diff options
author | Armin Kuster <akuster808@gmail.com> | 2022-09-25 13:27:39 -0400 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2022-09-25 13:37:57 -0400 |
commit | b29ce7d47d8024151177113221bf87dbd07b9c41 (patch) | |
tree | e018316d5fee8336d53285e34b6b595f06b78d21 /recipes-security | |
parent | 852daaf67b4f548beca959dea10baf6a20ffad6a (diff) | |
download | meta-security-b29ce7d47d8024151177113221bf87dbd07b9c41.tar.gz |
libgssglue: update to 0.7
LIC_FILE_CHKSUM changes to to indentations changes.
use bootstrap to setup config properly.
Drop libgssglue-fix-CVE-2011-2709.patch, libgssglue-g-initialize.patch now included in update.
and ibgssglue-mglueP.patch now included in update.
Drop libgssglue-gss-inq-cred.patch still pending after 5 yrs.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'recipes-security')
-rw-r--r-- | recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch | 43 | ||||
-rw-r--r-- | recipes-security/libgssglue/files/libgssglue-g-initialize.patch | 21 | ||||
-rw-r--r-- | recipes-security/libgssglue/files/libgssglue-gss-inq-cred.patch | 27 | ||||
-rw-r--r-- | recipes-security/libgssglue/files/libgssglue-mglueP.patch | 21 | ||||
-rw-r--r-- | recipes-security/libgssglue/libgssglue_0.7.bb (renamed from recipes-security/libgssglue/libgssglue_0.4.bb) | 26 |
5 files changed, 13 insertions, 125 deletions
diff --git a/recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch b/recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch deleted file mode 100644 index 6aa1a65..0000000 --- a/recipes-security/libgssglue/files/libgssglue-fix-CVE-2011-2709.patch +++ /dev/null | |||
@@ -1,43 +0,0 @@ | |||
1 | Use secure_getenv instead of getenv for setuid programs | ||
2 | |||
3 | (bnc#694598 CVE-2011-2709 bnc#831805) | ||
4 | |||
5 | import from: | ||
6 | https://build.opensuse.org/package/view_file/openSUSE:Factory/libgssglue/secure-getenv.patch | ||
7 | |||
8 | Upstream-Status: Pending | ||
9 | |||
10 | Signed-off-by: Jackie Huang <jackie.huang@windriver.com> | ||
11 | |||
12 | diff --git a/src/g_initialize.c b/src/g_initialize.c | ||
13 | index 200f173..935a9fa 100644 | ||
14 | --- a/src/g_initialize.c | ||
15 | +++ b/src/g_initialize.c | ||
16 | @@ -26,6 +26,7 @@ | ||
17 | * This function will initialize the gssapi mechglue library | ||
18 | */ | ||
19 | |||
20 | +#define _GNU_SOURCE | ||
21 | #include "mglueP.h" | ||
22 | #include <stdlib.h> | ||
23 | |||
24 | @@ -197,8 +198,7 @@ static void solaris_initialize () | ||
25 | void *dl; | ||
26 | gss_mechanism (*sym)(void), mech; | ||
27 | |||
28 | - if ((getuid() != geteuid()) || | ||
29 | - ((filename = getenv("GSSAPI_MECH_CONF")) == NULL)) | ||
30 | + if ((filename = secure_getenv("GSSAPI_MECH_CONF")) == NULL) | ||
31 | filename = MECH_CONF; | ||
32 | |||
33 | if ((conffile = fopen(filename, "r")) == NULL) { | ||
34 | @@ -274,8 +274,7 @@ static void linux_initialize () | ||
35 | void *dl; | ||
36 | gss_mechanism (*sym)(void), mech; | ||
37 | |||
38 | - if ((getuid() != geteuid()) || | ||
39 | - ((filename = getenv("GSSAPI_MECH_CONF")) == NULL)) | ||
40 | + if ((filename = secure_getenv("GSSAPI_MECH_CONF")) == NULL) | ||
41 | filename = MECH_CONF; | ||
42 | |||
43 | if ((conffile = fopen(filename, "r")) == NULL) { | ||
diff --git a/recipes-security/libgssglue/files/libgssglue-g-initialize.patch b/recipes-security/libgssglue/files/libgssglue-g-initialize.patch deleted file mode 100644 index 4a9ba33..0000000 --- a/recipes-security/libgssglue/files/libgssglue-g-initialize.patch +++ /dev/null | |||
@@ -1,21 +0,0 @@ | |||
1 | Fix the warning for getuid, geteuid | ||
2 | g_initialize.c: In function 'linux_initialize': | ||
3 | g_initialize.c:275:5: warning: implicit declaration of function 'getuid' [-Wimplicit-function-declaration] | ||
4 | g_initialize.c:275:5: warning: implicit declaration of function 'geteuid' [-Wimplicit-function-declaration] | ||
5 | |||
6 | Upstream-Status: Pending | ||
7 | Signed-off-by: Yao Zhao <yao.zhao@windriver.com> | ||
8 | |||
9 | diff --git a/src/g_initialize.c b/src1/g_initialize.c | ||
10 | index 82fcce1..200f173 100644 | ||
11 | --- a/src/g_initialize.c | ||
12 | +++ b/src/g_initialize.c | ||
13 | @@ -29,6 +29,8 @@ | ||
14 | #include "mglueP.h" | ||
15 | #include <stdlib.h> | ||
16 | |||
17 | +#include <unistd.h> /*getuid, geteuid */ | ||
18 | +#include <sys/types.h> | ||
19 | #include <stdio.h> | ||
20 | #include <string.h> | ||
21 | #include <ctype.h> | ||
diff --git a/recipes-security/libgssglue/files/libgssglue-gss-inq-cred.patch b/recipes-security/libgssglue/files/libgssglue-gss-inq-cred.patch deleted file mode 100644 index 6dce3e7..0000000 --- a/recipes-security/libgssglue/files/libgssglue-gss-inq-cred.patch +++ /dev/null | |||
@@ -1,27 +0,0 @@ | |||
1 | 1) add free if malloc failed for (*mechanisms)->elements | ||
2 | 2) g_inq_cred.c: In function 'gss_inquire_cred': | ||
3 | g_inq_cred.c:161:8: warning: passing argument 3 of 'generic_gss_copy_oid' from incompatible pointer type [enabled by default] | ||
4 | |||
5 | Upstream-Status: Pending | ||
6 | Signed-off-by: Yao Zhao <yao.zhao@windriver.com> | ||
7 | |||
8 | --- a/src/g_inq_cred.c | ||
9 | +++ b/src/g_inq_cred.c | ||
10 | @@ -152,13 +152,15 @@ gss_OID_set * mechanisms; | ||
11 | union_cred->count); | ||
12 | if ((*mechanisms)->elements == NULL) { | ||
13 | *minor_status = ENOMEM; | ||
14 | + free(*mechanisms); | ||
15 | + *mechanisms = GSS_C_NO_OID_SET; | ||
16 | return (GSS_S_FAILURE); | ||
17 | } | ||
18 | |||
19 | for (i=0; i < union_cred->count; i++) { | ||
20 | - status = generic_gss_copy_oid(minor_status, | ||
21 | + status = generic_gss_add_oid_set_member(minor_status, | ||
22 | &union_cred->mechs_array[i], | ||
23 | - &((*mechanisms)->elements[i])); | ||
24 | + mechanisms); | ||
25 | if (status != GSS_S_COMPLETE) | ||
26 | break; | ||
27 | } | ||
diff --git a/recipes-security/libgssglue/files/libgssglue-mglueP.patch b/recipes-security/libgssglue/files/libgssglue-mglueP.patch deleted file mode 100644 index 6c9ebf0..0000000 --- a/recipes-security/libgssglue/files/libgssglue-mglueP.patch +++ /dev/null | |||
@@ -1,21 +0,0 @@ | |||
1 | fix the warning: | ||
2 | warning: implicit declaration of function 'generic_gss_copy_oid_set' [-Wimplicit-function-declaration] | ||
3 | |||
4 | Upstream-Status: Pending | ||
5 | Signed-off-by: Yao Zhao <yao.zhao@windriver.com> | ||
6 | |||
7 | --- a/src/mglueP.h | ||
8 | +++ b/src/mglueP.h | ||
9 | @@ -447,6 +447,12 @@ OM_uint32 generic_gss_copy_oid | ||
10 | gss_OID * /* new_oid */ | ||
11 | ); | ||
12 | |||
13 | +OM_uint32 generic_gss_copy_oid_set | ||
14 | + (OM_uint32 *minor_status, /* minor_status */ | ||
15 | + const gss_OID_set_desc * const oidset, /* oid */ | ||
16 | + gss_OID_set *new_oidset /* new_oid */ | ||
17 | + ); | ||
18 | + | ||
19 | OM_uint32 generic_gss_create_empty_oid_set | ||
20 | (OM_uint32 *, /* minor_status */ | ||
21 | gss_OID_set * /* oid_set */ | ||
diff --git a/recipes-security/libgssglue/libgssglue_0.4.bb b/recipes-security/libgssglue/libgssglue_0.7.bb index 3085ee6..26bd2f3 100644 --- a/recipes-security/libgssglue/libgssglue_0.4.bb +++ b/recipes-security/libgssglue/libgssglue_0.7.bb | |||
@@ -15,27 +15,24 @@ LICENSE = "BSD-3-Clause | HPND" | |||
15 | #Copyright 1995 by the Massachusetts Institute of Technology. HPND without Disclaimer | 15 | #Copyright 1995 by the Massachusetts Institute of Technology. HPND without Disclaimer |
16 | #Copyright 1993 by OpenVision Technologies, Inc. HPND | 16 | #Copyright 1993 by OpenVision Technologies, Inc. HPND |
17 | LIC_FILES_CHKSUM = "file://COPYING;md5=56871e72a5c475289c0d5e4ba3f2ee3a \ | 17 | LIC_FILES_CHKSUM = "file://COPYING;md5=56871e72a5c475289c0d5e4ba3f2ee3a \ |
18 | file://src/g_accept_sec_context.c;beginline=3;endline=23;md5=8a7f4017cb7f4be49f8981cb8c472690 \ | 18 | file://src/g_accept_sec_context.c;beginline=3;endline=23;md5=da8ca7a37bd26e576c23874d453751d2\ |
19 | file://src/g_ccache_name.c;beginline=1;endline=32;md5=208d4de05d5c8273963a8332f084faa7 \ | 19 | file://src/g_ccache_name.c;beginline=1;endline=32;md5=208d4de05d5c8273963a8332f084faa7 \ |
20 | file://src/oid_ops.c;beginline=1;endline=26;md5=1f194d148b396972da26759a8ec399f0 \ | 20 | file://src/oid_ops.c;beginline=1;endline=26;md5=1f194d148b396972da26759a8ec399f0\ |
21 | file://src/oid_ops.c;beginline=378;endline=398;md5=e02c165cb8383e950214baca2fbd664b \ | 21 | file://src/oid_ops.c;beginline=378;endline=398;md5=d77a5c03e91908fac453c08bbeaddce1\ |
22 | " | 22 | " |
23 | 23 | ||
24 | SRC_URI = "${DEBIAN_MIRROR}/main/libg/${BPN}/${BPN}_${PV}.orig.tar.bz2 \ | 24 | SRC_URI = "${DEBIAN_MIRROR}/main/libg/${BPN}/${BPN}_${PV}.orig.tar.gz \ |
25 | file://libgssglue-canon-name.patch \ | 25 | file://libgssglue-canon-name.patch \ |
26 | file://libgssglue-gss-inq-cred.patch \ | ||
27 | file://libgssglue-mglueP.patch \ | ||
28 | file://libgssglue-g-initialize.patch \ | ||
29 | file://libgssglue-fix-CVE-2011-2709.patch \ | ||
30 | " | 26 | " |
31 | 27 | ||
32 | SRC_URI[md5sum] = "5ce81940965fa68c7635c42dcafcddfe" | 28 | SRC_URI[sha256sum] = "bcd618ae0bc69f12815d77295658a760e7edc20706b9a731a81da8993f5c970a" |
33 | SRC_URI[sha256sum] = "bb47b2de78409f461811d0db8595c66e6631a9879c3621a35e4434b104ee52f5" | ||
34 | 29 | ||
35 | # gssglue can use krb5, spkm3... as gssapi library, configurable | 30 | inherit autotools-brokensep |
36 | RRECOMMENDS:${PN} += "krb5" | ||
37 | 31 | ||
38 | inherit autotools | 32 | do_configure:prepend() { |
33 | cd ${S} | ||
34 | ./bootstrap | ||
35 | } | ||
39 | 36 | ||
40 | do_install:append() { | 37 | do_install:append() { |
41 | # install some docs | 38 | # install some docs |
@@ -49,3 +46,6 @@ do_install:append() { | |||
49 | # change the libgssapi_krb5.so path and name(it is .so.2) | 46 | # change the libgssapi_krb5.so path and name(it is .so.2) |
50 | sed -i -e "s:/usr/lib/libgssapi_krb5.so:libgssapi_krb5.so.2:" ${D}${sysconfdir}/gssapi_mech.conf | 47 | sed -i -e "s:/usr/lib/libgssapi_krb5.so:libgssapi_krb5.so.2:" ${D}${sysconfdir}/gssapi_mech.conf |
51 | } | 48 | } |
49 | |||
50 | # gssglue can use krb5, spkm3... as gssapi library, configurable | ||
51 | RRECOMMENDS:${PN} += "krb5" | ||