* [thud 1/3] netkit-rsh: don't build under musl
2019-05-27 14:21 [thud 0/3] Patch review for thud Armin Kuster
@ 2019-05-27 14:21 ` Armin Kuster
2019-05-27 14:21 ` [thud 2/3] netkit-rsh: security fixes Armin Kuster
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Armin Kuster @ 2019-05-27 14:21 UTC (permalink / raw)
To: openembedded-devel
From: Tom Rini <trini@konsulko.com>
Uses iruserok and ruserok which are GNU extensions available in glibc
but not in musl
Cc: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb
index 03dd963..d034cd8 100644
--- a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb
+++ b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb
@@ -39,6 +39,8 @@ PACKAGECONFIG ??= ""
PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}"
PACKAGECONFIG[pam] = " , --without-pam, libpam, libpam"
+COMPATIBLE_HOST_libc-musl = 'null'
+
do_configure () {
./configure --prefix=${prefix} --exec-prefix=${exec_prefix}
echo "INSTALLROOT=${D}" > MCONFIG
--
2.7.4
^ permalink raw reply related [flat|nested] 5+ messages in thread* [thud 2/3] netkit-rsh: security fixes
2019-05-27 14:21 [thud 0/3] Patch review for thud Armin Kuster
2019-05-27 14:21 ` [thud 1/3] netkit-rsh: don't build under musl Armin Kuster
@ 2019-05-27 14:21 ` Armin Kuster
2019-05-27 14:21 ` [thud 3/3] netkit-rsh: add tag to CVE patch Armin Kuster
2019-05-27 22:37 ` [thud 0/3] Patch review for thud Khem Raj
3 siblings, 0 replies; 5+ messages in thread
From: Armin Kuster @ 2019-05-27 14:21 UTC (permalink / raw)
To: openembedded-devel
From: Yi Zhao <yi.zhao@windriver.com>
Fix CVE-2019-7282, CVE-2019-7283
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-7282
https://nvd.nist.gov/vuln/detail/CVE-2019-7283
Patch from:
https://sources.debian.org/src/netkit-rsh/0.17-20/debian/patches/fix-CVE-2018-20685-and-CVE-2019-6111.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../CVE-2019-7282-and-CVE-2019-7283.patch | 33 ++++++++++++++++++++++
.../recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb | 1 +
2 files changed, 34 insertions(+)
create mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
diff --git a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
new file mode 100644
index 0000000..4381f5b
--- /dev/null
+++ b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
@@ -0,0 +1,33 @@
+From a7831a16c3e0e1463d5eb08a58af152cb75ca976 Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Mon, 15 Apr 2019 06:05:58 +0000
+Subject: [PATCH] Fix CVE-2019-7282 and CVE-2019-7283
+
+Description: Fix CVE-2018-20685 and CVE-2019-6111
+Bug-Debian: https://bugs.debian.org/920486
+Origin: https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2#diff-9f340c228413d5a9a9206ea2ed2bc624R1114
+
+Upstream-Status: Backport [Debian]
+[https://sources.debian.org/src/netkit-rsh/0.17-20/debian/patches/fix-CVE-2018-20685-and-CVE-2019-6111.patch]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ rcp/rcp.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/rcp/rcp.c b/rcp/rcp.c
+index ca61c18..77d8ff8 100644
+--- a/rcp/rcp.c
++++ b/rcp/rcp.c
+@@ -740,6 +740,11 @@ sink(int argc, char *argv[])
+ size = size * 10 + (*cp++ - '0');
+ if (*cp++ != ' ')
+ SCREWUP("size not delimited");
++ if (*cp == '\0' || strchr(cp, '/') != NULL ||
++ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
++ error("error: unexpected filename: %s", cp);
++ exit(1);
++ }
+ if (targisdir) {
+ static char *namebuf;
+ static int cursize;
diff --git a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb
index d034cd8..6f203c5 100644
--- a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb
+++ b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb
@@ -16,6 +16,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/n/netkit-rsh/netkit-rsh_${PV}.orig.tar.gz;name=
file://netkit-rsh-0.17-rexec-ipv6.patch \
file://fix-host-variable.patch \
file://fixup_wait3_api_change.patch \
+ file://CVE-2019-7282-and-CVE-2019-7283.patch \
"
SRC_URI[archive.md5sum] = "65f5f28e2fe22d9ad8b17bb9a10df096"
--
2.7.4
^ permalink raw reply related [flat|nested] 5+ messages in thread* [thud 3/3] netkit-rsh: add tag to CVE patch
2019-05-27 14:21 [thud 0/3] Patch review for thud Armin Kuster
2019-05-27 14:21 ` [thud 1/3] netkit-rsh: don't build under musl Armin Kuster
2019-05-27 14:21 ` [thud 2/3] netkit-rsh: security fixes Armin Kuster
@ 2019-05-27 14:21 ` Armin Kuster
2019-05-27 22:37 ` [thud 0/3] Patch review for thud Khem Raj
3 siblings, 0 replies; 5+ messages in thread
From: Armin Kuster @ 2019-05-27 14:21 UTC (permalink / raw)
To: openembedded-devel
From: "Qi.Chen@windriver.com" <Qi.Chen@windriver.com>
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
index 4381f5b..285667b 100644
--- a/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
+++ b/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
@@ -10,6 +10,8 @@ Origin: https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa88
Upstream-Status: Backport [Debian]
[https://sources.debian.org/src/netkit-rsh/0.17-20/debian/patches/fix-CVE-2018-20685-and-CVE-2019-6111.patch]
+CVE: CVE-2019-7282 CVE-2019-7283
+
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
rcp/rcp.c | 5 +++++
--
2.7.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [thud 0/3] Patch review for thud
2019-05-27 14:21 [thud 0/3] Patch review for thud Armin Kuster
` (2 preceding siblings ...)
2019-05-27 14:21 ` [thud 3/3] netkit-rsh: add tag to CVE patch Armin Kuster
@ 2019-05-27 22:37 ` Khem Raj
3 siblings, 0 replies; 5+ messages in thread
From: Khem Raj @ 2019-05-27 22:37 UTC (permalink / raw)
To: Armin Kuster; +Cc: openembeded-devel
On Mon, May 27, 2019 at 7:22 AM Armin Kuster <akuster808@gmail.com> wrote:
>
> These are being backported from Warrior-next
>
LGTM.
> The following changes since commit f6b21313abee0fc53b77a7e977f3fa54a8428118:
>
> ccid: fix SRC_URI (2019-05-26 09:09:32 -0700)
>
> are available in the git repository at:
>
> https://git.openembedded.org/meta-openembedded-contrib stable/thud-nmut
> http://cgit.openembedded.org//log/?h=stable/thud-nmut
>
> Qi.Chen@windriver.com (1):
> netkit-rsh: add tag to CVE patch
>
> Tom Rini (1):
> netkit-rsh: don't build under musl
>
> Yi Zhao (1):
> netkit-rsh: security fixes
>
> .../CVE-2019-7282-and-CVE-2019-7283.patch | 35 ++++++++++++++++++++++
> .../recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb | 3 ++
> 2 files changed, 38 insertions(+)
> create mode 100644 meta-networking/recipes-netkit/netkit-rsh/netkit-rsh/CVE-2019-7282-and-CVE-2019-7283.patch
>
> --
> 2.7.4
>
> --
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
^ permalink raw reply [flat|nested] 5+ messages in thread