diff options
Diffstat (limited to 'meta-openembedded/meta-networking/recipes-support')
10 files changed, 143 insertions, 10 deletions
diff --git a/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.8.0.bb b/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.8.0.bb index 58d683eab4..bdd87993d7 100644 --- a/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.8.0.bb +++ b/meta-openembedded/meta-networking/recipes-support/libldb/libldb_2.8.0.bb @@ -63,10 +63,10 @@ FILES:${PN}-dbg += "${bindir}/.debug/* \ ${libdir}/ldb/.debug/* \ ${libdir}/ldb/modules/ldb/.debug/*" -FILES:pyldb = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/* \ +FILES:pyldb = "${PYTHON_SITEPACKAGES_DIR}/* \ ${libdir}/libpyldb-util.*.so.* \ " -FILES:pyldb-dbg = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/.debug \ +FILES:pyldb-dbg = "${PYTHON_SITEPACKAGES_DIR}/.debug \ ${libdir}/.debug/libpyldb-util.*.so.*" FILES:pyldb-dev = "${libdir}/libpyldb-util.*.so" diff --git a/meta-openembedded/meta-networking/recipes-support/libtalloc/libtalloc_2.4.2.bb b/meta-openembedded/meta-networking/recipes-support/libtalloc/libtalloc_2.4.2.bb index 394c176287..b617f097cf 100644 --- a/meta-openembedded/meta-networking/recipes-support/libtalloc/libtalloc_2.4.2.bb +++ b/meta-openembedded/meta-networking/recipes-support/libtalloc/libtalloc_2.4.2.bb @@ -53,7 +53,7 @@ PACKAGES += "pytalloc pytalloc-dev" RPROVIDES:${PN}-dbg += "pytalloc-dbg" -FILES:pytalloc = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/* \ +FILES:pytalloc = "${PYTHON_SITEPACKAGES_DIR}/* \ ${libdir}/libpytalloc-util.so.2 \ ${libdir}/libpytalloc-util.so.2.1.1 \ " diff --git a/meta-openembedded/meta-networking/recipes-support/libtdb/libtdb_1.4.10.bb b/meta-openembedded/meta-networking/recipes-support/libtdb/libtdb_1.4.10.bb index f23b157e8c..bd3f9f63a9 100644 --- a/meta-openembedded/meta-networking/recipes-support/libtdb/libtdb_1.4.10.bb +++ b/meta-openembedded/meta-networking/recipes-support/libtdb/libtdb_1.4.10.bb @@ -58,6 +58,6 @@ RPROVIDES:${PN}-dbg += "python3-tdb-dbg" FILES:${PN} = "${libdir}/*.so.*" FILES:tdb-tools = "${bindir}/*" -FILES:python3-tdb = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*" +FILES:python3-tdb = "${PYTHON_SITEPACKAGES_DIR}/*" RDEPENDS:python3-tdb = "python3" INSANE_SKIP:${MLPREFIX}python3-tdb = "dev-so" diff --git a/meta-openembedded/meta-networking/recipes-support/libtevent/libtevent_0.16.0.bb b/meta-openembedded/meta-networking/recipes-support/libtevent/libtevent_0.16.1.bb index 67f36083bf..0a37d7977d 100644 --- a/meta-openembedded/meta-networking/recipes-support/libtevent/libtevent_0.16.0.bb +++ b/meta-openembedded/meta-networking/recipes-support/libtevent/libtevent_0.16.1.bb @@ -17,7 +17,7 @@ SRC_URI = "https://samba.org/ftp/tevent/tevent-${PV}.tar.gz \ LIC_FILES_CHKSUM = "file://tevent.h;endline=26;md5=47386b7c539bf2706b7ce52dc9341681" -SRC_URI[sha256sum] = "1aa58f21017ed8c2f606ae84aa7e795b5439edd4dd5f68f1a388a7d6fb40f682" +SRC_URI[sha256sum] = "362971e0f32dc1905f6fe4736319c4b8348c22dc85aa6c3f690a28efe548029e" inherit pkgconfig ptest waf-samba @@ -57,6 +57,6 @@ PACKAGES += "python3-tevent" RPROVIDES:${PN}-dbg += "python3-tevent-dbg" -FILES:python3-tevent = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*" +FILES:python3-tevent = "${PYTHON_SITEPACKAGES_DIR}/*" INSANE_SKIP:${MLPREFIX}python3-tevent = "dev-so" diff --git a/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb b/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb index 6696e552c7..82aab051f1 100644 --- a/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb +++ b/meta-openembedded/meta-networking/recipes-support/open-vm-tools/open-vm-tools_12.3.5.bb @@ -120,3 +120,5 @@ python() { } CVE_PRODUCT = "open-vm-tools vmware:tools" +CVE_STATUS[CVE-2014-4199] = "fixed-version: No action required. The current version (12.3.5) is not affected by the CVE which affects version 10.0.3" +CVE_STATUS[CVE-2014-4200] = "fixed-version: No action required. The current version (12.3.5) is not affected by the CVE which affects version 10.0.3" diff --git a/meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_50.0.bb b/meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_51.0.bb index ab4de22a51..7c26a8c436 100644 --- a/meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_50.0.bb +++ b/meta-openembedded/meta-networking/recipes-support/rdma-core/rdma-core_51.0.bb @@ -9,7 +9,7 @@ SRC_URI = "git://github.com/linux-rdma/rdma-core.git;branch=master;protocol=http file://0001-cmake-Allow-SYSTEMCTL_BIN-to-be-overridden-from-envi.patch \ file://0001-include-libgen.h-for-basename.patch \ " -SRCREV = "bc6b4bc134532e952fe7f8efc251e1f89b912098" +SRCREV = "6cd09097ad2eebde9a7fa3d3bb09a2cea6e3c2d6" S = "${WORKDIR}/git" #Default Dual License https://github.com/linux-rdma/rdma-core/blob/master/COPYING.md diff --git a/meta-openembedded/meta-networking/recipes-support/sngrep/sngrep_1.8.0.bb b/meta-openembedded/meta-networking/recipes-support/sngrep/sngrep_1.8.1.bb index 2824dde883..50248078a2 100644 --- a/meta-openembedded/meta-networking/recipes-support/sngrep/sngrep_1.8.0.bb +++ b/meta-openembedded/meta-networking/recipes-support/sngrep/sngrep_1.8.1.bb @@ -16,7 +16,7 @@ DEPENDS = "\ " SRC_URI = "git://github.com/irontec/sngrep.git;protocol=https;branch=master" -SRCREV = "f7b36df3b79617892958b67cb4ad9313c6ce72d2" +SRCREV = "373abb90804ba71f980c7120e62f90d3a5c81213" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-networking/recipes-support/spice/spice-gtk_0.42.bb b/meta-openembedded/meta-networking/recipes-support/spice/spice-gtk_0.42.bb index 82ce7067d9..c8a3f7f532 100644 --- a/meta-openembedded/meta-networking/recipes-support/spice/spice-gtk_0.42.bb +++ b/meta-openembedded/meta-networking/recipes-support/spice/spice-gtk_0.42.bb @@ -40,7 +40,7 @@ DEPENDS = " \ " DEPENDS:append:libc-musl = " libucontext" -RDEPENDS:${PN} = "python3-pyparsing python3-six usbids" +RDEPENDS:${PN} = "python3-pyparsing python3-six hwdata" inherit meson pkgconfig vala gobject-introspection features_check gtk-doc @@ -59,8 +59,9 @@ do_configure:prepend() { PACKAGECONFIG ??= "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'vapi', '', d)} smartcard" PACKAGECONFIG[vapi] = "-Dvapi=enabled,-Dvapi=disabled" PACKAGECONFIG[smartcard] = "-Dsmartcard=enabled,-Dsmartcard=disabled,libcacard" +PACKAGECONFIG[webdav] = "-Dwebdav=enabled,-Dwebdav=disabled,phodav libsoup" -EXTRA_OEMESON = "-Dpie=true -Dusb-ids-path=${datadir}/usb.ids " +EXTRA_OEMESON = "-Dpie=true -Dusb-ids-path=${datadir}/hwdata/usb.ids " EXTRA_OEMESON:append:libc-musl = " -Dcoroutine=libucontext" LDFLAGS += "${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-lld', ' -Wl,--undefined-version', '', d)}" diff --git a/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2024-2397.patch b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2024-2397.patch new file mode 100644 index 0000000000..69348030bb --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2024-2397.patch @@ -0,0 +1,129 @@ +From b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2 Mon Sep 17 00:00:00 2001 +From: Guy Harris <gharris@sonic.net> +Date: Tue, 12 Mar 2024 00:37:23 -0700 +Subject: [PATCH] ppp: use the buffer stack for the de-escaping buffer. + +This both saves the buffer for freeing later and saves the packet +pointer and snapend to be restored when packet processing is complete, +even if an exception is thrown with longjmp. + +This means that the hex/ASCII printing in pretty_print_packet() +processes the packet data as captured or read from the savefile, rather +than as modified by the PPP printer, so that the bounds checking is +correct. + +That fixes CVE-2024-2397, which was caused by an exception being thrown +by the hex/ASCII printer (which should only happen if those routines are +called by a packet printer, not if they're called for the -X/-x/-A +flag), which jumps back to the setjmp() that surrounds the packet +printer. Hilarity^Winfinite looping ensues. + +Also, restore ndo->ndo_packetp before calling the hex/ASCII printing +routine, in case nd_pop_all_packet_info() didn't restore it. + +Upstream-Status: Backport [https://github.com/the-tcpdump-group/tcpdump/commit/b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2] +CVE: CVE-2024-2397 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + print-ppp.c | 31 +++++++++++++++++-------------- + print.c | 8 ++++++-- + 2 files changed, 23 insertions(+), 16 deletions(-) + +diff --git a/print-ppp.c b/print-ppp.c +index aba243d..e5ae064 100644 +--- a/print-ppp.c ++++ b/print-ppp.c +@@ -42,6 +42,8 @@ + #include <net/if_ppp.h> + #endif + ++#include <stdlib.h> ++ + #include "netdissect.h" + #include "extract.h" + #include "addrtoname.h" +@@ -1363,7 +1365,6 @@ ppp_hdlc(netdissect_options *ndo, + u_char *b, *t, c; + const u_char *s; + u_int i, proto; +- const void *sb, *se; + + if (caplen == 0) + return; +@@ -1371,9 +1372,11 @@ ppp_hdlc(netdissect_options *ndo, + if (length == 0) + return; + +- b = (u_char *)nd_malloc(ndo, caplen); +- if (b == NULL) +- return; ++ b = (u_char *)malloc(caplen); ++ if (b == NULL) { ++ (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC, ++ "%s: malloc", __func__); ++ } + + /* + * Unescape all the data into a temporary, private, buffer. +@@ -1394,13 +1397,15 @@ ppp_hdlc(netdissect_options *ndo, + } + + /* +- * Change the end pointer, so bounds checks work. +- * Change the pointer to packet data to help debugging. ++ * Switch to the output buffer for dissection, and save it ++ * on the buffer stack so it can be freed; our caller must ++ * pop it when done. + */ +- sb = ndo->ndo_packetp; +- se = ndo->ndo_snapend; +- ndo->ndo_packetp = b; +- ndo->ndo_snapend = t; ++ if (!nd_push_buffer(ndo, b, b, (u_int)(t - b))) { ++ free(b); ++ (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC, ++ "%s: can't push buffer on buffer stack", __func__); ++ } + length = ND_BYTES_AVAILABLE_AFTER(b); + + /* now lets guess about the payload codepoint format */ +@@ -1442,13 +1447,11 @@ ppp_hdlc(netdissect_options *ndo, + } + + cleanup: +- ndo->ndo_packetp = sb; +- ndo->ndo_snapend = se; ++ nd_pop_packet_info(ndo); + return; + + trunc: +- ndo->ndo_packetp = sb; +- ndo->ndo_snapend = se; ++ nd_pop_packet_info(ndo); + nd_print_trunc(ndo); + } + +diff --git a/print.c b/print.c +index 9c0ab86..33706b9 100644 +--- a/print.c ++++ b/print.c +@@ -431,10 +431,14 @@ pretty_print_packet(netdissect_options *ndo, const struct pcap_pkthdr *h, + nd_pop_all_packet_info(ndo); + + /* +- * Restore the original snapend, as a printer might have +- * changed it. ++ * Restore the originals snapend and packetp, as a printer ++ * might have changed them. ++ * ++ * XXX - nd_pop_all_packet_info() should have restored the ++ * original values, but, just in case.... + */ + ndo->ndo_snapend = sp + h->caplen; ++ ndo->ndo_packetp = sp; + if (ndo->ndo_Xflag) { + /* + * Print the raw packet data in hex and ASCII. +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb index 803a9bb5f5..b05b832dd8 100644 --- a/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb +++ b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb @@ -24,6 +24,7 @@ SRC_URI = " \ http://www.tcpdump.org/release/${BP}.tar.gz \ file://add-ptest.patch \ file://run-ptest \ + file://CVE-2024-2397.patch \ " SRC_URI[sha256sum] = "0232231bb2f29d6bf2426e70a08a7e0c63a0d59a9b44863b7f5e2357a6e49fea" |