From patchwork Sun Aug 14 22:20:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khem Raj X-Patchwork-Id: 11374 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 631FFC25B06 for ; Sun, 14 Aug 2022 22:20:47 +0000 (UTC) Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) by mx.groups.io with SMTP id smtpd.web11.10184.1660515641285300432 for ; Sun, 14 Aug 2022 15:20:41 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=H6M2aYNh; spf=pass (domain: gmail.com, ip: 209.85.210.176, mailfrom: raj.khem@gmail.com) Received: by mail-pf1-f176.google.com with SMTP id k14so5383786pfh.0 for ; Sun, 14 Aug 2022 15:20:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc; bh=7x2xT+WGWMVRrbUlb+Ur5A/wXjhGK4il64ZrTSPSMr4=; b=H6M2aYNhXZLYEtAU+W8R/J+Ekl6a/o6ocWubC78lEiTfR0deZKJTzy9UzNUvn+mt89 u37sEJaSSCdvaXTZkTCFvKUvIluFPoflhTWYffwgp1M0L2NVDwUjPCIFLznf2LfqSLJw cm9AHNtfEcHf1Tv9N6YMJAQtpga97REShUxjkliIHm7pND+SR5jjeHCW1vkpM5+yKghw yfApEXTOJ9qupsSyaL20LtuToNA/RWwXMYM9iYbUu0/ncGGdUMpFeoTqU1c4ca5U0WG8 lDYsbXjabRakS94KnCNpmHnnTQBY+il4TSWXOYapUm3xdtlwR+b3FFkTlN5mM2TDN8WF ohfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc; bh=7x2xT+WGWMVRrbUlb+Ur5A/wXjhGK4il64ZrTSPSMr4=; b=ZgjKBGljCgKUOLZ8eWlHBI+2W73s7CuxFA8Ak3Xu8GYH8923pH3N8yZxArs0RHBYeU 8Yn4OT45TWXKQCTdKvAVQnPIVJX5YYshxQjdkq0gepHWOSAyiX8soyEz+30YhQBCfjuR EdvHWRrYe8JkERQaVSbEWgJyYiaC6irfoKnOs6IjMs+qeOyJ/VFCX8gGbDYLo51S9xgV lXcaIPu28G2DImbPIi5lfrELbM1X35QnGSlrhZ1SOCZUZOT61R0S5IAwST2uScN2Sx1j JQOa+TIlhkQfq7FKdG2pdXRaRrrb0A7a1becCjHKq1RGUPQcxarsiGdr6Wi5O0nOlC2+ 9ZqQ== X-Gm-Message-State: ACgBeo1H9qHOgsQ5BY8s8PpWsXe1dbX5EyiAjK0HCHi8EzmmbhCF5r9j vXPCh9xAwX4v+gfYTWxT3FjFCEzdfHV/rQ== X-Google-Smtp-Source: AA6agR7iEEwchxpOYrkdyRuLPS489oHNcC9O73OzfXyg+CEPoUxMR5Su1/3Dv4lKlRA2zeQdy0RVOg== X-Received: by 2002:a05:6a00:114c:b0:528:2c7a:630e with SMTP id b12-20020a056a00114c00b005282c7a630emr13510147pfm.86.1660515640238; Sun, 14 Aug 2022 15:20:40 -0700 (PDT) Received: from apollo.hsd1.ca.comcast.net ([2601:646:9200:a0f0::bb7a]) by smtp.gmail.com with ESMTPSA id k15-20020a170902d58f00b0016d8b0dfd61sm5819502plh.178.2022.08.14.15.20.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 14 Aug 2022 15:20:39 -0700 (PDT) From: Khem Raj To: openembedded-core@lists.openembedded.org Cc: Khem Raj Subject: [PATCH 01/10] json-c: Fix function prototypes Date: Sun, 14 Aug 2022 15:20:28 -0700 Message-Id: <20220814222037.283943-1-raj.khem@gmail.com> X-Mailer: git-send-email 2.37.2 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 14 Aug 2022 22:20:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/169328 This is flagged with clang 15 Signed-off-by: Khem Raj --- .../json-c/0001-Fix-build-with-clang-15.patch | 34 +++++++++++++++++++ meta/recipes-devtools/json-c/json-c_0.16.bb | 2 +- 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-devtools/json-c/json-c/0001-Fix-build-with-clang-15.patch diff --git a/meta/recipes-devtools/json-c/json-c/0001-Fix-build-with-clang-15.patch b/meta/recipes-devtools/json-c/json-c/0001-Fix-build-with-clang-15.patch new file mode 100644 index 00000000000..215f4d829a2 --- /dev/null +++ b/meta/recipes-devtools/json-c/json-c/0001-Fix-build-with-clang-15.patch @@ -0,0 +1,34 @@ +From 0145b575ac1fe6a77e00d639864f26fc91ceb12f Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Sat, 13 Aug 2022 20:37:03 -0700 +Subject: [PATCH] Fix build with clang-15+ + +Fixes +json_util.c:63:35: error: a function declaration without a prototype is deprecated in all versions of C [-We +rror,-Wstrict-prototypes] +const char *json_util_get_last_err() + ^ + void + +Upstream-Status: Backport [https://github.com/json-c/json-c/pull/783] +Signed-off-by: Khem Raj +--- + json_util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/json_util.c b/json_util.c +index 952770a..83d9c68 100644 +--- a/json_util.c ++++ b/json_util.c +@@ -60,7 +60,7 @@ static int _json_object_to_fd(int fd, struct json_object *obj, int flags, const + + static char _last_err[256] = ""; + +-const char *json_util_get_last_err() ++const char *json_util_get_last_err(void) + { + if (_last_err[0] == '\0') + return NULL; +-- +2.37.2 + diff --git a/meta/recipes-devtools/json-c/json-c_0.16.bb b/meta/recipes-devtools/json-c/json-c_0.16.bb index 50431081bba..3aba41dfcf6 100644 --- a/meta/recipes-devtools/json-c/json-c_0.16.bb +++ b/meta/recipes-devtools/json-c/json-c_0.16.bb @@ -6,9 +6,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=de54b60fbbc35123ba193fea8ee216f2" SRC_URI = " \ https://s3.amazonaws.com/json-c_releases/releases/${BP}.tar.gz \ + file://0001-Fix-build-with-clang-15.patch \ file://run-ptest \ " - SRC_URI[sha256sum] = "8e45ac8f96ec7791eaf3bb7ee50e9c2100bbbc87b8d0f1d030c5ba8a0288d96b" UPSTREAM_CHECK_URI = "https://github.com/${BPN}/${BPN}/tags" From patchwork Sun Aug 14 22:20:29 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khem Raj X-Patchwork-Id: 11375 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6FEE8C25B0D for ; Sun, 14 Aug 2022 22:20:47 +0000 (UTC) Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) by mx.groups.io with SMTP id smtpd.web09.10140.1660515642596509675 for ; Sun, 14 Aug 2022 15:20:42 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=kEdrdy9R; spf=pass (domain: gmail.com, ip: 209.85.210.171, mailfrom: raj.khem@gmail.com) Received: by mail-pf1-f171.google.com with SMTP id d20so5358877pfq.5 for ; Sun, 14 Aug 2022 15:20:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc; bh=QyiukIExWnp8nn97eS2F1XSbzpCmeq+r0B0VtEFNhNw=; b=kEdrdy9RbJme6wmiu+tmH2BG9K8cu8GE3lmQpG3+xLAgu1VqyTEgkaT4mYR4YohmBw G5dFpVTFSo9y9ubYqgHVqyTLVExkvXfUczDM/iluo5Y+P5TOtQx0x4epuj/10iJj2BDl bnQmlOEIE1tjY1+PwZdIbYseKFwVM5S6hWWhwUC69TUfSJqijS9KDwpD0jf5nFKyq5Jz FBrcdZ1inlltfe038oiOD9L13VEnuMkbj6RV4f1PU7U/RSzz68t5k9BmvQJ8VlDY4VRa uuN0R7F9Fos0BlEkOGfTiEKdRi1QqnhbSuEHuns+HodBZ1YQc9X7S57ZpHNTOvXIrnsY FnWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc; bh=QyiukIExWnp8nn97eS2F1XSbzpCmeq+r0B0VtEFNhNw=; b=U7y2a8EeeVv66SHMuVdXv0POsyBZYkYJAbF4mSI7sAgpb2h946LoQh1VmBqUCXO8RJ KdVgUQvsm1vcShecq3DPgDV9YGjwmNsm1aTqfOjvqttY9nxHstCo6XhX9hLLEdm0SC1w 1eNbucE8ALR3pW7dx8Xb+DIohdNXUvgjpVSDhzmcsZsW+ZSZrYQGxV2gWYCm3tAe2Kv1 LaguYSQU0vhnl1Mi+Sirc6I5kmi72zbhS+M3UbSS+dDIDfnO3SHCtWguuS1l+Xoj5tnY M4W0z+R+DfLXTGa5HzEW9YSe5vE4TXTZjUkweZsM2GdzCLPHEKFUr16rcN0sTjDXGih7 5RwQ== X-Gm-Message-State: ACgBeo3Uhs7nU1fkuw+KiUIrZZeaSdt3PetXBygjliCRjcS3/WP8HCvw +MEZLkzewLtwgNSFt6D+ZW3ROwSkzVKNxA== X-Google-Smtp-Source: AA6agR5LJAP3iy28ZdgkYONaBmEQAIcfkWg8DQeJSLBFJyx26AT8r0QVn+XFBC+34TTb+gBqnGyiTw== X-Received: by 2002:a63:dd4b:0:b0:41d:e855:7137 with SMTP id g11-20020a63dd4b000000b0041de8557137mr11850368pgj.595.1660515641486; Sun, 14 Aug 2022 15:20:41 -0700 (PDT) Received: from apollo.hsd1.ca.comcast.net ([2601:646:9200:a0f0::bb7a]) by smtp.gmail.com with ESMTPSA id k15-20020a170902d58f00b0016d8b0dfd61sm5819502plh.178.2022.08.14.15.20.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 14 Aug 2022 15:20:40 -0700 (PDT) From: Khem Raj To: openembedded-core@lists.openembedded.org Cc: Khem Raj Subject: [PATCH 02/10] xmlto: Update to use upstream tip of trunk Date: Sun, 14 Aug 2022 15:20:29 -0700 Message-Id: <20220814222037.283943-2-raj.khem@gmail.com> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220814222037.283943-1-raj.khem@gmail.com> References: <20220814222037.283943-1-raj.khem@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 14 Aug 2022 22:20:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/169329 There are several fixes which are done to fix builds with newer compilers after 0.0.28 was releases in 2015 a long time ago. Add a patch to fix manpages builds not trying to access network during build Regenerate xmlif from lex files, before configuring the build Signed-off-by: Khem Raj --- .../0001-Skip-validating-xmlto-output.patch | 29 +++++++++++++++++++ ...rop-the-test-of-xmllint-and-xsltproc.patch | 6 ++-- meta/recipes-devtools/xmlto/xmlto_0.0.28.bb | 16 +++++++--- 3 files changed, 44 insertions(+), 7 deletions(-) create mode 100644 meta/recipes-devtools/xmlto/xmlto/0001-Skip-validating-xmlto-output.patch rename meta/recipes-devtools/xmlto/{xmlto-0.0.28 => xmlto}/configure.in-drop-the-test-of-xmllint-and-xsltproc.patch (91%) diff --git a/meta/recipes-devtools/xmlto/xmlto/0001-Skip-validating-xmlto-output.patch b/meta/recipes-devtools/xmlto/xmlto/0001-Skip-validating-xmlto-output.patch new file mode 100644 index 00000000000..e1c24aba4ab --- /dev/null +++ b/meta/recipes-devtools/xmlto/xmlto/0001-Skip-validating-xmlto-output.patch @@ -0,0 +1,29 @@ +From 3deb7a0eded04ab08a9cb2d88526cb1c7b440061 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Sun, 14 Aug 2022 00:23:29 -0700 +Subject: [PATCH] Skip validating xmlto output + +Avoids network access + +Upstream-Status: Pending +Signed-off-by: Khem Raj +--- + Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.am b/Makefile.am +index 50fa279..6a2da62 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -68,7 +68,7 @@ EXTRA_DIST = xmlto.spec \ + doc/xmlif.xml \ + xmlto.mak + +-GEN_MANPAGE = FORMAT_DIR=$(top_srcdir)/format $(BASH) ./xmlto -o $(@D) man $< ++GEN_MANPAGE = FORMAT_DIR=$(top_srcdir)/format $(BASH) ./xmlto --skip-validation -o $(@D) man $< + man/man1/xmlto.1: doc/xmlto.xml ; $(GEN_MANPAGE) + man/man1/xmlif.1: doc/xmlif.xml ; $(GEN_MANPAGE) + +-- +2.37.2 + diff --git a/meta/recipes-devtools/xmlto/xmlto-0.0.28/configure.in-drop-the-test-of-xmllint-and-xsltproc.patch b/meta/recipes-devtools/xmlto/xmlto/configure.in-drop-the-test-of-xmllint-and-xsltproc.patch similarity index 91% rename from meta/recipes-devtools/xmlto/xmlto-0.0.28/configure.in-drop-the-test-of-xmllint-and-xsltproc.patch rename to meta/recipes-devtools/xmlto/xmlto/configure.in-drop-the-test-of-xmllint-and-xsltproc.patch index 6d547a6c994..7cc3cbe0fb2 100644 --- a/meta/recipes-devtools/xmlto/xmlto-0.0.28/configure.in-drop-the-test-of-xmllint-and-xsltproc.patch +++ b/meta/recipes-devtools/xmlto/xmlto/configure.in-drop-the-test-of-xmllint-and-xsltproc.patch @@ -9,9 +9,9 @@ Signed-off-by: Hongxu Jia configure.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -diff --git a/configure.in b/configure.in ---- a/configure.in -+++ b/configure.in +diff --git a/configure.ac b/configure.ac +--- a/configure.ac ++++ b/configure.ac @@ -42,10 +42,10 @@ AC_ARG_VAR([LOCALE], [Name and path of the `locale' program.]) AC_PATH_PROG([LOCALE], [locale], [locale]) diff --git a/meta/recipes-devtools/xmlto/xmlto_0.0.28.bb b/meta/recipes-devtools/xmlto/xmlto_0.0.28.bb index 5cb9a4c57be..dcb760dd930 100644 --- a/meta/recipes-devtools/xmlto/xmlto_0.0.28.bb +++ b/meta/recipes-devtools/xmlto/xmlto_0.0.28.bb @@ -6,17 +6,21 @@ LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552" -SRC_URI = "https://releases.pagure.org/xmlto/xmlto-${PV}.tar.gz \ +SRCREV = "6fa6a0e07644f20abf2596f78a60112713e11cbe" + +SRC_URI = "git://pagure.io/xmlto.git;protocol=https;branch=master \ file://configure.in-drop-the-test-of-xmllint-and-xsltproc.patch \ + file://0001-Skip-validating-xmlto-output.patch \ " -SRC_URI[md5sum] = "a1fefad9d83499a15576768f60f847c6" -SRC_URI[sha256sum] = "2f986b7c9a0e9ac6728147668e776d405465284e13c74d4146c9cbc51fd8aad3" +S = "${WORKDIR}/git" + +PV .= "+0.0.29+git${SRCPV}" inherit autotools CLEANBROKEN = "1" -DEPENDS = "libxml2-native" +DEPENDS = "libxml2-native libxslt-native flex-native docbook-xml-dtd4-native docbook-xsl-stylesheets-native" RDEPENDS:${PN} = "docbook-xml-dtd4 \ docbook-xsl-stylesheets \ @@ -36,6 +40,10 @@ BBCLASSEXTEND = "native" EXTRA_OECONF:append = " BASH=/bin/bash GCP=/bin/cp XMLLINT=xmllint XSLTPROC=xsltproc" +do_configure:prepend() { + flex -o ${S}/xmlif/xmlif.c ${S}/xmlif/xmlif.l +} + do_install:append:class-native() { create_wrapper ${D}${bindir}/xmlto XML_CATALOG_FILES=${sysconfdir}/xml/catalog } From patchwork Sun Aug 14 22:20:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khem Raj X-Patchwork-Id: 11373 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 70196C28B2B for ; Sun, 14 Aug 2022 22:20:47 +0000 (UTC) Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by mx.groups.io with SMTP id smtpd.web09.10141.1660515643981272276 for ; Sun, 14 Aug 2022 15:20:44 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=YciNNb2m; spf=pass (domain: gmail.com, ip: 209.85.210.173, mailfrom: raj.khem@gmail.com) Received: by mail-pf1-f173.google.com with SMTP id y141so5358016pfb.7 for ; Sun, 14 Aug 2022 15:20:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc; bh=Bsh2V94MHizmHMhmKOs74z/IHzcIkouIwkrfH6nI5+0=; b=YciNNb2mgmq6DI6vzi553+7LS5nRXrhqvutYBPwcLIBPd8TNZfYpKhWS5FkAUirmMb 0D9bW4OBpWOz8GmiHEN5owOjj16g2L60tonyad15zcqEJmLNT8anC7GosHis5FzAOkwk THs2nVaJvuQD3KBHQm6yahzlrWjNCaazNzG22Eo6EhVxDJ/seCqZ0rhBmZj6iNeeeJmK 9B7bYmnrN4rn7KyV3xlRerDPKuHMHRjo5ayBFA75vLfeRrRkR3ZoTYqdTNk19mTP2MlZ xB+FvQ9mpL62EY6zSrdwKj/R2WCUTWia4GYywxx0PCgIh7E+mPfg+KA6UtC4jV69zCgt y7JA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc; bh=Bsh2V94MHizmHMhmKOs74z/IHzcIkouIwkrfH6nI5+0=; b=H+tdKrJVM2cNY/ljDMw6Z9L+Tiy8XNwCqowJ1lALlJsXGgbHbWs8cC4hENH0hdkwQj 2gy9m+hCKBkEDzc6vDC582d36/z1EES42fWeclyKbrbDE1kAlU8GCuhrhCecmVp/l09I 0aPWrl3G0deg+0UvwUgxpgYL+kxI81+rbGG8whQX99/ZlVkD9s7OZhr8EIWFz1Jkl95z mBpiYxOyO8KUwjRlLI/TkWn3EjV4Vm3TwK9u6EKf5nOr4vaQE2YxOuQyueQKuYLrIga0 uh7LUI4gujfk5lhOXtaZNcJaC7Ik3OfeGPffb3pxB/Oats4QFgwYjNNq9Y0+lXQvD7YK ViNg== X-Gm-Message-State: ACgBeo1cTZ/KuJUg74HHvG8e6aXwTffUwZFAzNV3DrlGypgM/AJC3KLH Vcd+Oz5PZueeGTpZp9AtPFWzERvAEP1vdQ== X-Google-Smtp-Source: AA6agR41DD/NIK8YhR1CdaFZgTCObeHWRdTsEpUBDbufaZ6/1X9ckAchtGM3+l+rg41QDGMIo8/h6g== X-Received: by 2002:a05:6a00:138a:b0:52d:979a:b640 with SMTP id t10-20020a056a00138a00b0052d979ab640mr13642445pfg.8.1660515642861; Sun, 14 Aug 2022 15:20:42 -0700 (PDT) Received: from apollo.hsd1.ca.comcast.net ([2601:646:9200:a0f0::bb7a]) by smtp.gmail.com with ESMTPSA id k15-20020a170902d58f00b0016d8b0dfd61sm5819502plh.178.2022.08.14.15.20.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 14 Aug 2022 15:20:41 -0700 (PDT) From: Khem Raj To: openembedded-core@lists.openembedded.org Cc: Khem Raj Subject: [PATCH 03/10] zlib: Resolve CVE-2022-37434 Date: Sun, 14 Aug 2022 15:20:30 -0700 Message-Id: <20220814222037.283943-3-raj.khem@gmail.com> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220814222037.283943-1-raj.khem@gmail.com> References: <20220814222037.283943-1-raj.khem@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 14 Aug 2022 22:20:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/169330 This is only seen in development branch as per [1] [1] https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1#commitcomment-80753451 CVE: CVE-2022-37434 Signed-off-by: Khem Raj --- meta/recipes-core/zlib/zlib_1.2.12.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta/recipes-core/zlib/zlib_1.2.12.bb b/meta/recipes-core/zlib/zlib_1.2.12.bb index 77e7a4937fa..d3e0f25295d 100644 --- a/meta/recipes-core/zlib/zlib_1.2.12.bb +++ b/meta/recipes-core/zlib/zlib_1.2.12.bb @@ -17,6 +17,10 @@ UPSTREAM_CHECK_URI = "http://zlib.net/" SRC_URI[sha256sum] = "7db46b8d7726232a621befaab4a1c870f00a90805511c0e0090441dac57def18" +# 1.2.12 or any other released zlib version does not have this issue see +# https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1#commitcomment-80801182 +CVE_CHECK_IGNORE += "CVE-2022-37434" + CFLAGS += "-D_REENTRANT" RDEPENDS:${PN}-ptest += "make" From patchwork Sun Aug 14 22:20:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khem Raj X-Patchwork-Id: 11371 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 63F05C3F6B0 for ; Sun, 14 Aug 2022 22:20:47 +0000 (UTC) Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by mx.groups.io with SMTP id smtpd.web08.10086.1660515645756781214 for ; Sun, 14 Aug 2022 15:20:45 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=VHdpEXaD; spf=pass (domain: gmail.com, ip: 209.85.210.174, mailfrom: raj.khem@gmail.com) Received: by mail-pf1-f174.google.com with SMTP id f28so5378910pfk.1 for ; Sun, 14 Aug 2022 15:20:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc; bh=mqYqAYCNrSSlrD1AYKlysebUkF1wrduP7xnIOy344Gg=; b=VHdpEXaDTU0+GSkUbORQz5OJLWsUSce8wEipNhq6Zw0a11z72lA4E/VFMhhxqzkIzm VKUPljm6FMSkV/fjxpT6vRmdPcMrBsnPBky8PPNw6SCzu/wWPPgRErskxtqQzt+HqJo6 l/XEJCYnsjdbrnAc9k+UVBCbGYRe7s9NeUdCJWbqWMlLd5Hu0HX3lOO9LNiAPGzVNBJm rRXv06qWg1dQB13pNL1kk87CHkw/XogU5O82Up5UkL6fLGjtO04nb55Jy933nniWnU/N AZxU//BF0nLeJNUVCzcvSM2jxqNe8dSbe4KIZwqAQcTaYYB/3R4p9PlKry2usMFYu9kP FN5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc; bh=mqYqAYCNrSSlrD1AYKlysebUkF1wrduP7xnIOy344Gg=; b=jQFc9rCZMjL1CSgs3uouAhmg3CKs+F5f5ctFIRRAd77nymKv9ncBrTnKqMKNSwEmAf esWtk1c6gNhpx6Lwob5zsugHjliCa77pY2OpyL5z8BgsWnxvaMJElwCBvpnHvRqWE0Fk XWhbwf19UfJ2/9c3XAW196IXIn9sRV6yJctsGoWhOHysuinYhWyf716i6N+pBdSIC9w1 E2v2XhnFjxJymg24asJS8o1D/uqNGzcjk/KzME1PlSUbE6IFNkJRxnhlgAoK/eiZRgXI /EFkQJI588hYRhG1jSMjwMM+lXg/rxZBmnd1DGVxCZ+CTcK2zocz9Fs3ROgAFq4lt/vf bikA== X-Gm-Message-State: ACgBeo241R6f/ui+cTsXPQWlGlXTYzkKuBOBqVw89+mKyYpK9NfpZvJ+ 0yPw8O7B5ZjFAfv1kWgviVEwRTjvOC7hhg== X-Google-Smtp-Source: AA6agR4c8X8QxRYDIp+Z2Cvcv0kAWoFRevutamgCMS7DutgGPG5o/n+TmdpbG5MGsGzEtXP06UuArg== X-Received: by 2002:a63:4b4a:0:b0:427:bbb0:110e with SMTP id k10-20020a634b4a000000b00427bbb0110emr4770339pgl.397.1660515644127; Sun, 14 Aug 2022 15:20:44 -0700 (PDT) Received: from apollo.hsd1.ca.comcast.net ([2601:646:9200:a0f0::bb7a]) by smtp.gmail.com with ESMTPSA id k15-20020a170902d58f00b0016d8b0dfd61sm5819502plh.178.2022.08.14.15.20.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 14 Aug 2022 15:20:43 -0700 (PDT) From: Khem Raj To: openembedded-core@lists.openembedded.org Cc: Khem Raj Subject: [PATCH 04/10] rsync: Backport fix to address CVE-2022-29154 Date: Sun, 14 Aug 2022 15:20:31 -0700 Message-Id: <20220814222037.283943-4-raj.khem@gmail.com> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220814222037.283943-1-raj.khem@gmail.com> References: <20220814222037.283943-1-raj.khem@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 14 Aug 2022 22:20:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/169331 CVE: CVE-2022-29154 Signed-off-by: Khem Raj --- .../rsync/files/CVE-2022-29154.patch | 372 ++++++++++++++++++ meta/recipes-devtools/rsync/rsync_3.2.4.bb | 1 + 2 files changed, 373 insertions(+) create mode 100644 meta/recipes-devtools/rsync/files/CVE-2022-29154.patch diff --git a/meta/recipes-devtools/rsync/files/CVE-2022-29154.patch b/meta/recipes-devtools/rsync/files/CVE-2022-29154.patch new file mode 100644 index 00000000000..e43b092ea89 --- /dev/null +++ b/meta/recipes-devtools/rsync/files/CVE-2022-29154.patch @@ -0,0 +1,372 @@ +From b7231c7d02cfb65d291af74ff66e7d8c507ee871 Mon Sep 17 00:00:00 2001 +From: Wayne Davison +Date: Sun, 31 Jul 2022 16:55:34 -0700 +Subject: [PATCH] Some extra file-list safety checks. + +Upstream-Status: Backport [https://github.com/WayneD/rsync/commit/b7231c7d02cfb65d291af74ff66e7d8c507ee871] +CVE: CVE-2022-29154 +Signed-off-by: Khem Raj +--- + exclude.c | 130 ++++++++++++++++++++++++++++++++++++++++++++++++++++- + flist.c | 17 ++++++- + io.c | 4 ++ + main.c | 7 ++- + receiver.c | 11 +++-- + rsync.1.md | 44 ++++++++++++++++-- + 6 files changed, 202 insertions(+), 11 deletions(-) + +--- a/exclude.c ++++ b/exclude.c +@@ -27,16 +27,22 @@ extern int am_server; + extern int am_sender; + extern int eol_nulls; + extern int io_error; ++extern int xfer_dirs; ++extern int recurse; + extern int local_server; + extern int prune_empty_dirs; + extern int ignore_perishable; ++extern int old_style_args; ++extern int relative_paths; + extern int delete_mode; + extern int delete_excluded; + extern int cvs_exclude; + extern int sanitize_paths; + extern int protocol_version; ++extern int list_only; + extern int module_id; + ++extern char *filesfrom_host; + extern char curr_dir[MAXPATHLEN]; + extern unsigned int curr_dir_len; + extern unsigned int module_dirlen; +@@ -44,8 +50,10 @@ extern unsigned int module_dirlen; + filter_rule_list filter_list = { .debug_type = "" }; + filter_rule_list cvs_filter_list = { .debug_type = " [global CVS]" }; + filter_rule_list daemon_filter_list = { .debug_type = " [daemon]" }; ++filter_rule_list implied_filter_list = { .debug_type = " [implied]" }; + + int saw_xattr_filter = 0; ++int trust_sender_filter = 0; + + /* Need room enough for ":MODS " prefix plus some room to grow. */ + #define MAX_RULE_PREFIX (16) +@@ -292,6 +300,125 @@ static void add_rule(filter_rule_list *l + } + } + ++/* Each arg the client sends to the remote sender turns into an implied include ++ * that the receiver uses to validate the file list from the sender. */ ++void add_implied_include(const char *arg) ++{ ++ filter_rule *rule; ++ int arg_len, saw_wild = 0, backslash_cnt = 0; ++ int slash_cnt = 1; /* We know we're adding a leading slash. */ ++ const char *cp; ++ char *p; ++ if (old_style_args || list_only || filesfrom_host != NULL) ++ return; ++ if (relative_paths) { ++ cp = strstr(arg, "/./"); ++ if (cp) ++ arg = cp+3; ++ } else { ++ if ((cp = strrchr(arg, '/')) != NULL) ++ arg = cp + 1; ++ } ++ arg_len = strlen(arg); ++ if (arg_len) { ++ if (strpbrk(arg, "*[?")) { ++ /* We need to add room to escape backslashes if wildcard chars are present. */ ++ cp = arg; ++ while ((cp = strchr(cp, '\\')) != NULL) { ++ arg_len++; ++ cp++; ++ } ++ saw_wild = 1; ++ } ++ arg_len++; /* Leave room for the prefixed slash */ ++ rule = new0(filter_rule); ++ if (!implied_filter_list.head) ++ implied_filter_list.head = implied_filter_list.tail = rule; ++ else { ++ rule->next = implied_filter_list.head; ++ implied_filter_list.head = rule; ++ } ++ rule->rflags = FILTRULE_INCLUDE + (saw_wild ? FILTRULE_WILD : 0); ++ p = rule->pattern = new_array(char, arg_len + 1); ++ *p++ = '/'; ++ cp = arg; ++ while (*cp) { ++ switch (*cp) { ++ case '\\': ++ backslash_cnt++; ++ if (saw_wild) ++ *p++ = '\\'; ++ *p++ = *cp++; ++ break; ++ case '/': ++ if (p[-1] == '/') /* This is safe because of the initial slash. */ ++ break; ++ if (relative_paths) { ++ filter_rule const *ent; ++ int found = 0; ++ *p = '\0'; ++ for (ent = implied_filter_list.head; ent; ent = ent->next) { ++ if (ent != rule && strcmp(ent->pattern, rule->pattern) == 0) ++ found = 1; ++ } ++ if (!found) { ++ filter_rule *R_rule = new0(filter_rule); ++ R_rule->rflags = FILTRULE_INCLUDE + (saw_wild ? FILTRULE_WILD : 0); ++ R_rule->pattern = strdup(rule->pattern); ++ R_rule->u.slash_cnt = slash_cnt; ++ R_rule->next = implied_filter_list.head; ++ implied_filter_list.head = R_rule; ++ } ++ } ++ slash_cnt++; ++ *p++ = *cp++; ++ break; ++ default: ++ *p++ = *cp++; ++ break; ++ } ++ } ++ *p = '\0'; ++ rule->u.slash_cnt = slash_cnt; ++ arg = (const char *)rule->pattern; ++ } ++ ++ if (recurse || xfer_dirs) { ++ /* Now create a rule with an added "/" & "**" or "*" at the end */ ++ rule = new0(filter_rule); ++ if (recurse) ++ rule->rflags = FILTRULE_INCLUDE | FILTRULE_WILD | FILTRULE_WILD2; ++ else ++ rule->rflags = FILTRULE_INCLUDE | FILTRULE_WILD; ++ /* A +4 in the len leaves enough room for / * * \0 or / * \0 \0 */ ++ if (!saw_wild && backslash_cnt) { ++ /* We are appending a wildcard, so now the backslashes need to be escaped. */ ++ p = rule->pattern = new_array(char, arg_len + backslash_cnt + 3 + 1); ++ cp = arg; ++ while (*cp) { ++ if (*cp == '\\') ++ *p++ = '\\'; ++ *p++ = *cp++; ++ } ++ } else { ++ p = rule->pattern = new_array(char, arg_len + 3 + 1); ++ if (arg_len) { ++ memcpy(p, arg, arg_len); ++ p += arg_len; ++ } ++ } ++ if (p[-1] != '/') ++ *p++ = '/'; ++ *p++ = '*'; ++ if (recurse) ++ *p++ = '*'; ++ *p = '\0'; ++ rule->u.slash_cnt = slash_cnt + 1; ++ rule->next = implied_filter_list.head; ++ implied_filter_list.head = rule; ++ } ++} ++ + /* This frees any non-inherited items, leaving just inherited items on the list. */ + static void pop_filter_list(filter_rule_list *listp) + { +@@ -718,7 +845,7 @@ static void report_filter_result(enum lo + : name_flags & NAME_IS_DIR ? "directory" + : "file"; + rprintf(code, "[%s] %sing %s %s because of pattern %s%s%s\n", +- w, actions[*w!='s'][!(ent->rflags & FILTRULE_INCLUDE)], ++ w, actions[*w=='g'][!(ent->rflags & FILTRULE_INCLUDE)], + t, name, ent->pattern, + ent->rflags & FILTRULE_DIRECTORY ? "/" : "", type); + } +@@ -890,6 +1017,7 @@ static filter_rule *parse_rule_tok(const + } + switch (ch) { + case ':': ++ trust_sender_filter = 1; + rule->rflags |= FILTRULE_PERDIR_MERGE + | FILTRULE_FINISH_SETUP; + /* FALL THROUGH */ +--- a/flist.c ++++ b/flist.c +@@ -73,6 +73,7 @@ extern int need_unsorted_flist; + extern int sender_symlink_iconv; + extern int output_needs_newline; + extern int sender_keeps_checksum; ++extern int trust_sender_filter; + extern int unsort_ndx; + extern uid_t our_uid; + extern struct stats stats; +@@ -83,8 +84,7 @@ extern char curr_dir[MAXPATHLEN]; + + extern struct chmod_mode_struct *chmod_modes; + +-extern filter_rule_list filter_list; +-extern filter_rule_list daemon_filter_list; ++extern filter_rule_list filter_list, implied_filter_list, daemon_filter_list; + + #ifdef ICONV_OPTION + extern int filesfrom_convert; +@@ -986,6 +986,19 @@ static struct file_struct *recv_file_ent + exit_cleanup(RERR_UNSUPPORTED); + } + ++ if (*thisname != '.' || thisname[1] != '\0') { ++ int filt_flags = S_ISDIR(mode) ? NAME_IS_DIR : NAME_IS_FILE; ++ if (!trust_sender_filter /* a per-dir filter rule means we must trust the sender's filtering */ ++ && filter_list.head && check_filter(&filter_list, FINFO, thisname, filt_flags) < 0) { ++ rprintf(FERROR, "ERROR: rejecting excluded file-list name: %s\n", thisname); ++ exit_cleanup(RERR_PROTOCOL); ++ } ++ if (implied_filter_list.head && check_filter(&implied_filter_list, FINFO, thisname, filt_flags) <= 0) { ++ rprintf(FERROR, "ERROR: rejecting unrequested file-list name: %s\n", thisname); ++ exit_cleanup(RERR_PROTOCOL); ++ } ++ } ++ + if (inc_recurse && S_ISDIR(mode)) { + if (one_file_system) { + /* Room to save the dir's device for -x */ +--- a/io.c ++++ b/io.c +@@ -419,6 +419,7 @@ static void forward_filesfrom_data(void) + while (s != eob) { + if (*s++ == '\0') { + ff_xb.len = s - sob - 1; ++ add_implied_include(sob); + if (iconvbufs(ic_send, &ff_xb, &iobuf.out, flags) < 0) + exit_cleanup(RERR_PROTOCOL); /* impossible? */ + write_buf(iobuf.out_fd, s-1, 1); /* Send the '\0'. */ +@@ -450,9 +451,12 @@ static void forward_filesfrom_data(void) + char *f = ff_xb.buf + ff_xb.pos; + char *t = ff_xb.buf; + char *eob = f + len; ++ char *cur = t; + /* Eliminate any multi-'\0' runs. */ + while (f != eob) { + if (!(*t++ = *f++)) { ++ add_implied_include(cur); ++ cur = t; + while (f != eob && *f == '\0') + f++; + } +--- a/main.c ++++ b/main.c +@@ -89,6 +89,7 @@ extern int backup_dir_len; + extern int basis_dir_cnt; + extern int default_af_hint; + extern int stdout_format_has_i; ++extern int trust_sender_filter; + extern struct stats stats; + extern char *stdout_format; + extern char *logfile_format; +@@ -104,7 +105,7 @@ extern char curr_dir[MAXPATHLEN]; + extern char backup_dir_buf[MAXPATHLEN]; + extern char *basis_dir[MAX_BASIS_DIRS+1]; + extern struct file_list *first_flist; +-extern filter_rule_list daemon_filter_list; ++extern filter_rule_list daemon_filter_list, implied_filter_list; + + uid_t our_uid; + gid_t our_gid; +@@ -635,6 +636,7 @@ static pid_t do_cmd(char *cmd, char *mac + #ifdef ICONV_CONST + setup_iconv(); + #endif ++ trust_sender_filter = 1; + } else if (local_server) { + /* If the user didn't request --[no-]whole-file, force + * it on, but only if we're not batch processing. */ +@@ -1500,6 +1502,8 @@ static int start_client(int argc, char * + char *dummy_host; + int dummy_port = rsync_port; + int i; ++ if (filesfrom_fd < 0) ++ add_implied_include(remote_argv[0]); + /* For remote source, any extra source args must have either + * the same hostname or an empty hostname. */ + for (i = 1; i < remote_argc; i++) { +@@ -1523,6 +1527,7 @@ static int start_client(int argc, char * + if (!rsync_port && !*arg) /* Turn an empty arg into a dot dir. */ + arg = "."; + remote_argv[i] = arg; ++ add_implied_include(arg); + } + } + +--- a/receiver.c ++++ b/receiver.c +@@ -593,10 +593,13 @@ int recv_files(int f_in, int f_out, char + if (DEBUG_GTE(RECV, 1)) + rprintf(FINFO, "recv_files(%s)\n", fname); + +- if (daemon_filter_list.head && (*fname != '.' || fname[1] != '\0') +- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) { +- rprintf(FERROR, "attempt to hack rsync failed.\n"); +- exit_cleanup(RERR_PROTOCOL); ++ if (daemon_filter_list.head && (*fname != '.' || fname[1] != '\0')) { ++ int filt_flags = S_ISDIR(file->mode) ? NAME_IS_DIR : NAME_IS_FILE; ++ if (check_filter(&daemon_filter_list, FLOG, fname, filt_flags) < 0) { ++ rprintf(FERROR, "ERROR: rejecting file transfer request for daemon excluded file: %s\n", ++ fname); ++ exit_cleanup(RERR_PROTOCOL); ++ } + } + + #ifdef SUPPORT_XATTRS +--- a/rsync.1.md ++++ b/rsync.1.md +@@ -154,6 +154,33 @@ rsync daemon by leaving off the module n + + See the following section for more details. + ++## MULTI-HOST SECURITY ++ ++Rsync takes steps to ensure that the file requests that are shared in a ++transfer are protected against various security issues. Most of the potential ++problems arise on the receiving side where rsync takes steps to ensure that the ++list of files being transferred remains within the bounds of what was ++requested. ++ ++Toward this end, rsync 3.1.2 and later have aborted when a file list contains ++an absolute or relative path that tries to escape out of the top of the ++transfer. Also, beginning with version 3.2.5, rsync does two more safety ++checks of the file list to (1) ensure that no extra source arguments were added ++into the transfer other than those that the client requested and (2) ensure ++that the file list obeys the exclude rules that we sent to the sender. ++ ++For those that don't yet have a 3.2.5 client rsync, it is safest to do a copy ++into a dedicated destination directory for the remote files rather than ++requesting the remote content get mixed in with other local content. For ++example, doing an rsync copy into your home directory is potentially unsafe on ++an older rsync if the remote rsync is being controlled by a bad actor: ++ ++> rsync -aiv host1:dir1 ~ ++ ++A safer command would be: ++ ++> rsync -aiv host1:dir1 ~/host1-files ++ + ## ADVANCED USAGE + + The syntax for requesting multiple files from a remote host is done by +@@ -2323,6 +2350,12 @@ your home directory (remove the '=' for + behavior. The environment is always overridden by manually specified + positive or negative options (the negative is `--no-old-args`). + ++ Note that this option also disables the extra safety check added in 3.2.5 ++ that ensures that a remote sender isn't including extra top-level items in ++ the file-list that you didn't request. This side-effect is necessary ++ because we can't know for sure what names to expect when the remote shell ++ is interpreting the args. ++ + This option conflicts with the [`--protect-args`](#opt) option. + + 0. `--protect-args`, `-s` diff --git a/meta/recipes-devtools/rsync/rsync_3.2.4.bb b/meta/recipes-devtools/rsync/rsync_3.2.4.bb index e6f917b5cdc..711e97002d2 100644 --- a/meta/recipes-devtools/rsync/rsync_3.2.4.bb +++ b/meta/recipes-devtools/rsync/rsync_3.2.4.bb @@ -14,6 +14,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ file://rsyncd.conf \ file://makefile-no-rebuild.patch \ file://determism.patch \ + file://CVE-2022-29154.patch \ " SRC_URI[sha256sum] = "6f761838d08052b0b6579cf7f6737d93e47f01f4da04c5d24d3447b7f2a5fad1" From patchwork Sun Aug 14 22:20:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khem Raj X-Patchwork-Id: 11372 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 652B4C25B0F for ; Sun, 14 Aug 2022 22:20:47 +0000 (UTC) Received: from mail-pj1-f44.google.com (mail-pj1-f44.google.com [209.85.216.44]) by mx.groups.io with SMTP id smtpd.web10.10110.1660515646404099418 for ; Sun, 14 Aug 2022 15:20:46 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=mUvrbWp0; spf=pass (domain: gmail.com, ip: 209.85.216.44, mailfrom: raj.khem@gmail.com) Received: by mail-pj1-f44.google.com with SMTP id gp7so5524200pjb.4 for ; Sun, 14 Aug 2022 15:20:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc; bh=++BXk3+cGizI4SGrV7sv4xW/eegaP2aT/CMNT2fsWfo=; b=mUvrbWp0LcdRmLgfDUfQI5QyHlJYe6/ctiyQjo31NZ4vDbL7oqgO2elNjy+r6IGOfU vesA+efNmemKBFMHellk9wttSDV2x7wsd0JzJ1JbyuoaOJG/uqt84PcDqQP/bK+UeDcE cLS9Zf9/T2TmptOgrV48K1nF8k4aQVHJ7Ehe6Loeupy0rxw/99I+0whUUGQcNKR0B+eb SRNDriPU1BQeNIJWQgewJszvgvxdGuVoIotGlugS0U/38ipw1gG13BTOAzxsgo1G6lV8 ZBhy8ytrXS8PL5lQdcUJWtdV6Qpwe6Z8BKt+p5rbA2tkNBtIK8Oq0f+U8i2ZQ6jklMFv 4Img== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc; bh=++BXk3+cGizI4SGrV7sv4xW/eegaP2aT/CMNT2fsWfo=; b=ah2WcsIId631QsOZdyxNGahauvWdOCJPAAuGKOlI+LA/ZLmHtU5uTYrmxdk+2C6EVO cpOqLOYq/43Y6oUf/89LqZ4pAFondB6Y49uEmU+43VSwWJMZztle4j6PY4IZSuHB41Sl gWN4X547VHRMy95EvOG4I9PlOJaCFSUnL24yUYDTXGxAxGtbTsK1hJV2JNC1wizEgfio kZkuEK0qkjclv+KkRJ7PHq3uR7i2GBRVcl6Ug243cVx/r4xKl98DcDYFPwPlQVIez7K7 GgY0aUjxMSqQsvleDPQ8/1ACQtUjnj9mTK3aGsvp2SFT+R2YXVxm6OefIiIHQUI8nJoB inMg== X-Gm-Message-State: ACgBeo38EqbD9M11a3JwNkqMww0B9cijBrVl2ZFnyVPRcJbywmMGQqtO OWa/JX4gruq4Gn40K9rkWcB2BD2dCdb+Fg== X-Google-Smtp-Source: AA6agR4JdpWu4Xep+K3wmDg8fUoMCNKJZPmq0ZQucX/KP2mHXHAa44d466qkcSw5AE880oD6bGj4uw== X-Received: by 2002:a17:902:c408:b0:16d:c48d:978e with SMTP id k8-20020a170902c40800b0016dc48d978emr14174476plk.70.1660515645156; Sun, 14 Aug 2022 15:20:45 -0700 (PDT) Received: from apollo.hsd1.ca.comcast.net ([2601:646:9200:a0f0::bb7a]) by smtp.gmail.com with ESMTPSA id k15-20020a170902d58f00b0016d8b0dfd61sm5819502plh.178.2022.08.14.15.20.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 14 Aug 2022 15:20:44 -0700 (PDT) From: Khem Raj To: openembedded-core@lists.openembedded.org Cc: Khem Raj Subject: [PATCH 05/10] rsync: Upgrade to 3.2.5 Date: Sun, 14 Aug 2022 15:20:32 -0700 Message-Id: <20220814222037.283943-5-raj.khem@gmail.com> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220814222037.283943-1-raj.khem@gmail.com> References: <20220814222037.283943-1-raj.khem@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 14 Aug 2022 22:20:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/169332 Changlog is here [1] [1] https://download.samba.org/pub/rsync/NEWS#3.2.5 Signed-off-by: Khem Raj --- .../rsync/files/CVE-2022-29154.patch | 372 ------------------ .../rsync/{rsync_3.2.4.bb => rsync_3.2.5.bb} | 4 +- 2 files changed, 1 insertion(+), 375 deletions(-) delete mode 100644 meta/recipes-devtools/rsync/files/CVE-2022-29154.patch rename meta/recipes-devtools/rsync/{rsync_3.2.4.bb => rsync_3.2.5.bb} (95%) diff --git a/meta/recipes-devtools/rsync/files/CVE-2022-29154.patch b/meta/recipes-devtools/rsync/files/CVE-2022-29154.patch deleted file mode 100644 index e43b092ea89..00000000000 --- a/meta/recipes-devtools/rsync/files/CVE-2022-29154.patch +++ /dev/null @@ -1,372 +0,0 @@ -From b7231c7d02cfb65d291af74ff66e7d8c507ee871 Mon Sep 17 00:00:00 2001 -From: Wayne Davison -Date: Sun, 31 Jul 2022 16:55:34 -0700 -Subject: [PATCH] Some extra file-list safety checks. - -Upstream-Status: Backport [https://github.com/WayneD/rsync/commit/b7231c7d02cfb65d291af74ff66e7d8c507ee871] -CVE: CVE-2022-29154 -Signed-off-by: Khem Raj ---- - exclude.c | 130 ++++++++++++++++++++++++++++++++++++++++++++++++++++- - flist.c | 17 ++++++- - io.c | 4 ++ - main.c | 7 ++- - receiver.c | 11 +++-- - rsync.1.md | 44 ++++++++++++++++-- - 6 files changed, 202 insertions(+), 11 deletions(-) - ---- a/exclude.c -+++ b/exclude.c -@@ -27,16 +27,22 @@ extern int am_server; - extern int am_sender; - extern int eol_nulls; - extern int io_error; -+extern int xfer_dirs; -+extern int recurse; - extern int local_server; - extern int prune_empty_dirs; - extern int ignore_perishable; -+extern int old_style_args; -+extern int relative_paths; - extern int delete_mode; - extern int delete_excluded; - extern int cvs_exclude; - extern int sanitize_paths; - extern int protocol_version; -+extern int list_only; - extern int module_id; - -+extern char *filesfrom_host; - extern char curr_dir[MAXPATHLEN]; - extern unsigned int curr_dir_len; - extern unsigned int module_dirlen; -@@ -44,8 +50,10 @@ extern unsigned int module_dirlen; - filter_rule_list filter_list = { .debug_type = "" }; - filter_rule_list cvs_filter_list = { .debug_type = " [global CVS]" }; - filter_rule_list daemon_filter_list = { .debug_type = " [daemon]" }; -+filter_rule_list implied_filter_list = { .debug_type = " [implied]" }; - - int saw_xattr_filter = 0; -+int trust_sender_filter = 0; - - /* Need room enough for ":MODS " prefix plus some room to grow. */ - #define MAX_RULE_PREFIX (16) -@@ -292,6 +300,125 @@ static void add_rule(filter_rule_list *l - } - } - -+/* Each arg the client sends to the remote sender turns into an implied include -+ * that the receiver uses to validate the file list from the sender. */ -+void add_implied_include(const char *arg) -+{ -+ filter_rule *rule; -+ int arg_len, saw_wild = 0, backslash_cnt = 0; -+ int slash_cnt = 1; /* We know we're adding a leading slash. */ -+ const char *cp; -+ char *p; -+ if (old_style_args || list_only || filesfrom_host != NULL) -+ return; -+ if (relative_paths) { -+ cp = strstr(arg, "/./"); -+ if (cp) -+ arg = cp+3; -+ } else { -+ if ((cp = strrchr(arg, '/')) != NULL) -+ arg = cp + 1; -+ } -+ arg_len = strlen(arg); -+ if (arg_len) { -+ if (strpbrk(arg, "*[?")) { -+ /* We need to add room to escape backslashes if wildcard chars are present. */ -+ cp = arg; -+ while ((cp = strchr(cp, '\\')) != NULL) { -+ arg_len++; -+ cp++; -+ } -+ saw_wild = 1; -+ } -+ arg_len++; /* Leave room for the prefixed slash */ -+ rule = new0(filter_rule); -+ if (!implied_filter_list.head) -+ implied_filter_list.head = implied_filter_list.tail = rule; -+ else { -+ rule->next = implied_filter_list.head; -+ implied_filter_list.head = rule; -+ } -+ rule->rflags = FILTRULE_INCLUDE + (saw_wild ? FILTRULE_WILD : 0); -+ p = rule->pattern = new_array(char, arg_len + 1); -+ *p++ = '/'; -+ cp = arg; -+ while (*cp) { -+ switch (*cp) { -+ case '\\': -+ backslash_cnt++; -+ if (saw_wild) -+ *p++ = '\\'; -+ *p++ = *cp++; -+ break; -+ case '/': -+ if (p[-1] == '/') /* This is safe because of the initial slash. */ -+ break; -+ if (relative_paths) { -+ filter_rule const *ent; -+ int found = 0; -+ *p = '\0'; -+ for (ent = implied_filter_list.head; ent; ent = ent->next) { -+ if (ent != rule && strcmp(ent->pattern, rule->pattern) == 0) -+ found = 1; -+ } -+ if (!found) { -+ filter_rule *R_rule = new0(filter_rule); -+ R_rule->rflags = FILTRULE_INCLUDE + (saw_wild ? FILTRULE_WILD : 0); -+ R_rule->pattern = strdup(rule->pattern); -+ R_rule->u.slash_cnt = slash_cnt; -+ R_rule->next = implied_filter_list.head; -+ implied_filter_list.head = R_rule; -+ } -+ } -+ slash_cnt++; -+ *p++ = *cp++; -+ break; -+ default: -+ *p++ = *cp++; -+ break; -+ } -+ } -+ *p = '\0'; -+ rule->u.slash_cnt = slash_cnt; -+ arg = (const char *)rule->pattern; -+ } -+ -+ if (recurse || xfer_dirs) { -+ /* Now create a rule with an added "/" & "**" or "*" at the end */ -+ rule = new0(filter_rule); -+ if (recurse) -+ rule->rflags = FILTRULE_INCLUDE | FILTRULE_WILD | FILTRULE_WILD2; -+ else -+ rule->rflags = FILTRULE_INCLUDE | FILTRULE_WILD; -+ /* A +4 in the len leaves enough room for / * * \0 or / * \0 \0 */ -+ if (!saw_wild && backslash_cnt) { -+ /* We are appending a wildcard, so now the backslashes need to be escaped. */ -+ p = rule->pattern = new_array(char, arg_len + backslash_cnt + 3 + 1); -+ cp = arg; -+ while (*cp) { -+ if (*cp == '\\') -+ *p++ = '\\'; -+ *p++ = *cp++; -+ } -+ } else { -+ p = rule->pattern = new_array(char, arg_len + 3 + 1); -+ if (arg_len) { -+ memcpy(p, arg, arg_len); -+ p += arg_len; -+ } -+ } -+ if (p[-1] != '/') -+ *p++ = '/'; -+ *p++ = '*'; -+ if (recurse) -+ *p++ = '*'; -+ *p = '\0'; -+ rule->u.slash_cnt = slash_cnt + 1; -+ rule->next = implied_filter_list.head; -+ implied_filter_list.head = rule; -+ } -+} -+ - /* This frees any non-inherited items, leaving just inherited items on the list. */ - static void pop_filter_list(filter_rule_list *listp) - { -@@ -718,7 +845,7 @@ static void report_filter_result(enum lo - : name_flags & NAME_IS_DIR ? "directory" - : "file"; - rprintf(code, "[%s] %sing %s %s because of pattern %s%s%s\n", -- w, actions[*w!='s'][!(ent->rflags & FILTRULE_INCLUDE)], -+ w, actions[*w=='g'][!(ent->rflags & FILTRULE_INCLUDE)], - t, name, ent->pattern, - ent->rflags & FILTRULE_DIRECTORY ? "/" : "", type); - } -@@ -890,6 +1017,7 @@ static filter_rule *parse_rule_tok(const - } - switch (ch) { - case ':': -+ trust_sender_filter = 1; - rule->rflags |= FILTRULE_PERDIR_MERGE - | FILTRULE_FINISH_SETUP; - /* FALL THROUGH */ ---- a/flist.c -+++ b/flist.c -@@ -73,6 +73,7 @@ extern int need_unsorted_flist; - extern int sender_symlink_iconv; - extern int output_needs_newline; - extern int sender_keeps_checksum; -+extern int trust_sender_filter; - extern int unsort_ndx; - extern uid_t our_uid; - extern struct stats stats; -@@ -83,8 +84,7 @@ extern char curr_dir[MAXPATHLEN]; - - extern struct chmod_mode_struct *chmod_modes; - --extern filter_rule_list filter_list; --extern filter_rule_list daemon_filter_list; -+extern filter_rule_list filter_list, implied_filter_list, daemon_filter_list; - - #ifdef ICONV_OPTION - extern int filesfrom_convert; -@@ -986,6 +986,19 @@ static struct file_struct *recv_file_ent - exit_cleanup(RERR_UNSUPPORTED); - } - -+ if (*thisname != '.' || thisname[1] != '\0') { -+ int filt_flags = S_ISDIR(mode) ? NAME_IS_DIR : NAME_IS_FILE; -+ if (!trust_sender_filter /* a per-dir filter rule means we must trust the sender's filtering */ -+ && filter_list.head && check_filter(&filter_list, FINFO, thisname, filt_flags) < 0) { -+ rprintf(FERROR, "ERROR: rejecting excluded file-list name: %s\n", thisname); -+ exit_cleanup(RERR_PROTOCOL); -+ } -+ if (implied_filter_list.head && check_filter(&implied_filter_list, FINFO, thisname, filt_flags) <= 0) { -+ rprintf(FERROR, "ERROR: rejecting unrequested file-list name: %s\n", thisname); -+ exit_cleanup(RERR_PROTOCOL); -+ } -+ } -+ - if (inc_recurse && S_ISDIR(mode)) { - if (one_file_system) { - /* Room to save the dir's device for -x */ ---- a/io.c -+++ b/io.c -@@ -419,6 +419,7 @@ static void forward_filesfrom_data(void) - while (s != eob) { - if (*s++ == '\0') { - ff_xb.len = s - sob - 1; -+ add_implied_include(sob); - if (iconvbufs(ic_send, &ff_xb, &iobuf.out, flags) < 0) - exit_cleanup(RERR_PROTOCOL); /* impossible? */ - write_buf(iobuf.out_fd, s-1, 1); /* Send the '\0'. */ -@@ -450,9 +451,12 @@ static void forward_filesfrom_data(void) - char *f = ff_xb.buf + ff_xb.pos; - char *t = ff_xb.buf; - char *eob = f + len; -+ char *cur = t; - /* Eliminate any multi-'\0' runs. */ - while (f != eob) { - if (!(*t++ = *f++)) { -+ add_implied_include(cur); -+ cur = t; - while (f != eob && *f == '\0') - f++; - } ---- a/main.c -+++ b/main.c -@@ -89,6 +89,7 @@ extern int backup_dir_len; - extern int basis_dir_cnt; - extern int default_af_hint; - extern int stdout_format_has_i; -+extern int trust_sender_filter; - extern struct stats stats; - extern char *stdout_format; - extern char *logfile_format; -@@ -104,7 +105,7 @@ extern char curr_dir[MAXPATHLEN]; - extern char backup_dir_buf[MAXPATHLEN]; - extern char *basis_dir[MAX_BASIS_DIRS+1]; - extern struct file_list *first_flist; --extern filter_rule_list daemon_filter_list; -+extern filter_rule_list daemon_filter_list, implied_filter_list; - - uid_t our_uid; - gid_t our_gid; -@@ -635,6 +636,7 @@ static pid_t do_cmd(char *cmd, char *mac - #ifdef ICONV_CONST - setup_iconv(); - #endif -+ trust_sender_filter = 1; - } else if (local_server) { - /* If the user didn't request --[no-]whole-file, force - * it on, but only if we're not batch processing. */ -@@ -1500,6 +1502,8 @@ static int start_client(int argc, char * - char *dummy_host; - int dummy_port = rsync_port; - int i; -+ if (filesfrom_fd < 0) -+ add_implied_include(remote_argv[0]); - /* For remote source, any extra source args must have either - * the same hostname or an empty hostname. */ - for (i = 1; i < remote_argc; i++) { -@@ -1523,6 +1527,7 @@ static int start_client(int argc, char * - if (!rsync_port && !*arg) /* Turn an empty arg into a dot dir. */ - arg = "."; - remote_argv[i] = arg; -+ add_implied_include(arg); - } - } - ---- a/receiver.c -+++ b/receiver.c -@@ -593,10 +593,13 @@ int recv_files(int f_in, int f_out, char - if (DEBUG_GTE(RECV, 1)) - rprintf(FINFO, "recv_files(%s)\n", fname); - -- if (daemon_filter_list.head && (*fname != '.' || fname[1] != '\0') -- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) { -- rprintf(FERROR, "attempt to hack rsync failed.\n"); -- exit_cleanup(RERR_PROTOCOL); -+ if (daemon_filter_list.head && (*fname != '.' || fname[1] != '\0')) { -+ int filt_flags = S_ISDIR(file->mode) ? NAME_IS_DIR : NAME_IS_FILE; -+ if (check_filter(&daemon_filter_list, FLOG, fname, filt_flags) < 0) { -+ rprintf(FERROR, "ERROR: rejecting file transfer request for daemon excluded file: %s\n", -+ fname); -+ exit_cleanup(RERR_PROTOCOL); -+ } - } - - #ifdef SUPPORT_XATTRS ---- a/rsync.1.md -+++ b/rsync.1.md -@@ -154,6 +154,33 @@ rsync daemon by leaving off the module n - - See the following section for more details. - -+## MULTI-HOST SECURITY -+ -+Rsync takes steps to ensure that the file requests that are shared in a -+transfer are protected against various security issues. Most of the potential -+problems arise on the receiving side where rsync takes steps to ensure that the -+list of files being transferred remains within the bounds of what was -+requested. -+ -+Toward this end, rsync 3.1.2 and later have aborted when a file list contains -+an absolute or relative path that tries to escape out of the top of the -+transfer. Also, beginning with version 3.2.5, rsync does two more safety -+checks of the file list to (1) ensure that no extra source arguments were added -+into the transfer other than those that the client requested and (2) ensure -+that the file list obeys the exclude rules that we sent to the sender. -+ -+For those that don't yet have a 3.2.5 client rsync, it is safest to do a copy -+into a dedicated destination directory for the remote files rather than -+requesting the remote content get mixed in with other local content. For -+example, doing an rsync copy into your home directory is potentially unsafe on -+an older rsync if the remote rsync is being controlled by a bad actor: -+ -+> rsync -aiv host1:dir1 ~ -+ -+A safer command would be: -+ -+> rsync -aiv host1:dir1 ~/host1-files -+ - ## ADVANCED USAGE - - The syntax for requesting multiple files from a remote host is done by -@@ -2323,6 +2350,12 @@ your home directory (remove the '=' for - behavior. The environment is always overridden by manually specified - positive or negative options (the negative is `--no-old-args`). - -+ Note that this option also disables the extra safety check added in 3.2.5 -+ that ensures that a remote sender isn't including extra top-level items in -+ the file-list that you didn't request. This side-effect is necessary -+ because we can't know for sure what names to expect when the remote shell -+ is interpreting the args. -+ - This option conflicts with the [`--protect-args`](#opt) option. - - 0. `--protect-args`, `-s` diff --git a/meta/recipes-devtools/rsync/rsync_3.2.4.bb b/meta/recipes-devtools/rsync/rsync_3.2.5.bb similarity index 95% rename from meta/recipes-devtools/rsync/rsync_3.2.4.bb rename to meta/recipes-devtools/rsync/rsync_3.2.5.bb index 711e97002d2..a1ba5ea44d1 100644 --- a/meta/recipes-devtools/rsync/rsync_3.2.4.bb +++ b/meta/recipes-devtools/rsync/rsync_3.2.5.bb @@ -14,10 +14,8 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ file://rsyncd.conf \ file://makefile-no-rebuild.patch \ file://determism.patch \ - file://CVE-2022-29154.patch \ " - -SRC_URI[sha256sum] = "6f761838d08052b0b6579cf7f6737d93e47f01f4da04c5d24d3447b7f2a5fad1" +SRC_URI[sha256sum] = "2ac4d21635cdf791867bc377c35ca6dda7f50d919a58be45057fd51600c69aba" # -16548 required for v3.1.3pre1. Already in v3.1.3. CVE_CHECK_IGNORE += " CVE-2017-16548 " From patchwork Sun Aug 14 22:20:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khem Raj X-Patchwork-Id: 11379 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 50014C3F6B0 for ; Sun, 14 Aug 2022 22:20:57 +0000 (UTC) Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com [209.85.216.48]) by mx.groups.io with SMTP id smtpd.web12.10109.1660515647609139292 for ; Sun, 14 Aug 2022 15:20:47 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=IYfNRWSY; spf=pass (domain: gmail.com, ip: 209.85.216.48, mailfrom: raj.khem@gmail.com) Received: by mail-pj1-f48.google.com with SMTP id pm17so5523295pjb.3 for ; Sun, 14 Aug 2022 15:20:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc; bh=mgbPkLP/xtpn7b2UYHmTqNa2h5Dq7HfzGDH3+xKYGwI=; b=IYfNRWSYsjg1+DbZ/TBvFk5L7CNZzvqoz/tCg60doovKjY2SRcguU8EbwRqj9FKetg Ob5CibPq4i+ZZVsA67jea/Ucj7u/7KFuu9PlSS9hUu4AgklD9CVBmoWT9DE0L07TkwV5 trV5HD1S2dWIIfPbqvlIoxfTq4FWiiSSdutC+9PN8ff8nOvi4SsyycjyaNbeMayAO1FY yQWD352tyIsHB8BWVurmJ/zSSy4Xn9Aa9i5zTFmO7L7/CcE9r3pceMtcuCumI2k3EpBh WD/h6F62RRy4IY0Ap9V1q8x1qvxyBBP+laNfSwwno02m0MJIA8xmOFwP+0HIjxSsV97L 0WtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc; bh=mgbPkLP/xtpn7b2UYHmTqNa2h5Dq7HfzGDH3+xKYGwI=; b=LU1zC/uXcRGmFvhCQq7vWDjenhBY9hKFTqyVeZZqSrvpEsVnxyVeqIjQaLh08y8FWC SAYsn/7lgmVpPgJHqWyKxXXmpuZJkaWMsFJiKHyJTIuSrzzjkBAwWYc5sVdoQ/91sEr/ yad5vFQOaoxGy0QYLKc3IyBsmFMBjtAioc8JUSbKTUxkHS7CCxPI4YMyOTUSn/ZCFQ9k CrpAOv3wTW7WENUDXSbmQXpVZaYUGD5BdF6QxDiU+jJU2YdBDSTHGfySjmDnP3qkcvk9 G1PgmjwExG0dsnRQFSN/zNpuSo4LWohDwQPK5EXgtNJiChgrHurpVGoiAoxXQ4RUo3od qg8A== X-Gm-Message-State: ACgBeo2qQ3brobOdovyDL5MBLEoJeSRq8Ls9nUbynqvTKnvbkD4ii7de KOySRJYBaNJw23BET+lvOq9pZu3IFQ7/RQ== X-Google-Smtp-Source: AA6agR55jK0g7sZhGzzgoJOeDFaQiSRG41Zs5BUlcidHIpxFg996BHreT95z77NiDjKOw0SFT5LmLw== X-Received: by 2002:a17:903:11c9:b0:172:6ea1:b727 with SMTP id q9-20020a17090311c900b001726ea1b727mr2304156plh.78.1660515646600; Sun, 14 Aug 2022 15:20:46 -0700 (PDT) Received: from apollo.hsd1.ca.comcast.net ([2601:646:9200:a0f0::bb7a]) by smtp.gmail.com with ESMTPSA id k15-20020a170902d58f00b0016d8b0dfd61sm5819502plh.178.2022.08.14.15.20.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 14 Aug 2022 15:20:45 -0700 (PDT) From: Khem Raj To: openembedded-core@lists.openembedded.org Cc: Khem Raj Subject: [PATCH 06/10] connman: Backports for security fixes Date: Sun, 14 Aug 2022 15:20:33 -0700 Message-Id: <20220814222037.283943-6-raj.khem@gmail.com> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220814222037.283943-1-raj.khem@gmail.com> References: <20220814222037.283943-1-raj.khem@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 14 Aug 2022 22:20:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/169333 Fixes CVE: CVE-2022-32292, CVE-2022-32293 Signed-off-by: Khem Raj --- .../connman/connman/CVE-2022-32292.patch | 37 ++++ .../connman/connman/CVE-2022-32293_p1.patch | 174 ++++++++++++++++++ .../connman/connman/CVE-2022-32293_p2.patch | 141 ++++++++++++++ .../connman/connman_1.41.bb | 3 + 4 files changed, 355 insertions(+) create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2022-32293_p1.patch create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2022-32293_p2.patch diff --git a/meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch b/meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch new file mode 100644 index 00000000000..182c5ca29c2 --- /dev/null +++ b/meta/recipes-connectivity/connman/connman/CVE-2022-32292.patch @@ -0,0 +1,37 @@ +From d1a5ede5d255bde8ef707f8441b997563b9312bd Mon Sep 17 00:00:00 2001 +From: Nathan Crandall +Date: Tue, 12 Jul 2022 08:56:34 +0200 +Subject: gweb: Fix OOB write in received_data() + +There is a mismatch of handling binary vs. C-string data with memchr +and strlen, resulting in pos, count, and bytes_read to become out of +sync and result in a heap overflow. Instead, do not treat the buffer +as an ASCII C-string. We calculate the count based on the return value +of memchr, instead of strlen. + +Fixes: CVE-2022-32292 + +CVE: CVE-2022-32292 + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d1a5ede5d255bde8ef707f8441b997563b9312bd] +Signed-off-by: Khem Raj +--- + gweb/gweb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gweb/gweb.c b/gweb/gweb.c +index 12fcb1d8..13c6c5f2 100644 +--- a/gweb/gweb.c ++++ b/gweb/gweb.c +@@ -918,7 +918,7 @@ static gboolean received_data(GIOChannel *channel, GIOCondition cond, + } + + *pos = '\0'; +- count = strlen((char *) ptr); ++ count = pos - ptr; + if (count > 0 && ptr[count - 1] == '\r') { + ptr[--count] = '\0'; + bytes_read--; +-- +cgit + diff --git a/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p1.patch b/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p1.patch new file mode 100644 index 00000000000..56f8fc82de9 --- /dev/null +++ b/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p1.patch @@ -0,0 +1,174 @@ +From 416bfaff988882c553c672e5bfc2d4f648d29e8a Mon Sep 17 00:00:00 2001 +From: Daniel Wagner +Date: Tue, 5 Jul 2022 09:11:09 +0200 +Subject: wispr: Update portal context references + +Maintain proper portal context references to avoid UAF. + +Fixes: CVE-2022-32293 +CVE: CVE-2022-32293 +Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=72343929836de80727a27d6744c869dff045757c] +Signed-off-by: Khem Raj +--- + src/wispr.c | 34 ++++++++++++++++++++++------------ + 1 file changed, 22 insertions(+), 12 deletions(-) + +diff --git a/src/wispr.c b/src/wispr.c +index bde7e63b..84bed33f 100644 +--- a/src/wispr.c ++++ b/src/wispr.c +@@ -105,8 +105,6 @@ static bool enable_online_to_ready_transition = false; + + static void connman_wispr_message_init(struct connman_wispr_message *msg) + { +- DBG(""); +- + msg->has_error = false; + msg->current_element = NULL; + +@@ -166,8 +164,6 @@ static void free_wispr_routes(struct connman_wispr_portal_context *wp_context) + static void free_connman_wispr_portal_context( + struct connman_wispr_portal_context *wp_context) + { +- DBG("context %p", wp_context); +- + if (wp_context->wispr_portal) { + if (wp_context->wispr_portal->ipv4_context == wp_context) + wp_context->wispr_portal->ipv4_context = NULL; +@@ -483,9 +479,6 @@ static void portal_manage_status(GWebResult *result, + &str)) + connman_info("Client-Timezone: %s", str); + +- if (!enable_online_to_ready_transition) +- wispr_portal_context_unref(wp_context); +- + __connman_service_ipconfig_indicate_state(service, + CONNMAN_SERVICE_STATE_ONLINE, type); + +@@ -546,14 +539,17 @@ static void wispr_portal_request_portal( + { + DBG(""); + ++ wispr_portal_context_ref(wp_context); + wp_context->request_id = g_web_request_get(wp_context->web, + wp_context->status_url, + wispr_portal_web_result, + wispr_route_request, + wp_context); + +- if (wp_context->request_id == 0) ++ if (wp_context->request_id == 0) { + wispr_portal_error(wp_context); ++ wispr_portal_context_unref(wp_context); ++ } + } + + static bool wispr_input(const guint8 **data, gsize *length, +@@ -618,13 +614,15 @@ static void wispr_portal_browser_reply_cb(struct connman_service *service, + return; + + if (!authentication_done) { +- wispr_portal_error(wp_context); + free_wispr_routes(wp_context); ++ wispr_portal_error(wp_context); ++ wispr_portal_context_unref(wp_context); + return; + } + + /* Restarting the test */ + __connman_service_wispr_start(service, wp_context->type); ++ wispr_portal_context_unref(wp_context); + } + + static void wispr_portal_request_wispr_login(struct connman_service *service, +@@ -700,11 +698,13 @@ static bool wispr_manage_message(GWebResult *result, + + wp_context->wispr_result = CONNMAN_WISPR_RESULT_LOGIN; + ++ wispr_portal_context_ref(wp_context); + if (__connman_agent_request_login_input(wp_context->service, + wispr_portal_request_wispr_login, +- wp_context) != -EINPROGRESS) ++ wp_context) != -EINPROGRESS) { + wispr_portal_error(wp_context); +- else ++ wispr_portal_context_unref(wp_context); ++ } else + return true; + + break; +@@ -753,6 +753,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) + if (length > 0) { + g_web_parser_feed_data(wp_context->wispr_parser, + chunk, length); ++ wispr_portal_context_unref(wp_context); + return true; + } + +@@ -770,6 +771,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) + + switch (status) { + case 000: ++ wispr_portal_context_ref(wp_context); + __connman_agent_request_browser(wp_context->service, + wispr_portal_browser_reply_cb, + wp_context->status_url, wp_context); +@@ -781,11 +783,14 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) + if (g_web_result_get_header(result, "X-ConnMan-Status", + &str)) { + portal_manage_status(result, wp_context); ++ wispr_portal_context_unref(wp_context); + return false; +- } else ++ } else { ++ wispr_portal_context_ref(wp_context); + __connman_agent_request_browser(wp_context->service, + wispr_portal_browser_reply_cb, + wp_context->redirect_url, wp_context); ++ } + + break; + case 300: +@@ -798,6 +803,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) + !g_web_result_get_header(result, "Location", + &redirect)) { + ++ wispr_portal_context_ref(wp_context); + __connman_agent_request_browser(wp_context->service, + wispr_portal_browser_reply_cb, + wp_context->status_url, wp_context); +@@ -808,6 +814,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) + + wp_context->redirect_url = g_strdup(redirect); + ++ wispr_portal_context_ref(wp_context); + wp_context->request_id = g_web_request_get(wp_context->web, + redirect, wispr_portal_web_result, + wispr_route_request, wp_context); +@@ -820,6 +827,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) + + break; + case 505: ++ wispr_portal_context_ref(wp_context); + __connman_agent_request_browser(wp_context->service, + wispr_portal_browser_reply_cb, + wp_context->status_url, wp_context); +@@ -832,6 +840,7 @@ static bool wispr_portal_web_result(GWebResult *result, gpointer user_data) + wp_context->request_id = 0; + done: + wp_context->wispr_msg.message_type = -1; ++ wispr_portal_context_unref(wp_context); + return false; + } + +@@ -890,6 +899,7 @@ static void proxy_callback(const char *proxy, void *user_data) + xml_wispr_parser_callback, wp_context); + + wispr_portal_request_portal(wp_context); ++ wispr_portal_context_unref(wp_context); + } + + static gboolean no_proxy_callback(gpointer user_data) +-- +cgit + diff --git a/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p2.patch b/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p2.patch new file mode 100644 index 00000000000..b2802035943 --- /dev/null +++ b/meta/recipes-connectivity/connman/connman/CVE-2022-32293_p2.patch @@ -0,0 +1,141 @@ +From 72343929836de80727a27d6744c869dff045757c Mon Sep 17 00:00:00 2001 +From: Daniel Wagner +Date: Tue, 5 Jul 2022 08:32:12 +0200 +Subject: wispr: Add reference counter to portal context + +Track the connman_wispr_portal_context live time via a +refcounter. This only adds the infrastructure to do proper reference +counting. + +Fixes: CVE-2022-32293 +CVE: CVE-2022-32293 +Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=416bfaff988882c553c672e5bfc2d4f648d29e8a] +Signed-off-by: Khem Raj +--- + src/wispr.c | 52 ++++++++++++++++++++++++++++++++++++++++++---------- + 1 file changed, 42 insertions(+), 10 deletions(-) + +diff --git a/src/wispr.c b/src/wispr.c +index a07896ca..bde7e63b 100644 +--- a/src/wispr.c ++++ b/src/wispr.c +@@ -56,6 +56,7 @@ struct wispr_route { + }; + + struct connman_wispr_portal_context { ++ int refcount; + struct connman_service *service; + enum connman_ipconfig_type type; + struct connman_wispr_portal *wispr_portal; +@@ -97,6 +98,11 @@ static char *online_check_ipv4_url = NULL; + static char *online_check_ipv6_url = NULL; + static bool enable_online_to_ready_transition = false; + ++#define wispr_portal_context_ref(wp_context) \ ++ wispr_portal_context_ref_debug(wp_context, __FILE__, __LINE__, __func__) ++#define wispr_portal_context_unref(wp_context) \ ++ wispr_portal_context_unref_debug(wp_context, __FILE__, __LINE__, __func__) ++ + static void connman_wispr_message_init(struct connman_wispr_message *msg) + { + DBG(""); +@@ -162,9 +168,6 @@ static void free_connman_wispr_portal_context( + { + DBG("context %p", wp_context); + +- if (!wp_context) +- return; +- + if (wp_context->wispr_portal) { + if (wp_context->wispr_portal->ipv4_context == wp_context) + wp_context->wispr_portal->ipv4_context = NULL; +@@ -201,9 +204,38 @@ static void free_connman_wispr_portal_context( + g_free(wp_context); + } + ++static struct connman_wispr_portal_context * ++wispr_portal_context_ref_debug(struct connman_wispr_portal_context *wp_context, ++ const char *file, int line, const char *caller) ++{ ++ DBG("%p ref %d by %s:%d:%s()", wp_context, ++ wp_context->refcount + 1, file, line, caller); ++ ++ __sync_fetch_and_add(&wp_context->refcount, 1); ++ ++ return wp_context; ++} ++ ++static void wispr_portal_context_unref_debug( ++ struct connman_wispr_portal_context *wp_context, ++ const char *file, int line, const char *caller) ++{ ++ if (!wp_context) ++ return; ++ ++ DBG("%p ref %d by %s:%d:%s()", wp_context, ++ wp_context->refcount - 1, file, line, caller); ++ ++ if (__sync_fetch_and_sub(&wp_context->refcount, 1) != 1) ++ return; ++ ++ free_connman_wispr_portal_context(wp_context); ++} ++ + static struct connman_wispr_portal_context *create_wispr_portal_context(void) + { +- return g_try_new0(struct connman_wispr_portal_context, 1); ++ return wispr_portal_context_ref( ++ g_new0(struct connman_wispr_portal_context, 1)); + } + + static void free_connman_wispr_portal(gpointer data) +@@ -215,8 +247,8 @@ static void free_connman_wispr_portal(gpointer data) + if (!wispr_portal) + return; + +- free_connman_wispr_portal_context(wispr_portal->ipv4_context); +- free_connman_wispr_portal_context(wispr_portal->ipv6_context); ++ wispr_portal_context_unref(wispr_portal->ipv4_context); ++ wispr_portal_context_unref(wispr_portal->ipv6_context); + + g_free(wispr_portal); + } +@@ -452,7 +484,7 @@ static void portal_manage_status(GWebResult *result, + connman_info("Client-Timezone: %s", str); + + if (!enable_online_to_ready_transition) +- free_connman_wispr_portal_context(wp_context); ++ wispr_portal_context_unref(wp_context); + + __connman_service_ipconfig_indicate_state(service, + CONNMAN_SERVICE_STATE_ONLINE, type); +@@ -616,7 +648,7 @@ static void wispr_portal_request_wispr_login(struct connman_service *service, + return; + } + +- free_connman_wispr_portal_context(wp_context); ++ wispr_portal_context_unref(wp_context); + return; + } + +@@ -952,7 +984,7 @@ static int wispr_portal_detect(struct connman_wispr_portal_context *wp_context) + + if (wp_context->token == 0) { + err = -EINVAL; +- free_connman_wispr_portal_context(wp_context); ++ wispr_portal_context_unref(wp_context); + } + } else if (wp_context->timeout == 0) { + wp_context->timeout = g_idle_add(no_proxy_callback, wp_context); +@@ -1001,7 +1033,7 @@ int __connman_wispr_start(struct connman_service *service, + + /* If there is already an existing context, we wipe it */ + if (wp_context) +- free_connman_wispr_portal_context(wp_context); ++ wispr_portal_context_unref(wp_context); + + wp_context = create_wispr_portal_context(); + if (!wp_context) +-- +cgit + diff --git a/meta/recipes-connectivity/connman/connman_1.41.bb b/meta/recipes-connectivity/connman/connman_1.41.bb index 736b78eaebb..79542b2175d 100644 --- a/meta/recipes-connectivity/connman/connman_1.41.bb +++ b/meta/recipes-connectivity/connman/connman_1.41.bb @@ -5,6 +5,9 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \ file://connman \ file://no-version-scripts.patch \ + file://CVE-2022-32293_p1.patch \ + file://CVE-2022-32293_p2.patch \ + file://CVE-2022-32292.patch \ " SRC_URI:append:libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch" From patchwork Sun Aug 14 22:20:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khem Raj X-Patchwork-Id: 11380 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 71501C282E7 for ; Sun, 14 Aug 2022 22:20:57 +0000 (UTC) Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) by mx.groups.io with SMTP id smtpd.web08.10088.1660515649439096070 for ; Sun, 14 Aug 2022 15:20:49 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=HDR0/Qle; spf=pass (domain: gmail.com, ip: 209.85.214.172, mailfrom: raj.khem@gmail.com) Received: by mail-pl1-f172.google.com with SMTP id d10so5007622plr.6 for ; Sun, 14 Aug 2022 15:20:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc; bh=KGEyZXYYPwjkKEstCE7ZjKEtnZ+K9JRXdjkIA/JVblI=; b=HDR0/QlehssU4gTkG9cuDz33xgO+GS3jbSTxdwXb860LIBhdoGxxZFIuKNS7Fd9Fiz drQbcYRvsGJ/owK5JXk0CFAnWSILaFzQEWO1d2CCMQZVi2P7E0BvMy197qtojBaYHvDj uB3T52eIyDNHgzPzuishp9hGorN9JxAhrtNN2uGZHdZwA63xTvJFEB2LThdmJ5coKxPJ ozpVWpPFgg0DSprAtVN0hc+nJBFPk+qdztfDeyIAMqbt7QKU0hi7NpbKkHTwa4FZp54c 5JGU5BjKOIjG7Gap0IFUulM5y6mxjGw7PQbHOpGkEL3Mcx9f/0tr7L3yVf+I8RMbrK+V foqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc; bh=KGEyZXYYPwjkKEstCE7ZjKEtnZ+K9JRXdjkIA/JVblI=; b=dniQVjQJHG81mne2qCz0nYY4uvoKbBuyqTd6tKzOXix/RPT2kb9OoGubGU/mkLBqVf F9pP8XsO4fhOAB6Yq5ORAiM01AVvo5rVNh8V2micaXR6ONOEaaqrrPpVcKyyVHeAYc2y xAA7EurLWhiGvSOVwCrIU+9N72yy9dNj42n7SQO7c4yvMJ0DgKouSPwqzgLCOaDhRFZJ 9hLwA6/CH6/pHCItFerYR1+QcMec3J3u9KECpSQQItJ1zVavhbTBg5HLM35xoPmPrWwk fIGHJfPFFB4sdKcxmXTsgLPN1CPyV72iOsJTfHYeZNPIZXJz+BbijwXgrZa4PJ7ZgtN4 tMwA== X-Gm-Message-State: ACgBeo21WLswDSwtrj+nosoM1plhSOSHvqsRMFINgeCkUkmQ5mvrnO2k 88ZPbx9fFZ7zrswF4wfeDAl6Jj3BTohOJA== X-Google-Smtp-Source: AA6agR6IKlGYOt/rALnPqHtaucxDcRsLgdx53zu/Z5YeX+Lb5Ij9rUj+dmHSWxvmwUldEp7AtXrelA== X-Received: by 2002:a17:90a:df96:b0:1f3:22e:7826 with SMTP id p22-20020a17090adf9600b001f3022e7826mr14758466pjv.21.1660515647926; Sun, 14 Aug 2022 15:20:47 -0700 (PDT) Received: from apollo.hsd1.ca.comcast.net ([2601:646:9200:a0f0::bb7a]) by smtp.gmail.com with ESMTPSA id k15-20020a170902d58f00b0016d8b0dfd61sm5819502plh.178.2022.08.14.15.20.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 14 Aug 2022 15:20:47 -0700 (PDT) From: Khem Raj To: openembedded-core@lists.openembedded.org Cc: Khem Raj Subject: [PATCH 07/10] libtirpc: Backport fix for CVE-2021-46828 Date: Sun, 14 Aug 2022 15:20:34 -0700 Message-Id: <20220814222037.283943-7-raj.khem@gmail.com> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220814222037.283943-1-raj.khem@gmail.com> References: <20220814222037.283943-1-raj.khem@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 14 Aug 2022 22:20:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/169334 CVE: CVE-2021-46828 Signed-off-by: Khem Raj --- .../libtirpc/libtirpc/CVE-2021-46828.patch | 565 ++++++++++++++++++ .../libtirpc/libtirpc_1.3.2.bb | 4 +- 2 files changed, 568 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-extended/libtirpc/libtirpc/CVE-2021-46828.patch diff --git a/meta/recipes-extended/libtirpc/libtirpc/CVE-2021-46828.patch b/meta/recipes-extended/libtirpc/libtirpc/CVE-2021-46828.patch new file mode 100644 index 00000000000..64dffb923b9 --- /dev/null +++ b/meta/recipes-extended/libtirpc/libtirpc/CVE-2021-46828.patch @@ -0,0 +1,565 @@ +From 86529758570cef4c73fb9b9c4104fdc510f701ed Mon Sep 17 00:00:00 2001 +From: Dai Ngo +Date: Sat, 21 Aug 2021 13:16:23 -0400 +Subject: [PATCH] Fix DoS vulnerability in libtirpc + +Currently svc_run does not handle poll timeout and rendezvous_request +does not handle EMFILE error returned from accept(2 as it used to. +These two missing functionality were removed by commit b2c9430f46c4. + +The effect of not handling poll timeout allows idle TCP conections +to remain ESTABLISHED indefinitely. When the number of connections +reaches the limit of the open file descriptors (ulimit -n) then +accept(2) fails with EMFILE. Since there is no handling of EMFILE +error this causes svc_run() to get in a tight loop calling accept(2). +This resulting in the RPC service of svc_run is being down, it's +no longer able to service any requests. + +RPC service rpcbind, statd and mountd are effected by this +problem. + +Fix by enhancing rendezvous_request to keep the number of +SVCXPRT conections to 4/5 of the size of the file descriptor +table. When this thresold is reached, it destroys the idle +TCP connections or destroys the least active connection if +no idle connnction was found. + +Fixes: 44bf15b8 rpcbind: don't use obsolete svc_fdset interface of libtirpc + +CVE: CVE-2021-46828 +Upstream-Status: Backport [http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed] +Signed-off-by: dai.ngo@oracle.com +Signed-off-by: Steve Dickson +--- + INSTALL | 371 +---------------------------------------------------------- + src/svc.c | 17 ++- + src/svc_vc.c | 62 +++++++++- + 3 files changed, 78 insertions(+), 372 deletions(-) + mode change 100644 => 120000 INSTALL + +diff --git a/INSTALL b/INSTALL +deleted file mode 100644 +index 2099840..0000000 +--- a/INSTALL ++++ /dev/null +@@ -1,370 +0,0 @@ +-Installation Instructions +-************************* +- +-Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation, +-Inc. +- +- Copying and distribution of this file, with or without modification, +-are permitted in any medium without royalty provided the copyright +-notice and this notice are preserved. This file is offered as-is, +-without warranty of any kind. +- +-Basic Installation +-================== +- +- Briefly, the shell command `./configure && make && make install' +-should configure, build, and install this package. The following +-more-detailed instructions are generic; see the `README' file for +-instructions specific to this package. Some packages provide this +-`INSTALL' file but do not implement all of the features documented +-below. The lack of an optional feature in a given package is not +-necessarily a bug. More recommendations for GNU packages can be found +-in *note Makefile Conventions: (standards)Makefile Conventions. +- +- The `configure' shell script attempts to guess correct values for +-various system-dependent variables used during compilation. It uses +-those values to create a `Makefile' in each directory of the package. +-It may also create one or more `.h' files containing system-dependent +-definitions. Finally, it creates a shell script `config.status' that +-you can run in the future to recreate the current configuration, and a +-file `config.log' containing compiler output (useful mainly for +-debugging `configure'). +- +- It can also use an optional file (typically called `config.cache' +-and enabled with `--cache-file=config.cache' or simply `-C') that saves +-the results of its tests to speed up reconfiguring. Caching is +-disabled by default to prevent problems with accidental use of stale +-cache files. +- +- If you need to do unusual things to compile the package, please try +-to figure out how `configure' could check whether to do them, and mail +-diffs or instructions to the address given in the `README' so they can +-be considered for the next release. If you are using the cache, and at +-some point `config.cache' contains results you don't want to keep, you +-may remove or edit it. +- +- The file `configure.ac' (or `configure.in') is used to create +-`configure' by a program called `autoconf'. You need `configure.ac' if +-you want to change it or regenerate `configure' using a newer version +-of `autoconf'. +- +- The simplest way to compile this package is: +- +- 1. `cd' to the directory containing the package's source code and type +- `./configure' to configure the package for your system. +- +- Running `configure' might take a while. While running, it prints +- some messages telling which features it is checking for. +- +- 2. Type `make' to compile the package. +- +- 3. Optionally, type `make check' to run any self-tests that come with +- the package, generally using the just-built uninstalled binaries. +- +- 4. Type `make install' to install the programs and any data files and +- documentation. When installing into a prefix owned by root, it is +- recommended that the package be configured and built as a regular +- user, and only the `make install' phase executed with root +- privileges. +- +- 5. Optionally, type `make installcheck' to repeat any self-tests, but +- this time using the binaries in their final installed location. +- This target does not install anything. Running this target as a +- regular user, particularly if the prior `make install' required +- root privileges, verifies that the installation completed +- correctly. +- +- 6. You can remove the program binaries and object files from the +- source code directory by typing `make clean'. To also remove the +- files that `configure' created (so you can compile the package for +- a different kind of computer), type `make distclean'. There is +- also a `make maintainer-clean' target, but that is intended mainly +- for the package's developers. If you use it, you may have to get +- all sorts of other programs in order to regenerate files that came +- with the distribution. +- +- 7. Often, you can also type `make uninstall' to remove the installed +- files again. In practice, not all packages have tested that +- uninstallation works correctly, even though it is required by the +- GNU Coding Standards. +- +- 8. Some packages, particularly those that use Automake, provide `make +- distcheck', which can by used by developers to test that all other +- targets like `make install' and `make uninstall' work correctly. +- This target is generally not run by end users. +- +-Compilers and Options +-===================== +- +- Some systems require unusual options for compilation or linking that +-the `configure' script does not know about. Run `./configure --help' +-for details on some of the pertinent environment variables. +- +- You can give `configure' initial values for configuration parameters +-by setting variables in the command line or in the environment. Here +-is an example: +- +- ./configure CC=c99 CFLAGS=-g LIBS=-lposix +- +- *Note Defining Variables::, for more details. +- +-Compiling For Multiple Architectures +-==================================== +- +- You can compile the package for more than one kind of computer at the +-same time, by placing the object files for each architecture in their +-own directory. To do this, you can use GNU `make'. `cd' to the +-directory where you want the object files and executables to go and run +-the `configure' script. `configure' automatically checks for the +-source code in the directory that `configure' is in and in `..'. This +-is known as a "VPATH" build. +- +- With a non-GNU `make', it is safer to compile the package for one +-architecture at a time in the source code directory. After you have +-installed the package for one architecture, use `make distclean' before +-reconfiguring for another architecture. +- +- On MacOS X 10.5 and later systems, you can create libraries and +-executables that work on multiple system types--known as "fat" or +-"universal" binaries--by specifying multiple `-arch' options to the +-compiler but only a single `-arch' option to the preprocessor. Like +-this: +- +- ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ +- CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ +- CPP="gcc -E" CXXCPP="g++ -E" +- +- This is not guaranteed to produce working output in all cases, you +-may have to build one architecture at a time and combine the results +-using the `lipo' tool if you have problems. +- +-Installation Names +-================== +- +- By default, `make install' installs the package's commands under +-`/usr/local/bin', include files under `/usr/local/include', etc. You +-can specify an installation prefix other than `/usr/local' by giving +-`configure' the option `--prefix=PREFIX', where PREFIX must be an +-absolute file name. +- +- You can specify separate installation prefixes for +-architecture-specific files and architecture-independent files. If you +-pass the option `--exec-prefix=PREFIX' to `configure', the package uses +-PREFIX as the prefix for installing programs and libraries. +-Documentation and other data files still use the regular prefix. +- +- In addition, if you use an unusual directory layout you can give +-options like `--bindir=DIR' to specify different values for particular +-kinds of files. Run `configure --help' for a list of the directories +-you can set and what kinds of files go in them. In general, the +-default for these options is expressed in terms of `${prefix}', so that +-specifying just `--prefix' will affect all of the other directory +-specifications that were not explicitly provided. +- +- The most portable way to affect installation locations is to pass the +-correct locations to `configure'; however, many packages provide one or +-both of the following shortcuts of passing variable assignments to the +-`make install' command line to change installation locations without +-having to reconfigure or recompile. +- +- The first method involves providing an override variable for each +-affected directory. For example, `make install +-prefix=/alternate/directory' will choose an alternate location for all +-directory configuration variables that were expressed in terms of +-`${prefix}'. Any directories that were specified during `configure', +-but not in terms of `${prefix}', must each be overridden at install +-time for the entire installation to be relocated. The approach of +-makefile variable overrides for each directory variable is required by +-the GNU Coding Standards, and ideally causes no recompilation. +-However, some platforms have known limitations with the semantics of +-shared libraries that end up requiring recompilation when using this +-method, particularly noticeable in packages that use GNU Libtool. +- +- The second method involves providing the `DESTDIR' variable. For +-example, `make install DESTDIR=/alternate/directory' will prepend +-`/alternate/directory' before all installation names. The approach of +-`DESTDIR' overrides is not required by the GNU Coding Standards, and +-does not work on platforms that have drive letters. On the other hand, +-it does better at avoiding recompilation issues, and works well even +-when some directory options were not specified in terms of `${prefix}' +-at `configure' time. +- +-Optional Features +-================= +- +- If the package supports it, you can cause programs to be installed +-with an extra prefix or suffix on their names by giving `configure' the +-option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. +- +- Some packages pay attention to `--enable-FEATURE' options to +-`configure', where FEATURE indicates an optional part of the package. +-They may also pay attention to `--with-PACKAGE' options, where PACKAGE +-is something like `gnu-as' or `x' (for the X Window System). The +-`README' should mention any `--enable-' and `--with-' options that the +-package recognizes. +- +- For packages that use the X Window System, `configure' can usually +-find the X include and library files automatically, but if it doesn't, +-you can use the `configure' options `--x-includes=DIR' and +-`--x-libraries=DIR' to specify their locations. +- +- Some packages offer the ability to configure how verbose the +-execution of `make' will be. For these packages, running `./configure +---enable-silent-rules' sets the default to minimal output, which can be +-overridden with `make V=1'; while running `./configure +---disable-silent-rules' sets the default to verbose, which can be +-overridden with `make V=0'. +- +-Particular systems +-================== +- +- On HP-UX, the default C compiler is not ANSI C compatible. If GNU +-CC is not installed, it is recommended to use the following options in +-order to use an ANSI C compiler: +- +- ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" +- +-and if that doesn't work, install pre-built binaries of GCC for HP-UX. +- +- HP-UX `make' updates targets which have the same time stamps as +-their prerequisites, which makes it generally unusable when shipped +-generated files such as `configure' are involved. Use GNU `make' +-instead. +- +- On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot +-parse its `' header file. The option `-nodtk' can be used as +-a workaround. If GNU CC is not installed, it is therefore recommended +-to try +- +- ./configure CC="cc" +- +-and if that doesn't work, try +- +- ./configure CC="cc -nodtk" +- +- On Solaris, don't put `/usr/ucb' early in your `PATH'. This +-directory contains several dysfunctional programs; working variants of +-these programs are available in `/usr/bin'. So, if you need `/usr/ucb' +-in your `PATH', put it _after_ `/usr/bin'. +- +- On Haiku, software installed for all users goes in `/boot/common', +-not `/usr/local'. It is recommended to use the following options: +- +- ./configure --prefix=/boot/common +- +-Specifying the System Type +-========================== +- +- There may be some features `configure' cannot figure out +-automatically, but needs to determine by the type of machine the package +-will run on. Usually, assuming the package is built to be run on the +-_same_ architectures, `configure' can figure that out, but if it prints +-a message saying it cannot guess the machine type, give it the +-`--build=TYPE' option. TYPE can either be a short name for the system +-type, such as `sun4', or a canonical name which has the form: +- +- CPU-COMPANY-SYSTEM +- +-where SYSTEM can have one of these forms: +- +- OS +- KERNEL-OS +- +- See the file `config.sub' for the possible values of each field. If +-`config.sub' isn't included in this package, then this package doesn't +-need to know the machine type. +- +- If you are _building_ compiler tools for cross-compiling, you should +-use the option `--target=TYPE' to select the type of system they will +-produce code for. +- +- If you want to _use_ a cross compiler, that generates code for a +-platform different from the build platform, you should specify the +-"host" platform (i.e., that on which the generated programs will +-eventually be run) with `--host=TYPE'. +- +-Sharing Defaults +-================ +- +- If you want to set default values for `configure' scripts to share, +-you can create a site shell script called `config.site' that gives +-default values for variables like `CC', `cache_file', and `prefix'. +-`configure' looks for `PREFIX/share/config.site' if it exists, then +-`PREFIX/etc/config.site' if it exists. Or, you can set the +-`CONFIG_SITE' environment variable to the location of the site script. +-A warning: not all `configure' scripts look for a site script. +- +-Defining Variables +-================== +- +- Variables not defined in a site shell script can be set in the +-environment passed to `configure'. However, some packages may run +-configure again during the build, and the customized values of these +-variables may be lost. In order to avoid this problem, you should set +-them in the `configure' command line, using `VAR=value'. For example: +- +- ./configure CC=/usr/local2/bin/gcc +- +-causes the specified `gcc' to be used as the C compiler (unless it is +-overridden in the site shell script). +- +-Unfortunately, this technique does not work for `CONFIG_SHELL' due to +-an Autoconf limitation. Until the limitation is lifted, you can use +-this workaround: +- +- CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash +- +-`configure' Invocation +-====================== +- +- `configure' recognizes the following options to control how it +-operates. +- +-`--help' +-`-h' +- Print a summary of all of the options to `configure', and exit. +- +-`--help=short' +-`--help=recursive' +- Print a summary of the options unique to this package's +- `configure', and exit. The `short' variant lists options used +- only in the top level, while the `recursive' variant lists options +- also present in any nested packages. +- +-`--version' +-`-V' +- Print the version of Autoconf used to generate the `configure' +- script, and exit. +- +-`--cache-file=FILE' +- Enable the cache: use and save the results of the tests in FILE, +- traditionally `config.cache'. FILE defaults to `/dev/null' to +- disable caching. +- +-`--config-cache' +-`-C' +- Alias for `--cache-file=config.cache'. +- +-`--quiet' +-`--silent' +-`-q' +- Do not print messages saying which checks are being made. To +- suppress all normal output, redirect it to `/dev/null' (any error +- messages will still be shown). +- +-`--srcdir=DIR' +- Look for the package's source code in directory DIR. Usually +- `configure' can determine that directory automatically. +- +-`--prefix=DIR' +- Use DIR as the installation prefix. *note Installation Names:: +- for more details, including other options available for fine-tuning +- the installation locations. +- +-`--no-create' +-`-n' +- Run the configure checks, but stop before creating any output +- files. +- +-`configure' also accepts some other, not widely useful, options. Run +-`configure --help' for more details. +diff --git a/INSTALL b/INSTALL +new file mode 120000 +index 0000000..e3f22c0 +--- /dev/null ++++ b/INSTALL +@@ -0,0 +1 @@ ++/usr/share/automake-1.16/INSTALL +\ No newline at end of file +diff --git a/src/svc.c b/src/svc.c +index 6db164b..3a8709f 100644 +--- a/src/svc.c ++++ b/src/svc.c +@@ -57,7 +57,7 @@ + + #define max(a, b) (a > b ? a : b) + +-static SVCXPRT **__svc_xports; ++SVCXPRT **__svc_xports; + int __svc_maxrec; + + /* +@@ -194,6 +194,21 @@ __xprt_do_unregister (xprt, dolock) + rwlock_unlock (&svc_fd_lock); + } + ++int ++svc_open_fds() ++{ ++ int ix; ++ int nfds = 0; ++ ++ rwlock_rdlock (&svc_fd_lock); ++ for (ix = 0; ix < svc_max_pollfd; ++ix) { ++ if (svc_pollfd[ix].fd != -1) ++ nfds++; ++ } ++ rwlock_unlock (&svc_fd_lock); ++ return (nfds); ++} ++ + /* + * Add a service program to the callout list. + * The dispatch routine will be called when a rpc request for this +diff --git a/src/svc_vc.c b/src/svc_vc.c +index f1d9f00..3dc8a75 100644 +--- a/src/svc_vc.c ++++ b/src/svc_vc.c +@@ -64,6 +64,8 @@ + + + extern rwlock_t svc_fd_lock; ++extern SVCXPRT **__svc_xports; ++extern int svc_open_fds(); + + static SVCXPRT *makefd_xprt(int, u_int, u_int); + static bool_t rendezvous_request(SVCXPRT *, struct rpc_msg *); +@@ -82,6 +84,7 @@ static void svc_vc_ops(SVCXPRT *); + static bool_t svc_vc_control(SVCXPRT *xprt, const u_int rq, void *in); + static bool_t svc_vc_rendezvous_control (SVCXPRT *xprt, const u_int rq, + void *in); ++static int __svc_destroy_idle(int timeout); + + struct cf_rendezvous { /* kept in xprt->xp_p1 for rendezvouser */ + u_int sendsize; +@@ -313,13 +316,14 @@ done: + return (xprt); + } + ++ + /*ARGSUSED*/ + static bool_t + rendezvous_request(xprt, msg) + SVCXPRT *xprt; + struct rpc_msg *msg; + { +- int sock, flags; ++ int sock, flags, nfds, cnt; + struct cf_rendezvous *r; + struct cf_conn *cd; + struct sockaddr_storage addr; +@@ -379,6 +383,16 @@ again: + + gettimeofday(&cd->last_recv_time, NULL); + ++ nfds = svc_open_fds(); ++ if (nfds >= (_rpc_dtablesize() / 5) * 4) { ++ /* destroy idle connections */ ++ cnt = __svc_destroy_idle(15); ++ if (cnt == 0) { ++ /* destroy least active */ ++ __svc_destroy_idle(0); ++ } ++ } ++ + return (FALSE); /* there is never an rpc msg to be processed */ + } + +@@ -820,3 +834,49 @@ __svc_clean_idle(fd_set *fds, int timeout, bool_t cleanblock) + { + return FALSE; + } ++ ++static int ++__svc_destroy_idle(int timeout) ++{ ++ int i, ncleaned = 0; ++ SVCXPRT *xprt, *least_active; ++ struct timeval tv, tdiff, tmax; ++ struct cf_conn *cd; ++ ++ gettimeofday(&tv, NULL); ++ tmax.tv_sec = tmax.tv_usec = 0; ++ least_active = NULL; ++ rwlock_wrlock(&svc_fd_lock); ++ ++ for (i = 0; i <= svc_max_pollfd; i++) { ++ if (svc_pollfd[i].fd == -1) ++ continue; ++ xprt = __svc_xports[i]; ++ if (xprt == NULL || xprt->xp_ops == NULL || ++ xprt->xp_ops->xp_recv != svc_vc_recv) ++ continue; ++ cd = (struct cf_conn *)xprt->xp_p1; ++ if (!cd->nonblock) ++ continue; ++ if (timeout == 0) { ++ timersub(&tv, &cd->last_recv_time, &tdiff); ++ if (timercmp(&tdiff, &tmax, >)) { ++ tmax = tdiff; ++ least_active = xprt; ++ } ++ continue; ++ } ++ if (tv.tv_sec - cd->last_recv_time.tv_sec > timeout) { ++ __xprt_unregister_unlocked(xprt); ++ __svc_vc_dodestroy(xprt); ++ ncleaned++; ++ } ++ } ++ if (timeout == 0 && least_active != NULL) { ++ __xprt_unregister_unlocked(least_active); ++ __svc_vc_dodestroy(least_active); ++ ncleaned++; ++ } ++ rwlock_unlock(&svc_fd_lock); ++ return (ncleaned); ++} +-- +1.8.3.1 + diff --git a/meta/recipes-extended/libtirpc/libtirpc_1.3.2.bb b/meta/recipes-extended/libtirpc/libtirpc_1.3.2.bb index 45b3d2befc3..cc87638c0f7 100644 --- a/meta/recipes-extended/libtirpc/libtirpc_1.3.2.bb +++ b/meta/recipes-extended/libtirpc/libtirpc_1.3.2.bb @@ -9,7 +9,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f835cce8852481e4b2bbbdd23b5e47f3 \ PROVIDES = "virtual/librpc" -SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2" +SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2 \ + file://CVE-2021-46828.patch \ + " UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/libtirpc/files/libtirpc/" UPSTREAM_CHECK_REGEX = "(?P\d+(\.\d+)+)/" SRC_URI[sha256sum] = "e24eb88b8ce7db3b7ca6eb80115dd1284abc5ec32a8deccfed2224fc2532b9fd" From patchwork Sun Aug 14 22:20:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khem Raj X-Patchwork-Id: 11378 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4F336C25B0F for ; Sun, 14 Aug 2022 22:20:57 +0000 (UTC) Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) by mx.groups.io with SMTP id smtpd.web12.10110.1660515649881659689 for ; Sun, 14 Aug 2022 15:20:49 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=egupTRtO; spf=pass (domain: gmail.com, ip: 209.85.214.172, mailfrom: raj.khem@gmail.com) Received: by mail-pl1-f172.google.com with SMTP id m2so5014326pls.4 for ; Sun, 14 Aug 2022 15:20:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc; bh=NrRd4SdHkzL2S6mneNj5HL1GYvJqrQZ+OfLlFhIDT2k=; b=egupTRtOuzK+/5f1TK7UvPHUCMXVzdmvHY5sPW8TDoDgnRhrMuwo4pAewOVzhjWlFC xgq5ElCujHkIRxsd3sYxp7Ir4oS5dDzwluFKR7OgJJd2l8RerZKM2dJkhmZrzXi29Vvc bY/LuiCfPo0xLjlxuhhxIO8wevGTUgN9Fu9Tcixa6uJJwqAb+LEw8w4SlS8HO3NaQJ2W xAj+K5av/XrnoSeQOLLFlh177MQFnMWirU872rzK+BuhRovhEZBeOzwCKMMObzAIzAok t+ms4mZwkTfQM0a5oB4NnVHqORrAk7wtHhFcXOHRg/oll+TtF4oWqwl/PYUF+fpaSQc4 DvAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc; bh=NrRd4SdHkzL2S6mneNj5HL1GYvJqrQZ+OfLlFhIDT2k=; b=hEyQzL8IJAVVi8DxiRuQ8hsDst+O0W5i4JVQnvCcIY7vy4W3jTDQ6G7Z+nJRiHH7wX ksvVf93qL4C8bUWffYReHTuwFThKb8WQK5O0lNPFQN/ycSDV8k9XsdahbN6LhMdMjLMr 16CwarKP7d2p036zBg/mxyd8C+zvIOHoMFK4lhVqDY/2FkiK8yp8JYJapH3aYei0Lx3I sRomuhNQfzScaahWhCFr63WYF9Seed7JzcHsuoa+KE7L7xJXLOqstTIKuFBTvbBbwE4D SW+8DVC8+3jxrX8Wp1pgOWDS7BxJL/xCqhe36XJs/xS9SG0S05UMQZn0Iaj+wmTciCWU Gt7g== X-Gm-Message-State: ACgBeo3SWTfWK4iExcsKBR7O4nRIuVrGIbVVDjzWBYQs6LF6zpmCUObR PY5kD6DGHOz2wt3IBHhtBD92ryvF6DiFSw== X-Google-Smtp-Source: AA6agR4F8P91ZMacXd2lMBqng7BWSBOrYiIMxgTNBICCbcTCJBwNtYVyUzfVoBeA+0uYDleP9zMMxA== X-Received: by 2002:a17:90a:b703:b0:1dd:1e2f:97d7 with SMTP id l3-20020a17090ab70300b001dd1e2f97d7mr24423331pjr.62.1660515648862; Sun, 14 Aug 2022 15:20:48 -0700 (PDT) Received: from apollo.hsd1.ca.comcast.net ([2601:646:9200:a0f0::bb7a]) by smtp.gmail.com with ESMTPSA id k15-20020a170902d58f00b0016d8b0dfd61sm5819502plh.178.2022.08.14.15.20.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 14 Aug 2022 15:20:48 -0700 (PDT) From: Khem Raj To: openembedded-core@lists.openembedded.org Cc: Khem Raj Subject: [PATCH 08/10] libxml2: Ignore CVE-2016-3709 Date: Sun, 14 Aug 2022 15:20:35 -0700 Message-Id: <20220814222037.283943-8-raj.khem@gmail.com> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220814222037.283943-1-raj.khem@gmail.com> References: <20220814222037.283943-1-raj.khem@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 14 Aug 2022 22:20:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/169335 This is fixed via a revert in 2.9.11 [1] [1] https://gitlab.gnome.org/GNOME/libxml2/-/commit/c1ba6f54d32b707ca6d91cb3257ce9de82876b6f Signed-off-by: Khem Raj --- meta/recipes-core/libxml/libxml2_2.9.14.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb index 3081ebf92f0..e58298d3b01 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.14.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb @@ -29,6 +29,10 @@ SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c BINCONFIG = "${bindir}/xml2-config" +# Fixed since 2.9.11 via +# https://gitlab.gnome.org/GNOME/libxml2/-/commit/c1ba6f54d32b707ca6d91cb3257ce9de82876b6f +CVE_CHECK_IGNORE += "CVE-2016-3709" + PACKAGECONFIG ??= "python \ ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ " From patchwork Sun Aug 14 22:20:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khem Raj X-Patchwork-Id: 11376 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 43D27C25B06 for ; Sun, 14 Aug 2022 22:20:57 +0000 (UTC) Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) by mx.groups.io with SMTP id smtpd.web08.10088.1660515649439096070 for ; Sun, 14 Aug 2022 15:20:51 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=WxPuGP+n; spf=pass (domain: gmail.com, ip: 209.85.214.172, mailfrom: raj.khem@gmail.com) Received: by mail-pl1-f172.google.com with SMTP id d10so5007656plr.6 for ; Sun, 14 Aug 2022 15:20:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc; bh=s6CGSGTtJIOVdx+MdV9zQh34hpTdb9xdjxOqaFy3XeM=; b=WxPuGP+nJWiPa++6PPWQgCNjSuThSQlAGz/WibnwFjX79TOLlzbSpaeOQBP3hXuuBg T7DUbAFFIs28rR9FsO6YZD+p2Vn10vwtKd+xOKdyb6Hb1Kgc+sDpungbvnp1Q0iLV/9J FICh18f7JDKAPRmAkNvwrgn8ejIlOLsvgmHBCLEp62dzsBucnNXswRSz7+eDbOLoY4zO h0WsuLtPUgPC8ZvYWkarOrnWoo8BxgkdZF+MWyFXa53ZtBjRNuYSYFpJ7Z8dKeFsw/Ps 7NasX/JR8NLTWie3xO4zA69PDbfKzHc5s2Ndi/Djx3JF4hOXd6NRfvCufupB47iZ7NmU lf9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc; bh=s6CGSGTtJIOVdx+MdV9zQh34hpTdb9xdjxOqaFy3XeM=; b=nKWt1zMedGHmyu0xQncojSD5pDAhQpzcaMlDgZDBZEuTrkamJwco4iQJlWHSG+bf1y C1e1Dw//qPzVtTcGS3xSdAGScD1Fhth8L7LpFWQZ7o6kQKw+XL+m8SN8b7Dld1ubMm08 U67qn1SSakrEaikQzeaUO+dMtfO/mUlBPuNtSYQ1f+TRZKcP7dwxYQW2/hsk8RMjpoRW 4UEIYtdnHR12rGwupxcFB5rD2r5YHlBKM+Mu8OAuZBhukuHqy20EbAGoPzwSW0SlUb5C vaUidgYVVyNhKF2mjjcSAcJ9KQIOrF/NOVz5G9kYGWz1eoQfPhMteV/kwTk1US9zXpF6 yLNQ== X-Gm-Message-State: ACgBeo1CKm4/V5V4QlchBKU0Bg5b6Fpoms5CcyYfoCsFkQKP7/O3qdr9 /fi8ijGyWLd1+wUW03jo1SCovswtte3VVA== X-Google-Smtp-Source: AA6agR4DOOsqfB2ncw2XrIFmNyCRlazu7NvEtb6qCAAbvIzpgDbWYTr83e3GL4FanqXQXNNUEKiLhQ== X-Received: by 2002:a17:90b:390f:b0:1f4:e394:8c18 with SMTP id ob15-20020a17090b390f00b001f4e3948c18mr14797597pjb.141.1660515650277; Sun, 14 Aug 2022 15:20:50 -0700 (PDT) Received: from apollo.hsd1.ca.comcast.net ([2601:646:9200:a0f0::bb7a]) by smtp.gmail.com with ESMTPSA id k15-20020a170902d58f00b0016d8b0dfd61sm5819502plh.178.2022.08.14.15.20.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 14 Aug 2022 15:20:49 -0700 (PDT) From: Khem Raj To: openembedded-core@lists.openembedded.org Cc: Khem Raj Subject: [PATCH 09/10] tiff: Backport a patch for CVE-2022-34526 Date: Sun, 14 Aug 2022 15:20:36 -0700 Message-Id: <20220814222037.283943-9-raj.khem@gmail.com> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220814222037.283943-1-raj.khem@gmail.com> References: <20220814222037.283943-1-raj.khem@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 14 Aug 2022 22:20:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/169336 Signed-off-by: Khem Raj --- .../libtiff/files/CVE-2022-34526.patch | 32 +++++++++++++++++++ meta/recipes-multimedia/libtiff/tiff_4.4.0.bb | 4 ++- 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-34526.patch diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2022-34526.patch b/meta/recipes-multimedia/libtiff/files/CVE-2022-34526.patch new file mode 100644 index 00000000000..54c33457468 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2022-34526.patch @@ -0,0 +1,32 @@ +From 275735d0354e39c0ac1dc3c0db2120d6f31d1990 Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Mon, 27 Jun 2022 16:09:43 +0200 +Subject: [PATCH] _TIFFCheckFieldIsValidForCodec(): return FALSE when passed a + codec-specific tag and the codec is not configured (fixes #433) + +This avoids crashes when querying such tags + +CVE: CVE-2022-34526 +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/275735d0354e39c0ac1dc3c0db2120d6f31d1990] +Signed-off-by: Khem Raj +--- + libtiff/tif_dirinfo.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c +index c30f569b..3371cb5c 100644 +--- a/libtiff/tif_dirinfo.c ++++ b/libtiff/tif_dirinfo.c +@@ -1191,6 +1191,9 @@ _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag) + default: + return 1; + } ++ if( !TIFFIsCODECConfigured(tif->tif_dir.td_compression) ) { ++ return 0; ++ } + /* Check if codec specific tags are allowed for the current + * compression scheme (codec) */ + switch (tif->tif_dir.td_compression) { +-- +GitLab + diff --git a/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb index 0af956a8f0f..e30df0b3e9e 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb @@ -9,7 +9,9 @@ LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=34da3db46fab7501992f9615d7e158cf" CVE_PRODUCT = "libtiff" SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ - file://0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch" + file://0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch \ + file://CVE-2022-34526.patch \ + " SRC_URI[sha256sum] = "917223b37538959aca3b790d2d73aa6e626b688e02dcda272aec24c2f498abed" From patchwork Sun Aug 14 22:20:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khem Raj X-Patchwork-Id: 11377 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 501A4C48BE4 for ; Sun, 14 Aug 2022 22:20:57 +0000 (UTC) Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com [209.85.216.45]) by mx.groups.io with SMTP id smtpd.web11.10185.1660515652862568412 for ; Sun, 14 Aug 2022 15:20:53 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=bEyr0kt8; spf=pass (domain: gmail.com, ip: 209.85.216.45, mailfrom: raj.khem@gmail.com) Received: by mail-pj1-f45.google.com with SMTP id ha11so5539777pjb.2 for ; Sun, 14 Aug 2022 15:20:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc; bh=aniGHnMRSkOBkAz8HlVqD6X0MC85/zygqA2S5Y877LY=; b=bEyr0kt8gW8INe0zFTTF4zbf3RiDeRKFX4kWNiHU2+E/DYn/UC6K60fYO3HrDYTmDa RoEvD3+WUoFKayla0gGLILuEzkkDFVP37K/AqK/HN7tbKD0HChzZY0WQtq0IYXk1Vm5V pm2Vv8jH3xBfpYqXgoCgnifmCO+pDg/HOj6889VYl3qO+lenT/0UsSZK8zznQXBHEuIb 8q33RM7NrTR7ISUBKs8lGDf4ohvFPqXlJrJw5jxRmxAbaCCqo7x2wwn19fcgki3kKvVF nEToxytwxbl3YBKfnvp3+Gpky92qaIIQ5S6NlEx3zCfuZBxP9dN3zveAeybBbz/9MbJ8 8Unw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc; bh=aniGHnMRSkOBkAz8HlVqD6X0MC85/zygqA2S5Y877LY=; b=PJspJ8386a/Ye0iUCMnGVtARKf3M1nDHwab1LC4dbS3HNRu7xngHc/PObrG3eS1Tsi PxhdQkPm61f09rl7gk/pb1Rn25zADjNX14pqw7lqeN9pBnlJbvMiibLjBYhPG05C8h8z itAWdABq3EKZBQN9s4MR5XEzV5nArIIYKLbDc69yOBqwB2S2G+UrigJ11SqMl0iT0dGK rhz/XnFJeS4vVQ/dMTzFA4eroq8g7gHBmdJPB0ZBHMJ7w+zfagsu12tw9XUtROmNThS9 LNaCCWk1sxp71Xc5CCfZ6ZLkaDLWFUZt0a/O2idg9aEli/bm6r0cHgGhGMTp93HyklE7 h11Q== X-Gm-Message-State: ACgBeo1/HzfxmACzbG2Of96K9wm/tBZ62vzYGWcIM9nYqHEQ6n4Z39RX sy7WRWDCot5c2qDUrmM/dPTrPT7Hp/65WA== X-Google-Smtp-Source: AA6agR4DHrjI4uM1yNXp6cI3sCowAN1d3CisJimE7ELdO4xaEnGtygx+gX8SJFwp2R28F71zLRTO8g== X-Received: by 2002:a17:902:f806:b0:172:55a6:bd25 with SMTP id ix6-20020a170902f80600b0017255a6bd25mr10134279plb.61.1660515651393; Sun, 14 Aug 2022 15:20:51 -0700 (PDT) Received: from apollo.hsd1.ca.comcast.net ([2601:646:9200:a0f0::bb7a]) by smtp.gmail.com with ESMTPSA id k15-20020a170902d58f00b0016d8b0dfd61sm5819502plh.178.2022.08.14.15.20.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 14 Aug 2022 15:20:50 -0700 (PDT) From: Khem Raj To: openembedded-core@lists.openembedded.org Cc: Khem Raj Subject: [PATCH 10/10] libtirpc: Upgrade to 1.3.3 Date: Sun, 14 Aug 2022 15:20:37 -0700 Message-Id: <20220814222037.283943-10-raj.khem@gmail.com> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220814222037.283943-1-raj.khem@gmail.com> References: <20220814222037.283943-1-raj.khem@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 14 Aug 2022 22:20:57 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/169337 In this release a large number of deadlocks in the in the multi-thread code were fix. A number of memory leaks were plugged and a DoS was eliminated. As well as a large number of bug fixes. Release notes: http://sourceforge.net/projects/libtirpc/files/libtirpc/1.3.3/Release-1.3.3.txt Signed-off-by: Khem Raj --- .../libtirpc/libtirpc/CVE-2021-46828.patch | 565 ------------------ .../{libtirpc_1.3.2.bb => libtirpc_1.3.3.bb} | 6 +- 2 files changed, 2 insertions(+), 569 deletions(-) delete mode 100644 meta/recipes-extended/libtirpc/libtirpc/CVE-2021-46828.patch rename meta/recipes-extended/libtirpc/{libtirpc_1.3.2.bb => libtirpc_1.3.3.bb} (80%) diff --git a/meta/recipes-extended/libtirpc/libtirpc/CVE-2021-46828.patch b/meta/recipes-extended/libtirpc/libtirpc/CVE-2021-46828.patch deleted file mode 100644 index 64dffb923b9..00000000000 --- a/meta/recipes-extended/libtirpc/libtirpc/CVE-2021-46828.patch +++ /dev/null @@ -1,565 +0,0 @@ -From 86529758570cef4c73fb9b9c4104fdc510f701ed Mon Sep 17 00:00:00 2001 -From: Dai Ngo -Date: Sat, 21 Aug 2021 13:16:23 -0400 -Subject: [PATCH] Fix DoS vulnerability in libtirpc - -Currently svc_run does not handle poll timeout and rendezvous_request -does not handle EMFILE error returned from accept(2 as it used to. -These two missing functionality were removed by commit b2c9430f46c4. - -The effect of not handling poll timeout allows idle TCP conections -to remain ESTABLISHED indefinitely. When the number of connections -reaches the limit of the open file descriptors (ulimit -n) then -accept(2) fails with EMFILE. Since there is no handling of EMFILE -error this causes svc_run() to get in a tight loop calling accept(2). -This resulting in the RPC service of svc_run is being down, it's -no longer able to service any requests. - -RPC service rpcbind, statd and mountd are effected by this -problem. - -Fix by enhancing rendezvous_request to keep the number of -SVCXPRT conections to 4/5 of the size of the file descriptor -table. When this thresold is reached, it destroys the idle -TCP connections or destroys the least active connection if -no idle connnction was found. - -Fixes: 44bf15b8 rpcbind: don't use obsolete svc_fdset interface of libtirpc - -CVE: CVE-2021-46828 -Upstream-Status: Backport [http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed] -Signed-off-by: dai.ngo@oracle.com -Signed-off-by: Steve Dickson ---- - INSTALL | 371 +---------------------------------------------------------- - src/svc.c | 17 ++- - src/svc_vc.c | 62 +++++++++- - 3 files changed, 78 insertions(+), 372 deletions(-) - mode change 100644 => 120000 INSTALL - -diff --git a/INSTALL b/INSTALL -deleted file mode 100644 -index 2099840..0000000 ---- a/INSTALL -+++ /dev/null -@@ -1,370 +0,0 @@ --Installation Instructions --************************* -- --Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation, --Inc. -- -- Copying and distribution of this file, with or without modification, --are permitted in any medium without royalty provided the copyright --notice and this notice are preserved. This file is offered as-is, --without warranty of any kind. -- --Basic Installation --================== -- -- Briefly, the shell command `./configure && make && make install' --should configure, build, and install this package. The following --more-detailed instructions are generic; see the `README' file for --instructions specific to this package. Some packages provide this --`INSTALL' file but do not implement all of the features documented --below. The lack of an optional feature in a given package is not --necessarily a bug. More recommendations for GNU packages can be found --in *note Makefile Conventions: (standards)Makefile Conventions. -- -- The `configure' shell script attempts to guess correct values for --various system-dependent variables used during compilation. It uses --those values to create a `Makefile' in each directory of the package. --It may also create one or more `.h' files containing system-dependent --definitions. Finally, it creates a shell script `config.status' that --you can run in the future to recreate the current configuration, and a --file `config.log' containing compiler output (useful mainly for --debugging `configure'). -- -- It can also use an optional file (typically called `config.cache' --and enabled with `--cache-file=config.cache' or simply `-C') that saves --the results of its tests to speed up reconfiguring. Caching is --disabled by default to prevent problems with accidental use of stale --cache files. -- -- If you need to do unusual things to compile the package, please try --to figure out how `configure' could check whether to do them, and mail --diffs or instructions to the address given in the `README' so they can --be considered for the next release. If you are using the cache, and at --some point `config.cache' contains results you don't want to keep, you --may remove or edit it. -- -- The file `configure.ac' (or `configure.in') is used to create --`configure' by a program called `autoconf'. You need `configure.ac' if --you want to change it or regenerate `configure' using a newer version --of `autoconf'. -- -- The simplest way to compile this package is: -- -- 1. `cd' to the directory containing the package's source code and type -- `./configure' to configure the package for your system. -- -- Running `configure' might take a while. While running, it prints -- some messages telling which features it is checking for. -- -- 2. Type `make' to compile the package. -- -- 3. Optionally, type `make check' to run any self-tests that come with -- the package, generally using the just-built uninstalled binaries. -- -- 4. Type `make install' to install the programs and any data files and -- documentation. When installing into a prefix owned by root, it is -- recommended that the package be configured and built as a regular -- user, and only the `make install' phase executed with root -- privileges. -- -- 5. Optionally, type `make installcheck' to repeat any self-tests, but -- this time using the binaries in their final installed location. -- This target does not install anything. Running this target as a -- regular user, particularly if the prior `make install' required -- root privileges, verifies that the installation completed -- correctly. -- -- 6. You can remove the program binaries and object files from the -- source code directory by typing `make clean'. To also remove the -- files that `configure' created (so you can compile the package for -- a different kind of computer), type `make distclean'. There is -- also a `make maintainer-clean' target, but that is intended mainly -- for the package's developers. If you use it, you may have to get -- all sorts of other programs in order to regenerate files that came -- with the distribution. -- -- 7. Often, you can also type `make uninstall' to remove the installed -- files again. In practice, not all packages have tested that -- uninstallation works correctly, even though it is required by the -- GNU Coding Standards. -- -- 8. Some packages, particularly those that use Automake, provide `make -- distcheck', which can by used by developers to test that all other -- targets like `make install' and `make uninstall' work correctly. -- This target is generally not run by end users. -- --Compilers and Options --===================== -- -- Some systems require unusual options for compilation or linking that --the `configure' script does not know about. Run `./configure --help' --for details on some of the pertinent environment variables. -- -- You can give `configure' initial values for configuration parameters --by setting variables in the command line or in the environment. Here --is an example: -- -- ./configure CC=c99 CFLAGS=-g LIBS=-lposix -- -- *Note Defining Variables::, for more details. -- --Compiling For Multiple Architectures --==================================== -- -- You can compile the package for more than one kind of computer at the --same time, by placing the object files for each architecture in their --own directory. To do this, you can use GNU `make'. `cd' to the --directory where you want the object files and executables to go and run --the `configure' script. `configure' automatically checks for the --source code in the directory that `configure' is in and in `..'. This --is known as a "VPATH" build. -- -- With a non-GNU `make', it is safer to compile the package for one --architecture at a time in the source code directory. After you have --installed the package for one architecture, use `make distclean' before --reconfiguring for another architecture. -- -- On MacOS X 10.5 and later systems, you can create libraries and --executables that work on multiple system types--known as "fat" or --"universal" binaries--by specifying multiple `-arch' options to the --compiler but only a single `-arch' option to the preprocessor. Like --this: -- -- ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ -- CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ -- CPP="gcc -E" CXXCPP="g++ -E" -- -- This is not guaranteed to produce working output in all cases, you --may have to build one architecture at a time and combine the results --using the `lipo' tool if you have problems. -- --Installation Names --================== -- -- By default, `make install' installs the package's commands under --`/usr/local/bin', include files under `/usr/local/include', etc. You --can specify an installation prefix other than `/usr/local' by giving --`configure' the option `--prefix=PREFIX', where PREFIX must be an --absolute file name. -- -- You can specify separate installation prefixes for --architecture-specific files and architecture-independent files. If you --pass the option `--exec-prefix=PREFIX' to `configure', the package uses --PREFIX as the prefix for installing programs and libraries. --Documentation and other data files still use the regular prefix. -- -- In addition, if you use an unusual directory layout you can give --options like `--bindir=DIR' to specify different values for particular --kinds of files. Run `configure --help' for a list of the directories --you can set and what kinds of files go in them. In general, the --default for these options is expressed in terms of `${prefix}', so that --specifying just `--prefix' will affect all of the other directory --specifications that were not explicitly provided. -- -- The most portable way to affect installation locations is to pass the --correct locations to `configure'; however, many packages provide one or --both of the following shortcuts of passing variable assignments to the --`make install' command line to change installation locations without --having to reconfigure or recompile. -- -- The first method involves providing an override variable for each --affected directory. For example, `make install --prefix=/alternate/directory' will choose an alternate location for all --directory configuration variables that were expressed in terms of --`${prefix}'. Any directories that were specified during `configure', --but not in terms of `${prefix}', must each be overridden at install --time for the entire installation to be relocated. The approach of --makefile variable overrides for each directory variable is required by --the GNU Coding Standards, and ideally causes no recompilation. --However, some platforms have known limitations with the semantics of --shared libraries that end up requiring recompilation when using this --method, particularly noticeable in packages that use GNU Libtool. -- -- The second method involves providing the `DESTDIR' variable. For --example, `make install DESTDIR=/alternate/directory' will prepend --`/alternate/directory' before all installation names. The approach of --`DESTDIR' overrides is not required by the GNU Coding Standards, and --does not work on platforms that have drive letters. On the other hand, --it does better at avoiding recompilation issues, and works well even --when some directory options were not specified in terms of `${prefix}' --at `configure' time. -- --Optional Features --================= -- -- If the package supports it, you can cause programs to be installed --with an extra prefix or suffix on their names by giving `configure' the --option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. -- -- Some packages pay attention to `--enable-FEATURE' options to --`configure', where FEATURE indicates an optional part of the package. --They may also pay attention to `--with-PACKAGE' options, where PACKAGE --is something like `gnu-as' or `x' (for the X Window System). The --`README' should mention any `--enable-' and `--with-' options that the --package recognizes. -- -- For packages that use the X Window System, `configure' can usually --find the X include and library files automatically, but if it doesn't, --you can use the `configure' options `--x-includes=DIR' and --`--x-libraries=DIR' to specify their locations. -- -- Some packages offer the ability to configure how verbose the --execution of `make' will be. For these packages, running `./configure ----enable-silent-rules' sets the default to minimal output, which can be --overridden with `make V=1'; while running `./configure ----disable-silent-rules' sets the default to verbose, which can be --overridden with `make V=0'. -- --Particular systems --================== -- -- On HP-UX, the default C compiler is not ANSI C compatible. If GNU --CC is not installed, it is recommended to use the following options in --order to use an ANSI C compiler: -- -- ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" -- --and if that doesn't work, install pre-built binaries of GCC for HP-UX. -- -- HP-UX `make' updates targets which have the same time stamps as --their prerequisites, which makes it generally unusable when shipped --generated files such as `configure' are involved. Use GNU `make' --instead. -- -- On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot --parse its `' header file. The option `-nodtk' can be used as --a workaround. If GNU CC is not installed, it is therefore recommended --to try -- -- ./configure CC="cc" -- --and if that doesn't work, try -- -- ./configure CC="cc -nodtk" -- -- On Solaris, don't put `/usr/ucb' early in your `PATH'. This --directory contains several dysfunctional programs; working variants of --these programs are available in `/usr/bin'. So, if you need `/usr/ucb' --in your `PATH', put it _after_ `/usr/bin'. -- -- On Haiku, software installed for all users goes in `/boot/common', --not `/usr/local'. It is recommended to use the following options: -- -- ./configure --prefix=/boot/common -- --Specifying the System Type --========================== -- -- There may be some features `configure' cannot figure out --automatically, but needs to determine by the type of machine the package --will run on. Usually, assuming the package is built to be run on the --_same_ architectures, `configure' can figure that out, but if it prints --a message saying it cannot guess the machine type, give it the --`--build=TYPE' option. TYPE can either be a short name for the system --type, such as `sun4', or a canonical name which has the form: -- -- CPU-COMPANY-SYSTEM -- --where SYSTEM can have one of these forms: -- -- OS -- KERNEL-OS -- -- See the file `config.sub' for the possible values of each field. If --`config.sub' isn't included in this package, then this package doesn't --need to know the machine type. -- -- If you are _building_ compiler tools for cross-compiling, you should --use the option `--target=TYPE' to select the type of system they will --produce code for. -- -- If you want to _use_ a cross compiler, that generates code for a --platform different from the build platform, you should specify the --"host" platform (i.e., that on which the generated programs will --eventually be run) with `--host=TYPE'. -- --Sharing Defaults --================ -- -- If you want to set default values for `configure' scripts to share, --you can create a site shell script called `config.site' that gives --default values for variables like `CC', `cache_file', and `prefix'. --`configure' looks for `PREFIX/share/config.site' if it exists, then --`PREFIX/etc/config.site' if it exists. Or, you can set the --`CONFIG_SITE' environment variable to the location of the site script. --A warning: not all `configure' scripts look for a site script. -- --Defining Variables --================== -- -- Variables not defined in a site shell script can be set in the --environment passed to `configure'. However, some packages may run --configure again during the build, and the customized values of these --variables may be lost. In order to avoid this problem, you should set --them in the `configure' command line, using `VAR=value'. For example: -- -- ./configure CC=/usr/local2/bin/gcc -- --causes the specified `gcc' to be used as the C compiler (unless it is --overridden in the site shell script). -- --Unfortunately, this technique does not work for `CONFIG_SHELL' due to --an Autoconf limitation. Until the limitation is lifted, you can use --this workaround: -- -- CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash -- --`configure' Invocation --====================== -- -- `configure' recognizes the following options to control how it --operates. -- --`--help' --`-h' -- Print a summary of all of the options to `configure', and exit. -- --`--help=short' --`--help=recursive' -- Print a summary of the options unique to this package's -- `configure', and exit. The `short' variant lists options used -- only in the top level, while the `recursive' variant lists options -- also present in any nested packages. -- --`--version' --`-V' -- Print the version of Autoconf used to generate the `configure' -- script, and exit. -- --`--cache-file=FILE' -- Enable the cache: use and save the results of the tests in FILE, -- traditionally `config.cache'. FILE defaults to `/dev/null' to -- disable caching. -- --`--config-cache' --`-C' -- Alias for `--cache-file=config.cache'. -- --`--quiet' --`--silent' --`-q' -- Do not print messages saying which checks are being made. To -- suppress all normal output, redirect it to `/dev/null' (any error -- messages will still be shown). -- --`--srcdir=DIR' -- Look for the package's source code in directory DIR. Usually -- `configure' can determine that directory automatically. -- --`--prefix=DIR' -- Use DIR as the installation prefix. *note Installation Names:: -- for more details, including other options available for fine-tuning -- the installation locations. -- --`--no-create' --`-n' -- Run the configure checks, but stop before creating any output -- files. -- --`configure' also accepts some other, not widely useful, options. Run --`configure --help' for more details. -diff --git a/INSTALL b/INSTALL -new file mode 120000 -index 0000000..e3f22c0 ---- /dev/null -+++ b/INSTALL -@@ -0,0 +1 @@ -+/usr/share/automake-1.16/INSTALL -\ No newline at end of file -diff --git a/src/svc.c b/src/svc.c -index 6db164b..3a8709f 100644 ---- a/src/svc.c -+++ b/src/svc.c -@@ -57,7 +57,7 @@ - - #define max(a, b) (a > b ? a : b) - --static SVCXPRT **__svc_xports; -+SVCXPRT **__svc_xports; - int __svc_maxrec; - - /* -@@ -194,6 +194,21 @@ __xprt_do_unregister (xprt, dolock) - rwlock_unlock (&svc_fd_lock); - } - -+int -+svc_open_fds() -+{ -+ int ix; -+ int nfds = 0; -+ -+ rwlock_rdlock (&svc_fd_lock); -+ for (ix = 0; ix < svc_max_pollfd; ++ix) { -+ if (svc_pollfd[ix].fd != -1) -+ nfds++; -+ } -+ rwlock_unlock (&svc_fd_lock); -+ return (nfds); -+} -+ - /* - * Add a service program to the callout list. - * The dispatch routine will be called when a rpc request for this -diff --git a/src/svc_vc.c b/src/svc_vc.c -index f1d9f00..3dc8a75 100644 ---- a/src/svc_vc.c -+++ b/src/svc_vc.c -@@ -64,6 +64,8 @@ - - - extern rwlock_t svc_fd_lock; -+extern SVCXPRT **__svc_xports; -+extern int svc_open_fds(); - - static SVCXPRT *makefd_xprt(int, u_int, u_int); - static bool_t rendezvous_request(SVCXPRT *, struct rpc_msg *); -@@ -82,6 +84,7 @@ static void svc_vc_ops(SVCXPRT *); - static bool_t svc_vc_control(SVCXPRT *xprt, const u_int rq, void *in); - static bool_t svc_vc_rendezvous_control (SVCXPRT *xprt, const u_int rq, - void *in); -+static int __svc_destroy_idle(int timeout); - - struct cf_rendezvous { /* kept in xprt->xp_p1 for rendezvouser */ - u_int sendsize; -@@ -313,13 +316,14 @@ done: - return (xprt); - } - -+ - /*ARGSUSED*/ - static bool_t - rendezvous_request(xprt, msg) - SVCXPRT *xprt; - struct rpc_msg *msg; - { -- int sock, flags; -+ int sock, flags, nfds, cnt; - struct cf_rendezvous *r; - struct cf_conn *cd; - struct sockaddr_storage addr; -@@ -379,6 +383,16 @@ again: - - gettimeofday(&cd->last_recv_time, NULL); - -+ nfds = svc_open_fds(); -+ if (nfds >= (_rpc_dtablesize() / 5) * 4) { -+ /* destroy idle connections */ -+ cnt = __svc_destroy_idle(15); -+ if (cnt == 0) { -+ /* destroy least active */ -+ __svc_destroy_idle(0); -+ } -+ } -+ - return (FALSE); /* there is never an rpc msg to be processed */ - } - -@@ -820,3 +834,49 @@ __svc_clean_idle(fd_set *fds, int timeout, bool_t cleanblock) - { - return FALSE; - } -+ -+static int -+__svc_destroy_idle(int timeout) -+{ -+ int i, ncleaned = 0; -+ SVCXPRT *xprt, *least_active; -+ struct timeval tv, tdiff, tmax; -+ struct cf_conn *cd; -+ -+ gettimeofday(&tv, NULL); -+ tmax.tv_sec = tmax.tv_usec = 0; -+ least_active = NULL; -+ rwlock_wrlock(&svc_fd_lock); -+ -+ for (i = 0; i <= svc_max_pollfd; i++) { -+ if (svc_pollfd[i].fd == -1) -+ continue; -+ xprt = __svc_xports[i]; -+ if (xprt == NULL || xprt->xp_ops == NULL || -+ xprt->xp_ops->xp_recv != svc_vc_recv) -+ continue; -+ cd = (struct cf_conn *)xprt->xp_p1; -+ if (!cd->nonblock) -+ continue; -+ if (timeout == 0) { -+ timersub(&tv, &cd->last_recv_time, &tdiff); -+ if (timercmp(&tdiff, &tmax, >)) { -+ tmax = tdiff; -+ least_active = xprt; -+ } -+ continue; -+ } -+ if (tv.tv_sec - cd->last_recv_time.tv_sec > timeout) { -+ __xprt_unregister_unlocked(xprt); -+ __svc_vc_dodestroy(xprt); -+ ncleaned++; -+ } -+ } -+ if (timeout == 0 && least_active != NULL) { -+ __xprt_unregister_unlocked(least_active); -+ __svc_vc_dodestroy(least_active); -+ ncleaned++; -+ } -+ rwlock_unlock(&svc_fd_lock); -+ return (ncleaned); -+} --- -1.8.3.1 - diff --git a/meta/recipes-extended/libtirpc/libtirpc_1.3.2.bb b/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb similarity index 80% rename from meta/recipes-extended/libtirpc/libtirpc_1.3.2.bb rename to meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb index cc87638c0f7..bd13f6e95e9 100644 --- a/meta/recipes-extended/libtirpc/libtirpc_1.3.2.bb +++ b/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb @@ -9,12 +9,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f835cce8852481e4b2bbbdd23b5e47f3 \ PROVIDES = "virtual/librpc" -SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2 \ - file://CVE-2021-46828.patch \ - " +SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2" UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/libtirpc/files/libtirpc/" UPSTREAM_CHECK_REGEX = "(?P\d+(\.\d+)+)/" -SRC_URI[sha256sum] = "e24eb88b8ce7db3b7ca6eb80115dd1284abc5ec32a8deccfed2224fc2532b9fd" +SRC_URI[sha256sum] = "6474e98851d9f6f33871957ddee9714fdcd9d8a5ee9abb5a98d63ea2e60e12f3" inherit autotools pkgconfig