diff options
| author | Wang Mingyu <wangmy@fujitsu.com> | 2022-11-03 13:30:48 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-11-07 14:32:42 +0000 |
| commit | f42c3d428d8741f0074fd75d3c5133c663418795 (patch) | |
| tree | a68774f1c0b59919f4349e9da11934c72c30265d /meta | |
| parent | 109549e5b9152fa47b600684e104328490e71c56 (diff) | |
| download | poky-f42c3d428d8741f0074fd75d3c5133c663418795.tar.gz | |
inetutils: upgrade 2.3 -> 2.4
CVE-2022-39028.patch
removed since it's included in 2.4
Changelog:
==========
ifconfig
------------
Support specifying prefix netmask lengths in -A.
Hurd: tell pfinet translator interfaces to configure
ftp
----------
Avoid crash caused by signed integer overflow resulting in out-of-bounds buffer access.
Avoid crash caused by heap buffer overflow.
Avoid crash caused by NULL pointer dereference.
Avoid crash caused by infinite macro recursion.
telnetd
-----------
Avoid crash on 0xff 0xf7 (IAC EC) or 0xff 0xf8 (IAC EL). CVE-2022-39028
telnet
-----------
Fix a buffer overflow problem. CVE-2019-0053
tftp
-----------
Avoid crashing when given unexpected or invalid commands from tty.
Various bugs fixes, internal improvements and clean ups.
(From OE-Core rev: fec6ec179b97b768d32fbd782338450edc1a5344)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
| -rw-r--r-- | meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch | 54 | ||||
| -rw-r--r-- | meta/recipes-connectivity/inetutils/inetutils_2.4.bb (renamed from meta/recipes-connectivity/inetutils/inetutils_2.3.bb) | 3 |
2 files changed, 1 insertions, 56 deletions
diff --git a/meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch b/meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch deleted file mode 100644 index 3b07515c7b..0000000000 --- a/meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch +++ /dev/null | |||
| @@ -1,54 +0,0 @@ | |||
| 1 | From d52349fa1b6baac77ffa2c74769636aa2ece2ec5 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Erik Auerswald <auerswal@unix-ag.uni-kl.de> | ||
| 3 | Date: Sat, 3 Sep 2022 16:58:16 +0200 | ||
| 4 | Subject: [PATCH] telnetd: Handle early IAC EC or IAC EL receipt | ||
| 5 | |||
| 6 | Fix telnetd crash if the first two bytes of a new connection | ||
| 7 | are 0xff 0xf7 (IAC EC) or 0xff 0xf8 (IAC EL). | ||
| 8 | |||
| 9 | The problem was reported in: | ||
| 10 | <https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html>. | ||
| 11 | |||
| 12 | * NEWS: Mention fix. | ||
| 13 | * telnetd/state.c (telrcv): Handle zero slctab[SLC_EC].sptr and | ||
| 14 | zero slctab[SLC_EL].sptr. | ||
| 15 | |||
| 16 | CVE: CVE-2022-39028 | ||
| 17 | Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=fae8263e467380483c28513c0e5fac143e46f94f] | ||
| 18 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
| 19 | --- | ||
| 20 | telnetd/state.c | 12 +++++++++--- | ||
| 21 | 1 file changed, 9 insertions(+), 3 deletions(-) | ||
| 22 | |||
| 23 | diff --git a/telnetd/state.c b/telnetd/state.c | ||
| 24 | index ffc6cba..c2d760f 100644 | ||
| 25 | --- a/telnetd/state.c | ||
| 26 | +++ b/telnetd/state.c | ||
| 27 | @@ -312,15 +312,21 @@ telrcv (void) | ||
| 28 | case EC: | ||
| 29 | case EL: | ||
| 30 | { | ||
| 31 | - cc_t ch; | ||
| 32 | + cc_t ch = (cc_t) (_POSIX_VDISABLE); | ||
| 33 | |||
| 34 | DEBUG (debug_options, 1, printoption ("td: recv IAC", c)); | ||
| 35 | ptyflush (); /* half-hearted */ | ||
| 36 | init_termbuf (); | ||
| 37 | if (c == EC) | ||
| 38 | - ch = *slctab[SLC_EC].sptr; | ||
| 39 | + { | ||
| 40 | + if (slctab[SLC_EC].sptr) | ||
| 41 | + ch = *slctab[SLC_EC].sptr; | ||
| 42 | + } | ||
| 43 | else | ||
| 44 | - ch = *slctab[SLC_EL].sptr; | ||
| 45 | + { | ||
| 46 | + if (slctab[SLC_EL].sptr) | ||
| 47 | + ch = *slctab[SLC_EL].sptr; | ||
| 48 | + } | ||
| 49 | if (ch != (cc_t) (_POSIX_VDISABLE)) | ||
| 50 | pty_output_byte ((unsigned char) ch); | ||
| 51 | break; | ||
| 52 | -- | ||
| 53 | 2.37.3 | ||
| 54 | |||
diff --git a/meta/recipes-connectivity/inetutils/inetutils_2.3.bb b/meta/recipes-connectivity/inetutils/inetutils_2.4.bb index 2fce84374d..6519331141 100644 --- a/meta/recipes-connectivity/inetutils/inetutils_2.3.bb +++ b/meta/recipes-connectivity/inetutils/inetutils_2.4.bb | |||
| @@ -10,7 +10,7 @@ LICENSE = "GPL-3.0-only" | |||
| 10 | 10 | ||
| 11 | LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7" | 11 | LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7" |
| 12 | 12 | ||
| 13 | SRC_URI[sha256sum] = "0b01bb08e29623c4e3b940f233c961451d9af8c5066301add76a52a95d51772c" | 13 | SRC_URI[sha256sum] = "1789d6b1b1a57dfe2a7ab7b533ee9f5dfd9cbf5b59bb1bb3c2612ed08d0f68b2" |
| 14 | SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ | 14 | SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ |
| 15 | file://inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch \ | 15 | file://inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch \ |
| 16 | file://inetutils-1.8-0003-wchar.patch \ | 16 | file://inetutils-1.8-0003-wchar.patch \ |
| @@ -21,7 +21,6 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ | |||
| 21 | file://tftpd.xinetd.inetutils \ | 21 | file://tftpd.xinetd.inetutils \ |
| 22 | file://inetutils-1.9-PATH_PROCNET_DEV.patch \ | 22 | file://inetutils-1.9-PATH_PROCNET_DEV.patch \ |
| 23 | file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \ | 23 | file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \ |
| 24 | file://CVE-2022-39028.patch \ | ||
| 25 | " | 24 | " |
| 26 | 25 | ||
| 27 | inherit autotools gettext update-alternatives texinfo | 26 | inherit autotools gettext update-alternatives texinfo |