meta-openembedded and poky: subtree updates
Squash of the following due to dependencies among them
and OpenBMC changes:
meta-openembedded: subtree update:d0748372d2..9201611135
meta-openembedded: subtree update:9201611135..17fd382f34
poky: subtree update:9052e5b32a..2e11d97b6c
poky: subtree update:2e11d97b6c..a8544811d7
The change log was too large for the jenkins plugin
to handle therefore it has been removed. Here is
the first and last commit of each subtree:
meta-openembedded:d0748372d2
cppzmq: bump to version 4.6.0
meta-openembedded:17fd382f34
mpv: Remove X11 dependency
poky:9052e5b32a
package_ipk: Remove pointless comment to trigger rebuild
poky:a8544811d7
pbzip2: Fix license warning
Change-Id: If0fc6c37629642ee207a4ca2f7aa501a2c673cd6
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
diff --git a/meta-openembedded/meta-networking/recipes-netkit/netkit-ftp/netkit-ftp_0.17.bb b/meta-openembedded/meta-networking/recipes-netkit/netkit-ftp/netkit-ftp_0.17.bb
index 65c20c0..cf306ec 100644
--- a/meta-openembedded/meta-networking/recipes-netkit/netkit-ftp/netkit-ftp_0.17.bb
+++ b/meta-openembedded/meta-networking/recipes-netkit/netkit-ftp/netkit-ftp_0.17.bb
@@ -18,6 +18,8 @@
inherit autotools-brokensep
+CLEANBROKEN = "1"
+
do_configure () {
./configure --prefix=${prefix}
echo "LDFLAGS=${LDFLAGS}" >> MCONFIG
diff --git a/meta-openembedded/meta-networking/recipes-netkit/netkit-rwho/netkit-rwho_0.17.bb b/meta-openembedded/meta-networking/recipes-netkit/netkit-rwho/netkit-rwho_0.17.bb
index 60a8d95..ad543b0 100644
--- a/meta-openembedded/meta-networking/recipes-netkit/netkit-rwho/netkit-rwho_0.17.bb
+++ b/meta-openembedded/meta-networking/recipes-netkit/netkit-rwho/netkit-rwho_0.17.bb
@@ -5,7 +5,7 @@
LIC_FILES_CHKSUM = "file://rwho/rwho.c;beginline=2;endline=3;md5=5a85f13c0142d72fc378e00f15da5b9e"
SRC_URI = "${DEBIAN_MIRROR}/main/n/netkit-rwho/netkit-rwho_${PV}.orig.tar.gz;name=archive \
- ${DEBIAN_MIRROR}/main/n/netkit-rwho/netkit-rwho_${PV}-13.debian.tar.gz;name=patch13 \
+ ${DEBIAN_MIRROR}/main/n/netkit-rwho/netkit-rwho_${PV}-13.debian.tar.gz;subdir=${BP};name=patch13 \
file://rwhod \
file://rwhod.default \
file://0001-Add-missing-include-path-to-I-options.patch \
@@ -20,13 +20,37 @@
CFLAGS += " -D_GNU_SOURCE"
-debian_do_patch() {
- cd ${S}
- while read line; do patch -p1 < ${WORKDIR}/debian/patches/$line; done < ${WORKDIR}/debian/patches/series
+# Unlike other Debian packages, net-tools *.diff.gz contains another series of
+# patches maintained by quilt. So manually apply them before applying other local
+# patches. Also remove all temp files before leaving, because do_patch() will pop
+# up all previously applied patches in the start
+do_patch[depends] += "quilt-native:do_populate_sysroot"
+netkit_do_patch() {
+ cd ${S}
+ # it's important that we only pop the existing patches when they've
+ # been applied, otherwise quilt will climb the directory tree
+ # and reverse out some completely different set of patches
+ if [ -d ${S}/patches ]; then
+ # whilst this is the default directory, doing it like this
+ # defeats the directory climbing that quilt will otherwise
+ # do; note the directory must exist to defeat this, hence
+ # the test inside which we operate
+ QUILT_PATCHES=${S}/patches quilt pop -a
+ fi
+ if [ -d ${S}/.pc-${BPN} ]; then
+ rm -rf ${S}/.pc
+ mv ${S}/.pc-${BPN} ${S}/.pc
+ QUILT_PATCHES=${S}/debian/patches quilt pop -a
+ rm -rf ${S}/.pc ${S}/debian
+ fi
+ QUILT_PATCHES=${S}/debian/patches quilt push -a
+ mv ${S}/.pc ${S}/.pc-${BPN}
}
+do_unpack[cleandirs] += "${S}"
+
python do_patch() {
- bb.build.exec_func('debian_do_patch', d)
+ bb.build.exec_func('netkit_do_patch', d)
bb.build.exec_func('patch_do_patch', d)
}
diff --git a/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/CVE-2020-10188.patch b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/CVE-2020-10188.patch
new file mode 100644
index 0000000..d21c602
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/files/CVE-2020-10188.patch
@@ -0,0 +1,112 @@
+From 6ab007dbb1958371abff2eaaad2b26da89b3c74e Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Fri, 24 Apr 2020 09:43:44 +0800
+Subject: [PATCH] telnetd/utility.c: fix CVE-2020-10188
+
+Upstream-Status: Backport
+[Fedora: https://src.fedoraproject.org/rpms/telnet/raw/master/f/telnet-0.17-overflow-exploit.patch]
+
+CVE: CVE-2020-10188
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ telnetd/utility.c | 32 +++++++++++++++++++++-----------
+ 1 file changed, 21 insertions(+), 11 deletions(-)
+
+diff --git a/telnetd/utility.c b/telnetd/utility.c
+index 75314cb..b9a46a6 100644
+--- a/telnetd/utility.c
++++ b/telnetd/utility.c
+@@ -169,31 +169,38 @@ void ptyflush(void)
+ */
+ static
+ char *
+-nextitem(char *current)
++nextitem(char *current, const char *endp)
+ {
++ if (current >= endp) {
++ return NULL;
++ }
+ if ((*current&0xff) != IAC) {
+ return current+1;
+ }
++ if (current+1 >= endp) {
++ return NULL;
++ }
+ switch (*(current+1)&0xff) {
+ case DO:
+ case DONT:
+ case WILL:
+ case WONT:
+- return current+3;
++ return current+3 <= endp ? current+3 : NULL;
+ case SB: /* loop forever looking for the SE */
+ {
+ register char *look = current+2;
+
+- for (;;) {
++ while (look < endp) {
+ if ((*look++&0xff) == IAC) {
+- if ((*look++&0xff) == SE) {
++ if (look < endp && (*look++&0xff) == SE) {
+ return look;
+ }
+ }
+ }
++ return NULL;
+ }
+ default:
+- return current+2;
++ return current+2 <= endp ? current+2 : NULL;
+ }
+ } /* end of nextitem */
+
+@@ -219,7 +226,7 @@ void netclear(void)
+ register char *thisitem, *next;
+ char *good;
+ #define wewant(p) ((nfrontp > p) && ((*p&0xff) == IAC) && \
+- ((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))
++ (nfrontp > p+1 && (((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))))
+
+ #if defined(ENCRYPT)
+ thisitem = nclearto > netobuf ? nclearto : netobuf;
+@@ -227,7 +234,7 @@ void netclear(void)
+ thisitem = netobuf;
+ #endif
+
+- while ((next = nextitem(thisitem)) <= nbackp) {
++ while ((next = nextitem(thisitem, nbackp)) != NULL && next <= nbackp) {
+ thisitem = next;
+ }
+
+@@ -239,20 +246,23 @@ void netclear(void)
+ good = netobuf; /* where the good bytes go */
+ #endif
+
+- while (nfrontp > thisitem) {
++ while (thisitem != NULL && nfrontp > thisitem) {
+ if (wewant(thisitem)) {
+ int length;
+
+ next = thisitem;
+ do {
+- next = nextitem(next);
+- } while (wewant(next) && (nfrontp > next));
++ next = nextitem(next, nfrontp);
++ } while (next != NULL && wewant(next) && (nfrontp > next));
++ if (next == NULL) {
++ next = nfrontp;
++ }
+ length = next-thisitem;
+ bcopy(thisitem, good, length);
+ good += length;
+ thisitem = next;
+ } else {
+- thisitem = nextitem(thisitem);
++ thisitem = nextitem(thisitem, nfrontp);
+ }
+ }
+
+--
+2.7.4
+
diff --git a/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb
index cf99341..0e92add 100644
--- a/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb
+++ b/meta-openembedded/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb
@@ -12,6 +12,7 @@
file://cross-compile.patch \
file://0001-telnet-telnetd-Fix-print-format-strings.patch \
file://0001-telnet-telnetd-Fix-deadlock-on-cleanup.patch \
+ file://CVE-2020-10188.patch \
"
UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/n/netkit-telnet/"
@@ -57,6 +58,9 @@
ALTERNATIVE_LINK_NAME[telnet] = "${bindir}/telnet"
ALTERNATIVE_TARGET[telnet] = "${bindir}/telnet.${PN}"
+ALTERNATIVE_${PN}-doc = "telnetd.8"
+ALTERNATIVE_LINK_NAME[telnetd.8] = "${mandir}/man8/telnetd.8"
+
SRC_URI[md5sum] = "d6beabaaf53fe6e382c42ce3faa05a36"
SRC_URI[sha256sum] = "9c80d5c7838361a328fb6b60016d503def9ce53ad3c589f3b08ff71a2bb88e00"
FILES_${PN} += "${sbindir}/in.* ${libdir}/* ${sysconfdir}/xinetd.d/*"