diff options
Diffstat (limited to 'meta/recipes-connectivity')
17 files changed, 578 insertions, 763 deletions
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc index f582a07e22..75fc2dbf4c 100644 --- a/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/meta/recipes-connectivity/bluez5/bluez5.inc @@ -58,6 +58,8 @@ SRC_URI = "\ file://CVE-2018-10910.patch \ file://gcc9-fixes.patch \ file://0001-tools-Fix-build-after-y2038-changes-in-glibc.patch \ + file://CVE-2020-0556-1.patch \ + file://CVE-2020-0556-2.patch \ " S = "${WORKDIR}/bluez-${PV}" diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-1.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-1.patch new file mode 100644 index 0000000000..a6bf31e14b --- /dev/null +++ b/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-1.patch @@ -0,0 +1,35 @@ +From 8cdbd3b09f29da29374e2f83369df24228da0ad1 Mon Sep 17 00:00:00 2001 +From: Alain Michaud <alainm@chromium.org> +Date: Tue, 10 Mar 2020 02:35:16 +0000 +Subject: [PATCH 1/2] HOGP must only accept data from bonded devices. + +HOGP 1.0 Section 6.1 establishes that the HOGP must require bonding. + +Reference: +https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.htm + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +CVE: CVE-2020-0556 +--- + profiles/input/hog.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/profiles/input/hog.c b/profiles/input/hog.c +index 83c017dcb..dfac68921 100644 +--- a/profiles/input/hog.c ++++ b/profiles/input/hog.c +@@ -186,6 +186,10 @@ static int hog_accept(struct btd_service *service) + return -EINVAL; + } + ++ /* HOGP 1.0 Section 6.1 requires bonding */ ++ if (!device_is_bonded(device, btd_device_get_bdaddr_type(device))) ++ return -ECONNREFUSED; ++ + /* TODO: Replace GAttrib with bt_gatt_client */ + bt_hog_attach(dev->hog, attrib); + +-- +2.24.1 + diff --git a/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-2.patch b/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-2.patch new file mode 100644 index 0000000000..8acb2f15ec --- /dev/null +++ b/meta/recipes-connectivity/bluez5/bluez5/CVE-2020-0556-2.patch @@ -0,0 +1,143 @@ +From 3cccdbab2324086588df4ccf5f892fb3ce1f1787 Mon Sep 17 00:00:00 2001 +From: Alain Michaud <alainm@chromium.org> +Date: Tue, 10 Mar 2020 02:35:18 +0000 +Subject: [PATCH 2/2] HID accepts bonded device connections only. + +This change adds a configuration for platforms to choose a more secure +posture for the HID profile. While some older mice are known to not +support pairing or encryption, some platform may choose a more secure +posture by requiring the device to be bonded and require the +connection to be encrypted when bonding is required. + +Reference: +https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +CVE: CVE-2020-0556 + +--- + profiles/input/device.c | 23 ++++++++++++++++++++++- + profiles/input/device.h | 1 + + profiles/input/input.conf | 8 ++++++++ + profiles/input/manager.c | 13 ++++++++++++- + 4 files changed, 43 insertions(+), 2 deletions(-) + +diff --git a/profiles/input/device.c b/profiles/input/device.c +index 2cb3811c8..d89da2d7c 100644 +--- a/profiles/input/device.c ++++ b/profiles/input/device.c +@@ -92,6 +92,7 @@ struct input_device { + + static int idle_timeout = 0; + static bool uhid_enabled = false; ++static bool classic_bonded_only = false; + + void input_set_idle_timeout(int timeout) + { +@@ -103,6 +104,11 @@ void input_enable_userspace_hid(bool state) + uhid_enabled = state; + } + ++void input_set_classic_bonded_only(bool state) ++{ ++ classic_bonded_only = state; ++} ++ + static void input_device_enter_reconnect_mode(struct input_device *idev); + static int connection_disconnect(struct input_device *idev, uint32_t flags); + +@@ -970,8 +976,18 @@ static int hidp_add_connection(struct input_device *idev) + if (device_name_known(idev->device)) + device_get_name(idev->device, req->name, sizeof(req->name)); + ++ /* Make sure the device is bonded if required */ ++ if (classic_bonded_only && !device_is_bonded(idev->device, ++ btd_device_get_bdaddr_type(idev->device))) { ++ error("Rejected connection from !bonded device %s", dst_addr); ++ goto cleanup; ++ } ++ + /* Encryption is mandatory for keyboards */ +- if (req->subclass & 0x40) { ++ /* Some platforms may choose to require encryption for all devices */ ++ /* Note that this only matters for pre 2.1 devices as otherwise the */ ++ /* device is encrypted by default by the lower layers */ ++ if (classic_bonded_only || req->subclass & 0x40) { + if (!bt_io_set(idev->intr_io, &gerr, + BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_MEDIUM, + BT_IO_OPT_INVALID)) { +@@ -1203,6 +1219,11 @@ static void input_device_enter_reconnect_mode(struct input_device *idev) + DBG("path=%s reconnect_mode=%s", idev->path, + reconnect_mode_to_string(idev->reconnect_mode)); + ++ /* Make sure the device is bonded if required */ ++ if (classic_bonded_only && !device_is_bonded(idev->device, ++ btd_device_get_bdaddr_type(idev->device))) ++ return; ++ + /* Only attempt an auto-reconnect when the device is required to + * accept reconnections from the host. + */ +diff --git a/profiles/input/device.h b/profiles/input/device.h +index 51a9aee18..3044db673 100644 +--- a/profiles/input/device.h ++++ b/profiles/input/device.h +@@ -29,6 +29,7 @@ struct input_conn; + + void input_set_idle_timeout(int timeout); + void input_enable_userspace_hid(bool state); ++void input_set_classic_bonded_only(bool state); + + int input_device_register(struct btd_service *service); + void input_device_unregister(struct btd_service *service); +diff --git a/profiles/input/input.conf b/profiles/input/input.conf +index 3e1d65aae..166aff4a4 100644 +--- a/profiles/input/input.conf ++++ b/profiles/input/input.conf +@@ -11,3 +11,11 @@ + # Enable HID protocol handling in userspace input profile + # Defaults to false (HIDP handled in HIDP kernel module) + #UserspaceHID=true ++ ++# Limit HID connections to bonded devices ++# The HID Profile does not specify that devices must be bonded, however some ++# platforms may want to make sure that input connections only come from bonded ++# device connections. Several older mice have been known for not supporting ++# pairing/encryption. ++# Defaults to false to maximize device compatibility. ++#ClassicBondedOnly=true +diff --git a/profiles/input/manager.c b/profiles/input/manager.c +index 1d31b0652..5cd27b839 100644 +--- a/profiles/input/manager.c ++++ b/profiles/input/manager.c +@@ -96,7 +96,7 @@ static int input_init(void) + config = load_config_file(CONFIGDIR "/input.conf"); + if (config) { + int idle_timeout; +- gboolean uhid_enabled; ++ gboolean uhid_enabled, classic_bonded_only; + + idle_timeout = g_key_file_get_integer(config, "General", + "IdleTimeout", &err); +@@ -114,6 +114,17 @@ static int input_init(void) + input_enable_userspace_hid(uhid_enabled); + } else + g_clear_error(&err); ++ ++ classic_bonded_only = g_key_file_get_boolean(config, "General", ++ "ClassicBondedOnly", &err); ++ ++ if (!err) { ++ DBG("input.conf: ClassicBondedOnly=%s", ++ classic_bonded_only ? "true" : "false"); ++ input_set_classic_bonded_only(classic_bonded_only); ++ } else ++ g_clear_error(&err); ++ + } + + btd_profile_register(&input_profile); +-- +2.24.1 + diff --git a/meta/recipes-connectivity/dhcp/dhcp/0001-Ensure-context-is-running-prior-to-calling-isc_app_c.patch b/meta/recipes-connectivity/dhcp/dhcp/0001-Ensure-context-is-running-prior-to-calling-isc_app_c.patch new file mode 100644 index 0000000000..34b2ae1e5c --- /dev/null +++ b/meta/recipes-connectivity/dhcp/dhcp/0001-Ensure-context-is-running-prior-to-calling-isc_app_c.patch @@ -0,0 +1,165 @@ +From f369dbb9e67eb5ef336944af63039b6d8f838384 Mon Sep 17 00:00:00 2001 +From: Thomas Markwalder <tmark@isc.org> +Date: Thu, 12 Sep 2019 10:35:46 -0400 +Subject: [PATCH 1/3] Ensure context is running prior to calling + isc_app_ctxsuspend + +Add a release note. + +includes/omapip/isclib.h + Added actx_running flag to global context, dhcp_gbl_ctx + +omapip/isclib.c + set_ctx_running() - new function used as the ctxonrun callback + + dhcp_context_create() - installs set_ctx_running callback + + dhcp_signal_handler() - modified to use act_running flag to + determine is context is running and should be suspended + +Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/dhcp.git] + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + RELNOTES | 7 +++++ + includes/omapip/isclib.h | 3 ++- + omapip/isclib.c | 57 +++++++++++++++++++++++++++++++++------- + 3 files changed, 57 insertions(+), 10 deletions(-) + +diff --git a/RELNOTES b/RELNOTES +index f10305d..1730473 100644 +--- a/RELNOTES ++++ b/RELNOTES +@@ -6,6 +6,13 @@ + + NEW FEATURES + ++- Closed a small window of time between the installation of graceful ++ shutdown signal handlers and application context startup, during which ++ the receipt of shutdown signal would cause a REQUIRE() assertion to ++ occur. Note this issue is only visible when compiling with ++ ENABLE_GENTLE_SHUTDOWN defined. ++ [Gitlab #53,!18 git TBD] ++ + Please note that that ISC DHCP is now licensed under the Mozilla Public License, + MPL 2.0. Please see https://www.mozilla.org/en-US/MPL/2.0/ to read the MPL 2.0 + license terms. +diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h +index 6c20584..af6a6fc 100644 +--- a/includes/omapip/isclib.h ++++ b/includes/omapip/isclib.h +@@ -94,7 +94,8 @@ + typedef struct dhcp_context { + isc_mem_t *mctx; + isc_appctx_t *actx; +- int actx_started; ++ int actx_started; // ISC_TRUE if ctxstart has been called ++ int actx_running; // ISC_TRUE if ctxrun has been called + isc_taskmgr_t *taskmgr; + isc_task_t *task; + isc_socketmgr_t *socketmgr; +diff --git a/omapip/isclib.c b/omapip/isclib.c +index ce4b4a1..73e017c 100644 +--- a/omapip/isclib.c ++++ b/omapip/isclib.c +@@ -134,6 +134,35 @@ handle_signal(int sig, void (*handler)(int)) { + } + } + ++/* Callback passed to isc_app_ctxonrun ++ * ++ * BIND9 context code will invoke this handler once the context has ++ * entered the running state. We use it to set a global marker so that ++ * we can tell if the context is running. Several of the isc_app_ ++ * calls REQUIRE that the context is running and we need a way to ++ * know that. ++ * ++ * We also check to see if we received a shutdown signal prior to ++ * the context entering the run state. If we did, then we can just ++ * simply shut the context down now. This closes the relatively ++ * small window between start up and entering run via the call ++ * to dispatch(). ++ * ++ */ ++static void ++set_ctx_running(isc_task_t *task, isc_event_t *event) { ++ task = task; // unused; ++ dhcp_gbl_ctx.actx_running = ISC_TRUE; ++ ++ if (shutdown_signal) { ++ // We got signaled shutdown before we entered running state. ++ // Now that we've reached running state, shut'er down. ++ isc_app_ctxsuspend(dhcp_gbl_ctx.actx); ++ } ++ ++ isc_event_free(&event); ++} ++ + isc_result_t + dhcp_context_create(int flags, + struct in_addr *local4, +@@ -141,6 +170,9 @@ dhcp_context_create(int flags, + isc_result_t result; + + if ((flags & DHCP_CONTEXT_PRE_DB) != 0) { ++ dhcp_gbl_ctx.actx_started = ISC_FALSE; ++ dhcp_gbl_ctx.actx_running = ISC_FALSE; ++ + /* + * Set up the error messages, this isn't the right place + * for this call but it is convienent for now. +@@ -204,15 +236,24 @@ dhcp_context_create(int flags, + if (result != ISC_R_SUCCESS) + goto cleanup; + +- result = isc_task_create(dhcp_gbl_ctx.taskmgr, 0, &dhcp_gbl_ctx.task); ++ result = isc_task_create(dhcp_gbl_ctx.taskmgr, 0, ++ &dhcp_gbl_ctx.task); + if (result != ISC_R_SUCCESS) + goto cleanup; + + result = isc_app_ctxstart(dhcp_gbl_ctx.actx); + if (result != ISC_R_SUCCESS) +- return (result); ++ goto cleanup; ++ + dhcp_gbl_ctx.actx_started = ISC_TRUE; + ++ // Install the onrun callback. ++ result = isc_app_ctxonrun(dhcp_gbl_ctx.actx, dhcp_gbl_ctx.mctx, ++ dhcp_gbl_ctx.task, set_ctx_running, ++ dhcp_gbl_ctx.actx); ++ if (result != ISC_R_SUCCESS) ++ goto cleanup; ++ + /* Not all OSs support suppressing SIGPIPE through socket + * options, so set the sigal action to be ignore. This allows + * broken connections to fail gracefully with EPIPE on writes */ +@@ -335,19 +376,17 @@ isclib_make_dst_key(char *inname, + * @param signal signal code that we received + */ + void dhcp_signal_handler(int signal) { +- isc_appctx_t *ctx = dhcp_gbl_ctx.actx; +- int prev = shutdown_signal; +- +- if (prev != 0) { ++ if (shutdown_signal != 0) { + /* Already in shutdown. */ + return; + } ++ + /* Possible race but does it matter? */ + shutdown_signal = signal; + +- /* Use reload (aka suspend) for easier dispatch() reenter. */ +- if (ctx && ctx->methods && ctx->methods->ctxsuspend) { +- (void) isc_app_ctxsuspend(ctx); ++ /* If the application context is running tell it to shut down */ ++ if (dhcp_gbl_ctx.actx_running == ISC_TRUE) { ++ (void) isc_app_ctxsuspend(dhcp_gbl_ctx.actx); + } + } + +-- +2.23.0 + diff --git a/meta/recipes-connectivity/dhcp/dhcp/0002-Added-shutdown-log-statment-to-dhcrelay.patch b/meta/recipes-connectivity/dhcp/dhcp/0002-Added-shutdown-log-statment-to-dhcrelay.patch new file mode 100644 index 0000000000..78b2b74f45 --- /dev/null +++ b/meta/recipes-connectivity/dhcp/dhcp/0002-Added-shutdown-log-statment-to-dhcrelay.patch @@ -0,0 +1,29 @@ +From adcd34ae1f56b16d7e9696d980332b4cf6c7ce91 Mon Sep 17 00:00:00 2001 +From: Thomas Markwalder <tmark@isc.org> +Date: Fri, 13 Sep 2019 15:03:31 -0400 +Subject: [PATCH 2/3] Added shutdown log statment to dhcrelay + +Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/dhcp.git] + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + relay/dhcrelay.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/relay/dhcrelay.c b/relay/dhcrelay.c +index d8caaaf..4bd1d47 100644 +--- a/relay/dhcrelay.c ++++ b/relay/dhcrelay.c +@@ -2076,6 +2076,9 @@ dhcp_set_control_state(control_object_state_t oldstate, + if (newstate != server_shutdown) + return ISC_R_SUCCESS; + ++ /* Log shutdown on signal. */ ++ log_info("Received signal %d, initiating shutdown.", shutdown_signal); ++ + if (no_pid_file == ISC_FALSE) + (void) unlink(path_dhcrelay_pid); + +-- +2.23.0 + diff --git a/meta/recipes-connectivity/dhcp/dhcp/0003-Addressed-review-comment.patch b/meta/recipes-connectivity/dhcp/dhcp/0003-Addressed-review-comment.patch new file mode 100644 index 0000000000..a51b6cf526 --- /dev/null +++ b/meta/recipes-connectivity/dhcp/dhcp/0003-Addressed-review-comment.patch @@ -0,0 +1,31 @@ +From e4b54b4d676783152d487103714cba2913661ef8 Mon Sep 17 00:00:00 2001 +From: Thomas Markwalder <tmark@isc.org> +Date: Wed, 6 Nov 2019 15:53:50 -0500 +Subject: [PATCH 3/3] Addressed review comment. + +omapip/isclib.c + Added use of IGNORE_UNUSED() + +Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/dhcp.git] + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + omapip/isclib.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/omapip/isclib.c b/omapip/isclib.c +index 73e017c..1d52463 100644 +--- a/omapip/isclib.c ++++ b/omapip/isclib.c +@@ -151,7 +151,7 @@ handle_signal(int sig, void (*handler)(int)) { + */ + static void + set_ctx_running(isc_task_t *task, isc_event_t *event) { +- task = task; // unused; ++ IGNORE_UNUSED(task); + dhcp_gbl_ctx.actx_running = ISC_TRUE; + + if (shutdown_signal) { +-- +2.23.0 + diff --git a/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb b/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb index 275961a603..ddc8b60254 100644 --- a/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb +++ b/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb @@ -11,6 +11,9 @@ SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.pat file://0013-fixup_use_libbind.patch \ file://0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch \ file://0001-Fix-a-NSUPDATE-compiling-issue.patch \ + file://0001-Ensure-context-is-running-prior-to-calling-isc_app_c.patch \ + file://0002-Added-shutdown-log-statment-to-dhcrelay.patch \ + file://0003-Addressed-review-comment.patch \ " SRC_URI[md5sum] = "18c7f4dcbb0a63df25098216d47b1ede" diff --git a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb b/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb index 684fbe09e1..cc9410b94e 100644 --- a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb +++ b/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb @@ -143,11 +143,15 @@ ALTERNATIVE_${PN}-traceroute = "traceroute" ALTERNATIVE_${PN}-hostname = "hostname" ALTERNATIVE_LINK_NAME[hostname] = "${base_bindir}/hostname" -ALTERNATIVE_${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8" +ALTERNATIVE_${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8 \ + tftpd.8 tftp.1 telnetd.8" ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1" ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1" ALTERNATIVE_LINK_NAME[logger.1] = "${mandir}/man1/logger.1" ALTERNATIVE_LINK_NAME[syslogd.8] = "${mandir}/man8/syslogd.8" +ALTERNATIVE_LINK_NAME[telnetd.8] = "${mandir}/man8/telnetd.8" +ALTERNATIVE_LINK_NAME[tftpd.8] = "${mandir}/man8/tftpd.8" +ALTERNATIVE_LINK_NAME[tftp.1] = "${mandir}/man1/tftp.1" ALTERNATIVE_${PN}-ifconfig = "ifconfig" ALTERNATIVE_LINK_NAME[ifconfig] = "${base_sbindir}/ifconfig" diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Disable-statx-if-using-glibc-emulation.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Disable-statx-if-using-glibc-emulation.patch new file mode 100644 index 0000000000..98b1391923 --- /dev/null +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Disable-statx-if-using-glibc-emulation.patch @@ -0,0 +1,34 @@ +From ff3ad88c233ecd87f7983ad13836323f944540ec Mon Sep 17 00:00:00 2001 +From: Doug Nazar <nazard@nazar.ca> +Date: Mon, 9 Dec 2019 10:53:37 -0500 +Subject: [PATCH] Disable statx if using glibc emulation + +On older kernels without statx, glibc with statx support will attempt +to emulate the call. However it doesn't support AT_STATX_DONT_SYNC and +will return EINVAL. This causes all xstat/xlstat calls to fail. + +Upstream-Status: Backport + +Signed-off-by: Doug Nazar <nazard@nazar.ca> +Signed-off-by: Steve Dickson <steved@redhat.com> +--- + support/misc/xstat.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/support/misc/xstat.c b/support/misc/xstat.c +index 661e29e4..a438fbcc 100644 +--- a/support/misc/xstat.c ++++ b/support/misc/xstat.c +@@ -51,6 +51,9 @@ statx_do_stat(int fd, const char *pathname, struct stat *statbuf, int flags) + statx_copy(statbuf, &stxbuf); + return 0; + } ++ /* glibc emulation doesn't support AT_STATX_DONT_SYNC */ ++ if (errno == EINVAL) ++ errno = ENOSYS; + if (errno == ENOSYS) + statx_supported = 0; + } else +-- +2.19.1 + diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb index 7e80354e4e..3ae8f965c8 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb @@ -33,6 +33,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \ file://0001-Don-t-build-tools-with-CC_FOR_BUILD.patch \ file://0001-Fix-include-order-between-config.h-and-stat.h.patch \ + file://0001-Disable-statx-if-using-glibc-emulation.patch \ " SRC_URI_append_libc-glibc = " file://0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch" SRC_URI_append_libc-musl = " file://nfs-utils-musl-res_querydomain.patch" diff --git a/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch b/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch new file mode 100644 index 0000000000..e2930c3c7d --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch @@ -0,0 +1,46 @@ +From 3cccc0a2ab597b8273bddf08e9a3cc5551d7e530 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" <djm@openbsd.org> +Date: Fri, 3 Jan 2020 03:02:26 +0000 +Subject: [PATCH] upstream: what bozo decided to use 2020 as a future date in a + regress + +test? + +OpenBSD-Regress-ID: 3b953df5a7e14081ff6cf495d4e8d40e153cbc3a + +Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/ff31f15773ee173502eec4d7861ec56f26bba381] + +[Dropped the script version and copyright year change at the top] + +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + regress/cert-hostkey.sh | 2 +- + regress/cert-userkey.sh | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh +index 3ce7779..74d5a53 100644 +--- a/regress/cert-hostkey.sh ++++ b/regress/cert-hostkey.sh +@@ -248,7 +248,7 @@ test_one() { + test_one "user-certificate" failure "-n $HOSTS" + test_one "empty principals" success "-h" + test_one "wrong principals" failure "-h -n foo" +-test_one "cert not yet valid" failure "-h -V20200101:20300101" ++test_one "cert not yet valid" failure "-h -V20300101:20320101" + test_one "cert expired" failure "-h -V19800101:19900101" + test_one "cert valid interval" success "-h -V-1w:+2w" + test_one "cert has constraints" failure "-h -Oforce-command=false" +diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh +index 6849e99..de455b8 100644 +--- a/regress/cert-userkey.sh ++++ b/regress/cert-userkey.sh +@@ -327,7 +327,7 @@ test_one() { + test_one "correct principal" success "-n ${USER}" + test_one "host-certificate" failure "-n ${USER} -h" + test_one "wrong principals" failure "-n foo" +-test_one "cert not yet valid" failure "-n ${USER} -V20200101:20300101" ++test_one "cert not yet valid" failure "-n ${USER} -V20300101:20320101" + test_one "cert expired" failure "-n ${USER} -V19800101:19900101" + test_one "cert valid interval" success "-n ${USER} -V-1w:+2w" + test_one "wrong source-address" failure "-n ${USER} -Osource-address=10.0.0.0/8" diff --git a/meta/recipes-connectivity/openssh/openssh_8.0p1.bb b/meta/recipes-connectivity/openssh/openssh_8.0p1.bb index 2ffbc9a95f..3d16f9d347 100644 --- a/meta/recipes-connectivity/openssh/openssh_8.0p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_8.0p1.bb @@ -25,6 +25,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://sshd_check_keys \ file://add-test-support-for-busybox.patch \ file://0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch \ + file://0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch \ " SRC_URI[md5sum] = "bf050f002fe510e1daecd39044e1122d" SRC_URI[sha256sum] = "bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68" diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch deleted file mode 100644 index 0cc19cb5f4..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch +++ /dev/null @@ -1,758 +0,0 @@ -From 419102400a2811582a7a3d4a4e317d72e5ce0a8f Mon Sep 17 00:00:00 2001 -From: Andy Polyakov <appro@openssl.org> -Date: Wed, 4 Dec 2019 12:48:21 +0100 -Subject: [PATCH] Fix an overflow bug in rsaz_512_sqr - -There is an overflow bug in the x64_64 Montgomery squaring procedure used in -exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis -suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a -result of this defect would be very difficult to perform and are not believed -likely. Attacks against DH512 are considered just feasible. However, for an -attack the target would have to re-use the DH512 private key, which is not -recommended anyway. Also applications directly using the low level API -BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. - -CVE-2019-1551 - -Reviewed-by: Paul Dale <paul.dale@oracle.com> -Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> -(Merged from https://github.com/openssl/openssl/pull/10575) - -CVE: CVE-2019-1551 -Upstream-Status: Backport -Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> ---- - crypto/bn/asm/rsaz-x86_64.pl | 381 ++++++++++++++++++----------------- - 1 file changed, 197 insertions(+), 184 deletions(-) - -diff --git a/crypto/bn/asm/rsaz-x86_64.pl b/crypto/bn/asm/rsaz-x86_64.pl -index b1797b649f0..7534d5cd03e 100755 ---- a/crypto/bn/asm/rsaz-x86_64.pl -+++ b/crypto/bn/asm/rsaz-x86_64.pl -@@ -116,7 +116,7 @@ - subq \$128+24, %rsp - .cfi_adjust_cfa_offset 128+24 - .Lsqr_body: -- movq $mod, %rbp # common argument -+ movq $mod, %xmm1 # common off-load - movq ($inp), %rdx - movq 8($inp), %rax - movq $n0, 128(%rsp) -@@ -134,7 +134,8 @@ - .Loop_sqr: - movl $times,128+8(%rsp) - #first iteration -- movq %rdx, %rbx -+ movq %rdx, %rbx # 0($inp) -+ mov %rax, %rbp # 8($inp) - mulq %rdx - movq %rax, %r8 - movq 16($inp), %rax -@@ -173,31 +174,29 @@ - mulq %rbx - addq %rax, %r14 - movq %rbx, %rax -- movq %rdx, %r15 -- adcq \$0, %r15 -+ adcq \$0, %rdx - -- addq %r8, %r8 #shlq \$1, %r8 -- movq %r9, %rcx -- adcq %r9, %r9 #shld \$1, %r8, %r9 -+ xorq %rcx,%rcx # rcx:r8 = r8 << 1 -+ addq %r8, %r8 -+ movq %rdx, %r15 -+ adcq \$0, %rcx - - mulq %rax -- movq %rax, (%rsp) -- addq %rdx, %r8 -- adcq \$0, %r9 -+ addq %r8, %rdx -+ adcq \$0, %rcx - -- movq %r8, 8(%rsp) -- shrq \$63, %rcx -+ movq %rax, (%rsp) -+ movq %rdx, 8(%rsp) - - #second iteration -- movq 8($inp), %r8 - movq 16($inp), %rax -- mulq %r8 -+ mulq %rbp - addq %rax, %r10 - movq 24($inp), %rax - movq %rdx, %rbx - adcq \$0, %rbx - -- mulq %r8 -+ mulq %rbp - addq %rax, %r11 - movq 32($inp), %rax - adcq \$0, %rdx -@@ -205,7 +204,7 @@ - movq %rdx, %rbx - adcq \$0, %rbx - -- mulq %r8 -+ mulq %rbp - addq %rax, %r12 - movq 40($inp), %rax - adcq \$0, %rdx -@@ -213,7 +212,7 @@ - movq %rdx, %rbx - adcq \$0, %rbx - -- mulq %r8 -+ mulq %rbp - addq %rax, %r13 - movq 48($inp), %rax - adcq \$0, %rdx -@@ -221,7 +220,7 @@ - movq %rdx, %rbx - adcq \$0, %rbx - -- mulq %r8 -+ mulq %rbp - addq %rax, %r14 - movq 56($inp), %rax - adcq \$0, %rdx -@@ -229,39 +228,39 @@ - movq %rdx, %rbx - adcq \$0, %rbx - -- mulq %r8 -+ mulq %rbp - addq %rax, %r15 -- movq %r8, %rax -+ movq %rbp, %rax - adcq \$0, %rdx - addq %rbx, %r15 -- movq %rdx, %r8 -- movq %r10, %rdx -- adcq \$0, %r8 -+ adcq \$0, %rdx - -- add %rdx, %rdx -- lea (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10 -- movq %r11, %rbx -- adcq %r11, %r11 #shld \$1, %r10, %r11 -+ xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1 -+ addq %r9, %r9 -+ movq %rdx, %r8 -+ adcq %r10, %r10 -+ adcq \$0, %rbx - - mulq %rax -+ addq %rcx, %rax -+ movq 16($inp), %rbp -+ adcq \$0, %rdx - addq %rax, %r9 -+ movq 24($inp), %rax - adcq %rdx, %r10 -- adcq \$0, %r11 -+ adcq \$0, %rbx - - movq %r9, 16(%rsp) - movq %r10, 24(%rsp) -- shrq \$63, %rbx - - #third iteration -- movq 16($inp), %r9 -- movq 24($inp), %rax -- mulq %r9 -+ mulq %rbp - addq %rax, %r12 - movq 32($inp), %rax - movq %rdx, %rcx - adcq \$0, %rcx - -- mulq %r9 -+ mulq %rbp - addq %rax, %r13 - movq 40($inp), %rax - adcq \$0, %rdx -@@ -269,7 +268,7 @@ - movq %rdx, %rcx - adcq \$0, %rcx - -- mulq %r9 -+ mulq %rbp - addq %rax, %r14 - movq 48($inp), %rax - adcq \$0, %rdx -@@ -277,9 +276,7 @@ - movq %rdx, %rcx - adcq \$0, %rcx - -- mulq %r9 -- movq %r12, %r10 -- lea (%rbx,%r12,2), %r12 #shld \$1, %rbx, %r12 -+ mulq %rbp - addq %rax, %r15 - movq 56($inp), %rax - adcq \$0, %rdx -@@ -287,36 +284,40 @@ - movq %rdx, %rcx - adcq \$0, %rcx - -- mulq %r9 -- shrq \$63, %r10 -+ mulq %rbp - addq %rax, %r8 -- movq %r9, %rax -+ movq %rbp, %rax - adcq \$0, %rdx - addq %rcx, %r8 -- movq %rdx, %r9 -- adcq \$0, %r9 -+ adcq \$0, %rdx - -- movq %r13, %rcx -- leaq (%r10,%r13,2), %r13 #shld \$1, %r12, %r13 -+ xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1 -+ addq %r11, %r11 -+ movq %rdx, %r9 -+ adcq %r12, %r12 -+ adcq \$0, %rcx - - mulq %rax -+ addq %rbx, %rax -+ movq 24($inp), %r10 -+ adcq \$0, %rdx - addq %rax, %r11 -+ movq 32($inp), %rax - adcq %rdx, %r12 -- adcq \$0, %r13 -+ adcq \$0, %rcx - - movq %r11, 32(%rsp) - movq %r12, 40(%rsp) -- shrq \$63, %rcx - - #fourth iteration -- movq 24($inp), %r10 -- movq 32($inp), %rax -+ mov %rax, %r11 # 32($inp) - mulq %r10 - addq %rax, %r14 - movq 40($inp), %rax - movq %rdx, %rbx - adcq \$0, %rbx - -+ mov %rax, %r12 # 40($inp) - mulq %r10 - addq %rax, %r15 - movq 48($inp), %rax -@@ -325,9 +326,8 @@ - movq %rdx, %rbx - adcq \$0, %rbx - -+ mov %rax, %rbp # 48($inp) - mulq %r10 -- movq %r14, %r12 -- leaq (%rcx,%r14,2), %r14 #shld \$1, %rcx, %r14 - addq %rax, %r8 - movq 56($inp), %rax - adcq \$0, %rdx -@@ -336,32 +336,33 @@ - adcq \$0, %rbx - - mulq %r10 -- shrq \$63, %r12 - addq %rax, %r9 - movq %r10, %rax - adcq \$0, %rdx - addq %rbx, %r9 -- movq %rdx, %r10 -- adcq \$0, %r10 -+ adcq \$0, %rdx - -- movq %r15, %rbx -- leaq (%r12,%r15,2),%r15 #shld \$1, %r14, %r15 -+ xorq %rbx, %rbx # rbx:r13:r14 = r13:r14 << 1 -+ addq %r13, %r13 -+ movq %rdx, %r10 -+ adcq %r14, %r14 -+ adcq \$0, %rbx - - mulq %rax -+ addq %rcx, %rax -+ adcq \$0, %rdx - addq %rax, %r13 -+ movq %r12, %rax # 40($inp) - adcq %rdx, %r14 -- adcq \$0, %r15 -+ adcq \$0, %rbx - - movq %r13, 48(%rsp) - movq %r14, 56(%rsp) -- shrq \$63, %rbx - - #fifth iteration -- movq 32($inp), %r11 -- movq 40($inp), %rax - mulq %r11 - addq %rax, %r8 -- movq 48($inp), %rax -+ movq %rbp, %rax # 48($inp) - movq %rdx, %rcx - adcq \$0, %rcx - -@@ -369,97 +370,99 @@ - addq %rax, %r9 - movq 56($inp), %rax - adcq \$0, %rdx -- movq %r8, %r12 -- leaq (%rbx,%r8,2), %r8 #shld \$1, %rbx, %r8 - addq %rcx, %r9 - movq %rdx, %rcx - adcq \$0, %rcx - -+ mov %rax, %r14 # 56($inp) - mulq %r11 -- shrq \$63, %r12 - addq %rax, %r10 - movq %r11, %rax - adcq \$0, %rdx - addq %rcx, %r10 -- movq %rdx, %r11 -- adcq \$0, %r11 -+ adcq \$0, %rdx - -- movq %r9, %rcx -- leaq (%r12,%r9,2), %r9 #shld \$1, %r8, %r9 -+ xorq %rcx, %rcx # rcx:r8:r15 = r8:r15 << 1 -+ addq %r15, %r15 -+ movq %rdx, %r11 -+ adcq %r8, %r8 -+ adcq \$0, %rcx - - mulq %rax -+ addq %rbx, %rax -+ adcq \$0, %rdx - addq %rax, %r15 -+ movq %rbp, %rax # 48($inp) - adcq %rdx, %r8 -- adcq \$0, %r9 -+ adcq \$0, %rcx - - movq %r15, 64(%rsp) - movq %r8, 72(%rsp) -- shrq \$63, %rcx - - #sixth iteration -- movq 40($inp), %r12 -- movq 48($inp), %rax - mulq %r12 - addq %rax, %r10 -- movq 56($inp), %rax -+ movq %r14, %rax # 56($inp) - movq %rdx, %rbx - adcq \$0, %rbx - - mulq %r12 - addq %rax, %r11 - movq %r12, %rax -- movq %r10, %r15 -- leaq (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10 - adcq \$0, %rdx -- shrq \$63, %r15 - addq %rbx, %r11 -- movq %rdx, %r12 -- adcq \$0, %r12 -+ adcq \$0, %rdx - -- movq %r11, %rbx -- leaq (%r15,%r11,2), %r11 #shld \$1, %r10, %r11 -+ xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1 -+ addq %r9, %r9 -+ movq %rdx, %r12 -+ adcq %r10, %r10 -+ adcq \$0, %rbx - - mulq %rax -+ addq %rcx, %rax -+ adcq \$0, %rdx - addq %rax, %r9 -+ movq %r14, %rax # 56($inp) - adcq %rdx, %r10 -- adcq \$0, %r11 -+ adcq \$0, %rbx - - movq %r9, 80(%rsp) - movq %r10, 88(%rsp) - - #seventh iteration -- movq 48($inp), %r13 -- movq 56($inp), %rax -- mulq %r13 -+ mulq %rbp - addq %rax, %r12 -- movq %r13, %rax -- movq %rdx, %r13 -- adcq \$0, %r13 -+ movq %rbp, %rax -+ adcq \$0, %rdx - -- xorq %r14, %r14 -- shlq \$1, %rbx -- adcq %r12, %r12 #shld \$1, %rbx, %r12 -- adcq %r13, %r13 #shld \$1, %r12, %r13 -- adcq %r14, %r14 #shld \$1, %r13, %r14 -+ xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1 -+ addq %r11, %r11 -+ movq %rdx, %r13 -+ adcq %r12, %r12 -+ adcq \$0, %rcx - - mulq %rax -+ addq %rbx, %rax -+ adcq \$0, %rdx - addq %rax, %r11 -+ movq %r14, %rax # 56($inp) - adcq %rdx, %r12 -- adcq \$0, %r13 -+ adcq \$0, %rcx - - movq %r11, 96(%rsp) - movq %r12, 104(%rsp) - - #eighth iteration -- movq 56($inp), %rax -+ xorq %rbx, %rbx # rbx:r13 = r13 << 1 -+ addq %r13, %r13 -+ adcq \$0, %rbx -+ - mulq %rax -- addq %rax, %r13 -+ addq %rcx, %rax - adcq \$0, %rdx -- -- addq %rdx, %r14 -- -- movq %r13, 112(%rsp) -- movq %r14, 120(%rsp) -+ addq %r13, %rax -+ adcq %rbx, %rdx - - movq (%rsp), %r8 - movq 8(%rsp), %r9 -@@ -469,6 +472,10 @@ - movq 40(%rsp), %r13 - movq 48(%rsp), %r14 - movq 56(%rsp), %r15 -+ movq %xmm1, %rbp -+ -+ movq %rax, 112(%rsp) -+ movq %rdx, 120(%rsp) - - call __rsaz_512_reduce - -@@ -500,9 +507,9 @@ - .Loop_sqrx: - movl $times,128+8(%rsp) - movq $out, %xmm0 # off-load -- movq %rbp, %xmm1 # off-load - #first iteration - mulx %rax, %r8, %r9 -+ mov %rax, %rbx - - mulx 16($inp), %rcx, %r10 - xor %rbp, %rbp # cf=0, of=0 -@@ -510,40 +517,39 @@ - mulx 24($inp), %rax, %r11 - adcx %rcx, %r9 - -- mulx 32($inp), %rcx, %r12 -+ .byte 0xc4,0x62,0xf3,0xf6,0xa6,0x20,0x00,0x00,0x00 # mulx 32($inp), %rcx, %r12 - adcx %rax, %r10 - -- mulx 40($inp), %rax, %r13 -+ .byte 0xc4,0x62,0xfb,0xf6,0xae,0x28,0x00,0x00,0x00 # mulx 40($inp), %rax, %r13 - adcx %rcx, %r11 - -- .byte 0xc4,0x62,0xf3,0xf6,0xb6,0x30,0x00,0x00,0x00 # mulx 48($inp), %rcx, %r14 -+ mulx 48($inp), %rcx, %r14 - adcx %rax, %r12 - adcx %rcx, %r13 - -- .byte 0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00 # mulx 56($inp), %rax, %r15 -+ mulx 56($inp), %rax, %r15 - adcx %rax, %r14 - adcx %rbp, %r15 # %rbp is 0 - -- mov %r9, %rcx -- shld \$1, %r8, %r9 -- shl \$1, %r8 -- -- xor %ebp, %ebp -- mulx %rdx, %rax, %rdx -- adcx %rdx, %r8 -- mov 8($inp), %rdx -- adcx %rbp, %r9 -+ mulx %rdx, %rax, $out -+ mov %rbx, %rdx # 8($inp) -+ xor %rcx, %rcx -+ adox %r8, %r8 -+ adcx $out, %r8 -+ adox %rbp, %rcx -+ adcx %rbp, %rcx - - mov %rax, (%rsp) - mov %r8, 8(%rsp) - - #second iteration -- mulx 16($inp), %rax, %rbx -+ .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x10,0x00,0x00,0x00 # mulx 16($inp), %rax, %rbx - adox %rax, %r10 - adcx %rbx, %r11 - -- .byte 0xc4,0x62,0xc3,0xf6,0x86,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r8 -+ mulx 24($inp), $out, %r8 - adox $out, %r11 -+ .byte 0x66 - adcx %r8, %r12 - - mulx 32($inp), %rax, %rbx -@@ -561,24 +567,25 @@ - .byte 0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r8 - adox $out, %r15 - adcx %rbp, %r8 -+ mulx %rdx, %rax, $out - adox %rbp, %r8 -+ .byte 0x48,0x8b,0x96,0x10,0x00,0x00,0x00 # mov 16($inp), %rdx - -- mov %r11, %rbx -- shld \$1, %r10, %r11 -- shld \$1, %rcx, %r10 -- -- xor %ebp,%ebp -- mulx %rdx, %rax, %rcx -- mov 16($inp), %rdx -+ xor %rbx, %rbx -+ adcx %rcx, %rax -+ adox %r9, %r9 -+ adcx %rbp, $out -+ adox %r10, %r10 - adcx %rax, %r9 -- adcx %rcx, %r10 -- adcx %rbp, %r11 -+ adox %rbp, %rbx -+ adcx $out, %r10 -+ adcx %rbp, %rbx - - mov %r9, 16(%rsp) - .byte 0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00 # mov %r10, 24(%rsp) - - #third iteration -- .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r9 -+ mulx 24($inp), $out, %r9 - adox $out, %r12 - adcx %r9, %r13 - -@@ -586,7 +593,7 @@ - adox %rax, %r13 - adcx %rcx, %r14 - -- mulx 40($inp), $out, %r9 -+ .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r9 - adox $out, %r14 - adcx %r9, %r15 - -@@ -594,27 +601,28 @@ - adox %rax, %r15 - adcx %rcx, %r8 - -- .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r9 -+ mulx 56($inp), $out, %r9 - adox $out, %r8 - adcx %rbp, %r9 -+ mulx %rdx, %rax, $out - adox %rbp, %r9 -+ mov 24($inp), %rdx - -- mov %r13, %rcx -- shld \$1, %r12, %r13 -- shld \$1, %rbx, %r12 -- -- xor %ebp, %ebp -- mulx %rdx, %rax, %rdx -+ xor %rcx, %rcx -+ adcx %rbx, %rax -+ adox %r11, %r11 -+ adcx %rbp, $out -+ adox %r12, %r12 - adcx %rax, %r11 -- adcx %rdx, %r12 -- mov 24($inp), %rdx -- adcx %rbp, %r13 -+ adox %rbp, %rcx -+ adcx $out, %r12 -+ adcx %rbp, %rcx - - mov %r11, 32(%rsp) -- .byte 0x4c,0x89,0xa4,0x24,0x28,0x00,0x00,0x00 # mov %r12, 40(%rsp) -+ mov %r12, 40(%rsp) - - #fourth iteration -- .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x20,0x00,0x00,0x00 # mulx 32($inp), %rax, %rbx -+ mulx 32($inp), %rax, %rbx - adox %rax, %r14 - adcx %rbx, %r15 - -@@ -629,25 +637,25 @@ - mulx 56($inp), $out, %r10 - adox $out, %r9 - adcx %rbp, %r10 -+ mulx %rdx, %rax, $out - adox %rbp, %r10 -+ mov 32($inp), %rdx - -- .byte 0x66 -- mov %r15, %rbx -- shld \$1, %r14, %r15 -- shld \$1, %rcx, %r14 -- -- xor %ebp, %ebp -- mulx %rdx, %rax, %rdx -+ xor %rbx, %rbx -+ adcx %rcx, %rax -+ adox %r13, %r13 -+ adcx %rbp, $out -+ adox %r14, %r14 - adcx %rax, %r13 -- adcx %rdx, %r14 -- mov 32($inp), %rdx -- adcx %rbp, %r15 -+ adox %rbp, %rbx -+ adcx $out, %r14 -+ adcx %rbp, %rbx - - mov %r13, 48(%rsp) - mov %r14, 56(%rsp) - - #fifth iteration -- .byte 0xc4,0x62,0xc3,0xf6,0x9e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r11 -+ mulx 40($inp), $out, %r11 - adox $out, %r8 - adcx %r11, %r9 - -@@ -658,18 +666,19 @@ - mulx 56($inp), $out, %r11 - adox $out, %r10 - adcx %rbp, %r11 -+ mulx %rdx, %rax, $out -+ mov 40($inp), %rdx - adox %rbp, %r11 - -- mov %r9, %rcx -- shld \$1, %r8, %r9 -- shld \$1, %rbx, %r8 -- -- xor %ebp, %ebp -- mulx %rdx, %rax, %rdx -+ xor %rcx, %rcx -+ adcx %rbx, %rax -+ adox %r15, %r15 -+ adcx %rbp, $out -+ adox %r8, %r8 - adcx %rax, %r15 -- adcx %rdx, %r8 -- mov 40($inp), %rdx -- adcx %rbp, %r9 -+ adox %rbp, %rcx -+ adcx $out, %r8 -+ adcx %rbp, %rcx - - mov %r15, 64(%rsp) - mov %r8, 72(%rsp) -@@ -682,18 +691,19 @@ - .byte 0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r12 - adox $out, %r11 - adcx %rbp, %r12 -+ mulx %rdx, %rax, $out - adox %rbp, %r12 -+ mov 48($inp), %rdx - -- mov %r11, %rbx -- shld \$1, %r10, %r11 -- shld \$1, %rcx, %r10 -- -- xor %ebp, %ebp -- mulx %rdx, %rax, %rdx -+ xor %rbx, %rbx -+ adcx %rcx, %rax -+ adox %r9, %r9 -+ adcx %rbp, $out -+ adox %r10, %r10 - adcx %rax, %r9 -- adcx %rdx, %r10 -- mov 48($inp), %rdx -- adcx %rbp, %r11 -+ adcx $out, %r10 -+ adox %rbp, %rbx -+ adcx %rbp, %rbx - - mov %r9, 80(%rsp) - mov %r10, 88(%rsp) -@@ -703,31 +713,31 @@ - adox %rax, %r12 - adox %rbp, %r13 - -- xor %r14, %r14 -- shld \$1, %r13, %r14 -- shld \$1, %r12, %r13 -- shld \$1, %rbx, %r12 -- -- xor %ebp, %ebp -- mulx %rdx, %rax, %rdx -- adcx %rax, %r11 -- adcx %rdx, %r12 -+ mulx %rdx, %rax, $out -+ xor %rcx, %rcx - mov 56($inp), %rdx -- adcx %rbp, %r13 -+ adcx %rbx, %rax -+ adox %r11, %r11 -+ adcx %rbp, $out -+ adox %r12, %r12 -+ adcx %rax, %r11 -+ adox %rbp, %rcx -+ adcx $out, %r12 -+ adcx %rbp, %rcx - - .byte 0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00 # mov %r11, 96(%rsp) - .byte 0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00 # mov %r12, 104(%rsp) - - #eighth iteration - mulx %rdx, %rax, %rdx -- adox %rax, %r13 -- adox %rbp, %rdx -+ xor %rbx, %rbx -+ adcx %rcx, %rax -+ adox %r13, %r13 -+ adcx %rbp, %rdx -+ adox %rbp, %rbx -+ adcx %r13, %rax -+ adcx %rdx, %rbx - -- .byte 0x66 -- add %rdx, %r14 -- -- movq %r13, 112(%rsp) -- movq %r14, 120(%rsp) - movq %xmm0, $out - movq %xmm1, %rbp - -@@ -741,6 +751,9 @@ - movq 48(%rsp), %r14 - movq 56(%rsp), %r15 - -+ movq %rax, 112(%rsp) -+ movq %rbx, 120(%rsp) -+ - call __rsaz_512_reducex - - addq 64(%rsp), %r8 diff --git a/meta/recipes-connectivity/openssl/openssl/reproducible.patch b/meta/recipes-connectivity/openssl/openssl/reproducible.patch new file mode 100644 index 0000000000..a24260c95d --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/reproducible.patch @@ -0,0 +1,32 @@ +The value for perl_archname can vary depending on the host, e.g. +x86_64-linux-gnu-thread-multi or x86_64-linux-thread-multi which +makes the ptest package non-reproducible. Its unused other than +these references so drop it. + +RP 2020/2/6 + +Upstream-Status: Pending +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + +Index: openssl-1.1.1d/Configure +=================================================================== +--- openssl-1.1.1d.orig/Configure ++++ openssl-1.1.1d/Configure +@@ -286,7 +286,7 @@ if (defined env($local_config_envname)) + # Save away perl command information + $config{perl_cmd} = $^X; + $config{perl_version} = $Config{version}; +-$config{perl_archname} = $Config{archname}; ++#$config{perl_archname} = $Config{archname}; + + $config{prefix}=""; + $config{openssldir}=""; +@@ -2517,7 +2517,7 @@ _____ + @{$config{perlargv}}), "\n"; + print "\nPerl information:\n\n"; + print ' ',$config{perl_cmd},"\n"; +- print ' ',$config{perl_version},' for ',$config{perl_archname},"\n"; ++ print ' ',$config{perl_version},"\n"; + } + if ($dump || $options) { + my $longest = 0; diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1f.bb index 458ae7daf4..aa4ef6f48a 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1f.bb @@ -16,15 +16,14 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://0001-skip-test_symbol_presence.patch \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://afalg.patch \ - file://CVE-2019-1551.patch \ + file://reproducible.patch \ " SRC_URI_append_class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[md5sum] = "3be209000dbc7e1b95bcdf47980a3baa" -SRC_URI[sha256sum] = "1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2" +SRC_URI[sha256sum] = "186c6bfe6ecfba7a5b48c47f8a1673d0f3b0e5ba2e25602dd23b629975da3f35" inherit lib_package multilib_header multilib_script ptest MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" @@ -33,7 +32,7 @@ PACKAGECONFIG ?= "" PACKAGECONFIG_class-native = "" PACKAGECONFIG_class-nativesdk = "" -PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux" +PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" B = "${WORKDIR}/build" do_configure[cleandirs] = "${B}" diff --git a/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch b/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch new file mode 100644 index 0000000000..b7ba7ba643 --- /dev/null +++ b/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch @@ -0,0 +1,47 @@ +From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001 +From: Paul Mackerras <paulus@ozlabs.org> +Date: Mon, 3 Feb 2020 15:53:28 +1100 +Subject: [PATCH] pppd: Fix bounds check in EAP code + +Given that we have just checked vallen < len, it can never be the case +that vallen >= len + sizeof(rhostname). This fixes the check so we +actually avoid overflowing the rhostname array. + +Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> +Signed-off-by: Paul Mackerras <paulus@ozlabs.org> + +Upstream-Status: Backport +[https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426] + +CVE: CVE-2020-8597 + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + pppd/eap.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/pppd/eap.c b/pppd/eap.c +index 94407f5..1b93db0 100644 +--- a/pppd/eap.c ++++ b/pppd/eap.c +@@ -1420,7 +1420,7 @@ int len; + } + + /* Not so likely to happen. */ +- if (vallen >= len + sizeof (rhostname)) { ++ if (len - vallen >= sizeof (rhostname)) { + dbglog("EAP: trimming really long peer name down"); + BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); + rhostname[sizeof (rhostname) - 1] = '\0'; +@@ -1846,7 +1846,7 @@ int len; + } + + /* Not so likely to happen. */ +- if (vallen >= len + sizeof (rhostname)) { ++ if (len - vallen >= sizeof (rhostname)) { + dbglog("EAP: trimming really long peer name down"); + BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); + rhostname[sizeof (rhostname) - 1] = '\0'; +-- +2.17.1 + diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb index 644cde4562..60c56dd0bd 100644 --- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb +++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb @@ -33,6 +33,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \ file://0001-ppp-Remove-unneeded-include.patch \ file://ppp-2.4.7-DES-openssl.patch \ + file://0001-pppd-Fix-bounds-check-in-EAP-code.patch \ " SRC_URI_append_libc-musl = "\ |