meta-openembedded: subtree update:e93d527a33..76b83194b3
Alejandro Enedino Hernandez Samaniego (1):
Remmina: Upgrade to 1.4.7
Alistair Francis (1):
python3-obd: Add missing setuptools RDEPENDS
Andreas Müller (3):
xfce4-whiskermenu-plugin: upgrade 2.4.4 -> 2.4.5
xfce4-time-out-plugin: upgrade 1.1.0 -> 1.1.1
graphene: upgrade 1.10.0 -> 1.10.2
Andrej Valek (1):
python3-xlsxwriter: add recipe for v 1.2.9
Aníbal Limón (1):
recipes-graphics: Add parallel-deqp-runner recipe
Armin Kuster (10):
python3-flask-babel: update to 1.0.0 and consolidate
python3-fastnumbers: Add new package
python3-icu: add new package
python3-natsort: add new package
python3-croniter: Fix missing rdep
python3-gmpy2: add new package
python3-ecdsa: add package
python3-rsa: add new package
python3-gnupg: add new package
python3-qrcode: add package
Changqing Li (2):
rsyslog: get alias of syslog back
radvd: add /etc/radvd.conf
Christian Eggers (2):
networkmanager: Package nmcli separately
networkmanager: Fix udev dependency
Colin McAllister (4):
python3-cantools: Added recipe
python3-dateparser: Added recipe
python3-diskcache: Added recipe
python3-bitstruct: Added recipe
Dmitry Baryshkov (1):
recipes-graphics: add Khronos OpenGL ES and Vulkan CTS recipes
Julius Hemanth Pitti (1):
netkit-telnetd: Fix buffer overflow in netoprintf
Kai Kang (1):
python3-pykickstart: 3.22 -> 3.26
Khem Raj (4):
ace: Upgrade to 6.5.10
network-manager-applet: Add missing dependency on libgudev
memcached: Upgrade to 1.6.6
samba: Fix conflicts with nss.h from glibc
Leon Anavi (12):
python3-cbor2: Upgrade 5.1.0 -> 5.1.1
python3-psutil: Upgrade 5.7.0 -> 5.7.2
python3-isort: Upgrade 4.3.21 -> 5.1.0
python3-netaddr: Upgrade 0.7.20 -> 0.8.0
python3-bitarray: Upgrade 1.2.2 -> 1.4.1
python3-pymysql: Upgrade 0.9.3 -> 0.10.0
python3-simplejson: Upgrade 3.17.0 -> 3.17.2
python3-isort: Upgrade 5.1.0 -> 5.1.4
python3-stevedore: Upgrade 2.0.1 -> 3.2.0
python3-mock: Upgrade 4.0.1 -> 4.0.2
python3-pychromecast: Upgrade 7.1.1 -> 7.1.2
python3-coverage: Upgrade 5.1 -> 5.2
Matt Hoosier (1):
glmark2: don't build full OpenGL backends by default
Mingde (Matthew) Zeng (1):
net-snmp, openjpeg: add proper CVE tags to patches
Mingli Yu (1):
freeradius: fix the existed certificate error
Ovidiu Panait (1):
nss: upgrade 3.51.1 -> 3.54
Philip Balister (1):
python3-pybind11: Use cmake to build and add -native version
Ryan Rowe (2):
python3-packaging: add -native version
python3-pint: add setuptools and packaging to RDEPENDS
Sakib Sajal (4):
python3-mock: add recipe for v4.0.1
python3-pep8: add recipe for v1.7.1
python3-mccabe: add recipe for v0.2.1
python3-requests-toolbelt: add ptest
Slater, Joseph (2):
lvm2: reproducible binaries
toybox-inittab: unpack to S
Wang Mingyu (2):
python3-idna: upgrade 2.9 -> 2.10
python3-pytz: upgrade 2019.3 -> 2020.1
Zang Ruochen (5):
python3-requests-file: Enable ptest
python3-semver: Enable ptest
python3-smpplib: Enable ptest
python3-soupsieve: Enable ptest
python3-typeguard: Enable ptest
Zheng Ruoqin (3):
babeld: upgrade 1.9.1 -> 1.9.2
wireguard-module: upgrade 1.0.20200401 -> 1.0.20200712
wireguard-tools: upgrade 1.0.20200319 -> 1.0.20200513
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I7d02cff7fbd61a6f8e1a96354e169f5f19edf023
diff --git a/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch
new file mode 100644
index 0000000..8f983e4
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch
@@ -0,0 +1,56 @@
+From 9c81c8e5bc7782e8ae12c078615abc3c896059f2 Mon Sep 17 00:00:00 2001
+From: Julius Hemanth Pitti <jpitti@cisco.com>
+Date: Tue, 14 Jul 2020 22:34:19 -0700
+Subject: [PATCH] telnetd/utility.c: Fix buffer overflow in netoprintf
+
+As per man page of vsnprintf, when formated
+string size is greater than "size"(2nd argument),
+then vsnprintf returns size of formated string,
+not "size"(2nd argument).
+
+netoprintf() was not handling a case where
+return value of vsnprintf is greater than
+"size"(2nd argument), results in buffer overflow
+while adjusting "nfrontp" pointer to point
+beyond "netobuf" buffer.
+
+Here is one such case where "nfrontp"
+crossed boundaries of "netobuf", and
+pointing to another global variable.
+
+(gdb) p &netobuf[8255]
+$5 = 0x55c93afe8b1f <netobuf+8255> ""
+(gdb) p nfrontp
+$6 = 0x55c93afe8c20 <terminaltype> "\377"
+(gdb) p &terminaltype
+$7 = (char **) 0x55c93afe8c20 <terminaltype>
+(gdb)
+
+This resulted in crash of telnetd service
+with segmentation fault.
+
+Though this is DoS security bug, I couldn't
+find any CVE ID for this.
+
+Upstream-Status: Pending
+
+Signed-off-by: Julius Hemanth Pitti <jpitti@cisco.com>
+---
+ telnetd/utility.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/telnetd/utility.c b/telnetd/utility.c
+index b9a46a6..4811f14 100644
+--- a/telnetd/utility.c
++++ b/telnetd/utility.c
+@@ -66,7 +66,7 @@ netoprintf(const char *fmt, ...)
+ len = vsnprintf(nfrontp, maxsize, fmt, ap);
+ va_end(ap);
+
+- if (len<0 || len==maxsize) {
++ if (len<0 || len>=maxsize) {
+ /* didn't fit */
+ netflush();
+ }
+--
+2.19.1