* [thud 0/3] Patch review for thud
@ 2019-05-27 14:21 Armin Kuster
2019-05-27 14:21 ` [thud 1/3] netkit-rsh: don't build under musl Armin Kuster
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Armin Kuster @ 2019-05-27 14:21 UTC (permalink / raw)
To: openembedded-devel
These are being backported from Warrior-next
The following changes since commit f6b21313abee0fc53b77a7e977f3fa54a8428118:
ccid: fix SRC_URI (2019-05-26 09:09:32 -0700)
are available in the git repository at:
https://git.openembedded.org/meta-openembedded-contrib stable/thud-nmut
http://cgit.openembedded.org//log/?h=stable/thud-nmut
Qi.Chen@windriver.com (1):
netkit-rsh: add tag to CVE patch
Tom Rini (1):
netkit-rsh: don't build under musl
Yi Zhao (1):
netkit-rsh: security fixes
.../CVE-2019-7282-and-CVE-2019-7283.patch | 35 ++++++++++++++++++++++
.../recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb | 3 ++
2 files changed, 38 insertions(+)
create mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
--
2.7.4
^ permalink raw reply [flat|nested] 5+ messages in thread
* [thud 1/3] netkit-rsh: don't build under musl
2019-05-27 14:21 [thud 0/3] Patch review for thud Armin Kuster
@ 2019-05-27 14:21 ` Armin Kuster
2019-05-27 14:21 ` [thud 2/3] netkit-rsh: security fixes Armin Kuster
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Armin Kuster @ 2019-05-27 14:21 UTC (permalink / raw)
To: openembedded-devel
From: Tom Rini <trini@konsulko.com>
Uses iruserok and ruserok which are GNU extensions available in glibc
but not in musl
Cc: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb
index 03dd963..d034cd8 100644
--- a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb
+++ b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb
@@ -39,6 +39,8 @@ PACKAGECONFIG ??= ""
PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}"
PACKAGECONFIG[pam] = " , --without-pam, libpam, libpam"
+COMPATIBLE_HOST_libc-musl = 'null'
+
do_configure () {
./configure --prefix=${prefix} --exec-prefix=${exec_prefix}
echo "INSTALLROOT=${D}" > MCONFIG
--
2.7.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [thud 2/3] netkit-rsh: security fixes
2019-05-27 14:21 [thud 0/3] Patch review for thud Armin Kuster
2019-05-27 14:21 ` [thud 1/3] netkit-rsh: don't build under musl Armin Kuster
@ 2019-05-27 14:21 ` Armin Kuster
2019-05-27 14:21 ` [thud 3/3] netkit-rsh: add tag to CVE patch Armin Kuster
2019-05-27 22:37 ` [thud 0/3] Patch review for thud Khem Raj
3 siblings, 0 replies; 5+ messages in thread
From: Armin Kuster @ 2019-05-27 14:21 UTC (permalink / raw)
To: openembedded-devel
From: Yi Zhao <yi.zhao@windriver.com>
Fix CVE-2019-7282, CVE-2019-7283
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-7282
https://nvd.nist.gov/vuln/detail/CVE-2019-7283
Patch from:
https://sources.debian.org/src/netkit-rsh/0.17-20/debian/patches/fix-CVE-2018-20685-and-CVE-2019-6111.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../CVE-2019-7282-and-CVE-2019-7283.patch | 33 ++++++++++++++++++++++
.../recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb | 1 +
2 files changed, 34 insertions(+)
create mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
diff --git a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
new file mode 100644
index 0000000..4381f5b
--- /dev/null
+++ b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
@@ -0,0 +1,33 @@
+From a7831a16c3e0e1463d5eb08a58af152cb75ca976 Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Mon, 15 Apr 2019 06:05:58 +0000
+Subject: [PATCH] Fix CVE-2019-7282 and CVE-2019-7283
+
+Description: Fix CVE-2018-20685 and CVE-2019-6111
+Bug-Debian: https://bugs.debian.org/920486
+Origin: https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2#diff-9f340c228413d5a9a9206ea2ed2bc624R1114
+
+Upstream-Status: Backport [Debian]
+[https://sources.debian.org/src/netkit-rsh/0.17-20/debian/patches/fix-CVE-2018-20685-and-CVE-2019-6111.patch]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ rcp/rcp.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/rcp/rcp.c b/rcp/rcp.c
+index ca61c18..77d8ff8 100644
+--- a/rcp/rcp.c
++++ b/rcp/rcp.c
+@@ -740,6 +740,11 @@ sink(int argc, char *argv[])
+ size = size * 10 + (*cp++ - '0');
+ if (*cp++ != ' ')
+ SCREWUP("size not delimited");
++ if (*cp == '\0' || strchr(cp, '/') != NULL ||
++ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
++ error("error: unexpected filename: %s", cp);
++ exit(1);
++ }
+ if (targisdir) {
+ static char *namebuf;
+ static int cursize;
diff --git a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb
index d034cd8..6f203c5 100644
--- a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb
+++ b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb
@@ -16,6 +16,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/n/netkit-rsh/netkit-rsh_${PV}.orig.tar.gz;name=
file://netkit-rsh-0.17-rexec-ipv6.patch \
file://fix-host-variable.patch \
file://fixup_wait3_api_change.patch \
+ file://CVE-2019-7282-and-CVE-2019-7283.patch \
"
SRC_URI[archive.md5sum] = "65f5f28e2fe22d9ad8b17bb9a10df096"
--
2.7.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [thud 3/3] netkit-rsh: add tag to CVE patch
2019-05-27 14:21 [thud 0/3] Patch review for thud Armin Kuster
2019-05-27 14:21 ` [thud 1/3] netkit-rsh: don't build under musl Armin Kuster
2019-05-27 14:21 ` [thud 2/3] netkit-rsh: security fixes Armin Kuster
@ 2019-05-27 14:21 ` Armin Kuster
2019-05-27 22:37 ` [thud 0/3] Patch review for thud Khem Raj
3 siblings, 0 replies; 5+ messages in thread
From: Armin Kuster @ 2019-05-27 14:21 UTC (permalink / raw)
To: openembedded-devel
From: "Qi.Chen@windriver.com" <Qi.Chen@windriver.com>
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
index 4381f5b..285667b 100644
--- a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
+++ b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
@@ -10,6 +10,8 @@ Origin: https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa88
Upstream-Status: Backport [Debian]
[https://sources.debian.org/src/netkit-rsh/0.17-20/debian/patches/fix-CVE-2018-20685-and-CVE-2019-6111.patch]
+CVE: CVE-2019-7282 CVE-2019-7283
+
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
rcp/rcp.c | 5 +++++
--
2.7.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [thud 0/3] Patch review for thud
2019-05-27 14:21 [thud 0/3] Patch review for thud Armin Kuster
` (2 preceding siblings ...)
2019-05-27 14:21 ` [thud 3/3] netkit-rsh: add tag to CVE patch Armin Kuster
@ 2019-05-27 22:37 ` Khem Raj
3 siblings, 0 replies; 5+ messages in thread
From: Khem Raj @ 2019-05-27 22:37 UTC (permalink / raw)
To: Armin Kuster; +Cc: openembeded-devel
On Mon, May 27, 2019 at 7:22 AM Armin Kuster <akuster808@gmail.com> wrote:
>
> These are being backported from Warrior-next
>
LGTM.
> The following changes since commit f6b21313abee0fc53b77a7e977f3fa54a8428118:
>
> ccid: fix SRC_URI (2019-05-26 09:09:32 -0700)
>
> are available in the git repository at:
>
> https://git.openembedded.org/meta-openembedded-contrib stable/thud-nmut
> http://cgit.openembedded.org//log/?h=stable/thud-nmut
>
> Qi.Chen@windriver.com (1):
> netkit-rsh: add tag to CVE patch
>
> Tom Rini (1):
> netkit-rsh: don't build under musl
>
> Yi Zhao (1):
> netkit-rsh: security fixes
>
> .../CVE-2019-7282-and-CVE-2019-7283.patch | 35 ++++++++++++++++++++++
> .../recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb | 3 ++
> 2 files changed, 38 insertions(+)
> create mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
>
> --
> 2.7.4
>
> --
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-05-27 22:37 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-05-27 14:21 [thud 0/3] Patch review for thud Armin Kuster
2019-05-27 14:21 ` [thud 1/3] netkit-rsh: don't build under musl Armin Kuster
2019-05-27 14:21 ` [thud 2/3] netkit-rsh: security fixes Armin Kuster
2019-05-27 14:21 ` [thud 3/3] netkit-rsh: add tag to CVE patch Armin Kuster
2019-05-27 22:37 ` [thud 0/3] Patch review for thud Khem Raj
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.