Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=sumo 2018-08-26T18:03:11+00:00 2018-08-26T18:03:11+00:00 Jagadeesh Krishnanjanappa jkrishnanjanappa@mvista.com 2018-08-23T11:21:23+00:00 urn:sha1:be79b8b111a968efdbe5e1482d0c246d0b24763e * CVE-2018-10906-1: fusermount: don't feed "escaped commas" into mount options The old code permits the following behavior: $ _FUSE_COMMFD=10000 priv_strace -etrace=mount -s200 fusermount -o 'foobar=\,allow_other' mount mount("/dev/fuse", ".", "fuse", MS_NOSUID|MS_NODEV, "foobar=\\,allow_other,fd=3,rootmode=40000,user_id=1000,group_id=1000") = -1 EINVAL (Invalid argument) However, backslashes do not have any special meaning for the kernel here. As it happens, you can't abuse this because there is no FUSE mount option that takes a string value that can contain backslashes; but this is very brittle. Don't interpret "escape characters" in places where they don't work. * CVE-2018-10906-2: fusermount: refuse unknown options Blacklists are notoriously fragile; especially if the kernel wishes to add some security-critical mount option at a later date, all existing systems with older versions of fusermount installed will suddenly have a security problem. Additionally, if the kernel's option parsing became a tiny bit laxer, the blacklist could probably be bypassed. Whitelist known-harmless flags instead, even if it's slightly more inconvenient. Affects fuse < 2.9.8 and fuse < 3.2.5 Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2018-05-02T01:12:48+00:00 Yi Zhao yi.zhao@windriver.com 2018-04-12T07:54:20+00:00 urn:sha1:eb65f2a8f7e4baf446c9f7feb0cf323ba6f732ff Refresh patches to fix do_patch warning. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> 2018-04-13T19:43:44+00:00 Armin Kuster akuster808@gmail.com 2018-04-08T17:45:04+00:00 urn:sha1:1bdf09b7887bb8f33858e0c3aea9607817c79dc8 Signed-off-by: Armin Kuster <akuster808@gmail.com> 2018-04-13T19:43:37+00:00 Martin Jansa martin.jansa@gmail.com 2018-04-06T12:49:18+00:00 urn:sha1:cdb919d1c85b51c91a501c11b057a50b29cb089f Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2018-04-09T00:00:06+00:00 Hains van den Bosch hainsvdbosch@ziggo.nl 2018-03-22T20:03:47+00:00 urn:sha1:f8dcfde59f646dd7d5a909dd5955211407ce15b3 WARNING: smbnetfs-git-r0 do_patch: Some of the context lines in patches were ignored. This can lead to incorrectly applied patches. The context lines in the patches can be updated with devtool: devtool modify <recipe> devtool finish --force-patch-refresh <recipe> <layer_path> Then the updated patches and the source tree (in devtool's workspace) should be reviewed to make sure the patches apply in the correct place and don't introduce duplicate lines (which can, and does happen when some of the context is ignored). Further information: http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.html https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450 Details: Applying patch Using-PKG_CHECK_MODULES-to-found-headers-and-libraries.patch patching file configure.ac Hunk #1 succeeded at 119 with fuzz 2 (offset -6 lines). patching file src/Makefile.am Hunk #1 succeeded at 17 (offset 1 line). Now at patch Using-PKG_CHECK_MODULES-to-found-headers-and-libraries.patch Signed-off-by: Hains van den Bosch <hainsvdbosch@ziggo.nl> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2018-03-29T23:48:04+00:00 Khem Raj raj.khem@gmail.com 2018-03-19T06:02:58+00:00 urn:sha1:f00b7481283852377677cc74f7ca66f844796904 This brings in new architecture support for risc-v Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2018-03-05T16:45:40+00:00 Martin Jansa martin.jansa@gmail.com 2018-02-01T14:23:40+00:00 urn:sha1:0db9697dc6b8cb470cd97377638af69dc1052189 * there is explicit dependency on libpam without respecting pam in DISTRO_FEATURES so add the check to prevent people building it against broken libpam Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> 2018-02-11T19:52:32+00:00 Khem Raj raj.khem@gmail.com 2018-02-01T06:03:54+00:00 urn:sha1:9e35f8d7883f837483d8be1c3333950d18b5eac5 Fix build with glibc 2.27 while here Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2018-02-11T19:48:12+00:00 Hains van den Bosch hainsvdbosch@ziggo.nl 2018-01-25T03:55:24+00:00 urn:sha1:86f865228940bcb9b2796123dbdaedb2ac1d8bdf gnome-keyring is deprecated and replaced with libsecret. Signed-off-by: Armin Kuster <akuster808@gmail.com> 2017-11-16T00:30:50+00:00 Athanasios Oikonomou athoik@gmail.com 2017-10-21T22:16:32+00:00 urn:sha1:62f1d7cfc39718a0a7aebccc9b4df67d4430b53a It seems that updating smbnetfs to latest revision fixes build issues. Also remove the blacklist allowing the plugin to build again. Patches reworked to apply on 0.6.0. Additionally handle missing libexecinfo (DEPENDS and LDFLAGS) when building with musl else we are getting the following error: | ../../git/src/common.c:7:10: fatal error: execinfo.h: No such file or directory | #include <execinfo.h> Signed-off-by: Athanasios Oikonomou <athoik@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>