "$runpath_var"; then
|
||||
case "$finalize_perm_rpath " in
|
||||
diff --git a/ltmain.sh b/ltmain.sh
|
||||
index 683317c..860a16a 100644
|
||||
--- a/ltmain.sh
|
||||
+++ b/ltmain.sh
|
||||
@@ -8055,8 +8055,10 @@ EOF
|
||||
else
|
||||
# We only want to hardcode in an rpath if it isn't in the
|
||||
# default dlsearch path.
|
||||
+ func_normal_abspath "$libdir"
|
||||
+ libdir_norm=$func_normal_abspath_result
|
||||
case " $sys_lib_dlsearch_path " in
|
||||
- *" $libdir "*) ;;
|
||||
+ *" $libdir_norm "*) ;;
|
||||
*) eval flag=\"$hardcode_libdir_flag_spec\"
|
||||
func_append dep_rpath " $flag"
|
||||
;;
|
||||
@@ -8798,8 +8800,10 @@ EOF
|
||||
else
|
||||
# We only want to hardcode in an rpath if it isn't in the
|
||||
# default dlsearch path.
|
||||
+ func_normal_abspath "$libdir"
|
||||
+ libdir_norm=$func_normal_abspath_result
|
||||
case " $sys_lib_dlsearch_path " in
|
||||
- *" $libdir "*) ;;
|
||||
+ *" $libdir_norm "*) ;;
|
||||
*) eval flag=\"$hardcode_libdir_flag_spec\"
|
||||
rpath+=" $flag"
|
||||
;;
|
||||
50
meta/recipes-devtools/pseudo/pseudo/obey-ldflags.patch
Normal file
50
meta/recipes-devtools/pseudo/pseudo/obey-ldflags.patch
Normal file
@@ -0,0 +1,50 @@
|
||||
From 0ace81a687355a3c55caa161b51972a82f5c413f Mon Sep 17 00:00:00 2001
|
||||
From: Christopher Larson <chris_larson@mentor.com>
|
||||
Date: Mon, 9 May 2016 17:00:57 -0700
|
||||
Subject: [PATCH] Obey external LDFLAGS the way we obey CFLAGS
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
|
||||
---
|
||||
Makefile.in | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/Makefile.in b/Makefile.in
|
||||
index 6511814..22ef625 100644
|
||||
--- a/Makefile.in
|
||||
+++ b/Makefile.in
|
||||
@@ -109,26 +109,26 @@ pseudo: $(PSEUDO)
|
||||
$(PSEUDO): $(BIN) pseudo.o $(SHOBJS) $(DBOBJS) pseudo_client.o pseudo_server.o pseudo_ipc.o
|
||||
$(CC) $(CFLAGS) $(CFLAGS_PSEUDO) -o $(PSEUDO) \
|
||||
pseudo.o pseudo_server.o pseudo_client.o pseudo_ipc.o \
|
||||
- $(DBOBJS) $(SHOBJS) $(DB_LDFLAGS) $(CLIENT_LDFLAGS)
|
||||
+ $(DBOBJS) $(SHOBJS) $(LDFLAGS) $(DB_LDFLAGS) $(CLIENT_LDFLAGS)
|
||||
|
||||
pseudolog: $(PSEUDOLOG)
|
||||
|
||||
$(PSEUDOLOG): $(BIN) pseudolog.o $(SHOBJS) $(DBOBJS) pseudo_client.o pseudo_ipc.o
|
||||
$(CC) $(CFLAGS) $(CFLAGS_PSEUDO) -o $(PSEUDOLOG) pseudolog.o pseudo_client.o pseudo_ipc.o \
|
||||
- $(DBOBJS) $(SHOBJS) $(DB_LDFLAGS) $(CLIENT_LDFLAGS)
|
||||
+ $(DBOBJS) $(SHOBJS) $(LDFLAGS) $(DB_LDFLAGS) $(CLIENT_LDFLAGS)
|
||||
|
||||
pseudodb: $(PSEUDODB)
|
||||
|
||||
$(PSEUDODB): $(BIN) pseudodb.o $(SHOBJS) $(DBOBJS) pseudo_ipc.o
|
||||
$(CC) $(CFLAGS) $(CFLAGS_PSEUDO) -o $(PSEUDODB) pseudodb.o \
|
||||
- $(DBOBJS) $(SHOBJS) pseudo_ipc.o $(DB_LDFLAGS) $(CLIENT_LDFLAGS)
|
||||
+ $(DBOBJS) $(SHOBJS) pseudo_ipc.o $(LDFLAGS) $(DB_LDFLAGS) $(CLIENT_LDFLAGS)
|
||||
|
||||
libpseudo: $(LIBPSEUDO)
|
||||
|
||||
$(LIBPSEUDO): $(LIB) $(WRAPOBJS) pseudo_client.o pseudo_ipc.o $(SHOBJS)
|
||||
$(CC) $(CFLAGS) $(CFLAGS_PSEUDO) -shared -o $(LIBPSEUDO) \
|
||||
pseudo_client.o pseudo_ipc.o \
|
||||
- $(WRAPOBJS) $(SHOBJS) $(CLIENT_LDFLAGS)
|
||||
+ $(WRAPOBJS) $(SHOBJS) $(LDFLAGS) $(CLIENT_LDFLAGS)
|
||||
|
||||
# *everything* now relies on stuff that's generated in the
|
||||
# wrapper process.
|
||||
--
|
||||
2.8.0
|
||||
|
||||
@@ -0,0 +1,85 @@
|
||||
We started seeing:
|
||||
|
||||
No real function for mknod: /home/paul/poky_sdk/tmp/sysroots/x86_64-
|
||||
linux/usr/bin/../lib/pseudo/lib64/libpseudo.so: undefined symbol: mknod
|
||||
No real function for mknodat: /home/paul/poky_sdk/tmp/sysroots/x86_64-
|
||||
linux/usr/bin/../lib/pseudo/lib64/libpseudo.so: undefined symbol: mknodat
|
||||
|
||||
In glibc 2.24 they've merged:
|
||||
|
||||
https://sourceware.org/git/?p=glibc.git;a=commit;h=7d45c163d00c88d5875a112343c4ea3e61349e6b
|
||||
related to bugzilla entry:
|
||||
https://sourceware.org/bugzilla/show_bug.cgi?id=19509
|
||||
|
||||
which means that the behaviour of RTLD_NEXT is slightly different.
|
||||
As far as I can tell, mknod has not been present in glibc for a while.
|
||||
To quote stat.h:
|
||||
|
||||
/* To allow the `struct stat' structure and the file type `mode_t'
|
||||
bits to vary without changing shared library major version number,
|
||||
the `stat' family of functions and `mknod' are in fact inline
|
||||
wrappers around calls to `xstat', `fxstat', `lxstat', and `xmknod',
|
||||
which all take a leading version-number argument designating the
|
||||
data structure and bits used. <bits/stat.h> defines _STAT_VER with
|
||||
the version number corresponding to `struct stat' as defined in
|
||||
that file; and _MKNOD_VER with the version number corresponding to
|
||||
the S_IF* macros defined therein. It is arranged that when not
|
||||
inlined these function are always statically linked; that way a
|
||||
dynamically-linked executable always encodes the version number
|
||||
corresponding to the data structures it uses, so the `x' functions
|
||||
in the shared library can adapt without needing to recompile all
|
||||
callers. */
|
||||
|
||||
so I suspect mknod has not existed for a while, if ever and what we
|
||||
were finding, who knows. Everying in the system links against _xmknod
|
||||
which we have a separate wrapper for.
|
||||
|
||||
Anyhow, ignoring that problem which hasn't caused a issue in the past,
|
||||
the RTLD_NEXT change causes messages to be printed to stdout which causes
|
||||
carnage if for example the packaging code is expecting a list of packages:
|
||||
|
||||
WARNING: core-image-minimal-1.0-r0 do_rootfs: No not found in the base feeds (qemux86_64 core2-64 x86_64 noarch any all).
|
||||
WARNING: core-image-minimal-1.0-r0 do_rootfs: real not found in the base feeds (qemux86_64 core2-64 x86_64 noarch any all).
|
||||
WARNING: core-image-minimal-1.0-r0 do_rootfs: function not found in the base feeds (qemux86_64 core2-64 x86_64 noarch any all).
|
||||
WARNING: core-image-minimal-1.0-r0 do_rootfs: for not found in the base feeds (qemux86_64 core2-64 x86_64 noarch any all).
|
||||
WARNING: core-image-minimal-1.0-r0 do_rootfs: mknod: not found in the base feeds (qemux86_64 core2-64 x86_64 noarch any all).
|
||||
[etc]
|
||||
|
||||
This bug will affect:
|
||||
* any distro using glibc 2.24
|
||||
* any system using a uninative tarball for glibc 2.24
|
||||
* any system which took a backport for the fix which was merged into
|
||||
the 2.23 branch for a while before it was reverted (Fedora 23 had this)
|
||||
|
||||
The easiest thing to do is to ignore the problem and disable the diag
|
||||
message which masks the problem with no ill effects.
|
||||
|
||||
As Peter notes, there are a few issues here:
|
||||
|
||||
* the fact there is no mknod symbol
|
||||
* the fact an error here isn't fatal
|
||||
* the #ifdef/#else looks suspect
|
||||
* handle RTLD_NEXT chaining properly (need more libs?)
|
||||
|
||||
which he'll work on upstream and hopefully have fixed in a new version.
|
||||
|
||||
Upstream-Status: Submitted [Peter is aware of the issue]
|
||||
|
||||
RP 2016/5/18
|
||||
|
||||
Index: pseudo-1.7.5/pseudo_wrappers.c
|
||||
===================================================================
|
||||
--- pseudo-1.7.5.orig/pseudo_wrappers.c
|
||||
+++ pseudo-1.7.5/pseudo_wrappers.c
|
||||
@@ -146,9 +146,9 @@ pseudo_init_one_wrapper(pseudo_function
|
||||
return;
|
||||
}
|
||||
#else
|
||||
- if (e != NULL) {
|
||||
+ /*if (e != NULL) {
|
||||
pseudo_diag("No real function for %s: %s\n", func->name, e);
|
||||
- }
|
||||
+ }*/
|
||||
#endif
|
||||
}
|
||||
}
|
||||
@@ -1,13 +1,14 @@
|
||||
require pseudo.inc
|
||||
|
||||
SRC_URI = " \
|
||||
http://downloads.yoctoproject.org/releases/pseudo/${BPN}-${PV}.tar.bz2 \
|
||||
file://0001-configure-Prune-PIE-flags.patch \
|
||||
file://fallback-passwd \
|
||||
file://fallback-group \
|
||||
file://moreretries.patch \
|
||||
file://handle-remove-xattr.patch \
|
||||
"
|
||||
SRC_URI = "http://downloads.yoctoproject.org/releases/pseudo/${BPN}-${PV}.tar.bz2 \
|
||||
file://0001-configure-Prune-PIE-flags.patch \
|
||||
file://fallback-passwd \
|
||||
file://fallback-group \
|
||||
file://moreretries.patch \
|
||||
file://handle-remove-xattr.patch \
|
||||
file://obey-ldflags.patch \
|
||||
file://pseudo-glibc-rtld-next-workaround.patch \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "c10209938f03128d0c193f041ff3596d"
|
||||
SRC_URI[sha256sum] = "fd89cadec984d3b8202aca465898b1bb4350e0d63ba9aa9ac899f6f50270e688"
|
||||
|
||||
78
meta/recipes-devtools/qemu/qemu/CVE-2016-4441.patch
Normal file
78
meta/recipes-devtools/qemu/qemu/CVE-2016-4441.patch
Normal file
@@ -0,0 +1,78 @@
|
||||
From 6c1fef6b59563cc415f21e03f81539ed4b33ad90 Mon Sep 17 00:00:00 2001
|
||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Date: Thu, 19 May 2016 16:09:31 +0530
|
||||
Subject: [PATCH] esp: check dma length before reading scsi command(CVE-2016-4441)
|
||||
|
||||
The 53C9X Fast SCSI Controller(FSC) comes with an internal 16-byte
|
||||
FIFO buffer. It is used to handle command and data transfer.
|
||||
Routine get_cmd() uses DMA to read scsi commands into this buffer.
|
||||
Add check to validate DMA length against buffer size to avoid any
|
||||
overrun.
|
||||
|
||||
Fixes CVE-2016-4441.
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
Reported-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Message-Id: <1463654371-11169-3-git-send-email-ppandit@redhat.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
||||
---
|
||||
hw/scsi/esp.c | 11 +++++++----
|
||||
1 files changed, 7 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
|
||||
index 01497e6..591c817 100644
|
||||
--- a/hw/scsi/esp.c
|
||||
+++ b/hw/scsi/esp.c
|
||||
@@ -82,7 +82,7 @@ void esp_request_cancelled(SCSIRequest *req)
|
||||
}
|
||||
}
|
||||
|
||||
-static uint32_t get_cmd(ESPState *s, uint8_t *buf)
|
||||
+static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen)
|
||||
{
|
||||
uint32_t dmalen;
|
||||
int target;
|
||||
@@ -92,6 +92,9 @@ static uint32_t get_cmd(ESPState *s, uint8_t *buf)
|
||||
dmalen = s->rregs[ESP_TCLO];
|
||||
dmalen |= s->rregs[ESP_TCMID] << 8;
|
||||
dmalen |= s->rregs[ESP_TCHI] << 16;
|
||||
+ if (dmalen > buflen) {
|
||||
+ return 0;
|
||||
+ }
|
||||
s->dma_memory_read(s->dma_opaque, buf, dmalen);
|
||||
} else {
|
||||
dmalen = s->ti_size;
|
||||
@@ -166,7 +169,7 @@ static void handle_satn(ESPState *s)
|
||||
s->dma_cb = handle_satn;
|
||||
return;
|
||||
}
|
||||
- len = get_cmd(s, buf);
|
||||
+ len = get_cmd(s, buf, sizeof(buf));
|
||||
if (len)
|
||||
do_cmd(s, buf);
|
||||
}
|
||||
@@ -180,7 +183,7 @@ static void handle_s_without_atn(ESPState *s)
|
||||
s->dma_cb = handle_s_without_atn;
|
||||
return;
|
||||
}
|
||||
- len = get_cmd(s, buf);
|
||||
+ len = get_cmd(s, buf, sizeof(buf));
|
||||
if (len) {
|
||||
do_busid_cmd(s, buf, 0);
|
||||
}
|
||||
@@ -192,7 +195,7 @@ static void handle_satn_stop(ESPState *s)
|
||||
s->dma_cb = handle_satn_stop;
|
||||
return;
|
||||
}
|
||||
- s->cmdlen = get_cmd(s, s->cmdbuf);
|
||||
+ s->cmdlen = get_cmd(s, s->cmdbuf, sizeof(s->cmdbuf));
|
||||
if (s->cmdlen) {
|
||||
trace_esp_handle_satn_stop(s->cmdlen);
|
||||
s->do_cmd = 1;
|
||||
--
|
||||
1.7.0.4
|
||||
|
||||
105
meta/recipes-devtools/qemu/qemu/CVE-2016-4952.patch
Normal file
105
meta/recipes-devtools/qemu/qemu/CVE-2016-4952.patch
Normal file
@@ -0,0 +1,105 @@
|
||||
From 3e831b40e015ba34dfb55ff11f767001839425ff Mon Sep 17 00:00:00 2001
|
||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Date: Mon, 23 May 2016 16:18:05 +0530
|
||||
Subject: [PATCH] scsi: pvscsi: check command descriptor ring buffer size (CVE-2016-4952)
|
||||
|
||||
Vmware Paravirtual SCSI emulation uses command descriptors to
|
||||
process SCSI commands. These descriptors come with their ring
|
||||
buffers. A guest could set the ring buffer size to an arbitrary
|
||||
value leading to OOB access issue. Add check to avoid it.
|
||||
|
||||
Upstream-Status: Backported
|
||||
|
||||
Reported-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Message-Id: <1464000485-27041-1-git-send-email-ppandit@redhat.com>
|
||||
Reviewed-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
|
||||
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
||||
---
|
||||
hw/scsi/vmw_pvscsi.c | 24 ++++++++++++++++++++----
|
||||
1 files changed, 20 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
|
||||
index f67b5bf..2d7528d 100644
|
||||
--- a/hw/scsi/vmw_pvscsi.c
|
||||
+++ b/hw/scsi/vmw_pvscsi.c
|
||||
@@ -153,7 +153,7 @@ pvscsi_log2(uint32_t input)
|
||||
return log;
|
||||
}
|
||||
|
||||
-static void
|
||||
+static int
|
||||
pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
|
||||
{
|
||||
int i;
|
||||
@@ -161,6 +161,10 @@ pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
|
||||
uint32_t req_ring_size, cmp_ring_size;
|
||||
m->rs_pa = ri->ringsStatePPN << VMW_PAGE_SHIFT;
|
||||
|
||||
+ if ((ri->reqRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES)
|
||||
+ || (ri->cmpRingNumPages > PVSCSI_SETUP_RINGS_MAX_NUM_PAGES)) {
|
||||
+ return -1;
|
||||
+ }
|
||||
req_ring_size = ri->reqRingNumPages * PVSCSI_MAX_NUM_REQ_ENTRIES_PER_PAGE;
|
||||
cmp_ring_size = ri->cmpRingNumPages * PVSCSI_MAX_NUM_CMP_ENTRIES_PER_PAGE;
|
||||
txr_len_log2 = pvscsi_log2(req_ring_size - 1);
|
||||
@@ -192,15 +196,20 @@ pvscsi_ring_init_data(PVSCSIRingInfo *m, PVSCSICmdDescSetupRings *ri)
|
||||
|
||||
/* Flush ring state page changes */
|
||||
smp_wmb();
|
||||
+
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
-static void
|
||||
+static int
|
||||
pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri)
|
||||
{
|
||||
int i;
|
||||
uint32_t len_log2;
|
||||
uint32_t ring_size;
|
||||
|
||||
+ if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
|
||||
+ return -1;
|
||||
+ }
|
||||
ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE;
|
||||
len_log2 = pvscsi_log2(ring_size - 1);
|
||||
|
||||
@@ -220,6 +229,8 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri)
|
||||
|
||||
/* Flush ring state page changes */
|
||||
smp_wmb();
|
||||
+
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
static void
|
||||
@@ -770,7 +781,10 @@ pvscsi_on_cmd_setup_rings(PVSCSIState *s)
|
||||
trace_pvscsi_on_cmd_arrived("PVSCSI_CMD_SETUP_RINGS");
|
||||
|
||||
pvscsi_dbg_dump_tx_rings_config(rc);
|
||||
- pvscsi_ring_init_data(&s->rings, rc);
|
||||
+ if (pvscsi_ring_init_data(&s->rings, rc) < 0) {
|
||||
+ return PVSCSI_COMMAND_PROCESSING_FAILED;
|
||||
+ }
|
||||
+
|
||||
s->rings_info_valid = TRUE;
|
||||
return PVSCSI_COMMAND_PROCESSING_SUCCEEDED;
|
||||
}
|
||||
@@ -850,7 +864,9 @@ pvscsi_on_cmd_setup_msg_ring(PVSCSIState *s)
|
||||
}
|
||||
|
||||
if (s->rings_info_valid) {
|
||||
- pvscsi_ring_init_msg(&s->rings, rc);
|
||||
+ if (pvscsi_ring_init_msg(&s->rings, rc) < 0) {
|
||||
+ return PVSCSI_COMMAND_PROCESSING_FAILED;
|
||||
+ }
|
||||
s->msg_ring_info_valid = TRUE;
|
||||
}
|
||||
return sizeof(PVSCSICmdDescSetupMsgRing) / sizeof(uint32_t);
|
||||
--
|
||||
1.7.0.4
|
||||
|
||||
@@ -26,6 +26,8 @@ SRC_URI += "file://configure-fix-Darwin-target-detection.patch \
|
||||
file://CVE-2016-6351_p2.patch \
|
||||
file://CVE-2016-4002.patch \
|
||||
file://CVE-2016-5403.patch \
|
||||
file://CVE-2016-4441.patch \
|
||||
file://CVE-2016-4952.patch \
|
||||
"
|
||||
SRC_URI_prepend = "http://wiki.qemu-project.org/download/${BP}.tar.bz2"
|
||||
SRC_URI[md5sum] = "f469f2330bbe76e3e39db10e9ac4f8db"
|
||||
|
||||
@@ -8,10 +8,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=ef1a352b901ee7b75a75df8171d6aca7"
|
||||
SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \
|
||||
http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata"
|
||||
|
||||
SRC_URI[tzcode.md5sum] = "f89867013676e3cb9544be2df7d36a91"
|
||||
SRC_URI[tzcode.sha256sum] = "1ff90b47ad7986140a513b5287b1851c40f80fd44fd636db5cc5b46d06f9fa2b"
|
||||
SRC_URI[tzdata.md5sum] = "3c7e97ec8527211104d27cc1d97a23de"
|
||||
SRC_URI[tzdata.sha256sum] = "3c7137b2bc47323b0de47b77786bacf81ed503d4b2c693ff8ada2fbd1281ebd1"
|
||||
SRC_URI[tzcode.md5sum] = "8fae14cba9396462955b7859cf04ba48"
|
||||
SRC_URI[tzcode.sha256sum] = "411e8adcb6288b17d6c2624fde65e7d82654ca69b813ae121504ff66f0cfba7b"
|
||||
SRC_URI[tzdata.md5sum] = "73912ecfa6a9a8048ddf2e719d9bc39d"
|
||||
SRC_URI[tzdata.sha256sum] = "b6966ec982ef64fe48cebec437096b4f57f4287519ed32dde59c86d3a1853845"
|
||||
|
||||
S = "${WORKDIR}"
|
||||
|
||||
@@ -8,8 +8,8 @@ DEPENDS = "tzcode-native"
|
||||
|
||||
SRC_URI = "http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata"
|
||||
|
||||
SRC_URI[tzdata.md5sum] = "3c7e97ec8527211104d27cc1d97a23de"
|
||||
SRC_URI[tzdata.sha256sum] = "3c7137b2bc47323b0de47b77786bacf81ed503d4b2c693ff8ada2fbd1281ebd1"
|
||||
SRC_URI[tzdata.md5sum] = "73912ecfa6a9a8048ddf2e719d9bc39d"
|
||||
SRC_URI[tzdata.sha256sum] = "b6966ec982ef64fe48cebec437096b4f57f4287519ed32dde59c86d3a1853845"
|
||||
|
||||
inherit allarch
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
require ${BPN}.inc
|
||||
|
||||
SRC_URI = "ftp://ftp.freedesktop.org/pub/mesa/${PV}/mesa-${PV}.tar.xz \
|
||||
SRC_URI = "ftp://ftp.freedesktop.org/pub/mesa/older-versions/11.x/${PV}/mesa-${PV}.tar.xz \
|
||||
file://replace_glibc_check_with_linux.patch \
|
||||
"
|
||||
|
||||
|
||||
@@ -0,0 +1,125 @@
|
||||
From 6c89292024cc08d4499916dc153c354175bd81c4 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Daniel=20D=C3=ADaz?= <daniel.diaz@linaro.org>
|
||||
Date: Fri, 21 Oct 2016 14:03:13 -0500
|
||||
Subject: [PATCH] Add configuration option for no input device.
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
[Backported from master, 75b7197.)
|
||||
|
||||
As it has been discussed in the past [1], running Weston
|
||||
without any input device at launch might be beneficial for
|
||||
some use cases.
|
||||
|
||||
Certainly, it's best for the vast majority of users (and
|
||||
the project) to require an input device to be present, as
|
||||
to avoid frustration and hassle, but for those brave souls
|
||||
that so prefer, this patch lets them run without any input
|
||||
device at all.
|
||||
|
||||
This introduces a simple configuration in weston.ini:
|
||||
[core]
|
||||
require-input=true
|
||||
|
||||
True is the default, so no behavioral change is introduced.
|
||||
|
||||
[1] https://lists.freedesktop.org/archives/wayland-devel/2015-November/025193.html
|
||||
|
||||
Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org>
|
||||
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
|
||||
Reviewed-by: Daniel Stone <daniels@collabora.com>
|
||||
---
|
||||
man/weston.ini.man | 5 +++++
|
||||
src/compositor.h | 4 ++++
|
||||
src/libinput-seat.c | 6 ++++++
|
||||
src/main.c | 5 +++++
|
||||
weston.ini.in | 1 +
|
||||
5 files changed, 21 insertions(+)
|
||||
|
||||
diff --git a/man/weston.ini.man b/man/weston.ini.man
|
||||
index a9b6026..668b16f 100644
|
||||
--- a/man/weston.ini.man
|
||||
+++ b/man/weston.ini.man
|
||||
@@ -169,6 +169,11 @@ time, the one specified in the command-line will be used. On the other
|
||||
hand, if none of these sets the value, default idle timeout will be
|
||||
set to 300 seconds.
|
||||
.RS
|
||||
+.PP
|
||||
+.RE
|
||||
+.TP 7
|
||||
+.BI "require-input=" true
|
||||
+require an input device for launch
|
||||
|
||||
.SH "LIBINPUT SECTION"
|
||||
The
|
||||
diff --git a/src/compositor.h b/src/compositor.h
|
||||
index c4c81f0..292a412 100644
|
||||
--- a/src/compositor.h
|
||||
+++ b/src/compositor.h
|
||||
@@ -701,6 +701,10 @@ struct weston_compositor {
|
||||
|
||||
void *user_data;
|
||||
void (*exit)(struct weston_compositor *c);
|
||||
+
|
||||
+ /* Whether to let the compositor run without any input device. */
|
||||
+ bool require_input;
|
||||
+
|
||||
};
|
||||
|
||||
struct weston_buffer {
|
||||
diff --git a/src/libinput-seat.c b/src/libinput-seat.c
|
||||
index c9f9ed2..1c4c358 100644
|
||||
--- a/src/libinput-seat.c
|
||||
+++ b/src/libinput-seat.c
|
||||
@@ -250,6 +250,12 @@ udev_input_enable(struct udev_input *input)
|
||||
devices_found = 1;
|
||||
}
|
||||
|
||||
+ if (devices_found == 0 && !c->require_input) {
|
||||
+ weston_log("warning: no input devices found, but none required "
|
||||
+ "as per configuration.\n");
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
if (devices_found == 0) {
|
||||
weston_log(
|
||||
"warning: no input devices on entering Weston. "
|
||||
diff --git a/src/main.c b/src/main.c
|
||||
index a98570e..b8632e9 100644
|
||||
--- a/src/main.c
|
||||
+++ b/src/main.c
|
||||
@@ -658,6 +658,7 @@ int main(int argc, char *argv[])
|
||||
struct wl_client *primary_client;
|
||||
struct wl_listener primary_client_destroyed;
|
||||
struct weston_seat *seat;
|
||||
+ int require_input;
|
||||
|
||||
const struct weston_option core_options[] = {
|
||||
{ WESTON_OPTION_STRING, "backend", 'B', &backend },
|
||||
@@ -737,6 +738,10 @@ int main(int argc, char *argv[])
|
||||
if (weston_compositor_init_config(ec, config) < 0)
|
||||
goto out_signals;
|
||||
|
||||
+ weston_config_section_get_bool(section, "require-input",
|
||||
+ &require_input, true);
|
||||
+ ec->require_input = require_input;
|
||||
+
|
||||
if (backend_init(ec, &argc, argv, config) < 0) {
|
||||
weston_log("fatal: failed to create compositor backend\n");
|
||||
goto out_signals;
|
||||
diff --git a/weston.ini.in b/weston.ini.in
|
||||
index 06b51df..e9ef992 100644
|
||||
--- a/weston.ini.in
|
||||
+++ b/weston.ini.in
|
||||
@@ -2,6 +2,7 @@
|
||||
#modules=xwayland.so,cms-colord.so
|
||||
#shell=desktop-shell.so
|
||||
#gbm-format=xrgb2101010
|
||||
+#require-input=true
|
||||
|
||||
[shell]
|
||||
background-image=/usr/share/backgrounds/gnome/Aqua.jpg
|
||||
--
|
||||
1.9.1
|
||||
|
||||
@@ -13,6 +13,7 @@ SRC_URI = "http://wayland.freedesktop.org/releases/${BPN}-${PV}.tar.xz \
|
||||
file://0001-make-error-portable.patch \
|
||||
file://libsystemd.patch \
|
||||
file://explicit-enable-disable-systemd.patch \
|
||||
file://add-config-option-for-no-input-device.patch \
|
||||
"
|
||||
SRC_URI[md5sum] = "66bbba12f546570b4d97f676bc79a28e"
|
||||
SRC_URI[sha256sum] = "9c1b03f3184fa0b0dfdf67e215048085156e1a2ca344af6613fed36794ac48cf"
|
||||
|
||||
@@ -3,7 +3,7 @@ HOMEPAGE = "http://cryptodev-linux.org/"
|
||||
LICENSE = "GPLv2"
|
||||
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
|
||||
|
||||
SRC_URI = "http://download.gna.org/cryptodev-linux/cryptodev-linux-${PV}.tar.gz"
|
||||
SRC_URI = "http://nwl.cc/pub/cryptodev-linux/cryptodev-linux-${PV}.tar.gz"
|
||||
|
||||
SRC_URI[md5sum] = "02644cc4cd02301e0b503a332eb2f0b5"
|
||||
SRC_URI[sha256sum] = "67fabde9fb67b286a96c4f45b594b0eccd0f761b495705c18f2ae9461b831376"
|
||||
|
||||
@@ -9,7 +9,7 @@ DEPENDS = "zlib"
|
||||
PN = "libpng12"
|
||||
S = "${WORKDIR}/libpng-${PV}"
|
||||
|
||||
SRC_URI = "${GENTOO_MIRROR}/libpng-${PV}.tar.xz"
|
||||
SRC_URI = "${SOURCEFORGE_MIRROR}/project/libpng/${PN}/${PV}/libpng-${PV}.tar.xz"
|
||||
|
||||
SRC_URI[md5sum] = "868562bd1c58b76ed8703f135a2e439a"
|
||||
SRC_URI[sha256sum] = "24ce54581468b937734a6ecc86f7e121bc46a90d76a0d948dca08f32ee000dbe"
|
||||
|
||||
@@ -18,6 +18,7 @@ PACKAGECONFIG[gpl] = "--enable-gpl,--disable-gpl,"
|
||||
PACKAGECONFIG[libav] = "--with-system-libav,,libav"
|
||||
PACKAGECONFIG[orc] = "--enable-orc,--disable-orc,orc"
|
||||
PACKAGECONFIG[yasm] = "--enable-yasm,--disable-yasm,yasm-native"
|
||||
PACKAGECONFIG[valgrind] = "--enable-valgrind,--disable-valgrind,valgrind"
|
||||
|
||||
GSTREAMER_1_0_DEBUG ?= "--disable-debug"
|
||||
|
||||
|
||||
@@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=06a1b6fde6d93170bb72201c8000bf3d \
|
||||
file://png.h;endline=112;md5=9a8b5f83e1e8046df672deab87f235be"
|
||||
DEPENDS = "zlib"
|
||||
|
||||
SRC_URI = "${GENTOO_MIRROR}/libpng-${PV}.tar.xz \
|
||||
LIBV = "16"
|
||||
|
||||
SRC_URI = "${SOURCEFORGE_MIRROR}/project/libpng/libpng${LIBV}/older-releases/${PV}/libpng-${PV}.tar.xz \
|
||||
"
|
||||
SRC_URI[md5sum] = "3bacb4728f6694a64ad9052769d6a4ce"
|
||||
SRC_URI[sha256sum] = "6c8f1849eb9264219bf5d703601e5abe92a58651ecae927a03d1a1aa15ee2083"
|
||||
|
||||
129
meta/recipes-multimedia/libtiff/files/CVE-2016-3622.patch
Normal file
129
meta/recipes-multimedia/libtiff/files/CVE-2016-3622.patch
Normal file
@@ -0,0 +1,129 @@
|
||||
From 92d966a5fcfbdca67957c8c5c47b467aa650b286 Mon Sep 17 00:00:00 2001
|
||||
From: bfriesen <bfriesen>
|
||||
Date: Sat, 24 Sep 2016 23:11:55 +0000
|
||||
Subject: [PATCH] * libtiff/tif_getimage.c (TIFFRGBAImageOK): Reject attempts
|
||||
to read floating point images.
|
||||
|
||||
* libtiff/tif_predict.c (PredictorSetup): Enforce bits-per-sample
|
||||
requirements of floating point predictor (3). Fixes CVE-2016-3622
|
||||
"Divide By Zero in the tiff2rgba tool."
|
||||
|
||||
CVE: CVE-2016-3622
|
||||
Upstream-Status: Backport
|
||||
https://github.com/vadz/libtiff/commit/92d966a5fcfbdca67957c8c5c47b467aa650b286
|
||||
|
||||
Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
|
||||
---
|
||||
ChangeLog | 11 ++++++++++-
|
||||
libtiff/tif_getimage.c | 38 ++++++++++++++++++++------------------
|
||||
libtiff/tif_predict.c | 11 ++++++++++-
|
||||
3 files changed, 40 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/ChangeLog b/ChangeLog
|
||||
index 26d6f47..a628277 100644
|
||||
--- a/ChangeLog
|
||||
+++ b/ChangeLog
|
||||
@@ -1,3 +1,12 @@
|
||||
+2016-09-24 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
|
||||
+
|
||||
+ * libtiff/tif_getimage.c (TIFFRGBAImageOK): Reject attempts to
|
||||
+ read floating point images.
|
||||
+
|
||||
+ * libtiff/tif_predict.c (PredictorSetup): Enforce bits-per-sample
|
||||
+ requirements of floating point predictor (3). Fixes CVE-2016-3622
|
||||
+ "Divide By Zero in the tiff2rgba tool."
|
||||
+
|
||||
2016-08-15 Even Rouault <even.rouault at spatialys.com>
|
||||
|
||||
* tools/rgb2ycbcr.c: validate values of -v and -h parameters to
|
||||
diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
|
||||
index 386cee0..3e689ee 100644
|
||||
--- a/libtiff/tif_getimage.c
|
||||
+++ b/libtiff/tif_getimage.c
|
||||
@@ -95,6 +95,10 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
|
||||
td->td_bitspersample);
|
||||
return (0);
|
||||
}
|
||||
+ if (td->td_sampleformat == SAMPLEFORMAT_IEEEFP) {
|
||||
+ sprintf(emsg, "Sorry, can not handle images with IEEE floating-point samples");
|
||||
+ return (0);
|
||||
+ }
|
||||
colorchannels = td->td_samplesperpixel - td->td_extrasamples;
|
||||
if (!TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &photometric)) {
|
||||
switch (colorchannels) {
|
||||
@@ -182,27 +186,25 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
|
||||
"Planarconfiguration", td->td_planarconfig);
|
||||
return (0);
|
||||
}
|
||||
- if( td->td_samplesperpixel != 3 || colorchannels != 3 )
|
||||
- {
|
||||
- sprintf(emsg,
|
||||
- "Sorry, can not handle image with %s=%d, %s=%d",
|
||||
- "Samples/pixel", td->td_samplesperpixel,
|
||||
- "colorchannels", colorchannels);
|
||||
- return 0;
|
||||
- }
|
||||
+ if ( td->td_samplesperpixel != 3 || colorchannels != 3 ) {
|
||||
+ sprintf(emsg,
|
||||
+ "Sorry, can not handle image with %s=%d, %s=%d",
|
||||
+ "Samples/pixel", td->td_samplesperpixel,
|
||||
+ "colorchannels", colorchannels);
|
||||
+ return 0;
|
||||
+ }
|
||||
break;
|
||||
case PHOTOMETRIC_CIELAB:
|
||||
- if( td->td_samplesperpixel != 3 || colorchannels != 3 || td->td_bitspersample != 8 )
|
||||
- {
|
||||
- sprintf(emsg,
|
||||
- "Sorry, can not handle image with %s=%d, %s=%d and %s=%d",
|
||||
- "Samples/pixel", td->td_samplesperpixel,
|
||||
- "colorchannels", colorchannels,
|
||||
- "Bits/sample", td->td_bitspersample);
|
||||
- return 0;
|
||||
- }
|
||||
+ if ( td->td_samplesperpixel != 3 || colorchannels != 3 || td->td_bitspersample != 8 ) {
|
||||
+ sprintf(emsg,
|
||||
+ "Sorry, can not handle image with %s=%d, %s=%d and %s=%d",
|
||||
+ "Samples/pixel", td->td_samplesperpixel,
|
||||
+ "colorchannels", colorchannels,
|
||||
+ "Bits/sample", td->td_bitspersample);
|
||||
+ return 0;
|
||||
+ }
|
||||
break;
|
||||
- default:
|
||||
+ default:
|
||||
sprintf(emsg, "Sorry, can not handle image with %s=%d",
|
||||
photoTag, photometric);
|
||||
return (0);
|
||||
diff --git a/libtiff/tif_predict.c b/libtiff/tif_predict.c
|
||||
index 081eb11..555f2f9 100644
|
||||
--- a/libtiff/tif_predict.c
|
||||
+++ b/libtiff/tif_predict.c
|
||||
@@ -80,6 +80,15 @@ PredictorSetup(TIFF* tif)
|
||||
td->td_sampleformat);
|
||||
return 0;
|
||||
}
|
||||
+ if (td->td_bitspersample != 16
|
||||
+ && td->td_bitspersample != 24
|
||||
+ && td->td_bitspersample != 32
|
||||
+ && td->td_bitspersample != 64) { /* Should 64 be allowed? */
|
||||
+ TIFFErrorExt(tif->tif_clientdata, module,
|
||||
+ "Floating point \"Predictor\" not supported with %d-bit samples",
|
||||
+ td->td_bitspersample);
|
||||
+ return 0;
|
||||
+ }
|
||||
break;
|
||||
default:
|
||||
TIFFErrorExt(tif->tif_clientdata, module,
|
||||
@@ -174,7 +183,7 @@ PredictorSetupDecode(TIFF* tif)
|
||||
}
|
||||
/*
|
||||
* Allocate buffer to keep the decoded bytes before
|
||||
- * rearranging in the ight order
|
||||
+ * rearranging in the right order
|
||||
*/
|
||||
}
|
||||
|
||||
--
|
||||
2.7.4
|
||||
|
||||
52
meta/recipes-multimedia/libtiff/files/CVE-2016-3623.patch
Normal file
52
meta/recipes-multimedia/libtiff/files/CVE-2016-3623.patch
Normal file
@@ -0,0 +1,52 @@
|
||||
From bd024f07019f5d9fea236675607a69f74a66bc7b Mon Sep 17 00:00:00 2001
|
||||
From: erouault <erouault>
|
||||
Date: Mon, 15 Aug 2016 21:26:56 +0000
|
||||
Subject: [PATCH] * tools/rgb2ycbcr.c: validate values of -v and -h parameters
|
||||
to avoid potential divide by zero. Fixes CVE-2016-3623 (bugzilla #2569)
|
||||
|
||||
CVE: CVE-2016-3623
|
||||
Upstream-Status: Backport
|
||||
https://github.com/vadz/libtiff/commit/bd024f07019f5d9fea236675607a69f74a66bc7b
|
||||
|
||||
Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
|
||||
---
|
||||
ChangeLog | 5 +++++
|
||||
tools/rgb2ycbcr.c | 4 ++++
|
||||
2 files changed, 9 insertions(+)
|
||||
|
||||
diff --git a/ChangeLog b/ChangeLog
|
||||
index 5d60608..3e6642a 100644
|
||||
--- a/ChangeLog
|
||||
+++ b/ChangeLog
|
||||
@@ -1,5 +1,10 @@
|
||||
2016-08-15 Even Rouault <even.rouault at spatialys.com>
|
||||
|
||||
+ * tools/rgb2ycbcr.c: validate values of -v and -h parameters to
|
||||
+ avoid potential divide by zero. Fixes CVE-2016-3623 (bugzilla #2569)
|
||||
+
|
||||
+2016-08-15 Even Rouault <even.rouault at spatialys.com>
|
||||
+
|
||||
* tools/tiffcrop.c: Fix out-of-bounds write in loadImage().
|
||||
From patch libtiff-CVE-2016-3991.patch from
|
||||
libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro (bugzilla #2543)
|
||||
diff --git a/tools/rgb2ycbcr.c b/tools/rgb2ycbcr.c
|
||||
index 3829d6b..51f4259 100644
|
||||
--- a/tools/rgb2ycbcr.c
|
||||
+++ b/tools/rgb2ycbcr.c
|
||||
@@ -95,9 +95,13 @@ main(int argc, char* argv[])
|
||||
break;
|
||||
case 'h':
|
||||
horizSubSampling = atoi(optarg);
|
||||
+ if( horizSubSampling != 1 && horizSubSampling != 2 && horizSubSampling != 4 )
|
||||
+ usage(-1);
|
||||
break;
|
||||
case 'v':
|
||||
vertSubSampling = atoi(optarg);
|
||||
+ if( vertSubSampling != 1 && vertSubSampling != 2 && vertSubSampling != 4 )
|
||||
+ usage(-1);
|
||||
break;
|
||||
case 'r':
|
||||
rowsperstrip = atoi(optarg);
|
||||
--
|
||||
2.7.4
|
||||
|
||||
34
meta/recipes-multimedia/libtiff/files/CVE-2016-3632.patch
Normal file
34
meta/recipes-multimedia/libtiff/files/CVE-2016-3632.patch
Normal file
@@ -0,0 +1,34 @@
|
||||
From d3f9829a37661749b200760ad6525f77cf77d77a Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
|
||||
Date: Mon, 11 Jul 2016 16:04:34 +0200
|
||||
Subject: [PATCH 4/8] Fix CVE-2016-3632
|
||||
|
||||
CVE-2016-3632 libtiff: The _TIFFVGetField function in tif_dirinfo.c in
|
||||
LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service
|
||||
(out-of-bounds write) or execute arbitrary code via a crafted TIFF image.
|
||||
|
||||
CVE: CVE-2016-3632
|
||||
Upstream-Status: Backport [RedHat RHEL7]
|
||||
|
||||
Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
|
||||
---
|
||||
tools/thumbnail.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tools/thumbnail.c b/tools/thumbnail.c
|
||||
index fd1cba5..75e7009 100644
|
||||
--- a/tools/thumbnail.c
|
||||
+++ b/tools/thumbnail.c
|
||||
@@ -253,7 +253,8 @@ static struct cpTag {
|
||||
{ TIFFTAG_WHITEPOINT, 2, TIFF_RATIONAL },
|
||||
{ TIFFTAG_PRIMARYCHROMATICITIES, (uint16) -1,TIFF_RATIONAL },
|
||||
{ TIFFTAG_HALFTONEHINTS, 2, TIFF_SHORT },
|
||||
- { TIFFTAG_BADFAXLINES, 1, TIFF_LONG },
|
||||
+ // disable BADFAXLINES, CVE-2016-3632
|
||||
+ //{ TIFFTAG_BADFAXLINES, 1, TIFF_LONG },
|
||||
{ TIFFTAG_CLEANFAXDATA, 1, TIFF_SHORT },
|
||||
{ TIFFTAG_CONSECUTIVEBADFAXLINES, 1, TIFF_LONG },
|
||||
{ TIFFTAG_INKSET, 1, TIFF_SHORT },
|
||||
--
|
||||
2.7.4
|
||||
|
||||
111
meta/recipes-multimedia/libtiff/files/CVE-2016-3658.patch
Normal file
111
meta/recipes-multimedia/libtiff/files/CVE-2016-3658.patch
Normal file
@@ -0,0 +1,111 @@
|
||||
From: 45c68450bef8ad876f310b495165c513cad8b67d
|
||||
From: Even Rouault <even.rouault@spatialys.com>
|
||||
|
||||
* libtiff/tif_dir.c: discard values of SMinSampleValue and
|
||||
SMaxSampleValue when they have been read and the value of
|
||||
SamplesPerPixel is changed afterwards (like when reading a
|
||||
OJPEG compressed image with a missing SamplesPerPixel tag,
|
||||
and whose photometric is RGB or YCbCr, forcing SamplesPerPixel
|
||||
being 3). Otherwise when rewriting the directory (for example
|
||||
with tiffset, we will expect 3 values whereas the array had been
|
||||
allocated with just one), thus causing a out of bound read access.
|
||||
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2500
|
||||
(CVE-2014-8127, duplicate: CVE-2016-3658)
|
||||
|
||||
* libtiff/tif_write.c: avoid null pointer dereference on td_stripoffset
|
||||
when writing directory, if FIELD_STRIPOFFSETS was artificially set
|
||||
for a hack case in OJPEG case.
|
||||
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2500
|
||||
(CVE-2014-8127, duplicate: CVE-2016-3658)
|
||||
|
||||
CVE: CVE-2016-3658
|
||||
Upstream-Status: Backport
|
||||
https://github.com/vadz/libtiff/commit/45c68450bef8ad876f310b495165c513cad8b67d
|
||||
|
||||
Signed-off-by: Zhixiong.Chi <zhixiong.chi@windriver.com>
|
||||
|
||||
Index: tiff-4.0.6/ChangeLog
|
||||
===================================================================
|
||||
--- tiff-4.0.6.orig/ChangeLog 2016-11-14 10:52:10.008748230 +0800
|
||||
+++ tiff-4.0.6/ChangeLog 2016-11-14 16:17:46.140884438 +0800
|
||||
@@ -1,3 +1,22 @@
|
||||
+2016-10-25 Even Rouault <even.rouault at spatialys.com>
|
||||
+
|
||||
+ * libtiff/tif_dir.c: discard values of SMinSampleValue and
|
||||
+ SMaxSampleValue when they have been read and the value of
|
||||
+ SamplesPerPixel is changed afterwards (like when reading a
|
||||
+ OJPEG compressed image with a missing SamplesPerPixel tag,
|
||||
+ and whose photometric is RGB or YCbCr, forcing SamplesPerPixel
|
||||
+ being 3). Otherwise when rewriting the directory (for example
|
||||
+ with tiffset, we will expect 3 values whereas the array had been
|
||||
+ allocated with just one), thus causing a out of bound read access.
|
||||
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2500
|
||||
+ (CVE-2014-8127, duplicate: CVE-2016-3658)
|
||||
+
|
||||
+ * libtiff/tif_write.c: avoid null pointer dereference on td_stripoffset
|
||||
+ when writing directory, if FIELD_STRIPOFFSETS was artificially set
|
||||
+ for a hack case in OJPEG case.
|
||||
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2500
|
||||
+ (CVE-2014-8127, duplicate: CVE-2016-3658)
|
||||
+
|
||||
2016-09-24 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
|
||||
|
||||
* libtiff/tif_getimage.c (TIFFRGBAImageOK): Reject attempts to
|
||||
Index: tiff-4.0.6/libtiff/tif_dir.c
|
||||
===================================================================
|
||||
--- tiff-4.0.6.orig/libtiff/tif_dir.c 2015-06-01 07:11:43.000000000 +0800
|
||||
+++ tiff-4.0.6/libtiff/tif_dir.c 2016-11-14 16:20:17.800885495 +0800
|
||||
@@ -254,6 +254,28 @@
|
||||
v = (uint16) va_arg(ap, uint16_vap);
|
||||
if (v == 0)
|
||||
goto badvalue;
|
||||
+ if( v != td->td_samplesperpixel )
|
||||
+ {
|
||||
+ /* See http://bugzilla.maptools.org/show_bug.cgi?id=2500 */
|
||||
+ if( td->td_sminsamplevalue != NULL )
|
||||
+ {
|
||||
+ TIFFWarningExt(tif->tif_clientdata,module,
|
||||
+ "SamplesPerPixel tag value is changing, "
|
||||
+ "but SMinSampleValue tag was read with a different value. Cancelling it");
|
||||
+ TIFFClrFieldBit(tif,FIELD_SMINSAMPLEVALUE);
|
||||
+ _TIFFfree(td->td_sminsamplevalue);
|
||||
+ td->td_sminsamplevalue = NULL;
|
||||
+ }
|
||||
+ if( td->td_smaxsamplevalue != NULL )
|
||||
+ {
|
||||
+ TIFFWarningExt(tif->tif_clientdata,module,
|
||||
+ "SamplesPerPixel tag value is changing, "
|
||||
+ "but SMaxSampleValue tag was read with a different value. Cancelling it");
|
||||
+ TIFFClrFieldBit(tif,FIELD_SMAXSAMPLEVALUE);
|
||||
+ _TIFFfree(td->td_smaxsamplevalue);
|
||||
+ td->td_smaxsamplevalue = NULL;
|
||||
+ }
|
||||
+ }
|
||||
td->td_samplesperpixel = (uint16) v;
|
||||
break;
|
||||
case TIFFTAG_ROWSPERSTRIP:
|
||||
Index: tiff-4.0.6/libtiff/tif_dirwrite.c
|
||||
===================================================================
|
||||
--- tiff-4.0.6.orig/libtiff/tif_dirwrite.c 2015-05-31 08:38:46.000000000 +0800
|
||||
+++ tiff-4.0.6/libtiff/tif_dirwrite.c 2016-11-14 16:23:54.688887007 +0800
|
||||
@@ -542,7 +542,19 @@
|
||||
{
|
||||
if (!isTiled(tif))
|
||||
{
|
||||
- if (!TIFFWriteDirectoryTagLongLong8Array(tif,&ndir,dir,TIFFTAG_STRIPOFFSETS,tif->tif_dir.td_nstrips,tif->tif_dir.td_stripoffset))
|
||||
+ /* td_stripoffset might be NULL in an odd OJPEG case. See
|
||||
+ * tif_dirread.c around line 3634.
|
||||
+ * XXX: OJPEG hack.
|
||||
+ * If a) compression is OJPEG, b) it's not a tiled TIFF,
|
||||
+ * and c) the number of strips is 1,
|
||||
+ * then we tolerate the absence of stripoffsets tag,
|
||||
+ * because, presumably, all required data is in the
|
||||
+ * JpegInterchangeFormat stream.
|
||||
+ * We can get here when using tiffset on such a file.
|
||||
+ * See http://bugzilla.maptools.org/show_bug.cgi?id=2500
|
||||
+ */
|
||||
+ if (tif->tif_dir.td_stripoffset != NULL &&
|
||||
+ !TIFFWriteDirectoryTagLongLong8Array(tif,&ndir,dir,TIFFTAG_STRIPOFFSETS,tif->tif_dir.td_nstrips,tif->tif_dir.td_stripoffset))
|
||||
goto bad;
|
||||
}
|
||||
else
|
||||
118
meta/recipes-multimedia/libtiff/files/CVE-2016-3945.patch
Normal file
118
meta/recipes-multimedia/libtiff/files/CVE-2016-3945.patch
Normal file
@@ -0,0 +1,118 @@
|
||||
From 7c39352ccd9060d311d3dc9a1f1bc00133a160e6 Mon Sep 17 00:00:00 2001
|
||||
From: erouault <erouault>
|
||||
Date: Mon, 15 Aug 2016 20:06:40 +0000
|
||||
Subject: [PATCH] * tools/tiff2rgba.c: Fix integer overflow in size of
|
||||
allocated buffer, when -b mode is enabled, that could result in out-of-bounds
|
||||
write. Based initially on patch tiff-CVE-2016-3945.patch from
|
||||
libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro, with correction for invalid
|
||||
tests that rejected valid files.
|
||||
|
||||
CVE: CVE-2016-3945
|
||||
Upstream-Status: Backport
|
||||
https://github.com/vadz/libtiff/commit/7c39352ccd9060d311d3dc9a1f1bc00133a160e6
|
||||
|
||||
Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
|
||||
---
|
||||
ChangeLog | 8 ++++++++
|
||||
tools/tiff2rgba.c | 34 ++++++++++++++++++++++++++++++----
|
||||
2 files changed, 38 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/ChangeLog b/ChangeLog
|
||||
index 62dc1b5..9c0ab29 100644
|
||||
--- a/ChangeLog
|
||||
+++ b/ChangeLog
|
||||
@@ -1,3 +1,11 @@
|
||||
+2016-08-15 Even Rouault <even.rouault at spatialys.com>
|
||||
+
|
||||
+ * tools/tiff2rgba.c: Fix integer overflow in size of allocated
|
||||
+ buffer, when -b mode is enabled, that could result in out-of-bounds
|
||||
+ write. Based initially on patch tiff-CVE-2016-3945.patch from
|
||||
+ libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro, with correction for
|
||||
+ invalid tests that rejected valid files.
|
||||
+
|
||||
2016-07-11 Even Rouault <even.rouault at spatialys.com>
|
||||
|
||||
* tools/tiffcrop.c: Avoid access outside of stack allocated array
|
||||
diff --git a/tools/tiff2rgba.c b/tools/tiff2rgba.c
|
||||
index b7a81eb..16e3dc4 100644
|
||||
--- a/tools/tiff2rgba.c
|
||||
+++ b/tools/tiff2rgba.c
|
||||
@@ -147,6 +147,7 @@ cvt_by_tile( TIFF *in, TIFF *out )
|
||||
uint32 row, col;
|
||||
uint32 *wrk_line;
|
||||
int ok = 1;
|
||||
+ uint32 rastersize, wrk_linesize;
|
||||
|
||||
TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width);
|
||||
TIFFGetField(in, TIFFTAG_IMAGELENGTH, &height);
|
||||
@@ -163,7 +164,13 @@ cvt_by_tile( TIFF *in, TIFF *out )
|
||||
/*
|
||||
* Allocate tile buffer
|
||||
*/
|
||||
- raster = (uint32*)_TIFFmalloc(tile_width * tile_height * sizeof (uint32));
|
||||
+ rastersize = tile_width * tile_height * sizeof (uint32);
|
||||
+ if (tile_width != (rastersize / tile_height) / sizeof( uint32))
|
||||
+ {
|
||||
+ TIFFError(TIFFFileName(in), "Integer overflow when calculating raster buffer");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
+ raster = (uint32*)_TIFFmalloc(rastersize);
|
||||
if (raster == 0) {
|
||||
TIFFError(TIFFFileName(in), "No space for raster buffer");
|
||||
return (0);
|
||||
@@ -173,7 +180,13 @@ cvt_by_tile( TIFF *in, TIFF *out )
|
||||
* Allocate a scanline buffer for swapping during the vertical
|
||||
* mirroring pass.
|
||||
*/
|
||||
- wrk_line = (uint32*)_TIFFmalloc(tile_width * sizeof (uint32));
|
||||
+ wrk_linesize = tile_width * sizeof (uint32);
|
||||
+ if (tile_width != wrk_linesize / sizeof (uint32))
|
||||
+ {
|
||||
+ TIFFError(TIFFFileName(in), "Integer overflow when calculating wrk_line buffer");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
+ wrk_line = (uint32*)_TIFFmalloc(wrk_linesize);
|
||||
if (!wrk_line) {
|
||||
TIFFError(TIFFFileName(in), "No space for raster scanline buffer");
|
||||
ok = 0;
|
||||
@@ -249,6 +262,7 @@ cvt_by_strip( TIFF *in, TIFF *out )
|
||||
uint32 row;
|
||||
uint32 *wrk_line;
|
||||
int ok = 1;
|
||||
+ uint32 rastersize, wrk_linesize;
|
||||
|
||||
TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width);
|
||||
TIFFGetField(in, TIFFTAG_IMAGELENGTH, &height);
|
||||
@@ -263,7 +277,13 @@ cvt_by_strip( TIFF *in, TIFF *out )
|
||||
/*
|
||||
* Allocate strip buffer
|
||||
*/
|
||||
- raster = (uint32*)_TIFFmalloc(width * rowsperstrip * sizeof (uint32));
|
||||
+ rastersize = width * rowsperstrip * sizeof (uint32);
|
||||
+ if (width != (rastersize / rowsperstrip) / sizeof( uint32))
|
||||
+ {
|
||||
+ TIFFError(TIFFFileName(in), "Integer overflow when calculating raster buffer");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
+ raster = (uint32*)_TIFFmalloc(rastersize);
|
||||
if (raster == 0) {
|
||||
TIFFError(TIFFFileName(in), "No space for raster buffer");
|
||||
return (0);
|
||||
@@ -273,7 +293,13 @@ cvt_by_strip( TIFF *in, TIFF *out )
|
||||
* Allocate a scanline buffer for swapping during the vertical
|
||||
* mirroring pass.
|
||||
*/
|
||||
- wrk_line = (uint32*)_TIFFmalloc(width * sizeof (uint32));
|
||||
+ wrk_linesize = width * sizeof (uint32);
|
||||
+ if (width != wrk_linesize / sizeof (uint32))
|
||||
+ {
|
||||
+ TIFFError(TIFFFileName(in), "Integer overflow when calculating wrk_line buffer");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
+ wrk_line = (uint32*)_TIFFmalloc(wrk_linesize);
|
||||
if (!wrk_line) {
|
||||
TIFFError(TIFFFileName(in), "No space for raster scanline buffer");
|
||||
ok = 0;
|
||||
--
|
||||
2.7.4
|
||||
|
||||
66
meta/recipes-multimedia/libtiff/files/CVE-2016-3990.patch
Normal file
66
meta/recipes-multimedia/libtiff/files/CVE-2016-3990.patch
Normal file
@@ -0,0 +1,66 @@
|
||||
From 6a4dbb07ccf92836bb4adac7be4575672d0ac5f1 Mon Sep 17 00:00:00 2001
|
||||
From: erouault <erouault>
|
||||
Date: Mon, 15 Aug 2016 20:49:48 +0000
|
||||
Subject: [PATCH] * libtiff/tif_pixarlog.c: Fix write buffer overflow in
|
||||
PixarLogEncode if more input samples are provided than expected by
|
||||
PixarLogSetupEncode. Idea based on libtiff-CVE-2016-3990.patch from
|
||||
libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro, but with different and
|
||||
simpler check. (bugzilla #2544)
|
||||
|
||||
invalid tests that rejected valid files. (bugzilla #2545)
|
||||
|
||||
CVE: CVE-2016-3990
|
||||
Upstream-Status: Backport
|
||||
https://github.com/vadz/libtiff/commit/6a4dbb07ccf92836bb4adac7be4575672d0ac5f1
|
||||
|
||||
Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
|
||||
---
|
||||
ChangeLog | 10 +++++++++-
|
||||
libtiff/tif_pixarlog.c | 7 +++++++
|
||||
2 files changed, 16 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/ChangeLog b/ChangeLog
|
||||
index 9c0ab29..db4ea18 100644
|
||||
--- a/ChangeLog
|
||||
+++ b/ChangeLog
|
||||
@@ -1,10 +1,18 @@
|
||||
2016-08-15 Even Rouault <even.rouault at spatialys.com>
|
||||
|
||||
+ * libtiff/tif_pixarlog.c: Fix write buffer overflow in PixarLogEncode
|
||||
+ if more input samples are provided than expected by PixarLogSetupEncode.
|
||||
+ Idea based on libtiff-CVE-2016-3990.patch from
|
||||
+ libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro, but with different and
|
||||
+ simpler check. (bugzilla #2544)
|
||||
+
|
||||
+2016-08-15 Even Rouault <even.rouault at spatialys.com>
|
||||
+
|
||||
* tools/tiff2rgba.c: Fix integer overflow in size of allocated
|
||||
buffer, when -b mode is enabled, that could result in out-of-bounds
|
||||
write. Based initially on patch tiff-CVE-2016-3945.patch from
|
||||
libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro, with correction for
|
||||
- invalid tests that rejected valid files.
|
||||
+ invalid tests that rejected valid files. (bugzilla #2545)
|
||||
|
||||
2016-07-11 Even Rouault <even.rouault at spatialys.com>
|
||||
|
||||
diff --git a/libtiff/tif_pixarlog.c b/libtiff/tif_pixarlog.c
|
||||
index e78f788..28329d1 100644
|
||||
--- a/libtiff/tif_pixarlog.c
|
||||
+++ b/libtiff/tif_pixarlog.c
|
||||
@@ -1141,6 +1141,13 @@ PixarLogEncode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
|
||||
}
|
||||
|
||||
llen = sp->stride * td->td_imagewidth;
|
||||
+ /* Check against the number of elements (of size uint16) of sp->tbuf */
|
||||
+ if( n > td->td_rowsperstrip * llen )
|
||||
+ {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, module,
|
||||
+ "Too many input bytes provided");
|
||||
+ return 0;
|
||||
+ }
|
||||
|
||||
for (i = 0, up = sp->tbuf; i < n; i += llen, up += llen) {
|
||||
switch (sp->user_datafmt) {
|
||||
--
|
||||
2.7.4
|
||||
|
||||
147
meta/recipes-multimedia/libtiff/files/CVE-2016-3991.patch
Normal file
147
meta/recipes-multimedia/libtiff/files/CVE-2016-3991.patch
Normal file
@@ -0,0 +1,147 @@
|
||||
From e596d4e27c5afb7960dc360fdd3afd90ba0fb8ba Mon Sep 17 00:00:00 2001
|
||||
From: erouault <erouault>
|
||||
Date: Mon, 15 Aug 2016 21:05:40 +0000
|
||||
Subject: [PATCH 2/2] * tools/tiffcrop.c: Fix out-of-bounds write in
|
||||
loadImage(). From patch libtiff-CVE-2016-3991.patch from
|
||||
libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro (bugzilla #2543)
|
||||
|
||||
CVE: CVE-2016-3991
|
||||
Upstream-Status: Backport
|
||||
https://github.com/vadz/libtiff/commit/e596d4e27c5afb7960dc360fdd3afd90ba0fb8ba
|
||||
|
||||
Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
|
||||
---
|
||||
ChangeLog | 6 ++++++
|
||||
tools/tiffcrop.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++---
|
||||
2 files changed, 62 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/ChangeLog b/ChangeLog
|
||||
index db4ea18..5d60608 100644
|
||||
--- a/ChangeLog
|
||||
+++ b/ChangeLog
|
||||
@@ -1,5 +1,11 @@
|
||||
2016-08-15 Even Rouault <even.rouault at spatialys.com>
|
||||
|
||||
+ * tools/tiffcrop.c: Fix out-of-bounds write in loadImage().
|
||||
+ From patch libtiff-CVE-2016-3991.patch from
|
||||
+ libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro (bugzilla #2543)
|
||||
+
|
||||
+2016-08-15 Even Rouault <even.rouault at spatialys.com>
|
||||
+
|
||||
* libtiff/tif_pixarlog.c: Fix write buffer overflow in PixarLogEncode
|
||||
if more input samples are provided than expected by PixarLogSetupEncode.
|
||||
Idea based on libtiff-CVE-2016-3990.patch from
|
||||
diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
|
||||
index 27abc0b..ddba7b9 100644
|
||||
--- a/tools/tiffcrop.c
|
||||
+++ b/tools/tiffcrop.c
|
||||
@@ -798,6 +798,11 @@ static int readContigTilesIntoBuffer (TIFF* in, uint8* buf,
|
||||
}
|
||||
|
||||
tile_buffsize = tilesize;
|
||||
+ if (tilesize == 0 || tile_rowsize == 0)
|
||||
+ {
|
||||
+ TIFFError("readContigTilesIntoBuffer", "Tile size or tile rowsize is zero");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
|
||||
if (tilesize < (tsize_t)(tl * tile_rowsize))
|
||||
{
|
||||
@@ -807,7 +812,12 @@ static int readContigTilesIntoBuffer (TIFF* in, uint8* buf,
|
||||
tilesize, tl * tile_rowsize);
|
||||
#endif
|
||||
tile_buffsize = tl * tile_rowsize;
|
||||
- }
|
||||
+ if (tl != (tile_buffsize / tile_rowsize))
|
||||
+ {
|
||||
+ TIFFError("readContigTilesIntoBuffer", "Integer overflow when calculating buffer size.");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
+ }
|
||||
|
||||
tilebuf = _TIFFmalloc(tile_buffsize);
|
||||
if (tilebuf == 0)
|
||||
@@ -1210,6 +1220,12 @@ static int writeBufferToContigTiles (TIFF* out, uint8* buf, uint32 imagelength,
|
||||
!TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps) )
|
||||
return 1;
|
||||
|
||||
+ if (tilesize == 0 || tile_rowsize == 0 || tl == 0 || tw == 0)
|
||||
+ {
|
||||
+ TIFFError("writeBufferToContigTiles", "Tile size, tile row size, tile width, or tile length is zero");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
+
|
||||
tile_buffsize = tilesize;
|
||||
if (tilesize < (tsize_t)(tl * tile_rowsize))
|
||||
{
|
||||
@@ -1219,6 +1235,11 @@ static int writeBufferToContigTiles (TIFF* out, uint8* buf, uint32 imagelength,
|
||||
tilesize, tl * tile_rowsize);
|
||||
#endif
|
||||
tile_buffsize = tl * tile_rowsize;
|
||||
+ if (tl != tile_buffsize / tile_rowsize)
|
||||
+ {
|
||||
+ TIFFError("writeBufferToContigTiles", "Integer overflow when calculating buffer size");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
}
|
||||
|
||||
tilebuf = _TIFFmalloc(tile_buffsize);
|
||||
@@ -5945,12 +5966,27 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
|
||||
TIFFGetField(in, TIFFTAG_TILELENGTH, &tl);
|
||||
|
||||
tile_rowsize = TIFFTileRowSize(in);
|
||||
+ if (ntiles == 0 || tlsize == 0 || tile_rowsize == 0)
|
||||
+ {
|
||||
+ TIFFError("loadImage", "File appears to be tiled, but the number of tiles, tile size, or tile rowsize is zero.");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
buffsize = tlsize * ntiles;
|
||||
+ if (tlsize != (buffsize / ntiles))
|
||||
+ {
|
||||
+ TIFFError("loadImage", "Integer overflow when calculating buffer size");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
|
||||
-
|
||||
if (buffsize < (uint32)(ntiles * tl * tile_rowsize))
|
||||
{
|
||||
buffsize = ntiles * tl * tile_rowsize;
|
||||
+ if (ntiles != (buffsize / tl / tile_rowsize))
|
||||
+ {
|
||||
+ TIFFError("loadImage", "Integer overflow when calculating buffer size");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
+
|
||||
#ifdef DEBUG2
|
||||
TIFFError("loadImage",
|
||||
"Tilesize %u is too small, using ntiles * tilelength * tilerowsize %lu",
|
||||
@@ -5969,8 +6005,25 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
|
||||
TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rowsperstrip);
|
||||
stsize = TIFFStripSize(in);
|
||||
nstrips = TIFFNumberOfStrips(in);
|
||||
+ if (nstrips == 0 || stsize == 0)
|
||||
+ {
|
||||
+ TIFFError("loadImage", "File appears to be striped, but the number of stipes or stripe size is zero.");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
+
|
||||
buffsize = stsize * nstrips;
|
||||
-
|
||||
+ if (stsize != (buffsize / nstrips))
|
||||
+ {
|
||||
+ TIFFError("loadImage", "Integer overflow when calculating buffer size");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
+ uint32 buffsize_check;
|
||||
+ buffsize_check = ((length * width * spp * bps) + 7);
|
||||
+ if (length != ((buffsize_check - 7) / width / spp / bps))
|
||||
+ {
|
||||
+ TIFFError("loadImage", "Integer overflow detected.");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
if (buffsize < (uint32) (((length * width * spp * bps) + 7) / 8))
|
||||
{
|
||||
buffsize = ((length * width * spp * bps) + 7) / 8;
|
||||
--
|
||||
2.7.4
|
||||
|
||||
423
meta/recipes-multimedia/libtiff/files/CVE-2016-9535-1.patch
Normal file
423
meta/recipes-multimedia/libtiff/files/CVE-2016-9535-1.patch
Normal file
@@ -0,0 +1,423 @@
|
||||
From 3ca657a8793dd011bf869695d72ad31c779c3cc1 Mon Sep 17 00:00:00 2001
|
||||
From: erouault <erouault>
|
||||
Date: Mon, 31 Oct 2016 17:24:26 +0000
|
||||
Subject: [PATCH 1/2] Fix CVE-2016-9535
|
||||
|
||||
* libtiff/tif_predict.h, libtiff/tif_predict.c: Replace
|
||||
assertions by runtime checks to avoid assertions in debug mode, or buffer
|
||||
overflows in release mode. Can happen when dealing with unusual tile size
|
||||
like YCbCr with subsampling. Reported as MSVR 35105 by Axel Souchet &
|
||||
Vishal Chauhan from the MSRC Vulnerabilities & Mitigations team.
|
||||
|
||||
CVE: CVE-2016-9535
|
||||
Upstream-Status: Backport
|
||||
https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
|
||||
|
||||
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
|
||||
|
||||
---
|
||||
libtiff/tif_predict.c | 153 +++++++++++++++++++++++++++++++++++---------------
|
||||
libtiff/tif_predict.h | 6 +-
|
||||
2 files changed, 121 insertions(+), 47 deletions(-)
|
||||
|
||||
diff --git a/libtiff/tif_predict.c b/libtiff/tif_predict.c
|
||||
index 555f2f9..b829259 100644
|
||||
--- a/libtiff/tif_predict.c
|
||||
+++ b/libtiff/tif_predict.c
|
||||
@@ -34,18 +34,18 @@
|
||||
|
||||
#define PredictorState(tif) ((TIFFPredictorState*) (tif)->tif_data)
|
||||
|
||||
-static void horAcc8(TIFF* tif, uint8* cp0, tmsize_t cc);
|
||||
-static void horAcc16(TIFF* tif, uint8* cp0, tmsize_t cc);
|
||||
-static void horAcc32(TIFF* tif, uint8* cp0, tmsize_t cc);
|
||||
-static void swabHorAcc16(TIFF* tif, uint8* cp0, tmsize_t cc);
|
||||
-static void swabHorAcc32(TIFF* tif, uint8* cp0, tmsize_t cc);
|
||||
-static void horDiff8(TIFF* tif, uint8* cp0, tmsize_t cc);
|
||||
-static void horDiff16(TIFF* tif, uint8* cp0, tmsize_t cc);
|
||||
-static void horDiff32(TIFF* tif, uint8* cp0, tmsize_t cc);
|
||||
-static void swabHorDiff16(TIFF* tif, uint8* cp0, tmsize_t cc);
|
||||
-static void swabHorDiff32(TIFF* tif, uint8* cp0, tmsize_t cc);
|
||||
-static void fpAcc(TIFF* tif, uint8* cp0, tmsize_t cc);
|
||||
-static void fpDiff(TIFF* tif, uint8* cp0, tmsize_t cc);
|
||||
+static int horAcc8(TIFF* tif, uint8* cp0, tmsize_t cc);
|
||||
+static int horAcc16(TIFF* tif, uint8* cp0, tmsize_t cc);
|
||||
+static int horAcc32(TIFF* tif, uint8* cp0, tmsize_t cc);
|
||||
+static int swabHorAcc16(TIFF* tif, uint8* cp0, tmsize_t cc);
|
||||
+static int swabHorAcc32(TIFF* tif, uint8* cp0, tmsize_t cc);
|
||||
+static int horDiff8(TIFF* tif, uint8* cp0, tmsize_t cc);
|
||||
+static int horDiff16(TIFF* tif, uint8* cp0, tmsize_t cc);
|
||||
+static int horDiff32(TIFF* tif, uint8* cp0, tmsize_t cc);
|
||||
+static int swabHorDiff16(TIFF* tif, uint8* cp0, tmsize_t cc);
|
||||
+static int swabHorDiff32(TIFF* tif, uint8* cp0, tmsize_t cc);
|
||||
+static int fpAcc(TIFF* tif, uint8* cp0, tmsize_t cc);
|
||||
+static int fpDiff(TIFF* tif, uint8* cp0, tmsize_t cc);
|
||||
static int PredictorDecodeRow(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s);
|
||||
static int PredictorDecodeTile(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s);
|
||||
static int PredictorEncodeRow(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s);
|
||||
@@ -273,13 +273,19 @@ PredictorSetupEncode(TIFF* tif)
|
||||
/* - when storing into the byte stream, we explicitly mask with 0xff so */
|
||||
/* as to make icc -check=conversions happy (not necessary by the standard) */
|
||||
|
||||
-static void
|
||||
+static int
|
||||
horAcc8(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
{
|
||||
tmsize_t stride = PredictorState(tif)->stride;
|
||||
|
||||
unsigned char* cp = (unsigned char*) cp0;
|
||||
- assert((cc%stride)==0);
|
||||
+ if((cc%stride)!=0)
|
||||
+ {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, "horAcc8",
|
||||
+ "%s", "(cc%stride)!=0");
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
if (cc > stride) {
|
||||
/*
|
||||
* Pipeline the most common cases.
|
||||
@@ -321,26 +327,32 @@ horAcc8(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
} while (cc>0);
|
||||
}
|
||||
}
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
-static void
|
||||
+static int
|
||||
swabHorAcc16(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
{
|
||||
uint16* wp = (uint16*) cp0;
|
||||
tmsize_t wc = cc / 2;
|
||||
|
||||
TIFFSwabArrayOfShort(wp, wc);
|
||||
- horAcc16(tif, cp0, cc);
|
||||
+ return horAcc16(tif, cp0, cc);
|
||||
}
|
||||
|
||||
-static void
|
||||
+static int
|
||||
horAcc16(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
{
|
||||
tmsize_t stride = PredictorState(tif)->stride;
|
||||
uint16* wp = (uint16*) cp0;
|
||||
tmsize_t wc = cc / 2;
|
||||
|
||||
- assert((cc%(2*stride))==0);
|
||||
+ if((cc%(2*stride))!=0)
|
||||
+ {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, "horAcc16",
|
||||
+ "%s", "cc%(2*stride))!=0");
|
||||
+ return 0;
|
||||
+ }
|
||||
|
||||
if (wc > stride) {
|
||||
wc -= stride;
|
||||
@@ -349,26 +361,32 @@ horAcc16(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
wc -= stride;
|
||||
} while (wc > 0);
|
||||
}
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
-static void
|
||||
+static int
|
||||
swabHorAcc32(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
{
|
||||
uint32* wp = (uint32*) cp0;
|
||||
tmsize_t wc = cc / 4;
|
||||
|
||||
TIFFSwabArrayOfLong(wp, wc);
|
||||
- horAcc32(tif, cp0, cc);
|
||||
+ return horAcc32(tif, cp0, cc);
|
||||
}
|
||||
|
||||
-static void
|
||||
+static int
|
||||
horAcc32(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
{
|
||||
tmsize_t stride = PredictorState(tif)->stride;
|
||||
uint32* wp = (uint32*) cp0;
|
||||
tmsize_t wc = cc / 4;
|
||||
|
||||
- assert((cc%(4*stride))==0);
|
||||
+ if((cc%(4*stride))!=0)
|
||||
+ {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, "horAcc32",
|
||||
+ "%s", "cc%(4*stride))!=0");
|
||||
+ return 0;
|
||||
+ }
|
||||
|
||||
if (wc > stride) {
|
||||
wc -= stride;
|
||||
@@ -377,12 +395,13 @@ horAcc32(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
wc -= stride;
|
||||
} while (wc > 0);
|
||||
}
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Floating point predictor accumulation routine.
|
||||
*/
|
||||
-static void
|
||||
+static int
|
||||
fpAcc(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
{
|
||||
tmsize_t stride = PredictorState(tif)->stride;
|
||||
@@ -392,10 +411,15 @@ fpAcc(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
uint8 *cp = (uint8 *) cp0;
|
||||
uint8 *tmp = (uint8 *)_TIFFmalloc(cc);
|
||||
|
||||
- assert((cc%(bps*stride))==0);
|
||||
+ if(cc%(bps*stride)!=0)
|
||||
+ {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, "fpAcc",
|
||||
+ "%s", "cc%(bps*stride))!=0");
|
||||
+ return 0;
|
||||
+ }
|
||||
|
||||
if (!tmp)
|
||||
- return;
|
||||
+ return 0;
|
||||
|
||||
while (count > stride) {
|
||||
REPEAT4(stride, cp[stride] =
|
||||
@@ -417,6 +441,7 @@ fpAcc(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
}
|
||||
}
|
||||
_TIFFfree(tmp);
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -432,8 +457,7 @@ PredictorDecodeRow(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
|
||||
assert(sp->decodepfunc != NULL);
|
||||
|
||||
if ((*sp->decoderow)(tif, op0, occ0, s)) {
|
||||
- (*sp->decodepfunc)(tif, op0, occ0);
|
||||
- return 1;
|
||||
+ return (*sp->decodepfunc)(tif, op0, occ0);
|
||||
} else
|
||||
return 0;
|
||||
}
|
||||
@@ -456,10 +480,16 @@ PredictorDecodeTile(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
|
||||
if ((*sp->decodetile)(tif, op0, occ0, s)) {
|
||||
tmsize_t rowsize = sp->rowsize;
|
||||
assert(rowsize > 0);
|
||||
- assert((occ0%rowsize)==0);
|
||||
+ if((occ0%rowsize) !=0)
|
||||
+ {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, "PredictorDecodeTile",
|
||||
+ "%s", "occ0%rowsize != 0");
|
||||
+ return 0;
|
||||
+ }
|
||||
assert(sp->decodepfunc != NULL);
|
||||
while (occ0 > 0) {
|
||||
- (*sp->decodepfunc)(tif, op0, rowsize);
|
||||
+ if( !(*sp->decodepfunc)(tif, op0, rowsize) )
|
||||
+ return 0;
|
||||
occ0 -= rowsize;
|
||||
op0 += rowsize;
|
||||
}
|
||||
@@ -468,14 +498,19 @@ PredictorDecodeTile(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
|
||||
return 0;
|
||||
}
|
||||
|
||||
-static void
|
||||
+static int
|
||||
horDiff8(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
{
|
||||
TIFFPredictorState* sp = PredictorState(tif);
|
||||
tmsize_t stride = sp->stride;
|
||||
unsigned char* cp = (unsigned char*) cp0;
|
||||
|
||||
- assert((cc%stride)==0);
|
||||
+ if((cc%stride)!=0)
|
||||
+ {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, "horDiff8",
|
||||
+ "%s", "(cc%stride)!=0");
|
||||
+ return 0;
|
||||
+ }
|
||||
|
||||
if (cc > stride) {
|
||||
cc -= stride;
|
||||
@@ -513,9 +548,10 @@ horDiff8(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
} while ((cc -= stride) > 0);
|
||||
}
|
||||
}
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
-static void
|
||||
+static int
|
||||
horDiff16(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
{
|
||||
TIFFPredictorState* sp = PredictorState(tif);
|
||||
@@ -523,7 +559,12 @@ horDiff16(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
uint16 *wp = (uint16*) cp0;
|
||||
tmsize_t wc = cc/2;
|
||||
|
||||
- assert((cc%(2*stride))==0);
|
||||
+ if((cc%(2*stride))!=0)
|
||||
+ {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, "horDiff8",
|
||||
+ "%s", "(cc%(2*stride))!=0");
|
||||
+ return 0;
|
||||
+ }
|
||||
|
||||
if (wc > stride) {
|
||||
wc -= stride;
|
||||
@@ -533,20 +574,23 @@ horDiff16(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
wc -= stride;
|
||||
} while (wc > 0);
|
||||
}
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
-static void
|
||||
+static int
|
||||
swabHorDiff16(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
{
|
||||
uint16* wp = (uint16*) cp0;
|
||||
tmsize_t wc = cc / 2;
|
||||
|
||||
- horDiff16(tif, cp0, cc);
|
||||
+ if( !horDiff16(tif, cp0, cc) )
|
||||
+ return 0;
|
||||
|
||||
TIFFSwabArrayOfShort(wp, wc);
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
-static void
|
||||
+static int
|
||||
horDiff32(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
{
|
||||
TIFFPredictorState* sp = PredictorState(tif);
|
||||
@@ -554,7 +598,12 @@ horDiff32(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
uint32 *wp = (uint32*) cp0;
|
||||
tmsize_t wc = cc/4;
|
||||
|
||||
- assert((cc%(4*stride))==0);
|
||||
+ if((cc%(4*stride))!=0)
|
||||
+ {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, "horDiff32",
|
||||
+ "%s", "(cc%(4*stride))!=0");
|
||||
+ return 0;
|
||||
+ }
|
||||
|
||||
if (wc > stride) {
|
||||
wc -= stride;
|
||||
@@ -564,23 +613,26 @@ horDiff32(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
wc -= stride;
|
||||
} while (wc > 0);
|
||||
}
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
-static void
|
||||
+static int
|
||||
swabHorDiff32(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
{
|
||||
uint32* wp = (uint32*) cp0;
|
||||
tmsize_t wc = cc / 4;
|
||||
|
||||
- horDiff32(tif, cp0, cc);
|
||||
+ if( !horDiff32(tif, cp0, cc) )
|
||||
+ return 0;
|
||||
|
||||
TIFFSwabArrayOfLong(wp, wc);
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Floating point predictor differencing routine.
|
||||
*/
|
||||
-static void
|
||||
+static int
|
||||
fpDiff(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
{
|
||||
tmsize_t stride = PredictorState(tif)->stride;
|
||||
@@ -590,10 +642,14 @@ fpDiff(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
uint8 *cp = (uint8 *) cp0;
|
||||
uint8 *tmp = (uint8 *)_TIFFmalloc(cc);
|
||||
|
||||
- assert((cc%(bps*stride))==0);
|
||||
-
|
||||
+ if((cc%(bps*stride))!=0)
|
||||
+ {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, "fpDiff",
|
||||
+ "%s", "(cc%(bps*stride))!=0");
|
||||
+ return 0;
|
||||
+ }
|
||||
if (!tmp)
|
||||
- return;
|
||||
+ return 0;
|
||||
|
||||
_TIFFmemcpy(tmp, cp0, cc);
|
||||
for (count = 0; count < wc; count++) {
|
||||
@@ -613,6 +669,7 @@ fpDiff(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
cp += cc - stride - 1;
|
||||
for (count = cc; count > stride; count -= stride)
|
||||
REPEAT4(stride, cp[stride] = (unsigned char)((cp[stride] - cp[0])&0xff); cp--)
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
static int
|
||||
@@ -625,7 +682,8 @@ PredictorEncodeRow(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
|
||||
assert(sp->encoderow != NULL);
|
||||
|
||||
/* XXX horizontal differencing alters user's data XXX */
|
||||
- (*sp->encodepfunc)(tif, bp, cc);
|
||||
+ if( !(*sp->encodepfunc)(tif, bp, cc) )
|
||||
+ return 0;
|
||||
return (*sp->encoderow)(tif, bp, cc, s);
|
||||
}
|
||||
|
||||
@@ -660,7 +718,12 @@ PredictorEncodeTile(TIFF* tif, uint8* bp0, tmsize_t cc0, uint16 s)
|
||||
|
||||
rowsize = sp->rowsize;
|
||||
assert(rowsize > 0);
|
||||
- assert((cc0%rowsize)==0);
|
||||
+ if((cc0%rowsize)!=0)
|
||||
+ {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, "PredictorEncodeTile",
|
||||
+ "%s", "(cc0%rowsize)!=0");
|
||||
+ return 0;
|
||||
+ }
|
||||
while (cc > 0) {
|
||||
(*sp->encodepfunc)(tif, bp, rowsize);
|
||||
cc -= rowsize;
|
||||
diff --git a/libtiff/tif_predict.h b/libtiff/tif_predict.h
|
||||
index 91330cc..9e485a4 100644
|
||||
--- a/libtiff/tif_predict.h
|
||||
+++ b/libtiff/tif_predict.h
|
||||
@@ -30,6 +30,8 @@
|
||||
* ``Library-private'' Support for the Predictor Tag
|
||||
*/
|
||||
|
||||
+typedef int (*TIFFEncodeDecodeMethod)(TIFF* tif, uint8* buf, tmsize_t size);
|
||||
+
|
||||
/*
|
||||
* Codecs that want to support the Predictor tag must place
|
||||
* this structure first in their private state block so that
|
||||
@@ -43,12 +45,12 @@ typedef struct {
|
||||
TIFFCodeMethod encoderow; /* parent codec encode/decode row */
|
||||
TIFFCodeMethod encodestrip; /* parent codec encode/decode strip */
|
||||
TIFFCodeMethod encodetile; /* parent codec encode/decode tile */
|
||||
- TIFFPostMethod encodepfunc; /* horizontal differencer */
|
||||
+ TIFFEncodeDecodeMethod encodepfunc; /* horizontal differencer */
|
||||
|
||||
TIFFCodeMethod decoderow; /* parent codec encode/decode row */
|
||||
TIFFCodeMethod decodestrip; /* parent codec encode/decode strip */
|
||||
TIFFCodeMethod decodetile; /* parent codec encode/decode tile */
|
||||
- TIFFPostMethod decodepfunc; /* horizontal accumulator */
|
||||
+ TIFFEncodeDecodeMethod decodepfunc; /* horizontal accumulator */
|
||||
|
||||
TIFFVGetMethod vgetparent; /* super-class method */
|
||||
TIFFVSetMethod vsetparent; /* super-class method */
|
||||
--
|
||||
2.9.3
|
||||
|
||||
67
meta/recipes-multimedia/libtiff/files/CVE-2016-9535-2.patch
Normal file
67
meta/recipes-multimedia/libtiff/files/CVE-2016-9535-2.patch
Normal file
@@ -0,0 +1,67 @@
|
||||
From 6a984bf7905c6621281588431f384e79d11a2e33 Mon Sep 17 00:00:00 2001
|
||||
From: erouault <erouault>
|
||||
Date: Fri, 4 Nov 2016 09:19:13 +0000
|
||||
Subject: [PATCH 2/2] Fix CVE-2016-9535
|
||||
* libtiff/tif_predic.c: fix memory leaks in error code
|
||||
paths added in previous commit (fix for MSVR 35105)
|
||||
|
||||
CVE: CVE-2016-9535
|
||||
Upstream-Status: Backport
|
||||
https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33
|
||||
|
||||
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
|
||||
|
||||
---
|
||||
libtiff/tif_predict.c | 8 ++++++--
|
||||
1 files changed, 11 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/libtiff/tif_predict.c b/libtiff/tif_predict.c
|
||||
index b829259..3f42f3b 100644
|
||||
--- a/libtiff/tif_predict.c
|
||||
+++ b/libtiff/tif_predict.c
|
||||
@@ -409,7 +409,7 @@ fpAcc(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
tmsize_t wc = cc / bps;
|
||||
tmsize_t count = cc;
|
||||
uint8 *cp = (uint8 *) cp0;
|
||||
- uint8 *tmp = (uint8 *)_TIFFmalloc(cc);
|
||||
+ uint8 *tmp;
|
||||
|
||||
if(cc%(bps*stride)!=0)
|
||||
{
|
||||
@@ -418,6 +418,7 @@ fpAcc(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+ tmp = (uint8 *)_TIFFmalloc(cc);
|
||||
if (!tmp)
|
||||
return 0;
|
||||
|
||||
@@ -640,7 +641,7 @@ fpDiff(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
tmsize_t wc = cc / bps;
|
||||
tmsize_t count;
|
||||
uint8 *cp = (uint8 *) cp0;
|
||||
- uint8 *tmp = (uint8 *)_TIFFmalloc(cc);
|
||||
+ uint8 *tmp;
|
||||
|
||||
if((cc%(bps*stride))!=0)
|
||||
{
|
||||
@@ -648,6 +649,8 @@ fpDiff(TIFF* tif, uint8* cp0, tmsize_t cc)
|
||||
"%s", "(cc%(bps*stride))!=0");
|
||||
return 0;
|
||||
}
|
||||
+
|
||||
+ tmp = (uint8 *)_TIFFmalloc(cc);
|
||||
if (!tmp)
|
||||
return 0;
|
||||
|
||||
@@ -722,6 +725,7 @@ PredictorEncodeTile(TIFF* tif, uint8* bp0, tmsize_t cc0, uint16 s)
|
||||
{
|
||||
TIFFErrorExt(tif->tif_clientdata, "PredictorEncodeTile",
|
||||
"%s", "(cc0%rowsize)!=0");
|
||||
+ _TIFFfree( working_copy );
|
||||
return 0;
|
||||
}
|
||||
while (cc > 0) {
|
||||
--
|
||||
2.9.3
|
||||
|
||||
67
meta/recipes-multimedia/libtiff/files/CVE-2016-9538.patch
Normal file
67
meta/recipes-multimedia/libtiff/files/CVE-2016-9538.patch
Normal file
@@ -0,0 +1,67 @@
|
||||
From 43c0b81a818640429317c80fea1e66771e85024b Mon Sep 17 00:00:00 2001
|
||||
From: erouault <erouault>
|
||||
Date: Sat, 8 Oct 2016 15:04:31 +0000
|
||||
Subject: [PATCH] Fix CVE-2016-9538
|
||||
* tools/tiffcp.c: fix read of undefined variable in case of
|
||||
missing required tags. Found on test case of MSVR 35100. * tools/tiffcrop.c:
|
||||
fix read of undefined buffer in readContigStripsIntoBuffer() due to uint16
|
||||
overflow. Probably not a security issue but I can be wrong. Reported as MSVR
|
||||
35100 by Axel Souchet from the MSRC Vulnerabilities & Mitigations team.
|
||||
|
||||
CVE: CVE-2016-9538
|
||||
Upstream-Status: Backport
|
||||
https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f
|
||||
|
||||
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
|
||||
|
||||
---
|
||||
tools/tiffcp.c | 4 ++--
|
||||
tools/tiffcrop.c | 9 ++++++---
|
||||
2 files changed, 17 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/tools/tiffcp.c b/tools/tiffcp.c
|
||||
index ba2b715..4ad74d3 100644
|
||||
--- a/tools/tiffcp.c
|
||||
+++ b/tools/tiffcp.c
|
||||
@@ -592,8 +592,8 @@ static copyFunc pickCopyFunc(TIFF*, TIFF*, uint16, uint16);
|
||||
static int
|
||||
tiffcp(TIFF* in, TIFF* out)
|
||||
{
|
||||
- uint16 bitspersample, samplesperpixel;
|
||||
- uint16 input_compression, input_photometric;
|
||||
+ uint16 bitspersample, samplesperpixel = 1;
|
||||
+ uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK;
|
||||
copyFunc cf;
|
||||
uint32 width, length;
|
||||
struct cpTag* p;
|
||||
diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
|
||||
index 7685566..eb6de77 100644
|
||||
--- a/tools/tiffcrop.c
|
||||
+++ b/tools/tiffcrop.c
|
||||
@@ -3628,7 +3628,7 @@ static int readContigStripsIntoBuffer (TIFF* in, uint8* buf)
|
||||
{
|
||||
uint8* bufp = buf;
|
||||
int32 bytes_read = 0;
|
||||
- uint16 strip, nstrips = TIFFNumberOfStrips(in);
|
||||
+ uint32 strip, nstrips = TIFFNumberOfStrips(in);
|
||||
uint32 stripsize = TIFFStripSize(in);
|
||||
uint32 rows = 0;
|
||||
uint32 rps = TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rps);
|
||||
@@ -4711,9 +4711,12 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8 *obuf, uint32 length,
|
||||
uint32 width, uint16 spp,
|
||||
struct dump_opts *dump)
|
||||
{
|
||||
- int i, j, bytes_per_sample, bytes_per_pixel, shift_width, result = 1;
|
||||
+ int i, bytes_per_sample, bytes_per_pixel, shift_width, result = 1;
|
||||
+ uint32 j;
|
||||
int32 bytes_read = 0;
|
||||
- uint16 bps, nstrips, planar, strips_per_sample;
|
||||
+ uint16 bps, planar;
|
||||
+ uint32 nstrips;
|
||||
+ uint32 strips_per_sample;
|
||||
uint32 src_rowsize, dst_rowsize, rows_processed, rps;
|
||||
uint32 rows_this_strip = 0;
|
||||
tsample_t s;
|
||||
--
|
||||
2.9.3
|
||||
|
||||
60
meta/recipes-multimedia/libtiff/files/CVE-2016-9539.patch
Normal file
60
meta/recipes-multimedia/libtiff/files/CVE-2016-9539.patch
Normal file
@@ -0,0 +1,60 @@
|
||||
From ae9365db1b271b62b35ce018eac8799b1d5e8a53 Mon Sep 17 00:00:00 2001
|
||||
From: erouault <erouault>
|
||||
Date: Fri, 14 Oct 2016 19:13:20 +0000
|
||||
Subject: [PATCH ] * tools/tiffcrop.c: fix out-of-bound read of up to 3 bytes
|
||||
in readContigTilesIntoBuffer(). Reported as MSVR 35092 by Axel Souchet
|
||||
& Vishal Chauhan from the MSRC Vulnerabilities & Mitigations team.
|
||||
|
||||
CVE: CVE-2016-9539
|
||||
|
||||
Upstream-Status: Backport
|
||||
https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53
|
||||
|
||||
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
|
||||
|
||||
---
|
||||
ChangeLog | 6 ++++++
|
||||
tools/tiffcrop.c | 11 ++++++++++-
|
||||
2 files changed, 16 insertions(+), 1 deletion(-)
|
||||
|
||||
Index: tiff-4.0.6/ChangeLog
|
||||
===================================================================
|
||||
--- tiff-4.0.6.orig/ChangeLog 2016-11-28 14:56:32.109283913 +0800
|
||||
+++ tiff-4.0.6/ChangeLog 2016-11-28 16:36:01.805325534 +0800
|
||||
@@ -17,6 +17,12 @@
|
||||
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2500
|
||||
(CVE-2014-8127, duplicate: CVE-2016-3658)
|
||||
|
||||
+2016-10-14 Even Rouault <even.rouault at spatialys.com>
|
||||
+
|
||||
+ * tools/tiffcrop.c: fix out-of-bound read of up to 3 bytes in
|
||||
+ readContigTilesIntoBuffer(). Reported as MSVR 35092 by Axel Souchet
|
||||
+ & Vishal Chauhan from the MSRC Vulnerabilities & Mitigations team.
|
||||
+
|
||||
2016-10-08 Even Rouault <even.rouault at spatialys.com>
|
||||
|
||||
* tools/tiffcp.c: fix out-of-bounds write on tiled images with odd
|
||||
Index: tiff-4.0.6/tools/tiffcrop.c
|
||||
===================================================================
|
||||
--- tiff-4.0.6.orig/tools/tiffcrop.c 2016-11-28 14:56:31.433283908 +0800
|
||||
+++ tiff-4.0.6/tools/tiffcrop.c 2016-11-28 16:42:13.793328128 +0800
|
||||
@@ -819,9 +819,18 @@
|
||||
}
|
||||
}
|
||||
|
||||
- tilebuf = _TIFFmalloc(tile_buffsize);
|
||||
+ /* Add 3 padding bytes for extractContigSamplesShifted32bits */
|
||||
+ if( tile_buffsize > 0xFFFFFFFFU - 3 )
|
||||
+ {
|
||||
+ TIFFError("readContigTilesIntoBuffer", "Integer overflow when calculating buffer size.");
|
||||
+ exit(-1);
|
||||
+ }
|
||||
+ tilebuf = _TIFFmalloc(tile_buffsize + 3);
|
||||
if (tilebuf == 0)
|
||||
return 0;
|
||||
+ tilebuf[tile_buffsize] = 0;
|
||||
+ tilebuf[tile_buffsize+1] = 0;
|
||||
+ tilebuf[tile_buffsize+2] = 0;
|
||||
|
||||
dst_rowsize = ((imagewidth * bps * spp) + 7) / 8;
|
||||
for (row = 0; row < imagelength; row += tl)
|
||||
60
meta/recipes-multimedia/libtiff/files/CVE-2016-9540.patch
Normal file
60
meta/recipes-multimedia/libtiff/files/CVE-2016-9540.patch
Normal file
@@ -0,0 +1,60 @@
|
||||
From 5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3 Mon Sep 17 00:00:00 2001
|
||||
From: erouault <erouault>
|
||||
Date: Sat, 8 Oct 2016 15:54:56 +0000
|
||||
Subject: [PATCH] fix CVE-2016-9540
|
||||
* tools/tiffcp.c: fix out-of-bounds write on tiled images with odd
|
||||
tile width vs image width. Reported as MSVR 35103
|
||||
by Axel Souchet and Vishal Chauhan from the MSRC Vulnerabilities &
|
||||
Mitigations team.
|
||||
|
||||
CVE: CVE-2016-9540
|
||||
|
||||
Upstream-Status: Backport
|
||||
https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3
|
||||
|
||||
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
|
||||
---
|
||||
ChangeLog | 7 +++++++
|
||||
tools/tiffcp.c | 4 ++--
|
||||
2 files changed, 9 insertions(+), 2 deletions(-)
|
||||
|
||||
Index: tiff-4.0.4/ChangeLog
|
||||
===================================================================
|
||||
--- tiff-4.0.4.orig/ChangeLog 2016-11-24 14:40:43.046867737 +0800
|
||||
+++ tiff-4.0.4/ChangeLog 2016-11-28 14:38:01.681276171 +0800
|
||||
@@ -17,6 +17,13 @@
|
||||
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2500
|
||||
(CVE-2014-8127, duplicate: CVE-2016-3658)
|
||||
|
||||
+2016-10-08 Even Rouault <even.rouault at spatialys.com>
|
||||
+
|
||||
+ * tools/tiffcp.c: fix out-of-bounds write on tiled images with odd
|
||||
+ tile width vs image width. Reported as MSVR 35103
|
||||
+ by Axel Souchet and Vishal Chauhan from the MSRC Vulnerabilities &
|
||||
+ Mitigations team.
|
||||
+
|
||||
2016-09-24 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
|
||||
|
||||
* libtiff/tif_getimage.c (TIFFRGBAImageOK): Reject attempts to
|
||||
Index: tiff-4.0.4/tools/tiffcp.c
|
||||
===================================================================
|
||||
--- tiff-4.0.4.orig/tools/tiffcp.c 2015-06-21 09:09:10.000000000 +0800
|
||||
+++ tiff-4.0.4/tools/tiffcp.c 2016-11-28 14:41:02.221277430 +0800
|
||||
@@ -1338,7 +1338,7 @@
|
||||
uint32 colb = 0;
|
||||
uint32 col;
|
||||
|
||||
- for (col = 0; col < imagewidth; col += tw) {
|
||||
+ for (col = 0; col < imagewidth && colb < imagew; col += tw) {
|
||||
if (TIFFReadTile(in, tilebuf, col, row, 0, 0) < 0
|
||||
&& !ignore) {
|
||||
TIFFError(TIFFFileName(in),
|
||||
@@ -1523,7 +1523,7 @@
|
||||
uint32 colb = 0;
|
||||
uint32 col;
|
||||
|
||||
- for (col = 0; col < imagewidth; col += tw) {
|
||||
+ for (col = 0; col < imagewidth && colb < imagew; col += tw) {
|
||||
/*
|
||||
* Tile is clipped horizontally. Calculate
|
||||
* visible portion and skewing factors.
|
||||
@@ -10,6 +10,18 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
|
||||
file://CVE-2016-3186.patch \
|
||||
file://CVE-2016-5321.patch \
|
||||
file://CVE-2016-5323.patch \
|
||||
file://CVE-2016-3945.patch \
|
||||
file://CVE-2016-3990.patch \
|
||||
file://CVE-2016-3991.patch \
|
||||
file://CVE-2016-3623.patch \
|
||||
file://CVE-2016-3622.patch \
|
||||
file://CVE-2016-3658.patch \
|
||||
file://CVE-2016-3632.patch \
|
||||
file://CVE-2016-9540.patch \
|
||||
file://CVE-2016-9539.patch \
|
||||
file://CVE-2016-9535-1.patch \
|
||||
file://CVE-2016-9535-2.patch \
|
||||
file://CVE-2016-9538.patch \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "d1d2e940dea0b5ad435f21f03d96dd72"
|
||||
|
||||
@@ -0,0 +1,45 @@
|
||||
From 5760d346b42807b596f479c81f7a6b42eb36065e Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Kanavin <alex.kanavin@gmail.com>
|
||||
Date: Mon, 29 Aug 2016 16:38:11 +0300
|
||||
Subject: [PATCH] Fix racy parallel build of WebKit2-4.0.gir
|
||||
|
||||
Upstream-Status: Pending
|
||||
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
|
||||
---
|
||||
Source/WebKit2/PlatformGTK.cmake | 9 +++++----
|
||||
1 file changed, 5 insertions(+), 4 deletions(-)
|
||||
|
||||
Index: webkitgtk-2.10.7/Source/WebKit2/PlatformGTK.cmake
|
||||
===================================================================
|
||||
--- webkitgtk-2.10.7.orig/Source/WebKit2/PlatformGTK.cmake
|
||||
+++ webkitgtk-2.10.7/Source/WebKit2/PlatformGTK.cmake
|
||||
@@ -880,8 +880,9 @@ endif ()
|
||||
string(REGEX MATCHALL "-L[^ ]*"
|
||||
INTROSPECTION_ADDITIONAL_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS}")
|
||||
|
||||
-add_custom_command(
|
||||
- OUTPUT ${CMAKE_BINARY_DIR}/WebKit2-${WEBKITGTK_API_VERSION}.gir
|
||||
+# This is a target and not a command because it's used to build another .gir
|
||||
+# and a .typelib, which would trigger two racy parallel builds when using command
|
||||
+add_custom_target(WebKit2-${WEBKITGTK_API_VERSION}-gir
|
||||
DEPENDS WebKit2
|
||||
DEPENDS ${CMAKE_BINARY_DIR}/JavaScriptCore-${WEBKITGTK_API_VERSION}.gir
|
||||
COMMAND CC=${CMAKE_C_COMPILER} CFLAGS=-Wno-deprecated-declarations\ ${CMAKE_C_FLAGS} LDFLAGS=
|
||||
@@ -929,7 +930,7 @@ endif ()
|
||||
add_custom_command(
|
||||
OUTPUT ${CMAKE_BINARY_DIR}/WebKit2WebExtension-${WEBKITGTK_API_VERSION}.gir
|
||||
DEPENDS ${CMAKE_BINARY_DIR}/JavaScriptCore-${WEBKITGTK_API_VERSION}.gir
|
||||
- DEPENDS ${CMAKE_BINARY_DIR}/WebKit2-${WEBKITGTK_API_VERSION}.gir
|
||||
+ DEPENDS WebKit2-${WEBKITGTK_API_VERSION}-gir
|
||||
COMMAND CC=${CMAKE_C_COMPILER} CFLAGS=-Wno-deprecated-declarations\ ${CMAKE_C_FLAGS}
|
||||
LDFLAGS="${INTROSPECTION_ADDITIONAL_LDFLAGS}"
|
||||
LD_LIBRARY_PATH="${INTROSPECTION_ADDITIONAL_LIBRARY_PATH}"
|
||||
@@ -982,7 +983,7 @@ add_custom_command(
|
||||
|
||||
add_custom_command(
|
||||
OUTPUT ${CMAKE_BINARY_DIR}/WebKit2-${WEBKITGTK_API_VERSION}.typelib
|
||||
- DEPENDS ${CMAKE_BINARY_DIR}/WebKit2-${WEBKITGTK_API_VERSION}.gir
|
||||
+ DEPENDS WebKit2-${WEBKITGTK_API_VERSION}-gir
|
||||
COMMAND ${INTROSPECTION_COMPILER} --includedir=${CMAKE_BINARY_DIR} ${CMAKE_BINARY_DIR}/WebKit2-${WEBKITGTK_API_VERSION}.gir -o ${CMAKE_BINARY_DIR}/WebKit2-${WEBKITGTK_API_VERSION}.typelib
|
||||
)
|
||||
|
||||
@@ -18,6 +18,7 @@ SRC_URI = "\
|
||||
file://0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch \
|
||||
file://0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch \
|
||||
file://0001-OptionsGTK.cmake-drop-the-hardcoded-introspection-gt.patch \
|
||||
file://0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch \
|
||||
"
|
||||
SRC_URI[md5sum] = "84832b9d8329413b4f1d87df5f7e8efe"
|
||||
SRC_URI[sha256sum] = "990d62c82ed6dede31a6ff0a82d847f16b812842ff3e1093d17113627652864e"
|
||||
|
||||
77
meta/recipes-support/curl/curl/CVE-2016-8615.patch
Normal file
77
meta/recipes-support/curl/curl/CVE-2016-8615.patch
Normal file
@@ -0,0 +1,77 @@
|
||||
From 1620f552a277ed5b23a48b9c27dbf07663cac068 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Tue, 27 Sep 2016 17:36:19 +0200
|
||||
Subject: [PATCH] cookie: replace use of fgets() with custom version
|
||||
|
||||
... that will ignore lines that are too long to fit in the buffer.
|
||||
|
||||
CVE: CVE-2016-8615
|
||||
Upstream-Status: Backport
|
||||
|
||||
Bug: https://curl.haxx.se/docs/adv_20161102A.html
|
||||
Reported-by: Cure53
|
||||
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
||||
---
|
||||
lib/cookie.c | 31 ++++++++++++++++++++++++++++++-
|
||||
1 file changed, 30 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/cookie.c b/lib/cookie.c
|
||||
index 0f05da2..e5097d3 100644
|
||||
--- a/lib/cookie.c
|
||||
+++ b/lib/cookie.c
|
||||
@@ -901,10 +901,39 @@ Curl_cookie_add(struct Curl_easy *data,
|
||||
}
|
||||
|
||||
return co;
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * get_line() makes sure to only return complete whole lines that fit in 'len'
|
||||
+ * bytes and end with a newline.
|
||||
+ */
|
||||
+static char *get_line(char *buf, int len, FILE *input)
|
||||
+{
|
||||
+ bool partial = FALSE;
|
||||
+ while(1) {
|
||||
+ char *b = fgets(buf, len, input);
|
||||
+ if(b) {
|
||||
+ size_t rlen = strlen(b);
|
||||
+ if(rlen && (b[rlen-1] == '\n')) {
|
||||
+ if(partial) {
|
||||
+ partial = FALSE;
|
||||
+ continue;
|
||||
+ }
|
||||
+ return b;
|
||||
+ }
|
||||
+ else
|
||||
+ /* read a partial, discard the next piece that ends with newline */
|
||||
+ partial = TRUE;
|
||||
+ }
|
||||
+ else
|
||||
+ break;
|
||||
+ }
|
||||
+ return NULL;
|
||||
+}
|
||||
+
|
||||
+
|
||||
/*****************************************************************************
|
||||
*
|
||||
* Curl_cookie_init()
|
||||
*
|
||||
* Inits a cookie struct to read data from a local file. This is always
|
||||
@@ -957,11 +986,11 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
|
||||
bool headerline;
|
||||
|
||||
line = malloc(MAX_COOKIE_LINE);
|
||||
if(!line)
|
||||
goto fail;
|
||||
- while(fgets(line, MAX_COOKIE_LINE, fp)) {
|
||||
+ while(get_line(line, MAX_COOKIE_LINE, fp)) {
|
||||
if(checkprefix("Set-Cookie:", line)) {
|
||||
/* This is a cookie line, get it! */
|
||||
lineptr=&line[11];
|
||||
headerline=TRUE;
|
||||
}
|
||||
--
|
||||
2.9.3
|
||||
|
||||
49
meta/recipes-support/curl/curl/CVE-2016-8616.patch
Normal file
49
meta/recipes-support/curl/curl/CVE-2016-8616.patch
Normal file
@@ -0,0 +1,49 @@
|
||||
From b3ee26c5df75d97f6895e6ec4538894ebaf76e48 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Tue, 27 Sep 2016 18:01:53 +0200
|
||||
Subject: [PATCH] connectionexists: use case sensitive user/password
|
||||
comparisons
|
||||
|
||||
CVE: CVE-2016-8616
|
||||
Upstream-Status: Backport
|
||||
|
||||
Bug: https://curl.haxx.se/docs/adv_20161102B.html
|
||||
Reported-by: Cure53
|
||||
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
||||
|
||||
diff -ruN a/lib/url.c b/lib/url.c
|
||||
--- a/lib/url.c 2016-11-07 08:50:23.030126833 +0100
|
||||
+++ b/lib/url.c 2016-11-07 09:16:20.459836564 +0100
|
||||
@@ -3305,8 +3305,8 @@
|
||||
if(!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) {
|
||||
/* This protocol requires credentials per connection,
|
||||
so verify that we're using the same name and password as well */
|
||||
- if(!strequal(needle->user, check->user) ||
|
||||
- !strequal(needle->passwd, check->passwd)) {
|
||||
+ if(strcmp(needle->user, check->user) ||
|
||||
+ strcmp(needle->passwd, check->passwd)) {
|
||||
/* one of them was different */
|
||||
continue;
|
||||
}
|
||||
@@ -3369,8 +3369,8 @@
|
||||
possible. (Especially we must not reuse the same connection if
|
||||
partway through a handshake!) */
|
||||
if(wantNTLMhttp) {
|
||||
- if(!strequal(needle->user, check->user) ||
|
||||
- !strequal(needle->passwd, check->passwd))
|
||||
+ if(strcmp(needle->user, check->user) ||
|
||||
+ strcmp(needle->passwd, check->passwd))
|
||||
continue;
|
||||
}
|
||||
else if(check->ntlm.state != NTLMSTATE_NONE) {
|
||||
@@ -3380,8 +3380,8 @@
|
||||
|
||||
/* Same for Proxy NTLM authentication */
|
||||
if(wantProxyNTLMhttp) {
|
||||
- if(!strequal(needle->proxyuser, check->proxyuser) ||
|
||||
- !strequal(needle->proxypasswd, check->proxypasswd))
|
||||
+ if(strcmp(needle->proxyuser, check->proxyuser) ||
|
||||
+ strcmp(needle->proxypasswd, check->proxypasswd))
|
||||
continue;
|
||||
}
|
||||
else if(check->proxyntlm.state != NTLMSTATE_NONE) {
|
||||
28
meta/recipes-support/curl/curl/CVE-2016-8617.patch
Normal file
28
meta/recipes-support/curl/curl/CVE-2016-8617.patch
Normal file
@@ -0,0 +1,28 @@
|
||||
From efd24d57426bd77c9b5860e6b297904703750412 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Wed, 28 Sep 2016 00:05:12 +0200
|
||||
Subject: [PATCH] base64: check for integer overflow on large input
|
||||
|
||||
CVE: CVE-2016-8617
|
||||
Upstream-Status: Backport
|
||||
|
||||
Bug: https://curl.haxx.se/docs/adv_20161102C.html
|
||||
Reported-by: Cure53
|
||||
|
||||
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
||||
---
|
||||
diff -ruN a/lib/base64.c b/lib/base64.c
|
||||
--- a/lib/base64.c 2016-02-03 00:02:43.000000000 +0100
|
||||
+++ b/lib/base64.c 2016-11-07 09:22:07.918167530 +0100
|
||||
@@ -190,6 +190,11 @@
|
||||
if(0 == insize)
|
||||
insize = strlen(indata);
|
||||
|
||||
+#if SIZEOF_SIZE_T == 4
|
||||
+ if(insize > UINT_MAX/4)
|
||||
+ return CURLE_OUT_OF_MEMORY;
|
||||
+#endif
|
||||
+
|
||||
base64data = output = malloc(insize*4/3+4);
|
||||
if(NULL == output)
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
52
meta/recipes-support/curl/curl/CVE-2016-8618.patch
Normal file
52
meta/recipes-support/curl/curl/CVE-2016-8618.patch
Normal file
@@ -0,0 +1,52 @@
|
||||
From 31106a073882656a2a5ab56c4ce2847e9a334c3c Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Wed, 28 Sep 2016 10:15:34 +0200
|
||||
Subject: [PATCH] aprintf: detect wrap-around when growing allocation
|
||||
|
||||
On 32bit systems we could otherwise wrap around after 2GB and allocate 0
|
||||
bytes and crash.
|
||||
|
||||
CVE: CVE-2016-8618
|
||||
Upstream-Status: Backport
|
||||
|
||||
Bug: https://curl.haxx.se/docs/adv_20161102D.html
|
||||
Reported-by: Cure53
|
||||
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
||||
---
|
||||
lib/mprintf.c | 9 ++++++---
|
||||
1 file changed, 6 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/lib/mprintf.c b/lib/mprintf.c
|
||||
index dbedeaa..2c88aa8 100644
|
||||
--- a/lib/mprintf.c
|
||||
+++ b/lib/mprintf.c
|
||||
@@ -1034,20 +1034,23 @@ static int alloc_addbyter(int output, FILE *data)
|
||||
}
|
||||
infop->alloc = 32;
|
||||
infop->len =0;
|
||||
}
|
||||
else if(infop->len+1 >= infop->alloc) {
|
||||
- char *newptr;
|
||||
+ char *newptr = NULL;
|
||||
+ size_t newsize = infop->alloc*2;
|
||||
|
||||
- newptr = realloc(infop->buffer, infop->alloc*2);
|
||||
+ /* detect wrap-around or other overflow problems */
|
||||
+ if(newsize > infop->alloc)
|
||||
+ newptr = realloc(infop->buffer, newsize);
|
||||
|
||||
if(!newptr) {
|
||||
infop->fail = 1;
|
||||
return -1; /* fail */
|
||||
}
|
||||
infop->buffer = newptr;
|
||||
- infop->alloc *= 2;
|
||||
+ infop->alloc = newsize;
|
||||
}
|
||||
|
||||
infop->buffer[ infop->len ] = outc;
|
||||
|
||||
infop->len++;
|
||||
--
|
||||
2.9.3
|
||||
|
||||
52
meta/recipes-support/curl/curl/CVE-2016-8619.patch
Normal file
52
meta/recipes-support/curl/curl/CVE-2016-8619.patch
Normal file
@@ -0,0 +1,52 @@
|
||||
From 91239f7040b1f026d4d15765e7e3f58e92e93761 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Wed, 28 Sep 2016 12:56:02 +0200
|
||||
Subject: [PATCH] krb5: avoid realloc(0)
|
||||
|
||||
If the requested size is zero, bail out with error instead of doing a
|
||||
realloc() that would cause a double-free: realloc(0) acts as a free()
|
||||
and then there's a second free in the cleanup path.
|
||||
|
||||
CVE: CVE-2016-8619
|
||||
Upstream-Status: Backport
|
||||
|
||||
Bug: https://curl.haxx.se/docs/adv_20161102E.html
|
||||
Reported-by: Cure53
|
||||
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
||||
---
|
||||
lib/security.c | 9 ++++++---
|
||||
1 file changed, 6 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/lib/security.c b/lib/security.c
|
||||
index a268d4a..4cef8f8 100644
|
||||
--- a/lib/security.c
|
||||
+++ b/lib/security.c
|
||||
@@ -190,19 +190,22 @@ socket_write(struct connectdata *conn, curl_socket_t fd, const void *to,
|
||||
static CURLcode read_data(struct connectdata *conn,
|
||||
curl_socket_t fd,
|
||||
struct krb5buffer *buf)
|
||||
{
|
||||
int len;
|
||||
- void* tmp;
|
||||
+ void *tmp = NULL;
|
||||
CURLcode result;
|
||||
|
||||
result = socket_read(fd, &len, sizeof(len));
|
||||
if(result)
|
||||
return result;
|
||||
|
||||
- len = ntohl(len);
|
||||
- tmp = realloc(buf->data, len);
|
||||
+ if(len) {
|
||||
+ /* only realloc if there was a length */
|
||||
+ len = ntohl(len);
|
||||
+ tmp = realloc(buf->data, len);
|
||||
+ }
|
||||
if(tmp == NULL)
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
|
||||
buf->data = tmp;
|
||||
result = socket_read(fd, buf->data, len);
|
||||
--
|
||||
2.9.3
|
||||
|
||||
44
meta/recipes-support/curl/curl/CVE-2016-8620.patch
Normal file
44
meta/recipes-support/curl/curl/CVE-2016-8620.patch
Normal file
@@ -0,0 +1,44 @@
|
||||
From fbb5f1aa0326d485d5a7ac643b48481897ca667f Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Mon, 3 Oct 2016 17:27:16 +0200
|
||||
Subject: [PATCH] range: prevent negative end number in a glob range
|
||||
|
||||
CVE: CVE-2016-8620
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
Bug: https://curl.haxx.se/docs/adv_20161102F.html
|
||||
Reported-by: Luật Nguyễn
|
||||
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
||||
---
|
||||
src/tool_urlglob.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
|
||||
index a357b8b..64c75ba 100644
|
||||
--- a/src/tool_urlglob.c
|
||||
+++ b/src/tool_urlglob.c
|
||||
@@ -257,6 +257,12 @@ static CURLcode glob_range(URLGlob *glob, char **patternp,
|
||||
endp = NULL;
|
||||
else {
|
||||
pattern = endp+1;
|
||||
+ while(*pattern && ISBLANK(*pattern))
|
||||
+ pattern++;
|
||||
+ if(!ISDIGIT(*pattern)) {
|
||||
+ endp = NULL;
|
||||
+ goto fail;
|
||||
+ }
|
||||
errno = 0;
|
||||
max_n = strtoul(pattern, &endp, 10);
|
||||
if(errno || (*endp == ':')) {
|
||||
@@ -277,6 +283,7 @@ static CURLcode glob_range(URLGlob *glob, char **patternp,
|
||||
}
|
||||
}
|
||||
|
||||
+ fail:
|
||||
*posp += (pattern - *patternp);
|
||||
|
||||
if(!endp || (min_n > max_n) || (step_n > (max_n - min_n)) || !step_n)
|
||||
--
|
||||
1.9.1
|
||||
|
||||
120
meta/recipes-support/curl/curl/CVE-2016-8621.patch
Normal file
120
meta/recipes-support/curl/curl/CVE-2016-8621.patch
Normal file
@@ -0,0 +1,120 @@
|
||||
From 8a6d9ded5f02f0294ae63a007e26087316c1998e Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Tue, 4 Oct 2016 16:59:38 +0200
|
||||
Subject: [PATCH] parsedate: handle cut off numbers better
|
||||
|
||||
... and don't read outside of the given buffer!
|
||||
|
||||
CVE: CVE-2016-8621
|
||||
Upstream-Status: Backport
|
||||
|
||||
bug: https://curl.haxx.se/docs/adv_20161102G.html
|
||||
Reported-by: Luật Nguyễn
|
||||
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
||||
---
|
||||
lib/parsedate.c | 12 +++++++-----
|
||||
tests/data/test517 | 6 ++++++
|
||||
tests/libtest/lib517.c | 8 +++++++-
|
||||
3 files changed, 20 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/lib/parsedate.c b/lib/parsedate.c
|
||||
index dfcf855..8e932f4 100644
|
||||
--- a/lib/parsedate.c
|
||||
+++ b/lib/parsedate.c
|
||||
@@ -3,11 +3,11 @@
|
||||
* Project ___| | | | _ \| |
|
||||
* / __| | | | |_) | |
|
||||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
* are also available at https://curl.haxx.se/docs/copyright.html.
|
||||
*
|
||||
@@ -384,19 +384,21 @@ static int parsedate(const char *date, time_t *output)
|
||||
}
|
||||
else if(ISDIGIT(*date)) {
|
||||
/* a digit */
|
||||
int val;
|
||||
char *end;
|
||||
+ int len=0;
|
||||
if((secnum == -1) &&
|
||||
- (3 == sscanf(date, "%02d:%02d:%02d", &hournum, &minnum, &secnum))) {
|
||||
+ (3 == sscanf(date, "%02d:%02d:%02d%n",
|
||||
+ &hournum, &minnum, &secnum, &len))) {
|
||||
/* time stamp! */
|
||||
- date += 8;
|
||||
+ date += len;
|
||||
}
|
||||
else if((secnum == -1) &&
|
||||
- (2 == sscanf(date, "%02d:%02d", &hournum, &minnum))) {
|
||||
+ (2 == sscanf(date, "%02d:%02d%n", &hournum, &minnum, &len))) {
|
||||
/* time stamp without seconds */
|
||||
- date += 5;
|
||||
+ date += len;
|
||||
secnum = 0;
|
||||
}
|
||||
else {
|
||||
long lval;
|
||||
int error;
|
||||
diff --git a/tests/data/test517 b/tests/data/test517
|
||||
index c81a45e..513634f 100644
|
||||
--- a/tests/data/test517
|
||||
+++ b/tests/data/test517
|
||||
@@ -114,10 +114,16 @@ nothing
|
||||
79: 20110632 12:34:56 => -1
|
||||
80: 20110623 56:34:56 => -1
|
||||
81: 20111323 12:34:56 => -1
|
||||
82: 20110623 12:34:79 => -1
|
||||
83: Wed, 31 Dec 2008 23:59:60 GMT => 1230768000
|
||||
+84: 20110623 12:3 => 1308830580
|
||||
+85: 20110623 1:3 => 1308790980
|
||||
+86: 20110623 1:30 => 1308792600
|
||||
+87: 20110623 12:12:3 => 1308831123
|
||||
+88: 20110623 01:12:3 => 1308791523
|
||||
+89: 20110623 01:99:30 => -1
|
||||
</stdout>
|
||||
|
||||
# This test case previously tested an overflow case ("2094 Nov 6 =>
|
||||
# 2147483647") for 32bit time_t, but since some systems have 64bit time_t and
|
||||
# handles this (returning 3939840000), and some 64bit-time_t systems don't
|
||||
diff --git a/tests/libtest/lib517.c b/tests/libtest/lib517.c
|
||||
index 2f68ebd..22162ff 100644
|
||||
--- a/tests/libtest/lib517.c
|
||||
+++ b/tests/libtest/lib517.c
|
||||
@@ -3,11 +3,11 @@
|
||||
* Project ___| | | | _ \| |
|
||||
* / __| | | | |_) | |
|
||||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
* are also available at https://curl.haxx.se/docs/copyright.html.
|
||||
*
|
||||
@@ -114,10 +114,16 @@ static const char * const dates[]={
|
||||
"20110632 12:34:56",
|
||||
"20110623 56:34:56",
|
||||
"20111323 12:34:56",
|
||||
"20110623 12:34:79",
|
||||
"Wed, 31 Dec 2008 23:59:60 GMT", /* leap second */
|
||||
+ "20110623 12:3",
|
||||
+ "20110623 1:3",
|
||||
+ "20110623 1:30",
|
||||
+ "20110623 12:12:3",
|
||||
+ "20110623 01:12:3",
|
||||
+ "20110623 01:99:30",
|
||||
NULL
|
||||
};
|
||||
|
||||
int test(char *URL)
|
||||
{
|
||||
--
|
||||
2.9.3
|
||||
|
||||
94
meta/recipes-support/curl/curl/CVE-2016-8622.patch
Normal file
94
meta/recipes-support/curl/curl/CVE-2016-8622.patch
Normal file
@@ -0,0 +1,94 @@
|
||||
From 53e71e47d6b81650d26ec33a58d0dca24c7ffb2c Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Tue, 4 Oct 2016 18:56:45 +0200
|
||||
Subject: [PATCH] unescape: avoid integer overflow
|
||||
|
||||
CVE: CVE-2016-8622
|
||||
Upstream-Status: Backport
|
||||
|
||||
Bug: https://curl.haxx.se/docs/adv_20161102H.html
|
||||
Reported-by: Cure53
|
||||
|
||||
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
||||
|
||||
diff -ruN a/docs/libcurl/curl_easy_unescape.3 b/docs/libcurl/curl_easy_unescape.3
|
||||
--- a/docs/libcurl/curl_easy_unescape.3 2016-02-03 00:08:02.000000000 +0100
|
||||
+++ b/docs/libcurl/curl_easy_unescape.3 2016-11-07 09:25:45.999933275 +0100
|
||||
@@ -5,7 +5,7 @@
|
||||
.\" * | (__| |_| | _ <| |___
|
||||
.\" * \___|\___/|_| \_\_____|
|
||||
.\" *
|
||||
-.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
+.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
.\" *
|
||||
.\" * This software is licensed as described in the file COPYING, which
|
||||
.\" * you should have received as part of this distribution. The terms
|
||||
@@ -40,7 +40,10 @@
|
||||
|
||||
If \fBoutlength\fP is non-NULL, the function will write the length of the
|
||||
returned string in the integer it points to. This allows an escaped string
|
||||
-containing %00 to still get used properly after unescaping.
|
||||
+containing %00 to still get used properly after unescaping. Since this is a
|
||||
+pointer to an \fIint\fP type, it can only return a value up to INT_MAX so no
|
||||
+longer string can be unescaped if the string length is returned in this
|
||||
+parameter.
|
||||
|
||||
You must \fIcurl_free(3)\fP the returned string when you're done with it.
|
||||
.SH AVAILABILITY
|
||||
diff -ruN a/lib/dict.c b/lib/dict.c
|
||||
--- a/lib/dict.c 2016-02-03 00:02:44.000000000 +0100
|
||||
+++ b/lib/dict.c 2016-11-07 09:25:45.999933275 +0100
|
||||
@@ -5,7 +5,7 @@
|
||||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
@@ -52,7 +52,7 @@
|
||||
#include <curl/curl.h>
|
||||
#include "transfer.h"
|
||||
#include "sendf.h"
|
||||
-
|
||||
+#include "escape.h"
|
||||
#include "progress.h"
|
||||
#include "strequal.h"
|
||||
#include "dict.h"
|
||||
@@ -96,12 +96,12 @@
|
||||
char *newp;
|
||||
char *dictp;
|
||||
char *ptr;
|
||||
- int len;
|
||||
+ size_t len;
|
||||
char ch;
|
||||
int olen=0;
|
||||
|
||||
- newp = curl_easy_unescape(data, inputbuff, 0, &len);
|
||||
- if(!newp)
|
||||
+ CURLcode result = Curl_urldecode(data, inputbuff, 0, &newp, &len, FALSE);
|
||||
+ if(!newp || result)
|
||||
return NULL;
|
||||
|
||||
dictp = malloc(((size_t)len)*2 + 1); /* add one for terminating zero */
|
||||
diff -ruN a/lib/escape.c b/lib/escape.c
|
||||
--- a/lib/escape.c 2016-02-05 10:02:03.000000000 +0100
|
||||
+++ b/lib/escape.c 2016-11-07 09:29:43.073671606 +0100
|
||||
@@ -217,8 +217,14 @@
|
||||
FALSE);
|
||||
if(res)
|
||||
return NULL;
|
||||
- if(olen)
|
||||
- *olen = curlx_uztosi(outputlen);
|
||||
+
|
||||
+ if(olen) {
|
||||
+ if(outputlen <= (size_t) INT_MAX)
|
||||
+ *olen = curlx_uztosi(outputlen);
|
||||
+ else
|
||||
+ /* too large to return in an int, fail! */
|
||||
+ Curl_safefree(str);
|
||||
+ }
|
||||
return str;
|
||||
}
|
||||
|
||||
209
meta/recipes-support/curl/curl/CVE-2016-8623.patch
Normal file
209
meta/recipes-support/curl/curl/CVE-2016-8623.patch
Normal file
@@ -0,0 +1,209 @@
|
||||
From d9d57fe0da6f25d05570fd583520ecd321ed9c3f Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Tue, 4 Oct 2016 23:26:13 +0200
|
||||
Subject: [PATCH] cookies: getlist() now holds deep copies of all cookies
|
||||
|
||||
Previously it only held references to them, which was reckless as the
|
||||
thread lock was released so the cookies could get modified by other
|
||||
handles that share the same cookie jar over the share interface.
|
||||
|
||||
CVE: CVE-2016-8623
|
||||
Upstream-Status: Backport
|
||||
|
||||
Bug: https://curl.haxx.se/docs/adv_20161102I.html
|
||||
Reported-by: Cure53
|
||||
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
||||
---
|
||||
lib/cookie.c | 61 +++++++++++++++++++++++++++++++++++++++---------------------
|
||||
lib/cookie.h | 4 ++--
|
||||
lib/http.c | 2 +-
|
||||
3 files changed, 43 insertions(+), 24 deletions(-)
|
||||
|
||||
diff --git a/lib/cookie.c b/lib/cookie.c
|
||||
index 0f05da2..8607ce3 100644
|
||||
--- a/lib/cookie.c
|
||||
+++ b/lib/cookie.c
|
||||
@@ -1022,10 +1022,44 @@ static int cookie_sort(const void *p1, const void *p2)
|
||||
|
||||
/* sorry, can't be more deterministic */
|
||||
return 0;
|
||||
}
|
||||
|
||||
+#define CLONE(field) \
|
||||
+ do { \
|
||||
+ if(src->field) { \
|
||||
+ dup->field = strdup(src->field); \
|
||||
+ if(!dup->field) \
|
||||
+ goto fail; \
|
||||
+ } \
|
||||
+ } while(0)
|
||||
+
|
||||
+static struct Cookie *dup_cookie(struct Cookie *src)
|
||||
+{
|
||||
+ struct Cookie *dup = calloc(sizeof(struct Cookie), 1);
|
||||
+ if(dup) {
|
||||
+ CLONE(expirestr);
|
||||
+ CLONE(domain);
|
||||
+ CLONE(path);
|
||||
+ CLONE(spath);
|
||||
+ CLONE(name);
|
||||
+ CLONE(value);
|
||||
+ CLONE(maxage);
|
||||
+ CLONE(version);
|
||||
+ dup->expires = src->expires;
|
||||
+ dup->tailmatch = src->tailmatch;
|
||||
+ dup->secure = src->secure;
|
||||
+ dup->livecookie = src->livecookie;
|
||||
+ dup->httponly = src->httponly;
|
||||
+ }
|
||||
+ return dup;
|
||||
+
|
||||
+ fail:
|
||||
+ freecookie(dup);
|
||||
+ return NULL;
|
||||
+}
|
||||
+
|
||||
/*****************************************************************************
|
||||
*
|
||||
* Curl_cookie_getlist()
|
||||
*
|
||||
* For a given host and path, return a linked list of cookies that the
|
||||
@@ -1077,15 +1111,12 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
|
||||
if(!co->spath || pathmatch(co->spath, path) ) {
|
||||
|
||||
/* and now, we know this is a match and we should create an
|
||||
entry for the return-linked-list */
|
||||
|
||||
- newco = malloc(sizeof(struct Cookie));
|
||||
+ newco = dup_cookie(co);
|
||||
if(newco) {
|
||||
- /* first, copy the whole source cookie: */
|
||||
- memcpy(newco, co, sizeof(struct Cookie));
|
||||
-
|
||||
/* then modify our next */
|
||||
newco->next = mainco;
|
||||
|
||||
/* point the main to us */
|
||||
mainco = newco;
|
||||
@@ -1093,16 +1124,11 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
|
||||
matches++;
|
||||
}
|
||||
else {
|
||||
fail:
|
||||
/* failure, clear up the allocated chain and return NULL */
|
||||
- while(mainco) {
|
||||
- co = mainco->next;
|
||||
- free(mainco);
|
||||
- mainco = co;
|
||||
- }
|
||||
-
|
||||
+ Curl_cookie_freelist(mainco);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1150,11 +1176,11 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
|
||||
*
|
||||
****************************************************************************/
|
||||
void Curl_cookie_clearall(struct CookieInfo *cookies)
|
||||
{
|
||||
if(cookies) {
|
||||
- Curl_cookie_freelist(cookies->cookies, TRUE);
|
||||
+ Curl_cookie_freelist(cookies->cookies);
|
||||
cookies->cookies = NULL;
|
||||
cookies->numcookies = 0;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1162,25 +1188,18 @@ void Curl_cookie_clearall(struct CookieInfo *cookies)
|
||||
*
|
||||
* Curl_cookie_freelist()
|
||||
*
|
||||
* Free a list of cookies previously returned by Curl_cookie_getlist();
|
||||
*
|
||||
- * The 'cookiestoo' argument tells this function whether to just free the
|
||||
- * list or actually also free all cookies within the list as well.
|
||||
- *
|
||||
****************************************************************************/
|
||||
|
||||
-void Curl_cookie_freelist(struct Cookie *co, bool cookiestoo)
|
||||
+void Curl_cookie_freelist(struct Cookie *co)
|
||||
{
|
||||
struct Cookie *next;
|
||||
while(co) {
|
||||
next = co->next;
|
||||
- if(cookiestoo)
|
||||
- freecookie(co);
|
||||
- else
|
||||
- free(co); /* we only free the struct since the "members" are all just
|
||||
- pointed out in the main cookie list! */
|
||||
+ freecookie(co);
|
||||
co = next;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1231,11 +1250,11 @@ void Curl_cookie_clearsess(struct CookieInfo *cookies)
|
||||
****************************************************************************/
|
||||
void Curl_cookie_cleanup(struct CookieInfo *c)
|
||||
{
|
||||
if(c) {
|
||||
free(c->filename);
|
||||
- Curl_cookie_freelist(c->cookies, TRUE);
|
||||
+ Curl_cookie_freelist(c->cookies);
|
||||
free(c); /* free the base struct as well */
|
||||
}
|
||||
}
|
||||
|
||||
/* get_netscape_format()
|
||||
diff --git a/lib/cookie.h b/lib/cookie.h
|
||||
index cd7c54a..a9a4578 100644
|
||||
--- a/lib/cookie.h
|
||||
+++ b/lib/cookie.h
|
||||
@@ -5,11 +5,11 @@
|
||||
* Project ___| | | | _ \| |
|
||||
* / __| | | | |_) | |
|
||||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
* are also available at https://curl.haxx.se/docs/copyright.html.
|
||||
*
|
||||
@@ -80,11 +80,11 @@ struct Cookie *Curl_cookie_add(struct Curl_easy *data,
|
||||
struct CookieInfo *, bool header, char *lineptr,
|
||||
const char *domain, const char *path);
|
||||
|
||||
struct Cookie *Curl_cookie_getlist(struct CookieInfo *, const char *,
|
||||
const char *, bool);
|
||||
-void Curl_cookie_freelist(struct Cookie *cookies, bool cookiestoo);
|
||||
+void Curl_cookie_freelist(struct Cookie *cookies);
|
||||
void Curl_cookie_clearall(struct CookieInfo *cookies);
|
||||
void Curl_cookie_clearsess(struct CookieInfo *cookies);
|
||||
|
||||
#if defined(CURL_DISABLE_HTTP) || defined(CURL_DISABLE_COOKIES)
|
||||
#define Curl_cookie_list(x) NULL
|
||||
diff --git a/lib/http.c b/lib/http.c
|
||||
index 65c145a..e6e7d37 100644
|
||||
--- a/lib/http.c
|
||||
+++ b/lib/http.c
|
||||
@@ -2382,11 +2382,11 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
|
||||
break;
|
||||
count++;
|
||||
}
|
||||
co = co->next; /* next cookie please */
|
||||
}
|
||||
- Curl_cookie_freelist(store, FALSE); /* free the cookie list */
|
||||
+ Curl_cookie_freelist(store);
|
||||
}
|
||||
if(addcookies && !result) {
|
||||
if(!count)
|
||||
result = Curl_add_bufferf(req_buffer, "Cookie: ");
|
||||
if(!result) {
|
||||
--
|
||||
2.9.3
|
||||
|
||||
51
meta/recipes-support/curl/curl/CVE-2016-8624.patch
Normal file
51
meta/recipes-support/curl/curl/CVE-2016-8624.patch
Normal file
@@ -0,0 +1,51 @@
|
||||
From 3bb273db7e40ebc284cff45f3ce3f0475c8339c2 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Tue, 11 Oct 2016 00:48:35 +0200
|
||||
Subject: [PATCH] urlparse: accept '#' as end of host name
|
||||
|
||||
'http://example.com#@127.0.0.1/x.txt' equals a request to example.com
|
||||
for the '/' document with the rest of the URL being a fragment.
|
||||
|
||||
CVE: CVE-2016-8624
|
||||
Upstream-Status: Backport
|
||||
|
||||
Bug: https://curl.haxx.se/docs/adv_20161102J.html
|
||||
Reported-by: Fernando Muñoz
|
||||
|
||||
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
||||
|
||||
diff -ruN a/lib/url.c b/lib/url.c
|
||||
--- a/lib/url.c 2016-11-07 08:50:23.030126833 +0100
|
||||
+++ b/lib/url.c 2016-11-07 10:16:13.562089428 +0100
|
||||
@@ -4086,7 +4086,7 @@
|
||||
path[0]=0;
|
||||
|
||||
if(2 > sscanf(data->change.url,
|
||||
- "%15[^\n:]://%[^\n/?]%[^\n]",
|
||||
+ "%15[^\n:]://%[^\n/?#]%[^\n]",
|
||||
protobuf,
|
||||
conn->host.name, path)) {
|
||||
|
||||
@@ -4094,7 +4094,7 @@
|
||||
* The URL was badly formatted, let's try the browser-style _without_
|
||||
* protocol specified like 'http://'.
|
||||
*/
|
||||
- rc = sscanf(data->change.url, "%[^\n/?]%[^\n]", conn->host.name, path);
|
||||
+ rc = sscanf(data->change.url, "%[^\n/?#]%[^\n]", conn->host.name, path);
|
||||
if(1 > rc) {
|
||||
/*
|
||||
* We couldn't even get this format.
|
||||
@@ -4184,10 +4184,10 @@
|
||||
}
|
||||
|
||||
/* If the URL is malformatted (missing a '/' after hostname before path) we
|
||||
- * insert a slash here. The only letter except '/' we accept to start a path
|
||||
- * is '?'.
|
||||
+ * insert a slash here. The only letters except '/' that can start a path is
|
||||
+ * '?' and '#' - as controlled by the two sscanf() patterns above.
|
||||
*/
|
||||
- if(path[0] == '?') {
|
||||
+ if(path[0] != '/') {
|
||||
/* We need this function to deal with overlapping memory areas. We know
|
||||
that the memory area 'path' points to is 'urllen' bytes big and that
|
||||
is bigger than the path. Use +1 to move the zero byte too. */
|
||||
615
meta/recipes-support/curl/curl/CVE-2016-8625.patch
Executable file
615
meta/recipes-support/curl/curl/CVE-2016-8625.patch
Executable file
@@ -0,0 +1,615 @@
|
||||
commit 914aae739463ec72340130ea9ad42e04b02a5338
|
||||
Author: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Wed Oct 12 09:01:06 2016 +0200
|
||||
|
||||
idn: switch to libidn2 use and IDNA2008 support
|
||||
|
||||
CVE: CVE-2016-8625
|
||||
Upstream-Status: Backport
|
||||
|
||||
Bug: https://curl.haxx.se/docs/adv_20161102K.html
|
||||
Reported-by: Christian Heimes
|
||||
|
||||
Conflicts:
|
||||
CMakeLists.txt
|
||||
lib/url.c
|
||||
|
||||
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
||||
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
||||
diff --git a/CMakeLists.txt b/CMakeLists.txt
|
||||
index 06f18cf..c3e5c7c 100644
|
||||
--- a/CMakeLists.txt
|
||||
+++ b/CMakeLists.txt
|
||||
@@ -440,7 +440,7 @@ if(NOT CURL_DISABLE_LDAPS)
|
||||
endif()
|
||||
|
||||
# Check for idn
|
||||
-check_library_exists_concat("idn" idna_to_ascii_lz HAVE_LIBIDN)
|
||||
+check_library_exists_concat("idn2" idn2_lookup_ul HAVE_LIBIDN2)
|
||||
|
||||
# Check for symbol dlopen (same as HAVE_LIBDL)
|
||||
check_library_exists("${CURL_LIBS}" dlopen "" HAVE_DLOPEN)
|
||||
@@ -608,7 +608,7 @@ check_include_file_concat("des.h" HAVE_DES_H)
|
||||
check_include_file_concat("err.h" HAVE_ERR_H)
|
||||
check_include_file_concat("errno.h" HAVE_ERRNO_H)
|
||||
check_include_file_concat("fcntl.h" HAVE_FCNTL_H)
|
||||
-check_include_file_concat("idn-free.h" HAVE_IDN_FREE_H)
|
||||
+check_include_file_concat("idn2.h" HAVE_IDN2_H)
|
||||
check_include_file_concat("ifaddrs.h" HAVE_IFADDRS_H)
|
||||
check_include_file_concat("io.h" HAVE_IO_H)
|
||||
check_include_file_concat("krb.h" HAVE_KRB_H)
|
||||
@@ -638,7 +638,6 @@ check_include_file_concat("stropts.h" HAVE_STROPTS_H)
|
||||
check_include_file_concat("termio.h" HAVE_TERMIO_H)
|
||||
check_include_file_concat("termios.h" HAVE_TERMIOS_H)
|
||||
check_include_file_concat("time.h" HAVE_TIME_H)
|
||||
-check_include_file_concat("tld.h" HAVE_TLD_H)
|
||||
check_include_file_concat("unistd.h" HAVE_UNISTD_H)
|
||||
check_include_file_concat("utime.h" HAVE_UTIME_H)
|
||||
check_include_file_concat("x509.h" HAVE_X509_H)
|
||||
@@ -652,9 +651,6 @@ check_include_file_concat("netinet/if_ether.h" HAVE_NETINET_IF_ETHER_H)
|
||||
check_include_file_concat("stdint.h" HAVE_STDINT_H)
|
||||
check_include_file_concat("sockio.h" HAVE_SOCKIO_H)
|
||||
check_include_file_concat("sys/utsname.h" HAVE_SYS_UTSNAME_H)
|
||||
-check_include_file_concat("idna.h" HAVE_IDNA_H)
|
||||
-
|
||||
-
|
||||
|
||||
check_type_size(size_t SIZEOF_SIZE_T)
|
||||
check_type_size(ssize_t SIZEOF_SSIZE_T)
|
||||
@@ -802,9 +798,6 @@ check_symbol_exists(pipe "${CURL_INCLUDES}" HAVE_PIPE)
|
||||
check_symbol_exists(ftruncate "${CURL_INCLUDES}" HAVE_FTRUNCATE)
|
||||
check_symbol_exists(getprotobyname "${CURL_INCLUDES}" HAVE_GETPROTOBYNAME)
|
||||
check_symbol_exists(getrlimit "${CURL_INCLUDES}" HAVE_GETRLIMIT)
|
||||
-check_symbol_exists(idn_free "${CURL_INCLUDES}" HAVE_IDN_FREE)
|
||||
-check_symbol_exists(idna_strerror "${CURL_INCLUDES}" HAVE_IDNA_STRERROR)
|
||||
-check_symbol_exists(tld_strerror "${CURL_INCLUDES}" HAVE_TLD_STRERROR)
|
||||
check_symbol_exists(setlocale "${CURL_INCLUDES}" HAVE_SETLOCALE)
|
||||
check_symbol_exists(setrlimit "${CURL_INCLUDES}" HAVE_SETRLIMIT)
|
||||
check_symbol_exists(fcntl "${CURL_INCLUDES}" HAVE_FCNTL)
|
||||
@@ -1067,7 +1060,7 @@ _add_if("IPv6" ENABLE_IPV6)
|
||||
_add_if("unix-sockets" USE_UNIX_SOCKETS)
|
||||
_add_if("libz" HAVE_LIBZ)
|
||||
_add_if("AsynchDNS" USE_ARES OR USE_THREADS_POSIX)
|
||||
-_add_if("IDN" HAVE_LIBIDN)
|
||||
+_add_if("IDN" HAVE_LIBIDN2)
|
||||
# TODO SSP1 (WinSSL) check is missing
|
||||
_add_if("SSPI" USE_WINDOWS_SSPI)
|
||||
_add_if("GSS-API" HAVE_GSSAPI)
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 4c9862f..c8e2721 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -157,7 +157,7 @@ curl_tls_srp_msg="no (--enable-tls-srp)"
|
||||
curl_res_msg="default (--enable-ares / --enable-threaded-resolver)"
|
||||
curl_ipv6_msg="no (--enable-ipv6)"
|
||||
curl_unix_sockets_msg="no (--enable-unix-sockets)"
|
||||
- curl_idn_msg="no (--with-{libidn,winidn})"
|
||||
+ curl_idn_msg="no (--with-{libidn2,winidn})"
|
||||
curl_manual_msg="no (--enable-manual)"
|
||||
curl_libcurl_msg="enabled (--disable-libcurl-option)"
|
||||
curl_verbose_msg="enabled (--disable-verbose)"
|
||||
@@ -2825,15 +2825,15 @@ dnl **********************************************************************
|
||||
dnl Check for the presence of IDN libraries and headers
|
||||
dnl **********************************************************************
|
||||
|
||||
-AC_MSG_CHECKING([whether to build with libidn])
|
||||
+AC_MSG_CHECKING([whether to build with libidn2])
|
||||
OPT_IDN="default"
|
||||
AC_ARG_WITH(libidn,
|
||||
-AC_HELP_STRING([--with-libidn=PATH],[Enable libidn usage])
|
||||
-AC_HELP_STRING([--without-libidn],[Disable libidn usage]),
|
||||
+AC_HELP_STRING([--with-libidn2=PATH],[Enable libidn2 usage])
|
||||
+AC_HELP_STRING([--without-libidn2],[Disable libidn2 usage]),
|
||||
[OPT_IDN=$withval])
|
||||
case "$OPT_IDN" in
|
||||
no)
|
||||
- dnl --without-libidn option used
|
||||
+ dnl --without-libidn2 option used
|
||||
want_idn="no"
|
||||
AC_MSG_RESULT([no])
|
||||
;;
|
||||
@@ -2844,13 +2844,13 @@ case "$OPT_IDN" in
|
||||
AC_MSG_RESULT([(assumed) yes])
|
||||
;;
|
||||
yes)
|
||||
- dnl --with-libidn option used without path
|
||||
+ dnl --with-libidn2 option used without path
|
||||
want_idn="yes"
|
||||
want_idn_path="default"
|
||||
AC_MSG_RESULT([yes])
|
||||
;;
|
||||
*)
|
||||
- dnl --with-libidn option used with path
|
||||
+ dnl --with-libidn2 option used with path
|
||||
want_idn="yes"
|
||||
want_idn_path="$withval"
|
||||
AC_MSG_RESULT([yes ($withval)])
|
||||
@@ -2867,33 +2867,33 @@ if test "$want_idn" = "yes"; then
|
||||
if test "$want_idn_path" != "default"; then
|
||||
dnl path has been specified
|
||||
IDN_PCDIR="$want_idn_path/lib$libsuff/pkgconfig"
|
||||
- CURL_CHECK_PKGCONFIG(libidn, [$IDN_PCDIR])
|
||||
+ CURL_CHECK_PKGCONFIG(libidn2, [$IDN_PCDIR])
|
||||
if test "$PKGCONFIG" != "no"; then
|
||||
IDN_LIBS=`CURL_EXPORT_PCDIR([$IDN_PCDIR]) dnl
|
||||
- $PKGCONFIG --libs-only-l libidn 2>/dev/null`
|
||||
+ $PKGCONFIG --libs-only-l libidn2 2>/dev/null`
|
||||
IDN_LDFLAGS=`CURL_EXPORT_PCDIR([$IDN_PCDIR]) dnl
|
||||
- $PKGCONFIG --libs-only-L libidn 2>/dev/null`
|
||||
+ $PKGCONFIG --libs-only-L libidn2 2>/dev/null`
|
||||
IDN_CPPFLAGS=`CURL_EXPORT_PCDIR([$IDN_PCDIR]) dnl
|
||||
- $PKGCONFIG --cflags-only-I libidn 2>/dev/null`
|
||||
+ $PKGCONFIG --cflags-only-I libidn2 2>/dev/null`
|
||||
IDN_DIR=`echo $IDN_LDFLAGS | $SED -e 's/-L//'`
|
||||
else
|
||||
dnl pkg-config not available or provides no info
|
||||
- IDN_LIBS="-lidn"
|
||||
+ IDN_LIBS="-lidn2"
|
||||
IDN_LDFLAGS="-L$want_idn_path/lib$libsuff"
|
||||
IDN_CPPFLAGS="-I$want_idn_path/include"
|
||||
IDN_DIR="$want_idn_path/lib$libsuff"
|
||||
fi
|
||||
else
|
||||
dnl path not specified
|
||||
- CURL_CHECK_PKGCONFIG(libidn)
|
||||
+ CURL_CHECK_PKGCONFIG(libidn2)
|
||||
if test "$PKGCONFIG" != "no"; then
|
||||
- IDN_LIBS=`$PKGCONFIG --libs-only-l libidn 2>/dev/null`
|
||||
- IDN_LDFLAGS=`$PKGCONFIG --libs-only-L libidn 2>/dev/null`
|
||||
- IDN_CPPFLAGS=`$PKGCONFIG --cflags-only-I libidn 2>/dev/null`
|
||||
+ IDN_LIBS=`$PKGCONFIG --libs-only-l libidn2 2>/dev/null`
|
||||
+ IDN_LDFLAGS=`$PKGCONFIG --libs-only-L libidn2 2>/dev/null`
|
||||
+ IDN_CPPFLAGS=`$PKGCONFIG --cflags-only-I libidn2 2>/dev/null`
|
||||
IDN_DIR=`echo $IDN_LDFLAGS | $SED -e 's/-L//'`
|
||||
else
|
||||
dnl pkg-config not available or provides no info
|
||||
- IDN_LIBS="-lidn"
|
||||
+ IDN_LIBS="-lidn2"
|
||||
fi
|
||||
fi
|
||||
#
|
||||
@@ -2913,9 +2913,9 @@ if test "$want_idn" = "yes"; then
|
||||
LDFLAGS="$IDN_LDFLAGS $LDFLAGS"
|
||||
LIBS="$IDN_LIBS $LIBS"
|
||||
#
|
||||
- AC_MSG_CHECKING([if idna_to_ascii_4i can be linked])
|
||||
+ AC_MSG_CHECKING([if idn2_lookup_ul can be linked])
|
||||
AC_LINK_IFELSE([
|
||||
- AC_LANG_FUNC_LINK_TRY([idna_to_ascii_4i])
|
||||
+ AC_LANG_FUNC_LINK_TRY([idn2_lookup_ul])
|
||||
],[
|
||||
AC_MSG_RESULT([yes])
|
||||
tst_links_libidn="yes"
|
||||
@@ -2923,37 +2923,19 @@ if test "$want_idn" = "yes"; then
|
||||
AC_MSG_RESULT([no])
|
||||
tst_links_libidn="no"
|
||||
])
|
||||
- if test "$tst_links_libidn" = "no"; then
|
||||
- AC_MSG_CHECKING([if idna_to_ascii_lz can be linked])
|
||||
- AC_LINK_IFELSE([
|
||||
- AC_LANG_FUNC_LINK_TRY([idna_to_ascii_lz])
|
||||
- ],[
|
||||
- AC_MSG_RESULT([yes])
|
||||
- tst_links_libidn="yes"
|
||||
- ],[
|
||||
- AC_MSG_RESULT([no])
|
||||
- tst_links_libidn="no"
|
||||
- ])
|
||||
- fi
|
||||
#
|
||||
+ AC_CHECK_HEADERS( idn2.h )
|
||||
+
|
||||
if test "$tst_links_libidn" = "yes"; then
|
||||
- AC_DEFINE(HAVE_LIBIDN, 1, [Define to 1 if you have the `idn' library (-lidn).])
|
||||
+ AC_DEFINE(HAVE_LIBIDN2, 1, [Define to 1 if you have the `idn2' library (-lidn2).])
|
||||
dnl different versions of libidn have different setups of these:
|
||||
- AC_CHECK_FUNCS( idn_free idna_strerror tld_strerror )
|
||||
- AC_CHECK_HEADERS( idn-free.h tld.h )
|
||||
- if test "x$ac_cv_header_tld_h" = "xyes"; then
|
||||
- AC_SUBST([IDN_ENABLED], [1])
|
||||
- curl_idn_msg="enabled"
|
||||
- if test -n "$IDN_DIR" -a "x$cross_compiling" != "xyes"; then
|
||||
- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$IDN_DIR"
|
||||
- export LD_LIBRARY_PATH
|
||||
- AC_MSG_NOTICE([Added $IDN_DIR to LD_LIBRARY_PATH])
|
||||
- fi
|
||||
- else
|
||||
- AC_MSG_WARN([Libraries for IDN support too old: IDN disabled])
|
||||
- CPPFLAGS="$clean_CPPFLAGS"
|
||||
- LDFLAGS="$clean_LDFLAGS"
|
||||
- LIBS="$clean_LIBS"
|
||||
+
|
||||
+ AC_SUBST([IDN_ENABLED], [1])
|
||||
+ curl_idn_msg="enabled (libidn2)"
|
||||
+ if test -n "$IDN_DIR" -a "x$cross_compiling" != "xyes"; then
|
||||
+ LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$IDN_DIR"
|
||||
+ export LD_LIBRARY_PATH
|
||||
+ AC_MSG_NOTICE([Added $IDN_DIR to LD_LIBRARY_PATH])
|
||||
fi
|
||||
else
|
||||
AC_MSG_WARN([Cannot find libraries for IDN support: IDN disabled])
|
||||
diff --git a/lib/curl_setup.h b/lib/curl_setup.h
|
||||
index 33ad129..5fb241b 100644
|
||||
--- a/lib/curl_setup.h
|
||||
+++ b/lib/curl_setup.h
|
||||
@@ -590,10 +590,9 @@ int netware_init(void);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
-#if defined(HAVE_LIBIDN) && defined(HAVE_TLD_H)
|
||||
-/* The lib was present and the tld.h header (which is missing in libidn 0.3.X
|
||||
- but we only work with libidn 0.4.1 or later) */
|
||||
-#define USE_LIBIDN
|
||||
+#if defined(HAVE_LIBIDN2) && defined(HAVE_IDN2_H)
|
||||
+/* The lib and header are present */
|
||||
+#define USE_LIBIDN2
|
||||
#endif
|
||||
|
||||
#ifndef SIZEOF_TIME_T
|
||||
diff --git a/lib/easy.c b/lib/easy.c
|
||||
index d529da8..51d57e3 100644
|
||||
--- a/lib/easy.c
|
||||
+++ b/lib/easy.c
|
||||
@@ -144,28 +144,6 @@ static CURLcode win32_init(void)
|
||||
return CURLE_OK;
|
||||
}
|
||||
|
||||
-#ifdef USE_LIBIDN
|
||||
-/*
|
||||
- * Initialise use of IDNA library.
|
||||
- * It falls back to ASCII if $CHARSET isn't defined. This doesn't work for
|
||||
- * idna_to_ascii_lz().
|
||||
- */
|
||||
-static void idna_init (void)
|
||||
-{
|
||||
-#ifdef WIN32
|
||||
- char buf[60];
|
||||
- UINT cp = GetACP();
|
||||
-
|
||||
- if(!getenv("CHARSET") && cp > 0) {
|
||||
- snprintf(buf, sizeof(buf), "CHARSET=cp%u", cp);
|
||||
- putenv(buf);
|
||||
- }
|
||||
-#else
|
||||
- /* to do? */
|
||||
-#endif
|
||||
-}
|
||||
-#endif /* USE_LIBIDN */
|
||||
-
|
||||
/* true globals -- for curl_global_init() and curl_global_cleanup() */
|
||||
static unsigned int initialized;
|
||||
static long init_flags;
|
||||
@@ -262,10 +240,6 @@ static CURLcode global_init(long flags, bool memoryfuncs)
|
||||
}
|
||||
#endif
|
||||
|
||||
-#ifdef USE_LIBIDN
|
||||
- idna_init();
|
||||
-#endif
|
||||
-
|
||||
if(Curl_resolver_global_init()) {
|
||||
DEBUGF(fprintf(stderr, "Error: resolver_global_init failed\n"));
|
||||
return CURLE_FAILED_INIT;
|
||||
diff --git a/lib/strerror.c b/lib/strerror.c
|
||||
index d222a1f..bf4faae 100644
|
||||
--- a/lib/strerror.c
|
||||
+++ b/lib/strerror.c
|
||||
@@ -35,8 +35,8 @@
|
||||
|
||||
#include <curl/curl.h>
|
||||
|
||||
-#ifdef USE_LIBIDN
|
||||
-#include <idna.h>
|
||||
+#ifdef USE_LIBIDN2
|
||||
+#include <idn2.h>
|
||||
#endif
|
||||
|
||||
#ifdef USE_WINDOWS_SSPI
|
||||
@@ -723,83 +723,6 @@ const char *Curl_strerror(struct connectdata *conn, int err)
|
||||
return buf;
|
||||
}
|
||||
|
||||
-#ifdef USE_LIBIDN
|
||||
-/*
|
||||
- * Return error-string for libidn status as returned from idna_to_ascii_lz().
|
||||
- */
|
||||
-const char *Curl_idn_strerror (struct connectdata *conn, int err)
|
||||
-{
|
||||
-#ifdef HAVE_IDNA_STRERROR
|
||||
- (void)conn;
|
||||
- return idna_strerror((Idna_rc) err);
|
||||
-#else
|
||||
- const char *str;
|
||||
- char *buf;
|
||||
- size_t max;
|
||||
-
|
||||
- DEBUGASSERT(conn);
|
||||
-
|
||||
- buf = conn->syserr_buf;
|
||||
- max = sizeof(conn->syserr_buf)-1;
|
||||
- *buf = '\0';
|
||||
-
|
||||
-#ifndef CURL_DISABLE_VERBOSE_STRINGS
|
||||
- switch ((Idna_rc)err) {
|
||||
- case IDNA_SUCCESS:
|
||||
- str = "No error";
|
||||
- break;
|
||||
- case IDNA_STRINGPREP_ERROR:
|
||||
- str = "Error in string preparation";
|
||||
- break;
|
||||
- case IDNA_PUNYCODE_ERROR:
|
||||
- str = "Error in Punycode operation";
|
||||
- break;
|
||||
- case IDNA_CONTAINS_NON_LDH:
|
||||
- str = "Illegal ASCII characters";
|
||||
- break;
|
||||
- case IDNA_CONTAINS_MINUS:
|
||||
- str = "Contains minus";
|
||||
- break;
|
||||
- case IDNA_INVALID_LENGTH:
|
||||
- str = "Invalid output length";
|
||||
- break;
|
||||
- case IDNA_NO_ACE_PREFIX:
|
||||
- str = "No ACE prefix (\"xn--\")";
|
||||
- break;
|
||||
- case IDNA_ROUNDTRIP_VERIFY_ERROR:
|
||||
- str = "Round trip verify error";
|
||||
- break;
|
||||
- case IDNA_CONTAINS_ACE_PREFIX:
|
||||
- str = "Already have ACE prefix (\"xn--\")";
|
||||
- break;
|
||||
- case IDNA_ICONV_ERROR:
|
||||
- str = "Locale conversion failed";
|
||||
- break;
|
||||
- case IDNA_MALLOC_ERROR:
|
||||
- str = "Allocation failed";
|
||||
- break;
|
||||
- case IDNA_DLOPEN_ERROR:
|
||||
- str = "dlopen() error";
|
||||
- break;
|
||||
- default:
|
||||
- snprintf(buf, max, "error %d", err);
|
||||
- str = NULL;
|
||||
- break;
|
||||
- }
|
||||
-#else
|
||||
- if((Idna_rc)err == IDNA_SUCCESS)
|
||||
- str = "No error";
|
||||
- else
|
||||
- str = "Error";
|
||||
-#endif
|
||||
- if(str)
|
||||
- strncpy(buf, str, max);
|
||||
- buf[max] = '\0';
|
||||
- return (buf);
|
||||
-#endif
|
||||
-}
|
||||
-#endif /* USE_LIBIDN */
|
||||
-
|
||||
#ifdef USE_WINDOWS_SSPI
|
||||
const char *Curl_sspi_strerror (struct connectdata *conn, int err)
|
||||
{
|
||||
diff --git a/lib/strerror.h b/lib/strerror.h
|
||||
index ae8c96b..627273e 100644
|
||||
--- a/lib/strerror.h
|
||||
+++ b/lib/strerror.h
|
||||
@@ -7,7 +7,7 @@
|
||||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
@@ -26,7 +26,7 @@
|
||||
|
||||
const char *Curl_strerror (struct connectdata *conn, int err);
|
||||
|
||||
-#ifdef USE_LIBIDN
|
||||
+#ifdef USE_LIBIDN2
|
||||
const char *Curl_idn_strerror (struct connectdata *conn, int err);
|
||||
#endif
|
||||
|
||||
diff --git a/lib/url.c b/lib/url.c
|
||||
index 8832989..8d52152 100644
|
||||
--- a/lib/url.c
|
||||
+++ b/lib/url.c
|
||||
@@ -59,24 +59,15 @@
|
||||
#include <limits.h>
|
||||
#endif
|
||||
|
||||
-#ifdef USE_LIBIDN
|
||||
-#include <idna.h>
|
||||
-#include <tld.h>
|
||||
-#include <stringprep.h>
|
||||
-#ifdef HAVE_IDN_FREE_H
|
||||
-#include <idn-free.h>
|
||||
-#else
|
||||
-/* prototype from idn-free.h, not provided by libidn 0.4.5's make install! */
|
||||
-void idn_free (void *ptr);
|
||||
-#endif
|
||||
-#ifndef HAVE_IDN_FREE
|
||||
-/* if idn_free() was not found in this version of libidn use free() instead */
|
||||
-#define idn_free(x) (free)(x)
|
||||
-#endif
|
||||
+#ifdef USE_LIBIDN2
|
||||
+#include <idn2.h>
|
||||
+
|
||||
#elif defined(USE_WIN32_IDN)
|
||||
/* prototype for curl_win32_idn_to_ascii() */
|
||||
int curl_win32_idn_to_ascii(const char *in, char **out);
|
||||
-#endif /* USE_LIBIDN */
|
||||
+#endif /* USE_LIBIDN2 */
|
||||
+
|
||||
+#include <idn2.h>
|
||||
|
||||
#include "urldata.h"
|
||||
#include "netrc.h"
|
||||
@@ -3693,59 +3684,15 @@ static bool is_ASCII_name(const char *hostname)
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
-#ifdef USE_LIBIDN
|
||||
-/*
|
||||
- * Check if characters in hostname is allowed in Top Level Domain.
|
||||
- */
|
||||
-static bool tld_check_name(struct SessionHandle *data,
|
||||
- const char *ace_hostname)
|
||||
-{
|
||||
- size_t err_pos;
|
||||
- char *uc_name = NULL;
|
||||
- int rc;
|
||||
-#ifndef CURL_DISABLE_VERBOSE_STRINGS
|
||||
- const char *tld_errmsg = "<no msg>";
|
||||
-#else
|
||||
- (void)data;
|
||||
-#endif
|
||||
-
|
||||
- /* Convert (and downcase) ACE-name back into locale's character set */
|
||||
- rc = idna_to_unicode_lzlz(ace_hostname, &uc_name, 0);
|
||||
- if(rc != IDNA_SUCCESS)
|
||||
- return FALSE;
|
||||
-
|
||||
- rc = tld_check_lz(uc_name, &err_pos, NULL);
|
||||
-#ifndef CURL_DISABLE_VERBOSE_STRINGS
|
||||
-#ifdef HAVE_TLD_STRERROR
|
||||
- if(rc != TLD_SUCCESS)
|
||||
- tld_errmsg = tld_strerror((Tld_rc)rc);
|
||||
-#endif
|
||||
- if(rc == TLD_INVALID)
|
||||
- infof(data, "WARNING: %s; pos %u = `%c'/0x%02X\n",
|
||||
- tld_errmsg, err_pos, uc_name[err_pos],
|
||||
- uc_name[err_pos] & 255);
|
||||
- else if(rc != TLD_SUCCESS)
|
||||
- infof(data, "WARNING: TLD check for %s failed; %s\n",
|
||||
- uc_name, tld_errmsg);
|
||||
-#endif /* CURL_DISABLE_VERBOSE_STRINGS */
|
||||
- if(uc_name)
|
||||
- idn_free(uc_name);
|
||||
- if(rc != TLD_SUCCESS)
|
||||
- return FALSE;
|
||||
-
|
||||
- return TRUE;
|
||||
-}
|
||||
-#endif
|
||||
-
|
||||
/*
|
||||
* Perform any necessary IDN conversion of hostname
|
||||
*/
|
||||
-static void fix_hostname(struct SessionHandle *data,
|
||||
- struct connectdata *conn, struct hostname *host)
|
||||
+static void fix_hostname(struct connectdata *conn, struct hostname *host)
|
||||
{
|
||||
size_t len;
|
||||
+ struct Curl_easy *data = conn->data;
|
||||
|
||||
-#ifndef USE_LIBIDN
|
||||
+#ifndef USE_LIBIDN2
|
||||
(void)data;
|
||||
(void)conn;
|
||||
#elif defined(CURL_DISABLE_VERBOSE_STRINGS)
|
||||
@@ -3762,26 +3709,18 @@ static void fix_hostname(struct SessionHandle *data,
|
||||
host->name[len-1]=0;
|
||||
|
||||
if(!is_ASCII_name(host->name)) {
|
||||
-#ifdef USE_LIBIDN
|
||||
- /*************************************************************
|
||||
- * Check name for non-ASCII and convert hostname to ACE form.
|
||||
- *************************************************************/
|
||||
- if(stringprep_check_version(LIBIDN_REQUIRED_VERSION)) {
|
||||
- char *ace_hostname = NULL;
|
||||
- int rc = idna_to_ascii_lz(host->name, &ace_hostname, 0);
|
||||
- infof (data, "Input domain encoded as `%s'\n",
|
||||
- stringprep_locale_charset ());
|
||||
- if(rc != IDNA_SUCCESS)
|
||||
- infof(data, "Failed to convert %s to ACE; %s\n",
|
||||
- host->name, Curl_idn_strerror(conn, rc));
|
||||
- else {
|
||||
- /* tld_check_name() displays a warning if the host name contains
|
||||
- "illegal" characters for this TLD */
|
||||
- (void)tld_check_name(data, ace_hostname);
|
||||
-
|
||||
- host->encalloc = ace_hostname;
|
||||
- /* change the name pointer to point to the encoded hostname */
|
||||
- host->name = host->encalloc;
|
||||
+#ifdef USE_LIBIDN2
|
||||
+ if(idn2_check_version(IDN2_VERSION)) {
|
||||
+ char *ace_hostname = NULL;
|
||||
+ int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, 0);
|
||||
+ if(rc == IDN2_OK) {
|
||||
+ host->encalloc = (char *)ace_hostname;
|
||||
+ /* change the name pointer to point to the encoded hostname */
|
||||
+ host->name = host->encalloc;
|
||||
+ }
|
||||
+ else
|
||||
+ infof(data, "Failed to convert %s to ACE; %s\n", host->name,
|
||||
+ idn2_strerror(rc));
|
||||
}
|
||||
}
|
||||
#elif defined(USE_WIN32_IDN)
|
||||
@@ -3809,9 +3748,9 @@ static void fix_hostname(struct SessionHandle *data,
|
||||
*/
|
||||
static void free_fixed_hostname(struct hostname *host)
|
||||
{
|
||||
-#if defined(USE_LIBIDN)
|
||||
+#if defined(USE_LIBIDN2)
|
||||
if(host->encalloc) {
|
||||
- idn_free(host->encalloc); /* must be freed with idn_free() since this was
|
||||
+ idn2_free(host->encalloc); /* must be freed with idn2_free() since this was
|
||||
allocated by libidn */
|
||||
host->encalloc = NULL;
|
||||
}
|
||||
@@ -5707,9 +5646,9 @@ static CURLcode create_conn(struct SessionHandle *data,
|
||||
/*************************************************************
|
||||
* IDN-fix the hostnames
|
||||
*************************************************************/
|
||||
- fix_hostname(data, conn, &conn->host);
|
||||
+ fix_hostname(conn, &conn->host);
|
||||
if(conn->proxy.name && *conn->proxy.name)
|
||||
- fix_hostname(data, conn, &conn->proxy);
|
||||
+ fix_hostname(conn, &conn->proxy);
|
||||
|
||||
/*************************************************************
|
||||
* Setup internals depending on protocol. Needs to be done after
|
||||
diff --git a/lib/version.c b/lib/version.c
|
||||
index 7f14fa5..a5c9811 100644
|
||||
--- a/lib/version.c
|
||||
+++ b/lib/version.c
|
||||
@@ -36,8 +36,8 @@
|
||||
# include <ares.h>
|
||||
#endif
|
||||
|
||||
-#ifdef USE_LIBIDN
|
||||
-#include <stringprep.h>
|
||||
+#ifdef USE_LIBIDN2
|
||||
+#include <idn2.h>
|
||||
#endif
|
||||
|
||||
#ifdef USE_LIBPSL
|
||||
@@ -97,9 +97,9 @@ char *curl_version(void)
|
||||
left -= len;
|
||||
ptr += len;
|
||||
#endif
|
||||
-#ifdef USE_LIBIDN
|
||||
- if(stringprep_check_version(LIBIDN_REQUIRED_VERSION)) {
|
||||
- len = snprintf(ptr, left, " libidn/%s", stringprep_check_version(NULL));
|
||||
+#ifdef USE_LIBIDN2
|
||||
+ if(idn2_check_version(IDN2_VERSION)) {
|
||||
+ len = snprintf(ptr, left, " libidn2/%s", idn2_check_version(NULL));
|
||||
left -= len;
|
||||
ptr += len;
|
||||
}
|
||||
@@ -344,10 +344,10 @@ curl_version_info_data *curl_version_info(CURLversion stamp)
|
||||
version_info.ares_num = aresnum;
|
||||
}
|
||||
#endif
|
||||
-#ifdef USE_LIBIDN
|
||||
+#ifdef USE_LIBIDN2
|
||||
/* This returns a version string if we use the given version or later,
|
||||
otherwise it returns NULL */
|
||||
- version_info.libidn = stringprep_check_version(LIBIDN_REQUIRED_VERSION);
|
||||
+ version_info.libidn = idn2_check_version(IDN2_VERSION);
|
||||
if(version_info.libidn)
|
||||
version_info.features |= CURL_VERSION_IDN;
|
||||
#elif defined(USE_WIN32_IDN)
|
||||
@@ -0,0 +1,29 @@
|
||||
From c27013c05d99d92370b57e1a7af1b854eef4e7c1 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Mon, 31 Oct 2016 09:49:50 +0100
|
||||
Subject: [PATCH] url: remove unconditional idn2.h include
|
||||
|
||||
Mistake brought by 9c91ec778104a [fix to CVE-2016-8625]
|
||||
Upstream-Status: Backport
|
||||
|
||||
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
||||
---
|
||||
lib/url.c | 2 --
|
||||
1 file changed, 2 deletions(-)
|
||||
|
||||
diff --git a/lib/url.c b/lib/url.c
|
||||
index c90a1c5..b997f41 100644
|
||||
--- a/lib/url.c
|
||||
+++ b/lib/url.c
|
||||
@@ -67,8 +67,6 @@
|
||||
bool curl_win32_idn_to_ascii(const char *in, char **out);
|
||||
#endif /* USE_LIBIDN2 */
|
||||
|
||||
-#include <idn2.h>
|
||||
-
|
||||
#include "urldata.h"
|
||||
#include "netrc.h"
|
||||
|
||||
--
|
||||
1.9.1
|
||||
|
||||
@@ -15,6 +15,18 @@ SRC_URI += " file://configure_ac.patch \
|
||||
file://CVE-2016-5420.patch \
|
||||
file://CVE-2016-5421.patch \
|
||||
file://CVE-2016-7141.patch \
|
||||
file://CVE-2016-8615.patch \
|
||||
file://CVE-2016-8616.patch \
|
||||
file://CVE-2016-8617.patch \
|
||||
file://CVE-2016-8618.patch \
|
||||
file://CVE-2016-8619.patch \
|
||||
file://CVE-2016-8620.patch \
|
||||
file://CVE-2016-8621.patch \
|
||||
file://CVE-2016-8622.patch \
|
||||
file://CVE-2016-8623.patch \
|
||||
file://CVE-2016-8624.patch \
|
||||
file://CVE-2016-8625.patch \
|
||||
file://url-remove-unconditional-idn2.h-include.patch \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "9ea3123449439bbd960cd25cf98796fb"
|
||||
|
||||
@@ -0,0 +1,39 @@
|
||||
CVE: CVE-2017-9526
|
||||
Upstream-Status: Backport
|
||||
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
||||
|
||||
From b3cab278eb9c2ceda79f980bc26460d97f260041 Mon Sep 17 00:00:00 2001
|
||||
From: Jo Van Bulck <jo.vanbulck@cs.kuleuven.be>
|
||||
Date: Thu, 19 Jan 2017 17:00:15 +0100
|
||||
Subject: [PATCH] ecc: Store EdDSA session key in secure memory.
|
||||
|
||||
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): use mpi_snew to allocate
|
||||
session key.
|
||||
--
|
||||
|
||||
An attacker who learns the EdDSA session key from side-channel
|
||||
observation during the signing process, can easily revover the long-
|
||||
term secret key. Storing the session key in secure memory ensures that
|
||||
constant time point operations are used in the MPI library.
|
||||
|
||||
Signed-off-by: Jo Van Bulck <jo.vanbulck@cs.kuleuven.be>
|
||||
---
|
||||
cipher/ecc-eddsa.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c
|
||||
index f91f8489..813e030d 100644
|
||||
--- a/cipher/ecc-eddsa.c
|
||||
+++ b/cipher/ecc-eddsa.c
|
||||
@@ -603,7 +603,7 @@ _gcry_ecc_eddsa_sign (gcry_mpi_t input, ECC_secret_key *skey,
|
||||
a = mpi_snew (0);
|
||||
x = mpi_new (0);
|
||||
y = mpi_new (0);
|
||||
- r = mpi_new (0);
|
||||
+ r = mpi_snew (0);
|
||||
ctx = _gcry_mpi_ec_p_internal_new (skey->E.model, skey->E.dialect, 0,
|
||||
skey->E.p, skey->E.a, skey->E.b);
|
||||
b = (ctx->nbits+7)/8;
|
||||
--
|
||||
2.11.0
|
||||
|
||||
455
meta/recipes-support/libgcrypt/files/CVE-2017-7526.patch
Normal file
455
meta/recipes-support/libgcrypt/files/CVE-2017-7526.patch
Normal file
@@ -0,0 +1,455 @@
|
||||
Flush+reload side-channel attack on RSA secret keys dubbed "Sliding right
|
||||
into disaster".
|
||||
|
||||
CVE: CVE-2017-7526
|
||||
Upstream-Status: Backport
|
||||
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
||||
|
||||
From 8ae178108eb3c64b40dcb4d1c1943205a86db724 Mon Sep 17 00:00:00 2001
|
||||
From: NIIBE Yutaka <gniibe@fsij.org>
|
||||
Date: Tue, 4 Apr 2017 17:38:05 +0900
|
||||
Subject: [PATCH 1/5] mpi: Simplify mpi_powm.
|
||||
|
||||
* mpi/mpi-pow.c (_gcry_mpi_powm): Simplify the loop.
|
||||
|
||||
--
|
||||
|
||||
This fix is not a solution for the problem reported (yet). The
|
||||
problem is that the current algorithm of _gcry_mpi_powm depends on
|
||||
exponent and some information leaks is possible.
|
||||
|
||||
Reported-by: Andreas Zankl <andreas.zankl@aisec.fraunhofer.de>
|
||||
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||
|
||||
(backport from master commit:
|
||||
719468e53133d3bdf12156c5bfdea2bf15f9f6f1)
|
||||
|
||||
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
||||
---
|
||||
mpi/mpi-pow.c | 105 +++++++++++++++++-----------------------------------------
|
||||
1 file changed, 30 insertions(+), 75 deletions(-)
|
||||
|
||||
diff --git a/mpi/mpi-pow.c b/mpi/mpi-pow.c
|
||||
index 70bf9e84..c00cfed3 100644
|
||||
--- a/mpi/mpi-pow.c
|
||||
+++ b/mpi/mpi-pow.c
|
||||
@@ -613,12 +613,8 @@ _gcry_mpi_powm (gcry_mpi_t res,
|
||||
if (e == 0)
|
||||
{
|
||||
j += c;
|
||||
- i--;
|
||||
- if ( i < 0 )
|
||||
- {
|
||||
- c = 0;
|
||||
- break;
|
||||
- }
|
||||
+ if ( --i < 0 )
|
||||
+ break;
|
||||
|
||||
e = ep[i];
|
||||
c = BITS_PER_MPI_LIMB;
|
||||
@@ -633,38 +629,33 @@ _gcry_mpi_powm (gcry_mpi_t res,
|
||||
c -= c0;
|
||||
j += c0;
|
||||
|
||||
+ e0 = (e >> (BITS_PER_MPI_LIMB - W));
|
||||
if (c >= W)
|
||||
- {
|
||||
- e0 = (e >> (BITS_PER_MPI_LIMB - W));
|
||||
- e = (e << W);
|
||||
- c -= W;
|
||||
- }
|
||||
+ c0 = 0;
|
||||
else
|
||||
{
|
||||
- i--;
|
||||
- if ( i < 0 )
|
||||
+ if ( --i < 0 )
|
||||
{
|
||||
- e = (e >> (BITS_PER_MPI_LIMB - c));
|
||||
- break;
|
||||
+ e0 = (e >> (BITS_PER_MPI_LIMB - c));
|
||||
+ j += c - W;
|
||||
+ goto last_step;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ c0 = c;
|
||||
+ e = ep[i];
|
||||
+ c = BITS_PER_MPI_LIMB;
|
||||
+ e0 |= (e >> (BITS_PER_MPI_LIMB - (W - c0)));
|
||||
}
|
||||
-
|
||||
- c0 = c;
|
||||
- e0 = (e >> (BITS_PER_MPI_LIMB - W))
|
||||
- | (ep[i] >> (BITS_PER_MPI_LIMB - W + c0));
|
||||
- e = (ep[i] << (W - c0));
|
||||
- c = BITS_PER_MPI_LIMB - W + c0;
|
||||
}
|
||||
|
||||
+ e = e << (W - c0);
|
||||
+ c -= (W - c0);
|
||||
+
|
||||
+ last_step:
|
||||
count_trailing_zeros (c0, e0);
|
||||
e0 = (e0 >> c0) >> 1;
|
||||
|
||||
- for (j += W - c0; j; j--)
|
||||
- {
|
||||
- mul_mod (xp, &xsize, rp, rsize, rp, rsize, mp, msize, &karactx);
|
||||
- tp = rp; rp = xp; xp = tp;
|
||||
- rsize = xsize;
|
||||
- }
|
||||
-
|
||||
/*
|
||||
* base_u <= precomp[e0]
|
||||
* base_u_size <= precomp_size[e0]
|
||||
@@ -681,25 +672,23 @@ _gcry_mpi_powm (gcry_mpi_t res,
|
||||
u.d = precomp[k];
|
||||
|
||||
mpi_set_cond (&w, &u, k == e0);
|
||||
- base_u_size |= (precomp_size[k] & ((mpi_size_t)0 - (k == e0)) );
|
||||
+ base_u_size |= ( precomp_size[k] & ((mpi_size_t)0 - (k == e0)) );
|
||||
}
|
||||
|
||||
- mul_mod (xp, &xsize, rp, rsize, base_u, base_u_size,
|
||||
- mp, msize, &karactx);
|
||||
- tp = rp; rp = xp; xp = tp;
|
||||
- rsize = xsize;
|
||||
+ for (j += W - c0; j >= 0; j--)
|
||||
+ {
|
||||
+ mul_mod (xp, &xsize, rp, rsize,
|
||||
+ j == 0 ? base_u : rp, j == 0 ? base_u_size : rsize,
|
||||
+ mp, msize, &karactx);
|
||||
+ tp = rp; rp = xp; xp = tp;
|
||||
+ rsize = xsize;
|
||||
+ }
|
||||
|
||||
j = c0;
|
||||
+ if ( i < 0 )
|
||||
+ break;
|
||||
}
|
||||
|
||||
- if (c != 0)
|
||||
- {
|
||||
- j += c;
|
||||
- count_trailing_zeros (c, e);
|
||||
- e = (e >> c);
|
||||
- j -= c;
|
||||
- }
|
||||
-
|
||||
while (j--)
|
||||
{
|
||||
mul_mod (xp, &xsize, rp, rsize, rp, rsize, mp, msize, &karactx);
|
||||
@@ -707,40 +696,6 @@ _gcry_mpi_powm (gcry_mpi_t res,
|
||||
rsize = xsize;
|
||||
}
|
||||
|
||||
- if (e != 0)
|
||||
- {
|
||||
- /*
|
||||
- * base_u <= precomp[(e>>1)]
|
||||
- * base_u_size <= precomp_size[(e>>1)]
|
||||
- */
|
||||
- base_u_size = 0;
|
||||
- for (k = 0; k < (1<< (W - 1)); k++)
|
||||
- {
|
||||
- struct gcry_mpi w, u;
|
||||
- w.alloced = w.nlimbs = precomp_size[k];
|
||||
- u.alloced = u.nlimbs = precomp_size[k];
|
||||
- w.sign = u.sign = 0;
|
||||
- w.flags = u.flags = 0;
|
||||
- w.d = base_u;
|
||||
- u.d = precomp[k];
|
||||
-
|
||||
- mpi_set_cond (&w, &u, k == (e>>1));
|
||||
- base_u_size |= (precomp_size[k] & ((mpi_size_t)0 - (k == (e>>1))) );
|
||||
- }
|
||||
-
|
||||
- mul_mod (xp, &xsize, rp, rsize, base_u, base_u_size,
|
||||
- mp, msize, &karactx);
|
||||
- tp = rp; rp = xp; xp = tp;
|
||||
- rsize = xsize;
|
||||
-
|
||||
- for (; c; c--)
|
||||
- {
|
||||
- mul_mod (xp, &xsize, rp, rsize, rp, rsize, mp, msize, &karactx);
|
||||
- tp = rp; rp = xp; xp = tp;
|
||||
- rsize = xsize;
|
||||
- }
|
||||
- }
|
||||
-
|
||||
/* We shifted MOD, the modulo reduction argument, left
|
||||
MOD_SHIFT_CNT steps. Adjust the result by reducing it with the
|
||||
original MOD.
|
||||
--
|
||||
2.11.0
|
||||
|
||||
|
||||
From ab6d34849f33d16e1da2b09e3d938bcb0f48f682 Mon Sep 17 00:00:00 2001
|
||||
From: NIIBE Yutaka <gniibe@fsij.org>
|
||||
Date: Sat, 24 Jun 2017 20:46:20 +0900
|
||||
Subject: [PATCH 2/5] Same computation for square and multiply.
|
||||
|
||||
* mpi/mpi-pow.c (_gcry_mpi_powm): Compare msize for max_u_size. Move
|
||||
the assignment to base_u into the loop. Copy content refered by RP to
|
||||
BASE_U except the last of the loop.
|
||||
|
||||
--
|
||||
|
||||
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||
(backport from master commit:
|
||||
78130828e9a140a9de4dafadbc844dbb64cb709a)
|
||||
|
||||
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
||||
---
|
||||
mpi/mpi-pow.c | 50 +++++++++++++++++++++++++++++---------------------
|
||||
1 file changed, 29 insertions(+), 21 deletions(-)
|
||||
|
||||
diff --git a/mpi/mpi-pow.c b/mpi/mpi-pow.c
|
||||
index c00cfed3..0d74f28c 100644
|
||||
--- a/mpi/mpi-pow.c
|
||||
+++ b/mpi/mpi-pow.c
|
||||
@@ -577,6 +577,8 @@ _gcry_mpi_powm (gcry_mpi_t res,
|
||||
MPN_COPY (precomp[i], rp, rsize);
|
||||
}
|
||||
|
||||
+ if (msize > max_u_size)
|
||||
+ max_u_size = msize;
|
||||
base_u = mpi_alloc_limb_space (max_u_size, esec);
|
||||
MPN_ZERO (base_u, max_u_size);
|
||||
|
||||
@@ -623,6 +625,10 @@ _gcry_mpi_powm (gcry_mpi_t res,
|
||||
{
|
||||
int c0;
|
||||
mpi_limb_t e0;
|
||||
+ struct gcry_mpi w, u;
|
||||
+ w.sign = u.sign = 0;
|
||||
+ w.flags = u.flags = 0;
|
||||
+ w.d = base_u;
|
||||
|
||||
count_leading_zeros (c0, e);
|
||||
e = (e << c0);
|
||||
@@ -656,29 +662,31 @@ _gcry_mpi_powm (gcry_mpi_t res,
|
||||
count_trailing_zeros (c0, e0);
|
||||
e0 = (e0 >> c0) >> 1;
|
||||
|
||||
- /*
|
||||
- * base_u <= precomp[e0]
|
||||
- * base_u_size <= precomp_size[e0]
|
||||
- */
|
||||
- base_u_size = 0;
|
||||
- for (k = 0; k < (1<< (W - 1)); k++)
|
||||
- {
|
||||
- struct gcry_mpi w, u;
|
||||
- w.alloced = w.nlimbs = precomp_size[k];
|
||||
- u.alloced = u.nlimbs = precomp_size[k];
|
||||
- w.sign = u.sign = 0;
|
||||
- w.flags = u.flags = 0;
|
||||
- w.d = base_u;
|
||||
- u.d = precomp[k];
|
||||
-
|
||||
- mpi_set_cond (&w, &u, k == e0);
|
||||
- base_u_size |= ( precomp_size[k] & ((mpi_size_t)0 - (k == e0)) );
|
||||
- }
|
||||
-
|
||||
for (j += W - c0; j >= 0; j--)
|
||||
{
|
||||
- mul_mod (xp, &xsize, rp, rsize,
|
||||
- j == 0 ? base_u : rp, j == 0 ? base_u_size : rsize,
|
||||
+
|
||||
+ /*
|
||||
+ * base_u <= precomp[e0]
|
||||
+ * base_u_size <= precomp_size[e0]
|
||||
+ */
|
||||
+ base_u_size = 0;
|
||||
+ for (k = 0; k < (1<< (W - 1)); k++)
|
||||
+ {
|
||||
+ w.alloced = w.nlimbs = precomp_size[k];
|
||||
+ u.alloced = u.nlimbs = precomp_size[k];
|
||||
+ u.d = precomp[k];
|
||||
+
|
||||
+ mpi_set_cond (&w, &u, k == e0);
|
||||
+ base_u_size |= ( precomp_size[k] & (0UL - (k == e0)) );
|
||||
+ }
|
||||
+
|
||||
+ w.alloced = w.nlimbs = rsize;
|
||||
+ u.alloced = u.nlimbs = rsize;
|
||||
+ u.d = rp;
|
||||
+ mpi_set_cond (&w, &u, j != 0);
|
||||
+ base_u_size ^= ((base_u_size ^ rsize) & (0UL - (j != 0)));
|
||||
+
|
||||
+ mul_mod (xp, &xsize, rp, rsize, base_u, base_u_size,
|
||||
mp, msize, &karactx);
|
||||
tp = rp; rp = xp; xp = tp;
|
||||
rsize = xsize;
|
||||
--
|
||||
2.11.0
|
||||
|
||||
|
||||
From b5370d527612d2c453a366729f07892974b28ba8 Mon Sep 17 00:00:00 2001
|
||||
From: NIIBE Yutaka <gniibe@fsij.org>
|
||||
Date: Thu, 29 Jun 2017 11:48:44 +0900
|
||||
Subject: [PATCH 3/5] rsa: Add exponent blinding.
|
||||
|
||||
* cipher/rsa.c (secret): Blind secret D with randomized nonce R for
|
||||
mpi_powm computation.
|
||||
|
||||
--
|
||||
|
||||
Co-authored-by: Werner Koch <wk@gnupg.org>
|
||||
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||
|
||||
The paper describing attack: https://eprint.iacr.org/2017/627
|
||||
|
||||
Sliding right into disaster: Left-to-right sliding windows leak
|
||||
by Daniel J. Bernstein and Joachim Breitner and Daniel Genkin and
|
||||
Leon Groot Bruinderink and Nadia Heninger and Tanja Lange and
|
||||
Christine van Vredendaal and Yuval Yarom
|
||||
|
||||
It is well known that constant-time implementations of modular
|
||||
exponentiation cannot use sliding windows. However, software
|
||||
libraries such as Libgcrypt, used by GnuPG, continue to use sliding
|
||||
windows. It is widely believed that, even if the complete pattern of
|
||||
squarings and multiplications is observed through a side-channel
|
||||
attack, the number of exponent bits leaked is not sufficient to
|
||||
carry out a full key-recovery attack against RSA. Specifically,
|
||||
4-bit sliding windows leak only 40% of the bits, and 5-bit sliding
|
||||
windows leak only 33% of the bits.
|
||||
|
||||
In this paper we demonstrate a complete break of RSA-1024 as
|
||||
implemented in Libgcrypt. Our attack makes essential use of the fact
|
||||
that Libgcrypt uses the left-to-right method for computing the
|
||||
sliding-window expansion. We show for the first time that the
|
||||
direction of the encoding matters: the pattern of squarings and
|
||||
multiplications in left-to-right sliding windows leaks significantly
|
||||
more information about exponent bits than for right-to-left. We show
|
||||
how to incorporate this additional information into the
|
||||
Heninger-Shacham algorithm for partial key reconstruction, and use
|
||||
it to obtain very efficient full key recovery for RSA-1024. We also
|
||||
provide strong evidence that the same attack works for RSA-2048 with
|
||||
only moderately more computation.
|
||||
|
||||
Exponent blinding is a kind of workaround to add noise. Signal (leak)
|
||||
is still there for non-constant-time implementation.
|
||||
|
||||
(backported from master commit:
|
||||
8725c99ffa41778f382ca97233183bcd687bb0ce)
|
||||
|
||||
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
||||
---
|
||||
cipher/rsa.c | 32 +++++++++++++++++++++++++-------
|
||||
1 file changed, 25 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/cipher/rsa.c b/cipher/rsa.c
|
||||
index 0b98b6a8..d8658476 100644
|
||||
--- a/cipher/rsa.c
|
||||
+++ b/cipher/rsa.c
|
||||
@@ -724,15 +724,33 @@ secret (gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey )
|
||||
gcry_mpi_t m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
|
||||
gcry_mpi_t m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
|
||||
gcry_mpi_t h = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
|
||||
-
|
||||
- /* m1 = c ^ (d mod (p-1)) mod p */
|
||||
+ gcry_mpi_t D_blind = mpi_alloc_secure ( mpi_get_nlimbs(skey->n) + 1 );
|
||||
+ gcry_mpi_t r;
|
||||
+ unsigned int r_nbits;
|
||||
+
|
||||
+ r_nbits = mpi_get_nbits (skey->p) / 4;
|
||||
+ if (r_nbits < 96)
|
||||
+ r_nbits = 96;
|
||||
+ r = mpi_alloc_secure ((r_nbits + BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB);
|
||||
+
|
||||
+ /* d_blind = (d mod (p-1)) + (p-1) * r */
|
||||
+ /* m1 = c ^ d_blind mod p */
|
||||
+ _gcry_mpi_randomize (r, r_nbits, GCRY_WEAK_RANDOM);
|
||||
+ mpi_set_highbit (r, r_nbits - 1);
|
||||
mpi_sub_ui( h, skey->p, 1 );
|
||||
- mpi_fdiv_r( h, skey->d, h );
|
||||
- mpi_powm( m1, input, h, skey->p );
|
||||
- /* m2 = c ^ (d mod (q-1)) mod q */
|
||||
+ mpi_mul ( D_blind, h, r );
|
||||
+ mpi_fdiv_r ( h, skey->d, h );
|
||||
+ mpi_add ( D_blind, D_blind, h );
|
||||
+ mpi_powm( m1, input, D_blind, skey->p );
|
||||
+ /* d_blind = (d mod (q-1)) + (q-1) * r */
|
||||
+ /* m2 = c ^ d_blind mod q */
|
||||
+ _gcry_mpi_randomize (r, r_nbits, GCRY_WEAK_RANDOM);
|
||||
+ mpi_set_highbit (r, r_nbits - 1);
|
||||
mpi_sub_ui( h, skey->q, 1 );
|
||||
- mpi_fdiv_r( h, skey->d, h );
|
||||
- mpi_powm( m2, input, h, skey->q );
|
||||
+ mpi_mul ( D_blind, h, r );
|
||||
+ mpi_fdiv_r ( h, skey->d, h );
|
||||
+ mpi_add ( D_blind, D_blind, h );
|
||||
+ mpi_powm( m2, input, D_blind, skey->q );
|
||||
/* h = u * ( m2 - m1 ) mod q */
|
||||
mpi_sub( h, m2, m1 );
|
||||
if ( mpi_has_sign ( h ) )
|
||||
--
|
||||
2.11.0
|
||||
|
||||
|
||||
From b7c572550b8759f2b0e45ee72df0494700b26da1 Mon Sep 17 00:00:00 2001
|
||||
From: NIIBE Yutaka <gniibe@fsij.org>
|
||||
Date: Thu, 29 Jun 2017 12:36:27 +0900
|
||||
Subject: [PATCH 4/5] rsa: Fix exponent blinding.
|
||||
|
||||
* cipher/rsa.c (secret): Free D_BLIND.
|
||||
|
||||
--
|
||||
|
||||
Fixes-commit: a9f612def801c8145d551d995475e5d51a4c988c
|
||||
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
||||
---
|
||||
cipher/rsa.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/cipher/rsa.c b/cipher/rsa.c
|
||||
index d8658476..9474fe89 100644
|
||||
--- a/cipher/rsa.c
|
||||
+++ b/cipher/rsa.c
|
||||
@@ -760,6 +760,7 @@ secret (gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey )
|
||||
mpi_mul ( h, h, skey->p );
|
||||
mpi_add ( output, m1, h );
|
||||
|
||||
+ mpi_free ( D_blind );
|
||||
mpi_free ( h );
|
||||
mpi_free ( m1 );
|
||||
mpi_free ( m2 );
|
||||
--
|
||||
2.11.0
|
||||
|
||||
|
||||
From e5a5f14bdd8d6265f85264575a1f3c3307306849 Mon Sep 17 00:00:00 2001
|
||||
From: NIIBE Yutaka <gniibe@fsij.org>
|
||||
Date: Thu, 29 Jun 2017 12:40:19 +0900
|
||||
Subject: [PATCH 5/5] rsa: More fix.
|
||||
|
||||
* cipher/rsa.c (secret): Free R.
|
||||
|
||||
--
|
||||
|
||||
Fixes-commit: a9f612def801c8145d551d995475e5d51a4c988c
|
||||
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
||||
---
|
||||
cipher/rsa.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/cipher/rsa.c b/cipher/rsa.c
|
||||
index 9474fe89..b151b39f 100644
|
||||
--- a/cipher/rsa.c
|
||||
+++ b/cipher/rsa.c
|
||||
@@ -760,6 +760,7 @@ secret (gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey )
|
||||
mpi_mul ( h, h, skey->p );
|
||||
mpi_add ( output, m1, h );
|
||||
|
||||
+ mpi_free ( r );
|
||||
mpi_free ( D_blind );
|
||||
mpi_free ( h );
|
||||
mpi_free ( m1 );
|
||||
--
|
||||
2.11.0
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user