From patchwork Wed Jan 3 15:11:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Rini X-Patchwork-Id: 37329 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BA00DC3DA6E for ; Wed, 3 Jan 2024 15:11:55 +0000 (UTC) Received: from mail-oo1-f51.google.com (mail-oo1-f51.google.com [209.85.161.51]) by mx.groups.io with SMTP id smtpd.web10.19478.1704294710431999392 for ; Wed, 03 Jan 2024 07:11:50 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@konsulko.com header.s=google header.b=UM3c97TW; spf=pass (domain: konsulko.com, ip: 209.85.161.51, mailfrom: trini@konsulko.com) Received: by mail-oo1-f51.google.com with SMTP id 006d021491bc7-59426ca689cso5417192eaf.0 for ; Wed, 03 Jan 2024 07:11:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; t=1704294709; x=1704899509; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=iZLjTWof/pESKiMaxYj6jBD0X8YYEtT6sCjTgy0RBPY=; b=UM3c97TWkhfgKjmaIAjoOLSiMsxfVgA+ema9scJb3UkrK/KsQ3PfLanh3bwc4uY1BL qjkTAYbMiBoTMmtVA8WIjlO2y37dRrr0d7SOEkcmS8PcisE1BNRWails2m7LBWvc+umv Mp8JGKL77inPtm85Q0fOJtyWSOQ4LTH2KfFYc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704294709; x=1704899509; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=iZLjTWof/pESKiMaxYj6jBD0X8YYEtT6sCjTgy0RBPY=; b=EMGT6JWoCPbEHI3zgwlTn8V0L2R8AFpzOSlCcOKPUnJ6OSxqi7X+8L3c7QIj1pKOB/ 5K2rKrM45hL1soefd9MYZO3DAwsPcrJV0hm3d52hVfqqlCpE5bX87g++G38L6eBDKkyo 4b32WaghVIasIl+a//46bvhh+f6fmYyacvyHN9nbM1x9DfQRAWHfmuJyN71DztxXgUM+ EF3RhERNHhBR1XiIQNPVgwPrmURDQmPyN+ximMuiqqoyU2qp3eLZ8Al9BlyJTpfKEgnE 34dRRZne66z4qPGtZZxbt4qPOhAOzdwT+7eSvrFJsB3POydlEAa2A9uyzNf2POZ5rjOa 1blw== X-Gm-Message-State: AOJu0YyRS1FGEI9KfX42wSpv3d/9TxcSiROQHlRcGd17lYzfkbxfyEXR PjrrDBTCVatvJlf+3D+278qnWiEpF9YyrPZILkL5V45L1h0= X-Google-Smtp-Source: AGHT+IEe540ucBdF1e8dPXgnnqch6ts6DrRhQ8m9e4kwmn6/pD6aH2/wKx6n8R90Doqq7XuoB31bKA== X-Received: by 2002:a05:6358:3122:b0:174:cc6a:6a0b with SMTP id c34-20020a056358312200b00174cc6a6a0bmr18706468rwe.17.1704294708774; Wed, 03 Jan 2024 07:11:48 -0800 (PST) Received: from bill-the-cat.. (2603-6081-7b00-3119-0000-0000-0000-1005.res6.spectrum.com. [2603:6081:7b00:3119::1005]) by smtp.gmail.com with ESMTPSA id ff7-20020a05622a4d8700b00427f31cb30bsm7099783qtb.92.2024.01.03.07.11.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Jan 2024 07:11:48 -0800 (PST) From: Tom Rini To: openembedded-core@lists.openembedded.org Subject: [PATCH] inetutils: Update to the 2.5 release Date: Wed, 3 Jan 2024 10:11:47 -0500 Message-Id: <20240103151147.1043330-1-trini@konsulko.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 03 Jan 2024 15:11:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/193292 The update from 2.4 to 2.5 was almost something AUH could take care of. However, we had backported two patches to address CVE-2023-40303 and that threw off AUH. These changes are confirmed to be in 2.5, so drop them and update to 2.5. Signed-off-by: Tom Rini --- ...tpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch | 279 ------------------ ...03-Indent-changes-in-previous-commit.patch | 253 ---------------- .../{inetutils_2.4.bb => inetutils_2.5.bb} | 4 +- 3 files changed, 1 insertion(+), 535 deletions(-) delete mode 100644 meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch delete mode 100644 meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch rename meta/recipes-connectivity/inetutils/{inetutils_2.4.bb => inetutils_2.5.bb} (97%) diff --git a/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch b/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch deleted file mode 100644 index 70bd98897def..000000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch +++ /dev/null @@ -1,279 +0,0 @@ -From 703418fe9d2e3b1e8d594df5788d8001a8116265 Mon Sep 17 00:00:00 2001 -From: Jeffrey Bencteux -Date: Fri, 30 Jun 2023 19:02:45 +0200 -Subject: [PATCH] CVE-2023-40303: ftpd,rcp,rlogin,rsh,rshd,uucpd: fix: check - set*id() return values - -Several setuid(), setgid(), seteuid() and setguid() return values -were not checked in ftpd/rcp/rlogin/rsh/rshd/uucpd code potentially -leading to potential security issues. - -CVE: CVE-2023-40303 -Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6] -Signed-off-by: Jeffrey Bencteux -Signed-off-by: Simon Josefsson -Signed-off-by: Khem Raj ---- - ftpd/ftpd.c | 10 +++++++--- - src/rcp.c | 39 +++++++++++++++++++++++++++++++++------ - src/rlogin.c | 11 +++++++++-- - src/rsh.c | 25 +++++++++++++++++++++---- - src/rshd.c | 20 +++++++++++++++++--- - src/uucpd.c | 15 +++++++++++++-- - 6 files changed, 100 insertions(+), 20 deletions(-) - -diff --git a/ftpd/ftpd.c b/ftpd/ftpd.c -index 92b2cca5..28dd523f 100644 ---- a/ftpd/ftpd.c -+++ b/ftpd/ftpd.c -@@ -862,7 +862,9 @@ end_login (struct credentials *pcred) - char *remotehost = pcred->remotehost; - int atype = pcred->auth_type; - -- seteuid ((uid_t) 0); -+ if (seteuid ((uid_t) 0) == -1) -+ _exit (EXIT_FAILURE); -+ - if (pcred->logged_in) - { - logwtmp_keep_open (ttyline, "", ""); -@@ -1151,7 +1153,8 @@ getdatasock (const char *mode) - - if (data >= 0) - return fdopen (data, mode); -- seteuid ((uid_t) 0); -+ if (seteuid ((uid_t) 0) == -1) -+ _exit (EXIT_FAILURE); - s = socket (ctrl_addr.ss_family, SOCK_STREAM, 0); - if (s < 0) - goto bad; -@@ -1978,7 +1981,8 @@ passive (int epsv, int af) - else /* !AF_INET6 */ - ((struct sockaddr_in *) &pasv_addr)->sin_port = 0; - -- seteuid ((uid_t) 0); -+ if (seteuid ((uid_t) 0) == -1) -+ _exit (EXIT_FAILURE); - if (bind (pdata, (struct sockaddr *) &pasv_addr, pasv_addrlen) < 0) - { - if (seteuid ((uid_t) cred.uid)) -diff --git a/src/rcp.c b/src/rcp.c -index 75adb253..cdcf8500 100644 ---- a/src/rcp.c -+++ b/src/rcp.c -@@ -345,14 +345,23 @@ main (int argc, char *argv[]) - if (from_option) - { /* Follow "protocol", send data. */ - response (); -- setuid (userid); -+ -+ if (setuid (userid) == -1) -+ { -+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); -+ } -+ - source (argc, argv); - exit (errs); - } - - if (to_option) - { /* Receive data. */ -- setuid (userid); -+ if (setuid (userid) == -1) -+ { -+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); -+ } -+ - sink (argc, argv); - exit (errs); - } -@@ -537,7 +546,11 @@ toremote (char *targ, int argc, char *argv[]) - if (response () < 0) - exit (EXIT_FAILURE); - free (bp); -- setuid (userid); -+ -+ if (setuid (userid) == -1) -+ { -+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); -+ } - } - source (1, argv + i); - close (rem); -@@ -630,7 +643,12 @@ tolocal (int argc, char *argv[]) - ++errs; - continue; - } -- seteuid (userid); -+ -+ if (seteuid (userid) == -1) -+ { -+ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); -+ } -+ - #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT - sslen = sizeof (ss); - (void) getpeername (rem, (struct sockaddr *) &ss, &sslen); -@@ -643,7 +661,12 @@ tolocal (int argc, char *argv[]) - #endif - vect[0] = target; - sink (1, vect); -- seteuid (effuid); -+ -+ if (seteuid (effuid) == -1) -+ { -+ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); -+ } -+ - close (rem); - rem = -1; - #ifdef SHISHI -@@ -1441,7 +1464,11 @@ susystem (char *s, int userid) - return (127); - - case 0: -- setuid (userid); -+ if (setuid (userid) == -1) -+ { -+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); -+ } -+ - execl (PATH_BSHELL, "sh", "-c", s, NULL); - _exit (127); - } -diff --git a/src/rlogin.c b/src/rlogin.c -index aa6426fb..c543de0c 100644 ---- a/src/rlogin.c -+++ b/src/rlogin.c -@@ -647,8 +647,15 @@ try_connect: - /* Now change to the real user ID. We have to be set-user-ID root - to get the privileged port that rcmd () uses. We now want, however, - to run as the real user who invoked us. */ -- seteuid (uid); -- setuid (uid); -+ if (seteuid (uid) == -1) -+ { -+ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); -+ } -+ -+ if (setuid (uid) == -1) -+ { -+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); -+ } - - doit (&osmask); /* The old mask will activate SIGURG and SIGUSR1! */ - -diff --git a/src/rsh.c b/src/rsh.c -index 2d622ca4..6f60667d 100644 ---- a/src/rsh.c -+++ b/src/rsh.c -@@ -276,8 +276,17 @@ main (int argc, char **argv) - { - if (asrsh) - *argv = (char *) "rlogin"; -- seteuid (getuid ()); -- setuid (getuid ()); -+ -+ if (seteuid (getuid ()) == -1) -+ { -+ error (EXIT_FAILURE, errno, "seteuid() failed"); -+ } -+ -+ if (setuid (getuid ()) == -1) -+ { -+ error (EXIT_FAILURE, errno, "setuid() failed"); -+ } -+ - execv (PATH_RLOGIN, argv); - error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN); - } -@@ -541,8 +550,16 @@ try_connect: - error (0, errno, "setsockopt DEBUG (ignored)"); - } - -- seteuid (uid); -- setuid (uid); -+ if (seteuid (uid) == -1) -+ { -+ error (EXIT_FAILURE, errno, "seteuid() failed"); -+ } -+ -+ if (setuid (uid) == -1) -+ { -+ error (EXIT_FAILURE, errno, "setuid() failed"); -+ } -+ - #ifdef HAVE_SIGACTION - sigemptyset (&sigs); - sigaddset (&sigs, SIGINT); -diff --git a/src/rshd.c b/src/rshd.c -index d1c0d0cd..707790e7 100644 ---- a/src/rshd.c -+++ b/src/rshd.c -@@ -1847,8 +1847,18 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen) - pwd->pw_shell = PATH_BSHELL; - - /* Set the gid, then uid to become the user specified by "locuser" */ -- setegid ((gid_t) pwd->pw_gid); -- setgid ((gid_t) pwd->pw_gid); -+ if (setegid ((gid_t) pwd->pw_gid) == -1) -+ { -+ rshd_error ("Cannot drop privileges (setegid() failed)\n"); -+ exit (EXIT_FAILURE); -+ } -+ -+ if (setgid ((gid_t) pwd->pw_gid) == -1) -+ { -+ rshd_error ("Cannot drop privileges (setgid() failed)\n"); -+ exit (EXIT_FAILURE); -+ } -+ - #ifdef HAVE_INITGROUPS - initgroups (pwd->pw_name, pwd->pw_gid); /* BSD groups */ - #endif -@@ -1870,7 +1880,11 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen) - } - #endif /* WITH_PAM */ - -- setuid ((uid_t) pwd->pw_uid); -+ if (setuid ((uid_t) pwd->pw_uid) == -1) -+ { -+ rshd_error ("Cannot drop privileges (setuid() failed)\n"); -+ exit (EXIT_FAILURE); -+ } - - /* We'll execute the client's command in the home directory - * of locuser. Note, that the chdir must be executed after -diff --git a/src/uucpd.c b/src/uucpd.c -index 107589e1..29cfce35 100644 ---- a/src/uucpd.c -+++ b/src/uucpd.c -@@ -252,7 +252,12 @@ doit (struct sockaddr *sap, socklen_t salen) - snprintf (Username, sizeof (Username), "USER=%s", user); - snprintf (Logname, sizeof (Logname), "LOGNAME=%s", user); - dologin (pw, sap, salen); -- setgid (pw->pw_gid); -+ -+ if (setgid (pw->pw_gid) == -1) -+ { -+ fprintf (stderr, "setgid() failed"); -+ return; -+ } - #ifdef HAVE_INITGROUPS - initgroups (pw->pw_name, pw->pw_gid); - #endif -@@ -261,7 +266,13 @@ doit (struct sockaddr *sap, socklen_t salen) - fprintf (stderr, "Login incorrect."); - return; - } -- setuid (pw->pw_uid); -+ -+ if (setuid (pw->pw_uid) == -1) -+ { -+ fprintf (stderr, "setuid() failed"); -+ return; -+ } -+ - execl (uucico_location, "uucico", NULL); - perror ("uucico server: execl"); - } diff --git a/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch b/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch deleted file mode 100644 index 1b972aac292d..000000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch +++ /dev/null @@ -1,253 +0,0 @@ -From 70fe022f9dac760eaece0228cad17e3d29a57fb8 Mon Sep 17 00:00:00 2001 -From: Simon Josefsson -Date: Mon, 31 Jul 2023 13:59:05 +0200 -Subject: [PATCH] CVE-2023-40303: Indent changes in previous commit. - -CVE: CVE-2023-40303 -Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=9122999252c7e21eb7774de11d539748e7bdf46d] -Signed-off-by: Khem Raj ---- - src/rcp.c | 42 ++++++++++++++++++++++++------------------ - src/rlogin.c | 12 ++++++------ - src/rsh.c | 24 ++++++++++++------------ - src/rshd.c | 24 ++++++++++++------------ - src/uucpd.c | 16 ++++++++-------- - 5 files changed, 62 insertions(+), 56 deletions(-) - -diff --git a/src/rcp.c b/src/rcp.c -index cdcf8500..652f22e6 100644 ---- a/src/rcp.c -+++ b/src/rcp.c -@@ -347,9 +347,10 @@ main (int argc, char *argv[]) - response (); - - if (setuid (userid) == -1) -- { -- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); -- } -+ { -+ error (EXIT_FAILURE, 0, -+ "Could not drop privileges (setuid() failed)"); -+ } - - source (argc, argv); - exit (errs); -@@ -358,9 +359,10 @@ main (int argc, char *argv[]) - if (to_option) - { /* Receive data. */ - if (setuid (userid) == -1) -- { -- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); -- } -+ { -+ error (EXIT_FAILURE, 0, -+ "Could not drop privileges (setuid() failed)"); -+ } - - sink (argc, argv); - exit (errs); -@@ -548,9 +550,10 @@ toremote (char *targ, int argc, char *argv[]) - free (bp); - - if (setuid (userid) == -1) -- { -- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); -- } -+ { -+ error (EXIT_FAILURE, 0, -+ "Could not drop privileges (setuid() failed)"); -+ } - } - source (1, argv + i); - close (rem); -@@ -645,9 +648,10 @@ tolocal (int argc, char *argv[]) - } - - if (seteuid (userid) == -1) -- { -- error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); -- } -+ { -+ error (EXIT_FAILURE, 0, -+ "Could not drop privileges (seteuid() failed)"); -+ } - - #if defined IP_TOS && defined IPPROTO_IP && defined IPTOS_THROUGHPUT - sslen = sizeof (ss); -@@ -663,9 +667,10 @@ tolocal (int argc, char *argv[]) - sink (1, vect); - - if (seteuid (effuid) == -1) -- { -- error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); -- } -+ { -+ error (EXIT_FAILURE, 0, -+ "Could not drop privileges (seteuid() failed)"); -+ } - - close (rem); - rem = -1; -@@ -1465,9 +1470,10 @@ susystem (char *s, int userid) - - case 0: - if (setuid (userid) == -1) -- { -- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); -- } -+ { -+ error (EXIT_FAILURE, 0, -+ "Could not drop privileges (setuid() failed)"); -+ } - - execl (PATH_BSHELL, "sh", "-c", s, NULL); - _exit (127); -diff --git a/src/rlogin.c b/src/rlogin.c -index c543de0c..4360202f 100644 ---- a/src/rlogin.c -+++ b/src/rlogin.c -@@ -648,14 +648,14 @@ try_connect: - to get the privileged port that rcmd () uses. We now want, however, - to run as the real user who invoked us. */ - if (seteuid (uid) == -1) -- { -- error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); -- } -+ { -+ error (EXIT_FAILURE, 0, "Could not drop privileges (seteuid() failed)"); -+ } - - if (setuid (uid) == -1) -- { -- error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); -- } -+ { -+ error (EXIT_FAILURE, 0, "Could not drop privileges (setuid() failed)"); -+ } - - doit (&osmask); /* The old mask will activate SIGURG and SIGUSR1! */ - -diff --git a/src/rsh.c b/src/rsh.c -index 6f60667d..179b47cd 100644 ---- a/src/rsh.c -+++ b/src/rsh.c -@@ -278,14 +278,14 @@ main (int argc, char **argv) - *argv = (char *) "rlogin"; - - if (seteuid (getuid ()) == -1) -- { -- error (EXIT_FAILURE, errno, "seteuid() failed"); -- } -+ { -+ error (EXIT_FAILURE, errno, "seteuid() failed"); -+ } - - if (setuid (getuid ()) == -1) -- { -- error (EXIT_FAILURE, errno, "setuid() failed"); -- } -+ { -+ error (EXIT_FAILURE, errno, "setuid() failed"); -+ } - - execv (PATH_RLOGIN, argv); - error (EXIT_FAILURE, errno, "cannot execute %s", PATH_RLOGIN); -@@ -551,14 +551,14 @@ try_connect: - } - - if (seteuid (uid) == -1) -- { -- error (EXIT_FAILURE, errno, "seteuid() failed"); -- } -+ { -+ error (EXIT_FAILURE, errno, "seteuid() failed"); -+ } - - if (setuid (uid) == -1) -- { -- error (EXIT_FAILURE, errno, "setuid() failed"); -- } -+ { -+ error (EXIT_FAILURE, errno, "setuid() failed"); -+ } - - #ifdef HAVE_SIGACTION - sigemptyset (&sigs); -diff --git a/src/rshd.c b/src/rshd.c -index 707790e7..3a153a18 100644 ---- a/src/rshd.c -+++ b/src/rshd.c -@@ -1848,16 +1848,16 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen) - - /* Set the gid, then uid to become the user specified by "locuser" */ - if (setegid ((gid_t) pwd->pw_gid) == -1) -- { -- rshd_error ("Cannot drop privileges (setegid() failed)\n"); -- exit (EXIT_FAILURE); -- } -+ { -+ rshd_error ("Cannot drop privileges (setegid() failed)\n"); -+ exit (EXIT_FAILURE); -+ } - - if (setgid ((gid_t) pwd->pw_gid) == -1) -- { -- rshd_error ("Cannot drop privileges (setgid() failed)\n"); -- exit (EXIT_FAILURE); -- } -+ { -+ rshd_error ("Cannot drop privileges (setgid() failed)\n"); -+ exit (EXIT_FAILURE); -+ } - - #ifdef HAVE_INITGROUPS - initgroups (pwd->pw_name, pwd->pw_gid); /* BSD groups */ -@@ -1881,10 +1881,10 @@ doit (int sockfd, struct sockaddr *fromp, socklen_t fromlen) - #endif /* WITH_PAM */ - - if (setuid ((uid_t) pwd->pw_uid) == -1) -- { -- rshd_error ("Cannot drop privileges (setuid() failed)\n"); -- exit (EXIT_FAILURE); -- } -+ { -+ rshd_error ("Cannot drop privileges (setuid() failed)\n"); -+ exit (EXIT_FAILURE); -+ } - - /* We'll execute the client's command in the home directory - * of locuser. Note, that the chdir must be executed after -diff --git a/src/uucpd.c b/src/uucpd.c -index 29cfce35..fde7b9c9 100644 ---- a/src/uucpd.c -+++ b/src/uucpd.c -@@ -254,10 +254,10 @@ doit (struct sockaddr *sap, socklen_t salen) - dologin (pw, sap, salen); - - if (setgid (pw->pw_gid) == -1) -- { -- fprintf (stderr, "setgid() failed"); -- return; -- } -+ { -+ fprintf (stderr, "setgid() failed"); -+ return; -+ } - #ifdef HAVE_INITGROUPS - initgroups (pw->pw_name, pw->pw_gid); - #endif -@@ -268,10 +268,10 @@ doit (struct sockaddr *sap, socklen_t salen) - } - - if (setuid (pw->pw_uid) == -1) -- { -- fprintf (stderr, "setuid() failed"); -- return; -- } -+ { -+ fprintf (stderr, "setuid() failed"); -+ return; -+ } - - execl (uucico_location, "uucico", NULL); - perror ("uucico server: execl"); diff --git a/meta/recipes-connectivity/inetutils/inetutils_2.4.bb b/meta/recipes-connectivity/inetutils/inetutils_2.5.bb similarity index 97% rename from meta/recipes-connectivity/inetutils/inetutils_2.4.bb rename to meta/recipes-connectivity/inetutils/inetutils_2.5.bb index 957f1feac603..0f1a0736bd48 100644 --- a/meta/recipes-connectivity/inetutils/inetutils_2.4.bb +++ b/meta/recipes-connectivity/inetutils/inetutils_2.5.bb @@ -11,15 +11,13 @@ LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7" -SRC_URI[sha256sum] = "1789d6b1b1a57dfe2a7ab7b533ee9f5dfd9cbf5b59bb1bb3c2612ed08d0f68b2" +SRC_URI[sha256sum] = "87697d60a31e10b5cb86a9f0651e1ec7bee98320d048c0739431aac3d5764fb6" SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ file://rexec.xinetd.inetutils \ file://rlogin.xinetd.inetutils \ file://rsh.xinetd.inetutils \ file://telnet.xinetd.inetutils \ file://tftpd.xinetd.inetutils \ - file://0001-CVE-2023-40303-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-ch.patch \ - file://0002-CVE-2023-40303-Indent-changes-in-previous-commit.patch \ " inherit autotools gettext update-alternatives texinfo