diff options
Diffstat (limited to 'meta-oe')
16 files changed, 792 insertions, 12 deletions
diff --git a/meta-oe/recipes-dbs/mysql/mariadb.inc b/meta-oe/recipes-dbs/mysql/mariadb.inc index 9a398b3088..37abf45d8e 100644 --- a/meta-oe/recipes-dbs/mysql/mariadb.inc +++ b/meta-oe/recipes-dbs/mysql/mariadb.inc @@ -4,7 +4,7 @@ SECTION = "libs" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b1becf0cfa3366e0f4d854d1d264f311" -SRC_URI = "https://downloads.mariadb.com/MariaDB/${BPN}-${PV}/source/${BPN}-${PV}.tar.gz \ +SRC_URI = "http://archive.mariadb.org/${BP}/source/${BP}.tar.gz \ file://my.cnf \ file://mysqld.service \ file://install_db.service \ diff --git a/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.8.4.bb b/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.8.4.bb index 88e3320324..97fc6c73b2 100644 --- a/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.8.4.bb +++ b/meta-oe/recipes-devtools/jsoncpp/jsoncpp_1.8.4.bb @@ -19,3 +19,5 @@ S = "${WORKDIR}/git" inherit cmake EXTRA_OECMAKE += "-DBUILD_SHARED_LIBS=ON -DJSONCPP_WITH_TESTS=OFF" + +BBCLASSEXTEND = "native" diff --git a/meta-oe/recipes-devtools/kconfig-frontends/kconfig-frontends_4.11.0.1.bb b/meta-oe/recipes-devtools/kconfig-frontends/kconfig-frontends_4.11.0.1.bb index de9a6eb998..fae80a79e7 100644 --- a/meta-oe/recipes-devtools/kconfig-frontends/kconfig-frontends_4.11.0.1.bb +++ b/meta-oe/recipes-devtools/kconfig-frontends/kconfig-frontends_4.11.0.1.bb @@ -7,13 +7,13 @@ the effort of keeping an up-to-date, out-of-tree, packaging of the \ kconfig infrastructure, ready for use by third-party projects. \ The kconfig-frontends package provides the kconfig parser, as well as all \ the frontends" -HOMEPAGE = "http://ymorin.is-a-geek.org/projects/kconfig-frontends" +HOMEPAGE = "https://gitlab.com/ymorin/kconfig-frontends" LICENSE = "GPL-2.0" LIC_FILES_CHKSUM = "file://COPYING;md5=9b8cf60ff39767ff04b671fca8302408" SECTION = "devel" DEPENDS += "ncurses flex bison gperf-native bison-native" RDEPENDS_${PN} += "python3 bash" -SRC_URI = "git://ymorin.is-a-geek.org/kconfig-frontends;branch=4.11.x \ +SRC_URI = "git://gitlab.com/ymorin/kconfig-frontends.git;protocol=https;branch=4.11.x \ file://0001-Makefile-ensure-frontends-exits-before-writing-into-.patch \ file://0001-Switch-utils-kconfig-diff-to-use-Python-3.patch" diff --git a/meta-oe/recipes-devtools/protobuf/protobuf-c/0001-avoid-race-condition.patch b/meta-oe/recipes-devtools/protobuf/protobuf-c/0001-avoid-race-condition.patch new file mode 100644 index 0000000000..4fc7703d81 --- /dev/null +++ b/meta-oe/recipes-devtools/protobuf/protobuf-c/0001-avoid-race-condition.patch @@ -0,0 +1,36 @@ +From 216e31260b618ec73862f9f5336597f391444dac Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Sun, 29 Sep 2019 17:20:42 +0800 +Subject: [PATCH] avoid race condition + +It's possible that the cxx-generate-packed-data.cc is compiled +while the t/test-full.pb.h is being generated. This will result +the following error. + + DEBUG: ./t/test-full.pb.h:4:0: error: unterminated #ifndef + ./t/test-full.pb.h:4:0: error: unterminated #ifndef + +Add a dependency to avoid such problem. + +Upstream-Status: Pending + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + Makefile.am | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/Makefile.am b/Makefile.am +index b0cb065..1608ae0 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -156,6 +156,7 @@ noinst_PROGRAMS += \ + t_generated_code2_cxx_generate_packed_data_SOURCES = \ + t/generated-code2/cxx-generate-packed-data.cc \ + t/test-full.pb.cc ++t/generated-code2/cxx-generate-packed-data.cc: t/test-full.pb.h + $(t_generated_code2_cxx_generate_packed_data_OBJECTS): t/test-full.pb.h + t_generated_code2_cxx_generate_packed_data_CXXFLAGS = \ + $(AM_CXXFLAGS) \ +-- +2.17.1 + diff --git a/meta-oe/recipes-devtools/protobuf/protobuf-c_1.3.1.bb b/meta-oe/recipes-devtools/protobuf/protobuf-c_1.3.1.bb index 7ef0300925..17f92f04bb 100644 --- a/meta-oe/recipes-devtools/protobuf/protobuf-c_1.3.1.bb +++ b/meta-oe/recipes-devtools/protobuf/protobuf-c_1.3.1.bb @@ -15,7 +15,8 @@ DEPENDS = "protobuf-native protobuf" PV .= "+git${SRCPV}" SRCREV = "269771b4b45d3aba04e59569f53600003db8d9ff" -SRC_URI = "git://github.com/protobuf-c/protobuf-c.git" +SRC_URI = "git://github.com/protobuf-c/protobuf-c.git \ + file://0001-avoid-race-condition.patch" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/polkit/polkit-group-rule.inc b/meta-oe/recipes-extended/polkit/polkit-group-rule.inc index 06ab106420..8ced8abe59 100644 --- a/meta-oe/recipes-extended/polkit/polkit-group-rule.inc +++ b/meta-oe/recipes-extended/polkit/polkit-group-rule.inc @@ -8,6 +8,6 @@ inherit useradd do_install_prepend() { install -m 700 -d ${D}${sysconfdir}/polkit-1/rules.d - chown polkitd:polkitd ${D}${sysconfdir}/polkit-1/rules.d + chown polkitd:root ${D}/${sysconfdir}/polkit-1/rules.d } USERADD_PARAM_${PN}_prepend = "--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd;" diff --git a/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p1.patch b/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p1.patch new file mode 100644 index 0000000000..32ea0bacc9 --- /dev/null +++ b/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p1.patch @@ -0,0 +1,194 @@ +From cd80aa29c85745ca073cf0581ccdcf2f80aa30db Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Mon, 3 Dec 2018 10:28:58 +0100 +Subject: [PATCH 1/3] Allow negative uids/gids in PolkitUnixUser and Group + objects + +(uid_t) -1 is still used as placeholder to mean "unset". This is OK, since +there should be no users with such number, see +https://systemd.io/UIDS-GIDS#special-linux-uids. + +(uid_t) -1 is used as the default value in class initialization. + +When a user or group above INT32_MAX is created, the numeric uid or +gid wraps around to negative when the value is assigned to gint, and +polkit gets confused. Let's accept such gids, except for -1. + +A nicer fix would be to change the underlying type to e.g. uint32 to +not have negative values. But this cannot be done without breaking the +API, so likely new functions will have to be added (a +polkit_unix_user_new variant that takes a unsigned, and the same for +_group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will +require a bigger patch. + +Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74. + +CVE: CVE-2018-19788 +Upstream-Status: Backport +[https://gitlab.freedesktop.org/polkit/polkit/commit/2cb40c4d5feeaa09325522bd7d97910f1b59e379] + +Signed-off-by: Dan Tran <dantran@microsoft.com> +--- + src/polkit/polkitunixgroup.c | 15 +++++++++++---- + src/polkit/polkitunixprocess.c | 12 ++++++++---- + src/polkit/polkitunixuser.c | 13 ++++++++++--- + 3 files changed, 29 insertions(+), 11 deletions(-) + +diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c +index c57a1aa..309f689 100644 +--- a/src/polkit/polkitunixgroup.c ++++ b/src/polkit/polkitunixgroup.c +@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, + static void + polkit_unix_group_init (PolkitUnixGroup *unix_group) + { ++ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */ + } + + static void +@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object, + GParamSpec *pspec) + { + PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); ++ gint val; + + switch (prop_id) + { + case PROP_GID: +- unix_group->gid = g_value_get_int (value); ++ val = g_value_get_int (value); ++ g_return_if_fail (val != -1); ++ unix_group->gid = val; + break; + + default: +@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass) + g_param_spec_int ("gid", + "Group ID", + "The UNIX group ID", +- 0, ++ G_MININT, + G_MAXINT, +- 0, ++ -1, + G_PARAM_CONSTRUCT | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | +@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group) + */ + void + polkit_unix_group_set_gid (PolkitUnixGroup *group, +- gint gid) ++ gint gid) + { + g_return_if_fail (POLKIT_IS_UNIX_GROUP (group)); ++ g_return_if_fail (gid != -1); + group->gid = gid; + } + +@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group, + PolkitIdentity * + polkit_unix_group_new (gint gid) + { ++ g_return_val_if_fail (gid != -1, NULL); ++ + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, + "gid", gid, + NULL)); +diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c +index 972b777..b02b258 100644 +--- a/src/polkit/polkitunixprocess.c ++++ b/src/polkit/polkitunixprocess.c +@@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject *object, + polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); + break; + +- case PROP_UID: +- polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); ++ case PROP_UID: { ++ gint val; ++ ++ val = g_value_get_int (value); ++ g_return_if_fail (val != -1); ++ polkit_unix_process_set_uid (unix_process, val); + break; ++ } + + case PROP_START_TIME: + polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); +@@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) + g_param_spec_int ("uid", + "User ID", + "The UNIX user ID", +- -1, ++ G_MININT, + G_MAXINT, + -1, + G_PARAM_CONSTRUCT | +@@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process, + gint uid) + { + g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); +- g_return_if_fail (uid >= -1); + process->uid = uid; + } + +diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c +index 8bfd3a1..234a697 100644 +--- a/src/polkit/polkitunixuser.c ++++ b/src/polkit/polkitunixuser.c +@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, + static void + polkit_unix_user_init (PolkitUnixUser *unix_user) + { ++ unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */ + unix_user->name = NULL; + } + +@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object, + GParamSpec *pspec) + { + PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); ++ gint val; + + switch (prop_id) + { + case PROP_UID: +- unix_user->uid = g_value_get_int (value); ++ val = g_value_get_int (value); ++ g_return_if_fail (val != -1); ++ unix_user->uid = val; + break; + + default: +@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass) + g_param_spec_int ("uid", + "User ID", + "The UNIX user ID", +- 0, ++ G_MININT, + G_MAXINT, +- 0, ++ -1, + G_PARAM_CONSTRUCT | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | +@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, + gint uid) + { + g_return_if_fail (POLKIT_IS_UNIX_USER (user)); ++ g_return_if_fail (uid != -1); + user->uid = uid; + } + +@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, + PolkitIdentity * + polkit_unix_user_new (gint uid) + { ++ g_return_val_if_fail (uid != -1, NULL); ++ + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, + "uid", uid, + NULL)); +-- +2.22.0.vfs.1.1.57.gbaf16c8 diff --git a/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p2.patch b/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p2.patch new file mode 100644 index 0000000000..097dfd921f --- /dev/null +++ b/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p2.patch @@ -0,0 +1,153 @@ +From 17f18d9f81d99b014c680e7e50198d7f190b804e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Mon, 3 Dec 2018 11:20:34 +0100 +Subject: [PATCH 2/3] tests: add tests for high uids + +CVE: CVE-2018-19788 +Upstream-Status: Backport +[https://gitlab.freedesktop.org/polkit/polkit/commit/b534a10727455409acd54018a9c91000e7626126] + +Signed-off-by: Dan Tran <dantran@microsoft.com> +--- + test/data/etc/group | 1 + + test/data/etc/passwd | 2 + + .../etc/polkit-1/rules.d/10-testing.rules | 21 ++++++ + .../test-polkitbackendjsauthority.c | 72 +++++++++++++++++++ + 4 files changed, 96 insertions(+) + +diff --git a/test/data/etc/group b/test/data/etc/group +index 12ef328..b9acab9 100644 +--- a/test/data/etc/group ++++ b/test/data/etc/group +@@ -5,3 +5,4 @@ john:x:500: + jane:x:501: + sally:x:502: + henry:x:503: ++highuid2:x:4000000000: +diff --git a/test/data/etc/passwd b/test/data/etc/passwd +index 8544feb..5cf14a5 100644 +--- a/test/data/etc/passwd ++++ b/test/data/etc/passwd +@@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash + jane:x:501:501:Jane Smith:/home/jane:/bin/bash + sally:x:502:502:Sally Derp:/home/sally:/bin/bash + henry:x:503:503:Henry Herp:/home/henry:/bin/bash ++highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin ++highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin +diff --git a/test/data/etc/polkit-1/rules.d/10-testing.rules b/test/data/etc/polkit-1/rules.d/10-testing.rules +index 446e622..98bf062 100644 +--- a/test/data/etc/polkit-1/rules.d/10-testing.rules ++++ b/test/data/etc/polkit-1/rules.d/10-testing.rules +@@ -53,6 +53,27 @@ polkit.addRule(function(action, subject) { + } + }); + ++polkit.addRule(function(action, subject) { ++ if (action.id == "net.company.john_action") { ++ if (subject.user == "john") { ++ return polkit.Result.YES; ++ } else { ++ return polkit.Result.NO; ++ } ++ } ++}); ++ ++polkit.addRule(function(action, subject) { ++ if (action.id == "net.company.highuid2_action") { ++ if (subject.user == "highuid2") { ++ return polkit.Result.YES; ++ } else { ++ return polkit.Result.NO; ++ } ++ } ++}); ++ ++ + // --------------------------------------------------------------------- + // variables + +diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c +index b484a26..71aad23 100644 +--- a/test/polkitbackend/test-polkitbackendjsauthority.c ++++ b/test/polkitbackend/test-polkitbackendjsauthority.c +@@ -330,6 +330,78 @@ static const RulesTestCase rules_test_cases[] = { + NULL, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, + }, ++ ++ { ++ /* highuid1 is not a member of group 'users', see test/data/etc/group */ ++ "group_membership_with_non_member(highuid22)", ++ "net.company.group.only_group_users", ++ "unix-user:highuid2", ++ NULL, ++ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, ++ }, ++ ++ { ++ /* highuid2 is not a member of group 'users', see test/data/etc/group */ ++ "group_membership_with_non_member(highuid21)", ++ "net.company.group.only_group_users", ++ "unix-user:highuid2", ++ NULL, ++ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, ++ }, ++ ++ { ++ /* highuid1 is not a member of group 'users', see test/data/etc/group */ ++ "group_membership_with_non_member(highuid24)", ++ "net.company.group.only_group_users", ++ "unix-user:2147483648", ++ NULL, ++ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, ++ }, ++ ++ { ++ /* highuid2 is not a member of group 'users', see test/data/etc/group */ ++ "group_membership_with_non_member(highuid23)", ++ "net.company.group.only_group_users", ++ "unix-user:4000000000", ++ NULL, ++ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, ++ }, ++ ++ { ++ /* john is authorized to do this, see 10-testing.rules */ ++ "john_action", ++ "net.company.john_action", ++ "unix-user:john", ++ NULL, ++ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, ++ }, ++ ++ { ++ /* only john is authorized to do this, see 10-testing.rules */ ++ "jane_action", ++ "net.company.john_action", ++ "unix-user:jane", ++ NULL, ++ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, ++ }, ++ ++ { ++ /* highuid2 is authorized to do this, see 10-testing.rules */ ++ "highuid2_action", ++ "net.company.highuid2_action", ++ "unix-user:highuid2", ++ NULL, ++ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, ++ }, ++ ++ { ++ /* only highuid2 is authorized to do this, see 10-testing.rules */ ++ "highuid1_action", ++ "net.company.highuid2_action", ++ "unix-user:highuid1", ++ NULL, ++ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, ++ }, + }; + + /* ---------------------------------------------------------------------------------------------------- */ +-- +2.22.0.vfs.1.1.57.gbaf16c8 diff --git a/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p3.patch b/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p3.patch new file mode 100644 index 0000000000..b97a6b06db --- /dev/null +++ b/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p3.patch @@ -0,0 +1,53 @@ +From 0fd5884a943a92aa076fa3276bd83f502dcb934e Mon Sep 17 00:00:00 2001 +From: Matthew Leeds <matthew.leeds@endlessm.com> +Date: Tue, 11 Dec 2018 12:04:26 -0800 +Subject: [PATCH 3/3] Allow uid of -1 for a PolkitUnixProcess + +Commit 2cb40c4d5 changed PolkitUnixUser, PolkitUnixGroup, and +PolkitUnixProcess to allow negative values for their uid/gid properties, +since these are values above INT_MAX which wrap around but are still +valid, with the exception of -1 which is not valid. However, +PolkitUnixProcess allows a uid of -1 to be passed to +polkit_unix_process_new_for_owner() which means polkit is expected to +figure out the uid on its own (this happens in the _constructed +function). So this commit removes the check in +polkit_unix_process_set_property() so that new_for_owner() can be used +as documented without producing a critical error message. + +This does not affect the protection against CVE-2018-19788 which is +based on creating a user with a UID up to but not including 4294967295 +(-1). + +CVE: CVE-2018-19788 +Upstream-Status: Backport +[https://gitlab.freedesktop.org/polkit/polkit/commit/c05472b86222a72505adc5eec460493980224ef8] + +Signed-off-by: Dan Tran <dantran@microsoft.com> +--- + src/polkit/polkitunixprocess.c | 9 ++------- + 1 file changed, 2 insertions(+), 7 deletions(-) + +diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c +index b02b258..e2a3c03 100644 +--- a/src/polkit/polkitunixprocess.c ++++ b/src/polkit/polkitunixprocess.c +@@ -159,14 +159,9 @@ polkit_unix_process_set_property (GObject *object, + polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); + break; + +- case PROP_UID: { +- gint val; +- +- val = g_value_get_int (value); +- g_return_if_fail (val != -1); +- polkit_unix_process_set_uid (unix_process, val); ++ case PROP_UID: ++ polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); + break; +- } + + case PROP_START_TIME: + polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); +-- +2.22.0.vfs.1.1.57.gbaf16c8 + diff --git a/meta-oe/recipes-extended/polkit/polkit_0.115.bb b/meta-oe/recipes-extended/polkit/polkit_0.115.bb index 562a754b21..ca21c0387f 100644 --- a/meta-oe/recipes-extended/polkit/polkit_0.115.bb +++ b/meta-oe/recipes-extended/polkit/polkit_0.115.bb @@ -23,10 +23,14 @@ PACKAGECONFIG[consolekit] = ",,,consolekit" PAM_SRC_URI = "file://polkit-1_pam.patch" SRC_URI = "http://www.freedesktop.org/software/polkit/releases/polkit-${PV}.tar.gz \ - file://0001-make-netgroup-support-configurable.patch \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ - file://0001-backend-Compare-PolkitUnixProcess-uids-for-temporary.patch \ - " + file://0001-make-netgroup-support-configurable.patch \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ + file://0001-backend-Compare-PolkitUnixProcess-uids-for-temporary.patch \ + file://CVE-2018-19788_p1.patch \ + file://CVE-2018-19788_p2.patch \ + file://CVE-2018-19788_p3.patch \ +" + SRC_URI[md5sum] = "f03b055d6ae5fc8eac76838c7d83d082" SRC_URI[sha256sum] = "2f87ecdabfbd415c6306673ceadc59846f059b18ef2fce42bac63fe283f12131" diff --git a/meta-oe/recipes-extended/redis/redis/0001-src-Do-not-reset-FINAL_LIBS.patch b/meta-oe/recipes-extended/redis/redis/0001-src-Do-not-reset-FINAL_LIBS.patch new file mode 100644 index 0000000000..04af15dd86 --- /dev/null +++ b/meta-oe/recipes-extended/redis/redis/0001-src-Do-not-reset-FINAL_LIBS.patch @@ -0,0 +1,32 @@ +From 97584e1eb78dc18599534b47b6670c20c63f5ee2 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Tue, 10 Sep 2019 20:04:26 -0700 +Subject: [PATCH] src: Do not reset FINAL_LIBS + +This helps case where additional libraries are needed to be passed from +environment to get it going + +e.g. -latomic is needed on clang/x86 to provide for 64bit atomics + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + src/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/Makefile b/src/Makefile +index 7f7c625..c71dd3b 100644 +--- a/src/Makefile ++++ b/src/Makefile +@@ -66,7 +66,7 @@ endif + + FINAL_CFLAGS=$(STD) $(WARN) $(OPT) $(DEBUG) $(CFLAGS) $(REDIS_CFLAGS) + FINAL_LDFLAGS=$(LDFLAGS) $(REDIS_LDFLAGS) $(DEBUG) +-FINAL_LIBS=-lm ++FINAL_LIBS+=-lm + DEBUG=-g -ggdb + + ifeq ($(uname_S),SunOS) +-- +2.23.0 + diff --git a/meta-oe/recipes-extended/redis/redis_4.0.14.bb b/meta-oe/recipes-extended/redis/redis_4.0.14.bb index 5df5312a0f..45ea29b702 100644 --- a/meta-oe/recipes-extended/redis/redis_4.0.14.bb +++ b/meta-oe/recipes-extended/redis/redis_4.0.14.bb @@ -11,6 +11,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ file://lua-update-Makefile-to-use-environment-build-setting.patch \ file://oe-use-libc-malloc.patch \ file://Fixed-stack-trace-generation-on-aarch64.patch \ + file://0001-src-Do-not-reset-FINAL_LIBS.patch \ file://redis.conf \ file://init-redis-server \ file://redis.service \ @@ -25,11 +26,13 @@ SRC_URI[sha256sum] = "1e1e18420a86cfb285933123b04a82e1ebda20bfb0a289472745a08758 inherit autotools-brokensep update-rc.d systemd useradd +FINAL_LIBS_x86_toolchain-clang = "-latomic" +export FINAL_LIBS + USERADD_PACKAGES = "${PN}" USERADD_PARAM_${PN} = "--system --home-dir /var/lib/redis -g redis --shell /bin/false redis" GROUPADD_PARAM_${PN} = "--system redis" - REDIS_ON_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}" do_compile_prepend() { diff --git a/meta-oe/recipes-graphics/xorg-font/xorg-fonts-100dpi.bb b/meta-oe/recipes-graphics/xorg-font/xorg-fonts-100dpi.bb index 45e3f7b592..ae9704050c 100644 --- a/meta-oe/recipes-graphics/xorg-font/xorg-fonts-100dpi.bb +++ b/meta-oe/recipes-graphics/xorg-font/xorg-fonts-100dpi.bb @@ -1,5 +1,5 @@ SUMMARY = "Xorg 100 DPI font set" -LICENSE = "Custom" +LICENSE = "MIT" inherit packagegroup distro_features_check # rdepends on font recipes with this restriction diff --git a/meta-oe/recipes-kernel/bpftool/bpftool.bb b/meta-oe/recipes-kernel/bpftool/bpftool.bb index f75ac6f81c..a5df547865 100644 --- a/meta-oe/recipes-kernel/bpftool/bpftool.bb +++ b/meta-oe/recipes-kernel/bpftool/bpftool.bb @@ -10,7 +10,9 @@ inherit bash-completion kernelsrc kernel-arch do_populate_lic[depends] += "virtual/kernel:do_patch" -EXTRA_OEMAKE = "-C ${S}/tools/bpf/bpftool O=${B} CROSS=${TARGET_PREFIX} CC="${CC}" LD="${LD}" AR=${AR} ARCH=${ARCH}" +EXTRA_OEMAKE = "V=1 -C ${S}/tools/bpf/bpftool O=${B} CROSS=${TARGET_PREFIX} CC="${CC}" LD="${LD}" AR=${AR} ARCH=${ARCH}" + +SECURITY_CFLAGS = "" do_configure[depends] += "virtual/kernel:do_shared_workdir" diff --git a/meta-oe/recipes-support/gd/gd/CVE-2019-6978.patch b/meta-oe/recipes-support/gd/gd/CVE-2019-6978.patch new file mode 100644 index 0000000000..9beb23e834 --- /dev/null +++ b/meta-oe/recipes-support/gd/gd/CVE-2019-6978.patch @@ -0,0 +1,299 @@ +From 553702980ae89c83f2d6e254d62cf82e204956d0 Mon Sep 17 00:00:00 2001 +From: "Christoph M. Becker" <cmbecker69@gmx.de> +Date: Thu, 17 Jan 2019 11:54:55 +0100 +Subject: [PATCH] Fix #492: Potential double-free in gdImage*Ptr() + +Whenever `gdImage*Ptr()` calls `gdImage*Ctx()` and the latter fails, we +must not call `gdDPExtractData()`; otherwise a double-free would +happen. Since `gdImage*Ctx()` are void functions, and we can't change +that for BC reasons, we're introducing static helpers which are used +internally. + +We're adding a regression test for `gdImageJpegPtr()`, but not for +`gdImageGifPtr()` and `gdImageWbmpPtr()` since we don't know how to +trigger failure of the respective `gdImage*Ctx()` calls. + +This potential security issue has been reported by Solmaz Salimi (aka. +Rooney). +--- + src/gd_gif_out.c | 18 +++++++++++++++--- + src/gd_jpeg.c | 20 ++++++++++++++++---- + src/gd_wbmp.c | 21 ++++++++++++++++++--- + tests/jpeg/.gitignore | 1 + + tests/jpeg/CMakeLists.txt | 1 + + tests/jpeg/Makemodule.am | 3 ++- + tests/jpeg/jpeg_ptr_double_free.c | 31 +++++++++++++++++++++++++++++++ + 7 files changed, 84 insertions(+), 11 deletions(-) + create mode 100644 tests/jpeg/jpeg_ptr_double_free.c + +Upstream-Status: Backport [https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0] +CVE: CVE-2019-6978 + +Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> + + +diff --git a/src/gd_gif_out.c b/src/gd_gif_out.c +index 298a581..d5a9534 100644 +--- a/src/gd_gif_out.c ++++ b/src/gd_gif_out.c +@@ -99,6 +99,7 @@ static void char_init(GifCtx *ctx); + static void char_out(int c, GifCtx *ctx); + static void flush_char(GifCtx *ctx); + ++static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out); + + + +@@ -131,8 +132,11 @@ BGD_DECLARE(void *) gdImageGifPtr(gdImagePtr im, int *size) + void *rv; + gdIOCtx *out = gdNewDynamicCtx(2048, NULL); + if (out == NULL) return NULL; +- gdImageGifCtx(im, out); +- rv = gdDPExtractData(out, size); ++ if (!_gdImageGifCtx(im, out)) { ++ rv = gdDPExtractData(out, size); ++ } else { ++ rv = NULL; ++ } + out->gd_free(out); + return rv; + } +@@ -220,6 +224,12 @@ BGD_DECLARE(void) gdImageGif(gdImagePtr im, FILE *outFile) + + */ + BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) ++{ ++ _gdImageGifCtx(im, out); ++} ++ ++/* returns 0 on success, 1 on failure */ ++static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) + { + gdImagePtr pim = 0, tim = im; + int interlace, BitsPerPixel; +@@ -231,7 +241,7 @@ BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) + based temporary image. */ + pim = gdImageCreatePaletteFromTrueColor(im, 1, 256); + if(!pim) { +- return; ++ return 1; + } + tim = pim; + } +@@ -247,6 +257,8 @@ BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) + /* Destroy palette based temporary image. */ + gdImageDestroy( pim); + } ++ ++ return 0; + } + + +diff --git a/src/gd_jpeg.c b/src/gd_jpeg.c +index fc05842..96ef430 100644 +--- a/src/gd_jpeg.c ++++ b/src/gd_jpeg.c +@@ -117,6 +117,8 @@ static void fatal_jpeg_error(j_common_ptr cinfo) + exit(99); + } + ++static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality); ++ + /* + * Write IM to OUTFILE as a JFIF-formatted JPEG image, using quality + * QUALITY. If QUALITY is in the range 0-100, increasing values +@@ -231,8 +233,11 @@ BGD_DECLARE(void *) gdImageJpegPtr(gdImagePtr im, int *size, int quality) + void *rv; + gdIOCtx *out = gdNewDynamicCtx(2048, NULL); + if (out == NULL) return NULL; +- gdImageJpegCtx(im, out, quality); +- rv = gdDPExtractData(out, size); ++ if (!_gdImageJpegCtx(im, out, quality)) { ++ rv = gdDPExtractData(out, size); ++ } else { ++ rv = NULL; ++ } + out->gd_free(out); + return rv; + } +@@ -253,6 +258,12 @@ void jpeg_gdIOCtx_dest(j_compress_ptr cinfo, gdIOCtx *outfile); + + */ + BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) ++{ ++ _gdImageJpegCtx(im, outfile, quality); ++} ++ ++/* returns 0 on success, 1 on failure */ ++static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) + { + struct jpeg_compress_struct cinfo; + struct jpeg_error_mgr jerr; +@@ -287,7 +298,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) + if(row) { + gdFree(row); + } +- return; ++ return 1; + } + + cinfo.err->emit_message = jpeg_emit_message; +@@ -328,7 +339,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) + if(row == 0) { + gd_error("gd-jpeg: error: unable to allocate JPEG row structure: gdCalloc returns NULL\n"); + jpeg_destroy_compress(&cinfo); +- return; ++ return 1; + } + + rowptr[0] = row; +@@ -405,6 +416,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) + jpeg_finish_compress(&cinfo); + jpeg_destroy_compress(&cinfo); + gdFree(row); ++ return 0; + } + + +diff --git a/src/gd_wbmp.c b/src/gd_wbmp.c +index f19a1c9..a49bdbe 100644 +--- a/src/gd_wbmp.c ++++ b/src/gd_wbmp.c +@@ -88,6 +88,8 @@ int gd_getin(void *in) + return (gdGetC((gdIOCtx *)in)); + } + ++static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out); ++ + /* + Function: gdImageWBMPCtx + +@@ -100,6 +102,12 @@ int gd_getin(void *in) + out - the stream where to write + */ + BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) ++{ ++ _gdImageWBMPCtx(image, fg, out); ++} ++ ++/* returns 0 on success, 1 on failure */ ++static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) + { + int x, y, pos; + Wbmp *wbmp; +@@ -107,7 +115,7 @@ BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) + /* create the WBMP */ + if((wbmp = createwbmp(gdImageSX(image), gdImageSY(image), WBMP_WHITE)) == NULL) { + gd_error("Could not create WBMP\n"); +- return; ++ return 1; + } + + /* fill up the WBMP structure */ +@@ -123,11 +131,15 @@ BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) + + /* write the WBMP to a gd file descriptor */ + if(writewbmp(wbmp, &gd_putout, out)) { ++ freewbmp(wbmp); + gd_error("Could not save WBMP\n"); ++ return 1; + } + + /* des submitted this bugfix: gdFree the memory. */ + freewbmp(wbmp); ++ ++ return 0; + } + + /* +@@ -271,8 +283,11 @@ BGD_DECLARE(void *) gdImageWBMPPtr(gdImagePtr im, int *size, int fg) + void *rv; + gdIOCtx *out = gdNewDynamicCtx(2048, NULL); + if (out == NULL) return NULL; +- gdImageWBMPCtx(im, fg, out); +- rv = gdDPExtractData(out, size); ++ if (!_gdImageWBMPCtx(im, fg, out)) { ++ rv = gdDPExtractData(out, size); ++ } else { ++ rv = NULL; ++ } + out->gd_free(out); + return rv; + } +diff --git a/tests/jpeg/.gitignore b/tests/jpeg/.gitignore +index c28aa87..13bcf04 100644 +--- a/tests/jpeg/.gitignore ++++ b/tests/jpeg/.gitignore +@@ -3,5 +3,6 @@ + /jpeg_empty_file + /jpeg_im2im + /jpeg_null ++/jpeg_ptr_double_free + /jpeg_read + /jpeg_resolution +diff --git a/tests/jpeg/CMakeLists.txt b/tests/jpeg/CMakeLists.txt +index 19964b0..a8d8162 100644 +--- a/tests/jpeg/CMakeLists.txt ++++ b/tests/jpeg/CMakeLists.txt +@@ -2,6 +2,7 @@ IF(JPEG_FOUND) + LIST(APPEND TESTS_FILES + jpeg_empty_file + jpeg_im2im ++ jpeg_ptr_double_free + jpeg_null + ) + +diff --git a/tests/jpeg/Makemodule.am b/tests/jpeg/Makemodule.am +index 7e5d317..b89e169 100644 +--- a/tests/jpeg/Makemodule.am ++++ b/tests/jpeg/Makemodule.am +@@ -2,7 +2,8 @@ if HAVE_LIBJPEG + libgd_test_programs += \ + jpeg/jpeg_empty_file \ + jpeg/jpeg_im2im \ +- jpeg/jpeg_null ++ jpeg/jpeg_null \ ++ jpeg/jpeg_ptr_double_free + + if HAVE_LIBPNG + libgd_test_programs += \ +diff --git a/tests/jpeg/jpeg_ptr_double_free.c b/tests/jpeg/jpeg_ptr_double_free.c +new file mode 100644 +index 0000000..df5a510 +--- /dev/null ++++ b/tests/jpeg/jpeg_ptr_double_free.c +@@ -0,0 +1,31 @@ ++/** ++ * Test that failure to convert to JPEG returns NULL ++ * ++ * We are creating an image, set its width to zero, and pass this image to ++ * `gdImageJpegPtr()` which is supposed to fail, and as such should return NULL. ++ * ++ * See also <https://github.com/libgd/libgd/issues/381> ++ */ ++ ++ ++#include "gd.h" ++#include "gdtest.h" ++ ++ ++int main() ++{ ++ gdImagePtr src, dst; ++ int size; ++ ++ src = gdImageCreateTrueColor(1, 10); ++ gdTestAssert(src != NULL); ++ ++ src->sx = 0; /* this hack forces gdImageJpegPtr() to fail */ ++ ++ dst = gdImageJpegPtr(src, &size, 0); ++ gdTestAssert(dst == NULL); ++ ++ gdImageDestroy(src); ++ ++ return gdNumFailures(); ++} +-- +2.17.1 + diff --git a/meta-oe/recipes-support/gd/gd_2.2.5.bb b/meta-oe/recipes-support/gd/gd_2.2.5.bb index c846bda6b0..35f9bb2516 100644 --- a/meta-oe/recipes-support/gd/gd_2.2.5.bb +++ b/meta-oe/recipes-support/gd/gd_2.2.5.bb @@ -16,6 +16,7 @@ DEPENDS = "freetype libpng jpeg zlib tiff" SRC_URI = "git://github.com/libgd/libgd.git;branch=GD-2.2 \ file://0001-annotate.c-gdft.c-Replace-strncpy-with-memccpy-to-fi.patch \ file://CVE-2018-1000222.patch \ + file://CVE-2019-6978.patch \ " SRCREV = "8255231b68889597d04d451a72438ab92a405aba" |