summaryrefslogtreecommitdiffstats
path: root/poky/meta/recipes-extended
diff options
context:
space:
mode:
Diffstat (limited to 'poky/meta/recipes-extended')
-rw-r--r--poky/meta/recipes-extended/at/at_3.1.20.bb6
-rw-r--r--poky/meta/recipes-extended/bash/bash.inc2
-rw-r--r--poky/meta/recipes-extended/cpio/cpio-2.12/0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch346
-rw-r--r--poky/meta/recipes-extended/cpio/cpio_2.12.bb39
-rw-r--r--poky/meta/recipes-extended/cpio/cpio_v2.inc43
-rw-r--r--poky/meta/recipes-extended/gawk/gawk_4.2.1.bb (renamed from poky/meta/recipes-extended/gawk/gawk_4.2.0.bb)6
-rw-r--r--poky/meta/recipes-extended/ltp/ltp_20180118.bb2
-rw-r--r--poky/meta/recipes-extended/minicom/minicom_2.7.1.bb2
-rw-r--r--poky/meta/recipes-extended/shadow/files/CVE-2017-2616.patch64
-rw-r--r--poky/meta/recipes-extended/shadow/files/pam.d/chpasswd2
-rw-r--r--poky/meta/recipes-extended/shadow/files/pam.d/newusers2
-rw-r--r--poky/meta/recipes-extended/shadow/shadow.inc8
-rw-r--r--poky/meta/recipes-extended/sysklogd/sysklogd.inc2
-rw-r--r--poky/meta/recipes-extended/xinetd/xinetd/xinetd.service5
14 files changed, 472 insertions, 57 deletions
diff --git a/poky/meta/recipes-extended/at/at_3.1.20.bb b/poky/meta/recipes-extended/at/at_3.1.20.bb
index 8fe3b437e..b76e83d1d 100644
--- a/poky/meta/recipes-extended/at/at_3.1.20.bb
+++ b/poky/meta/recipes-extended/at/at_3.1.20.bb
@@ -8,6 +8,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4325afd396febcb659c36b49533135d4"
DEPENDS = "flex flex-native bison-native \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
+PACKAGECONFIG ?= "\
+ ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)} \
+"
+
+PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux,"
+
RDEPENDS_${PN} = "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_DEPS}', '', d)} \
"
diff --git a/poky/meta/recipes-extended/bash/bash.inc b/poky/meta/recipes-extended/bash/bash.inc
index 9c2b065f9..2e7f261a2 100644
--- a/poky/meta/recipes-extended/bash/bash.inc
+++ b/poky/meta/recipes-extended/bash/bash.inc
@@ -7,7 +7,7 @@ DEPENDS = "ncurses bison-native virtual/libiconv"
inherit autotools gettext texinfo update-alternatives ptest
EXTRA_AUTORECONF += "--exclude=autoheader --exclude=aclocal"
-EXTRA_OECONF = "--enable-job-control --without-bash-malloc"
+EXTRA_OECONF = "--enable-job-control --without-bash-malloc bash_cv_wexitstatus_offset=8"
# If NON_INTERACTIVE_LOGIN_SHELLS is defined, all login shells read the
# startup files, even if they are not interactive.
diff --git a/poky/meta/recipes-extended/cpio/cpio-2.12/0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch b/poky/meta/recipes-extended/cpio/cpio-2.12/0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch
new file mode 100644
index 000000000..0a3054483
--- /dev/null
+++ b/poky/meta/recipes-extended/cpio/cpio-2.12/0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch
@@ -0,0 +1,346 @@
+From ebf9a2d776474181936a720ce811d72bbd1da3b6 Mon Sep 17 00:00:00 2001
+From: Pavel Raiskup <praiskup@redhat.com>
+Date: Tue, 26 Jan 2016 23:17:54 +0100
+Subject: [PATCH] CVE-2016-2037 - 1 byte out-of-bounds write
+
+Ensure that cpio_safer_name_suffix always works with dynamically
+allocated buffer, and that it has size of at least 32 bytes.
+Then, any call to cpio_safer_name_suffix is safe (it requires at
+least 2 bytes in the buffer).
+
+Also ensure that c_namesize is always correctly initialized (by
+cpio_set_c_name) to avoid undefined behavior when reading
+file_hdr.c_namesize (previously happened for tar archives).
+
+References:
+http://www.mail-archive.com/bug-cpio@gnu.org/msg00545.html
+
+* src/copyin.c (query_rename): Drop the hack, as we now work with
+dynamically allocated buffer. Use cpio_set_c_name.
+(create_defered_links_to_skipped): Use cpio_set_c_name rather than
+manual assignment.
+(read_name_from_file): New function to avoid C&P.
+(read_in_old_ascii, read_in_new_ascii, read_in_binary): Use
+read_name_from_file.
+(process_copy_in): Initialize file_hdr.c_namesize.
+* src/copyout.c (process_copy_out): Use cpio_set_c_name.
+* src/cpiohdr.h (cpio_set_c_name): New prototype.
+* src/tar.c (read_in_tar_header): Use cpio_set_c_name.
+* src/util.c (cpio_set_c_name): New function to set
+file_hdr->c_name and c_namesize from arbitrary string.
+(cpio_safer_name_suffix): Some docs fixes.
+* tests/inout.at: Also test copy-in, and try various formats.
+
+CVE: CVE-2016-2037
+
+Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=d36ec5f4e93130efb24fb9678aafd88e8070095b]
+
+Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
+---
+ src/copyin.c | 68 +++++++++++++++++++---------------------------------------
+ src/copyout.c | 13 +++++------
+ src/cpiohdr.h | 1 +
+ src/tar.c | 10 +++++----
+ src/util.c | 32 ++++++++++++++++++++++++++-
+ tests/inout.at | 19 ++++++++++++++--
+ 6 files changed, 82 insertions(+), 61 deletions(-)
+
+diff --git a/src/copyin.c b/src/copyin.c
+index cde911e..972f8a6 100644
+--- a/src/copyin.c
++++ b/src/copyin.c
+@@ -76,28 +76,7 @@ query_rename(struct cpio_file_stat* file_hdr, FILE *tty_in, FILE *tty_out,
+ return -1;
+ }
+ else
+- /* Debian hack: file_hrd.c_name is sometimes set to
+- point to static memory by code in tar.c. This
+- causes a segfault. This has been fixed and an
+- additional check to ensure that the file name
+- is not too long has been added. (Reported by
+- Horst Knobloch.) This bug has been reported to
+- "bug-gnu-utils@prep.ai.mit.edu". (99/1/6) -BEM */
+- {
+- if (archive_format != arf_tar && archive_format != arf_ustar)
+- {
+- free (file_hdr->c_name);
+- file_hdr->c_name = xstrdup (new_name.ds_string);
+- }
+- else
+- {
+- if (is_tar_filename_too_long (new_name.ds_string))
+- error (0, 0, _("%s: file name too long"),
+- new_name.ds_string);
+- else
+- strcpy (file_hdr->c_name, new_name.ds_string);
+- }
+- }
++ cpio_set_c_name (file_hdr, new_name.ds_string);
+ return 0;
+ }
+
+@@ -344,8 +323,7 @@ create_defered_links_to_skipped (struct cpio_file_stat *file_hdr,
+ d_prev->next = d->next;
+ else
+ deferments = d->next;
+- free (file_hdr->c_name);
+- file_hdr->c_name = xstrdup(d->header.c_name);
++ cpio_set_c_name (file_hdr, d->header.c_name);
+ free_deferment (d);
+ copyin_regular_file(file_hdr, in_file_des);
+ return 0;
+@@ -1064,6 +1042,22 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des)
+ }
+ }
+
++static void
++read_name_from_file (struct cpio_file_stat *file_hdr, int fd, uintmax_t len)
++{
++ static char *tmp_filename;
++ static size_t buflen;
++
++ if (buflen < len)
++ {
++ buflen = len;
++ tmp_filename = xrealloc (tmp_filename, buflen);
++ }
++
++ tape_buffered_read (tmp_filename, fd, len);
++ cpio_set_c_name (file_hdr, tmp_filename);
++}
++
+ /* Fill in FILE_HDR by reading an old-format ASCII format cpio header from
+ file descriptor IN_DES, except for the magic number, which is
+ already filled in. */
+@@ -1090,14 +1084,8 @@ read_in_old_ascii (struct cpio_file_stat *file_hdr, int in_des)
+ file_hdr->c_rdev_min = minor (dev);
+
+ file_hdr->c_mtime = FROM_OCTAL (ascii_header.c_mtime);
+- file_hdr->c_namesize = FROM_OCTAL (ascii_header.c_namesize);
+ file_hdr->c_filesize = FROM_OCTAL (ascii_header.c_filesize);
+-
+- /* Read file name from input. */
+- if (file_hdr->c_name != NULL)
+- free (file_hdr->c_name);
+- file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize + 1);
+- tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize);
++ read_name_from_file (file_hdr, in_des, FROM_OCTAL (ascii_header.c_namesize));
+
+ /* HP/UX cpio creates archives that look just like ordinary archives,
+ but for devices it sets major = 0, minor = 1, and puts the
+@@ -1152,14 +1140,8 @@ read_in_new_ascii (struct cpio_file_stat *file_hdr, int in_des)
+ file_hdr->c_dev_min = FROM_HEX (ascii_header.c_dev_min);
+ file_hdr->c_rdev_maj = FROM_HEX (ascii_header.c_rdev_maj);
+ file_hdr->c_rdev_min = FROM_HEX (ascii_header.c_rdev_min);
+- file_hdr->c_namesize = FROM_HEX (ascii_header.c_namesize);
+ file_hdr->c_chksum = FROM_HEX (ascii_header.c_chksum);
+-
+- /* Read file name from input. */
+- if (file_hdr->c_name != NULL)
+- free (file_hdr->c_name);
+- file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize);
+- tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize);
++ read_name_from_file (file_hdr, in_des, FROM_HEX (ascii_header.c_namesize));
+
+ /* In SVR4 ASCII format, the amount of space allocated for the header
+ is rounded up to the next long-word, so we might need to drop
+@@ -1207,16 +1189,9 @@ read_in_binary (struct cpio_file_stat *file_hdr,
+ file_hdr->c_rdev_min = minor (short_hdr->c_rdev);
+ file_hdr->c_mtime = (unsigned long) short_hdr->c_mtimes[0] << 16
+ | short_hdr->c_mtimes[1];
+-
+- file_hdr->c_namesize = short_hdr->c_namesize;
+ file_hdr->c_filesize = (unsigned long) short_hdr->c_filesizes[0] << 16
+ | short_hdr->c_filesizes[1];
+-
+- /* Read file name from input. */
+- if (file_hdr->c_name != NULL)
+- free (file_hdr->c_name);
+- file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize);
+- tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize);
++ read_name_from_file (file_hdr, in_des, short_hdr->c_namesize);
+
+ /* In binary mode, the amount of space allocated in the header for
+ the filename is `c_namesize' rounded up to the next short-word,
+@@ -1297,6 +1272,7 @@ process_copy_in ()
+ read_pattern_file ();
+ }
+ file_hdr.c_name = NULL;
++ file_hdr.c_namesize = 0;
+
+ if (rename_batch_file)
+ {
+diff --git a/src/copyout.c b/src/copyout.c
+index 1f0987a..bb39559 100644
+--- a/src/copyout.c
++++ b/src/copyout.c
+@@ -660,8 +660,7 @@ process_copy_out ()
+ cpio_safer_name_suffix (input_name.ds_string, false,
+ !no_abs_paths_flag, true);
+ #ifndef HPUX_CDF
+- file_hdr.c_name = input_name.ds_string;
+- file_hdr.c_namesize = strlen (input_name.ds_string) + 1;
++ cpio_set_c_name (&file_hdr, input_name.ds_string);
+ #else
+ if ( (archive_format != arf_tar) && (archive_format != arf_ustar) )
+ {
+@@ -670,16 +669,15 @@ process_copy_out ()
+ properly recreate the directory as hidden (in case the
+ files of a directory go into the archive before the
+ directory itself (e.g from "find ... -depth ... | cpio")). */
+- file_hdr.c_name = add_cdf_double_slashes (input_name.ds_string);
+- file_hdr.c_namesize = strlen (file_hdr.c_name) + 1;
++ cpio_set_c_name (&file_hdr,
++ add_cdf_double_slashes (input_name.ds_string));
+ }
+ else
+ {
+ /* We don't mark CDF's in tar files. We assume the "hidden"
+ directory will always go into the archive before any of
+ its files. */
+- file_hdr.c_name = input_name.ds_string;
+- file_hdr.c_namesize = strlen (input_name.ds_string) + 1;
++ cpio_set_c_name (&file_hdr, input_name.ds_string);
+ }
+ #endif
+
+@@ -866,8 +864,7 @@ process_copy_out ()
+ file_hdr.c_chksum = 0;
+
+ file_hdr.c_filesize = 0;
+- file_hdr.c_namesize = 11;
+- file_hdr.c_name = CPIO_TRAILER_NAME;
++ cpio_set_c_name (&file_hdr, CPIO_TRAILER_NAME);
+ if (archive_format != arf_tar && archive_format != arf_ustar)
+ write_out_header (&file_hdr, out_file_des);
+ else
+diff --git a/src/cpiohdr.h b/src/cpiohdr.h
+index b29e6fb..f4c63be 100644
+--- a/src/cpiohdr.h
++++ b/src/cpiohdr.h
+@@ -129,5 +129,6 @@ struct cpio_file_stat /* Internal representation of a CPIO header */
+ char *c_tar_linkname;
+ };
+
++void cpio_set_c_name(struct cpio_file_stat *file_hdr, char *name);
+
+ #endif /* cpiohdr.h */
+diff --git a/src/tar.c b/src/tar.c
+index a2ce171..e41f89d 100644
+--- a/src/tar.c
++++ b/src/tar.c
+@@ -282,7 +282,7 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des)
+ if (null_block ((long *) &tar_rec, TARRECORDSIZE))
+ #endif
+ {
+- file_hdr->c_name = CPIO_TRAILER_NAME;
++ cpio_set_c_name (file_hdr, CPIO_TRAILER_NAME);
+ return;
+ }
+ #if 0
+@@ -316,9 +316,11 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des)
+ }
+
+ if (archive_format != arf_ustar)
+- file_hdr->c_name = stash_tar_filename (NULL, tar_hdr->name);
++ cpio_set_c_name (file_hdr, stash_tar_filename (NULL, tar_hdr->name));
+ else
+- file_hdr->c_name = stash_tar_filename (tar_hdr->prefix, tar_hdr->name);
++ cpio_set_c_name (file_hdr, stash_tar_filename (tar_hdr->prefix,
++ tar_hdr->name));
++
+ file_hdr->c_nlink = 1;
+ file_hdr->c_mode = FROM_OCTAL (tar_hdr->mode);
+ file_hdr->c_mode = file_hdr->c_mode & 07777;
+@@ -398,7 +400,7 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des)
+ case AREGTYPE:
+ /* Old tar format; if the last char in filename is '/' then it is
+ a directory, otherwise it's a regular file. */
+- if (file_hdr->c_name[strlen (file_hdr->c_name) - 1] == '/')
++ if (file_hdr->c_name[file_hdr->c_namesize - 1] == '/')
+ file_hdr->c_mode |= CP_IFDIR;
+ else
+ file_hdr->c_mode |= CP_IFREG;
+diff --git a/src/util.c b/src/util.c
+index 6ff6032..4f3c073 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -1410,8 +1410,34 @@ set_file_times (int fd,
+ utime_error (name);
+ }
+
++
++void
++cpio_set_c_name (struct cpio_file_stat *file_hdr, char *name)
++{
++ static size_t buflen = 0;
++ size_t len = strlen (name) + 1;
++
++ if (buflen == 0)
++ {
++ buflen = len;
++ if (buflen < 32)
++ buflen = 32;
++ file_hdr->c_name = xmalloc (buflen);
++ }
++ else if (buflen < len)
++ {
++ buflen = len;
++ file_hdr->c_name = xrealloc (file_hdr->c_name, buflen);
++ }
++
++ file_hdr->c_namesize = len;
++ memmove (file_hdr->c_name, name, len);
++}
++
+ /* Do we have to ignore absolute paths, and if so, does the filename
+- have an absolute path? */
++ have an absolute path? Before calling this function make sure that the
++ allocated NAME buffer has capacity at least 2 bytes. */
++
+ void
+ cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names,
+ bool strip_leading_dots)
+@@ -1426,6 +1452,10 @@ cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names,
+ ++p;
+ }
+ if (p != name)
++ /* The 'p' string is shortened version of 'name' with one exception; when
++ the 'name' points to an empty string (buffer where name[0] == '\0') the
++ 'p' then points to static string ".". So caller needs to ensure there
++ are at least two bytes available in 'name' buffer so memmove succeeds. */
+ memmove (name, p, (size_t)(strlen (p) + 1));
+ }
+
+diff --git a/tests/inout.at b/tests/inout.at
+index 60c3716..730cbd2 100644
+--- a/tests/inout.at
++++ b/tests/inout.at
+@@ -35,7 +35,22 @@ while read NAME LENGTH
+ do
+ genfile --length $LENGTH > $NAME
+ echo $NAME
+-done < filelist |
+- cpio --quiet -o > archive])
++done < filelist > filelist_raw
++
++for format in bin odc newc crc tar ustar hpbin hpodc
++do
++ cpio --format=$format --quiet -o < filelist_raw > archive.$format
++ rm -rf output
++ mkdir output && cd output
++ cpio -i --quiet < ../archive.$format
++
++ while read file
++ do
++ test -f $file || echo "$file not found"
++ done < ../filelist_raw
++
++ cd ..
++done
++])
+
+ AT_CLEANUP
+--
+1.9.1
+
diff --git a/poky/meta/recipes-extended/cpio/cpio_2.12.bb b/poky/meta/recipes-extended/cpio/cpio_2.12.bb
index 405a90e03..69d36983e 100644
--- a/poky/meta/recipes-extended/cpio/cpio_2.12.bb
+++ b/poky/meta/recipes-extended/cpio/cpio_2.12.bb
@@ -1,12 +1,47 @@
-require cpio_v2.inc
-
+SUMMARY = "GNU cpio is a program to manage archives of files"
+DESCRIPTION = "GNU cpio is a tool for creating and extracting archives, or copying files from one place to \
+another. It handles a number of cpio formats as well as reading and writing tar files."
+HOMEPAGE = "http://www.gnu.org/software/cpio/"
+SECTION = "base"
LICENSE = "GPLv3"
LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949"
SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \
file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
file://0001-Fix-CVE-2015-1197.patch \
+ file://0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch \
"
SRC_URI[md5sum] = "fc207561a86b63862eea4b8300313e86"
SRC_URI[sha256sum] = "08a35e92deb3c85d269a0059a27d4140a9667a6369459299d08c17f713a92e73"
+
+inherit autotools gettext texinfo
+
+EXTRA_OECONF += "DEFAULT_RMT_DIR=${base_sbindir}"
+
+do_install () {
+ autotools_do_install
+ if [ "${base_bindir}" != "${bindir}" ]; then
+ install -d ${D}${base_bindir}/
+ mv "${D}${bindir}/cpio" "${D}${base_bindir}/cpio"
+ rmdir ${D}${bindir}/
+ fi
+}
+
+PACKAGES =+ "${PN}-rmt"
+
+FILES_${PN}-rmt = "${base_sbindir}/rmt*"
+
+inherit update-alternatives
+
+ALTERNATIVE_PRIORITY = "100"
+
+ALTERNATIVE_${PN} = "cpio"
+ALTERNATIVE_${PN}-rmt = "rmt"
+
+ALTERNATIVE_LINK_NAME[cpio] = "${base_bindir}/cpio"
+
+ALTERNATIVE_PRIORITY[rmt] = "50"
+ALTERNATIVE_LINK_NAME[rmt] = "${base_sbindir}/rmt"
+
+BBCLASSEXTEND = "native"
diff --git a/poky/meta/recipes-extended/cpio/cpio_v2.inc b/poky/meta/recipes-extended/cpio/cpio_v2.inc
deleted file mode 100644
index 31adb717d..000000000
--- a/poky/meta/recipes-extended/cpio/cpio_v2.inc
+++ /dev/null
@@ -1,43 +0,0 @@
-SUMMARY = "GNU cpio is a program to manage archives of files"
-DESCRIPTION = "GNU cpio is a tool for creating and extracting archives, or copying files from one place to \
-another. It handles a number of cpio formats as well as reading and writing tar files."
-HOMEPAGE = "http://www.gnu.org/software/cpio/"
-SECTION = "base"
-
-DEPENDS = "texinfo-native"
-
-SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \
- "
-
-inherit autotools gettext texinfo
-
-S = "${WORKDIR}/cpio-${PV}"
-
-EXTRA_OECONF += "DEFAULT_RMT_DIR=${base_sbindir}"
-
-do_install () {
- autotools_do_install
- if [ "${base_bindir}" != "${bindir}" ]; then
- install -d ${D}${base_bindir}/
- mv "${D}${bindir}/cpio" "${D}${base_bindir}/cpio"
- rmdir ${D}${bindir}/
- fi
-}
-
-PACKAGES =+ "${PN}-rmt"
-
-FILES_${PN}-rmt = "${base_sbindir}/rmt*"
-
-inherit update-alternatives
-
-ALTERNATIVE_PRIORITY = "100"
-
-ALTERNATIVE_${PN} = "cpio"
-ALTERNATIVE_${PN}-rmt = "rmt"
-
-ALTERNATIVE_LINK_NAME[cpio] = "${base_bindir}/cpio"
-
-ALTERNATIVE_PRIORITY[rmt] = "50"
-ALTERNATIVE_LINK_NAME[rmt] = "${base_sbindir}/rmt"
-
-BBCLASSEXTEND = "native"
diff --git a/poky/meta/recipes-extended/gawk/gawk_4.2.0.bb b/poky/meta/recipes-extended/gawk/gawk_4.2.1.bb
index 27f79a2be..966375239 100644
--- a/poky/meta/recipes-extended/gawk/gawk_4.2.0.bb
+++ b/poky/meta/recipes-extended/gawk/gawk_4.2.1.bb
@@ -19,8 +19,8 @@ SRC_URI = "${GNU_MIRROR}/gawk/gawk-${PV}.tar.gz \
file://run-ptest \
"
-SRC_URI[md5sum] = "0b598c31bc703d66082bd958d4189980"
-SRC_URI[sha256sum] = "c88046c6e8396ee548bcb941e16def809b7b55b60a1044b5dd254094f347c7d9"
+SRC_URI[md5sum] = "0256724a0af50cb83ac92f833488673d"
+SRC_URI[sha256sum] = "2b23d51503b2df9a41aa6fddc6002ad7ebf2a386ac19dc1b6be0dd48b0acf6db"
inherit autotools gettext texinfo update-alternatives
@@ -43,6 +43,8 @@ do_install_ptest() {
for i in `grep -vE "@|^$|#|Gt-dummy" ${S}/test/Maketests |awk -F: '{print $1}'` Maketests inclib.awk; \
do cp ${S}/test/$i* ${D}${PTEST_PATH}/test; \
done
+ sed -i -e 's|/usr/local/bin|${bindir}|g' \
+ -e 's|#!${base_bindir}/awk|#!${bindir}/awk|g' ${D}${PTEST_PATH}/test/*.awk
}
BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-extended/ltp/ltp_20180118.bb b/poky/meta/recipes-extended/ltp/ltp_20180118.bb
index 14fb41b3b..8754fcd9f 100644
--- a/poky/meta/recipes-extended/ltp/ltp_20180118.bb
+++ b/poky/meta/recipes-extended/ltp/ltp_20180118.bb
@@ -58,7 +58,7 @@ export exec_prefix = "/opt/ltp"
PACKAGECONFIG[numa] = "--with-numa, --without-numa, numactl,"
EXTRA_AUTORECONF += "-I ${S}/testcases/realtime/m4"
-EXTRA_OECONF = " --with-power-management-testsuite --with-realtime-testsuite "
+EXTRA_OECONF = " --with-power-management-testsuite --with-realtime-testsuite --with-open-posix-testsuite "
# ltp network/rpc test cases ftbfs when libtirpc is found
EXTRA_OECONF += " --without-tirpc "
diff --git a/poky/meta/recipes-extended/minicom/minicom_2.7.1.bb b/poky/meta/recipes-extended/minicom/minicom_2.7.1.bb
index e6afe2b65..be0b48dfd 100644
--- a/poky/meta/recipes-extended/minicom/minicom_2.7.1.bb
+++ b/poky/meta/recipes-extended/minicom/minicom_2.7.1.bb
@@ -7,7 +7,7 @@ LICENSE = "GPLv2+"
LIC_FILES_CHKSUM = "file://COPYING;md5=420477abc567404debca0a2a1cb6b645 \
file://src/minicom.h;beginline=1;endline=12;md5=a58838cb709f0db517f4e42730c49e81"
-SRC_URI = "https://alioth.debian.org/frs/download.php/latestfile/3/${BP}.tar.gz \
+SRC_URI = "${DEBIAN_MIRROR}/main/m/${BPN}/${BPN}_${PV}.orig.tar.gz \
file://allow.to.disable.lockdev.patch \
file://0001-fix-minicom-h-v-return-value-is-not-0.patch \
file://0001-Fix-build-issus-surfaced-due-to-musl.patch \
diff --git a/poky/meta/recipes-extended/shadow/files/CVE-2017-2616.patch b/poky/meta/recipes-extended/shadow/files/CVE-2017-2616.patch
new file mode 100644
index 000000000..ee728f095
--- /dev/null
+++ b/poky/meta/recipes-extended/shadow/files/CVE-2017-2616.patch
@@ -0,0 +1,64 @@
+shadow-4.2.1: Fix CVE-2017-2616
+
+[No upstream tracking] -- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855943
+
+su: properly clear child PID
+
+If su is compiled with PAM support, it is possible for any local user
+to send SIGKILL to other processes with root privileges. There are
+only two conditions. First, the user must be able to perform su with
+a successful login. This does NOT have to be the root user, even using
+su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL
+can only be sent to processes which were executed after the su process.
+It is not possible to send SIGKILL to processes which were already
+running. I consider this as a security vulnerability, because I was
+able to write a proof of concept which unlocked a screen saver of
+another user this way.
+
+Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686]
+CVE: CVE-2017-2616
+bug: 855943
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+
+diff --git a/src/su.c b/src/su.c
+index 3704217..1efcd61 100644
+--- a/src/su.c
++++ b/src/su.c
+@@ -363,20 +363,35 @@ static void prepare_pam_close_session (void)
+ /* wake child when resumed */
+ kill (pid, SIGCONT);
+ stop = false;
++ } else {
++ pid_child = 0;
+ }
+ } while (!stop);
+ }
+
+- if (0 != caught) {
++ if (0 != caught && 0 != pid_child) {
+ (void) fputs ("\n", stderr);
+ (void) fputs (_("Session terminated, terminating shell..."),
+ stderr);
+ (void) kill (-pid_child, caught);
+
+ (void) signal (SIGALRM, kill_child);
++ (void) signal (SIGCHLD, catch_signals);
+ (void) alarm (2);
+
+- (void) wait (&status);
++ sigemptyset (&ourset);
++ if ((sigaddset (&ourset, SIGALRM) != 0)
++ || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) {
++ fprintf (stderr, _("%s: signal masking malfunction\n"), Prog);
++ kill_child (0);
++ } else {
++ while (0 == waitpid (pid_child, &status, WNOHANG)) {
++ sigsuspend (&ourset);
++ }
++ pid_child = 0;
++ (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL);
++ }
++
+ (void) fputs (_(" ...terminated.\n"), stderr);
+ }
+
diff --git a/poky/meta/recipes-extended/shadow/files/pam.d/chpasswd b/poky/meta/recipes-extended/shadow/files/pam.d/chpasswd
index 9e3efa68b..b769d92ba 100644
--- a/poky/meta/recipes-extended/shadow/files/pam.d/chpasswd
+++ b/poky/meta/recipes-extended/shadow/files/pam.d/chpasswd
@@ -1,4 +1,6 @@
# The PAM configuration file for the Shadow 'chpasswd' service
#
+auth sufficient pam_rootok.so
+account required pam_permit.so
password include common-password
diff --git a/poky/meta/recipes-extended/shadow/files/pam.d/newusers b/poky/meta/recipes-extended/shadow/files/pam.d/newusers
index 4aa3dde48..4c59dfa47 100644
--- a/poky/meta/recipes-extended/shadow/files/pam.d/newusers
+++ b/poky/meta/recipes-extended/shadow/files/pam.d/newusers
@@ -1,4 +1,6 @@
# The PAM configuration file for the Shadow 'newusers' service
#
+auth sufficient pam_rootok.so
+account required pam_permit.so
password include common-password
diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc
index 673207fc9..6efe4a911 100644
--- a/poky/meta/recipes-extended/shadow/shadow.inc
+++ b/poky/meta/recipes-extended/shadow/shadow.inc
@@ -8,7 +8,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \
DEPENDS = "virtual/crypt"
-SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \
+UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases"
+
+SRC_URI = "https://downloads.yoctoproject.org/mirror/sources/${BP}.tar.xz \
file://shadow-4.1.3-dots-in-usernames.patch \
file://usermod-fix-compilation-failure-with-subids-disabled.patch \
file://fix-installation-failure-with-subids-disabled.patch \
@@ -16,6 +18,7 @@ SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \
file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \
file://0001-useradd-copy-extended-attributes-of-home.patch \
file://0001-shadow-CVE-2017-12424 \
+ file://CVE-2017-2616.patch \
${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
"
@@ -127,7 +130,8 @@ do_install_append() {
# Ensure that the image has as a /var/spool/mail dir so shadow can
# put mailboxes there if the user reconfigures shadow to its
# defaults (see sed below).
- install -d ${D}${localstatedir}/spool/mail
+ install -m 0775 -d ${D}${localstatedir}/spool/mail
+ chown root:mail ${D}${localstatedir}/spool/mail
if [ -e ${WORKDIR}/pam.d ]; then
install -d ${D}${sysconfdir}/pam.d/
diff --git a/poky/meta/recipes-extended/sysklogd/sysklogd.inc b/poky/meta/recipes-extended/sysklogd/sysklogd.inc
index 1a537fabf..fc4e67c18 100644
--- a/poky/meta/recipes-extended/sysklogd/sysklogd.inc
+++ b/poky/meta/recipes-extended/sysklogd/sysklogd.inc
@@ -33,7 +33,7 @@ SYSTEMD_AUTO_ENABLE = "enable"
INITSCRIPT_NAME = "syslog"
CONFFILES_${PN} = "${sysconfdir}/syslog.conf"
-RCONFLICTS_${PN}-syslog = "rsyslog busybox-syslog syslog-ng"
+RCONFLICTS_${PN} = "rsyslog busybox-syslog syslog-ng"
CFLAGS += "-DSYSV -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE"
diff --git a/poky/meta/recipes-extended/xinetd/xinetd/xinetd.service b/poky/meta/recipes-extended/xinetd/xinetd/xinetd.service
index d5fdc5bc2..6da92f2bf 100644
--- a/poky/meta/recipes-extended/xinetd/xinetd/xinetd.service
+++ b/poky/meta/recipes-extended/xinetd/xinetd/xinetd.service
@@ -3,11 +3,8 @@ Description=Xinetd A Powerful Replacement For Inetd
After=syslog.target network.target
[Service]
-Type=forking
-PIDFile=/var/run/xinetd.pid
EnvironmentFile=-/etc/sysconfig/xinetd
-ExecStart=@SBINDIR@/xinetd -stayalive -pidfile /var/run/xinetd.pid "$EXTRAOPTIONS"
-ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID
+ExecStart=@SBINDIR@/xinetd -dontfork "$EXTRAOPTIONS"
[Install]
WantedBy=multi-user.target
OpenPOWER on IntegriCloud