diff options
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-connectivity/connman/connman/0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch | 72 | ||||
-rw-r--r-- | meta/recipes-connectivity/connman/connman/CVE-2017-12865.patch | 87 | ||||
-rw-r--r-- | meta/recipes-connectivity/connman/connman_1.35.bb (renamed from meta/recipes-connectivity/connman/connman_1.34.bb) | 6 |
3 files changed, 2 insertions, 163 deletions
diff --git a/meta/recipes-connectivity/connman/connman/0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch b/meta/recipes-connectivity/connman/connman/0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch deleted file mode 100644 index cfafbd1271..0000000000 --- a/meta/recipes-connectivity/connman/connman/0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch +++ /dev/null | |||
@@ -1,72 +0,0 @@ | |||
1 | From 4058ce3186a99fd5f03350fc11a7fc8d38b6a381 Mon Sep 17 00:00:00 2001 | ||
2 | From: "Maxin B. John" <maxin.john@intel.com> | ||
3 | Date: Mon, 8 May 2017 10:53:18 +0300 | ||
4 | Subject: [PATCH] firewall-nftables: fix build with libnftnl-1.0.7 | ||
5 | |||
6 | We need these updates to accommodate the changes caused by the following | ||
7 | commit in libnftnl-1.0.7 | ||
8 | |||
9 | commit 907a9f8e5a93f5bcd449643eb3916a656d634758 | ||
10 | Author: Pablo Neira Ayuso <pablo@netfilter.org> | ||
11 | Date: Tue Dec 20 13:47:11 2016 +0100 | ||
12 | |||
13 | src: get rid of aliases and compat | ||
14 | |||
15 | This machinery was introduced to avoid sudden compilation breakage of | ||
16 | old nftables releases. With the upcoming release of 0.7 (and 0.6 which | ||
17 | is now 6 months old) this is not required anymore. | ||
18 | |||
19 | Moreover, users gain nothing from older releases since they are | ||
20 | half-boiled and buggy. | ||
21 | |||
22 | So let's get rid of aliases now. Bump LIBVERSION and update map file. | ||
23 | |||
24 | Upstream-Status: Submitted | ||
25 | |||
26 | Signed-off-by: Maxin B. John <maxin.john@intel.com> | ||
27 | --- | ||
28 | src/firewall-nftables.c | 14 +++++++------- | ||
29 | 1 file changed, 7 insertions(+), 7 deletions(-) | ||
30 | |||
31 | diff --git a/src/firewall-nftables.c b/src/firewall-nftables.c | ||
32 | index 583d1c4..83b137b 100644 | ||
33 | --- a/src/firewall-nftables.c | ||
34 | +++ b/src/firewall-nftables.c | ||
35 | @@ -387,9 +387,9 @@ static int add_cmp(struct nftnl_rule *rule, uint32_t sreg, uint32_t op, | ||
36 | if (!expr) | ||
37 | return -ENOMEM; | ||
38 | |||
39 | - nftnl_expr_set_u32(expr, NFT_EXPR_CMP_SREG, sreg); | ||
40 | - nftnl_expr_set_u32(expr, NFT_EXPR_CMP_OP, op); | ||
41 | - nftnl_expr_set(expr, NFT_EXPR_CMP_DATA, data, data_len); | ||
42 | + nftnl_expr_set_u32(expr, NFTNL_EXPR_CMP_SREG, sreg); | ||
43 | + nftnl_expr_set_u32(expr, NFTNL_EXPR_CMP_OP, op); | ||
44 | + nftnl_expr_set(expr, NFTNL_EXPR_CMP_DATA, data, data_len); | ||
45 | |||
46 | nftnl_rule_add_expr(rule, expr); | ||
47 | |||
48 | @@ -575,8 +575,8 @@ static int build_rule_nat(const char *address, unsigned char prefixlen, | ||
49 | expr = nftnl_expr_alloc("meta"); | ||
50 | if (!expr) | ||
51 | goto err; | ||
52 | - nftnl_expr_set_u32(expr, NFT_EXPR_META_KEY, NFT_META_OIFNAME); | ||
53 | - nftnl_expr_set_u32(expr, NFT_EXPR_META_DREG, NFT_REG_1); | ||
54 | + nftnl_expr_set_u32(expr, NFTNL_EXPR_META_KEY, NFT_META_OIFNAME); | ||
55 | + nftnl_expr_set_u32(expr, NFTNL_EXPR_META_DREG, NFT_REG_1); | ||
56 | nftnl_rule_add_expr(rule, expr); | ||
57 | err = add_cmp(rule, NFT_REG_1, NFT_CMP_EQ, interface, | ||
58 | strlen(interface) + 1); | ||
59 | @@ -677,8 +677,8 @@ static int build_rule_snat(int index, const char *address, | ||
60 | expr = nftnl_expr_alloc("meta"); | ||
61 | if (!expr) | ||
62 | goto err; | ||
63 | - nftnl_expr_set_u32(expr, NFT_EXPR_META_KEY, NFT_META_OIF); | ||
64 | - nftnl_expr_set_u32(expr, NFT_EXPR_META_DREG, NFT_REG_1); | ||
65 | + nftnl_expr_set_u32(expr, NFTNL_EXPR_META_KEY, NFT_META_OIF); | ||
66 | + nftnl_expr_set_u32(expr, NFTNL_EXPR_META_DREG, NFT_REG_1); | ||
67 | nftnl_rule_add_expr(rule, expr); | ||
68 | err = add_cmp(rule, NFT_REG_1, NFT_CMP_EQ, &index, sizeof(index)); | ||
69 | if (err < 0) | ||
70 | -- | ||
71 | 2.4.0 | ||
72 | |||
diff --git a/meta/recipes-connectivity/connman/connman/CVE-2017-12865.patch b/meta/recipes-connectivity/connman/connman/CVE-2017-12865.patch deleted file mode 100644 index 45f78f10ea..0000000000 --- a/meta/recipes-connectivity/connman/connman/CVE-2017-12865.patch +++ /dev/null | |||
@@ -1,87 +0,0 @@ | |||
1 | From 5c281d182ecdd0a424b64f7698f32467f8f67b71 Mon Sep 17 00:00:00 2001 | ||
2 | From: Jukka Rissanen <jukka.rissanen@linux.intel.com> | ||
3 | Date: Wed, 9 Aug 2017 10:16:46 +0300 | ||
4 | Subject: dnsproxy: Fix crash on malformed DNS response | ||
5 | |||
6 | If the response query string is malformed, we might access memory | ||
7 | pass the end of "name" variable in parse_response(). | ||
8 | |||
9 | CVE: CVE-2017-12865 | ||
10 | Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/patch/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71] | ||
11 | |||
12 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
13 | --- | ||
14 | src/dnsproxy.c | 16 ++++++++++------ | ||
15 | 1 file changed, 10 insertions(+), 6 deletions(-) | ||
16 | |||
17 | diff --git a/src/dnsproxy.c b/src/dnsproxy.c | ||
18 | index 38ac5bf..40b4f15 100644 | ||
19 | --- a/src/dnsproxy.c | ||
20 | +++ b/src/dnsproxy.c | ||
21 | @@ -838,7 +838,7 @@ static struct cache_entry *cache_check(gpointer request, int *qtype, int proto) | ||
22 | static int get_name(int counter, | ||
23 | unsigned char *pkt, unsigned char *start, unsigned char *max, | ||
24 | unsigned char *output, int output_max, int *output_len, | ||
25 | - unsigned char **end, char *name, int *name_len) | ||
26 | + unsigned char **end, char *name, size_t max_name, int *name_len) | ||
27 | { | ||
28 | unsigned char *p; | ||
29 | |||
30 | @@ -859,7 +859,7 @@ static int get_name(int counter, | ||
31 | |||
32 | return get_name(counter + 1, pkt, pkt + offset, max, | ||
33 | output, output_max, output_len, end, | ||
34 | - name, name_len); | ||
35 | + name, max_name, name_len); | ||
36 | } else { | ||
37 | unsigned label_len = *p; | ||
38 | |||
39 | @@ -869,6 +869,9 @@ static int get_name(int counter, | ||
40 | if (*output_len > output_max) | ||
41 | return -ENOBUFS; | ||
42 | |||
43 | + if ((*name_len + 1 + label_len + 1) > max_name) | ||
44 | + return -ENOBUFS; | ||
45 | + | ||
46 | /* | ||
47 | * We need the original name in order to check | ||
48 | * if this answer is the correct one. | ||
49 | @@ -900,14 +903,14 @@ static int parse_rr(unsigned char *buf, unsigned char *start, | ||
50 | unsigned char *response, unsigned int *response_size, | ||
51 | uint16_t *type, uint16_t *class, int *ttl, int *rdlen, | ||
52 | unsigned char **end, | ||
53 | - char *name) | ||
54 | + char *name, size_t max_name) | ||
55 | { | ||
56 | struct domain_rr *rr; | ||
57 | int err, offset; | ||
58 | int name_len = 0, output_len = 0, max_rsp = *response_size; | ||
59 | |||
60 | err = get_name(0, buf, start, max, response, max_rsp, | ||
61 | - &output_len, end, name, &name_len); | ||
62 | + &output_len, end, name, max_name, &name_len); | ||
63 | if (err < 0) | ||
64 | return err; | ||
65 | |||
66 | @@ -1033,7 +1036,8 @@ static int parse_response(unsigned char *buf, int buflen, | ||
67 | memset(rsp, 0, sizeof(rsp)); | ||
68 | |||
69 | ret = parse_rr(buf, ptr, buf + buflen, rsp, &rsp_len, | ||
70 | - type, class, ttl, &rdlen, &next, name); | ||
71 | + type, class, ttl, &rdlen, &next, name, | ||
72 | + sizeof(name) - 1); | ||
73 | if (ret != 0) { | ||
74 | err = ret; | ||
75 | goto out; | ||
76 | @@ -1099,7 +1103,7 @@ static int parse_response(unsigned char *buf, int buflen, | ||
77 | */ | ||
78 | ret = get_name(0, buf, next - rdlen, buf + buflen, | ||
79 | rsp, rsp_len, &output_len, &end, | ||
80 | - name, &name_len); | ||
81 | + name, sizeof(name) - 1, &name_len); | ||
82 | if (ret != 0) { | ||
83 | /* just ignore the error at this point */ | ||
84 | ptr = next; | ||
85 | -- | ||
86 | cgit v1.1 | ||
87 | |||
diff --git a/meta/recipes-connectivity/connman/connman_1.34.bb b/meta/recipes-connectivity/connman/connman_1.35.bb index dc2c688f49..950946fe76 100644 --- a/meta/recipes-connectivity/connman/connman_1.34.bb +++ b/meta/recipes-connectivity/connman/connman_1.35.bb | |||
@@ -2,17 +2,15 @@ require connman.inc | |||
2 | 2 | ||
3 | SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ | 3 | SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ |
4 | file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \ | 4 | file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \ |
5 | file://0001-firewall-nftables-fix-build-with-libnftnl-1.0.7.patch \ | ||
6 | file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \ | 5 | file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \ |
7 | file://connman \ | 6 | file://connman \ |
8 | file://no-version-scripts.patch \ | 7 | file://no-version-scripts.patch \ |
9 | file://includes.patch \ | 8 | file://includes.patch \ |
10 | file://CVE-2017-12865.patch \ | ||
11 | " | 9 | " |
12 | SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch \ | 10 | SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch \ |
13 | " | 11 | " |
14 | 12 | ||
15 | SRC_URI[md5sum] = "e200028702c831d5f535d20d61e608ef" | 13 | SRC_URI[md5sum] = "bae37b45ee9b3db5ec8115188f8a7652" |
16 | SRC_URI[sha256sum] = "a9a0808c729c1f348fc36d8cecb52d19b72bc34cb411c502608cb0e0190fc71e" | 14 | SRC_URI[sha256sum] = "66d7deb98371545c6e417239a9b3b3e3201c1529d08eedf40afbc859842cf2aa" |
17 | 15 | ||
18 | RRECOMMENDS_${PN} = "connman-conf" | 16 | RRECOMMENDS_${PN} = "connman-conf" |