3 files changed, 2 insertions, 163 deletions
diff --git a/meta/recipes-connectivity/connman/connman/0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch b/meta/recipes-connectivity/connman/connman/0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch
deleted file mode 100644
index cfafbd1271..0000000000
--- a/meta/recipes-connectivity/connman/connman/0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 4058ce3186a99fd5f03350fc11a7fc8d38b6a381 Mon Sep 17 00:00:00 2001
-From: "Maxin B. John" <maxin.john@intel.com>
-Date: Mon, 8 May 2017 10:53:18 +0300
-Subject: [PATCH] firewall-nftables: fix build with libnftnl-1.0.7
-We need these updates to accommodate the changes caused by the following
-commit in libnftnl-1.0.7
-commit 907a9f8e5a93f5bcd449643eb3916a656d634758
-Author: Pablo Neira Ayuso <pablo@netfilter.org>
-Date:   Tue Dec 20 13:47:11 2016 +0100
-src: get rid of aliases and compat
-This machinery was introduced to avoid sudden compilation breakage of
-old nftables releases. With the upcoming release of 0.7 (and 0.6 which
-is now 6 months old) this is not required anymore.
-Moreover, users gain nothing from older releases since they are
-half-boiled and buggy.
-So let's get rid of aliases now. Bump LIBVERSION and update map file.
-Upstream-Status: Submitted
-Signed-off-by: Maxin B. John <maxin.john@intel.com>
---
- src/firewall-nftables.c | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-diff --git a/src/firewall-nftables.c b/src/firewall-nftables.c
-index 583d1c4..83b137b 100644
--- a/src/firewall-nftables.c
-+++ b/src/firewall-nftables.c
-@@ -387,9 +387,9 @@ static int add_cmp(struct nftnl_rule *rule, uint32_t sreg, uint32_t op,
-         if (!expr)
-                 return -ENOMEM;
- 
-        nftnl_expr_set_u32(expr, NFT_EXPR_CMP_SREG, sreg);
-        nftnl_expr_set_u32(expr, NFT_EXPR_CMP_OP, op);
-        nftnl_expr_set(expr, NFT_EXPR_CMP_DATA, data, data_len);
-+        nftnl_expr_set_u32(expr, NFTNL_EXPR_CMP_SREG, sreg);
-+        nftnl_expr_set_u32(expr, NFTNL_EXPR_CMP_OP, op);
-+        nftnl_expr_set(expr, NFTNL_EXPR_CMP_DATA, data, data_len);
- 
-         nftnl_rule_add_expr(rule, expr);
- 
-@@ -575,8 +575,8 @@ static int build_rule_nat(const char *address, unsigned char prefixlen,
-        expr = nftnl_expr_alloc("meta");
-        if (!expr)
-                goto err;
-       nftnl_expr_set_u32(expr, NFT_EXPR_META_KEY, NFT_META_OIFNAME);
-       nftnl_expr_set_u32(expr, NFT_EXPR_META_DREG, NFT_REG_1);
-+       nftnl_expr_set_u32(expr, NFTNL_EXPR_META_KEY, NFT_META_OIFNAME);
-+       nftnl_expr_set_u32(expr, NFTNL_EXPR_META_DREG, NFT_REG_1);
-        nftnl_rule_add_expr(rule, expr);
-        err = add_cmp(rule, NFT_REG_1, NFT_CMP_EQ, interface,
-                        strlen(interface) + 1);
-@@ -677,8 +677,8 @@ static int build_rule_snat(int index, const char *address,
-        expr = nftnl_expr_alloc("meta");
-        if (!expr)
-                goto err;
-       nftnl_expr_set_u32(expr, NFT_EXPR_META_KEY, NFT_META_OIF);
-       nftnl_expr_set_u32(expr, NFT_EXPR_META_DREG, NFT_REG_1);
-+       nftnl_expr_set_u32(expr, NFTNL_EXPR_META_KEY, NFT_META_OIF);
-+       nftnl_expr_set_u32(expr, NFTNL_EXPR_META_DREG, NFT_REG_1);
-        nftnl_rule_add_expr(rule, expr);
-        err = add_cmp(rule, NFT_REG_1, NFT_CMP_EQ, &index, sizeof(index));
-        if (err < 0)
-- 
-2.4.0
diff --git a/meta/recipes-connectivity/connman/connman/CVE-2017-12865.patch b/meta/recipes-connectivity/connman/connman/CVE-2017-12865.patch
deleted file mode 100644
index 45f78f10ea..0000000000
--- a/meta/recipes-connectivity/connman/connman/CVE-2017-12865.patch
+++ /dev/null
@@ -1,87 +0,0 @@
-From 5c281d182ecdd0a424b64f7698f32467f8f67b71 Mon Sep 17 00:00:00 2001
-From: Jukka Rissanen <jukka.rissanen@linux.intel.com>
-Date: Wed, 9 Aug 2017 10:16:46 +0300
-Subject: dnsproxy: Fix crash on malformed DNS response
-If the response query string is malformed, we might access memory
-pass the end of "name" variable in parse_response().
-CVE: CVE-2017-12865
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/patch/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71]
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
- src/dnsproxy.c | 16 ++++++++++------
- 1 file changed, 10 insertions(+), 6 deletions(-)
-diff --git a/src/dnsproxy.c b/src/dnsproxy.c
-index 38ac5bf..40b4f15 100644
--- a/src/dnsproxy.c
-+++ b/src/dnsproxy.c
-@@ -838,7 +838,7 @@ static struct cache_entry *cache_check(gpointer request, int *qtype, int proto)
- static int get_name(int counter,
-                unsigned char *pkt, unsigned char *start, unsigned char *max,
-                unsigned char *output, int output_max, int *output_len,
-               unsigned char **end, char *name, int *name_len)
-+               unsigned char **end, char *name, size_t max_name, int *name_len)
- {
-        unsigned char *p;
- 
-@@ -859,7 +859,7 @@ static int get_name(int counter,
- 
-                        return get_name(counter + 1, pkt, pkt + offset, max,
-                                        output, output_max, output_len, end,
-                                       name, name_len);
-+                                       name, max_name, name_len);
-                } else {
-                        unsigned label_len = *p;
- 
-@@ -869,6 +869,9 @@ static int get_name(int counter,
-                        if (*output_len > output_max)
-                                return -ENOBUFS;
- 
-+                       if ((*name_len + 1 + label_len + 1) > max_name)
-+                               return -ENOBUFS;
-+
-                        /*
-                         * We need the original name in order to check
-                         * if this answer is the correct one.
-@@ -900,14 +903,14 @@ static int parse_rr(unsigned char *buf, unsigned char *start,
-                        unsigned char *response, unsigned int *response_size,
-                        uint16_t *type, uint16_t *class, int *ttl, int *rdlen,
-                        unsigned char **end,
-                       char *name)
-+                       char *name, size_t max_name)
- {
-        struct domain_rr *rr;
-        int err, offset;
-        int name_len = 0, output_len = 0, max_rsp = *response_size;
- 
-        err = get_name(0, buf, start, max, response, max_rsp,
-               &output_len, end, name, &name_len);
-+                       &output_len, end, name, max_name, &name_len);
-        if (err < 0)
-                return err;
- 
-@@ -1033,7 +1036,8 @@ static int parse_response(unsigned char *buf, int buflen,
-                memset(rsp, 0, sizeof(rsp));
- 
-                ret = parse_rr(buf, ptr, buf + buflen, rsp, &rsp_len,
-                       type, class, ttl, &rdlen, &next, name);
-+                       type, class, ttl, &rdlen, &next, name,
-+                       sizeof(name) - 1);
-                if (ret != 0) {
-                        err = ret;
-                        goto out;
-@@ -1099,7 +1103,7 @@ static int parse_response(unsigned char *buf, int buflen,
-                         */
-                        ret = get_name(0, buf, next - rdlen, buf + buflen,
-                                        rsp, rsp_len, &output_len, &end,
-                                       name, &name_len);
-+                                       name, sizeof(name) - 1, &name_len);
-                        if (ret != 0) {
-                                /* just ignore the error at this point */
-                                ptr = next;
-- 
-cgit v1.1
diff --git a/meta/recipes-connectivity/connman/connman_1.34.bb b/meta/recipes-connectivity/connman/connman_1.35.bb
index dc2c688f49..950946fe76 100644
--- a/meta/recipes-connectivity/connman/connman_1.34.bb
+++ b/meta/recipes-connectivity/connman/connman_1.35.bb
@@ -2,17 +2,15 @@ require connman.inc
 SRC_URI  = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
            file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \
-            file://0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch \
            file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \
            file://connman \
            file://no-version-scripts.patch \
            file://includes.patch \
-            file://CVE-2017-12865.patch \
            "
 SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch \
                             "
-SRC_URI[md5sum] = "e200028702c831d5f535d20d61e608ef"
+SRC_URI[md5sum] = "bae37b45ee9b3db5ec8115188f8a7652"
-SRC_URI[sha256sum] = "a9a0808c729c1f348fc36d8cecb52d19b72bc34cb411c502608cb0e0190fc71e"
+SRC_URI[sha256sum] = "66d7deb98371545c6e417239a9b3b3e3201c1529d08eedf40afbc859842cf2aa"
 RRECOMMENDS_${PN} = "connman-conf"

diff --git a/meta/recipes-connectivity/connman/connman/0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch b/meta/recipes-connectivity/connman/connman/0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch deleted file mode 100644 index cfafbd1271..0000000000 --- a/meta/recipes-connectivity/connman/connman/0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch +++ /dev/null
@@ -1,72 +0,0 @@
1	From 4058ce3186a99fd5f03350fc11a7fc8d38b6a381 Mon Sep 17 00:00:00 2001
2	From: "Maxin B. John" <maxin.john@intel.com>
3	Date: Mon, 8 May 2017 10:53:18 +0300
4	Subject: [PATCH] firewall-nftables: fix build with libnftnl-1.0.7
5
6	We need these updates to accommodate the changes caused by the following
7	commit in libnftnl-1.0.7
8
9	commit 907a9f8e5a93f5bcd449643eb3916a656d634758
10	Author: Pablo Neira Ayuso <pablo@netfilter.org>
11	Date: Tue Dec 20 13:47:11 2016 +0100
12
13	src: get rid of aliases and compat
14
15	This machinery was introduced to avoid sudden compilation breakage of
16	old nftables releases. With the upcoming release of 0.7 (and 0.6 which
17	is now 6 months old) this is not required anymore.
18
19	Moreover, users gain nothing from older releases since they are
20	half-boiled and buggy.
21
22	So let's get rid of aliases now. Bump LIBVERSION and update map file.
23
24	Upstream-Status: Submitted
25
26	Signed-off-by: Maxin B. John <maxin.john@intel.com>
27	---
28	src/firewall-nftables.c \| 14 +++++++-------
29	1 file changed, 7 insertions(+), 7 deletions(-)
30
31	diff --git a/src/firewall-nftables.c b/src/firewall-nftables.c
32	index 583d1c4..83b137b 100644
33	--- a/src/firewall-nftables.c
34	+++ b/src/firewall-nftables.c
35	@@ -387,9 +387,9 @@ static int add_cmp(struct nftnl_rule *rule, uint32_t sreg, uint32_t op,
36	if (!expr)
37	return -ENOMEM;
38
39	- nftnl_expr_set_u32(expr, NFT_EXPR_CMP_SREG, sreg);
40	- nftnl_expr_set_u32(expr, NFT_EXPR_CMP_OP, op);
41	- nftnl_expr_set(expr, NFT_EXPR_CMP_DATA, data, data_len);
42	+ nftnl_expr_set_u32(expr, NFTNL_EXPR_CMP_SREG, sreg);
43	+ nftnl_expr_set_u32(expr, NFTNL_EXPR_CMP_OP, op);
44	+ nftnl_expr_set(expr, NFTNL_EXPR_CMP_DATA, data, data_len);
45
46	nftnl_rule_add_expr(rule, expr);
47
48	@@ -575,8 +575,8 @@ static int build_rule_nat(const char *address, unsigned char prefixlen,
49	expr = nftnl_expr_alloc("meta");
50	if (!expr)
51	goto err;
52	- nftnl_expr_set_u32(expr, NFT_EXPR_META_KEY, NFT_META_OIFNAME);
53	- nftnl_expr_set_u32(expr, NFT_EXPR_META_DREG, NFT_REG_1);
54	+ nftnl_expr_set_u32(expr, NFTNL_EXPR_META_KEY, NFT_META_OIFNAME);
55	+ nftnl_expr_set_u32(expr, NFTNL_EXPR_META_DREG, NFT_REG_1);
56	nftnl_rule_add_expr(rule, expr);
57	err = add_cmp(rule, NFT_REG_1, NFT_CMP_EQ, interface,
58	strlen(interface) + 1);
59	@@ -677,8 +677,8 @@ static int build_rule_snat(int index, const char *address,
60	expr = nftnl_expr_alloc("meta");
61	if (!expr)
62	goto err;
63	- nftnl_expr_set_u32(expr, NFT_EXPR_META_KEY, NFT_META_OIF);
64	- nftnl_expr_set_u32(expr, NFT_EXPR_META_DREG, NFT_REG_1);
65	+ nftnl_expr_set_u32(expr, NFTNL_EXPR_META_KEY, NFT_META_OIF);
66	+ nftnl_expr_set_u32(expr, NFTNL_EXPR_META_DREG, NFT_REG_1);
67	nftnl_rule_add_expr(rule, expr);
68	err = add_cmp(rule, NFT_REG_1, NFT_CMP_EQ, &index, sizeof(index));
69	if (err < 0)
70	--
71	2.4.0
72


diff --git a/meta/recipes-connectivity/connman/connman/CVE-2017-12865.patch b/meta/recipes-connectivity/connman/connman/CVE-2017-12865.patch deleted file mode 100644 index 45f78f10ea..0000000000 --- a/meta/recipes-connectivity/connman/connman/CVE-2017-12865.patch +++ /dev/null
@@ -1,87 +0,0 @@
1	From 5c281d182ecdd0a424b64f7698f32467f8f67b71 Mon Sep 17 00:00:00 2001
2	From: Jukka Rissanen <jukka.rissanen@linux.intel.com>
3	Date: Wed, 9 Aug 2017 10:16:46 +0300
4	Subject: dnsproxy: Fix crash on malformed DNS response
5
6	If the response query string is malformed, we might access memory
7	pass the end of "name" variable in parse_response().
8
9	CVE: CVE-2017-12865
10	Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/patch/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71]
11
12	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
13	---
14	src/dnsproxy.c \| 16 ++++++++++------
15	1 file changed, 10 insertions(+), 6 deletions(-)
16
17	diff --git a/src/dnsproxy.c b/src/dnsproxy.c
18	index 38ac5bf..40b4f15 100644
19	--- a/src/dnsproxy.c
20	+++ b/src/dnsproxy.c
21	@@ -838,7 +838,7 @@ static struct cache_entry cache_check(gpointer request, int qtype, int proto)
22	static int get_name(int counter,
23	unsigned char pkt, unsigned char start, unsigned char *max,
24	unsigned char output, int output_max, int output_len,
25	- unsigned char *end, char name, int *name_len)
26	+ unsigned char *end, char name, size_t max_name, int *name_len)
27	{
28	unsigned char *p;
29
30	@@ -859,7 +859,7 @@ static int get_name(int counter,
31
32	return get_name(counter + 1, pkt, pkt + offset, max,
33	output, output_max, output_len, end,
34	- name, name_len);
35	+ name, max_name, name_len);
36	} else {
37	unsigned label_len = *p;
38
39	@@ -869,6 +869,9 @@ static int get_name(int counter,
40	if (*output_len > output_max)
41	return -ENOBUFS;
42
43	+ if ((*name_len + 1 + label_len + 1) > max_name)
44	+ return -ENOBUFS;
45	+
46	/*
47	* We need the original name in order to check
48	* if this answer is the correct one.
49	@@ -900,14 +903,14 @@ static int parse_rr(unsigned char buf, unsigned char start,
50	unsigned char response, unsigned int response_size,
51	uint16_t type, uint16_t class, int ttl, int rdlen,
52	unsigned char **end,
53	- char *name)
54	+ char *name, size_t max_name)
55	{
56	struct domain_rr *rr;
57	int err, offset;
58	int name_len = 0, output_len = 0, max_rsp = *response_size;
59
60	err = get_name(0, buf, start, max, response, max_rsp,
61	- &output_len, end, name, &name_len);
62	+ &output_len, end, name, max_name, &name_len);
63	if (err < 0)
64	return err;
65
66	@@ -1033,7 +1036,8 @@ static int parse_response(unsigned char *buf, int buflen,
67	memset(rsp, 0, sizeof(rsp));
68
69	ret = parse_rr(buf, ptr, buf + buflen, rsp, &rsp_len,
70	- type, class, ttl, &rdlen, &next, name);
71	+ type, class, ttl, &rdlen, &next, name,
72	+ sizeof(name) - 1);
73	if (ret != 0) {
74	err = ret;
75	goto out;
76	@@ -1099,7 +1103,7 @@ static int parse_response(unsigned char *buf, int buflen,
77	*/
78	ret = get_name(0, buf, next - rdlen, buf + buflen,
79	rsp, rsp_len, &output_len, &end,
80	- name, &name_len);
81	+ name, sizeof(name) - 1, &name_len);
82	if (ret != 0) {
83	/* just ignore the error at this point */
84	ptr = next;
85	--
86	cgit v1.1
87


diff --git a/meta/recipes-connectivity/connman/connman_1.34.bb b/meta/recipes-connectivity/connman/connman_1.35.bb index dc2c688f49..950946fe76 100644 --- a/meta/recipes-connectivity/connman/connman_1.34.bb +++ b/meta/recipes-connectivity/connman/connman_1.35.bb
@@ -2,17 +2,15 @@ require connman.inc
2		2
3	SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \	3	SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
4	file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \	4	file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \
5	file://0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch \
6	file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \	5	file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \
7	file://connman \	6	file://connman \
8	file://no-version-scripts.patch \	7	file://no-version-scripts.patch \
9	file://includes.patch \	8	file://includes.patch \
10	file://CVE-2017-12865.patch \
11	"	9	"
12	SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch \	10	SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch \
13	"	11	"
14		12
15	SRC_URI[md5sum] = "e200028702c831d5f535d20d61e608ef"	13	SRC_URI[md5sum] = "bae37b45ee9b3db5ec8115188f8a7652"
16	SRC_URI[sha256sum] = "a9a0808c729c1f348fc36d8cecb52d19b72bc34cb411c502608cb0e0190fc71e"	14	SRC_URI[sha256sum] = "66d7deb98371545c6e417239a9b3b3e3201c1529d08eedf40afbc859842cf2aa"
17		15
18	RRECOMMENDS_${PN} = "connman-conf"	16	RRECOMMENDS_${PN} = "connman-conf"