diff --git a/meta-networking/recipes-extended/tgt/files/CVE-2024-45751.patch b/meta-networking/recipes-extended/tgt/files/CVE-2024-45751.patch new file mode 100644 index 00000000000..e7f09c7e924 --- /dev/null +++ b/meta-networking/recipes-extended/tgt/files/CVE-2024-45751.patch @@ -0,0 +1,68 @@ +From abd8e0d987ab56013d360077202bf2aca20a42dd Mon Sep 17 00:00:00 2001 +From: Richard Weinberger +Date: Tue, 3 Sep 2024 16:14:58 +0200 +Subject: [PATCH] chap: Use proper entropy source + +The challenge sent to the initiator is based on a poor +source of randomness, it uses rand() without seeding it by srand(). +So the glibc PRNG is always seeded with 1 and as a consequence the +sequence of challenges is always the same. + +An attacker which is able to monitor network traffic can apply a replay +attack to bypass the CHAP authentication. All the attacker has to do +is waiting for the server or the service to restart and replay with a +previously record CHAP session which fits into the sequence. + +To overcome the issue, use getrandom() to query the kernel random +number generator. +Also always send a challenge of length CHAP_CHALLENGE_MAX, there is no +benefit in sending a variable length challenge. + +Signed-off-by: Richard Weinberger + +Upstream-Status: Backport [https://github.com/fujita/tgt/commit/abd8e0d987ab56013d360077202bf2aca20a42dd] +CVE: CVE-2024-45751 +Signed-off-by: Vijay Anusuri +--- + usr/iscsi/chap.c | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) + +diff --git a/usr/iscsi/chap.c b/usr/iscsi/chap.c +index aa0fc671..b89ecabd 100644 +--- a/usr/iscsi/chap.c ++++ b/usr/iscsi/chap.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + #include "iscsid.h" + #include "tgtd.h" +@@ -359,22 +360,19 @@ static int chap_initiator_auth_create_challenge(struct iscsi_connection *conn) + sprintf(text, "%u", (unsigned char)conn->auth.chap.id); + text_key_add(conn, "CHAP_I", text); + +- /* +- * FIXME: does a random challenge length provide any benefits security- +- * wise, or should we rather always use the max. allowed length of +- * 1024 for the (unencoded) challenge? +- */ +- conn->auth.chap.challenge_size = (rand() % (CHAP_CHALLENGE_MAX / 2)) + CHAP_CHALLENGE_MAX / 2; ++ conn->auth.chap.challenge_size = CHAP_CHALLENGE_MAX; + + conn->auth.chap.challenge = malloc(conn->auth.chap.challenge_size); + if (!conn->auth.chap.challenge) + return CHAP_TARGET_ERROR; + ++ if (getrandom(conn->auth.chap.challenge, conn->auth.chap.challenge_size, 0) != conn->auth.chap.challenge_size) ++ return CHAP_TARGET_ERROR; ++ + p = text; + strcpy(p, "0x"); + p += 2; + for (i = 0; i < conn->auth.chap.challenge_size; i++) { +- conn->auth.chap.challenge[i] = rand(); + sprintf(p, "%.2hhx", conn->auth.chap.challenge[i]); + p += 2; + } diff --git a/meta-networking/recipes-extended/tgt/tgt_git.bb b/meta-networking/recipes-extended/tgt/tgt_git.bb index 42141cb72d3..28ea44893bd 100644 --- a/meta-networking/recipes-extended/tgt/tgt_git.bb +++ b/meta-networking/recipes-extended/tgt/tgt_git.bb @@ -11,6 +11,7 @@ SRC_URI = "git://github.com/fujita/tgt.git;branch=master;protocol=https \ file://0001-Correct-the-path-of-header-files-check-in-Yocto-buil.patch \ file://0001-usr-Makefile-WARNING-fix.patch \ file://usr-Makefile-apply-LDFLAGS-to-all-executables.patch \ + file://CVE-2024-45751.patch \ " SRC_URI += "file://tgtd.init \ file://tgtd.service \ diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2024-44070.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2024-44070.patch new file mode 100644 index 00000000000..e58df44cc68 --- /dev/null +++ b/meta-networking/recipes-protocols/frr/frr/CVE-2024-44070.patch @@ -0,0 +1,69 @@ +From 0998b38e4d61179441f90dd7e7fd6a3a8b7bd8c5 Mon Sep 17 00:00:00 2001 +From: Donatas Abraitis +Date: Wed, 31 Jul 2024 05:56:14 +0000 +Subject: [PATCH] bgpd: Check the actual remaining stream length before taking + TLV value ``` + + 0 0xb50b9f898028 in __sanitizer_print_stack_trace (/home/ +ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/.libs/ +bgpd+0x368028) (BuildId: 3292703ed7958b20076550c967f879db8dc27ca7) + 1 0xb50b9f7ed8e4 in fuzzer::PrintStackTrace() (/home/ubuntu/ +frr-public/frr_public_private-libfuzzer/bgpd/.libs/bgpd+0x2bd8e4) +(BuildId: 3292703ed7958b20076550c967f879db8dc27ca7) + 2 0xb50b9f7d4d9c in fuzzer::Fuzzer::CrashCallback() (/home/ +ubuntu/frr-public/frr_public_private-libfuzzer/bgpd/.libs/ +bgpd+0x2a4d9c) (BuildId: 3292703ed7958b20076550c967f879db8dc27ca7) + 3 0xe0d12d7469cc (linux-vdso.so.1+0x9cc) (BuildId: +1a77697e9d723fe22246cfd7641b140c427b7e11) + 4 0xe0d12c88f1fc in __pthread_kill_implementation nptl/ +pthread_kill.c:43:17 + 5 0xe0d12c84a678 in gsignal signal/../sysdeps/posix/raise.c:26:13 + 6 0xe0d12c83712c in abort stdlib/abort.c:79:7 + 7 0xe0d12d214724 in _zlog_assert_failed /home/ubuntu/frr-public/ +frr_public_private-libfuzzer/lib/zlog.c:789:2 + 8 0xe0d12d1285e4 in stream_get /home/ubuntu/frr-public/ +frr_public_private-libfuzzer/lib/stream.c:324:3 + 9 0xb50b9f8e47c4 in bgp_attr_encap /home/ubuntu/frr-public/ +frr_public_private-libfuzzer/bgpd/bgp_attr.c:2758:3 + 10 0xb50b9f8dcd38 in bgp_attr_parse /home/ubuntu/frr-public/ +frr_public_private-libfuzzer/bgpd/bgp_attr.c:3783:10 + 11 0xb50b9faf74b4 in bgp_update_receive /home/ubuntu/frr-public/ +frr_public_private-libfuzzer/bgpd/bgp_packet.c:2383:20 + 12 0xb50b9faf1dcc in bgp_process_packet /home/ubuntu/frr-public/ +frr_public_private-libfuzzer/bgpd/bgp_packet.c:4075:11 + 13 0xb50b9f8c90d0 in LLVMFuzzerTestOneInput /home/ubuntu/frr-public/ +frr_public_private-libfuzzer/bgpd/bgp_main.c:582:3 +``` + +Reported-by: Iggy Frankovic +Signed-off-by: Donatas Abraitis + +CVE: CVE-2024-44070 +Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/0998b38e4d61179441f90dd7e7fd6a3a8b7bd8c5] + +Signed-off-by: Yogita Urade +--- + bgpd/bgp_attr.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c +index 1e08a218e..ef45d5c46 100644 +--- a/bgpd/bgp_attr.c ++++ b/bgpd/bgp_attr.c +@@ -2475,6 +2475,14 @@ static int bgp_attr_encap(struct bgp_attr_parser_args *args) + args->total); + } + ++ if (STREAM_READABLE(BGP_INPUT(peer)) < sublength) { ++ zlog_err("Tunnel Encap attribute sub-tlv length %d exceeds remaining stream length %zu", ++ sublength, STREAM_READABLE(BGP_INPUT(peer))); ++ return bgp_attr_malformed(args, ++ BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, ++ args->total); ++ } ++ + /* alloc and copy sub-tlv */ + /* TBD make sure these are freed when attributes are released */ + tlv = XCALLOC(MTYPE_ENCAP_TLV, +-- +2.40.0 diff --git a/meta-networking/recipes-protocols/frr/frr_8.2.2.bb b/meta-networking/recipes-protocols/frr/frr_8.2.2.bb index 03b106131f7..0823a7bf137 100644 --- a/meta-networking/recipes-protocols/frr/frr_8.2.2.bb +++ b/meta-networking/recipes-protocols/frr/frr_8.2.2.bb @@ -28,6 +28,7 @@ SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.2 \ file://CVE-2023-47234.patch \ file://CVE-2023-47235.patch \ file://frr.pam \ + file://CVE-2024-44070.patch\ " SRCREV = "79188bf710e92acf42fb5b9b0a2e9593a5ee9b05" diff --git a/meta-oe/recipes-dbs/rocksdb/files/run-ptest b/meta-oe/recipes-dbs/rocksdb/files/run-ptest new file mode 100644 index 00000000000..45406fdfa18 --- /dev/null +++ b/meta-oe/recipes-dbs/rocksdb/files/run-ptest @@ -0,0 +1,12 @@ +#!/bin/sh +ptestdir=$(dirname "$(readlink -f "$0")") +cd "$ptestdir"/tests || exit + +for test in *_test; do + if ./${test} >/dev/null 2>&1; then + echo "PASS: ${test}" + else + echo "FAIL: ${test}" + fi +done + diff --git a/meta-oe/recipes-dbs/rocksdb/rocksdb_6.20.3.bb b/meta-oe/recipes-dbs/rocksdb/rocksdb_6.20.3.bb index 2ad2d38a53c..8164f856e2d 100644 --- a/meta-oe/recipes-dbs/rocksdb/rocksdb_6.20.3.bb +++ b/meta-oe/recipes-dbs/rocksdb/rocksdb_6.20.3.bb @@ -18,6 +18,7 @@ SRC_URI = "git://github.com/facebook/${BPN}.git;branch=${SRCBRANCH};protocol=htt file://ppc64.patch \ file://mips.patch \ file://arm.patch \ + file://run-ptest \ " SRC_URI:append:riscv32 = " file://0001-replace-old-sync-with-new-atomic-builtin-equivalents.patch" @@ -27,7 +28,7 @@ SRC_URI:remove:toolchain-clang:riscv32 = "file://0001-replace-old-sync-with-new- S = "${WORKDIR}/git" -inherit cmake +inherit cmake ptest PACKAGECONFIG ??= "bzip2 zlib lz4 gflags" PACKAGECONFIG[bzip2] = "-DWITH_BZ2=ON,-DWITH_BZ2=OFF,bzip2" @@ -40,7 +41,7 @@ PACKAGECONFIG[gflags] = "-DWITH_GFLAGS=ON,-DWITH_GFLAGS=OFF,gflags" # Tools and tests currently don't compile on armv5 so we disable them EXTRA_OECMAKE = "\ -DPORTABLE=ON \ - -DWITH_TESTS=OFF \ + -DWITH_TESTS=${@bb.utils.contains("DISTRO_FEATURES", "ptest", "ON", "OFF", d)} \ -DWITH_BENCHMARK_TOOLS=OFF \ -DWITH_TOOLS=OFF \ -DFAIL_ON_WARNINGS=OFF \ @@ -52,7 +53,21 @@ do_install:append() { } LDFLAGS:append:riscv64 = " -pthread" +do_install_ptest() { + install -d ${D}${PTEST_PATH}/tests + # only cover the basic test as all the tests need to take about 6 hours + # time ./run-ptest + # real 356m32.956s + # user 252m32.004s + # sys 178m50.246s + install -m 0755 ${B}/env_basic_test ${D}${PTEST_PATH}/tests/ + install -m 0755 ${B}/db_basic_test ${D}${PTEST_PATH}/tests/ + install -m 0755 ${B}/arena_test ${D}${PTEST_PATH}/tests/ + install -m 0755 ${B}/testutil_test ${D}${PTEST_PATH}/tests/ + install -m 0755 ${B}/cache_test ${D}${PTEST_PATH}/tests/ +} # Need toku_time_now() implemented for ppc/musl # see utilities/transactions/lock/range/range_tree/lib/portability/toku_time.h COMPATIBLE_HOST:libc-musl:powerpc = "null" +COMPATIBLE_HOST:armv5 = 'null' diff --git a/meta-oe/recipes-devtools/android-tools/android-tools/android-tools-adbd.service b/meta-oe/recipes-devtools/android-tools/android-tools/android-tools-adbd.service index ddf8d7f74e3..b6661f2e39b 100644 --- a/meta-oe/recipes-devtools/android-tools/android-tools/android-tools-adbd.service +++ b/meta-oe/recipes-devtools/android-tools/android-tools/android-tools-adbd.service @@ -1,6 +1,6 @@ [Unit] Description=Android Debug Bridge -ConditionPathExists=/var/usb-debugging-enabled +ConditionPathExists=/etc/usb-debugging-enabled Before=android-system.service [Service] diff --git a/meta-oe/recipes-devtools/android-tools/android-tools_5.1.1.r37.bb b/meta-oe/recipes-devtools/android-tools/android-tools_5.1.1.r37.bb index 8f28abbd199..cf10968296c 100644 --- a/meta-oe/recipes-devtools/android-tools/android-tools_5.1.1.r37.bb +++ b/meta-oe/recipes-devtools/android-tools/android-tools_5.1.1.r37.bb @@ -184,7 +184,7 @@ FILES:${PN}-fstools = "\ BBCLASSEXTEND = "native" android_tools_enable_devmode() { - touch ${IMAGE_ROOTFS}/var/usb-debugging-enabled + touch ${IMAGE_ROOTFS}/etc/usb-debugging-enabled } ROOTFS_POSTPROCESS_COMMAND_${PN}-adbd += "${@bb.utils.contains("USB_DEBUGGING_ENABLED", "1", "android_tools_enable_devmode;", "", d)}" diff --git a/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb b/meta-oe/recipes-devtools/cjson/cjson_1.7.18.bb similarity index 91% rename from meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb rename to meta-oe/recipes-devtools/cjson/cjson_1.7.18.bb index c9c38a9fe33..797ab028cdd 100644 --- a/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb +++ b/meta-oe/recipes-devtools/cjson/cjson_1.7.18.bb @@ -6,7 +6,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=218947f77e8cb8e2fa02918dc41c50d0" SRC_URI = "git://github.com/DaveGamble/cJSON.git;branch=master;protocol=https" -SRCREV = "87d8f0961a01bf09bef98ff89bae9fdec42181ee" +SRCREV = "acc76239bee01d8e9c858ae2cab296704e52d916" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-devtools/xmlrpc-c/xmlrpc-c_1.54.02.bb b/meta-oe/recipes-devtools/xmlrpc-c/xmlrpc-c_1.54.02.bb index 36205009a4d..991c4544bd5 100644 --- a/meta-oe/recipes-devtools/xmlrpc-c/xmlrpc-c_1.54.02.bb +++ b/meta-oe/recipes-devtools/xmlrpc-c/xmlrpc-c_1.54.02.bb @@ -12,7 +12,7 @@ SRC_URI = "git://github.com/mirror/xmlrpc-c.git;branch=master;protocol=https \ " #Release 1.54.02 -SRCREV = "86405c7e1bd4f70287204a28d242a1054daab520" +SRCREV = "36b142d6179514989a44c1087f6c46182dafd21f" S = "${WORKDIR}/git/stable" diff --git a/meta-oe/recipes-multimedia/sound-themes/sound-theme-freedesktop_0.8.bb b/meta-oe/recipes-multimedia/sound-themes/sound-theme-freedesktop_0.8.bb index 87320a98e8b..508519e4f84 100644 --- a/meta-oe/recipes-multimedia/sound-themes/sound-theme-freedesktop_0.8.bb +++ b/meta-oe/recipes-multimedia/sound-themes/sound-theme-freedesktop_0.8.bb @@ -11,6 +11,6 @@ inherit autotools gettext DEPENDS += "glib-2.0-native" -SRC_URI = "http://people.freedesktop.org/~mccann/dist/${BPN}-${PV}.tar.bz2" +SRC_URI = "https://people.freedesktop.org/~mccann/dist/${BPN}-${PV}.tar.bz2" SRC_URI[md5sum] = "d7387912cfd275282d1ec94483cb2f62" SRC_URI[sha256sum] = "cb518b20eef05ec2e82dda1fa89a292c1760dc023aba91b8aa69bafac85e8a14" diff --git a/meta-oe/recipes-security/keyutils/keyutils_1.6.1.bb b/meta-oe/recipes-security/keyutils/keyutils_1.6.1.bb index 8a95a15f6f4..a915b7f2d2d 100644 --- a/meta-oe/recipes-security/keyutils/keyutils_1.6.1.bb +++ b/meta-oe/recipes-security/keyutils/keyutils_1.6.1.bb @@ -14,7 +14,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.GPL;md5=5f6e72824f5da505c1f4a7197f004b45 \ inherit siteinfo autotools-brokensep ptest -SRC_URI = "http://people.redhat.com/dhowells/keyutils/${BP}.tar.bz2 \ +SRC_URI = "https://people.redhat.com/dhowells/keyutils/${BP}.tar.bz2 \ file://keyutils-test-fix-output-format.patch \ file://keyutils-fix-error-report-by-adding-default-message.patch \ file://run-ptest \ diff --git a/meta-oe/recipes-support/libatasmart/libatasmart_0.19.bb b/meta-oe/recipes-support/libatasmart/libatasmart_0.19.bb index f747ecbf72d..8947b9fa836 100644 --- a/meta-oe/recipes-support/libatasmart/libatasmart_0.19.bb +++ b/meta-oe/recipes-support/libatasmart/libatasmart_0.19.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://LGPL;md5=2d5025d4aa3495befef8f17206a5b0a1" DEPENDS = "udev" SRCREV = "de6258940960443038b4c1651dfda3620075e870" -SRC_URI = "git://git.0pointer.de/libatasmart.git;branch=master \ +SRC_URI = "git://git.0pointer.net/libatasmart.git;branch=master;protocol=https \ file://0001-Makefile.am-add-CFLAGS-and-LDFLAGS-definiton.patch \ " diff --git a/meta-oe/recipes-support/lvm2/libdevmapper_2.03.11.bb b/meta-oe/recipes-support/lvm2/libdevmapper_2.03.11.bb index be558ce1d21..3b4439c3ae0 100644 --- a/meta-oe/recipes-support/lvm2/libdevmapper_2.03.11.bb +++ b/meta-oe/recipes-support/lvm2/libdevmapper_2.03.11.bb @@ -5,6 +5,8 @@ require lvm2.inc DEPENDS += "autoconf-archive-native" +inherit nopackages + TARGET_CC_ARCH += "${LDFLAGS}" do_install() {