meta-openembedded: subtree update:629696b64b..e93d527a33
Adrian (1):
firewalld: upgrade 0.7.3 -> 0.7.5
Andre Carvalho (1):
netcat: Set CVE_PRODUCT
Andreas Müller (6):
networkmanager: upgrade 1.22.10 -> 1.22.14
blueman: upgrade 2.1.1 -> 2.1.3
modemmanager: upgrade 1.12.10 -> 1.12.12
ibus: upgrade 1.5.21 -> 1.5.22
network-manager-applet: upgrade 1.16.0 -> 1.18.0
sysprof: remove linux-gnueabi-patch
Armin Kuster (2):
net-snmp: Security fix CVE-2019-20892
wireshark: Update to 3.2.5
Changqing Li (1):
libmcrypt: set CLEANBROKEN
Daniel Gomez (1):
ttf-fonts: Update ttf-ubuntu-font-family recipe
Fagundes, Paulo (1):
redis-plus-plus: add recipe
Hongxu Jia (1):
networkmanager: fix Files/directories were installed but not shipped
Jacopo Dall'Aglio (2):
netplan: upgrade 0.98 -> 0.99
python3-libconf: add recipe version 2.0.1
Khem Raj (1):
lirc: Inherit distutils-common-base
Konrad Weihmann (6):
ntop: remove static libs from dev package
ruli: recipe cleanup
postgresql: remove vacuumlo from contrib
libconfig: remove cmake append from base package
gattlib: remove includedir from base package
openldap: packaging fixes
Leon Anavi (63):
python3-pyro4: Upgrade 4.77 -> 4.80
python3-rdflib: Upgrade 4.2.2 -> 5.0.0
python3-httplib2: Upgrade 0.17.3 -> 0.18.1
python3-cppy: Add new recipe
python3-kiwisolver: Upgrade 1.1.0 -> 1.2.0
python3-sqlalchemy: Upgrade 1.3.17 -> 1.3.18
python3-greenlet: Upgrade 0.4.15 -> 0.4.16
python3-pkgconfig: Upgrade 1.4.0 -> 1.5.1
python3-msm: Upgrade 0.8.3 -> 0.8.7
python3-pulsectl: Upgrade 20.2.4 -> 20.5.1
python3-pybind11: Consolidate in a single file
python3-pybind11: Upgrade 2.4.3 -> 2.5.0
python3-pyparted: Consolidate in a single file
python3-pyparted: Upgrade 3.11.3 -> 3.11.6
python3-pywbem: Consolidate in a single file
python3-pywbem: Upgrade 0.15.0 -> 0.17.2
python3-jsonrpcserver: Upgrade 4.1.2 -> 4.1.3
python3-humanize: Upgrade 2.4.0 -> 2.4.1
python3-autobahn: Upgrade 20.4.3 -> 20.6.2
python3-yappi: Upgrade 1.0 -> 1.2.5
python3-sympy: Upgrade 1.5.1 -> 1.6
python3-watchdog: Upgrade 0.10.2 -> 0.10.3
python3-tqdm: Upgrade 4.43.0 -> 4.47.0
python3-pyflakes: Upgrade 2.1.1 -> 2.2.0
python3-pymisp: Upgrade 2.4.122 -> 2.4.128
python3-pychromecast: Upgrade 4.2.3 -> 7.0.1
python3-py: Upgrade 1.8.2 -> 1.9.0
python3-html5lib: Upgrade 1.0.1 -> 1.1
python3-lz4: Upgrade 3.0.2 -> 3.1.0
python3-cassandra-driver: Upgrade 3.14.0 -> 3.24.0
python3-configargparse: Upgrade 0.15.1 -> 1.2.3
python3-cachetools: Upgrade 4.1.0 -> 4.1.1
python3-keras-preprocessing: Upgrade 1.1.0 -> 1.1.2
python3-pywbem: Upgrade 0.17.2 -> 0.17.3
python3-h2: Consolidate in a single file
python3-h2: Upgrade 3.1.1 -> 3.2.0
python3-requests: Upgrade 2.23.0 -> 2.24.0
python3-google-api-python-client: Upgrade 1.7.11 -> 1.9.3
python3-pyperclip: Upgrade 1.7.0 -> 1.8.0
python3-pyhamcrest: Upgrade 1.9.0 -> 2.0.2
python3-pint: Upgrade 0.13 -> 0.14
python3-dbus-next: Upgrade 0.1.2 -> 0.1.3
python3-pybluez: Upgrade 0.22 -> 0.23
python3-stevedore: Upgrade 1.31.0 -> 2.0.1
python3-h5py: Upgrade 2.9.0 -> 2.10.0
python3-cryptography-vectors: Upgrade 2.8 -> 2.9.2
python3-importlib-metadata: Upgrade 1.6.1 -> 1.7.0
python3-websocket-client: Upgrade 0.56.0 -> 0.57.0
python3-sentry-sdk: Upgrade 0.14.0 -> 0.16.0
python3-regex: Upgrade 2020.1.8 -> 2020.6.8
python3-python-vlc: Upgrade 3.0.9113 -> 3.0.10114
python3-robotframework: Upgrade 3.0.4 -> 3.2.1
python3-pychromecast: Upgrade 7.0.1 -> 7.1.0
python3-pyasn1-modules: Consolidate in a single file
python3-pyasn1-modules: Upgrade 0.2.7 -> 0.2.8
python3-sympy: Upgrade 1.6 -> 1.6.1
python3-pychromecast: Upgrade 7.1.0 -> 7.1.1
python3-imageio: Upgrade 2.8.0 -> 2.9.0
python3-humanize: Upgrade 2.4.1 -> 2.5.0
python3-tinyrecord: Upgrade 0.1.5 -> 0.2.0
python3-luma-oled: Upgrade 3.4.0 -> 3.5.0
python3-pyconnman: Consolidate in a single file
python3-jsonref: Consolidate in a single file
Pierre-Jean Texier (4):
minicoredumper: update SRC_URI to use github instead
tslib: upgrade 1.21 -> 1.22
haveged: upgrade 1.9.9 -> 1.9.13
xxhash: upgrade 0.7.3 -> 0.7.4
Qi.Chen@windriver.com (1):
multipath-tools: disable parallel build as a workaround
Robert Yang (1):
drbd-utils: Add CLEANBROKEN to fix rebuild errors
Sakib Sajal (2):
python3-betamax: add recipe
cunit: add ptest
Wang Mingyu (2):
nspr: upgrade 4.25 -> 4.26
python3-pytest: upgrade 5.4.2 -> 5.4.3
Zang Ruochen (20):
python3-ansicolors: Enable ptest
python3-anyjson: Enable ptest
python3-atomicwrites: upgrade 1.3.0 -> 1.4.0
python3-backports-functools-lru-cache: Enable ptest
python3-bcrypt: Enable ptest
nftables: upgrade 0.9.5 -> 0.9.6
ccid: upgrade 1.4.32 -> 1.4.33
docopt.cpp: upgrade 0.6.2 -> 0.6.3
libiio: upgrade 0.20 -> 0.21
librelp: upgrade 1.5.0 -> 1.6.0
redis: upgrade 6.0.4 -> 6.0.5
rsyslog: upgrade 0.2004.0 -> 0.2006.0
libnet-dns-perl: upgrade 1.24 -> 1.25
python3-blinker: Enable ptest
python3-cbor2: Enable ptest
python3-click: Enable ptest
python3-u-msgpack-python: Enable ptest
fuse3: Enable ptest
sshfs-fuse: Enable ptest
python3-wcwidth: Enable ptest
Zheng Ruoqin (7):
Fix build error when enable multilib.
tracker: Fix build error when enable multilib.
mraa: Disable python2, otherwise, there is a build error when enable multilib.
paho-mqtt-c: Fix build error when enable multilib.
upm:Fix build error when enable multilib.
python3-unidiff: Enable ptest
python3-uritemplate: Enable ptest
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I26a4e709d5f1416e73ec42e6dfc0e702dd1079bb
diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2019-20892.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2019-20892.patch
new file mode 100644
index 0000000..3e2637e
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2019-20892.patch
@@ -0,0 +1,118 @@
+From 5f881d3bf24599b90d67a45cae7a3eb099cd71c9 Mon Sep 17 00:00:00 2001
+From: Bart Van Assche <bvanassche@acm.org>
+Date: Sat, 27 Jul 2019 19:34:09 -0700
+Subject: [PATCH] libsnmp, USM: Introduce a reference count in struct
+ usmStateReference
+
+This patch fixes https://sourceforge.net/p/net-snmp/bugs/2956/.
+
+Upstream-Status: Backport
+[ak: fixup for 5.8 context, changes to library/snmpusm.h]
+CVE:CVE-2019-20892
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ snmplib/snmp_client.c | 22 +++----------
+ snmplib/snmpusm.c | 73 ++++++++++++++++++++++++++++---------------
+ 2 files changed, 53 insertions(+), 42 deletions(-)
+
+Index: net-snmp-5.8/snmplib/snmpusm.c
+===================================================================
+--- net-snmp-5.8.orig/snmplib/snmpusm.c
++++ net-snmp-5.8/snmplib/snmpusm.c
+@@ -285,12 +285,35 @@ free_enginetime_on_shutdown(int majorid,
+ struct usmStateReference *
+ usm_malloc_usmStateReference(void)
+ {
+- struct usmStateReference *retval = (struct usmStateReference *)
+- calloc(1, sizeof(struct usmStateReference));
++ struct usmStateReference *retval;
+
++ retval = calloc(1, sizeof(struct usmStateReference));
++ if (retval)
++ retval->refcnt = 1;
+ return retval;
+ } /* end usm_malloc_usmStateReference() */
+
++static int
++usm_clone(netsnmp_pdu *pdu, netsnmp_pdu *new_pdu)
++{
++ struct usmStateReference *ref = pdu->securityStateRef;
++ struct usmStateReference **new_ref =
++ (struct usmStateReference **)&new_pdu->securityStateRef;
++ int ret = 0;
++
++ if (!ref)
++ return ret;
++
++ if (pdu->command == SNMP_MSG_TRAP2) {
++ netsnmp_assert(pdu->securityModel == SNMP_DEFAULT_SECMODEL);
++ ret = usm_clone_usmStateReference(ref, new_ref);
++ } else {
++ netsnmp_assert(ref == *new_ref);
++ ref->refcnt++;
++ }
++
++ return ret;
++}
+
+ void
+ usm_free_usmStateReference(void *old)
+@@ -3345,6 +3368,7 @@ init_usm(void)
+ def->encode_reverse = usm_secmod_rgenerate_out_msg;
+ def->encode_forward = usm_secmod_generate_out_msg;
+ def->decode = usm_secmod_process_in_msg;
++ def->pdu_clone = usm_clone;
+ def->pdu_free_state_ref = usm_free_usmStateReference;
+ def->session_setup = usm_session_init;
+ def->handle_report = usm_handle_report;
+Index: net-snmp-5.8/snmplib/snmp_client.c
+===================================================================
+--- net-snmp-5.8.orig/snmplib/snmp_client.c
++++ net-snmp-5.8/snmplib/snmp_client.c
+@@ -402,27 +402,15 @@ _clone_pdu_header(netsnmp_pdu *pdu)
+ return NULL;
+ }
+
+- if (pdu->securityStateRef &&
+- pdu->command == SNMP_MSG_TRAP2) {
+-
+- ret = usm_clone_usmStateReference((struct usmStateReference *) pdu->securityStateRef,
+- (struct usmStateReference **) &newpdu->securityStateRef );
+-
+- if (ret)
+- {
++ sptr = find_sec_mod(newpdu->securityModel);
++ if (sptr && sptr->pdu_clone) {
++ /* call security model if it needs to know about this */
++ ret = sptr->pdu_clone(pdu, newpdu);
++ if (ret) {
+ snmp_free_pdu(newpdu);
+ return NULL;
+ }
+ }
+-
+- if ((sptr = find_sec_mod(newpdu->securityModel)) != NULL &&
+- sptr->pdu_clone != NULL) {
+- /*
+- * call security model if it needs to know about this
+- */
+- (*sptr->pdu_clone) (pdu, newpdu);
+- }
+-
+ return newpdu;
+ }
+
+Index: net-snmp-5.8/include/net-snmp/library/snmpusm.h
+===================================================================
+--- net-snmp-5.8.orig/include/net-snmp/library/snmpusm.h
++++ net-snmp-5.8/include/net-snmp/library/snmpusm.h
+@@ -43,6 +43,7 @@ extern "C" {
+ * Structures.
+ */
+ struct usmStateReference {
++ int refcnt;
+ char *usr_name;
+ size_t usr_name_length;
+ u_char *usr_engine_id;
diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.8.bb b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.8.bb
index 5466649..67316db 100644
--- a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.8.bb
+++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp_5.8.bb
@@ -28,6 +28,7 @@
file://reproducibility-accept-configure-options-from-env.patch \
file://0001-net-snmp-fix-compile-error-disable-des.patch \
file://0001-Add-pkg-config-support-for-building-applications-and.patch \
+ file://CVE-2019-20892.patch \
"
SRC_URI[md5sum] = "63bfc65fbb86cdb616598df1aff6458a"
SRC_URI[sha256sum] = "b2fc3500840ebe532734c4786b0da4ef0a5f67e51ef4c86b3345d697e4976adf"