diff options
7 files changed, 293 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.32.inc b/meta/recipes-devtools/binutils/binutils-2.32.inc index 349c3e1154..1f2d033a6c 100644 --- a/meta/recipes-devtools/binutils/binutils-2.32.inc +++ b/meta/recipes-devtools/binutils/binutils-2.32.inc @@ -51,6 +51,7 @@ SRC_URI = "\ file://CVE-2019-14444.patch \ file://CVE-2019-17450.patch \ file://CVE-2019-17451.patch \ + file://0001-Fix-a-missing-include-of-string.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0001-Fix-a-missing-include-of-string.patch b/meta/recipes-devtools/binutils/binutils/0001-Fix-a-missing-include-of-string.patch new file mode 100644 index 0000000000..9f52ed8938 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0001-Fix-a-missing-include-of-string.patch @@ -0,0 +1,49 @@ +From 1aaf9d481a7c0e20675df165a4968e255521bea8 Mon Sep 17 00:00:00 2001 +From: Trevor Gamblin <trevor.gamblin@windriver.com> +Date: Wed, 28 Apr 2021 09:25:08 -0400 +Subject: [PATCH] Fix a missing include of <string> + +gold/ChangeLog: + +2019-06-07 Martin Liska <mliska@suse.cz> + + * errors.h: Include string. + +Upstream-Status: Backport +(https://github.com/bminor/binutils-gdb/commit/a3972330f) + +Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> +--- + gold/ChangeLog | 3 +++ + gold/errors.h | 1 + + 2 files changed, 4 insertions(+) + +diff --git a/gold/ChangeLog b/gold/ChangeLog +index 458bed793e0..00f804b1bf6 100644 +--- a/gold/ChangeLog ++++ b/gold/ChangeLog +@@ -2,6 +2,9 @@ + + 2.32 Release. + ++2019-06-10 Martin Liska <mliska@suse.cz> ++ ++ * errors.h: Include string. + 2019-01-21 Nick Clifton <nickc@redhat.com> + + * po/uk.po: Updated Ukranian translation. +diff --git a/gold/errors.h b/gold/errors.h +index c26b5586379..ac681e965bb 100644 +--- a/gold/errors.h ++++ b/gold/errors.h +@@ -24,6 +24,7 @@ + #define GOLD_ERRORS_H + + #include <cstdarg> ++#include <string> + + #include "gold-threads.h" + +-- +2.30.2 + diff --git a/meta/recipes-support/curl/curl/CVE-2020-8169.patch b/meta/recipes-support/curl/curl/CVE-2020-8169.patch new file mode 100644 index 0000000000..476d86af6e --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2020-8169.patch @@ -0,0 +1,141 @@ +From 600a8cded447cd7118ed50142c576567c0cf5158 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Thu, 14 May 2020 14:37:12 +0200 +Subject: [PATCH] url: make the updated credentials URL-encoded in the URL + +Found-by: Gregory Jefferis +Reported-by: Jeroen Ooms +Added test 1168 to verify. Bug spotted when doing a redirect. +Bug: https://github.com/jeroen/curl/issues/224 +Closes #5400 + +Upstream-Status: Backport +https://github.com/curl/curl/commit/600a8cded447cd + +CVE: CVE-2020-8169 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + lib/url.c | 6 ++-- + tests/data/Makefile.inc | 1 + + tests/data/test1168 | 78 +++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 83 insertions(+), 2 deletions(-) + create mode 100644 tests/data/test1168 + +Index: curl-7.69.1/lib/url.c +=================================================================== +--- curl-7.69.1.orig/lib/url.c ++++ curl-7.69.1/lib/url.c +@@ -2776,12 +2776,14 @@ static CURLcode override_login(struct Cu + + /* for updated strings, we update them in the URL */ + if(user_changed) { +- uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, 0); ++ uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, ++ CURLU_URLENCODE); + if(uc) + return Curl_uc_to_curlcode(uc); + } + if(passwd_changed) { +- uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, 0); ++ uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, ++ CURLU_URLENCODE); + if(uc) + return Curl_uc_to_curlcode(uc); + } +Index: curl-7.69.1/tests/data/Makefile.inc +=================================================================== +--- curl-7.69.1.orig/tests/data/Makefile.inc ++++ curl-7.69.1/tests/data/Makefile.inc +@@ -129,7 +129,7 @@ + test1136 test1137 test1138 test1139 test1140 test1141 test1142 test1143 \ + test1144 test1145 test1146 test1147 test1148 test1149 test1150 test1151 \ + test1152 test1153 test1154 test1155 test1156 test1157 test1158 test1159 \ +-test1160 test1161 test1162 test1163 test1164 test1165 \ ++test1160 test1161 test1162 test1163 test1164 test1165 test1168 \ + test1170 test1171 test1172 test1173 test1174 \ + \ + test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \ +Index: curl-7.69.1/tests/data/test1168 +=================================================================== +--- /dev/null ++++ curl-7.69.1/tests/data/test1168 +@@ -0,0 +1,78 @@ ++<testcase> ++<info> ++<keywords> ++HTTP ++HTTP GET ++followlocation ++</keywords> ++</info> ++# Server-side ++<reply> ++<data> ++HTTP/1.1 301 This is a weirdo text message swsclose ++Date: Thu, 09 Nov 2010 14:49:00 GMT ++Server: test-server/fake ++Location: /data/11680002.txt ++Connection: close ++ ++This server reply is for testing a simple Location: following ++ ++</data> ++<data2> ++HTTP/1.1 200 Followed here fine swsclose ++Date: Thu, 09 Nov 2010 14:49:00 GMT ++Server: test-server/fake ++Content-Length: 52 ++ ++If this is received, the location following worked ++ ++</data2> ++<datacheck> ++HTTP/1.1 301 This is a weirdo text message swsclose ++Date: Thu, 09 Nov 2010 14:49:00 GMT ++Server: test-server/fake ++Location: /data/11680002.txt ++Connection: close ++ ++HTTP/1.1 200 Followed here fine swsclose ++Date: Thu, 09 Nov 2010 14:49:00 GMT ++Server: test-server/fake ++Content-Length: 52 ++ ++If this is received, the location following worked ++ ++</datacheck> ++</reply> ++ ++# Client-side ++<client> ++<server> ++http ++</server> ++ <name> ++HTTP redirect with credentials using # in user and password ++ </name> ++ <command> ++http://%HOSTIP:%HTTPPORT/want/1168 -L -u "catmai#d:#DZaRJYrixKE*gFY" ++</command> ++</client> ++ ++# Verify data after the test has been "shot" ++<verify> ++<strip> ++^User-Agent:.* ++</strip> ++<protocol> ++GET /want/1168 HTTP/1.1 ++Host: %HOSTIP:%HTTPPORT ++Authorization: Basic Y2F0bWFpI2Q6I0RaYVJKWXJpeEtFKmdGWQ== ++Accept: */* ++ ++GET /data/11680002.txt HTTP/1.1 ++Host: %HOSTIP:%HTTPPORT ++Authorization: Basic Y2F0bWFpI2Q6I0RaYVJKWXJpeEtFKmdGWQ== ++Accept: */* ++ ++</protocol> ++</verify> ++</testcase> diff --git a/meta/recipes-support/curl/curl/CVE-2020-8177.patch b/meta/recipes-support/curl/curl/CVE-2020-8177.patch new file mode 100644 index 0000000000..81ec59848c --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2020-8177.patch @@ -0,0 +1,67 @@ +From 8236aba58542c5f89f1d41ca09d84579efb05e22 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Sun, 31 May 2020 23:09:59 +0200 +Subject: [PATCH] tool_getparam: -i is not OK if -J is used + +Reported-by: sn on hackerone +Bug: https://curl.haxx.se/docs/CVE-2020-8177.html + +Upstream-Status: Backport +CVE:CVE-2020-8177 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + src/tool_cb_hdr.c | 22 ++++------------------ + src/tool_getparam.c | 5 +++++ + 2 files changed, 9 insertions(+), 18 deletions(-) + +Index: curl-7.69.1/src/tool_cb_hdr.c +=================================================================== +--- curl-7.69.1.orig/src/tool_cb_hdr.c ++++ curl-7.69.1/src/tool_cb_hdr.c +@@ -134,25 +134,11 @@ + filename = parse_filename(p, len); + if(filename) { + if(outs->stream) { +- int rc; +- /* already opened and possibly written to */ +- if(outs->fopened) +- fclose(outs->stream); +- outs->stream = NULL; ++ /* indication of problem, get out! */ ++ free(filename); ++ return failure; ++ } + +- /* rename the initial file name to the new file name */ +- rc = rename(outs->filename, filename); +- if(rc != 0) { +- warnf(outs->config->global, "Failed to rename %s -> %s: %s\n", +- outs->filename, filename, strerror(errno)); +- } +- if(outs->alloc_filename) +- Curl_safefree(outs->filename); +- if(rc != 0) { +- free(filename); +- return failure; +- } +- } + outs->is_cd_filename = TRUE; + outs->s_isreg = TRUE; + outs->fopened = FALSE; +Index: curl-7.69.1/src/tool_getparam.c +=================================================================== +--- curl-7.69.1.orig/src/tool_getparam.c ++++ curl-7.69.1/src/tool_getparam.c +@@ -1807,6 +1807,11 @@ ParameterError getparameter(const char * + } + break; + case 'i': ++ if(config->content_disposition) { ++ warnf(global, ++ "--include and --remote-header-name cannot be combined.\n"); ++ return PARAM_BAD_USE; ++ } + config->show_headers = toggle; /* show the headers as well in the + general output stream */ + break; diff --git a/meta/recipes-support/curl/curl_7.66.0.bb b/meta/recipes-support/curl/curl_7.66.0.bb index a54e0536e9..506ae0eade 100644 --- a/meta/recipes-support/curl/curl_7.66.0.bb +++ b/meta/recipes-support/curl/curl_7.66.0.bb @@ -8,6 +8,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=be5d9e1419c4363f4b32037a2d3b7ffa" SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://0001-replace-krb5-config-with-pkg-config.patch \ file://CVE-2019-15601.patch \ + file://CVE-2020-8169.patch \ + file://CVE-2020-8177.patch \ " SRC_URI[md5sum] = "c238aa394e3aa47ca4fcb0491774149f" diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2020-13632.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2020-13632.patch new file mode 100644 index 0000000000..7af5e91c4c --- /dev/null +++ b/meta/recipes-support/sqlite/sqlite3/CVE-2020-13632.patch @@ -0,0 +1,32 @@ +From 219b8e7e7587df8669d96ce867cdd61ca1c05730 Mon Sep 17 00:00:00 2001 +From: drh <drh@noemail.net> +Date: Thu, 14 May 2020 23:59:24 +0000 +Subject: [PATCH] Fix a null pointer deference that can occur on a strange + matchinfo() query. + +FossilOrigin-Name: a4dd148928ea65bd4e1654dfacc3d8057d1f85b8c9939416991d50722e5a720e + +Upstream-Status: Backport +CVE: CVE-2020-13632 +[https://github.com/sqlite/sqlite/commit/219b8e7e7587df8669d96ce867cdd61ca1c05730] +Signed-off-by: Li Wang <li.wang@windriver.com> +--- + sqlite3.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sqlite3.c b/sqlite3.c +index fd28360..ee455e5 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -177622,7 +177622,7 @@ static int fts3ExprLHits( + iStart = pExpr->iPhrase * ((p->nCol + 31) / 32); + } + +- while( 1 ){ ++ if( pIter ) while( 1 ){ + int nHit = fts3ColumnlistCount(&pIter); + if( (pPhrase->iColumn>=pTab->nColumn || pPhrase->iColumn==iCol) ){ + if( p->flag==FTS3_MATCHINFO_LHITS ){ +-- +2.17.1 + diff --git a/meta/recipes-support/sqlite/sqlite3_3.29.0.bb b/meta/recipes-support/sqlite/sqlite3_3.29.0.bb index 95e1174b07..425612bf12 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.29.0.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.29.0.bb @@ -13,6 +13,7 @@ SRC_URI = "http://www.sqlite.org/2019/sqlite-autoconf-${SQLITE_PV}.tar.gz \ file://CVE-2019-19959.patch \ file://CVE-2019-20218.patch \ file://CVE-2020-11655.patch \ + file://CVE-2020-13632.patch \ " SRC_URI[md5sum] = "8f3dfe83387e62ecb91c7c5c09c688dc" SRC_URI[sha256sum] = "8e7c1e2950b5b04c5944a981cb31fffbf9d2ddda939d536838ebc854481afd5b" |