[PATCH 0/5][daisy] Additional patches and CVE issues

[PATCH 0/5][daisy] Additional patches and CVE issues

[Saul Wold]

Richard,

Here are 5 more late breaking 1.6.2 patches for CVE that Paul and I have identified.

Thanks
	Sau!


Paul Eggleton (3):
  python: force off_t size to 8 to enable large file support
  openssh: avoid screen sessions being killed on disconnect with systemd
  libarchive: avoid dependency on e2fsprogs

Saul Wold (2):
  wget: Fix for CVE-2014-4887
  readline: Patch for readline multikey dispatch issue

 .../openssh/openssh/sshd@.service                  |  1 +
 .../readline-6.3/readline-dispatch-multikey.patch  | 32 +++++++++
 meta/recipes-core/readline/readline_6.3.bb         |  3 +-
 meta/recipes-devtools/python/python_2.7.3.bb       |  3 +
 .../libarchive/libarchive_3.1.2.bb                 | 11 +++
 .../wget/wget-1.14/wget_cve-2014-4877.patch        | 78 ++++++++++++++++++++++
 meta/recipes-extended/wget/wget_1.14.bb            |  1 +
 7 files changed, 128 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-core/readline/readline-6.3/readline-dispatch-multikey.patch
 create mode 100644 meta/recipes-extended/wget/wget-1.14/wget_cve-2014-4877.patch

-- 
1.8.3.1

[PATCH 1/5] python: force off_t size to 8 to enable large file support

[Saul Wold]

From: Paul Eggleton <paul.eggleton@linux.intel.com>

If DISTRO_FEATURES contains "largefile", force the size of off_t to 8 as
a workaround for having ac_cv_sizeof_off_t=4 on 32-bit systems. In
future we will likely drop the value from the site file, but for now
this is a slightly safer fix.

Fixes [YOCTO #6813].

(From OE-Core master rev: a8216030ee6c65531de8fbf3eed878a345a94edc)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-devtools/python/python_2.7.3.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-devtools/python/python_2.7.3.bb b/meta/recipes-devtools/python/python_2.7.3.bb
index 0d64172..5270df9 100644
--- a/meta/recipes-devtools/python/python_2.7.3.bb
+++ b/meta/recipes-devtools/python/python_2.7.3.bb
@@ -47,6 +47,9 @@ inherit autotools multilib_header python-dir pythonnative
 TARGET_CC_ARCH_append_armv6 = " -D__SOFTFP__"
 TARGET_CC_ARCH_append_armv7a = " -D__SOFTFP__"
 
+# The following is a hack until we drop ac_cv_sizeof_off_t from site files
+EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'largefile', 'ac_cv_sizeof_off_t=8', '', d)}"
+
 do_configure_prepend() {
 	rm -f ${S}/Makefile.orig
 	autoreconf -Wcross --verbose --install --force --exclude=autopoint Modules/_ctypes/libffi || bbnote "_ctypes failed to autoreconf"
-- 
1.8.3.1

[PATCH 2/5] openssh: avoid screen sessions being killed on disconnect with systemd

[Saul Wold]

From: Paul Eggleton <paul.eggleton@linux.intel.com>

Tell systemd just to kill the sshd process when the ssh connection drops
instead of the entire cgroup for sshd, so that any screen sessions (and
more to the point, processes within them) do not get killed.

(This is what the Fedora sshd service file does, and what we're already
doing in the dropbear service file).

(From OE-Core master rev: 3c238dff41fbd3687457989c7b17d22b2cc844be)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-connectivity/openssh/openssh/sshd@.service | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-connectivity/openssh/openssh/sshd@.service b/meta/recipes-connectivity/openssh/openssh/sshd@.service
index 4eda659..bb2d68e 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd@.service
+++ b/meta/recipes-connectivity/openssh/openssh/sshd@.service
@@ -8,3 +8,4 @@ ExecStart=-@SBINDIR@/sshd -i
 ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID
 StandardInput=socket
 StandardError=syslog
+KillMode=process
-- 
1.8.3.1

[PATCH 3/5] libarchive: avoid dependency on e2fsprogs

[Saul Wold]

From: Paul Eggleton <paul.eggleton@linux.intel.com>

libarchive's configure script looks for ext2fs/ext2_fs.h in order to use
some defines for file attributes support if present (but doesn't link to
any additional libraries.) There is no configure option to disable this,
and if e2fsprogs is rebuilding between do_configure and do_compile you
can currently get a failure. Because it doesn't need anything else from
e2fsprogs, and e2fsprogs isn't currently buildable for nativesdk anyway,
copy the headers in from e2fsprogs-native which we're likely to have
built already (and add it to DEPENDS just to be sure we have.)

Fixes [YOCTO #6268].

(From OE-Core master rev: ad754e46ad477acfbe7543187a5c38bc333b8612)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-extended/libarchive/libarchive_3.1.2.bb | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/meta/recipes-extended/libarchive/libarchive_3.1.2.bb b/meta/recipes-extended/libarchive/libarchive_3.1.2.bb
index f90dc02..99a924c 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.1.2.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.1.2.bb
@@ -5,6 +5,8 @@ SECTION = "devel"
 LICENSE = "BSD"
 LIC_FILES_CHKSUM = "file://COPYING;md5=b4e3ffd607d6686c6cb2f63394370841"
 
+DEPENDS = "e2fsprogs-native"
+
 PACKAGECONFIG ?= "libxml2 zlib bz2"
 
 PACKAGECONFIG_append_class-target = "\
@@ -35,4 +37,13 @@ SRC_URI[sha256sum] = "eb87eacd8fe49e8d90c8fdc189813023ccc319c5e752b01fb6ad0cc7b2
 
 inherit autotools-brokensep lib_package
 
+CPPFLAGS += "-I${WORKDIR}/extra-includes"
+
+do_configure[cleandirs] += "${WORKDIR}/extra-includes"
+do_configure_prepend() {
+	# We just need the headers for some type constants, so no need to
+	# build all of e2fsprogs for the target
+	cp -R ${STAGING_INCDIR_NATIVE}/ext2fs ${WORKDIR}/extra-includes/
+}
+
 BBCLASSEXTEND = "native nativesdk"
-- 
1.8.3.1

[PATCH 4/5] wget: Fix for CVE-2014-4887

[Saul Wold]

Signed-off-by: Saul Wold <sgw@linux.intel.com>
---
 .../wget/wget-1.14/wget_cve-2014-4877.patch        | 78 ++++++++++++++++++++++
 meta/recipes-extended/wget/wget_1.14.bb            |  1 +
 2 files changed, 79 insertions(+)
 create mode 100644 meta/recipes-extended/wget/wget-1.14/wget_cve-2014-4877.patch

diff --git a/meta/recipes-extended/wget/wget-1.14/wget_cve-2014-4877.patch b/meta/recipes-extended/wget/wget-1.14/wget_cve-2014-4877.patch
new file mode 100644
index 0000000..bfcc36e
--- /dev/null
+++ b/meta/recipes-extended/wget/wget-1.14/wget_cve-2014-4877.patch
@@ -0,0 +1,78 @@
+From 18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 Mon Sep 17 00:00:00 2001
+From: Darshit Shah <darnir@gmail.com>
+Date: Sun, 07 Sep 2014 19:11:17 +0000
+Subject: CVE-2014-4877: Arbitrary Symlink Access
+
+Wget was susceptible to a symlink attack which could create arbitrary
+files, directories or symbolic links and set their permissions when
+retrieving a directory recursively through FTP. This commit changes the
+default settings in Wget such that Wget no longer creates local symbolic
+links, but rather traverses them and retrieves the pointed-to file in
+such a retrieval.
+
+The old behaviour can be attained by passing the --retr-symlinks=no
+option to the Wget invokation command.
+---
+diff --git a/doc/wget.texi b/doc/wget.texi
+index aef1f80..d7a4c94 100644
+--- a/doc/wget.texi
++++ b/doc/wget.texi
+@@ -1883,17 +1883,18 @@ Preserve remote file permissions instead of permissions set by umask.
+ 
+ @cindex symbolic links, retrieving
+ @item --retr-symlinks
+-Usually, when retrieving @sc{ftp} directories recursively and a symbolic
+-link is encountered, the linked-to file is not downloaded.  Instead, a
+-matching symbolic link is created on the local filesystem.  The
+-pointed-to file will not be downloaded unless this recursive retrieval
+-would have encountered it separately and downloaded it anyway.
+-
+-When @samp{--retr-symlinks} is specified, however, symbolic links are
+-traversed and the pointed-to files are retrieved.  At this time, this
+-option does not cause Wget to traverse symlinks to directories and
+-recurse through them, but in the future it should be enhanced to do
+-this.
++By default, when retrieving @sc{ftp} directories recursively and a symbolic link
++is encountered, the symbolic link is traversed and the pointed-to files are
++retrieved.  Currently, Wget does not traverse symbolic links to directories to
++download them recursively, though this feature may be added in the future.
++
++When @samp{--retr-symlinks=no} is specified, the linked-to file is not
++downloaded.  Instead, a matching symbolic link is created on the local
++filesystem.  The pointed-to file will not be retrieved unless this recursive
++retrieval would have encountered it separately and downloaded it anyway.  This
++option poses a security risk where a malicious FTP Server may cause Wget to
++write to files outside of the intended directories through a specially crafted
++@sc{.listing} file.
+ 
+ Note that when retrieving a file (not a directory) because it was
+ specified on the command-line, rather than because it was recursed to,
+diff --git a/src/init.c b/src/init.c
+index 09557af..3bdaa48 100644
+--- a/src/init.c
++++ b/src/init.c
+@@ -366,6 +366,22 @@ defaults (void)
+ 
+   opt.dns_cache = true;
+   opt.ftp_pasv = true;
++  /* 2014-09-07  Darshit Shah  <darnir@gmail.com>
++   * opt.retr_symlinks is set to true by default. Creating symbolic links on the
++   * local filesystem pose a security threat by malicious FTP Servers that
++   * server a specially crafted .listing file akin to this:
++   *
++   * lrwxrwxrwx   1 root     root           33 Dec 25  2012 JoCxl6d8rFU -> /
++   * drwxrwxr-x  15 1024     106          4096 Aug 28 02:02 JoCxl6d8rFU
++   *
++   * A .listing file in this fashion makes Wget susceptiple to a symlink attack
++   * wherein the attacker is able to create arbitrary files, directories and
++   * symbolic links on the target system and even set permissions.
++   *
++   * Hence, by default Wget attempts to retrieve the pointed-to files and does
++   * not create the symbolic links locally.
++   */
++  opt.retr_symlinks = true;
+ 
+ #ifdef HAVE_SSL
+   opt.check_cert = true;
+--
+cgit v0.9.0.2
diff --git a/meta/recipes-extended/wget/wget_1.14.bb b/meta/recipes-extended/wget/wget_1.14.bb
index b12c147..48c2370 100644
--- a/meta/recipes-extended/wget/wget_1.14.bb
+++ b/meta/recipes-extended/wget/wget_1.14.bb
@@ -3,6 +3,7 @@ PR = "${INC_PR}.0"
 SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \
            file://fix_makefile.patch \
            file://fix_doc.patch \
+           file://wget_cve-2014-4877.patch \
           "
 SRC_URI[md5sum] = "12edc291dba8127f2e9696e69f36299e"
 SRC_URI[sha256sum] = "f3a6898e3a765bb94435b04a6668db9e5d19b3e90e0c69a503a2773ae936c269"
-- 
1.8.3.1

[PATCH 5/5] readline: Patch for readline multikey dispatch issue

[Saul Wold]

Signed-off-by: Saul Wold <sgw@linux.intel.com>
---
 .../readline-6.3/readline-dispatch-multikey.patch  | 32 ++++++++++++++++++++++
 meta/recipes-core/readline/readline_6.3.bb         |  3 +-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-core/readline/readline-6.3/readline-dispatch-multikey.patch

diff --git a/meta/recipes-core/readline/readline-6.3/readline-dispatch-multikey.patch b/meta/recipes-core/readline/readline-6.3/readline-dispatch-multikey.patch
new file mode 100644
index 0000000..54d1ac6
--- /dev/null
+++ b/meta/recipes-core/readline/readline-6.3/readline-dispatch-multikey.patch
@@ -0,0 +1,32 @@
+From 8ef852a5be72c75e17f2510bea52455f809b56ce Mon Sep 17 00:00:00 2001
+From: Chet Ramey <chet.ramey@case.edu>
+Date: Fri, 28 Mar 2014 14:07:42 -0400
+Subject: [PATCH 04/10] Readline-6.3 patch 2
+
+Fixes multi-key issue identified in this thread:
+http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00010.html
+
+Upstream-Status: Backport
+
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+---
+ readline.c | 3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/readline.c b/readline.c
+index eb4eae3..abb29a0 100644
+--- a/readline.c
++++ b/readline.c
+@@ -744,7 +744,8 @@ _rl_dispatch_callback (cxt)
+     r = _rl_subseq_result (r, cxt->oldmap, cxt->okey, (cxt->flags & KSEQ_SUBSEQ));
+ 
+   RL_CHECK_SIGNALS ();
+-  if (r == 0)			/* success! */
++  /* We only treat values < 0 specially to simulate recursion. */
++  if (r >= 0 || (r == -1 && (cxt->flags & KSEQ_SUBSEQ) == 0))	/* success! or failure! */
+     {
+       _rl_keyseq_chain_dispose ();
+       RL_UNSETSTATE (RL_STATE_MULTIKEY);
+-- 
+1.8.3.1
+
diff --git a/meta/recipes-core/readline/readline_6.3.bb b/meta/recipes-core/readline/readline_6.3.bb
index 2ae73ea..03132db 100644
--- a/meta/recipes-core/readline/readline_6.3.bb
+++ b/meta/recipes-core/readline/readline_6.3.bb
@@ -1,6 +1,7 @@
 require readline.inc
 
-SRC_URI_append = " file://readline63-003"
+SRC_URI_append = " file://readline63-003 \
+                   file://readline-dispatch-multikey.patch"
 
 SRC_URI[archive.md5sum] = "33c8fb279e981274f485fd91da77e94a"
 SRC_URI[archive.sha256sum] = "56ba6071b9462f980c5a72ab0023893b65ba6debb4eeb475d7a563dc65cafd43"
-- 
1.8.3.1