[Buildroot] [PATCH 1/2] package/network-manager: bump version to 1.10.8

Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed

* [Buildroot] [PATCH 1/2] package/network-manager: bump version to 1.10.8
@ 2018-10-30 21:20 Bernd Kuhls
  2018-10-30 21:20 ` [Buildroot] [PATCH 2/2] package/network-manager: Add upstream patch to fix CVE-2018-15688 Bernd Kuhls
                   ` (2 more replies)
  0 siblings, 3 replies; 7+ messages in thread
From: Bernd Kuhls @ 2018-10-30 21:20 UTC (permalink / raw)
  To: buildroot

Added license hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
 package/network-manager/network-manager.hash | 7 +++++--
 package/network-manager/network-manager.mk   | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/package/network-manager/network-manager.hash b/package/network-manager/network-manager.hash
index 8fedc64729..3439439175 100644
--- a/package/network-manager/network-manager.hash
+++ b/package/network-manager/network-manager.hash
@@ -1,2 +1,5 @@
-# From http://ftp.gnome.org/pub/GNOME/sources/NetworkManager/1.10/NetworkManager-1.10.2.sha256sum
-sha256 169c34f50770e3c96b431f7d2cff654455246f2e6ccd46eccfb4454d4595625b  NetworkManager-1.10.2.tar.xz
+# From https://download.gnome.org/sources/NetworkManager/1.10/NetworkManager-1.10.8.sha256sum
+sha256 eb4ac8ce75fed5ec804f409caec7b54342d4e01512baf7d7fc119fd40ac8a938  NetworkManager-1.10.8.tar.xz
+# Locally computed
+sha256 49d9659a4f9a09747c320d51d3cf9dfde210de67b70862acf849890f6477b00d  COPYING
+sha256 3a2968e3abb4fea464cd8dc1146d71996f9544af91a5f687bc4f3a2932df49b4  libnm-util/COPYING
diff --git a/package/network-manager/network-manager.mk b/package/network-manager/network-manager.mk
index a520aad9c0..2b9f68a030 100644
--- a/package/network-manager/network-manager.mk
+++ b/package/network-manager/network-manager.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 NETWORK_MANAGER_VERSION_MAJOR = 1.10
-NETWORK_MANAGER_VERSION = $(NETWORK_MANAGER_VERSION_MAJOR).2
+NETWORK_MANAGER_VERSION = $(NETWORK_MANAGER_VERSION_MAJOR).8
 NETWORK_MANAGER_SOURCE = NetworkManager-$(NETWORK_MANAGER_VERSION).tar.xz
 NETWORK_MANAGER_SITE = http://ftp.gnome.org/pub/GNOME/sources/NetworkManager/$(NETWORK_MANAGER_VERSION_MAJOR)
 NETWORK_MANAGER_INSTALL_STAGING = YES
-- 
2.19.1

^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [Buildroot] [PATCH 2/2] package/network-manager: Add upstream patch to fix CVE-2018-15688
  2018-10-30 21:20 [Buildroot] [PATCH 1/2] package/network-manager: bump version to 1.10.8 Bernd Kuhls
@ 2018-10-30 21:20 ` Bernd Kuhls
  2018-10-30 21:50   ` Peter Korsgaard
  2018-11-14  9:35   ` Peter Korsgaard
  2018-10-30 21:24 ` [Buildroot] [PATCH 1/2] package/network-manager: bump version to 1.10.8 Petr Vorel
  2018-10-30 21:50 ` Peter Korsgaard
  2 siblings, 2 replies; 7+ messages in thread
From: Bernd Kuhls @ 2018-10-30 21:20 UTC (permalink / raw)
  To: buildroot

NetworkManager includes some parts of the systemd-networkd code in its
codebase. That can be found at src/systemd/src/libsystemd-networkd.
The DHCP implementation provided by systemd-networkd is used when
NetworkManager is configured to use the internal implementation,
however the default is to use dhclient.

When NetworkManager is configured to use the internal dhcp and an
interface is setup with ipv6.method=auto (which is the default value)
or ipv6.method=dhcp, this flaw can be exploited. When using
ipv6.method=auto, the DHCPv6 client can be automatically started with a
Router Advertisement packet.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
 ...we-have-enough-space-for-the-DHCP6-o.patch | 38 +++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 package/network-manager/0001-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch

diff --git a/package/network-manager/0001-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch b/package/network-manager/0001-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch
new file mode 100644
index 0000000000..c6066abe28
--- /dev/null
+++ b/package/network-manager/0001-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch
@@ -0,0 +1,38 @@
+From 01ca2053bbea09f35b958c8cc7631e15469acb79 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Fri, 19 Oct 2018 12:12:33 +0200
+Subject: dhcp6: make sure we have enough space for the DHCP6 option header
+
+Fixes a vulnerability originally discovered by Felix Wilhelm from
+Google.
+
+CVE-2018-15688
+LP: #1795921
+https://bugzilla.redhat.com/show_bug.cgi?id=1639067
+
+(cherry picked from commit 4dac5eaba4e419b29c97da38a8b1f82336c2c892)
+
+Patch downloaded from upstream commit:
+https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=01ca2053bbea09f35b958c8cc7631e15469acb79
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+---
+ src/systemd/src/libsystemd-network/dhcp6-option.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/systemd/src/libsystemd-network/dhcp6-option.c b/src/systemd/src/libsystemd-network/dhcp6-option.c
+index d178fe2..9027c14 100644
+--- a/src/systemd/src/libsystemd-network/dhcp6-option.c
++++ b/src/systemd/src/libsystemd-network/dhcp6-option.c
+@@ -108,7 +108,7 @@ int dhcp6_option_append_ia(uint8_t **buf, size_t *buflen, const DHCP6IA *ia) {
+                 return -EINVAL;
+         }
+ 
+-        if (*buflen < len)
++        if (*buflen < offsetof(DHCP6Option, data) + len)
+                 return -ENOBUFS;
+ 
+         ia_hdr = *buf;
+-- 
+cgit v1.1
+
-- 
2.19.1

^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [Buildroot] [PATCH 2/2] package/network-manager: Add upstream patch to fix CVE-2018-15688
  2018-10-30 21:20 ` [Buildroot] [PATCH 2/2] package/network-manager: Add upstream patch to fix CVE-2018-15688 Bernd Kuhls
@ 2018-10-30 21:50   ` Peter Korsgaard
  2018-11-14  9:35   ` Peter Korsgaard
  1 sibling, 0 replies; 7+ messages in thread
From: Peter Korsgaard @ 2018-10-30 21:50 UTC (permalink / raw)
  To: buildroot

>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:

 > NetworkManager includes some parts of the systemd-networkd code in its
 > codebase. That can be found at src/systemd/src/libsystemd-networkd.
 > The DHCP implementation provided by systemd-networkd is used when
 > NetworkManager is configured to use the internal implementation,
 > however the default is to use dhclient.

 > When NetworkManager is configured to use the internal dhcp and an
 > interface is setup with ipv6.method=auto (which is the default value)
 > or ipv6.method=dhcp, this flaw can be exploited. When using
 > ipv6.method=auto, the DHCPv6 client can be automatically started with a
 > Router Advertisement packet.

 > Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>

Committed, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [Buildroot] [PATCH 2/2] package/network-manager: Add upstream patch to fix CVE-2018-15688
  2018-10-30 21:20 ` [Buildroot] [PATCH 2/2] package/network-manager: Add upstream patch to fix CVE-2018-15688 Bernd Kuhls
  2018-10-30 21:50   ` Peter Korsgaard
@ 2018-11-14  9:35   ` Peter Korsgaard
  1 sibling, 0 replies; 7+ messages in thread
From: Peter Korsgaard @ 2018-11-14  9:35 UTC (permalink / raw)
  To: buildroot

>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:

 > NetworkManager includes some parts of the systemd-networkd code in its
 > codebase. That can be found at src/systemd/src/libsystemd-networkd.
 > The DHCP implementation provided by systemd-networkd is used when
 > NetworkManager is configured to use the internal implementation,
 > however the default is to use dhclient.

 > When NetworkManager is configured to use the internal dhcp and an
 > interface is setup with ipv6.method=auto (which is the default value)
 > or ipv6.method=dhcp, this flaw can be exploited. When using
 > ipv6.method=auto, the DHCPv6 client can be automatically started with a
 > Router Advertisement packet.

 > Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>

Committed to 2018.02.x and 2018.08.x, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [Buildroot] [PATCH 1/2] package/network-manager: bump version to 1.10.8
  2018-10-30 21:20 [Buildroot] [PATCH 1/2] package/network-manager: bump version to 1.10.8 Bernd Kuhls
  2018-10-30 21:20 ` [Buildroot] [PATCH 2/2] package/network-manager: Add upstream patch to fix CVE-2018-15688 Bernd Kuhls
@ 2018-10-30 21:24 ` Petr Vorel
  2018-10-30 21:27   ` Petr Vorel
  2018-10-30 21:50 ` Peter Korsgaard
  2 siblings, 1 reply; 7+ messages in thread
From: Petr Vorel @ 2018-10-30 21:24 UTC (permalink / raw)
  To: buildroot

Hi Bernd,

...
>  NETWORK_MANAGER_VERSION_MAJOR = 1.10
> -NETWORK_MANAGER_VERSION = $(NETWORK_MANAGER_VERSION_MAJOR).2
> +NETWORK_MANAGER_VERSION = $(NETWORK_MANAGER_VERSION_MAJOR).8

Thanks for your patch.
There is new stable branch, could you bump it into 1.12.2?

https://wiki.gnome.org/Projects/NetworkManager
https://download.gnome.org/sources/NetworkManager/1.12/NetworkManager-1.12.2.tar.xz

Kind regards,
Petr

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [Buildroot] [PATCH 1/2] package/network-manager: bump version to 1.10.8
  2018-10-30 21:24 ` [Buildroot] [PATCH 1/2] package/network-manager: bump version to 1.10.8 Petr Vorel
@ 2018-10-30 21:27   ` Petr Vorel
  0 siblings, 0 replies; 7+ messages in thread
From: Petr Vorel @ 2018-10-30 21:27 UTC (permalink / raw)
  To: buildroot

Hi Bernd,

> ...
> >  NETWORK_MANAGER_VERSION_MAJOR = 1.10
> > -NETWORK_MANAGER_VERSION = $(NETWORK_MANAGER_VERSION_MAJOR).2
> > +NETWORK_MANAGER_VERSION = $(NETWORK_MANAGER_VERSION_MAJOR).8

> Thanks for your patch.
> There is new stable branch, could you bump it into 1.12.2?

> https://wiki.gnome.org/Projects/NetworkManager
> https://download.gnome.org/sources/NetworkManager/1.12/NetworkManager-1.12.2.tar.xz

Wiki page is outdated. Latest stable branch is 1.14.x. Can you bump to 1.14.4?
http://ftp.gnome.org/pub/GNOME/sources/NetworkManager/1.14/
http://ftp.gnome.org/pub/GNOME/sources/NetworkManager/1.14/NetworkManager-1.14.4.tar.xz
http://ftp.gnome.org/pub/GNOME/sources/NetworkManager/1.14/NetworkManager-1.14.4.sha256sum

Kind regards,
Petr

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [Buildroot] [PATCH 1/2] package/network-manager: bump version to 1.10.8
  2018-10-30 21:20 [Buildroot] [PATCH 1/2] package/network-manager: bump version to 1.10.8 Bernd Kuhls
  2018-10-30 21:20 ` [Buildroot] [PATCH 2/2] package/network-manager: Add upstream patch to fix CVE-2018-15688 Bernd Kuhls
  2018-10-30 21:24 ` [Buildroot] [PATCH 1/2] package/network-manager: bump version to 1.10.8 Petr Vorel
@ 2018-10-30 21:50 ` Peter Korsgaard
  2 siblings, 0 replies; 7+ messages in thread
From: Peter Korsgaard @ 2018-10-30 21:50 UTC (permalink / raw)
  To: buildroot

>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:

 > Added license hashes.
 > Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>

Committed, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2018-11-14  9:35 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-10-30 21:20 [Buildroot] [PATCH 1/2] package/network-manager: bump version to 1.10.8 Bernd Kuhls
2018-10-30 21:20 ` [Buildroot] [PATCH 2/2] package/network-manager: Add upstream patch to fix CVE-2018-15688 Bernd Kuhls
2018-10-30 21:50   ` Peter Korsgaard
2018-11-14  9:35   ` Peter Korsgaard
2018-10-30 21:24 ` [Buildroot] [PATCH 1/2] package/network-manager: bump version to 1.10.8 Petr Vorel
2018-10-30 21:27   ` Petr Vorel
2018-10-30 21:50 ` Peter Korsgaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox