krb5: CVE-2017-11462

Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-11462 Upstream patch: https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
author: Catalin Enache <catalin.enache@windriver.com> 2017-09-15 12:45:45 +0300
committer: Martin Jansa <Martin.Jansa@gmail.com> 2017-09-18 10:18:12 +0200
commit: 532b5cbb40d58ef1d17a8555bf615c1304ef9dcc (patch)
tree: fb0dd352599c2cf7e3f991c2a29f89ac7992e188 /meta-oe/recipes-connectivity
parent: 532401f4d3f7411cbdd9ba9470c1ee4618a6d801 (diff)
download: meta-openembedded-532b5cbb40d58ef1d17a8555bf615c1304ef9dcc.tar.gz
2 files changed, 420 insertions, 0 deletions
diff --git a/meta-oe/recipes-connectivity/krb5/krb5/CVE-2017-11462.patch b/meta-oe/recipes-connectivity/krb5/krb5/CVE-2017-11462.patch
new file mode 100644
index 000000000..4b82f0297
--- /dev/null
+++ b/meta-oe/recipes-connectivity/krb5/krb5/CVE-2017-11462.patch
@@ -0,0 +1,419 @@
+From 56f7b1bc95a2a3eeb420e069e7655fb181ade5cf Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Fri, 14 Jul 2017 13:02:46 -0400
+Subject: [PATCH] Preserve GSS context on init/accept failure
+After gss_init_sec_context() or gss_accept_sec_context() has created a
+context, don't delete the mechglue context on failures from subsequent
+calls, even if the mechanism deletes the mech-specific context (which
+is allowed by RFC 2744 but not preferred).  Check for union contexts
+with no mechanism context in each GSS function which accepts a
+gss_ctx_id_t.
+CVE-2017-11462:
+RFC 2744 permits a GSS-API implementation to delete an existing
+security context on a second or subsequent call to
+gss_init_sec_context() or gss_accept_sec_context() if the call results
+in an error.  This API behavior has been found to be dangerous,
+leading to the possibility of memory errors in some callers.  For
+safety, GSS-API implementations should instead preserve existing
+security contexts on error until the caller deletes them.
+All versions of MIT krb5 prior to this change may delete acceptor
+contexts on error.  Versions 1.13.4 through 1.13.7, 1.14.1 through
+1.14.5, and 1.15 through 1.15.1 may also delete initiator contexts on
+error.
+ticket: 8598 (new)
+target_version: 1.15-next
+target_version: 1.14-next
+tags: pullup
+Upstream-Status: Backport
+CVE: CVE-2017-11462
+Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
+---
+ src/lib/gssapi/mechglue/g_accept_sec_context.c  | 22 +++++++++++++++-------
+ src/lib/gssapi/mechglue/g_complete_auth_token.c |  2 ++
+ src/lib/gssapi/mechglue/g_context_time.c        |  2 ++
+ src/lib/gssapi/mechglue/g_delete_sec_context.c  | 14 ++++++++------
+ src/lib/gssapi/mechglue/g_exp_sec_context.c     |  2 ++
+ src/lib/gssapi/mechglue/g_init_sec_context.c    | 19 +++++++++++--------
+ src/lib/gssapi/mechglue/g_inq_context.c         |  2 ++
+ src/lib/gssapi/mechglue/g_prf.c                 |  2 ++
+ src/lib/gssapi/mechglue/g_process_context.c     |  2 ++
+ src/lib/gssapi/mechglue/g_seal.c                |  4 ++++
+ src/lib/gssapi/mechglue/g_sign.c                |  2 ++
+ src/lib/gssapi/mechglue/g_unseal.c              |  2 ++
+ src/lib/gssapi/mechglue/g_unwrap_aead.c         |  2 ++
+ src/lib/gssapi/mechglue/g_unwrap_iov.c          |  4 ++++
+ src/lib/gssapi/mechglue/g_verify.c              |  2 ++
+ src/lib/gssapi/mechglue/g_wrap_aead.c           |  2 ++
+ src/lib/gssapi/mechglue/g_wrap_iov.c            |  8 ++++++++
+ 17 files changed, 72 insertions(+), 21 deletions(-)
+diff --git a/src/lib/gssapi/mechglue/g_accept_sec_context.c b/src/lib/gssapi/mechglue/g_accept_sec_context.c
+index ddaf874..f28e2b1 100644
+--- a/src/lib/gssapi/mechglue/g_accept_sec_context.c
+++ b/src/lib/gssapi/mechglue/g_accept_sec_context.c
+@@ -216,6 +216,8 @@ gss_cred_id_t *             d_cred;
+     } else {
+        union_ctx_id = (gss_union_ctx_id_t)*context_handle;
+        selected_mech = union_ctx_id->mech_type;
+       if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT)
+           return (GSS_S_NO_CONTEXT);
+     }
+ 
+     /* Now create a new context if we didn't get one. */
+@@ -234,9 +236,6 @@ gss_cred_id_t *             d_cred;
+            free(union_ctx_id);
+            return (status);
+        }
+-
+-       /* set the new context handle to caller's data */
+-       *context_handle = (gss_ctx_id_t)union_ctx_id;
+     }
+ 
+     /*
+@@ -277,8 +276,10 @@ gss_cred_id_t *            d_cred;
+                                        d_cred ? &tmp_d_cred : NULL);
+ 
+            /* If there's more work to do, keep going... */
+-           if (status == GSS_S_CONTINUE_NEEDED)
+           if (status == GSS_S_CONTINUE_NEEDED) {
+               *context_handle = (gss_ctx_id_t)union_ctx_id;
+                return GSS_S_CONTINUE_NEEDED;
+           }
+ 
+            /* if the call failed, return with failure */
+            if (status != GSS_S_COMPLETE) {
+@@ -364,14 +365,22 @@ gss_cred_id_t *           d_cred;
+                *mech_type = gssint_get_public_oid(actual_mech);
+            if (ret_flags != NULL)
+                *ret_flags = temp_ret_flags;
+-           return      (status);
+           *context_handle = (gss_ctx_id_t)union_ctx_id;
+           return GSS_S_COMPLETE;
+     } else {
+ 
+        status = GSS_S_BAD_MECH;
+     }
+ 
+ error_out:
+-    if (union_ctx_id) {
+       /*
+        * RFC 2744 5.1 requires that we not create a context on a failed first
+        * call to accept, and recommends that on a failed subsequent call we
+        * make the caller responsible for calling gss_delete_sec_context.
+        * Even if the mech deleted its context, keep the union context around
+        * for the caller to delete.
+        */
+    if (union_ctx_id && *context_handle == GSS_C_NO_CONTEXT) {
+        if (union_ctx_id->mech_type) {
+            if (union_ctx_id->mech_type->elements)
+                free(union_ctx_id->mech_type->elements);
+@@ -384,7 +393,6 @@ error_out:
+                                         GSS_C_NO_BUFFER);
+        }
+        free(union_ctx_id);
+-       *context_handle = GSS_C_NO_CONTEXT;
+     }
+ 
+     if (src_name)
+diff --git a/src/lib/gssapi/mechglue/g_complete_auth_token.c b/src/lib/gssapi/mechglue/g_complete_auth_token.c
+index 9181551..4bcb47e 100644
+--- a/src/lib/gssapi/mechglue/g_complete_auth_token.c
+++ b/src/lib/gssapi/mechglue/g_complete_auth_token.c
+@@ -52,6 +52,8 @@ gss_complete_auth_token (OM_uint32 *minor_status,
+      */
+ 
+     ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+       return GSS_S_NO_CONTEXT;
+     mech = gssint_get_mechanism (ctx->mech_type);
+ 
+     if (mech != NULL) {
+diff --git a/src/lib/gssapi/mechglue/g_context_time.c b/src/lib/gssapi/mechglue/g_context_time.c
+index 2ff8d09..c947e76 100644
+--- a/src/lib/gssapi/mechglue/g_context_time.c
+++ b/src/lib/gssapi/mechglue/g_context_time.c
+@@ -58,6 +58,8 @@ OM_uint32 *           time_rec;
+      */
+ 
+     ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+       return (GSS_S_NO_CONTEXT);
+     mech = gssint_get_mechanism (ctx->mech_type);
+ 
+     if (mech) {
+diff --git a/src/lib/gssapi/mechglue/g_delete_sec_context.c b/src/lib/gssapi/mechglue/g_delete_sec_context.c
+index 4bf0dec..574ff02 100644
+--- a/src/lib/gssapi/mechglue/g_delete_sec_context.c
+++ b/src/lib/gssapi/mechglue/g_delete_sec_context.c
+@@ -87,12 +87,14 @@ gss_buffer_t                output_token;
+     if (GSSINT_CHK_LOOP(ctx))
+        return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
+ 
+-    status = gssint_delete_internal_sec_context(minor_status,
+-                                               ctx->mech_type,
+-                                               &ctx->internal_ctx_id,
+-                                               output_token);
+-    if (status)
+-       return status;
+    if (ctx->internal_ctx_id != GSS_C_NO_CONTEXT) {
+       status = gssint_delete_internal_sec_context(minor_status,
+                                                   ctx->mech_type,
+                                                   &ctx->internal_ctx_id,
+                                                   output_token);
+       if (status)
+           return status;
+    }
+ 
+     /* now free up the space for the union context structure */
+     free(ctx->mech_type->elements);
+diff --git a/src/lib/gssapi/mechglue/g_exp_sec_context.c b/src/lib/gssapi/mechglue/g_exp_sec_context.c
+index b637452..1d7990b 100644
+--- a/src/lib/gssapi/mechglue/g_exp_sec_context.c
+++ b/src/lib/gssapi/mechglue/g_exp_sec_context.c
+@@ -95,6 +95,8 @@ gss_buffer_t          interprocess_token;
+      */
+ 
+     ctx = (gss_union_ctx_id_t) *context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+       return (GSS_S_NO_CONTEXT);
+     mech = gssint_get_mechanism (ctx->mech_type);
+     if (!mech)
+        return GSS_S_BAD_MECH;
+diff --git a/src/lib/gssapi/mechglue/g_init_sec_context.c b/src/lib/gssapi/mechglue/g_init_sec_context.c
+index 9f154b8..e2df1ce 100644
+--- a/src/lib/gssapi/mechglue/g_init_sec_context.c
+++ b/src/lib/gssapi/mechglue/g_init_sec_context.c
+@@ -192,8 +192,13 @@ OM_uint32 *                time_rec;
+ 
+        /* copy the supplied context handle */
+        union_ctx_id->internal_ctx_id = GSS_C_NO_CONTEXT;
+-    } else
+    } else {
+        union_ctx_id = (gss_union_ctx_id_t)*context_handle;
+       if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT) {
+           status = GSS_S_NO_CONTEXT;
+           goto end;
+       }
+    }
+ 
+     /*
+      * get the appropriate cred handle from the union cred struct.
+@@ -224,15 +229,13 @@ OM_uint32 *               time_rec;
+ 
+     if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) {
+        /*
+-        * The spec says the preferred method is to delete all context info on
+-        * the first call to init, and on all subsequent calls make the caller
+-        * responsible for calling gss_delete_sec_context.  However, if the
+-        * mechanism decided to delete the internal context, we should also
+-        * delete the union context.
+        * RFC 2744 5.19 requires that we not create a context on a failed
+        * first call to init, and recommends that on a failed subsequent call
+        * we make the caller responsible for calling gss_delete_sec_context.
+        * Even if the mech deleted its context, keep the union context around
+        * for the caller to delete.
+         */
+        map_error(minor_status, mech);
+-       if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT)
+-           *context_handle = GSS_C_NO_CONTEXT;
+        if (*context_handle == GSS_C_NO_CONTEXT) {
+            free(union_ctx_id->mech_type->elements);
+            free(union_ctx_id->mech_type);
+diff --git a/src/lib/gssapi/mechglue/g_inq_context.c b/src/lib/gssapi/mechglue/g_inq_context.c
+index 6f1c71e..6c0d98d 100644
+--- a/src/lib/gssapi/mechglue/g_inq_context.c
+++ b/src/lib/gssapi/mechglue/g_inq_context.c
+@@ -104,6 +104,8 @@ gss_inquire_context(
+      */
+ 
+     ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+       return (GSS_S_NO_CONTEXT);
+     mech = gssint_get_mechanism (ctx->mech_type);
+ 
+     if (!mech || !mech->gss_inquire_context || !mech->gss_display_name ||
+diff --git a/src/lib/gssapi/mechglue/g_prf.c b/src/lib/gssapi/mechglue/g_prf.c
+index fcca3e4..9e168ad 100644
+--- a/src/lib/gssapi/mechglue/g_prf.c
+++ b/src/lib/gssapi/mechglue/g_prf.c
+@@ -59,6 +59,8 @@ gss_pseudo_random (OM_uint32 *minor_status,
+      */
+ 
+     ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+       return GSS_S_NO_CONTEXT;
+     mech = gssint_get_mechanism (ctx->mech_type);
+ 
+     if (mech != NULL) {
+diff --git a/src/lib/gssapi/mechglue/g_process_context.c b/src/lib/gssapi/mechglue/g_process_context.c
+index bc260ae..3968b5d 100644
+--- a/src/lib/gssapi/mechglue/g_process_context.c
+++ b/src/lib/gssapi/mechglue/g_process_context.c
+@@ -61,6 +61,8 @@ gss_buffer_t          token_buffer;
+      */
+ 
+     ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+       return (GSS_S_NO_CONTEXT);
+     mech = gssint_get_mechanism (ctx->mech_type);
+ 
+     if (mech) {
+diff --git a/src/lib/gssapi/mechglue/g_seal.c b/src/lib/gssapi/mechglue/g_seal.c
+index f17241c..3db1ee0 100644
+--- a/src/lib/gssapi/mechglue/g_seal.c
+++ b/src/lib/gssapi/mechglue/g_seal.c
+@@ -92,6 +92,8 @@ gss_wrap( OM_uint32 *minor_status,
+      */
+ 
+     ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+        return (GSS_S_NO_CONTEXT);
+     mech = gssint_get_mechanism (ctx->mech_type);
+ 
+     if (mech) {
+@@ -226,6 +228,8 @@ gss_wrap_size_limit(OM_uint32  *minor_status,
+      */
+ 
+     ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+        return (GSS_S_NO_CONTEXT);
+     mech = gssint_get_mechanism (ctx->mech_type);
+ 
+     if (!mech)
+diff --git a/src/lib/gssapi/mechglue/g_sign.c b/src/lib/gssapi/mechglue/g_sign.c
+index 86d641a..03fbd8c 100644
+--- a/src/lib/gssapi/mechglue/g_sign.c
+++ b/src/lib/gssapi/mechglue/g_sign.c
+@@ -94,6 +94,8 @@ gss_buffer_t          msg_token;
+      */
+ 
+     ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+       return (GSS_S_NO_CONTEXT);
+     mech = gssint_get_mechanism (ctx->mech_type);
+ 
+     if (mech) {
+diff --git a/src/lib/gssapi/mechglue/g_unseal.c b/src/lib/gssapi/mechglue/g_unseal.c
+index 3e8053c..c208635 100644
+--- a/src/lib/gssapi/mechglue/g_unseal.c
+++ b/src/lib/gssapi/mechglue/g_unseal.c
+@@ -76,6 +76,8 @@ gss_qop_t *           qop_state;
+      * call it.
+      */
+     ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+       return (GSS_S_NO_CONTEXT);
+     mech = gssint_get_mechanism (ctx->mech_type);
+ 
+     if (mech) {
+diff --git a/src/lib/gssapi/mechglue/g_unwrap_aead.c b/src/lib/gssapi/mechglue/g_unwrap_aead.c
+index e78bff2..0682bd8 100644
+--- a/src/lib/gssapi/mechglue/g_unwrap_aead.c
+++ b/src/lib/gssapi/mechglue/g_unwrap_aead.c
+@@ -186,6 +186,8 @@ gss_qop_t           *qop_state;
+      * call it.
+      */
+     ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+       return (GSS_S_NO_CONTEXT);
+     mech = gssint_get_mechanism (ctx->mech_type);
+ 
+     if (!mech)
+diff --git a/src/lib/gssapi/mechglue/g_unwrap_iov.c b/src/lib/gssapi/mechglue/g_unwrap_iov.c
+index c0dd314..599be2c 100644
+--- a/src/lib/gssapi/mechglue/g_unwrap_iov.c
+++ b/src/lib/gssapi/mechglue/g_unwrap_iov.c
+@@ -89,6 +89,8 @@ int                   iov_count;
+      */
+ 
+     ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+       return (GSS_S_NO_CONTEXT);
+     mech = gssint_get_mechanism (ctx->mech_type);
+ 
+     if (mech) {
+@@ -128,6 +130,8 @@ gss_verify_mic_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+ 
+     /* Select the approprate underlying mechanism routine and call it. */
+     ctx = (gss_union_ctx_id_t)context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+       return GSS_S_NO_CONTEXT;
+     mech = gssint_get_mechanism(ctx->mech_type);
+     if (mech == NULL)
+        return GSS_S_BAD_MECH;
+diff --git a/src/lib/gssapi/mechglue/g_verify.c b/src/lib/gssapi/mechglue/g_verify.c
+index 1578ae1..8996fce 100644
+--- a/src/lib/gssapi/mechglue/g_verify.c
+++ b/src/lib/gssapi/mechglue/g_verify.c
+@@ -65,6 +65,8 @@ gss_qop_t *           qop_state;
+      */
+ 
+     ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+       return (GSS_S_NO_CONTEXT);
+     mech = gssint_get_mechanism (ctx->mech_type);
+ 
+     if (mech) {
+diff --git a/src/lib/gssapi/mechglue/g_wrap_aead.c b/src/lib/gssapi/mechglue/g_wrap_aead.c
+index 96cdf3c..7fe3b7b 100644
+--- a/src/lib/gssapi/mechglue/g_wrap_aead.c
+++ b/src/lib/gssapi/mechglue/g_wrap_aead.c
+@@ -256,6 +256,8 @@ gss_buffer_t                output_message_buffer;
+      * call it.
+      */
+     ctx = (gss_union_ctx_id_t)context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+       return (GSS_S_NO_CONTEXT);
+     mech = gssint_get_mechanism (ctx->mech_type);
+     if (!mech)
+        return (GSS_S_BAD_MECH);
+diff --git a/src/lib/gssapi/mechglue/g_wrap_iov.c b/src/lib/gssapi/mechglue/g_wrap_iov.c
+index 40cd98f..14447c4 100644
+--- a/src/lib/gssapi/mechglue/g_wrap_iov.c
+++ b/src/lib/gssapi/mechglue/g_wrap_iov.c
+@@ -93,6 +93,8 @@ int                   iov_count;
+      */
+ 
+     ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+       return (GSS_S_NO_CONTEXT);
+     mech = gssint_get_mechanism (ctx->mech_type);
+ 
+     if (mech) {
+@@ -151,6 +153,8 @@ int                 iov_count;
+      */
+ 
+     ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+       return (GSS_S_NO_CONTEXT);
+     mech = gssint_get_mechanism (ctx->mech_type);
+ 
+     if (mech) {
+@@ -190,6 +194,8 @@ gss_get_mic_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+ 
+     /* Select the approprate underlying mechanism routine and call it. */
+     ctx = (gss_union_ctx_id_t)context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+       return GSS_S_NO_CONTEXT;
+     mech = gssint_get_mechanism(ctx->mech_type);
+     if (mech == NULL)
+        return GSS_S_BAD_MECH;
+@@ -218,6 +224,8 @@ gss_get_mic_iov_length(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+ 
+     /* Select the approprate underlying mechanism routine and call it. */
+     ctx = (gss_union_ctx_id_t)context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+       return GSS_S_NO_CONTEXT;
+     mech = gssint_get_mechanism(ctx->mech_type);
+     if (mech == NULL)
+        return GSS_S_BAD_MECH;
+-- 
+2.10.2
diff --git a/meta-oe/recipes-connectivity/krb5/krb5_1.15.1.bb b/meta-oe/recipes-connectivity/krb5/krb5_1.15.1.bb
index b515eb5dc..e75e86138 100644
--- a/meta-oe/recipes-connectivity/krb5/krb5_1.15.1.bb
+++ b/meta-oe/recipes-connectivity/krb5/krb5_1.15.1.bb
@@ -31,6 +31,7 @@ SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}.tar.gz \
           file://krb5-kdc.service \
           file://krb5-admin-server.service \
           file://fix-CVE-2017-11368.patch;striplevel=2 \
+           file://CVE-2017-11462.patch;striplevel=2 \
 "
 SRC_URI[md5sum] = "8022f3a1cde8463e44fd35ef42731f85"
 SRC_URI[sha256sum] = "437c8831ddd5fde2a993fef425dedb48468109bb3d3261ef838295045a89eb45"
author	Catalin Enache <catalin.enache@windriver.com>	2017-09-15 12:45:45 +0300
committer	Martin Jansa <Martin.Jansa@gmail.com>	2017-09-18 10:18:12 +0200
commit	532b5cbb40d58ef1d17a8555bf615c1304ef9dcc (patch)
tree	fb0dd352599c2cf7e3f991c2a29f89ac7992e188 /meta-oe/recipes-connectivity
parent	532401f4d3f7411cbdd9ba9470c1ee4618a6d801 (diff)
download	meta-openembedded-532b5cbb40d58ef1d17a8555bf615c1304ef9dcc.tar.gz

diff --git a/meta-oe/recipes-connectivity/krb5/krb5/CVE-2017-11462.patch b/meta-oe/recipes-connectivity/krb5/krb5/CVE-2017-11462.patch new file mode 100644 index 000000000..4b82f0297 --- /dev/null +++ b/meta-oe/recipes-connectivity/krb5/krb5/CVE-2017-11462.patch
@@ -0,0 +1,419 @@
		1	From 56f7b1bc95a2a3eeb420e069e7655fb181ade5cf Mon Sep 17 00:00:00 2001
		2	From: Greg Hudson <ghudson@mit.edu>
		3	Date: Fri, 14 Jul 2017 13:02:46 -0400
		4	Subject: [PATCH] Preserve GSS context on init/accept failure
		5
		6	After gss_init_sec_context() or gss_accept_sec_context() has created a
		7	context, don't delete the mechglue context on failures from subsequent
		8	calls, even if the mechanism deletes the mech-specific context (which
		9	is allowed by RFC 2744 but not preferred). Check for union contexts
		10	with no mechanism context in each GSS function which accepts a
		11	gss_ctx_id_t.
		12
		13	CVE-2017-11462:
		14
		15	RFC 2744 permits a GSS-API implementation to delete an existing
		16	security context on a second or subsequent call to
		17	gss_init_sec_context() or gss_accept_sec_context() if the call results
		18	in an error. This API behavior has been found to be dangerous,
		19	leading to the possibility of memory errors in some callers. For
		20	safety, GSS-API implementations should instead preserve existing
		21	security contexts on error until the caller deletes them.
		22
		23	All versions of MIT krb5 prior to this change may delete acceptor
		24	contexts on error. Versions 1.13.4 through 1.13.7, 1.14.1 through
		25	1.14.5, and 1.15 through 1.15.1 may also delete initiator contexts on
		26	error.
		27
		28	ticket: 8598 (new)
		29	target_version: 1.15-next
		30	target_version: 1.14-next
		31	tags: pullup
		32
		33	Upstream-Status: Backport
		34	CVE: CVE-2017-11462
		35
		36	Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
		37	---
		38	src/lib/gssapi/mechglue/g_accept_sec_context.c \| 22 +++++++++++++++-------
		39	src/lib/gssapi/mechglue/g_complete_auth_token.c \| 2 ++
		40	src/lib/gssapi/mechglue/g_context_time.c \| 2 ++
		41	src/lib/gssapi/mechglue/g_delete_sec_context.c \| 14 ++++++++------
		42	src/lib/gssapi/mechglue/g_exp_sec_context.c \| 2 ++
		43	src/lib/gssapi/mechglue/g_init_sec_context.c \| 19 +++++++++++--------
		44	src/lib/gssapi/mechglue/g_inq_context.c \| 2 ++
		45	src/lib/gssapi/mechglue/g_prf.c \| 2 ++
		46	src/lib/gssapi/mechglue/g_process_context.c \| 2 ++
		47	src/lib/gssapi/mechglue/g_seal.c \| 4 ++++
		48	src/lib/gssapi/mechglue/g_sign.c \| 2 ++
		49	src/lib/gssapi/mechglue/g_unseal.c \| 2 ++
		50	src/lib/gssapi/mechglue/g_unwrap_aead.c \| 2 ++
		51	src/lib/gssapi/mechglue/g_unwrap_iov.c \| 4 ++++
		52	src/lib/gssapi/mechglue/g_verify.c \| 2 ++
		53	src/lib/gssapi/mechglue/g_wrap_aead.c \| 2 ++
		54	src/lib/gssapi/mechglue/g_wrap_iov.c \| 8 ++++++++
		55	17 files changed, 72 insertions(+), 21 deletions(-)
		56
		57	diff --git a/src/lib/gssapi/mechglue/g_accept_sec_context.c b/src/lib/gssapi/mechglue/g_accept_sec_context.c
		58	index ddaf874..f28e2b1 100644
		59	--- a/src/lib/gssapi/mechglue/g_accept_sec_context.c
		60	+++ b/src/lib/gssapi/mechglue/g_accept_sec_context.c
		61	@@ -216,6 +216,8 @@ gss_cred_id_t * d_cred;
		62	} else {
		63	union_ctx_id = (gss_union_ctx_id_t)*context_handle;
		64	selected_mech = union_ctx_id->mech_type;
		65	+ if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT)
		66	+ return (GSS_S_NO_CONTEXT);
		67	}
		68
		69	/* Now create a new context if we didn't get one. */
		70	@@ -234,9 +236,6 @@ gss_cred_id_t * d_cred;
		71	free(union_ctx_id);
		72	return (status);
		73	}
		74	-
		75	- /* set the new context handle to caller's data */
		76	- *context_handle = (gss_ctx_id_t)union_ctx_id;
		77	}
		78
		79	/*
		80	@@ -277,8 +276,10 @@ gss_cred_id_t * d_cred;
		81	d_cred ? &tmp_d_cred : NULL);
		82
		83	/* If there's more work to do, keep going... */
		84	- if (status == GSS_S_CONTINUE_NEEDED)
		85	+ if (status == GSS_S_CONTINUE_NEEDED) {
		86	+ *context_handle = (gss_ctx_id_t)union_ctx_id;
		87	return GSS_S_CONTINUE_NEEDED;
		88	+ }
		89
		90	/* if the call failed, return with failure */
		91	if (status != GSS_S_COMPLETE) {
		92	@@ -364,14 +365,22 @@ gss_cred_id_t * d_cred;
		93	*mech_type = gssint_get_public_oid(actual_mech);
		94	if (ret_flags != NULL)
		95	*ret_flags = temp_ret_flags;
		96	- return (status);
		97	+ *context_handle = (gss_ctx_id_t)union_ctx_id;
		98	+ return GSS_S_COMPLETE;
		99	} else {
		100
		101	status = GSS_S_BAD_MECH;
		102	}
		103
		104	error_out:
		105	- if (union_ctx_id) {
		106	+ /*
		107	+ * RFC 2744 5.1 requires that we not create a context on a failed first
		108	+ * call to accept, and recommends that on a failed subsequent call we
		109	+ * make the caller responsible for calling gss_delete_sec_context.
		110	+ * Even if the mech deleted its context, keep the union context around
		111	+ * for the caller to delete.
		112	+ */
		113	+ if (union_ctx_id && *context_handle == GSS_C_NO_CONTEXT) {
		114	if (union_ctx_id->mech_type) {
		115	if (union_ctx_id->mech_type->elements)
		116	free(union_ctx_id->mech_type->elements);
		117	@@ -384,7 +393,6 @@ error_out:
		118	GSS_C_NO_BUFFER);
		119	}
		120	free(union_ctx_id);
		121	- *context_handle = GSS_C_NO_CONTEXT;
		122	}
		123
		124	if (src_name)
		125	diff --git a/src/lib/gssapi/mechglue/g_complete_auth_token.c b/src/lib/gssapi/mechglue/g_complete_auth_token.c
		126	index 9181551..4bcb47e 100644
		127	--- a/src/lib/gssapi/mechglue/g_complete_auth_token.c
		128	+++ b/src/lib/gssapi/mechglue/g_complete_auth_token.c
		129	@@ -52,6 +52,8 @@ gss_complete_auth_token (OM_uint32 *minor_status,
		130	*/
		131
		132	ctx = (gss_union_ctx_id_t) context_handle;
		133	+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
		134	+ return GSS_S_NO_CONTEXT;
		135	mech = gssint_get_mechanism (ctx->mech_type);
		136
		137	if (mech != NULL) {
		138	diff --git a/src/lib/gssapi/mechglue/g_context_time.c b/src/lib/gssapi/mechglue/g_context_time.c
		139	index 2ff8d09..c947e76 100644
		140	--- a/src/lib/gssapi/mechglue/g_context_time.c
		141	+++ b/src/lib/gssapi/mechglue/g_context_time.c
		142	@@ -58,6 +58,8 @@ OM_uint32 * time_rec;
		143	*/
		144
		145	ctx = (gss_union_ctx_id_t) context_handle;
		146	+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
		147	+ return (GSS_S_NO_CONTEXT);
		148	mech = gssint_get_mechanism (ctx->mech_type);
		149
		150	if (mech) {
		151	diff --git a/src/lib/gssapi/mechglue/g_delete_sec_context.c b/src/lib/gssapi/mechglue/g_delete_sec_context.c
		152	index 4bf0dec..574ff02 100644
		153	--- a/src/lib/gssapi/mechglue/g_delete_sec_context.c
		154	+++ b/src/lib/gssapi/mechglue/g_delete_sec_context.c
		155	@@ -87,12 +87,14 @@ gss_buffer_t output_token;
		156	if (GSSINT_CHK_LOOP(ctx))
		157	return (GSS_S_CALL_INACCESSIBLE_READ \| GSS_S_NO_CONTEXT);
		158
		159	- status = gssint_delete_internal_sec_context(minor_status,
		160	- ctx->mech_type,
		161	- &ctx->internal_ctx_id,
		162	- output_token);
		163	- if (status)
		164	- return status;
		165	+ if (ctx->internal_ctx_id != GSS_C_NO_CONTEXT) {
		166	+ status = gssint_delete_internal_sec_context(minor_status,
		167	+ ctx->mech_type,
		168	+ &ctx->internal_ctx_id,
		169	+ output_token);
		170	+ if (status)
		171	+ return status;
		172	+ }
		173
		174	/* now free up the space for the union context structure */
		175	free(ctx->mech_type->elements);
		176	diff --git a/src/lib/gssapi/mechglue/g_exp_sec_context.c b/src/lib/gssapi/mechglue/g_exp_sec_context.c
		177	index b637452..1d7990b 100644
		178	--- a/src/lib/gssapi/mechglue/g_exp_sec_context.c
		179	+++ b/src/lib/gssapi/mechglue/g_exp_sec_context.c
		180	@@ -95,6 +95,8 @@ gss_buffer_t interprocess_token;
		181	*/
		182
		183	ctx = (gss_union_ctx_id_t) *context_handle;
		184	+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
		185	+ return (GSS_S_NO_CONTEXT);
		186	mech = gssint_get_mechanism (ctx->mech_type);
		187	if (!mech)
		188	return GSS_S_BAD_MECH;
		189	diff --git a/src/lib/gssapi/mechglue/g_init_sec_context.c b/src/lib/gssapi/mechglue/g_init_sec_context.c
		190	index 9f154b8..e2df1ce 100644
		191	--- a/src/lib/gssapi/mechglue/g_init_sec_context.c
		192	+++ b/src/lib/gssapi/mechglue/g_init_sec_context.c
		193	@@ -192,8 +192,13 @@ OM_uint32 * time_rec;
		194
		195	/* copy the supplied context handle */
		196	union_ctx_id->internal_ctx_id = GSS_C_NO_CONTEXT;
		197	- } else
		198	+ } else {
		199	union_ctx_id = (gss_union_ctx_id_t)*context_handle;
		200	+ if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT) {
		201	+ status = GSS_S_NO_CONTEXT;
		202	+ goto end;
		203	+ }
		204	+ }
		205
		206	/*
		207	* get the appropriate cred handle from the union cred struct.
		208	@@ -224,15 +229,13 @@ OM_uint32 * time_rec;
		209
		210	if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) {
		211	/*
		212	- * The spec says the preferred method is to delete all context info on
		213	- * the first call to init, and on all subsequent calls make the caller
		214	- * responsible for calling gss_delete_sec_context. However, if the
		215	- * mechanism decided to delete the internal context, we should also
		216	- * delete the union context.
		217	+ * RFC 2744 5.19 requires that we not create a context on a failed
		218	+ * first call to init, and recommends that on a failed subsequent call
		219	+ * we make the caller responsible for calling gss_delete_sec_context.
		220	+ * Even if the mech deleted its context, keep the union context around
		221	+ * for the caller to delete.
		222	*/
		223	map_error(minor_status, mech);
		224	- if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT)
		225	- *context_handle = GSS_C_NO_CONTEXT;
		226	if (*context_handle == GSS_C_NO_CONTEXT) {
		227	free(union_ctx_id->mech_type->elements);
		228	free(union_ctx_id->mech_type);
		229	diff --git a/src/lib/gssapi/mechglue/g_inq_context.c b/src/lib/gssapi/mechglue/g_inq_context.c
		230	index 6f1c71e..6c0d98d 100644
		231	--- a/src/lib/gssapi/mechglue/g_inq_context.c
		232	+++ b/src/lib/gssapi/mechglue/g_inq_context.c
		233	@@ -104,6 +104,8 @@ gss_inquire_context(
		234	*/
		235
		236	ctx = (gss_union_ctx_id_t) context_handle;
		237	+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
		238	+ return (GSS_S_NO_CONTEXT);
		239	mech = gssint_get_mechanism (ctx->mech_type);
		240
		241	if (!mech \|\| !mech->gss_inquire_context \|\| !mech->gss_display_name \|\|
		242	diff --git a/src/lib/gssapi/mechglue/g_prf.c b/src/lib/gssapi/mechglue/g_prf.c
		243	index fcca3e4..9e168ad 100644
		244	--- a/src/lib/gssapi/mechglue/g_prf.c
		245	+++ b/src/lib/gssapi/mechglue/g_prf.c
		246	@@ -59,6 +59,8 @@ gss_pseudo_random (OM_uint32 *minor_status,
		247	*/
		248
		249	ctx = (gss_union_ctx_id_t) context_handle;
		250	+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
		251	+ return GSS_S_NO_CONTEXT;
		252	mech = gssint_get_mechanism (ctx->mech_type);
		253
		254	if (mech != NULL) {
		255	diff --git a/src/lib/gssapi/mechglue/g_process_context.c b/src/lib/gssapi/mechglue/g_process_context.c
		256	index bc260ae..3968b5d 100644
		257	--- a/src/lib/gssapi/mechglue/g_process_context.c
		258	+++ b/src/lib/gssapi/mechglue/g_process_context.c
		259	@@ -61,6 +61,8 @@ gss_buffer_t token_buffer;
		260	*/
		261
		262	ctx = (gss_union_ctx_id_t) context_handle;
		263	+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
		264	+ return (GSS_S_NO_CONTEXT);
		265	mech = gssint_get_mechanism (ctx->mech_type);
		266
		267	if (mech) {
		268	diff --git a/src/lib/gssapi/mechglue/g_seal.c b/src/lib/gssapi/mechglue/g_seal.c
		269	index f17241c..3db1ee0 100644
		270	--- a/src/lib/gssapi/mechglue/g_seal.c
		271	+++ b/src/lib/gssapi/mechglue/g_seal.c
		272	@@ -92,6 +92,8 @@ gss_wrap( OM_uint32 *minor_status,
		273	*/
		274
		275	ctx = (gss_union_ctx_id_t) context_handle;
		276	+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
		277	+ return (GSS_S_NO_CONTEXT);
		278	mech = gssint_get_mechanism (ctx->mech_type);
		279
		280	if (mech) {
		281	@@ -226,6 +228,8 @@ gss_wrap_size_limit(OM_uint32 *minor_status,
		282	*/
		283
		284	ctx = (gss_union_ctx_id_t) context_handle;
		285	+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
		286	+ return (GSS_S_NO_CONTEXT);
		287	mech = gssint_get_mechanism (ctx->mech_type);
		288
		289	if (!mech)
		290	diff --git a/src/lib/gssapi/mechglue/g_sign.c b/src/lib/gssapi/mechglue/g_sign.c
		291	index 86d641a..03fbd8c 100644
		292	--- a/src/lib/gssapi/mechglue/g_sign.c
		293	+++ b/src/lib/gssapi/mechglue/g_sign.c
		294	@@ -94,6 +94,8 @@ gss_buffer_t msg_token;
		295	*/
		296
		297	ctx = (gss_union_ctx_id_t) context_handle;
		298	+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
		299	+ return (GSS_S_NO_CONTEXT);
		300	mech = gssint_get_mechanism (ctx->mech_type);
		301
		302	if (mech) {
		303	diff --git a/src/lib/gssapi/mechglue/g_unseal.c b/src/lib/gssapi/mechglue/g_unseal.c
		304	index 3e8053c..c208635 100644
		305	--- a/src/lib/gssapi/mechglue/g_unseal.c
		306	+++ b/src/lib/gssapi/mechglue/g_unseal.c
		307	@@ -76,6 +76,8 @@ gss_qop_t * qop_state;
		308	* call it.
		309	*/
		310	ctx = (gss_union_ctx_id_t) context_handle;
		311	+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
		312	+ return (GSS_S_NO_CONTEXT);
		313	mech = gssint_get_mechanism (ctx->mech_type);
		314
		315	if (mech) {
		316	diff --git a/src/lib/gssapi/mechglue/g_unwrap_aead.c b/src/lib/gssapi/mechglue/g_unwrap_aead.c
		317	index e78bff2..0682bd8 100644
		318	--- a/src/lib/gssapi/mechglue/g_unwrap_aead.c
		319	+++ b/src/lib/gssapi/mechglue/g_unwrap_aead.c
		320	@@ -186,6 +186,8 @@ gss_qop_t *qop_state;
		321	* call it.
		322	*/
		323	ctx = (gss_union_ctx_id_t) context_handle;
		324	+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
		325	+ return (GSS_S_NO_CONTEXT);
		326	mech = gssint_get_mechanism (ctx->mech_type);
		327
		328	if (!mech)
		329	diff --git a/src/lib/gssapi/mechglue/g_unwrap_iov.c b/src/lib/gssapi/mechglue/g_unwrap_iov.c
		330	index c0dd314..599be2c 100644
		331	--- a/src/lib/gssapi/mechglue/g_unwrap_iov.c
		332	+++ b/src/lib/gssapi/mechglue/g_unwrap_iov.c
		333	@@ -89,6 +89,8 @@ int iov_count;
		334	*/
		335
		336	ctx = (gss_union_ctx_id_t) context_handle;
		337	+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
		338	+ return (GSS_S_NO_CONTEXT);
		339	mech = gssint_get_mechanism (ctx->mech_type);
		340
		341	if (mech) {
		342	@@ -128,6 +130,8 @@ gss_verify_mic_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
		343
		344	/* Select the approprate underlying mechanism routine and call it. */
		345	ctx = (gss_union_ctx_id_t)context_handle;
		346	+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
		347	+ return GSS_S_NO_CONTEXT;
		348	mech = gssint_get_mechanism(ctx->mech_type);
		349	if (mech == NULL)
		350	return GSS_S_BAD_MECH;
		351	diff --git a/src/lib/gssapi/mechglue/g_verify.c b/src/lib/gssapi/mechglue/g_verify.c
		352	index 1578ae1..8996fce 100644
		353	--- a/src/lib/gssapi/mechglue/g_verify.c
		354	+++ b/src/lib/gssapi/mechglue/g_verify.c
		355	@@ -65,6 +65,8 @@ gss_qop_t * qop_state;
		356	*/
		357
		358	ctx = (gss_union_ctx_id_t) context_handle;
		359	+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
		360	+ return (GSS_S_NO_CONTEXT);
		361	mech = gssint_get_mechanism (ctx->mech_type);
		362
		363	if (mech) {
		364	diff --git a/src/lib/gssapi/mechglue/g_wrap_aead.c b/src/lib/gssapi/mechglue/g_wrap_aead.c
		365	index 96cdf3c..7fe3b7b 100644
		366	--- a/src/lib/gssapi/mechglue/g_wrap_aead.c
		367	+++ b/src/lib/gssapi/mechglue/g_wrap_aead.c
		368	@@ -256,6 +256,8 @@ gss_buffer_t output_message_buffer;
		369	* call it.
		370	*/
		371	ctx = (gss_union_ctx_id_t)context_handle;
		372	+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
		373	+ return (GSS_S_NO_CONTEXT);
		374	mech = gssint_get_mechanism (ctx->mech_type);
		375	if (!mech)
		376	return (GSS_S_BAD_MECH);
		377	diff --git a/src/lib/gssapi/mechglue/g_wrap_iov.c b/src/lib/gssapi/mechglue/g_wrap_iov.c
		378	index 40cd98f..14447c4 100644
		379	--- a/src/lib/gssapi/mechglue/g_wrap_iov.c
		380	+++ b/src/lib/gssapi/mechglue/g_wrap_iov.c
		381	@@ -93,6 +93,8 @@ int iov_count;
		382	*/
		383
		384	ctx = (gss_union_ctx_id_t) context_handle;
		385	+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
		386	+ return (GSS_S_NO_CONTEXT);
		387	mech = gssint_get_mechanism (ctx->mech_type);
		388
		389	if (mech) {
		390	@@ -151,6 +153,8 @@ int iov_count;
		391	*/
		392
		393	ctx = (gss_union_ctx_id_t) context_handle;
		394	+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
		395	+ return (GSS_S_NO_CONTEXT);
		396	mech = gssint_get_mechanism (ctx->mech_type);
		397
		398	if (mech) {
		399	@@ -190,6 +194,8 @@ gss_get_mic_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
		400
		401	/* Select the approprate underlying mechanism routine and call it. */
		402	ctx = (gss_union_ctx_id_t)context_handle;
		403	+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
		404	+ return GSS_S_NO_CONTEXT;
		405	mech = gssint_get_mechanism(ctx->mech_type);
		406	if (mech == NULL)
		407	return GSS_S_BAD_MECH;
		408	@@ -218,6 +224,8 @@ gss_get_mic_iov_length(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
		409
		410	/* Select the approprate underlying mechanism routine and call it. */
		411	ctx = (gss_union_ctx_id_t)context_handle;
		412	+ if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
		413	+ return GSS_S_NO_CONTEXT;
		414	mech = gssint_get_mechanism(ctx->mech_type);
		415	if (mech == NULL)
		416	return GSS_S_BAD_MECH;
		417	--
		418	2.10.2
		419


diff --git a/meta-oe/recipes-connectivity/krb5/krb5_1.15.1.bb b/meta-oe/recipes-connectivity/krb5/krb5_1.15.1.bb index b515eb5dc..e75e86138 100644 --- a/meta-oe/recipes-connectivity/krb5/krb5_1.15.1.bb +++ b/meta-oe/recipes-connectivity/krb5/krb5_1.15.1.bb
@@ -31,6 +31,7 @@ SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}.tar.gz \
31	file://krb5-kdc.service \	31	file://krb5-kdc.service \
32	file://krb5-admin-server.service \	32	file://krb5-admin-server.service \
33	file://fix-CVE-2017-11368.patch;striplevel=2 \	33	file://fix-CVE-2017-11368.patch;striplevel=2 \
		34	file://CVE-2017-11462.patch;striplevel=2 \
34	"	35	"
35	SRC_URI[md5sum] = "8022f3a1cde8463e44fd35ef42731f85"	36	SRC_URI[md5sum] = "8022f3a1cde8463e44fd35ef42731f85"
36	SRC_URI[sha256sum] = "437c8831ddd5fde2a993fef425dedb48468109bb3d3261ef838295045a89eb45"	37	SRC_URI[sha256sum] = "437c8831ddd5fde2a993fef425dedb48468109bb3d3261ef838295045a89eb45"