diff options
Diffstat (limited to 'meta/recipes-extended')
16 files changed, 635 insertions, 7 deletions
diff --git a/meta/recipes-extended/cpio/cpio-2.12/CVE-2019-14866.patch b/meta/recipes-extended/cpio/cpio-2.12/CVE-2019-14866.patch new file mode 100644 index 0000000000..5d587fc832 --- /dev/null +++ b/meta/recipes-extended/cpio/cpio-2.12/CVE-2019-14866.patch @@ -0,0 +1,316 @@ +CVE: CVE-2019-14866 +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=7554e3e42cd72f6f8304410c47fe6f8918e9bfd7] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> + +From a052401293e45a13cded5959b258204dae6d0af5 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <gray@gnu.org> +Date: Sun, 3 Nov 2019 23:59:39 +0200 +Subject: [PATCH] Fix CVE-2019-14866 + +* src/copyout.c (to_ascii): Additional argument nul controls whether +to add the terminating nul character. +(field_width_error): Improve diagnostics: print the actual and the +maximum allowed field value. +* src/extern.h (to_ascii, field_width_error): New prototypes. +* src/tar.c (to_oct): Remove. +(to_oct_or_error): New function. +(TO_OCT): New macro. +(write_out_tar_header): Use TO_OCT and to_ascii. Return 0 on +success, 1 on error. +--- + src/copyout.c | 49 ++++++++++++++++++++++-------------- + src/extern.h | 15 +++++++++-- + src/tar.c | 69 ++++++++++++++++++++++++--------------------------- + 3 files changed, 75 insertions(+), 58 deletions(-) + +diff --git a/src/copyout.c b/src/copyout.c +index 1f0987a..1ae5477 100644 +--- a/src/copyout.c ++++ b/src/copyout.c +@@ -269,26 +269,32 @@ writeout_final_defers (int out_des) + so it should be moved to paxutils too. + Allowed values for logbase are: 1 (binary), 2, 3 (octal), 4 (hex) */ + int +-to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase) ++to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase, bool nul) + { + static char codetab[] = "0123456789ABCDEF"; +- int i = digits; +- +- do ++ ++ if (nul) ++ where[--digits] = 0; ++ while (digits > 0) + { +- where[--i] = codetab[(v & ((1 << logbase) - 1))]; ++ where[--digits] = codetab[(v & ((1 << logbase) - 1))]; + v >>= logbase; + } +- while (i); + + return v != 0; + } + +-static void +-field_width_error (const char *filename, const char *fieldname) ++void ++field_width_error (const char *filename, const char *fieldname, ++ uintmax_t value, size_t width, bool nul) + { +- error (0, 0, _("%s: field width not sufficient for storing %s"), +- filename, fieldname); ++ char valbuf[UINTMAX_STRSIZE_BOUND + 1]; ++ char maxbuf[UINTMAX_STRSIZE_BOUND + 1]; ++ error (0, 0, _("%s: value %s %s out of allowed range 0..%s"), ++ filename, fieldname, ++ STRINGIFY_BIGINT (value, valbuf), ++ STRINGIFY_BIGINT (MAX_VAL_WITH_DIGITS (width - nul, LG_8), ++ maxbuf)); + } + + static void +@@ -303,7 +309,7 @@ to_ascii_or_warn (char *where, uintmax_t n, size_t digits, + unsigned logbase, + const char *filename, const char *fieldname) + { +- if (to_ascii (where, n, digits, logbase)) ++ if (to_ascii (where, n, digits, logbase, false)) + field_width_warning (filename, fieldname); + } + +@@ -312,9 +318,9 @@ to_ascii_or_error (char *where, uintmax_t n, size_t digits, + unsigned logbase, + const char *filename, const char *fieldname) + { +- if (to_ascii (where, n, digits, logbase)) ++ if (to_ascii (where, n, digits, logbase, false)) + { +- field_width_error (filename, fieldname); ++ field_width_error (filename, fieldname, n, digits, false); + return 1; + } + return 0; +@@ -371,7 +377,7 @@ write_out_new_ascii_header (const char *magic_string, + _("name size"))) + return 1; + p += 8; +- to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16); ++ to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16, false); + + tape_buffered_write (ascii_header, out_des, sizeof ascii_header); + +@@ -388,7 +394,7 @@ write_out_old_ascii_header (dev_t dev, dev_t rdev, + char ascii_header[76]; + char *p = ascii_header; + +- to_ascii (p, file_hdr->c_magic, 6, LG_8); ++ to_ascii (p, file_hdr->c_magic, 6, LG_8, false); + p += 6; + to_ascii_or_warn (p, dev, 6, LG_8, file_hdr->c_name, _("device number")); + p += 6; +@@ -492,7 +498,10 @@ write_out_binary_header (dev_t rdev, + short_hdr.c_namesize = file_hdr->c_namesize & 0xFFFF; + if (short_hdr.c_namesize != file_hdr->c_namesize) + { +- field_width_error (file_hdr->c_name, _("name size")); ++ char maxbuf[UINTMAX_STRSIZE_BOUND + 1]; ++ error (0, 0, _("%s: value %s %s out of allowed range 0..%u"), ++ file_hdr->c_name, _("name size"), ++ STRINGIFY_BIGINT (file_hdr->c_namesize, maxbuf), 0xFFFFu); + return 1; + } + +@@ -502,7 +511,10 @@ write_out_binary_header (dev_t rdev, + if (((off_t)short_hdr.c_filesizes[0] << 16) + short_hdr.c_filesizes[1] + != file_hdr->c_filesize) + { +- field_width_error (file_hdr->c_name, _("file size")); ++ char maxbuf[UINTMAX_STRSIZE_BOUND + 1]; ++ error (0, 0, _("%s: value %s %s out of allowed range 0..%lu"), ++ file_hdr->c_name, _("file size"), ++ STRINGIFY_BIGINT (file_hdr->c_namesize, maxbuf), 0xFFFFFFFFlu); + return 1; + } + +@@ -552,8 +564,7 @@ write_out_header (struct cpio_file_stat *file_hdr, int out_des) + error (0, 0, _("%s: file name too long"), file_hdr->c_name); + return 1; + } +- write_out_tar_header (file_hdr, out_des); /* FIXME: No error checking */ +- return 0; ++ return write_out_tar_header (file_hdr, out_des); + + case arf_binary: + return write_out_binary_header (makedev (file_hdr->c_rdev_maj, +diff --git a/src/extern.h b/src/extern.h +index e27d662..f9ef56a 100644 +--- a/src/extern.h ++++ b/src/extern.h +@@ -117,6 +117,10 @@ void print_name_with_quoting (char *p); + /* copyout.c */ + int write_out_header (struct cpio_file_stat *file_hdr, int out_des); + void process_copy_out (void); ++int to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase, ++ bool nul); ++void field_width_error (const char *filename, const char *fieldname, ++ uintmax_t value, size_t width, bool nul); + + /* copypass.c */ + void process_copy_pass (void); +@@ -145,7 +149,7 @@ int make_path (char *argpath, uid_t owner, gid_t group, + const char *verbose_fmt_string); + + /* tar.c */ +-void write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des); ++int write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des); + int null_block (long *block, int size); + void read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des); + int otoa (char *s, unsigned long *n); +@@ -204,9 +208,16 @@ void cpio_safer_name_suffix (char *name, bool link_target, + int cpio_create_dir (struct cpio_file_stat *file_hdr, int existing_dir); + void change_dir (void); + +-/* FIXME: These two defines should be defined in paxutils */ ++/* FIXME: The following three should be defined in paxutils */ + #define LG_8 3 + #define LG_16 4 ++/* The maximum uintmax_t value that can be represented with DIGITS digits, ++ assuming that each digit is BITS_PER_DIGIT wide. */ ++#define MAX_VAL_WITH_DIGITS(digits, bits_per_digit) \ ++ ((digits) * (bits_per_digit) < sizeof (uintmax_t) * CHAR_BIT \ ++ ? ((uintmax_t) 1 << ((digits) * (bits_per_digit))) - 1 \ ++ : (uintmax_t) -1) ++ + + uintmax_t from_ascii (char const *where, size_t digs, unsigned logbase); + +diff --git a/src/tar.c b/src/tar.c +index a2ce171..ef58027 100644 +--- a/src/tar.c ++++ b/src/tar.c +@@ -79,36 +79,17 @@ stash_tar_filename (char *prefix, char *filename) + return hold_tar_filename; + } + +-/* Convert a number into a string of octal digits. +- Convert long VALUE into a DIGITS-digit field at WHERE, +- including a trailing space and room for a NUL. DIGITS==3 means +- 1 digit, a space, and room for a NUL. +- +- We assume the trailing NUL is already there and don't fill it in. +- This fact is used by start_header and finish_header, so don't change it! +- +- This is be equivalent to: +- sprintf (where, "%*lo ", digits - 2, value); +- except that sprintf fills in the trailing NUL and we don't. */ +- +-static void +-to_oct (register long value, register int digits, register char *where) ++static int ++to_oct_or_error (uintmax_t value, size_t digits, char *where, char const *field, ++ char const *file) + { +- --digits; /* Leave the trailing NUL slot alone. */ +- +- /* Produce the digits -- at least one. */ +- do ++ if (to_ascii (where, value, digits, LG_8, true)) + { +- where[--digits] = '0' + (char) (value & 7); /* One octal digit. */ +- value >>= 3; ++ field_width_error (file, field, value, digits, true); ++ return 1; + } +- while (digits > 0 && value != 0); +- +- /* Add leading zeroes, if necessary. */ +- while (digits > 0) +- where[--digits] = '0'; ++ return 0; + } +- + + + /* Compute and return a checksum for TAR_HDR, +@@ -134,10 +115,22 @@ tar_checksum (struct tar_header *tar_hdr) + return sum; + } + ++#define TO_OCT(file_hdr, c_fld, digits, tar_hdr, tar_field) \ ++ do \ ++ { \ ++ if (to_oct_or_error (file_hdr -> c_fld, \ ++ digits, \ ++ tar_hdr -> tar_field, \ ++ #tar_field, \ ++ file_hdr->c_name)) \ ++ return 1; \ ++ } \ ++ while (0) ++ + /* Write out header FILE_HDR, including the file name, to file + descriptor OUT_DES. */ + +-void ++int + write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des) + { + int name_len; +@@ -166,11 +159,11 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des) + + /* Ustar standard (POSIX.1-1988) requires the mode to contain only 3 octal + digits */ +- to_oct (file_hdr->c_mode & MODE_ALL, 8, tar_hdr->mode); +- to_oct (file_hdr->c_uid, 8, tar_hdr->uid); +- to_oct (file_hdr->c_gid, 8, tar_hdr->gid); +- to_oct (file_hdr->c_filesize, 12, tar_hdr->size); +- to_oct (file_hdr->c_mtime, 12, tar_hdr->mtime); ++ TO_OCT (file_hdr, c_mode & MODE_ALL, 8, tar_hdr, mode); ++ TO_OCT (file_hdr, c_uid, 8, tar_hdr, uid); ++ TO_OCT (file_hdr, c_gid, 8, tar_hdr, gid); ++ TO_OCT (file_hdr, c_filesize, 12, tar_hdr, size); ++ TO_OCT (file_hdr, c_mtime, 12, tar_hdr, mtime); + + switch (file_hdr->c_mode & CP_IFMT) + { +@@ -182,7 +175,7 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des) + strncpy (tar_hdr->linkname, file_hdr->c_tar_linkname, + TARLINKNAMESIZE); + tar_hdr->typeflag = LNKTYPE; +- to_oct (0, 12, tar_hdr->size); ++ to_ascii (tar_hdr->size, 0, 12, LG_8, true); + } + else + tar_hdr->typeflag = REGTYPE; +@@ -208,7 +201,7 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des) + than TARLINKNAMESIZE. */ + strncpy (tar_hdr->linkname, file_hdr->c_tar_linkname, + TARLINKNAMESIZE); +- to_oct (0, 12, tar_hdr->size); ++ to_ascii (tar_hdr->size, 0, 12, LG_8, true); + break; + #endif /* CP_IFLNK */ + } +@@ -227,13 +220,15 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des) + if (name) + strcpy (tar_hdr->gname, name); + +- to_oct (file_hdr->c_rdev_maj, 8, tar_hdr->devmajor); +- to_oct (file_hdr->c_rdev_min, 8, tar_hdr->devminor); ++ TO_OCT (file_hdr, c_rdev_maj, 8, tar_hdr, devmajor); ++ TO_OCT (file_hdr, c_rdev_min, 8, tar_hdr, devminor); + } + +- to_oct (tar_checksum (tar_hdr), 8, tar_hdr->chksum); ++ to_ascii (tar_hdr->chksum, tar_checksum (tar_hdr), 8, LG_8, true); + + tape_buffered_write ((char *) &tar_rec, out_des, TARRECORDSIZE); ++ ++ return 0; + } + + /* Return nonzero iff all the bytes in BLOCK are NUL. +-- +2.24.1 + diff --git a/meta/recipes-extended/cpio/cpio_2.12.bb b/meta/recipes-extended/cpio/cpio_2.12.bb index 3713bf0b1f..5abe494ebc 100644 --- a/meta/recipes-extended/cpio/cpio_2.12.bb +++ b/meta/recipes-extended/cpio/cpio_2.12.bb @@ -11,6 +11,7 @@ SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \ file://0001-Fix-CVE-2015-1197.patch \ file://0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch \ file://0001-Fix-segfault-with-append.patch \ + file://CVE-2019-14866.patch \ " SRC_URI[md5sum] = "fc207561a86b63862eea4b8300313e86" diff --git a/meta/recipes-extended/iputils/iputils_s20190709.bb b/meta/recipes-extended/iputils/iputils_s20190709.bb index 3f9e9917f0..42260f531e 100644 --- a/meta/recipes-extended/iputils/iputils_s20190709.bb +++ b/meta/recipes-extended/iputils/iputils_s20190709.bb @@ -32,7 +32,8 @@ PACKAGECONFIG[docs] = "-DBUILD_HTML_MANS=true -DBUILD_MANS=true,-DBUILD_HTML_MAN inherit meson update-alternatives -EXTRA_OEMESON += "--prefix=${root_prefix}/" +# Have to disable setcap/suid as its not deterministic +EXTRA_OEMESON += "--prefix=${root_prefix}/ -DNO_SETCAP_OR_SUID=true" ALTERNATIVE_PRIORITY = "100" diff --git a/meta/recipes-extended/libarchive/libarchive/0001-RAR5-reader-reject-files-that-declare-invalid-header.patch b/meta/recipes-extended/libarchive/libarchive/0001-RAR5-reader-reject-files-that-declare-invalid-header.patch new file mode 100644 index 0000000000..a84c1f1f76 --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/0001-RAR5-reader-reject-files-that-declare-invalid-header.patch @@ -0,0 +1,124 @@ +From c1fe0a8cc8dde8ba3eae3d17e34060d2d6e4eb96 Mon Sep 17 00:00:00 2001 +From: Grzegorz Antoniak <ga@anadoxin.org> +Date: Sun, 2 Feb 2020 08:04:41 +0100 +Subject: [PATCH] RAR5 reader: reject files that declare invalid header flags + +One of the fields in RAR5's base block structure is the size of the +header. Some invalid files declare a 0 header size setting, which can +confuse the unpacker. Minimum header size for RAR5 base blocks is 7 +bytes (4 bytes for CRC, and 3 bytes for the rest), so block size of 0 +bytes should be rejected at header parsing stage. + +The fix adds an error condition if header size of 0 bytes is detected. +In this case, the unpacker will not attempt to unpack the file, as the +header is corrupted. + +The commit also adds OSSFuzz #20459 sample to test further regressions +in this area. + +Upstream-Status: Backport[https://github.com/libarchive/libarchive/commit/94821008d6eea81e315c5881cdf739202961040a] +CVE: CVE-2020-9308 + +Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> +--- + Makefile.am | 1 + + libarchive/archive_read_support_format_rar5.c | 17 +++++++++++++++-- + libarchive/test/test_read_format_rar5.c | 15 +++++++++++++++ + ...d_format_rar5_block_size_is_too_small.rar.uu | 8 ++++++++ + 4 files changed, 39 insertions(+), 2 deletions(-) + create mode 100644 libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu + +diff --git a/Makefile.am b/Makefile.am +index da78b24..01abf20 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -863,6 +863,7 @@ libarchive_test_EXTRA_DIST=\ + libarchive/test/test_read_format_rar5_symlink.rar.uu \ + libarchive/test/test_read_format_rar5_truncated_huff.rar.uu \ + libarchive/test/test_read_format_rar5_win32.rar.uu \ ++ libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu \ + libarchive/test/test_read_format_raw.bufr.uu \ + libarchive/test/test_read_format_raw.data.gz.uu \ + libarchive/test/test_read_format_raw.data.Z.uu \ +diff --git a/libarchive/archive_read_support_format_rar5.c b/libarchive/archive_read_support_format_rar5.c +index 7c24627..f73393c 100644 +--- a/libarchive/archive_read_support_format_rar5.c ++++ b/libarchive/archive_read_support_format_rar5.c +@@ -2034,6 +2034,8 @@ static int scan_for_signature(struct archive_read* a); + static int process_base_block(struct archive_read* a, + struct archive_entry* entry) + { ++ const size_t SMALLEST_RAR5_BLOCK_SIZE = 3; ++ + struct rar5* rar = get_context(a); + uint32_t hdr_crc, computed_crc; + size_t raw_hdr_size = 0, hdr_size_len, hdr_size; +@@ -2057,15 +2059,26 @@ static int process_base_block(struct archive_read* a, + return ARCHIVE_EOF; + } + ++ hdr_size = raw_hdr_size + hdr_size_len; ++ + /* Sanity check, maximum header size for RAR5 is 2MB. */ +- if(raw_hdr_size > (2 * 1024 * 1024)) { ++ if(hdr_size > (2 * 1024 * 1024)) { + archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, + "Base block header is too large"); + + return ARCHIVE_FATAL; + } + +- hdr_size = raw_hdr_size + hdr_size_len; ++ /* Additional sanity checks to weed out invalid files. */ ++ if(raw_hdr_size == 0 || hdr_size_len == 0 || ++ hdr_size < SMALLEST_RAR5_BLOCK_SIZE) ++ { ++ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ++ "Too small block encountered (%ld bytes)", ++ raw_hdr_size); ++ ++ return ARCHIVE_FATAL; ++ } + + /* Read the whole header data into memory, maximum memory use here is + * 2MB. */ +diff --git a/libarchive/test/test_read_format_rar5.c b/libarchive/test/test_read_format_rar5.c +index 1408f37..32e7ed8 100644 +--- a/libarchive/test/test_read_format_rar5.c ++++ b/libarchive/test/test_read_format_rar5.c +@@ -1194,3 +1194,18 @@ DEFINE_TEST(test_read_format_rar5_fileattr) + + EPILOGUE(); + } ++ ++DEFINE_TEST(test_read_format_rar5_block_size_is_too_small) ++{ ++ char buf[4096]; ++ PROLOGUE("test_read_format_rar5_block_size_is_too_small.rar"); ++ ++ /* This file is damaged, so those functions should return failure. ++ * Additionally, SIGSEGV shouldn't be raised during execution ++ * of those functions. */ ++ ++ assertA(archive_read_next_header(a, &ae) != ARCHIVE_OK); ++ assertA(archive_read_data(a, buf, sizeof(buf)) <= 0); ++ ++ EPILOGUE(); ++} +diff --git a/libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu b/libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu +new file mode 100644 +index 0000000..5cad219 +--- /dev/null ++++ b/libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu +@@ -0,0 +1,8 @@ ++begin 644 test_read_format_rar5_block_size_is_too_small.rar ++M4F%R(1H'`0"-[P+2``+'(!P,("`@N`,!`B`@("`@("`@("`@("`@("#_("`@ ++M("`@("`@("`@((:Q;2!4-'-^4B`!((WO`M(``O\@$/\@-R`@("`@("`@("`@ ++M``X@("`@("`@____("`@("`@(/\@("`@("`@("`@("#_(+6U,2"UM;6UM[CU ++M)B`@*(0G(`!.`#D\3R``(/__(,+_````-0#_($&%*/HE=C+N`"```"```"`D ++J`)$#("#_("#__P`@__\@_R#_("`@("`@("#_("#__R`@(/__("#__R`" ++` ++end +-- +2.23.0 + diff --git a/meta/recipes-extended/libarchive/libarchive_3.4.0.bb b/meta/recipes-extended/libarchive/libarchive_3.4.0.bb index c196382b07..db45ccf654 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.4.0.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.4.0.bb @@ -33,6 +33,7 @@ EXTRA_OECONF += "--enable-largefile" SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ file://CVE-2019-19221.patch \ + file://0001-RAR5-reader-reject-files-that-declare-invalid-header.patch \ " SRC_URI[md5sum] = "6046396255bd7cf6d0f6603a9bda39ac" diff --git a/meta/recipes-extended/libidn/libidn2_2.2.0.bb b/meta/recipes-extended/libidn/libidn2_2.2.0.bb index bcbfdd85b9..71314149e1 100644 --- a/meta/recipes-extended/libidn/libidn2_2.2.0.bb +++ b/meta/recipes-extended/libidn/libidn2_2.2.0.bb @@ -22,7 +22,8 @@ EXTRA_OECONF += "--disable-rpath \ " do_install_append() { - sed -i -e 's|-L${STAGING_LIBDIR}||' ${D}${libdir}/pkgconfig/libidn2.pc + # Need to remove any duplicate whitespace too for reproducibility + sed -i -e 's|-L${STAGING_LIBDIR}||' -e 's/ */ /g' ${D}${libdir}/pkgconfig/libidn2.pc } LICENSE_${PN} = "(GPLv2+ | LGPLv3)" diff --git a/meta/recipes-extended/man-db/man-db_2.8.7.bb b/meta/recipes-extended/man-db/man-db_2.8.7.bb index 083b2374aa..0d73b03482 100644 --- a/meta/recipes-extended/man-db/man-db_2.8.7.bb +++ b/meta/recipes-extended/man-db/man-db_2.8.7.bb @@ -10,7 +10,7 @@ SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/man-db/man-db-${PV}.tar.xz \ SRC_URI[md5sum] = "ec0b23c8314a1654c4d059b2c18ce43d" SRC_URI[sha256sum] = "b9cd5bb996305d08bfe9e1114edc30b4c97be807093b88af8033ed1cf9beb326" -DEPENDS = "libpipeline gdbm groff-native base-passwd" +DEPENDS = "libpipeline gdbm groff-native base-passwd flex-native" RDEPENDS_${PN} += "base-passwd" # | /usr/src/debug/man-db/2.8.0-r0/man-db-2.8.0/src/whatis.c:939: undefined reference to `_nl_msg_cat_cntr' diff --git a/meta/recipes-extended/mc/files/0001-Add-option-to-control-configure-args.patch b/meta/recipes-extended/mc/files/0001-Add-option-to-control-configure-args.patch new file mode 100644 index 0000000000..e76aac8161 --- /dev/null +++ b/meta/recipes-extended/mc/files/0001-Add-option-to-control-configure-args.patch @@ -0,0 +1,99 @@ +From a54501d3c9541bc8600225aa2d42531f93c6def7 Mon Sep 17 00:00:00 2001 +From: Joshua Watt <JPEWhacker@gmail.com> +Date: Sat, 9 Nov 2019 20:01:48 -0600 +Subject: [PATCH] Add option to control configure args + +Embedding the configure time options into the executable can lead to +non-reproducible builds, since configure options often have embedded +paths. Add a configure time option to control if the configure args are +embedded so this can be disabled. + +Upstream-Status: Submitted [https://midnight-commander.org/ticket/4031] +Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> +--- + configure.ac | 6 ++++++ + src/args.c | 6 ++++++ + src/textconf.c | 2 ++ + 3 files changed, 14 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 19d1a76be..a1948f6b9 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -544,6 +544,12 @@ dnl Clarify do we really need GModule + AM_CONDITIONAL([HAVE_GMODULE], [test -n "$g_module_supported" && \ + test x"$textmode_x11_support" = x"yes" -o x"$enable_aspell" = x"yes"]) + ++AC_ARG_ENABLE([configure-args], ++ AS_HELP_STRING([--enable-configure-args], [Handle all compiler warnings as errors])) ++if test "x$enable_configure_args" != xno; then ++ AC_DEFINE([ENABLE_CONFIGURE_ARGS], 1, [Define to enable showing configure arguments in help]) ++fi ++ + AC_DEFINE_UNQUOTED([MC_CONFIGURE_ARGS], ["$ac_configure_args"], [MC configure arguments]) + + AC_CONFIG_FILES( +diff --git a/src/args.c b/src/args.c +index baef1a1c8..f8dc24020 100644 +--- a/src/args.c ++++ b/src/args.c +@@ -95,7 +95,9 @@ static gboolean mc_args__nouse_subshell = FALSE; + #endif /* ENABLE_SUBSHELL */ + static gboolean mc_args__show_datadirs = FALSE; + static gboolean mc_args__show_datadirs_extended = FALSE; ++#ifdef ENABLE_CONFIGURE_ARGS + static gboolean mc_args__show_configure_opts = FALSE; ++#endif + + static GOptionGroup *main_group; + +@@ -125,6 +127,7 @@ static const GOptionEntry argument_main_table[] = { + NULL + }, + ++#ifdef ENABLE_CONFIGURE_ARGS + /* show configure options */ + { + "configure-options", '\0', G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_NONE, +@@ -132,6 +135,7 @@ static const GOptionEntry argument_main_table[] = { + N_("Print configure options"), + NULL + }, ++#endif + + { + "printwd", 'P', G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_STRING, +@@ -758,11 +762,13 @@ mc_args_show_info (void) + return FALSE; + } + ++#ifdef ENABLE_CONFIGURE_ARGS + if (mc_args__show_configure_opts) + { + show_configure_options (); + return FALSE; + } ++#endif + + return TRUE; + } +diff --git a/src/textconf.c b/src/textconf.c +index 1e0613e58..f39b9e028 100644 +--- a/src/textconf.c ++++ b/src/textconf.c +@@ -232,10 +232,12 @@ show_datadirs_extended (void) + + /* --------------------------------------------------------------------------------------------- */ + ++#ifdef ENABLE_CONFIGURE_ARGS + void + show_configure_options (void) + { + (void) printf ("%s\n", MC_CONFIGURE_ARGS); + } ++#endif + + /* --------------------------------------------------------------------------------------------- */ +-- +2.23.0 + diff --git a/meta/recipes-extended/mc/files/nomandate.patch b/meta/recipes-extended/mc/files/nomandate.patch new file mode 100644 index 0000000000..48bd73b110 --- /dev/null +++ b/meta/recipes-extended/mc/files/nomandate.patch @@ -0,0 +1,21 @@ +The man page date can vary depending upon the host perl, e.g. in Russian +some versions print 'июня', others 'Июнь' or Polish 'czerwca' or 'czerwiec'. +Rather than depend upon perl-native to fix this, just remove the date from +the manpages. + +RP 2020/2/4 + +Upstream-Status: Inappropriate [OE specficic reproducibility workaround] +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + +Index: mc-4.8.23/doc/man/date-of-man-include.am +=================================================================== +--- mc-4.8.23.orig/doc/man/date-of-man-include.am ++++ mc-4.8.23/doc/man/date-of-man-include.am +@@ -1,5 +1,5 @@ + SED_PARAMETERS = \ +- -e "s/%DATE_OF_MAN_PAGE%/$${MAN_DATE}/g" \ ++ -e "s/%DATE_OF_MAN_PAGE%//g" \ + -e "s/%DISTR_VERSION%/@DISTR_VERSION@/g" \ + -e "s{%prefix%{@prefix@{g" \ + -e "s{%sysconfdir%{@sysconfdir@{g" \ diff --git a/meta/recipes-extended/mc/mc_4.8.23.bb b/meta/recipes-extended/mc/mc_4.8.23.bb index 83de8dbb2c..de76591d9b 100644 --- a/meta/recipes-extended/mc/mc_4.8.23.bb +++ b/meta/recipes-extended/mc/mc_4.8.23.bb @@ -8,6 +8,8 @@ RDEPENDS_${PN} = "ncurses-terminfo" SRC_URI = "http://www.midnight-commander.org/downloads/${BPN}-${PV}.tar.bz2 \ file://0001-mc-replace-perl-w-with-use-warnings.patch \ + file://0001-Add-option-to-control-configure-args.patch \ + file://nomandate.patch \ " SRC_URI[md5sum] = "152927ac29cf0e61d7d019f261bb7d89" SRC_URI[sha256sum] = "238c4552545dcf3065359bd50753abbb150c1b22ec5a36eaa02c82808293267d" @@ -21,9 +23,12 @@ PACKAGECONFIG ??= "" PACKAGECONFIG[smb] = "--enable-vfs-smb,--disable-vfs-smb,samba," PACKAGECONFIG[sftp] = "--enable-vfs-sftp,--disable-vfs-sftp,libssh2," -EXTRA_OECONF = "--with-screen=ncurses --without-gpm-mouse --without-x" +EXTRA_OECONF = "--with-screen=ncurses --without-gpm-mouse --without-x --disable-configure-args" CACHED_CONFIGUREVARS += "ac_cv_path_PERL='/usr/bin/env perl'" +CACHED_CONFIGUREVARS += "ac_cv_path_PYTHON='/usr/bin/env python'" +CACHED_CONFIGUREVARS += "ac_cv_path_GREP='/usr/bin/env grep'" +CACHED_CONFIGUREVARS += "mc_cv_have_zipinfo=yes" do_install_append () { sed -i -e '1s,#!.*perl,#!${bindir}/env perl,' ${D}${libexecdir}/mc/extfs.d/* diff --git a/meta/recipes-extended/psmisc/psmisc.inc b/meta/recipes-extended/psmisc/psmisc.inc index 594a10cf22..6de5acb71b 100644 --- a/meta/recipes-extended/psmisc/psmisc.inc +++ b/meta/recipes-extended/psmisc/psmisc.inc @@ -7,7 +7,7 @@ command sends a specified signal (SIGTERM if nothing is specified) to \ processes identified by name. The fuser command identifies the PIDs \ of processes that are using specified files or filesystems." SECTION = "base" -DEPENDS = "ncurses virtual/libintl gettext-native" +DEPENDS = "ncurses virtual/libintl gettext-native xz-native" LICENSE = "GPLv2" SRC_URI = "${SOURCEFORGE_MIRROR}/psmisc/psmisc-${PV}.tar.gz" diff --git a/meta/recipes-extended/screen/screen/CVE-2020-9366.patch b/meta/recipes-extended/screen/screen/CVE-2020-9366.patch new file mode 100644 index 0000000000..a52b9e6e68 --- /dev/null +++ b/meta/recipes-extended/screen/screen/CVE-2020-9366.patch @@ -0,0 +1,48 @@ +From 8ce90c1d3d5bece150479d8bc9303fd9d9f45e03 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Amadeusz=20S=C5=82awi=C5=84ski?= <amade@asmblr.net> +Date: Thu, 30 Jan 2020 17:56:27 +0100 +Subject: [PATCH] Fix out of bounds access when setting w_xtermosc after OSC 49 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: =?UTF-8?q?Amadeusz=20S=C5=82awi=C5=84ski?= <amade@asmblr.net> +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +echo -e "\e]49\e; \n\ec" +crashes screen. + +This happens because 49 is divided by 10 and used as table index +resulting in access to w_xtermosc[4], which is out of bounds with table +itself being size 4. Increase size of table by 1 to 5, which is enough +for all current uses. + +As this overwrites memory based on user input it is potential security +issue. + +Reported-by: pippin@gimp.org +Signed-off-by: Amadeusz Sławiński <amade@asmblr.net> + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/screen.git/commit/?h=v.4.8.0&id=68386dfb1fa33471372a8cd2e74686758a2f527b] +CVE: CVE-2020-9366 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> + +--- + window.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/window.h b/window.h +index bd10dcd..a8afa19 100644 +--- a/window.h ++++ b/window.h +@@ -237,7 +237,7 @@ struct win + char w_vbwait; + char w_norefresh; /* dont redisplay when switching to that win */ + #ifdef RXVT_OSC +- char w_xtermosc[4][MAXSTR]; /* special xterm/rxvt escapes */ ++ char w_xtermosc[5][MAXSTR]; /* special xterm/rxvt escapes */ + #endif + int w_mouse; /* mouse mode 0,9,1000 */ + #ifdef HAVE_BRAILLE diff --git a/meta/recipes-extended/screen/screen_4.6.2.bb b/meta/recipes-extended/screen/screen_4.6.2.bb index 21b476ddb0..d00b849021 100644 --- a/meta/recipes-extended/screen/screen_4.6.2.bb +++ b/meta/recipes-extended/screen/screen_4.6.2.bb @@ -25,6 +25,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \ file://0001-fix-for-multijob-build.patch \ file://0001-configure.ac-fix-configure-failed-while-build-dir-ha.patch \ file://0001-Remove-more-compatibility-stuff.patch \ + file://CVE-2020-9366.patch \ " SRC_URI[md5sum] = "a0f529d3333b128dfaa324d978ba73a8" diff --git a/meta/recipes-extended/sudo/sudo.inc b/meta/recipes-extended/sudo/sudo.inc index 15075bcefd..4edfabe510 100644 --- a/meta/recipes-extended/sudo/sudo.inc +++ b/meta/recipes-extended/sudo/sudo.inc @@ -26,7 +26,7 @@ PACKAGECONFIG[pam-wheel] = ",,,pam-plugin-wheel" CONFFILES_${PN} = "${sysconfdir}/sudoers" -EXTRA_OECONF = "--with-editor=/bin/vi --with-env-editor" +EXTRA_OECONF = "--with-editor=${base_bindir}/vi --with-env-editor" EXTRA_OECONF_append_libc-musl = " --disable-hardening " diff --git a/meta/recipes-extended/sudo/sudo_1.8.27.bb b/meta/recipes-extended/sudo/sudo_1.8.27.bb index 0a11a1b28f..6d470d0373 100644 --- a/meta/recipes-extended/sudo/sudo_1.8.27.bb +++ b/meta/recipes-extended/sudo/sudo_1.8.27.bb @@ -15,10 +15,18 @@ SRC_URI[sha256sum] = "7beb68b94471ef56d8a1036dbcdc09a7b58a949a68ffce48b83f837dd3 DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" RDEPENDS_${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}" +CACHED_CONFIGUREVARS = " \ + ac_cv_type_rsize_t=no \ + ac_cv_path_MVPROG=${base_bindir}/mv \ + ac_cv_path_BSHELLPROG=${base_bindir}/sh \ + ac_cv_path_SENDMAILPROG=${sbindir}/sendmail \ + ac_cv_path_VIPROG=${base_bindir}/vi \ + " + EXTRA_OECONF += " \ - ac_cv_type_rsize_t=no \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--enable-tmpfiles.d=${nonarch_libdir}/tmpfiles.d', '--disable-tmpfiles.d', d)} \ + --with-vardir=/var/lib/sudo \ " do_install_append () { diff --git a/meta/recipes-extended/tar/tar_1.32.bb b/meta/recipes-extended/tar/tar_1.32.bb index 18f09b5711..ebe6cb0dbd 100644 --- a/meta/recipes-extended/tar/tar_1.32.bb +++ b/meta/recipes-extended/tar/tar_1.32.bb @@ -22,6 +22,8 @@ PACKAGECONFIG[acl] = "--with-posix-acls,--without-posix-acls,acl" EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}" +CACHED_CONFIGUREVARS += "tar_cv_path_RSH=no" + # Let aclocal use the relative path for the m4 file rather than the # absolute since tar has a lot of m4 files, otherwise there might # be an "Argument list too long" error when it is built in a long/deep |